From nobody at replay.com  Fri Nov  1 01:19:47 1996
From: nobody at replay.com (Anonymous)
Date: Fri, 1 Nov 1996 01:19:47 -0800 (PST)
Subject: Montgolfiering Spoof
Message-ID: <199611010919.KAA04730@basement.replay.com>



At 10:47 AM -0500 10/31/96, Rabid Wombat wrote:
>On Wed, 30 Oct 1996, Bill Frantz wrote:
>
>> Gee, I put that post in the same place I carefully keep my back issues of
>> the Cypherpunks Enquirer.
>> 
>
>Bill, you must be humor-impaired. That piece was a great send-up of 
>Woods. I was laughing 'til tears spilled down an shorted out my keyboard. 
>I dunno who posted that, but I'm in awe.

Thanks.

I know the author rather well, and he assures me he dashed off this
satirical piece in about as much time as he takes to write his normal
articles. He tells me that once he had "grokked" the inimitable (not) style
of Don Wood, it was easy to write a screed that echoed Wood's wackiness.

Of course, for people who read satire on this list, the initials at the end
are a clue. But don't publish who you think it is, as KVFP doesn't want a
lawsuit from Wood for hurting Wood's feelings.

--KVFP

--


--





From tcmay at got.net  Fri Nov  1 01:28:49 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 1 Nov 1996 01:28:49 -0800 (PST)
Subject: 'what cypherpunks is about'
In-Reply-To: <199610260031.BAA13872@typhoon.dial.pipex.net>
Message-ID: <v03007801ae9f73686609@[207.167.93.63]>


At 1:30 AM -0600 11/1/96, snow wrote:
>Mr. Hassen wrote:
>> But remember people are NOT sheep and nothing
>> lasts forever.
>
>     Yes, they are, and death does.
>
>     Loans to third world counties are made (obstensively) to help industry
>and farming to be developed, and to improve the conditions of the people. It
>rarely works that way, and I think it is a wasted effort, but it is better
>than nothing.

We mine the copper they have no money to mine and pay them with worthless
trinkets like penicillin, schools, and roads.

We are exploiting them.

Yep, they are better off in a state of natural grace, eating grubs and with
a life expectancy of 35.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From nobody at cypherpunks.ca  Fri Nov  1 02:44:57 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 1 Nov 1996 02:44:57 -0800 (PST)
Subject: When did Mondex ever claim to be anonymous?
Message-ID: <199611011038.CAA03167@abraham.cs.berkeley.edu>


Re: When did Mondex ever claim to be anonymous? 
Derek wrote:

<Snip>

>	They say: "In everyday use Mondex transactions are private, like cash"
>at http://www.mondex.com/faq.htm#anon
>
>	Thus they are making two claims:
>	1. Cash is anonymous.
>	2. Mondex is like cash.

Along with one proviso: "In everyday use"
                        ^^^^^^^^^^^^^^^^^

Clearly, to them, the IRA (or possibly the local hash dealer) is not an
"everyday use" situation.

The value of provisos like this, to companies and politicians, is hard
to understate. Bill Clinton really meant to "End welfare as we know it."
                                                         ^^^^^^^^^^^^^^
Voters saw the statement, ignored the proviso, and liked it; hardly any
of them imagining that his proviso could include plans for a drastic
_increase_ in the size and scope of the U.S. welfare state.









From asgaard at Cor.sos.sll.se  Fri Nov  1 03:17:56 1996
From: asgaard at Cor.sos.sll.se (Asgaard)
Date: Fri, 1 Nov 1996 03:17:56 -0800 (PST)
Subject: WWII & Japan
In-Reply-To: <199611010610.AAA03470@einstein>
Message-ID: <Pine.HPP.3.91.961101115516.17408B-100000@cor.sos.sll.se>


On Fri, 1 Nov 1996, Jim Choate wrote:

> Again they knew something was up, just not where.

You may well be right, but there are seemingly serious
historians who claim otherwise. Since you have studied 
the subject for 30 years I would be interested in your
comments on the book 'Infamy' by John Toland (1982).
I remember being very taken by his arguments when I
read it. He has extensively studied the protocols from
the post war hearings and military court proceedings
dealing with the subject (and they were plentiful)
interviewed many of the involved persons years after.

According to Toland:

The US president, selected members of his cabinette and a
few admirals and generals knew - from Magic and the 'winds'
execute, radio traffic analysis, diplomatic sources, double
agents - exactly when and where the Japaneese were going to
attack, but didn't warn Hawaii, fearing that too efficient
counter-measures by the Oahu military might make the attack
abort and so not convince the isolationists. The unexpected 
tactical capabilities of the Japaneese armada then made a
cover-up all the more important.


Asgaard







From zaid at hardnet.co.uk  Fri Nov  1 04:12:53 1996
From: zaid at hardnet.co.uk (Hard Media)
Date: Fri, 1 Nov 1996 04:12:53 -0800 (PST)
Subject: 'what cypherpunks is about'
Message-ID: <v01520d01ae9fa0242dde@[158.152.61.59]>


Message 1/40  From Timothy C. May
We mine the copper they have no money to mine and pay them with worthless
trinkets like penicillin, schools, and roads.

We are exploiting them.

Yep, they are better off in a state of natural grace, eating grubs and with
a life expectancy of 35.


--Tim May


I can't believe I'm hearing this. Buddy can you even READ? Have you
forgotten that the
Americas was doing fine until the Europeans got there and "civilised" it?
Go and read a few
books, try  "Bury My Heart at Wounded Knee" - J Dee  and then try
"Blackfoot Physics" by F David Peat.

Roads? Hell the longest tarred road in the world existed in India before
the Americas was colonised, I have a list of Chinese inventions made 10,000
years ago longer than your arm.

Oh yeah, the average life expentency for a male on the streets of LA is
about 35.

Then go and read some Chinese history, (Go and read Joseph Needman's
history of ancient China.)
 then try some Arab and Indian history. Maybe that'll give you some idea of
who was eating grubs when eh?

Anyways who the hell is talking "natural grace" if anything Europe during
the Dark Ages is a reflection of a "Western" heritage...and I can't
remember when I mentioned that living in a "natural" state was better than
being civilised, it's just that you seem to think that the "West" has a
monolpoly
on "civilisation". Which is pretty damn apathetic considering the access to
historic records and books you must surely have.

Honetly I'm just astonished that you insist on holding on to these ideas
before you'v had the
chance to check them out. What are your ideas based on anyways?CNN? I
suppose I should know better than to ask, the many times I'v been in the
States reminded me of Soviet Russia and the
"Iron Curtain", there seems to be a complete news blockout about the rest
of the world, enforced because intelligent people like you are content to
base your ideas and perceptions of the rest of the world on a mistaken
belief that the the universe revolves around the USA.

Just to clearify a this. You might not being doing this, but don't lump me
as being anti-Western.
I was born and live in London in the UK, and there are a huge number of
things that the West can be credited with achieving, but on the most part
the role of the West, mostly the USA, has been overblown.

In the UK and most of Europe there is a much greater understanding when it
comes to the rest of the world. Very few, if any, Englishmen today will
claim that our past colonial and imperial history is something to be proud
of. On the whole it isn't. The only place where these ideas florish are in
the USA.

Which is a shame.

Zaid Hassan







From zaid at hardnet.co.uk  Fri Nov  1 04:40:25 1996
From: zaid at hardnet.co.uk (Hard Media)
Date: Fri, 1 Nov 1996 04:40:25 -0800 (PST)
Subject: 'what cypherpunks is about'
Message-ID: <v01520d00ae9faaa2a4be@[158.152.61.59]>



Oh Oh. I said bad things about Americans...in trouble now.

Anyways. Here are some figures:

"In the 20 year period between 1970 and 1989, the external debt of
developing nations grew from
$68.4 billion to $1 283 billion, an increase of 1846 per cent. Debt service
payments increased by 1400 per cent and were in excess of $160 billion by
the end of the 80s."

by the way most of this debt is concentrated in South American.


Zaid








From jya at pipeline.com  Fri Nov  1 05:38:25 1996
From: jya at pipeline.com (John Young)
Date: Fri, 1 Nov 1996 05:38:25 -0800 (PST)
Subject: Primer on WIPO Treaty
Message-ID: <1.5.4.32.19961101133710.006af7e0@pop.pipeline.com>


From: notes at igc.org

-----------------------------------------------------------------
Info-Policy-Notes - A newsletter available from listproc at tap.org
-----------------------------------------------------------------

October 29, 1996

A Primer On The Proposed WIPO Treaty On Database Extraction 
Rights That Will Be Considered In December 1996*

James Love, Consumer Project on Technology


Introduction

The World Intellectual Property Organization (WIPO) will
consider in December 1996 a new treaty that would require most
countries (including the United States) to severely curtail the
public's rights to use pubic domain materials stored in "databases."
Some experts say it is the "least balanced and most potentially anti-
competitive intellectual property rights ever created."  The U.S.
Patent and Trademark Office (PTO) is accepting public comments on
this treaty, and a digital copyright treaty that is also troubling.
Comments are due by November 22, 1996, and can be submitted by
electronic mail to: diploconf at uspto.gov.  Copies of the treaty,
commentary, and the PTO federal register notice is available from
http://www.public-domain.org.  This memorandum provides background
information on the treaty and the problems it presents.

[Snip balance of excellent paper]

James Love
Consumer Project on Technology
http://www.essential.org/cpt
email: love at tap.org

*HTML version at http://www.essential.org/cpt/ip/cpt-dbcom.html
Ascii version formatted with 11 pt courier with 1 inch margins.
This is my first take on the treaty, and I would appreciate
comments and corrections.  This is a very important matter that
hasn't received much attention. jl

----------

We've put this primer at:

     http://jya.com/wipoprim.txt

Thanks to James Love.








From jya at pipeline.com  Fri Nov  1 06:52:24 1996
From: jya at pipeline.com (John Young)
Date: Fri, 1 Nov 1996 06:52:24 -0800 (PST)
Subject: Sorry, nyt
Message-ID: <1.5.4.32.19961101145104.006a0c20@pop.pipeline.com>


We were unfair to call news-reading by gatekeeper.nytimes.com
of jya.com "snooping." We apologize to gatekeeper for that 
mischaracterization.

And for disclosing here access info which should be private.

The site is open to anyone, the more anonymous the better. 
Use anonymizer.com.









From dthorn at gte.net  Fri Nov  1 07:09:47 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 1 Nov 1996 07:09:47 -0800 (PST)
Subject: Cranky Listserver?
In-Reply-To: <199610311205.NAA21204@basement.replay.com>
Message-ID: <327A1159.131@gte.net>


Anonymous wrote:
> Is anyone else having trouble getting their posts picked up on the list?
> Messages I send to: cypherpunks at toad.com sometimes have to reposted as
> many as three times before I see them in my incoming list traffic.

Try waiting longer, even a day or two, before reposting.

It really saves on the duplicate traffic!!

The interconnectedness of the various internet servers, plus the usual anomalies of
electronics and real-world software, mean you can't predict when a particular posting
will "come through".






From Tunny at inference.com  Fri Nov  1 07:41:03 1996
From: Tunny at inference.com (James A. Tunnicliffe)
Date: Fri, 1 Nov 1996 07:41:03 -0800 (PST)
Subject: Discrete logs 1
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961101154011Z-9245@landru.novato.inference2.com>


[...Interesting discussion of logarithms deleted...]
The discrete logs used in crypto have very different mathematical
properties than regular logarithms, but I thought this bit of history
would spark some memories in old-timers and give a new perspective for
younger people.

Hal

As an apparent old-timer (calculators weren't common until my college days, 
which puts me a couple of years before you, I guess) I enjoyed the 
retrospective, and I even recall the joke that goes with the punchline you 
quoted.  It's amazing to realize that only a few years ago, we were 
calculating orbital trajectories using logarithms by lining up marks on 
little sticks of wood!  I have to admit, though, that I was a little 
disappointed after your opening paragraph, because what I was really hoping 
to hear was a straightforward explanation of discrete logs, which, as you 
say, are entirely different.  A simple layman's explanation of what they 
are and how they're useful in crypto would be nice, especially since PGP is 
moving toward this (just when I was beginning to get a handle on RSA!).

Now that I have an interest in all this, I wish Rich Schroeppel still 
worked here (he worked at Inference when I started here in '88, and has 
since done a lot of pioneering work on discrete logs).  Me, I'm still 
trying to figure out what sort of seed is best to plant in a Galois 
field...

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny at Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================



begin 600 WINMAIL.DAT
M>)\^(@T/`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0 at 36%I;"Y.;W1E`#$(`06 `P`.````S <+``$`
M!P`H``L`!0`>`0$@@ ,`#@```,P'"P`!``<`* `,``4`'P$!"8 !`"$```!#
M-#$W,#$T0T8Q,S-$,#$Q.3,P03 P04$P,$$U1C8P1 #O!@$-@ 0``@````(`
M`@`!!( !`!0```!213H at 1&ES8W)E=&4@;&]G<R Q`$H&`0.0!@!T" ``&@``
M``,`)@```````P`V```````>`' ``0```! ```!$:7-C<F5T92!L;V=S(#$`
M`@%Q``$````;`````;O'F<4U)C98U#*Q$="3"@"J`*7V#0`;.WUC``,`+@``
M`````P`&$'M at 494#``<0:04``!X`"! !````90```$E.5$5215-424Y'1$E3
M0U534TE/3D]&3$]'05))5$A-4T1%3$5414142$5$25-#4D5414Q/1U-54T5$
M24Y#4EE05$](059%5D52641)1D9%4D5.5$U!5$A%34%424-!3%!23U `````
M`P`0$ 0````#`!$0``````(!"1 !````:@4``&8%``!_" ``3%I&=7AM`T?_
M``H!#P(5`J0#Y 7K`H,`4!,#5 (`8V@*P'-E=.XR!@`&PP*#,@/&!Q,"@P8S
M!$8"`'!R<3$@UPA5![("@S03#7T*@ C/Q0G9.Q?_,C4U`H *@8,-L0M@;F<Q
M,#,4(.$+`VQI,S8-\ M5%B)%# %C`$ @6RX=4$D7`C $D >0= N 9R!D*00`
M8W4$$&D"("!O%&8@%Y!G"L!I=&AV;00@#;!L$@`)@!U175\*APMD$O(,`130
M;QV at 8_$%0%1H91XS& `=H!\25P0@'H )@" +@" %`'GI!3!O(!' =B* )) D
M$&\>,0W0';$"," `P!^ 9;DEL6EC!T *A2'A< 20GQWP!Y$?@ .1& !G=0M@
M0P7 'R at L(&)U!4!)\R>!"&!G: 5 'X $`"D0OQ]P'N(J$21 )! *A7<(8.IL
M([!S"K%K*_ #<"* /P> !& (@00@(]$&\&0M-QWP!X 1X" `<".P9VGQ))%A
M(&X'T2<1+ `B(>LN<@(0<@J%>0A@&P`5<;<G$"<`'_ N"H4*A4 at F5[\;;Q0#
M"_$QQ at K[')E!+@*=+A!P-+$E<BUW("@F0:\>< M@*O$$('<E4B<%0'T%H&T$
M8 .@,) =\ ,@;9\D\!=Q'_ PL!XP87DH\?YW*A 1L";0*3 $("R!+K#-!:!U
M,2$>XGEE$=$I$/\-P 6P(H P<2D`*6 H``>0S',I*5$)\&IO/- CL/LET2?1
M= - at +T8I`"XB/H&_)) GPB9!`R _(C[ :R* \R>1!4!G;P>1`_ ?@#\3/3N0
M;A&P&\ NT#!B('&6=2(!(# @*5!T)RX!/0# >AX")$$8``= :7K[0>4"(&PD
M\"ZP)4 'X#S4_F%"4#L1(H XTB/P."4>`H\%L"I1!T G@')A:B(A[RSD'H >
M`A\I8B3P0X$>`O\\4"6A+# $(![!&\ "0#QQO1WA8TQR'P`KH 1P(42!XR1D
M)$%A9&T?<"D`*83G3T)"(2E@=V$N`4S&'D']-M%O"X @$2X0`8 5<3!QOP7 
M)P%+PS2Q1X!)H'!/L?\],"9 (X$[(5 '1:)&D2F0?G!%-2)P*W)08QW at 2:!I
M7RG!+]%04 L@/I!X"U%N_R81'L0BJSL50#$$($/244#N>4 Q/7$E<6D8`$:1
M)1?]1'%!*_ '<#QB"V &P !P_T3!5\U44R711J$]<2XB*9#;!^!>PB<]<2.!
M9B at 0(\G_*Z0],"[ )C! (0>0+U$',8=&D4IQ8A @4$=0(\ Y.\%O=D4T5W,J
M`RAJ?QZ !4 [,$#14#0],"Y@;K]+PR1!,+ %0"ZP)Z%D/')!`Z!24T$A*3%=
M3O]?HU #)',#D5&2'<(CPD$TKP0`/=(#\3MP4CM24Q&P_0- at 93;@'^!-,D%!
M*Z L,'<CH2)P/7$H(G%MA5 ";O\E0V,Q964=X K 4;)M\R/1>"<X.$ T$< $
M(&,$9/\"("Z2%Y J<U60<G$&<1X17VV"3)(BJV@@1(!-0"%)K"=M;14_@'E%
M-697`/\(<#R!*3%44RQ@`" >XA'P/R.B/1)E,21!5^)JQ"!'?P= 48 $('<`
M'^ @,C%L5/4PD&XK)CU\SWW??N]__[(]-(4 at 2D3P!Y%!1' ?? (F,!O )3%$
M@"!\(&)7 at S!E8CHD8 ) <- Z+R]WA! N"X!O1>(N.5$O?G1\&6\9"%"^<E%P
M2:!8,X,!8V)&'@%?!) 4T%&1 at X!$@$-<8#(H,R!%$B!&B1!!0Y&(\$0@,(F@
M-S>!)OV%0T!O)X3B at N&#`8Q/1(##&^")X#<@1#F-<(D0*C.)T#,2(#6)$#E#
M?WQ?C_^1#Y(?@)XTA1<A``&4X ``0 `Y`)!VJ_<*R+L!`P#Q/PD$```"`4<`
M`0```#$```!C/553.V$](#MP/4EN9F5R96YC93ML/4Q!3D1252TY-C$Q,#$Q
M-30P,3%:+3DR-#4``````@'Y/P$```!*`````````-RG0,C 0A :M+D(`"LO
MX8(!`````````"]//4E.1D5214Y#12]/53U.3U9!5$\O0TX]4D5#25!)14Y4
M4R]#3CU454Y.60```!X`^#\!````%0```$IA;65S($$N(%1U;FYI8VQI9F9E
M``````(!^S\!````2@````````#<IT#(P$(0&K2Y" `K+^&"`0`````````O
M3SU)3D9%4D5.0T4O3U4]3D]6051/+T-./5)%0TE0245.5%,O0TX]5%5.3ED`
M```>`/H_`0```!4```!*86UE<R!!+B!4=6YN:6-L:69F90````! ``<PX,:E
M>@G(NP% ``@PL&T6^ K(NP$#``TT_3\```(!%#0!````$ ```%24H< I?Q ;
MI8<(`"LJ)1<>`#T``0````4```!213H@``````L`*0``````"P`C```````"
M`7\``0```% ````\8SU54R5A/5\E<#U);F9E<F5N8V4E;#U,04Y$4E4M.38Q
M,3 Q,34T,#$Q6BTY,C0U0&QA;F1R=2YN;W9A=&\N:6YF97)E;F-E,BYC;VT^
#`+)S
`
end





From alzheimer at juno.com  Fri Nov  1 08:12:29 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Fri, 1 Nov 1996 08:12:29 -0800 (PST)
Subject: Eggregatious Copyright Violations
Message-ID: <19961101.101332.5575.0.alzheimer@juno.com>


Smart Card Bulletin: October 1996
 
To Regulate or Not to Regulate? 
 
By Theodore Iacobuzio 
 
US banking regulators are seeking comment on whether, and under what
circumstances, it should take action over electronic money. 
 
Though US banking regulators are focusing more and more of their
attention
on smart cards, most insiders both at banks and at advocacy groups say
they
are not overly concerned with the degree of scrutiny the new technology
attracts. 
 
In fact, contradicting recent alarmist press reports, they told CI they
were
glad the federal government has decided to call for comment. Through a
process of public hearings and forums beginning last month, two powerful
federal agencies sought to air important regulatory issues involving all
aspects
of electronic money, with a special emphasis on smart cards as among the
most mature technologies. 
 
It is all part of an effort to find out more about the new payment system
now,
rather than later, when it is up and running. This way, according to the
government, the industry can both educate the regulators and address
their
concerns before the market has become too established to change easily. 
 
"The regulatory agencies are actually working quite well to understand
the
technology and not to rush to regulate," said Catherine Allen, president
of the
Santa Fe Group, a New Mexico-based electronic commerce think-tank and
the former head of Citicorp's smart card initiative and board member of
the
Smart Card Forum. 
 
"The hearings are being held to get the issues into the open," Allen
said. "I
don't sense heightened concern from the industry." 
 
In fact, many smart card insiders more suspicious than Allen were
considerably mollified having heard Treasury Secretary Robert Rubin
address an agency-sponsored forum on electronic money on September 19. 
 
The forum, which attracted some of the nation's top bankers, concentrated
heavily on smart cards. In his keynote speech, Rubin explicitly sought to
restrict government's role in the new technologies to issues of law
enforcement: fraud, money-laundering and privacy.
 
"As we think about these concerns, let us put aside our ideological views
with
respect to regulation and take an intensely practical approach to finding
the
right balance so that we can minimise impediments to growth and at the
same
time meet the needs that I just described," Rubin said. 
 
"It seems to me that as we look at the benefits and ask the questions, we
must achieve two objectives at the same time: minimising impediments to
the
growth of electronic money, but at the same time, address the difficult
issues
it raises in an appropriate fashion. 
 
"To some extent, there may be trade-off judgements that will have to be
made, but I believe to a large extent the meeting of these two objectives
will
be complementary." 
 
Rubin said that electronic money should increase, rather than decrease,
access to financial services and the mainstream economy for those in the
inner cities or poor rural areas. 
 
"This is a great challenge and I think an absolutely critical challenge
given 
that these groups lack access to computers, financial services and many
of the
benefits of our modern economy". But his comments were so vague as to
limit any discussion of possible US government intervention. 
 
While the Treasury Department meeting was also notable for Citicorp
chairman John Reed's assertion that the Internet is not yet secure enough
for
banking transactions, its major effect was to reassure most smart card
insiders not to expect any aggressive move by the US government to
regulate
smart cards. 
 
On the contrary, they felt the federal government's hitherto hands-off
approach is a textbook example of how regulation of a new technology
should proceed. 
 
The latest efforts at regulatory clarification come not from the Treasury
Department, but from the Federal Deposit Insurance Corporation (FDIC),
the US banking agency established during the Great Depression that both
insures bank deposits of up to $100,000 and oversees the safety and
soundness of banking practices. 
 
The agency has sought comment on whether the funds underlying smart cards
are deposits and hence insurable under the law. It has also issued its
own
opinion that for most purposes, funds underlying smart cards are not in
fact
insurable. 
 
So eager is the FDIC to air the issue, that it took the unusual step (for
a bank
regulatory body) of calling a public hearing on September 12 in
Washington. 
 
There, banks, technology vendors, card associations and industry groups
aired their opinions. And indeed, most of the bankers commenting pleaded
with the government to let the market grow before imposing any kind of
rigid
regulatory structure. 
 
The Federal Reserve Board raised a thornier issue when it recently sought
comment on its effort to exempt from Regulation E those stored- value
cards
bearing less than $100 in value. Reg E, as it is called, establishes
banks'
responsibility for providing an audit trail for money moving through the
electronic funds process. 
 
"This is sort of technical bank-lawyer stuff that people are going to
have to
know about but that is going to have very little effect on how the market
develops as a whole," said John Wright, vice president and senior counsel
with Wells Fargo Bank and head of the legal and public affairs policy arm
of
the Smart Card Forum, the leading industry advocacy group. Regarding the
FDIC request for comment, he said:"It depends how you structure it. I
dont
think that at the level of what consumers are going to do, they would be
deposits." 
 
Wright added that as it was proposed, he did not think the Reg E piece
represented something people ought to worry about.
 
 


New York Times: Monday, October 28, 1996
 
Regulators Vexed By Gambling Over Internet 
 
By JAMES STERNGOLD
 
There are few patches of legal turf the states guard more fiercely than
gambling, which is why it seemed strange this summer when the National
Association of Attorneys General urged the federal government to seize
control of wagering on the Internet -- even though hardly anyone was
doing
it. 
 
Even more bizarre was that the recommendation, including an alarming
proposal for arresting gamblers from in front of their computers, was
turned

down by the Justice Department.
 
``The department does not agree that federal law should be amended so
broadly as to cover the first-time bettor who loses $5, particularly when
Internet gaming is expected to mushroom and federal resources are
shrinking,'' John C. Keeney, an official in the criminal division at the
Justice
Department, wrote the states. 
 
The episode highlighted the growing anxiety and confusion over one of the
least developed, but potentially most vexing areas of Internet business -
gambling. The reach of the World Wide Web is erasing not only borders but
also the ability of the authorities to control wagering (not to mention
their
ability to tax it). And gambling over computer networks is still new
enough
that it remains unclear exactly what is legal and what is not. 
 
``We built it to be Russian-proof, but it turned out to be regulator
proof,''
said Craig I. Fields, the former head of the Pentagon agency that helped
create the Internet during the cold war, and who is now vice chairman of
Alliance Gaming, a Las Vegas concern developing on-line gambling.
 
In principal, gambling by computer sounds promising, placing an
increasingly
popular habit, which can quickly become a compulsion for some
individuals,
within just about anyone's reach. Indeed, nearly every worker in the
country
with a personal computer and a few minutes to spare will soon be able to
slip
in some blackjack, poker, slots or baccarat for money at almost
completely
unregulated, virtual casinos. 
 
To give some notion of the potential, Americans wagered $550 billion last
year at traditional operations, from lotteries and horse races to bingo
and
casinos, and gambling companies had revenues of $44.4 billion. The
Internet
operators need to take only a fraction of that business to produce
explosive
growth - or explosive scams. 
 
``In my view, gambling is the fastest way to destroy the credibility of
the
Internet system,'' said John Kindt, an economics professor at the
University
of Illinois at Champlain and a gambling critic. ``If you lose you'll
lose, and 
if you win you could lose because there's no way to collect from these
offshore
operations.'' 
 
He added that with personal computers now ubiquitous the on-line casinos
could prove a devastating temptation for the growing numbers of
compulsive
gamblers. ``People will be trapped,'' Kindt said. ``They won't be able to
get
away from it.'' 
 
All that is driving some law enforcement officials crazy, especially
since the
business, though made up of a tiny number of marginal companies operating
from offshore havens like Antigua, Belize and Monaco, is on the cusp of a
major expansion. A showdown, in short, is looming in the one area of the
Internet that may well produce billions of dollars of commerce in just a
couple of years. 
 
Minnesota has sued Granite Gate Resorts, a Las Vegas company preparing
to offer sports betting on-line, called Wager Net, as a test case,
claiming that
it is a consumer fraud because the service says, improperly, it is legal.
The
state court hearing the suit has yet to rule on whether the state has
jurisdiction. 
 
California is attacking by threatening the telephone companies with
prosecution if they do not cut off service to Internet gambling concerns
in the
state. 
 
Several states are also insisting that they will not recognize the use of

offshore
sites if the companies are attracting American gamblers. ``We're going to
take an aggressive stand on this and we'll interpret the law as broadly
and
prohibitively as we can, and there will be no havens,'' said Tom Gede, a
special assistant to the attorney general of California. 
 
Sen. Jon Kyl, R-Ariz., offered a bill earier this year that would have
made all
Internet gambling explicitly illegal. Although it was killed in
committee, he 
has insisted he will offer it again. A National Gaming Commission was
established
by the Congress this year and a big focus of the study it will be
conducting
will be on-line wagering, which could also lead to legislation. 
 
And there is an even trickier issue, some believe. 
 
``There's another I-word that really scares the government, Indian
gambling,''
said I. Nelson Rose, a professor at the Whittier Law School here and a
gambling law expert. ``If the Indian tribes get involved in this then the
way 
the law is written all sorts of sports betting and other kinds of on-line
betting
could take place from Indian lands in an unregulated fashion.'' 
 
That has left many state officials worried, but unwilling to just wait
for the
explosion. 
 
``The federal government is either going to want to get into it now or
they'll
be drawn into it later,'' insisted Hubert Humphrey III, the attorney
general of
Minnesota and a prime mover behind the request this summer for federal
involvement. ``This is moving so fast that we have to get out in front of
it.'' 
 
All these worries are over a business that is, at the moment at least,
underwhelming. Sue Schneider, managing editor of Rolling Good Times
On-Line, an e-zine that tracks the industry, said that there are fewer
than a
half dozen virtual casinos that are taking real bets at the moment, and
many of
the games are frustratingly slow. There are also unresolved concerns over
the
security of on-line transactions and whether an unlicensed casino would
maintain fair odds on the games. 
 
In fact, the established casino companies, while watching warily, appear
unfazed. ``My personal view is it's not very interesting,'' said Stephen
Bollenbach, chief executive of Hilton Hotels, the country's largest
casino
concern. ``It's a different business than we're in.'' 
 
Nevertheless, about 40 prospective operators have set up Web sites and
many offer games that, at some point in the future, could easily be
transformed into gambling for real money. 
 
Ms. Schneider said that as many as a dozen more on-line casino or
bookmaking operations may open for business within the next few months. 
 
While all the companies are seeking essentially the same thing - to get
into the
lucrative gambling business without the costs of building casinos or
having to
pay dealers or other high-priced staff - they are taking many different
approaches because of the murky legal status of the business and the
uncertainty over just who will really want to spend their money this way.

 
Virtual Vegas is one of the more active on-line casinos, and one of the
most
cautious. The company's formula is simple: treat Internet gambling as
another
type of computer game, and leave the money out of it for now to avoid
hassles with the police. 
 
David Herschman, chief executive of the company, which is based in the
hip
Venice district of Los Angeles, said Virtual Vegas had already spent $3
million developing its technology, and would spend another $10 million. 
 
It has created twists on traditional games to make them more like
computer
games, and therefore more appealing to the people who already spend
perhaps more time than they should in front of their personal computers.
Virtual Vegas offers Turbo Black Jack and Assault Poker, which is like
combining Doom and five card stud. Virtual Vegas will be available on
Time
Warner's cable on-line service. 
 
Peter Demos Jr., president of World Wide Web Casinos, which is based in
Orange County, said his company had decided to trust the idea that having
an offshore computer location will keep it out of jail. World Wide Web

Casinos has acquired a tiny casino on Antigua, the St. James Club. ``It
does
provide us with a little credibility,'' Demos said. 
 
He added: ``We want to be a huge grind joint. We're not going to attract
high
rollers. We're looking for someone who will blow $20 or so in an hour and
a
half.'' World Wide Web Casino, which will offer black jack, five kinds of
video poker and slots, is in testing and hopes to open around
Thanksgiving. 
 
Internet Gaming Technologies Inc., based in San Diego, is also using an
offshore strategy: It has a gambling license in Ecuador, acquired through
a
company registered in Monaco. 
 
Joseph R. Paravia, president of the company, said he is less confident in
the
offshore loophole, so the company will offer its games only to people
outside
the United States, which he insisted is technically feasible. Paravia
said the
company plans to pursue known gamblers, giving them computers if
necessary. ``We didn't want to take a propeller-head and have to teach
him
how to gamble,'' Paravia said. ``We want to go after a known market.'' 
 
You Bet International Inc., however is what might be called an
anti-Internet
Internet gambling company. The company, which will operate through the
New York Racing Association, offers a horse race bookmaking service that
makes only tangential use of the Internet: to register accounts and
download
software. 
 
``The Internet as it exists is the wrong place for this kind of
application,'' 
said Stephen A. Molnar, executive vice president of the company. ``The
biggest
problem is political. We believe that at some point the government is
going to
come down on this.'' 
 
You Bet, which expects to begin taking bets in February 1997, has
constructed a private on-line service over which its account holders will
get
information and place their wagers. And it appears to be legal, since it
operates within New York state parimutuel betting laws.
 
``It's all interesting, but most of what is being bandied about is hocus
pocus 
at
this point,'' said Jason Ader, an analyst with Bear Stearns & Co. ``It's
a very
scary situation. There's no regulation. There's tremendous potential for
abuse
out there, and maybe a little fun until then.'' 
 
 




News Release (NationsBank): Friday, October 25, 1996
 
NationsBank Announces Service For Trading New And
Used Stored Value Cards 
 
Antiques are too dusty. Model cars are old news. The hot collectible
today?
Stored Value Cards. 
 
NationsBank (NYSE: NB) today announced it will establish a collector
service to support an open, free and knowledgeable marketplace for
buying,
selling and trading new and used NationsBank Stored Value cards. 
 
"Many of our customers have told us that they wanted to collect our
stored
value cards," said Richard F. Shaffner, NationsBank Senior Vice
President.
"We want to respond by providing a professional service that our
customers
and the marketplace can count on for accurate information regarding the
production and availability of new and used NationsBank cards." 
 
The NationsBank Collector Service will provide a variety of services to
collectors: 
 
-- information about NationsBank cards and designs; 
 
-- card reproductions; 
 
-- information about how and where new and used cards may be purchased.
 
The service will also facilitate the sale of new and expired NationsBank
cards
to dealers and collectors. 
 
The bank has also established a set of Stored Value Card Principles that
it
plans to follow in producing and distributing its stored value cards. 
 
"NationsBank was the first bank in the United States to introduce VISA
Cash to the public in 1995, and now is the first card issuer to establish
and
communicate principles designed to protect customers who are card
collectors," said Shaffner. 
 
NationsBank Stored Value Cards provide customers the opportunity to
collect the first samples of an entirely new payment system.
 
The cards include the first VISA Cash card, the series of commemorative
VISA Cash cards from the 1996 Summer Olympic Games, and the
FANCash cards introduced by NationsBank at the 1996 Carolina Panthers
home games. 
 
"These cards are generating a great deal of interest among collectors,"
said
Shaffner. "Some $5 cards are already trading for as much as $300. We want
to make sure that card collectors know that NationsBank's principles for
the
collection of stored value cards are solid and well thought-out." 
 
NationsBank's principles for the issuance of stored value cards state the
bank's position regarding the availability, production, and the
dissemination of
information about each card design. 
 
NationsBank Card Services, with more than $8.3 billion in outstanding
loans,
is the llth largest issuer of Visa and Mastercard credit cards. 
 
NationsBank is the fifth-largest banking company in the U.S. with primary
retail operations in nine states and the District of Columbia. As of
September
30, 1996, NationsBank had total assets of $188 billion. 
 
 


 
Sunday Times (London): October 27, 1996
 
Banks Move into Online Robbery 
 
By David Hewson 
 
There are only two things you can guarantee of a British clearing bank.
First,
that avarice will be its primary motivating force. And second, that it
will
pursue this avarice with such naked stupidity that a three-year-old could
spot
it with his eyes closed. 
 
The announcement that Barclays has decided to enter the world of online
banking is a case in point. 
 
In principle, the idea of handling your finances through a home PC is an
interesting one. Provided the security is tight and there are enough
advantages
to justify the time online, I might even try it myself. But, not in
several 
million
years, the way Barclays has the cheek to suggest. If you want to join the
game, here is what the bank demands that you -- the customer, if I am not
mistaken - will need. First, a computer capable of running Windows 95 --
#1,000 will do nicely if your otherwise adequate 3.1 machines is not up
to
snuff. Second, a modem. Third, a copy of Microsoft Money 97 -- #29.99,
thanks very much. And fourth, a benign desire on your part to save
Barclays
internal transaction costs by doing the work yourself and adding the
ensuing
phone charges, probably long distance, to your BT bill. 
 
And what do you get in return? Well, you can check balances, transfer
money between accounts, settle bills and change standing orders -- all of
which is already possible through 24-hour, voice-based phone banking down
an ordinary line, for a local-call charge, and with someone who is paid
to tap
the keyboard. 
 
Oh, yes. You can also "analyse and display account history using the
in-built
graphics packages". Oh joy. Forget Doom. Let's watch the gas bill turn
from
bar graph to pie chart, all with a click of the mouse. So now you know
why
you bought a home PC... 
 
If more than a thousand or so deluded souls sign up for this package of
dross
I will be truly surprised. The general public may be happily ignorant of
the
more obscure parts of the personal computing world but they do understand
that there are just two reasons to run financial matters on a home PC. It
has
to make life easier, and it must extend your choice. 
 
All Barclays offers over 24-hour phone banking is the marginal curiosity

value of transferring your account information straight into a
personal-finance
package. And in return? You are locked into them with a proprietary
communications package that works with no other bank, and one, moreover,
that forces you to pay the Microsoft tax -- for Money 97 and Windows on
top. 
 
It is difficut to decide whether this is pure ignorance or simply
misguided
greed on Barclays' part. Even the banking industry must have heard of the
Internet. The ostensible reason Barclays has eschewed the Net is that it
is
inherently insecure. This is rather like saying aircraft are inherently
prone to
crash, regardless of how well they are maintained or flown. 
 
There is clear proof that the Net can be made sufficiently secure simply
in the
huge number of American banks now racing to open online services. Take a
look at the beautifully organised Bank of America service
(www.bankamerica.com) and judge for yourself. 
 
What's more, Net banking activities run through a Web browser, can talk
to
Microsoft Money as well as the more popular Intuit Quicken in ex actly
the
same way as Barclays' proprietary code. You get all the bar charts of
your
Visa bills and lose those leg-irons along the way. 
 
Only a bank could believe that it is offering some added value by
allowing
you access to your own money through a PC. The real service online
banking
will offer is beyond the understanding of Barclays. 
 
One day the Net will act as an active, independent, intelligent agent of
choice.
It will shop around for the cheapest loans, mortgages and savings
accounts
across a broad spectrum of providers. The inertia selling of bill-paying,
insurance and other financial services that featherbeds the clearing
banks
today will be gone once you find the magic button marked "Find
cheapest..."
on your Net browser. 
 
Barclays would do well to try to work out how it will survive in that
newly
competitive era instead of trying to enslave further its hapless, captive
customers just as the walls that imprison them start to come down. 
 
 





From security at kinch.ark.com  Fri Nov  1 08:30:43 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Fri, 1 Nov 1996 08:30:43 -0800 (PST)
Subject: 'what cypherpunks is about'
In-Reply-To: <v03007801ae9f73686609@[207.167.93.63]>
Message-ID: <Pine.LNX.3.94.961101082537.497J-100000@kinch.ark.com>


On Fri, 1 Nov 1996, Timothy C. May wrote:
> 
> We mine the copper they have no money to mine and pay them with worthless
> trinkets like penicillin, schools, and roads.
> 
> We are exploiting them.
> 
> Yep, they are better off in a state of natural grace, eating grubs and with
> a life expectancy of 35.
> 
> 
> --Tim May

What a perfectly wonderful narrow point of view. You aren't trolling
are you? I can't believe you are that naive, but perhaps it hurts too
much to see the truth, I know that it hurts me even as I remain
powerless to do anything about it.

cheers, kinch







From doan at cs.uregina.ca  Fri Nov  1 09:00:13 1996
From: doan at cs.uregina.ca (Jason Doan)
Date: Fri, 1 Nov 1996 09:00:13 -0800 (PST)
Subject: Encrypting Hard Disks
In-Reply-To: <19961031.190034.2918.8.edgarswank@juno.com>
Message-ID: <Pine.SGI.3.91.961101105829.13927B-100000@HERCULES.CS.UREGINA.CA>


"Norton your eyes only" works well.

---Jason Doan
---doan at cs.uregina.ca

On Thu, 31 Oct 1996, Edgar W Swank wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> FCri Kaljundi wrote:
> 
> >  Tue, 22 Oct 1996, Michael B Amoruso kirjutas:
> >
> >> Are there any good programs out there that can encrypt my HD??  Since
> >> there probably are, please mention some and where I can get them. 
> Also,
> >> no one mention PGP.
> >
> >F-Secure Desktop from Data Fellows is pretty good. It uses Blowfish
> >algorithm which means it is very fast on 32-bit Windows machines.
> >
> >More information at http://www.datafellows.com/f-secure/
> 
> - - From a quick perusal of the above web site, it appears as though
> F-Secure Desktop offers encryption by file, much like PGP does, only a
> little more automatic.  But an entire encrypted file must be decrypted
> before you can process it and the entire file must then be
> re-encrypted if it is updated.
> 
> - - From http://www.datafellows.com/f-secure/desktop/
> 
>     With the built-in AutoSecure(TM) feature, you can define sets of
>     files, directories, and Windows 95 folders that will be
>     automatically encrypted and decrypted every time you start or
>     close Windows.
> 
> - - From this, it appears encrypted files are decrypted while windows is
> open. Obviously if Windows crashes a lot of plaintext files can be
> left lying around!
> 
> I prefer the methods of SecureDrive
> 
>   http://www.stack.urc.tue.nl/~galactus/remailers/securedrive.html
> 
> or Secure Device
> 
>   ftp://utopia.hacktic.nl/pub/replay/pub/disk/secdev14.arj
> 
> in which data is decrypted "on-the-fly" as it is transferred from
> disk to memory.  The data is -always- encrypted on the disk. Both of
> the above use strong IDEA encryption (same as PGP) and both are
> free for non-commercial use. (Commercial use is possible by paying a
> small royalty to the holders of the IDEA patent; see
> 
>   http://www.ascom.ch/systec
> 
> In contrast, F-Secure Desktop is $99 a copy.
> 
> Edgar W. Swank   <EdgarSwank at Juno.com>
>                  (preferred)
> Edgar W. Swank   <Edgar_W._Swank at ilanet.org>
> Edgar W. Swank   <EdgarSwank at Freemark.com>
> Home Page: http://members.tripod.com/~EdgarS/index.html
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMnjI9t4nNf3ah8DHAQHS0AP/WBYwqv2mJFJgBSIm9XUXMHPhi5WXSsXO
> YkOvyWh2XScQNLUhpYc91eaoJakBIsvREPDA5MIFa7CF3UmSKHagBNuoHxOuy3ZP
> x/eZpHykZyMrIzB/+eg65PFxo9ILaHMBog+qzTKqvCmAOGukegCzo3xbh1rpKswU
> P4WhnYvkQOo=
> =IGk8
> -----END PGP SIGNATURE-----
> 





From jbugden at smtplink.alis.ca  Fri Nov  1 09:10:27 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Fri, 1 Nov 1996 09:10:27 -0800 (PST)
Subject: 'what cypherpunks is about'
Message-ID: <9610018468.AA846878187@smtplink.alis.ca>


At 1:30 AM -0600 11/1/96, snow wrote:
[Re: loans to third world countries]
>     I think it is a wasted effort, but it is better than nothing.
 
"Timothy C. May" <tcmay at got.net> wrote:
Yep, they are better off in a state of natural grace, eating grubs and with a
life expectancy of 35.
 
If seems to me that these discussions are revealing more information about the
message authors than about the topic under discussion.
 
Since we have referred to the supremacy of natural tendencies in many of these
messages, I find it somewhat ironic that we would not want to leave them with a
life expectancy of 35. Evolution and natural selection tends to work faster if
the population experiences rapid turnover. In this regard, extending the life of
individuals is a bad thing for the fitness of the population as a whole.

This seems to me to be yet another example of people's poor ability to estimate
probabilities in a rational and objective way.
 
Most animals sensate (grow old). This is necessary for natural selection to work
on the gene pool. If we manage to eliminate this feature of our existence, we
may become like one of the few species that do not sensate; lobsters for
example.
 
I live confident in the knowledge that my death is necessary to make way for
progress.
 
James
 
Chance
 
If chance be 
the father of all flesh
disaster is his rainbow in the sky
and when you hear
 
State of Emergency!
Sniper Kills Ten!
Troops on Rampage!
Whites go Looting!
Bomb Blasts School!
 
It is but the sound of man
worshipping his maker.
 
Steve Turner








From sunder at brainlink.com  Fri Nov  1 09:33:25 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Fri, 1 Nov 1996 09:33:25 -0800 (PST)
Subject: Q.E.D. reply to petty MESSger
In-Reply-To: <Pine.BSI.3.95.961031003552.25366A-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.91.961101123059.22899B-100000@beast.brainlink.com>


On Thu, 31 Oct 1996, IPG Sales wrote:

> > Get a clue about crypto before claiming others don't know anything.  You 
> > post, I'll answer if I feel like it.  Don't want to waste your time?  
> > Learn some crypto first and ask questions later - don't make blanket 
> > statements that claim an unbreakable cypher or a one time pad when you 
> > don't know what either means.
> > 
> Your didactic nonsense is only exceeded by your ignorance of the
> cryptography subject matter and your arrogance. Your pompous fustigation
> is an indicant of your hyper-inflated fatuous ego.  Sorry but it is not
> even in the same universe as what you dream it to be. Like the fermented
> pear juice one, your information = P log_base_infinity P.
> 
> Like all quacks, you read up on the subject matter, and then hang out your
> shingle and pretend you understand the subject of cryptography. The
> algorithm is out there at:
> 
>            netprivacy.com/algo.html
> 
> Let's see what you can do with it. You are all mouth, and like the lunatic
> fringe of all groups like this, you will come back with the peculated
> response that you do not want to waste your time. That shows your
> intellectual pap, and your intellectual cowardice/dishonesty. Have you
> had brain bypass surgery? Something is loose up there, only you do not
> realize it! By the way, your e-mail address is all messed up - someway it
> says brainlink.com, it is self evident that the "ink" should be "ess."
> 
> With kindest personal regards,

You want me to crack your silly cypher?  Goading me with insults won't 
work.  Pay me to.  It'll cost you at least $8000 before I'll even bother 
with it.  and yes I have seen your page. It's supposedly "pseudo code" 
but looks suspiciously like Visual basic.  Learn a real language!

Give me the full cypher source code in C or C++ and a check for $8000 and 
I'll take a look at the holes.  If not, quit pissing on this list.  
Cypherpunks get paid for their work and time.  We don't crack cyphers for 
free.  I recall the last time you offered your company to whoever cracked 
your lame ass cypher - it was cracked, but how come your company still is 
owned by you?  

Nope, goading and insults won't work.  Pay me up front and THEN I'll 
crack your weak stream cypher.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder at sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!






From wombat at mcfeely.bsfs.org  Fri Nov  1 09:53:27 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Fri, 1 Nov 1996 09:53:27 -0800 (PST)
Subject: 'what cypherpunks is about'
In-Reply-To: <v01520d00ae9faaa2a4be@[158.152.61.59]>
Message-ID: <Pine.BSF.3.91.961101114113.1583A-100000@mcfeely.bsfs.org>


If you have an interest in this, you might want to read "In Banks we 
Trust" by Penny Lernoux. Getting a bit dated, as it was written in the 
early '80's, as I recall, but relevant background info.
-r.w.

On Fri, 1 Nov 1996, Hard Media wrote:

> 
> Oh Oh. I said bad things about Americans...in trouble now.
> 
> Anyways. Here are some figures:
> 
> "In the 20 year period between 1970 and 1989, the external debt of
> developing nations grew from
> $68.4 billion to $1 283 billion, an increase of 1846 per cent. Debt service
> payments increased by 1400 per cent and were in excess of $160 billion by
> the end of the 80s."
> 
> by the way most of this debt is concentrated in South American.
> 
> 
> Zaid
> 
> 
> 
> 





From rah at shipwright.com  Fri Nov  1 10:09:12 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 1 Nov 1996 10:09:12 -0800 (PST)
Subject: mbanx - 128 bit SSL transactions
Message-ID: <v03007801ae9fec9bbbc4@[206.119.69.46]>


Can you say, "regulatory arbitrage"?

I knew you could...

Cheers,
Bob Hettinga

--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: "networks at vir.com" <networks at vir.com>
MIME-Version: 1.0
Precedence: Bulk
Date: Fri, 1 Nov 1996 11:02:33 -0500
From: "networks at vir.com" <networks at vir.com>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: mbanx - 128 bit SSL transactions

I just finished reading about mbanx www.mbanx.com

They're a new bank (owned by the Bank of Montreal)
which offers services including bill payment and
account transfers using the Internet.

One of the most interesting things about their service
is that they only permit transactions using Netscape
with 128 bit SSL.  When I heard that I immediately
assumed that I had to go out and buy it, but apparently
they will supply it to me for free if I don't already have
it (so they said when I talked to them on the phone
anyway).

Unfortunately, they seem to have a $13.00 a month fee,
so it's no wonder they aren't worried about giving you
128 bit Netscape.  It's a shame that despite the
fact that branchless banking is probably saving them
a lot of money on infrastructure, they still feel it's necessary
to charge a premium.  However, I must add that, in the
information I have, it is unclear whether the $13.00 fee
is standard or whether it is an option to replace transaction
charges.  I've got more information coming in the mail
so I'll try and keep everyone posted.

Alan Majer
networks at vir.com



--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From perry at piermont.com  Fri Nov  1 10:27:27 1996
From: perry at piermont.com (Perry E. Metzger)
Date: Fri, 1 Nov 1996 10:27:27 -0800 (PST)
Subject: sorry I'm late...
Message-ID: <199611011826.NAA02929@jekyll.piermont.com>



Sorry I'm about two weeks late getting the new cryptography mailing
list in place. Sameer Parekh volunteered his machines at C2, and as
soon as a couple of residual majordomo issues are resolved the list
will be announced and go on line.

I thank you all for your patience.

Perry





From tcmay at got.net  Fri Nov  1 10:29:18 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 1 Nov 1996 10:29:18 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <199610311716.JAA00988@crypt>
Message-ID: <v03007802ae9fed297e06@[207.167.93.63]>


At 9:16 AM -0800 10/31/96, Hal Finney wrote:

>First I am going to write a little bit about the lore of logarithms.
>I think today a lot of people don't know what they are.  When I was a
>boy, in the 1960's, computers and even calculators were not widely
>available.  Yet engineers in many fields needed to perform
...
>By the time I was in high school calculators were becoming fairly
>widespread, but we still learned how to use log tables to do
>multiplication and division.  Whole books were published containing
>nothing but tables of the logarithms of numbers.  You can still find
>these sometimes in used book stores.  There were lots of tricks to

(These were the "Smoley" books, amongst others.)

Sliderules were just becoming common when I was in high school....

Seriously, only a very few of us had and used sliderules...mine was a big
synthetic K & E (Keuffel and Esser, as I recall). The raging "DOS vs. Mac"
or "RISC vs. CISC" debate of that age was "aluminum" (the yellow Dietzgens)
vs. the old standby, "bamboo." Plus some oddball circular sliderules.

Those of us who used sliderules were sometimes characterized as
"nerds"...perhaps this is why I today have such a strong reation to so many
young programmers and engineers voluntarily calling themselves "nerds" and
"geeks." (The deconstructive, postmodern theory is presumably that they are
"reclaiming" the term, as with dykes and niggers reclaiming those hateful
terms. I still reject this as crap.)

>It's hard for people today, raised on throwaway and even virtual
>calculators, to understand the sense of power that came from using
>logs for calculations.  Until we learned these advanced techniques the
>only accurate alternatives were the terribly tedious hand methods.
>Being able to get results by adding up a few numbers from a book was
>an amazing improvement.

And these tables were of course a major motivation for the development of
computers, going back centuries. Mechanical computation of log tables, and
even Babbage's work, was inspired by this. Ditto for artillery range
tables, some of the earliest applications of the earliest digital computers.

(Precomputation of values, aka "tabling," is of course still a modern
topic. Some of the newer names come out of AI, compiler research, etc. For
example, speculative execution. Not exactly a book of precomputed logs, but
similar.)

Recall that Fermi, von Neumann, and Feynman had a contest at Los Alamos in
WWII, with some problem being computed by Fermi on sliderule, von Neumann
on early versions of computers, and Feynman with log tables and adding
machines. Feynman won, as I recall the story, but presumably only because
von Neumann was not allowed to do it in his head.

(The funny story goes that a problem was going around Los Alamos that goes
like this: two trains are approaching each other on the same track, one
train going
60 mph and the other going 40 mph. When the trains are 100 miles apart, a
fly takes off from one train and flies 200 mph toward the other train, then
turns around and flies back at the same speed, and so on, until the trains
collide. How far does he fly? Von Neumann was asked this, glanced at the
ceiling, and gave the answer (left as an exercise for the reader). The
questioner said, "Oh, Dr. von Neumann, I'm glad you saw the trick and
didn't try to compute the infinite series." Von Neumann replied, "You mean
there's another way?")

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From 72124.3234 at compuserve.com  Fri Nov  1 10:38:21 1996
From: 72124.3234 at compuserve.com (Kent Briggs)
Date: Fri, 1 Nov 1996 10:38:21 -0800 (PST)
Subject: Stanford Patents
Message-ID: <961101183509_72124.3234_IHO92-1@CompuServe.COM>


Has anyone heard anything from the Schlafly vs PKP case?  There
were supposed to be patent validity hearings on Wednesday.  I
don't know if they are still going on, Roger hasn't updated his web
page yet.

Kent Briggs






From frantz at netcom.com  Fri Nov  1 11:09:10 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 1 Nov 1996 11:09:10 -0800 (PST)
Subject: ITAR restricts Financial Cryptography
Message-ID: <199611011908.LAA20178@netcom6.netcom.com>


Just in case anyone still thinks that the ITAR doesn't interfere with the
use of cryptography to protect financial systems from fraud, here is a data
point.

>From Robert Hettinga's e$pam list quoting the set-discuss list:

-----------------------------------------------------------------------
From: "Lewis, Tony" <tlewis at visa.com>
 To: "'set-announce'" <set-announce at commerce.net>,
         "'set-discuss'"
         <set-discuss at commerce.net>
 Subject: Reference code availability update
 Date: Thu, 31 Oct 1996 21:06:34 -0800
 Encoding: 14 TEXT
 Sender: owner-set-talk at commerce.NET
 Precedence: bulk


+----------------------------------------------------+
 Addressed to: set-discuss at commerce.net
 +----------------------------------------------------+
 
 At the SET Open Vendor Meeting, MasterCard and Visa announced that a SET
 reference implementation would be made available. Unfortunately,
 producing the reference code has taken longer than we planned. Our
 current plan is to have it ready by the end of November, 1996.
 
 Because of U.S. export regulations, it will not be possible for us to
 post the reference code for download. Individuals and companies that
 want a copy of the reference code will need to request it. The
 procedures for making such a request will be announced here in
 approximately one week.
 _________________________________________________________________
 Tony Lewis (tlewis at visa.com)
 Chief Systems Architect, Internet Commerce
 Visa International Service Association
 ------------------------------------------------------------------------
 This message was sent by set-discuss at commerce.net.  For a complete listing
 of available commands, please send mail to 'majordomo at commerce.net'
 with 'help' (no quotations) contained within the body of your message.
 

-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz at netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA







From dlv at bwalk.dm.com  Fri Nov  1 11:26:24 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 1 Nov 1996 11:26:24 -0800 (PST)
Subject: perrygram
In-Reply-To: <v03007801ae9f73686609@[207.167.93.63]>
Message-ID: <uu3PwD1w165w@bwalk.dm.com>


"Timothy C. May" <tcmay at got.net> writes:

> At 1:30 AM -0600 11/1/96, snow wrote:
> >Mr. Hassen wrote:
> >> But remember people are NOT sheep and nothing
> >> lasts forever.
> >
> >     Yes, they are, and death does.
> >
> >     Loans to third world counties are made (obstensively) to help industry
> >and farming to be developed, and to improve the conditions of the people. It
> >rarely works that way, and I think it is a wasted effort, but it is better
> >than nothing.
> 
> We mine the copper they have no money to mine and pay them with worthless
> trinkets like penicillin, schools, and roads.
> 
> We are exploiting them.
> 
> Yep, they are better off in a state of natural grace, eating grubs and with
> a life expectancy of 35.
> 
> 
> --Tim May


What is the cryptographic relevance of the above-quoted piece?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From gary at systemics.com  Fri Nov  1 11:29:10 1996
From: gary at systemics.com (Gary Howland)
Date: Fri, 1 Nov 1996 11:29:10 -0800 (PST)
Subject: Development of an Open and Flexible Payment System
Message-ID: <199611011929.UAA20581@internal-mail.systemics.com>


Information on our payment system is now available:

	Development of an Open and Flexible Payment System

	Abstract: The Internet is in need of a simple, open, flexible
	and secure payment system. Many payment systems that currently
	exist are either proprietary, insecure, inflexible or all three.
	This paper examines the types of payment system in use today, the
	payment system requirements of Systemics Ltd., an overview of the
	Systemics Open Transaction (SOX(tm)) payments system that was
	developed, and a summary of how this system met the requirements.

	The SOX payment system is currently in live use for a bond trading
	system, and a reference implementation will shortly be made
	available on the Internet.

	http://www.systemics.com/docs/sox/overview.html





From jya at pipeline.com  Fri Nov  1 11:32:47 1996
From: jya at pipeline.com (John Young)
Date: Fri, 1 Nov 1996 11:32:47 -0800 (PST)
Subject: NSA Report on Anonymous E-Cash
Message-ID: <1.5.4.32.19961101193126.006bf3a4@pop.pipeline.com>


We've put the NSA report, "How To Make A Mint: The Cryptography
of Anonymous Electronic Cash, June, 1996" at:

     http://jya.com/nsamint.htm   (84 kb)

It argues the dangers of anonymous cash and how to combat it.

Thanks to the authors, Laurie Law, Susan Sabett and Jerry
Solinas, NSA; Thomas Vartanian, Fried, Frank; and anonymous 
others.






From abostick at netcom.com  Fri Nov  1 11:38:03 1996
From: abostick at netcom.com (Alan Bostick)
Date: Fri, 1 Nov 1996 11:38:03 -0800 (PST)
Subject: Montgolfiering Spoof
In-Reply-To: <199611010919.KAA04730@basement.replay.com>
Message-ID: <dBley8m9LgDZ085yn@netcom.com>


In article <199611010919.KAA04730 at basement.replay.com>,
nobody at replay.com (Anonymous) wrote:

> I know the author rather well, and he assures me he dashed off this
> satirical piece in about as much time as he takes to write his normal
> articles. He tells me that once he had "grokked" the inimitable (not) style
> of Don Wood, it was easy to write a screed that echoed Wood's wackiness.
> 
> Of course, for people who read satire on this list, the initials at the end
> are a clue. But don't publish who you think it is, as KVFP doesn't want a
> lawsuit from Wood for hurting Wood's feelings.
> 
> --KVFP

You don't fool us one bit, Detweiler.

-- 
Alan Bostick               | "Dole is so unpopular, he couldn't sell beer on
mailto:abostick at netcom.com | a troop ship." (Ohio Republican Senator William
news:alt.grelb             | Saxbe on Bob Dole's early career in the Senate)
http://www.alumni.caltech.edu/~abostick
http://www.theangle.com/  The first site with a brain.  Yours.





From tcmay at got.net  Fri Nov  1 12:36:40 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 1 Nov 1996 12:36:40 -0800 (PST)
Subject: Moneychangers and Shylocks
Message-ID: <v03007800aea00d0732bc@[207.167.93.63]>



There've been a couple of "you must be trolling us" responses to my point
about the First World spending money in the Third World not being
exploitation ("and we give them worthless trinkets like penicillin,
schools, and roads").

I happen to believe economic development is a positive good. Were I living
in a shantytown or favelo on the outskirts of some Third World town, I
would want at least the _chance_ of eventually having running water,
electricity, health care, and opportunity for me and my family, Arguing
that native peoples were better off before the arrival of Europeans is
fatuous nonsense--you can't go home again.

Further, many of the leftist critiques of "moneylending as exploitation"
are similar to past (and current) demonizations of moneychangers,
moneylenders, shylocks, and other assorted stereotypes.

I don't favor nationalistic lending and borrowing policies, which, for
example, involve some central government borrowing money, sending the
borrowed funds to personal Swiss bank accounts, and then sticking the
nominal taxpayers with the debt. Nothing I have said here endorses this.

But much lending is useful. It's the way factories get built, the way
things get done.

Much of the criticism of "moneylenders" is closely related, if you think
about it, to criticism of "money launderers." Cypherpunks should relish the
rise of new mechanisms for money laundering, moneylending, tax evasion, etc.

I took the "Wired" quote about Walter Wriston "sounding like a cypherpunk"
to represent this new view, in explicit contrast to his earlier views when
he headed Citibank and they had a more statist approach.

Your mileage may vary, but tired homilies about lending being exploitation
are not very useful in this day and age.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jer+ at andrew.cmu.edu  Fri Nov  1 12:53:25 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Fri, 1 Nov 1996 12:53:25 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007802ae9fed297e06@[207.167.93.63]>
Message-ID: <0mSaAA200YUd1PIBY0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

"Timothy C. May" <tcmay at got.net> writes:
> At 9:16 AM -0800 10/31/96, Hal Finney wrote:
<snip>
> Sliderules were just becoming common when I was in high school....
> 
> Seriously, only a very few of us had and used sliderules...mine was a big
> synthetic K & E (Keuffel and Esser, as I recall). The raging "DOS vs. Mac"
> or "RISC vs. CISC" debate of that age was "aluminum" (the yellow Dietzgens)
> vs. the old standby, "bamboo." Plus some oddball circular sliderules.
> 
> Those of us who used sliderules were sometimes characterized as
> "nerds"...perhaps this is why I today have such a strong reation to so many
> young programmers and engineers voluntarily calling themselves "nerds" and
> "geeks." (The deconstructive, postmodern theory is presumably that they are
> "reclaiming" the term, as with dykes and niggers reclaiming those hateful
> terms. I still reject this as crap.)

What's there to reject in "Yeah, I'm happy with what I want, so fuck
you?" (Which is essentially what this reclaming stuff is). Of course,
I see nothing wrong with rejecting postmodernist intellectuals :-) but
they have stolen some good ideas.

<comments re: tables snipped>
> (Precomputation of values, aka "tabling," is of course still a modern
> topic. Some of the newer names come out of AI, compiler research, etc. For
> example, speculative execution. Not exactly a book of precomputed logs, but
> similar.)

Let's not forget memoizing, either. Kinda space ineficient, but with a
decent virtual memory system you can cache perviously-used solutions
and go real fast. Hmmm, like, say you were for some reason trying to
factor a multitude of large composites. Precomputing everything would
probably be rather inefficient, but once you've factords something,
why throw it away? (I knew there would be some crypto relevance in
here :-)

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMnpjBckz/YzIV3P5AQEpWgMAl8PkPlrY/s84JGnuoiX7gPXMfjQlo+fZ
tBxJVg6FP9EVB5ASL2FDk3s8butKC6FP7SpJZOSzmUSExawzFpuHW1IZc5efxhBR
Cyzjj1ybUhEUGPHlBhrqbTXU5EzI5iB5
=m5oK
-----END PGP SIGNATURE-----





From frantz at netcom.com  Fri Nov  1 13:24:02 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 1 Nov 1996 13:24:02 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
Message-ID: <199611012123.NAA07411@netcom6.netcom.com>


At 10:30 AM 11/1/96 -0800, Timothy C. May wrote:

>Sliderules were just becoming common when I was in high school....
>
>Seriously, only a very few of us had and used sliderules...mine was a big
>synthetic K & E (Keuffel and Esser, as I recall). The raging "DOS vs. Mac"
>or "RISC vs. CISC" debate of that age was "aluminum" (the yellow Dietzgens)
>vs. the old standby, "bamboo." Plus some oddball circular sliderules.

Slide rules are still, IMHO, the best calculator to keep in a car for
calculating gas mileage.  They are rugged, have no batteries, are not
attractive to thieves, and have sufficient accuracy for the problem.  They
also teach the logarithm relation, which is valuable for understanding the
physical universe.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz at netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA







From jer+ at andrew.cmu.edu  Fri Nov  1 14:13:11 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Fri, 1 Nov 1996 14:13:11 -0800 (PST)
Subject: Moneychangers and Shylocks
In-Reply-To: <v03007800aea00d0732bc@[207.167.93.63]>
Message-ID: <0mSbKI200YUd1PI0w0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

"Timothy C. May" <tcmay at got.net> writes:
> There've been a couple of "you must be trolling us" responses to my point
> about the First World spending money in the Third World not being
> exploitation ("and we give them worthless trinkets like penicillin,
> schools, and roads").
> 
> I happen to believe economic development is a positive good. Were I living
> in a shantytown or favelo on the outskirts of some Third World town, I
> would want at least the _chance_ of eventually having running water,
> electricity, health care,

Not that you can really know... I have been to East Africa (Tanzania),
and have seen the conditions of both the rich, the poor, and the
rural. First off, it's at best difficult to compare happiness. I mean,
at the extreme you have the Taoist philosophy that happiness is
constant, which has more than a kernel of truth to it. If you're
living out in the sticks, you don't expect to live past 35, so what's
the biggie if you don't? However, I'm not quite that nihilist, and so
I try to make some judgements about who is happier than who.

To start off with, you say you want the chance of getting a "better"
life. Here there's some difficulty in defining a reasonable chance.
The chance of someone in a Dar Es Salaam shanty being able to move
into better accomodations in the city is zero. Really, truly, zero.
Those who are in power have no interest in letting somone take their
power away. The elite is closed. The best that a shanty resident can
do is hope to be able to support one more child. (This is not as
unimportant as it might seem to some westerners. It's a big thing to
have many {male} children in most of Africa.) So, it could be argued
that the presence of wealth just taunts the underclass in that sort of
situation.

My impression was that rural folks are the happier. They have a more
supportive society, less crime, and don't really have much of a
shorter lifespan thant the city folk.

> and opportunity for me and my family, Arguing
> that native peoples were better off before the arrival of Europeans is
> fatuous nonsense--you can't go home again.

Not true. "Society" has passed through Africa many times, the people
revert to their previous ways.

> Further, many of the leftist critiques of "moneylending as exploitation"
> are similar to past (and current) demonizations of moneychangers,
> moneylenders, shylocks, and other assorted stereotypes.
>
> I don't favor nationalistic lending and borrowing policies, which, for
> example, involve some central government borrowing money, sending the
> borrowed funds to personal Swiss bank accounts, and then sticking the
> nominal taxpayers with the debt. Nothing I have said here endorses this.

But that's the only way it hapens in the third world. The only time
foreign aid is not gutted by corrupt beaurocrats is when the
Westerners go there and manage the projects themselves. This is quite
different from a loan.
 
> But much lending is useful. It's the way factories get built, the way
> things get done.

Heh, have you ever *seen* a third world factory 10 years after it was
built. Nice bit of scap, that.

> Much of the criticism of "moneylenders" is closely related, if you think
> about it, to criticism of "money launderers." Cypherpunks should relish the
> rise of new mechanisms for money laundering, moneylending, tax evasion, etc.
> 
> I took the "Wired" quote about Walter Wriston "sounding like a cypherpunk"
> to represent this new view, in explicit contrast to his earlier views when
> he headed Citibank and they had a more statist approach.
> 
> Your mileage may vary, but tired homilies about lending being exploitation
> are not very useful in this day and age.

I dunno, pearls befre swine still applies. It's not that I think
lending is bad, but large economic development loans to thrild world
countries continue to support corruption and oppression, and not much
else. 

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMnp1j8kz/YzIV3P5AQGLYAMAwbYlr4FpEaKHdiCQ3Vkit5afi77LrB90
kFx0Q49ev6em7MvfLtZZBeg4r1f4EITbWV+ktGrzF4vEMW8r4TkMl05yb06JLL2j
JsEYLxbnCRJBfoZ8rzpC4me2JxZf66vH
=spX/
-----END PGP SIGNATURE-----





From minow at apple.com  Fri Nov  1 16:19:23 1996
From: minow at apple.com (Martin Minow)
Date: Fri, 1 Nov 1996 16:19:23 -0800 (PST)
Subject: New Bihman-Shamir Fault Analysis Paper
In-Reply-To: <v03007804ae9e6eb1b360@[204.246.66.47]>
Message-ID: <v03007800aea040ab78e7@[17.202.40.158]>


There is an inherent conflict between two claims that are
central to the fault-analysis paper(s):
   "the secret key [is] stored in a tamperproof cryptographic device"
and
   "the cryptographic key is stored in an asymmetric type of
    memory, in which induced faults ..."

If the device is truly tamperproof, the attacker should not
be able to induce faults.  Even given susceptable "consumer-
quality" devices, it would be trivial to store the cryptographic keys
in a redundant memory configuration, such as ECC "error-correcting
code" memory that can self-correct a range of failures and detect
a much wider range. It would also seem reasonable to protect the
cryptographic core (algorithms and data) with a digital signature
that would "crash" the device, rather than proceed with incorrect
key information.

My naive reading of the attack suggests that storing the cryptographic
key together with its one's complement would minimize the chance that
an attacker can exploit asymmetric fault inducement.

Finally, I'm curious whether this attack would work on masked ROM
or fusable-link (one-time programmable) PROMs (not EPROMs that have
no reprogramming window). These are more likely to be used in
production devices than EEPROMs, if only for cost-savings.

Martin Minow
minow at apple.com









From azur at netcom.com  Fri Nov  1 16:29:06 1996
From: azur at netcom.com (Steve Schear)
Date: Fri, 1 Nov 1996 16:29:06 -0800 (PST)
Subject: White House crypto proposal -- too little, too late
Message-ID: <v02130502aea03e5cb753@[10.0.2.15]>


>> Are there any current import restrictions for products on can legally
>> manufacture, sell, and use in the United States?
>
>Sure. Firearms. The Gun Control Act of 1968 bans the importation of
...
[snip]
>
>What does all that have to do with crypto? It is the *same* issue. In the
>government's view, crypto is a danger to their future plans, just as
>firearms are. Do you think it is a coincidence that crypto is listed as a
>munition? Think about it for just a moment. Crypto is a weapon in the
>hands of the people. And that's what Cypherpunks is all about.
>
>Starting from import restrictions, you will see restrictions on size of
>keys (=maximum rounds in the magazine, now set at 10, proposed to be
>lowered to six), who may own it (no felons, people convicted of certain
>misdemeanors), who may sell it and how it can be purchased (must provide
>identification, sales will be logged). I guess you can figure out the rest.
>
>--Lucky

Yes, but crypto is one of the first intangible 'munitions'.  It is much
easier to constrain physical items than data.  That is why anonimity,
especially financial transaction anonymity, is so aboherant to LE.


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur at netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

                          Hacker Opportunities
                        (Let's Make Lots Of Money)

I've got the brains, you've got the tricks
Let's make lots of money
You've got the code, I've got the hooks
Let's make lots of ...

I've had enough of scheming and messing `round with jerks
My crypto code's compiled, I'm afraid it doesn't work
I'm looking for a partner, someone who gets things fixed
Ask yourself this question: do you want to be rich?

I've got the hacks, you've got the keys
Let's make lots of money
You've got the code, I've got the hooks
Let's make lots of money

You can tell I'm educated, I studied at CalTech
Doctored in mathematics, I could've been set
I can program a computer, choose the perfect time
If you've got the inclination, I have got the crime

Ooooh, there's a lot of opportunities
If you know when to take them, you know
There's a lot of opportunities
If there aren't, you can make them (Make or break them)

I've got the brains, you've got the tricks
Let's make lots of money
Let's make lots of ...

You can see I'm single-minded, I know what I could be
How do you feel about it? Come, take a walk with me
I'm looking for a partner regardless of expense
Think about it seriously, you know it makes sense

Let's (Got the brains)
Make (Got the tricks)
Let's make lots of money (Money)
Let's (You've got the code)
Make (I've got the hacks)
Let's make lots of money (Money)
I've got the brains (Got the hooks)
You've got the code (Got the keys)
Let's make lots of money (Money)
Money! 







From azur at netcom.com  Fri Nov  1 16:34:00 1996
From: azur at netcom.com (Steve Schear)
Date: Fri, 1 Nov 1996 16:34:00 -0800 (PST)
Subject: White House crypto proposal -- too little, too late
Message-ID: <v02130501aea03d0a67fe@[10.0.2.15]>


>Are there any current import restrictions for products on can legally
>manufacture, sell, and use in the United States?
>
>Thanks.

Yes, all products which may create RF radiation (e.g., personal computers)
are required to pass FCC certifications (e.g., Part 15).  Also, telephone
equipment (e.g., modems) must pass other Part 15 provisions before they may
be sold in the U.S. to interconnect with our public switched network.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear             | Internet: azur at netcom.com
Lamarr Labs              | Voice: 1-702-658-2654
7075 West Gowan Road     | Fax: 1-702-658-2673
Suite 2148               |
Las Vegas, NV 89129      |
---------------------------------------------------------------------

Internet and Wireless Development

Vote Liberatrian!







From whgiii at amaranth.com  Fri Nov  1 16:53:04 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Fri, 1 Nov 1996 16:53:04 -0800 (PST)
Subject: Cranky Listserver?
In-Reply-To: <327A1159.131@gte.net>
Message-ID: <199611020204.UAA14042@mailhub.amaranth.com>


In <327A1159.131 at gte.net>, on 11/01/96 at 07:03 AM,
   Dale Thorn <dthorn at gte.net> said:

>Anonymous wrote:
>> Is anyone else having trouble getting their posts picked up on the list?
>> Messages I send to: cypherpunks at toad.com sometimes have to reposted as
>> many as three times before I see them in my incoming list traffic.

>Try waiting longer, even a day or two, before reposting.

>It really saves on the duplicate traffic!!

>The interconnectedness of the various internet servers, plus the usual anomalies of
>electronics and real-world software, mean you can't predict when a particular
>posting will "come through".

I'v noticed a 6hr delay for my messages to get posted. Or atleast that's how long it
takes before I get a copy back here.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: Dos: Venerable.  Windows: Vulnerable.  OS/2: Viable.






From gnu at toad.com  Fri Nov  1 17:27:03 1996
From: gnu at toad.com (John Gilmore)
Date: Fri, 1 Nov 1996 17:27:03 -0800 (PST)
Subject: Bernstein hearing, Nov 8, 10:30AM: injunction against export controls
Message-ID: <199611020127.RAA01285@toad.com>


Watch the noose tighten around the scrawny neck of the vile crypto
export controls!  Be part of reclaiming your freedom to teach
cryptography and to share your crypto expressions worldwide!  Garb
yourself in a ritual costume used by powerful and famous people!  See
the smooth Justice Department minion who lost the Communications
Decency Act case once again fail to suppress free speech!  Meet
renowned East Coast lawyer Robert Corn-Revere, who helped Phil
Zimmermann face down ITAR prosecution!

Next Friday, 8 November 1996, at 10:30AM we will join forces at Yet
Another Hearing in the case of Dan Bernstein v. Large Government
Agencies.  Convene at the Federal Building in San Francisco, 450
Golden Gate Avenue, in the courtroom of Judge Marilyn Hall Patel.
We'll recognize each other because we'll all be dressed like lawyers.

We will follow the formal proceedings with a group lunch at Max's
Opera Plaza, a block away at Van Ness Avenue and Golden Gate Avenue.
Or come prepared to suggest a walkable alternative eatery more to your
liking, and we can go there instead.

Dan would like to teach a class in cryptography in the upcoming winter
semester, but is afraid that teaching it in the ordinary way (posting
his class materials on the Web, etc) would violate the ITAR.  He
thinks that the ITAR is unconstitutional, and that altering his
ordinary teaching because of a threat of ITAR prosecution is a
"chilling effect" on his constitutional rights of free expression and
academic freedom.

Because it's not clear whether the earlier, broader, motions that we
argued in September will be decided by the time of his class, he has
asked the judge for a "preliminary injunction", a court order in the
following form:

	    2. Defendants are ENJOINED from investigating or
    prosecuting under the Arms Export Control Act (AECA) 22 U.S.C.
    2778 et seq., and the International Traffic in Arms Regulations
    (ITAR), 22 C.F.R. 120 et seq., or any export control statute or
    regulation which would require prepublication licensing of any
    teaching or scientific exchange activities, the following persons:
		    a. Plaintiff, and
		    b. Plaintiff's students, and
		    c. Any person who receives technical data,
    cryptography software or defense services from Plaintiff or his
    students; when such technical data, cryptography software or
    defense services were given or received as part of teaching or
    scientific exchanges during or in preparation for the cryptography
    course to be taught by Plaintiff during the Spring, 1997 semester
    at the University of Illinois at Chicago.
	    3. Defendants are further ENJOINED from requiring
    licensure, approval, registration, reporting or the fulfillment of
    any requirements of the AECA, ITAR or any export control statute
    or regulation which would require prepublication licensing of any
    teaching or scientific exchange activities, the [same] persons...

We tried to get the Government to agree to this without getting the
judge involved, but despite their protests that they don't control
academic activities, they would not agree.  So here we go with another
"Cypherpunks Dress-Up Day" on a Friday morning in San Francisco.

Robert Corn-Revere <rcr at dc1.hhlaw.com> has recently joined the
Bernstein legal team.  He wrote the excellent arguments for this
motion, and will attend the hearing.  Here's a sample of his prose.

	Despite repeated denials that the Government is restricting
    academic freedom, Defendants display a striking enthusiasm for
    defining the limits of "appropriate" academic inquiry and
    communication.  Without directly disputing the fact that computer
    software and source code *is* speech, or that access to such
    software is essential to Prof. Bernstein's course on cryptography,
    or that consultation with other researchers in the field
    (generally via the Internet) is part of the normal academic
    process, or that posting such materials for students on the World
    Wide Web is standard academic practice, Defendants baldly assert
    that such activities have "nothing to do with teaching a class in
    Chicago."  PI Opp at 1.  Indeed Defendants state categorically
    that "the principle of 'academic freedom' does not authorize
    Plaintiff to transmit abroad [cryptographic software], *even if
    his own purpose is merely to convey some theory implicit in the
    software*."  Id. at 22-23 (emphasis added).
...    
	...The Government's argument essentially collapses to the
    proposition that if it is not restricting speech in *all* cases,
    it is not engaging in censorship in *some* cases.  Yet in every
    case with which the Plaintiff is familiar in which cryptographers
    have consulted the Government (or otherwise been brought to the
    Government's attention), the officials who administer the ITAR
    scheme have counseled caution, have initiated investigations and
    have subjected publications to the CJ process.  In this respect,
    Defendants have instituted a kind of "don't ask/don't tell" policy
    for cryptography. ...  If anything, such an informal approach
    causes greater concern, since the law is clear that sporadic or
    discretionary enforcement of a policy that restricts speech
    creates a more significant First Amendment problem than does
    uniform enforcement.
...
	The Government's Opposition borders on the schizophrenic.
    Defendants repeatedly assert that teaching a class on cryptography
    or making software available to students are not "regulated by the
    Government", PI Opp at 1, yet just as repeatedly describe the
    conditions under which the very same activities are regulated by
    the ITAR.  The Government maintains that it "is not threatening to
    prosecute Plaintiff or anyone for teaching cryptography," Id. at
    2, yet continues to argue that the course plan Prof. Bernstein is
    proposing would violate the export controls.

As background, Dan Bernstein, ex-grad-student from UC Berkeley, is
suing the State Department, NSA, and other agencies, with help from
the EFF.  These agencies restrained Dan's ability to publish a paper,
as well as source code, for the crypto algorithm that he invented.  We
claim that their procedures, regulations, and laws are not only
unconstitutional as applied to Dan, but in general.  Full background
and details on the case, including all of our legal papers (and most
of the government's as well), are in the EFF Web archives at:
    http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case.
[Actually, not all the paperwork for this Preliminary Injunction is
online yet, but we hope it will be by the time you read this...]

Like Phil Karn's and Peter Junger's cases, this lawsuit really has the
potential to outlaw the whole NSA crypto export scam.  We intend to
make your right to publish and export crypto software as well-
protected by the courts as your right to publish and export books.  It
will probably take more years, and an eventual Supreme Court decision,
to make it stick.  But perhaps at this hearing we can make it legal
for one teacher to teach crypto using the Web this winter.

Please make a positive impression on the judge.  Show her -- by
showing up -- that this case matters to lots of people.  Most court
cases have nobody in the audience.  Demonstrate that her decision will
make a difference to society.  That the public and the press are
watching, and really do care that she handles the issue well.

We'll have to be quiet and orderly while we're in the courthouse.
There will be no questions from the audience (that's us), and no
photography, but the session will be tape-recorded and transcribed.
You can take notes if you like.

So, here's your excuse to put on a nice costume, take the morning off,
and pay a call on the inner sanctum of our civil rights.  See you there!

	John Gilmore

PS:  If you can't come, you can still contribute.  Become an EFF
member; see http://www.eff.org/join.





From snow at smoke.suba.com  Fri Nov  1 17:31:00 1996
From: snow at smoke.suba.com (snow)
Date: Fri, 1 Nov 1996 17:31:00 -0800 (PST)
Subject: [noise] Re: Montgolfiering, the Hot Air Balloon of Cryptography
In-Reply-To: <199610292117.WAA10630@basement.replay.com>
Message-ID: <199611020146.TAA00470@smoke.suba.com>


> Fie on the small minds that cackle at my brilliance! As a Mensa member and
> founder of the Society for Superintelligent Former NSA Employees, I chortle
> at the baseness of callow criticisms by those doubters and dilletantous
> denigrators of virtual one-time pads and PRNGs (perfect random number
> generators).
> 
> Montgolfiering. What is it, you ask? It is demonstrably a new paradigm in
> the evolution of homo sapiens (Parry Messger excepted) toward Shannon's
> dream of a one-time pad needing only a single, easily memorizable number as
> a seed. I have heard only silence when I challenged the so-called
> superbrains of this latargial list to try to determine which number I am
> using as the seed of my system. If you are such great smarty pants, far

     Put the dictionary down, and back away slowly...


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From ichudov at algebra.com  Fri Nov  1 18:09:32 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Fri, 1 Nov 1996 18:09:32 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <199611012123.NAA07411@netcom6.netcom.com>
Message-ID: <199611020206.UAA00247@manifold.algebra.com>


Bill Frantz wrote:
> 
> Slide rules are still, IMHO, the best calculator to keep in a car for
> calculating gas mileage.  They are rugged, have no batteries, are not
> attractive to thieves, and have sufficient accuracy for the problem.  They
> also teach the logarithm relation, which is valuable for understanding the
> physical universe.
> 

Gas mileage is easy enough to calculate without any devices.

	- Igor.





From ravage at einstein.ssz.com  Fri Nov  1 18:27:25 1996
From: ravage at einstein.ssz.com (Jim Choate)
Date: Fri, 1 Nov 1996 18:27:25 -0800 (PST)
Subject: WWII & Japan (fwd)
Message-ID: <199611020228.UAA04357@einstein>



Forwarded message:

> > Again they knew something was up, just not where.
> 
> You may well be right, but there are seemingly serious
> historians who claim otherwise. Since you have studied 
> the subject for 30 years I would be interested in your
> comments on the book 'Infamy' by John Toland (1982).

I like Toland a lot. I do not accept what he says without reservation.

> I remember being very taken by his arguments when I
> read it. He has extensively studied the protocols from
> the post war hearings and military court proceedings
> dealing with the subject (and they were plentiful)
> interviewed many of the involved persons years after.

The war trials for the Japanese were compromised by a variety of political
intrigues. Ranging from political issues regarding the best way to govern
the war torn country (ie can't kill too many of them or the Japanese will
simply pick up weapons again with an estimated 1,000,000 US dead as a
result) to the biological weapons that were developed which were quite
useful for the Allies sans the Soviets. 

> According to Toland:
> 
> The US president, selected members of his cabinette and a
> few admirals and generals knew - from Magic and the 'winds'
> execute, radio traffic analysis, diplomatic sources, double
> agents - exactly when and where the Japaneese were going to
> attack, but didn't warn Hawaii, fearing that too efficient
> counter-measures by the Oahu military might make the attack
> abort and so not convince the isolationists. The unexpected 
> tactical capabilities of the Japaneese armada then made a
> cover-up all the more important.

Hawaii appears in *NO* MAGIC transmissions of that time period. If you,
Toland, or anyone else can give specifig MAGIC intercepts I would be greatly
appreciative. The MAGIC intercepts did mention Borneo, The Ka Peninsula, and
the Phillipines (where the B-17's were headed that were destroyed at Pearl).

The radio traffic analysis, ship movement analysis, etc. did not point to a
specific target (how could they considering the breath of the Japanese
opening attacks all over the Pacific) only that the Japanese were serious.

The isolationists were never convinced (eg Lindbergh) that war was the right
thing to do.

There was nothing unexpected about the tactics. There were two previous test
of shallow water torpedo attacks, both successful. The first was by the British
and the second was by the US at Pearl (how is that for irony?) which was
attended by Japanese observers. The heads of state and military did not
seriously believe Hawaii was a realistic target and therefore looked
elsewhere.

Sun Tzu says the first target in war is your opponents mind, the Japanese
took it to heart.

                                                  Jim Choate






From tcmay at got.net  Fri Nov  1 18:42:37 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 1 Nov 1996 18:42:37 -0800 (PST)
Subject: New Bihman-Shamir Fault Analysis Paper
In-Reply-To: <v03007804ae9e6eb1b360@[204.246.66.47]>
Message-ID: <v03007801aea06461b8d2@[207.167.93.63]>


At 4:18 PM -0800 11/1/96, Martin Minow wrote:
>There is an inherent conflict between two claims that are
>central to the fault-analysis paper(s):
>   "the secret key [is] stored in a tamperproof cryptographic device"
>and
>   "the cryptographic key is stored in an asymmetric type of
>    memory, in which induced faults ..."
>
>If the device is truly tamperproof, the attacker should not
>be able to induce faults.  Even given susceptable "consumer-

OK, so the authors might have better used the phrase "putatively
tamperproof." Or the more accepted modern phrase, "tamper-resistant."

As with safes, castles, and "bulletproof vests," all claims of absolute
security are dubious.

What the Bellcore and Biham-Shamir (and other, reportedly) attacks have
done is to show another vector by which "tamperproof" is not.

>quality" devices, it would be trivial to store the cryptographic keys
>in a redundant memory configuration, such as ECC "error-correcting
>code" memory that can self-correct a range of failures and detect
>a much wider range. It would also seem reasonable to protect the
>cryptographic core (algorithms and data) with a digital signature
>that would "crash" the device, rather than proceed with incorrect
>key information.

Faults can be induced as well in logic devices. I agree that redundancy can
be added to logic devices (I worked on this for Intel a while back), but
this would require an almost complete re-doing of smartcard processors.
(For starters, imagine implementing triple redundancy in smartcards....not
cheap.)

Again, what these recent attacks show is a theoretical avenue by which
nominally tamper-resistant cards may have their defenses breached. Whether
this is an important threat depends on a bunch of factors. Whether
cardmakers change their chips also depends on a bunch of factors.

--Tim May


P.S. A while back there were a bunch of posts with the title "Professor
Shamir Arrested." Was it ever established whether or not the arrested
Shamir was in fact _our_ Adi Shamir? And what the charges were?






"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From dthorn at gte.net  Fri Nov  1 19:48:20 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 1 Nov 1996 19:48:20 -0800 (PST)
Subject: Computer Security Risk Assessment Software?
In-Reply-To: <9611010101.AA15878@su1.in.net>
Message-ID: <327AA793.4A4B@gte.net>


Frank Willoughby wrote:
> Methinks "Ross Wright" <rwright at adnetsol.com> wrote:
> >On or About 31 Oct 96 at 12:19, Dr.Dimitri Vulis KOTM wrote:
> >> which I assume is NOT what you have in mind :-) Do you mean
> >> something that'll take a survey of a company's computer security

> >Boom.  Nail, head, one shot!!!!  What's on the market now in that area?

> >> and assess the risk (like Stan) or something more global?

> >The issues are:
> >Information Risk Assessment and Management and also Information Security Assessment.

> >> AFAIK, there's no tool on the market to help in all aspects of risk management
> >> even for a small outfit, because there are so many sources of risk. There
> >> are many good specialized packages.

> I beg to disagree. Tools, like checklists, are ok as far as a memory jogger goes (to
> make sure that you haven't overlooked something) but there is no way they can replace
> an assessment or audit by a seasoned Information Security Officer or professional.
> ISOs have eyes, ears, fingers, and a mind. Tools don't.

[snip]

> The solutions to the above-mentioned problems are:
> Shop around.  Find out which consultants are qualified and what they charge.
> Make sure the consultant caps his cost.  You should know the maximum price tag
> associated with the consulting engagement BEFORE the consultant walks in the front
> door.  This helps to avoid having the consultant camp on your doorstep at $XXX
> dollars per hour for days, weeks, or months on end.

The above is a nice ideal.  You should of course get a "really good" consultant,
and even better, get one who's "real honest".  But my guess is those guys cost the
most of all, or at the very least, require the most research to find.

The ideal of capping the cost is commendable as well, however, when the consultant
finds midway through the project that his initial estimate (made as carefully as he
possibly can) is way too low, he will now have an incentive to lie, cut corners, etc.,
*particularly* if the customer looks like one of those antsy types who might withhold
payments and so on.

My advice:  Get a consultant to find a good IT consultant.  Seriously.







From dthorn at gte.net  Fri Nov  1 19:48:32 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 1 Nov 1996 19:48:32 -0800 (PST)
Subject: 'what cypherpunks is about' [RANT]
In-Reply-To: <199610260031.BAA13872@typhoon.dial.pipex.net>
Message-ID: <327AC3A7.653D@gte.net>


Timothy C. May wrote:
> At 1:30 AM -0600 11/1/96, snow wrote:
> >Mr. Hassen wrote:
> >> But remember people are NOT sheep and nothing lasts forever.

> > Yes, they are, and death does.

> >Loans to third world counties are made (obstensively) to help industry and farming
> >to be developed, and to improve the conditions of the people. It rarely works that
> >way, and I think it is a wasted effort, but it is better than nothing.

> We mine the copper they have no money to mine and pay them with worthless trinkets
> like penicillin, schools, and roads.  We are exploiting them. Yep, they are better
> off in a state of natural grace, eating grubs and with a life expectancy of 35.

Since this is such a perfect example of making unfair judgements about other people's
lives (you do agree that their lives are their own, I hope), I'll add a comment:

There is nothing wrong with having a life expectancy of 35, if you grow up in a society
where the normal lifespan is 35.  To say that it's "bad", and that we "simply must"
dispense our technology upon "them" is bogus.  Sure, most techno-freaks would leap at
the chance to expand their own lifespans to, say, 200+ years (with good health), and
acquire nifty advanced techno devices as well should some unforseen advanced race or
species dispense that stuff on us.

But think about that for a minute.  You can't assume that the visitors are going to
let you just have all of that, and all you have to do is work hard and suck up to them
and you'll be rewarded, etc.

"Those people" in "those countries" are where they are not because they don't have
money and technology per se, it's because of what's in their minds.  I'll support a
neighborly approach when that's what we're talking about, but you and me aren't going
over "there" with the Boy Scouts to lend them a hand, now, are we?  No, we're going
to collect taxes and send the Government instead.

Everybody fantasizes about something for nothing, even when the fantasy is U.S. giving
"those people" something they "really need".  Fooey.






From dthorn at gte.net  Fri Nov  1 19:48:38 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 1 Nov 1996 19:48:38 -0800 (PST)
Subject: tcmay in favour of redistribution of wealth?
In-Reply-To: <v01520d01ae9e641109f4@[158.152.61.59]>
Message-ID: <327AAAF6.4E8C@gte.net>


Hard Media wrote:
> Date: Mon, 28 Oct 1996 10:15:35 -0800 tcmay wrote:
> > While I won't get started again here, understand that my views are much
> > more than just "justifiable apathy" about the people of the world.

[snip]

> Where Walter Wriston/Third World debt is concerned the events are not
> natural, we'r not talking about a flood, which is a "natural" event but the
> actions of a man, or if you prefer an organisation. There is nothing "natural"
> about these. A country in debt to the IMF/World Bank or Citibank must accept
> "Stabilisation Policies" :

[snip]

Just a short comment: The smart guys will refinance any third-world debt (or similar
debt) as many times as they have to, as long as they can keep the interest payments
coming in.  This is how you get ahead in "new money".

When Reagan and his financiers descended on China in 1985, they commenced a deal that
would make the rapid development of Nazi Germany (a Reagan favorite as well) look like
kid stuff.

Some (not all) economic theories are quite simple, like the physics of flowing water or
falling objects, thus:

In the U.S., for example, you have the world's most highly disciplined and aggressive
consumers, and in China, for example, you are seeing what is becoming the world's
most prolific producers.  Like air flowing into a vacuum, the goods will flow from
the producer to the consumer, and the guys who make money on the interest (primarily)
will do *anything* to maintain that flow.







From barney at rapidnet.com  Fri Nov  1 20:16:54 1996
From: barney at rapidnet.com (Troy M. Barnhart)
Date: Fri, 1 Nov 1996 20:16:54 -0800 (PST)
Subject: 'what cypherpunks is about'
Message-ID: <2.2.32.19961102041624.006bbad8@rapidnet.com>


At 12:59 PM 11/01/96 +0000, Hard Media wrote:

>Go and read a few books, 
>try  "Bury My Heart at Wounded Knee" - J Dee  
>and then try "Blackfoot Physics" by F David Peat.

my $.02 worth...

Have live in the Western Dakota's all my life...
I, currently, live about an hour away from Wounded Knee...

Don't let the "Hollywood" effect on the American Indian
overwhelm you....

They had some fascinating cultural facts, etc....

Are they Oppressed? Maybe more than 50 years ago...
Now... most have done it to themselves...

think on it...

barney



     "Was mich nicht umbringt, macht mich starker." - (Nietzche)
     "Wit is educated insolence." -  (Aristotle)
      E-mail:  barney at rapidnet.com       "Troy M. Barnhart"
     Web:  http://www.rapidnet.com/~barney/     






From gbroiles at netbox.com  Fri Nov  1 20:33:20 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Fri, 1 Nov 1996 20:33:20 -0800 (PST)
Subject: ITAR financial crypto exception?
Message-ID: <3.0b28.32.19961101202112.006d4308@mail.io.com>


At 04:42 PM 10/30/96 -0800, Martin Minow wrote:

>At the Bernstein case oral arguments last September, I distinctly
>remember the government lawyer stating that the United States does
>not restrict "financial cryptography." Perhaps he should have
>qualified his argument somewhat.
>
>This statement bothered me, as I cannot understand how an encryption
>algorithm can "know" that it is encrypting a financial transaction,
>rather than some non-financial document that would be export-restricted.

According to the "United States Munitions List", 22 CFR 121.1, Category
XIII, "Auxiliary Military Equipment":

"Information Security Systems and equipment, cryptographic devices,
software, and components specifically designed or modified therefor" are
included in the munitions list; but not if they are 

"[s]pecially designed, developed or modified for use in machines for
banking or money transactions, and restricted to use only in such
transactions. Machines for banking or money transactions include automatic
teller machines, self-service statement printers, point of sale terminals
or equipment for the encryption of interbanking transactions." (22 CFR
121.1, Category XIII (b)(1)(ii)),

or if they are 

"[l]imited to access control, such as automatic teller machines,
self-service statement printers or point of sale terminals, which protects
password or personal identification numbers (PIN) or similar data to prevent
unauthorized access to facilities but does not allow for encryption of
files or
text, except as directly related to the password of PIN protection." (22
CFR 121.1, Category XIII (b)(1)(v)).

As I read this, people exporting ATM's and other commercial financial
equipment don't need to fuss over the ITARs; and probably not people
selling Bank-O-Matic software; the question is not whether or not the
software involved could be used for financial applications, or if it can
tell that it is (and turn on or off strong crypto), but whether or not the
system in question was "specially designed, developed, or modified" for
financial applications (or access control), and limited (by some means) to
only those uses; and this is a question that humans can (and must) answer
at the time of export.

(Also, I don't think that *documents* are ever export controlled; just the
applications/systems that read and write them. Nobody tell the State Dept
about John von Neumann and the interchangeability of code and data, ok? :)  

I understood Mr. Coppolino's remarks to be referring to the above; but if
his statement was as broad as you remember, he perhaps went a bit too far.
(Or maybe he was thinking of something else.) I don't remember the context
of his comments. Does anyone know if a transcript of the hearing is
available? It's my understanding that many court reporters are now making
transcriptions available on disk, facilitating easy transition to the Web.  

As always, my comments are provided not as legal advice (or even as an
authoritative understanding/interpretation of the ITARs/AECA) but as a
contribution towards a general discussion. I still don't have an especially
current source for the text of the ITARs at home; the above is from the
EFF's copy of the 1993 changes. Someday I'll remember to pop across the bay
and pick up a copy at the US Gov bookstore, but it hasn't happened yet.
(Looks like the paperback 22 CFR volume is around $30, from info I found on
the Web, if anyone else is interested. It'd make a good thing to set hot
things on when they come off of the stove. :) 


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles at netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |






From rcgraves at ix.netcom.com  Fri Nov  1 23:36:18 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Fri, 1 Nov 1996 23:36:18 -0800 (PST)
Subject: 'what cypherpunks is about' [RANT]
In-Reply-To: <327AC3A7.653D@gte.net>
Message-ID: <199611020734.CAA28486@spirit.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Dale Thorn wrote:
> 
> "Those people" in "those countries" are where they are not because 
> they don't have money and technology per se, it's because of what's in 
> their minds.  I'll support a neighborly approach when that's what 
> we're talking about, but you and me aren't going over "there" with the
> Boy Scouts to lend them a hand, now, are we?

Some of us do.

But anyway... what was cypherpunks about again? I've had more focused 
discussions about crypto on alt.politics.white-power. Seriously.

- -rich
 boy scout/esperanza
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMnr5dioZzwIn1bdtAQHsKwGAhOKOUZJ6OBbwjYMZkTDPmNaLu0d3mY8n
4QkjPCWdP4NV3VTf7G/7fEkPk//ICKl7
=dWh2
-----END PGP SIGNATURE-----





From rcgraves at ix.netcom.com  Fri Nov  1 23:37:07 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Fri, 1 Nov 1996 23:37:07 -0800 (PST)
Subject: Iridium satellite xceivers idea?
Message-ID: <199611020735.CAA28507@spirit.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Several months ago, someone was raving about getting Linux PCs and 
cheap satellite comms into Hong Kong in preparation for the mainland 
takeover so that the ensuing human rights violations could be 
documented. If there's anyone left on cypherpunks who knows or cares 
about that kind of thing, let me know.

- -rich
 group 19
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMnr5qyoZzwIn1bdtAQHtWgF+J46Kz4kUiAdbZ8JWbiRPp5VSAfi4qAqk
ZfMXNPh4ma/eUMBnxrDmfgKJuhdUGXcq
=hUZX
-----END PGP SIGNATURE-----





From stewarts at ix.netcom.com  Sat Nov  2 00:28:24 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Sat, 2 Nov 1996 00:28:24 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
Message-ID: <1.5.4.32.19961102082625.003b226c@popd.ix.netcom.com>


At 10:30 AM 11/1/96 -0800, you wrote:
>Seriously, only a very few of us had and used sliderules...mine was a big
>synthetic K & E (Keuffel and Esser, as I recall). The raging "DOS vs. Mac"
>or "RISC vs. CISC" debate of that age was "aluminum" (the yellow Dietzgens)
>vs. the old standby, "bamboo." Plus some oddball circular sliderules.

I used plastic ones, myself; they were good enough for any work
I was doing, even after the occasional rebuild when the [whatever you
call the clear slider with the line on it] fell off.
Started with the basic model, and later a wider log-log-trig model.
I also had a few circular ones, including a big car-rally model
that let you get an extra digit or so of precision (remember when
precision was measured in digits rather than bits? :-)

There were also a variety of nomographs and other weird slide-rules
and graphical tools that were simple analog computers.  We used some
of them in electrical engineering classes for complex calculations
that didn't need to be highly precise, which most of them didn't
in a world where the extra-fancy resistors had 5% tolerances
and you achieved accuracy by adding various tweakers instead.

ObCrypto: Secret Decoder Rings are more or less circular slide rules,
but there really isn't much crypto you can do in analog.  :-)


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.






From provos at wserver.physnet.uni-hamburg.de  Sat Nov  2 01:32:54 1996
From: provos at wserver.physnet.uni-hamburg.de (Niels Provos)
Date: Sat, 2 Nov 1996 01:32:54 -0800 (PST)
Subject: http relay script
Message-ID: <Pine.A32.3.94.961102102726.27509C-100000@wserver.physnet.uni-hamburg.de>


Hi!

I am sure this was discussed already.
Is there meanwhile a http relay cgi script out there which could be
packaged with the common http daemons (like cern, apache or ncsa) ?
The use of that is obvious: every new web server could be used as
anonymizer and thus proxies would have a hard time to filter all those
sites in censorship countries.

Greetings
 Niels Provos =8)

- PHYSnet Rechnerverbund     PGP V2.6 Public key via finger or key server
  Niels Provos               
  Universitaet Hamburg       WWW: http://www.physnet.uni-hamburg.de/provos/   
  Jungiusstrasse 9           E-Mail: provos at wserver.physnet.uni-hamburg.de
  Germany 20355 Hamburg      Tel.:   +49 40 4123-2504     Fax: -6571 






From erp at digiforest.com  Sat Nov  2 01:59:33 1996
From: erp at digiforest.com (Erp)
Date: Sat, 2 Nov 1996 01:59:33 -0800 (PST)
Subject: Unix User Password File Encryption
Message-ID: <Pine.LNX.3.95.961102024749.14461A-100000@digital.digiforest.com>




Ok, I realize that you cannot reverse the encryption process for a Unix
password..  But --  Explain to me why the following wouldn't work.  And if
it could work, I am willing to do the algorithms and math for this...  I'm
no good at coding and such..  But I can do algorithms and a lot of math
easily enough *shrug*....  And if anybody uses this idea ---  Please give
me credit for the idea..  If it has already been tried --  Can someone
please refer me to where it was tried, adn if there are any texts on it..
I would like to read them..  Thanks ok here it is:

Normal Programs for Cracking a Unix password file, such as CrackerJack
take a word, use the salt in the password file for that password, encrypt
the word using that salt, and then compare what it comes out as.  If it
isn't the same, it moves on to the next word.   My idea is similar to
this, but is a bit different.

Basically it would take a beginning word and encrypt it with the same salt
as used on the password in the passwd file.  So let us say that for an
example our salt is aa, our outcome encrypted password is X8mfjs53D ...
Ok now let us say that we take this salt of aa and run through the
following into it and getting these patterns from it (these aren't the
true patterns etc, I'm just making htese things up, but would it be
possible?)  

salt aa  --  inputed password  0001  --  outcome encryption  Zkdrj234S
salt aa  --  inputed password  0002  --  outcome encryption  Rksjr342s
salt aa  --  inputed password  0003  --  outcome encryption  25Svj43zY

(For the following process we'd obviously use mor ethan three, we would
probalby use a thousand at least, nad have them be all sizes of passwords
and combiantions..  like aaaab or abababababab and so on...)

Compare the outcomed encryptions --  And find a pattern in them..  Now in
the above I'm just going to say like it comes out as 
8x + 4/y - SQ(2z) + 4a = encrypted password..  Where xyza are each of the
characters respectively such as   0000 
                                  xyza  based on a 255 or however many
ascii char system..  I know this is completely wrong for what I've done
here, but I'm not doing the math or anything right now, I'm just making it
up as I go for an example...  Now say that since we have found the
pattern...  We take the outcome --  Do the algebra to figure out what the
xyza would be..  And ther eya go woopity doo there is the password..
Not as simple as I've said here of course..  It would be a lot more
complex..  But that is the basic idea...   What is wrong with this idea?
--  If it is something I have thought of, and havent' mentioned --  I'll
inform you when you point it out..  But please do point it out..  Or I'll
grasp at straws and say a lot of buts *laugh*...

Anyways,  What is wrong with this idea?  How could it work?
Would someone mind explaining for me, is much appreciated...

Erp


---------------------------
E'gads, ideas can be hell at time..











From gnu at toad.com  Sat Nov  2 02:13:32 1996
From: gnu at toad.com (John Gilmore)
Date: Sat, 2 Nov 1996 02:13:32 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
Message-ID: <199611021013.CAA17861@toad.com>


As stated by Dr. Vulis, he is no longer on the cypherpunks mailing
list, and indeed majordomo at toad.com HAS been instructed to ignore his
requests to resubscribe.

I removed him, on my own initiative.  I got tired of asking him to
stop stirring up flames.  When he posted a message saying that we'd
have to use technical means to stop him from flaming the list, I said,
"OK".

Tim May was not involved.

I've met Dr. Vulis in person.  He seemed like a reasonable guy.  I
treated him that way for months, despite his inability to control
himself on the list.  When he ultimately declined to control his
outbursts after numerous personal requests, I removed him.

The cypherpunks list is for discussions centered around cryptography.
I'm sure there are several mailing lists where ethnic cleansing
discussions would be welcome.  There are probably even mailing lists
which encourage people to fire off their best inflammatory messages.
If there aren't, Dr Vulis could start one.  I don't sponsor any.

Cypherpunks, please resist your own temptation to bait him (or anyone
else).  The best defense a mailing list has against flames is to
simply ignore them.  When they don't provoke an emotional response,
they don't accomplish the poster's goal, and the poster eventually
wanders off in search of more naive pastures.

	John Gilmore






From nobody at cypherpunks.ca  Sat Nov  2 06:59:56 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 2 Nov 1996 06:59:56 -0800 (PST)
Subject: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri Vulius
Message-ID: <199611021445.GAA00213@abraham.cs.berkeley.edu>


Thank you, John, for being so brave and protecting our freedom of
on-topic speech. You are a true cypherpunk.

Thank you, Timothy C May, for advancing cryptography by posting 100%
crypto-relevant messages about loans to other countries and your
collection of assault weapons.

John and Timothy just made the cypherpunks list better.





From nobody at squirrel.owl.de  Sat Nov  2 08:29:51 1996
From: nobody at squirrel.owl.de (Secret Squirrel)
Date: Sat, 2 Nov 1996 08:29:51 -0800 (PST)
Subject: Moneychangers and Shylocks
Message-ID: <19961102153422.6553.qmail@squirrel.owl.de>


jer+ at andrew.cmu.edu wrote:

> "Timothy C. May" <tcmay at got.net> writes:

> > and opportunity for me and my family, Arguing
> > that native peoples were better off before the arrival of Europeans is
> > fatuous nonsense--you can't go home again.
> 
> Not true. "Society" has passed through Africa many times, the people
> revert to their previous ways.

I disagree. Only some ways, you don't see them tossing their AK 47s for spears.

> > Further, many of the leftist critiques of "moneylending as exploitation"
> > are similar to past (and current) demonizations of moneychangers,
> > moneylenders, shylocks, and other assorted stereotypes.
> >
> > I don't favor nationalistic lending and borrowing policies, which, for
> > example, involve some central government borrowing money, sending the
> > borrowed funds to personal Swiss bank accounts, and then sticking the
> > nominal taxpayers with the debt. Nothing I have said here endorses
>  this.
> 
> But that's the only way it hapens in the third world. The only time
> foreign aid is not gutted by corrupt beaurocrats is when the
> Westerners go there and manage the projects themselves. This is quite
> different from a loan.

Wrong, and wrong. Lending to individuals is happening, in $100 or so ammounts, without westerners (or their governments' crooked bureaucrats) present, right now.

> > But much lending is useful. It's the way factories get built, the way
> > things get done.
> 
> Heh, have you ever *seen* a third world factory 10 years after it was
> built. Nice bit of scap, that.

Ask of government was involved.

> > Much of the criticism of "moneylenders" is closely related, if you
>  think
> > about it, to criticism of "money launderers." Cypherpunks should relish
>  the
> > rise of new mechanisms for money laundering, moneylending, tax evasion,
>  etc.
> >
> > I took the "Wired" quote about Walter Wriston "sounding like a
>  cypherpunk"
> > to represent this new view, in explicit contrast to his earlier views
>  when
> > he headed Citibank and they had a more statist approach.
> >
> > Your mileage may vary, but tired homilies about lending being exploitati
> on
> > are not very useful in this day and age.
> 
> I dunno, pearls befre swine still applies. It's not that I think
> lending is bad, but large economic development loans to thrild world
> countries continue to support corruption and oppression, and not much
> else.

Because of governments more than banks. You are beginning to see the light.








From markm at voicenet.com  Sat Nov  2 09:00:43 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 2 Nov 1996 09:00:43 -0800 (PST)
Subject: Unix User Password File Encryption
In-Reply-To: <Pine.LNX.3.95.961102024749.14461A-100000@digital.digiforest.com>
Message-ID: <Pine.LNX.3.95.961102125436.194A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 2 Nov 1996, Erp wrote:

> Basically it would take a beginning word and encrypt it with the same salt
> as used on the password in the passwd file.  So let us say that for an
> example our salt is aa, our outcome encrypted password is X8mfjs53D ...
> Ok now let us say that we take this salt of aa and run through the
> following into it and getting these patterns from it (these aren't the
> true patterns etc, I'm just making htese things up, but would it be
> possible?)  
> 
> salt aa  --  inputed password  0001  --  outcome encryption  Zkdrj234S
> salt aa  --  inputed password  0002  --  outcome encryption  Rksjr342s
> salt aa  --  inputed password  0003  --  outcome encryption  25Svj43zY
[rest deleted]

There aren't any known patterns that can be exploited.  The output of DES
encryption 25 times generates pseudo-random output.  If a pattern did exist,
cryptanalysis of DES would be very easy.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMnuMoSzIPc7jvyFpAQFePAgAjOfKSSjpXE20g4+3t6PSz1bD+7tSd5Yi
mTjt5zlS/D9NGEXoVkuYI/j7KS+Iic7eNhEUTr8KuUpIS+MUIB0BKHLM0LyaFHmG
dgd2LoqVHoC8vEIwFDxXR/vE+Jt51bFXs2/eKksyqJKLrI6g1i+foANLOBhhxobI
I07Z+mQ7XEsKe6C7eEuElvd4qY6Zis0WJD7lj/c9tOPg3wjGCIohgeclwgByqBvd
6kuxu9b2unFpbcsaICqtxJiHqgJAWjuE0FEz3wkKakIKAwmDmJ1mpru4dP73OwCc
qt5TCytlKq7VN75QawK/YlNX3h24QnyXB/Zo6MOSQCcYGn7UmB/3nA==
=fv2A
-----END PGP SIGNATURE-----






From nobody at cypherpunks.ca  Sat Nov  2 10:00:25 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 2 Nov 1996 10:00:25 -0800 (PST)
Subject: anonymous oddsman
Message-ID: <199611021758.JAA04138@abraham.cs.berkeley.edu>


Ladbroke's (celebrating Halloween, probably) again offers
50:1 odds on Perot! Clinton and Browne are still not being
offered. Recalling last Saturday's Dole odds; they were
7:1 at Ladbroke's, and 8:1 at William Hill. The betters at
Ladbroke's (who get a somewhat worse deal, it seems) are
bullish on Dole, while those at William Hill are now a bit
more bearish on the old man, so the numbers diverge in the
final stretch of the horserace.

              Prices @ 09:21 GMT Sat 2nd Nov 96
        +---------+----------------+----------------+
        |         |  Ladbroke's    | William Hill   |
        +---------+----------------+----------------+
        | Clinton | Not currently offered by either |
        | Dole    |     6:1        |     10:1       |
        | Perot   | 50:1 (again)   |    500:1 (!)   |
        | Browne  | Not currently offered by either |
        +---------+----------------+----------------+
        | Phone   | +44-800-524524 | +44-800-444040 |
        | Numbers:|                |                |
        +---------+----------------+----------------+

As for the animal suspected of *really* running the U.S.A,
"Socks" appears to be successfully defending his territory
against "Leader." Full of confidence, she is now running
virtual tours of the White House, kids!

http://www.whitehouse.gov/WH/kids/html/home.html

Meanwhile "Leader" whimpers at

http://www.firstdog.com/

(Wow, his own domain!) Perot (obviously) needs no pet, and
the oddsman is unaware of any public photos of Libertarian
candidate Browne's cats, much less their names. A serious
campaign.

Our roving reporter in the UK also thinks that there *must*
be significance in the fact that our Presidential election
is being held on the anniversary of the day that Guy Fawkes
attempted to blow up his Houses of Parliament, together
with all the politicians within. He, as usual, will celebrate
the event with bonfires and fireworks.

Mailmasher.com appears to be down, apologies to any of you
who wished to correspond personally with the oddsman there.
Hopefully, oddsman at mailmasher.com will come back soon.
anonymous oddsman

"Demeaning the integrity of the U.S. Presidential election process
for you on a regular basis, at no charge."








From frantz at netcom.com  Sat Nov  2 10:06:15 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 2 Nov 1996 10:06:15 -0800 (PST)
Subject: ITAR financial crypto exception?
Message-ID: <199611021806.KAA05269@netcom6.netcom.com>


At  8:25 PM 11/1/96 -0800, Greg Broiles quoted:
>According to the "United States Munitions List", 22 CFR 121.1, Category
>XIII, "Auxiliary Military Equipment":
>
>"Information Security Systems and equipment, cryptographic devices,
>software, and components specifically designed or modified therefor" are
>included in the munitions list; but not if they are 
>
>"[s]pecially designed, developed or modified for use in machines for
>banking or money transactions, and restricted to use only in such
>transactions. Machines for banking or money transactions include automatic
>teller machines, self-service statement printers, point of sale terminals
>or equipment for the encryption of interbanking transactions." (22 CFR
>121.1, Category XIII (b)(1)(ii)),
>
>or if they are 
>
>"[l]imited to access control, such as automatic teller machines,
>self-service statement printers or point of sale terminals, which protects
>password or personal identification numbers (PIN) or similar data to prevent
>unauthorized access to facilities but does not allow for encryption of
>files or
>text, except as directly related to the password of PIN protection." (22
>CFR 121.1, Category XIII (b)(1)(v)).

I don't think either of these exclusions would cover the reference
implementation of the SET protocol.  I don't think it would cover an
electronic commerce application running on a personal computer/workstation
either.  Therefore I conclude that the ITAR is contributing to the
vulnerability of our emerging electronic commerce infrastructure.


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz at netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA







From richieb at teleport.com  Sat Nov  2 10:34:08 1996
From: richieb at teleport.com (Rich Burroughs)
Date: Sat, 2 Nov 1996 10:34:08 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
Message-ID: <3.0.32.19961102103422.00742504@mail.teleport.com>


At 02:13 AM 11/2/96 -0800, John Gilmore <gnu at toad.com> wrote:
>As stated by Dr. Vulis, he is no longer on the cypherpunks mailing
>list, and indeed majordomo at toad.com HAS been instructed to ignore his
>requests to resubscribe.
>
>I removed him, on my own initiative.  I got tired of asking him to
>stop stirring up flames.  When he posted a message saying that we'd
>have to use technical means to stop him from flaming the list, I said,
>"OK".
[snip]

This all seems really silly to me.

Are people on this list not sophisticated enough to be capable of filtering
his posts if they don't like to read them?

What's to stop him from using reailers or nymservers?  Are you going to
block them, too?

By doing something like this you give him far more attention and
encouragement than he deserves.  It's a big mistake, IMHO.



Rich


 





From tcmay at got.net  Sat Nov  2 11:11:31 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 2 Nov 1996 11:11:31 -0800 (PST)
Subject: What happened to the NSA's _second_ mission?
In-Reply-To: <199611021806.KAA05269@netcom6.netcom.com>
Message-ID: <v03007800aea14b36ba72@[207.167.93.63]>


(president at whitehouse.gov removed from the cc: list for obvious reasons)

At 10:09 AM -0800 11/2/96, Bill Frantz wrote:

>I don't think either of these exclusions would cover the reference
>implementation of the SET protocol.  I don't think it would cover an
>electronic commerce application running on a personal computer/workstation
>either.  Therefore I conclude that the ITAR is contributing to the
>vulnerability of our emerging electronic commerce infrastructure.

Given the reported statistics on the _meager_ number of serious crimes
which have been stopped by the use of surveillance and wiretaps (reported
in various forms several times in recent months), and given that electronic
commerce may be vulnerable to _serious_ disruptions, one has to (again)
wonder if the charter of the National _Security_ Agency needs a careful
reevaluation.

Some years back, the NSA was more explicitly divided into two functions,
one function doing SIGINT/COMINT, and the other doing COMSEC and INFOSEC,
i.e., working on mechanisms to better secure the nation's communicaitons.
At about this time, circa 1988, the NSA's COMSEC folks were _explicitly_
warning that DES was long overdue for replacement and that new measures
were urgently needed to secure the nation's communications and financial
infrastructure. (The details have faded in my memory, but I believe this
was the time the "Commercial COMSEC Endorsement" program was being
discussed, with various hardware and software being proposed....don't know
how it eventually turned out, faded out, etc.)

So where are we today? Almost 10 years later, with huge advances in chip
power and density (500 MHz processors, 250,000-gate-equivalent PLDs, etc.),
and yet what do we have? Only plain old DES-level cryptography is being
encouraged, with various roadblocks placed in front of efforts to deploy
stronger crypto.

Jeesh. To supposedly wiretap a few terrorists we risk the whole enchilada.

Of course, I suspect the real issue is that the NSA understands the
implications of strong crypto, anonymous remailers, untraceable digital
cash, etc., and is thus taking what steps it thinks it can to limit the
spread of these technologies. The wiretap stuff is just a figleaf.

--Tim May




"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jer+ at andrew.cmu.edu  Sat Nov  2 11:27:43 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Sat, 2 Nov 1996 11:27:43 -0800 (PST)
Subject: Moneychangers and Shylocks
In-Reply-To: <19961102153422.6553.qmail@squirrel.owl.de>
Message-ID: <0mSu1s200YUh0Ms280@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Secret Squirrel <nobody at squirrel.owl.de> writes:
> jer+ at andrew.cmu.edu wrote:
> 
> > "Timothy C. May" <tcmay at got.net> writes:
> 
> > > and opportunity for me and my family, Arguing
> > > that native peoples were better off before the arrival of Europeans is
> > > fatuous nonsense--you can't go home again.
> > 
> > Not true. "Society" has passed through Africa many times, the people
> > revert to their previous ways.
> 
> I disagree. Only some ways, you don't see them tossing their AK 47s for spears.

Once they run out of ammunition... Really, most weapons in the more
primitave parts of africa haf about 3 rounds of ammunition for them.
The bands of AK-welding poachers and the like are paramilitary groups
supported by professional poaching operations or they're fighting some
"benefactor" nation's dirty little wars for them. The media
representation is quite skewed, as is usually the case.

> > > Further, many of the leftist critiques of "moneylending as exploitation"
> > > are similar to past (and current) demonizations of moneychangers,
> > > moneylenders, shylocks, and other assorted stereotypes.
> > >
> > > I don't favor nationalistic lending and borrowing policies, which, for
> > > example, involve some central government borrowing money, sending the
> > > borrowed funds to personal Swiss bank accounts, and then sticking the
> > > nominal taxpayers with the debt. Nothing I have said here endorses
> >  this.
> > 
> > But that's the only way it hapens in the third world. The only time
> > foreign aid is not gutted by corrupt beaurocrats is when the
> > Westerners go there and manage the projects themselves. This is quite
> > different from a loan.
> 
> Wrong, and wrong. Lending to individuals is happening, in $100 or so ammounts,\
>  without westerners (or their governments' crooked bureaucrats) present, right\
>  now.

I'd like to hear more about this. Can you send me/.the list some info?

> > > But much lending is useful. It's the way factories get built, the way
> > > things get done.
> > 
> > Heh, have you ever *seen* a third world factory 10 years after it was
> > built. Nice bit of scap, that.
> 
> Ask of government was involved.

Given the nature of many of these governments, privately-owned
factories are a no-no.
 
> > > Much of the criticism of "moneylenders" is closely related, if you
> >  think
> > > about it, to criticism of "money launderers." Cypherpunks should relish
> >  the
> > > rise of new mechanisms for money laundering, moneylending, tax evasion,
> >  etc.
> > >
> > > I took the "Wired" quote about Walter Wriston "sounding like a
> >  cypherpunk"
> > > to represent this new view, in explicit contrast to his earlier views
> >  when
> > > he headed Citibank and they had a more statist approach.
> > >
> > > Your mileage may vary, but tired homilies about lending being exploitati
> > on
> > > are not very useful in this day and age.
> > 
> > I dunno, pearls befre swine still applies. It's not that I think
> > lending is bad, but large economic development loans to thrild world
> > countries continue to support corruption and oppression, and not much
> > else.
> 
> Because of governments more than banks. You are beginning to see the light.

There is no or little infrastructure to support large-scale private
lending in most African nations. THe government wants its 20% cut, or
the currency must be exchanged at artificial rates, or you must meet
rediculous regulatory requirements. And most of these governments are
not above making large amounts of people dissapear if they don't
follow the rules.

But to a large extent we agree. Private lending can be a very Good
Thing. However, given the current regulatory practices in many African
(and I assume most third world) nations, large-scale private lending
is not a viable solution. I mean, it really is a morass. Everyone has
to work within the system (this includes those wealthy enough to
ignore the laws and bribe their way through), and the system tends to
be large, cumbersome, and astoundingly slow.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMnugcskz/YzIV3P5AQHKkwMAhzpE7lNB4LGVxPKE6Wfz4XX8N5wte+pU
4uaEuwiCy6luhZ4ZT2xHX2ZNFK4zUZAIwHVzPpSscAxfWUiFX9zPuZ5HR2HdueUF
2WzR8eujH+vGoCiHeTuKq+LA1HHRZ85P
=AiRB
-----END PGP SIGNATURE-----





From iang at cs.berkeley.edu  Sat Nov  2 12:02:57 1996
From: iang at cs.berkeley.edu (Ian Goldberg)
Date: Sat, 2 Nov 1996 12:02:57 -0800 (PST)
Subject: www.anonymizer.com down?
In-Reply-To: <1.5.4.32.19961101145104.006a0c20@pop.pipeline.com>
Message-ID: <55g9cq$71k@abraham.cs.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

In article <1.5.4.32.19961101145104.006a0c20 at pop.pipeline.com>,
John Young  <jya at pipeline.com> wrote:
>The site is open to anyone, the more anonymous the better. 
>Use anonymizer.com.

I would, but it seems to be unavailable.  There is currently no response
on www.anonymizer.com:8080.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMnuo1UZRiTErSPb1AQHMKQP/UhbmtAKyuRDs4ZVVPwOmTLJ1sfCmn0t8
2UI0G26j9PcU4BpU6ZihRefREj7yW6ZvK5ME9GJMhD3sDvKGS7FJVFUVvMonyDEe
+NqU548ta4RCoVd22BuuURr7MF7V7U6CKoisAoLYi7cXYq3E92296RWBS3qs4d00
zcKzUAwIqUI=
=ozvP
-----END PGP SIGNATURE-----





From erp at digiforest.com  Sat Nov  2 12:35:53 1996
From: erp at digiforest.com (Erp)
Date: Sat, 2 Nov 1996 12:35:53 -0800 (PST)
Subject: Unix User Password File Encryption
In-Reply-To: <Pine.LNX.3.95.961102125436.194A-100000@gak.voicenet.com>
Message-ID: <Pine.LNX.3.95.961102132046.15853A-100000@digital.digiforest.com>



**what I said deleted**
> 
> There aren't any known patterns that can be exploited.  The output of DES
> encryption 25 times generates pseudo-random output.  If a pattern did exist,
> cryptanalysis of DES would be very easy.
> 
> Mark

But But But *laugh* ---  Ok, here is my only straw in this lousy bushel of
confusion >) ---  What about a Fuzzy Pattern?  ----  Ya I know, that is a
pretty big staw...  The thought of it is fuzzy, let alone a fuzzy pattern.

I've done a lot of reading on Fuzzy Sets and Fuzzy Logic in general..  I
see how it could work 'maybe' But, yes it is a very indefinite field..  To
many people don't believe in its possible existance...
Ok --  Any replys would be nice thanks bye.






From darius at hotliquid.com  Sat Nov  2 12:38:37 1996
From: darius at hotliquid.com (darius at hotliquid.com)
Date: Sat, 2 Nov 1996 12:38:37 -0800 (PST)
Subject: [NOISE] Re: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri Vulius
Message-ID: <SIMEON.9611021505.A@arabica.hotliquid.com>



On Sat, 2 Nov 1996 06:45:54 -0800 John Anonymous MacDonald 
<nobody at cypherpunks.ca> wrote:

 > Thank you, John, for being 
so brave and protecting our freedom of
> on-topic speech. You are a true cypherpunk.
> 
> Thank you, Timothy C May, for advancing cryptography by posting 100%
> crypto-relevant messages about loans to other countries and your
> collection of assault weapons.
> 
> John and Timothy just made the cypherpunks list better.

----------------------
Well, here's the wonderful thing about cypherpunks.  It's 
a privately run list.  There isn't freedom to flame 
wantonly, there isn't a 'right to insult'  Vulius has 
plagued this list for quite some time.  I'm glad he's 
been removed.

We return you to your regularly scheduled on-topic posts.

darius at hotliquid.com







From ichudov at algebra.com  Sat Nov  2 12:42:13 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 2 Nov 1996 12:42:13 -0800 (PST)
Subject: anonymous oddsman
In-Reply-To: <199611021758.JAA04138@abraham.cs.berkeley.edu>
Message-ID: <199611022039.OAA04636@manifold.algebra.com>


John Anonymous MacDonald wrote:
> 
> Ladbroke's (celebrating Halloween, probably) again offers
> 50:1 odds on Perot! Clinton and Browne are still not being
> offered. Recalling last Saturday's Dole odds; they were
> 7:1 at Ladbroke's, and 8:1 at William Hill. The betters at
> Ladbroke's (who get a somewhat worse deal, it seems) are
> bullish on Dole, while those at William Hill are now a bit
> more bearish on the old man, so the numbers diverge in the
> final stretch of the horserace.
> 
>               Prices @ 09:21 GMT Sat 2nd Nov 96
>         +---------+----------------+----------------+
>         |         |  Ladbroke's    | William Hill   |
>         +---------+----------------+----------------+
>         | Clinton | Not currently offered by either |
>         | Dole    |     6:1        |     10:1       |

Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell
an obligation to pay $6 if Dole wins (they are apparently valuing it for
this much), collecting $1. At the same time, to hedge my exposure, I go
to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
Dole wins, paying the $1 bill that I just got at Ladbroke's.

If bob dole loses, I lose nothing. If he wins, I make $4 out of air.

I wonder why the beting markets are so imperfect.


have fun

igor



>         | Perot   | 50:1 (again)   |    500:1 (!)   |
>         | Browne  | Not currently offered by either |
>         +---------+----------------+----------------+
>         | Phone   | +44-800-524524 | +44-800-444040 |
>         | Numbers:|                |                |
>         +---------+----------------+----------------+
> 
> As for the animal suspected of *really* running the U.S.A,
> "Socks" appears to be successfully defending his territory
> against "Leader." Full of confidence, she is now running
> virtual tours of the White House, kids!
> 
> http://www.whitehouse.gov/WH/kids/html/home.html
> 
> Meanwhile "Leader" whimpers at
> 
> http://www.firstdog.com/
> 
> (Wow, his own domain!) Perot (obviously) needs no pet, and
> the oddsman is unaware of any public photos of Libertarian
> candidate Browne's cats, much less their names. A serious
> campaign.
> 
> Our roving reporter in the UK also thinks that there *must*
> be significance in the fact that our Presidential election
> is being held on the anniversary of the day that Guy Fawkes
> attempted to blow up his Houses of Parliament, together
> with all the politicians within. He, as usual, will celebrate
> the event with bonfires and fireworks.
> 
> Mailmasher.com appears to be down, apologies to any of you
> who wished to correspond personally with the oddsman there.
> Hopefully, oddsman at mailmasher.com will come back soon.
> anonymous oddsman
> 
> "Demeaning the integrity of the U.S. Presidential election process
> for you on a regular basis, at no charge."
> 
> 
> 



	- Igor.





From stewarts at ix.netcom.com  Sat Nov  2 13:31:27 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Sat, 2 Nov 1996 13:31:27 -0800 (PST)
Subject: No - Re: www.anonymizer.com down?
Message-ID: <1.5.4.32.19961102212934.003aee7c@popd.ix.netcom.com>


At 12:02 PM 11/2/96 -0800, iang at cs.berkeley.edu (Ian Goldberg) wrote:
>I would, but it seems to be unavailable.  There is currently no response
>on www.anonymizer.com:8080.

I just tried it, and it's very slow, and asks for cookies, but it works.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.






From ichudov at algebra.com  Sat Nov  2 14:58:53 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 2 Nov 1996 14:58:53 -0800 (PST)
Subject: anonymous oddsman
In-Reply-To: <199611022039.OAA04636@manifold.algebra.com>
Message-ID: <199611022255.QAA05535@manifold.algebra.com>


Igor Chudov @ home wrote:
> 
> John Anonymous MacDonald wrote:
> > 
> > Ladbroke's (celebrating Halloween, probably) again offers
> > 50:1 odds on Perot! Clinton and Browne are still not being
> > offered. Recalling last Saturday's Dole odds; they were
> > 7:1 at Ladbroke's, and 8:1 at William Hill. The betters at
> > Ladbroke's (who get a somewhat worse deal, it seems) are
> > bullish on Dole, while those at William Hill are now a bit
> > more bearish on the old man, so the numbers diverge in the
> > final stretch of the horserace.
> > 
> >               Prices @ 09:21 GMT Sat 2nd Nov 96
> >         +---------+----------------+----------------+
> >         |         |  Ladbroke's    | William Hill   |
> >         +---------+----------------+----------------+
> >         | Clinton | Not currently offered by either |
> >         | Dole    |     6:1        |     10:1       |
> 
> Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell
> an obligation to pay $6 if Dole wins (they are apparently valuing it for
> this much), collecting $1. At the same time, to hedge my exposure, I go
> to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
> Dole wins, paying the $1 bill that I just got at Ladbroke's.
> 
> If bob dole loses, I lose nothing. If he wins, I make $4 out of air.
> 
> I wonder why the beting markets are so imperfect.
> 
> 
> have fun
> 
> igor

Homework: guess how should I trade so that I lock in _definite_ profit
before elections such that I am fully hedged against any outcome of the
election.

igor





From 3bmice at nym.alias.net  Sat Nov  2 15:05:31 1996
From: 3bmice at nym.alias.net (Three Blind Mice)
Date: Sat, 2 Nov 1996 15:05:31 -0800 (PST)
Subject: Unix User Password File Encryption
Message-ID: <199611022305.SAA22650@anon.lcs.mit.edu>


On Sat, 2 Nov 1996, Erp wrote:

> Compare the outcomed encryptions --  And find a pattern in them..  Now in

There is the flaw in this logic.  If you do find a pattern, then this
means that the algorithm is *BROKEN*.

--3bmice






From cvhd at indyweb.net  Sat Nov  2 15:49:40 1996
From: cvhd at indyweb.net (Computer Virus Help Desk)
Date: Sat, 2 Nov 1996 15:49:40 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
Message-ID: <3.0b36.32.19961102184917.0069e3a0@indyweb.net>


At 10:34 AM 11/2/96 -0800, you wrote:

>At 02:13 AM 11/2/96 -0800, John Gilmore <gnu at toad.com> wrote:

>>As stated by Dr. Vulis, he is no longer on the cypherpunks mailing
>>list, and indeed majordomo at toad.com HAS been instructed to ignore his
>>requests to resubscribe.

>>I removed him, on my own initiative.  I got tired of asking him to
>>stop stirring up flames.  When he posted a message saying that we'd
>>have to use technical means to stop him from flaming the list, I said,
>>"OK".
>[snip]

>This all seems really silly to me.

>Are people on this list not sophisticated enough to be capable of filtering
>his posts if they don't like to read them?
>
>What's to stop him from using reailers or nymservers?  Are you going to
>block them, too?
>
>By doing something like this you give him far more attention and
>encouragement than he deserves.  It's a big mistake, IMHO.
>Rich

Well put!  I tired a long time ago of Dr. Vulis and several others on this
list.  Rather than bitch about it or resort to the same big brother
gestapo-censor bullshit we profess to abhor I simply utilized the extensive
filtering capability of Eudora.

I don't need "big brother" or big "cypherpunk" censoring my mail for me.
We have become what we fear the most.  How prophetic and pathetic.

I agree.... a very BIG mistake, indeed....






From sandfort at crl.com  Sat Nov  2 15:54:19 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 2 Nov 1996 15:54:19 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <3.0.32.19961102103422.00742504@mail.teleport.com>
Message-ID: <Pine.SUN.3.91.961102153652.8716A-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Rich,

On Sat, 2 Nov 1996, Rich Burroughs wrote:

> Are people on this list not sophisticated enough to be capable
> of filtering his posts if they don't like to read them?

The short answer is, No.  More specifically, we constantly have
a stream of new readers sampling Cypherpunks.  Some are 
technically sophisticated; some are not.  In either case, new
readers do not have the historical perspective not to fall for
Dimitri's big lies.  Nor do they have any way of know what an
abberation his sort of behavior is on this list.  "So this is
what Cypherpunks are like," would be a sad, but understandable
misinterpretation of what we're all about.  What John did was 
appropriate.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From ericm at lne.com  Sat Nov  2 16:51:32 1996
From: ericm at lne.com (Eric Murray)
Date: Sat, 2 Nov 1996 16:51:32 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <Pine.SUN.3.91.961102153652.8716A-100000@crl.crl.com>
Message-ID: <199611030050.QAA00717@slack.lne.com>


Sandy Sandfort writes:
> 
> 
> Rich,
> 
> On Sat, 2 Nov 1996, Rich Burroughs wrote:
> 
> > Are people on this list not sophisticated enough to be capable
> > of filtering his posts if they don't like to read them?
> 
> The short answer is, No.  More specifically, we constantly have
> a stream of new readers sampling Cypherpunks.  Some are 
> technically sophisticated; some are not.  In either case, new
> readers do not have the historical perspective not to fall for
> Dimitri's big lies.  Nor do they have any way of know what an
> abberation his sort of behavior is on this list.  "So this is
> what Cypherpunks are like," would be a sad, but understandable
> misinterpretation of what we're all about.  What John did was 
> appropriate.


When I joined the list three or so years ago, L. Detwiller was
the contemporary equivalent of Vulis.  The intro message mailed to
new subscribers explained the situation with Detwiller and asked
new subscribers to not respond to his bait.  It seemed to
work pretty well- Detwiller's posts were pretty much ignored.
Eventually he started taking his meds again, or got tired of
being ignored, and started posting relatively understandable stuff.
Not everyone agrees with him, which is fine, but he stopped
talking about 'tentacles' and accusing random list members of
bizarre conspiracies.

The problem with 'blocking' someone from a list is that it
isn't effective.  Even without remailers, it's trivial to forge
mail well enough to get past any 'blocking' measure that
could be put in place.  It's also easy to subscribe under a new name.

The other, more serious problem is that it to some extent 'proves'
that cryptoanarchy "doesn't work".  "Look", some will say, "the Cypherpunks
anarchy doesn't even work on their own list and they had to _censor_
someone".  Yea, I know that the list isn't really anarchy (although
it's pretty close these days) and Vulis hasn't really been censored-
he's free to spew his trash, just not here.  But it'll look that way
to a lot of people.

I think in the end that filtering at the user end is the only (current)
effective way to deal with people like Vulis.  He went in to my kill file
almost immediately, as did a number of people who seemed to do little
recently except post rebuttal/arguments to him.  After all, it's my time
that I'm spending reading this list and I'm not going to waste
it on crap like flame wars with Vulis.

-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From richieb at teleport.com  Sat Nov  2 17:00:36 1996
From: richieb at teleport.com (Rich Burroughs)
Date: Sat, 2 Nov 1996 17:00:36 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
Message-ID: <3.0.32.19961102170056.00688698@mail.teleport.com>


At 03:52 PM 11/2/96 -0800, Sandy Sandfort <sandfort at crl.com> wrote:
>On Sat, 2 Nov 1996, Rich Burroughs wrote:
>
>> Are people on this list not sophisticated enough to be capable
>> of filtering his posts if they don't like to read them?
>
>The short answer is, No.  More specifically, we constantly have
>a stream of new readers sampling Cypherpunks.  Some are 
>technically sophisticated; some are not.

I am guessing that people who come to read cpunks are probably more likely
to have a grasp of filtering technologies than the average Net newbie.  I
may be mistaken.

>In either case, new
>readers do not have the historical perspective not to fall for
>Dimitri's big lies.  

Is telling the truth a requirement for participating on the list?  ;)

How about posting a mini-FAQ about Dimitri or something?  Responding to
speech you dislike with more speech?

>Nor do they have any way of know what an
>abberation his sort of behavior is on this list.

I think you underestimate people's ability to evaluate the situation.  You
mean well, but this type of paternal, well-meaning censorship is censorship
nonetheless.

(I know this isn't censorship in the strictest definition of the term, as
in government restriction of speech, but I'd like to see us err on the side
of keeping the forum as open as possible. YMMV.)

>"So this is
>what Cypherpunks are like," would be a sad, but understandable
>misinterpretation of what we're all about. 

Judging any Usenet newsgroup or mailing list based on it's kookiest member
could produce the same result.  I'm relying on people to be able to pick a
kook out of a crowd.

Would you prefer that the representation that people get of Cypherpunks be
of a group that kicks people off the list who disturb them?  Are
Cypherpunks that thin-skinned?  

I have never been forced to read one of the KOTM's messages -- it has
always been my choice to.

After the last Bernstein hearing, Tim and I ended up at the same table for
lunch, along with two other people.  The four of us began discussing
Scientology, and partway through the conversation I realized that the Tim I
was talking with was Tim May, and that we had already covered some of the
same ground on this list.

Tim was very persuasive in his view that the Scientologists should be given
the widest latitude to spread their views, and that their right to speak be
guaranteed.  While I consider myself a free speech advocate, I am not an
absolutist, and I loathe the CoS leadership.  I was much more equivocal
about their rights.

As the conversation went on, I found my self more and more drawn in by
Tim's arguments, as they were very much in line with my feelings on other
speech-related issues. I found his points very persuasive, and they have
had a lasting impact on my view of the situation, and my posts to
alt.religion.scientology.

I find it ironic to see someone kicked off a list for bad-mouthing Tim, who
I found to be a very eloquent defender of free speech.

> What John did was 
>appropriate.

I still think it's a big mistake.

How can you really keep him off the list?  Limit posting to subscribers?
Ban remailers and nym accounts?

Don't you think he'll try to make himself a martyr; a victim?  Will that
make Cypherpunks look better?



Rich





From lazylion at idiom.com  Sat Nov  2 17:19:35 1996
From: lazylion at idiom.com (Ben Weiss)
Date: Sat, 2 Nov 1996 17:19:35 -0800 (PST)
Subject: Dr. Vulis; John was right!
In-Reply-To: <3.0.32.19961102103422.00742504@mail.teleport.com>
Message-ID: <v03007800aea195dd7224@[206.14.165.67]>


'nuf said.


Ben Weiss                          Digital Arts & Sciences Corporation
mailto://Ben at iis.DAScorp.com       (formerly Digital Collections, Inc.)
mailto://lazylion at idiom.com        http://www.DAScorp.com/
WB5QAL/6 (Ham Radio)               (510) 814-7200 x.240 voice

    Apple Partner, Apple Media Partner & Acius 4th Dimension Partner

  What part of 'Congress shall make no law abridging the freedom of speech'
    did you not understand?

Disclaimer:My company doesn't tell me what to say and I don't always say
           stuff with which they agree, but we still get along just fine







From markm at voicenet.com  Sat Nov  2 17:59:24 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 2 Nov 1996 17:59:24 -0800 (PST)
Subject: Very Preliminary release of IPSEC code for Linux (fwd)
Message-ID: <Pine.LNX.3.95.961102220001.217A-100000@gak.voicenet.com>


---------- Forwarded message ----------
Date: Fri, 01 Nov 1996 01:32:11 +0200
From: John Ioannidis <ji at hol.gr>
To: ipsec at TIS.COM
Subject: Very Preliminary release of IPSEC code for Linux

-----BEGIN PGP SIGNED MESSAGE-----

Content-Type: text/plain; charset=us-ascii

Greetings!

The Linux IPSP implementation I have been working on lately is finally at a 
stage where it can benefit from feedback, and also where other may also 
benefit from it. This is NOT an untar-and-play release; far from it. It is 
being made available so that it can reach the UnP stage faster than if only I 
work on it.

The code compiles into a loadable module for the 2.0.xx (I'm running 2.0.24) 
kernel. Use at your own risk. I won't be held responsible even if it mails the 
contents of your filesystems to the NSA and the KGB (or whatever), and then 
proceeds to encrypt them :-)

The gzip-ed tar file is in:

	http://prometheus.hol.gr/~ji/ipsec-0.2.tar.gz

If you want to mirror it to your ftp site, please drop me a note. 

Enjoy!

/ji


-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQCVAgUBMnk2+c+A0YctPurVAQFSSAQAkt6e6a8TiYNcZ0rcLnxzIjm3uUTyYP3W
sUaM9hkMYsDbePdc/O9GoA5Q/HnAg4/BNl+Tla1Os72NCq+uDZX2gDnlUFktnd9b
q3S961FIL+ilmV0TepmQGGImjXPpThWMg4FKK7bhaiymcepJ7xs43sJoFEfkQ+uZ
iUxTEo2j1Ro=
=ztQp
-----END PGP SIGNATURE-----













From frankw at in.net  Sat Nov  2 18:10:46 1996
From: frankw at in.net (Frank Willoughby)
Date: Sat, 2 Nov 1996 18:10:46 -0800 (PST)
Subject: Computer Security Risk Assessment Software?
Message-ID: <9611030210.AA29337@su1.in.net>


At 05:44 PM 11/1/96 -0800, Dale Thorn <dthorn at gte.net> allegedly wrote:

>Frank Willoughby wrote:

>> The solutions to the above-mentioned problems are:
>> Shop around.  Find out which consultants are qualified and what they charge.
>> Make sure the consultant caps his cost.  You should know the maximum
price tag
>> associated with the consulting engagement BEFORE the consultant walks in
the front
>> door.  This helps to avoid having the consultant camp on your doorstep at
$XXX
>> dollars per hour for days, weeks, or months on end.
>
>The above is a nice ideal.  You should of course get a "really good"
consultant,
>and even better, get one who's "real honest".  But my guess is those guys
cost the
>most of all, or at the very least, require the most research to find.

Good point.  To help establish the honesty, it wouldn't hurt to get personal
and business references.  It also wouldn't hurt to check the BBB (Better 
Business Bureau - a consumer rights group) to see if there are any complaints 
against the company.  Ideally, the consultanting company would also be in the 
BBB's Care program which means that they will submit to binding arbitration 
in the event of a disagreement.  (BTW, the BBB also investigates all claims 
to weed out claims made by one competitor against another, etc.).


>The ideal of capping the cost is commendable as well, however, when the
consultant
>finds midway through the project that his initial estimate (made as
carefully as he
>possibly can) is way too low, he will now have an incentive to lie, cut
corners,etc.,
>*particularly* if the customer looks like one of those antsy types who
might withhold
>payments and so on.

Depends on the consulting company.  It is also a good measure which can be 
used to separate the weasels from the good guys.  The weasels will do exactly 
what you said.  The good guys won't.  Granted that once in a while, there will
be a contract which will have some surprises in it and you - won't make as 
much money as you were supposed to.  IMHO, this is a part of doing business.
Usually, you will win, but once in a while you will lose.  These things will 
happen.  Learn what went wrong and take steps to make sure it doesn't happen 
again.  Then go back to succeeding.

BTW, I think it is the customer's right to withhold payments until the job 
has been performed to the customer's satisfaction.


>My advice:  Get a consultant to find a good IT consultant.  Seriously.

If you have the money to spend, this may be a good idea.  Personally, I 
would tend to separate IT consultants from InfoSec consultants.   InfoSec 
is a highly specialized field & seasoned InfoSec Officers don't exactly 
grow on trees (as companies who don't have one and are trying desparately
to find one will testify).  Seasoned InfoSec Officers who are consulting 
for customers are even rarer, but I would rather have that to have the
security of my corporation depend on an IT consultant who has never had 
any experience working as an Information Security Officer (who has 
successfully implemented Information Security in a real business 
environment).  There is no substitute for experience, IMHO.

Food for thought.

Best Regards,


Frank
Any sufficiently advanced bug is indistinguishable from a feature.
	-- Rich Kulawiec

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Information Security Consulting 
http://www.fortified.com     Phone: (317) 573-0800     FAX: (317) 573-0817     
Home of the Free Internet Firewall Evaluation Checklist








From ichudov at algebra.com  Sat Nov  2 19:35:29 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 2 Nov 1996 19:35:29 -0800 (PST)
Subject: Compromise proposal
Message-ID: <199611030331.VAA00885@manifold.algebra.com>


[this goes to cypherpunks at toad.com and freedom-knights at jetcafe.org. I am
not reading f-k, but I am interested in Dave Hayes's opinion.]

Hi,

I am not normally considered an ally of Dimitri Vulis, so let this
be an attempt at being impartial.

Many members of cypherpunks list are right when they oppose the forced
unsubscription of Dimitri Vulis from this list. The sorry state of this
list is not the result of his flames alone, there is a large number of
people who discuss things of no cryptographic relevance.

We should remember that besides flames and scandals, Vulis has been
posting things that are most relevant to this list's topic.

We should also remember that individuals have the right and
responsibility to define what content they want to see and what content
they do not want to see. I am surprised at libertarians putting
forward propositions that are intended to promote welfare of "new
subscribers" and try to shield them from "lies".

Similarly, individuals are free to create voluntary moderated
associations as they see fit. As it was created, this mailing list was
not a moderated association.

At the same time, unfortunately, flames that Dimitri generated had
rendered previously 80% unusable list to be 99% unusable. These flames
had zero value for me personally. Since cypherpunks is a private list
(although it used to be unmoderated), I can understand the list owner
who wants to save his creature from total destruction.

I propose the following:

	1) The block on Dimitri Vulis's subscriptions should be removed

	2) We should not impose any limitations on anyone's speech except 3)

	3) Dimitri and everyone else should put prefix "[FLAME]" 
           into all Subject: header fields of their flame-related 
	   messages.

	4) The sole discretion of determining what is flame and what 
	   is not should be exercised by John Gilmore. His definition of
	   "flame" can be as broad as reasonably necessary.

	5) John Gilmore should have the right to forsibly unsubscribe, 
	   for a period not exceeding two months, anyone who posts
	   flames and does not use the right prefix.

	6) Cypherpunks list owner shall have the right to install any filters
	   he considers necessary in order to catch and review any messages
	   before they go to all subscribers, solely in order to verify 
	   their compliance with item 3). Messages that do not comply
	   may be rejected and their authors can be unsubscribed, as defined
	   in 5).

This solution will allow anyone with a clue to use appropriate filtering
and improve the signal-noise ratio, and at the same time will not in any
way limit anyone's freedom of speech.

I am also eagerly awaiting when Perry creates a moderated cypherpunks list.

	- Igor.





From shamrock at netcom.com  Sat Nov  2 22:23:32 1996
From: shamrock at netcom.com (Lucky Green)
Date: Sat, 2 Nov 1996 22:23:32 -0800 (PST)
Subject: Telling quote from Bernstein hearing
Message-ID: <Pine.3.89.9611022225.A214-0100000@netcom9>


In the recent hearing of the Bernstein case, Anthony Coppolino for the 
Justice Department said:


"We don't care about the theory; we don't care about
the idea Mr. Bernstein has, which was to take a particular type
of algorithm and use it to allow for an encrypted interactive
conversation.  That's his idea.
We don't care about his idea; we care about the
result of what it can do."
http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/
960920.transcript

Encrypted interactive conversations seem to be something to be concerned 
about...They are afraid of us.

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.







From Adamsc at io-online.com  Sat Nov  2 23:13:32 1996
From: Adamsc at io-online.com (Adamsc)
Date: Sat, 2 Nov 1996 23:13:32 -0800 (PST)
Subject: Discrete logs 1 [non-cryptography related annecdote]
Message-ID: <19961103071134640.AAD224@localhost>


On Thu, 31 Oct 1996 09:16:26 -0800, Hal Finney wrote:

>properties than regular logarithms, but I thought this bit of history
>would spark some memories in old-timers and give a new perspective for
>younger people.


It's kind of funny how quickly they dropped out of usage. I'm probably one of
the estimated 7 people under the age of 30 who actually know how to use one. 
(Long story - it involves a couple months in a math class w/o a decent
calculator)  I was in an Algebra class taught by 'Father Time' - interesting
facial expression when he first noticed my 'calculator' (similar to the one
he got when I blurted out the [correct] answer to a problem he'd been
explaining while I was reading a book and ignoring him - in retrospect, RAH
was more educational).  We had to take some sort of state math test and I had
just gotten my new programable graphing calculator a week or two before (more
lost sleep - with a little creativity and a boring class you can get some
interesting code on those thingies) but for some reason I decided to bring
both calculator (the allowability of which was highly suspect) and sliderule.
 The proctor saw me and had a major fit -- over the sliderule!  Yeap, in the
state of California they don't let algebra students use a sliderule to
'cheat' on the assessment test.  They do, however, allow you to use a modern
graphing calculator with programs and an equation solver (Did I mention the
optional IR link?).


The same thing goes on with SATs and especially SAT-IIs.   Some higher-end
calculators, esp. HPs, have plugin cartridges which automate much of the
basic work in chemistry, physics, etc.  I never saw anyone who used such
things even get asked about it.  Do we even need social engineering with
people this stupid?

#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From dthorn at gte.net  Sat Nov  2 23:28:07 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 2 Nov 1996 23:28:07 -0800 (PST)
Subject: 'what cypherpunks is about' [RANT]
In-Reply-To: <v01520d01ae9fa0242dde@[158.152.61.59]>
Message-ID: <327C3B0F.2CCA@gte.net>


Hard Media wrote:
> Message 1/40  From Timothy C. May
> We mine the copper they have no money to mine and pay them with worthless trinkets
> like penicillin, schools, and roads. We are exploiting them. Yep, they are better
> off in a state of natural grace, eating grubs and with a life expectancy of 35.

> I can't believe I'm hearing this. Buddy can you even READ? Have you forgotten that
> the Americas was doing fine until the Europeans got there and "civilised" it?
> Go and read a few books, try  "Bury My Heart at Wounded Knee" - J Dee  and then try
> "Blackfoot Physics" by F David Peat.

[snippo snippo]

Remember the cute little phrase about London?  "It's lovely at this time of year, if
you like fog", etc.  To paraphrase, "The U.S. is a lovely place to live, if you like
rednecks".  If you like men who drive jacked-up pickup trucks that get 10 miles per
gallon of petrol (cheap at $1/gallon), and who deliberately run over anything that
gets in their way on the road, you'll love us (U.S.).

You certainly can't argue that our leaders aren't gentlemen (hee hee); after all,
my near-term ancestors, led by Gen. W.T. "Burn 'em" Sherman, were committed to total
genocide of the South to "win" their "civil" war by any means necessary.

Following similar logic was Teddy Roosevelt, then the mad fire-bombers of World War 2,
capped by the ultimate terrorist fire-bombing of all at Hiroshima and Nagasaki, then
by immense fire-bombing of Vietnam, Cambodia, Laos, etc., followed by prodigious fire- 
bombing of Iraq and a deliberate fire-bombing and massacre of retreating troops at the
end of the "Gulf War".  Fighting the U.S. can be literal Hell!

And lest anyone try to stop these fascist coward bullies, look at the Zapruder film
for the result.  Eyewitnesses said the president's head shot sounded like a melon
thrown against a brick wall.  Splat!  "Oswald" did it with a Carcano?  Yeah, sure.

Quick, how many times have you heard this pro-interference argument?  The pro- people
will even show "proof" that the "savages" (it actually says this in the United States
Declaration of Independence) were as mean to each other as the invaders were to them.
What they fail to say, however, is that the "meanness" in such things as human sacrifice 
and so forth were imported to native cultures by "god-like" superiors who descended on
the locals to "help" them to the next level of technology and hero-worship.  Fooey!







From dthorn at gte.net  Sat Nov  2 23:28:18 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 2 Nov 1996 23:28:18 -0800 (PST)
Subject: New Bihman-Shamir Fault Analysis Paper
In-Reply-To: <v03007800aea040ab78e7@[17.202.40.158]>
Message-ID: <327C4114.238F@gte.net>


Martin Minow wrote:
> There is an inherent conflict between two claims that are
> central to the fault-analysis paper(s):
> "the secret key [is] stored in a tamperproof cryptographic device" and
>    "the cryptographic key is stored in an asymmetric type of
>     memory, in which induced faults ..."

> If the device is truly tamperproof, the attacker should not
> be able to induce faults.  Even given susceptable "consumer-
> quality" devices, it would be trivial to store the cryptographic keys
> in a redundant memory configuration, such as ECC "error-correcting
> code" memory that can self-correct a range of failures and detect
> a much wider range. It would also seem reasonable to protect the
> cryptographic core (algorithms and data) with a digital signature
> that would "crash" the device, rather than proceed with incorrect key information.

[snip]

My comment is about the last item here.  Doesn't "crash" assume normal use, and/or
that the device would have to be processed in an expected sort-of thread so that it
would be able to initiate the crash response?







From dthorn at gte.net  Sun Nov  3 00:28:03 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 3 Nov 1996 00:28:03 -0800 (PST)
Subject: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri Vulius [RANT]
In-Reply-To: <199611021445.GAA00213@abraham.cs.berkeley.edu>
Message-ID: <327C4C35.1FD8@gte.net>


John Anonymous MacDonald wrote:
> Thank you, John, for being so brave and protecting our freedom of
> on-topic speech. You are a true cypherpunk.
> Thank you, Timothy C May, for advancing cryptography by posting 100%
> crypto-relevant messages about loans to other countries and your
> collection of assault weapons.
> John and Timothy just made the cypherpunks list better.

I hate to butt in (and if you believe that....), but, you'll notice (as in anti-gun and
other people-protecting legislation) that it didn't accomplish much, since "Doctor" 
Vulis gets his stuff out to the list anyway.

Ironic how the list championed flooding Germany(?) with material in response to their
suppression of certain "objectionable" material, then gets into this sticky wicket.

But there's probably a logical reason for taking this "action", although it can
apparently be easily circumvented, even though many of us don't understand what
that logic could be.







From dthorn at gte.net  Sun Nov  3 00:28:18 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 3 Nov 1996 00:28:18 -0800 (PST)
Subject: Computer Security Risk Assessment Software? [RANT]
In-Reply-To: <9611030210.AA29337@su1.in.net>
Message-ID: <327C5610.74DA@gte.net>


Frank Willoughby wrote:
> At 05:44 PM 11/1/96 -0800, Dale Thorn <dthorn at gte.net> allegedly wrote:
> >Frank Willoughby wrote:
> >> The solutions to the above-mentioned problems are:
> >> Shop around.  Find out which consultants are qualified and what they charge.
> >> Make sure the consultant caps his cost.  You should know the maximum price tag
> >> associated with the consulting engagement BEFORE the consultant walks in the front
> >> door.  This helps to avoid having the consultant camp on your doorstep at $XXX
> >> dollars per hour for days, weeks, or months on end.

> >The above is a nice ideal.  You should of course get a "really good" consultant,
> >and even better, get one who's "real honest".  But my guess is those guys cost the
> >most of all, or at the very least, require the most research to find.

> Good point.  To help establish the honesty, it wouldn't hurt to get personal
> and business references.  It also wouldn't hurt to check the BBB (Better
> Business Bureau - a consumer rights group) to see if there are any complaints
> against the company.  Ideally, the consultanting company would also be in the
> BBB's Care program which means that they will submit to binding arbitration
> in the event of a disagreement.  (BTW, the BBB also investigates all claims
> to weed out claims made by one competitor against another, etc.).

Personal and business references that you can check out are a good start, but beware
of expecting much from org's such as BBB, etc.  The reasons are twofold:

1. Most org's today are (despite the fact that they have computers on their desks)
   extremely shy about picking sides in computer software business matters, because,

2. Unlike nearly any other business, software development/implementation is not
   predictable in many situations like house or bridge building.  Costs and hours
   may run many times what was estimated, unless the up-front estimate was so
   exhaustive (paid for, huh?) that it could be relied on as usably accurate.

   The fact is, the more cookie-cutter the project is, the more likely it will meet
   estimates.  Unfortunately, most customers don't want cookie-cutter for a number
   of reasons, one being the reluctance to pay for old (tried and true) technology.

> >The ideal of capping the cost is commendable as well, however, when the consultant
> >finds midway through the project that his initial estimate (made as carefully as he
> >possibly can) is way too low, he will now have an incentive to lie, cut corners,etc.,
> >*particularly* if the customer looks like one of those antsy types who might withhold
> >payments and so on.

> Depends on the consulting company.  It is also a good measure which can be
> used to separate the weasels from the good guys.  The weasels will do exactly
> what you said.  The good guys won't.  Granted that once in a while, there will
> be a contract which will have some surprises in it and you - won't make as
> much money as you were supposed to.  IMHO, this is a part of doing business.
> Usually, you will win, but once in a while you will lose.  These things will
> happen.  Learn what went wrong and take steps to make sure it doesn't happen
> again.  Then go back to succeeding.
> BTW, I think it is the customer's right to withhold payments until the job
> has been performed to the customer's satisfaction.

Another qualified OK - you may be able to identify the weasels all right, but if you
expect the "good guys" to absorb all cost overruns for way-inaccurate estimates, well,
maybe they will on the phase of the project that they have a solid committment to,
but then they'll still leave you with a dead end product if it costs them way too much,
and they'll do it legally, and they won't need you as a reference anyway, since they
will have other satisfied customers.  And with all this, it still comes down to the
fact that a comprehensive, thorough, and accurate estimate on a significant computer
project is either impossible, or it'll cost way more than a customer will want to
pay for.  You already know if you've been to court that telling the "honest truth"
will not get you the best result many times, so it shouldn't surprise anyone that
these kinds of projects would not bring out the most honest side of people.

[snip]






From mhayes at infomatch.com  Sun Nov  3 02:41:33 1996
From: mhayes at infomatch.com (Murray Hayes)
Date: Sun, 3 Nov 1996 02:41:33 -0800 (PST)
Subject: FDA_dis
Message-ID: <199611031041.CAA04063@infomatch.com>


On Tue, 29 Oct 1996 17:51:56 -0500, Hallam-Baker wrote:

>Declan McCullagh wrote:
>> 
>> I'll have to reread John's piece tomorrow (I'm on vacation right now), but
>> it doesn't surprise me. He and I have been arguing about this topic via
>> email for the last week or so. He takes the traditional liberal view of
>> government regulation of drugs is necessary; I take the more libertarian one.
>> 
>> The Cato Institute, BTW, will be putting together a roundtable on this soon.
>> 
>> -Declan
>
>Characterising this as the "traditional liberal view" is somewhat
>misleading,
>its not as if Bob Dole or Newt Gingrich would disagree much. The
>argument is
>more over which special interest group is to be advantaged by changes in 
>regulation. If I was a citizen of a country where the government was
>elected
>by a billion dollars of corporate contributions I might be a
>libertarian.

Are you saying that you are anti-corporation?  That would make
no sense.  Many corporations are very benificial to society.  Take
Shell for example.  It did all that it could to save the life of
that guy in Nigeria, but the "libertarians" who instantly boycotted
Shell would have you belive that they encouraged the sentence.


>Its important to remember that its the World Wide Web and not simply
>limited
>to the US. As long as US companies set up subsidiaries in Europe they
>will be constrained by European law. In the net.age law is becomming a
>major
>export for many countries. 

What is becoming a major export?  Weak laws?  Why would a country 
encourage criminals to come to it's boarders?

>Regulation is not necessarily anti-commerce. UK beef farmers would be
>better
>off today if there had been more regulation, a weak "free-market"
>attitude 
>to public health has destroyed the entire industry.

I don't think you have analysed the situation.  It was the regulating
that deystroyed the UK cattel industry and put the entire world at
risk.  The British government protected the beef industry despite a
ban on British beef accross Europe.  If Eroupe is considered to be the
"Free Market" as you suggest, then it would be exactly opposite to what
you have suggested.  The "Free Market" labled the animals coming from
Britian to be of questionable quality.  The regualtors in Britian 
disaggreed because it would cost them a few penny's to slauter the 
infected heards.  Then Britians started getting sick.  The rest of the
world throws up bans of British beef; Yet the British regulators still
do not cleanse the heards.  The only way to ensure the desease is gone
is to kill every last cow in Britian and bring in fresh stock.  THAT
MEANS NO GIVING THEM TO INDIA YOU STUPID FUCKS.

 It is often in a
>companies
>commercial interest to voluntarily agree to be regulated. Microsoft
>recently 
>signed an agreement to be bound by the European computer privacy
>regulations 
>because by doing so they gained a business advantage - people would
>trust 
>them with their data.

This is another interesting point.  Why is it better for a company to
agree to any regulation?  Do you REALLY trust Microsoft?  I do not.
They write poor code.  They probably signed the aggreement because they
knew that there product was so bad that it couldn't violate any 
restrictions or they contracted the work out to the NSA who wrote the
code for them and so they know that it can be cracked if they need to 
track down every last copy of the OS for their marketing group to do a
statistical analysis on.


>
>Much of the advertising regulation being discussed is private, agreement
>on
>standard formats for image placements for example. There is existing
>government
>regulation of advertising in many countries however. In particular much 
>stricter control over advertising of drugs, making misleading statements
>in
>advertising and so on.In the UK  there is regulation of advertising
>through
>the advertising standards council which is a voluntary body in the sense 
>that it has no statutory enforcement powers but has practical authority 
>because the publishers will not publishe ads that fall foul of its
>decisions.

I belive that this is the GOVERNMENT body called the BBC.  We have a 
similary group up here called the Communist Broadcast Corporation.
Actually, I must be fair to them,  I do like Air Farce.  I don't think
your argument holds any water.  Different cultures have different social
norms.  I was quite shocked to see John Clease stark f**king naked on a
tea commercial (isn't tea a carrier of caffine? yes. Does caffine change
the way in which you body works? yes.  Is caffine food? no; therefore 
caffine is a drug and tea carries that drug.) 

>
>A more serious problem however is likely to be dramatically different
>cultural norms. In the US people expect to be lied to in adverts. In
>countries
>where there is regulation of advertising there is a general expectation
>for comparisons to be fair and for ads to be truthful. I'm just waiting
>for a major corporation to create an Intel scale PR disaster by applying
>sleasly US style marketing techniques in markets where the downside is
>very large. One recent example is Hoover which had a $30 odd million 
>debacle over a "free flights" giveaway that was based on sleasly US
>style
>marketing techniques. The company ended up having to live up to the
>spirit of its offer rather than the letter as it intended simply to
>preserve the value of the brand.

So?  All this proves is that the US is more oreiented toward the free 
market than other places.  In the free market, on's "brand value" is 
incredibly important.  I think you are also missing the distinction
between a company and it's marketing.  I'm sure Hoover, as in your
example, has many marketing camnpaines going on at any time and that
every so often an overeager director of the comapany that Hoover hired
to do the campain makes a mistake.  I'm sure this happens all the time,
just take a look at another marketing company: Microsoft.

>
>If you don't believe in anti trust laws there is no basis on which you
>can object to the sort of regulation by cabal that the advertising
>standards council represents. Of course such cabals cannot exist in the
>libertarian belief system since their existence is denied a-priori 
>by invoking the spirit of Milton Freedman. Milton Freedmen is of course
>a rightwing ecconomist whose theories are widely admired by free
>market ecconomists who admire Mitlon Freedman.

Does that mean a libertarian is more Free Market oriented or more
Command Market oriented?  I'm not sure there is any correlation at
all.  I belive in anti trust laws, does that mean I can object to 
regualtions?


mhayes at infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip






From sean at milkyway.co.za  Sun Nov  3 03:52:45 1996
From: sean at milkyway.co.za (Sean Vince-Jillings (Sean Vince-Jillings Sean Vince„Jillings))
Date: Sun, 3 Nov 1996 03:52:45 -0800 (PST)
Subject: Montgolfiering, the Hot Air Balloon of Cryptography -Reply
Message-ID: <s27ca6e6.075@arup.co.za>


nobody quoth

>Fie on the small minds that cackle at my brilliance! As a Mensa member
>and
>founder of the Society for Superintelligent Former NSA Employees, I
>chortle
>at the baseness of callow criticisms by those doubters and dilletantous
>denigrators of virtual one-time pads and PRNGs (perfect random
>number
>generators).

So Mr Smarty Pants, how does it feel to be the second most intelligent life
form on the planet? Your polysyllabic phrasing does not fish you from
the unfortunate and precarious position of only being in the second most
august and lofty eyrie of intellect in the upward spiral of extropian
realisation.

Ha!

As the Shadow president of the Alien Consortium that controls MENSA
through the Boy Scout Freemason Recruitment Program, I refute your
dubious and somewhat ill-considered claims to being the very paragon of
intelligence.

>Montgolfiering. What is it, you ask? It is demonstrably a new paradigm in
>the evolution of homo sapiens (Parry Messger excepted) toward
>Shannon's
>dream of a one-time pad needing only a single, easily memorizable
>number as
>a seed.  I have heard only silence when I challenged the so-called
>superbrains of this latargial list to try to determine which number I am
>using as the seed of my system. If you are such great smarty pants, far
>smarter than my colleagues at the NSA and at Mauchly-Wood, why can
>you not
>then determine this number? 

I can.

>Could it be because I have outsmarted
>you?
>Could it be because I understand the Sufi secrets of picking random
>numbers
>truly randomly? I submit this to you: 8  31  26  3  19. Now, oh great
>ones,
>tell me, what is the next number in this sequence?

11. Prove me wrong.

>
>Ha, you cannot predict this next number, can you, oh gibbering
>greatnesses?

Bullshit. I just did

>Ths proves that my perfect random number genarator (PRNG, for those
>of you
>too stupid to remember) 

PRNG.Its hard to forget such a stupid name. 

>cannot be broken. Q.E.D.
>
>I question the issue of Parry Messger's objectivity in assessing the
>brilliance of my importations and acidulous assertations. I question
>whether Parry may have a peculiarly pecuniary interest in these
>affairs?
>Does Parry have an insider, or other position, or interest in one or more
>of the RSA interest? If, this explains his fantastical faith in the core of
>this so-called "RSA" system, which I proved to my colleagues at NSA
>could
>not possibly be valid. Why, you ask? Because it contains no virtual
>seed,
>and that which has no seed cannot grow. Q.E.D.--it has been
>debunked.

No, it only looks debunked because your mind has been unhinged.

>
>Entropy, you quibble? Ha! What is entropy but thermodynamics? And
>what is
>the topic of thermodynamics, you small-minded ensemble (Gibbs)
>people who
>never worked for the NSA may ask? Thermodynamics is about hot air.
>Hot air
>is in balloons. Balloons were pioneered by the Montgolfiers. Thus we
>come
>full circle (can you understand this, you mental midgets?).  Q.E.D.--it
>has
>been demystified.

No. It has been filled with hot air in the hope that the argument will float. 

>
>Montgolfiering = a new virtual one time pad based on hot air. Eureka! I
>have found it.
>
>P Information = P * log_base_infinity P

Log_base_infinity? You can't quantify this? The name for this kind of
tricky sum is in fact, rhetoric.

>I laugh at your sanctimonious snivelings, your bombastic bombardings,
>and
>your fatuous flatulations.

I laugh about your need to be so prissy about a simple fart.

>(Montgolfiering. Q.E.D.--"it has been deflated")

heh. yeah right.

GAIAWired






From dbell at maths.tcd.ie  Sun Nov  3 06:46:57 1996
From: dbell at maths.tcd.ie (Derek Bell)
Date: Sun, 3 Nov 1996 06:46:57 -0800 (PST)
Subject: [NOISE]Re: Dr. Vulis; John was right!
Message-ID: <9611031446.aa18095@salmon.maths.tcd.ie>


-----BEGIN PGP SIGNED MESSAGE-----

	I'm not happy with the barring of Vulis from the list: sure he was
a kook and he posted many ad-hominem messages*, but I feel a mini-FAQ would
deal with the matter better. Explain the background to his tantrums** and
explain how to filter out messages with various mail packages.

*	I think Vulis was really unfair to Tim May, even though I find myself
disagreeing strongly with what Tim has to say on some matters. At least Tim
has posted interesting, thought-provoking, crypto-related material.

**	Ok, so `tantrums' is an understatement...

	Derek Bell

PGP key available at: http://www.maths.tcd.ie/~dbell/key.asc
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMnywVFXdSMogwMcZAQEi2QQAhMWJWTz1RtBvyiYHAyzfkSSxZ+8U8rq7
xF3JD4s78rMcDcfzY0Q/5XRnPTCH/M6YI54cA/EpAEYys0Ws0VWgJoMxdBcbhitI
1zbFdUQJqzrKLlvP/n6KN2jImQeHqYUeSgsnoNgfn4Uo9KpBtxbUjKwEmco9VV8y
fxoVHAYPTsg=
=yk8t
-----END PGP SIGNATURE-----





From declan at well.com  Sun Nov  3 08:00:36 1996
From: declan at well.com (Declan McCullagh)
Date: Sun, 3 Nov 1996 08:00:36 -0800 (PST)
Subject: Response to PFF's O'Donnell on the CDA and moralists
Message-ID: <Pine.GSO.3.95.961103080016.3614D-100000@well.com>




---------- Forwarded message ----------
Date: Sun, 3 Nov 1996 07:58:58 -0800 (PST)
From: Declan McCullagh <declan at well.com>
To: fight-censorship at vorlon.mit.edu
Subject: Response to PFF's O'Donnell on the CDA and moralists

Richard O'Donnell from the Progress and Freedom Foundation writes in an
essay attached below:

 > The strategic error of civil libertarians in the fight over the
 >censorship act was to lump together the statist moralists and the
 >anti-statist moralists. The latter are natural allies of the free
 >speechers (for the same reason the Christian Coalition and
 >Libertarians call the Republican party home). The ACLU crowd was
 >unable to create a free speech alliance with Christians because they
 >failed to acknowledge that attempts to limit the availability of
 >pornography is very American.

O'Donnell makes some good points elsewhere, but the above fails to
convince me. Trying to impose your moral code on others through the power
of law has a long history in America: Prohibition and sodomy laws. We also
have a long history of discrimination against gays, blacks, and jews. But
that doesn't make it right, or justified. 

Gutting the First Amendment though state action, which the religious right
did in passing the CDA, is indeed "unAmerican." It goes against the very
principles of free expression and tolerance for political dissent upon
which this country was founded. There is a difference between arguing that
people should decline to purchase erotica or read "indecent"  materials --
and calling for criminal laws to ban it.

I agree with O'Donnell that advocates of freedom need to work with
advocates of a reduced central government. One protection against future
threats like the CDA is to make the Federal government less subsceptible
to special interest lobbying. And certainly, House Republicans have
emerged this year as the staunchest defenders of civil liberties.

But I disagree with his assertion that "a small group of statist
moralists" supported the CDA. My question is: what major theocratic right
group publicly opposed it? Even PFF senior fellow Arianna Huffington
debated Esther Dyson and John Perry Barlow and defended the CDA. 
 
The Christian Coalition certainly supported the act. Enough is Enough! 
supported the CDA, with its leader Dee Jepsen testifing in favor of
Net-censorship. (Jepsen is on the board of regents of Pat Robertson's
Regents University and has impeccable religious right credentials.)  Bruce
Taylor's group did -- and though Taylor isn't exactly a religious
moralist, he rarely crosses swords with them. The ACLJ -- the religious
right's response to the ACLU -- supported the CDA and even cited Rimm's
study this year as support for its constitutionality. The organizations in
the umbrella group National Coalition Against Pornography supported the
CDA. The Family Research Council and Focus on the Family continue to argue
in favor of the CDA. Longtime Christian Coalition ally Sen. Charles
Grassley introduced a bill worse than the CDA. We all know what Rep. Henry
Hyde did with the final legislation. 
 
Now, this is from memory. Perhaps some groups have changed their position
after the June ruling. But I'd be interested in hearing the answer to my
question above. 

-Declan

----------
  
        Freedom to Pray and Sin
 
 The Internet is driving the ACLU and Christian Coalition Together
 
        Richard F. O'Donnell
 
 Prohibition became law because bootleggers, who stood to gain
 economically from outlawing alcohol, quietly supported the
 "religious" crusade against evil liquor. Today, the forces of state
 control who want the government to regulate Cyberspace quietly
 support the moral crusade against pornography on the Internet.
 This modern day "Bootleggers and Baptists" coalition has driven a
 stake through the traditional civil libertarian constituency and
 left the ACLU crowd completely bewildered.
 
 The Communications Decency Act, passed by Congress earlier this
 year and now being challenged in court, criminalizes the
 transmission and posting of indecent material on line. In the year of
 the Republican Congressional Revolution a Democrat (James Exon of
 Nebraska) was the prime sponsor of the censorship act. Opponents
 were never able to label it purely a move by "Newt Gingrich's
 radical freshmen" because so many Democrats supported it (and
 Gingrich did not). For instance, a recent WIRED magazine article
 entitled "The Rogues Gallery" that profiled "the legislators who
 helped make government censorship a reality on the Internet"
 didn't profile even one Republican.
 
 Liberal legislators and President Clinton, who normally have few
 problems with the ACLU and abhor the "radical Christian right,"
 went right along with them in attempt to increase state control.
 How is it legislators who voted against efforts to ban flag burning
 on the grounds of free speech suddenly voted to ban dirty pictures?
 
 Simply put, the Democrats saw in the censorship act a way to
 assert government regulation of the Internet, the first step in letting
 Washington bureaucrats regulate Cyberspace in the "public
 interest."  These liberal paternalists intuitively favor state control
 in the mode of Senator Bob Kerry, who thinks that, because the
 FCC regulates telephone and television transmission, it is a natural
 extension of its powers to regulate the Internet. These are members
 of an elite who believe that government is in a better position than
 parents to determine the programming content of television
 networks or in a better position than the market and to determine
 the standards for emerging technology.
 
 Defenders of free speech lost their battle over the censorship act
 because, when their traditional Democratic allies abandoned
 them, they were unable to get over their distaste for moralism and
 recognize their new natural allies. The key to victory for civil
 libertarians is understanding that moralists (e.g. "the Christian
 right") are not a unified, monolithic front.
 
 There is a small group of statist moralists who are seeking
 government power in order to impose their views on the rest of
 America. They may pose a threat to free speech. Yet most
 "Christian activists" are not interested in imposing anything on
 others. Instead, they are actively opposing a government that
 is abridging their rights to freedom of faith. Statist moralists
 advocate not just a silent moment in school but a school led prayer.
 Anti-statist moralists just want schools to stop distributing condoms
 because it undermines the lessons they are trying to teach their
 children about abstinence until marriage.
 
 The strategic error of civil libertarians in the fight over the
 censorship act was to lump together the statist moralists and the
 anti-statist moralists. The latter are natural allies of the free
 speechers (for the same reason the Christian Coalition and
 Libertarians call the Republican party home). The ACLU
 crowd was unable to create a free speech alliance with Christians
 because they failed to acknowledge that attempts to limit the
 availability of pornography is very American.
 
 The legacy of the Puritans remains strong in our nation. Throughout
 our history Americans have been ready to demand conformity and
 to impose through law moral standards (recall abolition - for
 which America went to war). Foes of the Internet censorship lost
 their battle by labeling their opponents "unAmerican." Steve
 Guest, a network consultant who is party to a class action suit
 against attempts to shut down on-line adult sites, summed up the
 civil libertarian attitude when he said such actions were
 "violating the basic principles on which this country was founded."
 
 Calling attempts to regulate pornography "unAmerican" does not
 sway many people - especially Congressmen. Moral crusades
 against sinful material are as quintessentially American as
 individual liberty. Civil libertarians need to acknowledge the
 natural place of moralism in American life. Otherwise, they blind
 themselves from recognizing their true enemy. Freedom isn't
 threatened by moralism - we are free precisely because we are
 moral beings. Freedom is threatened by the advocates of state
 control.
 
 Civil libertarians need to reach out to anti-statist moralists and
 show them that it is no better to let the government in our computers
 than our churches. The way to fight pornography is on individual
 computer screens, with technology that empowers parents to
 determine what their children see - not what some invisible
 bureaucrat or court decides is appropriate.
 
 
 -----------
        Richard F. O'Donnell
 
 Richard F. O'Donnell is Director of Communications at The
 Progress & Freedom Foundation. He serves as editor of all
 Foundation policy reports, books and articles. In addition, he is
 responsible for media relations and public outreach. His editorials
 have appeared in Investor's Business Daily, The Washington
 Times and Commonsense.
 
 Mr. O'Donnell is currently assisting former Congressman Vin
 Weber on his book about the new political majority emerging in
 American politics. He has also worked with columnist Arianna
 Huffington, author Marvin Olasky, and numerous policy and
 Congressional leaders in the telecommunications, health care,
 energy, environment and welfare reform fields.
 
 Mr. O'Donnell is a recognized authority on the nature and political
 ramifications of the transition from the Industrial Age to the
 Digital Age. Writing and speaking on the survivability of the
 American Idea in the 21st Century, he is a columnist for the
 cyberspace magazine Upside Online.
 
 He was managing producer of a weekly television show, The
 Progress Report , co-hosted by Heather Higgins and House
 Speaker Newt Gingrich, and editor of the American Civilization.
 Mr. O'Donnell has also worked at the National Policy Forum: A
 republican Center of the Exchange of Ideas and at the Archer
 Daniels Midland Company.
 
 A native of Colorado, Mr. O'Donnell is a graduate of the Colorado
 College, and has studied at Boston College and The London
 School of Economics and Political Science.

###







From gary at systemics.com  Sun Nov  3 08:17:49 1996
From: gary at systemics.com (Gary Howland)
Date: Sun, 3 Nov 1996 08:17:49 -0800 (PST)
Subject: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri Vulius [RANT]
Message-ID: <199611031617.RAA18700@internal-mail.systemics.com>


> But there's probably a logical reason for taking this "action", although it can
> apparently be easily circumvented, even though many of us don't understand what
> that logic could be.

Yes.  If only you knew what they knew ... :-)

The mail filter is dead! Long live censorship, double standards and hypocrisy!

Gary





From dthorn at gte.net  Sun Nov  3 09:37:18 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 3 Nov 1996 09:37:18 -0800 (PST)
Subject: Telling quote from Bernstein hearing
In-Reply-To: <Pine.3.89.9611022225.A214-0100000@netcom9>
Message-ID: <327CD6F3.6CD6@gte.net>


Lucky Green wrote:
> In the recent hearing of the Bernstein case, Anthony Coppolino for the
> Justice Department said:
> "We don't care about the theory; we don't care about
> the idea Mr. Bernstein has, which was to take a particular type
> of algorithm and use it to allow for an encrypted interactive
> conversation.  That's his idea.
> We don't care about his idea; we care about the
> result of what it can do."

[snip]

Could I suggest a translation?  "We're going to trust Professional Government Consultant 
Organization XYZ to tell us about Mr. Bernstein's idea, since we obviously won't 
understand Mr. Bernstein's own explanation."  (And we do care about his idea, but we 
can't admit that, because it would make us look stupid)







From dthorn at gte.net  Sun Nov  3 09:37:28 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 3 Nov 1996 09:37:28 -0800 (PST)
Subject: Discrete logs 1 [non-cryptography related annecdote] [NOISE]
In-Reply-To: <19961103071134640.AAD224@localhost>
Message-ID: <327CD820.6408@gte.net>


Adamsc wrote:
> On Thu, 31 Oct 1996 09:16:26 -0800, Hal Finney wrote:
> >properties than regular logarithms, but I thought this bit of history
> >would spark some memories in old-timers and give a new perspective for
> >younger people.

[snip]

> The same thing goes on with SATs and especially SAT-IIs.   Some higher-end
> calculators, esp. HPs, have plugin cartridges which automate much of the
> basic work in chemistry, physics, etc.  I never saw anyone who used such
> things even get asked about it.  Do we even need social engineering with
> people this stupid?

Technology has a base, much like a pyramid.  When you add enough layers, you can't
find very many people who can traverse top to bottom and understand all of what's
in between.

I consider it a miracle when a student has the quality of consciousness to buck the
trend and get themself a quality instrument (such as an HP-48SX/GX), since once they
do that, they might be encouraged to explore further.






From rwright at adnetsol.com  Sun Nov  3 09:59:14 1996
From: rwright at adnetsol.com (Ross Wright)
Date: Sun, 3 Nov 1996 09:59:14 -0800 (PST)
Subject: [NOISE]Re: Dr. Vulis
Message-ID: <199611031759.JAA05324@adnetsol.adnetsol.com>


On or About  3 Nov 96 at 14:46, Derek Bell wrote:

>  I'm not happy with the barring of Vulis from the list

Just want to add my 2 cents.  I am also unhappy with the fact that he 
was removed.  My personal correspondence with Vulis has been friendly 
and he has been very helpful.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906





From frissell at panix.com  Sun Nov  3 11:13:57 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 3 Nov 1996 11:13:57 -0800 (PST)
Subject: 'what cypherpunks is about' [RANT]
Message-ID: <3.0b36.32.19961103141126.00b581f0@panix.com>


At 10:26 PM 11/2/96 -0800, Dale Thorn wrote:
>Following similar logic was Teddy Roosevelt, then the mad fire-bombers of
World War 2,
>capped by the ultimate terrorist fire-bombing of all at Hiroshima and
Nagasaki, then
>by immense fire-bombing of Vietnam, Cambodia, Laos, etc., followed by
prodigious fire- 
>bombing of Iraq and a deliberate fire-bombing and massacre of retreating
troops at the
>end of the "Gulf War".  Fighting the U.S. can be literal Hell!

Terror bombing of civilians was a European not an American invention, though.

>Quick, how many times have you heard this pro-interference argument?  The
pro- people
>will even show "proof" that the "savages" (it actually says this in the
United States
>Declaration of Independence) were as mean to each other as the invaders
were to them.
>What they fail to say, however, is that the "meanness" in such things as
human sacrifice 
>and so forth were imported to native cultures by "god-like" superiors who
descended on
>the locals to "help" them to the next level of technology and
hero-worship.  Fooey!

The death rate among civilians in many pre civilized wars was as high as
civilian death rates in many of our 20th Century wars.  We have the piles
of bones to prove it.  In addition to peonage, serfdom, chattel slavery and
the treatment of women as chattels, pre civilized people were considerably
more xenophobic than the worst US redneck.  Many had problems accepting the
denizens of the next village a few miles away.  They tended to be racists
as well.  And did I forget to mention infanticide and royalism.

DCF





From richieb at teleport.com  Sun Nov  3 12:11:12 1996
From: richieb at teleport.com (Rich Burroughs)
Date: Sun, 3 Nov 1996 12:11:12 -0800 (PST)
Subject: Telling quote from Bernstein hearing
Message-ID: <3.0.32.19961103121133.006aa318@mail.teleport.com>


At 09:31 AM 11/3/96 -0800, Dale Thorn <dthorn at gte.net>
 wrote:
>Lucky Green wrote:
>> In the recent hearing of the Bernstein case, Anthony Coppolino for the
>> Justice Department said:
>> "We don't care about the theory; we don't care about
>> the idea Mr. Bernstein has, which was to take a particular type
>> of algorithm and use it to allow for an encrypted interactive
>> conversation.  That's his idea.
>> We don't care about his idea; we care about the
>> result of what it can do."
>
>[snip]
>
>Could I suggest a translation?  "We're going to trust Professional
Government Consultant 
>Organization XYZ to tell us about Mr. Bernstein's idea, since we obviously
won't 
>understand Mr. Bernstein's own explanation."  (And we do care about his
idea, but we 
>can't admit that, because it would make us look stupid)

Heh :)

I think that Lucky hit on a choice quote from Coppolino -- it was really at
the heart of his arguments.

Since Judge Patell ruled that source code is speech, the ground has really
shifted from just limiting crypto to limiting Bernstein's freedom of
speech, and this is much to the government's disadvantage.

Coppolino tried to avoid the issue by claiming that the government is not
interested in restraining Bernstein's ideas (claiming several times that
the government does not interfere with academic discussion of crypto), but
that they want to impede the specific functionality of Snuffle.

Bernstein's attorney, Cindy Cohn, aptly replied that the ideas behind the
crypto _dictate_ the functionality, and that you can't restrain one without
affecting the other (or words to that effect).

I don't think that Coppolino meant that they do not understand Bernstein's
ideas :)  (though perhaps he does not...)



Rich


______________________________________________________________________
Rich Burroughs  richieb at teleport.com  http://www.teleport.com/~richieb
See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon
U.S. State Censorship Page at - http://www.teleport.com/~richieb/state
New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause





From gbroiles at netbox.com  Sun Nov  3 12:19:03 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Sun, 3 Nov 1996 12:19:03 -0800 (PST)
Subject: more interesting ITAR/CJ stuff @ eff.org
Message-ID: <3.0b28.32.19961103123043.0074e3e0@ricochet.net>



In addition to the transcript of the 9/20 hearing that Lucky mentioned,
there's other good (new) stuff in EFF's archive, including a declaration
from an editor with MIT Press where he indicates he was told informally
that the NSA had asserted that the paper copy of the PGP Source Code book
was subject to the ITARs. (There was no official response made, two
printings were sold out, and the book has gone out of print.)

<http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/>,
"961004_prior.declaration"


--
Greg Broiles                |  "We pretend to be their friends,
gbroiles at netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |






From dlv at bwalk.dm.com  Sun Nov  3 12:30:08 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 3 Nov 1996 12:30:08 -0800 (PST)
Subject: Thank you, John Gilmore, for protecting freedom of speech against Dr. Dmitri
In-Reply-To: <327C4C35.1FD8@gte.net>
Message-ID: <BL4TwD51w165w@bwalk.dm.com>


Dale Thorn <dthorn at gte.net> writes:
> But there's probably a logical reason for taking this "action",

Such as someone being an effeminate long-haired limp-wristed bitch... :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From norm at netcom.com  Sun Nov  3 14:40:57 1996
From: norm at netcom.com (Norman Hardy)
Date: Sun, 3 Nov 1996 14:40:57 -0800 (PST)
Subject: NSA Report: Anyone seen this?
Message-ID: <v03007803aea2c9c2042d@DialupEudora>


I just finished reading the report "How to Make a Mint: The Cryptography of
Anonymous Electronic Cash" by Law, Sabett & Solinas. It can be found at
<http://jya.com/nsamint.htm>.

It is very well written with only identification of the issues except in
the last short paragraph where they clearly lean toward government
interests.

They identify and distinguish interests of the bank, the consumer's
privacy, and the government. Some of the measures that they describe
(providing for traceability) might well be done by a bank operating in an
anarchy. Imagine that you are running a bank in an anarchy and the son of
one of your good customers is kidnapped and held for ransom. Suppose that
the kidnapper is a good customer of another bank with whom you have an
arm's length relation. The arguments are not simple. Only towards the end
does the paper begin to conflate the interests of the government and the
bank. Some of the law enforcement purposes that they describe would apply
to the anarchy bank, others would not.

The paper is the best description I have seen of several advanced money
schemes. It has a better description of Chaum's off-line scheme than I had
seen before. It describes sever even more advanced schemes, both abstracted
form the mathematical details, and then with the details filled in.








From blancw at cnw.com  Sun Nov  3 15:20:37 1996
From: blancw at cnw.com (blanc)
Date: Sun, 3 Nov 1996 15:20:37 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more
Message-ID: <01BBC99A.AF44F860@king1-23.cnw.com>


Those of you who think that it was wrong, unwarranted censorship for John Gilmore to take Dr. Vulis off the list should note this sentence from John's message:

	When he posted a message saying that we'd
	have to use technical means to stop him from 
	flaming the list, I said, "OK".


It was Vulis who challenged John to stop him by technical means.  It was at John's discretion to do so, and he took the liberty of  following up on Vulis' challenge.

Vulis did everything to set himself up for what he got, did he not.

   ..
Blanc







From sandfort at crl.com  Sun Nov  3 15:53:58 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 3 Nov 1996 15:53:58 -0800 (PST)
Subject: [NOISE]Re: Dr. Vulis
In-Reply-To: <199611031759.JAA05324@adnetsol.adnetsol.com>
Message-ID: <Pine.SUN.3.91.961103153835.17227A-100000@crl5.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

> Just want to add my 2 cents.  I am also unhappy with the fact that he 
> was removed.  My personal correspondence with Vulis has been friendly 
> and he has been very helpful.

Then I suggest that Ross not remove Dimitri from his private 
e-mail correspondence.  On this list, however, Dimitri was NOT 
friendly NOR helpful.  

Wha do Ross' or anyone else's private interactions have to do 
with the decisions of those who pay for this list's existance?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From wfrench at interport.net  Sun Nov  3 15:54:26 1996
From: wfrench at interport.net (Will French)
Date: Sun, 3 Nov 1996 15:54:26 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <199611032354.SAA01354@interport.net>


  Except it's not very effective, is it, since he's still
posting flames?  In any case, it's an admission on John
Gilmore's part that libertarianism can't work without some
measure of authoritarianism; the only argument is over _just how
much_ authoritarianism we need.
  
  I'm quite upset about this.  Up to now I was able to tell
people that "there is at least one mailing list on the net that
functions in a completely open manner".  No more.


Will French  <wfrench at interport.net>





From abusebot at savetrees.com  Sun Nov  3 16:10:04 1996
From: abusebot at savetrees.com (Mail AutoResponder)
Date: Sun, 3 Nov 1996 16:10:04 -0800 (PST)
Subject: RESPONSE FROM CYBERPROMO
Message-ID: <199611040106.UAA15906@gamut>



Version 10-9-96:


Cyber Promotions has started to implement stricter Terms of Service
policies WITH TEETH.  We have just recently terminated several accounts for
abuse of our policies.  (Updated TOS at end of message).

The following email accounts have been *recently TERMINATED...

*jrtkjs at savetrees.com         10-9-96: Forgery and spamming INTERNET
*jrtkjs at answerme.com          ""      ""       ""     ""     ""     ""
*dollars at savetrees.com        Non-existant account.  The account was 
forged by the people who opened the accounts above.

*info1 at cyberpromo.com         10-8-96: Unsolicited ads to INTERNET addresses 

*changes at answerme.com         9-30-96: Unsolicited ads to INTERNET addresses
*changes at cyberpromo.com       9-30-96: Unsolicited ads to INTERNET addresses
*changes at savetrees.com        9-30-96: Unsolicited ads to INTERNET addresses

*catalog at savetrees.com        9-30-96: Unsolicited ads to INTERNET addresses
*catalog at cyberpromo.com       9-30-96: Unsolicited ads to INTERNET addresses
*catalog at answerme.com         9-30-96: Unsolicited ads to INTERNET addresses

*eleven at answerme.com          9-28-96: Forgeries
*eleven at savetrees.com         9-28-96: Forgeries
*eleven at answerme.com          9-28-96: Forgeries

*tsahk at cyberpromo.com         9-27-96: Unsolicited ads to INTERNET addresses
*tsahk at answerme.com           9-27-96: Unsolicited ads to INTERNET addresses

*icssender at omni.cyberpromo.com   9-19-96: FORGED unsolicited email, making
it appear that Cyberpromo's auto-sender was responsible.  If you are in
receipt of the message, please look through the headers and complain to the
appropriate postmasters.

networkes at answerme.com       9-17-96: Ignored remove requests
networkes at cyberpromo.com     9-17-96: Ignored remove requests
networkes at savetrees.com      9-17-96: Ignored remove requests
reminders at answerme.com       9-17-96: Unsolicited ads to INTERNET addresses
reminders at savetrees.com      9-17-96: Unsolicited ads to INTERNET addresses
reminders at cyberpromo.com     9-17-96: Unsolicited ads to INTERNET addresses

salespromo at answerme.com      9-16-96: Unsolicited ads to INTERNET addresses
salespromo at savetrees.com     ""  ""         ""  ""
salespromo at cyberpromo.com    ""  ""         ""  ""
promo at answerme.com           ""  ""         ""  ""
promo at savetrees.com          ""  ""         ""  ""
promo at cyberpromo.com         ""  ""         ""  ""
info4free at answerme.com       ""  ""         ""  ""
info4free at savetrees.com      ""  ""         ""  ""
info4free at cyberpromo.com     ""  ""         ""  ""

manda at cyberpromo.com      8-28: Massive abuse to INTERNET addresses / FORGERY
manda at answerme.com        8-28: Massive abuse to INTERNET addresses / FORGERY
website at cyberpromo.com    8-27: excessive abuse to AOL / removals ignored
sevenmil at cyberpromo.com   8-27: excessive abuse / all removals ignored
sevenmil at answerme.com     8-27: ""     ""      ""     ""     ""    ""
vera at cyberpromo.com
vera at answerme.com
zol at answerme.com
website at answerme.com
allied at cyberpromo.com
allied at answerme.com
lists at cyberpromo.com
lists at answerme.com


If you have a complaint about an account that was not listed above, please
forward it to our President's personal account:  wallace at cyberpromo.com

We currently operate the following servers:
answerme.com
cyberpromo.com
omni.cyberpromo.com
gamut.cyberpromo.com

We DO NOT operate the following servers:
uunet
interramp
athens.servint
cais
postman.com
powernet
pwrsite


Cyber Promotions is *not* in business to annoy people.  We are in the
business of sending (and assisting in sending) commercial (and
noncommercial) email to people who are *not* offended by the receipt of
these messages.  Unfortunately, due to many experiences (many of which were
out of our control) we have had some problems accomplishing our goals
without upsetting some people.  We are truly sorry about that fact, and we
plan to "clean up the streets" as best as we can.

Some people have been under the impression that all email that appears to
come from cyberpromo.com, is from Cyber Promotions.  That is not true.
Most of the complaints that we have recently received have been in reaction
to people who have "autoresponders" and "virtual email addresses" on our
system.  In that case, their mail would have referenced an account on our
system, but originated from a different site.  Unfortunately, software like
Pegasus enables their mail to appear as if it came from us, driectly.  But,
their true origination is still evident in the headers.  You can determine
where it originated if you know how to decode headers.  But when doing so,
remember that Pegasus, for example, actually logs into *our* sendmail.  At
this time, the only messages that originate from Cyber Promotions, use our
proprietary Cyber Sender 2.1+ protocol which will always be indicated in
the organization: header.

Due to these "look alikes," it could appear that recipients' remove request
were being ignored.  WE DO NOT IGNORE REMOVE REQUESTS.

We now also maintain a "master" remove list of people who have asked to be
removed from all commercial mailing lists.  If you have received an email
from "Cyber Sender 2.1+", our new proprietary transport agent protocol,
then the remove features *do* work properly, now that all of the bugs have
been fixed (uppercase and lowercase now match, too).  No mail is allowed
out of our system, if the recipient's address is in our master remove list.
We currently have over 1.1 million email addresses in that file.  If you
wish to add your address to that master remove list, you can do so in two
different ways.  1.  You can send an email to remove at cyberpromo.com and
type "REMOVE ALL" in the subject or message field.  Our systems will
automatically permanently remove from our system the email address from
which you sent your request.  2.  You may also send an email to
manremove at cyberpromo.com and type as many email addresses as you wish in
the body of the message, each on its own line, without any comments.  The
subject line is ignored.  That address will also permanently remove the
addresses.  Please note: we have no control over mail that originates from
other sites, that travel through our SMTP (relay-host) servers.  We will
simply terminate any accounts that we maintain, that is referred to in
their abusive mail.


ATTENTION PRODIGY MEMBERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists.  This can be attributed
to the "alias" that your outgoing mail may contain.  If you are having
problems, please send an email to manremove at cyberpromo.com and type both of
your email addresses in the body of the message, each on its own line,
without any comments.  The subject line is ignored.  You probably have one
address like xazd35r at prodigy.com and another address like
sanford at prodigy.com.


ATTENTION PIPELINE MEMBERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists.  This can be attributed
to the "alias" that your outgoing mail may contain.  If you are having
problems, please send an email to manremove at cyberpromo.com and type your
email addresses in the body of the message, each on its own line, without
any comments.  The subject line is ignored.  You should type your email id
followed by the following THREE domains.   @usa.pipeline.com,
@pipeline.com,  @nyc.pipeline.com.  Even if you feel that your address is
definately only one of the three possibilities, you should still remove all
three addresses (each on its own line).


ATTENTION INTERNET USERS:
It has come to Cyber Promotions' attention, that some of you are having a
major problem removing yourselves from our lists.  This can be attributed
to the "alias" that your outgoing mail may contain.  If you are having
problems, please send an email to manremove at cyberpromo.com and type your
email addresses in the body of the message, each on its own line, without
any comments.  The subject line is ignored.  If your email address could
contain an alias like mail.domain.com or if you may have more that one
email address that points to another email address, you should remove them
all.  If you wish to remove *every* email address in your domain, please
contact us, and we will "grep" out every possibility.




REVISED TERMS OF SERVICE:

(We are also looking into the possibility that we may be forced to adopt
the policies of our backbone providers.  For the time being, we are
emulating their policies as best as we can while matching the needs of our
operations.)


1. We do not allow postings to inappropriate
newsgroups with reference to your account
because such postings result in *MUCH* more negative
response than positive.

2. We prohibit the advertising of offensive material
(ie. pornography, weapons, etc).

3. You may not use the account to participate in
illegal activities.

4. Our TOS strictly prohibits the sending of mass commercial
emails to INTERNET addresses, unless expressed permission
has been granted to you by the recipient.
In addition, you *must* honor all requests for removal
from your mailing list in a diligent manner.
Our service can be used in conjunction with advertisements that
you place with a bulk email company other than your
own or us, as long as they follow the same guidelines.

5.  Cyber Promotions reserves the right to terminate any account for any
reason at any time, without notice.


If you would like to send a complaint about any account @cyberpromo.com or
@answerme.com or @omni.cyberpromo.com  that has not been terminated, please
send email to: wallace at cyberpromo.com







From bgrosman at healey.com.au  Sun Nov  3 16:34:40 1996
From: bgrosman at healey.com.au (Benjamin Grosman)
Date: Sun, 3 Nov 1996 16:34:40 -0800 (PST)
Subject: ASIO encryption ?
Message-ID: <2.2.32.19961104002900.00926724@healey.com.au>


Dear All,

Does anyone happen to know what encryption methods, algorithms, or
procedures ASIO (Australian Secret Intelligence Organisation) uses? Any
information regarding ASIO's methods, cryptographic or otherwise, would be
appreciated.

Yours Sincerely,

Benjamin Grosman






From jya at pipeline.com  Sun Nov  3 16:45:37 1996
From: jya at pipeline.com (John Young)
Date: Sun, 3 Nov 1996 16:45:37 -0800 (PST)
Subject: VOO_doo
Message-ID: <1.5.4.32.19961104004426.006be7a8@pop.pipeline.com>


October 25 Science reports on the latest teleportation research
in "To Send Data, Physicists Resort to Quantum Voodoo."

It describes a laser-driven apparatus for transmitting highly
secure encoded (but not encrypted) messages via entangled
photon states.

IBM's Charles Bennett says, "as other researchers work to
harness quantum mechanics for computation and
cryptography, teleportation could become the equivalent
of a quantum mail service."

-----

http://jya.com/voodoo.htm

VOO_doo  (txt)

Science is at: http://www.sciencemag.org/






From hallam at ai.mit.edu  Sun Nov  3 17:05:10 1996
From: hallam at ai.mit.edu (hallam at ai.mit.edu)
Date: Sun, 3 Nov 1996 17:05:10 -0800 (PST)
Subject: FDA_dis
In-Reply-To: <199611031041.CAA04063@infomatch.com>
Message-ID: <9611040111.AA08631@etna.ai.mit.edu>



Without wishing to respond in detail to Hayes's drivel I'll just
point out that Shell's involvement with Nigeria is hardly beyond
question. It doesn't take a genius to realise that sanctions 
against Nigeria would hurt Shell's interest. Perhaps its just
me but I don't consider it altruism when a company acts in its
own interests. 

	Phill





From rwright at adnetsol.com  Sun Nov  3 17:09:50 1996
From: rwright at adnetsol.com (Ross Wright)
Date: Sun, 3 Nov 1996 17:09:50 -0800 (PST)
Subject: [NOISE]Re: Dr. Vulis
Message-ID: <199611040109.RAA12798@adnetsol.adnetsol.com>


On or About  3 Nov 96 at 15:44, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> > Just want to add my 2 cents.  I am also unhappy with the fact that
> > he was removed.  My personal correspondence with Vulis has been
> > friendly and he has been very helpful.
> 
> Then I suggest that Ross not remove Dimitri from his private 
> e-mail correspondence.  On this list, however, Dimitri was NOT
> friendly NOR helpful.  
> 
> Wha do Ross' or anyone else's private interactions have to do 
> with the decisions of those who pay for this list's existance?

In fact, nothing.  I just wanted to show that this coin has 2 sides.

Ross

=-=-=-=-=-=-
Ross Wright
King Media: Bulk Sales of Software Media and Duplication Services
http://www.slip.net/~cdr/kingmedia
Voice: 415-206-9906





From asgaard at Cor.sos.sll.se  Sun Nov  3 17:15:29 1996
From: asgaard at Cor.sos.sll.se (Asgaard)
Date: Sun, 3 Nov 1996 17:15:29 -0800 (PST)
Subject: anonymous oddsman
In-Reply-To: <199611022039.OAA04636@manifold.algebra.com>
Message-ID: <Pine.HPP.3.91.961104015509.23465A-100000@cor.sos.sll.se>


On Sat, 2 Nov 1996 ichudov at algebra.com wrote:

> >         | Clinton | Not currently offered by either |
> >         | Dole    |     6:1        |     10:1       |
> 
> Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell
> an obligation to pay $6 if Dole wins (they are apparently valuing it for
> this much), collecting $1. At the same time, to hedge my exposure, I go
> to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
> Dole wins, paying the $1 bill that I just got at Ladbroke's.

The problem is that Ladbroke won't take your offer, they don't
work that way. If they wanted to insure against a Dole victory
they would place some of the money they got from betters on Dole
at William Hill, at 10:1, instead of taking your offer at 6:1.
But probably they get too few bets on Dole to bother with insurance;
they do take risks. Another way of insuring themselves would have
been to offer 11/10 or something on Clinton but obviously they
don't feel they have to do that.

Asgaard





From mcleane at stu.beloit.edu  Sun Nov  3 17:49:59 1996
From: mcleane at stu.beloit.edu (Elizabeth McLean-Knight)
Date: Sun, 3 Nov 1996 17:49:59 -0800 (PST)
Subject: beth mclean-knight
Message-ID: <9611040151.AA16922@stu.beloit.edu>







From markm at voicenet.com  Sun Nov  3 18:01:56 1996
From: markm at voicenet.com (Mark M.)
Date: Sun, 3 Nov 1996 18:01:56 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <Pine.LNX.3.95.961103215353.866A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 3 Nov 1996, Will French wrote:

>   Except it's not very effective, is it, since he's still
> posting flames?  In any case, it's an admission on John
> Gilmore's part that libertarianism can't work without some
> measure of authoritarianism; the only argument is over _just how
> much_ authoritarianism we need.

It's only authoritarianism if the government is involved.  Clearly, the
government isn't involved in this matter.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMn1dFCzIPc7jvyFpAQHBfQf/Uo9yWMCsTiqP4YFUGltOEve4syhDTU+M
EuW8sshn8yaQxWu3ttjSbTbvBjFp2v/zWUmegx3GKfS/PDog97rdCYNjS9yVEEk5
GfuLjqCICq0yrUbyWcW5ZXOpWEBQWkAkoi1ehPbw3wPpfL2xwvQe392680DXJ5Zq
Ii3TFVVMAVQYPkljzrtrdtQy4q8BPJZn8byZpGSIuMBZEYzmln+hLjb15S/iZrQc
K9arzbXP7ENkagg46AOWI8ZylQ2JS9RsjbEaEBHPI3uHY54/NGHmXPEReWZXnOvo
d570tthrbA8vqJ27UTBqtP2B4MOPW+wMffgasqDbmBv4mpAr7tbMFQ==
=Rj13
-----END PGP SIGNATURE-----






From gbroiles at netbox.com  Sun Nov  3 18:17:25 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Sun, 3 Nov 1996 18:17:25 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more
Message-ID: <3.0b28.32.19961103181709.0071c978@mail.io.com>


At 03:08 PM 11/3/96 -0800, blanc <blancw at cnw.com> wrote:

>Vulis did everything to set himself up for what he got, did he not.

Indeed - my hunch is that this is the result that Vulis was determined to
get, and would have done whatever was necessary to bring it about. Now he
can cry that he is the "victim" of evil censorship, and he can wear the
white hat of virtue - notwithstanding that he consciously sought to be
censored, and has himself contributed mightily towards the (temporary)
destruction of an otherwise useful list. Now he can leave the list with his
"virtue" and his pride intact; something he could not have done had he
simply unsubscribed himself.

There are plenty of people who would have (and will) help him if he manages
to come up with something on-topic to say. But, short-term, he's gotten
what he was looking for (a chance to play victim) and we get a list with
less crap on it.

Perhaps we should have a moment of silence for Dmitri Vulis, sympathetic
victim, target of dastardly censors, paragon of virtue and righteousness.
I'll go ahead and have mine now. 

Given that John Gilmore is the source of the oft-repeated "The net sees
censorship as damage and routes around it" quote, it strikes me as unlikely
that he took the steps he did without some reflection on their meaning,
consequences, and chances of success.

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles at netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |






From declan at eff.org  Sun Nov  3 18:40:00 1996
From: declan at eff.org (Declan McCullagh)
Date: Sun, 3 Nov 1996 18:40:00 -0800 (PST)
Subject: Telling quote from Bernstein hearing
In-Reply-To: <Pine.3.89.9611022225.A214-0100000@netcom9>
Message-ID: <Pine.SUN.3.91.961103183821.8637A-100000@eff.org>


Tony Coppolino was also the Justice Department's lead attorney in the CDA 
case in Philadelphia. The Feds are grooming lawyers who have a clue about 
the Net.

-Declan



On Sat, 2 Nov 1996, Lucky Green wrote:

> In the recent hearing of the Bernstein case, Anthony Coppolino for the 
> Justice Department said:
> 
> 
> "We don't care about the theory; we don't care about
> the idea Mr. Bernstein has, which was to take a particular type
> of algorithm and use it to allow for an encrypted interactive
> conversation.  That's his idea.
> We don't care about his idea; we care about the
> result of what it can do."
> http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/
> 960920.transcript
> 
> Encrypted interactive conversations seem to be something to be concerned 
> about...They are afraid of us.
> 
> -- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred.
>    Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
>    Vote Harry Browne for President.
> 
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From declan at eff.org  Sun Nov  3 18:54:39 1996
From: declan at eff.org (Declan McCullagh)
Date: Sun, 3 Nov 1996 18:54:39 -0800 (PST)
Subject: Private censorship or free speech?
In-Reply-To: <199611031617.RAA18700@internal-mail.systemics.com>
Message-ID: <Pine.SUN.3.91.961103184429.8637C-100000@eff.org>


With the right to speak freely comes the right to decline to speak. John, 
as the owner of the computer maintaining the cypherpunks list, has the 
right to decline to speak and to kick off a user who violates the 
covenant of the mailing list.

The kicked-off user has the right to start his own mailing list with
different standards. If he likes, he can establish the rules as a type of
contract to which participants must agree. And observers can criticize
either or both of them. 

Is this censorship, double standards, and hypocrisy? I think not.

I say this as someone who has no animus towards Vulis. I've communicated
with him cordially in private email. 

-Declan


On Sun, 3 Nov 1996, Gary Howland wrote:

> > But there's probably a logical reason for taking this "action", although it can
> > apparently be easily circumvented, even though many of us don't understand what
> > that logic could be.
> 
> Yes.  If only you knew what they knew ... :-)
> 
> The mail filter is dead! Long live censorship, double standards and hypocrisy!
> 
> Gary
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From tfs at adsl-122.cais.com  Sun Nov  3 19:22:39 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Sun, 3 Nov 1996 19:22:39 -0800 (PST)
Subject: [NOISE] Vulis, Censorship on cypherpunks & all this b.s.
Message-ID: <9611040322.AA18254@adsl-122.cais.com>



After reading about the great moral indignation & general dispeptitude
people seem to be finding over Dimitri's removal, I basicly have
one response.

Get a life.

I mean really, the guy was (and is) freakin intolerable. He just caused
major noise on the list and that's about all.

The bottom line is that his removal just makes the list a more
sane, less crap filled place.

As for all the upset & indignation, well jesus, like you people can't
find better things to get indignant about? How bout spending the
same amount of time writing to your congressman about the bletcherous
crypto policies being promoted by government facists? Or the same
amount of time on sticking an html interface to an anon remailer
in your web page... etc. 

It just comes across as sanctimonious and incredibly irrelivant b.s.
for people to be "upset" in any way over some nitwit being jerked
off the list after he's been given far, far, more reasonable alternatives
than to act the way he had been.


Tim








From wfrench at interport.net  Sun Nov  3 19:27:06 1996
From: wfrench at interport.net (Will French)
Date: Sun, 3 Nov 1996 19:27:06 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <199611040326.WAA15698@interport.net>


> It's only authoritarianism if the government is involved. 
> Clearly, the government isn't involved in this matter.

  Until now, I'd considered the list as a model of a libertarian
society, with the listowner as the government.  My point is that
if a mailing list (where physical force is generally not a
factor) can't be run without arbitrary sanctions against
members, how could anyone ever hope for a whole society, with a
real, gun-toting government, to run that way?


Will French  <wfrench at interport.net>





From dthorn at gte.net  Sun Nov  3 19:27:15 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 3 Nov 1996 19:27:15 -0800 (PST)
Subject: [NOISE]Re: Dr. Vulis
In-Reply-To: <199611031759.JAA05324@adnetsol.adnetsol.com>
Message-ID: <327D5E70.69B5@gte.net>


Ross Wright wrote:
> On or About  3 Nov 96 at 14:46, Derek Bell wrote:
> >  I'm not happy with the barring of Vulis from the list

> Just want to add my 2 cents.  I am also unhappy with the fact that he was removed.
> My personal correspondence with Vulis has been friendly and he has been very helpful.

Someone (Gilmore?) mentioned new subscribers being a problem, not knowing how to filter
and so on.  Would periodic postings for new subscribers, in addition to the initial
welcome message, be a possible solve for this?

Please don't curse me for this next idea, as I'm not really familiar with what goes on
on a mail server:  How about if everyone could send to the list with the subject line
containing in [] brackets one of several strings from a list maintained by the server,
examples being [NOISE], [RANT], [CRYPTO], [NEWS] etc., and for postings without one of
the selections, the line could default to [NOISE] or whatever.

I don't mean to propose anything heavy-handed, but there ought to be a way to apply
a *little* more technology to get a *little* cleaner list, without impeding the "lower 
end" of the signal.  Unless, of course, there are other technical or personal reasons
for blocking the "Doctor" that I'm not aware of.






From richieb at teleport.com  Sun Nov  3 19:35:57 1996
From: richieb at teleport.com (Rich Burroughs)
Date: Sun, 3 Nov 1996 19:35:57 -0800 (PST)
Subject: Telling quote from Bernstein hearing
Message-ID: <3.0.32.19961103193619.006913a4@mail.teleport.com>


At 06:39 PM 11/3/96 -0800, Declan wrote:
>Tony Coppolino was also the Justice Department's lead attorney in the CDA 
>case in Philadelphia. The Feds are grooming lawyers who have a clue about 
>the Net.

Actually, Coppolino mentioned the CDA in the Bernstaein hearing.  I haven't
gone through the transcript, but the gist of his point was that, while the
Judges in Philly had found that the CDA was prior restraint, ITAR was not
(or something similar).

I did not find his arguments very persuasive -- he seemed stuck on the idea
that crypto is not speech, when that had already been ruled against by
Judge Patel.

He may have been trying to make the record clear, for possible appeal.


Rich






From froomkin at law.miami.edu  Sun Nov  3 20:14:57 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Sun, 3 Nov 1996 20:14:57 -0800 (PST)
Subject: Looking for post on possible Law Articles
In-Reply-To: <199611010310.VAA16259@mail.execpc.com>
Message-ID: <Pine.SUN.3.95.961103231739.2327O-100000@viper.law.miami.edu>


http://www.law.miami.edu/~froomkin/seminar

might be what you mean?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From ichudov at algebra.com  Sun Nov  3 20:36:30 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sun, 3 Nov 1996 20:36:30 -0800 (PST)
Subject: anonymous oddsman
In-Reply-To: <1.5.4.32.19961103102631.0039bfa4@popd.ix.netcom.com>
Message-ID: <199611040431.WAA16905@manifold.algebra.com>


stewarts at ix.netcom.com wrote:
> 
> At 04:55 PM 11/2/96 -0600, you wrote:
> >Igor Chudov @ home wrote:
> >> >               Prices @ 09:21 GMT Sat 2nd Nov 96
> >> >         +---------+----------------+----------------+
> >> >         |         |  Ladbroke's    | William Hill   |
> >> >         +---------+----------------+----------------+
> >> >         | Clinton | Not currently offered by either |
> >> >         | Dole    |     6:1        |     10:1       |
> >> 
> >> Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell
> >> an obligation to pay $6 if Dole wins (they are apparently valuing it for
> >> this much), collecting $1. At the same time, to hedge my exposure, I go
> >> to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
> >> Dole wins, paying the $1 bill that I just got at Ladbroke's.
> >> If bob dole loses, I lose nothing. If he wins, I make $4 out of air.
> >> I wonder why the beting markets are so imperfect.
> 
> Unless I've been misinterpreting the charts, you can't do it.
> You can go to Ladbroke's and put down a pound on Dole, 
> and if Dole wins they'll give you 6.  But if you want to bet that
> Dole will lose and Clinton will win, they'll tell you
> "Of course that's going to happen, silly.  Keep your money."
> Both houses are still willing to take the risk that Dole will win
> and give you odds on it; neither house is willing to take any 
> additional risk involving paying people money if Clinton wins;
> they've found all the takers they want for that.

If I am not mistaken, your objection has merit. My argument, however,
does not require one of the houses (Ladbroke's) accepts the reverse bets
(which pay me money of Clinton wins). My argument runs like this. There
are persons hanging around Landbroke who apparently think that if they
give Landbroke $1 in return for the promise to pay them $6 if Dole wins,
they get a good deal.

It is these people together with "William Hill" whom we exploit.

What I do is the following: I go to the Ladbroke's and offer to pay the
gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
traders gamblers see a better deal than Ladbroke's offers, and
give me their $1 bills. This is very simple.

I take their $1 bills and run to "William Hill", where I take another
side of the bet. 

If Clinton wins, I get nothing and lose nothing. If Dole wins, I gain
$3.99 on every bet that these suckers agreed to make with me.

That was the essense of arbitrage that I propose.

Again, as I said, there is a way to make sure money on this 
situation, that is, to make money even if Klinton wins.

The arbitrage strategy is the following: as before, I go to the
Ladbroke's and offer to pay them not $6, but $6.01 if Dole wins.
I take their $1 bills and go to "William Hill". I buy, however, LESS
bets than dollar bills that I received. In particular, I buy 
$6.01 / $10.00 bets for each dollar that I receive.

The remaining money $1(1-6.01/10) I simply take to my bank. This money
is mine: if Clinton wins, nobody gets anything; if Dole wins, I get
exactly enough money from "William Hill" to pay off my debts to the
gamblers at Ladbroke's.

	- Igor.





From Adamsc at io-online.com  Sun Nov  3 20:41:09 1996
From: Adamsc at io-online.com (Adamsc)
Date: Sun, 3 Nov 1996 20:41:09 -0800 (PST)
Subject: Discrete logs 1 [non-cryptography related annecdote] [NOISE]
Message-ID: <19961104043919703.AAA230@localhost>


On Sun, 03 Nov 1996 09:36:32 -0800, Dale Thorn wrote:


>> >properties than regular logarithms, but I thought this bit of history
>> >would spark some memories in old-timers and give a new perspective for
>> >younger people.
>[snip]
>> The same thing goes on with SATs and especially SAT-IIs.   Some higher-end
>> calculators, esp. HPs, have plugin cartridges which automate much of the
>> basic work in chemistry, physics, etc.  I never saw anyone who used such
>> things even get asked about it.  Do we even need social engineering with
>> people this stupid?
>Technology has a base, much like a pyramid.  When you add enough layers, you can't
>find very many people who can traverse top to bottom and understand all of what's
>in between.
How true...
>I consider it a miracle when a student has the quality of consciousness to buck the
>trend and get themself a quality instrument (such as an HP-48SX/GX), since once they
>do that, they might be encouraged to explore further.

Were this the way it actually happened, I'd tend to agree.  However, the
group that bought high-end calculators solely to do things like this was
proably about 50-60% of the total.


#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From Adamsc at io-online.com  Sun Nov  3 20:43:57 1996
From: Adamsc at io-online.com (Adamsc)
Date: Sun, 3 Nov 1996 20:43:57 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <19961104044209687.AAA199@localhost>


On Sun, 3 Nov 1996 18:54:16 -0500 (EST), Will French wrote:

>  Except it's not very effective, is it, since he's still
>posting flames?  In any case, it's an admission on John
>Gilmore's part that libertarianism can't work without some
>measure of authoritarianism; the only argument is over _just how
>much_ authoritarianism we need.
  
>  I'm quite upset about this.  Up to now I was able to tell
>people that "there is at least one mailing list on the net that
>functions in a completely open manner".  No more.

This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list. 
There is no obligation to accept anyone.

#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From roach_s at alph.swosu.edu  Sun Nov  3 20:52:32 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Sun, 3 Nov 1996 20:52:32 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
Message-ID: <199611040452.UAA11245@toad.com>


A quick note, I consider myself to be a nerd.  This is in part "reclaiming",
as I found myself uninterested in sports, as my classmates were, and found
computers fun.(good reason too, considering I had access to one of those, an
old TI99/4, longer than I had classmates).  I didn't grow up un either log
tables or slide rules, but I did learn how to do basic arithmetic on both
the traditional slide rule, and a round one designed for engineers.  At one
time, nerds were the intellectuals, the only thing that has really changed
is that now the nerds are in control, making intellectual arts a little more
appealing.  I'm only a 21 year old college student who is still somewhat
ignorant, make that quite ignorant, about the world, but I do feel that just
because it was an unpopular term to describe you, it isn't disrespectful to
consider ourselves nerds.  Relevance to Crypto, none.  Just attempting to
defend myself in the ether.






From osquigle at midway.uchicago.edu  Sun Nov  3 21:15:18 1996
From: osquigle at midway.uchicago.edu (Sam Quigley)
Date: Sun, 3 Nov 1996 21:15:18 -0800 (PST)
Subject: free SSL CAs?
Message-ID: <Pine.GSO.3.95.961103231441.3151I-100000@kimbark.uchicago.edu>



Are there any free Certificate Authorities for SSL?
I've got a Stronghold server running, and I don't particularly want to pay
Verisign/Thawte's high prices, but I do want to be able to do real SSL.
I've set up my own CA, and given myself my own cert., but having the same
server you're interacting with being the one that's the CA for the
transaction leaves the setup open to man-in-the-middle attacks (I'd think,
at least...).

So, who do I turn to for a cert.?  I don't need amazingly trusted or
trustworthy security -- maybe just some third party whose site is unlikely
to have been compromised, etc...

Please respond by email: I've moved to coderpunks, and so won't see
replies on cypherpunks.

thanks,
-sq







From gbroiles at netbox.com  Sun Nov  3 21:26:02 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Sun, 3 Nov 1996 21:26:02 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <3.0b28.32.19961103211007.006be6c0@mail.io.com>


At 06:54 PM 11/3/96 -0500, Will French wrote:

>  I'm quite upset about this.  Up to now I was able to tell
>people that "there is at least one mailing list on the net that
>functions in a completely open manner".  No more.

This is an easy problem to solve. Run your own list, you can set the
policies. There are service providers who will set up/maintain mailing
lists for you. If you can't find one, and "quite upset" means >$200/month
to you, let me know, and I'll set one up for you. Mailing lists aren't
exactly rocket science.

Actually, I'm curious exactly how much money "quite upset" means to you.
Perhaps you and the others who are also upset can buy Dmitri his own
mailing list. You can even subscribe your list to the cypherpunks list, and
advertise it as "total freedom cypherpunks", so that subscribers to your
list get everything on cpunks, plus Vulis' helpful commentaries.

The lesson to learn from this is not "all people are essentially
authoritarian" but "one jerk can ruin something good for 1500+ people."
Just one turd in the punchbowl, and all that. Doesn't matter if the turd
has a PhD, nobody wants any punch. When one person does something which
inconveniences or annoys many people (over and over, intentionally) it's
unsurprising (and not even "authoritarian", in any useful sense of the
word) that someone gets sick of it and tries to correct the situation.
Freedom isn't just for assholes; and the name for someone who won't take
care of himself (or his mailing list) isn't "friend of liberty", it's
"pushover". 

--
Greg Broiles                |  "We pretend to be their friends,
gbroiles at netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |






From ichudov at algebra.com  Sun Nov  3 21:43:46 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sun, 3 Nov 1996 21:43:46 -0800 (PST)
Subject: Political Derivative Securities
In-Reply-To: <Pine.HPP.3.91.961104015509.23465A-100000@cor.sos.sll.se>
Message-ID: <199611040446.WAA16999@manifold.algebra.com>


Asgaard wrote:
> 
> On Sat, 2 Nov 1996 ichudov at algebra.com wrote:
> 
> > >         | Clinton | Not currently offered by either |
> > >         | Dole    |     6:1        |     10:1       |
> > 
> > Whew! They are wide open for arbitrage! Suppose that at Ladbroke I sell

I meant "I go to Ladbroke and sell it to people hanging out there" 
-- see below.

> > an obligation to pay $6 if Dole wins (they are apparently valuing it for
> > this much), collecting $1. At the same time, to hedge my exposure, I go
> > to "William Hill", and purchase their obligation to pay _me_ $10 if Bob
> > Dole wins, paying the $1 bill that I just got at Ladbroke's.
> 
> The problem is that Ladbroke won't take your offer, they don't
> work that way. If they wanted to insure against a Dole victory
> they would place some of the money they got from betters on Dole
> at William Hill, at 10:1, instead of taking your offer at 6:1.
> But probably they get too few bets on Dole to bother with insurance;
> they do take risks. Another way of insuring themselves would have
> been to offer 11/10 or something on Clinton but obviously they
> don't feel they have to do that.

Seems like you see the problem yourself: obviously Ladbroke gets a free
ride since they can simply insure themselves by placing offsetting
bets at William Hill.

My argument, however, does not require one of the houses (Ladbroke's)
accepts the reverse bets (which pay me money of Clinton wins). My
argument runs like this: There are persons hanging around Landbroke who
apparently think that if they give Landbroke $1 in return for the
promise to pay them $6 if Dole wins, they get a good deal.

It is these people together with "William Hill" whom we exploit.

What I do is the following: I go to the Ladbroke's and offer to pay the
gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
gamblers see a better deal than Ladbroke's offers, and give me their $1
bills. This is very simple.

I take their $1 bills and run to "William Hill", where I take another
side of the bet. 

If Clinton wins, I get nothing and lose nothing. If Dole wins, I gain
$3.99 on every bet that these suckers agreed to make with me.

That was the essense of arbitrage that I propose.

Again, as I said, there is a way to make sure money on this 
situation, that is, to make money even if Klinton wins.

The arbitrage strategy is the following: as before, I go to the
Ladbroke's and offer to pay them not $6, but $6.01 if Dole wins.
I take their $1 bills and go to "William Hill". I buy, however, LESS
bets than dollar bills that I received. In particular, I buy 
$6.01 / $10.00 bets for each dollar that I receive.

The remaining money $1(1-6.01/10) I simply take to my bank. This money
is mine: if Clinton wins, nobody gets anything; if Dole wins, I get
exactly enough money from "William Hill" to pay off my debts to the
gamblers at Ladbroke's.

Of course, if gamblers could compare prices and choose gambling houses
easily, no one would ever buy these bets from Ladbroke (unless they are
crazy).

This situation means that there is some market imperfection that 
does not allow arbitrage. It is not clear, though, what this
imperfection is.

It got me thinking about the following: someone oughtta make money by
selling "political derivative securities". For example, a bank could
issue Pro-Dole option contracts with a promise to pay the holder of the
contract $1000 if Bob Dole wins elections. These contracts could be
traded at, for example, CBOE, just as any other standard derivative
securities.

I see no real difference between a stock serving as an underlying
security, and an outcome of a political event serving as an underlying
security. There can be legitimate reasons for businesses to hold these
"political derivative securities". For example, businesses may hold them
to hedge their exposure to predictable changes in interest rates that
depend on the election outcomes.

Has this been done?

        - Igor.





From gcg at pb.net  Sun Nov  3 21:50:15 1996
From: gcg at pb.net (Geoffrey C. Grabow)
Date: Sun, 3 Nov 1996 21:50:15 -0800 (PST)
Subject: Press Release: Atalla Agreement with RSA
Message-ID: <3.0b36.32.19961104004902.006b6b10@mail.pb.net>


ATALLA INKS AGREEMENT WITH RSA DATA SECURITY INC. TO
PROVIDE OPEN CRYPTO-API FOR NEW SET INTERNET PAYMENTS TOOLKIT

Atalla's PayMaster Internet Security Processor (ISP)
will provide enhanced SET performance and secure key
management capabilities for new RSA toolkit-based applications

SAN JOSE, CA -November 4, 1996- Atalla, a Tandem Company
(r), today announced that it has signed an agreement with RSA
Data Security Inc., to develop an open Application Programming
Interface (API) that will become a key component of RSA's new
SET payments toolkit. The suite of tools from RSA is being built
to enable developers to deploy secure SET-capable applications
quickly, with transparent access to the strongest commercial
Internet security functionality.

The new API developed by Atalla, will access the
command set to Atalla's PayMaster Internet Security Processor
(ISP) product to accelerate SET protocol performance and to
manage cryptographic keys securely. The new SET Toolkit suite
from RSA is designed to provide banks, cardholders, merchants
and application providers with the ability to deploy secure SET-
based applications without specialized cryptographic expertise.
Atalla will be one of seven companies that will support the RSA
SET toolkit. The other companies are Open Market Inc., NEC,
Netscape, Tandem Computers Inc., Verifone and Verisign.

The SET protocol specifies how cardholders, merchants,
issuing banks and acquiring banks will interact to ensure secure
payment processing over the Internet. SET relies on specially
developed encryption technology from RSA Data Security Inc.,
and has been adopted by Visa and MasterCard to secure credit card
transactions, authorization and settlement information over
public networks such as the Internet.

"The development of the SET protocol was an important
milestone in securing commerce over the Internet." said Robert
Gargus, president and general manager of Atalla.  "We believe
that the combination of new, RSA-based SET  tools and the strong
security functionality and high throughput provided by our Atalla
PayMaster Internet Security Processor will now help transform
public networks such as the Internet, into a secure, high-
performance payments infrastructure that banks, merchants and
cardholders will trust."

"We consider integration with the Atalla PayMaster ISP a
critical feature of the RSA SET developer's suite," said Jim Bidzos,
president of RSA Data Security, Inc.  "The Atalla PayMaster, in
combination with RSA,  will now allow for cost-effective, high-
volume SET application servers through greatly improved
performance for the underlying cryptography and strong physical
protection for private keys.  We believe this will overcome a
major barrier to the adoption of secure electronic commerce on
the Internet."

Atalla's PayMaster ISP product was designed specifically to
manage the cryptographic requirements specified by the SET
protocol.  The protocol requires multiple public key operations for
each SET transaction.  The Atalla PayMaster ISP product offloads
these computationally-intensive tasks from server CPUs and
isolates private information intended solely for merchants from
private information intended solely for banks. This ensures that
data cannot be altered at any point in the network, and accelerates
the required SET -specified public-and-private key operations.
Atalla's PayMaster ISP also provides RSA and DES-based
cryptography to provide a high-performance bridge from the
Internet to private networks such as the Bank Payments network.

About Atalla (a Tandem Company)
Atalla (a Tandem Company) brings nearly 25 years of
experience securing commerce over private networks to the public
networks and the Internet/Intranet arena. The company's
products include industry-leading hardware-based security
processors for the Internet, Intranet and the bank transfer
networks, POS/POE (point-of-sale/point-of-entry) credit /debit
payment terminals, customer authorization and PIN selection
terminals, and secure enrollment products for banking, retailing
and government applications. An estimated 70 percent of all ATM
transactions in North America (estimated value: $1.4 trillion
daily) are secured by Atalla's specialized security processor
products. Atalla is headquartered at 2304 Zanker Road, San Jose
CA 95131. Phone: (408) 435-8850. Fax (408) 435-1116. The company's
website is located at www.atalla.com.

Tandem, Atalla, PayMaster, and the Tandem logo are trademarks
or registered trademarks of Tandem Computers Incorporated in
the United States and/or other countries. All other brand names
are trademarks or registered trademarks of their respective
companies.

 
                                                     G.C.G.

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 | Geoffrey C. Grabow       |      Great people talk about ideas.       |
 | Oyster Bay, New York     |     Average people talk about things.     |
 | gcg at pb.net               |      Small people talk about people.      |
 |----------------------------------------------------------------------|
 |     PGP 2.6.2 public key available at http://home.pb.net/~gcg      |
 |          and on a plethora of key servers around the world.          |
 |                          Key ID = 0E818EC1                           |
 |   Fingerprint =  A6 7B 67 D7 E9 96 37 7D  E7 16 BD 5E F4 5A B2 E4    |
 |----------------------------------------------------------------------|
 | That which does not kill us, makes us stranger.   - Trevor Goodchild |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





From snow at smoke.suba.com  Sun Nov  3 21:59:37 1996
From: snow at smoke.suba.com (snow)
Date: Sun, 3 Nov 1996 21:59:37 -0800 (PST)
Subject: FDA_dis
In-Reply-To: <9611040111.AA08631@etna.ai.mit.edu>
Message-ID: <199611040615.AAA06232@smoke.suba.com>


> 
> Without wishing to respond in detail to Hayes's drivel I'll just
> point out that Shell's involvement with Nigeria is hardly beyond
> question. It doesn't take a genius to realise that sanctions 
> against Nigeria would hurt Shell's interest. Perhaps its just
> me but I don't consider it altruism when a company acts in its
> own interests. 

     I don't consider altruism an intelligent trait--at least as you seem to
send define altruism. 







From shamrock at netcom.com  Sun Nov  3 22:01:17 1996
From: shamrock at netcom.com (Lucky Green)
Date: Sun, 3 Nov 1996 22:01:17 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <Pine.3.89.9611032113.A14631-0100000@netcom9>


You really, I mean *really*, need to read up on the fundamentals of 
libertarianism. Because you don't seem to have any idea what 
libertarianism is all about.

Sigh,
-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.


On Sun, 3 Nov 1996, Will French wrote:

>   Except it's not very effective, is it, since he's still
> posting flames?  In any case, it's an admission on John
> Gilmore's part that libertarianism can't work without some
> measure of authoritarianism; the only argument is over _just how
> much_ authoritarianism we need.
>   
>   I'm quite upset about this.  Up to now I was able to tell
> people that "there is at least one mailing list on the net that
> functions in a completely open manner".  No more.
> 
> 
> Will French  <wfrench at interport.net>
> 





From blancw at cnw.com  Sun Nov  3 22:05:51 1996
From: blancw at cnw.com (blanc)
Date: Sun, 3 Nov 1996 22:05:51 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <01BBC9D3.2C218FA0@king1-23.cnw.com>


From:	Will French

.........In any case, it's an admission on John
Gilmore's part that libertarianism can't work without some
measure of authoritarianism; the only argument is over 
_just how much_ authoritarianism we need.
..............................................


Well, as Ludwig von Mises [an economist] would put it, "The issue is not _some_ authoritarianism vs _no_ authoritariansim, but *whose* authoritarianism."

Libertarianism is about individual authority.  John Gilmore acted as the individual that he is.   If he shouldn't act upon under his own authority, he being in the position that he is relative to the existence of the cpunks, then the list doesn't represent libertarian ideals.

The list is not an institution representing a philosophy to which all participants must subordinate themselves.   Au contraire, it represents an opportunity for the free exercise of reason and one's personal judgement.   I think this has been a good example of that.  (obviously the venerable and computer-knowledgeable Dr. Vulius can find ways to sneak back in and continue to play his fun games, thus evidencing _his_  .... judgement.)

   ..
Blanc







From Claborne at CYBERTHOUGHT.com  Sun Nov  3 22:09:13 1996
From: Claborne at CYBERTHOUGHT.com (Christian Claborne)
Date: Sun, 3 Nov 1996 22:09:13 -0800 (PST)
Subject: San Diego CPunk Physical meet this Thursday
Message-ID: <3.0.32.19961103114155.00594ff8@cyberthought.com>


-----BEGIN PGP SIGNED MESSAGE-----

This Thursday!!!

San Diego Area CPUNKS symposium  Thursday, Nov. 7, 1996.

   Invitation to all Cypherpunks to join the San Diego crowd at "The Mission
Cafe & Coffee Shop".  We discuss cryptography and other related subjects, have
the special cypherpunk dinner, and unwind after a long day at the grind stone.

   Don't forget to bring your public key  fingerprint.  If you can figure out
how to get it on the back of a business card, that would be cool.  If you want
the suspicious crowd there to sign your key, bring two forms of ID.

   Michelle is going to bring her PGP fingerprint in for signature.  Can you
believe it?

   Hopefully Lance Cottrell will give us an update on Mixmaster and what's
going on at San Diego's best ISP.  

   This will probably be the last symposium of the year since December is
normally quite crazzzzy.  
   
Place: The Mission Cafe & Coffee Shop
       3795 Mission Bl in Mission Beach.
       488-9060


Time:1800

Their Directions:
	8 west to Mission Beach Ingram Exit
	Take west mission bay drive
	Go right on Mission Blvd.

	On the corner of San Jose and mission blvd.
	It is located between roller coaster and garnett.
	It's kind of 40s looking building...  funky looking 
        (their description, not mine)

They serve stuff to eat, coffee stuff, and beer + wine stuff.

See you there!

New guy, bring your fingerprint.

Drop me a note if you plan to attend... 

NOTE: My primary e-mail address has changed to use my own domain.  You can 
reach me at "claborne at cyberthought.com". Permanently replace any other address
that you may have for me.  I am currently not subscribed to the CP list since
my current internet connection is slow (I'm waiting for my ISDN connection. :)

      2
  -- C  --

-----BEGIN PGP SIGNATURE-----
Version: 4.0 Personal Edition

iQEVAgUBMnz1eYP1MBWQ+9udAQEWiQf+MaNcptFKcb/VPDabtXn8cnfmGsQn3h0R
mzFIiXcHzh+OG2JfaX/oKR7wXFbhTMbKX9EbnFz0/IZeRZx9EO9Q3IrXUXyzZLBg
lSYKEs+cyUZc/3IIpRVXgD1PrUEjyjKkss3U9KQgsQpl8+E6vlefQkCdHpR/v7kZ
T1GyE3LqP+GAmr0M52kQeLKdyW3Ev6YVr5VTaxFz2uXePdJkUXXNvAE/V+UjdZn8
4dB6Y3P/JTBzxdfF6KCcdGttoq65JEfQYBjuxi9OSSkmS4vAfy36gUjQf6oiNgJX
JyvxTxn8MQ46/ggqsL0IprnwFX0S/VV+JjAMmIO4Tw8mOBFSDmGDWA==
=D1nQ
-----END PGP SIGNATURE-----

                              ...  __o
                             ..   -\<,
Claborne at CYBERTHOUGHT.com    ...(*)/(*)._ Providing thoughts on 
					  your computing needs.
http://www.CYBERTHOUGHT.com/cyberthought/
PGP Pub Key fingerprint =  7E BF 38 3F 24 A7 D1 B0  54 44 96 AA 10 D0 5D 51
Avail on Pub Key server.  PGP-encrypted e-mail welcome!
Dreams.  They are just a "screen saver" for the brain.





From kwit at iap.net.au  Sun Nov  3 22:22:56 1996
From: kwit at iap.net.au (kwit at iap.net.au)
Date: Sun, 3 Nov 1996 22:22:56 -0800 (PST)
Subject: beth mclean-knight
In-Reply-To: <9611040151.AA16922@stu.beloit.edu>
Message-ID: <327D1A6F.6BB8@iap.net.au>


Elizabeth McLean-Knight wrote:





From shamrock at netcom.com  Sun Nov  3 22:29:07 1996
From: shamrock at netcom.com (Lucky Green)
Date: Sun, 3 Nov 1996 22:29:07 -0800 (PST)
Subject: free SSL CAs?
In-Reply-To: <Pine.GSO.3.95.961103231441.3151I-100000@kimbark.uchicago.edu>
Message-ID: <Pine.3.89.9611032210.A14631-0100000@netcom9>


I don't think that their CA software is free, but they do have a free demo 
version. http://www.xcert.com


-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.


On Sun, 3 Nov 1996, Sam Quigley wrote:

> 
> Are there any free Certificate Authorities for SSL?
[...]





From frantz at netcom.com  Sun Nov  3 22:30:29 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 3 Nov 1996 22:30:29 -0800 (PST)
Subject: Dr. Vulis
Message-ID: <199611040630.WAA02244@netcom6.netcom.com>


As I put on my flame resistant suit...

IMHO, most of the posts about John Gilmore's action re: Dr. Vulis are
seriously miss-analyzing what has happened.  As far as I can tell, John
instructed his Majordomo to refuse subscription requests to cypherpunks
from Dr. Vulis.  That is all that John has done.  What John has not done
is:

(1) John has not censored Dr. Vulis.  He is still free to speak to
cypherpunks by posting in the normal manner.

(2) John as not turned to the courts as some others have suggested. 
Turning to the courts would certainly not be the way a cryptoanarchist
would handle the situation.

The best paradigm I can come up with to analyze John's action is my quite
imperfect understanding of communitarian theory.  In essence,
communitarians say that there should be a level of social control between
individual rights and the forceful coercion of the state.  What John has
done is step forward and excommunicate Dr. Vulis.  He has said to Dr.
Vulis, "You are no longer a member of the cypherpunks community."

I would love to hear how people feel this action fits in to the
cryptoanarchy, libertarian utopias we frequently discuss.  E.g. Why is it
not a perfectly reasonable action for some one to take in an anarchy?


-------------------------------------------------------------------------
Bill Frantz       | Tired of Dole/Clinton?     | Periwinkle -- Consulting
(408)356-8506     | Vote 3rd party.  I'm       | 16345 Englewood Ave.
frantz at netcom.com | Voting for Harry Browne    | Los Gatos, CA 95032, USA







From hua at chromatic.com  Sun Nov  3 23:08:51 1996
From: hua at chromatic.com (Ernest Hua)
Date: Sun, 3 Nov 1996 23:08:51 -0800 (PST)
Subject: Senator Goodlatte's warning (from IEEE Software article, Nov, 1996)
Message-ID: <199611040707.XAA20047@ohio.chromatic.com>


>From IEEE Software, Nov, 1996, page 103, 2nd column:

"Key Decisions Likely On Encryption Exports" by Stephen Barlas

    In fact, should he win, Clinton may go on the offensive.
    Goodlatte, whose bill is the House companion (HR 3011) to the
    Burns bill, said the Clinton administration told him that if the
    computer industry does not agree to a key management
    infrastructure, the President will seek legislation forcing
    Americans to use only encryption to which the government has
    access.

Of course, this intention (to outlaw all non-GAK/KRAP) has been the
desires of FBI/CIA/NSA all along, so no big surprise.  I just would
hate to see Congressional leaders cave in because of the "threat" of
the administration's bozos attempting to introduce more restrictive
legislation.  The old "if we want 5, we demand 10, and we'll get 5 in
the compromise" plan is really screwy and dishonest.

Ern





From wombat at mcfeely.bsfs.org  Sun Nov  3 23:14:29 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Sun, 3 Nov 1996 23:14:29 -0800 (PST)
Subject: anonymous oddsman
In-Reply-To: <199611040431.WAA16905@manifold.algebra.com>
Message-ID: <Pine.BSF.3.91.961104010409.8087C-100000@mcfeely.bsfs.org>



> 
> It is these people together with "William Hill" whom we exploit.
> 
> What I do is the following: I go to the Ladbroke's and offer to pay the
> gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
> traders gamblers see a better deal than Ladbroke's offers, and
> give me their $1 bills. This is very simple.
> 
> I take their $1 bills and run to "William Hill", where I take another
> side of the bet. 
> 

Or Ladbroke's takes their bet for $6, and goes to Willaim Hill, and takes 
out a bet ...  :)

-r.w.






From stewarts at ix.netcom.com  Mon Nov  4 00:35:14 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Mon, 4 Nov 1996 00:35:14 -0800 (PST)
Subject: anonymous oddsman
Message-ID: <1.5.4.32.19961104083318.005ed560@popd.ix.netcom.com>


>What I do is the following: I go to the Ladbroke's and offer to pay the
>gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
>traders gamblers see a better deal than Ladbroke's offers, and
>give me their $1 bills. This is very simple.
>I take their $1 bills and run to "William Hill", where I take another
>side of the bet. 
> In particular, I buy $6.01 / $10.00 bets for each dollar that I receive.
> The remaining money $1(1-6.01/10) I simply take to my bank.


Ah.  If you can exploit\\\\\\\ provide arbitrage services for these folks,
go ahead.  You'd probably need to offer them $7-8 to deal with
the difference in reputation between you and Ladbroke's, 
but assuming you can get customers and nobody breaks your legs, you do win.
One reason the market isn't more efficient is that it's only being 
played once, and the odds are pretty lopsided, since Dole really has no chance.
What's more interesting is that Ladbroke's aren't doing this themselves -
if they're not.  In a repeated game, or a closer one, the odds would probably
tend to be the same at both houses.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.






From joe at connect.ab.ca  Mon Nov  4 01:27:25 1996
From: joe at connect.ab.ca (Joe Robinson)
Date: Mon, 4 Nov 1996 01:27:25 -0800 (PST)
Subject: [NOISE] Censorship of Dr. Vulius
Message-ID: <2.2.32.19961104092840.006fda90@portal.connect.ab.ca>


I regret that after lurking for so long my first post is related to this....

Sandy Sandfort <sandfort at crl.com> wrote:
>
> The short answer is, No.  More specifically, we constantly have
> a stream of new readers sampling Cypherpunks.  Some are 
> technically sophisticated; some are not.  In either case, new
> readers do not have the historical perspective not to fall for
> Dimitri's big lies.  Nor do they have any way of know what an
> abberation his sort of behavior is on this list.  "So this is
> what Cypherpunks are like," would be a sad, but understandable
> misinterpretation of what we're all about.  What John did was 
> appropriate.

        While it is true that Cypherpunks IS a much sampled list, it's my
opinion that the distribution in the level of education among subscribers is
rather skewed.  I therefore believe that the "average" subscriber to this
list would be intelligent and competent enough to form their own conclusions
regarding the validity of the opinions expressed by anyone.
        I like to believe that the labels I assign to groups are based on a
representative sampling of the given population, not by the sampling a
select few.  It's again my opinion that if others can't do that, and
<cliche>judge books by their covers</cliche>, it's their loss.

and Greg Broiles <gbroiles at netbox.com> mentioned:
> [relevant, well thought-out stuff snipped]
>
>Given that John Gilmore is the source of the oft-repeated "The net sees
>censorship as damage and routes around it" quote, it strikes me as unlikely
>that he took the steps he did without some reflection on their meaning,
>consequences, and chances of success.

        I'm sure that the decision wasn't made hastily or lightly.  It
doesn't change anything though - the damage is done.  If even one person
doubts the credibility or integrity of either John or the list, then Dr.
Vulius has won.

and finally, Declan McGullagh <declan at eff.org> said:
>
>With the right to speak freely comes the right to decline to speak. John, 
>as the owner of the computer maintaining the cypherpunks list, has the 
>right to decline to speak and to kick off a user who violates the 
>covenant of the mailing list.
>
>The kicked-off user has the right to start his own mailing list with
>different standards. If he likes, he can establish the rules as a type of
>contract to which participants must agree. And observers can criticize
>either or both of them. 
>
>Is this censorship, double standards, and hypocrisy? I think not.

        The problem lies in determining who defines the protocols and
punishments, especially on a list such as this.  For someone who espouses
freedom of speech to arbitrarily censor someone is indeed hypocritical.  

        I'm not defending Dr. Vulius - for some time now, he and a number of
others have been filtered into my Humour mailbox.  I'm just spewing off
about having the _choice_ to ignore him or not, as _I_ see fit, you know - 

"... and then they came for me, and there was no one left to speak out."



JR







From jmr at shopmiami.com  Mon Nov  4 02:04:24 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Mon, 4 Nov 1996 02:04:24 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <199611041004.FAA84350@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Mon Nov 04 17:04:13 1996
Mark wrote:

> It's only authoritarianism if the government is involved.  Clearly, the
> government isn't involved in this matter.

Indeed. IMNSHO, a self-governing property-owner (John) saw that the value of 
a piece of his property was being reduced by a person (Vulis, KOTM) camping 
there. He asked that person (many times, and no-doubt in a far more tolerant 
way than _any_ government has ever in history behaved with any rulebreaker) 
to "please use the latrine instead of the stream." The person not only 
refused, he said "you'll have to make me." The property owner made him. Most 
of the other campers, even those who (like me) choose to (and are able to) 
filter stream water before drinking it, breathed a sigh of relief.

John's action had about as much to do with "censorship" as AFDC has to do 
with "charity" or "compassion." The growing misuse of the word "censorship," 
especially here, is another symptom of the annoying educational work that 
Libertarians need to do, constantly, to fight the ever-encroaching Newspeak 
of those who do not believe in individual property rights, like the one 
(exclusion) that John exercised, only after much provocation. If you don't 
like it, tough shit. Go "buy your own campground" and start your own list, 
just like Perry is. But please don't mislabel John's action "Libertarian 
censorship."
JMR


One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/
___________________________________________________________________
PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8
I will generate a new (and bigger) PGP key-pair on election night.
jmr at shopmiami.com
____________________________________
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMn5oYW1lp8bpvW01AQF6ewP/U8DZc3FXuKgRQXF+mwWhVkimauwEXQYm
p/Rd2u2sYvPMuQD3QMaN+WQCgkpOu0mLlt6TU0n+VJpVYkg82rSHDFyoez71bwvv
jPEXZoJ7dVNnBUpy8b0z+NPSyRzVCPlRaFmaJE1Yba6wV01PMkMHf5ouobUps4L0
7cFlrfBGQaw=
=J5FK
-----END PGP SIGNATURE-----






From bdolan at USIT.NET  Mon Nov  4 03:40:57 1996
From: bdolan at USIT.NET (Brad Dolan)
Date: Mon, 4 Nov 1996 03:40:57 -0800 (PST)
Subject: MCI/BT, who gets the taps?
Message-ID: <Pine.GSO.3.95.961104063825.28348A-100000@use.usit.net>



-----BEGIN PGP SIGNED MESSAGE-----

Long-distance telecommunications carriers have been in bed with
governments since Samuel F. B. Morse strung a line into DC.  Only 
a modest amount of cynicism is required to think that there are
"wiretap" hooks in the carriers' systems.  When an MCI merges
with a Britsh Telecom, who gets the benefit of the hooks?

bd


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMmT3y680j2q8tTgtAQGC7wQA2ris5C3KAD6qLy3AmtglJRoZrei72CIH
MEm7DGasD4AXqfwkjdmvZScAVXRD+KHHgVZQKQp+H0+D/TWHZCN9nrwE1z5/j73R
o8qXDCC0owwJabZHknOMwpBm4Sf6JUGs7Wm1K9JmpVlF01GP+z7rxOMXfvZrlxvy
mwcK3wjIPCU=
=PTmz
-----END PGP SIGNATURE-----







From junger at pdj2-ra.F-REMOTE.CWRU.Edu  Mon Nov  4 04:00:13 1996
From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Date: Mon, 4 Nov 1996 04:00:13 -0800 (PST)
Subject: British Telecom merger with MCI
Message-ID: <199611041159.GAA21112@pdj2-ra.F-REMOTE.CWRU.Edu>



Has anyone figured out how this merger can work, particularly when
British Telecom will be the surviving party, when those MCI employees
concerned with the security of communications will not be able to
disclose any cryptographic software or technical data to their
employer, or to their ``foreign'' bosses and colleagues, without first
getting permission from the Office of Defense Trade Controls under
the ITAR?

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger at pdj2-ra.f-remote.cwru.edu    junger at samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu





From adam at homeport.org  Mon Nov  4 04:36:53 1996
From: adam at homeport.org (Adam Shostack)
Date: Mon, 4 Nov 1996 04:36:53 -0800 (PST)
Subject: free SSL CAs?
In-Reply-To: <Pine.3.89.9611032210.A14631-0100000@netcom9>
Message-ID: <199611041233.HAA09734@homeport.org>


Lucky Green wrote:

| I don't think that their CA software is free, but they do have a free demo 
| version. http://www.xcert.com

SSLeay provides CA tools.

Adam


-- 
"Every year the Republicans campaign like Libertarians, and then go to
Washington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org








From declan at eff.org  Mon Nov  4 04:45:49 1996
From: declan at eff.org (Declan McCullagh)
Date: Mon, 4 Nov 1996 04:45:49 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <Pine.SUN.3.91.961104044408.13104A-100000@eff.org>


Libertarianism is not incompatible with strict regulations, as long as 
the rules violate nobody's rights.

-Declan


On Sun, 3 Nov 1996, Will French wrote:

>   Except it's not very effective, is it, since he's still
> posting flames?  In any case, it's an admission on John
> Gilmore's part that libertarianism can't work without some
> measure of authoritarianism; the only argument is over _just how
> much_ authoritarianism we need.
>   
>   I'm quite upset about this.  Up to now I was able to tell
> people that "there is at least one mailing list on the net that
> functions in a completely open manner".  No more.
> 
> 
> Will French  <wfrench at interport.net>
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From patelam3 at mindspring.com  Mon Nov  4 05:35:34 1996
From: patelam3 at mindspring.com (L. Patrick Elam)
Date: Mon, 4 Nov 1996 05:35:34 -0800 (PST)
Subject: MCI/BT, who gets the taps?
Message-ID: <1.5.4.16.19961104133718.4c8724c8@pop.mindspring.com>


Maybe the "wiretap" hooks in the carriers' systems are accessable
more globally than they would wish us to believe.

Pat.
At 06:40 AM 11/4/96 -0500, you wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Long-distance telecommunications carriers have been in bed with
>governments since Samuel F. B. Morse strung a line into DC.  Only 
>a modest amount of cynicism is required to think that there are
>"wiretap" hooks in the carriers' systems.  When an MCI merges
>with a Britsh Telecom, who gets the benefit of the hooks?
>
>bd
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBMmT3y680j2q8tTgtAQGC7wQA2ris5C3KAD6qLy3AmtglJRoZrei72CIH
>MEm7DGasD4AXqfwkjdmvZScAVXRD+KHHgVZQKQp+H0+D/TWHZCN9nrwE1z5/j73R
>o8qXDCC0owwJabZHknOMwpBm4Sf6JUGs7Wm1K9JmpVlF01GP+z7rxOMXfvZrlxvy
>mwcK3wjIPCU=
>=PTmz
>-----END PGP SIGNATURE-----
>
>
>
-----BEGIN PGP SIGNED MESSAGE-----

 -------------------------------------------------------
L. Patrick Elam, III                       404-639-4538
Systems Administrator                      404-608-3587[Pager]
Senior Systems Engineer                    Information System Services
Centers for Disease Control and Prevention http://www.cdc.gov
1600 Clifton Road, MS E-24                 lpe0 at oddhiv1.em.cdc.gov
Atlanta, GA 30333, USA                     patelam3 at atl.mindspring.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMkxKTclE1gRAhbnhAQFZ7AL/Y5cw/jNSgVJdqPdd0i8f5T9Xp7LMkFUG
iHuTftepC0UzghtI1JhCmBWehg+PfWx6wxt3gQZou/+KOLCGX8eWgnMstDX7KK2X
QK/V/rerRrIn8/so8K3GtLb/gj+pCUup
=F5EN
-----END PGP SIGNATURE-----






From alzheimer at juno.com  Mon Nov  4 06:07:14 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Mon, 4 Nov 1996 06:07:14 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961104.080708.9415.0.alzheimer@juno.com>


 American Banker: Thursday, October 31, 1996
 
Two Retail Giants Sue Visa Over Debit Cards 
 
By LISA FICKENSCHER
 
Two of the largest retailing companies have filed a lawsuit against Visa
U.S.A., claiming the bank card association illegally forces merchants to
accept debit cards. 
 
Wal-Mart Stores Inc. and The Limited Inc., in what they characterized as
a
class action on behalf of all retailers, accused Visa of coercing equal
treatment of Visa Check cards and credit cards. 
 
The suit, filed last Friday in U.S. District Court for the Eastern
District of
New York, alleged that the tying of debit and credit card acceptance
violates
antitrust laws. The retailers are seeking an unspecified amount in
damages. 
 
The action, a flareup of longstanding tensions between the bank card and
retailing industries, did not extend to MasterCard International, even
though
its policies are similar to Visa's. Industry sources speculated that
MasterCard
may have shielded itself through its recent cobranding agreement with
Wal-Mart, the nation's biggest retailer. 
 
But because Visa and MasterCard are owned by virtually the same banks,
the lawsuit has the same potential effect on the U.S. banking community
as if
MasterCard were named. 
 
The suit describes the approximately 2,800 banks that issue both Visa
credit
and Visa Check cards, and some 1,000 banks that are "acquiring members"
of both Visa and MasterCard, as co-conspirators. 
 
Retailers have long argued that credit cards and debit cards should be
priced

differently, and that they should have the freedom to decide what kinds
of
payments they accept. Under MasterCard and Visa rules, all their cards
must
be acceptable at any retail location that displays those logos,
regardless of
card type. 
 
Wal-Mart and The Limited, among others, have contended that debit cards
are more akin to cash and check transactions, which cost them less than
credit cards. Recent growth in the Visa Check program -- Visa said check
cards increased 49% in the second quarter -- led to Visa U.S.A.'s being
singled out in the lawsuit, said Wal-Mart spokeswoman Betsy Reithemeyer. 
 
The suit said Visa Check cards were used last year in approximately 556
million retail transactions, generating $22 billion in sales. 
 
The complaint estimated that merchants paid at least $250 million in fees
on
that activity. That total supposedly would have been less than $33
million if
processed through on-line systems such as regional automated teller
machine
networks. (Visa Check and MasterMoney payments are cleared "off-line,"
with some delay, like credit cards). 
 
If those purchases had been made with cash, checks, or travelers checks,
those same sales would have cost "well below" the $33 million estimated,
the
legal filing said. 
 
"Retailers are willing to pay fees," said Paul Martaus, an electronic
payments
consultant in Clearwater, Fla. "The issue since day one with debit is
that the
fee they pay varies with the transaction amount." 
 
The lawsuit claimed a Visa credit card transaction costs merchants 1.25%
of
the sale, or $1.25 on $100. The Visa Check fee on the same sale would be
1.04% plus six cents, or $1.10. On-line debit networks' fees go as low as
five cents. 
 
Visa officials, who saw the lawsuit for the first time Wednesday, said it
is  still cheaper for merchants to clear a Visa Check transaction than a
credit card
purchase. 
 
"The plaintiffs are wrong on the facts and the law," said Paul A. Allen,
Visa's
executive vice president and general counsel. "The rule that is being
attacked
has been a cornerstone of the Visa product and market for the past 25
years." 
 
"Visa will pursue this with all due vigor," said Mr. Martaus. "It
challenges
their livelihood." 
 
Visa has a long and successful record of turning back such legal attacks.
It
beat a 1984 price-fixing suit by Nabanco, a merchant processing company
now owned by First Data Corp. In the 1990s, Dean Witter, Discover & Co.
was unable to crack Visa's exclusive bank-membership policy. 
 
In 1983 Nordstrom Inc. of Seattle stopped accepting Visa's debit card to
protest the credit-debit tying requirement, which jeopardized its status
as a
Visa merchant. Nordstrom brought, but quickly dropped, a lawsuit against
the card association -- and later offered a cobranded Visa card. 
 
One legal observer, who did not want to be named, said the Wal-Mart and
Limited claims against Visa will be difficult to prove "because the case
does
not fit into the traditional antitrust box. Most antitrust cases fail." 
 
The lead attorney for the retailers is Lloyd Constantine of Constantine &
Partners, New York, a former antitrust chief in the New York State
attorney
general's office. 
 
 
 
American Banker: Thursday, October 31, 1996
 
Microsoft's Web Software for Merchants Wins Support 
 
By JENNIFER KINGSON BLOOM
 
Six major banks and payment processors announced support Wednesday
for Microsoft Corp. software designed to promote Internet commerce. 
 
Microsoft developed the software, Merchant Server 1.0, with Verifone Inc.
It conforms to the Secure Electronic Transactions protocol for credit
card
payments and is said to make it easy for merchants to set up shop on the
World Wide Web in as little as a month. 

 
The financial institutions and processors that have signed on are
BankAmerica Corp., Citicorp, Wells Fargo & Co., Royal Bank of Canada,
First USA Inc., and Dean Witter, Discover & Co.'s Novus unit. They plan
to
handle a variety of on-line payments functions for merchants. 
 
Microsoft chairman Bill Gates conceded that Merchant Server addresses "an
area that today is very, very small," but added, "We believe there will
be
explosive growth." 
 
Bankers said their business customers are hankering for sales outlets on
the
Web.
 
"You have to fight them off with a stick," said Adrian Horsefield, senior
manager of alternative delivery products at Royal Bank of Canada. The
bank, Canada's largest, plans to use the Microsoft software to open a
"virtual
mall" in March. 
 
Citicorp is planning a pilot program in Germany. Wells Fargo,
BankAmerica,
First USA's Paymentech unit, and Novus have agreed to recommend
Merchant Server to customers. 
 
For the banks, the software serves as "virtual bricks and mortar," said
Hatim
A. Tyabji, chairman and chief executive officer of Verifone. "A lot of
the talk
(about on-line commerce) is about to be translated into reality." 
 
Michael Dusche, Microsoft's banking industry manager, said "a huge
banking
opportunity" beckons. 
 
"There's so much apprehension whenever Microsoft does anything in the
banking community," he said. "We will let the banks remarket the product,
offering it directly to their merchants." 
 
With the banks in control of the payment system, Mr. Dusche said, a
participating institution could decide to offer incentives to merchants
and
consumers who used the bank's credit cards for on-line payments. 
 
Microsoft, of Redmond, Wash., and Verifone, of Redwood City., Calif.,
said
last summer they were collaborating on a system to ensure secure
electronic
payments, built on the bank card industry's SET standard. 
 
Verifone, the leading supplier of point of sale terminals, contributed
its VGate
and VPos systems, which securely whisk payment information between
Internet buyers and sellers. 
 
Other companies have come forward with similar offerings for merchants,
including Netscape Communications Corp., Oracle Corp., and Open Market
Inc. But several observers said the Microsoft-Verifone program appears to
be the most comprehensive and has the advantage of being backed by
companies merchants know and trust. 
 
"A whole host of people are delivering merchant server technology," said
Ray
McArdle, group executive for technology at First USA Paymentech in
Dallas, adding that the combination of Microsoft and Verifone "is
potent." 
 
"It's a more powerful product to the merchant community, and it's simple
and
inexpensive to use," he said. "Almost any merchant can afford to become
involved in this new channel." 
 
Scott Smith, an electronic commerce analyst at Jupiter Communications in
New York City, said that while other companies are providing
"components," Microsoft's software is "the most comprehensive so far."
 
"We see the merchant server as a breakthrough product," said Cathy
Medich, Verifone's marketing director. "It's really targeted to helping a
merchant run his store."
 
One drawback, Mr. Smith said, is that the software works only on
Microsoft's Windows NT operating system. "Like most of their offerings,
it
looks great, sounds great, but there are lots of hidden strings
attached," Mr.
Smith said. 
 
To date, most merchants have had to rely on a patchwork of software tools
and payment techniques to do business on-line. 
 
"It's been tough for businesses to set these sites up," Mr. Gates said.
"Many
companies have spent over a million dollars setting up an Internet
commerce
site, and many of those just aren't so compelling." 
 
Mr. Dusche said small merchants will be able to set up a virtual store
for as
little as $3,500. At more sophisticated on-line stores, shoppers will be
able
to see more than just a flat image of each product. 
 
"If you're looking at a handbag, you'll be able to turn it around, open
it up
and look inside," Mr. Dusche said. "It has to be a compelling experience
for
the user - they have to be able to see more than text." 
 
Among the first merchants using the product will be the bookstore of the
University of California at Los Angeles. The system will allow students
to
enter a course number and order books directly, without waiting in line.
The
Tower Records site will allow browsers to listen to snippets of music.
 
About 50 merchants have said they will use the technology to open such
stores by yearend. 
 
Jane Moy, vice president and general manager of electronic commerce at
Novus Services, called the Microsoft-Verifone merchant server "the first
step" toward ubiquitous Internet commerce.
 


 
InfoWorld: October 28, 1996
 
Lucent, Visa Strike Phone Banking Deal 
 
By Kristi Essick 
 
Lucent Technologies Inc. this month announced that Visa Interactive will
use
its phone-based voice-recognition banking software as an extension of the
Visa electronic banking and bill-paying network. Under terms of the
agreement, Lucent will provide its Intuity Conversant voice-response
system,
which recognizes and processes natural language requests via telephone,
to
Visa-member financial institutions in the United States. 
 
The technology, already being used by many banks in the United States for
their own networks, will now be connected to Visa Interactive's vast
electronic banking network to enable financial institutions to offer
bill-paying
services via voice-recognition phone calls, according to Ry Schwark, a
Lucent spokesman. 
 
Using the service, customers will be able to make electronic payments to
businesses and individuals, receive notification of low funds, and access
their
accounts after entering a personal passcode. A request such as "Can I
find
out my balance?" or "Write check to Aunt Ethel" will be recognized by the
Intuity Conversant system and electronically processed via the Visa
bill-paying network without users ever having to write a check, said Ken
Pilecek, bank offers manager for Lucent.
 
To be eligible for the service, users must submit to Visa in writing a
list of
individuals and institutions. Once the service is activated, users need
only 
call
the voice system and enter a password to authorize money transfers to and
from any account, Pilecek said. 
 
The first financial institution to sign up for the bill-payment service
is 
Kansas
City, Mo.-based UMB Financial Corp., which will make the services

available to its 130 member banks in the Midwest, Schwark said. The
Intuity
Conversant software complies with Visa Interactive's Access Device
Messaging Specification, an open protocol for bill-payment services. 
 
The starting price for the software is $6,700 for small and medium-size
banks
with an Intuity Conversant hardware system already installed. For banks
that
need both software and hardware, pricing starts at $18,000. Large bank
applications start at $30,000. The service is available now in the United
States, but it won't be offered internationally until next year. 
 
Users can expect to see services in Canada, the United Kingdom, and
Australia by midyear, but non-English speakers will need to wait until
Lucent
releases foreign language versions of the voice-recognition software,
which
may take as long as a year, Pilecek said. In addition to language
considerations, Lucent and Visa must also alter the service to comply
with
differing international banking regulations, Pilecek said. 
 
Lucent, based in Murray Hill, N.J., can be reached at (908) 582-8500 or
at
http://www.lucent.com.
 
 
Bank Automation News: October 30, 1996
 
Technology Provides Internet Connection 
 
Banks will be able to provide customers with better service and improve
productivity levels in their call centers as Internet technology software
improves, say consultants.
 
"A year ago, people said [the Internet] was a phase, now it doesn't
matter if
it is a fad, you need to be there," says Sheila McGee-Smith, director of
analysis and forecasting at the Pelorus Group in Raritan, N.J. 
 
Security First Network Bank [SFNB], of Atlanta, is implementing an
Internet
call center in three phases over the next several months to consolidate
customer inquiries received through various communication channels,
including the voice response unit and E-mail. 
 
The software will be implemented by Quintus, of Freemont, Calif., into
the
data center of Atlanta-based Five Paces Inc., a wholly owned subsidiary
of
SFNB. The center will use tracking software to identify the caller when
they
dial into the center from another line or E-mail the bank and transfer
the
inquiry to an agent. The system also will allow the initial servicing
agent to
track the request to place any follow up calls, says Lisa Green a
spokeswoman for Quintus. 
 
The service model was designed in conjunction with Palo Alto,
Calif.-based
Hewlett-Packard, which will supply the middleware, Cambridge Technology
Partners, of Cambridge, Mass., which will help with the integration
process,
and Little Rock, Ark.-based Alltel, which will manage the call center. 
 
Banks can establish Internet links to their call centers to give
customers
access to account information and have an agent return their call.
Internet
telephony systems let consumers speak with an agent while viewing the
banks
World Wide Web page over a single line, but require both the agent and
the
customer to have an Internet connection, sound card, Internet phone
software, a microphone and speakers, says McGee-Smith. 
 
Consider Customer Demographics First 
 
Before you implement Internet call centers or Internet telephony systems,
consider the regional and geographic differences of your customer base,
say
analysts. Customers at Citibank, of New York, for example, may be more
comfortable using Internet applications than those at a rural bank, says
McGee-Smith. 
 
Other equipment providers are incorporating these capabilities into their
systems. Lucent Technologies, of Basking Ridge, N.J., is planning to
offer
Internet telephony functions to its Intuity Messaging Solutions and
Rockwell
Switching Systems Division, of Downers, Grove, Ill., also produced an
Internet telephony system with Netspeak, of Boca Raton, a telephone
software company. San Jose, Calif.-based Aspect Telecommunications
Corp. also has Internet telephony functions. Santa Fe, Calif.-based Edify
and
AT&T , of Parsippney, N.J., also are working on an Internet application. 
 





From jya at pipeline.com  Mon Nov  4 06:26:59 1996
From: jya at pipeline.com (John Young)
Date: Mon, 4 Nov 1996 06:26:59 -0800 (PST)
Subject: URG_ent
Message-ID: <1.5.4.32.19961104142539.00693c7c@pop.pipeline.com>


 11-02-96.

 "Transaction Records Urged for Smart Cards"

    Electronic money systems must generate transaction records 
    to help law enforcement agencies track money launderers, a 
    senior Justice Department official said last week. "In a 
    paper environment ... we can get bank records, we can get
    credit card records. Our goal is only to preserve this ability."


 "Internet insecurity "

    Jeff Schiller: The Web has a lot of potential vulnerabilities.
    There's plenty I know about that I don't want to talk about. 
    People who know about the vulnerabilities are reluctant to talk 
    about them because if we disclose what we know to the public, 
    the bad guys will take advantage. And if we address them with 
    the vendor community, they don't do anything about them. 
    There's a lot of hooey out there. Never trust the advice of 
    someone selling you a product, especially if the sales pitch 
    is, "My product makes your problem go away."


 "RSA offers kit for secure credit-card transactions"

    RSA Data Security, Inc. will announce today a tool kit for 
    developing secure applications that support credit-card 
    transactions on the Internet called S/Pay in support of
    SET.


 "Medcom introduces a "Super Cafe" data encryption product"

    Medcom's latest data encryption product, the Secure Socket 
    Relay (SSR), features strong encryption with full key length 
    (56-bits DES). A demo version can be downloaded at
    http://www.medcom.se/.


 "On Technology's Security White Paper" 

    "Taking The Threat Out Of Network Security," will stimulate 
    the industry into discussing some of the issues of security 
    that face the Internet industry and its users. Copies of 
    the paper are available on request from On Technology. The 
    company's Web site is at http://www.ontech.co.uk .

-----

 http://jya.com/urgent.txt  (21 kb)

 URG_ent

----------

In another story on gov-spooked insecurity:

 NEC announced that it successfully demonstrated country-to-
 country virtual private networking (VPN). During the tests, 
 privacy and security was maintained between the two sites by 
 deploying DES and triple-DES encryption. Since DES 
 encryption technology cannot be exported from the United 
 States, a Japanese version of DES, developed outside the 
 U.S., was used.







From ph93szh at brunel.ac.uk  Mon Nov  4 06:32:04 1996
From: ph93szh at brunel.ac.uk (ph93szh at brunel.ac.uk)
Date: Mon, 4 Nov 1996 06:32:04 -0800 (PST)
Subject: British Telecom merger with MCI
In-Reply-To: <199611041159.GAA21112@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <16832.199611041429@molnir.brunel.ac.uk>




 BT/MCI aka Concert will have offices based in London and
 Washington. Technically Concert won't be a foreign company
 I guess.

 Zaid







From raph at CS.Berkeley.EDU  Mon Nov  4 06:53:24 1996
From: raph at CS.Berkeley.EDU (Raph Levien)
Date: Mon, 4 Nov 1996 06:53:24 -0800 (PST)
Subject: List of reliable remailers
Message-ID: <199611041450.GAA31972@kiwi.cs.berkeley.edu>


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list at kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys at kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list at kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail at miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster at remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer at replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias at alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod at nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix at zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer at remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack at holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer at dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer at cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{"winsock"} = "<winsock at c2.org> cpunk pgp pgponly hash cut ksub reord";
$remailer{'nym'} = '<config at nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer at huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix at squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman at jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias at alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman at athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config at weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x at deathsdoor.com> cpunk pgp hash latent post";
catalyst at netcom.com is _not_ a remailer.
lmccarth at ducie.cs.umass.edu is _not_ a remailer.
usura at replay.com is _not_ a remailer.
remailer at crynwr.com is _not_ a remailer.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The winsock remailer does not accept plaintext messages.

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 4 Nov 96 6:49:04 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer at cypherpunks.ca          ************    14:34  99.99%
winsock  winsock at c2.org                   --.--+-----   5:02:13  99.84%
squirrel mix at squirrel.owl.de              +++---++---   2:35:51  99.76%
lead     mix at zifi.genetics.utah.edu       +++++++- ++*    37:17  99.62%
extropia remail at miron.vip.best.com        -.------.--  10:08:19  99.60%
lucifer  lucifer at dhp.com                  +++++++++ +     41:39  99.31%
replay   remailer at replay.com              +******+++**     7:48  99.16%
balls    remailer at huge.cajones.com        ******** ***     5:25  98.82%
exon     remailer at remailer.nl.com         *##* **++# #     1:51  98.59%
middle   middleman at jpunix.com             + +++ -  +-   1:34:45  98.17%
cyber    alias at alias.cyberpass.net        +***** +   *    34:08  98.12%
dustbin  dustman at athensnet.com            +-++-+-- --   1:22:20  97.96%
haystack haystack at holy.cow.net            #+****-++#       3:00  86.77%
mix      mixmaster at remail.obscura.com               ++  1:30:30  47.85%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien





From 3moeller at informatik.uni-hamburg.de  Mon Nov  4 06:58:55 1996
From: 3moeller at informatik.uni-hamburg.de (Bodo Moeller)
Date: Mon, 4 Nov 1996 06:58:55 -0800 (PST)
Subject: pgp3
In-Reply-To: <199610251026.LAA01407@server.test.net>
Message-ID: <199611041456.PAA04432@rzdspc135.informatik.uni-hamburg.de>


Adam Back (aba at dcs.ex.ac.uk):

> An altavista serach found an Internet Draft entitled `PGP Message
> Exchange Formats', however this appears to be a re-write of
> pgformat.txt which is distributed with PGP, with some comments
> explaining expansion directions [...]

> Someone suggested to me that Derek posted a draft spec for PGP 3.0.
> Anyone know of the whereabouts of this document.

Yes.  That document has evolved to RFC 1991:

1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange  
           Formats", 08/16/1996. (Pages=21) (Format=.txt) 


< Network Working Group                                          D. Atkins
< Request for Comments: 1991                                           MIT
< Category: Informational                                     W. Stallings
<                                                     Comp-Comm Consulting
<                                                            P. Zimmermann
<                                             Boulder Software Engineering
<                                                              August 1996
< 
< 
<                       PGP Message Exchange Formats
[...]





From alexf at iss.net  Mon Nov  4 07:02:40 1996
From: alexf at iss.net (Alex F)
Date: Mon, 4 Nov 1996 07:02:40 -0800 (PST)
Subject: [NOISE] Censorship of Dr. Vulius
Message-ID: <2.2.32.19961104150043.006bfbb0@iss.net>


Someone on this list complained that there was one list that allowed
uncensored postings, and this was it.  Not that Dr. Vulis has been kicked
off that character of the list is either tarnished or alltogether gone.  The
same person likened this to a violation of Libertarian ideals, etc.  The way
I see it is this, being on this list is a priveledge, not a right.  When
someone abuses that priveledge they may lose it. Plain and simple.  It is
also worthy to note that the Right to Free Speech, etc. applies to the
government (IOW, the government can not hinder the right to free speech so
long as that speech does not infringe upon someone else's right.  Since when
is this list government run?  The decision was apparently a personal one.
Dr. Vulis was apparently asked nicely several times to stop flaming, and
post on relevant subject matter.  He did not.  Does the Libertarian ideal
also approve of uninhibited abuse of priveledges?  I don't think so.  To sum
up, I really don't see any conflict between John's actions and the
Libertarian way of thought, but that's just my personal opinion.

Later,

Alex F
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Alex F  -  Internet Security Systems
Webmaster/Security Training
alexf at iss.net
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@






From adam at homeport.org  Mon Nov  4 07:03:26 1996
From: adam at homeport.org (Adam Shostack)
Date: Mon, 4 Nov 1996 07:03:26 -0800 (PST)
Subject: MCI/BT, who gets the taps?
In-Reply-To: <Pine.GSO.3.95.961104063825.28348A-100000@use.usit.net>
Message-ID: <199611041500.KAA10254@homeport.org>


Brad Dolan wrote:

| Long-distance telecommunications carriers have been in bed with
| governments since Samuel F. B. Morse strung a line into DC.  Only
| a modest amount of cynicism is required to think that there are
| "wiretap" hooks in the carriers' systems.  When an MCI merges
| with a Britsh Telecom, who gets the benefit of the hooks?

	Nothing changes.  The NSA & GCHQ liason officers will continue
to cooperate in bypassing the other countries laws for the mutual
benefit of the agencies.  BMCI will continue to tap and be tapped at
the whim of either government.

Adam
	
-- 
"Every year the Republicans campaign like Libertarians, and then go to
Washington and spend like Democrats."

Vote Harry Browne for President.  http://www.harrybrowne96.org








From dthorn at gte.net  Mon Nov  4 07:09:39 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 4 Nov 1996 07:09:39 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <3.0b28.32.19961103181709.0071c978@mail.io.com>
Message-ID: <327E0677.6618@gte.net>


Greg Broiles wrote:
> At 03:08 PM 11/3/96 -0800, blanc <blancw at cnw.com> wrote:
> >Vulis did everything to set himself up for what he got, did he not.

Am I missing something, or do some people just not get it?

Nobody cares about the "Doctor" other than his personal friends, which cypherpunks as
a list is not.

What *does* matter is what this issue did to everyone else.

Remember the old adage, regurgitated frequently by USA Today, L.A. Times, etc.?
"x number of people are willing to give up some of their freedoms to stop crime" ad
nauseam, even though it says further on in the paragraph that "it probably won't do
any good anyway".  Yes, they actually print that crap.

So now cypherpunks is in the same boat.  Enacting censorship that doesn't accomplish
the stated purpose.  So if it doesn't accomplish the stated purpose, and Doctor Vulis
can post anyway, what was the *real* reason, or to look at it another way, what's the
next thing to be enacted to further tighten the screws on the "Doctor", and add more
limits to freedom?






From dthorn at gte.net  Mon Nov  4 07:20:57 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 4 Nov 1996 07:20:57 -0800 (PST)
Subject: Censorship on cypherpunks [RANT]
In-Reply-To: <19961104044209687.AAA199@localhost>
Message-ID: <327E09AF.489E@gte.net>


Adamsc wrote:
> On Sun, 3 Nov 1996 18:54:16 -0500 (EST), Will French wrote:
> >  Except it's not very effective, is it, since he's still
> >posting flames?  In any case, it's an admission on John
> >Gilmore's part that libertarianism can't work without some
> >measure of authoritarianism; the only argument is over _just how
> >much_ authoritarianism we need.
> >  I'm quite upset about this.  Up to now I was able to tell
> >people that "there is at least one mailing list on the net that
> >functions in a completely open manner".  No more.

> This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
> There is no obligation to accept anyone.

Isn't this the same argument used by the state whenever they want to differentiate
between your "rights" and your "privileges"?  Can they reject one of your privileges
whenever they want to, at their discretion?  No.

So if c-punks is really "private", how does it decide (arbitrarily?) who to include
and who to reject?

Note that I'm not saying that it's absolutely wrong to reject anyone, at any time
necessarily, I just don't think your last sentence about a *private* list was well
thought out.






From sunder at brainlink.com  Mon Nov  4 07:58:11 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Mon, 4 Nov 1996 07:58:11 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <Pine.SUN.3.91.961104104444.25737C-100000@beast.brainlink.com>


On Sun, 3 Nov 1996, Will French wrote:

>   Except it's not very effective, is it, since he's still
> posting flames?  In any case, it's an admission on John
> Gilmore's part that libertarianism can't work without some
> measure of authoritarianism; the only argument is over _just how
> much_ authoritarianism we need.
>   
>   I'm quite upset about this.  Up to now I was able to tell
> people that "there is at least one mailing list on the net that
> functions in a completely open manner".  No more.

One of the things you folks are missing is that this list is 
crypto-anarchy friendly.  Anarchy isn't chaos, it's self rule.  One of 
the things that us anarchists do is to deal with problems like Vulis.  
The usual methods are to flame back, to ignore, etc.

If the problem doesn't go away, then we'll make it go away.  Those who 
have the ability to make it go away will.  i.e. the folks that have 
control over the list server.  And that's the beauty of it.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder at sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!






From trei at process.com  Mon Nov  4 07:59:24 1996
From: trei at process.com (Peter Trei)
Date: Mon, 4 Nov 1996 07:59:24 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
Message-ID: <199611041559.HAA22642@toad.com>



> At 10:30 AM 11/1/96 -0800, Timothy C. May wrote:
> 
> >Sliderules were just becoming common when I was in high school....

When I was in high school, slide rules and log tables were standard
equipment - calculators started to come in towards the end. There
was a *lot* of controversy over their use in exams, and in homework
('show your working...'). At one point, you could use a calculator, but
only if you noted the fact (and model) on your exam paper.

I had a couple of nice 12-inch plastic slide rules - the better one, with
about 20 scales and double sides was stolen while I was in college.

I still treasure one of the heirlooms from my grandfather - a 12
inch bamboo rule, with his name carefully engraved in engineering
lettering ( which he used during his 50+ years at Ma Bell).

Not long ago I visited the MIT Museum, and in the shop found for
sale 'new' (circa 1975) plastic slide rules, both straight and circular.
I got one of each for old time's sake, and am thinking of having one
framed with a 'break glass in case of emergency' sign.

Peter Trei
trei at process.com

 





From sunder at brainlink.com  Mon Nov  4 08:00:34 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Mon, 4 Nov 1996 08:00:34 -0800 (PST)
Subject: Thank you, John Gilmore, for protecting freedom of speech , against Dr. Dmitri
In-Reply-To: <BL4TwD51w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961104110153.25737D-100000@beast.brainlink.com>


On Sun, 3 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Dale Thorn <dthorn at gte.net> writes:
> > But there's probably a logical reason for taking this "action",
> 
> Such as someone being an effeminate long-haired limp-wristed bitch... :-)


And some of you guys are crying over his removal???  Sheesh!

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder at sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!






From rah at shipwright.com  Mon Nov  4 08:04:07 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 4 Nov 1996 08:04:07 -0800 (PST)
Subject: Paper on Electronic Payment Systems (Swedish)
Message-ID: <v0300780daea3addf9529@[206.119.69.46]>



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: gustavw at wineasy.se (Gustav Winberg)
Mime-Version: 1.0
Precedence: Bulk
Date: Mon, 4 Nov 1996 14:43:23 +0100
From: gustavw at wineasy.se (Gustav Winberg)
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Paper on Electronic Payment Systems (Swedish)

For all interested and Swedish-speaking (sorry...) list members:

I have just completed my graduation thesis in law at the University of
Stockholm. The title of the paper is "Elektroniska betalningssystem -
Teknisk s�kerhet och juridisk os�kerhet" (eng. Electronic Payment Systems -
Technological Security and Legal Uncertainty"), and is available at

http://www.users.wineasy.se/gustavw

where you will find the ToC in HTML and the complete paper in pdf-format
(about 230K).
If there is sufficient interest, I might consider translating the paper, or
parts of it, into English. The legal bits are specifically about Swedish
Law, though, so I'm not sure how useful they would be for
non-Scandinavians.

Any comments or suggestions are greatly welcome and can be sent to
gustavw at wineasy.se.


BTW: Bob, thanks for a great list - I couldn't have done it without you...
Cheers!

BR,

Gustav WInberg

---------------------------------------
(ex.) Student of Law and Informatics
University of Stockholm,
Sweden
gustavw at wineasy.se
---------------------------------------

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From rah at shipwright.com  Mon Nov  4 08:04:17 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 4 Nov 1996 08:04:17 -0800 (PST)
Subject: ClipperFUD: tracking smart cards
Message-ID: <v03007810aea3ae2ba71e@[206.119.69.46]>



--- begin forwarded text


X-Sender: oldbear at tiac.net
Date: Mon, 04 Nov 1996 00:20:34 -0500
To: Digital Commerce Society of Boston <dcsb at ai.mit.edu>
From: The Old Bear <oldbear at arctos.com>
Subject: tracking smart cards
Mime-Version: 1.0
Sender: bounce-dcsb at ai.mit.edu
Precedence: bulk
Reply-To: The Old Bear <oldbear at arctos.com>

TRACKING SMART CASH

A senior Justice Department official has urged makers of smart
carts to include a mechanism for tracking transactions over a
certain dollar amount.

Assistant Attorney General Robert Litt also called for "sensible
limits" on how much value can be stored or transferred on a
single card or PC.  The government hopes it can work with industry
without stifling smart card development, and without compromising
individual rights.

"We don't want to dictate how these features are designed, but
there are certain reasonable parameters that industry should build
into their systems," says Litt.

source: BNA Daily Report for Executives
        29 Oct 96
        page A24


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB at ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From sunder at brainlink.com  Mon Nov  4 08:07:12 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Mon, 4 Nov 1996 08:07:12 -0800 (PST)
Subject: [NOISE]Re: Dr. Vulis; John was right!
In-Reply-To: <9611031446.aa18095@salmon.maths.tcd.ie>
Message-ID: <Pine.SUN.3.91.961104110543.25737E-100000@beast.brainlink.com>


On Sun, 3 Nov 1996, Derek Bell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 	I'm not happy with the barring of Vulis from the list: sure he was
> a kook and he posted many ad-hominem messages*, but I feel a mini-FAQ would
> deal with the matter better. Explain the background to his tantrums** and
> explain how to filter out messages with various mail packages.


Right. I can see it now:

 "Hi, welcome to cypherpunks, it's a realy neat list where we talk about
crypto and other cool things.  Think of it as a living room or a bar - uh,
by the way, beware of that stain on the rug called Vulis, he will cause
lots of flame wars and spew our racist crap, but aside from that your stay
here will be a pleasant one.  You might want to filter him, here's how..."

Not cool.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder at sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!






From dlv at bwalk.dm.com  Mon Nov  4 08:12:03 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 08:12:03 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <199611040630.WAA02244@netcom6.netcom.com>
Message-ID: <4cDVwD5w165w@bwalk.dm.com>


frantz at netcom.com (Bill Frantz) writes:
> [John Gilmore]  has said to Dr.
> Vulis, "You are no longer a member of the cypherpunks community."

I recall we've been through this over a year ago, when I saw an announcement
of a cypherpunks physical meeting where someone was excluded for his political
views, and I said that I don't consider myself a cypherpunk. I'm glad that
John and Bill, the auhorities on cypherpunk membership, finally concur.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From lazylion at idiom.com  Mon Nov  4 09:21:28 1996
From: lazylion at idiom.com (Ben Weiss)
Date: Mon, 4 Nov 1996 09:21:28 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611032354.SAA01354@interport.net>
Message-ID: <v03007800aea3c811e1c0@[206.14.165.67]>


At 4:54 PM -0700 11/3/96, Will French wrote:
>  Except it's not very effective, is it, since he's still
>posting flames?  In any case, it's an admission on John
>Gilmore's part that libertarianism can't work without some
>measure of authoritarianism; the only argument is over _just how
>much_ authoritarianism we need.

I disagree.

The difference between John's actions and 'authoritarianism' is John
runs this list himself for all of us.  We do not pay him taxes to do it,
we do not have financial interest in the computers he uses to do it and
in the final analysis, he is not beholden to us, nor we - him.

Ben Weiss                          Digital Arts & Sciences Corporation
mailto://Ben at iis.DAScorp.com       (formerly Digital Collections, Inc.)
mailto://lazylion at idiom.com        http://www.DAScorp.com/
WB5QAL/6 (Ham Radio)               (510) 814-7200 x.240 voice

    Apple Partner, Apple Media Partner & Acius 4th Dimension Partner

  What part of 'Congress shall make no law abridging the freedom of speech'
    did you not understand?

Disclaimer:My company doesn't tell me what to say and I don't always say
           stuff with which they agree, but we still get along just fine







From asgaard at Cor.sos.sll.se  Mon Nov  4 09:31:00 1996
From: asgaard at Cor.sos.sll.se (Asgaard)
Date: Mon, 4 Nov 1996 09:31:00 -0800 (PST)
Subject: Political Derivative Securities
In-Reply-To: <199611040446.WAA16999@manifold.algebra.com>
Message-ID: <Pine.HPP.3.91.961104170747.1922A-100000@cor.sos.sll.se>


On Sun, 3 Nov 1996 ichudov at algebra.com wrote:

> What I do is the following: I go to the Ladbroke's and offer to pay the
> gamblers not $6, but $6.01 if Dole wins. Being somewhat rational, these
> gamblers see a better deal than Ladbroke's offers, and give me their $1
> bills. This is very simple.

In theory very simple indeed. But then there's the matter of trust
(they know Ladbroke will probably be there after the election, but
will you?) and market infringement (will Ladbroke's security allow
you to hang around?) and such practical things. But I understand
that you are more interested in the theoretic basis for arbitrage.
I was talking more about the real world.

> I take their $1 bills and go to "William Hill". I buy, however, LESS
> bets than dollar bills that I received. In particular, I buy 
> $6.01 / $10.00 bets for each dollar that I receive.

Gambling institutions do these kind of insurance transactions all
the time, of course. But many of them don't work only with small
safe margins (changing the odds according to incoming bets pro/con
so that exactly some percentage will always stay in their pockets
after taxes) because they are themselves gamblers.

> Of course, if gamblers could compare prices and choose gambling houses
> easily, no one would ever buy these bets from Ladbroke (unless they are
> crazy).

Some will anyway, out of convenience, if a Ladbroke office happens to
be just around the corner. But those daring to give the highest odds,
and in this case without insuring themselves with counter-odds,
with take most of the customers and most of the profits if Clinton
wins (and the losses if Dole wins).

> This situation means that there is some market imperfection that 
> does not allow arbitrage. It is not clear, though, what this
> imperfection is.

In part for practical reasons, as stated above. That will change
when this kind of betting moves online, with digital cash (if
allowed) or digital traceable money (betters will accept some
degree of taxation). Then all the opportunities hitherto reserved for
gamblers on the stock, commodity and monetary markets will become
available to the more profane betters on sports, horce racing and
elections: derivates, futures etc.

And more. Some of the more esoteric cryptographic protocols will become
of practical value in the gambling business. Like you could bet $n
that Dole will win, prospective takers of the bet could make secret
offers and the highest bidder would get your bet at the next to
highest offered odds, without anybody's offer being revealed. You
might have committed to take that offer, or you might not - different
gambling styles. An all against all situation, serviced by a trusted
entity with committed bits in escrow, living off a very small margin
on all transactions.

Asgaard








From peter.allan at aeat.co.uk  Mon Nov  4 10:29:01 1996
From: peter.allan at aeat.co.uk (Peter M Allan)
Date: Mon, 4 Nov 1996 10:29:01 -0800 (PST)
Subject: Unix Review - letter to editor
Message-ID: <9611041829.AA26083@clare.risley.aeat.co.uk>



[ I refer to the article starting on p55
  of the Nov 1996 Unix Review. ]


-----letter to Ed start here------

Andrew,

Congratulations on a welcome crypto article in UR.

This is an important topic for security, networks,
web-based commerce etc and is only going to increase in 
importance as people realise data is money.

The article did raise my eyebrows a few times though
with some wild statements - about the speed of brute-force
attacks on DES, and about USG 'key escrow' proposals,
patents and key certification.

Also there are absolutely crucial issues not touched on,
probably for lack of space.  Details matter, and if you're
contemplating another article on the subject I'd be happy
to write it [subject to my boss' approval] or review it
before publication.  The field moves fast at times, and
it would be good to keep an eye on the subject in a fairly
regular column.

Strangely, your author didn't mention ftp.ox.ac.uk,
an ftp site for many good crypto tools, which
(as a UK site) is not subject to US export restrictions.




 -- Peter Allan    peter.allan at aeat.co.uk







From ichudov at algebra.com  Mon Nov  4 11:19:35 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Mon, 4 Nov 1996 11:19:35 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <Pine.SUN.3.91.961104044408.13104A-100000@eff.org>
Message-ID: <199611041836.MAA01340@manifold.algebra.com>


Declan McCullagh wrote:
> 
> Libertarianism is not incompatible with strict regulations, as long as 
> the rules violate nobody's rights.
> 

I would appreciate an example of "strict regulations" which do not violate
anybody's rights.

	- Igor.





From attila at primenet.com  Mon Nov  4 11:38:46 1996
From: attila at primenet.com (attila at primenet.com)
Date: Mon, 4 Nov 1996 11:38:46 -0800 (PST)
Subject: just what we #$%^&* needed from big brother....
In-Reply-To: <Pine.SOL.3.91.961103154126.12206A-100000@elanor.oit.unc.edu>
Message-ID: <199611041919.MAA07953@infowest.com>


Welcome to 1984+  what else with useless and illegally constituted
bureaucrats add to their total infringement of every facet of our life. 

.NEW SYSTEM LINKS LENDERS, IRS

.The Internal Revenue Service is developing an electronic program to link
.mortgage lenders with the IRS, allowing them to exchange e-mail comparing
.stated earnings on the mortgage application with actual tax return
.information for the previous couple of years.  If the cross-check turns up a
.more than $10,000 discrepancy between the earnings claimed on the application
.and those declared for tax purposes, the IRS has the option of pursuing the
.loan applicant via an audit.  IRS has targeted the system at self-employed
.borrowers, who often declare high earnings in order to qualify for a larger
.loan, but lower earnings when it comes to paying taxes.  "Who knows what
.their real incomes are?" asks one mortgage broker.  

    (St. Petersburg Times 2 Nov 96 D5 courtesy of Edupage)

--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.

  Politicians are like diapers.
    They both need changing regularly, and for the same reason.







From sunder at brainlink.com  Mon Nov  4 11:48:00 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Mon, 4 Nov 1996 11:48:00 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611040326.WAA15698@interport.net>
Message-ID: <Pine.SUN.3.91.961104141734.3858A-100000@beast.brainlink.com>


On Sun, 3 Nov 1996, Will French wrote:

>   Until now, I'd considered the list as a model of a libertarian
> society, with the listowner as the government.  My point is that
> if a mailing list (where physical force is generally not a
> factor) can't be run without arbitrary sanctions against
> members, how could anyone ever hope for a whole society, with a
> real, gun-toting government, to run that way?


Simple.  Go back and read the Constitution of the USA.  You have the 
people carry arms and form militias which only act in the defense of the 
land if need be.  If the people carry arms, they can't be overthrown by a 
gun toting forceful government with such ease as you suppose.  The most 
civilized societies are those where everyone is armed.  You'd be 
surprised at the amount of politeness this encourages.

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder at sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!






From barney at rapidnet.com  Mon Nov  4 11:58:55 1996
From: barney at rapidnet.com (Troy M. Barnhart)
Date: Mon, 4 Nov 1996 11:58:55 -0800 (PST)
Subject: Any Info for Sen. Pressler....
Message-ID: <2.2.32.19961104195703.0069f154@rapidnet.com>


If anyone has any specific bits of info on cryptography, etc...
please feel free to send it to me...

I live in South Dakota...
Due to circumstances I occasionally see and speak 
w/ Senator Larry Pressler - (Committee Leader)...

(btw, I am not a Pressler plant or anything...)

Been talking to him w/ the Burns Bill and such... 

He wants less gov't. control, but does have "concerns" 
w/ the garbage...
And, wants to balance the business and private concerns...

He is open to any info from a "constituent" though...

regards,

barney



He who joyfully marches to music in rank and file has already earned 
my contempt.  He has been given a large brain by mistake, since for 
him the spinal cord would suffice.  -- Mark Twain
E-mail:  barney at rapidnet.com






From m1tca00 at FRB.GOV  Mon Nov  4 12:22:41 1996
From: m1tca00 at FRB.GOV (Thomas C. Allard)
Date: Mon, 4 Nov 1996 12:22:41 -0800 (PST)
Subject: Censorship on cypherpunks [RANT]
In-Reply-To: <327E09AF.489E@gte.net>
Message-ID: <199611042017.PAA05796@bksmp2.FRB.GOV>



This will be my one and only post on the topic.  Let me first say that I 
support Gilmore's decision...

Dale Thorn <dthorn at gte.net> said:
> Adamsc wrote:
>
> > This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
> > There is no obligation to accept anyone.
>
> Isn't this the same argument used by the state whenever they want
> to differentiate between your "rights" and your "privileges"?  Can
> they reject one of your privileges whenever they want to, at their
> discretion?  No.

I don't understand your argument here at all.  There are, in a libertarian 
society, no "positive" rights (that is to say, the government owes you 
nothing).  There are only "negative" rights (that is to say, there are 
things to gov't can not DO to you).

When the gov't talks about censoring the works of Maplethorpe or other 
"offensive" art, I think they have every right to do so since they (we) PAY 
for it.  The gov't does not owe artists the "right" to have their work 
created at the public's expense.  In a libertarian society, the gov't 
wouldn't subsidize speech or art in the first place.  If they want to pay 
for it themselves, the gov't can not restrict them.  They can't force me to 
pay for it.  And no one can force Gilmore to let Vulis destroy cypherpunks.

> So if c-punks is really "private", how does it decide (arbitrarily?)
> who to include and who to reject?

The answer is pretty obvious if you just think about it... if the list is 
"private" (i.e. private PROPERTY), then the person who *owns* it gets to 
make the decision.  The owner can even make the decision arbitrarily.

The decision to remove Vulis, however, does not seem arbitrary.  It was 
not, I think, based on a whim.

If you owned a bar in a libertarian society, and one of your patrons stood 
up on the bar and took a whiz, would you say that his self-expression was 
censored when the bouncer tossed him out on his arse?  Would you call it 
arbitrary?


> Note that I'm not saying that it's absolutely wrong to reject anyone,
> at any time necessarily, I just don't think your last sentence about a
> *private* list was well thought out.

I think it was very well thought out and I think Adamsc knew exactly what 
he was saying.

rgds-- TA  (tallard at frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D







From ses at tipper.oit.unc.edu  Mon Nov  4 12:28:56 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Mon, 4 Nov 1996 12:28:56 -0800 (PST)
Subject: British Telecom merger with MCI
In-Reply-To: <199611041159.GAA21112@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.WNT.3.95.961104152209.-1035279A-100000@hilly.oit.unc.edu>


On Mon, 4 Nov 1996, Peter D. Junger wrote:

> 
> Has anyone figured out how this merger can work, particularly when
> British Telecom will be the surviving party, when those MCI employees
> concerned with the security of communications will not be able to
> disclose any cryptographic software or technical data to their

It's reasonably  trivial to get export licences from both countries 
for foreign subsidiaries. Also, British Telecom and GCHQ have a 
friendly working relationship, and any merger is unlikely to change
these facts.

Simon






From shamrock at netcom.com  Mon Nov  4 12:30:43 1996
From: shamrock at netcom.com (Lucky Green)
Date: Mon, 4 Nov 1996 12:30:43 -0800 (PST)
Subject: Censorship on cypherpunks [RANT]
In-Reply-To: <327E09AF.489E@gte.net>
Message-ID: <Pine.3.89.9611041122.A16513-0100000@netcom9>


On Mon, 4 Nov 1996, Dale Thorn wrote:
[Quoting Adam]
> > This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
> > There is no obligation to accept anyone.
> 
> Isn't this the same argument used by the state whenever they want to differentiate
> between your "rights" and your "privileges"?  Can they reject one of your privileges
> whenever they want to, at their discretion?  No.

Government != private. Why is this so difficult to understand?

> So if c-punks is really "private", how does it decide (arbitrarily?) who to include
> and who to reject?

"It" does not decide. "He" does. John Gilmore is the list *owner*. He can 
decide to remove anyboy from this list. Anytime. For any reason or no 
reason at all. He can even shut down the entire mailing list anytime he 
pleases, for any reason or no reason at all. 

There are no squatters rights in cyberspace.
-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred.
   Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne for President.





From sandfort at crl.com  Mon Nov  4 12:51:53 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 4 Nov 1996 12:51:53 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <327E0677.6618@gte.net>
Message-ID: <Pine.SUN.3.91.961104121108.122E-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 4 Nov 1996, Dale Thorn wrote:

> Am I missing something, or do some people just not get it?

Yes, Dale is missing something, not the other way around.

(a) What John did was NOT censorship.  Dale's sloppy choice of 
    language to the contrary notwithstanding.

(b) Nobody on this list gave up any freedom.  And we are still 
    the beneficiaries of John's largesse, not his victims.

(c) Freedom has been defended not limited.  If Dimitri or even
    a majority of Cypherpunks could overrule Johns control of
    his own resources, then there would have been a loss of
    freedom with dangerous implications for us all. 

Would Dale be so tolerant if Dimitri were loudly using abusive
language towards Dale's mother and others in her own livingroom?  
Would he accuse her of censorship if she asked Dimitri to leave?  
What would he say if she kicked Dimitri out?  Enquiring minds
want to know.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From alan at ctrl-alt-del.com  Mon Nov  4 12:51:57 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Mon, 4 Nov 1996 12:51:57 -0800 (PST)
Subject: [Noise] Re: Censorship on cypherpunks
Message-ID: <3.0b36.32.19961104124921.01141510@mail.teleport.com>


At 12:36 PM 11/4/96 -0600, Igor Chudov @ home wrote:

>I would appreciate an example of "strict regulations" which do not violate
>anybody's rights.

Obviously you have not known any good Dominatrixes.

"Whip me, beat me, make me write bad crypto!"

---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From paul at fatmans.demon.co.uk  Mon Nov  4 12:57:46 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Mon, 4 Nov 1996 12:57:46 -0800 (PST)
Subject: Thank you, John Gilmore, for protecting freedom of spee
Message-ID: <847122169.8846.0@fatmans.demon.co.uk>



> Ironic how the list championed flooding Germany(?) with material in response to their
> suppression of certain "objectionable" material, then gets into this sticky wicket.

Absolutely, 

As much as I might hate Vulis`s stuff (and believe me I do). It is no 
justification for removing him from the list. We are supposed to be a 
platform for the discussion of cryptography but as the list has 
become more and more a libertarian platform for ideas and discussion 
we cannot really justify censorship in this way. I very much wish I 
could say that I agreed with John but I cannot do so with a clear 
conscience.



 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From sandfort at crl.com  Mon Nov  4 13:41:58 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 4 Nov 1996 13:41:58 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611041836.MAA01340@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961104123842.122G-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 4 Nov 1996 ichudov at algebra.com wrote:

> I would appreciate an example of "strict regulations" which do
> not violate anybody's rights.

			"This Property Posted
			Trespassors Will be Shot"

Strict enough for you?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From frissell at panix.com  Mon Nov  4 13:53:51 1996
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 4 Nov 1996 13:53:51 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <3.0b19.32.19961104164654.007192c4@panix.com>


At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
>Libertarianism is not incompatible with strict regulations, as long as 
>the rules violate nobody's rights.
>
>-Declan

Obviously many voluntary religious organizations have quite strict rules
for their members and are compatible with libertarianism.  Government
monopoly regulations that cannot be opted out of are not compatible with
libertarianism.  Instead of using the loaded term "regulations' it might be
better to call things like the rules of the cypherpunk's list "club rules"
or protocols.

DCF





From hua at chromatic.com  Mon Nov  4 13:57:15 1996
From: hua at chromatic.com (Ernest Hua)
Date: Mon, 4 Nov 1996 13:57:15 -0800 (PST)
Subject: Group order for "Secret Power" ... (San Francisco Bay Area only)
Message-ID: <199611042114.NAA01825@ohio.chromatic.com>


I'm looking for 19 other people interested in "Secret Power" (Craig
Potton Publishers has indicated that there is a discount for 20 or
more copies).  If you are in the San Francisco Bay Area, please
contact me by phone or E-Mail.

As usual with these things, I would prefer to see you in person and
have a cash or check committed.  Also remember that the shipping is
quite steep (for the faster methods) ...  The US price uses US$0.71
per NZ$1.00.

                                                 US PRICE
1 Copy
    NZ$27.50 per copy                            US$19.53
    NZ$19.00 for shipping via air                US$13.49
    NZ$12.50 for shipping via economy            US$ 8.88
    NZ$10.00 for shipping via sea                US$ 7.10

20 Copies (per copy)
    NZ$24.75 per copy (10% discount)             US$17.57
    NZ$ 9.50 for shipping via air                US$ 6.75
    NZ$ 7.25 for shipping via economy            US$ 5.15
    NZ$ 5.90 for shipping via sea                US$ 4.19

----
Ernest Hua, Software Sanitation Engineer
Chromatic Research, 615 Tasman Drive, Sunnyvale, CA 94089-1707
Phone: 408 752-9375, Fax: 408 752-9301, E-Mail: hua at chromatic.com





From paul at fatmans.demon.co.uk  Mon Nov  4 14:02:44 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Mon, 4 Nov 1996 14:02:44 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
Message-ID: <847122169.8850.0@fatmans.demon.co.uk>



> Well put!  I tired a long time ago of Dr. Vulis and several others on this
> list.  Rather than bitch about it or resort to the same big brother
> gestapo-censor bullshit we profess to abhor I simply utilized the extensive
> filtering capability of Eudora.
> 
> I don't need "big brother" or big "cypherpunk" censoring my mail for me.
> We have become what we fear the most.  How prophetic and pathetic.

Absolutely,

John, if you, and those who support your actions, claim to be 
libertarians you need to take a good hard look at what you have done.

This is a distinctly "big cypherpunkish" move and really cannot be 
condoned even bearing in mind the inane and wearisome behaviour of 
Dr. Vulis.


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From paul at fatmans.demon.co.uk  Mon Nov  4 14:02:46 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Mon, 4 Nov 1996 14:02:46 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
Message-ID: <847122169.8851.0@fatmans.demon.co.uk>



> The short answer is, No. 

Their problem.

> More specifically, we constantly have
> a stream of new readers sampling Cypherpunks.  Some are 
> technically sophisticated; some are not.  In either case, new
> readers do not have the historical perspective not to fall for
> Dimitri's big lies. 

It is not a requirement in a libertarian forum to tell the truth.

You also seem to be implying that people need protecting from 
Dimitri, much the same authoritarian argument we hear from govt. 
about people needing to be protected from porn/drugs/free spech etc.

> Nor do they have any way of know what an
> abberation his sort of behavior is on this list.  "So this is
> what Cypherpunks are like," would be a sad, but understandable
> misinterpretation of what we're all about.  What John did was 
> appropriate.

I understand the point here but I suggest a note at the top of the 
"welcome to cypherpunks" note every new subscriber gets explaining 
who Dimitri is and how to set up their mailer software to block his 
posts.

 
 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From talon57 at well.com  Mon Nov  4 14:09:57 1996
From: talon57 at well.com (Brian D Williams)
Date: Mon, 4 Nov 1996 14:09:57 -0800 (PST)
Subject: [NONCRYPTO] censorship on cypherpunks
Message-ID: <199611042209.OAA25717@well.com>



I agree with John's decision.

As others have already pointed out, this list (T.A.Z.) exists
because of the generous nature of our host. It quite literally
exists in his home as I recall. (Toad Hall)

John made numerous requests for Dimitri to be polite to his other
guests and was scorned for his attempt. John then removed him from
his residence.

Dimitri is now standing on the virtual sidewalk outside where he
can continue to shout his insults, since as John knows well, his
actions are no more than a "speedbump". Dimitri can get a list feed
from a number of other sources, and can in fact continue to post.

But John has made his point, and his actions hardly constitute
censorship.

Brian

"A government supported artist is an incompetent fool - Lazarus
Long"





From deviant at pooh-corner.com  Mon Nov  4 14:22:32 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Mon, 4 Nov 1996 14:22:32 -0800 (PST)
Subject: British Telecom merger with MCI
In-Reply-To: <199611041159.GAA21112@pdj2-ra.F-REMOTE.CWRU.Edu>
Message-ID: <Pine.LNX.3.94.961104222007.1427B-100000@random.sp.org>


On Mon, 4 Nov 1996, Peter D. Junger wrote:

> 
> Has anyone figured out how this merger can work, particularly when
> British Telecom will be the surviving party, when those MCI employees
> concerned with the security of communications will not be able to
> disclose any cryptographic software or technical data to their
> employer, or to their ``foreign'' bosses and colleagues, without first
> getting permission from the Office of Defense Trade Controls under
> the ITAR?
> 

Crypto developed within a company can be revealed to other parts of the
company, and GB is an ally of the US -- Nobody's going to say anything
when they _do_ "violate" the ITAR

 --Deviant
The world is not octal despite DEC.







From rcgraves at ix.netcom.com  Mon Nov  4 14:45:03 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Mon, 4 Nov 1996 14:45:03 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <199611042242.RAA05013@spirit.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Geez, the traffic has quadrupled, with most of it about Vulis. Get over 
it already!

And so, just to add to the garbage, here's my two cents. :-)

Declan McCullagh wrote:
> 
> Libertarianism is not incompatible with strict regulations, as long as
> the rules violate nobody's rights.

Now, there's an Orwellian statement if ever there was one.

OF COURSE Vulis's "rights" were violated. The question is, so what? The 
decision was neither arbitrary nor capricious. I find the rational 
balancing of rights and responsibilities to be less wrong than defining 
away your opponent's rights.

Since AFAIK there was no precedent for kicking Vulis off, and in fact 
cpunks has long prided itself on absolute anarchy (especially after the 
victory of the Tim May [neutral term for rant] factions over the 
Perrygram faction), there is a "rights" issue. I think cpunks broke an 
implied contract guaranteeing Vulis absolute rant rights. But I also 
think that that's OK.

It's ironic that you're making this argument while a piece from you 
making the opposite argument is still on the news stands. My response to 
your half of the Internet Underground article can be found on Usenet, 
but I think the best summary of my position came in my response to the 
contrary point of view -- concurring in your judgement, but disagreeing 
with your reasoning.

- From <53i4d5$skm at Networking.Stanford.EDU>:

|>FLAMETHROWER
|>By Solveig Bernstein (sberns at cato.org)
|>
|>The decision to remain silent is an act of conscience, just like the
|>decision to speak. So the view that acts of "private censorship"
|>violate rights of free speech is incoherent. If an online service
|>provider ousts a Web site that posts explicit messages about sex, in
|>violation of the terms of their service contract, or a non-profit
|>organization persuades some Internet Service Providers to refuse to
|>host "Holocaust Revisionist" web sites, these decisions do not violate
|>rights of free speech.
|
|I agree, up to a point. The only "right" of free speech is the right to 
|be free from force and threats of force based on the content of speech. 
|As publishers, librarians, archivists, and access providers, though, we 
|have a *duty* to society to tolerate ideas we despise. But this duty
|comes from the public's right to know and from the kind of people we
|are, not from the "rights" of the speakers.
|
|Anyone who claims to be a content-neutral ISP, a librarian, or an
|unbiased source of news who suppresses things she doesn't like is a
|*LIAR AND A FRAUD* because she is giving her audience a dishonest,
|distorted view of the world. Protests against such capricious exercises
|of editorial power are appropriate and are necessary, but they should
|be viewed as attacks on the character of the editor, not defenses of 
|the human rights of the suppressed.

In this case, I think any fair investigation of the facts of the matter 
would clearly demonstrate that Gilmore was right to kick Vulis off, and 
that he was neither acting capriciously nor removing any substantive 
content. I do believe, though, that that's an investigation we must be 
prepared to accept (not that I think anyone's seriously going to ask for 
one, given the relative reputations of the parties involved). Granting 
the cpunks owner absolute property rights over the content of messages 
on the list, though, as you do, while strictly correct, is extremely 
dangerous because it gives license to all kinds of distoritions, lies, 
and fraud. The right of "the public" to inquire and respond must be 
respected.

And it has been, as all these useless threads show.

- -rich
 owner-fight-censorship-discuss at c2.net
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMn5xRioZzwIn1bdtAQH7JwGAhI91c5/AkamPaUUlfkC95sRzmHn6uUx9
j/AGAZQ4QTw6SHdgl5rBu9SkpncTh43b
=Q7O4
-----END PGP SIGNATURE-----





From betty at infowar.com  Mon Nov  4 14:45:18 1996
From: betty at infowar.com (Betty G. O'Hearn)
Date: Mon, 4 Nov 1996 14:45:18 -0800 (PST)
Subject: New On WWW.Infowar.Com  Vol I  #4
Message-ID: <1.5.4.32.19961104224500.007539ac@mail.infowar.com>


                     New On WWW Infowar.Com   Take a look.  Pass it on.


                                            We thank our sponsors:

                                National Computer Security Association
                                         Open Source Solutions
                       New Dimensions International - Security Training
                                      Secure Computing Corporation
                                      HOMECOM Communications
___________________________________________________________
>      
>      *   New Order Theat Analysis: A Literature Survey
>      *   USAF Opens First Information Warfare Training Laboratory
>      *   The E-Bomb- a Weapon of Electrical Mass Destruction.
>      *   Financial Cryptography 1997 (FC97) The world's first financial
>                 cryptography conference, workshop, and exhibition!
>      *   Where is Winn Schwartau? Check out his schedule!
>      *    New Full Body Scanning Planned for US Airport Security; But is it
>                       safe?
>      *   Lighten your load - some randomly offensive funnies.
>      *   Virtual Reality-Training For the Future, points out that there may 
                        be more than one way to learn marksmanship and other
                        skills that may be needed in a military/crisis
environment.
>       *  A valuable resource... Stateless Warfare: Commandant's Planning
>                   Guidance
>       *  IBIS (International Banking and Information Security) Conference
>                    New York City, February 20-21, 1997.
>       * "Infowarrior Road Kit" - Don't leave home without it!
>       *  A valuable resource... G-TWO Open Source Intelligence
>       *  Quasi-technical humor that should really not offend anyone. 11 Tips.
>       *  From Steve Macko, ENN editor, a briefing and analysis on the
>                      Russian military.
>       *  The Ethics of  Information Warfare and Statecraft
                         by Dr Dan Kuehl, NDU. 
>       *  Interview of Winn Schwartau for a Dutch publication by W. Belgers.
>       *  Infosecurity News....check this out!!! 
>       *  A good read by Ralph McGehee on "CIA's Failure of Intelligence RE:
>                       Terrorism"
>       *  Read about the results of Information Weeks' Information Security
>                       Survey: Internet vulnerability, malicious internal
                         attacks by employees and lack of confidence are key
findings.
>       *  Excellent information on How To Get Less Junk Mail...
>       *  U.S. Arms Control and Disarmament Agency 
>       *  Do you want a copy of your FBI file? Or your file with another
>                  agency? Here's how!
>       *  From Sweden, DESTA Newsletter.
>       *  Big money maker for Year 2000 Problem.
          
>*************************************************************
>
>              We are kicking off the discussion group infowar at infowar.com.
>
>              If you are not registered and want to be to receive this list, go
>                   the website and register.  (http://www.infowar.com)
>
>        To start off the moderated discussion that will be posted  in digest
>   form we are  to begin with opening up the topics to non-lethals,  psyops,
>            chemical warfare agents and  WMD.  Hope you participate!
>
>>*************************************************************
>Archives of C4I have been received and will be available after some hardware
>upgrades.
>  
>*************************************************************
>
>                           Announcing Winn Schwartau's New Book - 
>         
>"Information Warfare - Cyberterrorism:  Protecting Your Personal Security In
>the Electronic Age" by Winn Schwartau
>Thunder's Mouth Press, New York. 212.780.0380 
>ISBN:  1-56025-132-8
>Released Date:  October 30, 1996.

>For futher information contact Thunder's Mouth Press at 212.780.0380, your
>local bookstore or  NCSA at 717.258.1816.
>
****************************************************************
DIRECT REQUESTS to:    list at infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe news_from_wschwatau  TO JOIN GROUP
Unsubscribe news_from_wschwartau  TO LEAVE GROUP

****************************************************************

http://www.Infowar.Com
Managed by Winn Schwartau
winn at infowar.com
Interpact, Inc.
11511 Pine St.
Seminole, FL  33772
813-393-6600  Voice
813-393-6361   FAX

Comments, Content, Sponsor Opportunties
Betty O'Hearn
Assistant to Mr.Winn Schwartau
betty at infowar.com
813-367-7277   Voice
813-363-7277    FAX






From dave at kachina.jetcafe.org  Mon Nov  4 14:49:58 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Mon, 4 Nov 1996 14:49:58 -0800 (PST)
Subject: Compromise proposal
Message-ID: <199611042249.OAA22414@kachina.jetcafe.org>


> [this goes to cypherpunks at toad.com and freedom-knights at jetcafe.org. I am
> not reading f-k, but I am interested in Dave Hayes's opinion.]

What weight can my opinion possibly have? This list is apparently
owned by a Mr. John Gilmore. If he's being censorous, that's bad,
but it is apparently within his means to execute said censorship.

> Many members of cypherpunks list are right when they oppose the forced
> unsubscription of Dimitri Vulis from this list. The sorry state of this
> list is not the result of his flames alone, there is a large number of
> people who discuss things of no cryptographic relevance.

Not to speak for the cypherpunks (we all know their reputation) but I 
should think the cypherpunks are savvy enough to know the subjectivity
of the term "on-topic". 

> I propose the following:
> 	1) The block on Dimitri Vulis's subscriptions should be removed
> 	2) We should not impose any limitations on anyone's speech except 3)
> 	3) Dimitri and everyone else should put prefix "[FLAME]" 
>            into all Subject: header fields of their flame-related 
> 	   messages.

Gee. What a great idea. 

> This solution will allow anyone with a clue to use appropriate filtering
> and improve the signal-noise ratio, and at the same time will not in any
> way limit anyone's freedom of speech.

Improving signal to noise is a laughable goal at a social event of
more than 100 people, why do people insist upon trying it on the net?
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Be wary of strong drink.  It can make you shoot at tax collectors and miss







From gbroiles at netbox.com  Mon Nov  4 14:52:14 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Mon, 4 Nov 1996 14:52:14 -0800 (PST)
Subject: Telling quote from Bernstein hearing
Message-ID: <3.0b28.32.19961104142333.0077f868@mail.io.com>


Rich Burroughs wrote:

> I did not find his arguments very persuasive -- he seemed stuck on the idea
> that crypto is not speech, when that had already been ruled against by
> Judge Patel.

As I understand the government's argument, this is what they're trying to say:

Even though code can be speech, if it is executable code it is speech and
something else at the same time. The government is entitled to regulate or
prohibit the export of the "something else" without regard to the speech
component, as long as they are content-neutral with respect to the speech
component. For example, a cruise missile is subject to export control.
Painting words on the side of the missile won't change that. Executable
crypto code is subject to export control, and the fact that it has an
expressive component doesn't change that. The comments about "We don't know
or care what Mr. Bernstein is doing and we're not trying to control his
academic discourse" were intended to emphasize that the government is
content-neutral with respect to the expressive content of his crypto code.
Because the regulations are content-neutral with respect to the expressive
content, they are subject to an "intermediate scrutiny" standard (not the
"strict scrutiny" standard which would be applied if the restrictions were
content-based). The government believes that the AECA and the ITARs can
pass the "intermediate scrutiny" test.

In a nutshell, the government thinks that the expressive content of code is
the algorithm(s) expressed in it. For example, expressive content of PGP
2.x is RSA and IDEA and MD5 and some key management stuff. And they say
that their regulations won't be interpreted to cover versions of that
expressive content which don't take the form of machine-readable code. 

While I think that the entire export control scheme, as it is applied to
crypto today, is an exercise in dishonesty and futility*, I think that the
questions this case presents are difficult questions. I don't think it's
really comprehensible to separate the "expressive content" of source code
from its "functional content", because one dictates the other. Either the
government is able to control the functional content (in which case it
controls the expressive content), and the First Amendment is seriously
curtailed; or the government is unable to control the functional content,
and its ability to control the production and import/export of items of
politico/military significance is seriously curtailed. Historically, courts
have been deferential to the executive branch's ability to control military
and political/diplomatic matters. 

Either way, someone's pissed off, and someone thinks the court is sending
the country to hell in a handbasket. The "crypto is central to national
security" argument shouldn't be dismissed summarily - at least not if you
think Tim's predictions about cryptoanarchy are accurate. Crypto _is_
important. Crypto _is_ significant in the political and military venues.

(* It's dishonest and futile because it is insufficient to reach its stated
goals - if the purpose is to prevent the spread of strong crypto worldwide,
the government must control the expression of strong crypto algorithms and
techniques in all media and all forms. Such regulation would be
incompatible with the First Amendment and freedom generally. The present
regulations are so poorly matched to the apparent goal that I suspect they
have another purpose; and I suspect that purpose is to control the domestic
development of strong crypto. And attempting to do so while claiming to do
something else is dishonest. (That result is also incompatible with the
First Amendment and freedom generally.) And that's what I think of crypto
regulations, whether or not I appear to be agreeing with the government.) 
--
Greg Broiles                |  "We pretend to be their friends,
gbroiles at netbox.com         |   but they fuck with our heads."
http://www.io.com/~gbroiles |
                            |






From alan at ctrl-alt-del.com  Mon Nov  4 14:56:45 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Mon, 4 Nov 1996 14:56:45 -0800 (PST)
Subject: [Portland] Cypherpunks party at Orycon 18
Message-ID: <3.0b36.32.19961104134016.01141510@mail.teleport.com>


Orycon 18 is a local Science Fiction convention held at the Red Lion hotel
at Janzen Beach this weekend.  I will be having a room party for
Cypherpunks and related crypto-anarchist-types sometime during the
convention.  Anyone who wants more information, just drop me a line.

I will be on a couple of Internet related panels, as well as a "PGP and
Cryptography panel".  Anyone interested in helping out with those, contact
me as well.

---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From sandfort at crl.com  Mon Nov  4 14:56:52 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 4 Nov 1996 14:56:52 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8851.0@fatmans.demon.co.uk>
Message-ID: <Pine.SUN.3.91.961104131800.6281A-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 3 Nov 1996 paul at fatmans.demon.co.uk wrote:

> It is not a requirement in a libertarian forum to tell the truth.

Granted, but neither is it a requirement to suffer fools.
 
> You also seem to be implying that people need protecting from 
> Dimitri, much the same authoritarian argument we hear from govt. 
> about people needing to be protected from porn/drugs/free spech etc.

(a) I have it on good authority, that "authoritarian" does not
    mean what Paul apparently thinks it does.  Look it up, Paul,
    and then let us know if that's what you actually meant.  
    (Hint:  No one has suggested unquestioning obedience.  A
    better accusation--though still incorrect in the instant 
    case--would be of "paternalism.")

(b) I assure you, that was NOT my implication.  My position is 
    that (1) keeping that sort of noise down is a good thing,
    and (2) it's John's machine and John's call, not ours.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From jya at pipeline.com  Mon Nov  4 15:18:48 1996
From: jya at pipeline.com (John Young)
Date: Mon, 4 Nov 1996 15:18:48 -0800 (PST)
Subject: Cypherpunk Inquest?
Message-ID: <1.5.4.32.19961104231716.006ac1a0@pop.pipeline.com>


Return-Path: lzkoch at mcs.net
X-Sender: lzkoch at popmail.mcs.net
Date: Mon, 04 Nov 1996 12:28:29 -0600
To: jya at pipeline.com
From: Lewis Koch <lzkoch at mcs.net>
Subject: Regarding a story for Upside Magazine

John Young:

This is an identical letter to a limited number of contributors to
Cypherpunks regarding an article I will be writing for Upside Magazine about
the Cypherpunks List -- its history and the current controversies it now
seems to be facing.

(I'm the person who uncovered the Gorelick/"Manhattan project" story. A more
recent "Cybersense" column dealt with Chicago Police Superintendent Matt
Rodriguez wanting to escape from a 1974 Federal Court injunction against
police department spying on "radicals" so that he could now join in on
investigating Cyberterrorists. See http://www.upside.com/ )  I will  be
writing a number of articles for the magazine itself.  I have been "lurking"
on Cypherpunks for about nine months with only one communications to the
list regarding a request for leads on "Snake Oil" stories.)

I would like to better understand and be able to explain to Upside readers
why several members have chose to "leave" the List.

Perry Metzger and others have argued that flaming and extraneous personal
attacks have negatively impacted serious discussions of encryption, hacking
and public policy and thus they have chosen to end their relationship and
their writings on Cypherpunks, with Metzger forming his own, moderated list.
Others contributors to Cypherpunks have argued that there have been
"distractions" rants about religion, assassination politics, and language
which are inappropriate for the List membership.

Late last week John Gilmore wrote and said he had taken steps to remove Dr.
Vulis from the list which has prompted differing responses.  Some have
responded positively to Gilmore's actions while others have said that it was
an affront to freedom of speech and individual decision-making.

(I have very deliberately chosen _not_ to make this an open letter to the
list, nor will I engage in any open List-dialogue about the people I am
interviewing or what I expect to write.  Naturally I will respond to
individuals once the article is published.)  

I do not expect to be able to publish your responses in their entirety.
They will be edited with honesty and clarity.   I have no agenda here.

I will consider all your written and/or phone communications to be "on the
record" unless you specifically wish prior selected and/or identified parts
of your communications to be "off the record" or "for background purposes
only."  I will _not_ publicly announce a full list of those I have
contacted.  While you are of course free to share this letter with others, I
have already made fairly firm decisions as to who I will contact.  I would
ask that your circulation be highly limited, if circulate you must.  On the
other hand, I will seriously consider suggestions you might offer me
regarding other people who you believe I should contacted regarding this
article. The article will be lengthy but I do not entertain the idea -- at
this point -- about expanding the article into a book length manuscript.
That doesn't mean that if thousands upon thousands gather outside by home
demanding more information, that sometime in the future...

I would prefer to communicate in the open, mainly because I am just now
somewhat tenuously managing PGP through Private Idaho. Those of you who
insist your communications be encrypted, well, it's probably good for my
soul that I honor your request.

Here are the questions I would like you to consider.  Please do not consider
them "definitive" or limiting.  If you believe I have missed out on pursing
certain avenues of thought and argument, please do not hesitate to point
them out to me.  I will note that I will be looking at the history of the
list and I have noted the letter from Hal Finney regarding
http://chaos.taylored.com:1000

I do not expect to write a general follow-up question to this entire list
but I may wish to seek further clarification from individuals from their
answers to this letter.

Thank you, in advance, for what I know will be thoughtful and considered
responses.
 
	*	*	*	*	*	*

1.  What was the original purpose of the Cypherpunks list and has it
changed?  For the better?  Worse?

2.  Does the apparent breakup reveal anything in general about unregulated,
unmoderated lists?  Can one make a link to the breakup to an inherent
failure in the concept of anarchism? Can one make a link from this breakup
to any insight in the nature of the Net itself -- both now and in the
future.     

3.  What do you think led to the  growing number of highly personal, highly
inflammatory attacks made on various contributors to the list -- Tim May
most especially. 

4.  Do you consider discussions about religion, assassination politics, and
other non- cryptographic/encryption subjects to be "distractions" or
substantive additions to intellectual inquiry?  Are some threads more
valuable than others?

5.  Has the list imploded or veered off in a new, positive direction?  



I would ask that you use the header "Cypherstory" in your response and
Cypherstory 1, 2 etc. for further communications, additions, changes.
**********************************************************
Thank you


Lewis Z Koch
lzkoch at mcs.net
http:www.upside.com/
"Cybersense" column







From snow at smoke.suba.com  Mon Nov  4 15:40:29 1996
From: snow at smoke.suba.com (snow)
Date: Mon, 4 Nov 1996 15:40:29 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611040326.WAA15698@interport.net>
Message-ID: <199611042347.RAA08151@smoke.suba.com>


> > It's only authoritarianism if the government is involved. 
> > Clearly, the government isn't involved in this matter.
>   Until now, I'd considered the list as a model of a libertarian
> society, with the listowner as the government.  My point is that
> if a mailing list (where physical force is generally not a
> factor) can't be run without arbitrary sanctions against
> members, how could anyone ever hope for a whole society, with a
> real, gun-toting government, to run that way?

     At first I had a big problem with Vulva being kicked off the list, 
but I thought about it a while, and as more information developed I came
to the following conclusion:

     Vulis wasn't banned from the list because of _off topic_ posts, nor
was he booted for descenting opnions. He was not removed without warning,
nor for an occasional flame. He was removed for persistent off-topic 
flaming, after at least one warning, and several people asking him to stop.

     The closest anology I can find in real life would be a bar, were people
any person (well, any person old enough, but we'll ignore that) is allowed 
to wander in, order a drink, watch TV, shout at the screen ocassionally 
eat the pretzels and etc. Off in the corner you have a drunk dancing off
time to the noise on the jukebox, but most of the patrons can ignore him.

    Vulis is sitting square in the middle of the bar, sloshed to the gills
throwing pretzels and peanuts at both fans of the opposing team, and 
fans of his team. Screaming at the top of his lungs about the quarterback 
for a totally different team fumbling the ball in the 1970 world series.

    The bar tender asks Vulis politely to cease and desist. Vulis pours 
his beer on him. Vulis then demands another drink, insisting it is his
right to a beer. At this point the Big Bearded Guy at the door with the 
USMC tattoo, and the 37 knife scars drops his ham sized mit on Vulis's  
shoulder. 

     "Buddy" he says "If you don't quiet down and watch the game I'm going
to have to ask you to leave".   

     "Fuck you, you ignorant sovek <spit> pansy" was Vulis' reply. 

     The next sound was Vulis' head opening the door so the rest of his body 
could follow it onto the street, where he stands screaming curses at the 
patrons and the doorman.

     Of course now it is quieter inside, and the noise level will drop even
more once Vulis quiets down, sobers up, or just goes home, and after the 
other drunks quit pondering the situation aloud, and go back to discussing 
the game. Then the only obstruction will be the drunk in the corner who 
keeps stumbling into the jukebox, causing the record to scratch.

     Then there is the patron who left the bar a couple weeks ago in disgust
because he didn't want to talk _about_ football, he just wanted to 
discuss how to make the pitchers better able to slam dunk, and he is planning
to open his own bar down the street...


 
Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From m5 at tivoli.com  Mon Nov  4 15:40:56 1996
From: m5 at tivoli.com (Mike McNally)
Date: Mon, 4 Nov 1996 15:40:56 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8850.0@fatmans.demon.co.uk>
Message-ID: <327E7E55.51AE@tivoli.com>


paul at fatmans.demon.co.uk wrote:
> 
> John, if you, and those who support your actions, claim to be
> libertarians you need to take a good hard look at what you have 
> done.

John owns toad.com.  John can do what he wants to with it.  End of
story.

> This is a distinctly "big cypherpunkish" move 

Hogwash.  "Big cypherpunkish".  Snort.  Like exclusion from the cp
list has some actual societal import.

> and really cannot be condoned 

I hereby condone it.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!





From bdavis at thepoint.net  Mon Nov  4 16:16:31 1996
From: bdavis at thepoint.net (Brian Davis)
Date: Mon, 4 Nov 1996 16:16:31 -0800 (PST)
Subject: Telling quote from Bernstein hearing
In-Reply-To: <Pine.SUN.3.91.961103183821.8637A-100000@eff.org>
Message-ID: <Pine.BSF.3.91.961104191405.28750C-100000@mercury.thepoint.net>


On Sun, 3 Nov 1996, Declan McCullagh wrote:

> Tony Coppolino was also the Justice Department's lead attorney in the CDA 
> case in Philadelphia. The Feds are grooming lawyers who have a clue about 
> the Net.

Indeed.  At no small expense, DOJ has been training "CTCs" for each 
U.S. Attorney's office.  CTC stands for "Computer and Telecommunications 
Fraud Coordinator."   I know one guy who got sent to four conferences, 
including one with the Famous But Incompetents at Quantico, but who then 
had the bad taste to leave government employ!

EBD


> 
> -Declan
> 
> 
> 
> On Sat, 2 Nov 1996, Lucky Green wrote:
> 
> > In the recent hearing of the Bernstein case, Anthony Coppolino for the 
> > Justice Department said:
> > 
> > 
> > "We don't care about the theory; we don't care about
> > the idea Mr. Bernstein has, which was to take a particular type
> > of algorithm and use it to allow for an encrypted interactive
> > conversation.  That's his idea.
> > We don't care about his idea; we care about the
> > result of what it can do."
> > http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/
> > 960920.transcript
> > 
> > Encrypted interactive conversations seem to be something to be concerned 
> > about...They are afraid of us.
> > 
> > -- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred.
> >    Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
> >    Vote Harry Browne for President.
> > 
> > 
> 
> 
> // declan at eff.org // I do not represent the EFF // declan at well.com //
> 
> 
> 





From karlton at netscape.com  Mon Nov  4 16:35:04 1996
From: karlton at netscape.com (Philip L. Karlton)
Date: Mon, 4 Nov 1996 16:35:04 -0800 (PST)
Subject: free SSL CAs?
In-Reply-To: <Pine.GSO.3.95.961103231441.3151I-100000@kimbark.uchicago.edu>
Message-ID: <327E8B63.1D5C@netscape.com>


Sam Quigley wrote:
> 
> I've set up my own CA, and given myself my own cert., but having the same
> server you're interacting with being the one that's the CA for the
> transaction leaves the setup open to man-in-the-middle attacks (I'd think,
> at least...).

It's up to the user (at least with the Netscape Navigator) to decide
what CA certificates or particular server certificates to trust.
Self-signed certificates are logically at the root of any certificate
chain.

PK
--
Philip L. Karlton			karlton at netscape.com
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation

    Everything should be made as simple as possible, but not simpler.
	-- Albert Einstein





From paratama at idola.net.id  Mon Nov  4 16:36:51 1996
From: paratama at idola.net.id (paratama at idola.net.id)
Date: Mon, 4 Nov 1996 16:36:51 -0800 (PST)
Subject: UNSUBCRIBE CENSORSHIP
Message-ID: <9611050040.AA21525@merak.idola.net.id>


UNSUBCRIBE CENSORSHIP






From elam at art.net  Mon Nov  4 17:05:07 1996
From: elam at art.net (Lile Elam)
Date: Mon, 4 Nov 1996 17:05:07 -0800 (PST)
Subject: black high heal shoes?
Message-ID: <199611050102.RAA27424@art.net>



Hi all,

I had the strangest dream this morning. I drempt that I had 
forgotton to vote!  

As I was heading for the poles, I saw Dole heading into the
poles wearing a man's coal grey/black suit and womens' black high 
heal shoes. It was pretty bazzar.... I wonder what it means?
It was pretty scary...

Turns out I was too late getting to the poles to vote and I awoke
in a panic thinking I had missed it all. I turned to my sleeping
babe and after I awoke him, he assured me that voting happens 
tomorrow.

Whew!

-lile





From dlv at bwalk.dm.com  Mon Nov  4 18:13:01 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 18:13:01 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <Pine.SUN.3.91.961104044408.13104A-100000@eff.org>
Message-ID: <mqawwD6w165w@bwalk.dm.com>


[This was sent directly to me, but apparently cc's to c-punks as well]

Declan McCullagh <declan at eff.org> writes:

> Libertarianism is not incompatible with strict regulations, as long as
> the rules violate nobody's rights.

Let's not confuse strict regulation with arbitrary and capricious plug-pulling.

If the rules say something like, "Whoever incites an ethnic flame war*, or
a religious flame war**, or posts long diatribes that have nothing to do with
cryptoanarchy***, shall be kicked off the mailing list", then they don't seem
to apply to everyone who violates them.

* E.g. by calling multiple posters "crazy Russians"

** E.g. by attacking the poor hapless mormons :-)

*** E.g. by ranting about third-world debt

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Mon Nov  4 18:13:58 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 18:13:58 -0800 (PST)
Subject: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <2.2.32.19961104092840.006fda90@portal.connect.ab.ca>
Message-ID: <6eBwwD8w165w@bwalk.dm.com>


Joe Robinson <joe at connect.ab.ca> writes:
>         I'm sure that the decision wasn't made hastily or lightly.  It
> doesn't change anything though - the damage is done.  If even one person
> doubts the credibility or integrity of either John or the list, then Dr.
> Vulius has won.

I won, but you misspelled my name. Yes, John Gilmore has complete destroyed
his credibility together with whatever goodwill I personally had toward him
- a pity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Mon Nov  4 18:15:33 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 18:15:33 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611041836.MAA01340@manifold.algebra.com>
Message-ID: <4JBwwD9w165w@bwalk.dm.com>


ichudov at algebra.com (Igor Chudov @ home) writes:

> Declan McCullagh wrote:
> >
> > Libertarianism is not incompatible with strict regulations, as long as
> > the rules violate nobody's rights.
>
> I would appreciate an example of "strict regulations" which do not violate
> anybody's rights.

Now that's a good point. The First Amendment says "The Congress shall pass
no law..." Doesn't that restrict the Congress's rights as a whole, and each
member's right to vote for bills that violate the Amendment? In GB, they
_generally frown on any restrictions on what laws the Parliament can pass -
the adage is "the Parliament's hands shall not be tied".

Does saying "The list owner should not kick people off the list for speech"
violate the list owner's right to free speech? That depends on whether plug-
pulling (and mailbombing and ping-storming and other obnoxious behavior)
is speech.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From haystack at cow.net  Mon Nov  4 18:35:42 1996
From: haystack at cow.net (Bovine Remailer)
Date: Mon, 4 Nov 1996 18:35:42 -0800 (PST)
Subject: [CRYPTO] Death of USENET Cabal Predicted, Film at 11
Message-ID: <9611040620.AA02296@cow.net>



               VICTORY _____________________^_.
             KOOKS RULE            CANCELBOT|..`.
            SPAM IS GOOD            SPAMBOT |...= s P a M  O==-o    <- Cabal
           FUCK THE CABAL          GRUBORBOT|...~           \ |\
          HAIL  DR. GRUBOR------------------v~~            ~~ 
           DEATH TO UUNET          
            DRG CJ3 AGA`           
               BOURSY`  `            
                DLV`  `            





From declan at eff.org  Mon Nov  4 18:45:56 1996
From: declan at eff.org (Declan McCullagh)
Date: Mon, 4 Nov 1996 18:45:56 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611041836.MAA01340@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961104183349.23959C-100000@eff.org>


Brigham Young University's censorhappy speech codes. Or me inviting
someone into my home and kicking them out if I feel like it.

-Declan


On Mon, 4 Nov 1996 ichudov at algebra.com wrote:

> Declan McCullagh wrote:
> > 
> > Libertarianism is not incompatible with strict regulations, as long as 
> > the rules violate nobody's rights.
> > 
> 
> I would appreciate an example of "strict regulations" which do not violate
> anybody's rights.
> 
> 	- Igor.
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From jimbell at pacifier.com  Mon Nov  4 18:56:13 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 4 Nov 1996 18:56:13 -0800 (PST)
Subject: Any Info for Sen. Pressler....
Message-ID: <199611050256.SAA07039@mail.pacifier.com>


At 12:57 PM 11/4/96 -0700, Troy M. Barnhart wrote:

>Due to circumstances I occasionally see and speak 
>w/ Senator Larry Pressler - (Committee Leader)...
>Been talking to him w/ the Burns Bill and such... 
>He wants less gov't. control, but does have "concerns" 
>w/ the garbage...

What does the Burns Bill have to do with "the garbage"?  We're not talking 
about the CDA...


>And, wants to balance the business and private concerns...

Tell him that we get real nervous when someone uses the phrase, "wants to 
balance."  It contains the implicit assumption that the market ("The 
Market") is somehow incapable of providing that "balance."  It also seems to 
assume that the person using the term has the AUTHORITY to "balance" those 
issues.  While senators probably assume that they always have the authority 
to do whatever they want, there is no reason to believe that this should be 
true given the ostensible restrictions of government power in the US 
Constitution.  Since the Internet is really just a large conglomeration of 
private property acting together in cooperation, the government's role should 
be at best quite limited, if not non-existant.


Jim Bell
jimbell at pacifier.com





From sandfort at crl.com  Mon Nov  4 19:00:22 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 4 Nov 1996 19:00:22 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8850.0@fatmans.demon.co.uk>
Message-ID: <Pine.SUN.3.91.961104181608.24626A-100000@crl4.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 3 Nov 1996 paul at fatmans.demon.co.uk wrote:

> John, if you, and those who support your actions, claim to be 
> libertarians you need to take a good hard look at what you have
> done.

The core basis of libertarianism, the non-aggression principle,
is usually expressed something like this:

"No one has the right to initiate force for fraud against another."

Perhaps Paul would be so kind as to tell us how he believes John 
has violated this standard.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From declan at eff.org  Mon Nov  4 19:04:38 1996
From: declan at eff.org (Declan McCullagh)
Date: Mon, 4 Nov 1996 19:04:38 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <3.0b19.32.19961104164654.007192c4@panix.com>
Message-ID: <Pine.SUN.3.91.961104183920.23959D-100000@eff.org>


Excellent point and well taken. "Regulations" is misleading; "rules" is a 
better term.

Think the Catholic Church and its historical penchant for excommunication.

-Declan


On Mon, 4 Nov 1996, Duncan Frissell wrote:

> At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
> >Libertarianism is not incompatible with strict regulations, as long as 
> >the rules violate nobody's rights.
> >
> >-Declan
> 
> Obviously many voluntary religious organizations have quite strict rules
> for their members and are compatible with libertarianism.  Government
> monopoly regulations that cannot be opted out of are not compatible with
> libertarianism.  Instead of using the loaded term "regulations' it might be
> better to call things like the rules of the cypherpunk's list "club rules"
> or protocols.
> 
> DCF
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From dlv at bwalk.dm.com  Mon Nov  4 19:18:25 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 4 Nov 1996 19:18:25 -0800 (PST)
Subject: [NOISE] If the shoe fits, wear it
In-Reply-To: <199611040630.WAA02244@netcom6.netcom.com>
Message-ID: <gVgwwD12w165w@bwalk.dm.com>


frantz at netcom.com (Bill Frantz) writes:
> IMHO, most of the posts about John Gilmore's action re: Dr. Vulis are
> seriously miss-analyzing what has happened.  As far as I can tell, John
> instructed his Majordomo to refuse subscription requests to cypherpunks
> from Dr. Vulis.  That is all that John has done.

That's essentially correct. Apparently he a) unsubscribed me from the
list, b) instructed his Majordomo at toad.com not to respond to _any requests
from me, including "who" or "help". It might have been more polite to
instruct the Majordomo to say something like "I'm ignoring your requests
per the owner's instructions" rather than just play dead.

I recall that a couple of weeks ago Timmy May (fart) reported that someone
had forged an unsubscription request from me in _his name, which didn't work.

It took me very little time to realize what happened. I might or might
not have used that time more productively. I view John's rude actions
as those of a small-time petty bitch - a minor nuisance. It might have
been a bigger nuisance for someone less clueful.

> (1) John has not censored Dr. Vulis.  He is still free to speak to
> cypherpunks by posting in the normal manner.

I've pointed out already that apparently John is not, so far, filtering out my
submissions to the c-punks list. However I'd like to take exception with the
two claims made in the articles cc'd to me so far:

A that only governments can censor;

B that post-factum punishment for "inappropriate" speech is not censorship.

As to A, I'll quote the fat "Webster's 20 Century dictionary":

Censor, n. {l. censor, from censere, to tax, value, judge.]

1. One of the magistrates in Ancient Rome whose business was to draw up a
register of the citizens and the amount of their property, for the purposes of
taxation, and to keep watch over the morals of the citizens, for which purpose
they had power to censure vice and immorality by inflicting a public mark of
ignominy on the offender.

2. any supervisor of public morals; a person who tells people how to behave.

3. a person whose task is to examine literature, motion pictures, etc., and to
remove or prohibit anything considered unsuitable.

4. an official or military officer who reads publications, mail, etc. to remove
any information that might be useful to the enemy.

5. one who censures, blasmes, or reproved; one who is given to censure; any
faultfinder or adverse critic.

6. In English colleges and universities, an official appointed to keep the
register of all who attend, to mark those who are absent each day on meeting,
to report faults, etc.

7. in psychoanalysis, censorship.

(I guess the Internet falls under 'etc'.) I don't see working for the state
as part of the definition, except for #1, nor the prior restraint.

If I may adduce a recent example from New York City: ABC owns a radio station,
appropriately called WABC. It used to have a collection of popular talk radio
hosts. _Weeks after Disney bought ABC, it fired two (that I know of)
contraversial hosts that were not compatible with Disney's family-oriented
image: Alan Derschowitz (a liberal Harvard law school professor) and Bill Grant
(a right-winger, who immediately got a job with WOR, a New Jersey station).

Certainly Disney owned WABC and was within its rights to censor it. Likewise
John Gilmore is within his rights to destroy his own credibility and to expose
his own hypocricy. It's really a pity, since I used to respect him.

As to B, nowhere is censorship limited to prior restraint. This fallacy
reminds me of the old political joke: Any Chinaman is free to demonstrate on
Tiananmen Square and shout "Fuck Mao", but he may not remain free afterwards.

P.S. Thanks, Bill, for spelling my name correctly.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From adam at homeport.org  Mon Nov  4 19:31:09 1996
From: adam at homeport.org (Adam Shostack)
Date: Mon, 4 Nov 1996 19:31:09 -0800 (PST)
Subject: British Telecom merger with MCI
In-Reply-To: <Pine.WNT.3.95.961104152209.-1035279A-100000@hilly.oit.unc.edu>
Message-ID: <199611050326.WAA14085@homeport.org>


Simon Spero wrote:

| On Mon, 4 Nov 1996, Peter D. Junger wrote:
| > Has anyone figured out how this merger can work, particularly when
| > British Telecom will be the surviving party, when those MCI employees
| > concerned with the security of communications will not be able to
| > disclose any cryptographic software or technical data to their
| 
| It's reasonably  trivial to get export licences from both countries 
| for foreign subsidiaries. Also, British Telecom and GCHQ have a 
| friendly working relationship, and any merger is unlikely to change
| these facts.

Phil Karn failed to get an export license for 3des for foriegn offices
of Qualcomm, staffed by Americans.  See
www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 

Adam


-- 
Celebrate Guy Fawkes day.  Send a revolutionary to Congress.







From cman at c2.net  Mon Nov  4 19:41:05 1996
From: cman at c2.net (Douglas Barnes)
Date: Mon, 4 Nov 1996 19:41:05 -0800 (PST)
Subject: NSA Report: Anyone seen this?
Message-ID: <2.2.32.19961105013727.008c3764@blacklodge.c2.net>



The paper does, however, repeat the "infinity liability"
fallacy. (See: http://www.c2.net/~cman/)

At 02:38 PM 11/3/96 -0800, you wrote:
>I just finished reading the report "How to Make a Mint: The Cryptography of
>Anonymous Electronic Cash" by Law, Sabett & Solinas. It can be found at
><http://jya.com/nsamint.htm>.
>
>It is very well written with only identification of the issues except in
>the last short paragraph where they clearly lean toward government
>interests.
>
>They identify and distinguish interests of the bank, the consumer's
>privacy, and the government. Some of the measures that they describe
>(providing for traceability) might well be done by a bank operating in an
>anarchy. Imagine that you are running a bank in an anarchy and the son of
>one of your good customers is kidnapped and held for ransom. Suppose that
>the kidnapper is a good customer of another bank with whom you have an
>arm's length relation. The arguments are not simple. Only towards the end
>does the paper begin to conflate the interests of the government and the
>bank. Some of the law enforcement purposes that they describe would apply
>to the anarchy bank, others would not.
>
>The paper is the best description I have seen of several advanced money
>schemes. It has a better description of Chaum's off-line scheme than I had
>seen before. It describes sever even more advanced schemes, both abstracted
>form the mathematical details, and then with the details filled in.
>
>
>
>






From Adamsc at io-online.com  Mon Nov  4 19:42:58 1996
From: Adamsc at io-online.com (Adamsc)
Date: Mon, 4 Nov 1996 19:42:58 -0800 (PST)
Subject: Censorship on cypherpunks [RANT]
Message-ID: <19961105034103953.AAA217@localhost>


On Mon, 04 Nov 1996 07:20:15 -0800, Dale Thorn wrote:

>> >  I'm quite upset about this.  Up to now I was able to tell
>> >people that "there is at least one mailing list on the net that
>> >functions in a completely open manner".  No more.

>> This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
>> There is no obligation to accept anyone.

>Isn't this the same argument used by the state whenever they want to differentiate
>between your "rights" and your "privileges"?  Can they reject one of your privileges
>whenever they want to, at their discretion?  No.
>So if c-punks is really "private", how does it decide (arbitrarily?) who to include
>and who to reject?

It's a big difference.  Can you set up your own mailing list? Yes.  Can you
go elsewhere? Yes.  Can Mr. Vulis send email directly to list-members anyway?
Yes.

Can you do the same if the government runs it? No.   Can you set up your own
list/printing press* if the state won't publish your ideas? No.

One could apply a similar rationale to socialism - after all, it may seem
like an extension of "love your neighbor" to take care of their needs, which
is certainly a laudable goal.  That's not the problem.  The problem is when
it becomes mandated *with no alternatives*.

#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From cypher at cyberstation.net  Mon Nov  4 20:09:52 1996
From: cypher at cyberstation.net (cypher at cyberstation.net)
Date: Mon, 4 Nov 1996 20:09:52 -0800 (PST)
Subject: "Montgolfiering" mindlessness
In-Reply-To: <199611010131.RAA19080@netcom6.netcom.com>
Message-ID: <Pine.BSI.3.95.961104220714.1737A-100000@citrine.cyberstation.net>




On Thu, 31 Oct 1996, Bill Frantz wrote:

> At  2:18 AM 10/31/96 -0600, cypher at cyberstation.net wrote:
> >Talk the talk |= Walk the walk`
> >
> >If we could bottle up all the hot air espoused by fools like you, we
> >could solve the worldwide energy crisis. Obviously, you are not interested
> >in the facts. You engage in baneful contravallation of jabberwocky since
> >you, and the others so predisposed, are totally clueless with regard to
> >how to break the algorithm.0
> >
> >Now let us hear your plaintive wail of the lame brain excuse about
> >not wanting to waste your time, always the indicant of intellectual pap
> >and intellectual cowardice/dishonesty by super mouthers like you. I may be
> >mindless, but obviously you and Mr. Franz are  brainless, or otherwise you
> >would try to prove something instead of beating off your brains and mouth
> >about it. As with Perry, and  others your information content is:
> 
> Quite a flame.  And just because I said I liked the spoof of Don Woods'
> style too.  (N.B. The slightly different version of the above that was
> privately forwarded to me spelled my name correctly, both in the text and
> the address.)
> 
Yes, I misspelled your name and that is why I sent the separate copy
to you. I apologize for misspelling your name.

Kindest regards,

Don Wood> 
> 






From cypher at cyberstation.net  Mon Nov  4 20:18:09 1996
From: cypher at cyberstation.net (cypher at cyberstation.net)
Date: Mon, 4 Nov 1996 20:18:09 -0800 (PST)
Subject: Montgolfiering Spoof
In-Reply-To: <199611010919.KAA04730@basement.replay.com>
Message-ID: <Pine.BSI.3.95.961104221209.1737B-100000@citrine.cyberstation.net>




On Fri, 1 Nov 1996, Anonymous wrote:

> 
> At 10:47 AM -0500 10/31/96, Rabid Wombat wrote:
> >On Wed, 30 Oct 1996, Bill Frantz wrote:
> >
> >> Gee, I put that post in the same place I carefully keep my back issues of
> >> the Cypherpunks Enquirer.
> >> 
> >
> >Bill, you must be humor-impaired. That piece was a great send-up of 
> >Woods. I was laughing 'til tears spilled down an shorted out my keyboard. 
> >I dunno who posted that, but I'm in awe.
> 
> Thanks.
> 
> I know the author rather well, and he assures me he dashed off this
> satirical piece in about as much time as he takes to write his normal
> articles. He tells me that once he had "grokked" the inimitable (not) style
> of Don Wood, it was easy to write a screed that echoed Wood's wackiness.
> 
> Of course, for people who read satire on this list, the initials at the end
> are a clue. But don't publish who you think it is, as KVFP doesn't want a
> lawsuit from Wood for hurting Wood's feelings.
> 
> --KVFP
> 
That person is not about to get a lawsuit from me about anything. I
have more important things to do with my time. I enjoyed it very much
myself and had a good laugh too. Please keep it up, you are good at it.

Kindest regards, 

Don Wood

> -- > 
> 
> --
> 






From cypher at cyberstation.net  Mon Nov  4 20:23:57 1996
From: cypher at cyberstation.net (cypher at cyberstation.net)
Date: Mon, 4 Nov 1996 20:23:57 -0800 (PST)
Subject: Montgolfiering Spoof
In-Reply-To: <199611010919.KAA04730@basement.replay.com>
Message-ID: <Pine.BSI.3.95.961104221833.2559A-100000@citrine.cyberstation.net>




On Fri, 1 Nov 1996, Anonymous wrote:

> 
> At 10:47 AM -0500 10/31/96, Rabid Wombat wrote:
> >On Wed, 30 Oct 1996, Bill Frantz wrote:
> >
> >> Gee, I put that post in the same place I carefully keep my back issues of
> >> the Cypherpunks Enquirer.
> >> 
> >
> >Bill, you must be humor-impaired. That piece was a great send-up of 
> >Woods. I was laughing 'til tears spilled down an shorted out my keyboard. 
> >I dunno who posted that, but I'm in awe.
> 
> Thanks.
> 
> I know the author rather well, and he assures me he dashed off this
> satirical piece in about as much time as he takes to write his normal
> articles. He tells me that once he had "grokked" the inimitable (not) style
> of Don Wood, it was easy to write a screed that echoed Wood's wackiness.
> 
> Of course, for people who read satire on this list, the initials at the end
> are a clue. But don't publish who you think it is, as KVFP doesn't want a
> lawsuit from Wood for hurting Wood's feelings.
> 
> --KVFP
> 
I do not intend to bring any lawsuit about any spoof. I have more
important things to do with my time. I enjoyed it too  and had some good
laughs. Keep it up, it helps us to keep everything in perspective,

Kindest regards,

Don Wood 

> --
> 
> 
> --
> 






From hallam at ai.mit.edu  Mon Nov  4 20:58:02 1996
From: hallam at ai.mit.edu (Hallam-Baker)
Date: Mon, 4 Nov 1996 20:58:02 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <55k974$ot4@life.ai.mit.edu>
Message-ID: <327ECAC8.2781@ai.mit.edu>


Bill Frantz wrote:
> 
> As I put on my flame resistant suit...
> 
> IMHO, most of the posts about John Gilmore's action re: Dr. Vulis are
> seriously miss-analyzing what has happened.  As far as I can tell, John
> instructed his Majordomo to refuse subscription requests to cypherpunks
> from Dr. Vulis.  That is all that John has done.  What John has not done
> is:

Of course John was right to give Vilus the boot. Cypherpunks is a club
and like many private clubs occasionaly finds it necessary to give some
oik the boot.

And of course this is not an action that can be strictly justified in
terms of absolute rights which many are fond of prating on about. Rights
are limited, as Mills observes they are a product of law. Society finds
it necessary to enact laws to protect rights. Dmitri's posts were
affecting other people's right to speak. There is thus the traditional
liberal conflict, that of having to infringe rights to protect them.
If libertarians would read "on Liberty" rather than using it like
a magic charm they would know that the main theory it advances is of
the *balance* between the rights of communities and the rights of
individuals. 

The genius of Mills is that he shows that the "rights" of government
stem from its duty to protect the "rights" of the citizens.

Its an imperfect answer because the notiopn of "citizenship" it advances
fails to take any account of foreign relations. Mill's rationale for 
obeying laws breaks down when one crosses national borders for example.

> The best paradigm I can come up with to analyze John's action is my quite
> imperfect understanding of communitarian theory.  In essence,
> communitarians say that there should be a level of social control between
> individual rights and the forceful coercion of the state.  What John has
> done is step forward and excommunicate Dr. Vulis.  He has said to Dr.
> Vulis, "You are no longer a member of the cypherpunks community."

Rather than "should", try the word "is". One of the things the Web 
demonstrates is that there are such communities. I would not state the
action in terms of "excommunication", rather consider that John took
the action on behalf of the community for the good of the community as a 
whole.

> I would love to hear how people feel this action fits in to the
> cryptoanarchy, libertarian utopias we frequently discuss.  E.g. Why is it
> not a perfectly reasonable action for some one to take in an anarchy?

If we could get away from the bleating denials of the need for
government
and instead consider them as a positive force, preventing a power vacum
that 
others would fill a synthesis can be reached. The founders of the
US realised that to pervent tyranny it was necessary to have different 
branches and levels of government. The essential point being however to
prevent power being used.

When a community of people get together they can exercise far more power
than individuals acting alone. Sometimes this power can be for the
common
good, other times it can be the sectarian persuit of one minorities 
interests against another. 



	Phill





From harmon at tenet.edu  Mon Nov  4 21:16:25 1996
From: harmon at tenet.edu (Dan Harmon)
Date: Mon, 4 Nov 1996 21:16:25 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <4cDVwD5w165w@bwalk.dm.com>
Message-ID: <Pine.OSF.3.91.961104212605.8774A-100000@gaston.tenet.edu>



What is the story on this or is it more ravings?

Dan


On Mon, 4 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> frantz at netcom.com (Bill Frantz) writes:
> > [John Gilmore]  has said to Dr.
> > Vulis, "You are no longer a member of the cypherpunks community."
> 
> I recall we've been through this over a year ago, when I saw an announcement
> of a cypherpunks physical meeting where someone was excluded for his political
> views, and I said that I don't consider myself a cypherpunk. I'm glad that
> John and Bill, the auhorities on cypherpunk membership, finally concur.
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 





From ichudov at algebra.com  Mon Nov  4 22:08:50 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Mon, 4 Nov 1996 22:08:50 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8850.0@fatmans.demon.co.uk>
Message-ID: <199611050557.XAA06903@manifold.algebra.com>


paul at fatmans.demon.co.uk wrote:
> > Well put!  I tired a long time ago of Dr. Vulis and several others on this
> > list.  Rather than bitch about it or resort to the same big brother
> > gestapo-censor bullshit we profess to abhor I simply utilized the extensive
> > filtering capability of Eudora.
> > 
> > I don't need "big brother" or big "cypherpunk" censoring my mail for me.
> > We have become what we fear the most.  How prophetic and pathetic.
> 
> John, if you, and those who support your actions, claim to be 
> libertarians you need to take a good hard look at what you have done.
> 
> This is a distinctly "big cypherpunkish" move and really cannot be 
> condoned even bearing in mind the inane and wearisome behaviour of 
> Dr. Vulis.

I guess libertarian philosophy permits operating a private mailing
list and imposing whatever rules the host deems necessary to invent.

The question is, can this ist be called a free medium for exchange of
ideas, or not. My answer is no.

Moderated forums might create some utility (by saving the time of their
participants, for example), but they should identify themselves as such.

	- Igor.





From dthorn at gte.net  Mon Nov  4 22:15:36 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 4 Nov 1996 22:15:36 -0800 (PST)
Subject: Censorship on cypherpunks [RANT]
In-Reply-To: <Pine.3.89.9611041122.A16513-0100000@netcom9>
Message-ID: <327EDB5A.7DDF@gte.net>


Lucky Green wrote:
> On Mon, 4 Nov 1996, Dale Thorn wrote:
> [Quoting Adam]
> > > This has been taken far too seriously.  Cypherpunks is a *PRIVATE* list.
> > > There is no obligation to accept anyone.
> > Isn't this the same argument used by the state whenever they want to differentiate
> > between your "rights" and your "privileges"?  Can they reject one of your privileges
> > whenever they want to, at their discretion?  No.

> Government != private. Why is this so difficult to understand?[snip]
> "It" does not decide. "He" does. John Gilmore is the list *owner*. He can
> decide to remove anyboy from this list. Anytime. For any reason or no
> reason at all. He can even shut down the entire mailing list anytime he
> pleases, for any reason or no reason at all.

I've been looking up some of the words tossed around in this thread, in a dictionary
and elsewhere, to see if I can understand you.  It still sounds to me as though you
believe totally in authoritarian systems.  I don't consider myself a Socialist, but
I believe that some of the well=known concepts of ownership (the U.S. Constitution
has some of these) have both a popular meaning and a hidden meaning.

Question:  When you say *owner*, does this mean he runs the list on his own personal
computers, at his home, or at his business which he owns himself, or could it
mean that he's functioning on behalf of an educational institution and the term
*owner* has a different meaning than what most people would assume?

Maybe I shouldn't ask this kind of question, out of fear or something like that.






From Kevin.L.Prigge-2 at tc.umn.edu  Mon Nov  4 22:18:13 1996
From: Kevin.L.Prigge-2 at tc.umn.edu (Kevin L Prigge)
Date: Mon, 4 Nov 1996 22:18:13 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <4JBwwD9w165w@bwalk.dm.com>
Message-ID: <327edc1b1e83002@noc.tc.umn.edu>


Dr.Dimitri Vulis KOTM said:
> ichudov at algebra.com (Igor Chudov @ home) writes:
> 
> > Declan McCullagh wrote:
> > >
> > > Libertarianism is not incompatible with strict regulations, as long as
> > > the rules violate nobody's rights.
> >
> > I would appreciate an example of "strict regulations" which do not violate
> > anybody's rights.
> 
> Now that's a good point. The First Amendment says "The Congress shall pass
> no law..." Doesn't that restrict the Congress's rights as a whole, and each
> member's right to vote for bills that violate the Amendment? In GB, they
> _generally frown on any restrictions on what laws the Parliament can pass -
> the adage is "the Parliament's hands shall not be tied".
> 
> Does saying "The list owner should not kick people off the list for speech"
> violate the list owner's right to free speech? That depends on whether plug-
> pulling (and mailbombing and ping-storming and other obnoxious behavior)
> is speech.

Actually, it has nothing to do with speech. Mr. Gilmore owns the machine, and
allows the list to be run from it. At any time he could stop allowing the
list from being distributed from his machine, as would be his right.
If he does not want someone using his resources, it's his right. The fact
that you're the only (someone correct me, was Detwieler also kicked off?)
or one of the only people that has been removed from the list due to
abusive behavior speaks volumes.

As to the cries of censorship and peoples rights being violated, I'd 
contend that rights are not a zero-sum proposition. The minute a person
exercises a right, some other person does not lose a right, or have a 
right violated. What some people would assert is a right (list 
membership) is actually a privilege granted by the owner of the resource.


-- 
Kevin L. Prigge                     | Some mornings, it's just not worth
Systems Software Programmer         | chewing through the leather straps.
Internet Enterprise - OIT           | - Emo Phillips
University of Minnesota             |





From ceridwyn at wolfenet.com  Mon Nov  4 22:37:51 1996
From: ceridwyn at wolfenet.com (Cerridwyn Llewyellyn)
Date: Mon, 4 Nov 1996 22:37:51 -0800 (PST)
Subject: [NOISE] Censorship of Dr. Vulius
Message-ID: <2.2.32.19961105063515.006c9fa4@gonzo.wolfenet.com>


At 10:00 AM 11/4/96 -0500, you wrote:
>someone abuses that priveledge they may lose it. Plain and simple.  It is
>also worthy to note that the Right to Free Speech, etc. applies to the
>government (IOW, the government can not hinder the right to free speech so
>long as that speech does not infringe upon someone else's right.  Since when
>is this list government run?  The decision was apparently a personal one.

I don't think anyone has argued that the owner of the list doesn't have the
right to remove people from it.  However, simply because he has the right to
doesn't mean he should, and it also doesn't mean other members can't or
shouldn't argue that he made a bad decision (unless, of course, the dissenting
members are removed as well.)  Many, if not most, members believe the list
should be run in a non-authoritarian manner (whoever argued that the term
authoritarian applies only to governments is wrong.  the difference is a person
has the right to act in an authoritarian manner over his own property whereas
a government doesn't have that right over it's citizens.  Again, however,
having 
the right doesn't necessarily make it "okay").  
//cerridwyn//






From dthorn at gte.net  Mon Nov  4 22:43:36 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 4 Nov 1996 22:43:36 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961104121108.122E-100000@crl.crl.com>
Message-ID: <327EE192.7D6B@gte.net>


Sandy Sandfort wrote:
> On Mon, 4 Nov 1996, Dale Thorn wrote:
> > Am I missing something, or do some people just not get it?

> Yes, Dale is missing something, not the other way around.[snip]
> Would Dale be so tolerant if Dimitri were loudly using abusive
> language towards Dale's mother and others in her own livingroom?
> Would he accuse her of censorship if she asked Dimitri to leave?
> What would he say if she kicked Dimitri out?  Enquiring minds want to know.

A more practical and realistic example might be if Dale was living in an apartment,
and Dale's mother walked out to the garage to get into her car, and the next-door
neighbor started calling her the most vile and foul things (but no direct threats
of harm or whatever), and Dale called the Police, and the Police said "there's
absolutely nothing we can do, and further, if you should happen to get into a
scuffle with the neighbor defending your poor old mother, even if the neighbor
starts the fight, we will arrest you and take you to jail", ad nauseam.

When asked directly what the male police officers would do if someone tried that on
their mother or wife, they would be evasive and non-committal, because, as you see,
they have to defend themselves first before they can defend you, the paying client.

This is far more realistic than your example, since the immediate neighborhoods where
these situations develop are a better model for cypherpunks than the inside of one
individual's home.  Other models I can think of might be a free-speech forum such as
a radio talk show, with rather strict guidelines due to the FCC or the host station,
or (less likely) a continuous, never-ending party hosted at an individual's home,
where that individual can exercise total autocracy in throwing someone out.

I could probably do better with this, or even leave it alone, if the arguments were
more rational and less of "I feel this is wrong....it just feels wrong", etc.

Your questions above didn't really say anything I can respond to better than this.






From cypher at cyberstation.net  Mon Nov  4 22:50:11 1996
From: cypher at cyberstation.net (cypher at cyberstation.net)
Date: Mon, 4 Nov 1996 22:50:11 -0800 (PST)
Subject: Q.E.D. - MONTGOLFIERING, SPOOFS +
Message-ID: <Pine.BSI.3.95.961104222712.2559B-100000@citrine.cyberstation.net>




         I recognize that the vast majority of list readers are
         sensible human beings trying to better the profession they
         love and serve the interests they represent.  As such,
         readers of this thread do not need me, or a claque of
         snivelers, to determine the probity of the impartations being
         made. You are capable of determining that for yourselves.

         This posting is not meant to in any way denigrate your
         important work or to challenge the efforts being made by the
         vast majority of you to be objective, civil, fair and to
         examine the facts and determine the truth to the best of your
         abilities.

         Accordingly, most of the commentary included in this posting
         is directed toward the hallucinating thralldom of a dozen or
         so self proclaimed cryptographic jackadandies who beneath
         their public veneer are simply a flock of flaccid jackanapes.
         As proof of that thesis, look at the transpirations of the
         past few weeks.

         Preamble:

         In law school, potential attorneys are drilled in the three
         prong postulate:

         1. If you can argue the facts, argue the facts, the
            evidence.

         2. If you cannot argue the facts, then argue the law,
            Shannon and Sneider.

         3. If you cannot argue the facts, or the law, then attack
            the opposition, the people presenting the facts.

         Another statement parable is "if you do not like the message
         attack the messenger."

         This stratagem can be applied not only to the courtroom but
         to any affray.

         Evidence:

         1. The cabal of pedants has looked at the IPG web site in
            detail, as evinced by their frequent citing of materials
            that were not theretofore set out in any of the postings
            made to this list. Where did they get it?  Obviously from
            the web site.

         2. They quickly discerned that they could not possibly argue
            the facts as proved by the fact that not a single one of
            them have deigned to do so.  They quickly realized that
            algorithm was unassailable from their extremely limited
            low level of competence.  Actually, it cannot be attacked from
            any level of competence as close analysis of same will reveal.

            I bet none of that eau de vie crowd has ever cracked real
            ciphertext in their life. They live in a self hypnotic fantasy
            mirage world. Obviously, they are incapable of breaking real
            encryption systems. Oh, they have posited all kinds of
            crackbrain scheme for breaking systems under some silly
            hypothetical scenario - most of which have been forseen
            and solved decades ago by people who are real professional
            cryptographers. 

            I could pose a theory of broad jumping from New York to London
            too. All I would have to do is to jump two feet high and be
            traveling at a velocity of roughly 63,360,000 feet per second,
            only about .067 c, and I COULD make it. Some of the
            self presumed cryptographic jackadandies' hairbrain schemes
            are even more obtuse than that. 

         3. Unable to attack the algorithm because of their gross
            impotence, they started citing their law. They attacked my
            position that the stream cipher was an OTP, citing
            Shannon as proof that was not the case. In essence
            invoking the oracular doctrine of Shannon infallibility.
            They skim over Shannon, read Schneier and then get on their
            pulpit and preach their version of the Gospel and to all of us
            mere mortals  because they are totally incapable of solving
            real life applications of cryptography. They spout meaningless
            turkey gobbleddegook instead of actually doing it. As noted
            before,

                 their information = P log_base_infinity P,

             and as is equally evident, 

               their disinformation = P log_base_0 P  

            I acknowledged the truly unique contribution that Shannon
            has made to cryptography, communications and related
            fields and the coessential redound on Schneier for the
            codification of cryptography.  However, my position is
            that Shannon mathematically proved in absolutism only the
            limitations that we must work within, not what can be
            done within those delimiters.

            Accordingly, I argued that the disputation was a matter
            of semantics. I agreed that the algorithm did not have
            infinite entropy but it was still an OTP because it
            fulfilled the other basic tenants of an OTP in all
            respects saving entropy. I further asserted that the
            entropy question was immaterial because the entropy of
            the algorithm was far greater than any possible practical
            need, by tens of thousands of orders of magnitude.  Such
            rationale fell on parti pris deaf erudite ears.

         4. As a result, I realized that from my vantage point such
            an argument was counter productive at the very best.  As a
            result, I took the OTP issue off the table by agreeing,
            as I had stated on numerous occasions, that the algorithm
            produced noncommunicative stream ciphers, PRNG streams
            that manifested remarkable random like properties, though
            they certainly are not random.

         5. Deprived of their dogmatic dictums with respect to IT,
            those detractors, like all disconcerted confuters since
            the dawn of human controversy, turned to the use of
            sophomoric fustigation. They imagine themselves as
            a clique of cryptographic superdupers; but in this
            case they were overwhelmed by the strength of the algorithm,
            which pricked their hyper-inflate egos. That in turn, led to
            their futile efforts to try to strike back and cudgel the
            source of their foil as they vented their acute frustrations.

            In this case, since many of them are obviously very
            bright and articulate, their resultant falderal is very
            adroit and humorous.  Even though being the butt of their
            lampoonery, I nonetheless was highly amused, got some
            good laughs, found it entertaining and was flattered by
            the expended efforts of the author(s).

            Although I recognize that it was not intended to be so, I
            found it to be exemplary raillery. Levity can help all of
            us to keep serious matters in perspective and I applaud
            the authors for their jocose entertainment.  Keep it up,
            not only is it fun, it also helps everyone to see through
            the smoke screens in order to discern the real underlying
            truths.

         6. Note that during the whole discourse and postings made to
            this thread, not a single individual has critiqued
            the algorithm itself. Not many of them will even own up to
            having looked at the algorithm, much less having
            attempted to analyze it and assess its strengths or
            weaknesses.  Get real.  How many readers really believe
            that all of those fast cryptographic guns would ignore the
            real, very simple, algorithm in unison if they stood a ghost 
            of a chance of cracking it? Any talk of a mediocre pecunary
            reward for breaking the algorithm is giddy poppycock and
            everyone knows it. They would much rather have the 
            satisfaction and pride that they were the one that gigged me, 
            the only rub being that that is patently impossible .   

            Each individual in that elitist cabal obviously salivates
            at the opportunity to crack the algorithm and throw it
            back in my face since my postings have raised seemingly
            heretic controversy. It should be clear to all readers of
            this thread, that with a possible exception or two, those
            detractors have looked at the algorithm and realize it
            far exceeds their meager cryptanalytic abilities.
            Accordingly, it is transpicuous that they have resorted to
            trying to use their turkey flapdoodle to cloud the issue since
            they have nothing of substance to reason upon. They could not
            crack their way out of a wet Kleenex with an unlimited
            number of gigaton thermo nuclear weapons. 

            Perry Metzger and others have even used inculcative
            factoids to try to claim that the algorithm had been
            broken.  What they were referring to of course was the
            algorithm that was posted a few months ago.

            As several then cypherpunks know, that first algorithm
            was posted to try to get some of the list sharpshooters
            committed. I believed that those intellectual cowards
            would leap at the opportunity to display their prowess if
            confronted by weakness; while on the other hand, that same
            small flock of turkeys would inevitably run for cover,
            flapping their wings,  and spluttering out puny excuses
            and their turkey gobbledygook if confronted by strength,
            just as they are now doing. 

            I wanted to show up gross hypocrisy for what it is,
            pure spineless cowardice by that gashouse, in more ways
            than one, gang.  As a result, I posted that first
            algorithm with the intention to answer back with the real
            algorithm fairly quickly.

            However, a few cypherpunk confidants recommended that IPG
            provide the capability for the users to generate all
            their own keys in order to erase that stigma against the
            algorithm. In addition, some of them also urged me to
            prove some of the statistical contentions that I was
            making instead of just stating them. Accordingly, I
            decided to do those two things and to reconstruct the web
            site accordingly.

            Further, one very helpful cypherpunk gave me a number of
            references which required me to go to the University of
            Texas in Austin in order to research them. In doing that,
            and as result of that research and testing, I changed the
            algorithm slightly; most importantly, from using a linear
            congruential generator as the method of providing the
            algorithm seed, to a nonlinear congruential generator
            method..  That is, I added two lines to the seed generator
            engine, to wit:

                       DO                                   (ADDED)
                         JV = JV+1
                         IF JV = 53 THEN JV = 0
                         A[JV]=( A[JV] + B[JV] ) MOD C[JV]
                       WHILE ( A[JV] AND 16384 ) = 1         (ADDED)
                             or in effect
                       (WHILE  A[JV]  > 16383  )

            Copyright 1996 by Donald R. Wood. All rights reserved.

            NOTE: The 53 is a variable.

            All this took time, and before we could completely
            regroup, 5 months had passed into history.

            That does not negate what I was trying to establish
            though. That is, that the alleged highly  puissant
            sharp shooters are in reality just a bunch of impuissant
            intellectual cowards feeding everyobne cryptographic pablum.
            They leap like wilding pit bulldogs at perceived weakness and
            like all fraudlent impostors completely, and very
            conveniently, languish from rational reality when they face
            strength. They fancy themselves as a school of great white
            sharks plying the waters of cryptography but in reality, they
            are merely little batty harmless blowfish pumping themselves,
            and each other, up with "write bites" of pompous flattery,
            self and group veneration, and other fawning, obsequious
            giddiness.


         Having set out my view of the derogators, the remainder of
         this posting, excepting the one obvious paragraph, is intended
         for all readers. I trust that most readers will not be diverted,
         or dissuaded, by the myopic view of traducers. Computer software,
         is becoming infecte with obsessive compulsive technical interests
         that are attempting to lead  us down the primrose path to
         intricacy and complexity that will eventually result in much
         lower productivity and fewer users.

         Microsoft Office is a perfect paradigm of such sophistry
         being used to deceive - it does not increase productivity at
         all, au contraire, in the words of Scott McNealy it serves as
         a serious impediment to real productivity - what does 23
         fonts, 45 colors and all kinds of other unnecessary
         paraphernalia add to content, understanding and ultimately
         productivity.  Misplaced appeal to aesthetics has all but
         supplanted the much more important goal of making us, and the
         interests we serve, more efficient and more productive.

         Such a course, if not corrected, will eventually lead to,
         among other things, our World Wide Web becoming a Gordian
         tangle in terms of usage by the vast majority of technically
         impaired users.  I am not alone in raising this issue of
         everything becoming too complex and too complicated for
         potential users.  My very weak voice is merely being added to
         the far more weighty enunciations of McNealy, Ellison,
         Andreessen, Jobs, and other industry illuminaries. 

         Nowhere, is that usage gap between the technophiles and the
         technophobes more pronounced than it is in the use
         of encryption. If we do not keep it simple and easy to use,
         we will impose defacto standards that only the technically
         exceptional, such as readers of this, will be able to use.
         That is an important part of what the IPG EUREKA algorithm
         and system is about: Making it simple and easy for neophytes
         to use, and work with.

         Certainly EUREKA is not a panacea for all encryption needs.
         For example, it is obviously NOT the best solution for
         the problems relating to conducting commerce over the
         Internet.  Further, without question, RSA, PGP, ENTRUST, and
         other encryption systems fill very important exigencies.
         Where EUREKA shines is in three important strategic user
         applications:

            1. To set up a permanent line of Internet/intranet
               communication privacy between two, or a group of,
               individuals. As a result, pass phrases, session
               encryption keys, and other work impediments of that
               genre can be eliminated.

               While applicable to everyone, this is especially true
               of newbies, computer novices, technophobes, and other
               non-techies. It is easy to make it transparent to
               clerks, secretaries, attorneys, accountants, brokers,
               insurance agents, administrators, law enforcement
               personnel, and others to whom the computer is merely a
               necessary implement used to perform their job.

               EUREKA is much faster, more secure,  easier to use, and
               more flexible than other systems for this application.
               As such, it is ideal for business intranets, or mixed
               Internet - intranet systems.

               It is also ideal for private use by two individuals or
               a small group of friends and family.

            2. To protect your private hard disk files, programs or
               data, from compromise by hackers and interlopers. In
               this application it is unsurpassed because differential
               analysis, and other attacks that can be made to
               evolving files is rendered impossible and it is
               extremely fast. It is simply the best product available
               for this application, though it has some limitations in 
               terms of partial file access and reencryption that will be
               relieved in the months ahead.

            3. For the mass distribution of proprietary content over
               the Internet. Using authentication codes, similar to
               military codes of the day, a manufacturer can easily
               encrypt and transmit software products of all types to
               an unlimited number of users.

            Where do we go from here? As you read this, many companies
            and individuals have purchased, are purchasing, copies for
            test and evaluation under the newly announced limited
            moneyback guarantee offer set out in our web site at:

                      netprivacy.com

            As set out, we are temporarily offering PC compatible
                  systems:

                  1. For encrypting and protecting your hard disk
                     files from hackers and interlopers for    $19.50

                  2. The same as 1 plus encryption of e-mail and other
                     files for transmission on Internet for    $29.50

                  3. A six pack, six of the number 2 package above for
                     trial use by corporate intranet users for $99.50


            All prices include S&H but NOT state taxes where
            applicable. Our unconditional money back guarantee also
            includes guaranteed free updates, currently being
            developed by independent software developers, through
            December 31, 1997.
     
            I realize that there are many Sancho Panza minds out there,
            who mistakenly think they speak for all list members, and will
            then go and say that no one will bother with the product.
            They have already been proved wrong. They are not by any 
            means Rozinantes, they are mere inferior Rozins, Playtyrs at
            best,  Kyrie  Eleison kryson.  

            In addition, Coderpunks, Cypherpunks, and other Internet
            users have committed themselves to helping IPG to improve
            the EUREKA system, to make it even easier to use, to
            significantly increase the performance ( by at least an
            order of decimal magnitude), to develop it on other
            platforms, and the other things that must be done if it is
            to achieve its potential. Some of these product revisions
            and enhancements should be available late this year and
            others next year.  Stay tuned for the results of these
            efforts.

            Such efforts are in response to our offer set out at:

                          netprivacy.com/mlmplan.html


            Therein, as you may know, we explain how we intend to
            develop and market the IPG products using Internet. As
            described, instead of establishing an inhouse organization
            to do those things, as well as system testing & evaluation
            and system engineering, we plan to use independent
            developers and agents over Internet. That way, effort will
            be rewarded on a competitive merit basis.  We believe this
            will be the wave of the future..  Exceptional talent,
            working out of their own homes, located in the place of
            their choice.  These people will be creating product that
            will be marketed by other creative people working from
            their place of choice.

            Find out how you can participate at.

                     netprivacy.com/mlmplan.html

            IPG will NOT COMPETE with its software developers or its
            marketing agents. If you can build a better mousetrap, or
            invigorate the marketing effort, you will be rewarded
            commensurably.  Even if it is not a better mousetrap, you
            will still receive pecuniary participation for your
            efforts.  There is a huge upside potential with very
            little downside risk, except for your time. Others have
            got in on the ground floor of opportunities like this,
            here is your chance. This offer is of course currently
            limited to U.S.  and Canadian citizens.

            The software development kit has been reduced down from
            $395.00 to $39.50 on a limited offer basis.

            We anticipate that we will withdraw these limited offers
            on December 31, 1996.

         See for yourself. Prove it to yourself. Also, remember, the
         algorithm is available at:

                   http://netprivacy.com/algo.html

         We would be very proud to work with you in a synergistic 
         effort to improve ourselves and to produce products for the
         cryptographicand other markets. Contact us oprivately if you are
         interested,
       
         With kindest regards,

         Don Wood,




















> ===================================================================
>
>                   Donald R. Wood
>                   ipgsales at cyberstation.net
>
> =================================================================== 
>
> Some people are more certain of their own opinions than they are of
> facts presented by those they disagree with - Aristotle
>
> --------------------- Quod Erat Demonstrandum ---------------------


 linear
            congruential generator as the method of providing the
            algorithm seed, to a nonlinear congruential generator
            method.  That is, I added two lines to the seed generator
            engine, to wit:

                       DO                                   (ADDED)
                         JV = JV+1
                         IF JV = 53 THEN JV = 0
                         A[JV]=( A[JV] + B[JV] ) MOD C[JV]
                       WHILE ( A[JV] AND 16384 ) = 1         (ADDED)
                             or in effect
                       (WHILE  A[JV]  > 16383  )

            Copyright 1996 by Donald R. Wood. All rights reserved.

            NOTE: The 53 is a variable.

            Running statistical tests on the encryptor stream with
            the two lines included versus excluding the two lines,
            revealed that using them was much stronger from every
            vantage point. There is sound mathematical reasons why
            that is true, which succinctly as possible is because it
            generates a more even distribution of the seed values,
            ( 0,..,16383 ), with the addition of the two lines.  I had
            experimented with the modified form before I posted the
            first algorithm but had tentatively rejected it
            because it decreased overall performance and did not seem
            to be necessary - I simply did not recognize its
            importance at that time.

            However, subsequent testing caused me to change my mind
            because the standard deviations, Chi Squares, 1st
            differences and each and every one of the other
            statistical tests proved that the addition of the two
            lines produced more random like resultants. In addition
            the revised algorithm, with the two added lines, makes it
            impossible to block the algorithm output stream in the
            absence of the specific As, Bs and Cs used.

            All this took time, and before we could completely
            regroup, 5 months had passed into history.

            That does not negate what I was trying to establish
            though. That is, that the alleged highly  puissant
            sharp shooters are in reality just a bunch of impuissant
            intellectual cowards.  They leap like wilding pit
            bulldogs at perceived weakness and like all impostors
            completely, and very conveniently, languish from rational
            reality when they face strength. They fancy themselves as
            a school of great white sharks plying the waters of
            cryptography but in reality, they are merely little batty
            harmless blowfish pumping themselves, and each other, up
            with "write bites" of pompous flattery, self and group
            veneration, and other fawning, obsequious giddiness.


         Having set out my view of the derogators, the rainder of this
         posting, is intended for all readers. I trust that such
         readers will not be diverted, or dissuaded, by the myopic
         view of traducers. Computer software, is becoming infected
         with obsessive interests that are attempting to lead us down
         the primrose path to intricacy and complexity that will
         eventually result in much lower productivity and fewer users.

         Microsoft Office is a perfect paradigm of such sophistry
         being used to deceive - it does not increase productivity at
         all, au contraire, in the words of Scott McNealy it serves as
         a serious impediment to real productivity - what does 23
         fonts, 45 colors and all kinds of other unnecessary
         paraphernalia add to content, understanding and ultimately
         productivity.  Misplaced appeal to aesthetics has all but
         supplanted the much more important goal of making us, and the
         interests we serve, more efficient and more productive.

         Such a course, if not corrected, will eventually lead to,
         among other things, our World Wide Web becoming a Gordian
         tangle in terms of usage by the vast majority of technically
         impaired users.  I am not alone in raising this issue of
         everything becoming too complex and too complicated for
         potential users.  My very weak voice is merely being added to
         the far more weighty enunciations of McNealy, Ellison,
         Andreessen, Jobs, and other illuminaries of our industry.

         Nowhere, is that usage gap between the technophiles and the
         technophobes more pronounced than it is in the use
         of encryption. If we do not keep it simple and easy to use,
         we will impose defacto standards that only the technically
         exceptional, such as readers of this, will be able to use.
         That is an important part of what the IPG EUREKA algorithm
         and system is about: Making it simple and easy for neophytes
         to use, and work with.

         Certainly EUREKA is not a panacea for all encryption needs.
         For example, it is obviously NOT the best solution for
         the problems relating to conducting commerce over the
         Internet.  Further, without question, RSA, PGP, ENTRUST, and
         other encryption systems fill very important exigencies.
         Where EUREKA shines is in three important strategic user
         applications:

            1. To set up a permanent line of Internet/intranet
               communication privacy between two, or a group of,
               individuals. As a result, pass phrases, session
               encryption keys, and other work impediments of that
               genre can be eliminated.

               While applicable to everyone, this is especially true
               of newbies, computer novices, technophobes, and other
               non-techies. It is easy to make it transparent to
               clerks, secretaries, attorneys, accountants, brokers,
               insurance agents, administrators, law enforcement
               personnel, and others to whom the computer is merely a
               necessary implement used to perform their job.

               EUREKA is much faster, more secure,  easier to use, and
               more flexible than other systems for this application.
               As such, it is ideal for business intranets, or mixed
               Internet - intranet systems.

               It is also ideal for private use by two individuals or
               a small group of friends and family.

            2. To protect your private hard disk files, programs or
               data, from compromise by hackers and interlopers. In
               this application it is unsurpassed because differential
               analysis, and other attacks that can be made to
               evolving files is rendered impossible and it is
               extremely fast. It is simply the best product available
               for this application.

            3. For the mass distribution of proprietary content over
               the Internet. Using authentication codes, similar to
               military codes of the day, a manufacturer can easily
               encrypt and transmit software products of all types to
               an unlimited number of users.

            Where do we go from here? As you read this, many companies
            and individuals have purchased, are purchasing, copies for
            test and evaluation under the newly announced limited
            moneyback guarantee offer set out in our web site at:

                      netprivacy.com

            As set out, we are temporarily offering PC compatible
                  systems:

                  1. For encrypting and protecting your hard disk
                     files from hackers and interlopers for    $19.50

                  2. The same as 1 plus encryption of e-mail and other
                     files for transmission on Internet for    $29.50

                  3. A six pack, six of the number 2 package above for
                     trial use by corporate intranet users for $99.50


          rant 
way than _any_ government has ever in history behaved 











From decius at r42h17.res.gatech.edu  Mon Nov  4 23:55:03 1996
From: decius at r42h17.res.gatech.edu (Decius)
Date: Mon, 4 Nov 1996 23:55:03 -0800 (PST)
Subject: NRC crypto breifing
Message-ID: <199611050517.AAA01458@r42h17.res.gatech.edu>



      "Did the NRC discuss the State Department's GROSS FAILURE to
      prosecute Phil Zimmermann? (PGP) is military strength, and it's
      out there!"  -- Audience member at NRC crypto briefing


  Dr. Herb Lin <hlin at nas.edu> of the National Research Council's
Computer Science and Tecommunications Board gave a briefing this afternoon
to address the Council's recent report, Cryptography's Role in Securing
the Information Society. The briefing was sponsored by the Georgia 
Institute of Technology in Atlanta. 
  One of the most striking aspects of the briefing was the diversity
of perspectives on the issue. Most of our discussions on cryptography have
been with people in the cypherpunk community; this was the first time we
had ever come face to face with people on the other side of the fence. It
is quite obvious that there is much emotional intensity here and we do not
feel that this issue is going to go away soon. However, the NRC seems to
be a voice of reason. 
  We are faced a policy problem: the developing information society is
vulnerable to security threats. Cryptography can be a powerful tool to
thwart these threats, but it is also a dangerous weapon in the hands 
of criminals. 
  As a result of concentration on the above issues, the cryptography
debate has often been framed as a conflict between privacy rights and law
enforcement. The NRC feels that the current policy on cryptography 
discourages its use by the private sector. Lin states that cryptography is a 
very valuable tool for crime prevention and thus benefits Law Enforcement. 
Policy makers should promote cryptography because it can help legitimate 
businesses better secure themselves against would-be attackers. However, 
cryptography also assists criminals in circumventing surveillance. So there 
are both positive and negative impacts for Law Enforcement, but Dr. Lin 
notes an important statement made in the NRC report:

 "The benefits of the widespread use of cryptography 
         far outweigh the risks."  

  Dr. Lin and the NRC believe that there will be an explosion of
interest in computer security in the coming years, and that government
should provide guidance and technical input, both to industry and law
enforcement. The upcoming debate can (and should) be carried out on an
unclassified basis. He said that open standards should be promoted in an
effort to reach consensus between government and industry interests.
Interested parties should be encouraged to study and understand the
algorithms employed by their cryptosystems so that market forces may drive
crypto policy to that which best fulfills the needs of US industry. NRC
promotes the growth and leadership in the private sector and encourages
all organizations to invest in information security. In addition, the NRC 
supports the use of link-level encryption in public networks, especially 
the cellular network. In this mode, LEOs can still access plaintext, but 
it is much more difficult for unauthorized listeners to get it. It should 
be noted that Cryptography is just one part of a comprehensive information 
security program.  While it is useful to prevent eavesdropping, provide user 
authentication, and ensure data integrity, it is not particularly
effective in overcoming the problems of insecure operating systems,
and corruptible employees. 
  One of the more controversial points in the report is the recommendation
for domestic cryptography policy. The NRC recommends that no
restrictions be placed on the use of domestic cryptography, and that the
market should be allowed to choose the best systems. This was met with
incredulty by many members of the audience, particularly those
representing the government. They seemed to feel that "the people"
should not be allowed to make this decision and that many important
aspects of cryptography policy are not necessarily reflected in market
interests. While NRC recognizes Law Enforcement's growing problem in
adapting to new technologies, Dr. Lin said that the FBI could provide
not one example of a class three wiretap that had been thwarted by means
of encryption. Access to encrypted files seemed to be a bigger issue for
LEOs. This takes us naturally to the topic of key escrow. 
  NRC cautions that key escrow is an unproven technology. Of
particular concern is the integrity of escrow agents: how it is to be
evaluated, and what level of integrity is sufficient in any particular
instance? Who is liable if keys are incorrectly disclosed? What are the
liability issues if the key escrow system fails to provide LEOs with
access? There just isn't enough information at this time to make these 
judgments. Many audience members commented that the administration had
rushed into key escrow without forethought or open discourse. The NRC
discourages the hurried passage of new legislation without clear, thorough
discussion of the issues involved by those who will be most directly
affected by the law. Furthermore, any government supported cryptography
system must provide additional value to the end users. The Clipper system
does not do this. Dr. Lin mentioned that data recovery might be of
significant value to most users. If encryption systems are too strong then
users will have a bigger problem with lost keys than they ever had with
stolen intellectual property. The NRC recommends that the US government
act as a test market for key recovery rather than pushing it out to the
public before it is fully developed. 
 The NRC also recommends that Congress consider criminalizing the
criminal use of cryptography. This issue has already been discussed at
length in academic fora, and the general consensus is that this concept is
much easier said than done. We feel that such a policy is not likely to be 
a serious deterrent unless the additional penalty outweighs the benefits of 
secure crypto. It is also worth noting that if crypto is the default in
system people shouldn't be charged with additional crimes for not turning
it off. 
  As for export issues, the NRC recommends that the government allow
export of 56-bit DES without special approval, effective immediately. The
recommendation also suggested that the allowable key length should be
increased over time in order to keep up with improvements in cryptanalysis
and computing power. They feel that export controls should be lessened but
not fully removed. Law Enforcement needs time to develop the skills and
technology necessary to deal with new situations.
  We would take issue with the NRC's assertion that 56 bit DES is
"good enough for most commercial applications," and that algorithms be 
designed to preclude multiple encryption. It certainly depends on the threat 
model involved. DES would be an improvement over plaintext networks, but it 
is certainly not strong enough to defend against industrial espionage 
efforts. We feel that strong cryptography should be exportable now to 
defend against such attacks. We feel that legitimate law enforcement 
interests can get access to the information they require in most cases 
without even having to employ cryptanalysis, especially if systems are 
secured at the link level as the NRC recommends. We would also point to 
the reality that wiretapping is not often used by Law Enforcement, and we 
don't feel that they have justified any increase in it's use. 
  The NRC briefing was very helpful in understanding the meaning of the
report and highlighted many important issues. NRC will have a number of
briefings in major cities all over the US, in hopes that this will spark
more debate over these issues. Attendance at this briefing was much
smaller than we had expected. We would encourage anyone who is
interested in cryptography to attend a future briefing. It is a very good
opportunity to hear and meet people on all sides of this issue. We would
also encourage the cyber-rights crowd to seriously consider the NRC's
recommendations.  It seems to be a realistic look at these issues, and
there is plenty of room here to defend fundamental civil liberties. 


Tom Cross and Jeremy Mineweaser
Electronic Frontiers Georgia





From jya at pipeline.com  Tue Nov  5 00:32:55 1996
From: jya at pipeline.com (John Young)
Date: Tue, 5 Nov 1996 00:32:55 -0800 (PST)
Subject: Protecting Your Data With Crypto
Message-ID: <1.5.4.32.19961105012435.006acd50@pop.pipeline.com>


We have put the November UNIX Review article Peter cited
in his letter to the editor, "Protecting Your Data With Cryptography," 
at:

     http://jya.com/protect.htm


----------

Peter Allan wrote:
>
>[ I refer to the article starting on p55
>  of the Nov 1996 Unix Review. ]
>
>-----letter to Ed start here------
>
>Andrew,
>
>Congratulations on a welcome crypto article in UR.
>
>This is an important topic for security, networks,
>web-based commerce etc and is only going to increase in 
>importance as people realise data is money.
>
>The article did raise my eyebrows a few times though
>with some wild statements - about the speed of brute-force
>attacks on DES, and about USG 'key escrow' proposals,
>patents and key certification.
>
>Also there are absolutely crucial issues not touched on,
>probably for lack of space.  Details matter, and if you're
>contemplating another article on the subject I'd be happy
>to write it [subject to my boss' approval] or review it
>before publication.  The field moves fast at times, and
>it would be good to keep an eye on the subject in a fairly
>regular column.
>
>Strangely, your author didn't mention ftp.ox.ac.uk,
>an ftp site for many good crypto tools, which
>(as a UK site) is not subject to US export restrictions.
>
>
> -- Peter Allan    peter.allan at aeat.co.uk






From dave at kachina.jetcafe.org  Tue Nov  5 00:36:42 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Tue, 5 Nov 1996 00:36:42 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <199611050806.AAA00731@kachina.jetcafe.org>


Dimitri "Too Hot for Cypherpunks" Vulis writes:
> Does saying "The list owner should not kick people off the list for speech"
> violate the list owner's right to free speech? That depends on whether plug-
> pulling (and mailbombing and ping-storming and other obnoxious behavior)
> is speech.

The entire, highly recursive question of free speech versus censorship
relies almost entirely on the assumption that human beings can be
controlled.

The observation that certain behavior is obnoxious arises from an
inability to control one's own environment at a basic level.  Issues
such as this have nothing to do with mailing lists or net.protocol,
except as vehicles of expression for human conditioning which is
already present.

Until the fly can be tolerated, removing the shit will only serve
to turn one's attention to a new annoyance. 
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

In a dark alley, a pickpocket tried to snatch Nasrudin's purse. There was a
violent struggle, but eventually Nasrudin got the thief pinned on the ground.
At this moment, a charitable woman passing called out: "You bully, let the
little man up and give him a chance!"
"Madam," panted Nasrudin, "you ignore the trouble which I have had getting
him down."





From tcmay at got.net  Tue Nov  5 00:49:19 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 5 Nov 1996 00:49:19 -0800 (PST)
Subject: Group order for "Secret Power" ... (San Francisco Bay Areaonly)
In-Reply-To: <199611042114.NAA01825@ohio.chromatic.com>
Message-ID: <v03007800aea4b053298a@[207.167.93.63]>


At 1:14 PM -0800 11/4/96, Ernest Hua wrote:
>I'm looking for 19 other people interested in "Secret Power" (Craig
>Potton Publishers has indicated that there is a discount for 20 or
>more copies).  If you are in the San Francisco Bay Area, please
>contact me by phone or E-Mail.

Just wondering...doesn't such a call for a group purchase of such a
dangerous book constitute a RICO (Racketeer-Influenced and Crypto
Organizations Act) violation?

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From bryce at digicash.com  Tue Nov  5 01:10:00 1996
From: bryce at digicash.com (Bryce)
Date: Tue, 5 Nov 1996 01:10:00 -0800 (PST)
Subject: [NOISE] Re: Dr. Vulis
In-Reply-To: <327ECAC8.2781@ai.mit.edu>
Message-ID: <199611050909.KAA00731@digicash.com>



-----BEGIN PGP SIGNED MESSAGE-----

 A million monkeys operating under the pseudonuym "Hallam-Baker
 <hallam at ai.mit.edu>" typed:
>
> Of course John was right to give Vilus the boot. Cypherpunks is a club
> and like many private clubs occasionaly finds it necessary to give some
> oik the boot.


Yeah!  That was GREAT!  Now let's ban Dr. Hallam-Baker!  He's
always pissing off the libertarianpunks and causing
flamewars...


> And of course this is not an action that can be strictly justified in
> terms of absolute rights which many are fond of prating on about.  
> Rights are limited, as Mills observes they are a product of law. Society 
> finds it necessary to enact laws to protect rights. Dmitri's posts were
> affecting other people's right to speak. There is thus the traditional
> liberal conflict, that of having to infringe rights to protect them.


Dear Sir:  I humbly put it to you that the above reflects a 
misunderstanding about the libertarian conception of "absolute
rights".  I personally do _not_ subscribe to said theory, but 
I try to understand a thing correctly before criticizing it in 
public.


> If libertarians would read "on Liberty" rather than using it like
> a magic charm they would know that the main theory it advances is of
> the *balance* between the rights of communities and the rights of
> individuals. 


I have read (parts of) _On_Liberty_, and as I recall it was
adamant in an ("unbalanced") defense of absolute rights of
individuals.  The only exception I remember is an unexplored
comment on rights-violations of ommission counting as well as
rights-violations of commission.  (E.g. if you see a drowning
man and you fail to save him you are violating his rights.)  
Perhaps that is what you see as "balance between the rights of
communities and the rights of individuals"?  Or perhaps the
book goes into detail on that subject in a part that I didn't 
read.  Again I ask not because I have a particular ideological
axe to grind here, but because I seek accuracy in public
dialogue.


Regards,

Bryce



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMn8EXkjbHy8sKZitAQGWJQL+JzzPf0NOovQ3hZpEsim6wzz9OIWetfX4
ZQM7SYZkvNMQOX7QkShj0PXE+xtD+Vw513ENJwrzw5Y9hqRYr2P53dk10h7ovWth
egHhGYGB5YhZ4H2BQrA0FB+7y1F/9RDG
=wjM8
-----END PGP SIGNATURE-----





From furballs at netcom.com  Tue Nov  5 01:51:50 1996
From: furballs at netcom.com (furballs)
Date: Tue, 5 Nov 1996 01:51:50 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <Pine.SUN.3.91.961104183349.23959C-100000@eff.org>
Message-ID: <Pine.3.89.9611050119.A27459-0100000@netcom>




On Mon, 4 Nov 1996, Declan McCullagh wrote:

> Brigham Young University's censorhappy speech codes. Or me inviting
> someone into my home and kicking them out if I feel like it.
> 
> -Declan
> 

The house rules part I can agree with. The BYU "code" was a challenging 
wall to climb. Too many people I knew at the Daily Universe and KBYU had 
to become masters of the double entante to make a point sometimes. 
Newsspeak, as Orwell called it.

The code of honor at the campus was based upon good intentions, but it 
was the literal interpretaition of such writs, plus the extension thereof 
into areas of speech and press, without case by case consideration that 
incensed me no end. More than once I found myself on the business of that 
document because of "concerns" over the material in question. In certain 
circles, the FRAT still lives on.

Ofcourse Steve Benson and Patrick Bagely have done well since their trial 
by fire with Dallan Oaks. The zoobies will recognize the former 
BYU president; the rest of the well read will recognize the politcal 
cartoonists. 

As for rules and regulations in general:

Civilized society operates on them as the alogrythm to conduct. For 
those who choose to hold to a defintion of a higher morale and what they 
define as civil conduct, then the rules for acceptable conduct reflect 
that. 

When a civil standard has to be defined down, or penalties introduced to 
attempt to insure "compliance", then the battle for that level of 
societal behavior has been lost or nearly so. To wit: In order to promote 
a sense of order out of a group of people who have not been taught 
correct principles, one must wield a big stick and use it often, rather 
than try and engendure by persuation and example and let them use their 
free agency to decide that such behavior is in their own best interest. 
This is not brainwashing.

As for the original point on Vulis:

John Gimore did what he did. Vulis challenged him, and John called his 
bluff. Having read this list for quite a while now, I've seen alot of 
crap go back and forth from many people that was just as annoying as what 
Vulis was doing. They have not been bounced, and I suspect it may have 
something to do with not poking at the list owner, who it is my 
understanding, pays money out so the these discussions can even take place.

Treading on the good will of a host is bad form...

...Paul

> 
> On Mon, 4 Nov 1996 ichudov at algebra.com wrote:
> 
> > Declan McCullagh wrote:
> > > 
> > > Libertarianism is not incompatible with strict regulations, as long as 
> > > the rules violate nobody's rights.
> > > 
> > 
> > I would appreciate an example of "strict regulations" which do not violate
> > anybody's rights.
> > 
> > 	- Igor.
> > 
> 
> 
> // declan at eff.org // I do not represent the EFF // declan at well.com //
> 
> 
> 





From nobody at replay.com  Tue Nov  5 03:02:37 1996
From: nobody at replay.com (Anonymous)
Date: Tue, 5 Nov 1996 03:02:37 -0800 (PST)
Subject: Digital signatures
Message-ID: <199611051102.MAA22021@basement.replay.com>


Tim May is not only as queer as a three dollar bill, but he is also into having 
sex with children.






From stewarts at ix.netcom.com  Tue Nov  5 03:06:29 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Tue, 5 Nov 1996 03:06:29 -0800 (PST)
Subject: Bay Area Cypherpunks Meeting, Saturday Nov 9, C2Net, OAKLAND
Message-ID: <1.5.4.32.19961105005913.00391f1c@popd.ix.netcom.com>


November's Cypherpunks meeting will be held at C2Net's office in Oakland,
1212 Broadway, 14th floor, at 1-5 pm.  (12:00 for lunch/hanging around,
1:00 program.)

Agenda:
- Demo: Ecash plug-in for Netscape
- Bernstein Hearing updates - there'll be another hearing Friday 11/8.
- Stronghold secure web server
- Mondex smartcard weaknesses
- Possible IPSEC update
- Show&Tell - bring toys!
- Bagels

Directions:
1212 Broadway, Oakland, 14th Floor, between 12th & 13th on broadway, 
immediately above the 12th st/city center bart station.
Parking garage at the corner of 13th & franklin, one block away.
The parking garage closes at 6pm on saturdays though, 
so you need to be careful you don't leave your car there past six. 
We're on the 14th floor. The door is locked; see guard for access.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
# Nov. 5 is Guy Fawkes Day - Vote Early and Often, and create Fireworks!






From frissell at panix.com  Tue Nov  5 04:07:25 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 5 Nov 1996 04:07:25 -0800 (PST)
Subject: IRS Subscribed to Cypherpunks
Message-ID: <3.0b36.32.19961105070826.0070f470@panix.com>


Got the following bounce.  The Cc: was to a real address.

DCF

>Date: Tue, 5 Nov 1996 05:24:21 -0500
>From: Administrator at ccmail.irs.gov (Administrator)
>Subject: Message not deliverable
>To: Duncan Frissell <frissell at panix.com>
>Cc: XXXXXXXXX (Administrator)
>Content-Description: cc:Mail note part
>
>At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
>>Libertarianism is not incompatible with strict regulations, as long as 
>>the rules violate nobody's rights.
>>
>>-Declan
>
>Obviously many voluntary religious organizations have quite strict rules
>for their members and are compatible with libertarianism.  Government
>monopoly regulations that cannot be opted out of are not compatible with
>libertarianism.  Instead of using the loaded term "regulations' it might be
>better to call things like the rules of the cypherpunk's list "club rules"
>or protocols.
>
>DCF
>
>





From dlv at bwalk.dm.com  Tue Nov  5 04:28:04 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 5 Nov 1996 04:28:04 -0800 (PST)
Subject: Censorship on cypherpunks [RANT]
In-Reply-To: <Pine.3.89.9611041122.A16513-0100000@netcom9>
Message-ID: <cT5wwD16w165w@bwalk.dm.com>


Lucky Green <shamrock at netcom.com> writes:
> > So if c-punks is really "private", how does it decide (arbitrarily?) who to
> > and who to reject?
>
> "It" does not decide. "He" does. John Gilmore is the list *owner*. He can
> decide to remove anyboy from this list. Anytime. For any reason or no
> reason at all. He can even shut down the entire mailing list anytime he
> pleases, for any reason or no reason at all.

Definitely - the list owner has the right to practice censorship on his list,
just like Tim May (fart) has the right to post lies and personal attacks on
this list. It just destroys their credibility.

>    Vote Harry Browne for President.

Not surprising - "ibertarians" like censorship.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ses at tipper.oit.unc.edu  Tue Nov  5 06:04:35 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Tue, 5 Nov 1996 06:04:35 -0800 (PST)
Subject: British Telecom merger with MCI
In-Reply-To: <199611050326.WAA14085@homeport.org>
Message-ID: <Pine.SUN.3.91.961105090137.5329A-100000@tipper.oit.unc.edu>


On Mon, 4 Nov 1996, Adam Shostack wrote:
> 
> Phil Karn failed to get an export license for 3des for foriegn offices
> of Qualcomm, staffed by Americans.  See
> www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 

That's unusual- certainly for the bigger companies





From ses at tipper.oit.unc.edu  Tue Nov  5 06:06:56 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Tue, 5 Nov 1996 06:06:56 -0800 (PST)
Subject: British Telecom merger with MCI
In-Reply-To: <199611050326.WAA14085@homeport.org>
Message-ID: <Pine.SUN.3.91.961105090403.5329B-100000@tipper.oit.unc.edu>


On Mon, 4 Nov 1996, Adam Shostack wrote:

> Phil Karn failed to get an export license for 3des for foriegn offices
> of Qualcomm, staffed by Americans.  See
> www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 

[whoops] 
That's unusual - certainly, for the bigger companies it seems to be pretty
automatic, especially for NATO countries. Of course, it could just be that 
Phil is "known to the authorities". 





From mycroft at actrix.gen.nz  Tue Nov  5 07:11:11 1996
From: mycroft at actrix.gen.nz (Paul Foley)
Date: Tue, 5 Nov 1996 07:11:11 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8850.0@fatmans.demon.co.uk>
Message-ID: <199611051403.DAA02078@mycroft.actrix.gen.nz>


On Sun, 3 Nov 1996 13:15:24 +0000, paul at fatmans.demon.co.uk wrote:

>John, if you, and those who support your actions, claim to be 
>libertarians you need to take a good hard look at what you have done.

I'm in the "those who support" category.  I don't give a damn whether
Dimitri is on the list or not, I can filter if I want to, but since
John's paying for it, he can kick people off, moderate it, forge and
edit posts, or whatever he wants.  Digital signatures can prevent (or
at least detect) some of this (but he could strip the signatures, of
course) and I imagine the list wouldn't last long (would move
elsewhere) if he did this, but it would not be "anti-libertarian"
(dishonest, maybe).  The anti-libertarian side is that of those
list-members who think they have some sort of right to use John's
equipment as they please, for free, and complain when he disagrees.
Well, tough.  He's right and you're wrong.

If you don't like the way John runs the list, there's a very simple
solution: set up your own list, using _your_ computer, and run it the
way you think it should be run.  It sounds like a lot of the people on
this list would prefer your way (the same people, presumably, who
would like to borrow your car without asking, or spend a couple of
months holidaying in your house...)

>This is a distinctly "big cypherpunkish" move and really cannot be 
>condoned even bearing in mind the inane and wearisome behaviour of 
>Dr. Vulis.

Nonsense.  John Gilmore is not censoring anyone's mail.  He can't
possibly censor your mail (unless he runs your ISP...but then you can
always move to another ISP).  You're free to correspond with Dimitri
to your hearts content, and John has nothing to say about it...unless
you try to make him pay for it.  [If you think differently, please let
me know.  I'll be quite happy to tell my ISP to send my bills to you!
:-)]

-- 
Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Reality is bad enough, why should I tell the truth?
		-- Patrick Sky





From ichudov at algebra.com  Tue Nov  5 07:14:14 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Tue, 5 Nov 1996 07:14:14 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961104121108.122E-100000@crl.crl.com>
Message-ID: <199611050657.AAA07260@manifold.algebra.com>


Sandy Sandfort wrote:
> (b) Nobody on this list gave up any freedom.  And we are still 
>     the beneficiaries of John's largesse, not his victims.

So, you say that I still have the freedom to behave as Vulis did?

I think not.

> (c) Freedom has been defended not limited.  If Dimitri or even
>     a majority of Cypherpunks could overrule Johns control of
>     his own resources, then there would have been a loss of
>     freedom with dangerous implications for us all. 

No one is suggesting to overrule him. It is an attempt to persuade him.
Your point is lost.

	- Igor.





From ichudov at algebra.com  Tue Nov  5 07:15:45 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Tue, 5 Nov 1996 07:15:45 -0800 (PST)
Subject: Compromise proposal
In-Reply-To: <199611042249.OAA22414@kachina.jetcafe.org>
Message-ID: <199611050658.AAA07271@manifold.algebra.com>


Dave Hayes wrote:
> > This solution will allow anyone with a clue to use appropriate filtering
> > and improve the signal-noise ratio, and at the same time will not in any
> > way limit anyone's freedom of speech.
> 
> Improving signal to noise is a laughable goal at a social event of
> more than 100 people, why do people insist upon trying it on the net?

To save time?

	- Igor.





From mjmiski at execpc.com  Tue Nov  5 08:09:35 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Tue, 5 Nov 1996 08:09:35 -0800 (PST)
Subject: Copyright violations
Message-ID: <199611051609.KAA05346@mail.execpc.com>


>>  American Banker: Thursday, October 31, 1996
>  
> Two Retail Giants Sue Visa Over Debit Cards 
>  
> By LISA FICKENSCHER
>  
> Two of the largest retailing companies have filed a lawsuit against Visa
> U.S.A., claiming the bank card association illegally forces merchants to
> accept debit cards. 

(major snip)

This is the first step towards repudiation of real electronic cash.  
I am not in favor of "forcing" companies to act (BTW, they are not 
forced to do anything, they can choose not to accept Visa), but if 
Visa will go to bat to support their debit cards, they may be willing 
to support ecash the same way.

Matt 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
=lkx1
-----END PGP PUBLIC KEY BLOCK-----





From frissell at panix.com  Tue Nov  5 08:46:45 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 5 Nov 1996 08:46:45 -0800 (PST)
Subject: US Exit Tax Wrapup in Forbes
Message-ID: <3.0b19.32.19961105113141.0071fb08@panix.com>


The current Forbes has a good short article wrapping up the status of the
"taxpatriate" control movement in Congress.

The Health Care Bill that passed in August didn't include an Exit Tax as
previously reported.  What it did contain was a provision that states that
taxpatriates with a net worth of more than $500K who renounce their
citizenship will still be on the hook for ten years for income taxes on
their US source income.  This provision is easily dodged however by tax
planning techniques that assure that the individual involved has no US
source income.  Borrowing and trusts can be substituted for an income stream.

The second provision was in the immigration bill.  It subjects all those
who renounce their US citizenship (for any reason) to a visa requirement
for entry to the US.  State can then deny visas in cases where the expat is
a taxpat.  This applies to new citizens of those OECD countries that have
visa-free entry to the US.  How State will filter recent expats out of the
flow for special treatment is unclear, however.  Nation of birth is shown
on passports, so that might be able to be used.  This gimmick is also
easily dodged by entry into Canada or Mexico with a low profile border
crossing into the US.

Gee, I wish I had enough assets to become a taxpatriate.

DCF

"Vote for the only Swiss Citizen in the Presidential race -- Harry Browne."





From roach_s at alph.swosu.edu  Tue Nov  5 09:00:18 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Tue, 5 Nov 1996 09:00:18 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
Message-ID: <199611051700.JAA07885@toad.com>


A quick note, I consider myself to be a nerd.  This is in part "reclaiming",
as I found myself uninterested in sports, as my classmates were, and found
computers fun.(good reason too, considering I had access to one of those, an
old TI99/4a, longer than I had classmates).  I didn't grow up un either log
tables or slide rules, but I did learn how to do basic arithmetic on both
the traditional slide rule, and a round one designed for engineers.  At one
time, nerds were the intellectuals, the only thing that has really changed
is that now the nerds are in control, making intellectual arts a little more
appealing.  I'm only a 21 year old college student who is still somewhat
ignorant, make that quite ignorant, about the world, but I do feel that just
because it was an unpopular term to describe you, it isn't disrespectful to
consider ourselves nerds.  Relevance to Crypto, none.  Just attempting to
defend myself in the ether.
>From ???@??? Sun Nov 03 22:49:13 1996
To: cypherpunks at toad.com
From: Sean Roach <roach_s at alph.swosu.edu>
Subject: Re: Sliderules, Logs, and Prodigies
Cc: 
Bcc: 
X-Attachments: 

A quick note, I consider myself to be a nerd.  This is in part "reclaiming",
as I found myself uninterested in sports, as my classmates were, and found
computers fun.(good reason too, considering I had access to one of those, an
old TI99/4, longer than I had classmates).  I di






From 3bmice at nym.alias.net  Tue Nov  5 09:27:03 1996
From: 3bmice at nym.alias.net (Three Blind Mice)
Date: Tue, 5 Nov 1996 09:27:03 -0800 (PST)
Subject: AOL /  CyberPromo email blocking
Message-ID: <199611051726.MAA09978@anon.lcs.mit.edu>


This was in the Daily Brief on 11/05:

* A federal Judge ruled yesterday that America Online can block
  junk e-mail from Cyber Promotions Inc.
    - said neither the First Amendment nor the constitutions of
      Pennsylvania or Virginia allow Cyber to send unsolicited
      computer ads to AOL members.

Does anybody know where I can find a full article on this?  It sounds like
it might set some precedent for other cases dealing with the Internet.

Thanks,
--3bmice






From sandfort at crl.com  Tue Nov  5 09:28:09 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 5 Nov 1996 09:28:09 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <327ECAC8.2781@ai.mit.edu>
Message-ID: <Pine.SUN.3.91.961105090921.9423B-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996, Phill wrote:

> ...as Mills observes [rights] are a product of law.  Society
> finds it necessary to enact laws to protect rights...

Logically, you can't have it both ways.  Which is it?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From sandfort at crl.com  Tue Nov  5 09:34:20 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 5 Nov 1996 09:34:20 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <327EE192.7D6B@gte.net>
Message-ID: <Pine.SUN.3.91.961105091624.9423C-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 4 Nov 1996, Dale Thorn wrote:

> A more practical and realistic example might be if Dale was
> living in an apartment, and Dale's mother walked out to the
> garage to get into her car, and the next-door neighbor started
> calling her the most vile and foul things...
>
> This is far more realistic than your example, since the
> immediate neighborhoods where these situations develop are a
> better model for cypherpunks than the inside of one
> individual's home...

I disagree.  This IS inside someone's home--both metaphorically
and in reality.  John has graciously provided us with a venue for 
our never-ending Cypherpunk salon.  I think my example of an
inappropriate guest in Dale's mom's livingroom is exactly on 
point.  Just for the record, I would appreciate it if Dale would
address my hypothetical, just in case other readers find it as
cogent as do I.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From ph at netcom.com  Tue Nov  5 09:36:33 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Tue, 5 Nov 1996 09:36:33 -0800 (PST)
Subject: Kill Files
Message-ID: <v02140b01aea52a52e8b2@[192.0.2.1]>


I've been experimenting with a kill file.  It is quite effective,
takes very little time to set up, and imposes minimal overhead on my
machine.

In general people who have written worthwhile articles continue to do
so.  Those who have not in the past, tend not to in the future.

So, I sort by poster into three categories: the A-list, the maybe-read
list, and the killfile.  My A-list has about 35 names and the
resulting messages are, in my opinion, almost entirely signal.  I use
the maybe-read list to find people who should be on the A-list.  The
kill file I don't read.

If people post on things that don't interest me, I killfile them.  If
they bore me, I killfile them.  If they are rude, I killfile them. If
they use obscenities I am likely to killfile them.  If they make naive
statements, I killfile them.  If they whine too much, I killfile them.

I now have a cypherpunks list which is worth reading.

I was surprised that so many core cypherpunks allowed Dmitri Vulis to
upset them so much.  That was obviously his intention.  Is it really
so shocking to learn that somewhere out in the world there is one
loser?  Follow Tim May's fine example - killfile him and forget him.

Killfiles are easy to set up.  You don't need to write a line of code.
I use the filters in Eudora.  Eudora is available for Macs and PCs.
If you are using a Unix box, procmail will do the trick.  If you don't
know much about these tools, you probably know somebody who does.  If
you don't, you can probably find people on the cypherpunks list who
will be more than happy to help you.  I will be happy to help you.

It is wonderful that John Gilmore and Hugh Daniels have done so much
to keep this list running.  John can do anything he wants with his
machines and with this list.  But, I was disappointed to see him
remove somebody from it.  Why?  I prefer to choose for myself who to
killfile and who not to.  Unfortunately, beggars can't be choosers.

Peter Hendrickson
ph at netcom.com







From bryce at digicash.com  Tue Nov  5 09:38:55 1996
From: bryce at digicash.com (Bryce)
Date: Tue, 5 Nov 1996 09:38:55 -0800 (PST)
Subject: [NOISE] [philosophypunks] Re: Dr. Vulis
In-Reply-To: <9611051635.AA05667@etna.ai.mit.edu>
Message-ID: <199611051738.SAA08932@digicash.com>



-----BEGIN PGP SIGNED MESSAGE-----

 Dr. Phillip Hallam-Baker <hallam at ai.mit.edu> wrote:
>
> And of course this is not an action that can be strictly justified in
> terms of absolute rights which many are fond of prating on about.
> Rights are limited, as Mills observes they are a product of law. Society
> finds it necessary to enact laws to protect rights. Dmitri's posts were
> affecting other people's right to speak. There is thus the traditional
> liberal conflict, that of having to infringe rights to protect them.


to which I, Bryce <bryce at c2.net> replied:
>
> Dear Sir:  I humbly put it to you that the above reflects a 
> misunderstanding about the libertarian conception of "absolute
> rights".  I personally do _not_ subscribe to said theory, but 
> I try to understand a thing correctly before criticizing it in 
> public.


to which he, <hallam at ai.mit.edu> wrote:
> 
> Given that the only recognised philosopher to take the libertarian
> position is Nozdic and he has semi-recanted I think it perfectly
> reasonable to base the libertarian position on the views of 
> people calling themselves libertarians.


Okay.  Normally I would rather argue about viewpoints expressed
in written opinions by writers like pre-communitarian Nozick, 
Ayn Rand, David Friedman and so forth than about difficult-to-
pinpoint "views of people calling themselves libertarians", but
in this case it will make little difference to my argument,
which is that your article quoted at the beginning of this
message reflects a misunderstanding of those views.


> If you don't ascribe to "absolute rights" based in natural law
> then it sounds as if you accept that rights are derived
> from prior principles. If you accept that then you are a
> simply taking the traditional liberal position.


Hm.  This is as may be, but it is tangential to my purpose in
publically calling you on your (presumably innocent) 
misrepresentation.


<snip on Hallam-Baker on Mills on "'absolute' rights">


Sure, I agree with you that Mills doesn't start with rights as
an assumption, but rather argues for them from prior
assumptions.  When I said that Mills argues for "absolute 
('unbalanced')" rights, I meant that he argues for individual
rights with (almost) no exceptions, in constrast to your
your assertion that "the main theory it advances is of the 
*balance* between the rights of communities and the rights of 
individuals.".  I doubt very much that Mills _ever_ used the
phrase or the concept of "rights of communities" and I know
that the main theory that _On_Liberty_ advances is the (almost)
total sovereignty of individual rights.  (I see now that 
I shouldn't have called Mills' conception of rights "absolute",
because of the existence of that "almost" there...)


But this, too, is tangential to my point...


> Mill was not an anarchist, he was a classic liberal utilitarian.
> Its rather ironic that nobody on the list has recognised that I
> advance a classical utilitarian position and that if I quote Mill
> I'm quoting a principle authority.


Hm.  I was taught that Mills recanted Benthamism and became a
vigorous philosophical adversary of it before writing _On_
_Liberty_.  Are you counting _On_Liberty_-era Mills as some 
kind of "neo-Benthamite utilitarian" or is one of us mistaken 
on his self-identification?


But this, too, is tangential to my point, which I will get
around to now.


You wrote, in the article that spawned this thread:

> And of course this is not an action that can be strictly justified in
> terms of absolute rights which many are fond of prating on about.


Now I must strongly assert that this _is_ an action that can be
strictly justified in terms of absolute rights as understood
by people who call themselves libertarians.  I don't believe 
that Dr. Vulis _should_ have been banned from cypherpunks, and 
I don't believe in absolute rights as understood by people who
call themselves libertarians, but I must state that your 
assertion quoted above reflects a profound misunderstanding of
that viewpoint.


The idea of absolute rights as understood by libertarians
states that no-one is justified in exercising "the use of
force" against another person unless in self-defense against
similar "use of force" from that person.  [Note:  "the use of
force" is in quotes because it has a particular meaning in this
context which is essential to appreciating the theory.  The
meaning of "the use of force" in this theory is:  "One of: a.
performing physical violence upon the subject, b. threatening
to perform physical violence upon the subject, c. stealing the
subject's property.".]


Now if you are able to read and comprehend the above paragraph
then you must find it obvious that this theory does not forbid
John Gilmore from banning Dr. Vulis from cypherpunks.  If you
are able to read and comprehend the above paragraph and _also_
understand its deficiencies and begged questions, then more
power to you, but you must still admit that the theory, as
understood by people who call themselves libertarians, fully
permits John Gilmore to ban Dr. V.


I look forward to your reply.


Regards,

Bryce



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMn97m0jbHy8sKZitAQGiPgL9GJqxboWmhOoMheYpPZTgPyRB6eMbf4J6
q2EmtQPoQB8HwhFLR4AV9C9TgZ4wb2lH2gCCDjqaUi0I+0Kc5AMUBfXvmh3tU/Q6
BkztyVtRQsM/IJ0ruLItYqJmrRTAmDou
=QQJG
-----END PGP SIGNATURE-----





From gary at systemics.com  Tue Nov  5 09:59:25 1996
From: gary at systemics.com (Gary Howland)
Date: Tue, 5 Nov 1996 09:59:25 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <Pine.OSF.3.91.961104212605.8774A-100000@gaston.tenet.edu>
Message-ID: <327F807E.500F9F30@systemics.com>


Dan Harmon wrote:
> 
> What is the story on this or is it more ravings?
> 
> Dan
> 
> On Mon, 4 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> > frantz at netcom.com (Bill Frantz) writes:
> > > [John Gilmore]  has said to Dr.
> > > Vulis, "You are no longer a member of the cypherpunks community."
> >
> > I recall we've been through this over a year ago, when I saw an announcement
> > of a cypherpunks physical meeting where someone was excluded for his political
> > views, and I said that I don't consider myself a cypherpunk. I'm glad that
> > John and Bill, the auhorities on cypherpunk membership, finally concur.


I think he is referring to the explicit and public non-invite of Jim
Bell to a cypherpunks meeting, due to some of Jim Bell's Assination
Politics posts.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary at systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06





From ichudov at algebra.com  Tue Nov  5 10:10:43 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Tue, 5 Nov 1996 10:10:43 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <Pine.SUN.3.91.961104181608.24626A-100000@crl4.crl.com>
Message-ID: <199611051558.JAA08995@manifold.algebra.com>


Sandy Sandfort wrote:
> C'punks,
> On Sun, 3 Nov 1996 paul at fatmans.demon.co.uk wrote:
> 
> > John, if you, and those who support your actions, claim to be 
> > libertarians you need to take a good hard look at what you have
> > done.
> 
> The core basis of libertarianism, the non-aggression principle,
> is usually expressed something like this:
> 
> "No one has the right to initiate force for fraud against another."
> 
> Perhaps Paul would be so kind as to tell us how he believes John 
> has violated this standard.
> 

Unsubscribed him by force?

	- Igor.





From kb4vwa at juno.com  Tue Nov  5 10:13:35 1996
From: kb4vwa at juno.com (Edward R. Figueroa)
Date: Tue, 5 Nov 1996 10:13:35 -0800 (PST)
Subject: Information
Message-ID: <19961105.131710.5207.1.kb4vwa@juno.com>


I'm a new Cyberpunk!   

I apologized if this is not the place to post this message request.

I have some interesting projects and questions for the Cyberpunk world.

I would like to know if there is any Cyberpunks in S. Florida (Miami) who
could converse with me about Crypto?   I am very interested in making new
Cyberpunk friends, meeting places,  etc.., or please send me E-mail.

I would like to know where to place my Public Key?   Note, I only have
E-mail access at this time, and not the Net access, but could have a
friend place the key for me.

Last,  I would like to know once and for all,  is PGP compromised,  is
there a back door, and have we been fooled by NSA to believe it's
secure?

Ed - 

kb4vwa at juno.com





From sandfort at crl.com  Tue Nov  5 10:17:31 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 5 Nov 1996 10:17:31 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <199611050657.AAA07260@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961105094251.9423F-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996 ichudov at algebra.com wrote:

> Sandy Sandfort wrote:
> > (b) Nobody on this list gave up any freedom.  And we are still 
> >     the beneficiaries of John's largesse, not his victims.
> 
> So, you say that I still have the freedom to behave as Vulis did?
> 
> I think not.

Of course Igor does.  As does Dimitri.  And John has the right 
to kick him off if he so desires.  What igor does not have--and 
never did have--was a right to arbitrarily use John's resources
contrary to John's wishes.

> > (c) Freedom has been defended not limited.  If Dimitri or even
> >     a majority of Cypherpunks could overrule Johns control of
> >     his own resources, then there would have been a loss of
> >     freedom with dangerous implications for us all. 
> 
> No one is suggesting to overrule him. It is an attempt to persuade him.
> Your point is lost.

Perhaps Igor did not understand my point, or I did not make 
myself clear enough.  I was illustrating the only way someone's 
freedom could be lost given the current controversy.  

Ironically, giving Dimitri the boot has benefited the Cypherpunk
list in at least two ways.  It has vastly lowered the level of
ugly flames and personal attacks.  It has also provided us with 
a wonderful opportunity to explore such concepts as censorship,
freedom, rights and property.  I much prefer it when this list
is a forum for ideas rather than a outlet for spoiled tantrums
by the emotionally challenged.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From hallam at ai.mit.edu  Tue Nov  5 10:49:08 1996
From: hallam at ai.mit.edu (hallam at ai.mit.edu)
Date: Tue, 5 Nov 1996 10:49:08 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <Pine.SUN.3.91.961105090921.9423B-100000@crl.crl.com>
Message-ID: <9611051854.AA09590@etna.ai.mit.edu>



>> ...as Mills observes [rights] are a product of law.  Society
>> finds it necessary to enact laws to protect rights...

>Logically, you can't have it both ways.  Which is it?

Both sentences say the same thing. Society enacts laws which
provide protections to the individual. As a result of these
protections the individual has rights.

The decision to enact laws may be affected by a consensus 
in society concerning which rights are desirable. But this
does not affect the fact that the realisation of rights is
a through society and law.

If you like you could replace the word "protect" with "create"
but most laws enacted don't create rights, rather they continue
to preserve previously granted rights which are under threat.


And then you get the type of laws which Bod Dole so ardently 
fought for such as special favours to Archer Daniel Midlands,
the Kansas Argi-business which recently paid a $100 million
corruption fine. Of course power can be exercised in a corrupt
fashion.

If you admit that rights are simply abstract conclusions from
a wider arguement based in more fundamental principles then
there is some purpose to the discussion. Otherwise the argument
is simply a stale restatement of the axioms as the conclusion.


If we return to the original basis on which Mill opposed censorship
its not hard to find out why Dimitri is denied his support. The
argument is based on the need to keep alive debate. Dimitri wants
to prevent debate, he does not wish to meet with the argument,
he merely wishes to indulge in character assasinations and insults.


		Phill





From pcw at access.digex.net  Tue Nov  5 11:30:15 1996
From: pcw at access.digex.net (Peter Wayner)
Date: Tue, 5 Nov 1996 11:30:15 -0800 (PST)
Subject: Announcement-- Reward for Errors...
Message-ID: <v02140b05aea54176c8ec@[199.125.128.5]>



At this moment, I'm preparing the second edition of my book
_Digital Cash_. In order to reduce the errors and improve the
book, I'm announcing rewards of $10.00 per technical error to
the first person to report each particular error to me. They
will also receive a personal mention in the thanks given at the
front of the book if they don't want to remain anonymous.

Naturally, I need to limit this offer. All awards are subject to
my whims. Errors in grammar and spelling are not eligible. I
will make the decision of which person is the first to make a
bug report. If something seems more like a feature than a bug, I
may not pay a reward. Also, I am free to decide upon the basic
granularity of the errors. My decision is final, but I hope to
be as inclusive as possible to reward people who take the time
to write. I want to be as generous as my pocketbook allows. If
this works out well, the second edition will sell more books
which will allow me to offer even larger rewards when I prepare
the third edition.

I'm also asking that people forward any suggestions for
additional topics to me. A copy of the table of contents can be
found on my web page
(http://www.access.digex.net/~pcw/pcwpage.html).  If you're a
company or a researcher with an interesting contribution to the
world of digital transactions, please write. I want to be as
inclusive as possible.


My thanks to everyone who takes the time to consider this offer.

The offer is in effect for a limited period of time and may be
withdrawn at any time. See my web page for announcements.

-Peter Wayner
pcw at access.digex.com







From droelke at rdxsunhost.aud.alcatel.com  Tue Nov  5 11:36:02 1996
From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Tue, 5 Nov 1996 11:36:02 -0800 (PST)
Subject: URG_ent
Message-ID: <9611051935.AA04338@spirit.aud.alcatel.com>




Not to beat up on Medcom - but doesn't this sound like a
nice DES cracking target?

> 
>  "Medcom introduces a "Super Cafe" data encryption product"
> 
>     Medcom's latest data encryption product, the Secure Socket 
>     Relay (SSR), features strong encryption with full key length 
>     (56-bits DES). A demo version can be downloaded at
>     http://www.medcom.se/.
> 
> 
------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke at aud.alcatel.com                             Richardson, TX






From tcmay at got.net  Tue Nov  5 11:44:16 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 5 Nov 1996 11:44:16 -0800 (PST)
Subject: "Fortune" article on crypto
Message-ID: <v03007800aea547163a07@[207.167.93.63]>



Wading through 150 or more messages from while I was away (a huge fraction
of them either about or from Vulis), I didn't see mention of the long
article on crypto, export issues, RSADSI, Bidzos, the NSA, etc., in the
current issue of "Fortune" magazine, 11 November.

One think caught my eye, though I haven't finished reading the whole thing.

"Bidzos professes what seems sincere respect for the spy agency--several of
its former staffers even work for him. But he insists that it needs a
gadfly: "I've gone there a few times and listened to their dark-side folks.
I always come out feeling that I'm a traitor. I deserve to die. I'm causing
the early demise of society and should just scuttle the company, But an
hour after I leave the agency, my head clears and I think, "Okay, back to
reality.""

This echoes the feeling I often have (though I have never been given the
"If you knew what we know" spiel, though I have a vivid imagination and
have known for the last half-dozen years what the implications of strong
and untraceable crypto implies). That is, I understand the role of the NSA
and the longterm "threats" strong crypto implies.

(I avoid blather about how all it is useful for is to protect the
democratic and privacy rights of citizen-units. That's comforting twaddle,
popular with some journalists and some namby pamby privacy advocates. In
fact, strong crypto is a tool for deconstructing and demolishing democratic
institutions, which is why I support it. Obviously. Yes, I sometimes get
concerned about the lives which will be affected, but, ultimately, the
ubermensch must do what he must do, regardless of how some in the herd are
affected.)

Also Sprach Tim,


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From sandfort at crl.com  Tue Nov  5 12:12:14 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 5 Nov 1996 12:12:14 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <199611051558.JAA08995@manifold.algebra.com>
Message-ID: <Pine.SUN.3.91.961105115311.17274A-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996 ichudov at algebra.com wrote:

> Sandy Sandfort wrote:
> > The core basis of libertarianism, the non-aggression principle,
> > is usually expressed something like this:
> > 
> > "No one has the right to initiate force for fraud against another."
> > 
> > Perhaps Paul would be so kind as to tell us how he believes John 
> > has violated this standard.
> > 
> 
> Unsubscribed him by force?

Obviously not, unless one wishes to completely distort the 
meaning of the word.  The /reducto ad absurdum/ implied by 
Igor's question would say that when a volunteer stopped 
volunteering his services, he was initiating force against his
former beneficiaries.


 S a n d y

	"English, it's not just for school anymore."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From sandfort at crl.com  Tue Nov  5 12:25:26 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 5 Nov 1996 12:25:26 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <9611051854.AA09590@etna.ai.mit.edu>
Message-ID: <Pine.SUN.3.91.961105120912.17274B-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996 hallam at ai.mit.edu wrote:

> 
> >> ...as Mills observes [rights] are a product of law.  Society
> >> finds it necessary to enact laws to protect rights...

I responded:

> >Logically, you can't have it both ways.  Which is it?

To which Phill alleged:
 
> Both sentences say the same thing. Society enacts laws which
> provide protections to the individual. As a result of these
> protections the individual has rights.

Unfortunately, both sentences, as originally written, DO NOT
say the same thing.  They are recursive in the extreme.  

"Society enacts laws which provide protections to the individual"
is not the logical equivalent of "Society finds it necessary to 
enact laws to protect rights" unless rights exist prior to the
enactment of laws.  

Maybe Phill should just say he misspoke himself rather then go
through his elaborate back-and-fill charade.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From sandfort at crl.com  Tue Nov  5 12:35:43 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 5 Nov 1996 12:35:43 -0800 (PST)
Subject: HAPPY GUY FAWKES DAY!
Message-ID: <Pine.SUN.3.91.961105123056.18719A-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
and his compatriots had intended to blow up Parliment.

The English celebrate it because Guy Fawkes failed.

I celebrate it because he tried.  :-)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	





From hallam at ai.mit.edu  Tue Nov  5 12:43:14 1996
From: hallam at ai.mit.edu (hallam at ai.mit.edu)
Date: Tue, 5 Nov 1996 12:43:14 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <Pine.SUN.3.91.961105120912.17274B-100000@crl.crl.com>
Message-ID: <9611052049.AA09638@etna.ai.mit.edu>



>> Both sentences say the same thing. Society enacts laws which
>> provide protections to the individual. As a result of these
>> protections the individual has rights.

>Unfortunately, both sentences, as originally written, DO NOT
>say the same thing.  They are recursive in the extreme.  

They are mutually recursive but the types of the relations are 
different.

Laws create rights	- argument in "is"
=> Should create good laws to protect valid rights.
			- argument in "ought"

Of course the two sentences don't say exactly the same thing, 
otherwise I would have written one.

If law did not have the potential to create rights there  would
not be the same duty of care for law creators.

>Maybe Phill should just say he misspoke himself rather then go
>through his elaborate back-and-fill charade.

I'll tell you what, ill admit that my original statement was
not of the clarity that I would ideally wish to achieve. But
I don't think that we need apply the criteria of a journal article
here. :-)

I don't think we have a problem with the statements conflicting,
there is an interaction. What a Hegelian would call dilectic. 
I prefer to use a different term for much the same reasons as
Sorros, the misuse of the term has created garbage that one
does not want to associate with (eg Historical materialism). 


		Phill







From adam at homeport.org  Tue Nov  5 12:52:04 1996
From: adam at homeport.org (Adam Shostack)
Date: Tue, 5 Nov 1996 12:52:04 -0800 (PST)
Subject: British Telecom merger with MCI
In-Reply-To: <Pine.SUN.3.91.961105090403.5329B-100000@tipper.oit.unc.edu>
Message-ID: <199611052048.PAA01743@homeport.org>


Can you offer up examples of 3des export?  Demonstrating that the law
is arbitrarily enforced would probably be a big, big win on the 1st
ammendment grounds.  They can't censor Phil and not censor Stew Baker
for the same speech.

Adam


Simon Spero wrote:

| > Phil Karn failed to get an export license for 3des for foriegn offices
| > of Qualcomm, staffed by Americans.  See
| > www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 
| 
| [whoops] 
| That's unusual - certainly, for the bigger companies it seems to be pretty
| automatic, especially for NATO countries. Of course, it could just be that 
| Phil is "known to the authorities". 
| 


-- 
Celebrate Guy Fawkes day.  Send a revolutionary to Congress.







From jbugden at smtplink.alis.ca  Tue Nov  5 13:02:07 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Tue, 5 Nov 1996 13:02:07 -0800 (PST)
Subject: Dr. Vulis
Message-ID: <9610058472.AA847238509@smtplink.alis.ca>



Hallam-Baker <hallam at ai.mit.edu> wrote:
> the main theory [Mill's book _On_Liberty_] advances is of the *balance*
> between the rights of communities and the rights of individuals. 

Two words: Schelling Point.

James






From dlv at bwalk.dm.com  Tue Nov  5 13:42:33 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 5 Nov 1996 13:42:33 -0800 (PST)
Subject: Dr. Vulis please read this.
In-Reply-To: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961105160508Z-3739@csa-ntx.chemson.com>
Message-ID: <DiRXwD1w165w@bwalk.dm.com>


"Butler, Scott" <SButler at chemson.com> writes:

> Dr. Dimitri Vulis  (KOTM)
> 
> Do you think that it would be possible for you to leave this mailing
> list quietly WITHOUT sending mail to it again unless you have anything
> that may be found interesting / useful regarding cryptography.

Thank you, Scott, for your advice, which reminds me of the following story:

One day the Germans were about to shoot two Jews, named Abram and Moisha. 
The Germans offered the Jews blindfolds. Abram bravely declined, to which
Moisha said: "Take it, Abram, don't make trouble!"

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From rcgraves at ix.netcom.com  Tue Nov  5 13:42:48 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Tue, 5 Nov 1996 13:42:48 -0800 (PST)
Subject: [NOISE] If the shoe fits, wear it [VULIS]
Message-ID: <199611052140.QAA09882@spirit.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Dr.Dimitri Vulis KOTM wrote:
> 
> I've pointed out already that apparently John is not, so far,
> filtering out my submissions to the c-punks list.

Correct. It's just a formal way of saying you're unwelcome, really. 
Shoo.

> However I'd like to take exception with the two claims made in
> the articles cc'd to me so far:
> 
> A that only governments can censor;
> 
> B that post-factum punishment for "inappropriate" speech is not
> censorship.

I agree with your objections, probably because you're attacking straw 
men.

> Certainly Disney owned WABC and was within its rights to censor it.
> Likewise John Gilmore is within his rights to destroy his own
> credibility and to expose his own hypocricy.

Yes, this gets to my point. Private censorship tells more about the 
censor than about the censored. In this case, John acted properly, and 
his credibility has only been enhanced. You are of course free to rant 
and rave about his hypocrisy, but expecially since you'll always be able 
to post to the list, at least under a nym (the only thing he's prevented 
is your reading the list under your own name), you're only proving 
yourself to be an idiot.

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMn+0UioZzwIn1bdtAQE+DwF/YHGRdPpQ3JqotsUWw303aYCmKn7d9il1
4sCKaEIMy7NHT1uvRR1DL8oBgZGsVUwH
=acPs
-----END PGP SIGNATURE-----





From sandfort at crl.com  Tue Nov  5 14:35:04 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 5 Nov 1996 14:35:04 -0800 (PST)
Subject: Dr. Vulis
Message-ID: <Pine.SUN.3.91.961105143024.24101B-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,


On Tue, 5 Nov 1996 Phill wrote:

> Of course the two sentences don't say exactly the same thing, 
> otherwise I would have written one.

That never stopped academics before.
 
> I don't think we have a problem with the statements conflicting,
> there is an interaction. What a Hegelian would call dilectic. 
> I prefer to use a different term for much the same reasons as
> Sorros, the misuse of the term has created garbage that one
> does not want to associate with (eg Historical materialism). 

Please eschew the obfuscation.  The sentences Phill hastely wrote
are simply contradictory.  It's fatuous to claim, after the fact,
that he intended some sort of dialectic (i.e., a system of 
arguement in which conflicting ideas are resolved).

Intellectual honesty isn't required on this list, but it is
appreciated.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









From camcc at abraxis.com  Tue Nov  5 14:38:54 1996
From: camcc at abraxis.com (camcc at abraxis.com)
Date: Tue, 5 Nov 1996 14:38:54 -0800 (PST)
Subject: Censorship on cypherpunks [RANT]
Message-ID: <2.2.32.19961105223802.0068e2cc@smtp1.abraxis.com>


At 07:20 AM 11/4/96 -0800, you wrote:
:
:So if c-punks is really "private", how does it decide (arbitrarily?) who to
include
:and who to reject?

Since it IS private, the owner has to justify NOTHING, vis-a-vis the list.
We _choose_ to supplicate to join; we are _allowed_ to join (or not allowed)
by the owner's grace; we may always _choose_ to unsubscrive [sic]; if we do
it correctly, we are off the list.

Let me repeat, the onus is NOT on the owner to justify the use of his property.
Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc at abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             






From rcgraves at ix.netcom.com  Tue Nov  5 14:40:13 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Tue, 5 Nov 1996 14:40:13 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more [VULIS]
Message-ID: <199611052238.RAA10139@spirit.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Igor Chudov @ home wrote:
> 
> I guess libertarian philosophy permits operating a private mailing
> list and imposing whatever rules the host deems necessary to invent.

Clearly.

And contractural principles suggest that there should be transparency in 
those rules.

> The question is, can this ist be called a free medium for exchange of
> ideas, or not. My answer is no.

I say you're wrong. Vulis has been denied nothing but the dignity of 
reading the list under his own name. He still has freedom to read under 
a pseudonym, and he still has freedom to post under his own name, or any 
other.

> Moderated forums might create some utility (by saving the time of
> their participants, for example), but they should identify themselves
> as such.

Such as by notifying the list that exactly one particularly obnoxious 
member has been kicked off, and allowing *unlimited* discussion on the 
list about the impact of doing so? I think this is working.

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMn/BzSoZzwIn1bdtAQGk+wGAgv2SrJzetHEzgs9DxahGvB8ReGWi8mDB
aEGj8o8aW2DNGrDSx4f8DBDS4a8605Tc
=oQeM
-----END PGP SIGNATURE-----





From roach_s at alph.swosu.edu  Tue Nov  5 14:44:17 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Tue, 5 Nov 1996 14:44:17 -0800 (PST)
Subject: [rant] Re: Censorship on cypherpunks
Message-ID: <199611052244.OAA15338@toad.com>


>
>Obviously many voluntary religious organizations have quite strict rules
>for their members and are compatible with libertarianism.  Government
>monopoly regulations that cannot be opted out of are not compatible with
>libertarianism. 

May I remind you that if you want to leave this country, all you have to do
is board a plane.  Many people have suggested similar things about various
groups for about two centuries.  The major difference between this list and
this government is that it is easier to start a new list.






From roach_s at alph.swosu.edu  Tue Nov  5 14:44:27 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Tue, 5 Nov 1996 14:44:27 -0800 (PST)
Subject: [noise] Re: Sliderules, Logs, and Prodigies
Message-ID: <199611052244.OAA15345@toad.com>


Peter Trei wrote:
>
>When I was in high school, slide rules and log tables were standard
>equipment - calculators started to come in towards the end. There
>was a *lot* of controversy over their use in exams, and in homework
>('show your working...'). At one point, you could use a calculator, but
>only if you noted the fact (and model) on your exam paper.

If I remember my history right, the order that math was done often depended
on the model of calculator it was done on.  I remember being warned as late
as 1991 how some calculators may still still add before they multiply, and
to use those parenthesis for good measure, just to be safe.

>I still treasure one of the heirlooms from my grandfather - a 12
>inch bamboo rule, with his name carefully engraved in engineering
>lettering ( which he used during his 50+ years at Ma Bell).

I know where there used to be a basic model slide rule that spans about 10
feet, it was mounted on the wall of the math room where I spent junior high.
My dad actually taught me basic arithemetic on it.  (Ironically, on the
opposite wall were the computers, an Apple IIe, a Commodore 64, two
TI99/4a's and about 4 Tandy 1000/tx's, this did all take place before 1989)

Sean Roach






From hua at chromatic.com  Tue Nov  5 15:17:03 1996
From: hua at chromatic.com (Ernest Hua)
Date: Tue, 5 Nov 1996 15:17:03 -0800 (PST)
Subject: News: Europe Wants Stronger Encryption
Message-ID: <199611052315.PAA12733@ohio.chromatic.com>


>From C/Net News (http://www.news.com/News/Item/0,4,5076,00.html):

    Europe wants stronger encryption 
    By Alex Lash
    November 5, 1996, 5:30 a.m. PT 

    The European Electronic Messaging Association has told
    the European Commission that European companies are at a
    competitive disadvantage without access to strong
    American-made cryptography, according to the
    organization. 

    ....





From vznuri at netcom.com  Tue Nov  5 15:30:20 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Tue, 5 Nov 1996 15:30:20 -0800 (PST)
Subject: "censorship in cyberspace"???
Message-ID: <199611052329.PAA15991@netcom22.netcom.com>



I don't understand why people rant so much about censorship
in cyberspace, given the ease of buying a new tentacle.
a long time ago getting a new internet account was a big
deal, but now they are as prolific as flies.
you can now buy them for $7/mo from Community Connections,
courtesy of another cypherpunk (Sameer Parekh) on this list.
you even get a 5mb web site at this price, as I understand it.

I'd be interested in hearing of any other "tentacle havens" 
out there if anyone has any comment. <g>

my main point is that it's merely a semantic concept to say
that someone is "censored" from a mailing list. it's not
really possible to do such a thing anymore given how easy
it is to get new internet account with no ID necessary.
you can fight it or you can surf on it!! it's quite ironic
that to have the ability for a moderator to have a 
"civilized" forum with a guaranteed ability to obstruct
certain individuals, would require what cpunks would consider
an orwellian identification system. (tying a human to their
cyberspace posts. it could be done.)


p.s. one of these days I wonder if someone is going to mount
a really concerted attack against a mailing list using a
full tentacle arsenal instead of only a single email address
or anonymous remailers, just for the kicks of it.

the "automatic prose generator" technology out there leaves a lot
of other interesting ideas. an ingenious software engineer
with a flair for writing could create some pretty sophisticated
grammars that automatically generate text yet are impossible
to detect over perhaps even dozens of messages output by them.
they could even have their own personalities and writing styles,
if the software engineer were creative and devious enough.

 it's just a matter of time, and
really every mailing list in the world is defenseless against
it. does anyone have a technical solution? you'd solve one
of mankinds most pressing and difficult problems ever
encountered: "spam".

on the other hand, maybe such a thing has already happened
and no one knows about it. or maybe its happening right
now on this list. it would be absolutely impossible to detect
in all the typical noise if the "graffiti artist" were crafty enough.
 (hee, hee)





From jya at pipeline.com  Tue Nov  5 15:31:15 1996
From: jya at pipeline.com (John Young)
Date: Tue, 5 Nov 1996 15:31:15 -0800 (PST)
Subject: FOR_tun
Message-ID: <1.5.4.32.19961105220703.00683cfc@pop.pipeline.com>


Tim May wrote:

>I didn't see mention of the long article on crypto, export issues, 
>RSADSI, Bidzos, the NSA, etc., in the current issue of "Fortune" 
>magazine, 11 November.

----------

   "Techno-Hero or Public Enemy?"

   James Bidzos of RSA Data Security wants to go global
   with a potent shield against computer break-ins. Uncle
   Sam's most secretive spy agency wants to stop him. At
   stake is the right to privacy and the health of the
   U.S. software industry.

   -----

   http://jya.com/fortun.txt  (32 kb)

   FOR_tun






From vznuri at netcom.com  Tue Nov  5 15:46:26 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Tue, 5 Nov 1996 15:46:26 -0800 (PST)
Subject: "Fortune" article on crypto
In-Reply-To: <v03007800aea547163a07@[207.167.93.63]>
Message-ID: <199611052345.PAA18414@netcom22.netcom.com>



>
>(I avoid blather about how all it is useful for is to protect the
>democratic and privacy rights of citizen-units. That's comforting twaddle,
>popular with some journalists and some namby pamby privacy advocates. In
>fact, strong crypto is a tool for deconstructing and demolishing democratic
>institutions, which is why I support it. Obviously. Yes, I sometimes get
>concerned about the lives which will be affected, but, ultimately, the
>ubermensch must do what he must do, regardless of how some in the herd are
>affected.)

as usual, you skip the most interesting part. please elaborate on
why you are interested in "deconstructing and demolishing democratic
institutions". are you opposed ot democracy? do you support the 
constitution? it would be strange for you to say you agree with
the constitution but are opposed to democracy. apparently you
agree with anything that limits a government but nothing that
creates one? 

ok, so you've argued against police as a legitimate part of government
before as I recall (advocating, as other here, things like "private"
security forces etc.), so I won't get into that.

well, then, do you think there is a legitimate role for a legal system?

if not, how do you propose settling disputes in a civilized manner
other than "he with the biggest bazooka wins"?





From unicorn at schloss.li  Tue Nov  5 16:28:16 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 5 Nov 1996 16:28:16 -0800 (PST)
Subject: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <6eBwwD8w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961105192617.27527A-100000@polaris>


On Mon, 4 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> I won, but you misspelled my name. Yes, John Gilmore has complete destroyed
> his credibility together with whatever goodwill I personally had toward him
> - a pity.

Oh, shut up and go away.
No one wants to hear from you anymore.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From wb8foz at wauug.erols.com  Tue Nov  5 16:49:27 1996
From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states)
Date: Tue, 5 Nov 1996 16:49:27 -0800 (PST)
Subject: British Telecom merger with MCI
In-Reply-To: <Pine.SUN.3.91.961105090137.5329A-100000@tipper.oit.unc.edu>
Message-ID: <199611060045.TAA10751@wauug.erols.com>


Simon Spero sez:
> 
> On Mon, 4 Nov 1996, Adam Shostack wrote:
> > 
> > Phil Karn failed to get an export license for 3des for foriegn offices
> > of Qualcomm, staffed by Americans.  See
> > www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 
> 
> That's unusual- certainly for the bigger companies

It is far worse. Every time Qualcomm wishes to send a bug fix to
their Hong Kong switch, they must go through the entire song&dance
re: NSA/Commerce/etc.

Clearly harassment of The Enemy by Big Brother.


-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From Adamsc at io-online.com  Tue Nov  5 17:53:22 1996
From: Adamsc at io-online.com (Adamsc)
Date: Tue, 5 Nov 1996 17:53:22 -0800 (PST)
Subject: just what we #$%^&* needed from big brother....
Message-ID: <19961106015118734.AAA249@localhost>


On Mon, 04 Nov 96 19:15:39 +0000, attila at primenet.com wrote:

>Welcome to 1984+  what else with useless and illegally constituted
>bureaucrats add to their total infringement of every facet of our life. 
>
>.NEW SYSTEM LINKS LENDERS, IRS

>.information for the previous couple of years.  If the cross-check turns up a
>.more than $10,000 discrepancy between the earnings claimed on the application
>.and those declared for tax purposes, the IRS has the option of pursuing the

This isn't actually the end of the world.  In fact we should be applauding
their efforts to make their abominable system more efficient.  Whether it
should be scraped is another issue.   In other words, as long as they are
going to do it, they might as well do it right.  

#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From deviant at pooh-corner.com  Tue Nov  5 18:17:14 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Tue, 5 Nov 1996 18:17:14 -0800 (PST)
Subject: [NOISE]Re: Dr. Vulis; John was right!
In-Reply-To: <Pine.SUN.3.91.961104110543.25737E-100000@beast.brainlink.com>
Message-ID: <Pine.LNX.3.94.961106021327.147A-100000@random.sp.org>


On Mon, 4 Nov 1996, Ray Arachelian wrote:

> On Sun, 3 Nov 1996, Derek Bell wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > 	I'm not happy with the barring of Vulis from the list: sure he was
> > a kook and he posted many ad-hominem messages*, but I feel a mini-FAQ would
> > deal with the matter better. Explain the background to his tantrums** and
> > explain how to filter out messages with various mail packages.
> 
> 
> Right. I can see it now:
> 
>  "Hi, welcome to cypherpunks, it's a realy neat list where we talk about
> crypto and other cool things.  Think of it as a living room or a bar - uh,
> by the way, beware of that stain on the rug called Vulis, he will cause
> lots of flame wars and spew our racist crap, but aside from that your stay
> here will be a pleasant one.  You might want to filter him, here's how..."
> 
> Not cool.
> 

Well, we wouldn't do it like _that_...

just say something like 

"if you feel the need to flame somebody, consider filtering posts from
them instead, here's how..."

and then proceed to show Vulis as the example ;)


 --Deviant
Slowly and surely the unix crept up on the Nintendo user ...







From frissell at panix.com  Tue Nov  5 18:19:52 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 5 Nov 1996 18:19:52 -0800 (PST)
Subject: Exon's Seat Lost
Message-ID: <3.0b36.32.19961105212020.0073e520@panix.com>


Exon's seat goes to Republicans (according to ABC).  CDA probably not involved.





From dlv at bwalk.dm.com  Tue Nov  5 23:00:22 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 5 Nov 1996 23:00:22 -0800 (PST)
Subject: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <2.2.32.19961105063515.006c9fa4@gonzo.wolfenet.com>
Message-ID: <kZaywD20w165w@bwalk.dm.com>


Cerridwyn Llewyellyn <ceridwyn at wolfenet.com> writes:
> I don't think anyone has argued that the owner of the list doesn't have the
> right to remove people from it.  However, simply because he has the right to
> doesn't mean he should, and it also doesn't mean other members can't or
> shouldn't argue that he made a bad decision (unless, of course, the dissentin
> members are removed as well.)  Many, if not most, members believe the list
> should be run in a non-authoritarian manner (whoever argued that the term
> authoritarian applies only to governments is wrong.  the difference is a pers
> has the right to act in an authoritarian manner over his own property whereas
> a government doesn't have that right over it's citizens.  Again, however,
> having
> the right doesn't necessarily make it "okay").

I wholeheartedly concur. I happen to own a lot of books. I disagree with a lot
that's said in those books. I have the right to burn my books, but I don't. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dthorn at gte.net  Tue Nov  5 23:00:24 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 5 Nov 1996 23:00:24 -0800 (PST)
Subject: IRS Subscribed to Cypherpunks
In-Reply-To: <3.0b36.32.19961105070826.0070f470@panix.com>
Message-ID: <32802F79.242D@gte.net>


Duncan Frissell wrote:
> Got the following bounce.  The Cc: was to a real address.
> >Date: Tue, 5 Nov 1996 05:24:21 -0500
> >From: Administrator at ccmail.irs.gov (Administrator)
> >Subject: Message not deliverable
> >To: Duncan Frissell <frissell at panix.com>
> >Cc: XXXXXXXXX (Administrator)
> >Content-Description: cc:Mail note part

> >At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
> >>Libertarianism is not incompatible with strict regulations, as long as
> >>the rules violate nobody's rights.

> >Obviously many voluntary religious organizations have quite strict rules
> >for their members and are compatible with libertarianism.  Government
> >monopoly regulations that cannot be opted out of are not compatible with
> >libertarianism.  Instead of using the loaded term "regulations' it might be
> >better to call things like the rules of the cypherpunk's list "club rules"
> >or protocols.

Could be several things.  The IRS has (as of my visit in early 1996, anyway) adopted
the "hitman" technique of auditing, with specific per-hour $ goals, like traffic cops.

I'd guess at three things here.  1) Anyone hawking a product or engaging in barter, etc.
who is not paying the maximum tax, and  2) Studying certain aspects of net behavior or
usage for tax purposes, and  3) Trolling for fraud.






From unicorn at schloss.li  Tue Nov  5 23:02:09 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 5 Nov 1996 23:02:09 -0800 (PST)
Subject: Q.E.D. - MONTGOLFIERING, SPOOFS +
In-Reply-To: <Pine.BSI.3.95.961104222712.2559B-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.94.961106013534.10186A-100000@polaris>


On Tue, 5 Nov 1996 cypher at cyberstation.net wrote:

>          I recognize that the vast majority of list readers are
>          sensible human beings trying to better the profession they
>          love and serve the interests they represent.  As such,
>          readers of this thread do not need me, or a claque of
>          snivelers, to determine the probity of the impartations being
>          made. You are capable of determining that for yourselves.

You too, shut up and go away.

>          Preamble:
> 
>          In law school, potential attorneys are drilled in the three
>          prong postulate:
> 
>          1. If you can argue the facts, argue the facts, the
>             evidence.
> 
>          2. If you cannot argue the facts, then argue the law,
>             Shannon and Sneider.
> 
>          3. If you cannot argue the facts, or the law, then attack
>             the opposition, the people presenting the facts.

I don't remember this lecture.  Perhaps I missed it somehow.  I wasn't
sure so I thought I'd ask someone else.  Funny, I called a friend of mine
who went to Harvard, asked him about this lecture.  He seems to have
missed it too.  He was, however, interested to discuss false advertizing
with me.

>             Copyright 1996 by Donald R. Wood. All rights reserved.

I assume you copyright the patterns in your feces too?  It would follow,
as they are equally valuable.

>             Where do we go from here? As you read this, many companies
>             and individuals have purchased, are purchasing, copies for
>             test and evaluation under the newly announced limited
>             moneyback guarantee offer set out in our web site at:
> 
>                       netpriv.com

As you read this three people I've talked to are making official 
complaints to the FTC about this software, the advertizing and the tactics
used.  I'd be happy to introduce others who feel this product borders on
fraud to my law school friend who now co-heads the Advertizing Practices
section.  Feel free to e-mail me.



--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From amp at pobox.com  Tue Nov  5 23:02:22 1996
From: amp at pobox.com (amp at pobox.com)
Date: Tue, 5 Nov 1996 23:02:22 -0800 (PST)
Subject: Vilus
Message-ID: <Chameleon.847194220.amp@tx86-8>


Many thanks for all who have kept the discussion of Vilus and censorship in the 
subject lines of the current threads.

It greatly aids the elimination of much garbage (like this post).

I won't even see this post. Apologies for all with less efficient filters.


------------------------
Name: amp
E-mail: amp at pobox.com
Date: 11/05/96
Time: 05:41:19
Visit http://www.public-action.com/SkyWriter/WacoMuseum

EARTH FIRST! We'll strip mine the other planets later.
------------------------






From attila at primenet.com  Tue Nov  5 23:06:52 1996
From: attila at primenet.com (attila)
Date: Tue, 5 Nov 1996 23:06:52 -0800 (PST)
Subject: just what we #$%^&* needed from big brother....
In-Reply-To: <19961106015118734.AAA249@localhost>
Message-ID: <Pine.BSI.3.95.961106053612.6973A-100000@usr03.primenet.com>


On Tue, 5 Nov 1996, Adamsc wrote:

> On Mon, 04 Nov 96 19:15:39 +0000, attila at primenet.com wrote:
> 
> >Welcome to 1984+  what else with useless and illegally constituted
> >bureaucrats add to their total infringement of every facet of our life. 
> >
> >.NEW SYSTEM LINKS LENDERS, IRS
> 
> >.information for the previous couple of years.  If the cross-check turns up a
> >.more than $10,000 discrepancy between the earnings claimed on the application
> >.and those declared for tax purposes, the IRS has the option of pursuing the
> 
> This isn't actually the end of the world.  In fact we should be applauding
> their efforts to make their abominable system more efficient.  Whether it
> should be scraped is another issue.   In other words, as long as they are
> going to do it, they might as well do it right.  
> 
	my point is more towards: "...here goes another direct batch of
    information directly into the federal computers --home location and
    the link between real and 'imagined' income which immediately opens
    the door for the IRS CID to start a tax-fraud investigation which
    quickly leads to liens on your property, etc. while they audit the
    living life out of you.  just one more piece, a major one at that, in
    the national databank ready to persecute you....

_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.







From dthorn at gte.net  Tue Nov  5 23:07:00 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 5 Nov 1996 23:07:00 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961105091624.9423C-100000@crl.crl.com>
Message-ID: <328029BC.559B@gte.net>


Sandy Sandfort wrote:
> On Mon, 4 Nov 1996, Dale Thorn wrote:
> > A more practical and realistic example might be if Dale was
> > living in an apartment, and Dale's mother walked out to the
> > garage to get into her car, and the next-door neighbor started
> > calling her the most vile and foul things...
> > This is far more realistic than your example, since the
> > immediate neighborhoods where these situations develop are a
> > better model for cypherpunks than the inside of one
> > individual's home...

> I disagree.  This IS inside someone's home--both metaphorically
> and in reality.  John has graciously provided us with a venue for
> our never-ending Cypherpunk salon.  I think my example of an
> inappropriate guest in Dale's mom's livingroom is exactly on
> point.  Just for the record, I would appreciate it if Dale would
> address my hypothetical, just in case other readers find it as
> cogent as do I.

My computer and my access to cypherpunks is not inside of anyone's home.  One could
argue that all speech originates and/or is controlled anywhere, which is not the
point here.  Here, John has opened up whatever computer hardware for an essentially
public forum (I could detail the process of subscribing for you in intimate detail
and with all of its shades of meaning to demonstrate that it is perceived by a very
large segment of the subscribers as public), and has taken action to oust someone.

Now, don't you think it odd that if people really perceived this forum to be "really
private", that they would so strongly object to this ousting, particularly of the
person in question, who is not even liked by these objectors?

You can argue until doomsday the "privacy of home" issue, but I'd suggest to you that
a possible way to settle this in the minds of that large segment of participants who
disagree with you would be for John to make it more visibly clear on this forum that
the forum is his private child, and he can do whatever he darn well pleases with it.
Of course, what you're suggesting (subtly) is that one of the things John can darn
well do is keep silent, and continue to do as he pleases, which makes me wonder
about you.  If you really agree with the ousting, I don't understand why you're
arguing so hard for the "private home" issue; would you want to see a world someday
where all Internet communications are "controlled" by "private" individuals at "home"?
If you think about that for awhile, you'll at least understand what I'm getting at.






From dcrocker at brandenburg.com  Tue Nov  5 23:07:48 1996
From: dcrocker at brandenburg.com (Dave Crocker)
Date: Tue, 5 Nov 1996 23:07:48 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8851.0@fatmans.demon.co.uk>
Message-ID: <v0310061baea578d1263f@[205.214.160.146]>


At 4:42 PM -0500 11/4/96, Sandy Sandfort wrote:
>Granted, but neither is it a requirement to suffer fools.

	Actually I think that this view is at the core of the misunderstanding.

	In fact, we ARE required to suffer fools.  It is a clear and
acknowledged expense for an open society.

	This does not mean that we have to encourage them.  For example,
it's just fine to make a point of never responding to any mail from someone
you happen to consider a fool.  If enough list participants happen to
concur with your assessment, a de facto state of ostracism results.

	We need to acknowledge the responsibility we each carry for
encouraging continued activity by those we simultaneously assess as fools
(or worse.)

	Involuntary list membership termination is a fundamental error.

d/

--------------------
Dave Crocker                                             +1 408 246 8253
Brandenburg Consulting                              fax: +1 408 249 6205
675 Spruce Dr.                                  dcrocker at brandenburg.com
Sunnyvale CA 94086 USA                        http://www.brandenburg.com

Internet Mail Consortium                http://www.imc.org, info at imc.org







From snow at smoke.suba.com  Tue Nov  5 23:08:12 1996
From: snow at smoke.suba.com (snow)
Date: Tue, 5 Nov 1996 23:08:12 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <mqawwD6w165w@bwalk.dm.com>
Message-ID: <199611060510.XAA11348@smoke.suba.com>


>[This was sent directly to me, but apparently cc's to c-punks as well]
>Declan McCullagh <declan at eff.org> writes:
>>Libertarianism is not incompatible with strict regulations, as long as
>>the rules violate nobody's rights.
>Let's not confuse strict regulation with arbitrary and capricious plug-pulling.

    Let's also not confuse "capricious plug-pulling" with _daring_ the OWNER
of the machine the list is running on, and THE GUY WHO RUNS THE LIST to kick
your sorry racist ass off the list. He called your bluff, and any day now,
I expect him to prevent you from even posting in your own name. Not that that
will stop you.

    Like an parasite, you will infest any host you can find through any
possible vector. 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From jgrasty at gate.net  Tue Nov  5 23:08:16 1996
From: jgrasty at gate.net (Joey Grasty)
Date: Tue, 5 Nov 1996 23:08:16 -0800 (PST)
Subject: WinSock Remailer Down
Message-ID: <199611060451.XAA351660@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Y'all:

Effective immediately, winsock at c2.org is down until I find a new home
for it.  The account expired today, so it is an opportune time to find
a new location.  It will probably end up at Cyberpass, as soon as I 
have time to read the User Agreement from Hell (tm).  I expect to have
it back up at a different location in less than a week.

I'd like to thank Sameer at C2NET who has hosted the WinSock Remailer
during its painful birth and childhood.  I now need time to grow the
remailer into adulthood (read Windows NT and 95), so that remailers 
can spread widely.

Regards,

Joey Grasty
WinSock Remailer Operator


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoAY38ODO2V89BZZAQH2lAL+ITKvy9e8WB+66sQXwFqOatoV6SHYqY7Q
mcWad9UE43bqnHA10YJiCKqe/vfhEbpNgh9hB5JIn9bVkiWCvIDtl8tIzkHyvo9q
2l6xwMx0pwaN4SmfPBkn/0FLagT6pvdp
=L3Iq
-----END PGP SIGNATURE-----

--
Joey Grasty
jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes]
jgrasty at pts.mot.com [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann
PGP = A7 CC 31 E4 7E A3 36 13  93 F4 C9 06 89 51 F5 A7





From nobody at replay.com  Tue Nov  5 23:10:54 1996
From: nobody at replay.com (Anonymous)
Date: Tue, 5 Nov 1996 23:10:54 -0800 (PST)
Subject: Vulis profileVulis profile
Message-ID: <199611060457.FAA26857@basement.replay.com>


I had some free time this morning, and just for fun, thought I'd 
create a brief Net profile of our friend Dr. Vulis.  Here's what 
I found (sources included):

Dimitri Vulis
#4k Burns St, Forest Hills,NY 11375-3506
(718)261-6839
Source: http://www.yahoo.com (Four11 people search)

Birthday: December 29
Source: http://www.boutell.com/birthday.cgi/december/29

D&M Consulting Services (DM-DOM)
   67-67 Burns Street
   Forest Hills, NY 11375
   Domain Name: DM.COM
   Administrative Contact:
      Administration, PSINet Domain  (PDA4)  
psinet-domain-admin at PSI.COM
      (703) 904-4100
   Technical Contact, Zone Contact:
      Network Information and Support Center  (PSI-NISC)  
hostinfo at psi.com
      (518) 283-8860
   Record last updated on 31-Oct-96.
   Record created on 19-Jun-91.
   Domain servers in listed order:
   NS.PSI.NET                   192.33.4.10
   NS2.PSI.NET                  38.8.50.2
Source: InterNIC

Q: Who is Dimitri Vulis? 
A: Dimitri is an XSoviet immigrant who is enrolled (or used to be 
enrolled) in CUNY, and who is a computer professional involved 
i.a. in unicode matters. The realspace Dimitri is a polite person 
and a devoted family head.  It's cyberspace image is not nearly 
as nice, unfortunately. 

He harasses people all over the net with the most offensive sorts 
of messages, and uses dirty tricks to retaliate to the people who 
do get offended. Among his accomplished feats is a series of 
articles about cat-eating dogs posted to rec.pets.cats (which 
caused a wave of complaints and made him lost his CUNY account) ; 
a series of porno binaries with obscene comments about his 
opponents posted to math-related newsgroups (he lost another 
academic account, at fordham.edu, after this scandal); and a 
series of racist articles denigrating all aspects of romanian 
life and culture which used to haunt the romanian newsgroup for 
years. 

Of course most of his net.bile is spilled over his fellow 
XSoviets, particularly of Jewish origin (such as Michael 
Verbitsky, Boris Veytsman, Vlad Rutenberg or myself, as well as 
all Brighton Beach together); and a lot of stuff comes out from 
his alleged aliases in bwalk.dm.com, aol.com and fly.harvard.edu. 
Some of these aliases match the names of his opponents, as I 
already mentioned.  Sometimes not only the names but also 
addresses match (although paths don't). 

Dimitri Vulis also advertises the capabilities of his site for 
forging and cancelling articles. Sometimes he shrewdly comments 
articles of his own saying : "This article is most certainly 
forged, after all I spent a lot of time teaching you how to 
forge... but I nevertheless like this article's content". 
Source: 
http://www.math.harvard.edu/~verbit/scs/cranks/from-Shlomo.html
(much more there too)

AUTHOR PROFILE: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
510 articles posted between 1995/06/29 and 1996/11/02. 
71 % followups. 
Number of articles posted to individual newsgroups (slightly 
skewed by cross-postings): 
          132 misc.jobs.misc 
          67 news.admin.net-abuse.misc 
          67 news.groups 
          40 mail.cypherpunks 
          32 nyc.food 
          18 soc.culture.russian 
          13 news.admin.misc 
          12 nyc.general 
          10 news.admin.censorship 
          9 news.admin.policy 
          8 alt.censorship 
          7 alt.usenet.kooks 
          7 soc.culture.pakistan 
          6 alt.revenge 
          5 comp.os.ms-windows.nt.advocacy 
          5 soc.culture.soviet 
          4 alt.sex.plushies 
          4 sci.math 
          4 sci.physics 
          4 talk.politics.medicine 
          3 alt.folklore.computers 
          3 alt.security 
          3 comp.lang.ada 
          3 comp.security.misc 
          3 sci.crypt 
          2 alt.nocem.misc 
          2 alt.sci.physics.plutonium 
          2 aus.flame 
          2 comp.os.ms-windows.advocacy 
          2 comp.unix.advocacy 
          2 microsoft.public.netiquette 
          2 soc.culture.israel 
          1 alt.2600 
          1 alt.anonymous 
          1 alt.bible 
          1 alt.computer.consultants 
          1 alt.consumers.experiences 
          1 alt.fan.bill-gates 
          1 alt.fan.my-big-hairy-penis 
          1 alt.privacy 
          1 alt.shenanigans 
          1 alt.society.neutopia 
          1 aus.general 
          1 comp.ai 
          1 comp.mail.uucp 
          1 comp.os.ms-windows.nt.misc 
          1 comp.os.ms-windows.win95.setup 
          1 comp.sys.mac.advocacy 
          1 humanities.language.sanskrit 
          1 misc.entrepreneurs 
          1 misc.invest 
          1 news.newusers.questions 
          1 nj.misc 
          1 nyc.seminars 
          1 rec.humor 
          1 rec.motorcycles 
          1 sci.psychology.psychotherapy 
          1 soc.motss 
          1 tor.general 
Source: http://www.dejanews.com profile

Dimitri Vulis:
Contrib. post:
 whose obnoxious, derivative and not-very-funny Soviet emigre 
jokes from Brighton Beach were a weekly feature about a year ago 
on rec.humor . He ignored completely any requests to stop. 
Eventually he started getting flamed in demotic Russian-quite fun 
for those of us who could read it.
- Dan "And to think he felt it important enough to waste his two 
hours of daily connect time on it" Case
--
 so what _is_ the deal with vulis?  is "russian emigre" a 
codeword for "jew", or for "russian emigre", or for something 
else?  (if i recall correctly, minor and now somewhat reformed 
net.loon mikhail zeleny claimed rather convincingly that vulis's 
posts contained certain tell-tale phrases which are highly 
un-idiomatic in english ("dandruff-covered" was one of them, i 
think) which were dead giveaways of classic pathological russian 
anti-semitism.)  so is vulis russian?  an emigre?  a jew in some 
sense?  self-hating?  maybe a self-hating russian jewish emigre 
who hates only the jewish half of themself?  or maybe they hate 
the russian half too?  are they now or have they ever been, while 
residing in america, on the payroll of any branch of any soviet 
or russian government?  did they stop posting russian emigre 
jokes when the paychecks stopped coming?  are they a zhirinovsky 
supporter now?  the most recent messages posted by vulis
that i have seen seem designed mainly to convince people that 
both zhirinovsky and valery fabrikant are (russian?) jews.  (it's 
very likely true in fabrikant's case, at least.)  maybe vulis is 
a self-hating supporter of zhirinovsky and fabrikant?
--
Posts on soc.culture.soviet, and is apparently something of an 
institution there; likes to stir things up, and to flame and/or 
troll people. I'm not up on which sides are good and/or bad on 
s.c.s, which among other things seems to have been ravaged by 
Serdar Argic for a long time as well, driving away many
of the gentler posters. Is currently engaged in flamewar with 
Peter V. Vorobieff there. Posts from dlv at CUNYVMS1.GC.CUNY.EDU 
(Dimitri Vulis, CUNY GC Math).
Source: 
http://www.math.uiuc.edu/~tskirvin/home/legends/legends3.html

Dimitri Vulis's barcode font
ftp: ctan: tex-archive/fonts/barcodes/barcodes.mf
There is a mailing list, rustex-l, for discussion of typesetting
Cyrilic-based languages.  To subscribe, send mail to 
listserv at ubvm.bitnet
containing the text
 SUBSCRIBE RUSTEX-L <your name here>
or mail Dimitri Vulis, DLV%CUNYVMS1.BITNET at cunyvm.cuny.edu [or 
dlv at dm.com?]
Source: http://wsspinfo.cern.ch/faq/fonts-faq/metafont-list

Bar code fonts  ymir.claremont.edu      by Dimitri Vulis 
[anonymous.tex.mf]
BibTeX eedsp.gatech.edu for MS-DOS  v99 by J. Demel and Dimitri 
Vulis
Source: 
http://www.clinet.fi/pd/doc/texts/TeX-FAQ-supplement_(part_2_of_3
)
(this FAQ is dated 10 May 93)

Server The files of type para used in the index were: 
/u3/wais/mirror/cissites/cissites.txt A list of contacts for most 
known organizations in the former Soviet Union who either have or 
plan to have e-mail connections. Provided by the SUEARN-L list, 
SUEARN-L at UBVM.BITNET. Keywords: USSR, CIS, Russia, Latvia, 
Lithuania, Estonia, Baltic, Moscow, Leningrad, Siberia. The 
original document is stored on 
impaqt.drexel.edu:/pub/suearn/misc/cissites.txt and is available 
for anonymous FTP. 
>From the front matter: * The Authoritative Soviet E-Mail 
Directory and Guide ** For more information, subscribe to the 
SUEARN-L mailing list, or send e-mail to Michael Meystel or 
Dimitri Vulis (c) 1992 All rights reserved 
This file contains contact information (correct name / address / 
phone / fax #... possibly e-mail address) for sites of interest 
in the Commonwealth of Independent States (CIS). We occasionally 
get asked questions like 'What is the Russian name of IAS?' or 
'What is the postal address of St. Petersburg State U's math 
faculty?' or 'What does IPPI stand for?'. Over the years I've 
collected a fairly complete electronic address book of addresses 
of Soviet sites where mathematical research is done, which I 
gladly share. Sergej Gelfand and Don Parsons have kindly 
contributed their address lists (respectively, more math and 
oncology). An even more complete version of such file, listing 
sites of possible interest to people in other fields, and freely 
available on the Internet, would be very useful to many. Please 
send additions, corrections, suggestions, etc to: CISMAP at DM.COM I 
can't acknowledge everything, but I will try to read every 
e-mail. Dimitri Vulis ) 
Source: http://www.elvis.ru/wais/c.html







From sameer at c2.net  Tue Nov  5 23:13:09 1996
From: sameer at c2.net (sameer)
Date: Tue, 5 Nov 1996 23:13:09 -0800 (PST)
Subject: WinSock Remailer Down
In-Reply-To: <199611060451.XAA351660@osceola.gate.net>
Message-ID: <199611060709.XAA07329@atropos.c2.org>


> 
> I'd like to thank Sameer at C2NET who has hosted the WinSock Remailer
> during its painful birth and childhood.  I now need time to grow the
> remailer into adulthood (read Windows NT and 95), so that remailers
> can spread widely.
> 

	Thanks. =) 

	I personally think that Joey's Winsock-style remailers are the
way to go. It offloads the remailing work from the mail server, so
that anyone with a PC can have direct contorl over the remailer's most
intensive resources without making their ISPs mail server overloaded
or settingup a fulltime net site.

-- 
Sameer Parekh					Voice:   510-986-8770
C2Net						FAX:     510-986-8777
The Internet Privacy Provider
http://www.c2.net/				sameer at c2.net





From allyn at allyn.com  Tue Nov  5 23:17:06 1996
From: allyn at allyn.com (Mark Allyn 206-860-9454)
Date: Tue, 5 Nov 1996 23:17:06 -0800 (PST)
Subject: black high heal shoes?
In-Reply-To: <199611050102.RAA27424@art.net>
Message-ID: <199611060400.UAA23832@mark.allyn.com>


I had yet another strange dream recently:

Clinton wearing black and white shiny vinyl high
heel shoes, and nothing else but a transparent
plastic raincoat. 

Embroided on the back of the clear plastic raincoat
is the bar code for the RSA algorithm. 

He is walking around the RSA Data Security Conference
with the outfit on, trying to hug and kiss the attendees,
but they all ignore and make fun of him!

Mark





From azur at netcom.com  Tue Nov  5 23:17:52 1996
From: azur at netcom.com (Steve Schear)
Date: Tue, 5 Nov 1996 23:17:52 -0800 (PST)
Subject: BUR_ke
Message-ID: <v02140b03aea5aa6bc464@[10.0.2.15]>


December's Internet World contains a good article by futurist James Burke
('Connections', and 'The Day the Universe Changed') on the societal impact
of the Net.  He discusses the international legal challenge of the Net,
privacy/anonymity, its effect on copyright and publishing, and worldwide
intellectual growth.


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data           | Internet: azur at netcom.com
Grinder                   |
Sacred Cow Meat Co.       |
---------------------------------------------------------------------

                          Hacker Opportunities
                        (Let's Make Lots Of Money)

I've got the brains, you've got the tricks
Let's make lots of money
You've got the code, I've got the hooks
Let's make lots of ...

I've had enough of scheming and messing `round with jerks
My crypto code's compiled, I'm afraid it doesn't work
I'm looking for a partner, someone who gets things fixed
Ask yourself this question: do you want to be rich?

I've got the hacks, you've got the keys
Let's make lots of money
You've got the code, I've got the hooks
Let's make lots of money

You can tell I'm educated, I studied at CalTech
Doctored in mathematics, I could've been set
I can program a computer, choose the perfect time
If you've got the inclination, I have got the crime

Ooooh, there's a lot of opportunities
If you know when to take them, you know
There's a lot of opportunities
If there aren't, you can make them (Make or break them)

I've got the brains, you've got the tricks
Let's make lots of money
Let's make lots of ...

You can see I'm single-minded, I know what I could be
How do you feel about it? Come, take a walk with me
I'm looking for a partner regardless of expense
Think about it seriously, you know it makes sense

Let's (Got the brains)
Make (Got the tricks)
Let's make lots of money (Money)
Let's (You've got the code)
Make (I've got the hacks)
Let's make lots of money (Money)
I've got the brains (Got the hooks)
You've got the code (Got the keys)
Let's make lots of money (Money)
Money! 







From vznuri at netcom.com  Tue Nov  5 23:18:01 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Tue, 5 Nov 1996 23:18:01 -0800 (PST)
Subject: list noise: a novel suggestion
Message-ID: <199611060322.TAA14388@netcom7.netcom.com>


I read rants about the list noise on this list so much
that it seems quite comical. it seems that everything
else has been tried, I thought I would suggest something
radically different.

I propose that no one talk about the noise on the list,
on the list. pretend it doesn't exist. consider it
like the weather: something that complaining about can do
nothing about.

the long history of this list proves that virtually,
absolutely nothing can be done to improve the signal-to-noise ratio on
the list. therefore, talking about it is a waste of time
and only makes people excited and irritable.

the only solution to the noise on the list is to unsubscribe.
if you don't like the list as it stands, don't subscribe.
the list is as it is, and historical precedent proves that
it has its own personality and flow that can't be rerouted
despite everyone's best intentions.

the best solution to list noise is to post on subjects you
want to read about. write things that you would like to read
had you not written them. simply complaining about the list contents
is like showing up at a potluck with empty hands and griping
that there's nothing good to eat.







From jsi at idiom.com  Tue Nov  5 23:18:19 1996
From: jsi at idiom.com (Michael Craft)
Date: Tue, 5 Nov 1996 23:18:19 -0800 (PST)
Subject: HAPPY GUY FAWKES DAY!
In-Reply-To: <Pine.SUN.3.91.961105123056.18719A-100000@crl.crl.com>
Message-ID: <199611060718.XAA11364@idiom.com>


> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
> and his compatriots had intended to blow up Parliment.
> 
> The English celebrate it because Guy Fawkes failed.
> 
> I celebrate it because he tried.  :-)

A terrorist!!!   Call the police!!





From vznuri at netcom.com  Tue Nov  5 23:18:34 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Tue, 5 Nov 1996 23:18:34 -0800 (PST)
Subject: "high noon on the electronic frontier"
Message-ID: <199611060312.TAA06372@netcom7.netcom.com>



a neat new book that's a collection of some of the more
interesting essays on cyberspace called "high noon
on the electronic frontier" is now in bookstores, and
I highly recommend it. the editor Peter Ludlow has
a good eye and aesthetic sense for exactly the more
influential essays that have been written and
are circulating. the list of authors/contributors
is a real Who's Who in cyberspace:

Barlow, Stallman, Kapor, Godwin, Denning, Zimmermann, Chaum, Rheingold, 
Sterling, etc.

good articles by Dibbell, Levy, DeWitt, etc.

but unfortunately Markoff is conspicuously absent. maybe he
wanted too much money for his writing <g>

TCMay is well represented with several essays in a section on
"encryption, privacy, and crypto-anarchism". 3 essays,
Crypto Anarchist Manifesto, Intro to Blacknet, and
BlackNet worries.

I was curious about TCMay's essay on Blacknet, though, that
mentions a mysterious "X" who he credits as raising many
of the issues surrounding Blacknet on the cpunk mailing list
in Feb 1994. Ludlow states in a footnote TCMay "elided
references to interlocutors". I wonder about the identity
of the mysterious "X" and whether he/she is still posting
to the list. does anyone know who he/she is? 

I was thinking it would be interesting to see whether 
he/she still feels the same about Blacknet and/or get a new 
conversation going about the subject with the insight that 
time can bring.

I wonder why TCMay found it important to elide "X"'s identity-- 
perhaps "X" was one of his tentacles? (hee, hee) 

anyway I highly recommend this volume!! after reading this
the public will get a far better idea about what cyberspace
is about and what it means. a great coverage of all the
key issues.





From Adamsc at io-online.com  Tue Nov  5 23:42:51 1996
From: Adamsc at io-online.com (Adamsc)
Date: Tue, 5 Nov 1996 23:42:51 -0800 (PST)
Subject: just what we #$%^&* needed from big brother....
Message-ID: <19961106055019062.AAA228@localhost>


On Wed, 6 Nov 1996 05:41:52 +0000 (GMT), attila wrote:

>> >Welcome to 1984+  what else with useless and illegally constituted
>> >bureaucrats add to their total infringement of every facet of our life. 

>> >.NEW SYSTEM LINKS LENDERS, IRS

>> >.information for the previous couple of years.  If the cross-check turns up a
>> >.more than $10,000 discrepancy between the earnings claimed on the application
>> >.and those declared for tax purposes, the IRS has the option of pursuing the
>> 
>> This isn't actually the end of the world.  In fact we should be applauding
>> their efforts to make their abominable system more efficient.  Whether it
>> should be scraped is another issue.   In other words, as long as they are
>> going to do it, they might as well do it right.  
>> 
>	my point is more towards: "...here goes another direct batch of
>    information directly into the federal computers --home location and
>    the link between real and 'imagined' income which immediately opens
>    the door for the IRS CID to start a tax-fraud investigation which
>    quickly leads to liens on your property, etc. while they audit the
>    living life out of you.  just one more piece, a major one at that, in
>    the national databank ready to persecute you....

Yes.  I was just trying to point out that as long as they are going to do
something, it's refreshing to see that they do it right.  Whether they should
be doing it at all is an entirely different matter and I have little doubt
that most of the list subscribers believe, as I do, that there should be some
major reforms.

Still, government incompetency is rather frustrating and helps inspire
cynicism.s

#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From stewarts at ix.netcom.com  Wed Nov  6 00:35:27 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Wed, 6 Nov 1996 00:35:27 -0800 (PST)
Subject: Any Info for Sen. Pressler....
Message-ID: <1.5.4.32.19961106083317.003a2258@popd.ix.netcom.com>


At 12:57 PM 11/4/96 -0700, "Troy M. Barnhart" <barney at rapidnet.com> wrote:
>If anyone has any specific bits of info on cryptography, etc...
>please feel free to send it to me...
>I live in South Dakota...
>Due to circumstances I occasionally see and speak 
>w/ Senator Larry Pressler - (Committee Leader)...

At this point, I think he's now Ex-Senator Pressler,
if I saw the election returns I think I saw.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
# Nov. 5 is Guy Fawkes Day - Vote Early and Often, and create Fireworks!






From stewarts at ix.netcom.com  Wed Nov  6 00:38:34 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Wed, 6 Nov 1996 00:38:34 -0800 (PST)
Subject: Censorship in Western Australia
Message-ID: <1.5.4.32.19961106083312.003babac@popd.ix.netcom.com>


Headline:
>> AUSTRALIA - CENSORS STRIKE AT INTERNET, LANS - Western Australia's
   State Government says it will seek to censor all computer
   transmissions of offensive material after its censorship act came
   into force last Friday. [Newsbytes, 67 words]

Probably not as competent as Singapore at enforcement,
but what do people know about it?

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
# Nov. 5 is Guy Fawkes Day - Vote Early and Often, and create Fireworks!






From jmr at shopmiami.com  Wed Nov  6 01:40:03 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Wed, 6 Nov 1996 01:40:03 -0800 (PST)
Subject: Judge Kozinski responds to our responses
Message-ID: <199611060939.EAA118362@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com, jmr at shopmiami.com
Date: Wed Nov 06 16:38:58 1996
Dear cypherpunks:

Judge Alex Kozinski has mercifully (unless you consider _this_ noise, too) 
given me permission to post the following message. This will be my last 
posting signed by this key. I will now attempt to implement my new one, 
hopefully without denying myself access to Pronto at the same time.
JMR
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To start with, we should probably thank the people who helped.

Black Unicorn, Mike McNally, Declan McCullagh, Loren Rittle, Lynne L.
Harrison, Tim May, Lucky Green, Greg Broiles, A. Michael Froomkin, and E.
Allen Smith all had good thoughts to share, and I am probably leaving
someone out. Oh well. Anyway,

Judge Kozinski wrote:

> Jim:  Thanx for forwarding the various messages which I have
> found eye-opening in many respects.  It's take me a while to
> review and digest it all and I find there are certainly many
> aspects of the anonymity problem that I either was not
> aware of or had not fully appreciated.  Although I cannot
> quite say I'm entirely persuaded on this issue, I think we
> may be a lot closer.  Rather than responding to individual
> messages (several of which made related points) I will give
> you my reaction to what I thought were the most important
> points.
>
> 1.  I agree entirely that you should be able to post
> anonymously to a list-serv or discussion group.  Anonymity
> there may encourage people to express unpopular views, and
> there is no offsetting fear that this will be viewed as an
> invasion of privacy by anyone.  We have a long tradition of
> anonymous or pseudonymous political tracts (e.g. Federalist
> Papers) and there is no reason not to continue this in the
> electronic medium.  Indeed, as suggested by one of the
> messages you forwarded, there may be greater reason because
> messages posted to discussion groups do get retained and
> indexed for posterity.
>
> 2.  I also agree that it should be possible to have mutually
> agreed-upon anonymity--i.e. I write to you and you write to
> me and we both know who we are, but nobody else does.  No
> problema--it's nobody else's business.
>
> 3.  I still have some difficulty with direct mailing of
> anonymous messages to individual mailboxes.

Actually, having run a remailer and seen some abuse for a while, I do too.
Respected cypherpunks are working hard on this right now. I think what we
would all like to eventually see is a "default off" situation, with no mail
(or at least the warning message I mentioned before as a first message to
new recipients) rather than default-on. Unfortunately, e-mail is a
default-on situation and so (for now) are anonymous remailer messages for
first-time recipients, at this early stage in their evolution. I am
confident that this situation will change in the future, as more
sophisticated software is written.

> The arguments
> in favor if doing so are good but not airtight.  Here are my
> responses to the ones I thought were most compelling:
>
> a.  You have anonymous snail-mail and telephone calls--why
> not e-mail?  The truth is, anonymous snail-mail and
> telephone calls are also an invasion of privacy, but there
> is not much we can do about them.  Someone asked whether I
> objected to getting anonymous snail mail if it was not
> threatening.  The answer is YES, just like getting an
> anonymous phone call is objectionable.  When the person who
> communicates with you insists on retaining anonymity, there
> is always an implicit threat--they know who you are, but you
> don't--you feel vulnerable, you doubt their motives, you
> have difficulty knowing whether to trust their
> representations.  Anonymous complaints against co-workers
> and supervisors was a standard way to get people into big
> trouble in Communist Romania when I was growing up.

The thing is, I find many anonymous messages that I see on the list not too
valuable initially, and the anonymous or pseudonymous poster, in order to
build some "reputation-capital," has to stay around a while and post
interesting stuff, like Black Unicorn or Lucky Green. This is, IMO, as it
should be. There is an incredibly funny humorist lurking on the list, who
posts the "cypherpunk enquirer" anonymously, and I can send you a few of
those if you like. [The judge hasn't asked me to, yet. He doesn't know what
he's missing. :) ]

We certainly don't want the situation you were all-too familiar with growing
up, but as a remailer-operator I find that I must take the bitter with the
sweet, and I am fully ready to admit that about 1/3 of the messages that go
through WinSock are abusive, judging by the stuff I see in the reject bin.
That's one of the reasons Joey (the other operator, and the author of the
WinSock Remailer software) and I went to PGP-encrypted messages only, we
felt that abusers were less likely to learn and use PGP.

> Now, the fact that we can't stop anonymous snail-mail and
> telephone calls doesn't mean we shouldn't stop anonymous
> e-mail if we think it's a bad thing.  The fact that an evil
> cannot be remedied in its entirety does not mean that we
> should not remedy the part that we can.  Perhaps the answer
> is that the post office should not accept mail unless there
> is a clear indication of who the sender is on the upper left
> hand corner of the envelope.  In any event, I find the
> argument based on analogies to snail-mail and telephone not
> entirely persuasive.

I feel that the fact that an evil is this hard to remedy through traditional
legal means suggests that a very hard look at technological means is in
order. I hope that we can both agree that in many cases, technology can
adapt to situations and problems faster and cheaper than law can.

> b.  You can't really ever prevent anonymity because people
> can get e-mail accounts anonymously--paying for them in cash.
> Arguments based on futility are always suspect.  Sure, some
> people will circumvent any laws or regulations, but that's
> not a reason not to have laws.  For one thing, most people
> don't get anonymous accounts and don't know how to do so.

True.

> Even if you do get an anonymous account, you can be shut
> down if you break the rules and then you'll have to go
> somewhere else.

This point, I believe, is actually in "my" side's favor. There are time
costs to this kind of setup stuff that even the abusers may dislike, and
abusers' names and methods tend to get put on lists that ISPs look at. I am
sure that privacy providing ISPs look at these lists.

> And maybe all this suggests is that we
> ought to require e-mail providers to obtain id from their
> patrons and require payment by check or credit card.  I am
> not suggesting these measures, mind you, but insofar as
> futility is used as an argument against regulation, it can
> equally well serve as an argument for MORE regulation.

I agree that it's not our most powerful argument, but it is a consideration,
because with futility comes high cost and disrespect for the law. Witness
the failed drugwar and the lack of respect for the law it has engendered,
even among government agencies. Often, this disrespect for the law comes
with no legal or political cost to perpetrators (unless you count my ranting
as a political cost).

> c.  People can use filters.  Well, yes, maybe.  But most
> people don't know how to use filters.  I consider myself
> above-average in my e-mail sophistication, and I don't know
> how to use filters. I could probably figure it out, but
> most people who use aol or prodigy probably have no ability
> to install a filter even if they knew how they worked.  In
> any event, I find it a little troublesome to put the burden
> on the recipients to adopt a hi-tech solution. And who says
> there aren't ways around most common filters--or such
> ways won't be developed--which would put recipients in a
> technology race with anonymous mailers?

True, and the abusers already _are_ in a technology race with the
remailer-operators, as I see just about every day on the remailer-operators
list. I have serious doubts that yet-another law would either change or
improve the situation.

               *        *         *

> Anyway, thanx for a stimulating series of messages.  I do
> think we've made some progress.  And we'll keep the channels
> of communication open.

The pleasure has been all mine, Judge Kozinski.
JMR


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoEFd21lp8bpvW01AQHR1AQAib06JhpWx06H6Pr25uuMUj6fQVXZIYfc
KeUdP/QSSWQHfIwxs2SX1a++SCbnx6Ev//ninb7Q8F5kj56mk0yq0SE/ID91WgwJ
iFEr+2V1oTf+JZISh68F/a/fPBrP8GL8rjUce+WYhiY704rlsNyr5L9UhtylkzNg
GM5Ml/A7qjc=
=tVan
-----END PGP SIGNATURE-----






From haystack at cow.net  Wed Nov  6 01:40:28 1996
From: haystack at cow.net (Bovine Remailer)
Date: Wed, 6 Nov 1996 01:40:28 -0800 (PST)
Subject: No Subject
Message-ID: <9611060928.AA11496@cow.net>


The arrival of warm weather is heralded by the 
pig shit (or whatever kind of shit Intel swines 
have for brains) getting soft in Timothy 
C[rook] May's mini-cranium and the resulting 
green slime seeping through key cocaine- and 
syphilis- damaged nose and onto his keyboard.






From SButler at chemson.com  Wed Nov  6 02:44:52 1996
From: SButler at chemson.com (Butler, Scott)
Date: Wed, 6 Nov 1996 02:44:52 -0800 (PST)
Subject: FW: Now we have it all
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961106104748Z-3821@csa-ntx.chemson.com>



>
Abaddon wrote:

>>susbscribe

Surely we have seen it all now.
I find it hard to believe that a word like
suscribe....subsribe....subcribes..
SUBSCRIBE..is so difficult to spell correctly.

:-)
ScOtT






From frissell at panix.com  Wed Nov  6 03:59:42 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 6 Nov 1996 03:59:42 -0800 (PST)
Subject: [rant] Re: Censorship on cypherpunks
Message-ID: <3.0b36.32.19961106070051.00f0fd14@panix.com>


At 02:44 PM 11/5/96 -0800, Sean Roach wrote:
>May I remind you that if you want to leave this country, all you have to do
>is board a plane.  Many people have suggested similar things about various
>groups for about two centuries.  The major difference between this list and
>this government is that it is easier to start a new list.

However since governments attempt to maintain a geographical monopoly and
there are a very limited number of them, it is not possible to find another
country you can enter as a matter of right so you may not be able to
escape.  In contrast there are millions of private organizations of various
sorts (corporations, etc) and it is trivial to find one to join if you like.

DCF





From kb4vwa at juno.com  Wed Nov  6 04:28:54 1996
From: kb4vwa at juno.com (Edward R. Figueroa)
Date: Wed, 6 Nov 1996 04:28:54 -0800 (PST)
Subject: Parents effectively lose their right
Message-ID: <19961106.073225.9807.2.kb4vwa@juno.com>


Family Research Council Washington Watch News - October 25, 1996 - Vol.
8:1

"Parents effectively lose their right to direct the upbringing of their
children when they drop them off at school, according to one federal
court judge.  Earlier this year, Judge Melinda Harmon, appointed by
President Bush, ruled that Katy Independent School District in TX did
not violate parents' rights by allowing Child Protective Services to interrogate a student without notifying his parents, nor by instructing him
to lie to his parents about the incident."





From sintong at medan.wasantara.net.id  Wed Nov  6 04:29:25 1996
From: sintong at medan.wasantara.net.id (Pos Indonesia)
Date: Wed, 6 Nov 1996 04:29:25 -0800 (PST)
Subject: UNSUBCRIBE CENSORSHIP
Message-ID: <37B84B5DF6@medan.wasantara.net.id>


UNSUBCRIBE CENSORSHIP







From jya at pipeline.com  Wed Nov  6 04:40:46 1996
From: jya at pipeline.com (John Young)
Date: Wed, 6 Nov 1996 04:40:46 -0800 (PST)
Subject: SEC_ure
Message-ID: <1.5.4.32.19961106123912.006814cc@pop.pipeline.com>


 11-04-96.

 "Web security threat grows"

 With a variety of new technologies like stronger encryption,
 smart cards and digital signatures and envelopes emerging to
 tighten Web security, experts working on various aspects of the
 problem agree the goal of end-to-end security on the Web will
 remain elusive as long as insecure operating systems dominate
 the commercial market. "You can't build security on top of
 insecurity," said Netscape's Jim Roskind, who spent much of a
 session on Webware fending off criticism of Java security flaws.
 "We have to assume that the [security] problems will be 
 pervasive forever," warned Peter Neumann. "This is a holistic 
 problem, and we have to deal with it in a global way."


 "Protection sought for U.S. systems"

 The initiative will be led by the Pentagon's Computer Emergency
 Response Team at Carnegie Mellon University and the Energy
 Department's Computer Incident Advisory Capability.


 "Motorola unveils chip for contactless smart card"

 One chip designing a contactless card that meets all
 frequencies of a proposed standard while the other adds
 cryptography to a single-chip solution.
 The other card incorporates a 1,024-bit modular encryption
 processor that is reportedly one of the fastest in the industry.


 "U.S.Joint Venture to Market Acoustic Smart Card Technology"

 NeTegrity also announced it has invested $1 million in Encotone,
 Ltd., for a 10% equity interest in the Israeli company. Other
 Encotone, Ltd. investors include ECI Telecom, a $500 million
 Israeli telecommunications firm, and Professor Michal Ben Or,
 Head of the Department of Computer Science at Hebrew
 University of Jerusalem and a worldwide authority on cryptology.


 "Microchip Technology launches highly secure smart card family 
 with KEELOQ code hopping technology"

 The SCS152 provides a programmable 64-bit cryptographic key
 used to create a digital signature unique to each card, which
 reduces the possibility of unwanted access to card information
 and the "cloning" of these cards for unauthorized payments.
 Other features include programmable user memory and
 "anti-tearing," which prevents the information in the card from
 being corrupted if the supply voltage is interrupted.


 "EEMA Lobbies Over Limiting US Encryption Controls"

 EEMA recognizes that the principal reasons for this is the
 disparate European legislation that surrounds the use of
 encryption, and the fact that inter-working with dominant
 US-based computer software -- operating system and application
 software -- is subject to US legislation and restrictions.


 "Putting EDI to the test"

 Security continues to be the main sticking point for using the Net
 as a vehicle for EDI. Vendors that will demonstrate secure 
 E-mail messages transporting EDI documents over the Web.
 The technology used is S/MIME, an encrypted version of the
 popular MIME protocol.


 "V-One Secures New Clients"

 NSA runs the nation's code-breaking operations, and DISA is
 supposed to keep the nation's networks secure, so there is not
 much chance of finding out what they do with the software they
 have bought from V-One.

 -----

 http://jya.com/secure.txt  (28 kb)

 SEC_ure







From declan at eff.org  Wed Nov  6 04:49:16 1996
From: declan at eff.org (Declan McCullagh)
Date: Wed, 6 Nov 1996 04:49:16 -0800 (PST)
Subject: Censorship in Western Australia
Message-ID: <Pine.SUN.3.91.961106044839.16537A-100000@eff.org>






---------- Forwarded message ----------
Date: Tue, 05 Nov 1996 21:59:33 +1100
From: Irene Graham <rene at pobox.com>
To: fight-censorship at vorlon.mit.edu
Subject: Re: Australia drafts Net rating system

On Mon, 4 Nov 1996 18:53:24 -0800 (PST), Declan McCullagh <declan at eff.org>
wrote:
>---------- Forwarded message ----------
[...]
>http://www.smh.com.au/computers/news/961105-news03.html
[...]
>Under the code, which is being developed by the
>Internet Industry Association of Australia (INTIAA),
>content will be classified under the existing code used
>by the Office of Film and Television Classification.
>"R" or "X" rated material would have to be clearly
>identified and provided only to registered subscribers.
[...]

The subject line of this thread is misleading, which is understandable
given the content of the newspaper report. "Australia" is not drafting a
Net rating system (yet anyway). I doubt INTIAA actually is either.

INTIAA purports to be (i.e. wants to be) the "peak Internet industry body"
in Australia. However their code *does not* have the support of much of the
"industry". The present stage of the fight in Australia is, not against
government censorship, but against "privatised" censorship.

There is presently no Net content rating system based on the OFLC
classifications, nor with any luck is there likely to be. The Australian
Broadcasting Authority (ABA) in its July report on Net regulation was of
the view that that system is unworkable for on-line content (which is
correct) and proposed the development of a purpose-built classification
system. Unfortunately it appears the director(s) of INTIAA have not read
that report. 

The following extract from Electronic Frontiers Australia's response (of 22
Oct 96) to the ABA report tells the rest of the story about INTIAA and its
code:

	"It appears that the ABA has been influenced by a particularly
complicated proposed industry code of practice drafted by Patrick Fair of a
Sydney corporation "The Internet Industry Association of Australia".  That
proposed code of conduct, released on the 10th September 1996, proposes a
top-heavy industry body, drawing extensive levies from the Internet access
providers in order to sustain a professional council as well-funded and
well-staffed as a national professional body.  INTIAA was established with
board members representing hardware and software vendors, a national law
firm and several large Internet access providers.  Other members of the
company include media and the Taxation Institute of Australia.  It is fair
comment that INTIAA represents a sector of the market with deep pockets and
contacts in government, as indeed the Minister for the Communications and
the Arts launched INTIAA on the 15th December 1995. The proposed code of
practice makes use of the ABA's favoured PICS web page rating standard
compulsory , creates an Administration Council with a government appointee
as Chair and no direct voting by member service providers on changes to
that Code.

	For those worried about censorship of the Net through the back door, the
proposed Code places on service providers the obligation to block
"X-rated" material as if it were child pornography. A further problem for 
service providers is the requirement that they report "illegal" sites to
the authorities , report "RC" violations to other site administrators and
delete users to enforce compliance with censorship.

	INTIAA's code of practice does not represent a consensus within the
industry.  There are State Internet Associations (WA Internet
Association, South Australian Internet Association,  ACT Internet
Association) which do not subscribe to such a bureaucratic system and
which instead are developing codes of practice which more fully fulfil
industry aspirations and conform more fully to industry experience 
[...and...] make it quite clear that an Internet access provider cannot be
held responsible for content not originating on his or her system under any
circumstances. 
	[...]
	The gloss and complexity of the INTIAA code by comparison has obviously
promoted to the ABA the notion that the industry can self-fund a policing
function as the government may direct."

The INTIAA code is a threat to free speech on the Net (at least in Oz)
equivalent to, and possibly worse than, government censorship.

Regards
Irene

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Irene Graham, Brisbane, Queensland, Australia.  PGP key on h/page.
The Net Censorship Dilemma: <http://www.pobox.com/~rene/liberty/>
"A year from now you may wish you had started today."  Karen Lamb.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From dlv at bwalk.dm.com  Wed Nov  6 04:59:14 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 04:59:14 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <847122169.8851.0@fatmans.demon.co.uk>
Message-ID: <9m2ywD22w165w@bwalk.dm.com>


paul at fatmans.demon.co.uk writes:
>
> You also seem to be implying that people need protecting from
> Dimitri, much the same authoritarian argument we hear from govt.
> about people needing to be protected from porn/drugs/free spech etc.

A very good observation. The 'net needs John Gilmore and Chris Lewis
to protect the newbies from the unsuitable writings of Dr. Dimitri Vulis,
from commercial ads, and from strong crypto in civilian hands. :-)

What do you think about the following conjecture: "cypherpunks" was a
troll, set up to waste the time of the crypto-clueful people who might
otherwise develop good free crypto software.

> > Nor do they have any way of know what an
> > abberation his sort of behavior is on this list.  "So this is
> > what Cypherpunks are like," would be a sad, but understandable
> > misinterpretation of what we're all about.  What John did was
> > appropriate.

It's appropriate for the list owner to do almost anything he likes with his
mailing list: shut it down, unsubscribe people from it, filter out certain
people s/he doesn't like, to cause unsubscription instructions to be appended
to every broadcast article (some lists do that), to cause special disclaimers
to be appended to certain perople's submissions, etc. However subscribing
people to a mailing list without their asking for it has been viewed as
net-abuse for many years, a variant of sending out unsolicited e-mail.

A list owner _often has to unsubscribe addresses that have ceased to exist,
whose former owners hadn't bothered to unsubscribe, and whose e-mail bounces
back to the owner. I think John's actions should be viewed not in the
framework of his propoerty rights (no one argues with those, I hope), but
in terms of his credibility - of which he has none left.

> I understand the point here but I suggest a note at the top of the
> "welcome to cypherpunks" note every new subscriber gets explaining
> who Dimitri is and how to set up their mailer software to block his
> posts.

An excellet suggestion! John certainly has the right to do this on the
mailing list he owns. I also believe that a woman owns her body and
that prostitution should be decriminalized. A whore should have the right
to stand on a streetcorner with a big sign saying "Let me suck your cock
for $10". I have the right to respect her more than John.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From cmcurtin at research.megasoft.com  Wed Nov  6 05:23:34 1996
From: cmcurtin at research.megasoft.com (C Matthew Curtin)
Date: Wed, 6 Nov 1996 05:23:34 -0800 (PST)
Subject: Information
In-Reply-To: <19961105.131710.5207.1.kb4vwa@juno.com>
Message-ID: <199611061316.IAA03157@goffette.research.megasoft.com>


>>>>> "Ed" == Edward R Figueroa <kb4vwa at juno.com> writes:

Ed> I'm a new Cyberpunk!  I apologized if this is not the place to
Ed> post this message request.

It isn't.

This is cypherpunks, not cyberpunks.

Ed> I would like to know where to place my Public Key?  Note, I only
Ed> have E-mail access at this time, and not the Net access, but could
Ed> have a friend place the key for me.

http://www-swiss.ai.mit.edu/~bal/pks-toplev.html

Since you're email only, I'll humor you, and put the entire text of
the instructions to the email interface to the PGP keyserver at the
bottom of my message.

Ed> Last, I would like to know once and for all, is PGP compromised,
Ed> is there a back door, and have we been fooled by NSA to believe
Ed> it's secure?

No.

------------------------- begin instructions -------------------------
Using the E-mail interface to the keyserver

Using the E-mail interface to the keyserver
------------------------------------------------------------------------------

[ Norwegian: For aa faa dette dokumentet paa norsk, send "HELP NO" til
             pgp-public-keys at keys.no.pgp.net
  German:    Fuer eine deutschsprachige Fassung dieses Textes senden Sie
             eine Mail mit dem Subject "HELP DE" an die folgende Adresse
             pgp-public-keys at keys.de.pgp.net
]

PGP Public Email Keyservers
---------------------------

There are PGP public email key servers which allow one to exchange public
keys running using the Internet and UUCP mail systems.
Those capable of accessing the WWW might prefer to use the WWW interface
available via http://www.pgp.net/pgp/www-key.html and managers of sites
which may want to make frequent lookups may care to copy the full keyring
from the FTP server at ftp.pgp.net:pub/pgp/

This service exists only to help transfer keys between PGP users.
It does NOT attempt to guarantee that a key is a valid key;
use the signatures on a key for that kind of security.

Each keyserver processes requests in the form of mail messages.
The commands for the server are entered on the Subject: line.
---------------------------------------------- ======== -----
Note that they should NOT be included in the body of the message.
--------------------- === ---------------------------------------

        To: pgp-public-keys at keys.pgp.net
        From: johndoe at some.site.edu
        Subject: help

Sending your key to ONE server is enough.  After it processes your
key, it will forward your add request to other servers automagically.

For example, to add your key to the keyserver, or to update your key if it
is already there, send a message similar to the following to any server:

        To: pgp-public-keys at keys.pgp.net
        From: johndoe at some.site.edu
        Subject: add

        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: 2.6

        
        -----END PGP PUBLIC KEY BLOCK-----

COMPROMISED KEYS:  Create a Key Revocation Certificate (read the PGP
docs on how to do that) and mail your key to the server once again,
with the ADD command.

Valid commands are:

Command                Message body contains
---------------------- -------------------------------------------------
ADD                    Your PGP public key (key to add is body of msg)
INDEX                  List all PGP keys the server knows about (-kv)
VERBOSE INDEX          List all PGP keys, verbose format (-kvv)
GET                    Get the whole public key ring (split)
GET userid             Get just that one key
MGET regexp            Get all keys which match /regexp/
                       regexp must be at least two characters long
LAST days              Get the keys updated in the last `days' days
------------------------------------------------------------------------

Examples for the MGET command:

        MGET michael            Gets all keys which have "michael" in them
        MGET iastate            All keys which contain "iastate"
        MGET E8F605A5|5F3E38F5  Those two keyid's

One word about regexps:  These are not the same as the wildcards Unix
shells and MSDOS uses.  A * isn't ``match anything'' it means ``match
zero or more of the previous character'' like:

	a.*  matches anything beginning with an a
	ab*c matches ac, abc, abbc, etc.

Just try not to use ``MGET .*'' -- use ``GET'' instead.

Note on the ``GET'' command: If at all possible, ftp the keyring from a
server such as ftp.pgp.net:pub/pgp/keys rather than using the ``GET''
command to return the whole ring.  Currently, this ring comes out to be
over 50 files of 52k each.  This is a lot of files, and a lot of bother
to get in the right order to run through PGP.


Users should normally use the email address `pgp-public-keys at keys.pgp.net'
or your national servers using one of:
	pgp-public-keys at keys.de.pgp.net
	pgp-public-keys at keys.nl.pgp.net
	pgp-public-keys at keys.no.pgp.net
	pgp-public-keys at keys.uk.pgp.net
	pgp-public-keys at keys.us.pgp.net
for the email interface, and `ftp.pgp.net:pub/pgp/' for FTP access.


Users are recommended to use the "*.pgp.net" addresses above as these
are stable and reliable.

-------------------------------- end ---------------------------------

-- 
Matt Curtin  cmcurtin at research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet





From wb8foz at wauug.erols.com  Wed Nov  6 05:43:21 1996
From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states)
Date: Wed, 6 Nov 1996 05:43:21 -0800 (PST)
Subject: Exon's Seat Lost
In-Reply-To: <3.0b36.32.19961105212020.0073e520@panix.com>
Message-ID: <199611061343.IAA13821@wauug.erols.com>


Duncan Frissell sez:
> 
> Exon's seat goes to Republicans (according to ABC).  CDA probably not involved.

Did I not hear Pressler lost?


-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From roy at sendai.scytale.com  Wed Nov  6 05:45:28 1996
From: roy at sendai.scytale.com (Roy M. Silvernail)
Date: Wed, 6 Nov 1996 05:45:28 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <9611052049.AA09638@etna.ai.mit.edu>
Message-ID: <961106.070903.3l3.rnr.w165w@sendai.scytale.com>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, hallam at ai.mit.edu writes:

> Laws create rights      - argument in "is"

This is way too broad.  The only "rights" laws can _create_ are the
zero-sum rights of entitlement that impose a corresponding
responsibility on others.  Natural rights can't be created by fiat.
- -- 
           Roy M. Silvernail     [ ]      roy at scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey at scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoCPLBvikii9febJAQEnBwQAorQEvRmmByqhVaT36RH3o7J/eB3GBPl2
//F1eydnxifDtKNJZ318se2E53fei0dVUHCTnHziP5ZLzZeKHsQxmBY6e8iwG+Pv
dvZ2GjZw1SKiyMML1HQtAo1pgATcSPocBXwNpwRsxm2bYSOe3IpFqHLT+TlZLxBJ
2d3dP2IB2qw=
=sP9G
-----END PGP SIGNATURE-----






From dthorn at gte.net  Wed Nov  6 06:52:09 1996
From: dthorn at gte.net (Dale Thorn)
Date: Wed, 6 Nov 1996 06:52:09 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611042347.RAA08151@smoke.suba.com>
Message-ID: <3280A5D9.35E8@gte.net>


snow wrote:
> > > It's only authoritarianism if the government is involved.
> > > Clearly, the government isn't involved in this matter.

[snippo]

> The closest anology I can find in real life would be a bar, were people
> any person (well, any person old enough, but we'll ignore that) is allowed
> to wander in, order a drink, watch TV, shout at the screen ocassionally
> eat the pretzels and etc. Off in the corner you have a drunk dancing off
> time to the noise on the jukebox, but most of the patrons can ignore him.
> Vulis is sitting square in the middle of the bar, sloshed to the gills
> throwing pretzels and peanuts at both fans of the opposing team, and
> fans of his team. Screaming at the top of his lungs about the quarterback
> for a totally different team fumbling the ball in the 1970 world series.

[snip, snip]

A vastly more accurate analogy is that the "Doctor" is not in fact inside of the bar,
as none of the cypherpunks are inside of anyone's home but their own.  Vulis is some-
where else, sending his brand of beer to the bar in competition with a number of
other "vendors".  Customers and vendors alike complain that Vulis' bottles have
offensive portraits on them, possibly famous sports figures in an unflattering light.

So the bar owner bans Vulis' beer, but he sends it in anyway through a third party,
and several patrons discover that they can easily remove the outer label from the
bottle and see the original portraits.

There are similarities to Prohibition here.

Now the bar owner, being the owner, can throw out anyone he wants to anytime, and he
gets away with this with little or no trouble lawsuit-wise, since the courts are much
more lenient with owners of bars and rock-n-roll venues that with, say, Denny's
Restaurants.

As I've said before, all forums on the net can be arranged at some point in the future
to be "privately" owned, and the question is, can there be a free speech forum where
you won't be arbitrarily banned?






From dthorn at gte.net  Wed Nov  6 06:58:24 1996
From: dthorn at gte.net (Dale Thorn)
Date: Wed, 6 Nov 1996 06:58:24 -0800 (PST)
Subject: [NOISE] Re: Dr. Vulis
In-Reply-To: <199611050909.KAA00731@digicash.com>
Message-ID: <3280A752.2916@gte.net>


Bryce wrote:
>  <hallam at ai.mit.edu>" typed:
> > Of course John was right to give Vilus the boot. Cypherpunks is a club
> > and like many private clubs occasionaly finds it necessary to give some
> > oik the boot.

> Yeah!  That was GREAT!  Now let's ban Dr. Hallam-Baker!  He's
> always pissing off the libertarianpunks and causing flamewars...

[snip]

> I have read (parts of) _On_Liberty_, and as I recall it was
> adamant in an ("unbalanced") defense of absolute rights of
> individuals.  The only exception I remember is an unexplored
> comment on rights-violations of ommission counting as well as
> rights-violations of commission.  (E.g. if you see a drowning
> man and you fail to save him you are violating his rights.)
> Perhaps that is what you see as "balance between the rights of
> communities and the rights of individuals"?  Or perhaps the
> book goes into detail on that subject in a part that I didn't
> read.  Again I ask not because I have a particular ideological
> axe to grind here, but because I seek accuracy in public dialogue.

Since we all start out as children, learning by imitation, and reasoning by comparison,
a valid argument can be made that our minds work best that way.  Certainly the wide
variety of opinion here shows that theory doesn't produce nearly the consensus that
real experience does.

Therefore I suggest that we look more at analogies, but try hard to make the analogies
more accurate.






From nobody at cypherpunks.ca  Wed Nov  6 07:15:49 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 6 Nov 1996 07:15:49 -0800 (PST)
Subject: Vulis profileVulis profile
Message-ID: <199611061506.HAA17824@abraham.cs.berkeley.edu>


I had some free time this morning, and just for fun, thought I'd 
create a brief Net profile of our friend Dr. Vulis.  Here's what 
I found (sources included):

Dimitri Vulis
#4k Burns St, Forest Hills,NY 11375-3506
(718)261-6839
Source: http://www.yahoo.com (Four11 people search)

Birthday: December 29
Source: http://www.boutell.com/birthday.cgi/december/29

D&M Consulting Services (DM-DOM)
   67-67 Burns Street
   Forest Hills, NY 11375
   Domain Name: DM.COM
   Administrative Contact:
      Administration, PSINet Domain  (PDA4)  
psinet-domain-admin at PSI.COM
      (703) 904-4100
   Technical Contact, Zone Contact:
      Network Information and Support Center  (PSI-NISC)  
hostinfo at psi.com
      (518) 283-8860
   Record last updated on 31-Oct-96.
   Record created on 19-Jun-91.
   Domain servers in listed order:
   NS.PSI.NET                   192.33.4.10
   NS2.PSI.NET                  38.8.50.2
Source: InterNIC

Q: Who is Dimitri Vulis? 
A: Dimitri is an XSoviet immigrant who is enrolled (or used to be 
enrolled) in CUNY, and who is a computer professional involved 
i.a. in unicode matters. The realspace Dimitri is a polite person 
and a devoted family head.  It's cyberspace image is not nearly 
as nice, unfortunately. 

He harasses people all over the net with the most offensive sorts 
of messages, and uses dirty tricks to retaliate to the people who 
do get offended. Among his accomplished feats is a series of 
articles about cat-eating dogs posted to rec.pets.cats (which 
caused a wave of complaints and made him lost his CUNY account) ; 
a series of porno binaries with obscene comments about his 
opponents posted to math-related newsgroups (he lost another 
academic account, at fordham.edu, after this scandal); and a 
series of racist articles denigrating all aspects of romanian 
life and culture which used to haunt the romanian newsgroup for 
years. 

Of course most of his net.bile is spilled over his fellow 
XSoviets, particularly of Jewish origin (such as Michael 
Verbitsky, Boris Veytsman, Vlad Rutenberg or myself, as well as 
all Brighton Beach together); and a lot of stuff comes out from 
his alleged aliases in bwalk.dm.com, aol.com and fly.harvard.edu. 
Some of these aliases match the names of his opponents, as I 
already mentioned.  Sometimes not only the names but also 
addresses match (although paths don't). 

Dimitri Vulis also advertises the capabilities of his site for 
forging and cancelling articles. Sometimes he shrewdly comments 
articles of his own saying : "This article is most certainly 
forged, after all I spent a lot of time teaching you how to 
forge... but I nevertheless like this article's content". 
Source: 
http://www.math.harvard.edu/~verbit/scs/cranks/from-Shlomo.html
(much more there too)

AUTHOR PROFILE: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
510 articles posted between 1995/06/29 and 1996/11/02. 
71 % followups. 
Number of articles posted to individual newsgroups (slightly 
skewed by cross-postings): 
          132 misc.jobs.misc 
          67 news.admin.net-abuse.misc 
          67 news.groups 
          40 mail.cypherpunks 
          32 nyc.food 
          18 soc.culture.russian 
          13 news.admin.misc 
          12 nyc.general 
          10 news.admin.censorship 
          9 news.admin.policy 
          8 alt.censorship 
          7 alt.usenet.kooks 
          7 soc.culture.pakistan 
          6 alt.revenge 
          5 comp.os.ms-windows.nt.advocacy 
          5 soc.culture.soviet 
          4 alt.sex.plushies 
          4 sci.math 
          4 sci.physics 
          4 talk.politics.medicine 
          3 alt.folklore.computers 
          3 alt.security 
          3 comp.lang.ada 
          3 comp.security.misc 
          3 sci.crypt 
          2 alt.nocem.misc 
          2 alt.sci.physics.plutonium 
          2 aus.flame 
          2 comp.os.ms-windows.advocacy 
          2 comp.unix.advocacy 
          2 microsoft.public.netiquette 
          2 soc.culture.israel 
          1 alt.2600 
          1 alt.anonymous 
          1 alt.bible 
          1 alt.computer.consultants 
          1 alt.consumers.experiences 
          1 alt.fan.bill-gates 
          1 alt.fan.my-big-hairy-penis 
          1 alt.privacy 
          1 alt.shenanigans 
          1 alt.society.neutopia 
          1 aus.general 
          1 comp.ai 
          1 comp.mail.uucp 
          1 comp.os.ms-windows.nt.misc 
          1 comp.os.ms-windows.win95.setup 
          1 comp.sys.mac.advocacy 
          1 humanities.language.sanskrit 
          1 misc.entrepreneurs 
          1 misc.invest 
          1 news.newusers.questions 
          1 nj.misc 
          1 nyc.seminars 
          1 rec.humor 
          1 rec.motorcycles 
          1 sci.psychology.psychotherapy 
          1 soc.motss 
          1 tor.general 
Source: http://www.dejanews.com profile

Dimitri Vulis:
Contrib. post:
 whose obnoxious, derivative and not-very-funny Soviet emigre 
jokes from Brighton Beach were a weekly feature about a year ago 
on rec.humor . He ignored completely any requests to stop. 
Eventually he started getting flamed in demotic Russian-quite fun 
for those of us who could read it.
- Dan "And to think he felt it important enough to waste his two 
hours of daily connect time on it" Case
--
 so what _is_ the deal with vulis?  is "russian emigre" a 
codeword for "jew", or for "russian emigre", or for something 
else?  (if i recall correctly, minor and now somewhat reformed 
net.loon mikhail zeleny claimed rather convincingly that vulis's 
posts contained certain tell-tale phrases which are highly 
un-idiomatic in english ("dandruff-covered" was one of them, i 
think) which were dead giveaways of classic pathological russian 
anti-semitism.)  so is vulis russian?  an emigre?  a jew in some 
sense?  self-hating?  maybe a self-hating russian jewish emigre 
who hates only the jewish half of themself?  or maybe they hate 
the russian half too?  are they now or have they ever been, while 
residing in america, on the payroll of any branch of any soviet 
or russian government?  did they stop posting russian emigre 
jokes when the paychecks stopped coming?  are they a zhirinovsky 
supporter now?  the most recent messages posted by vulis
that i have seen seem designed mainly to convince people that 
both zhirinovsky and valery fabrikant are (russian?) jews.  (it's 
very likely true in fabrikant's case, at least.)  maybe vulis is 
a self-hating supporter of zhirinovsky and fabrikant?
--
Posts on soc.culture.soviet, and is apparently something of an 
institution there; likes to stir things up, and to flame and/or 
troll people. I'm not up on which sides are good and/or bad on 
s.c.s, which among other things seems to have been ravaged by 
Serdar Argic for a long time as well, driving away many
of the gentler posters. Is currently engaged in flamewar with 
Peter V. Vorobieff there. Posts from dlv at CUNYVMS1.GC.CUNY.EDU 
(Dimitri Vulis, CUNY GC Math).
Source: 
http://www.math.uiuc.edu/~tskirvin/home/legends/legends3.html

Dimitri Vulis's barcode font
ftp: ctan: tex-archive/fonts/barcodes/barcodes.mf
There is a mailing list, rustex-l, for discussion of typesetting
Cyrilic-based languages.  To subscribe, send mail to 
listserv at ubvm.bitnet
containing the text
 SUBSCRIBE RUSTEX-L <your name here>
or mail Dimitri Vulis, DLV%CUNYVMS1.BITNET at cunyvm.cuny.edu [or 
dlv at dm.com?]
Source: http://wsspinfo.cern.ch/faq/fonts-faq/metafont-list

Bar code fonts  ymir.claremont.edu      by Dimitri Vulis 
[anonymous.tex.mf]
BibTeX eedsp.gatech.edu for MS-DOS  v99 by J. Demel and Dimitri 
Vulis
Source: 
http://www.clinet.fi/pd/doc/texts/TeX-FAQ-supplement_(part_2_of_3
)
(this FAQ is dated 10 May 93)

Server The files of type para used in the index were: 
/u3/wais/mirror/cissites/cissites.txt A list of contacts for most 
known organizations in the former Soviet Union who either have or 
plan to have e-mail connections. Provided by the SUEARN-L list, 
SUEARN-L at UBVM.BITNET. Keywords: USSR, CIS, Russia, Latvia, 
Lithuania, Estonia, Baltic, Moscow, Leningrad, Siberia. The 
original document is stored on 
impaqt.drexel.edu:/pub/suearn/misc/cissites.txt and is available 
for anonymous FTP. 
>From the front matter: * The Authoritative Soviet E-Mail 
Directory and Guide ** For more information, subscribe to the 
SUEARN-L mailing list, or send e-mail to Michael Meystel or 
Dimitri Vulis (c) 1992 All rights reserved 
This file contains contact information (correct name / address / 
phone / fax #... possibly e-mail address) for sites of interest 
in the Commonwealth of Independent States (CIS). We occasionally 
get asked questions like 'What is the Russian name of IAS?' or 
'What is the postal address of St. Petersburg State U's math 
faculty?' or 'What does IPPI stand for?'. Over the years I've 
collected a fairly complete electronic address book of addresses 
of Soviet sites where mathematical research is done, which I 
gladly share. Sergej Gelfand and Don Parsons have kindly 
contributed their address lists (respectively, more math and 
oncology). An even more complete version of such file, listing 
sites of possible interest to people in other fields, and freely 
available on the Internet, would be very useful to many. Please 
send additions, corrections, suggestions, etc to: CISMAP at DM.COM I 
can't acknowledge everything, but I will try to read every 
e-mail. Dimitri Vulis ) 
Source: http://www.elvis.ru/wais/c.html







From frissell at panix.com  Wed Nov  6 07:37:05 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 6 Nov 1996 07:37:05 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <3.0b19.32.19961106104133.0071ef3c@panix.com>


At 06:51 AM 11/6/96 -0800, Dale Thorn wrote:
>As I've said before, all forums on the net can be arranged at some point
in the future
>to be "privately" owned, and the question is, can there be a free speech
forum where
>you won't be arbitrarily banned?
>

We call it Usenet.





From jfricker at vertexgroup.com  Wed Nov  6 08:07:23 1996
From: jfricker at vertexgroup.com (John Fricker)
Date: Wed, 6 Nov 1996 08:07:23 -0800 (PST)
Subject: Protecting Your Data With Crypto
Message-ID: <19961106160652570.AAA136@dev.vertexgroup.com>


Windows 95 and Windows NT users: after a couple sleepless nights I have created a mini-front end for ciphering files with Blowfish. This is an alpha version so I'm looking for bugs, feedbacks and feature creep. 

Read all about it at http://www.program.com/FileCipher/

and let me know what you think!

thanks etc, and happy encipheration!
--j

>John Young (jya at pipeline.com) said something about Protecting Your Data With Crypto on or about 11/5/96 1:45 AM

>We have put the November UNIX Review article Peter cited
>in his letter to the editor, "Protecting Your Data With Cryptography," 
>at:
>
>     http://jya.com/protect.htm
>
>

--j
-----------------------------------
| John Fricker (jfricker at vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------






From dlv at bwalk.dm.com  Wed Nov  6 08:20:49 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 08:20:49 -0800 (PST)
Subject: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <Pine.SUN.3.94.961105192617.27527A-100000@polaris>
Message-ID: <Pe7ywD2w165w@bwalk.dm.com>


Black Unicorn <unicorn at schloss.li> writes:

> Oh, shut up and go away.
> No one wants to hear from you anymore.

Will someone please teach Uni how to use procmail or a similar program to
filter out my politically incorrect rants?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Wed Nov  6 08:24:54 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 08:24:54 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <Pine.3.89.9611050119.A27459-0100000@netcom>
Message-ID: <BP3ywD23w165w@bwalk.dm.com>


furballs <furballs at netcom.com> writes:
> As for the original point on Vulis:
>
> John Gimore did what he did. Vulis challenged him, and John called his
> bluff. Having read this list for quite a while now, I've seen alot of
> crap go back and forth from many people that was just as annoying as what
> Vulis was doing.

I'm slightly offended by this.  What if someone were to post the entire text
of the _Pink _Swastika to this mailing list, in 40K chunks, with the subject
header "John Gilmore and Hitler's rise to power"? :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Wed Nov  6 08:25:53 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 08:25:53 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <199611060510.XAA11348@smoke.suba.com>
Message-ID: <D86ywD1w165w@bwalk.dm.com>


snow <snow at smoke.suba.com> writes:

>     Let's also not confuse "capricious plug-pulling" with _daring_ the OWNER
> of the machine the list is running on, and THE GUY WHO RUNS THE LIST to kick
> your sorry racist ass off the list. He called your bluff, and any day now,
> I expect him to prevent you from even posting in your own name. Not that that

Unfortunately, such actions would be consistent with John's other recent
acts of censorship.  I find it regrettable, since I used to have a lot of
respect for him.

But of course he's within his rights to ruin his own credibility.

As for "racist", I think this label is more applicable not to me, but to
the individual who characterized a group of (then) subscribers to this
list as "crazy Russians".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Wed Nov  6 08:30:08 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 08:30:08 -0800 (PST)
Subject: [NOISE] Censorship of Dr. Vulius
In-Reply-To: <2.2.32.19961105063515.006c9fa4@gonzo.wolfenet.com>
Message-ID: <Bm7ywD3w165w@bwalk.dm.com>


Cerridwyn Llewyellyn <ceridwyn at wolfenet.com> writes:

> At 10:00 AM 11/4/96 -0500, you wrote:
> >someone abuses that priveledge they may lose it. Plain and simple.  It is
> >also worthy to note that the Right to Free Speech, etc. applies to the
> >government (IOW, the government can not hinder the right to free speech so
> >long as that speech does not infringe upon someone else's right.  Since when
> >is this list government run?  The decision was apparently a personal one.
> 
> I don't think anyone has argued that the owner of the list doesn't have the
> right to remove people from it.  However, simply because he has the right to
> doesn't mean he should, and it also doesn't mean other members can't or
> shouldn't argue that he made a bad decision (unless, of course, the dissentin
> members are removed as well.)  Many, if not most, members believe the list
> should be run in a non-authoritarian manner (whoever argued that the term
> authoritarian applies only to governments is wrong.  the difference is a pers
> has the right to act in an authoritarian manner over his own property whereas
> a government doesn't have that right over it's citizens.  Again, however,
> having 
> the right doesn't necessarily make it "okay").  

John has the right to practice censorship on his mailing list, and he's just
exercised his right. He also has the right to burn all the books he owns.

Someone mentioned the speech codes at private universities as examples of 
censorship. Again, they have the right to do that, and they may or may not
jeopardise their credibility. As Alan Derschowitz pointed out, when Harvard
claims to be a bastiod of academic freedom while at the same time outlawing
"politically correct" speech, it's neither a criminal act nor a tort, they
simply lose their credibility. Likewise Brigham Young University claims to
follow the teachings of ASmith & Young, not John Stuart Mills. They would
damage their credibility if they did _not restrict certain kinds of speech
and activities, such as gay-and-lesbian organizations paid for with student
activity fees.

BYU's words and actions are consistent, while John Gilmore's are not.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jya at pipeline.com  Wed Nov  6 08:48:36 1996
From: jya at pipeline.com (John Young)
Date: Wed, 6 Nov 1996 08:48:36 -0800 (PST)
Subject: CLA_sh0
Message-ID: <1.5.4.32.19961106164659.006a5258@pop.pipeline.com>


   Vigorous Cypherpunk debate on its purpose and future may be
   a harbinger of global conflict. A book review today on
   global conflict and six related essays in November
   Foreign Affairs may provide illumination -- both for
   Cypherpunk's crypto-mission and for its intramural clashes.
   (See Lewis Koch's inquest of global CP disputes.)

   11-6-96. NYP:

   "A Scholar's Prophecy: Global Cultural Conflict." Book
   review.

      With the end of the cold war, the division of the world
      into ideological camps and political networks has
      yielded to the basic human propensity to find meaning
      and identity in cultural commonality -- in blood,
      religion, heritage and birthright. After four centuries
      of Western domination, global politics will now become
      a complicated and deadly earnest contest among the
      world's major civilizations, mainly the Western one, the
      Islamic one, and the Sinic one deriving from China.
      Unless the West recognizes the power of cultural
      conflict, it could perish from ignorance, overconfidence
      and complacency.

   -----

   http://jya.com/clash0.txt

   CLA_sh0

----------

   The Foreign Affairs essays:

      http://jya.com/clashidx.htm 

   (The URL is the index of the six; Huntington's is ready;
   others follow.)

   Abstracts:

   The West: Unique, Not Universal, Samuel P. Huntington

      Many in the West believe the world is moving toward a
      single, global culture that is basically Western. This
      belief is arrogant, false, and dangerous. The spread of
      Western consumer goods is not the spread of Western
      culture. Drinking CocaCola makes a Russian no more
      Western than eating sushi makes an American Japanese.
      The essence of the West is the Magna Carta, not the
      Magna Mac. As countries modernize, they may westernize
      in superficial ways, but not in the most important
      measures of culture language, religion, values. In fact,
      as countries modernize they seek refuge from the modern
      world in their traditional, parochial cultures and
      religions. Around the globe, education and democracy are
      leading to "indigenization." And as the power of the
      West ebbs, "the rest" will become more and more
      assertive. For the West to survive as a vibrant and
      powerful civilization, it must abandon the pretense of
      universality and close ranks. Its future depends on its
      unity. The peoples of the West must hang together, or
      they will hang separately.

   Democracy and the National Interest, Strobe Talbott

      Democracy makes good neighbors, and in an increasingly
      interconnected world the United States has both the
      means and the motive to promote the democratic process
      abroad. On the home front, Americans crave a foreign
      policy grounded, like their nation, in idealpolitik as
      well as realpolitik. The administration has made support
      of nascent democracies a priority of its diplomacy from
      Latin America to East Asia, and the returns from South
      Africa, Haiti, Russia, even Bosnia seem positive. But
      democratization is a long, hard journey in which
      elections are only the first step. The United States
      should encourage new democratic governments through
      their most fragile phase.

   Defense in an Age of Hope, William J. Perry

      Twice before, America had the opportunity to make the
      prevention of conflict its first line of defense. It
      must not lose this moment after the Cold War to foment
      a revolution in security strategy. Preventing
      proliferation is key, and U.S. programs help turn Soviet
      missile sites into sunflower fields. The American armed
      services the world's most emulated, show other
      militaries how to function in a civil society and
      conduct exchanges that head off misunderstandings. In
      Europe, George Marshall's fondest hopes are being
      realized through the Partnership for Peace which
      reverberates well beyond the security realm. Meanwhile,
      the United States leverages forces for maximum
      deterrence and invests in smart technology. But its best
      investment is in openness and trust, the essential tools
      of the art of peace.

   Germany's New Right, Jacob Heilbrunn

      Not skinheads in jackboots but journalists, novelists,
      professors, and young businessmen constitute the German
      new right. Since the fall of the Berlin Wall, they have
      sought the "normalization" of German history, a revival
      of nationalism, and recognition that Germany is the most
      powerful country in Europe. When confronted with the
      Nazi past, they talk about Stalin's crimes and complain
      of an oppressive "political correctness." Violence
      against immigrants is answered with complaints of
      attacks against Germans. Though not a political
      movement, the new right is extending the boundaries of
      the politically acceptable.

   Banning Ballistic Missiles, Alton Frye

      Heady years for arms control make a superpower
      complacent. The structure of restraint accepted by
      Washington and Moscow could crack; meanwhile,
      proliferation continues apace and nuclear materials
      trickle onto the world market. The Clinton team has
      followed through on the work of past negotiators, but it
      is high time for a third START. The United States should
      propose the dramatic steps of placing nuclear warheads
      in "strategic escrow" and banning ballistic missiles.
      Advanced monitoring and inspection technologies make the
      plan practicable, and there will be security payoffs for
      all.

   Is the World Ready for Free Trade?, Charles R. Carlisle

      Though a leap to global free trade is a nice idea, the
      political support is just not there. Nor is any such
      earthshaking step necessary. The World Trade
      Organization has an extensive built-in agenda that
      should not be derailed. Fears of regionalism are greatly
      exaggerated, since regional trade has not increased much
      since the early 1970S and current plans for free trade
      in the Americas and the Pacific are unlikely to succeed.
      Few countries share the free-trade faith of the United
      States and Great Britain, and even in those places,
      economic anxiety threatens to push trade in the other
      direction.

   -----










From gen2600 at aracnet.com  Wed Nov  6 09:07:44 1996
From: gen2600 at aracnet.com (Genocide)
Date: Wed, 6 Nov 1996 09:07:44 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <Pine.SUN.3.91.961105120912.17274B-100000@crl.crl.com>
Message-ID: <Pine.LNX.3.95.961106090652.13663A-100000@shelob.aracnet.com>



	Whats done is done, why don't we move on?


G
============================================================================

Email:
gen2600 at aracnet.com
					   Available on the web:
Beeper: (503) 204-3606
					Http://www.aracnet.com/~gen2600


Something I've been known to babble in my sleep:

   It is by caffeine alone that I set my mind in motion.
   It is by the Mountain Dew that the thoughts acquire speed,
   the lips acquire stains, the stains become a warning.
   It is by caffeine alone that I set my mind in motion.

============================================================================







From sandfort at crl.com  Wed Nov  6 09:31:07 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 6 Nov 1996 09:31:07 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <v0310061baea578d1263f@[205.214.160.146]>
Message-ID: <Pine.SUN.3.91.961106085914.3111A-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996, Dave Crocker wrote:

> 	Actually I think that this view is at the core of the
> misunderstanding.
> 
> 	In fact, we ARE required to suffer fools.

What you mean WE, white man?  Does this "requirement" include 
John Gilmore?  Must he and his machine be held in hostage to 
the gratuitous flames of Dimitri?  I think not.

> It is a clear and acknowledged expense for an open society.
 
Clear and acknowledged by whom?  Certainly not me.  We are not
talking about Dimitri's right to speak in open society.  This is
a private list provided through the generosity of one person.
Please refrain from making arguments that tacitly assume that
toad.com is a public good or has somehow been nationalized "in
the public interest."  

I challenge those who think John's actions were intemperate or
ill-advised to make their arguments without rewriting history or 
the facts, or by making use of poorly thought out metaphors.

This IS a private list, like it or not.  Crying "censorship" or
"authoritarianism" merely because John handled this differently
than you would have, is disingenuous to say the least.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From hallam at ai.mit.edu  Wed Nov  6 09:52:46 1996
From: hallam at ai.mit.edu (hallam at ai.mit.edu)
Date: Wed, 6 Nov 1996 09:52:46 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <961106.070903.3l3.rnr.w165w@sendai.scytale.com>
Message-ID: <9611061758.AA10058@etna.ai.mit.edu>



>> Laws create rights      - argument in "is"
>
>This is way too broad.  The only "rights" laws can _create_ are the
>zero-sum rights of entitlement that impose a corresponding
>responsibility on others.  Natural rights can't be created by fiat.

If you look at the original argument you will see that I'm explicitly
denying the existence of Natural law. It has been recognised as a
bankrupt philosophical position for at least two centuries.

Its not even the basis for Libertarian argument which is principaly
contractarian. 

The change in the wording of the declaration of Independence from
"God Given" to "Self Evident" reflects the wider philosophical
movement of the time. After Rousseau there was no need to depend on
superstition as the foundation of ethics.

If you argue from "natural law" you are simply parrotting the
predjudices of society. It isn't philosophy, its more akin to the
religious bigotry popular in the US South and Afghanistan. 


		Phill
 





From sandfort at crl.com  Wed Nov  6 09:56:55 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 6 Nov 1996 09:56:55 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <328029BC.559B@gte.net>
Message-ID: <Pine.SUN.3.91.961106091938.3111C-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Tue, 5 Nov 1996, Dale Thorn wrote:

> My computer and my access to cypherpunks is not inside of
> anyone's home.

Dale is wrong.  All access to Cypherpunks is via toad.com which 
sits in John Gilmore's home.  (The basement office to be exact.)

> Here, John has opened up whatever computer hardware for an
> essentially public forum...that it is perceived by a very
> large segment of the subscribers as public...

And here John has chosen to limit said forum.  It is irrelevant
how many subscribers perceive the list as public.  It is private.
Their misperception is in no way binding on John.

> Now, don't you think it odd that if people really perceived
> this forum to be "really private", that they would so strongly
> object to this ousting, particularly of the person in question,
> who is not even liked by these objectors?

a) "Against stupidity, the gods themselve, contend in vain."
   Some folks just don't have a clue.  Just because they don't
   understand the nature of John's contribution, does not stop
   them from yammering.

b) There are those who do understand the private nature of the
   list, but think that John has made a mistake.  They may
   certainly try to convince him of the error of his ways without
   assuming the list is public.

> You can argue until doomsday the "privacy of home" issue,...

Since it is correct and unasailable, I believe I will.

> If you really agree with the ousting, I don't understand why
> you're arguing so hard for the "private home" issue; would you
> want to see a world someday where all Internet communications
> are "controlled" by "private" individuals at "home"?

Yes.  That's the way it is now, and I think it works very well.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From tcmay at got.net  Wed Nov  6 10:01:53 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 6 Nov 1996 10:01:53 -0800 (PST)
Subject: FW: Now we have it all
In-Reply-To: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961106104748Z-3821@csa-ntx.chemson.com>
Message-ID: <v03007803aea6832113aa@[207.167.93.63]>


At 10:47 AM +0100 11/6/96, Butler, Scott wrote:
>>
>Abaddon wrote:
>
>>>susbscribe
>
>Surely we have seen it all now.
>I find it hard to believe that a word like
>suscribe....subsribe....subcribes..
>SUBSCRIBE..is so difficult to spell correctly.
>
>:-)

This is actually steganography. Various spellings of "subscribe" are being
used to communicate a bit or two per message.

Actually, the practice becomes a code, as in:

"Suscrive if by sea, sudcribe if by land."


--Klaus! von Future Prime









From jsi at idiom.com  Wed Nov  6 10:03:57 1996
From: jsi at idiom.com (Michael Craft)
Date: Wed, 6 Nov 1996 10:03:57 -0800 (PST)
Subject: Parents effectively lose their right
In-Reply-To: <19961106.073225.9807.2.kb4vwa@juno.com>
Message-ID: <199611061803.KAA24421@idiom.com>


> Family Research Council Washington Watch News - October 25, 1996 - Vol.
> 8:1
> 
> "Parents effectively lose their right to direct the upbringing of their
> children when they drop them off at school, according to one federal
> court judge.  Earlier this year, Judge Melinda Harmon, appointed by
> President Bush, ruled that Katy Independent School District in TX did
> not violate parents' rights by allowing Child Protective Services to 
> interrogate a student without notifying his parents, nor by instructing 
> him to lie to his parents about the incident."

Spanking and ecumenical prayer may be illegal in the schools, but 
methinks the above is actually more harmful to society than mindless
prayer or a little paddling.






From jsi at idiom.com  Wed Nov  6 10:10:07 1996
From: jsi at idiom.com (Michael Craft)
Date: Wed, 6 Nov 1996 10:10:07 -0800 (PST)
Subject: Censorship in Western Australia
In-Reply-To: <1.5.4.32.19961106083312.003babac@popd.ix.netcom.com>
Message-ID: <199611061809.KAA24807@idiom.com>


> >> AUSTRALIA - CENSORS STRIKE AT INTERNET, LANS - Western Australia's
>    State Government says it will seek to censor all computer
>    transmissions of offensive material after its censorship act came
>    into force last Friday. [Newsbytes, 67 words]

Time to post hardcore porn binaries in aus.culture

Know some Australian government e-mail addresses?






From haystack at cow.net  Wed Nov  6 10:21:21 1996
From: haystack at cow.net (Bovine Remailer)
Date: Wed, 6 Nov 1996 10:21:21 -0800 (PST)
Subject: No Subject
Message-ID: <9611061808.AA14306@cow.net>


On Wed, 6 Nov 1996 stewarts at ix.netcom.com wrote:

> Headline:
> >> AUSTRALIA - CENSORS STRIKE AT INTERNET, LANS - Western Australia's
>    State Government says it will seek to censor all computer
>    transmissions of offensive material after its censorship act came
>    into force last Friday. [Newsbytes, 67 words]
> 
> Probably not as competent as Singapore at enforcement,
> but what do people know about it?

I'll check with the Aus EFA and get back to you on the above. Hmmm, I 
wonder if a home user with a networked computer in say his lounge and 
another in his study will be guilty of a crime if he sends an electronic 
(and offensive) message to that other node!

Press 'N' now if your not interested in a tounge in cheek brief on 
Australian politics this week...

Action such as the above by WA would not suprise me it..of course its been 
tried before and defeated but that doesn't stop our political thugs here, 
they just put it on the backburner for a year and try again until people 
get tired of responding and pass it by default. Hell last week a federal 
member from WA spent 20 minutes ranting in parliament why all domestic 
cats (and feral cats) in Australia should be destroyed (Pussy Hater) 
whilst Australia's economy continues to slide, manufacturing moves 
offshore and our already record unemployment continues to rise.

Semi-auto firearms were banned here this month (even though the Prime 
Minister stated earlier that he knew it wouldn't solve 'The Problem'), 
including semi-auto shotguns. All other firearms are now hard to obtain 
(must show a valid _reason_ for obtaining a permit for each individual 
firearm, including air rifles - note the protection of ones life is not a 
reason..its specifically excluded in the legislation); double edged knives 
are now a prohibited import. [Note: sling shots are already banned so 
that leaves just spears, bows and stones to be legislated against and 
Australia will be projectile-weapon free]. A local member was asked if 
police would still be carrying guns now that The Problem was solved and 
he responded with..no, there's still dangerous criminals out there; 
without realising the irony of his statement. Hmmmmm.

This morning I read in the paper that my local city council is going to 
pass a regulation that will enable them to gas my cat (Lots of Pussy 
Haters here) if it eats a bird, 'strays' off my property, or generally 
has the nerve to make itself noticed. There is talk of banning 'protection' 
type dog breeds after an old women was killed recently, supposedly by a 
Rotty.

A police sgt told a WA poliscum that a stolen car incident he 
investigated 3 weeks ago could only have been done by criminals using 
information obtained from the internet (yeah thats how ALL the crims 
learn hotwiring). This was then reported to the WA parliament as factual.

Meanwhile our Foreign Minister (the same intellectual giant that 
recently spoke to the CEO of the US Reserve bank then spilled 
his guts to the press about the US Reserve Banks' intentions wrt interest 
rates - and awoke the next morning and found, much to his suprise, a bit 
of a market ruffle in full swing) today made a commitment to the UN that 
we would be taking steps with respect to multi-culturalism and native 
reconciliation, like some arse-licker at the international-cocktail 
party. Well at least it's now clear he is answerable to the UN for 
domestic policy.

Our PM (Little Johnny 'flaK jacket' Howard) made a statement recently that 
his election would usher in a new era of free speech, however, now 
that an independant member with apparantly substantial grass roots support 
suggests politically incorrect things like reducing immigration, cutting 
the 50 hours a week child care for unemployed stay at home single mothers 
and the billions spent on ineffective aboriginal bodies all of parliament 
wants her to shut up. She has received death threats from Vietnamise drug 
gangs for expressing these views but she should be OK now because firearms 
are illegal.

This week a recently retired Supreme Court Judge was named in parliament
was named in parliament (under parliamentary privelege) as 
receiving favoured treatment by a commission investigating child sex 
charges. Apparantly the shock was so severe that he was forced to commit 
suicide that very night after insisting his innocence. The government 
side called for her dismissal (seemingly not because he was named but 
because he chose to kill himself) and suggested limitations on parliamentary 
speech. The good judge must not have had enough faith in his own legal 
system to trust his reputation to it and face a court of law. Police are 
also under investigation on child sex charges by that same body.

Now you point out that if I say fuck here (Ooops thats illegal now) I can 
expect armed thugs kicking down my door to drag me back to WA for trial.
I guess anyone state side better cancel any plans to visit our little 
autocracy here now, especially John, after all the message is being bounced 
into WA from his computer and if the legislation is like the laughable bill 
that was attempted to be introduced into New South Wales earlier this year 
he'll be in big trouble (i know this will come as a frightening shock to 
him).

I better go find myself a good throwing rock, I think I here the sound of 
jack-boots on my path.








From tcmay at got.net  Wed Nov  6 10:49:51 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 6 Nov 1996 10:49:51 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <199611052244.OAA15345@toad.com>
Message-ID: <v03007806aea68cf963af@[207.167.93.63]>




(Someone renamed my thread with the "[noise]" prefix. I have removed this
stupid prefix. Anything people think really is just noise should not even
be posted. I favor picking descriptive thread names, and try to do it
whenever I can, rather than cluttering up thread names with cutesy labels.)

At 2:44 PM -0800 11/5/96, Sean Roach wrote:

>If I remember my history right, the order that math was done often depended
>on the model of calculator it was done on.  I remember being warned as late
>as 1991 how some calculators may still still add before they multiply, and
>to use those parenthesis for good measure, just to be safe.

Well, it ain't _history_ only--it's also current. Some of us use RPN
(Reverse Polish Notation) calculators exclusively. (Even my screen
calculator I use on my Mac is an RPN one.)

The main split is between RPN and algebraic. Algebraic calculators use
parentheses to establish operator precedence and to alter precedence, RPN
calculators do not.

(Yes, purists will note, advanced RPN calculators have options for
parentheses, brackets, and other similar things, and can even process
algebraically. But not in the basic models, and the RPN computational
model, being stack-based, does not require them.)

To see how RPN works, visit any electronics store that carries
Hewlett-Packard calculators, especially the advanced ones like the H-P 48,
and read the first 5 pages of the instruction manual. It will all become
clear to you.



--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From sunder at brainlink.com  Wed Nov  6 11:33:41 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Wed, 6 Nov 1996 11:33:41 -0800 (PST)
Subject: IRS Subscribed to Cypherpunks
In-Reply-To: <3.0b36.32.19961105070826.0070f470@panix.com>
Message-ID: <Pine.SUN.3.91.961106143511.29472C-100000@beast.brainlink.com>


On Tue, 5 Nov 1996, Duncan Frissell wrote:

I've been getting a few of these too, to replies I've posted to 
cypherpunks at toad.com.  Interestingly enough, one came up from my filtered 
list. :(

> Got the following bounce.  The Cc: was to a real address.
> 
> DCF
> 
> >Date: Tue, 5 Nov 1996 05:24:21 -0500
> >From: Administrator at ccmail.irs.gov (Administrator)
> >Subject: Message not deliverable
> >To: Duncan Frissell <frissell at panix.com>
> >Cc: XXXXXXXXX (Administrator)
> >Content-Description: cc:Mail note part
> >
> >At 04:45 AM 11/4/96 -0800, Declan McCullagh wrote:
> >>Libertarianism is not incompatible with strict regulations, as long as 
> >>the rules violate nobody's rights.
> >>
> >>-Declan
> >
> >Obviously many voluntary religious organizations have quite strict rules
> >for their members and are compatible with libertarianism.  Government
> >monopoly regulations that cannot be opted out of are not compatible with
> >libertarianism.  Instead of using the loaded term "regulations' it might be
> >better to call things like the rules of the cypherpunk's list "club rules"
> >or protocols.
> >
> >DCF
> >
> >
> 

=============================================================================
 + ^ + |  Ray Arachelian    |FL|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder at sundernet.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/=
  /|\  | "A toast to Odin,  |KA| law abridging the freedom of speech'|==\|/==
 + v + |God of screwdrivers"|AK|        do you not understand?       |=======
========================http://www.sundernet.com=============================
      If the Macintosh is a woman...  Then Windows is a Transvestite!
           ActiveX! ActiveX! Format Hard drive? Just say yes!






From sunder at brainlink.com  Wed Nov  6 11:34:25 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Wed, 6 Nov 1996 11:34:25 -0800 (PST)
Subject: Sony/Philips has trouble exporting Web TV's (fwd)
Message-ID: <Pine.SUN.3.91.961106143609.29472D-100000@beast.brainlink.com>




---------- Forwarded message ----------
Date: Sat, 2 Nov 1996 15:59:04 -0500 (EST)
From: v0!d <voidmstr at primenet.com>
To: Multiple recipients of list <wwwac at echonyc.com>
Subject: Sony/Philips has trouble exporting Web TV's (fwd)


>>
>>     From Electronic Buyers' News:
>>
>>     October 28, 1996
>>     Issue: 1030
>>     Section: News
>>
>>     CODE LIMIT EXCEEDED
>>
>>     By Jack Robertson
>>
>>     Washington - New Internet-television systems from Sony Corp. and
>>     Philips Electronics Co. are technically munitions under U.S. export
>>     controls and cannot be shipped to the companies' worldwide sales
>>     networks, it was disclosed last week.
>>
>>     Sony officials said the company's TV set-top box designed by WebTV of
>>     Palo Alto, Calif., includes a state-of-the-art 128-bit code encryption
>>     system for electronic commerce. This far exceeds the 40-bit encryption
>>     code permissible for export under the U.S. Munitions Control List.
>>
>>     Philips also makes a WebTV set-top Internet box at its Magnavox TV
>>     plant in Knoxville, Tenn., and is similarly barred from shipping the
>>     unit to sales channels around the world.
>>
>>     Both global electronic giants face immediate competition in the
>>     emerging TV-Internet surfing market from other Japanese, South Korean,
>>     and European set-makers that don't face the U.S. encryption
>>     controls. They now join the U.S. computer industry, which has long
>>     protested that the outmoded encryption export curbs are causing them
>>     to forfeit overseas sales of PCs and workstations to foreign rivals.
>>
>>     President Clinton last month proposed lifting the level of encryption
>>     export controls from the present 40-bit code word to 56 bits, but only
>>     if a trap door is embedded in the cipher to allow law enforcement
>>     agencies to decode wiretapped messages. Clinton is expected shortly to
>>     sign an executive order putting the new control limits into effect.
>>
>>     The pending 56-bit-code threshold doesn't help the Sony or Philips
>>     Web-surfing TV systems - nor most U.S. computer companies that build
>>     systems with encryption exceeding even the new control limit. Both
>>     Netscape and Microsoft Web-browsing software includes 128-bit code
>>     encryption, surpassing export curbs.
>>
>>     Zenith Electronics Co., maker of a Web-surfing TV set, isn't concerned
>>     about the encryption controls, since it sells only in the U.S. market
>>     where the curbs don't apply.
>>
>>     Divicom Inc., based in Milpitas, Calif., must get an export license
>>     from the U.S. State Department for every exported cable TV front-end
>>     encoder, which includes 128-bit code word, according to Tom
>>     Lookabough, the company's sales manager. He said the license review
>>     process can take eight weeks or more, a troublesome delay that foreign
>>     competitors don't face.
>>
>>     Divicom and Scientific Atlanta both said their new digital TV set-top
>>     boxes include encryption that exceeds allowable export limits - but
>>     virtually all sales so far are in the U.S. market. As digital-box
>>     production ramps up, the companies would like to sell overseas, but
>>     run into the export control ban that puts them at a severe
>>     disadvantage against the foreign competitors aggressively entering the
>>     set-top market.
>>
>>     President Clinton's encryption export control changes include an
>>     industry-favored provision to take the category off the State
>>     Department's Munitions Control List and shift responsibility to the
>>     Commerce Department.
>>



Dennis Wilen : WWW Design, Production and Consulting
voidmstr's law: bandwidth expands to fit the waste available
voidmstr at primenet.com   http://www.primenet.com/~voidmstr
2385 Roscomare Road, Bel Air CA 90077  voice: 310-471-7849











From snow at smoke.suba.com  Wed Nov  6 11:38:12 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 6 Nov 1996 11:38:12 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <3280A5D9.35E8@gte.net>
Message-ID: <199611061955.NAA12955@smoke.suba.com>


> snow wrote:
> > > > It's only authoritarianism if the government is involved.
> > > > Clearly, the government isn't involved in this matter.
> [snippo]
> > fans of his team. Screaming at the top of his lungs about the quarterback
> > for a totally different team fumbling the ball in the 1970 world series.
> [snip, snip]
> A vastly more accurate analogy is that the "Doctor" is not in fact inside of the bar,
> as none of the cypherpunks are inside of anyone's home but their own.  Vulis is some-
> where else, sending his brand of beer to the bar in competition with a number of
> other "vendors".  Customers and vendors alike complain that Vulis' bottles have
> offensive portraits on them, possibly famous sports figures in an unflattering light.

     Side note: Could you please set your mail reader to format messages 
to < 80 columns? I, and I assume several others here use Unix CLI based mail
readers that wrap your text weirdly.

> So the bar owner bans Vulis' beer, but he sends it in anyway through a third party,
> and several patrons discover that they can easily remove the outer label from the
> bottle and see the original portraits.

      He isn't "putting different labels" on his horse piss, he can still 
post under his own name. 

     Your analogy makes no sense. 

> There are similarities to Prohibition here.
> Now the bar owner, being the owner, can throw out anyone he wants to anytime, and he
> gets away with this with little or no trouble lawsuit-wise, since the courts are much
> more lenient with owners of bars and rock-n-roll venues that with, say, Denny's
> Restaurants.

     Not really. Any establishment has the rights (and in some cases the 
responcibility) to remove patrons for their _actions_. If you go into dennys 
and act like a total ass, abusing other patrons, and daring the Management to
throw you out, you will most likely be eating at McD's. 

     Bar and Club owners probably do have more latitude to pick and choose
who they allow _in_ to their establishment, but both have the right to eject
patrons who start shit. 
 
> As I've said before, all forums on the net can be arranged at some point in the future
> to be "privately" owned, and the question is, can there be a free speech forum where
> you won't be arbitrarily banned?

     Yes. You start your own forum. When Perry was looking for a home for a 
new list, I offered a machine that I have up as a server, it is already running
a mailing list that offer to a certain group, on that list I have very 
few rules, but they are enforced. Outside of 2 areas, anything can be discussed.I put those 2 areas (Politics and Non-subject related Commercial posts) off 
limits to keep traffic down. When one of the users and I started to get into
politics, I noted the problem (It had been over a year since I had put the 
rules into place, and I even forgot--it never came up) and started another 
list (which promptly fell over and died) for that express purpose. 

     I and not a rocket scientist, but maintaining a low use unix server and 
majordomo are not that difficult (I wouldn't want to deal with a list the 
size of CP, but that is a different matter), and 
----------------Here is the big point--------------------------
as long as you have access to A PRESS of any kind, you are not being censored. 

     Vulis is probably much more intelligent than I, hell I couldn't get a 
masters in Math, much less a Piled Higher and Deeper. He probably makesa a 
good deal more money than I do, so he shouldn't have much difficulty setting
up his own server, with it's own web site, remailer, and Mailing list in 
competetion with this one. 

     Let him start his own bar as Mr. Metzger is doing. 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From dlv at bwalk.dm.com  Wed Nov  6 11:50:51 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 11:50:51 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <Pine.SUN.3.91.961105143024.24101B-100000@crl.crl.com>
Message-ID: <5VcZwD1w165w@bwalk.dm.com>


Sandy Sandfort <sandfort at crl.com> writes:

> Intellectual honesty isn't required on this list, but it is
> appreciated.

I wouldn't hold my breath waiting for John Gilmore to unsubscrive[sic]
himself for intellectual dishonesty... :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From gnu at toad.com  Wed Nov  6 11:51:06 1996
From: gnu at toad.com (John Gilmore)
Date: Wed, 6 Nov 1996 11:51:06 -0800 (PST)
Subject: Bernstein hearing, Nov 8 CANCELED!
Message-ID: <199611061951.LAA13910@toad.com>


Judge Patel has decided that she already knows enough, based on the
papers submitted by both sides, to decide our motion for a preliminary
injunction to protect Dan Bernstein as he teaches a class on
cryptography in January.

She also says that she will decide our motion for partial summary
judgement (from the September 20th hearing) at the same time.

So, THERE WILL BE NO HEARING ON NOVEMBER 8TH!  DON'T COME, WE WON'T BE THERE.

Apologies for the short notice.  It's all the notice the legal team
got.

I'll let you know as soon as she releases her decision.

	John Gilmore





From talon57 at well.com  Wed Nov  6 11:58:10 1996
From: talon57 at well.com (Brian D Williams)
Date: Wed, 6 Nov 1996 11:58:10 -0800 (PST)
Subject: [PRIVACY][BLACKNET] Potential Analyst?
Message-ID: <199611061957.LAA03299@well.com>



>Dimitri Vulis
>#4k Burns St, Forest Hills,NY 11375-3506
>(718)261-6839
>Source: http://www.yahoo.com (Four11 people search)

>Birthday: December 29
>Source: http://www.boutell.com/birthday.cgi/december/29

>D&M Consulting Services (DM-DOM)
>   67-67 Burns Street
>   Forest Hills, NY 11375
>   Domain Name: DM.COM
>   Administrative Contact:
>      Administration, PSINet Domain  (PDA4)  
>psinet-domain-admin at PSI.COM
>      (703) 904-4100
>   Technical Contact, Zone Contact:
>      Network Information and Support Center  (PSI-NISC)  
>hostinfo at psi.com
>      (518) 283-8860
>   Record last updated on 31-Oct-96.
>   Record created on 19-Jun-91.
>   Domain servers in listed order:
>   NS.PSI.NET                   192.33.4.10
>   NS2.PSI.NET                  38.8.50.2
> Source: InterNIC


The Pro's say that analysts are born not made. If so whoever wrote
this appears to show potential.....

Send resume to BLACKNET.....

;)

Brian






From roach_s at alph.swosu.edu  Wed Nov  6 12:10:33 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Wed, 6 Nov 1996 12:10:33 -0800 (PST)
Subject: [pure noise] filtering Re: "censorship in cyberspace"???
Message-ID: <199611062010.MAA14479@toad.com>


At 03:29 PM 11/5/96 -0800, Vladimir Z. Nuri wrote:
...
>the "automatic prose generator" technology out there leaves a lot
>of other interesting ideas. an ingenious software engineer
>with a flair for writing could create some pretty sophisticated
>grammars that automatically generate text yet are impossible
>to detect over perhaps even dozens of messages output by them.
>they could even have their own personalities and writing styles,
>if the software engineer were creative and devious enough.
...
Consider, however, that when computers match humans in the ability to
generate coherent sentences, they might have something useful to say.  Even
now, search, engine designers are fighting with "web spam" artists who fill
thier pages with various "key" words or statements to ensnare hapless
browsers.  These designers are developing filtering systems to combat this,
and these filters could conceivably be ported to the e-mail community to
filter machine generated text.  There should be a point where the prose spun
by asimov's "positronic brains" and that woven by a humans own "natural"
brain would be indistingushable.  At this point, we might want to hear their
opinions, for they should be as valid as any other.






From roach_s at alph.swosu.edu  Wed Nov  6 12:12:21 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Wed, 6 Nov 1996 12:12:21 -0800 (PST)
Subject: [noise] Re: Any Info for Sen. Pressler....
Message-ID: <199611062010.MAA14464@toad.com>


Per Bill Stewart's comment.
...
>At this point, I think he's now Ex-Senator Pressler,
>if I saw the election returns I think I saw.
...
Actually he would be a lame duck.  Our elected officials don't take office
the moment the returns come in.  He has a little while left.






From fair at clock.org  Wed Nov  6 12:14:22 1996
From: fair at clock.org (Erik E. Fair (Time Keeper))
Date: Wed, 6 Nov 1996 12:14:22 -0800 (PST)
Subject: "censorship in cyberspace"???
In-Reply-To: <199611052329.PAA15991@netcom22.netcom.com>
Message-ID: <v0300780aaea6a1002b06@[198.68.110.2]>


Simple enough to solve:

1. all E-mail messages must be crypto-signed by the author's private key.

2. the list exploder verifies the key against the list membership, and only
forwards the message to the distribution list if the signature matches a
member of the list.

3. New members are added through invitation or introduction (hand wave).

Q.E.D.

There are, of course, some technology integration and ease-of-use issues
here, given that no commonly used commercial E-mail software will do #1.

	Erik







From frissell at panix.com  Wed Nov  6 12:19:52 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 6 Nov 1996 12:19:52 -0800 (PST)
Subject: CLA_sh0
Message-ID: <3.0b19.32.19961106152204.007350f0@panix.com>


At 11:46 AM 11/6/96 -0500, John Young wrote:
>      Unless the West recognizes the power of cultural
>      conflict, it could perish from ignorance, overconfidence
>      and complacency.

Unless Islam and China recognize the power of Coca Cola, IPOs, blue jeans,
TCP/IP, and videos they could perish from lack of interest.

DCF 

"How you gonna keep 'em down on the farm after they've seen Broadway"?






From networks at vir.com  Wed Nov  6 12:24:21 1996
From: networks at vir.com (networks at vir.com)
Date: Wed, 6 Nov 1996 12:24:21 -0800 (PST)
Subject: [NOISE] If the shoe fits, wear it [VULIS]
Message-ID: <01BBCBF6.6CBDEC00@ipdyne9.vir.com>


Rich Graves Wrote:

>Yes, this gets to my point. Private censorship tells more about the 
>censor than about the censored. In this case, John acted properly, and 
>his credibility has only been enhanced. You are of course free to rant 
>and rave about his hypocrisy, but expecially since you'll always be able 
>to post to the list, at least under a nym (the only thing he's prevented 
>is your reading the list under your own name), you're only proving 
>yourself to be an idiot.

The nature of the Internet means it is extremely difficult for John
to prevent Dr. Vulis from either posting using a pseudonym or
having messages forwarded to him.  IF it were possible to prevent
Vulis from either reading messages or posting do you think John
would have done that too?  Just curious.

Alan Majer
networks at vir.com







From dave at kachina.jetcafe.org  Wed Nov  6 13:05:07 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Wed, 6 Nov 1996 13:05:07 -0800 (PST)
Subject: Compromise proposal
Message-ID: <199611062104.NAA07305@kachina.jetcafe.org>


Igor Chudov wrote:
> Dave Hayes wrote:
> > Improving signal to noise is a laughable goal at a social event of
> > more than 100 people, why do people insist upon trying it on the net?
> To save time?

At the expense of honor?
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

An eye for eye only ends up making the whole world blind.        --  Gandhi







From nobody at cypherpunks.ca  Wed Nov  6 13:16:57 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 6 Nov 1996 13:16:57 -0800 (PST)
Subject: [URGENT] Diffie-Hellman
Message-ID: <199611062059.MAA24669@abraham.cs.berkeley.edu>


Timothy C. May's 16Kb brain's single convolution is 
directly wired to his rectum for input and his T1 mouth 
for output. That's 16K bits, not bytes. Anal 
intercourse has caused extensive brain damage.






From furballs at netcom.com  Wed Nov  6 13:28:27 1996
From: furballs at netcom.com (furballs)
Date: Wed, 6 Nov 1996 13:28:27 -0800 (PST)
Subject: Censorship on cypherpunks
In-Reply-To: <BP3ywD23w165w@bwalk.dm.com>
Message-ID: <Pine.3.89.9611061214.A13085-0100000@netcom>




On Wed, 6 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> furballs <furballs at netcom.com> writes:
> > As for the original point on Vulis:
> >
> > John Gimore did what he did. Vulis challenged him, and John called his
> > bluff. Having read this list for quite a while now, I've seen alot of
> > crap go back and forth from many people that was just as annoying as what
> > Vulis was doing.
> 
> I'm slightly offended by this.  What if someone were to post the entire text
> of the _Pink _Swastika to this mailing list, in 40K chunks, with the subject
> header "John Gilmore and Hitler's rise to power"? :-)
> 

You missed the original point. Posting spam is one thing; directly 
challenging the list owner to stop you from posting is another matter.

...Paul






From declan at eff.org  Wed Nov  6 13:38:44 1996
From: declan at eff.org (Declan McCullagh)
Date: Wed, 6 Nov 1996 13:38:44 -0800 (PST)
Subject: Exon's Seat Lost
In-Reply-To: <199611061343.IAA13821@wauug.erols.com>
Message-ID: <Pine.SUN.3.91.961106133817.24084C-100000@eff.org>


Yes. Check out my column today at http://netlynews.com/

-Declan

On Wed, 6 Nov 1996, David Lesher / hated by RBOC's in 5 states wrote:

> Duncan Frissell sez:
> > 
> > Exon's seat goes to Republicans (according to ABC).  CDA probably not involved.
> 
> Did I not hear Pressler lost?
> 
> 
> -- 
> A host is a host from coast to coast.................wb8foz at nrk.com
> & no one will talk to a host that's close........[v].(301) 56-LINUX
> Unless the host (that isn't close).........................pob 1433
> is busy, hung or dead....................................20915-1433
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From dlv at bwalk.dm.com  Wed Nov  6 13:51:50 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 6 Nov 1996 13:51:50 -0800 (PST)
Subject: Censorship and intellectual dishonesty
In-Reply-To: <9611051854.AA09590@etna.ai.mit.edu>
Message-ID: <NkoZwD1w165w@bwalk.dm.com>


hallam at ai.mit.edu writes:
> If we return to the original basis on which Mill opposed censorship
> its not hard to find out why Dimitri is denied his support. The
> argument is based on the need to keep alive debate. Dimitri wants
> to prevent debate, he does not wish to meet with the argument,
> he merely wishes to indulge in character assasinations and insults.

This isn't true, Phil.  Whatever gave you this impression?
Are you confusing me with Timmy May (fart) by any chance?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From tcmay at got.net  Wed Nov  6 14:11:38 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 6 Nov 1996 14:11:38 -0800 (PST)
Subject: "high noon on the electronic frontier"
In-Reply-To: <199611060312.TAA06372@netcom7.netcom.com>
Message-ID: <v03007801aea6ba031728@[207.167.93.63]>



I try to avoid responding to Detweiler's points, even the good ones he
often makes (because he was so flamish and insulting in '93-'94 and because
he forged my name on anti-semitic rants posted to soc.culture.jewish and
soc.culture.german, amongst other such serious behaviors on his part).

However, he has asked a direct question (though he does his characteristic
speculation on the "real" facts and adds his "hee hee" noise), so I will
answer.

At 7:12 PM -0800 11/5/96, Vladimir Z. Nuri wrote:

>TCMay is well represented with several essays in a section on
>"encryption, privacy, and crypto-anarchism". 3 essays,
>Crypto Anarchist Manifesto, Intro to Blacknet, and
>BlackNet worries.
>
>I was curious about TCMay's essay on Blacknet, though, that
>mentions a mysterious "X" who he credits as raising many
>of the issues surrounding Blacknet on the cpunk mailing list
>in Feb 1994. Ludlow states in a footnote TCMay "elided
>references to interlocutors". I wonder about the identity
>of the mysterious "X" and whether he/she is still posting
>to the list. does anyone know who he/she is?

Yes, someone does.

An easy way to find out what was elided is to consult the archives, such as
they are, or consult one's personal store of saved messages from that
period, and read the original. (Lest anyone not be able to do this, I have
included the original message at the end of this message. There were also a
bunch of related posts from folks such as Hal Finney, Sandy Sandfort, Pat
Farrell, Stanton McCandlish, Duncan Frissell, etc.)

When Ludlow sent me what items of mine he proposed to include in his book,
there were two standalone essays (the 1988 Manifesto and the 1993
Introduction to BlackNet) and an item of Cypherpunks list traffic that
included quoted material and comments from others. For example, Hal Finney.

I told Ludlow that I could grant republication rights for _my_ stuff, but
certainly not for others. And I pointed out that the e-mail item lacked
some context, contained some asides which were not germane to the larger
points, and that I would prefer to rework the e-mail item if he wanted to
include it. (With the statement that the piece had been edited...when I
glanced at the Ludlow book in a bookstore (I haven't justified to myself
paying $30 for a damned paperback!!!), I think I noticed that he included
my e-mail to him as the intro to the piece!

I suppose I could have contacted those who had influenced the piece and
arrange for formal releases of rights, or ask that Ludlow do so, but I
really wanted to rework the piece, as I noted. For example, I modified some
of the examples I used, as what is appropriate to discuss in a published
book is always a bit different from what is OK to use in e-mail, even to a
mailing list.


>I was thinking it would be interesting to see whether
>he/she still feels the same about Blacknet and/or get a new
>conversation going about the subject with the insight that
>time can bring.

Well, these discussions have come up many times. Recently, Doug Barnes has
had comments on the BlackNet issue. Hal's comments are available.


>I wonder why TCMay found it important to elide "X"'s identity--
>perhaps "X" was one of his tentacles? (hee, hee)

Back on your lithium, Vlad. Or are you using Pablo now? Or Medusa? Or just
Lance?

Here is the article excerpted and edited in the Ludlow book:

From: tcmay (Timothy C. May)
Subject: Re: Blacknet worries
To: cypherpunks at toad.com
Date: Sun, 20 Feb 1994 12:33:12 -0800 (PST)
Cc: tcmay (Timothy C. May)
MIME-Version: 1.0
Status: RO

Hal Finney makes some comments about the dangers (I call them
benefits) of systems like "BlackNet," the hypothetical-but-inevitable
entity I described last fall. These dangers/benefits have been
apparent to me since around 1988 or so and are the main motivator of
my interest in "crypto-anarchy," the set of ideas that I espouse.

(I don't often dwell on them on this list, partly because I already
have in the past, and in the "Crypto-Anarchist Manifesto" and other
rants at the soda.berkeley.edu archive site, and partly because the
Cypherpunks list is somewhat apolitical...apolitical in the sense that
we have libertarians, anarcho-syndicalists, anarcho-capitalists,
Neo-Pagans, Christian Fundamentalists, and maybe even a few
unreconstructed Communists on the List, and espousing some particular
set of beliefs is discouraged by common agreement.)

However, since Hal has raised some issues, and the general issues of
data havens, anonymous information markets, espionage, and other
"illegal" markets have been raised, I'll comment. Besides, volume on
the List has been awfully light the past few days. Maybe it's my mail
delivery system slowing down, maybe it's the Olymics (I say put Tonya
up on the gold medalist's platform, put the gold medal around her neck,
then the noose, then kick the platform out from under her), or maybe
it's the natural exhaustion of the last set of hot topics.

First, a legal caveat. I openly acknowledge having written the
BlackNet piece--proof is obvious. But I did *not* post it to
Cypherpunks, nor to any other mailing lists and certainly not to
Usenet. Rather, I dashed it off one night prior to a nanotechnology
discussion in Palo Alto, as a concrete example of the coming future
and how difficult it will be to "bottle up" new technologies (a point
Hal alludes to). I sent this note off to several of my associates, via
anonymous remailers, so as to make the point in a more tangible way. I
also printed out copies and passed them out at the nanotech meeting,
which was around last September or so.

Someone decided to post this (through a remailer) to the Cypherpunks
list. Kevin Kelly and John Markoff told me they've seen it on numerous
other lists and boards, and of course Detweiler has recently posted it
to dozens of newsgroups (though it got cancelled and only the "echoes"
remain in most places...a few folks forwarded copies to ohter sites,
with comments, so they were not affected by the cancellation message).

My legal protection, my point here, is that I did not post the
BlackNet piece, it does not exist as an actual espionage or data haven
entity, and my point was rhetorical and is clearly protected by the
First Amendment (to the Constitution of the country in which I
nominally reside).

On to Hal Finney's points:
>
> Tim's Blacknet story has gotten a lot of reaction after Detweiler's
> random posting escapade last week.  I think it is a good essay, but there
> is one point I don't think was stressed enough.
>
> > BlackNet is currently building its information inventory. We are interested
> > in information in the following areas, though any other juicy stuff is
> > always welcome. "If you think it's valuable, offer it to us first."
> >
> > - trade secrets, processes, production methods (esp. in semiconductors)
> > - nanotechnology and related techniques (esp. the Merkle sleeve bearing)
...
> The glaring omision, mentioned only in passing, is military intelligence.

Yes, military intelligence will become much more "fungible" in the
future I envision. It already is, of course, a la the Walkers, but
computer-mediated markets and secure encryption will make it so much
more efficient and liquid. Buyers will be able to advertise their
wants and their prices. Ditto for sellers. Of course, decoys,
disinformation, and the like come to the fore.

To pick a trivial example, someone sits above a busy port and watches
ship movements from the privacy of his apartment. He summarizes these,
then sells them for a paltry-but-comfortable $3000 a month to some
other nation. (The ease of doing this means others will get into the
market. Prices will likely drop. Hard to predict the final
prices...the beauty of free markets.)

> A friend at work tells me that in the Manhattan project, presumably one
> of the most secret projects ever attempted, the Soviet Union had no

Yes, Hal's point is valid. William Gibson, so reviled in some
cyberpunk quarters (it's tres chic to bash him) anticipated this some
years back in "Count Zero," in which the scientists of a company are
held isolated on a mesa in New Mexico--recall the rescue/escape by
ultralight aircraft off the mesa?

The motivation for thinking about BlackNet, which is what I dubbed
this capability in late 1987, was a discussion with the late Phil
Salin that year about his as-yet-unfunded company, "AMIX," the
American Information Exchange. I played the Devil's Advocate and
explained why I thought corporate America--his main target for
customers--would shun such a system. My thinking?

- corporations would not allow employees to have corporate accounts,
as it would make leakage of corporate information too easy

(Example: "We will pay $100,000 for anyone who knows how to solve the
charge buildup problem during ion implant of n-type wafers." Many
corporations spend millions to solve this, others never did. A
"market" for such simple-to-answer items would revolutionize the
semiconductor industry--but would also destroy the competitive
advantage obtained by those who first solved the problems. Another
example, from earlier on, is the alpha particle problem plaguing
memory chips. I figured out the problem and the solution in 1977, at
Intel, and then Intel kept it a deep secret for the next year,
allowing its competitors to wallow in their soft error problems for
that entire year. When I was eventually allowed to publish--a decision
made for various reasons--the competitors raced for the telephones
even before I'd finished presenting my paper! Imagine how much I
could've sold my "expertise" for in the preceding year--or even after.
Of course, Intel could have deduced who was selling what, by various
intelligence-copunterintelligence ploys familiar to most of you
(canary traps, barium, tagged info). But the point is still clear: an
information market system like AMIX means "digital moonlighting," a
system corporations will not lightly put up with.

If information markets spread, even "legit" ones like AMIX (not
featuring anonymity), I expect many corporations to make
non-participation in such markets a basis for continuing employment.
(The details of this, the legal issues, I'll leave for later
discussions.)

> Keeping business secrets and manufacturing techniques secret is one thing.
> But, from the point of view of the government, the world of Blacknet could
> be an utter disaster for the protection of military secrets.  Despite its
> consumption of a large fraction of our society's resources, government jobs
> tend not to be high paying, especially compared to jobs with comparable
> degrees of responsibility in civilian life.  The temptation to sell secrets
> for cash has got to be present for almost everyone.  But it is balanced
>against
> the immense practical problems involved: making contacts, arranging
> deliveries, being caught in a "sting" operation.

Yes, which is why I always used to use "B-2 Stealth Bomber blueprints
for sale" as my canonical example of a BlackNet ad. Hundreds of folks
at Northrup had access to various levels of B-2 secrets. The "problem"
for them was that military intelligence (Defense Intelligence Agency,
Office of Naval Intelligence, CIA, NDA, etc.) was watching them (and
they knew this) and monitoring the local bars and after-work hangouts.
Read "The Falcon and the Snowman," or rent the movie, for some details
on this.

Anonymous markets completely change the equation!

(By the way, many other "tradecraft" aspects of espionage are
similarly changed forever....and probably already have been changed.
Gone will be the messages left in Coke cans by the side of the road,
the so-called "dead drops" so favored by spies for communicating
microfilm, microdots, and coded messages. What I call "digital dead
drops" already allow nearly untraceable, unrestricted communication.
After all, if I can use a remailer to reach St. Petersburg.... Or if I
can place message bits in the LSB of a image and then place this on
Usenet for world-wide distribution..... (I described this in my first
message on using LSBs of audio and picture files in 1988, in
sci.crypt). The world has already changed for the spy. And Mafia guys
on the run are using CompuServe to communicate with their wives...the
Feds can't tap these ever-changing systems....a likely motivation for
current Clipper/Capstone/Tessera/Digital Telephony schemes.)

> Blacknet could remove most of this risk.  With near-perfect anonymity
> and digital cash, a tidy side income could be created for anyone with access
> to classified information.  There would be no need for risky physical
>meetings.
> The money could be spent on a few nice extras to make life more comfortable,
> without fear of it being traced.

Yep! That's the beauty of it all. "Classified classifieds," so to
speak. "No More Secrets." At least, no more secrets that you don't
keep yourself! (A subtle point: crypto-anarchy doesn't mean a "no
secrets" society; it means a society in which individuals must protect
their own secrets and not count on governments or corporations to do
it for them. It also means "public secrets," like troop movements and
Stealth production plans, or the tricks of implaniting wafers, will
not remain secret for long.)

> How many people would succumb to such temptation?  People do undergo security
> checks, and presumably those who pass are mostly honest.  But they are human,
> and money is a powerful motivator.  Especially if the person figures that if
> he doesn't sell the info someone else will, the temptation will be all the
> stronger.

Yes. All of this is true.

> There are possible countermeasures: frequent lie-detector tests (as in Snow
> Crash); "fingerprinting" documents so everybody has a slightly different
> copy, allowing sting operations to identify the culprits; perhaps even
> swamping the legitimate offers of cash with bogus ones (a denial-of-service
> attack, in effect).  But none of these are really likely to solve the
> problem.

We went around several times on the Extropians list (which I am no
longer on, by the way--for unrelated reasons), especially with regard
to what most folks consider an even more disturbing use of
BlackNet-type services: liquid markets for killings and extortion. Pun
intended. Buyers and sellers of "hits" can get in contact anonymously,
place money (digicash) in escrow with "reputable escrow services"
("Ace's Anonymous Escrow--You slay 'em, we pay 'em"), and the usual
methods of stopping such hits fail.

(The Mob rarely is stopped, as they use their own hitters, usually
brought if from distant cities for just the one job. And reputations
are paramount. Amateurs usually are caught because they get in contact
with potential hitters by "asking around" in bars and the
like...and somebody calls the cops and the FBI then stings 'em.
Anonymous markets, digital cash, escrow services, and reputation
services all change the equation dramatically. If the hit is made, the
money get transferred. If the hit is not made, no money is
transferred. In any case, the purchaser of the hit is fairly safe.
Implication of the purchaser can still happen, but by means other than
the usual approach of setting up a sting.)

> This is probably the issue which has the government really scared, the
> issue which turned Barlow's government friends against free encryption, as
> he describes in his Wired article ("if you knew what I know, you'd oppose
> it too").  The NSA in particular has for a long time been wildly paranoid

Yes, if I could think all this stuff up in 1987-8, so can a lot of
others. It was clear to me, at the Crypo Conference in 1988, that
David Chaum had thought of these uses and was deliberately navigating
around them in his scenarios for digicash. He just raised his eyebrows
and nodded when I discussed a few of the less fearsome applications.

...
> its own secrets than discovering others'.  I could see any technology which
> would facilitate sellouts by their people to be considered a mortal threat,
> something to be fought by any means.  And I imagine that the rest of the
> military intelligence community would feel the same way.

To the governments of the world, facing these and other threats to
their continued ways of doing business (notice that I didn't say "to
their continued existence"), the existence of strong encryption in the
hands of the population is indeed a mortal threat.

They'll cite the "unpopular" uses: kiddie porn nets, espionage,
selling of trade secrets (especially to "foreigners"), the bootlegging
of copyrighted material, "digital fences" for stolen information,
liquid markets in liquidations, and on and on. They won't mention a
basic principle of western civilization: that just because _some_
people mis-use a technology that is no reason to bar others.

Just because some people mis-use camcorders to film naked children is
no reason to ban cameras, camcorders, and VCRs. Just because some
folks mis-use free speech is no reason to ban free speech. And just
because some will mis-use encryption--in the eyes of government--is
not a good reason to ban encryption.

In any case, it's too late. The genie's nearly completely out of the
bottle. National borders are just speed bumps on the information
highway.

The things I've had in my .sig for the past couple of years are coming.


--Tim May

--
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From rcgraves at ix.netcom.com  Wed Nov  6 14:34:29 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Wed, 6 Nov 1996 14:34:29 -0800 (PST)
Subject: Cypherpunk Inquest?
Message-ID: <199611062232.RAA16407@spirit.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Yeah, I got it too as <2.2.32.19961104184908.00715ebc at popmail.mcs.net>. 
If I answer it, I'll Cc the list, but I figure he can read what I write 
here as easily as anyone.

Anyone who'd send this same text to both me and John Young hasn't been 
lurking very closely.

- -rich

John Young wrote:
> 
> Return-Path: lzkoch at mcs.net
> X-Sender: lzkoch at popmail.mcs.net
> Date: Mon, 04 Nov 1996 12:28:29 -0600
> To: jya at pipeline.com
> From: Lewis Koch <lzkoch at mcs.net>
> Subject: Regarding a story for Upside Magazine
> 
> John Young:
> 
> This is an identical letter to a limited number of contributors to
> Cypherpunks regarding an article I will be writing for Upside Magazine
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMoER5yoZzwIn1bdtAQHXwwGA4FjBcDK1RSWC727Wk/nJM+ztn2/DEwbp
3gRhlPtUTfZ8oXMORvwjL4NEikb+iYfn
=KmTb
-----END PGP SIGNATURE-----





From CHALAKKI at worldnet.att.net  Wed Nov  6 14:38:57 1996
From: CHALAKKI at worldnet.att.net (CHALAKKI at worldnet.att.net)
Date: Wed, 6 Nov 1996 14:38:57 -0800 (PST)
Subject: Cypherpunk mailing list
Message-ID: <19961106223742.AAH21546@IRON>


Please put me on your mailing list






From declan at well.com  Wed Nov  6 15:31:19 1996
From: declan at well.com (Declan McCullagh)
Date: Wed, 6 Nov 1996 15:31:19 -0800 (PST)
Subject: Net Results: elections and the Internet, from The Netly News
Message-ID: <Pine.GSO.3.95.961106152941.6640D-100000@well.com>



---------- Forwarded message ----------
Date: Wed, 6 Nov 1996 15:28:57 -0800 (PST)
From: Declan McCullagh <declan at well.com>
To: fight-censorship at vorlon.mit.edu
Subject: Net Results: elections and the Internet, from The Netly News

[I recommend that you visit The Netly News to read the article with the
links -- I wrote it with a web audience in mind. --Declan]

---

The Netly News
November 6, 1996
http://netlynews.com/

Net Results
By Declan McCullagh (declan at well.com)
   
        Nineteen ninety-six was to have been the Year of the Netizen.
   Bob Dole this spring endorsed strong crypto, making it a likely
   campaign issue. The Communications Decency Act was accelerating
   toward the Supreme Court. Every political candidate sported a web
   page. The First Cat and the Dole Dog were online. Electronic mailing
   lists such as Netizens-l were springing up as symbols of netizens'
   hope to start wielding power over the body politic.
   
        It didn't happen. Yesterday's election largely preserves the
   status quo: a Clinton White House and a Republican Congress. Matters
   important to netizens never became campaign issues. Sure, Bill
   Clinton may have pledged to wire all schools to the Net, but election
   year rhetoric is cheap and realizing his plan will be expensive.
   Dole's stammering announcement of his web site's address demonstrated
   only his lack of a cyber-clue.
   
        Yet with the election, the political terrain has shifted subtly.
   Sen. Jim Exon (D-Neb.), architect of the CDA, has retired. The
   leadership of the powerful Senate Commerce, Science, and
   Transportation Committee will change. Attorney General Janet Reno,
   who has attacked the Net repeatedly, may step down or be replaced.
   Even with a slimmer majority, Republicans in the House likely will
   continue to resist hasty "anti-terrorist" measures and remain unlikely
   champions of online liberties. Some civil libertarians hope that
   Clinton will emerge as a statesman who for the first time does not fear
   defeat at the hands of voters. 

   CYBER-RIGHTS DARLING RICK WHITE WINS REELECTION: Fighting against
   Internet regulation may keep the campaign checks from Bill Gates
   coming, but Washington State voters would rather talk about the
   environment. Still, cyber-rights champion and Newt Gingrich fan Rep.
   Rick White (R-Washington) narrowly won his first re-election bid
   yesterday. It's bad news for the environment and good news for
   netizens. As a sophomore rep, White will be in a better position to
   shepherd pro-cyberspace legislation through the House next year.

   LEADERSHIP OF SENATE COMMERCE COMMITTEE CHANGES: Larry Pressler
   (R-South Dakota) ended an 18-year Senate career yesterday when he lost
   to challenger Tim Johnson, a House Democrat. Now the chairmanship of
   the powerful Senate Commerce, Science, and Transportation Committee --
   which handles telecommunications and Internet bills -- is in flux,
   with Arizona's John McCain the likely successor. "McCain is an unknown
   quantity. He voted for the CDA and supported crypto without being out
   in front on it," says Jonah Seiger from the Center for Democracy and
   Technology.
   
   SENATOR JOHN KERRY, TECHNO-FRIENDLY WOLF IN SHEEP'S CLOTHING:
   Although we may not agree with all of Massachusetts incumbent Sen.
   Kerry's positions on Net freedom, he at least recognizes Netizens as
   an important constituency. His vote in favor of the CDA seemed a
   strike against Netizens until he vociferously modified it to say that
   such matters should be handled by parents rather than the law. Kerry
   was the only Senator to answer the Voters Telecommunications Watch
   Pledge, a political platform for the technological public, and now
   that he's been reelected we should remind him of just what that pledge
   means. As a senator representing high-tech firms and sitting on the
   Commerce and Intelligence committees, Kerry is well-positioned to back
   up his email with his votes.
   
   ONLINE COPYRIGHT BILL LOSES CHAMPIONS: Free speech on the Net may
   get a reprieve in the next Congress, thanks to the retirement of Reps.
   Carlos Moorhead (R-California) and Patricia Schroeder (D-Colorado).
   The duo championed the heinous NII Copyright Protection Act of 1995,
   which would hold Internet providers financially liable for the actions
   of their users and make browsing the Net without a license from
   copyright holders against the law. With librarians, PTA groups, and
   teachers arguing against it, the legislation died in committee this
   summer.
   
   IN THE WHITE HOUSE AND FCC NEXT YEAR: Brace yourself for more steamy
   Net-rhetoric from Al Gore, who will take a more prominent role as
   administration spokesperson on technology and telecom issues as he
   prepares for a presidential bid in 2000. Inside the White House,
   failed health care czar Ira Magaziner has turned his attention towards
   online commerce. Sensing a possible growth opportunity, the FCC has
   started to take an interest in Internet regulation -- and Clinton now
   will appoint a commissioner to fill a vacancy at the FCC. With
   Naderites like Jamie Love calling for FCC regulation of spam,
   bureaucratic meddling seems near-inevitable.

###







From accessnt at ozemail.com.au  Wed Nov  6 15:32:10 1996
From: accessnt at ozemail.com.au (Mark Neely)
Date: Wed, 6 Nov 1996 15:32:10 -0800 (PST)
Subject: black high heal shoes?
Message-ID: <3.0b36.32.19961107084309.006c75a0@ozemail.com.au>


Mark,

>I had yet another strange dream recently:

You gotta stop eating those pepperoni pizzas just before bed time!

:)

Regards,

Mark
Mark Neely - accessnt at ozemail.com.au
Lawyer, Internet Consultant, Professional Cynic & Author





From ravage at ssz.com  Wed Nov  6 15:33:20 1996
From: ravage at ssz.com (Jim Choate)
Date: Wed, 6 Nov 1996 15:33:20 -0800 (PST)
Subject: update.294 (fwd)
Message-ID: <199611062335.RAA09933@einstein>


Forwarded message:
>From physnews at aip.org Wed Nov  6 15:22:21 1996
Date: Wed, 6 Nov 96 10:14:13 EST
From: physnews at aip.org (AIP listserver)
Message-Id: <9611061514.AA06755 at aip.org>
To: physnews-mailing at aip.org
Subject: update.294


PHYSICS NEWS UPDATE                         
The American Institute of Physics Bulletin of Physics News
Number 294  November 6, 1996    by Phillip F. Schewe and Ben
Stein

NANOSCALE ABACUS.  Scientists at IBM Zurich have used a
scanning tunneling microscope (STM) probe to reposition C-60
molecules on a copper substrate, making in effect the first room-
temperature device capable of storing and manipulating numbers
at the single molecule level.  The buckyballs (which are big,
sturdy molecules) act as the counters of a tiny abacus in which
low (indeed mono-atomic) terraces in the copper surface
constrain the buckyballs to move accurately in a straight line.
(The abacus is perhaps the first human calculating device, and the
Greek word means "sand on a board.")  IBM researcher James
Gimzewski (gim at zurich.ibm.com) admits that his device is
slow: "The tool we use (the STM probe) is the equivalent of
operating a normal abacus with the Eiffel Tower."  But things
should improve in coming years; with this new advance,
hundreds of buckyball ranks could fit neatly inside the same
linewidth that characterizes features on a Pentium processor chip. 
As for speed, engineers expect to fabricate arrays of hundreds
and even thousands of STM probes for simultaneously imaging
(and repositioning) many atoms and molecules.  (M.T. Cuberes
et al., to appear in the 11 November issue of Applied Physics
Letters; an associated figure can be obtained on the Web at
http://www.aip.org/physnews/graphics)

THE SHORTEST X-RAY PULSES yet produced have been
made at LBL by shooting 100-femtosecond bursts of infrared
laser light at right angles into a beam of electrons.  Some of the
photons are converted into x rays by scattering (through 90
degrees) into the same direction as the electrons.  The resultant
x-ray bursts are themselves short---about 300 fsec---and potent,
with an energy of 30 keV (or, equivalently, a wavelength of 0.4
angstroms).  By narrowing the electron beam further (currently it
is a mere 90 microns wide), even sharper x-ray pulses (50 fsec)
are in the offing.  Theses pulses are ideal probes---their small
wavelength permits studies of atomic structure with high
resolution.  Meanwhile their short duration make them an
excellent strobe light for glimpsing ultrafast phenomena. For
example, the LBL researchers are using the x-ray pulses to study
the melting of silicon.  (R.W. Schoenlein et al., Science, 11
October 1996.)

PHOTONIC CRYSTALS NOW OPERATE IN THE NEAR
INFRARED.  These structures are to optics what semiconductors
are to electronics: they allow the passage of light at some
wavelengths but exclude light in certain other energy ranges (also
called photon bandgaps).  Since the first photonic crystals
(operating at microwave wavelengths) were developed several
years ago, researchers have attempted to move toward the visible,
where potential technological applications beckon.  Scientists at
the University of Glasgow and the University of Durham have
now constructed a tiny wafer riddled with 100-micron holes
which exhibits the lowest-wavelength photonic bandgap yet: 800-
900 nm.  (Thomas F. Krauss et al., Nature, 24 October 1996.)

CORRECTION: Harold Kroto (not Croto) is the correct spelling
for the chemistry Nobelist (Update 291).






From ses at tipper.oit.unc.edu  Wed Nov  6 15:43:48 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Wed, 6 Nov 1996 15:43:48 -0800 (PST)
Subject: HAPPY GUY FAWKES DAY!
In-Reply-To: <Pine.SUN.3.91.961105123056.18719A-100000@crl.crl.com>
Message-ID: <Pine.SUN.3.91.961106180519.8919A-100000@tipper.oit.unc.edu>


On Tue, 5 Nov 1996, Sandy Sandfort wrote:

> 
> The English celebrate it because Guy Fawkes failed.
> 

Not just the English- it was James 1 that nearly exploded. Also 
the plot was performed for sectarian reasons, rather than any sort 
of liberal ideals (The conspirators were all Catholic).Originally
Bonfire Night was celebrated as a way of spreading and reinforcing
anti-catholicism. Those Whacky Christians!

Simon // It's not the rapture - we've sold you as meat to the Saucer People





From ponder at freenet.tlh.fl.us  Wed Nov  6 15:50:13 1996
From: ponder at freenet.tlh.fl.us (P. J. Ponder)
Date: Wed, 6 Nov 1996 15:50:13 -0800 (PST)
Subject: Information
In-Reply-To: <19961105.131710.5207.1.kb4vwa@juno.com>
Message-ID: <Pine.OSF.3.91.961106181407.23406I-100000@fn3.freenet.tlh.fl.us>




On Tue, 5 Nov 1996, Edward R. Figueroa wrote:

> I'm a new Cyberpunk!   
> 
> I apologized if this is not the place to post this message request.
> 
> I have some interesting projects and questions for the Cyberpunk world.
> 
> I would like to know if there is any Cyberpunks in S. Florida (Miami) who
> could converse with me about Crypto?   I am very interested in making new
> Cyberpunk friends, meeting places,  etc.., or please send me E-mail.
> 
> I would like to know where to place my Public Key?   Note, I only have
> E-mail access at this time, and not the Net access, but could have a
> friend place the key for me.
> 
> Last,  I would like to know once and for all,  is PGP compromised,  is
> there a back door, and have we been fooled by NSA to believe it's
> secure?

As far as anyone knows that has publicly commented on it, PGP is presumed 
to be secure against known attacks.  By making the source code available, 
and basing the encryption on published methods - RSA and IDEA, PGP has 
been reviewed extensively by the world's experts on crypto, and those 
experts that publish their results have said there is no known easy way 
to crack it.  There are, of course, many experts who do not publish their 
results - for instance, cryptographers who work for intelligence 
gathering agencies.  What they have found out about RSA and IDEA the rest 
of us don't know.  There are efforts underway to prove mathematically how 
hard it is to break the sort of encryption that PGP is based on.

One thing to remember with PGP is that you must very carefully choose 
your pass phrase and keep it a secret.  If your pass phrase is easy to 
guess, then PGP won't offer you any real security.  Choose a long one, 
that is not composed of words likely to be found in dictionaries or 
published books, and memorize it.

Go to the library and get this book:

 _PGP: Pretty Good Privacy_,
by Simson Garfinkel, 
O'Reilly and Associates, Publishers
1995
ISBN 1-56592-098-8

If the library doesn't have it, ask the librarian to get for you by 
'Inter-Library Loan'.  If you still can't get it, try the library at one 
of the branch campuses of Miami-Dade Community College (MDCC) or Florida 
International University (FIU) on Tamiami Trail.  They should be able to 
help.

This is from the key server at MIT 
http://www-swiss.ai.mit.edu/~bal/pks-toplev.html 
and explains the process for dealing with PGP key servers if all you have 
is e-mail access:

---<begin quoted material>---

PGP Public Email Keyservers
---------------------------

There are PGP public email key servers which allow one to exchange public
keys running using the Internet and UUCP mail systems.
Those capable of accessing the WWW might prefer to use the WWW interface
available via http://www.pgp.net/pgp/www-key.html and managers of sites
which may want to make frequent lookups may care to copy the full keyring
from the FTP server at ftp.pgp.net:pub/pgp/

This service exists only to help transfer keys between PGP users.
It does NOT attempt to guarantee that a key is a valid key;
use the signatures on a key for that kind of security.

Each keyserver processes requests in the form of mail messages.
The commands for the server are entered on the Subject: line.
---------------------------------------------- ======== -----
Note that they should NOT be included in the body of the message.
--------------------- === ---------------------------------------

        To: pgp-public-keys at keys.pgp.net
        From: johndoe at some.site.edu
        Subject: help

Sending your key to ONE server is enough.  After it processes your
key, it will forward your add request to other servers automagically.

For example, to add your key to the keyserver, or to update your key if it
is already there, send a message similar to the following to any server:

        To: pgp-public-keys at keys.pgp.net
        From: johndoe at some.site.edu
        Subject: add

        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: 2.6

        
        -----END PGP PUBLIC KEY BLOCK-----

COMPROMISED KEYS:  Create a Key Revocation Certificate (read the PGP
docs on how to do that) and mail your key to the server once again,
with the ADD command.

Valid commands are:

Command                Message body contains
---------------------- -------------------------------------------------
ADD                    Your PGP public key (key to add is body of msg)
INDEX                  List all PGP keys the server knows about (-kv)
VERBOSE INDEX          List all PGP keys, verbose format (-kvv)
GET                    Get the whole public key ring (split)
GET userid             Get just that one key
MGET regexp            Get all keys which match /regexp/
                       regexp must be at least two characters long
LAST days              Get the keys updated in the last `days' days
------------------------------------------------------------------------

---<end of quoted material>---

--
pj

> 
> Ed - 
> 
> kb4vwa at juno.com
> 





From jmr at shopmiami.com  Wed Nov  6 16:06:27 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Wed, 6 Nov 1996 16:06:27 -0800 (PST)
Subject: UNSUBCRIBE CENSORSHIP
Message-ID: <199611070005.TAA36772@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: sintong at medan.wasantara.net.id, cypherpunks at toad.com,
 dlv at bwalk.dm.com
Date: Thu Nov 07 07:04:45 1996
That's it.

"UNSUBSCRIBE MISSPELLINGS!"
JMR   ^


Please note new 2000bit PGPkey & new address <jmr at shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMoHQYzUhsGSn1j2pAQFylwfPT9bjSQBmF6SOpudeb2Zp8sg4peUrlfKw
Oj/JvwqwbbUHMovzu/NQl4JP1VzPbJRejNFxtNwSasIYV2ouO3YZqR8y+MhEsGU2
eYuhGoWCplSgtmUI+bloe9EX88L+qKkLLRxZUVeNG8WGsW/lM/gioZRTMGh9cGwc
zOtqEiw/DVZzryoEB1aFh/aCfcYR1sJwF/sATt62Tgn7R8Hk/OCXT8Ot4P7GXaeM
2AK4N4P9IPt4kQz/F8VVgsodEydpwSw51TB+npmkrSlIasq2Yw9K/gAhnlkd2DyH
64UFri7oH6kGRoVbn7XCTY3dGp6fRm2NGQ5okn5Rvds8ZA==
=jjAl
-----END PGP SIGNATURE-----






From paratama at idola.net.id  Wed Nov  6 16:30:15 1996
From: paratama at idola.net.id (paratama at idola.net.id)
Date: Wed, 6 Nov 1996 16:30:15 -0800 (PST)
Subject: UNSUBCRIBE
Message-ID: <9611070033.AA11809@merak.idola.net.id>


UNSUBCRIBE






From maldrich at grci.com  Wed Nov  6 16:37:27 1996
From: maldrich at grci.com (Mark O. Aldrich)
Date: Wed, 6 Nov 1996 16:37:27 -0800 (PST)
Subject: [NOISE] Re: Vulis profile
In-Reply-To: <199611061506.HAA17824@abraham.cs.berkeley.edu>
Message-ID: <Pine.SCO.3.93.961106191634.23586E-100000@grctechs.va.grci.com>


On Wed, 6 Nov 1996, John Anonymous MacDonald wrote:

> I had some free time this morning, and just for fun, thought I'd 
> create a brief Net profile of our friend Dr. Vulis.  Here's what 
> I found (sources included):
<snip>
> Number of articles posted to individual newsgroups (slightly 
> skewed by cross-postings): 
<snip>
>           4 alt.sex.plushies 
<snip>


You gotta be kidding me.

People, let's just not even get this started - everyone, close your eyes,
take a few deep breathes, and repeat, "I'm not going to touch this - I'm
not going to touch this - I'm not going to touch this." 

There are, sometimes, some places that you just don't want to go,
ya know?

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich at grci.com       |
|What I paid                              | MAldrich at dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------








From SAlanEd at concentric.net  Wed Nov  6 16:57:24 1996
From: SAlanEd at concentric.net (Steve Edwards)
Date: Wed, 6 Nov 1996 16:57:24 -0800 (PST)
Subject: Censorship on cypherpunks
Message-ID: <1.5.4.32.19961107005911.006d4348@pop3.concentric.net>


At 06:54 PM 11/3/96 -0500, you wrote:
>  Except it's not very effective, is it, since he's still
>posting flames?  In any case, it's an admission on John
>Gilmore's part that libertarianism can't work without some
>measure of authoritarianism; the only argument is over _just how
>much_ authoritarianism we need.
>  
>  I'm quite upset about this.  Up to now I was able to tell
>people that "there is at least one mailing list on the net that
>functions in a completely open manner".  No more.
>
>
>Will French  <wfrench at interport.net>

What has it got to do with libertarianism?  John Gilmore is not the
government, he just runs the list.  If we don't like what he does, we can
start a new list. I'm not sure that it was a good idea to remove Vulis, but
I don't believe that this single act reflects on any theory of governance. 

>
>
 

SAlanEd at concentric.net, SAlanEd at aol.com,
http://users.aol.com/salaned/cyberplace.html

"Life, he himself said once, (his biografiend, in fact, kills him verysoon,
if yet not, after) is a wake, livit or krikit, and on the bunk of our
breadwinning, lies the cropse of our seedfather..."






From rah at shipwright.com  Wed Nov  6 17:14:31 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 6 Nov 1996 17:14:31 -0800 (PST)
Subject: Cypherpunk Inquest?
In-Reply-To: <199611062232.RAA16407@spirit.hks.net>
Message-ID: <v03007807aea6e3e9479e@[206.119.69.46]>


At 5:32 pm -0500 11/6/96, Rich Graves wrote:

>Anyone who'd send this same text to both me and John Young hasn't been
>lurking very closely.

There's an echo in the room...

;-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From unicorn at schloss.li  Wed Nov  6 17:20:03 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 6 Nov 1996 17:20:03 -0800 (PST)
Subject: list noise: a novel suggestion
In-Reply-To: <199611060322.TAA14388@netcom7.netcom.com>
Message-ID: <Pine.SUN.3.94.961106201803.640A-100000@polaris>


On Tue, 5 Nov 1996, Vladimir Z. Nuri wrote:

> I read rants about the list noise on this list so much
> that it seems quite comical. it seems that everything
> else has been tried, I thought I would suggest something
> radically different.
> 
> I propose that no one talk about the noise on the list,
> on the list. pretend it doesn't exist. consider it
> like the weather: something that complaining about can do
> nothing about.

Who would reply to your messages?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From jya at pipeline.com  Wed Nov  6 17:21:14 1996
From: jya at pipeline.com (John Young)
Date: Wed, 6 Nov 1996 17:21:14 -0800 (PST)
Subject: ANO_mal
Message-ID: <1.5.4.32.19961107011948.006de8fc@pop.pipeline.com>


   11-6-96. FiTi:

   "Anomalies across international borders"

   "I think there is a feeling that the UK's long history 
   of success in code-cracking makes the security services 
   confident about being able to break through any encryption
   scheme -- or use criminal law to enforce surrender of the
   key," Neil Barrett says. In his recent book, "The 
   State of the Cybernation", he examines cross-border
   encryption issues in greater detail.

   -----

   http://jya.com/anomal.txt

   ANO_mal










From linefeed at juno.com  Wed Nov  6 18:08:27 1996
From: linefeed at juno.com (Leon W Samson)
Date: Wed, 6 Nov 1996 18:08:27 -0800 (PST)
Subject: Censorship in Western Australia
In-Reply-To: <Pine.SUN.3.91.961106044839.16537A-100000@eff.org>
Message-ID: <19961105.173739.9702.0.LineFeed@juno.com>


FUCK YOU ALL I WANT OFF OF THID MAILING LIS IT FUCKING SUCKS ALL IT DOES
IS FILL MY HDD WITH  JUNK MAIL DO YOU THINK I WANT THAT SHIT NO! I
DONT!!!!!!.....ALL YOU OF YOU ARE COOL BUT THIS THING SUCKS........SEE YA
COOL D00DS

				LineFeed


Leon Samson
A .K .A :  LineFeed
|-|��� �f ����T�H�쩧 F� Th� UHA
��N�f���'� p���T�|-|��x &  hĢk��G ��g�: 
http://www.geocities.com/CapeCanaveral/2015
LineFeed at juno.com                 LineFeed at geocities.com






From ichudov at algebra.com  Wed Nov  6 18:15:25 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Wed, 6 Nov 1996 18:15:25 -0800 (PST)
Subject: [MEDPOT] MedPot foundation scores important victory
Message-ID: <199611070212.UAA03568@manifold.algebra.com>


http://www.cnn.com/US/9611/06/medical.marijuana/index.html

Marijuana proponents relish victory

               California attorney
               general predicts
               legal anarchy

               November 6, 1996
               Web posted at: 6:00 p.m. EST 

               From Correspondent Rusty
               Dornin 

               SAN FRANCISCO (CNN)
               -- Medical marijuana proponents celebrated their
               victory in Tuesday's elections with a ceremonial
               smoke. 

               "It's the will of the people," said Dennis Peron, an
               advocate for medical marijuana. "It is a mandate. It's
               about love and compassion about doing something
               that's concrete to help people who are sick and dying."

                                With the passage of the
                                proposition, people who are
                                sick and dying in California
                                and Arizona can smoke pot
                                legally if recommended by a
                                physician. While the two
                                states may say it's legal,
                                federal law still says 'no way'. 

               California's attorney general predicted the law change
               will lead to legal anarchy. "This thing is disastrous,"
               said Dan Lungren. "We're going to have an
               unprecedented mess." 

               Anyone suffering from AIDS and cancer to chronic
               pain and migraine headaches would be free to smoke
               pot under the new laws. 

               No written prescriptions are required. The passage of
               the proposition also means it's legal to grow pot for
               medicinal use. 

               That's exactly what worries
               Lungren. "We're going to have
               a hell of a time limiting
               marijuana use among young
               people in California at the very
               time that marijuana use is
               skyrocketing around the
               country," he said. 

               Medical pot proponents are setting their sights on the
               rest of the country, launching a national campaign,
               "Americans for medical rights," to focus on marijuana
               legislation in other states and on the federal level. 

               The news laws are expected to face court challenges in
               California. In any event, top nation drug enforcers said
               they will continue to enforce federal drug laws,
               including federal marijuana statutes. 

	- Igor.





From mixmaster at aldebaran.armory.com  Wed Nov  6 19:13:32 1996
From: mixmaster at aldebaran.armory.com (The Black Knight)
Date: Wed, 6 Nov 1996 19:13:32 -0800 (PST)
Subject: Mixmaster Test
Message-ID: <9611061913.aa08554@aldebaran.armory.com>


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer





From haystack at cow.net  Wed Nov  6 19:17:09 1996
From: haystack at cow.net (Bovine Remailer)
Date: Wed, 6 Nov 1996 19:17:09 -0800 (PST)
Subject: Mixmaster Test
Message-ID: <9611070305.AA17841@cow.net>


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer





From ravage at EINSTEIN.ssz.com  Wed Nov  6 19:24:40 1996
From: ravage at EINSTEIN.ssz.com (Jim Choate)
Date: Wed, 6 Nov 1996 19:24:40 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT] (fwd)
Message-ID: <199611070327.VAA10208@einstein>



Hi all,

There is one important legal aspect which the operator of the Cypherpunks
mailing list has opened themselves up for with this action. In short they
have now opened themselves up for defamation and liable suites by imposing
an editorial policy on the contents of this list (1).

This opens up the potential, for example, for Tim May to sue the operator of
the Cypherpunks mailing list now for posts from users (even anonymous ones)
which defame or otherwise liable his character, reputation, or ability to
pursue income in his chosen field. In short the operators of the list
becomes publishers and distributors of the material. It is the legal
difference between a bookstore and a book publisher. 

Censorship is censorship, irrespective of the source of the limitation.
Free expression is impossible in an environment of censorship. The right to
speak not only implies a right to not speak, it also implies the right to
emit complete mumbo jumbo. The actual content of the speech is irrelevant.

The Constitution guarantees freedom of speech and press. This does not imply
in any way an abrogation of responsibility by the party speaking or
distributing it. Only that they would not have limitations on their actions
imposed by the federal government.

				ARTICLE I. 
 
	Congress shall make no law respecting an establishment of religion, 
or prohibiting the free exercise thereof; or abridging the freedom of 
speech, or of the press; or the right of the people peaceably to assemble, 
and to petition the Government for a redress of grievances. 

And just to make shure it is clear, the right to put something on the paper
(ie speech) is distinctly different from being the one doing the actual
printing.

I have argued in the past that this list is a defacto public list because of
the way it is advertised and to the extent it is advertised. All the protests
by the operator to the contrary will not convince a court.

Hope you folks have a good lawyer.

(1)  ;login:, Oct. 1996, V21N5, pp. 27


                                                    Jim Choate






From ravage at ssz.com  Wed Nov  6 19:28:51 1996
From: ravage at ssz.com (Jim Choate)
Date: Wed, 6 Nov 1996 19:28:51 -0800 (PST)
Subject: Vulis profile (fwd)
Message-ID: <199611070331.VAA10216@einstein>



Forwarded message:

> Date: Wed, 6 Nov 1996 05:57:54 +0100 (MET)
> Subject: Vulis profile
> From: nobody at replay.com (Anonymous)
> 
> He harasses people all over the net with the most offensive sorts 
> of messages, and uses dirty tricks to retaliate to the people who 
> do get offended. Among his accomplished feats is a series of 
> articles about cat-eating dogs posted to rec.pets.cats (which 
> caused a wave of complaints and made him lost his CUNY account) ; 
> a series of porno binaries with obscene comments about his 
> opponents posted to math-related newsgroups (he lost another 
> academic account, at fordham.edu, after this scandal); and a 
> series of racist articles denigrating all aspects of romanian 
> life and culture which used to haunt the romanian newsgroup for 
> years. 

Well it is nice to know that part of the system is working anyway....

                                           Jim Choate






From markm at voicenet.com  Wed Nov  6 19:58:47 1996
From: markm at voicenet.com (Mark M.)
Date: Wed, 6 Nov 1996 19:58:47 -0800 (PST)
Subject: Blocking addresses by default
Message-ID: <Pine.LNX.3.95.961106234039.941A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

With remailer abuse becoming more popular and remailers going down because of
complaints, there seems to be some interest in remailer software that will
block all email by default and will only pass along email that is explicitly
unblocked.  This way, someone won't receive harassing anonymous email unless
they ask to receive anonymous email.  This would also allow remailers to only
pass along mail that is destined for another remailer.  Looking at the source
code for the various remailers, this doesn't seem to be too difficult.

In the Freedom and Mixmaster remailer programs, there is a function which
determines whether an address is in the block list or not.  Both of these
functions use strstr() to search for the address in each line of the block
list.  In both programs, the strstr() call is within an if statement, so
changing the strstr() to !strstr() should invert the return value for the
blocking function.  I haven't tried this out yet, so there may be some problem
I overlooked.

The Ghio Type I program doesn't require any modification at all.  If my
understanding of the way the dest.block file is processed is correct, a file
such as the following should do the trick:

#dest.block file
*
!address1
!address2
...

All the addresses following the "!" are addresses that anonymous mail can be
delivered to.

Has anyone else managed to implement something similar to this?

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoFtASzIPc7jvyFpAQFN/wgApJOSQpqZylOlfE0SH5HYGxT4hOa41glC
Ce2V67f8KzHOn4iZpS2E+ytOGpetdJ0A+7eZ3DQx/TGrpbOzWihKWMLT1uEWA+En
BxpnRdfJ2lCeW5fYsVhb2alkG1DeSbBSxz53NhzsrlkA+S30joUhV2K3TC0Yc5Zh
eFC2zh72cm0W6uiORCyB7dIRDfQMP9F1Vpa0/fZk7RapDoqmnuS+NxBXqE7TgLMG
KlF+7rWjhFsG1eokdbyAPPiuQdo1HLsxLumonyv6mlzVifsU6p2aFTMH0r5tq9tp
axD66L1D07XwdUFR1zNjifNzeDU+zDq9jrBx+4K/6qPeJoF0XzY4Mg==
=NMs7
-----END PGP SIGNATURE-----






From AwakenToMe at aol.com  Wed Nov  6 19:59:08 1996
From: AwakenToMe at aol.com (AwakenToMe at aol.com)
Date: Wed, 6 Nov 1996 19:59:08 -0800 (PST)
Subject: Is there a Win PGP?
Message-ID: <961106225738_1182039548@emout03.mail.aol.com>


subject says it all.... Im just wondering is (and where) there is a windows
version of PGP.. thanks!






From stewarts at ix.netcom.com  Wed Nov  6 20:38:41 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Wed, 6 Nov 1996 20:38:41 -0800 (PST)
Subject: Bay area cypherpunks meeting - Special Guest
Message-ID: <1.5.4.32.19961107043626.003b2bec@popd.ix.netcom.com>


We will probably have a guest speaker from Intel at Saturday's meeting,
talking about:
>  Common Data Security Architecture (CDSA) a security infrastructure for 
>  managing crypto, certs, trust, etc.   Netscape chose 
>  CDSA about 2 weeks ago as the security infrastructure for Netscape 
>  communicator and suitespot servers. The press release can be found at 
>      http://www.netscape.com/newsref/pr/newsrelease268.html 




#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From deviant at pooh-corner.com  Wed Nov  6 20:48:28 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Wed, 6 Nov 1996 20:48:28 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007806aea68cf963af@[207.167.93.63]>
Message-ID: <Pine.LNX.3.94.961107043646.339A-100000@random.sp.org>


On Wed, 6 Nov 1996, Timothy C. May wrote:

> At 2:44 PM -0800 11/5/96, Sean Roach wrote:
> 
> >If I remember my history right, the order that math was done often depended
> >on the model of calculator it was done on.  I remember being warned as late
> >as 1991 how some calculators may still still add before they multiply, and
> >to use those parenthesis for good measure, just to be safe.
> 
> Well, it ain't _history_ only--it's also current. Some of us use RPN
> (Reverse Polish Notation) calculators exclusively. (Even my screen
> calculator I use on my Mac is an RPN one.)
> 

Yes, many calculators still have the add/multiply error also.  Most of the
newer generation (the one which I wish I didn't have to be a part of)
doesn't know what RPN is, much less how to use it.

A friend of mine found his father's RPN HP (don't know which model) from
college a week or two ago, and you'd never beleive how long it took me to
convince him that "RPN" really does stand for "Reverse Polish Notation".
As for slide rules, I think I'm the only person at my school who knows
what a slide rule _is_, much less how to use one ;)

 --Deviant
Insufficient facts always invite danger.
                -- Spock, "Space Seed", stardate 3141.9







From dthorn at gte.net  Wed Nov  6 21:14:49 1996
From: dthorn at gte.net (Dale Thorn)
Date: Wed, 6 Nov 1996 21:14:49 -0800 (PST)
Subject: [rant] Re: Censorship on cypherpunks
In-Reply-To: <3.0b36.32.19961106070051.00f0fd14@panix.com>
Message-ID: <32816F8E.6580@gte.net>


Duncan Frissell wrote:
> At 02:44 PM 11/5/96 -0800, Sean Roach wrote:
> >May I remind you that if you want to leave this country, all you have to do
> >is board a plane.  Many people have suggested similar things about various
> >groups for about two centuries.  The major difference between this list and
> >this government is that it is easier to start a new list.

> However since governments attempt to maintain a geographical monopoly and
> there are a very limited number of them, it is not possible to find another
> country you can enter as a matter of right so you may not be able to
> escape.  In contrast there are millions of private organizations of various
> sorts (corporations, etc) and it is trivial to find one to join if you like.

What both of these arguments (moreso the first) fail to mention is an individual's
investment in time and possibly a lot of money in various memberships, with expec-
tations that they will have the opportunity to develop and express themselves to
their utmost capability.  When I have a problem with some of the dirty things my
representatives in Washington DC do on my behalf, people say "like the U.S. or
leave it", etc., as though my father, his father, his father, etc. clear back to
the 1600's in the colonies here, wasted their blood on the battlefields defending
these assholes who like to say "you can just leave if you don't like it".

The squashing of people's dreams begins at birth with selfish and shortsighted parents,
and since that and other oppressions permeates our brains at every level, it's a wonder
that some people are as accomplished and expressive as they are.  This topic as it's
been handled so far by most of the subscribers is prima facie evidence that most of
the people in the industrialized countries are just good little suck-up fascists.






From nobody at cypherpunks.ca  Wed Nov  6 21:27:37 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 6 Nov 1996 21:27:37 -0800 (PST)
Subject: Mixmaster Test
Message-ID: <199611070509.VAA32474@abraham.cs.berkeley.edu>


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer






From mestimas at elang.idola.net.id  Wed Nov  6 21:40:22 1996
From: mestimas at elang.idola.net.id (Hendra Halim)
Date: Wed, 6 Nov 1996 21:40:22 -0800 (PST)
Subject: FW: Now we have it all
Message-ID: <9611070543.AA26834@merak.idola.net.id>


>X-Sender: tcmay at mail.got.net
>Date: Wed, 6 Nov 1996 10:04:52 -0800
>To: CYPHERPUNKS at toad.com
>From: "Timothy C. May" <tcmay at got.net>
>Subject: Re: FW: Now we have it all
>Sender: owner-cypherpunks at toad.com
>
>At 10:47 AM +0100 11/6/96, Butler, Scott wrote:
>>>
>>Abaddon wrote:
>>
>>>>susbscribe
>>
>>Surely we have seen it all now.
>>I find it hard to believe that a word like
>>suscribe....subsribe....subcribes..
>>SUBSCRIBE..is so difficult to spell correctly.
>>
>>:-)
>
>This is actually steganography. Various spellings of "subscribe" are being
>used to communicate a bit or two per message.
>
>Actually, the practice becomes a code, as in:
>
>"Suscrive if by sea, sudcribe if by land."
>
>
>--Klaus! von Future Prime
>
>
>Please unsubscribe me from your list
>
>
>Hendra






From mestimas at elang.idola.net.id  Wed Nov  6 21:41:47 1996
From: mestimas at elang.idola.net.id (Hendra Halim)
Date: Wed, 6 Nov 1996 21:41:47 -0800 (PST)
Subject: Cypherpunk mailing list
Message-ID: <9611070545.AA26140@merak.idola.net.id>


>From: CHALAKKI at worldnet.att.net
>X-Sender: CHALAKKI at postoffice.worldnet.att.net (Unverified)
>To: Cypherpunks at toad.com
>Subject: Cypherpunk mailing list
>Date: Wed, 6 Nov 1996 22:38:08 +0000
>Sender: owner-cypherpunks at toad.com
>
>Please put me on your mailing list
>
>
>Please unsubcribe me from your list



Hendra






From dthorn at gte.net  Wed Nov  6 21:47:14 1996
From: dthorn at gte.net (Dale Thorn)
Date: Wed, 6 Nov 1996 21:47:14 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961106091938.3111C-100000@crl.crl.com>
Message-ID: <32817717.4CA6@gte.net>


Sandy Sandfort wrote:
> On Tue, 5 Nov 1996, Dale Thorn wrote:
> > My computer and my access to cypherpunks is not inside of anyone's home.

> Dale is wrong.  All access to Cypherpunks is via toad.com which
> sits in John Gilmore's home.  (The basement office to be exact.)

Wrongo, Mr./Mrs. Argumentum ad Nauseam.
My computer is in fact in MY home, and my access is SOLELY through GTE.

> > Here, John has opened up whatever computer hardware for an
> > essentially public forum...that it is perceived by a very
> > large segment of the subscribers as public...

> And here John has chosen to limit said forum.  It is irrelevant
> how many subscribers perceive the list as public.  It is private.
> Their misperception is in no way binding on John.

Perception is everything.  And I never made a comment about "binding" anything.
Therefore, there is no misunderstanding.

> > Now, don't you think it odd that if people really perceived
> > this forum to be "really private", that they would so strongly
> > object to this ousting, particularly of the person in question,
> > who is not even liked by these objectors?

> a) "Against stupidity, the gods themselve, contend in vain."
>    Some folks just don't have a clue.  Just because they don't
>    understand the nature of John's contribution, does not stop
>    them from yammering.

And the people who agree with you are the only intelligent/clueful people on this list?
Your contention is acknowledged and rejected.

> b) There are those who do understand the private nature of the
>    list, but think that John has made a mistake.  They may
>    certainly try to convince him of the error of his ways without
>    assuming the list is public.

The only fact you've shown to demonstrate that it's private is that John can manage it
"anyway he wants", and/or shut it down at will.  Well, the owners of Denny's can shut
their places down whenever they want to too.  Matter of fact, the whole government can
resign tomorrow and tell you to do it yourself.  Imagine what would happen in the L.A.
metro area if the truck drivers who bring in food decided they didn't want to do so
next week....

> > You can argue until doomsday the "privacy of home" issue,...

> Since it is correct and unasailable, I believe I will.

[snore]

> > If you really agree with the ousting, I don't understand why
> > you're arguing so hard for the "private home" issue; would you
> > want to see a world someday where all Internet communications
> > are "controlled" by "private" individuals at "home"?

> Yes.  That's the way it is now, and I think it works very well.

Works for you.  Which is all you care about.






From dthorn at gte.net  Wed Nov  6 21:57:21 1996
From: dthorn at gte.net (Dale Thorn)
Date: Wed, 6 Nov 1996 21:57:21 -0800 (PST)
Subject: Information
In-Reply-To: <Pine.OSF.3.91.961106181407.23406I-100000@fn3.freenet.tlh.fl.us>
Message-ID: <328179E5.4C19@gte.net>


P. J. Ponder wrote:
> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
> > I'm a new Cyberpunk!
> > Last,  I would like to know once and for all,  is PGP compromised,  is
> > there a back door, and have we been fooled by NSA to believe it's secure?

> As far as anyone knows that has publicly commented on it, PGP is presumed
> to be secure against known attacks.  By making the source code available,
> and basing the encryption on published methods - RSA and IDEA, PGP has
> been reviewed extensively by the world's experts on crypto, and those
> experts that publish their results have said there is no known easy way
> to crack it.  There are, of course, many experts who do not publish their
> results - for instance, cryptographers who work for intelligence
> gathering agencies.  What they have found out about RSA and IDEA the rest
> of us don't know.  There are efforts underway to prove mathematically how
> hard it is to break the sort of encryption that PGP is based on.

[snippo]

Just to make it easy for you:  PGP will keep out your snoopy neighbors on the net, but
if you're betting it will lock out the government, you're probably peeing up the
proverbial rope.






From attila at primenet.com  Wed Nov  6 22:10:30 1996
From: attila at primenet.com (attila at primenet.com)
Date: Wed, 6 Nov 1996 22:10:30 -0800 (PST)
Subject: Group order for "Secret Power" ... (San Francisco Bay Area only)
In-Reply-To: <v03007800aea4b053298a@[207.167.93.63]>
Message-ID: <199611070610.XAA18229@infowest.com>


In <v03007800aea4b053298a@[207.167.93.63]>, on 11/05/96 
   at 12:53 AM, "Timothy C. May" <tcmay at got.net> said:

.At 1:14 PM -0800 11/4/96, Ernest Hua wrote:
.>I'm looking for 19 other people interested in "Secret Power" (Craig
.>Potton Publishers has indicated that there is a discount for 20 or
.>more copies).  If you are in the San Francisco Bay Area, please
.>contact me by phone or E-Mail.

.Just wondering...doesn't such a call for a group purchase of such a
.dangerous book constitute a RICO (Racketeer-Influenced and Crypto
.Organizations Act) violation?

.--Tim May

        I trust your RICO (Racketeer-Influenced and "Crypto" 
    Organizations Act) is tongue in cheek?   The original title was
    "Corrupt" not "Crypto," though I am sure our friendly 'rules for
    them and rules for us' racketeering influenced corrupt organization
    for a government could define it whatever it to suit their
    purpose....

        as to the suggestion/question --how would you contstruct the
    group purchase of a book to involve RICO?   "racketeering" is 
    defined as a criminal association whose purpose is to intimidate 
    others and to deny them theor pursuit of the American dream... 
    (over-simplified).

        maybe they could try "conspiracy" under Title 18 in general,
    maybe attached to "treason?"  -the ACLU would have a field day; and,
    I, for one, would sign up just to get charged with that in mind 
    --even fully understanding that only in the US can you be convicted 
    of the thought of "comspiring" to perform a criminal action.
 
        surprised I am not sent to jail every time I pass a luscious
    expression of feminity or 'hot potato.'  <g>

        although the book is not published here (probably from pressure
    applied by the spooks), the book is not _banned_ here which would be 
    rather difficult to get past the first federal judge, regardless of
    any Jamie Gorelock sniveling claims to national security needs and
    requirements or any of the usual drivel,

        I've seen and been there on stretching the meaning of the 
    charge, both more than one; I've seen feds lie on the stand 
    regarding Miranda and the fifth --and get away with it because their
    credibility is still supreme in the courts 

        the feds still to need some form of charge that is
    "understandable;" and, some compliance with a tame charge --even if
    false, or they expose themselves to the revelation of even more
    information, none of which they want on the table.  trying _us_ on 
    the allegations contained in the book would be a bonanza for us with
    the first evidentiary round!  what a feast!   --no way will the 
    funny farm open up on that one.

        Secondly, even if they charged us, they would be on the defense 
    to try and prove we were "treasonous"  --and they would be trotting 
    out lots of dirty laundrey for the judge, jury, and press (who 
    probably could not give a shit).

        any comment, Brian?
        any comment, Greg?
        any comment, Unicorn?
        any comment, Firssel?
 
--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.

--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.




--
one of the few things we all share: 
  the utter, corrosive contempt for our elected officials.

--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.







From dthorn at gte.net  Wed Nov  6 22:15:22 1996
From: dthorn at gte.net (Dale Thorn)
Date: Wed, 6 Nov 1996 22:15:22 -0800 (PST)
Subject: "censorship in cyberspace"???
In-Reply-To: <199611052329.PAA15991@netcom22.netcom.com>
Message-ID: <32817E21.2F7E@gte.net>


Vladimir Z. Nuri wrote:
> I don't understand why people rant so much about censorship
> in cyberspace, given the ease of buying a new tentacle.

[snip]

> p.s. one of these days I wonder if someone is going to mount
> a really concerted attack against a mailing list using a
> full tentacle arsenal instead of only a single email address
> or anonymous remailers, just for the kicks of it.
> the "automatic prose generator" technology out there leaves a lot
> of other interesting ideas. an ingenious software engineer
> with a flair for writing could create some pretty sophisticated
> grammars that automatically generate text yet are impossible
> to detect over perhaps even dozens of messages output by them.
> they could even have their own personalities and writing styles,
> if the software engineer were creative and devious enough.

[snip]

It was suggested that concerned people would want to band together and defend against
this sort of thing.  I say, since the govt. and media (same thing) use heaps of this
stuff against us, and have been doing so for years, why doesn't some of that energy
being coordinated for "cracking" DES be turned into the same kind of disinformation
weapon described above, and used against the oppressors of the people?






From attila at primenet.com  Wed Nov  6 22:16:33 1996
From: attila at primenet.com (attila at primenet.com)
Date: Wed, 6 Nov 1996 22:16:33 -0800 (PST)
Subject: HAPPY GUY FAWKES DAY!
In-Reply-To: <Pine.SUN.3.91.961105123056.18719A-100000@crl.crl.com>
Message-ID: <199611070616.XAA18385@infowest.com>


In <Pine.SUN.3.91.961105123056.18719A-100000 at crl.crl.com>, on 11/05/96 
   at 12:34 PM, Sandy Sandfort <sandfort at crl.com> said:

.On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
.and his compatriots had intended to blow up Parliment.

.The English celebrate it because Guy Fawkes failed.

.I celebrate it because he tried.  :-)

        I see, at heart you are still a little boy playing with fireworks?

--
  Politicians are like diapers.
    They both need changing regularly, and for the same reason.







From ckuethe at gpu.srv.ualberta.ca  Wed Nov  6 22:16:42 1996
From: ckuethe at gpu.srv.ualberta.ca (C Kuethe)
Date: Wed, 6 Nov 1996 22:16:42 -0800 (PST)
Subject: HAPPY GUY FAWKES DAY!
In-Reply-To: <199611060718.XAA11364@idiom.com>
Message-ID: <Pine.A32.3.93.961106224202.67998A-100000@gpu5.srv.ualberta.ca>


On Tue, 5 Nov 1996, Michael Craft wrote:

> >                           SANDY SANDFORT
> > 
> > On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
> > and his compatriots had intended to blow up Parliment.
> > The English celebrate it because Guy Fawkes failed.
> > I celebrate it because he tried.  :-)
> 
> A terrorist!!!   Call the police!!
> 

Where would we be if he hadn't tried?  I tend to agree with Sandy on this
one.  BTW, I am humor-impaired, so this might be a response taking your
attempt at humor too seriously.

In fact where would we be if a lot of other things hadn't been tried.
George Boole, Charles Babbage, Allan Turing.  They were laughed at/
scorned for trying.  Aren't we all Guy Fawkes in a way?  Cypherpunks I
mean.  I still have faith in us.  I quote the cypherpunks manifesto:

     We don't care much if you don't approve of the software 
     we write.  We know that software can't be destroyed and
     ...shut down.

Idealism and stretching things a bit, maybe, but there is a parallel to be
drawn.  How many of us use crypto illegally and don't care? How many of us
care that it's illegal to use crypto and thats why we do it.  How often
have we seen this propelled overseas in the signatures of cypherpunks:

          RSA in 3 lines of PERL:
          #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
          $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
          lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

What is this saying?  Well I know one guy who tried to uudecode it and
find out.  But really, it is in a way a Guy Fawkes thing... Big Bro's
being irresponsible, immature, <your adjective here>.  We must show BB
that we do not condone it.

Violence won't work.  Yeah...next C'Punks meeting outside NSA HQ.
Everybody bring your own bombs and guns. That would go over *really* well.
But at least all the papers would write about us.  So we're forced into
something like this.  Export a munition three times daily.  Geez...BB
could really get you hardcore.  And what's even funnier: the
whitehouse.gov autoresponder.  Dear King Billy: I just exported a munition
illegally.  Have a nice day.  And they don't care. Whitehouse just replies
"Thanks. nice letter"  So we, the peons are getting ignored again.  We
should do something to get noticed.

I cried the day I got my drivers licence and social insurance number. THe
gov't now knows who I am... for so many years I was a non-taxable
non-entity who showed up occasionally as someone's dependant at tax time.
Then, suddenly i was a swiftly accessible statistic. EVIL EVIL EVIL.

So saying we salute those who tried makes us terrorists... no.  Guy is
much maligned... and it's a much more efecive way of changing the gov't
than is on lowly ballot.  :)  Statistically that is.  Gee this was almost
on topic.... but really.  Let's try... instead of complain.  And those who
have tried: I salute you.

 --
Chris Kuethe <ckuethe at gpu.srv.ualberta.ca> LPGV Electronics and Controls
http://www.ualberta.ca/~ckuethe/
RSA in 3 lines of PERL:
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)









From sandfort at crl.com  Wed Nov  6 22:24:24 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 6 Nov 1996 22:24:24 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <32817717.4CA6@gte.net>
Message-ID: <Pine.SUN.3.91.961106215915.12243A-100000@crl10.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Dale seems to be getting over-wrought so I'll just hit the main
points.  On Wed, 6 Nov 1996, Dale Thorn wrote:

> Wrongo, Mr./Mrs. Argumentum ad Nauseam.
> My computer is in fact in MY home, and my access is SOLELY through GTE.

But access to Cypherpunks, the original issue in contention,
must pass through John's house.  Every string has two ends.

> The only fact you've shown to demonstrate that it's private is
> that John can manage it "anyway he wants", and/or shut it down
> at will. 

By George, I think he's got it!  Yes, the machine privately 
owned by John sits in John's private home, uses electricity and
net connection paid for by John.  (other then than, I guess I
havenpt made any other demonstration that it's private.  Duh.)

> Well, the owners of Denny's can shut their places down whenever
> they want to too. 

Yup.  And Dale's point is...?

> Matter of fact, the whole government can resign tomorrow and
> tell you to do it yourself. 

My wet dream.

> Imagine what would happen in the L.A. metro area if the truck
> drivers who bring in food decided they didn't want to do so
> next week....

That would be great!  We could all make a killing taking their 
place!  And Dale's point is...?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From shamrock at netcom.com  Wed Nov  6 22:38:50 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 6 Nov 1996 22:38:50 -0800 (PST)
Subject: Who is "M"?
Message-ID: <Pine.3.89.9611062212.A11917-0100000@netcom9>


I met a person named "M" at Tim's party a month ago. Would somebody 
please email me some contact info?

Thanks,

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"






From frantz at netcom.com  Wed Nov  6 23:05:48 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 6 Nov 1996 23:05:48 -0800 (PST)
Subject: Judge Kozinski responds to our responses
Message-ID: <199611070705.XAA05794@netcom6.netcom.com>


At  4:39 AM 11/6/96 -0500, Jim Ray wrote:
>Judge Kozinski wrote:
>> ... Perhaps the answer
>> is that the post office should not accept mail unless there
>> is a clear indication of who the sender is on the upper left
>> hand corner of the envelope. ...

In the case of postal mail, return address forgery is so easy that anyone
who can address an envelope can figure it out.  Requiring something
scribbled there certainly wouldn't help protect against anonymous mail. 
You would have to couple it with "is a person" checks to ensure the person
posting it is the person referenced by the return address.  Bye bye corner
post box.


-------------------------------------------------------------------------
Bill Frantz       |                            | Periwinkle -- Consulting
(408)356-8506     |  This space for rent.      | 16345 Englewood Ave.
frantz at netcom.com |                            | Los Gatos, CA 95032, USA







From shamrock at netcom.com  Wed Nov  6 23:07:49 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 6 Nov 1996 23:07:49 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <Pine.LNX.3.94.961107043646.339A-100000@random.sp.org>
Message-ID: <Pine.3.89.9611062241.A11917-0100000@netcom9>


On the topic of slide rules:
I am looking for a "teacher's" slide rule. The 5 feet long model that 
used to hang off the blackboard. Any idea where to get one? I pay cash.


-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"






From shamrock at netcom.com  Wed Nov  6 23:13:48 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 6 Nov 1996 23:13:48 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <32817717.4CA6@gte.net>
Message-ID: <Pine.3.89.9611062334.A11917-0100000@netcom9>


Amazing how many people on this list are inconsistent in taking their 
medications.

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"

On Wed, 6 Nov 1996, Dale Thorn wrote:
[elided]
> > Yes.  That's the way it is now, and I think it works very well.
> 
> Works for you.  Which is all you care about.
> 
> 





From remailer at cypherpunks.ca  Wed Nov  6 23:15:16 1996
From: remailer at cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 6 Nov 1996 23:15:16 -0800 (PST)
Subject: Mixmaster Test
Message-ID: <199611070702.XAA04285@abraham.cs.berkeley.edu>


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer





From remailer at cypherpunks.ca  Wed Nov  6 23:17:01 1996
From: remailer at cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 6 Nov 1996 23:17:01 -0800 (PST)
Subject: Mixtest
Message-ID: <199611070702.XAA04288@abraham.cs.berkeley.edu>


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer





From tcmay at got.net  Wed Nov  6 23:20:38 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 6 Nov 1996 23:20:38 -0800 (PST)
Subject: Who is "M"?
In-Reply-To: <Pine.3.89.9611062212.A11917-0100000@netcom9>
Message-ID: <v03007801aea73e330e25@[207.167.93.63]>


At 10:38 PM -0800 11/6/96, Lucky Green wrote:
>I met a person named "M" at Tim's party a month ago. Would somebody
>please email me some contact info?
>

"M" was in the U.S., visiting his counterparts in Langley. He popped in to
my party, upon hearing that my Aston-Martin needed a replacement of its
Clipper Chip.

I'm sorry "Q" could not make it, especially as I'd gotten a Q-Clearance
just for this occasion, but he's off in Botswana filming another one of
those dreadful Bond movie.

M. Carling may be the chap you're looking for.

--K!vFP








From stewarts at ix.netcom.com  Wed Nov  6 23:26:38 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Wed, 6 Nov 1996 23:26:38 -0800 (PST)
Subject: Is there a Win PGP?
Message-ID: <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>


At 10:58 PM 11/6/96 -0500, you wrote:
>subject says it all.... Im just wondering is (and where) there is a windows
>version of PGP.. thanks!

There are two separate issues - PGP with a Windows GUI, and 
PGP that really runs as a Windows process, rather than needing
to fire up a DOS window.  There are a dozen or so Windows GUIs for PGP,
many of which are on ftp.ox.ac.uk.  I especially like Private Idaho;
I think the path to it is www.eskimo.com/~joelm/ (also ftp.eskimo.com).
Current version is about 2.8 ; I'm not running it because it dropped
support for ViaCrypt (due to problems with ViaCrypt 4.0), and I like
using ViaCrypt.  I'm also having problems getting the older versions
to work on Windows NT (sigh...)

For a real Windows version, you can buy ViaCrypt (about $100-130?)
At least inside the US, to use the interesting RSA methods except through the
official external interfaces to RSAREF, you need permission from RSA.
Basic PGP for DOS/Unix/Mac has this, but there isn't a blessed Windows 
version except ViaCrypt, a commercial product.  For commercial applications,
you probably also need ViaCrypt anyway.  It was a nice product before they
added Key Escrow support.  Now that Phil has bought them, they'll presumably
return to political correctness on that issue.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From stewarts at ix.netcom.com  Wed Nov  6 23:39:25 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Wed, 6 Nov 1996 23:39:25 -0800 (PST)
Subject: Information
Message-ID: <1.5.4.32.19961107073726.003d89b0@popd.ix.netcom.com>


>> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
>> > I'm a new Cyberpunk!
Probably wearing a set of Ono-Sendai eyeballs....

>> > Last,  I would like to know once and for all,  is PGP compromised,  is
>> > there a back door, and have we been fooled by NSA to believe it's secure?

You can read and compile the source code yourself.  
You can learn crypto to help you understand the strength of the
algorithms.  I'd recommend Bruce Schneier's "Applied Cryptography".
You can look for bugs and subtle design flaws along with other people.
There are un-subtle design flaws, like the DOSoid user interface :-), 
and there are philosophical arguments about whether an identity-based
Web of Trust is the right trust model, and practical problems about
how to support revocation correctly, but basically it's Pretty Good Privacy.

On the other hand, there are other threats to think about.
Is there a virus, software bug, or trojan horse that captures the keystrokes 
you type into your computer?  If your passphrase is stolen, you lose.
PGP can't tell; it's just software.  What's on that yellow sticky note?
Is the NSA listening for electronic signals from that dark van
parked out in front of your house?  They're pretty good these days.
Your computer doesn't know, so PGP can't help you with it.
Are you using PGP to keep business records (like that second set of books)
which can be subpoenaed by a court?  When the IRS seizes your computer
and sees all those files with ------BEGIN PGP----- on them, can they
force you to reveal the keys or at least the contents?
PGP can't solve those problems for you.  But it can keep amateurs like
your local police department from reading the files you really care about
until they haul you in front of a court where you can bring a lawyer.

There are applications that PGP doesn't do, like keeping the blocks
on your disk drive automagically encrypted - it just does things to
files when you tell it to.  But you can at least encrypt the critical stuff,
and you can encrypt your email messages and other sensitive files
you transmit across a network.  Won't do any good for IRC...



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From isptv at access.digex.net  Thu Nov  7 00:36:18 1996
From: isptv at access.digex.net (ISP-TV Main Contact)
Date: Thu, 7 Nov 1996 00:36:18 -0800 (PST)
Subject: Mike Rawson on ISP-TV's "Real Time"
Message-ID: <199611070836.DAA14943@access5.digex.net>


*** ISP-TV Program Announcement:

	Live interview with Mike Rawson, Director of Internet Policy,
	office of U.S. Senator Burns 
***

*** Monday, Nov. 11 ***
*** 9:00 PM ET      ***

Mike Rawson, Director of Internet Policy for the office of U.S. Sen. 
Burns, will be the guest on ISP-TV's "Real Time" interview show this
monday night.  Mike runs Sen. Burns web site, and has been active in the
shaping of legislation aimed at cryptographic liberalization, as well as
bringing hearings on the Pro-Code Bill live over the Internet.  Mike will
share with us the current state of crypto legislation, as well as
speculate on its future in the next Congress.

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm








From bryce at digicash.com  Thu Nov  7 00:57:23 1996
From: bryce at digicash.com (Bryce)
Date: Thu, 7 Nov 1996 00:57:23 -0800 (PST)
Subject: [NOISE] [philosophypunks] [Vulis] Mills & Hallam-Baker
Message-ID: <199611070857.JAA01800@digicash.com>



-----BEGIN PGP SIGNED MESSAGE-----

 hallam at ai.mit.edu writes:
>
> If we return to the original basis on which Mill opposed censorship
> its not hard to find out why Dimitri is denied his support. The
> argument is based on the need to keep alive debate.


That was only one of several arguments.  Another was that the
potentially-censored speaker might be right!  I don't remember
the others.


Regards,

Bryce



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMoGkZUjbHy8sKZitAQFmRgMAu2U+zQTa+txp2wz9SG6mQwS4MXXkgeDi
zjenNSN8KvwM92fxio5S+KfOzTjggU2dczeBuEAb7EPPJFUCtAh0ZEgYguzEnpAU
Vx2Ct06VOQbr0mRUlfuGbwgvX0fYnh0D
=Dqw6
-----END PGP SIGNATURE-----





From cypherpunks at count04.mry.scruznet.com  Thu Nov  7 00:58:52 1996
From: cypherpunks at count04.mry.scruznet.com (cypherpunks at count04.mry.scruznet.com)
Date: Thu, 7 Nov 1996 00:58:52 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <Pine.SUN.3.91.961106091938.3111C-100000@crl.crl.com>
Message-ID: <199611070819.AAA00995@count04.mry.scruznet.com>



Sigh... Yes Cypherpunks is indeed a private list...
yes John is entitled to refuse to have a guest in his
virtual home, and yet some denizens of this list
cant seem to accept that and scream and rant and rave about it..
What dont they understand about the word no? and WHY 
cant these holier than thou "anti-censorship" groupies
simply accept that John has made a choice,
it is his choice to make, and unless I miss my guess about John
(having known him for a few years now) there probably isnt any duress or
coercion that would have the least effect on his choice in fact
it would in the case of John reinforce his intransigent nature.
Perhaps if matters and the list are given a chance to quiet
feelings may change, further harassment of John on this
WONT help. As has been stated MANY times before.
if you dont like this forum go buy your own!

    grumpily
    a cypherpunk
p.s. does anyone get it yet... we are ALL guests,
John does have the right to uninvite someone.





From ben at gonzo.ben.algroup.co.uk  Thu Nov  7 01:52:24 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Thu, 7 Nov 1996 01:52:24 -0800 (PST)
Subject: News: Europe Wants Stronger Encryption
In-Reply-To: <199611052315.PAA12733@ohio.chromatic.com>
Message-ID: <9611070850.aa15503@gonzo.ben.algroup.co.uk>


Ernest Hua wrote:
> 
> From C/Net News (http://www.news.com/News/Item/0,4,5076,00.html):
> 
>     Europe wants stronger encryption 
>     By Alex Lash
>     November 5, 1996, 5:30 a.m. PT 
> 
>     The European Electronic Messaging Association has told
>     the European Commission that European companies are at a
>     competitive disadvantage without access to strong
>     American-made cryptography, according to the
>     organization. 

Well, they've obviously been paying attention, haven't they? Doh!

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From ben at gonzo.ben.algroup.co.uk  Thu Nov  7 02:23:44 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Thu, 7 Nov 1996 02:23:44 -0800 (PST)
Subject: Euro Key Escrow
Message-ID: <9611070921.aa15606@gonzo.ben.algroup.co.uk>


Someone, somewhere, posted a rumour that Europe was about to go for a key
escrow scheme known as "Royal Holloway".

I have done a little research and gleaned the following:

It is, apparently, true that the EC is considering schemes for key escrow, by
"trusted third parties" (trusted by who, I'd like to know?). "Royal Holloway"
is one of these schemes. It is named after the college of origin, if anyone
cares. It essentially revolves around each pair of TTPs sharing two out of
three parts of a key, and generating the third part for each of their users.
The idea is that either of the TTPs who generated keys for an encrypted
message exchange can decode it (by using the private key of their "client" and
the public key of the other TTP's "client").

Full details can be found at:

ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps

This is in PostScript. I'm not aware of any plain text versions.

I'm informed that this is likely to be introduced into EC legislation, though
my understanding is that members are not required to actually incorporate the
legislation. No doubt France will embrace it with happy shouts.

Of course, it is our duty as netizens to resist this kind of rubbish, and I
encourage you to write to your MP/EuroMP (or local equivalent).

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From mixmaster at as-node.jena.thur.de  Thu Nov  7 02:24:34 1996
From: mixmaster at as-node.jena.thur.de (Jenaer Mixmaster Anonserver)
Date: Thu, 7 Nov 1996 02:24:34 -0800 (PST)
Subject: Mixmaster Test
Message-ID: <m0vLPKi-0003inC@as-node.jena.thur.de>


Sorry for the spam, folks ... just looking for a mixmaster that puts
the Subject: line into cypherpunk messages.

Name-Withheld-By-Request
Editor in Chief, Cypherpunk Enquirer





From whgiii at amaranth.com  Thu Nov  7 03:16:12 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Thu, 7 Nov 1996 03:16:12 -0800 (PST)
Subject: Is there a Win PGP?
In-Reply-To: <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>
Message-ID: <199611071228.GAA22584@mailhub.amaranth.com>


In <1.5.4.32.19961107072438.00dad0cc at popd.ix.netcom.com>, on 11/06/96 at 11:24 PM,
   stewarts at ix.netcom.com said:

>For commercial applications,
>you probably also need ViaCrypt anyway.  It was a nice product before they added Key
>Escrow support.  Now that Phil has bought them, they'll presumably return to
>political correctness on that issue.

Hmmm I don't think they actually had a Key Escrow Support. My understanding was that
the user could create a master key that could be used to decrypt messages from the
other keys. This was done in responce to the needs of some of their corprate users
that needed a way to decrypt company info. It could be quite devistating if a vip for
company x encrypted vital corporate files and then quit/fired/died and those file
were nolonger able to be retreived.

I am not sure exactly how they had this mechanism set up but I am pretty sure this
was somthing the user had to actively set up as aposed to somthing done automatically
with out the user's knowledge. 

I can see how this could be abused though for a GAK system though I never did see
anything from ViaCrypt that they supported any of the Clipper/GAK crap from our
government.

Does anyone know if you can purchace a commercial license from ViaCrypt/PGP Inc. but
use the standard PGP for commercial purposes?

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: The best way to accelerate Windows is at escape velocity.






From linefeed at juno.com  Thu Nov  7 04:26:55 1996
From: linefeed at juno.com (Leon W Samson)
Date: Thu, 7 Nov 1996 04:26:55 -0800 (PST)
Subject: Censorship in Western Australia
In-Reply-To: <Pine.SUN.3.91.961106180814.28883B-100000@eff.org>
Message-ID: <19961106.072440.9598.0.LineFeed@juno.com>


please!!!!!!!





From jya at pipeline.com  Thu Nov  7 04:38:49 1996
From: jya at pipeline.com (John Young)
Date: Thu, 7 Nov 1996 04:38:49 -0800 (PST)
Subject: Key to the Future of E-Commerce
Message-ID: <1.5.4.32.19961107123717.006a4320@pop.pipeline.com>


http://techweb.cmp.com/oem/docs/commerce.html

Breaking Into Electronic Commerce [Excerpts]

By Larry Lange

Internet commerce is a riddle wrapped in an enigma. At once the
biggest opportunity the computer and communications industries face in
the latter half of the 1990s, it also represents their biggest risk. ...

The L0pht is about what you'd expect in the way of headquarters for a
motley group of twentysomething computer hackers with Internet
names like Deth Vegtable, Brian Oblivion and Mudge. ...

Mudge and his ilk of brilliant break-in artists believe they play an 
important role as the underground angels of Internet commerce, 
minding the gates to the new digital marketplace. ...

Eric Hughes agrees. As a co-founder of Cypherpunks, Hughes is 
part of a virtual band of code crackers spun out of the Advanced 
Computer Lab at the University of California at Berkeley, connected 
by a regular listserv-group e-mail that reports as many as 60 
security breeches daily. The group's raison d'etre, says Hughes, is 
"evaluating security in the interest of the user.'' His frank appraisal 
of the state of the art in electronic-commerce products is a tonic for 
the hyperbole of the public-relations machine.

"I disagree with the characterization that electronic-security tools 
are in a high state of excellence,'' Hughes says. "In fact, I consider 
the state-of-shelf quite poor and not economical to deploy. Until 
platform security is drastically improved, these kinds of problems 
correctly lead to some queasiness over the widespread use of 
PCs to keep secrets.'' 

Like it or not, the Web denizens like Hughes and Mudge hold the 
key to the future of electronic commerce on the Internet, and 
everyone in the industry knows it. ...

Not all Internet companies are courting the cyber Robin Hoods, 
however. "We're trying to prove that cryptography is powerful and 
can make viable, attractive and commercial propositions, while at 
the same time protecting people's privacy,'' says David Chaum,
"The Cypherpunk approach is the opposite. It's 'We're gonna 
make and break systems and we're gonna debunk things by 
finding weakness in systems.''' 

[Snip balance of longish feature article]







From jer+ at andrew.cmu.edu  Thu Nov  7 04:39:34 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Thu, 7 Nov 1996 04:39:34 -0800 (PST)
Subject: Censorship in Western Australia
In-Reply-To: <Pine.SUN.3.91.961106044839.16537A-100000@eff.org>
Message-ID: <0mURVu200YUh02_Y40@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

linefeed at juno.com (Leon W Samson) writes:
> FUCK YOU ALL I WANT OFF OF THID MAILING LIS IT FUCKING SUCKS ALL IT DOES
> IS FILL MY HDD WITH  JUNK MAIL DO YOU THINK I WANT THAT SHIT NO! I
> DONT!!!!!!.....ALL YOU OF YOU ARE COOL BUT THIS THING SUCKS........SEE YA
> COOL D00DS

Probably the worst misspelling of unsuvr, sunsubs, unscrib.. oh, you
know, that i've seen to date. Lotsa bits in that stego...

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoHYdckz/YzIV3P5AQFNcAL+OQz/vYY2Xn/l4D+XRRfK5/CfNO24YJ0e
DZBN0J3IdBRj8SSbUGKC83e+6AXk9eAPVaTMK/ew9aALpv5443T2Gx4dJrRVhpj0
OIIyxjMBGidItRCgvban909DtOOgCqUK
=mgsC
-----END PGP SIGNATURE-----





From ben at gonzo.ben.algroup.co.uk  Thu Nov  7 04:52:20 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Thu, 7 Nov 1996 04:52:20 -0800 (PST)
Subject: Is there a Win PGP?
In-Reply-To: <1.5.4.32.19961107072438.00dad0cc@popd.ix.netcom.com>
Message-ID: <9611071151.aa16242@gonzo.ben.algroup.co.uk>


stewarts at ix.netcom.com wrote:
> 
> At 10:58 PM 11/6/96 -0500, you wrote:
> >subject says it all.... Im just wondering is (and where) there is a windows
> >version of PGP.. thanks!
> 
> There are two separate issues - PGP with a Windows GUI, and 
> PGP that really runs as a Windows process, rather than needing
> to fire up a DOS window.  There are a dozen or so Windows GUIs for PGP,
> many of which are on ftp.ox.ac.uk.  I especially like Private Idaho;
> I think the path to it is www.eskimo.com/~joelm/ (also ftp.eskimo.com).
> Current version is about 2.8 ; I'm not running it because it dropped
> support for ViaCrypt (due to problems with ViaCrypt 4.0), and I like
> using ViaCrypt.  I'm also having problems getting the older versions
> to work on Windows NT (sigh...)
> 
> For a real Windows version, you can buy ViaCrypt (about $100-130?)
> At least inside the US, to use the interesting RSA methods except through the
> official external interfaces to RSAREF, you need permission from RSA.
> Basic PGP for DOS/Unix/Mac has this, but there isn't a blessed Windows 
> version except ViaCrypt, a commercial product.  For commercial applications,
> you probably also need ViaCrypt anyway.  It was a nice product before they
> added Key Escrow support.  Now that Phil has bought them, they'll presumably
> return to political correctness on that issue.

I did a port of PGP to a Windows DLL a long time back, but I never got around
to releasing it. I could bring it up to date and put it out there if there is
popular demand.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From ronny at netvision.net.il  Thu Nov  7 05:03:18 1996
From: ronny at netvision.net.il (Ronny Front)
Date: Thu, 7 Nov 1996 05:03:18 -0800 (PST)
Subject: No Subject
Message-ID: <v03007800aea7aaaa01fd@[194.90.3.154]>



--
Regards,
    \Ronny.                                                        _   /|
                                                                   \'o.O'
                                                                   =(___)=
                                                                      U







From um at c2.net  Thu Nov  7 05:24:54 1996
From: um at c2.net (Ulf =?ISO-8859-1?Q?M=F6ller?=)
Date: Thu, 7 Nov 1996 05:24:54 -0800 (PST)
Subject: Euro Key Escrow
In-Reply-To: <9611070921.aa15606@gonzo.ben.algroup.co.uk>
Message-ID: <9611071242.AA09360@public.uni-hamburg.de>


> It is, apparently, true that the EC is considering schemes for key escrow, by
> "trusted third parties"

There is an extensive survey at the European Cryptography Resources page,
http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html

The EU commission's group DG XIII has been discussing key escrow for quite
some time, but they have not yet been able to agree on a position.
Jerome Thorel has posted some rather scaring interviews with EU official
David Herson who is in favor of a key esrow scheme. Victor Mayer-Schoenfelder
reports that crpyo regulation is likely to be delegated to the more liberal
DG XV.

A number of member states, such as Denmark, very unlikely to accept key
escrow.

> ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps

Ross Anderson has analyzed Mitchell's scheme, drawing the conclusion that
"The GCHQ protocal is very poorly engineered." See
ftp://ftp.cl.cam.ac.uk/users/rja14/euroclipper.ps.Z

> I'm informed that this is likely to be introduced into EC legislation, though
> my understanding is that members are not required to actually incorporate the
> legislation. No doubt France will embrace it with happy shouts.

The final decision will almost certainly with the member states, because
cryptography is considered essential for national security.





From njhm at ns.njh.com  Thu Nov  7 05:58:02 1996
From: njhm at ns.njh.com (Nicolas J. Hammond)
Date: Thu, 7 Nov 1996 05:58:02 -0800 (PST)
Subject: HAPPY GUY FAWKES DAY!
In-Reply-To: <Pine.A32.3.93.961106224202.67998A-100000@gpu5.srv.ualberta.ca>
Message-ID: <199611071359.IAA29100@ns.njh.com>


> > >                           SANDY SANDFORT
> > > 
> > > On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
> > > and his compatriots had intended to blow up Parliment.

Actually I think it was late on November 4 that the plot was foiled.

Guy (Guido) Fawkes and 11 of this friends had rented a house next to the 
Houses of Parliament earlier that year and the group spent several months 
digging a tunnel from the basement of their house to the basement of the HoP.

They moved barrels and barrels of gunpowder into the basement and
left Guy Fawkes there along with a very long fuse on the night of
November 4. The King (James I of England, who was also James VI of Scotland)
was opening Parliament the following day. The plan was for Guy to light
the fuse, escape through the tunnel, and the whole of the HoP would
be blown up. There would be a catholic rebellion and a Catholic (I think
Queen, my memory is failing at this point) monarch installed.

[King Henry VIII had fallen out with the Pope over his many marriages
 (rather ironic as an earlier Pope had declared KH8 "defender of the 
 faith", a title that is still used by the current Queen, because KH8
 had written many articles defending the Catholic faith) and KH8 had
 helped to start the Church of England. Many loyal catholics wanted to
 return to papist control of religion.]

For some reason (the speculation is either that one of the gang
tipped off a friend who was a Member of Parliament (MP) and 
therefore expected to be at the opening and told him not to attend
OR that the whole plot was concocted by the King to raise public
support for him (King wasn't too popular at the time)), the plot was foiled.

The Beefeaters (the guards who still wear their traditional uniform)
searched the basement, saw barrels and barrels of gunpowder and a long
fuse. At the end of the fuse was Guy Fawkes. They either did the search
late on November 4, or early in the morning on the fifth.

Guy was tortured for about 2 weeks. They used the water torture and
dismembered a few parts of his anatomy. A same fate met the other
conspirators that were captured alive. Guy's torture lasted about 2 weeks
and then he was hung, drawn and quartered with his head put on the city
walls for many months. He has hung, cut down before he was dead,
drawn (large cuts made in the body with a sharp sword - makes
the quartering easier on the horses) and then quartered (each limb tied
to a strong horse and the horses then sending charging in four opposite
directions).

No-one knows why the celebrations started. Some speculate that the King
ordered it to remember how close the rule of monarchy nearly came to an end.

Traditional English celebrations are to have a large bonfire and put a 
guy (mannequin) on top. Kids would spend weeks making a realistic looking
"guy" and used to (long time ago) put their guy on the streets a couple
of days before asking for "a penny for the guy" to make money.
Fireworks are also normal.

> > > The English celebrate it because Guy Fawkes failed.
> > > I celebrate it because he tried.  :-)
> > 
> > A terrorist!!!   Call the police!!
> > 
> 
> Where would we be if he hadn't tried?  

Catholic.


 Please to remember
 The fifth of November
 Gunpowder, treason and plot

 I see no reason
 Why gunpowder treason
 Should ever be forgot
	[Traditional English nursery rhyme]

Not quite sure the relevance to cryptography.
I believe that at their "trial", some documents were produced - 
I doubt they were encrypted.

-- 
Nicolas Hammond                                 NJH Security Consulting, Inc.
njh at njh.com                                     211 East Wesley Road
404 262 1633                                    Atlanta
404 812 1984 (Fax)                              GA 30305-3774





From jbugden at smtplink.alis.ca  Thu Nov  7 06:11:06 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Thu, 7 Nov 1996 06:11:06 -0800 (PST)
Subject: Smart Bombs
Message-ID: <9610078473.AA847386635@smtplink.alis.ca>


Smart Use for Smart Cards
     
"UBIQ announced that its software has been selected by American Express to
personalize smart cards that will be issued ... for ticketless travel on
American Airlines. ... Airline travelers with these smart card holders will be
able to proceed directly to an airport gate, insert their smart card into a gate
reader, receive seat confirmation, and board the plane without touching a single
piece of paper. 
     
"Traditionally, smart card technology has been associated with user
authentication for computer systems or as an electronic alternative for cash.
This announcement takes the best of both worlds and looks to provide a
potentially innovative use for smart cards. ...

Copyright (c) 1996 Zona Research Inc. 

Of course, not having a card may subject you to greater scrutiny at check-in
time due to the reduced tracking ability. 

James






From ebrandt at idola.net.id  Thu Nov  7 07:07:06 1996
From: ebrandt at idola.net.id (Henry Iskandar)
Date: Thu, 7 Nov 1996 07:07:06 -0800 (PST)
Subject: No Subject
Message-ID: <9611071510.AA19421@merak.idola.net.id>


Please unsubcribe me from your list

Creating Place
Medan - Indonesia
ebrandt at idola.net.id





From michaelmattsson at momentis.com  Thu Nov  7 07:08:28 1996
From: michaelmattsson at momentis.com (Michael Mattsson)
Date: Thu, 7 Nov 1996 07:08:28 -0800 (PST)
Subject: No Subject
Message-ID: <19961107101043.08761e13.in@mail.momentis.com>


UNSUBCRIBE






From mycroft at actrix.gen.nz  Thu Nov  7 07:12:08 1996
From: mycroft at actrix.gen.nz (Paul Foley)
Date: Thu, 7 Nov 1996 07:12:08 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <32817717.4CA6@gte.net>
Message-ID: <199611071509.EAA13032@mycroft.actrix.gen.nz>


On Wed, 06 Nov 1996 21:43:51 -0800, Dale Thorn wrote:

   Sandy Sandfort wrote:
   > Dale is wrong.  All access to Cypherpunks is via toad.com which
   > sits in John Gilmore's home.  (The basement office to be exact.)

   Wrongo, Mr./Mrs. Argumentum ad Nauseam.
   My computer is in fact in MY home, and my access is SOLELY through GTE.

You only send mail to/receive mail from GTE?  How, then, are you reading
this, or sending the message to which I'm replying?

What a revelation!  It's going through toad.com!  *gasp*

   > And here John has chosen to limit said forum.  It is irrelevant
   > how many subscribers perceive the list as public.  It is private.
   > Their misperception is in no way binding on John.

   Perception is everything.  And I never made a comment about "binding"
   anything.  Therefore, there is no misunderstanding.

Yes there is.  I don't understand what you're saying.

Sandy wasn't quoting you ("binding") -- he said your (mis)perception
that the list is public doesn't affect what John can or cannot do with
his privately owned computer.

Try this at home: send email addressed to majordomo at toad.com with the
body "who cypherpunks".  When you get a reply, save it in a file.  OK,
you now have a list of who's subscribed to this list on your computer.
Is it your contention that you should not be allowed to edit or delete
this list?  If you reply in the negative, why do you think that John
Gilmore shouldn't be allowed to edit his copy of this list?

   >    Some folks just don't have a clue.  Just because they don't
   >    understand the nature of John's contribution, does not stop
   >    them from yammering.

   And the people who agree with you are the only intelligent/clueful
   people on this list?

Obviously.

Well, People can be clueful about different things, of course.  On
this particular subject I can't see how you can reconcile a belief in
private property rights with your viewpoint.  So, are you a
communitarian or an idiot? :-)

   Your contention is acknowledged and rejected.

Your rejection is acknowledged and rejected :-)  Facts are facts.
Whether you choose to accept them is irrelevant.  Try "rejecting"
gravity for a while.

   The only fact you've shown to demonstrate that it's private is that
   John can manage it "anyway he wants", and/or shut it down at will.

Yes!  The only fact necessary is that the equipment on which it's run
is private.

   Well, the owners of Denny's can shut their places down whenever
   they want to too.

Yes...another example of "private."

   Matter of fact, the whole government can resign tomorrow and tell
   you to do it yourself.

Most(?) people on this list would think they'd died and gone to heaven.

   Imagine what would happen in the L.A. metro area if the truck drivers
   who bring in food decided they didn't want to do so next week....

Are you saying they can't?  Who prevents these truck drivers from
quitting, and what happens to those who try?  What do you think would
happen?

   > > You can argue until doomsday the "privacy of home" issue,...

   > Since it is correct and unasailable, I believe I will.

Dale, apparently, doesn't think his home is private.

I think it more likely that Dale is simply being a hypocrite, though.
I'm sure he would maintain that his home is private as soon as the
homeless people under the bridge down the street decide to move in.

   > > If you really agree with the ousting, I don't understand why
   > > you're arguing so hard for the "private home" issue; would you
   > > want to see a world someday where all Internet communications
   > > are "controlled" by "private" individuals at "home"?

Would you really want to see a world where this is *not* the case?

-- 
Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Heavy, adj.:
	Seduced by the chocolate side of the force.






From dthorn at gte.net  Thu Nov  7 07:25:49 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 7 Nov 1996 07:25:49 -0800 (PST)
Subject: Information [for new PGP user]
In-Reply-To: <1.5.4.32.19961107073726.003d89b0@popd.ix.netcom.com>
Message-ID: <3281FB84.3560@gte.net>


stewarts at ix.netcom.com wrote:
> >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
> >> > I'm a new Cyberpunk!
> Probably wearing a set of Ono-Sendai eyeballs....
> >> > Last,  I would like to know once and for all,  is PGP compromised,  is
> >> > there a back door, and have we been fooled by NSA to believe it's secure?

> You can read and compile the source code yourself.

[snip, snip]

Really?  All 60,000 or so lines, including all 'includes' or attachments?

I'll bet you can't find 10 out of 1,000 users who have read the total source,
let alone comprehended and validated it.







From dthorn at gte.net  Thu Nov  7 07:25:53 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 7 Nov 1996 07:25:53 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <Pine.SUN.3.91.961106085914.3111A-100000@crl.crl.com>
Message-ID: <3281FD52.74E9@gte.net>


Sandy Sandfort wrote:
> On Tue, 5 Nov 1996, Dave Crocker wrote:
> > Actually I think that this view is at the core of the misunderstanding.
> > In fact, we ARE required to suffer fools.

> What you mean WE, white man?  Does this "requirement" include
> John Gilmore?  Must he and his machine be held in hostage to
> the gratuitous flames of Dimitri?  I think not.

> > It is a clear and acknowledged expense for an open society.

> Clear and acknowledged by whom?  Certainly not me.  We are not
> talking about Dimitri's right to speak in open society.  This is
> a private list provided through the generosity of one person.

Sandy is suggesting (demanding?) that all cypherpunks subscribers "accept" without
question or proof John's generosity, i.e., the existence of the list being prima
facie evidence of same.

Well, Sandy, if this were a list sharing cookie recipes or some such thing, I'd grant
you the point, but it's not.  It's a list which would necessarily be watched closely
by neo-government factions such as NSA, and *quite* possibly be a trolling operation.

Please don't come back with the "so why are you here?" argument - after all, I have
my reasons, just like you.






From dlv at bwalk.dm.com  Thu Nov  7 08:18:27 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 7 Nov 1996 08:18:27 -0800 (PST)
Subject: Dr. Vulis is not on cypherpunks any more
In-Reply-To: <Pine.SUN.3.91.961106085914.3111A-100000@crl.crl.com>
Message-ID: <75Z1wD2w165w@bwalk.dm.com>


Sandy Sandfort <sandfort at crl.com> writes:
> On Tue, 5 Nov 1996, Dave Crocker wrote:
> 
> > 	Actually I think that this view is at the core of the
> > misunderstanding.
> > 
> > 	In fact, we ARE required to suffer fools.
> 
> What you mean WE, white man?  Does this "requirement" include 
> John Gilmore?  Must he and his machine be held in hostage to 
> the gratuitous flames of Dimitri?  I think not.

You are required to suffer fools in order to maintain any sort of
credibility as the proponent of free speech.  John Gilmore has managed
to destroy his credibility.

Of course he's not required to maintain his credibility and is free to
destroy it in any way he wants to.

> This IS a private list, like it or not.  Crying "censorship" or
> "authoritarianism" merely because John handled this differently
> than you would have, is disingenuous to say the least.

Nobody's trying to interfere with John Gilmore's right to practice censorship
on his private mailing list.

But to deny that he's engaging in censorship is disingenuous.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ses at tipper.oit.unc.edu  Thu Nov  7 08:36:51 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Thu, 7 Nov 1996 08:36:51 -0800 (PST)
Subject: HAPPY GUY FAWKES DAY!
In-Reply-To: <199611071359.IAA29100@ns.njh.com>
Message-ID: <Pine.SUN.3.91.961107113216.12183A-100000@tipper.oit.unc.edu>


On Thu, 7 Nov 1996, Nicolas J. Hammond wrote:
> 
> Not quite sure the relevance to cryptography.
> I believe that at their "trial", some documents were produced - 
> I doubt they were encrypted.

Well, Mary Queen Of Scots's secret communications relied on concealing 
messages in bottles whilst under arrest. This channel was discovered, and 
all here messges were intercepted and read before being passed on. 

Security thru Obscurity just doesn't work...










From frissell at panix.com  Thu Nov  7 08:49:15 1996
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 7 Nov 1996 08:49:15 -0800 (PST)
Subject: HAPPY GUY FAWKES DAY!
Message-ID: <3.0b19.32.19961107101629.0072e5fc@panix.com>


>The Beefeaters (the guards who still wear their traditional uniform)
>searched the basement, saw barrels and barrels of gunpowder and a long
>fuse. At the end of the fuse was Guy Fawkes. They either did the search
>late on November 4, or early in the morning on the fifth.

The powder had spoiled because it had been stored too long without being
turned over.  It wouldn't have blown up in any case.

DCF





From hua at chromatic.com  Thu Nov  7 10:26:51 1996
From: hua at chromatic.com (Ernest Hua)
Date: Thu, 7 Nov 1996 10:26:51 -0800 (PST)
Subject: News: Europe Wants Stronger Encryption
In-Reply-To: <19961106.214507.5351.0.kb4vwa@juno.com>
Message-ID: <199611071826.KAA20610@server1.chromatic.com>



> I don't understand why don't they just use PGP, or something like that. 
> There is no patent on it?

IDEA is patented in Europe.  It takes a lot of time to test out and
"break in" new encryption algorithms.  If you invent one, surely the
first thing you would want to do is to patent it, right?  Well, that
is exactly what everyone's been doing so far.  Few, if any, actually
let their stuff go to the public domain.

Kudos to Bruce S for Blowfish ...

Ern







From mjmiski at execpc.com  Thu Nov  7 10:43:15 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Thu, 7 Nov 1996 10:43:15 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT] (fw
Message-ID: <199611071842.MAA04703@mail.execpc.com>


> Hi all,
> 
> There is one important legal aspect which the operator of the Cypherpunks
> mailing list has opened themselves up for with this action. In short they
> have now opened themselves up for defamation and liable suites by imposing
> an editorial policy on the contents of this list (1).

First of all I support John's decision.

However, these types of actions make it difficult to further any 
common carrier legal development.  As most on the list will agree, we 
would like certain content freedom on the Net.  When the SPA 
discussed thier contributory infringement we all cringed (especially 
those running small ISPs).

My point is that this decision should be based upon anything but 
content.  Arguments can be made that the Dr. "asked" to be removed by 
techincal means.  Arguments can be made that the Doctor abused 
remailers (assuming a writing analysis can identify him and that 
"abused" has any definition 8-).  Saying that the Doctor was 
decreasing the S/N ratio IS content based restriction.  It DOES open 
up the door.

> This opens up the potential, for example, for Tim May to sue the operator of
> the Cypherpunks mailing list now for posts from users (even anonymous ones)
> which defame or otherwise liable his character, reputation, or ability to
> pursue income in his chosen field. In short the operators of the list
> becomes publishers and distributors of the material. It is the legal
> difference between a bookstore and a book publisher. 

While I wish he was wrong, I have to agree.

> Censorship is censorship, irrespective of the source of the limitation.
> Free expression is impossible in an environment of censorship. The right to
> speak not only implies a right to not speak, it also implies the right to
> emit complete mumbo jumbo. The actual content of the speech is irrelevant.

That is not completely true in the USA.  Content can and is 
restrained.  You cant yell "FIRE" in a crowded theatre.  Commercial 
speech is restrained.  And, yes, sexually explicit language used on a 
jobsite is effectively restrained (I am a discrimination lawyer, 
believe me, it is).
 
> I have argued in the past that this list is a defacto public list because of
> the way it is advertised and to the extent it is advertised. All the protests
> by the operator to the contrary will not convince a court.

All of the "advertisements" and their "extent" are totally 
irrelevant.  John does not advertise.  Members might.  So what?  Am I 
to understand that if I get enough people to tell others that my 
favorite privately held company is really a public one that I can 
then have a court force them to make an IPO?  It is private, it is 
controlled by John, not the government (unless that white van outside 
his house is actually filtering his packets 8-).

> 
> Hope you folks have a good lawyer.
> 

Very happy to volunteer my services.

> (1)  ;login:, Oct. 1996, V21N5, pp. 27
> 
> 
>                                                     Jim Choate

Matt 
 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
=lkx1
-----END PGP PUBLIC KEY BLOCK-----





From roach_s at alph.swosu.edu  Thu Nov  7 10:56:05 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 7 Nov 1996 10:56:05 -0800 (PST)
Subject: [rant] Re: Censorship on cypherpunks
Message-ID: <199611071856.KAA18731@toad.com>


At 09:11 PM 11/6/96 -0800, Dale Thorn wrote:
>What both of these arguments (moreso the first) fail to mention is an
individual's
>investment in time and possibly a lot of money in various memberships, with
expec-
>tations that they will have the opportunity to develop and express
themselves to
>their utmost capability.  When I have a problem with some of the dirty
things my
>representatives in Washington DC do on my behalf, people say "like the U.S. or
>leave it", etc., as though my father, his father, his father, etc. clear
back to
>the 1600's in the colonies here, wasted their blood on the battlefields
defending
>these assholes who like to say "you can just leave if you don't like it".
>
>The squashing of people's dreams begins at birth with selfish and shortsighted
>parents, and since that and other oppressions permeates our brains at every
level, 
>it's a wonder that some people are as accomplished and expressive as they
are.  This
>topic as it's been handled so far by most of the subscribers is prima facie
evidence
>that most of the people in the industrialized countries are just good
little suck-up
>fascists.

Actually, I was comparing some people on the list, who were saying someone
could always start thier own list, with those who advocate telling someone
to start a new country as opposed to making their vote count.  This is a
free country where we, fortunately, don't have to hang around, and, this is
a free list, where we don't have to post or remain subscribers.  I was
saying that telling someone to start their own list was equivalent to
telling them to dig in on an uninhabited island.  I was never advocating
either action.  If you read the previous posts, you can see the one I
responded to and see what I mean.  I know that this may not be possible as
you probably tossed them, but ask me if you would like, I have that post
somewhere in backup.






From alan at ctrl-alt-del.com  Thu Nov  7 11:17:47 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Thu, 7 Nov 1996 11:17:47 -0800 (PST)
Subject: Information [for new PGP user]
Message-ID: <3.0b36.32.19961107111639.00d927d4@mail.teleport.com>


At 07:08 AM 11/7/96 -0800, Dale Thorn wrote:
>stewarts at ix.netcom.com wrote:

>> You can read and compile the source code yourself.
>
>[snip, snip]
>
>Really?  All 60,000 or so lines, including all 'includes' or attachments?
>
>I'll bet you can't find 10 out of 1,000 users who have read the total source,
>let alone comprehended and validated it.

Depending on the system, compiler and version of PGP, compilation may or
may not function as expected.

I have had a number of odd problems compiling the code for the PC over the
years.  (It has always compiled easily on the Unix boxes I have used.)  The
"gorrila" version on the Cypherpunks FTP site does not want to compile at
all.  (It wanted specific libraries that were not in the version of the
compiler I was using.)  Microsoft's compiler had a few odd problems as well
with some of the earlier versions.  (I think I was compiling PGP 2.6 with
VC++ 7.0.)

Also, you have to have the compiler in the first place.  The latest
compilers are getting pretty big.  (100+ megs!)  Most people either do not
have the disk space, the money for them (or do not know where to get free
ones), or the needed arcane knowledge to get the compile to happen at all.
(And if there was a subtile bug in the code, most people would not be able
to find it.  This includes many programmers.)

BTW, there is a Windows95 console version of the International version.
(Check out http://www.ifi.uio.no/pgp/download.shtml for versions
available.)  It is the "non-us approved" version, so use at your own risk.

My problem with PGP is that there is no protection for information on what
keys are on your secret keyring.  It would be quite possible to create a
program that read the keyring and saved off the names of all nyms and
truenames it found there.  (It would make it quite easy to then find out
that "Nym X" is associated with "User Y".)  And with Active X, it could be
offloaded to a remote site without anyone being the wiser...

---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From tcmay at got.net  Thu Nov  7 11:19:38 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 11:19:38 -0800 (PST)
Subject: Pseudo-law on the list and libel
In-Reply-To: <199611070327.VAA10208@einstein>
Message-ID: <v03007800aea7c8fe63ab@[207.167.93.63]>



This is not a comment on the Vulis-Gilmore issue, about which much too much
has already been posted here. But I believe Jim Choate is quite wrong about
a point he makes:

At 9:27 PM -0600 11/6/96, Jim Choate wrote:
>Hi all,
>
>There is one important legal aspect which the operator of the Cypherpunks
>mailing list has opened themselves up for with this action. In short they
>have now opened themselves up for defamation and liable suites by imposing
>an editorial policy on the contents of this list (1).
>
>This opens up the potential, for example, for Tim May to sue the operator of
>the Cypherpunks mailing list now for posts from users (even anonymous ones)
>which defame or otherwise liable his character, reputation, or ability to
>pursue income in his chosen field. In short the operators of the list
>becomes publishers and distributors of the material. It is the legal
>difference between a bookstore and a book publisher.

So, if a bookstore ejects a drunken lout who is disturbing the other
patrons, is the bookstore suddenly reclassfied as a book publisher? By your
logic, you seem to think so.

So, if I have a party at my house and limit who I invite, or eject someone
who is misbehaving (insulting my other guests, barfing on the floor,
smoking when I tell him not to, whatever), you are saying that I "open
myself up for libel suits" by other guests who don't like the things they
hear from others at my party?

So, anyone who exercises ownership rights to his property suddenly becomes
legally responsible for the alleged misdeeds of anyone visiting his house?

Could you cite some cases supporting your point of view?

(I can think of some peripherally-related cases, such as cases where a bar
has been held liable (note: "libel" is not the same as "liable") for
serving too many drinks to someone already drunk. I happen to disagree with
this outcome, strongly. However, it is far from establishing that a bar
which enforces certain rules ("no shirt, no service") and which has an
entire class of employees hired to _eject_ patrons has suddenly become
liable for slanderous comments made by customers. And so on.)


>I have argued in the past that this list is a defacto public list because of
>the way it is advertised and to the extent it is advertised. All the protests
>by the operator to the contrary will not convince a court.
>
>Hope you folks have a good lawyer.

Pseudo-law on this list is really getting out of hand.

(By the way, I include my ideological usual-ally Black Unicorn on this
point. I'm chagrinned that he so quickly and on so many issues has made
statements about filing lawsuits--for defamation, for "false advertising"
(!!!!), and so on. Not only is this counter to the views many of us hold--I
think I sense the zeitgeist of the list--but it is supremely ineffective,
as none of these threatened lawsuits ever seem to materialize, thankfully.
Using the threat of a lawsuit as a rhetorical debating strategy is not
effective.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From dlv at bwalk.dm.com  Thu Nov  7 11:31:12 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 7 Nov 1996 11:31:12 -0800 (PST)
Subject: [NOISE] [philosophypunks] [Vulis] Mills & Hallam-Baker
In-Reply-To: <199611070857.JAA01800@digicash.com>
Message-ID: <wk81wD1w165w@bwalk.dm.com>


Bryce <bryce at digicash.com> writes:
>  hallam at ai.mit.edu writes:
> >
> > If we return to the original basis on which Mill opposed censorship
> > its not hard to find out why Dimitri is denied his support. The
> > argument is based on the need to keep alive debate.
> 
> That was only one of several arguments.  Another was that the
> potentially-censored speaker might be right!  I don't remember

of course I'm right.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Thu Nov  7 11:34:03 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 7 Nov 1996 11:34:03 -0800 (PST)
Subject: [NOISE] Re: Vulis profile
In-Reply-To: <Pine.SCO.3.93.961106191634.23586E-100000@grctechs.va.grci.com>
Message-ID: <2T81wD3w165w@bwalk.dm.com>


"Mark O. Aldrich" <maldrich at grci.com> writes:

> On Wed, 6 Nov 1996, John Anonymous MacDonald wrote:
> 
> > I had some free time this morning, and just for fun, thought I'd 
> > create a brief Net profile of our friend Dr. Vulis.  Here's what 
> > I found (sources included):
> <snip>
> > Number of articles posted to individual newsgroups (slightly 
> > skewed by cross-postings): 
> <snip>
> >           4 alt.sex.plushies 
> <snip>
> 
> 
> You gotta be kidding me.

That's right. alt.sex.plushies is for people who have sex with plushy animals.
(My 4 cross-posts were actually a part of the thread about the censors who
forge cancels for articles in a.s.p that they consider off-topic. As you see,
the cypherpunks mailing list is not the only forum being censored.)
That was my only interest in a.s.p. Why, does Timmy May (fart) have sex with
plushy animals in addition to his two cats?  How disgusting.,
> 
> People, let's just not even get this started - everyone, close your eyes,
> take a few deep breathes, and repeat, "I'm not going to touch this - I'm
> not going to touch this - I'm not going to touch this." 
> 
Mark, I found Misha Verbitsky'd writing about me very amusing.  As long as
one realizes that he's making it all up, it's very funny. He has more stuff
as his Harvard site, about Alex Thurston and Rabbi Shlomo Ruthenberh who he
claims are my tentacles. Check it out.

(But when someone is stupid enough to run around citing a work of fiction as
if it were true, the way Timmy May (fart) does, that person is clearly an idio
t.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From trei at process.com  Thu Nov  7 11:39:10 1996
From: trei at process.com (Peter Trei)
Date: Thu, 7 Nov 1996 11:39:10 -0800 (PST)
Subject: (Fwd) Re: Euro Key Escrow
Message-ID: <199611071939.LAA19203@toad.com>


>From the SSL-users mailing list.

------- Forwarded Message Follows -------
Subject:       Re: Euro Key Escrow
To:            ben at algroup.co.uk
Date:          Thu, 7 Nov 1996 13:42:16 +0100 (NFT)
Cc:            cypherpunks at toad.com, ssl-talk at netscape.com, ssl-users at mincom.com,
               ietf-pkix at tandem.com, ben at gonzo.ben.algroup.co.uk
From:          um at c2.net (Ulf =?ISO-8859-1?Q?M=F6ller?=)

> It is, apparently, true that the EC is considering schemes for key escrow, by
> "trusted third parties"

There is an extensive survey at the European Cryptography Resources page,
http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html

The EU commission's group DG XIII has been discussing key escrow for quite
some time, but they have not yet been able to agree on a position.
Jerome Thorel has posted some rather scaring interviews with EU official
David Herson who is in favor of a key esrow scheme. Victor Mayer-Schoenfelder
reports that crpyo regulation is likely to be delegated to the more liberal
DG XV.

A number of member states, such as Denmark, very unlikely to accept key
escrow.

> ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps

Ross Anderson has analyzed Mitchell's scheme, drawing the conclusion that
"The GCHQ protocal is very poorly engineered." See
ftp://ftp.cl.cam.ac.uk/users/rja14/euroclipper.ps.Z

> I'm informed that this is likely to be introduced into EC legislation, though
> my understanding is that members are not required to actually incorporate the
> legislation. No doubt France will embrace it with happy shouts.

The final decision will almost certainly with the member states, because
cryptography is considered essential for national security.







From maldrich at grci.com  Thu Nov  7 11:39:24 1996
From: maldrich at grci.com (Mark O. Aldrich)
Date: Thu, 7 Nov 1996 11:39:24 -0800 (PST)
Subject: Is there a Win PGP?
In-Reply-To: <199611071228.GAA22584@mailhub.amaranth.com>
Message-ID: <Pine.SCO.3.93.961107141416.26496A-100000@grctechs.va.grci.com>


On Thu, 7 Nov 1996, William H. Geiger III wrote:

> Does anyone know if you can purchace a commercial license from ViaCrypt/PGP Inc. but
> use the standard PGP for commercial purposes?
> 

Yes, that's one way of doing it.  Phil's mentioned this in his PGP doc, as
I recall.  He says, <paraphrase> 'if you use it commercially, you have to
make certain I make a buck off this - either send me one, or buy a license
from ViaCrypt."

However, you should also know that PGP Inc. (formerly called ViaCrypt)
sells *TWO* versions of the software.  The PE (or personal edition)
doesn't have the "master key" feature.  If you don't want to use the
encrypted file recovery, then don't order the software that has it.

In the BE (business edition), there's an option to force Big Brother into
every recipient list.  This means that the boss can put him/herself onto
the list of "encrypt to whom" whether you want him/her there or not.
Also, the BE recognizes some nuances in keys that the freeware doesn't:
You can have "sign only" and "encrypt only" keys.  Thus, you can give
everyone a PGP key for digital signature (because, let's say, you want
those powerful non-repudiation capabilities), but if it's a sign-only key,
they can't encrypt anything with it.

I'm also confident that these "features" are very hackable.  Someone could
easily tweak the copy of the public key for Big Brother so it encrypts to
something for which nobody (who can be found) holds the other half of the
key pair.  I'm sure there are some check digits, but I also know that it's
going to be damn hard, with software sitting on my disk on my PC, for you
to keep me locked out of it for very long.  I'm sure that Cypherpunks
could contribute something valuable in creating the "Hacking PGP 4.0
Business Edition FAQ."  Anyone for a little R&D?

The purpose (as it's been explained to me by PGP Inc.) for the BE/PE
changes was to increase the *CHOICES* that PGP users were being given
- not to change PGP into something with key escrow.  (The secret
keys still are secret - there is no escrow).  Everyone knows full
well that there are many companies who won't ever touch PGP unless it's
equipped with some "fail safe" that permits them to enforce their INFOSEC
policy.  Recovering files that were encrypted by people whom have
forgotten their pass phrases is in line with most corporate policies.

Bottom line:  Buy the version you want.  If you don't like the BE
features, then don't pay for them or use them.

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich at grci.com       |
|What I paid                              | MAldrich at dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------






From trei at process.com  Thu Nov  7 11:39:58 1996
From: trei at process.com (Peter Trei)
Date: Thu, 7 Nov 1996 11:39:58 -0800 (PST)
Subject: (Fwd) Euro Key Escrow
Message-ID: <199611071939.LAA19225@toad.com>


>From the SSL-TALK mailing list.

------- Forwarded Message Follows -------
Subject:       Euro Key Escrow
To:            cypherpunks at toad.com, ssl-talk at netscape.com, ssl-users at mincom.com,
               ietf-pkix at tandem.com
Date:          Thu, 7 Nov 1996 09:21:55 +0000 (GMT)
From:          Ben Laurie <ben at gonzo.ben.algroup.co.uk>
Cc:            ben at gonzo.ben.algroup.co.uk
Reply-to:      ben at algroup.co.uk

Someone, somewhere, posted a rumour that Europe was about to go for a key
escrow scheme known as "Royal Holloway".

I have done a little research and gleaned the following:

It is, apparently, true that the EC is considering schemes for key escrow, by
"trusted third parties" (trusted by who, I'd like to know?). "Royal Holloway"
is one of these schemes. It is named after the college of origin, if anyone
cares. It essentially revolves around each pair of TTPs sharing two out of
three parts of a key, and generating the third part for each of their users.
The idea is that either of the TTPs who generated keys for an encrypted
message exchange can decode it (by using the private key of their "client" and
the public key of the other TTP's "client").

Full details can be found at:

ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps

This is in PostScript. I'm not aware of any plain text versions.

I'm informed that this is likely to be introduced into EC legislation, though
my understanding is that members are not required to actually incorporate the
legislation. No doubt France will embrace it with happy shouts.

Of course, it is our duty as netizens to resist this kind of rubbish, and I
encourage you to write to your MP/EuroMP (or local equivalent).

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author







From jmr at shopmiami.com  Thu Nov  7 11:40:34 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Thu, 7 Nov 1996 11:40:34 -0800 (PST)
Subject: Who owns cypherpunks
Message-ID: <199611071940.OAA83990@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Fri Nov 08 02:39:25 1996
Jim Choate writes:

> There is one important legal aspect which the operator of the Cypherpunks
> mailing list has opened themselves up for with this action. In short
>  they
> have now opened themselves up for defamation and liable suites by
>  imposing
> an editorial policy on the contents of this list (1).

I fear you mean "libel," and I think not. (see below.)

<snip>

> Censorship is censorship, irrespective of the source of the limitation.

Oh good. I think I'll sue the Miami Herald for not printing my last letter 
to them. After all, they "censored" me, right? NOT!!!

> Free expression is impossible in an environment of censorship. The right
>  to
> speak not only implies a right to not speak, it also implies the right
>  to
> emit complete mumbo jumbo.

I'm afraid we have an excess of living proof around here, lately. <sigh> I 
am beginning to see why people vote the way they do...

>The actual content of the speech is irrelevant.
> 
> The Constitution guarantees freedom of speech and press. This does not
>  imply
> in any way an abrogation of responsibility by the party speaking or
> distributing it. Only that they would not have limitations on their
>  actions
> imposed by the federal government.

I am beginning to wonder if you are serious about promoting John to the 
level of "the federal government." If this was a joke and I don't get it, I 
ma sorry to have taken you seriously.

>                               ARTICLE I. 
>  
>       Congress shall make no law respecting an establishment of religion, 
> or prohibiting the free exercise thereof; or abridging the freedom of 
> speech, or of the press; or the right of the people peaceably to
>  assemble, 
> and to petition the Government for a redress of grievances. 

[Would that it were so, but...] John is not in the U.S. Congress, and even 
if he were, this list is _his_ property, not mine, and not yours. He can do 
with it what he likes.

<snip>

> I have argued in the past that this list is a defacto public list because
>  of
> the way it is advertised and to the extent it is advertised. All the
>  protests
> by the operator to the contrary will not convince a court.

Name one ad for cypherpunks. This list is John's property, and he could cut 
us all off tomorrow for any reason or no reason. Deal with it. I seriously 
doubt that even the most socialistic judge in the U.S. (and there are 
plenty) would buy this kind of garbage.

> Hope you folks have a good lawyer.

I'm sure John's quaking in his boots. Reread my campground analogy, and try 
to refute it. You can't. Go start your own list with no moderation. Go start 
a more moderated list than John's, like Perry's will be. Do whatever, but 
this moronic thread must end! It is very strange to me that the people 
asserting some sort of "implied contract" among cypherpunks have yet to 
offer to pay even *one* month of John's costs. If you want to call the tune, 
then pay the piper (if he lets you). If you don't, then be quiet about what 
you're obviously ignorant about.
JMR


Please note new 2000bit PGPkey & new address <jmr at shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMoLjsTUhsGSn1j2pAQFE6AfQgbWxLHSqdGMsKEg+jUSlMIsctR8MIQ6i
ZU+7JFoSiAREYIrsrlMs7AYsuzLvaGYLTdlT3reC9EvmWPchfawV+tYzBlKZkLs3
vS6PTghqovDheIiEmwr+E4zq9yuV/ElGs7ZOuO4Ob9LuwSx7Tm+m6OQNGuOoGjpV
Y6Gc6vFZ2fEb/Yt3qadQF1Q2Zlf+qjVjglilOefoe2Q+7y7FhYysTvlLGqc42h0P
M5J/fbZ3RtpT6dtkT7sqHvj4eZtDMpdn+bXseJkQv4jsbolTyTGR88ee3HU1P/I7
ywWPtOZdoPpP6lSraF0S+PxBOEpkeTRI84Xxw1Jbtblx9Q==
=014g
-----END PGP SIGNATURE-----






From unicorn at schloss.li  Thu Nov  7 11:42:00 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Thu, 7 Nov 1996 11:42:00 -0800 (PST)
Subject: Group order for "Secret Power" ... (San Francisco Bay Area only)
In-Reply-To: <199611070610.XAA18229@infowest.com>
Message-ID: <Pine.SUN.3.94.961107143847.13280B-100000@polaris>


On Thu, 7 Nov 1996 attila at primenet.com wrote:

> In <v03007800aea4b053298a@[207.167.93.63]>, on 11/05/96 
>    at 12:53 AM, "Timothy C. May" <tcmay at got.net> said:
> 
> .At 1:14 PM -0800 11/4/96, Ernest Hua wrote:
> .>I'm looking for 19 other people interested in "Secret Power" (Craig
> .>Potton Publishers has indicated that there is a discount for 20 or
> .>more copies).  If you are in the San Francisco Bay Area, please
> .>contact me by phone or E-Mail.
> 
> .Just wondering...doesn't such a call for a group purchase of such a
> .dangerous book constitute a RICO (Racketeer-Influenced and Crypto
> .Organizations Act) violation?
> 
> .--Tim May
> 
>         I trust your RICO (Racketeer-Influenced and "Crypto" 
>     Organizations Act) is tongue in cheek?   The original title was
>     "Corrupt" not "Crypto," though I am sure our friendly 'rules for
>     them and rules for us' racketeering influenced corrupt organization
>     for a government could define it whatever it to suit their
>     purpose....
> 
>         as to the suggestion/question --how would you contstruct the
>     group purchase of a book to involve RICO?   "racketeering" is 
>     defined as a criminal association whose purpose is to intimidate 
>     others and to deny them theor pursuit of the American dream... 
>     (over-simplified).

See my outline some time ago on the RICO statute and related laws.

I'll dig it up and repost it if there is enough interest, or write another
summary.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From adam at homeport.org  Thu Nov  7 11:45:31 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 7 Nov 1996 11:45:31 -0800 (PST)
Subject: Validating a program
In-Reply-To: <3281FB84.3560@gte.net>
Message-ID: <199611071941.OAA13267@homeport.org>



Dale Thorn wrote:
| stewarts at ix.netcom.com wrote:
| > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
| > >> > Last,  I would like to know once and for all,  is PGP compromised,  is
| > >> > there a back door, and have we been fooled by NSA to believe
| > >> > it's secure? 
| > You can read and compile the source code yourself.

| Really?  All 60,000 or so lines, including all 'includes' or attachments?
| 
| I'll bet you can't find 10 out of 1,000 users who have read the total source,
| let alone comprehended and validated it.

	The fact that most readers have not examined it does not mean
that the availability of the source is not important.  If the source
was tightly held, perhaps some experts would have seen it.  Thats not
likely, security experts are in high demand today, with companies
paying a lot for their time.  Phil could not have competed.

	In addition, up and coming experts, curious amatuers, and
students couldn't have looked at it.  Having your protocol open to
wide review is a good thing even if few people take advantage of it,
because you may hire the wrong experts.  The experts you hire may miss
something.  Someone may have a new attack under development, and not
be able to try it against your software.

	The multitude of hackers who ported pgp also contributed a
large stack of bug reports and fixes.  Without source availablity, the
mac, os/2, amiga & UNIX ports would be held up, or perhaps not exist.

	Publicly distributed source code also tends to be of higher
quality (see Fuzz Revisited, at grilled.cs.wisc.edu)


	In short, if you're paranoid, feel free to look over the
source.  But the fact that most people have never peeked under the
hood is not a strike against pgp at all.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume








From rcgraves at ix.netcom.com  Thu Nov  7 12:03:06 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Thu, 7 Nov 1996 12:03:06 -0800 (PST)
Subject: Is there a Win PGP?
Message-ID: <199611072000.PAA21968@spirit.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Ben Laurie wrote:
> 
> I did a port of PGP to a Windows DLL a long time back, but I never got 
> around to releasing it. I could bring it up to date and put it out
> there if there is popular demand.

I think that would be cool, especially given the growth in Windoze web 
servers and the halting start of PGP authentication for the web.

Another WinPGP, of a sort, designed for email only, is FTP OnNet. You 
can get a demo from http://www.ftp.com/cgi/newmail.cgi

They still haven't put any real export controls in place.

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMoI/9yoZzwIn1bdtAQGG+wGAsSx6NcpJHxOgI1bwa52M2Fogd29C4XmO
iMr/eoKCWRj+vIHjbLhNsPT966WmgiWT
=SKCU
-----END PGP SIGNATURE-----





From alzheimer at juno.com  Thu Nov  7 12:05:21 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Thu, 7 Nov 1996 12:05:21 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961107.140607.9415.0.alzheimer@juno.com>


Financial Times: Tuesday, November 5, 1996
 
Visa Launches New Multi-Function Card 
 
By Mark Ashurst in Johannesburg
 
Visa International yesterday launched its first multi-function smart
cards in
partnership with two South African retail banks, First National and
Nedcor. 
 
The new cards combine debit, credit, and pre-paid facilities, by using a
microchip in place of the traditional magnetic strip. 
 
Ms Anne-L. Cobb, president of Visa Central and Eastern Europe, Middle
East and Africa, said the deal fulfilled "Visa's vision of the future of
card
payment products". Chip-based cards would replace paper-based and
magnetic strip-based cash systems within 20 years, she said. South
African
banks were "very much in the lead" in developing this technology for
debit
and credit services. 
 
FNB and Nedcor have issued more than 200,000 multi-function cards,
under their own brands, since the South African industry agreed on an
inter-bank standard for smart cards in October, 1995. 
 
These cards will now be branded with Visa, and will be converted to
international EMV, Europay-Mastercard-Visa standards by the end of next
year. 
 
A common standard for card transactions in South Africa had been adopted
later than in many developed countries, but was already close to the
international EMV standards agreed earlier this year. 
 
The South African variant would "allow customers access to multiple
accounts at their financial institution," said Ms Cobb. In time, the
cards would
also be used to encourage loyalty programmes and to store personal
information. 
 
The Visa branding is expected to raise use of multi-function cards. Ms
Gail
Kelly, general manager of Nedcor card services, said the two banks would
invest R5bn-R7bn (#651m-#912m) in upgrading technology at retail points
and banking machines with the aim of issuing 1m new cards within a year. 
 
In June, Visa acquired the rights to the Universal Electronic Payments
System, a software package used by South African banks to manage
inter-bank cashflows. The group was "working with the two South African
banks to implement the future platform" for global inter-operability,
said Ms
Cobb. 
 
South African banks have pioneered chip-based cards because of the
country's poor telecommunications infrastructure and an over-reliance on
cash in a society riddled with violent crime. It was initially devised by
South
African brewers as a safer and more efficient alternative to cash on
delivery.
Less than 30 per cent of credit card transactions are authorised on-line
because of telecommunications problems. 
 
However, a microprocessor and memory chip embedded in the new cards
keeps track of clients' spending, reducing the banks' risk in card
transactions.
 

This would make formal banking services more widely available to low
income groups, said Mr Viv Bartlett, FNB managing director. 
 
The cards, secured by personal PIN codes, enabled "off-line transactions
without the umbilical cord linking points of sale to mainframes". 
 
They could also be prepaid for use as "an electronic purse", which was a
safer alternative to cash. 
 
Ms Kelly said the South African model should not be compared with current
projects involving the use of smart cards for electronic commerce in
Australia, France and Japan. "We are not testing. We are authorising
credit
cards and debit cards." 
 
 Asiaweek: November 8, 1996
 
New Competitors and Technology Shake up Card Industry
 
By Cesar Bacani and Julian Gearing 
 
You take pride in being a responsible credit-card user. You make sure you
never exceed your credit limit. You avoid using cash-advance privileges
even
in emergencies. And every month, you pay in full the outstanding balance
on
your card on or before the due date. A model customer?
 
Think again. Looking at your spotless payment record, the bank officer in
charge of your account is likely to throw up her hands in despair and
ask:
"How can we persuade this cardholder not to pay on time?"
 
The truth is that the people behind plastic money make the most profit
from
interest payments on overdue bills and cash advances. The problem: Asians
generally don't like debt. "Many of the cards used in the region are
debit
cards, which deduct money from the holder's bank account as soon as a
purchase is made," says Niall Brady, a senior researcher and analyst with
the
Dublin-based financial-services research organization Lafferty Group. 
 
The number of credit cards -- plastic that allows users to pay only a
portion
of what they owe every month -- is estimated at less than 310 million
across
Asia last year. That's not a lot in a region that is home to about half
of
humanity. 
 
But as Asians grow more affluent, card associations like Visa and
MasterCard are betting they will be willing to take on more debt to
finance
their purchases. They see opportunities in the rising numbers of Asians
traveling overseas and the liberalization of the financial-services
industry.
New players are joining them. 
 
American Express recently introduced a new credit card in Hong Kong. GE
Capital has chosen Indonesia as the launch pad for its first card outside
the
U.S. "There will be a far more competitive environment in Asia for cards
in
five to seven years," predicts Steven Pinto, a vice-president at Citibank
in
Singapore. 
 
"With 2.7 billion inhabitants, this region has real potential," says
Michael
Lafferty, founder of the group that bears his name. How real? In the
U.S.,
which has 276 million people, there is one credit card for every person.
But
some governments worry that easy access to credit may erode their
people's
traditional savings ethic, which is credited with sustaining the region's
economic boom. 
 
Last week, Finance Minister Anwar Ibrahim required cardholders in
Malaysia to pay the government an annual $20 service tax on each of their
credit cards. About 42% of $1.7-billion worth of credit-card transactions
in
June was overdue. Kuala Lumpur already requires every cardholder to pay
at least 15% of his outstanding balance. 
 
To understand what is happening, it helps to know how the card industry
works. The major credit-card associations, Visa and MasterCard, provide
the brand name and authorization service.
 
Banks and other financial institutions buy shares in one or both groups,
which
makes them association members and gives them the right to issue Visa and
MasterCard credit cards. The issuers make money from fees and interest on
cash advances and overdue payments levied on cardholders.
 
The associations are paid by issuers for every credit-card authorization
they
process and other services. 
 
American Express, Diner's Club and Japan's JCB issue charge cards, which
require users to pay monthly balances in full. Amex has added a
credit-card
line to its traditional charge- card range. After launching its Optima
credit
card in the U.S. in 1987, it introduced the American Express Credit Card
in
Britain in 1995. The Amex plastic was brought to Canada, Hong Kong and
Australia this year. Visa and MasterCard have asked their members to
think
twice before deciding to market the new product.
 
The intramurals aside, all brands face tough challenges in Asia. "It's
very easy
to think that the Asian market is homogenous, but there are major
differences," says Suresh Nanoo, regional director of brand management
for
Visa. Japan and Taiwan do not like debt. Malaysians, Singaporeans and
Thais are more receptive, but their governments are not.
 
"If everyone becomes a big spender, it could become a problem for the
whole country," says Tarisa Watanagase of the Bank of Thailand, which
early
this year doubled the annual salary requirement for cardholders to
$9,420. 
 
With just 14 million credit cards for its 1.2 billion people, China has
huge
potential. But tight controls there - only state-owned banks can issue
plastic,
for example - are stunting growth.
 
Largely unfettered by government intervention, the Philippines, Indonesia
and
India are considered among Asia's best credit-card prospects. Indonesia
had
1.4 million cards by the end of 1995. "Industry insiders believe it can
easily
support a card base of 4 to 5 million," says Brady.
 
As for the Philippines, "the top five credit-card issuers, which
[together] have
averaged 33% annual growth since the early 1990s, had fewer than 700,000
cards last year" -- three times less than the potential immediate market.
For
its part, India is estimated to have up to 2 million cards. "The general
consensus is that this could grow to as many as 10 million by 2000," says
Brady. 
 
The problem is infrastructure. Telecommunications (for credit
authorization]
and postal systems (for billing) are often unreliable. The absence of
credit-checking agencies makes screening card applications a headache.
 
And a nationwide merchant network is not yet in place. This is where an
international player's financial muscle and commitment make a difference.

 
Citibank has become the leading credit-card issuer in India and
Indonesia,
and ranks second in the Philippines. It set up subsidiaries that focused 
entirely on credit-card operations, including card marketing and credit
screening. 
 
Rivals like Hongkong Bank and Standard Chartered Bank are following
Citibank's lead. "But local competitors are in the best position to
develop the
retail outlets where credit cards can be used," says Brady. "Only they
have
the on-the-ground presence needed to establish and service
merchant-acceptance networks." Equitable Card Network, for example,
boasts the largest merchant base -- 18,000 shops -- in the Philippines.
Because of government curbs, credit-card firms are under pressure in
Singapore (number of credit cards: 1.6 million) and increasingly so in
Malaysia and Thailand (1.8 million each). "The most draconian of
Singapore's restrictions came into force in August," says Brady. "It caps
the
maximum credit limit to twice the cardholder's monthly income. This also
robs charge-card issuers like American Express and Diner's Club of their
competitive weapon -- no pre-set spending limits."
 
The government requires all cardholders to earn at least $21,275 a year
-- more than four times the typical annual salary issuers in
laissez-faire Hong Kong ask for. 
 
Not all restrictions have turned out badly for the credit-card industry.
In South Korea, banks generally cannot extend card-based revolving credit
-- debt that cardholders can run up so long as they pay off part of the
principal and the interest owed every month. Credit cards thus function
essentially as deferred debit cards -- payment is automatically debited
from the cardholder's bank account.
 
But issuers still earn money on interest payments. Because of Seoul's
tight
credit policy, Koreans make wide use of cash advances. The card
associations profit from processing transactions involving the country's
33 million credit cards. MasterCard says Korea is its most profitable
Asian market after Japan, which has 230 million cards. Tokyo allowed
banks to grant card-based revolving credit in 1992. Four years on, only a
fifth of Japanese consumers use plastic regularly and almost all clear
their entire balance every month. Cash also remains king in Hong Kong,
one of Asia's most mature credit-card markets.
 
The territory, which has a population of 6.3 million people, has an
estimated
5 million credit cards. But credit-card purchases account for only 5% of
all
transactions (22% in terms of value) and drawing cash advances on credit
cards is not common.
 
The purveyors of plastic are learning to flow with the cash tide. In Hong
Kong, Visa is trying out VisaCash, a card that users can throw away after
using up its money value. It can be used to make small purchases like
newspapers in participating outlets. MasterCard Cash is more versatile:
it's a
debit card with a chip that can load and reload money from automatic
teller
machines.
 
"You can use the debit function for big purchases and the cash for small
items," says Margaret O'Connor of MasterCard in Singapore. The microchip
in Hongkong Bank's Mondex cash card also reloads electronic cash, though
the card itself cannot be used as a debit card
 market research indicates that many in Hong Kong are willing to pay for
the
convenience," says Manjoosh Joshi, manager of Hongkong Bank's Project
Mondex. Won't these chip-based smart cards cut into credit-card use?
"They complement each other," says Francis Hsu, a senior manager at
Hongkong Bank's credit-card center. "Cash cards are for small-value
transactions while credit cards are for big- ticket items." 
 
Amex president for Asia Stephen Friedman says: "Companies will just have
to learn how to deal with smart cards." 
 
Some credit cards already use smart-card technology. Manila's Bankard
One has a microchip that makes charge slips and signatures unnecessary.
U.S. consultant Jerome Svigals, who helped develop the magnetic strip on
today's cards, sees this as the wave of the future: "Smart cards will do
away
with on- line authorizations. That's bad for card associations, which
gain 90%
of their income from this service." An exaggeration, says Visa. 
 
"Cards cannot operate in a totally off-line environment," argues
spokeswoman Sonja Kernon. Card associations get income from other
services such as reconciling balances and settling accounts. 
 
There are other ways to make money. Some issuers charge merchants high
rates for the privilege of carrying their cards. To encourage
borrow-and-buy
binges, others target young Asians, who are more willing to pile on debt.
 
There are credit cards just for women, doctors and other professionals.
Issuers are also developing proprietary brands, allowing them to bypass
the
card associations and sometimes to cut customer and other fees. 
 
All this means the poor consumer gets inundated by offers. How to choose?

"Are you going to use the card simply as a convenient way of payment?"
asks
Brady. If so, consider a charge, debit or cash card. If you want credit,
look
for plastic with a low annual interest rate.
 
And be wary of your emotions. "On the rational plane, you're going for
reasonable fees, a reasonable rate of interest and a reasonable rate of
merchant acceptance," says Citibank's Pinto. "But in status- conscious
Asia,
brands also matter. You ask yourself, `what does this card say about
me?'"
You'll have lots of choice - just read the fine print. 
 
GETTING THE MOST FROM YOUR CARD 
 
If you intend to pay the balance every month, you may be happier with a
charge card, which has no pre-set spending limit. But there are killer
surcharges on defaults and you get only a short grace period before the
issuer cancels your card. 
 
If you plan to pay the monthly bill in full but still want a credit
facility for
emergencies, look for a credit card with no annual fee. The trade-off: a
sky-high interest rate on overdue payments and cash advances. 
 
If you mean to pay only part of what you owe every month, shop around for
a credit card with the lowest interest rate. American Express has shaken
up
the Hong Kong market with an 18% interest rate on its new credit card, 6
percentage points lower than the competition. 
 
Check out the card's market acceptance. Many shops may not take the
brand. Or they may slap a surcharge on purchases, even though it violates
their agreement with the issuer.
 
Look at the incentives on offer. As competition heats up, issuers are
coming
up with frequent-flyer programs, hotel discounts and free merchandise.
But
make sure you are not required to spend a huge amount before you can get
the freebies. 
 
 
Washington Post: Monday, November 4, 1996
 
Internet Banking With a Sales Twist
 
By Brad Dorfman
 
As the world's first Internet bank, Atlanta-based Security First Network
Bank has had an identity problem with many potential customers. 
 
"We get a lot of questions," chief executive James Mahan III said. " 'Are
you
real? Are you virtual? Where are you really?' " 
 
Part consumer bank, part software testing site, Security First opened its
virtual doors a year ago this month. But now it plans to add actual
doors,
opening small offices in Atlanta, Cambridge, Mass., and Silicon Valley in
California. "I think we can more effectively market if we have a physical
presence," Mahan said in an interview. 
 
Comparing his bank to discount brokerage firm Charles Schwab & Co.,
Mahan said having the offices may give customers a sense of security,
even if
they never use an office. 
 
Security First's current location is on the Internet. The bank is one of
five in
the United States that operate directly on the Internet, according to the
Bank
Administration Institute.
 
Federally insured Security First can be reached at the Web site
www.sfnb.com, a home page that looks like a bank lobby. Customers can
reach their accounts anywhere they have access to the Internet, rather
than
being tied to a single terminal where they have finance software, as is
true
with many other computer banks. 
 
"Our goal was to have a bank that was fully interactive, where an
individual
could see all his information," Mahan said. 
 
Most Security First customers have a money market account and a demand
deposit account. Customers can open an account with $ 100, an amount
most choose at the start to make sure the bank works, Mahan said. 
 
Customers can pay bills electronically, purchase certificates of deposits
or
acquire Visa cards. Security First also is hoping to offer brokerage
products
and first and second mortgage products by the end of the year. Cash can
be
obtained through automated teller machines, and Security First absorbs
interbank fees for using the machines. 
 
With few costs for rent and other infrastructure, Security First can
offer
higher yields, Mahan said. The bank has been offering a six-month CD with
an annual percentage yield of 5.9 percent. 
 
Security First was spawned as an idea of Mahan, who was chief executive
at
Kentucky-based Cardinal Bancshares Inc., and Michael McChesney, who
was starting a security software firm. 
 
"He educated me on the Internet for years and years and years," Mahan
said.
Mahan used the charter of one of Cardinal's thrifts, changed its name to
Security First and used it to start the Internet bank. 
 
McChesney's firm, SecureWare Inc. developed software that Mahan said
has military-grade security. So far, the bank has not had its security
breached, Mahan said. "That doesn't mean that there haven't been a number
of sophisticated attempts," he said. "If you have enough money and enough
time you can break into anything." 
 
Outsiders agree that Security First has shown a record of being secure,
avoiding viruses and other potential dangers of Internet commerce. "They
do
use a level of security that the Pentagon reserves for its most secure
and
sensitive systems," said Paul Schmeltzer, an executive vice president for
network services at Southeast Switch Inc., which operates the Honor
Network, the fourth-largest ATM network in the country. "Is any security
design totally foolproof or totally secure? Probably not."
 
Selling that software and other programs developed for the bank is likely
to
be the prime money-maker for Security First. Mahan admits that Five Paces
Inc., Security First's software unit, will be the prime contributor to
the
company's net income. "The bank is really a test site to use as a
demonstration for potential customers of the software business," said
Gary
Craft, an analyst who follows the bank for Friedman, Billings, Ramsey &
Co.
of Alexandria. 
 
Security First has opened about 5,600 accounts. Most of its customers are
male, between the ages of 25 and 45, with average income above $ 63,000
a year. More than 80 percent own their own home, attractive demographics
for marketing. Security First also has attracted competition. This month,
Atlanta Internet Bank opened for business with customers of AT&T's
WorldNet Internet service. 
 
Unlike Security First, Don Sha pleigh, chief executive of Atlanta
Internet,
says he does not plan to open any customer offices. "I have the WorldNet.
I
have other ways to get out." 
 
Shapleigh also argues that Atlanta Internet is the first true
Internet-only  bank, saying that Security First is really a software
company. "I'm not selling software," he said. "I'm a banker." 
 
Atlanta Internet, which is a service provided by a unit of Carolina First
Corp., can be reached on the Internet at www.atlantabank.com. 
 
  
 
American Banker: Wednesday, November 6, 1996
 
Internet Bank In Australia Plans a Pilot Using Ecash
 
Ecash, the cash alternative for the Internet developed by Digicash Inc.,
has
entered Australia. 
 
Digicash, which is based in Amsterdam, said Advance Bank of Sydney has
licensed Ecash and is planning to begin testing it with Australian
consumers
and merchants by yearend. 
 
Ecash's competitors include Cybercash Inc.'s Cybercoin and the on-line
transfer capability of Mondex electronic cash. The latter, a smart-card-
based system, has the backing of most major banks in Australia and New
Zealand. 
 
Advance Bank, a second-tier bank with more than $10 billion of assets,
joins
a list of Ecash licensees that includes Mark Twain Bank of St. Louis,
Deutsche Bank in Germany, Merita Bank in Finland, and a postal bank in
Sweden. 
 
The Australian launching is "an important collaboration between the
premier
electronic cash company and the leading Internet bank in a country that
is
very advanced in Internet usage," said Digicash chairman and founder
David
Chaum. 
 
Advance Bank is "reinforcing its position as Australia's leading Internet
bank," said David Brown, the institution's head of public affairs. He
said
Ecash would complement customers' ability to see account statements,
transfer money between accounts, and pay bills through Advance's Internet
site.
 





From vznuri at netcom.com  Thu Nov  7 12:10:56 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Thu, 7 Nov 1996 12:10:56 -0800 (PST)
Subject: Pseudo-law on the list and libel
In-Reply-To: <v03007800aea7c8fe63ab@[207.167.93.63]>
Message-ID: <199611072010.MAA11330@netcom6.netcom.com>


TCM
>(By the way, I include my ideological usual-ally Black Unicorn on this
>point. I'm chagrinned that he so quickly and on so many issues has made
>statements about filing lawsuits--for defamation, for "false advertising"
>(!!!!), and so on. Not only is this counter to the views many of us hold--I
>think I sense the zeitgeist of the list--but it is supremely ineffective,
>as none of these threatened lawsuits ever seem to materialize, thankfully.
>Using the threat of a lawsuit as a rhetorical debating strategy is not
>effective.)

heh, I find Unicorn's zeal to sue anyone for anything quite comical
and suggestive of a high degree of immaturity.

but as to your point, the recent Forbes article on Bidzos makes it
clear that weilding a legal sword alone can be used quite
shrewdly, strategically, and effectively. 
the article is quite interesting in how it suggests
RSA was largely built on threatening to sue people. of course this
is slightly skewed, because RSA has done things like software
development that the article didn't mention.

actually the lesson seems to be that if you have a software
patent, the law can be your friend (esp. if you are a business), 
but if you want to sue someone who calls you names, the law is not very
accommodating. sorry, Unicorn, maybe you can lobby to fix this
little deficiency. <g>






From Jayme_Goldstein at brown.edu  Thu Nov  7 12:16:00 1996
From: Jayme_Goldstein at brown.edu (Jayme)
Date: Thu, 7 Nov 1996 12:16:00 -0800 (PST)
Subject: No Subject
Message-ID: <199611072015.PAA23493@golden.brown.edu>


PLEASE TAKE ME OFF YOUR MAILING
LIST!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!






From networks at vir.com  Thu Nov  7 12:20:51 1996
From: networks at vir.com (networks at vir.com)
Date: Thu, 7 Nov 1996 12:20:51 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT] (fwd)
Message-ID: <01BBCCBE.A9614F80@ipdyne9.vir.com>


Jim Choate Wrote:

> Hi all,
> 
> There is one important legal aspect which the operator of the Cypherpunks
> mailing list has opened themselves up for with this action. In short they
> have now opened themselves up for defamation and liable suites by imposing
> an editorial policy on the contents of this list (1).
> 
> This opens up the potential, for example, for Tim May to sue the operator of
> the Cypherpunks mailing list now for posts from users (even anonymous ones)
> which defame or otherwise liable his character, reputation, or ability to
> pursue income in his chosen field. In short the operators of the list
> becomes publishers and distributors of the material. It is the legal
> difference between a bookstore and a book publisher. 

It seems that, like a bookstore, the cypherpunks mailing list has the
right to choose the content it distributes and who it distributes the content
to.  Bookstores are free to select what titles they offer for sale, and can
even refuse to sell a book to a particularly annoying customer if they
so choose (my legal knowledge is lacking, but I think this is correct).

To extend the analogy, what has happened in this particular case 
is that Dr. Vulis is now forced to buy all his books by mail order :)

Thanks,

Alan Majer
networks at vir.com






From ph at netcom.com  Thu Nov  7 12:23:06 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 12:23:06 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b07aea7f1963f8c@[192.0.2.1]>


It appears to be widely believed that cryptoanarchy is irreversible.
Everybody believes that the race to deploy or forbid strong cryptography
will define the outcome for a long time.

I can't think of a reason why this should be so.

If the wide use of strong cryptography results in widely unpopular
activities such as sarin attacks and political assassinations, it
would not be all that hard to forbid it, even after deployment.

I am curious why many people believe this is not true.

Peter Hendrickson
ph at netcom.com







From rcgraves at ix.netcom.com  Thu Nov  7 12:27:13 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Thu, 7 Nov 1996 12:27:13 -0800 (PST)
Subject: Blocking addresses by default
Message-ID: <199611072025.PAA22083@spirit.hks.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mark M. wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> With remailer abuse becoming more popular and remailers going down
> because of complaints, there seems to be some interest in remailer
> software that will block all email by default and will only pass
> along email that is explicitly unblocked.

I think this threatens serious security problems for the remailer 
network in two ways:

1. You'd create a list of people interested in anonymous information,
   which could potentially be obtained by police or other armed thugs.

2. The traffic would go down so substantially that traffic analysis     
   would be trivial.

As a counterproposal, I'd like to see better disclaimers on remailed 
messages. The reason the people complaining are so pissed off is that 
the blocklists are neither advertised nor automated enough. I'd like to 
see disclaimers and block list instructions at the top of the body of 
every single message. This would be encapsulated in some mark characters 
so that it could easily be removed by remailer chains. E.g.,

 To: remailer at erehwon.com

 Request-Remailing-To: remailer at nowhere.com

 [message]

remailer at erehwon.com prepends the following to the message before it is 
sent along:

 $$
 This message was sent through the anonymous remailer network. Neither
 the operator of this remailer, remailer-op at erewhon.com, nor the
 postmaster at this site has any way of determining the source or
 filtering the content of remailer messages. No logs are kept. If you
 do not wish to receive such anonymous messages from any link in the
 remailer network, send an email message to remailer-operators at c2.net
 with subject line "block." For more information on the remailer
 network, see [Raph's list] or send email to help@[?].
 $$

remailer at nowhere.com looks for "$$" as the first line of the message, 
and strips everything up to the next occurrence of "$$". It then appends 
its own disclaimer block before sending the message to the hop (remailer 
or final destination).

A bit annoying, yes, but I think this would go a long way towards 
improving public relations. I don't see how it compromises security.

What's wrong with this scheme? Other than the fact that all remailers 
would have to change their software at the exact same moment. :-)

[By the way, someone told me that the Chardos remailer doesn't include 
Complain-To or block-list instructions anywhere, not even in X-Headers.
Is this true? I think that would be bad. [tm]]

- -rich
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMoJFnCoZzwIn1bdtAQEZSwF/eurxI6jVBcv4srS8FEE3Rtc5rVCTfyw8
gNrC5p5ZzBGgFCaM3MOair4gH91zH/HK
=oqSh
-----END PGP SIGNATURE-----





From dhagan at vt.edu  Thu Nov  7 12:50:55 1996
From: dhagan at vt.edu (Daniel T. Hagan)
Date: Thu, 7 Nov 1996 12:50:55 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea7f1963f8c@[192.0.2.1]>
Message-ID: <Pine.OSF.3.95.961107154908.14910A-100000@rottweiler.cslab.vt.edu>


On Thu, 7 Nov 1996, Peter Hendrickson wrote:

> It appears to be widely believed that cryptoanarchy is irreversible.
> Everybody believes that the race to deploy or forbid strong cryptography
> will define the outcome for a long time.
> 
> I can't think of a reason why this should be so.
> 
> If the wide use of strong cryptography results in widely unpopular
> activities such as sarin attacks and political assassinations, it
> would not be all that hard to forbid it, even after deployment.
> 
> I am curious why many people believe this is not true.
> 
> Peter Hendrickson
> ph at netcom.com

If I understand the reasoning, people beleive it is easier to prevent the
release of strong crypto. techiniques than to remove them once they are
released.  

Once a terrorist has strong crypto, why should they stop using it if it
becomes illegal?

Daniel

---
Daniel Hagan                 http://acm.vt.edu/~dhagan                CS Major 
dhagan at vt.edu 	       http://acm.vt.edu/~dhagan/PGPkey.html     Virginia Tech
     Key fingerprint =  DB 18 30 0A E1 69 7E 51  E2 14 E3 E3 1C AE 69 97






From rcgraves at ix.netcom.com  Thu Nov  7 12:53:46 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Thu, 7 Nov 1996 12:53:46 -0800 (PST)
Subject: [NOISE] If the shoe fits, wear it [VULIS]
In-Reply-To: <01BBCBF6.6CBDEC00@ipdyne9.vir.com>
Message-ID: <32824C50.227B@ix.netcom.com>


networks at vir.com wrote:
> 
> Rich Graves Wrote:
> 
> >You [meaning Vulis] are of course free to rant and rave about his 
> >[John's] hypocrisy, but expecially since you'll always be able
> >to post to the list, at least under a nym (the only thing he's
> >prevented is your reading the list under your own name), you're
> >only proving yourself to be an idiot.
> 
> The nature of the Internet means it is extremely difficult for John
> to prevent Dr. Vulis from either posting using a pseudonym or
> having messages forwarded to him.  IF it were possible to prevent
> Vulis from either reading messages or posting do you think John
> would have done that too?  Just curious.

I think that gets into "how many angels can dance on the head of a pin" 
territory, because it just isn't, and I certainly don't speak for him. 
But...

1. None of the "it was the right thing to do" crowd, which runs the
   gamut from my perspective to Sandy Sandfort's (concurring in
   conclusion, but radically different in reasoning), has said
   to indicate that such action would be totally wrong.

2. In my opinion, such action would deserve strict scrutiny -- not in   
   the legal sense, because it's a private matter, but from interested
   parties, yes. The "hypocrisy" and "arbitrary and capricious"
   judgements should be made and discussed by the users of the list. If
   they(we) think the action is wrong, we'd protest or leave. This is
   a question of persuasion or "voting with our feet," though, not of
   law.

Personally, I wish Vulis would just go away, permanently, and I would 
not consider any nonviolent, non-net-abusing means to stop his ravings 
inappropriate. However, I do not believe that there are any nonviolent, 
non-net-abusing means to stop his ravings, so we're at an impasse, as 
far as the cypherpunks list is concerned. I think that if this became a 
forum for Vulis-bashing, and he were unable to respond, then that would 
be very wrong; but I just don't see that happening. I can think of 
several examples where that kind of thing has happened, some of which I 
thought were reasonable (given the way the relevant forums were 
advertised), others of which I thought showed the moderator to be an 
intolerant, hypocritical asshole.

Given the facts of this case, I do not consider John to be an 
intolerant, hypocritical asshole. Given your hypothetical, and speaking 
only of Vulis, not of "others similarly situated," I would think no less 
of John if he were to decide to implement the technically impossible, 
provided that there was procedural transparency. I.e., announcing what 
had happened and allowing discussion of what happened was the right 
thing to do. Only if he kicked people off without telling the list, or 
lied about his reasons for doing so, or suppressed dissent with his 
actions -- which has happened in other moderated forums, but not here -- 
then would I have a serious [moral and personal, not legal or 
philosophical, since people have the right to be hypocritical assholes 
if they want to be] problem with it.

-rich





From mctaylor at olympus.mta.ca  Thu Nov  7 13:07:17 1996
From: mctaylor at olympus.mta.ca (Michael C Taylor (CSD))
Date: Thu, 7 Nov 1996 13:07:17 -0800 (PST)
Subject: Is there a Win PGP?
In-Reply-To: <199611071228.GAA22584@mailhub.amaranth.com>
Message-ID: <Pine.OSF.3.90.961107161755.5877A-100000@olympus.mta.ca>


On Thu, 7 Nov 1996, William H. Geiger III wrote:
> In <1.5.4.32.19961107072438.00dad0cc at popd.ix.netcom.com>, on 11/06/96 at 11:24 PM,
>    stewarts at ix.netcom.com said:
> 
> >For commercial applications,
> >you probably also need ViaCrypt anyway.  It was a nice product before they added Key
> >Escrow support.  Now that Phil has bought them, they'll presumably return to
> >political correctness on that issue.
> 
> Hmmm I don't think they actually had a Key Escrow Support. My understanding was that
> the user could create a master key that could be used to decrypt messages from the
> 
> Does anyone know if you can purchace a commercial license from ViaCrypt/PGP Inc. but
> use the standard PGP for commercial purposes?
>
> William H. Geiger III  http://www.amaranth.com/~whgiii

PGP Inc. (http://www.pgp.com/) is now marketing Viacrypt PGP.
 There are two packages, Viacrypt PGP Personal Edition which is PGP, like we 
all know and love. PE also is available as DOS, MS-Windows, Mac, and UNIX. So 
Viacrypt PGP/PE for DOS should feel similar if not identical to MIT's PGP, 
though I haven't tested it yet.
 You could license IDEA single-license and license RSAREF for commerical 
usage (http://www.consensus.com/ or JonathanZ at consensus.com), but why 
bother?
 They also have a Business Edition which supports key escrowing, not some 
US government backdoor, but a 'master key' for businesses to recover 
encrypted information if an employee forgets a passphase (which they do), 
dies (which they do, if the information is very important), is on 
vacation (sometimes it happens), etc.
 In a commerical environment, key escrowing is for data recovery, not for 
spying on employees. If you want to use your employer's email system for 
your personal email, then use a personal public key. 

 -Michael





From unicorn at schloss.li  Thu Nov  7 13:45:10 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Thu, 7 Nov 1996 13:45:10 -0800 (PST)
Subject: RICO - (Was: Group order for Secret Power)
In-Reply-To: <199611072121.OAA08171@infowest.com>
Message-ID: <Pine.SUN.3.94.961107163919.17279B-100000@polaris>



I've had a pair of requests for my RICO outline.  Though much of it is
geared to discuss remailers and the "prostitution car case" I'm reposting
it.

If people are REALLY intrested in a more specific outline, I'll consider
pecking out another one.

begin:

Several people expressed interest in a small treatment of seizure law 
jurisprudence, and the Bennis case (seizure of an automobile used for 
soliciting prostitution was upheld even where one of the owners knew 
nothing about its use for a crime and which Mr. Bell has relied on 
fairly heavily in pointing out that the Supreme Court has its "head 
up its ass.")

I want to point out that I'm not being paid for this.  As a result 
anyone who takes this like legal advice, rather than what it is, i.e. 
an academic examination, does so at their own peril.

-A-

RICO

I cover RICO because it's a popular prosecution tool, because it is 
the predominate vehicle for seizure and forfeiture in federal cases 
(of which remailer and encryption issues are likely to arouse) and 
because it represents a codification of the approach most courts take 
when dealing with seizure cases.  In a very real way, RICO represents 
the outer extremes of seizure cases in the United States, and is 
probably, given the complexity of many state laws, the simplest way 
to "grab" something.  It also has civil provisions which make 
"private prosecutors" out of you and me.

Generally speaking, after its passage (1970) RICO was ignored.  
(Interested readers might look to Bradley, Racketeers, Congress and 
the Courts: An Analysis of RICO, 65 Iowa Law Review, 837 (1980). for 
a detailed review of its early development).  It was "rediscovered" 
some years later, and grew in popularity because of the civil 
provisions for divestiture, dissolution, reorganization, and 
restrictions on future activites as well as treble damages under 18 
U.S.C. 1964.

Generally speaking, in order to secure a conviction with RICO, one 
must prove the existance of an "enterprise" and a connected "pattern 
of racketeering activity."  RICO prosecutions are generally triggered 
by predicate acts, listed specifically in the statute.  The statute 
lists these in the definitions section.  (Section 1961)  I reproduce 
some below to give the reader a feel for what is anticipated:

As used in this chapter--
(1) "racketeering activity" means (A) any act or threat involving 
murder, kidnaping, gambling, arson, robbery, bribery, extortion, 
dealing in obscene matter, or dealing in a controlled substance or 
listed chemical (as defined in section 102 of the Controlled 
Substance Act), which is chargeable under State law and punishable by 
imprisonment for more than one year; (B) any act which is indictable 
under any of the following provisions of title 18, United States 
Code: [bribery, sports bribery, counterfeiting, theft from interstate 
shipment, embezzlement from pension or welfare funds, extortionate 
credit transactions, mail fraud, transmission of gambling 
information, wire fraud, financial institution fraud, obscene 
matters, obstruction of justice, tampering with witnesses, informants 
or victims, money laundering, monetary transactions with respect to 
property derived from unlawful activity, sexual exploitation of 
children, white slavery, (some deleted)]  (18 U.S.C. 1961)

The activities specifically prohibited by RICO are also statuatorily 
defined.  Specifically:

(a) It shall be unlawful for any person who has received any income 
derived, directly or indirectly, from a pattern of racketeering 
activity... in which such person has participated as a principal 
within the meaning of section 2, title 18, United States Code, to use 
or invest, directly or indirectly, any part of such income, or the 
proceeds of such income, in acquisition of any interest in, or the 
estlablishment or operation of, any enterprise which is engaged in, 
or the activities of which affect, interstate or foreign commerce....
(b) It shall be unlawful for any person through a pattern of 
racketeering activity or through collection of an unlawful debt to 
acquire or maintain, directly or indirectly, any interest in or 
control of any enterprise which is engaged in, or the activities of 
which affect, interstate or foreign commerce.
(c) It shall be unlawful for any person employed by or associated 
with any enterprise engaged in, or the activities of which affect, 
interstate or foreign commerce, to conduct or participate, directly 
or indirectly, in the conduct of such enterprise's affairs through a 
pattern of racketeering activity or collection of an unlawful debt.  
(Section 1962)
(d) [or to conspire to do any of the above]

The seizure provisions are contained in 18 U.S.C., Section 1963:

(a) Whoever violates any provision of section 1962 of this chapter 
shall be [fined and imprisoned or both] and shall forfeit to the 
United States, irrespective of any provision of State Law--
(1) any interest the person has acquired or maintained in violation 
of section 1962;
(2) any --
(A) interest in;
(B) security of;
(C) claim against; or
(D) property or contractual right of any kind affording a source of 
influence over;
[the enterprise violating section 1962]; and
(3) any property constituting, or derived from, any proceeds which 
the person obtained, directly or indirectly, from racketeering 
activity or unlawful debt collection in violation of section 1962.
[...]
(b) Property subject to criminal forfeiture under this sections 
includes--
(1) real property, including things growing to, affixed to, and found 
in land; and
(2) tangible and intangible personal property, including rights, 
privileges, interests, claims and securities.

The lead case generally used to outline the overall principals of 
RICO is United States v. Turkette, 452 U.S. 576 (1981).

Most of the defining litigation surrounding RICO involved refining 
the definitions of "enterprise" and "pattern" of racketeering.  
Turkette indicates in part that:

Section 1962(c) makes it unlawful "for any person employed by or 
associated with any enterprise engaged in, or the activities of which 
affect, interstate or foreign commerce, to conduct or participate, 
directly or indirectly, in the conduct of such enterprise's affairs 
through a pattern of racketeering activity or collection of unlawful 
debt."  The term "enterprise" is defined as including "any 
individual, partnership, corporation, association, or other legal 
entity, and any union or group of individuals associated in fact 
although not a legal entity."  (Turkette)

Of primary importance, and the key issue in Turkette, is the fact 
that "There is no restriction upon the associations embraced by the 
definition: an enterprise includes any union or group of individuals 
associated in fact." Id.

Both legitimate and illegitimate enterprises qualify.  United States 
v. Hartley, 678 F.2d 961 (11th Cir. 1982) applied RICO to an 
otherwise legitimate corporate defendant.  On the subject of passive 
involvement of a defendant in criminal activity the court in Haroco 
Inc. v. American Nat'l Bank & Trust Co. 747 F.2d 284 (7th Cir. 1984) 
offers:

...the defendants are surely correct in saying that the corporation 
enterprise should not be liable when the corporation is itself the 
victim or target or merely the passive instrument for the wrongdoing 
of others... The liable person may be a corporation using the 
proceeds of a pattern of racketeering activity in its operations.  
This approach... makes the corporation enterprise liable under RICO 
when the corporation is actually the direct or indirect beneficiary 
of the pattern of racketeering activity, but not when it is merely 
the victim, prize, or passive instrument of racketeering.  This 
result is in accord with the primary purpose of RICO, which, after 
all, is to reach those who ultimately profit from racketeering, not 
those who are victimized by it. (This preference for enterprise 
liability has been followed by other courts. See e.g., Schreiber 
Distributing Co. v. Serv-Well Furniture Co., 806 F.2d 1393 (9th Cir. 
1986); Commonwealth of Pa. v. Derry Construction Co., 617 F.Supp 940 
(W.D.PA 1985).  See generally, First, Business Crime, 1990)

And Ravens v. Ernst and Young, 113 S.Ct. 1163, refines the definition 
of "conduct or participate" thusly:

Once we understand the word "conduct" to require some degree of 
direction, and the word "participate" to require some part in that 
direction, the meaning of section 1962(c) comes into focus.  In order 
to "participate, directly or indirectly in the conduct of such 
enterprise's affairs," one must have some part in directing those 
affairs.  Of course, the word "participate" makes clear that RICO 
liability is not limited to those with primary responsibility for the 
enterprise's affairs, just as the phrase "directly or indirectly" 
makes clear that RICO liability is not limited to those with a formal 
position in the enterprise, [note 4] but some part in directing the 
enterprise's affairs is required.  The "operation or management" test 
expresses this requirement in a formulation that is easy to apply... 
In sum, we hold that "to conduct or participate, directly or 
indirectly, in the conduct of such enterprise's affairs," one must 
participate in the operation or management of the enterprise itself.

Let us assume for a moment then that the worst conspiracy one can 
imagine, involving all of the horsemen of the infopocalypse, uses a 
remailer to conduct its activities.  Absent a showing that the 
conspiracy is involved, participating, or directing the operation of 
the remailer, or that the conspiracy used proceeds to support the 
remailer, it is pretty clear that the remailer, and the operator are 
a "passive instrument" of the conspiracy.

One might also look to the Justice Department Guidelines for the use 
of RICO as a prosecutoral tool:

"...it is not the policy of the criminal Division to approve 
"imaginative" prosecutions under RICO which are far afield from the 
Congressional purpose of the RICO statute.... Further, it should be 
noted that only in exceptional circumstances will approval be granted 
when RICO is sought merely to serve some evidentiary purpose, rather 
than to attack the activity which Congress most directly addressed- 
the infiltration of organized crime into the nation's economy."  (9-
110.200, RICO guidelines preface).

One might also look at the second circuit in Huber:

"We further note that where the forfeiture [under RICO] threatens 
disproportionately to reach untainted property of the defendant... 
section 1963 permits the [court] a certain amount of discretion in 
avoiding draconian (and perhaps unconstitutional) applications of the 
forfeiture provision."

In sum, provided no statute exists expressly felonizing the operation 
of e-mail forwarding or encryption, I wouldn't much worry about RICO.  
I might add that future legislation prohibiting "furtherance of a 
felony via encryption" or some such is almost certain to have a 
scienter requirement making innocent forwarders of such information 
who did not know they were furthering a felony immune from the 
statute, and thus RICO.

-B-

The Michigan Case, and why it has absolutely nothing to do with 
remailers.

Mr. Bell has made a great to-do about the Bennis case (seizure of 
automobile absent showing that co-owner knew of criminal use of 
same).  His connection of the case to remailers and is surrounded by 
a good deal of imagination, myth, and outright fabrication.  I 
thought I would take a closer look and see what was to be found.  Let 
me then dispel some of the myths.


Myth #1:  This holding means that any property can be seized for any 
crime and the owner placed at the mercy of the state at a whim.

Totally false.  The Michigan law is specifically written to allow 
property seizure in the specific instance of prostitution or 
gambling.  Many states have forfeiture laws, but they are an extreme 
resort, and typically bear only on very narrow activities.  Michigan, 
further, is at the draconian side of the spectrum.  Michigan also has 
some of the toughest state drug laws in the country (Automatic life 
sentence without parole for mere possession without intent to 
distribute, of more than 650 grams of cocaine)  Consider the Michigan 
law, reproduced below.

Section 600.3801 of Michigan's Compiled Laws. states in pertinent 
part: "Any building, vehicle, boat, aircraft, or place used for the 
purpose of lewdness, assignation or prostitution or gambling, or used 
by, or kept for the use of prostitutes or other disorderly persons... 
is declared a nuisance, ... and all... nuisances shall be enjoined 
and abated as provided in this act and as provided in the court 
rules.  Any person or his or her servant, agent, or employee who 
owns, leases, conducts, or maintains any building, vehicle, or place 
used for any of the purposes or acts set forth in this section is 
guilty of a nuisance."
Section 600.3825 states in pertinent part:
   "(1) Order of abatement. If the existence of the nuisance is 
established in an action as provided in this chapter, an order of 
abatement shall be entered as a part of the judgment in the case, 
which order shall direct the removal from the building or place of 
all furniture, fixtures and contents therein and shall direct the 
sale thereof in the manner provided for the sale of chattels under 
execution . . . .
"(2) Vehicles, sale. Any vehicle, boat, or aircraft found by the 
court to be a nuisance within the meaning of this chapter, is subject 
to the same order and judgment as any furniture, fixtures and 
contents as herein provided."  Mich. Comp. Laws Ann. @ 600.3825 
(1987).


Myth #2: This means that if your property is seized, you can never 
make an innocent owner defense to the seizure.

Again, false.  Many statutes allow innocent owner defenses and some 
courts will assume the availability of such a defense in absence of 
express intent by the legislature to the contrary.  In this case 
there was such an expression.  Namely:

"Proof of knowledge of the existence of the nuisance on the part of 
the defendants or any of them, is not required." Mich. Comp. Laws 
Ann. @ 600.3815(2) (1987).


Myth #3: If your car is stolen, and it is used in the sales of drugs, 
its gone baby.

False.  Most states recognize that use of property without the 
owner's consent insulates the property from seizure.  Michigan is no 
exception.  Note the Supreme Court's Comment in the Bennis Case:

The Michigan Supreme Court specifically noted that, in its view, an 
owner's interest may not be abated when "a vehicle is used without 
the owner's consent." Id., at 742, n. 36, 527 N.W.2d at 495, n. 36.


Myth #4:  This is a new and outlandish holding by the Supreme Court.  
Nothing like this has ever been seen before.  It represents a turn to 
fascism.  The current Supreme Court has its head up its ass.

False.  The history of allowing seizure of property not taken without 
the owners consent, even if the specific use of the property was 
indeed without the owners knowledge goes back more than 150 years and 
can be traced to Britain's own practice (maintained to this day).  
Take the Supreme Court's comment again in the Bennis Case:

Our earliest opinion to this effect is Justice Story's opinion for 
the Court in The Palmyra, 25 U.S. 1, 12 Wheat. 1, 6 L. Ed. 531 
(1827). The Palmyra, which had been commissioned as a privateer by 
the King of Spain and had attacked a United States vessel, was 
captured  [*10]   by a United States war ship and brought into 
Charleston, South Carolina, for adjudication. Id., at 8. On the 
Government's appeal from the Circuit Court's acquittal of the vessel, 
it was contended by the owner that the vessel could not be forfeited 
until he was convicted for the privateering. The Court rejected this 
contention, explaining:
"The thing is here primarily considered as the offender, or rather 
the offense is attached primarily to the thing." Id., at 14.


Myth #5:  This means that if someone drives my car to the city, and 
then blows up a building and flees via subway, my car is history.

False.  In order to allow seizure, the property seized must typically 
be an "instrumentality" of the crime.  Granted this is a bit of a 
obscure distinction at times, even to supreme court justices:

The limits on what property can be forfeited as a result of what 
wrongdoing--for example, what it means to "use" property in crime for 
purposes of forfeiture law--are not clear to me. See United States v. 
James Daniel Good Real Property, 510 U.S., ___ (1993) (slip op., at 
2-5) (THOMAS, J., concurring in part and dissenting in part). 
(Bennis)

But it's fairly clear that this is a significant defense to seizure, 
and one which was never raised by the defense in Bennis:

It thus seems appropriate, where a [challenge] by an innocent owner 
is concerned, to apply those limits rather strictly, adhering to 
historical standards for determining whether specific property is an 
"instrumentality" of crime. Cf. J. W. Goldsmith, Jr.-Grant Co., 
supra, at 512 (describing more extreme hypothetical applications of a 
forfeiture law and reserving decision on the permissibility of such 
applications).The facts here, however, do not seem to me to be 
obviously distinguishable from those involved in Van Oster; and in 
any event, Mrs. Bennis has not asserted that the car was not an 
instrumentality of her husband's crime. (Bennis)

After getting the government's brief by fax this afternoon, it became 
fairly clear why the non-instrumentality defense was not made.

After John Bennis was seen stopping and allowing Ms. Polarchio to 
enter his car, the Police followed him to a residential area, midway 
in the block, where his car stopped and the lights were turned off. 
(TR-63-65) After the police stopped behind the Bennis' auto, two 
heads were seen: a female on the right, a male on the left. Seconds 
later, the female head went down, disappearing toward the drivers 
side. (TR 65-66)
When the officer observed John Bennis and Kathy Polarchio engaged in 
fellatio in the Bennis' car, John Bennis had his pants pulled down. 
(TR-67)  (Bennis: Brief for the Government)

It's pretty hard to argue that the automobile was not an 
instrumentality of the crime when it was used to pick up, transport 
and conceal the illicit sexual practices of the defendant.


Myth #6: The court just doesn't care about property rights.

False.  The court spends a great deal of time thinking about the 
parties rights, and even suggests a different ruling had the car not 
be co-owned by the perpetrator of the crime.

First, it bears emphasis that the car in question belonged to John 
Bennis as much as it did to Tina Bennis. At all times he had her 
consent to use the car, just as she had his. (Bennis)

It also considered what Mrs. Bennis would actually gain from a ruling 
in her favor from a practical standpoint:

Th[e] court declined to order a division of sale proceeds, as the 
trial judge took pains to explain, for two practical reasons: the 
Bennises have "another automobile," App. 25; and the age and value of 
the forfeited car (an 11-year-old Pontiac purchased by John and Tina 
Bennis for $ 600) left "practically nothing" to divide after 
subtraction of costs. See ante, at 3 (majority opinion) (citing App. 
25).(Bennis)

While it is tempting to damn the decision after listening to the 
sound bytes, there is much more going on here than a mere seizure.

Remailer operators shouldn't be concerned (at least with regard to 
these cases) overmuch until a local state statute addressing 
remailers specifically is passed in a jurisdiction where the innocent 
owner defense is not permitted, or in any jurisdiction where such 
statute forbids resort to the innocent owner defense.  I will, 
however, note that this about 3 hours work, and I wouldn't go betting 
the farm on it.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From jer+ at andrew.cmu.edu  Thu Nov  7 14:07:57 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Thu, 7 Nov 1996 14:07:57 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea7f1963f8c@[192.0.2.1]>
Message-ID: <0mUZne200YUg0ew2w0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

ph at netcom.com (Peter Hendrickson) writes:
> It appears to be widely believed that cryptoanarchy is irreversible.
> Everybody believes that the race to deploy or forbid strong cryptography
> will define the outcome for a long time.
> 
> I can't think of a reason why this should be so.
<snip>

Well, once I've got my strong crypto and electronic commerce, and 20
or so virtual identities to do things for me, and the gub'ment can't
tell what money I'm making and spending, so they can't tax me. So if
they can't tax me, and they can't tax lots of folks, then they can't
pay their jack-booted thugs. So the goverment becomes irrelevant. It
can't support a huge police state infrastructure, and certainly can't
but mega-crays to break my crypto, so how're they going to retain
control?
When we say anarchy, we mean anarchy.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoJc4skz/YzIV3P5AQFq2gL9FkTPQinYBJQrvOwkR/C8Hg1QQLbi7H0T
5kqgrQQkMkrMzR18hon3sQ3YR4KotInv7VVptG1Hw22k+2R+aYm3dW9tj5587KO0
sNj/A0YBXvO2sih64jr3OLJaFePC/o6K
=U9YH
-----END PGP SIGNATURE-----





From camcc at abraxis.com  Thu Nov  7 14:12:38 1996
From: camcc at abraxis.com (Alec)
Date: Thu, 7 Nov 1996 14:12:38 -0800 (PST)
Subject: FW: Dr. Vulis (ad nauseum)
Message-ID: <2.2.32.19961107221247.0069347c@smtp1.abraxis.com>


At 09:27 PM 11/6/96 -0600, you wrote:
:
[snip]

:In short they have now opened themselves up for defamation and liable
suites by imposing an editorial policy on the contents of this list (1).

This is not a they; this is an individual with (and within) his own rights.

Nonsense, no policy has been stated. The owner determined that the good Dr.
had been disruptive and had become a detriment to the owner's list (and
possibly sanity).
:
:This opens up the potential, for example, for Tim May to sue the operator of
:the Cypherpunks mailing list now for posts from users (even anonymous ones)
:which defame or otherwise liable his character, reputation, or ability to
:pursue income in his chosen field.

PLEASE, let's not drag poor Tim into this. Hasn't he suffered enough?!
This does not follow even from the tortured logic above.

:In short the operators of the list
:becomes publishers and distributors of the material. It is the legal
:difference between a bookstore and a book publisher.
 
:Censorship is censorship, irrespective of the source of the limitation.
:Free expression is impossible in an environment of censorship. The right to
:speak not only implies a right to not speak, it also implies the right to
:emit complete mumbo jumbo. The actual content of the speech is irrelevant.

"Implies the right"??  Rights either exist or do not exist (endowed by their
Creator); they are not be implied.

The content of speech is certainly not irrelevant. Disruptive speech and
behavior have never been protected.
:
:The Constitution guarantees freedom of speech and press. [snip] Only that
they :would not have limitations on their actions imposed by the federal
government.
:
:				ARTICLE I. 
: 
:	Congress shall make no law [snip]

It says CONGRESS! We're not discussing an action by the federal govt. here.
I may choose to ask those visiting my house to refrain from discussing mumbo
jumbo; if the individuals persist, I can ask, nay demand, that they leave.  
:
:And just to make shure it is clear, the right to put something on the paper
:(ie speech) is distinctly different from being the one doing the actual
:printing.

What paper? What does this mean? 
:
:I have argued in the past that this list is a defacto public list because of
:the way it is advertised and to the extent it is advertised. All the protests
:by the operator to the contrary will not convince a court.

Advertised? It has been a matter of regret that I _stumbled_ into this
unruly tangle of wits.

Simply because one has argued that "the list is ... a defacto public list,"
don't make it so any more than my arguing that a newspaper available to the
public can have no control over its own editorial policy.

Let's get beyond this.

 
Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc at abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             






From guestdl at rand.org  Thu Nov  7 14:12:53 1996
From: guestdl at rand.org (Daniel Leeds)
Date: Thu, 7 Nov 1996 14:12:53 -0800 (PST)
Subject: No Subject
Message-ID: <Pine.SUN.3.95.961107141221.19503B-100000@wilde.rand.org>





===========================================================================
Daniel Leeds                                               guestdl at rand.org 
RAND 				                   cosmos at misery.winter.org
===========================================================================

 	






From ph at netcom.com  Thu Nov  7 14:24:49 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 14:24:49 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0baea80ee121af@[192.0.2.1]>


> If I understand the reasoning, people beleive it is easier to prevent the
> release of strong crypto. techiniques than to remove them once they are
> released.

The reasons underlying this are what I don't completely understand.

> Once a terrorist has strong crypto, why should they stop using it if it
> becomes illegal?

Use of strong crypto would be a tip off that one is a terrorist.

If strong cryptography were unpopular and highly illegal, very few
people would be using it.  This makes it easy to identify suspects.

Peter Hendrickson
ph at netcom.com







From Tunny at inference.com  Thu Nov  7 14:31:50 1996
From: Tunny at inference.com (James A. Tunnicliffe)
Date: Thu, 7 Nov 1996 14:31:50 -0800 (PST)
Subject: Information [for new PGP user]
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961107223034Z-1168@landru.novato.inference2.com>


Dale Thorn writes:
stewarts at ix.netcom.com wrote:
> >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
> >> > I'm a new Cyberpunk!
> Probably wearing a set of Ono-Sendai eyeballs....
> >> > Last,  I would like to know once and for all,  is PGP compromised, 
 is
> >> > there a back door, and have we been fooled by NSA to believe it's 
secure?

> You can read and compile the source code yourself.

[snip, snip]

Really?  All 60,000 or so lines, including all 'includes' or attachments?

I'll bet you can't find 10 out of 1,000 users who have read the total 
source,
let alone comprehended and validated it.

Perhaps.  But one would presume at least one of those 10 users, upon 
finding evidence of a back door or implementation flaw, would have alerted 
the other 990... (Indeed, various folks HAVE pointed out minor bugs, and 
posted fixes.)

Lots of trusted and qualified folks HAVE looked at the source, and this 
increases one's confidence that there are no hidden trap doors or glaring 
holes.  It's always possible everyone has missed something, of course. 
 (Not to mention the "NSA has subverted everyone's compiler" argument. 
 Anyone looked through the compiled machine code with a fine-toothed comb? 
 :-)

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny at Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================



begin 600 WINMAIL.DAT
M>)\^(B46`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0 at 36%I;"Y.;W1E`#$(`06 `P`.````S <+``<`
M#@`>`"(`! `W`0$@@ ,`#@```,P'"P`'``X`'@`C``0`. $!"8 !`"$```!$
M1$$Y,4$V,S(V,SA$,#$Q.3,P0S P04$P,$$U1C8P1 `-!P$-@ 0``@````(`
M`@`!!( !`",```!213H at 26YF;W)M871I;VX at 6V9O<B!N97<@4$=0('5S97)=
M`.8+`0.0!@!(" ``&@````,`)@```````P`V```````>`' ``0```!\```!)
M;F9O<FUA=&EO;B!;9F]R(&YE=R!01U @=7-E<ET```(!<0`!````&P````&[
MS/7;ZF,:J3XX)A'0DPP`J@"E]@T``.!8LP`#`"X```````,`!A"4;Q>%`P`'
M$,$$```>``@0`0```&4```!$04Q%5$A/4DY74DE415,Z4U1%5T%25%- 25A.
M151#3TU#3TU74D]413I/3E1512PU3D]6,3DY-BQ%1%=!4D121DE'54523T%7
M4D]413I)34%.15=#64)%4E!53DM04D]"04),``````,`$! ``````P`1$ ``
M```"`0D0`0```"\%```K!0``#0@``$Q:1G5E'T5#_P`*`0\"%0*D`^0%ZP*#
M`% 3`U0"`&-H"L!S973N, at 8`!L,"@S(#Q@<3`H,R,Q,/9C0$1@(`<'*X<3$@
M"%4'L@* ?0J BPC/"=D[%_\R-34"@ <*@0VQ"V!N9S$P,R\4( L*%"(,`6,`
M0"!$80= 92!4: 6P`Z!W%040= >0. at J+;&DSOC8-\ M5$O(,`18`;QW *F,%
M0',=P'<*P'1S8$!I>"YN$@`%H&W>+B&!'8$@,1WV/B+ (M"*3P. at 5 I0+" U
M![" ;W8@,3DY-B. %$5D(,%D!_ N($9L:6<*4 - at 82'_(M$@/$DG(> E<"%0
M!^!#>8)B!)!P=6YK(2)G2E #8&(!H&QY'8!E&PK "X!G)P$1\2!O9DDC$6\M
M!F!N9 MP( AE>64HT&QL<R[S*W$E_$QA() C@"; '8 M"&!L)+ >T&L=$'1O
MW"!K*E 'X (@8QT0`'!_)+ "$ 7 *S$LT00`*)!'[% @(8$@$6T$``F +U-9
M)?QT: 20+H$@*-!C\&L at 9&\%L". +J(1P/YV'1 I,#) ">$NT0;P"8#C,D I
M$$Y302W")Y >T+9E,V$=L"<$(!'P8PAP[&4_"H4B9UD(8"_@`Y']& !A)+ N
MHB_R`Q ML3'@GR" "&$N<06@#; @>0AAF1'P;&8KI at J%6W,#`-9P(X [<ETV
M;%(I0"M 5'D_+.!!*T @'P`L?C ^`"H`!< Y,"UQ(5!S:R. "X!C"D!D*7,]
MH2=K/Q0'D"<^,F$"0 #0:/L'@ (P<S9=)M ]H2>0!4#K.?$WDB<%0&8+@"2P
M&R#5*@!U*?,Q/?-U$? 1X/\=@!U ,S0WXSCR+= !D , at _3DT+ J%'0`%0 = 
M`B Y at KTP$64QX"J at -%$NHG8'0/YI*K =P"2P'; KIAN_%C#;"H\<#% $D!' 
M<"M at +.">0D0R2"$M)$B!<W4'@+] P4>A+*%.DRH1,=!O$?#G0^)$\R. =7 "
M($.3*7+_-6!)D GP+G$J$3(Y/C('<&T+4&5!,D#0:5'B"V!W_R. +20S0QSQ
M`" T43CR(# 5,>$@)! P*W$@*$E_2-$P at DE@!1 (8 0@`A!L0FL$($A!5D5/
M,&\_"X!)PD0B,% J4 7 8G7^9S[A+J)1T""1+L$A( >0="XI-FQ,(# $(%"2
M<N=$\$G"+J)Q=4EQ0Z!;DOM8^!>0;RV at .!$%0#CX,N3_,= O at 3\1-^$1\%U!
M(5 UP?T%H&Y#H%+$,=!@%#(",@'_*E S,$F04L%=@4X`,I-=07T%P&<+8"EC
M'4 =`$XB2?<UL@= (,!Y!"!;40"0`F#['1 U87(Y\$@A$< $(#!1_S!Q.2$'
M@&%!&P`C@"H1!:#[.A).,2 at CP& A+>!!,E3RW3CR(C2R:))/<&)H$4G"YV@&
M8F,XDW(B8^$E($$R^4XQ06YH0U^E,= #8%K _F at XXSAU)+ `P6F1.84#\.<Q
MT"<!0Z%E+2W05P(X4[)B/6$Z+5PM(U!N;S"]2]4]=:]VOW?/>-\]2]5H($IA
M!X)!).!TXFD;/S &D&8=$"S@?"!7&WP0*Q Z,S "0' Z+_0O=WSP+ at N >Z 8
M`"YA\2&R+WYT=/DFP'U&%D'_)[ %L%34>^$OLB4`&P`GH2TI871\8"S at 0S30
M,C-+)% 2($:!\$%#@=!$9" P at H W-WH&?B- ?W[W(;-[PX4O+. >\(+ -ZT<
MT#F&4('P,X*P,Q(@\C6!\#E#=3^(WXGOBO\7>7Y+U1<A`(W `$ `.0"@<^Y*
M^\R[`0,`\3\)! ```@%'``$````Q````8SU54SMA/2 [<#U);F9E<F5N8V4[
M;#U,04Y$4E4M.38Q,3 W,C(S,#,T6BTQ,38X``````(!^3\!````2@``````
M``#<IT#(P$(0&K2Y" `K+^&"`0`````````O3SU)3D9%4D5.0T4O3U4]3D]6
M051/+T-./5)%0TE0245.5%,O0TX]5%5.3ED````>`/@_`0```!4```!*86UE
M<R!!+B!4=6YN:6-L:69F90`````"`?L_`0```$H`````````W*= R,!"$!JT
MN0@`*R_A@@$`````````+T\]24Y&15)%3D-%+T]5/4Y/5D%43R]#3CU214-)
M4$E%3E13+T-./5153DY9````'@#Z/P$````5````2F%M97, at 02X@5'5N;FEC
M;&EF9F4`````0 `',)#3L?SYS+L!0 `(,-#&44O[S+L!`P`--/T_```"`10T
M`0```! ```!4E*' *7\0&Z6'" `K*B47'@`]``$````%````4D4Z( `````+
M`"D```````L`(P```````@%_``$```!0````/&,]55,E83U?)7 ]26YF97)E
M;F-E)6P]3$%.1%)5+3DV,3$P-S(R,S S-%HM,3$V.$!L86YD<G4N;F]V871O
3+FEN9F5R96YC93(N8V]M/@#X?C(R
`
end





From dhagan at vt.edu  Thu Nov  7 14:38:35 1996
From: dhagan at vt.edu (Daniel T. Hagan)
Date: Thu, 7 Nov 1996 14:38:35 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0baea80ee121af@[192.0.2.1]>
Message-ID: <Pine.OSF.3.95.961107172525.5846A-100000@boxer.cslab.vt.edu>


On Thu, 7 Nov 1996, Peter Hendrickson wrote:

> > If I understand the reasoning, people beleive it is easier to prevent the
> > release of strong crypto. techiniques than to remove them once they are
> > released.
> 
> The reasons underlying this are what I don't completely understand.
> 
> > Once a terrorist has strong crypto, why should they stop using it if it
> > becomes illegal?
> 
> Use of strong crypto would be a tip off that one is a terrorist.
> 
> If strong cryptography were unpopular and highly illegal, very few
> people would be using it.  This makes it easy to identify suspects.
> 
> Peter Hendrickson
> ph at netcom.com
> 


I think the reasons are probably tied closely to your second point.
Unless strong cryptography was easily distinguishable from weak
cryptography without taking the time to break it, then how would they
(law enforcement) recognize that someone was using strong cryptography?

Or suppose that some one uses strong cryptography and then wraps it in 
weak cryptography.  The outer shell would seem legal, and the authorities
can't go around randomly breaking people's keys (or so one would assume),
and even if they did, it wouldn't necessarily be legal as evidence anyway.

And finally, you have to consider the possibility of whether a person can
be identified merely by the fact that there is a message that is
intercepted that has strong cryptography in it.  I don't know enough about
remailers and internet protocols/servers to say whether this is a
reasonable objection or not, perhaps someone else does?

So, unless I'm incorrect about one of the above points (and I admit that I
may well be), once cryptography reaches a certain strength, there is no
reason to relinquish that strength, particularly if you are using it for
criminal activity.  

Daniel

---
Daniel Hagan                 http://acm.vt.edu/~dhagan                CS Major 
dhagan at vt.edu 	       http://acm.vt.edu/~dhagan/PGPkey.html     Virginia Tech
     Key fingerprint =  DB 18 30 0A E1 69 7E 51  E2 14 E3 E3 1C AE 69 97







From ph at netcom.com  Thu Nov  7 14:40:21 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 14:40:21 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0eaea81512961e@[192.0.2.1]>


>Jeremiah A Blatz wrote:
>ph at netcom.com (Peter Hendrickson) writes:
>> It appears to be widely believed that cryptoanarchy is irreversible.
>> Everybody believes that the race to deploy or forbid strong cryptography
>> will define the outcome for a long time.
>>
>> I can't think of a reason why this should be so.
><snip>

> Well, once I've got my strong crypto and electronic commerce, and 20
> or so virtual identities to do things for me, and the gub'ment can't
> tell what money I'm making and spending, so they can't tax me. So if
> they can't tax me, and they can't tax lots of folks, then they can't
> pay their jack-booted thugs. So the goverment becomes irrelevant. It
> can't support a huge police state infrastructure, and certainly can't
> but mega-crays to break my crypto, so how're they going to retain
> control?
> When we say anarchy, we mean anarchy.

This only works if there are large numbers of people who think it is
a good idea.  Otherwise, the resources of the Federal Government
may be directed quite effectively against a small number of people.

If you can get a life prison term for your strong crypto you may
hesitate to use it.  If not, then you may get to be an example
for everybody else.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Thu Nov  7 14:54:30 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 14:54:30 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b10aea81624d693@[192.0.2.1]>


At 5:37 PM 11/7/1996, Daniel T. Hagan wrote:
> On Thu, 7 Nov 1996, Peter Hendrickson wrote:
>> If strong cryptography were unpopular and highly illegal, very few
>> people would be using it.  This makes it easy to identify suspects.

> I think the reasons are probably tied closely to your second point.
> Unless strong cryptography was easily distinguishable from weak
> cryptography without taking the time to break it, then how would they
> (law enforcement) recognize that someone was using strong cryptography?

> Or suppose that some one uses strong cryptography and then wraps it in
> weak cryptography.  The outer shell would seem legal, and the authorities
> can't go around randomly breaking people's keys (or so one would assume),
> and even if they did, it wouldn't necessarily be legal as evidence anyway.

In the extreme case, everybody would be sending messages in the clear.
In the case of mandatory GAK, it would be easy to open a bunch of
messages and see if what was inside looked like cryptography.  The
privacy violation could be minimized by requiring a Congressionally
approved test program to applied without any human reading it.  If
the test program said it was cryptography, then this could be considered
just cause for a judge to issue a warrant to the authorities for the
study of the actual message.

The laws regarding what is considered legal evidence are easily
changed if there is a need for it.  Probably they don't need to be
changed all that much.  If you see a lot of PGP messages coming
from somebody, you get a warrant and search their computer for
illegal software.  When you find it, you lock them up forever.

> And finally, you have to consider the possibility of whether a person can
> be identified merely by the fact that there is a message that is
> intercepted that has strong cryptography in it.  I don't know enough about
> remailers and internet protocols/servers to say whether this is a
> reasonable objection or not, perhaps someone else does?

In the absence of strong cryptography, remailers do not offer much
anonymity.

> So, unless I'm incorrect about one of the above points (and I admit that I
> may well be), once cryptography reaches a certain strength, there is no
> reason to relinquish that strength, particularly if you are using it for
> criminal activity.

If the penalties for the use of cryptography are significantly greater
than the penalties associated with the crime, you may opt not to use
cryptography.

Peter Hendrickson
ph at netcom.com







From tcmay at got.net  Thu Nov  7 15:00:24 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 15:00:24 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea7f1963f8c@[192.0.2.1]>
Message-ID: <v03007801aea81885c729@[207.167.93.63]>


At 12:22 PM -0800 11/7/96, Peter Hendrickson wrote:
>It appears to be widely believed that cryptoanarchy is irreversible.
>Everybody believes that the race to deploy or forbid strong cryptography
>will define the outcome for a long time.
>
>I can't think of a reason why this should be so.
>
>If the wide use of strong cryptography results in widely unpopular
>activities such as sarin attacks and political assassinations, it
>would not be all that hard to forbid it, even after deployment.
>
>I am curious why many people believe this is not true.

Wide distribution of tools and channels.

Think of guns. Imagine a society which has few or no legal handguns. Some
of the  European nations, for example.

So long as guns are not legal, gun stores do not exist, gun ranges are not
available, ammunition is not sold in hardware and sporting goods stores (as
guns are too, of course, in the U.S.), and so long as the "habit" of having
guns has not spread widely, then a society can keep gun ownership levels
way down. Not zero, but way down. The "channels" for distribution are
nonexistent and the related  markets supporting guns do not exist (gun
magazines, holsters, reloading presses, gun shows, media images of people
using guns routinely, etc.). This is not to say criminals don't get access
to guns, or that some citizens do not choose to violate the law by getting
a gun, etc. What it means is that getting a gun is hard, gaining
proficiency is also hard, and the whole culture finds guns fairly foreign.

However, if guns are not outlawed, are not hard to get, may be bought and
sold at flea markets and gun shows (which is where most of my guns have
come from, and which is where over the years I bought and sold about a
dozen or so various guns, none of them transferred with any paperwork,
identities asked for, etc.), and once gun ownership reaches some threshold,
later attempts to ban guns, seize them, halt ammunition sales, etc.,
require draconian steps. (This is why so many gun owners have schemes to
bury spare guns in plastic pipes deep underground, place them in safe
deposit boxes, etc. And why so many of us reload our own ammo.)

Without taking a stand on the issues of whether guns should or should not
be restricted, the situation is quite similar to the ongoing deployment of
strong cryptography. Once widely deployed and "ingrained" in the habits of
many, later attempts to seize the newly-outlawed items are problematic.

Speech is similar to this. Once mechanisms for free speech are present in a
society, once people are used to having the "right" to speak freely, once
many channels of communication are widely available, and so on, it becomes
well nigh impossible to go back to a non-free-speech situation.

I believe, Peter, that your arguments naively ignore this sort of point.
Those in D.C. actually understand it well, and would laugh at your argument
of "If crypto turns out to be a problem, we can always ban it later."

I don't imagine the parallel argument, for free speech, would go over well
in, say, China: "We'll let people say what they want, publish what they
want, set up newspapers, buy whatever foreign magazines they want, use
computers, and gather as they wish to make whatever plans they wish to. If
we don't like the results, we'll just go back to what we had before."

The shorthand forms many of use are: the genie's out of the bottle, the
cat's out of the bag, the point of no return has been reached, etc.

As a final note, Peter asked me in private mail what I thought of some of
his points. I urged him to make his comments public, as having private
discussions is inefficent, and this is certainly an on-topic topic. And let
me say I find the posited scenario of widespread Sarin gas attacks, $100
hits, and other such things to be unrealistic, at least not solely because
Alice and Bob can communicate untappably and untraceably.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ph at netcom.com  Thu Nov  7 15:42:58 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 15:42:58 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b11aea81d287cbd@[192.0.2.1]>


At 3:03 PM 11/7/1996, Timothy C. May wrote:
> However, if guns are not outlawed, are not hard to get, may be bought and
> sold at flea markets and gun shows (which is where most of my guns have
> come from, and which is where over the years I bought and sold about a
> dozen or so various guns, none of them transferred with any paperwork,
> identities asked for, etc.), and once gun ownership reaches some threshold,
> later attempts to ban guns, seize them, halt ammunition sales, etc.,
> require draconian steps. (This is why so many gun owners have schemes to
> bury spare guns in plastic pipes deep underground, place them in safe
> deposit boxes, etc. And why so many of us reload our own ammo.)

> Without taking a stand on the issues of whether guns should or should not
> be restricted, the situation is quite similar to the ongoing deployment of
> strong cryptography. Once widely deployed and "ingrained" in the habits of
> many, later attempts to seize the newly-outlawed items are problematic.

> Speech is similar to this. Once mechanisms for free speech are present in a
> society, once people are used to having the "right" to speak freely, once
> many channels of communication are widely available, and so on, it becomes
> well nigh impossible to go back to a non-free-speech situation.

> I believe, Peter, that your arguments naively ignore this sort of point.
> Those in D.C. actually understand it well, and would laugh at your argument
> of "If crypto turns out to be a problem, we can always ban it later."

The key here is that in these cases the practice has become widely
accepted.  By widely accepted, I mean that very significant numbers of
people believe that there is nothing all that wrong with the practice.
Those who disagree do not feel it is worth the trouble to put a stop
to it.

If the Four Horseman of the Crypto-apocolypse were real, we could certainly
put a stop to cryptoanarchy if we wanted to.  Very few people would be
willing to tolerate strong cryptography if it meant that it was real easy
to have people killed, resulted in many sarin attacks, or widespread
kidnappings.  I doubt you could find many readers of even this list who
would find such scenarios acceptable.

You are right that the people in D.C. understand your point quite well.
And I am naive for expecting them to honestly discuss their policies.
The reason they fear cryptoanarchy is not because it will be something
people won't like - quite the opposite.  If they are to succeed they have
to stop it now before it is widely recognized to not be a problem for
people who earn their living.

I believe that if the people in D.C. honestly believed that the Four
Horsemen were coming, they would wait for the first real evidence
of it to rally the society behind their cause and write themselves
into the history books as heroes.

Today, strong cryptography has caused no noticeable problems.  People who
want to forbid it can only justify such intrusive and politically risky
policies on the grounds that something irreversible occurs after deployment.
But, I don't believe I have yet seen any sort of explanation for
irreversibility that is not based on "well, it won't be all that bad."

> I don't imagine the parallel argument, for free speech, would go over well
> in, say, China: "We'll let people say what they want, publish what they
> want, set up newspapers, buy whatever foreign magazines they want, use
> computers, and gather as they wish to make whatever plans they wish to. If
> we don't like the results, we'll just go back to what we had before."

This argument would certainly not go over well with the leaders of China.
The people of China may have another point of view.

Peter Hendrickson
ph at netcom.com







From netsurf at pixi.com  Thu Nov  7 15:49:18 1996
From: netsurf at pixi.com (NetSurfer)
Date: Thu, 7 Nov 1996 15:49:18 -0800 (PST)
Subject: Is there a Win PGP?
In-Reply-To: <199611071228.GAA22584@mailhub.amaranth.com>
Message-ID: <Pine.SUN.3.95.961107134510.14027B-100000@akamai.pixi.com>



On Thu, 7 Nov 1996, William H. Geiger III wrote:
!
> I am not sure exactly how they had this mechanism set up but I am pretty sure this
> was somthing the user had to actively set up as aposed to somthing done automatically
> with out the user's knowledge. 

I have both versions.  They call it the "Business Edition", and the master
key is optional, not required.  The master key has to be in place before
anyone else generates their key, otherwise the master key won't work.  You
have to go in and turn this on so it isn't something that gets implemented
without *someone* knowing.  As for everyone else knowing that there was a
master key generated...

#include <standard.disclaimer>
                    _   __     __  _____            ____
                   / | / /__  / /_/ ___/__  _______/ __/__  _____
                  /  |/ / _ \/ __/\__ \/ / / / ___/ /_/ _ \/ ___/
                 / /|  /  __/ /_ ___/ / /_/ / /  / __/  __/ /
================/_/=|_/\___/\__//____/\__,_/_/==/_/==\___/_/===============






From cabeen at netcom.com  Thu Nov  7 15:53:56 1996
From: cabeen at netcom.com (Ted Cabeen)
Date: Thu, 7 Nov 1996 15:53:56 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <3.0.32.19961107171853.0095b1f0@netcom8.netcom.com>


At 02:38 PM 11/7/96 -0800, you wrote:
>>Jeremiah A Blatz wrote:
>>ph at netcom.com (Peter Hendrickson) writes:
>> Well, once I've got my strong crypto and electronic commerce, and 20
>> or so virtual identities to do things for me, and the gub'ment can't
>> tell what money I'm making and spending, so they can't tax me. So if
>> they can't tax me, and they can't tax lots of folks, then they can't
>> pay their jack-booted thugs. So the goverment becomes irrelevant. It
>> can't support a huge police state infrastructure, and certainly can't
>> but mega-crays to break my crypto, so how're they going to retain
>> control?
>> When we say anarchy, we mean anarchy.
>
>This only works if there are large numbers of people who think it is
>a good idea.  Otherwise, the resources of the Federal Government
>may be directed quite effectively against a small number of people.
>
>If you can get a life prison term for your strong crypto you may
>hesitate to use it.  If not, then you may get to be an example
>for everybody else.
That's why we have to develop stealth PGP and good stego so that the
government doesn't even know that you're using the strong crypto that has
been outlawed.  If they can't prove that there's actually a message in the
picture of the catsgills you just downloaded off of
alt.binaries.pictures.nature, you can't get a life sentence in jail.  
--
______________________________________________________________________________
Ted Cabeen         http://shadowland.rh.uchicago.edu         cabeen at netcom.com
Check Website or finger for PGP Public Key        secabeen at midway.uchicago.edu
"I have taken all knowledge to be my province." -F. Bacon   cococabeen at aol.com
"Human kind cannot bear very much reality."-T.S.Eliot 73126.626 at compuserve.com





From tcmay at got.net  Thu Nov  7 15:56:53 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 15:56:53 -0800 (PST)
Subject: Vulis now on the "Don't Hire" list
In-Reply-To: <2.2.32.19961107221247.0069347c@smtp1.abraxis.com>
Message-ID: <v03007803aea827844e20@[207.167.93.63]>


At 5:12 PM -0500 11/7/96, Alec wrote:

>:This opens up the potential, for example, for Tim May to sue the operator of
>:the Cypherpunks mailing list now for posts from users (even anonymous ones)
>:which defame or otherwise liable his character, reputation, or ability to
>:pursue income in his chosen field.
>
>PLEASE, let's not drag poor Tim into this. Hasn't he suffered enough?!
>This does not follow even from the tortured logic above.

And, indeed, it is not likely to be who suffers in the job market as a
result of Dr. Vulis' rants and raves and generally insane postings; my
situation is secure, but I understand that Vulis has joined L. Dettweiler
on the "List of Unemployables" passed around Silicon Valley.

I strongly doubt many computer companies in the Silicon Valley will be
willing to hire him or his consulting service as his antics have received
publicity.

He may have his "NetScum" list and Web page, but it's his name on the list
of folks not to hire.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From mccoy at communities.com  Thu Nov  7 15:57:41 1996
From: mccoy at communities.com (Jim McCoy)
Date: Thu, 7 Nov 1996 15:57:41 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0baea80ee121af@[192.0.2.1]>
Message-ID: <v03007806aea825ccbb92@[205.162.51.35]>


ph at netcom.com (Peter Hendrickson) writes:
[...]
>> Once a terrorist has strong crypto, why should they stop using it if it
>> becomes illegal?
>
>Use of strong crypto would be a tip off that one is a terrorist.
>
>If strong cryptography were unpopular and highly illegal, very few
>people would be using it.  This makes it easy to identify suspects.

But the difference between strong crypto and weak crypto is not
something which is visible to an outside observer unless they make
the effort to attack a particular system or decrypt a message.  Such
an attack is beyond the capacity of most municipal or state governements
and is a difficult and expensive task for federal agencies other than
the NSA (who would nto be pleased if their machines were suddenly at
the beck and call of the FBI or any other organization; never underestimate
the power of inter-agency infighting :) What make such detection even
harder is that a good crypto system generates output which is
indistinguishable from noise, this makes it much easier to hide the fact
that an encrypted channel is being used.  The funny thing about noise in
the information theory sense is that it can actually be _anything_ depending
on context, and this sort of uncertainty is the bane of a legal system
which is solidly grounded upon technicalities (such as the US legal system.)

jim







From kb4vwa at juno.com  Thu Nov  7 16:02:11 1996
From: kb4vwa at juno.com (Edward R. Figueroa)
Date: Thu, 7 Nov 1996 16:02:11 -0800 (PST)
Subject: Validating a program
In-Reply-To: <199611071941.OAA13267@homeport.org>
Message-ID: <19961107.160817.5359.12.kb4vwa@juno.com>



On Thu, 7 Nov 1996 14:41:06 -0500 (EST) Adam Shostack <adam at homeport.org>
writes:
>
>Dale Thorn wrote:
>| stewarts at ix.netcom.com wrote:
>| > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
>| > >> > Last,  I would like to know once and for all,  is PGP 
>compromised,  is
>| > >> > there a back door, and have we been fooled by NSA to believe
>| > >> > it's secure? 
>| > You can read and compile the source code yourself.
>
>| Really?  All 60,000 or so lines, including all 'includes' or 
>attachments?
>| 
>| I'll bet you can't find 10 out of 1,000 users who have read the 
>total source,
>| let alone comprehended and validated it.
>
>	The fact that most readers have not examined it does not mean
>that the availability of the source is not important.  If the source
>was tightly held, perhaps some experts would have seen it.  Thats not
>likely, security experts are in high demand today, with companies
>paying a lot for their time.  Phil could not have competed.
>
>	In addition, up and coming experts, curious amatuers, and
>students couldn't have looked at it.  Having your protocol open to
>wide review is a good thing even if few people take advantage of it,
>because you may hire the wrong experts.  The experts you hire may miss
>something.  Someone may have a new attack under development, and not
>be able to try it against your software.
>
>	The multitude of hackers who ported pgp also contributed a
>large stack of bug reports and fixes.  Without source availablity, the
>mac, os/2, amiga & UNIX ports would be held up, or perhaps not exist.
>
>	Publicly distributed source code also tends to be of higher
>quality (see Fuzz Revisited, at grilled.cs.wisc.edu)
>
>
>	In short, if you're paranoid, feel free to look over the
>source.  But the fact that most people have never peeked under the
>hood is not a strike against pgp at all.
>
>
>
>-- 
>"It is seldom that liberty of any kind is lost all at once."
>					               -Hume
>
>
>
>
Maybe you missed my point, or I miss-communicated.  My question is as
follows:  If PGP and DES are as secure as thought to be, then why is it
not ruled illegal software, just as they do with silencers, narcotics,
certain type weapons, etc.....    My opinion is "NOT  A PARANOID VIEW, BUT RATHER A REALITY".   I find it impossible that software that could be a National Security Threat, being shared by the masses!    I believe
either people are nieve, or ignorant of the capability of the NSA.    If
there are "back-doors to the algorithms, you can bet your life you and no
one else will find out.     The conceivability that encryption on the Net
is safe, is ludicrous!

Just my thoughts, and not paranoia.


Ed





From tcmay at got.net  Thu Nov  7 16:05:06 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 16:05:06 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0eaea81512961e@[192.0.2.1]>
Message-ID: <v03007805aea82999cb21@[207.167.93.63]>


At 2:38 PM -0800 11/7/96, Peter Hendrickson wrote:

>If you can get a life prison term for your strong crypto you may
>hesitate to use it.  If not, then you may get to be an example
>for everybody else.

Well, this is what in private e-mail to Peter I was referring to when I
said "only a police state" could pull the plug on free speech and strong
crypto once it was ubiquitously deployed.

Throwing people in prison for life for using crypto is something that is
certainly _possible_, though I rather doubt taxpayers will be keen on
paying for this. Simply executing those who use random numbers makes more
sense.

All implausible, of course.

--Tim May

By the way, I've never claimed that I know crypto anarchy is irreversible,
I just think it is. I've presented some plausibility arguments on why I
think this is so, drawing parallels to other developments in history, but
logical proofs and predictions about the future don't usually go together
very well.


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Thu Nov  7 16:11:19 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 16:11:19 -0800 (PST)
Subject: Vulis now on the "Don't Hire" list
Message-ID: <v03007807aea82ba245ac@[207.167.93.63]>



I just wrote:

And, indeed, it is not likely to be who suffers in the job market as a
result of
                                   ^me
Dr. Vulis' rants and raves and generally insane postings; my situation is
secure, but I understand that Vulis has joined L. Dettweiler on the "List
of Unemployables" passed around Silicon Valley.

...

I meant to say "it is not likely to be _me_ who suffers in the job market..."


Sorry for any confusion.

--Tim

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Thu Nov  7 16:39:35 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 16:39:35 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0baea80ee121af@[192.0.2.1]>
Message-ID: <v03007808aea82cc3897c@[207.167.93.63]>


At 2:24 PM -0800 11/7/96, Peter Hendrickson wrote:
>> If I understand the reasoning, people beleive it is easier to prevent the
>> release of strong crypto. techiniques than to remove them once they are
>> released.
>
>The reasons underlying this are what I don't completely understand.
>
>> Once a terrorist has strong crypto, why should they stop using it if it
>> becomes illegal?
>
>Use of strong crypto would be a tip off that one is a terrorist.
>
>If strong cryptography were unpopular and highly illegal, very few
>people would be using it.  This makes it easy to identify suspects.

* Identification of high-entropy traffic (putatively: encrypted traffic)
would require extensive surveillance, tapping, and whatnot. The
infrastructure for this does not exist, and would cost an enormous amount
to deploy.

* (This is why so many of us want a crackdown on crypto delayed for as long
as possible: every year that passes means more networks, more intranets,
more channels, more modes, etc. Satellites, fibers, etc.)

* High-entropy traffic does not mean encryption, either. And encrypted
traffic can be twiddled to look like lower-entropy traffic (and I don't
even mean steganography, I mean adjusting message statistics).

* Once crypto has become widespread, and is built into mailers, browsers,
etc., there will be many people already using those old mailers and
browsers. Throwing Mom and Pop in jail because they forgot to turn off the
PGP mode in Eudora 4.0 or Netscape 5.0 is not going to go over well, even
in an era of supposed "zero-tolerance." (And California and Arizona just
voted to effectively decriminalize pot..."medical use of encryption" on the
2005 ballot?)

* Steganography. Entire volumes can be written about this. I believe I was
the first to propose, in a 1988-89 series of articles on sci.crypt, the use
of LSBs in image and sound files to transmit huge amounts of information,
with detection very difficult. As I told Kevin Kelley--reported in his
"Whole Earth Review" article and in his excellent "Out of Control" book--a
single DAT tape of a musical recording can easily carry 150-200 MB of
"message" just in the LSBs! Unless all tapes are checked at the border--and
what are live tapes, with lots of noise in the bottom few bits of each
word--to be compared against? The mind boggles at the task.

* "Legitimate needs." The whole notion Peter raises of banning cryptography
is fraught with problems. Are businesses to be told that all communications
are to be in the clear? Or is Peter's point that some form of GAK will be
used?

(If the latter, then of course we are back to an even better form of
"stego" than stego itself: superencrypt before using GAK. Unless the
government samples packets randomly and does what they say they will do to
open a GAKked packet--e.g., get a court order, go to the escrow key
holders, etc.--then how will they know if a message is superencrypted? And
what if a GAKked message contains conventional _codes_? Are shorthand codes
such as business have long used--"The rain in Rome is warm this month"--to
be illegal?)

* The point being that "rogue crypto" (terrorists, crypto anarchists,
freedom fighters) gets lost on the blizzard of other uses. And shutting
down all crypto means shutting down business use of crypto to protect
secrets, and probably means an end to digital commerce.

(This is another reason we want to delay action on crypto for as long as
possible: make encrypted communications so widespread in commerce that to
pull the plug would mean a financial calamity.)

* Intent. It's hard to imagine someone being imprisoned for using
cryptography, except perhaps in wartime conditions. I may be wrong. Also,
there are deep Constitutional issues we haven't been much discussing.

* Offshore sites. Even if U.S. citizen-units are proscribed from using
crypto--a hard thing to do--many crypto-anarchic markets will flourish
overseas. (If communication with offshore persons or sites is allowed, all
sorts of things can be done. If such communication is banned, this means a
profound change in the American system.) [I have not fleshed out the
arguments here, adequately, so don't focus on this point to rebut the rest
of my arguments, please.]

In another post, Peter posits a condition where people are appalled at the
implications of crypto and there is no popular support for it. But is he
implyiung that neighbors will burst into the homes of others to ferret out
crypto. I doubt this vigilantism will ever happen.

(My gun example is apropos. I believe we are fast approaching a point where
most people want guns outlawed. But it won't happen, as there are not
enough cops and military people willing to raid private homes in
contravention of the Bill of Rights and at personal risk to
themselves....and so it won't happen.

Once crypto is deeply intertwined into the fabric of life and commerce,
it'll be too late to pull the plug.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From markm at voicenet.com  Thu Nov  7 16:40:50 1996
From: markm at voicenet.com (Mark M.)
Date: Thu, 7 Nov 1996 16:40:50 -0800 (PST)
Subject: [rant] Re: Censorship on cypherpunks
In-Reply-To: <32816F8E.6580@gte.net>
Message-ID: <Pine.LNX.3.95.961107203632.1129A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 6 Nov 1996, Dale Thorn wrote:

> What both of these arguments (moreso the first) fail to mention is an individual's
> investment in time and possibly a lot of money in various memberships, with expec-
> tations that they will have the opportunity to develop and express themselves to
> their utmost capability.  When I have a problem with some of the dirty things my
> representatives in Washington DC do on my behalf, people say "like the U.S. or
> leave it", etc., as though my father, his father, his father, etc. clear back to
> the 1600's in the colonies here, wasted their blood on the battlefields defending
> these assholes who like to say "you can just leave if you don't like it".

This is why contracts are important.  There is no contract, implied or
otherwise, to which John Gilmore is bound that forces him to protect everyone's
"right" to be subscribed to cpunks and post whatever they want to the list.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoKP0CzIPc7jvyFpAQGolwf/WKjsPl/SuGgzrNvxV6IsTeCPeS85FJXB
KAj7Yz5TnBxILNJD4Cc4iy3AeGwzGFiula+jqLhuzLlnVMmPdwu/fo/kvBQGSDd8
ciMH1RgybeHLP0zaQQXqD6ilRtRTaUl0e50kxpKrY1UXUELbm6zojNURLvCp8Ill
zmxQ94KKgV4tytqMSqTOaN5OnR9TlKdqD2QEAGJFVAjx8SOSDyYF02ad/Xmj6sCe
BOzRguWy7LshRX89mH3DRx8SIe7Wta5CZkT5zkernwAJa2fnP+CSu6Pre9pzlyO0
T8spMgnWKAKu4SxlY5qFrPjIhOuud+5zbuhyjQxkdKrpvQcfb+f+RQ==
=FWJN
-----END PGP SIGNATURE-----






From ph at netcom.com  Thu Nov  7 16:51:31 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 16:51:31 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b00aea82fb2502a@[192.0.2.1]>


At 4:00 PM 11/7/1996, Jim McCoy wrote:
>ph at netcom.com (Peter Hendrickson) writes:
>[...]
>>> Once a terrorist has strong crypto, why should they stop using it if it
>>> becomes illegal?

>> Use of strong crypto would be a tip off that one is a terrorist.

>> If strong cryptography were unpopular and highly illegal, very few
>> people would be using it.  This makes it easy to identify suspects.

> But the difference between strong crypto and weak crypto is not
> something which is visible to an outside observer unless they make
> the effort to attack a particular system or decrypt a message.  Such
> an attack is beyond the capacity of most municipal or state governements
> and is a difficult and expensive task for federal agencies other than
> the NSA (who would nto be pleased if their machines were suddenly at
> the beck and call of the FBI or any other organization; never underestimate
> the power of inter-agency infighting :)

If mandatory GAK were imposed, reviewing messages is easy, even with
inter-agency fighting.  Or, encryption in general could just be
forbidden if GAK created too much hassle.

> What make such detection even harder is that a good crypto system
> generates output which is indistinguishable from noise, this makes it
> much easier to hide the fact that an encrypted channel is being used.

In practice I suspect that good stego is hard.  You don't have to be
right every time when you look for it, just some of the time.  When
you see packets that seem kind of funny to you, the judge issues you
a warrant and you search the suspect's house and computer very carefully.
If stego is in use, the software that generated it can be found.  Then
you hand out a life sentence.

Yes, this would be somewhat expensive.  But if the number of suspects
is small, it is completely feasible.

You might also identify suspects in other ways.  Maybe that Jim McCoy
is looking a little too successful or perhaps he made an unwise comment
to a "friend" who reported him.  That could easily be grounds for a
warrant and subsequent change of quarters.

> The funny thing about noise in the information theory sense is that it can
> actually be _anything_ depending on context, and this sort of uncertainty
> is the bane of a legal system which is solidly grounded upon technicalities
> (such as the US legal system.)

Which technicalities protected the Japanese-Americans during World War II?
As you probably know, these people were not protected by our legal system.
Their bank accounts were frozen and they were forced to sell their property
in less than two weeks.  They were effectively stripped of their assets.
Then, they were carted off to concentration camps and left there for years.
This was allowed to happen because there was strong public support for it.

The legal system would have to be stretched considerably less to outlaw
strong crypto and make it stick.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Thu Nov  7 16:53:33 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 16:53:33 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b01aea833c5456d@[192.0.2.1]>


At 5:18 PM 11/7/1996, Ted Cabeen wrote:
>At 02:38 PM 11/7/96 -0800, you wrote:
>>>Jeremiah A Blatz wrote:
>>>ph at netcom.com (Peter Hendrickson) writes:
>>> Well, once I've got my strong crypto and electronic commerce, and 20
>>> or so virtual identities to do things for me, and the gub'ment can't
>>> tell what money I'm making and spending, so they can't tax me. So if
>>> they can't tax me, and they can't tax lots of folks, then they can't
>>> pay their jack-booted thugs. So the goverment becomes irrelevant. It
>>> can't support a huge police state infrastructure, and certainly can't
>>> but mega-crays to break my crypto, so how're they going to retain
>>> control?
>>> When we say anarchy, we mean anarchy.

>> This only works if there are large numbers of people who think it is
>> a good idea.  Otherwise, the resources of the Federal Government
>> may be directed quite effectively against a small number of people.

>> If you can get a life prison term for your strong crypto you may
>> hesitate to use it.  If not, then you may get to be an example
>> for everybody else.

> That's why we have to develop stealth PGP and good stego so that the
> government doesn't even know that you're using the strong crypto that has
> been outlawed.  If they can't prove that there's actually a message in the
> picture of the catsgills you just downloaded off of
> alt.binaries.pictures.nature, you can't get a life sentence in jail.

What happens when they find it on your disk?  Remember, you don't have
an encrypted virtual disk, or if you do, the consequences are the same
if you didn't.

Peter Hendrickson
ph at netcom.com







From andrew_loewenstern at il.us.swissbank.com  Thu Nov  7 16:56:51 1996
From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern)
Date: Thu, 7 Nov 1996 16:56:51 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v03007801aea81885c729@[207.167.93.63]>
Message-ID: <9611080056.AA00887@ch1d157nwk>


TCM writes:
> Wide distribution of tools and channels.

A very important point that I haven't seen raised in this thread is _why_  
strong crypto is going to be widespread and thus impossible to control.   
Strong crypto is going to be the foundation of the information age.  Sorry for  
the buzzwords, but it is very obvious to almost everyone that there is  
potentially a lot of money to be made with the 'Net and strong crypto is  
required to guarantee that people get what is coming to them and not get  
ripped off.  Strong crypto maximizes returns by outright preventing fraud  
(which is far better than after-the-fact legal remedies!) and allowing more  
efficient collection of money (with self-enforcing protocols and eliminating  
middle men).  Weak Crypto (i.e. GAK) does not offer these features because the  
weak point in the chain becomes a mostly disinterested low-wage employee at  
the KRC, which is likely to be operated by a foreign government!  Any  
businessman can immediately understand why this is unacceptable, especially  
with all of the economic espionage stories going around corporate america.

People will outright demand strong crypto.

This is already happening.  Despite intense pressure from TLA's for GAK,  
savvy businesses are demanding strong crypto (the idea that no crypto at all  
will be used is utterly ridiculous, it will either be strong or GAKed but  
there will be crypto).  Hardly anyone is bowing to the pressure.  It will take  
a mandate from congress to get people to actually use GAK, and the more  
businesses and congresscritters begin understand the benefits of strong crypto  
to the bottom line, the less likely such a mandate would happen.


andrew





From pgut001 at cs.auckland.ac.nz  Thu Nov  7 16:59:59 1996
From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz)
Date: Thu, 7 Nov 1996 16:59:59 -0800 (PST)
Subject: Group order for "Secret Power" ... (San Francisco Bay Area only)
Message-ID: <84741478100182@cs26.cs.auckland.ac.nz>


>I'm looking for 19 other people interested in "Secret Power" (Craig
>Potton Publishers has indicated that there is a discount for 20 or
>more copies).  If you are in the San Francisco Bay Area, please
>contact me by phone or E-Mail.

If anyone is going to the Usenix e-commerce conference I can bring over
some copies for them.  I'm already taking over a whole bunch of copies,
I can bring over a few more if I can get them (I've pretty much cleaned
out the bookshops around here).  I can bring them to the conference but
what you do with them from there is up to you (ie I won't have time to
find post offices to mail people copies or whatever).  Cost is US$25
(the NZ retail price is $35 = US$25), delivery is in just over a week.

Peter.






From steve at miranova.com  Thu Nov  7 17:08:03 1996
From: steve at miranova.com (Steven L Baur)
Date: Thu, 7 Nov 1996 17:08:03 -0800 (PST)
Subject: [PRIVACY][BLACKNET] Potential Analyst?
In-Reply-To: <m2afstj3f6.fsf@totally-fudged-out-message-id>
Message-ID: <m2ybgd9yuw.fsf@deanna.miranova.com>


>>>>> "Brian" == Brian D Williams <talon57 at well.com> writes:

Brian> The Pro's say that analysts are born not made. If so whoever wrote
Brian> this appears to show potential.....

Brian> Send resume to BLACKNET.....

It would have been more impressive if it had mentioned that Dimitri
"Ray is a typical Californian" Vulis and Ray "You'd be surprised if
you knew where I lived" Arachelian appear to live within walking
distance of each other.
-- 
steve at miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.
What are the last two letters of "doesn't" and "can't"?
Coincidence?  I think not.





From mccoy at communities.com  Thu Nov  7 17:14:42 1996
From: mccoy at communities.com (Jim McCoy)
Date: Thu, 7 Nov 1996 17:14:42 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b10aea81624d693@[192.0.2.1]>
Message-ID: <v03007808aea835cf8016@[205.162.51.35]>


Peter Hendrickson wrote:
>Daniel T. Hagan wrote:
[...]
>>> If strong cryptography were unpopular and highly illegal, very few
>>> people would be using it.  This makes it easy to identify suspects.
>>
>> Or suppose that some one uses strong cryptography and then wraps it in
>> weak cryptography.  The outer shell would seem legal, and the authorities
>> can't go around randomly breaking people's keys (or so one would assume),
>> and even if they did, it wouldn't necessarily be legal as evidence anyway.
>
>In the extreme case, everybody would be sending messages in the clear.
>In the case of mandatory GAK, it would be easy to open a bunch of
>messages and see if what was inside looked like cryptography.  The
>privacy violation could be minimized by requiring a Congressionally
>approved test program to applied without any human reading it.  If
>the test program said it was cryptography, then this could be considered
>just cause for a judge to issue a warrant to the authorities for the
>study of the actual message.

Getting a program to recognize a subliminal message channel is even
harder than teaching a human to do so, check out the book Disappearing
Cryptography or do a web search for "mimic functions" to see how easy it
is to hide messages in text which a program parses as regular English.
The other problem is that more and more of the data being tossed around
the net are images and sound files in which it is incredibly easy to
hide encrypted messages.

>The laws regarding what is considered legal evidence are easily
>changed if there is a need for it.  Probably they don't need to be
>changed all that much.  If you see a lot of PGP messages coming
>from somebody, you get a warrant and search their computer for
>illegal software.  When you find it, you lock them up forever.

And if there was a penalty for using PGP then PGP would hide the fact
that such messages were being sent; that -----BEGIN PGP MESSAGE-----
line in the program output does not need to be there you know... Check
out Stealth PGP for an example.

[...]
>In the absence of strong cryptography, remailers do not offer much
>anonymity.

Except for the fact that US law stops at the US border (modulo kidnapping
Mexican doctors or strongarming the rest of the world to obey US
dictates...)  Information, on the other hand, is very easy to transport
across national boundaries and such transmission is impossible to stop.
With remailers outside the US I can send a message to a free nation and
have it delivered to whomever I want.

jim







From ph at netcom.com  Thu Nov  7 17:16:43 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 17:16:43 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b02aea834cd835d@[192.0.2.1]>


At 4:08 PM 11/7/1996, Timothy C. May wrote:
>At 2:38 PM -0800 11/7/96, Peter Hendrickson wrote:
>
>> If you can get a life prison term for your strong crypto you may
>> hesitate to use it.  If not, then you may get to be an example
>> for everybody else.

> Well, this is what in private e-mail to Peter I was referring to when I
> said "only a police state" could pull the plug on free speech and strong
> crypto once it was ubiquitously deployed.

While the term "police state" is not well defined, I do not believe it
applies to what I am describing.  (There is a risk that it could develop,
however.)

Laws forbidding the use of cryptography have ominous free speech
implications as we would be attempting to outlaw concealed meaning.
Concealed meaning can be pretty well concealed and that makes
for difficult and dangerous legal questions.

On the other hand, the action of running a program which uses forbidden
crypto systems is pretty unambiguous and could be effectively isolated
from other kinds of speech.

Many kinds of speech are already illegal.  For instance, I am not allowed
to copy somebody else's speech because it would violate copyright laws.
I am not allowed to break verbal contracts.  In essence, I am punished
later for the something I said if I am forced to keep my word.  But,
this does not constitute a police state.

What I am proposing would not require an end to fair trials or warrants
or really any other legal customs we have.

In case anybody has any doubts, and I doubt Tim does, the existence of
a life sentence does not imply the presence of a police state.

> Throwing people in prison for life for using crypto is something that is
> certainly _possible_, though I rather doubt taxpayers will be keen on
> paying for this. Simply executing those who use random numbers makes more
> sense.

The taxpayers will be happy to pay to keep a small number of criminals
in jail if it keeps the rest of us fairly safe within our homes and on
the streets.

> All implausible, of course.

> By the way, I've never claimed that I know crypto anarchy is irreversible,
> I just think it is. I've presented some plausibility arguments on why I
> think this is so, drawing parallels to other developments in history, but
> logical proofs and predictions about the future don't usually go together
> very well.

Actually, I agree with Tim.  I think the deployment of strong cryptography
will be irreversible.  But, it will be irreversible because the bad aspects
of it won't be all that bad and in general it will be a very positive
development.  The reason it must be stopped now is to stop the voters
from discovering this.  (Certainly we have seen a strong anti-democratic
sentiment among the proponents of GAK, when they propose that we cannot
even be allowed to hear the scenarios which should concern us, the
ultimate repository of political legitimacy in the United States.)

A good comparison can be made to the recreational drug situation.  Many
people, probably a majority of people, believe that they should be allowed
to take whatever drugs they like and many do.  Efforts have been made to
forbid it, but they are almost universally unsuccessful because of the
tremendous popular support for recreational drug use.

Peter Hendrickson
ph at netcom.com







From jimbell at pacifier.com  Thu Nov  7 17:16:52 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 7 Nov 1996 17:16:52 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611080116.RAA17853@mail.pacifier.com>


At 12:22 PM 11/7/96 -0800, Peter Hendrickson wrote:
>It appears to be widely believed that cryptoanarchy is irreversible.
>Everybody believes that the race to deploy or forbid strong cryptography
>will define the outcome for a long time.
>
>I can't think of a reason why this should be so.

>If the wide use of strong cryptography results in widely unpopular
>activities such as sarin attacks and political assassinations, it
>would not be all that hard to forbid it, even after deployment.

Simple analogy:  Suppose you put two people into a room with a deck of 
playing cards and a table, instructing "Person A" to build a house-of-cards, 
and telling "Person B" to stop him from achieving his goal.  Who do you 
think will win?  Obviously, the latter will win:  It's vastly easier to 
knock such a structure down than to build it in the first place,  and all 
"Person B" has to do is occasionally take a whack at the structure. 

BTW, some of your confusion is probably based is the false assumptions in 
your last sentence above.  "..wide use of strong cryptography results in 
widely unpopular activities such as sarin attacks and political 
assassinations."

First, I contend that the unpopularity of political assassinations is based 
far less on their presumed undesirability, and much more so on the fact that 
the average citizen (currently) has no input on who is being killed.  He 
might well suppose that the killings are trying to deny him the little power 
and influence he has in the political system. ("They shot [fill in the 
blank}!  I voted for him!")  But what if assassination was made far more 
accessible to the common man?  Suppose, say, the approval of one million 
citizens was the only thing necessary to have an assassination legally 
accomplished?   Or, more likely in practice, the vote of a million citizens 
was interpreted as a kind of terminal veto over that particular politician 
or government employee, who would have to resign or face the (lethal) 
consquences!  In that case, assassinations wouldn't be seen as bad, they'd 
be the natural consequence of a politician who overstays his welcome and 
ignores numerous warnings.

Second, things like "sarin attacks" are, in fact, the classic example of 
actions which WOULD NOT HAPPEN under a crypto-anarchy.  Over the last 30 
years or so, "terrorism" has come to be associated with random attacks on 
innocent citizens.  But I propose that such attacks only occur because the 
better, more appropriate targets are purposely made hard to attack.  Most 
people don't realize this.  But consider:  Wouldn't the people who bombed 
the OKC Federal building have preferred to kill, for example, the top 50 
government officials responsible for Waco and Ruby Ridge, rather than 150 
ordinary government employees?  Of course they would!  

If crypto-anarchy means anything to the future of terrorism, it's about 
helping to ensure that the people truly guilty of oppression get targeted in 
preference to anybody else.  Naturally, such a point of view will be wildly 
unpopular...with the guilty few.  The rest of us should like it just fine.

This is why crypto-anarchy will be so popular with the public once it's in 
place.  No more taxes, governments, militaries, wars, holocausts, etc.  
_THAT'S_ yet one more reason why it's irreversible:  people will have seen the 
results of both systems, and they'll be damned if they're going to allow 
crooked politicians back in the game!


Jim Bell
jimbell at pacifier.com





From tcmay at got.net  Thu Nov  7 17:22:14 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 17:22:14 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v03007801aea81885c729@[207.167.93.63]>
Message-ID: <v03007809aea8374f03f2@[207.167.93.63]>


At 6:56 PM -0600 11/7/96, Andrew Loewenstern wrote:
>TCM writes:
>> Wide distribution of tools and channels.
>
>A very important point that I haven't seen raised in this thread is _why_
>strong crypto is going to be widespread and thus impossible to control.
>Strong crypto is going to be the foundation of the information age.  Sorry
>for

Exactly, and I reemphasized the connection with digital commerce in my last
message.

I guess we haven't mentioned this enough recently, but in the early days of
the list we certainly did. We emphasized that a desirable goal is to get
strong crypto widely distributed, ubiquitously used. In commerce, between
machines (a la John Gilmore's SWAN), in intranets, in wireless data
transfers, to satellites, etc. Get it so entwined that trying to
crypto-lobotomize the Net would kill the patient.

(The Soviets and Eastern Europeans found this to be a problem...once they'd
incorporated enough of modern technology into their ways of doing things,
it was too late to try to pull the plug. Even the Chinese found that fax
machines and the Usenet were unstoppable. Even as early as 1989, pulling
the plug on the Usenet and banning fax machines was not an option. Rolling
over demonstrators with tanks was still an option, of course, and this
quelled the overt signs of trouble for a while.)


...
>middle men).  Weak Crypto (i.e. GAK) does not offer these features because
>the
>weak point in the chain becomes a mostly disinterested low-wage employee at
>the KRC, which is likely to be operated by a foreign government!  Any
>businessman can immediately understand why this is unacceptable, especially
>with all of the economic espionage stories going around corporate america.

And the GAK advocates have never clarified how an international system will
work. Even if one accepts the dubious hypothesis that the U.S. has a
noncorrupt, benign government, what of other countries? Is Ghaddaffi the
keeper of keys in Libya? How about the military government of Burma?

No business can operate if it thinks some tinhorn military ruler--or Craig
Livingstone in the White House--has trivial access to its most secret
communications, to its financial transactions, and may sell secrets to its
competitors or to other nations.

I can imagine no scheme which could possibly solve this problem. None. The
problem of "rogue governments" (and maybe all governments are rogue to at
least some other governments) means no simple solution. And the
Administration has done nothing to clarify how this will all work.

We can use this confusion to further undermine the U.S. position on GAK.
Lobbing grenades, sowing mistrust, and even "monkeywrenching" the system.


--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ph at netcom.com  Thu Nov  7 17:36:58 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 17:36:58 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b03aea83ae6f254@[192.0.2.1]>


At 6:56 PM 11/7/1996, Andrew Loewenstern wrote:
> ...<several excellent points>...

> People will outright demand strong crypto.

> This is already happening.  Despite intense pressure from TLA's for GAK,
> savvy businesses are demanding strong crypto (the idea that no crypto at all
> will be used is utterly ridiculous, it will either be strong or GAKed but
> there will be crypto).  Hardly anyone is bowing to the pressure.  It will
>take
> a mandate from congress to get people to actually use GAK, and the more
> businesses and congresscritters begin understand the benefits of strong
>crypto
> to the bottom line, the less likely such a mandate would happen.

This implies that there is a dramatic political opportunity for those
who have not yet taken a strong stand on the issue, young congresspeople
please note.

Federal interference has probably delayed the onset of large scale net
commerce by at least a year.  The Zimmermann case alone, I suspect, has had
a dramatic chilling effect on the development of good security technologies.

It is interesting to speculate on the career consequences for those who
are currently on the wrong side of the fence.  People like Jim Exon
will, at most, find their way into an embarrassing footnote in the
history books.

What about Albert Gore?  Since the '92 election his political stock
has fallen dramatically amongst people I know.  Before his "Information
Highway" activities, a few people were suspicious of his wife's
inclinations towards censorship, but he was not generally hated.  A lot
can happen in four years.  My guess is that the general public and
even the reporters ;-) will have caught on to the issues surrounding
strong crypto by the next election which will not be good for Gore's
naked ambition.

It's also interesting to wonder what will happen to certain institutions
which have not been very well behaved.  Certainly the ATF is not well
loved.  That is not lucky for long range funding.

I suspect the NSA will be able to salvage their reputation by sticking
the blame on the Clinton administration and anybody else who is handy.
They seem to be playing both sides of the fence right now.  There is
a tremendous institutional opportunity for the NSA as the demand for
secure systems is growing exponentially and they probably know it.

Peter Hendrickson
ph at netcom.com







From jimbell at pacifier.com  Thu Nov  7 17:46:31 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 7 Nov 1996 17:46:31 -0800 (PST)
Subject: RICO - (Was: Group order for Secret Power)
Message-ID: <199611080145.RAA20080@mail.pacifier.com>


At 04:43 PM 11/7/96 -0500, Black Unicorn wrote:

>
>I cover RICO because it's a popular prosecution tool,

"popular"?  Well, only in a rather stilted point of view!


> because it is 
>the predominate vehicle for seizure and forfeiture in federal cases 
>(of which remailer and encryption issues are likely to arouse) and 
>because it represents a codification of the approach most courts take 
>when dealing with seizure cases.  In a very real way, RICO represents 
>the outer extremes of seizure cases in the United States, and is 
>probably, given the complexity of many state laws, the simplest way 
>to "grab" something.  It also has civil provisions which make 
>"private prosecutors" out of you and me.

But the odd thing is, the one entity we can't seem to attack using RICO is 
the Federal government, and probably most other governments levels.  Looked 
at purely objectively, it should be easy to demonstrate that the Federal 
government (and its representatives) have engaged in plenty of crime as a 
pattern of activity, and certainly enough to rise to the level of the 
standards of RICO. (It takes only a few instances of such crime satisfy the 
standards of RICO.)

Change the name "Federal Government" to "Organization X," and describe what 
it's done, and all the evidence will point to a clear pattern of crime. 

Now, okay, it may seem presumptuous of me to even dream of the possibility 
of using RICO against the thugs who wrote it.  But this country (USA) is 
SUPPOSED to be under the rule of law, not men, and there is no reason (other 
than, sadly, pessimism or a-priori realism) to conclude that the government 
can't be punished when it breaks its own rules.  Such punishment could come 
by way of mechanisms such as the OKC bombing, or the far more selective 
system Assassination Politics (AP).  Take your choice.





Jim Bell
jimbell at pacifier.com





From mccoy at communities.com  Thu Nov  7 17:46:46 1996
From: mccoy at communities.com (Jim McCoy)
Date: Thu, 7 Nov 1996 17:46:46 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b00aea82fb2502a@[192.0.2.1]>
Message-ID: <v0300780aaea83a017ca3@[205.162.51.35]>


Peter Hendrickson writes:
>Jim McCoy wrote:
>>ph at netcom.com (Peter Hendrickson) writes:
>>[...]
>>> Use of strong crypto would be a tip off that one is a terrorist.
>
>>> If strong cryptography were unpopular and highly illegal, very few
>>> people would be using it.  This makes it easy to identify suspects.
>
>> But the difference between strong crypto and weak crypto is not
>> something which is visible to an outside observer unless they make
>> the effort to attack a particular system or decrypt a message.
[...]
>If mandatory GAK were imposed, reviewing messages is easy, even with
>inter-agency fighting.  Or, encryption in general could just be
>forbidden if GAK created too much hassle.

Encryption itself will never be forbidden because there is far too much
money riding on electronic commerce.  An administration which tried to
outlaw all encryption would soon find itself on the next train out of
D.C. after the next election cycle.  [And high-tech is definitely getting
more politically aware and organized as the recent Calif. prop 211 shows]
There are a lot of very powerful people betting on systems which require
at least a minimal amount of encryption (at least enough to make random
ciphertext transmissions common on the net.)

Reviewing messages and actually finding stego'd messages is actually a
very, very, hard problem for a program.  This is the sort of AI problem
which people have been working on for more than thirty years and no one
has even come close to solving it.  When you add in the fact that
communication on the net is becoming more international there will be even
more problems for such a program to solve (e.g. a Malay<->English
translation program will throw a ton of false poitives into the mix for
any program developed which somehow has enough understanding of English
to detect messages whose grammar and word choice indicates a possible mimic
function, if the two users communicate using mimic functions within the
translation program itself you are completely screwed...)


>> What make such detection even harder is that a good crypto system
>> generates output which is indistinguishable from noise, this makes it
>> much easier to hide the fact that an encrypted channel is being used.
>
>In practice I suspect that good stego is hard.

You are mistaken.  Read Disappearing Cryptography to see just how easy
it is, then check out Romana Machado's EzStego program (done in Java so
it can be added to any web download with a bit of tweaking.)   If the
penalty for using bad stego is high enough you can be certain that natural
selection will make certain that eventually the programs being used are
top notch code :)

>You don't have to be
>right every time when you look for it, just some of the time.  When
>you see packets that seem kind of funny to you, the judge issues you
>a warrant and you search the suspect's house and computer very carefully.
>If stego is in use, the software that generated it can be found.  Then
>you hand out a life sentence.

The problem is that you need to be able to prove that stego is in use, and
this is a much more difficult task than you suggest.  A good stego program
will turn out bits which are indistinguishable from noise, so there is no
way to actually _prove_ that stego is being used without actually breaking
the cipher used in the stego routines.  Remember, that life sentence you
suggests requires "proof beyond a reasonable doubt" in US courts, bit rot
from multiple image scannings or a bad microphone on a IP phone conversation
should be more than enough for the accused to cast doubt into the minds of
the jury members.

>You might also identify suspects in other ways.  Maybe that Jim McCoy
>is looking a little too successful or perhaps he made an unwise comment
>to a "friend" who reported him.  That could easily be grounds for a
>warrant and subsequent change of quarters.

Get a warrant, search my system, find nothing but a bunch of applications
and a collection of risque (but definitely legal) pictures which I exchange
with a few friends.  You may suspect that when the images are concatenated
in a particular way the low-order bits form a stego filesystem but no one
will be able to prove it in court.

>> The funny thing about noise in the information theory sense is that it can
>> actually be _anything_ depending on context, and this sort of uncertainty
>> is the bane of a legal system which is solidly grounded upon technicalities
>> (such as the US legal system.)
>
>Which technicalities protected the Japanese-Americans during World War II?

Few.  OTOH the interment of Japanese-Americans occurred during a period of
war, at a time when civil liberties were much more limited, and when
Asian-Americans were second-class citizens with very little political power
(that and the Korematsu decision was a complete piece of crap...)  Today
most US citizens distrust the US governement, civil liberties and protections
are fairly well established in law and legal precedence, and we techno-nerds
are actually the ones running the country :)  [Actually the internment of
Japanese-Americans was really a big land grab masquerading as a wartime
necessity, but that does not change the fact that it happened...]

>The legal system would have to be stretched considerably less to outlaw
>strong crypto and make it stick.

It would have to be shattered to make such a ban stick.  Times have changed
quite significantly since the 40s, and free speech rights and the first
amendment have become rather important to our information society.

jim







From ph at netcom.com  Thu Nov  7 17:55:35 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 17:55:35 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b04aea83f2ff40e@[192.0.2.1]>


At 5:13 PM 11/7/1996, Jim McCoy wrote:
> Getting a program to recognize a subliminal message channel is even
> harder than teaching a human to do so, check out the book Disappearing
> Cryptography or do a web search for "mimic functions" to see how easy it
> is to hide messages in text which a program parses as regular English.
> The other problem is that more and more of the data being tossed around
> the net are images and sound files in which it is incredibly easy to
> hide encrypted messages.

I doubt it is as easy as you say.  Truly noisy sources are unusual.
You don't have to be 100% sure you have a crypto-terrorist on your hands
to search their house, interrogate them, and talk for awhile to
everyone they know and then watch them carefully from then on.

You don't have to have very many convictions with life sentences
to discourage most experimenters which means that you can afford
to spend a lot of time and effort on those that you can find.

The perpetrator need only mess up once to be put in jail where he belongs.

Assuming that it is possible to identify most crypto-anarchist-terrorists
as suspects (possibly through informants or surveillance or tax audits)
it should be fairly simple to find their contraband disks and data when
you search their house.  The problem with executables is that they have
to execute so you can tell if they are encryption software.  How will
you handle this problem?

>> In the absence of strong cryptography, remailers do not offer much
>> anonymity.

> Except for the fact that US law stops at the US border (modulo kidnapping
> Mexican doctors or strongarming the rest of the world to obey US
> dictates...)  Information, on the other hand, is very easy to transport
> across national boundaries and such transmission is impossible to stop.
> With remailers outside the US I can send a message to a free nation and
> have it delivered to whomever I want.

Cross border transmissions of illegally encrypted information is as hard
to stop as the use of strong cryptography.  If you can stop, for the
most part, the use of strong cryptography, then you can stop the use
of foreign remailers, errrr, I mean espionage mailers.

Were there strong support for it, even cross border activity could be
significantly curtailed.  This would complicate the practice of carrying
stego'd materials across by hand.  That may seem improbable, but I know
that in the late 1960s the Johnson Administration seriously considered
limiting U.S. tourism because of the negative impact it had on the dollar.

In the model I am positing, there would be broad popular support for
such policies.

Peter Hendrickson
ph at netcom.com







From Scottauge at aol.com  Thu Nov  7 18:06:32 1996
From: Scottauge at aol.com (Scottauge at aol.com)
Date: Thu, 7 Nov 1996 18:06:32 -0800 (PST)
Subject: Fwd: God and None (fwd)
Message-ID: <961107210454_1148658863@emout09.mail.aol.com>



---------------------
Forwarded message:
From:	scotta at astea.com (Scott Auge)
To:	scottauge at aol.com
Date: 96-11-07 10:18:29 EST



---------- Forwarded message ----------
Date: Tue, 5 Nov 1996 21:26:43 GMT
From: Donald Sellari <dsellari at btg.com>
To: scotta at hpg60.astea.com
Subject: None

                       History Of The Net
>                       ==================
>
> First there was God. He was quite lonely so he created Dennis.
>
> Dennis was unimpressed with God.
>
> So,... God created Brian.
>
> But, Brian got bored with God.
>
> So Brian and Dennis started playing, and they created C. God saw C,
> and saw that it was good. So he decided to let Brian and Dennis play
> some more.
>
> Then Brian and Dennis created Unix. God saw Unix, and he was jealous.
> So he created Bill to torment Brian and Dennis and obscure their
> creation (for God could not destroy Unix, for he secretly admired
> its perfection).
>
> So Bill created Microsoft. And Microsoft created Windows. And God saw
> that it was bad, but it had market share, so he was happy. Then Bill
> got cocky, and his ego got bigger than God's. So to knock Bill down a
> couple of pegs, God put into effect, a wondrous plan.
>
> First God created Tim. And Tim created the World Wide Web (using
> Unix, of course). This was good, but not THAT good. So God created
> Marc. Marc created Mosaic (using  Unix, of course). Mosaic created a
> huge feeding frenzy that has got a lot of people who are reading this
>  their jobs.
>
>  But that's a different story. Mosaic was good, and God saw it was
>  good, so he allowed Marc to start Netscape. Back to this later.
>
>  But all this time Brian and Dennis started to make something better
>  than Unix called Plan 9 (because God was successful in foiling Brian
>  and Dennis' previous seven plans [there was no Plan 8 because Brian
>  and Dennis pulled the wool over God's eyes and just jumped to Plan 9,
>  which was too bright a move for even God to figure out.] )
>
>  Eventually, God figured out how to create Larry.
>
>  No one knows how or why he created Larry, except perhaps to reduce
>  productivity at the Jet Propulsion Labs at NASA. [Rumors are that God
>  created Larry because he secretly liked what Dennis and Brian had done
>  with C, but didn't think C and Unix was enough -- this probably isn't
>  true because God believed he had destroyed Brian and Dennis' plans by
>  destroying Plans 1-7, and by creating Microsoft to slay their beloved
>  Unix.
>
>  Anyhow, Larry created Perl (using Unix and C, of course), and God saw
>  it was good, so he made Randal. Larry and Randal wrote books about
>  Perl. And everyone saw that this was good, except snobs who were too
>  much into C, Windows, and Intel. (It so happens that Randal was so
>  cool he figured out a way to break into Unix at Intel, and Intel sued
>  him for it but that's another story also -- chances are Randal would
>  not have been able to break into *Plan 9* at Intel, but Intel isn't
>  cool enough to be running Plan 9)
>
>  Anyhow, back to Randal. So Randal and Larry wrote books, but they had
>  to be nice because of the people they worked for. So then came Tom.
>  But back to Tom later.
>
>  Anyhow, God saw Netscape (made using Unix and C, of course), and he
>  saw it was good, and that annoyed Bill quite a bit. And that made Him
>  very happy, and made Marc very rich. But Bill was very very rich. But
>  that's a *completely* different story.
>
>  But as good as Larry's creation, Perl, was, it couldn't do everything,
>  so God created Scott. Scott announced Java, and this was big news.  Now
>  Java really pissed Bill off, because Bill also created Blackbird, and
>  Java killed Blackbird. This was bad because killing Blackbird also
>  meant killing the Microsoft Network. And many rejoiced over that, but
>  that, too is another story.
>
>  Now Java, obviously had done much to annoy Bill. For Java was so good
>  that Bill had to license Java. All this time, Scott poked lots of fun
>  at Bill because Sun, which was where Scott worked, made a better OS,
>  derived -- of course -- from Unix, which was better than Bill's and
>  Microsoft's Windows.
>
>  Anyhow, even God's creations Steve and Steve who created Apple
>  couldn't make Bill license the much superior MacOS. But finally, Bill
>  had to license Java. So justice was served, and Bill's ego was served
>  him on a platter for him to eat his words. Or something. That part is
>  unclear.
>
>  So by this time Windows and Microsoft and Bill in general really
>  sucked. Especially considering the advantages that Brian and Dennis'
>  C and Unix, running Marc's Netscape and Mosaic over Tim's World Wide
>  Web, doing cool CGI stuff with Larry's Perl, which you learned from
>  Randal and Tom, and got to program with Scott's Java.
>
>  And God realized he had put Bill down too far. So then God made it so
>  that Marc's Netscape and Mosaic could run on Windows. We already know
>  that Bill had to license Java from Scott. We know that Bill missed
>  the boat for not beating Tim to the punch on the World Wide Web. The
>  last straw was for God to make it possible for Larry's Perl to run on
>  Bill's Windows.
>
>  So back to Tom. Tom was a Perl God. And God didn't like this, but
>  Tom's a God so there isn't much God could do, so He couldn't stop Tom
>  from saying things like "install an operating system on your poor
>  lonely computer the way God and Dennis intended", and "Espousing the
>  eponymous /cgi-bin/perl.exe?FMH.pl execution model is like reading a
>  suicide note -- three days too late."
>
>  The moral to the story? God is fickle. That's why Microsoft and Bill
>  and Windows exists. Do what God intended, install C, Unix,
>  Mosaic/Netscape, Java, and Perl on your system, and make Brian,
>  Dennis, Larry, Tim, Tom, Randal, Scott, and even Steve and Steve,
>  I'm sure, happy by doing so.
>
>  Oh yeah, Linus was cool too. He's the guy you thank for being able to
>  run all the cool stuff on your crappy little Pee Cee. (anything with
>  x86 on it, by default, is crappy, no PERSONAL flames intended)
>
>
>








From roach_s at alph.swosu.edu  Thu Nov  7 18:15:52 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 7 Nov 1996 18:15:52 -0800 (PST)
Subject: [off subject]Re: Parents effectively lose their right
Message-ID: <199611080215.SAA23645@toad.com>


At 10:03 AM 11/6/96 -0800, Michael Craft wrote:
>> Family Research Council Washington Watch News - October 25, 1996 - Vol.
>> 8:1
>> 
>> "Parents effectively lose their right to direct the upbringing of their
>> children ..., ruled that Katy Independent School District in TX did
>> not violate parents' rights by allowing Child Protective Services to 
>> interrogate a student without notifying his parents, nor by instructing 
>> him to lie to his parents about the incident."
>
>Spanking and ecumenical prayer may be illegal in the schools, but 
>methinks the above is actually more harmful to society than mindless
>prayer or a little paddling.
>
>
Actually, at least in Oklahoma, corporal punishment is still quite legal,
it's just considered risky.  Many parents actually believe that "thier
little angel can do no wrong", incapable of believing that the actions that
thier little hooligans propagated.  It is these parents who might sue, but
that doesn't change the fact that at least in Oklahoma, corporal punishment
can still be used in the schools.






From roach_s at alph.swosu.edu  Thu Nov  7 18:17:31 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 7 Nov 1996 18:17:31 -0800 (PST)
Subject: [rant]Re: black high heal shoes?
Message-ID: <199611080215.SAA23650@toad.com>


>Clinton wearing black and white shiny vinyl high
>heel shoes, and nothing else but a transparent
>plastic raincoat. 
>
>Embroided on the back of the clear plastic raincoat
>is the bar code for the RSA algorithm. 
>
>He is walking around the RSA Data Security Conference
>with the outfit on, trying to hug and kiss the attendees,
>but they all ignore and make fun of him!


When I think about Clipper.
In my personal opinion, Clinton is afraid of unrestricted crypto because
when he thinks about all the things he would have done with it when he was
(is?) a hippie radical, he shuders, then, he makes the error of assuming
that everyone in the U.S. of A. has the same low morals that he has shown.
He feels that he must protect us from the monsters, yet, he feels that we
are all potential monsters.
And when I think about the assualt rifle ban, I think the same thing.
In my personal opinion.  None of this should be taken for anything but my
opinion.
Oh the nightmares you must have Mr. President.  I am grateful that I don't
see the world through your eyes.






From roach_s at alph.swosu.edu  Thu Nov  7 18:19:18 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 7 Nov 1996 18:19:18 -0800 (PST)
Subject: [rant] Race
Message-ID: <199611080215.SAA23654@toad.com>


Sandy Sandfort wrote:
...
>What you mean WE, white man?  ...
At first I was afraid to comment, as I have been more than vocal in the last
24 hours, but then I decided that I thought this important enough to bring up.
This was the first time on this list that I noticed such an obvious
reference to race, granted I'm fairly new to the list,(quite new in fact),
and when I think about it, there were several references to Russians and
Jews in some of the other posts about Dr. Vulis and his practices.  In my
rose colored view, I had not taken notice, possibly because they were
comments about the statements made by an individual, more likely because I'm
gratefully ignorant to most of the filth of this imperfect world.  I was
unaware of some of the hardships some of my friends and their friends still
go through just because of their skin color.  Not Just with recognized,
individual bigots, but also with the police, and I live in a sparsely
populated area.
The point I was going to make was that this comment caught my eye, because
it bridged my real, though I should say corporal as this is quite real,
world with my online world.  For a week there, I was a individual in a
society of minds, our "race" depended on our individual views.  I like being
online, I am judged by what I think matters.  When something threatens my
ability to be free of the definitions put on my physical shell, I react.
Does this have any relation to crypto?  No  But it does have relevance to
anonymity.  Online I can be who I feel like, not what I look like.
For those wondering who I am, I may be an AI painted purple with a big intel
sticker on my side, it doesn't matter, what do you think about my ideas.






From ph at netcom.com  Thu Nov  7 18:26:05 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 18:26:05 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b05aea845867165@[192.0.2.1]>


At 5:12 PM 11/7/1996, jim bell wrote:
>At 12:22 PM 11/7/96 -0800, Peter Hendrickson wrote:
>>It appears to be widely believed that cryptoanarchy is irreversible.
>>Everybody believes that the race to deploy or forbid strong cryptography
>>will define the outcome for a long time.

>> I can't think of a reason why this should be so.

>> If the wide use of strong cryptography results in widely unpopular
>> activities such as sarin attacks and political assassinations, it
>> would not be all that hard to forbid it, even after deployment.

> Simple analogy:  Suppose you put two people into a room with a deck of
> playing cards and a table, instructing "Person A" to build a house-of-cards,
> and telling "Person B" to stop him from achieving his goal.  Who do you
> think will win?  Obviously, the latter will win:  It's vastly easier to
> knock such a structure down than to build it in the first place,  and all
> "Person B" has to do is occasionally take a whack at the structure.

> BTW, some of your confusion is probably based is the false assumptions in
> your last sentence above.  "..wide use of strong cryptography results in
> widely unpopular activities such as sarin attacks and political
> assassinations."

No, you're confused, but it's probably my fault.  We don't really know
what cryptoanarchy will be like.  We all have ideas about it.  Some
we share and some we don't.  But we won't really know until we see it
happen.

My whole point is based on the proposition that the doomsayers are right.
I believe D. Denning has suggested that cryptoanarchy will result in
the breakdown of our society.  The implication is that we must stop
this from happening.  What I am saying is that we can wait and see
before going into a panic.  If it turns out to be bad - and I mean
Assassination Politics, by the way - it is reasonable to assume that
broad popular support for the suppression of strong cryptography will
result.  Even most cypherpunks would support and participate in such
policies if it appeared to be necessary.  Broad popular support means
that it will be possible to roll back cryptoanarchy.  That means
we don't need to do anything hasty now.  The people who want to do
some hasty should be called upon to justify their beliefs.  To date
I don't believe they have done so.

It might be a good idea to reread the first sentence of the last
paragraph.  I am not repeat not endorsing the Four Horsemen scenario.

> First, I contend that the unpopularity of political assassinations is based
> far less on their presumed undesirability, and much more so on the fact that
> the average citizen (currently) has no input on who is being killed.  He
> might well suppose that the killings are trying to deny him the little power
> and influence he has in the political system. ("They shot [fill in the
> blank}!  I voted for him!")  But what if assassination was made far more
> accessible to the common man?  Suppose, say, the approval of one million
> citizens was the only thing necessary to have an assassination legally
> accomplished?   Or, more likely in practice, the vote of a million citizens
> was interpreted as a kind of terminal veto over that particular politician
> or government employee, who would have to resign or face the (lethal)
> consquences!  In that case, assassinations wouldn't be seen as bad, they'd
> be the natural consequence of a politician who overstays his welcome and
> ignores numerous warnings.

It is my opinion that your bloodthirsty dreams have done a great deal to
discredit cryptoanarchy.

Peter Hendrickson
ph at netcom.com







From ponder at freenet.tlh.fl.us  Thu Nov  7 18:37:16 1996
From: ponder at freenet.tlh.fl.us (P. J. Ponder)
Date: Thu, 7 Nov 1996 18:37:16 -0800 (PST)
Subject: Information [for new PGP user]
In-Reply-To: <3281FB84.3560@gte.net>
Message-ID: <Pine.OSF.3.91.961107213057.8220G-100000@fn3.freenet.tlh.fl.us>




On Thu, 7 Nov 1996, Dale Thorn wrote:

> stewarts at ix.netcom.com wrote:
> > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
[snip] 
> > You can read and compile the source code yourself.
> 
> [snip, snip]
> 
> Really?  All 60,000 or so lines, including all 'includes' or attachments?
> 
> I'll bet you can't find 10 out of 1,000 users who have read the total source,
> let alone comprehended and validated it.

the point is that the source code is available and public.  I may not be 
able to find any errors or hiddens trapdoors in it, but I have greater 
trust in it because many other people can read it and make public 
comments about it.   the advantage of a published (public) work is that 
even those of us who are not experts can gain the advantage of having the 
work reviewed openly by anyone who is so inclined.
--
to unsubscribe from the cypherpunks mailing list, send to
     majordomo at toad.com
a message that states: 
     unsubscribe cypherpunks
in the message body, not the subject line.  This is the preferred method. 
You may also try the Vulis method, but it irritates so many people.








From deviant at pooh-corner.com  Thu Nov  7 18:38:44 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Thu, 7 Nov 1996 18:38:44 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0baea80ee121af@[192.0.2.1]>
Message-ID: <Pine.LNX.3.94.961108023719.811A-100000@random.sp.org>


On Thu, 7 Nov 1996, Peter Hendrickson wrote:

> > If I understand the reasoning, people beleive it is easier to prevent the
> > release of strong crypto. techiniques than to remove them once they are
> > released.
> 
> The reasons underlying this are what I don't completely understand.
> 
> > Once a terrorist has strong crypto, why should they stop using it if it
> > becomes illegal?
> 
> Use of strong crypto would be a tip off that one is a terrorist.
> 
> If strong cryptography were unpopular and highly illegal, very few
> people would be using it.  This makes it easy to identify suspects.
> 
> Peter Hendrickson
> ph at netcom.com
> 

If crypto is made a criminal offense, only criminals will use crypto.

 --Deviant
I have discovered that all human evil comes from this, man's being
unable to sit still in a room.
		-- Blaise Pascal







From ph at netcom.com  Thu Nov  7 19:00:31 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 19:00:31 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b07aea84b33c6fd@[192.0.2.1]>


At 5:48 PM 11/7/1996, Jim McCoy wrote:
> Peter Hendrickson writes:
>> If mandatory GAK were imposed, reviewing messages is easy, even with
>> inter-agency fighting.  Or, encryption in general could just be
>> forbidden if GAK created too much hassle.

> Encryption itself will never be forbidden because there is far too much
> money riding on electronic commerce.

I think this is true.  Good computer security, including encryption,
is clearly important to the financial well being of the country.
If we consider that to be a national security issue, then we have
to ask why the national security apparatus is attempting to undermine
our security.

> An administration which tried to outlaw all encryption would soon find
> itself on the next train out of D.C. after the next election cycle.

But if the doomsayers are right, this would not be the case.  Most
people will be willing to give up some Internet commerce if they believe
it is necessary to protect their children and maybe their society.
That is not even an unreasonable point of view.

>> In practice I suspect that good stego is hard.

> You are mistaken.  Read Disappearing Cryptography to see just how easy
> it is, then check out Romana Machado's EzStego program (done in Java so
> it can be added to any web download with a bit of tweaking.)   If the
> penalty for using bad stego is high enough you can be certain that natural
> selection will make certain that eventually the programs being used are
> top notch code :)

I may be mistaken.  I have added "Disappearing Cryptography" to my list.
Still, my intuition says that it is quite hard to do stegonography for
many years and never tip your hand even once.

>> You don't have to be right every time when you look for it, just some
>> of the time....

> The problem is that you need to be able to prove that stego is in use, and
> this is a much more difficult task than you suggest.

But you really don't need to prove it.  You just have to convince a judge
to issue a warrant for you to get the real evidence.  If you have to,
you'll train a dog to sniff stego.  (That was a joke by the way. ;-)

>> You might also identify suspects in other ways.  Maybe that Jim McCoy
>> is looking a little too successful or perhaps he made an unwise comment
>> to a "friend" who reported him.  That could easily be grounds for a
>> warrant and subsequent change of quarters.

> Get a warrant, search my system, find nothing but a bunch of applications
> and a collection of risque (but definitely legal) pictures which I exchange
> with a few friends.  You may suspect that when the images are concatenated
> in a particular way the low-order bits form a stego filesystem but no one
> will be able to prove it in court.

Are you concatenating these images by hand?  If so, the level of entropy
is probably low enough to recover the information through brute force
methods or you are hiding a very small amount of information.

If you are not doing it by hand, you own terrorist software and will pay
the price.

And, by the way, who are these friends?  Can any of them finger you in
exchange for a reduced sentence?

Incidentally, I hope nobody on this list believes they will be able
to practice cryptoanarchy in my scenario.  You are already suspects.

>> Which technicalities protected the Japanese-Americans during World War II?

> Few.  OTOH the interment of Japanese-Americans occurred during a period of
> war, at a time when civil liberties were much more limited, and when
> Asian-Americans were second-class citizens with very little political power
> (that and the Korematsu decision was a complete piece of crap...)

In the Four Horsemen scenario, where people are being murdered all the
time and the society is in a turmoil, popular support for the suppression
of strong cryptography would be easy to arrange.

> Today most US citizens distrust the US governement, civil liberties and
> protections are fairly well established in law and legal precedence, and
> we techno-nerds are actually the ones running the country :)

In the Four Horsemen scenario, it is likely that most engineers would
be delighted to help put things to rights.

>> The legal system would have to be stretched considerably less to outlaw
>> strong crypto and make it stick.

> It would have to be shattered to make such a ban stick.  Times have changed
> quite significantly since the 40s, and free speech rights and the first
> amendment have become rather important to our information society.

This is correct.  But these views would be change if we were facing
a terrible situation.  It isn't even clear that you would have to
tamper with free speech rights all that much to suppress strong
cryptography.  There would be a dramatic political risk that all rights
would disappear later, but after somebody you know gets killed
anonymously, you might be willing to chance it.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Thu Nov  7 19:20:18 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 19:20:18 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0aaea854a8000a@[192.0.2.1]>


At 5:24 PM 11/7/1996, Timothy C. May wrote:
> At 6:56 PM -0600 11/7/96, Andrew Loewenstern wrote:
>> middle men).  Weak Crypto (i.e. GAK) does not offer these features because
>> the
>> weak point in the chain becomes a mostly disinterested low-wage employee at
>> the KRC, which is likely to be operated by a foreign government!  Any
>> businessman can immediately understand why this is unacceptable, especially
>> with all of the economic espionage stories going around corporate america.

> And the GAK advocates have never clarified how an international system will
> work. Even if one accepts the dubious hypothesis that the U.S. has a
> noncorrupt, benign government, what of other countries? Is Ghaddaffi the
> keeper of keys in Libya? How about the military government of Burma?

> I can imagine no scheme which could possibly solve this problem. None. The
> problem of "rogue governments" (and maybe all governments are rogue to at
> least some other governments) means no simple solution. And the
> Administration has done nothing to clarify how this will all work.

I cannot speak for the GAK advocates.  However, you could establish a
system where messages between two countries are encoded with keys
which are made available to only the two countries in question.

A really simple scheme to do this would be for each country to publish
a public key.  You would be required to encrypt the key to the message
with the national public key.  That scheme would be fast to deploy.

In a more complicated and secure scheme, you would be given a public key
from each country that was unique for your communications at the same
time you were granted your international communications license.  The
unique public key would be managed by a small group of people.  This
means that if it was ever compromised, most message traffic would be
secure and those who were responsible would be easy to find.

The only way you are at the mercy of the Libyans is if you do business
in Libya.

Peter Hendrickson
ph at netcom.com







From markm at voicenet.com  Thu Nov  7 19:44:04 1996
From: markm at voicenet.com (Mark M.)
Date: Thu, 7 Nov 1996 19:44:04 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b00aea82fb2502a@[192.0.2.1]>
Message-ID: <Pine.LNX.3.95.961107232620.1475A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 7 Nov 1996, Peter Hendrickson wrote:

> If mandatory GAK were imposed, reviewing messages is easy, even with
> inter-agency fighting.  Or, encryption in general could just be
> forbidden if GAK created too much hassle.

How would this be possible?  The latest GAK proposal is for companies to store
keys instead of the government.  There is the potential for colaboration
between a TLA and an "escrow" company.  It is also possible for a TLA to
illegally obtain the keys from the company's database.  However, it would
still be impossible to review every message.  Even if the government had full
access to all encryption keys, it would still be technically infeasible to
review every message.

> In practice I suspect that good stego is hard.  You don't have to be
> right every time when you look for it, just some of the time.  When
> you see packets that seem kind of funny to you, the judge issues you
> a warrant and you search the suspect's house and computer very carefully.
> If stego is in use, the software that generated it can be found.  Then
> you hand out a life sentence.

Good stego is possible.  Stegoing data in jpegs is very secure and probably
infeasible to detect.  This scenario is not entirely unrealistic -- in some
states a rise in electrical bills is enough to get a judge to issue a search
warrant to search the suspect's home for evidence of marijuana cultivation.
However, I find the life sentence idea pretty unrealistic.  You are assuming
that there will be wide support for tough restrictions on crypto.  This is
not currently the case and I doubt it would ever get to this point.

Not very many people are currently supporting any life sentence for anyone
who is in possession of explosives, despite the increase in terrorist
activity.  Gun-control advocates aren't supporting laws that will give a life
sentence to anyone who owns a gun.  Given that many people who believe in
gun-control and tagants in explosives are against GAK, why do you think there
will be such a revolt against strong crypto?  

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoK68yzIPc7jvyFpAQHN5QgAhsvpuZPwvGV32VTlzS+fRuLXXwWDqmQL
0/etFQkdo0aOwOm8qnGHQzq796tOQVDBFVE8QJSiQqCqukETc1G+E2IDqA53Yl5f
xhCfKjBOcp2ZA63ZjKZYd6nVKnoxlgnz5BfVlShMVdxFDszo2SC4HqSvBhRDOjZr
npGhDPRiabTWEs4tAXUvh5ymelCBtgdLmDAjPKPgTYnloWUIUNBkGQ1pvRYD/lAs
OeL/OPJNNicmKFx1kN9Xx6NP/IYhmS9qUE0qQ0iPUWo8hILqA4ZgIaxY826M6ikQ
6/RMsBzIg03xzrWw4gOYB2HyC0Hk/sDTgMNiHxYvy6ugfzdweO/yCg==
=mlYb
-----END PGP SIGNATURE-----






From dthorn at gte.net  Thu Nov  7 20:08:47 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 7 Nov 1996 20:08:47 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <Pine.LNX.3.94.961107043646.339A-100000@random.sp.org>
Message-ID: <32822B64.1142@gte.net>


The Deviant wrote:
> On Wed, 6 Nov 1996, Timothy C. May wrote:
> > At 2:44 PM -0800 11/5/96, Sean Roach wrote:
> > >If I remember my history right, the order that math was done often depended
> > >on the model of calculator it was done on.  I remember being warned as late
> > >as 1991 how some calculators may still still add before they multiply, and
> > >to use those parenthesis for good measure, just to be safe.

> > Well, it ain't _history_ only--it's also current. Some of us use RPN
> > (Reverse Polish Notation) calculators exclusively. (Even my screen
> > calculator I use on my Mac is an RPN one.)

> Yes, many calculators still have the add/multiply error also.  Most of the
> newer generation (the one which I wish I didn't have to be a part of)
> doesn't know what RPN is, much less how to use it.

> A friend of mine found his father's RPN HP (don't know which model) from
> college a week or two ago, and you'd never beleive how long it took me to
> convince him that "RPN" really does stand for "Reverse Polish Notation".
> As for slide rules, I think I'm the only person at my school who knows
> what a slide rule _is_, much less how to use one ;)

According to HP, the "Polish" part of the term comes from a Polish mathematician whose
name (I can't spell it, and I don't have the .DOC) is pronounced phonetically:
WOOCASHEVITZ.  The "reverse" part apparently means the inventor specified the 
operation before the parameters, instead of how HP implemented it.






From gbroiles at netbox.com  Thu Nov  7 20:21:22 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Thu, 7 Nov 1996 20:21:22 -0800 (PST)
Subject: exclusion/censorship and the law
Message-ID: <3.0b28.32.19961107195807.0073290c@mail.io.com>


At 09:27 PM 11/6/96 -0600, Jim Choate wrote:

>There is one important legal aspect which the operator of the Cypherpunks
>mailing list has opened themselves up for with this action. In short they
>have now opened themselves up for defamation and liable suites by imposing
>an editorial policy on the contents of this list (1).
>
>This opens up the potential, for example, for Tim May to sue the operator of
>the Cypherpunks mailing list now for posts from users (even anonymous ones)
>which defame or otherwise liable his character, reputation, or ability to
>pursue income in his chosen field. In short the operators of the list
>becomes publishers and distributors of the material. It is the legal
>difference between a bookstore and a book publisher. 

I don't pretend to have spent much attention on defamation, but the cases
I've seen don't go nearly this far. The two that come to mind are _Cubby v.
Compuserve_ 776 F. Supp. 135 (1991), and _Stratton Oakmont v. Prodigy_
(sorry, no cite at hand). _Cubby_ said that service providers were liable
*only when they had knowledge of the defamation*. Since the list is set up
(as far as I know) to forward messages (regardless of source) to the
subscribers without further editorial review, _Cubby_ suggests no liability
here. _Stratton Oakmont_ went the other direction (finding potential
liability for defendant service provider, on a motion for preliminary
injunction? can't remember) but has been widely criticized; that ruling
never faced any extended scrutiny because the parties settled. Also,
Prodigy, the defendant in Stratton Oakmont, exercised much greater
editorial control over postings on that service, and had the ability to
remove postings, which is something John Gilmore can't do.

So my impression is that you've got the tail end of a useful concept
(ability to control is frequently a factor used to determine liability) but
are making far too much out of it. One really big difference I see here is
that editorial control of the Cpunks list has occurred once (in 4? 5? years
of the list's existence), is on a per-person not a per-message basis, and
*does not function to restrict who can send messages but only limits Vulis'
ability to _receive_ them on his usual system(s)*.

You might take a look at Mike Godwin's article on net defamation at
<http://www.eff.org/pub/Legal/net_libel_godwin.article>; by now it's a
little old, but I don't think anything's happened since which would change
its reasoning. 

>Censorship is censorship, irrespective of the source of the limitation.
>Free expression is impossible in an environment of censorship.

The problem with absolute statements like this is that they ignore
important distinctions about scale - e.g., I think that it's very important
that people, generally, be free to discuss whatever they want in private
homes. But I also think it's very important that I be able to tell other
people that they're not willing to discuss whatever they want in *my* home.
Not because I'm especially excited about censorship, but because I enjoy my
privacy and my peace & quiet. So on the level of national rights, yes,
unrestricted speech is an excellent thing. But on the level of my living
room, unrestricted speech is a very bad thing. 

I don't think anyone who is arguing that it's fine to throw Vulis off the
list would make the argument that it would be acceptable for the government
to throw Vulis off of the Internet. 

The closest thing I can see to a First Amendment argument against Gilmore
is the "company town" argument, that the list is so much like a city or
town that it ought to be subject to the restrictions that the First
Amendment puts on municipalities and traditional public forums - but even
this (rather far-out) argument got shot down a few days ago when our
beloved Wallace of CyberPromo tried it in _Cyber Promotions v. America
Online_. The judge said "no way", and I think that argument's a lot more
plausible against American Online than against John Gilmore. 

>I have argued in the past that this list is a defacto public list because of
>the way it is advertised and to the extent it is advertised. All the protests
>by the operator to the contrary will not convince a court.

I don't think this makes any sense. "Public list" has no special meaning.
My impression is that you're trying to make an analogy to public places
which are privately owned like motels and lunch counters and amusement
parks, where the owners (despite being private actors) cannot discriminate
on the basis of race, gender, national origin, etc. (See, e.g., Civil
Rights Act of 1964, 42 USC 1981 et seq)

But I don't think there's any especially credible allegation that Vulis was
discriminated against on the basis of protected class membership; nor is it
clear that the Civil Rights Act can be extended to the operation of mailing
lists. (Can someone shed some light on this? I've spent some time reading
civil rights cases and can't remember one which gets even close. But I hate
to say "can't be done" on the basis of failing to remember a case where it
has been done.) My hunch is that (especially with this Supreme Court) the
First Amendment's right to speak and assemble freely would trump Congress'
attempt (pursuant to the Fourteenth Amendment, Section V) to regulate the
distribution of speech. 

If there's no prohibited discrimination (either because there's no
prohibition, or there was no "discrimination" within the terms of the
statute) then I don't see a cause of action. Wanting something you're not
getting isn't enough. Owners of "public places" like malls or stores or
restaurants are still free to exclude some people for non-prohibited
reasons (like not meeting the dress code, or having behaved poorly in the
past). And Vulis' behavior is certainly enough to suggest that his
exclusion from the list (which has not impaired his ability to speak to the
list) was neither arbitrary nor wrongly discriminatory. So I really don't
think that a civil rights-flavored argument even gets to first base here.

I am pretty disappointed to see that none of the people who profess to be
shocked and wounded at Vulis' exclusion have bothered to set up your own
lists. In my mind, whatever moral outrage you claim to have looks awfully
small compared to the relatively small burden of doing something about what
you say is bothering you. 

Someone said that saying "start your own list" is like saying "well, go
start your own country"; but the difference is that you can only live in
one place at a time, so starting your own country on some faraway island
means severing personal and professional ties in the place that you live
now, abandoning the countryside you've come to know and love, etc. But
there's no reason that you can't start your own mailing list and stay on
cypherpunks. As I pointed out a few days ago, you can even subscribe your
list to the cypherpunks list, so that your list is "cypherpunks++". I think
there are some copyright issues lurking here, but there are at least two
filtered cypherpunks lists running, as well as Bob Hettinga's e-$pam list,
which make use of cpunks traffic, and I'm not aware that any of those folks
have attracted suits for their reproduction of list traffic. So I don't see
any big obstacle to one or more people fixing what they say is a big
problem. So I'm left to wonder if this really isn't the big deal people
seem to enjoy making it into, or if it's a big deal, but free speech and
lack of censorship is worth less than some time and/or some money to these
folks. 

I think that "cypherpunks write code" can/should be understood as a
question, e.g., "what are you doing to change the things that bother you?" 
--
Greg Broiles                | "In this court, appellant and respondent are the
gbroiles at netbox.com         |  same person. Each party has filed a brief."
http://www.io.com/~gbroiles |  Lodi v. Lodi, 173 Cal.App.3d 628, 219 Cal.
                            |  Rptr. 116 (3rd Dist, 1985)






From tcmay at got.net  Thu Nov  7 20:44:55 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 20:44:55 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0aaea854a8000a@[192.0.2.1]>
Message-ID: <v03007801aea869b8d096@[207.167.93.63]>


At 7:20 PM -0800 11/7/96, Peter Hendrickson wrote:
...
>I cannot speak for the GAK advocates.  However, you could establish a
>system where messages between two countries are encoded with keys
>which are made available to only the two countries in question.
>
>A really simple scheme to do this would be for each country to publish
>a public key.  You would be required to encrypt the key to the message
>with the national public key.  That scheme would be fast to deploy.

Well, this is not what the proposals for GAK involve. If it were _only_ a
matter of each country requiring GAK for communicatons entering its
country, then this would be as you describe (not that many of us would
approve of it).

What complicates matters is that the U.S. proposes that _it_ keep
records/escrows of communications with, say, recipients in Libya. Or
Russia, or Burma, or Tazbekinoya. This means automatically that simplistic
models ("encrypt to the public key of Tazbekinoya" will not be sufficient).

>In a more complicated and secure scheme, you would be given a public key
>from each country that was unique for your communications at the same
>time you were granted your international communications license.  The
>unique public key would be managed by a small group of people.  This
>means that if it was ever compromised, most message traffic would be
>secure and those who were responsible would be easy to find.
>
>The only way you are at the mercy of the Libyans is if you do business
>in Libya.

No, I think you are missing the point. The issue about Libya is that the
GAK system must make decisions about when and under what conditions it
accedes to government wishes--for governments we may be hostile toward.

Or governments may be hostile toward us.

As I said in another message, I don't think there can be a unified GAK
policy. I believe the U.S. Administration hopes to browbeat enough nations
into compliance such that it--the U.S. government--controls which keys are
released and which are not. My point about "rogue" governments is that the
problems of Burma, Libya, etc. will not vanish. Clearly the U.S. government
will not settle for waiting for Libya or Burma to co-release keys....

And nothing in GAK says one gets to communicate with Libyan parties by
encrypting with the public key of Libya, thus bypassing the U.S. decryption
capabilities!

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From haystack at cow.net  Thu Nov  7 20:47:21 1996
From: haystack at cow.net (Bovine Remailer)
Date: Thu, 7 Nov 1996 20:47:21 -0800 (PST)
Subject: No Subject
Message-ID: <9611080435.AA27183@cow.net>


On Wed, 6 Nov 1996, Bill Frantz wrote:

> At  4:39 AM 11/6/96 -0500, Jim Ray wrote:
> >Judge Kozinski wrote:
> >> ... Perhaps the answer
> >> is that the post office should not accept mail unless there
> >> is a clear indication of who the sender is on the upper left
> >> hand corner of the envelope. ...
> 
> In the case of postal mail, return address forgery is so easy that anyone
> who can address an envelope can figure it out.  Requiring something
> scribbled there certainly wouldn't help protect against anonymous mail. 
> You would have to couple it with "is a person" checks to ensure the person
> posting it is the person referenced by the return address.  Bye bye corner
> post box.

Yes the failure to forsee this did stand out a little in the discourse :).







From dthorn at gte.net  Thu Nov  7 21:03:59 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 7 Nov 1996 21:03:59 -0800 (PST)
Subject: Validating a program
In-Reply-To: <199611071941.OAA13267@homeport.org>
Message-ID: <3282BD90.43FA@gte.net>


Adam Shostack wrote:
> Dale Thorn wrote:
> | stewarts at ix.netcom.com wrote:
> | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
> | > >> > Last,  I would like to know once and for all,  is PGP compromised,  is
> | > >> > there a back door, and have we been fooled by NSA to believe it's secure?

> | > You can read and compile the source code yourself.

> | Really?  All 60,000 or so lines, including all 'includes' or attachments?
> | I'll bet you can't find 10 out of 1,000 users who have read the total source,
> | let alone comprehended and validated it.

[snip]

> In short, if you're paranoid, feel free to look over the source.  But the fact that
> most people have never peeked under the hood is not a strike against pgp at all.

The quip about peeking under the hood may apply OK to an automobile, but to a program
which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
put the sender in any great danger, but when the application is really serious, as it
always is sooner or later, you must realize that people could be taking great risks
with PGP encryption, and "pretty sure" isn't good enough when it's really, really
vital to have bulletproof security.






From dthorn at gte.net  Thu Nov  7 21:04:46 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 7 Nov 1996 21:04:46 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT]
In-Reply-To: <199611071509.EAA13032@mycroft.actrix.gen.nz>
Message-ID: <3282BAF1.9E@gte.net>


Paul Foley wrote:
> On Wed, 06 Nov 1996 21:43:51 -0800, Dale Thorn wrote:
>    Sandy Sandfort wrote:

[snippo]

> Try this at home: send email addressed to majordomo at toad.com with the
> body "who cypherpunks".  When you get a reply, save it in a file.  OK,
> you now have a list of who's subscribed to this list on your computer.
> Is it your contention that you should not be allowed to edit or delete
> this list?  If you reply in the negative, why do you think that John
> Gilmore shouldn't be allowed to edit his copy of this list?

[mucho snippo]

It amazes me how erstwhile "intelligent" folks will waste so much time stating the
obvious, i.e., "John owns the list, etc.".  I doubt whether they'd make very good
programmers, with so much time on their hands and so little imagination.

BTW, I did a "who cypherpunks" on Oct 12, and another on Nov 4.  There were 1361 on
the list on Oct 12, and 1353 on Oct 4 (net loss of 8).  There were 211 new nyms,
and 219 dropped off.  If enough of these people who come and go stay just long
enough to learn something, and possibly give up some of their own info at the same
time, that could translate to a lot of influence on the part of the list "owner".

Anytime *anyone* accumulates a disproportionate share of power, money, or influence
in a "free" society, they should be watched very closely.  In fact, you folks who have
so much time on your hands could help with that...

BTW #2:  I didn't do the stats manually, I used utilities made for the purpose.







From tcmay at got.net  Thu Nov  7 21:07:56 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 21:07:56 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b02aea834cd835d@[192.0.2.1]>
Message-ID: <v03007802aea86e3be000@[207.167.93.63]>


At 5:16 PM -0800 11/7/96, Peter Hendrickson wrote:

>While the term "police state" is not well defined, I do not believe it
>applies to what I am describing.  (There is a risk that it could develop,
>however.)
>
>Laws forbidding the use of cryptography have ominous free speech
>implications as we would be attempting to outlaw concealed meaning.
>Concealed meaning can be pretty well concealed and that makes
>for difficult and dangerous legal questions.

If the only means of detection is raiding homes to inspect them for
contraband--something not even done during the height of the anti-drug
hysteria, at least not on a regular basis--then I stand by my comment that
stopping private use of cryptography requires a police state such as the
world has not yet seen.

>On the other hand, the action of running a program which uses forbidden
>crypto systems is pretty unambiguous and could be effectively isolated
>from other kinds of speech.

Oh? How? If the output of such a program looks like quantization or Johnson
noise in a recording, then how could this form of "speech" be effectively
isolated?


>Many kinds of speech are already illegal.  For instance, I am not allowed
>to copy somebody else's speech because it would violate copyright laws.
>I am not allowed to break verbal contracts.  In essence, I am punished
>later for the something I said if I am forced to keep my word.  But,
>this does not constitute a police state.

Careful! Some of your examples are not examples of _prohibited_ speech, but
are instead examples of _actionable_ speech. The Constitution is fairly
clear that the government cannot be a filter or censor for speech.

Hence, requirements that people speak in English, or in some other language
that the government can understand, is not required. Not even in a criminal
case, as a matter of fact. (If I speak only Skansko-Bravatlian, and am the
only such speaker in the world, I cannot be compelled to study English or
even Spanish prior to a trial.)

Requiring people to speak or write in a language that is understandable to
some GS-10 at Fort Meade would appear to violate the First Amendment in a
rather serious way. As encrypted speech is really just another language
(tell me I'm wrong on this, anyone), encrypted speech appears to be fully
protected by the First Amendment, which says that Congress shall make no
law about speech, blah blah.


>What I am proposing would not require an end to fair trials or warrants
>or really any other legal customs we have.

I strongly disagree. Prosecution would involve making certain _forms_ of
speech illegal (not the same thing as the _content_ being illegal, as in
ordering the kililng of another, or treason, or shouting "Fire!"
improperly). And detection and collection of evidence would almost
certainly involve illegal searches and seizures.

>In case anybody has any doubts, and I doubt Tim does, the existence of
>a life sentence does not imply the presence of a police state.

Not ipso facto, but having people serving life sentences for speaking in an
outlawed language certainly meets my definition of a police state.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ph at netcom.com  Thu Nov  7 21:12:39 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 21:12:39 -0800 (PST)
Subject: Judge Patel Background
Message-ID: <v02140b0eaea86df4f191@[192.0.2.1]>


Jim McCoy pointed me to an interesting book called "The Courage
of Their Convictions" by Peter Irons.  It just happens to
reference Judge Patel.

Fred Korematsu was a Japanese-American shipyard worker in the
early 1940s. His fiancee was Caucasian.  To stay with her, he evaded
the concentration camps for two months, but was caught and convicted
anyway.  His conviction was not reversed until 1983 in the court of one
Judge Patel.

Page 48, "After hearing lawyers on both sides, Judge Marilyn Patel
asked Fred Korematsu to address the court.  `As long as my record
stands in federal court,' he quietly stated, `any American citizen
can be held in prison or concentration camps without a trial or
hearing.'  Ruling from the bench, Judge Patel labeled the government's
position as `tantamount to a confession of error' and erased Fred's
conviction from the court's records."

(Judge Patel is presiding over Dan Bernstein's challenge to the ITAR.)

(Full reference: Irons, Peter "The Courage of Their Convictions:
Sixteen Americans Who Fought Their Way to the Supreme Court"
New York: Penguin Books, 1990  ISBN 0 14 01.2810 7)

Peter Hendrickson
ph at netcom.com







From mycroft at actrix.gen.nz  Thu Nov  7 21:15:56 1996
From: mycroft at actrix.gen.nz (Paul Foley)
Date: Thu, 7 Nov 1996 21:15:56 -0800 (PST)
Subject: Blocking addresses by default
In-Reply-To: <199611072025.PAA22083@spirit.hks.net>
Message-ID: <199611080315.QAA17329@mycroft.actrix.gen.nz>


On Thu, 7 Nov 1996 15:25:07 -0500, Rich Graves wrote:

   remailer at nowhere.com looks for "$$" as the first line of the message, 
   and strips everything up to the next occurrence of "$$". It then appends 
   its own disclaimer block before sending the message to the hop (remailer 
   or final destination).

   A bit annoying, yes, but I think this would go a long way towards 
   improving public relations. I don't see how it compromises security.

Neither do I.  I think it should use something like a line of dashes,
or maybe a C comment, though, rather than $$, to make it look
'prettier' for the eventual recipient, and clarify that it's not part
of the original message.

   What's wrong with this scheme? Other than the fact that all remailers 
   would have to change their software at the exact same moment. :-)

This is not true, of course.  Implement it in two stages.  First
recognise and strip the disclaimer, but don't prepend one, then, when
all remailers are doing this, start prepending information.

-- 
Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
I must have slipped a disk -- my pack hurts





From mycroft at actrix.gen.nz  Thu Nov  7 21:19:21 1996
From: mycroft at actrix.gen.nz (Paul Foley)
Date: Thu, 7 Nov 1996 21:19:21 -0800 (PST)
Subject: [rant] Re: Censorship on cypherpunks
In-Reply-To: <199611071856.KAA18731@toad.com>
Message-ID: <199611080339.QAA17498@mycroft.actrix.gen.nz>


On Thu, 7 Nov 1996 10:56:01 -0800 (PST), Sean Roach wrote:

   Actually, I was comparing some people on the list, who were saying someone
   could always start thier own list, with those who advocate telling someone
   to start a new country as opposed to making their vote count.  This is a

This is a ridiculous comparison.

Starting your own country is virtually impossible, not to mention
unthinkably expensive, and if you could do it, it would mean packing
up and physically moving to another location -- something you may not
want to do (especially since your new country would surely have none
of the amenities you're used to -- indoor plumbing, supermarkets,
etc.)  Starting your own list, on the other hand, is almost as easy as
breathing, requires no great expense, and doesn't preclude you from
also being a member of this list.

   free country where we, fortunately, don't have to hang around, and, this is

You don't have to stay in the US, but if you want to leave you do have
to find somewhere else to go.

-- 
Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Reader, suppose you were an idiot.  And suppose you were a member of
Congress.  But I repeat myself.
		-- Mark Twain





From tcmay at got.net  Thu Nov  7 21:30:08 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 21:30:08 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <Pine.LNX.3.94.961107043646.339A-100000@random.sp.org>
Message-ID: <v03007803aea873ff3acc@[207.167.93.63]>


At 10:33 AM -0800 11/7/96, Dale Thorn wrote:

>According to HP, the "Polish" part of the term comes from a Polish
>mathematician whose
>name (I can't spell it, and I don't have the .DOC) is pronounced phonetically:
>WOOCASHEVITZ.  The "reverse" part apparently means the inventor specified the
>operation before the parameters, instead of how HP implemented it.


Lucaciewicz, as I recall. His notation was originally that one would add
two numbers, a and b, as "+ a b." A modified form, adapted for stack
machines, was to add two numbers with "a b +." Hence, _reverse_ Polish
notation, but equally sound.

This involves entering a, then pushing it onto the stack with an ENTER,
then entering b, then hitting the "+" key to pop the stack and place the
sum in the main (X) register.

For people who claim that (6 + 7) * 5 is the "natural" way to do things, I
point out to them that the way one does it one's head is to take 6 and 7
and add them then to multiply by 5. Or I show them

   6
+  7
-----
   13
*   5
-----
   65

Then they see that RPN is actually the way we do things in our head. Or on
paper.

Computers do things with parentheses, we don't.

By the way, Polish notation is how LISP evaluates expressions. E.g.

(+ 6 7)

or, for the full problem above,

(* 5 (+ 6 7))

And for those of you are not LISP or Scheme fans, the language FORTH also
uses Polish notation. RPN, in fact.



--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From dthorn at gte.net  Thu Nov  7 21:37:50 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 7 Nov 1996 21:37:50 -0800 (PST)
Subject: Who owns cypherpunks [RANT]
In-Reply-To: <199611071940.OAA83990@osceola.gate.net>
Message-ID: <3282C1BA.68CB@gte.net>


Jim Ray wrote:
> Jim Choate writes:
> > There is one important legal aspect which the operator of the Cypherpunks
> > mailing list has opened themselves up for with this action. In short they
> > have now opened themselves up for defamation and liable suites by imposing
> > an editorial policy on the contents of this list (1).

> I fear you mean "libel," and I think not. (see below.)

[multi-snip]

> I'm sure John's quaking in his boots. Reread my campground analogy, and try
> to refute it. You can't. Go start your own list with no moderation. Go start
> a more moderated list than John's, like Perry's will be. Do whatever, but
> this moronic thread must end!

[more snip]

Ironic, isn't it?  Jim says "this moronic thread *must* end", and yet, this very list
that is John's *private* property is filling up with rants about censorship.  Tsk tsk.

Maybe next time they'll make it more apparent at subscription time that there's no
assurance of free speech here!






From tcmay at got.net  Thu Nov  7 21:40:31 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 21:40:31 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <199611080116.RAA17853@mail.pacifier.com>
Message-ID: <v03007804aea877ef27a6@[207.167.93.63]>


At 5:12 PM -0800 11/7/96, jim bell wrote:


>accessible to the common man?  Suppose, say, the approval of one million
>citizens was the only thing necessary to have an assassination legally
>accomplished?   Or, more likely in practice, the vote of a million citizens
>was interpreted as a kind of terminal veto over that particular politician
>or government employee, who would have to resign or face the (lethal)
>consquences!  In that case, assassinations wouldn't be seen as bad, they'd
>be the natural consequence of a politician who overstays his welcome and
>ignores numerous warnings.

Nothing in any version of AP I have seen makes any stipulation that the
payment is "one person, one vote."

Thus, if saw a politician killed (and if I believed it to be an AP-related
kiling), I might think:

"Well, one hundred thousand people just voted with their one dollar each to
have him killed."

But I might just as easily think:

"Or one special interest group just paid one hundred thousand dollars to
have him killed."

That is, "assassination politics" boils down to be being a minor variant on
a well-established topic: the use of untraceable payments for contract
killings. Whether there was some fiction of a betting market or just a
direct payment is immaterial.

--Tim May





"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Thu Nov  7 21:51:08 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 21:51:08 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b04aea83f2ff40e@[192.0.2.1]>
Message-ID: <v03007805aea879c094e9@[207.167.93.63]>


At 5:55 PM -0800 11/7/96, Peter Hendrickson wrote:
>At 5:13 PM 11/7/1996, Jim McCoy wrote:
>> Getting a program to recognize a subliminal message channel is even
>> harder than teaching a human to do so, check out the book Disappearing
>> Cryptography or do a web search for "mimic functions" to see how easy it
>> is to hide messages in text which a program parses as regular English.
>> The other problem is that more and more of the data being tossed around
>> the net are images and sound files in which it is incredibly easy to
>> hide encrypted messages.
>
>I doubt it is as easy as you say.  Truly noisy sources are unusual.
>You don't have to be 100% sure you have a crypto-terrorist on your hands
>to search their house, interrogate them, and talk for awhile to
>everyone they know and then watch them carefully from then on.

"Truly noisy sources" are not at all unusual. Actually, the hard part is
ever proving a source is _not_ noisy. (There are deep issues involving
randomness here, and I usually go into the work of Kolmogorov, Chaitin, and
others at this point. Consult the archives, or see a book on information
theory.)

As Jim noted, any reasonably good crypto algorithm will produce an output
which so closely resmbles noise (modulo the issue of "Begin PGP" tags,
which can, and should, be removed) as to foil any efforts to prove it is
not noise.

The legal issue is this: can we pass laws and have them upheld by the
courts which impose severe penalties on people for the supposed crime of
having in their possession sequences of numbers which cannot be converted
to meaningful English sentences? I maintain that the Constitution says we
cannot. Of course, if the Constitution is thrown out, then the old
Cypherpunk joke may come into play: "Use a random number, go to jail." (An
Eric Hughes quote, from 1992-3.)


>In the model I am positing, there would be broad popular support for
>such policies.

I think you are assuming a lot.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From nobody at huge.cajones.com  Thu Nov  7 21:52:31 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Thu, 7 Nov 1996 21:52:31 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?Re: Why is cryptoanarchy irreversible?
In-Reply-To: <Pine.OSF.3.95.961107154908.14910A-100000@rottweiler.cslab.vt.edu>
Message-ID: <199611080552.VAA04741@mailmasher.com>


On Thu, 7 Nov 1996, Daniel T. Hagan wrote:

> On Thu, 7 Nov 1996, Peter Hendrickson wrote:
> 
> > It appears to be widely believed that cryptoanarchy is irreversible.
> > Everybody believes that the race to deploy or forbid strong cryptography
> > will define the outcome for a long time.
> > 
> > I can't think of a reason why this should be so.
> > 
> > If the wide use of strong cryptography results in widely unpopular
> > activities such as sarin attacks and political assassinations, it
> > would not be all that hard to forbid it, even after deployment.
> > 
> > I am curious why many people believe this is not true.
> > 
> > Peter Hendrickson
> > ph at netcom.com

Look around at all the laws in a community that are unenforceable and 
largely ignored by significant sections of the community. Taxes are a 
classic with many people receiving cash and not declaring it..I suppose 
you could say they just opt not to pay taxes while law abiders (to varying 
degrees) opt in to pay tax. 

It is estimated here where all dogs, for example, are required to be 
registered, that only 40 percent are in fact registered (ie pay the dog 
tax). The authorities simply do not, with their current technology, have 
the ability or political will to break down everyone's front door and 
complete house to house dog searches then deal with court cases and bring 
eveidence as to the actual owner of the animal where this is a relevant 
matter to be proved.

Take a look at the nearest road and tell me if the speed limit imposed is 
effective enough to have everyone comply.

Dare I mention drugs, political corrutpion, fraud, or murder.

Once the tools are 'out' individuals decide whether they will use them, 
irrespective of what laws may be made to control or ban useage. Certainly 
those laws will have an impact on individuals decisions as to whether the 
risk of use, after taking into account the penalty, and importantly the 
likelihood of detection, will warrant its use.

Consider the difficulty of actually outlawing say PGP and making it 
stick. To ban its use on a network compliance measures such as routine 
traffic scanning would be implimented. So users may say resort to direct 
modem to modem systems thus forcing authorities to routinely tap 
telephone calls, identify modem calls, and analyse these calls. The 
authorities start to use scarce resources provided by those members of 
the public that choose to pay taxes to them. These taxpayers may start to 
get annoyed that resources are being used to do this when it makes no 
difference to their lives. Even if these measures were successful you 
could print your pgp output out to paper, post it to your friend, and she 
could scan it on her computer and decrypt it. The authorities now have to 
start opening mail and implimenting effective means of identifying the 
poster of all mail in the community to ensure compliance. If you posted a 
disk they would need to consume resources routinely scanning every disk 
for encrypted data..imagine the thousands of jobs that would create..and 
the costs to the poor taxpayer of implimenting such a scheme. The public 
starts to get even more annoyed. In fact some members of the public who 
previously didn't give a damn about the crypto nuts now start to sympathise 
with them.

The authorities have to spend even more resources on publicity and scams 
to align privacy advocates with terrorists. Some privacy advocates may 
even become terrorists who before didn't really care for such tactics.

Assume the snail mail route is effectively sqaushed what then? Well you 
could voice call your friend and read the encyphered text to them over 
the phone and they could then run it through pgp and decrypt it. If the 
authorities effectively made this too costly (in terms of risk etc) then 
you could always just jump on a plane and tell them the message 
personally or send someone else to do that for you.

The costs of compliance increase as the authorities take measures to put 
the genie back in the bottle. Stealth versions of popular programs get 
released, and further technological advances are made so that the problem 
becomes greater with respect to compliance as do the costs to the 
taxpayer of ensuring compliance. Encrypted data that cannot be easily 
distinguished form noise would require routine analysis and attempted 
cracking of every bit of data transmitted..a task that would soon bring 
even the great US economy to its knees assuming the people didn't put a 
stop to the madness before it reached that point.

Just as an aside, I am sure the various spook angencies in the 'free 
world' are well aware of these issues and no doubt other issues I have 
not imagined and such considerations have played a part in so far stalling 
an outright ban on the use of effective encryption programs and devices. 
There are always costs to a government in the reduction in freedoms, and 
the ultimate cost to any particular government is that it may stir the 
beast so much that it awakens and takes away that governments authority 
whether by democratic means or otherwise.

> If I understand the reasoning, people beleive it is easier to prevent the
> release of strong crypto. techiniques than to remove them once they are
> released.  
> 
> Once a terrorist has strong crypto, why should they stop using it if it
> becomes illegal?
> 
> Daniel

Or even ordinary mortals...just a thought for consideration :).






From dougr at skypoint-gw.globelle.com  Thu Nov  7 22:31:26 1996
From: dougr at skypoint-gw.globelle.com (Douglas B. Renner)
Date: Thu, 7 Nov 1996 22:31:26 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <Pine.OSF.3.95.961107154908.14910A-100000@rottweiler.cslab.vt.edu>
Message-ID: <Pine.3.89.9611080410.A72-0100000@skypoint-gw.globelle.com>



> > I am curious why many people believe this is not true.
> > 
> > Peter Hendrickson
> > ph at netcom.com

Because it's a technology which is closely tied to human nature.

Once unleashed, you cannot coax the genie back into the bottle no matter 
how hard you try.

Doug





From geoffk at discus.anu.edu.au  Thu Nov  7 22:41:43 1996
From: geoffk at discus.anu.edu.au (Geoffrey KEATING)
Date: Thu, 7 Nov 1996 22:41:43 -0800 (PST)
Subject: Anonymous remailer client in Java
Message-ID: <199611080640.RAA19222@discus.anu.edu.au>


I have set up a Java client for type 1 anonymous remailers at
<http://www.ozemail.com.au/~geoffk/anon/anon.html>.

The client features a simple type-and-click interface, PGP encryption,
automatic remailer chaining, and a 100% java implementation---no
native code required. It has been tested under Netscape and Sun's
AppletViewer on MacOS and Solaris. It will let you create simple reply
blocks (those which don't encrypt the message).

This is intended as a better way to post mail anonymously via the
web (especially since Community ConneXion's https service seems to
have shut down).

Flaws:

- Persons in the US will not be able to use it unless they have a
license from RSA (which is unlikely).

- It doesn't do Mixmaster remailers yet (but it will soon).

- It can't actually send the mail if you're behind a firewall, but it
will PGP encrypt a message for you to send.

- It has to send all its mail via the HTTP server's machine because of
applet security restrictions---you can fix this by making a local
copy, or (if you're brave) giving it more permissions. The mail is
encrypted from your machine, so this isn't insecure, just slow and a
waste of bandwidth.

Ideally, it would run from a web site on the same machine as an
anonymous remailer, and use that as the first hop in the chain. If
anyone (outside the US, of course) would be interested in setting this
up, please e-mail me at the address below.

Please CC any followups, as I am not presently subscribed to
cypherpunks.

-- 
Geoff Keating <geoffk at ozemail.com.au>





From ph at netcom.com  Thu Nov  7 23:06:45 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 23:06:45 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b11aea877091410@[192.0.2.1]>


At 11:46 PM 11/7/1996, Mark M. wrote:
>On Thu, 7 Nov 1996, Peter Hendrickson wrote:
>> If mandatory GAK were imposed, reviewing messages is easy, even with
>> inter-agency fighting.  Or, encryption in general could just be
>> forbidden if GAK created too much hassle.
>
> How would this be possible?  The latest GAK proposal is for companies to store
> keys instead of the government.  There is the potential for colaboration
> between a TLA and an "escrow" company.  It is also possible for a TLA to
> illegally obtain the keys from the company's database.  However, it would
> still be impossible to review every message.  Even if the government had full
> access to all encryption keys, it would still be technically infeasible to
> review every message.

The latest GAK proposal is not under discussion.  What is under discussion
is the policy options that are possible when there is strong public
support to suppress strong cryptography.  The Four Horsemen scenario
would likely generate such mass support, even among cypherpunks.

>> In practice I suspect that good stego is hard.  You don't have to be
>> right every time when you look for it, just some of the time.  When
>> you see packets that seem kind of funny to you, the judge issues you
>> a warrant and you search the suspect's house and computer very carefully.
>> If stego is in use, the software that generated it can be found.  Then
>> you hand out a life sentence.

> Good stego is possible.  Stegoing data in jpegs is very secure and probably
> infeasible to detect.

I am not convinced, but I am not expert in this area.

> However, I find the life sentence idea pretty unrealistic.  You are assuming
> that there will be wide support for tough restrictions on crypto.  This is
> not currently the case and I doubt it would ever get to this point.

Yes, I am assuming that the Four Horsemen scenario would stimulate strong
public support for extraordinarily tough restrictions on crypto.

Yes, I doubt it would ever get to this point because cryptoanarchy will
be far less dramatic than many people believe.  It may cause dramatic
changes, but they will be subtle and gradual, like the Net's influence.

For instance, I don't think Ruby Ridge would ever have been an issue
raised in Congress if it hadn't been for the Internet.  This is a subtle
and positive change, but most people hardly noticed the effect of the Net.

The way in which the agenda is set has moved out of New York and Washington.
Strong cryptography promotes this because it enables people to discuss
issues which are important to them without fear of retribution.

> Not very many people are currently supporting any life sentence for anyone
> who is in possession of explosives, despite the increase in terrorist
> activity.  Gun-control advocates aren't supporting laws that will give a life
> sentence to anyone who owns a gun.  Given that many people who believe in
> gun-control and tagants in explosives are against GAK, why do you think there
> will be such a revolt against strong crypto?

I don't think that there will be a strong revolt against crypto.  From the
point of view of the GAKers that's a problem.  That is why they have to
act before the public discovers it's an asset, not a liability.

But, if the GAKers are right about the Four Horsemen scenario (which
I doubt they believe themselves) there would be great public support
for drastic measures and these measures could be quite effective.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Thu Nov  7 23:08:36 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 23:08:36 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b13aea8881314fb@[192.0.2.1]>


At 8:48 PM 11/7/1996, Timothy C. May wrote:
>At 7:20 PM -0800 11/7/96, Peter Hendrickson wrote:
>...
>> I cannot speak for the GAK advocates.  However, you could establish a
>> system where messages between two countries are encoded with keys
>> which are made available to only the two countries in question.
>>
>> A really simple scheme to do this would be for each country to publish
>> a public key.  You would be required to encrypt the key to the message
>> with the national public key.  That scheme would be fast to deploy.

> Well, this is not what the proposals for GAK involve. If it were _only_ a
> matter of each country requiring GAK for communicatons entering its
> country, then this would be as you describe (not that many of us would
> approve of it).

> What complicates matters is that the U.S. proposes that _it_ keep
> records/escrows of communications with, say, recipients in Libya. Or
> Russia, or Burma, or Tazbekinoya. This means automatically that simplistic
> models ("encrypt to the public key of Tazbekinoya" will not be sufficient).

The U.S. would have to concede this point, and it would be a likely one
for it to concede.  The reasonable Schelling point for inter-governmental
relationships on this matter is for the each government to have access
to whatever communications it likes within its borders but that the
contents of communications between governments is shared.  This could
be set up exactly the same way tax treaties are set up now.

Technically, this is not hard to do.  For instance, I think PGP encrypts
messages for multiple recipients by encrypting the same session key
with each recipient's public key, and then attaching the same IDEA
encrypted ciphertext:

<Session Key with Alice's Public Key><Session Key with Bob's Public Key>
<IDEA encrypted message>

All GAK requires is that you also encrypt the session key with the
government's key:

<Session Key with Alice's Public Key><Session Key with Bob's Public Key>
<Session Key with Eve's Public Key><IDEA encrypted message>

For multiple government access to keys, you encrypt the session key
with the foreign government's key, too:

<Session Key with Alice's Public Key><Session Key with Bob's Public Key>
<Session Key with Eve's Public Key><Session Key with Yvette's Public Key>
<IDEA encrypted message>

>> In a more complicated and secure scheme, you would be given a public key
>> from each country that was unique for your communications at the same
>> time you were granted your international communications license.  The
>> unique public key would be managed by a small group of people.  This
>> means that if it was ever compromised, most message traffic would be
>> secure and those who were responsible would be easy to find.
>>
>> The only way you are at the mercy of the Libyans is if you do business
>> in Libya.

> No, I think you are missing the point. The issue about Libya is that the
> GAK system must make decisions about when and under what conditions it
> accedes to government wishes--for governments we may be hostile toward.

> Or governments may be hostile toward us.

Yes, there is a problem with uncooperative foreign governments who
won't prosecute people who send in non-GAKed messages.  So, we simply
terminate communications with those countries.  It's something the
government wants to do anyway, so it's not a painful pill to swallow.

> As I said in another message, I don't think there can be a unified GAK
> policy. I believe the U.S. Administration hopes to browbeat enough nations
> into compliance such that it--the U.S. government--controls which keys are
> released and which are not. My point about "rogue" governments is that the
> problems of Burma, Libya, etc. will not vanish. Clearly the U.S. government
> will not settle for waiting for Libya or Burma to co-release keys....

The scheme I described above does not require co-release of keys.

It may be the case that the USG is trying to pull a cypherpunk maneuver
on other less sophisticated governments.  That is, they are probably
telling the other governments, "You've got a real problem here.  You
will be overthrown if you don't get our help fast with our sophisticated
encryption technology!  And if you don't let us help, you'll lose most
favored nation status."  By the time other policy makers figure out the
implications of this, it will be too late.  Sad for them, but good
news for the U.S. consumer.

> And nothing in GAK says one gets to communicate with Libyan parties by
> encrypting with the public key of Libya, thus bypassing the U.S. decryption
> capabilities!

Nothing stops you from sending fully encrypted messages to Libya except
your fear of social disgrace and a long prison term.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Thu Nov  7 23:10:15 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 23:10:15 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b12aea8799caeb0@[192.0.2.1]>


At 4:43 PM 11/7/1996, Timothy C. May wrote:
>At 2:24 PM -0800 11/7/96, Peter Hendrickson wrote:
>>> If I understand the reasoning, people beleive it is easier to prevent the
>>> release of strong crypto. techiniques than to remove them once they are
>>> released.
>>
>> The reasons underlying this are what I don't completely understand.
>>
>>> Once a terrorist has strong crypto, why should they stop using it if it
>>> becomes illegal?
>>
>> Use of strong crypto would be a tip off that one is a terrorist.
>>
>> If strong cryptography were unpopular and highly illegal, very few
>> people would be using it.  This makes it easy to identify suspects.
>
> * Identification of high-entropy traffic (putatively: encrypted traffic)
> would require extensive surveillance, tapping, and whatnot. The
> infrastructure for this does not exist, and would cost an enormous amount
> to deploy.

This could be financed by taxing routers, computers, modems, leased
lines, and the like.  The fraction of the total cost of communications
equipment would be minimal.

> * (This is why so many of us want a crackdown on crypto delayed for as long
> as possible: every year that passes means more networks, more intranets,
> more channels, more modes, etc. Satellites, fibers, etc.)

But, in the face of near unanimous belief that strong cryptography must
be stopped, this would not matter.  Most of the operators of this
equipment would be eager to help.

> * High-entropy traffic does not mean encryption, either. And encrypted
> traffic can be twiddled to look like lower-entropy traffic (and I don't
> even mean steganography, I mean adjusting message statistics).

I'm not sure I entirely understand this, but I am as skeptical of
this as I am of reasonably high bandwidth stegonography operated
over several years.  I think this is a real hard problem, especially
if 100% accuracy is not required.

> * Once crypto has become widespread, and is built into mailers, browsers,
> etc., there will be many people already using those old mailers and
> browsers. Throwing Mom and Pop in jail because they forgot to turn off the
> PGP mode in Eudora 4.0 or Netscape 5.0 is not going to go over well, even
> in an era of supposed "zero-tolerance." (And California and Arizona just
> voted to effectively decriminalize pot..."medical use of encryption" on the
> 2005 ballot?)

You are proposing a likely scenario: large numbers of people think there's
nothing wrong with a little encryption now and then.  But, that is not
the scenario I am discussing.  I am discussing the Four Horsemen scenario
where terrible things are enabled by the wide deployment of strong
cryptography.

Most of us would accept greater surveillance and some restrictions of
our liberties if we believed that our lives and fortunes were endangered.

In this environment, you might have a three month grace period for
people to change to legitimate tools.  Then the police would probably
practice a certain amount of discretion.  If they catch Mom or Pop
with a pre-ban crypto program, they'll bring them in and give them
a good talking to, and then let them go.

After a year or two you prosecute.  Mom and Pop will get with the program.

Violators will be seen as being quite irresponsible, regardless of age.

> * Steganography. Entire volumes can be written about this. I believe I was
> the first to propose, in a 1988-89 series of articles on sci.crypt, the use
> of LSBs in image and sound files to transmit huge amounts of information,
> with detection very difficult. As I told Kevin Kelley--reported in his
> "Whole Earth Review" article and in his excellent "Out of Control" book--a
> single DAT tape of a musical recording can easily carry 150-200 MB of
> "message" just in the LSBs!

I strongly suspect that there are patterns in how sensors function
and in real tapes.  They may be subtle.  The government need not reveal
any particular knowledge of these patterns.  All they have to do is
set up a series of labs, each of which is expert in one kind of known
pattern.  When studying a suspect's communications - or tape - the
information gets passed through these labs.  If any of the labs flags
the data as suspicious, a search warrant is issued.  The prosecution
is then based on evidence that the search warrant turned up so the
stego need never be introduced into court.

> Unless all tapes are checked at the border--and what are live tapes, with
> lots of noise in the bottom few bits of each word--to be compared against?
> The mind boggles at the task.

There's no reason why we have to allow live tapes to cross borders
without some questioning and explanations.  Iran did this for many
years when they were trying to keep the Ayatollah's speeches out.
It didn't work, of course, but it did not have popular support, either.

> * "Legitimate needs." The whole notion Peter raises of banning cryptography
> is fraught with problems. Are businesses to be told that all communications
> are to be in the clear? Or is Peter's point that some form of GAK will be
> used?

My point is that the government can do whatever it needs to do if there
is strong public support.  If it is too expensive to decrypt even
GAK'ed communications, then it may be made illegal to encrypt anything.

I am inclined to think that even in the Four Horsemen scenario, the
government would prefer GAK'ed communications because it gives them
greater leverage.  People speak more freely when they think not everybody
can hear what they are saying.

Somebody brought up the Catholic church's custom of confessionals
a few weeks ago and suggested that it was a powerful political
tool.  (Sorry I can't remember who said this.)  I am sure this
is the case.  The priests don't even have to break their vows of
secrecy for this to be the case - they simply summarize the results.

Had the early Christian custom of public confessional been followed,
the Church would have had far less political power.  Of course, once
somebody has confessed deep secrets to you for years, they will be
reluctant to push their luck to far when opposing you.

> (If the latter, then of course we are back to an even better form of
> "stego" than stego itself: superencrypt before using GAK. Unless the
> government samples packets randomly and does what they say they will do to
> open a GAKked packet--e.g., get a court order, go to the escrow key
> holders, etc.--then how will they know if a message is superencrypted? And
> what if a GAKked message contains conventional _codes_? Are shorthand codes
> such as business have long used--"The rain in Rome is warm this month"--to
> be illegal?)

There is no reason at all to assume that the government will get warrants.
For instance, maybe a warrant only applies to people and not to machines.
So, the court could decide - if it were so inclined - that it was not
a violation of the Bill of Rights to automatically scan messages for
suspicious looking material so long as the material itself was not
revealed without a warrant.  Then the results obtained could be used
to justify a warrant, reading of the material by human agents, and
the further issue of more warrants.  To make this convenient they could
even keep a judge in the basement.

> * The point being that "rogue crypto" (terrorists, crypto anarchists,
> freedom fighters) gets lost on the blizzard of other uses. And shutting
> down all crypto means shutting down business use of crypto to protect
> secrets, and probably means an end to digital commerce.

No, GAK does not mean an end to digital commerce or an end to secure
business communications.  It just means that you have to register
with the government for a cryptography license which gives you a
unique public key to use to encrypt your keys for the government's
use.  If the license costs $1000 for ten years that should cover
the costs.  Companies which are terribly worried about compromise
of the government secret key could purchase many of them frequently
to reduce the damage.

(Earlier I said something about GAK harming Net commerce.  It does,
but not irreparably.  It delays its onset and increases its cost.)

> (This is another reason we want to delay action on crypto for as long as
> possible: make encrypted communications so widespread in commerce that to
> pull the plug would mean a financial calamity.)

GAK does not require anybody to pull the plug.  It could be implemented
as an add-on to PGP with extraordinary ease.  PGP (Tim knows this, this
is for others) currently encrypts the session key with the recipients
public key.  You would just have to extend this to also encrypt the
session key with the government key, maybe one you purchase for your
own communications.

> * Intent. It's hard to imagine someone being imprisoned for using
> cryptography, except perhaps in wartime conditions. I may be wrong. Also,
> there are deep Constitutional issues we haven't been much discussing.

If the Four Horsemen scenario were correct, then it is easy to envision
strong public support for the crime of practicing unlicensed cryptography.
If I believed that I might get shot if we didn't have such restrictions,
I would be might inclined to support such laws myself.

The Constitution can be amended, and Judges tend to be compliant when
there is a national consensus and when they want to make very sure that
nobody is using Assassination Politics to put them in the crosshairs.

> * Offshore sites. Even if U.S. citizen-units are proscribed from using
> crypto--a hard thing to do--many crypto-anarchic markets will flourish
> overseas. (If communication with offshore persons or sites is allowed, all
> sorts of things can be done. If such communication is banned, this means a
> profound change in the American system.) [I have not fleshed out the
> arguments here, adequately, so don't focus on this point to rebut the rest
> of my arguments, please.]

Yes, I agree with this.  In many other countries they are going to be
simply too disorganized to outlaw strong crypto.  If the Four Horsemen
scenario is correct, these societies will dissolve into Hell.  Sad,
for them!  The USG may see this as positive in terms of its hegemonic
desires.

But, this does affect the American situation.  Strong border controls
would have to be in place to hamper efforts to bring troublesome
technologies here and to prevent the importation of assassins.

> In another post, Peter posits a condition where people are appalled at the
> implications of crypto and there is no popular support for it. But is he
> implyiung that neighbors will burst into the homes of others to ferret out
> crypto. I doubt this vigilantism will ever happen.

I also doubt that it will happen because it will turn out that
cryptoanarchy is basically a positive development.  Even in the Four
Horsemen scenario, I think it unlikely that vigilantism will be
necessary.  Neighbors will simply inform on their "nerdy" neighbors
and collect that $50,000 reward and feel they did good by doing it.
Search warrants will take care of the rest.

However, I could imagine vigilantism developing if unlicensed cryptography
became sufficiently unpopular.  Certain crimes are seen as so offensive
that many people would be delighted to take the law into their own hands.

There was a border incident during the Second World War between Switzerland
and Germany.  Switzerland ("The Little Porcupine", as the Germans would
have it) was attempting to stay out of the war.  Refugees from Germany
were returned if they were found.  This resulted in some ugly handoff
scenes at the border.  In one of them, an SS man (I believe) who was taking
custody of a family had the poor taste to throw a baby on the ground
as hard as he could.  The Swiss border guard expressed his disapproval
of the man's poor manners by shooting him dead on the spot.

This caused a major diplomatic crisis for Switzerland.

It is interesting to speculate on whether the Swiss border guard did
the right thing, but few people will fail to have a strong visceral
reaction in his favor.  People just don't like seeing children come
to harm.

If unlicensed cryptography were seen as an equivalently heinous crime, you
might well see vigilantism come into the picture.

> (My gun example is apropos. I believe we are fast approaching a point where
> most people want guns outlawed. But it won't happen, as there are not
> enough cops and military people willing to raid private homes in
> contravention of the Bill of Rights and at personal risk to
> themselves....and so it won't happen.

I should point out that when I say "strong public support" I mean something
on the scale of how people feel about murder, not 51% of the voters.
The same thing is true of guns.  Sure, a majority of the people might
vote for gun control, but the gunnies feel so strongly about it and
are so stubborn and so well organized that it isn't really worth the
trouble.

> Once crypto is deeply intertwined into the fabric of life and commerce,
> it'll be too late to pull the plug.

I think this is true, but only because it will be clear that the benefits
of GAK (if there are any) would clearly not be worth the effort.

Peter Hendrickson
ph at netcom.com







From dougr at skypoint-gw.globelle.com  Thu Nov  7 23:21:43 1996
From: dougr at skypoint-gw.globelle.com (Douglas B. Renner)
Date: Thu, 7 Nov 1996 23:21:43 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b11aea81d287cbd@[192.0.2.1]>
Message-ID: <Pine.3.89.9611080553.C72-0100000@skypoint-gw.globelle.com>


[snip]
> The key here is that in these cases the practice has become widely
> accepted.  By widely accepted, I mean that very significant numbers of
> people believe that there is nothing all that wrong with the practice.
> Those who disagree do not feel it is worth the trouble to put a stop
> to it.
[snip]

While this might be the case, I don't believe it is "key".

Also, I'm not sure why you used this as a counterpoint.  Are you saying 
that there are not a significant number of people who think there is 
nothing wrong with sending truly private messages?  I would disagree 
with such an assertion based on my own converastions with crypto-ignorant 
aquaintances.  Most people either trust the gov't implicitly or haven't 
thought about it or (erroneously) consider it irrelevant - but deep down 
they definitely value their privacy.

Take the flip side for example:  Quite a few people think it "wrong" to 
receive radio signals in the 800-900 Mhz band; and laws have been passed 
regulating scanners with the intention of inhibiting this practice.  
However the practice continues to proliferate.  This genie is also out of 
the bottle, and it has the effect of creating demand for crypto.

(This is actually yet another method in which the battle for crypto can 
be fought.)

Doug





From nobody at cypherpunks.ca  Thu Nov  7 23:45:55 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 7 Nov 1996 23:45:55 -0800 (PST)
Subject: Any additional information on Kata, TX. decision??
Message-ID: <199611080730.XAA07879@abraham.cs.berkeley.edu>


Sombody posted some information about Child Protective Services interrogating children without parental permission, etc and the decision that followed being upheld in favor of the state.

would you be so kind as to provide the entire available clip or a URL.






From tcmay at got.net  Thu Nov  7 23:59:19 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 7 Nov 1996 23:59:19 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b12aea8799caeb0@[192.0.2.1]>
Message-ID: <v03007806aea897a69b26@[207.167.93.63]>


At 11:06 PM -0800 11/7/96, Peter Hendrickson wrote:

>Somebody brought up the Catholic church's custom of confessionals
>a few weeks ago and suggested that it was a powerful political
>tool.  (Sorry I can't remember who said this.)  I am sure this

That was me, actually. The confessionals and the priests acted as an
incredibly powerful means for the Church to know what the prole were up to,
who was associating with whom, and so on. And the Church had their own
communications systems. Truly a virtual community, regardless of the
political region they found themselves in.

(I would comment on the rest of Peter's points, but he has gone from
near-silence over the past six months that I have known him (and he was
presumably on the list before I met him at a CP meeting last spring....) to
posting dozens of long messages in one day, so I can't keep up.)

I don't believe it is as easy to differentiate between unencrypted and
encrypted traffic as Peter believes, and I definitely don't believe the
United States could stand--in the form it is in now, Consitutionally--if
forms of language and speech were to be banned and violators of the ban
were to receive harsh treatments.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From unicorn at schloss.li  Fri Nov  8 00:02:50 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Fri, 8 Nov 1996 00:02:50 -0800 (PST)
Subject: Law and Libel - Or why I use a nym.
In-Reply-To: <199611072010.MAA11330@netcom6.netcom.com>
Message-ID: <Pine.SUN.3.94.961108023127.17279F-100000@polaris>


On Thu, 7 Nov 1996, Vladimir Z. Nuri wrote:

> TCM
> >(By the way, I include my ideological usual-ally Black Unicorn on this
> >point. I'm chagrinned that he so quickly and on so many issues has made
> >statements about filing lawsuits--for defamation, for "false advertising"
> >(!!!!), and so on. Not only is this counter to the views many of us hold--I
> >think I sense the zeitgeist of the list--but it is supremely ineffective,
> >as none of these threatened lawsuits ever seem to materialize, thankfully.
> >Using the threat of a lawsuit as a rhetorical debating strategy is not
> >effective.)
> 
> heh, I find Unicorn's zeal to sue anyone for anything quite comical
> and suggestive of a high degree of immaturity.

How ever you may find it, it is the method of choice in the United States
for resolving disputes.  As for my zeal to sue, whom have I sued?  I've
entered into a settlement for a copyright dispute with one list member,
who has since found other outlets for spouting non-sensical rants..

I find that people who are being unreasonable often stop when they realize
a cost might be attached.  It quickly ends the reign of the spoiled brat 
when daddy might have to hire an attorney.  If am I to be demonized for
using the system, so be it.  Until it is changed I too live in the real
world.  As for debating strategy, it has been long clear that no debating
strategy, effective or not, will have any impact on the typical, and
increasingly common, cypherpunks "Loon."

I dislike the legal system in the United States.  If it can, however, be
used to deter loons from spouting absolute nonsense where no other method
has been effective (I believe that both the recent crypto snake oil and
totally contentless rants of a specific poster are a good example) then so
be it.

> but as to your point, the recent Forbes article on Bidzos makes it
> clear that weilding a legal sword alone can be used quite
> shrewdly, strategically, and effectively. 
> the article is quite interesting in how it suggests
> RSA was largely built on threatening to sue people. of course this
> is slightly skewed, because RSA has done things like software
> development that the article didn't mention.

I think many people fail to realize that the right to sue is in many ways
an entitlement.  It is allocated to those who government wishes to protect
and can be wielded because it is the government's wish that a certain
class of individual be so empowered.  In many cases, liberal trash about 
corporations being the only entities who can afford good legal help
aside, it is the only recourse for the average individual.

If the threat to sue is too powerful for your taste, write your
congressman.  It is a tool, no more no less than crypto.  It may not be
the nicest thing in the world to threaten to sue someone, but I have never
threatened anyone with legal recourse who was not given an opportunity to
correct their conduct first.  I've also not threatened anyone with legal
action when no viable case existed.

> actually the lesson seems to be that if you have a software
> patent, the law can be your friend (esp. if you are a business), 
> but if you want to sue someone who calls you names, the law is not very
> accommodating. sorry, Unicorn, maybe you can lobby to fix this
> little deficiency. <g>

1> I don't do lobby work.
2> I don't believe that personal insults fall within the jursidiction of
government (nor should they).

Statements which, on the other hand, cause actual harm to the reputation
of an individual, and where said individual can substantiate that harm,
are, and in my view should be, actionable.  Take note, "Vlad" and
"Dimitri," you stray very close to this boundary.  I've noticed, despite
your bluster, that personal insults from you directed to a specific
cypherpunk have much ebbed since a legal fund began to emerge.

Look folks, you cant tell someone that the neighborhood doctor is on
herion and expect nothing to happen.

You can't tell consumers that your crypto product is absolutely secure
when it isn't and expect nothing to happen.

I submit, cypherpunks, that in this day and age of archived mailing lists
and instant key word searches, suits for defamation and slander will
become MORE important, not less.  Three years from today a prospective
customer of one of you might call up the Alta Vista page and find some
blather about you being on Lithium and decide to give his contract to Bill
instead.  Silly?  Perhaps to the list member who has the context of the
discussion from which to judge the statement.  Not necessarily to the
prospective client, who may not know any better.

Not everyone has been so prudent to protect themselves with a pseudonym
such as I have.  Unfortunate in my view.  I don't need to resort to the
legal system to protect my reputation.  This is by design.  This is as
cypherpunks would have it, or so I would hope.

Mr. May quite rightly points out that resort to the legal system is
somewhat inconsistent with the creed of cypherpunks (if such a thing
exists).  Technology should be used instead.  On this point you will get
no argument from me, I practice just this policy.  Unfortunately, last I
checked, there are perhaps 3 active nyms on the list (Does Pr0duct
Cypher even exist anymore?) and filtering is hardly as common as it should
be.  (At least, judging from the number of complaints about "Vlad" and his
ilk).

Until the rest of you adopt nyms the legal system is all you've got.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Fri Nov  8 00:07:58 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Fri, 8 Nov 1996 00:07:58 -0800 (PST)
Subject: Pseudo-law on the list and libel
In-Reply-To: <v03007800aea7c8fe63ab@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.961108030252.17279G-100000@polaris>


> At 9:27 PM -0600 11/6/96, Jim Choate wrote:
> >Hi all,
> >
> >There is one important legal aspect which the operator of the Cypherpunks
> >mailing list has opened themselves up for with this action. In short they
> >have now opened themselves up for defamation and liable suites by imposing
> >an editorial policy on the contents of this list (1).

Disagree.

> >
> >This opens up the potential, for example, for Tim May to sue the operator of
> >the Cypherpunks mailing list now for posts from users (even anonymous ones)
> >which defame or otherwise liable his character, reputation, or ability to
> >pursue income in his chosen field. In short the operators of the list
> >becomes publishers and distributors of the material. It is the legal
> >difference between a bookstore and a book publisher.

There is a very distinct difference between ejecting disruptive influences
and conducting one's self as a publisher and distributer.

Though these are issues which will end up before a jury (should it ever
get that far) the fact that the list owner might have booted off a
disruptive entity after repeated warnings is hardly going to meet the
threshold to throw Mr. Gilmore into the catagory of "publisher."

> Pseudo-law on this list is really getting out of hand.

We need more lawyers.  That should replace the pseudo-law with real law.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Fri Nov  8 00:14:29 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Fri, 8 Nov 1996 00:14:29 -0800 (PST)
Subject: RICO - (Was: Group order for Secret Power)
In-Reply-To: <199611080145.RAA20080@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961108030919.17279J-100000@polaris>


On Thu, 7 Nov 1996, jim bell wrote:

> At 04:43 PM 11/7/96 -0500, Black Unicorn wrote:
> 
> >
> >I cover RICO because it's a popular prosecution tool,
> 
> "popular"?  Well, only in a rather stilted point of view!


No, it is popular.  It is the most used federal scheme for large scale
prosecutions.  It, aside from those critical of government power to the
degree cypherpunks do, a minority by any measure, is much commended for
its flexibility and convication successes.

> > because it is 
> >the predominate vehicle for seizure and forfeiture in federal cases 
> >(of which remailer and encryption issues are likely to arouse) and 
> >because it represents a codification of the approach most courts take 
> >when dealing with seizure cases.  In a very real way, RICO represents 
> >the outer extremes of seizure cases in the United States, and is 
> >probably, given the complexity of many state laws, the simplest way 
> >to "grab" something.  It also has civil provisions which make 
> >"private prosecutors" out of you and me.
> 
> But the odd thing is, the one entity we can't seem to attack using RICO is 
> the Federal government, and probably most other governments levels.  Looked 
> at purely objectively, it should be easy to demonstrate that the Federal 
> government (and its representatives) have engaged in plenty of crime as a 
> pattern of activity, and certainly enough to rise to the level of the 
> standards of RICO. (It takes only a few instances of such crime satisfy the 
> standards of RICO.)

Incorrect.  Employees of the Federal Government can be, and have been,
prosecuted under RICO.  Many political corruption cases involve some RICO
aspects.  This should make Mr. Bell a big fan of the statute, unless he
just likes the flash of murdering officials instead.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From gbroiles at netbox.com  Fri Nov  8 00:20:50 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Fri, 8 Nov 1996 00:20:50 -0800 (PST)
Subject: criminalizing crypto use
Message-ID: <3.0b28.32.19961108001437.00701700@mail.io.com>


At 04:43 PM 11/7/96 -0800, Tim May wrote:

>* Intent. It's hard to imagine someone being imprisoned for using
>cryptography, except perhaps in wartime conditions. I may be wrong. Also,
>there are deep Constitutional issues we haven't been much discussing.

One change I suspect we'll see sooner or later on the Federal side is an
amendment of the Sentencing Guidelines to include an upward adjustment for
the use of encryption to frustrate law enforcement efforts. This wouldn't
be a conviction for using crypto, but would result in harsher penalties for
people convicted of other crimes where they happened to use crypto in a way
connected with the crime. (Keeping child porn or records of a forbidden
business on an encrypted disk volume, using PGPfone to conspire across long
distances, etc.)

As an example, less than a year ago, Congress directed the Sentencing
Commission (a sub-branch of the federal Judiciary) to amend the guidelines
to enhance the penalties by at least two levels for using a computer to
advertise or "ship" a visual depiction of child porn. Pub. L. 104-71, Sec.
2 (12/23/95). 

Sentences for felony and some misdemeanor convictions in Federal court are
usually based upon a payoff matrix, where a crime is assigned a "base
offense level" (higher levels indicate more serious crimes), which is then
adjusted upwards for aggravating factors (like the use of a gun, or an
elderly victim, or prior convictions) and mitigating factors (like
admission of responsibility or cooperating with law enforcement) to arrive
at a final score, which indicates a relatively narrow range of potential
sentences. Adding an enhancement for crypto use seems like an easy way for
legislators to "get tough on crypto" while avoiding Constitutional issues.
(It also strikes me as pointless; I have yet to run across anyone who
doesn't work in criminal law (or isn't in a federal pen) who seems to have
any idea that the sentencing guidelines exist, much less take them into
account when planning crimes. They're pretty complex.) 

I feel a little wary about saying this because I haven't heard anyone
mention it before. I have no secret insider knowledge. But I think a step
like this is probably transparent to the folks in the Justice Dept who work
on computer crime and crypto stuff, so I'm probably not giving anyone any
ideas. I hope not. Federal court is tough enough for defendants already. 

Folks who want to know more about the Sentencing Guidelines might take a
look at <http://www.ussc.gov>. They've done a nice job of putting
everything on the web, so you can scratch your head in puzzlement at home,
instead of at the law library. Many states also use a similar system for
sentencing in criminal cases, but they may not be crypto-savvy enough to
think of adding extra penalties for crypto use. 


--
Greg Broiles                | "In this court, appellant and respondent are the
gbroiles at netbox.com         |  same person. Each party has filed a brief."
http://www.io.com/~gbroiles |  Lodi v. Lodi, 173 Cal.App.3d 628, 219 Cal.
                            |  Rptr. 116 (3rd Dist, 1985)






From mccoy at communities.com  Fri Nov  8 00:26:46 1996
From: mccoy at communities.com (Jim McCoy)
Date: Fri, 8 Nov 1996 00:26:46 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea84b33c6fd@[192.0.2.1]>
Message-ID: <v03007804aea89bd39b78@[205.162.51.35]>



Peter Hendrickson writes:
[...]
>> Get a warrant, search my system, find nothing but a bunch of applications
>> and a collection of risque (but definitely legal) pictures which I exchange
>> with a few friends.  You may suspect that when the images are concatenated
>> in a particular way the low-order bits form a stego filesystem but no one
>> will be able to prove it in court.
>
>Are you concatenating these images by hand?  If so, the level of entropy
>is probably low enough to recover the information through brute force
>methods or you are hiding a very small amount of information.

I hide the relatively small amount of data within a very large amount of
data which makes it impossible to find.  Data from analog sources, like
the "real world" (images, sounds, etc) is noisy.  This is a fact of life.
Because this data is noisy I can hide information in the noise.  As long
as the information I am hiding maintains the same statistical properties
of noise it is impossible to pull the information out of the data file unless
you have the key.  If I am paranoid enough I can make this key impossible
to discover without a breakthrough in factoring.  This is the essence of
steganography and the nature of signal and noise are fundemental principles
of information theory.  No legislative action or administrative decision
can change the laws of mathematics, this fact alone is why the crypto genie
is forever out of the bottle.

>If you are not doing it by hand, you own terrorist software and will pay
>the price.

Ah yes, terrorist programs like cat and perl and operating systems like
Linux which contain a loopback filesystem that I can hook a perl
interpreter into at compile-time (which is enough for me to rewrite the
program from scratch each time if necessary, unless things like math
libraries are also outlawed on computers :)  I think that the crypto
concentration camps are going to be very crowded places.

jim, who answers to a higher law: the laws of mathematics...








From ph at netcom.com  Fri Nov  8 00:27:57 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 00:27:57 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b18aea892cd9a1b@[192.0.2.1]>


At 9:52 PM 11/7/1996, Huge Cajones Remailer wrote:
> Look around at all the laws in a community that are unenforceable and
> largely ignored by significant sections of the community. Taxes are a
> classic with many people receiving cash and not declaring it..I suppose
> you could say they just opt not to pay taxes while law abiders (to varying
> degrees) opt in to pay tax.

I agree.  It would be necessary to marshal widespread public support
to eliminate strong crypto.  If the Four Horsemen scenario is
available, this support would be available.

> It is estimated here where all dogs, for example, are required to be
> registered, that only 40 percent are in fact registered (ie pay the dog
> tax). The authorities simply do not, with their current technology, have
> the ability or political will to break down everyone's front door and
> complete house to house dog searches then deal with court cases and bring
> eveidence as to the actual owner of the animal where this is a relevant
> matter to be proved.

Sure, it's not really worth the effort.  How much effort will you
go to prevent your children from being kidnapped?

> Consider the difficulty of actually outlawing say PGP and making it
> stick. To ban its use on a network compliance measures such as routine
> traffic scanning would be implimented. So users may say resort to direct
> modem to modem systems thus forcing authorities to routinely tap
> telephone calls, identify modem calls, and analyse these calls. The
> authorities start to use scarce resources provided by those members of
> the public that choose to pay taxes to them.

In the case of a largely compliant public, this isn't all that expensive.

> The authorities have to spend even more resources on publicity and scams
> to align privacy advocates with terrorists. Some privacy advocates may
> even become terrorists who before didn't really care for such tactics.

This is a highly likely scenario.  But in the scenarios proposed by
the GAKers, even the privacy advocates would be reluctant to defend
crypto.

> Assume the snail mail route is effectively sqaushed what then? Well you
> could voice call your friend and read the encyphered text to them over
> the phone and they could then run it through pgp and decrypt it. If the
> authorities effectively made this too costly (in terms of risk etc) then
> you could always just jump on a plane and tell them the message
> personally or send someone else to do that for you.

Gee, I hope you don't have to send many messages if you have to travel
across the country to deliver them.  How will you operate an anonymous
business this way?  It doesn't sound like cryptoanarchy to mean.

> The costs of compliance increase as the authorities take measures to put
> the genie back in the bottle. Stealth versions of popular programs get
> released, and further technological advances are made so that the problem
> becomes greater with respect to compliance as do the costs to the
> taxpayer of ensuring compliance. Encrypted data that cannot be easily
> distinguished form noise would require routine analysis and attempted
> cracking of every bit of data transmitted..a task that would soon bring
> even the great US economy to its knees assuming the people didn't put a
> stop to the madness before it reached that point.

I think people probably would put a stop to the madness.  But, under
the Four Horsemen scenario, most people, even Mr. Huge Cajones Remailer,
would not consider it to be madness.

> Just as an aside, I am sure the various spook angencies in the 'free
> world' are well aware of these issues and no doubt other issues I have
> not imagined and such considerations have played a part in so far stalling
> an outright ban on the use of effective encryption programs and devices.

This is interesting.  I would be quite interested to see real evidence
that various spook agencies have been foot dragging on the GAKers plans.

> There are always costs to a government in the reduction in freedoms, and
> the ultimate cost to any particular government is that it may stir the
> beast so much that it awakens and takes away that governments authority
> whether by democratic means or otherwise.

Yes, this is correct.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Fri Nov  8 00:28:03 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 00:28:03 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b19aea8952827f5@[192.0.2.1]>


At 9:11 PM 11/7/1996, Timothy C. May wrote:
>At 5:16 PM -0800 11/7/96, Peter Hendrickson wrote:
>
>> While the term "police state" is not well defined, I do not believe it
>> applies to what I am describing.  (There is a risk that it could develop,
>> however.)

>> Laws forbidding the use of cryptography have ominous free speech
>> implications as we would be attempting to outlaw concealed meaning.
>> Concealed meaning can be pretty well concealed and that makes
>> for difficult and dangerous legal questions.

> If the only means of detection is raiding homes to inspect them for
> contraband--something not even done during the height of the anti-drug
> hysteria, at least not on a regular basis--then I stand by my comment that
> stopping private use of cryptography requires a police state such as the
> world has not yet seen.

Perhaps initially, during the state of emergency declared by our heroic
and courageous President, some unfortunate abuses of authority may occur.
But, after the first 90% of the terrorists are incarcerated, we will
have the luxury of returning to an orderly legal system replete with
search warrants.

Keep in mind that the drug laws face a large number of dedicated
opponents who will go to great trouble to evade the laws.  I suspect
that these people are in the majority, although I don't know for sure.

I find it hard to believe that any sizeable number of people would
find the Four Horsemen scenario tolerable.

>> On the other hand, the action of running a program which uses forbidden
>> crypto systems is pretty unambiguous and could be effectively isolated
>> from other kinds of speech.

> Oh? How? If the output of such a program looks like quantization or Johnson
> noise in a recording, then how could this form of "speech" be effectively
> isolated?

Sorry, I wasn't very clear.  What I mean is that once you've been
caught red handed with a stego program, the game is up.  That is, I think
it is possible to get ideas of who is operating illegally from interceptions.
(I may well be wrong.)  But, the actual evidence is easily collected
off your computer.  A program which performs encryption or stego is
not very ambiguous about what it is doing.

>> Many kinds of speech are already illegal.  For instance, I am not allowed
>> to copy somebody else's speech because it would violate copyright laws.
>> I am not allowed to break verbal contracts.  In essence, I am punished
>> later for the something I said if I am forced to keep my word.  But,
>> this does not constitute a police state.

> Careful! Some of your examples are not examples of _prohibited_ speech, but
> are instead examples of _actionable_ speech. The Constitution is fairly
> clear that the government cannot be a filter or censor for speech.

> Hence, requirements that people speak in English, or in some other language
> that the government can understand, is not required. Not even in a criminal
> case, as a matter of fact. (If I speak only Skansko-Bravatlian, and am the
> only such speaker in the world, I cannot be compelled to study English or
> even Spanish prior to a trial.)

> Requiring people to speak or write in a language that is understandable to
> some GS-10 at Fort Meade would appear to violate the First Amendment in a
> rather serious way. As encrypted speech is really just another language
> (tell me I'm wrong on this, anyone), encrypted speech appears to be fully
> protected by the First Amendment, which says that Congress shall make no
> law about speech, blah blah.

Under the right legal environment, and we are not far from it, none
of this matters.  The Courts can be quite liberal when they think there
is a good reason for it.  Take seating in restaurants.  If you read
the Constitution you won't find where the Federal Government is empowered
to regulate this.  The Courts decided that the Commerce Clause was
a reasonable justification.  This argument resembles the peace of God.

All the Justices have to say is that the Constitution does not specify
private speech, just public speech.  The same way it doesn't say
"assault rifle" it says "arms".  The same way it doesn't say "commercial
speech" just "speech".

The Constitution will likely be a powerful support for cryptoanarchy,
but only because I doubt widespread opposition to strong cryptography
will arise.

>> What I am proposing would not require an end to fair trials or warrants
>> or really any other legal customs we have.

> I strongly disagree. Prosecution would involve making certain _forms_ of
> speech illegal (not the same thing as the _content_ being illegal, as in
> ordering the kililng of another, or treason, or shouting "Fire!"
> improperly).

But we are not objecting to content!  We don't care what goes inside
the encryption - unless it involves extortion, murder, child pornography,
or weapons data - we care that communication has been limited.  Cryptography
is not a language because nobody can understand it but the recipient.
We simply want the recipient to share with the rest of the class - that
is an independent legal issue from persecution for one's beliefs which
is of course, and thankfully, unconstitutional your Honor.

Or how about this argument: It isn't the encrypted message that we
care about so much, your Honor.  We care that it is evidence that
the perpetrator did commit the illegal act of encrypting his
communications using military-grade technology which is now highly
illegal.

When I say it doesn't really put an end to most legal customs, I mean
that the courts do not have to behave all that capriciously to make
the law stick.  For the most part people know how not to break the
law and the people who are convicted did break it.  Other speech
rights do not immediately dissolve away.  Yes, there is a risk that
they will do so later, but the police state is not required to suppress
cryptoanarchy if there is strong public sentiment supporting it.

> And detection and collection of evidence would almost certainly involve
> illegal searches and seizures.

Not in the presence of wide public support.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Fri Nov  8 00:28:08 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 00:28:08 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b1aaea89d53136e@[192.0.2.1]>


At 9:55 PM 11/7/1996, Timothy C. May wrote:
> "Truly noisy sources" are not at all unusual. Actually, the hard part is
> ever proving a source is _not_ noisy. (There are deep issues involving
> randomness here, and I usually go into the work of Kolmogorov, Chaitin, and
> others at this point. Consult the archives, or see a book on information
> theory.)

Truly, I am out of my depth.  But, I will plunge ahead nonetheless.

I think it is hard to show that a source is noise.  Using only the
signal itself, I believe it is impossible.  That means there may
be patterns which you cannot prove do not exist.  That is surely
less than ideal, especially if you are betting your life on it.

And there are all sorts of ways you can blow your cover.  Maybe
your traffic patterns are sort of odd.  Maybe you are up at odd
hours.  The weakness is stego does not have to be great before
you are put on the suspect list.  If cryptoanarchy is unpopular,
you are in big trouble because the government can afford to watch
you intensively.

> The legal issue is this: can we pass laws and have them upheld by the
> courts which impose severe penalties on people for the supposed crime of
> having in their possession sequences of numbers which cannot be converted
> to meaningful English sentences? I maintain that the Constitution says we
> cannot. Of course, if the Constitution is thrown out, then the old
> Cypherpunk joke may come into play: "Use a random number, go to jail." (An
> Eric Hughes quote, from 1992-3.)

What Tim May maintains may be more reasonable that what the Supreme
Court maintains.  But it's the Supreme Court that will rule.

We have laws which state, in essence, that certain large numbers
cannot be copied legally if they are related to copyrighted executables.

>> In the model I am positing, there would be broad popular support for
>> such policies.

> I think you are assuming a lot.

I think I am, too.  I don't subscribe to the Four Horsemen scenario.

Peter Hendrickson
ph at netcom.com







From stewarts at ix.netcom.com  Fri Nov  8 01:00:44 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Fri, 8 Nov 1996 01:00:44 -0800 (PST)
Subject: Blocking addresses by default
Message-ID: <1.5.4.32.19961108085824.003b5868@popd.ix.netcom.com>


>> With remailer abuse becoming more popular and remailers going down
>> because of complaints, there seems to be some interest in remailer
>> software that will block all email by default and will only pass
>> along email that is explicitly unblocked.

Rich wrote:
>I think this threatens serious security problems for the remailer 
>network in two ways:
>1. You'd create a list of people interested in anonymous information,
>   which could potentially be obtained by police or other armed thugs.
>2. The traffic would go down so substantially that traffic analysis     
>   would be trivial.

Yeah.  If you keep a centralized list, it's too risky.
I've been thinking about how to implement a related approach -
when the mailer receives anonymous mail for you, it sends a message saying
        Subject: Anonymous message #<cookie> 
        Hi!  You've got an anonymous message!  
        Here's how to retrieve it / block future messages / accept all
future....
        <disclaimers, explanations, etc.>
and you can send back the cookie to retrieve the message.
Blocking or accepting also using the cookie, to reduce denial-of-service
and spam attacks.  

This approach is primarily useful for terminal remailers, but if you set up 
the syntax carefully, you can get the things to relay to each other.
It's not particularly useful for posting news, though.
Since it is good for terminal remailers, that may make it less hassle
to run them.



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From stewarts at ix.netcom.com  Fri Nov  8 01:02:31 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Fri, 8 Nov 1996 01:02:31 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <1.5.4.32.19961108085827.003980d8@popd.ix.netcom.com>


To a large extent, it's a volume question - if there's too much
widespread use, it's too hard to control, prevent, or ban later.
If the volumes of traffic and users are low, you can track users.
So the government's working hard to keep volume down, both by
export controls, FUD attacks on Phil, and constant offers to deal,
such as Clipper I, II, III, and IV, all of which both delay widespread use
of real crypto and try to introduce pre-wiretapped crypto instead.

Strong vs. weak crypto isn't the real issue - for most business use,
weak crypto is obviously unacceptable, but strong crypto with GAK
is ok as long as it doesn't interfere with use (and as long as the
government bureaucrats don't sell too many keys.)  After all, any 
corporation, and most businesses, can be forced to keep and produce records
when the government wants them to; a government-held master key
doesn't change their "legitimate" access, only the convenience
of legal and illegal access.  Key Recovery, on the other hand,
implies that you're required to either use GAK or use Weak Crypto,
which is obviously Bad.  Most businesses are far more opposed to things
that make them wait for bureaucratic action in their day-to-day business
than to the privacy issues, and they're more concerned about
control and convenience than the economic rights issues (otherwise
they'd be refusing to pay taxes....)

The government might be able to stop new Netscape versions from
using strong crypto - threatening to confiscate the company's
ill-gotten gains from aiding and abetting money launderers might help,
and threatening to confiscate PCs that use unapproved crypto.
But it's tough to use a widespread threat like that on popular
software once it's out there.

A friend of mine lives in a kleptocracy; the local thugs haven't stolen
his email provider's computer yet, mainly because the hardware
doesn't work very well without software and administrators.
But he's not willing to risk using PGP very often, because the
volume is small enough they can watch everything (they give him
enough trouble occasionally for using his native language on the phone
instead of the local languages.)  And sending stego isn't likely
to be a good solution for a while, since mail volume is low enough
to his remote area that sending lots of scanned photographs
would be a big impact on email costs.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From unicorn at schloss.li  Fri Nov  8 01:03:41 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Fri, 8 Nov 1996 01:03:41 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <Pine.3.89.9611080410.A72-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.SUN.3.94.961108040157.17279K-100000@polaris>


On Fri, 8 Nov 1996, Douglas B. Renner wrote:

> 
> > > I am curious why many people believe this is not true.
> > > 
> > > Peter Hendrickson
> > > ph at netcom.com
> 
> Because it's a technology which is closely tied to human nature.
> 
> Once unleashed, you cannot coax the genie back into the bottle no matter 
> how hard you try.

You know, I've always wondered, how did the genie get in the bottle in the
first place.  Someone must have coaxed him in there.

> 
> Doug
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From enzo at ima.com  Fri Nov  8 01:34:26 1996
From: enzo at ima.com (Enzo Michelangeli)
Date: Fri, 8 Nov 1996 01:34:26 -0800 (PST)
Subject: URG_ent
In-Reply-To: <9611051935.AA04338@spirit.aud.alcatel.com>
Message-ID: <Pine.WNT.3.95.961108172406.-1026703P-100000@stanley.ima.net>


On their ftp site they also have a version using SSL (via EAY's DLL's) 
supporting strong ciphers. The documentation, unfortunately, is very
terse. Otherwise it looks like a nice piece of middleware for implementing
secure TCP relays and tunnels. 

Enzo

On Tue, 5 Nov 1996, Daniel R. Oelke wrote:

> 
> 
> Not to beat up on Medcom - but doesn't this sound like a
> nice DES cracking target?
> 
> > 
> >  "Medcom introduces a "Super Cafe" data encryption product"
> > 
> >     Medcom's latest data encryption product, the Secure Socket 
> >     Relay (SSR), features strong encryption with full key length 
> >     (56-bits DES). A demo version can be downloaded at
> >     http://www.medcom.se/.
> > 
> > 
> ------------------------------------------------------------------
> Dan Oelke                                  Alcatel Network Systems
> droelke at aud.alcatel.com                             Richardson, TX
> 






From jya at pipeline.com  Fri Nov  8 03:06:13 1996
From: jya at pipeline.com (John Young)
Date: Fri, 8 Nov 1996 03:06:13 -0800 (PST)
Subject: WinKrypt
Message-ID: <1.5.4.32.19961108110427.006b006c@pop.pipeline.com>


 "WinKrypt's marriage of highly sophisticated technology -- such
 as the advanced, not-for- export 256-bit GOST encryption
 algorithm contained in the KeyMail program -- with a
 user-friendly interface virtually redefines the PC security
 category," said Syncronys.

 http://www.syncronys.com.







From dougr at skypoint-gw.globelle.com  Fri Nov  8 03:21:45 1996
From: dougr at skypoint-gw.globelle.com (Douglas B. Renner)
Date: Fri, 8 Nov 1996 03:21:45 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <Pine.SUN.3.94.961108040157.17279K-100000@polaris>
Message-ID: <Pine.3.89.9611080907.E72-0100000@skypoint-gw.globelle.com>


On Fri, 8 Nov 1996, Black Unicorn wrote:
> On Fri, 8 Nov 1996, Douglas B. Renner wrote:
> > Once unleashed, you cannot coax the genie back into the bottle no matter 
> > how hard you try.
> 
> You know, I've always wondered, how did the genie get in the bottle in the
> first place.  Someone must have coaxed him in there.

;-))))))

Naw... Just Crypto-Geniesis pure & simple.

-Doug, up late.





From bryce at digicash.com  Fri Nov  8 03:34:15 1996
From: bryce at digicash.com (Bryce)
Date: Fri, 8 Nov 1996 03:34:15 -0800 (PST)
Subject: Need a new word for non-violent-censorship
Message-ID: <199611081134.MAA16008@digicash.com>



-----BEGIN PGP SIGNED MESSAGE-----

I often have the same difficulty when speaking with
Objectivists.  They define "censorship" as "silencing the
speaker by force", which is a fine and useful definition, but
suppose we want to talk about a similar phenomenon which does
not involve force?  For example, the magnate who owns all the
newspapers, television stations, bookstores and movie theatres
in a small town decides that never again will homosexuality be
publically mentioned in any of these venues.  Force?  No.
"Censorship"?  Not by _that_ definition, but what _is_ it?


We need a new word, or else we have to continue using
"censorship" to mean both of those things.  I sometimes use
"violent-censorship" and "non-violent-censorship" in
conversation.


As long as we continue to try to overload "censorship" we will
waste much of our dialogue energy on semantic quibbling or pure
misunderstanding.


Regards,

Zooko



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMoMarEjbHy8sKZitAQGzZQL+OuobcXVKg8bU1FIgdIZl/0i2QZ/5McmC
W//HUMtT+5D4sejWstVqkk2taB+jD9ctyKtgFIjIXOJdddsAAbd/Tbjr0TjuCMC4
FmagUDtrDD3tQOwiIXnb2rDit+GrfGPB
=X6N3
-----END PGP SIGNATURE-----





From nobody at replay.com  Fri Nov  8 03:46:52 1996
From: nobody at replay.com (Anonymous)
Date: Fri, 8 Nov 1996 03:46:52 -0800 (PST)
Subject: Vulis profile
In-Reply-To: <199611060457.FAA26857@basement.replay.com>
Message-ID: <199611081146.MAA22330@basement.replay.com>


> Of course most of his net.bile is spilled over his fellow 
> XSoviets, particularly of Jewish origin (such as Michael 
> Verbitsky, Boris Veytsman, Vlad Rutenberg or myself, 

So Timmy May is a Russian emigre Jew?






From jimbell at pacifier.com  Fri Nov  8 03:56:32 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 8 Nov 1996 03:56:32 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611081155.DAA25589@mail.pacifier.com>


At 06:25 PM 11/7/96 -0800, Peter Hendrickson wrote:
>At 5:12 PM 11/7/1996, jim bell wrote:
>> BTW, some of your confusion is probably based is the false assumptions in
>> your last sentence above.  "..wide use of strong cryptography results in
>> widely unpopular activities such as sarin attacks and political
>> assassinations."
>
>No, you're confused, but it's probably my fault.  We don't really know
>what cryptoanarchy will be like.  We all have ideas about it.  Some
>we share and some we don't.  But we won't really know until we see it
>happen.

Well, uh, with all due respect, but while it's obviously true that we won't 
know EXACTLY how it'll be, that doesn't mean that no portion of we imagine 
will come true.  This is particularly true on the big issues.   For example, 
you hypothesized that "wide use of strong cryptography resuts in widely 
unpopular activities such as sarin attacks and political activities.  I 
pointed out, almost certainly correctly, that these are wrong:

1.  To believe that use in cryptography will result in greater numbers of 
random attacks on innocent civilians.  As I pointed out, the exact opposite 
should be true:  A greater ability to target the guilty means less reason to 
kill the innocent.

2.  To believe that political assassination will be unpopular even if the 
ordinary citizen has an effective say in who's going to die.


In other words, based on my understanding these beliefs are diametrically 
opposed to the truth.  Not simply a difference in extent, we're talking a 
180-degree change.

Your response is a sheepish, "but we won't really know until we see it 
happen."   Harrumph!  

>My whole point is based on the proposition that the doomsayers are right.

Which doomsayers?  What version of "doom"?  

>I believe D. Denning has suggested that cryptoanarchy will result in
>the breakdown of our society.

I suppose that depends a lot on what a person means by the phrase, "our 
society."  Used as you (and maybe she, as well) this sounds like a 
code-word.  To a statist, "society" is basically the stratification system 
that has developed to let one group of people control another.  By that 
standard, cryptoanarchy WILL "result in the breakdown of our society."   But 
that's all for the good.



Jim Bell
jimbell at pacifier.com





From ben at gonzo.ben.algroup.co.uk  Fri Nov  8 04:24:34 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Fri, 8 Nov 1996 04:24:34 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007803aea873ff3acc@[207.167.93.63]>
Message-ID: <9611081117.aa20234@gonzo.ben.algroup.co.uk>


Timothy C. May wrote:
> 
> At 10:33 AM -0800 11/7/96, Dale Thorn wrote:
> 
> >According to HP, the "Polish" part of the term comes from a Polish
> >mathematician whose
> >name (I can't spell it, and I don't have the .DOC) is pronounced phonetically:
> >WOOCASHEVITZ.  The "reverse" part apparently means the inventor specified the
> >operation before the parameters, instead of how HP implemented it.
> 
> 
> Lucaciewicz, as I recall. His notation was originally that one would add
> two numbers, a and b, as "+ a b." A modified form, adapted for stack
> machines, was to add two numbers with "a b +." Hence, _reverse_ Polish
> notation, but equally sound.
> 
> This involves entering a, then pushing it onto the stack with an ENTER,
> then entering b, then hitting the "+" key to pop the stack and place the
> sum in the main (X) register.
> 
> For people who claim that (6 + 7) * 5 is the "natural" way to do things, I
> point out to them that the way one does it one's head is to take 6 and 7
> and add them then to multiply by 5. Or I show them
> 
>    6
> +  7
> -----
>    13
> *   5
> -----
>    65
> 
> Then they see that RPN is actually the way we do things in our head. Or on
> paper.
> 
> Computers do things with parentheses, we don't.
> 
> By the way, Polish notation is how LISP evaluates expressions. E.g.
> 
> (+ 6 7)
> 
> or, for the full problem above,
> 
> (* 5 (+ 6 7))
> 
> And for those of you are not LISP or Scheme fans, the language FORTH also
> uses Polish notation. RPN, in fact.

I think claiming RPN for Forth is pushing it a little far. Admittedly it is
stack-based (well, two-stack-based), and everything an operator can operate on
is to the left, but the provision of arbitrary stack manipulation, "compile"
mode (triggered by the '[' operator, if my memory serves) and so on make it
rather a different beast.

Incidentally, PostScript is Forth in disguise.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From adam at homeport.org  Fri Nov  8 04:38:27 1996
From: adam at homeport.org (Adam Shostack)
Date: Fri, 8 Nov 1996 04:38:27 -0800 (PST)
Subject: Validating a program
In-Reply-To: <3282BD90.43FA@gte.net>
Message-ID: <199611081235.HAA18376@homeport.org>


Dale Thorn wrote:
| Adam Shostack wrote:
| > Dale Thorn wrote:
| > | stewarts at ix.netcom.com wrote:
| > | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
| > | > >> > Last,  I would like to know once and for all,  is PGP compromised,  is
| > | > >> > there a back door, and have we been fooled by NSA to believe it's secure?
| 
| > | > You can read and compile the source code yourself.
| 
| > | Really?  All 60,000 or so lines, including all 'includes' or attachments?
| > | I'll bet you can't find 10 out of 1,000 users who have read the total source,
| > | let alone comprehended and validated it.
| 
| [snip]
| 
| > In short, if you're paranoid, feel free to look over the source.  But the fact that
| > most people have never peeked under the hood is not a strike against pgp at all.
| 
| The quip about peeking under the hood may apply OK to an automobile, but to a program
| which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
| put the sender in any great danger, but when the application is really serious, as it
| always is sooner or later, you must realize that people could be taking great risks
| with PGP encryption, and "pretty sure" isn't good enough when it's really, really
| vital to have bulletproof security.

	You're wrong.

	People can make their own choices about what level of risk
they're willing to accept.  That they make bad choices is not my
problem, except when they're paying for my opinion.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From dlv at bwalk.dm.com  Fri Nov  8 05:00:14 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 8 Nov 1996 05:00:14 -0800 (PST)
Subject: Vulis now on the "Don't Hire" list
In-Reply-To: <v03007803aea827844e20@[207.167.93.63]>
Message-ID: <62R3wD33w165w@bwalk.dm.com>


[Cc:'d to John "deep pockets" Gilmore, who approves of and assumes liability
for Timmy's posts on John's private mailing list. ]

"Timothy C. May" <tcmay at got.net> writes:

> And, indeed, it is not likely to be who suffers in the job market as a
> result of Dr. Vulis' rants and raves and generally insane postings; my
> situation is secure, but I understand that Vulis has joined L. Dettweiler
> on the "List of Unemployables" passed around Silicon Valley.
>
> I strongly doubt many computer companies in the Silicon Valley will be
> willing to hire him or his consulting service as his antics have received
> publicity.
>
> He may have his "NetScum" list and Web page, but it's his name on the list
> of folks not to hire.

Too bad for the Silicon Valley. :-) But I couldn't be hired by Cygnus
anyway because I'm straight.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jmr at shopmiami.com  Fri Nov  8 05:20:48 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Fri, 8 Nov 1996 05:20:48 -0800 (PST)
Subject: Return address forgery [was Judge Kozinski...]
Message-ID: <199611081320.IAA35308@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Fri Nov 08 20:20:02 1996
The Bovine remailer wrote:

> On Wed, 6 Nov 1996, Bill Frantz wrote:
> 
> > At  4:39 AM 11/6/96 -0500, Jim Ray wrote:
> > >Judge Kozinski wrote:
> > >> ... Perhaps the answer
> > >> is that the post office should not accept mail unless there
> > >> is a clear indication of who the sender is 

[...]

> > In the case of postal mail, return address forgery is so easy

[...]

> Yes the failure to forsee this did stand out a little in the discourse
>  :).

Well, in the judge's defense, note that he used the word "perhaps" above. I 
like this judge, which (obviously) isn't something I can say about too many 
judges...I think he was just trying to sharpen our thoughts and arguments, 
and that he DOES agree with us on many, many things. His fears about the 
misuse of anonymity in a police state, for example, come from his personal 
experience in a former socialist paradise. I think (hope) that being exposed 
to "cypherpunk issues" by as many good thinkers as he was, in a relaxed, 
non-courtroom setting, has broadened his understanding of the many issues 
involved and will help "our" side immensely if these same issues ever do 
come before him.

I have decided, however, to cease my very enjoyable conversation with him 
about these issues, from now until after Judge Patel's Bernstein case has 
been decided and appealed, because of this very possibility. I am already 
concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt 
to argue that "cypherpunk terrorists have been secretly trying to subtly 
influence Kozinski's thinking, and that therefore he should be removed from 
the case in favor of some judge who has no clue whatsoever about the 'Net, 
encryption, anonymous remailers, etc." [I am sure the argument wouldn't be 
put quite that way <g> but that's what the U.S. Attorney would mean.] There 
is now a judge with some idea of these issues who will IMNSHO probably be 
fair to "our" side. It is a rare opportunity, and I don't want to "blow it."
JMR


Please note new 2000bit PGPkey & new address <jmr at shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMoPcRjUhsGSn1j2pAQHtVAfPd+F3jXHov9TgaZJSsKNcfi0dn30K9Dgs
2PQwFFLp8UuHFQGybBdorw4V9DQuGTehLVuiBttKdbBZYWVMhWv/TptZ+sagbexO
EX0TrcD8gU3dtSK9xLH94TO8YMY5U/sk/8LIC1Q4cehXiZ3MOK/yxxR7V8uooJuI
6g4+HSxUOU2CBPIfYyHjzALxYkjn2/YYjo8VdFbxE7fRnjycnvr+qn2l70az4nnx
E2l9qvXJYgNiEhSQVk4o3b+hlybCuFA1jtNLnkHa1qYQz2xP7xoF6QiDcscl4Jev
HVQfUg52JyxS6DxsZ8K9/64aUlJWAXZYZbg4bn80OV4ETg==
=gQWe
-----END PGP SIGNATURE-----






From nobody at replay.com  Fri Nov  8 05:44:09 1996
From: nobody at replay.com (Anonymous)
Date: Fri, 8 Nov 1996 05:44:09 -0800 (PST)
Subject: So there's a cypherpunks newsgroup?  mail.cypherpunks
Message-ID: <199611081343.OAA02821@basement.replay.com>








From matts at cyberpass.net  Fri Nov  8 05:46:22 1996
From: matts at cyberpass.net (Matts Kallioniemi)
Date: Fri, 8 Nov 1996 05:46:22 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <3.0b36.32.19961108144638.00a11c90@cyberpass.net>


At 17:12 1996-11-07 -0800, jim bell wrote:
>Simple analogy:  Suppose you put two people into a room with a deck of 
>playing cards and a table, instructing "Person A" to build a house-of-cards, 
>and telling "Person B" to stop him from achieving his goal.  Who do you 
>think will win?  Obviously, the latter will win:  It's vastly easier to 
>knock such a structure down than to build it in the first place,  and all 
>"Person B" has to do is occasionally take a whack at the structure. 

What if Person A is better armed? Could that change the outcome?







From trei at process.com  Fri Nov  8 06:49:39 1996
From: trei at process.com (Peter Trei)
Date: Fri, 8 Nov 1996 06:49:39 -0800 (PST)
Subject: [rant] Race
Message-ID: <199611081449.GAA02913@toad.com>


> Date:          Thu, 7 Nov 1996 18:15:17 -0800 (PST)
> To:            cypherpunks at toad.com
> From:          Sean Roach <roach_s at alph.swosu.edu>
> Subject:       [rant] Race

Sean Roach wrote:
> Sandy Sandfort wrote:
>> ...
>> >What you mean WE, white man?  ...
> At first I was afraid to comment, as I have been more than vocal in the last
> 24 hours, but then I decided that I thought this important enough to bring up.
> This was the first time on this list that I noticed such an obvious
> reference to race, granted I'm fairly new to the list,(quite new in fact),
> and when I think about it, there were several references to Russians and
> Jews in some of the other posts about Dr. Vulis and his practices.  
[...]

I think Sandy is actually refering to an old joke:
-------------------------
The Lone Ranger and Tonto found themselves cornered in a box canyon by 
1,000 Apache braves, all screaming for the LR's blood after he had [grossly 
offended them in some arbitrary way].

As the Redskins approached from all directions, arrows and tomahawks
struck the bodies of Silver and Scout, behind which the two brave 
vigilantes had taken cover. Suddenly, the Lone Ranger ran out of 
ammunition (silver bullets are expensive). Turning to his faithful Native 
AmerIndian companion, the LR saw that Tonto, too,  was down to his last 
bullet. With tears staining his mask, he said:

"Well, old friend, it looks like this is it - I don't see any way we can get out
of here alive."

Tonto looked back at his mentor and master of so many years, deep in thought,
and came to a decision. Reaching into his shirt he produced an eagle feather. 
Sticking this in his hair, he leveled his gun at the Lone Ranger, and said:

"What's this 'we' bit, White Man?"
---------------------------

ObCrypto: Is it true that "Kemo Sabe" is Abanake for "Horse's Ass"?

Peter Trei
trei at process.com


   

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei at process.com





From dthorn at gte.net  Fri Nov  8 07:39:01 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 8 Nov 1996 07:39:01 -0800 (PST)
Subject: Validating a program
In-Reply-To: <199611081235.HAA18376@homeport.org>
Message-ID: <328353D8.4D28@gte.net>


Adam Shostack wrote:
> Dale Thorn wrote:
> | Adam Shostack wrote:
> | > Dale Thorn wrote:
> | > | stewarts at ix.netcom.com wrote:
> | > | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:

> | The quip about peeking under the hood may apply OK to an automobile, but to a program
> | which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
> | put the sender in any great danger, but when the application is really serious, as it
> | always is sooner or later, you must realize that people could be taking great risks
> | with PGP encryption, and "pretty sure" isn't good enough when it's really, really
> | vital to have bulletproof security.

>         You're wrong.
>         People can make their own choices about what level of risk
> they're willing to accept.  That they make bad choices is not my
> problem, except when they're paying for my opinion.

It's easy to say, but when the "shit comes down" as they say, the average user is
going to swear they had assurance PGP was absolutely secure, etc....






From nobody at cypherpunks.ca  Fri Nov  8 07:44:58 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 8 Nov 1996 07:44:58 -0800 (PST)
Subject: Information [for new PGP user]
In-Reply-To: <Pine.OSF.3.91.961107213057.8220G-100000@fn3.freenet.tlh.fl.us>
Message-ID: <199611081542.HAA18264@abraham.cs.berkeley.edu>


> From: "P. J. Ponder" <ponder at freenet.tlh.fl.us>
> 
> the point is that the source code is available and public.  I may not be 
> able to find any errors or hiddens trapdoors in it, but I have greater 
> trust in it because many other people can read it and make public 
> comments about it.   the advantage of a published (public) work is that 
> even those of us who are not experts can gain the advantage of having the 
> work reviewed openly by anyone who is so inclined.

People would do well to remember this.  In the future software
released by PGP Inc. will not come with source code.  I don't believe
source to PGPfone will ever be released, for instance.  Beware of this
software.  Despite Zimmerman's strong privacy record, you should
never, ever, use crypto software that doesn't come with source.
Period.





From declan at well.com  Fri Nov  8 07:53:42 1996
From: declan at well.com (Declan McCullagh)
Date: Fri, 8 Nov 1996 07:53:42 -0800 (PST)
Subject: Universal Service for the Net: Why it's a bad idea
Message-ID: <Pine.GSO.3.95.961108075315.19194D-100000@well.com>




---------- Forwarded message ----------
Date: Fri, 8 Nov 1996 07:53:05 -0800 (PST)
From: Declan McCullagh <declan at well.com>
To: fight-censorship at vorlon.mit.edu
Subject: Universal Service for the Net: Why it's a bad idea

Yesterday I spent one of the most interminably boring afternoons of my
life in a cramped and sweaty eighth-floor conference room at the FCC.
The occasion? A special panel was announcing its recommendations to
the FCC on a new universal service plan, as required by the 1996
Telecommunications Act.

The problem was that the Federal-State Joint Board hadn't reached a
decision by the time the hearing was due to begin at 1 pm. Nor had
they at 2 pm. Or an hour later. In a conference room down the hall,
the eight-person board were sweating even more than we were. They
wanted consensus. Eventually the meeting began, closer to 4 pm.

The board's unanimous recommendation: The creation of a $2.25 billion
universal service fund to subsidize schools' Net-connections. The subsidy
will range from 20 percent to 90 percent and will be tied to how many kids
get tax-subsidized school lunches at each school. The cost will be paid
for by "telecommunications carriers," meaning higher phone bills for
consumers. (Of course, the FCC's Reed Hundt tried to duck this question,
but other panel mambers clarified.) The FCC will vote on this proposal
early next year -- and since Chairman Hundt was on the panel, approval
seems almost certain.

I happen to think this is a bad idea, but saying so publicly almost
inevitably results in charges of elitism, "information have-nots," or
being indifferent to the needs of our children. Opposing the CDA also
left one open to similar charges: soft on porn, high on anarchy, or
indifferent to the needs of our children. (I'm starting to believe
that more evil can be done in the name of "protecting our children"
than with any other excuse.)

But just as there are real arguments against the CDA that don't rely
on overheated "protecting children" rhetoric, so there are real
arguments against this universal service scheme:

* With more government intervention almost inevitably comes more
  control. I can hear it now from family values activists: "My tax
  dollars are going to pay for porn on the Net!"

* Why should a Beverly Hills high school get a discount of 20 percent?
  Can't they afford to pay for ISDN?

* Ironically, the same White House that is pushing this plan to wire
  schools to the Net is also pushing Bruce Lehman's "NII copyright bill"
  that will shut the door on schools' ability to _use_ information on
  the Net. Schizophrenic kowtowing to too many special interests? You
  decide.

* The American Library Association has fought the good fight on free
  expression issues (as in the second CDA suit, ALA v. DoJ) and on the
  copyright bill. Yet in this matter, they're the ones pushing for this
  universal service scheme. Clearly, alliances shift.

* With increased taxation of telecom industries -- taxes that could
  increase constantly at the whim of the FCC -- investors will be wary
  and money will shift elsewhere. If this happens, it will damage the
  ability of firms to improve our nation's telecom infrastructure.

* Does every student have a _right_ to be online -- that should be
  paid for by tax dollars -- or is it a _privilege_ that should be paid
  for by other means?

* This implementation of universal service is based on a knee-jerk
  fear of Internet "haves and have-nots." That's unrealistic. New
  technologies takes time to filter through a society. The joint board's
  position ignores history; flush toilets and cars took decades to spread.

* Why should universal service be a priority, before books and roofs
  for our schools? Dozens of schools in the nation's capital were
  blocked from opening because of, I recall, fire code violations and
  even non-working bathrooms. If the Clinton administration _truly and
  honestly_ wants to help children, the president has to look no
  further than the District's own school system. 

Don't get me wrong. I agree with the end goal, which is to get kids
online. But I can't stomach the Clinton administration's means to
that end.

-Declan







From m1tca00 at FRB.GOV  Fri Nov  8 08:13:48 1996
From: m1tca00 at FRB.GOV (Thomas C. Allard)
Date: Fri, 8 Nov 1996 08:13:48 -0800 (PST)
Subject: [NOISE] If the shoe fits, wear it [VULIS]
Message-ID: <199611081612.LAA04764@bksmp2.FRB.GOV>



Rich Graves <rcgraves at ix.netcom.com> said:

> networks at vir.com wrote:
> >  The nature of the Internet means it is extremely difficult for John
> > to prevent Dr. Vulis from either posting using a pseudonym or having
> > messages forwarded to him.  IF it were possible to prevent Vulis
> > from either reading messages or posting do you think John would have
> > done that too?  Just curious.
>
> I think that gets into "how many angels can dance on the head of a 
> pin"  territory, because it just isn't, and I certainly don't speak 
> for him.  But...

What if John didn't prevent him "suvscribing", but instead directed his 
software to simply send messages from Vulis back to him as though they were 
sent to the list, but in fact did not forward his messages to the rest of 
the list.  Vulis would continue to (spit) and (fart) on the list, would 
assume everyone else saw it, but would not see any replies to his spew.  
His remailer (spits) would still get through, but think how much less noise 
there would be.

Alternatively, he could just moderate the list and not forward his rantings 
at all.  LOTS more work, but still feasible.

All I'm saying is that it *is* possible for John to censor Vulis from this 
list if he was so inclined.

rgds-- TA  (tallard at frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D







From ericm at lne.com  Fri Nov  8 08:16:59 1996
From: ericm at lne.com (Eric Murray)
Date: Fri, 8 Nov 1996 08:16:59 -0800 (PST)
Subject: WebTV a "munition"
Message-ID: <199611081616.IAA21577@slack.lne.com>




Page 3 of the San Jose Mercury News has a small blurb
about WebTV's browser/set-top box that "uses
computer-security technology so powerful that the
government is classifying it as a weapon
that will require a special export license before
it can be sold overseas".

"Few industry experts expect such a licsense to
be granted, meaning the companies are unlikely to
begin selling current versions of the US-made
devices next year in Eurpoe and Japan as they
had planned".

[fluff about export laws]

"We're the guinea pig" says Steve Perlman, chairman
and CEO blah blah.


So what's the story here?  It's a web browser, so they're
probably talking about SSL.  SSL (both versions) already has mechanisims for
allowing "export" level encryption, and although you still need to
get a Commodities Jurisdiction, it's been done before so it
shouldn't be too difficult.  If they didn't use the "export"
level SSL CipherTypes, then what're they up to?  Are they
fighting crypto export laws (for which they should be congratulated
and supported) or are they just looking for free publicity?


-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From jer+ at andrew.cmu.edu  Fri Nov  8 08:31:39 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Fri, 8 Nov 1996 08:31:39 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v03007802aea86e3be000@[207.167.93.63]>
Message-ID: <0mUpzf200YUf065kw0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Peter's point: If everyone in the US wants a ban on strong crypto,
excepth the people on this list and the million-odd terrorists who are
using strong crypto to murder, rape, pillage, etc., then strong crypto
will be banned.

If I understarn your point, Peter, you are correct. However, there
probably won't be thousands of terrorist folks who can't be caught
because of their expert use of strong crypto. I mena, half the mad
bombers in the US try to get their deposit back on the vans that they
used to blow up buildings. Do you think these people will be able to
effectively use crypto?

Furthermore, terrorrim and etc do not depend upon secure
communications to work. People tend to be able to talk face-to-face in
isolated environs, this is just as effective as a good public-key
cryptosystem. Crypto won't suddenly protect the types of people who
are professional killers/terrorists from scrutiny. It meerly would
allow them to communicate securely over distances of more than 10
feet. This, IMO, is not much of a win for them.

So, you're right. Given the proper conditions, strong crypto could
probably be mostly stopped. However, these conditions are quite
unlikely to arise.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoNf5ckz/YzIV3P5AQHzNwL/XDr62TKhBrthrrWkS1KRv/H0yryv0EkO
PErVFSHWC9YsNdON97YXD75fHrVdhpfPUfHStmJY9l7IM91RQkoozolV36Q3OwVy
YOa3tEtn4TuCq3wxD2xIwaAlVWkBe0jw
=gXVT
-----END PGP SIGNATURE-----





From mjmiski at execpc.com  Fri Nov  8 08:36:19 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Fri, 8 Nov 1996 08:36:19 -0800 (PST)
Subject: Return address forgery [was Judge Kozinski...]
Message-ID: <199611081636.KAA26463@mail.execpc.com>


> Well, in the judge's defense, note that he used the word "perhaps" above. I 
> like this judge, which (obviously) isn't something I can say about too many 
> judges...I think he was just trying to sharpen our thoughts and arguments, 
> and that he DOES agree with us on many, many things. His fears about the 
> misuse of anonymity in a police state, for example, come from his personal 
> experience in a former socialist paradise. I think (hope) that being exposed 
> to "cypherpunk issues" by as many good thinkers as he was, in a relaxed, 
> non-courtroom setting, has broadened his understanding of the many issues 
> involved and will help "our" side immensely if these same issues ever do 
> come before him.

Jim,

Thank you for doing this.  I went to Law School to bring a viewpoint 
to the bench that was never there.  I do so whenever I can.  What you 
are doing is a very important part of moving this country forward.  I 
understand the people who [RANT] about the problems we face, but when 
people like you hold a civil discourse with officials we overcome the 
label of extremists.

> 
> I have decided, however, to cease my very enjoyable conversation with him 
> about these issues, from now until after Judge Patel's Bernstein case has 
> been decided and appealed, because of this very possibility. I am already 
> concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt 
> to argue that "cypherpunk terrorists have been secretly trying to subtly 
> influence Kozinski's thinking, and that therefore he should be removed from 
> the case in favor of some judge who has no clue whatsoever about the 'Net, 
> encryption, anonymous remailers, etc." [I am sure the argument wouldn't be 
> put quite that way <g> but that's what the U.S. Attorney would mean.] There 
> is now a judge with some idea of these issues who will IMNSHO probably be 
> fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

Once again, thank you for all you are doing.


> JMR
> 
> 
> Please note new 2000bit PGPkey & new address <jmr at shopmiami.com>
> This key will be valid through election day 2000.
> PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
> Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.

Matt

 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
=lkx1
-----END PGP PUBLIC KEY BLOCK-----





From ph at netcom.com  Fri Nov  8 09:02:42 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:02:42 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b04aea905f722f8@[192.0.2.1]>


At 12:29 AM 11/8/1996, Jim McCoy wrote:
>Peter Hendrickson writes:
>[...]
>>> Get a warrant, search my system, find nothing but a bunch of applications
>>> and a collection of risque (but definitely legal) pictures which I exchange
>>> with a few friends.  You may suspect that when the images are concatenated
>>> in a particular way the low-order bits form a stego filesystem but no one
>>> will be able to prove it in court.

>> Are you concatenating these images by hand?  If so, the level of entropy
>> is probably low enough to recover the information through brute force
>> methods or you are hiding a very small amount of information.

> I hide the relatively small amount of data within a very large amount of
> data which makes it impossible to find.  Data from analog sources, like
> the "real world" (images, sounds, etc) is noisy.  This is a fact of life.
> Because this data is noisy I can hide information in the noise.  As long
> as the information I am hiding maintains the same statistical properties
> of noise it is impossible to pull the information out of the data file unless
> you have the key.  If I am paranoid enough I can make this key impossible
> to discover without a breakthrough in factoring.

Where will you keep your secret key?  Remember, when they go through your
house they bring 20 young graduates from MIT who are just dying to show
how clever they are and save the world at the same time.

> This is the essence of steganography and the nature of signal and noise are
> fundemental principles of information theory.

The concept of noise is not all that well defined, however.  There is no
way to look at a signal and say "this is all noise."  Sometimes physical
theories may lead you to believe that it is all noise.  That is fine
for many applications, but when becomes less convinced of things if
the consequences are severe.

>> If you are not doing it by hand, you own terrorist software and will pay
>> the price.

> Ah yes, terrorist programs like cat and perl and operating systems like
> Linux which contain a loopback filesystem that I can hook a perl
> interpreter into at compile-time (which is enough for me to rewrite the
> program from scratch each time if necessary, unless things like math
> libraries are also outlawed on computers :)  I think that the crypto
> concentration camps are going to be very crowded places.

Can you elaborate on this?  I am curious to know exactly what you are going
to keep in your head and what goes on the disk.  Please post the Perl
code that you would type in from scratch every time.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Fri Nov  8 09:02:47 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:02:47 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b09aea90d4adb85@[192.0.2.1]>


At 12:01 AM 11/8/1996, Timothy C. May wrote:
> I don't believe it is as easy to differentiate between unencrypted and
> encrypted traffic as Peter believes, and I definitely don't believe the
> United States could stand--in the form it is in now, Consitutionally--if
> forms of language and speech were to be banned and violators of the ban
> were to receive harsh treatments.

Maybe we don't differentiate between traffic.  Maybe we work on
tempest attacks.  Think about this right now - do you know for
sure that nobody is lurking in a van down the road with eavesdropping
equipment?  Do you know for sure that nobody is renting a room
from one of your neighbors for all the equipment?

If cryptoanarchy is unpopular, once you are a suspect - and are
"guilty" - it is all over for your career as a cryptoanarchist.

What are the benefits of being a cryptoanarchist?  Maybe you get
to double your income.  Most people won't see this as worth the
trouble.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Fri Nov  8 09:02:55 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:02:55 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0aaea90e9b2ac3@[192.0.2.1]>


At 3:51 AM 11/8/1996, jim bell wrote:
>At 06:25 PM 11/7/96 -0800, Peter Hendrickson wrote:
>>At 5:12 PM 11/7/1996, jim bell wrote:
>>> BTW, some of your confusion is probably based is the false assumptions in
>>> your last sentence above.  "..wide use of strong cryptography results in
>>> widely unpopular activities such as sarin attacks and political
>>> assassinations."

>> No, you're confused, but it's probably my fault.  We don't really know
>> what cryptoanarchy will be like.  We all have ideas about it.  Some
>> we share and some we don't.  But we won't really know until we see it
>> happen.

> Well, uh, with all due respect, but while it's obviously true that we won't
> know EXACTLY how it'll be, that doesn't mean that no portion of we imagine
> will come true.

At last some respect!  (I agree with your point.)

> This is particularly true on the big issues.   For example, you hypothesized
> that "wide use of strong cryptography resuts in widely unpopular activities
> such as sarin attacks and political activities.  I pointed out, almost
> certainly correctly, that these are wrong:

Yes, I think they are probably wrong.  But, not everybody shares our view.
Some people claim that we should not be allowed to communicate privately
because of the terrible things that would happen if cryptoanarchy were
to develop.  But, these people want to make it illegal now (a big hassle)
long before it is clear that we are going to have these problems.

Imagine for a moment that LSD was just invented.  Somebody then pointed
out that it was possible to randomly dose people without their knowledge.
The amounts required are virtually indetectible until it is too late.

This is certainly possible, but in practice it almost never happens.  I
can only think of one incident I have heard about where somebody took
a recreational drug involuntarily, and that was an accident.

A lot of the things we talk about are that way.  If they are not, it
is entirely possible to put a stop to them, should there be broad
popular support to do so.

> 1.  To believe that use in cryptography will result in greater numbers of
> random attacks on innocent civilians.  As I pointed out, the exact opposite
> should be true:  A greater ability to target the guilty means less reason to
> kill the innocent.

I imagine the guilty will never figure out that a pre-emptive attack
on the innocent would be advisable.

> 2.  To believe that political assassination will be unpopular even if the
> ordinary citizen has an effective say in who's going to die.

Why don't you take an off-list poll of core cypherpunks and see how
many of them share your view?  I suspect not many.  If not even cypherpunks
are open to the idea, how many voters will be?

> In other words, based on my understanding these beliefs are diametrically
> opposed to the truth.  Not simply a difference in extent, we're talking a
> 180-degree change.

> Your response is a sheepish, "but we won't really know until we see it
> happen."   Harrumph!

What happened to my "all due respect"? ;-)

>> My whole point is based on the proposition that the doomsayers are right.

> Which doomsayers?  What version of "doom"?

Take a look at this essay by D. Denning:
http://www.cosc.georgetown.edu/~denning/crypto/Future.html

Denning writes:
> A few years ago, the phrase crypto anarchy was coined to suggest the
> impending arrival of a Brave New World in which governments, as we
> know them, have crumbled, disappeared, and been replaced by virtual
> communities of individuals doing as they wish without interference.
> Proponents argue that crypto anarchy is the inevitable -- and highly
> desirable -- outcome of the release of public key cryptography into
> the world. With this technology, they say, it will be impossible for
> governments to control information, compile dossiers, conduct
> wiretaps, regulate economic arrangements, and even collect taxes.
> Individuals will be liberated from coercion by their physical
> neighbors and by governments. This view has been argued recently by
> Tim May [1].

> Behind the anarchists' vision is a belief that a guarantee of
> absolute privacy and anonymous transactions would make for a civil
> society based on a libertarian free market. They ally themselves
> with Jefferson and Hayek who would be horrified at the suggestion
> that a society with no government control would be either civil or
> free. Adam Ferguson once said "Liberty or Freedom is not, as the
> origin of the name may seem to imply, an exemption from all
> restraints, but rather the most effectual applications of every just
> restraint to all members of a free society whether they be
> magistrates or subjects." Hayek opens The Fatal Conceit, The Errors
> of Socialism (The University of Chicago Press, 1988, ed. W.W.
> Bartley III) with Ferguson's quote.

> Although May limply asserts that anarchy does not mean lawlessness
> and social disorder, the absence of government would lead to exactly
> these states of chaos.

Leaving aside Denning's snide (and evasive) remark about Tim, if her
assessment of cryptoanarchy is correct, that will become clear in
due time.  There is no reason at all to think that it cannot be
rolled back in the unlikely event that a disaster results.

I would comment parenthetically that Denning's understanding of
Jefferson is limited.  Jefferson once said he preferred a free
press to government.  Jefferson once said that he thought a revolution
every twenty years was healthy for a society.  Jefferson was an
accomplished mathematician.  Jefferson invented a pretty good cipher.
Jefferson was a cypherpunk to the marrow!

>> I believe D. Denning has suggested that cryptoanarchy will result in
>> the breakdown of our society.

> I suppose that depends a lot on what a person means by the phrase, "our
> society."  Used as you (and maybe she, as well) this sounds like a
> code-word.  To a statist, "society" is basically the stratification system
> that has developed to let one group of people control another.  By that
> standard, cryptoanarchy WILL "result in the breakdown of our society."   But
> that's all for the good.

While I may not have paraphrased Denning and her (few) cohorts as
accurately as I would have liked, I think your question is better
directed towards them.

Presumably when Denning says "social disorder" she is not thinking of
disorderly relationships such as choosing your own job, or friends,
or spouse, or whatever.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Fri Nov  8 09:03:09 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:03:09 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b08aea909b002cb@[192.0.2.1]>


At 12:58 AM 11/8/1996, stewarts at ix.netcom.com wrote:
> Strong vs. weak crypto isn't the real issue - for most business use,
> weak crypto is obviously unacceptable, but strong crypto with GAK
> is ok as long as it doesn't interfere with use (and as long as the
> government bureaucrats don't sell too many keys.)

We often say that the government is a security weak point and that
this makes GAK impractical.  However, this is not true.  If the
holders of the government keys were individually responsible for
their release, they would not be released very often.  That is,
in order to use cryptography you must purchase an expensive
encryption license.  That pays the salary of a certified "key
escrow agent" who is the only person who can decrypt your messages.
What stops him from revealing your keys to unauthorized parties?
It's his business.  If that's not enough, you back it up with
criminal penalties for disclosure.  And, hiring this person is
no different from hiring an employee for your company.

There are already similar activities.  Lawyers are nominally employees
of the state.  Employees of Swiss banks can go to jail for violating
their secrecy laws.

> The government might be able to stop new Netscape versions from
> using strong crypto - threatening to confiscate the company's
> ill-gotten gains from aiding and abetting money launderers might help,
> and threatening to confiscate PCs that use unapproved crypto.
> But it's tough to use a widespread threat like that on popular
> software once it's out there.

I agree, if the software is popular.  But, if the fears of the GAKers
and the dreams of certain cypherpunks are real, such software will
not be popular.

Peter Hendrickson
ph at netcom.com







From jbugden at smtplink.alis.ca  Fri Nov  8 09:09:27 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Fri, 8 Nov 1996 09:09:27 -0800 (PST)
Subject: His and Her Anarchies
Message-ID: <9610088474.AA847483743@smtplink.alis.ca>


Copyright c 1996, The Globe and Mail Company r

U.S. election reveals his and her politics 
Educated women have different agenda 

By Graham Fraser 
Washington Bureau

WASHINGTON - Bill Clinton's re-election has shone a spotlight on a 
widening difference in views between men and women in the United States, 
particularly among those with a university education. 

"Men and women, if college educated, agree about very little," Celinda 
Lake, a Democratic pollster, told a conference organized by the 
Brookings Institution yesterday. "Men and women would have elected a 
different president, a different Senate, and a different House of 
Representatives," Ms. Lake said. 

She pointed out that "men and women are coming to some pretty different 
conclusions" about the role of government and the importance of social 
programs. 

Polling has shown that women believe the government can play a positive 
role in solving social problems, while men feel that government is a 
problem, and that it is a good day when they have not been hurt by it, 
Ms. Lake said. 

"On our side of the aisle, we're beginning to wonder what a college 
education does for a man," she said. 

 ...

http://web.theglobeandmail.com/web/cgi-bin/
DisplayPage?SITE=web&KEY=961108.GlobeFront.UGUYSM






From dbell at maths.tcd.ie  Fri Nov  8 09:12:47 1996
From: dbell at maths.tcd.ie (Derek Bell)
Date: Fri, 8 Nov 1996 09:12:47 -0800 (PST)
Subject: [NOISE] A modest :-) proposal
Message-ID: <9611081712.aa11601@salmon.maths.tcd.ie>


-----BEGIN PGP SIGNED MESSAGE-----


	To make things more crypto-relevant, I suggest a new source of
noise should be analysed for crypto-security: this list. Of course,
this should be done with an *un*filtered version of the list as
filtering decreases noise.

	Derek

http://www.maths.tcd.ie/~dbell/key.asc <- my public key available here
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMoNp+FXdSMogwMcZAQFt3gP/WzfxzkOvc7gcTS2RL6Eiv3/hztGzdg6n
PCC8xroKl+UZ6U9w/5EioB2GrEexc7QpcfWozqYqIeEfy8ZJlvKLU25/1cpWZrCe
NrWWi+lsUanMUWn1JdkdjKFyEuHZl/E4FLjp9Fyy6C15scWJzeoISPKlSjru1qv7
A8pp3lyG/84=
=u5Gn
-----END PGP SIGNATURE-----





From Tunny at inference.com  Fri Nov  8 09:22:20 1996
From: Tunny at inference.com (James A. Tunnicliffe)
Date: Fri, 8 Nov 1996 09:22:20 -0800 (PST)
Subject: WinKrypt
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961108172115Z-1414@landru.novato.inference2.com>


By way of JYA:
> >"WinKrypt's marriage of highly sophisticated technology -- such
> >as the advanced, not-for- export 256-bit GOST encryption
> >algorithm contained in the KeyMail program -- with a
> >user-friendly interface virtually redefines the PC security
> >category," said Syncronys.
>>
>> http://www.syncronys.com.

ROTFL!  Marvelous.  This from the folks who brought us SoftRam95,
arguably the most blatant fraud ever perpetuated on the software buying
public. For that, they recently got off with a remarkably soft slap on
the wrist from the FTC.  (See
http://ftp.uni-mannheim.de/info/OReilly/windows/win95.update/softram.htm
l for the story.)  I wouldn't buy a _screen saver_ from these folks, let
alone a mission critical piece like email encryption!

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny at Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================
>





From dbell at maths.tcd.ie  Fri Nov  8 09:22:30 1996
From: dbell at maths.tcd.ie (Derek Bell)
Date: Fri, 8 Nov 1996 09:22:30 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007803aea873ff3acc@[207.167.93.63]>
Message-ID: <9611081721.aa12122@salmon.maths.tcd.ie>


-----BEGIN PGP SIGNED MESSAGE-----

In message <v03007803aea873ff3acc@[207.167.93.63]>, "Timothy C. May" writes:
>Lucaciewicz, as I recall. His notation was originally that one would add
>two numbers, a and b, as "+ a b." A modified form, adapted for stack
>machines, was to add two numbers with "a b +." Hence, _reverse_ Polish
>notation, but equally sound.

	He also did some work on multi-valued logic, IIRC.

>And for those of you are not LISP or Scheme fans, the language FORTH also
>uses Polish notation. RPN, in fact.

	Yep, FORTH uses it for everything, including IF statements!

	e.g.
	< IF ." The Second on stack is smaller than Top Of Stack"  THEN

	Derek

http://www.maths.tcd.ie/~dbell/key.asc <- my public key here
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMoNsLFXdSMogwMcZAQFtyQP+JIYnLgw754fE2Ku69ubk+yQolODBe2su
KnQUOehxhZK2PvV0DQt7qWeMaKbbdmA8gxWKDBakX/2zuKuiUWbEzz2d53tEKt7s
QGBgxOyaBNeWQVSACb5/rbKVH34rL7qUCxMatq5shsiBfvoPndePMeS/5qFjmt39
AbKJz+EDbuc=
=SkNM
-----END PGP SIGNATURE-----





From sandfort at crl.com  Fri Nov  8 09:23:57 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 8 Nov 1996 09:23:57 -0800 (PST)
Subject: [rant] Race
In-Reply-To: <199611080215.SAA23654@toad.com>
Message-ID: <Pine.SUN.3.91.961108085606.20584B-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 7 Nov 1996, Sean Roach wrote:

> Sandy Sandfort wrote:
> ...
> >What you mean WE, white man?  ...

> At first I was afraid to comment, as I have been more than vocal in the last
> 24 hours, but then I decided that I thought this important enough to bring up.
> This was the first time on this list that I noticed such an obvious
> reference to race,...

And this, my friends, is a perfect example of the goofy results
of the doctrine of Political Correctness.  My comment was not a 
reference to race, but rather an allusion to an old joke, to wit:

		The Lone Ranger and his faithful side-kick,
		Tonto, are trapped in a box canyon by an 
		attaching war party of Apache Indians.  
		The Lone Ranger, sensing defeat, says, "Well 
		Tonto, it looks like we are doomed."
	
		To which Tonto replies, "What you mean WE,
		white man?"

(For the record, I'm mostly Caucasian.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From whgiii at amaranth.com  Fri Nov  8 09:30:29 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Fri, 8 Nov 1996 09:30:29 -0800 (PST)
Subject: Is there a Win PGP?
In-Reply-To: <Pine.OSF.3.90.961107161755.5877A-100000@olympus.mta.ca>
Message-ID: <199611081843.MAA07431@mailhub.amaranth.com>


In <Pine.OSF.3.90.961107161755.5877A-100000 at olympus.mta.ca>, on 11/07/96 at 05:06 PM,
   "Michael C Taylor (CSD)" <mctaylor at olympus.mta.ca> said:

>PGP Inc. (http://www.pgp.com/) is now marketing Viacrypt PGP.
> There are two packages, Viacrypt PGP Personal Edition which is PGP, like we  all
>know and love. PE also is available as DOS, MS-Windows, Mac, and UNIX. So  Viacrypt
>PGP/PE for DOS should feel similar if not identical to MIT's PGP,  though I haven't
>tested it yet.
> You could license IDEA single-license and license RSAREF for commerical  usage
>(http://www.consensus.com/ or JonathanZ at consensus.com), but why  bother?

Well their are several reasons I myself would rather use the "free" version in a commercial enviromet:

1. Source code is not available for the ViaCrypt version.

2. No OS/2 version

3. I really don't like the Windows GUI that ViaCrypt has developed. (I am biased by the fact that I have written my own <G>).

On # 1 this is a problem for those that like to have the source code and compile the program themselfs and without the source code one is unable to run it on an unsupported platform (see #2)

On #2 this is a bussiness dicision made by ViaCrypt. I'll leave it at that. (no sense starting an OS war).

On #3 this again is just a personal preference issue and would not rate it as a big factor.

I am corresponding with PGP Inc. on the legal issues of using the "free-ware" version in a commercial enviroment.


--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: "Luke!  I'm your father!"  Bill Gates, 1980






From rah at shipwright.com  Fri Nov  8 09:41:08 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 8 Nov 1996 09:41:08 -0800 (PST)
Subject: Rush disses anonymity
Message-ID: <v03007800aea91c1473f2@[206.119.69.46]>


I'm sitting here listening to Rush, and he's talking about Pierre
Salanger's recent "discovery" ;-) of the anonymously posted friendly-fire
TWA800 internet message of a few months back.

In the process of discounting the story, and praising FBI pal Kalstrom, he
bemoans the anonymity of the net, calling it a "nest of kooks", (mixed in
with all the other "right thinking people", of course...).

Given this, and, of course, our own fun and games with anonymous, er,
slander, on this list, I'm frequently tempted to agree with him. After all,
if someone says something wrong about you, how do find them and punish
them? How do you know what the truth is, unless you know who said it?
(What? An appeal to authority? Moi? I'm *shocked* you would assert such a
thing...)

Until, of course, I remember that anonymity is unpreventable, and, frankly,
economically necessary for true internet commerce.

Remember what agrarianism did to try to stop industrialism (up to, and
including, socialism <he said, trolling for leftists>), and expect the
worst, folks.


Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From Tunny at inference.com  Fri Nov  8 09:42:53 1996
From: Tunny at inference.com (James A. Tunnicliffe)
Date: Fri, 8 Nov 1996 09:42:53 -0800 (PST)
Subject: Validating a program
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961108174143Z-1436@landru.novato.inference2.com>



>Adam Shostack <adam at homeport.org> wrote (regarding PGP's security):
>>	In short, if you're paranoid, feel free to look over the
>>source.  But the fact that most people have never peeked under the
>>hood is not a strike against pgp at all.

Ed replies:
>Maybe you missed my point, or I miss-communicated.  My question is as
>follows:  If PGP and DES are as secure as thought to be, then why is it
>not ruled illegal software, just as they do with silencers, narcotics,
>certain type weapons, etc.....    My opinion is "NOT  A PARANOID VIEW, BUT
>RATHER A REALITY".   I find it impossible that software that could be a
>National Security Threat, being shared by the masses!    I believe
>either people are nieve, or ignorant of the capability of the NSA.    If
>there are "back-doors to the algorithms, you can bet your life you and no
>one else will find out.     The conceivability that encryption on the Net
>is safe, is ludicrous!
>
>Just my thoughts, and not paranoia.
>
>
>Ed

Why does it follow that these must be crackable, or the government would
have outlawed them? Despite recent moves to limit encryption, there are
currently NO domestic (U.S.) restrictions on crypto.  Nothing prohibits
you from using a true One Time Pad, which is mathematically proven to be
unbreakable, now and forever, even against infinite resources.  If this
is not prohibited (and it isn't), doesn't that refute your argument?
You may find it impossible that the masses are allowed to use truly
unbreakable crypto, but it's true -- for the time being, anyway.

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny at Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================






From ph at netcom.com  Fri Nov  8 09:51:11 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 09:51:11 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b11aea9198ebda1@[192.0.2.1]>


At 11:29 AM 11/8/1996, Jeremiah A Blatz wrote:
> Peter's point: If everyone in the US wants a ban on strong crypto,
> excepth the people on this list and the million-odd terrorists who are
> using strong crypto to murder, rape, pillage, etc., then strong crypto
> will be banned.

Yes, you've mostly got it.  I would quibble a little bit - if any of
the real bad things happens (id est, Assassination Politics) even many
of the members of this list will be calling for GAK.

> Furthermore, terrorrim and etc do not depend upon secure
> communications to work. People tend to be able to talk face-to-face in
> isolated environs, this is just as effective as a good public-key
> cryptosystem. Crypto won't suddenly protect the types of people who
> are professional killers/terrorists from scrutiny. It meerly would
> allow them to communicate securely over distances of more than 10
> feet. This, IMO, is not much of a win for them.

Face-to-face communications in isolated environs does not a cryptoanarchy
make.

> So, you're right. Given the proper conditions, strong crypto could
> probably be mostly stopped. However, these conditions are quite
> unlikely to arise.

I agree that they are unlikely to arise.  But, this raises a sticky
point for the GAKers - what's all the hurry?  Why don't we work with
the technology for awhile and see what develops before scurrying off
to outlaw it?

Here's what they cannot say: "We want to ban cryptography now because
it won't be that bad and people will want to use it."  Maybe that's
part of the classified debriefing that the Star Chamber gets to see.

Outlawing cryptography has some obvious problems.  It is expensive.
It impedes activities which are nearly universally seen as positive,
such as net commerce.  Combined with the increasing capability for
mass surveillance and computer assisted population management, it
has Orwellian implications.  Outlawing cryptography - at this time -
has a high political cost because there is so little justification
for it.  That means indecisive judges, indecisive politicians,
and an increasingly vocal pro-crypto movement.

Peter Hendrickson
ph at netcom.com







From tcmay at got.net  Fri Nov  8 09:52:57 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 8 Nov 1996 09:52:57 -0800 (PST)
Subject: Excusing Judges for Knowing Too Much
In-Reply-To: <199611081320.IAA35308@osceola.gate.net>
Message-ID: <v03007801aea9223364b4@[207.167.93.63]>


At 8:20 AM -0500 11/8/96, Jim Ray wrote:

>been decided and appealed, because of this very possibility. I am already
>concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt
>to argue that "cypherpunk terrorists have been secretly trying to subtly
>influence Kozinski's thinking, and that therefore he should be removed from
>the case in favor of some judge who has no clue whatsoever about the 'Net,
>encryption, anonymous remailers, etc." [I am sure the argument wouldn't be
>put quite that way <g> but that's what the U.S. Attorney would mean.] There
>is now a judge with some idea of these issues who will IMNSHO probably be
>fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

A valid fear, given the times we live in.

If jurors can be dismissed for knowing "too much" about the O,J.
case--knowing how to _read_ ensures this--then we are probably
fast-approaching the point where judges are recused (or whatever the word
is) from hearing cases where they've had any education whatsover on.

(An exaggeration, of course.)

In any case, I don't think trying to influence the thinking of one of the
thousands of local judges is an efficient use of our time. Jim may enjoy
it, which is fine, but this is why I never took even a millisecond to write
a special essay for Judge Kozinski.

I place more faith in seeing the fundamental ground truth changed, via
technology.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ph at netcom.com  Fri Nov  8 10:19:17 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 10:19:17 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b15aea927b911d3@[192.0.2.1]>


At 5:53 AM 11/8/1996, Douglas B. Renner wrote:
>[snip]
>> The key here is that in these cases the practice has become widely
>> accepted.  By widely accepted, I mean that very significant numbers of
>> people believe that there is nothing all that wrong with the practice.
>> Those who disagree do not feel it is worth the trouble to put a stop
>> to it.
>[snip]

> While this might be the case, I don't believe it is "key".

> Also, I'm not sure why you used this as a counterpoint.  Are you saying
> that there are not a significant number of people who think there is
> nothing wrong with sending truly private messages?  I would disagree
> with such an assertion based on my own converastions with crypto-ignorant
> aquaintances.  Most people either trust the gov't implicitly or haven't
> thought about it or (erroneously) consider it irrelevant - but deep down
> they definitely value their privacy.

They also definitely value their safety.  Sure, right now there are
lots of people who think strong cryptography is a good idea.  If
the Four Horsemen scenario is correct, that will change very quickly.

The reason I used this as a counterpoint is that the premise of
my discussion is that it would be possible - maybe even easy -
to suppress the use of non-GAKed cryptography were it unpopular.

A commonly shared belief among GAKers and Cypherpunks is that strong
cryptography is a magic bullet.  It isn't.  If it's not obviously
a disaster, strong cryptography will be widely used.  But if it
is a disaster and requires GAK, that's a policy option we will always
have.

Peter Hendrickson
ph at netcom.com







From jimbell at pacifier.com  Fri Nov  8 11:35:34 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 8 Nov 1996 11:35:34 -0800 (PST)
Subject: Clinton
Message-ID: <199611081935.LAA25374@mail.pacifier.com>


Someone asked,

>>How the result of the election will affect crypto etc.?

Jim Bell
jimbell at pacifier.com





From jimbell at pacifier.com  Fri Nov  8 11:37:21 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 8 Nov 1996 11:37:21 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611081935.LAA25361@mail.pacifier.com>


At 02:46 PM 11/8/96 +0100, Matts Kallioniemi wrote:
>At 17:12 1996-11-07 -0800, jim bell wrote:
>>Simple analogy:  Suppose you put two people into a room with a deck of 
>>playing cards and a table, instructing "Person A" to build a house-of-cards, 
>>and telling "Person B" to stop him from achieving his goal.  Who do you 
>>think will win?  Obviously, the latter will win:  It's vastly easier to 
>>knock such a structure down than to build it in the first place,  and all 
>>"Person B" has to do is occasionally take a whack at the structure. 
>
>What if Person A is better armed? Could that change the outcome?

Well, okay, I sorta assumed a non-violent scenario.  But adding that as a 
possibility actually strengthens the argument:  Generally, it's easier to 
stop somebody doing something out in the open, than to do it.  It's easier 
to knock down a house of cards than to build it up.  But it's also easier to 
shoot the person doing the knocking down, etc.

On the other hand, it's easier to DO something...if it can be done in 
secret.  And it's harder to keep somebody from doing something, if that 
something can be kept secret.  That's why it's so important that good 
cryptography remain legal.



 

Jim Bell
jimbell at pacifier.com





From tcmay at got.net  Fri Nov  8 11:39:04 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 8 Nov 1996 11:39:04 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b11aea9198ebda1@[192.0.2.1]>
Message-ID: <v03007803aea93bec7016@[207.167.93.63]>


At 9:50 AM -0800 11/8/96, Peter Hendrickson wrote:
>At 11:29 AM 11/8/1996, Jeremiah A Blatz wrote:

>> Furthermore, terrorrim and etc do not depend upon secure
>> communications to work. People tend to be able to talk face-to-face in
>> isolated environs, this is just as effective as a good public-key
>> cryptosystem. Crypto won't suddenly protect the types of people who
>> are professional killers/terrorists from scrutiny. It meerly would
>> allow them to communicate securely over distances of more than 10
>> feet. This, IMO, is not much of a win for them.
>
>Face-to-face communications in isolated environs does not a cryptoanarchy
>make.

Yes, but you're the one talking about bombings, mass killings, Sarin gas
attacks, and other such examples of "terrorism." You cite the presence of
these things as why the Constitution will effectively be suspended and why
neighbors will cheerfully conduct vigilante raids on their suspected
terrorists.

Crypto anarchy is not the same thing as terrorism. Calling terrorism
"crypto anarchy" does not make it so.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From whgiii at amaranth.com  Fri Nov  8 11:39:34 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Fri, 8 Nov 1996 11:39:34 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <3.0b36.32.19961108144638.00a11c90@cyberpass.net>
Message-ID: <199611082052.OAA08960@mailhub.amaranth.com>


In <3.0b36.32.19961108144638.00a11c90 at cyberpass.net>, on 11/08/96 at 02:46 PM,
   Matts Kallioniemi <matts at cyberpass.net> said:

>At 17:12 1996-11-07 -0800, jim bell wrote:
>>Simple analogy:  Suppose you put two people into a room with a deck of 
>>playing cards and a table, instructing "Person A" to build a house-of-cards, 
>>and telling "Person B" to stop him from achieving his goal.  Who do you 
>>think will win?  Obviously, the latter will win:  It's vastly easier to 
>>knock such a structure down than to build it in the first place,  and all 
>>"Person B" has to do is occasionally take a whack at the structure. 

>What if Person A is better armed? Could that change the outcome?

Well this takes you into the field of Game Theory which many books & papers have been writen on. :)

A close look at the cold war, deteriants, arm races, SALT treaties, ...ect. should give you some real world examples of how such mechanisims work.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: I don't do Windows, but OS/2 does.






From tcmay at got.net  Fri Nov  8 11:51:10 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 8 Nov 1996 11:51:10 -0800 (PST)
Subject: "Nightmare on Crypto Street--the Return of Sun Devil"
In-Reply-To: <v02140b04aea905f722f8@[192.0.2.1]>
Message-ID: <v03007802aea93092c562@[207.167.93.63]>



As I said in my "Nightmare on Crypto Street" piece, it seems that Peter
counters every one of our counterarguments with some variant of "won't
matter--they'll have a dozen agents and 20 MIT graduates looking for
evidence." Or, "won't matter, the Bill of Rights will be suspended for the
duration of the Emergency." Well, it's hard to argue with such points.

On a few plausibility points, or on technical points (as with the meaning
of "noise," for example), there's still a basis for a debate.

At 9:02 AM -0800 11/8/96, Peter Hendrickson wrote:

>Where will you keep your secret key?  Remember, when they go through your
>house they bring 20 young graduates from MIT who are just dying to show
>how clever they are and save the world at the same time.

Unlikely they'll be able to find or marshall 20 MIT grads. Didn't happen
when they raided Steve Jackson Games as part of Operation Sun Devil and
hauled away all of his equipment. It probably _did_ happen with the raid on
the Unabomber's cabin, except probably the numbers of MIT grads were fewer
and their specialties were in other areas.

Where do you keep your secret key? On your disk. However, one's PGP
_passphrase_ is what is really important (though both are important).
Without the passphrase, the secret key is worthless. Now of course some
people write down their passphrases on Post-It notes, etc., and certainly
keystroke capture programs may be running (inadvertently, deliberately, or
even via previous blackbag job plants, as many of us have noted over the
years). However, a properly memorized passphrase, of sufficient length and
entropy to make exhaustive search impractical, and proper "crypto hygiene"
will go a long way toward making such raids ineffective.

And there are several reports of such raids turning up PGP-encrypted files
which the cops and investigators have been unable to crack. PRZ speaks of
being asked to help, and some others here on this list have mentioned
similar situations. The Church of Scientology has been seeking "PGP
experts" to help them read some files they believe may help them get
someone punished. Basically, without the passphrase, not much can be done.

(I expect the "crypto hygiene" issue to get better, not worse. It is likely
that "crypto dongles" and PDAs will soon drop in price enough such that one
can store one's private key on a dongle, smartcard, or PDA and enter the
passphrase with a keypad built in...this dramatically cuts the risk that a
keystroke capture program is being run, or that a TEMPEST van is trying to
capture the keystrokes (LCD and low-power CMOS circuitry don't generate a
helluva lot of Van Eck radiation :-} .)

And there are the familiar low-tech versions of protecting some keying
material, such as "rat lines" into neighboring apartments. A few years ago
we talked about how hacker-friendly buildings could easily be wired up with
fibers and LANs such that files and key material were scattered in multiple
sites, with various "dead man switches" to shut off access should a raid
occur. Search warrants would of course be problematic (and the Bill of
Rights frowns on blanket searches for, say, 40 apartments on the suspicion
that a needed file may be on the hard disk of a machine in one of the 40
apartments).

Finally, on this point, "perfect forward secrecy" is possible with several
crypto protocols (notably, Diffie-Hellman). There is no stored keying
material left behind. Adapting this approach for other uses is likely to be
more popular in the future. (I certainly agree that text versions of "How
to Make Sarin" are always going to be incriminating in a legal case, but
crypto is not the main issue.)

>> This is the essence of steganography and the nature of signal and noise are
>> fundemental principles of information theory.
>
>The concept of noise is not all that well defined, however.  There is no
>way to look at a signal and say "this is all noise."  Sometimes physical
>theories may lead you to believe that it is all noise.  That is fine
>for many applications, but when becomes less convinced of things if
>the consequences are severe.

Actually, you've got it turned around. What is really hard to do, and what
is needed by a prosecutor seeking to prove a case, is to prove "this is
*not* noise."

As we've talked about for several years, storing and sending lots of noise
is a Good Thing. "Yes, FBI Agent Mulder, that is a noise packet I sent."

The claim that people will be thrown in prison for storing
apparently-random noise on their disks, or even sending it in their
writings, is ludicrous. Not so long as the Bill of Rights stands. Given the
"Nightmare on Crypto Street" scenario of mass pogroms and suspension of the
Constitution, maybe not. But I find this scenario implausible and not
really worth worrying about overmuch.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From llurch at networking.stanford.edu  Fri Nov  8 11:51:44 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Fri, 8 Nov 1996 11:51:44 -0800 (PST)
Subject: Exon Countdown Clock and farewell messages
Message-ID: <Pine.GUL.3.95.961108095639.16215C-100000@Networking.Stanford.EDU>


Some of you might find this amusing.

-rich

---------- Forwarded message ----------
Date: Wed, 6 Nov 96 00:40 EST
From: Michael Page - Fade to Black <mpage at fadetoblack.com>
To: mpage at fadetoblack.com
Subject: Fade to Black Update

The Fade to Black Pages have been updated.


This week we started the official Senator Exon Countdown Clock. (Days till
retirement on Jan 3 1997). We also made it available for you to submit your
own personal message to the Senator.
All the messages will be delivered via certified Fed-X on his last days in
office. Now you to can send a personal greeting to the Senator allowing him
to know how much you appreciated all he has attempted to do for the Internet.
We would attempt to send it via a Email, but the respected Senator does not
have Email. (The Irony).
http://www.fadetoblack.com/exon/

----------------------------------------------------------------------------
------------

If you encounter any problems with the pages feel free to drop us a line.
f2b at fadetoblack.com
----------------------------------------------------------------------------
------------
Thank you again for your support


Michael Page
Editor Fade to Black
http://www.fadetoblack.com
mpage at fadetoblack.com







From jimbell at pacifier.com  Fri Nov  8 11:51:59 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 8 Nov 1996 11:51:59 -0800 (PST)
Subject: RICO - (Was: Group order for Secret Power)
Message-ID: <199611081840.KAA21193@mail.pacifier.com>


At 03:13 AM 11/8/96 -0500, Black Unicorn wrote:
>On Thu, 7 Nov 1996, jim bell wrote:

>> But the odd thing is, the one entity we can't seem to attack using RICO is 
>> the Federal government, and probably most other governments levels.  Looked 
>> at purely objectively, it should be easy to demonstrate that the Federal 
>> government (and its representatives) have engaged in plenty of crime as a 
>> pattern of activity, and certainly enough to rise to the level of the 
>> standards of RICO. (It takes only a few instances of such crime satisfy the 
>> standards of RICO.)
>
>Incorrect.  Employees of the Federal Government can be, and have been,
>prosecuted under RICO.  Many political corruption cases involve some RICO
>aspects.  This should make Mr. Bell a big fan of the statute, unless he
>just likes the flash of murdering officials instead.

No, I meant the ENTIRE government  Not just individual government officials. 
 Remember, RICO is _supposed_ to apply to any organization with a pattern of 
criminal activity, and has been used (in fact, probably mostly used) against 
organizations where many of the members are "merely" employees, quite 
analogous to the Federal government.  If RICO applies to anything, it should 
apply to the Feds, and that means conviction of the entire organization if 
it or its employees have a pattern of illegal activity.   Since RICO only 
requires a relatively tiny number of criminal acts to meet its standards, it 
should not be difficult to show enough criminality.



Jim Bell
jimbell at pacifier.com





From unicorn at schloss.li  Fri Nov  8 11:52:06 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Fri, 8 Nov 1996 11:52:06 -0800 (PST)
Subject: RICO - (Was: Group order for Secret Power)
In-Reply-To: <199611081840.KAA21193@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961108134111.24080C-100000@polaris>


On Fri, 8 Nov 1996, jim bell wrote:

> At 03:13 AM 11/8/96 -0500, Black Unicorn wrote:
> >On Thu, 7 Nov 1996, jim bell wrote:
> 
> >> But the odd thing is, the one entity we can't seem to attack using RICO is 
> >> the Federal government, and probably most other governments levels.  Looked 
> >> at purely objectively, it should be easy to demonstrate that the Federal 
> >> government (and its representatives) have engaged in plenty of crime as a 
> >> pattern of activity, and certainly enough to rise to the level of the 
> >> standards of RICO. (It takes only a few instances of such crime satisfy the 
> >> standards of RICO.)
> >
> >Incorrect.  Employees of the Federal Government can be, and have been,
> >prosecuted under RICO.  Many political corruption cases involve some RICO
> >aspects.  This should make Mr. Bell a big fan of the statute, unless he
> >just likes the flash of murdering officials instead.
> 
> No, I meant the ENTIRE government  Not just individual government officials. 
>  Remember, RICO is _supposed_ to apply to any organization with a pattern of 
> criminal activity, and has been used (in fact, probably mostly used) against 
> organizations where many of the members are "merely" employees, quite 
> analogous to the Federal government.  If RICO applies to anything, it should 
> apply to the Feds, and that means conviction of the entire organization if 
> it or its employees have a pattern of illegal activity.   Since RICO only 
> requires a relatively tiny number of criminal acts to meet its standards, it 
> should not be difficult to show enough criminality.

Read the statute again.  An entire corporation is not seized even if the
CEO, CFO, and Board are all convicted on RICO charges.

Bah, why do I bother even trying with you anymore?  It's clear you're
beyond help or hope.

> 
> 
> 
> Jim Bell
> jimbell at pacifier.com
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From jimbell at pacifier.com  Fri Nov  8 11:52:09 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 8 Nov 1996 11:52:09 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611081840.KAA21181@mail.pacifier.com>


At 09:44 PM 11/7/96 -0800, Timothy C. May wrote:
>At 5:12 PM -0800 11/7/96, jim bell wrote:
>>accessible to the common man?  Suppose, say, the approval of one million
>>citizens was the only thing necessary to have an assassination legally
>>accomplished?   Or, more likely in practice, the vote of a million citizens
>>was interpreted as a kind of terminal veto over that particular politician
>>or government employee, who would have to resign or face the (lethal)
>>consquences!  In that case, assassinations wouldn't be seen as bad, they'd
>>be the natural consequence of a politician who overstays his welcome and
>>ignores numerous warnings.
>
>Nothing in any version of AP I have seen makes any stipulation that the
>payment is "one person, one vote."

That's because my hypothetical was intended to reflect a very non-AP 
situation, although maintaining the assassination/resignation angle.  The 
issue was whether people would see political assassination as being 
desirable or undesirable.  Conventional wisdom is that it's undesirable.  On 
the contrary, I speculated that to a great extent, the desirability of it 
depends somewhat on who is getting killed (or forced to resign) but also 
whether or not the average citizen has a say in selecting the target.*

Unlike AP, which seems (to a few people, at least; not me!) to have a 
problem that "any" arbitrarily small number of people could buy a hit, the 
hypothetical alternative I presented at least requires a million people to 
agree.  If we assume there are 180 million adults in the US, for example, 
and assuming that the votes are limited to adults, letting 1 million people 
make such a decision is somewhat akin to giving 0.6% of the population veto 
power over the rest's attempts to manipulate (regulate, tax, etc) them.  
This isn't as good, in my opinion, as "pure" AP, but it would be far better 
than what we have now.  

I contend, but I can't prove, that if you give the ordinary citizen a say in 
the matter, and also if you ensure that the target always has the option of 
resignation, at that point this could turn into a very popular system that 
is seen as being the norm.  There would be little sympathy for politicians 
who resist; just as there is little sympathy now for a politician who, 
despite losing the election, barricades himself in his office and refuses to 
turn over power to the winner.  "It's just not done!"



*  A few years ago, I recall reading a study where test subjects were asking 
to individually perform some task requiring thought and concentration, but 
were exposed to loud irritating music.  One half of the subjects had no 
control over the music, the other half could turn it off if they wanted to.  
It turned out that merely having control over the music made people feel 
better about the situation, EVEN IF they _didn't_ choose to exercise that 
control by turning the music off!   If this effect worked in the political 
arena, the ability to bump off (or force to resign) an official would make 
people feel better about the government, even in situations where they 
didn't exercise this option.  This might make you think that nothing might 
happen, until you realize that the officialdom will have to adjust to the 
new reality as well, and they'll just have to (in this hypothetical) get 
used to the fact that one million people could bounce them out on their 
collective asses...or worse.

Jim Bell
jimbell at pacifier.com





From tcmay at got.net  Fri Nov  8 11:52:36 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 8 Nov 1996 11:52:36 -0800 (PST)
Subject: "Nightmare on Crypto Street, Part 1"
In-Reply-To: <v03007802aea86e3be000@[207.167.93.63]>
Message-ID: <v03007801aea92a0b3cd2@[207.167.93.63]>


At 11:29 AM -0500 11/8/96, Jeremiah A Blatz wrote:

>Peter's point: If everyone in the US wants a ban on strong crypto,
>excepth the people on this list and the million-odd terrorists who are
>using strong crypto to murder, rape, pillage, etc., then strong crypto
>will be banned.

Yes, I think this captures the essence of Peter's straw man argument. While
it's triggered a welcome change of discussion, from Vulis and such to a
more interesting discussion of crypto anarchy and possible restrictions on
crypto, and many of us have commented, I think the premises are weak.

I also summarize Peter's set up much as you did:

"Suppose the Four Horsemen ride in. Suppose planes are being shot down,
buildings in every city are being blown up, people are being killed left
and right by crypto-hired-killers, Sarin gas is wafting through the
subways, and cats are afraid to go out at night. People will get out their
pitchforks and break in the doors of their neighbors in search of the
demonic crypto tools of Satan. (There's even a cracking tool _named_ Satan,
so this proves the programmers need to be purified by holy fire!) The Bill
of Rights will be suspennded, cops will raid homes, the military will be on
the street corners, the Internet will be shut down, the government will be
replaced by a Military-Religious Complex, and thought criminals will be
rounded up and shot. The people will say, "Thank you" and will live happily
ever after."

And whenever any of us raised issues of Constitutionality of the measures
Peter was predicting, such as random searches, conviction based on
possession of an illegal tool, forced escrow, etc., it seemed that Peter's
response was usually some variant of:

"Won't matter. The people will demand action."

Well, given a frightening enough scenario, a pogrom or purge or witch hunt
is certainly possible, and in some countries such things have happened. The
Cultural Revolution, the Islamic Revolution(s), and the extermination of a
million Hutus (or Tutsis) by rival Tutsis (or Hutus) being only the most
recent examples.

But I think this "nightmare scenario" is implausible. Even a milder form,
such as a serious Sarin gas attack which kills, say, 1,000, and in which it
is discovered that the plotters used PGP to arrange things, is unlikely to
provoke a suspension of the Constitution and random searches. To be sure,
there would likely be _some_ violations of rights, some random searches,
some overreaching by authorities, etc. But as folks were rounded up, a la
Richard Jewell, and then found to have no connection to the Sarin
terrorists, despite having PGP on their machines!, then the hysteria will
fade.

And the civil rights lawyers will be out in full force, pointing out that
random searches are explicity and clearly prohibited by the Fourth
Amendment, and that the First Amendment is equally explicit and clear that
forms of speech may not be dictated. When the first 1000 random searches of
Internet users turn up only some neutral messages, albeit encrypted with
PGP in transmission, and maybe a few R-rated JPEGs of Pamela Anderson, and
the courts and DAs are faced with what charges to file and how to process
these "perps," the enthusiasm for random searches will fade further.

And the points many of us have been making about digital commerce, the
central role of the Net in so many things, and the international
connections, mean that a pogrom launched against the Net just isn't going
to fly. Too many corporate interests are at stake.

(Even the Taliban in Kabul are finding that their purge of women from the
working ranks is disastrous, as there just aren't enough survivng men to
staff the hospitals, schools, and administrative functions....)

The "Nightmare on Crypto Street, Part 1" scenario might make for an
interesting crypto-apocalyptic screenplay, though. I vote for John Travolta
playing me and Professor Irwin Corey playing Dr. Vulis. Got to find some
good female roles, though. Not easy with this topic.

--Tim May




"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ph at netcom.com  Fri Nov  8 11:52:57 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 11:52:57 -0800 (PST)
Subject: Excusing Judges for Knowing Too Much
Message-ID: <v02140b16aea92ba9feaf@[192.0.2.1]>


At 9:54 AM 11/8/1996, Timothy C. May wrote:
>At 8:20 AM -0500 11/8/96, Jim Ray wrote:
>> been decided and appealed, because of this very possibility. I am already
>> concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt
>> to argue that "cypherpunk terrorists have been secretly trying to subtly
>> influence Kozinski's thinking, and that therefore he should be removed from
>> the case in favor of some judge who has no clue whatsoever about the 'Net,
>> encryption, anonymous remailers, etc." [I am sure the argument wouldn't be
>> put quite that way <g> but that's what the U.S. Attorney would mean.] There
>> is now a judge with some idea of these issues who will IMNSHO probably be
>> fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

> A valid fear, given the times we live in.

> If jurors can be dismissed for knowing "too much" about the O,J.
> case--knowing how to _read_ ensures this--then we are probably
> fast-approaching the point where judges are recused (or whatever the word
> is) from hearing cases where they've had any education whatsover on.

> (An exaggeration, of course.)

This issue has been discussed recently by a prominent author.

  "The men who murdered Virginia's [The city in Nevada. -- ph] original
twenty-six cemetary occupants were never punished.  Why?  Because
Alfred the Great, when he invented trial by jury, and knew that he
had admirably framed it to secure justice in his age of the world,
was not aware that in the nineteenth century the condition of things
would be so entirely changed that unless he rose from the grave and
altered the jury plan to meet the emergency, it would prove the most
ingenious and infallible agency for {\it defeating} justice that
human wisdom could contrive.  For how could he imagine that we
simpletons would go on using his jury plan after circumstances had
stripped it of its usefulness, any more than he could imagine that
we would go no using his candle clock after we had invented
chronometers?  In his day news could not travel fast, and hence he
could easily find a jury of honest, intelligent men who had not
heard of the case they were called to try - but in our day
of telegraph and newspapers his plan compels us to swear in juries
composed of fools and rascals, because the system rigidly excludes
honest men and men of brains.
  "I remember one of those sorrowful farces, in Virginia, which we
call a jury trial.  A noted desperado killed Mr. B, a good citizen,
in the most wanton an cold-blooded way.  Of course the papers were
full of it, and all men capable of reading read about it.  And of
course all men not deaf and dumb an idiotic talked about it.  A jury
list was made out, and Mrs. B. L., a prominent banker and a valued
citizen, was questioned precisely as he would have been questioned
in any court in America:
  "`Have you heard of this homicide?'
  "`Yes.'
  "`Have you held conversations on the subject?'
  "`Yes.'
  "`Have you formed or expressed opinions about it?'
  "`Yes.'
  "`Have you read newspaper accounts of it?'
  "`Yes.'
  "`We do not want you.'
  "A minister, intelligent, esteemed, and greatly respected; a merchant
of high character and known probity; a mining superintendent of
intelligence and unblemished reputation; a quartz-mill owner of excellent
standing, were all questioned in the same way, and all set aside.  Each
said the public talk and the newspaper reports had not so biased his
mind but that sworn testimony would overthrow his previously formed
opinions and enable him to render a verdict withou;t prejudice and in
accordance with the facts.  But of course such men could not be trusted
with the case.  Ignoramuses alone could mete out unsullied justice.
  "When the peremptory challenges were all exhausted, a jury of twelve
men was empaneled - a jury who swore they had neither heard, read,
talked about, nor expressed an opinion concerning a murder which the
very cattle in the corrals, the Indians in the sagebrush, and the stones
in the streets were cognizant of!  It was a jury composed of two
desperadoes, two low beerhouse politicians, three barkeepers, two
ranchers who could not read, and three dull, stupid, human donkeys!
It actually came out afterward that one of these latter thought that
incest and arson were the same thing.
  "The verdict rendered by this jury was, Not Guilty.  What else could
one expect?
  "The jury system puts a ban upon intelligence and honest, and a
premium upon ignorance, stupidity, and perjury.  It is a shame that
we must continue to use a worthless system because it was good a
{/it thousand} years ago.  In this age, when a gentleman of high
social standing, intelligence, and probity swears that the testimony
given under solmen oath will outweigh, with him, street talk and
newspaper reports based on mere hearsay, he is worth a hundred
jurymen who will swear to their own ignorance and stupidity, and
justice would be far safer in his hands than theirs.  Why could not
the jury law be so altered as to give men of brains and honesty an
equal chance with fools and miscreants?  Is it right to show the
present favoritism to one class of men and inflict a disability
on another, in a land whose boast is that all its citizens are
free and equal?  I am a candidate for the legislature.  I desire
to tamper with the jury law.  I wish to so alter it as to put a
premium on intelligence and character, and close the jury box against
idiots, blacklegs, and people who do not read newspapers.  But no
doubt I shall be defeated - every effort I make to save the country
`misses fire.'"

>From "Roughing It" by Mark Twain, Chapter XLVIII.

Peter Hendrickson
ph at netcom.com







From whgiii at amaranth.com  Fri Nov  8 11:55:39 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Fri, 8 Nov 1996 11:55:39 -0800 (PST)
Subject: Leagal Deffinition of Encryption?
Message-ID: <199611082108.PAA09126@mailhub.amaranth.com>


Is there any law(s) that actully define encryption?

At it's very basics encryption is taking a group of 1's & 0's converting them into a different group of 1's & 0's and providing a mecanisim to change them back to the original group of 1's & 0's.

>From a legal standpoitnt how is PGP any different than PKZIP? How does the law make a diference between an "encryption" program and a "compression" program other than the fact that the encryption program is advertized as encryption and the compression program is advertized as compression?

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: Rumour: NT means Not Tested






From unicorn at schloss.li  Fri Nov  8 11:57:45 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Fri, 8 Nov 1996 11:57:45 -0800 (PST)
Subject: exclusion/censorship and the law
In-Reply-To: <3.0b28.32.19961107195807.0073290c@mail.io.com>
Message-ID: <Pine.SUN.3.94.961108145449.24080E-100000@polaris>


On Thu, 7 Nov 1996, Greg Broiles wrote:

> So my impression is that you've got the tail end of a useful concept
> (ability to control is frequently a factor used to determine liability) but
> are making far too much out of it. One really big difference I see here is
> that editorial control of the Cpunks list has occurred once (in 4? 5? years
> of the list's existence), is on a per-person not a per-message basis, and
> *does not function to restrict who can send messages but only limits Vulis'
> ability to _receive_ them on his usual system(s)*.

I usually dislike "me too" messages, but in the case of legal discussion,
I think they can be useful.  Having said that:

I concur.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From crypto at nas.edu  Fri Nov  8 12:18:23 1996
From: crypto at nas.edu (CRYPTO)
Date: Fri, 8 Nov 1996 12:18:23 -0800 (PST)
Subject: The final version of the NRC crypto report is now...
Message-ID: <9610088474.AA847494957@nas.edu>


Subject:
Re: The final version of the NRC crypto report is now available!
  The Computer Science and Telecommunications Board (CSTB) of the National
  Research Council (NRC) is pleased to announce the availability of its
  cryptography policy study "Cryptography's Role in Securing the
  Information Society".  This report was originally released in
  pre-publication form on May 30, 1996.

  The final printed version of this report can be obtained from the
  National Academy Press, 1-800-624-6242 or Web site
  http://www.nap.edu/bookstore.  The pre-publication version and the final
  printed copy differ in that the printed copy contains an index and many
  source documents relevant to the crypto policy debate; of course,
  editorial corrections have been made as well.

  An unoffical ASCII version of the prepublication report can be found at
  http://pwp.usa.pipeline.com/~jya/nrcindex.htm; the official NRC version
  should become available online in ASCII form in December.

  In addition, CSTB has been conducting briefings on this report at various
  sites
  around the country; if you would like to arrange a briefing in your area,
  please let us know (cstb at nas.edu, 202-334-2605).






From roach_s at alph.swosu.edu  Fri Nov  8 12:29:51 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Fri, 8 Nov 1996 12:29:51 -0800 (PST)
Subject: Blocking addresses by default
Message-ID: <199611082029.MAA07731@toad.com>


At 03:25 PM 11/7/96 -0500, you wrote:
>Mark M. wrote:
>> 
>> 
>> With remailer abuse becoming more popular and remailers going down
>> because of complaints, there seems to be some interest in remailer
>> software that will block all email by default and will only pass
>> along email that is explicitly unblocked.
>I think this threatens serious security problems for the remailer 
>network in two ways:
>
>1. You'd create a list of people interested in anonymous information,
>   which could potentially be obtained by police or other armed thugs.
>
However, those armed thugs would come up with a bunch of public keys with no
names attached.  These keys could be used to check that "person X's" e-mail
was h[er,is] own but never know who was attached to that signature.  Also,
complaints could use that signature to close down the account, so that
"person X" could no longer send.  Of course, this would not prevent that
individual from resubscribing, (what would, if you figure that out, apply it
to Dr. Vulis), it would allow for the remailer to be used without the fear
of the government confiscating the names of the individuals.  The only thing
I can think of that I don't have a solution for, note this is just what I've
thought of, is the sting, where the government would take over the remailer
and let it continue to operate, but logging the return posts.
This could work simply for mailing lists, such as this one, where the sender
could verify that the message got there in person, and receive h[er,is]
responses straight from the same list.  For private mail, the person would
have to submit to being a part of a group of approximately 100 others, with
all of the posts put in a newsgroup which would be downloaded in mass.
Anyone watching for downloads would only see that the person was one of
one-hundred who might have made that post.  All of the posts could be
encrypted with the key in plaintext for easy filtering.  No need to attempt
to decipher everyone's mail just to see what was for you.  This would be
akin to stopping by a bullitan board in a hospital to find out what the test
results were.  Anyone could see that you were there, but they wouldn't even
know what type of test you were in for, be it a blood-sugar test, a chemical
analysis, an X-ray or veneral-desease test.  All they would be able to tell
was that you're patient number was on that wall somewhere.
Persons wanting more security could download the entire contents of several
newsgroups straight to the screen while they were going to the fridge for a
soda.  Akin to visiting several bulletin boards to cover which post you were at.
Granted, the second idea is less secure than the mailing list one, but could
be made to work.  In the hospital, you could send a friend in for the check,
on the net, you could have a daemon remail the newsgroups for you and then
self destruct.  You could always keep a copy of the daemon on your hard
drive, and use multiple telnet sites to do the job.






From ulmo at Q.Net  Fri Nov  8 12:33:06 1996
From: ulmo at Q.Net (Bradley Ward Allen)
Date: Fri, 8 Nov 1996 12:33:06 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b0eaea81512961e@[192.0.2.1]>
Message-ID: <3hlocce3ad.fsf@Q.Net>


-----BEGIN PGP SIGNED MESSAGE-----

> Throwing people in prison for life for using crypto is something that is
> certainly _possible_, though I rather doubt taxpayers will be keen on
> paying for this. [...]

What you say may only be true if the taxpayers see crypto the way many
innovative people see it today (i.e. intrinsicly useful, nearly
totally necessary).  Right now, I think that a lot of people don't
even know what cryptography is for; worse yet, I wonder how many
people currently are *afraid* to use cryptography for fear of being
marked odd, dangerous, etc.?

For example, many people I know refuse to implement PGP on their
systems to decode my emails to them, when the topics are confidential
in nature (although lightly to moderately so; I don't get highly
frizzled when I can't encrypt it, it just would seem appropriate *to*
encrypt it in these cases, not one of my "nearly totally necessary"
needs above).  They never pinpoint why.  It's one of those things
where I think they're afraid to admit to me that they are afraid to
use it, although I can't quite be sure at this time.  These tend to be
people who have some light to medium reasons to use it -- a law
student; a computer programmer who works arbitrating disputes at his
job; a business owner who administers quite a few programmers,
projects, and communications systems, as well as sales deals,
conspiring to steal work from people (that he knows or doesn't know)
and sell it, etc. (and uses scheduled recreational substances on the
side to a degree not unusual for his position) -- he even specifically
acknowledged that using encryption programs makes him fear that he is
opened up to litigation.

Anyway, regardless of their actual positions on usage of encryption
today, I think it's potential that not all of the people avoiding PGP
are of the "but it's too hard to use" variety.

So, just how many people would protest the persecution of users of
encryption, if such users are labeled, oh you know, evil this and evil
that (some of which may be true, much of which may be false):
 * Robber
 * Terrorist
 * Rapist
 * Kidnapper
?  Many people might not really want to risk the above, to guard in
favor of the below:
 * Laywer
 * Banker
 * Gay person
 * Person sueing someone else for something that someone else did
 * Various monetary transactions
 * Spaceless information collaboration (work, play, society, etc.)
 * Prostitutes & Drug Dealers

Well, ok, my image of what is legitimate probably is a bit blurred in
the view of others' minds ;) but the point goes to show just how
difficult it is to draw the line in such a way *TODAY* that the mass
populace will say "oh yeah we need crypto, government go to hell".

However, after a number of years (the amount of which is not simple to
determine but which many estimates can be made -- widespread SSL
availability, etc. etc.), if people become familiar with crypto and
its uses, or even if they are totally unfamiliar with it and use it
constantly and someone points out that its outlaw would disallow them
from some activity they personally regard dear (whatever that may be;
let me imagine: home shopping; talking to their lawyer; logging into
their ISP; doing their work at home; doing their international work at
all; whatever, the application of cryptography has been so limited
that often we forget how useful it is!  oh e.g., doing collaborative
work on their computer; merely using a special networked OS that may
be ubiquitous in the future), *then* these same people may be bent
more towards protesting government outlaw of crypto.

I'm not quite 100% sold that cryptoanarchy is inevitable, although I'm
certainly not convinced the other way either.  In any event, stopping
cryptography will be extremely difficult, since a lot of people who
really have no business fucking with the government like me will
suddenly come out of the woodwork to defend cryptography with a
vengeance because of the number of applications that we personally
find dear (my favorite: middle and lower class (and of all races,
etc. etc.) people having increased capabilities that only more monied
people could normally afford without as much cryptography, meaning
that everyone isn't as locked into their classes as would be without
widespread cryptography, meaning (hopefully) less discrimination &
strife, and more quality of life); just how that battle turns out may
be never be known (the most likely scenereo in my opinion, and one I
hope for).

[Above are opinions based on personal experiences; by posting I intend
to elicit responses and ultimate change, if appropriate.]

[P.S. where do I get PGP 2.7.* from?]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBMoOYvZxWhFYc6x9VAQEu2Qf9HJ1C0QzB4V8xg7hK6+RQHR86MDwV3D69
Ok2WzZVgVh5QWjvTr0r0L4zBmXjIf0gdjOUWfG/lzbdtBqEOuB5IWROuSOwlfirB
Sdw91UoqbwswoC82gQUvyyh2fiKt6TYaDYTLm10S+Sp28xS1pWTfCromKrInoVa2
MBB3MyZS+J8T/buV4FxzBZngenU3TF/Mt7EymzQXlYaARMA8OtUZ0e66Kf+smIy8
eiaPaBd8aq3OYd7H2OF14I4clqGGCUkqD+iDrpnrzvcEiTr69ypzbFqBbACkpGbf
1WtLOso8Uwx/5bFH+IAPwLerBkTAxfEeDQXq+QrXMqSfff2UyUZ5uw==
=hxpz
-----END PGP SIGNATURE-----





From ph at netcom.com  Fri Nov  8 12:52:20 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 12:52:20 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b18aea946ec6686@[192.0.2.1]>


At 11:39 AM 11/8/1996, Timothy C. May wrote:
>At 9:50 AM -0800 11/8/96, Peter Hendrickson wrote:
>>At 11:29 AM 11/8/1996, Jeremiah A Blatz wrote:
>>> Furthermore, terrorrim and etc do not depend upon secure
>>> communications to work. People tend to be able to talk face-to-face in
>>> isolated environs, this is just as effective as a good public-key
>>> cryptosystem. Crypto won't suddenly protect the types of people who
>>> are professional killers/terrorists from scrutiny. It meerly would
>>> allow them to communicate securely over distances of more than 10
>>> feet. This, IMO, is not much of a win for them.

>> Face-to-face communications in isolated environs does not a cryptoanarchy
>> make.

> Yes, but you're the one talking about bombings, mass killings, Sarin gas
> attacks, and other such examples of "terrorism." You cite the presence of
> these things as why the Constitution will effectively be suspended and why
> neighbors will cheerfully conduct vigilante raids on their suspected
> terrorists.

> Crypto anarchy is not the same thing as terrorism. Calling terrorism
> "crypto anarchy" does not make it so.

I could not agree with you more.

What I am working with is the hypothetical Four Horsemen scenario which
you have described above.  I am not endorsing that scenario.

If that were the outcome of cryptoanarchy, and some people think it will be,
would it be a manageable problem or would the technology just sort of get
away?  I believe it would be easily managed if there were broad public
support.  Jeremiah correctly pointed out that you don't need strong
cryptography to commit terrorist acts.  That just puts us where we
are today - not in a cryptoanarchy.

I don't think that strong cryptography helps terrorists much.  Let's
face it, biowarfare and sarin gas don't have anything to do with
cryptography, no matter how much the GAKers will try to show that
they do.  But, if I am wrong and for some reason the availability of
strong cryptography leads to these scenarios - as the GAKers say -
then there would be broad public support for the suppression of
strong cryptography.  This effort would be successful.  It would
not dramatically erode the structure of the Constitution or our
legal system in the short term.

The effect of strong cryptography and the Net is that it makes it
possible for people with common interests to find each other more
easily and to develop long distance relationships.  That's fine
when we are talking about scientists, mathematicians, or cypherpunks.
But, it also brings together people with less savory interests.
It's undesirable for serial killers to find each other and trade
notes on how to evade capture.  (I think this usually happens now
through the prison system.)

Strong cryptography makes it harder for governments to manage ideas
and relationships between people.  There are many implications of
this and I think they are almost entirely good.

The Constitution may not survive GAK in the long run.  If the world
were to stay in 1996 and we outlawed strong cryptography this would
not necessarily be the case.  But the world won't stay still.

Computer assisted population management technologies have been getting
more effective and cheaper all the time.  In the past it was hard to
give everybody unforgeable internal passports and ear tags.  In a GAKed
future that is unlikely to be the case.  Segments of the USG probably
have the doctrine worked out.

We've heard a lot about "the responsible use of cryptography" from
the GAKers.  In fact, it is highly irresponsible to propose GAK
at this time when there is no evidence whatsoever that it is needed.

These people may have moved beyond any concern with ideas such as
"responsibility."  Right now there is a tremendous opportunity to
the elites of the world to enslave everybody else.  Once you know
everywhere somebody goes, everything they read, and everybody they
talk about, you can manage their behavior quite effectively.  Only
a small number of people would be needed to tweak the "justice"
computers to punish indiscretions, such as meeting a cypherpunk
on the street.

Many people would be happy to enslave their fellow citizens if
it meant tremendous wealth, power, and prestige for themselves
and their children, possibly for a long time.

Peter Hendrickson
ph at netcom.com







From tien at well.com  Fri Nov  8 13:02:24 1996
From: tien at well.com (Lee Tien)
Date: Fri, 8 Nov 1996 13:02:24 -0800 (PST)
Subject: Kozinski's responses
Message-ID: <199611082101.NAA06292@mh1.well.com>


Here is my on what Judge Kozinski wrote:
>
> a.  You have anonymous snail-mail and telephone calls--why
> not e-mail?  The truth is, anonymous snail-mail and
> telephone calls are also an invasion of privacy, but there
> is not much we can do about them.  

1.      But do anonymous snail-mail or phone calls invade privacy?  Is an
anonymous phone call an invasion of privacy in a way that an ordinary phone
call is not?  Is anonymous snail-mail more invasive of privacy than
ordinary junk snail-mail?  Is it the anonymity that is objectionable?  Many
people object to spam even when they know who it's from.

It's certainly reasonable to define privacy as including an interest in
disattention or not being drawn into communication.  But isn't that
interest implicated every time someone calls you?  And not just when the
caller has ID blocking, or doesn't tell you who he or she is?  Normally,
when I make a phone call, I don't identify myself.  If I'm asked, who is
this, then we have a decision point.  Until I do, isn't the call anonymous?
 Once I do, it's not - any more - but it was until then.  

Put slightly differently, in daily life we interact with those we know
little about, and we learn more (usually) as the interaction unfolds. 
Interaction is sequential, involves turn-taking; trust is built, not
warranted at the outset.  So what is distinctly privacy-invasive in being
anonymous?  

>Someone asked whether I
> objected to getting anonymous snail mail if it was not
> threatening.  The answer is YES, just like getting an
> anonymous phone call is objectionable.  When the person who
> communicates with you insists on retaining anonymity, there
> is always an implicit threat--they know who you are, but you
> don't--you feel vulnerable, you doubt their motives, you
> have difficulty knowing whether to trust their
> representations.  Anonymous complaints against co-workers
> and supervisors was a standard way to get people into big
> trouble in Communist Romania when I was growing up.

The thrust of his comment seems to be (a) that when the caller is
anonymous, there is an imbalance:  you know less than the caller.  You
interact on an unequal footing.  This may well be, as he puts it,
"objectionable"; but the appeal is to some norm of informational
reciprocity, of fair disclosure.  What I don't get is how that is a
violation of *privacy.*    

Does "being named" dispel the objectionable quality of the interaction?   
Don't we often interact with people whom we hardly know?  It seems neither
necessary nor sufficient.  I can feel vulnerable, doubt motives, etc., even
when I know someone's name.  Isn't he really talking about reputation?  To
what extent does nymity (I just coined this as the opposite of anonymity)
matter?  Name may permit you to assess reputation later, but may be of
little use at the time.Is that a privacy issue?

Does Kozinski assume (b) that the anonymous are more dangerous, that
anonymity maps to unaccountability, and unaccountability maps to higher
likelihood of threat.  Even if that's true, is that a matter of privacy?  

2.      As for anonymous snail-mail, consider that an anonymous envelope
isn't necessarily an anonymous letter.  The anonymity is relative to what's
exposed.  Map that onto e-mail.  Isn't that equivalent to anonymizing the
header and encrypting the message itself?  That the header doesn't reveal
sender identity doesn't entail that the message is itself anonymous.  The
anonymity may merely be against third parties.  Kozinski himself says:

> 2.  I also agree that it should be possible to have mutually
> agreed-upon anonymity--i.e. I write to you and you write to
> me and we both know who we are, but nobody else does.  No
> problema--it's nobody else's business.
>

So from that POV, wouldn't a ban on anonymous remailers, to the extent that
they don't preclude nymity w/i the message body, reach too far?

Blatant self-promotion:  BTW, I recently published an article on anonymity
and the McIntyre case in the Oregon Law Review.  75 Or.L.Rev. 117 (1996).

Lee








From nobody at cypherpunks.ca  Fri Nov  8 13:05:35 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 8 Nov 1996 13:05:35 -0800 (PST)
Subject: Vulis on the remailers
Message-ID: <199611082058.MAA01697@abraham.cs.berkeley.edu>


Please, remailers, source block Vulis for a week.
Remailer Fan








From rcgraves at ix.netcom.com  Fri Nov  8 13:13:16 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Fri, 8 Nov 1996 13:13:16 -0800 (PST)
Subject: WebTV a "munition"
In-Reply-To: <199611081616.IAA21577@slack.lne.com>
Message-ID: <3283A25B.1D6E@ix.netcom.com>


Eric Murray wrote:
> 
> Page 3 of the San Jose Mercury News has a small blurb
> about WebTV's browser/set-top box that "uses
> computer-security technology so powerful that the
> government is classifying it as a weapon
> that will require a special export license before
> it can be sold overseas".[...]
> shouldn't be too difficult.  If they didn't use the "export"
> level SSL CipherTypes, then what're they up to?  Are they
> fighting crypto export laws (for which they should be congratulated
> and supported) or are they just looking for free publicity?

Based on the lack of public policy pronouncements from the WebTV folks, 
I would answer C) They're clueless. I'm not sure that management even 
understood, or wanted to understand, that they'd have an export problem.
See http://www.webtv.net/

-rich





From unicorn at schloss.li  Fri Nov  8 13:37:05 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Fri, 8 Nov 1996 13:37:05 -0800 (PST)
Subject: [NOISE] If the shoe fits, wear it [VULIS]
In-Reply-To: <199611081612.LAA04764@bksmp2.FRB.GOV>
Message-ID: <Pine.SUN.3.94.961108163454.946B-100000@polaris>


On Fri, 8 Nov 1996, Thomas C. Allard wrote:

> 
> Rich Graves <rcgraves at ix.netcom.com> said:
> 
> > networks at vir.com wrote:
> > >  The nature of the Internet means it is extremely difficult for John
> > > to prevent Dr. Vulis from either posting using a pseudonym or having
> > > messages forwarded to him.  IF it were possible to prevent Vulis
> > > from either reading messages or posting do you think John would have
> > > done that too?  Just curious.
> >
> > I think that gets into "how many angels can dance on the head of a 
> > pin"  territory, because it just isn't, and I certainly don't speak 
> > for him.  But...
> 
> What if John didn't prevent him "suvscribing", but instead directed his 
> software to simply send messages from Vulis back to him as though they were 
> sent to the list, but in fact did not forward his messages to the rest of 
> the list.  Vulis would continue to (spit) and (fart) on the list, would 
> assume everyone else saw it, but would not see any replies to his spew.  
> His remailer (spits) would still get through, but think how much less noise 
> there would be.

Easily circumvented by a subscription to cypherpunks under another name,
which I assume Vulis has already done.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From jimbell at pacifier.com  Fri Nov  8 13:37:30 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 8 Nov 1996 13:37:30 -0800 (PST)
Subject: Judge Patel Background
Message-ID: <199611082137.NAA04685@mail.pacifier.com>


At 09:12 PM 11/7/96 -0800, Peter Hendrickson wrote:
>Fred Korematsu was a Japanese-American shipyard worker in the
>early 1940s. His fiancee was Caucasian.  To stay with her, he evaded
>the concentration camps for two months, but was caught and convicted
>anyway.  His conviction was not reversed until 1983 in the court of one
>Judge Patel.
>
>Page 48, "After hearing lawyers on both sides, Judge Marilyn Patel
>asked Fred Korematsu to address the court.  `As long as my record
>stands in federal court,' he quietly stated, `any American citizen
>can be held in prison or concentration camps without a trial or
>hearing.'  Ruling from the bench, Judge Patel labeled the government's
>position as `tantamount to a confession of error' and erased Fred's
>conviction from the court's records."
>
>(Judge Patel is presiding over Dan Bernstein's challenge to the ITAR.)

However, the fact that it took 40 years to reverse (and didn't, presumably, 
reverse the convictions of others, and didn't compensate people for lost 
property) is yet another reason to take a few pieces out of the hide of the 
SC, as well as a few pounds of flesh nearest the heart.


Jim Bell
jimbell at pacifier.com





From ghio at myriad.alias.net  Fri Nov  8 13:42:50 1996
From: ghio at myriad.alias.net (Matthew Ghio)
Date: Fri, 8 Nov 1996 13:42:50 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611082141.QAA32413@myriad>


Well, this is becoming a rather long thread, but I'll just make what I
think are the key points:

If, as is presumed in this discussion, society will become divided into
two somewhat distinct groups of people, the crypto-anonymous group and
the traceable-identifiable group, then the predictable outcome is that
members of the traceable-identifiable group will become increasingly
victimized by members of the crypto-anonymous group.  People who are
easily identifiable and tracked are easy prey.

For example, if you can see when John Doe is logged in at home or
logged in at his office, then you can burglarize his home while he is
at the office and vice versa.  If, as some government agencies would
like, all motor vehicle records were online, a criminal could go
'shopping' on the internet, pick out the make and model he wants,
look up the owner's address and go steal it.  There are lots of other
examples, such as seeing how much money is in various people's bank
accounts, then target those who have money, etc...
(Identifiable people are also likely to be targets of spam and other
annoyances, and I suspect the proliferation of spam is encourgaing
a great number of people to explore the possibilities for anonymous
posting.)

This situation is going to put an increasing amount of pressure on
those in the traceable-identifiable group to change their ways.  They
will have two choices: either they start using crypto, remailers, etc
to protect their privacy and protect themselves from criminals, or
they can demand more identification and restrict their interactions
with others such that they only associate with suitably identified
persons.

The net result of this is that it's easy (and economically desirable)
for people in the 'traceable-identifiable' group to join the 
'crypto-anonymous' group, but vary hard for anonymous personas to
interact with the identified group.  As such, the number of people
demanding identification of their correspondents will decline.
(Another way to look at it, is that crypto-anonymity is a high-entropy,
and hence stable, situation, whereas tracable-identifiability is a 
low-entropy and metastable state, which spontaneously degrades into
the former in the absense of a constraining force.)

This is why cryptoanarchy is inevitable.





From roach_s at alph.swosu.edu  Fri Nov  8 13:46:23 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Fri, 8 Nov 1996 13:46:23 -0800 (PST)
Subject: [rant] Race
Message-ID: <199611082146.NAA09498@toad.com>


At 09:09 AM 11/8/96 -0800, Sandy Sandfort wrote:
...
>of the doctrine of Political Correctness.  My comment was not a 
>reference to race, but rather an allusion to an old joke, to wit:
...
My apologies to you, Sandy Sandfort, I must admit that this is the first
time that I have read this joke.






From elam at art.net  Fri Nov  8 13:49:43 1996
From: elam at art.net (Lile Elam)
Date: Fri, 8 Nov 1996 13:49:43 -0800 (PST)
Subject: WebTV Article...
Message-ID: <199611082146.NAA00733@art.net>



http://www.sjmercury.com/business/today/biz/007555.htm


Web browser classified as weapon

New York Times

SAN FRANCISCO -- American couch potatoes have become empowered -- too
empowered, in the eyes of the government.

A $300 television-set-top device for browsing the World Wide Web, which Sony
and Philips Electronics began selling recently at chains like Sears, Roebuck
and Circuit City Stores, uses computer-security technology so powerful that
the government is classifying it as a weapon that will require a special
export license before it can be sold overseas.

Few industry experts expect such a license to be granted, meaning the
companies are unlikely to begin selling current versions of the U.S.-made
devices next year in Europe and Japan, as they had planned.

The appliances, designed to let consumers surf the Web and transmit e-mail
via a standard television set and phone line, have suddenly become the most
significant challenge to the Clinton administration's attempt to restrict
the export of powerful data-scrambling devices by categorizing them as
``munitions'' requiring a special export license.

While the set-top boxes are intended to protect the privacy of users and
permit secure on-line sales transactions, administration officials fear such
technology could be used by foreign terrorists or criminals to conspire with
electronic impunity.

``We're the guinea pig,'' said Steve Perlman, chairman and chief executive
of Web TV Networks Inc., designer of the units, which are being manufactured
in the United States by Sony Electronics and Philips. ``Can you imagine
carrying one of our boxes under your arm and getting arrested at the
border?''

NYT-11-07-96 2217EST

Posted: Fri Nov 8 05:05:01 PST 1996






From jleonard at divcom.umop-ap.com  Fri Nov  8 13:50:47 1996
From: jleonard at divcom.umop-ap.com (Jon Leonard)
Date: Fri, 8 Nov 1996 13:50:47 -0800 (PST)
Subject: WebTV a "munition"
In-Reply-To: <199611081616.IAA21577@slack.lne.com>
Message-ID: <9611082146.AA25405@divcom.umop-ap.com>


Eric Murray wrote:
[Stuff about WebTv/crypto/export problems]
> So what's the story here?  It's a web browser, so they're
> probably talking about SSL.  SSL (both versions) already has mechanisims for
> allowing "export" level encryption, and although you still need to
> get a Commodities Jurisdiction, it's been done before so it
> shouldn't be too difficult.  If they didn't use the "export"
> level SSL CipherTypes, then what're they up to?  Are they
> fighting crypto export laws (for which they should be congratulated
> and supported) or are they just looking for free publicity?

I'm not sure they're doing either.  When I talked to my friends at WebTv,
I got the impression that they thought a functional browser needed to have
support for electronic commerce.  This electronic commerce needs crypto,
and if you're going to do crypto right, it has to be strong crypto.

Given that they've tried to do everything else right (and, in my opinion,
succeeded), that may be all there is to it.

I'll ask for more details next time I talk to them.

Jon Leonard





From roach_s at alph.swosu.edu  Fri Nov  8 13:56:59 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Fri, 8 Nov 1996 13:56:59 -0800 (PST)
Subject: Blocking addresses by default
Message-ID: <199611082156.NAA09708@toad.com>


On Thu, 7 Nov 1996 15:25:07 -0500, Rich Graves wrote:
...
>   What's wrong with this scheme? Other than the fact that all remailers 
>   would have to change their software at the exact same moment. :-)

To which 04:15 PM 11/8/96 +1300, Paul Foley wrote:
...
>This is not true, of course.  Implement it in two stages.  First
>recognise and strip the disclaimer, but don't prepend one, then, when
>all remailers are doing this, start prepending information.
..
You could also maintain a list of remailers to suggest that DO have this
feature, rig a random number generator to decide which of these the post
should be sent to, up to the number specified, if the sender doesn't
explicitly state which to send it to.
Also, if you can strip it, and flag that it has been stripped, you can
append a new one, but only to posts that you stripped them off of.






From mclow at owl.csusm.edu  Fri Nov  8 14:16:48 1996
From: mclow at owl.csusm.edu (Marshall Clow)
Date: Fri, 8 Nov 1996 14:16:48 -0800 (PST)
Subject: Smart Bombs
Message-ID: <v03100702aea961d4845f@[207.67.246.99]>


jbugden at smtplink.alis.ca wrote:
>Smart Use for Smart Cards
>     
>"UBIQ announced that its software has been selected by American Express to
>personalize smart cards that will be issued ... for ticketless travel on
>American Airlines. ... Airline travelers with these smart card holders will be
>able to proceed directly to an airport gate, insert their smart card into a gate
>reader, receive seat confirmation, and board the plane without touching a single
>piece of paper. 
>
Does this mean that you can fly without showing any identification? It sounds like it.

What is to prevent my company from getting a half dozen of these cards, and when someone in the company needs to travel, loading a card with the travel info and giving it to the traveller?

Note that (as far as the airline or FCC is concerned) there is no person <<-->> card mapping.

Other scenarios:
Will travel agents be able to issue these cards?
How about airport ticket agencies?
Will people be able to buy cards for cash?

James wrote:
>Of course, not having a card may subject you to greater scrutiny at check-in
>time due to the reduced tracking ability. 
>
I think that you have this backwards. There will be less tracking ability for people flying w/o tickets.

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow at mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"







From ph at netcom.com  Fri Nov  8 14:20:44 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 14:20:44 -0800 (PST)
Subject: A Disservice to Mr. Bell
Message-ID: <v02140b1baea9625cd923@[192.0.2.1]>


At 1:32 PM 11/8/1996, jim bell wrote:
>At 09:12 PM 11/7/96 -0800, Peter Hendrickson wrote:
>> ...His conviction was not reversed until 1983 in the court of one
>> Judge Patel...

> However, the fact that it took 40 years to reverse (and didn't, presumably,
> reverse the convictions of others, and didn't compensate people for lost
> property) is yet another reason to take a few pieces out of the hide of the
> SC, as well as a few pounds of flesh nearest the heart.

Many of us are guilty of a grave disservice to Mr. Bell.  I'm sure
that just about every reader of this list can only cringe when
messages such as the one above cross our screens.  ("He can't be
a paid provocateur - it would be too obvious!")

Not only is Mr. Bell apparently calling for the murder of a judge, he
is apparently calling for the murder of every justice on the Supreme
Court of the United States!

Now lots of folks are afraid that Mr. Bell's messages will be cited
as evidence that the Cypherpunks are a terrorist organization.

This does a grave disservice to Mr. Bell.  What Mr. Bell is really
doing, I think, is intentionally pushing the envelope of what is
considered to be free speech and nobly placing himself in the front
lines of cryptoanarchy.  So long as Mr. Bell can continue to
threaten the lives of our officials in the most public way without
molestation, it is safe to say that the rest of us are not going
to FBI summercamp.  (Canaries play a similar role for miners.)

Not only should we applaud his courage, but Mr. Bell's brilliance
in inventing and executing this strategy cannot go unnoticed.

Now, many of you have had some awfully hard words for Mr. Bell.  I am
sure we all regret them now that we fully understand Mr. Bell's
formerly puzzling actions.  I am going to have to ask you all to
do something very hard - apologize.  I will start:

Thank you Jim Bell for your brilliant and courageous contribution
to the Cypherpunks list!  I am sorry I ever claimed it was otherwise.

Peter Hendrickson
ph at netcom.com

"Stop and grieve at the tomb of the dead Kroisos, slain by wild
Ares in the front rank of battle."
  - Attican cemetary monument, c. 540 B.C.







From hua at chromatic.com  Fri Nov  8 15:02:38 1996
From: hua at chromatic.com (Ernest Hua)
Date: Fri, 8 Nov 1996 15:02:38 -0800 (PST)
Subject: Free software could not threaten purpose of ITAR ...
Message-ID: <199611082301.PAA09398@ohio.chromatic.com>



It never ceases to amaze me how inconsistent the anti-crypto
people are on this issue ...

I just took a look at VADM McConnell's answers during a Senate
hearing on May 3, 1994 ...

    http://csrc.nist.gov/keyrecovery/ees_q-a.txt

Questions from Senator Murray:

    Q: In my office in the Hart building this February, I downloaded
    from the Internet an Austrian program that uses DES encryption.
    This was on a laptop computer, using a modem over a phone line.
    The Software Publishers' Association says there are at least 120
    DES or comparable programs world wide.  However, U.S. export
    control laws prohibit American exporters from selling comparable
    DES programs abroad.

    With at least 20 million people hooked up to the Internet, how do
    U.S. export controls actually prevent criminals, terrorists, or
    whoever from obtaining DES encryption software?

    A: Serious users of encryption do not entrust their security to
    software distributed via networks o bulletin boards.  There is
    simply too much risk that viruses, Trojan Horses, programming
    errors, and other security flaws may exist in such software which
    could not be detected by the user.  Serious users of encryption,
    those who depend on encryption to protect valuable data and cannot
    afford to take such chances, instead turn to other sources in
    which they can have greater confidence.  Such serious users
    include not only entitles which may threaten U.S. national
    security interests, but also businesses and other major consumers
    of encryption products.  Encryption software distribution via
    Internet, bulletin board, or modem does not undermine the
    effectiveness of encryption export controls.

Why is it, then, that we don't just allow non-commercial software to
be exported?

1.  I don't believe, for a moment that "serious users" of cryptography
    cannot entrust their security to "software distributed via
    networks o bulletin boards".  Those are precisely the mediums
    through which PGP became popular.

2.  Phil Z was being harassed precisely because PGP is most definitely
    a serious threat in the trend toward undermining ITAR.

3.  Phil K's export request was rejected, and MIT was harassed over
    the PGP source book, precisely because source code is source code.
    It does not matter if it came on a disk or through a network or
    through a bulletin board or on a book.

The point is that the NSA DOES view this as a serious threat, so they
are fighting this tooth and nail.

Ern





From jgarvey at BayNetworks.com  Fri Nov  8 15:07:12 1996
From: jgarvey at BayNetworks.com (Jim Garvey)
Date: Fri, 8 Nov 1996 15:07:12 -0800 (PST)
Subject: research help
Message-ID: <3283BED3.31DFF4F5@baynetworks.com>


Hi all.

I'm writing a paper for a class I'm in.  It has to answer the question
"What evidence is there that new information technology poses a threat
to out privacy?"

I was wondering if anyone knew of some really good online sources I
could access and use.

Any help would be greatly appreciated.

Thanks.





From frankw at in.net  Fri Nov  8 15:08:26 1996
From: frankw at in.net (Frank Willoughby)
Date: Fri, 8 Nov 1996 15:08:26 -0800 (PST)
Subject: Universal Service for the Net: Why it's a bad idea
Message-ID: <9611082306.AA24281@su1.in.net>


At 07:53 AM 11/8/96 -0800, Declan McCullagh <declan at well.com> wrote:

8< [snip]

>* Why should a Beverly Hills high school get a discount of 20 percent?
>  Can't they afford to pay for ISDN?

Depends on how their telco's tariffs are set up.  Here in Indiana,
we have a monopoly called "Ameritech" who, out of the kindness of 
their hearts, charges ***per-minute*** ISDN rates.  Expect costs 
of over $600/month for a permament connection (one line) to the 
Internet.  Beverly Hills High School *might* be able to afford it.
Most other places can't.  <sigh>

Best Regards,


Frank

  
Any sufficiently advanced bug is indistinguishable from a feature.
	-- Rich Kulawiec

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Vendor-Neutral Information Security Consulting 
http://www.fortified.com     Phone: (317) 573-0800     FAX: (317) 573-0817     
Home of the Free Internet Firewall Evaluation Checklist








From brazie at ipa.net  Fri Nov  8 15:27:34 1996
From: brazie at ipa.net (Brazie)
Date: Fri, 8 Nov 1996 15:27:34 -0800 (PST)
Subject: No Subject
Message-ID: <199611082327.RAA21927@dogbert.ipa.net>


UNSCRIBE






From markm at voicenet.com  Fri Nov  8 15:41:55 1996
From: markm at voicenet.com (Mark M.)
Date: Fri, 8 Nov 1996 15:41:55 -0800 (PST)
Subject: Blocking addresses by default
In-Reply-To: <199611072025.PAA22083@spirit.hks.net>
Message-ID: <Pine.LNX.3.95.961108192926.947A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 7 Nov 1996, Rich Graves wrote:

> I think this threatens serious security problems for the remailer
> network in two ways:
> 
> 1. You'd create a list of people interested in anonymous information,
>    which could potentially be obtained by police or other armed thugs.

True.  I wasn't proposing any centralized list or a complete alternative to
the current way remailers are set up.  Just an alternative for some people who
don't have time to go through all the complaints.  The only unblocked addresses
could just be the addresses of other remailers.  Others could be set up to
only deliver mail to other remailers, mailing lists, and newsgroups.

> 
> 2. The traffic would go down so substantially that traffic analysis
>    would be trivial.

If every remailer adopted this system, then this would be true.

> As a counterproposal, I'd like to see better disclaimers on remailed
> messages. The reason the people complaining are so pissed off is that
> the blocklists are neither advertised nor automated enough. I'd like to
> see disclaimers and block list instructions at the top of the body of
> every single message. This would be encapsulated in some mark characters
> so that it could easily be removed by remailer chains. E.g.,

This is a good idea.  I also like the idea of remailers forwarding some sort
of notification to a first-time recipient where the recipient actually has to
request that the mail be delivered.  However, the storage requirement might be
a little impractical for some remailers.  If the disclaimers are really
annoying, it would be easy enough to remove these disclaimers with a simple
procmail recipe or some equivalent.


> What's wrong with this scheme? Other than the fact that all remailers
> would have to change their software at the exact same moment. :-)

The "cutmarks" option would allow backwards compatability.  Alternatively, the
remailer might be able to determine whether the next hop is a "real" email
address or another remailer.  I believe this would be pretty easy with
Mixmaster since a remailer can tell if it is the final hop or not.


Mark






-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoPTpizIPc7jvyFpAQGYHggAqERGxbUu4LcGmP6qgN47claY9cttmWQ+
LIxHFKKxut92mSVMfDD80WGlXZAQb/p97t//m6aGZ3cCFXe8JPlVfyqrzz4A4/JK
pN3lbn0Vfk08CVePFZaBqk8yiE+K7ZpjE1vTx8GTna0n+ZHpC6RZ1DBNwWrif4PH
kLUl4cFHYeHhe9qfZrc+rjUcxe0yMM9hhJ3uW1SUaUvLeXNuwjaftil5ULX1pegt
2JLYZkX7UF7EAUA2GvKj1KoDhVoQjT5tbRcIbV20n8r8mQjQuecUqZXP/P9D1zbC
lwilKC5z2+0wErr9MvseLH9CEriVQhT0EN1fWxZjB3MfrCFRdNDO9w==
=xP+H
-----END PGP SIGNATURE-----






From youngsik at cnct.com  Fri Nov  8 15:45:35 1996
From: youngsik at cnct.com (YoungSik Jeong)
Date: Fri, 8 Nov 1996 15:45:35 -0800 (PST)
Subject: No More
Message-ID: <2.2.32.19961108235312.00681fcc@cnct.com>


I want take off mail list






From jbugden at smtplink.alis.ca  Fri Nov  8 15:50:56 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Fri, 8 Nov 1996 15:50:56 -0800 (PST)
Subject: Smart Bombs
Message-ID: <9610088475.AA847507822@smtplink.alis.ca>




Marshall Clow <mclow at owl.csusm.edu> wrote:
>James wrote:
>>Of course, not having a card may subject you to greater scrutiny at check-in
>>time due to the reduced tracking ability. 
>>
>I think that you have this backwards. There will be less tracking ability for
>people flying w/o tickets.
 
Less tracking for people w/o tickets, but more scrutiny for people w/o smart
cards.
 
I can easily see the working assumption that smart carded people have _already_
passed the security check, while those who pay cash would be under greater
scrutiny.






From jbugden at smtplink.alis.ca  Fri Nov  8 16:01:59 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Fri, 8 Nov 1996 16:01:59 -0800 (PST)
Subject: His and Her Anarchies
Message-ID: <9610088475.AA847508443@smtplink.alis.ca>


>Black Unicorn <unicorn at schloss.li> wrote:
>I'm sure if I look hard enough, I'll find the crypto content in here.
>
>On Fri, 8 Nov 1996 jbugden at smtplink.alis.ca wrote:
>
>> Copyright c 1996, The Globe and Mail Company r
>> 
>> U.S. election reveals his and her politics 
>> Educated women have different agenda 

I think it relates to crypto policy via policy in general, also to both the
libertarian and the inevitable cryptoanarchy argument we are currently tossing
about and brought to mind a comment a few months back from Tim about how the
occasional female members of this list tended to not make sense a lot of the
time.

Sorry if it wasn't clear enough. I had expected a comment regarding the smart
bomb message since it would have been better to send to the risks list.

Ciao,
James






From jimbell at pacifier.com  Fri Nov  8 16:51:43 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 8 Nov 1996 16:51:43 -0800 (PST)
Subject: WebTV a "munition"
Message-ID: <199611090051.QAA20055@mail.pacifier.com>


At 01:12 PM 11/8/96 -0800, Rich Graves wrote:
>Eric Murray wrote:
>> 
>> Page 3 of the San Jose Mercury News has a small blurb
>> about WebTV's browser/set-top box that "uses
>> computer-security technology so powerful that the
>> government is classifying it as a weapon
>> that will require a special export license before
>> it can be sold overseas".[...]
>> shouldn't be too difficult.  If they didn't use the "export"
>> level SSL CipherTypes, then what're they up to?  Are they
>> fighting crypto export laws (for which they should be congratulated
>> and supported) or are they just looking for free publicity?
>
>Based on the lack of public policy pronouncements from the WebTV folks, 
>I would answer C) They're clueless. I'm not sure that management even 
>understood, or wanted to understand, that they'd have an export problem.
>See http://www.webtv.net/


However, I estimate that the "investment" of probably under $1 million, and 
certainly under $10 million dollars, would easily sweep away any legal 
obstacle to the export of these devices.


Jim Bell
jimbell at pacifier.com





From tomw at netscape.com  Fri Nov  8 17:15:39 1996
From: tomw at netscape.com (Tom Weinstein)
Date: Fri, 8 Nov 1996 17:15:39 -0800 (PST)
Subject: WebTV a "munition"
In-Reply-To: <199611081616.IAA21577@slack.lne.com>
Message-ID: <3283DB50.2847@netscape.com>


Rich Graves wrote:
> 
> Eric Murray wrote:
> >
> > Page 3 of the San Jose Mercury News has a small blurb
> > about WebTV's browser/set-top box that "uses
> > computer-security technology so powerful that the
> > government is classifying it as a weapon
> > that will require a special export license before
> > it can be sold overseas".[...]
> > shouldn't be too difficult.  If they didn't use the "export"
> > level SSL CipherTypes, then what're they up to?  Are they
> > fighting crypto export laws (for which they should be congratulated
> > and supported) or are they just looking for free publicity?
> 
> Based on the lack of public policy pronouncements from the WebTV
> folks, I would answer C) They're clueless. I'm not sure that
> management even understood, or wanted to understand, that they'd have
> an export problem.
> See http://www.webtv.net/

Since Pablo Calamera works there, they can't be too clueless.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw at netscape.com





From wb8foz at wauug.erols.com  Fri Nov  8 17:19:23 1996
From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states)
Date: Fri, 8 Nov 1996 17:19:23 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007803aea873ff3acc@[207.167.93.63]>
Message-ID: <199611090119.UAA01052@wauug.erols.com>


As a HP-35 buyer when they first appeared in '72, I sonn found it
simple to explain RPN by using a basic rule of good composition:
avoid passive voice.

The "+" key is not, of course "plus" rather it is the active voice
term "add" and such.. And all commands are "active voice" unlike
a TI where some were...

Of course, I soon found far too many people had no grasp of active
vs. passive voice........

-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From wb8foz at wauug.erols.com  Fri Nov  8 17:39:56 1996
From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states)
Date: Fri, 8 Nov 1996 17:39:56 -0800 (PST)
Subject: WebTV a "munition"
In-Reply-To: <199611081616.IAA21577@slack.lne.com>
Message-ID: <199611090139.UAA01155@wauug.erols.com>


Eric Murray sez:
> 
> 
> 
> Page 3 of the San Jose Mercury News has a small blurb
> about WebTV's browser/set-top box ......

That's a John Markoff story in today's NYT.....

-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From lharrison at mhv.net  Fri Nov  8 18:38:49 1996
From: lharrison at mhv.net (Lynne L. Harrison)
Date: Fri, 8 Nov 1996 18:38:49 -0800 (PST)
Subject: [rant] Race
Message-ID: <9611090217.AA03784@super.mhv.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Fri Nov 08 21:16:34 1996
 
> ObCrypto: Is it true that "Kemo Sabe" is Abanake for "Horse's Ass"?

The author had some fun with their names.  Kemo Sabe is a play on words and 
actually stands for "que no sabe" which, translated from Spanish, means "he 
who knows nothing."  Tonto in Spanish means stupid.
 


************************************************************
Lynne L. Harrison, Esq.       |    "The key to life:
Poughkeepsie, New York        |     - Get up;
lharrison at mhv.net             |     - Survive;
http://www.dueprocess.com     |     - Go to bed."
************************************************************

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoPpgj5A4+Z4Wnt9AQFHsgP5AVSS0pG5Sp2VqtTm+BefXkA9IcA//LvQ
IXISs4RaLUrUmPjMkggFbyoMEEmIIz2TjdUr2Rjn+0+T/8cmSSXTrUqofroOu8rC
G00MlCPGzLWuQ5g3iuxGfxZMszWuYWEkb7m37nP0ozdPgR3xG6sYkAeuTPiny27x
ZXXPgmMbidU=
=m/jZ
-----END PGP SIGNATURE-----






From snow at smoke.suba.com  Fri Nov  8 18:47:16 1996
From: snow at smoke.suba.com (snow)
Date: Fri, 8 Nov 1996 18:47:16 -0800 (PST)
Subject: Need a new word for non-violent-censorship
In-Reply-To: <199611081134.MAA16008@digicash.com>
Message-ID: <199611090303.VAA00236@smoke.suba.com>


> I often have the same difficulty when speaking with
> Objectivists.  They define "censorship" as "silencing the
> speaker by force", which is a fine and useful definition, but
> suppose we want to talk about a similar phenomenon which does
> not involve force?  For example, the magnate who owns all the
> newspapers, television stations, bookstores and movie theatres
> in a small town decides that never again will homosexuality be
> publically mentioned in any of these venues.  Force?  No.
> "Censorship"?  Not by _that_ definition, but what _is_ it?

     "Monopoly", or editorial policy and it is solved by buying a press of 
some kind, from a letter press to a photocopier, and printing all the news 
he does, and doesn't.

> We need a new word, or else we have to continue using

     No, we just need to use the words we have properly. 

> "censorship" to mean both of those things.  I sometimes use
> "violent-censorship" and "non-violent-censorship" in
> conversation.

     "Violent-censorship" is when you [shoot beat kill] the speaker, "non-
violent" is when you imprison, or consficate the means of speech/replication of 
speach, or otherwise "silence" without physcial force. Then you have censorship 
by intimidation, which is a little harder to qualify. If I threaten to burn 
your press if you talk about Crypto, or print Crypto algorythms, is that 
censorship? IMO, yes. If you _choose_ not to discuss Crypto because you 
understand (or are afraid of) the implications of it, that is NOT censorship,
any more than my refusal to discuss sports because I can't understand the appeal
or because I think that sports are generally a bad thing.  
 
     Choice is not censorship, removal of choice is. 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From snow at smoke.suba.com  Fri Nov  8 19:02:42 1996
From: snow at smoke.suba.com (snow)
Date: Fri, 8 Nov 1996 19:02:42 -0800 (PST)
Subject: Validating a program
In-Reply-To: <328353D8.4D28@gte.net>
Message-ID: <199611090318.VAA00266@smoke.suba.com>


>> Dale Thorn wrote:
>>|Adam Shostack wrote:
>>|put the sender in any great danger, but when the application is really serious, as it
>>|always is sooner or later, you must realize that people could be taking great risks
>>|with PGP encryption, and "pretty sure" isn't good enough when it's really, really
>>| vital to have bulletproof security.

     If it is vital to have bulletproof security, then they will:
      1) learn Cryptography and C well enough to read the code themselves.
      2) hire an expert to do 1). 
      3) Do the research and purchase a commercial package that has 
         guarentees and recommendations. 

>>        You're wrong.
>>        People can make their own choices about what level of risk
>>they're willing to accept.  That they make bad choices is not my
>>problem, except when they're paying for my opinion.
>It's easy to say, but when the "shit comes down" as they say, the average user is
>going to swear they had assurance PGP was absolutely secure, etc....

     If you believe that _anything_ is absolutely secure, you get what you 
diserve. It would seem far far cheaper to simply insert a couple extra chips
in the form of a tap in your keyboard to trap all of your keystrokes & forward
them via radio signals, or to rubber hose you. 

     PGP has been looked over by lots of people, so I trust it not to have 
any deliberate holes. As to bugs, or accidental errors, well, it is "freeware,
you get what you pay for. Sometimes you get more, and I am not denegrating 
PGP, but if you don't pay for it you shouldn't even expect it to keep working,
much less be bug free. This comes from someone whose main computer rarely 
runs commercial software (hey, free games just aren't as cool as the commercial
ones). 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com






From tcmay at got.net  Fri Nov  8 19:11:20 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 8 Nov 1996 19:11:20 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007803aea873ff3acc@[207.167.93.63]>
Message-ID: <v03007800aea9a5cba79b@[207.167.93.63]>


At 8:19 PM -0500 11/8/96, David Lesher / hated by RBOC's in 5 states wrote:
>As a HP-35 buyer when they first appeared in '72, I sonn found it
>simple to explain RPN by using a basic rule of good composition:
>avoid passive voice.
>
>The "+" key is not, of course "plus" rather it is the active voice
>term "add" and such.. And all commands are "active voice" unlike
>a TI where some were...
>
>Of course, I soon found far too many people had no grasp of active
>vs. passive voice........

Agreed. I think I adapted to RPN so quickly (less than 30 minutes at the
university bookstore, which had H-P 35s on display) because of this.

The problem "((5 + 7) * 4) / 3)" is easily understood as:

5 enter 7 add 4 multiply 3 divide

Once one groks RPN, it clearly is a speed win over entering parentheses and
that stuff. For any of you who are doubters, RPN usually produces far fewer
errors in identical calculations than Algebraic produces (the user errors,
not the hardware).

I found RPN ideal for exploratory calculations, where the stack orientation
was just so "natural."

This is not RPNpunks, but it seems that many of the younger subscribers
here really have not been exposed to RPN calculators. It's really worth the
$40 or so to buy the cheapest H-P calculator that has RPN.

(Be careful--not all H-P calculators are RPN these days. They bowed to
market pressure several years ago and introduced algebraic entry on their
low-end models.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From haystack at cow.net  Fri Nov  8 19:21:11 1996
From: haystack at cow.net (Bovine Remailer)
Date: Fri, 8 Nov 1996 19:21:11 -0800 (PST)
Subject: Source blocking Vulis is futile
Message-ID: <9611090309.AA05396@cow.net>


John Anonymous MacDonald wrote:
>
> Please, remailers, source block Vulis for a week.
> Remailer Fan
>

% telnet smail.based.host.edu smtp
250 Smail Ready ... ...
mail from: someone at someplace.gov
rcpt to: remailer at blacknet.org
data
Subject: Insert your favorite subject(spit) here

Request-Remailing-To: cypherpunks at toad.com

::

Insert your favorite message body (fart) here
..
250 Message Accepted
quit
Connection closed by foreign host.
%





From jkenth at c2.net  Fri Nov  8 19:38:57 1996
From: jkenth at c2.net (J. Kent Hastings)
Date: Fri, 8 Nov 1996 19:38:57 -0800 (PST)
Subject: Alongside Night on the WWW [long]
Message-ID: <328407F3.1508@c2.net>


The following article is the foreword to the new edition of
_Alongside Night_ by J. Neil Schulman, available for download in
HTML format from http://www.pulpless.com/nite.html . Permission
to cross-post in appropriate newsgroups, mail lists, and file
bases granted. Copyright (c) 1996 by J. Neil Schulman. All other
rights reserved.


                     Pulling Alongside Night
                 The Enabling Technology is Here
               by J. Kent Hastings (jkenth at c2.net)

     J. Neil Schulman is a prophet.

     Two weeks after his twenty-third birthday, on May 1, 1976,
J. Neil Schulman finished the first draft of _Alongside Night_, a
novel that accurately discerned the outline of 1996 reality. He
finished the final draft in 1978, for publication on October 16,
1979.

     _Alongside Night_ describes things that weren't around in
the '70s but arrived later, or are becoming commonplace now. 
"Citizens for a Free Society" could be the populist/libertarian
source group for today's Patriot movement. The "TacStrike"
division of the novel's Revolutionary Agorist Cadre could be
recruited from today's militias, revolutionaries, and
mercenaries, while today's cypherpunks could form the basis for
the novel's "IntelSec."

     In the future of _Alongside Night_ as in our own 1996 -- but
not in the 1970's when it was written -- panhandlers and the
homeless are omnipresent due to economic hardship, professional
youth gangs roam the streets of New York freely while big-time
drug and people smuggling are ubiquitous; videophones are hitting
the consumer market and computers are in use everywhere.

     Schulman's "First Anarchist Bank and Trust Company," a Swiss
bank subsidiary, uses accounts denominated in gold, linked
offshore -- a dream of today's cypherpunks. He predicts re-
prohibition of gold, with TV actors warning "that just one little
ounce of gold bullion can put you away in a federal penitentiary
for up to twenty years."

     Transportation to one of Schulman's "Agorist Undergrounds"
shields against all transmissions to prevent discovery of
location aboveground, including heartbeat detectors being put
into use in 1996 by the Immigration and Naturalization Service at
the Mexican border. Weapons, cameras, recorders, transmitters,
and radioactive materials are checked in transit.

     Security at the A.U. uses non-lethal weapons. Guards disarm
guests upon arrival, then return their guns on their way to the
trading floor. One shop is called "The Gun Nut," and "Lowell-
Pierre Engineering" sells nukes. Rental per-square-foot
calculates any risk of a government "G-Raid" against the costs of
security measures.

     Cadre General Jack Guerdon, also the builder of some A.U.s
including "Aurora," explains how the location of a large complex
could be kept secret from the construction workers:

          "They were recruited from construction sites all over
     the world, were transported here secretly, worked only
     inside, and never knew where they were. If you think
     security is tight now, you should have been here during
     construction; a mosquito couldn't have gotten in or out."


     Thinking about it now, robots with telepresence may achieve
the same security, with even less risk, since only Cadre
equipment would be inside.

     TransComm's smuggling of contraband predicted marijuana
traffic expanding into the sort of operation done in the 1980s by
the cocaine cartels, small airports and all.

     Aurora's trading floor offers non-prescription drugs,
marijuana, cocaine, heroin, and LSD sold in defiance of DEA and
FDA regulations, but with voluntary warning labels.

     Dialogue in _Alongside Night_ decries smoking prohibition at
the time of the story. In California today, you aren't allowed to
smoke in restaurants, workplaces, airports or other public
buildings. The U.S. FDA classified nicotine a drug this year, so
it's just a formality to prohibit delivery systems (cigarettes,
cigars, and pipes) nationwide as well.

     Classroom video intercoms exist in the novel, even before
consumer VCRs were a hot item. One of _Alongside Night_'s
characters, Chin, uses a video capable laptop in a sequence
written years before IBM introduced the first PC, and more years
before anything you could call a laptop.

     Consumer electronics? "Aurora's library had a fair
collection of books, videodiscs, and holosonic music cassettes"
-- years before DAT was introduced.

     All trading and billing is done by computer with access
controls, a projection made before most banks even had ATMs, much
less telephone bill-paying..

     Elliot chooses a pass phrase like today's PGP requires, and
the Cadre contract assures authorized disclosure only. Aurora's
hotel room keys are computerized in the novel, but it wasn't like
that at hotels in the 1970s. Also in Aurora, computer terminals
are in each hotel room.

     The electronic contract used by the Cadre in _Alongside
Night_ is imitated today by digital forms used millions of times
daily on the World Wide Web, including Schulman's own site
http://www.pulpless.com/.

     Schulman wrote the first chapters of the book in 1974,
describing his fictional economist "Martin Vreeland," winner of
the Nobel prize for economics -- two years before Milton Friedman
actually won his in 1976. And while Schulman did fail to predict
the collapse of the Soviet Union, his description of the almost
casual fall of the United States government over the two week
timespan in his novel parallels the bloodless coup attempt
against Gorbachev in 1992, which completed the fall of the Soviet
Union.

     Neil predicted Chinese Norinco handguns and rifles being
imported into the United States: Elliot Vreeland carries a ".38
caliber Peking revolver." Such imports were legalized after
Alongside Night was written and, after becoming popular items,
imports of Chinese firearms into the U.S. are now banned again.

     The Cadre are armed, but not on an aggressive revenge
mission against the feds, as a "drive-by" with a non-lethal,
temporarily-blinding magnesium flash, used to evade a FBI sedan,
demonstrates.

     Foreigners with hard currency buy relatively cheap U.S.
assets in_ Alongside Night_, before Rockefeller Center or major
portions of the entertainment industry were bought by Japanese
conglomerates. Schulman predicts the "mall-ization" of America
because of fear of crime on city streets, and police replaced
with private patrols such as "Fifth Avenue Merchant Alliance
Security (FAMAS)."

     "Air Quebec" indicates Schulman's prediction of Quebec
secession, which seems likely soon after a fifty-fifty split in
the last election to test the issue. The secession of Texas
doesn't seem as far-fetched these days as it did in 1976.  Just
think of the Montana legislators who introduced a bill to secede
a couple of years ago.

     Schulman's novel is set during the final two weeks of a
catastrophic "wheelbarrow" inflation. Confiscatory taxes have
forced people out of aboveground jobs and into either working
"off the books," or unemployed on the dole. Gresham's Law has
Americans  using blue "New Dollars": "More than anything else, it
resembled _Monopoly_ money"; and fixed-value coins disappear so
fast for their metallic value that vending-machine tokens fixed
daily to the price of the "eurofranc" are just about the only
real money in circulation.

     The President complains about the U.S. being treated like a
banana republic by the "European Common Market Treaty
Organization, a combination of the European Common Market and a
U.S.-less NATO," the U.S. having been kicked out for no longer
being able to afford keeping overseas troop commitments. The
Chancellor of EUCOMTO informs the White House, "Mr. President,
even bananas do not decay as quickly as the value of your
currency these past few months." In the 1970's, the European
Union was not yet negotiated and NATO was still almost entirely
controlled by the United States.

     In _Alongside Night_, political dissidents are arrested on
secret warrants, and the FBI gulag they're stuck in (codenamed
"Utopia") is blown up by the feds as a cover-up. Of course,
nothing like that could ever happen in real life, right? 

     Schulman's account of a Federal Renovation Zone rebuilding
Times Square in N.Y. predicts today's sweeping federalization of
lands, opposed by the sagebrush rebellion.

     Future conflict between militias and the feds seems
inevitable today since both sides see the other as a fatal threat
and neither side is backing down. An Oracle headline in
_Alongside Night_: "FBI Chief Powers attributes last night's
firebombings of bureau offices to outlaw 'Revolutionary Agorist
Cadre.'" The recent FBI raids in Colorado and West Virginia
against militia groups supposedly planning terrorism -- not to
mention Waco and Ruby Ridge -- demonstrates that anti-federal
sentiment isn't laughed off as harmless anymore.

     The FBI chief in the novel keeps copies of "confidential"
enemies lists at home, long before Filegate. In the 1970's when
J. Neil Schulman wrote his novel, the general image of the FBI
was Efrem Zimbalist, Jr., on _The FBI_. Today's FBI is better
characterized by the paranoia of _The X-Files_, where higher-ups
are usually in complicity with dark forces.

      The Emergency Broadcast System in _Alongside Night_ extends
even to telephones -- using the phone system during the crackdown
requires authorized beepers -- while radio and TV programming
simulates normality while the government collapses. Today's FBI
digital wiretap law will provide capability for millions of
simultaneous wiretaps and the major broadcast networks have
accepted official explanations uncritically of everything from
who started the fire at Waco to the cause of the explosion that
destroyed TWA Flight 800.

     In _Alongside Night_, we learn that a _New York Times_
front-page story headlined "Vreeland Widow Assures Public Husband
Died Naturally" is disinformation. Echoes of Vince Foster and the
Arkancides?

     An "Oracle" headline in _Alongside Night_ predicts military
dissent: "TEAMSTER PRESIDENT WARNS POSSIBILITY OF ARMED FORCES
WILDCAT STRIKES IF PENTAGON DOES NOT MEET DEMANDS..."  And when
-- due to a busted budget -- an absence of government paychecks 
combines with the latest government scandal, a two-century-old
superpower collapses like a house of cards.

     Where did a prediction of revolution in the U.S. come from,
if not the fevered dreams of a militant paranoid? Young Schulman,
a student of Austrian economics, just "followed the money,"
determining who would earn it and who would control it.

     During the 1970s, hippies dropped out and moved to communes,
while tax and sagebrush rebels fought to keep the government out
of their pockets and off their lands. California's Proposition 13
and the election of U.S. President Ronald Reagan were the results
of the establishment co-opting anti-government positions.

     Despite this, the current political situation in the U.S. is
more volatile than ever. Job security doesn't exist for anybody,
so leftists are forming new parties out of disgust with the
Democrats, while right-wingers who believe Republicans
indistinguishable join militias.

     But perhaps the most revolutionary development is the
Internet and the World Wide Web, which threaten government
currency controls, tax collection, and media restrictions.

     _Alongside Night_ predicted revolutionary cadres organizing
to resist and replace the State with an "agorist" society.
Agorism, according to Samuel Edward Konkin III, who coined the
term, is the integration of both libertarian theory and counter-
economic practice, neither inactive "library libertarians"
prattling on with their idle complaints, nor simple criminals
preying on society.

     Agorists insist on both civil and economic liberties for all
individuals, encourage efficient restitution for contract and
rights violations, yet oppose a monopoly of coercion from even a
limited "minarchist" State.

     From Konkin's _New Libertarian Manifesto_: "Coercion is
immoral, inefficient and unnecessary for human life and
fulfilment." This is not pacifism because defensive violence is
not coercion. Coercion is the _initiation_ of violence or its
threat. You can't morally start a fight, but you can finish one.
... "When the State unleashes its final wave of supression--and
is successfully resisted--this is the definition of
_Revolution_."

     Most citizens go along with the government, whether "right
or wrong," to preserve order, defend freedom, and more recently
to assist the poor and protect the environment. When it becomes
obvious that the government is hostile to these purposes, many of
its subjects will no longer feel guilty about joining the radical
opposition.

     A rich, slave-owning, dead European white male cracker named
Thomas Jefferson (sorry, he's not "the Sage of Monticello"
anymore), wrote similar things about King George III in the
_Declaration of Independence_.

     I'm sure T.J.'s writings would be found in Aurora's library,
along with the following titles, most of which are specified in
_Alongside Night_. Productive workers will "withdraw their
sanction," according to Ayn Rand's 1957 _magnum opus_, _Atlas
Shrugged,_ and this will lead to "the collapse of the Looter's
State." Rand also described an underground "Galt's Gulch" of
black market revolutionaries in her classic novel. Murray
Rothbard hinted at stateless defense in _Man, Economy, and State_
(1962). Robert Heinlein portrayed a stateless legal system and
revolution in _The Moon Is A Harsh Mistress_ (1966). Rothbard
describes stateless defense services fully in _Power and Market_
(1970), echoing Gustavus De Molinari's 1849 essay "The Production
of Security."

     Molinari was an economist in the original French _laissez-
faire_ school of Frederick Bastiat. Molinari concluded that
justice and defense were goods like any other, best provided in a
competitive market rather than political monopoly. Konkin's _New
Libertarian Manifesto_ (published in 1980, based on a talk given
in February 1974 which influenced _Alongside Night_) inspired the
creation of The Agorist Institute, "symbolically founded on the
last day of 1984," now with a web site at http://www.agorist.org/.

     That's all fine for free-market supporters, but wouldn't
"progressive" groups try to impose their own one-party
dictatorships? What's in it for the masses?

     Despite their famous friendship with Newt Gingrich, Alvin
and Heidi Toffler are active in labor and ecology circles. They
point out that telecommuting is 29 times more efficient than
physical commuting in private cars. If 12% telecommuted, the 75
million barrels of gasoline saved would completely eliminate the
need for foreign oil and future Gulf Wars. Real estate now used
for office space could be used for local housing. The Tofflers
believe traditional factors of production such as land, labor,
and capital are being dwarfed by the growing importance of
information. Information is inexhaustible, it can be shared but
still kept.

     Widely copied software brings more user suggestions and
faster improvements. It puts scarcity economics on its ear.
Expensive bulky production methods are being "ephemeralized" (to
use a term coined by Bucky Fuller), replaced by flexible cheap
computers to satisfy local consumer tastes. More people can
afford access to computerresources, with less damage to the
environment.

     Telecommuting is safer than driving, which currently kills a
Vietnam War's worth of fatalities each year, without requiring
"strategic" resources to fight over. Silicon comes from sand,
which is plentiful. Because programs like PGP protect users from
both evil hackers and a fascist global police state, traditional
leftists embrace the new technology, and even build their own web
sites.

     Karl Marx wrote of objective and subjective conditions being
necessary for Revolution. "Objective" in this case means the
physical ability to overthrow the current regime. "Subjective"
means the desire and mass support to do it.

     The 1960s arguably provided the subjective conditions: an
unpopular war, a vicious police crackdown on agitators, and
hundreds of thousands of protesters marching in the streets. But
these subjective conditions weren't perfect. The economy was
still robust, not yet weighed down with the debts racked up in
the 1970's by the Wars On Poverty and Vietnam, and no stagflation
and oil crisis yet. The objective conditions were bad.
Individuals and small groups could not do much mischief without
being overwhelmed by Chicago police or National Guard troops
thrown against them.

     Today, a single troublemaker can afford to sign up for
Internet service under a pseudonym and use anonymous remailers to
post messages in widely read "newsgroup" conferences, distributed
to more than 135 countries without identification.

     The Rulers and the Court Opinion Makers won't let their ill-
gotten monopolies collapse without a fight. Every day we hear
about the Four Horsemen of the Infocalypse: Terrorists,
Pedophiles, Money-Launderers, and Drug Smugglers. Defenders of
privacy and free speech on the Internet get smeared for "fighting
law enforcement" just like the Revolutionary Agorist Cadre in
_Alongside Night_.

     Restrictions on the Internet are likely to be passed for
"crime and security" reasons and to hold users "accountable."
Civil libertarians complain that such pornographically-explicit
words as "breast" are being filtered by online services fearing
prosecution, with the "unintended consequence" of forcing breast
cancer survivors to choose euphemisms like "tit".

     Critics of data censorship say these restrictions are like
trying to stop the wind from crossing a border. For example, when
France (in anti-_laissez-faire_ fashion) blocked some newsgroups,
an ISP in the United States, http://www.c2.net/, made them
available to French users via the World Wide Web.

     Next there's the problem of how to make a living
underground. Schulman watched Anthony L. Hargis found a "bank
that isn't a bank" in 1975, with "transfer orders" instead of
checks, denominated in mass units of gold. ALH&amp;Co. survives
to this day, despite IRS inspections, hassles with the Post
Office and local authorities, and ever-tighter banking
restrictions against "money-laundering."

     Hargis explicitly forbids (by voluntary contract) his
account holders from selling drugs, which suggests how
proprietary communities can choose to be drug-free within a
future agorist society. Hargis is sincere in this restriction,
not just playing clean to fool the authorities. Unfortunately,
Hargis is not enthusiastic about encryption or the Internet.
"Honest Citizens have nothing to hide."

     Rarely does the weed of government research bear anything
but the bitter fruits of mass destruction, disinformation, and
bureaucratic disruption of innocent people's lives. Exceptions
may include public-key cryptography, spread-spectrum radio and
the Internet Protocol.

     Programmers such as Pretty Good Privacy (PGP)'s Philip R.
Zimmermann are using the government sponsored RSA algorithm to
thwart the efforts of every State's security agent. In Myanmar
(formerly Burma), where PGP is used by rebels fighting
dictatorship, the mere possession of a network-capable computer
will bring a lengthy prison sentence.

     In 1995, David Chaum announced the availability of
untraceable digital cash ("Ecash"), denominated in U.S. Dollars
(Federal Reserve Units, or "frauds" as Hargis would call them)
from Mark Twain Bank in St. Louis, MO.

     Ecash can be withdrawn, deposited, and spent without fee
anywhere on the Internet. The only charge is when exchanging
Ecash for a particular currency. Chaum lives in Amsterdam, the
location of the "secret annex" in _The Diary of Anne Frank_.

     During World War II, the Nazis seized the government records
in Amsterdam before partisans could burn them, and used them to
track down and kill Jews, including members of Chaum's own
family. Perhaps this explains his desire for computer privacy.

     In 1985, David Chaum described his invention in an article
as "Security Without Identification: Transaction Systems To Make
'Big Brother' Obsolete." Ecash protects privacy yet thwarts
deadbeat counterfeiters. Similarly, software filters against
"spam" and other unwanted messages obviate a State crackdown
against anonymity.

     Chaum's Digicash company now serves a number of banks in
different countries, and provides the "electronic wallet"
software for use by their account holders. With Ecash, items may
be purchased without identifying the buyer, even if the banks and
merchants exchange information, but the seller may be disclosed
if the buyer wishes to publicly dispute a purchase. As it exists,
privacy is compromised because of bank disclosure requirements,
but it isn't hard to imagine underground banks with unofficial
ecash (as opposed to proprietary Ecash), using their own currency
or gold.

     Respecting your right to be secure in the privacy of your
own home would let you advertise, send catalogs, take orders,
send processed data or tele-operate machinery (in other words, do
your _work_), then send invoices, collect ecash payments, and
deposit your unreported earnings scot-free in offshore accounts.
Using ecash and encrypted remailers, there would be no way for
tax collectors to tell if you made $100 last year or
$100,000,000.

     If measures such as mandatory internal passports and routine
checkpoints can't restrict who can work or determine accurate
income taxes due, they'll have to employ ubiquitous
surveillance--a totalitarian system will be the only way to
protect the privileges of the tax eaters. Although necessary for
the future survival of the State, a crackdown will provoke
resistance. Private communications bypass official propaganda, as
the Committees of Correspondence did during the American Revolution.

     They'll be forced to bug your house. Don't worry, the
automatic image-processing (exists today!) 24-hour cameras will
be labeled "for your protection." Worse than Orwell's _1984_,
they won't need humans to look through them, they'll identify
everyone and trace their movements with blessed convenience.

     Couldn't they just tap the phones? Sure, but with encrypted
data to and from an Internet Service Provider they wouldn't get
much. Couldn't they require back-door "escrowed" keys and outlaw
strong encryption? Not good enough, they need _constant_
monitoring (not just with a court order) to collect taxes.

     Scofflaws might send innocent looking images and sound files
with steganographically hidden data using methods designed to
thwart detection and disruption. In 1996, for real, any data
collected about you can be shared with the FBI, U.S. Customs,
DEA, IRS, Postal inspectors, and the Secret Service because the
Financial Crimes Enforcement Network (FinCEN), located down the
street from the CIA in Vienna, Virginia pools the data. I guess
anything goes to stop crime and protect the children, right?

     In _Alongside Night_, temporary relays and infrared
modulation of engine heat disguises communication signals. With
enhancement of spread-spectrum radios recently introduced, a
channel wouldn't be defined by a single radio frequency, but by a
"spreading code" of frequency hops with staggered dwell times, so
that jammers and eavesdroppers won't be able to predict where,
and for how long, the carrier will go next.

     A hybrid with the direct sequence technique would mix each
bit of the message with several pseudo-random "chip" bits, to
spread the signal at each hop. A transmitted reference in one
band, of purely random thermal noise in a resistor for example,
can be compared to the reference mixed with a message in another,
so that the authorized receiver correlates the two to recover the
message.

     Low-powered microwave, lasers, unreported underground
cables, antennas disguised as flag poles and many other methods
would insure that the email got through during a blackout.

     Today, when "rightsizing" has made a temporary placement
firm the largest employer in the U.S., and the President's own
budget projects a federal tax rate of 84%, not including state,
county, city and other local taxes, we can count on greater
numbers swelling the ranks of radical movements in the face of a
hostile establishment.

     "Dr. Merce Rampart," the woman leading Schulman's Cadre,
offers advice to dislocated personnel in the "New Dawn" of a
proprietary anarchist revolution:

          "With the exception of those government workers who
     perform no marketable service--tax collectors, regulators,
     and so on--we are urging them to declare their agencies
     independent from the government, and to organize themselves
     into free workers' syndicates. Shares of stock could be
     issued to employees and pensioners by whatever method seems
     fair, and the resultant joint-stock companies could then
     hire professional managers to place the operation on a
     profitable footing. I can envision this for postal workers,
     municipal services, libraries, universities, and public
     schools, et cetera. As for those civil servants whose jobs
     are unmarketable, I suggest that most have skills in
     accounting, administration, computers, law, and so forth,
     that readily could be adapted to market demand. That's the
     idea. It's now up to those with the necessary interests to
     use it or come up with something better."


     In the 1980's, after _Alongside Night_ was published, this
idea became popular among libertarian-leaning conservatives. It's
called privatization.

     _Alongside Night_ shows us a world where such ideas aren't
merely a smokescreen for greater efficiency in the service of an
ever more encompassing State.

                               ##

J. Kent. Hastings is co-director of the Agorist Institute
(http://www.agorist.org), a partner in the Pulpless.Com online
publishing venture (http://www.pulpless.com), a long-time
cypherpunk, and radical activist.





From snow at smoke.suba.com  Fri Nov  8 19:59:40 1996
From: snow at smoke.suba.com (snow)
Date: Fri, 8 Nov 1996 19:59:40 -0800 (PST)
Subject: [rant] Re: Censorship on cypherpunks
In-Reply-To: <199611071856.KAA18731@toad.com>
Message-ID: <199611090415.WAA00451@smoke.suba.com>


> Actually, I was comparing some people on the list, who were saying someone
> could always start thier own list, with those who advocate telling someone
> to start a new country as opposed to making their vote count.  This is a
> free country where we, fortunately, don't have to hang around, and, this is
> a free list, where we don't have to post or remain subscribers.  I was
> saying that telling someone to start their own list was equivalent to
> telling them to dig in on an uninhabited island.  I was never advocating

     Please point out to me an "uninhabitated island" that meets the 
following qualifications (Necessary IMO to supporting a "country"):

     1) Is not claimed by _any_ other country. 
     2) Is always at least 1 foot above the water line (necessary IIRC
        for the UN definition of "Country")
     3) Is large enough to provide ariable land for at least 3 people. 
        So that this "Country" can be minimally self sustaining. 

    I ask this question to point out that starting ones "own country" 
is not really within the realm of possibility at this point in time, 
and I would be willing to be that if such an island were found, and
inhabitated by more than 2 people, it would promptly be claimed by another
country, the people would be run off, and the UN would back this up. 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From bgrosman at healey.com.au  Fri Nov  8 20:04:45 1996
From: bgrosman at healey.com.au (Benjamin Grosman)
Date: Fri, 8 Nov 1996 20:04:45 -0800 (PST)
Subject: Legal Deffinition of Encryption?
Message-ID: <2.2.32.19961109040141.00956568@healey.com.au>


Dear Sir,

>Is there any law(s) that actully define encryption?
>
>At it's very basics encryption is taking a group of 1's & 0's converting
them into a different group of 1's & 0's and providing a mecanisim to change
them back to the original group of 1's & 0's.
>
>>From a legal standpoitnt how is PGP any different than PKZIP? How does the
law make a diference between an "encryption" program and a "compression"
program other than the fact that the encryption program is advertized as
encryption and the compression program is advertized as compression?

I have absolutely no idea: this is a very interesting problem. Not for just
compression and encryption differention legally, but also, well, ANY other
data form. If one defines a new format for saving data (i.e a new image
format), and then exports this technology from the USA, is this exportation
of munitions due to it's unknown qualities? Or what? 
I know that in Australia there have been problems defining electronic data,
especially pictures (usually porn), for the purposes of prosecution.
Because, really, a pornographic picture is no more than 1's and 0's arranged
in a different way by a different algorithm. 
Thus I think it most likely that the law would try and approach it from the
direction of the algorithm that saved the data and the intent with which the
algorithm was written.
Otherwise, I don't know.

Yours Sincerely,

Benjamin Grosman






From ph at netcom.com  Fri Nov  8 20:08:39 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 20:08:39 -0800 (PST)
Subject: "Nightmare on Crypto Street, Part 1"
Message-ID: <v02140b01aea9abf3eda8@[192.0.2.1]>


At 10:42 AM 11/8/1996, Timothy C. May wrote:
> And whenever any of us raised issues of Constitutionality of the measures
> Peter was predicting, such as random searches, conviction based on
> possession of an illegal tool, forced escrow, etc., it seemed that Peter's
> response was usually some variant of:

> "Won't matter. The people will demand action."

Yes, in a pogrom situation, the Constitution is not much protection.

However, you can do quite a bit without straying far outside the
bounds of the Constitution.  Certainly without straying farther
than the Supreme Court has already done.

Random searches are probably not necessary and the procedure of issuing
search warrants need not change.  Instead of making the transmission
of encrypted messages illegal, encrypted messages become just cause
for a search of somebody's house for illegal cryptography software.

There is no prior restraint of free speech in this legal scenario.

What you make illegal is the possession and operation of cryptography
software.

Consider this analogy: I get up on a podium and announce "I shot
the Sheriff."  I have a legal right to do this.  However, if somebody
did recently shoot the sheriff, it is also likely that my house
will be searched.

The degree to which the Constitution needs to be eroded is slight
if there is broad popular support for the measures.  The reason
for this is that the list of suspects will be short.  If the
list of suspects is short, you can go to some trouble to follow
Constitutional procedures with each one.

Witch hunts and random searches will occur if there is large minority
devoted to pursuing cryptoanarchy and a majority which is just as
strongly devoted to putting a stop to it.

It is not one hundred percent clear to me that the operation of
cryptographic software is speech.  The software certainly does
not add meaning to the messages you are sending.

Unfortunately, the term "free speech" is vague and confusing.  You
can broadcast any number you like, unless it happens to be the number
that corresponds to the Windows95 executable.  You can say anything
you like, but you can't say anything that is untrue about a private
person.  Where in the First Amendment is any distinction drawn between
public and private people?  Why am I allowed to say untrue things
about public figures?  And so on.

There are any number of ways to make the possession of cryptographic
software illegal.  For instance, the government could change the
patent laws to make cryptography patents have a 100 year term.  (This
will be done to promote cryptography. ;-)  Then, after the evils
of cryptography are "discovered" the government can nationalize the
software patents and beef up the penalties for patent violations.

> But I think this "nightmare scenario" is implausible.

I agree.  The reason we have to consider this "straw man" is that it
is considered to be a legitimate policy discussion amongst people at
the highest levels of our society.

> And the points many of us have been making about digital commerce, the
> central role of the Net in so many things, and the international
> connections, mean that a pogrom launched against the Net just isn't going
> to fly. Too many corporate interests are at stake.

I agree with this, too.  I think a lot of people have been sitting on
the fence waiting to see which way the crypto ball is going to bounce.
I think it's going to bounce towards cryptoanarchy.

Peter Hendrickson
ph at netcom.com







From shamrock at netcom.com  Fri Nov  8 20:16:02 1996
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 8 Nov 1996 20:16:02 -0800 (PST)
Subject: Spam Hater: fight back the spammers
Message-ID: <Pine.3.89.9611082032.A7699-0100000@netcom9>


>From http://www.compulink.co.uk/~net-services/spam/

Hit back at the Spammers!

Get lots of e-mail offering you get-rich-quick schemes? Want to hit back? 
"Spam Hater" is free
Windows software that helps you respond effectively and makes it hot for 
these people.

   Analyses the Spam 
   Extracts a list of addresses of relevant Postmasters, etc. 
   Generates a "WHOIS" query to help track the perpetrator 
   Prepares a reply 
   Choice of legal threats, insults or your own message 
   Appends a copy of the Spam if required 
   Puts it in a mail window ready for sending 

Spam Hater works with lots of popular e-mail programs directly - there's 
no tedious cutting
and pasting. 

Supported E-Mail Programs

Ameol, AOL 2.5I, Eudora Light 1.5.2, 1.5.4, Eudora Pro 2.2, Free Agent 
0.99, Microsoft Internet
Explorer 3.0 (4.70.1155), Netscape 1.2N, 2.02, 3.0, Pegasus Mail V2.4X, 
Virtual Access V3.51.

Download here.. If you already have VBRUN300.DLL, save some time with the 
"lite" version. 


-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"






From snow at smoke.suba.com  Fri Nov  8 20:38:08 1996
From: snow at smoke.suba.com (snow)
Date: Fri, 8 Nov 1996 20:38:08 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b07aea7f1963f8c@[192.0.2.1]>
Message-ID: <199611090440.WAA00499@smoke.suba.com>


> It appears to be widely believed that cryptoanarchy is irreversible.
> Everybody believes that the race to deploy or forbid strong cryptography
> will define the outcome for a long time.
> I can't think of a reason why this should be so.
> If the wide use of strong cryptography results in widely unpopular
> activities such as sarin attacks and political assassinations, it
> would not be all that hard to forbid it, even after deployment.
> I am curious why many people believe this is not true.
> 
    I can point to one circumstance which calls your belief into question:

    Prohibition.

    Alcohol was widely seen as a problem by people who didn't use it, and 
social pressures made many people who did use it vote to get rid of it. 

    Other people promptly got rich selling it to those who still wanted it.

    Alcohol is a little more obvious and harder to hide than crypto.


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From ph at netcom.com  Fri Nov  8 21:34:01 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 8 Nov 1996 21:34:01 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b03aea9c3897878@[192.0.2.1]>


At 4:41 PM 11/8/1996, Matthew Ghio wrote:
> If, as is presumed in this discussion, society will become divided into
> two somewhat distinct groups of people, the crypto-anonymous group and
> the traceable-identifiable group, then the predictable outcome is that
> members of the traceable-identifiable group will become increasingly
> victimized by members of the crypto-anonymous group.  People who are
> easily identifiable and tracked are easy prey.

If people feel they have to go "underground" in order to protect
themselves, you will see near unanimous support for mandatory GAK.
This qualifies as a nightmare scenario for almost everybody, even
many of the readers of this list.

Universal traceability and identifiability is not necessarily a
consequence of GAK.  By universal I mean "available to everyone."
Were this to be a problem, the information would be confined to
"responsible" parties.  I think I can describe a way to do this in
nearly every scenario.  There is certainly no reason why driver's
license data need be on the Web.

Peter Hendrickson
ph at netcom.com







From ichudov at algebra.com  Fri Nov  8 21:37:13 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Fri, 8 Nov 1996 21:37:13 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <v03007800aea9a5cba79b@[207.167.93.63]>
Message-ID: <199611090534.XAA03845@manifold.algebra.com>


Timothy C. May wrote:
> I found RPN ideal for exploratory calculations, where the stack orientation
> was just so "natural."
> 
> This is not RPNpunks, but it seems that many of the younger subscribers
> here really have not been exposed to RPN calculators. It's really worth the
> $40 or so to buy the cheapest H-P calculator that has RPN.
> 

I also used RPN calculators 10 years ago, in high school, in Russia.
Still miss them.  Which model (for no more than $40 or so) is the best
around here?

Sorry if this question has already been answered here, nowadays it is 
pretty tough list to read.

thanks

	- Igor.





From shamrock at netcom.com  Fri Nov  8 21:54:52 1996
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 8 Nov 1996 21:54:52 -0800 (PST)
Subject: [Announcement] Cypherpunks Shooting Club
Message-ID: <Pine.3.89.9611082125.A13815-0100000@netcom9>


By popular request, I am following up on the three year old idea of the 
Cypherpunks Shooting Club. All Cypherpunks in the San Francisco Bay Area 
interested in participating are welcome to contact my by email. If enough 
individuals wish to participate, the first practice session 
will be held at the United Sportsmen Rifle Range in Concord this Sunday.

Bring your own firearm or use one of the ones provided.

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"






From jimbell at pacifier.com  Fri Nov  8 22:49:56 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 8 Nov 1996 22:49:56 -0800 (PST)
Subject: "Nightmare on Crypto Street, Part 1"
Message-ID: <199611090649.WAA14415@mail.pacifier.com>


At 10:42 AM 11/8/96 -0800, Timothy C. May wrote:

>I also summarize Peter's set up much as you did:
>
>"Suppose the Four Horsemen ride in. Suppose planes are being shot down,
>buildings in every city are being blown up, people are being killed left
>and right by crypto-hired-killers, Sarin gas is wafting through the
>subways, and cats are afraid to go out at night. People will get out their
>pitchforks and break in the doors of their neighbors in search of the
>demonic crypto tools of Satan.

Don't forget the flaming torches!  Carried by the throngs of terrified villagers!


Jim Bell
jimbell at pacifier.com





From apoulter at nyx.net  Fri Nov  8 23:17:36 1996
From: apoulter at nyx.net (Alan  Poulter)
Date: Fri, 8 Nov 1996 23:17:36 -0800 (PST)
Subject: HAPPY GUY FAWKES DAY!
Message-ID: <9611090717.AA00230@nyx.net>



Being English I did a double take when I read the following:-

Sandy Sandfort wrote:-
> On this day in 1605 the Gunpowder Plot was foiled.  Guy Fawkes
> and his compatriots had intended to blow up Parliment.
> 
> The English celebrate it because Guy Fawkes failed.
> 
> I celebrate it because he tried.  :-)

I'm sorry Sandy, you are supporting the wrong side. Guy Fawkes
was not against government but just Protestantism. He wanted a
Catholic restoration in England enforced by foreign governments.
This would have involved many people being tortured and executed
for their religious beliefs. 

It was the growing rift between Parliament and the Stuart Kings
over who should rule that lead to the English Civil War, Charles 
the First being executed on the 30th January 1649 and the
end of government by birthright. In the period of the Commonwealth,
when Parliament ruled alone, all sorts of strange political ideas
appeared, like the one that everyone had a right to individual 
freedom (Winstanley and the Levellers). All this would have been
derailed had Guy Fawkes succeeded.

I am more than happy to celebrate Guy Fawkes night with the kids
and give a penny for the guy.

Alan Poulter






From elibrary at INFONAUTICS.COM  Fri Nov  8 23:42:11 1996
From: elibrary at INFONAUTICS.COM (Electric Library)
Date: Fri, 8 Nov 1996 23:42:11 -0800 (PST)
Subject: Electric Library
Message-ID: <199611090742.XAA23983@toad.com>


Dear Electric Library Trial Member,

Your free trial membership to Electric Library has recently expired.  First,
we'd like to say "thanks for trying our service."  We sincerely hope your
experience was enjoyable.

We'd also like to invite you to take advantage of full membership...because we
know that if you had the opportunity to use the service during your trial
membership, you won't want to go a single day without it!

So subscribe now, and for less than the cost of a daily newspaper, continue to
have access to all of the Electric Library benefits you sampled during your
trial period.  Visit to www.elibrary.com and you will immediately begin to...

-> Save valuable time.  Make the most of your time online and even save trips to
	the local library.

-> Access high quality, full text publications all on one site.

-> Provide your entire family with a safe, comprehensive online research library.

-> Receive unlimited personal access to the entire Electric Library for just
	$9.95 per month.

We also wanted to make sure we are doing everything we can to create the best
Electric Library possible. Serving our members is our highest priority.  At
any time, if you have any questions, comments, or suggestions about Electric
Library, please share them with us by emailing to elibrary at infonautics.com or
call 1-800-247-7644  (6 days a week, Monday through Friday from 8 AM to 8 PM EST
and Saturday, from 8 AM to 4 PM EST).

Once again, thank you for trying Electric Library!  We hope to welcome you as
a subscriber soon!

Here's how to subscribe:

->To Sign up Online:

      1) Open your web browser to http://www.elibrary.com
      2) Click on the "Subscriptions" link on the left side of the home page and
	 follow the directions.

->To sign up Offline :

Please print this form and fill it out completely and deliver it via email, fax or
mail.  We will create an account for you and notify you via e-mail,  usually
within 24 hours of our receiving this form.

Email:  info at elibrary.com

Fax :   (610) 971-8851

Mail:   Subscriptions
        Infonautics Corporation
        900 West Valley Road, Suite 1000
        Wayne, PA 19087
--------------------------------------------------------------------------------
Subscription Form: (Please fill in all information)
--------------------------------------------------------------------------------
Please be sure to write your name and address as they appear on your credit card

First Name:_________________________________

Last Name:_________________________________

Telephone:_________________________________

E-mail Address:_____________________________

Address Line One:______________________________

Address Line Two:______________________________

City:________ State:____  Zip:____________________

Country:______________________________________

We currently bill only through all major credit cards: WE DO NOT ACCEPT CHECKS
OR MONEY ORDERS.

Credit Card Number:_________________________________________

Credit Card Type:___________________ Expiration Date: __________


Please choose a User ID and password for your Electric Library membership.
User names should be more than six characters in length but less than thirteen.

User Name:________________________________

Password:____________


Finally, please review the Terms and Conditions of our service posted at
www.elibrary.com. By subscribing to the Electric Library, you indicate your
acceptance of these terms and conditions. These terms apply to individuals only.







From unicorn at schloss.li  Sat Nov  9 00:31:47 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 9 Nov 1996 00:31:47 -0800 (PST)
Subject: [Announcement] Cypherpunks Shooting Club
In-Reply-To: <Pine.3.89.9611082125.A13815-0100000@netcom9>
Message-ID: <Pine.SUN.3.94.961109033035.19913D-100000@polaris>


On Fri, 8 Nov 1996, Lucky Green wrote:

> By popular request, I am following up on the three year old idea of the 
> Cypherpunks Shooting Club. All Cypherpunks in the San Francisco Bay Area 
> interested in participating are welcome to contact my by email. If enough 
> individuals wish to participate, the first practice session 
> will be held at the United Sportsmen Rifle Range in Concord this Sunday.

Concord Maryland?

> 
> Bring your own firearm or use one of the ones provided.
> 
> -- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
>    Member JPFO. "America's Aggressive Civil Rights Organization"
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From field at pipeline.com  Sat Nov  9 00:44:32 1996
From: field at pipeline.com (Richard L. Field)
Date: Sat, 9 Nov 1996 00:44:32 -0800 (PST)
Subject: Legal Definition of Encryption?
Message-ID: <1.5.4.16.19961109034528.1b1f9be6@pop.pipeline.com>


  The U.S. Export Administration Regulations (Commerce Department) include
the following definitions:

  "Cryptography" -- "The discipline that embodies principles, means and
methods for the transformation of data in order to hide its information
content, prevent its undetected modification or prevent its unauthorized
use.  'Cryptography' is limited to the transformation of information using
one or more 'secret parameters' (e.g., crypto variables) and/or associated
key management.  Note: 'Secret parameter': a constant or key kept from the
knowledge of others or shared only within a group." (Part 772)

  "Information security" -- "All the means and functions ensuring the
accessibility, confidentiality or integrity of information or
communications, excluding the means and functions intended to safeguard
against malfunctions.  This includes 'cryptography', 'cryptanalysis',
protection against compromising emanations and computer security."

  These definitions and others are used within the Commerce Control List
(Supplement No. 1 to Part 774) to regulate the export of certain Information
Security related equipment, software, etc. (Category 5:II).

  The U.S. International Traffic in Arms Regulations (State Department) also
regulates (until 1/1/97, when jurisdiction is expected to move to Commerce)
the export of certain "Cryptographic systems", etc. including those with the
capability of maintaining secrecy or confidentiality of information systems.
(The United States Munitions List, Section 121.1, Category XIII-Auxiliary
Military Equipment)

   - Richard Field



At 01:48 PM 11/8/96 -0400, "William H. Geiger III" <whgiii at amaranth.com> wrote:

>Is there any law(s) that actully define encryption?
>
>At it's very basics encryption is taking a group of 1's & 0's converting
them into a different group of 1's & 0's and providing a mecanisim to change
them back to the original group of 1's & 0's.
>
>>From a legal standpoitnt how is PGP any different than PKZIP? How does the
law make a diference between an "encryption" program and a "compression"
program other than the fact that the encryption program is advertized as
encryption and the compression program is advertized as compression?






From haystack at cow.net  Sat Nov  9 00:50:41 1996
From: haystack at cow.net (Bovine Remailer)
Date: Sat, 9 Nov 1996 00:50:41 -0800 (PST)
Subject: No Subject
Message-ID: <9611090838.AA07313@cow.net>


Tim C. May has been beaten up numerous times by fellow prostitutes for driving 
blow job prices down.






From SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil  Sat Nov  9 01:11:21 1996
From: SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil (SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil)
Date: Sat, 9 Nov 1996 01:11:21 -0800 (PST)
Subject: allow me to state the obvious....
Message-ID: <9610098475.AA847591051@smtp-gw.cv62.navy.mil>


i am your average joe who uses the computer for work and e-mail and the 
occasional jaunt into the internet. going along reading this whole 
crypto-anarchy thing makes me want to cry. the whole point of cryptography 
is getting info from my eyes to yours. period. you can say that "illegal" 
information passes along the internet, but hello people - illegalities have 
been going on since long before the invention of the computer (or even the 
notion of cryptography - if i may stop to point out the obvious).  the only 
reason _i_ use encrypted stuff is because i don't want my nosy sysadmin 
reading my mail.  its that simple.  think about it.  how many times is your 
e-mail handed off?  when sent it naturally follows the most convenient path 
to its destination, and even anonymous re-mailers (can) keep a hard copy of 
the messages that cross their connections with the original address 
included.  you can go off into spoofing address and so on, but your average 
joe may (or may not) have the time or knowledge (much less the motivation) 
to do that.  keep that in mind before you go saying that crypto is a 
good/bad thing. 

---------------------- SUCRUM22 at cv62.navy.mil -----------------------
  a calculated risk based on the possible consequence of an action
 is better than a haphazard one based on poor judgment or ignorance
---------------------------------------------------------------------
Don't confuse my views with those of the DoD or the United States Navy





From paul at fatmans.demon.co.uk  Sat Nov  9 01:31:44 1996
From: paul at fatmans.demon.co.uk (Paul Bradley)
Date: Sat, 9 Nov 1996 01:31:44 -0800 (PST)
Subject: Information [for new PGP user]
Message-ID: <847531595.526905.0@fatmans.demon.co.uk>



> >I'll bet you can't find 10 out of 1,000 users who have read the total source,
> >let alone comprehended and validated it.
> 
> Depending on the system, compiler and version of PGP, compilation may or
> may not function as expected.


I know,

I class myself as quite an experience programmer (though I haven`t 
done a lot of code recently) but I spent several days weeding through 
the bugs and it still wouldn`t compile on Borland C++ V4.51 so I just 
read the core code and hoped the executable was really derived from 
that code. I`m normally more paranoid than that but I just don`t have 
the time to spend getting borland to compile it. It won`t even 
compile on my system with the borland makefile than comes with PGP.

Has anyone else on here managed to get it to compile under Borland 
and how long did it take them????


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From gnu at toad.com  Sat Nov  9 01:32:30 1996
From: gnu at toad.com (John Gilmore)
Date: Sat, 9 Nov 1996 01:32:30 -0800 (PST)
Subject: New Linux-IPSEC mailing list for the S/WAN project
Message-ID: <199611090929.BAA25559@toad.com>


I'm sending you this message because you might be interested in
helping to build or test or document, or teach about, my S/WAN project
to secure 5% of the net by Christmas.

There is now a public mailing list which you can join to find out
what's happening in the project, get the latest software for testing,
ask questions, etc.  To join the list, send mail to:

	linux-ipsec-REQUEST at clinet.fi

The email should contain a single line that just says:

	subscribe

This mailing list will have discussions, not just announcements,
and will be very technical (not political or social).

The S/WAN project's goal is to provide free software that makes it
easy to encrypt a site's net traffic automatically, and to encourage
acceptance and deployment of this software.  My original timetable
aimed to have 5% of the net encrypted by Christmas.  We will not meet
this goal; it was romantic, but very ambitious.  Instead, my current
goal is to have our first complete software release available by
Christmas, which people can use to encrypt 5% of the net in the
following months.  This is still an ambitious goal.

In case you haven't been following developments in the project,
there's a new version of the Domain Name System BIND code that you can
install to enable your site to publish its keys to the net.  Our
software to USE the keys isn't ready yet -- but it usually takes weeks
or months to get your domain administrator to update their version of
BIND, so it's a great idea to get them started now.

There's also a very new test version of the Linux kernel code that
implements low-level packet encryption.  This code requires manual
configuration, and only implements single-DES rather than triple-DES.
It has a long way to go.  But it enables you to manually set up
encrypted tunnels to other sites around the Internet (such as other
sites in your company, or which you collaborate with).  Shaking out
this layer and making it solid and bulletproof is important, so we can
depend on it as we build the higher layers that provide encrypting
tunnels automatically and opportunistically.  Details on how to get
the test software are in the web page at:

	http://www.cygnus.com/~gnu/swan.html

I hope that having a mailing list for the helpers and implementers
will make it easier for everyone to stay up to date, and easier for
everyone to contribute.  If we all push in the same direction, we may
have 5% of the net traffic encrypted by Easter...

	John Gilmore

PS: The new Linux-IPSEC mailing list is graciously hosted in Finland
by Tatu Ylonen, author of ssh, another good piece of cryptographic
software.  Linux is the free operating system on which the project is
being built.  IPSEC is the set of (Internet Protocol SECurity)
protocols which add packet-level encryption to TCP/IP.






From paul at fatmans.demon.co.uk  Sat Nov  9 01:42:20 1996
From: paul at fatmans.demon.co.uk (Paul Bradley)
Date: Sat, 9 Nov 1996 01:42:20 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <847531595.526906.0@fatmans.demon.co.uk>



> It appears to be widely believed that cryptoanarchy is irreversible.
> Everybody believes that the race to deploy or forbid strong cryptography
> will define the outcome for a long time.

This is certainly my position...

 
> I can't think of a reason why this should be so.

> If the wide use of strong cryptography results in widely unpopular
> activities such as sarin attacks and political assassinations, it
> would not be all that hard to forbid it, even after deployment.

I don`t think so. The point is that cryptoanarchic ideals and strong 
cryptography will be too widely deployed to remove them from 
circulation. Also I believe that the sheer amount of traffic over the 
internet will make it virtually impossible to find encrypted messages 
even if strong encryption is outlawed. And last but not least the 
system of anonymous remailers and the ease with which return 
addresses can be forged means people using strong cryptography 
couldn`t be traced anyway.  


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From dildo at americanbanker.com  Sat Nov  9 01:54:50 1996
From: dildo at americanbanker.com (Dildophus)
Date: Sat, 9 Nov 1996 01:54:50 -0800 (PST)
Subject: French Smart Card Firms in Merger Deal
Message-ID: <327725C1.380@americanbanker.com>


NEW YORK -- Schlumberger Electronic Transactions, a leading French smart
card company, said Wednesday it signed a letter of intent to acquire
Soliac, a unit
of the French processing company Sligos that makes magnetic stripe and
smart cards.

The Schlumberger company's agreement to buy Solaic points to further
consolidation in the smart card industry, which has seen a number of
joint ventures
and acquisitions in the past year.

Solaic has manufacturing facilities in France and Spain. Its marketing
operations are
primarily in those countries, Germany, and the United Kingdom.

The proposed transaction, which is subject to the signing of definitive
agreements,
would include a partnership to develop smart-card-based systems.





From dildo at americanbanker.com  Sat Nov  9 01:58:50 1996
From: dildo at americanbanker.com (Dildophus)
Date: Sat, 9 Nov 1996 01:58:50 -0800 (PST)
Subject: FICS Group to Build On Microsoft Platform
Message-ID: <327726BB.5F2D@americanbanker.com>


BRUSSELS -- FICS Group, an international banking systems company,
announced a major electronic delivery initiative based on Microsoft
Corp.
technology.

Expanding on the personal computer and telephone modes of banking
service
delivery, FICS said it is expanding into smart phones, personal digital
assistants and
wireless phones, electronic wallets, and Internet-based services.

Microsoft platforms play a major role in FICS offerings, and Microsoft's
Activex
technology will be employed in Internet development.

"The fact that FICS has chosen Windows NT as one of its key development
platforms and adheres to the Open Financial Connectivity standard makes
the
company a valuable partner for Microsoft," said Ashley Steele, the
Redmond,
Wash., software company's marketing manager for the banking industry.

FICS also participates in the Tandem Computers Inc. "payments factory"
program,
also based on Windows NT.

Separately, FICS said it entered into a strategic partnership with
Swift, the global
banking telecommunications network. As a Level 3 partner, FICS is one of
a few
select firms that exchange strategic information with Swift and promote
each other's
products.





From brazie at ipa.net  Sat Nov  9 04:10:58 1996
From: brazie at ipa.net (Brazie)
Date: Sat, 9 Nov 1996 04:10:58 -0800 (PST)
Subject: No More
Message-ID: <199611091210.GAA01799@dogbert.ipa.net>


At 06:53 PM 11/8/96 -0500, YoungSik Jeong wrote:
>I want take off mail list
>
>
>so do i, i tried but i keep getting all this damn mail






From jya at pipeline.com  Sat Nov  9 05:48:35 1996
From: jya at pipeline.com (John Young)
Date: Sat, 9 Nov 1996 05:48:35 -0800 (PST)
Subject: Why Crypto Is Hard
Message-ID: <1.5.4.32.19961109134656.006ac294@pop.pipeline.com>


We've put Bruce Schneier's "Why cryptography is harder than it looks"
November 6 post to Risks at:

     http://jya.com/whyhard.htm

Thanks to SZ.








From dlv at bwalk.dm.com  Sat Nov  9 05:50:07 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 05:50:07 -0800 (PST)
Subject: Vulis on the remailers
In-Reply-To: <199611082058.MAA01697@abraham.cs.berkeley.edu>
Message-ID: <28m5wD1w165w@bwalk.dm.com>


nobody at cypherpunks.ca (John Anonymous MacDonald) writes:

> Please, remailers, source block Vulis for a week.
> Remailer Fan

I'm not sending anything via any remailers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov  9 05:51:28 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 05:51:28 -0800 (PST)
Subject: [NOISE] If the shoe fits, wear it [VULIS]
In-Reply-To: <32824C50.227B@ix.netcom.com>
Message-ID: <qco5wD6w165w@bwalk.dm.com>


Rich Graves <rcgraves at ix.netcom.com> writes:
> Personally, I wish Vulis would just go away, permanently, and I would
> not consider any nonviolent, non-net-abusing means to stop his ravings
> inappropriate. However, I do not believe that there are any nonviolent,
> non-net-abusing means to stop his ravings, so we're at an impasse, as

If you use procmail to filter out whatever I say, then it may seem to you that
I've gone away. But that's not what the "libertarians" want - e.g. the lying
shyster from Florida, with the Harry Browne plug in his signature, wrote that
he already killfiled me, but wants me silenced so others can't read me either.

> far as the cypherpunks list is concerned. I think that if this became a
> forum for Vulis-bashing, and he were unable to respond, then that would

Evidently Timmy May would like very much to continue posting lies about me
and his other "enemies" on this list without our being able to refute them.

> advertised), others of which I thought showed the moderator to be an
> intolerant, hypocritical asshole.

You sure come down hard on John Gilmore. :-)

> provided that there was procedural transparency. I.e., announcing what
> had happened and allowing discussion of what happened was the right
> thing to do. Only if he kicked people off without telling the list, or
> lied about his reasons for doing so, or suppressed dissent with his

You may know something that I don't know for a fact, and I would appreciate
an explanation from you:

First, John tried to ban me from the list in a sneaky manner, as befits a
small-time petty blonde bitch. He did not tell me that deleted my address
from the mailing list and instructed majordomo to "play dead" in response
to any requests from me. I just assumed that toad.com was down; it took me
a little while to figure out John's sneaky games, at which point I posted
a note about that to c-punks. Timmy May immediately posted a denial. John
Gilmore's public admission of his censorship only came days later.

Second, how do you know that I was the only person so censored? I may well
be the only person tenacious enough to stick around afterwards and to expose
John Gilmore's hypocricy and total lack of credibility, but I recall a few
incidents when other high-profile posters suddenly disappeared right in the
middle of conversation without even saying goodbye. Names like Fred Cohen,
"high crime" and David Sternlight come to mind... Did John Gilmore silence
them or others whose writings he didn't like the way to tried to silence me?

You're definitely wrong about the "announcing" bit, but I'd appreciate any
evidence that I was the "only" person censored on this list as you claim.

> then would I have a serious [moral and personal, not legal or
> philosophical, since people have the right to be hypocritical assholes
> if they want to be] problem with it.

Yes, and how do you know how many times John Gilmore exercised his right?
I sure don't, and would like to know.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From aba at dcs.ex.ac.uk  Sat Nov  9 07:23:59 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Sat, 9 Nov 1996 07:23:59 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b04aea905f722f8@[192.0.2.1]>
Message-ID: <199611091130.LAA00192@server.test.net>



Peter Hendrickson <ph at netcom.com> writes:
> > I hide the relatively small amount of data within a very large
> > amount of data which makes it impossible to find.  Data from analog
> > sources, like the "real world" (images, sounds, etc) is noisy.  This
> > is a fact of life.  Because this data is noisy I can hide
> > information in the noise.  As long as the information I am hiding
> > maintains the same statistical properties of noise it is impossible
> > to pull the information out of the data file unless you have the
> > key.  If I am paranoid enough I can make this key impossible to
> > discover without a breakthrough in factoring.
>
> Where will you keep your secret key?  Remember, when they go through
> your house they bring 20 young graduates from MIT who are just dying
> to show how clever they are and save the world at the same time.

Keep your secret key in your head.

> > This is the essence of steganography and the nature of signal and
> > noise are fundemental principles of information theory.
>
> The concept of noise is not all that well defined, however.  There
> is no way to look at a signal and say "this is all noise."
> Sometimes physical theories may lead you to believe that it is all
> noise.  That is fine for many applications, but when becomes less
> convinced of things if the consequences are severe.

Your plausible deniability has to get quite low before it will stand
up as "proof" in court.

Your real challenge is keeping your stego programs safe.  Boot
strapping a stegoed encrypted file system while leaving no stego code
lying around isn't that easy.

> >> If you are not doing it by hand, you own terrorist software and will pay
> >> the price.
> 
> > Ah yes, terrorist programs like cat and perl and operating systems like
> > Linux which contain a loopback filesystem that I can hook a perl
> > interpreter into at compile-time (which is enough for me to rewrite the
> > program from scratch each time if necessary, unless things like math
> > libraries are also outlawed on computers :)  I think that the crypto
> > concentration camps are going to be very crowded places.
> 
> Can you elaborate on this?  I am curious to know exactly what you are going
> to keep in your head and what goes on the disk.  Please post the Perl
> code that you would type in from scratch every time.

My specialty :-)

rc4 in C:

#define S,t=s[i],s[i]=s[j],s[j]=t /* rc4 key <file */
unsigned char s[256],i,j,t;main(c,v)char**v;{++v;while
(s[++i]=i);while(j+=s[i]+(*v)[i%strlen(*v)]S,++i);for(
j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;}

rc4 in perl:

#!/usr/local/bin/perl -0777-- -export-a-crypto-system-sig -RC4-3-lines-PERL
@k=unpack('C*',pack('H*',shift));for(@t=@s=0..255){$y=($k[$_%@k]+$s[$x=$_
]+$y)%256;&S}$x=$y=0;for(unpack('C*',<>)){$x++;$y=($s[$x%=256]+$y)%256;
&S;print pack(C,$_^=$s[($s[$x]+$s[$y])%256])}sub S{@s[$x,$y]=@s[$y,$x]}

The other problem I see is that if you have a stego file system in an
audio file, your disk writes are going look strange.  The inaccuracy
of disk head placement, is going to ensure that someone with the know
how will be able to copy off the last dozen pieces of data you wrote.

If they are all the same data with the exception of the LSB, it's
goint to look fishy.  Solid state storage devices are better.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From camcc at abraxis.com  Sat Nov  9 07:46:20 1996
From: camcc at abraxis.com (Alec)
Date: Sat, 9 Nov 1996 07:46:20 -0800 (PST)
Subject: [Announcement] Cypherpunks Shooting Club
Message-ID: <2.2.32.19961109154623.0069854c@smtp1.abraxis.com>


At 09:54 PM 11/8/96 -0800, you wrote:
:By popular request, I am following up on the three year old idea of the 
:Cypherpunks Shooting Club.
:
:Bring your own firearm or use one of the ones provided.

:-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred

How timely, especially after (or during) Flame Wars--96!

How are targets to be determined, by lot?

Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc at abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             






From jya at pipeline.com  Sat Nov  9 07:49:18 1996
From: jya at pipeline.com (John Young)
Date: Sat, 9 Nov 1996 07:49:18 -0800 (PST)
Subject: Why Crypto Is Hard
Message-ID: <1.5.4.32.19961109154744.006c82e0@pop.pipeline.com>


Bruce asks his Risk post not be distributed on the Web. Okay.






From junger at pdj2-ra.F-REMOTE.CWRU.Edu  Sat Nov  9 08:10:56 1996
From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Date: Sat, 9 Nov 1996 08:10:56 -0800 (PST)
Subject: WebTV a "munition"
In-Reply-To: <3283A25B.1D6E@ix.netcom.com>
Message-ID: <199611091610.LAA00420@pdj2-ra.F-REMOTE.CWRU.Edu>


Rich Graves writes:

: Eric Murray wrote:
: > 
: > Page 3 of the San Jose Mercury News has a small blurb
: > about WebTV's browser/set-top box that "uses
: > computer-security technology so powerful that the
: > government is classifying it as a weapon
: > that will require a special export license before
: > it can be sold overseas".[...]
: > shouldn't be too difficult.  If they didn't use the "export"
: > level SSL CipherTypes, then what're they up to?  Are they
: > fighting crypto export laws (for which they should be congratulated
: > and supported) or are they just looking for free publicity?
: 
: Based on the lack of public policy pronouncements from the WebTV folks, 
: I would answer C) They're clueless. I'm not sure that management even 
: understood, or wanted to understand, that they'd have an export problem.
: See http://www.webtv.net/

But note that both their licensees, Sony and Philips, are foreign
companies.  Presumably they will just manufacture the boxes outside
the U.S. when they want to market them outside the U.S.

As far as I know, the only person convicted of shipping cryptographic
devices outside the U.S. without a license was guilty of shipping a
satellite TV descrambler to Latin America.  So there is some sort of
precedent.  (And, of course, no First Amendment problem.)

But there is a big question as to whether WebTV violated the ITAR by
transfering cryptographic _information_ to the licensees.

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger at pdj2-ra.f-remote.cwru.edu    junger at samsara.law.cwru.edu
                     URL:  http://samsara.law.cwru.edu





From rah at shipwright.com  Sat Nov  9 08:17:22 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 9 Nov 1996 08:17:22 -0800 (PST)
Subject: DCSB: Money Laundering -- The Headless Horseman of the Infocalypse
Message-ID: <v03007822aeaa5af8a26e@[206.119.69.46]>


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----



                 The Digital Commerce Society of Boston

                              Presents
                           "Black Unicorn"

                         "Money Laundering --
               The Headless Horseman of the Infocalypse"



                        Tuesday, December 3, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


S. L. vonBernhardt, <mailto:unicorn at schloss.li>, is an attorney, a member
of the board of directors of two European financial institutions, author
of "Practical and Legal Problems Confronting the Asset Concealer in
Relation to Offshore Financial and Corporate Entities" and a former
member of the intelligence community.  He is currently working to develop
and preserve institutions dedicated to traditional standards of financial
privacy.


One of the most disturbing products of the "war on drugs" has been the
effective criminalization of many forms of formerly legal financial
transactions.  The resulting legislation places serious burdens on
financial institutions in the form of "due diligence" requirements, as
well as building what can be an inflexible barrier before those who would
implement uncompromised digital commerce systems.  Mr. vonBernhardt will
address the legislative burdens imposed on financial institutions, the
likely impact on future systems of digital commerce, potential solutions
through regulatory arbitrage, and the practical problems facing
jurisdictions seeking to enforce regulations in the face of advanced
systems of digital commerce.

No cameras, please.


This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, December 3, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is
$27.50. This price includes lunch, room rental, and the speaker's lunch.
;-).  The Harvard Club *does* have dress code: jackets and ties for men,
and "appropriate business attire" for women.

We need to receive a company check, or money order, (or, if we *really*
know you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, November 30, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be
sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've
had to work with glacial A/P departments more than once, for instance),
please let us know via e-mail, and we'll see if we can work something
out.

Planned speakers for DCSB are:

 January    Rodney Thayer    Applying PGP To Digital Commerce
 February   David Kaufman    1996 in Review / Predictions for 1997

We are actively searching for future speakers.  If you are in Boston on
the first Tuesday of the month, and you would like to make a
presentation to the Society, please send e-mail to the DCSB Program
Commmittee, care of Robert Hettinga, rah at shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo at ai.mit.edu .  If you
want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the
body of a message to majordomo at ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston




-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b4 e22

iQCVAwUBMoSp3PgyLN8bw6ZVAQFaqgP/XPH82Z2EcgEpIQ0V2YiySW7Zlh/mYcxz
xxoYtwVg5YwYmdlT7ueqFwRyzf/KfI4/MbLSj1NB+pDh2yEpZlokIo+u0qJPfYgT
aP/bQg7fKOJ3iwrQUTlJuuxhM2TlUcqSlZXymgvvq/VZnq6uygT2GSC/OxMBTGrg
aUq8cXlnNaI=
=U4Mr
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From ravage at ssz.com  Sat Nov  9 09:17:58 1996
From: ravage at ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 09:17:58 -0800 (PST)
Subject: Pseudo-law on the list and libel (fwd)
Message-ID: <199611091721.LAA00907@einstein>



Forwarded message:

> > >This opens up the potential, for example, for Tim May to sue the operator of
> > >the Cypherpunks mailing list now for posts from users (even anonymous ones)
> > >which defame or otherwise liable his character, reputation, or ability to
> > >pursue income in his chosen field. In short the operators of the list
> > >becomes publishers and distributors of the material. It is the legal
> > >difference between a bookstore and a book publisher.
> 
> There is a very distinct difference between ejecting disruptive influences
> and conducting one's self as a publisher and distributer.

Exactly. Because the list takes in submissions from ALL parties and then
resubmits them to ALL SUBSCRIBED parties it qualifies as a publisher. 

The real issue here is that folks on the net want the protection of the 1st
Amendment but they don't want the responsibility that goes along with it.
This list qualifies as a press. As a result it has a responsibility relating
to what it distributes.

Vulis was unpopular he was not distruptive. At NO time did he interfere with
the normal operation of the list software or prevent submissions or
remailings.

> > Pseudo-law on this list is really getting out of hand.
> 
> We need more lawyers.  That should replace the pseudo-law with real law.

We need fewer lawyers and better laws. Most pseudo-law is practiced by lawyers.


                                               Jim Choate






From ph at netcom.com  Sat Nov  9 09:36:20 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sat, 9 Nov 1996 09:36:20 -0800 (PST)
Subject: "Nightmare on Crypto Street--the Return of Sun Devil"
Message-ID: <v02140b00aeaa6b989fb7@[192.0.2.1]>


At 11:11 AM 11/8/1996, Timothy C. May wrote:
> As I said in my "Nightmare on Crypto Street" piece, it seems that Peter
> counters every one of our counterarguments with some variant of "won't
> matter--they'll have a dozen agents and 20 MIT graduates looking for
> evidence." Or, "won't matter, the Bill of Rights will be suspended for the
> duration of the Emergency." Well, it's hard to argue with such points.

I've created some confusion with my posts which have been less than
organized.  That's a consequence of making it up as you go along.  The
dialogue has helped me to refine my thinking.  (Thanks, guys!)

This is the rough structure of my thinking:

1. Hypothetically, let's say "Nightmare on Crypto Street" happens.
  1.1 We can't guarantee this will not happen, therefore it must
      be addressed.
  1.2 This is an unlikely scenario.

2. Thus, there would be broad public support for GAK.
  2.1 By broad, I mean even many former cypherpunks would recant.

3. Broad public support makes suppression of strong cryptography
   feasible.
  3.1 And, without dramatic short term erosion of the Constitution.
  3.2 Or, a short term break down in the rule of law.
  3.3 The number of violators would be small, so resources would
      be available to do hard things.
    3.3.1 Such as having 20 MIT grads go over your house with a fine
          toothed comb.

4. What are the motivations of the GAKers?
  4.1 They appear to want to suppress strong cryptography *before*
      we there is *any* evidence of a problem.
  4.2 That is unnecessary, because if 1. occurs, it may be addressed.
  4.3 It is as easier to impose GAK after 1. occurs, rather than
      before.
  4.2 Could it be that they want to prevent the public from discovering
      the benefits of cryptoanarchy?
  4.3 Why have the GAKers failed to address the risk of a police state?
      We've seen many police states historically.  They are an
      obvious and serious risk.  The GAKers have been oddly reticent
      regarding this point.

In the future I will try to make it more clear which area I am
addressing.

I'm sure many cypherpunks feel we are just rehashing issues that were
settled long ago.  I think it never hurts to go over our assumptions
and help new people to fully understand cypherpunk ideas.

It never hurts to anticipate future moves by the GAKers, either,
even ones they haven't thought of yet.

These discussions generate ideas of how to effect the changes
we want to see.

For instance, if we develop low tech inexpensive and easy ways to
support cryptoanarchy, it makes it much harder to suppress.  The
difficulty in suppression may prevent ill-advised attempts to do so.

Also, the more we can erode the barriers between code and language,
the stronger the case is that laws governing code are violations of
the First Amendment.  What if you had a compiler that accepted English
language instructions for how to build a crypto system?  "Take a
random number 64 bits long.  Then find a prime which is a little
larger.  Then...."  The language itself should remain protected by the
First Amendment even if somebody else has a compiler which can turn it
into software.

Another conclusion we can draw is that cryptoanarchy is more of a
political issue than many of us would like.  That means we might put
more effort into public opinion than just straight coding.  (Tim may
claim otherwise, but I think he agrees with this in practice.)

It may also be that the "bad boy" image of the Cypherpunks is
counterproductive to our goals.

Many people do not know how strongly I feel that GAK is a terribly
risky policy, as I have been playing Devil's Advocate for the last
couple of days.  Given almost every situation that is likely to arise,
I am totally opposed to GAK, and not just mandatory GAK, any GAK
whatsoever.  For instance, were I given the choice between
intellectual property laws (off which I have made my living), and GAK,
I would seriously consider discarding the intellectual property laws.

It is that bad of an idea.

And, like just about everybody else, the idea that certain forms of
arithmetic could be illegal is deeply offensive in its own right.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Sat Nov  9 09:36:29 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sat, 9 Nov 1996 09:36:29 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b02aeaa6d2cfe8f@[192.0.2.1]>


At 3:30 AM 11/9/1996, Adam Back wrote:
>Peter Hendrickson <ph at netcom.com> writes:
>> Where will you keep your secret key?  Remember, when they go through
>> your house they bring 20 young graduates from MIT who are just dying
>> to show how clever they are and save the world at the same time.

> Keep your secret key in your head.

I think this is hard to do in practice.  I have tried.

>>> This is the essence of steganography and the nature of signal and
>>> noise are fundemental principles of information theory.
>>
>> The concept of noise is not all that well defined, however.  There
>> is no way to look at a signal and say "this is all noise."
>> Sometimes physical theories may lead you to believe that it is all
>> noise.  That is fine for many applications, but when becomes less
>> convinced of things if the consequences are severe.

> Your plausible deniability has to get quite low before it will stand
> up as "proof" in court.

(This goes under 3.1 or 3.2 of my outline, which you may not have received yet.)

My idea is that the lack of noise is used as evidence to get a search
warrant.  The search warrant is used to get the evidence to put you away
forever.

(This goes under 3.3 of the outline.)

The severe penalties and significant chance of capture will keep the number
of cryptoanarchists low.

> Your real challenge is keeping your stego programs safe.  Boot
> strapping a stegoed encrypted file system while leaving no stego code
> lying around isn't that easy.

Excellent point, especially since you don't have an encrypted virtual
disk.  Can anybody resolve this?

>>>> If you are not doing it by hand, you own terrorist software and will pay
>>>> the price.

>>> Ah yes, terrorist programs like cat and perl and operating systems like
>>> Linux which contain a loopback filesystem that I can hook a perl
>>> interpreter into at compile-time (which is enough for me to rewrite the
>>> program from scratch each time if necessary, unless things like math
>>> libraries are also outlawed on computers :)  I think that the crypto
>>> concentration camps are going to be very crowded places.

>> Can you elaborate on this?  I am curious to know exactly what you are going
>> to keep in your head and what goes on the disk.  Please post the Perl
>> code that you would type in from scratch every time.

> My specialty :-)

> rc4 in C:

> #define S,t=s[i],s[i]=s[j],s[j]=t /* rc4 key <file */
> unsigned char s[256],i,j,t;main(c,v)char**v;{++v;while
> (s[++i]=i);while(j+=s[i]+(*v)[i%strlen(*v)]S,++i);for(
> j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;}

> rc4 in perl:

> #!/usr/local/bin/perl -0777-- -export-a-crypto-system-sig -RC4-3-lines-PERL
> @k=unpack('C*',pack('H*',shift));for(@t=@s=0..255){$y=($k[$_%@k]+$s[$x=$_
> ]+$y)%256;&S}$x=$y=0;for(unpack('C*',<>)){$x++;$y=($s[$x%=256]+$y)%256;
> &S;print pack(C,$_^=$s[($s[$x]+$s[$y])%256])}sub S{@s[$x,$y]=@s[$y,$x]}

(Under 3.3)  I would have a hard time memorizing these programs.  This
pretty much guarantees that the number of cryptoanarchists will be small.

(I am deeply envious of your legal right to post this code, however.
Now, why was it that we broke away from the Mother Country?)

I would like to see a longer exposition of your approach.  Given
a hostile environment, how would I operate a small anonymous perl
coding service using your techniques?  Don't forget to tell me how
I get paid and when I get to spend my "ill-gotten" gains and how
nobody will notice that I am doing it.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Sat Nov  9 09:45:08 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sat, 9 Nov 1996 09:45:08 -0800 (PST)
Subject: Black Unicorn exposed?
Message-ID: <v02140b03aeaa71ed1c84@[192.0.2.1]>


At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...

Black Unicorn recently stated that had taken measures to shield
his identity so that people would be unable to cause harm to
his professional activities by making unsubstantiated claims
that could scare off prospective clients.

It appears now that this protection has evaporated.  It will not
be very hard in the future to put this information together with
other statements people may make about Mr. Unicorn.

We are hardly operating in a hostile environment.  Yet, somebody
who has apparently gone to some effort to have an anonymous
identity has been exposed.  The implications of this are worth
considering.

Peter Hendrickson
ph at netcom.com







From dthorn at gte.net  Sat Nov  9 10:03:30 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 10:03:30 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <199611081155.DAA25589@mail.pacifier.com>
Message-ID: <3284AB6B.7BE9@gte.net>


jim bell wrote:
> At 06:25 PM 11/7/96 -0800, Peter Hendrickson wrote:
> >At 5:12 PM 11/7/1996, jim bell wrote:
> >> BTW, some of your confusion is probably based is the false assumptions in
> >> your last sentence above.  "..wide use of strong cryptography results in
> >> widely unpopular activities such as sarin attacks and political assassinations."

[snip]

> Well, uh, with all due respect, but while it's obviously true that we won't
> know EXACTLY how it'll be, that doesn't mean that no portion of we imagine
> will come true.  This is particularly true on the big issues.   For example,
> you hypothesized that "wide use of strong cryptography resuts in widely
> unpopular activities such as sarin attacks and political activities.  I
> pointed out, almost certainly correctly, that these are wrong:

[snip]

My first comment on the subject:  It's only irreversible if certain conditions hold.

First, if the masses become dependent on a large software program which has to be
updated occasionally by its corporate sponsors, somewhat like the voting software
which is controlled by those who benefit from said control (not the masses), then
those who "compile their own" would tend to stand out and be more noticeable.

Second, any truly secret messaging taking place represents a serious threat to the
military, and contrary to some naive popular opinion, those guys are not going to
lay down for this, unless it happens on an immense scale, i.e., the *majority* of
citizens are doing the "truly secret" messaging, which is not likely if paragraph
#1 above holds.







From dthorn at gte.net  Sat Nov  9 10:03:42 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 10:03:42 -0800 (PST)
Subject: Need a new word for non-violent-censorship
In-Reply-To: <199611081134.MAA16008@digicash.com>
Message-ID: <3284AF63.3A14@gte.net>


Bryce wrote:
> I often have the same difficulty when speaking with
> Objectivists.  They define "censorship" as "silencing the
> speaker by force", which is a fine and useful definition, but
> suppose we want to talk about a similar phenomenon which does
> not involve force?  For example, the magnate who owns all the
> newspapers, television stations, bookstores and movie theatres
> in a small town decides that never again will homosexuality be
> publically mentioned in any of these venues.  Force?  No.
> "Censorship"?  Not by _that_ definition, but what _is_ it?
> We need a new word, or else we have to continue using
> "censorship" to mean both of those things.  I sometimes use
> "violent-censorship" and "non-violent-censorship" in conversation.
> As long as we continue to try to overload "censorship" we will
> waste much of our dialogue energy on semantic quibbling or pure misunderstanding.

I don't see how you can say this.  I was brought up by this wonderful system (U.S.)
to believe that censorship was necessarily non-violent.  It was only when I became
conscious of "Assassination as the Ultimate Form of Censorship" that I saw the
broader connections.

Seems to me you'd want to come up with different words for violent censorship instead,
but then again, as in the above paragraph, we already have those.







From dthorn at gte.net  Sat Nov  9 10:03:56 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 10:03:56 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <9611081117.aa20234@gonzo.ben.algroup.co.uk>
Message-ID: <3284B1BF.CDA@gte.net>


Ben Laurie wrote:
> Timothy C. May wrote:
> > At 10:33 AM -0800 11/7/96, Dale Thorn wrote:

[snip]

> > And for those of you are not LISP or Scheme fans, the language FORTH also
> > uses Polish notation. RPN, in fact.

> I think claiming RPN for Forth is pushing it a little far. Admittedly it is
> stack-based (well, two-stack-based), and everything an operator can operate on
> is to the left, but the provision of arbitrary stack manipulation, "compile"
> mode (triggered by the '[' operator, if my memory serves) and so on make it
> rather a different beast.

FORTH has fallen out of favor for most PC users of the mid 1990's, but then again,
so have computer languages as a whole, since few persons write software today as
compared to the early 1980's.

But if you were privy to the inside of certain computing environments in those early
days, like hanging around the PPC (handheld) guys, many of whom were UNIX users,
you could appreciate their interest in FORTH.  For one, handheld languages (Basic
for example on the HP-71) and early PC languages were pretty slow, and FORTH added
a lot of speed, and more access to system internals, which has been supplanted
largely nowadays by 'C'.






From dthorn at gte.net  Sat Nov  9 10:04:00 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 10:04:00 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <199611090534.XAA03845@manifold.algebra.com>
Message-ID: <3284B5B7.40E3@gte.net>


Igor Chudov @ home wrote:
> Timothy C. May wrote:
> > I found RPN ideal for exploratory calculations, where the stack orientation
> > was just so "natural."
> > This is not RPNpunks, but it seems that many of the younger subscribers
> > here really have not been exposed to RPN calculators. It's really worth the
> > $40 or so to buy the cheapest H-P calculator that has RPN.

> I also used RPN calculators 10 years ago, in high school, in Russia.
> Still miss them.  Which model (for no more than $40 or so) is the best
> around here?

Don't waste the $40.  Nowadays you can get an HP48G (without the ports) for $85-$90.







From dthorn at gte.net  Sat Nov  9 10:04:11 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 10:04:11 -0800 (PST)
Subject: Information [for new PGP user]
In-Reply-To: <847531595.526905.0@fatmans.demon.co.uk>
Message-ID: <3284BF7A.36E0@gte.net>


Paul Bradley wrote:
> > >I'll bet you can't find 10 out of 1,000 users who have read the total source,
> > >let alone comprehended and validated it.
> > Depending on the system, compiler and version of PGP, compilation may or
> > may not function as expected.

> I class myself as quite an experience programmer (though I haven`t
> done a lot of code recently) but I spent several days weeding through
> the bugs and it still wouldn`t compile on Borland C++ V4.51 so I just
> read the core code and hoped the executable was really derived from
> that code. I`m normally more paranoid than that but I just don`t have
> the time to spend getting borland to compile it. It won`t even
> compile on my system with the borland makefile than comes with PGP.

Yet another success (NOT!) story for PGP.  I wonder how many people on this list
would be willing to bet something *really* important to them on the security of PGP?







From dthorn at gte.net  Sat Nov  9 10:04:15 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 10:04:15 -0800 (PST)
Subject: Excusing Judges for Knowing Too Much
In-Reply-To: <v02140b16aea92ba9feaf@[192.0.2.1]>
Message-ID: <3284C45B.6B0C@gte.net>


Peter Hendrickson wrote:
> At 9:54 AM 11/8/1996, Timothy C. May wrote:
> >At 8:20 AM -0500 11/8/96, Jim Ray wrote:
> >> been decided and appealed, because of this very possibility. I am already
> >> concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt
> >> to argue that "cypherpunk terrorists have been secretly trying to subtly
> >> influence Kozinski's thinking, and that therefore he should be removed from
> >> the case in favor of some judge who has no clue whatsoever about the 'Net,
> >> encryption, anonymous remailers, etc." [I am sure the argument wouldn't be
> >> put quite that way <g> but that's what the U.S. Attorney would mean.] There
> >> is now a judge with some idea of these issues who will IMNSHO probably be
> >> fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

So how do you get a fair trial on a controversial issue?  I'm asking this seriously.

In the O.J. case, if the "evidence" followed standards and weren't tainted, and they
didn't have a racist psycho like Fuhrman all over the case, and neo-Nazis over at
Cedars-Sinai collecting O.J.'s blood, then we wouldn't have so much controversy.

But the "mass majority" decided he was guilty anyway, damn the evidence or how it was
collected, or what that could mean if you or I were framed, so, take a look around at
cypherpunks, and how they disagree widely on issues, and ask yourself how you could
get a fair trial from a cypherpunks jury.

But the jury system is still *much* better than judges only, as long as the jury isn't
stacked.  For example, the new O.J. jury is nearly all white, and since that particular
venue requires only a majority (not unanimous) decision, the jury is defacto all white,
which is tantamount to a lynching.

So how do you prescribe fair jury selection?






From ericm at lne.com  Sat Nov  9 10:06:51 1996
From: ericm at lne.com (Eric Murray)
Date: Sat, 9 Nov 1996 10:06:51 -0800 (PST)
Subject: WebTV a "munition"
In-Reply-To: <9611082146.AA25405@divcom.umop-ap.com>
Message-ID: <199611091806.KAA00144@slack.lne.com>


Jon Leonard writes:
> 
> Eric Murray wrote:
> [Stuff about WebTv/crypto/export problems]
> > So what's the story here?  It's a web browser, so they're
> > probably talking about SSL.  SSL (both versions) already has mechanisims for
> > allowing "export" level encryption, and although you still need to
> > get a Commodities Jurisdiction, it's been done before so it
> > shouldn't be too difficult.  If they didn't use the "export"
> > level SSL CipherTypes, then what're they up to?  Are they
> > fighting crypto export laws (for which they should be congratulated
> > and supported) or are they just looking for free publicity?
> 
> I'm not sure they're doing either.  When I talked to my friends at WebTv,
> I got the impression that they thought a functional browser needed to have
> support for electronic commerce.  This electronic commerce needs crypto,
> and if you're going to do crypto right, it has to be strong crypto.


Right.  But if you're doing SSL, you _have_ to know about the
export issues!  It's all over the sources, specs, docs etc etc.
It's almost implssible to be 'clueless' about this if you
have implemented SSL or even looked seriously at doing it.

So if their point is to fight against ITAR (one interpretation of
the facts as I know them) why haven't they announced that they're doing so?
It would be good PR.

 

> Given that they've tried to do everything else right (and, in my opinion,
> succeeded), that may be all there is to it.
> 
> I'll ask for more details next time I talk to them.


That'd be cool.  I think that there's a lot that we don't know about this.

The web site doesn't have much hard info, just a lot of
buzzword-compliant marketing bullstuff and the highest ratio of
(TM)s to words that I have ever seen.


-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From adam at homeport.org  Sat Nov  9 10:08:51 1996
From: adam at homeport.org (Adam Shostack)
Date: Sat, 9 Nov 1996 10:08:51 -0800 (PST)
Subject: Bruce's 'Why Cryptography Is Hard' is still draft
Message-ID: <199611091805.NAA00346@homeport.org>


----- Forwarded message from Phil Agre -----

>From rre-request at weber.ucsd.edu  Sat Nov  9 05:16:00 1996
Resent-Date: Fri, 8 Nov 1996 20:50:17 -0800 (PST)
Date: Fri, 8 Nov 1996 20:50:15 -0800 (PST)
From: Phil Agre <pagre at weber.ucsd.edu>
Message-Id: <199611090450.UAA27962 at weber.ucsd.edu>
To: rre at weber.ucsd.edu
Subject: notes
Resent-Message-ID: <"7C7uBC.A.H1G.I2Ahy"@weber>
Resent-From: rre at weber.ucsd.edu
Reply-To: rre-maintainers at weber.ucsd.edu
X-URL: http://communication.ucsd.edu/pagre/rre.html
X-Mailing-List: <rre at weber.ucsd.edu> archive/latest/1379
X-Loop: rre at weber.ucsd.edu
Precedence: list
Resent-Sender: rre-request at weber.ucsd.edu


Notes on network computers, blind copies, democratic culture, monopolies,
and the idea of an Internet establishment...


As a periodic reminder, a Web archive of nearly all the RRE messages ever
sent can be found through  http://communication.ucsd.edu/pagre/rre.html


It turns out that the article on cryptography by Bruce Schneier that I
forwarded from the Risks Digest the other day was actually an unfinished
draft that Peter Neumann sent out by mistake.  Bruce asks that everyone
refrain from propagating that version around the net.

----- End of forwarded message from Phil Agre -----

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From dthorn at gte.net  Sat Nov  9 10:10:38 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 10:10:38 -0800 (PST)
Subject: Validating a program
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961108174143Z-1436@landru.novato.inference2.com>
Message-ID: <3284BC42.632A@gte.net>


James A. Tunnicliffe wrote:
> >Adam Shostack <adam at homeport.org> wrote (regarding PGP's security):
> >>      In short, if you're paranoid, feel free to look over the
> >>source.  But the fact that most people have never peeked under the
> >>hood is not a strike against pgp at all.

> Ed replies:
> >Maybe you missed my point, or I miss-communicated.  My question is as
> >follows:  If PGP and DES are as secure as thought to be, then why is it
> >not ruled illegal software, just as they do with silencers, narcotics,
> >certain type weapons, etc.....

[snippo]

> Why does it follow that these must be crackable, or the government would
> have outlawed them? Despite recent moves to limit encryption, there are
> currently NO domestic (U.S.) restrictions on crypto.  Nothing prohibits
> you from using a true One Time Pad, which is mathematically proven to be
> unbreakable, now and forever, even against infinite resources.  If this
> is not prohibited (and it isn't), doesn't that refute your argument?

This is a misleading challenge.  There's a helluva difference between the OTP and a
Public Key system.  If, for example, it can be proven that I can crank up PGP to its
most cryptic level, and send the OTP overseas with "absolute security", so that I
can now send messages with the OTP which was crunched with PGP's highest security,
then that would mean something.

Just so there's no misunderstanding:

1. The OTP is absolutely unbreakable. (if done correctly)
2. The OTP encryption cannot be decoded on the other end unless you can deliver the
   OTP to the person on the other end by a secure means.
3. PGP, which is not usually used at its highest level of security (for all bits in
   a message), *will* be used at its highest level of security to send the OTP to the
   person on the other end.
4. The OTP arrives on the other end, completely safe from snooping.

Now you see the problem.  #4 above can't be assured, and that is why Ed says that PGP
is not shut off "right now", because it's probably not "really secure".

I'm amused to think that, in a nation armed with 20,000 or so nukes, the paranoid of
paranoid nation-states as it were, some of the erstwhile intelligent citizens think
that the U.S. military are just sitting around wringing their hands over the "fact"
that the citizens have "unbreakable" crypto.

Bear in mind the Scientific American articles on Public Key crypto back in the 1970's.
The military knew the score back then, and if you think they just sat back and allowed
all this to happen, well, sorry, I don't believe in Santa Claus or the Easter Bunny.







From jya at pipeline.com  Sat Nov  9 10:20:20 1996
From: jya at pipeline.com (John Young)
Date: Sat, 9 Nov 1996 10:20:20 -0800 (PST)
Subject: Black Unicorn exposed?
Message-ID: <1.5.4.32.19961109181726.006c7988@pop.pipeline.com>


Sarah v. Bernhardt will be thrillingly laid bare in Beantown.

Swiss cheese, she flashed, foxily fluttering the lie-machine.

That "no cameras, please" is spooky-spooky tease, no dirty-looky 
pix of the Wonder Bare *ookie.

Pseudo-Actors for hire. Harvard-bred, breeding lot of the B&B
beaners.

Dirty laundrying of tropical hula-moola, you betcha your rubber 
check, get there early, to admire the hall sweepers. Keep your
eye peeled for the one-eyed one-horn in overalls using infra-red.








From nobody at huge.cajones.com  Sat Nov  9 10:24:08 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Sat, 9 Nov 1996 10:24:08 -0800 (PST)
Subject: [Announcement] Cypherpunks Shooting Club
In-Reply-To: <Pine.3.89.9611082125.A13815-0100000@netcom9>
Message-ID: <199611091824.KAA29058@mailmasher.com>


 shamrock at netcom.com wrote to All:

 s> By popular request, I am following up on the three year old idea of
 s> the Cypherpunks Shooting Club.

OK, so who's doing the t-shirt?






From ravage at ssz.com  Sat Nov  9 10:28:01 1996
From: ravage at ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 10:28:01 -0800 (PST)
Subject: Who owns cypherpunks [RANT] (fwd)
Message-ID: <199611091832.MAA01034@einstein>



Forwarded message:

> Jim Ray wrote:
> 
> > I'm sure John's quaking in his boots. Reread my campground analogy, and try
> > to refute it. You can't. Go start your own list with no moderation. Go start
> > a more moderated list than John's, like Perry's will be. Do whatever, but
> > this moronic thread must end!

I run several lists and have for quite a few years. In that time I have
never censored any member. I have had similar instances as to Vulis and my
responce has been and will continue to be.

"This is your problem, I have no authority to prohibit membership or
submissions of members of the list. If you wish to not see such submissions
from some party then it is your responsibility to deal with it. In short,
either unsubscribe or filter."

> Ironic, isn't it?  Jim says "this moronic thread *must* end", and yet, this very list
> that is John's *private* property is filling up with rants about censorship.  Tsk tsk.

I never said any such thing. Please quit attributing comments to me which
are untrue.

> Maybe next time they'll make it more apparent at subscription time that there's no
> assurance of free speech here!

The fact that it is 'private property' is irrelevant to this issue. Most
'presses' are private property. Trying to change the subject won't work.

As to making it clear at subscription time what the actual operating rules
are is my EXACT point. In fact you are agreeing with my position.

At the current time there are no indications at log on that this list is
considered private property, that the operator reserves the right to edit or
refuse submissions, etc. which is what makes it a 'public' list and what
makes him legaly liable for the cencorship he has enacted without warning.

I have been on this list for several years and at no point in that time have
I agreed to anything which gives the operator of the list my permission to
modify or refuse my original submissions. If he or a third party wishes to
refer to them in part or in toto in their own submissions is fine. That is
the whole point of the list.


                                                      Jim Choate






From mhw at wittsend.com  Sat Nov  9 10:41:16 1996
From: mhw at wittsend.com (Michael H. Warfield)
Date: Sat, 9 Nov 1996 10:41:16 -0800 (PST)
Subject: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <199611090929.BAA25559@toad.com>
Message-ID: <m0vMIDo-0000uqC@wittsend.com>


John Gilmore enscribed thusly:

> I'm sending you this message because you might be interested in
> helping to build or test or document, or teach about, my S/WAN project
> to secure 5% of the net by Christmas.

> There is now a public mailing list which you can join to find out
> what's happening in the project, get the latest software for testing,
> ask questions, etc.  To join the list, send mail to:

> 	linux-ipsec-REQUEST at clinet.fi

> The email should contain a single line that just says:

> 	subscribe

> This mailing list will have discussions, not just announcements,
> and will be very technical (not political or social).

	That didn't work...  All I got back was instructions to send the
request to majordomo at clinet.fi with the single line that says:

	subscribe linux-ipsec

	Did that and it worked...

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!





From tcmay at got.net  Sat Nov  9 10:46:01 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 9 Nov 1996 10:46:01 -0800 (PST)
Subject: His and Her Anarchies
In-Reply-To: <9610088475.AA847508443@smtplink.alis.ca>
Message-ID: <v03007801aeaa7e5d06d0@[207.167.93.63]>


At 6:59 PM -0500 11/8/96, jbugden at smtplink.alis.ca wrote:

>I think it relates to crypto policy via policy in general, also to both the
>libertarian and the inevitable cryptoanarchy argument we are currently tossing
>about and brought to mind a comment a few months back from Tim about how the
>occasional female members of this list tended to not make sense a lot of the
>time.

Well, I think there clearly _is_ a gender gap on these sorts of issues.
While we certainly have a handful of women subscribers, we have few active
women posters, and none of the "ringleaders" are women.

The woman I am currently seeing is a case in point. She occasionally wants
to hear what interests me, in my "other life," and I have tried to explain
the stuff we talk about here.

Her first reaction was fear, that my life and/or liberty is in jeopardy.
(She started out as a liberal/socialist, but is now more
conservative/libertarian. And the images of Waco burning leave her with
little sympathy for Reno's Raiders and the government goons who burned 80
people because Koresh was Practicing a Religion without a License. But it
makes her want to _avoid_ Reno, Clinton, Freeh, and other such goons at all
costs, not wave a red flag in front of them.)

She wondered to me why I have not been arrested. I asked "And just what
specific laws have I violated?" She couldn't say, and she acknowledged that
Americans are pretty much free to speak their mind, but she felt that the
FBI and Janet Reno _must_ fear and dislike what Cypherpunks are doing. I
agreed.

And as she hears more about what cryptography implies, what it means for
bypassing the usual tax collection and behavior control mechanisms of the
modern state, the more worried she gets.

I suspect there may be a biological component to this. Many males enjoy
adrenaline rushes, whether by bungee cord jumping, robbing houses, or
plotting to smash the state. Many females have _other_ interests. Women I
have known have generally not understood why I would be willing to be so
upfront about my radical views and why I am apparently willing to "risk it
all" for the adrenaline rush of being involved in this battle.

(And saying I am "prepared," and pointing to the loaded .45 I keep in case
the Midnight Raiders hit my house is even less reassuring to them! In at
least one case I never saw the woman again. Rationally, I can't say I
disagree with their reaction, from a payoff matrix standpoint. But
something in we males craves this kind of confrontation. The leaders of the
revolutions in the past were almost always me. The Feminist/Abortion battle
is different, for some pretty obvious reasons, but most revolutions are led
by men. Not altogether surprising.)

So, I'm not surprised that so few women are on the list. For one thing,
it's about computers, and the Net is overwhelmingly male (though the
statistics are changing). Second, it's basically about libertarian politics
(some may disagree, but I stand by this). This cuts the female interest
again. Third, it's "radical and dangerous." Fourth, the list is made up of
a lot of "alpha males" debating and arguing, and is not a "nurturing,
wimmin-friendly, caring environment," such as some of the women-only forums
advertise.

This may sound sexist. But sexism, like other "isms," is often based on
plain old truth, however politically incorrect it may be to some.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From stewarts at ix.netcom.com  Sat Nov  9 10:49:32 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Sat, 9 Nov 1996 10:49:32 -0800 (PST)
Subject: New Linux-IPSEC mailing list for the S/WAN project
Message-ID: <1.5.4.32.19961109184728.005bbe40@popd.ix.netcom.com>


At 01:29 AM 11/9/96 -0800, John Gilmore <gnu at toad.com> wrote:
>I'm sending you this message because you might be interested in
>helping to build or test or document, or teach about, my S/WAN project
>to secure 5% of the net by Christmas.
>
>There is now a public mailing list which you can join to find out
>what's happening in the project, get the latest software for testing,
>ask questions, etc.  To join the list, send mail to:
>	linux-ipsec-REQUEST at clinet.fi
>The email should contain a single line that just says:
>	subscribe

Actually, it needs to say
        subscribe linux-ipsec


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From tcmay at got.net  Sat Nov  9 10:55:12 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 9 Nov 1996 10:55:12 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <v03007802aeaa83af46f1@[207.167.93.63]>


At 9:45 AM -0800 11/9/96, Peter Hendrickson wrote:
>At 11:00 AM 11/9/1996, Robert Hettinga wrote:
>> S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...
>
>Black Unicorn recently stated that had taken measures to shield
>his identity so that people would be unable to cause harm to
>his professional activities by making unsubstantiated claims
>that could scare off prospective clients.
>
>It appears now that this protection has evaporated.  It will not
>be very hard in the future to put this information together with
>other statements people may make about Mr. Unicorn.
>
>We are hardly operating in a hostile environment.  Yet, somebody
>who has apparently gone to some effort to have an anonymous
>identity has been exposed.  The implications of this are worth
>considering.


Careful about the passive construction "was exposed." I took the
announcement, presumably based on his summary to R. Hettinga, and
containing biographical information which he presumably supplied, to be an
active decision by him to "come out of the closet."

Exactly as you did, Peter, by breaking your silence of many months (based
on your fears of a pogrom, as you admitted) and suddenly posting a large
number of posts in one day. It would be misleading for us to say "Peter
Hendrickson was exposed." You exposed yourself. As did S, L. vonBernhardt.

Ditto for Lucky Green, who has revealed his True Name to various of us, and
whose True Name could probably be deduced by anyone by spending a few
minutes with Deja News or Alta Vista.

--Tim May (not his real name)

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From abostick at netcom.com  Sat Nov  9 10:56:54 1996
From: abostick at netcom.com (Alan Bostick)
Date: Sat, 9 Nov 1996 10:56:54 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <Pine.3.89.9611091020.A20414-0100000@netcom19>




On Sat, 9 Nov 1996, Peter Hendrickson wrote:

> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> 
> It appears now that this protection has evaporated.  It will not
> be very hard in the future to put this information together with
> other statements people may make about Mr. Unicorn.
> 
> We are hardly operating in a hostile environment.  Yet, somebody
> who has apparently gone to some effort to have an anonymous
> identity has been exposed.  The implications of this are worth
> considering.

Do you have any reason to believe that S. L. von Bernhardt is Uni's
real name?

Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick at netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick






From tcmay at got.net  Sat Nov  9 11:05:55 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 9 Nov 1996 11:05:55 -0800 (PST)
Subject: No More
In-Reply-To: <2.2.32.19961108235312.00681fcc@cnct.com>
Message-ID: <v03007803aeaa87221656@[207.167.93.63]>


At 6:53 PM -0500 11/8/96, YoungSik Jeong wrote:
>I want take off mail list

I suscrive you not.

But case you understand not, follow are instructions. You read, OK?




To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: unsubscribe cypherpunks








From sandfort at crl.com  Sat Nov  9 11:09:08 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 9 Nov 1996 11:09:08 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <Pine.SUN.3.91.961109105609.24037A-100000@crl8.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 9 Nov 1996, Peter Hendrickson wrote:

> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity...
> 
> It appears now that this protection has evaporated...

Appearances can be deceptive.


 S a n d y

"Scholars have discovered that the /Illiad/ and the /Odyssey/ 
were not actually written by Homer, but by another ancient Greek 
who had the same name."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From markm at voicenet.com  Sat Nov  9 11:15:36 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 9 Nov 1996 11:15:36 -0800 (PST)
Subject: Legal Deffinition of Encryption?
In-Reply-To: <2.2.32.19961109040141.00956568@healey.com.au>
Message-ID: <Pine.LNX.3.95.961109141440.481C-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Nov 1996, Benjamin Grosman wrote:

> I have absolutely no idea: this is a very interesting problem. Not for just
> compression and encryption differention legally, but also, well, ANY other
> data form. If one defines a new format for saving data (i.e a new image
> format), and then exports this technology from the USA, is this exportation
> of munitions due to it's unknown qualities? Or what? 
> I know that in Australia there have been problems defining electronic data,
> especially pictures (usually porn), for the purposes of prosecution.
> Because, really, a pornographic picture is no more than 1's and 0's arranged
> in a different way by a different algorithm. 
> Thus I think it most likely that the law would try and approach it from the
> direction of the algorithm that saved the data and the intent with which the
> algorithm was written.
> Otherwise, I don't know.

I can't define encryption, but I know it when I see it.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoTYxCzIPc7jvyFpAQGs3wf/dcGpcRTLeoI84FcYgM1KFr7hkIyt6/bW
iAWaKbQmuNOs55KYkPUhqR9EaToXzOGN3MNT/L40auw4jEf2GHtereBh2gF6yX5p
l5yKqsotFwCuoHrGbOhJC351cpn0O04Zmq4uPfcVCQYpHW+zlJfRdcSBp1XXPZwm
bcXSp08XfhlIg+clg1R4L76SlnieKKE+6+upOv9Dq5l8s3F8OEe/jI/ff3DFKBxo
qHIqrZWzd6lCZtaiqBiL4PoyKE65Fx3yZrlaIhUsYvbCwyYXmz7N5sUrP4y17fGI
gICy7W+KUegiFoit3sdpa38R/J3EoVzVSTxpjvHvYXIz4gr+8QjdDw==
=HeWI
-----END PGP SIGNATURE-----






From tcmay at got.net  Sat Nov  9 11:19:40 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 9 Nov 1996 11:19:40 -0800 (PST)
Subject: Movement Tracking Systems and Smartcards
In-Reply-To: <9610088475.AA847507822@smtplink.alis.ca>
Message-ID: <v03007804aeaa87c23bec@[207.167.93.63]>


At 6:49 PM -0500 11/8/96, jbugden at smtplink.alis.ca wrote:
>Marshall Clow <mclow at owl.csusm.edu> wrote:
>>James wrote:
>>>Of course, not having a card may subject you to greater scrutiny at check-in
>>>time due to the reduced tracking ability.
>>>
>>I think that you have this backwards. There will be less tracking ability for
>>people flying w/o tickets.
>
>Less tracking for people w/o tickets, but more scrutiny for people w/o smart
>cards.
>
>I can easily see the working assumption that smart carded people have
>_already_
>passed the security check, while those who pay cash would be under greater
>scrutiny.

This is a very relevant, on-topic issue (I've changed the thread name from
"Smart Bombs," as I didn't see the reason for it).

One of the things Chaum warned about was not this particular example, but
the dangers of having computerized checkpoints for so many things. And a
pre-authorized smartcard for getting on planes is certainly a computerized
checkpoint.

(Want to be the information is eventually fed into government computers,
for tracking movements? It's not paranoid to think they want to track _me_,
for example; rather, it's natural for _all_ airline reservation and
boarding list records to be forwarded for crunching and for correlation
analysis. It's what I would do if I ran the intelligence agencies and was
tasked with the job of having such correlation information available for
helping to solve crimes. I expect the Big Three of credit-reporting
agencies are of course also in the loop....those movies where someone is
located because they foolishly used an ATM machine to get some cash or used
their credit card are not just fiction.)

A system wherein people flash pre-approved cards (with some biometric
elements, it seems must be necessary) could easily lead to even wider use.
Toll roads are an obvious example, long-considered by Chaum and other
privacy workers.

This could be the modern equivalent of travel documents in the U.S. While I
cannot see a situation in which citizen-units are ever told they may not
travel without authorization, I can quite easily see the situation emerging
in which airlines, bus companies, car rental agencies, and even hotels and
gas stations are expected to "run your card through." This is already the
case with many hotels and nearly all car rental agencies demanding credit
cards (as we have discussed here recently), and expect this use to grow.

This de facto produces a movement tracking system. Obviously.

Expect more scrutiny, perhaps even time-consuming and hassling scrutiny,
for those who try to pay in cash and for those who are reluctant to run
their cards through the system.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ravage at EINSTEIN.ssz.com  Sat Nov  9 11:32:34 1996
From: ravage at EINSTEIN.ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 11:32:34 -0800 (PST)
Subject: exclusion/censorship and the law (fwd)
Message-ID: <199611091936.NAA01142@einstein>



Forwarded message:

> From: Greg Broiles <gbroiles at netbox.com>
> Subject: exclusion/censorship and the law
> 
> never faced any extended scrutiny because the parties settled. Also,
> Prodigy, the defendant in Stratton Oakmont, exercised much greater
> editorial control over postings on that service, and had the ability to
> remove postings, which is something John Gilmore can't do.

He certainly can, this list runs under Majordomo which allows exactly this
kind of control if desired. I use it on my own lists and am quite familiar
with its operation. It is completely feasible for the operator to look at
EVERY submission prior to re-distribution and set the time stamp in such a
manner that there would be no evidence it ever occured.

> So my impression is that you've got the tail end of a useful concept
> (ability to control is frequently a factor used to determine liability) but
> are making far too much out of it. One really big difference I see here is
> that editorial control of the Cpunks list has occurred once (in 4? 5? years
> of the list's existence), is on a per-person not a per-message basis, and
> *does not function to restrict who can send messages but only limits Vulis'
> ability to _receive_ them on his usual system(s)*.

How often it occurs is irrelevant, this is like saying one rape is not a
crime but two is. Utter hogwash. Vulis was removed from the list, this
means he can't SUBMIT posts. This is censorship. The act was based on the
content or personality of Vulis' submissions. It was not based on a
limitation of the software, the Internet feed to the list, or the ability of
the hardware to handle more traffic. In short it was an emotionaly based
action.

> You might take a look at Mike Godwin's article on net defamation at
> <http://www.eff.org/pub/Legal/net_libel_godwin.article>; by now it's a
> little old, but I don't think anything's happened since which would change
> its reasoning. 

I have read it. I live in Austin, TX. and am quite familiar with the whole
Steve Jackson event (I was involved in it peripheraly) as well as how it
started EFF. I am currently peripheraly involved with the Austin EFF chapter
through the Austin Cypherpunks mailing list (which I host). My first
exposure to PGP was v1.0 from Adelante BBS, and I had been using and playing
vith various crypto related programs for quite few years prior to that.

> The problem with absolute statements like this is that they ignore
> important distinctions about scale - e.g., I think that it's very important
> that people, generally, be free to discuss whatever they want in private
> homes. But I also think it's very important that I be able to tell other
> people that they're not willing to discuss whatever they want in *my* home.

An action is right or wrong, irrespective of scale. If one person does it
doesn't make it any more wrong than if hundreds or millions do it. Right and
wrong are NOT scalable.

But this is not a private list. It has no warning about policies at
subscription time. It has been advertised for years as a open forum for the
discussion of crypto and speech related issues in clearly public venues.

I run a couple of 'private' lists. It is not possible for you or any other
party to become involved without agreeing before the fact to certain
editorial policies. This does not occur here. Where the 'press' is located
is irrelevant to this discussion. The point which seems to be missed is that
it takes in a single submission and then distributes multiple copies
(without editing) to ANYONE who wishes to subscribe.

In point of fact, the various articles in Mondo 2000 (back when the list
first started) and those since can be clearly interpreted as an invitation to
join the list via clearly publicly distributed medium. In effect it would be
like declaring your home an 'Open House' via the local newspaper.

> Not because I'm especially excited about censorship, but because I enjoy my
> privacy and my peace & quiet. So on the level of national rights, yes,
> unrestricted speech is an excellent thing. But on the level of my living
> room, unrestricted speech is a very bad thing. 

Then don't invite people to your house via magazines, newspapers, or Intenet.
Unrestricted speech is a good thing. Speech without personal responsibility
for the consequences is a bad thing. There were no consequences to Vulis'
speech other than the emotional impact it apparently had on the list
operator.

Personaly, I use the same standards of speech that I apply to the public at
large as I do to that small sector I explicity invite into my home. I don't
have a double standard in this regards.

> I don't think anyone who is arguing that it's fine to throw Vulis off the
> list would make the argument that it would be acceptable for the government
> to throw Vulis off of the Internet. 

Who does the throwing is irrelevant. The point is that a policy of
'hands-off' was enacted over the years and it was changed with  no warning
or opportunity for other list members to become involved. This list is a
community, it is not some individuals private property. In no way can you
successfuly argue that my email address in the subscription list qualifies
me in any way as 'property' of the list operator nor does it imply any
agreement on my part to allow that party editorial control of my submission
under the previous submission limitations (ie none).

Another aspect is that the credibility of this list as an open forum for the
discussion of crypto and speech related issues has been tarnished if not
downright lost.

As to the anarchy aspect, that has forever been lost.

> The closest thing I can see to a First Amendment argument against Gilmore
> is the "company town" argument, that the list is so much like a city or
> town that it ought to be subject to the restrictions that the First
> Amendment puts on municipalities and traditional public forums - but even
> this (rather far-out) argument got shot down a few days ago when our
> beloved Wallace of CyberPromo tried it in _Cyber Promotions v. America
> Online_. The judge said "no way", and I think that argument's a lot more
> plausible against American Online than against John Gilmore. 

It has nothing really to do with the First. It does have to do with the
agreed upon contract between the operator of the list and its subscribers.
By enacting this policy of censorship the original 'contract' (ie none) has
been broken and a new contract put in place. Had everyone received a warning
and then been unsubscribed and at the time of re-subscription a clearly
worded explanation of new policy been made available I would have no
problem. I do have a problem with arbitrary reprisals against individuals
based upon their submission content. There but by the grace of God go I (or
you).

As a matter of fact, the issues raised in both the CompuServe and Prodigy
cases did NOT revolve around the First but rather who held editorial
control. This is EXACTLY the issue here. My previous referal to ;login
is a pointer to a discussion of these two cases explicitly.

> I don't think this makes any sense. "Public list" has no special meaning.

public list = unmoderated and open to anyone

> My impression is that you're trying to make an analogy to public places
> which are privately owned like motels and lunch counters and amusement
> parks, where the owners (despite being private actors) cannot discriminate
> on the basis of race, gender, national origin, etc. (See, e.g., Civil
> Rights Act of 1964, 42 USC 1981 et seq)

Not at all. A 'public' list is a list which has no editorial policy and is
open to any party for membership. It in effect has no qualification
criteria.

> But I don't think there's any especially credible allegation that Vulis was
> discriminated against on the basis of protected class membership; nor is it
> clear that the Civil Rights Act can be extended to the operation of mailing
> lists.

Can it be extended to my operation of a paper printing press in my garage
through which I distribute pamphlets or flyers to any party which requests
them by sending me their address? If so then it applies here.

> If there's no prohibited discrimination (either because there's no
> prohibition, or there was no "discrimination" within the terms of the
> statute) then I don't see a cause of action. Wanting something you're not
> getting isn't enough. Owners of "public places" like malls or stores or
> restaurants are still free to exclude some people for non-prohibited
> reasons (like not meeting the dress code, or having behaved poorly in the
> past).

But to do this they MUST post or publish those codes in a place where a
patron can clearly see them. This was not done here.

> I am pretty disappointed to see that none of the people who profess to be
> shocked and wounded at Vulis' exclusion have bothered to set up your own
> lists. In my mind, whatever moral outrage you claim to have looks awfully
> small compared to the relatively small burden of doing something about what
> you say is bothering you. 

I run several lists including two that are crypto related (Austin
Cypherpunks and Advanced Computer Experimenters).

> I think that "cypherpunks write code" can/should be understood as a
> question, e.g., "what are you doing to change the things that bother you?" 

Among other things I am bitching about the arbitrary and unfair way this
list is being run considering the environment it was supposed to foster.


                                                   Jim Choate






From tcmay at got.net  Sat Nov  9 11:40:13 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 9 Nov 1996 11:40:13 -0800 (PST)
Subject: allow me to state the obvious....
In-Reply-To: <9610098475.AA847591051@smtp-gw.cv62.navy.mil>
Message-ID: <v03007805aeaa8b2a08c2@[207.167.93.63]>


At 5:57 PM -0500 11/9/96, SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil wrote:
>i am your average joe who uses the computer for work and e-mail and the
>occasional jaunt into the internet. going along reading this whole
>crypto-anarchy thing makes me want to cry. the whole point of cryptography
...

Well, then don't read what we have to say. Unsubscribe from the list or use
filters. That you are happy just to use your computer for work and e-mail
and occasional jaunts into the Internet and that discussions of other
topics bother you should be a clear indication you're probably on the wrong
list.

Having a "navy.mil" domain probably is another reason, unless you are only
hear to monitor our discussions of using cryptography to undermine the
state, to liberate military secrets with BlackNet and the Information
Liberation Front, and to punish the millions of those in the
military-industrial complex who have so richly earned their eventual
punishments.

Smash the State.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ravage at EINSTEIN.ssz.com  Sat Nov  9 11:50:22 1996
From: ravage at EINSTEIN.ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 11:50:22 -0800 (PST)
Subject: [rant] Re: Censorship on cypherpunks (fwd)
Message-ID: <199611091954.NAA01171@einstein>



Forwarded message:

> Date: Thu, 7 Nov 1996 20:42:46 -0500 (EST)
> From: "Mark M." <markm at voicenet.com>
> 
> This is why contracts are important.  There is no contract, implied or
> otherwise, to which John Gilmore is bound that forces him to protect everyone's
> "right" to be subscribed to cpunks and post whatever they want to the list.

The lack of an explicit contract detailing this is what makes it impossible
for the operator of the list to enforce such actions. When I subscribed I
gave the operator no permission to edit or otherwise control my submissions.
I also gave no permission for such submissions to be considered property by
any party other than myself. It is not possible to argue that my
subscription implied such permission.

When I subscribed to the cpunks list it was with the explicit intent of
seeing a multiplicity of views, not those views which happen to be
acceptable to the list operator.

The fact that he chooses to host the list by paying its bills is irrelevant.

If the operator wants to protect themselves legaly as well as ethicaly they
should put a notice at time of subscription detailing exactly what editorial
policies are active as well as sending a policy notification to all
currently subscribed members.


                                                     Jim Choate


ps I never saw the post about the camp ground example. If the author would
   please forward me a copy I would be happy to critique it.






From shamrock at netcom.com  Sat Nov  9 11:50:45 1996
From: shamrock at netcom.com (Lucky Green)
Date: Sat, 9 Nov 1996 11:50:45 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <Pine.3.89.9611091150.A9466-0100000@netcom9>


You are making several unspoken assumptions. One such assumption is that 
S.L. vonBernhardt is Uni's real name.

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"

On Sat, 9 Nov 1996, Peter Hendrickson wrote:

> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> 
> It appears now that this protection has evaporated.  It will not
> be very hard in the future to put this information together with
> other statements people may make about Mr. Unicorn.
> 
> We are hardly operating in a hostile environment.  Yet, somebody
> who has apparently gone to some effort to have an anonymous
> identity has been exposed.  The implications of this are worth
> considering.
> 
> Peter Hendrickson
> ph at netcom.com
> 
> 
> 





From jimbell at pacifier.com  Sat Nov  9 11:58:50 1996
From: jimbell at pacifier.com (jim bell)
Date: Sat, 9 Nov 1996 11:58:50 -0800 (PST)
Subject: A Disservice to Mr. Bell
Message-ID: <199611091958.LAA14950@mail.pacifier.com>


At 02:18 PM 11/8/96 -0800, Peter Hendrickson wrote:
>At 1:32 PM 11/8/1996, jim bell wrote:
>>At 09:12 PM 11/7/96 -0800, Peter Hendrickson wrote:
>>> ...His conviction was not reversed until 1983 in the court of one
>>> Judge Patel...
>
>> However, the fact that it took 40 years to reverse (and didn't, presumably,
>> reverse the convictions of others, and didn't compensate people for lost
>> property) is yet another reason to take a few pieces out of the hide of the
>> SC, as well as a few pounds of flesh nearest the heart.
>
>Many of us are guilty of a grave disservice to Mr. Bell.  I'm sure
>that just about every reader of this list can only cringe when
>messages such as the one above cross our screens.  ("He can't be
>a paid provocateur - it would be too obvious!")
>
>Not only is Mr. Bell apparently calling for the murder of a judge, he
>is apparently calling for the murder of every justice on the Supreme
>Court of the United States!

I'm glad to see that you seem to be catching on. (although you made the 
minor error of referring to the current roster of the SC, as opposed to the 
1943 makeup.  But that's a minor point; the 1996 group have their own set of 
offenses...)

In any case,  it's really very simple:  Kidnapping used to be a capital 
offense in the US.  What the US Government did to the Japanese Americans 
during WWII was, quite simply, kidnapping. Or, at least, it would have been 
called kidnapping if it had been done by non-governmental entities.   True, 
it was done "under color of law," but ultimately it amounted to the same 
thing.   

Lawyers, who have brought hypocrisy and double-standards to a high art form, 
are taught to accept this.  And they are also taught to fight (at least a 
bit) for their clients rights.  But ultimately, they are taught to accept 
the decision of a court even if it's wrong.  Sure, they may have appeal 
rights and will occasionally exercise them, but there's no court past the SC.

It turns out, of course, that since we now all (?) accept the idea  that 
those SC decisions were simply wrong, it isn't possible to use the "they 
said it was okay" excuse.  The most of the relocations occurred before the 
decisions, which means the governmental actions were done without them.  And 
I consider a temporary (even a 40-year) approval by a group of nine clowns 
to be no more definitive than a fresh conviction that hasn't yet been 
through its first appeal.

Please note that if it were 1943 and somebody called for the death penalty 
for the perp of a kidnapping case, he'd probably be called a fine upstanding 
citizen.    

(Interestingly enough, one of the cornerstone objections a lawyer (or judge) 
might have to my "playing hardball" on this subject is their belief that 
judges should be immune from prosecution for their decisions.  The strange 
part, however, is that judicial immunity seems to be an entirely fabricated 
concept:  It appears nowhere in the US Constitution, for example.)


However, it turns out that there is a solution to this problem, the recent 
re-emergence of the "Common-law courts."   A truly fascinating subject.  
Having competed (with varying levels of disrespect on both sides) with 
so-called "Equity courts" in England since well before the 17th century, 
they frequently represented a bulwark against the misuse of royal authority. 
 Competing court systems might be considered somewhat analogous to competing 
companies in the private sector:  Monopolies breed abuse; competition 
results in better service.  There is no reason to believe that this effect 
would be any less applicable in courts than other markets.

They might merely be a historical curiousity in America, except that the 
American Revolution had the predictable effect (supported by US court 
decision, apparently) that as a consequence of George III's loss and our 
win, all powers previously vested in the King were returned to the American 
people.  Some, but by no means all of them were delegated to the Federal 
government, as the 9th and 10th amendments show.  

The really interesting part is that the authority to form common-law courts 
was never delegated to the Federal government, and (perhaps not 
surprisingly, considering recent  governmental abuses) a number of groups 
around the country have decided to form their own such commonlaw courts.  To 
American ears this will probably sound a bit like "taking the law into your 
own hands,"  but those courts are quite real and I predict they will become 
a substantially more powerful force in the next few years.  Since selection 
of judges is part of the powers originally owned by George III and lost by 
him, this means that ordinary people have the power to run those courts and 
staff them, as odd as this will feel to those of us who were brought up on 
Perry Mason et al.

Naturally, you can expect numerous lawyers and judges (all who consider 
themselves part of the competing "equity court" system, BTW) to cry foul.   
The effect is somewhat akin to a child who initially shares a communal 
sandbox with a neighbor kid, who subsequently moves away and is replaced by 
a childless couple.  After a few years of de-facto sole ownership, the 
feelings of monopoly ownership are quite real, even if in reality sharing 
must once again happen due to the arrival of new neighbors.

Interestingly enough, the one thing the Commonlaw court system needs is an 
effective enforcement system.  One likely method is the commercial lien 
process, but even that tends to be resisted by people who are far more used 
to dealing with equity court personnel.  It turns out that my AP system 
seems to mesh almost perfectly with their needs, although obviously in 
practice it would only be used as a "last resort."











Jim Bell
jimbell at pacifier.com





From jimbell at pacifier.com  Sat Nov  9 12:00:05 1996
From: jimbell at pacifier.com (jim bell)
Date: Sat, 9 Nov 1996 12:00:05 -0800 (PST)
Subject: Black Unicorn exposed?
Message-ID: <199611091958.LAA14939@mail.pacifier.com>


At 09:45 AM 11/9/96 -0800, Peter Hendrickson wrote:
>At 11:00 AM 11/9/1996, Robert Hettinga wrote:
>> S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...
>
>We are hardly operating in a hostile environment.  Yet, somebody
>who has apparently gone to some effort to have an anonymous
>identity has been exposed.  The implications of this are worth
>considering.


It seems obvious that this exposure was entirely intentional by him.


Jim Bell
jimbell at pacifier.com





From ravage at einstein.ssz.com  Sat Nov  9 12:04:57 1996
From: ravage at einstein.ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 12:04:57 -0800 (PST)
Subject: Pseudo-law on the list and libel (fwd)
Message-ID: <199611092008.OAA01186@einstein>



Forwarded message:

> Date: Thu, 7 Nov 1996 10:10:19 -0800
> From: "Timothy C. May" <tcmay at got.net>
> 
> So, if a bookstore ejects a drunken lout who is disturbing the other
> patrons, is the bookstore suddenly reclassfied as a book publisher? By your
> logic, you seem to think so.

Not at all. The drunk is not being ejected on the content of their
expression (beliefs). Vulis posed no physical or economic danger to anyone, the
operator simply could take no more of his POV. This is distinctly different
than the example you are trying to equate. In short, another straw man.

> So, if I have a party at my house and limit who I invite, or eject someone
> who is misbehaving (insulting my other guests, barfing on the floor,
> smoking when I tell him not to, whatever), you are saying that I "open
> myself up for libel suits" by other guests who don't like the things they
> hear from others at my party?

Only if you advertise the party through a public forum as open to anyone and
you are the one supplying the booze (as advertised in the ad).

The operator of this list has NEVER implicity or explicity expressed any
form of policy concerning who may subscribe to cpunks.

> So, anyone who exercises ownership rights to his property suddenly becomes
> legally responsible for the alleged misdeeds of anyone visiting his house?

My subscription to this mailing list does not imply any ownership toward its
operator. He owns the software and hardware, he does not own my thoughts or
the fact that I use this forum to distribute them. The fact he pays the
bills does not give him any right to edit or otherwise control my
submissions without an explicit warning to me prior to his acceptance of my
submission.

> Could you cite some cases supporting your point of view?

Try CompuServe and Prodigy. The logic that was used in both those cases
is 1-to-1 applicable to this.

For somebody who supposedly supports individual initiative, liberty, and
anarchy you sure rely on precedence a lot. The whole point to crypto,
Internet, and technology in general is to break the status quo not to
promote it.

> this outcome, strongly. However, it is far from establishing that a bar
> which enforces certain rules ("no shirt, no service") and which has an
> entire class of employees hired to _eject_ patrons has suddenly become
> liable for slanderous comments made by customers. And so on.)

Look at the recent 'Hooters' case involving women waitpersons.

For a business establishment to impose 'no shirt, no shoes, no service" they
MUST post such rules in a public place. This was NOT done EVER on cpunks.
Again, you are trying to equate two distinctly different cases as equivalent,
another straw man.

                                                  Jim Choate






From markm at voicenet.com  Sat Nov  9 12:09:09 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 9 Nov 1996 12:09:09 -0800 (PST)
Subject: allow me to state the obvious....
In-Reply-To: <9610098475.AA847591051@smtp-gw.cv62.navy.mil>
Message-ID: <Pine.LNX.3.95.961109150431.676B-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Nov 1996 SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil wrote:

> i am your average joe who uses the computer for work and e-mail and the 
> occasional jaunt into the internet. going along reading this whole 
> crypto-anarchy thing makes me want to cry. the whole point of cryptography 
> is getting info from my eyes to yours. period. you can say that "illegal" 
> information passes along the internet, but hello people - illegalities have 
> been going on since long before the invention of the computer (or even the 
> notion of cryptography - if i may stop to point out the obvious).  the only 
> reason _i_ use encrypted stuff is because i don't want my nosy sysadmin 
> reading my mail.  its that simple.  think about it.  how many times is your 

Plain cryptography isn't the main point.  The protocols (such as anonymous
digital cash, message pools, DC-nets, etc.) allow things to exist that are
not possible without cryptography.  These protocols make laws (especially
victimless laws) much more difficult to enforce.

> e-mail handed off?  when sent it naturally follows the most convenient path 
> to its destination, and even anonymous re-mailers (can) keep a hard copy of 
> the messages that cross their connections with the original address 
> included.  you can go off into spoofing address and so on, but your average 
> joe may (or may not) have the time or knowledge (much less the motivation) 
> to do that.  keep that in mind before you go saying that crypto is a 
> good/bad thing. 

In order for anonymous remailers to be completely anonymous, only one remailer
in the chain has to be trustworthy.  If a message is chained through N
remailers and N-1 of those remailers are run by spooks, the anonymity of the
message depends on the remaining remailer.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoTlLyzIPc7jvyFpAQEXGQf/VN8uNK7+uUWdNqcip2dHkPVFLjZlItBf
dcilb36/zBJikX1XIOHbk15X/s4N/bM1WfAAYqPikI7jfcVkbxw0j0gTwVTYY1Wu
AbbdAh1o47CYe55eqEhcirfQQEMMHaZ/7DXKj+mdDeBWACZqHbOmx25spChH0fi+
3i3AhF23kBNxb4H/MNLTA9Fb6mzGsGsXmzDEJHnVPxQQG8uUQcBd6qVkBdLu05++
YYV60gr2vXb5LCLgIbhzT3Q/pFC2k2wkh9Wn+V+FgU1SwJleMWNOcY1nuU4ylND4
EncDq44AlWpt54fzu96saOz1DZgczyTaLnM2ZktywsH43WQ00eVw8A==
=7FDt
-----END PGP SIGNATURE-----






From mpd at netcom.com  Sat Nov  9 12:13:37 1996
From: mpd at netcom.com (Mike Duvos)
Date: Sat, 9 Nov 1996 12:13:37 -0800 (PST)
Subject: Small "Hard" Problems Wanted
Message-ID: <199611092013.MAA23300@netcom16.netcom.com>


Fellow C'Punks,

In my quest to reduce NP-Completeness to NP-Not-So-Hard-Ness, I
have just finished coding and debugging a very complicated
algorithm which manages to solve circuit satisfiability problems
of up to 1000 nodes in a few minutes and about half a meg of
memory. It works directly from the connectivity information and
the time required is not a function of the number of input bits.

Circuit satisfiability problems, and other well known problems
like Max P-Sat, are amongst the more useful canonically
NP-Complete problems, since other problems map very nicely into
them.

The algorithm is currently in APL, and I am in the process of
recoding it in C, after which I plan to test it on reduced round
DES, full 16 round DES, and some RSA problems of various sizes.

I already have C code to map RSA and n-round DES problems into an
appropriate circuit satisfiability problem and generate
appropriate input for the algorithm, so finishing up the C
version is the only remaining step before these tests can begin.

The current APL reference inplementation can still handle
problems up to about 1000 nodes, which should include a lot of
stuff for which exhaustive search would be intractable, even on
supercomputers.

Nothing I have so far fed the reference implementation has bombed
it, and I would like to make sure it is perfect before the finely
tuned C version is complete.

So if anyone has a "hard" problem they are dying to solve, which
maps into a circuit satisfiability problem that isn't over 1000
nodes, Email it to me and I will see if I can divine the answer.

I will post any interesting results to the list, of course.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $






From ravage at EINSTEIN.ssz.com  Sat Nov  9 12:13:41 1996
From: ravage at EINSTEIN.ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 12:13:41 -0800 (PST)
Subject: FW: Dr. Vulis (ad nauseum) (fwd)
Message-ID: <199611092017.OAA01197@einstein>



Forwarded message:

> Date: Thu, 07 Nov 1996 17:12:47 -0500
> From: camcc at abraxis.com (Alec)

> This is not a they; this is an individual with (and within) his own rights.

Who or how many own the (digital) press is irrelevant.

> Nonsense, no policy has been stated. The owner determined that the good Dr.
> had been disruptive and had become a detriment to the owner's list (and
> possibly sanity).

Exactly! With no policy and the wide advertising of this list as a open
forum for the discussion of crypto and speech related issues such action by
the list operator constitute censorship (ie editorial control) and make the
operator legaly responsible for the actions of those messages which LEAVE
his machine. No contract means no contract. It applies to all parties
involved.

> PLEASE, let's not drag poor Tim into this. Hasn't he suffered enough?!
> This does not follow even from the tortured logic above.

Nobody ever suffers enough.

> "Implies the right"??  Rights either exist or do not exist (endowed by their
> Creator); they are not be implied.

I suggest you read the 9th Amendment again then. You obvously didn't get the
point the other time(s).

> The content of speech is certainly not irrelevant. Disruptive speech and
> behavior have never been protected.

Vulis's speech was not distruptive. It did not interfere with anyone else
being able to submit or filter submissions. His speech was outside the norm
but posed no threat to the operation of the cpunks mailing list.

> It says CONGRESS! We're not discussing an action by the federal govt. here.
> I may choose to ask those visiting my house to refrain from discussing mumbo
> jumbo; if the individuals persist, I can ask, nay demand, that they leave.  
> :
> :And just to make shure it is clear, the right to put something on the paper
> :(ie speech) is distinctly different from being the one doing the actual
> :printing.

Agreed. It was intended to make the point that this is the ideal we should
all be striving for. We as members of a free democratic society should NEVER
censor anyone on the content of their speech.

> What paper? What does this mean? 

This list is a digital press.

> Advertised? It has been a matter of regret that I _stumbled_ into this
> unruly tangle of wits.

Then you have not been reading a lot of computer and crypto related
material. I see references to this list and how to subscribe several times a
year in various sources going back several years.

> Simply because one has argued that "the list is ... a defacto public list,"
> don't make it so any more than my arguing that a newspaper available to the
> public can have no control over its own editorial policy.

True, but the paper MUST publish that policy in its editions. Which papers
and magazines do religously.


                                                           Jim Choate






From nobody at replay.com  Sat Nov  9 12:20:33 1996
From: nobody at replay.com (Anonymous)
Date: Sat, 9 Nov 1996 12:20:33 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611092020.VAA01385@basement.replay.com>


Peter Hendrickson <ph at netcom.com> wrote:

> What are the benefits of being a cryptoanarchist?  Maybe you get
> to double your income.  Most people won't see this as worth the
> trouble.

If you don't have enough to eat, doubling your income is worth the
trouble.

Crypto-anarchy benefits the poor more than the rich.  The underlings
of society are going to love it.





From nobody at cypherpunks.ca  Sat Nov  9 12:22:29 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 9 Nov 1996 12:22:29 -0800 (PST)
Subject: Vulis on the remailers
Message-ID: <199611092012.MAA11279@abraham.cs.berkeley.edu>


Vulis writes:

>nobody at cypherpunks.ca (John Anonymous MacDonald) writes:
>
>> Please, remailers, source block Vulis for a week.
>> Remailer Fan
>
>I'm not sending anything via any remailers.

Hmmmm. Let's see...I'll respect you in the morning, the check is in the mail, I won't come in your mouth...

Get real, kook.









From ravage at EINSTEIN.ssz.com  Sat Nov  9 12:33:43 1996
From: ravage at EINSTEIN.ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 12:33:43 -0800 (PST)
Subject: FW: Dr. Vulis is not on cypherpunks any more [RANT] (fwd)
Message-ID: <199611092037.OAA01232@einstein>



Forwarded message:

> From: "networks at vir.com" <networks at vir.com>
> Date: Thu, 7 Nov 1996 15:15:38 -0500
> 
> It seems that, like a bookstore, the cypherpunks mailing list has the
> right to choose the content it distributes and who it distributes the content
> to.

Actualy bookstores distribute the books they are under contract to distribute
via the publishers they have contracts with. An easy way to tell if a
bookstore is a reasonable distributor and one with some level of ethics is
to ask if they participate in the yearly banned books week. If they don't I
would suggest you go elsewhere.

Businesses in general are not allowed to prohibit patrons based on their
belief, speech, or action unless it can be shown to pose some threat to the
operation of the business or they post said policy in a public place where
patrons can see it. 

An example may be in order. Here in Austin, TX. we have a problem with bums
and kids who are homeless. They urinate on the walls and commit various
other acts that are not acceptable to the community at large. In order to do
anything about these people on public property the city HAD to pass two
laws. These two laws are that it is now unlawful to camp overnite on public
property. In effect you cannot reside on public property in Austin, TX
between midnite and 6am. The other law was that it is now a crime in Austin,
TX to emit a 'objectionable odor in public'. Strictly interpreted if you are
in a city park at 12:01AM or before 6:00AM you can be arrested. Also, if
you were to emit a fart outside your personal property you can be arrested.
(Note that these laws have not resolved the indigent problems we have here)

In short without this law (ie contract) it was not possible for the city or
private businesses to do anything about this.

>  Bookstores are free to select what titles they offer for sale, and can
> even refuse to sell a book to a particularly annoying customer if they
> so choose (my legal knowledge is lacking, but I think this is correct).

Irrelevant. The point is that bookstores are not legaly responsible for the
contents of those books except in very special cases. The distributors or
publishers are responsible. This list qualifies as a publisher so long as
it retains editorial control of content of submissions prior to distribution.
If they have no editorial control then they are in the situation of a
bookstore which is protected from legal action on the contents of the books
they carry except under special conditions. The action taken by the list
operator explicity acts as an example of that editorial control.

> To extend the analogy, what has happened in this particular case 
> is that Dr. Vulis is now forced to buy all his books by mail order :)

What has happened here is that a member of a community has been expunged
based on their beliefs. Not on any particular action they took which posed
any sort of threat to that community.

                                                   Jim Choate







From take at barrier-free.co.jp  Sat Nov  9 12:47:26 1996
From: take at barrier-free.co.jp (Hayashi_Tsuyoshi)
Date: Sat, 9 Nov 1996 12:47:26 -0800 (PST)
Subject: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <1.5.4.32.19961109184728.005bbe40@popd.ix.netcom.com>
Message-ID: <199611092044.FAA19938@ns.barrier-free.co.jp>


On Sat, 09 Nov 1996 10:47:28 -0800, stewarts at ix.netcom.com said:
 >At 01:29 AM 11/9/96 -0800, John Gilmore <gnu at toad.com> wrote:
 >>ask questions, etc.  To join the list, send mail to:
 >>	linux-ipsec-REQUEST at clinet.fi
 >>The email should contain a single line that just says:
 >>	subscribe
 >
 >Actually, it needs to say
 >        subscribe linux-ipsec

Probably, it needs to send mail to:
	Majordomo at clinet.fi

///hayashi





From wb8foz at wauug.erols.com  Sat Nov  9 13:16:24 1996
From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states)
Date: Sat, 9 Nov 1996 13:16:24 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <199611092116.QAA05345@wauug.erols.com>


Peter Hendrickson sez:
> 
> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> 
> It appears now that this protection has evaporated.  

How do you know he does not have a THIRD name........?

-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From EALLENSMITH at ocelot.Rutgers.EDU  Sat Nov  9 13:21:32 1996
From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith)
Date: Sat, 9 Nov 1996 13:21:32 -0800 (PST)
Subject: RRE: notes (8 Nov 1996)
Message-ID: <01IBNCKT4KUOA73IB7@mbcl.rutgers.edu>


	This has a rather chaotic mixture of inapplicable and useful
information; I'll try to edit out the non-useful stuff (via [...]). He's made
the distinct goof of misidentifying libertarianism with 60's style
anarchosocialism, as well as other problems... I'll be emailing him myself
with some comments.
	-Allen

From:	IN%"rre at weber.ucsd.edu"  9-NOV-1996 05:26:15.31
To:	IN%"rre at weber.ucsd.edu"
CC:	
Subj:	notes

Notes on network computers, blind copies, democratic culture, monopolies,
and the idea of an Internet establishment...


As a periodic reminder, a Web archive of nearly all the RRE messages ever
sent can be found through  http://communication.ucsd.edu/pagre/rre.html


It turns out that the article on cryptography by Bruce Schneier that I
forwarded from the Risks Digest the other day was actually an unfinished
draft that Peter Neumann sent out by mistake.  Bruce asks that everyone
refrain from propagating that version around the net.


Steve Lohr's article on the "network computer" in Monday's New York Times
includes the following priceless quotes:

  The line between these network computers being used as really effective
  corporate tools and being used as mind-control tiger cages is a fine
  one.  There will be a real temptation for corporate managers to go too
  far in the direction of control.
    -- Paul Saffo

  The paradise of shared knowledge and a more egalitarian working
  environment just isn't happening.  Knowledge isn't really shared because
  management doesn't want to lose authority.
    -- Shoshana Zuboff

  What's a floppy disk?  It's a way to steal company secrets.
    -- Scott McNealy

  We think we can go after the dumb-terminal market too.
    -- Bill Gates

I wish we could rewind this whole computer revolution thing and start over.


[...]


Non-Americans keep remarking on the predominance of American items on
RRE.  That's simply a function of the items that RRE subscribers send me.
If you come across interesting items from other countries, I hope you'll
consider sending them along.


[...]


A while back, I came across an op-ed column addressed to teen-agers which
purported to explain certain points about life.  The first of these points
was, and I quote,

  Life's not fair.  Get used to it.

All of the points were like this: each of them presupposed that their
reader held a putatively naive or self-serving opinion about life,
and they proposed to set the reader straight in a remarkably nasty and
disrespectful way.

I view this article as part of a larger and very depressing trend: the
return of authoritarian culture.  The purpose of authoritarian culture
is to instil a mindless obedience to authority.  It employs two basic
methods.  The first of these methods is stereotype: one's normal human
tendencies to think critically and oppression resist are caricatured
and ridiculed; endless stories are adduced to portray people who employ
these innate faculties in a bad light; and labels such as "whining" and
"complaining" and "victim" are liberally applied.

The second method of authoritarian culture is the attempt to naturalize
authority by hiding it behind large abstractions.  In this case, the
abstraction in question is "life".  Having established that "life" is
unfair, it becomes possible to label any protest against unfairness as
a demand that the whole world conform to one's own immature whims.  These
teenagers are counseled to "get used to it" and to reconcile themselves to
a life of being treated unfairly.  No liberal nostrums about self-esteem
here: this columnist's message was that nobody deserves to be treated with
respect, and that it's arrogant to think otherwise.

Another example of authoritarian culture is the contemporary American
use of the word "accountability".  Accountability, we are told, means
"accepting the consequences of your actions".  Everyone is supposed
to "be accountable", and to embrace this condition as a concomitant of
responsible adulthood.  Authority here is hidden through a grammatical
device.  In normal usage, the word "accountable" takes a complement,
as in "accountable to ...".  When the complement is omitted, the human
authority is displaced into the woodwork, and obedience to that authority
is conflated with a variety of quite different conditions: responsibility,
honesty, etc.  No reasonable person has a problem with the idea of being
responsible for one's actions.  But nobody who believes in a democratic
society can accept the idea that any person has absolute authority to
judge any other person's actions, and hand down "consequences", without
likewise being constrained by norms of responsibility, which in the old
days were called "justice" and -- yes, that's right -- "fairness".

It is not surprising when people in authority employ such language.  But
authoritarian culture requires more: it requires that people internalize
this language, applying it to themselves and dissociating all desire for
justice and fair treatment.  We all have our failings, but we we cannot
have a decent society unless everyone is treated with respect and judged
with a reasonable regard for proportionality and due process.  Healthy
people don't just "get used to" injustice.  Quite the contrary, genuine
maturity begins with the skill and discipline of helping people organize
to identify and overcome injustice.  Shame and ridicule are the least
violent of the tools that have historically been employed to condemn
people to passivity.  But they are also the most basic and, in the end,
the most destructive.

The basic method for promoting an extreme position is to harp on the evils
of the opposite extreme.  Authoritarian culture thus lives in a symbiotic
union with its evil twin, libertarian culture, whose sole value is freedom
from constraint.  The symbiosis between authoritarian and libertarian
culture has many facets:

 * Authoritarian culture holds that people are essentially bad and that
nothing can be done about this; libertarian culture holds that people
are essentially good and that nothing needs to be done to encourage this.

 * Authoritarian culture imposes constraint without respect for individual
dignity; libertarian culture holds that individual dignity consists in the
absence of constraint.

 * Authoritarian culture holds that people are innately irresponsible;
libertarian culture denounces responsibility as an authoritarian myth.

 * Authoritarian culture and libertarian culture both conflate feelings
with action, authoritarian culture to repress them both and libertarian
culture to license them both.  

 * Authoritarian culture crushes the spirit and eventually gives rise to
an immature impulse toward libertarian culture; libertarian culture stands
indifferent as great industries arise to support an epidemic of addiction,
which then gives rise to a fearful impulse toward authoritarian culture.

What authoritarian and libertarian have in common is their claim to follow
a simple, objective rule that lies beyond human interpretation: the rule
of order or the rule of freedom.  The terra incognita that lies beyond
the dysfunctionality of both authoritarian and libertarian culture is
democratic culture: the form of culture within which everyone takes
responsibility for living together constructively.  Democratic culture
is not just a matter of voting.  It is a set of values, and it is a
set of skills.  Some of these skills are organizational: you can't have
democratic culture unless people know, deep down in their bones, how to
hold a productive consensus-based meeting.  Other skills are emotional:
you can't have democratic culture unless people can tell the difference
between resisting oppression and acting out resentment, between organizing
and polarizing, between freedom and irresponsibility, between pleasure and
addiction, between discipline and shame, between personal boundaries and
passive aggression.

The sixties have left an ambiguous legacy because they blurred together
two very distinct impulses: countercultural libertarianism, for which I
don't have an awful lot of respect, and democratic experimentation, for
which I have a great deal of respect.  Recreational drug use, for example,
is stupid and boring.  But the democratic organizing traditions that arose
and flourished in the sixties were an important cultural contribution, and
it's sad to see them forgotten.  The rise of authoritarian culture depends
on this forgetting, and on crushing at an early age the hopes for human
dignity with which all of us are born.

Why isn't this obvious?  One reason is that the American conservative
movement originated as a marriage of convenience between authoritarians
and libertarians, both of whom portrayed themselves as opponents of
something called "government".  But opposition to government tout court
is opposition to democracy.  We have been inundated in recent years by
rhetoric that seeks to make democracy literally unthinkable by conflating
all types of government, whether democratic or totalitarian, into a
single stereotype of oppression.  This stereotype requires its proponents
to construct themselves as powerless victims, and it licenses all sorts
of whining and complaint by the very people who make a big point of
censuring whining and complaint by others.  By treating the institutions
of a democratic society as inherently beyond control, it also licenses
an abdication of personal responsibility -- the responsibility to learn,
practice, and teach the values and skills of a democratic society.


Back in the Later Middle Ages, around 1994, I often found myself lectured
by experts who asserted that great bureaucratic institutions, government
and corporate alike, would necessarily and inevitably disintegrate in the
world of the Internet.  It's almost 1997 now, and as the months go by I
find it ever harder to remember why this great disintegration was supposed
to take place.  If evidence counts for anything, we are actually living
in an unprecedented era of concentration and centralization.  ABC has now
become the Disney Infomercial Channel, and British Telecom is buying MCI.
And the more I learn about Internet economics, the more the Internet seems
like a veritable engine of monopoly-creation.  The reasons are numerous.
Most of them are explained in the recommendations and bibliographies that
I have provided in past issues of The Network Observer, and any one of
them would suffice:

 * The Internet backbone business, like any other utility, involves high
fixed costs and low marginal costs of serving additional customers, so
that bigness is highly rewarded.  And every provider has an incentive to
give priority to packets that remain within its network, thus giving a
quality-of-service advantage in the market to whichever provider first
establishes a dominant position in a given segment of the market for
network services.

 * The pattern of high fixed costs and low marginal costs is even stronger
for software: if two software products compete then the price of each is
determined by its development costs divided by the number of customers.
As a result, other things being equal, the company with the larger market
share completely destroys its competition.  If other things aren't equal,
a company with an existing flow of monopoly rents can simply give away its
products until its competitors' capital is depleted.

 * And then there are de facto standards: the dynamics of standards are
fantastically complicated, but the Internet still needs several additional
service layers, and even a single proprietary standard could give one
firm immense power to extract rents from Internet users and dictate future
directions for Internet architecture.  Since most of the forthcoming
standards will be implemented in software, the monopoly tendencies of the
software market will promote the rise of proprietary networking standards.
Past experience with the Internet is misleading: small players and ARPA
philosopher-kings can establish a new standard in the world if the big
players are asleep, but the big players are awake now.  In the future it
will take capital and speed to impose a standard, and winner takes all.

 * The economics of information -- "content" -- are no more reassuring.
Since information can be replicated cheaply, an overwhelming, life-or-
death incentive exists to leverage creative effort across as many channels
as possible.  Of course, every industry has an incentive to increase its
revenue.  But as the marginal cost of selling additional units approaches
zero, prices are directly determined by market share, thus giving rise to
a positive feedback loop and eventual monopoly.  This suggests that, to
the extent that the Internet is a vehicle for the delivery of information
commodities, it will necessarily be absorbed into the institutions of the
media system.  Nobody will be able to afford to produce a news service
that only operates on the Internet, for example, given that existing news
services can adapt their work to the Internet for much less than it costs
to produce a competing service from scratch.  And content providers who
already operate in other media will have a powerful incentive to adapt
their services to the Internet, provided only that additional money can
be made by providing those services in the Internet medium.

It is commonly argued that the Internet, by reducing transaction costs,
will cause organizations to break apart and industries to reorganize on a
more entrepreneurial basis.  I have argued this myself.  But the argument
doesn't work.  The Internet (and not only the Internet, but a world of
other technologies) reduces transaction costs and coordination costs
alike, making it less efficient to operate large organizations that cross
many disparate functions but more efficient to operate large organizations
that do one standardized thing.  Thus we have waves of both outsourcing
(due to decreased transaction costs) and concentration (due to decreased
coordination costs).  And high-tech industries increasingly favor those
firms that can see standards battles coming and prepare to fight them in
a coordinated way.

Other arguments against the monopoly scenarios have more force.  Internet
service provision is not yet a monopoly, and it is not obviously headed
in that direction right now.  Nobody understands the ISP business very
well, and it would appear that the smaller entrepreneurial firms have
an advantage in adaptability in an environment of rapid technological
and market change.  AT&T, moreover, would seem to be falling apart at
the seams in very much the fashion that Schumpeter, that patron saint
of entrepreneurs, would have predicted.  Even MCI has been hitting itself
on the head pretty hard during the last few years.  So my point is *not*
that the Internet is definitely going to be locked up by cigar-smoking
corporate titans.

My point is simply this.  It's almost 1997, and yet the airwaves and
magazine pages are still full of ideologues, still reciting old-wave
technological determinist mantras about how the Internet will inevitably
bring us a decentralized world of freedom.  Technological determinism,
however, is a kind of cargo cult: it asserts that we can obtain a happy
society if we simply work hard enough at idolizing the technology.  The
world doesn't work like that.  Significant forces are operating in several
directions, some of those directions are more pleasant to contemplate
than others, and the outcome is not preordained.  It seems to me that
the proponents of a totally unregulated economy should learn a little
more economics.  It also seems to me that it's time for a revival of
the democratic values that make it possible to imagine a conscious choice
about our technological future.


[...]


After my comment about the Journal of Internet Banking and Commerce
the other day, I got an irate message from the Journal's editor.  Among
his less extravagant suggestions was that I am a member of the Internet
establishment who has the power to destroy people with a word.  Gosh.
My first response was to wonder if Hallmark has a card for this occasion:

  To a childhood friend, after all these years

  I can still remember how, it seems
  You never picked me for your teams
  I have no idea now where you've went
  But I'm a member of the Internet establishment
  So you better watch out what you say
  Or with my keyboard I'll blow you away

Then I thought about it more seriously.  I'm not here to take shots at
struggling Internet publications, unless you count Slate.  My only goal
had been to plug the Scout Report, and the truth is that I was too lazy
to dig up an issue of TSR that I was 100% comfortable with.  I won't go
into the reasons for the opinion I formed of JIBC back in the spring,
since you can easily judge for yourselves.  Of course I should take
ordinary care not to slam people at random, and by trying to run this
list in odd moments of the day I'm all too likely to get careless.  The
harder question is, is this guy right?  Never mind that he had a grossly
exaggerated estimate of RRE's readership -- the idea that I am a member
of any kind of establishment is completely foreign to me.  Of course,
this could simply be a self-serving delusion.  After all, as a white
guy who was born in the United States, I enjoy numerous social privileges
that I have never earned.  And as a graduate student at MIT, my cohort and
I were located so close to the center of the post-WWII military-academic
complex that we had the resources to pretend that we were antiestablishment
nonconformists.  Still, if the Internet establishment exists and holds
councils, I have never been invited to them.  I have met some of the
publicly prominent Internet people once or twice and have found them to be
remarkably decent, but I hope you will agree that my message on RRE is not
particularly congruent with theirs.  Yes, I organized a CPSR conference a
few years back, but look what's happening to CPSR.

So, at the end of the day, am I basically just another guy with a mailing
list?  When I started RRE, I assumed that surely by now the Internet
would be crawling with filter lists such as my own.  But even though some
other excellent filter lists do exist, including some (David Farber's,
for example) with many more subscribers than my own, my assumption hasn't
come close to being true.  Why is this?  I can think of a few reasons:

 * Limited access to the tools.  The hardware keeps getting faster, but
   the software for maintaining mailing lists isn't much better than it
   was in 1993.  It's still impractical for 95%+ of Internet users to
   maintain large mailing lists.  This is a scandal.

 * Flexibility of the tools.  The assumption that lots of people would
   start filter lists depended on another, implicit assumption: that
   the Internet only supports a limited number of interesting mechanisms.
   Lots of people are doing great things on the Internet, and they have
   shaped tools to fit their particular visions, which simply differ
   from mine.  Even the other filter lists vary widely in their traffic,
   contents, respect for copyrights, and amplitude of editorial voice.

 * Network externalities.  As I mentioned the other day, it's possible
   that once a list like RRE establishes a large subscriber base, other
   lists will have a hard time getting enough traction to compete.  This
   is because the success of such lists depends in part on the number of
   subscribers they have, and I got the subscribers first.  On the other
   hand, 4300 is a small fraction of the total world of Internet users.

 * Critical mass.  RRE is mostly about the social and political aspects
   of networking and computing.  This is a fashionable topic, and it
   is a topic likely to appeal to a large proportion of Internet users.
   Someone who wanted to run a filter list devoted to medical issues,
   for example, would be limited by the number of Internet users in
   the medical field.  On the other hand, one major early source of RRE
   messages was Gleason Sackman's high-volume filter list on education.

I wish I could say that the Internet affords freedom of the press to those
who don't own one.  But it's not true, not yet.  So maybe, on some very
tiny scale, I'm an Internet analog of Rush Limbaugh or Scott Adams.  Those
guys could hardly be more different on one level, but they also reflect an
important convergence.  Rush didn't invent talk radio with its structured
listener involvement; the innovation of his show was that it's basically
about his opinions.  Dilbert didn't invent the comic strip; his innovation
was to use the Internet to involve his readers in thinking up the ideas.
In each case, the result is a voice that seems on the surface like a
synthesis of the star's voice with that of his audience, and the fear
is that this result is a sham, giving just enough of an appearance of
audience involvement to authenticate the star as the Voice of the People.

Likewise, by forever soliciting subscribers' submissions while exercising
absolute editorial control, I can imagine that this list conveys a sense
of omniscience that has little basis in reality.  As a recovering know-it-
all, I can testify how addictive this position can be.  I can imagine how
this list can be perceived as more authoritative than it really is.  And
since perceptions of authority are largely self-fulfilling, I can appreciate
how an RRE message can do more damage than it has any right to.  I don't
really know for sure, nor is it mine to judge.  But I suppose I should err
on the safe side.





From dlv at bwalk.dm.com  Sat Nov  9 13:30:32 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 13:30:32 -0800 (PST)
Subject: No More
In-Reply-To: <199611091210.GAA01799@dogbert.ipa.net>
Message-ID: <8075wD3w165w@bwalk.dm.com>


brazie at ipa.net (Brazie) writes:

> At 06:53 PM 11/8/96 -0500, YoungSik Jeong wrote:
> >I want take off mail list
> >
> >
> >so do i, i tried but i keep getting all this damn mail

Try pointing out that Timmy May is a lying bully, and you'll be unsubscribed
in no time. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jleonard at divcom.umop-ap.com  Sat Nov  9 13:57:16 1996
From: jleonard at divcom.umop-ap.com (Jon Leonard)
Date: Sat, 9 Nov 1996 13:57:16 -0800 (PST)
Subject: WebTV a "munition"
In-Reply-To: <199611091806.KAA00144@slack.lne.com>
Message-ID: <9611092152.AA02019@divcom.umop-ap.com>


Eric Murray wrote:
> Jon Leonard writes:
> > Eric Murray wrote:
[more stuff about WebTv/crypto/export problems trimmed]
> So if their point is to fight against ITAR (one interpretation of
> the facts as I know them) why haven't they announced that they're doing so?
> It would be good PR.

I'm not sure that it would be good PR for the general public.  That's their
target market, after all.  If you've got a computer, you probably don't need
a WebTv for websurfing.

> > Given that they've tried to do everything else right (and, in my opinion,
> > succeeded), that may be all there is to it.
> > 
> > I'll ask for more details next time I talk to them.
> 
> That'd be cool.  I think that there's a lot that we don't know about this.

One of my friends at WebTv called, and I asked him about it.
What I got from him was:

1) They wanted to do it right.  (And electronic commerce needs strong crypto)
2) They wanted to be stronger than Netscape's default.  (Triple-DES, I think)
3) They didn't necessarily expect this to be a problem.
4) They expect to win the export control fight.

He seemed almost gleeful that they'd be classified as a munition.
I was suprised that he knew the issue and had an opinion, as he isn't
particularly crypto-aware usually.  I'd guess that it's a big deal
at WebTv.

Keep in mind that this is only one employee, and non-management at that.

<speculation>
It sounded like they might be vulnerable to a government deal, and
were mostly relying on the implausibility of export controlling WebTv
helping national security in any detectable way.

It seems to me that this has the potential to be a cypherpunk victory.
There's the potential for their market (and publicity) to be even wider
than Netscape's, and for the export controls to look even sillier.

Any ideas for helping their export case, or avoiding them making a deal?
</speculation>

> The web site doesn't have much hard info, just a lot of
> buzzword-compliant marketing bullstuff and the highest ratio of
> (TM)s to words that I have ever seen.

That seems to be the new advertising style in high tech.  Unfortunate.

Jon Leonard





From hua at chromatic.com  Sat Nov  9 14:25:54 1996
From: hua at chromatic.com (Ernest Hua)
Date: Sat, 9 Nov 1996 14:25:54 -0800 (PST)
Subject: Son of Cyberpromo?
Message-ID: <199611092225.OAA21046@server1.chromatic.com>


The message speaks for itself.

Ern

--------

 Return-Path: MREMAIL at red.pobox.net
 Received: from red.pobox.net (www1-208-135-28-26.asatte.com [208.135.27.80]) by xenon.chromatic.com (8.7.5/8.7.3) with ESMTP id SAA24960 for <hua at chromatic.com>; Fri, 8 Nov 1996 18:50:57 -0700 (PPET)
 Message-Id: <199611090150.SAA24960 at xenon.chromatic.com>
 Received: from MR.EMAIL
           (Cust27.Max22.Los-Angeles.CA.MS.UU.NET [153.34.81.27])
           by red.pobox.net (post.office MTA v1.9.3b ID# 0-10245) with SMTP
           id AAW87; Fri, 8 Nov 1996 17:46:00 -0800
 From: MREMAIL at MREMAIL.COM
 To: YOU at YOU.COM
 Date: Fri, 08 Nov 1996 17:48:54 PST
 Subject: I M P O R T A N T ! ! !

 EMAIL WORKS $499.00

 WE KNOW YOUR BUSINESS

 Our software and provider service enables any business to launch a professional and effective mass
 marketing of a product or service via bulk email. Our mission is to give the average, small or new
 business, and even the big guys, the tools required to utilize the Internet for generating sales figures
 not achievable through conventional advertising.

 EMAIL WORKS V3.1A

 EMail Works v3.1 is by far the most advanced bulk e-mail software available on the market. It�s
 power and depth are only matched by it� s ease of use.

 Features

     Sends at 13000 to 15000 per hour with 14.4 modem
     Posts to thousands of news groups automatically
     Collects at 75000 per 24 hours
     Works while your computer is: surfing, getting email or word processing
     Easy to use remove name feature.
     Parsing table 45000 to 100,000 per hour
     Stand alone - NO Pegasus-Eudora-Freedom- or other email program needed
     Sends & Gathers & Parsing at the same time!
     Marketing Tables
     Time & date stamp on all mailings
     Filtering system
     Auto remove screen disables mail from being sent to people who dont want     it!

 When SoftCell becomes your postmaster you will never lose your e mail
 addresses, dial-up connection or web site domain ever again.

 BULLET PROOF WEB SITE DOMAIN 10mg
 never have your site ripped down again

 10 MEG WEB DOMAIN
 We move your site and transfer or register your domain with internic

 REMOVE NAMES
 All mail is parsed against several large remove name lists

 5 Meg FLAME PROOF E MAIL BOX
 We will not except multiple message or unmarked attachments from any user.

 FIRE WALL
 Over 70,000 e mail addresses that can not access our server

 AUTO RESPONDER
 Easy and fast response

 Additional provider services:

     Online secure credit card transactions $35.00 per mo.
     Shopping Basket $20.00 per mo.
     Additional Auto responders $15.00 per mo
     Additional E Mail Accounts $30.00 per mo
     Additional Web space $10.00 per Mg per mo.

 Access our remove name and parse out the undeliverable and remove names $49.00 per month!

 Bulk E-Mailing Services

 E Mail addresses for sale
 Our addresses are by far the best available on the internet because they are all 75+% deliverable and we
 never sell the same list to the same type of business twice. We currently have over 7 million active
 e mail addresses.

 100,000 $199
 300,000 $399
 500,000 $599
 1 Million $1000

 Bulk E-Mailings DONT HAVE THE TIME? WE DO!

 1.5 Million

 1 Time $1200
 2 Time $900
 3 Time $800
 4 Time $700
 5 Time $500

 Web Design
 Free web design and hosting can be arranged for companies & can show net earnings in excess of 1
 Million dollars. In return for a percentage of sales SoftCell Marketing will develop, host and
 maintain you web site.

 Call now for more information: 714-825-4815

 F R E E  D E M O  D O W N L O A D ! ! !
 CALL NOW -- MR. EMAIL (DAVID)

 SoftCell Marketing Inc. CONTRACT

 IMPORTANT! FAX THIS LEGAL DOCUMENT TO: 714-574-9773

 NAME:_____________________________________________

 COMPANY NAME:_____________________________________

 ADDRESS:__________________________________________

         __________________________________________

 TELEPHONE:________________________________________

 BUSINESS PHONE:___________________________________

 FAX:______________________________________________

 CREDIT CARD TYPE:_________________________________

 CREDIT CARD NUMBER:_______________________________

 CREDIT CARD EXPIRATION:___________________________

 E-MAIL ADDRESS:___________________________________

 The business or company herein is referred to as the
 client, and SoftCell Marketing Inc. is referred to as
 "Company" , enter into this agreement to be effective as
 of date accepted by the "Company" subject to the
 following conditions: As a client I understand that the
 Company makes no Guarantee of success or financial gain.
 As a client I realize the "Company" is authorized to bill
 client credit card or cash client check or money order
 plus shipping and handling for "company"servivices
 or products.  As a client I realize that the
 company will place my order for provider service to be
 billed on the (first) of the month, each and every month
 until a 30 day written notice is received from client.
 As a client I understand that once the "Company"
 has rendered services, or the client has been issued an
 access code, unlock code, turn on code or credit card
 approval have been gained, no refunds are possible.

 Please check the box(s) that apply:

 BOX 1:_____  EMAILWORKS V3A $499.00
 BOX 2:_____  PROVIDER SERVICE $99.00 PER MONTH.
                           WITH FIRST AND LAST MONTH AND $75.00 SET UP FEE.
                           TOTAL $273.00
 BOX 3:_____  BOTH (BOX 1 AND 2) TOTAL $772.00

 CLIENT SIGNATURE:_________________________ DATE:___________





From steve at edmweb.com  Sat Nov  9 14:35:28 1996
From: steve at edmweb.com (Steve Reid)
Date: Sat, 9 Nov 1996 14:35:28 -0800 (PST)
Subject: Another possible remailer attack?
Message-ID: <Pine.BSF.3.91.961109134348.182B-100000@bitbucket.edmweb.com>


>Date: Fri, 8 Nov 1996 12:58:42 -0800
>From: nobody at cypherpunks.ca (John Anonymous MacDonald)
>Subject: Vulis on the remailers
> Please, remailers, source block Vulis for a week.
> Remailer Fan

Suppose you operate an ISP and you suspect that one of your users (let's
call him Dimitri) is using anonymous remailers to submit politically
incorrect messages (under a pseudonym, or all with the same writing style)
to Usenet, mailing lists, and a well-known phreak/hack publication. Also
suppose that these public messages are appearing on a regular basis. 

You want to know if Dimitri is the person regularly posting these
messages. So, you use your powers as ISP to block his access to all
remailers. If the public messages suddenly stop then you can be reasonably
certain that Dimitri was sending them. 

I expect this would work even against DC nets.

The only solution I can think of is to have an account with multiple ISPs
and always send mail from more than one account. This probably wouldn't
offer much protection against TLAs (NSA, CIA, FBI, MCI, AT&T ;) who may be
able to block traffic no matter where it comes from. 

Comments?





From William.H.Geiger.III at mailhub.amaranth.com  Sat Nov  9 14:42:37 1996
From: William.H.Geiger.III at mailhub.amaranth.com (whgiii@amaranth.com)
Date: Sat, 9 Nov 1996 14:42:37 -0800 (PST)
Subject: Information [for new PGP user]
In-Reply-To: <3284BF7A.36E0@gte.net>
Message-ID: <199611092356.RAA22533@mailhub.amaranth.com>


In <3284BF7A.36E0 at gte.net>, on 11/09/96 
   at 09:29 AM, Dale Thorn <dthorn at gte.net> said:

>Yet another success (NOT!) story for PGP.  I wonder how many people on
>this list would be willing to bet something *really* important to them on
>the security of PGP?

Dale you are truly a clueless shmuck.

I would be truly intrested to see how many platforms and with how many
different compilers the source code of YOUR program would work.

-- 
-----------------------------------------------------------
whgiii at amaranth.com <William H. Geiger III>
-----------------------------------------------------------






From ldetweil at csn.net  Sat Nov  9 14:50:19 1996
From: ldetweil at csn.net (L.Detweiler)
Date: Sat, 9 Nov 1996 14:50:19 -0800 (PST)
Subject: Timmy
Message-ID: <199611092250.PAA23102@teal.csn.net>



just heard an interesting rumor that Timmy has been blacklisted
from working anywhere here in Colorado as a dangerous anarchist
and/or lunatic revolutionary.

but perhaps he can still work in Silicon Valley if anyone there is
willing to hire a debauched millionaire playboy.  the standards
are different where no one wants to live, I guess. (hmmmm, catch
that recent cool article on CO in National Geographic?)

besides, everyone here in CO would prefer all the
anarchists stay in CA anyway so they can all be taken care of
in one fell swoop with the next "big one".. did I feel
a little "trembling" over there or is it just the standard cpunk
cowardice? (hehehe)


|   /\  |\| /~ L~
L_ /~~\ | | \_ L_
http://www.csn.net/~ldetweil/





From markets at mindspring.com  Sat Nov  9 14:58:08 1996
From: markets at mindspring.com (JUD)
Date: Sat, 9 Nov 1996 14:58:08 -0800 (PST)
Subject: TRY THIS FOR FUN - $$payt~1.doc (0/1)
Message-ID: <563297$59h@camel2.mindspring.com>


$$$EARN MONEY FAST AND LEGITIMATE!!!!

Not a Chain Letter; No Implied Threats:  That's what I like about it.

OK, OK so here I am trying one of these programs, well I figured, why
not, for the exposure of $5.00 what do I really have to lose.  Heck,
I've lost a great deal more than that just on a night's entertainment,
not to mention what I spend on unnecessary snacks and beverages at
work each day.

So, the lists I have read really do speak about the great benefits of
developing mailing lists.  Why not give it a try as a hobby yourself
and see where it gets you.  The comments are quite clear and
believable:

Ryan Gaskins says:

Not only does it work for me, it works for other folds as well.
Markus Valppu says he made $57,883 in four weeks.  Dave Manning claims
he made $53,664 in the same amount of time.  Dan Shepstone says it was
only $17,000 for him.  Do I know these folks? No, but when I read how
they say they did it, it made sense to me.  Enough sense that I'm
taking a similar chance with $5 of my own money.  Not a big chance, I
admit -- but one with incredible potential, because $5 is all anyone
ever invests in this system.  Period.  That's all Markus, Dave, or Dan
invested, yet their $5 netted them tens of thousands of dollars each,
in a safe, legal completely legitimate way.  Here's how it works in 3
easy steps:

Step 1

Invest your $5 by writing your name and address on five seperate
pieces of paper along with the words: "PLEASE ADD ME TO YOUR MAILING
LIST." (In this way, you're not just sending a dollar to someone;
you're paying for a legitimate service).  Fold a $1 bill, money order,
or bank note inside each paper, and mail them by standard local
mail/post to the following five addresses:

1.	P.R. Corswandt
	Hubertusallee 6-8
	D-14193
	GERMANY

2.	Stig Eriksen
	Stolshaugv. 24
	N-5460 HUSNES
	NORWAY

3.	T. Lavigne 
	19 Whisper Lane
	Milton, VT 05468
	USA

4.	R. Gaskins
	1272 Great Neck Rd #220
	Virginia Beach, VA  23454
	USA

5. 	JUD
	47 West Polk Street
	Suite #100-212
	Chicago, IL   60605
	USA

Step 2

Now using any word processor program, open this document (or re-type
it yourself) remove the top name from the list, and re-number.  This
way #2 becomes #1, #5 becomes #4 and so on.

Put your name and address in as the fifth (#5) on the list.

Step 3

Post the article to at least 250 newsgroups.  There are at least 19000
newsgroups at any given moment in time.  Try posting to as many
newsgroups as you can.  Remember the more groups you post to, the more
people will see your article and send you cash!

Step 4

you are now in business for yourself, and should start seeing returns
within 7 to 14 days!  Remember, the Internet is new and huge.  It is
hard to imagine not benefiting from this friendly exercise in this
incredle rapidly growing market.

Now here is how and why this system works:

Out of every block of 250 posts made, expect 5 responses.
Yes that right, only 5.  You make $5.00 in cash, not checks or money
orders, but real cash with your name at #5.

Each additional person who sent you $1.00 now also makes 250
additional postings with your name at #4, 1000 postings.  On average
then, 50 people will send you $1.00 with your name at #4k,.... $50.00
in your pocket!

Now these 50 new people will make 250 postings each with your name at
#3 or 10,000 postings.  Average return, 500 people = $500.00 they make
250 postings each with your name at #2 = 100,000 postings = 5,000
returns at $1.00 each $5,000.00 in cash!

Finally, 5,000 people make 250 postings each with your name at #1 and
you get a return of $60,000 before your name drops off the list.  And
that's only if everyone down the line makes only 250 postings each!
Your total income for this one cycle is $55,000.

>From time to time when you see your name is no longer on the list, you
take the latest posting you can find and start all over again.

The end result depends on you.  You must follow through and re-post
this article everywhere you can think of.  The more postings you make
the more cash ends up in your mailbox.  It's too easy and too cheap to
passup!!!!

So thats it.  Pretty simple sounding stuff, huh?  But believe me, it
works.  there are millions of people surfing the net every day, all
day, all over the world.  And 100,000 new people get on the net every
day.  You know that, you've seen the stories in the paper.  So, my
friend, read and follow the simple instructions and play fair.  That's
the key.  And that's all there is to it.  print this out right now so
you can refer back to this article easily.  Try to keep an eye on all
the postings you made to make sure everyone is playing fairly.  You
know where your name should be.

If you're really not sure or still think this can't be for real, then
don't do it.  But please print this article and pass it along to
someone you know who really needs the bucks, and see what happens.

REMEBER.HONESTY IS THE BEST POLICY.  YOU DON'T NEED TO CHEAT THE BASIC
IDEA TO MAKE THE BUCKS!  gOOD LUCK TO ALL, AND PLEASE PLAY FAIR AND
YOU WILL MAKE SOME REAL INSTANT FREE CASH!

***By the way, if you try to deceive people by posting the messages
with your name in the list and not sending the bucks to people already
included, you will nnot get much.  Another fellow did this and only
got about $150.00 (and that's after two months).  Then he sent the 5
bills, people added him to thier lists, and in 4-5 weeks he dad over
$10,000!

TRY IT AND YOU'LL BE HAPPY111

WARNING: IT IS ILLEGAL TO USE THIS IDEA WITHOUT PAYING FOR IT DO YOU
WANT TO SPEND 4-7 YEARS IN JAIL FOR MAIL FRAUD!!!????








From markets at mindspring.com  Sat Nov  9 14:58:13 1996
From: markets at mindspring.com (JUD)
Date: Sat, 9 Nov 1996 14:58:13 -0800 (PST)
Subject: TRY THIS FOR FUN - $$payt~1.doc (1/1)
Message-ID: <56329k$59h@camel2.mindspring.com>


begin 644 $$payt~1.doc
MT,\1X*&Q&N$`````````````````````/@`#`/[_"0`&```````````````!
M````%```````````$```%0````$```#^____`````!,```#_____________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________<I6@`8^`)!`````!E`````````````````P``
M[Q@``",E````````````````````````[Q4`````````````````````````
M`````````````````````"```&H`````(```:@```&H@````````:B``````
M``!J(````````&H@````````:B```!0```"T(````````+0@````````M"``
M``````"T(````````+0@````````M"````H```"^(```$````+0@````````
M220``#$```#.(````````,X@````````SB````````#.(````````,X@````
M````SB````````#.(````````,X@````````5"(```(```!6(@```````%8B
M````````5B(``"T```"#(@``U````%<C``#4````*R0``!X```!Z)```6```
M`-(D``!1````220`````````````````````````````:B````````#.(```
M````````#0`.``$``@#.(````````,X@````````````````````````````
M`,X@````````SB````````!))````````!`B````````:B````````!J(```
M`````,X@`````````````````````````````,X@````````$"(````````0
M(@```````!`B````````SB```$(!``!J(````````,X@````````:B``````
M``#.(````````%0B``````````````````#@P;X-B,Z[`7X@```4````DB``
M`"(```!J(````````&H@````````:B````````!J(````````,X@````````
M5"(````````0(@``1````!`B````````````````````````````````````
M````````````````````````````````````````````````````````````
M```````````````````````````D)"1%05).($U/3D59($9!4U0 at 04Y$($Q%
M1TE424U!5$4A(2$A#0U.;W0 at 82!#:&%I;B!,971T97([($YO($EM<&QI960@
M5&AR96%T<SH@(%1H870G<R!W:&%T($D@;&EK92!A8F]U="!I="X-#4]++"!/
M2R!S;R!H97)E($D at 86T@=')Y:6YG(&]N92!O9B!T:&5S92!P<F]G<F%M<RP@
M=V5L;"!)(&9I9W5R960L('=H>2!N;W0L(&9O<B!T:&4 at 97AP;W-U<F4@;V8@
M)#4N,#`@=VAA="!D;R!)(')E86QL>2!H879E('1O(&QO<V4N("!(96-K+"!)
M)W9E(&QO<W0 at 82!G<F5A="!D96%L(&UO<F4@=&AA;B!T:&%T(&IU<W0@;VX@
M82!N:6=H="=S(&5N=&5R=&%I;FUE;G0L(&YO="!T;R!M96YT:6]N('=H870@
M22!S<&5N9"!O;B!U;FYE8V5S<V%R>2!S;F%C:W, at 86YD(&)E=F5R86=E<R!A
M="!W;W)K(&5A8V@@9&%Y+ at T-4V\L('1H92!L:7-T<R!)(&AA=F4@<F5A9"!R
M96%L;'D at 9&\@<W!E86L at 86)O=70@=&AE(&=R96%T(&)E;F5F:71S(&]F(&1E
M=F5L;W!I;F<@;6%I;&EN9R!L:7-T<RX@(%=H>2!N;W0 at 9VEV92!I="!A('1R
M>2!A<R!A(&AO8F)Y('EO=7)S96QF(&%N9"!S964@=VAE<F4@:70 at 9V5T<R!Y
M;W4N("!4:&4 at 8V]M;65N=', at 87)E('%U:71E(&-L96%R(&%N9"!B96QI979A
M8FQE. at T-4GEA;B!'87-K:6YS('-A>7,Z#0U.;W0@;VYL>2!D;V5S(&ET('=O
M<FL at 9F]R(&UE+"!I="!W;W)K<R!F;W(@;W1H97(@9F]L9', at 87,@=V5L;"X@
M($UA<FMU<R!686QP<'4@<V%Y<R!H92!M861E("0U-RPX.#,@:6X at 9F]U<B!W
M965K<RX@($1A=F4 at 36%N;FEN9R!C;&%I;7,@:&4@;6%D92`D-3,L-C8T(&EN
M('1H92!S86UE(&%M;W5N="!O9B!T:6UE+B`@1&%N(%-H97!S=&]N92!S87ES
M(&ET('=A<R!O;FQY("0Q-RPP,#`@9F]R(&AI;2X@($1O($D@:VYO=R!T:&5S
M92!F;VQK<S\@3F\L(&)U="!W:&5N($D@<F5A9"!H;W<@=&AE>2!S87D@=&AE
M>2!D:60@:70L(&ET(&UA9&4@<V5N<V4@=&\@;64N("!%;F]U9V@@<V5N<V4@
M=&AA="!))VT@=&%K:6YG(&$@<VEM:6QA<B!C:&%N8V4@=VET:"`D-2!O9B!M
M>2!O=VX@;6]N97DN("!.;W0 at 82!B:6<@8VAA;F-E+"!)(&%D;6ET("TM(&)U
M="!O;F4@=VET:"!I;F-R961I8FQE('!O=&5N=&EA;"P at 8F5C875S92`D-2!I
M<R!A;&P at 86YY;VYE(&5V97(@:6YV97-T<R!I;B!T:&ES('-Y<W1E;2X@(%!E
M<FEO9"X@(%1H870G<R!A;&P at 36%R:W5S+"!$879E+"!O<B!$86X@:6YV97-T
M960L('EE="!T:&5I<B`D-2!N971T960@=&AE;2!T96YS(&]F('1H;W5S86YD
M<R!O9B!D;VQL87)S(&5A8V at L(&EN(&$@<V%F92P@;&5G86P at 8V]M<&QE=&5L
M>2!L96=I=&EM871E('=A>2X@($AE<F4G<R!H;W<@:70@=V]R:W,@:6X@,R!E
M87-Y('-T97!S. at T-4W1E<"`Q#0U);G9E<W0@>6]U<B`D-2!B>2!W<FET:6YG
M('EO=7(@;F%M92!A;F0 at 861D<F5S<R!O;B!F:79E('-E<&5R871E('!I96-E
M<R!O9B!P87!E<B!A;&]N9R!W:71H('1H92!W;W)D<SH@(E!,14%312!!1$0@
M344 at 5$\@64]54B!-04E,24Y'($Q)4U0N(B`H26X@=&AI<R!W87DL('EO=2=R
M92!N;W0@:G5S="!S96YD:6YG(&$@9&]L;&%R('1O('-O;65O;F4[('EO=2=R
M92!P87EI;F<@9F]R(&$@;&5G:71I;6%T92!S97)V:6-E*2X@($9O;&0 at 82`D
M,2!B:6QL+"!M;VYE>2!O<F1E<BP@;W(@8F%N:R!N;W1E(&EN<VED92!E86-H
M('!A<&5R+"!A;F0@;6%I;"!T:&5M(&)Y('-T86YD87)D(&QO8V%L(&UA:6PO
M<&]S="!T;R!T:&4 at 9F]L;&]W:6YG(&9I=F4 at 861D<F5S<V5S. at T-,2X)4"Y2
M+B!#;W)S=V%N9'0-"4AU8F5R='5S86QL964 at -BTX#0E$+3$T,3DS#0E'15)-
M04Y9#0TR+ at E3=&EG($5R:6MS96X-"5-T;VQS:&%U9W8N(#(T#0E.+34T-C`@
M2%533D53#0E.3U)705D-#3,N"50N($QA=FEG;F4@#0DQ.2!7:&ES<&5R($QA
M;F4-"4UI;'1O;BP at 5E0@,#4T-C at -"55300T--"X)4BX at 1V%S:VEN<PT),3(W
M,B!'<F5A="!.96-K(%)D(",R,C`-"59I<F=I;FEA($)E86-H+"!602`@,C,T
M-30-"55300T--2X@"4I51`T)-#<@5V5S="!0;VQK(%-T<F5E=`T)4W5I=&4@
M(S$P,"TR,3(-"4-H:6-A9V\L($E,("`@-C`V,#4-"55300T-4W1E<"`R#0U.
M;W<@=7-I;F<@86YY('=O<F0@<')O8V5S<V]R('!R;V=R86TL(&]P96X@=&AI
M<R!D;V-U;65N="`H;W(@<F4M='EP92!I="!Y;W5R<V5L9BD@<F5M;W9E('1H
M92!T;W`@;F%M92!F<F]M('1H92!L:7-T+"!A;F0@<F4M;G5M8F5R+B`@5&AI
M<R!W87D@(S(@8F5C;VUE<R`C,2P@(S4 at 8F5C;VUE<R`C-"!A;F0@<V\@;VXN
M#0U0=70@>6]U<B!N86UE(&%N9"!A9&1R97-S(&EN(&%S('1H92!F:69T:"`H
M(S4I(&]N('1H92!L:7-T+ at T-4W1E<"`S#0U0;W-T('1H92!A<G1I8VQE('1O
M(&%T(&QE87-T(#(U,"!N97=S9W)O=7!S+B`@5&AE<F4 at 87)E(&%T(&QE87-T
M(#$Y,#`P(&YE=W-G<F]U<', at 870@86YY(&=I=F5N(&UO;65N="!I;B!T:6UE
M+B`@5')Y('!O<W1I;F<@=&\@87,@;6%N>2!N97=S9W)O=7!S(&%S('EO=2!C
M86XN("!296UE;6)E<B!T:&4@;6]R92!G<F]U<',@>6]U('!O<W0@=&\L('1H
M92!M;W)E('!E;W!L92!W:6QL('-E92!Y;W5R(&%R=&EC;&4 at 86YD('-E;F0@
M>6]U(&-A<V at A#0U3=&5P(#0-#7EO=2!A<F4@;F]W(&EN(&)U<VEN97-S(&9O
M<B!Y;W5R<V5L9BP at 86YD('-H;W5L9"!S=&%R="!S965I;F<@<F5T=7)N<R!W
M:71H:6X at -R!T;R`Q-"!D87ES(2`@4F5M96UB97(L('1H92!);G1E<FYE="!I
M<R!N97<@86YD(&AU9V4N("!)="!I<R!H87)D('1O(&EM86=I;F4@;F]T(&)E
M;F5F:71I;F<@9G)O;2!T:&ES(&9R:65N9&QY(&5X97)C:7-E(&EN('1H:7,@
M:6YC<F5D;&4@<F%P:61L>2!G<F]W:6YG(&UA<FME="X-#4YO=R!H97)E(&ES
M(&AO=R!A;F0@=VAY('1H:7,@<WES=&5M('=O<FMS. at T-3W5T(&]F(&5V97)Y
M(&)L;V-K(&]F(#(U,"!P;W-T<R!M861E+"!E>'!E8W0 at -2!R97-P;VYS97,N
M#5EE<R!T:&%T(')I9VAT+"!O;FQY(#4N("!9;W4@;6%K92`D-2XP,"!I;B!C
M87-H+"!N;W0 at 8VAE8VMS(&]R(&UO;F5Y(&]R9&5R<RP at 8G5T(')E86P at 8V%S
M:"!W:71H('EO=7(@;F%M92!A="`C-2X-#45A8V@@861D:71I;VYA;"!P97)S
M;VX@=VAO('-E;G0@>6]U("0Q+C`P(&YO=R!A;'-O(&UA:V5S(#(U,"!A9&1I
M=&EO;F%L('!O<W1I;F=S('=I=&@@>6]U<B!N86UE(&%T(",T+"`Q,#`P('!O
M<W1I;F=S+B`@3VX at 879E<F%G92!T:&5N+"`U,"!P96]P;&4@=VEL;"!S96YD
M('EO=2`D,2XP,"!W:71H('EO=7(@;F%M92!A="`C-&LL+BXN+B`D-3`N,#`@
M:6X@>6]U<B!P;V-K970A#0U.;W<@=&AE<V4 at -3`@;F5W('!E;W!L92!W:6QL
M(&UA:V4@,C4P('!O<W1I;F=S(&5A8V@@=VET:"!Y;W5R(&YA;64 at 870@(S,@
M;W(@,3`L,#`P('!O<W1I;F=S+B`@079E<F%G92!R971U<FXL(#4P,"!P96]P
M;&4@/2`D-3`P+C`P('1H97D@;6%K92`R-3`@<&]S=&EN9W, at 96%C:"!W:71H
M('EO=7(@;F%M92!A="`C,B`](#$P,"PP,#`@<&]S=&EN9W,@/2`U+#`P,"!R
M971U<FYS(&%T("0Q+C`P(&5A8V@@)#4L,#`P+C`P(&EN(&-A<V at A#0U&:6YA
M;&QY+"`U+#`P,"!P96]P;&4@;6%K92`R-3`@<&]S=&EN9W, at 96%C:"!W:71H
M('EO=7(@;F%M92!A="`C,2!A;F0@>6]U(&=E="!A(')E='5R;B!O9B`D-C`L
M,#`P(&)E9F]R92!Y;W5R(&YA;64 at 9')O<',@;V9F('1H92!L:7-T+B`@06YD
M('1H870G<R!O;FQY(&EF(&5V97)Y;VYE(&1O=VX@=&AE(&QI;F4@;6%K97,@
M;VYL>2`R-3`@<&]S=&EN9W, at 96%C:"$@(%EO=7(@=&]T86P@:6YC;VUE(&9O
M<B!T:&ES(&]N92!C>6-L92!I<R`D-34L,#`P+ at T-1G)O;2!T:6UE('1O('1I
M;64@=VAE;B!Y;W4@<V5E('EO=7(@;F%M92!I<R!N;R!L;VYG97(@;VX@=&AE
M(&QI<W0L('EO=2!T86ME('1H92!L871E<W0@<&]S=&EN9R!Y;W4 at 8V%N(&9I
M;F0 at 86YD('-T87)T(&%L;"!O=F5R(&%G86EN+ at T-5&AE(&5N9"!R97-U;'0@
M9&5P96YD<R!O;B!Y;W4N("!9;W4@;75S="!F;VQL;W<@=&AR;W5G:"!A;F0@
M<F4M<&]S="!T:&ES(&%R=&EC;&4 at 979E<GEW:&5R92!Y;W4 at 8V%N('1H:6YK
M(&]F+B`@5&AE(&UO<F4@<&]S=&EN9W,@>6]U(&UA:V4@=&AE(&UO<F4 at 8V%S
M:"!E;F1S('5P(&EN('EO=7(@;6%I;&)O>"X@($ET)W,@=&]O(&5A<WD at 86YD
M('1O;R!C:&5A<"!T;R!P87-S=7`A(2$A#0U3;R!T:&%T<R!I="X@(%!R971T
M>2!S:6UP;&4@<V]U;F1I;F<@<W1U9F8L(&AU:#\@($)U="!B96QI979E(&UE
M+"!I="!W;W)K<RX@('1H97)E(&%R92!M:6QL:6]N<R!O9B!P96]P;&4@<W5R
M9FEN9R!T:&4@;F5T(&5V97)Y(&1A>2P at 86QL(&1A>2P at 86QL(&]V97(@=&AE
M('=O<FQD+B`@06YD(#$P,"PP,#`@;F5W('!E;W!L92!G970@;VX@=&AE(&YE
M="!E=F5R>2!D87DN("!9;W4@:VYO=R!T:&%T+"!Y;W4G=F4@<V5E;B!T:&4@
M<W1O<FEE<R!I;B!T:&4@<&%P97(N("!3;RP@;7D at 9G)I96YD+"!R96%D(&%N
M9"!F;VQL;W<@=&AE('-I;7!L92!I;G-T<G5C=&EO;G, at 86YD('!L87D at 9F%I
M<BX@(%1H870G<R!T:&4@:V5Y+B`@06YD('1H870G<R!A;&P@=&AE<F4@:7,@
M=&\@:70N("!P<FEN="!T:&ES(&]U="!R:6=H="!N;W<@<V\@>6]U(&-A;B!R
M969E<B!B86-K('1O('1H:7, at 87)T:6-L92!E87-I;'DN("!4<GD@=&\@:V5E
M<"!A;B!E>64@;VX at 86QL('1H92!P;W-T:6YG<R!Y;W4@;6%D92!T;R!M86ME
M('-U<F4 at 979E<GEO;F4@:7,@<&QA>6EN9R!F86ER;'DN("!9;W4@:VYO=R!W
M:&5R92!Y;W5R(&YA;64@<VAO=6QD(&)E+ at T-268@>6]U)W)E(')E86QL>2!N
M;W0@<W5R92!O<B!S=&EL;"!T:&EN:R!T:&ES(&-A;B=T(&)E(&9O<B!R96%L
M+"!T:&5N(&1O;B=T(&1O(&ET+B`@0G5T('!L96%S92!P<FEN="!T:&ES(&%R
M=&EC;&4 at 86YD('!A<W,@:70 at 86QO;F<@=&\@<V]M96]N92!Y;W4@:VYO=R!W
M:&\@<F5A;&QY(&YE961S('1H92!B=6-K<RP at 86YD('-E92!W:&%T(&AA<'!E
M;G,N#0U214U%0D52+DA/3D535%D at 25, at 5$A%($)%4U0 at 4$],24-9+B`@64]5
M($1/3B=4($Y%140 at 5$\@0TA%050 at 5$A%($)!4TE#($E$14$@5$\@34%+12!4
M2$4 at 0E5#2U,A("!G3T]$($Q50TL at 5$\@04Q,+"!!3D0 at 4$Q%05-%(%!,05D@
M1D%)4B!!3D0 at 64]5(%=)3$P at 34%+12!33TU%(%)%04P at 24Y35$%.5"!&4D5%
M($-!4T at A#0TJ*BI">2!T:&4@=V%Y+"!I9B!Y;W4@=')Y('1O(&1E8V5I=F4@
M<&5O<&QE(&)Y('!O<W1I;F<@=&AE(&UE<W-A9V5S('=I=&@@>6]U<B!N86UE
M(&EN('1H92!L:7-T(&%N9"!N;W0@<V5N9&EN9R!T:&4 at 8G5C:W,@=&\@<&5O
M<&QE(&%L<F5A9'D@:6YC;'5D960L('EO=2!W:6QL(&YN;W0 at 9V5T(&UU8V at N
M("!!;F]T:&5R(&9E;&QO=R!D:60@=&AI<R!A;F0@;VYL>2!G;W0 at 86)O=70@
M)#$U,"XP,"`H86YD('1H870G<R!A9G1E<B!T=V\@;6]N=&AS*2X@(%1H96X@
M:&4@<V5N="!T:&4 at -2!B:6QL<RP@<&5O<&QE(&%D9&5D(&AI;2!T;R!T:&EE
M<B!L:7-T<RP at 86YD(&EN(#0M-2!W965K<R!H92!D860@;W9E<B`D,3`L,#`P
M(0T-5%)9($E4($%.1"!93U4G3$P at 0D4@2$%04%DQ,3$-#5=!4DY)3D<Z($E4
M($E3($E,3$5'04P at 5$\@55-%(%1(25, at 241%02!7251(3U54(%!!64E.1R!&
M3U(@250 at 1$\@64]5(%=!3E0 at 5$\@4U!%3D0 at -"TW(%E%05)3($E.($I!24P@
M1D]2($U!24P at 1E)!540A(2$_/S\_#0T-)"1005D at 5$A/4T4 at 0D]42$524T]-
M12!"24Q,4R0D#14`I-`OI>`]I@@'IP@'J*`%J:`%J@``________________
M____________________________________________________________
M___________________X?_____________\/________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_________________P`#``#O&```!AD```#^````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M```````````````````````````````````"=0$"``,``"8#```G`P``;0,`
M`&X#``"2!```DP0``&<%``!H!0``>P4``'P%```]"```/@@``$4(``!&"```
MP`D``,$)``#3"0``Y at D``.\)``#X"0``^0D```D*```9"@``*`H``#`*```Q
M"@``0`H``%$*``!C"@``:`H``&D*``!W"@``D`H``*L*``"P"@``L0H``+D*
M``#."@``W at H``/,*``#X"@``^0H````+```!"P``MPL``/X``<`A\`#^``'`
M(?``_@`!P"'P`/X``<`A\`#^``/`(?``_@`!P"'P`/X``L`A\`#^``'`(?``
M_@`!P"'P`/X``<`A\`#^``?`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`$
MP"'P`/X``<`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`!P"'P
M`/X``<`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`!P"'P`/X`
M`<`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`!P"'P`/X``<`A
M\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^
M``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`"P"'P``````````````$`
M`"VW"P``N`L``/0+``#U"P``_`L``/T+``#[#```_`P```,-```$#0``\PT`
M`/0-```?#@``(`X``%H.``#+#@``S`X``*0/``"E#P``G1```)X0``"@$0``
MH1$``"<2```H$@``!!,```43``!.%0``3Q4``!D6```:%@``T!8``-$6```S
M&```-!@``%(8``!3&```SA@``,\8``#0&```[Q@``/X``<`A\`#^``'`(?``
M_@`!P"'P`/X``<`A\`#^``'`(?``_@`#P"'P`/X``<`A\`#^``'`(?``_@`!
MP"'P`/X``\`A\`#^``'`(?``_@`!P"'P`/X``<`A\`#^``'`(?``_@`"P"'P
M`/X``<`A\`#^``/`(?``_@`!P"'P`/X``\`A\`#^``'`(?``_@`#P"'P`/X`
M`<`A\`#^``+`(?``_@`!P"'P`/X``\`A\`#^``'`(?``_@`&P"'P`/X``<`A
M\`#^``+`(?``_@`!P"'P`/X``\`A\`#^``'`(?``_@`$P"'P`/X``<`A\`#^
M``'`(?``_@`!P"'P`/X``L`A\`#^``'`(?``_@`!P"'P`/X`````````````
M````````````````````````````````````````````````````````````
M`````````````````````0``*`X`#P`(``$`2P`/```````:``!`\?\"`!H`
M!DYO<FUA;``"`````P!A"00`````````````````````````(@!!0/+_H0`B
M`!9$969A=6QT(%!A<F%G<F%P:"!&;VYT````````````````````[Q4```,`
M[Q@`````_____P,`!"#__P$``"#__P(`!B#__P,``````/D'```:$P``[Q4`
M````!P````$`M@````(````````#```&&0``#0```P``MPL``.\8```.``\`
M`````&T"``!T`@``O0(``,,"``#$`@``R@(``#4#```^`P``D`0``)8$``!^
M!0``A at 4``,0&``#(!@``R08``-(&``#4!@``X08``/P&````!P```0<```@'
M```*!P``%`<``#<'```^!P``;P<``'8'``#"!P``Q@<``!X)```H"0``1`D`
M`$X)``"$"0``C at D``-(*``#:"@``^0\``/\/```($```#1```#$0```T$```
M>A,``'X3``!O%```<Q0````5```%%0``YQ4``.X5``#Q%0``!P`<``<`'``'
M`!P`!P`<``<`'``'`!P`!P`<``<`'``'`!P`!P`<``<`'``'`!P`!P`<``<`
M'``'`!P`!P`<``<`'``'`!P`!P`<``<`'``'`!P`!P`<``<`'``'`!P`!P`<
M``<`!``'`$0`#DIA;65S($AA;6EL=&]N,D,Z7$UY($1O8W5M96YT<UPD)%!!
M62!42$]312!"3U1(15)33TU%($))3$Q3)"0N9&]C_T!(4"!,87-E<DIE="`U
M4`!,4%0Q.@!(4%!#3#5-4P!(4"!,87-E<DIE="`U4`!(4"!,87-E<DIE="`U
M4``````````````````````````$`024`$```V<`!@$``0#V!/H"```!``$`
M6`(!``$`6`($````````````````````````````````````````````````
M```````````````````````````````````````&`0```@``````````````
M`0!``$U3541.`TA0($QA<V5R2F5T(#50````````````````````````Y`$`
M```````[`0`````$`&0`"@```$A0($QA<V5R2F5T(#50````````````````
M``````````0!!)0`0``#9P`&`0`!`/8$^@(```$``0!8`@$``0!8`@0`````
M````````````````````````````````````````````````````````````
M``````````````````````8!```"```````````````!`$``35-51$X#2%`@
M3&%S97)*970 at -5````````````````````````#D`0```````#L!``````0`
M9``*`````X`!`.X5``#N%0``!P`!``$`[A4```````#.%0``,0`5%I`!``!4
M:6UE<R!.97<@4F]M86X`#!:0`0(`4WEM8F]L``LFD`$``$%R:6%L`"(`!`!Q
M"(@8``#0`@``:`$`````\DL+QO)+"\8``````0``````+`,``!82```#``D`
M```$`(,0)@```````````````P`!`````0`````````D`P````!1````(20D
M)$5!4DX at 34].15D at 1D%35"!!3D0 at 3$5'251)34%410````Y*86UE<R!(86UI
M;'1O;@Y*86UE<R!(86UI;'1O;@````````````#_______\/____________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________X?____________P$````"`````P````0````%````
M!@````<````(````"0````H````+````#`````T````.````#P```!`````1
M````$@```/[____]____%P```/[___\?````_O______________________
M___________________^________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M________________________________________________________4@!O
M`&\`=``@`$4`;@!T`'(`>0``````````````````````````````````````
M`````````````````````!8`!0'__________P$`````"0(``````,``````
M``!&````````````````X,&^#8C.NP$6````@`,```````!7`&\`<@!D`$0`
M;P!C`'4`;0!E`&X`=````&U0%'E'`$,Z7$UY($1O8W5M96YT<P``````````
M````````````&@`"`0(````#````_____P``````````````````````````
M```````````````````````````C)0````````$`0P!O`&T`<`!/`&(`:@``
M````````````````````````````````````````````````````````````
M```2``(!________________````````````````````````````````````
M`````````````````&H`````````!0!3`'4`;0!M`&$`<@!Y`$D`;@!F`&\`
M<@!M`&$`=`!I`&\`;@````(````"`````````````````````````"@``@'_
M____!````/____\`````````````````````````````````````````````
M```"````Y`$````````!````_O___P,````$````!0````8````'````"```
M``D```#^____"P````P````-````_O______________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_________________________________________P$`_O\#"@``_____P`)
M`@``````P````````$88````36EC<F]S;V9T(%=O<F0 at 1&]C=6UE;G0`"@``
M`$U35V]R9$1O8P`0````5V]R9"Y$;V-U;65N="XV`/0YLG$`````````````
M``#0SQ'@H;$:X0``````````````````_O\```0``@``````````````````
M`````0```."%G_+Y3V at 0JY$(`"LGL]DP````M`$``!(````!````F`````(`
M``"@`````P```,P````$````V`````4```#P````!@```/P````'````"`$`
M``@````8`0``"0```#`!```2````/`$```H```!D`0``"P```'`!```,````
M?`$```T```"(`0``#@```)0!```/````G`$``!````"D`0``$P```*P!```"
M````Y`0``!X````B````)"0D14%23B!-3TY%62!&05-4($%.1"!,14=)5$E-
M051%`$``'@````$`````````'@````\```!*86UE<R!(86UI;'1O;@#_'@``
M``$`````````'@````$`````````'@````<```!.;W)M86P``!X````/````
M2F%M97, at 2&%M:6QT;VX``!X````"````,0!L=!X````>````36EC<F]S;V9T
M(%=O!0!$`&\`8P!U`&T`90!N`'0`4P!U`&T`;0!A`'(`>0!)`&X`9@!O`'(`
M;0!A`'0`:0!O`&X``````````````#@``@#_______________\`````````
M```````````````````````````````````````*````_```````````````
M````````````````````````````````````````````````````````````
M`````````````````````````/_______________P``````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````________________````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M``````#_______________\`````````````````````````````````````
M``````````````````````````#^_P``!``"```````````````````````!
M`````M7-U9PN&Q"3EP@`*RSYKC````#,````"`````$```!(````#P```%``
M```$````:`````4```!P````!@```'@````+````@````!````"(````#```
M`)`````"````Y`0``!X````/````1FER<W0 at 175R;W!E86X```,`````,@``
M`P```"8````#````"0````L`````````"P`````````,$````@```!X````B
M````)"0D14%23B!-3TY%62!&05-4($%.1"!,14=)5$E-051%``,`````````
M``#_________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________X?_____________\/____________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________X?_____________\/________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______X?_____________\/____________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________________________________X?___
M__________\/________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________________________________X?_____________\/
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________X?_____________\/____________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________X?_____________\/________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______X?_____________\/____________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________________________________X?___
M__________\/________________________________________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________________________________X?_____________\/
M___________^`/__X'__@?_\'/___________!_\!_________P/__`_____
M_C__________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________X?_____________\/___________P
M``__AA_^&'_X#`__P`_``/`#^`_P`?@!_P`@!_##_\,/X`0`_!__________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________X?_____________\/___________`?@/_#P_\/#_P
M=`/_X'_X`?P/\`?@`/X#_\#X'^'A_X>'^!\#^`______________________
M____________________________________________________________
M____________________________________________________________
M____________________________________________________________
M_______X?_____________\/__________^!_P'^'P?X?!_@^`__\/_X`_P/
MX#/`/'X'_\#X'\/@_P^#^!\#^`__________________________________
M____________________________________________________________
M____________________________________________________________
M_______________________________________________________X?___
M__________\/__________X#_P'^'X?X?A_`_`__^/_X!_P/X'N`?SX'_\#X
M'\/P_P_#^!\#^`______________________________________________
M____________________________________________________________
M____________________________________________________________
M___________________________________________X?_____________\/
M__________X'_P'\'X/P?@_`_`___/_X!_P/X'^`_[X'_\#X'X/P?@_!^!\#
M_!__________________________________________________________
M_____W)D(&9O<B!7:6YD;W=S(#DU````0```````````````0```````````
M````0`````!T=/2'SKL!0`````!T=/2'SKL!`P````,````#````+`,```,`
M```6$@```P````````#0SQ'@H;$:X0`````````````````````^``,`_O\`
M``0``@```````````````````````0````+5S=6<+AL0DY<(`"LL^:XP````
MS`````@````!````2`````\```!0````!````&@````%````<`````8```!X
M````"P```(`````0````B`````P```"0`````@```.0$```>````#P```$9I
M<G-T($5U<F]P96%N```#`````#(```,````F`````P````D````+````````
M``L`````````#!````(````>````(@```"0D)$5!4DX at 34].15D at 1D%35"!!
M3D0 at 3$5'251)34%410`#````````````T,\1X/______________________
M____________________________________________________________
M____________________________________________________________
5____________________________
`
end





From ravage at EINSTEIN.ssz.com  Sat Nov  9 15:47:32 1996
From: ravage at EINSTEIN.ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 15:47:32 -0800 (PST)
Subject: Mailing list liability
Message-ID: <199611092351.RAA01501@einstein>



Note:

Parts of the following are taken verbatim from (1) with some rewording on my
part to make the material flow better.




Cubby v Compuserve (1991)

The court reasoned,

"in essence an electronic, for profit library that carried a vast number of
publications and collected usage and membership fees from its subscribers in
return for access to the publications."

The court further ruled that Compuserve had no more editorial control over
Rumorville than "does a public library, book store, or newsstand, and it
would be no more feasible for Compuserve to examine every publication it
carries for potentialy defamatory statements than it would be for any other
distributor to do so."

The court also found, "A computerized database is the functional equivalent
of a more traditional news vendor, and the inconsistent application of a
lower standard of liability to an electronic news distributor such as
Compuserve than  that which is applied to a public library, a book store, or
a newsstand would impose an undue burden on the free flow of information.
Given the relevant First Amendment  considerations, the appropriate standard
of liability is whether it knew or had reason to know of the allegedly
defamatory Rumorville statements."

The court held that Compuserve was not liable because Compuserve was a
"distributor" and not a "publisher." The court concluded that because
Compuserve did not actively monitor the postings of the forum, it was a
distributor.

In summary, the court compared Compuserve to a bookstore selling the book
rather than the publisher of the book.



Cianci v New Times Publishing Co. (1980)

"one who repeats or othewise republishes defamatory matter is subject to the
liability as if he had originaly published it."



Lerman v Chuckleberry Publishing, Inc. (1981)

The court held that with respect to news vendors, book stores, and libraries
are not liable if "vendors and distributors of defamatory publications are
not liable if they neither know nor have reason to know of the defamation."



Stratton Oakmont v Prodigy (1995)

The critical issue in Prodigy was whether Prodigy exercised sufficient
editorial control over its computer bulletin boards to render it a publisher
with the same responsibilities as a newspaper or magazine.

The court reasoned that there were two distinctions in this case sufficient
to qualify Prodigy as a publisher. First, it held itself out to the public
and its members as controlling the content of its computer bulletin boards.
Second, Prodigy implimented this control through its automated software and
established guidelines  that board leaders were required to enforce. Prodigy
was clearly making decisions as to content. Such decisions constitute
editorial control.


(1)  ;login:, Oct. 1996, V21N5 pp27.






From mjmiski at execpc.com  Sat Nov  9 16:48:47 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Sat, 9 Nov 1996 16:48:47 -0800 (PST)
Subject: RICO - (Was: Group order for Secret Power)
Message-ID: <199611100048.SAA02758@mail.execpc.com>


> At 03:13 AM 11/8/96 -0500, Black Unicorn wrote:
> >On Thu, 7 Nov 1996, jim bell wrote:
> 
> >> But the odd thing is, the one entity we can't seem to attack using RICO is 
> >> the Federal government, and probably most other governments levels.  Looked 
> >> at purely objectively, it should be easy to demonstrate that the Federal 
> >> government (and its representatives) have engaged in plenty of crime as a 
> >> pattern of activity, and certainly enough to rise to the level of the 
> >> standards of RICO. (It takes only a few instances of such crime satisfy the 
> >> standards of RICO.)
> >
> >Incorrect.  Employees of the Federal Government can be, and have been,
> >prosecuted under RICO.  Many political corruption cases involve some RICO
> >aspects.  This should make Mr. Bell a big fan of the statute, unless he
> >just likes the flash of murdering officials instead.
> 
> No, I meant the ENTIRE government  Not just individual government officials. 
>  Remember, RICO is _supposed_ to apply to any organization with a pattern of 
> criminal activity, and has been used (in fact, probably mostly used) against 
> organizations where many of the members are "merely" employees, quite 
> analogous to the Federal government.  If RICO applies to anything, it should 
> apply to the Feds, and that means conviction of the entire organization if 
> it or its employees have a pattern of illegal activity.   Since RICO only 
> requires a relatively tiny number of criminal acts to meet its standards, it 
> should not be difficult to show enough criminality.

Jim,

If it seems this easy to you, please draft the pleadings.  I would 
strongly suggest at least a basic civil procedure book.  Non-specific 
pleadings?  That couldn't be a problem.

And upon Peter's recommendation, thank you Jim for doing this brave 
service for the cpunks cause.  

"Canary in a coal mine, going on down, down..."

Matt


> 
> 
> Jim Bell
> jimbell at pacifier.com

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzDq+FoAAAEEANM9+JcJmUp4aCSGpdOG4Y1b6m4630XA8H41Utbvr7Tr6wEH
CD6tlxZ+k+Pycj4w/f8WQa8fC50skoLjUNeP4lYsR7NYaMGRp6WkqCLMI/3Nohvk
pfLDqnzZZdwVL2liB7mfTURoF6doQaVehHmMBjSaVTfD12tzNGm6VvyEc77JAAUR
tClNYXR0aGV3IEouIE1pc3pld3NraSA8bWptaXNraUBleGVjcGMuY29tPg==
=lkx1
-----END PGP PUBLIC KEY BLOCK-----





From liam at webspan.net  Sat Nov  9 16:52:54 1996
From: liam at webspan.net (William F. Towey)
Date: Sat, 9 Nov 1996 16:52:54 -0800 (PST)
Subject: allow me to state the obvious....
In-Reply-To: <v03007805aeaa8b2a08c2@[207.167.93.63]>
Message-ID: <32852789.EB0@webspan.net>


Timothy C. May wrote:
> 
> At 5:57 PM -0500 11/9/96, SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil wrote:
> >i am your average joe who uses the computer for work and e-mail and the
> >occasional jaunt into the internet. going along reading this whole
> >crypto-anarchy thing makes me want to cry. the whole point of cryptography
> ...
> 
> Well, then don't read what we have to say. Unsubscribe from the list or use
> filters. That you are happy just to use your computer for work and e-mail
> and occasional jaunts into the Internet and that discussions of other
> topics bother you should be a clear indication you're probably on the wrong
> list.
> 
> Having a "navy.mil" domain probably is another reason, unless you are only
> hear to monitor our discussions of using cryptography to undermine the
> state, to liberate military secrets with BlackNet and the Information
> Liberation Front, and to punish the millions of those in the
> military-industrial complex who have so richly earned their eventual
> punishments.
> 
> Smash the State.
> 
> --Tim May
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."


Please tell me how to unsubscribe from this list.  I have tried several
times to no avail.  Thanks, Bill





From dlv at bwalk.dm.com  Sat Nov  9 17:10:24 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 17:10:24 -0800 (PST)
Subject: [Announcement] Cypherpunks Shooting Club
In-Reply-To: <2.2.32.19961109154623.0069854c@smtp1.abraxis.com>
Message-ID: <koa6wD5w165w@bwalk.dm.com>


camcc at abraxis.com (Alec) writes:

> At 09:54 PM 11/8/96 -0800, you wrote:
> :By popular request, I am following up on the three year old idea of the
> :Cypherpunks Shooting Club.
> :
> :Bring your own firearm or use one of the ones provided.
>
> :-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
>
> How timely, especially after (or during) Flame Wars--96!
>
> How are targets to be determined, by lot?

I vote for the cypherpunk censors and their obsequitous lackeys.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dsmith at prairienet.org  Sat Nov  9 17:22:10 1996
From: dsmith at prairienet.org (David E. Smith)
Date: Sat, 9 Nov 1996 17:22:10 -0800 (PST)
Subject: No More
Message-ID: <199611100121.TAA12178@bluestem.prairienet.org>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Sat Nov 09 19:21:54 1996
> I want take off mail list

Oooh.  Gotta be a few good stego bits in that one.

- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith at prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key
"Better living through chemicals" - unattributed
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMoUuNTVTwUKWHSsJAQHdYgf+OKNAADSBz+qpjD+u+qqZWPUmAuyQhUGd
jsn/TQG/1gXctoAin5S3VYha1uzt2Pd5xNqUZfpjzP99qDalbtElaROfSo1MoWqj
lL1oencAMW9lIfNNQVzRj2B+eHfpBUo33/Fq25xRktPCAgwhrU6Q1Bc2q4p8nxbG
d65iexqo8CYwMzwnGarl+D7OKXaLZtsZt1JIHcc70KyTB5OaRaVK7pGcu6YTdAS4
0jLfxHJZuDt6p0AcWm+ie2yqRkwEKryB8AFQ6r9wFoCFp0VNuh6dxmY2qn15A9BD
D/BjreSvQcFCcctHOuTHZDTuMPAZZTWCaR/ImlLLy3iCMcICjCRMJQ==
=wrw5
-----END PGP SIGNATURE-----






From rah at shipwright.com  Sat Nov  9 17:46:41 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 9 Nov 1996 17:46:41 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <v0300780eaeaadd57e5d4@[206.119.69.46]>


At 12:45 pm -0500 11/9/96, Peter Hendrickson wrote:
>We are hardly operating in a hostile environment.  Yet, somebody
>who has apparently gone to some effort to have an anonymous
>identity has been exposed.  The implications of this are worth
>considering.

Nope. Sorry, Pete. Hope you didn't throw out your sholder, swinging for the
fences like that. ;-).


The name "S. L. vonBernhardt" is just another pseudonym of Unicorn's, and
as such, is just another level of redirection, in a rather, hrm,
redirected, life, I would wager.

For what it's worth, the DCSB speaker process is as follows: The speaker
pings me and offers to speak. I say, "Cool. Send me a paragraph about
yourself and another one about your talk, and I'll bounce it off the
program committee." (The program committee is the first 6 or 7 people who
said they wanted to speak when we started DCSB last year. It was my way of
making them sing for their supper. They sing pretty well, given the caliber
of speakers we've had. ;-).)

So, Uni sends me his two paras, which I forward to the program committee,
who do backflips, 'cause Uni's about an 11 on a 10-point "kewl" scale. And
that's it.

When blurb time comes for the talk, I copy and paste said two paras into a
piece of boilerplate, tweak here and there, spam the planet, and voila!, a
DCSB announcement blurb is history. Except of course when the speaker has
been, er, loquacious, and his two paras require editing down, which, in
Uni's case, he wasn't, so I didn't. Except his aside to me that "S. L.
vonBernhardt" is Yet Another Pseudonym.

In short, I sent out what Unicorn sent me. No skulduggerous efforts at
outing him were attempted.


You do have a nice swing, though. Next time, I'll put one over the plate
where you can hit it. :-).

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From tcmay at got.net  Sat Nov  9 17:58:35 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 9 Nov 1996 17:58:35 -0800 (PST)
Subject: Another possible remailer attack?
In-Reply-To: <Pine.BSF.3.91.961109134348.182B-100000@bitbucket.edmweb.com>
Message-ID: <v03007800aeaae66a770f@[207.167.93.63]>


At 2:34 PM -0800 11/9/96, Steve Reid wrote:
...
>You want to know if Dimitri is the person regularly posting these
>messages. So, you use your powers as ISP to block his access to all
>remailers. If the public messages suddenly stop then you can be reasonably
>certain that Dimitri was sending them.

I'm not following something...just how to your "powers as ISP" affect a
remailer in, say, Holland, or one for that matter on another ISP? (As a
matter of fact, I expect the "compliance rate" with your request would be
something less than 10%.)

>I expect this would work even against DC nets.

One presumption about nodes in DC-nets is that they are even more
crypto-savvy than routine mixes, so I doubt even more strongly than nodes
in a DC-Net would obey your recommendations to source-block any particular
user from entering the DC-net.

(And all your hypothetical "Dimitri" has to do is to use a remailer outside
the DC-net to anonymize his identity, or to use Unix/Sendmail hacks to
obscure the name, etc.)

On the larger issue of foiling remailer networks by analyzing message
sent--message received statistics, this is never going to go away
completely. Just as the Nazis could isolate spy transmitters by selectively
turning off electricity to different neigborhoods, so, too, can various
in-out correlations be analyzed to deduce _probable_ sources of some
messages. Given enough traffic. A SIGINT problem similar to submarine
warfare Bayesian statistics problems.

-Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From unicorn at schloss.li  Sat Nov  9 18:03:31 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 9 Nov 1996 18:03:31 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <Pine.SUN.3.94.961109210020.9873B-100000@polaris>


On Sat, 9 Nov 1996, Peter Hendrickson wrote:

> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...
> 
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> 
> It appears now that this protection has evaporated.  It will not
> be very hard in the future to put this information together with
> other statements people may make about Mr. Unicorn.
> 
> We are hardly operating in a hostile environment.  Yet, somebody
> who has apparently gone to some effort to have an anonymous
> identity has been exposed.  The implications of this are worth
> considering.

I'm sorry to disappoint you.
Mr. Hettinga and I decided to put a more reasonable pseudonym in the
blurb for those who might not be familiar with my list reputation.

> 
> Peter Hendrickson
> ph at netcom.com
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From Adamsc at io-online.com  Sat Nov  9 18:42:38 1996
From: Adamsc at io-online.com (Adamsc)
Date: Sat, 9 Nov 1996 18:42:38 -0800 (PST)
Subject: Information [for new PGP user]
Message-ID: <19961110024029578.AAA189@localhost>


On Thu, 07 Nov 1996 07:08:52 -0800, Dale Thorn wrote:

>> >> > I'm a new Cyberpunk!
>> Probably wearing a set of Ono-Sendai eyeballs....
>> >> > Last,  I would like to know once and for all,  is PGP compromised,  is
>> >> > there a back door, and have we been fooled by NSA to believe it's secure?

>> You can read and compile the source code yourself.

>Really?  All 60,000 or so lines, including all 'includes' or attachments?

>I'll bet you can't find 10 out of 1,000 users who have read the total source,
>let alone comprehended and validated it.


That's not necessary - it's the fact that it's possible that matters;  most
of us are content to trust the various people who actually have.  However,
I'd probably be inclined to look into it seriously if I was going to use it
on anything incriminating or potentially linked to my checkbook...


#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From dthorn at gte.net  Sat Nov  9 18:51:48 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 18:51:48 -0800 (PST)
Subject: Excusing Judges for Knowing Too Much
In-Reply-To: <v03007801aea9223364b4@[207.167.93.63]>
Message-ID: <3285206F.63CD@gte.net>


Timothy C. May wrote:
> At 8:20 AM -0500 11/8/96, Jim Ray wrote:
> >been decided and appealed, because of this very possibility. I am already
> >concerned that an ambitious U.S. Attorney, using Alta Vista, could attempt
> >to argue that "cypherpunk terrorists have been secretly trying to subtly
> >influence Kozinski's thinking, and that therefore he should be removed from
> >the case in favor of some judge who has no clue whatsoever about the 'Net,
> >encryption, anonymous remailers, etc." [I am sure the argument wouldn't be
> >put quite that way <g> but that's what the U.S. Attorney would mean.] There
> >is now a judge with some idea of these issues who will IMNSHO probably be
> >fair to "our" side. It is a rare opportunity, and I don't want to "blow it."

> If jurors can be dismissed for knowing "too much" about the O,J.
> case--knowing how to _read_ ensures this--then we are probably
> fast-approaching the point where judges are recused (or whatever the word
> is) from hearing cases where they've had any education whatsover on.

Maybe people should worry about how judges are *not* excused in certain cases.

The early word on the street was that the Japanese mob did Ron & Nicole, and *both*
judges look suspiciously like people who might want to *contain* certain information.







From dthorn at gte.net  Sat Nov  9 18:52:05 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 18:52:05 -0800 (PST)
Subject: Information [for new PGP user]
In-Reply-To: <199611092356.RAA22533@mailhub.amaranth.com>
Message-ID: <328523F4.3BC@gte.net>


whgiii at amaranth.com wrote:
> In <3284BF7A.36E0 at gte.net>, on 11/09/96
>    at 09:29 AM, Dale Thorn <dthorn at gte.net> said:
> >Yet another success (NOT!) story for PGP.  I wonder how many people on
> >this list would be willing to bet something *really* important to them on
> >the security of PGP?

> Dale you are truly a clueless shmuck.
> I would be truly intrested to see how many platforms and with how many
> different compilers the source code of YOUR program would work.

Tell ya' what, Mr. know-it-all.  From 1983 to 1988, I developed my own database program
and ported it to 7 different small-computer O/S's.  Much of the re-porting for updates
I handled with custom utilities I developed for the purpose.

I wouldn't claim to have expertise equal to some of those whizzes from IBM et al, but I
sure as hell know what it is to make code *very* portable.

Problem with PGP (apparently) is multiple sources (programmers) and just a helluva big
size for what it does (for most people).  Now, Win95, WinNT, etc. are also big for
what most people will use them for, but then again, those programs will *never* be
issued with source, and anyway, you don't have to bet the farm on their security.







From dthorn at gte.net  Sat Nov  9 18:52:07 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 9 Nov 1996 18:52:07 -0800 (PST)
Subject: His and Her Anarchies
In-Reply-To: <v03007801aeaa7e5d06d0@[207.167.93.63]>
Message-ID: <32854189.48DF@gte.net>


Timothy C. May wrote:
> At 6:59 PM -0500 11/8/96, jbugden at smtplink.alis.ca wrote:
> >I think it relates to crypto policy via policy in general, also to both the
> >libertarian and the inevitable cryptoanarchy argument we are currently tossing
> >about and brought to mind a comment a few months back from Tim about how the
> >occasional female members of this list tended to not make sense a lot of the time.

> Well, I think there clearly _is_ a gender gap on these sorts of issues.
> While we certainly have a handful of women subscribers, we have few active
> women posters, and none of the "ringleaders" are women.
> The woman I am currently seeing is a case in point. She occasionally wants
> to hear what interests me, in my "other life," and I have tried to explain
> the stuff we talk about here.

[snip]

> I suspect there may be a biological component to this. Many males enjoy
> adrenaline rushes, whether by bungee cord jumping, robbing houses, or
> plotting to smash the state. Many females have _other_ interests. Women I
> have known have generally not understood why I would be willing to be so
> upfront about my radical views and why I am apparently willing to "risk it
> all" for the adrenaline rush of being involved in this battle.

[mo' snip]

Adrenaline is too simple an explanation for computer gender gap.  Many, many women
like fast cars, motorcycles, etc. to ride in at least, if not to drive themselves.

Some women like being around men, for various reasons, security and so on, but they
don't want to be like men, so they don't try to act the same way.  While many, many
women have harrassed me on the road for my driving, they (unlike men, w/o exception)
have *never* tried to threaten me directly, as have hundreds of men.

As far as the risk goes, men are much more likely to get up and leave a place, and
possibly never come back, as are women.  Maybe this is the domestic instinct thing,
I don't know a whole lot about that.  I would suggest to any man that if he lived
in a society where a whole class of humans (i.e., female) were more aggressive and
confrontational, more domineering, etc. than he and nearly every other man he knew,
he would probably learn how best to get along with that other class of persons without
constantly butting heads with them.






From markm at voicenet.com  Sat Nov  9 18:59:17 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 9 Nov 1996 18:59:17 -0800 (PST)
Subject: Mailing list liability
In-Reply-To: <199611092351.RAA01501@einstein>
Message-ID: <Pine.LNX.3.95.961109214609.1822A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

Note that none of these say anything about any commercial service being held
liable for defamatory statements because the service cancelled a user's
account or prevented a user from posting in certain areas.  I really don't
see why you consider unsubscribing someone from a mailing list the equivalent
of monitoring posts and exercising editorial control.  Dr. Vulis can still
post to cypherpunks and can still read the list -- just not receive traffic
from toad.com.  Compuserve probably cancels accounts of people who violate the
service agreement.  Of course, you will just argue that there is some sort of
implied contract wrt cypherpunks.  This is ridiculous.  All the complex
aspects of implied contracts would require someone wanting to start a free
mailing list get a lawyer to make sure that anything contrary to an implied
contract is stated in the "welcome message."

As for cypherpunks being advertised as an open mailing list, John Gilmore is
not responsible for these "advertisements" and has never stated that he would
not unsubscribe anyone for any reason.  Nothing about everyone having some
inherent "right" to be subscribed has ever been stated by the list owner.

On Sat, 9 Nov 1996, Jim Choate wrote:

> Cubby v Compuserve (1991)
> 
> The court reasoned,
> 
> "in essence an electronic, for profit library that carried a vast number of
> publications and collected usage and membership fees from its subscribers in
> return for access to the publications."
> 
> The court further ruled that Compuserve had no more editorial control over
> Rumorville than "does a public library, book store, or newsstand, and it
> would be no more feasible for Compuserve to examine every publication it
> carries for potentialy defamatory statements than it would be for any other
> distributor to do so."
> 
> The court also found, "A computerized database is the functional equivalent
> of a more traditional news vendor, and the inconsistent application of a
> lower standard of liability to an electronic news distributor such as
> Compuserve than  that which is applied to a public library, a book store, or
> a newsstand would impose an undue burden on the free flow of information.
> Given the relevant First Amendment  considerations, the appropriate standard
> of liability is whether it knew or had reason to know of the allegedly
> defamatory Rumorville statements."
> 
> The court held that Compuserve was not liable because Compuserve was a
> "distributor" and not a "publisher." The court concluded that because
> Compuserve did not actively monitor the postings of the forum, it was a
> distributor.
> 
> In summary, the court compared Compuserve to a bookstore selling the book
> rather than the publisher of the book.
> 
> 
> 
> Cianci v New Times Publishing Co. (1980)
> 
> "one who repeats or othewise republishes defamatory matter is subject to the
> liability as if he had originaly published it."
> 
> 
> 
> Lerman v Chuckleberry Publishing, Inc. (1981)
> 
> The court held that with respect to news vendors, book stores, and libraries
> are not liable if "vendors and distributors of defamatory publications are
> not liable if they neither know nor have reason to know of the defamation."
> 
> 
> 
> Stratton Oakmont v Prodigy (1995)
> 
> The critical issue in Prodigy was whether Prodigy exercised sufficient
> editorial control over its computer bulletin boards to render it a publisher
> with the same responsibilities as a newspaper or magazine.
> 
> The court reasoned that there were two distinctions in this case sufficient
> to qualify Prodigy as a publisher. First, it held itself out to the public
> and its members as controlling the content of its computer bulletin boards.
> Second, Prodigy implimented this control through its automated software and
> established guidelines  that board leaders were required to enforce. Prodigy
> was clearly making decisions as to content. Such decisions constitute
> editorial control.
> 
> 
> (1)  ;login:, Oct. 1996, V21N5 pp27.
> 
> 
> 

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoVFQyzIPc7jvyFpAQFLIwgAiLVzGBZzBZdtIf2nMmoeFCU2c+8eVWnT
fjXdh+6ZtA578inVv1YuOnbGFFoAbfS4DLHyPsdtbdREbJydZt+sourjxTMCxLAX
kYvFNoDxyweVvoE+c8R0Hez+qwNrQ3O9SFJWK1DBAuwU7+UTdbxc+81DKAR3mVlv
cdDwjVijEAJUsGFzhjs7udrEAbTJ4RRoN5y/hC68tr27SzBKS5D5W7KACzuJgcx1
Qv2NIZgz9epYngz9/SLafBFBsbePJkWBuBHwtaPManN7blUnzkRWZ62X9y2EnSZb
CTL8swajmrhtmKfBNX7NvH66ETle/g8D8zUuyjb+xYW0uBzIq9OXeQ==
=2jGC
-----END PGP SIGNATURE-----






From Adamsc at io-online.com  Sat Nov  9 19:03:37 1996
From: Adamsc at io-online.com (Adamsc)
Date: Sat, 9 Nov 1996 19:03:37 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <19961110030022625.AAA192@localhost>


On Thu, 7 Nov 1996 16:43:23 -0800, Timothy C. May wrote:

>* "Legitimate needs." The whole notion Peter raises of banning cryptography
>is fraught with problems. Are businesses to be told that all communications
>are to be in the clear? Or is Peter's point that some form of GAK will be
>used?

I'd love to see the government try to tell big business that they can't
protect, say, electronic transactions.  That'd get a lot of rented senators
in action...

>(If the latter, then of course we are back to an even better form of
>"stego" than stego itself: superencrypt before using GAK. Unless the
>government samples packets randomly and does what they say they will do to
>open a GAKked packet--e.g., get a court order, go to the escrow key
>holders, etc.--then how will they know if a message is superencrypted? And
>what if a GAKked message contains conventional _codes_? Are shorthand codes
>such as business have long used--"The rain in Rome is warm this month"--to
>be illegal?)

Also:   "Am I being investigated for any crime?"
	"Then how do you know it's been superencrypted - I thought you could only
get access with a 	 	  warrant?"

#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From wombat at mcfeely.bsfs.org  Sat Nov  9 19:51:32 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Sat, 9 Nov 1996 19:51:32 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <Pine.3.89.9611091150.A9466-0100000@netcom9>
Message-ID: <Pine.BSF.3.91.961109213939.29308B-100000@mcfeely.bsfs.org>




On Sat, 9 Nov 1996, Lucky Green wrote:

> You are making several unspoken assumptions. One such assumption is that 
> S.L. vonBernhardt is Uni's real name.
> 

Yup. Could be an alias, could even be a client.

- Rabid Wombat
(not my real name)






From ichudov at algebra.com  Sat Nov  9 20:10:33 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 9 Nov 1996 20:10:33 -0800 (PST)
Subject: Another possible remailer attack?
In-Reply-To: <Pine.BSF.3.91.961109134348.182B-100000@bitbucket.edmweb.com>
Message-ID: <199611100309.VAA02940@manifold.algebra.com>


Steve Reid wrote:
> 
> >Date: Fri, 8 Nov 1996 12:58:42 -0800
> >From: nobody at cypherpunks.ca (John Anonymous MacDonald)
> >Subject: Vulis on the remailers
> > Please, remailers, source block Vulis for a week.
> > Remailer Fan
> 
> Suppose you operate an ISP and you suspect that one of your users (let's
> call him Dimitri) is using anonymous remailers to submit politically
> incorrect messages (under a pseudonym, or all with the same writing style)
> to Usenet, mailing lists, and a well-known phreak/hack publication. Also
> suppose that these public messages are appearing on a regular basis. 
> 
> You want to know if Dimitri is the person regularly posting these
> messages. So, you use your powers as ISP to block his access to all
> remailers. If the public messages suddenly stop then you can be reasonably
> certain that Dimitri was sending them. 
> 
> I expect this would work even against DC nets.
> 
> The only solution I can think of is to have an account with multiple ISPs
> and always send mail from more than one account. This probably wouldn't
> offer much protection against TLAs (NSA, CIA, FBI, MCI, AT&T ;) who may be
> able to block traffic no matter where it comes from. 
> 
> Comments?
> 

"Dimitri" can always telnet to smtp ports of various sites and use them
to forward his mail to remailers. If his ISP blocks him (via a router
filter, for example), then he would notice. A schizophrenic mind can
imagine a situation where USENET Cabal would try to fool him and try to
stand in the middle between him and all smtp servers, emulating their
responses, but that is not terribly feasible.

Also, some people regularly (via crontab) send anonymous email to
themselves, just in case. They would notice when they stop receiving
them.

	- Igor.





From SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil  Sat Nov  9 20:28:29 1996
From: SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil (SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil)
Date: Sat, 9 Nov 1996 20:28:29 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
Message-ID: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>


 ---------------------------------------------------------------------- 
 tim may wrote:
 >"...and that discussions of other topics bother you should be a clear 
 >indication you're probably on the wrong list."
     
        uh, that's _why_ i am on this list...
     
 >"Having a "navy.mil" domain probably is another reason, unless you 
 >are only hear to monitor our discussions of using cryptography to 
 >undermine the state, to liberate military secrets with BlackNet and 
 >the Information Liberation Front, and to punish the millions of 
 >those in the military-industrial complex who have so richly earned 
 >their eventual punishments.
        military secrets, eh?  tell me something mr may, what secrets 
 have you uncovered in your undaunting quest to expose those corrupt 
 little guys in uniform?  mr may - i serve in the US Navy so you don't 
 have to, and as much as i sometimes _don't_ like it, i will always, 
 _always_ love the navy for what she gave me.  one of the reasons you 
 sit at your terminal drinking your coffe and ranting on and on, is 
 because men and women like myself happen to think that what the 
 military does for the US is a good thing.  i skipped collage (don't 
 ask why) after graduating early from HS to enlist in the navy.  
 keeping you free to bitch is why i am here.  never forget that the 
 freedom you enjoy comes with a price, mr may.
        the schools that you send your kids to (forgive me if you're 
 celibate or childless) are run by the govt.  am i saying they do a good 
 job?  not necessarily, but what i _am_ saying is that your kids _still_ 
 go.  i am almost positive, despite attempts to the contrary, that you 
 make use of the US postal system.  the phone lines that you connect 
 that computer to were installed by - guess who? - there are a hundred 
 other things you and i and everyone use that wouldn't be there if it 
 weren't for the USG (or state/county/municipal govt's).  tell me mr 
 may, how much of this are you willing to give up in your quest for what 
 (i am supposing) you mean in your little blurb at the end of your mail 
 - "collapse of governments"?  the writer supposes that mr may would 
 still be against, determined to oppose, and dedicated to the 
 elimination of [pick something, pick anything] if govt's didn't exist.  
        what's the quote?  "i may not agree with what you say, but i 
 defend to the death your right to say it."  something like that.
     
 >Smash the State.  
 aye, aye captain!
 --------------------------------------------------------------------- 
 mark m wrote:
 >In order for anonymous remailers to be completely anonymous, only one 
 >remailer in the chain has to be trustworthy.  If a message is chained 
 >through N remailers and N-1 of those remailers are run by spooks, the 
 >anonymity of the message depends on the remaining remailer.
     
 well, actually, the first remailer has to be the trustworthy one.  you 
 send a msg to the first with your "real" address, and if the spook is 
 there, voila! so...  i understand your point, but still, it has to be 
 the first one.
 ---------------------------------------------------------------------- 
 dale thorn(?) wrote:
 >I'm amused to think that, in a nation armed with 20,000 or so nukes, 
 >the paranoid of paranoid nation-states as it were, some of the 
 >erstwhile intelligent citizens think that the U.S. military are just 
 >sitting around wringing their hands over the "fact" that the citizens 
 >have "unbreakable" crypto.
 >Bear in mind the Scientific American articles on Public Key crypto 
 >back in the 1970's.  The military knew the score back then, and if 
 >you think they just sat back and allowed all this to happen, well, 
 >sorry, I don't believe in Santa Claus or the Easter Bunny.
     
 one question (sarcastic and rhetorical): how long did it take for the 
 USG to actually acknowledge that the NSA.NRO.DIA.etc existed? hmmm.... 
 has a segment of the populace gone stark raving paraniod?
     
 >Second, any truly secret messaging taking place represents a serious 
 >threat to the military, and contrary to some naive popular opinion, 
 >those guys are not going to lay down for this...
     
 what does the military have to do wiht private citizens conversing in 
 secret?  are _you_ one of the naive that think men actually in 
 uniform controll the military?  hello - the SecDef is a civillian.  
 the president is a democrat.  the military does what the white house/ 
 congress tell it (the writer realizes this is a vastly over- 
 simplified response to a vastly broad statement).
     
 ---------------------- SUCRUM22 at cv62.navy.mil -----------------------
   a calculated risk based on the possible consequence of an action
  is better than a haphazard one based on poor judgment or ignorance
 --------------------------------------------------------------------- 
 Don't confuse my views with those of the DoD or the United States Navy





From dlv at bwalk.dm.com  Sat Nov  9 20:30:25 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 20:30:25 -0800 (PST)
Subject: His and Her Anarchies
In-Reply-To: <v03007801aeaa7e5d06d0@[207.167.93.63]>
Message-ID: <meL6wD10w165w@bwalk.dm.com>


"Timothy C. May" <tcmay at got.net> rants:

> (And saying I am "prepared," and pointing to the loaded .45 I keep in case
> the Midnight Raiders hit my house is even less reassuring to them! In at
> least one case I never saw the woman again. Rationally, I can't say I
> disagree with their reaction, from a payoff matrix standpoint. But
> something in we males craves this kind of confrontation. The leaders of the
> revolutions in the past were almost always me.  ...
                                             ^^

Now the cypherpunk crackpot is into reincarnation? He thinks he was
Pancho Villa in a former life? :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov  9 20:30:31 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 20:30:31 -0800 (PST)
Subject: Pseudo-law on the list and libel (fwd)
In-Reply-To: <199611091721.LAA00907@einstein>
Message-ID: <sXk6wD7w165w@bwalk.dm.com>


Jim Choate <ravage at ssz.com> writes:
> Vulis was unpopular he was not distruptive. At NO time did he interfere with
> the normal operation of the list software or prevent submissions or
> remailings.

That depends. To Timmy May, "normal operations" of this mailing list means
his being able to post lies, fabrications, and personal attacks, and his
victims not being able to respond and to call him a liar that he is. To refute
Timmy's lies and to expose him as a forger is therefore "disruptive".

I again refer you to the false complaint sent by the lying shyster from
Florida to postmaster at bwalk.dm.com. The self-described libertarian said
he already killfiled me but wanted me silenced anyway.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov  9 20:32:10 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Nov 1996 20:32:10 -0800 (PST)
Subject: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <199611092044.FAA19938@ns.barrier-free.co.jp>
Message-ID: <V5k6wD9w165w@bwalk.dm.com>


Hayashi_Tsuyoshi <take at barrier-free.co.jp> writes:

> On Sat, 09 Nov 1996 10:47:28 -0800, stewarts at ix.netcom.com said:
>  >At 01:29 AM 11/9/96 -0800, John Gilmore <gnu at toad.com> wrote:
>  >>ask questions, etc.  To join the list, send mail to:
>  >>	linux-ipsec-REQUEST at clinet.fi
>  >>The email should contain a single line that just says:
>  >>	subscribe
>  >
>  >Actually, it needs to say
>  >        subscribe linux-ipsec
>
> Probably, it needs to send mail to:
> 	Majordomo at clinet.fi
>
> ///hayashi

Moral: John Gilmore can't be trusted.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From unicorn at schloss.li  Sat Nov  9 20:38:06 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 9 Nov 1996 20:38:06 -0800 (PST)
Subject: Timmy
In-Reply-To: <199611092250.PAA23102@teal.csn.net>
Message-ID: <Pine.SUN.3.94.961109233519.9873R-100000@polaris>


On Sat, 9 Nov 1996, L.Detweiler wrote:

> just heard an interesting rumor that Timmy has been blacklisted
> from working anywhere here in Colorado as a dangerous anarchist
> and/or lunatic revolutionary.

Uh, you're walking the line again here Mr. Detweiler.  I hope this is
based in fact.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From nobody at cypherpunks.ca  Sat Nov  9 21:05:01 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 9 Nov 1996 21:05:01 -0800 (PST)
Subject: Apartment complex burnt down...
Message-ID: <199611100453.UAA21059@abraham.cs.berkeley.edu>


Suppose Bob lives in an apartment complex. By accident the whole building
burns down. 

Bob manages to escape, but all his papers, including passport, IDs,
credit cards, acount numbers, etc etc gets destroyed.

What can Bob do? Would the government help him?

It seems like he'd be in a really unfavorable position...





From ravage at EINSTEIN.ssz.com  Sat Nov  9 21:09:08 1996
From: ravage at EINSTEIN.ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 21:09:08 -0800 (PST)
Subject: Mailing list liability (fwd)
Message-ID: <199611100513.XAA01797@einstein>



Forwarded message:

> From markm at gak Sat Nov  9 21:03:24 1996
> 
> Note that none of these say anything about any commercial service being held
> liable for defamatory statements because the service cancelled a user's
> account or prevented a user from posting in certain areas.  I really don't
> see why you consider unsubscribing someone from a mailing list the equivalent
> of monitoring posts and exercising editorial control.

It is exactly editorial control because it prevents, a priori, submissions by
Vulis under that account. He is FORCED to resort to other means. That is
what the courts will see, it is what the jury will see, and it is what will
eventualy sink the list, and place its operator under financial burden for
years.

I joined this list under my own volition, I agreed to no review by the list
operator at any time. I did not agree to not hurt his feelings with my
comments or views. I did not agree to agree with the operator of the list.
I did not agree to make him feel warm and fuzzy inside. I agreed to NOTHING
other than my permission for him to put your submissions in my email box. The
only way I can be removed from this list and not open the operator up to
legal consequences is by my own volition or the total cessation of this list.
This applies to every member subscribed so long as their is no proviso posted
at subscription time.

They were held liable for the comments of their users BECAUSE they
demonstrated editorial control. In removing Vulis from the list he has
demonstrated editorial control. Prior to this act he was immune from
rantings and ravings of the various idiots on this list. Now he is not.
The fact that it was a commercial service was irrelevant and not an issue in
the court cases. What was involved was the responsibility of the service
operators, the agreement between service and users, and who had editorial
control (users v service). And finaly, if your contention is that if you set
up a press and start cranking out flyers (digital or otherwise), which defame
or otherwise liable, you are immune from prosecution unless you are a
business then you are in for a very rude surprise.

Sooner or later somebody is going to submit a posting which will go through.
That posting will be pointed at a particular personality. That personality
will take exception and sue the list operator, and because of this action
will have a very high chance of winning. Not only does the list operator
loose but we all loose because it is going to set a precedence that will
take many years more to recover from.

I seldom get personal but there are a few of you folks that have your heads up
your collective crypto-anarchy asses. Here is a simple process whereby you
can protect yourself from legal reprisals and you don't take it. God help
you because the courts shure as hell won't.

In case you people don't get it, the whole point is to REDUCE the influence
and control of the government (local, state, and federal). NOT to give even
more fodder to shoot. For a list operator a primary if not the primary
goal is to avoid any legal involvement at all costs. Throwing people off
lists with no subscription limitations is not the way to do that. To be a
succesful list operator your scruples and the way you treat your subscribers
MUST be beyond any reproach. The bottem line is that the act was not
professional and impacts the image of mailing lists, Cypherpunks, its operator,
and its members in a negative light. I have operated BBS'es and mailing
lists since '76 and find such actions on the part of a fellow service
operator to be insulting to the profession that I have enjoyed for 20 years.

Those of you who contend that because there is no explicit contract between
operator and subscriber this is sufficient to allow the operator to enact
any policies they wish with no warning or other consideration are in for a
nasty surprise. You will find that this will in fact prevent a list operator
from doing anything other than upgrading software, buying more disk space, and
paying the bills because that is the ONLY way they will be able to retain
commen carrier style protections. Without that protection a list operator is
faced with reviewing every submission to a list prior to redistribution or
face the legal and financial consequences. I do not wish to see the Cypherpunks
mailing list to become that litmus test.

Consider this, the Cypherpunks mailing list is a very public list in many
ways it is the vanguard of what tomorrows net will be like. Is this the sort
of environment that can survive? With this as the current list policy I
think we are all taking part in a dinosaur.

                                                    Jim Choate






From ravage at EINSTEIN.ssz.com  Sat Nov  9 21:36:30 1996
From: ravage at EINSTEIN.ssz.com (Jim Choate)
Date: Sat, 9 Nov 1996 21:36:30 -0800 (PST)
Subject: Apartment complex burnt down... (fwd)
Message-ID: <199611100540.XAA01829@einstein>



Forwarded message:

> Date: Sat, 9 Nov 1996 20:53:02 -0800
> From: nobody at cypherpunks.ca (John Anonymous MacDonald)
> 
> Suppose Bob lives in an apartment complex. By accident the whole building
> burns down. 
> 
> Bob manages to escape, but all his papers, including passport, IDs,
> credit cards, acount numbers, etc etc gets destroyed.
> 
> What can Bob do? Would the government help him?
> 
> It seems like he'd be in a really unfavorable position...

I was there 2 years ago. The Red Cross is about the only group you can count
on other than family, friends and a church (if you happen to belong to one).

Getting another drivers license was a easy operation. Head down to the local
DPS office and request a replacement card for a lost license. The titles and
such for property and auto were tedious but not impossible. I didn't need to
show anything other than my drivers license and pay the requisite fees to
obtain new copies of the deeds. In general the governmental types of
documents and such were easy to replace. I personaly had all the necessary
copies of the documents I needed within a month or so. The personal items
were impossible to replace and caused the most emotional turmoil.

In many parts of the country the Red Cross is delepeted both in operating
funds and volunteers. If you can, please consider giving them your support.
I personaly didn't use them but both my roomies did.


                                                     Jim Choate






From drose at AZStarNet.com  Sat Nov  9 21:57:09 1996
From: drose at AZStarNet.com (drose at AZStarNet.com)
Date: Sat, 9 Nov 1996 21:57:09 -0800 (PST)
Subject: His and Her Anarchies
Message-ID: <199611100556.WAA16087@web.azstarnet.com>


Dale Thorn <dthorn at gte.net> wrote:

[...]

>While many, many
>women have harrassed me on the road for my driving, they (unlike men, w/o
exception)
>have *never* tried to threaten me directly, as have hundreds of men.

Might all these hundreds of threatening men and many, many harassing women
be trying to tell you something?

[...]

>I would suggest to any man that if he lived
>in a society where a whole class of humans (i.e., female) were more
aggressive and
>confrontational, more domineering, etc. than he and nearly every other man
he knew,
>he would probably learn how best to get along with that other class of
persons without
>constantly butting heads with them.

Dale Thorn, meet Oprah, RuPaul, Hillary Rotten, Roseanne, Andrea Dworkin,
Winnie Mandella, etc.

Now back to S. Logan, Vulis, AP, whatever.






From tcmay at got.net  Sat Nov  9 22:08:15 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 9 Nov 1996 22:08:15 -0800 (PST)
Subject: Apartment complex burnt down...
In-Reply-To: <199611100453.UAA21059@abraham.cs.berkeley.edu>
Message-ID: <v03007802aeab21dc6f2b@[207.167.93.63]>


At 8:53 PM -0800 11/9/96, John Anonymous MacDonald wrote:
>Suppose Bob lives in an apartment complex. By accident the whole building
>burns down.
>
>Bob manages to escape, but all his papers, including passport, IDs,
>credit cards, acount numbers, etc etc gets destroyed.
>
>What can Bob do? Would the government help him?
>
>It seems like he'd be in a really unfavorable position...

Is this a troll?

People lose important papers all the time, such as by losing their wallets
or having their purses stolen, their homes burglarized, etc.

States will issue replacement driver's licenses easily. (Before Mr.
Anonymous asks, "But how will they know you are you?," remember that they
have one's photo, one's signature, and (increasingly) a fingerprint.

Ditto for passports, which are also routinely replaced.

And does the phrase "Call this number if your card is lost or stolen"
suggest something about replacement of credit cards?

I guess this was just a troll, or the post of a high school student
answering his Internet homework question.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Sat Nov  9 22:29:28 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 9 Nov 1996 22:29:28 -0800 (PST)
Subject: Legal Saber Rattling and Huffing and Puffing about Lawsuits
In-Reply-To: <199611092250.PAA23102@teal.csn.net>
Message-ID: <v03007803aeab2317b940@[207.167.93.63]>


At 11:36 PM -0500 11/9/96, Black Unicorn wrote:
>On Sat, 9 Nov 1996, L.Detweiler wrote:
>
>> just heard an interesting rumor that Timmy has been blacklisted
>> from working anywhere here in Colorado as a dangerous anarchist
>> and/or lunatic revolutionary.
>
>Uh, you're walking the line again here Mr. Detweiler.  I hope this is
>based in fact.

As I would under almost no circumstances sue for such typical
net.defamations, how is Detweiler walking the line? Black Unicorn would
have a very hard time suing on my behalf when I had no interest in suing.

(I may be wrong, but I don't think even with our currently warped judicial
system can Black Unicorn file charges/bring suit against Detweiler for
alleged defamations of Tim May.)

If you mean that Detweiler is violating his "consent agreement," alluded to
over the past couple of years, the one that caused him to simply switch to
the nom de net of "V.Z. Nuri" (the visionary, I presume), I rather doubt
even this is so. Unless your consent agreement had it that Detweiler would
never post again under his own name....in any case, not my concern.

Again, I think this huffing and puffing about planned lawsuits, about "I
have friends in the Office of Legitimate Speech and I'm quite sure they'll
be happy to see your illegal speech here," etc., is inconsistent with goals
I think many of us hold in high regard.

If someone wants to sue, then go ahead. But the huffing and puffing is
getting tiresome. Let's see some real action. In cruder terms, put up or
shut up.

No offense meant to Black Unicorn...it's just that he has on multiple
occasions talked about lawsuits, about friends of his or classmates of his
who are in various governmental roles, and about how interested they might
be blah blah blah. I don't like this kind of bluster. For example, take the
recent example of  using the "Get back on your medications" quip. Black
Unicorn has said in recent days that such a quip might be actionable (I
think this was directed at Vulis, but I could be misremembering things). I
strongly doubt such a common net.quip is actionable in any way. But, in any
case, what about all the quips that Detweiler was off his lithium, off his
thorazine, off his meds? Neither Black Unicorn nor his nominal allies were
raising this point back then. Let's see some consistency. And let's reduce
the amount of "legal saber rattling." OK?

(Yes, I read Black Unicorn's piece here about why he tends to think in
terms of using the American legal system the way he does. I think most
libertarian-minded folks accept the maxim that "sticks and stones may break
my bones, but names will never hurt me"...it sounds like something one
would hear in pre-school, but it remains as true today as back then. More
people ought to remember it. And Black Unicorn's invocation of "false
advertising" in connection with the rants of various snake oilers is
equally misplaced. There will be snake oil, just as there is bad speech. If
Black Unicorn threatens to sic the FTC on Snaketronics...not a good way to
debunk crummy products. The proper remedy for bad speech is more speech.
And, as I noted, part of my ire is not the use of the  legal system, but
the huffing and puffing and idle threats to do so.)

Sorry if the tone sounds angry. I am not angry, just in "forceful
disagreement."

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Sat Nov  9 22:34:40 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 9 Nov 1996 22:34:40 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <199611092020.VAA01385@basement.replay.com>
Message-ID: <v03007804aeab2803e12e@[207.167.93.63]>


At 9:20 PM +0100 11/9/96, Anonymous wrote:
>Peter Hendrickson <ph at netcom.com> wrote:
>
>> What are the benefits of being a cryptoanarchist?  Maybe you get
>> to double your income.  Most people won't see this as worth the
>> trouble.
>
>If you don't have enough to eat, doubling your income is worth the
>trouble.
>
>Crypto-anarchy benefits the poor more than the rich.  The underlings
>of society are going to love it.

In fact, they basically already practice it. Not with computers, of course,
but in terms of not reporting cash income, not reporting tips, engaging in
barter work with others, and gambling in various non-sanctioned markets.

(Numbers games and sports betting are huge markets. Interestingly, such
markets also validate much of what we say about "reputations." After all,
when was the last time you heard about a bookie being sued in court for not
paying up? And private justice is administered, as welshers are disposed of
directly, without a  long, expensive trial. Nearly everything in "crypto
anarchy" has direct parallels in "underworld and black markets." Some say
they are really the same thing. Perhaps.)

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From drose at AZStarNet.com  Sat Nov  9 22:35:22 1996
From: drose at AZStarNet.com (drose at AZStarNet.com)
Date: Sat, 9 Nov 1996 22:35:22 -0800 (PST)
Subject: Apartment complex burnt down...
Message-ID: <199611100635.XAA29357@web.azstarnet.com>



On Sat, 9 Nov 1996, John Anonymous MacDonald wrote:

>Suppose Bob lives in an apartment complex. By accident the whole building
>burns down. 
>
>Bob manages to escape, but all his papers, including passport, IDs,
>credit cards, acount numbers, etc etc gets destroyed.
>
>What can Bob do? Would the government help him?

Why?

>It seems like he'd be in a really unfavorable position...

Umm-hmmm.

Calling Sunkyong Moon-Yip (sp?):  List please off him getts.






From apache at quux.apana.org.au  Sat Nov  9 23:27:10 1996
From: apache at quux.apana.org.au (apache)
Date: Sat, 9 Nov 1996 23:27:10 -0800 (PST)
Subject: No More
In-Reply-To: <2.2.32.19961108235312.00681fcc@cnct.com>
Message-ID: <Pine.LNX.3.91.961110180223.12690B-100000@quux.apana.org.au>


On Fri, 8 Nov 1996, YoungSik Jeong wrote:

> I want take off mail list

Proceed to launch pad three







From tfs at adsl-122.cais.com  Sat Nov  9 23:46:52 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Sat, 9 Nov 1996 23:46:52 -0800 (PST)
Subject: Mailing list liability (fwd)
In-Reply-To: <199611100513.XAA01797@einstein>
Message-ID: <9611100746.AA15293@adsl-122.cais.com>



Jim,

After having read the post where you go the dinosaur route, and
read it carefuly I might add, I have to tell you that I disagree
with you on some pretty basic levels.

The first being that lists are not so much editorialized publications,
as they are vehicles for community. That irrguardless of wether they
are moderated or unmoderated. I belive that argument would be
both easy to argue, and easy to understand in a court. And I think
it'd win.

As for the list dying off, it's in far greater danger of dying off
from off-topic noise and the sort of childish potty insults Vuilis
was spamming the list with. If you don't goto a "big issue" mentality,
and just look at it from the point of veiw of basic subscription,
and basic interest, this is blindingly obvious.

In any case, I don't know which is worse, Vulis's spam, or the spam
about Vulis and his removal. There's not a whole lot of difference,
neither are relivant to crypto, and they're about equaly as annoying.


Tim Scanlon








From inglem at adnetsol.com  Sat Nov  9 23:47:47 1996
From: inglem at adnetsol.com (Mike Ingle)
Date: Sat, 9 Nov 1996 23:47:47 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
Message-ID: <199611100747.XAA00328@cryptical.adnetsol.com>


Cryptoanarchy will have arrived when you can openly _advertise_ these
services and still stay in business indefinitely. Most of the things we
talk about - even Jim Bell's assassination market - already exist, but
they cannot be advertised. You have to go looking for them, at some
risk to both buyer and seller. If the seller is visible enough for you
to find him, he is visible enough to get caught.

For example, there is plenty of 'pirate' material on the net, but it
tends to go away as soon as the addresses become well-known.
Cryptoanarchy will be here when you can advertise yourself as a
distributor of pirate software (or anything else you want to sell), do
business with a publicly known contact address, and still not get
caught. 'Black markets' exist due to the inability to do this.

Currently the techniques of anonymity are limited to two: indirection
for source anonymity and broadcast for recipient anonymity. We are more
or less where crypto was before the invention of public key. You can
gain security by spreading risk among multiple parties (key
distributors for crypto, or remailers for anonymity) but you can't 
'make your own anonymity' like you can make your own security with 
public key crypto.

A theoretical discovery is needed particularly in the area of recipient
anonymity. Good sender anonymity and weak recipient anonymity leads to
'hit and run' behavior such as spamming email and newsgroups, but not
to anonymous markets.

						Mike

> >Crypto-anarchy benefits the poor more than the rich.  The underlings
> >of society are going to love it.
> 
> In fact, they basically already practice it. Not with computers, of course,
> but in terms of not reporting cash income, not reporting tips, engaging in
> barter work with others, and gambling in various non-sanctioned markets.
> 
> (Numbers games and sports betting are huge markets. Interestingly, such
> markets also validate much of what we say about "reputations." After all,
> when was the last time you heard about a bookie being sued in court for not
> paying up? And private justice is administered, as welshers are disposed of
> directly, without a  long, expensive trial. Nearly everything in "crypto
> anarchy" has direct parallels in "underworld and black markets." Some say
> they are really the same thing. Perhaps.)
> 
> --Tim May





From bgrosman at healey.com.au  Sat Nov  9 23:58:26 1996
From: bgrosman at healey.com.au (Benjamin Grosman)
Date: Sat, 9 Nov 1996 23:58:26 -0800 (PST)
Subject: Pyramid Schemes
Message-ID: <2.2.32.19961111045417.00967cb0@healey.com.au>


Dear Sir,

Aren't these Pyramid Schemes Illegal?

Yours Sincerely,

Benjamin Grosman






From aba at dcs.ex.ac.uk  Sun Nov 10 01:13:19 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Sun, 10 Nov 1996 01:13:19 -0800 (PST)
Subject: nym blown? (Re: DCSB: Money Laundering -- The Headless Horseman of the Infocalypse)
In-Reply-To: <v03007822aeaa5af8a26e@[206.119.69.46]>
Message-ID: <199611092052.UAA00391@server.test.net>



Rah writes:
>                  The Digital Commerce Society of Boston
> 
>                               Presents
>                            "Black Unicorn"
> 
>                          "Money Laundering --
>                The Headless Horseman of the Infocalypse"
> 
> S. L. vonBernhardt, <mailto:unicorn at schloss.li>, is an attorney, a member
> of the board of directors of two European financial institutions, author
> of "Practical and Legal Problems Confronting the Asset Concealer in
> Relation to Offshore Financial and Corporate Entities" and a former
> member of the intelligence community.

S L von Bernhardt == Black Unicorn, or do you "have that covered" too uni?

(I noticed you said you "had it covered" when you reported to the list
on a meeting you attended which had a published list of attenders, and
someone pointed this out).

> He is currently working to develop and preserve institutions
> dedicated to traditional standards of financial privacy.

A worthwhile occupation, to be sure.

> [...]
> 
> No cameras, please.

So is von Bernhardt another nym?  If not cameras are a small
consideration, surely?

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From gt at kdn0.attnet.or.jp  Sun Nov 10 01:15:59 1996
From: gt at kdn0.attnet.or.jp (Gemini Thunder)
Date: Sun, 10 Nov 1996 01:15:59 -0800 (PST)
Subject: RSA and me...
Message-ID: <32889cc0.76991108@kdn0.attnet.or.jp>


'Lo.
Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
What if I got it as a tatoo?  
_______________
- 2[b]||!2[b], what's the question? It's a tautology!
- PGP key now available on finer keyservers everywhere.





From wendigo at pobox.com  Sun Nov 10 01:22:21 1996
From: wendigo at pobox.com (Mark Rogaski)
Date: Sun, 10 Nov 1996 01:22:21 -0800 (PST)
Subject: Pyramid Schemes
In-Reply-To: <2.2.32.19961111045417.00967cb0@healey.com.au>
Message-ID: <199611100923.EAA24190@gate.cybernex.net>


An entity claiming to be Benjamin Grosman wrote:
: 
: Dear Sir,
: 
: Aren't these Pyramid Schemes Illegal?
: 
: Yours Sincerely,
: 
: Benjamin Grosman
: 

Yep, 18 U.S.C. sec. 1343 if I remember correctly ... one of the only
laws I truly appreciate.  I've already sent a message to 
postmaster at mindspring.com pointing out the fact that a felony has
been committed.

-- 
[]  Mark Rogaski                    
[]  wendigo at pobox.com               
[]  http://www.pobox.com/~wendigo/  
[]  >> finger for PGP pubkey <<     





From security at kinch.ark.com  Sun Nov 10 04:03:22 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Sun, 10 Nov 1996 04:03:22 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>
Message-ID: <Pine.LNX.3.94.961110024934.5826B-100000@kinch.ark.com>


On Sun, 10 Nov 1996 SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil wrote:
[...]
>  little guys in uniform?  mr may - i serve in the US Navy so you don't 
>  have to, 

As said in "Hair" (the movie), "Don't do it for me man, 'cause if the shoe
was on the other foot, I wouldn't do it for you!" 

It's a lie anyway, you do it for yourself.








From SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil  Sun Nov 10 04:50:05 1996
From: SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil (SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil)
Date: Sun, 10 Nov 1996 04:50:05 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
Message-ID: <9610108476.AA847691156@smtp-gw.cv62.navy.mil>


----------------------------------------------------------------------
dave kinchlea wrote:
>As said in "Hair" (the movie), "Don't do it for me man, 'cause 
>if the shoe was on the other foot, I wouldn't do it for you!" 

>It's a lie anyway, you do it for yourself.

That's an _easy_ judgment to make (and i definitely have to stop 
adding anecdotes from my life in these things!), but you missed the 
point - the freedoms the Cpunks diligently try to preserve (or seem to 
want to create...) are protected _by_ the military.  who was it that 
said:       "law, without force, is impotent"  -?  

keep in mind that even "bad" laws have to be enforced.  you can scream 
all you want about "good, strong" cryptostuffs, but if the phone lines 
are slashed, the satellite links are down, the elcerticity is off and 
you've got a foreign soldier waving a .45 around -  just how are you 
going to boot up that pretty little computer and make it encode 
information for you, much less get it anywhere?  anarchy implies 
ruthlessness - you going to practice cryptostuffs from a prison cell?

was i assuming that you've read the book and/or seen the broadway 
play, "Hair"?  OHHHHH - i'm sorry - you saw the _movie!_ shame on me.

---------------------- SUCRUM22 at cv62.navy.mil -----------------------
a calculated risk based on the possible consequence of an action
is better than a haphazard one based on poor judgment or ignorance
--------------------------------------------------------------------- 
Don't confuse my views with those of the DoD or the United States Navy





From matrix at citenet.net  Sun Nov 10 05:35:51 1996
From: matrix at citenet.net (MatriX Spider)
Date: Sun, 10 Nov 1996 05:35:51 -0800 (PST)
Subject: Small question about the list
Message-ID: <1.5.4.32.19961110134153.00695580@citenet.net>


Hi,
        I've been around the Cypherpunk list for a couple of month now and
it don't correspond exactly to what I've expect.  

I would be realy happy if someone could tell me the adress to remove my name
from the distribution list.

Could anyone send me the procedure on how to remove my name of the list ?

Thanks for your time and for your help,
MatriX.






From dlv at bwalk.dm.com  Sun Nov 10 06:35:03 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 06:35:03 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <199611092116.QAA05345@wauug.erols.com>
Message-ID: <TBg7wD11w165w@bwalk.dm.com>


"David Lesher / hated by RBOC's in 5 states" <wb8foz at wauug.erols.com> writes:
> Peter Hendrickson sez:
> >
> > At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > > S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...
> >
> > Black Unicorn recently stated that had taken measures to shield
> > his identity so that people would be unable to cause harm to
> > his professional activities by making unsubstantiated claims
> > that could scare off prospective clients.
> >
> > It appears now that this protection has evaporated.
>
> How do you know he does not have a THIRD name........?

I did some (very perfunctory searching in some engines and it seems that
_von_ Bernhardt is an extremely unlikely name. I did find a guy named
Rudolf Bernhardt who writes in international law, and a lawyer named
Stephen Bernhardt in Hamburg (?I forgot I already :-). It sounds like
another pseudonym.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sun Nov 10 06:36:44 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 06:36:44 -0800 (PST)
Subject: Timmy
In-Reply-To: <199611092250.PAA23102@teal.csn.net>
Message-ID: <mJg7wD12w165w@bwalk.dm.com>


"L.Detweiler" <ldetweil at csn.net> writes:
> just heard an interesting rumor that Timmy has been blacklisted
> from working anywhere here in Colorado as a dangerous anarchist
> and/or lunatic revolutionary.

It's probably true not only in Colorado.

> besides, everyone here in CO would prefer all the
> anarchists stay in CA anyway so they can all be taken care of
> in one fell swoop with the next "big one".. did I feel
> a little "trembling" over there or is it just the standard cpunk
> cowardice? (hehehe)

Yes - it's ironic that a coward like John Gilmore stays in San Francisco
where he exposes himself to both AIDS and earthquakes.

Does anyone have the e-mail address or a snail mail address for judge
Kozinski? I'd like to send him Jim Ray's false complaint to postmaster at bwalk
with my comments.

Thanks,

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dthorn at gte.net  Sun Nov 10 07:19:40 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 10 Nov 1996 07:19:40 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <199611091958.LAA14950@mail.pacifier.com>
Message-ID: <3285F1D8.3C5E@gte.net>


jim bell wrote:
> At 02:18 PM 11/8/96 -0800, Peter Hendrickson wrote:
> >At 1:32 PM 11/8/1996, jim bell wrote:
> >>At 09:12 PM 11/7/96 -0800, Peter Hendrickson wrote:
> >>> ...His conviction was not reversed until 1983 in the court of one Judge Patel...

> >> However, the fact that it took 40 years to reverse (and didn't, presumably,
> >> reverse the convictions of others, and didn't compensate people for lost
> >> property) is yet another reason to take a few pieces out of the hide of the
> >> SC, as well as a few pounds of flesh nearest the heart.

[snip]

> Interestingly enough, the one thing the Commonlaw court system needs is an
> effective enforcement system.  One likely method is the commercial lien
> process, but even that tends to be resisted by people who are far more used
> to dealing with equity court personnel.  It turns out that my AP system
> seems to mesh almost perfectly with their needs, although obviously in
> practice it would only be used as a "last resort."

Speaking of Common Law courts and their Liens, the feds have expanded their crackdown
begun with the Freemen of Montana.  They arrested Elizabeth Broderick and several of
her associates or whatever, and I know at least one person personally who is hiding
or keeping a very low profile at least.  [these are people in the common law/lien
business]






From echo68916 at delphi.com  Sun Nov 10 07:23:22 1996
From: echo68916 at delphi.com (.echo)
Date: Sun, 10 Nov 1996 07:23:22 -0800 (PST)
Subject: Timmy
Message-ID: <2.2.32.19961110152525.0068a3c8@pop.delphi.com>


>From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
>Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
>Comments: Dole/Kemp '96!

  You can remove Dole/Kemp from your email headers, since the election is past.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
.echo
echo68916 at delphi.com






From ph at netcom.com  Sun Nov 10 07:42:34 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 07:42:34 -0800 (PST)
Subject: Black Unicorn exposed?
Message-ID: <v02140b00aeab9f25f781@[192.0.2.1]>


At 8:30 PM 11/9/1996, Robert Hettinga wrote:
>At 12:45 pm -0500 11/9/96, Peter Hendrickson wrote:
>> We are hardly operating in a hostile environment.  Yet, somebody
>> who has apparently gone to some effort to have an anonymous
>> identity has been exposed.  The implications of this are worth
>> considering.

> Nope. Sorry, Pete. Hope you didn't throw out your sholder, swinging for the
> fences like that. ;-).

Phew!  While this news leaves me looking foolish, I am relieved.

Now for my real question: Does the One True Cypherpunk really have
a black unicorn on his coat of arms?

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Sun Nov 10 07:42:43 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 07:42:43 -0800 (PST)
Subject: Legal Deffinition of Encryption?
Message-ID: <v02140b02aeaba1c8961f@[192.0.2.1]>


At 2:17 PM 11/9/1996, Mark M. wrote:
>On Sat, 9 Nov 1996, Benjamin Grosman wrote:
>> I have absolutely no idea: this is a very interesting problem. Not for just
>> compression and encryption differention legally, but also, well, ANY other
>> data form. If one defines a new format for saving data (i.e a new image
>> format), and then exports this technology from the USA, is this exportation
>> of munitions due to it's unknown qualities? Or what?
>> I know that in Australia there have been problems defining electronic data,
>> especially pictures (usually porn), for the purposes of prosecution.
>> Because, really, a pornographic picture is no more than 1's and 0's arranged
>> in a different way by a different algorithm.
>> Thus I think it most likely that the law would try and approach it from the
>> direction of the algorithm that saved the data and the intent with which the
>> algorithm was written.
>> Otherwise, I don't know.

> I can't define encryption, but I know it when I see it.

They way it will be forbidden is by outlawing the execution of the
algorithms.  The algorithms (the secure ones anyway) are well defined
as is executing them.  The legal system has dealt with greater
ambiguities than this.

An analogy to the drug laws might be useful.  We don't outlaw all drugs
that cause you to have weird visions and to act strangely.  That would
be hard to define and would cover a number of legal drugs.

Instead, the specific chemicals are forbidden as they are discovered.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Sun Nov 10 07:42:46 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 07:42:46 -0800 (PST)
Subject: Pseudo-law on the list and libel (fwd)
Message-ID: <v02140b03aeaba3b90ae8@[192.0.2.1]>


At 11:21 AM 11/9/1996, Jim Choate wrote:
> The real issue here is that folks on the net want the protection of the 1st
> Amendment but they don't want the responsibility that goes along with it.
> This list qualifies as a press. As a result it has a responsibility relating
> to what it distributes.

I don't find the word "responsibility" in the First Amendment.

You and the courts may decide John has a responsibility to let other
people use his computer, but the source of this idea is not the
First Amendment.

Peter Hendrickson
ph at netcom.com







From teddygee at visi.net  Sun Nov 10 07:51:50 1996
From: teddygee at visi.net (Ted Garrett)
Date: Sun, 10 Nov 1996 07:51:50 -0800 (PST)
Subject: allow me to state the obvious....
In-Reply-To: <32852789.EB0@webspan.net>
Message-ID: <Pine.LNX.3.95.961110102726.14929A-100000@tgrafix.livesys.net>


-----BEGIN PGP SIGNED MESSAGE-----

To remove oneself from the CypherPunks mailing list, one MUST follow
these instructions TO THE LETTER.  Results from these instructions
could take up to two weeks to take effect.

1) Send a mail message to majordomo at toad.com.

   To: majordomo at toad.com
   From: you at your.domain
   Subject: unsubscribe cypherpunks you at your.domain

   unsubscribe cypherpunks you at your.domain
   <EOT>

2) Obtain 1 (one) bottle of tequila (Cuervo Gold, 1.5 liter)
3) Contact Ted Garrett <teddygee at visi.net> for a snail-mail address
   to send the bottle of tequila to.
4) Send the bottle of tequila to the address obtained in step 3.
5) Sit back and watch your mail volume decrease.

In the event that these instructions fail to get you removed from the
CypherPunks mailing list, follow these steps :

1) Send mail to admin at toad.com

   To: admin at toad.com
   From: you at your.domain
   Subject: Please remove me from CypherPunks...

   Dear Sir:
      I have been attempting to remove myself from the CypherPunks
      Mailing list for the past 2 (two) weeks, without any success.
      Please find it in your heart to make the administrative
      corrections necessary for me to no longer receive a copy of
      mail sent to cypherpunks at toad.com.

      Thank you.

      Your Name Here
   <EOT>

2) Obtain 1 (one) bottle of tequila (Cuervo Gold, 1.5 liter)
3) Send the object obtained in step 2 to the address previously
   obtained from Ted Garrett <teddygee at visi.net>
4) Sit back and watch your mail volume decrease.

- ---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
pgp-public-keys at pgp.mit.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQEVAwUBMoX6BM1+l8EKBK5FAQGb4gf/ZWQBk5SaMIqxcnb9mHKqlfWphHoaFwFv
zb8x1BnD7yAozO6gw4nJAL+jW1XlF+Bzk1oSBBLLbJqjceDfAG2iiaDJVYIdv4zr
GGHSAlwZq5e3RvoUPdSgvLarrT0w7R0/HI8Q3PbmwhbUFMoy5ajaIqjO1s5Q7M9G
rYrusBBf9udQS0Ti4ZD9OmHPzGD69+I9jjVSj2clviGqKbhnxKWvRFrq1toZEFLK
iy4Wfv6VC5m2gb9Ilu3GX/mGs6sUXuHMte58OwFDCBzdV3DjpEGCo2s8A9Veg856
6OWVwoW+NTne32JebCiLXrfe754+XZIXD3OmN9OkdxfQGHXJmY450Q==
=ZmgO
-----END PGP SIGNATURE-----





From froomkin at law.miami.edu  Sun Nov 10 08:05:12 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Sun, 10 Nov 1996 08:05:12 -0800 (PST)
Subject: Pseudo-law on the list and libel (fwd)
In-Reply-To: <199611091721.LAA00907@einstein>
Message-ID: <Pine.SUN.3.95.961109153536.26103C-100000@viper.law.miami.edu>


I really get tired of this.

On Sat, 9 Nov 1996, Jim Choate wrote:
> 
> Exactly. Because the list takes in submissions from ALL parties and then
> resubmits them to ALL SUBSCRIBED parties it qualifies as a publisher. 

Oversimplified (this is why people *pay* lawyers...).  First, the
defintion of "publisher" for libel purposes (but NOT for 1st Am. purposes)
varies from state to state.  Variations increase when one considers non-US
jurisdictions.

Second, to take NY state as an example, a mailing list is almost certainly
NOT a "publisher" but a mere "distributor" and thus held to a MUCH lower
standard of care regarding responsibility for libel.  The "distributor",
like the book store owner, is not presumed to be on notice of the content
of the material, and must take action only if she is made specifically
aware of the libelous nature of the specific content.

[...]

> > > Pseudo-law on this list is really getting out of hand.

Nothing new, alas.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 








From shamrock at netcom.com  Sun Nov 10 08:17:19 1996
From: shamrock at netcom.com (Lucky Green)
Date: Sun, 10 Nov 1996 08:17:19 -0800 (PST)
Subject: RSA and me...
In-Reply-To: <32889cc0.76991108@kdn0.attnet.or.jp>
Message-ID: <Pine.3.89.9611100849.A26358-0100000@netcom6>


On Sun, 10 Nov 1996, Gemini Thunder wrote:

> 'Lo.
> Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
> What if I got it as a tatoo?  

Somebody did this. Check the RSA in perl homepage.

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"






From clay.olbon at dynetics.com  Sun Nov 10 08:25:14 1996
From: clay.olbon at dynetics.com (Clay Olbon II)
Date: Sun, 10 Nov 1996 08:25:14 -0800 (PST)
Subject: Pyramid schemes and cryptoanarchy
Message-ID: <1.5.4.32.19961110162356.00a10f10@ix.netcom.com>


It seems that pyramid scheme spamming has increased of late (if that is
possible!).  In my lifetime, I can only remember a single snail-mail
instance of a pyramid scheme - over the net it is an entirely different
story (although the number of instances is probably proportional to the
number of lists I subsribe to).  With fully anonymous digital cash will come
the ability to develop untraceable pyramid schemes.  As a staunch believer
in the free market, I find laws against these schemes distasteful, quite
hypocrytical (i.e. Social Security), and soon to be unenforceable.

Pyramid schemes could be a growth market in a crypto-anarchic world.  It is
yet another market such as gambling, or the lottery, that could be conducted
with anonymity.  And it appears to be much more widespread on the internet
currently, even without anonymity.  And unlike gambling or the lottery, the
payoffs could increase greatly should anonymity be available.  

Now, what is the point of this discussion of pyramid schemes?  It is to
bring to light yet another area that will be untouchable by governments.
And I think that it will help continue the development and proliferation of
some of our pet projects, specifically fully anonymous digital cash and
remailers.  Remailer operators could even fund their operations through
pyramid schemes (directly, or indirectly through digital postage stamps).  I
am not, however, advocating spam. I simply see it as a natural extension of
current practice, that may actually provide tangible benefits in the near
future.  

Clay

*******************************************************
Clay Olbon			clay.olbon at dynetics.com
engineer, programmer, statistitian, etc.
Dynetics, Inc.
**********************************************tanstaafl






From markm at voicenet.com  Sun Nov 10 08:26:53 1996
From: markm at voicenet.com (Mark M.)
Date: Sun, 10 Nov 1996 08:26:53 -0800 (PST)
Subject: Mailing list liability (fwd)
In-Reply-To: <199611100513.XAA01797@einstein>
Message-ID: <Pine.LNX.3.95.961110111103.404A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Nov 1996, Jim Choate wrote:

> It is exactly editorial control because it prevents, a priori, submissions by
> Vulis under that account. He is FORCED to resort to other means. That is
> what the courts will see, it is what the jury will see, and it is what will
> eventualy sink the list, and place its operator under financial burden for
> years.

You really need to get your facts straight.  Vulis is _not_ prevented from
posting under his name to cpunks.  He has in fact made several posts since
he was removed from the list.  My question still stands.  Why is this editorial
control?  None of the cases you cited were anything like this situation.

> In case you people don't get it, the whole point is to REDUCE the influence
> and control of the government (local, state, and federal). NOT to give even
> more fodder to shoot. For a list operator a primary if not the primary
> goal is to avoid any legal involvement at all costs. Throwing people off
> lists with no subscription limitations is not the way to do that. To be a
> succesful list operator your scruples and the way you treat your subscribers
> MUST be beyond any reproach. The bottem line is that the act was not
> professional and impacts the image of mailing lists, Cypherpunks, its operator,
> and its members in a negative light. I have operated BBS'es and mailing
> lists since '76 and find such actions on the part of a fellow service
> operator to be insulting to the profession that I have enjoyed for 20 years.

Call it what ever you want, it's still government regulation to tell someone
how to run a mailing list.  The first amendment says nothing about any of this
"common carrier" nonsense.  This is just the Supreme Court's interpretation.
If you are so concerned about being "censored", why don't you just ask the list
owner to clearly state his position about subscriptions and submissions
before subscribing?  It's not right to expect someone providing a service free
of charge to accept the burden of making sure his position on subscription and
submissions are stated clearly just because you're too lazy to find out
yourself.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoYCzSzIPc7jvyFpAQFm4Af/dyisLfA1wOZmhhjhdjx6Mey8S8Z1v2GZ
IGf05tQTulp3jqp4b7nN7i7ErHsA19iez/7DxAkMsDkhre7cGURv4+/msZHyf4hU
FQ9qGsEMGbCUbM5SKM1EjzQOhyHCIUkaETu7aFaWZcDYaHAeNGYU4ZxDxRjBOG/V
wCnKxkKpn37uOUbKbRsY95dSYSlJQf0lJFFYr1xNttiE6gDZq+5gOg2gx1QlhFhj
+FoDj73Rwv6A/AiEX33rrwGw8z5tSEuljTyQb0UbPMyIDQ6XdYk3ostppTzp9zLl
Tlh/5RsZaAK7iLuG5dVyohDJJqudOzljtl3+iU7Vnfd9OkrtV8uEug==
=X/0v
-----END PGP SIGNATURE-----
clear






From tjb at acpub.duke.edu  Sun Nov 10 08:57:18 1996
From: tjb at acpub.duke.edu (tom bryce)
Date: Sun, 10 Nov 1996 08:57:18 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <l03010605aeab7149a687@[152.3.87.2]>


Here's a question: if one were designing for oneself a secure personal
computer system, for use in, say, word processing, spreadsheet,
communications, the usuals - what system would one purchase and how would
one set it up?

For example, on the Mac I would envision this as the ideal system:

(1) Get a power mac
(2) Partition the hard drive into two partitions:
    install the system folder on one and a copy of CryptDisk
    make this the startup partition and make it READ ONLY with aliases to
    folders you want to be modiyfable (such as Eudora Folder in the sys folder)
    place these folders on the encrypted partition
(3) Completely fill the other partition with a CryptDisk file so there is no
    room for other stuff to be written. Adjust the partition size if needed.
(4) Install a screen saver (such as shareware Eclipse) that will password lock
    the screen after a few minutes of inactivity, and set CryptDisk to dismount
    the external partition after a few minutes of inactivity (or longer)

This would be a basic setup. If one had more complex ideas, such as setting
it up so casual onlookers would not notice the system was protected, you
could do things like have a decoy normal partition with system folder to
boot from by default, to be bypassed with an external locked system folder
disk, after which one could dismount the decoy partition and mount the
encrypted partition.

If locking the startup volume turns out to be too much of a pain, one could
install trashguard from Highware software and set it to triple overwrite
deleted files, and otherwise not lock the startup partition.

How would things work on Windows 95? I imagine most of the old DOS-based
encryption utilities may have compatibility problems with W95. What would a
similar ideal system be for a PC?

Tom







From whgiii at amaranth.com  Sun Nov 10 09:16:16 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Sun, 10 Nov 1996 09:16:16 -0800 (PST)
Subject: Apology to Dale Thorn
In-Reply-To: <328523F4.3BC@gte.net>
Message-ID: <199611101830.MAA28727@mailhub.amaranth.com>


In <328523F4.3BC at gte.net>, on 11/09/96 at 04:38 PM,
   Dale Thorn <dthorn at gte.net> said:

>> Dale you are truly a clueless shmuck.

I wish to apologise for the above comment. I had confused Dale with Don Wood of Snake-Oil
fame.

I am confused by Dale's repeated attacks on PGP without offering viable alternatives for a
public-key encryption system.

Sorry, I'll try to rember ot count to 10 before I post replies to the list. :) 

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
-----------------------------------------------------------






From tcmay at got.net  Sun Nov 10 09:17:33 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 10 Nov 1996 09:17:33 -0800 (PST)
Subject: Pyramid Schemes
In-Reply-To: <2.2.32.19961111045417.00967cb0@healey.com.au>
Message-ID: <v03007800aeabbd7e613b@[207.167.93.63]>


At 4:23 AM -0500 11/10/96, Mark Rogaski wrote:
>An entity claiming to be Benjamin Grosman wrote:

>: Aren't these Pyramid Schemes Illegal?

>
>Yep, 18 U.S.C. sec. 1343 if I remember correctly ... one of the only
>laws I truly appreciate.  I've already sent a message to
>postmaster at mindspring.com pointing out the fact that a felony has
>been committed.

I deleted the original spam, but from my brief glance at it, it may have
been more of a multi-level marketing (MLM) scheme than a simple
pyramid...something about selling mailing list services. And of course MLMs
are mostly protected, else Amway, Herbalife, Avon, and all the other such
MLMs would not survive.

But I have a more radical view: pyramid schemes should not be illegal.

They are classic nonviolent behaviors, and are not even examples of fraud.
(Because it is _true_ that if one succeeeds in getting enough people to
follow one on the chain, profits come in. It is also true that a large
fraction of participants will see only losses. So?)

Thus, people against pyramids should educate people if they want to, should
try to get them not to participate. But I can't support hiring men with
guns to force people not to participate.

(And there are ways that cryptography allows "crypto-pyramids," though I
doubt many crypto-savvy folks would participate.)

BTW, predictions of great returns in pyramids if instructions are followed
closely are not different from predicitions of earthly and heavenly rewards
if religious commands are followed. Outlaw one, outlaw the other.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Sun Nov 10 09:25:12 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 10 Nov 1996 09:25:12 -0800 (PST)
Subject: Small question about the list
In-Reply-To: <1.5.4.32.19961110134153.00695580@citenet.net>
Message-ID: <v03007801aeabc0a51edb@[207.167.93.63]>


At 8:41 AM -0500 11/10/96, MatriX Spider wrote:
>Hi,
>        I've been around the Cypherpunk list for a couple of month now and
>it don't correspond exactly to what I've expect.
>
>I would be realy happy if someone could tell me the adress to remove my name
>from the distribution list.
>
>Could anyone send me the procedure on how to remove my name of the list ?


I've posted the instructions _several_ times in the last week or two.
(Others have also provided instrutctions.) You obviously are not even
looking at messages. Which is fine. Except how  do you expect to find the
instructions if someone _does_ send them to you?

Nevertheless, I am again including them below. I doubt it will help.

I predict MatriX Spider (how clever) will soon be issuing frantic
"unsudcribe" and "unsribe" messages to this list.

--Tim



To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: unsubscribe cypherpunks








From dthorn at gte.net  Sun Nov 10 09:30:09 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 10 Nov 1996 09:30:09 -0800 (PST)
Subject: Information [for new PGP user]
Message-ID: <328600B9.5168@gte.net>


Adamsc wrote:
> On Thu, 07 Nov 1996 07:08:52 -0800, Dale Thorn wrote:
> >> >> > I'm a new Cyberpunk!
> >> Probably wearing a set of Ono-Sendai eyeballs....
> >> >> > Last,  I would like to know once and for all,  is PGP compromised,  is
> >> >> > there a back door, and have we been fooled by NSA to believe it's secure?
> >> You can read and compile the source code yourself.
> >Really?  All 60,000 or so lines, including all 'includes' or attachments?
> >I'll bet you can't find 10 out of 1,000 users who have read the total source,
> >let alone comprehended and validated it.

> That's not necessary - it's the fact that it's possible that matters;  most
> of us are content to trust the various people who actually have.  However,
> I'd probably be inclined to look into it seriously if I was going to use it
> on anything incriminating or potentially linked to my checkbook...

My main point, which is really difficult to make, since software issues
are so complex today, is that I've been involved with projects on a
similar scale as PGP, where several programmers contributed code to a
particular executable program, and when this is the case (especially
where the source is not obvious as would be data entry code and the like),
it's just not practical for one person working alone, unpaid, to break
the source down into manageable chunks and study it and make enough notes
so that every portion of it is clearly understood and validated.

People in the past have discussed 50 million line Fortran programs to set
up jet training simulators and so forth, and by comparison a 60,000 line
source in 'C' might look doable, as far as complete annotation is concerned.

To illustrate the point, then, I recently had a chance to estimate the cost
of converting a non-'C' program to 'C', which would result in a 'C' program
of about 6,000 lines, or about 1/10 the size of PGP.  My best guess was
about 500 to 1,000 hours, and to analogize that to PGP, where I wouldn't be
writing or converting code ostensibly, just annotating it, I would still
guess 2,500 to 5,000 hours, if the job were done correctly and thoroughly.

If the job is not practical/feasible, then IMO I can say it's not doable.

OTOH, if some one or a handful of people wanted to make the source code
of PGP really accessible to the masses (of programmers at least), they
should start with a plan to make sure it's broken down into a heirarchy
of functions so that:

1. No one function is too large (say, no more than 50 lines or so).

2. All functions use reasonably short variable names (ex: 'iTrapon').

3. Variable names are consistent in capitalization.

4. Function names follow the heirarchy and are logically intuitive.

5. Constant and #define names follow a heirarchy as well.

6. Where a choice is possible between setting out a construct that
   (visually speaking) looks very complex and is difficult to follow,
   and making it simpler, take the simpler path.







From dthorn at gte.net  Sun Nov 10 09:30:11 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 10 Nov 1996 09:30:11 -0800 (PST)
Subject: His and Her Anarchies
In-Reply-To: <199611100556.WAA16087@web.azstarnet.com>
Message-ID: <3286045D.5564@gte.net>


drose at AZStarNet.com wrote:
> Dale Thorn <dthorn at gte.net> wrote:
> >While many, many
> >women have harrassed me on the road for my driving, they (unlike men, w/o
> exception)
> >have *never* tried to threaten me directly, as have hundreds of men.

> Might all these hundreds of threatening men and many, many harassing women
> be trying to tell you something?

Glad you asked!!  Precisely, as in a prison situation, where you're locked
in with some big hairy hillbilly, they're trying to say:

"Bend over, a______"

[snippo]







From dthorn at gte.net  Sun Nov 10 09:31:46 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 10 Nov 1996 09:31:46 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>
Message-ID: <32860D5B.3978@gte.net>


SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil wrote:
>  tim may wrote:
>  >"...and that discussions of other topics bother you should be a clear
>  >indication you're probably on the wrong list."
>         uh, that's _why_ i am on this list...

[ka-snip, ka-snip]

>  dale thorn(?) wrote:

[mo' snip]

>  >Second, any truly secret messaging taking place represents a serious
>  >threat to the military, and contrary to some naive popular opinion,
>  >those guys are not going to lay down for this...

>  what does the military have to do wiht private citizens conversing in
>  secret?

Why should they care?  Huh?  Well, unless you can give them a list that
separates all the sheeple from the wolves, I guess they'll have to
continue their random monitoring just to make sure...

> are _you_ one of the naive that think men actually in uniform control
> the military?  the SecDef is a civillian. the president is a democrat.

Does anyone really care that the "persons in charge" wear uniforms?

> the military does what the white house/congress tell it (the writer
> realizes this is a vastly over-simplified response to a vastly broad statement).

Oh, sure they do.  Let me tell you something.  Big money tells little
money what to do.  I won't bother you with details, as it's beyond the
capacity of email at this time.  But if you think the President is really
in charge, sorry, he's "administratively" in charge, and subject to:

1. Impeachment (the "normal" method of removal, if he doesn't play ball).

2. Other kinds of removal, by Big Money, some of which are very messy.
   Go look at the Zapruder film.  If you think "Oswald" did it, don't
   even bother to reply, as such a reply would go unread.






From sandfort at crl.com  Sun Nov 10 09:39:22 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 10 Nov 1996 09:39:22 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847691156@smtp-gw.cv62.navy.mil>
Message-ID: <Pine.SUN.3.91.961110085723.7792B-100000@crl4.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 10 Nov 1996 SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil wrote:

> ...the freedoms the Cpunks diligently try to preserve (or seem
> to want to create...) are protected _by_ the military. 

Wrong on two counts:

1) Strictly speaking, the C'punks list is primarily concerned 
   with privacy.  Of course, most of us seem to have strong
   interest in freedom, but the original intent of the list 
   founders was the "self-help" preservation of privacy through
   technological means. 

2) Putting aside that nit-pick, we are still left with two  
   implicit and unsupported assumptions:

   a) military=government.  
   b) military/government doesn't also threaten freedoms.

As to a), market anarchists (aka, anarcho-capitalists) believe
that militaries would be better provided by private business.
The concept is usually called "private defense agencies."  The
conservative preference is for para-military "militias."  I have
no intention of getting into a debate over these concepts.  I
mention it only for the purpose of pointing out that alternative
do exist and the fact that governments--through force of the
threat of force--maintain their monopoly hold on the instruments
of war does not mean we are better off for that fact.

With regard to b), governments--primarily through the use of 
their militaries--have killed, by some counts 170,000,000, men,
women and children in this century alone.  Hardly the guardians
of freedom, in my opinion.

> who was it that said:  "law, without force, is impotent"  -?  

He says that as if it's a bad thing.

> keep in mind that even "bad" laws have to be enforced. 

Actually, this is not true either.  In the US at least, if a law
is unconstitutional, it is void ab initio.  The military ananlogy
is found in the Uniform Code of Military Justice.  A subordinate
is not required to follow an order that violates the UCMJ.  The
international version was enunciated at the Nurenburg trials. "I
was only following orders" is not esculpatory.

> ...anarchy implies ruthlessness

To some people, yes.  Literally--and that's how most libertarians
and anarchists use it--it means no rulers.  In my opinion, 
observation and experience and experience rulers, government and
military imply ruthlessness far more directly.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From dthorn at gte.net  Sun Nov 10 09:49:31 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 10 Nov 1996 09:49:31 -0800 (PST)
Subject: Apology to Dale Thorn
In-Reply-To: <199611101830.MAA28727@mailhub.amaranth.com>
Message-ID: <32861563.994@gte.net>


William H. Geiger III wrote:
> In <328523F4.3BC at gte.net>, on 11/09/96 at 04:38 PM,
>    Dale Thorn <dthorn at gte.net> said:

[snip]

> I am confused by Dale's repeated attacks on PGP without offering viable
> alternatives for a public-key encryption system.
> Sorry, I'll try to rember ot count to 10 before I post replies to the list. :)

I've made errors attributing stuff to wrong parties (oops, cringe).

And I apologize for not offering a viable alternative to PGP.

In another posting, I made a suggestion for making the source code to
PGP *really* public, i.e., in a form that the average programmer can
verify and edit (for personal use only, of course).

I'm tending to think that, instead of using PGP for all encoding (even
though it may have multiple facilities for all situations), a message
could be encrypted with a good trusted private-key system or whatever,
then the private key encrypted with the Public Key software and sent
either separately or with the message.

The above might be more cumbersome, but it could be automated with
messaging automation techniques. At least it would reduce the dependence
on PGP to encrypting only the private key(s), which would encourage using
PGP at its most secure (slowest) level of encryption for the entire process
of encrypting the private key data.  As an aside to OTP's, this would not
apply for obvious reasons, i.e., the length of the key.

Of course, this still requires validation of PGP in whatever portion of
the code would be required to encode the private key.  My recommendation
for really serious users would be to separate out that code and recompile
it separately from the remainder of PGP (for personal use only, of course).

And in case it got lost in my rhetoric, I do appreciate that there's no
substitute for the Public Key process.






From kb4vwa at juno.com  Sun Nov 10 09:58:30 1996
From: kb4vwa at juno.com (Edward R. Figueroa)
Date: Sun, 10 Nov 1996 09:58:30 -0800 (PST)
Subject: Real Time Pads (chat modes)?
Message-ID: <19961110.130149.5359.1.kb4vwa@juno.com>


Anyone know if there is a software that encrypts DES, or triple DES in
real time for ie, Chat modes?

I think this be a very interesting idea if not already being  used.  I'm
sure the government uses some form of real time pad.

Comments?

Ed





From security at kinch.ark.com  Sun Nov 10 10:27:52 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Sun, 10 Nov 1996 10:27:52 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847691156@smtp-gw.cv62.navy.mil>
Message-ID: <Pine.LNX.3.94.961110074445.5826C-100000@kinch.ark.com>


On Sun, 10 Nov 1996 SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil wrote:

> ----------------------------------------------------------------------
> dave kinchlea wrote:
> >As said in "Hair" (the movie), "Don't do it for me man, 'cause 
> >if the shoe was on the other foot, I wouldn't do it for you!" 
> 
> >It's a lie anyway, you do it for yourself.
> 
> That's an _easy_ judgment to make (and i definitely have to stop 
> adding anecdotes from my life in these things!), but you missed the 
> point - the freedoms the Cpunks diligently try to preserve (or seem to 

I missed nothing, I simply don't agree. It seems to me that the US
military is much more the agressor than the defender. Just who is it that
you are believe you are defending against? What year do you live in?

> want to create...) are protected _by_ the military.  who was it that 
> said:       "law, without force, is impotent"  -?  

The military is NOT the defender of laws, that is the job for the civilian
police. Are you really that confused? I actually live in Canada where I
enjoy the same or more freedoms that you do, funny thing though, we don't
find it necessary to have a large military force to `protect' us. 

[...]

> 
> was i assuming that you've read the book and/or seen the broadway 
> play, "Hair"?  OHHHHH - i'm sorry - you saw the _movie!_ shame on me.

What the fuck is this? When did the play end on broadway, mid-seventies?
Do you have a point? I thought not. The only reason I pointed out that it
was the movie is because I am not certain that that line IS in the play.
You see I practice something called honesty, something you might do well
to learn about yourself.









From darkened-node at geocities.com  Sun Nov 10 10:39:06 1996
From: darkened-node at geocities.com (Darkened-Node)
Date: Sun, 10 Nov 1996 10:39:06 -0800 (PST)
Subject: Hello from the Brotherhood
Message-ID: <1.5.4.16.19961110133848.2a37b3aa@mail.geocities.com>


Hello to everyone from the Brotherhood of Darkness

Fellow Cypherpunks:
Please visit our site at:
http://www.ilf.net/brotherhood/


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Darkened-Node

Executive Member
        -THE-
-BROTHERHOOD-
 -OF DARKNESS-

    Comments or Questions?
Darkened-Node at Geocities.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From vipul at pobox.com  Sun Nov 10 11:18:15 1996
From: vipul at pobox.com (Vipul Ved Prakash)
Date: Sun, 10 Nov 1996 11:18:15 -0800 (PST)
Subject: Proxies
Message-ID: <199611101254.MAA00304@fountainhead.net>



Is there a list of http proxy servers one could go through?
I think its a nice [rather sutle] way of achieving web.anonymity without using 
more apparent anonymizers....

Vipul

-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul at pobox.com 	          | - Internet & Intranets 
91 11 2233328                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia






From joelm at eskimo.com  Sun Nov 10 11:18:37 1996
From: joelm at eskimo.com (Joel McNamara)
Date: Sun, 10 Nov 1996 11:18:37 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <3.0.32.19961110111720.00e2eeec@mail.eskimo.com>


See the CryptoBook link at http://www.eskimo.com/~joelm

While the concepts were originally developed for a laptop, they're easily
applied to a desktop machine running Win95.

Joel

>Here's a question: if one were designing for oneself a secure personal
>computer system, for use in, say, word processing, spreadsheet,
>communications, the usuals - what system would one purchase and how would
>one set it up?
>
>For example, on the Mac I would envision this as the ideal system:
>
>(1) Get a power mac
>(2) Partition the hard drive into two partitions:
>    install the system folder on one and a copy of CryptDisk
>    make this the startup partition and make it READ ONLY with aliases to
>    folders you want to be modiyfable (such as Eudora Folder in the sys
folder)
>    place these folders on the encrypted partition
>(3) Completely fill the other partition with a CryptDisk file so there is no
>    room for other stuff to be written. Adjust the partition size if needed.
>(4) Install a screen saver (such as shareware Eclipse) that will password
lock
>    the screen after a few minutes of inactivity, and set CryptDisk to
dismount
>    the external partition after a few minutes of inactivity (or longer)
>
>This would be a basic setup. If one had more complex ideas, such as setting
>it up so casual onlookers would not notice the system was protected, you
>could do things like have a decoy normal partition with system folder to
>boot from by default, to be bypassed with an external locked system folder
>disk, after which one could dismount the decoy partition and mount the
>encrypted partition.
>
>If locking the startup volume turns out to be too much of a pain, one could
>install trashguard from Highware software and set it to triple overwrite
>deleted files, and otherwise not lock the startup partition.
>
>How would things work on Windows 95? I imagine most of the old DOS-based
>encryption utilities may have compatibility problems with W95. What would a
>similar ideal system be for a PC?
>
>Tom
>
>
>
>





From ichudov at algebra.com  Sun Nov 10 11:20:58 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sun, 10 Nov 1996 11:20:58 -0800 (PST)
Subject: Pyramid schemes and cryptoanarchy
In-Reply-To: <1.5.4.32.19961110162356.00a10f10@ix.netcom.com>
Message-ID: <199611101850.MAA11960@manifold.algebra.com>


Clay Olbon II wrote:
> 
> Now, what is the point of this discussion of pyramid schemes?  It is to
> bring to light yet another area that will be untouchable by governments.
> And I think that it will help continue the development and proliferation of
> some of our pet projects, specifically fully anonymous digital cash and
> remailers.  Remailer operators could even fund their operations through
> pyramid schemes (directly, or indirectly through digital postage stamps).  I
> am not, however, advocating spam. I simply see it as a natural extension of
> current practice, that may actually provide tangible benefits in the near
> future.  
> 

I wonder if spammers have already figured out that they can use remailers 
to send spam without being traced.

	- Igor.





From jya at pipeline.com  Sun Nov 10 11:21:24 1996
From: jya at pipeline.com (John Young)
Date: Sun, 10 Nov 1996 11:21:24 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
Message-ID: <1.5.4.32.19961110191947.006a6ae4@pop.pipeline.com>


Sandy Sandfort wrote:

A brilliant mini essay, which most succinctly answers Samuel P.
Huntington's long essay in November Foreign Affairs.

And recaps the ancient struggle between "public-governmental" 
in the "public interest" and "private-anti-governmental" in the 
"private interest."

Those who argue that the public needs protection from internal and
external enemies -- "national security" -- gloss over that this ideology
has a long heritage as a big-time, self-interested business, or racketeer
influenced organized crime, to be blunt. Colin Powellism breast-fed 
on Fight the Day's Devil milk, like two thousand generations of 
fundamentalist up-and-comers.

For governmental and military and priestly careerism is no different that
the profit or organizational kinds. Each have religio-philosophical 
underpinnings backed by shrewd legislative pie-slicing-and-distribution
with crucial physical enforcement to fend off those who didn't get a 
slice and are hungrily pissed at the collusive exclusion.

A lot of this smoke is PR machines blowing hard for each of the Big Bands:
Gov, Mil, Com, Org, Edu, Etc. Blurring the distinctions, stealing from one
another, swapping personnel and programs, doling out contracts, 
racing to copy the latest ploy, apology, attack, whine, while securing 
those ancient by-the-rule perks against the ruthless up-and-comers.

Mafia, military, crypto shooters -- taking orders for small kisses of 
blessing/death, climbing the ladder of earthly reward.

Still, global anarcho-bands of mercenary bandits, hmm, what's that
411 for International Terrorist Gun Show -- er, military-industrial
showcases of megadeath?







From vznuri at netcom.com  Sun Nov 10 11:39:42 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Sun, 10 Nov 1996 11:39:42 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <199611100747.XAA00328@cryptical.adnetsol.com>
Message-ID: <199611101939.LAA13170@netcom4.netcom.com>



Mike Ingle:
>
>Cryptoanarchy will have arrived when you can openly _advertise_ these
>services and still stay in business indefinitely. Most of the things we
>talk about - even Jim Bell's assassination market - already exist, but
>they cannot be advertised. You have to go looking for them, at some
>risk to both buyer and seller. If the seller is visible enough for you
>to find him, he is visible enough to get caught.

actually "cryptoanarchy" has a lot of different definitions, and
as an exercise, during at least on cpunk meeting in SF there was
a roundtable discussion about what it meant to each person. the
definitions did vary widely. the most optimistic view of cryptoanarchy
would say that its early phases are already upon us in the crypto
inside browsers and the govt paranoia and posturing. other more
restrictive definitions would be similar to your own. 

another view would be that "cryptoanarchy" in the sense of people living
in a society where they evade govts have already existed. in my
view cryptoanarchy is a quite Machiavellian concept and I would
suggest that there are strong parallels. TCM,
originator of the term, is a bit mushy himself in his definitions
and refuses to be pinned down on many specifics. however he has
a pretty good paper out on the subject.

>Currently the techniques of anonymity are limited to two: indirection
>for source anonymity and broadcast for recipient anonymity. We are more
>or less where crypto was before the invention of public key. You can
>gain security by spreading risk among multiple parties (key
>distributors for crypto, or remailers for anonymity) but you can't 
>'make your own anonymity' like you can make your own security with 
>public key crypto.
>
>A theoretical discovery is needed particularly in the area of recipient
>anonymity. Good sender anonymity and weak recipient anonymity leads to
>'hit and run' behavior such as spamming email and newsgroups, but not
>to anonymous markets.

an encrypted reply block using remailers is pretty secure technology.
the remailers are not all that reliable however and these reply
blocks are always breaking; they depend on every link in the chain
working perfectly. I've proposed having an anonymous pool in which
remailers post status information when they successfully pass on
messages, such info could be used to make the remailers more reliable,
although possibly at the expense of having to buffer messages.

has anyone set up a remailer that accepts payment right in the message
itself? that would probably solve a lot of the economic problems, and
it seems that the technology, i.e. digicash, has evolved to the point
it would be possible to implement this. (note I am aware of c2's
web page anonymous sending feature, but as I understand it the digicash
payment here is not automated in the sense of being contained in the message).

with the ability to include a payment in the message itself, you could
pay "buffer services" that would be a layer of abstraction on top
of the current unreliable remailer network and have much greater
reliability.

it seems to me the main proponents of "cryptoanarchy" tend to suggest
a government structure is a completely useless construction. perhaps
so but they would end up erecting othre systems to deal with the
void they might not call "govt" but would have most of the features
of one, imho. something "govtlike" is a measure of a civilized society,
imho, hence my distaste in cryptoanarchy with its seeming naivete
on the legitimate and crucial role of govt in a society. the specifics
may vary between implementations, but imho in general something
"govtlike" is crucial to civilized society.





From dlv at bwalk.dm.com  Sun Nov 10 11:50:37 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 11:50:37 -0800 (PST)
Subject: exclusion/censorship and the law (fwd)
In-Reply-To: <199611091936.NAA01142@einstein>
Message-ID: <oa17wD13w165w@bwalk.dm.com>


Jim Choate <ravage at EINSTEIN.ssz.com> writes:
> How often it occurs is irrelevant, this is like saying one rape is not a
> crime but two is. Utter hogwash. Vulis was removed from the list, this
> means he can't SUBMIT posts.

I'm very grateful to Jim Choate for all his traffic in support of my freedom
of speech, but the above isn't quite right. So far I've been able to submit
posts and have them broadcast to the list. That doesn't mean that I'm welcome
to do that (I think John Gilmore made it perfectly clear that I'm not by
censoring me) but he hasn't technically prevented me from doing that.

John Gilmore has the right and the technical ability, but probably not the
balls to censor me further. He has no credibility to lose.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From azur at netcom.com  Sun Nov 10 12:51:54 1996
From: azur at netcom.com (Steve Schear)
Date: Sun, 10 Nov 1996 12:51:54 -0800 (PST)
Subject: Cypherpunks, Inc?
Message-ID: <v02140b00aeabed89ee52@[10.0.2.15]>


Now why don't the cypherpunks put together something like the item below?
In fact, why don't we form some sort of Guild, trademark the term
cypherpunks (I'll volunteer) and offer cracking and security products (like
the one below) or services?  A product security endorsement from
Cypherpunks Inc. could carry a lot of weight :-)

>From: security.admin77 at safest.you
>To:
>Date: Sun, 10 Nov 1996 10:43:01 PST
>Subject: Your Email Privacy Has Been Compromised
>
>
>
>
>This Message Contains Important Information About Violations
>of Your On-Line Privacy.
>
>
>
>*Email and Online Security Violations.*
>Please be advised that information contained in email is similar
>to a post card.  It can easily be read in transit and does not go
>directly from your computer, to the computer of the recipient.
>Your message often passes through the hands of countless
>computer systems on its path to where you sent it.  Because of
>this, it can easily be seen by many prying eyes on the way to its
>destination.  If you are mailing personal, business or financial
>data it is unwise to use traditional email.  There are many people
>on the net who profit by snooping in the open "post card" style
>email that most account holders utilize.  Programs are readily
>available to make this task simple.  Additionally, many people
>are purchasing mailing lists which contain your email address.
>If you do not wish to receive unsolicited email, there are a
>number of free and highly effective steps you can take to
>recapture your privacy.
>
>The personal exposure spoken of is not limited to email.  If you
>make use of other internet services such as the World Wide
>Web, your privacy is at even greater risk.  Unless secure, any
>information you enter on a form can be read in transit, just like
>email.  Additionally, most of the information providers you contact
>on the web routinely collect information about you in high detail.
>This information goes right down to where you are located, and
>what kind of computer and operating system you use!
>
>To combat this problem, many countermeasures have been
>developed of which most account holders remain unaware.  The
>on line criminals would like to keep it that way.  Every net citizen
>needs to learn to stop sending "Post Cards" and stop allowing
>distant machines to accumulate large amounts of information
>about who they are and their interests.
>
>There are many simple things you should be doing right now to
>protect your privacy.  Most of the best countermeasures available
>are FREE.  This is because there is still a very strong vein of
>computer experts on the net who believe in an individual's right to
>privacy.  There are excellent, completely free  programs that you
>should be using right now to browse the web in an untraceable
>and private manner, and send email that only the recipient can
>read!
>
>You don't need to be a computer expert to use these tools.  They
>often take little or no additional time and are designed to be very
>simple for the computer illiterate to use.  The computer gurus
>that designed these programs know that it is extremely important
>that average net citizens make use of them.  They have designed
>and continually revised them with that in mind.
>
>My name is Jeff Martin, my associates and I have spent a great
>deal of time researching this subject. It is my goal to provide you
>with access to the best resources available to keep your
>communications private.  My information relates to both email
>and other aspects of the internet such as the World Wide Web.
>This information was put together because I don't feel that others
>are making it available in this form of wide distribution, and it
>needs to be done.  The internet is just like a city in that you need
>some street smarts to keep yourself as safe as possible.  That's
>the kind of information I wish would have been provided to me
>when I began to go on line, and it is what I have tried hard to put
>together to help you out.
>
>In my program you'll learn:
>
>*How to send email that cannot be traced.
>
>*How to send email to your friends and associates that cannot
>be read in transit.
>
>*How to post anonymously to Newsgroups.
>
>*How to browse the web and download files anonymously.
>
>*Why you should (almost) never send financial information over
>the net.
>
>*How to prevent your name from being gathered and sold for
>bulk email use.
>
>*And Much, Much, Much, More ....
>
>My package is a treasure trove of valuable information collected
>to guarantee your privacy!
>
>This is the first time I am making this information available.  In a
>short while, the program will be retailing for $59.95.  However, if
>you respond within the next 7 days of receiving this message you
>will receive the special price of $19.95.  Because of the amazing
>expansion of the internet, I have decided to make this offer so
>that everyone can afford to learn how to protect themselves from
>the net's growing criminal element.  After seven days you may
>still order the program at its retail price of $59.95.
>
>Additionally, if you order within the next 48 hours, I'll include a
>very special report about how you can get a free email address
>and account to use from just about anywhere in the U.S.  I'll
>show you how, but you must order within the next 48 hours!
>
>HOW TO ORDER
>I strive very hard to protect your security.  I do not accept
>unsecure credit card or check information by email, because it is
>too easily intercepted.  While this could increase my orders, I feel
>that your security as a customer is more important. I am a small
>business person and keeping up with phoned and faxed in orders
>has proven to be too difficult for me.  Therefore I now only accept
>orders via postal (snail) mail.  Please be certain to give me your
>email address when ordering.  I prefer to ship orders via email
>so that you can have my information as soon as possible.
>
>To order send a check, money order, or credit card information
>(Visa, MasterCard, Discover) to me at:
>
>Jeff Martin
>POB 72106
>Newport, Kentucky 41072
>
>Any credit card orders must use the attached form below.
>Thank you very much for your time.
>
>Best Wishes,
>
>Jeff Martin
>
>
>This information will always be held in the strictest confidence.
>
> Credit Card:    Visa    Mastercard    Discover
>
> Card #:______________________________________
>
> Expiration Date:__________________
>
> Name on Card:________________________________
>
> Please indicate amount $__________ ($19.95) or (59.95)
>
>
> SIGNATURE:x________________________
>
>DATE:x__________________
>
>
>Copyright 1996, Jeff Martin.  All rights reserved.







From merriman at amaonline.com  Sun Nov 10 13:03:02 1996
From: merriman at amaonline.com (David K. Merriman)
Date: Sun, 10 Nov 1996 13:03:02 -0800 (PST)
Subject: Rarity: Crypto question enclosed
Message-ID: <199611102102.NAA17006@toad.com>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Sun Nov 10 15:03:35 1996
Sorry that this message doesn't include any flames, "outings", 
denigrations, or other stuff......

My simple question is regarding key/certificate distribution:

        Is there any particular reason that such can't be accomplished via 
on-line lists, and made available via a service on a port, using standard 
(textual) commands, like mail and such are now?

        The things that come to mind are a 'client' request for a key, a 
'client' submission of a key, an external host requesting a key exchange, 
and the host itself requesting a key exchange with another system (only 
new/changed keys being swapped).

        The way I see it working is similar to (but not as slow as, or 
requiring the human intervention) of the key servers already existing. 
Granted that the first few such servers might carry a higher load, but I'd 
think that would taper off as the (presumably free) software became 
available, similar to the growth of remailer software (which would seem to 
be a fairly reasonable relationship....).

        Hooks into existing PGP-fluent software shouldn't be difficult with 
a standardized protocol, and I wouldn't think that the servers would be 
that difficult to code and implement on a 'standard' (consistently used, 
that is) port.

        I'm willing to have a try at the first server, if the parameters 
can be defined.

Dave Merriman


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoV+S8VrTvyYOzAZAQHlMQP/eU3F2JyaQcU6tQ+J5iCdAdPKiBNORJGT
chgNauyaH/dHwj+DzcKZzhmjabsICGZjPbJvH+DIvnbGx3eGF1Y2HUAHvt5ab4ww
gfPJ7xfjwNUJPyrTQtp7lXVdB5BVfSw/I2lHzSg1ssRvTo4iF+gIoAQypOT1Z617
Fo/c1h77KgA=
=pkk/
-----END PGP SIGNATURE-----






From steve at edmweb.com  Sun Nov 10 13:43:50 1996
From: steve at edmweb.com (Steve Reid)
Date: Sun, 10 Nov 1996 13:43:50 -0800 (PST)
Subject: Another possible remailer attack?
Message-ID: <Pine.BSF.3.91.961110132320.185B-100000@bitbucket.edmweb.com>


>> You want to know if Dimitri is the person regularly posting these
>> messages. So, you use your powers as ISP to block his access to all
>> remailers. If the public messages suddenly stop then you can be
>> reasonably certain that Dimitri was sending them.
> I'm not following something...just how to your "powers as ISP" affect a
> remailer in, say, Holland, or one for that matter on another ISP? (As a

Packet filtering at the ISP's router. If Dimitri can't connect to a
remailer, he can't send anonymous messages. Sure there are a lot of hacks
that could be done (like have sendmail on another system send it to a
remailer) but such things could be detected and blocked by clever filters.
In fact, the ISP could just claim to be "going down for maintenance" and
completely block Dimitri from the internet for a while. 

> Just as the Nazis could isolate spy transmitters by selectively
> turning off electricity to different neigborhoods, so, too, can various

Isolating spy transmitters by selectively cutting power is exactly
alalogous to what I have suggested. 





From dlv at bwalk.dm.com  Sun Nov 10 14:10:41 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 14:10:41 -0800 (PST)
Subject: Pyramid schemes and cryptoanarchy
In-Reply-To: <1.5.4.32.19961110162356.00a10f10@ix.netcom.com>
Message-ID: <Fc67wD17w165w@bwalk.dm.com>


Clay Olbon II <clay.olbon at dynetics.com> writes:

> It seems that pyramid scheme spamming has increased of late (if that is
> possible!).  In my lifetime, I can only remember a single snail-mail
> instance of a pyramid scheme - over the net it is an entirely different
> story (although the number of instances is probably proportional to the
> number of lists I subsribe to).

I once received a paper version of the Craig Shergold spam (i.e. a
solicitation of business cards to be sent to the dying boy without any
computer networks being involved) and became curious and looked into why
people spread these memes. It turned out that there's a substantial number
of people involved in marketing/public relations who sort of stay in touch
by forwarding these memes, good luck chain letters, multi-level marketing/
pyramid schemes etc to each other. The MMF spam we see on the net is a
vague echo of the MMF spam moving around USPS, with real cash. Fortunately
most folks involved in this have been too clueless to use the 'net or we'd
see a lot more of it. I suppose if it ever becomes cost-effective to use
digital cash and the Internet for MMF, they'll do it. Thus far putting
MMF on the 'net generally results in the loss of any accounts mentioned
in the spam, so getting cash via USPS is much more effective.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sun Nov 10 14:20:18 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 14:20:18 -0800 (PST)
Subject: Pyramid Schemes
In-Reply-To: <v03007800aeabbd7e613b@[207.167.93.63]>
Message-ID: <Nw77wD18w165w@bwalk.dm.com>


"Timothy C. May" <tcmay at got.net> writes:
> I deleted the original spam, but from my brief glance at it, it may have
> been more of a multi-level marketing (MLM) scheme than a simple
> pyramid...something about selling mailing list services. And of course MLMs
> are mostly protected, else Amway, Herbalife, Avon, and all the other such
> MLMs would not survive.
>
> But I have a more radical view: pyramid schemes should not be illegal.

Surprisingly, I agree with Timmy on this one. MLM's/pyramid schemes fit
so well into the general American stupidity and the belief in getting
something for nothing.

> (And there are ways that cryptography allows "crypto-pyramids," though I
> doubt many crypto-savvy folks would participate.)

I think the following would be a worthwhile cypherpunks project: design the
anonymous infrastructure to allow those who wants to participate in MMF-like
pyramid schemes on the Internet to do so without bothering anyone.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sun Nov 10 14:23:37 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 14:23:37 -0800 (PST)
Subject: Mailing list liability (fwd)
In-Reply-To: <Pine.LNX.3.95.961110111103.404A-100000@gak.voicenet.com>
Message-ID: <q777wD19w165w@bwalk.dm.com>


"Mark M." <markm at voicenet.com> writes:
> On Sat, 9 Nov 1996, Jim Choate wrote:
>
> > It is exactly editorial control because it prevents, a priori, submissions
> > Vulis under that account. He is FORCED to resort to other means. That is
> > what the courts will see, it is what the jury will see, and it is what will
> > eventualy sink the list, and place its operator under financial burden for
> > years.
>
> You really need to get your facts straight.  Vulis is _not_ prevented from
> posting under his name to cpunks.  He has in fact made several posts since
> he was removed from the list.

The fact remains that John Gilmore has "punished" me for speech that he didn't
like by unsubscribing me from both cypherpunks and coderpunks mailing lists and
by instructing majordomo to "play dead" in response to any requests from me.
That's rude; that's sneaky; that's censorship; that's John's right.

I am not a lawyer, but I hope that if and when someone gets sued over something
posted to this mailing list, John "deep pockets" Gilmore is named a codefendant
and is unable to convince anyone of his common carrier status.

(I remind the lawsuit-happy audience that John Gilmore was the fifth employee
of Sun Micro and was given some equity in the company, which after the IPO
became worth millions of dollars.)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From aba at dcs.ex.ac.uk  Sun Nov 10 14:34:35 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Sun, 10 Nov 1996 14:34:35 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b02aeaa6d2cfe8f@[192.0.2.1]>
Message-ID: <199611102034.UAA00143@server.test.net>



Peter Hendrickson <ph at netcom.com> writes:
> At 3:30 AM 11/9/1996, Adam Back wrote:
> >Peter Hendrickson <ph at netcom.com> writes:
> >> Where will you keep your secret key?  Remember, when they go through
> >> your house they bring 20 young graduates from MIT who are just dying
> >> to show how clever they are and save the world at the same time.
> 
> > Keep your secret key in your head.
> 
> I think this is hard to do in practice.  I have tried.

You could probably keep a hashing function around plausibly, then you
could do as usual and remember the passphrase and use the hash
function to construct the actual key.

> > Your plausible deniability has to get quite low before it will stand
> > up as "proof" in court.
> 
> My idea is that the lack of noise is used as evidence to get a search
> warrant.  The search warrant is used to get the evidence to put you away
> forever.

Your plausible deniability has to drop below 100%, your data has
deviate from "indistinguishable from normal data distributions" to get
yourself investigated in the first place.

If your stego techniques are any good, the feds will never get beyond
that point.  They will then be left with the option of doing random
`spot-checks'.  Having been on the cypherpunks list probably would
increase your chances of having your system checked.

> > Your real challenge is keeping your stego programs safe.  Boot
> > strapping a stegoed encrypted file system while leaving no stego code
> > lying around isn't that easy.
> 
> Excellent point, especially since you don't have an encrypted virtual
> disk.  Can anybody resolve this?
> 
> > rc4 in C:
> >
> > #define S,t=s[i],s[i]=s[j],s[j]=t /* rc4 key <file */
> > unsigned char s[256],i,j,t;main(c,v)char**v;{++v;while
> > (s[++i]=i);while(j+=s[i]+(*v)[i%strlen(*v)]S,++i);for(
> > j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;}
> 
> (Under 3.3)  I would have a hard time memorizing these programs.  This
> pretty much guarantees that the number of cryptoanarchists will be small.

That program is optimised for size rather than ease of memorizing.

RC4 is an elegantly simple algorithm, and I sumbit that you could
remember it.  Barring that you could just leave around a few
cypherpunks archives, or sci.crypt archives or whatever, and cut and
paste it form one of my posts :-)

Because RC4 is a stream cipher, you shouldn't reuse the key.  However
you shouldn't need to for this application.  You just use it to boot-
strap the real code.

You'd need to put in the appropriate stego decoder (say getting the
bytes from the LSbit of an audio file.  Linux loop back devices
already provide the stego capability directly.  But then linux loop
back devices provide IDEA encryption.  (I'm talking about Ian
Goldbergs patch to the loopback filesystem, which may not have been
folded back in yet).

Also you may be able to get somewhere with algorithms which are
plausible to have coded on your system anway.  Say, RC4 makes a good
PRNG, so what's wrong with having it in a standard library.  That
makes coding RC4 really simple.  Just reseed the PRNG with your key,
and XOR it's output with the encrypted file.

Also I did hear tell that Bruce Schneier was working on a crypto
algorithm which was designed to work with playing cards, for a book
which Neal Stephenson is writing.  Presumably painful to use, but
maybe good plausible deniability, all that you need is a pack of
cards.

> (I am deeply envious of your legal right to post this code, however.
> Now, why was it that we broke away from the Mother Country?)
>
> I would like to see a longer exposition of your approach.  Given
> a hostile environment, how would I operate a small anonymous perl
> coding service using your techniques?  

Once you've bootstrapped to your cryptoanarchists toolkit, you can
have anything you want, even a virtual TCP/IP layer, a hidden level of
TCP/IP in stego data.  TCP/IP itself is a likely candidate for a stego
carrier.  Non-predictable sequence nos are required to stop things
like the spoofing attack, and so are perfectly plausible.

The real pain at the moment is that bandwidth is so darned low.
You're talking 28.8k for most users, and I'd quite merrily pay $2000 a
year for a fractional T1 for personal use, but prices over here are
too high yet.

Once we get to everyone having enough bandwidth, lots of people with
permanent connections, lots of people using video conference software,
audio, downloading feature length films, etc. there's no stopping
crypto anarchy.  The LSbits in that lot would make a fairly responsive
subliminal channel by todays standards.

> Don't forget to tell me how I get paid and when I get to spend my
> "ill-gotten" gains and how nobody will notice that I am doing it.

You get paid in ecash, paid on the BlackNet bank.  You take a holiday
to a tax-haven and get paid off by a getting "lucky" at a BlackNet
affiliated casino.  The casino takes a their "currency exchange fee",
and you get US$.  Translations into paper currencies, I'll admit are
the weak link if you need paper currencies.  

However there are two ways to get anonymous electronic cash, either
you start with anonymous electronic cash, or you add the anonymity
afterwards via `privacy brokers', once there are a few dozen systems,
and trillions flowing around using these systems, it's going to be
hard to keep track of it all.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From unicorn at schloss.li  Sun Nov 10 14:36:07 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 10 Nov 1996 14:36:07 -0800 (PST)
Subject: [IGNORE unless your name is Sandfort]
Message-ID: <Pine.SUN.3.94.961110173413.12339D-100000@polaris>



Mail to you currently bounces.

Is an alternative address available?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From wombat at mcfeely.bsfs.org  Sun Nov 10 14:49:13 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Sun, 10 Nov 1996 14:49:13 -0800 (PST)
Subject: Pyramid schemes and cryptoanarchy
In-Reply-To: <1.5.4.32.19961110162356.00a10f10@ix.netcom.com>
Message-ID: <Pine.BSF.3.91.961110162701.1130A-100000@mcfeely.bsfs.org>




On Sun, 10 Nov 1996, Clay Olbon II wrote:

> Pyramid schemes could be a growth market in a crypto-anarchic world.  It is
> yet another market such as gambling, or the lottery, that could be conducted
> with anonymity.  And it appears to be much more widespread on the internet

How is it like gambling? If I get a pyramid letter instructing me to send 
money to five people on the list, add my name to the bottom, send to 5 
people, or whatever, there's nothing stopping me from removing all the 
names, adding my name and those of four friends, and passing the letter 
along. With an anonymous system, I could easily be all five people, 
without even the bother of getting five different post office boxes.

There's no gambling involved; only blantant stupidity.

The "airplane" game was an interesting slant, though. Because of the 
in-person "airplane" parties, people were able to make contacts and 
network while participating. It was still the same old trick, but some 
may have found the ability to "buy" (and "sell") face time worth the price 
of admission (Some of the "airplane" games going around were to the tune 
of $2500, rather than the usual $5). Your anonymous slant on 
this removes the only economically viable excuse for participating, 
though - I don't even get to meet the head of the umptysquat dept. in 
return for getting fleeced.

The "airplane game" was big around Washington about a year ago, and
involved a number of highly placed people who aught to have been able to 
recognize a Ponzi scheme when it bit them in the ass. Makes me wonder how 
many people are stupid enough to "play" these games. 


-r.w.






From jfricker at vertexgroup.com  Sun Nov 10 15:10:19 1996
From: jfricker at vertexgroup.com (John Fricker)
Date: Sun, 10 Nov 1996 15:10:19 -0800 (PST)
Subject: Pyramid Schemes
Message-ID: <19961110231024559.AAA112@dev.vertexgroup.com>



Pyramid schemes invalidate the worth of one's word. By gaining financially from one's recommendation said recommendation becomes of dubious trustworthiness. Traditionally, personal experience and anecdotes about products, goods and services have served as reputable guides in consumer culture. By gaining financially from one's word, one is cashing in their reputation. 


--j
-----------------------------------
| John Fricker (jfricker at vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------






From qualia at dircon.co.uk  Sun Nov 10 15:25:21 1996
From: qualia at dircon.co.uk (Caspar Bowden)
Date: Sun, 10 Nov 1996 15:25:21 -0800 (PST)
Subject: Scientists for Labour conf on encryption/escrow/data protection Nov 14th
Message-ID: <01BBCF5D.FA366E80@qualia.dircon.co.uk>


Full details: http://www.shef.ac.uk/~sfl/meetings/itconf.html

		PLEASE DISTRIBUTE AND LINK TO YOUR WEB-SITE: 

	Scientists for Labour - IT & Communications Group    
	  Conference on Information Superhighway Policy 

---------------------------------------------------------------------	
"Liberty on the Line : Opportunities and Dangers of the Superhighway" 
---------------------------------------------------------------------	

	Chaired by Geoff Hoon MP, Shadow Minister for IT 

	Thursday 14th November 1996, 9am - 5:30pm 
	
	MSF Centre, 33-37 Moreland Street, London EC1 (Angel tube) 
---------------------------------------------------------------------	

For further details or to reserve a place contact:
Caspar Bowden, SfL IT & Comms co-ordinator (qualia at dircon.co.uk)


The debate over Internet regulation in the UK has focused mainly on 
censorship, but the standards for control of "encryption keys", currently
being formulated nationally and internationally, will lay the permanent
foundations on which the Information Society is built. The long-term 
implications for civil liberties have received little public attention 
outside the Internet community.

Scientists for Labour is hosting a conference to look at the data protection 
and economic issues arising from the integration of digital signatures, 
electronic copyright management, and digital cash. What kind of regulatory 
apparatus will allow rapid growth of an information economy, but prevent 
misuse of personal data ? 

*) New government proposals on "Trusted Third Parties", which aim to preserve
   law enforcement and national security capabilities for warranted 
   interception of communications (to fight crime and terrorism), place only 
   procedural not technical limits on the scope of Superhighway surveillance. 

*) Super-computers have the potential to conduct random electronic "fishing 
   expeditions" against the whole population. Telephone and letter 
   interception cannot be automated : digital monitoring can. 

Will legal safeguards against abuse offer adequate protection in perpetuity, 
or can cryptographic protocols be designed which make Superhighway mass-
surveillance impossible, while still allowing criminals to be targeted ? 

Computer and legal policy experts will explain the principles of the 
different technologies, and the international and commercial context, in a 
search for interdisciplinary solutions. 

The attendance fee is ?5 (?2 unwaged ; SfL members free) 

For press information please contact : 
Bobbie Nicholls, SfL Press Officer, Fax: 01235 529172 

The Scientists for Labour home page (http://www.shef.ac.uk/~sfl/)
has information on how to join SfL, or contact the Secretary : 
Dr Robin Walters (R.G.Walters at shef.ac.uk) 


					Programme 
					---------

9.00-9.30	Registration	SfL members free, non-members ?5 (?2 unwaged)

9.30-9.45	Geoff Hoon MP 	Introduction 

9.45-10.45	Dr.John Leach 	Cryptography and developments in Trusted Third
					Party policy

10.45-11.45	Dr.Ross Anderson	Some problems with the Trusted Third Party 
					programme 

11.45-12.00	Coffee	

12.00-12.30	Elizabeth France (Data Protection Registrar)

12.30-1.00	Simon Davies 	Escrow and the hidden threat to human rights
 					and privacy

1.00-2.00	Buffet lunch	

2.00-2.45	Prof. Charles 	Public policy and legal aspects of Intellectual
		Oppenheim 		Property Rights 

2:45-3.30	Alistair Kelman 	Electronic Copyright Management : 
					Possibilities and Problems
3.30-3.45	Tea	

3:45-4:45	Andrew Graham 	Will the Information Superhighway enhance or
					diminish democracy ? 

4.45-5.30	Panel Session	Discussion (inc. Robert Schifreen)
---------------------------------------------------------------------	












From SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil  Sun Nov 10 15:42:08 1996
From: SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil (SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil)
Date: Sun, 10 Nov 1996 15:42:08 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
Message-ID: <9610118477.AA847730399@smtp-gw.cv62.navy.mil>


     ---------------------------------------------------------------------- 
     Paul Foley <mycroft at actrix.gen.nz> wrote at the end 
     of an enlightening message:
     >(BTW, does your address @smtp-gw.cv62.navy.mil imply 
     >that that you're actually aboard the Independence?)
     
     yes it does.  questions/comments can be directed via e-mail to my
     address as i am already _almost_ off-topic.  remember people, i'm
     playing devil's advocate here.  so far, while nothing has really
     changed my thinking process outright, comments are surely making 
     me think more (assuming that that's the point).
     
     ---------------------- SUCRUM22 at cv62.navy.mil -----------------------
       a calculated risk based on the possible consequence of an action
      is better than a haphazard one based on poor judgment or ignorance
     ---------------------------------------------------------------------
     Don't confuse my views with those of the DoD or the United States Navy
     
     
     
     
     





From tjb at acpub.duke.edu  Sun Nov 10 16:07:56 1996
From: tjb at acpub.duke.edu (tom bryce)
Date: Sun, 10 Nov 1996 16:07:56 -0800 (PST)
Subject: ideal secure personal computer system
In-Reply-To: <3.0.32.19961110111720.00e2eeec@mail.eskimo.com>
Message-ID: <l03010608aeabd76ba639@[152.3.87.2]>


>See the CryptoBook link at http://www.eskimo.com/~joelm
>
>While the concepts were originally developed for a laptop, they're easily
>applied to a desktop machine running Win95.
>
>Joel

Thanks for the link to the CryptoBook stuff - it's useful info.

Could you address further the issue of plaintext from scratch files,
virtual memory, and so on, from the standpoint of your CryptoBook system?

The advice to make the temporary directory on the encrypted volume and so
on, and the general pointer to wipe utilities, is good, but is there a
systematic way of making sure *no* plaintext gets written to disk, or if it
gets written, that it is properly wiped, with this system?

I believe there is a utility for DOS to intercept calls to delete (I'm a
mac person, pardon if I'm getting this wrong) and wipe all files before
deletion. (Real Delete? Secure Delete?) Would this be compatible with
Win95/cryptobook, and if so, would this address virtual memory concerns?

The larger question I'm wondering about here is, if one were starting from
scratch and trying to build a maximally secure Mac/Dos/Windows/Unix/other
platform for oneself to do one's daily work, which machine and what
configuration would one want? The mac I configured earlier seems pretty
darn good, can anyone see a flaw in it? I think the pain in the neck
resulting from the write-protected startup volume could be problematic, but
aliases to writeable files/folders on the encrypted partition should solve
most of this. I may set this up on my own mac to test it out, when I have
some time.

Tom







From unicorn at schloss.li  Sun Nov 10 16:39:35 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 10 Nov 1996 16:39:35 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611092052.UAA00391@server.test.net>
Message-ID: <Pine.SUN.3.94.961110173517.12339E-100000@polaris>


On Sat, 9 Nov 1996, Adam Back wrote:

> S L von Bernhardt == Black Unicorn, or do you "have that covered" too uni?
> 
> (I noticed you said you "had it covered" when you reported to the list
> on a meeting you attended which had a published list of attenders, and
> someone pointed this out).

I'm not sure which meeting this would be.  If I was on any published list
it would be under a pseudonym or a large and diverse enough list where I
didn't feel threatened by it being public.  Generally these are meetings I
attend only for personal or academic interest.  (i.e. I'm not attending in
an official capacity or participating in a way which would make my
presence obvious or a matter of record).

I suppose you could be referring to the ABA Committee on Law and National
Security Conference on Intelligence and Law Enforcement in September.
That's the most recent meeting I can recall which might fit your
description.

If my attendence to that event was published by anyone other than myself I
am unaware of it.  Even if it were I doubt it would be of value in linking
me to a "true name."

But this brings up some interesting points, and, with your patience, I
think I will take this time to blather on.


Secrecy - A few words (or more).

Secrecy is all about vigilance.  If you never put your name on something,
your name is unlikely to come up.  I fail to understand why this is, it
would seem, such a difficult concept for some cypherpunks to grasp.  If
everyone treated true names like PGP passwords and added in a touch of
disinformation here and there where required, true names would be nearly
impossible to determine.  To my knowledge few have bothered on this list.
I find this unfortunate.  In my personal experience it is quite easy to
conceal one's identity, particularly so where personal and professional
circles differ significantly, as they do in my case.

I admit that I am advantaged in that I was born outside the United States
and come from a family jealous of its privacy to begin with, but I submit
that secrecy of the kind I have (it would seem) preserved is not that
difficult to estlablish, and maintain.

I originally adopted a nym because I was concerned that my public
statements on the list and elsewhere in cyberspace, (which have nothing
to do with my professional conduct, my ability to represent clients or
wear my fiducuary hat) might be taken out of context and prejudice clients
or shareholders in one fashion or another.  Cypherpunks, and my politics
generally, are not always conducive to the traditional conservative
dispositions my clients and my family often had.  I was tangentially
concerned about some pre-publication review issues, which have since
evaporated.  As time went on it became clear that a nym was useful in
other ways.

For one, because I chose a depiction "Black Unicorn," rather than a name
"John Smith," I found that those who eventually contacted me by e-mail had
first to overcome the "silliness" reaction.  Seems rather moronic to write
an adolescent sounding "handle" about financial advice and so forth.  A
pre-screener of sorts.  The inquries I received were from individuals
interested or driven enough to ignore the cartoonish pen name as a result.
A decided advantage in my view.

A disadvantage: When I adopted the nym, I had not planned it to last quite
so long.  The image was perhaps a bit too personal to deter close and
determined investigations from revealing my identity, or at least come
close. (As one cypherpunk- I think you know who you are, though I'm not
sure- did).

Secondly, the potential for malicious reputation destruction was reduced
dramatically.  Its hard to call my clients and anonymously reveal my
"heroin problem" or some such.  Given the heated flames I am alarmingly
prone to participate in, this was something of a comfort.  I don't think I
ever abused my secrecy to avoid accountability for any real nastiness on
my part, though perhaps the list would be a better judge of that.

Thirdly, it became clear that given the amount and degree of archiving
which developed on the net, I was protected from the notorious "sleeper
blooper" attack.  "Do you recognize this, a posting from 1897, in which
you said that abortion should be legalized?"  This affords nice protection
from the sudden change in conventional wisdom on all the topics I
discussed.  (The flip side is that if banking secrecy ever comes back in
vogue, I need only reveal myself by signing my key to something with my
name on it and take credit for being a maverick in my time, or whatever).
This is a point that bears exploration.  The ability to pull up a literal
rap sheet on a person is no longer confined to law enforcement (as
our KOTM profiler so aptly demonstrated only days ago).  It is now an
easy endeavor which private investigation services once charged $65.00/hr
or more to accomplish.  Your's for only the cost of a local call.

Yet at the same time few seem to have bothered to pursue research on my
nym.  I paid for early accounts in cash or with a cutout credit
card, eventually using a provider I had substantial control over instead.  
I monitored things as simple as calls to my access provider, whois
commands (try whois.ripe.net), finger requests, etc.  To my surprise,
these were few in number.  I think people generally were uninterested, and
those who were either got bored or distracted.

Fourthly, the nym lent some protection from the baseless law suit.  No
longer is it in the power of just anyone to cost me time and money simply
because they wish to.  If I really engage in some conduct which causes
serious harm, and the potential for returns are high enough, resources
will doubtlessly be allocated to identify me and name me in a suit.  If
this cost is high enough, however, nuisance suits become hard to initiate
effectively.  An important point given all the discussion on the list
about the wisdom of legal threats for libel.

I think that the usual cypherpunk solution, if such a thing exists, would
be to use technical means to deter law suits, yet many in here resort to
attacks on those who would use the system instead.  Hasn't this been the
cypherpunk experience, that prosecutorial discression is no protection?
Why is libel any different?  Given that civil suits put the private party 
in the place of prosecutor, and that party has less of an incentive to
practice discression in initiating suit (no political checks, no
supervisory authoirty or chain of command) it would seem that civil suits 
bear a HIGHER risk of abuse.  Yet government, which like it or not has
several checks built in that the civil system does not, gets the most
attention in this regard.  A point to consider anyhow.

What were the biggest problems?  Family.

A pair of c'punks managed, by coincidence in one case, design in the
other, to collide with my sister on the net.  As she had a full and rather
open web page up and this had the potential to give out a plethora of
clues.  Nothing too personal, (thanks sis) but I was unaware the page
existed for quite awhile.  Again, I believe that it was a cultrual thing
which prevented her from spilling all her life's details and our family
name out onto the web like some kind of billboard.  (All it takes is a
quick look at something like "babes on the web" or whatever to find quite
well designed stalker's cliff notes happily authored by the stalkee.  One
page  I saw recently had a resume with social security number on it).

Cultural issues...

The problem with the United States is the complete integration of identity
publication into the development process.  Cub scout fingerprintings, year
book photographs, medical records, social security numbers at birth, the
list continues.  As numerous as these subtle and progressive degradations
of secrecy are, they are still not insurmountable for the United States
citizen.  No more than 4 or 5 absences on key dates would be required to
remove any individual from high school year books.  Complying with the
letter of the law, and no more, with regard to Social Security Number
disclosures is simple.  (Simply never write it down- or at least not
correctly- the people who need it, have it).  I have lived on and off in
the United States for quite some years, and I have never encountered a
situation where an actual social security number would have been required
of me.  I have shot myself in the foot by refusing to give on rather
than making one up, but this is a side issue.  Two associates of mine have
had similar experience. One (29) has no number at all and never bothered
to get one (last I heard, he was working in a high paying corporate type
job in a major city on the East Coast).  The other (38) has a number but
can no longer remember what it is.  (25+ years of disuse).  I assume that
whenever asked, they simply provide erronious or misleading information.
Both are U.S. citizens.

Unfortunately, in the United States most citizens only become interested
in privacy in their 20s or so.  By this time it is difficult to overcome
the mass of information which has been stored up.  (Pseudocide can be an
attractive option for some perhaps).

One marvels at the inability of Joe Sixpack to recognize the value of at
least a hint of caution with regard to identity.  (Especially so given all
the media hype about the dangers of social engineering, account number and
social security number publication and license plate information).

Given the cultural elements, I suppose it shouldn't be surprising to me
that any disclosure about a nym seems to bring with it a thousand clever
investigators who are sure that they have just managed to happen on a
"slip up."  (No less than four postings of this nature followed the DCSB
announcement).  For some reason, however, I still can't help but wonder
that secrecy seems so alien even to noted members of this list.  (Chrysler
kept its complete control over Norex N.A. a secret for 10 years, despite
the fact that millions flowed between the two companies regularly.  Crazy
Eddie, of New York fame, managed to keep his assets hidden, under the most
immense pressure, and his identity concealed for several years despite all
attempts by the United States to find him.  Saddam managed to avoid bombs
and cruise missles even in the face of satelite and directed intelligence
tasking.  Given these, keeping your name away from the Health Insurance
company should be quite obviously possible).

Apathy....

There are a few people out there who probably know who I am, but I'm not
sure that even they realize it exactly.  In terms of money I've not even
put much effort into it over the years, at least no more so than I do
protecting my personal privacy generally.  Part of the reason is that it
takes effort to research this kind of thing.  Even access to Lexis/Nexis
isn't always enough if you're given nothing to go on from the start.
Sure, there are schelling (?) points and so forth.  Certain lifestyle
habits come through.  (One list member who I spoke with by
telephone regularly derived a great deal simply from my phoning habits-
you know who you are- Kudos).  Even all this together, however, is not
always enough to narrow down the field too closely.

Keep in mind that I've attended cypherpunk meetings and met personally
with no less than 3 c'punks in the last several years.

My point?  That I'm immensely clever and trained in the shadowy world of
secret identities?  Hardly.  My point is that minimal effort can be
extremely effective.  In effect, anyone can do it.

I'm sure some clever participant at DCSB will do a pile of homework before
coming to my talk and put it all together.  So be it.  If he or she is
polite, they might chide me in private a bit, but not blather all over the
list just to show how very clever they were.  As long as they enjoy the
talk, I'm not overly concerned.

I do less work for private clients who's sensibilities I'm particularly
concerned about.  I spend more and more time out of the United States,
and, frankly, cypherpunks in general have received me warmly.  Most large
posts I made attracted at least a few "thank you's" or "could you tell me
more's."  In many ways this was much more rewarding than work for which
renumeration was forthcoming.  I hope I've given something back.

This brings up my final point.  Reputation.

After a while with the nym, the value of reputation became clear.  A
"cartoon" handle required more than the usual amount of reputation and I
found myself often taking more time with long posts and list research
projects than I might of had my real name been attached. (!)  Reputation
has value in more than one way it would seem.

Whatever comes of my visit to Boston, and snide remarks about my "teasers"
aside, I've enjoyed cypherpunks, even with the noise, and hope I can
continue to do so for as many years to come.  While less important,
today, privacy is still an issue for me.  Do be considerate and refrain
from taking photos and the like just for kicks.  I'm hardly going to be
obnoxious enough to have everyone frisked as the enter or the like, do me
a favor and make my guess that such measures are unnecessary among
cypherpunks the correct one.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland








From dlv at bwalk.dm.com  Sun Nov 10 16:51:20 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 16:51:20 -0800 (PST)
Subject: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <m0vMadi-0001QGC@wittsend.com>
Message-ID: <16D8wD20w165w@bwalk.dm.com>


"Michael H. Warfield" <mhw at wittsend.com> writes:
>
> Dr.Dimitri Vulis KOTM enscribed thusly:
> >
> > Hayashi_Tsuyoshi <take at barrier-free.co.jp> writes:
> >
> > > On Sat, 09 Nov 1996 10:47:28 -0800, stewarts at ix.netcom.com said:
> > >  >At 01:29 AM 11/9/96 -0800, John Gilmore <gnu at toad.com> wrote:
> > >  >>ask questions, etc.  To join the list, send mail to:
> > >  >>	linux-ipsec-REQUEST at clinet.fi
> > >  >>The email should contain a single line that just says:
> > >  >>	subscribe
> > >  >
> > >  >Actually, it needs to say
> > >  >        subscribe linux-ipsec
> > >
> > > Probably, it needs to send mail to:
> > > 	Majordomo at clinet.fi
> > >
> > > ///hayashi
> >
> > Moral: John Gilmore can't be trusted.
>
> Moral:	No wonder you get your ass thrown off mailing lists.  You're a fucking
> 	jerk who seems incapable of making and intelligent or constructive
> 	contribution to a discussion.
>
> 	We're working on something serious here and trying to cooperate and
> help each other.  All you can find to do is jump in and make an ass of
> yourself.  Since you're such a stupid ignoramous, I'll point out that the
> instructions which John posted agree with the messages coming from Tatu's
> system.  They just didn't work.  So, Tatu has something misconfigured on
> his system.  But I suppose you couldn't be BOTHERED to even fucking check.
>
> 	You own John an apology but I think that's a bit much to expect
> from low life like yourself.

Yeah, right. Be sure to ask Paul Bradley to implement his brute force
attack on one-time pads. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From attila at primenet.com  Sun Nov 10 18:13:24 1996
From: attila at primenet.com (attila at primenet.com)
Date: Sun, 10 Nov 1996 18:13:24 -0800 (PST)
Subject: WIPO Treaty:  Worse than CDA- Deadline 22 Nov 96       ; availability and use of knowledge emasculated        ; impact on web catastrophic.
Message-ID: <199611110214.TAA18631@infowest.com>


                WIPO Treaty:  Worse than CDA

                Deadline 22 Nov 96 for comment to Congress

        WIPO was introduced this spring to Congress.  It is not 
    understood by either the Clinton administration or the Congress and
    few of the public are aware of the problem!

        CP internal bad mouthing and intellectual assignations need to
    to come to a dead halt --if we want the net at all, or for the net
    to be an information provider, the impact of the CDA would be 
    chump change for peanuts in comparison.

        The WIPO clauses involving rights to collections of what are 
    commonly public domain "fact" will become private property 
    --literally; even more so than the restrictions of the 'fair use' 
    conventions. The availability of knowledge emasculated; the impact 
    on web is catastrophic;  web information and fair use policies 
    are gutted.


        My message to Bubba, West Publishing, and the rest of the 
    greedy bastards:


            Cyberspace and Freedom are Information.  
            FUCK your WIPO, too. 
                                                                -attila
 
       -------------------------------------------------------------------------------------------------------
            The following message is an excerpt of a message from James 
        Love <love at tap.org> forwarded by attila <attila at primenet.com>
        see  Consumer Project on Technology:  http://www.essential.org/cpt           
        -------------------------------------------------------------------------

.	Sports fans in the United States will be surprised to learn 
.that U.S. Government officials are pressing for the adoption of 
.an International treaty that will (if enacted) significantly 
.change the ways sports statistics are controlled and 
.disseminated.  The treaty isn't specifically directed at sports 
.statistics -- 

        it is a much broader attempt to create a new 
    property right in facts and other data now in the public 
    domain -- but it will have an enormous impact on the legal 
    rights  [...] on sports, stock prices, weather data, train 
    schedules, data from AIDS research and other facts are
    controlled....  See, for example:
 
                http://www.news.com/News/Item/0,4,3208,00.html

        The treaty addresses much more fundamental issues regarding 
    ownership of information currently in the public domain... 

        I am deleting the bulk of the report for brevity, including only
    the definition of the "database" as it applies to WIPO.

.WHAT IS A DATABASE? WHAT ISN'T A DATABASE?
.
.The treaty would protect "any database that represents a 
.substantial investment in the collection, assembly, verification, 
.organization or presentation of the contents of the database." 
.
.This term should be understood "to include collections of 
.literary, musical or audiovisual works or any other kind of 
.works, or collections of other materials such as texts, sounds, 
.images, numbers, facts, or data representing any other matter or 
.substance" and "may contain collections of expressions of 
.folklore." The "protection shall be granted to databases 
.irrespective of the form or medium in which they are embodied. 
.
.Protection extends to databases in both electronic and non-
.electronic form" and "embraces all forms or media now known or 
.later developed. . . Protection shall be granted to databases 
.regardless of whether they are made available to the public. This 
.means that databases that are made generally available to the
.public, commercially or otherwise, as well as databases that 
.remain within the exclusive possession and control of their 
.developers enjoy protection on the same footing."
.
.WHAT ARE EXTRACTION AND UTILIZATION RIGHTS?
.
."The maker of a database eligible for protection under this 
.Treaty shall have the right to authorize or prohibit the 
.extraction or utilization of its contents." What is "extraction"? 
.Extraction is defined as, "the permanent or temporary transfer of 
.all or a substantial part of the contents of a database to 
.another medium by any means or in any form." "Extraction . . . is 
.a synonym for `copying' or `reproduction' . . . by `any means' or 
.`any form' that is now known or later developed."
.
."Utilization" is defined as "making available to the public all 
.or a substantial part of the contents of a database by any means, 
.including by the distribution of copies, by renting, or by on-
.line or other forms of transmission," including the right to 
.control the use of the data "at a time individually chosen by 
.each member of the public."
.
.WHAT IS A "SUBSTANTIAL PART" OF THE DATABASE?
.
.The treaty sets out tests for determining if an extraction is 
."substantial," and these tests are both highly anticompetitive, 
.and extremely broad in scope.
.
.The "substantiality" of a portion of the database is assessed 
.against the "value of the database," and considers "qualitative 
.and quantitative aspects," noting that "neither aspect is more 
.important than the other . . . This assessment may also take into 
.account the diminution in market value that may result from the 
.use of the portion, including the added risk that the investment 
.in the database will not be recoverable. It may even include an 
.assessment of whether a new product using the portion could serve 
.as a commercial substitute for the original, diminishing the 
.market for the original."
.
.Then the treaty adds that a "substantial part" means any portion 
.of the database, "including an accumulation of small portions . . 
.. In practice, repeated or systematic use of small portions of 
.the contents of a database may have the same effect as extraction 
.or utilization of a large, or substantial, part of the contents 
.of the database."
.In the US implementing legislation, the only types of data use 
.that would not be regulated would be "insubstantial" parts, 
."whose extraction, use or reuse does not diminish the value of 
.the database, conflict with a normal exploitation of the database 
.or adversely affect the actual or potential market for the 
.database." Under this language, a database owner could say that 
.it might in the future want to charge for each transmission of a 
.fact or an element of a database as part of its "normal 
.exploitation" of the database. With the Internet and digital cash 
.this claim is likely to be made. The public would not have "fair 
.use" rights, since fair use is only defined in matters involving 
.copyright.
.
.FOR HOW LONG? 15 YEARS, 25 YEARS, OR FOREVER?
.
.The Treaty would require a minimum term of protection (15 years 
.in the EU proposal, and 25 in the United States proposal) for the 
.database. But this is extended each time the database is revised 
.or enhanced. According to the draft treaty, "any substantial 
.change to the database, evaluated qualitatively or 
.quantitatively, including any substantial change resulting from 
.the accumulation of successive additions, deletions, 
.verifications, modifications in organization or presentation, or 
.other alterations, which constitute a new substantial investment, 
.shall qualify the database resulting from such investment for its 
.own term of protection."
.
.The provision on revisions raises the specter that protection for 
.many databases will be perpetual. This could indeed be the case 
.if the original versions of the database  are only "licensed" by 
.the vendor for a limited period of time, so that the only 
.available versions would be the new ones, which would have a new 
.term of protection. [Database vendors write these restricted use 
.licenses now].
.
.    The proposals for a new legal environment for publishing 
.facts are outlined in a draft treaty on "databases" that will be 
.considered at a December 1996 meeting of the World Intellectual 
.Property Organization (WIPO), in Geneva, Switzerland.  See:
.
.    www.public-domain.org/database/database.html
.  
.    The proposal would require the United States and other countries to
.create a new property right for public domain materials. "Texts, sounds, 
.images, numbers, facts, or data representing any other matter or 
.substance," will be protected. 
. 
.    The treaty seeks, for the first time, to permit firms to 
."own" facts they gather, and to restrict and control the 
.redissemination of those facts.  The new property right would lie 
.outside (and on top) of the copyright laws, and create an 
.entirely new and untested form of regulation that would radically 
.change the public's current rights to use and disseminate facts 
.and statistics.  American University Law Professor Peter Jaszi 
.recently said the treaty represents "the end of the public 
.domain." 
. 
.Copies of the proposed treaty, a federal register notice 
.asking for public comment, and independent commentary can be 
.found at:
.
.          http://www.public-domain.org/database/database.html
.
.WHO IS PUSHING FOR THE DATABASE TREATY?
.
.	In 1991, the US Supreme Court ruled (in the Feist decision) 
.that the facts from a telephone "White Pages" directory of names, 
.addresses and phone numbers were not protected under the 
.copyright laws, and that in general, "facts" could not be 
.copyrighted by anyone.  The Feist decision alarmed several large 
.database vendors, who crafted this new "sui generis" property 
.right that would protect facts, and just about everything else.
 
.[The vendors have already succeeded in obtaining a directive on 
.the database proposal from the European Union, although no European 
.country has yet passed legislation to implement the treaty]. The 
.most active supporter of this new property right is West 
.Publishing, the Canadian legal publisher. A West Publishing 
.employee chairs a key ABA subcommittee which wrote a favorable 
.report on the treaty.  A number of very large British and Dutch 
.database vendors are also lobbying hard for the treaty.
.West wants the new property right to protect the "page 
.numbers" and "corrections" it adds to the judicial opinions it 
.publishes in paper bound books.  Telephone companies want to 
.protect the names, addresses and telephone numbers they publish, 
.and other database vendors what to protect scientific data or 
.other non-copyrighted government information they publish.  In 
.seeking to protect these items, the treaty was written to stamp 
."owned by" labels on a vast sea of information now in the public 
.domain.  Copyright experts J.H. Reichman and Pamela Samuelson  
.say  it is the "least balanced and most potentially anti-
.competitive intellectual property rights ever created."   see:
.
.            http://ksgwww.harvard.edu/iip/reisamda.html
.
.	In Feist, the Supreme Court noted:
.     (a) Article I, Sec. 8, cl. 8, of the Constitution mandates 
.     originality as a prerequisite or copyright protection. The 
.     constitutional requirement necessitates independent creation 
.     plus a modicum of creativity. Since facts do not owe their 
.     origin to an act of authorship, they are not original and, 
.     thus, are not copyrightable.  
.     [From the Syllabus of the opinion, at:
. 
.            http://www.law.cornell.edu/supct/classics/499_340v.htm
.
.Since facts cannot be copyrighted, the supporters of the 
.treaty have framed this as a new "sui generis" property right, 
.which will have a separate statutory framework.  "Originality" or 
."authorship" will not be required.
. 
.As a "sui generis" property right, the database proposal 
.does not incorporate the fair use principles from copyright that 
.reporters and value added publishers often take for granted.  The 
.leagues would be able to require license to publish box scores or 
.other statistics in any media.  One can imagine a world where the 
.leagues wouldn't require licensing of box scores to print based 
.periodicals like daily newspapers, but that a much more 
.controlled regimen would evolve on the Internet.  The leagues 
.could require licensing of box scores and other statistics for 
.Internet publications, or linking to the leagues own web sites, 
.such as:
.
.            www.nba.com 
.            www.nba.com
.            www.nhl.com
.  
.WHAT CAN YOU DO?
.
.    The government is taking comments on the database treaty 
.through November 22, 1996.  If you don't think the government 
.should rush into a new regulatory scheme for sports statistics, 
.let them know.  
.    You can email your comments to:
.
.            diploconf at uspto.gov
.
.If you want to know more about his proposal, check out:
. 
.            http://www.public-domain.org/database/database.html
.
.Two law professors who have studied the treaty extensively are:
. 
.Professor Pamela Samuelson, University of California at Berkeley, 
.Voice (510)642-6775, pam at sims.berkeley.edu
.
.Professor Peter Jaszi, American University, School of Law, Voice 
.(202) 885-2600, pjaszi at wcl.american.edu
.
.                             APPENDIX
.
.Extracts from James Love, "A Primer On The Proposed WIPO Treaty 
.On Database Extraction Rights That Will Be Considered In December 
.1996, October 29, 1996,
. 
.            http://www.essential.org/cpt/ip/cpt-dbcom.html

--
            Cyberspace and Freedom are Information.  
            FUCK your WIPO, too. 
                                                                -attila
 





From mianigand at outlook.net  Sun Nov 10 18:20:08 1996
From: mianigand at outlook.net (Michael Peponis)
Date: Sun, 10 Nov 1996 18:20:08 -0800 (PST)
Subject: Rarity: Crypto question enclosed
Message-ID: <199611110219.SAA26107@toad.com>


-----BEGIN PGP SIGNED MESSAGE-----

> Sorry that this message doesn't include any flames, "outings",
> denigrations, or other stuff......

Hey, that "stuff" comes in useful.

Some of the more origional ones are posted on my office wall,
so when people accuse me of being a childish, insensitive and
 egotistical  I just show them some cypherpunk postings, "See, I'm not
this bad, count yourself fortunate how would you like to work for some
of these guys?"

> My simple question is regarding key/certificate distribution:
> 
>         Is there any particular reason that such can't be
accomplished via 
> on-line lists, and made available via a service on a port, using
standard 
> (textual) commands, like mail and such are now?

Conceptual, I had the same idea about a year ago, but never enough
time to do it. Practically, it could be painful.

It's possible to have a key-server listen on a port and accept
requests, then it would
fork a process, process the result, and return an answer set.

But how many CPU cycles would it take for a machine to process a
request, ie going through
1000 of keys?  I am not exactly sure, it took a long while on my
pentium.

In my opinion, if I were to run a key server as a service, with
clients connecting and requesting a key
it shouldn't take more than a minute to get a responce.

>         The things that come to mind are a 'client' request for a
key, a 
> 'client' submission of a key, an external host requesting a key
exchange, 
> and the host itself requesting a key exchange with another system
(only 
> new/changed keys being swapped).

Had the exact same idea, but came up with an interesting concept. When
a person submits a key, a PGP process is spawned yeilding the
following information 1.) The name (peponmc at cris.com) 2.) The real
name (Michael Peponis) 3.) The key size 4.) Creation date of the key
5.) Key finger print

This information, along with the acutal key would be inserted into a
SQL Database table

With a structure similar to this

Name           varchar2
Real_name   Varchar2
KeySize        Integer
CreationDate date
PGPKEY       Varchar(a fairly large one)
Submission_date  Date

The idea here being that the key would be added as a field, and
requests from clients
and other key servers would do a simple Database query, which are very
quick.





>         The way I see it working is similar to (but not as slow as,
or 
> requiring the human intervention) of the key servers already
existing. 
> Granted that the first few such servers might carry a higher load,
but I'd 
> think that would taper off as the (presumably free) software became

> available, similar to the growth of remailer software (which would
seem to 
> be a fairly reasonable relationship....).

>         Hooks into existing PGP-fluent software shouldn't be
difficult with 
> a standardized protocol, and I wouldn't think that the servers
would be 
> that difficult to code and implement on a 'standard' (consistently
used, 
> that is) port.


It's not that hard, it's performance that's more of an issue.  The
beauty of my approch would be that initially, there would be alot of
"Add" requests, resulting in many PGP processes running on the box,
but eventually, they would tapper off.

Database requests pose no real problems, on Unix boxes, especially
with Oracle, the SGA is always running, it's just one more request,
going up against a realatively small table.  The box could return an
answer in a matter of seconds, as opposed to over a two minutes.

Server updates would be swift too, they would just transfer well
defined SQL Datasets between themselves.

>         I'm willing to have a try at the first server, if the
parameters 
> can be defined.


Let me know what you think of my idea 
> Dave Merriman


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAwUBMoZirkUffSIjnthhAQFBpAQAw1a48NY/IPai8FqAkqlfi2tLoreGlQlW
RaWLVnSE/dl4CpRf+nLXjRRYQL6FlmKxfVkgv68yS3srFlx9KpkGqOT3k9hZGfzU
3X+ADKI2oKzSZM92vmYoM+BGtxggdgg/SjoPwyxq76FuiHt6SnDcCvXeRUDclFHi
CMqPPKvaqBo=
=Yudv
-----END PGP SIGNATURE-----





From security at kinch.ark.com  Sun Nov 10 18:41:27 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Sun, 10 Nov 1996 18:41:27 -0800 (PST)
Subject: Rarity: Crypto question enclosed
In-Reply-To: <199611102102.NAA17006@toad.com>
Message-ID: <Pine.LNX.3.94.961110173427.5826D-100000@kinch.ark.com>


Sounds a little like Hesiod to me.

cheers

On Sun, 10 Nov 1996, David K. Merriman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Mime-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> 
> To: cypherpunks at toad.com
> Date: Sun Nov 10 15:03:35 1996
> Sorry that this message doesn't include any flames, "outings", 
> denigrations, or other stuff......
> 
> My simple question is regarding key/certificate distribution:
> 
>         Is there any particular reason that such can't be accomplished via 
> on-line lists, and made available via a service on a port, using standard 
> (textual) commands, like mail and such are now?
> 
>         The things that come to mind are a 'client' request for a key, a 
> 'client' submission of a key, an external host requesting a key exchange, 
> and the host itself requesting a key exchange with another system (only 
> new/changed keys being swapped).
> 
>         The way I see it working is similar to (but not as slow as, or 
> requiring the human intervention) of the key servers already existing. 
> Granted that the first few such servers might carry a higher load, but I'd 
> think that would taper off as the (presumably free) software became 
> available, similar to the growth of remailer software (which would seem to 
> be a fairly reasonable relationship....).
> 
>         Hooks into existing PGP-fluent software shouldn't be difficult with 
> a standardized protocol, and I wouldn't think that the servers would be 
> that difficult to code and implement on a 'standard' (consistently used, 
> that is) port.
> 
>         I'm willing to have a try at the first server, if the parameters 
> can be defined.
> 
> Dave Merriman
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBMoV+S8VrTvyYOzAZAQHlMQP/eU3F2JyaQcU6tQ+J5iCdAdPKiBNORJGT
> chgNauyaH/dHwj+DzcKZzhmjabsICGZjPbJvH+DIvnbGx3eGF1Y2HUAHvt5ab4ww
> gfPJ7xfjwNUJPyrTQtp7lXVdB5BVfSw/I2lHzSg1ssRvTo4iF+gIoAQypOT1Z617
> Fo/c1h77KgA=
> =pkk/
> -----END PGP SIGNATURE-----
> 






From markm at voicenet.com  Sun Nov 10 18:45:49 1996
From: markm at voicenet.com (Mark M.)
Date: Sun, 10 Nov 1996 18:45:49 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <199611100747.XAA00328@cryptical.adnetsol.com>
Message-ID: <Pine.LNX.3.95.961110214102.1690A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 9 Nov 1996, Mike Ingle wrote:

> A theoretical discovery is needed particularly in the area of recipient
> anonymity. Good sender anonymity and weak recipient anonymity leads to
> 'hit and run' behavior such as spamming email and newsgroups, but not
> to anonymous markets.

The current nymservers offer pretty good security.  The only problem is they
are vulnerable to traffic analysis.  If an attacker wants to find out whether
a particular person is using a pseudonym, he could send a lot of messages to
the nym and if the suspected user receives that same amount of messages in
anonymously remailed traffic.  This would confirm the attacker's suspicion.
There are a few ways to protect against this.  One way is for a person to
request that email stored on the nym server be delivered.  The email could be
delivered as one large encrypted message.  The user could also request each
email individually, but this does have some drawbacks.  Delivering each message
as it is received is a Bad Thing.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoaT0yzIPc7jvyFpAQFJWQf9FiQUfKlgs0oI1rLx6qFB7tbxkNkMnzsx
fGG4QDh8XxokWF6eJW5550mlC/kpZF81/QUHQMkbQqpqWud8Pvzxo1dBxRkhcKsC
xnI44ICR2t4xDww0DOt5P3XG0FbBoQUYfeJkD3Mjw1ZNq838hSJrZjF+06sB2y7V
fMd5JXJtqLWsHMvlXYpu1oHr0K4aB+iddBIERZjyDLDsXf4ejuQapio7OO1fSE1n
Rk1cR+zHIh5iWLMYyHzFXMyLCOVE1PhwndOfiUlwIlI59ISu40Anl+qJ+7I7rEQu
i3BJipswUOZ47V1c0Ek/DixI1F5rV6NFxd4zJlYRYB3KvcOrNwWThg==
=WWzM
-----END PGP SIGNATURE-----






From jimbell at pacifier.com  Sun Nov 10 20:54:44 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 10 Nov 1996 20:54:44 -0800 (PST)
Subject: A Disservice to Mr. Bell
Message-ID: <199611110453.UAA16211@mail.pacifier.com>


At 07:16 AM 11/10/96 -0800, Dale Thorn wrote:
>jim bell wrote:
>
>> Interestingly enough, the one thing the Commonlaw court system needs is an
>> effective enforcement system.  One likely method is the commercial lien
>> process, but even that tends to be resisted by people who are far more used
>> to dealing with equity court personnel.  It turns out that my AP system
>> seems to mesh almost perfectly with their needs, although obviously in
>> practice it would only be used as a "last resort."
>
>Speaking of Common Law courts and their Liens, the feds have expanded their crackdown
>begun with the Freemen of Montana.  They arrested Elizabeth Broderick and several of
>her associates or whatever, and I know at least one person personally who is hiding
>or keeping a very low profile at least.  [these are people in the common law/lien
>business]


This is, generically, a dispute that the Federal government will eventually 
lose, I think within 10 years or so.  Commonlaw courts were quite real (in 
fact they pre-dated equity courts by at least 2-3 centuries), and they can 
rapidly reconstitute themselves along their original lines. 

There are, I think, two reasons that the equity court system (and their 
sleazy lawyers, both on and off the bench) are worried.  First, what they 
have now is, effectively, a monopoly on "justice."  The re-emergence of 
commonlaw courts would provide competition that has been long gone.  Think 
of it like any monopoly that suddenly has to accept competition.

  The second reason is that with the return of commonlaw courts will be 
eliminated the tradition (and that's all it was, effectively a tradition) of 
judicial immunity.  Imagine how easy it could be to bring criminal charges 
against judges, lawyers, cops, and others who are either "impossible" to sue 
or at least very difficult.  






Jim Bell
jimbell at pacifier.com





From ph at netcom.com  Sun Nov 10 20:55:27 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 20:55:27 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <v02140b01aeac56fff48d@[192.0.2.1]>


At 3:55 AM 11/10/1996, tom bryce wrote:
>Here's a question: if one were designing for oneself a secure personal
>computer system, for use in, say, word processing, spreadsheet,
>communications, the usuals - what system would one purchase and how would
>one set it up?
>
>For example, on the Mac I would envision this as the ideal system:
>
>(1) Get a power mac
>(2) Partition the hard drive into two partitions:
>    install the system folder on one and a copy of CryptDisk
>    make this the startup partition and make it READ ONLY with aliases to
>    folders you want to be modiyfable (such as Eudora Folder in the sys folder)
>    place these folders on the encrypted partition
>(3) Completely fill the other partition with a CryptDisk file so there is no
>    room for other stuff to be written. Adjust the partition size if needed.
>(4) Install a screen saver (such as shareware Eclipse) that will password lock
>    the screen after a few minutes of inactivity, and set CryptDisk to dismount
>    the external partition after a few minutes of inactivity (or longer)

Watch out for the clipboard which appears to be stored as a file in
the system folder.  Unfortunately, it has to be a real file - aliases
not allowed.  This makes it harder to have a read only system folder
and, of course, every time you cut and paste something you leave a
ghost on the disk for an undefined length of time.  It's hard to
work on the Mac without using the clipboard.

I would love to know a workaround for this.

Peter Hendrickson
ph at netcom.com







From ichudov at algebra.com  Sun Nov 10 21:03:06 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sun, 10 Nov 1996 21:03:06 -0800 (PST)
Subject: No Subject
Message-ID: <199611110436.WAA15563@manifold.algebra.com>


manifold::~==>premail -t cypherpunks at toad.com
Chain: haystack;jam
Subject: I urgently need a lot of money.

Please share your money-making secrets, I am in a desperate need
for cash.





From list at infowar.com  Sun Nov 10 21:12:44 1996
From: list at infowar.com (list)
Date: Sun, 10 Nov 1996 21:12:44 -0800 (PST)
Subject: infowar Digest for 10 Nov 1996
Message-ID: <199611110511.VAA01029@toad.com>


                       infowar Digest for 10 Nov 1996

Topics covered in this issue include:

   1: RE: Chemical Warfare Agents
             by alm at io-online.com
   2: Propaganda and TWA/CIA-Cocaine
             by winn at infowar.com



--------------------------------------------------------------------------
1                                Message:0001                            1
--------------------------------------------------------------------------
To: infowar at infowar.com
From: "Betty G. O'Hearn" <betty at infowar.com>
Subject: Infowar Digest  Vol. 1  # 1


infowar at infowar.com 

                     Sunday, November 10 1996    Volume 01: Number 01

                                       We thank our sponsors:

National Computer Security Association
OPEN SOURCE SOLUTIONS Inc.
New Dimensions International - Security Training
Secure Computing Corporation
HOMECOM Communications
Internet Security Solutions
___________________________________________________________

Infowar at infowar.com is brought to you in the  the interest of an open, 
unclassified exchange of information and ideas as a means for advancement of
Information Warfare related issues.   Topics of discussion for this list
include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,
Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD. 

As the list expands we will adapt to the needs and desires of our subscribers. 

This is a DIGEST format.
________________________________________________________________

Contents of this Digest:               Volume 01: Number 01 

Infowar at infowar.com   Chemical Warfare Agents
Infowar at infowar.com   Iraq   WMD
Infowar at infowar.com   RE: Chemical Warfare Agents

----------------------------------------------

To:        Wilson, Gary, COL, OSD/RA  GWilson at osd.pentagon.mil
Cc:         betty at infowar.com
Subject:  Re: Chemical Warfare Agents

Chemical Warfare Agents
An overview of chemicals defined as chemical weapons

>> Main Groups
>>
>>     Nerve Agents
>>     Mustard Agents
>>     Hydrogen Cyanide
>>     Tear Gases
>>     Arsines
>>     Psychotomimetic Agents
>>     Toxins
>>     Potential CW Agents
>>
What is a Chemical Warfare Agent?

A United Nations report from 1969 defines chemical warfare agents as " ... 
chemical substances, whether gaseous, liquid or solid, which might be
employed because of their direct toxic effects on man, animals and plants 
... ".
The Chemical Weapons Convention defines chemical weapons as including not 
only toxic chemicals but also ammunition and equipment for their 
dispersal.  Toxic chemicals are stated to be " ... any chemical which,
through its
chemical effect on living processes, may cause death, temporary loss of
performance, or permanent injury to people and animals". Plants are not
mentioned in this context.

Toxins, i.e., poisons produced by living organisms and their synthetic
equivalents, are classed as chemical warfare agents if they are used for
military purposes. However, they have a special position since they are
covered by the Biological and Toxin Weapons Convention of 1972. This
convention bans the development,production and stockpiling of such
substances not required for peaceful purposes.

Today, thousands of poisonous substances are known but only a few are
considered suitable for chemical warfare. About 70 different chemicals 
have been used or stockpiled as CW agents during the 20th century. Today, only 
a few of these are considered of interest owing to a number of demands that 
must be placed on a substance if it is to be of use as a CW agent.

A presumptive agent must not only be highly toxic but also "suitably 
highly toxic" so that it is not too difficult to handle. The substance 
must be capable of being stored for long periods in containers without
degradation and without corroding the packaging material. It must be
relatively resistant to atmospheric water and oxygen so that it does not
lose effect when dispersed. It must also withstand the heat developed when 
dispersed.
>>
"War Gases" are Seldom Gases
>>
CW agents are frequently called war gases and a war where CW agents are
used is usually called a gas war. These incorrect terms are a result of
history. During the First World War use was made of chlorine and phosgene 
which are gases at room temperature and normal atmospheric pressure. The 
CWagents used today are only exceptionally gases. Normally they are liquids 
or solids. However, a certain amount of the substance is always in 
volatile form (the amount depending on how rapidly the substance evaporates)
and the gas concentration may become poisonous. Both solid substances and
liquids can also be dispersed in the air in atomized form, so-called
aerosols. An aerosol can penetrate the body through the respiratory organs
in the same way as a gas. Some CW agents can also penetrate the skin. This
mainly concerns liquids but in some cases also gases and aerosols. Solid
substances penetrate the skin slowly unless 
they happen to be mixed with a suitable solvent.

Effects on Vegetation

Flowers and leaves of some plants may change colour if they are exposed to 
droplets of a CW agent in an attack. Light or matt spots may occur as well 
as brown discoloration, particularly on leaves. Entire trees, or parts of 
them, may also get brown discoloration in situations of strong exposure.
The discoloration often arises within a few minutes but may also occur
after some days.

Classification

CW agents can be classified in many different ways. There are, for 
example, volatile substances, which mainly contaminate the air, or persistent
substances, which are involatile and therefore mainly cover surfaces.
CW agents mainly used against people may also be divided into lethal and
incapacitating cathegories. A substance is classified as incapacitating if 
less than 1/100 of the lethal dose causes incapacitation, e.g., through
nausea or visual problems. The limit between lethal and incapacitating
substances is not absolute but refers to a statistical average. In
comparison, it may be mentioned that the ratio for the nerve agents 
between the incapacitating and lethal dose is approximately 1/10. Chemical
warfare agents are generally also classified according to their effect on the
organism.

In order to achieve good ground coverage when dispersed from a high
altitude with persistent CW agents the dispersed droplets must be
sufficiently large to ensure that they fall within the target area and do 
not get transported elsewhere by the wind. This can be achieved by
dissolving polymers (e.g., polystyrene or rubber products) in the CW agent 
to make the product highly-viscous or thickened. The result will be that
the persistence time and adhesive ability increase which thus complicates 
decontamination.

Although it may appear that a CW agent can be "custom-made" for a certain 
purpose, this is not the case. Instead, there is always some uncertainty
about the persistence time, the dispersal and the effect.

These Military Chemicals are Not Considered to be Chemical Weapons

Incendiary agents such as napalm and phosphorus are not considered to be 
CW agents since they achieve their effect mainly through thermal energy.
Certain types of smoke screen may be poisonous in extremely high
concentrations but, nonetheless, smoke ammunition is not classed as a
chemical weapon since the poisonous effect is not the reason for their 
use. Plants, microorganisms, algae, etc. which produce toxins are not classed 
as chemical weapons even if the produced toxins belong to that class.
Pathogenic microorganisms, mainly viruses and bacteria, are classed as
biological weapons.

--------------------------------------

From:   "Wilson, Gary, COL, OSD/RA" <GWilson at osd.pentagon.mil>
Subject:  Iraq: WMD
Date:      Fri, 1 Nov 1996 08:24:37 -0500

   WASHINGTON (AP) -- Before and during the 1991 Persian Gulf War, truck
convoys carried Iraqi chemical and biological weapons, as well as nuclear
material to safe haven in Iran, according to U.S. intelligence documents. 
>   "The trucks were camouflaged with mud during their travel through Iraqi
>territory," said the report placed Thursday on the Internet. "The convoy moved
>only at night. The mud was washed off after re-entry into Iranian territory." 
>   The report said "at least 14 trucks were identified as having nuclear,
>biological and chemical cargo. Boxes labeled 'tularemia,' 'anthrax,'
'botulinum' and 'plague' were loaded into containers." 
>   The trucks were driven by Iranian civilians who turned them over to Iranian
>Revolutionary Guards. 
>   That account was among more than 200 documents placed on the Internet over
>the objections of the CIA. They were put on the worldwide computer network by
>publisher Bruce W. Kletz, who plans to put out a book by a former CIA analyst,
>Patrick Eddington. 
>   Eddington asserts that the agency has hidden evidence that American troops
>were exposed to Iraqi chemical weapons. 
>   "These documents are still under review," CIA spokesman Mark Mansfield said.
>"We consider portions of them to be classified." 
>   The Pentagon originally put the material on the Internet and then
withdrew it in February when the CIA objected to making it public. 
>   While numerous studies have found no conclusive evidence that Iraqi forces
>used chemical or biological weapons against U.S. troops during the 1991 war, it
>is feared U.S. forces could have been exposed to nerve gas as they destroyed an
>Iraqi munitions dump after the war's end. 
>   Iraq's transfer of material to Iran was a new example of cooperation between
>two countries that fought an eight-year war but became covert allies when a
>U.S.-led coalition demanded that Iraq withdraw forces that occupied Kuwait in
>August 1990. 
>   During the ensuing Persian Gulf War, Iran allowed Iraqi planes to land
on its territory to escape destruction by coalition forces. The planes were not
allowed to rejoin the Iraqi military during the conflict. 
>   The documents did not shed new light on whether U.S. forces came into
contact with Iraqi chemical weapons. But they did show the concern about Iraq's ability to manufacture and deploy such weapons. 
>   One document cited a defector's account that "at least one chemical company
>is attached to each (Iraqi) division." 
>   Russia may have supplied biological warfare technology to Iraq and North
>Korea, according to a report written in 1994. "It was believed that the
>technology transfer commenced several years prior to April 1992 and was
still in progress during April 1992," the report said. 
>   The material also indicated the government had evidence that Iraq had moved
>chemical weapons into Kuwait. 
>   One report in January 1991, from an Iraqi national, said that chemical land
>mines had been loaded for shipment to Kuwait. The report said the information
>"cannot be confirmed." 
>   In September 1990, less than two months after Iraq occupied Kuwait, evidence
>was seen that "Iraqi forces may be conducting chemical decontamination
>exercises. They could be preparing for a chemical attack." 
>   During the same period, when the United States and its allies were massing
>forces in the Persian Gulf region, U.S. officials were concerned that
terrorists
>allied with Iraqi President Saddam Hussein would stage attacks on allied
forces.
>
>   Among the records returned to the Internet is a Nov. 3, 1995, memo
written by Paul Wallner, a Pentagon official heading an oversight panel dealing with Gulf War veterans' illnesses. 
>   Noting that various military officials and departments had "expressed
concern about potential sensitive reports or documents on GulflINK," the Persian Gulf War web site, Wallner recommended certain steps to "allow the investigation
team time to begin preparation of a response on particular 'bombshell' reports." 
>   According to the memo, a host of material would be subject to further
review, including "documents containing releasable information which could
embarrass the government or DoD," the Department of Defense. 
>   It also warned that additional scrutiny would be needed on documents "that
>could generate unusual public/media attention" or those "which seem to confirm
>the use or detection of nuclear, chemical or biological agents." 

-------------------------------------------------------
Notes from Moderator: 

1. GulfLINK documents can now be downloaded from infowar.com   

2. WEAPONS OF MASS DESTRUCTION IN TERRORISM
The Emerging Threat Posed by Non-State Proliferation, James K. Campbell is an interesting read.  The article is posted on infowar.com under the What's New section.

--------------------------------------------------------

ate: Tue, 29 Oct 1996 12:22:27 -0700
To: winn at Infowar.Com
From: alm at io-online.com
Subject: RE: Chemical Warfare Agents
Cc: "Wilson, Gary, COL, OSD/RA" <GWilson at osd.pentagon.mil>,
 betty at infowar.com, 'Ron Lewis' <INTELLIGYST at worldnet.att.net>

I think we have an excellent example of the psychological impact of
chemical weapons in the case of Israel right now.  The news statements
about land for peace in the Golan came shortly after new gas masks were
issued in Israel and I got curious.  I went back and checked the news
database and found that speeches recomending not serving in the IDF, that
students should leave Israel, and a wide variety of other self defeating
actions peaked at about one week after news of chemical weapons threats,
issueing of gas masks, and other news of this type appeared in the papers
there.  This comes after a long period of stress and being on high alert.
Early reactions seem to be panic, after a period of such stress it seems
make people (at least in this situation) turn in on themselves, willing to
abandon strongly held beliefs, etc. without knowingly tieing it to the
threats.  The attacks seemed aimed not at the threats but at the government
of Israel; yet, they are tied time-wise to increased pressure.  This was
traced over a two year period which gives some validity rather than a
one-time relationship.

I hate to say it, but this is an excellent laboratory for a variety of such
studies as it isn't artificial and its one of the few places where open
information is available on on-going threats of various types.
Sociologists have already done studies on behavior in society and such
using this lab.

Alijandra
------------------------------------------------------

END

Infowar             Sunday, November 10 1996        Volume 01: Number 01


DIRECT REQUESTS to:    list at infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe infowar        TO JOIN GROUP
Unsubscribe infowar    TO LEAVE GROUP
Help infowar               TO RECEIVE HELP 
TO POST A MESSAGE:  E-Mail to   infowar at infowar.com  

_____________________________________________________
Infowar.Com
Interpact, Inc.
Winn Schwartau
winn at infowar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361  FAX

Sponsor Opportunities/Comments/Help

Betty G. O'Hearn
Assistant to Winn Schwartau
http://www.infowar.com
betty at infowar.com
813-367-7277  Voice
813-363-7277  FAX



--------------------------------------------------------------------------
2                                Message:0002                            2
--------------------------------------------------------------------------
To: infowar at infowar.com
From: "Betty G. O'Hearn" <betty at infowar.com>
Subject: Infowar Digest  Vol. 1  #2


infowar at infowar.com=20

             Sunday, November 10  1996  Volume 01: Number 02

                               We thank our sponsors:

National Computer Security Association
OPEN SOURCE SOLUTIONS
New Dimensions International - Security Training
Secure Computing Corporation
HOMECOM Communications
Internet Security Solutions
__________________________________________________
Infowar at infowar.com is brought to you in the  the interest of an open,=
 unclassified exchange of information and ideas as a means for advancement=
 of Information Warfare related issues.   Topics of discussion for this list=
 include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,=
 Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD.=20

As the list expands we will adapt to the needs and desires of our=
 subscribers.=20

This is a DIGEST format.
__________________________________________________________

Contents  Vol. #1  No.2

infowar   Original Allegations - Flt 800 Disaster
infowar   Propaganda and TWA/CIA-Cocaine
infowar   Electronic Civil Defense

-------------------------------------------
To: winn at Infowar.Com
Date: 8 Nov 1996 14:33:38 CST
Subject: Original Allegations - Flt. 800 Disaster

ENN Special Report
11/08/96 - 13:45CST

Original Allegations of Friendly Fire Came From Alleged Iranian
Propagandist

(ENN) In light of yesterday's statements by former JFK Press Secretary
Pierre Sallinger, the Emergency Response & Research Institute conducted
an internal literature review of documents regarding the TWA Flight 800
disaster.  This internal probe included e-mail, newsgroup postings,press=
 reports, and consultations with experts, received from numerous sources. =
 It revealed that the original allegations of a U.S. Naval "friendly fire=
 incident" came from an alleged Iranian/Extremist Moslem propagandist named=
 Parveez Syad, aka Parveez Hussein, who was operating from a base in=
 Birmingham, England at the time.  Interestingly, Mr.Hussein/Syad=
 distributed these allegations widely on the Internet within 48 hours of the=
 incident and made what appeared to be premature accusations that the United=
 States was already engaged in a "cover-up."

Mr. Hussein/Syad's current whereabouts are unknown, and it is believed
that he may have been the subject of a government investigation in
England. Concerns were raised, at the time, by ERRI analysts that Mr.
Syad/Hussein may have been engaged in an "disinformation" campaign in an=
 effort to deflect attention from possible moslem extremist involvement
in the bombing of Flt. 800. Subsequent inquiries and examinations by
ERRI seem to verify that there was a concerted "foreign" effort to obscure=
 and confuse a number of issues involved in the Flt. 800 investigation.

Speculation continues among experts in regard to the authenticity of the
alleged U.S. government documents that are reportedly in the possession
of Mr. Sallinger. Without examination of these documents, ERRI analysts
say that further confirmation of Mr. Sallinger's statement is difficult
at best. One purposefully unidentified consultant told ENN that it is
even possible that Mr. Sallinger and French intelligence agents may have
been "duped" by a "foreign effort."

U.S. Navy and FBI officials have both "catagorically denied" any viable
evidence of a "friendly fire" incident or of any sort of "cover-up" on
the part of the U.S. government. James Kallstrom announced today that he
would welcome any additional information or evidence that Mr. Sallinger
or others might have in regard to the Flight #800 tragedy.

EmergencyNet News Service (ENN)
Emergency Response & Research Institute (ERRI)
6348 N. Milwaukee Ave., #312
Chicago, IL. 60646
(773) 631-3774 - Voice
(773) 631-4703 - Fax
(773) 631-3467 - Modem/Emergency BBS On-Line
-------------------------------------

Date: Fri, 8 Nov 96 16:26 EST
From: Michael Wilson <0005514706 at mcimail.com>
To: G-TWO List Members <g-two at majordomo.netcom.com>
Subject: Propaganda and TWA/CIA-Cocaine

Many of you may be dealing with questions regarding the two matters, so
I thought I would make this available to you.

---
Two recent events in the media are prompting my writing a very brief=
 commentary:
allegations of a cover-up in the TWA Flight 800 disaster and the alleged=20
CIA-Cocaine connection into the L.A. urban environment. My comments will be=
 directed at the propaganda value of these media events, as I'm currently=
 engaged in writing a primer on propaganda, and these make interesting case=
 studies.

Modern propaganda comes in many forms, but of primary concern in these two=
 cases are:
- 'Mobile truth,' or the reinterpretation of events (revisionist history), a=
=20
common feature on the Internet, which is increasingly becoming an entry=
 point into the more conventional media;
- Psyops in support of operations, including spin control, after action=
 reports,or informative accounts when the media is controlled by=
 intelligence and law enforcement;
- The digital nature of media--text, photographs, video, audio--has=
 undermined the ability to establish the reality of what they represent as=
 observational proxies. This has recently been termed the 'fictive=
 environment' by the military, and I'll use the term for lack a better one.

Let me discuss the two cases in terms of these points:

TWA 800
Ever since Flt. 800 went down, the conspiracy theorists have been out on the=
 Internet, alleging everything from a Syrian missile to a 'friendly fire'=20
accident. Part of these allegations have been blind assertions, but some=
 have=20
been backed up with 'proof' that entails supposed photographs and internal=
=20
government documents.

Mobile truth: in the absence of public facts or knowledge, speculation has=
 run wild. As usual, everyone's favorite pet suspect emerges--terrorists,=
 the U.S. Navy, government cover-ups, etc. This 'playing to the audience'=
 has received wide audience and coverage, because it is media hot--it=
 attracts a lot attention simply because it receives attention in the=
 viewers, readers, etc. in a self-fulfilling way. It plays on public and=
 hidden fears; provides simple=20
solutions; gives an enemy to hate, react against; it justifies the beliefs=
 and=20
agenda of many. The only solution is to provide facts, hopefully answers; of=
=20
course, this is antithetical to the investigatory (scientific and criminal)=
=20
process. This vacuum of data is being capitalized on by individuals or=20
organizations who know that the official channels are going to be closed to=
 the public--their motive is something I have no desire to quantify.

PsyOps: this game is lose-lose for everyone; the public is confused and=
 angered, the investigation is hampered or discredited, the sources of the=
 false information will eventually be shown to be wrong (although they will=
 launch secondary operations to manage this as well, alleging further=
 cover-up, conspiracy, and so forth). What happens though is a continual=
 lessening of the resistance in the information environment to future psyops=
 operations, and this is the long term benefit sought by the perpetrators.=
 Confidence in the government is at an all time low--post Viet Nam,=
 Watergate, Iran-Contra, Whitewater, etc. The readiness to believe the worst=
 becomes greater and greater, and public mental health suffers.

Fictive environment: while ground truth comes from direct observation, we're=
 becoming more dependent upon observational proxies than ever=
 before--photos, audio, video, documents, etc. The memories of observers is=
 a questionable thing at best (the madness of crowds), but digital trickery=
 are removing the trust values that we, only a few years ago, were able to=
 place in 'more reliable' materials. In the case of TWA, just as in most any=
 case, the creation or faking of evidence requires only modest skills and a=
 personal computer. Photos can be digital from their origin, and once=
 transferred into a computer with the right software, they can be merged or=
 altered in ways that are=20difficult to refute, even when false. Documents=
 are trivial to manufacture; elements used for provenance, showing a truth=
 and history of origin, can be falsified in a variety of ways (optically=
 scanning letterhead or signature, creation from scratch by matching=
 typeset, etc.), and the textual body can be anything imagined (and textual=
 analysis or comparison is commonly beyond the capabilities of the=
 audience). Video and audio are slightly more complex (in levels of effort);=
 video modification, loosely based on the same technology used to alter=
 photographs, requires greater skill and more powerful equipment, but is=
 gradually coming into the range of the average consumer, just as audio=
 sampling and modification technology has reached the 'garage' level. All=
 this calls into question any materials of physical evidence, but those=
 distributed over the Internet are particularly ntrustworthy--even the lower=
 resolution of net-distribution works to the advantage of the creation of=
 such materials. I expect this problem to have increasing impact as time=
 goes on, including in criminal and civil cases (for instance, in the Yousef=
 case in New York, where he claimed his computer files were faked, or the=
 potential falsification of photographic evidence in the Simpson civil=
 trial).

In short, the discussion and materials on/using the Internet have done=
 little to advance the search for the truth of the matter in TWA 800, and=
 have done much harm (diverting critical manpower from the investigation,=
 damaging the credibility of the investigation, etc.).

CIA-Cocaine connection
TWA and this accusation actually have much in common from a propaganda=
 standpoint. The allegation (made by the San Jose Mercury News) was that=
 assets associated with the CIA-backed effort in support of the Contras were=
 trafficking in cocaine, which helped to finance the (c)overt war. In=
 particular, the cocaine smuggled into the U.S.A. was supposed to have been=
 converted into the 'crack' or rock (smokable) form, and introduced into the=
 African-American urban setting in Los Angeles, with the undertones being=
 that it was a conspiracy to undermine the solidarity of the A-A community.

Mobile truth: the basic assertion never actually connected the CIA with any=
=20
involvement or trafficking, yet the implication (made indirectly or=
 directly,=20
depending on the source) was that it was a tacit CIA operation. Far be it=
 for me to write the apologia for the Agency, but not only is the supposed=
 action=20
illegal and immoral, it is also highly unlikely. Creative interpretation of=
 the=20
events allowed a rather clever ontological judo--the all-powerful,=
 all-knowing CIA either had to admit they had no idea what their assets were=
 involved in (thus damaging the all-knowing aspect of their reputation);=
 they could admit to knowledge but inaction (thus criminal facilitation, or=
 having to say that sometimes they need the help of 'bad' people, not a=
 politically correct position); or they could deny any involvement, and=
 foster the continual suspicion of cover-up, conspiracy, and hidden agendas.=
 Any way they move, they lose. This is again a position where history has=
 created an impression that the Agency would perform the worst action in=
 support of their own agenda,=20and then actively protect themselves from=
 investigation; no amount of reform or whitewashing can reverse the trend.=
 The strength of this attack on the credibility of the Agency is that it=
 plays so well with public impressions of the Agency, appears to fit the=
 profile of previous Agency violations of public trust, but can't be=
 defended against because of the secrecy requirements of the Agency, and the=
 improbable success of proving a negative assertion (that the Agency wasn't=
 responsible).

PsyOps: a factor to consider is that the accusations were made during an=20
election period in a key state where the issue solidified a constituency=
 into a=20
solid position against their 'traditional' opposition. The issue is very=
 much a=20
political one, and directed at rekindling public animosity about past deeds=
 (and misdeeds) to shape current public impressions. Again, the long term=
 casualties of all this are the public trust and credibility of a key but=
 troubled Agency; politically expedient attacks which undermine the=
 political process; and the continued progression of the perversion of the=
 information environment.

Fictive environment: no proof was actually offered (mostly proof by=
 assertion, as well as collateral association), but the very absence of=
 proof feeds in to the mobile truth and psyops elements of the operation.=
 Clearly no public documentation and argument could be offered from an=
 Agency that must maintain its security and integrity, and no proof could be=
 offered to prove the Agency wasn't involved, a negative assertion (a common=
 element in this sort of propaganda operation).

The CIA, Congress, and Justice Department are now engaged in investigations=
 of the allegations; as such, they will be on-going events to continue the=
 propaganda campaign, with a predictable end--the Agency finds no proof in=
 their records and interviews, which is then interpreted as continuing=
 evidence of a cover-up and conspiracy.

Conclusion-- Media manipulation, particularly using the Internet as a method=
 of propagation of the propaganda message or as an entry point into the=
 conventional media cycle, is becoming more of a problem. Clearly everyone=
 suffers, and the general atmosphere of distrust and disbelief, not to=
 mention disgust, prevail.

Michael Wilson
5514706 at mcimail.com
------------------------------------------
To:     infowar at infowar.com
From: winn at infowar.com
Date:  November 8, 1996
Subj:  Electronic Civil Defense Becomes a National Issue

In June of 1991, I testified before Congress that unless we moved forward as=
 a nation, we faced the possible specter of an "Electronic Pearl Harbor."=
 Five years to the day later, that same phrase was used by John Deutch and=
 others to wake up Congress and America that indeed a new concept of=
 national security has evolved as the Cold War wound down.

I recently ran into a Libertarian friend and lawyer who was somewhat upset=
 with me. "You are single handedly responsible for the backlash and efforts=
 of law enforcement to take away our personal freedoms." He was referring to=
 the comments made by FBI Director Louis Freeh, that additional electronic=
 eavesdropping capabilities were needed to thwart the threats of domestic=
 terrorism. He also referred to various law enforcement concerns that unless=
 US citizens voluntarily complied with a Key Escrow scheme of some variety,=
 it might be necessary to legislate a common cryptographic system which=
 would not interfere with government investigations into crime and=
 terrorism.

"So, it's all my fault?" I asked him in the presence of others.

He paused, and with only a twinge of humor said, "yes."

Well, I do not believe or accept for a moment that the work we have done in=
 the last several years is solely responsible for the extreme measures being=
 discussed, but my friend's concerns are legitimate and must be addressed.=
 He is keenly concerned, as many of us are, that recent headline grabbing=
 events may trigger law enforcement to overreact and with the emotional=
 support of many Americans, permit laws to be passed that a few short years=
 ago we never would have tolerated.

Civil Libertarians are quick to point out that if we permit law enforcement=
 to regain unbridled powers of electronic eavesdropping, we provide them=
 with the capability of abuse.

"Today's government may be fine. But we don't know about tomorrow's=
 government." They openly refer to the abuses of the Hoover FBI where, most=
 of will admit, things did get out of hand. I've met with CIA case officers=
 who feel hamstrung by their inability "to get the job done" in an effective=
 way, because they are paying for the sins of their predecessors. Most of=
 the FBI agents I know understand the legitimate fears of the civil=
 liberties groups, but also know that they must have increased access to=
 technology to defeat criminal activities.

The issue comes down to one of balance. Pure and simple. "Whom do you trust"=
 is a high profile collateral issue.=20

But let's understand what has catalyzed much of these moves on the part of=
 law enforcement:

	- The Oklahoma City bombing
	- The World Trade Center bombing
	- The Lockerbie Tragedy
	- The US Military Bombing in Saudi Arabia
	- TWA Flight 800
	- The Olympic Bombing

These events trigger deep emotional responses on the part of most Americans=
 and a call for action. "What can we do?" "Do something." "This shouldn't=
 happen in America." "Protect us." And the predictable response from law=
 enforcement is to ask for additional powers. Balance. It's all about=
 balance.

The critics say that Law Enforcement can push electronic taps past friendly=
 judges with little inquiry on their part. The FBI says it takes a mass of=
 paper work and evidence to convince a judge. There were less than 2,000=
 phone taps issued last year - and I guess I feel that's not a whole lot.=
 260,000,000 people, less than 2,000 taps. You add it up.=20

Resources on the part of law enforcement are pretty scant. They do not have=
 the budget or manpower to indiscriminately tap phones everywhere and=
 analyze their contents. It's manpower intensive. They have to be selective.=
 In many ways I wish they listened in on more of the bad guys. On one phone=
 tap, an FBI agent told me, their target said in a taped conversation, "hey,=
 the feds are tapping the phone. Let's whisper." Bad guys are not all rocket=
 scientists.

But on a national scale, we do indeed face a new risk, a new vulnerability,=
 for which my friend blames me. It's all my fault. Right. In "Information=
 Warfare" and other works, I maintained that the civilian infrastructure was=
 the unacknowledged target of future adversaries.

I don't believe we will see Submarines sailing up the Potomac, or that enemy=
 planes will come into San Francisco Bay. Just won't happen. But I fear we=
 will see attacks against the econo-technical infrastructure, affecting not=
 only we citizens, but the ability of law enforcement and the military to=
 function as we wish them to.

On July 15 of this year, President Clinton issued an Executive Order calling=
 for the Establishment of  President's Commission on Critical Infrastructure=
 Protection.

I applaud much of it, but I also think we have to maintain caution on how it=
 is effected. His order says:

Certain national infrastructures are so vital that their incapacity or=
 destruction would have a debilitating impact on the defense or economic=
 security of the United States.

These critical infrastructures include:

 telecommunications,
 electrical power systems,
 gas and oil storage and transportation,
 banking and finance,
 transportation,
 water supply systems,
 emergency services (including medical, police, fire, and rescue), and
 continuity of government.

Threats to these critical infrastructures fall into two categories:

1. physical threats to tangible property ("physical threats"),

2. and threats of electronic, radio-frequency, or computer-based attacks on=
 the information or communications components that control critical=
 infrastructures ("cyber threats").

Because many of these critical infrastructures are owned and operated by the=
 private sector, it is essential that the government and private sector work=
 together to develop a strategy for protecting them and assuring their=
 continued operation.

This part of President Clinton's statement is right on the mark. These are=
 all critical structures of the macro-sized econo-technical infrastructure,=
 of which the NII and other bits are sub-infrastructures. However, when it=
 comes to forming a committee, the people and groups he wishes to handle the=
 problem are quite government-centric.

	- Department of the Treasury;
	- Department of Justice;
	- Department of Defense;
	- Department of Commerce;
	- Department of Transportation;
	- Department of Energy;
	- Central Intelligence Agency;
	- Federal Emergency Management Agency;
	- Federal Bureau of Investigation;
	- National Security Agency.

The committee members are to include:

	- Secretary of the Treasury;
	- Secretary of Defense;
	- Attorney General;
	- Secretary of Commerce;
	- Secretary of Transportation;
	- Secretary of Energy;
	- Director of Central Intelligence;
	- Director of the Office of Management and Budget;
	- Director of the Federal Emergency Management Agency;
	- Assistant to the President for National  Security Affairs;
	- Assistant to the Vice President for National Security Affairs.

The immediate concern I see is that the government wants to take charge on=
 an issue and threat that is of mutual concern to the private sector and the=
 government, but that at the highest levels of the President's Order and his=
 Committee, we see no private sector representation. It is merely on a=
 consultory basis.

The Commission shall:

        (a) within 30 days of this order, produce a statement of its mission=
 objectives, which will elaborate the general objectives set forth in this=
 order, and a detailed schedule for addressing each mission objective, for=
 approval by the Steering Committee;

        (b) identify and consult with: (i) elements of the public and=
 private  sectors that conduct, support, or contribute to infrastructure=
 assurance; (ii) owners and operators of the critical infrastructures; and=
 (iii) other elements of the public and private sectors, including the=
 Congress, that have an interest in critical infrastructure assurance issues=
 and that may have differing perspectives on these issues;

        (c) assess the scope and nature of the vulnerabilities of, and=
 threats to, critical infrastructures;

        (d) determine what legal and policy issues are raised by efforts to=
 protect critical infrastructures and assess how these issues should be=
 addressed;

        (e) recommend a comprehensive national policy and implementation=
 strategy for protecting critical infrastructures from physical and cyber=
 threats and assuring their continued operation;

        (f) propose any statutory or regulatory changes necessary to effect=
 its recommendations; and

        (g) produce reports and recommendations to the Steering Committee as=
 they become available; it shall not limit itself to producing one final=
 report.

I first wrote a National Infomation Policy in 1993, and I am pleased to see=
 that the President has included similar wording. However, a national policy=
 must, on balance, also provide for enhanced personal electronic security=
 for the average American. It cannot be a one-sided law enforcement issue.=
=20

I worry about "consult with industry" along the same lines that the Key=
 Escrow adherents consulted with industry, but generally did what they=
 wanted to anyway. This has been an ongoing battle between industry and the=
 White House with respect to "Clipper" style proposals and export control=
 over encryption. Do we face the same situation with the Infrastructure=
 Protection Committee?

In this same vein, the President did recognize some input by the private=
 sector:

(a) The Commission shall receive advice from an advisory committee=
 ("Advisory Committee") composed of no more than ten individuals appointed=
 by the President from the private sector who are knowledgeable about=
 critical infrastructures. The Advisory Committee shall advise the=
 Commission on the subjects of the Commission's mission in whatever manner=
 the Advisory Committee, the Commission Chair, and the Steering Committee=
 deem appropriate.

Again, the structure is that the government is in charge and the private=
 sector, whose very interests are at stake here, is reduced to an Advisory=
 status. This is a keen focus of concern.

But then, a surprising phrase was in the President's Order:

(f) The Commission, the Principals Committee, the Steering Committee, and=
 the Advisory Committee shall terminate 1 year from the date of this order,=
 unless extended by the President prior to that date.

Only a year. I've been at this for years and years, and the awareness=
 process takes significant time. There are still major players both in the=
 government and the private sector who do not understand the nature of the=
 threats and vulnerabilities, and I fear that a mere one year effort, led by=
 some of the busiest people in the country today, will not receive the=
 attention it deserves.

My Civil Libertarian lawyer friend had significant problems with the=
 following portion of the President's Order (for which I am blamed, of=
 course!).

(a) While the Commission is  conducting its analysis and until the President=
 has an opportunity to consider and act on its recommendations, there is a=
 need to increase  coordination of existing infrastructure protection=
 efforts in order to better address, and prevent, crises that would have a=
 debilitating regional or national impact.  There is hereby established an=
 Infrastructure Protection Task Force ("IPTF") within the Department of=
 Justice, chaired by the Federal Bureau of Investigation, to undertake this=
 interim coordinating mission.

(d) The IPTF shall include at least one full-time member each from the=
 Federal Bureau of Investigation, the Department of Defense, and the=
 National Security Agency.  It shall also receive part-time assistance from=
 other executive branch departments and agencies. Members shall be=
 designated by their departments or agencies on the basis of their expertise=
 in the protection of critical   infrastructures.  IPTF members'=
 compensation shall be paid by their parent agency or department.

"Oh, great!" he exclaimed. "Now we're gonna have the Army sitting with=
 M-16's outside the phone company, and the NSA listening in on Americans to=
 see if they pollute the water supply. This is too damned much." He=
 shuddered at the thought of having the these three groups working together=
 on a domestic basis. It brought back to him too many memories of bygone=
 days he would like to see remain in the past.

On the other hand, what better group than the DoD to head up an effective=
 response organization? The President, rightfully so, put the FBI and the=
 Dept. of Justice in charge of the IPTF; after all they are responsible for=
 domestic national law enforcement. But the DoD has massive resources,=
 capabilities and manpower to deploy in times of trouble.

The trouble is, and we will have to face this dilemma straight on, is that=
 the US Military cannot be deployed in domestically due to the Posse=
 Comitatus Act of 1878, without an Executive Order. And the NSA is similarly=
 restricted from domestic operation, but is standing up its own 1,000 man=
 Information Warfare division.=20

There are legitimate ways around these problems, and we do need to have=
 built-in oversights to satisfy the concerns of those who don't want the=
 government taking over the whole shebang. But the concept of the IPTF's=
 mission is again, absolutely on mark.

(e) The IPTF's function is to identify and coordinate existing expertise,=
 inside and outside of the Federal Government, to:

(i) provide, or facilitate and coordinate the provision of, expert guidance=
 to critical infrastructures to detect, prevent, halt, or confine an attack=
 and to recover and restore service;

(ii) issue threat and warning notices in the event advance information is=
 obtained about a threat;

(iii) provide training and education on methods of reducing vulnerabilities=
 and responding to attacks on critical infrastructures;

(iv) conduct after-action analysis to determine possible future threats,=
 targets, or methods of attack; and

(v)  coordinate with the pertinent law enforcement authorities during or=
 after an attack to facilitate any resulting criminal investigation.

The Committee is supposed to address the very issues that many of us have=
 been addressing - to full audiences, but often empty years. From where I=
 stand, the White House has caught the vision and it prepared to do=
 something about it.

My complaints are essentially two fold:

	1. We have to have greater civilian input and representation on the=
 Committee at the highest levels, not merely in an advisory capacity.

	2. The 1 year term is short-sided.

And yes, I do agree with my Libertarian pal, that however this all shakes=
 out, we must have a third party oversight process to insure we never do=
 return to the abusive days of yore.

Kudos to the White House for putting Electronic Civil Defense on their=
 plate.

For a complete copy of the Presidential Order: http://www.infowar.com

Winn Schwartau
------------------------------------------------------------

END

Infowar             Sunday, November 10 1996        Volume 01: Number 02


DIRECT REQUESTS to:    list at infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe infowar        TO JOIN GROUP
Unsubscribe infowar    TO LEAVE GROUP
Help infowar               TO RECEIVE HELP=20
TO POST A MESSAGE:  E-Mail to   infowar at infowar.com =20

_____________________________________________________
Infowar.Com
Interpact, Inc.
Winn Schwartau
winn at infowar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361  FAX

Sponsor Opportunities/Comments/Help

Betty G. O'Hearn
Assistant to Winn Schwartau
http://www.infowar.com
betty at infowar.com
813-367-7277  Voice
813-363-7277  FAX






From nobody at cypherpunks.ca  Sun Nov 10 21:20:07 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 10 Nov 1996 21:20:07 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
In-Reply-To: <199611090534.XAA03845@manifold.algebra.com>
Message-ID: <199611110508.VAA15800@abraham.cs.berkeley.edu>


> From: ichudov at algebra.com (Igor Chudov @ home):
> 
> I also used RPN calculators 10 years ago, in high school, in Russia.
> Still miss them.  Which model (for no more than $40 or so) is the best
> around here?
> 
> Sorry if this question has already been answered here, nowadays it is 
> pretty tough list to read.

I recommend the GNU emacs calculator.  While not quite as portable as
some of the HP calculators, it is free, and is definitely the best
calculator I have ever seen, period.





From security at kinch.ark.com  Sun Nov 10 21:25:54 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Sun, 10 Nov 1996 21:25:54 -0800 (PST)
Subject: Pyramid Schemes
In-Reply-To: <Nw77wD18w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.94.961110211847.1766B-100000@kinch.ark.com>


On Sun, 10 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> 
> I think the following would be a worthwhile cypherpunks project: design the
> anonymous infrastructure to allow those who wants to participate in MMF-like
> pyramid schemes on the Internet to do so without bothering anyone.

It seems to me that any such scheme is doomed to failure, unless I
misunderstand what people are talking about here. While I believe that
there really is a `sucker born every minute', and it is that which makes
pyramid schemes work, I don't believe that too many people would jump on
board unless they see real, verifiable names linked with the schemes. 
Isn't it just common sense to say that if people are hiding their identity
while offering to `make money fast' then there is something seriously
shady going on? Aren't people *less* likely to join in under such
circumstances?  Sure, it allows such schemes to work in theory but in
practice, how do you get people to join in? Who would/how could you
*trust* such a scheme? 

Perhaps I give people too much credit? 

cheers, kinch








From tjb at acpub.duke.edu  Sun Nov 10 21:37:43 1996
From: tjb at acpub.duke.edu (tom bryce)
Date: Sun, 10 Nov 1996 21:37:43 -0800 (PST)
Subject: ideal secure personal computer system
In-Reply-To: <v02140b02aeac593a7aa7@[192.0.2.1]>
Message-ID: <l03010608aeac1fa442cc@[152.3.87.2]>


> = ph at netcom.com (Peter Hendrickson) wrote:
>> = tom bryce wrote:

>> (2) Partition the hard drive into two partitions:
>>    install the system folder on one and a copy of CryptDisk
>>    make this the startup partition and make it READ ONLY with aliases to
>>    folders you want to be modiyfable (such as Eudora Folder in the sys
>>folder)
>>    place these folders on the encrypted partition
>
>I don't think you will be able to do this.  I have heard that too many
>things modify files in the system folder for this to work.  It wouldn't
>surprise me if the OS modifies its own boot file from time to time.
>
>I'm not expert.  If you get this working I would appreciate it if you
>were to post it to the list or let me know directly.

-and-

>Watch out for the clipboard which appears to be stored as a file in
>the system folder.  Unfortunately, it has to be a real file - aliases
>not allowed.  This makes it harder to have a read only system folder
>and, of course, every time you cut and paste something you leave a
>ghost on the disk for an undefined length of time.  It's hard to
>work on the Mac without using the clipboard.

The fact that you can start up and run your system from a CD rom proves
that you can lock your startup disk. Grab a DISK TOOLS disk from your most
recent system installer disks (mine is 7.5) and flip the write protect tab,
then start up from it. Clipboard works, too. I haven't worked with such a
system extensively enough to see if there are any glitches (such as copying
large amounts of stuff to the clipboard, etc.) but it should get the job
done for the truly paranoid.

I have a few items in the system folder presently aliased out onto other
disks - my Eudora Folder is on an encrypted partition, and there's no
reason one couldn't do this with the whole preferences folder and other
stuff.

>> If locking the startup volume turns out to be too much of a pain, one could
>> install trashguard from Highware software and set it to triple overwrite
>> deleted files, and otherwise not lock the startup partition.
>
>I'm guessing you already know this, but once you've written something
>to the disk you might as well assume it's there forever.  Triple overwrite
>of files will defeat Norton Utilities, but may not stop a determined
>opponent.

Right. I'm proposing this as a compromise if you wish to trade security for
convenience.

>Commercial data recovery services claim to be able to recover data
>after nine formats of the disk.  It is difficult to say for certain
>what the technical limits of this technology are.  For instance, maybe

Colin Plumb gave me estimates of what you needed to wipe a disk clean once,
which he researched for SFS. It depends on whether the erasure pattern is
custom designed for the data to wipe. It was something vaguely like (don't
quote me) 15 passes if custom designed, and 25 if not. This refers, as I
recall, to data freshly written to the disk. Data that hangs out for a
while 'leaks' deeper into the disk, with adjacent molecules becoming
aligned further between tracks and deeper into the disk and is harder to
erase. A dejanews search under colin's name should yield his extensive
posts on this topic.

Tom








From dlv at bwalk.dm.com  Sun Nov 10 21:40:18 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 10 Nov 1996 21:40:18 -0800 (PST)
Subject: Rarity: Crypto question enclosed
In-Reply-To: <199611102102.NAA17006@toad.com>
Message-ID: <Xkk8wD21w165w@bwalk.dm.com>


"David K. Merriman" <merriman at amaonline.com> writes:
> To: cypherpunks at toad.com
> Date: Sun Nov 10 15:03:35 1996
> Sorry that this message doesn't include any flames, "outings",
> denigrations, or other stuff......
>
> My simple question is regarding key/certificate distribution:
...

Are you sure this is on-topic for John Gilmore's private mailing list?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ichudov at algebra.com  Sun Nov 10 21:49:52 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sun, 10 Nov 1996 21:49:52 -0800 (PST)
Subject: FUCK ME HARD
Message-ID: <199611110547.XAA15989@manifold.algebra.com>


FUCK NME HARD





From nobody at cypherpunks.ca  Sun Nov 10 22:18:07 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 10 Nov 1996 22:18:07 -0800 (PST)
Subject: hahaha
Message-ID: <199611110556.VAA16710@abraham.cs.berkeley.edu>


test





From dthorn at gte.net  Sun Nov 10 22:27:03 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sun, 10 Nov 1996 22:27:03 -0800 (PST)
Subject: Legal Deffinition of Encryption?
In-Reply-To: <v02140b02aeaba1c8961f@[192.0.2.1]>
Message-ID: <32868CDB.7473@gte.net>


Peter Hendrickson wrote:
> At 2:17 PM 11/9/1996, Mark M. wrote:
> >On Sat, 9 Nov 1996, Benjamin Grosman wrote:
> >> I have absolutely no idea: this is a very interesting problem. Not for just
> >> compression and encryption differention legally, but also, well, ANY other
> >> data form. If one defines a new format for saving data (i.e a new image
> >> format), and then exports this technology from the USA, is this exportation
> >> of munitions due to it's unknown qualities? Or what?

> > I can't define encryption, but I know it when I see it.

> They way it will be forbidden is by outlawing the execution of the
> algorithms.  The algorithms (the secure ones anyway) are well defined
> as is executing them.  The legal system has dealt with greater
> ambiguities than this.
> An analogy to the drug laws might be useful.  We don't outlaw all drugs
> that cause you to have weird visions and to act strangely.  That would
> be hard to define and would cover a number of legal drugs.
> Instead, the specific chemicals are forbidden as they are discovered.

I can see how the chemical/drug thing works, and I can see how they can
easily control Public Key (PGP) encryption, but if you are suggesting
that they can effectively eradicate private key encryption, that would
seem to be an impossibility.

BTW, if the current Public Key program(s) were prohibited, wouldn't new
versions using different schemes pop up everywhere?






From jimbell at pacifier.com  Sun Nov 10 22:40:14 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 10 Nov 1996 22:40:14 -0800 (PST)
Subject: Dr. Vulis
Message-ID: <199611110639.WAA22673@mail.pacifier.com>


At 06:59 PM 11/5/96 +0100, Gary Howland wrote:

>> > I recall we've been through this over a year ago, when I saw an 
announcement
>> > of a cypherpunks physical meeting where someone was excluded for his 
political
>> > views, and I said that I don't consider myself a cypherpunk. I'm glad that
>> > John and Bill, the auhorities on cypherpunk membership, finally concur.
>
>
>I think he is referring to the explicit and public non-invite of Jim
>Bell to a cypherpunks meeting, due to some of Jim Bell's Assination
>Politics posts.
>Gary


I'd like to correct this impression.  Alan Olsen was, apparently, quite 
aware of my AP posts when I (and everyone else) was invited to the first 
Portland CP meeting.  I had heard no objection to them from him.  The 
meeting was advertised as being sufficiently confidential that he 
specifically requested that nobody take pictures or record the meeting, etc. 
 Fair enough, I thought.  I generally interpreted this to mean that the 
meeting was at least approximately "off the record."

Arriving at the meeting, I detected no indication that Alan Olsen was at all 
disturbed at me, or anything I had said previously.  At the meeting all went 
well, _or_so_I_thought_.    It was all very routine.  One thing I decided to 
mention, actually only hint at, was a technical capability that I was 
working one.   However, I gave merely the broadest hints; What I did say 
would certainly have sounded technically at least implausible, if not quite 
impossible.   (The situation was somewhat analogous to the old story about 
the blind men coming across an elephant; one touches only the tail and calls 
it a snake, the other touches a leg and calls it a tree, etc.)  
Intentionally, I didn't explain how I would accomplish the goal I described.

Even so, there was still no indication from Alan Olsen that anything was 
amiss. And the meeting ended on that note.

Much to my surprise, Alan Olsen blurted out over the CP list only a barely 
fair description of what I had said (which itself was only the hints I chose 
to describe) and called me various names, etc.  I think he used the term 
"voodoo" to describe what I was planning to develop.  When, eventually, I 
_do_ explain the whole thing, and I repeat exactly what I told the assembled 
group, it will become obvious why what I described _sounded_ so implausible, 
yet was quite doable given modern technology.

I should point out that given how little I told, avoiding the REAL 
explanation, it could very well have been taken for voodoo.  And it didn't 
surprise me that SOMEBODY would have come to that impression.   The 
surprising and shocking thing about it was that he (Alan Olsen) violated the 
very confidentiality he had insisted on, without any sort of warning, and 
after-the-fact.  Needless to say, I raked him over the coals publicly, on 
CP, for having done this, and he was severely chastized because of this.  
"Ripped him a new one"  might describe it, although he certainly deserved 
the treatment.

Obviously, a number of people on this list got the mistaken impression that 
this disagreement had something to do with my AP proposal.  As far as I 
know, quite the contrary, it did not.  But I saw two possibilities, after 
the fact:  One, Alan Olsen hid his disapproval for AP, hoping to catch me in 
some sort of contradiction.  Two, after he was embarrassed by my calling him 
on his bad behavior, he grabbed at the first thing he could think of to 
criticize me.





  
Jim Bell
jimbell at pacifier.com





From jimbell at pacifier.com  Sun Nov 10 22:55:41 1996
From: jimbell at pacifier.com (jim bell)
Date: Sun, 10 Nov 1996 22:55:41 -0800 (PST)
Subject: WIPO Treaty:  Worse than CDA- Deadline 22 Nov 96
Message-ID: <199611110655.WAA23446@mail.pacifier.com>


At 01:22 AM 11/11/96 +0000, attila at primenet.com wrote:
>                WIPO Treaty:  Worse than CDA
>                Deadline 22 Nov 96 for comment to Congress
>        WIPO was introduced this spring to Congress.  It is not 
>    understood by either the Clinton administration or the Congress and
>    few of the public are aware of the problem!
[snip]
>        I am deleting the bulk of the report for brevity, including only
>    the definition of the "database" as it applies to WIPO.
>
>.WHAT IS A DATABASE? WHAT ISN'T A DATABASE?
>.The treaty would protect "any database that represents a 
>.substantial investment in the collection, assembly, verification, 
>.organization or presentation of the contents of the database." 
>.
>.This term should be understood "to include collections of 
>.literary, musical or audiovisual works or any other kind of 
>.works, or collections of other materials such as texts, sounds, 
>.images, numbers, facts, or data representing any other matter or 
>.substance" and "may contain collections of expressions of 
>.folklore." The "protection shall be granted to databases 
>.irrespective of the form or medium in which they are embodied. 

Somebody must have said, once, that the winner in an argument is the one who 
gets to define the terms.  Notice how the term "protect" and "protection" 
are misused above. (not by Attila, of course; but by whomever he's quoting.)  

However, the term "protect" has long been misused by lawyers in just such a 
way.  "Monopolize" would be a more appropriate word under the circumstances.



Jim Bell
jimbell at pacifier.com





From ph at netcom.com  Sun Nov 10 23:07:05 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sun, 10 Nov 1996 23:07:05 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
Message-ID: <v02140b0daeac7ff69503@[192.0.2.1]>


At 9:45 PM 11/10/1996, SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil wrote:
> ...and you've got a foreign soldier waving a .45 around...

Ummm.... just a .45?

Peter Hendrickson
ph at netcom.com







From accessnt at ozemail.com.au  Sun Nov 10 23:10:16 1996
From: accessnt at ozemail.com.au (Mark Neely)
Date: Sun, 10 Nov 1996 23:10:16 -0800 (PST)
Subject: No Subject
Message-ID: <3.0b36.32.19961111155455.006d2174@ozemail.com.au>



>PLEASE TAKE ME OFF YOUR MAILING
>LIST!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I'm sorry Jayme, but you didn't include the requisite number of !'s, so we
cannot process your request.
Mark Neely - accessnt at ozemail.com.au
Lawyer, Internet Consultant, Professional Cynic & Author
BizWeb: For Serious Intrepreneurs - www.maximedia.com.au/bizweb





From dougr at skypoint-gw.globelle.com  Sun Nov 10 23:12:09 1996
From: dougr at skypoint-gw.globelle.com (Doug Renner)
Date: Sun, 10 Nov 1996 23:12:09 -0800 (PST)
Subject: Federal Reserve Bank is ILLEGAL?
Message-ID: <Pine.3.89.9611110517.A13588-0100000@skypoint-gw.globelle.com>



http://feustel.mixi.net/GOV/DEPTS/fedres.html

Most list members would be very interested in the above link.





From attila at primenet.com  Sun Nov 10 23:20:25 1996
From: attila at primenet.com (attila at primenet.com)
Date: Sun, 10 Nov 1996 23:20:25 -0800 (PST)
Subject: WIPO Treaty:  Worse than CDA- Deadline 22 Nov 96
In-Reply-To: <199611110655.WAA23446@mail.pacifier.com>
Message-ID: <199611110721.AAA26153@infowest.com>


In <199611110655.WAA23446 at mail.pacifier.com>, on 11/10/96 
   at 10:50 PM, jim bell <jimbell at pacifier.com> said:

.Somebody must have said, once, that the winner in an argument is the one who 
.gets to define the terms.  Notice how the term "protect" and "protection" 
.are misused above. (not by Attila, of course; but by whomever he's quoting.)  

.However, the term "protect" has long been misused by lawyers in just such a 
.way.  "Monopolize" would be a more appropriate word under the circumstances.

        monopolized is actually too 'weak' a final description of the 
    results --how about 'absolute denial of information?'

        what itrigues me the most is the bill originated at the White 
    House!   I won't waste time preaching to the choir, but the
    original intent was to protect West Publishing's "keyed" and
    proofed legal reference material (in return for a a hefty campaign
    contribution, and who nows what else under the table...).  just
    because it is legal, does not make it moral.

        some lame-brain (probably DOJ and whitehouse political hacks)
    expressed the terms in the treaty bill so broadly that it is all inclusive --everything.

        this is a case of no speech at all....     goodbye information 
    age, hello darkness.

        of course, there is always the possibility that Bubba _desires_
    to crash the economy so he can declare martial law for his NWO
    mentor, George Bush.

                --attila

--
            Cyberspace and Freedom are Information.  
                FUCK your WIPO, too. 
                                                                -attila






From mhayes at infomatch.com  Mon Nov 11 00:09:44 1996
From: mhayes at infomatch.com (Murray Hayes)
Date: Mon, 11 Nov 1996 00:09:44 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
Message-ID: <199611110809.AAA06516@infomatch.com>


On Sun, 10 Nov 96 21:45:56 EST, SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil wrote:

>----------------------------------------------------------------------
>dave kinchlea wrote:
>>As said in "Hair" (the movie), "Don't do it for me man, 'cause 
>>if the shoe was on the other foot, I wouldn't do it for you!" 
>
>>It's a lie anyway, you do it for yourself.
>
>That's an _easy_ judgment to make (and i definitely have to stop 
>adding anecdotes from my life in these things!), but you missed the 
>point - the freedoms the Cpunks diligently try to preserve (or seem to 
>want to create...) are protected _by_ the military.  who was it that 
>said:       "law, without force, is impotent"  -?  

The military's sole purpose is to destroy things and kill people.
Freedom is protected by the poeple for the people some of which
are in the military.  The force is not nessasary to enforce laws in
most circumstances.  How many gun battles erupt at speed traps?  Granted,
there are instances where some force is required in arresting violent 
individuals, but it is still illeagal for the police to use ecessive
force.

>
>keep in mind that even "bad" laws have to be enforced.  you can scream 
>all you want about "good, strong" cryptostuffs, but if the phone lines 
>are slashed, the satellite links are down, the elcerticity is off and 
>you've got a foreign soldier waving a .45 around -  just how are you 
>going to boot up that pretty little computer and make it encode 
>information for you, much less get it anywhere?  anarchy implies 
>ruthlessness - you going to practice cryptostuffs from a prison cell?

You are wrong about bad laws being enforced.  Many laws are not enforeced
by the police.  Have you never been "let off" or "givin a warning" by the
police?  How many times have you seen people j walk in front of the police
who did nothing?

Computers are not nessasary to encode data, they just make it a lot
eaiser and faster.  Where did I put that secret decoder ring????


mhayes at infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip
















From mml at halcyon.com  Mon Nov 11 00:46:03 1996
From: mml at halcyon.com (Mark M. Lacey)
Date: Mon, 11 Nov 1996 00:46:03 -0800 (PST)
Subject: GAK?
Message-ID: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>


-----BEGIN PGP SIGNED MESSAGE-----

Could someone please fill me in on what GAK stands for
since it seems to be central to some of the on going
conversations.

Thanks,

Mark M. Lacey <mml at halcyon.com>
"Speaking for nobody but myself."
[Finger mml at halcyon.com for my PGP public key.]
[If you don't have 'finger', e-mail me for it.]


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMobmyB/Hx+OuZC/tAQGRTAf/R2t+/JC1k3lhQcqIcRWO2HyxHgf6+ko2
2ngQBXyMrInQtaXorcZ2LFrfie4GD68S0nLWKlwqaN09+/O72Bze1pyGd3dHBI4b
vazgQZq1zxWuHcCYg1r5QDwt0NJOZg4tRHROHmUiuLLeNfFwusWPnW+RMI2nTo39
g/sXWhRUF83vhyztC5+zOKmxjEQOBf3Wxq0FLBAoSUjzuJKnRNV87Fnf2vzezqc4
cK+A8DcRN0c0kX/LuNO9pnXo+3J8gMMDsoZAOS5KAgWQjJT3fdroTLX4xmRcBVJ3
NanTSXWsFIMlnXAjBS7V+5S/3gAml+y5tqLiNJAhoVVD/nvyvQDmAg==
=QyM4
-----END PGP SIGNATURE-----






From mhayes at infomatch.com  Mon Nov 11 01:03:35 1996
From: mhayes at infomatch.com (Murray Hayes)
Date: Mon, 11 Nov 1996 01:03:35 -0800 (PST)
Subject: Sifting data; looking for "strong crypto"
Message-ID: <199611110903.BAA07962@infomatch.com>



As far as bit patterns go, is executable code random?

mhayes at infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip






From mhw at wittsend.com  Mon Nov 11 04:01:55 1996
From: mhw at wittsend.com (Michael H. Warfield)
Date: Mon, 11 Nov 1996 04:01:55 -0800 (PST)
Subject: GAK?
In-Reply-To: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>
Message-ID: <m0vMv1C-0000wpC@wittsend.com>


Mark M. Lacey enscribed thusly:

> -----BEGIN PGP SIGNED MESSAGE-----

> Could someone please fill me in on what GAK stands for
> since it seems to be central to some of the on going
> conversations.

	G)overnment
	A)ccess
	  to
	K)eys

	Generally pronounced as you would imagine Bill the Cat expressing it...

	AKA: Key Escrow...

> Thanks,
> 
> Mark M. Lacey <mml at halcyon.com>
> "Speaking for nobody but myself."
> [Finger mml at halcyon.com for my PGP public key.]
> [If you don't have 'finger', e-mail me for it.]


> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQEVAwUBMobmyB/Hx+OuZC/tAQGRTAf/R2t+/JC1k3lhQcqIcRWO2HyxHgf6+ko2
> 2ngQBXyMrInQtaXorcZ2LFrfie4GD68S0nLWKlwqaN09+/O72Bze1pyGd3dHBI4b
> vazgQZq1zxWuHcCYg1r5QDwt0NJOZg4tRHROHmUiuLLeNfFwusWPnW+RMI2nTo39
> g/sXWhRUF83vhyztC5+zOKmxjEQOBf3Wxq0FLBAoSUjzuJKnRNV87Fnf2vzezqc4
> cK+A8DcRN0c0kX/LuNO9pnXo+3J8gMMDsoZAOS5KAgWQjJT3fdroTLX4xmRcBVJ3
> NanTSXWsFIMlnXAjBS7V+5S/3gAml+y5tqLiNJAhoVVD/nvyvQDmAg==
> =QyM4
> -----END PGP SIGNATURE-----

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!





From wendigo at pobox.com  Mon Nov 11 04:17:03 1996
From: wendigo at pobox.com (Mark Rogaski)
Date: Mon, 11 Nov 1996 04:17:03 -0800 (PST)
Subject: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <199611111218.HAA09575@gate.cybernex.net>


An entity claiming to be Murray Hayes wrote:
: 
: 
: As far as bit patterns go, is executable code random?
: 
: mhayes at infomatch.com
: 
: It's better for us if you don't understand
: It's better for me if you don't understand
:                                              -Tragically Hip
: 

Nope, any executable has the same text-data-stack structure.  Within the
text segment, all instructions are (usually) of the same size with 
one to four possible formats.  Consider that every instruction will
begin with one of ~128 opcodes, operands are pretty predictable depending
on the opcode's associated format.  Any references to symbol and literal
tables are within a predictable range, and the format of these tables
is fixed.

An assembled/linked program is going to be very far from random, same
basic patterns are used for I/O, subroutine calls, iterative loops, etc.
I would assume that the entropy of an executable binary is extremely low.

mark


-- 
[]  Mark Rogaski                    
[]  wendigo at pobox.com               
[]  http://www.pobox.com/~wendigo/  
[]  >> finger for PGP pubkey <<     





From ichudov at algebra.com  Mon Nov 11 05:06:39 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Mon, 11 Nov 1996 05:06:39 -0800 (PST)
Subject: two bogus messages to this list
Message-ID: <199611111238.GAA17346@manifold.algebra.com>


I did not write the two messages below. I did have a small party
yesterday, probably some of my guests did that...

	- Igor.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>From cypherpunks-errors at toad.com  Mon Nov 11 06:35:19 1996
Return-Path: <cypherpunks-errors at toad.com>
Received: (from root at localhost) by manifold.algebra.com (8.8.2/8.8.2) with UUCP id GAA16814 for ichudov at algebra.com; Mon, 11 Nov 1996 06:34:44 -0600
Received: from toad.com (toad.com [140.174.2.1]) by www.video-collage.com (8.8.0/8.8.0) with ESMTP id CAA20037 for <ichudov at algebra.com>; Mon, 11 Nov 1996 02:34:30 -0500 (EST)
Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id VAA01399 for cypherpunks-outgoing; Sun, 10 Nov 1996 21:49:52 -0800 (PST)
Received: from www.video-collage.com (www.video-collage.com [199.232.240.107]) by toad.com (8.7.5/8.7.3) with ESMTP id VAA01394 for <cypherpunks at toad.com>; Sun, 10 Nov 1996 21:49:47 -0800 (PST)
Received: (from uucp at localhost) by www.video-collage.com (8.8.0/8.8.0) with UUCP id AAA19874 for cypherpunks at toad.com; Mon, 11 Nov 1996 00:51:53 -0500 (EST)
Received: (from ichudov at localhost) by manifold.algebra.com (8.8.2/8.8.2) id XAA15989 for cypherpunks at toad.com; Sun, 10 Nov 1996 23:47:00 -0600
Date: Sun, 10 Nov 1996 23:47:00 -0600
From: "Igor Chudov @ home" <ichudov at algebra.com>
Message-Id: <199611110547.XAA15989 at manifold.algebra.com>
Subject: FUCK ME HARD
Sender: owner-cypherpunks at toad.com
Precedence: bulk
Status: O

FUCK NME HARD


>From cypherpunks-errors at toad.com  Mon Nov 11 00:35:29 1996
Return-Path: <cypherpunks-errors at toad.com>
Received: (from root at localhost) by manifold.algebra.com (8.8.2/8.8.2) with UUCP id AAA16188 for ichudov at algebra.com; Mon, 11 Nov 1996 00:35:24 -0600
Received: from toad.com (toad.com [140.174.2.1]) by www.video-collage.com (8.8.0/8.8.0) with ESMTP id BAA19940 for <ichudov at algebra.com>; Mon, 11 Nov 1996 01:37:38 -0500 (EST)
Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id VAA00961 for cypherpunks-outgoing; Sun, 10 Nov 1996 21:03:06 -0800 (PST)
Received: from www.video-collage.com (www.video-collage.com [199.232.240.107]) by toad.com (8.7.5/8.7.3) with ESMTP id VAA00956 for <cypherpunks at toad.com>; Sun, 10 Nov 1996 21:03:03 -0800 (PST)
Received: (from uucp at localhost) by www.video-collage.com (8.8.0/8.8.0) with UUCP id AAA19793 for cypherpunks at toad.com; Mon, 11 Nov 1996 00:05:09 -0500 (EST)
Received: (from ichudov at localhost) by manifold.algebra.com (8.8.2/8.8.2) id WAA15563 for cypherpunks at toad.com; Sun, 10 Nov 1996 22:36:03 -0600
Date: Sun, 10 Nov 1996 22:36:03 -0600
From: "Igor Chudov @ home" <ichudov at algebra.com>
Message-Id: <199611110436.WAA15563 at manifold.algebra.com>
Sender: owner-cypherpunks at toad.com
Precedence: bulk
Status: RO

manifold::~==>premail -t cypherpunks at toad.com
Chain: haystack;jam
Subject: I urgently need a lot of money.

Please share your money-making secrets, I am in a desperate need
for cash.






From clay.olbon at dynetics.com  Mon Nov 11 05:49:42 1996
From: clay.olbon at dynetics.com (Clay Olbon II)
Date: Mon, 11 Nov 1996 05:49:42 -0800 (PST)
Subject: Pyramid schemes and cryptoanarchy
Message-ID: <1.5.4.32.19961111134757.00a03df0@ix.netcom.com>


At 04:39 PM 11/10/96 -0500, Rabid Wombat wrote:
>On Sun, 10 Nov 1996, Clay Olbon II wrote:
>
>> Pyramid schemes could be a growth market in a crypto-anarchic world.  It is
>> yet another market such as gambling, or the lottery, that could be conducted
>> with anonymity.  And it appears to be much more widespread on the internet
>
>How is it like gambling? If I get a pyramid letter instructing me to send 
>money to five people on the list, add my name to the bottom, send to 5 
>people, or whatever, there's nothing stopping me from removing all the 
>names, adding my name and those of four friends, and passing the letter 
>along. With an anonymous system, I could easily be all five people, 
>without even the bother of getting five different post office boxes.

I was not saying that chain letters are like gambling.  My point was that
they could be conducted with anonymity - like gambling and the lottery.
Your other point is well made.  Anyone have ideas on a protocol to prevent
this problem?

>
>There's no gambling involved; only blantant stupidity.

Agreed.  Although I think gambling and the lottery are pretty stupid as well
("The lottery is a tax on people who are bad a math" - from a friend's .sig).

>The "airplane" game was an interesting slant, though. Because of the 
>in-person "airplane" parties, people were able to make contacts and 
>network while participating. It was still the same old trick, but some 
>may have found the ability to "buy" (and "sell") face time worth the price 
>of admission (Some of the "airplane" games going around were to the tune 
>of $2500, rather than the usual $5). Your anonymous slant on 
>this removes the only economically viable excuse for participating, 
>though - I don't even get to meet the head of the umptysquat dept. in 
>return for getting fleeced.
>
>The "airplane game" was big around Washington about a year ago, and
>involved a number of highly placed people who aught to have been able to 
>recognize a Ponzi scheme when it bit them in the ass. Makes me wonder how 
>many people are stupid enough to "play" these games. 

I'm not familiar with the airplane game.  Sounds like a DNC fundraiser to me
;-) And yes, I think there are a lot of stupid people out there (ex. I
started a new job recently and noticed that a warning about the "Good Times
Virus" was posted on the bulletin board).  I'm not sure that the game would
even have to be close to fair for plenty of people to participate -
especially if it involves digital cash and email, which may be much easier
than snail-mailing letters. 

        Clay
*******************************************************
Clay Olbon			clay.olbon at dynetics.com
engineer, programmer, statistitian, etc.
Dynetics, Inc.
**********************************************tanstaafl






From froomkin at law.miami.edu  Mon Nov 11 06:52:22 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Mon, 11 Nov 1996 06:52:22 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.3.89.9611110517.A13588-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.SUN.3.95.961111094329.3168B-100000@viper.law.miami.edu>


Instead of reading the rabid nonsense referred to in the previous post in
this thread, try

http://www.law.miami.edu/~froomkin/articles/reinvent.htm

wherein it is revealed that (gasp!) the Federal Reserve is an independent
federal agency, but that (private) federal reserve banks have five of the
twelve votes (the rest belong to government officials) on the Open Market
Committee, an important policy-setting body that has an influence over the
money supply.  Incidentally, this practice was upheld in Melcher v.
Federal Open Mkt. Comm., 644 F. Supp. 510 (D.D.C. 1986). 

My article discusses the tangled legality of letting private parties
exercise goverment powers -- a practice that, like it or not, is as old as
the Republic.  (Documentation for that claim appears at 
http://www.law.miami.edu/~froomkin/articles/reinvent.htm#ENDNOTE9  )
and thus about as clearly within the original intent as anything gets.
Incidentally, the practice of giving private parties partial or full
control over seemingly public functions affects a very large number
of bodies, not just the Open Market Committee.


On Mon, 11 Nov 1996, Doug Renner wrote:

[pointer to rabid nonsense]


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From raph at CS.Berkeley.EDU  Mon Nov 11 06:53:07 1996
From: raph at CS.Berkeley.EDU (Raph Levien)
Date: Mon, 11 Nov 1996 06:53:07 -0800 (PST)
Subject: List of reliable remailers
Message-ID: <199611111450.GAA23797@kiwi.cs.berkeley.edu>


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list at kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys at kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list at kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail at miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster at remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer at replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias at alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod at nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix at zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer at remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack at holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer at dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer at cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{'nym'} = '<config at nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer at huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix at squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman at jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias at alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman at athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config at weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x at deathsdoor.com> cpunk pgp hash latent post";
catalyst at netcom.com is _not_ a remailer.
lmccarth at ducie.cs.umass.edu is _not_ a remailer.
usura at replay.com is _not_ a remailer.
remailer at crynwr.com is _not_ a remailer.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the cyber nymserver. The nym.alias.net server will be listed
soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. Hopefully, this is fixed by now.

The penet remailer is closed.

Last update: Mon 11 Nov 96 6:49:56 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer at cypherpunks.ca          ******** ***    14:49  99.77%
extropia remail at miron.vip.best.com        -.--__..---  17:21:56  99.28%
balls    remailer at huge.cajones.com        * **+**- ***     7:35  99.23%
cyber    alias at alias.cyberpass.net        +   +*-- +**    39:50  99.18%
replay   remailer at replay.com              +++* --- ***    22:22  98.78%
dustbin  dustman at athensnet.com            - --   -  -+  1:18:14  98.56%
haystack haystack at holy.cow.net            ++#. + - ***    47:04  98.24%
squirrel mix at squirrel.owl.de              +----+-- +++  2:15:31  97.94%
middle   middleman at jpunix.com               +----- -    2:51:34  94.38%
lead     mix at zifi.genetics.utah.edu       - +++--  +++    42:54  93.75%
lucifer  lucifer at dhp.com                  ++ +++-- + +    56:13  89.49%
mix      mixmaster at remail.obscura.com        +++-- -+   1:10:46  84.64%
exon     remailer at remailer.nl.com         ++# + -         10:34  43.55%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien





From dlv at bwalk.dm.com  Mon Nov 11 07:02:11 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 07:02:11 -0800 (PST)
Subject: FUCK ME HARD
In-Reply-To: <199611110547.XAA15989@manifold.algebra.com>
Message-ID: <a6g9wD27w165w@bwalk.dm.com>


"Igor Chudov @ home" <ichudov at algebra.com> allegedly writes:

> FUCK NME HARD
       ^^^

Who's "NME"? Let me guess... Another one of Timmy May's nyms? Another forgery?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Mon Nov 11 07:03:15 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 07:03:15 -0800 (PST)
Subject: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <ZPH9wD29w165w@bwalk.dm.com>


"Murray Hayes" <mhayes at infomatch.com> writes:

> As far as bit patterns go, is executable code random?

No - it's very much not random in the sense that given just a few bytes one
often has a pretty good idea of what the next byte would be.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Mon Nov 11 07:04:47 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 07:04:47 -0800 (PST)
Subject: GAK?
In-Reply-To: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>
Message-ID: <qNH9wD28w165w@bwalk.dm.com>


"Mark M. Lacey" <mml at halcyon.com> writes:

> Could someone please fill me in on what GAK stands for
> since it seems to be central to some of the on going
> conversations.

It stands for "arbitrary plug-pulling and content-based censorship" as
practiced by Timmy May (fart) and John Gilmore.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Mon Nov 11 07:09:49 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 07:09:49 -0800 (PST)
Subject: Pyramid Schemes
In-Reply-To: <2.2.32.19961112070453.00716a28@healey.com.au>
Message-ID: <7kD9wD23w165w@bwalk.dm.com>


Benjamin Grosman <bgrosman at healey.com.au> writes:

> this is all well and good, but what I'd like to know is: do these schemes
> actually work? In theory they same to...

In depends on what you mean by "work". If you're asking whether MMFs result in
substantial amounts of money being sent to the originators, the answer is, I
don't know for sure, but I doubt it very much. (I've never tried it myself but
I interviewed a couple of people who did, for the research I did a few years
ago.) Similar MLM schemes (such as Amway or Herbalife) seem to result in
substantial profits for the owners/folks at the top of the pyramid, and losses
to most people who join later, as the theory would predict. So why do so many
people stay in programs like Amway despite their financial losses?

In my opinion, _all memetic communications work very well not as a scheme for
making money, but in the sense that people in the professions that involve
person-to-person networking (such as public relations, recruiting, real estate
and other sales) use them as a pretext to remind their business contacts of
their existence. E.g. a headhunter might pass on copies of the Craig Shergold
appeal to hundreds of potential recruits, with a note on his letterhead saying
"I'm passing this on on behalf of the dying boy". Moreover he'd probably pass
along photocopies of half a dozen letterheads from the chain of people who
passed the memetic letter along to him. Most recipients reaction can be
summarised as "What a nice person, what a good deed he's doing, do I need a
headhunter now"?

And by the way the reaction of the vast majority of Americans to a MMF snail
letter is "I'm so grateful to the sender for passing along this business /
networking opportunity." :-) which is why they're spread so eagerly by high
school kids in search of popularity.

I'm convinced that the good-luck chain letters (which just ask for the letter
to be passed along, with no money changing hands) and the various MMF variants
and MLM schemes are more about making/maintaining contacts than about money.

Likewise most Amway/Herbalife peddlers lose money but gain the satisfaction of
personal contact with the purchasers (which could be used for something else)
and also the sales experience that they can later use to sell something else.

How would Internet memetics be affected by wider availability of anonymity?
We observe that snail mail anonymity is available now, but is apparently
seldom used for memetics distribution. In the running example the p.r. person
already has the ability to make hundreds of photocopies of the Craig Shergold
letter and to snail-mail them to everyone s/he knows with no return address on
the envelope and the cover letter. I've never come across such behavior, which
is consistent with my belief that the sender is really interested in
distributing his/her letterhead more than in distributing the memetic letter.

When John Doe multi-posts the Craig Shergold's letter to thousands of Usenet
newsgroups (as was done again a few weeks ago), s/he's more interested in
splattering his own name around than in getting postcards/business cards to
the dying boy. (Of course the poster's intent is to be widely seen as someone
doing a good deed on behalf of Craig Shergold; instead he loses his Internet
account and is widely viewed as a clueless spammer. Such is life. :-)

At present someone could (ab)use the remailers to post anonymous Craig Shergold
appeals on Usenet and on various mailing lists. I believe that one of the
reasons why this has never been done (as far as I know) is because this would
deprive the poster of the satisfaction of having his own name splattered all
over the network.

MMFs are a slightly different story because the poster can't get money from the
"downline" without revealing some contact address to send the money to. Out of
curisority, I looked at several different MMF spams that came this way; in many
cases the sender's e-mail address is crudely forged; the money is requested to
be sent to a postal address that's often a P.O.Box; and the name associated
with the postal address is often missing, obviously phoney, or just has the
initials. There's clearly interested in anonymity on the part of MMF posters.





From dthorn at gte.net  Mon Nov 11 07:09:56 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 11 Nov 1996 07:09:56 -0800 (PST)
Subject: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <32873C02.73A@gte.net>


Murray Hayes wrote:
> As far as bit patterns go, is executable code random?

Bit patterns will vary *widely* in executable code.  Some executable
code will contain patterns that will probably be instantly recognizable
to persons who know what to look for.

If you have the right statistics software and know how to use it, you
could evaluate some of those executables, but what it would tell you
would depend on your interpretive ability.

I have a question (or suggestion):

If you have access to a full-screen browser, which can fill the entire
screen with text (i.e., you can eliminate any status lines, etc.), why
not do some bit dumps into an ASCII file that contains just "1"'s and
"0"'s, and then view the file by holding down the down-arrow or page-
down key (assuming a fast enough cursor speed)?

The file would look something like this:  10101110000010101101000101101
but would fill the entire screen, and by scrolling through it, it seems
you would notice any obvious bit patterns.

Just a thought....







From tjb at acpub.duke.edu  Mon Nov 11 07:13:16 1996
From: tjb at acpub.duke.edu (tom bryce)
Date: Mon, 11 Nov 1996 07:13:16 -0800 (PST)
Subject: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <l03010602aeacaaadd636@[152.3.87.2]>


>As far as bit patterns go, is executable code random?

No. It's very ordered, actually.

Tom







From thevillage at island.gov  Mon Nov 11 07:45:49 1996
From: thevillage at island.gov (#6)
Date: Mon, 11 Nov 1996 07:45:49 -0800 (PST)
Subject: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <3286DA76.6C2E@island.gov>


Murray Hayes wrote:
> 
> As far as bit patterns go, is executable code random?

no.  far from it.

> 
> mhayes at infomatch.com
> 
> It's better for us if you don't understand
> It's better for me if you don't understand
>                                              -Tragically Hip





From dlv at bwalk.dm.com  Mon Nov 11 08:00:45 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 08:00:45 -0800 (PST)
Subject: Dr. Vulis
In-Reply-To: <199611110639.WAA22673@mail.pacifier.com>
Message-ID: <gHk9wD34w165w@bwalk.dm.com>


jim bell <jimbell at pacifier.com> writes:
> surprising and shocking thing about it was that he (Alan Olsen) violated the
> very confidentiality he had insisted on, without any sort of warning, and
> after-the-fact.

Is this anything new? As if you didn't know Alan Olsen, John Gilmore, Jim Ray,
and their ilk are just a bunch of hypocritical dishonest censorous shmucks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Mon Nov 11 08:02:45 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 08:02:45 -0800 (PST)
Subject: Pyramid Schemes
In-Reply-To: <Pine.LNX.3.94.961110211847.1766B-100000@kinch.ark.com>
Message-ID: <iVJ9wD33w165w@bwalk.dm.com>


Dave Kinchlea <security at kinch.ark.com> writes:

> On Sun, 10 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> >
> > I think the following would be a worthwhile cypherpunks project: design the
> > anonymous infrastructure to allow those who wants to participate in MMF-like
> > pyramid schemes on the Internet to do so without bothering anyone.
>
> It seems to me that any such scheme is doomed to failure, unless I
> misunderstand what people are talking about here. While I believe that
> there really is a `sucker born every minute', and it is that which makes
> pyramid schemes work, I don't believe that too many people would jump on
> board unless they see real, verifiable names linked with the schemes.

Methinks, you underestimate the stupidity of the average American. :-)

> Isn't it just common sense to say that if people are hiding their identity
> while offering to `make money fast' then there is something seriously
> shady going on? Aren't people *less* likely to join in under such
> circumstances?  Sure, it allows such schemes to work in theory but in
> practice, how do you get people to join in? Who would/how could you
> *trust* such a scheme?

Well - I definitely would not trust such a scheme and wouldn't take part in it.
I suppose if a scheme like this were actually implemented, some people would
be dumb enough to take is seriously and lose some (digital) money; therefore
someone would gain whatever money they've lost, as it happens in all zero-sum
games. However I've been talking about designing a scheme, not implementing it.
If there are students on this mailing list in need of an interesting crypto
project, this is one good idea, IMO.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From azur at netcom.com  Mon Nov 11 08:39:54 1996
From: azur at netcom.com (Steve Schear)
Date: Mon, 11 Nov 1996 08:39:54 -0800 (PST)
Subject: Sports Statistics to Be Regulated Under WIPO Treaty (fwd)
Message-ID: <v02140b02aead05d0c032@[10.0.2.15]>


>Date: Sun, 10 Nov 1996 11:30:41 -0600
>Reply-To: telecomreg at relay.doit.wisc.edu
>Originator: telecomreg at relay.doit.wisc.edu
>Sender: telecomreg at relay.doit.wisc.edu
>Precedence: bulk
>From: James Love <love at tap.org>
>To: Multiple recipients of list <telecomreg at relay.doit.wisc.edu>
>Subject: Sports Statistics to Be Regulated Under WIPO Treaty (fwd)
>X-Comment: Requests (UNSUBSCRIBE/HELP) to: listserver at relay.doit.wisc.edu
>MIME-Version: 1.0
>
>-----------------------------------------------------------------
>Info-Policy-Notes - A newsletter available from listproc at tap.org
>-----------------------------------------------------------------
>INFORMATION POLICY NOTES
>NOVEMBER 10, 1996
>
>                 Government Proposes New Regulation of
>                  Sports Statistics and other "facts"
>
>                            James Love
>                   Consumer Project on Technology
>                    http://www.essential.org/cpt
>                     love at tap.org; 202/387-8030*
>
>November 10, 1996
>
>This issue of INFO-POLICY-NOTES was formatted in 12 point
>courier, with 1 inch margins.  An HTML version of this note is
>available at http://www.essential.org/cpt/ip/wipo-sports.html
>
>
>        INTRODUCTION
>
>        Sports fans in the United States will be surprised to learn
>that U.S. Government officials are pressing for the adoption of
>an International treaty that will (if enacted) significantly
>change the ways sports statistics are controlled and
>disseminated.  The treaty isn't specifically directed at sports
>statistics -- it is a much broader attempt to create a new
>property right in facts and other data now in the public domain -
>- but it will have an enormous impact on the legal rights
>exercised by the National Football League (NFL), Major League
>Baseball (MLB), the National Basketball Association (NBA), the
>National Hockey League (NHL) and virtually all other professional
>or amateur athletic leagues.  [The same treaty will radically
>affect the way that stock prices, weather data, train schedules,
>data from AIDS research and other facts are controlled, but this
>note will focus on the issue of sports statistics, a topic that
>illustrates the broad impact of the treaty].
>
>        This comes at the same time the NBA and other sports
>franchises are stepping up their efforts to control the real time
>dissemination of sports statistics through the Internet or with
>wireless paging devices.  [See, for example,
>http://www.news.com/News/Item/0,4,3208,00.html].  The treaty,
>however, addresses different and much more fundamental issues
>regarding ownership of information.
>
>If the treaty is approved and implemented, sports leagues
>will have far broader powers to dictate the terms and conditions
>under which sport statistics are reported and disseminated.
>Nolan Ryan's Earned Run Average (ERA), the number of tackles or
>quarterback sacks by Lawrence Taylor, Cal Ripken's career batting
>average, Bobby Hull's career assists, the number of steals by
>your favorite NBA point guard, and similar information will be
>"owned" by sports leagues.  According to the proposed treaty (and
>legislation introduced in the 104th Congress to implement the
>treaty), the NFL, NBA, NHL and MLB will have the right to prevent
>anyone from publishing these and other statistics without express
>permission from the sports league.  This will include the right
>to control access to the historical archives of sports
>statistics, and even to dictate who can publish the box scores
>from a game or print a pitcher's ERA on the back of a baseball
>card.
>
>        The proposals for a new legal environment for publishing
>facts are outlined in a draft treaty on "databases" that will be
>considered at a December 1996 meeting of the World Intellectual
>Property Organization (WIPO), in Geneva, Switzerland.  [See
>www.public-domain.org/database/database.html]  The proposal would
>require the United States and other countries to create a new
>property right for public domain materials. "Texts, sounds,
>images, numbers, facts, or data representing any other matter or
>substance," will be protected.  [See the appendix for a more
>complete definition].
>
>The treaty seeks, for the first time, to permit firms to
>"own" facts they gather, and to restrict and control the
>redissemination of those facts.  The new property right would lie
>outside (and on top) of the copyright laws, and create an
>entirely new and untested form of regulation that would radically
>change the public's current rights to use and disseminate facts
>and statistics.  American University Law Professor Peter Jaszi
>recently said the treaty represents "the end of the public
>domain."
>
>Copies of the proposed treaty, a federal register notice
>asking for public comment, and independent commentary can be
>found at:
>
>http://www.public-domain.org/database/database.html
>
>WHO IS PUSHING FOR THE DATABASE TREATY?
>
>        In 1991, the US Supreme Court ruled (in the Feist decision)
>that the facts from a telephone "White Pages" directory of names,
>addresses and phone numbers were not protected under the
>copyright laws, and that in general, "facts" could not be
>copyrighted by anyone.  The Feist decision alarmed several large
>database vendors, who crafted this new "sui generis" property
>right that would protect facts, and just about everything else.
>[The vendors have already succeeded in obtaining a directive on
>database proposal from the European Union, although no European
>country has yet passed legislation to implement the treaty]. The
>most active supporter of this new property right is West
>Publishing, the Canadian legal publisher. A West Publishing
>employee chairs a key ABA subcommittee which wrote a favorable
>report on the treaty.  A number of very large British and Dutch
>database vendors are also lobbying hard for the treaty.
>
>West wants the new property right to protect the "page
>numbers" and "corrections" it adds to the judicial opinions it
>publishes in paper bound books.  Telephone companies want to
>protect the names, addresses and telephone numbers they publish,
>and other database vendors what to protect scientific data or
>other non-copyrighted government information they publish.  In
>seeking to protect these items, the treaty was written to stamp
>"owned by" labels on a vast sea of information now in the public
>domain.  Copyright experts J.H. Reichman and Pamela Samuelson
>say  it is the "least balanced and most potentially anti-
>competitive intellectual property rights ever created."
>[http://ksgwww.harvard.edu/iip/reisamda.html]
>
>There is an active debate within the Clinton Administration
>over the proposed treaty.   Bruce Lehman, the controversial head
>of the Patent and Trademark Office (PTO) is pushing for adoption
>of the treaty this December.  Most administration official don't
>have a clue what the database treaty does.  Some people think it
>is a minor tinkering with the current copyright law.  No one in
>the government has sought to understand the significance of the
>proposal in terms of the new rights to "own" facts, and until
>recently no one was aware that the treaty was so broad that it
>would change the way sports or financial statistics were
>controlled.
>
>        HOW WILL THE TREATY WORK?
>
>        In Feist, the Supreme Court noted:
>
>     (a) Article I, Sec. 8, cl. 8, of the Constitution mandates
>     originality as a prerequisite or copyright protection. The
>     constitutional requirement necessitates independent creation
>     plus a modicum of creativity. Since facts do not owe their
>     origin to an act of authorship, they are not original and,
>     thus, are not copyrightable.
>     [From the Syllabus of the opinion, at
>     http://www.law.cornell.edu/supct/classics/499_340v.htm]
>
>Since facts cannot be copyrighted, the supporters of the
>treaty have framed this as a new "sui generis" property right,
>which will have a separate statutory framework.  "Originality" or
>"authorship" will not be required. "Texts, sounds, images,
>numbers, facts, or data representing any other matter or
>substance," will be protected. The information can be stored in
>"all forms or media now known or later developed." Both published
>and confidential information will be covered.  The only thing
>required is a  "substantial investment in the collection,
>assembly, verification, organization or presentation of the
>contents" of the protected work.  The "rightholder" will have
>extremely broad powers to "authorize or prohibit the extraction
>or utilization" of the information from the protected database.
>
>It takes a while for the implications of this new system to
>sink in.  Some facts can be independently gathered, like the
>number of baseball games played in a year, the winners or losers
>of a tennis match, or the scores of a football game.  For these
>data, there may exist several sources for the data.  However,
>other facts are, by their very nature, only available from a
>single source, and will be controlled by monopolies.  For
>example, baseball leagues employ scorekeepers who determine if a
>batter is credited with a hit or if a fielder committed an error,
>if a hit is reported as a single or double, or if an errant pitch
>is scored as a wild pitch or a passed ball.  The league makes a
>"substantial investment" in the collection and maintenance of
>this data, which it disseminates to the press, and also stores
>and maintains in a database, through an arrangement with the
>Elias Sports Bureau.  These data cannot be independently
>collected - and under the proposed database treaty, the league
>would own the facts themselves, and could dictate the terms under
>which these facts are published or redisseminated.
>
>The NFL employs four persons who keep track of the play-by-
>play action for each game.  They write up four separate reports,
>which are used to create a single official "box score." The final
>product is supervised by the Elias Sports Bureau, as a "work for
>hire" product, which is owned by the NFL. The NFL box score is
>very detailed, and includes analysis of each play.   It records
>the league's statistics for the number of yards gained (or lost)
>on each play, who is credited with a tackle or a quarterback
>sack, or the number return yards on a kickoff or pass
>interception, and many other items.  While someone who attended a
>football game could make an independent estimate of these items,
>it would likely be different from the official statistics, due to
>the inherent difficulty in measuring or assigning credit for
>performance on the field.  The NFL's box score is given to the
>press, which uses the data to create its own news media reports.
>
>An attorney who represents the National Football League
>(NFL) told us that the NFL has an interest in insuring that there
>is an "official" source of the statistics, which are gathered
>with an appropriate standard of care and that the NFL "protects
>the official designation" of its statistics.  These data are used
>for making decisions on the Hall of Fame, and to create special
>reports and information products, which the NFL provides to third
>parties, often for a fee.
>
>Virtually all of the major league sports leagues have some
>system for creating statistics, disseminating the information to
>the press, storing the historical data, and marketing the
>statistics commercially.   Major League Baseball and the NBA work
>with Elias, while the NBA and the NHL have their own in-house
>system.  There is little doubt the process by which these
>statistics are generated will qualify for protection, under the
>treaty's minimal requirement that the league demonstrate it has
>made a "substantial investment in the collection, assembly,
>verification, organization or presentation of the contents" of
>database.  The work-for-hire "media sheets," "box scores," and
>other press handouts which report the statistics would be
>considered database elements, and reporting of statistics from
>these products would be subject to an entirely new type of
>licensing and control by the leagues which is far stronger than
>that which exists under copyright law.  [See appendix].
>
>The leagues have various methods of selling their "official"
>branded statistics.  There are also many competitors who build
>databases from a variety of sources, including the published box
>scores that appear in daily newspapers, and probably the books
>and reports published by the leagues.  The leagues do not
>currently assert "ownership" in the statistics directly, even as
>they try to prevent others from referring to the data as
>"official" statistics, but they are trying to prevent real time
>reporting of game statistics and situations over Internet or
>paging technologies.
>
>The NBA told us that it permits accredited journalists to
>report scores from NBA games three times each quarter, and that
>it considers the minute to minute reports a "misappropriation" of
>its ability to sell performance rights for the event.  The NFL
>takes a similar position with respect to its games.  STATS, Inc.
>is a firm that provides real time scores and play-by-play
>descriptors to a variety of online and wireless information
>services.  According to the NFL and the NBA, STATS, Inc. hires
>people to watch television broadcasts of the games, and type the
>play-by-play information into personal computers, which are
>linked to the STATS, Inc. computer network services.  An example
>of this type of service that uses STATS, Inc. as a supplier of
>statistics is Instant Baseball, available at
>http://www.InstantSports.com/.  Disputes over the real time
>Internet broadcasts of game situations and scores could well end
>up before the U.S. Supreme Court, as a test of the first
>amendment.  In the NBA case involving Motorola, STATS, Inc. and
>America Online, the NFL and other leagues have filed amicus
>briefs in support of the NBA position, while the New York Times
>has filed a brief in support of Motorola, STATS, Inc. and America
>Online.
>
>About two weeks ago the NBA discovered HR 3531, a version of
>the database protection proposal that was introduced in the U.S.
>Congress last spring.  The NBA is looking at HR 3531 to see if it
>would provide a legislative remedy for their dispute with
>Motorola, et. al.  (Like the other leagues, the NBA wasn't aware
>of the database treaty until last week.)
>
>At present, none of the leagues currently prevent anyone
>from publishing statistics after a game is over, because it is
>assumed that the statistics (facts) are in the public domain,
>once the broadcasts are over.  But this would likely change if
>the database treaty is enacted.  One league official told me, "no
>matter how appalled I am at this proposal personally, as a civil
>libertarian, my client may have interests as a rightholder that
>it will want to exercise."  A lawyer for the NFL said that the
>NFL might not want to do anything - he thought the free
>dissemination of statistics brought its own benefits, in terms of
>increased fan interest.  But he also said, the treaty would allow
>the NFL to "do quite a bit of stuff," in terms of new licensing
>arrangements or other ventures, if it wanted to.
>
>As a "sui generis" property right, the database proposal
>does not incorporate the fair use principles from copyright that
>reporters and value added publishers often take for granted.  The
>leagues would be able to require license to publish box scores or
>other statistics in any media.  One can imagine a world where the
>leagues wouldn't require licensing of box scores to print based
>periodicals like daily newspapers, but that a much more
>controlled regimen would evolve on the Internet.  The leagues
>could require licensing of box scores and other statistics for
>Internet publications, or linking to the leagues own web sites,
>such as www.nba.com, www.nba.com, or www.nhl.com.  The Internet
>is, after all, a very easy place to locate and police violations
>of intellectual property rights --  through a simple AltaVista
>search.  This would also likely lead to major changes in the
>market for baseball (and other sports) cards, which typically
>feature key statistics on the flip side of the card.  The new
>database extract rights would prohibit any unauthorized
>extraction or reuse of data that had economic value to the
>leagues (See discussion in Appendix).
>
>WHAT CAN YOU DO?
>
>The government is taking comments on the database treaty
>through November 22, 1996.  If you don't think the government
>should rush into a new regulatory scheme for sports statistics,
>let them know.  You can email your comments to:
>diploconf at uspto.gov.
>
>If you want to know more about his proposal, check out
>http://www.public-domain.org/database/database.html.
>
>PS
>
>Of course, this treaty deals with a lot more than sports
>statistics.  It will do the same thing for information on stock
>prices that is generated by a stock exchange.  It will radically
>change the market for weather information.   There is concern in
>Europe over the control over train schedules.  Private Schools
>could use the new data extraction right to prevent unauthorized
>publication of data about its student's test scores or post
>graduate placement statistics (both generated from a database).
>The treaty would radically change the rights to use information
>from gene sequencing, or hospital cost benefit studies.  It will
>obviously do much much more.
>
>Since I have tried to keep this note simple, a lot has been
>left out.  But consider this.  The treaty, which was designed to
>protect West Publishing's legal reporters, has been written so
>broadly that it will define even the daily newspaper as a
>"database" element.  Since the new property right is additive to
>to all rights claimed under copyright, every publisher will claim
>the additional protection, by saying each issue of the newpaper
>is a database element.  (virtually all newspapers today are
>archived in databases). The consequences of this are astounding,
>since every fact and article in every newspaper will have the new
>stronger form of protection, which will not include any public
>fair use rights.
>
>You might ask your member of Congress what the heck is going
>on with the treaty, and see if they understand it.
>
>        James Love, Director
>        Consumer Project on Technology
>        202/387-8030; love at tap.org
>
>* I will be out of the U.S. from November 11 to November 20,
>attending a conference on the impact of international trade
>agreements on intellectual property rights in New Delhi, India,
>and will be hard to reach before the 21st.
>
>
>Two law professors who have studied the treaty extensively are:
>
>Professor Pamela Samuelson, University of California at Berkeley,
>Voice (510)642-6775, pam at sims.berkeley.edu
>
>Professor Peter Jaszi, American University, School of Law, Voice
>(202) 885-2600, pjaszi at wcl.american.edu
>
>
>
>
>                             APPENDIX
>-----------------------------------------------------------------
>Extracts from James Love, "A Primer On The Proposed WIPO Treaty
>On Database Extraction Rights That Will Be Considered In December
>1996, October 29, 1996, http://www.essential.org/cpt/ip/cpt-
>dbcom.html]
>
>
>WHAT IS A DATABASE? WHAT ISN'T A DATABASE?
>
>The treaty would protect "any database that represents a
>substantial investment in the collection, assembly, verification,
>organization or presentation of the contents of the database."
>This term should be understood "to include collections of
>literary, musical or audiovisual works or any other kind of
>works, or collections of other materials such as texts, sounds,
>images, numbers, facts, or data representing any other matter or
>substance" and "may contain collections of expressions of
>folklore." The "protection shall be granted to databases
>irrespective of the form or medium in which they are embodied.
>Protection extends to databases in both electronic and non-
>electronic form" and "embraces all forms or media now known or
>later developed. . . Protection shall be granted to databases
>regardless of whether they are made available to the public. This
>means that databases that are made generally available to the
>public, commercially or otherwise, as well as databases that
>remain within the exclusive possession and control of their
>developers enjoy protection on the same footing."
>
>
>
>WHAT ARE EXTRACTION AND UTILIZATION RIGHTS?
>
>"The maker of a database eligible for protection under this
>Treaty shall have the right to authorize or prohibit the
>extraction or utilization of its contents." What is "extraction"?
>Extraction is defined as, "the permanent or temporary transfer of
>all or a substantial part of the contents of a database to
>another medium by any means or in any form." "Extraction . . . is
>a synonym for `copying' or `reproduction' . . . by `any means' or
>`any form' that is now known or later developed."
>
>"Utilization" is defined as "making available to the public all
>or a substantial part of the contents of a database by any means,
>including by the distribution of copies, by renting, or by on-
>line or other forms of transmission," including the right to
>control the use of the data "at a time individually chosen by
>each member of the public."
>
>WHAT IS A "SUBSTANTIAL PART" OF THE DATABASE?
>
>The treaty sets out tests for determining if an extraction is
>"substantial," and these tests are both highly anticompetitive,
>and extremely broad in scope.
>
>The "substantiality" of a portion of the database is assessed
>against the "value of the database," and considers "qualitative
>and quantitative aspects," noting that "neither aspect is more
>important than the other . . . This assessment may also take into
>account the diminution in market value that may result from the
>use of the portion, including the added risk that the investment
>in the database will not be recoverable. It may even include an
>assessment of whether a new product using the portion could serve
>as a commercial substitute for the original, diminishing the
>market for the original."
>
>Then the treaty adds that a "substantial part" means any portion
>of the database, "including an accumulation of small portions . .
>. In practice, repeated or systematic use of small portions of
>the contents of a database may have the same effect as extraction
>or utilization of a large, or substantial, part of the contents
>of the database."
>
>In the US implementing legislation, the only types of data use
>that would not be regulated would be "insubstantial" parts,
>"whose extraction, use or reuse does not diminish the value of
>the database, conflict with a normal exploitation of the database
>or adversely affect the actual or potential market for the
>database." Under this language, a database owner could say that
>it might in the future want to charge for each transmission of a
>fact or an element of a database as part of its "normal
>exploitation" of the database. With the Internet and digital cash
>this claim is likely to be made. The public would not have "fair
>use" rights, since fair use is only defined in matters involving
>copyright.
>
>FOR HOW LONG? 15 YEARS, 25 YEARS, OR FOREVER?
>
>The Treaty would require a minimum term of protection (15 years
>in the EU proposal, and 25 in the United States proposal) for the
>database. But this is extended each time the database is revised
>or enhanced. According to the draft treaty, "any substantial
>change to the database, evaluated qualitatively or
>quantitatively, including any substantial change resulting from
>the accumulation of successive additions, deletions,
>verifications, modifications in organization or presentation, or
>other alterations, which constitute a new substantial investment,
>shall qualify the database resulting from such investment for its
>own term of protection."
>
>The provision on revisions raises the specter that protection for
>many databases will be perpetual. This could indeed be the case
>if the original versions of the database  are only "licensed" by
>the vendor for a limited period of time, so that the only
>available versions would be the new ones, which would have a new
>term of protection. [Database vendors write these restricted use
>licenses now].
>
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>INFORMATION POLICY NOTES is a free Internet newsletter sponsored
>by the Taxpayer Assets Project (TAP) and the Consumer Project on
>Technology (CPT).  Both groups are projects of the Center for
>Study of Responsive Law, which is run by Ralph Nader.  The
>LISTPROC services are provide by Essential Information.  Archives
>of Info-Policy-Notes are available from
>
>http://www.essential.org/listproc/info-policy-notes/
>
>TAP and CPT both have Internet Web pages.
>
>http://www.tap.org
>http://www.essential.org/cpt
>
>Subscription requests to info-policy-notes to listproc at tap.org with
>the message:  subscribe info-policy-notes Jane Doe
>
>TAP and CPT can both be reached off the net at P.O. Box 19367,
>Washington, DC  20036, Voice:  202/387-8030; Fax: 202/234-5176
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>







From azur at netcom.com  Mon Nov 11 08:40:56 1996
From: azur at netcom.com (Steve Schear)
Date: Mon, 11 Nov 1996 08:40:56 -0800 (PST)
Subject: Sports Statistics to Be Regulated Under WIPO Treaty (fwd)
Message-ID: <v02140b01aead0581ad8f@[10.0.2.15]>


This was my response to the excellent Telecom Regulation posting by Mr. Love.

[snip]
>If the treaty is approved and implemented, sports leagues
>will have far broader powers to dictate the terms and conditions
>under which sport statistics are reported and disseminated.
>Nolan Ryan's Earned Run Average (ERA), the number of tackles or
>quarterback sacks by Lawrence Taylor, Cal Ripken's career batting
>average, Bobby Hull's career assists, the number of steals by
>your favorite NBA point guard, and similar information will be
>"owned" by sports leagues.  According to the proposed treaty (and
>legislation introduced in the 104th Congress to implement the
>treaty), the NFL, NBA, NHL and MLB will have the right to prevent
>anyone from publishing these and other statistics without express
>permission from the sports league.  This will include the right
>to control access to the historical archives of sports
>statistics, and even to dictate who can publish the box scores
>from a game or print a pitcher's ERA on the back of a baseball
>card.
[snip]
>
>The treaty seeks, for the first time, to permit firms to
>"own" facts they gather, and to restrict and control the
>redissemination of those facts.  The new property right would lie
>outside (and on top) of the copyright laws, and create an
>entirely new and untested form of regulation that would radically
>change the public's current rights to use and disseminate facts
>and statistics.  American University Law Professor Peter Jaszi
>recently said the treaty represents "the end of the public
>domain."
>

I couldn't be more pleased that sports and greedy corporations which are
fixtures of American life are pushing for these draconian measures.  I hope
they pass with the strongest possible language and penalties and will
support same.

A broad section of the populace now takes this information for granted.
They will be outraged their elected representatives pass measures which
noticably limit their access to 'public domain' information which are part
of their daily lives.  This will serve to expose many of our elected as the
special interest puppets they are and align the common citizen with the
cypherpunks.  This, in turn, will undermine confidence in our
'unrepresentative' government and its authority.  Best of all it could lead
to populist boomerang legislation which emasculates current copyright law
and via widespread and flagrant 'civil disobedience' regarding copyright on
the Net.

I'm rubbing my hands in anticipation.



PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear             | Internet: azur at netcom.com
Lamarr Labs              | Voice: 1-702-658-2654
7075 West Gowan Road     | Fax: 1-702-658-2673
Suite 2148               |
Las Vegas, NV 89129      |
---------------------------------------------------------------------

Internet and Wireless Development

Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne, Libertarian, for President.
http://www.harrybrowne96.org







From cyshim at asiaonline.net  Mon Nov 11 08:51:23 1996
From: cyshim at asiaonline.net (Chang You Shim)
Date: Mon, 11 Nov 1996 08:51:23 -0800 (PST)
Subject: Sifting data; looking for "strong crypto"
In-Reply-To: <199611110903.BAA07962@infomatch.com>
Message-ID: <Pine.GSO.3.92.961112005022.21112A-100000@mail>


please put me off the list




On Mon, 11 Nov 1996, Murray Hayes wrote:

>
> As far as bit patterns go, is executable code random?
>
> mhayes at infomatch.com
>
> It's better for us if you don't understand
> It's better for me if you don't understand
>                                              -Tragically Hip
>
>






From cyshim at asiaonline.net  Mon Nov 11 08:52:53 1996
From: cyshim at asiaonline.net (Chang You Shim)
Date: Mon, 11 Nov 1996 08:52:53 -0800 (PST)
Subject: infowar Digest for 10 Nov 1996
In-Reply-To: <199611110511.VAA01029@toad.com>
Message-ID: <Pine.GSO.3.92.961112005151.21112F-100000@mail>


Please put me off from the list.





On Mon, 11 Nov 1996, list wrote:

>                        infowar Digest for 10 Nov 1996
>
> Topics covered in this issue include:
>
>    1: RE: Chemical Warfare Agents
>              by alm at io-online.com
>    2: Propaganda and TWA/CIA-Cocaine
>              by winn at infowar.com
>
>
>
> --------------------------------------------------------------------------
> 1                                Message:0001                            1
> --------------------------------------------------------------------------
> To: infowar at infowar.com
> From: "Betty G. O'Hearn" <betty at infowar.com>
> Subject: Infowar Digest  Vol. 1  # 1
>
>
> infowar at infowar.com
>
>                      Sunday, November 10 1996    Volume 01: Number 01
>
>                                        We thank our sponsors:
>
> National Computer Security Association
> OPEN SOURCE SOLUTIONS Inc.
> New Dimensions International - Security Training
> Secure Computing Corporation
> HOMECOM Communications
> Internet Security Solutions
> ___________________________________________________________
>
> Infowar at infowar.com is brought to you in the  the interest of an open,
> unclassified exchange of information and ideas as a means for advancement of
> Information Warfare related issues.   Topics of discussion for this list
> include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,
> Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD.
>
> As the list expands we will adapt to the needs and desires of our subscribers.
>
> This is a DIGEST format.
> ________________________________________________________________
>
> Contents of this Digest:               Volume 01: Number 01
>
> Infowar at infowar.com   Chemical Warfare Agents
> Infowar at infowar.com   Iraq   WMD
> Infowar at infowar.com   RE: Chemical Warfare Agents
>
> ----------------------------------------------
>
> To:        Wilson, Gary, COL, OSD/RA  GWilson at osd.pentagon.mil
> Cc:         betty at infowar.com
> Subject:  Re: Chemical Warfare Agents
>
> Chemical Warfare Agents
> An overview of chemicals defined as chemical weapons
>
> >> Main Groups
> >>
> >>     Nerve Agents
> >>     Mustard Agents
> >>     Hydrogen Cyanide
> >>     Tear Gases
> >>     Arsines
> >>     Psychotomimetic Agents
> >>     Toxins
> >>     Potential CW Agents
> >>
> What is a Chemical Warfare Agent?
>
> A United Nations report from 1969 defines chemical warfare agents as " ...
> chemical substances, whether gaseous, liquid or solid, which might be
> employed because of their direct toxic effects on man, animals and plants
> ... ".
> The Chemical Weapons Convention defines chemical weapons as including not
> only toxic chemicals but also ammunition and equipment for their
> dispersal.  Toxic chemicals are stated to be " ... any chemical which,
> through its
> chemical effect on living processes, may cause death, temporary loss of
> performance, or permanent injury to people and animals". Plants are not
> mentioned in this context.
>
> Toxins, i.e., poisons produced by living organisms and their synthetic
> equivalents, are classed as chemical warfare agents if they are used for
> military purposes. However, they have a special position since they are
> covered by the Biological and Toxin Weapons Convention of 1972. This
> convention bans the development,production and stockpiling of such
> substances not required for peaceful purposes.
>
> Today, thousands of poisonous substances are known but only a few are
> considered suitable for chemical warfare. About 70 different chemicals
> have been used or stockpiled as CW agents during the 20th century. Today, only
> a few of these are considered of interest owing to a number of demands that
> must be placed on a substance if it is to be of use as a CW agent.
>
> A presumptive agent must not only be highly toxic but also "suitably
> highly toxic" so that it is not too difficult to handle. The substance
> must be capable of being stored for long periods in containers without
> degradation and without corroding the packaging material. It must be
> relatively resistant to atmospheric water and oxygen so that it does not
> lose effect when dispersed. It must also withstand the heat developed when
> dispersed.
> >>
> "War Gases" are Seldom Gases
> >>
> CW agents are frequently called war gases and a war where CW agents are
> used is usually called a gas war. These incorrect terms are a result of
> history. During the First World War use was made of chlorine and phosgene
> which are gases at room temperature and normal atmospheric pressure. The
> CWagents used today are only exceptionally gases. Normally they are liquids
> or solids. However, a certain amount of the substance is always in
> volatile form (the amount depending on how rapidly the substance evaporates)
> and the gas concentration may become poisonous. Both solid substances and
> liquids can also be dispersed in the air in atomized form, so-called
> aerosols. An aerosol can penetrate the body through the respiratory organs
> in the same way as a gas. Some CW agents can also penetrate the skin. This
> mainly concerns liquids but in some cases also gases and aerosols. Solid
> substances penetrate the skin slowly unless
> they happen to be mixed with a suitable solvent.
>
> Effects on Vegetation
>
> Flowers and leaves of some plants may change colour if they are exposed to
> droplets of a CW agent in an attack. Light or matt spots may occur as well
> as brown discoloration, particularly on leaves. Entire trees, or parts of
> them, may also get brown discoloration in situations of strong exposure.
> The discoloration often arises within a few minutes but may also occur
> after some days.
>
> Classification
>
> CW agents can be classified in many different ways. There are, for
> example, volatile substances, which mainly contaminate the air, or persistent
> substances, which are involatile and therefore mainly cover surfaces.
> CW agents mainly used against people may also be divided into lethal and
> incapacitating cathegories. A substance is classified as incapacitating if
> less than 1/100 of the lethal dose causes incapacitation, e.g., through
> nausea or visual problems. The limit between lethal and incapacitating
> substances is not absolute but refers to a statistical average. In
> comparison, it may be mentioned that the ratio for the nerve agents
> between the incapacitating and lethal dose is approximately 1/10. Chemical
> warfare agents are generally also classified according to their effect on the
> organism.
>
> In order to achieve good ground coverage when dispersed from a high
> altitude with persistent CW agents the dispersed droplets must be
> sufficiently large to ensure that they fall within the target area and do
> not get transported elsewhere by the wind. This can be achieved by
> dissolving polymers (e.g., polystyrene or rubber products) in the CW agent
> to make the product highly-viscous or thickened. The result will be that
> the persistence time and adhesive ability increase which thus complicates
> decontamination.
>
> Although it may appear that a CW agent can be "custom-made" for a certain
> purpose, this is not the case. Instead, there is always some uncertainty
> about the persistence time, the dispersal and the effect.
>
> These Military Chemicals are Not Considered to be Chemical Weapons
>
> Incendiary agents such as napalm and phosphorus are not considered to be
> CW agents since they achieve their effect mainly through thermal energy.
> Certain types of smoke screen may be poisonous in extremely high
> concentrations but, nonetheless, smoke ammunition is not classed as a
> chemical weapon since the poisonous effect is not the reason for their
> use. Plants, microorganisms, algae, etc. which produce toxins are not classed
> as chemical weapons even if the produced toxins belong to that class.
> Pathogenic microorganisms, mainly viruses and bacteria, are classed as
> biological weapons.
>
> --------------------------------------
>
> From:   "Wilson, Gary, COL, OSD/RA" <GWilson at osd.pentagon.mil>
> Subject:  Iraq: WMD
> Date:      Fri, 1 Nov 1996 08:24:37 -0500
>
>    WASHINGTON (AP) -- Before and during the 1991 Persian Gulf War, truck
> convoys carried Iraqi chemical and biological weapons, as well as nuclear
> material to safe haven in Iran, according to U.S. intelligence documents.
> >   "The trucks were camouflaged with mud during their travel through Iraqi
> >territory," said the report placed Thursday on the Internet. "The convoy moved
> >only at night. The mud was washed off after re-entry into Iranian territory."
> >   The report said "at least 14 trucks were identified as having nuclear,
> >biological and chemical cargo. Boxes labeled 'tularemia,' 'anthrax,'
> 'botulinum' and 'plague' were loaded into containers."
> >   The trucks were driven by Iranian civilians who turned them over to Iranian
> >Revolutionary Guards.
> >   That account was among more than 200 documents placed on the Internet over
> >the objections of the CIA. They were put on the worldwide computer network by
> >publisher Bruce W. Kletz, who plans to put out a book by a former CIA analyst,
> >Patrick Eddington.
> >   Eddington asserts that the agency has hidden evidence that American troops
> >were exposed to Iraqi chemical weapons.
> >   "These documents are still under review," CIA spokesman Mark Mansfield said.
> >"We consider portions of them to be classified."
> >   The Pentagon originally put the material on the Internet and then
> withdrew it in February when the CIA objected to making it public.
> >   While numerous studies have found no conclusive evidence that Iraqi forces
> >used chemical or biological weapons against U.S. troops during the 1991 war, it
> >is feared U.S. forces could have been exposed to nerve gas as they destroyed an
> >Iraqi munitions dump after the war's end.
> >   Iraq's transfer of material to Iran was a new example of cooperation between
> >two countries that fought an eight-year war but became covert allies when a
> >U.S.-led coalition demanded that Iraq withdraw forces that occupied Kuwait in
> >August 1990.
> >   During the ensuing Persian Gulf War, Iran allowed Iraqi planes to land
> on its territory to escape destruction by coalition forces. The planes were not
> allowed to rejoin the Iraqi military during the conflict.
> >   The documents did not shed new light on whether U.S. forces came into
> contact with Iraqi chemical weapons. But they did show the concern about Iraq's ability to manufacture and deploy such weapons.
> >   One document cited a defector's account that "at least one chemical company
> >is attached to each (Iraqi) division."
> >   Russia may have supplied biological warfare technology to Iraq and North
> >Korea, according to a report written in 1994. "It was believed that the
> >technology transfer commenced several years prior to April 1992 and was
> still in progress during April 1992," the report said.
> >   The material also indicated the government had evidence that Iraq had moved
> >chemical weapons into Kuwait.
> >   One report in January 1991, from an Iraqi national, said that chemical land
> >mines had been loaded for shipment to Kuwait. The report said the information
> >"cannot be confirmed."
> >   In September 1990, less than two months after Iraq occupied Kuwait, evidence
> >was seen that "Iraqi forces may be conducting chemical decontamination
> >exercises. They could be preparing for a chemical attack."
> >   During the same period, when the United States and its allies were massing
> >forces in the Persian Gulf region, U.S. officials were concerned that
> terrorists
> >allied with Iraqi President Saddam Hussein would stage attacks on allied
> forces.
> >
> >   Among the records returned to the Internet is a Nov. 3, 1995, memo
> written by Paul Wallner, a Pentagon official heading an oversight panel dealing with Gulf War veterans' illnesses.
> >   Noting that various military officials and departments had "expressed
> concern about potential sensitive reports or documents on GulflINK," the Persian Gulf War web site, Wallner recommended certain steps to "allow the investigation
> team time to begin preparation of a response on particular 'bombshell' reports."
> >   According to the memo, a host of material would be subject to further
> review, including "documents containing releasable information which could
> embarrass the government or DoD," the Department of Defense.
> >   It also warned that additional scrutiny would be needed on documents "that
> >could generate unusual public/media attention" or those "which seem to confirm
> >the use or detection of nuclear, chemical or biological agents."
>
> -------------------------------------------------------
> Notes from Moderator:
>
> 1. GulfLINK documents can now be downloaded from infowar.com
>
> 2. WEAPONS OF MASS DESTRUCTION IN TERRORISM
> The Emerging Threat Posed by Non-State Proliferation, James K. Campbell is an interesting read.  The article is posted on infowar.com under the What's New section.
>
> --------------------------------------------------------
>
> ate: Tue, 29 Oct 1996 12:22:27 -0700
> To: winn at Infowar.Com
> From: alm at io-online.com
> Subject: RE: Chemical Warfare Agents
> Cc: "Wilson, Gary, COL, OSD/RA" <GWilson at osd.pentagon.mil>,
>  betty at infowar.com, 'Ron Lewis' <INTELLIGYST at worldnet.att.net>
>
> I think we have an excellent example of the psychological impact of
> chemical weapons in the case of Israel right now.  The news statements
> about land for peace in the Golan came shortly after new gas masks were
> issued in Israel and I got curious.  I went back and checked the news
> database and found that speeches recomending not serving in the IDF, that
> students should leave Israel, and a wide variety of other self defeating
> actions peaked at about one week after news of chemical weapons threats,
> issueing of gas masks, and other news of this type appeared in the papers
> there.  This comes after a long period of stress and being on high alert.
> Early reactions seem to be panic, after a period of such stress it seems
> make people (at least in this situation) turn in on themselves, willing to
> abandon strongly held beliefs, etc. without knowingly tieing it to the
> threats.  The attacks seemed aimed not at the threats but at the government
> of Israel; yet, they are tied time-wise to increased pressure.  This was
> traced over a two year period which gives some validity rather than a
> one-time relationship.
>
> I hate to say it, but this is an excellent laboratory for a variety of such
> studies as it isn't artificial and its one of the few places where open
> information is available on on-going threats of various types.
> Sociologists have already done studies on behavior in society and such
> using this lab.
>
> Alijandra
> ------------------------------------------------------
>
> END
>
> Infowar             Sunday, November 10 1996        Volume 01: Number 01
>
>
> DIRECT REQUESTS to:    list at infowar.com with one-line in the BODY, NOT
> in the subject line.
>
> Subscribe infowar        TO JOIN GROUP
> Unsubscribe infowar    TO LEAVE GROUP
> Help infowar               TO RECEIVE HELP
> TO POST A MESSAGE:  E-Mail to   infowar at infowar.com
>
> _____________________________________________________
> Infowar.Com
> Interpact, Inc.
> Winn Schwartau
> winn at infowar.com
> http://www.infowar.com
> 813-393-6600  Voice
> 813-393-6361  FAX
>
> Sponsor Opportunities/Comments/Help
>
> Betty G. O'Hearn
> Assistant to Winn Schwartau
> http://www.infowar.com
> betty at infowar.com
> 813-367-7277  Voice
> 813-363-7277  FAX
>
>
>
> --------------------------------------------------------------------------
> 2                                Message:0002                            2
> --------------------------------------------------------------------------
> To: infowar at infowar.com
> From: "Betty G. O'Hearn" <betty at infowar.com>
> Subject: Infowar Digest  Vol. 1  #2
>
>
> infowar at infowar.com=20
>
>              Sunday, November 10  1996  Volume 01: Number 02
>
>                                We thank our sponsors:
>
> National Computer Security Association
> OPEN SOURCE SOLUTIONS
> New Dimensions International - Security Training
> Secure Computing Corporation
> HOMECOM Communications
> Internet Security Solutions
> __________________________________________________
> Infowar at infowar.com is brought to you in the  the interest of an open,=
>  unclassified exchange of information and ideas as a means for advancement=
>  of Information Warfare related issues.   Topics of discussion for this list=
>  include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,=
>  Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD.=20
>
> As the list expands we will adapt to the needs and desires of our=
>  subscribers.=20
>
> This is a DIGEST format.
> __________________________________________________________
>
> Contents  Vol. #1  No.2
>
> infowar   Original Allegations - Flt 800 Disaster
> infowar   Propaganda and TWA/CIA-Cocaine
> infowar   Electronic Civil Defense
>
> -------------------------------------------
> To: winn at Infowar.Com
> Date: 8 Nov 1996 14:33:38 CST
> Subject: Original Allegations - Flt. 800 Disaster
>
> ENN Special Report
> 11/08/96 - 13:45CST
>
> Original Allegations of Friendly Fire Came From Alleged Iranian
> Propagandist
>
> (ENN) In light of yesterday's statements by former JFK Press Secretary
> Pierre Sallinger, the Emergency Response & Research Institute conducted
> an internal literature review of documents regarding the TWA Flight 800
> disaster.  This internal probe included e-mail, newsgroup postings,press=
>  reports, and consultations with experts, received from numerous sources. =
>  It revealed that the original allegations of a U.S. Naval "friendly fire=
>  incident" came from an alleged Iranian/Extremist Moslem propagandist named=
>  Parveez Syad, aka Parveez Hussein, who was operating from a base in=
>  Birmingham, England at the time.  Interestingly, Mr.Hussein/Syad=
>  distributed these allegations widely on the Internet within 48 hours of the=
>  incident and made what appeared to be premature accusations that the United=
>  States was already engaged in a "cover-up."
>
> Mr. Hussein/Syad's current whereabouts are unknown, and it is believed
> that he may have been the subject of a government investigation in
> England. Concerns were raised, at the time, by ERRI analysts that Mr.
> Syad/Hussein may have been engaged in an "disinformation" campaign in an=
>  effort to deflect attention from possible moslem extremist involvement
> in the bombing of Flt. 800. Subsequent inquiries and examinations by
> ERRI seem to verify that there was a concerted "foreign" effort to obscure=
>  and confuse a number of issues involved in the Flt. 800 investigation.
>
> Speculation continues among experts in regard to the authenticity of the
> alleged U.S. government documents that are reportedly in the possession
> of Mr. Sallinger. Without examination of these documents, ERRI analysts
> say that further confirmation of Mr. Sallinger's statement is difficult
> at best. One purposefully unidentified consultant told ENN that it is
> even possible that Mr. Sallinger and French intelligence agents may have
> been "duped" by a "foreign effort."
>
> U.S. Navy and FBI officials have both "catagorically denied" any viable
> evidence of a "friendly fire" incident or of any sort of "cover-up" on
> the part of the U.S. government. James Kallstrom announced today that he
> would welcome any additional information or evidence that Mr. Sallinger
> or others might have in regard to the Flight #800 tragedy.
>
> EmergencyNet News Service (ENN)
> Emergency Response & Research Institute (ERRI)
> 6348 N. Milwaukee Ave., #312
> Chicago, IL. 60646
> (773) 631-3774 - Voice
> (773) 631-4703 - Fax
> (773) 631-3467 - Modem/Emergency BBS On-Line
> -------------------------------------
>
> Date: Fri, 8 Nov 96 16:26 EST
> From: Michael Wilson <0005514706 at mcimail.com>
> To: G-TWO List Members <g-two at majordomo.netcom.com>
> Subject: Propaganda and TWA/CIA-Cocaine
>
> Many of you may be dealing with questions regarding the two matters, so
> I thought I would make this available to you.
>
> ---
> Two recent events in the media are prompting my writing a very brief=
>  commentary:
> allegations of a cover-up in the TWA Flight 800 disaster and the alleged=20
> CIA-Cocaine connection into the L.A. urban environment. My comments will be=
>  directed at the propaganda value of these media events, as I'm currently=
>  engaged in writing a primer on propaganda, and these make interesting case=
>  studies.
>
> Modern propaganda comes in many forms, but of primary concern in these two=
>  cases are:
> - 'Mobile truth,' or the reinterpretation of events (revisionist history), a=
> =20
> common feature on the Internet, which is increasingly becoming an entry=
>  point into the more conventional media;
> - Psyops in support of operations, including spin control, after action=
>  reports,or informative accounts when the media is controlled by=
>  intelligence and law enforcement;
> - The digital nature of media--text, photographs, video, audio--has=
>  undermined the ability to establish the reality of what they represent as=
>  observational proxies. This has recently been termed the 'fictive=
>  environment' by the military, and I'll use the term for lack a better one.
>
> Let me discuss the two cases in terms of these points:
>
> TWA 800
> Ever since Flt. 800 went down, the conspiracy theorists have been out on the=
>  Internet, alleging everything from a Syrian missile to a 'friendly fire'=20
> accident. Part of these allegations have been blind assertions, but some=
>  have=20
> been backed up with 'proof' that entails supposed photographs and internal=
> =20
> government documents.
>
> Mobile truth: in the absence of public facts or knowledge, speculation has=
>  run wild. As usual, everyone's favorite pet suspect emerges--terrorists,=
>  the U.S. Navy, government cover-ups, etc. This 'playing to the audience'=
>  has received wide audience and coverage, because it is media hot--it=
>  attracts a lot attention simply because it receives attention in the=
>  viewers, readers, etc. in a self-fulfilling way. It plays on public and=
>  hidden fears; provides simple=20
> solutions; gives an enemy to hate, react against; it justifies the beliefs=
>  and=20
> agenda of many. The only solution is to provide facts, hopefully answers; of=
> =20
> course, this is antithetical to the investigatory (scientific and criminal)=
> =20
> process. This vacuum of data is being capitalized on by individuals or=20
> organizations who know that the official channels are going to be closed to=
>  the public--their motive is something I have no desire to quantify.
>
> PsyOps: this game is lose-lose for everyone; the public is confused and=
>  angered, the investigation is hampered or discredited, the sources of the=
>  false information will eventually be shown to be wrong (although they will=
>  launch secondary operations to manage this as well, alleging further=
>  cover-up, conspiracy, and so forth). What happens though is a continual=
>  lessening of the resistance in the information environment to future psyops=
>  operations, and this is the long term benefit sought by the perpetrators.=
>  Confidence in the government is at an all time low--post Viet Nam,=
>  Watergate, Iran-Contra, Whitewater, etc. The readiness to believe the worst=
>  becomes greater and greater, and public mental health suffers.
>
> Fictive environment: while ground truth comes from direct observation, we're=
>  becoming more dependent upon observational proxies than ever=
>  before--photos, audio, video, documents, etc. The memories of observers is=
>  a questionable thing at best (the madness of crowds), but digital trickery=
>  are removing the trust values that we, only a few years ago, were able to=
>  place in 'more reliable' materials. In the case of TWA, just as in most any=
>  case, the creation or faking of evidence requires only modest skills and a=
>  personal computer. Photos can be digital from their origin, and once=
>  transferred into a computer with the right software, they can be merged or=
>  altered in ways that are=20difficult to refute, even when false. Documents=
>  are trivial to manufacture; elements used for provenance, showing a truth=
>  and history of origin, can be falsified in a variety of ways (optically=
>  scanning letterhead or signature, creation from scratch by matching=
>  typeset, etc.), and the textual body can be anything imagined (and textual=
>  analysis or comparison is commonly beyond the capabilities of the=
>  audience). Video and audio are slightly more complex (in levels of effort);=
>  video modification, loosely based on the same technology used to alter=
>  photographs, requires greater skill and more powerful equipment, but is=
>  gradually coming into the range of the average consumer, just as audio=
>  sampling and modification technology has reached the 'garage' level. All=
>  this calls into question any materials of physical evidence, but those=
>  distributed over the Internet are particularly ntrustworthy--even the lower=
>  resolution of net-distribution works to the advantage of the creation of=
>  such materials. I expect this problem to have increasing impact as time=
>  goes on, including in criminal and civil cases (for instance, in the Yousef=
>  case in New York, where he claimed his computer files were faked, or the=
>  potential falsification of photographic evidence in the Simpson civil=
>  trial).
>
> In short, the discussion and materials on/using the Internet have done=
>  little to advance the search for the truth of the matter in TWA 800, and=
>  have done much harm (diverting critical manpower from the investigation,=
>  damaging the credibility of the investigation, etc.).
>
> CIA-Cocaine connection
> TWA and this accusation actually have much in common from a propaganda=
>  standpoint. The allegation (made by the San Jose Mercury News) was that=
>  assets associated with the CIA-backed effort in support of the Contras were=
>  trafficking in cocaine, which helped to finance the (c)overt war. In=
>  particular, the cocaine smuggled into the U.S.A. was supposed to have been=
>  converted into the 'crack' or rock (smokable) form, and introduced into the=
>  African-American urban setting in Los Angeles, with the undertones being=
>  that it was a conspiracy to undermine the solidarity of the A-A community.
>
> Mobile truth: the basic assertion never actually connected the CIA with any=
> =20
> involvement or trafficking, yet the implication (made indirectly or=
>  directly,=20
> depending on the source) was that it was a tacit CIA operation. Far be it=
>  for me to write the apologia for the Agency, but not only is the supposed=
>  action=20
> illegal and immoral, it is also highly unlikely. Creative interpretation of=
>  the=20
> events allowed a rather clever ontological judo--the all-powerful,=
>  all-knowing CIA either had to admit they had no idea what their assets were=
>  involved in (thus damaging the all-knowing aspect of their reputation);=
>  they could admit to knowledge but inaction (thus criminal facilitation, or=
>  having to say that sometimes they need the help of 'bad' people, not a=
>  politically correct position); or they could deny any involvement, and=
>  foster the continual suspicion of cover-up, conspiracy, and hidden agendas.=
>  Any way they move, they lose. This is again a position where history has=
>  created an impression that the Agency would perform the worst action in=
>  support of their own agenda,=20and then actively protect themselves from=
>  investigation; no amount of reform or whitewashing can reverse the trend.=
>  The strength of this attack on the credibility of the Agency is that it=
>  plays so well with public impressions of the Agency, appears to fit the=
>  profile of previous Agency violations of public trust, but can't be=
>  defended against because of the secrecy requirements of the Agency, and the=
>  improbable success of proving a negative assertion (that the Agency wasn't=
>  responsible).
>
> PsyOps: a factor to consider is that the accusations were made during an=20
> election period in a key state where the issue solidified a constituency=
>  into a=20
> solid position against their 'traditional' opposition. The issue is very=
>  much a=20
> political one, and directed at rekindling public animosity about past deeds=
>  (and misdeeds) to shape current public impressions. Again, the long term=
>  casualties of all this are the public trust and credibility of a key but=
>  troubled Agency; politically expedient attacks which undermine the=
>  political process; and the continued progression of the perversion of the=
>  information environment.
>
> Fictive environment: no proof was actually offered (mostly proof by=
>  assertion, as well as collateral association), but the very absence of=
>  proof feeds in to the mobile truth and psyops elements of the operation.=
>  Clearly no public documentation and argument could be offered from an=
>  Agency that must maintain its security and integrity, and no proof could be=
>  offered to prove the Agency wasn't involved, a negative assertion (a common=
>  element in this sort of propaganda operation).
>
> The CIA, Congress, and Justice Department are now engaged in investigations=
>  of the allegations; as such, they will be on-going events to continue the=
>  propaganda campaign, with a predictable end--the Agency finds no proof in=
>  their records and interviews, which is then interpreted as continuing=
>  evidence of a cover-up and conspiracy.
>
> Conclusion-- Media manipulation, particularly using the Internet as a method=
>  of propagation of the propaganda message or as an entry point into the=
>  conventional media cycle, is becoming more of a problem. Clearly everyone=
>  suffers, and the general atmosphere of distrust and disbelief, not to=
>  mention disgust, prevail.
>
> Michael Wilson
> 5514706 at mcimail.com
> ------------------------------------------
> To:     infowar at infowar.com
> From: winn at infowar.com
> Date:  November 8, 1996
> Subj:  Electronic Civil Defense Becomes a National Issue
>
> In June of 1991, I testified before Congress that unless we moved forward as=
>  a nation, we faced the possible specter of an "Electronic Pearl Harbor."=
>  Five years to the day later, that same phrase was used by John Deutch and=
>  others to wake up Congress and America that indeed a new concept of=
>  national security has evolved as the Cold War wound down.
>
> I recently ran into a Libertarian friend and lawyer who was somewhat upset=
>  with me. "You are single handedly responsible for the backlash and efforts=
>  of law enforcement to take away our personal freedoms." He was referring to=
>  the comments made by FBI Director Louis Freeh, that additional electronic=
>  eavesdropping capabilities were needed to thwart the threats of domestic=
>  terrorism. He also referred to various law enforcement concerns that unless=
>  US citizens voluntarily complied with a Key Escrow scheme of some variety,=
>  it might be necessary to legislate a common cryptographic system which=
>  would not interfere with government investigations into crime and=
>  terrorism.
>
> "So, it's all my fault?" I asked him in the presence of others.
>
> He paused, and with only a twinge of humor said, "yes."
>
> Well, I do not believe or accept for a moment that the work we have done in=
>  the last several years is solely responsible for the extreme measures being=
>  discussed, but my friend's concerns are legitimate and must be addressed.=
>  He is keenly concerned, as many of us are, that recent headline grabbing=
>  events may trigger law enforcement to overreact and with the emotional=
>  support of many Americans, permit laws to be passed that a few short years=
>  ago we never would have tolerated.
>
> Civil Libertarians are quick to point out that if we permit law enforcement=
>  to regain unbridled powers of electronic eavesdropping, we provide them=
>  with the capability of abuse.
>
> "Today's government may be fine. But we don't know about tomorrow's=
>  government." They openly refer to the abuses of the Hoover FBI where, most=
>  of will admit, things did get out of hand. I've met with CIA case officers=
>  who feel hamstrung by their inability "to get the job done" in an effective=
>  way, because they are paying for the sins of their predecessors. Most of=
>  the FBI agents I know understand the legitimate fears of the civil=
>  liberties groups, but also know that they must have increased access to=
>  technology to defeat criminal activities.
>
> The issue comes down to one of balance. Pure and simple. "Whom do you trust"=
>  is a high profile collateral issue.=20
>
> But let's understand what has catalyzed much of these moves on the part of=
>  law enforcement:
>
> 	- The Oklahoma City bombing
> 	- The World Trade Center bombing
> 	- The Lockerbie Tragedy
> 	- The US Military Bombing in Saudi Arabia
> 	- TWA Flight 800
> 	- The Olympic Bombing
>
> These events trigger deep emotional responses on the part of most Americans=
>  and a call for action. "What can we do?" "Do something." "This shouldn't=
>  happen in America." "Protect us." And the predictable response from law=
>  enforcement is to ask for additional powers. Balance. It's all about=
>  balance.
>
> The critics say that Law Enforcement can push electronic taps past friendly=
>  judges with little inquiry on their part. The FBI says it takes a mass of=
>  paper work and evidence to convince a judge. There were less than 2,000=
>  phone taps issued last year - and I guess I feel that's not a whole lot.=
>  260,000,000 people, less than 2,000 taps. You add it up.=20
>
> Resources on the part of law enforcement are pretty scant. They do not have=
>  the budget or manpower to indiscriminately tap phones everywhere and=
>  analyze their contents. It's manpower intensive. They have to be selective.=
>  In many ways I wish they listened in on more of the bad guys. On one phone=
>  tap, an FBI agent told me, their target said in a taped conversation, "hey,=
>  the feds are tapping the phone. Let's whisper." Bad guys are not all rocket=
>  scientists.
>
> But on a national scale, we do indeed face a new risk, a new vulnerability,=
>  for which my friend blames me. It's all my fault. Right. In "Information=
>  Warfare" and other works, I maintained that the civilian infrastructure was=
>  the unacknowledged target of future adversaries.
>
> I don't believe we will see Submarines sailing up the Potomac, or that enemy=
>  planes will come into San Francisco Bay. Just won't happen. But I fear we=
>  will see attacks against the econo-technical infrastructure, affecting not=
>  only we citizens, but the ability of law enforcement and the military to=
>  function as we wish them to.
>
> On July 15 of this year, President Clinton issued an Executive Order calling=
>  for the Establishment of  President's Commission on Critical Infrastructure=
>  Protection.
>
> I applaud much of it, but I also think we have to maintain caution on how it=
>  is effected. His order says:
>
> Certain national infrastructures are so vital that their incapacity or=
>  destruction would have a debilitating impact on the defense or economic=
>  security of the United States.
>
> These critical infrastructures include:
>
>  telecommunications,
>  electrical power systems,
>  gas and oil storage and transportation,
>  banking and finance,
>  transportation,
>  water supply systems,
>  emergency services (including medical, police, fire, and rescue), and
>  continuity of government.
>
> Threats to these critical infrastructures fall into two categories:
>
> 1. physical threats to tangible property ("physical threats"),
>
> 2. and threats of electronic, radio-frequency, or computer-based attacks on=
>  the information or communications components that control critical=
>  infrastructures ("cyber threats").
>
> Because many of these critical infrastructures are owned and operated by the=
>  private sector, it is essential that the government and private sector work=
>  together to develop a strategy for protecting them and assuring their=
>  continued operation.
>
> This part of President Clinton's statement is right on the mark. These are=
>  all critical structures of the macro-sized econo-technical infrastructure,=
>  of which the NII and other bits are sub-infrastructures. However, when it=
>  comes to forming a committee, the people and groups he wishes to handle the=
>  problem are quite government-centric.
>
> 	- Department of the Treasury;
> 	- Department of Justice;
> 	- Department of Defense;
> 	- Department of Commerce;
> 	- Department of Transportation;
> 	- Department of Energy;
> 	- Central Intelligence Agency;
> 	- Federal Emergency Management Agency;
> 	- Federal Bureau of Investigation;
> 	- National Security Agency.
>
> The committee members are to include:
>
> 	- Secretary of the Treasury;
> 	- Secretary of Defense;
> 	- Attorney General;
> 	- Secretary of Commerce;
> 	- Secretary of Transportation;
> 	- Secretary of Energy;
> 	- Director of Central Intelligence;
> 	- Director of the Office of Management and Budget;
> 	- Director of the Federal Emergency Management Agency;
> 	- Assistant to the President for National  Security Affairs;
> 	- Assistant to the Vice President for National Security Affairs.
>
> The immediate concern I see is that the government wants to take charge on=
>  an issue and threat that is of mutual concern to the private sector and the=
>  government, but that at the highest levels of the President's Order and his=
>  Committee, we see no private sector representation. It is merely on a=
>  consultory basis.
>
> The Commission shall:
>
>         (a) within 30 days of this order, produce a statement of its mission=
>  objectives, which will elaborate the general objectives set forth in this=
>  order, and a detailed schedule for addressing each mission objective, for=
>  approval by the Steering Committee;
>
>         (b) identify and consult with: (i) elements of the public and=
>  private  sectors that conduct, support, or contribute to infrastructure=
>  assurance; (ii) owners and operators of the critical infrastructures; and=
>  (iii) other elements of the public and private sectors, including the=
>  Congress, that have an interest in critical infrastructure assurance issues=
>  and that may have differing perspectives on these issues;
>
>         (c) assess the scope and nature of the vulnerabilities of, and=
>  threats to, critical infrastructures;
>
>         (d) determine what legal and policy issues are raised by efforts to=
>  protect critical infrastructures and assess how these issues should be=
>  addressed;
>
>         (e) recommend a comprehensive national policy and implementation=
>  strategy for protecting critical infrastructures from physical and cyber=
>  threats and assuring their continued operation;
>
>         (f) propose any statutory or regulatory changes necessary to effect=
>  its recommendations; and
>
>         (g) produce reports and recommendations to the Steering Committee as=
>  they become available; it shall not limit itself to producing one final=
>  report.
>
> I first wrote a National Infomation Policy in 1993, and I am pleased to see=
>  that the President has included similar wording. However, a national policy=
>  must, on balance, also provide for enhanced personal electronic security=
>  for the average American. It cannot be a one-sided law enforcement issue.=
> =20
>
> I worry about "consult with industry" along the same lines that the Key=
>  Escrow adherents consulted with industry, but generally did what they=
>  wanted to anyway. This has been an ongoing battle between industry and the=
>  White House with respect to "Clipper" style proposals and export control=
>  over encryption. Do we face the same situation with the Infrastructure=
>  Protection Committee?
>
> In this same vein, the President did recognize some input by the private=
>  sector:
>
> (a) The Commission shall receive advice from an advisory committee=
>  ("Advisory Committee") composed of no more than ten individuals appointed=
>  by the President from the private sector who are knowledgeable about=
>  critical infrastructures. The Advisory Committee shall advise the=
>  Commission on the subjects of the Commission's mission in whatever manner=
>  the Advisory Committee, the Commission Chair, and the Steering Committee=
>  deem appropriate.
>
> Again, the structure is that the government is in charge and the private=
>  sector, whose very interests are at stake here, is reduced to an Advisory=
>  status. This is a keen focus of concern.
>
> But then, a surprising phrase was in the President's Order:
>
> (f) The Commission, the Principals Committee, the Steering Committee, and=
>  the Advisory Committee shall terminate 1 year from the date of this order,=
>  unless extended by the President prior to that date.
>
> Only a year. I've been at this for years and years, and the awareness=
>  process takes significant time. There are still major players both in the=
>  government and the private sector who do not understand the nature of the=
>  threats and vulnerabilities, and I fear that a mere one year effort, led by=
>  some of the busiest people in the country today, will not receive the=
>  attention it deserves.
>
> My Civil Libertarian lawyer friend had significant problems with the=
>  following portion of the President's Order (for which I am blamed, of=
>  course!).
>
> (a) While the Commission is  conducting its analysis and until the President=
>  has an opportunity to consider and act on its recommendations, there is a=
>  need to increase  coordination of existing infrastructure protection=
>  efforts in order to better address, and prevent, crises that would have a=
>  debilitating regional or national impact.  There is hereby established an=
>  Infrastructure Protection Task Force ("IPTF") within the Department of=
>  Justice, chaired by the Federal Bureau of Investigation, to undertake this=
>  interim coordinating mission.
>
> (d) The IPTF shall include at least one full-time member each from the=
>  Federal Bureau of Investigation, the Department of Defense, and the=
>  National Security Agency.  It shall also receive part-time assistance from=
>  other executive branch departments and agencies. Members shall be=
>  designated by their departments or agencies on the basis of their expertise=
>  in the protection of critical   infrastructures.  IPTF members'=
>  compensation shall be paid by their parent agency or department.
>
> "Oh, great!" he exclaimed. "Now we're gonna have the Army sitting with=
>  M-16's outside the phone company, and the NSA listening in on Americans to=
>  see if they pollute the water supply. This is too damned much." He=
>  shuddered at the thought of having the these three groups working together=
>  on a domestic basis. It brought back to him too many memories of bygone=
>  days he would like to see remain in the past.
>
> On the other hand, what better group than the DoD to head up an effective=
>  response organization? The President, rightfully so, put the FBI and the=
>  Dept. of Justice in charge of the IPTF; after all they are responsible for=
>  domestic national law enforcement. But the DoD has massive resources,=
>  capabilities and manpower to deploy in times of trouble.
>
> The trouble is, and we will have to face this dilemma straight on, is that=
>  the US Military cannot be deployed in domestically due to the Posse=
>  Comitatus Act of 1878, without an Executive Order. And the NSA is similarly=
>  restricted from domestic operation, but is standing up its own 1,000 man=
>  Information Warfare division.=20
>
> There are legitimate ways around these problems, and we do need to have=
>  built-in oversights to satisfy the concerns of those who don't want the=
>  government taking over the whole shebang. But the concept of the IPTF's=
>  mission is again, absolutely on mark.
>
> (e) The IPTF's function is to identify and coordinate existing expertise,=
>  inside and outside of the Federal Government, to:
>
> (i) provide, or facilitate and coordinate the provision of, expert guidance=
>  to critical infrastructures to detect, prevent, halt, or confine an attack=
>  and to recover and restore service;
>
> (ii) issue threat and warning notices in the event advance information is=
>  obtained about a threat;
>
> (iii) provide training and education on methods of reducing vulnerabilities=
>  and responding to attacks on critical infrastructures;
>
> (iv) conduct after-action analysis to determine possible future threats,=
>  targets, or methods of attack; and
>
> (v)  coordinate with the pertinent law enforcement authorities during or=
>  after an attack to facilitate any resulting criminal investigation.
>
> The Committee is supposed to address the very issues that many of us have=
>  been addressing - to full audiences, but often empty years. From where I=
>  stand, the White House has caught the vision and it prepared to do=
>  something about it.
>
> My complaints are essentially two fold:
>
> 	1. We have to have greater civilian input and representation on the=
>  Committee at the highest levels, not merely in an advisory capacity.
>
> 	2. The 1 year term is short-sided.
>
> And yes, I do agree with my Libertarian pal, that however this all shakes=
>  out, we must have a third party oversight process to insure we never do=
>  return to the abusive days of yore.
>
> Kudos to the White House for putting Electronic Civil Defense on their=
>  plate.
>
> For a complete copy of the Presidential Order: http://www.infowar.com
>
> Winn Schwartau
> ------------------------------------------------------------
>
> END
>
> Infowar             Sunday, November 10 1996        Volume 01: Number 02
>
>
> DIRECT REQUESTS to:    list at infowar.com with one-line in the BODY, NOT
> in the subject line.
>
> Subscribe infowar        TO JOIN GROUP
> Unsubscribe infowar    TO LEAVE GROUP
> Help infowar               TO RECEIVE HELP=20
> TO POST A MESSAGE:  E-Mail to   infowar at infowar.com =20
>
> _____________________________________________________
> Infowar.Com
> Interpact, Inc.
> Winn Schwartau
> winn at infowar.com
> http://www.infowar.com
> 813-393-6600  Voice
> 813-393-6361  FAX
>
> Sponsor Opportunities/Comments/Help
>
> Betty G. O'Hearn
> Assistant to Winn Schwartau
> http://www.infowar.com
> betty at infowar.com
> 813-367-7277  Voice
> 813-363-7277  FAX
>
>






From cyshim at asiaonline.net  Mon Nov 11 08:54:31 1996
From: cyshim at asiaonline.net (Chang You Shim)
Date: Mon, 11 Nov 1996 08:54:31 -0800 (PST)
Subject: GAK?
In-Reply-To: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>
Message-ID: <Pine.GSO.3.92.961112005038.21112B-100000@mail>


Please put me off the list




On Mon, 11 Nov 1996, Mark M. Lacey wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> Could someone please fill me in on what GAK stands for
> since it seems to be central to some of the on going
> conversations.
>
> Thanks,
>
> Mark M. Lacey <mml at halcyon.com>
> "Speaking for nobody but myself."
> [Finger mml at halcyon.com for my PGP public key.]
> [If you don't have 'finger', e-mail me for it.]
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQEVAwUBMobmyB/Hx+OuZC/tAQGRTAf/R2t+/JC1k3lhQcqIcRWO2HyxHgf6+ko2
> 2ngQBXyMrInQtaXorcZ2LFrfie4GD68S0nLWKlwqaN09+/O72Bze1pyGd3dHBI4b
> vazgQZq1zxWuHcCYg1r5QDwt0NJOZg4tRHROHmUiuLLeNfFwusWPnW+RMI2nTo39
> g/sXWhRUF83vhyztC5+zOKmxjEQOBf3Wxq0FLBAoSUjzuJKnRNV87Fnf2vzezqc4
> cK+A8DcRN0c0kX/LuNO9pnXo+3J8gMMDsoZAOS5KAgWQjJT3fdroTLX4xmRcBVJ3
> NanTSXWsFIMlnXAjBS7V+5S/3gAml+y5tqLiNJAhoVVD/nvyvQDmAg==
> =QyM4
> -----END PGP SIGNATURE-----
>
>






From jya at pipeline.com  Mon Nov 11 08:56:43 1996
From: jya at pipeline.com (John Young)
Date: Mon, 11 Nov 1996 08:56:43 -0800 (PST)
Subject: ENT_ice
Message-ID: <1.5.4.32.19961111165503.006adfec@pop.pipeline.com>


   11-11-96. WaPo Page One:

   "Preventing Terrorism: Where to Draw the Line? With
   Militias, U.S. Adopts Preemptive Strategy"

      This strategy requires aggressive and potentially
      controversial tactics as investigators infiltrate groups
      and bring charges on the basis of allegedly criminal
      plans that are conceived but not carried out. Federal
      agencies are more willing to launch investigations when
      people talk about committing violent acts, and
      investigators are more prone to use ordinary citizens as
      informants.

      According to legal experts, the mere discussion of a
      crime, no matter how fanciful it may be, can constitute
      a criminal conspiracy. "The classic example is that you
      are guilty of a crime if you conspire with someone else
      to stick pins in a voodoo doll in the belief that your
      enemy will fall dead," said Albert Alschuler, a law
      professor at the University of Chicago.

   -----

   http://jya.com/entice.txt  (13 kb)

   ENT_ice








From jbugden at smtplink.alis.ca  Mon Nov 11 09:29:19 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Mon, 11 Nov 1996 09:29:19 -0800 (PST)
Subject: "Nightmare on Crypto Street, Part 1"
Message-ID: <9610118477.AA847743847@smtplink.alis.ca>


"Timothy C. May" <tcmay at got.net> wrote:
>I also summarize Peter's set up much as you did:
>
>"Suppose [A]. Suppose [B] ... [Then Z is likely].
 
In the middle of the Polish crisis, in the early 1980s, while there were riots
over the high cost of living and the lack of food, Tversky and Kahneman [seminal
cognitive science researchers] asked a number of political leaders and generals
to evaluate the probability [Scenario 1] that the United States might withdraw
its ambassador from the then Soviet Union (without any hypothesis as to why).
They further asked the same subjects to evaluate the probability [Scenario 2]
that _both_ of two other things would take place: (a) that the U.S.S.R. would
invade Poland and (b) that, as a consequence of the former, the United States
would withdraw its ambassador from the Soviet Union.

Guess which was scenario was assumed to have a higher probability.

These questionaire-experiments, just like real life, have countless times shown
us that a plausible and well-told story can lead us to hold as "objectively"
probable events that, just minutes before, we would have considered totally
improbable.

Probabilities being, by their nature, less than one, the probability of the
entire chain (or the last link) being true is always and without exception lass
probable than the probability of the least probable link in the chain.

We fail to notice this prograssive attenuation of probability. The story takes
over from reality. The trick - which is the oldest in the book - is to find the
narrative path by which the last, and most implausible, link can be made
imaginatively compelling.

Give us a little story, a script, something born of our own imagination, and our
own natural tendencies, cognitive or emotional, do the rest.

This discussion applies as well to the other script: Irreversible
Crypto-Anarchy, soon appearing on a street near you.

Ciao,
James

Quoted liberally from the book _Inevitable Illusions_ by Massimo
Piatelli-Palmarini, Ph.D. The author is a pricipal Research Associate of the
Center for Cognitive Science at MIT. I recommend the book.






From attila at primenet.com  Mon Nov 11 09:40:03 1996
From: attila at primenet.com (attila at primenet.com)
Date: Mon, 11 Nov 1996 09:40:03 -0800 (PST)
Subject: two bogus messages to this list
In-Reply-To: <199611111238.GAA17346@manifold.algebra.com>
Message-ID: <199611111740.KAA06336@infowest.com>


In <199611111238.GAA17346 at manifold.algebra.com>, on 11/11/96 
   at 06:38 AM, ichudov at algebra.com (Igor Chudov @ home) said:

.I did not write the two messages below. I did have a small party
.yesterday, probably some of my guests did that...

        just goes to proof it:  Microslop and Intel boxes are secure
    only when most of their parts are stored under lock and key.

--
    Cyberspace and Information are Freedom.  
        FUCK your WIPO, too. 
                -attila






From jbugden at smtplink.alis.ca  Mon Nov 11 09:52:27 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Mon, 11 Nov 1996 09:52:27 -0800 (PST)
Subject: His and Her Anarchies
Message-ID: <9610118477.AA847745509@smtplink.alis.ca>



"Timothy C. May" <tcmay at got.net> wrote:
>Well, I think there clearly _is_ a gender gap on these sorts of issues.

Technologies that matter make daily life less obnoxious, and you can leverage
them all the time. The Net is going to start mattering in a significant way when
it relieves people of the burden of dealing with the garbage inherent in the
information flow of everyday life. The net is going to matter when I can rely on
it to store the information I now keep on disk, and the computer is a completely
transparent object. All the documents that are important to me are maintained by
the Net with sufficient reliability that I can unplug my computer and smash it
with a hammer without affecting anything.

Under this scenario, strong, reliable crypto becomes similar to electricity. The
entire infomration infrastructure is built on it, but hardly anyone gives it a
second thought.

What kind of people use the Net and what are their activities doing to the
country, the world, the culture? It may sound like a parochial issue that women
don't much like computers, but they don't, and the issue is a tremendously
important one. They're not attracted to this world, certainly not to the extent
that men are, and that's one of the reasons why it is such a spiritually
impoverished world. Most reasonable sophisticated men are happier in an
environment that included women. One of the problems with the computer society
is that not only is it an almost all-male society, but it's part of a little-boy
society, part of an ongoing infantilization of the society over the past half
century.

Excerpt from Digerati: Encounters with the Cyber Elite (HardWired 1996) where
David Gelernter, a Yale computer scientist, comments on the Web.

>This may sound sexist. But sexism, like other "isms," is often based
> on plain old truth, however politically incorrect it may be to some.

>--Tim May

Galileo, you must recant. You are in blatant disagreement with the truth.

Ciao,
James







From peter.allan at aeat.co.uk  Mon Nov 11 09:54:14 1996
From: peter.allan at aeat.co.uk (Peter M Allan)
Date: Mon, 11 Nov 1996 09:54:14 -0800 (PST)
Subject: Movement Tracking Systems and Smartcards
Message-ID: <9611111754.AA19234@clare.risley.aeat.co.uk>




Date: Sat, 9 Nov 1996 11:23:29 -0800
From: "Timothy C. May" <tcmay at got.net>
Subject: Movement Tracking Systems and Smartcards

> helping to solve crimes. I expect the Big Three of credit-reporting
> agencies are of course also in the loop....those movies where someone is
> located because they foolishly used an ATM machine to get some cash or used
> their credit card are not just fiction.)


Exactly.  I was interviewed over a terrorist double-murder in 1993
because of having used an ATM near the scene the same day.
The fact that I did so AFTER the explosions by which time
the terrorists would presumably be far away cut no ice.
Nobody has been arrested for this AFAIK.

They wanted to know which shops I'd bought what in
so they could check said items were sold that day I suppose.

As it seems nothing can be taken as read in some minds let
me state I had nothing to do with that or other terrorist crimes.




 -- Peter Allan    peter.allan at aeat.co.uk





From tcmay at got.net  Mon Nov 11 10:00:21 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 11 Nov 1996 10:00:21 -0800 (PST)
Subject: His and Her Anarchies
In-Reply-To: <9610118477.AA847745509@smtplink.alis.ca>
Message-ID: <v03007802aead19eacee0@[207.167.93.63]>


At 12:50 PM -0500 11/11/96, jbugden at smtplink.alis.ca wrote:
>"Timothy C. May" <tcmay at got.net> wrote:
>>Well, I think there clearly _is_ a gender gap on these sorts of issues.
>
>Technologies that matter make daily life less obnoxious, and you can leverage
>them all the time. The Net is going to start mattering in a significant
>way when
>it relieves people of the burden of dealing with the garbage inherent in the
>information flow of everyday life. The net is going to matter when I can
>rely on

Well, in the 23 years I've been on the Net in one way or another, I can
honestly say it is _increased_ my exposure to garbage. The notion that
computers are time-savers is fraught with problems. For some tasks, it
clearly is.

But for other tasks and situations, it's a time sink. I view it primarily
as a communications mechanism, e.g., lists like this, the Web, news, etc.
Your mileage may vary.

Notions that computers will be widely accepted because of their
"time-saving" powers I file right next to claims that computers will be
useful for storing recipes and balancing checkbooks.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Mon Nov 11 10:17:29 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 11 Nov 1996 10:17:29 -0800 (PST)
Subject: "Please put me off the list"
In-Reply-To: <01BBCF69.4C261320@blv-pm105-ip27.halcyon.com>
Message-ID: <v03007804aead1e6cdde7@[207.167.93.63]>


At 12:50 AM +0800 11/12/96, Chang You Shim wrote:
>Please put me off the list
>

OK, you put off the list.

In the event your are asking to be unsubscribed, surely you must know by
now that instructions for doing this are posted on a regular basis.

Alas, those who most need the instructions are the least likely to notice
such instructions, either here or in the orginal sign-on message they
received.

The clueless are doomed to wander cyberspace forever, asking those they
meet to unsusribe them.

--Tim


To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: unsubscribe cypherpunks








From merriman at amaonline.com  Mon Nov 11 10:21:15 1996
From: merriman at amaonline.com (David K. Merriman)
Date: Mon, 11 Nov 1996 10:21:15 -0800 (PST)
Subject: Hello from the Brotherhood
Message-ID: <199611111821.KAA09943@toad.com>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: darkened-node at geocities.com, cypherpunks at toad.com
Date: Mon Nov 11 12:20:44 1996
> Hello to everyone from the Brotherhood of Darkness
> 

Oh, joy, just what we need.....

How about if you folks go off and do your thing, and leave us to ours?

Dave Merriman

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoapqMVrTvyYOzAZAQFDSQQAoiPhXhSOSJR7nKcCrkiVhue1tIiI2q7n
GLZlR5jaWZGV3ONJikWINt09mZqyaAZjuK3hbPqVNJnICOY8LtPYn0Z39oisxacO
Kq+WHSavMRHstWqUm/sbknQOW24TINqi1NQs0Rn8nMrOTCYYxcugtmiLrSpgTNJa
dt9DMKtOKAk=
=AUie
-----END PGP SIGNATURE-----






From merriman at amaonline.com  Mon Nov 11 10:31:44 1996
From: merriman at amaonline.com (David K. Merriman)
Date: Mon, 11 Nov 1996 10:31:44 -0800 (PST)
Subject: Rarity: Crypto question enclosed
Message-ID: <199611111831.KAA10148@toad.com>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: mianigand at outlook.net, cypherpunks at toad.com
Date: Mon Nov 11 12:31:25 1996
> > My simple question is regarding key/certificate distribution:
> >
> >         Is there any particular reason that such can't be
> accomplished via
> > on-line lists, and made available via a service on a port, using
> standard
> > (textual) commands, like mail and such are now?
>
> It's possible to have a key-server listen on a port and accept
> requests, then it would
> fork a process, process the result, and return an answer set.
> 
> But how many CPU cycles would it take for a machine to process a
> request, ie going through
> 1000 of keys?  I am not exactly sure, it took a long while on my
> pentium.
> 
> In my opinion, if I were to run a key server as a service, with
> clients connecting and requesting a key
> it shouldn't take more than a minute to get a responce.
> 

Agreed - a proper search algorithm should yield an answer in a few seconds, 
at most.

> >         The things that come to mind are a 'client' request for a
> key, a
> > 'client' submission of a key, an external host requesting a key
> exchange,
> > and the host itself requesting a key exchange with another system
> (only
> > new/changed keys being swapped).
> 
> Had the exact same idea, but came up with an interesting concept. When
> a person submits a key, a PGP process is spawned yeilding the
> following information 1.) The name (peponmc at cris.com) 2.) The real
> name (Michael Peponis) 3.) The key size 4.) Creation date of the key
> 5.) Key finger print
> 
> This information, along with the acutal key would be inserted into a
> SQL Database table
> 
> With a structure similar to this

... <deletia> ...

The reason I brought the idea up here was in the hope that others on the CP 
list could help work out the fussy details of the protocol: what info would 
need to be included for what types of exchanges, what port(s) would be good 
to work with, etc. Platform/implementation would be subject to considerable 
variation - but the idea would survive (hopefully :-)

> 
> It's not that hard, it's performance that's more of an issue.  The
> beauty of my approch would be that initially, there would be alot of
> "Add" requests, resulting in many PGP processes running on the box,
> but eventually, they would tapper off.

Again, implementation on any particular platform using any particular OS 
would be up to the afficionados of said platforms/OS's. I'm more interested 
in the CP list coming up with the protocol/standards.

Dave


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoasIsVrTvyYOzAZAQEkTAP+JQtMdr5x+Wz4s6SXchgA4ow3+P9WLpzs
JpjXRbNeHspJ2btlAe4pSgRqSp9oygqJ6Nxpa6DFOC4uB6sl3NaOw8tzcVVJm8GN
+QsGP3KBoeTtRh1xE5yUsFoWmGWSqtDLLhu7bU34TaryLBU/Hvj2mOQXqwXhQlvE
FhE5VETJJ2o=
=LG7t
-----END PGP SIGNATURE-----






From roach_s at alph.swosu.edu  Mon Nov 11 10:32:38 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Mon, 11 Nov 1996 10:32:38 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611111832.KAA10183@toad.com>


At 04:51 PM 11/7/96 -0800, Peter Hendrickson wrote:
...
>In practice I suspect that good stego is hard.  You don't have to be
>right every time when you look for it, just some of the time.  When
>you see packets that seem kind of funny to you, the judge issues you
>a warrant and you search the suspect's house and computer very carefully.
>If stego is in use, the software that generated it can be found.  Then
>you hand out a life sentence.
...

I have heard of trojan horses as being destructive little programs that are
disguised as some other application.  This is most certainly true.  A
scenario for you.  The police gets that court order and they raid my house.
They confiscate my files.  They look over every piece of software.  Alas,
they find nothing, although there do seem to be some nice games.  Unknown to
them, when I run that little doom type game and come to the first switch, I
press Ctrl, Alt 6 and I get a nice little stego routine that allows me to
copy any file into any other file.  They didn't find it because the program
and associated files run for about 6 Kilobytes, All of the prompts are found
in the game, ("Hint: enter your card key at the food processor for extra
health." print characters 7 - 27), and the game isn't obviously designed for
the manipulation of files, with the exception of those that come with the
game.  This would be a DESTRUCTIVE little trojan horse, even though it
didn't destroy one file.






From roach_s at alph.swosu.edu  Mon Nov 11 10:32:38 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Mon, 11 Nov 1996 10:32:38 -0800 (PST)
Subject: criminalizing crypto use
Message-ID: <199611111832.KAA10190@toad.com>


At 12:18 AM 11/8/96 -0800, Greg Broiles wrote:
>At 04:43 PM 11/7/96 -0800, Tim May wrote:
>
>>* Intent. It's hard to imagine someone being imprisoned for using
>>cryptography, except perhaps in wartime conditions. I may be wrong. Also,
>>there are deep Constitutional issues we haven't been much discussing.
>
>One change I suspect we'll see sooner or later on the Federal side is an
>amendment of the Sentencing Guidelines to include an upward adjustment for
>the use of encryption to frustrate law enforcement efforts. This wouldn't
>be a conviction for using crypto, but would result in harsher penalties for
>people convicted of other crimes where they happened to use crypto in a way
>connected with the crime. (Keeping child porn or records of a forbidden
>business on an encrypted disk volume, using PGPfone to conspire across long
>distances, etc.)
>
>As an example, less than a year ago, Congress directed the Sentencing
>Commission (a sub-branch of the federal Judiciary) to amend the guidelines
>to enhance the penalties by at least two levels for using a computer to
>advertise or "ship" a visual depiction of child porn. Pub. L. 104-71, Sec.
>2 (12/23/95). 
>
...

I myself have heard of people getting tougher sentences for monitoring
police bands during the commission of a crime.  It seems that using a
scanner while committing a crime is itself a crime, at least around here.






From roach_s at alph.swosu.edu  Mon Nov 11 10:32:58 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Mon, 11 Nov 1996 10:32:58 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611111832.KAA10208@toad.com>


At 04:02 AM 11/8/96 -0500, Black Unicorn wrote:
...
>You know, I've always wondered, how did the genie get in the bottle in the
>first place.  Someone must have coaxed him in there.
...
Yes, they told him that it was for his own protection and that if he didn't
do it, no one else would either.  They told him that it wasn't nice, but it
was far better than what he would be enduring if he stayed outside.  Upon
being released, however, he had the insight of the confinement.  You can
fool a being once easy enough, everyone has to learn somwhow.  Its much
harder to fool that being a second time, they know better.  Like someone
said, the government has to act now before the people know better.






From Tunny at inference.com  Mon Nov 11 10:36:00 1996
From: Tunny at inference.com (James A. Tunnicliffe)
Date: Mon, 11 Nov 1996 10:36:00 -0800 (PST)
Subject: FW: Validating a program
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961111183435Z-2357@landru.novato.inference2.com>


>>>  My question is as
>> >follows:  If PGP and DES are as secure as thought to be, then why is it
>> >not ruled illegal software, just as they do with silencers, narcotics,
>> >certain type weapons, etc.....
>
>[snippo]
>
>> Why does it follow that these must be crackable, or the government would
>> have outlawed them? Despite recent moves to limit encryption, there are
>> currently NO domestic (U.S.) restrictions on crypto.  Nothing prohibits
>> you from using a true One Time Pad, which is mathematically proven to be
>> unbreakable, now and forever, even against infinite resources.  If this
>> is not prohibited (and it isn't), doesn't that refute your argument?
>
>Dale Thorn replies:
>This is a misleading challenge.  There's a helluva difference between the OTP
>and a
>Public Key system.  If, for example, it can be proven that I can crank up PGP
>to its
>most cryptic level, and send the OTP overseas with "absolute security", so
>that I
>can now send messages with the OTP which was crunched with PGP's highest
>security,
>then that would mean something.
>
>My point here is that Ed was asserting that PGP, DES, etc., must be
>crackable, otherwise the U.S. government would have ruled them illegal
>(domestically).  I pointed out that one can legally own and use a true OTP
>with impunity in the U.S., despite its unquestioned unbreakability.
>Therefore, his argument falls.  If it made sense, the USG would have AT LEAST
>outlawed OTP's (which they most assuredly cannot break).
>
>Just so there's no misunderstanding:
>
>1. The OTP is absolutely unbreakable. (if done correctly)
>2. The OTP encryption cannot be decoded on the other end unless you can
>deliver the
>   OTP to the person on the other end by a secure means.
>3. PGP, which is not usually used at its highest level of security (for all
>bits in
>   a message), *will* be used at its highest level of security to send the
>OTP to the
>   person on the other end.
>4. The OTP arrives on the other end, completely safe from snooping.
>
>Now you see the problem.  #4 above can't be assured, and that is why Ed says
>that PGP
>is not shut off "right now", because it's probably not "really secure".
>
>I'm not sure what you're claiming here, or what point it is intended to
>demonstrate.  No matter the strength of PGP, delivering a OTP in this fashion
>would render it no longer a OTP.  Besides, this scenario makes no sense.  In
>any case, there is no restriction I know of in sending encrypted data (or
>even One Time Pads) to whomever you choose, by whatever means.  (Granted, if
>you send encrypted traffic to khadafi at libya.gov, or dispatch couriers with
>briefcases handcuffed to their wrists, you might invite suspicion...)
>
>Could you clarify the point you're making above?
>
>I'm amused to think that, in a nation armed with 20,000 or so nukes, the
>paranoid of
>paranoid nation-states as it were, some of the erstwhile intelligent citizens
>think
>that the U.S. military are just sitting around wringing their hands over the
>"fact"
>that the citizens have "unbreakable" crypto.
>
>Bear in mind the Scientific American articles on Public Key crypto back in
>the 1970's.
>The military knew the score back then, and if you think they just sat back
>and allowed
>all this to happen, well, sorry, I don't believe in Santa Claus or the Easter
>Bunny.
>
>Well, while the feds are no doubt powerful, they ARE subject to the same laws
>of mathematics as the rest of us.  While it is _possible_ they know much more
>about factoring than the rest of the world, I find it unlikely that they are
>advanced enough to factor 2000-bit numbers.  (I can't prove it, just as I
>can't prove they don't know how to make their agents invisible.)
>
>And they didn't just sit back and allow this information out -- witness
>Bernstein, et. al., and all the continuing ITAR/GAK fallout.  Of course, I
>expect that some will claim this is just for appearance's sake, so as not to
>make it obvious that they can actually read all our thoughts directly, using
>technology they got from the Greys from Zeta Reticulon...
>
>Tunny
>======================================================================
> James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
> Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
> tunny at Inference.com    |                    36 07 D9 33 3D 32 53 9C
>======================================================================
>
>





From aba at dcs.ex.ac.uk  Mon Nov 11 10:37:45 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Mon, 11 Nov 1996 10:37:45 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <199611101939.LAA13170@netcom4.netcom.com>
Message-ID: <199611102130.VAA00658@server.test.net>



Vladimir Nuri <vznuri at netcom.com> writes:
> an encrypted reply block using remailers is pretty secure technology.
> the remailers are not all that reliable however and these reply
> blocks are always breaking; they depend on every link in the chain
> working perfectly. I've proposed having an anonymous pool in which
> remailers post status information when they successfully pass on
> messages, such info could be used to make the remailers more reliable,
> although possibly at the expense of having to buffer messages.

Perhaps it would be feasible to provide in each hop of the reply
block, a second address to send errors to.  This could be a newsgroup
(alt.anonymous.messages), and a key to encrypt the error message with.
Looking at a.a.m now and then would then be sufficient to check on the
status of your reply blocks.

Bouncing messages to your own reply block to `ping' it, is another
way.

I'd like to see ways to have reply blocks which are more resilient to
single remailer failures, both transient failures, and remailers
decomissioning without warning.  My thoughts so far are that it may be
possible to acheive these goals by having a reply block secret split
across remailers, so that the chosen proportion, k of n remailers are
sufficent for your reply to get through.

> [...]
> it seems to me the main proponents of "cryptoanarchy" tend to suggest
> a government structure is a completely useless construction. perhaps
> so but they would end up erecting othre systems to deal with the
> void they might not call "govt" but would have most of the features
> of one, imho. something "govtlike" is a measure of a civilized society,
> imho, hence my distaste in cryptoanarchy with its seeming naivete
> on the legitimate and crucial role of govt in a society. the specifics
> may vary between implementations, but imho in general something
> "govtlike" is crucial to civilized society.

Perhaps you may to prefer to think about it in terms Harry Browne's
campaign slogans, about reducing government to 10% (or whatever).
It's not that easy to get rid of government all at once, and you'll
get to see how having less government works out in practice, as it is
shrinking.  You've got to admit government is too big, at least!

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From pcw at access.digex.net  Mon Nov 11 10:38:04 1996
From: pcw at access.digex.net (Peter Wayner)
Date: Mon, 11 Nov 1996 10:38:04 -0800 (PST)
Subject: DOUBLE the Reward for Errors in _Digital Cash_
Message-ID: <v02140b13aead207feeba@[199.125.128.5]>



Last week, I offered $10 for the first person to report any
technical errors in the first edition of my book, _Digital
Cash_. I got many good suggestions for additional topics to add
to the book, but not one mention of any errors.

So I'm doubling the reward. $20 for the first person to report a
technical error to me. The details and restrictions follow this
message.

I would also like to encourage people to continue to send
suggestions. If you thought some topics were covered too
lightly, let me know. This isn't a technical error, but I
reserve the right to reward you anyways. Also, I hope that any
company with new or improved products will write. One of the
biggest problems I've found in researching the book is finding
the right person to contact in a company. So I encourage you to
volunteer.

--Peter Wayner
(pcw at access.digex.net)


1) The offer may withdrawn at any time. Check my web page for
any changes.

2) The offer could be increased at any time, but it probably
won't be. So don't push your luck waiting for more money.

3) My decision on the "first" person to send me a technical
error is final. I may choose to reward both people if it is
clear that they found the error independently. The limitation is
necessary to keep people from telling their friend, "You want
$20? Just send this email message to this guy."

4) My decision on what constitutes a technical error is also
final. Errors in grammar or word choice are not rewarded. But
you're free to write about them. It's not that I don't want to
hear about them. I just think that the concept of "grammatical
error" is so ill-defined that I don't want to get in arguments
in that domain.








From hal at rain.org  Mon Nov 11 10:39:40 1996
From: hal at rain.org (Hal Finney)
Date: Mon, 11 Nov 1996 10:39:40 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611111626.IAA31552@crypt>


Black Unicorn makes a lot of good points regarding privacy.  One thing
I wanted to follow up on:

> Unfortunately, in the United States most citizens only become interested
> in privacy in their 20s or so.  By this time it is difficult to overcome
> the mass of information which has been stored up.  (Pseudocide can be an
> attractive option for some perhaps).

I have two kids entering their teens, and I'm sure other list members are
parents as well.  What can we do for our children to help them enter their
adult lives with better chances to retain privacy?  Unicorn mentions keeping
them absent from school on picture day, although I'm not sure how much this
helps.  I suppose it makes it harder for an investigator to find out what
they look(ed) like.  Then when they get old enough to drive you have a new
problem avoiding the photo (and thumbprint) on the license.

Are there other measures which parents could take while their children are
young to get them off to a good start, privacy-wise?

Hal





From hal at rain.org  Mon Nov 11 10:39:52 1996
From: hal at rain.org (Hal Finney)
Date: Mon, 11 Nov 1996 10:39:52 -0800 (PST)
Subject: Rarity: Crypto question enclosed
Message-ID: <199611111636.IAA31569@crypt>


On Sun, 10 Nov 1996, David K. Merriman wrote:
>
> My simple question is regarding key/certificate distribution:
> 
>         Is there any particular reason that such can't be accomplished via 
> on-line lists, and made available via a service on a port, using standard 
> (textual) commands, like mail and such are now?

There are a few things available or in the works right now.

Most of the PGP key servers respond to WWW requests already.  You connect
to them on a port, the HTTP port, send some standard textual commands
following the HTTP protocol, and get the requested PGP keys back in text
form.  How does this differ from what you were thinking of?

Other proposals, including Ron Rivest's SDSI, envision an environment where
most people make their own keys available via a URL.  Certificates would
have this URL in them and you could check it to make sure the key has not
expired or been revoked.  Then the only problem is distributing the URL...

John Gilmore's SWAN project is working to put keys into Domain Name System
(DNS) databases.  He has sample code which will get keys dynamically via
DNS calls, and DNS servers are now available which will support the new
data types necessary.  You can actually get his own key right now from
toad.com via this method.  This is a binary protocol rather than a textual
one but could be a good way to do it.

So I think you are right that on-the-fly key grabbing is the direction
in which things are moving, replacing large local databases of keys.

Hal





From hal at rain.org  Mon Nov 11 10:41:36 1996
From: hal at rain.org (Hal Finney)
Date: Mon, 11 Nov 1996 10:41:36 -0800 (PST)
Subject: So how does the crypto crackdown go?
Message-ID: <199611111718.JAA31638@crypt>


I've enjoyed Peter Hendrickson's provocative postings and the many good
responses.  However I don't think we should forget that the FBI and
other law enforcement agencies almost certainly do hope to ban strong
encryption in the U.S. and in other countries as well.  So it is worth
discussing how the ban is likely to happen and what impact, if any, it
would have.  I could see such a measure going into effect after the next
terrorist attack as part of a comprehensive bill that also includes
taggants in explosives, more permission for wiretaps and surveillance of
terrorists, and similar items on the LEA laundry list.

Keep in mind the effects of the current ban on U.S. exports of crypto
technology.  Obviously this have not stopped crypto from moving
overseas.  But it has definitely had significant effects.  It is _not_
widely ignored, at least in public.  That is why we work so hard to
overturn it; if it had no effect, we wouldn't care.  Companies are much
more careful about how and whether they will distribute crypto on the
net; for many months Netscape's free software didn't have strong crypto;
Americans even on this list are afraid to publish algorithms and envy
Adam Back's freedom to do so.

My guess about how a crypto ban would go is that it would be an extension
of the export ban, and be based on interstate commerce regulation.
It would ban distribution of crypto software, commercial, freeware,
and shareware, which had the ability to hide the content of messages.
Exceptions would exist along the lines of the recent export proposals,
where the software would be OK to use if it had a small key size with
an approved cipher, or other means to ensure law enforcement access.
The ban might also cover stego and stealth type software, at least if
that were the primary purpose of such programs.  The U.S. would also
work to convince foreign countries to implement similar bans.

One question is whether they would also try to make it illegal to use
(rather than to distribute) crypto software.  On the one hand, if they
don't do that, they have a problem with all the installed base of code.
But the legalities of stopping people from encrypting code on their own
computers, or writing crypto programs for personal use, seem a lot more
questionable to me, and I don't know how much precedent there would be
for that kind of restriction.

So as I see it the main target of the ban would be distributors of
software rather than end users.  This would be in line with the often
stated goal of the law enforcement people that their main concern is with
crypto that is built in, transparent, and trivial to use, rather than
hacker's crypto.

So what are the impacts of this kind of ban?  They might not be all that
bad.  Already on the net Americans have to be careful about what they
say.  We can't describe crypto algorithms because they might leak
overseas.  With a ban on domestic distribution we would still be
prevented from talking about crypto.  So this is not very different.

Commercial companies building in crypto would have to go back to
escrowed or weak encryption.  All those export controlled sites would
treat Americans the same as foreigners and prevent them from getting
the strong crypto.  The few commercial products sold in the stores which
do crypto would have to be changed.  Strong crypto might be distributed
via an underground network, but this would be about as risky as running
Internet sites that export strong crypto is today.   There are very few
such sites, although granted there is little call for them because
overseas crypto sites are widely available.

The end result is that almost nobody in the U.S. would have access to
strong crypto, except for the motivated few who write their own, keep
old strong versions around, or obtain new strong software illegally.
This sounds bad, but as far as actual _users_ of strong encryption it
is not so different from the way things are today.  Weak/escrowed crypto
would still be widely used and built in to communication software.

The big question in my mind is whether they could get away with banning
the use of strong crypto rather than its distribution.  This would be
much more effective from the law enforcement perspective.  But they
have not tried this so far even for international messages, presumably
due to the serious Constitutional questions it would raise.

Hal





From aba at dcs.ex.ac.uk  Mon Nov 11 10:43:17 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Mon, 11 Nov 1996 10:43:17 -0800 (PST)
Subject: RSA and me...
In-Reply-To: <Pine.3.89.9611100849.A26358-0100000@netcom6>
Message-ID: <199611102111.VAA00303@server.test.net>



Lucky Green <shamrock at netcom.com> wrote:
> Gemini Thunder <gt at kdn0.attnet.or.jp> wrote:
> > 'Lo.
> > Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
> > What if I got it as a tatoo?  
> 
> Somebody did this. Check the RSA in perl homepage.

It was Richard White, for a gif, see:

	http://www.dcs.ex.ac.uk/~aba/rsa/tattoo3.gif
	http://www.dcs.ex.ac.uk/~aba/rsa/

The program got smaller since then, see .sig below.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From tcmay at got.net  Mon Nov 11 10:59:24 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 11 Nov 1996 10:59:24 -0800 (PST)
Subject: Conspiring to commit voodoo
In-Reply-To: <1.5.4.32.19961111165503.006adfec@pop.pipeline.com>
Message-ID: <v03007807aead26b2cf8c@[207.167.93.63]>


At 11:55 AM -0500 11/11/96, John Young wrote:
>   11-11-96. WaPo Page One:
>
>   "Preventing Terrorism: Where to Draw the Line? With
>   Militias, U.S. Adopts Preemptive Strategy"

>      According to legal experts, the mere discussion of a
>      crime, no matter how fanciful it may be, can constitute
>      a criminal conspiracy. "The classic example is that you
>      are guilty of a crime if you conspire with someone else
>      to stick pins in a voodoo doll in the belief that your
>      enemy will fall dead," said Albert Alschuler, a law
>      professor at the University of Chicago.

I don't think I'll be asking this particular expert anything important.
(Charitably, maybe he was quoted out of context.)

Even in this country, with its odd brand of justice, I'd like to see the DA
that will bring charges on "conspiring to commit voodoo," much less the
judge and jury that would eventually convict.

Ham sandwiches notwithstanding, there are powerful limits on what
conspiracy charges are feasible to bring.

(BTW, I doubt even the Cypherpunks members could be plausibly indicted on a
conspiracy charge, even though many of us speak openly of seeking the
overthrow of some or all of the U.S. system. Most of us avoid the key
ingredient of "violent," though those preaching the assassination of public
leaders as a method of overthrowing the system are certainly closer to the
line, and may even be over it. What saves them is that law enforcement, if
they've been made aware of these posts, dismisses them as ravings. This
benign neglect will probably change rather quickly if one of the offshore
betting markets starts carrying odds that a particular judge or other
public figure will be killed. And if he _is_ killed, look for
interrogations of the AP "ringleaders"--and maybe many of the rest of us,
who have spoken out for anarchy and the like--that will make the FBI
interrogations of the nuPrometheus League case pale by comparison.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Mon Nov 11 11:13:18 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 11 Nov 1996 11:13:18 -0800 (PST)
Subject: Getting attention the old-fashioned way
Message-ID: <v03007808aead2c1a14b4@[207.167.93.63]>



A second journalist has contacted me for reaction quotes for a story he's
working on about the evolution of the Cypherpunks list, people leaving the
list, and so forth. Presumably Vulis figures in a central way, though this
second journalist did not mention him by name in his short request for
comments.

I sent him a note saying I would not give him such quotes.

Many of you apparently received a letter from another journalist last week
asking for comments for another story, with a mostly-similar theme. There,
Vulis was the obvious focus. (I ignored his letter. The journalist who
mailed me this morning I actually refused with a reply, as he's written
some good pieces in the past. I just won't cater to assisting Vulis in
disrupting the list by giving him more publicity.)

Well, these "stories" prove that a disruptor can get the attention he
craves by shitting all over the list, mailbombing it, referring to list
members as pedophiles and "limp-wristed blonde bitches" (methinks Vulis has
a pretty strong latent fixation, given his constant focus on certain topics
and words).

Sad that journalists cater to this kind of thing. I guess "personality
pieces" are ever so much more popular than technical pieces, or even
careful explications of things like crypto anarchy and the real
implications of the tecnologies we are involved with.

By the way, nothing in this post may be used by any journalist in any
story. Rights are reserved. Readers of this list may read these comments,
but reporters may not quote them. (I'm not sure of the legal status of such
comments, but if they can assert their copyrights for their widely
distributed stuff, why can't I?)

--Tim May




"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From bdobyns at clueless.com  Mon Nov 11 11:23:36 1996
From: bdobyns at clueless.com (Barry A. Dobyns)
Date: Mon, 11 Nov 1996 11:23:36 -0800 (PST)
Subject: Legal Deffinition of Encryption?
In-Reply-To: <v02140b02aeaba1c8961f@[192.0.2.1]>
Message-ID: <32871B52.153@clueless.com>


Dale Thorn wrote:
> 
> Peter Hendrickson wrote:
> > At 2:17 PM 11/9/1996, Mark M. wrote:
> > >On Sat, 9 Nov 1996, Benjamin Grosman wrote:
> > >> I have absolutely no idea: this is a very interesting problem. Not for just
> > >> compression and encryption differention legally, but also, well, ANY other
> > >> data form. If one defines a new format for saving data (i.e a new image
> > >> format), and then exports this technology from the USA, is this exportation
> > >> of munitions due to it's unknown qualities? Or what?
> 
> > > I can't define encryption, but I know it when I see it.
> 
> > They way it will be forbidden is by outlawing the execution of the
> > algorithms.  The algorithms (the secure ones anyway) are well defined
> > as is executing them.  The legal system has dealt with greater
> > ambiguities than this.
> > An analogy to the drug laws might be useful.  We don't outlaw all drugs
> > that cause you to have weird visions and to act strangely.  That would
> > be hard to define and would cover a number of legal drugs.
> > Instead, the specific chemicals are forbidden as they are discovered.
> 
> I can see how the chemical/drug thing works, and I can see how they can
> easily control Public Key (PGP) encryption, but if you are suggesting
> that they can effectively eradicate private key encryption, that would
> seem to be an impossibility.

I don't think that an alert legisator will have any problems writing
laws that cover
whatever uses of cryptography they want to outlaw.  (Finding an alert
legislator might be
more of a problem...)

Consider this:  outlawing an algorithm is very similar to protecting
it's use
as intellectual property - which is what the Patent system in the US and
most other
countries is designed to do.  The description of "illegal" algorithms
could be lifted
directly from patents (both current AND expired, or if you're
sufficiently paranoid,
even from "refused" or ungranted applications) which apply to
cryptography.  

Imagine the creation of a branch of your favorite Government, let's call
it "Big Brother," 
whose job is to monitor patent applications worldwide for new crypto
techniques solely for
the purpose of branding them contraband.  Not so different from some of
the work the US FDA does.

Note that the market lock that PKP/RSA has on public key encryption in
the US is 
based on exactly this sort of algorithm protection, and if it's good
enough to reign in 
unbridled capitolism, it'll be good enough for the Justice Department to
litigate on. 
In effect, since PKP holds all the patents on public key in the US,
nobody else can use
these techniques without paying PKP or their licencees.  Outlawing just
those techniques
which are embodied in the PKP patents would be sufficient to outlaw all
public key encryption.

Note that issues like "is the patent valid" usually hinge on whether the 
authors of the patent were indeed the originators of the idea.  In the
case 
of outlawing the algorithms, it doesn't matter if the patent author was
the 
originator or not, or even if the patent is valid, still current, or
was intercepted when it was applied for and diverted to "Big Brother" 
instead of being granted.





From dlv at bwalk.dm.com  Mon Nov 11 11:37:58 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 11:37:58 -0800 (PST)
Subject: Money-making ideas for Igor Chudov
In-Reply-To: <199611110436.WAA15563@manifold.algebra.com>
Message-ID: <Pso9wD37w165w@bwalk.dm.com>


"Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov at algebra.com> writes:

> manifold::~==>premail -t cypherpunks at toad.com
> Chain: haystack;jam
> Subject: I urgently need a lot of money.
>
> Please share your money-making secrets, I am in a desperate need
> for cash.

For shame! Igor Chewed-off disgraces his Chewish Mommy by even asking. Isn't
propensity for "gesheft" genetic? Here's another money-making idea for Igor:

Igor obtains a list of e-mail addresses of people interested in equity-related
investments (e.g. by watching misc.invest.* and sending the posters / those who
voted for their creation unsolicited e-mail; or by posting anonymous ads,
inviting the readers to reply to a reply block in order to receive 3 free
promotional issues of an investment advice newsletter; or even by starting up
his own private financial derivatives mailing list). Igor divides the mailing
list into 2^3=8 parts, and gives them exotic Russian-sounding names: Aleksej,
Boris, Vasilij, Grigorij, Dmitrij, Elena, Zhenja, Zoya.

Igor then uses an anonymous remailer to spam everyone on his mailing list with
the 8 variants of the following message: "Congratulations! You have won 3 free
issued of the _Boris Investment Newsletter, published in Tulsa, Oklahoma, by a
proud holder of a Master's Degree in Financial Engineering from the Moscow
State University. I predict that within the next month Adobe stock will go up."

Instead of "Boris", Igor will substitute one of the 8 newsletter names; instead
of Adobe, he can use any volatile stock that's as likely to go up as down; and
the predicted stock price movement will be "up" in the first four newsletters
and "down" in the other four.

One month later the stock in question is either up or down. Without loss of
generality, suppose that it's gone down. Aleksej, Boris, Vasilij, and
Grigorij's investment advice was wrong, they disappear from the face of the
earth, and the former recipients of their newsletters don't get bothered any
more. (Or they could be recycled for future scams; or they could be send the
remaining 2 issues of worthless advice, as promised.) On the other hand
Dmitrij, Elena, Zhenja, and Zoya guessed right, so this time they send out a
new investment newsletter via the anonymous remailers:

"Congratulations! You continue to receive the free investment advice newsletter
from Zoya in Tulsa, Oklahoma. Last month I correctly predicted that Adobe will
have gone down. If you're smart, you've shorted Adobe's stock and made lots of
money by now. This month I predict that Cisco will go _down as well."

Again, Dmitrij and Elena predict that some other volatile stock goes up, while
Zhenja and Zoya predict that it goes down. Suppose D&E are right. Igor leaves
the Zh.&Z. partitions alone. One month later D&E's subscribers get letter #3:

"Congratulations! You continue to receive the free investment advice newsletter
from Elena in Tulsa, Oklahoma. Two months ago I predicted that Adobe would go
down. I hope you sold it short. Last month I predicted that Cisco would go up.
I hope you bought it. This month I predict that Lucent will go _up."

One month later one of the two is right, so its recipients get the fourth and
final e-mail from an anonymous remailer, this time using a reply block:

"I've given you three free stock tips over the last 3 months which probably
made you a lot of money. Now that you've seen my track record, you'll want to
continue receiving my free advice, but the free promotion is over. Please send
$20 in untraceable digital cash to this reply block to receive 6 future
issues."

Quite a few people would risk the $20, but that would be the last they hear
from Igor. :-)

(Alternatively, he can even e-mail 6 more issues of worthless advice to those
who caughed up the $20, so they can't complain. It would be hard to prosecute
Igor without proving that all 8 newsletters were published by the same person
who's been giving contradictory advice to different people.)

"Credibility is expendable." - John Gilmore

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Mon Nov 11 11:39:45 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 11 Nov 1996 11:39:45 -0800 (PST)
Subject: Money-making ideas for Igor Chudov
In-Reply-To: <199611110436.WAA15563@manifold.algebra.com>
Message-ID: <gom9wD35w165w@bwalk.dm.com>


So now we know who's responsible for the "anonymous" spam to this mailing list,
such as the obscene ASCII art and for calling Matt Blaze a "homosexual Jew"...

"Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov at algebra.com> writes:

> manifold::~==>premail -t cypherpunks at toad.com
> Chain: haystack;jam
> Subject: I urgently need a lot of money.
>
> Please share your money-making secrets, I am in a desperate need
> for cash.

A very old scheme, which a lot of Americans still fall for, can be modernized
using anonymous remailers (with a reply block) and anonymous digital cash.

Here's the outline: Igor Chudov posts an article via an anonymous remailer
saying: "Contact this (untraceable) e-mail address to learn how you can make
thousands of digital dollars a week just by sending e-mail." If he distributes
it widely enough, quite a few suckers will send for more information.

Igor will then send each sucker another e-mail giving little information and
requesting, say, $5 in untraceable digital cash for an information packet.

Those suckers who manage to send Igor the $5 get the third e-mail, explaining
how to use the anonymous remailers and untraceable digital cash to sucker
others into paying them $5 for the same information package.

Here's a recent Usenet article describing a similar scheme, using newspaper
ads and snail mail.

]Path: ...!news.rns.net!flint.sentex.net!usenet
]From: msabbagh at sentex.net
]Newsgroups: ab.jobs,atl.jobs,aus.ads.jobs,austin.jobs,az.jobs,ba.jobs,ba.jobs.misc,bc.jobs,bln.jobs,can.jobs,chi.jobs,cmh.jobs,co.jobs,dc.jobs,dfw.jobs,dk.jobs,fl.jobs,il.jobs.misc,in.jobs,kw.jobs,la.jobs,li.jobs,mi.jobs,misc.jobs,misc.jobs.misc,nb.jobs,ne.jobs,ont.jobs,ott.jobs,stl.jobs,su.jobs,tor.jobs,tx.jobs,uk.jobs.d,us.jobs,us.jobs.misc,ut.jobs,za.ads.jobs,alt.jobs,io.jobs,eunet.jobs,b
]Subject: Everybody please  please read this!
]Message-ID: <32828546.724E at sentex.net>
]Date: Thu, 07 Nov 1996 16:56:38 -0800
]References: <3281e88b.115644218 at news2.compulink.com>
]Reply-To: msabbagh at sentex.net
]Organization: sentex.net
]Lines: 57
]NNTP-Posting-Host: p7.radium.sentex.ca
]Mime-Version: 1.0
]Content-Type: text/plain; charset=us-ascii
]Content-Transfer-Encoding: 7bit
]
]Homeworkers wrote:
]>
]> Join the over 25,       000,000 people world-wide already working from
]> home.   Free details!
]>
]> In Canada, send self-addressed stamped envelope.   Outside Canada,
]> send name and address plus $2 in US funds for shipping and handling.
]>
]> Mail To:                Work-at-Home
]>                 600 Thornton Road North, Suite 408
]>                 Oshawa, Ontario, Canada
]>                 L1J 6T6
]
]
]"When are you guys going to stop these gimmicks!?"
]
]At the begining of this year (1996) I came to Canada as an immegrant. Of
]course, the first step was to look for job. I went through all possible
]sources of information at Toronto: "Employment News" "Toronto Classified
]Address"....etc. Always, I was facing this type of attractive ads. to
]work from home and earn $1000 / week.
]
]As a newcomer I did not know what was going on, and I needed desperately
]an income (honest income) to feed myself and small family.
]
]I decided to try one of these ads. it was "Northern Communications
]Enterprise", Toronto, the name looked to me as a very large Corporation;
]since I was a newcomer and I have no idea about the real companies.
]
]I mailed a self addressed stamped envalope as requested; I receieve in
]return one tricky page article; asking me at the end to send a cheque
]with C$35 to send me the "Magical" information to earn $1000/week;
]unforetunatly, I did so!.
]
]After couple of weeks, I received a booklet of 30 pages (all junke and
]empty circle information) it ends teaching you that what you have to do
]is to paste or advertise simillar ads. to the one I read at the first
]time "Earn $1000/week from home by stuffing envalopes", in deffrent type
]of media (newspaper, internet, flyer....etc) and do the same trick by
]photocopying their valueless booklet and mail it to the person who paid
]me C$35.
]
]Of course, I didn't agree, not because I can not do it, but, because I
]refused to be a part of this illegal and immoral way of earning mony!.
]
]What concerns me, that how can reputable newspapers, and papers like
]"Employment news" justify their advertisement to such tricky and
]imaginary "Enterprises"  just for few dollars. These papers are supposed
]to be directed to people like me who was a serious individual and
]desperately looking for a job, and needed each Penny of his mony to
]establish himself at his new country!.
]
]"Please do not be victim to these types of ads."
]
]Regards to all.
]
]Mason.

"Credibility is expendable." -John Gilmore

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From nobody at replay.com  Mon Nov 11 11:45:22 1996
From: nobody at replay.com (Anonymous)
Date: Mon, 11 Nov 1996 11:45:22 -0800 (PST)
Subject: [URGENT] Cryptoanarchy
Message-ID: <199611111944.UAA29720@basement.replay.com>


Timothy C. May will fuck anything that moves, but he'd rather be
fucking his own mother's dead body.






From Tunny at inference.com  Mon Nov 11 11:45:52 1996
From: Tunny at inference.com (James A. Tunnicliffe)
Date: Mon, 11 Nov 1996 11:45:52 -0800 (PST)
Subject: Apology to Dale Thorn
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961111194442Z-2433@landru.novato.inference2.com>


Dale Thorn writes (in part):

>I'm tending to think that, instead of using PGP for all encoding (even
>though it may have multiple facilities for all situations), a message
>could be encrypted with a good trusted private-key system or whatever,
>then the private key encrypted with the Public Key software and sent
>either separately or with the message.

But you've described exactly what PGP does.  It encrypts the message
with a "good, trusted private-key system" -- IDEA, which has undergone
significant peer review, has a long-enough key (128 bits), and has
exhibited no significant weaknesses or shortcuts to brute force (which
is impossible, given the key length).  It then encrypts the IDEA session
key that was used with the recipient's public key, and bundles the the
IDEA-encrypted message and the RSA-encrypted session key (and
optionally, a signed hash of the message) for delivery to the recipient.

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny at Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================






From pablo at corp.webtv.net  Mon Nov 11 11:56:33 1996
From: pablo at corp.webtv.net (Pablo Calamera)
Date: Mon, 11 Nov 1996 11:56:33 -0800 (PST)
Subject: WebTV a "munition"
In-Reply-To: <v03007802aeac4fce1459@[204.254.74.48]>
Message-ID: <v03007803aead2dcf0204@[204.254.74.216]>


>>Date: Fri, 08 Nov 1996 17:16:00 -0800
>>From: Tom Weinstein <tomw at netscape.com>
>>Organization: Netscape Communications, Inc.
>>MIME-Version: 1.0
>>To: cypherpunks at toad.com
>>Subject: Re: WebTV a "munition"
>>Sender: owner-cypherpunks at toad.com
>>Precedence: bulk
>>
>>Rich Graves wrote:
>>>
>>> Eric Murray wrote:
>>> >
>>> > Page 3 of the San Jose Mercury News has a small blurb
>>> > about WebTV's browser/set-top box that "uses
>>> > computer-security technology so powerful that the
>>> > government is classifying it as a weapon
>>> > that will require a special export license before
>>> > it can be sold overseas".[...]
>>> > shouldn't be too difficult.  If they didn't use the "export"
>>> > level SSL CipherTypes, then what're they up to?  Are they
>>> > fighting crypto export laws (for which they should be congratulated
>>> > and supported) or are they just looking for free publicity?
>>>
>>> Based on the lack of public policy pronouncements from the WebTV
>>> folks, I would answer C) They're clueless. I'm not sure that
>>> management even understood, or wanted to understand, that they'd have
>>> an export problem.
>>> See http://www.webtv.net/
>>
>>Since Pablo Calamera works there, they can't be too clueless.
>>
>>--
>>You should only break rules of style if you can    | Tom Weinstein
>>coherently explain what you gain by so doing.      | tomw at netscape.com
>>


To clarify a bit, we're not talking about SSL here.  Also, some how it was
infered by some readers of the article that we were astonished about the
munitions classification of our product.  We were not.

Oh... and yes, we are not the least bit clueless (thanks Tom).  Below is a
company statement we released:

The WebTV Network is currently using a 128 bit encryption system that
gives our U.S. subscribers the most sophisticated security protection of
any online service today. It is our intent to offer our customers the most
secure environment for transactions and transmission with their WebTV
Network service. Our units, sold by Sony and Philips, include a sticker
that states that the product is not to be exported outside of the United
States.

However, the government restriction does not prevent us from exporting our
product outside of the United States. WebTV Networks has always intended to
announce its expansion plans in early 1997, providing global communication
using either 40 bits, now authorized by the government, or 56 bits which
Bill Clinton recently endorsed.


Pablo



-----------------------------------------
| Pablo Calamera
| Security Architect
| WebTV Networks, Inc. http://webtv.net/
| 305 Lytton Avenue
| Palo Alto, CA 94301
| . . . . . . . . . . . . . . . . . . . .
| mailto:pablo at corp.webtv.net
| voice:(415) 614-2749
-----------------------------------------







From declan at well.com  Mon Nov 11 12:11:48 1996
From: declan at well.com (Declan McCullagh)
Date: Mon, 11 Nov 1996 12:11:48 -0800 (PST)
Subject: DC Net-politics reporter needed
Message-ID: <Pine.GSO.3.95.961111121025.1286N-100000@well.com>


A political publication is looking for an experienced journalist to cover
Net-happenings on Capitol Hill, in the White House, and in Federal
agencies. Let me know if you're interested and I'll forward your contact
info and clips to the right people.

-Declan









From roach_s at alph.swosu.edu  Mon Nov 11 12:33:49 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Mon, 11 Nov 1996 12:33:49 -0800 (PST)
Subject: Sliderules, Logs, and Prodigies
Message-ID: <199611112033.MAA11915@toad.com>


At 08:30 AM 11/9/96 -0800, Dale Thorn wrote:
...
>FORTH has fallen out of favor for most PC users of the mid 1990's, but then 
>again, so have computer languages as a whole, since few persons write software 
>today as compared to the early 1980's.
...
I was tinkering around in Basic back then, I wasn't writing much of my own,
but I did know a few commands.  I remember when using "canned" software had
a certain stigma to it, like saying "you are not a true computer afficinado,
you don't even type in your own code."  I also remember that my dad taught
computer programming out of the back of magazines, ones with names like
TI/99er, Home Computing (is it still out there?), and K-Power.  Heck, even
3-2-1 Contact, the PBS based magazine had a source code section for a while.
I'm afraid I don't remember Forth, though I have heard of it, about as much
as my friends have heard of PGP.






From jya at pipeline.com  Mon Nov 11 12:41:38 1996
From: jya at pipeline.com (John Young)
Date: Mon, 11 Nov 1996 12:41:38 -0800 (PST)
Subject: Why Crypto Is Hard
Message-ID: <1.5.4.32.19961111203926.006af428@pop.pipeline.com>


See the final version of Bruce Schneier's essay 
"Why Cryptography Is Harder Than It Looks ... " at:

     http://www.counterpane.com/whycrypto.html








From schneier at counterpane.com  Mon Nov 11 13:53:17 1996
From: schneier at counterpane.com (Bruce Schneier)
Date: Mon, 11 Nov 1996 13:53:17 -0800 (PST)
Subject: Why Cryptography is Harder than it Looks (LONG)
Message-ID: <v03007800aead3ea8c260@[204.246.66.55]>


WHY CRYPTOGRAPHY IS HARDER THAN IT LOOKS
Bruce Schneier, Counterpane Systems

................................................................................
Copyright Nov 1996 by Bruce Schneier.  All rights reserved.  Permission is
given to distribute this essay, providing that it is distributed in its
entirety (including this copyright notice).  For more information on
Counterpane Systems's cryptography and security consulting, see
http://www.counterpane.com.
................................................................................


>From e-mail to cellular communications, from secure Web access to digital
cash, cryptography is an essential part of today's information systems.
Cryptography helps provide accountability, fairness, accuracy, and
confidentiality.  It can prevent fraud in electronic commerce and assure
the validity of financial transactions.  It can prove your identity or
protect your anonymity.  It can keep vandals from altering your Web page
and prevent industrial competitors from reading your confidential
documents.  And in the future, as commerce and communications continue to
move to computer networks, cryptography will become more and more vital.

But the cryptography now on the market doesn't provide the level of
security it advertises.  Most systems are not designed and implemented in
concert with cryptographers, but by engineers who thought of cryptography
as just another component.  It's not.  You can't make systems secure by
tacking on cryptography as an afterthought.  You have to know what you are
doing every step of the way, from conception through installation.

Billions of dollars are spent on computer security, and most of it is
wasted on insecure products.  After all, weak cryptography looks the same
on the shelf as strong cryptography.  Two e-mail encryption products may
have almost the same user interface, yet one is secure while the other
permits eavesdropping.  A comparison chart may suggest that two programs
have similar features, although one has gaping security holes that the
other doesn't.  An experienced cryptographer can tell the difference.  So
can a thief.

Present-day computer security is a house of cards; it may stand for now,
but it can't last.  Many insecure products have not yet been broken because
they are still in their infancy.  But when these products are widely used,
they will become tempting targets for criminals.  The press will publicize
the attacks, undermining public confidence in these systems.  Ultimately,
products will win or lose in the marketplace depending on the strength of
their security.

THREATS TO COMPUTER SYSTEMS

Every form of commerce ever invented has been subject to fraud, from rigged
scales in a farmers' market to counterfeit currency to phony invoices.
Electronic commerce schemes will also face fraud, through forgery,
misrepresentation, denial of service, and cheating.  In fact,
computerization makes the risks even greater, by allowing attacks that are
impossible against non-automated systems.  A thief can make a living
skimming a penny from every Visa cardholder.  You can't walk the streets
wearing a mask of someone else's face, but in the digital world it is easy
to impersonate others.  Only strong cryptography can protect against these
attacks.

Privacy violations are another threat.  Some attacks on privacy are
targeted:  a member of the press tries to read a public figure's e-mail, or
a company tries to intercept a competitor's communications.  Others are
broad data-harvesting attacks, searching a sea of data for interesting
information: a list of rich widows, AZT users, or people who view a
particular Web page.

Electronic vandalism is an increasingly serious problem. Computer vandals
have already graffitied the CIA's web page, mail-bombed Internet providers,
and canceled thousands of newsgroup messages.  And of course, vandals and
thieves routinely break into networked computer systems.  When security
safeguards aren't adequate, trespassers run little risk of getting caught.

Attackers don't follow rules; they cheat.  They can attack a system using
techniques the designers never thought of.  Art thieves have burgled homes
by cutting through the walls with a chain saw.  Home security systems, no
matter how expensive and sophisticated, won't  stand a chance against this
attack.  Computer thieves come through the walls too.  They steal technical
data, bribe insiders, modify software, and collude.  They take advantage of
technologies newer than the system, and even invent new mathematics to
attack the system with.

The odds favor the attacker.  Bad guys have more to gain by examining a
system than good guys.  Defenders have to protect against every possible
vulnerability, but an attacker only has to find one security flaw to
compromise the whole system.

WHAT CRYPTOGRAPHY CAN AND CAN'T DO

No one can guarantee 100% security.  But we can work toward 100% risk
acceptance.  Fraud exists in current commerce systems:  cash can be
counterfeited, checks altered, credit card numbers stolen.  Yet these
systems are still successful because the benefits and conveniences outweigh
the losses.  Privacy systems -- wall safes, door locks, curtains -- are not
perfect, but they're often good enough.  A good cryptographic system
strikes a balance between what is possible and what is acceptable.

Strong cryptography can withstand targeted attacks up to a point -- the
point at which it becomes easier to get the information some other way.  A
computer encryption program, no matter how good, will not prevent an
attacker from going through someone's garbage.  But it can prevent
data-harvesting attacks absolutely; no attacker can go through enough trash
to find every AZT user in the country.  And it can protect communications
against non-invasive attacks: it's one thing to tap a phone line from the
safety of the telephone central office, but quite another to break into
someone's house to install a bug.

The good news about cryptography is that we already have the algorithms and
protocols we need to secure our systems.  The bad news is that that was the
easy part; implementing the protocols successfully requires considerable
expertise.  The areas of security that interact with people -- key
management, human/computer interface security, access control -- often defy
analysis.  And the disciplines of public-key infrastructure, software
security, computer security, network security, and tamper-resistant
hardware design are very poorly understood.

Companies often get the easy part wrong, and implement insecure algorithms
and protocols.  But even so, practical cryptography is rarely broken
through the mathematics; other parts of systems are much easier to break.
The best protocol ever invented can fall to an easy attack if no one pays
attention to the more complex and subtle implementation issues.  Netscape's
security fell to a bug in the random-number generator.  Flaws can be
anywhere: the threat model, the system design, the software or hardware
implementation, the system management.  Security is a chain, and a single
weak link can break the entire system.  Fatal bugs may be far removed from
the security portion of the software; a design decision that has nothing to
do with security can nonetheless create a security flaw.

Once you find a security flaw, you can fix it.  But finding the flaws in a
product can be incredibly difficult.  Security is different from any other
design requirement, because functionality does not equal quality.  If a
word processor prints successfully, you know that the print function works.
Security is different; just because a safe recognizes the correct
combination does not mean that its contents are secure from a safecracker.
No amount of general beta testing will reveal a security flaw, and there's
no test possible that can prove the absence of flaws.

THREAT MODELS

A good design starts with a threat model: what the system is designed to
protect, from whom, and for how long. The threat model must take the entire
system into account -- not just the data to be protected, but the people
who will use the system and how they will use it.  What motivates the
attackers?  Must attacks be prevented, or can they just be detected?  If
the worst happens and one of the fundamental security assumptions of a
system is broken, what kind of disaster recovery is possible?  The answers
to these questions can't be standardized; they're different for every
system.  Too often, designers don't take the time to build accurate threat
models or analyze the real risks.

Threat models allow both product designers and consumers to determine what
security measures they need.  Does it makes sense to encrypt your hard
drive if you don't put your files in a safe?  How can someone inside the
company defraud the commerce system?  How much would it cost to defeat the
tamper-resistance on the smart card?  You can't design a secure system
unless you understand what it has to be secure against.

SYSTEM DESIGN

Design work is the mainstay of the science of cryptography, and it is very
specialized.  Cryptography blends several areas of mathematics: number
theory, complexity theory, information theory, probability theory, abstract
algebra, and formal analysis, among others.  Few can do the science
properly, and a little knowledge is a dangerous thing: inexperienced
cryptographers almost always design flawed systems.  Good cryptographers
know that nothing substitutes for extensive peer review and years of
analysis.  Quality systems use published and well-understood algorithms and
protocols; using unpublished or unproven elements in a design is risky at
best.

Cryptographic system design is also an art.  A designer must strike a
balance between security and accessibility, anonymity and accountability,
privacy and availability.  Science alone cannot prove security; only
experience, and the intuition born of experience, can help the
cryptographer design secure systems and find flaws in existing designs.

IMPLEMENTATION

There is an enormous difference between a mathematical algorithm and its
concrete implementation in hardware or software.  Cryptographic system
designs are fragile.  Just because a protocol is logically secure doesn't
mean it will stay secure when a designer starts defining message structures
and passing bits around.  Close isn't close enough; these systems must be
implemented exactly, perfectly, or they will fail.  A poorly-designed user
interface can make a hard-drive encryption program completely insecure.  A
false reliance on tamper-resistant hardware can render an electronic
commerce system all but useless.  Since these mistakes aren't apparent in
testing, they end up in finished products.  Many flaws in implementation
cannot be studied in the scientific literature because they are not
technically interesting.  That's why they crop up in product after product.
Under pressure from budgets and deadlines, implementers use bad
random-number generators, don't check properly for error conditions, and
leave secret information in swap files. The only way to learn how to
prevent these flaws is to make and break systems, again and again.

CRYPTOGRAPHY FOR PEOPLE

In the end, many security systems are broken by the people who use them.
Most fraud against commerce systems is perpetrated by insiders.  Honest
users cause problems because they usually don't care about security.  They
want simplicity, convenience, and compatibility with existing (insecure)
systems.  They choose bad passwords, write them down, give friends and
relatives their private keys, leave computers logged in, and so on.  It's
hard to sell door locks to people who don't want to be bothered with keys.
A well-designed system must take people into account.

Often the hardest part of cryptography is getting people to use it.  It's
hard to convince consumers that their financial privacy is important when
they are willing to leave a detailed purchase record in exchange for one
thousandth of a free trip to Hawaii.  It's hard to build a system that
provides strong authentication on top of systems that can be penetrated by
knowing someone's mother's maiden name.  Security is routinely bypassed by
store clerks, senior executives, and anyone else who just needs to get the
job done.  Only when cryptography is designed with careful consideration of
users' needs and then smoothly integrated, can it protect their systems,
resources, and data.

THE STATE OF SECURITY

Right now, users have no good way of comparing secure systems.  Computer
magazines compare security products by listing their features, not by
evaluating their security.  Marketing literature makes claims that are just
not true; a competing product that is more secure and more expensive will
only fare worse in the market.  People rely on the government to look out
for their safety and security in areas where they lack the knowledge to
make evaluations -- food packaging, aviation, medicine.  But for
cryptography, the U.S. government is doing just the opposite.

When an airplane crashes, there are inquiries, analyses, and reports.
Information is widely disseminated, and everyone learns from the failure.
You can read a complete record of airline accidents from the beginning of
commercial aviation.  When a bank's electronic commerce system is breached
and defrauded, it's usually covered up.  If it does make the newspapers,
details are omitted.  No one analyzes the attack; no one learns from the
mistake.  The bank tries to patch things in secret, hoping that the public
won't lose confidence in a system that deserves no confidence.  In the long
run, secrecy paves the way for more serious breaches.

Laws are no substitute for engineering.  The U.S. cellular phone industry
has lobbied for protective laws, instead of spending the money to fix what
should have been designed corectly the first time.  It's no longer good
enough to install security patches in response to attacks.  Computer
systems move too quickly; a security flaw can be described on the Internet
and exploited by thousands.  Today's systems must anticipate future
attacks.  Any comprehensive system -- whether for authenticated
communications, secure data storage, or electronic commerce -- is likely to
remain in use for five years or more.  It must be able to withstand the
future:  smarter attackers, more computational power, and greater
incentives to subvert a widespread system.  There won't be time to upgrade
them in the field.

History has taught us:  never underestimate the amount of money, time, and
effort someone will expend to thwart a security system.  It's always better
to assume the worst.  Assume your adversaries are better than they are.
Assume science and technology will soon be able to do things they cannot
yet.  Give yourself a margin for error.  Give yourself more security than
you need today.  When the unexpected happens, you'll be glad you did.

******************************************************************************
Bruce Schneier       schneier at counterpane.com       http://www.counterpane.com
******************************************************************************







From sandfort at crl.com  Mon Nov 11 14:16:25 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 11 Nov 1996 14:16:25 -0800 (PST)
Subject: Conspiring to commit voodoo
In-Reply-To: <v03007807aead26b2cf8c@[207.167.93.63]>
Message-ID: <Pine.SUN.3.91.961111135201.12543A-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 11 Nov 1996, Timothy C. May wrote:

> ...This benign neglect will probably change rather quickly if
> one of the offshore betting markets starts carrying odds that a
> particular judge or other public figure will be killed. And if
> he _is_ killed, look for interrogations of the AP "ringleaders"
> --and maybe many of the rest of us, who have spoken out for
> anarchy and the like...

Just a reminder of the appropriate response in such a case.
Just keep repeating the four magic words, "I want a lawyer."
Co-operation buys you NOTHING.  (I hereby christen this the
"Jewell Rule" for obvious and topical reasons.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From mccoy at communities.com  Mon Nov 11 14:22:09 1996
From: mccoy at communities.com (Jim McCoy)
Date: Mon, 11 Nov 1996 14:22:09 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <v03007801aead576335d0@[205.162.51.35]>


Hal writes:
>Black Unicorn makes a lot of good points regarding privacy.  One thing
>I wanted to follow up on:
>
>> Unfortunately, in the United States most citizens only become interested
>> in privacy in their 20s or so.  By this time it is difficult to overcome
>> the mass of information which has been stored up.  (Pseudocide can be an
>> attractive option for some perhaps).
[...]
>Are there other measures which parents could take while their children are
>young to get them off to a good start, privacy-wise?

Do not declare your children as dependants.  If you do then you are required
to get a SSN for them, but if you are willing to waive the tax savings there
is no requirement than children have a SSN.  Not having a handy universal
index number like a SSN makes it a lot harder for people to accumulate
statistics on your kids.

jim







From iang at cs.berkeley.edu  Mon Nov 11 14:26:53 1996
From: iang at cs.berkeley.edu (Ian Goldberg)
Date: Mon, 11 Nov 1996 14:26:53 -0800 (PST)
Subject: WebTV a "munition"
In-Reply-To: <3283A25B.1D6E@ix.netcom.com>
Message-ID: <568952$6fv@abraham.cs.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

In article <199611091610.LAA00420 at pdj2-ra.F-REMOTE.CWRU.Edu>,
Peter D. Junger <junger at pdj2-ra.F-REMOTE.CWRU.Edu> wrote:
>As far as I know, the only person convicted of shipping cryptographic
>devices outside the U.S. without a license was guilty of shipping a
>satellite TV descrambler to Latin America.  So there is some sort of
>precedent.  (And, of course, no First Amendment problem.)

I had heard of this before, but it's odd, because the ITAR says that
among items _excluded_ from the munitions list are items:

121.1 Category XIII(b)(1)(viii):
Limited to receiving for radio broadcast, pay television or similar
restricted audience television of the consumer type, without digital encryption
and where digital decryption is limited to the video, audio or management
functions.

so it would seem a sattelite TV descrambler is not a munition.

   - Ian

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoen3kZRiTErSPb1AQFpywQAic/fkZZQIFItzyt0tnKYtV5/CGXpABJl
ncRnl4ydG5LWyudrB9tb5fFhIqUtpp2I1MRoFgXWibEk2OwGXua7T91rSyw/AeG0
Reh+x0IJGYu4DdHBmrMwRTbAR5QgsC9Yai9j/cIsXXDBviXSKMBn8S5jTK0BvTKg
RwEamFu7QL4=
=JlNu
-----END PGP SIGNATURE-----





From aba at dcs.ex.ac.uk  Mon Nov 11 14:58:10 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Mon, 11 Nov 1996 14:58:10 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>
Message-ID: <199611112054.UAA00130@server.test.net>



SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil writes:
>  mark m wrote:
>  >In order for anonymous remailers to be completely anonymous, only one 
>  >remailer in the chain has to be trustworthy.  If a message is chained 
>  >through N remailers and N-1 of those remailers are run by spooks, the 
>  >anonymity of the message depends on the remaining remailer.
>      
>  well, actually, the first remailer has to be the trustworthy one.  you 
>  send a msg to the first with your "real" address, and if the spook is 
>  there, voila! so...  i understand your point, but still, it has to be 
>  the first one.

The first remailer doesn't necessarily have to be trustworthy; it
depends what it is you are trying to hide.

If you are trying to hide the fact that you are sending mail via
remailers, then to some extent the first remailer matters.  But
presumably, if you are sending to remailers, watching all the email
you send would be the obvious way to see if you are using remailers.

Your options to hide the fact that you are sending to remailers would
be to forward your mail (encrypted) to someone else who does use
remailers.  Or perhaps a hypothetical system in which you
steganographically encode your to be remailed message to a newsgroup
which is scanned by the your entry remailer.

If on the other hand you are trying to conceal who you are sending to,
and you don't send to many messages, using mixmaster you would retain
some anonymity even if all bar one remailer were run by the spooks.
As mixmaster remailers have uniform packet sizes, and reordering of
messages, it's not going to be obvious which message coming from the
trustworthy remailer is yours.

Flooding attacks on remailers are when the spook run remailers try to
keep the trustworthy remailer fairly loaded with email, so that the
non-spook traffic shows up.  In the worst case, only your message
would be non-spook traffic in a given reorder batch, and you would
lose all anonymity.

Adam
--
RSA in perl:
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From reagle at rpcp.mit.edu  Mon Nov 11 15:02:00 1996
From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr. by way of "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>)
Date: Mon, 11 Nov 1996 15:02:00 -0800 (PST)
Subject: Computer hacker tries to hire rapist: Police
Message-ID: <3.0.32.19961111175002.00a19170@rpcp.mit.edu>



I'm sure many people will be pleased with the term "computer hacker" to
describe someone with an AOL account getting stung...(those insidious
hackers will stop at nothing...)

  	  				 
	 BOSTON (Reuter) - A Vermont man who used a computer online  
service to try to hire someone to rape and sexually mutilate his 
wife unknowingly employed a policeman for the job, the 
Massashusetts Attorney General's office said Thursday. 
	 Harold Clarkson, 50, was charged with two counts of hiring  
someone to commit kidnapping and sexual assault. He faces a 
maximum of 10 years in prison, police said. 
	 Clarkson, identifying himself on the America Online service  
as ``Trudy21'', a 21-year-old woman from North Carolina, said he 
wanted to hire someone to kipnap his sister, beat her with a 
baseball bat, rape her with a champagne bottle and commit other 
acts, a spokesman for Attorney General Scott Harshbarger said. 
	 Massachusetts State Police Lt. Andrew Palombo, who works for  
the Attorney General's Office and routinely investigates on-line 
services, was also logged onto America Online while off-duty. 
	 Palombo contacted America Online and discovered 'Trudy21'  
was Clarkson and the victim was his wife, police said. 
	 Palombo then posed as a woman on the online service and  
contacted Clarkson, who described a variety of sexual torture 
practices that he would like to perform on a woman, said Robert 
Sikellis, the Massachusetts attorney general's chief of special 
investigations. 
	 Palombo arranged for a woman undercover police officer to  
meet Clarkson in Rutland, Vermont, where he showed up with 
handcuffs, rope, a blindfold and other devices and was arrested Wednesday, 
he said.
  	   	







From anonymous at miron.vip.best.com  Mon Nov 11 15:07:54 1996
From: anonymous at miron.vip.best.com (anonymous at miron.vip.best.com)
Date: Mon, 11 Nov 1996 15:07:54 -0800 (PST)
Subject: another possible remailer attack
Message-ID: <199611112300.PAA00754@miron.vip.best.com>


Steve Reid writes:
>
> >> You want to know if Dimitri is the person regularly posting these
> >> messages. So, you use your powers as ISP to block his access to all
> >> remailers. If the public messages suddenly stop then you can be
> >> reasonably certain that Dimitri was sending them.
> > I'm not following something...just how to your "powers as ISP" affect a
> > remailer in, say, Holland, or one for that matter on another ISP? (As a
>
> Packet filtering at the ISP's router. If Dimitri can't connect to a
> remailer, he can't send anonymous messages. Sure there are a lot of hacks
> that could be done (like have sendmail on another system send it to a
> remailer) but such things could be detected and blocked by clever filters.

I disagree, it's easy to bounce mail through ANY Internet-connected
host running sendmail and thence to a remailer.

In fact this mail was sent that way, I bounced it through sun.com
before hitting a remailer.

> In fact, the ISP could just claim to be "going down for maintenance" and
> completely block Dimitri from the internet for a while.

Only if the Backbone Cabal (there is no Cabal) is re-formed
(and given special SuperPowers!) with the sole purpose of
blocking Dimitri from posting to cypherpunks.


> > Just as the Nazis could isolate spy transmitters by selectively
> > turning off electricity to different neigborhoods, so, too, can various
>
> Isolating spy transmitters by selectively cutting power is exactly
> alalogous to what I have suggested.

The spy transmitters couldn't bounce their transmissions off of
regular radio transmissions, could they?


Buck Satan





From nobody at cypherpunks.ca  Mon Nov 11 15:22:17 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 11 Nov 1996 15:22:17 -0800 (PST)
Subject: Vulis on the remailers
In-Reply-To: <199611082058.MAA01697@abraham.cs.berkeley.edu>
Message-ID: <199611112317.PAA09200@abraham.cs.berkeley.edu>


> 
> Please, remailers, source block Vulis for a week.
> Remailer Fan
> 

Nope, sorry.  It's not in the remailer operators' interest to be in
the business to deciding who can and can't use the remailers
(esp. based on content of previous posts).  That would make the
operators responsible for content.





From reagle at rpcp.mit.edu  Mon Nov 11 15:28:14 1996
From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Mon, 11 Nov 1996 15:28:14 -0800 (PST)
Subject: How many people killed by there own governments (Was: Re: a retort + a comment + a question = [RANT])
Message-ID: <3.0.32.19961111182528.00a31d70@rpcp.mit.edu>


>With regard to b), governments--primarily through the use of 
>their militaries--have killed, by some counts 170,000,000, men,
>women and children in this century alone.  Hardly the guardians
>of freedom, in my opinion.

	Do you have a breakdown of that number? I'm working on one of my thought
experiments and am looking for the appropriate stats:


o THUGS V. GOVS 
  (during times of "modern" govts. 1800+)

Deaths by Govts. on "own people"

  US Civil War     x M
  US Native Americans
  Hitler: Jews     6 M
  Hitler: Others   6 M
  Stalin:         30 M
  China: Cult Rev  x M
  France: Rev      x M


  Deaths by Thugs

  Murders in whole world

	^^^ See to be valid, I think I'd have to including thugs all over the
world (since I use genocides all over the world) but if I had the
death/person US figure, I could multiply that by the whole world and have a
upper bound (conservative) since US has a partcularly large amount of murderes.
_______________________
Regards,          In every man's heart there is a secret nerve that answers 
                  to the vibrations of beauty. -Christopher Morley
Joseph Reagle     http://rpcp.mit.edu/~reagle/home.html
reagle at mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From wombat at mcfeely.bsfs.org  Mon Nov 11 16:44:03 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Mon, 11 Nov 1996 16:44:03 -0800 (PST)
Subject: two bogus messages to this list
In-Reply-To: <199611111740.KAA06336@infowest.com>
Message-ID: <Pine.BSF.3.91.961111182838.3985C-100000@mcfeely.bsfs.org>




On Mon, 11 Nov 1996 attila at primenet.com wrote:

> In <199611111238.GAA17346 at manifold.algebra.com>, on 11/11/96 
>    at 06:38 AM, ichudov at algebra.com (Igor Chudov @ home) said:
> 
> .I did not write the two messages below. I did have a small party
> .yesterday, probably some of my guests did that...
> 
>         just goes to proof it:  Microslop and Intel boxes are secure
>     only when most of their parts are stored under lock and key.
> 


Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
can be brought up in single-user mode and the root password changed by 
anyone with physical access to the system. You could end up with even 
more trouble than if someone messed with your M$ box.

-r.w.










From llurch at networking.stanford.edu  Mon Nov 11 16:51:10 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Mon, 11 Nov 1996 16:51:10 -0800 (PST)
Subject: Federal Reserve Bank is ILLEGAL? [BOB DYLAN]
In-Reply-To: <199611112318.SAA19657@beast.brainlink.com>
Message-ID: <Pine.GUL.3.95.961111155838.5269A-100000@Networking.Stanford.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 11 Nov 1996, Doug Renner wrote:

> http://feustel.mixi.net/GOV/DEPTS/fedres.html
> 
> Most list members would be very interested in the above link.

Indeed. It's hilarious, especially the References section. Thanks!

I think maybe you should take a look at the Noontide Press catalog.

- -rich

ObCopyrightViolation (not really on-topic, because Carto and Pierce were
kicked out of the Birch Society, but it's funnier than, for example,
<http://www.c2.net/~rich/nab9608-1.gif>):

TALKIN' JOHN BIRCH PARANOID BLUES
(Words and Music by Bob Dylan)
1970, 1973 Special Rider Music

Well, I was feelin' sad and feelin' blue,
I didn't know what in the world I was gonna do,
Them Communists they wus comin' around,
They wus in the air,
They wus on the ground.
They wouldn't gimme no peace. . .

So I run down most hurriedly
And joined up with the John Birch Society,
I got me a secret membership card
And started off a-walkin' down the road.
Yee-hoo, I'm a real John Bircher now!
Look out you Commies!

Now we all agree with Hitlers' views,
Although he killed six million Jews.
It don't matter too much that he was a Fascist,
At least you can't say he was a Communist!
That's to say like if you got a cold you take a shot of malaria.

Well, I wus lookin' everywhere for them gol-darned Reds.
I got up in the mornin' 'n' looked under my bed,
Looked in the sink, behind the door,
Looked in the glove compartment of my car.
Couldn't find 'em . . .

I wus lookin' high an' low for them Reds everywhere,
I wus lookin' in the sink an' underneath the chair.
I looked way up my chimney hole,
I even looked deep inside my toilet bowl.
They got away . . .

Well, I wus sittin' home alone an' started to sweat,
Figured they wus in my T.V. set.
Peeked behind the picture frame,
Got a shock from my feet, hittin' right up in the brain.
Them Reds caused it!
I know they did . . . them hard-core ones.

Well, I quit my job so I could work alone,
Then I changed my name to Sherlock Holmes.
Followed some clues from my detective bag
And discovered they wus red stripes on the American flag!
That ol' Betty Ross . . .

Well, I investigated all the books in the library,
Ninety percent of 'em gotta be burned away.
I investigated all the people that I knowed,
Ninety-eight percent of them gotta go.
The other two percent are fellow Birchers . . . just like me.

Now Eisenhower, he's a Russian spy,
Lincoln, Jefferson and that Roosevelt guy.
To my knowledge there's just one man
That's really a true American:  George Lincoln Rockwell.
I know for a fact he hates Commies cus he picketed the movie Exodus.

Well, I fin'ly started thinkin' straight
When I run outa things to investigate.
Couldn't imagine doin' anything else,
So now I'm sittin' home investigatin' myself!
Hope I don't find out anything . . . hmm, great God!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMofAP5NcNyVVy0jxAQEWUwH/VBpVAQeLio6vvqk4+Wku+y2zSETIqat8
KQso3BxkgV8mC3wiD7oC4YdJTnGIFnh5Zutt6po0wF/URkpda7zBcA==
=r6Fl
-----END PGP SIGNATURE-----






From alan at ctrl-alt-del.com  Mon Nov 11 16:56:27 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Mon, 11 Nov 1996 16:56:27 -0800 (PST)
Subject: RSA and me...
Message-ID: <3.0b36.32.19961111164959.0114bcc4@mail.teleport.com>


At 09:14 AM 11/10/96 GMT, Gemini Thunder wrote:
>'Lo.
>Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
>What if I got it as a tatoo?  

Its been done.  (Someone got it a year or so back...)  

What was funny about it was that i remarked (in jest) "what if the tattoo
artist made a typo?  Would it still be illegal?".  Seems the tatto artist
*HAD* made a typo and had to go back and fix it.

I think that the person with the tattoo would be thrown in the LaBrea ITAR
pits just to be safe...

---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From rcgraves at ix.netcom.com  Mon Nov 11 17:03:16 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Mon, 11 Nov 1996 17:03:16 -0800 (PST)
Subject: Rush disses anonymity
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <3287CCBD.7C2E@ix.netcom.com>


Robert Hettinga wrote:
> 
> I'm sitting here listening to Rush, and he's talking about Pierre
> Salanger's recent "discovery" ;-) of the anonymously posted 
> friendly-fire TWA800 internet message of a few months back.

I must say I was pleased (and, I'm sorry to say, surprised) not to hear 
people talking about that "conspiracy" on this list. I gave a friend at 
the Merc hell for publishing a story saying that maybe there was 
something to it because there was some web site with "details of 
possible trajectories and everything." Morons.

> In the process of discounting the story, and praising FBI pal 
> Kalstrom, he bemoans the anonymity of the net, calling it a "nest of 
> kooks", (mixed in with all the other "right thinking people", of
> course...).
> 
> Given this, and, of course, our own fun and games with anonymous, er,
> slander, on this list, I'm frequently tempted to agree with him.

You people are wimps. The only real effect of the good doctor's rants 
has been, as Mr. May indicated, to get the good doctor on the "don't 
hire" list.

> After all,
> if someone says something wrong about you, how do find them and punish
> them? How do you know what the truth is, unless you know who said it?

You get off your ass and find out directly.

How about if you know exactly who it is, but you know him to be 
judgement-proof, since he's already saddled with over $12 million in 
libel and wrongful-death suits? It's called "reputation capital."

> Until, of course, I remember that anonymity is unpreventable, and,
> frankly, economically necessary for true internet commerce.
> 
> Remember what agrarianism did to try to stop industrialism (up to, and
> including, socialism <he said, trolling for leftists>), and expect the
> worst, folks.

People are just going to have to be smarter than they've ever been. The 
Net enables sharing and verifying real information just as it enables 
disinformation. Sure disinformation will always be cheaper to produce 
and more appealing to the eye (fact is harder to accept than fiction 
because fictional plots are written to make sense), but disinformation 
tends to cancel itself out.

Work on archives, reputation control, and openness. Disinformation, to 
be truly effective, requires a monopoly on information. More speech, not 
less.

(Keep in reserve the retort that anonymity is quite big in "the 
mainstream," too. How many key stories cite "well-placed 
administration sources"?)

The opposite of the Black Unicorn approach to nym safety is the Liz 
Taylor approach: "As long as they spell my name right, I don't care."
Nobody I care about is going to listen to some crank, or if they do, 
they'll email me to check the facts, or if they don't, I have 
alternative outlets for information. As long as I live in a free country 
with a free Internet, they can't touch me.

Oh, btw, it's helped that I've resigned myself to forever working for 
decent people who don't give in to such bullshit.

-rich





From ratak at escape.ca  Mon Nov 11 17:16:11 1996
From: ratak at escape.ca (ratak (Jason E.J. Manaigre))
Date: Mon, 11 Nov 1996 17:16:11 -0800 (PST)
Subject: FY 1997 classified programs list now available.
Message-ID: <199611120118.TAA14817@wpg-01.escape.ca>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: dc-stuff at dis.org
Date: Mon Nov 11 19:16:08 1996

People! I got this message today, and the web site :

http://www.frogi.org/classified-programs.html

It has all the details, take a close look at what the U.S Goverment has been 
up to in regards to there classified programs branchs...


God damn do they ever spend money...!

All research done by::

Paul McGinnis / PaulMcG at aol.com
  http://www.frogi.org/secrecy.html  [military secrecy site]




- -----Begin Included Message ----- 

Date: Mon, 11 Nov 1996 18:44:14 -0500
 From: PaulMcG at aol.com
To: skunk-works at mail.orst.edu, area51 at lists.best.com
Cc: 

I have posted my new, extensive list of classified military programs (and 
the references I used to find them) in the FY 1997 budget at:

  http://www.frogi.org/classified-programs.html

(NOTE: requires a Web browser with table support)

There are some shocking revelations such as 31% of the Air Force's research
and development budget is being spent on programs whose purpose -and- cost 
is classified. Doesn't anyone believe in public accountability for taxpayer
money?
___________________________________________________________________
GarGoyle Securities
- -Intrusion Assessment Systems
- -Security Consultation/Education/Curriculum Development
- -Project Management/Research/Analysis World Wide...
- -Member of CITDC (Canadian International Trade Development Council)
- -Email: ratak at GargSec.mb.ca (Jason E.J. Manaigre)
- -Web: www.GargSec.mb.ca
- -Email for PGP key with phrase 'Get Public Key' as Subject
___________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBMofP4PqtmO8M92GRAQGrKQgAtmH+2O5k8AODrjR1qvBoR6Q37AqWJ6Rg
OOF0OeugKHr1rppeJDYhYCHyBXQ5m+ktrpecpPKBDqfSbHFnjrMI9jmXUcs5KTPz
JjV5C3EssD4TIj7/EcOwgV4qWt18I2T4D612nj3yQ3S68D+brUNCthrJpsEfKFKX
yAnizzUOtnBLeosnUkz4FDF5lM5MgadU7/kCmO8k/g9NrZHfIj8PMifDVx4bLeCl
E+MdXoSqZnY47+RECL7vFOEIlBTfjBRjf2C/QGWBc1W6feBgL5R1OlZBHv2hIZLZ
72DcDzt8pjhbebqIU0AM4mLmNwmQT2qh3p47VopVjHaIr2/uHg4+2w==
=OR7L
-----END PGP SIGNATURE-----






From rcgraves at ix.netcom.com  Mon Nov 11 17:21:19 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Mon, 11 Nov 1996 17:21:19 -0800 (PST)
Subject: Universal Service for the Net: Why it's a bad idea
In-Reply-To: <9611082306.AA24281@su1.in.net>
Message-ID: <3287D0ED.6FDB@ix.netcom.com>


Frank Willoughby wrote:
> 
> At 07:53 AM 11/8/96 -0800, Declan McCullagh <declan at well.com> wrote:
> >* Why should a Beverly Hills high school get a discount of 20
> >  percent? Can't they afford to pay for ISDN?
> 
> Depends on how their telco's tariffs are set up.  Here in Indiana,
> we have a monopoly called "Ameritech" who, out of the kindness of
> their hearts, charges ***per-minute*** ISDN rates.

Huh? Here on Planet Earth, that's the way it is everywhere, except 
"non-prime-time" or Centrex rates may be special. In most of the world, 
local analog voice calls are metered. The US is the exception.

> Expect costs of over $600/month for a permament connection (one
> line) to the Internet.

Now, that *would* be unusual. Unless you mean a full-time dedicated port 
with a dedicated IP address, which I don't think schools need (their web 
server should be co-located at their ISP anyway). Dialup ISDN is much 
cheaper. We've got it down to about $75/month/user, all included.

-rich





From roach_s at alph.swosu.edu  Mon Nov 11 17:44:49 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Mon, 11 Nov 1996 17:44:49 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611120144.RAA16388@toad.com>



>At 12:58 AM 11/8/1996, stewarts at ix.netcom.com wrote:

>> Strong vs. weak crypto isn't the real issue - for most business use,
>> weak crypto is obviously unacceptable, but strong crypto with GAK
>> is ok as long as it doesn't interfere with use (and as long as the
>> government bureaucrats don't sell too many keys.)

To which, at 09:02 AM 11/8/96 -0800, Peter Hendrickson wrote:

>We often say that the government is a security weak point and that
>this makes GAK impractical.  However, this is not true.  If the
>holders of the government keys were individually responsible for
>their release, they would not be released very often.  That is,
>in order to use cryptography you must purchase an expensive
>encryption license.  That pays the salary of a certified "key
>escrow agent" who is the only person who can decrypt your messages.
>What stops him from revealing your keys to unauthorized parties?
>It's his business.  If that's not enough, you back it up with
>criminal penalties for disclosure.  And, hiring this person is
>no different from hiring an employee for your company.
>
>There are already similar activities.  Lawyers are nominally employees
>of the state.  Employees of Swiss banks can go to jail for violating
>their secrecy laws.

Then there is the meat-packing inspectors, I don't know if this should give
piece of mind or instill new fear.  The inspectors were put in there because
the meat was rancid, the thing is, some of it still is if you listen to the
critics.
A partial fix at least.

>At 12:58 AM 11/8/1996, stewarts at ix.netcom.com wrote:

>> The government might be able to stop new Netscape versions from
>> using strong crypto - threatening to confiscate the company's
>> ill-gotten gains from aiding and abetting money launderers might help,
>> and threatening to confiscate PCs that use unapproved crypto.
>> But it's tough to use a widespread threat like that on popular
>> software once it's out there.

To which, at 09:02 AM 11/8/96 -0800, Peter Hendrickson wrote:

>I agree, if the software is popular.  But, if the fears of the GAKers
>and the dreams of certain cypherpunks are real, such software will
>not be popular.

Another point is, if the government attacks Netscape for their strong
crypto(which is pretty hard to get, I'm in Oklahoma and I couldn't get it
because some server didn't know for sure that my server was in the United
States or Canada), someone will probabally make an in-line plug-in for
encrypted data, and this plug-in may affect more of the browser than the
existing system, making it more dangerous to the governments schemes.
Anyone know where the data is stored on how to write for Netscape?






From roach_s at alph.swosu.edu  Mon Nov 11 17:44:53 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Mon, 11 Nov 1996 17:44:53 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611120144.RAA16395@toad.com>


At 09:02 AM 11/8/96 -0800, Peter Hendrickson wrote:
>At 12:29 AM 11/8/1996, Jim McCoy wrote:
>>Peter Hendrickson writes:
>>[...]
>>>> Get a warrant, search my system, find nothing but a bunch of applications
>>>> and a collection of risque (but definitely legal) pictures which I exchange
>>>> with a few friends.  You may suspect that when the images are concatenated
>>>> in a particular way the low-order bits form a stego filesystem but no one
>>>> will be able to prove it in court.
>
>>> Are you concatenating these images by hand?  If so, the level of entropy
>>> is probably low enough to recover the information through brute force
>>> methods or you are hiding a very small amount of information.
>
>> I hide the relatively small amount of data within a very large amount of
>> data which makes it impossible to find.  Data from analog sources, like
>> the "real world" (images, sounds, etc) is noisy.  This is a fact of life.
>> Because this data is noisy I can hide information in the noise.  As long
>> as the information I am hiding maintains the same statistical properties
>> of noise it is impossible to pull the information out of the data file unless
>> you have the key.  If I am paranoid enough I can make this key impossible
>> to discover without a breakthrough in factoring.
>
>Where will you keep your secret key?  Remember, when they go through your
>house they bring 20 young graduates from MIT who are just dying to show
>how clever they are and save the world at the same time.
>
>> This is the essence of steganography and the nature of signal and noise are
>> fundemental principles of information theory.
>
>The concept of noise is not all that well defined, however.  There is no
>way to look at a signal and say "this is all noise."  Sometimes physical
>theories may lead you to believe that it is all noise.  That is fine
>for many applications, but when becomes less convinced of things if
>the consequences are severe.
>
>>> If you are not doing it by hand, you own terrorist software and will pay
>>> the price.
>
>> Ah yes, terrorist programs like cat and perl and operating systems like
>> Linux which contain a loopback filesystem that I can hook a perl
>> interpreter into at compile-time (which is enough for me to rewrite the
>> program from scratch each time if necessary, unless things like math
>> libraries are also outlawed on computers :)  I think that the crypto
>> concentration camps are going to be very crowded places.
>
>Can you elaborate on this?  I am curious to know exactly what you are going
>to keep in your head and what goes on the disk.  Please post the Perl
>code that you would type in from scratch every time.

(Most of the message left for clarity)
I would type dungeon at the prompt and Ctrl-Alt-6 at the first door.
But that's just me.
BTW.  The hypothetical Steno program (Trojan Horse) that I wrote about
earlier (and that this refers) could have its own source hidden in the
opening screen of both the game and the bmp that I would use for my windows
background.  If anyone has access to the source of a soon to be released
game, they could add this to it as an easter egg, thus, the author would be
spreading a very powerful tool which would be advertized several months
after it was released.  If it were added to a program with references to
cypherpunks or similar, it might even reach the (primary) target audience.






From roach_s at alph.swosu.edu  Mon Nov 11 17:46:37 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Mon, 11 Nov 1996 17:46:37 -0800 (PST)
Subject: Exon Countdown Clock and farewell messages
Message-ID: <199611120144.RAA16399@toad.com>


At 09:59 AM 11/8/96 -0800, Michael Page wrote and Rich Graves forwarded:
...
>We would attempt to send it via a Email, but the respected Senator does not
>have Email. (The Irony).
...
There is no irony here, Mr. Exon tried to control the internet for the very
reason that he didn't understand it and one of his granddaughters did.
Perhaps if he did understand the internet then he wouldn't be a threat.
Remember, people fear that which they don't understand.






From dougr at skypoint-gw.globelle.com  Mon Nov 11 18:18:30 1996
From: dougr at skypoint-gw.globelle.com (Doug Renner)
Date: Mon, 11 Nov 1996 18:18:30 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.SUN.3.95.961111094329.3168B-100000@viper.law.miami.edu>
Message-ID: <Pine.3.89.9611112333.B16991-0100000@skypoint-gw.globelle.com>




On Mon, 11 Nov 1996, Michael Froomkin - U.Miami School of Law wrote:

> Instead of reading the rabid nonsense referred to in the previous post in
> this thread, try
> 
> http://www.law.miami.edu/~froomkin/articles/reinvent.htm

[snip]

Michael you make some outstanding points in your article!  One that struck 
me was:

  "Today more federal corporations exist than ever before in 
peacetime, and the number keeps growing. While toiling in obscurity, they
manage communication satellites, museums, railroads, and power 
generation.  They provide specialized credit and insurance for housing and
agriculture.  They exist as accounting devices to hide the true size of 
the budget deficit, as nonprofit organizations, and as highly profitable 
and highly leveraged economic colossi. The most profitable corporations, 
which provided a total of about $5 trillion in credit and insurance in 
1995, also have approximately $1.5 trillion in securities and other debt 
outstanding.  These organizations are capable of squirreling away $2 
billion for a rainy day, while pleading poverty to Congress.{10} "

Michael, clearly your article is much more professionally written and 
well organized, and it addresses some primary issues raised in the previous 
article nearly head-on.  However is it true that what you are saying is 
that two fundamental premises in the article you refer to as "rabid" are 
incorrect?  Namely:

"ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.

"IN 1935 THE SUPREME COURT RULED THAT CONGRESS CANNOT CONSTITUTIONALLY
DELEGATE ITS POWER TO ANOTHER GROUP. (Reference 22, P. 168)

Are these not correct?  Anyway, there were issues other than mere legality 
discussed, including history & practicality.  Specifically, the quotes from 
Benjamin Franklin, Thomas Jefferson, Rothschild, references to 
Congressional Record, etc. were what had impressed me in the link 
below.

> On Mon, 11 Nov 1996, Doug Renner wrote:

http://feustel.mixi.net/GOV/DEPTS/fedres.html

Is it an accurate statement that we are effectively paying the Fed 
interest on the currency we carry?

> 
> A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
> Associate Professor of Law |
> U. Miami School of Law     | froomkin at law.miami.edu
> P.O. Box 248087            | http://www.law.miami.edu/~froomkin
> Coral Gables, FL 33124 USA | It's warm here. 
> 

Or am I just making that common but incorrect assumption that 
unconstitutionality entails illegality?

Thanks for responding to this thread, Michael.  Your input is very much 
valued.

Regards,
IAJAT (just a taxpayer)
Doug





From stewarts at ix.netcom.com  Mon Nov 11 18:42:52 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Mon, 11 Nov 1996 18:42:52 -0800 (PST)
Subject: RSA and me...
Message-ID: <1.5.4.32.19961112024051.003c9d70@popd.ix.netcom.com>


>On Sun, 10 Nov 1996, Gemini Thunder wrote:
>> 'Lo.
>> Is the "RSA in 3 lines of Perl" a munition (under ITAR)?
>> What if I got it as a tatoo?  

Lucky replied
>Somebody did this. Check the RSA in perl homepage.

Furthermore, you'd be wasting pain, time, and money.
Perl5 makes it possible to do RSA in two lines of Perl :-)
And that'd leave room on your arm for the 3-line RC4!

If you want to leave the country with it, you might need
to register as an, um, international arms dealer...

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From jimbell at pacifier.com  Mon Nov 11 18:55:32 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 11 Nov 1996 18:55:32 -0800 (PST)
Subject: How many people killed by there own governments (Was: Re: a  retort + a comment + a question = [RANT])
Message-ID: <199611120255.SAA08586@mail.pacifier.com>


At 06:27 PM 11/11/96 -0500, Joseph M. Reagle Jr. wrote:
>>With regard to b), governments--primarily through the use of 
>>their militaries--have killed, by some counts 170,000,000, men,
>>women and children in this century alone.  Hardly the guardians
>>of freedom, in my opinion.
>
>	Do you have a breakdown of that number? I'm working on one of my thought
>experiments and am looking for the appropriate stats:
>
>
>o THUGS V. GOVS 
>  (during times of "modern" govts. 1800+)
>
>Deaths by Govts. on "own people"
>
>  US Civil War     x M
>  US Native Americans
>  Hitler: Jews     6 M
>  Hitler: Others   6 M
>  Stalin:         30 M
>  China: Cult Rev  x M
>  France: Rev      x M

Don't forget that the likely cause of the 1917 world-wide influenza pandemic 
was probably caused or greatly increased in seriousness by the WWI movement 
of soldiers, and the conditions at the front.    Had there been no war, 
there might still have been a very localized outbreak, but it would have 
been much less serious.

The estimate of 170 million seems a bit high, but not by much.  



Jim Bell
jimbell at pacifier.com





From teddygee at visi.net  Mon Nov 11 20:09:35 1996
From: teddygee at visi.net (Ted Garrett)
Date: Mon, 11 Nov 1996 20:09:35 -0800 (PST)
Subject: two bogus messages to this list
In-Reply-To: <Pine.BSF.3.91.961111182838.3985C-100000@mcfeely.bsfs.org>
Message-ID: <Pine.LNX.3.95.961111230028.1242C-100000@tgrafix.livesys.net>


On Mon, 11 Nov 1996, Rabid Wombat wrote:
>On Mon, 11 Nov 1996 attila at primenet.com wrote:
>
>> In <199611111238.GAA17346 at manifold.algebra.com>, on 11/11/96 
>>    at 06:38 AM, ichudov at algebra.com (Igor Chudov @ home) said:
>> 
>> .I did not write the two messages below. I did have a small party
>> .yesterday, probably some of my guests did that...
>>         just goes to proof it:  Microslop and Intel boxes are secure
>>     only when most of their parts are stored under lock and key.
>
>Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
>can be brought up in single-user mode and the root password changed by 
>anyone with physical access to the system. You could end up with even 
>more trouble than if someone messed with your M$ box.

Microsloth has, at the heart of it's system, a call which traps ALL
KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
placed inside of a DLL which most users would have no idea was loaded.
Even under NT, this DLL can be made to remain resident and trapping
Keystrokes, events, and window contents.

Does this just BEG to be exploited?

If you give me normal user access to ANY microsloth machine, I can
have most of the system's security broken down to NOTHING within a
week.  And I'm not even a good MS programmer!  <Are my prejudices
showing?>

At least under UNIX, you damned well know you have to secure your
system.  Microsloth attempts to sell itself as a secure platform.

---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
pgp-public-keys at pgp.mit.edu



-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00000.pgp
Type: application/octet-stream
Size: 463 bytes
Desc: "PGP signature"
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961111/97cd376c/attachment.obj>

From ph at netcom.com  Mon Nov 11 20:45:03 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Mon, 11 Nov 1996 20:45:03 -0800 (PST)
Subject: "Messer im Kopf"
Message-ID: <v02140b01aead9ffb76fb@[192.0.2.1]>


"Messer im Kopf" is a German film made in 1978 which I highly
recommend.  Roughly translated its title is "Knife in the Head".  It
has relevance to many of the issues we have been discussing.

In the late 1970s Germany was in a limited state of turmoil due to
fears of "terrorist" (1) groups, particularly the Baader-Meinhoff
gang.  Around this time a curious incident occurred.  The German
government had had some success in apprehending some gang leaders.  In
response, the others hijacked a Lufthansa jet and demanded that the
government release their friends.  Four of the leaders of the gang
then died in prison.  The government declared these deaths to be
suicides, but considerable doubt surrounds this claim.  The government
certainly wanted to discourage further hijacking experiments.  The
elimination of the gang leaders would certainly have sent a strong
message.  The logic is compelling.  On the other hand, it is not
inconceivable that the deaths were suicides intended to discredit the
government.

The Baader-Meinhoff gang popped up again in the late 1980s when they
were suspected of having murdered the banker Alfred Herrhausen.  (At
that time their name had changed, but I do not remember what it was.)
Their size was estimated to be about 20 active members with perhaps
3000 financial supporters. (2) Many other European trouble-making
groups of the 1970s were successfully penetrated and virtually
eliminated.  The Baader-Meinhoff gang stands out as one which
apparently solved this problem.  (It is interesting that infiltration
is the usual means of dealing with troublesome organizations.)

The motivations of the group are unclear to me.  It is widely assumed
in the media that they were (or are) communists, but I have seen it
suggested repeatedly that they were in fact sympathetic to the far
right.  (I haven't researched this.  I do not know how open this
question is.)

"Terrorist" groups are interesting in that they generally do not have
a known membership or location.  Certainly, this is germane to many
Cypherpunk discussions.

In the late 1970s the German government considerably extended its
surveillance and monitoring activities and was generally in a state of
alarm regarding terrorists.  Great effort was made to identify
everybody.  I can't say how much success they had in their stated
goals, but I would love to know as it relates to some of the ideas we
have been discussing.  I assume the "security" infrastructure is still
in place, which does not bode well for future German history.

The film is set in the late 1970s and addresses many of the issues
faced by Germans at that time.  The main character is a scientist who
is having marital troubles.  His life becomes more complicated when he
gets caught up in a scuffle the police are having with "suspected
terrorists".  He is shot - not knifed - in the head.  After a long
rehabilitation, he has no memory of what occurred.  Every other person
in the film attempts to use his ignorance for their own political or
personal ends.  More specifics would lessen your appreciation of the
movie.

More generally, you will see a portrayal of a society which is
disentegrating.  I found the police particularly alarming.  It is not
clear whether our own society is not on the same path.  Some will find
this heightens their interest.

The grimness of institutionalized behavior comes through very
strongly.  Nearly every character in the film is employed directly or
indirectly by the government.  The film itself was funded by the
German government.  Yet, it is surprisingly skeptical of the
government's role.

It should be noted that there are no real terrorists in the film.  The
police and the "suspected terrorists" are playing a game of "cops and
robbers" with the police holding the live ammunition.  Don't think
both sides don't both enjoy it!  This is perhaps the most worthwhile
aspect of the film.  While everybody else is playing games, the main
character is maimed, but the game goes on regardless.

Many of has have had long discussions involving the implications of
various technologies and how to effect the our kind of political
change in the world.  It is helpful to remember that real people are
involved.  The readers of this list are by no means the people who
would benefit most from this lesson.

"To win without fighting is best."  -- Sun Tzu(?)

That said, the film also gives a feeling for what it might be like to
operate in a hostile domestic environment.

The film is hard to get in the United States.  Last I heard, you could
rent it from a company in Chicago.  If there is sufficient interest,
it might be a good film for Cypherpunk Movie Night.  An invited
speaker who understands the film better than I do would be a
possibility.

Footnotes:
(1) These groups committed acts which are typically described as
"terrorist".  It is unclear what the term means.  When similar actions
are committed by established groups, the term "terrorism" is not
applied.  The term originated at the time of the French revolution
when some philosopher kings seized control of the government and
executed a number of VIPs.  The Economist published this excellent
article: http://www.economist.com/issue/02-03-96/sf1.html

(2) The IRA is said to have about 200 active members, which is an
indication of just how much trouble a small group of people can make
if they set their minds to it.

Disclaimer: Some of the facts above may be slightly wrong as I am
relying on memory.  The gist of the text should be correct.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Mon Nov 11 20:45:08 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Mon, 11 Nov 1996 20:45:08 -0800 (PST)
Subject: Sifting data; looking for "strong crypto"
Message-ID: <v02140b03aeada1e9eb07@[192.0.2.1]>


At 7:18 AM 11/11/1996, Mark Rogaski wrote:
>An entity claiming to be Murray Hayes wrote:
>:
>:
>: As far as bit patterns go, is executable code random?
>:
>: mhayes at infomatch.com
>:
>: It's better for us if you don't understand
>: It's better for me if you don't understand
>:                                              -Tragically Hip
>:

> Nope, any executable has the same text-data-stack structure.  Within the
> text segment, all instructions are (usually) of the same size with
> one to four possible formats.  Consider that every instruction will
> begin with one of ~128 opcodes, operands are pretty predictable depending
> on the opcode's associated format.  Any references to symbol and literal
> tables are within a predictable range, and the format of these tables
> is fixed.

> An assembled/linked program is going to be very far from random, same
> basic patterns are used for I/O, subroutine calls, iterative loops, etc.
> I would assume that the entropy of an executable binary is extremely low.

It has been my experience that executable code compresses well, so there
is empirical evidence that you are right.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Mon Nov 11 20:49:41 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Mon, 11 Nov 1996 20:49:41 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b06aeada4b1925d@[192.0.2.1]>


At 12:34 PM 11/10/1996, Adam Back wrote:
>Peter Hendrickson <ph at netcom.com> writes:
>>At 3:30 AM 11/9/1996, Adam Back wrote:
>>>Peter Hendrickson <ph at netcom.com> writes:
>>>> Where will you keep your secret key?  Remember, when they go through
>>>> your house they bring 20 young graduates from MIT who are just dying
>>>> to show how clever they are and save the world at the same time.

>>> Keep your secret key in your head.

>> I think this is hard to do in practice.  I have tried.

> You could probably keep a hashing function around plausibly, then you
> could do as usual and remember the passphrase and use the hash
> function to construct the actual key.

9 words selected from a pool of 25,000 has an entropy of about
131 bits.  I could probably remember that.

> If your stego techniques are any good, the feds will never get beyond
> that point.  They will then be left with the option of doing random
> `spot-checks'.  Having been on the cypherpunks list probably would
> increase your chances of having your system checked.

Yes, if things go sour, I doubt many cypherpunks will be practicing
cryptoanarchists.

>>> Your real challenge is keeping your stego programs safe.  Boot
>>> strapping a stegoed encrypted file system while leaving no stego code
>>> lying around isn't that easy.

>> Excellent point, especially since you don't have an encrypted virtual
>> disk.  Can anybody resolve this?

>>> rc4 in C:
>>>
>>> #define S,t=s[i],s[i]=s[j],s[j]=t /* rc4 key <file */
>>> unsigned char s[256],i,j,t;main(c,v)char**v;{++v;while
>>> (s[++i]=i);while(j+=s[i]+(*v)[i%strlen(*v)]S,++i);for(
>>> j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;}

>> (Under 3.3)  I would have a hard time memorizing these programs.  This
>> pretty much guarantees that the number of cryptoanarchists will be small.

> That program is optimised for size rather than ease of memorizing.

> RC4 is an elegantly simple algorithm, and I sumbit that you could
> remember it.  Barring that you could just leave around a few
> cypherpunks archives, or sci.crypt archives or whatever, and cut and
> paste it form one of my posts :-)

I am willing to accept that I can remember it.

> Because RC4 is a stream cipher, you shouldn't reuse the key.  However
> you shouldn't need to for this application.  You just use it to boot-
> strap the real code.

You are beginning to convince me.

>> (I am deeply envious of your legal right to post this code, however.
>> Now, why was it that we broke away from the Mother Country?)

>> I would like to see a longer exposition of your approach.  Given
>> a hostile environment, how would I operate a small anonymous perl
>> coding service using your techniques?

> Once you've bootstrapped to your cryptoanarchists toolkit, you can
> have anything you want, even a virtual TCP/IP layer, a hidden level of
> TCP/IP in stego data.  TCP/IP itself is a likely candidate for a stego
> carrier.  Non-predictable sequence nos are required to stop things
> like the spoofing attack, and so are perfectly plausible.

> Once we get to everyone having enough bandwidth, lots of people with
> permanent connections, lots of people using video conference software,
> audio, downloading feature length films, etc. there's no stopping
> crypto anarchy.  The LSbits in that lot would make a fairly responsive
> subliminal channel by todays standards.

I am finding this all very persuasive, although I am still suspicious
of stegonagraphy.

It would be cool to have an exact specification and working machine.

This might even be easy enough to operate that non-technical people
could learn how to do it, which implies that there could be large
numbers of practicing cryptoanarchists.

What we need is an experiment.  Let's pick a country with a near
police state and design a system so that people in that country
can freely and securely communicate with each other and the outside
world with minimal chance of arrest.  Once the system is available,
we can see if it succeeds in the field.  I'll leave others to
suggest the target.

>> Don't forget to tell me how I get paid and when I get to spend my
>> "ill-gotten" gains and how nobody will notice that I am doing it.

> You get paid in ecash, paid on the BlackNet bank.  You take a holiday
> to a tax-haven and get paid off by a getting "lucky" at a BlackNet
> affiliated casino.  The casino takes a their "currency exchange fee",
> and you get US$.  Translations into paper currencies, I'll admit are
> the weak link if you need paper currencies.

> However there are two ways to get anonymous electronic cash, either
> you start with anonymous electronic cash, or you add the anonymity
> afterwards via `privacy brokers', once there are a few dozen systems,
> and trillions flowing around using these systems, it's going to be
> hard to keep track of it all.

I still think the eventual payoff is a weak point, but it does make
me think that in order to stop cryptoanarchy, foreign travel and
foreign communication would have to be tightly controlled.  If
steganographic evidence is the only evidence that can be collected
(and RC4 is strong) then it would be necessary to give the authorities
great flexibility.  Which means that it is beginning to look more and
more like a bona fide police state as Tim suggested.

While payment is a weak point, there are many cryptoanarchic activities
that don't involve payment, such as participating in mailing lists,
which people may like to do even when their governments disapprove.

Anyway, you have certainly given me a lot to think about.  I still
have some doubts about safety from tempest attacks and the like,
but my basic claim that you can stop cryptoanarchy without full
deployment of a police state is looking weak to me right now.

Peter Hendrickson
ph at netcom.com







From ichudov at algebra.com  Mon Nov 11 20:54:26 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Mon, 11 Nov 1996 20:54:26 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <v03007801aead576335d0@[205.162.51.35]>
Message-ID: <199611120414.WAA22624@manifold.algebra.com>


Jim McCoy wrote:
> >Are there other measures which parents could take while their children are
> >young to get them off to a good start, privacy-wise?
> 
> Do not declare your children as dependants.  If you do then you are required
> to get a SSN for them, but if you are willing to waive the tax savings there
> is no requirement than children have a SSN.  Not having a handy universal
> index number like a SSN makes it a lot harder for people to accumulate
> statistics on your kids.

This is an interesting topic. I apologize if my questions are too trivial,
but here they are: 

	1) Can a person without an SSN have a credit record? Some
	   may say that a credit record is a bad thing to have,
	   but I am still interested in a possibility.
	2) Will private lenders (such as credit card issuers or
	   mortgage companies) agree to extend credit to a person
	   without an SSN or to someone who refuses to give out his SSN?
	3) Will the state issue a driver's license to someone who does not
	   have/does not wish to give out their SSN?
	4) Will states' police (where applicable) approve purchases of
	   firearms if purchasers do not state their ssn (misstating it
	   may be a crime) on an application?
	5) Employers are required to pay certain taxes and therefore
	   they, in my understanding, need to know their employees SSNs.
	   How can people get around that (unless they do not need to work)?
	6) Can someone without an SSN obtain various kinds of insurance?

It is my understanding that the law does not regulate use of social 
security numbers between private parties. Businesses are free to refuse 
to do business with someone who does not present them an SSN. In real 
life, how inconvenient is life of a privacy-concerned individual?

Say, John Anonymous is a young 15 years old who anticipates to become an
engineer and have a middle class life. He wants to get married, have
children, drive a car, obtain insurance, work at some big company,
travel around the world, invest in mutual funds or buy stocks, and so
on. Reliance on government help is not important to him, so he would not
apply for an SSN solely to get Social Security, welfare and such.

His parents are cypherpunks and did not obtain an SSN for John. How much 
effort would it cost him to live a life outlined above?

Thank you

	- Igor.





From froomkin at law.miami.edu  Mon Nov 11 20:54:45 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Mon, 11 Nov 1996 20:54:45 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.3.89.9611112333.B16991-0100000@skypoint-gw.globelle.com>
Message-ID: <Pine.SUN.3.95.961111234959.13077D-100000@viper.law.miami.edu>


On Tue, 12 Nov 1996, Doug Renner wrote:

> article nearly head-on.  However is it true that what you are saying is 
> that two fundamental premises in the article you refer to as "rabid" are 
> incorrect?  Namely:
> 
> "ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
> THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.

The above is a true statement.  Note however that "congress" cannot
operate the mint.  It must -- **MUST** -- delegate this duty to the
executive branch (or someone outside the legislative branch, cf. Chadha
v. U.S.) if it wants it done. Congress is free to select the type
of agent it wants to do this.  Indeed, if Congress chose to license
private mints, that would, IMHO be legal.  The point here is that the
states don't have the power to coin money.

> 
> "IN 1935 THE SUPREME COURT RULED THAT CONGRESS CANNOT CONSTITUTIONALLY
> DELEGATE ITS POWER TO ANOTHER GROUP. (Reference 22, P. 168)
> 

The above is so oversimplified as to be meaningless; anyway it's almost
certainly (mostly) wrong. It refers to a case that has never been followed
since.  There are many cases since that supply the necessary context.  I
discuss some of them in my article.  I discuss others in my student note
and in other articles availble from my homepage.

> Are these not correct?  Anyway, there were issues other than mere legality 
> discussed, including history & practicality.  Specifically, the quotes from 
> Benjamin Franklin, Thomas Jefferson, Rothschild, references to 
> Congressional Record, etc. were what had impressed me in the link 
> below.

Bah. "Mere legallity" indeed. 

> Is it an accurate statement that we are effectively paying the Fed 
> interest on the currency we carry?

No.  Unless by "effectively" you mean "during periods of inflation".  But
the currency can deflate too... e.g. in a depression. 

> Or am I just making that common but incorrect assumption that 
> unconstitutionality entails illegality?

No, I'm afraid you are making the common but incorrect assumption that
reading some part of one court case from the dustbin of history out of
context makes you a constitutional expert. 
> 
> Thanks for responding to this thread, Michael.  Your input is very much 
> valued.

You may feel differently as I get grumpier...

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | Great weather here. 






From postmaster at opennet.net.au  Mon Nov 11 20:58:30 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 20:58:30 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611112033.MAA11915@toad.com>
Message-ID: <199611120458.PAA07737@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 20:59:21 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 20:59:21 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.GSO.3.95.961111121025.1286N-100000@well.com>
Message-ID: <199611120459.PAA08022@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 20:59:53 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 20:59:53 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611120144.RAA16399@toad.com>
Message-ID: <199611120459.PAA08200@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:00:07 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:00:07 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611112300.PAA00754@miron.vip.best.com>
Message-ID: <199611120459.PAA08279@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:00:10 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:00:10 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611120144.RAA16388@toad.com>
Message-ID: <199611120459.PAA08296@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:00:11 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:00:11 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611120144.RAA16395@toad.com>
Message-ID: <199611120500.QAA08315@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:00:57 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:00:57 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611082058.MAA01697@abraham.cs.berkeley.edu>
Message-ID: <199611120500.QAA08447@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:01:40 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:01:40 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v03007800aead3ea8c260@[204.246.66.55]>
Message-ID: <199611120459.PAA08118@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:01:44 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:01:44 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <199611120501.QAA08648@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:02:56 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:02:56 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v03007801aead576335d0@[205.162.51.35]>
Message-ID: <199611120500.QAA08488@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:03:28 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:03:28 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <3283A25B.1D6E@ix.netcom.com>
Message-ID: <199611120500.QAA08600@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:04:04 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:04:04 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.GUL.3.95.961111155838.5269A-100000@Networking.Stanford.EDU>
Message-ID: <199611120503.QAA08913@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 21:05:06 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 21:05:06 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <9611082306.AA24281@su1.in.net>
Message-ID: <199611120500.QAA08585@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From ichudov at algebra.com  Mon Nov 11 21:30:38 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Mon, 11 Nov 1996 21:30:38 -0800 (PST)
Subject: two bogus messages to this list
In-Reply-To: <Pine.LNX.3.95.961111230028.1242C-100000@tgrafix.livesys.net>
Message-ID: <199611120454.WAA22994@manifold.algebra.com>


Ted Garrett wrote:
> Microsloth has, at the heart of it's system, a call which traps ALL
> KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
> placed inside of a DLL which most users would have no idea was loaded.
> Even under NT, this DLL can be made to remain resident and trapping
> Keystrokes, events, and window contents.
> 
> Does this just BEG to be exploited?

Also, permissions of many of the system binaries on NT 4.0 are
wrong.

	- Igor.





From postmaster at opennet.net.au  Mon Nov 11 22:11:19 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 22:11:19 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <gom9wD35w165w@bwalk.dm.com>
Message-ID: <199611120611.RAA10087@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 22:13:04 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 22:13:04 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <Pso9wD37w165w@bwalk.dm.com>
Message-ID: <199611120611.RAA10104@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 22:14:02 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 22:14:02 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <1.5.4.32.19961111203926.006af428@pop.pipeline.com>
Message-ID: <199611120613.RAA10600@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 22:14:44 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 22:14:44 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v03007803aead2dcf0204@[204.254.74.216]>
Message-ID: <199611120614.RAA10669@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From jim at santafe.arch.columbia.edu  Mon Nov 11 22:44:10 1996
From: jim at santafe.arch.columbia.edu (Jim Wise)
Date: Mon, 11 Nov 1996 22:44:10 -0800 (PST)
Subject: two bogus messages to this list
In-Reply-To: <Pine.BSF.3.91.961111182838.3985C-100000@mcfeely.bsfs.org>
Message-ID: <Pine.NEB.3.94.961112014731.25826A-100000@localhost>


On Mon, 11 Nov 1996, Rabid Wombat wrote:

> Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
> can be brought up in single-user mode and the root password changed by 
> anyone with physical access to the system. You could end up with even 
> more trouble than if someone messed with your M$ box.

This is far over-simplified.  Most BSD derived Unices provide the _option_
for single-user mode not to be password protected (depending on whether the
console is marked secure in /etc/ttys).  A few default to this behavior,
but on all it is either a configuration choice or a password is always
required (as it is in USG'ish unices).

--

				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From postmaster at opennet.net.au  Mon Nov 11 23:17:53 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 23:17:53 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611111831.KAA10148@toad.com>
Message-ID: <199611120717.SAA11709@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 23:35:34 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 23:35:34 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <199611120735.SAA12022@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Mon Nov 11 23:47:20 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Mon, 11 Nov 1996 23:47:20 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611111636.IAA31569@crypt>
Message-ID: <199611120746.SAA12233@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 00:06:16 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 00:06:16 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961111183435Z-2357@landru.novato.inference2.com>
Message-ID: <199611120805.TAA12499@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 00:11:08 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 00:11:08 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611111718.JAA31638@crypt>
Message-ID: <199611120811.TAA12561@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From tcmay at got.net  Tue Nov 12 00:27:20 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 12 Nov 1996 00:27:20 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <v03007800aeade37ef979@[207.167.93.63]>


At 8:26 AM -0800 11/11/96, Hal Finney wrote:

>I have two kids entering their teens, and I'm sure other list members are
>parents as well.  What can we do for our children to help them enter their
>adult lives with better chances to retain privacy?  Unicorn mentions keeping
>them absent from school on picture day, although I'm not sure how much this
>helps.  I suppose it makes it harder for an investigator to find out what
>they look(ed) like.  Then when they get old enough to drive you have a new
>problem avoiding the photo (and thumbprint) on the license.
>
>Are there other measures which parents could take while their children are
>young to get them off to a good start, privacy-wise?

I think there are two important domains of privacy to distinguish:

1. The mundane.

2, The political.

The mundane domain is what most people think of initially, Things like "How
do I keep my name out of the system?" Or the point about kids.

The fact is, hundreds of millions of names are obviously--and almost
unavoidably--in the mundane public sector. I say "almost unavoidably"
because driver's licenses and social security numbers are ubiquitous.

(Side note: Jim McCoy's suggestion that kids can be kept off the
parental-unit's tax returns and thus not get a SS number is fraught with
problems. Many schools--including public schools--use the SS number for
various internal and tracking reasons. Even if the kid is free of SS
numbers until he's a teenager--at a cost of thousands of dollars a year in
IRS deductions not taken--he'll essentially have to have an SS number in
his high school years, for a variety of reasons. Maybe this can be avoided,
but I doubt the reward is worth the hassles.)

The second category is that of the political domain. If a person can
separate himself from the comments he makes, as Alois^H^H^H^H^H Black
Unicorn has done, then it hardly matters--in an important sense--that his
True Name has a SS number on file somewhere.

This is an important distinction in discussing privacy, I think. If I had a
rug rat, I doubt I'd go to great lengths to avoid getting him or her an SS
number. If the Feds offered me a yearly savings of $1000 or more on my
taxes, I'd take it.

(Given that it's almost an inevitability that the kid would have to "enter
the system" at about the age where it really begins to matter, e.g, the age
at which he or she begins to have political beliefs.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From mhayes at infomatch.com  Tue Nov 12 00:41:35 1996
From: mhayes at infomatch.com (Murray Hayes)
Date: Tue, 12 Nov 1996 00:41:35 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611120841.AAA16334@infomatch.com>


On Fri, 08 Nov 1996 14:46:56 +0100, Matts Kallioniemi wrote:

>At 17:12 1996-11-07 -0800, jim bell wrote:
>>Simple analogy:  Suppose you put two people into a room with a deck of 
>>playing cards and a table, instructing "Person A" to build a house-of-cards, 
>>and telling "Person B" to stop him from achieving his goal.  Who do you 
>>think will win?  Obviously, the latter will win:  It's vastly easier to 
>>knock such a structure down than to build it in the first place,  and all 
>>"Person B" has to do is occasionally take a whack at the structure. 
>
>What if Person A is better armed? Could that change the outcome?
>
>
>

What if person A has a pack of chewing gum?


mhayes at infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip











From dthorn at gte.net  Tue Nov 12 00:45:00 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 12 Nov 1996 00:45:00 -0800 (PST)
Subject: Legal Deffinition of Encryption?
In-Reply-To: <v02140b02aeaba1c8961f@[192.0.2.1]>
Message-ID: <32882059.6826@gte.net>


Barry A. Dobyns wrote:
> Dale Thorn wrote:
> > Peter Hendrickson wrote:
> > > At 2:17 PM 11/9/1996, Mark M. wrote:
> > > >On Sat, 9 Nov 1996, Benjamin Grosman wrote:
> > > >> I have absolutely no idea: this is a very interesting problem. Not for just
> > > >> compression and encryption differention legally, but also, well, ANY other
> > > >> data form. If one defines a new format for saving data (i.e a new image
> > > >> format), and then exports this technology from the USA, is this exportation
> > > >> of munitions due to it's unknown qualities? Or what?

> > > > I can't define encryption, but I know it when I see it.

> > > They way it will be forbidden is by outlawing the execution of the
> > > algorithms.  The algorithms (the secure ones anyway) are well defined
> > > as is executing them.  The legal system has dealt with greater
> > > ambiguities than this.
> > > An analogy to the drug laws might be useful.  We don't outlaw all drugs
> > > that cause you to have weird visions and to act strangely.  That would
> > > be hard to define and would cover a number of legal drugs.
> > > Instead, the specific chemicals are forbidden as they are discovered.

> > I can see how the chemical/drug thing works, and I can see how they can
> > easily control Public Key (PGP) encryption, but if you are suggesting
> > that they can effectively eradicate private key encryption, that would
> > seem to be an impossibility.

> I don't think that an alert legisator will have any problems writing
> laws that cover whatever uses of cryptography they want to outlaw.
> (Finding an alert legislator might be more of a problem...)
> Consider this:  outlawing an algorithm is very similar to protecting
> it's use as intellectual property - which is what the Patent system
> in the US and most other countries is designed to do.  The description
> of "illegal" algorithms could be lifted directly from patents (both
> current AND expired, or if you're sufficiently paranoid, even from
> "refused" or ungranted applications) which apply to cryptography.

Do you assume that all useful algorithms are patented or copyrighted?
Would you further assume that executable encryption programs would have
to be resident on some particular media long enough (say, 30 seconds to
a few minutes) that agents who have just broken the door in will be able
to preserve either the source code or the executable code and take it
with them as evidence?

> Imagine the creation of a branch of your favorite Government, let's call
> it "Big Brother," whose job is to monitor patent applications worldwide
> for new crypto techniques solely for the purpose of branding them contraband.
> Not so different from some of the work the US FDA does.

I know that the FDA cracks down on what it terms "dangerous substances"
and "practicing (something or other) without an appropriate license",
but the folks it crashes in on are generally distributing herbs, vitamins,
and other goodies which wind up inside of people's bodies, so there is
a measure of legitimacy to their protections, if not to their methods.
Protecting people from ideas and algorithms which go into their minds is
feasible only when the ideas are complex enough and require sufficient
physical manipulations (designing and building a fusion bomb, for example)
as to make the implementor of such things quite noticeable.

> Note that the market lock that PKP/RSA has on public key encryption in
> the US is based on exactly this sort of algorithm protection, and if
> it's good enough to reign in unbridled capitolism, it'll be good enough
> for the Justice Department to litigate on.  In effect, since PKP holds
> all the patents on public key in the US, nobody else can use these
> techniques without paying PKP or their licencees.  Outlawing just those
> techniques which are embodied in the PKP patents would be sufficient to
> outlaw all public key encryption.

So the only possible Public Key encryption has all been designed and
patented, and there's no other algorithms that can be brought forth,
let's say, by someone who doesn't want a patent, but merely wants to
put the idea out into the public domain?

> Note that issues like "is the patent valid" usually hinge on whether the
> authors of the patent were indeed the originators of the idea.  In the
> case of outlawing the algorithms, it doesn't matter if the patent author
> was the originator or not, or even if the patent is valid, still current,
> or was intercepted when it was applied for and diverted to "Big Brother"
> instead of being granted.

I suppose if some angel were to float out a new Public-key algorithm onto
the Net, then there would automatically be an anti-angel (from the NSA?)
who would show that it was in fact patented, and had to be withdrawn?
My guess is, if they tried this too many times through legal channels,
in spite of all manner of legislation, there would be a backlash of
sufficient proportion to render their efforts less than useful.







From dthorn at gte.net  Tue Nov 12 00:45:11 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 12 Nov 1996 00:45:11 -0800 (PST)
Subject: Apology to Dale Thorn
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961111194442Z-2433@landru.novato.inference2.com>
Message-ID: <32882689.7B65@gte.net>


James A. Tunnicliffe wrote:
> Dale Thorn writes (in part):
> >I'm tending to think that, instead of using PGP for all encoding (even
> >though it may have multiple facilities for all situations), a message
> >could be encrypted with a good trusted private-key system or whatever,
> >then the private key encrypted with the Public Key software and sent
> >either separately or with the message.

> But you've described exactly what PGP does.  It encrypts the message
> with a "good, trusted private-key system" -- IDEA, which has undergone
> significant peer review, has a long-enough key (128 bits), and has
> exhibited no significant weaknesses or shortcuts to brute force (which
> is impossible, given the key length).  It then encrypts the IDEA session
> key that was used with the recipient's public key, and bundles the the
> IDEA-encrypted message and the RSA-encrypted session key (and
> optionally, a signed hash of the message) for delivery to the recipient.

I hope I'm not repeating this in more than one or two places, but the
idea originated as a way to verify PGP code, i.e., if one could verify
some minimal portion of it sufficient to send a small message (i.e., a
private key), one could then rely on his/her own favorite (and really
well verified) private key software to do the bulk of the encryption.

Relying on one software program (despite the hoopla) to "do it all" is,
in my book, a prescription for disaster.  The peer-review statements
notwithstanding, the PGP source code, at 60,000 or so lines, and without
a doubt way too complex for one individual and his/her closest trusted
associates to verify, cannot be trusted without a really clean rewrite,
using a heirarchical design of some sort, where all code is completely
consistent and well-annotated, broken into numerous small functions,
and is very easy to read and follow.

If you think the above can't be justified, as in the example that PGP
will have to be continuously updated in its central routines, so as to
maintain its "edge" in security, well, that would imply that its security
is seriously lacking if attacked by advanced hackers.

I know it may not be a perfect analogy, but remember the HSCA board review
from the late 1970's regarding certain forensics in the JFK case?  If I'm
not mistaken, the central points demonstrating conspiracy were upheld by
only one professional out of approximately 12, i.e., Cyril Wecht.

Now you're not going to convince any jury I know of that Oswald did it,
or did it alone, but getting past that and to the professionals who did
the reviews of certain evidence, it should be obvious that in cases where
there may be *very important* programs for which the public needs to be
convinced of this-or-that, the government-controlled institutions (i.e.,
the major universities) can come up with all the experts it needs to
convince people of this-or-that.  Some of these I know personally...







From dthorn at gte.net  Tue Nov 12 00:45:17 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 12 Nov 1996 00:45:17 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.SUN.3.95.961111094329.3168B-100000@viper.law.miami.edu>
Message-ID: <3288274E.6671@gte.net>


Michael Froomkin - U.Miami School of Law wrote:
> Instead of reading the rabid nonsense referred to in the previous post in
> this thread, try
> http://www.law.miami.edu/~froomkin/articles/reinvent.htm
> wherein it is revealed that (gasp!) the Federal Reserve is an independent
> federal agency, but that (private) federal reserve banks have five of the
> twelve votes (the rest belong to government officials) on the Open Market
> Committee, an important policy-setting body that has an influence over the
> money supply.  Incidentally, this practice was upheld in Melcher v.
> Federal Open Mkt. Comm., 644 F. Supp. 510 (D.D.C. 1986).

[snip]

Are the other 7 votes really "government officials" in the strictest sense,
with no significant ties to the banks?







From dthorn at gte.net  Tue Nov 12 00:45:27 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 12 Nov 1996 00:45:27 -0800 (PST)
Subject: ENT_ice
In-Reply-To: <1.5.4.32.19961111165503.006adfec@pop.pipeline.com>
Message-ID: <328829AD.4CA2@gte.net>


John Young wrote:
>    11-11-96. WaPo Page One:
>    "Preventing Terrorism: Where to Draw the Line? With
>    Militias, U.S. Adopts Preemptive Strategy"
>       This strategy requires aggressive and potentially
>       controversial tactics as investigators infiltrate groups
>       and bring charges on the basis of allegedly criminal
>       plans that are conceived but not carried out. Federal
>       agencies are more willing to launch investigations when
>       people talk about committing violent acts, and
>       investigators are more prone to use ordinary citizens as
>       informants.
>       According to legal experts, the mere discussion of a
>       crime, no matter how fanciful it may be, can constitute
>       a criminal conspiracy. "The classic example is that you
>       are guilty of a crime if you conspire with someone else
>       to stick pins in a voodoo doll in the belief that your
>       enemy will fall dead," said Albert Alschuler, a law
>       professor at the University of Chicago.

In 1968, while sitting at my desk in 144th Signal Battalion supply, I
consciously poked pins into a mock-up doll of the Battalion Sgt. Major,
while the E7 Battalion Supply Sergeant looked on in horror.

His name was Lovgren; was from Haiti or the Dominican Republic, as I recall.

A day or two later (can't be exact), said Sgt. Major was in the hospital
with anomalous stomach pains, which scared the shit out of the E7 Sgt.
What came of it?  Nothing I remember, except that the E7 hated the Sgt.
Major anyway (called him Hogjaw), so I guess he didn't care.  He did
insist I quit sticking pins into dolls, which was OK with me; it was
just something to experiment with.  All depends on who you line up with
in the end...







From dthorn at gte.net  Tue Nov 12 00:45:32 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 12 Nov 1996 00:45:32 -0800 (PST)
Subject: His and Her Anarchies
Message-ID: <32882C2D.4824@gte.net>


jbugden at smtplink.alis.ca wrote:
> "Timothy C. May" <tcmay at got.net> wrote:
> >Well, I think there clearly _is_ a gender gap on these sorts of issues.

> Technologies that matter make daily life less obnoxious, and you can leverage
> them all the time. The Net is going to start mattering in a significant way when
> it relieves people of the burden of dealing with the garbage inherent in the
> information flow of everyday life. The net is going to matter when I can rely on
> it to store the information I now keep on disk, and the computer is a completely
> transparent object. All the documents that are important to me are maintained by
> the Net with sufficient reliability that I can unplug my computer and smash it
> with a hammer without affecting anything.
> Under this scenario, strong, reliable crypto becomes similar to electricity. The
> entire infomration infrastructure is built on it, but hardly anyone gives it a
> second thought.
> What kind of people use the Net and what are their activities doing to the
> country, the world, the culture? It may sound like a parochial issue that women
> don't much like computers, but they don't, and the issue is a tremendously
> important one. They're not attracted to this world, certainly not to the extent
> that men are, and that's one of the reasons why it is such a spiritually
> impoverished world. Most reasonable sophisticated men are happier in an
> environment that included women. One of the problems with the computer society
> is that not only is it an almost all-male society, but it's part of a little-boy
> society, part of an ongoing infantilization of the society over the past half
> century.

Most heterosexual men claim to like women, but the claim is dubious on
the part of a large percentage of men, since they really like to mostly
do "boy things", i.e., follow sports, ride motorcycles, listen to "boy
music", etc., rather than hang out with women as just friends.

I think if people were really honest, they'd admit that, by and large,
men like men and women like women.  Simple enough, eh?







From dthorn at gte.net  Tue Nov 12 00:45:41 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 12 Nov 1996 00:45:41 -0800 (PST)
Subject: How many people killed by there own governments (Was: Re: a  retort + a comment + a question = [RANT])
In-Reply-To: <3.0.32.19961111182528.00a31d70@rpcp.mit.edu>
Message-ID: <328832AF.565B@gte.net>


Joseph M. Reagle Jr. wrote:
> >With regard to b), governments--primarily through the use of
> >their militaries--have killed, by some counts 170,000,000, men,
> >women and children in this century alone.  Hardly the guardians
> >of freedom, in my opinion.

> Do you have a breakdown of that number? I'm working on one of my thought
> experiments and am looking for the appropriate stats:

[snip]

> Deaths by Govts. on "own people"

>   US Civil War     x M  

As a war, not genocide per se, but you could include as many as 100 million
Africans killed in the slave trade, as long as the U.S. Park Police don't
get dibs on verifying the official count.  You might also include a large
number of Chinese "laborers" in the 1800's.

>   US Native Americans

When I was in school in the 1950's and 1960's, the schools said there were
no more than 3 million N.A.'s here circa 1600 or so.  The official count
remains controversial.  BTW, since Columbus, the Conquistadores, et al
gutted much of Central and South America, include them too.

>   Hitler: Jews     6 M
>   Hitler: Others   6 M

I wouldn't even bother with these two. The numbers are not that reliable,
the topic is still way too hot for open research even today, and besides,
all sides killed probably 100 million or better in WW2, most of them from
purely terrorist bombing.  The significance of the "Holocaust" should
not have been co-opted for commercial purposes as it has, but as they
say, wishing don't make it so.

>   Stalin:         30 M

30 million is the "low" count, probably includes "hard" purges and
identifiable political prisoners and very close associates, and perhaps
some family members.  Total unjustifiable non-war homicides on the part
of the Stalin government (while Stalin in charge) may be 65 million or
thereabouts.

>   China: Cult Rev  x M

Similar comments as above - unjustifiable homicides on the behest of the
Mao government (while Mao in charge) should be about 65 million.

>   France: Rev      x M

Don't know.

Comment: The Guiness World Records were at one time or another a source
for some of this info, as was their original sources.  Do expect to see
some disinformation thrown into the "real" documents.







From dthorn at gte.net  Tue Nov 12 00:45:44 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 12 Nov 1996 00:45:44 -0800 (PST)
Subject: His and Her Anarchies
In-Reply-To: <v03007802aead19eacee0@[207.167.93.63]>
Message-ID: <32883769.FB7@gte.net>


Timothy C. May wrote:
> At 12:50 PM -0500 11/11/96, jbugden at smtplink.alis.ca wrote:
> >"Timothy C. May" <tcmay at got.net> wrote:
> >>Well, I think there clearly _is_ a gender gap on these sorts of issues.

> >Technologies that matter make daily life less obnoxious, and you can
> >leverage them all the time. The Net is going to start mattering in a
> >significant way when it relieves people of the burden of dealing with
> >the garbage inherent in the information flow of everyday life. The net
> >is going to matter when I can rely on

> Well, in the 23 years I've been on the Net in one way or another, I can
> honestly say it is _increased_ my exposure to garbage. The notion that
> computers are time-savers is fraught with problems. For some tasks, it
> clearly is.
> But for other tasks and situations, it's a time sink. I view it primarily
> as a communications mechanism, e.g., lists like this, the Web, news, etc.
> Your mileage may vary.
> Notions that computers will be widely accepted because of their
> "time-saving" powers I file right next to claims that computers will be
> useful for storing recipes and balancing checkbooks.

Huh?  Just this year, I wrote a letter to an insurance company about
some bozo who hit my car, and thought he'd get away with it.
The computer allowed me to keep re-editing the letter until it was
perfected, which task would have been not feasible or simply would not
have been done manually, for what should be obvious reasons.
I won my case, and the other guy is suffering those nasty payments...
I even beat the CHP on that one....

Three to four years ago, I used my computer to edit my cover letters and
resumes, to perfect them, to send out to hundreds of potential employers,
which resulted in my getting the exact job I wanted (which now pays very
well), in spite of the fact that I started looking in L.A. just when the
riots commenced, at the same time that tens of thousands of "technical"
people were laid off from various defense contractors.

Of course, I used my computers to perfect certain computer skills (for
which I never went to College) which landed me a whole series of nice
jobs from 1979 through 1992, but that doesn't count, right?

I hesitate to admit this, but the bottom line is that the computer is
a tool that can give one person an advantage over another, for which
messaging and communications is just incidental.  Since we are in fact
an animal predator (as humans), I don't think you have to have a whole
lot of imagination to understand where that goes...






From ej at netit.be  Tue Nov 12 01:32:39 1996
From: ej at netit.be (Edouard Janssens)
Date: Tue, 12 Nov 1996 01:32:39 -0800 (PST)
Subject: unsubcribe
Message-ID: <v03007801aeade6d1ec11@[193.74.109.21]>


unsubcribe

--------------------------------------------
Edouard Janssens                 ej at netit.be
Net it be s.a.                  www.netit.be
Rue Tenbosch, 94
B-1050 Brussels        tel. +32 2 343 93 35
Belgium                fax. +32 2 343 04 05

 "There will be an answer, ... Net it be !"
--------------------------------------------







From postmaster at opennet.net.au  Tue Nov 12 01:44:19 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 01:44:19 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v02140b01aead9ffb76fb@[192.0.2.1]>
Message-ID: <199611120944.UAA13541@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From aga at dhp.com  Tue Nov 12 01:56:01 1996
From: aga at dhp.com (aga)
Date: Tue, 12 Nov 1996 01:56:01 -0800 (PST)
Subject: Money-making ideas for Igor Chudov
In-Reply-To: <Pso9wD37w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961112045010.17509B-100000@dhp.com>




On Mon, 11 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Mon, 11 Nov 96 12:22:48 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv at bwalk.dm.com>
> Reply-To: freedom-knights at jetcafe.org
> To: cypherpunks at toad.com
> Subject: Money-making ideas for Igor Chudov
> 
> "Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov at algebra.com> writes:
> 

algebra.com is a suspect domain.

> > manifold::~==>premail -t cypherpunks at toad.com
> > Chain: haystack;jam
> > Subject: I urgently need a lot of money.
> >
> > Please share your money-making secrets, I am in a desperate need
> > for cash.
> 
> For shame! Igor Chewed-off disgraces his Chewish Mommy by even asking. Isn't
> propensity for "gesheft" genetic? Here's another money-making idea for Igor:
> 
> Igor obtains a list of e-mail addresses of people interested in equity-related
> investments (e.g. by watching misc.invest.* and sending the posters / those who
> voted for their creation unsolicited e-mail; or by posting anonymous ads,
> inviting the readers to reply to a reply block in order to receive 3 free
> promotional issues of an investment advice newsletter; or even by starting up
> his own private financial derivatives mailing list). Igor divides the mailing
> list into 2^3=8 parts, and gives them exotic Russian-sounding names: Aleksej,
> Boris, Vasilij, Grigorij, Dmitrij, Elena, Zhenja, Zoya.
> 
> Igor then uses an anonymous remailer to spam everyone on his mailing list with
> the 8 variants of the following message: "Congratulations! You have won 3 free
> issued of the _Boris Investment Newsletter, published in Tulsa, Oklahoma, by a
> proud holder of a Master's Degree in Financial Engineering from the Moscow
> State University. I predict that within the next month Adobe stock will go up."
> 
> Instead of "Boris", Igor will substitute one of the 8 newsletter names; instead
> of Adobe, he can use any volatile stock that's as likely to go up as down; and
> the predicted stock price movement will be "up" in the first four newsletters
> and "down" in the other four.
> 
> One month later the stock in question is either up or down. Without loss of
> generality, suppose that it's gone down. Aleksej, Boris, Vasilij, and
> Grigorij's investment advice was wrong, they disappear from the face of the
> earth, and the former recipients of their newsletters don't get bothered any
> more. (Or they could be recycled for future scams; or they could be send the
> remaining 2 issues of worthless advice, as promised.) On the other hand
> Dmitrij, Elena, Zhenja, and Zoya guessed right, so this time they send out a
> new investment newsletter via the anonymous remailers:
> 
> "Congratulations! You continue to receive the free investment advice newsletter
> from Zoya in Tulsa, Oklahoma. Last month I correctly predicted that Adobe will
> have gone down. If you're smart, you've shorted Adobe's stock and made lots of
> money by now. This month I predict that Cisco will go _down as well."
> 
> Again, Dmitrij and Elena predict that some other volatile stock goes up, while
> Zhenja and Zoya predict that it goes down. Suppose D&E are right. Igor leaves
> the Zh.&Z. partitions alone. One month later D&E's subscribers get letter #3:
> 
> "Congratulations! You continue to receive the free investment advice newsletter
> from Elena in Tulsa, Oklahoma. Two months ago I predicted that Adobe would go
> down. I hope you sold it short. Last month I predicted that Cisco would go up.
> I hope you bought it. This month I predict that Lucent will go _up."
> 
> One month later one of the two is right, so its recipients get the fourth and
> final e-mail from an anonymous remailer, this time using a reply block:
> 
> "I've given you three free stock tips over the last 3 months which probably
> made you a lot of money. Now that you've seen my track record, you'll want to
> continue receiving my free advice, but the free promotion is over. Please send
> $20 in untraceable digital cash to this reply block to receive 6 future
> issues."
> 
> Quite a few people would risk the $20, but that would be the last they hear
> from Igor. :-)
> 
> (Alternatively, he can even e-mail 6 more issues of worthless advice to those
> who caughed up the $20, so they can't complain. It would be hard to prosecute
> Igor without proving that all 8 newsletters were published by the same person
> who's been giving contradictory advice to different people.)
> 
But what Law would you charge him with?
Unless you could prove his "intent" I see no way that you
could ever prove any case against him.


> "Credibility is expendable." - John Gilmore
> 

He just says that because he spent his.

> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

when we got the info that the Startronix was going to be late,
we sold STNX short at $1.03 ...

They are almost two months late; is STNX it a hoax?


-aga






From juriaan_massenza at ctp.com  Tue Nov 12 02:02:06 1996
From: juriaan_massenza at ctp.com (Juriaan Massenza)
Date: Tue, 12 Nov 1996 02:02:06 -0800 (PST)
Subject: Returned mail: User Unknown
Message-ID: <c=GB%a=_%p=CTP%l=TRABANT-961112100054Z-204@trabant_temp.nl.ctp.com>


I love bots...

>----------
>From: 	Open Net Postmaster[SMTP:postmaster at opennet.net.au]
>Sent: 	Tuesday, November 12, 1996 7:13 AM
>To: 	cypherpunks at toad.com; owner-cypherpunks at toad.com;
>cypherpunks-errors at toad.com
>Subject: 	Returned mail: User Unknown
>
>
>The address you mailed to is no longer valid.
>This is probably because the user in question was an
>old Open Net subscriber. Open Net is NO LONGER an ISP,
>and has not been since May 1996.
>
>We have no redirection address for that user. Please
>remove them from any mailing lists you might have.
>
>This response was generated automatically.
>
>





From bdolan at USIT.NET  Tue Nov 12 04:52:55 1996
From: bdolan at USIT.NET (Brad Dolan)
Date: Tue, 12 Nov 1996 04:52:55 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <Pine.GSO.3.95.961112075044.16750D-100000@use.usit.net>


For starters, don't get them a National ID, um, social security number.
I'm pretty sure that makes it a lot harder to put the dossier, um,
_profile_ together.

Brad

On Mon, 11 Nov 1996, Hal Finney wrote:

> Black Unicorn makes a lot of good points regarding privacy.  One thing
> I wanted to follow up on:

> 
> Are there other measures which parents could take while their children are
> young to get them off to a good start, privacy-wise?
> 
> Hal
> 






From jbugden at smtplink.alis.ca  Tue Nov 12 05:48:00 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Tue, 12 Nov 1996 05:48:00 -0800 (PST)
Subject: His and Her Anarchies
Message-ID: <9610128478.AA847817238@smtplink.alis.ca>



jbugden at smtplink.alis.ca wrote:
>Most reasonable sophisticated men are happier in an environment that >included
women.
 
Dale Thorn <dthorn at gte.net> wrote:
>I think if people were really honest, they'd admit that, by and large,
>men like men and women like women.
 
Well, ignoring the narcissistic overtones of your comment, and the fact that I
was quoting David Gelernter from Yale, I could point out the qualifier
"reasonably sophisticated" or the relative comparator "happier", but I think it
will suffice to say that an environment that included women may just include
your mother.
 
And wouldn't we all be happier with our mommy around?
 
Ciao,
James
 
You can fool all of the people some of the time, and some of the people all of
the time, but you can't fool mom.






From gary at systemics.com  Tue Nov 12 05:48:05 1996
From: gary at systemics.com (Gary Howland)
Date: Tue, 12 Nov 1996 05:48:05 -0800 (PST)
Subject: pgp3
Message-ID: <199611121348.OAA12869@internal-mail.systemics.com>


> Someone suggested to me that Derek posted a draft spec for PGP 3.0.
> Anyone know of the whereabouts of this document.

Yes.  That document has evolved to RFC 1991:

1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange  
           Formats", 08/16/1996. (Pages=21) (Format=.txt) 





From camcc at abraxis.com  Tue Nov 12 05:56:20 1996
From: camcc at abraxis.com (Alec)
Date: Tue, 12 Nov 1996 05:56:20 -0800 (PST)
Subject: Georgia Internet Law
Message-ID: <2.2.32.19961112135622.0067bdf4@smtp1.abraxis.com>


>X-Sender: rcostner at intergate.net
>Date: Tue, 12 Nov 1996 02:07:00 -0500
>Reply-To: Electronic Frontiers Ga Action Mailing List <ACTION at efga.org>
>From: "Robert A. Costner" <pooh at efga.org>
>Subject: Georgia Internet Law
>
>Here's some info on the HB1630 issue...
>
>>Return-Path: <jfaber at A.crl.com>
>>Date: Mon, 11 Nov 1996 19:32:13 -0800
>>From: Joe Faber <jfaber at A.crl.com>
>>Reply-To: joefaber at dwt.com
>>Organization: Davis Wright Tremaine

>>I have published an article on your case against the law in my firm's
>>First Amendment Law Letter, if you would like to link to it.  The
>>article can be found at
>>http://www.dwt.com/News/firstamendnews/regulation.html.
>>
>>Joe Faber

FYI--Internet law issues

Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc at abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             






From security at myinternet.net  Tue Nov 12 05:56:40 1996
From: security at myinternet.net (Eraser)
Date: Tue, 12 Nov 1996 05:56:40 -0800 (PST)
Subject: Kriegsman Furs Website hacked...
Message-ID: <199611121358.AAA13883@myinternet.net>



Hey all..

Another commercial hack.

http://www.kriegsman.com/ which is still live at this posting.

if it goes down, or is fixed, a mirror exists on
http://www.skeeve.net/kriegsman/

nicely done...

one for the furry creatures.

 -------------------------------------------------------------------
| Skeeve Stevens - MyInternet  personal.url: http://www.skeeve.net/ |
| email://skeeve at skeeve.net/   work.url: http://www.myinternet.net/ |
| phone://612.9869.3334/       mobile://0414.SKEEVE/      [753-383] |
 -------------------------------------------------------------------





From cmcurtin at research.megasoft.com  Tue Nov 12 06:09:45 1996
From: cmcurtin at research.megasoft.com (C Matthew Curtin)
Date: Tue, 12 Nov 1996 06:09:45 -0800 (PST)
Subject: Getting attention the old-fashioned way
In-Reply-To: <v03007808aead2c1a14b4@[207.167.93.63]>
Message-ID: <199611121402.JAA02948@goffette.research.megasoft.com>


>>>>> "Tim" == Timothy C May <tcmay at got.net> writes:

Tim> I sent him a note saying I would not give him such quotes.

I wonder if you're likely to have your refusal to give quotes quoted.

Tim> (methinks Vulis has a pretty strong latent
Tim> fixation, given his constant focus on certain topics and words).

Gee, I figured it was just a weak vocabulary.

Tim> Sad that journalists cater to this kind of thing. I guess
Tim> "personality pieces" are ever so much more popular than technical
Tim> pieces, or even careful explications of things like crypto
Tim> anarchy and the real implications of the tecnologies we are
Tim> involved with.

Sad, yes; surprising, no. It's been my experience that such things are
often dependant on the journalist's audience (i.e., is it a trade rag
like InfoWorld or the National Enquirier?) In any event, journalists
(and/or their publishers) aren't usually noted for doing things that
are interesting or important. Rather, they seem to have a preference
for writing and publishing what will sell. (Just as is the case with
TV talk shows, etc.)

What's worrysome is that the degenerates who concern themselves with
nonsense are numerous enough to make sufficient demand to keep the
mainstream press focused on such trivial matters, allowing more
significant things to go unreported outside of the small circles from
which they've originated.

It reminds me of something I saw on television while waiting for my
car to be serviced last week. A talk show was on (I think Jenny
Jones), and they brought on stage a woman who took her financially
troubled sister in. The man of the house (apparantly they were
unmarried, but had children together) ended up with the sister. During
the course of telling the story, they brought more and more of them
out, until they had all three people there in front of the
audience. Everyone on stage was yelling at each other, the audience
making judgemental comments to the people on the stage. I was
attempting to read, but the volume was so loud I couldn't help but be
distracted. A ridiculous commentary of the pathetic mentality of so
many people. (And some people actually wonder why my geek code
contains "!tv".)

-- 
Matt Curtin  cmcurtin at research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet





From security at myinternet.net  Tue Nov 12 06:12:33 1996
From: security at myinternet.net (Eraser)
Date: Tue, 12 Nov 1996 06:12:33 -0800 (PST)
Subject: ASIO encryption ?
In-Reply-To: <2.2.32.19961104002900.00926724@healey.com.au>
Message-ID: <199611121413.BAA13979@myinternet.net>


> 
> Dear All,
> 
> Does anyone happen to know what encryption methods, algorithms, or
> procedures ASIO (Australian Secret Intelligence Organisation) uses? Any
> information regarding ASIO's methods, cryptographic or otherwise, would be
> appreciated.
> 

Expect a visit idiot.

 -------------------------------------------------------------------
| Skeeve Stevens - MyInternet  personal.url: http://www.skeeve.net/ |
| email://skeeve at skeeve.net/   work.url: http://www.myinternet.net/ |
| phone://612.9869.3334/       mobile://0414.SKEEVE/      [753-383] |
 -------------------------------------------------------------------





From postmaster at opennet.net.au  Tue Nov 12 06:21:34 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 06:21:34 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v03007801aeade6d1ec11@[193.74.109.21]>
Message-ID: <199611121421.BAA16098@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From jya at pipeline.com  Tue Nov 12 06:25:20 1996
From: jya at pipeline.com (John Young)
Date: Tue, 12 Nov 1996 06:25:20 -0800 (PST)
Subject: Enabling Electronic Commerce
Message-ID: <1.5.4.32.19961112142327.006973b0@pop.pipeline.com>


Would anyone know of a source for the "Enabling Electronic
Commerce" paper listed below? The hyperlink gave a 404 but
identified the document as "iiicecom.htm."

----------

http://www.x3.org/itic/961031.htm  [Excerpt]


World's Leading IT Industry Associations Reach Accord On
Global Information Society Policy Issues


October 31, 1996, Napa, California� The world's leading information 
technology industry associations completed work today on policy 
recommendations to stimulate the realization of a Global Information 
Society. 

These recommendations, or common views papers, were adopted 
by the group at the conclusion of this week's International 
Information Industry Congress (IIIC) in Napa Valley, California. 
They cover the following issues: 

Enabling Electronic Commerce -- discusses the requirements for 
successful international electronic commerce:

     cryptography policy; 
     acceptance of electronic proofs; 
     digital signatures; 
     and electronic contracts and receipts. 

[Snip balance of document]






From postmaster at opennet.net.au  Tue Nov 12 06:26:50 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 06:26:50 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611121358.AAA13883@myinternet.net>
Message-ID: <199611121426.BAA16179@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From rah at shipwright.com  Tue Nov 12 06:39:29 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 12 Nov 1996 06:39:29 -0800 (PST)
Subject: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <v0300780caeae3069d6ec@[206.119.69.46]>


At 8:02 pm -0500 11/11/96, Rich Graves wrote:
>> Given this, and, of course, our own fun and games with anonymous, er,
>> slander, on this list, I'm frequently tempted to agree with him.
>
>You people are wimps. The only real effect of the good doctor's rants
>has been, as Mr. May indicated, to get the good doctor on the "don't
>hire" list.

Sorry. I wasn't clear. My tongue was planted firmly in cheek there. I'm
"frequently tempted" in the same way I'm "frequently tempted" to rip
someone's head off and shit down their neck.

>You get off your ass and find out directly.
>
>How about if you know exactly who it is, but you know him to be
>judgement-proof, since he's already saddled with over $12 million in
>libel and wrongful-death suits? It's called "reputation capital."

See above. You're preaching to the choir here...

>People are just going to have to be smarter than they've ever been. The
>Net enables sharing and verifying real information just as it enables
>disinformation. Sure disinformation will always be cheaper to produce
>and more appealing to the eye (fact is harder to accept than fiction
>because fictional plots are written to make sense), but disinformation
>tends to cancel itself out.

I agree, but, I think that, in the long run, disinformation may cost more.
Lying always involves more work, and thus cost, than telling the truth. In
order to support a lie you have to keep weaving a coherent tissue of other
lies around the original lie to support it, all of which makes the original
lie more and more non-plausible. In other words, the more "resolution" you
get on a lie, the more it looks like a lie. Maybe that's the "cancel itself
out" you're talking about. Of course, that implies critical thinking on the
part of the listener, or at least access to critical information, which is
what the net provides at a cheap price, like you said. So, maybe what we're
saying here is that disinformation costs more than information, but if
disinformer has more money, or at least communication resources, it'll be
believed. On a geodesic network, this is much harder, because centralized
nodes choke on their information load, and can't spread lies as cheaply as
they can on a hierarchically controlled communication network, like
broadcast, or even print, media.

>Work on archives, reputation control, and openness. Disinformation, to
>be truly effective, requires a monopoly on information. More speech, not
>less.

Right.

>(Keep in reserve the retort that anonymity is quite big in "the
>mainstream," too. How many key stories cite "well-placed
>administration sources"?)
>
>The opposite of the Black Unicorn approach to nym safety is the Liz
>Taylor approach: "As long as they spell my name right, I don't care."
>Nobody I care about is going to listen to some crank, or if they do,
>they'll email me to check the facts, or if they don't, I have
>alternative outlets for information. As long as I live in a free country
>with a free Internet, they can't touch me.

Say 'amen' somebody. Reputation is reputation, nym or not. However, nyms
allow something very important. Since the net enables reputation to persist
(functionally) forever, nyms allow you to "start over", much in the same
way that geographic frontiers have functioned historically.

The paradox of ubiquitous network computing is it takes away privacy by
creating persistant information accessable to anyone, while at the same
time creating perfect pseudonymity and thus new reputation.

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From juriaan_massenza at ctp.com  Tue Nov 12 06:58:21 1996
From: juriaan_massenza at ctp.com (Juriaan Massenza)
Date: Tue, 12 Nov 1996 06:58:21 -0800 (PST)
Subject: Returned mail: User Unknown
Message-ID: <c=GB%a=_%p=CTP%l=TRABANT-961112145705Z-259@trabant_temp.nl.ctp.com>


Looking at the To: line looks to me like a smart ass more that a genuine
"unknown user" reply...



>----------
>From: 	Open Net Postmaster[SMTP:postmaster at opennet.net.au]
>Sent: 	Tuesday, November 12, 1996 9:11 AM
>To: 	cypherpunks at toad.com; owner-cypherpunks at toad.com;
>cypherpunks-errors at toad.com
>Subject: 	Returned mail: User Unknown
>
>
>The address you mailed to is no longer valid.
>This is probably because the user in question was an
>old Open Net subscriber. Open Net is NO LONGER an ISP,
>and has not been since May 1996.
>
>We have no redirection address for that user. Please
>remove them from any mailing lists you might have.
>
>This response was generated automatically.
>
>





From dvv at sprint.net  Tue Nov 12 07:21:21 1996
From: dvv at sprint.net (Dima Volodin)
Date: Tue, 12 Nov 1996 07:21:21 -0800 (PST)
Subject: Kriegsman Furs Website hacked...
In-Reply-To: <199611121358.AAA13883@myinternet.net>
Message-ID: <199611121520.KAA05655@mercury.int.sprintlink.net>


Moron. A crack is a crack is a crack - disgusting as it is. And the
hypocrisy about the hard life of sysadmin is absolutely disgusting.  No
matter whether it is for furry creatures, centipedal creatures or for
defenceless baby carrots.


Dima

Eraser writes:
> 
> Hey all..
> 
> Another commercial hack.
> 
> http://www.kriegsman.com/ which is still live at this posting.
> 
> if it goes down, or is fixed, a mirror exists on
> http://www.skeeve.net/kriegsman/
> 
> nicely done...
> 
> one for the furry creatures.
> 
>  -------------------------------------------------------------------
> | Skeeve Stevens - MyInternet  personal.url: http://www.skeeve.net/ |
> | email://skeeve at skeeve.net/   work.url: http://www.myinternet.net/ |
> | phone://612.9869.3334/       mobile://0414.SKEEVE/      [753-383] |
>  -------------------------------------------------------------------
> 






From camcc at abraxis.com  Tue Nov 12 07:53:50 1996
From: camcc at abraxis.com (Alec)
Date: Tue, 12 Nov 1996 07:53:50 -0800 (PST)
Subject: What is: Returned mail: User Unknown
Message-ID: <2.2.32.19961112155353.00686588@smtp1.abraxis.com>


>Date: Tue, 12 Nov 1996 18:17:40 +1100
>To: mianigand at outlook.net, cypherpunks at toad.com
>To: owner-cypherpunks at toad.com
>To: cypherpunks-errors at toad.com
>References: <199611111831.KAA10148 at toad.com>
>X-Loop: postmaster at opennet.net.au
>Subject: Returned mail: User Unknown
>From: Open Net Postmaster <postmaster at opennet.net.au>
>Sender: owner-cypherpunks at toad.com
>
>
>The address you mailed to is no longer valid.
>This is probably because the user in question was an
>old Open Net subscriber. Open Net is NO LONGER an ISP,
>and has not been since May 1996.
>
>We have no redirection address for that user. Please
>remove them from any mailing lists you might have.
>
>This response was generated automatically.

I have received about 20 of these messages. Anyone else with this problem?

 
Cordially,

Alec                   

PGP Fingerprint:

pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc at abraxis.com>
Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             






From ph at netcom.com  Tue Nov 12 07:54:30 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Tue, 12 Nov 1996 07:54:30 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
Message-ID: <v02140b0caeae43e8fb97@[192.0.2.1]>


At 11:57 PM 11/11/1996, "Michael Froomkin - U.Miami School of Law"
<froomkin at law.miami. wrote:
> On Tue, 12 Nov 1996, Doug Renner wrote:
>> article nearly head-on.  However is it true that what you are saying is
>> that two fundamental premises in the article you refer to as "rabid" are
>> incorrect?  Namely:

>> "ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
>> THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.

> The above is a true statement.  Note however that "congress" cannot
> operate the mint.  It must -- **MUST** -- delegate this duty to the
> executive branch (or someone outside the legislative branch, cf. Chadha
> v. U.S.) if it wants it done. Congress is free to select the type
> of agent it wants to do this.  Indeed, if Congress chose to license
> private mints, that would, IMHO be legal.  The point here is that the
> states don't have the power to coin money.

During the Free Banking Era, banks and companies issued their own
dollars.  I believe that at that time the dollar was defined in
terms of a certain weight of gold.

The value of any dollar you might be holding was related to the
level of confidence in the institution that issued it.  Books were
published which recorded the "exchange rate" between each kind of
dollar.

This is very similar to Congress licensing private mints.

Peter Hendrickson
ph at netcom.com







From stevenw at best.com  Tue Nov 12 07:55:42 1996
From: stevenw at best.com (Steven Weller)
Date: Tue, 12 Nov 1996 07:55:42 -0800 (PST)
Subject: More snake oil: ENIGMA
Message-ID: <v0300780daeae49989465@[206.86.1.35]>



Seen on usenet. I'm not currently subscibing to the list, so I hope it's
not old news.

----------------------------------->8--------------------------------

Can You KEEP a SECRET?

Doctor? Lawyer? Accountant? Executive? Or even Politician? -- you know
there is some information your clients don't want to fall into public
hands. Can you
keep a secret? They want you to. Let's face it, you want to keep some
things a secret as much as they do!

Now you can. Now there is an unbreakable version of ENIGMA which is so
easy to use that a child can send messages the CIA can't break.

Perhaps you remember the original version of ENIGMA used so successfully
by the Germans during World War II. Hundreds of cryptologists worked for
thousands of
hours to unscramble the secret orders being flashed openly over the air
waves by the Germans. In the end, allies cracked the code only by
stealing one of the machines.

With ULTRA ENIGMA 2.0 stealing the machine won't do your enemies any
good at all. First, the New ENIGMA is a thousand times more complex. Yet
it only takes a matter of minutes for you to lock up whole directories
of your secret files securely. Then your secrets are safe. They are
secure, Now and Forever.

Your secrets are safe because there is no place for cryptologists to
begin, no way they can tell which part of the code is part of the secret
and which part is garbage, no way of telling if the file is long, or
short, or a drawing, or a picture, and it might even be in a foreign
language for all they know. Yes, the new ENIGMA really can encode
drawings, pictures, X-Rays and absolutely anything else you can put into
a computer. Can You keep a Secret? With ENIGMA you can... ENIGMA is so
secure that not even the producers can crack your secrets open.

ENIGMA is seamless. Nobody can crack the codes you set but you. Now
that's a Secret you can tell everybody! Your clients will be glad to
hear it, and you'll
sleep better knowing it is true.

Let us spill out the Secret Details of ENIGMA for you to examine. Take
just a moment to glance through our pages. We'll show you how it works,
and explain why it works. Then,
especially for Governments and other high risk situations,, we reveal
why even the weak link, (knowing the encoder) can be eliminated with a
Fortune Cookie blindly selected from a randomly available jar with
thousands of cookies shuffled back and forth at the company. Think about
it;, if YOU don't pick the keys, how can ANYONE guess which keys You
Pick? And we are sorry, but NO... the company won't have any idea which
keys you pick either..! -- Think of it this way, some things are best
kept a secret between you and you. As an added bonus, we'll also show
you some other professional ways you can guard your secrets.
http://www.enigma-co.com will bring you to our front page.
                            ENIGMA
                       5525 McMurtrey Drive
                North Little Rock, AR 72218-5248

                          For Support use these numbers
                            http://www.enigma-co.com
                      Phone (501)758-8040 8am-10pm CST
                              Fax (501) 758-8016

             All our sales are maintained by WorldWide Sales Depot
                    So,,, For Foreign Dealership information,
                  Sales and Orders .... use these special numbers

                               104344.2000 at compuserve.com
                   Fone: (401) 945-4262 ** FAX: (501) 945-4203

Sales literature, web page design and layout � copyright 1996 by
WorldWide Sales Depot
--
"Arkansas Showcase" lists the major links, features, fotos, and fun you
can have
 outside on the run in Arkansas. Drop by and sign my guestbook posted at
http:www.cris.com/~Talewins

-------------------------------------------------------------------------
Steven Weller  stevenw at best.com

  "There was really no reason why we did anything the way we did. But, of
course, there was a reason why we did things for no reason at all".
                                                         -- Michael Palin







From sunder at brainlink.com  Tue Nov 12 08:10:55 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Tue, 12 Nov 1996 08:10:55 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <c=GB%a=_%p=CTP%l=TRABANT-961112100054Z-204@trabant_temp.nl.ctp.com>
Message-ID: <Pine.SUN.3.91.961112111038.16617B-100000@beast.brainlink.com>



On Tue, 12 Nov 1996, Juriaan Massenza wrote:

> I love bots...

I wish people would smarten up the bots and not spam more than one reply 
to each address.  Sheesh!

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder at sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================






From ota+ at transarc.com  Tue Nov 12 08:15:15 1996
From: ota+ at transarc.com (Ted Anderson)
Date: Tue, 12 Nov 1996 08:15:15 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <199611101939.LAA13170@netcom4.netcom.com>
Message-ID: <wmW_81eSMV0=1A_040@transarc.com>


-----BEGIN PGP SIGNED MESSAGE-----

"Vladimir Z. Nuri" <vznuri at netcom.com> writes:
> it seems to me the main proponents of "cryptoanarchy" tend to suggest
> a government structure is a completely useless construction. perhaps
> so but they would end up erecting othre systems to deal with the
> void they might not call "govt" but would have most of the features
> of one, imho. something "govtlike" is a measure of a civilized society,
> imho, hence my distaste in cryptoanarchy with its seeming naivete
> on the legitimate and crucial role of govt in a society. the specifics
> may vary between implementations, but imho in general something
> "govtlike" is crucial to civilized society.

This concluding paragraph got me to thinking of something I read
recently in "Bionomics" [1] about the public education problem.  The
point being made there is that injecting even a little real competition
into a monopoly situation improves things tremendously.  It is the
counter argument to the objection that allowing students choice of
schools will destroy the majority, as the "good" kids flee.  What will
happen instead is that most schools, seeing imminient flight, will take
measures to avoid losing students (and taking their tuition with them).
A few, that really can't adapt in time, fail and their students are
forced to seek other schools.  The result is that all schools, even
"public" schools improve dramatically.

It seems to me that the government as a whole may be subject to this
same force.  If cryptoanarchy can inject even a little real competition
into the business of government (in the "providing services crucial to a
civilized society" sense) it may succeed, even if few people actually
use bona fide cryptoanarchical tools.  If this is true, we can expect
existing government organizations to try to improve to avoid extinction
(some will doubtless try other things besides improvement).  Perhaps the
US Postal Service is a leading indicator of this process.  This suggests
that the transition to cryptoanarchy may be rather gradual and peaceful
after all.

Ted Anderson

I'm still behind on cypherpunks, so apologies if this response is dated.

[1] http://www.bionomics.org/text/resource/biobook.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoihwwGojC9e/wyBAQHcJAQAoFO3a/kNxlp30A1CUTxKNoLgKPtATTp/
jYpqpeq29oh4195OvIIUVzx8DUyZgmdVJEtfPakatDuXsVPMwab18BriI7AJeq0u
1w43jimazlKCbbKFT9ZanzpJlohVxvsNlL132o7jq/4SHDnS0py3tIr/4HY0nUoL
dKh0avqHGeo=
=TIIL
-----END PGP SIGNATURE-----





From vince at web.wa.net  Tue Nov 12 08:20:58 1996
From: vince at web.wa.net (Vince Callaway)
Date: Tue, 12 Nov 1996 08:20:58 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <Pine.LNX.3.93.961112081635.2801B-100000@web.wa.net>


> 
> Are there other measures which parents could take while their children are
> young to get them off to a good start, privacy-wise?

Every couple of months I one of my kids brings home a form from school
asking everything from how many kids in the family, how much money do I
make, do we own our home and other things that have nothing to do with
educating my children.

At first I just pitched them, but then they started getting on my kids for
not returning them.  When they did that I went to the school and demanded
to see a background history and credit report on every school employee who
came in contact with my child.  They refused sighting privacy etc...  I
told them I had the same rights and to stop hasseling me with their little
forms.








From Ryan.Russell at sybase.com  Tue Nov 12 08:33:52 1996
From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE)
Date: Tue, 12 Nov 1996 08:33:52 -0800 (PST)
Subject: two bogus messages to this list
Message-ID: <9611121632.AA26619@notesgw2.sybase.com>

All computers have software which capture keystrokes
in a central way....we call them "keyboard drivers."

Any machine you have physical access to can 
be compromised.

    Ryan

---------- Previous Message ----------
To: wombat
cc: attila, cypherpunks, ichudov
From: teddygee @ visi.net (Ted Garrett) @ smtp
Date: 11/11/96 11:08:59 PM
Subject: Re: two bogus messages to this list


On Mon, 11 Nov 1996, Rabid Wombat wrote:
>On Mon, 11 Nov 1996 attila at primenet.com wrote:
>
>> In <199611111238.GAA17346 at manifold.algebra.com>, on 11/11/96 
>>    at 06:38 AM, ichudov at algebra.com (Igor Chudov @ home) said:
>> 
>> >.I did not write the two messages below. I did have a small party
>> >.yesterday, probably some of my guests did that...
>>         just goes to proof it:  Microslop and Intel boxes are secure
>>     only when most of their parts are stored under lock and key.
>
>Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
>can be brought up in single-user mode and the root password changed by 
>anyone with physical access to the system. You could end up with even 
>more trouble than if someone messed with your M$ box.

Microsloth has, at the heart of it's system, a call which traps ALL
KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
placed inside of a DLL which most users would have no idea was loaded.
Even under NT, this DLL can be made to remain resident and trapping
Keystrokes, events, and window contents.

Does this just BEG to be exploited?

If you give me normal user access to ANY microsloth machine, I can
have most of the system's security broken down to NOTHING within a
week.  And I'm not even a good MS programmer!  <Are my prejudices
showing?>

At least under UNIX, you damned well know you have to secure your
system.  Microsloth attempts to sell itself as a secure platform.

---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
pgp-public-keys at pgp.mit.edu









-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i

iQEVAwUBMof4ac1+l8EKBK5FAQHyHQf7BpV8GBB7EEazflFHoTjsUgBrayH9ibCb
IBYWUqiftuviG7TdKMg/Sj3eh69O9iMqah5lZR0bvpKZqFbeNgbMRGHnytjGvk5z
cmJUQaPgNYupZlLdg0bfbnaNyjJzUYTpNIuNX/fvwUwYQDKtXquTqcoMvWl0tFSI
N0PaiZEj5gsRbNCiJ15Uuzpwxn+FtYhwq92bWCWmSqLkpgn1FbC0PwzmKoEcrHpW
hYICm0LLS5Pp9y846SNEcANOP66/VfAL1pMsiBCL0tLxBa+K/UcB6xnutApQ4K0P
DeMkhqw3Z6fQVBAnJFGsrVJaXOvvtPdH1Lbwo1eIutbqyAaFU2FVGQ==
=dru/
-----END PGP SIGNATURE-----






From nobody at cypherpunks.ca  Tue Nov 12 08:36:46 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 12 Nov 1996 08:36:46 -0800 (PST)
Subject: "Nightmare on Crypto Street--the Return of Sun Devil"
Message-ID: <199611121619.IAA00293@abraham.cs.berkeley.edu>


Peter Hendrickson wrote:

< snip >

... the more we can erode the barriers between code and language,
>the stronger the case is that laws governing code are violations of
>the First Amendment.  What if you had a compiler that accepted English
>language instructions for how to build a crypto system?  "Take a
>random number 64 bits long.  Then find a prime which is a little
>larger.  Then...."  The language itself should remain protected by the
>First Amendment even if somebody else has a compiler which can turn it
>into software.

Agreed, and this is happening (slowly). Some have said that "cypherpunks
spread crypto" is a better motto than just "cypherpunks write code," for
this reason and because it covers broader ground, although coding will
always be essential to any of the other cypherpunk efforts in the end.
Theres a lot of talent on this list, despite a few nuts mixed in.

>Another conclusion we can draw is that cryptoanarchy is more of a
>political issue than many of us would like.  That means we might put
>more effort into public opinion than just straight coding.  (Tim may
>claim otherwise, but I think he agrees with this in practice.)

Distasteful, but probably true.

>It may also be that the "bad boy" image of the Cypherpunks is
>counterproductive to our goals.

I'm not sure it's so bad, among the better educated anyway.








From jltocher at earthlink.net  Tue Nov 12 09:08:20 1996
From: jltocher at earthlink.net (John L. Tocher)
Date: Tue, 12 Nov 1996 09:08:20 -0800 (PST)
Subject: ENT_ice
Message-ID: <3.0.32.19961112090752.006a9688@earthlink.net>



John L. Tocher                THE CITY-a bounded infinity.   A labyrinth where
JLTocher at Earthlink.net        you are never lost. Your private map where every
PGP:  CE 72 1A 11 07 47 35    block bears exactly the same number. Even if you
35 9A C1 DE EA 64 21 BC 94    lose your way, you cannot go wrong.   --Abe Kobo





From postmaster at opennet.net.au  Tue Nov 12 09:32:55 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 09:32:55 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v03007800aeade37ef979@[207.167.93.63]>
Message-ID: <199611121732.EAA18904@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From declan at well.com  Tue Nov 12 09:33:47 1996
From: declan at well.com (Declan McCullagh)
Date: Tue, 12 Nov 1996 09:33:47 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
Message-ID: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>


The Netly News
http://www.netlynews.com/
November 11, 1996

Cypher-Censored
By Declan McCullagh (declan at well.com)
                                       
       The cypherpunks mailing list, so legend goes, coalesced around two
   principles: the dissemination of strong encryption and an absolute
   commitment to free speech. It was a kind of crypto-anarchist utopia:
   Here was a place where anonymity was encouraged and PGP-signed
   postings were the norm -- and nobody seemed to be in control.
   
       That is, until recently, when Dimitri Vulis was given the boot.
   After he refused to stop posting flames, rants and uninspired personal
   attacks, Vulis was summarily removed from the mailing list.
   
       Now, normally, when someone gets evicted from a mailing list, it
   excites little attention. But here was an ironic -- some would say
   momentous -- event: The list is run, after all, by John Gilmore, the
   EFF cofounder, a cypherpunk god who is famous for having once said
   that the Internet interprets censorship as damage and routes around
   it. And it was none other than Gilmore who gave Vulis the boot. The
   shunning of Vulis was "an act of leadership," Gilmore said.
   
       Thus began a debate over what the concept of censorship means in a
   forum devoted to opposing it. Did Gilmore have the right to show Vulis
   the virtual door? Or should he have let the ad hominem attacks
   continue, encouraging people to set their filters accordingly? The
   incident raises deeper questions about how a virtual community can
   prevent one person from ruining the forum for all and whether only
   government controls on expression can be called "censorship."
   
        Vulis, a 31-year old Russian emigre who completed a PhD in
   mathematics last year at the City University of New York, is described
   as sociable, even friendly, by people who have met him. Online,
   though, he's almost notorious. His .sig file, for instance, proudly
   points out that he's a former Kook of the Month; Vulis was also a
   Net-legend and even has the alt.fan.dimitri-vulis newsgroup named
   after him.
   
       Vulis portrays himself as a victim, but as I posted to the list
   last week, I disagree. Anyone who's spent any time on the
   100-plus-messages-a-day list can read for themselves the kind of nasty
   daily messages that came from Vulis's keyboard. The list is on
   Gilmore's machine and he can do what he wants with it; he can moderate
   the postings, he can censor material, he can shut the whole thing
   down. By kicking off an offending user, a list owner merely exercises
   his property right. There's no government involvement, so the First
   Amendment doesn't apply. And the deleted, disgruntled user is free to
   start his own mailing list with different rules.
   
       But then the question is whether Gilmore should have exercised
   that right, especially in such an open forum. Again, I think Gilmore's
   actions were justified. Consider inviting someone into your home or
   private club. If your guest is a boor, you might ask him to leave. If
   your guest is an slobbish drunk of a boor, you have a responsibility
   to require him to leave before he ruins the evening of others.
   
       Eugene Volokh, a law professor at UCLA, runs a number of mailing
   lists and has kicked people off to maintain better editorial control.
   Volokh says that the most valuable publications are those that
   exercise the highest degree of editorial control.
   
       But what if your private club's express purpose is to cherish free
   speech? That's where the terrain gets mucky. One 'punk wrote: "For
   someone who espouses freedom of speech to arbitrarily censor someone
   is indeed hypocritical." Another called it a "big cypherpunkish move"
   that couldn't be condoned "even bearing in mind the inane and
   wearisome behaviour of Dr. Vulis." Still others said that this
   demonstrated that "libertarianism can't work without some measure of
   authoritarianism." (Libertarianism being the primordial flame war
   topic, the debate nearly consumed itself at this point.)
   
       Vulis told me yesterday: "I'm particularly disappointed by John
   Gilmore's actions. I've known him and communicated with him before.
   His treatment of me was rude and unprofessional and inappropriate." In
   posts to the mailing list, Vulis levels the additional criticism that
   it was "arbitrary and capricious" and that he was not notified that he
   would be forcibly unsubscribed.
   
       This week Vulis busied himself by saying that now Gilmore can be
   sued for what happens on cypherpunks, arguing that the list owner is
   exercising greater control and so is subject to greater liability. Of
   course, in this country anyone can sue for anything. But it's highly
   unlikely the suit would go anywhere. Solveig Bernstein, a lawyer with
   the Cato Institute, says: "Chances are in a defamation lawsuit he'd be
   treated like a publisher or bookstore owner.. They exercise some
   control over content and enjoy pretty broad immunity from lawsuits."
   
       For his part, Gilmore calls removing the Russian mathematician "an
   act of leadership." He says: "It said we've all been putting up with
   this guy and it's time to stop. You're not welcome here... It seemed
   to me that a lot of the posts on cypherpunks were missing the mark.
   They seemed to have an idea that their ability to speak through my
   machine was guaranteed by the Constitution."
   
       What does Vulis's ouster mean to the community that sprang up
   around this mailing list, of which he had been a member for nearly
   three years? Many of his peers think he did it for attention or
   notoriety; one longtime list-denizen declined to be interviewed for
   fear of encouraging him. (If that's his goal, he's already succeeded.
   Will Rodger from Inter at ctive Week and Lewis Koch from Upside Magazine
   are writing about this.)
   
       Other cypherpunks wonder why Vulis is abrasive online, yet
   mild-mannered in person; Gilmore likened him to "a Jekyll-and-Hyde
   personality."
   
       The flap comes at a time when other prominent cypherpunks are
   leaving, citing too many flames and too little content. Perry Metzger,
   another longtime member, announced last month he would start his own,
   moderated mailing list. The hard-core programmers have moved on. Yet
   the list membership has never been higher, at 1,949 direct
   subscribers. And the cyber-rights issues the group discusses have
   never been more important.
   
       Ironically, tools like anonymous remailers that the cypherpunks
   labored to create now make it impossible to get rid of Vulis
   completely. Blocking posts from remailers is unthinkable to the
   cypherpunks. So the embattled Russian �migr� continues to read the
   list under a pseudonym and appears to be posting as frequently as
   ever. But perhaps Gilmore succeeded in part. If not more polite,
   Vulis's messages now are at least on-topic.
   
###






From dbell at maths.tcd.ie  Tue Nov 12 09:36:13 1996
From: dbell at maths.tcd.ie (Derek Bell)
Date: Tue, 12 Nov 1996 09:36:13 -0800 (PST)
Subject: "Messer im Kopf"
In-Reply-To: <v02140b01aead9ffb76fb@[192.0.2.1]>
Message-ID: <9611121734.aa17916@salmon.maths.tcd.ie>


-----BEGIN PGP SIGNED MESSAGE-----

	The film is listed in the Internet Movie Database (http://www.imdb.com)
which lists "The Entertainment Connection" and "Videoflicks Movie Store" as
distributors. The IMDB also provides links to both distributors' home pages.

	Derek

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMoi1IlXdSMogwMcZAQEnPwP9FzbcDOmI5Z8+0/LliNCjyvoheSVcEqwG
pkJgXkhZt959pupVXey1lIbF7cg4S8DUZMvLTjv7HBAdPmJ+BULqrtHJa4KsaOp1
fz1pm5E6V9mPpUWojOsDFsXOoskypjCHB98wFYjRo+jv4y2LX8iq54wVMjIMaYHK
5I5+R9yhqOw=
=vtYP
-----END PGP SIGNATURE-----





From postmaster at opennet.net.au  Tue Nov 12 09:37:34 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 09:37:34 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611121358.AAA13883@myinternet.net>
Message-ID: <199611121737.EAA18936@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 09:41:33 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 09:41:33 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611121348.OAA12869@internal-mail.systemics.com>
Message-ID: <199611121741.EAA18994@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 09:53:25 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 09:53:25 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <2.2.32.19961112135622.0067bdf4@smtp1.abraxis.com>
Message-ID: <199611121753.EAA19155@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From mml at halcyon.com  Tue Nov 12 10:12:12 1996
From: mml at halcyon.com (Mark M. Lacey)
Date: Tue, 12 Nov 1996 10:12:12 -0800 (PST)
Subject: two bogus messages to this list
Message-ID: <01BBD081.63E4D3C0@blv-pm101-ip1.halcyon.com>


>Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
>can be brought up in single-user mode and the root password changed by 
>anyone with physical access to the system. You could end up with even 
>more trouble than if someone messed with your M$ box.

Microsloth has, at the heart of it's system, a call which traps ALL
KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
placed inside of a DLL which most users would have no idea was loaded.
Even under NT, this DLL can be made to remain resident and trapping
Keystrokes, events, and window contents.

This is (or was?) no problem under X Windows the last time I tried it (not recently), too.  In fact, you could monitor the keystrokes of any machine that you had access to remotely, as long as X was running.  All it took was a short little C program.  So what call is it on NT that you're talking about?

Mark M. Lacey <mml at halcyon.com>
"Speaking for nobody but myself."
[Finger mml at halcyon.com for my PGP public key.]
[If you don't have 'finger', e-mail me for it.]






From jimbell at pacifier.com  Tue Nov 12 10:41:20 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 12 Nov 1996 10:41:20 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
Message-ID: <199611121840.KAA04414@mail.pacifier.com>


At 11:57 PM 11/11/96 -0500, Michael Froomkin - U.Miami School of Law wrote:
>On Tue, 12 Nov 1996, Doug Renner wrote:
>
>> article nearly head-on.  However is it true that what you are saying is 
>> that two fundamental premises in the article you refer to as "rabid" are 
>> incorrect?  Namely:
>> 
>> "ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
>> THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.
>
>The above is a true statement.  Note however that "congress" cannot
>operate the mint.  It must -- **MUST** -- delegate this duty to the
>executive branch (or someone outside the legislative branch, cf. Chadha
>v. U.S.) if it wants it done. Congress is free to select the type
>of agent it wants to do this.  Indeed, if Congress chose to license
>private mints, that would, IMHO be legal.  The point here is that the
>states don't have the power to coin money.

But, apparently, during the 1800's states (?) and individual banks did 
indeed print their own currency.

The way I see it, a positive statement in the Constitution that the Feds 
have the power to coin money does not necessarily exclude other 
people/banks/states/foreign countries from doing likewise.


Jim Bell
jimbell at pacifier.com





From jfricker at vertexgroup.com  Tue Nov 12 10:49:30 1996
From: jfricker at vertexgroup.com (John Fricker)
Date: Tue, 12 Nov 1996 10:49:30 -0800 (PST)
Subject: BizWeek speaks on Crypto
Message-ID: <19961112184849116.AAA174@dev.vertexgroup.com>


http://www.businessweek.com/1996/47/b350287.htm


--j
-----------------------------------
| John Fricker (jfricker at vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------






From frissell at panix.com  Tue Nov 12 10:58:23 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 12 Nov 1996 10:58:23 -0800 (PST)
Subject: Children & Privacy
Message-ID: <3.0b36.32.19961112135631.00754284@panix.com>


At 8:26 AM -0800 11/11/96, Hal Finney wrote:
>
>>I have two kids entering their teens, and I'm sure other list members are
>>parents as well.  What can we do for our children to help them enter their
>>adult lives with better chances to retain privacy?  

Perfect privacy is very difficult to achieve but with practice, one can
learn (and teach one's children) much improved privacy.  The following
suggestions are not the most radical ones.  They represent things that you
can do at little cost or risk. 

Things you can do to teach your children to protect their privacy.

1)	Practice privacy yourself.  Children learn by example.
2)	Don't apply for an SS# for your child.
3)     Do apply for a passport for your child (without an SS# of course).
Use it as the foundation for an ID pack for your child because passport
apps don't contain much useful information on a person and can even be
obtained without a birth certificate when the child is an infant.
4)	Make up some facially valid SS numbers for future use using a freeware
program like ssn.exe.
5)	Teach your child to give your accommodation address and voice mail
number as his address and phone number whenever asked (just like you do --
you do do that, don't you).
6)	In descending order of importance: keep him out of government schools,
keep him out of private schools in your country of residence, home school
him.  (Government schools give the government a direct opening into
information about your family.  Handing a child over to the government
effectively ends any parental rights you might have while he is in school.
Additionally, he may never learn to read and write.)
7)	Introduce privacy concerns into your ideolect: Whenever you are driving
around and see a police car say "There's the Geheime Staatspolizei" and
explain who the "Home State Police" were.  
8)	Play privacy games like:  Let's think of things we can say to people who
ask us why we're not in school."  "Let's think up some neat names to give
to people when we don't want them to give them our real name."  "Let's
practice giving random answers to the question 'What's your name, address,
and phone number.'"
9)	When driver's license time comes teach them how to get a license in
another state or country than their state of residence (and why this is
important).
10)	Get them a secured credit card in their true name to add to their ID
pack.  If you like, you can get them one in a nom de guerre as well.
Secured credit cards are the best ID money can buy. (Because people think
they're ID but they're not).

DCF





From frissell at panix.com  Tue Nov 12 11:02:05 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 12 Nov 1996 11:02:05 -0800 (PST)
Subject: Children and Privacy
Message-ID: <3.0b36.32.19961112110803.0075a02c@panix.com>


At 12:31 AM 11/12/96 -0800, Timothy C. May wrote:
>(Side note: Jim McCoy's suggestion that kids can be kept off the
>parental-unit's tax returns and thus not get a SS number is fraught with
>problems. Many schools--including public schools--use the SS number for
>various internal and tracking reasons. 

Anyone who turns their children over to puiblic schools cannot be very
interested in privacy since public schools are the major pathway that
governments use to exert social controls on families.  In addition to all
the paperwork on and tracking of the children, public schools record and
track the families.  The various state child protective services agencies
use information derived from schools to control children and parents.  If
you are not on welfare and do not have your children in a government
school, you will almost never come to the attention of those authorities.

>Even if the kid is free of SS
>numbers until he's a teenager--at a cost of thousands of dollars a year in
>IRS deductions not taken--he'll essentially have to have an SS number in

The "fine" for not listing your kids SS# on returns is minor ($50) and is
not usually assesed in any case.  You can still deduct them.  Also those
millions of parents who don't file their returns don't face the problem
either.

>his high school years, for a variety of reasons. Maybe this can be avoided,
>but I doubt the reward is worth the hassles.)

It is very rare to have an SS# bounced back at you if you just make one up
which is valid on its face.  This applies to both schools and jobs.

DCF





From alzheimer at juno.com  Tue Nov 12 11:06:06 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Tue, 12 Nov 1996 11:06:06 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961112.130433.9303.1.alzheimer@juno.com>



 
Financial Times: Friday, November 8, 1996
 
Credit Card Group Set for Control of Mondex 
 
By Tim Burt 
 
MasterCard International, the credit card consortium, has stepped up its
bid
to take a leading position in the embryonic cash card business by
agreeing to
acquire a majority stake in Mondex International of the UK. 
 
Mondex is a leading developer of "electronic purses" -- plastic cards
with
memory chips that can be "loaded" with cash and used for small purchases.

 
The deal is expected to give MasterCard 51 per cent of Mondex, set up by

National Westminster and Midland of the UK but now jointly owned by 17
banks. 
 
Under the agreement, MasterCard would promote the Mondex electronic
cash card through banks which carry its franchise. 
 
The Mondex system has been piloted in Swindon, Wiltshire, and Hong
Kong. 
 
It works by storing cash on a microchip card, which can be loaded using
automatic telling machines or specially equipped telephones. 
 
Cards -- including credit, debit and store cards -- are used for payments
worth an estimated #2,000bn a year. 
 
MasterCard believes Mondex could give it a greater share of that market,
although some industry observers doubt the appetite for such electronic
cash
cards. 
 
The acquisition could exacerbate tensions between MasterCard and Visa,
its
main rival, in attempts to establish an industry-wide standard for chip
cards.
Visa has already done pilot tests of its electronic purse at the Atlanta
Olympic Games last summer and in Spain, Australia and Argentina.
 
It is understood Mondex would become a free-standing subsidiary of
MasterCard, and its existing management is expected to remain. 
 
Banking analysts said the deal could signal an admission by MasterCard
that
trials of its own electronic purse had not proved an unqualified success.

 
Yesterday, however, MasterCard said it would be conducting a full-scale
trial of its own smart card in New York next March. 
 
Electronic purses are undergoing trials elsewhere in Europe and North
America, and some of Mondex's rivals claim it does not conform to the
international standards for chip cards developed by companies such as
Visa
and Europay. 
 
Mondex has had a mixed reception among UK customers and retailers but
said this week that it had been received enthusiastically in the Far
East.
 
In Hong Kong -- where Mondex was launched last month in conjunction
with HongkongBank and Hang Seng Bank -- more than 20,000 customers
and 400 stores have signed up to join the scheme at the two malls where
it is
being tested. 
 
The card is also being tested in Canada and is expected to be launched in
Australia next year. 
 
 
 
Financial Times: Friday, November 8, 1996
 
World Tries Out New Electronic Purse Systems
 
By George Graham
 
Ever since inventors figured out how to implant a miniature computer chip
in
the thickness of a standard payment card, banks have been toying with the
possibilities opened up by this extra memory and processing power. 
 
Top of most lists is the electronic purse: a way of loading money on to
the
card so that it can be used as a direct substitute for cash in small 
transactions such as buying a newspaper or a bus ticket. 
 
Mondex is among a host of electronic purses now on trial around the
world.
Originally piloted in Swindon, England, it is also being tested in Canada
and
was launched this week in Hong Kong. 
 
The arrival of MasterCard, the international payment card consortium, as
its
prospective majority shareholder will give Mondex the opportunity to move
beyond local and national trials to, potentially, worldwide use. 
 
MasterCard had run trials of its own electronic purse in Canberra, though
reports that these proved unsatisfactory would appear to be borne out by
its
imminent new link with Mondex. But Mondex is not alone in the electronic
purse contest.
 
Visa, MasterCard's great rival, piloted its Visa Cash electronic purse at
the
Atlanta Olympics, and in such countries as Spain, Australia, and
Argentina. It
will be launching a trial in the UK next year. Europay, despite being
MasterCard's partner in Europe, has already launched its own purse called
the Clip. 
 
Other national electronic purses range from the disposable Danmont card
in

Denmark -- sold for face value and thrown away when used up, like a phone
card -- to the reloadable Quick chip in Austria, which is integrated into
the
customer's regular cash card. 
 
The most heavily used electronic purse so far, and arguably the only one
that
can yet claim to be a commercial success beyond a closed circuit such as
a
university, is the PMB card in Portugal. It has 170,000 cards in active
use,
and an expected 50,000 point of sale terminals installed by the end of
this
year. 
 
But no winner has yet emerged. 
 
"The reason for all of these pilots is that no one has proven the
business case.
I'll be really interested to see if anyone makes money out of this," Mr
Eugene
Lockhart, president of MasterCard International, said earlier this year. 
 
Banks generally like the idea of an electronic purse, which cuts out the
risk
they run on a credit card payment of not getting paid. It is also cheaper
to
operate than a debit card: because the money is already loaded on the
card,
there is no need for each transaction to be authorised by a central
computer. 
 
'The reason for all these pilots is that no one has proven the business
case'
weighs particularly with late night shops and with bus and taxi drivers
who do
not want to have to carry change around with them. 
 
But they do not want to install new card terminals until they are sure
what the
standard will be. 
 
The gains are much less obvious for consumers. To compete with cash, an
electronic purse has to be not only free but very widely accepted. That
threshold has so far been crossed usually in very limited geographical
areas,
such as the Sydney suburb where an electronic purse accepted at petrol
stations, shops and fast food outlets has been successfully married with
a bus
pass. 
 
Mondex's technological features make it a closer replica of cash than
most
competitors. Mondex money moves anonymously from one person to the
next, and can even be transferred to another individual's Mondex card,
instead of only to a shop with a special terminal. 
 
In most other systems each transaction ends up being processed through a
central computer. That leaves more of an audit trail -- a plus point with
police. 
 
But Mondex's biggest shortcoming has been that it stood alone, raising
questions on whether it would gain acceptance beyond the confines of
Swindon. Rivals say it does not conform technically to the international
standards for chip cards developed by Visa, MasterCard and Europay,
although Mondex officials have demonstrated its cards will work in
standard
terminals. 
 
Mondex took a big step towards wider acceptance this summer, when
National Westminster Bank, its creator, sold control to a broad
international
consortium of banks. With MasterCard expected to take control, the
Mondex card has will be crossing another threshold toward worldwide
acceptance. 
 
 





From maldrich at grci.com  Tue Nov 12 11:12:21 1996
From: maldrich at grci.com (Mark O. Aldrich)
Date: Tue, 12 Nov 1996 11:12:21 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611120944.UAA13541@rainy-day.openweb.net.au>
Message-ID: <Pine.SCO.3.93.961112134913.11606B-100000@grctechs.va.grci.com>


On Tue, 12 Nov 1996, Open Net Postmaster wrote:

Your bot is mailing these bounce messages to a mailing list.  Over 1000
people have gotten the (numerous) copies your server has been sending
about this discontinued address.  The message it received had a "reply to"
header in it, but apparently it's been programmed to mail its message to
every address it can find in the message header. 

We have no way of knowing specifically which address is bad unless you
tell us.  While we do have a list of subscribers, it may not be
reasonable to assume that everyone using your domain name wants to be
dropped from the list.  We have, in other words, no reasonable way through
which we can respond to your bot's request that we "remove" the address
from our mailing list.

Please ask your bot to direct its replies to "cypherpunks-errors at toad.com" 
(not the entire mailing list, which receives all mail sent to the
"cypherpunks" address), and to INCLUDE the now-defunct e-mail address
(that's probably a change that others receiving your message would
appreciate as well). 

Thanks for your help with this little problem.

> 
> The address you mailed to is no longer valid.
> This is probably because the user in question was an
> old Open Net subscriber. Open Net is NO LONGER an ISP,
> and has not been since May 1996.
> 
> We have no redirection address for that user. Please
> remove them from any mailing lists you might have.
> 
> This response was generated automatically.

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich at grci.com       |
|What I paid                              | MAldrich at dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------










From dlv at bwalk.dm.com  Tue Nov 12 11:15:05 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 12 Nov 1996 11:15:05 -0800 (PST)
Subject: Make.digital.money.fast
Message-ID: <woJaXD3w165w@bwalk.dm.com>


Rabid Wombat <wombat at mcfeely.bsfs.org> writes:
> On Sun, 10 Nov 1996, Clay Olbon II wrote:
> 
> > Pyramid schemes could be a growth market in a crypto-anarchic world.  It is
> > yet another market such as gambling, or the lottery, that could be conducte
> > with anonymity.  And it appears to be much more widespread on the internet
> 
> How is it like gambling? If I get a pyramid letter instructing me to send 
> money to five people on the list, add my name to the bottom, send to 5 
> people, or whatever, there's nothing stopping me from removing all the 
> names, adding my name and those of four friends, and passing the letter 
> along. With an anonymous system, I could easily be all five people, 
> without even the bother of getting five different post office boxes.
> 
> There's no gambling involved; only blantant stupidity.

I agree - MMF is stupid. Gambling in Las Vegas is stupid. Buying lottery
tickets is stupid (except in rare cases when the jackpot is very large.)
The way most investors play the market is stupid. It's unbelieavble how
many billions of dollars move around in non-productive activities which
can only be described as stupid.

Coming back to MMF, I recall the famous quote from Dave Rhoad's original
post which said approximately: "The success of this project depends on the
honest and integrity of each participant." (By the way, DR is a real person,
living in California.) My small-scale survey indicates that almost all the
people who post MMF try to "cheat" in a minor way by not sending the $5 to
the 5 people upstream of them. I think this casn be prevented cryptograhicaly
if the MMF post includes digitally signed assertions from the 5 upstream
people certifying that they've received their $ from this particular poster.
A slightly more sophisticated form of "cheating" is described by RW above:
the poster generated 5 nyms, generated 5 receipts from these nyms, and
effectively starts a new pyramid. A partial response to that would be
to require each new nym to be certified by its immediate upstream
neighbor: sort of like the web of trust, rooted in Dave Rhoades himself.
But that too can be circumvented by a single person "spamming" the
pyramid by multiple nyms all belonging to him. There's no good way
to ascertain that mutliple nyms don't belong to the same person.
> 

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From lucpac at freenet.hut.fi  Tue Nov 12 11:18:01 1996
From: lucpac at freenet.hut.fi (luc pac)
Date: Tue, 12 Nov 1996 11:18:01 -0800 (PST)
Subject: anon remailer
Message-ID: <199611121917.VAA19844@freenet.hut.fi>


hi --

i'm having a discussion with some people, trying to persuade them to set up
an anonymous remailer on an italian server.

i need a few technical data about how much computing resources does a
remailer take, how much ram, cpu time, average traffic and so.

since i can't deal with the huge (though interesting) traffic carried by
this list, i'm not going to subscribe. so please if you can help, contact me
privately at my address.

i feel that if i succeed, a new remailer would be of some help for the
entire cypherpunk community worldwide.

thanks.

---
Key fngrprnt (since 1993) =  52 DB 96 92 FA 1D CE 71  0D 63 96 E5 9A 9B 07 0A
http://www.geocities.com/Hollywood/3879






From attila at primenet.com  Tue Nov 12 11:22:01 1996
From: attila at primenet.com (attila)
Date: Tue, 12 Nov 1996 11:22:01 -0800 (PST)
Subject: More snake oil: ENIGMA
In-Reply-To: <v0300780daeae49989465@[206.86.1.35]>
Message-ID: <199611121922.MAA18356@infowest.com>


        Other than the fact it is probably from a front for one of Dan 
    Lassiters' Little Rock companies, now owned by Alltel, it's worth
    a read. large scale enigma encoding is not bullet proof, but it can
    make your life miserable.  I did not take the time to calculate the
    permutations...  
        I wonder if anyone told them the data recovery teams can pull
    multiple layers of data off a disc after it has been stripped?
        FYR, the explanatory text from their front page is below.

--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila

      ======================  forwarded message ======================

<HTML><HEAD><TITLE>Enigma Welcome Page</TITLE></HEAD>
<CENTER>
<IMG SRC="eng2.gif"><BR><BR>

</CENTER><CLEAR=ALL><HR><BR>
<CENTER><B>Welcome to Enigma & Co.!</B></CENTER><BR>

The following text contains various terms that you may not be familiar with.
Please refer to the Glossary section for a description of those terms, or
feel free to call us for more detailed information on how we can help you with
your data security needs.<BR>

<BR>

A data protection system for businesses and individuals, the Enigma & Co.
related products offers security with the means to 
create personalized encryption schemes in an infinite variety.  In 
addition, the versions include a complete package of security 
management tools to enable it to be used in a business or office environment 
under the oversight of authorized administrators. It also provides routines 
to handle binary encryption and decryption of both text and non text files 
as well as all the capabilities needed to accommodate BBS, E-Mail and Internet 
communications.
It is for these reasons plus many more which you will discover in using the
software why our users think it is the finest cryptographic software ever
produced.<BR><BR>
In addition, unlike public key and other mathmatical cryptographic programs, there
is nothing in the messages and files you encrypt that aids in the deciphering of
your data.  If you encrypt twenty bytes, then the encrypted file is twenty bytes,
containing no clue on how to decipher it.<BR><BR>

<B><CENTER> About Enigma & Co.'s Cryptography Products</B></CENTER><BR>

Here's some insight into the enormous power and security offered by Enigma &
Company's products.  You do not need to know all the in's and out's of these
features to use it effectively.  We've designed our systems to be extremely
easy to use.  Some of the main features are:<BR><BR>

<B>Wheels:</B><BR> Our Enigma's can use from three up to eight wheels at a 
time.  A Wheel is a scrambled dataset of characters that is used by the Enigma
systems that your computer randomly creates.  There are
no limit to the number of WheelSets (datasets of wheels) that you can create.
<BR><BR>
<B>Usable Characters:</B><BR> Our Enigma uses 83 characters on its text wheels and 256 on
its binary wheels. This gives the Enigma user more than six billion more 
starting
text wheel configurations ("shifts") to choose from, each one of which
will produce an entirely different encryption.  The use of all eight
binary wheels, of course, exceeds this number tremendously. <BR><BR>

<B>Indicator Word:</B><BR> To make the enciphered message even more difficult
to break, our software provides another feature which allows the sender
to enter a word or a simple phrase that has the effect of adding a
virtual ninth wheel to the text enciphering combination.<BR><BR>

<B>Multiple Cryptions:</B><BR> Probably one of the best features of the Enigma
products, you have the means of storing your personalized WheelSets and your Schemes
and then do cryptions in a multiple fashion, using different
WheelSets, different Schemes, and if in text mode, different Indicator
words.  You can also Cross Crypt, that is encrypting in text (83
character) and then in binary (256 characters). <BR><BR>

<B>Parameters:</B><BR>We created even more power over the cryptive process by adding parameters 
for both Text and Binary which allow the user to define the direction the 
wheel in each slot will rotate, and the number of turns before it triggers 
the next wheel to rotate in its predetermined direction.  Predefined WheelSets 
and Schemes are also included as well as data files to save and restore 
parameter settings.
<BR><BR>

<B>Passes:</B><BR> The Enigma systems allow
the passing each character back and forth as many as 99 times, a device 
which effectively turns an eight wheel encryption to a 792 wheel encryption or
a 891 wheel encryption with an Indicator Word.
<BR><BR>

<B>Personal Schemes:</B><BR> Added to the above, the Enigma user is not confined
to the wheel "wirings" that come with this software. He or she is
encouraged to create personalized wheels and schemes, setups that can
be tailored for groups of correspondents or individuals. And to avoid
the possibility of using the wrong scheme with the wrong person, Enigma
allows each special setup to be given a separate file name for later
recall.<BR><BR>

<B>Slots and Shifts:</B><BR> Each user has the ability of placing different
wheels into the slots in whatever order they prefer and then shifting
them prior to the cryption process.  The act of shifting can in effect
create a totally different wheel from the original positions of that
wheel.<BR><BR>

<B>Shift Ratios:</B><BR> To further complicate the encryption process you can
specify the number of shifts the wheels will rotate when it is triggered instead
of only one rotation.<BR><BR>
 
<B>System Files:</B>All your system files can be removed (cannot be recovered),
transferred and restored either all at once or individually.  The system files
consist of WheelSets, Schemes, Parameters and Code Book data. 
<BR><BR>

<CENTER><B> About Enigma & Company's Ultra Enigma</B></CENTER><BR>

The Ultra Enigma system evolved by the addition of a ten numeric input 'key' 
in the parameter screen.  These ten sets of numbers are used to 'shotgun' the original
message anywhere between eight and five hundred plus times its size, depending
on the values in those ten 'key' inputs.  Ultra hides your data in a sea of
data, thus making decoding by brute force an absolute nightmare.
<BR><BR>

As our system evolved, three modes of cryption were developed and all three
are present in Ultra Enigma and can be utilized as part of the operating system. 
Styles 1 and 2 are one-to-one processing (files are not expanded).<BR><BR>

In addition, all sensitive data files used by Ultra Enigma can be Transferred,
Restored and Killed (unrecovering them are impossible) leaving your computer
useless to theft and misuse.<BR><BR>
 
</BODY></HTML>






From tcmay at got.net  Tue Nov 12 11:23:00 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 12 Nov 1996 11:23:00 -0800 (PST)
Subject: Child Protective Services and Political Views
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <v03007800aeae79b8d736@[207.167.93.63]>


At 8:20 AM -0800 11/12/96, Vince Callaway wrote:
>>
>> Are there other measures which parents could take while their children are
>> young to get them off to a good start, privacy-wise?
>
>Every couple of months I one of my kids brings home a form from school
>asking everything from how many kids in the family, how much money do I
>make, do we own our home and other things that have nothing to do with
>educating my children.
>
>At first I just pitched them, but then they started getting on my kids for
>not returning them.  When they did that I went to the school and demanded
>to see a background history and credit report on every school employee who
>came in contact with my child.  They refused sighting privacy etc...  I
>told them I had the same rights and to stop hasseling me with their little
>forms.

Interesting comments. I don't have children, let alone children in school,
but I sure as hell would not answer such questions. I count myself lucky
that when I was in the public school system there were no such questions,
at least I never heard of any.

I wonder to what extent children are asked questions about their home life,
or about the things their parents do, without the parents even being in the
loop? If not now, soon. For example, children may be asked to fill out
questionaires on whether they've been spanked, whether alcohol and smoking
is present, whether guns are in the house, and so on.

(This is part of the generally totalitarian mindset which is pervasive in
the public school system. Last year I paid over $8000 in *property* taxes,
ostensibly largely for public schools (and of course I paid a whole lot
more in various other taxes). I have no children, as I said. And yet the
public schools wanted a cut of gambling revenues, which they got (kind of
gives a "does not compute" when the schools moralize about the dangers of
gambling, expel kids for being in card or dice games, and so on, all the
while being the main beneficiary of what Heinlein called a tax on
stupidity). Further, the schools brainwash the kids into cajoling their
parents to donate time, computers, labor for fixups, and even cash.)

Sadly, it is quite possible that by sufficiently obstreprous about such
things, the school counsellors could initiate investigations by Child
Protective Services, on vague grounds that the "home environment" is not
sufficiently nurturing (= politically correct). Here in the People's
Republic of California, they have nearly unchallenged authority to remove
children from homes on their own say so, with the parental-units then
forced to hire lawyers and mount a court challenge.

(Needless to say, meeting the CPS Gestapo agents with the display of a
gun--which would be the normal reaction Americans should have to kidnappers
of their children--would result in one's immediate arrest and the immediate
seizure of the children.)

Opinions may be changing. I get a lot of double takes and then smiles and
laughter when I wear my "D.A.R.E." t-shirt. "D.A.R.E. stands for "Drug
Abuse Resistance Education," and is a nationwide program run jointly by the
police departments and schools, in which children are taught the "reefer
madness" dangers of drugs, alchohol, etc., and are given instructions on
who to call if they suspect their parents are illegally using drugs. This
"junior narc" program has resulted in the breakup of many families, as
parents were hauled away to jail and kids were put in foster homes because
the little Pavel Morozovs narced out their parents.

So, why do I get double takes and smiles? Because my shirt, bought from
someone advertising it in alt.drugs, says:

"D.A.R.E." [in large red letters]

"I turned in my parents
and all I got was this
lousy t-shirt."

(Interestingly, I wore this t-shirt to a pool party last summer. A couple
I've known for many years has a 14-year-old son. The mother sternly
lectured me on the poor message I was sending to her son, and said I was
not to talk to the kid about my views on drug legalization, etc. I bit my
tongue, avoiding saying "Fuck off," but could not restrain myself from
saying, "I'll talk to whoever I want. It's up to you to control who your
son talks to." Rude? Perhaps. But the mindset of brainwashed zombies is
what creates this police state mentality. Who knows, it may even be a
technical crime ("contributing to the delinquency of a minor"?) to even
discuss basic libertarian ideas with a minor. And as I said, Child
Protective Services could quite possibly seize a child whose parents were
sufficiently vocal about their beliefs.)


Perhaps someday we'll see the "C.A.R.E." program--Crypto Abuse Resistance
Education.

"Now children, if you see someone you think is using illegal computer
programs, or someone who is talking in a way that we have told you to watch
out for, here are some phone numbers you can call. Your daddy and mommy may
just need to be re-educated, just like we are re-educating you here in this
People's Public School."

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Tue Nov 12 11:40:02 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 12 Nov 1996 11:40:02 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <199611101939.LAA13170@netcom4.netcom.com>
Message-ID: <v03007801aeae80c47f21@[207.167.93.63]>


At 11:12 AM -0500 11/12/96, Ted Anderson wrote:

>This concluding paragraph got me to thinking of something I read
>recently in "Bionomics" [1] about the public education problem.  The
>point being made there is that injecting even a little real competition
>into a monopoly situation improves things tremendously.  It is the
>counter argument to the objection that allowing students choice of
>schools will destroy the majority, as the "good" kids flee.  What will
>happen instead is that most schools, seeing imminient flight, will take
>measures to avoid losing students (and taking their tuition with them).
>A few, that really can't adapt in time, fail and their students are
>forced to seek other schools.  The result is that all schools, even
>"public" schools improve dramatically.


Many years ago, circa 1989 or so, I wrote a satirical essay which I called
"Access to Food Must be Equal!" I can't seem to find it right now, so I may
have moved it off my hard disks in one of my periodic housecleanings...I'll
try to dig it up.

The gist was that of an alternate reality in which supermarkets were not
private, but were run the way the public schools were run. That is, each
neighborhood was in some Food Distribution District, at which a household
bought its food or even got it for free (I didn't flesh this point out, but
the parallel with public schools is that the landowners would pay property
taxes, but everyone would be able to get food for free, according to some
ration or coupon system).

(And if you think about it, food is pretty important, and supermarkets are
roughly distributed the same way and in the same numbers as elementary
schools, junior high schools, high schools, etc. So it's not completely
far-fetched to imagine America having taken a different turn a century ago,
and including food distribution centers in the same system.)

I even included mention of the important role the PGA (Parent-Grocer
Association) played in ensuring the nutritive requirements of young bodies
are met. And the need for "nutritional standards" to keep junk food off the
shelves, and only bran muffins and similar digestives be in every meal.

My piece was written as a rant about the dangers of the proposed talk of
"privatizing food distribution points," about how this would result in a
system where only the rich could get access to nutritional food, and how
the poor would be made to suffer. And how this "caloric anarchy" would
result in vicious monopolies, price wars, and deviation from Recommended
Governmental Caloric Intake Rules.


Think about this kind of parallel when privatization of schools is talked
about.

P.S. The "bionomics" stuff is just reworked ideas from a bunch of other
fields, given new names, and packaged with seminars, training classes, and
other multi-level marketing nonsense. I'm not impressed.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From sedwards at cts.com  Tue Nov 12 12:15:18 1996
From: sedwards at cts.com (Steve Edwards)
Date: Tue, 12 Nov 1996 12:15:18 -0800 (PST)
Subject: Kriegsman Furs Website hacked...
In-Reply-To: <288896e0@myinternet.net>
Message-ID: <Pine.SCO.3.91.961112131159.5106B-100000@crash.cts.com>


These hacks can be amusing, regardless of your political orientation...

But, to bring the thread onto topic, how are these hacks perpetrated and 
how can a responsible webmaster reduce the exposure?

On Wed, 13 Nov 1996, Eraser wrote:

> 
> Hey all..
> 
> Another commercial hack.
> 
> http://www.kriegsman.com/ which is still live at this posting.

not any more.

> if it goes down, or is fixed, a mirror exists on
> http://www.skeeve.net/kriegsman/
> 
> nicely done...
> 
> one for the furry creatures.
> 
>  -------------------------------------------------------------------
> | Skeeve Stevens - MyInternet  personal.url: http://www.skeeve.net/ |
> | email://skeeve at skeeve.net/   work.url: http://www.myinternet.net/ |
> | phone://612.9869.3334/       mobile://0414.SKEEVE/      [753-383] |
>  -------------------------------------------------------------------
> 

Steve Edwards
sedwards at cts.com






From reagle at rpcp.mit.edu  Tue Nov 12 12:25:29 1996
From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.)
Date: Tue, 12 Nov 1996 12:25:29 -0800 (PST)
Subject: Taxation Thought Experiment
Message-ID: <3.0.32.19961112152531.00a068b0@rpcp.mit.edu>


Another thought experiment, comments welcomed:

o TAXES THOUGHT EXPERIMENT

 1) I generate $100 of productivity for my company
 2) Company is taxed %30, $70 left
 3) Company pay shareholders and costs, $30 is left
 4) Company pays me
 5) I pay 40% in taxes, so $18 left
 6) With $18 I can buy a $16.82 object (%07 sales tax).

Results:
 1) I see $16.82 realization from $100 productivity increase.
 * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.
_______________________
Regards,          Our greatest glory is not in never failing, but in rising 
                  up every time we fail.  -Ralph Waldo Emerson
Joseph Reagle     http://rpcp.mit.edu/~reagle/home.html
reagle at mit.edu    E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E





From vznuri at netcom.com  Tue Nov 12 12:25:56 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Tue, 12 Nov 1996 12:25:56 -0800 (PST)
Subject: (fwd) NSA And Vince Foster?
Message-ID: <199611122025.MAA24148@netcom13.netcom.com>



gadzooks, has anyone seen this yet? atom bomb type stuff here.
I guess we won't hear Perry and others rant about Vince Foster
material on the list any more, eh? 


From: softwar at us.net (Charles R. Smith)
Newsgroups: talk.politics.crypto
Subject: NSA And Vince Foster?
Date: Mon, 11 Nov 1996 00:36:45 GMT

========
ubject: NSA FOSTER DOCS:  FOSTER INVOLVED IN NSA COMPUTER ESPIONAGE
ISSUES
From: "John Q. Public" <jqp at globaldialog.com>
Date: Sun, 10 Nov 1996 13:13:29 -0600

not to be used for commercial purposes
from the Nov. 11, 1996 issue of The Washington Weekly
posted with permission


	NSA RELEASES DECLASSIFIED FOSTER DOCUMENTS


     The National Security Agency  has  now  released  the  first
batch  of  documents  in  response  to  a  Washington Weekly FOIA
request filed in August of 1995. The documents, pertaining to the
late  Vincent  W.  Foster  and  his  work  with  the NSA and with
Systematics Inc. have many passages and  names  blacked  out  and
some  documents  bear "Confidential" or "Secret" classifications.
The  first  batch  of   documents   contain   77   pages.   After
conversations  with  NSA  staff, we understand that an additional
estimated  600 to 700 pages of documents will be released pending
review  by  other  intelligence  agencies.  The Washington Weekly
eventually will make all documents available on its web site.

VINCE FOSTER INVOLVED IN NSA COMPUTER ESPIONAGE ISSUES

    One morning in May of 1993, a  mini  bus  left  the  National
Security  Agency  at  Ft.  George  G.  Meade,  Maryland. It drove
directly to the White House  to  pick  up  Bernard  Nussbaum  and
Vincent W. Foster. From there, the party proceeded to the Justice
Department to pick up Webster Hubbell and John  Rogovin.  At  the
Supreme  Court,  Justice John Paul Stevens joined the party. They
all returned to the NSA for a secret roundtable  discussion  with
top NSA officials on Codebreaking and Telecommunications.  On the
agenda were items such as:

 * What Has Happened to SIGINT
 * How We Handle Crypt[ology] Problems
 * Problems We Face In The Future
 * Rule of Law

    Only this broad outline of  the  meeting  is  revealed  in  a
recently  declassified  NSA document. But it makes clear that one
of  Vince  Foster's  responsibilities  at  the  White  House  was
cryptology  and  intelligence gathering. As such, he was privy to
top secrets.  That would explain the presence of two NSA  binders
deposited  by  Vince Foster in a White House safe. So why did the
White House deny that Foster was working on NSA  documents?  Last
May, White House spokesman Mark Fabiani told the Washington Times
that "There were no National Security Agency  documents  that  he
was working on that were in his possession."

    Why did the White House try to conceal Foster's NSA ties? Why
did  Fabiani  find it necessary to contradict the sworn statement
of Foster's secretary Deborah Gorham, who said that  "There  were
two  one-inch  ring  binders that were from the National Security
Agency"?





  Published in the Nov. 11, 1996 Issue of The Washington Weekly
Copyright (c) 1996 The Washington Weekly (http://www.federal.com)



--
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^
\  / ~/ |\| | | |> |  : : : : : : Vladimir Z. Nuri : : : : <vznuri at netcom.com>
 \/ ./_.| | \_/ |\ | : : : : : : ftp://ftp.netcom.com/pub/vz/vznuri/home.html





From ebj1024 at InfoNET.st-johns.nf.ca  Tue Nov 12 12:42:51 1996
From: ebj1024 at InfoNET.st-johns.nf.ca (Sheldon Andrews)
Date: Tue, 12 Nov 1996 12:42:51 -0800 (PST)
Subject: UNSUBCRIBE CENSORSHIP
Message-ID: <Pine.OSF.3.91.961112171211.2337A-100000@InfoNET.st-johns.nf.ca>


UNSUBCRIBE CENSORSHIP






From frissell at panix.com  Tue Nov 12 12:44:45 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 12 Nov 1996 12:44:45 -0800 (PST)
Subject: Child Protective Services and Political Views
Message-ID: <3.0b36.32.19961112154157.00766b84@panix.com>


At 11:26 AM 11/12/96 -0800, Timothy C. May wrote:
>Who knows, it may even be a
>technical crime ("contributing to the delinquency of a minor"?) to even
>discuss basic libertarian ideas with a minor. And as I said, Child
>Protective Services could quite possibly seize a child whose parents were
>sufficiently vocal about their beliefs.)

One shouldn't be vocal to public employees in any case.  Avoid them.  If
you are going to be vocal use a non government forum.  Separate your
personal life from your political life.  It's not too hard to break most of
the pointers between your physical presence and your ideological presence.
Even though an investigator could find where I sleep at night, they would
have to actually expend the resources.  My neighbors and the local cops are
unlikely to make the connection because they and I move in very different
circles and I minimize my database presence.

In any case, those stupid enough to turn their children over to the
government deserve whatever happens to them.  Even if CPS never gets
involved, the damage they do to their kids may be irreversible.  My parents
weren't that stupid in 1956 when I started school and that was at a much
lower level of knowledge of the effects of government schools.  There is no
excuse today when we can see the damage all around us.

As I said earlier today, you can reduce your risk of CPS oppression to nil
by keeping your kids out of public schools and licensed day care.

DCF






From rah at shipwright.com  Tue Nov 12 12:56:00 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 12 Nov 1996 12:56:00 -0800 (PST)
Subject: Mac S/WAN (encrypted ip) mailing list..
Message-ID: <v0300780caeae94c77bd4@[206.119.69.46]>



--- begin forwarded text


Sender: mac-crypto at thumper.vmeng.com
Reply-To: Vinnie Moscaritolo <vinnie at webstuff.apple.com>
Mime-Version: 1.0
Precedence: Bulk
Date: Tue, 12 Nov 1996 12:13:16 -0800
From: Vinnie Moscaritolo <vinnie at webstuff.apple.com>
To: Multiple recipients of <mac-crypto at thumper.vmeng.com>
Subject: Mac S/WAN (encrypted ip) mailing list..

hi;

as promised I have create a mailing list that will be focused on developing
secure networking technology on the Macintosh.  (ipsec,SKIP & OT etc)

there are aleady a variety of ways todo this sucessfully with opentransport
that involve createing a STREAMS modules to do ipsec.

I will refer you to http://www.cygnus.com/~gnu/swan.html for more info
about a great project that is underway that could really use a Mac
implementation.

for now , it will be an open list, you can subscribe to it by Send mail to
mailto:majordomo at thumper.vmeng.com containing the single text line

subscribe mac-swan

Expect to receive confirmation when the majordomo daemon handles on your
request.

to contibrute to this list send email to mailto:mac-swan at thumper.vmeng.com



Vinnie Moscaritolo
------------------
"friends come and friends go..but enemies accumulate."
http://www.vmeng.com/vinnie/
Fingerprint: 4FA3298150E404F2782501876EA2146A




--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From postmaster at opennet.net.au  Tue Nov 12 12:58:34 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 12:58:34 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <2.2.32.19961112155353.00686588@smtp1.abraxis.com>
Message-ID: <199611122057.HAA21521@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From Pzbowen at aol.com  Tue Nov 12 13:40:55 1996
From: Pzbowen at aol.com (Pzbowen at aol.com)
Date: Tue, 12 Nov 1996 13:40:55 -0800 (PST)
Subject: Supreme Court rules against FCC, MCI, AT&T
Message-ID: <961112163948_2080550150@emout10.mail.aol.com>


Supreme Court Rejects FCC Phone Rule Request

WASHINGTON (Reuter) - The Supreme Court Tuesday declined a request by federal
regulators and long-distance phone companies to reactivate landmark rules
intended to pry open the nation's local phone monopolies to competition. 

The denial means key terms and conditions for deregulating the $100 billion
local phone market will for now depend on the decisions of state regulators
in the 50 states -- instead of on uniform rules issued by the Federal
Communications Commission. 

It is a defeat for the FCC and long-distance giants AT&T Corp. and MCI
Communications Corp. They sought to reinstate the FCC's "interconnection"
order after a U.S. appeals court suspended key provisions pending a challenge
to the rules, and Supreme Court Justice Thomas declined to restore them. 

It is a victory for the Baby Bell companies, GTE Corp., other local carriers
and state regulators who are seeking to overturn the regulations in the St.
Louis-based appeals court. They argue the FCC unfairly snatched away from the
states the power to issue policies governing pricing and other matters. 

The rules spell out how long-distance companies, cable-TV operators,
utilities and others wanting to get into the local phone business can plug
into the local network under the new telecommunications law. 

"For all practical purposes the state have complete control over the prices
new entrants will pay to share the existing telephone networks during the
critical period when competition is supposed to begin in local telephone
markets," FCC Chairman Reed Hundt said after the high court's denial. 

The appeals court temporarily suspended the rules last month, saying the FCC
probably erred when it drafted them. 

On Oct. 31, Justice Thomas declined a request by the FCC and its
long-distance allies to lift the lower court's "stay." They separately asked
Justices Ruth Bader Ginsberg and John Paul Stevens to reconsider the request.
The justices referred the matter to the entire court. 

"The stay prevents grossly arbitrary and distored pricing rules from going
into effect and ruining the whole process," said GTE General Counsel William
Barr. "It does not delay the timetable set forth in the Telecommunications
Act of 1996 for the introduction of competition, but instead allows for a
more level playing field." 

Oral arguments in the St. Louis case are set for January. FCC Chairman Hundt
conceded Friday it was unlikely the appeals court would decide in favor of
the FCC. And he doubts the rules will be put into effect for at least 1 1/2
years, if ever, while they are fought over in the courts. 

Hundt was encouraged, however, by the actions of state regulators arbitrating
interconnection agreements between the Bells and their long-distance rivals. 

He said key provisions to the arbitration decisions issued so far are similar
to the suspended FCC rules. 

Iowa, Texas, Maryland, Virginia and Pennsylvania have been among the states
that have issued decisions that will lay the groundwork for arbitrated
agreements between the Bells and AT&T, MCI and No. 3 long-distance company
Sprint Corp. 

"There hasn't been any evidence that the states are going off and doing any
wild and crazy stuff," said analyst Robert Mayer of Deloitte & Touche
Consulting Group. 





From dlv at bwalk.dm.com  Tue Nov 12 13:43:23 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 12 Nov 1996 13:43:23 -0800 (PST)
Subject: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <847822514.528714.0@fatmans.demon.co.uk>
Message-ID: <7gPaXD1w165w@bwalk.dm.com>


paul at fatmans.demon.co.uk writes:

> 
> > Yeah, right. Be sure to ask Paul Bradley to implement his brute force
> > attack on one-time pads. :-)
> 
> I retracted this and as I explained the post was in error as I was 
> talking about stream ciphers when I should have been taking about 
> OTPs. Please read a little deeper into my post asshole.

I've got more interesting things to do than read "deeper" into
your ignorant drivel.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From alex at proust.suba.com  Tue Nov 12 13:48:12 1996
From: alex at proust.suba.com (Alex Strasheim)
Date: Tue, 12 Nov 1996 13:48:12 -0800 (PST)
Subject: linux ipsec question
Message-ID: <199611122147.PAA06047@proust.suba.com>


I've been off the list for quite awhile, so if this has been beat to 
death already, I apologize.

Is there any kind of consensus of opinion on the linux-ipsec project?  
What do people outside of the project think about it?

It seems like a very good thing to me, but I don't know much about s/wan, 
so my opinion isn't worth much.

I'm a little curious as to how this project fits in with other secure IP 
efforts.  Will the linux-ipsec software interoperate with other 
packages?  How does it relate to IPv6?  Policymaker?

Basically, I'm not very clear about the significance of this project.  Is 
it going to be a good package that I could use to encrypt traffic 
between offices in NY and LA, or is it going to be a package that will 
let me communicate securely with the net at large, using a well accepted 
standard?

Finally, what do you all think about the basic way this is set up?  I 
mean, does it make sense to use a linux box with two net cards to protect 
a lan?  Or should secip software be built into individual devices, like 
it is in IPv6?  Is this a standard that might get picked up by someone 
like cisco?  Etc.

Thanks...

--
Alex Strasheim, alex at proust.suba.com





From smith at sctc.com  Tue Nov 12 13:54:06 1996
From: smith at sctc.com (Rick Smith)
Date: Tue, 12 Nov 1996 13:54:06 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611122141.PAA27619@shade.sctc.com>


Hal Finney wrote:

: Are there other measures which parents could take while their children are
: young to get them off to a good start, privacy-wise?

I doubt it's ever too late to start. Sure, it seems as if old, crufty
bits sit on the 'Net just waiting to embarass us ("oh, yeah, maybe I
*did* post to alt.naughty.stuff 'way back then...") but there *is*
such a thing as bit rot and perhaps it really is our friend after all.

The first question, always, when evaluating security measures is to
ask "What are you trying to protect?"

This gets really weird when you don't know what the threats really
are, which is true of this situation. I don't really see "privacy"
itself as something you can pursue as an absolute objective. I think
Black Unicorn's tale illustrates this well -- he doesn't try for
non-existence, instead he describes a series of well reasoned and
consistent steps. Basically, though, it has to be a personal choice.
So it's hard to judge perfectly for another, even your own kids.

IMHO you have to find a reasonable balance for your kids. The problem
is that you don't want your kids to disappear -- there are times they
will WANT their records found. The problem is to make verification
easy when they're directly involved and difficult otherwise.

The basic and obvious rule to most of us is to control the SSN and
don't give out a correct one except when absolutely necessary.  One of
the banks in Minneapolis refuses to pay interest at all if you don't
have your SSN on file.

I toyed with the idea of manipulating birthdates, but it wasn't clear
what the benefit was. Also, it required my wife's help, and I'll defer
to Tim May's recent discussion of his'n'her anarchy if you wonder why
this might be an impediment. If the kids know their "real" birthdate
they'll *always* report it to their teachers. And if it's consistently
incorrect in school records, then what does it mean for it to be
different?

When faced with peculiar situations I try to choose a disclosure that
meets whatever the immediate requirements are but doesn't make it easy
to automatically match up records. Often the best you can do is reduce
certainty and increase the likelihood of multiple matches with other
records. It doesn't hurt if you last name is Smith here in the U.S.A.

Rick.
smith at sctc.com





From markm at voicenet.com  Tue Nov 12 14:41:13 1996
From: markm at voicenet.com (Mark M.)
Date: Tue, 12 Nov 1996 14:41:13 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <199611121840.KAA04414@mail.pacifier.com>
Message-ID: <Pine.LNX.3.95.961112173925.907B-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 12 Nov 1996, jim bell wrote:

> The way I see it, a positive statement in the Constitution that the Feds 
> have the power to coin money does not necessarily exclude other 
> people/banks/states/foreign countries from doing likewise.

Some localities in the U.S. are indeed minting their own currency.  Ithica is
one such example, I believe.  I don't know if these currencies are considered
"legal tender", but the Feds don't seem to be stopping it.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoj9UizIPc7jvyFpAQG7iAf/fE1M1xiYlX1iztuFLVQDUSX/beLKCIOP
bAvrzQSm+cKhN0xko/hT2XlWCPv1nZt9aiidOyWNdKwicAGzPuLpGa+i3DfR0DuV
GSggPQQKjkQugofpQ/eFSM8IJdk/eXPsEGl/AxUlBvWhLog0d9OnOWbfkNhWJEy7
Idf4eKzX450oXK/OoSp7Ik1DX0nZrqPtY2Y4KIcDL5nyUMR8eKzdFaIRi+6x1RmX
QCsN0oT7QvCtGAJfNCCo95svgA/eR5pT0zn8th0r0yWFLaZTI4A4O7kOkn30er+P
2PnFeAK6huzpVClckWIQvpCfjkbAdzLZFE2BmFHwdrElz/CJSstZqQ==
=UvzN
-----END PGP SIGNATURE-----






From bgrosman at healey.com.au  Tue Nov 12 14:52:56 1996
From: bgrosman at healey.com.au (Benjamin Grosman)
Date: Tue, 12 Nov 1996 14:52:56 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <2.2.32.19961113195012.0076c010@healey.com.au>


Dear Sir,

>>problem avoiding the photo (and thumbprint) on the license.

You mean you guys have to have a thumbprint on your drivers licences as
well? That is a real entry into the system! Appearances can be changed, but
fingerprint changing isn't quite as easy for the average Joe.

But who was it who said: "How can you convince people of the need for
privacy when they are willing to leave detailed records of their shopping
habits for 1/10000th of a flight to somewhere"? 
I think it may have been Mr.Schneier in his article on why Cryptography is
difficult, I can't remember, but it definitely has the ring of truth to it.

Yours Sincerely,

Benjamin Grosman






From raph at cs.berkeley.edu  Tue Nov 12 15:02:09 1996
From: raph at cs.berkeley.edu (Raph Levien)
Date: Tue, 12 Nov 1996 15:02:09 -0800 (PST)
Subject: pgp3
In-Reply-To: <199611121348.OAA12869@internal-mail.systemics.com>
Message-ID: <328901CF.6BABEF80@cs.berkeley.edu>


Gary Howland wrote:
> 
> > Someone suggested to me that Derek posted a draft spec for PGP 3.0.
> > Anyone know of the whereabouts of this document.
> 
> Yes.  That document has evolved to RFC 1991:
> 
> 1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange
>            Formats", 08/16/1996. (Pages=21) (Format=.txt)

Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
2.6.? distribution. I'm doing an independent implementation of the PGP
2.6 message formats, and found this document unclear in a few spots. For
example, can anyone else figure out the weird CFB variant mode from this
document? I used a debugger on the PGP code to help me figure it out.

The PGP 3.0 "spec" that you're referring to is actually a draft for a
PGP library API. A couple of those got circulated on some PGP mailing
lists, but none have been publicly released, another example of the
secrecy surrounding the whole PGP effort.

Now that PGP Inc. is happening, it's not exactly clear whether the PGP
3.0 release is going to include an API closely resembling these drafts.

Hope this helps.

Raph





From tcmay at got.net  Tue Nov 12 15:17:58 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 12 Nov 1996 15:17:58 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <3.0.32.19961112152531.00a068b0@rpcp.mit.edu>
Message-ID: <v03007800aeaeb3e87bba@[207.167.93.63]>


At 3:25 PM -0500 11/12/96, Joseph M. Reagle Jr. wrote:
>Another thought experiment, comments welcomed:
>
>o TAXES THOUGHT EXPERIMENT
>
> 1) I generate $100 of productivity for my company
> 2) Company is taxed %30, $70 left
> 3) Company pay shareholders and costs, $30 is left
> 4) Company pays me
> 5) I pay 40% in taxes, so $18 left
> 6) With $18 I can buy a $16.82 object (%07 sales tax).
>
>Results:
> 1) I see $16.82 realization from $100 productivity increase.
> * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.

Indeed, this is one of several ways of looking at the sickness that faces
us with taxes.

Here's a variant of direct interest to me:

1. Some friends of mine have a good idea for a product and wish to form a
venture to develop it.

2. I sell $200,000 of some asset I own.

3. Tax collectors take 40% of this, leaving me with $120,000 to invest in
the startup venture.

4. There's a high probablility the investment will fail ("venture"
capital). If it fails, and my money has been tied up for several years, I
have not only paid a lot of taxes, but also have lost a normal return. And
my losses, at liquidation, are deductible only against other capital gains.
If I happened to have no other capital gains, I am largely screwed (there
are a few provisions for tax-loss carryforwards, blah blah, but basically
the tax laws are set up to make sure all gains are taxed and make sure
losses are as hard to deduct as possible).

5. In the event that my friends basically succeed, here's the tax situation:

- They owe corporate income taxes of between 35 and 50%, depending.

- Their salaries have been taxed, at rates of 30-45%, typically.

- Any net appreciation in stock value is taxed upon sale at 40%, roughly.

6. It doesn't take a racket scientist to see that investing in a new
business is  increasingly a losing proposition. Add up all the taxes,
factor in the risks, and the answer is clear: why bother?

The crypto-relevance is via crypto anarchy: we need to undermine the tax
system enough that _everyone_, not just us, loses faith in it. (There could
be a "straw that broke the camel's back" effect, if people lose confidence
in the system. Even if most people are _not_ using anonymous digital cash
to hide income, if _enough_ are (and this "enough" could be a visible
minority, visible through recounts of their deeds), then confidence could
be lost. As in Italy and other such places, where compliance rates on taxes
are very low.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Tue Nov 12 15:21:46 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 12 Nov 1996 15:21:46 -0800 (PST)
Subject: UNSUBCRIBE CENSORSHIP
In-Reply-To: <Pine.OSF.3.91.961112171211.2337A-100000@InfoNET.st-johns.nf.ca>
Message-ID: <v03007801aeaeb75a4ae7@[207.167.93.63]>


At 5:12 PM -0330 11/12/96, Sheldon Andrews wrote:
>UNSUBCRIBE CENSORSHIP

You dumbass.

This is not "CENSORSHIP"...whatever you had in mind, no such mailing list
is copied in your "To:" or "cc:" field.

Secondly, "unsubscribe" is not spelled "UNSUBCRIBE."

Thirdly, send your unsubscribe commands to the appropriate place for the
list involved, not to the list itself.

Sheldon Andrews is hereby added to the "Don't Hire" list. Hope you weren't
planning to apply for work out here.

--Tim May




To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: unsubscribe cypherpunks








From nobody at replay.com  Tue Nov 12 15:56:51 1996
From: nobody at replay.com (Anonymous)
Date: Tue, 12 Nov 1996 15:56:51 -0800 (PST)
Subject: So how does the crypto crackdown go?
Message-ID: <199611122355.AAA21086@basement.replay.com>



>
>One question is whether they would also try to make it illegal to use
>(rather than to distribute) crypto software.  On the one hand, if they
>don't do that, they have a problem with all the installed base of code.
>But the legalities of stopping people from encrypting code on their own
>computers, or writing crypto programs for personal use, seem a lot more
>questionable to me, and I don't know how much precedent there would be
>for that kind of restriction.

Not at all questionable. A ban on crypto would follow the current trend in regulating technology. 
Consider the case of Bernie S. who is in jail for possessing electronic parts that could be 
used for telco fraud. Any government action towards banning crypto will include possession
of crypto as a crime. 

The "cat's out of the bag" argument is ineffective as well as the governments just don't 
care. They'll just say in effect: "It's illegal. Destroy it if you got it." Now it's doubtful if 
enforcement would make unprovoked searches and arrest people solely for possession 
of crypto. And it is also unlikely that DA's (except perhaps the most bored) would follow 
up on "My neighbor is using crypto" tips. But it is not uncommon for prosecutors to 
heap additional charges on criminals (alleged) such as the case in robbery: 1 count 
robbery, 1 count using a gun in robbery. or perhaps 1 count tax evasion, 1 count using 
crypto to commit tax evasion. While the former charge may end up being unproven the 
later often sticks.

>
>So as I see it the main target of the ban would be distributors of
>software rather than end users.  This would be in line with the often
>stated goal of the law enforcement people that their main concern is with
>crypto that is built in, transparent, and trivial to use, rather than
>hacker's crypto.

Hmmm. Hackers built the ubiquitous CryptoFS for Linux, no? And the nascent S/WAN 
too. I don't see a distinction between popular and subculture crypto. The two invariably 
mix. A program may have it's origins in the subculture but it will often meet the needs of 
the popular culture as well and be adopted, accepted, and so on. Consider PGP and 
such add-ons as Brainless-PGP, WinPGP, and the various auto PGP tools.

It seems to me that banning distribution would just be too generous. What is distribution? 
Are time share accounts distribution? I created it but many can use it but the actual bits 
(well are there actual bits?) never left my single computer. But the nature of "distribution" 
is to move something from one person to another. Now nothing really moved but a few 
electrons. But multiple people did use it. Book 'em. Distribution is an archaic term here 
and the regulations will involve controlling what software may be run on personal computers.

The stated goal is a posture designed to sound reasonable. Only time will tell if the actual 
goal is the regulation of computer uses as I suspect.

The security establishment fears crypto. Fears loss of control. 

I suspect that with Clinton back in the White House (was there a choice?) we will enter 
a period where the Clipper chip seemed like a good idea. In comparison. Unless some 
fundamental changes occur to the Security, Intelligence and Law Enforcement agencies  
(a new acronym? SILE? Pronounced with a long E of course <g>) we will see more
business as usual and some completely draconian steps taken against strong encryption. 
The only recourse is to take an active role now. We must go on the offensive and :

1) Deploy S/WAN
2) Write more strong ubiquitous crypto
3) Attack the SILE agencies directly by challenging their purpose, gutting their budgets, 
exposing their falacies (umm is that almost freudian or what), flooding international 
communications with strong crypto messages (content need not apply), and of course 
ridiculing their every effort.
4) Finding allies in the legal community and educating fence sitters, critical judges, 
legislators, and so on.

Now is the time to act.

diGriz





From postmaster at opennet.net.au  Tue Nov 12 16:14:25 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 16:14:25 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <3.0b36.32.19961112135631.00754284@panix.com>
Message-ID: <199611130014.LAA23770@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 16:24:36 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 16:24:36 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <9611121734.aa17916@salmon.maths.tcd.ie>
Message-ID: <199611130024.LAA23905@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 16:25:20 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 16:25:20 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611121917.VAA19844@freenet.hut.fi>
Message-ID: <199611130024.LAA23927@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 16:26:56 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 16:26:56 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611101939.LAA13170@netcom4.netcom.com>
Message-ID: <199611130026.LAA23956@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 16:27:58 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 16:27:58 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <woJaXD3w165w@bwalk.dm.com>
Message-ID: <199611130027.LAA23975@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 16:36:36 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 16:36:36 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <19961112184849116.AAA174@dev.vertexgroup.com>
Message-ID: <199611130036.LAA24120@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 16:40:54 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 16:40:54 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611121922.MAA18356@infowest.com>
Message-ID: <199611130040.LAA24162@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From ph at netcom.com  Tue Nov 12 17:07:45 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Tue, 12 Nov 1996 17:07:45 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <v02140b04aeaec9f1fa9b@[192.0.2.1]>


What do you do if you are operating a remailer and somebody complains
they are getting spammed?  That's easy, you keep a list of people that
you don't send mail to.  What's hard is if that person wants to receive
other anonymous mail.

The solution is easy: charge e-cash to send mail to certain addresses
and send the money to the owner of the account.  Never put an address
on a kill list, just raise the price of sending mail to it.  This
generates lots of positive publicity for your remailer.  People will
beg to be spammed!

And, since the remailer operator handles the financial parts of the
deal, the technically naive "victim" does not have to have specialized
knowledge or even an e-cash account.

This also eliminates the spam problem generally.  If you are plagued
by spam, create a list of names you will accept mail from.  When a
message comes in that is not on the list, return a message directing
them to send you the mail through a paying remailer.

This solves a problem for famous people, too.  They get lots of
mail but they don't have time to read it all.  How to sort it?  Raise
the price of sending a message.  (I heard that Arnold Schwarzeneggar
was once paid $1 million just to read a script and look at the set
of a movie with no obligation to act in it.)

Okay, now lets go to mailing lists.  We like to read anonymous mail
on this list, but we don't like getting spammed.  It's hard to filter
anonymous mail for obvious reasons.

The solution: don't accept anonymous mail.  Only people on the "approved"
list would be allowed to post.  People who wish to post anonymously
could then send mail through the paying remailer to people on the
"approved" list and request that their message be relayed.  Most people
on the list would be happy to accept a dollar or two to provide this
service.  This would eliminate inappropriate mail while allowing anybody
to post.

For that matter, postings to the list itself could be priced at, say,
a dollar to cut down on the noise levels.

Payments, and addresses which complicate payment, make it harder to
rely on the remailer network.  When you send a message through a
few remailers and make a faux pax on the last one, you won't know
what happened.  Did one of the remailers go down?  Did you make a
mistake?

I think I know a solution to this one, too.  If somebody wants to
get error messages, they include a random 128 bit number with their
message.  This is a different number for each remailer in the chain.
When an error occurs, the remailer distributes an error message
with the number attached.

Error message distribution is pretty easy.  The remailer operator
could publish a web page with the errors.  Or, the messages could
be bundled and made available through anonymous ftp, or mailed to
an error message mailing list, or posted to a newsgroup.

Peter Hendrickson
ph at netcom.com







From postmaster at opennet.net.au  Tue Nov 12 17:17:16 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 17:17:16 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.OSF.3.91.961112171211.2337A-100000@InfoNET.st-johns.nf.ca>
Message-ID: <199611130117.MAA24763@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From rcgraves at ix.netcom.com  Tue Nov 12 17:21:20 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Tue, 12 Nov 1996 17:21:20 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <Pine.SUN.3.95.961111234959.13077D-100000@viper.law.miami.edu>
Message-ID: <32892276.4439@ix.netcom.com>


Michael Froomkin - U.Miami School of Law wrote:
> 
> On Tue, 12 Nov 1996, Doug Renner wrote:
> 
> > Are these not correct?  Anyway, there were issues other than mere
> > legality discussed, including history & practicality.  Specifically,
> > the quotes from Benjamin Franklin, Thomas Jefferson, Rothschild,
> > references to Congressional Record, etc. were what had impressed
> > me in the link below.
> 
> Bah. "Mere legallity" indeed.

But Professor Froomkin, you are igNORING the inFLUENCE of the ILLUMINATI 
and the BILDERBERGERS. The same source that supplied this imPORTANT 
information about the FED tells us the TRUTH in an earlier missive. Mere 
"legality" and mere "facts" are NOT at issue here.

http://www.hevanet.com/nitehawk/nwo4.html

|ADAM WISEHOPHF, Professor at Germany's Ingolstadt University, founded 
|The Order of the Illuminati on May 1, 1776. This man designed the very
|plan of world domination that is still in use today to enslave the 
|world's masses. Here, upon establishing his "Order of the Illuminati", 
|he smugly reflects on his "conning" the gullible Christians of his day,
|saying: 
|
|"The most wonderful thing of all is that the distinguished Lutheran and 
|Calvinist theologians who belong to our order really believe that they 
|see in it (Illuminati) the true and genuine sense of Christian 
|Religion. Oh mortal man, is there anything you cannot be made to 
|believe?" 
|
|Evidently not! And a high percentage of Christians today are still 
|being conned in the same way. One prime example of this are the 
|millions of Christians, and most church denominations, who have fallen 
|for the NWO plan of a "One World RELIGION", being spearheaded by the 
|United Nations' National and World Counsel of Churches, behind the 
|battle cry of ecumenicalism. 
|
|Watch the future and we will see only small groups of spiritual Ameri- 
|cans, who will resist following the millions of "religious" lambs to 
|the slaughter. The Lord of the Bible always warned His people to never 
|follow the MULTITUDE. 

As everyone on cypherPUNKS KNOWS, to every conspiracy theory there IS a 
grain of TRUTH. We as a people MUST understand the TRUTH and fulfill our 
DESTINY. FREE AMERICA! http://www.nswpp.org/

> > Or am I just making that common but incorrect assumption that
> > unconstitutionality entails illegality?
> 
> No, I'm afraid you are making the common but incorrect assumption that
> reading some part of one court case from the dustbin of history out of
> context makes you a constitutional expert.

I seriously doubt he believes that. Or anything else he's spouting off 
about.

> > Thanks for responding to this thread, Michael.  Your input is very
> > much valued.
> 
> You may feel differently as I get grumpier...

Believe me, you're being far too kind.

-rich





From postmaster at opennet.net.au  Tue Nov 12 17:26:08 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 17:26:08 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <3.0.32.19961112152531.00a068b0@rpcp.mit.edu>
Message-ID: <199611130125.MAA24816@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From roach_s at alph.swosu.edu  Tue Nov 12 17:39:04 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Tue, 12 Nov 1996 17:39:04 -0800 (PST)
Subject: WebTV a "munition"
Message-ID: <199611130138.RAA14014@toad.com>


At 11:56 AM 11/11/96 -0800, Pablo Calamera wrote:

...
>The WebTV Network is currently using a 128 bit encryption system that
>gives our U.S. subscribers the most sophisticated security protection of
>any online service today. It is our intent to offer our customers the most
>secure environment for transactions and transmission with their WebTV
>Network service. Our units, sold by Sony and Philips, include a sticker
>that states that the product is not to be exported outside of the United
>States.
>
>However, the government restriction does not prevent us from exporting our
>product outside of the United States. WebTV Networks has always intended to
>announce its expansion plans in early 1997, providing global communication
>using either 40 bits, now authorized by the government, or 56 bits which
>Bill Clinton recently endorsed.
...
This may prove my ignorance, but I thought that the WebTV systems were going
to use a propiatory service.  I am assuming that this is true in this post.
If the WebTV product is using a propietory ISP for its operation, I assume
that WebTV sets sold outside of the United States will not be dialing up the
same phone number.  As the chip could easily communicate with the ISP, and
the ISP communicate, perhaps through standard credit validation systems,
with the merchants, why does the international version even need U.S.
developed encryption.  The international version could most likely be fitted
with the locally available strong encryption.  Since the WebTV ISP will
probably have a virtually private wide area network, the "foreign"
encryption could be replaced with a more standard type inside of the U.S.,
at the main offices.  Why give the U.S. government the ability to look at
the transaction information of non-U.S. citizens, off of U.S. soil.
If, however, the WebTV system does not have the ability to maintain contact
with its over-seas offices, this could be unfeasable.
Granted, this idea would mean that some computer would have access to all of
the relevant data,for the purpose of "trading" crypto, but I would rather
put my trust in a company, which I could easily quit dealing with, than the
U.S. government, which might easily institute an international sales tax system.
Can PGP be compiled to an EEPROM?  If so, PGP is well distributed and might
easily be accepted for online transactions, also, Mr. Zimmerman might be
willing to agree to a bulk liscense sale for the implemention of this idea.
Just make sure that the chip is loaded outside of U.S. borders.






From roach_s at alph.swosu.edu  Tue Nov 12 17:39:18 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Tue, 12 Nov 1996 17:39:18 -0800 (PST)
Subject: two bogus messages to this list
Message-ID: <199611130139.RAA14021@toad.com>


At 11:08 PM 11/11/96 -0500, Ted Garret wrote:
...
>Microsloth has, at the heart of it's system, a call which traps ALL
>KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
>placed inside of a DLL which most users would have no idea was loaded.
>Even under NT, this DLL can be made to remain resident and trapping
>Keystrokes, events, and window contents.
>
>Does this just BEG to be exploited?
...
I use Windows 3.11.  Look at the Recorder in it.  Its designed to create
Macros.  It can be set up, by anyone, to capture passwords in Eudora.  I've
tried it in a controled environment (my own machine), it works.  The only
defense is if the person were to have h[is,er] password left in Eudora,
which is a serious mistake, or if that person Alt,Tabs through all of the
resident programs to make sure it wasn't running.  Half of the people I've
told this to didn't even know that you could switch between windows
programs, (one didn't even know that more than one windows program could be
active at the same time).  In an open lab environment, where the machines
are left on, and the common user can't navigate outside of windows, and then
only with the mouse, this would be a serious threat to privacy.






From roach_s at alph.swosu.edu  Tue Nov 12 17:39:20 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Tue, 12 Nov 1996 17:39:20 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611130139.RAA14024@toad.com>


At 08:26 AM 11/11/96 -0800, Hal Finney wrote:
...
>I have two kids entering their teens, and I'm sure other list members are
>parents as well.  What can we do for our children to help them enter their
>adult lives with better chances to retain privacy?  Unicorn mentions keeping
>them absent from school on picture day, although I'm not sure how much this
>helps.  I suppose it makes it harder for an investigator to find out what
>they look(ed) like.  Then when they get old enough to drive you have a new
>problem avoiding the photo (and thumbprint) on the license.
...
As far as the drivers linscense goes, there are religions that do not allow
its members to be photographed, and the government honers this,(at least the
Tag Offices do).  I don't know the name of the religion but I believe it is
a Christian one.  Convert once every four years to get your drivers
liscense, and convert back within the week.  No photograph on that little
piece of plastic.
P.S.  In Oklahoma, there is no thumbprint on the current liscense.
P.P.S  You can always send your child to school with a note saying that you
do not want your child in the class picture, I know of someone who did that,
(on a side-note, we always wondered why.)






From roach_s at alph.swosu.edu  Tue Nov 12 17:39:23 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Tue, 12 Nov 1996 17:39:23 -0800 (PST)
Subject: A really short one time pad.
Message-ID: <199611130139.RAA14035@toad.com>


Actually, here are ten.
2^.5
3^.5
2^(1/3)
5^.5
5^(1/3)
7^.5
11^.5
13^.5
17^.5
Pi
For that patter the nth root of any prime number.
A lifetime of "pads" could be distributed in one trip.  Of course this still
means that you have to make the trip, and write down all of the above with a
referring codeword or number.
Cheap, I know.  Wonder if this type of "one time pad" is as foolproof as
truly randomly generated ones.






From postmaster at opennet.net.au  Tue Nov 12 17:43:56 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 17:43:56 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <3.0b36.32.19961112154157.00766b84@panix.com>
Message-ID: <199611130143.MAA24956@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 17:47:22 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 17:47:22 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v0300780daeae49989465@[206.86.1.35]>
Message-ID: <199611130147.MAA25078@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From postmaster at opennet.net.au  Tue Nov 12 17:49:50 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 17:49:50 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.LNX.3.93.961112081635.2801B-100000@web.wa.net>
Message-ID: <199611130148.MAA25145@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From stewarts at ix.netcom.com  Tue Nov 12 18:02:43 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Tue, 12 Nov 1996 18:02:43 -0800 (PST)
Subject: Small question about the list
Message-ID: <1.5.4.32.19961113020039.003944c8@popd.ix.netcom.com>


>I would be realy happy if someone could tell me the adress to remove my name
>from the distribution list.
>Could anyone send me the procedure on how to remove my name of the list ?

The two usual ways to do this on the internet are
1) Use the same address you used to join the list (you _did_ save it?)
2) somethinglist at somewhere.com is administered by
   somethinglist-request at somewhere.com (though this is often a frontend
   for some mailbot like majordomo or listserv @somewhere.com , and
   may just send you instructions for finding the real mailbot.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From deviant at pooh-corner.com  Tue Nov 12 18:12:25 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Tue, 12 Nov 1996 18:12:25 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <199611121840.KAA04414@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.961113020845.1226A-100000@random.sp.org>


On Tue, 12 Nov 1996, jim bell wrote:

> At 11:57 PM 11/11/96 -0500, Michael Froomkin - U.Miami School of Law wrote:
> >On Tue, 12 Nov 1996, Doug Renner wrote:
> >
> >> article nearly head-on.  However is it true that what you are saying is 
> >> that two fundamental premises in the article you refer to as "rabid" are 
> >> incorrect?  Namely:
> >> 
> >> "ARTICLE 1, SECTION 8 OF THE CONSTITUTION STATES THAT CONGRESS SHALL HAVE
> >> THE POWER TO COIN (CREATE) MONEY AND REGULATE THE VALUE THEREOF.
> >
> >The above is a true statement.  Note however that "congress" cannot
> >operate the mint.  It must -- **MUST** -- delegate this duty to the
> >executive branch (or someone outside the legislative branch, cf. Chadha
> >v. U.S.) if it wants it done. Congress is free to select the type
> >of agent it wants to do this.  Indeed, if Congress chose to license
> >private mints, that would, IMHO be legal.  The point here is that the
> >states don't have the power to coin money.
> 
> But, apparently, during the 1800's states (?) and individual banks did 
> indeed print their own currency.
> 
> The way I see it, a positive statement in the Constitution that the Feds 
> have the power to coin money does not necessarily exclude other 
> people/banks/states/foreign countries from doing likewise.
> 

Hrmm.. One might point out that the only thing required for someone to
"mint" (and I use this term loosely) money is for popular belief that the
money is worth something.  What do you think a cashier's check is?  Other
notable versions are (and I'm sure somebody is going to say "but its
represintative of the US Dollar", even though its all dealing with money
that really isn't there) is AmEx, MasterCard, Visa, etc.

> 
> Jim Bell
> jimbell at pacifier.com
> 

 --Deviant
        "Evil does seek to maintain power by suppressing the truth."
        "Or by misleading the innocent."
                -- Spock and McCoy, "And The Children Shall Lead",
                   stardate 5029.5.







From bgrosman at healey.com.au  Tue Nov 12 18:18:54 1996
From: bgrosman at healey.com.au (Benjamin Grosman)
Date: Tue, 12 Nov 1996 18:18:54 -0800 (PST)
Subject: Code of Practice for the Internet
Message-ID: <2.2.32.19961113231551.00738c60@healey.com.au>


Dear All,

Found something I thought you all might find interesting.....

www.intiaa.asn.au/codeintro.htm

A body in Australia is attempting to introduce a "Code of Practice" in Australia

Yours Sincerely,

Benjamin Grosman






From postmaster at opennet.net.au  Tue Nov 12 18:19:43 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 18:19:43 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <3.0b36.32.19961112110803.0075a02c@panix.com>
Message-ID: <199611130219.NAA25444@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From azur at netcom.com  Tue Nov 12 18:20:18 1996
From: azur at netcom.com (Steve Schear)
Date: Tue, 12 Nov 1996 18:20:18 -0800 (PST)
Subject: Taxation Thought Experiment
Message-ID: <v02140b08aeaed39459af@[10.0.2.15]>


>The crypto-relevance is via crypto anarchy: we need to undermine the tax
>system enough that _everyone_, not just us, loses faith in it. (There could
>be a "straw that broke the camel's back" effect, if people lose confidence
>in the system. Even if most people are _not_ using anonymous digital cash
>to hide income, if _enough_ are (and this "enough" could be a visible
>minority, visible through recounts of their deeds), then confidence could
>be lost. As in Italy and other such places, where compliance rates on taxes
>are very low.)
>
>--Tim May
>

I've posed similar questions to friends and aquaintences.  The
working-class stiffs (who can't easily hide from the IRS) feel taxes are an
unwelcome but necessary burden in order to provide the blanket of
government protection they feel exists.  They resent and oppose widespread
tax fraud.  Self-employed tend to be more open to 'alternative' income
structuring.


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear             | Internet: azur at netcom.com
Lamarr Labs              | Voice: 1-702-658-2654
7075 West Gowan Road     | Fax: 1-702-658-2673
Suite 2148               |
Las Vegas, NV 89129      |
---------------------------------------------------------------------

Internet and Wireless Development

Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne, Libertarian, for President.
http://www.harrybrowne96.org







From rcgraves at ix.netcom.com  Tue Nov 12 18:32:34 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Tue, 12 Nov 1996 18:32:34 -0800 (PST)
Subject: How many people killed by there own governments (Was: Re: a
In-Reply-To: <3.0.32.19961111182528.00a31d70@rpcp.mit.edu>
Message-ID: <32893307.5B5F@ix.netcom.com>


Dale Thorn wrote:
> 
> Joseph M. Reagle Jr. wrote:
> 
> > Do you have a breakdown of that number? I'm working on one of my
> > thought experiments and am looking for the appropriate stats:
> 
> [snip]
> 
> > Deaths by Govts. on "own people"
> 
> >   US Civil War     x M

I believe x is around 2, but it's a rather tortured argument to call 
that "government killing its own people." You had at least two 
governments going at it.

> As a war, not genocide per se, but you could include as many as 100
> million Africans killed in the slave trade, as long as the U.S. Park
> Police don't get dibs on verifying the official count. 

I've heard Farrakhan claim 500 million, but 100 million due to slavery 
and related colonialism seems credible. I also would not call this 
"governments killing their own people." For the most part, it was 
private enterprise. Slave traders were not exactly the cream of the 
intellectual elite.

> You might also include a large number of Chinese "laborers" in
> the 1800's.

The only conceivable connection to "governments killing their own 
people" I can think of is that railroad tycoon Leland Stanford was also 
a Senator at one point.

> >   US Native Americans
> 
> When I was in school in the 1950's and 1960's, the schools said there
> were no more than 3 million N.A.'s here circa 1600 or so.  The
> official count remains controversial.  BTW, since Columbus, the 
> Conquistadores, et al gutted much of Central and South America,
> include them too.

I'd have to ask John Morris on that.

> >   Hitler: Jews     6 M
> >   Hitler: Others   6 M
> 
> I wouldn't even bother with these two. The numbers are not that
> reliable, the topic is still way too hot for open research even
> today, and besides, all sides killed probably 100 million or better
> in WW2, most of them from purely terrorist bombing.  The significance
> of the "Holocaust" should not have been co-opted for commercial
> purposes as it has, but as they say, wishing don't make it so.

My. What a charmer you are. Please share these insights with the 
alt.revisionism crowd at your earliest convenience.

> >   Stalin:         30 M
> 
> 30 million is the "low" count, probably includes "hard" purges and
> identifiable political prisoners and very close associates, and 
> perhaps some family members.  Total unjustifiable non-war homicides on
> the part of the Stalin government (while Stalin in charge) may be 65
> million or thereabouts.

The 30 million figure comes from Robert Conquest, who worked for the 
British government writing anti-Soviet propaganda during and after the 
war. Nobody has ever accused him of underestimating Soviet 
atrocities. But playing rhetorical games with numbers of this magnitude 
is unseemly. I'll leave that to you guys. Suffice to say that Stalin was 
a monster, and Lenin was the same; there are scans of execution orders 
in Stalin's and Lenin's handwriting at 
http://sunsite.unc.edu/expo/soviet.exhibit/collect.html

> >   China: Cult Rev  x M
> 
> Similar comments as above - unjustifiable homicides on the behest of
> the Mao government (while Mao in charge) should be about 65 million.

Actually, the Cultural Revolution mostly enslaved people, rather than 
killing them. To get to 65 million you'd have to include the 
revolutionary and collectivization periods.

> Comment: The Guiness World Records were at one time or another a 
> source for some of this info, as was their original sources.  Do
> expect to see some disinformation thrown into the "real" documents.

Right. The Conspiracy touches everything. Even that authoritative 
historical journal the Guiness Book of Records.

-rich





From roach_s at alph.swosu.edu  Tue Nov 12 18:35:27 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Tue, 12 Nov 1996 18:35:27 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611130235.SAA14796@toad.com>


At 10:14 PM 11/11/96 -0600, Igor Chudov wrote:

>This is an interesting topic. I apologize if my questions are too trivial,
>but here they are: 
>
>	1) Can a person without an SSN have a credit record? Some
>	   may say that a credit record is a bad thing to have,
>	   but I am still interested in a possibility.
>	2) Will private lenders (such as credit card issuers or
>	   mortgage companies) agree to extend credit to a person
>	   without an SSN or to someone who refuses to give out his SSN?
>	3) Will the state issue a driver's license to someone who does not
>	   have/does not wish to give out their SSN?
>	4) Will states' police (where applicable) approve purchases of
>	   firearms if purchasers do not state their ssn (misstating it
>	   may be a crime) on an application?
>	5) Employers are required to pay certain taxes and therefore
>	   they, in my understanding, need to know their employees SSNs.
>	   How can people get around that (unless they do not need to work)?
>	6) Can someone without an SSN obtain various kinds of insurance?
>
>It is my understanding that the law does not regulate use of social 
>security numbers between private parties. Businesses are free to refuse 
>to do business with someone who does not present them an SSN. In real 
>life, how inconvenient is life of a privacy-concerned individual?
>
>Say, John Anonymous is a young 15 years old who anticipates to become an
>engineer and have a middle class life. He wants to get married, have
>children, drive a car, obtain insurance, work at some big company,
>travel around the world, invest in mutual funds or buy stocks, and so
>on. Reliance on government help is not important to him, so he would not
>apply for an SSN solely to get Social Security, welfare and such.
>
>His parents are cypherpunks and did not obtain an SSN for John. How much 
>effort would it cost him to live a life outlined above?

He couldn't, at least not in Oklahoma.  In Oklahoma, students in public
schools are now required to have SSN's.  This may not apply to private
schools, but I imagine that it does, at least to some degree.  Having a high
school education is certainly necessary to gain the Masters necessary to be
an engineer.
However, getting a drivers liscense should be easy.  My sisters drivers
liscense number is one that was randomly generated, all because she did not
know her SSN off of the top of her head.  My drivers liscense number is the
same as my SSN, all because I know my state mandated serial number.  For all
practical purposes, I am Roach, Sean 447-xx-xxxx.  Note, 447 refers to the
state of my birth.  My sisters record is at least a little more convoluted.






From blancw at microsoft.com  Tue Nov 12 18:36:33 1996
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 12 Nov 1996 18:36:33 -0800 (PST)
Subject: Taxation Thought Experiment
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961113023606Z-36582@INET-03-IMC.itg.microsoft.com>


From:	Timothy C. May

The crypto-relevance is via crypto anarchy: we need to undermine the tax
system enough that _everyone_, not just us, loses faith in it. 
.........................................................


Having more of the facts about how taxation works - how it affects an
individual in certain examples, providing the kind of calculating which
both Tim and Joseph have gone through, should do it (bring about the
loss of faith).  

And Ross Perot would be the right person to communicate it, with his
charts and his detailed explanations  (so would Harry Browne, but he
doesn't yet have the cash for such advertising).  

Ross doesn't want to do away with taxes completely, but he is at least
interested in their making sense.

   ..
Blanc






From postmaster at opennet.net.au  Tue Nov 12 18:39:19 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 18:39:19 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v0300780caeae94c77bd4@[206.119.69.46]>
Message-ID: <199611130239.NAA25657@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From vznuri at netcom.com  Tue Nov 12 18:56:06 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Tue, 12 Nov 1996 18:56:06 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <wmW_81eSMV0=1A_040@transarc.com>
Message-ID: <199611130255.SAA25806@netcom11.netcom.com>


I tend to agre with Ted Anderson's point that a shift
to cryptoanarchy will be a gradual process if it happens
at all. this is in total contrast to TCM who has, as
I recall, talked about "cryptoanarchy" as an example
of a phase discontinuity, i.e. an abrupt transition.

I personally would like to see a more specific description
of "cryptoanarchy" because it seems its originator is always
posting new messages about what it really is about, associating
it with new developments, and distancing it from areas of
stagnation or perceived criminality. a bit of "success 
has a thousand fathers, failure is an orphan" going on here.






From postmaster at opennet.net.au  Tue Nov 12 18:58:01 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 18:58:01 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <19961112.130433.9303.1.alzheimer@juno.com>
Message-ID: <199611130257.NAA25903@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From unicorn at schloss.li  Tue Nov 12 19:00:53 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 12 Nov 1996 19:00:53 -0800 (PST)
Subject: Conspiring to commit voodoo
In-Reply-To: <Pine.SUN.3.91.961111135201.12543A-100000@crl.crl.com>
Message-ID: <Pine.SUN.3.94.961112003415.4477B-100000@polaris>


On Mon, 11 Nov 1996, Sandy Sandfort wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Mon, 11 Nov 1996, Timothy C. May wrote:
> 
> > ...This benign neglect will probably change rather quickly if
> > one of the offshore betting markets starts carrying odds that a
> > particular judge or other public figure will be killed. And if
> > he _is_ killed, look for interrogations of the AP "ringleaders"
> > --and maybe many of the rest of us, who have spoken out for
> > anarchy and the like...
> 
> Just a reminder of the appropriate response in such a case.
> Just keep repeating the four magic words, "I want a lawyer."
> Co-operation buys you NOTHING.  (I hereby christen this the
> "Jewell Rule" for obvious and topical reasons.)

"Me too."

Seriously, this is the best course of action.

A friend of mine tells an interesting story.
On driving to a convenience store early in wee hours, he sees a man
splayed across the hood of a parked car, perhaps dead.  Being the good
citizen he is he tracks down a police car and reports the incident.
Instead of investigating the "body," the police decide to pull him over
and write him $700 in tickets for various fictitous violations (all of
which were later thrown out).  He, as would any reasonable
citizen, protested, not so much for the tickets, but for the
possibility that the prone man might need medical attention.
(The incident was not called in on the radio).  He took the
tickets and remarked something to the effect of, "I can't
believe this is what one gets for trying to be a good citizen,
trying to get involved."  Officer's response:  "Yep.  Next time 
don't bother."  Eventually, some 30 mintues later the police drive to the
location and revive what was a sleeping bum, take my friend to the station
and make him wake his wife to bail him out to the tune of $250.

Total cost: $300 in legal fees to fight the "violations."

>From that point on he vowed never to make statements to police except in
the highly unlikely event that he might somehow become the prime suspect
of a murder investigation and counsel suggested he do so.

Whenever a police officer asks questions more substantial than "can I see
your license" or "do you have registration" he simply clams up shurgs
his shoulders, or otherwise makes completely unsubstantial responses which
drip apathy from all four corners.

If questioned about his non-responsiveness he smiles patiently and begins
thusly:

"Let me tell you a story officer... once upon a time a man was minding his
own business at 2am on the way to the convenience store...."

You can never win.  Don't try.

Readers might remember my own account of being interrogated for attempting
to purchase a car in cash at a "we hate drug dealers" dealership in
Virginia.  Cops know enough to play on human nature.  Most people want to
show the officer they are cooperative, to prove their good will.  Most
people will try to win the war of wits and waive away all their rights
simply because an officer asks if its ok with you if he violates your
rights politely.

"If you have nothing to hide, why can't I search the trunk?"
"You don't mind if I come in do you?"
"Why don't you come down to the station, it will only take a few minutes."
"If I find anything after I get a warrant, I'm not going to be happy."
"We can do this the easy way, or the hard way."
"Who are you protecting?"
"Tell us how you found the napsack, we want to make a training video."

What most citizens fail to do is call the bluff.  If every citizen made
every curious police officer go to a magistrate and sign for a warrant,
police would be a whole lot more careful about which cases they decided to
bother a magistrate with.

Be patient.  Make them get the warrant.  Make sure you tell them,
politely, that it is your hope that more people will do as you have, that
the magistrate will begin to wonder at all the warrant applications that
are suddenly coming in for this officer and the lack of corresponding
arrests.  Perhaps someone will pay attention.

> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From blancw at microsoft.com  Tue Nov 12 19:06:42 1996
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 12 Nov 1996 19:06:42 -0800 (PST)
Subject: Taxation Thought Experiment
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961113030429Z-36653@INET-01-IMC.microsoft.com>


From:	azur at netcom.com

I've posed similar questions to friends and aquaintences.  The
working-class stiffs (who can't easily hide from the IRS) feel taxes are
an
unwelcome but necessary burden in order to provide the blanket of
government protection they feel exists.  They resent and oppose
widespread
tax fraud.  Self-employed tend to be more open to 'alternative' income
structuring.
.....................................................


Just before the elections I heard on NPR and read in an article in a
local newspaper, some people's stories of how they converted from
Democrat to Republican.

Most of them said that athough they were originally idealistic about all
the good things which government can do, when they started their own
businesses they were suddenly confronted with all the excruciating
regulation and rigmarole which any business must deal with on a daily
basis while just trying to get some work accomplished.   Very quickly
they realized the consequences of a lot of the government proposals
which they had heretofore supported.

So I realized that experience is not only the best teacher, but it is
also the best argument against bad cases of faith in government-run
economies.   Sometimes a person can't understand what the problem is
unless they've "been there", and once a person becomes self-employed,
starts a business, or becomes an investor in an enterprise, the light
dawns and they Understand.

I'm happy when I read that more and more of those people who are
"down-sized" or  layed off are turning to self-employment and starting
their own companies, because this means that more people will acquire
through direct experience (that is, confrontation with govmt agencies)
the details of real-life economics which were left out of high school &
college.  

And this means more economics&tax-savvy voters in existence for govmt
candidates to face in the elections.

    ..
Blanc






From postmaster at opennet.net.au  Tue Nov 12 19:09:05 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 19:09:05 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <7gPaXD1w165w@bwalk.dm.com>
Message-ID: <199611130309.OAA26011@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From mhw at wittsend.com  Tue Nov 12 19:10:47 1996
From: mhw at wittsend.com (Michael H. Warfield)
Date: Tue, 12 Nov 1996 19:10:47 -0800 (PST)
Subject: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <7gPaXD1w165w@bwalk.dm.com>
Message-ID: <m0vNVhe-0000rPC@wittsend.com>


Dr.Dimitri Vulis KOTM enscribed thusly:

> paul at fatmans.demon.co.uk writes:


> > > Yeah, right. Be sure to ask Paul Bradley to implement his brute force
> > > attack on one-time pads. :-)

> > I retracted this and as I explained the post was in error as I was 
> > talking about stream ciphers when I should have been taking about 
> > OTPs. Please read a little deeper into my post asshole.

> I've got more interesting things to do than read "deeper" into
> your ignorant drivel.

	Yeah - spouting your own ignorant drivel.

	DAMN!  Too easy!  :-)

> ---

> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!





From tcmay at got.net  Tue Nov 12 19:11:19 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 12 Nov 1996 19:11:19 -0800 (PST)
Subject: Dossier on Rick Smith is Easily Obtainable
In-Reply-To: <199611122141.PAA27619@shade.sctc.com>
Message-ID: <v03007800aeaeeabb71b7@[207.167.93.63]>


At 3:41 PM -0600 11/12/96, Rick Smith wrote:

>When faced with peculiar situations I try to choose a disclosure that
>meets whatever the immediate requirements are but doesn't make it easy
>to automatically match up records. Often the best you can do is reduce
>certainty and increase the likelihood of multiple matches with other
>records. It doesn't hurt if you last name is Smith here in the U.S.A.

Hardly very effective, Mr. Rick Smith. You are not nearly so anonymous as
you seem to think. Your "Smith" disguise falls apart in a few cycles of a
Pentium.

(And bit rot is rarely effective...trust me. With XORs and comparisons,
even highly damaged records will be trivially reconstructable, with a
ruthless efficiency that will give capabilities 10 years from now that will
stun nearly everyone on this list. Deja News and Alta Vista on 10 years of
steroids, located offshore to enable regulatory arbitrage.)

To illustrate, let me call up my BlackNet Dossier Service entry on you.
www.black.net... I'll just pick _part_ of your entry, from exactly 30 years
ago:

[,,,,much stuff about Mr. Smith elided....]

....1966-67, student, Langley H.S., Langley, VA...interest in "Cretaceous
extinction" [Agency note: this interest in "extinction"...is it abnormal,
or just precocious?]...known to associate during this year with
troublemakers, incl. J. Landua, W. Winkowski, and [deleted for security
reasons by ONI]...

...

So, Mr. Smith...is the dossier entry basically correct? Were you in fact
living near Langley? Why? Is it true that your high school was on the other
side of the fence from the CIA?

Nationally enquiring minds want to know.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From postmaster at opennet.net.au  Tue Nov 12 19:26:21 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 19:26:21 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611122147.PAA06047@proust.suba.com>
Message-ID: <199611130326.OAA26123@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From tcmay at got.net  Tue Nov 12 19:27:00 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 12 Nov 1996 19:27:00 -0800 (PST)
Subject: A really short one time pad.
In-Reply-To: <199611130139.RAA14035@toad.com>
Message-ID: <v03007801aeaef123f2eb@[207.167.93.63]>


At 5:39 PM -0800 11/12/96, Sean Roach wrote:
>Actually, here are ten.
>2^.5
>3^.5
>2^(1/3)
>5^.5
>5^(1/3)
>7^.5
>11^.5
>13^.5
>17^.5
>Pi
>For that patter the nth root of any prime number.
>A lifetime of "pads" could be distributed in one trip.  Of course this still
>means that you have to make the trip, and write down all of the above with a
>referring codeword or number.
>Cheap, I know.  Wonder if this type of "one time pad" is as foolproof as
>truly randomly generated ones.

You needn't wonder. These are not one time pads. Read any opening chapter
of any book on crypto to see why.

However, there might be a good company you could put together around this idea.

(I wonder why nobody has thought of something so easy....)


--Tim


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From dlv at bwalk.dm.com  Tue Nov 12 19:27:00 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 12 Nov 1996 19:27:00 -0800 (PST)
Subject: Money-making ideas for Igor Chudov
In-Reply-To: <Pine.LNX.3.95.961112045010.17509B-100000@dhp.com>
Message-ID: <VBaBXD48w165w@bwalk.dm.com>


aga <aga at dhp.com> writes:
> >
> > "Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov at algebra.com> writes:
>
> algebra.com is a suspect domain.

Yes, Dr. Grubor - it's been implicated in Jan Isley's (spit) Usenet vote fraud:

]From: Jan Isley <jan at bagend.atl.ga.us>
  (spit)
]Newsgroups: news.announce.newgroups,news.groups,misc.invest,sci.econ,sci.econ.research,sci.stat.math
]Subject: RESULT: sci.finance.abstracts moderated passes 299:22
]Supersedes: <833766203.25886 at uunet.uu.net>
]Followup-To: news.groups
]Date: 16 Jun 1996 20:53:15 -0400
]Organization: Usenet Volunteer Votetakers
]Lines: 475
]Sender: tale at uunet.uu.net
  (spit)
]Approved: newgroups-request at uunet.uu.net
]Message-ID: <834972791.18156 at uunet.uu.net>
]References: <832958763.9345 at uunet.uu.net> <833766203.25886 at uunet.uu.net>
]NNTP-Posting-Host: rodan.uu.net
]Archive-Name: sci.finance.abstracts
]
]                                RESULT
]         moderated group sci.finance.abstracts passes 299:22
]
]sci.finance.abstracts results - 321 valid votes
]
] Yes  No  | 2/3 >100 | Pass | Group
]---- ---- | --- ---- | ---- | -------------------------------------------
] 299   22 | Yes  Yes |  Yes | sci.finance.abstracts
]   32 invalid votes
...
][ notes on the voter list:
]
]  31 "suspicious" votes from manifold.algebra.com were invalidated.
]  Most of the acks bounced and no response was recieved after multiple
]  attempts to verify the voters.
...
]
]Invalid ballots
]-------------------------------------------------------------------------------
]antosha at manifold.algebra.com                                    Anton Prokofiev
]    ! site invalidated
]blin at manifold.algebra.com                                             Bobby Lin
]    ! site invalidated
]brown at manifold.algebra.com                                           Brad Brown
]    ! site invalidated
]doug at manifold.algebra.com                                         Doug Hamilton
]    ! site invalidated
]dyer at manifold.algebra.com                                             Rock Dyer
]    ! site invalidated
]gcooper at manifold.algebra.com                                        Greg Cooper
]    ! site invalidated
]gunboy at manifold.algebra.com                                      Ronald Trecker
]    ! site invalidated
]kjh at manifold.algebra.com                                          Ken J. Hunter
]    ! site invalidated
]lenka at manifold.algebra.com                                        Elena Zaiceva
]    ! site invalidated
]mccaig at manifold.algebra.com                                       Andrew McCaig
]    ! site invalidated
]mel.lunch at manifold.algebra.com                                        Mel Lynch
]    ! site invalidated
]mikeb at manifold.algebra.com                                           Mike Burke
]    ! site invalidated
]mil at manifold.algebra.com                                         Milton Parrott
]    ! site invalidated
]milman at manifold.algebra.com                                        Jerry Milman
]    ! site invalidated
]mjohnson at manifold.algebra.com                                      Mark Johnson
]    ! site invalidated
]mklein at manifold.algebra.com                                        Martin Klein
]    ! site invalidated
]msidorova at manifold.algebra.com                                  Marina Sidorova
]    ! site invalidated
]munze at manifold.algebra.com                                          Martin Unze
]    ! site invalidated
]nastya at manifold.algebra.com                                              Nastya
]    ! site invalidated
]natasha at manifold.algebra.com                                         Natasha K.
]    ! site invalidated
]owen at manifold.algebra.com                                            Larry Owen
]    ! site invalidated
]pizza at manifold.algebra.com                                      Sergey Filippov
]    ! site invalidated
]rcross at manifold.algebra.com                                       Russell Cross
]    ! site invalidated
]rhenderson at manifold.algebra.com                                   Ron Henderson
]    ! site invalidated
]sexguru at manifold.algebra.com                                Anthony Del Vecchio
]    ! site invalidated
]smk at manifold.algebra.com                                        David Shoemaker
]    ! site invalidated
]tar at manifold.algebra.com                                        Mikhail Tarutin
]    ! site invalidated
]tarasik at manifold.algebra.com                                      Taras Leonoff
]    ! site invalidated
]volk at manifold.algebra.com                                        Mikhail Volkov
]    ! site invalidated
]whale at manifold.algebra.com                                      James S. Whaley
]    ! site invalidated
]willis at manifold.algebra.com                                          Tim Willis
]    ! site invalidated

Please consider declaring algebra.com and video-collage.com rogue sites.

> > > manifold::~==>premail -t cypherpunks at toad.com
> > > Chain: haystack;jam
> > > Subject: I urgently need a lot of money.
> > >
> > > Please share your money-making secrets, I am in a desperate need
> > > for cash.
> >
> > For shame! Igor Chewed-off disgraces his Chewish Mommy by even asking. Isn'
> > propensity for "gesheft" genetic? Here's another money-making idea for Igor
> >
> > Igor obtains a list of e-mail addresses of people interested in equity-rela
> > investments (e.g. by watching misc.invest.* and sending the posters / those
> > voted for their creation unsolicited e-mail; or by posting anonymous ads,
> > inviting the readers to reply to a reply block in order to receive 3 free
> > promotional issues of an investment advice newsletter; or even by starting
> > his own private financial derivatives mailing list). Igor divides the maili
> > list into 2^3=8 parts, and gives them exotic Russian-sounding names: Alekse
> > Boris, Vasilij, Grigorij, Dmitrij, Elena, Zhenja, Zoya.
> >
> > Igor then uses an anonymous remailer to spam everyone on his mailing list w
> > the 8 variants of the following message: "Congratulations! You have won 3 f
> > issued of the _Boris Investment Newsletter, published in Tulsa, Oklahoma, b
> > proud holder of a Master's Degree in Financial Engineering from the Moscow
> > State University. I predict that within the next month Adobe stock will go
> >
> > Instead of "Boris", Igor will substitute one of the 8 newsletter names; ins
> > of Adobe, he can use any volatile stock that's as likely to go up as down;
> > the predicted stock price movement will be "up" in the first four newslette
> > and "down" in the other four.
> >
> > One month later the stock in question is either up or down. Without loss of
> > generality, suppose that it's gone down. Aleksej, Boris, Vasilij, and
> > Grigorij's investment advice was wrong, they disappear from the face of the
> > earth, and the former recipients of their newsletters don't get bothered an
> > more. (Or they could be recycled for future scams; or they could be send th
> > remaining 2 issues of worthless advice, as promised.) On the other hand
> > Dmitrij, Elena, Zhenja, and Zoya guessed right, so this time they send out
> > new investment newsletter via the anonymous remailers:
> >
> > "Congratulations! You continue to receive the free investment advice newsle
> > from Zoya in Tulsa, Oklahoma. Last month I correctly predicted that Adobe w
> > have gone down. If you're smart, you've shorted Adobe's stock and made lots
> > money by now. This month I predict that Cisco will go _down as well."
> >
> > Again, Dmitrij and Elena predict that some other volatile stock goes up, wh
> > Zhenja and Zoya predict that it goes down. Suppose D&E are right. Igor leav
> > the Zh.&Z. partitions alone. One month later D&E's subscribers get letter #
> >
> > "Congratulations! You continue to receive the free investment advice newsle
> > from Elena in Tulsa, Oklahoma. Two months ago I predicted that Adobe would
> > down. I hope you sold it short. Last month I predicted that Cisco would go
> > I hope you bought it. This month I predict that Lucent will go _up."
> >
> > One month later one of the two is right, so its recipients get the fourth a
> > final e-mail from an anonymous remailer, this time using a reply block:
> >
> > "I've given you three free stock tips over the last 3 months which probably
> > made you a lot of money. Now that you've seen my track record, you'll want
> > continue receiving my free advice, but the free promotion is over. Please s
> > $20 in untraceable digital cash to this reply block to receive 6 future
> > issues."
> >
> > Quite a few people would risk the $20, but that would be the last they hear
> > from Igor. :-)
> >
> > (Alternatively, he can even e-mail 6 more issues of worthless advice to tho
> > who caughed up the $20, so they can't complain. It would be hard to prosecu
> > Igor without proving that all 8 newsletters were published by the same pers
> > who's been giving contradictory advice to different people.)
> >
> But what Law would you charge him with?
> Unless you could prove his "intent" I see no way that you
> could ever prove any case against him.

The intent is to defraud, but shouldn't absolute free speech protect fraud
and libel?

> > "Credibility is expendable." - John Gilmore
>
> He just says that because he spent his.

That's very true - he has none left whatsoever. What a sorry piece of work.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From postmaster at opennet.net.au  Tue Nov 12 19:31:23 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 19:31:23 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <199611130331.OAA26153@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From vznuri at netcom.com  Tue Nov 12 19:32:57 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Tue, 12 Nov 1996 19:32:57 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <Pine.SUN.3.94.961110173517.12339E-100000@polaris>
Message-ID: <199611130331.TAA28661@netcom11.netcom.com>


>I'm sure some clever participant at DCSB will do a pile of homework before
>coming to my talk and put it all together.  So be it.  If he or she is
>polite, they might chide me in private a bit, but not blather all over the
>list just to show how very clever they were.  As long as they enjoy the
>talk, I'm not overly concerned.

or then again, maybe they'll sell it to BLACKNET!! <g>

actually Unicorn, eventually voice analysis software may
evolve to the point that someone could match people
based on their voices to public speech databases, and you
could be nailed through your phone conversations. hmmmm, have you
ever had a conversation with someone who might have been
taping you for amusement?

(heh. you write a long, self-indulgent letter about the extremes
you have gone to keep your ID secret, and pretend to be blase' &
nonchalant if someone discovers it? I think I can see through
that smokescreen.)

actually, I heard this interesting rumor that Unicorn threatened
to sue someone who "defamed" his pseudonym. quite an amusing
story if true, given his last essay that talks about how he
created the pseudonym in the first place to avoid exactly what
it accomplishes, i.e. dissociating his professional identity
from the "lunatic anarchist" writhing beneath the surface.

actually, there are some amusing things going on here with cpunk
"rules." are cpunks in favor of pseudonyms or not? one famous
cpunk madman wrote under a pseudonym to the list, and many
cypherpunk went to great lengths to try to derive his identity.
is this a case of respecting pseudonyms? or is it more a case of
the double standard at best, hypocrisy at worst, 
"respect my pseudonyms, but yours are fair game"?  

one noted proponent of pseudonymity, whom we will merely call "Timmy", 
regularly takes great glee in misattributing my own posts to some 
deranged crackpot running loose in cyberspace. is this a case
of respecting my identity? suppose I really was this person-- 
shouldn't Timmy's position be one of respect for my use of
a pseudonym? of course he is too immature and feebleminded to
even consider this discrepancy in his philosophy. cpunks are
not known for having coherent philosophies that answer simple
questions of actions in the face of quandaries. the basic
cpunk philosophy, as amply illustrated by 2/3 of its founders, is
"look out for #1 only, and don't waste time on something as
inane as selfless public service or leadership"






From postmaster at opennet.net.au  Tue Nov 12 19:44:43 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 19:44:43 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <199611122025.MAA24148@netcom13.netcom.com>
Message-ID: <199611130344.OAA26256@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From jw250 at columbia.edu  Tue Nov 12 19:57:38 1996
From: jw250 at columbia.edu (Jim Wise)
Date: Tue, 12 Nov 1996 19:57:38 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <v03007801aeae80c47f21@[207.167.93.63]>
Message-ID: <Pine.SUN.3.95L.961112224755.2462B-100000@bonjour.cc.columbia.edu>


On Tue, 12 Nov 1996, Timothy C. May wrote:

> My piece was written as a rant about the dangers of the proposed talk of
> "privatizing food distribution points," about how this would result in a
> system where only the rich could get access to nutritional food, and how
> the poor would be made to suffer. And how this "caloric anarchy" would
> result in vicious monopolies, price wars, and deviation from Recommended
> Governmental Caloric Intake Rules.

Which it does...  FWIW, I tend to agree with your general point, but I
moved from downtown Manhattan to Harlem recently, and was surprised to see
how many foodstuffs cost _more_ up here, as well as the obvious fact that
many are harder to get...  Junk food and cheap liquor are everywhere,
though...

Which doesn't say that a centralized food distribution system would be a 
win, but don't bet on privatization being a win either.  Many of the local
stores won't even hire in the neighborhood...

Of course, with big supermarket chains finally breaking into this island,
that is becoming less of an issue, so maybe things will balance.  Looking 
around me, I'm not inclined to bet on it, tho.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From declan at eff.org  Tue Nov 12 19:57:48 1996
From: declan at eff.org (Declan McCullagh)
Date: Tue, 12 Nov 1996 19:57:48 -0800 (PST)
Subject: Exon Countdown Clock and farewell messages
In-Reply-To: <199611120144.RAA16399@toad.com>
Message-ID: <Pine.SUN.3.91.961112195641.17323H-100000@eff.org>


I disagree. I think people understand the printing press and still want 
to control it. Morality police are morality police, no matter what the 
medium or how well they understand it.

-Declan


On Mon, 11 Nov 1996, Sean Roach wrote:

> At 09:59 AM 11/8/96 -0800, Michael Page wrote and Rich Graves forwarded:
> ...
> >We would attempt to send it via a Email, but the respected Senator does not
> >have Email. (The Irony).
> ...
> There is no irony here, Mr. Exon tried to control the internet for the very
> reason that he didn't understand it and one of his granddaughters did.
> Perhaps if he did understand the internet then he wouldn't be a threat.
> Remember, people fear that which they don't understand.
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From postmaster at opennet.net.au  Tue Nov 12 20:00:55 1996
From: postmaster at opennet.net.au (Open Net Postmaster)
Date: Tue, 12 Nov 1996 20:00:55 -0800 (PST)
Subject: Returned mail: User Unknown
In-Reply-To: <v03007802aead19eacee0@[207.167.93.63]>
Message-ID: <199611130400.PAA26479@rainy-day.openweb.net.au>



The address you mailed to is no longer valid.
This is probably because the user in question was an
old Open Net subscriber. Open Net is NO LONGER an ISP,
and has not been since May 1996.

We have no redirection address for that user. Please
remove them from any mailing lists you might have.

This response was generated automatically.






From dthorn at gte.net  Tue Nov 12 20:46:20 1996
From: dthorn at gte.net (Dale Thorn)
Date: Tue, 12 Nov 1996 20:46:20 -0800 (PST)
Subject: Child Protective Services and Political Views
Message-ID: <328950B3.1B0E@gte.net>


Duncan Frissell wrote:
> At 11:26 AM 11/12/96 -0800, Timothy C. May wrote:
> >Who knows, it may even be a
> >technical crime ("contributing to the delinquency of a minor"?) to even
> >discuss basic libertarian ideas with a minor. And as I said, Child
> >Protective Services could quite possibly seize a child whose parents were
> >sufficiently vocal about their beliefs.)

> One shouldn't be vocal to public employees in any case.  Avoid them.  If
> you are going to be vocal use a non government forum.  Separate your
> personal life from your political life.  It's not too hard to break most of
> the pointers between your physical presence and your ideological presence.
> Even though an investigator could find where I sleep at night, they would
> have to actually expend the resources.  My neighbors and the local cops are
> unlikely to make the connection because they and I move in very different
> circles and I minimize my database presence.

[snip]

Those people who live a very simple life [no TV, or at least no Cable TV,
sleep on the floor with a small, thin mattress, use very little power
outside of what's necessary for the laptop AC adapters, drive the smallest
cheapest car available, wear old clothing, wear a beard to cut down on
shaving, eat mostly veggie and mostly fresh, avoid doctors and drugstore
products, stay away from large-corporation jobs, move frequently, rent
but never buy, .... (you get the picture)] will get by just fine, and
will have the flexibility to make large-scale adjustments rather easily.

People who consider the opposite of some of the things mentioned above as
very important to them will have to deal with the bad news.






From froomkin at law.miami.edu  Tue Nov 12 20:49:45 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Tue, 12 Nov 1996 20:49:45 -0800 (PST)
Subject: So how does the crypto crackdown go?
In-Reply-To: <199611111718.JAA31638@crypt>
Message-ID: <Pine.SUN.3.95.961112234909.24058D-100000@viper.law.miami.edu>


As Hal knows, but some newer members of the list may not, I discuss the
possibility of a ban on strong (unescrowed) crypto at some, ahem, length
in

http://www.law.miami.edu/~froomkin/articles/clipper.htm

Although the article is more than 18 months old, the law hasn't changed
in any material way as far as I know.

Bottom line: they probably can't do it under the constitution, but it's a
closer call than it should be.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | Great weather here. 






From azur at netcom.com  Tue Nov 12 21:06:59 1996
From: azur at netcom.com (Steve Schear)
Date: Tue, 12 Nov 1996 21:06:59 -0800 (PST)
Subject: Secrecy: My life as a nym
Message-ID: <v02140b0eaeaf077188f4@[10.0.2.15]>


>At 10:14 PM 11/11/96 -0600, Igor Chudov wrote:
>
>>This is an interesting topic. I apologize if my questions are too trivial,
>>but here they are:
>>
>>       1) Can a person without an SSN have a credit record? Some
>>          may say that a credit record is a bad thing to have,
>>          but I am still interested in a possibility.
>>       2) Will private lenders (such as credit card issuers or
>>          mortgage companies) agree to extend credit to a person
>>          without an SSN or to someone who refuses to give out his SSN?
>>       3) Will the state issue a driver's license to someone who does not
>>          have/does not wish to give out their SSN?
>>       4) Will states' police (where applicable) approve purchases of
>>          firearms if purchasers do not state their ssn (misstating it
>>          may be a crime) on an application?
>>       5) Employers are required to pay certain taxes and therefore
>>          they, in my understanding, need to know their employees SSNs.
>>          How can people get around that (unless they do not need to work)?
>>       6) Can someone without an SSN obtain various kinds of insurance?
>>

Some recent congressional actions or court rulings regarding the mandidate
for SSN (Source: National Organization for Non-Enumeration (NONE),
http://ime.net/none):

* Public Law 104-193 President Clinton Signs Welfare Bill. The bill
includes a number of sections attempting to expand the use of the Social
Security number and creates new state and federal databases for personal
information.

* H.R. 3598 Prohibits certain misuses of the Social Security number.
Prohibits any person from utilizing any person's Social Security number for
purposes of identification of such person without the written consent of
such person.


* H.R. 3110 Disclosure of Social Security number. Provides for disclosure
by the Social Security Administration of Social Security numbers and other
records to judgments, or orders issued by courts of competent jurisdiction.

* H.R. 4209 Requires applicants registering to vote to provide Social
Security number. Amends the National Voter Registration Act of 1993 to
require each individual registering to vote in elections for Federal office
to provide the individual's Social Security number.

* S. 580 Illegal Immigration Control and Enforcement Act of 1995. Provides
for a reduction of acceptable employment-verification documents.

* S. 999 Illegal Immigration Control Act of 1995. Provides for the issuance
of enhanced social security cards for citizens and mandates employer
verification of the number.

* Olympia, Washington. Court rules no "right to labor" without social
security number.

* Bar None New Hampshire attorney, was suspended from the Maine Bar because
he refused to disclose his Social Security number. Reinstated after
agreeing to Consent Decree.

* Texas Tech Texan was terminated from his employment for failing to
provide a social security number. Filed a religious discrimination claim
with EEOC. Rehired under provisions of Consent Decree.

* Stop The Press Washington state youth was fired from his newpaper route
for not having a Social Security number. Rehired after proving federal law
does not require enumeration as a condition of employment.

* Vote! Vote! Virginia's law requiring all citizens to provide their Social
Security number in order to become registered to vote imposes "an
intolerable burden" on their right to vote.

* Taco's Are His Life Ohio teenager fired by Taco Bell for refusing to
provide a Social Security number. Rehired after proving there is no
requirement to provide number to employer.

* Social Security Number Not Needed For Licenses Virginians can choose not
to have their SSN appear on their driver's license.

* Driver License District of Columbia law requiring applicants for driver's
license to provide their Social Security number held invalid.

-- Steve







From azur at netcom.com  Tue Nov 12 21:08:47 1996
From: azur at netcom.com (Steve Schear)
Date: Tue, 12 Nov 1996 21:08:47 -0800 (PST)
Subject: Taxation Thought Experiment
Message-ID: <v02140b0faeaf07959179@[10.0.2.15]>


>Blanc wrote:
>Just before the elections I heard on NPR and read in an article in a
>local newspaper, some people's stories of how they converted from
>Democrat to Republican.
>
>Most of them said that athough they were originally idealistic about all
>the good things which government can do, when they started their own
>businesses they were suddenly confronted with all the excruciating
>regulation and rigmarole which any business must deal with on a daily
>basis while just trying to get some work accomplished.   Very quickly
>they realized the consequences of a lot of the government proposals
>which they had heretofore supported.
>

A case in point: A small company which manufactures premium, hand-rolled,
cigars received a bill from the ATF for an unpaid tax and penalties.  The
notice indicated that the particular tax was over 5 years delinquint.  When
asked where in the over 500 pages of ATF regulations this tax was
documented the investigator said he didn't know and indeed didn't find it
after weeks of trying.  Finally and expert in D.C. found the obscure
reference.  The company wanted to know why they were being billed for this
tax after almost a decade of operation.  They were told that althought the
tax has been on the books the ATF had only recently programmed its
computers to access the tax.  Nevertheless, the tax and penalties were
owed, billed or not.








From jya at pipeline.com  Tue Nov 12 22:16:15 1996
From: jya at pipeline.com (John Young)
Date: Tue, 12 Nov 1996 22:16:15 -0800 (PST)
Subject: NRC Crypto Report Supplement
Message-ID: <1.5.4.32.19961113061227.006a2900@pop.pipeline.com>


As Herb Lin noted here last week, the final printed version
of the NRC Cryptography Report is available. It's a handsome
and bountiful volume; and belongs in all the world's libraries.

The main difference from the May 30 pre-publication version
is about 190 pages of reference documents, now provided
in a new Appendix N. The book claims all came from the Internet.

We've put 13 of the documents listed below on our site, and 
will finish the last 2 tomorrow. The Executive Orders, MOUs and 
MOAs may be of interest.

The contents are at:

     http://jya.com/nrcnidx.htm


Here's they are:

Appendix N  Laws, Documents, and Regulations, Relevant to Cryptography 


N.1    STATUTES 

N.1.1  Wire and Electronic Communications Interception and
       Interception of Oral Communications

N.1.2  Foreign Intelligence Surveillance 

N.1.3  Pen Register and Traffic Analysis 

N.1.4  Communications Assistance for Law Enforcement Act of 1995

N.1.5  Computer Security Act of 1987

N.1.6  Arms Export Control Act


N.2    EXECUTIVE ORDERS 

N.2.1  Executive Order 12333 (U.S. Intelligence Activities)

N.2.2  Executive Order 12958 (Classified National Security Information)
 
N.2.3  Executive Order 12472 (Assignment of National Security and 
       Emergency Preparedness Telecommunications Functions)

N.2.4  National Security Directive 42 (National Policy for the 
       Security of National Security Telecommunications and 
       Information Systems)


N.3    MEMORANDUMS OF UNDERSTANDING (MOU) AND AGREEMENT (MOA)

N.3.1  National Security Agency/National Institute of Standards
       and Technology MOU

N.3.2  National Security Agency/Federal Bureau of Investigation MOU

N.3.3  National Security Agency/
       Advanced Research Projects Agency/
       Defense Information Systems Agency MOA


N.4    REGULATIONS

N.4.1  International Traffic in Arms Regulations

N.4.2  Export Administration Regulations







From attila at primenet.com  Tue Nov 12 22:20:19 1996
From: attila at primenet.com (attila at primenet.com)
Date: Tue, 12 Nov 1996 22:20:19 -0800 (PST)
Subject: More snake oil: ENIGMA
In-Reply-To: <v02140b07aeaed1f1f746@[10.0.2.15]>
Message-ID: <199611130621.XAA11453@infowest.com>


In <v02140b07aeaed1f1f746@[10.0.2.15]>, on 11/12/96 
   at 05:20 PM, azur at netcom.com (Steve Schear) said:

.  Attila said:
.
.>        I wonder if anyone told them the data recovery teams can pull
.>    multiple layers of data off a disc after it has been stripped?

.I've often wondered how effective disk encryption programs, like DiskCrypt,
.are at hiding data from a Class III adversary (e.g., NSA).  These programs
.offer a means of 'cleaning' the data and directory space using randomized
.patterns applied one or more times, but this might be insufficient for
.removing data written slightly off-track by a previous write cycle.
.
        I don't have any direct experience with 'serious' error 
    recovery either; however, over a few years span listening to some
    my friends who have not come in from the cold,  I received the
    very definite reading the key is a differential measurement on flux
    and organization which expands the 'hearing' range exponentially
    -even if it is multiple destructive formatting.

        I written software programs for C2 and B1 clearance, including
    primitives which wiped as they went.  I used a pattern which 
    shifted and repeated itself --not too ridiculous on unix if you are
    using type 2 read/write primitives.  messy? yes, in its own simple
    way.

        The software was certified by multiple fairly sensitive regula- 
    tory agencies, plus the usual few for whom there is no name. you
    don't expect, and you do not receive, anything more than a yes/no.
    but it was in these circumstances I 'heard' the comments on recovery.

        and their ability to measure that differential gets better 
    every year!   No, I do not consider 'erased' disks safe from a
    determined federal agency.  I keep sensitive stuff on zip drives
    which are removable, and easily crippled forever.  that and our
    principal [a]vocation: stronger cryptography than the hardware can
    bruteforce or trick.

--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila






From ichudov at algebra.com  Tue Nov 12 22:41:03 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Tue, 12 Nov 1996 22:41:03 -0800 (PST)
Subject: Money-making ideas for Igor Chudov
In-Reply-To: <Pso9wD37w165w@bwalk.dm.com>
Message-ID: <199611130546.XAA07197@manifold.algebra.com>


Dr.Dimitri Vulis KOTM wrote:
> "Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov at algebra.com> writes:
> Instead of "Boris", Igor will substitute one of the 8 newsletter names; instead
> of Adobe, he can use any volatile stock that's as likely to go up as down; and
> the predicted stock price movement will be "up" in the first four newsletters
> and "down" in the other four.
> 
> One month later the stock in question is either up or down. Without loss of
> generality, suppose that it's gone down. Aleksej, Boris, Vasilij, and
> Grigorij's investment advice was wrong, they disappear from the face of the
> earth, and the former recipients of their newsletters don't get bothered any
> more. (Or they could be recycled for future scams; or they could be send the
> remaining 2 issues of worthless advice, as promised.) On the other hand
> Dmitrij, Elena, Zhenja, and Zoya guessed right, so this time they send out a
> new investment newsletter via the anonymous remailers:
> 
> "Congratulations! You continue to receive the free investment advice newsletter
> from Zoya in Tulsa, Oklahoma. Last month I correctly predicted that Adobe will
> have gone down. If you're smart, you've shorted Adobe's stock and made lots of
> money by now. This month I predict that Cisco will go _down as well."
> 
> Again, Dmitrij and Elena predict that some other volatile stock goes up, while
> Zhenja and Zoya predict that it goes down. Suppose D&E are right. Igor leaves
> the Zh.&Z. partitions alone. One month later D&E's subscribers get letter #3:
> 
> "Congratulations! You continue to receive the free investment advice newsletter
> from Elena in Tulsa, Oklahoma. Two months ago I predicted that Adobe would go
> down. I hope you sold it short. Last month I predicted that Cisco would go up.
> I hope you bought it. This month I predict that Lucent will go _up."
> 
> One month later one of the two is right, so its recipients get the fourth and
> final e-mail from an anonymous remailer, this time using a reply block:
> 
> "I've given you three free stock tips over the last 3 months which probably
> made you a lot of money. Now that you've seen my track record, you'll want to
> continue receiving my free advice, but the free promotion is over. Please send
> $20 in untraceable digital cash to this reply block to receive 6 future
> issues."
> 
> Quite a few people would risk the $20, but that would be the last they hear
> from Igor. :-)
> 
> (Alternatively, he can even e-mail 6 more issues of worthless advice to those
> who caughed up the $20, so they can't complain. It would be hard to prosecute
> Igor without proving that all 8 newsletters were published by the same person
> who's been giving contradictory advice to different people.)

I can send all newsletters signed by myself, but claim that they are
produced by different numerical models for predicting (or derivatives')
returns. This way, even though I send out contradictory advice, I
could always say that I had several experimental programs.

It seems though that the market for advise newsletter has been saturated
by people who give random advices and hope to hit a jackpot, like
Garzarelli did with her "sell" advice before the '87 crash.

So my letters would be hardly noticed.

	- Igor.





From frantz at netcom.com  Tue Nov 12 22:42:21 1996
From: frantz at netcom.com (Bill Frantz)
Date: Tue, 12 Nov 1996 22:42:21 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
Message-ID: <199611130641.WAA27702@netcom6.netcom.com>


At  9:33 AM 11/12/96 -0800, Declan McCullagh wrote:
>The Netly News
>http://www.netlynews.com/
>November 11, 1996
>
>Cypher-Censored
>By Declan McCullagh (declan at well.com)
>...
>       That is, until recently, when Dimitri Vulis was given the boot.
>   After he refused to stop posting flames, rants and uninspired personal
>   attacks, Vulis was summarily removed from the mailing list.
>   
>...
>   
>       Thus began a debate over what the concept of censorship means in a
>   forum devoted to opposing it. Did Gilmore have the right to show Vulis
>   the virtual door? Or should he have let the ad hominem attacks
>   continue, encouraging people to set their filters accordingly? The
>   incident raises deeper questions about how a virtual community can
>   prevent one person from ruining the forum for all and whether only
>   government controls on expression can be called "censorship."

There is a serious error here.  Gilmore did nothing to prevent Vulis from
posting to the list.  He only prevented Vulis from receiving the list under
his own name.  And, the as hominem attacks continue.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From jimbell at pacifier.com  Tue Nov 12 22:58:28 1996
From: jimbell at pacifier.com (jim bell)
Date: Tue, 12 Nov 1996 22:58:28 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
Message-ID: <199611130658.WAA07455@mail.pacifier.com>


At 02:11 AM 11/13/96 +0000, The Deviant wrote:
>On Tue, 12 Nov 1996, jim bell wrote:
>
>> At 11:57 PM 11/11/96 -0500, Michael Froomkin - U.Miami School of Law wrote:
>>  Indeed, if Congress chose to license
>> >private mints, that would, IMHO be legal.  The point here is that the
>> >states don't have the power to coin money.
>> 
>> But, apparently, during the 1800's states (?) and individual banks did 
>> indeed print their own currency.
>> 
>> The way I see it, a positive statement in the Constitution that the Feds 
>> have the power to coin money does not necessarily exclude other 
>> people/banks/states/foreign countries from doing likewise.
>> 
>
>Hrmm.. One might point out that the only thing required for someone to
>"mint" (and I use this term loosely) money is for popular belief that the
>money is worth something.  What do you think a cashier's check is?  Other
>notable versions are (and I'm sure somebody is going to say "but its
>represintative of the US Dollar", even though its all dealing with money
>that really isn't there) is AmEx, MasterCard, Visa, etc.

This is yet another reason the Federal government is going to find it so 
difficult to ban or regulate digital cash.  With the collective precedents 
of paper money, then checks, then credit cards, then traveler's checks,  
then debit cards, and so forth, the addition of yet another medium of 
exchange doesn't appear to be a really new concept.  

Also, as far as I understand it, there is nothing illegal about spending (or 
accepting) foreign money inside the US, and in many if not most countries it 
is, likewise, not illegal to spend foreign money there as well.    
Obviously, the precedents allowing digital cash far outweigh those which 
could be marshalled to prohibit it.\




Jim Bell
jimbell at pacifier.com





From snow at smoke.suba.com  Tue Nov 12 23:01:14 1996
From: snow at smoke.suba.com (snow)
Date: Tue, 12 Nov 1996 23:01:14 -0800 (PST)
Subject: A question about PGP Pass phrases.
In-Reply-To: <v03007802aea93092c562@[207.167.93.63]>
Message-ID: <199611130715.BAA00511@smoke.suba.com>


Mr. May said:
> years). However, a properly memorized passphrase, of sufficient length and
> entropy to make exhaustive search impractical, and proper "crypto hygiene"
> will go a long way toward making such raids ineffective.

     A very basic question then:

     What _would_ be a passphrase of sufficient length and entropy? 

     I would assume that the phrase "Off we go, into the while blue yonder"
would not be sufficient, but what about "0ff they went, in'ta the black viod"?

     I would guess that either would be difficult to out right guess, but the 
second would be considerably less likely. Not as unlikely as 
"KIB&^%(*h89hgv&*hjV6*ibHF&90n", but a hell of a lot easier to remember.

    It has been several months since I read the PGP users guide, and I don't 
remember any discussion of that in it, but I could be wrong. 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From jim at santafe.arch.columbia.edu  Wed Nov 13 00:32:54 1996
From: jim at santafe.arch.columbia.edu (Jim Wise)
Date: Wed, 13 Nov 1996 00:32:54 -0800 (PST)
Subject: two bogus messages to this list
In-Reply-To: <01BBD081.63E4D3C0@blv-pm101-ip1.halcyon.com>
Message-ID: <Pine.NEB.3.94.961113033655.7155A-100000@localhost>


On Tue, 12 Nov 1996, Mark M. Lacey wrote:

>> Even under NT, this DLL can be made to remain resident and trapping
>> Keystrokes, events, and window contents.
 
> This is (or was?) no problem under X Windows the last time I tried
> it (not recently), too.  In fact, you could monitor the keystrokes
> of any machine that you had access to remotely, as long as X was
> running.  All it took was a short little C program.  So what call
> is it on NT that you're talking about?

Only if the machines you are trapping from were silly enough to turn off
authentication.  This includes other users on the current machine trying
to trap from your display, BTW.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From mclow at owl.csusm.edu  Wed Nov 13 00:47:55 1996
From: mclow at owl.csusm.edu (Marshall Clow)
Date: Wed, 13 Nov 1996 00:47:55 -0800 (PST)
Subject: BizWeek speaks on Crypto
In-Reply-To: <19961112184849116.AAA174@dev.vertexgroup.com>
Message-ID: <v0310070aaeaf3b2bc72f@[207.67.246.99]>


>http://www.businessweek.com/1996/47/b350287.htm
>

I find a large dose of irony in the fact that this article hilights Royal Dutch/Shell, who last year told a European government committee that it's primary concern with encryption is:
	"protection of trade secrets from governments and competitors"


-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow at mailhost2.csusm.edu>

"We're not gonna take it/Never did and never will
We're not gonna take it/Gonna break it, gonna shake it,
let's forget it better still" -- The Who, "Tommy"







From nobody at replay.com  Wed Nov 13 00:50:26 1996
From: nobody at replay.com (Anonymous)
Date: Wed, 13 Nov 1996 00:50:26 -0800 (PST)
Subject: [URGENT] Accounts payable
Message-ID: <199611130850.JAA11763@basement.replay.com>


What a joy to make a public mockery of Tim 
Mayonnaise!






From SButler at chemson.com  Wed Nov 13 00:52:11 1996
From: SButler at chemson.com (Butler, Scott)
Date: Wed, 13 Nov 1996 00:52:11 -0800 (PST)
Subject: FW: Returned mail: User Unknown
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961113085327Z-4263@csa-ntx.chemson.com>


Can whoever is responsible for this please stop.

This is about the 30th one that I have received.

Thanx
Scott


>>The address you mailed to is no longer valid.
>>This is probably because the user in question was an
>>old Open Net subscriber. Open Net is NO LONGER an ISP,
>>and has not been since May 1996.
>
>>We have no redirection address for that user. Please
>>remove them from any mailing lists you might have.
>
>>This response was generated automatically.
>
>





From furballs at netcom.com  Wed Nov 13 01:06:37 1996
From: furballs at netcom.com (furballs)
Date: Wed, 13 Nov 1996 01:06:37 -0800 (PST)
Subject: two bogus messages to this list
In-Reply-To: <9611121632.AA26619@notesgw2.sybase.com>
Message-ID: <Pine.3.89.9611130005.A13316-0100000@netcom>

A non-text attachment was scrubbed...
Name: not available
Type: text/mixed
Size: 3538 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961113/203b74a6/attachment.bin>

From field at pipeline.com  Wed Nov 13 01:11:21 1996
From: field at pipeline.com (Richard L. Field)
Date: Wed, 13 Nov 1996 01:11:21 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
Message-ID: <1.5.4.16.19961113041232.2c0ff27e@pop.pipeline.com>


At 10:35 AM 11/12/96 -0800, Jim Bell wrote:

>...The way I see it, a positive statement in the Constitution that the Feds 
>have the power to coin money does not necessarily exclude other 
>people/banks/states/foreign countries from doing likewise.


   No need to turn this into Constitutional Law 101, but you might wish to
look at Article I, Section 10.

   - Rich






From aga at dhp.com  Wed Nov 13 02:42:43 1996
From: aga at dhp.com (aga)
Date: Wed, 13 Nov 1996 02:42:43 -0800 (PST)
Subject: Money-making ideas for Igor Chudov
In-Reply-To: <VBaBXD48w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961113053451.20903D-100000@dhp.com>


On Tue, 12 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Tue, 12 Nov 96 22:03:06 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv at bwalk.dm.com>
> Reply-To: freedom-knights at jetcafe.org
> To: cypherpunks at toad.com
> Subject: Re: Money-making ideas for Igor Chudov
> 
> aga <aga at dhp.com> writes:
> > >
> > > "Igor 'FUCK MNE HARDER' Chudov @ home" <ichudov at algebra.com> writes:
> >
> > algebra.com is a suspect domain.
> 
> Yes, Dr. Grubor - it's been implicated in Jan Isley's (spit) Usenet vote fraud:

I did not know about that.  I was speaking of another incident
when a user from that domain sent something to my pgh.org

(chop)

> > > (Alternatively, he can even e-mail 6 more issues of worthless advice to tho
> > > who caughed up the $20, so they can't complain. It would be hard to prosecu
> > > Igor without proving that all 8 newsletters were published by the same pers
> > > who's been giving contradictory advice to different people.)
> > >
> > But what Law would you charge him with?
> > Unless you could prove his "intent" I see no way that you
> > could ever prove any case against him.
> 
> The intent is to defraud, but shouldn't absolute free speech protect fraud
> and libel?
> 

Fraud always must have theft connected with it, so it is
a crime, but libel is never any crime, and is only civil.
Freedom of speech is no defense to any criminal charge,
but may be to a civil one.

-jg






From tvo at software-ag.de  Wed Nov 13 03:40:12 1996
From: tvo at software-ag.de (Thomas Vogler)
Date: Wed, 13 Nov 1996 03:40:12 -0800 (PST)
Subject: Q: where is `/etc/passwd' on WindowsNT
Message-ID: <199611131141.MAA14539@suncool1.software-ag.de>


hi all,

i am looking on information where WindowsNT stores its database of
hashed passwords (in the registry ? below the key
\\hklm\security\sam\domains\account\users ?) and how they are stored /
hashed (md4 ?) ?

any information welcome...

ttfn

thomas

-- 
+-----------------------------------------------------------------------------+
| jolifanto bambla o falli bambla / gro_iga m'pfa habla horem / egiga         |
| goramen / higo bloiko russula huju / hollaka hollala / anlogo bung / blago  |
| bung blago bung / bosso fataka / | || | / schampa wulla wussa olobo / hej   |
| tatta gorem / eschige zunbada / wulubu ssubudu uluwu ssubudu / tumba ba-umf |
| / kusa gauma / ba - umf                            // hugo ball, 'karawane' |
+-----------------------------------------------------------------------------+
| Thomas Vogler, tvo at software-ag.de,  http://pcool/~tvo/                      |
|-----------------------------------------------------------------------------+
| Phone: [49]-(6151)-92-2484                         FAX: [49]-(6151)-92-2610 |
+-----------------------------------------------------------------------------+
| statements in here are my own and not neccesarily those of my employer      |
+-----------------------------------------------------------------------------+





From jk at stallion.ee  Wed Nov 13 03:52:29 1996
From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=)
Date: Wed, 13 Nov 1996 03:52:29 -0800 (PST)
Subject: Data leak in Estonia
Message-ID: <Pine.GSO.3.93.961113134742.805L-100000@nebula>



The following are some news clips from Baltic News Service about a scandal
in Estonia, where some government and private databases were sold on black
market on CD-ROM disks. This brings up an interesting question, who should
own information like police and IRS databases, and is it illegal to copy
such information once it is available.

Juri Kaljundi
jk at stallion.ee

---

SECRET INFO IS SOLD ON BLACK MARKET, ESTONIAN POLICE SAY
   
   TALLINN, Nov 09, BNS - Classified information of important state
   institutions is available on the black market, according to Estonian 
   security police and central criminal police officials.
     
   A database containing information on hundreds of thousands of people,
   collected by the Tax Department, Estonian Mobile Telephone and
   Radiolinja companies, the Social Affairs Ministry and several other
   state agencies and large companies, has hit the black market, the
   Eesti Paevaleht daily reported on Saturday. Supposedly, also Customs
   Department and national car registry databases have been secretly
   copied.
       
   The CD-ROM with the confidential informations costs about 50,000    
   kroons, according to the daily.
     
   Security Police Director General Juri Pihl and acting deputy director
   of the central criminal police, Andres Anvelt, confirmed that numerous
   institutional databases are available on the black market.
 
   Anvelt said he had happened to see a pirate copy of the buildings 
   registry showing all transactions with buildings and their owners.
   "I've also heard that information on who owns which telephone number
   has leaked from mobile telephone companies," he added.
 
   Pihl said security police would investigate information leaks only
   when they concerned security police itself. Looking into database
   thefts is not directly the province of security police, he said.
 
   Such a secret database is a powerful weapon in the hands of organized
   crime, the daily said.
 
   Criminals have managed to take advantage of the insufficient
   protection of electronic databases and are sometimes better informed
   than the police, Anvelt confessed.

Baltic News Service

---

ESTONIAN COMMITEE CLAIMS IT HAS NO INFORMATION ON DATABASES ON BLACK
MARKET
   
   TALLINN, Nov 11, BNS - Chairman of the Estonian parliament's security
   police committee, Vahur Glaase, said he had not enough information on
   allegedly illicit trafficking in classified databases. 
   
   "I have too little information to draw any conclusions," chairman of
   the parliamentary committee controlling the activity of the Estonian
   security police told BNS.
  
   The Eesti Paevaleht daily Saturday claimed that a database containing
   information of the taxation department, the Eesti Mobiiltelefon and 
   Radiolinja mobile telephone companies, the social affairs ministry and
   some other agencies and companies on hundreds of thousands of people
   had arrived on the Estonian black market. Presumably, the illegally 
   copied database also contains data of the customs department and the
   motor vehicles registration center.
     
   Glaase said that while a large proportion of the official information
   is open to the public, the publication of a classified telephone
   number is a crime.
  
   "This seems to smack of misprision, and police must start
   investigating it when an application is filed," Glaase said.
     
   According to the Eesti Paevaleht report a CD-ROM with the illegal
   database costs about 50,000 kroons. The paper claimed that the pirated
   information is a powerful weapon in the hands of criminals.
       
   Security police general director Juri Pihl and central criminal police
   acting assistant director Andres Anvelt confirmed there was
   black-market traffic in many institutions' databases.
       
   Pihl said that the security police would launch an inquiry into the
   information leak if it also concerned the security police. He said
   investigation of database theft was not an immediate task of the
   security police.
 
   According to the criminal code, the potential punishment for
   destroying or manipulating with other people's electronically recorded
   information is punishable with a prison sentence for a term of up to
   one year.

Baltic News Service
   
---
   
ESTONIAN CABINET EXPRESSES SHOCK AT GOVERNMENT DATA LEAK
   
   TALLINN, Nov 12, BNS - The Estonian Cabinet is shocked by the
   appearance on the black market of government information, foreign
   minister and acting prime minister Siim Kallas said.
   
   "It is a complicated problem and the Cabinet is shocked by it," Kallas
   told reporters on Tuesday.
   
   Kallas said Interior Minister Mart Rask had known about the
   information leak since two months ago. "Investigation of the leak has
   started at the Interior Ministry and by today criminal proceedings  
   have been taken in the first case," Kallas said.
     
   Kallas said that in the nearest future the Cabinet would adopt a
   decision obliging state institutions to protect the information at
   their disposal. "The security systems and leaking connections must be 
   checked," he said.
     
   The acting prime minister said that it was important to establish how,
   by which channels and through whom the information came to the black
   market.

Baltic News Service

---

ESTONIAN POLICE QUESTION FIRST PEOPLE IN DATABASES LEAK CASE
   
   TALLINN, Nov 13, BNS - Estonian police Tuesday questioned several  
   people in connection with criminal action brought in the databases
   leak case.
   
   An interview with an alleged author of the black market databases,
   Imre Perli, has been scheduled for Wednesday.
   
   Tallinn police deputy prefect Peeter Sults told BNS that investigators
   had contacted Perli by telephone and he had promised to come for an
   interview.
       
   "Perli is not a suspect," Sults said. "Criminal action was brought 
   concerning the fact of the leak, not any concrete person."
       
   Sults said the perons interviewed were connected with institutions
   from which information had allegedly leaked out.
     
   The Tallinn criminal police brought criminal action in the classified
   information leak case on Tuesday. The action was taken concerning
   violations of regulations of government register keeping or of the use
   of the information contained in such registers. The punishment
   stipulated for this in the criminal code is a fine or a prison  
   sentence for a term of up to two years.
     
   The press has claimed that most of the classified databases were
   compiled by Perli, until September an Eesti Mobiiltelefon mobile
   telephone company employee. He may also have compiled the motor
   vehicles register database by which car owners can be established.
   
   Databases containing thousands of mobile and ordinary telephone  
   numbers, traffic offences, as well as data of the motor vehicles and
   companies registers are currently being offered for sale in Estonia.
   Such databases are of high value for organized crime.

Baltic News Service







From deviant at pooh-corner.com  Wed Nov 13 04:17:15 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Wed, 13 Nov 1996 04:17:15 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <199611130658.WAA07455@mail.pacifier.com>
Message-ID: <Pine.LNX.3.94.961113121435.596A-100000@random.sp.org>


On Tue, 12 Nov 1996, jim bell wrote:

> At 02:11 AM 11/13/96 +0000, The Deviant wrote:
> >On Tue, 12 Nov 1996, jim bell wrote:
> >
> >> At 11:57 PM 11/11/96 -0500, Michael Froomkin - U.Miami School of Law wrote:
> >>  Indeed, if Congress chose to license
> >> >private mints, that would, IMHO be legal.  The point here is that the
> >> >states don't have the power to coin money.
> >> 
> >> But, apparently, during the 1800's states (?) and individual banks did 
> >> indeed print their own currency.
> >> 
> >> The way I see it, a positive statement in the Constitution that the Feds 
> >> have the power to coin money does not necessarily exclude other 
> >> people/banks/states/foreign countries from doing likewise.
> >> 
> >
> >Hrmm.. One might point out that the only thing required for someone to
> >"mint" (and I use this term loosely) money is for popular belief that the
> >money is worth something.  What do you think a cashier's check is?  Other
> >notable versions are (and I'm sure somebody is going to say "but its
> >represintative of the US Dollar", even though its all dealing with money
> >that really isn't there) is AmEx, MasterCard, Visa, etc.
> 
> This is yet another reason the Federal government is going to find it so 
> difficult to ban or regulate digital cash.  With the collective precedents 
> of paper money, then checks, then credit cards, then traveler's checks,  
> then debit cards, and so forth, the addition of yet another medium of 
> exchange doesn't appear to be a really new concept.  
> 
> Also, as far as I understand it, there is nothing illegal about spending (or 
> accepting) foreign money inside the US, and in many if not most countries it 
> is, likewise, not illegal to spend foreign money there as well.    
> Obviously, the precedents allowing digital cash far outweigh those which 
> could be marshalled to prohibit it.\
> 

Yes, the precedents for allowing digital cash do outweigh the ones against
it.  To the letter of the law, digital cash is perfectly legal.  Of
course, so is the Federal Reserve Bank, but... ;)

> 
> Jim Bell
> jimbell at pacifier.com
> 

 --Deviant
Let the machine do the dirty work.
		-- "Elements of Programming Style", Kernighan and Ritchie







From gary at systemics.com  Wed Nov 13 04:19:02 1996
From: gary at systemics.com (Gary Howland)
Date: Wed, 13 Nov 1996 04:19:02 -0800 (PST)
Subject: pgp3
Message-ID: <199611131217.NAA19213@internal-mail.systemics.com>


> Gary Howland wrote:
> > 
> > > Someone suggested to me that Derek posted a draft spec for PGP 3.0.
> > > Anyone know of the whereabouts of this document.
> > 
> > Yes.  That document has evolved to RFC 1991:
> > 
> > 1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange
> >            Formats", 08/16/1996. (Pages=21) (Format=.txt)

Hmm - I don't know I managed to make this post - I had started writing
a reply, but exited my mailer, and for some reason it decided to send a
cut down version of the unfinished mail anyway ...

> Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
> 2.6.? distribution. I'm doing an independent implementation of the PGP
> 2.6 message formats, and found this document unclear in a few spots. For
> example, can anyone else figure out the weird CFB variant mode from this
> document? I used a debugger on the PGP code to help me figure it out.

Exactly - I spent ages on the same thing.  Then there's the problem that
packet length headers must be specific lengths for various types (eg.
key certificates must have a 2 byte length, even if only one is required).
It is also not clear what the exported key certificates should contain,
the spec simply mentioning that there should be no trust packets etc. etc.

> The PGP 3.0 "spec" that you're referring to is actually a draft for a
> PGP library API. A couple of those got circulated on some PGP mailing
> lists, but none have been publicly released, another example of the
> secrecy surrounding the whole PGP effort.
>
> Now that PGP Inc. is happening, it's not exactly clear whether the PGP
> 3.0 release is going to include an API closely resembling these drafts.

I agree with your comments.  For example, we are developing PGP compatible
libraries in both Perl and Java, and are going to add SHA, Blowfish, T-DES,
etc., along with a better key ring format, encrypted key rings, and features
such as key generation from a passphrase, and we would very much like to
remain compatible with the new PGP, but how can we when there is so little
information available?  I think we need a forum to discuss PGP development
issues - I would be happy to set one up if there was interest.

Best regards,

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary at systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 





From gary at systemics.com  Wed Nov 13 04:39:26 1996
From: gary at systemics.com (Gary Howland)
Date: Wed, 13 Nov 1996 04:39:26 -0800 (PST)
Subject: Taxation Thought Experiment
Message-ID: <199611131240.NAA19255@internal-mail.systemics.com>


> o TAXES THOUGHT EXPERIMENT
> 
>  1) I generate $100 of productivity for my company
>  2) Company is taxed %30, $70 left
>  3) Company pay shareholders and costs, $30 is left
>  4) Company pays me
>  5) I pay 40% in taxes, so $18 left
>  6) With $18 I can buy a $16.82 object (%07 sales tax).
> 
> Results:
>  1) I see $16.82 realization from $100 productivity increase.
>  * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.

The government gets $59.26, not $49.26 (30+16+12+1.26).
That leaves you with 16.74 (not 16.82) - they get nearly four
times as much.

In other countries the situation may be worse, not only due to different
rates of tax, but because of social security contributions, employers tax,
and the like.

Then if you spend your money on beer or fags, you may be paying even
more tax, due to taxes on alcohol and tobacco, leaving the government
with perhaps 10 times as much money as you.  Many imported goods also have
a tax on them (eg. motorcycle import tax is around 50% in the UK).


It is probably more fun to do these calculations without involving
the shareholders, since they are, after all, earning their "cut".

[ Crypto relevance? Assasination taxation? ]

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary at systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 





From dlv at bwalk.dm.com  Wed Nov 13 05:02:08 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 05:02:08 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <L8yBXD55w165w@bwalk.dm.com>


Declan's done an excellent journalistic job. I understand that because of the
space limitations he couldn't quote everything that everyone told him, so one
small point in his article might be misinterpreted by a casual reader:

Declan McCullagh <declan at well.com> writes:
>    though, he's almost notorious. His .sig file, for instance, proudly
Why "almost"? :-)
>    points out that he's a former Kook of the Month; Vulis was also a
There's no such thing as "former" KOTM, Declan. That's a lifetime achievement!
>    Net-legend and even has the alt.fan.dimitri-vulis newsgroup named
>    after him.
(I newgrouped a.f.d-v myself, actually. But it does get traffic :-)
>    daily messages that came from Vulis's keyboard. The list is on
>    Gilmore's machine and he can do what he wants with it; he can moderate
>    the postings, he can censor material, he can shut the whole thing
>    down. By kicking off an offending user, a list owner merely exercises
>    his property right. There's no government involvement, so the First
>    Amendment doesn't apply.

I told Declan that agree 100% - John Gilmore has the right to do anything
he likes with his private mailing list. The 1st Amendment does not apply.

However censorship needn't be government-imposed.

>        For his part, Gilmore calls removing the Russian mathematician "an
>    act of leadership." He says: "It said we've all been putting up with

An act of censorship, an act of cowardice, an act of Hitler-like leadership...

>    this guy and it's time to stop. You're not welcome here... It seemed
>    to me that a lot of the posts on cypherpunks were missing the mark.
>    They seemed to have an idea that their ability to speak through my
>    machine was guaranteed by the Constitution."

If John Gilmore ascribes this opinion to me, then he's lying outright.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From SButler at chemson.com  Wed Nov 13 05:25:07 1996
From: SButler at chemson.com (Butler, Scott)
Date: Wed, 13 Nov 1996 05:25:07 -0800 (PST)
Subject: FW: Returned mail: User Unknown
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961113132104Z-4298@csa-ntx.chemson.com>




>
>>The address you mailed to is no longer valid.
>>This is probably because the user in question was an
>>old Open Net subscriber. Open Net is NO LONGER an ISP,
>>and has not been since May 1996.
>
>>We have no redirection address for that user. Please
>>remove them from any mailing lists you might have.
>
>>This response was generated automatically.
>
Can whoever is responsible for this please........STOP IT !

Thanx
ScOtT
>;-D





From rstrasbu at bronco1.hastings.edu  Wed Nov 13 06:03:18 1996
From: rstrasbu at bronco1.hastings.edu (Ron Strasburg)
Date: Wed, 13 Nov 1996 06:03:18 -0800 (PST)
Subject: A really short one time pad.
In-Reply-To: <v03007801aeaef123f2eb@[207.167.93.63]>
Message-ID: <Pine.BSF.3.91.961113075918.7895A-100000@bronco1.hastings.edu>




On Tue, 12 Nov 1996, Timothy C. May wrote:

> At 5:39 PM -0800 11/12/96, Sean Roach wrote:
> >Actually, here are ten.
> >2^.5
> >3^.5
> >2^(1/3)
> >5^.5
> >5^(1/3)
> >7^.5
> >11^.5
> >13^.5
> >17^.5
> >Pi
> >For that patter the nth root of any prime number.
> >A lifetime of "pads" could be distributed in one trip.  Of course this still
> >means that you have to make the trip, and write down all of the above with a
> >referring codeword or number.
> >Cheap, I know.  Wonder if this type of "one time pad" is as foolproof as
> >truly randomly generated ones.
> 
> You needn't wonder. These are not one time pads. Read any opening chapter
> of any book on crypto to see why.
> 
> However, there might be a good company you could put together around this idea.
> 
> (I wonder why nobody has thought of something so easy....)
> 
this was proposed a couple months ago by a Robert Shueey, he first posted 
asking if "Irrational=Random".
not sure if he got any responses. 

> 
> --Tim
> 
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 





From declan at well.com  Wed Nov 13 06:22:18 1996
From: declan at well.com (Declan McCullagh)
Date: Wed, 13 Nov 1996 06:22:18 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611130641.WAA27702@netcom6.netcom.com>
Message-ID: <Pine.GSO.3.95.961113061359.725B-100000@well.com>



On Tue, 12 Nov 1996, Bill Frantz wrote:
> There is a serious error here.  Gilmore did nothing to prevent Vulis from
> posting to the list.  He only prevented Vulis from receiving the list under
> his own name.  And, the as hominem attacks continue.

Yes, I understand this. It's quite obvious; being removed from the
subscriber list hasn't slowed Vulis at all. When I was writing the piece
Vulis seemed to have slowed his ad hominem attacks and instead was talking
about censorship (something that is within the charter of the list), but
perhaps the reprieve was only temporary. 

The point I was trying to make at the end and that I may not have done
very successfully is that it would be very difficult to prevent Vulis from
*posting* to the list under his name; he then could do it through
remailers. And blocking remailers is unacceptable. So how does one kick
someone else out of a forum where anonymous speech is allowed?

-Declan


> At  9:33 AM 11/12/96 -0800, Declan McCullagh wrote:
> >The Netly News
> >http://www.netlynews.com/
> >November 11, 1996
> >
> >Cypher-Censored
> >By Declan McCullagh (declan at well.com)
> >...
> >       That is, until recently, when Dimitri Vulis was given the boot.
> >   After he refused to stop posting flames, rants and uninspired personal
> >   attacks, Vulis was summarily removed from the mailing list.
> >   
> >...
> >   
> >       Thus began a debate over what the concept of censorship means in a
> >   forum devoted to opposing it. Did Gilmore have the right to show Vulis
> >   the virtual door? Or should he have let the ad hominem attacks
> >   continue, encouraging people to set their filters accordingly? The
> >   incident raises deeper questions about how a virtual community can
> >   prevent one person from ruining the forum for all and whether only
> >   government controls on expression can be called "censorship."
> 

> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
> (408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
> frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA
> 
> 
> 






From rah at shipwright.com  Wed Nov 13 06:47:28 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 13 Nov 1996 06:47:28 -0800 (PST)
Subject: Litt: 10/28 speech to ABA/ABA
Message-ID: <v03007817aeaf7c3419db@[206.119.69.46]>



--- begin forwarded text


X-Sender: oldbear at tiac.net
Date: Tue, 12 Nov 1996 17:46:02 -0500
To: Digital Commerce Society of Boston <dcsb at ai.mit.edu>
From: The Old Bear <oldbear at arctos.com>
Subject: Litt: 10/28 speech to ABA/ABA
Mime-Version: 1.0
Sender: bounce-dcsb at ai.mit.edu
Precedence: bulk
Reply-To: The Old Bear <oldbear at arctos.com>

 < gopher://198.80.36.82:70/00s/current/news/topic/econ/96102905.lec >


*96102905.LAR 10/29/96

FIGHTING ELECTRONIC MONEY LAUNDERING DEMANDS MULTI-PRONGED STRATEGY

(Byliner by DAAG Robert S. Litt)  (1930)
By Robert S. Litt


Most observers believe that widespread electronic commerce is probably
inevitable. It offers us the exciting prospect of doing away with many
of the costs, burdens, and problems associated with paper money. But
the advent of electronic commerce presents certain challenges to law
enforcement as well.

One of the biggest challenges is the new opportunities for criminals
to launder their dirty money. Traditionally, money launderers have
deposited troublesome and bulky cash proceeds into banks or other
financial institutions to obscure its criminal origins. Or they have
created phony companies, or engaged in sham transactions, to hide
illicit profits.

These methods usually create paper trails that can be traced by law
enforcement. Through education, training and the enactment of
stringent laws and regulations in this regard, and through close
cooperation between the Departments of Treasury and Justice, law
enforcement has made great progress preventing and detecting money
laundering. As a result, it is increasingly difficult for criminals to
launder their money successfully.

But certain types of electronic commerce systems permit virtually
anonymous transactions and leave no paper trail. These systems could
undo years of hard law enforcement work. Electronic commerce could
allow a money launderer who wants to transfer tainted funds to do so
without the risk of engaging in personal contact with a potentially
suspicious bank employee. And the funds could be transferred anywhere
in the world by an automated on-line banking system that could be
accessed from the safety of the money launderer's home.

Similarly, a bank that operates completely on-line could court the
business of money launderers with little danger of prosecution. Such a
virtual bank could easily be located overseas, beyond the reach of
U.S. law enforcement. A recent article in the Washington Post suggests
that we are already encountering offshore, on-line banks. According to
the Post article, one offshore bank describes itself as the first bank
on the Internet, offering the opportunity to open accounts, wire
money, order credit cards or write checks by computer from anywhere in
the world, around the clock.

The bank's Worldwide Web page describes the benefits it offers to
customers: "Since there are no government withholding or reporting
requirements on accounts, the burdensome and expensive accounting
requirements are reduced for you and (the bank). The bank maintains
the strictest standards of banking privacy in offshore business and
financial transactions. Indeed, (the bank's country) has stiff
penalties for officers or staff that violate banking secrecy laws." It
is not hard to imagine who will be attracted to this kind of banking.

Some smart card systems go further, and would permit money launderers
to obscure the origins of funds while avoiding financial institutions
entirely. These systems have no central registry of transactions which
would allow the transactions to be reconstructed. A sophisticated
launderer, using multiple cards, could create an intricate series of
transfers that could not be unraveled, and that would circumvent
almost all existing money laundering laws. Internet payment systems
can similarly permit multiple transactions that could be next to
impossible to trace, particularly if unscrupulous merchants cooperate
with the criminals.

How do we respond? One big step toward eliminating money laundering
and other law-breaking through electronic commerce would be to
implement electronic cash technologies that track all transfers. We
have received information that at least one provider of a smart card
system that is already in use in Europe has modified its cards for use
in the United States so that financial institutions will be able to
track card usage. The system will allow them to audit for fraud, if
not recreate every transaction.

But a solution such as this raises a fundamental philosophical issue
for our society -- striking the proper balance between anonymity and
accountability. This question is being debated in many contexts as the
Internet grows. Important reasons abound to allow anonymity in
communications networks. Whistleblowers may want to remain anonymous
to avoid retribution. Consumers may wish to obtain information on a
product without ending up on hundreds of mailing lists. Rape victims
may want to discuss their experiences without revealing their
identities.

Unfortunately, criminals also benefit from anonymity. They want to
avoid getting caught. Anonymous remote communications can help them
avoid detection and apprehension. And so effective law enforcement
requires accountability. We must be able to hold individuals who harm
others accountable for their conduct.

We can find a middle ground between anonymity and accountability in
the principle of confidentiality. In a confidential system, a person's
identity is not generally known, but in appropriate circumstances --
for example when a court order is obtained -- the identity can be
determined. Confidentiality permits us to allow anonymity in
appropriate circumstances but does not permit criminals to obtain new
advantages from the anonymous capabilities of the Net.

This concept of confidentiality embodies the message chosen by the
framers of the U.S. Constitution to limit law enforcement through the
Fourth Amendment. They rejected a system under which law enforcement
could have unfettered access to citizens' papers; but equally they
rejected a system where those papers could be immune from scrutiny
under any circumstances. Rather, they provided for access to a
person's documents under appropriate judicial supervision, forbidding
unreasonable searches and seizures and requiring warrants and
subpoenas. The same kind of balancing, an approach that protects both
anonymity and accountability, should govern our approach to electronic
cash.

Those are some of the challenges we will face. The Department of
Justice has been taking some steps to help us prepare for these
challenges, drawing on the expertise we have had in dealing with other
computer crimes such as hacking.

The first lesson that we have learned is the need for extensive
training. To fight computer crime, agents and prosecutors must
understand computer and telecommunications technology, and be
dedicated full time to this complex area of law. The FBI has now
created three computer crime squads, in Washington, San Francisco and
New York City. The Secret Service also has agents trained to deal with
electronic crimes against financial institutions. The expertise of
these agents will be a crucial asset in fighting abuses of electronic
commerce.

Successful investigation of high-technology crime also requires the
participation of technically literate prosecutors. In 1991, the
Criminal Division of the Department of Justice created what is now the
Computer Crime and Intellectual Property Section, which we have
recently doubled in size. And we have set up, with the cooperation and
support of our U.S. attorneys nationwide, a network of prosecutors who
have been specially trained to serve as Computer and
Telecommunications Coordinators. These "CTCs," as they are known,
presently serve as resident experts on computer crime issues.

But to be successful in combating money laundering or any other form
of electronic crime, an international response is absolutely
necessary. Many of the crimes of the future will not be hampered by
international boundaries, because electronic funds need not be
physically transferred; they can be instantaneously and covertly
shipped via telephone and data networks.

Because computer criminals often are not in the same country as the
electronic funds that they are stealing, passports and other existing
international controls are of limited use in identifying and
apprehending them. Thus, a concerted international effort will be
necessary to ensure that electronic commerce criminals cannot take
advantage of weak laws in one country to commit crimes with impunity
in the United States.

We are making great progress in this effort. We have already had
several instances of international cooperation leading to the arrest
of overseas hackers who have broken into U.S. computers, and we are
working in a number of international forums to institutionalize that
cooperation and to seek coherent rules and policies that will enable
us to prevent abuses of electronic commerce.

In addition to working with other governments, we will have to work
with industry. The issue of encryption is particularly prominent now.
Without strong encryption, successful electronic commerce is probably
a fantasy. But encryption that is too strong -- that cannot be broken
when appropriate -- risks terrible and irrevocable damage to law
enforcement capabilities that are critical to our ability to protect
us all. Our goal is to encourage the use of strong encryption to
protect privacy and commerce, but in a way that preserves law
enforcement's ability to protect public safety. We're not looking to
expand what we can do now, just to preserve this ability against the
threat of unbreakable encryption. Our goal is confidentiality --
protecting the privacy of individual communications while preserving
our present ability under the law to obtain this information when we
need it.

Similarly, in electronic commerce, we want to work with industry to
ensure that the needs of law enforcement are met without either
stifling the development of a vibrant new technology or compromising
individual rights. We believe that the electronic commerce industry
should incorporate certain features into the designs of their smart
cards systems, features that we consider necessary to avoid abuses in
this area. We don't want to dictate how these features are designed,
but there are certain reasonable elements that industry should build
into its systems.

First, a transaction using a digital purchasing system should generate
and safely store records similar to those of credit cards whenever a
cardholder makes a purchase or transfer that exceeds a designated
size. In this regard, we must again emphasize that we are not seeking
to give government any new authority, merely to ensure that we can get
information when we are authorized to do so. Second, electronic
commerce systems should be designed to maintain sensible limits on the
amount of value that may be stored or transferred on a single smart
card or personal computer. Few people carry tens of thousands of
dollars in cash on their persons; permitting "smart cards" of such
value would greatly increase the opportunities for fraud. Finally, and
for obvious reasons, we must encourage the major smart card system
providers to use responsible financial entities as the primary outlets
for their cards.

Our last challenge is to update laws that might otherwise become
outdated. At present it is not clear whether our existing laws are
adequate to deter and punish electronic commerce abuses. Since
Congress did not and could not have foreseen the current electronic
commerce revolution, law enforcement authorities must be prepared, at
least at first, to combat these abuses through existing criminal
statutes that are not perfectly adapted to the problem.

We do not want to create new laws for their own sake, and certainly
not without understanding the effects that they would have on a
vibrant new industry. On the other hand, if we find that the law
enforcement problems presented by electronic commerce are outstripping
our ability to deal with them, changes in our legal structure may be
required.

The challenges faced by law enforcement in electronic commerce will be
enormous. We have already begun to prepare for some of these
challenges, but we realize that we have much more to do. With
training, technological understanding, international cooperation,
diligent law enforcement, and the cooperation of industry, we will
meet these challenges.

(Mr. Litt, a deputy assistant attorney general, is President Clinton's
nominee to head the Justice Department's Criminal Division. The
article was adapted from his Oct. 28 speech to the American Bar
Association and the American Bankers Association in Washington. It is
in the public domain and may be reprinted without permission.)


NNNN

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB at ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From rah at shipwright.com  Wed Nov 13 06:47:40 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 13 Nov 1996 06:47:40 -0800 (PST)
Subject: "Perceptions and Misperceptions of Privacy on the Net"
Message-ID: <v0300781aaeaf7d074b48@[206.119.69.46]>



--- begin forwarded text


X-Sender: oldbear at tiac.net
Date: Tue, 12 Nov 1996 19:59:39 -0500
To: Digital Commerce Society of Boston <dcsb at ai.mit.edu>
From: The Old Bear <oldbear at arctos.com>
Subject: "Perceptions and Misperceptions of Privacy on the Net"
Mime-Version: 1.0
Sender: bounce-dcsb at ai.mit.edu
Precedence: bulk
Reply-To: The Old Bear <oldbear at arctos.com>

                  The George Washington University
             School of Engineering and Applied Science
                    Cyberspace Policy Institute

                    FREE AND OPEN TO THE PUBLIC

                Tuesday, November 19, 1996 4-6 p.m.
      Room 410 Marvin Center, 21st & H St. NW, Washington, DC

       "PERCEPTIONS AND MISPERCEPTIONS OF PRIVACY ON THE NET"

                             Speaker:
          Steven Emmert, Corporate Counsel for Lexis-Nexis

                          Commentators:
   William W. Burrington, Assistant General Counsel, America Online
  Deidre Mulligan, Staff Counsel, Center for Democracy and Technology

   Privacy norms, regulations, and laws have been developed over the
years, in balance with norms, regulations and laws governing access to
government information and open meetings. The advent of widespread
Internet use has called into question some previously unchallenged uses
of information, reopened discussion on some problems once thought
resolved, and raised new questions which have never been addressed.
In addition to the commercial players involved, individuals, in greater
numbers than at any time in the past, have joined these discussions
about the proper uses of information.
   LEXIS-NEXIS recently experienced this increased individual
participation first hand following the release of a commercial product,
P-TRAK. This product, which makes limited information about individuals
available to LEXIS-NEXIS' subscribers (typically law firms, Fortune 1000
corporations, and government agencies including federal law enforcement
agencies) became the centerpiece of an Internet controversy about privacy.
Information and misinformation about P-TRAK was widely disseminated on
the Internet (and still is) and in the mainstream media.
   In response to this controversy, the Congress directed the Board of
Governors of the Federal Reserve System, in consultation with the
Federal Trade Commission, to conduct a study of whether organizations
which are not subject to the Fair Credit Reporting Act are engaged in the
business of making sensitive consumer identification information available
to the general public. Senators Bryan, Pressler, and Hollings have
requested "that the FTC conduct a study of possible violations of consumer
privacy rights by companies that operate computer data bases."
   As these studies proceed it will be important for all concerned
-- corporations, individuals, the government, law enforcement and
others-- to ensure they fully understand the issues and policies involved
in order to strike the proper balance between the legitimate information
needs of businesses, professionals, individuals, the press, the public,
government and law enforcement, and an individual's right to privacy.
   Lessons learned from this experience will be shared. The policy and
legal issues raised will be identified. Implications for the future of
the Internet and for electronic commerce in information will be discussed.

    Additional information on this and other seminars is available at
          www.cpi.seas.gwu.edu/Activities/Seminars/96-97.html





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB at ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From jbugden at smtplink.alis.ca  Wed Nov 13 07:04:43 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Wed, 13 Nov 1996 07:04:43 -0800 (PST)
Subject: Taxation Thought Experiment
Message-ID: <9610138479.AA847908262@smtplink.alis.ca>



>azur at netcom.com (Steve Schear) wrote:
>>The crypto-relevance is via crypto anarchy: we need to undermine the tax
>>system enough that _everyone_, not just us, loses faith in it.
>>
>>--Tim May
>>
>
>I've posed similar questions to friends and aquaintences.  The
>working-class stiffs (who can't easily hide from the IRS) feel taxes are an
>unwelcome but necessary burden in order to provide the blanket of
>government protection they feel exists.  They resent and oppose widespread
>tax fraud.  Self-employed tend to be more open to 'alternative' income
>structuring.
 
And in the meantime, it would seem prudent to use the existing system to maximum
advantage. In Canada, you can set up a personal trust called a Registered
Retirement Savings Plan (similar to an IRA?) wherein you can trade securities
without tax liability until you withdraw the money into your hands. As long as
you aren't trying to spend it, no taxes are owing. There is a withholding tax of
25% if you eventually leave the country, but the tax free compounding effect
over a decade or two will make this virtually irrelevant.
 
There are also tax credits for venture capital (especially if it relates to R&D)
or scientific research investments. Since we are in fields that likely are
related to this type of work, it seems that we would be able to take advantage
of these types of credit. In Canada, they can pay 80-90% of the related payroll.
Add NRC (National Research Council) grants available for R&D projects and you
can run a company with a dozen people for NO money.
 
This is not fantasy since I know at least two companies that do this. The only
caveat is that you need a good idea to start with. It is also not hard to have a
nominal 50+% marginal tax rate yet pay 15% net income taxes. Since I can use the
Canadian tax system to advantage, I'm not sure that I want to get rid of it just
yet.
 
So, while you are waiting for that anarchy, you may want to retain a good tax
accountant.
 
Ciao,
James
 
The grass is always greener over the septic tank.







From Mullen.Patrick at mail.ndhm.gtegsc.com  Wed Nov 13 07:33:36 1996
From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick)
Date: Wed, 13 Nov 1996 07:33:36 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <n1364241021.79129@mail.ndhm.gtegsc.com>


Sounds like another attempt to raise the cost of using the Net, nothing more. 

Sure, paying postage (Is $1 really necessary?  Why email when snailmail's 
cheaper??) may reduce general spamming done by local punks, but it does
nothing 
against corporations which already spend millions on snailmail spamming. 
Also, 
what happens when your long-lost friend comes across your addy and tries to 
email you?  Surely you don't want to charge postage for an otherwise free 
service to him/er.  Maintaining a list of "accepted sources" would be a hassle

not many people would accept.

Slight variation is to generate a list of "toll these entities."  A smaller
list 
(hopefully :-), and generally easier because then it defaults to no-bill.  Or,

to accomodate superstars/actors/etc, generate files like rhosts.accept 
rhosts.deny in UNIX.  That way, the user may use either/both types of
filtering.  

Again, the average user wouldn't want to deal with this hassle, everyone's
mail 
software would have to be rewritten, and I basically oppose any ideas that 
cost me money for something I already get for free...  :-)

PM
_______________________________________________________________________________
From: Peter Hendrickson on Wed, Nov 13, 1996 4:10
Subject: Remailer Abuse Solutions
To: cypherpunks at toad.com

What do you do if you are operating a remailer and somebody complains
they are getting spammed?  That's easy, you keep a list of people that
you don't send mail to.  What's hard is if that person wants to receive
other anonymous mail.

The solution is easy: charge e-cash to send mail to certain addresses
and send the money to the owner of the account.  Never put an address
on a kill list, just raise the price of sending mail to it.  This
generates lots of positive publicity for your remailer.  People will
beg to be spammed!

And, since the remailer operator handles the financial parts of the
deal, the technically naive "victim" does not have to have specialized
knowledge or even an e-cash account.

This also eliminates the spam problem generally.  If you are plagued
by spam, create a list of names you will accept mail from.  When a
message comes in that is not on the list, return a message directing
them to send you the mail through a paying remailer.

This solves a problem for famous people, too.  They get lots of
mail but they don't have time to read it all.  How to sort it?  Raise
the price of sending a message.  (I heard that Arnold Schwarzeneggar
was once paid $1 million just to read a script and look at the set
of a movie with no obligation to act in it.)

Okay, now lets go to mailing lists.  We like to read anonymous mail
on this list, but we don't like getting spammed.  It's hard to filter
anonymous mail for obvious reasons.

The solution: don't accept anonymous mail.  Only people on the "approved"
list would be allowed to post.  People who wish to post anonymously
could then send mail through the paying remailer to people on the
"approved" list and request that their message be relayed.  Most people
on the list would be happy to accept a dollar or two to provide this
service.  This would eliminate inappropriate mail while allowing anybody
to post.

For that matter, postings to the list itself could be priced at, say,
a dollar to cut down on the noise levels.

Payments, and addresses which complicate payment, make it harder to
rely on the remailer network.  When you send a message through a
few remailers and make a faux pax on the last one, you won't know
what happened.  Did one of the remailers go down?  Did you make a
mistake?

I think I know a solution to this one, too.  If somebody wants to
get error messages, they include a random 128 bit number with their
message.  This is a different number for each remailer in the chain.
When an error occurs, the remailer distributes an error message
with the number attached.

Error message distribution is pretty easy.  The remailer operator
could publish a web page with the errors.  Or, the messages could
be bundled and made available through anonymous ftp, or mailed to
an error message mailing list, or posted to a newsgroup.

Peter Hendrickson
ph at netcom.com



------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;13 Nov 1996 04:10:17 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Wed, 13 Nov 1996 9:06:01 GMT
Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id RAA13602 for
cypherpunks-outgoing; Tue, 12 Nov 1996 17:07:45 -0800 (PST)
Received: from netcom19.netcom.com (root at netcom19.netcom.com [192.100.81.132])
by toad.com (8.7.5/8.7.3) with SMTP id RAA13594 for <cypherpunks at toad.com>;
Tue, 12 Nov 1996 17:07:36 -0800 (PST)
Received: from [192.0.2.1] (ph at netcom21.netcom.com [192.100.81.135]) by
netcom19.netcom.com (8.6.13/Netcom)
	id RAA03014; Tue, 12 Nov 1996 17:07:31 -0800
X-Sender: ph at netcom15.netcom.com
Message-Id: <v02140b04aeaec9f1fa9b@[192.0.2.1]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 12 Nov 1996 17:07:41 -0800
To: cypherpunks at toad.com
From: ph at netcom.com (Peter Hendrickson)
Subject: Remailer Abuse Solutions
Sender: owner-cypherpunks at toad.com
Precedence: bulk






From E.J.Koops at kub.nl  Wed Nov 13 07:48:44 1996
From: E.J.Koops at kub.nl (Bert-Jaap Koops)
Date: Wed, 13 Nov 1996 07:48:44 -0800 (PST)
Subject: PGP3.0 & ElGamal
Message-ID: <A81C16F0582@frw3.kub.nl>


On Fri, 25 Oct 1996 00:32:52 +0100, Adam Back wrote:
[snip]
> Also I understand, though there appears to be no available
> documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> nor MD5, using instead El Gamal for public key encryption and
> signatures, 3DES (unsure?), and SHA1.

Can someone confirm that PGP3.0 will use ElGamal?

Bert-Jaap





From dlv at bwalk.dm.com  Wed Nov 13 08:11:17 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 08:11:17 -0800 (PST)
Subject: UNSUBCRIBE CENSORSHIP
In-Reply-To: <v03007801aeaeb75a4ae7@[207.167.93.63]>
Message-ID: <sZ4BXD1w165w@bwalk.dm.com>


"Timothy C. May" <tcmay at got.net> writes:

> At 5:12 PM -0330 11/12/96, Sheldon Andrews wrote:
> >UNSUBCRIBE CENSORSHIP
> 
> You dumbass.

Let's see if John Gilmore pulls Timmy May's plug for namecalling...

> 
> This is not "CENSORSHIP"...whatever you had in mind, no such mailing list
> is copied in your "To:" or "cc:" field.

That's right - this mailing list is being censored by John "Hitler-like leader"
Gilmore, but it has a different name to distinguish it from other censored
mailing lists.
> 
> Secondly, "unsubscribe" is not spelled "UNSUBCRIBE."
> 
> Thirdly, send your unsubscribe commands to the appropriate place for the
> list involved, not to the list itself.
> 
> Sheldon Andrews is hereby added to the "Don't Hire" list. Hope you weren't
> planning to apply for work out here.
> 
> --Tim May

(Who hasn't worked for a living years)


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From tcmay at got.net  Wed Nov 13 08:12:33 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 13 Nov 1996 08:12:33 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <v03007801aeae80c47f21@[207.167.93.63]>
Message-ID: <v03007800aeafa43b5167@[207.167.93.63]>


At 10:56 PM -0500 11/12/96, Jim Wise wrote:
>On Tue, 12 Nov 1996, Timothy C. May wrote:
>
>> My piece was written as a rant about the dangers of the proposed talk of
>> "privatizing food distribution points," about how this would result in a
>> system where only the rich could get access to nutritional food, and how
>> the poor would be made to suffer. And how this "caloric anarchy" would
>> result in vicious monopolies, price wars, and deviation from Recommended
>> Governmental Caloric Intake Rules.
>
>Which it does...  FWIW, I tend to agree with your general point, but I
>moved from downtown Manhattan to Harlem recently, and was surprised to see
>how many foodstuffs cost _more_ up here, as well as the obvious fact that
>many are harder to get...  Junk food and cheap liquor are everywhere,
>though...

But you're conflating a separate issue: the cost of doing business in
high-crime ghettoes. Both rich and poor alike find prices high and
selection poor in high-crime ghettoes. Likewise, both rich and poor alike
find prices low and selection good in low-crime, suburban locales.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From ph at netcom.com  Wed Nov 13 08:34:23 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Wed, 13 Nov 1996 08:34:23 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <v02140b00aeafa0bb0e9f@[192.0.2.1]>


At 10:34 AM 11/13/1996, Mullen Patrick wrote:
> Sounds like another attempt to raise the cost of using the Net, nothing more.

I am curious which conspiracy you believe I am participating in, other
than the Great Cypherpunk Conspiracy, that is.

Keep in mind that nobody is forced to participate.

> Sure, paying postage (Is $1 really necessary?  Why email when snailmail's
> cheaper??) may reduce general spamming done by local punks, but it does
> nothing
> against corporations which already spend millions on snailmail spamming.

Many people would be happy to read spam mail at $1 a piece.  Assuming you
can scan at a very conservative 3 messages/minute, that's $180/hr. you
can make in the privacy of their own home.

Not enough for you?  Raise the rate.

One dollar is a nice schelling point.  That's why I chose it for my
example.  In practice the people involved are welcome to choose any
amount in any currency they like.

> Also,
> what happens when your long-lost friend comes across your addy and tries to
> email you?  Surely you don't want to charge postage for an otherwise free
> service to him/er.  Maintaining a list of "accepted sources" would be a hassle
> not many people would accept.

Absent highly intrusive global net monitoring techniques, that's what they
are going to have to do anyway.  E-mail is inexpensive.  The advertiser
can justify the expense even if generates a small number of leads.  Expect
more spam.

The alternative to filtering the mail in some way is to create Internet
licenses for every participant which may be revoked for infractions.
These licenses would have to be global.  Big Brother is Watching.

Advertisers do not have a monopoly on spam.  Many people - especially
women - complain about harrassing mail they receive.

> Slight variation is to generate a list of "toll these entities."  A smaller
> list
> (hopefully :-), and generally easier because then it defaults to no-bill.  Or,
> to accomodate superstars/actors/etc, generate files like rhosts.accept
> rhosts.deny in UNIX.  That way, the user may use either/both types of
> filtering.

How will you construct your "toll these entities" list yet accept mail from
any remailer?  Why will spammers not figure out remailers?

> Again, the average user wouldn't want to deal with this hassle, everyone's
> mail
> software would have to be rewritten, and I basically oppose any ideas that
> cost me money for something I already get for free...  :-)

No, everybody's mail software would not have to be rewritten.  That was
the idea.  For instance, it would be easy for users of Unix systems to
use procmail to pre-filter their mail for whatever program they like.
Nota bene: the remailer operator is not offering to filter the users
mail.

"Free" is not always the best choice.  I would gladly pay $10/month to
receive the cypherpunks list if it meant that messages were delivered
immediately when sent.  (I believe these delays hamper the discussion.)
As it is, I can't complain because I am a recipient of John Gilmore's
charity.

I would be interested to hear more about your solution to this problem:
People spam other people who don't like spam but like to receive anonymous
messages.

I would prefer to see solutions in keeping with the Cypherpunks spirit;
that is, no use of force, no use of law, and no loss of anonymity will
be acceptable.

Peter Hendrickson
ph at netcom.com







From rah at shipwright.com  Wed Nov 13 08:43:39 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 13 Nov 1996 08:43:39 -0800 (PST)
Subject: Question on non-repudiation
Message-ID: <v0300784daeafaa7128a9@[206.119.69.46]>



--- begin forwarded text


Date: Wed, 13 Nov 1996 04:11:08 -0500 (EST)
X-Sender: field at pop.pipeline.com
Mime-Version: 1.0
To: John Lowry <jlowry at BBN.COM>
From: "Richard L. Field" <field at pipeline.com>
Subject: RE: Question on non-repudiation
Cc: set-discuss at commerce.net
Sender: owner-set-talk at commerce.NET
Precedence: bulk

+----------------------------------------------------+
Addressed to: set-discuss at commerce.net
+----------------------------------------------------+

   As chair of the ABA's Electronic Commerce Payment Committee and a member
of the drafting team for its Digital Signature Guidelines, I suppose I am
one of the people expected to "solve" the non-repudiation problem through
legal means.

   Notwithstanding any technical or procedural proofs, there is no absolute
non-repudiation, as a legal matter, unless a statute is enacted to that
effect.  For consumers in the U.S., there is no indication that this will
happen.  The applicable laws governing credit cards and the consumer use of
debit cards specify that the customer can repudiate any unauthorized
transaction, and that it is left to his bank/issuer to prove that the
transaction was actually performed by that customer or under his authority.
Even if technical means are used to ensure that the customer will always
retain solitary access control to the account (by biometric means, for
example), he can still claim coercion, error with respect to legal capacity,
etc.  Where software-based keys are used to confirm identity and/or
authority to enter into a transaction, there are additional risks of error
or fraud associated with initially obtaining a key and tying it to an
identity, as well as the ongoing association between the key and the
identity and/or authority.

   In these cases some third party ("trusted" CA, etc.) could step in and
contractually agree to bear all risk of customer repudiation, but given the
relatively low value of the average transaction that would be unlikely.
Additionally, in some countries laws may shift the risk of loss absolutely
to the customer or otherwise prevent him from repudiating a transaction.  To
some degree, this is the direction taken in the U.S. laws governing
commercial wire transfers.  If there are any countries contemplating the
enactment of laws that would absolutely bind a person whenever his private
key has been used, I would be most interested in hearing about them.

   - Richard Field



At 11:35 AM 11/12/96 -0500, you wrote:
>+----------------------------------------------------+
>Addressed to: set-discuss at commerce.net
>+----------------------------------------------------+
>
>Not to be argumentative but non-repudiation can be established
>technically.  The formal definition requires that through technical
>and procedural proofs a party cannot repudiate a transaction.  The
>law may not recognize those techniques and procedures for contractual
>purposes today but the ABA is working on it....

------------------------------------------------------------------------
This message was sent by set-discuss at commerce.net.  For a complete listing
of available commands, please send mail to 'majordomo at commerce.net'
with 'help' (no quotations) contained within the body of your message.

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From hal at rain.org  Wed Nov 13 09:30:27 1996
From: hal at rain.org (Hal Finney)
Date: Wed, 13 Nov 1996 09:30:27 -0800 (PST)
Subject: So how does the crypto crackdown go?
Message-ID: <199611131727.JAA10271@crypt>


From: "Michael Froomkin - U.Miami School of Law" <froomkin at law.miami.edu>
> As Hal knows, but some newer members of the list may not, I discuss the
> possibility of a ban on strong (unescrowed) crypto at some, ahem, length
> in
>
> http://www.law.miami.edu/~froomkin/articles/clipper.htm
>
> Although the article is more than 18 months old, the law hasn't changed
> in any material way as far as I know.
>
> Bottom line: they probably can't do it under the constitution, but it's a
> closer call than it should be.

This is a very helpful and thorough analysis.  However it does not address
the possibility of a ban on the sale/distribution of strong crypto, rather
than a ban on its use.

There are several reasons why I think the former is more likely:

 - PRECEDENT FROM ITARS
   The current bans on export of encryption software limit the distribution
   of the software itself, not of encrypted messages.  Extending this ban
   to domestic distribution would imply banning distribution but not use
   of crypto software.

 - NOT A PRIVACY ISSUE
   The privacy issues would be much less relevant because it is no longer
   a matter of just what you do in the privacy of your own home.

 - OUT OF THEIR OWN MOUTHS
   The Clinton administration's original veiled warning, quoted in
   Michael's paper, denied that "every American, as a matter of right,
   is entitled to an unbreakable commercial encryption product."  Noting
   the use of "commercial" this suggests a ban on sales rather than
   use.

 - COMMERCIAL REGULATION
   Not being a lawyer, I can only speculate that the interstate commerce
   clause would give more justification for a ban on distribution than on
   use.

 - FOOT IN THE DOOR
   Conceivably such a ban, if successful, would provide new arguments for
   advancing to the second stage of a ban on usage after some time.
   The impact of the usage ban would be less due to the lack of access
   most people would have to such software, and the (arguably) demonstrated
   effectiveness of the government approved software almost everyone would
   be using by that time.

 - BIG BROTHER IS WATCHING
   We have long speculated that the government's real interest is in
   making mass surveillance more practical, with the stated concerns about
   criminals being merely a convenient cover.  Commercial restrictions
   would be consistent with such motives since they would have more
   impact on the innocent many than the motivated few.

A ban on sales and distribution could still be opposed on First Amendment
grounds, especially if it becomes established that software is speech.
Still there are many restrictions possible on commercial speech so even
a favorable precedent in this area would not preclude some regulation of
software distribution.

We could also argue that such a ban is de facto equivalent to restrictions
on use, since most people would not then have access to privacy preserving
software.  In that case the many excellent arguments which Michael brings
forward to oppose such restrictions would be relevant.

And what would be the implications for freeware crypto?  Could
distribution of such software be subject to regulation in the same way
as commercial programs?  Then there are the issues relating to speech
about crypto which are currently being litigated.  Presumably domestic
restrictions on such speech would have to reach a much higher standard
of demonstrated need than restrictions on export.

For these reasons I think that domestic regulations on the sales
and distribution of strong crypto would not be a sure thing for the
government, but would be a lot easier for them than restricting use.
This suggests that it is a likely direction for them to take after the
next terrorist attack.

Hal





From FWJZ05A at prodigy.com  Wed Nov 13 09:33:16 1996
From: FWJZ05A at prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:33:16 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611131716.MAA18090@mime3.prodigy.com>


unsubcribe cypherpunks





From FWJZ05A at prodigy.com  Wed Nov 13 09:34:59 1996
From: FWJZ05A at prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:34:59 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611131715.MAA19158@mime3.prodigy.com>


unsubcribe cypherpunks





From sandfort at crl.com  Wed Nov 13 09:35:55 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 13 Nov 1996 09:35:55 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130331.TAA28661@netcom11.netcom.com>
Message-ID: <Pine.SUN.3.91.961113091632.16315A-100000@crl.crl.com>




On Tue, 12 Nov 1996, Larry wrote:

> actually, there are some amusing things going on here with cpunk
> "rules." are cpunks in favor of pseudonyms or not? one famous
> cpunk madman wrote under a pseudonym to the list, and many
> cypherpunk went to great lengths to try to derive his identity.
> is this a case of respecting pseudonyms? or is it more a case of
> the double standard at best, hypocrisy at worst, 
> "respect my pseudonyms, but yours are fair game"?  

In general, Cypherpunks promote the ABILITY to use pseudonyms.
"Respect pseudonyms" (whatever that means), is clearly a separate
issue.  In fact, by trying to "bust" a pseudonym, C'punks are
contributing to evolution in action.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From FWJZ05A at prodigy.com  Wed Nov 13 09:36:42 1996
From: FWJZ05A at prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:36:42 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611131715.MAA10830@mime3.prodigy.com>


unsubcribe cypherpunks





From nobody at replay.com  Wed Nov 13 09:37:59 1996
From: nobody at replay.com (Anonymous)
Date: Wed, 13 Nov 1996 09:37:59 -0800 (PST)
Subject: pgp3Re: pgp3
Message-ID: <199611131737.SAA05705@basement.replay.com>


To: cypherpunks at toad.com
cc: ktk, prz at acm.org, colin, pgp at lsd.com
Subject: preliminary pgp 3.0 api document
Date: Sat, 11 Feb 95 17:30:55 -0800
From: Katy Kislitzin <ktk>





From FWJZ05A at prodigy.com  Wed Nov 13 09:38:26 1996
From: FWJZ05A at prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:38:26 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611131717.MAB18050@mime3.prodigy.com>


unsubcribe cypherpunks





From FWJZ05A at prodigy.com  Wed Nov 13 09:56:11 1996
From: FWJZ05A at prodigy.com (CLERK PHILLIP G ROBERTS)
Date: Wed, 13 Nov 1996 09:56:11 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611131712.MAA17944@mime3.prodigy.com>


unsubcribe cypherpunks






From raph at cs.berkeley.edu  Wed Nov 13 09:58:20 1996
From: raph at cs.berkeley.edu (Raph Levien)
Date: Wed, 13 Nov 1996 09:58:20 -0800 (PST)
Subject: pgp3
In-Reply-To: <199611131217.NAA19213@internal-mail.systemics.com>
Message-ID: <328A0B7F.68B00890@cs.berkeley.edu>


Gary Howland wrote:
> Raph Levien wrote:
> > Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
> > 2.6.? distribution. I'm doing an independent implementation of the PGP
> > 2.6 message formats, and found this document unclear in a few spots. For
> > example, can anyone else figure out the weird CFB variant mode from this
> > document? I used a debugger on the PGP code to help me figure it out.
> 
> Exactly - I spent ages on the same thing.  Then there's the problem that
> packet length headers must be specific lengths for various types (eg.
> key certificates must have a 2 byte length, even if only one is required).
> It is also not clear what the exported key certificates should contain,
> the spec simply mentioning that there should be no trust packets etc. etc.

Right.

> > The PGP 3.0 "spec" that you're referring to is actually a draft for a
> > PGP library API. A couple of those got circulated on some PGP mailing
> > lists, but none have been publicly released, another example of the
> > secrecy surrounding the whole PGP effort.
> >
> > Now that PGP Inc. is happening, it's not exactly clear whether the PGP
> > 3.0 release is going to include an API closely resembling these drafts.
> 
> I agree with your comments.  For example, we are developing PGP compatible
> libraries in both Perl and Java, and are going to add SHA, Blowfish, T-DES,
> etc., along with a better key ring format, encrypted key rings, and features
> such as key generation from a passphrase, and we would very much like to
> remain compatible with the new PGP, but how can we when there is so little
> information available?  I think we need a forum to discuss PGP development
> issues - I would be happy to set one up if there was interest.

I'd be interested.

There's a few extensions I'm interested in, as well. One of the things
I'd _really_ like to see is a standardized, cryptographically strong
naming system for PGP keys. Derek Atkins and I threw around a proposal
(the SHA-1 hash, in hex, of the public key packet, including the packet
headers, with the length field in the packet header constrained to 2
bytes), but I'm not sure where that's headed.

The 8-byte key id is perhaps the biggest mistake in the PGP message
formats. I'm finding that it adds considerable complexity into the
message format code. For example, to check a signature, it's necessary
to iterate RSA exponentiation over all keys that match the key id. In
almost all cases, there will be only one such key, but to protect
against dead beef attacks, you have to do it.

In PGP 2.6.?, it's possible to exploit dead beef as a denial of service
attack. As soon as you add one public key with a given key id, it
prevents other keys with the same key id from being added. Thus, if I
were to create a key with key id 657984b8c7a966dd, and convinced other
people to add it to their keyrings, they wouldn't be able to add Phil
Zimmermann's key.

Knowledgeable users can get around this (for example, by deleting the
bogus key), but most people, especially those using automated tools,
would have trouble.

Of course, the main "extension" to PGP I'm interested in is a new trust
model and distributed database for certifying keys. However, at least
for the prototype, this can be implemented entirely on top of PGP (or
S/MIME, I think), so we don't need to talk about modifying the PGP
engine for this.

Raph





From warlord at ATHENA.MIT.EDU  Wed Nov 13 10:04:54 1996
From: warlord at ATHENA.MIT.EDU (Derek Atkins)
Date: Wed, 13 Nov 1996 10:04:54 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <A81C16F0582@frw3.kub.nl>
Message-ID: <199611131804.NAA26899@charon.MIT.EDU>


hi,

> > Also I understand, though there appears to be no available
> > documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> > nor MD5, using instead El Gamal for public key encryption and
> > signatures, 3DES (unsure?), and SHA1.
> 
> Can someone confirm that PGP3.0 will use ElGamal?

The PGP 3.0 code that I've been working on has support for:
	IDEA, 3DES
	MD5, SHA1
	RSA, DSS, ElGamal

It does not discontinue support for the PGP 2.6.2 algorithms.  It adds
support for new ones.

-derek





From snow at smoke.suba.com  Wed Nov 13 10:24:13 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 13 Nov 1996 10:24:13 -0800 (PST)
Subject: Information [for new PGP user]
In-Reply-To: <3284BF7A.36E0@gte.net>
Message-ID: <199611131840.MAA01754@smoke.suba.com>


> Paul Bradley wrote:
> > > >I'll bet you can't find 10 out of 1,000 users who have read the total source,
> > > may not function as expected.
> > compile on my system with the borland makefile than comes with PGP.
>Yet another success (NOT!) story for PGP.  I wonder how many people on this list
>would be willing to bet something *really* important to them on the security of PGP?

     I'd have more trouble trusting the Loose Nut on the other end than the
software. 
 
     Security is more than the software, it is picking proper Pass Phrases
(which I am not too sure about), it is keeping the keys where it is less
than easy to get at, it is making sure the machine isn't compromised etc. 

     Also, I ask you once again, Could you please format your email to 
under 80 columns? You might have something valuable to say, but I can't 
stand to read any of your posts more than 2 or 3 lines because of the 
way the lines break. 

     Thank you.


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From snow at smoke.suba.com  Wed Nov 13 10:27:40 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 13 Nov 1996 10:27:40 -0800 (PST)
Subject: Black Unicorn exposed?
In-Reply-To: <v02140b03aeaa71ed1c84@[192.0.2.1]>
Message-ID: <199611131843.MAA01765@smoke.suba.com>


> 
> At 11:00 AM 11/9/1996, Robert Hettinga wrote:
> > S. L. vonBernhardt, <mailto:unicorn at schloss.li>,...
> Black Unicorn recently stated that had taken measures to shield
> his identity so that people would be unable to cause harm to
> his professional activities by making unsubstantiated claims
> that could scare off prospective clients.
> It appears now that this protection has evaporated.  It will not
> be very hard in the future to put this information together with
> other statements people may make about Mr. Unicorn.
> We are hardly operating in a hostile environment.  Yet, somebody
> who has apparently gone to some effort to have an anonymous
> identity has been exposed.  The implications of this are worth
> considering.

     You, and others are assuming that S. L. von Bernhardt is his 
real name. Many many levels of deception are possible. 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From smith at sctc.com  Wed Nov 13 10:33:27 1996
From: smith at sctc.com (Rick Smith)
Date: Wed, 13 Nov 1996 10:33:27 -0800 (PST)
Subject: Dossier on Tim May is Easily Obtainable
Message-ID: <v01540b00aeaf9f2dbe5c@[172.17.1.61]>


The thorough investigator respects the value of physical records and
interviews with those actually present. Bit rot is a tricky thing, and so
are simple string matches.

At 7:15 PM 11/12/96, Timothy C. May wrote:

>To illustrate, let me call up my BlackNet Dossier Service entry on you.
>www.black.net... I'll just pick _part_ of your entry, from exactly 30 years
>ago:
>[,,,,much stuff about Mr. Smith elided....]
>So, Mr. Smith...is the dossier entry basically correct?

Perhaps that was the Rick Smith in the class behind or before me who is or
is not shown in yearbook photos with that blonde cheerleader. Or perhaps it
was another Rick Smith who does or does not appear in yearbook photographs
in the company of various brunette females. Could it have been the Rick
Smith whose house got struck by lightning in our town a few weeks back? Or
the Rick Smith who just got a building permit? Are these all the same
person? Nope.

On the other hand, a review of physical records from that important era of
the mid 1960s *does* indicate the existence of one and only one young
Timothy Christopher May in the vicinity of Langley, Va.

Interviews with [SOURCE DELETED] indicate that this young Timothy
Christopher May was known for a clever and abrasive style of discourse.
Investigators note that the exact same style of discourse appears in the
postings of one "Tim May" who is associated with that subversive cabal
known as "cypherpunks." The interviews also indicate that young Timothy
Christopher May was observed on numerous occasions to be reading Scientific
American in the school library and didn't always "share." E-mail messages
authored by "Tim May" and intercepted by [SOURCE DELETED] state that he has
read Scientific American on numerous occasions. At this time there is no
evidence as to whether or not "Tim May" willingly shares his magazines with
others, though some investigators argue that it is unlikely.

Records retrieved from [SOURCE DELETED] also show that the young Timothy
Christopher May exploited his interest in physics for destructive purposes,
like elaborate pranks involving fictious weaponry and national security
information. [INFORMATION DELETED FOR NATIONAL SECURITY REASONS -- ORCON
U31 -- OADR FOR RECLASSIFICATION]

However, more careful investigators have uncovered evidence to suggest that
this was not entirely a prank. Records from [SOURCE DELETED] indicate that
the young Timothy Christopher May purchased a huge gap magnet from Edmund
Scientific Company and also produced science fair project titled "Ball
Lightning: A Stable Plasma?" Investigators suspect the timing of these
events is not a coincidence.

Unfortunately, the photographs of young Timothy Christopher May being
escorted out of Earth Science class by agents of the Office of Naval
Intelligence have somehow been tampered with and are difficult to
reconstruct. Perhaps with modern technology...

Hmmm, similarities in name, interests, style of discourse, and a history of
technological subversion. Is this the same individual, thirty years later?
Gentle readers, you decide.

Rick.
smith at sctc.com







From declan at well.com  Wed Nov 13 10:37:48 1996
From: declan at well.com (Declan McCullagh)
Date: Wed, 13 Nov 1996 10:37:48 -0800 (PST)
Subject: Catholic University talk; ISP-TV
Message-ID: <Pine.GSO.3.95.961113103635.16150D-100000@well.com>




---------- Forwarded message ----------
Date: Wed, 13 Nov 1996 10:35:20 -0800 (PST)
From: Declan McCullagh <declan at well.com>
To: fight-censorship at vorlon.mit.edu
Subject: Unabashed self-promotion

I'm speaking at the Catholic University Law School about online
speech/crypto/copyright issues at 6:30 pm today. Anyone in DC is welcome
to stop by; the talk will be in the Columbus School of Law. 

Also tonight at 8 pm I'll be Brock Meeks' guest on the debut of his ISP-TV
show, "Meeks Unfiltered." We'll be talking about what the U.S. elections
mean to the Net. We plan to argue about universal service as well.
  http://www.digex.net/isptv/

-Declan







From declan at eff.org  Wed Nov 13 10:40:19 1996
From: declan at eff.org (Declan McCullagh)
Date: Wed, 13 Nov 1996 10:40:19 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <L8yBXD55w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961113103859.18273A-100000@eff.org>


If Vulis thinks I did an "excellent job," then perhaps I should have 
criticized him more harshly.

-Declan


On Wed, 13 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Declan's done an excellent journalistic job. I understand that because of the
> space limitations he couldn't quote everything that everyone told him, so one
> small point in his article might be misinterpreted by a casual reader:
> 
> Declan McCullagh <declan at well.com> writes:
> >    though, he's almost notorious. His .sig file, for instance, proudly
> Why "almost"? :-)
> >    points out that he's a former Kook of the Month; Vulis was also a
> There's no such thing as "former" KOTM, Declan. That's a lifetime achievement!
> >    Net-legend and even has the alt.fan.dimitri-vulis newsgroup named
> >    after him.
> (I newgrouped a.f.d-v myself, actually. But it does get traffic :-)
> >    daily messages that came from Vulis's keyboard. The list is on
> >    Gilmore's machine and he can do what he wants with it; he can moderate
> >    the postings, he can censor material, he can shut the whole thing
> >    down. By kicking off an offending user, a list owner merely exercises
> >    his property right. There's no government involvement, so the First
> >    Amendment doesn't apply.
> 
> I told Declan that agree 100% - John Gilmore has the right to do anything
> he likes with his private mailing list. The 1st Amendment does not apply.
> 
> However censorship needn't be government-imposed.
> 
> >        For his part, Gilmore calls removing the Russian mathematician "an
> >    act of leadership." He says: "It said we've all been putting up with
> 
> An act of censorship, an act of cowardice, an act of Hitler-like leadership...
> 
> >    this guy and it's time to stop. You're not welcome here... It seemed
> >    to me that a lot of the posts on cypherpunks were missing the mark.
> >    They seemed to have an idea that their ability to speak through my
> >    machine was guaranteed by the Constitution."
> 
> If John Gilmore ascribes this opinion to me, then he's lying outright.
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From dlv at bwalk.dm.com  Wed Nov 13 11:14:41 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 11:14:41 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <Pine.SUN.3.95L.961112224755.2462B-100000@bonjour.cc.columbia.edu>
Message-ID: <awecXD1w165w@bwalk.dm.com>


Jim Wise <jw250 at columbia.edu> writes:

> On Tue, 12 Nov 1996, Timothy C. May wrote:
> 
> > My piece was written as a rant about the dangers of the proposed talk of
> > "privatizing food distribution points," about how this would result in a
> > system where only the rich could get access to nutritional food, and how
> > the poor would be made to suffer. And how this "caloric anarchy" would
> > result in vicious monopolies, price wars, and deviation from Recommended
> > Governmental Caloric Intake Rules.
> 
> Which it does...  FWIW, I tend to agree with your general point, but I
> moved from downtown Manhattan to Harlem recently, and was surprised to see
> how many foodstuffs cost _more_ up here, as well as the obvious fact that
> many are harder to get...  Junk food and cheap liquor are everywhere,
> though...

I spent a few years living in Columbia housing on 111th St and there are
plenty of good, cheap groceries around. If you choose to save on the rent
and to live, e.g., up by City College, then indeed there are fewer groceries
and they cost more. The clerks who work there also get paid much more than
the clerks midtown because they risk their lives.
And you spend more time commuting to Columbia.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dave at kachina.jetcafe.org  Wed Nov 13 11:52:09 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Wed, 13 Nov 1996 11:52:09 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611131951.LAA16239@kachina.jetcafe.org>


[This is a rebuttal to a misguided news article.]

> Cypher-Censored
> By Declan McCullagh (declan at well.com)

Thank you for leaving your email address. It makes this easier.

You people (read: the unaware and hypnotized masses, which includes
reporters who's desire for attention and political safety holds them
in line with the consensual illusion) keep missing the real issue, and
substituting issues which only hold themselves in place.

[Those of you who know, please excuse the mediaistic terms used in
this rebuttal. One must use the symbols one is given to communicate
at the level of understanding of those who use them.]

>        Thus began a debate over what the concept of censorship means in a
>    forum devoted to opposing it. Did Gilmore have the right to show Vulis
>    the virtual door? Or should he have let the ad hominem attacks
>    continue, encouraging people to set their filters accordingly? The
>    incident raises deeper questions about how a virtual community can
>    prevent one person from ruining the forum for all and whether only
>    government controls on expression can be called "censorship."

"Cyberspace" is interacted with using tools under the control of the
interactor. 

In person-to-person interaction, one's only real defense against what
one decides to call "unwanted" is to remove oneself from the arena of
interaction. It may not be possible to ignore or run away from certain
sources of input. 

In cyberspace, however, it is not only possible but necessary and even
desirable. Cyberspace allows one to interact with many more people
then can fit in any given physical space. One simply -cannot- receive
input from 2000 people and not employ some sort of filtering
mechanism. Indeed, cyberspace has many buttons and switches (and even
programmatic filters) which allow one to -completely- control whom one
interacts with.

Logically, we must conclude that those who frequently and repeatedly
cry for the censorship or removal of any source of input from
cyberspace are either:

	-quite clueless about the tools at their disposal
	-ideologically or personally opposed to the source of input
or	-in need of large amounts of attention from others

Cluelessness can be overcome by appropriate teaching and interest in
learning (the latter issue we can safely assume users of popular but
ineffectual windowing OSes are not able to overcome). Such
cluelessness, however, is not and should never be a reason for 
censorship.

A need for attention can be overcome by refraining from the denial
that the need exists, followed by careful observation of that need. 
More can be said on this, but this is not the forum. Such a need
is not and should never be a reason for censorship. 

Idelological opposition is another matter entirely. To understand this
better, we'll need to observe this in action. Here is an example:

>        Vulis portrays himself as a victim, but as I posted to the list
>    last week, I disagree. Anyone who's spent any time on the
>    100-plus-messages-a-day list can read for themselves the kind of nasty
>    daily messages that came from Vulis's keyboard. 

"Nasty" is, of course, by this reporter's standard of "nasty". Granted
this standard may in fact be shared by Mr. Gilmore, however a shared
standard is not necessarily an appropriate or correct standard. 

>    The list is on Gilmore's machine and he can do what he wants with
>    it; he can moderate the postings, he can censor material, he can
>    shut the whole thing down. By kicking off an offending user, a
>    list owner merely exercises his property right. There's no
>    government involvement, so the First Amendment doesn't apply. And
>    the deleted, disgruntled user is free to start his own mailing
>    list with different rules.

Notice how, once the opposition is admitted to, the rationalization
begins. Suddenly this is not a matter of censorship, but of ownership.
Just as suddenly, the classic anti-free-speech arguments of "if you
don't like it, start yer own" begin to surface. (Anyone ever notice
how this resembles the "love it or leave it" mentality of certain
American patriotic organizations?)

What would ideological opposition be without the attempt at analogy? 
Here we witness another example:

>        But then the question is whether Gilmore should have exercised
>    that right, especially in such an open forum. Again, I think Gilmore's
>    actions were justified. Consider inviting someone into your home or
>    private club. If your guest is a boor, you might ask him to leave. If
>    your guest is an slobbish drunk of a boor, you have a responsibility
>    to require him to leave before he ruins the evening of others.

Notice that the net is compared to a home or private club. Actually
the net is neither, however that would not serve the purposes of this
analogy, so this fact is convienently forgotton. 

The net is a wonderful place. Any ideology, no matter who disagrees or
agrees with it, can be expressed and discussed here...assuming those
who oppose this ideology do not have their way with the source of
expression. There is a more refined and deeper truth to be found
in the very existence of the set of all human ideologies, which is
just beginning to show itself to some netizens. Unfortunately, this
truth can be ruined when people equate some notion of value to 
sources which ignore all but a tiny subset of the set of all ideologies:

>        Eugene Volokh, a law professor at UCLA, runs a number of mailing
>    lists and has kicked people off to maintain better editorial control.
>    Volokh says that the most valuable publications are those that
>    exercise the highest degree of editorial control.

Value to whom and for what? If the editorial control produces one
small element of the set of all ideologies, then this is only of value
to the people who support this ideology. Given that the set of 
people who support an issue is smaller than the set of people
who support and oppose an issue, would the value not increase
by allowing both sides of an issue equal speaking time? 

>        For his part, Gilmore calls removing the Russian mathematician "an
>    act of leadership." He says: "It said we've all been putting up with
>    this guy and it's time to stop. You're not welcome here... It seemed
>    to me that a lot of the posts on cypherpunks were missing the mark.
>    They seemed to have an idea that their ability to speak through my
>    machine was guaranteed by the Constitution."

It is sad to note that this is the leader of one of America's
forerunning organizations of freedom who says these words. For all
*his* ideology of free speech, this statement reveals the hypocrasy he
lives with for all to see. The true litmus test of free speech is to
encounter speech that you *want* to censor.

Mr. Gilmore, and other like minded parties, might want to consider
what would happen if one parent company owned *all* communications
media. Would they they be so supportive of the ideology of ownership
and communciation they espouse?
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
of destroying entire perceptual sets, cultures, and realities. Outlawed 
by all governments everywhere. Possession is normally punishable by death.






From aba at dcs.ex.ac.uk  Wed Nov 13 12:05:50 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Wed, 13 Nov 1996 12:05:50 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <v02140b06aeada4b1925d@[192.0.2.1]>
Message-ID: <199611131344.NAA00283@server.test.net>



> > Once you've bootstrapped to your cryptoanarchists toolkit, you can
> > have anything you want, even a virtual TCP/IP layer, a hidden level of
> > TCP/IP in stego data.  TCP/IP itself is a likely candidate for a stego
> > carrier.  Non-predictable sequence nos are required to stop things
> > like the spoofing attack, and so are perfectly plausible.
> 
> > Once we get to everyone having enough bandwidth, lots of people with
> > permanent connections, lots of people using video conference software,
> > audio, downloading feature length films, etc. there's no stopping
> > crypto anarchy.  The LSbits in that lot would make a fairly responsive
> > subliminal channel by todays standards.
> 
> I am finding this all very persuasive, although I am still suspicious
> of stegonagraphy.

The above presumes that you can plausibly use good quality random
number generators.  You need to because that is the problem
specification: you need the TCP sequence nos to be unpredictable.

However, playing along with possible LE avenues of attack, one avenue
of attack might be to require strong PRNG seeds to be handed over to
the Feds.  Or more specifically they might require that anything
computer generated which was unpredicatable to be made predicatable
for the government.

Still it seems unlikely that all subliminal channels could be blocked,
and you still have inherently noisy text, audio, and image files.

> It would be cool to have an exact specification and working machine.
> 
> This might even be easy enough to operate that non-technical people
> could learn how to do it, which implies that there could be large
> numbers of practicing cryptoanarchists.

A very good idea.  There was some discussion of this kind of thing a
while back about doing this for Singapore.  The suggestion at the time
was not to do it perfectly, but rather to arrange something simple to
allow people to circumvent the censorship enforced through their
compulsory use of a government censored web proxy.

> What we need is an experiment.  Let's pick a country with a near
> police state and design a system so that people in that country
> can freely and securely communicate with each other and the outside
> world with minimal chance of arrest.  Once the system is available,
> we can see if it succeeds in the field.  I'll leave others to
> suggest the target.

I would suggest starting with remailers, rather than interactive
traffic such as web traffic would be the easier target.  Might even
present a positive spin in the press for anonymity and remailers for a
change.

So what good stego techniques are there for text.  Do singaporeans use
a non ascii character set?  (As the Chinese use things like Big5
encoding). Anyone know of any features of the character set that
Singaporeans use which could be used for a subliminal channel?

> > However there are two ways to get anonymous electronic cash, either
> > you start with anonymous electronic cash, or you add the anonymity
> > afterwards via `privacy brokers', once there are a few dozen systems,
> > and trillions flowing around using these systems, it's going to be
> > hard to keep track of it all.
> 
> I still think the eventual payoff is a weak point, but it does make
> me think that in order to stop cryptoanarchy, foreign travel and
> foreign communication would have to be tightly controlled.  

Lets give a simple example of a way to create an anonymous payment
system from a fully traced payment system.  Say that an anonymous
privacy broker started a privacy club.  In this club, the participants
place into the pot $100 traceable ecash.  The privacy broker shuffles
the $100 payments, and hands them out.  The privacy brokers
reputation, or the algorithms ensure that the broker can't cheat and
abscond with money.

> While payment is a weak point, there are many cryptoanarchic activities
> that don't involve payment, such as participating in mailing lists,
> which people may like to do even when their governments disapprove.

Sure, if you keep cypherpunks list going even after crypto discussions
have been outlawed, you can keep discussions, and then the ammount of
ecash usage, and bandwidth may be more condusive to working out
anonymous payment systems.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From roach_s at alph.swosu.edu  Wed Nov 13 12:08:39 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Wed, 13 Nov 1996 12:08:39 -0800 (PST)
Subject: Exon Countdown Clock and farewell messages
Message-ID: <199611132008.MAA04178@toad.com>


At 09:59 AM 11/8/96 -0800, Michael Page wrote and Rich Graves forwarded:

>> ...
>> >We would attempt to send it via a Email, but the respected Senator does not
>> >have Email. (The Irony).
>> ...

To Which, on Mon, 11 Nov 1996, I wrote:

>> There is no irony here, Mr. Exon tried to control the internet for the very
>> reason that he didn't understand it and one of his granddaughters did.
>> Perhaps if he did understand the internet then he wouldn't be a threat.
>> Remember, people fear that which they don't understand.
 
To which, at 07:57 PM 11/12/96 -0800, Declan McCullagh wrote:

>I disagree. I think people understand the printing press and still want 
>to control it. Morality police are morality police, no matter what the 
>medium or how well they understand it.

A valid point, and Exon may have had designs of media control the whole
time.  The methods he used and the arguments he stated, however, suggested
to me, that he was someone who did not comprehend the technology.  Those who
he was able to sway with the dossier of .GIF's certainly were ignorant, many
of them were turned by that one display of images.






From isptv at access.digex.net  Wed Nov 13 12:10:13 1996
From: isptv at access.digex.net (ISP-TV Main Contact)
Date: Wed, 13 Nov 1996 12:10:13 -0800 (PST)
Subject: CDT's Jonah Seiger on ISP-TV's "Real Time"
Message-ID: <199611132010.PAA23010@access1.digex.net>


*** ISP-TV Program Announcement:

	Live interview with Jonah Seiger, 
	Policy Analyst for the Center for Democracy and Technology
***

*** Monday, Nov. 18 ***
*** 9:00 PM ET      ***

Jonah Seiger, Policy Analyst and online organizer with the Center for
Democracy and Technology (CDT), will be on ISP-TV's "Real Time" interview
series this monday night.

Seiger has been very active on both the crypto rights front and opposing
the Communications Decency Act.  He worked with Senator Burns to put the
first Congressional Hearing on the Internet, played a key role in
organizing an online petition which generated over 115,000 signatures in
opposition to the CDA, and helped to organize the "Black Thursday
Protest." 

We will ask Jonah questions about what the future of crypto regulation
will be in the next Congress, and the efforts of the Citizens Internet
Empowerment Coalition (CIEC) in fighting against the CDA in the Supreme
Court.

This video interview can be viewed on the ISP-TV main CU-SeeMe reflector
at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm








From george at justice.usdoj.gov  Wed Nov 13 12:21:30 1996
From: george at justice.usdoj.gov (Paul George)
Date: Wed, 13 Nov 1996 12:21:30 -0800 (PST)
Subject: [TEST] [IGNORE] [NOISE]
In-Reply-To: <199611100121.TAA12178@bluestem.prairienet.org>
Message-ID: <Pine.NEB.3.95.961113151733.28828A-100000@sneezy.usdoj.gov>


My email subscription name is not what I thought it was.  I'm bouncing a
note off the list to find out what it is.

Paul George
Do not think a minute that my opinions are even close to that of my
employer.






From snow at smoke.suba.com  Wed Nov 13 12:23:16 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 13 Nov 1996 12:23:16 -0800 (PST)
Subject: a retort + a comment + a question = [RANT]
In-Reply-To: <9610108476.AA847661103@smtp-gw.cv62.navy.mil>
Message-ID: <199611132026.OAA02005@smoke.suba.com>


Some Swabbie scribbled:
>  ---------------------------------------------------------------------- 
>  tim may wrote:
>  >"...and that discussions of other topics bother you should be a clear 
>  >indication you're probably on the wrong list."
>         uh, that's _why_ i am on this list...
>  >"Having a "navy.mil" domain probably is another reason, unless you 
>  >are only hear to monitor our discussions of using cryptography to 
>  >undermine the state, to liberate military secrets with BlackNet and 
>  >the Information Liberation Front, and to punish the millions of 
>  >those in the military-industrial complex who have so richly earned 
>  >their eventual punishments.
>         military secrets, eh?  tell me something mr may, what secrets 
>  have you uncovered in your undaunting quest to expose those corrupt 

     Believe me, if Blacknet ever becomes a reality, there will be 
military secrets for sale. 

>  little guys in uniform?  mr may - i serve in the US Navy so you don't 

     The little guys corruption isn't a secret. I was there, and I know. 
Little People have Little Minds, and the scope of their corruption is 
mostly minor and annoying. 

>  military does for the US is a good thing.  i skipped collage (don't 
>  ask why) after graduating early from HS to enlist in the navy.  

     Didn't like your art classes?  

>  keeping you free to bitch is why i am here.  never forget that the 
>  freedom you enjoy comes with a price, mr may.
>         the schools that you send your kids to (forgive me if you're 
>  celibate or childless) are run by the govt.  am i saying they do a good 
>  job?  not necessarily, but what i _am_ saying is that your kids _still_ 

     They did a better job when the governments _didn't_ run them, or at 
least the Federal Government didn't run them. 

>  go.  i am almost positive, despite attempts to the contrary, that you 
>  make use of the US postal system. 

     The US Postal System is not a government agency, it is a private 
company with a guarenteed monopoly.

> the phone lines that you connect 
>  that computer to were installed by - guess who? - there are a hundred 

    The local Phone Companies, not the government.

>  other things you and i and everyone use that wouldn't be there if it 
>  weren't for the USG (or state/county/municipal govt's).  tell me mr 

    Things like Jails for drug users, Massive corruption and forced 
economic redistribuion. Idiotic laws &etc. Yes, lots of things that wouldn't
be there. 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From unicorn at schloss.li  Wed Nov 13 12:36:36 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 13 Nov 1996 12:36:36 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611111626.IAA31552@crypt>
Message-ID: <Pine.SUN.3.94.961113153109.2905A-100000@polaris>


On Mon, 11 Nov 1996, Hal Finney wrote:

> Black Unicorn makes a lot of good points regarding privacy.  One thing
> I wanted to follow up on:
> 
> > Unfortunately, in the United States most citizens only become interested
> > in privacy in their 20s or so.  By this time it is difficult to overcome
> > the mass of information which has been stored up.  (Pseudocide can be an
> > attractive option for some perhaps).
> 
> I have two kids entering their teens, and I'm sure other list members are
> parents as well.  What can we do for our children to help them enter their
> adult lives with better chances to retain privacy?  Unicorn mentions keeping
> them absent from school on picture day, although I'm not sure how much this
> helps.  I suppose it makes it harder for an investigator to find out what
> they look(ed) like.  Then when they get old enough to drive you have a new
> problem avoiding the photo (and thumbprint) on the license.

Yearbooks are literally a publication.  If you wish to be extreme about
privacy, it is hardly prudent to allow your children's name and face to be
linked in a widely diseminated publication.

Fingerprints are not mandatory, or even requested, on all driver's
licenses.  Many states do not keep copies of the photos.  The only records
available are name, DOB, etc.  (Illinois was one of these, but I haven't
checked lately).

> 
> Are there other measures which parents could take while their children are
> young to get them off to a good start, privacy-wise?
>

Avoid getting a social security number.
You can list them as dependents for several years if you stall with the
IRS about their social security number.  The worst I have even seen the
IRS do is send (rather bland) letters complaining about the number being
in error.  They hardly have time to follow up on each one.  And if they
do, failing to apply for a number is hardly a crime.  Each parent could
easily say "I thought you did it."  "No, honey, you did."  "No, I didn't."
The auditer would kick you out of the office.

> Hal
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Wed Nov 13 12:46:23 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 13 Nov 1996 12:46:23 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611120414.WAA22624@manifold.algebra.com>
Message-ID: <Pine.SUN.3.94.961113153536.2905B-100000@polaris>


On Mon, 11 Nov 1996, Igor Chudov @ home wrote:

> Jim McCoy wrote:
> > >Are there other measures which parents could take while their children are
> > >young to get them off to a good start, privacy-wise?
> > 
> > Do not declare your children as dependants.  If you do then you are required
> > to get a SSN for them, but if you are willing to waive the tax savings there
> > is no requirement than children have a SSN.  Not having a handy universal
> > index number like a SSN makes it a lot harder for people to accumulate
> > statistics on your kids.
> 
> This is an interesting topic. I apologize if my questions are too trivial,
> but here they are: 
> 
> 	1) Can a person without an SSN have a credit record? Some
> 	   may say that a credit record is a bad thing to have,
> 	   but I am still interested in a possibility.

Yes.  Again, why this is so hard to understand I don't know.  I've said it
20 times on this list.  The SSN is only really revealed officially to the
Social Security Administration.  Even the IRS can't "get" it from the SSA,
they simply get a note from SSA which says "the name and number here don't
match up according to our records."  If they could get the number, they'd
just correct it, rather than sending you letters about it ever 6 months.

> 	2) Will private lenders (such as credit card issuers or
> 	   mortgage companies) agree to extend credit to a person
> 	   without an SSN or to someone who refuses to give out his SSN?

Extremely unlikely as the SSN is used to key the credit search.  I don't
want to encourage fraud or the like, but their ability to check for false
numbers is limited.

> 	3) Will the state issue a driver's license to someone who does not
> 	   have/does not wish to give out their SSN?

Depends on the state.  Some yes, some won't check, some require SSN cards
but accept alternative identification, some say no but will let you if you
complain enough.  You get the idea.

> 	4) Will states' police (where applicable) approve purchases of
> 	   firearms if purchasers do not state their ssn (misstating it
> 	   may be a crime) on an application?

This, again, depends on the state.
The SSN is available to police only if it is in a DMV or police record.
They cannot (excepting perhaps in extreme emergencies, though I've not
heard of such) get it directly from the SSA.

> 	5) Employers are required to pay certain taxes and therefore
> 	   they, in my understanding, need to know their employees SSNs.
> 	   How can people get around that (unless they do not need to work)?

Make a mistake on your form.  When the IRS discovers it, they will send
you, and perhaps your employer but I'm not sure, a letter complaining
about the error and telling you they cannot help you with this and you
have to go to the SSA to deal with it.

I have seen letters which threaten to withhold returns, but usually enough
complaints results in a return being issued anyhow.

> 	6) Can someone without an SSN obtain various kinds of insurance?

See above.
There is no way to verify that your SSN is correct if you did not tell
anyone what it was.

> It is my understanding that the law does not regulate use of social 
> security numbers between private parties. Businesses are free to refuse 
> to do business with someone who does not present them an SSN. In real 
> life, how inconvenient is life of a privacy-concerned individual?

As inconvenient is it is to give private businesses a string of random
numbers.

> Say, John Anonymous is a young 15 years old who anticipates to become an
> engineer and have a middle class life. He wants to get married, have
> children, drive a car, obtain insurance, work at some big company,
> travel around the world, invest in mutual funds or buy stocks, and so
> on. Reliance on government help is not important to him, so he would not
> apply for an SSN solely to get Social Security, welfare and such.
> 
> His parents are cypherpunks and did not obtain an SSN for John. How much 
> effort would it cost him to live a life outlined above?

As I mentioned, I have two associates who don't have, or have never used
their numbers and live quite happily in the United States.

The weak link is the fact that the SSA will not issue the actual numbers
to anyone but the applicant.

> Thank you
> 
> 	- Igor.
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Wed Nov 13 12:52:19 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 13 Nov 1996 12:52:19 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <v03007800aeade37ef979@[207.167.93.63]>
Message-ID: <Pine.SUN.3.94.961113154444.2905C-100000@polaris>


On Tue, 12 Nov 1996, Timothy C. May wrote:

> At 8:26 AM -0800 11/11/96, Hal Finney wrote:
> 
> >I have two kids entering their teens, and I'm sure other list members are
> >parents as well.  What can we do for our children to help them enter their
> >adult lives with better chances to retain privacy?  Unicorn mentions keeping
> >them absent from school on picture day, although I'm not sure how much this
> >helps.  I suppose it makes it harder for an investigator to find out what
> >they look(ed) like.  Then when they get old enough to drive you have a new
> >problem avoiding the photo (and thumbprint) on the license.
> >
> >Are there other measures which parents could take while their children are
> >young to get them off to a good start, privacy-wise?
> 
> I think there are two important domains of privacy to distinguish:
> 
> 1. The mundane.
> 
> 2, The political.
> 
> The mundane domain is what most people think of initially, Things like "How
> do I keep my name out of the system?" Or the point about kids.
> 
> The fact is, hundreds of millions of names are obviously--and almost
> unavoidably--in the mundane public sector. I say "almost unavoidably"
> because driver's licenses and social security numbers are ubiquitous.
> 
> (Side note: Jim McCoy's suggestion that kids can be kept off the
> parental-unit's tax returns and thus not get a SS number is fraught with
> problems. Many schools--including public schools--use the SS number for
> various internal and tracking reasons. Even if the kid is free of SS
> numbers until he's a teenager--at a cost of thousands of dollars a year in
> IRS deductions not taken--he'll essentially have to have an SS number in
> his high school years, for a variety of reasons. Maybe this can be avoided,
> but I doubt the reward is worth the hassles.)

Personally, I suggest that the dependent be identified with an erronious
SSN number.  If the dependent exists it is hard to make a fraud case and
the deductions are usually allowed anyhow.

I'm not sure what "a variety of reasons" in the highschool years is.  As
for hastles, I can't think of what they might be, other than going to the
SSN web page to construct a properly formatted number which the SSA will
report as "Issued" (as opposed to "Unissued").  This is one of the few
pieces of information that is given out.

Again, DMVs cannot check to see that the number matches the name, only if
it was issued and if the first three digits correspond to location where
the number was supposedly "issued" from.  (If not one can always claim to
have lived in the state that DID issue that number).

> The second category is that of the political domain. If a person can
> separate himself from the comments he makes, as Alois^H^H^H^H^H Black
> Unicorn has done, then it hardly matters--in an important sense--that his
> True Name has a SS number on file somewhere.

I disagree.
The lack of a social security number makes the first part easier.  They
are most certainly connected in the research into the few clues that will
have to slip out, will not lead back to any fact which can be later used
to narrow down the field.  (The first three numbers of a SSN for example).

> This is an important distinction in discussing privacy, I think. If I had a
> rug rat, I doubt I'd go to great lengths to avoid getting him or her an SS
> number. If the Feds offered me a yearly savings of $1000 or more on my
> taxes, I'd take it.

Pity, but still, you can avoid it without sacrificing the dependent
deduction.

> (Given that it's almost an inevitability that the kid would have to "enter
> the system" at about the age where it really begins to matter, e.g, the age
> at which he or she begins to have political beliefs.)

I don't understand why this is so.  Perhaps I missed a link in the chain
here?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From roach_s at alph.swosu.edu  Wed Nov 13 12:53:48 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Wed, 13 Nov 1996 12:53:48 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611132053.MAA05389@toad.com>


At 07:31 PM 11/12/96 -0800, Vladimir Z. Nuri wrote:
...
>actually, there are some amusing things going on here with cpunk
>"rules." are cpunks in favor of pseudonyms or not? one famous
>cpunk madman wrote under a pseudonym to the list, and many
>cypherpunk went to great lengths to try to derive his identity.
>is this a case of respecting pseudonyms? or is it more a case of
>the double standard at best, hypocrisy at worst, 
>"respect my pseudonyms, but yours are fair game"?  
...
Cypherpunks try to break each others crypto as well, in an attempt to evolve
crypto to the point that it is not crackable.  Perhaps you would like to
make pseudonyms easier to protect.  If you developed a pseudonym and gave it
its own public/private key pair, and if people bothered to check your
signatures with the appropiate sources, then you should be able to protect
it.  Of course, I just assume that those on the list are who they say they
are, I have e-mail access on the schools LAN, and PGP on the machine in my
room.  There is an air gap between the two, so getting a key requires a two
way trip.  I may start validating in the future, but I don't now.  The point
I was trying to make is, is "cracking" of pseudonyms any different than
cracking of algorythims?






From unicorn at schloss.li  Wed Nov 13 13:11:13 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 13 Nov 1996 13:11:13 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130331.TAA28661@netcom11.netcom.com>
Message-ID: <Pine.SUN.3.94.961113155458.2905D-100000@polaris>


On Tue, 12 Nov 1996, Vladimir Z. Nuri wrote:

> >I'm sure some clever participant at DCSB will do a pile of homework before
> >coming to my talk and put it all together.  So be it.  If he or she is
> >polite, they might chide me in private a bit, but not blather all over the
> >list just to show how very clever they were.  As long as they enjoy the
> >talk, I'm not overly concerned.
> 
> or then again, maybe they'll sell it to BLACKNET!! <g>
> 
> actually Unicorn, eventually voice analysis software may
> evolve to the point that someone could match people
> based on their voices to public speech databases, and you
> could be nailed through your phone conversations. hmmmm, have you
> ever had a conversation with someone who might have been
> taping you for amusement?

Probably.

> 
> (heh. you write a long, self-indulgent letter about the extremes
> you have gone to keep your ID secret, and pretend to be blase' &
> nonchalant if someone discovers it? I think I can see through
> that smokescreen.)

You didn't read very carefully.  I'd hardly call the modest efforts I made
extreme.  This was the entire point.  If explaining my successes with
moderate efforts so that others might duplicate it (I think that apathy is
why more nyms [like yours] are unsuccessful as privacy tools) then how is
that self-indulgent?

> actually, I heard this interesting rumor that Unicorn threatened
> to sue someone who "defamed" his pseudonym. quite an amusing
> story if true, given his last essay that talks about how he
> created the pseudonym in the first place to avoid exactly what
> it accomplishes, i.e. dissociating his professional identity
> from the "lunatic anarchist" writhing beneath the surface.

You fail to not that dissociating one identity from another requires the
existence of two identities.  Is the second any less entitled to
protection than the first?

> actually, there are some amusing things going on here with cpunk
> "rules." are cpunks in favor of pseudonyms or not? one famous
> cpunk madman wrote under a pseudonym to the list, and many
> cypherpunk went to great lengths to try to derive his identity.
> is this a case of respecting pseudonyms? or is it more a case of
> the double standard at best, hypocrisy at worst, 
> "respect my pseudonyms, but yours are fair game"?  

No.  That is the pseudo-cpunk attitude.

The real cypherpunks attitude can be illustrated thusly:

Two men are walking down a street, a psychologist and an economist.  They
happen along on a $100 bill.  Thinking he will evaluate the response of
the economist, the psychologist ignores the clearly visible bill.  To his
surprise the economist ignores it as well.  On asking the economist why he
did not pick up the bill, the psychologist recieves this answer:

"If it was really a $100 bill, someone would have picked it up already."

An old joke, but it makes an important point.  It is not enough to know
how the market system works, but also to participate it.  This is why I
believe using those legal tools that are available is an important step.
There is no morality other than the morality of the market.  I submit that
we do not need a central authority to dictate morality.  We need only
individual views of morality.  There will only be as large a pornography
market as there is a demand.  Ditto for narcotics, guns.  If the market
believes that porn is immoral, customers, by their own moral decision,
will reduce the market to nothing.  Of course this will not happen
in the near future because the cost of this moral choice exceeds the
benefit for many customers.

Why is use of the legal system any different?  If it is so wrong for me to
use the legal system as it stands, and if I am to be the subject of
criticism for the conduct, then aren't the critics imposing their moral
view on me?  Isn't this what libertarian cypherpunks dislike in the first
place?

The bottom line is that the decision to sue is much like the decision to
use a legal tax loop.  I would call "idiot" the person who refused to
utilize that which the government hands him. (Did not Mr. May indicate
that the $1000.00 or so that the government would hand him was too costly
to lose, even in the face of estlablishing privacy for his children?  In
my view that is a rational decision.  Mr. May has priced privacy.  My
objection to his rationale was that I think the cost of obtaining it can
be significantly lower).

If the government is going to hand me the means to curb conduct which may
be harmful to me, why should I refuse to use it on some "moral" grounds.
(The moral grounds might consist of "well it's not a nice thing to do." 
but other than that, I am at a loss to identify them precisely).

I submit that if law suits are so harmful and create such loss, eventually
they will be eliminated by one of several mechanisms.

Cypherpunks that they might speed the process by using that entitlement
which the government gives them.

[Remaining nonsense deleted]

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From declan at well.com  Wed Nov 13 13:13:22 1996
From: declan at well.com (Declan McCullagh)
Date: Wed, 13 Nov 1996 13:13:22 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611131951.LAA16239@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961113122648.8294B-100000@well.com>


I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
meaningless political rants.

I'll address some of his points.

* "Political safety?" I stand by my record as a writer. Check out
http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
recent articles. Political safety? Hardly.

* Dave says "Notice that the net is compared to a home or private club." 
Wrong. I never compared the Net to such. However, a mailing list run on a
computer in someone's home with his own cash is very similar to a private
club.  There are private speech restrictions on the Net. Gated communities
exist.  Try to join the "lawprofs" mailing list. You can't; you're not
(and quite obviously anything but) a law professor. Censorship? Not quite. 

* Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
from posting. 

* Dave warns us to consider "what would happen if one parent company owned
*all* communications media." Then we have problems. I've written about
this in an Internet Underground magazine column. However, this is not the
case now. Or are you arguing the government should get involved and force
Gilmore to allow Vulis on his list?

By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
Usenet,"  a private mailing list is NOT Usenet. Get a clue. 

-Declan






On Wed, 13 Nov 1996, Dave Hayes wrote:

> [This is a rebuttal to a misguided news article.]
> 
> > Cypher-Censored
> > By Declan McCullagh (declan at well.com)
> 
> Thank you for leaving your email address. It makes this easier.
> 
> You people (read: the unaware and hypnotized masses, which includes
> reporters who's desire for attention and political safety holds them
> in line with the consensual illusion) keep missing the real issue, and
> substituting issues which only hold themselves in place.
> 
> [Those of you who know, please excuse the mediaistic terms used in
> this rebuttal. One must use the symbols one is given to communicate
> at the level of understanding of those who use them.]
> 
> >        Thus began a debate over what the concept of censorship means in a
> >    forum devoted to opposing it. Did Gilmore have the right to show Vulis
> >    the virtual door? Or should he have let the ad hominem attacks
> >    continue, encouraging people to set their filters accordingly? The
> >    incident raises deeper questions about how a virtual community can
> >    prevent one person from ruining the forum for all and whether only
> >    government controls on expression can be called "censorship."
> 
> "Cyberspace" is interacted with using tools under the control of the
> interactor. 
> 
> In person-to-person interaction, one's only real defense against what
> one decides to call "unwanted" is to remove oneself from the arena of
> interaction. It may not be possible to ignore or run away from certain
> sources of input. 
> 
> In cyberspace, however, it is not only possible but necessary and even
> desirable. Cyberspace allows one to interact with many more people
> then can fit in any given physical space. One simply -cannot- receive
> input from 2000 people and not employ some sort of filtering
> mechanism. Indeed, cyberspace has many buttons and switches (and even
> programmatic filters) which allow one to -completely- control whom one
> interacts with.
> 
> Logically, we must conclude that those who frequently and repeatedly
> cry for the censorship or removal of any source of input from
> cyberspace are either:
> 
> 	-quite clueless about the tools at their disposal
> 	-ideologically or personally opposed to the source of input
> or	-in need of large amounts of attention from others
> 
> Cluelessness can be overcome by appropriate teaching and interest in
> learning (the latter issue we can safely assume users of popular but
> ineffectual windowing OSes are not able to overcome). Such
> cluelessness, however, is not and should never be a reason for 
> censorship.
> 
> A need for attention can be overcome by refraining from the denial
> that the need exists, followed by careful observation of that need. 
> More can be said on this, but this is not the forum. Such a need
> is not and should never be a reason for censorship. 
> 
> Idelological opposition is another matter entirely. To understand this
> better, we'll need to observe this in action. Here is an example:
> 
> >        Vulis portrays himself as a victim, but as I posted to the list
> >    last week, I disagree. Anyone who's spent any time on the
> >    100-plus-messages-a-day list can read for themselves the kind of nasty
> >    daily messages that came from Vulis's keyboard. 
> 
> "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> this standard may in fact be shared by Mr. Gilmore, however a shared
> standard is not necessarily an appropriate or correct standard. 
> 
> >    The list is on Gilmore's machine and he can do what he wants with
> >    it; he can moderate the postings, he can censor material, he can
> >    shut the whole thing down. By kicking off an offending user, a
> >    list owner merely exercises his property right. There's no
> >    government involvement, so the First Amendment doesn't apply. And
> >    the deleted, disgruntled user is free to start his own mailing
> >    list with different rules.
> 
> Notice how, once the opposition is admitted to, the rationalization
> begins. Suddenly this is not a matter of censorship, but of ownership.
> Just as suddenly, the classic anti-free-speech arguments of "if you
> don't like it, start yer own" begin to surface. (Anyone ever notice
> how this resembles the "love it or leave it" mentality of certain
> American patriotic organizations?)
> 
> What would ideological opposition be without the attempt at analogy? 
> Here we witness another example:
> 
> >        But then the question is whether Gilmore should have exercised
> >    that right, especially in such an open forum. Again, I think Gilmore's
> >    actions were justified. Consider inviting someone into your home or
> >    private club. If your guest is a boor, you might ask him to leave. If
> >    your guest is an slobbish drunk of a boor, you have a responsibility
> >    to require him to leave before he ruins the evening of others.
> 
> Notice that the net is compared to a home or private club. Actually
> the net is neither, however that would not serve the purposes of this
> analogy, so this fact is convienently forgotton. 
> 
> The net is a wonderful place. Any ideology, no matter who disagrees or
> agrees with it, can be expressed and discussed here...assuming those
> who oppose this ideology do not have their way with the source of
> expression. There is a more refined and deeper truth to be found
> in the very existence of the set of all human ideologies, which is
> just beginning to show itself to some netizens. Unfortunately, this
> truth can be ruined when people equate some notion of value to 
> sources which ignore all but a tiny subset of the set of all ideologies:
> 
> >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> >    lists and has kicked people off to maintain better editorial control.
> >    Volokh says that the most valuable publications are those that
> >    exercise the highest degree of editorial control.
> 
> Value to whom and for what? If the editorial control produces one
> small element of the set of all ideologies, then this is only of value
> to the people who support this ideology. Given that the set of 
> people who support an issue is smaller than the set of people
> who support and oppose an issue, would the value not increase
> by allowing both sides of an issue equal speaking time? 
> 
> >        For his part, Gilmore calls removing the Russian mathematician "an
> >    act of leadership." He says: "It said we've all been putting up with
> >    this guy and it's time to stop. You're not welcome here... It seemed
> >    to me that a lot of the posts on cypherpunks were missing the mark.
> >    They seemed to have an idea that their ability to speak through my
> >    machine was guaranteed by the Constitution."
> 
> It is sad to note that this is the leader of one of America's
> forerunning organizations of freedom who says these words. For all
> *his* ideology of free speech, this statement reveals the hypocrasy he
> lives with for all to see. The true litmus test of free speech is to
> encounter speech that you *want* to censor.
> 
> Mr. Gilmore, and other like minded parties, might want to consider
> what would happen if one parent company owned *all* communications
> media. Would they they be so supportive of the ideology of ownership
> and communciation they espouse?
> ------
> Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
> of destroying entire perceptual sets, cultures, and realities. Outlawed 
> by all governments everywhere. Possession is normally punishable by death.
> 
> 






From unicorn at schloss.li  Wed Nov 13 13:16:47 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 13 Nov 1996 13:16:47 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611122141.PAA27619@shade.sctc.com>
Message-ID: <Pine.SUN.3.94.961113161154.2905E-100000@polaris>


On Tue, 12 Nov 1996, Rick Smith wrote:

> Hal Finney wrote:
> 
> : Are there other measures which parents could take while their children are
> : young to get them off to a good start, privacy-wise?
> 

[...]

> The basic and obvious rule to most of us is to control the SSN and
> don't give out a correct one except when absolutely necessary.  One of
> the banks in Minneapolis refuses to pay interest at all if you don't
> have your SSN on file.

All banks require this.
Exercise for the reader:  How does the bank verify SSNs?

> Rick.
> smith at sctc.com

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Wed Nov 13 13:18:13 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 13 Nov 1996 13:18:13 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130235.SAA14796@toad.com>
Message-ID: <Pine.SUN.3.94.961113161451.2905F-100000@polaris>


On Tue, 12 Nov 1996, Sean Roach wrote:

> At 10:14 PM 11/11/96 -0600, Igor Chudov wrote:

> >His parents are cypherpunks and did not obtain an SSN for John. How much 
> >effort would it cost him to live a life outlined above?
> 
> He couldn't, at least not in Oklahoma.  In Oklahoma, students in public
> schools are now required to have SSN's.

And these are verified..... how?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From declan at eff.org  Wed Nov 13 13:22:13 1996
From: declan at eff.org (Declan McCullagh)
Date: Wed, 13 Nov 1996 13:22:13 -0800 (PST)
Subject: Exon Countdown Clock and farewell messages
In-Reply-To: <199611132008.MAA23543@eff.org>
Message-ID: <Pine.SUN.3.91.961113132041.26376B-100000@eff.org>


If Exon had understood the Internet, he would have wanted to control it 
even more. Worse yet, his staff would have drafted a CDA more likely to 
pass constitutional muster.

-Declan


On Wed, 13 Nov 1996, Sean Roach wrote:

> At 09:59 AM 11/8/96 -0800, Michael Page wrote and Rich Graves forwarded:
> 
> >> ...
> >> >We would attempt to send it via a Email, but the respected Senator does not
> >> >have Email. (The Irony).
> >> ...
> 
> To Which, on Mon, 11 Nov 1996, I wrote:
> 
> >> There is no irony here, Mr. Exon tried to control the internet for the very
> >> reason that he didn't understand it and one of his granddaughters did.
> >> Perhaps if he did understand the internet then he wouldn't be a threat.
> >> Remember, people fear that which they don't understand.
>  
> To which, at 07:57 PM 11/12/96 -0800, Declan McCullagh wrote:
> 
> >I disagree. I think people understand the printing press and still want 
> >to control it. Morality police are morality police, no matter what the 
> >medium or how well they understand it.
> 
> A valid point, and Exon may have had designs of media control the whole
> time.  The methods he used and the arguments he stated, however, suggested
> to me, that he was someone who did not comprehend the technology.  Those who
> he was able to sway with the dossier of .GIF's certainly were ignorant, many
> of them were turned by that one display of images.
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From gimonca at skypoint.com  Wed Nov 13 13:23:24 1996
From: gimonca at skypoint.com (Charles Gimon)
Date: Wed, 13 Nov 1996 13:23:24 -0800 (PST)
Subject: A really short one time pad. (fwd)
Message-ID: <m0vNmm1-0003J9C@mirage.skypoint.com>


Forwarded message:
> Date: Wed, 13 Nov 1996 08:02:16 -0600 (CST)
> From: Ron Strasburg <rstrasbu at bronco1.hastings.edu>
> To: cypherpunks at toad.com
> Subject: Re: A really short one time pad.
> 
> On Tue, 12 Nov 1996, Timothy C. May wrote:
> > At 5:39 PM -0800 11/12/96, Sean Roach wrote:

[deletia]
> > >For that patter the nth root of any prime number.
> > >Cheap, I know.  Wonder if this type of "one time pad" is as foolproof as
> > >truly randomly generated ones.

> > 
> > You needn't wonder. These are not one time pads. Read any opening chapter
> > of any book on crypto to see why.
> > 

> this was proposed a couple months ago by a Robert Shueey, he first posted 
> asking if "Irrational=Random".
> not sure if he got any responses. 

"The Broken Dice" by Ivar Ekeland has a chapter that discusses Shannon,
Kolmogorov, what is random and what isn't. Interesting, readable,
non-technical.







From talon57 at well.com  Wed Nov 13 13:24:52 1996
From: talon57 at well.com (Brian D Williams)
Date: Wed, 13 Nov 1996 13:24:52 -0800 (PST)
Subject: [NONCRYPTO] Re: cypher-censored the netly news
Message-ID: <199611132124.NAA27214@well.com>



>Cypher-Censored
>By Declan McCullagh (declan at well.com)
                                       
>The cypherpunks mailing list, so legend goes, coalesced around two
>principles: the dissemination of strong encryption and an absolute
>commitment to free speech.

Incorrect, Cryptography and the promotion of privacy by use of
same.

Not "Free Speech."

>Thus began a debate over what the concept of censorship means in
>a forum devoted to opposing it. 

<sigh> see above.

>Did Gilmore have the right to show Vulis the virtual door? 

Yes


>But what if your private club's express purpose is to cherish free
>speech? 

Again see above, this is not a stated purpose of this list.

   
>What does Vulis's ouster mean to the community that sprang up
>around this mailing list, of which he had been a member for
>nearly three years? 

Dimitri's been here three years?

>Will Rodger from Inter at ctive Week and Lewis Koch from Upside
>Magazine are writing about this.)

I can hardly wait (insert dripping sarcasm).


It still seems people are confusing a benevolent dictatorship with
some sort of democracy. Cypherpunks is just a list, a tiny, tiny
portion of a small corner of the Internet. John started it (with
Tim, Eric and others) and John owns it, no big deal. 

Dimitri was kicked out of John's "Virtual Living Room" after daring
him to do so. We can all still hear his screeching from out on the
virtual sidewalk.

To those who call this censorship I say "To a man who only has a
hammer, every problem resembles a nail."

I do admire Declan's efforts however, please keep up the good work.

Brian

"When catapults are outlawed only outlaws will have catapults."







From shamrock at netcom.com  Wed Nov 13 13:32:42 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 13 Nov 1996 13:32:42 -0800 (PST)
Subject: Remailer Abuse Solutions
In-Reply-To: <v02140b00aeafa0bb0e9f@[192.0.2.1]>
Message-ID: <Pine.3.89.9611131359.A27151-0100000@netcom6>


On Wed, 13 Nov 1996, Peter Hendrickson wrote:

> At 10:34 AM 11/13/1996, Mullen Patrick wrote:
> > Also,
> > what happens when your long-lost friend comes across your addy and tries to
> > email you?  Surely you don't want to charge postage for an otherwise free
> > service to him/er.  Maintaining a list of "accepted sources" would be a hassle
> > not many people would accept.
> 
> Absent highly intrusive global net monitoring techniques, that's what they
> are going to have to do anyway.  E-mail is inexpensive.  The advertiser
> can justify the expense even if generates a small number of leads.  Expect
> more spam.

There is a very simple way of dealing with your long lost friend. And any 
other person not on your "free" list. If you find their email worth your 
while, you can always give them their money back. For future contact, you 
can move your friend on the "free" list.

Frankly, I don't think there is anybody new that I care to communicate with 
who wouln't be willing to make a small deposit for initiating communications.

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"







From dave at kachina.jetcafe.org  Wed Nov 13 13:33:46 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Wed, 13 Nov 1996 13:33:46 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611132131.NAA16681@kachina.jetcafe.org>


> I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> meaningless political rants.

Is this another way of saying you do not understand, since you
can attribute no meaning? 

> * "Political safety?" I stand by my record as a writer. Check out
> http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> recent articles. Political safety? Hardly.

It never ceases to amaze me how human beings think in terms of
indoctrination and repetition. (Isn't that repetitive too?) 

In this example, previous works are cited as reasons why a current
work is or is not something. As most people in probability theory can
tell you, the chance of something being true has nothing to do with
the results of previous trials. 

In other words, your record is irrelavent. I calls 'em as I sees 'em.

> * Dave says "Notice that the net is compared to a home or private club." 
> Wrong. I never compared the Net to such. However, a mailing list run on a
> computer in someone's home with his own cash is very similar to a private
> club.  

And you say you aren't comparing the net to a home or club? Aren't 
mailing lists on the net? Aren't you comparing them to a club? 
Or are you merely being unclear about your comparisons? 

> * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> from posting. 

What seems to be often isn't. I am not asserting any such thing. In
fact, Mr. Gilmore hasn't done anything of note since Vulis still gets
mail off the list...it's more symbolic. Interestingly enough, the only
"damage" I see is to Mr. Gilmore's reputation. This is hardly a loss
in my opinion, but I assume it means something to a reporter...

> * Dave warns us to consider "what would happen if one parent company owned
> *all* communications media." Then we have problems. I've written about
> this in an Internet Underground magazine column. However, this is not the
> case now. 

It does not have to be the case for you to see the intended point,
which you apparently missed. I'll say it again: Ownership should not
be a license for censorship. 

> Or are you arguing the government should get involved and force
> Gilmore to allow Vulis on his list?

No. That would be the same thing in a different guise. Please read my
article again and attempt to comprehend what I am saying. It would
truly help your comprehension if you failed to react in a Pavlovian
manner to it.

> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 

The clue to be gotten is yours. I never implied or intended such a
misunderstanding.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

A philosopher called on Nasrudin and found him away from home. Infuriated, 
he wrote 'Stupid Oaf' on his door. As soon as Nasrudin got home and saw this,
he rushed to the philosopher's house. "I'd forgotten", he said, "that you 
were to call. And I apologize for not having been at home. I remembered 
our appointment as soon as I saw that you'd left your name on my door..."







From george at justice.usdoj.gov  Wed Nov 13 13:44:59 1996
From: george at justice.usdoj.gov (Paul George)
Date: Wed, 13 Nov 1996 13:44:59 -0800 (PST)
Subject: Computer Security Training
In-Reply-To: <199611131240.NAA19255@internal-mail.systemics.com>
Message-ID: <Pine.NEB.3.95.961113163245.421A-100000@sneezy.usdoj.gov>


I got this on the LAN at work.


>Computer Security Awareness Training (CSAT) will be held at CSS on
>November 21, 1996, from 2:00 p.m. to 3:00 p.m., in the South Computer
>Room.  Our guess speaker will be Mr. Tony Escobedo, an FBI Information
>Security Specialist currently responsible for the FBI Security Education
>Program.  The presentation will satisfy our yearly CSAT requirement for
>CSS employees.  This training is mandatory.

Does anyone know this guy?  Does anyone have any questions that they would
like me to ask?  I could take notes and let you know what he says (if
anything).  

I imagine this guy is going to say things like "Don't leave your computer
logged on while you go to lunch" Duuuhhhh...

I'd like to ask very poignant questions since this will be my second to
the last day working for Uncle Sam. (I'm going Private Industry, yeeaa!!)

And I really don't care what my boss thinks of my questions. ;)

Paul.

Oh, I unsubscribed to the list, 500 emails over a long weekend is too
much.  So please CC: questions to george at justice.usdoj.gov and I will
forward all answers to the list. Thanks a bunch....






From frissell at panix.com  Wed Nov 13 13:51:17 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 13 Nov 1996 13:51:17 -0800 (PST)
Subject: Rush on Anonymity
Message-ID: <3.0b36.32.19961113164933.007597b4@panix.com>


Rush Limbaugh opined that most of the BS on the Nets would disappear if Net
IDs could be easily traced.  (He was observing not advocating.)

I know this isn't correct.  Most of those who post do so under their own or
easily traceable identities.  Most of what is posted is "as legal as church
on a Sunday" in any case.  Many posters are judgment proof student types as
well.  

The net is the equivalent of barroom conversation or other casual
conversation between individuals.  The only difference is more people can
overhear.  In addition, speakers are likely to get a bit more rambunctious
because they are not in the physical presence of others and so are less
likely to be intimidated in monkey-troop fashion.  No deference need be
given to those higher on the pecking order because those primitive
responses are keyed to physical presence.

The Net is an approximation of a stream of consciousness since many posters
don't think before they post.  That's not illegal, however.  If the Fibbies
knew who posted the Friendly Fire message about TWA 800 (how many megabytes
of such messages have there actually been?), it would make no difference
since such claims are legal. 

The Net is just what you get when communications barriers and physical
intimidation are reduced.  It isn't even very "nasty, brutish, and short."
I've posted controversial opinions for years and have hardly been flamed
once.  All those reporters who get on the Nets and immediately get flamed
must either be hanging out in the wrong places or be pretty stupid in the
way they say things.  

DCF





From dlv at bwalk.dm.com  Wed Nov 13 13:52:05 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 13:52:05 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.SUN.3.91.961113103859.18273A-100000@eff.org>
Message-ID: <wLmcXD1w165w@bwalk.dm.com>


Declan McCullagh <declan at eff.org> writes:

> If Vulis thinks I did an "excellent job," then perhaps I should have 
> criticized him more harshly.

What's the connection?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From declan at well.com  Wed Nov 13 14:02:04 1996
From: declan at well.com (Declan McCullagh)
Date: Wed, 13 Nov 1996 14:02:04 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611132131.NAA16681@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961113135716.7103A-100000@well.com>


It's not a way of saying I don't understand. Instead, I find your
viewpoint incomprehensible and internally inconsistent.

In fact, you Freedom Knight folks seem to be closet censors yourself. Why
do you support not carrying newsgroups like alt.config?

Yes, ownership gives you a license to censor. I'm going to have a party in
my home a few weeks from now. If I don't like what someone is doing, I'll
kick 'em out. I won't do it lightly, but I will fight for my right to do
so.

Oh, and I plan to subscribe to the freedom-knights mailing list and infest
it the way Vulis did cypherpunks. Every hour, on the hour, a crontab
script will flood it with rants about Dave (fart) Hayes.

What will you do then?

-Declan



On Wed, 13 Nov 1996, Dave Hayes wrote:

> > I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> > meaningless political rants.
> 
> Is this another way of saying you do not understand, since you
> can attribute no meaning? 
> 
> > * "Political safety?" I stand by my record as a writer. Check out
> > http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> > recent articles. Political safety? Hardly.
> 
> It never ceases to amaze me how human beings think in terms of
> indoctrination and repetition. (Isn't that repetitive too?) 
> 
> In this example, previous works are cited as reasons why a current
> work is or is not something. As most people in probability theory can
> tell you, the chance of something being true has nothing to do with
> the results of previous trials. 
> 
> In other words, your record is irrelavent. I calls 'em as I sees 'em.
> 
> > * Dave says "Notice that the net is compared to a home or private club." 
> > Wrong. I never compared the Net to such. However, a mailing list run on a
> > computer in someone's home with his own cash is very similar to a private
> > club.  
> 
> And you say you aren't comparing the net to a home or club? Aren't 
> mailing lists on the net? Aren't you comparing them to a club? 
> Or are you merely being unclear about your comparisons? 
> 
> > * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> > from posting. 
> 
> What seems to be often isn't. I am not asserting any such thing. In
> fact, Mr. Gilmore hasn't done anything of note since Vulis still gets
> mail off the list...it's more symbolic. Interestingly enough, the only
> "damage" I see is to Mr. Gilmore's reputation. This is hardly a loss
> in my opinion, but I assume it means something to a reporter...
> 
> > * Dave warns us to consider "what would happen if one parent company owned
> > *all* communications media." Then we have problems. I've written about
> > this in an Internet Underground magazine column. However, this is not the
> > case now. 
> 
> It does not have to be the case for you to see the intended point,
> which you apparently missed. I'll say it again: Ownership should not
> be a license for censorship. 
> 
> > Or are you arguing the government should get involved and force
> > Gilmore to allow Vulis on his list?
> 
> No. That would be the same thing in a different guise. Please read my
> article again and attempt to comprehend what I am saying. It would
> truly help your comprehension if you failed to react in a Pavlovian
> manner to it.
> 
> > By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> > Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
> 
> The clue to be gotten is yours. I never implied or intended such a
> misunderstanding.
> ------
> Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> A philosopher called on Nasrudin and found him away from home. Infuriated, 
> he wrote 'Stupid Oaf' on his door. As soon as Nasrudin got home and saw this,
> he rushed to the philosopher's house. "I'd forgotten", he said, "that you 
> were to call. And I apologize for not having been at home. I remembered 
> our appointment as soon as I saw that you'd left your name on my door..."
> 
> 
> 






From smith at sctc.com  Wed Nov 13 14:31:40 1996
From: smith at sctc.com (Rick Smith)
Date: Wed, 13 Nov 1996 14:31:40 -0800 (PST)
Subject: Validating SSNs
Message-ID: <v01540b09aeaff516ed6d@[172.17.1.61]>


At 4:13 PM 11/13/96, Black Unicorn wrote:

>Exercise for the reader:  How does the bank verify SSNs?

OK, I'll bite.

My guess is that the bank sticks the SSN in a report to the IRS and the
bank is happy with the SSN as long as the IRS doesn't complain about it.

Now, does the IRS check? I suspect that they don't, either. Their objective
is to look for "matches" with SSNs that show up on filed tax forms, since
they want to verify the data on the tax form. Given the behavior of every
other large database I've ever seen, I'd guess that there would be a huge
number of SSNs that don't in fact associate with tax forms. If someone High
Up hasn't decreed that they should chase such things down (and allocated
heaps of money to do it), they'll ignore the mismatches.

This seems consistent with the reports of people who use bogus SSNs for
decades at a time.

Rick.
smith at sctc.com







From aba at dcs.ex.ac.uk  Wed Nov 13 14:35:33 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Wed, 13 Nov 1996 14:35:33 -0800 (PST)
Subject: pgp3
In-Reply-To: <199611131217.NAA19213@internal-mail.systemics.com>
Message-ID: <199611131606.QAA00513@server.test.net>



Gary Howland <gary at systemics.com> writes:
> Raph Levien <raph at cs.berkeley.edu> writes:
> [...]
> > Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
> > 2.6.? distribution. I'm doing an independent implementation of the PGP
> > 2.6 message formats, and found this document unclear in a few spots. For
> > example, can anyone else figure out the weird CFB variant mode from this
> > document? I used a debugger on the PGP code to help me figure it out.
> 
> Exactly - I spent ages on the same thing.  Then there's the problem that
> packet length headers must be specific lengths for various types (eg.
> key certificates must have a 2 byte length, even if only one is required).
> It is also not clear what the exported key certificates should contain,
> the spec simply mentioning that there should be no trust packets etc. etc.
> 
> > The PGP 3.0 "spec" that you're referring to is actually a draft for a
> > PGP library API. A couple of those got circulated on some PGP mailing
> > lists, but none have been publicly released, another example of the
> > secrecy surrounding the whole PGP effort.
> >
> > Now that PGP Inc. is happening, it's not exactly clear whether the PGP
> > 3.0 release is going to include an API closely resembling these drafts.
> 
> I agree with your comments.  For example, we are developing PGP compatible
> libraries in both Perl and Java, and are going to add SHA, Blowfish, T-DES,
> etc.,

I guess you've seen Zbig Fiedorowicz's unofficial SHA-1 patch.  Yet I
am not sure that what Zbig has will remain compatible with PGP3.  The
RFC document says that hashes can be added.  Zbig just chose the next
integer, which seems likely.  The padding to use in RSA signatures
seems less likely that it will be compatible.  Zbigs SHA-1 padding is
described in his docs as being:

+ #ifdef SHA1
+ static byte sha1_asn_array[] = {      
+       0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,
+       0x05,0x00,0x04,0x14 };
+ /*
+ Taken from Internet Draft draft-ietf-cat-spkmgss-06,
+ "The Simple Public-Key GSS-API Mechanism (SPKM)", by
+ C. Adams, Bell-Northern Research, Jan. 19, 1996.  See
+ also "Working Implementation Agreements for Open Systems
+ Interconnection Protocols: Part 12 - OS Security, Output
+ from  the   December  1994   Open  Systems   Environment
+ Implementors' Workshop (OIW)" 
+ 
+          SHA1 OBJECT IDENTIFIER ::= {
+             iso(1) identified-organization(3) oiw(14) secsig(3) 
+             algorithm(2) 26 
+          }
+ ASN.1 encoding:
+   0x30, / * Universal, Constructed, Sequence * /
+         0x21, / * Length 33 (bytes following) * /
+                 0x30, / * Universal, Constructed, Sequence * /
+                 0x09, / * Length 9 * /
+                         0x06, / * Universal, Primitive, object-identifier * /
+                         0x05, / * Length 5 * /
+                                 43, / * 43 = ISO(1)*40 + 3 * /
+                                 14,
+                                 3,
+                                 2,
+                                 26,
+                         0x05, / * Universal, Primitive, NULL * /
+                         0x00, / * Length 0 * /
+                 0x04, / * Universal, Primitive, Octet string * /
+                 0x14 / * Length 20 * /
+                         / * 20 SHA.1 digest bytes go here * /

> along with a better key ring format, encrypted key rings, and
> features such as key generation from a passphrase, and we would very
> much like to remain compatible with the new PGP, but how can we when
> there is so little information available?  I think we need a forum
> to discuss PGP development issues - I would be happy to set one up
> if there was interest.

encrypted key rings are a Good Idea.  I think PGP3 does this, so I
guess you are interested in doing it in a compatible way.  (premail
provides a `secrets' file.  I think it would be useful to generalise
this facility so that other programs could use this facility.) 

Adam

ps I also picked apart the weird IDEA cfb, (using the code, and not the
docs), for this:

$n=($m=4**8)+1;sub M{$_[0]%=$m}sub N{$_[0]=(($z=($K[$o++]||$m)*($_[0]||$m))-$n*
int$z/$n)%$m}sub A{N$A;M$B+=$K[$o++];M$C+=$K[$o++];N$D}sub I{use integer;($x=
pop)<2?$x:0+($v=$n/$x,$y=$n%$x,$u=1,do{$q=$x/$y,$x%=$y,$u+=$q*$v,$q=$y/$x,$y%=
$x,$v+=$q*$u while$y>1&&$x>1},$x<2?$u:$n-$v)}$x=unpack"B*",pack H32,$k;@K=
unpack n52,pack"B*"x7,map{substr$x x7,$_*25,128}0..6;sub E{($A,$B,$C,$D,$o)=
unpack n4,$_[0];map{A;$c=$C;$C^=$A;$b=$B;$B^=$D;M$B+=N$C;M$C+=N$B;$A^=$B;$D^=$C
;$B^=$c;$C^=$b}1..8;A$B^=$C^=$B^=$C;pack n4,$A,$B,$C,$D}$_=<>;if($d){
s/..(.{8})//,$i=$1}else{$i=pack H16,$i;$j=substr$i,6,2;print$i^=E,substr$j^=E(
$i),0,2;$i=~s/../$'$j/}print substr$d?E($i)^($i=$&):($i=E($i)^$&),0,length$&
while s/.{8}|.+//s

(what is it?  PGP compatible CFB mode IDEA, which I (and another perl
hacker) were playing with a while ago, the idea being to do a PGP
compatible minimal script, not very small so far though :-( Combine
that with the already existing 2 lines of RSA in perl/dc (or perhaps 4
lines of RSA in pure perl), another 7 lines of MD5, a bit of keyring
access glue (maybe borrowed from Mark Shoulsen's pgpacket.pl), and
you'd have the ability to access PGP keyrings, with encrypted keys,
and do RSA/IDEA encryption.  You wouldn't be far off RSA signatures
either.  Maybe it would all come out under 2048 characters (a
precondition for a perl most interesting obfuscation contest).  Not
got around to finishing it yet though.)





From rah at shipwright.com  Wed Nov 13 15:01:55 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 13 Nov 1996 15:01:55 -0800 (PST)
Subject: Financial Cryptography and the Theory of International Relations
Message-ID: <v03007877aeb00162ae5b@[206.119.69.46]>



--- begin forwarded text


Date: Wed, 13 Nov 1996 15:32:34 -0500
From: Robert Hettinga <rah at shipwright.com>
Subject: Financial Cryptography and the Theory of International Relations
X-Sender: rah at pop.tiac.net
To: IRTHEORY_LIST <irtheory_list at unimelb.edu.au>
MIME-version: 1.0

Somebody asked me, regarding my posting here of the Digital Commerce
Society of Boston meeting announcement (DCSB: Money Laundering -- The
Headless Horseman of the Infocalypse):

>Yes, I would like you to explain.  Just what does this have to do with the
>theory of international relations?

People like the attorney "Black Unicorn" are interested in the
international application of the technology of strong cryptography; in
particular, strong financial cryptography. See <http://www.vmeng.com/rah/>,
for pointers to more information on this, which I include here by reference.

The short answer is, what happens if nation states can't fund themselves
anymore because the cheapest transaction method available (cheaper by
several orders of magnitude in lowered transaction and distribution costs)
involves anonymous digital "cash" settlement?  To quote something someone
said in a Harvard Law seminar list a couple of years ago, "What happens
when taxes become a tip?".

The strongest financial cryptography protocols (like those invented by
David Chaum of Digicash, or Mark Manasse of DEC, or Adi Shamir of RSA) use
no book-entries whatsoever, which means no audit trails, which in turn
means no book-entry taxes, like, say, those on income, or capital gains, or
sales.

In addition, what happens when we can effect the sale of financial assets
with the digital equivalent of old-fashioned bearer certificates, which use
the same cryptographic technology? The centralization of capital markets
may become a thing of the past. Centralized markets for *anything* may
become a thing of the past.  The nation-state's ability to reallocate
income, criminally, ala Amin or Mobutu, or otherwise, is severely limited
in this scenario, certainly. :-).


With anonymous voting protocols, you can have anonymous (or, more
correctly, perfectly pseudonymous) control of financial assets. Possible
damage to one's reputation (pseudonymous or not) works just fine to prevent
the non-repudiation of cash-settled transactions, so the power of nation
states aren't even necessary to regulate commerce, really. The only thing
left that nation states do is physical security, or the "rational"
application of force, which can probably be handled privately, particularly
if nation states can't command the payment of taxes for this service anyway.

Which brings me to the current discussion here about the imploding
pseudo-states of Africa. What we're witnessing right now is the
re-emergence of tribal groups as the common political denominator. Nation
states based on those groups are likely. However, I also expect that this
process of literal dis-integration will continue, but recursively, as it
becomes more and more possible for ordinary people to use information (like
asset pricing, the returns on those assets, or the technical knowlege to
profitably control those assets) once only found at the top of large
industrial hierarchies like multinatioal corporations and nation states.
That information will be applied to smaller and smaller economic units as
processor prices continue to fall.

That is, large groups of the same ethnic nationality will be created on the
rubble of the old colonial boundries, which the cold war propped up for the
last 50 years. However, those large groups will continue to factionalize as
access to western-style economic activity increases. The continuing
ubiquity of the internet can only increase this process, especially if the
promise of financial cryptography survives the test of economic reality.

I expect that as financial technology like the above is introduced, the
ability of political and business elites to hold together large
hierarchical entities, like the modern nation-state or multinational
corporation, will continue to deminish. The ability for anyone to get paid
for their work, no matter where they are, and to work where they live,
probably in a peer-to-peer economic relationship with the buyer of their
work, who may well live on the other side of the world, will create much
less reliance on geography as capital, which were the hallmarks both
agrarianism and industrialism. Both of which, by the way, created cities,
and then the nation state, in the first place.

Whew. Clear as mud. Oh, well. Besides stirring things up more than a little
bit, does that answer your question?

;-).

Cheers,
Bob Hettinga



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From andrew_loewenstern at il.us.swissbank.com  Wed Nov 13 15:07:47 1996
From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern)
Date: Wed, 13 Nov 1996 15:07:47 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611132053.MAA05389@toad.com>
Message-ID: <9611132307.AA00578@ch1d157nwk>


Sean Roach writes:
>  Cypherpunks try to break each others crypto as well, in an
>  attempt to evolve crypto to the point that it is not crackable.

I would like to chime in and say that this point will never be reached.  Each  
revision of software potentially contains new chinks in the armor.  Eternal  
Vigilance is not only the price of freedom, but security as well.


andrew





From dave at kachina.jetcafe.org  Wed Nov 13 15:20:59 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Wed, 13 Nov 1996 15:20:59 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611132320.PAA17335@kachina.jetcafe.org>


> It's not a way of saying I don't understand. Instead, I find your
> viewpoint incomprehensible and internally inconsistent.

Which, of course, means that there is nothing to understand...for you.
However, I do observe that there are meanings in things I, myself,
find both incomprehensible and inconsistent. Just because I am unable
to understand does not mean that there is no understanding to be had.
I am not that important. Are you?

> In fact, you Freedom Knight folks seem to be closet censors yourself. Why
> do you support not carrying newsgroups like alt.config?

I never have supported or opposed alt.config. I have said that it is
meaningless, but that was after I understood its purpose. ;-)

> Yes, ownership gives you a license to censor. I'm going to have a party in
> my home a few weeks from now. If I don't like what someone is doing, I'll
> kick 'em out. I won't do it lightly, but I will fight for my right to do
> so.

Of course, you may invite anyone you choose, since a party is usually
had by inviting people whom you select. If you invite them and then
subsequently kick them out when they do things you do not want them to
do, I will chastise -you- (if I am present) for your lack of judgement
in whom to invite. Their behavior would merely something to learn
from, yours would be fashionably dishonorable.

BTW, "Kicking them out" is not censorship. A party and a mailing list
are usually two different things. The former may include the latter,
but the latter is not anything like the former.

> Oh, and I plan to subscribe to the freedom-knights mailing list and infest
> it the way Vulis did cypherpunks. Every hour, on the hour, a crontab
> script will flood it with rants about Dave (fart) Hayes.

You won't do this, because I won't let you on the list. I, unlike you
or Mr. Gilmore, have the judgement on whom to invite to my list.

> What will you do then?

Even if you did such a thing, I have a mail filter. Your messages
would be unceremoniously discarded. 

Have you learned nothing from USENET? 
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Ask the American public if they want an FBI Wiretax and they'll say 'no.'  
If you ask them do they want a feature on their phone that helps the FBI find 
their missing child they'll say, 'Yes.'"
          - FBI Directory Louis Freeh, on Digital Telephony, US House
            (Subcmte. on Telecommunications & Finance) hearing on the Digital
            Telephony bill, 09/13/94).










From markm at voicenet.com  Wed Nov 13 15:33:17 1996
From: markm at voicenet.com (Mark M.)
Date: Wed, 13 Nov 1996 15:33:17 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611131951.LAA16239@kachina.jetcafe.org>
Message-ID: <Pine.LNX.3.95.961113180904.2109A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 13 Nov 1996, Dave Hayes wrote:

> Logically, we must conclude that those who frequently and repeatedly
> cry for the censorship or removal of any source of input from
> cyberspace are either:
> 
> 	-quite clueless about the tools at their disposal
> 	-ideologically or personally opposed to the source of input
> or	-in need of large amounts of attention from others

You are misinformed.  Vulis was _not_ prevented from posting to cpunks, thus
no source of input was removed.  He was simply removed from the distribution
list.  He can still read and post to the list.

> Idelological opposition is another matter entirely. To understand this
> better, we'll need to observe this in action. Here is an example:
> 
> >        Vulis portrays himself as a victim, but as I posted to the list
> >    last week, I disagree. Anyone who's spent any time on the
> >    100-plus-messages-a-day list can read for themselves the kind of nasty
> >    daily messages that came from Vulis's keyboard. 
> 
> "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> this standard may in fact be shared by Mr. Gilmore, however a shared
> standard is not necessarily an appropriate or correct standard. 

The messages were, in addition to being "nasty", extremely off-topic.
"Off-topic" is much less subjective than "nasty".

> Notice how, once the opposition is admitted to, the rationalization
> begins. Suddenly this is not a matter of censorship, but of ownership.

That's because it is an issue of ownership and not of censorship for reasons
stated above.

> Just as suddenly, the classic anti-free-speech arguments of "if you
> don't like it, start yer own" begin to surface. (Anyone ever notice
> how this resembles the "love it or leave it" mentality of certain
> American patriotic organizations?)

Governments maintain a monopoly on land, so the "love it or leave it" mentality
is flawed.  Virtual space does not have the same limitations as physical
space.  Starting your own mailing list is relatively easy.

> Notice that the net is compared to a home or private club. Actually
> the net is neither, however that would not serve the purposes of this
> analogy, so this fact is convienently forgotton. 

Is the net analogous to a country?  If not, then why did you compare starting
a mailing list to moving to a different country?

> Value to whom and for what? If the editorial control produces one
> small element of the set of all ideologies, then this is only of value
> to the people who support this ideology. Given that the set of 
> people who support an issue is smaller than the set of people
> who support and oppose an issue, would the value not increase
> by allowing both sides of an issue equal speaking time? 

Even if this was an issue of preventing someone from posting, which it isn't,
this argument still doesn't hold up.  There is plenty of dispute about what
is on-topic on cypherpunks, but I doubt many people believe character
assassinations are very on-topic.  If someone wants to speak in favor of
Clipper or ITAR, then it would be wrong to censor this person.  However, if
a charter, whether formal or informal, is to even exist, then it should be
enforced.

> It is sad to note that this is the leader of one of America's
> forerunning organizations of freedom who says these words. For all
> *his* ideology of free speech, this statement reveals the hypocrasy he
> lives with for all to see. The true litmus test of free speech is to
> encounter speech that you *want* to censor.

The EFF protects against government censorship, not against "editorial
control", "censorship", or whatever else you want to call it.  I don't
see this as hypocritical at all.

> Mr. Gilmore, and other like minded parties, might want to consider
> what would happen if one parent company owned *all* communications
> media. Would they they be so supportive of the ideology of ownership
> and communciation they espouse?

And just how plausible do you think this is?  I believe it is next to
impossible, unless it is the result of government regulation.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMopa3SzIPc7jvyFpAQFzIggAr9nx5gd8J35wq5+UUUC9lHJD9hX7wcM+
DNRaZqRUlB/Dq4Xc0rbP7O4zSIob0QVbbQlZXylQcNwdCcb0wzMD2hkw8Xg31mHQ
s8jZwONGM8ljmg8aDSB1WuTsVnmrbcXGM/Jhmc+TPLjQxFQldONl6SGXIAQ58Vt8
DgunHoAZuR6AYWd64ssIFHSVzCR6bk4kL/QJ/0kGSr2x4FHJf62GhOrG/NguF3dd
85dXgUmoI2/f2B6SkfwbHPgZZhOGPgDt2rIPLo3S2JlhTYANSLhtA2souXQAz1bX
lfnEbxt4JNmy4zwT6m244VuuNtpFbF1OL1YAaZaU/WmUXTxeIohQYw==
=FbgX
-----END PGP SIGNATURE-----






From rcgraves at ix.netcom.com  Wed Nov 13 15:51:35 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Wed, 13 Nov 1996 15:51:35 -0800 (PST)
Subject: Copyright violations
In-Reply-To: <19961112.130433.9303.1.alzheimer@juno.com>
Message-ID: <328A5ED2.3D94@ix.netcom.com>


I'm sure the article was very interesting, but I'm not even going to 
look at them anymore unless you start using more descriptive subject 
lines than the cutesie "copyright violations." At least with John 
Young's forwards, you can usually <g> guess what the article is about. 
Thanks for your support.

-rich





From wb8foz at wauug.erols.com  Wed Nov 13 15:56:48 1996
From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states)
Date: Wed, 13 Nov 1996 15:56:48 -0800 (PST)
Subject: Down-Under Bounce Attack halted
Message-ID: <199611132356.SAA31763@wauug.erols.com>


The postmaster of that AU site running the bounce attack
assures me he has been able to vanquish the daemon running
the box in question; despite the fact he did not even know it was
there ;-} [Don't ask..]


-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From rcgraves at ix.netcom.com  Wed Nov 13 16:00:51 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Wed, 13 Nov 1996 16:00:51 -0800 (PST)
Subject: Getting attention the old-fashioned way
In-Reply-To: <v03007808aead2c1a14b4@[207.167.93.63]>
Message-ID: <328A6112.3BB6@ix.netcom.com>


C Matthew Curtin wrote:
> 
> >>>>> "Tim" == Timothy C May <tcmay at got.net> writes:
> 
> Tim> Sad that journalists cater to this kind of thing. I guess
> Tim> "personality pieces" are ever so much more popular than technical
> Tim> pieces, or even careful explications of things like crypto
> Tim> anarchy and the real implications of the tecnologies we are
> Tim> involved with.
> 
> Sad, yes; surprising, no. It's been my experience that such things are
> often dependant on the journalist's audience (i.e., is it a trade rag
> like InfoWorld or the National Enquirier?)

Or for that matter, the Netly News,
http://pathfinder.com/Netly/daily/961112.html

> In any event, journalists
> (and/or their publishers) aren't usually noted for doing things that
> are interesting or important. Rather, they seem to have a preference
> for writing and publishing what will sell. (Just as is the case with
> TV talk shows, etc.)
> 
> What's worrysome is that the degenerates who concern themselves with
> nonsense are numerous enough to make sufficient demand to keep the
> mainstream press focused on such trivial matters, allowing more
> significant things to go unreported outside of the small circles from
> which they've originated.

I couldn't agree more.

Maybe I should have helped Lewis Koch out. At least he isn't a fucking 
hypocrite.

-rich





From aba at dcs.ex.ac.uk  Wed Nov 13 16:01:32 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Wed, 13 Nov 1996 16:01:32 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <A81C16F0582@frw3.kub.nl>
Message-ID: <199611131641.QAA00670@server.test.net>



Bert-Jaap <E.J.Koops at kub.nl> writes:
> On Fri, 25 Oct 1996 00:32:52 +0100, Adam Back wrote:
> [snip]
> > Also I understand, though there appears to be no available
> > documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> > nor MD5, using instead El Gamal for public key encryption and
> > signatures, 3DES (unsure?), and SHA1.
> 
> Can someone confirm that PGP3.0 will use ElGamal?

Note that part of my above post is now in need of revision as a result
of comments I received from that post.  PGP 3.0 will, it seems, still
be able to verify (and maybe even generate too?) RSA signatures, and
decrypt RSA encrytped email.  So the "will not use RSA" above is
incorrect.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From aba at dcs.ex.ac.uk  Wed Nov 13 16:05:26 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Wed, 13 Nov 1996 16:05:26 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <Pine.SUN.3.94.961113155458.2905D-100000@polaris>
Message-ID: <199611131722.RAA00682@server.test.net>



Black Unicorn <unicorn at schloss.li> writes:
> Vald Nuri <vznuri at netcom.com> writes:
> > actually, I heard this interesting rumor that Unicorn threatened
> > to sue someone who "defamed" his pseudonym. quite an amusing
> > story if true, given his last essay that talks about how he
> > created the pseudonym in the first place to avoid exactly what
> > it accomplishes, i.e. dissociating his professional identity
> > from the "lunatic anarchist" writhing beneath the surface.
> 
> You fail to not that dissociating one identity from another requires the
> existence of two identities.  Is the second any less entitled to
> protection than the first?
> 
> [...]
>
> There is no morality other than the morality of the market.  I submit that
> we do not need a central authority to dictate morality.  We need only
> individual views of morality.  There will only be as large a pornography
> market as there is a demand.  Ditto for narcotics, guns.  If the market
> believes that porn is immoral, customers, by their own moral decision,
> will reduce the market to nothing.  Of course this will not happen
> in the near future because the cost of this moral choice exceeds the
> benefit for many customers.
> 
> Why is use of the legal system any different?  If it is so wrong for me to
> use the legal system as it stands, and if I am to be the subject of
> criticism for the conduct, then aren't the critics imposing their moral
> view on me?  Isn't this what libertarian cypherpunks dislike in the first
> place?

The problem for me when people talk about suing people for slander in
net discussions is that it involves governments and laws impinging on
the internet.  Other examples of legislation interacting with the
internet have been entirely negative: some people have called for
legislation to stop "spamming", legislation to restrict pornography,
"indecent speech", etc, etc The internet in my view is best off with
the least possible government or legal interference.

It is difficult to see ways for you to stop people intentionally
damaging your nym's reputation capital however.  Aside from the more
speech to fight the speech, you are left with the reputation capital
mechanisms.

If someone with a low reputation slanders someone with a high
reputation, this reduces the impact of the slander, and clueful
readers one presumes regard the derogatory statements on the part of
the slanderer as suspect.

However this still leaves the less clueful (the newbies to a
discussion group for instance), and also the chance that others are
still slightly affected by these statements.

Something else I might suggest, if a nym becomes too valuable to risk
using for posting to flame prone discussion groups, perhaps a lower
value nym could be used in such discussions.  This has disadvantages,
in that you have to start over building reputation capital, and so
forth.  But such is life.  You have another nym which you used for the
DCSB talk, and one presumes other ones for use in real world business.
You use nyms accordingly.

> If the government is going to hand me the means to curb conduct which may
> be harmful to me, why should I refuse to use it on some "moral" grounds.
> (The moral grounds might consist of "well it's not a nice thing to do." 
> but other than that, I am at a loss to identify them precisely).

There are plenty of people with a wont to sue people for all sorts of
things.  Many of them would do so on much less grounds than perhaps
you might.  Some get pretty groundless, in fact.  Colin James III
being one example.  (Erk, may be I ought to be using a nym here, I
hear he scans newsgroups, but hopefully not mailing lists)

It stifles discussion to bring real monetary threats behind peoples
words.  It is also in some sense a call to outside authority,
something which I resent.  For instance many of the people CJ III has
harrased from my reading have suffered considerable inconvenience.  No
need to mention a certain pseudo-religious organisation which has made
extensive use of law suits for the purpose of harrassing it's
dissenters.

Now I'm sure the idea of slander law suits is to stop the slander,
recompense for damages etc. but it is a thing prone to misuse, and
balanced in favour of those with money.

Someone who is using a nym, and for purposes including avoiding the
possibility of frivolous law suits, to suggest suing someone who
slanders this nym is not that productive I think.  The slanderer may
also adopt the same strategy, and adopt their own nym!  

Nym sues nym.  I think not.  An alternate view of slander law suits is
as a way to encourage the use of Nyms.  Certainly the dissenters of
the unnamed pseudo religious have learnt the value of nyms, remailers
and so forth.  There are distinct advantages to nyms.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From apache at quux.apana.org.au  Wed Nov 13 16:11:30 1996
From: apache at quux.apana.org.au (apache)
Date: Wed, 13 Nov 1996 16:11:30 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <199611131240.NAA19255@internal-mail.systemics.com>
Message-ID: <Pine.LNX.3.91.961114103151.10289A-100000@quux.apana.org.au>


On Wed, 13 Nov 1996, Gary Howland wrote:

> > o TAXES THOUGHT EXPERIMENT
> > 
> >  1) I generate $100 of productivity for my company
> >  2) Company is taxed %30, $70 left
> >  3) Company pay shareholders and costs, $30 is left
> >  4) Company pays me
> >  5) I pay 40% in taxes, so $18 left
> >  6) With $18 I can buy a $16.82 object (%07 sales tax).
> > 
> > Results:
> >  1) I see $16.82 realization from $100 productivity increase.
> >  * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.
> 
> The government gets $59.26, not $49.26 (30+16+12+1.26).
> That leaves you with 16.74 (not 16.82) - they get nearly four
> times as much.
> 
> In other countries the situation may be worse, not only due to different
> rates of tax, but because of social security contributions, employers tax,
> and the like.

... fuel tax, land tax, land rates, enviromental levy, gun buyback 
surcharge, 100% tabaco tax, alcohol tax, vehicle registrations, new tyre 
tax, licences & permits, sales tax, payroll tax, dog tax, airport exit 
tax, drivers tax, compulsory workers compensation tax, superannuation 
tax, medicare tax, income tax, capital gains tax, national parks tax, 
luxury goods tax (funnily enough bras are included as luxury 
goods..what'dya think girls?) ... just to name a few..a very few 








From AwakenToMe at aol.com  Wed Nov 13 16:14:51 1996
From: AwakenToMe at aol.com (AwakenToMe at aol.com)
Date: Wed, 13 Nov 1996 16:14:51 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <961113191357_2080753704@emout12.mail.aol.com>


In a message dated 96-11-13 18:35:35 EST, FWJZ05A at prodigy.com (CLERK PHILLIP
G ROBERTS) writes:

<< unsubcribe cypherpunks
  >>
Ok.. thisd is IT! Im going to start keeping a log of how many people actually
spell unsubscribe wrong. God.. I thought the average person was more
literate. Id HATE to ask these people how to spell wednesday or arkansas






From assar at pdc.kth.se  Wed Nov 13 16:22:56 1996
From: assar at pdc.kth.se (assar at pdc.kth.se)
Date: Wed, 13 Nov 1996 16:22:56 -0800 (PST)
Subject: pgp3
In-Reply-To: <199611131217.NAA19213@internal-mail.systemics.com>
Message-ID: <5lohh1bk5b.fsf@assaris.sics.se>


Gary Howland <gary at systemics.com> writes:
> > > 1991  I   D. Atkins, W. Stallings, P. Zimmermann, "PGP Message Exchange
> > >            Formats", 08/16/1996. (Pages=21) (Format=.txt)
> 
> Hmm - I don't know I managed to make this post - I had started writing
> a reply, but exited my mailer, and for some reason it decided to send a
> cut down version of the unfinished mail anyway ...
> 
> > Nope. This RFC is merely a rehash of the pgformat.doc file in the PGP
> > 2.6.? distribution. I'm doing an independent implementation of the PGP

There are some parts of pgformat.doc that are not included in RFC1991,
especially the packets on the key ring.

> > 2.6 message formats, and found this document unclear in a few spots. For
> > example, can anyone else figure out the weird CFB variant mode from this
> > document? I used a debugger on the PGP code to help me figure it out.

That took quite some time for me to figure out...

> Exactly - I spent ages on the same thing.  Then there's the problem that
> packet length headers must be specific lengths for various types (eg.
> key certificates must have a 2 byte length, even if only one is required).

As far as I remember:
CTB_PUBLIC_KEY_CERTIFICATE and CTB_SIGNATURE are always 2 bytes
CTB_KEYRING_TRUST and CTB_USER_ID are always 1 byte

> information available?  I think we need a forum to discuss PGP development
> issues - I would be happy to set one up if there was interest.

Sounds like a good idea

/assar





From rcgraves at ix.netcom.com  Wed Nov 13 16:51:10 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Wed, 13 Nov 1996 16:51:10 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.SUN.3.91.961113103859.18273A-100000@eff.org>
Message-ID: <328A6CE3.7EB@ix.netcom.com>


Declan McCullagh wrote:
> 
> If Vulis thinks I did an "excellent job," then perhaps I should have
> criticized him more harshly.

No, you should have ignored the story, because there wasn't one. It's 
quite rich that your story criticizes journalists for doing exactly what 
you did: give Vulis far more attention than he deserves. In case you've 
forgotten what you wrote:

                 What does Vulis's ouster
               mean to the community that
               sprang up around this mailing
               list, of which he had been a
               member for nearly three
               years? Many of his peers think
               he did it for attention or
               notoriety; one longtime
               list-denizen declined to be
               interviewed for fear of
               encouraging him. (If that's his
               goal, he's already succeeded.
               Will Rodger from Inter at ctive
               Week and Lewis Koch from
               Upside Magazine are writing
               about this.) 

As much as I'm tempted, I believe no further comment is necessary.

-rich





From unicorn at schloss.li  Wed Nov 13 17:09:51 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 13 Nov 1996 17:09:51 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <199611131804.NAA26899@charon.MIT.EDU>
Message-ID: <Pine.SUN.3.94.961113200754.4470C-100000@polaris>


On Wed, 13 Nov 1996, Derek Atkins wrote:

> hi,
> 
> > > Also I understand, though there appears to be no available
> > > documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> > > nor MD5, using instead El Gamal for public key encryption and
> > > signatures, 3DES (unsure?), and SHA1.
> > 
> > Can someone confirm that PGP3.0 will use ElGamal?
> 
> The PGP 3.0 code that I've been working on has support for:
> 	IDEA, 3DES
> 	MD5, SHA1
> 	RSA, DSS, ElGamal
> 
> It does not discontinue support for the PGP 2.6.2 algorithms.  It adds
> support for new ones.

Absolutely outstanding.

> 
> -derek
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Wed Nov 13 17:10:44 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 13 Nov 1996 17:10:44 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611131722.RAA00682@server.test.net>
Message-ID: <Pine.SUN.3.94.961113200235.4470B-100000@polaris>


On Wed, 13 Nov 1996, Adam Back wrote:

> 
> Black Unicorn <unicorn at schloss.li> writes:

[Market discussion]

> > Why is use of the legal system any different?  If it is so wrong for me to
> > use the legal system as it stands, and if I am to be the subject of
> > criticism for the conduct, then aren't the critics imposing their moral
> > view on me?  Isn't this what libertarian cypherpunks dislike in the first
> > place?
> 
> The problem for me when people talk about suing people for slander in
> net discussions is that it involves governments and laws impinging on
> the internet.  Other examples of legislation interacting with the
> internet have been entirely negative: some people have called for
> legislation to stop "spamming", legislation to restrict pornography,
> "indecent speech", etc, etc The internet in my view is best off with
> the least possible government or legal interference.

Let's sum this up.  Government intervention via law suits is a bad thing.

[...]

> Now I'm sure the idea of slander law suits is to stop the slander,
> recompense for damages etc. but it is a thing prone to misuse, and
> balanced in favour of those with money.

And this:
Law suits (and thus government intervention) are prone to abuse.

> Someone who is using a nym, and for purposes including avoiding the
> possibility of frivolous law suits, to suggest suing someone who
> slanders this nym is not that productive I think.  The slanderer may
> also adopt the same strategy, and adopt their own nym!  

And this:
Use of law suits may expand the use of nyms.

> Nym sues nym.  I think not.  An alternate view of slander law suits is
> as a way to encourage the use of Nyms.  Certainly the dissenters of
> the unnamed pseudo religious have learnt the value of nyms, remailers
> and so forth.  There are distinct advantages to nyms.

You just made my argument for me.

Again, have to use the system to expose its flaws.

Same thing with privacy.  It is one thing to suggest that people respect
privacy because it is the "right thing to do."

Isn't it much more productive to make privacy unviolable from the
beginning via technology?

Readers might note that one of the result of my settlement agreement with
a certain flamer who decried the use of nyms (among other things) was this
flamer's eventual resort to the use of a nym.

Interesting lesson that, I believe.

You have to impose the price to get efficency.

> Adam
> --
> print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From Bryondp at aol.com  Wed Nov 13 17:27:52 1996
From: Bryondp at aol.com (Bryondp at aol.com)
Date: Wed, 13 Nov 1996 17:27:52 -0800 (PST)
Subject: [TEST] [IGNORE] [NOISE]
Message-ID: <961113202708_1418929826@emout02.mail.aol.com>


take me off this fucking list





From rcgraves at ix.netcom.com  Wed Nov 13 17:44:12 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Wed, 13 Nov 1996 17:44:12 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961113061359.725B-100000@well.com>
Message-ID: <328A7AEB.4C6D@ix.netcom.com>


Declan McCullagh wrote:
> 
> On Tue, 12 Nov 1996, Bill Frantz wrote:
> > There is a serious error here.  Gilmore did nothing to prevent Vulis 
> > from posting to the list.  He only prevented Vulis from receiving 
> > the list under his own name.  And, the as hominem attacks continue.[...]
> The point I was trying to make at the end and that I may not have done
> very successfully is that it would be very difficult to prevent Vulis 
> from *posting* to the list under his name; he then could do it through
> remailers. And blocking remailers is unacceptable. So how does one 
> kick someone else out of a forum where anonymous speech is allowed?

Simple. Filter by content without admitting that you are doing so. Libel 
people. Suppress discussion.

In short, do precisely the opposite of what Gilmore has done.

I had been assuming, incorrectly, that the fight-censorship list was 
still down because of the hard drive crash on vorlon. As a matter of 
fact, I see that volume 2, issue 4 of the fight-censorship digest 
contains a message from me, though without credit.

If you have a problem with the below, please discuss the matter 
publicly, as Gilmore has discussed Vulis publicly.

|>>>> subscribe fight-censorship
|Your request to Majordomo at vorlon.mit.edu:
|
|        subscribe fight-censorship Richard Charles Graves 
|<llurch at networking.stanford.edu>
|
|has been forwarded to the owner of the "fight-censorship" list for 
|approval.

-rich





From ddt at pgp.com  Wed Nov 13 18:06:55 1996
From: ddt at pgp.com (Dave Del Torto)
Date: Wed, 13 Nov 1996 18:06:55 -0800 (PST)
Subject: December Cypherpunks Meeting at PGP Inc.
Message-ID: <v03100700aeb01f4617c4@[205.180.136.70]>


Cypherpunks December Meeting Notice (1 of 3)

I'm pleased to announce that PGP Inc will be hosting December's Cypherpunks
physical meeting at our offices in Redwood Shores (mid-peninsula). We
really hope to see you here physically, both to present existing/new topics
and projects and also to briefly check out what we're doing.

If you want to mark your calendars in advance (there'll be two more
reminders), here's the basic info:

HOST:

 Pretty Good Privacy, Inc.  (Dave Del Torto)

TIME:

 14 December 96 (Saturday)
 12 Noon - 6 PM

LOCATION:

 Pretty Good Privacy, Inc.
 555 Twin Dolphin Drive
 Suite 570
 Redwood Shores CA 94065
 USA
  (directions will follow in the next reminder)

Please email me your presentation ideas as soon as possible so I can draw
up the agenda for everyone (including some idea of how much time you think
you'll need). We'll provide a fast TCP/IP hookup, a workstation
(Win95/Mac/UNIX) as needed, an RGB projection device, an overhead projector
for transparencies/etc, and any other reasonable equipment you might need
(assuming you warn us at least a week in advance).

Bagels/Chips will be provided by us, but bring your own beverages. We will
pause for a "keysigning moment" near the end of the meeting.

If anyone has any early questions, please contact me via email, telephone
or even PGPfone (by appointment). My key is available via the URL in the
header above.

   dave


________________________________________________________________________
Dave Del Torto                                      +1.415.65432.31  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web







From dlv at bwalk.dm.com  Wed Nov 13 18:11:33 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 18:11:33 -0800 (PST)
Subject: New Linux-IPSEC mailing list for the S/WAN project
In-Reply-To: <847920468.54210.0@fatmans.demon.co.uk>
Message-ID: <6q2cXD2w165w@bwalk.dm.com>


paul at fatmans.demon.co.uk writes:
> > I've got more interesting things to do than read "deeper" into
> > your ignorant drivel.
>
> Can you say "fuckhead" ? - pull yourself together and get a life.
>
> Besides which I think one could hardly call my posts "ignorant
> drivel" given that the sum total of information in your own postings
> adds up to "Tim May is an Russian jew who knows nothing about
> cryptography".
>
> If you had more interesting things to do you would be doing them
> rather than posting off topic rants and lies to the cypherpunks list.

I don't think Timmy May is a Jew.  I think he's way too stupid to be
suspected of being a Jew.  Also he's make many anti-Semitic remarks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Wed Nov 13 18:12:04 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 13 Nov 1996 18:12:04 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130331.TAA28661@netcom11.netcom.com>
Message-ID: <8H2cXD1w165w@bwalk.dm.com>


"Vladimir Z. Nuri" <vznuri at netcom.com> writes:
> one noted proponent of pseudonymity, whom we will merely call "Timmy",
> regularly takes great glee in misattributing my own posts to some
> deranged crackpot running loose in cyberspace.

Correcttion: one of Timmy May's (fart) many stupid lies is his often-repeated
claim that V.Z.Nuri is a tentacle of one L.Detweiller. LD is no "deranged
crackpot" - he knows a lot more about cryptography and free speech than
net.scum like Timmy May (fart) and John "Hitler-like leader" Gilmore.

> of respecting my identity? suppose I really was this person--
> shouldn't Timmy's position be one of respect for my use of
> a pseudonym? of course he is too immature and feebleminded to

Ritalin-induced brain damage?

> even consider this discrepancy in his philosophy. cpunks are
> not known for having coherent philosophies that answer simple
> questions of actions in the face of quandaries. the basic
> cpunk philosophy, as amply illustrated by 2/3 of its founders, is
> "look out for #1 only, and don't waste time on something as
> inane as selfless public service or leadership"

Cypherpunks are full of shit.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From gbroiles at netbox.com  Wed Nov 13 18:29:45 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Wed, 13 Nov 1996 18:29:45 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <3.0b28.32.19961113183614.00b33c10@ricochet.net>


At 07:31 PM 11/12/96 -0800, Detweiler/VZ Nuri wrote:
>actually, there are some amusing things going on here with cpunk
>"rules." are cpunks in favor of pseudonyms or not? one famous
>cpunk madman wrote under a pseudonym to the list, and many
>cypherpunk went to great lengths to try to derive his identity.
>is this a case of respecting pseudonyms? or is it more a case of
>the double standard at best, hypocrisy at worst, 
>"respect my pseudonyms, but yours are fair game"?

You've neglected to mention that your (e.g., "the madman's") messages were
criticizing the use of pseudonyms, and the use of more than one identity by
an individual person. You've also neglected to mention that you (a single
person) were using multiple identities to argue that multiple identities
were harmful.

In general, you're conflating several positions:

1. Fluid identities (e.g., imprecise or unregulated mapping between
personas and flesh-and-blood bodies) cannot be prevented;

2. Fluid identities should be tolerated;

3. Fluid identities should be encouraged.
  
>one noted proponent of pseudonymity, whom we will merely call "Timmy", 
>regularly takes great glee in misattributing my own posts to some 
>deranged crackpot running loose in cyberspace. is this a case
>of respecting my identity? suppose I really was this person-- 
>shouldn't Timmy's position be one of respect for my use of
>a pseudonym?

I can't speak for Tim, but your messages do cause me to consider these
ethical questions - e.g., is it more important to focus on what you've
argued (that multiple identities are bad), or what you're doing (using
multiple identities), or on a "politeness" principle, e.g., that
gentle[wo]men don't reveal each other's identities.

Arguments about a "right to be pseudonymous" are as problematic as the
recent "free speech" arguments, where the identity of the right isn't so
much in question as is who it is enforceable against - e.g., I can't force
someone else to let me use their stuff to speak freely. Can I force someone
else (not only with law, but with appeals to morality or contract or
politeness or other forms of nongovernmental regulation) to address me by a
chosen pseudonym, or prevent them from linking multiple identities? 

I think there is (or should be) a "politeness norm" which limits linking
between identities, just as I see one which limits the disclosure of other
personal data; I don't give out other people's home phone numbers to third
parties, I don't pass along the identity of a person's "significant other"
or home address, and otherwise try to let each person choose how much they
want to disclose about their personal lives to the rest of the world. And I
hope that they will do the same for me. It's not especially unusual for
folks on the list to use abbreviated or pseudonymous identities; but the
"strength" of these is limited as we meet each other in person, do business
with each other, etc. It's difficult to form a strong relationship without
getting to know others, but it's difficult to preserve privacy and let
someone get to know you. A principle which preserves both values (privacy
and disclosure) seems useful.

But I also think that politeness norms are limited in their applicability -
in particular, I also think it's useful to subject other people to the
rules they propose should be applicable to everyone. This is a good way to
try out proposed rules, and in some cases to help people understand why
their rules are stupid. You have written that the use of pseudonyms and
multiple identities is wrong. So I think it's reasonable to expect you to
live up to the standards you've argued should be applied to all people. So
you don't get the benefit (at least from me) of the politeness norms about
pseudonyms. If you've changed your mind about the morality of
"pseudospoofing", by all means, let me know. 

I believe that you are familiar with the "subject others to their own
rules" rule, because it is the rule you're using/have used to justify your
use of multiple identities, hmm? 

>the basic
>cpunk philosophy, as amply illustrated by 2/3 of its founders, is
>"look out for #1 only, and don't waste time on something as
>inane as selfless public service or leadership"

I suspect you intended this as some sort of indictment, but I don't know if
you'll get a lot of disagreement (or even surprise). This philosophy seems
to be at the core of much libertarian thought and free-market economics,
two themes which are popular on the list. I think it's far too
old-fashioned to qualify as "cypherpunk", but you're in the wrong place if
you're hoping to insult someone by saying that. 

--
Greg Broiles                | "In this court, appellant and respondent are the
gbroiles at netbox.com         |  same person. Each party has filed a brief."
http://www.io.com/~gbroiles |  Lodi v. Lodi, 173 Cal.App.3d 628, 219 Cal.
                            |  Rptr. 116 (3rd Dist, 1985)






From haystack at cow.net  Wed Nov 13 18:52:08 1996
From: haystack at cow.net (Bovine Remailer)
Date: Wed, 13 Nov 1996 18:52:08 -0800 (PST)
Subject: No Subject
Message-ID: <9611140239.AA16352@cow.net>


Foulmouthed Timothy May rehashes his lies like a rabid parrot
choking on a stale mantra stuck in its poisonous beak.






From jw250 at columbia.edu  Wed Nov 13 19:06:51 1996
From: jw250 at columbia.edu (Jim Wise)
Date: Wed, 13 Nov 1996 19:06:51 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <v03007800aeafa43b5167@[207.167.93.63]>
Message-ID: <Pine.SUN.3.95L.961113215641.15151B-100000@ahnnyong.cc.columbia.edu>


On Wed, 13 Nov 1996, Timothy C. May wrote:

> At 10:56 PM -0500 11/12/96, Jim Wise wrote:

> >Which it does...  FWIW, I tend to agree with your general point, but I
> >moved from downtown Manhattan to Harlem recently, and was surprised to see
> >how many foodstuffs cost _more_ up here, as well as the obvious fact that
> >many are harder to get...  Junk food and cheap liquor are everywhere,
> >though...
 
> But you're conflating a separate issue: the cost of doing business in
> high-crime ghettoes. Both rich and poor alike find prices high and
> selection poor in high-crime ghettoes. Likewise, both rich and poor alike
> find prices low and selection good in low-crime, suburban locales.

I would hardly classify alphabet city as a `low-crime suburban locale'.
Much more of an issue is that the locals downtown are much closer to being
within walking distance of the higher-rent higher-income areas, so the
local bodegas must keep prices low to compete.  Up here, it's a lot
farther to an alternative, and a lot fewer people have cars, so you have a
lot fewer choices.  The result is that what choices there are can pretty
much stock what they please and charge what they please...

The issue here is much more one of the insularity of the ghetto than it's
crime rate...

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From hyperlex at hol.gr  Wed Nov 13 19:16:27 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Wed, 13 Nov 1996 19:16:27 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611140715.FAA01670@prometheus.hol.gr>


At 06:34 �� 13/11/1996 -0500, Mark M. wrote:
(in response to):
>> Just as suddenly, the classic anti-free-speech arguments of "if you
>> don't like it, start yer own" begin to surface. (Anyone ever notice
>> how this resembles the "love it or leave it" mentality of certain
>> American patriotic organizations?)


>Governments maintain a monopoly on land, so the "love it or leave it" mentality
>is flawed.  Virtual space does not have the same limitations as physical
>space.  Starting your own mailing list is relatively easy.

Not at all easy, for a lot of people. Moreover, it's very time-consuming.
It's only easy if you are prepared to put up with costs of time, money,
and also... service providers (who don't always agree with you)...

In a lot of places in the world, starting mailing lists is almost
impossible unless you can be _inside_ an Internet Provider Company
(and use Unix or whatever they use, in their own machines).




>> It is sad to note that this is the leader of one of America's
>> forerunning organizations of freedom who says these words. For all
>> *his* ideology of free speech, this statement reveals the hypocrasy he
>> lives with for all to see. The true litmus test of free speech is to
>> encounter speech that you *want* to censor.
>
>The EFF protects against government censorship, not against "editorial
>control", "censorship", or whatever else you want to call it.  I don't
>see this as hypocritical at all.

Perhaps cynical, though? :-)




>> Mr. Gilmore, and other like minded parties, might want to consider
>> what would happen if one parent company owned *all* communications
>> media. Would they they be so supportive of the ideology of ownership
>> and communciation they espouse?
>
>And just how plausible do you think this is?  I believe it is next to
>impossible, unless it is the result of government regulation.



Man you're nutts. There are very few and quite vast Media Companies
in the world, and they're on the verge of becoming monopolies.

Even your American President is in reality a puppet of the Trilateral
Commission, who effectively also control CNN, the Washington Post,
and many many many other things all over the world.

And you are saying that control of the media by ownership is
impossible?  You're far out maaan! :-)

Only in America such a naive opinion could actually be _believed_.
(here I go again... aga! :-) )

George


P.S. Even if you offered me a million dollars I'd stay away from
     your country. My sanity is much more valuable.  :-)
     (The Immigration Authorities in the U.S. have missed the point:
      We DON'T want to come to you guys. It's the last thing we'd want!)












From shamrock at netcom.com  Wed Nov 13 19:43:58 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 13 Nov 1996 19:43:58 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <Pine.SUN.3.94.961113200754.4470C-100000@polaris>
Message-ID: <Pine.3.89.9611131930.A5464-0100000@netcom14>


On Wed, 13 Nov 1996, Black Unicorn wrote:

> On Wed, 13 Nov 1996, Derek Atkins wrote:
> > The PGP 3.0 code that I've been working on has support for:
> > 	IDEA, 3DES
> > 	MD5, SHA1
> > 	RSA, DSS, ElGamal
> > 
> > It does not discontinue support for the PGP 2.6.2 algorithms.  It adds
> > support for new ones.
> 
> Absolutely outstanding.

I agree. Support for soon to be patent free algrithms is a good thing. I 
hope that in version 4.0, after the users had time to migrate to 
DSS/ElGamal, PGP will fully move away from RSA.

--Lucky





From frissell at panix.com  Wed Nov 13 20:00:41 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 13 Nov 1996 20:00:41 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <3.0b36.32.19961113223308.00c43ba4@panix.com>


At 10:14 PM 11/11/96 -0600, Igor Chudov @ home wrote:
>This is an interesting topic. I apologize if my questions are too trivial,
>but here they are: 
>
>	1) Can a person without an SSN have a credit record? Some
>	   may say that a credit record is a bad thing to have,
>	   but I am still interested in a possibility.

If you have a credit history you can have a credit record with or without
an SSN.  Millions of foreigners have credit histories without SSNs BTW.
Millions of people with wrong or false SSNs also have credit histories.
The SSA decided a few years ago not to let the credit reporting agencies
check the validity of the SSNs in their records with the SSNs in the SSA
database.

>	2) Will private lenders (such as credit card issuers or
>	   mortgage companies) agree to extend credit to a person
>	   without an SSN or to someone who refuses to give out his SSN?

Not if they are in America but those outside America will.  False SSN's may
work though falsifying mortgage applications (with a federally insured
bank) may be a crime.  Individuals can also grant mortgages however and are
free to do so without using an SSN.  

>	3) Will the state issue a driver's license to someone who does not
>	   have/does not wish to give out their SSN?

Those states that don't require SSNs will of course.  Some (most?) states
that require SSNs don't validate them.  Canadian provinces don't require US
SSNs to issue licenses.

>	4) Will states' police (where applicable) approve purchases of
>	   firearms if purchasers do not state their ssn (misstating it
>	   may be a crime) on an application?

It's been so long since I bought from a dealer.  Do the current federal
forms have a place for SSN?  

>	5) Employers are required to pay certain taxes and therefore
>	   they, in my understanding, need to know their employees SSNs.
>	   How can people get around that (unless they do not need to work)?

Lie, be self employed, or be employed by a foreign entity.  They won't be
able to verify until the new Instant Check Right to Work Verification
scheme that the Feds are testing breaks wide.  Then it's self-employment --
better for you in any case.

>	6) Can someone without an SSN obtain various kinds of insurance?

Some kinds.  Again, the numbers are rarely verified.  

Over the years, I've only seen one number be bounced back and that was
submitted to a bank by a person who did not vet the number for facial
validity.  If one institution turns you down, go to another.

>Say, John Anonymous is a young 15 years old who anticipates to become an
>engineer and have a middle class life. He wants to get married,

No problem (unless his fiance wants to run a credit check).  Even if the
marriage license app wants an SSN, just say you're a foreigner with no SSN.
 Foreigners can still marry in America.  Even if you also state on the same
form that you were born in the US, you could still be a foreigner who's
never really lived here.  "My father was the Canadian Ambassador at the time."

>have children

Still accomplished by unskilled labor totally without an SSN.  

>drive a car

Put hands on wheel and foot on gas.  Trivial.  Lie or get a foreign
license.  UK licenses are good for decades.  A dozen states (or so) still
let you operate a motor vehicle sans public liability insurance BTW and
non-drivers, corporations, other entities, in fact anyone or anything can
own a car.  You can drive a car owned by something/someone else.

>obtain insurance

Lie.  Or get insurance from a nice Swiss company.
  
>work at some big company,

A lot less of that going around these days.  Giving a false SSN may or may
not be caught.  Large companies often do credit checks these days but you
will probably survive.  If you're working at a large company as a
contractor or temp of course, your small agency may not have checked you
out much.  You can satisfy the I9 form requirements for proving right to
work by flashing your passport BTW and you can still get a passport without
supplying an SSN (in spite of the law).

>travel around the world

No problem.  The ICAO record format for the nice little machine readable
strip on passports *does* have space to place a National ID Number, but the
standards do not require that a nation issue a National ID Number and fill
that block.  The UK and the US and others have (so far) not done so.  The
US legislation (effective January 1988) that the Passport Office's
Application ask you for your SSN and forward info on refusenicks to the
Treasury Department for a possible $500 fine, specifically says that
failure to provide the number shall not be grounds for refusal by State to
issue a passport.  In practice, Treasury has not fined anyone. 

>invest in mutual funds or buy stocks

Lie, have a corporation or trust you control buy, buy overseas or via
Canada, etc.

>Reliance on government help is not important to him, so he would not
>apply for an SSN solely to get Social Security, welfare and such.
>
>His parents are cypherpunks and did not obtain an SSN for John. How much 
>effort would it cost him to live a life outlined above?

Less effort that cross country skiing (in calories burned).  May even
provide similar recreational value depending on John's ideology.

DCF 

"You're real smart.  I bet you never forget your Social Security Number.
What's your Social Security Number"? -- The Susan Sarandon character in
"Atlantic City"

"I don't have a Social Security Number." -- The Burt Lancaster character in
"Atlantic City"






From shamrock at netcom.com  Wed Nov 13 20:08:50 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 13 Nov 1996 20:08:50 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <Pine.SUN.3.94.961113224825.7335F-100000@polaris>
Message-ID: <Pine.3.89.9611132026.A5464-0100000@netcom14>


On Wed, 13 Nov 1996, Black Unicorn wrote:

> I'm still mildly curious as to why support for >128 bit keys is not
> available in any form I know of.

If you mean symmetric keys of >128 bits, the consensus of the experts is 
that even 128 bits are uncrackable by anyone's standard.

--Lucky





From hallam at vesuvius.ai.mit.edu  Wed Nov 13 20:20:43 1996
From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu)
Date: Wed, 13 Nov 1996 20:20:43 -0800 (PST)
Subject: A Disservice to Mr. Bell
Message-ID: <9611140425.AA01113@vesuvius.ai.mit.edu>



Jim Bell writes

> There are, I think, two reasons that the equity court system (and their 
> sleazy lawyers, both on and off the bench) are worried.  First, what they

> have now is, effectively, a monopoly on "justice."  The re-emergence of 
> commonlaw courts would provide competition that has been long gone. 
Think 
> of it like any monopoly that suddenly has to accept competition.

A bunch of self selected whackos running a kangeroo court does not mark a
return to "commonlaw courts". Such courts do not exist within the
constitution
of the United States. Unlike the UK the US has a written constitution, if
it isn't written down on paper then it does not exist. The structure of the
courts, the legislature and such was the principle task of the
constitution,
that is why the bill of rights is a set of ammendments - they were an
afterthought.

I think the courts are worried the way a truck driver is worried about 
roadkill.

Its always the agent-provocateurs who are the loudest voices. If I was an
FBI agent looking to snare a few pillocks I would be trolling in 
cypherpunks with an AP like story. I would also be boasting about my
knowing about people in hiding...

If Bell and Thorn are Freeh's agents then would they kindly bugger off
and find another place to troll. Alternatively they could arrest each 
other.


		Phill






From rah at shipwright.com  Wed Nov 13 20:22:02 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 13 Nov 1996 20:22:02 -0800 (PST)
Subject: 
In-Reply-To: <9611140239.AA16352@cow.net>
Message-ID: <v0300780faeb04d72341a@[206.119.69.46]>


At 9:39 pm -0500 11/13/96, Bovine Remailer wrote:
>Foulmouthed Timothy May rehashes his lies like a rabid parrot
>choking on a stale mantra stuck in its poisonous beak.

This is getting rather poetic.

Vitriol haiku...

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From jw250 at columbia.edu  Wed Nov 13 20:29:18 1996
From: jw250 at columbia.edu (Jim Wise)
Date: Wed, 13 Nov 1996 20:29:18 -0800 (PST)
Subject: Black markets vs. cryptoanarchy
In-Reply-To: <awecXD1w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.95L.961113231505.27570A-100000@konichiwa.cc.columbia.edu>


On Wed, 13 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> I spent a few years living in Columbia housing on 111th St and there are
> plenty of good, cheap groceries around. If you choose to save on the rent
> and to live, e.g., up by City College, then indeed there are fewer groceries
> and they cost more. The clerks who work there also get paid much more than
> the clerks midtown because they risk their lives.
> And you spend more time commuting to Columbia.

These days City College has a miniature version of CU's higher-rent bubble
effect.  At any rate within a few blocks of either school is rather a bit
better off than the surrounding areas.  111th is much more within CU's
sphere of influence, and prices at markets like Westside and UFM drop as
they compete for the student crowd.  That neighborhood has a pocket of
slightly more variety as well, for the same reasons.  As you walk north,
the number of liquor stores rises even as the number of businesses
drops...

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From rah at shipwright.com  Wed Nov 13 20:30:40 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 13 Nov 1996 20:30:40 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <Pine.SUN.3.94.961113200754.4470C-100000@polaris>
Message-ID: <v03007813aeb0506ae6a3@[206.119.69.46]>


At 10:43 pm -0500 11/13/96, Lucky Green wrote:
>I agree. Support for soon to be patent free algrithms is a good thing. I
>hope that in version 4.0, after the users had time to migrate to
>DSS/ElGamal, PGP will fully move away from RSA.

Speaking of patent-free, :-), can you do blind signatures without RSA?

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From roach_s at alph.swosu.edu  Wed Nov 13 20:34:36 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Wed, 13 Nov 1996 20:34:36 -0800 (PST)
Subject: Dossier on Tim May is Easily Obtainable
Message-ID: <199611140434.UAA19210@toad.com>


At 12:11 PM 11/13/96 -0600, Rick Smith wrote:
...
>Records retrieved from [SOURCE DELETED] also show that the young Timothy
>Christopher May exploited his interest in physics for destructive purposes,
>like elaborate pranks involving fictious weaponry and national security
>information. [INFORMATION DELETED FOR NATIONAL SECURITY REASONS -- ORCON
>U31 -- OADR FOR RECLASSIFICATION]
>
>However, more careful investigators have uncovered evidence to suggest that
>this was not entirely a prank. Records from [SOURCE DELETED] indicate that
>the young Timothy Christopher May purchased a huge gap magnet from Edmund
>Scientific Company and also produced science fair project titled "Ball
>Lightning: A Stable Plasma?" Investigators suspect the timing of these
>events is not a coincidence.
...
Ball lightning?  Plasma weapon?  Could I have a copy of the schematics?
I've long been interested in obtaining (purchasing, building) a plasma
weapon.  (I'm also been interested in obtaining a EM pulse cannon, but
that's a different story.)






From putney at rigel.infonex.com  Wed Nov 13 20:40:30 1996
From: putney at rigel.infonex.com (putney)
Date: Wed, 13 Nov 1996 20:40:30 -0800 (PST)
Subject: Validating SSNs
Message-ID: <Pine.SOL.3.91.961113202851.18335A-100000@rigel.infonex.com>


>At 4:13 PM 11/13/96, Black Unicorn wrote:

>>Exercise for the reader:  How does the bank verify SSNs?

>OK, I'll bite.

>My guess is that the bank sticks the SSN in a report to the IRS and the
>bank is happy with the SSN as long as the IRS doesn't complain about it.

>Now, does the IRS check? I suspect that they don't, either. Their objective
>is to look for "matches" with SSNs that show up on filed tax forms, since
>they want to verify the data on the tax form. Given the behavior of every
>other large database I've ever seen, I'd guess that there would be a huge
>number of SSNs that don't in fact associate with tax forms. If someone High
>Up hasn't decreed that they should chase such things down (and allocated
>heaps of money to do it), they'll ignore the mismatches.

>This seems consistent with the reports of people who use bogus SSNs for
>decades at a time.

>Rick.
>smith at sctc.com

Yup - You've got it right.  A bank's responsibility is to make the SSN 
match on tape with what the IRS has - thats it.  It was part of the big 
stink in the 80's when congress first said that all banks had to withhold 
on all interest, the banks yelled, and then the SSN match program was 
instituted.

There are significant fines for banks that do not follow up on 
mis-matches, or do not begin "back-up" withholding.  One person is no big 
deal, but they add up fast!

The IRS's job is to collect income so if the number matches with a filing 
then a-okay!

Yo.

Putney











From deviant at pooh-corner.com  Wed Nov 13 20:45:38 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Wed, 13 Nov 1996 20:45:38 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <199611131240.NAA19255@internal-mail.systemics.com>
Message-ID: <Pine.LNX.3.94.961114044336.1589A-100000@random.sp.org>


On Wed, 13 Nov 1996, Gary Howland wrote:

> > o TAXES THOUGHT EXPERIMENT
> > 
> >  1) I generate $100 of productivity for my company
> >  2) Company is taxed %30, $70 left
> >  3) Company pay shareholders and costs, $30 is left
> >  4) Company pays me
> >  5) I pay 40% in taxes, so $18 left
> >  6) With $18 I can buy a $16.82 object (%07 sales tax).
> > 
> > Results:
> >  1) I see $16.82 realization from $100 productivity increase.
> >  * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.
> 
> The government gets $59.26, not $49.26 (30+16+12+1.26).
> That leaves you with 16.74 (not 16.82) - they get nearly four
> times as much.
> 

Actually, if you think about it, they get even more than that due to sales
tax and other such pains.  They _don't_ pay it, so when they have the
money, the money is worth more.

> Gary

 --Deviant
What does not destroy me, makes me stronger.
		-- Nietzsche







From declan at well.com  Wed Nov 13 20:47:06 1996
From: declan at well.com (Declan McCullagh)
Date: Wed, 13 Nov 1996 20:47:06 -0800 (PST)
Subject: In case it isn't obvious
Message-ID: <Pine.GSO.3.95.961113203901.5151D-100000@well.com>


In case it isn't obvious, I respect the right of the freedom-knights folks
to do whatever they want on their mailing list. The list is theirs; they
can operate it as they please.

But perhaps I can show them the folly of their definitions of
"censorship." Kicking off someone who engages in personal attacks and
off-topic rants will usually improve, not hurt, the tenor of conversation
on the list. The tragedy of the commons and all.

In my experience, and I've talked about this at some length with Prof. 
Volokh who runs a number of lists himself, the best and most valuable
discussion lists are those that are unmoderated but have a list owner who
has the power to kick folks off a list and can try to steer the direction
of a conversation if it veers too far from the list's charter.

-Declan






From unicorn at schloss.li  Wed Nov 13 20:52:18 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 13 Nov 1996 20:52:18 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <Pine.3.89.9611131930.A5464-0100000@netcom14>
Message-ID: <Pine.SUN.3.94.961113224825.7335F-100000@polaris>


On Wed, 13 Nov 1996, Lucky Green wrote:

> On Wed, 13 Nov 1996, Black Unicorn wrote:
> 
> > On Wed, 13 Nov 1996, Derek Atkins wrote:
> > > The PGP 3.0 code that I've been working on has support for:
> > > 	IDEA, 3DES
> > > 	MD5, SHA1
> > > 	RSA, DSS, ElGamal
> > > 
> > > It does not discontinue support for the PGP 2.6.2 algorithms.  It adds
> > > support for new ones.
> > 
> > Absolutely outstanding.
> 
> I agree. Support for soon to be patent free algrithms is a good thing. I 
> hope that in version 4.0, after the users had time to migrate to 
> DSS/ElGamal, PGP will fully move away from RSA.

Personally, I'd prefer it if crypto applications had wide support, user
selectable, for as many methods as possible.

I'm still mildly curious as to why support for >128 bit keys is not
available in any form I know of.

> 
> --Lucky
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From nobody at huge.cajones.com  Wed Nov 13 20:54:20 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 13 Nov 1996 20:54:20 -0800 (PST)
Subject: "Messer im Kopf"
In-Reply-To: <v02140b01aead9ffb76fb@[192.0.2.1]>
Message-ID: <199611140454.UAA03027@mailmasher.com>


-----BEGIN PGP SIGNED MESSAGE-----

 ph at netcom.com wrote:

 p> In the late 1970s Germany was in a limited state of turmoil due to
 p> fears of "terrorist" (1) groups, particularly the Baader-Meinhoff
 p> gang.  Around this time a curious incident occurred.  The German
 p> government had had some success in apprehending some gang leaders.  In
 p> response, the others hijacked a Lufthansa jet and demanded that the
 p> government release their friends.  Four of the leaders of the gang
 p> then died in prison.  The government declared these deaths to be
 p> suicides, but considerable doubt surrounds this claim.  The government
 p> certainly wanted to discourage further hijacking experiments.  The
 p> elimination of the gang leaders would certainly have sent a strong
 p> message.  The logic is compelling.  On the other hand, it is not
 p> inconceivable that the deaths were suicides intended to discredit the
 p> government.

I lived in the Netherlands and West Germany in 1970 (working as a
nightclub singer, no less!), also a time of terrorist activity and
mysterious deaths.

The persistent buzz was that West German intelligence set up the
terrorists to be hit by elements of the US Army's CID.  I do not know if
this is true or not, though nothing would surprise me after having
during the same period blundered into Kafkaesque personal conflicts with
major US intelligence players who were quite literally insane.

Proving the axiom that no plot device is to cheap for real life, fifteen
years later I was working as a tech in exec/diplo security, frequently
contracted to a huge - but low-profile - company whose name has been
inextricably linked to the CIA for the past forty years or so.  Much of
my job was doing wirework in the various safehouses they maintained,
some of which were enormous mansions kept to stash foreign dignitaries
if the need arose.  They maintained their own private security force
that was tacitly authorized to undertake special ops in any of the 83
host countries in which they operate.  They had their own EOD and
hostage negotiation/rescue teams that were frequently "in the field."
These were heavyweights recruited from some of the scariest outfits in
the world.

But, to get to the point of this shaggy-dog story, among the specific
threats we were tasked with intercepting were elements of the Red Army
Faction and Baader-Meinhof, both still considered to be dangerous as
late as the mid-'80s, though they never showed up in my AO during my six
years on the job (a Sikh separatist flap during the Golden Temple
episode was as close as I came to real action and it was a false alarm,
though pretty sphincter-tightening for about an hour as, due to a
fuckup, I was the first and only one on site, with nothing to protect me
but a digital multimeter and a farty little hip pocket .380 holding five
rounds).

What I wish to make clear in this discussion is that - to my direct
personal knowledge as a participant - there are innumerable deniable
assets that do the bidding of governments and corporate interests around
the world in the field of anti-terrorism.  These assets can _and do_
"handle" situations that the righteous citizen would assume to be the
exclusive purview of the CIA, Mossad, etc.  Though I had no direct
knowledge of such executive actions I, do not doubt that these
operations include "neutralization" of troublesome elements.

Fascinating damn gig.  Wish to hell I could write that book about it
without "creating problems" for myself.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoqjDeV+ehVeCu2JAQGSHgQAp+w9zObP9ZQk2M44ZRK6J2wTl4lPaluw
p/QbBdtprzq2WTln4DS80rmpLTySgyLL3lG207H7Gm2PrkZzJExni4q4eRqzj4hS
QlalQG1O7vT3w566Hso9u17XcxKzq1DKcF8Ej5v/YQzv66YbjpauiGMyxUOe6TdD
Dwb5V2SD9Q4=
=fV1l
-----END PGP SIGNATURE-----






From hal at rain.org  Wed Nov 13 21:00:52 1996
From: hal at rain.org (Hal Finney)
Date: Wed, 13 Nov 1996 21:00:52 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <199611140459.UAA01890@crypt.hfinney.com>


I had a similar thought a few months ago.  Actually with DigiCash there
is a specially nice feature from the point of view of the remailer.

Suppose the cash is embedded in the message headers itself.  The remailer
receives the message with the cash in it, turns it in at the bank to
make sure it is good, and withdraws a new blinded coin which it sticks
in the headers of the outgoing message.  The eventual recipient of that
message can then have his software turn in that coin and if it is good
that raises the priority of the message for him to read.

The nice thing is that if the recipient doesn't have the DigiCash software,
he will never cash the coin.  That means that the remailer can, after a
delay, reclaim uncashed coins for its own use.  It doesn't have to charge
postage explicitly, but it benefits as a middleman from unclaimed postage.

This would also of course encourage people to learn to use digital cash
so they could take advantage of these pennies from heaven in their
mailboxes.

Hal





From shamrock at netcom.com  Wed Nov 13 21:04:39 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 13 Nov 1996 21:04:39 -0800 (PST)
Subject: Cypherpunks Shooting Club II
Message-ID: <Pine.3.89.9611132037.A16692-0100000@netcom14>


Last Sunday, only four Cypherpunks participated in the first field trip 
organized by the Cypherpunks Shooting Club. Though I dare say that we had 
loads of fun. Anybody interested in participating next Sunday is 
encouraged to contact me. A wide range of firearms will be provided.


-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"






From dthorn at gte.net  Wed Nov 13 21:05:14 1996
From: dthorn at gte.net (Dale Thorn)
Date: Wed, 13 Nov 1996 21:05:14 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <328AA7B2.22EC@gte.net>


Declan McCullagh wrote:
> The Netly News
> http://www.netlynews.com/
> November 11, 1996
> Cypher-Censored
> By Declan McCullagh (declan at well.com)
>        The cypherpunks mailing list, so legend goes, coalesced around two
>    principles: the dissemination of strong encryption and an absolute
>    commitment to free speech. It was a kind of crypto-anarchist utopia:
>    Here was a place where anonymity was encouraged and PGP-signed
>    postings were the norm -- and nobody seemed to be in control.
>        That is, until recently, when Dimitri Vulis was given the boot.
>    After he refused to stop posting flames, rants and uninspired personal
>    attacks, Vulis was summarily removed from the mailing list.

[snippo]

>        Vulis portrays himself as a victim, but as I posted to the list
>    last week, I disagree. Anyone who's spent any time on the
>    100-plus-messages-a-day list can read for themselves the kind of nasty
>    daily messages that came from Vulis's keyboard. The list is on
>    Gilmore's machine and he can do what he wants with it; he can moderate
>    the postings, he can censor material, he can shut the whole thing down.

[mo' snippo]

So you disagree.  Well, the last sentence above says it all - this "list"
that you and 1900+ other people spend so much time on is "just property"
(like a slave), it's censorable (meaning freedom of speech is *specifically
excluded*), and it's terminable without notice (meaning that it's really
just one person's private fantasy, and we'll all bozos on the bus, as it were).

You and several other "personal friends/insiders" to John Gilmore must be
laughing your butts off at the erstwhile schmoes like myself, who labor to
reason with persons like yourself and "gods" like John Gilmore, who, after
all, are obviously superior to us schmoes, since we sit and beg for our
portions of email emanating from John "God" Gilmore's Holy Computer.

Why do you bother telling us that:

  "He can moderate the postings"
  "He can censor material"
  "He can shut the whole thing down"

Why?  Is this your way (or "God"'s way) of waving your dicks in our faces?

Well, I'll tell you what.  You can run your list (or kiss someone's butt
who does), you can shut the thing down, and you can take a long walk off
a short pier for all I or most anyone gives a damn, but let's call a spade
a spade.  You're a suck-up, and Gilmore is a swaggering, overbearing, tin-
plated dictator with delusions of Godhood.  Satisfied?






From amp at pobox.com  Wed Nov 13 21:16:08 1996
From: amp at pobox.com (amp at pobox.com)
Date: Wed, 13 Nov 1996 21:16:08 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <v03007800aeade37ef979@[207.167.93.63]>
Message-ID: <Chameleon.847948472.amp@tx86-8>



> (Side note: Jim McCoy's suggestion that kids can be kept off the
> parental-unit's tax returns and thus not get a SS number is fraught with
> problems. Many schools--including public schools--use the SS number for
> various internal and tracking reasons. Even if the kid is free of SS
> numbers until he's a teenager--at a cost of thousands of dollars a year in
> IRS deductions not taken--he'll essentially have to have an SS number in
> his high school years, for a variety of reasons. Maybe this can be avoided,
> but I doubt the reward is worth the hassles.)
 
I recently enrolled my kid in school. On a form they asked what her SSn was. I just 
left the form blank. Later when they asked me about it, I asked if it was =required=, 
prepared to have them provide me with stautory citations. They said it was not 
required, but that they needed a way to keep records. I suggested they use her name. 
Since that wouldn't work with their computer, I suggested they make one up that fit 
the program.



------------------------
Name: amp
E-mail: amp at pobox.com
Date: 11/13/96
Time: 23:10:57
Visit http://www.public-action.com/SkyWriter/WacoMuseum

EARTH FIRST! We'll strip mine the other planets later.
------------------------






From markm at voicenet.com  Wed Nov 13 21:31:52 1996
From: markm at voicenet.com (Mark M.)
Date: Wed, 13 Nov 1996 21:31:52 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611140715.FAA01670@prometheus.hol.gr>
Message-ID: <Pine.LNX.3.95.961114002510.3366A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 14 Nov 1996, George A. Stathis wrote:

> Not at all easy, for a lot of people. Moreover, it's very time-consuming.
> It's only easy if you are prepared to put up with costs of time, money,
> and also... service providers (who don't always agree with you)...

If setting up a new mailing list is that important to people, it will get
done.  There's nothing preventing people from pooling together resources to
form a mailing list.

> In a lot of places in the world, starting mailing lists is almost
> impossible unless you can be _inside_ an Internet Provider Company
> (and use Unix or whatever they use, in their own machines).

Some ISP's provide this service for not much more than the cost of a standard
dial-up account.  It certainly is possible for people to form a mailing list.
Most people find whining a lot easier.

> Man you're nutts. There are very few and quite vast Media Companies
> in the world, and they're on the verge of becoming monopolies.
> 
> Even your American President is in reality a puppet of the Trilateral
> Commission, who effectively also control CNN, the Washington Post,
> and many many many other things all over the world.
> 
> And you are saying that control of the media by ownership is
> impossible?  You're far out maaan! :-)
> 
> Only in America such a naive opinion could actually be _believed_.
> (here I go again... aga! :-) )

Is this a troll?

> 
> George
> 
> 
> P.S. Even if you offered me a million dollars I'd stay away from
>      your country. My sanity is much more valuable.  :-)
>      (The Immigration Authorities in the U.S. have missed the point:
>       We DON'T want to come to you guys. It's the last thing we'd want!)
> 

finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoqvKSzIPc7jvyFpAQGtEggAuWVziHlb0UrImEJH1iZE5v5kv0z2gpgf
+Xmndm3x06B7bl2DkV/Fm4/djjqMoFXgz9gUXqL8KHR7CAQtR+ASO1lJBRG952OY
UJel2GlBstZjgDplOoktaLSJowsl2/1tukIzqBETSQ8Xq/0A5EZKnxgb9ktHot5v
mA35NzQuRvJtZ9CSTmolZVByJ1+nya8KV/RUOgRNDSQDQi1eX/X24K6hZvsljgZh
Db+aUH7+E6D2qagvzV1FIHJIcHq1XYvf8P8ABdu4PZPwvRtoL8gnh9Jyo2H4IWzI
fKUOJzbHcPKD/TFVjZs6VRjWPfudStNKLKjmRFhT+jdy2j5J53rc9Q==
=YYsl
-----END PGP SIGNATURE-----






From ichudov at algebra.com  Wed Nov 13 21:38:18 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Wed, 13 Nov 1996 21:38:18 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611132320.PAA17335@kachina.jetcafe.org>
Message-ID: <199611140501.XAA05790@manifold.algebra.com>


Dave Hayes wrote:
> You won't do this, because I won't let you on the list. I, unlike you
> or Mr. Gilmore, have the judgement on whom to invite to my list.
> 

So what's the difference between yours and gilmore's position?

Long live USENET Cabal!

	- Igor.





From dthorn at gte.net  Wed Nov 13 21:40:15 1996
From: dthorn at gte.net (Dale Thorn)
Date: Wed, 13 Nov 1996 21:40:15 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611130139.RAA14024@toad.com>
Message-ID: <328AAD68.3B56@gte.net>


Sean Roach wrote:
> At 08:26 AM 11/11/96 -0800, Hal Finney wrote:
> >I have two kids entering their teens, and I'm sure other list members are
> >parents as well.  What can we do for our children to help them enter their
> >adult lives with better chances to retain privacy?  Unicorn mentions keeping
> >them absent from school on picture day, although I'm not sure how much this
> >helps.  I suppose it makes it harder for an investigator to find out what
> >they look(ed) like.  Then when they get old enough to drive you have a new
> >problem avoiding the photo (and thumbprint) on the license.

> As far as the drivers linscense goes, there are religions that do not allow
> its members to be photographed, and the government honers this,(at least the
> Tag Offices do).  I don't know the name of the religion but I believe it is
> a Christian one.  Convert once every four years to get your drivers
> liscense, and convert back within the week.  No photograph on that little
> piece of plastic.
> P.S.  In Oklahoma, there is no thumbprint on the current liscense.
> P.P.S  You can always send your child to school with a note saying that you
> do not want your child in the class picture, I know of someone who did that,
> (on a side-note, we always wondered why.)

Certain conservative sects [Puritan, Amish (I think)] believe strongly in
the Old Testament command to "not make any image of anything in the air,
on the ground, or in the sea" (quote approximate).  This was done to
prevent image (idol) worship.

It's ironic, given that most conservative Christians who claim to believe
sincerely in the adage against idol worship will nonetheless have those
beautiful, high-tech studio portraits of their children somewhere in the
house, highly visible for all visitors and residents to gaze upon.

But sadly, most Christians, like most non-Christians, just can't resist
the temptation to worship idols, albeit in a more subtle way than bowing
down to the molten calf.






From jimbell at pacifier.com  Wed Nov 13 21:52:55 1996
From: jimbell at pacifier.com (jim bell)
Date: Wed, 13 Nov 1996 21:52:55 -0800 (PST)
Subject: A Disservice to Mr. Bell
Message-ID: <199611140552.VAA09808@mail.pacifier.com>


At 11:19 PM 11/13/96 -0500, Phillip M. Hallam-Baker wrote:
>Jim Bell writes
>
>> There are, I think, two reasons that the equity court system (and their 
>> sleazy lawyers, both on and off the bench) are worried.  First, what they
>> have now is, effectively, a monopoly on "justice."  The re-emergence of 
>> commonlaw courts would provide competition that has been long gone. 
>Think 
>> of it like any monopoly that suddenly has to accept competition.
>
>A bunch of self selected whackos running a kangeroo court does not mark a
>return to "commonlaw courts".

As for the "self-selected" issue:  In almost all areas of human endeavor, 
things are (often?  usually?) done by people who are "self-selected."  I 
suggest that there is simply no reason that even "self-selected" courts 
cannot work.

And for the "wacko" part:  To a great extent, the people who would tend to 
oppose the re-emergence of commonlaw courts are those who are the ones who 
most benefit from the monopoly (oligopoly?) on justice which has developed 
over many decades.  Judges, prosecutors, and lawyers of course profit 
directly.  But psychologically, people wedded to a statist philosophy would 
have their precious worlds overturned.  They're not happy.  

Also:  The reason for an (apparent, implied) association with extremism is, 
simply, because the system has been  suppressed (actively or passively) for 
so long that it tends to be the "extremists" which most notice the 
possibilities of a commonlaw court.  This is quite analogous with the fact 
that the label "extremists" was almost certainly applied to the 
revolutionaries who proposed the American Revolution, the abolition of 
slavery, giving the vote to women, pushed civil rights in the US during the 
50's and 60's, etc.  By definition, people proposing a change in the status 
quo are "extremists," if they weren't they wouldn't be proposing a change, 
huh?!?

And this goes back to the "self-selected" issue above as well.  While the 
main work of commonlaw courts, today, is the reversal of the abuses of the 
equity court system, as the commonlaw courts become once again well accepted 
they will simply not need to stand out and look "extreme" as they may look 
to you, today.


> Such courts do not exist within the  constitution
>of the United States. Unlike the UK the US has a written constitution, if
>it isn't written down on paper then it does not exist.

You're obviously confused.  

1.  Commonlaw courts predate the US Constitution by a few hundred years.  
The former does not depend on the latter for authority or credibility.  

2.  The US Constitution is, at most, a statement of the authority of the 
FEDERAL portion of government. It is, arguably, only a statement of the 
powers granted to the Feds by the people; it is most certainly not intended 
to be a statement of every right retained by the people.  (In fact, the 9th 
and 10th amendments make it clear that non-enumerated rights exist.)  No 
authority over commonlaw courts (such as appointing judges)  was given to 
the Feds by the people.

3. The Federal Constitution only references states, and I don't think it 
references state Constitutions at all.  Yet clearly state Constitutions 
exist.  Clearly, it isn't correct to say "if it isn't written down on paper 
then it does not exist."  For example, people are not "written down on 
paper," yet they exist...


> The structure of the courts, 

You should have said, SOME courts.  Not "the courts," implying ALL the 
courts.  Notice that the US Federal Constitution (at least, to my 
recollection) does not describe or regulate state courts, or for that matter 
local courts.  Just Federal, which is as was intended.   Given this, there 
is no reason to assume that commonlaw courts need to be described, 
authorized, or regulated by the Feds.  If your argument is, "if it isn't 
defined by the Federal Constitution it doesn't exist," then you'd just 
destroyed your own argument.  


>the legislature and such was the principle task of the constitution,
>that is why the bill of rights is a set of ammendments - they were an
>afterthought.


This has absolutely nothing to do with the commonlaw court system.


Jim Bell
jimbell at pacifier.com





From wichita at cyberstation.net  Wed Nov 13 22:07:22 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Wed, 13 Nov 1996 22:07:22 -0800 (PST)
Subject: The Key for the IPG 200 Megabytes at NETPRIVACY.COM
Message-ID: <Pine.BSI.3.95.961113235812.20589A-100000@citrine.cyberstation.net>



In response to the numerous requests for us to post the key that we used
to produce the almost 200 megabytes of raw encryptor stream at our web
site, we are pleased to provide the ASCII values of same as follows: 



OFFSET    0   1   2   3   4   5   6   7   8   9
    0    237  55 181 123  98 190 172 218  32  95 
    1     76 254  70 151 109 109 115  87 146 142 
    2    233 129 176 197 154  22 122 168  96   9 
    3    115 234 241  54  78 120  81  33 128 196 
    4    177   8  69  53  71 116   0 245 126 158 
    5     29 239  80 219  86 236 193  50   7  31 
    6     84 188   5 215 175 213 222   4 180 144 
    7    187 162 205 215  60 144 120  75 195  66 
    8    178  81 212  56 123 177 189 113 101  91 
    9    211 194  48 171  17  64 197 118 148  24 
   10     32  67 114 171  26 131  19 149 121  32 
   11    235 112 114  45  28  80  37 142 138  15 
   12    229 228 155 214  66 246 174 195 224 215 
   13    116 233 106 209  66 233 175 229 244 245 
   14     74  81 136 163 100  21 114 240  48 184 
   15    124 151 145  74  34  33  14  70 132  37 
   16     82 253  70  97  72  20 106  41 162  30 
   17    136  18 105 227 219 232 121  49 119 218 
   18      6  97 193 180 228 204  92 158 116 222 
   19    145  91  34 200 199 235 178 116 103 196 
   20     79 104  90  22  69 212  91  65 171 133 
   21     92 208  76 127  37  83  92 140  27 249 
   22    229  22 132 205   5  67 203   8 196 141 
   23    136  80  68 156 228  38 254  97 170 179 
   24     43 152 124 172  91  52  79  94 248 131 
   25    202  82  36  41  11 229 

As explained at the web site, that key is expanded to an 8192 byte key and
used as described therein.

                    www.netprivacy.com

In order for those few who have not had the opportunity to check it out,
we will leave it up another week and then take it down and put up a
new shorter one, maybe a 2,560,000 byte one permanently and a monthly
2,560,000 byte one where we publish the key each month. 

Of course, no university, coderpunk, or cypherpunk, or any collection of
same,  has broken the system, nor will they ever.  As most of you now
know, it is absolutely unbreakable. We have had over 100 universities,
IBM, Microsoft, Intel, hundreds of other corporations, several dozen
different government agencies, and thousands of other individuals to
download the data and look at the algorithm. Of course, like everyone
else, they have been benighted, even if some of them will not own up to
it.

Several people have requested me to provide a narrative description of the
algorithm explaining why the raw encryptor output stream seems to be so
remarkably random. I am preparing such a document and it should be ready
next week, or the week after. I will post it accordingly.

Thanks so very much, 

Don Wood








From bgrosman at healey.com.au  Wed Nov 13 23:29:50 1996
From: bgrosman at healey.com.au (Benjamin Grosman)
Date: Wed, 13 Nov 1996 23:29:50 -0800 (PST)
Subject: Worrying...
Message-ID: <199611140830.TAA26347@sydney.healey.com.au>



Isn't it worrying that so many people can happily devote their time to trying to annoy others?






From dthorn at gte.net  Thu Nov 14 00:22:17 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 14 Nov 1996 00:22:17 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <9611140425.AA01113@vesuvius.ai.mit.edu>
Message-ID: <328AD670.4EDD@gte.net>


hallam at vesuvius.ai.mit.edu wrote:
> Jim Bell writes
> > There are, I think, two reasons that the equity court system (and their
> > sleazy lawyers, both on and off the bench) are worried.  First, what they
> > have now is, effectively, a monopoly on "justice."  The re-emergence of
> > commonlaw courts would provide competition that has been long gone.
> >Think of it like any monopoly that suddenly has to accept competition.

> A bunch of self selected whackos running a kangeroo court does not mark
> a return to "commonlaw courts". Such courts do not exist within the
> constitution of the United States. Unlike the UK the US has a written
> constitution, if it isn't written down on paper then it does not exist.

"It doesn't exist".  Well!  The difference between the intent of the law
and the "letter" of the law:  The Constitution, if it is about anything,
it is about Balance of Power. You could refer back to the DOI for examples
of how to settle BOP disparities when governments become too big for their
britches, or you could accept "creative civil disobedience" such as Common
Law Courts as a way to add some balance.  Unless, of course, you're the
troll you're talking about below.

> The structure of the courts, the legislature and such was the principle
> task of the constitution, that is why the bill of rights is a set of
> ammendments - they were an afterthought. I think the courts are worried
> the way a truck driver is worried about roadkill.

An afterthought?  No.  The Constitution was a document provided at the
behest of the States, with their approval (not dictated by the Feds), and
those States would not ratify said document without the Enumeration of
rights now referred to as the Bill of Rights.  It's an enumeration only,
to tell the Feds that "these are your powers", etc., and "don't try to
mess with any of these things enumerated here in these 10 amendments",
and so forth.

> Its always the agent-provocateurs who are the loudest voices. If I was an
> FBI agent looking to snare a few pillocks I would be trolling in
> cypherpunks with an AP like story. I would also be boasting about my
> knowing about people in hiding...
> If Bell and Thorn are Freeh's agents then would they kindly bugger off
> and find another place to troll. Alternatively they could arrest each other.

Agent-provocateurs?  My, aren't we paranoid.  I hope the Thorn character
is someone else, not me.  If you read all or most all of my postings over
the past couple of months, you would see why the FBI and all those other
alphabet-agencies wouldn't hire me.  They had to cheat just to get me a
Confidential clearance in the Army (the lowest possible clearance).

I can't speak for Jim Bell, but my impression (for the 100th time) of AP
as stated in the postings is firmly this:  It's a warning about the real
possibility of such a system, given secure crypto technology and a more-
or-less anarchic net to host it.  As far as someone recommending it and
pushing for its acceptance, don't be so naive. The bad guys will have it
fully operational (if it is possible) *long* before you or your fellow
citizens have a crack at it, if ever.






From llurch at networking.stanford.edu  Thu Nov 14 01:16:38 1996
From: llurch at networking.stanford.edu (Richard Charles Graves)
Date: Thu, 14 Nov 1996 01:16:38 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611140916.BAA24474@Networking.Stanford.EDU>


hyperlex at hol.gr ("George A. Stathis") wrote:
>
>>> Mr. Gilmore, and other like minded parties, might want to consider
>>> what would happen if one parent company owned *all* communications
>>> media. Would they they be so supportive of the ideology of ownership
>>> and communciation they espouse?
>>
>>And just how plausible do you think this is?  I believe it is next to
>>impossible, unless it is the result of government regulation.
>
>Man you're nutts. There are very few and quite vast Media Companies
>in the world, and they're on the verge of becoming monopolies.
>
>Even your American President is in reality a puppet of the Trilateral
>Commission, who effectively also control CNN, the Washington Post,
>and many many many other things all over the world.

You're so naive. The Trilateral Commission is just a puppet of General
Electric, the British Royal Family, the Illuminati, the Council on Foreign
Relations, the Elders of Zion, the Knights Templar, the Military-
Industrial Complex, the Communists, the Secret Government, Dead White
Males, the Freemasons, the CIA, Scientology, and my Aunt Marge.

-rich
 special agent, zog northwest
 i do not speak for the world affairs council





From wichita at cyberstation.net  Thu Nov 14 01:48:28 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Thu, 14 Nov 1996 01:48:28 -0800 (PST)
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
Message-ID: <Pine.BSI.3.95.961114030250.472F-100000@citrine.cyberstation.net>



         Fermented Pear Juice == Supercilious Pap

         There they go again, the imperium, or so they think, of
         cryptographic shamans are trying to bamboozle list readers
         into believing their warped cryptographic gimcrackery. They
         do not need Zadoc to anoint themselves the Solomons of the
         cryptographic world. They think that they are perfectly
         capable of doing it to themselves. Have they ever
         cracked a single meaningful cryptographic system?  Have they ever
         implemented a significant cryptographic system?

         Of course, I am not speaking of Dr. Ron Rivest and other
         rightfully honored members, but rather of that ragtag group
         of cryptographic medicine men that think they have all the
         answers to all the questions, that is, the small cypherlunks
         subset of cypherpunks/coderpunks.  Despite their trifling
         anomalous performances, they have Napoleonically crowned
         themselves as the aristocracy of cryptography.  They are not
         "au fait" august, aureate practitioners, rather "au fond",
         they are narcistic harlequins, "fons et origino" of their own
         and claque homologated mirages of autistic cryptographic
         fantasies.

         Remember, how that self appointed College of Cryptographic
         Cardinals cannonaded me, and you, with a fusillade of self
         serving avowals such as, "we do not do it for money, we do it
         for the public good", "it is our duty to expose snake oil
         salesmen", "I feel a snake oil attack coming on", "it is a
         public service", "we owe it to the public, to protect them
         against charlatans," and on and on "ad nauseam," with their
         silly putty rodomontades.  Now that their pusillanimity has
         been exposed for all to see clearly, they have apparently
         adopted the opportune, timorous motto of "sauve qui puet."

         They have proved themselves to be an alliance of fainaiguers
         that change their tunes when called to task. How many of them
         want to do it for the public good, now ? How many want to
         expose the snake oil salesman, now? How many of them want to
         protect the public, now? Not one. Show me, us,  one of them
         that is not intellectually tremulous. They leaped into the
         contest when they sensed blood, but now they realize that it
         is their blood to be spilled, they shirk from their
         intellectual responsibilities. All of the Sir Galihads and
         Sir Lancelots of yesterday, have proved themselves to be
         Sir Coward Chickens now, as everyone can plainly discern.
         Most of them have chosen the exeunt course and are now hiding
         their heads in the sand, hoping that no one will take note of
         them.

         Where are all those chivalrous cryptographic knights now? I
         am sure that if asked, most would reply to the effect that
         they are "otherwise engaged," which parses to "nonpossumus,"
         and only the most naive could fail to recognize that. What
         has become of their chivalry?  Quite simply, the impersonate
         knights have become loathly benighted.

         The cypherlunks, riffraff, were quick to engage in jousting
         over OTP logomachy because they thought that all they had to
         do was beat their fingers on the keyboard and cite Shannon.
         The neologizing of the term "Software OTP," drove them into
         an uncontrolled frenzy of attacks. Alas, to do so, did not
         tax their notional mental facilities.

         On the other hand, when challenged to demonstrate their
         cryptanalytical skills, the cypherlunks became panic stricken
         and in mass hysteria took flight in frightened awe of the IPG
         algorithm.  Their knightly bravado and braggadocio were
         hastily jettisoned in their wild flight away and superseded
         by their otiose nihility.

         That flock of cryptographic turkeys, a.k.a. cypherlunks,  flew 
         off to their clangorous roosts. There, though the more
         intelligent became quiescent as circumstances dictated, the
         court jesters started wildly flapping their wings and
         gobbling out their gobbledygook in order to becloud and
         confuse people about the proffer of the heretic.  Those
         clowns were, and are, trying to create the illusion that
         their incondite cryptographic skills are irrefutable because
         they say it is so, and that makes it so.

         I think that those cypherlunk fabulists should adopt the
         apropos motto, "Talk very loudly and carry a tiny turkey
         feather duster." Their quixotic sallies into cryptanalytics
         are quintessential asininities.  They are not subduing great
         crypto dragons, or giants, or even midgets, not even
         windmills; they, even more than Quixote, are merely
         fantasizing their efficaciousness.  Their only significant
         cryptographic artifices are locked forever within the
         confines of their convoluted individual and collective minds.

         The cypherlunk's nympholeptic calliope of reciprocal
         "inbongis" is indicative proof of their total capitulation in
         the face of the impregnable IPG algorithm.  Their clannish
         drum beating, high fiving, and back slapping of each other is
         reactionary declamatory histrionics. What a tragic waste.

         If there was only some way to channel and divert that energy
         atrophy into productive causes. For example, illimitable
         outrage against the dissonant alliance of Freeh and Saddam
         Hussein in trying to prevent their citizenry from having
         unbreakable encryption technologies. Gore and Rashanjanti are
         also advocating similar polices with respect to encryption  
         restrictions.

         We must recognize that Gore, Reno, Freeh, Exon, and others 
         similarly situated believe they are doing what is right. The
         fact though is, that by so doing they are becoming welcome allies
         of Hussein, Qadaffi, Rashanjanti, Castro and other
         human rights oppressors. That is a red flag if there was ever
         one. It raises the irreconcilable question of how can
         both groups in such an unseemly alliance be right.

         Obviously they cannot. Accordingly, that existential 
         incongruence succinctly points out the dichotomous character of
         the question of whether or not unbreakable encryption
         technologies should be made openly available to everyone.

         In reality, the question though is not even close.  While
         granted that there may be some criminals and terrorists who
         will pervert the use of encrypted communications, the number
         is extremely small because most such malefactors are far too
         ignorant and in too much of a hurry. If we spent a fraction of
         the saved money on openly bribing accomplices,  far better
         emanations would be forthcoming. Furthermore, even if
         unbreakable encryption systems were allowed, law
         enforcement would still have an immense arsenal, existing and
         developing,  of far more efficacious technological weapons
         available to them. 
         
         Cryptanalytics has become the tiny tail that continues to wag the
         immense dog of intelligence gathering. A few powerful oligarchs
         are screaming "the sky is falling, the sky is falling," in order
         to protect their "Hillistic" empires. Wake up, the sky is not
         falling, and it is not going to fall anytime soon. Oh, those
         all powerful empire builders think they are doing what is proper
         and prudent for our country and its people, but they are
         absolutely wrong.      

         The good far outweighs the bad on the balance scales. We
         desperately need unbreakable encryption technologies to aid and
         abet freedom fighters against tyranny around the world, and that
         is the reason that Hussein, Castro, Rashanjanti, and others of
         that persuasion are opposed to unbreakable encryption systems.
         We also need it in order to make it possible for individuals to 
         protect their privacy in the onrushing information age. We also
         need it to so that businesses can protect their proprietary and 
         other vital interests when essentially everything goes online.
         Unbreakable encryption will also insure for all people that
         governments do not wantonly intrude into their lives.

         To paraphrase FDR, "the only thing that we have to fear about
         unbreakable encryption systems, is the misplaced fear that it 
         will do more harm than good." If the Internet and the Information
         Age are to achieve their potential to build us a better world,
         then unbreakable encryption technologies must be one of the
         irreplaceable cornerstones on which such a future can be
         built.

         We, who favor the advancement of the view that I am advocating, 
         will not win by adhering to reactionary defensive tactics. We
         must go on the offensive. We need to bombard our Representatives
         and Senators with e-mail questioning why Castro, Freeh, Gore,
         Hussein, Qadaffi, Rashanjanti, Reno, Sung, Jr. and others that
         disagree about almost everything else are allies with respect to
         denying the public the use of unbreakable encryption technologies.
         Also, ask them,  how are we ever going to be able to
         address the privacy issues in the information age without
         such encryption systems.  Additionally, tell them about how we
         are handing over a multi-billion dollar market to foreign
         competitors because of the ITAR export ban, billions of  dollars
         a year now and growing. 

         We can win this affray because we are obviously in the right
         but we must become much more proactive by making everyone aware 
         of all of the good things that will accrue  to our human
         species by doing what we are advocating, That is the only real
         way to effectively combat those who mistakenly are taking the
         myopic view that we should not do it because it will 
         help the criminals and terrorists. Guns and explosives
         help maleficence elements too, but we do not outlaw them because
         they serve other very useful purposes, and the same thing is
         obviously true with with respect to unbreakable encryption
         technologies.

         Back to the IPG system, we believe that you would like to
         know that commencing this date, IPG is advertising as
         follows:

         "In addition to posting the algorithm(s) at our web site:

                       http://www.netprivacy.com

         IPG has also posted the algorithm(s) to a number of other
         sites, including Universities in the United States and
         Canada, as well as the famed Cypherpunks and Coderpunks
         lists. Since the IPG algorithm is impregnable, obviously no
         individual, or collection of individuals, from said
         Universities, the Cypherpunks, or the Coderpunks has been
         able to crack the system. Of course, this inability to do the
         impossible applies not only to the present but for all time,
         for all eternity."

         Of course what we are saying is obviously true, and we thought
         you might want to know.


Thanks so very much,

Don Wood




















From adam at homeport.org  Thu Nov 14 04:29:28 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 14 Nov 1996 04:29:28 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <v03007813aeb0506ae6a3@[206.119.69.46]>
Message-ID: <199611141225.HAA19903@homeport.org>


Robert Hettinga wrote:
| At 10:43 pm -0500 11/13/96, Lucky Green wrote:
| >I agree. Support for soon to be patent free algrithms is a good thing. I
| >hope that in version 4.0, after the users had time to migrate to
| >DSS/ElGamal, PGP will fully move away from RSA.
| 
| Speaking of patent-free, :-), can you do blind signatures without RSA?

Chaum has something called unanticipated blind signatures that don't
use RSA.  The problem with blinding is not the RSA patents.  Those run
out much sooner than Chaum's patents.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From gary at systemics.com  Thu Nov 14 04:44:22 1996
From: gary at systemics.com (Gary Howland)
Date: Thu, 14 Nov 1996 04:44:22 -0800 (PST)
Subject: PGP3.0 & ElGamal
Message-ID: <199611141245.NAA25756@internal-mail.systemics.com>


> At 10:43 pm -0500 11/13/96, Lucky Green wrote:
> >I agree. Support for soon to be patent free algrithms is a good thing. I
> >hope that in version 4.0, after the users had time to migrate to
> >DSS/ElGamal, PGP will fully move away from RSA.
> 
> Speaking of patent-free, :-), can you do blind signatures without RSA?

I think it is possible using the both Diffie-Hellman and the RPK algorithm
(developed by the New Zealand chap quite recently), although patents
probably apply to the latter algorithm.

Don't forget that for ecash style systems, only the *client* needs to
do the blinding, not the bank.

Gary
--
"Of course the US Constitution isn't perfect; but it's a lot better
than what we have now."  -- Unknown.

pub  1024/C001D00D 1996/01/22  Gary Howland <gary at systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 





From jya at pipeline.com  Thu Nov 14 05:20:10 1996
From: jya at pipeline.com (John Young)
Date: Thu, 14 Nov 1996 05:20:10 -0800 (PST)
Subject: No Subject
Message-ID: <1.5.4.32.19961114131814.006c3730@pop.pipeline.com>


Declan,

Cypherpunks does not seem to me to be anything like the well-
regulated lists you ascribe to Prof Volokh.

Could you, with Professor Volokh, expand on the application of 
"editorial control" on "unmoderated" lists? (See Netly below)

As well as amplify "the power to kick folks off a list ... if 
conversation veers too far from the list's charter." (See 
your quote below) 

Isn't this power the black heart of free speech racketeering? 
And what makes the glands of secret authoritarians thrill with 
benevolent suppression of assent on behalf of the disorderly, 
fuzzy-minded citizenry?

Media moguls and list runners share commonalities, to be sure,
but I wonder if it's not cruel to compare John Gilmore to Professsor
Volokh, and both to, say, Rupert Murdoch.


--------

[Netly News]

Eugene Volokh, a law professor at UCLA, runs a number of mailing
lists and has kicked people off to maintain better editorial control.
Volokh says that the most valuable publications are those that
exercise the highest degree of editorial control.

[Your post of 11-13]

In my experience, and I've talked about this at some length with Prof. 
Volokh who runs a number of lists himself, the best and most valuable
discussion lists are those that are unmoderated but have a list owner who
has the power to kick folks off a list and can try to steer the direction
of a conversation if it veers too far from the list's charter.







From aga at dhp.com  Thu Nov 14 05:31:37 1996
From: aga at dhp.com (aga)
Date: Thu, 14 Nov 1996 05:31:37 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <Pine.GSO.3.95.961113122648.8294B-100000@well.com>
Message-ID: <Pine.LNX.3.95.961114080400.6941E-100000@dhp.com>


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Date: Wed, 13 Nov 1996 13:12:50 -0800 (PST)
> From: Declan McCullagh <declan at well.com>
> Reply-To: freedom-knights at jetcafe.org
> To: Dave Hayes <dave at kachina.jetcafe.org>
> Cc: freedom-knights at jetcafe.org, cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> meaningless political rants.
> 

Jealousy rears it's ugly head.  You just wish you had the credibility
that Dave Hayes has.

> I'll address some of his points.
> 

Do it within his text as you are supposed to.

> * "Political safety?" I stand by my record as a writer. Check out
> http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> recent articles. Political safety? Hardly.
> 

This Declan_McCullagh is a long-time cabal.member, so his critique
of a Freedom-Knight like Dave Hayes is to be given short shrift.

> * Dave says "Notice that the net is compared to a home or private club." 
> Wrong. I never compared the Net to such. However, a mailing list run on a
> computer in someone's home with his own cash is very similar to a private
> club.  There are private speech restrictions on the Net. Gated communities
> exist.  Try to join the "lawprofs" mailing list. You can't; you're not
> (and quite obviously anything but) a law professor. Censorship? Not quite. 
> 

None of that analogy is applicable to the cyberpunks list.
When a list gets as big as that, it it no longer to be considered
a "mailing-list" but it is a _public_ forum.  The whole problem
here is the abuse of power by both the EFF and John Gilmore.

> * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> from posting. 
> 
> * Dave warns us to consider "what would happen if one parent company owned
> *all* communications media." Then we have problems. I've written about
> this in an Internet Underground magazine column. However, this is not the
> case now. Or are you arguing the government should get involved and force
> Gilmore to allow Vulis on his list?
> 

No, he is saying that people can use an e-mail filter and not listen
to Vulis if they want to.  It was a very simple thing; are you too
uneducated to know how to use an e-mail filter?

> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
> 

Wrong!  The cyberpunks mailing list is PUBLIC property and should
NOT be controlled by John Gilmore!  This just goes to show the real
facist censorship motives that the EFF has behind it.

Time to kill the EFF, and let it rot in hell.  They are disgrace
to the entire InterNet community.  I run 6 different mailing lists,
and have NEVER puled the plug on anyone, even when they criticize me.

The first time is the time when you lose all credibility, and there
is never any forgiveness for a plug-puller.


> -Declan
> 

-aga.admin
InterNet Freedom Council
> 
> 
> 
> 
> 
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> 
> > [This is a rebuttal to a misguided news article.]
> > 
> > > Cypher-Censored
> > > By Declan McCullagh (declan at well.com)
> > 
> > Thank you for leaving your email address. It makes this easier.
> > 
> > You people (read: the unaware and hypnotized masses, which includes
> > reporters who's desire for attention and political safety holds them
> > in line with the consensual illusion) keep missing the real issue, and
> > substituting issues which only hold themselves in place.
> > 
> > [Those of you who know, please excuse the mediaistic terms used in
> > this rebuttal. One must use the symbols one is given to communicate
> > at the level of understanding of those who use them.]
> > 
> > >        Thus began a debate over what the concept of censorship means in a
> > >    forum devoted to opposing it. Did Gilmore have the right to show Vulis
> > >    the virtual door? Or should he have let the ad hominem attacks
> > >    continue, encouraging people to set their filters accordingly? The
> > >    incident raises deeper questions about how a virtual community can
> > >    prevent one person from ruining the forum for all and whether only
> > >    government controls on expression can be called "censorship."
> > 
> > "Cyberspace" is interacted with using tools under the control of the
> > interactor. 
> > 

yes, and all you need is a simple mail filter.

> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
> > 
> > In cyberspace, however, it is not only possible but necessary and even
> > desirable. Cyberspace allows one to interact with many more people
> > then can fit in any given physical space. One simply -cannot- receive
> > input from 2000 people and not employ some sort of filtering
> > mechanism. Indeed, cyberspace has many buttons and switches (and even
> > programmatic filters) which allow one to -completely- control whom one
> > interacts with.
> > 
> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> > 
> > Cluelessness can be overcome by appropriate teaching and interest in
> > learning (the latter issue we can safely assume users of popular but
> > ineffectual windowing OSes are not able to overcome). Such
> > cluelessness, however, is not and should never be a reason for 
> > censorship.
> > 
> > A need for attention can be overcome by refraining from the denial
> > that the need exists, followed by careful observation of that need. 
> > More can be said on this, but this is not the forum. Such a need
> > is not and should never be a reason for censorship. 
> > 
> > Idelological opposition is another matter entirely. To understand this
> > better, we'll need to observe this in action. Here is an example:
> > 
> > >        Vulis portrays himself as a victim, but as I posted to the list
> > >    last week, I disagree. Anyone who's spent any time on the
> > >    100-plus-messages-a-day list can read for themselves the kind of nasty
> > >    daily messages that came from Vulis's keyboard. 
> > 
> > "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> > this standard may in fact be shared by Mr. Gilmore, however a shared
> > standard is not necessarily an appropriate or correct standard. 
> > 
> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > 
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> > 
> > What would ideological opposition be without the attempt at analogy? 
> > Here we witness another example:
> > 
> > >        But then the question is whether Gilmore should have exercised
> > >    that right, especially in such an open forum. Again, I think Gilmore's
> > >    actions were justified. Consider inviting someone into your home or
> > >    private club. If your guest is a boor, you might ask him to leave. If
> > >    your guest is an slobbish drunk of a boor, you have a responsibility
> > >    to require him to leave before he ruins the evening of others.
> > 
> > Notice that the net is compared to a home or private club. Actually
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> > 
> > The net is a wonderful place. Any ideology, no matter who disagrees or
> > agrees with it, can be expressed and discussed here...assuming those
> > who oppose this ideology do not have their way with the source of
> > expression. There is a more refined and deeper truth to be found
> > in the very existence of the set of all human ideologies, which is
> > just beginning to show itself to some netizens. Unfortunately, this
> > truth can be ruined when people equate some notion of value to 
> > sources which ignore all but a tiny subset of the set of all ideologies:
> > 
> > >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> > >    lists and has kicked people off to maintain better editorial control.
> > >    Volokh says that the most valuable publications are those that
> > >    exercise the highest degree of editorial control.
> > 
> > Value to whom and for what? If the editorial control produces one
> > small element of the set of all ideologies, then this is only of value
> > to the people who support this ideology. Given that the set of 
> > people who support an issue is smaller than the set of people
> > who support and oppose an issue, would the value not increase
> > by allowing both sides of an issue equal speaking time? 
> > 
> > >        For his part, Gilmore calls removing the Russian mathematician "an
> > >    act of leadership." He says: "It said we've all been putting up with
> > >    this guy and it's time to stop. You're not welcome here... It seemed
> > >    to me that a lot of the posts on cypherpunks were missing the mark.
> > >    They seemed to have an idea that their ability to speak through my
> > >    machine was guaranteed by the Constitution."
> > 
> > It is sad to note that this is the leader of one of America's
> > forerunning organizations of freedom who says these words. For all
> > *his* ideology of free speech, this statement reveals the hypocrasy he
> > lives with for all to see. The true litmus test of free speech is to
> > encounter speech that you *want* to censor.
> > 
> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?

Indeed.  The EFF is a disgrace to the entire InterNet.
The EFF is definitely a censorship organization, and
it should never be trusted again.

> > ------
> > Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> > Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> > 
> > Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
> > of destroying entire perceptual sets, cultures, and realities. Outlawed 
> > by all governments everywhere. Possession is normally punishable by death.
> > 
> > 
> 






From aga at dhp.com  Thu Nov 14 05:34:45 1996
From: aga at dhp.com (aga)
Date: Thu, 14 Nov 1996 05:34:45 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961113135716.7103A-100000@well.com>
Message-ID: <Pine.LNX.3.95.961114083252.6941F-100000@dhp.com>


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Date: Wed, 13 Nov 1996 14:01:27 -0800 (PST)
> From: Declan McCullagh <declan at well.com>
> Reply-To: freedom-knights at jetcafe.org
> To: Dave Hayes <dave at kachina.jetcafe.org>
> Cc: freedom-knights at jetcafe.org, cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> It's not a way of saying I don't understand. Instead, I find your
> viewpoint incomprehensible and internally inconsistent.
> 
> In fact, you Freedom Knight folks seem to be closet censors yourself. Why
> do you support not carrying newsgroups like alt.config?
> 
> Yes, ownership gives you a license to censor. I'm going to have a party in
> my home a few weeks from now. If I don't like what someone is doing, I'll
> kick 'em out. I won't do it lightly, but I will fight for my right to do
> so.
> 
> Oh, and I plan to subscribe to the freedom-knights mailing list and infest
> it the way Vulis did cypherpunks. Every hour, on the hour, a crontab
> script will flood it with rants about Dave (fart) Hayes.
> 
> What will you do then?
> 

Simply use a mail-filter, stupid.

> -Declan
> 

Does this guy know what a filter is?

-aga






From aga at dhp.com  Thu Nov 14 05:42:48 1996
From: aga at dhp.com (aga)
Date: Thu, 14 Nov 1996 05:42:48 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961113180904.2109A-100000@gak.voicenet.com>
Message-ID: <Pine.LNX.3.95.961114083856.6941H-100000@dhp.com>


On Wed, 13 Nov 1996, Mark M. wrote:
> 
> The EFF protects against government censorship, not against "editorial
> control", "censorship", or whatever else you want to call it.  I don't
> see this as hypocritical at all.
> 

The EFF does not protect shit, and it is just a tangent takeoff
from the Greatfull Dead drugheads.  We would also be greatfull if the
EFF was dead, too.  

> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?
> 
> And just how plausible do you think this is?  I believe it is next to
> impossible, unless it is the result of government regulation.
> 

Yeah, and those EFF facists think they can be the government?

> Mark
> - -- 
> finger -l for PGP key
> PGP encrypted mail prefered.
> 

Why?  Are you a criminal?
What are you hiding behind your PGP?

> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3
> Charset: noconv
> 
> iQEVAwUBMopa3SzIPc7jvyFpAQFzIggAr9nx5gd8J35wq5+UUUC9lHJD9hX7wcM+
> DNRaZqRUlB/Dq4Xc0rbP7O4zSIob0QVbbQlZXylQcNwdCcb0wzMD2hkw8Xg31mHQ
> s8jZwONGM8ljmg8aDSB1WuTsVnmrbcXGM/Jhmc+TPLjQxFQldONl6SGXIAQ58Vt8
> DgunHoAZuR6AYWd64ssIFHSVzCR6bk4kL/QJ/0kGSr2x4FHJf62GhOrG/NguF3dd
> 85dXgUmoI2/f2B6SkfwbHPgZZhOGPgDt2rIPLo3S2JlhTYANSLhtA2souXQAz1bX
> lfnEbxt4JNmy4zwT6m244VuuNtpFbF1OL1YAaZaU/WmUXTxeIohQYw==
> =FbgX
> -----END PGP SIGNATURE-----
> 






From Mullen.Patrick at mail.ndhm.gtegsc.com  Thu Nov 14 06:07:29 1996
From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick)
Date: Thu, 14 Nov 1996 06:07:29 -0800 (PST)
Subject: Down-Under Bounce Attack halted
Message-ID: <n1364159875.16434@mail.ndhm.gtegsc.com>


Please excuse me for my ignorance, but...

What is a "bounce attack"?  I only know of mail bouncing, and I don't see a 
way of making an "attack" out of such an occurrance...  ???

Thanks!
PM
_______________________________________________________________________________
From: wb8foz at nrk.com on Thu, Nov 14, 1996 1:10
Subject: Down-Under Bounce Attack halted
To: Cypherpunks

The postmaster of that AU site running the bounce attack
assures me he has been able to vanquish the daemon running
the box in question; despite the fact he did not even know it was
there ;-} [Don't ask..]


-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433

------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;14 Nov 1996 01:10:21 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
          Thu, 14 Nov 1996 6:06:00 GMT
Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id PAA09977 for
cypherpunks-outgoing; Wed, 13 Nov 1996 15:56:48 -0800 (PST)
Received: from wauug.erols.com (wauug.erols.com [205.252.116.240]) by toad.com
(8.7.5/8.7.3) with ESMTP id PAA09962 for <cypherpunks at toad.com>; Wed, 13 Nov
1996 15:56:29 -0800 (PST)
Received: (from wb8foz at localhost) by wauug.erols.com (8.8.2/8.7.3) id
SAA31763; Wed, 13 Nov 1996 18:56:30 -0500
From: "David Lesher / hated by RBOC's in 5 states" <wb8foz at wauug.erols.com>
Message-Id: <199611132356.SAA31763 at wauug.erols.com>
Subject: Down-Under Bounce Attack halted
To: cypherpunks at toad.com (Cypherpunks)
Date: Wed, 13 Nov 1996 18:56:30 -0500 (EST)
Reply-To: wb8foz at nrk.com
Organization: NRK Research
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cypherpunks at toad.com
Precedence: bulk





From moroni at scranton.com  Thu Nov 14 06:25:10 1996
From: moroni at scranton.com (Moroni)
Date: Thu, 14 Nov 1996 06:25:10 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <328AAD68.3B56@gte.net>
Message-ID: <Pine.LNX.3.95.961114092223.10415A-100000@user1.scranton.com>


   I once had a boyfriend who was a Nazi. That is he was former third
Reich. Anyway ,a lot of them if not all that have come to this country
join or convert to the JW .Jehovah Witnesses are exempt from
fingerprinting and photgraphing . In the place where they are supposed to
have the photograph their is some sort of writing. 






On Wed, 13 Nov 1996, Dale Thorn wrote:

> Date: Wed, 13 Nov 1996 21:26:00 -0800
> From: Dale Thorn <dthorn at gte.net>
> To: Sean Roach <roach_s at alph.swosu.edu>
> Cc: cypherpunks at toad.com
> Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
> 
> Sean Roach wrote:
> > At 08:26 AM 11/11/96 -0800, Hal Finney wrote:
> > >I have two kids entering their teens, and I'm sure other list members are
> > >parents as well.  What can we do for our children to help them enter their
> > >adult lives with better chances to retain privacy?  Unicorn mentions keeping
> > >them absent from school on picture day, although I'm not sure how much this
> > >helps.  I suppose it makes it harder for an investigator to find out what
> > >they look(ed) like.  Then when they get old enough to drive you have a new
> > >problem avoiding the photo (and thumbprint) on the license.
> 
> > As far as the drivers linscense goes, there are religions that do not allow
> > its members to be photographed, and the government honers this,(at least the
> > Tag Offices do).  I don't know the name of the religion but I believe it is
> > a Christian one.  Convert once every four years to get your drivers
> > liscense, and convert back within the week.  No photograph on that little
> > piece of plastic.
> > P.S.  In Oklahoma, there is no thumbprint on the current liscense.
> > P.P.S  You can always send your child to school with a note saying that you
> > do not want your child in the class picture, I know of someone who did that,
> > (on a side-note, we always wondered why.)
> 
> Certain conservative sects [Puritan, Amish (I think)] believe strongly in
> the Old Testament command to "not make any image of anything in the air,
> on the ground, or in the sea" (quote approximate).  This was done to
> prevent image (idol) worship.
> 
> It's ironic, given that most conservative Christians who claim to believe
> sincerely in the adage against idol worship will nonetheless have those
> beautiful, high-tech studio portraits of their children somewhere in the
> house, highly visible for all visitors and residents to gaze upon.
> 
> But sadly, most Christians, like most non-Christians, just can't resist
> the temptation to worship idols, albeit in a more subtle way than bowing
> down to the molten calf.
> 
















       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
       x   No success can compensate for failure in the home.  x
       x                                                       x
       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx






From aga at dhp.com  Thu Nov 14 06:41:08 1996
From: aga at dhp.com (aga)
Date: Thu, 14 Nov 1996 06:41:08 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611141440.IAA06766@mailhost.onramp.net>


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Date: Wed, 13 Nov 1996 13:12:50 -0800 (PST)
> From: Declan McCullagh <declan at well.com>
> Reply-To: freedom-knights at jetcafe.org
> To: Dave Hayes <dave at kachina.jetcafe.org>
> Cc: freedom-knights at jetcafe.org, cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> meaningless political rants.
> 

Jealousy rears it's ugly head.  You just wish you had the credibility
that Dave Hayes has.

> I'll address some of his points.
> 

Do it within his text as you are supposed to.

> * "Political safety?" I stand by my record as a writer. Check out
> http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> recent articles. Political safety? Hardly.
> 

This Declan_McCullagh is a long-time cabal.member, so his critique
of a Freedom-Knight like Dave Hayes is to be given short shrift.

> * Dave says "Notice that the net is compared to a home or private club." 
> Wrong. I never compared the Net to such. However, a mailing list run on a
> computer in someone's home with his own cash is very similar to a private
> club.  There are private speech restrictions on the Net. Gated communities
> exist.  Try to join the "lawprofs" mailing list. You can't; you're not
> (and quite obviously anything but) a law professor. Censorship? Not quite. 
> 

None of that analogy is applicable to the cyberpunks list.
When a list gets as big as that, it it no longer to be considered
a "mailing-list" but it is a _public_ forum.  The whole problem
here is the abuse of power by both the EFF and John Gilmore.

> * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> from posting. 
> 
> * Dave warns us to consider "what would happen if one parent company owned
> *all* communications media." Then we have problems. I've written about
> this in an Internet Underground magazine column. However, this is not the
> case now. Or are you arguing the government should get involved and force
> Gilmore to allow Vulis on his list?
> 

No, he is saying that people can use an e-mail filter and not listen
to Vulis if they want to.  It was a very simple thing; are you too
uneducated to know how to use an e-mail filter?

> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
> 

Wrong!  The cyberpunks mailing list is PUBLIC property and should
NOT be controlled by John Gilmore!  This just goes to show the real
facist censorship motives that the EFF has behind it.

Time to kill the EFF, and let it rot in hell.  They are disgrace
to the entire InterNet community.  I run 6 different mailing lists,
and have NEVER puled the plug on anyone, even when they criticize me.

The first time is the time when you lose all credibility, and there
is never any forgiveness for a plug-puller.


> -Declan
> 

-aga.admin
InterNet Freedom Council
> 
> 
> 
> 
> 
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> 
> > [This is a rebuttal to a misguided news article.]
> > 
> > > Cypher-Censored
> > > By Declan McCullagh (declan at well.com)
> > 
> > Thank you for leaving your email address. It makes this easier.
> > 
> > You people (read: the unaware and hypnotized masses, which includes
> > reporters who's desire for attention and political safety holds them
> > in line with the consensual illusion) keep missing the real issue, and
> > substituting issues which only hold themselves in place.
> > 
> > [Those of you who know, please excuse the mediaistic terms used in
> > this rebuttal. One must use the symbols one is given to communicate
> > at the level of understanding of those who use them.]
> > 
> > >        Thus began a debate over what the concept of censorship means in a
> > >    forum devoted to opposing it. Did Gilmore have the right to show Vulis
> > >    the virtual door? Or should he have let the ad hominem attacks
> > >    continue, encouraging people to set their filters accordingly? The
> > >    incident raises deeper questions about how a virtual community can
> > >    prevent one person from ruining the forum for all and whether only
> > >    government controls on expression can be called "censorship."
> > 
> > "Cyberspace" is interacted with using tools under the control of the
> > interactor. 
> > 

yes, and all you need is a simple mail filter.

> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
> > 
> > In cyberspace, however, it is not only possible but necessary and even
> > desirable. Cyberspace allows one to interact with many more people
> > then can fit in any given physical space. One simply -cannot- receive
> > input from 2000 people and not employ some sort of filtering
> > mechanism. Indeed, cyberspace has many buttons and switches (and even
> > programmatic filters) which allow one to -completely- control whom one
> > interacts with.
> > 
> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> > 
> > Cluelessness can be overcome by appropriate teaching and interest in
> > learning (the latter issue we can safely assume users of popular but
> > ineffectual windowing OSes are not able to overcome). Such
> > cluelessness, however, is not and should never be a reason for 
> > censorship.
> > 
> > A need for attention can be overcome by refraining from the denial
> > that the need exists, followed by careful observation of that need. 
> > More can be said on this, but this is not the forum. Such a need
> > is not and should never be a reason for censorship. 
> > 
> > Idelological opposition is another matter entirely. To understand this
> > better, we'll need to observe this in action. Here is an example:
> > 
> > >        Vulis portrays himself as a victim, but as I posted to the list
> > >    last week, I disagree. Anyone who's spent any time on the
> > >    100-plus-messages-a-day list can read for themselves the kind of nasty
> > >    daily messages that came from Vulis's keyboard. 
> > 
> > "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> > this standard may in fact be shared by Mr. Gilmore, however a shared
> > standard is not necessarily an appropriate or correct standard. 
> > 
> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > 
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> > 
> > What would ideological opposition be without the attempt at analogy? 
> > Here we witness another example:
> > 
> > >        But then the question is whether Gilmore should have exercised
> > >    that right, especially in such an open forum. Again, I think Gilmore's
> > >    actions were justified. Consider inviting someone into your home or
> > >    private club. If your guest is a boor, you might ask him to leave. If
> > >    your guest is an slobbish drunk of a boor, you have a responsibility
> > >    to require him to leave before he ruins the evening of others.
> > 
> > Notice that the net is compared to a home or private club. Actually
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> > 
> > The net is a wonderful place. Any ideology, no matter who disagrees or
> > agrees with it, can be expressed and discussed here...assuming those
> > who oppose this ideology do not have their way with the source of
> > expression. There is a more refined and deeper truth to be found
> > in the very existence of the set of all human ideologies, which is
> > just beginning to show itself to some netizens. Unfortunately, this
> > truth can be ruined when people equate some notion of value to 
> > sources which ignore all but a tiny subset of the set of all ideologies:
> > 
> > >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> > >    lists and has kicked people off to maintain better editorial control.
> > >    Volokh says that the most valuable publications are those that
> > >    exercise the highest degree of editorial control.
> > 
> > Value to whom and for what? If the editorial control produces one
> > small element of the set of all ideologies, then this is only of value
> > to the people who support this ideology. Given that the set of 
> > people who support an issue is smaller than the set of people
> > who support and oppose an issue, would the value not increase
> > by allowing both sides of an issue equal speaking time? 
> > 
> > >        For his part, Gilmore calls removing the Russian mathematician "an
> > >    act of leadership." He says: "It said we've all been putting up with
> > >    this guy and it's time to stop. You're not welcome here... It seemed
> > >    to me that a lot of the posts on cypherpunks were missing the mark.
> > >    They seemed to have an idea that their ability to speak through my
> > >    machine was guaranteed by the Constitution."
> > 
> > It is sad to note that this is the leader of one of America's
> > forerunning organizations of freedom who says these words. For all
> > *his* ideology of free speech, this statement reveals the hypocrasy he
> > lives with for all to see. The true litmus test of free speech is to
> > encounter speech that you *want* to censor.
> > 
> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?

Indeed.  The EFF is a disgrace to the entire InterNet.
The EFF is definitely a censorship organization, and
it should never be trusted again.

> > ------
> > Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> > Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> > 
> > Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
> > of destroying entire perceptual sets, cultures, and realities. Outlawed 
> > by all governments everywhere. Possession is normally punishable by death.
> > 
> > 
> 








From frissell at panix.com  Thu Nov 14 06:51:26 1996
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 14 Nov 1996 06:51:26 -0800 (PST)
Subject: One Big Telecoms Company
Message-ID: <3.0b36.32.19961114095406.007664e4@panix.com>


At 01:12 PM 11/13/96 -0800, Declan McCullagh wrote:

>* Dave warns us to consider "what would happen if one parent company owned
>*all* communications media." Then we have problems. I've written about
>this in an Internet Underground magazine column. However, this is not the
>case now. Or are you arguing the government should get involved and force
>Gilmore to allow Vulis on his list?
>

The risk of "one big company" owning all communications that lefties on the
net spend a lot of time worrying about is a real screamer.  We had "one big
company" controlling telecoms in most countries on earth for the last 100
years (those were the government monopoly PTTs).  In spite of the fact that
those PTTs were protected from competition by everything up to and
including (at least in the case of BT and France Telecom) nuclear weapons,
they lost their monopolies.  Two days ago, the UK announced that they were
granting licenses to all 46 companies that have applied to carry bits into
and out of the UK.  DT is being sold off starting in January.  If
government monopolies can't hack it, what chance do private companies have?

DCF





From declan at well.com  Thu Nov 14 07:00:38 1996
From: declan at well.com (Declan McCullagh)
Date: Thu, 14 Nov 1996 07:00:38 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328AA7B2.22EC@gte.net>
Message-ID: <Pine.GSO.3.95.961114065326.11045D-100000@well.com>


The mere fact that a privately-owned discussion group becomes popular does
not mean that it becomes a public forum.

Say I start a poetry mailing list to discuss Blake's writings. I have
three people on it. One becomes obnoxious and emailbombs the list since he
disagrees with my interpretation of "A Memorable Fancy." Do I have the
right to kick him off? How is this different from a private poetry reading
in my home?

-Declan

"Prisons are built with stones of Law, brothels with bricks of
Religion." --WB





On Wed, 13 Nov 1996, Dale Thorn wrote:

> Declan McCullagh wrote:
> > The Netly News
> > http://www.netlynews.com/
> > November 11, 1996
> > Cypher-Censored
> > By Declan McCullagh (declan at well.com)
> >        The cypherpunks mailing list, so legend goes, coalesced around two
> >    principles: the dissemination of strong encryption and an absolute
> >    commitment to free speech. It was a kind of crypto-anarchist utopia:
> >    Here was a place where anonymity was encouraged and PGP-signed
> >    postings were the norm -- and nobody seemed to be in control.
> >        That is, until recently, when Dimitri Vulis was given the boot.
> >    After he refused to stop posting flames, rants and uninspired personal
> >    attacks, Vulis was summarily removed from the mailing list.
> 
> [snippo]
> 
> >        Vulis portrays himself as a victim, but as I posted to the list
> >    last week, I disagree. Anyone who's spent any time on the
> >    100-plus-messages-a-day list can read for themselves the kind of nasty
> >    daily messages that came from Vulis's keyboard. The list is on
> >    Gilmore's machine and he can do what he wants with it; he can moderate
> >    the postings, he can censor material, he can shut the whole thing down.
> 
> [mo' snippo]
> 
> So you disagree.  Well, the last sentence above says it all - this "list"
> that you and 1900+ other people spend so much time on is "just property"
> (like a slave), it's censorable (meaning freedom of speech is *specifically
> excluded*), and it's terminable without notice (meaning that it's really
> just one person's private fantasy, and we'll all bozos on the bus, as it were).
> 
> You and several other "personal friends/insiders" to John Gilmore must be
> laughing your butts off at the erstwhile schmoes like myself, who labor to
> reason with persons like yourself and "gods" like John Gilmore, who, after
> all, are obviously superior to us schmoes, since we sit and beg for our
> portions of email emanating from John "God" Gilmore's Holy Computer.
> 
> Why do you bother telling us that:
> 
>   "He can moderate the postings"
>   "He can censor material"
>   "He can shut the whole thing down"
> 
> Why?  Is this your way (or "God"'s way) of waving your dicks in our faces?
> 
> Well, I'll tell you what.  You can run your list (or kiss someone's butt
> who does), you can shut the thing down, and you can take a long walk off
> a short pier for all I or most anyone gives a damn, but let's call a spade
> a spade.  You're a suck-up, and Gilmore is a swaggering, overbearing, tin-
> plated dictator with delusions of Godhood.  Satisfied?
> 
> 







From declan at well.com  Thu Nov 14 07:04:49 1996
From: declan at well.com (Declan McCullagh)
Date: Thu, 14 Nov 1996 07:04:49 -0800 (PST)
Subject: "Freedom Knights" are closet censors
In-Reply-To: <199611140652.WAA18702@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961114070057.11045F-100000@well.com>


What is "censoring other people's censorship?" Say I argue in favor of the
CDA. Would you censor me then? Why not? Isn't this censoring others
censorship?

I wonder why the so-called "Freedom Knights" are so insecure in their
beliefs that they will not tolerate a dissenting voice on their mailing 
list. (Let's forget for the moment that my point in subscribing was to
disrupt it. That's not the point, is it? "More speech, more speech!")

-Declan
Founder, Boycott Freedom Knights society, Washington, DC chapter


On Wed, 13 Nov 1996, Dave Hayes wrote:

> > The so-called "Freedom Knights" have censored me from their mailing list.
> > Dave Hayes refuses to let me subscribe and read and contribute to the
> > discussions there. Why? Simply because he doesn't like what I have to say.
> > I might criticize him. Truly, censorship says more about the censor than
> > the censored. 
> 
> Notice that I now have you arguing -my- side of the argument. Are you
> so easily controlled? Have you asked yourself why you are that way? 
> 
> > John Gilmore, on the other hand, has been much more tolerant. He allows
> > anyone to subscribe to cypherpunks and only kicked one person off after
> > months of ranting and off-topic drivel.
> 
> An ineffective move with symbolic complications that affect no one but
> him. Why do you support this? 
> 
> > And I wonder why the Freedom Knights want to censor certain newsgroups. As
> > in their FAQ, where they condemn speech they don't like on the alt.cancel
> > and alt.nocem newsgroups and advise operators not to carry such
> > groups. 
> 
> Ah, you finally got the newsgroups right. Good. 
> 
> I censor other people's censorship. That is what I do. Call me a
> censor if you will, but if you were truly in support of free speech
> you would understand. Since you don't, your cry of wolf demonstrates
> the depth of your consideration of the subject matter.
> 
> > I think it's time to lift the veil from this public Net-menace!
> 
> Knock ya-self out.
> 
> > Founder, Boycott Freedom Knights society, Washington, DC chapter
> 
> You -do- realize, of course, that you have to organize the people
> and create a large group of opposers to my cause.
> 
> That is your destiny. Carry it out.
> ------
> Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> Nasrudin arrived at an all-comers horse race mounted on the slowest of oxen.
> Everyone laughed, an ox cannot run. 
> "But I have seen it, when it was only a calf, running faster than a horse.",
> said Nasrudin. "So why should it not run faster, now that it is larger?"
> 
> 
> 






From nelson at crynwr.com  Thu Nov 14 07:34:04 1996
From: nelson at crynwr.com (nelson at crynwr.com)
Date: Thu, 14 Nov 1996 07:34:04 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <19961114153226.3621.qmail@desk.crynwr.com>


 > So you disagree.  Well, the last sentence above says it all - this "list"
 > that you and 1900+ other people spend so much time on is "just property"
 > (like a slave), it's censorable (meaning freedom of speech is *specifically
 > excluded*), and it's terminable without notice (meaning that it's really
 > just one person's private fantasy, and we'll all bozos on the bus, as it were).

Yup.  Clearly, then you will wish to start your own mailing list,
which you will promise is not property, not censorable, and not
terminable without notice.  Do it!  Don't let us tell you you can't
(not that anyone is)!  I suspect that you will quickly change your
opinion of mailing list owners.

-russ <nelson at crynwr.com>    http://www.crynwr.com/~nelson
Crynwr Software sells network driver support    | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | The more corrupt the state,
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | the more numerous the laws.





From roach_s at alph.swosu.edu  Thu Nov 14 07:40:29 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 14 Nov 1996 07:40:29 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <199611141540.HAA05676@toad.com>


At 05:22 PM 11/13/96 GMT, Adam Back wrote:
...
>Nym sues nym.  I think not.  An alternate view of slander law suits is
>as a way to encourage the use of Nyms.  Certainly the dissenters of
>the unnamed pseudo religious have learnt the value of nyms, remailers
>and so forth.  There are distinct advantages to nyms.
...
They learned the value all right.  Right up to the time that one of the
founding remailers disclosed thier return addresses to save the rest of the
hard drive.  There are definate advantages to TRULY anonymous remailers too.
Ones where the return address is not stored.  For mailing lists and
newsgroups, where you are going to get conformation on your post when its
relayed to you, why do you need the return address anyway?  Someone inside
the group uses a remailer, just post your comments to the list, that person
will most likely see it there.  I assume that these already exist somewhere.






From roach_s at alph.swosu.edu  Thu Nov 14 07:42:14 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 14 Nov 1996 07:42:14 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <199611141540.HAA05682@toad.com>


At 01:32 PM 11/13/96 -0800, Lucky Green wrote:
>On Wed, 13 Nov 1996, Peter Hendrickson wrote:
>
>> At 10:34 AM 11/13/1996, Mullen Patrick wrote:
>> > Also,
>> > what happens when your long-lost friend comes across your addy and tries to
>> > email you?  Surely you don't want to charge postage for an otherwise free
>> > service to him/er.  Maintaining a list of "accepted sources" would be a
hassle
>> > not many people would accept.
>> 
>> Absent highly intrusive global net monitoring techniques, that's what they
>> are going to have to do anyway.  E-mail is inexpensive.  The advertiser
>> can justify the expense even if generates a small number of leads.  Expect
>> more spam.
>
>There is a very simple way of dealing with your long lost friend. And any 
>other person not on your "free" list. If you find their email worth your 
>while, you can always give them their money back. For future contact, you 
>can move your friend on the "free" list.
>
>Frankly, I don't think there is anybody new that I care to communicate with 
>who wouln't be willing to make a small deposit for initiating communications.
>
>-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
>   Member JPFO. "America's Aggressive Civil Rights Organization"
You might want to consider making that a price on message size, otherwise
I'll just send you the contents of the Sears catalog, the Damark catalog,
the full collection of the clearing house sweepstakes, and an Amway catalog
at one low price.  (My backers could get in on a great cut, at $1.00 a
message they would each pay $.25)
I would say $.50 per Kilobyte, including attachments.






From roach_s at alph.swosu.edu  Thu Nov 14 07:43:55 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 14 Nov 1996 07:43:55 -0800 (PST)
Subject: Computer Security Training
Message-ID: <199611141540.HAA05666@toad.com>


At 04:44 PM 11/13/96 -0500, Paul George wrote:

...
>I'd like to ask very poignant questions since this will be my second to
>the last day working for Uncle Sam. (I'm going Private Industry, yeeaa!!)
>
>And I really don't care what my boss thinks of my questions. ;)
>
>Paul.
>
>Oh, I unsubscribed to the list, 500 emails over a long weekend is too
>much.  So please CC: questions to george at justice.usdoj.gov and I will
>forward all answers to the list. Thanks a bunch....
...
First of all, do you need references?  Your boss would probably be the best
one, unless you destroy h[is,er] faith in you.
Second, when would they fire you anyway?  Two th three weeks later?  After
your grace period expired?  By then you should already be out of your
office.  Unless you need the course for your free enterprize work.
If not, you could impress your boss, (and possibly get a few extra
government contracts down the line), by volunteering to stay at your desk as
you won't need the material for your employment.
The above was made under the assumption that your branch occasionaly
"outsources" projects or calls on private consultants when it needs extra
hands (minds).






From Mullen.Patrick at mail.ndhm.gtegsc.com  Thu Nov 14 08:09:45 1996
From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick)
Date: Thu, 14 Nov 1996 08:09:45 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <n1364152460.4153@mail.ndhm.gtegsc.com>


First of all, I would like to apologize if it looked like I accused Peter of
being involved with a conspiracy.  I have communicated with him privately 
concerning this matter, and am now making my public apology.  Thanks!

Concerning my other statements, I think I was a little confused on the 
implementation of this idea, but now that I've re-read the posts, I'm confused
in another way.  It seems this feature only applies to mail forwarded through
a remailer.  As mentioned on several posts, which may be the main idea, this
would reduce the amount of noise submitted to lists.  This would be a good 
thing, for sure.  Knowing that your useless messages are costing even $.25 
would be enough to cut down drastically on spam.  However, I still don't see
how this is to be implemented for direct email.  How would this work for an
entity sending email directly to your account, rather than through a remailer?
The solutions that come to mind are 1) get new mail software which performs
this filtering/charging and 2) have an autoreply that sends mail not sent
through your "post office" back to the sender with a note saying to route
it through the "post office."  This "post office" would be much like with
snail mail.  All it does is collect and redistribute mail (for a small fee,
of course... :-)  This would be a good business proposition, indeed.  However,
I don't know how widely accepted it would be.  

Comments?  Am I missing the point?  

PM

USER ERROR:  REPLACE AND STRIKE ANY KEY WHEN READY







From frissell at panix.com  Thu Nov 14 08:23:08 1996
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 14 Nov 1996 08:23:08 -0800 (PST)
Subject: Babble about universal service
Message-ID: <3.0b36.32.19961114110638.0074df70@panix.com>


At 05:43 AM 8/8/96 -0700, Declan McCullagh wrote:

>(My objections to universal service are perhaps not surprising. It
>devolves more power into the hands of the DC bureaucrats such as the FCC,
>and provides a slippery slope on which we can slide down towards more and
>more government regulation. By concentrating regulatory authority in the
>Federal government, it also makes decisions more subsceptible to
>special-interest lobbying and political patronage. But I recall Ronda has
>been arguing for universal service for some time now, including on the
>netizens mailing list.)

It also lets the Feds say, "You can't have something until everyone has
it."  Besides we have universal service right now (in America anyway).
Much more universal service than the Feds would have provided with decades
of bureaucratic futzing around.  Anyone in the US who wants to get wired
can do so for very little money.  All it takes is desire.  The government
can't provide the desire.

  

DCF





From froomkin at law.miami.edu  Thu Nov 14 08:25:43 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Thu, 14 Nov 1996 08:25:43 -0800 (PST)
Subject: Not. [Was Re: Federal Reserve Bank is ILLEGAL?]
In-Reply-To: <32892276.4439@ix.netcom.com>
Message-ID: <Pine.SUN.3.95.961114110208.13209P-100000@viper.law.miami.edu>


Actually, I have always had a soft spot for the Bavarian Illuminati.

Those wanting to know more should find a good university library and look
at:

Vernon Stauffer, New England and the Bavarian Illuminati (published in
1918 -- you won't find this in your bookstore....)

Amazingly, the whole original Bavarian Illuminati panic was set off in
1798 in a single sermon given by Reverend Jedeidiah Morse on May 9, 1798,
based on his reading of John Robison's 1797 book, Proofs of a Conspiracy
Against All the Religions and Governments of Europe.

It's really an incredible piece of US social history and I think tells us
a lot about the national temper then and now.

The national panic over this early "reds under the beds" lasted almost two
years!  No one ever found any Illuminati in the US...

On Tue, 12 Nov 1996, Rich Graves McElwained thusly:

> But Professor Froomkin, you are igNORING the inFLUENCE of the ILLUMINATI 
> and the BILDERBERGERS. The same source that supplied this imPORTANT 
> information about the FED tells us the TRUTH in an earlier missive. Mere 
> "legality" and mere "facts" are NOT at issue here.
> 
> http://www.hevanet.com/nitehawk/nwo4.html
> 
> |ADAM WISEHOPHF, Professor at Germany's Ingolstadt University, founded 
> |The Order of the Illuminati on May 1, 1776. This man designed the very
> |plan of world domination that is still in use today to enslave the 
> |world's masses. Here, upon establishing his "Order of the Illuminati", 
> |he smugly reflects on his "conning" the gullible Christians of his day,
> |saying: 
> |
> |"The most wonderful thing of all is that the distinguished Lutheran and 
> |Calvinist theologians who belong to our order really believe that they 
> |see in it (Illuminati) the true and genuine sense of Christian 
> |Religion. Oh mortal man, is there anything you cannot be made to 
> |believe?" 
> |
> |Evidently not! And a high percentage of Christians today are still 
> |being conned in the same way. One prime example of this are the 
> |millions of Christians, and most church denominations, who have fallen 
> |for the NWO plan of a "One World RELIGION", being spearheaded by the 
> |United Nations' National and World Counsel of Churches, behind the 
> |battle cry of ecumenicalism. 
> |
> |Watch the future and we will see only small groups of spiritual Ameri- 
> |cans, who will resist following the millions of "religious" lambs to 
> |the slaughter. The Lord of the Bible always warned His people to never 
> |follow the MULTITUDE. 
> 
> As everyone on cypherPUNKS KNOWS, to every conspiracy theory there IS a 
> grain of TRUTH. We as a people MUST understand the TRUTH and fulfill our 
> DESTINY. FREE AMERICA! http://www.nswpp.org/
> 
> > > Or am I just making that common but incorrect assumption that
> > > unconstitutionality entails illegality?
> > 
> > No, I'm afraid you are making the common but incorrect assumption that
> > reading some part of one court case from the dustbin of history out of
> > context makes you a constitutional expert.
> 
> I seriously doubt he believes that. Or anything else he's spouting off 
> about.
> 
> > > Thanks for responding to this thread, Michael.  Your input is very
> > > much valued.
> > 
> > You may feel differently as I get grumpier...
> 
> Believe me, you're being far too kind.
> 
> -rich
> 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | Great weather here. 







From aga at dhp.com  Thu Nov 14 08:31:06 1996
From: aga at dhp.com (aga)
Date: Thu, 14 Nov 1996 08:31:06 -0800 (PST)
Subject: "Freedom Knights" are closet censors
In-Reply-To: <Pine.GSO.3.95.961114070057.11045F-100000@well.com>
Message-ID: <Pine.LNX.3.95.961114112458.14518A-100000@dhp.com>


On Thu, 14 Nov 1996, Declan McCullagh wrote:

> Date: Thu, 14 Nov 1996 07:04:35 -0800 (PST)
> From: Declan McCullagh <declan at well.com>
> Reply-To: freedom-knights at jetcafe.org
> To: Dave Hayes <dave at kachina.jetcafe.org>
> Cc: freedom-knights at jetcafe.org, cypherpunks at toad.com
> Subject: Re: "Freedom Knights" are closet censors 
> 
> What is "censoring other people's censorship?" Say I argue in favor of the
> CDA. Would you censor me then? Why not? Isn't this censoring others
> censorship?
> 
> I wonder why the so-called "Freedom Knights" are so insecure in their
> beliefs that they will not tolerate a dissenting voice on their mailing 
> list. (Let's forget for the moment that my point in subscribing was to
> disrupt it. That's not the point, is it? "More speech, more speech!")
> 
> -Declan
> Founder, Boycott Freedom Knights society, Washington, DC chapter
> 
> 
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> 
> > > The so-called "Freedom Knights" have censored me from their mailing list.
> > > Dave Hayes refuses to let me subscribe and read and contribute to the
> > > discussions there. Why? Simply because he doesn't like what I have to say.
> > > I might criticize him. Truly, censorship says more about the censor than
> > > the censored. 
> > 

No dude, like Dave said, you have to know who to invite to
the Party, since you are responsible for the conduct of all
of your guests.

> > Notice that I now have you arguing -my- side of the argument. Are you
> > so easily controlled? Have you asked yourself why you are that way? 
> > 
> > > John Gilmore, on the other hand, has been much more tolerant. He allows
> > > anyone to subscribe to cypherpunks and only kicked one person off after
> > > months of ranting and off-topic drivel.
> > 

But John Gilmore and his EFF are the epitome of a corrupt
special interest group, and he will now be forever remembered
as one who "pulls-plugs."


> > An ineffective move with symbolic complications that affect no one but
> > him. Why do you support this? 
> > 
> > > And I wonder why the Freedom Knights want to censor certain newsgroups. As
> > > in their FAQ, where they condemn speech they don't like on the alt.cancel
> > > and alt.nocem newsgroups and advise operators not to carry such
> > > groups. 
> > 
> > Ah, you finally got the newsgroups right. Good. 
> > 

alt.cancel and alt.nocem are both censorous newsgroups that
should be quashed.

> > I censor other people's censorship. That is what I do. Call me a
> > censor if you will, but if you were truly in support of free speech
> > you would understand. Since you don't, your cry of wolf demonstrates
> > the depth of your consideration of the subject matter.
> > 
> > > I think it's time to lift the veil from this public Net-menace!
> > 
> > Knock ya-self out.
> > 
> > > Founder, Boycott Freedom Knights society, Washington, DC chapter
> > 
> > You -do- realize, of course, that you have to organize the people
> > and create a large group of opposers to my cause.
> > 
> > That is your destiny. Carry it out.
> > ------
> > Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> > Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> > 
> > Nasrudin arrived at an all-comers horse race mounted on the slowest of oxen.
> > Everyone laughed, an ox cannot run. 
> > "But I have seen it, when it was only a calf, running faster than a horse.",
> > said Nasrudin. "So why should it not run faster, now that it is larger?"
> > 

Let's stay on topic here -- John Gilmore is a censorous asshole
for pulling Vulis's plug.  The topic has nothing to do with
the Freedom-Knights.

-a






From dlv at bwalk.dm.com  Thu Nov 14 08:31:43 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 14 Nov 1996 08:31:43 -0800 (PST)
Subject: [TEST] [IGNORE] [NOISE]
In-Reply-To: <961113202708_1418929826@emout02.mail.aol.com>
Message-ID: <BTVDXD9w165w@bwalk.dm.com>


Bryondp at aol.com writes:

> take me off this fucking list

Isn't it ironic how dozens of people seem to have trouble unsubscribing
from this list, and instead of trying to make the listserver software
friendly, John "Hitler" Gilmore and his censor buddies are trying to invest
new ways to silence those they disagree with?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From hallam at vesuvius.ai.mit.edu  Thu Nov 14 08:40:29 1996
From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu)
Date: Thu, 14 Nov 1996 08:40:29 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <328AD670.4EDD@gte.net>
Message-ID: <9611141645.AA01354@vesuvius.ai.mit.edu>



>"It doesn't exist".  Well!  The difference between the intent of the law
>and the "letter" of the law:  The Constitution, if it is about anything,
>it is about Balance of Power. 

Since it accepts slavery in its original form the "intent" as you put
it is probably not acceptable to you. Unless of course you spend
your weekends with a pillowcase on your head.

>An afterthought?  No.  The Constitution was a document provided at the
>behest of the States, with their approval (not dictated by the Feds), and
>those States would not ratify said document without the Enumeration of
>rights now referred to as the Bill of Rights. 

Actually there was a long and protracted debate over whether or not to
include the bill of rights in the constitution. A constitution is simply
a description of the process and organisation of government, usually in
the broadest terms. The problem with the bill of rights at the time of
the discuissions was enforcement. The role of the supreme court as
arbiter of the constitution was not originally planned. If anyone had
predicted that such a role would emerge it would have been seen as 
undesirable since it would compromise the judicial/legislative 
separation.

Incidentally one of the original gripes of the revolution was the 
type of recourse to unwritten proceedure and laws that happened
in the colonial period. That is why there was a demand for a clear
statement of the constitutional arrangements. If jefferson and so 
wanted private kangeroo courts they would have written it down.


		Phill











From paul at fatmans.demon.co.uk  Thu Nov 14 09:04:43 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Thu, 14 Nov 1996 09:04:43 -0800 (PST)
Subject: PGP3.0 & ElGamal
Message-ID: <847990496.613504.0@fatmans.demon.co.uk>



> > Also I understand, though there appears to be no available
> > documentation saying as much, that pgp3.0 will not use RSA, nor IDEA,
> > nor MD5, using instead El Gamal for public key encryption and
> > signatures, 3DES (unsure?), and SHA1.
> 
> Can someone confirm that PGP3.0 will use ElGamal?
> 

I cannot confirm that but I do know 3.0 will be downward compatible 
using RSA keys for people using 2.x, I also understand that IDEA will 
be the symmetric algorithm though I can`t confirm this.

I know 3.0 uses discrete log cryptography but whether it will be 
El Gamal or DH or other I don`t know. I would imagine in the end it 
would come down to a question of what is unpatented first and I have 
no idea on the patent date for El Gamal (is it even patented?) but DH 
hasn`t long to go....



 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From hallam at vesuvius.ai.mit.edu  Thu Nov 14 09:09:29 1996
From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu)
Date: Thu, 14 Nov 1996 09:09:29 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <199611140552.VAA09808@mail.pacifier.com>
Message-ID: <9611141714.AA01374@vesuvius.ai.mit.edu>



>As for the "self-selected" issue:  In almost all areas of human endeavor, 
>things are (often?  usually?) done by people who are "self-selected."  I 
>suggest that there is simply no reason that even "self-selected" courts 
>cannot work.

Oh I forgot to mention, last week we found you guilty of sedition, it
was a pity you were not present to put your case but maybe if you had 
bothere to read the court roster you would have attended.

You are allowed to put your case in person at the sentencing hearings
if you like but since its a mandatory sentence you would probably
prefer an appeal.


	Phill

>1.  Commonlaw courts predate the US Constitution by a few hundred years.  
>The former does not depend on the latter for authority or credibility.  

Untrue, the US constitution replaced all previous constitutions. Thats
what the supremacy clause is all about. All previously existing courts
were extinguished.

>2.  The US Constitution is, at most, a statement of the authority of the 
>FEDERAL portion of government.

It also includes a supremacy cluase and a "due process" clause. The
due process clause means amongst other things that noone can be subjected 
to proceedings that are not authorised under the constitution.

>3. The Federal Constitution only references states, and I don't think it 
>references state Constitutions at all.

There is no logical reason why it should, if a state exists it has a process
of government, a boundary to its authority and performs legislative,
excutive and judicial functions. The explicit recognition of the states
was necessary since otherwise the supremacy clause would claim to extinguish
their rights. The authority of the states to make law is explicitly 
stated. It is also implicit in the use of the term "state" rather than 
"county".

>You should have said, SOME courts.  Not "the courts," implying ALL the 
>courts.  Notice that the US Federal Constitution (at least, to my 
>recollection) does not describe or regulate state courts, or for that matter 
>local courts.

It recognises the states, and thus their constitutions. If you can find 
a state which omitted a supremacy clause from its constitution then you
might have a point.


As a practical matter however the immediate effect of claiming to issue
proceedings under "common law courts" is from now on almost certain to 
be criminal and civil proceedings followed by long jail sentences.

While Jim Bell can pick nits and pretend that he is a lawyer the people
recognised as lawyers in our society act in a different matter. It is 
an empirical fact that those convicted in federal and state courts
go to jail, those convicted in "common law kangeroo courts do not". In
fact the only people who do are the judges, jurors and other 
instigators.


It is an empirical fact that the authority of "common law" courts 
is not recognised by society. They can be dealt with easily enough,
the intended victim need only apply to a real court for an injuction
prohibiting proceedings, turn up to the "court" to serve the injunction
and if people insist on proceeding apply to the real court for 
enforcement of the original order since anyone participating in the 
"common law court" would then be in contempt. 


	Phill






From tcmay at got.net  Thu Nov 14 09:53:17 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 14 Nov 1996 09:53:17 -0800 (PST)
Subject: Get back on your medications....
In-Reply-To: <199611130331.TAA28661@netcom11.netcom.com>
Message-ID: <v03007800aeb10c74f181@[207.167.93.63]>


At 4:09 PM -0500 11/13/96, Black Unicorn wrote:

>Why is use of the legal system any different?  If it is so wrong for me to
>use the legal system as it stands, and if I am to be the subject of
>criticism for the conduct, then aren't the critics imposing their moral
>view on me?  Isn't this what libertarian cypherpunks dislike in the first
>place?

"Imposing their moral view on me"?

A distinction has to be made between "imposing," as in applying force, and
expressing an opinion.

What I said a while back is that I'm getting more than a little tired of
threats and bluster about filing lawsuits. If Black Unicorn wants to use
the American legal system in this way, he _should_. But "saber rattling"
about it is getting old.

(I also find his threats applied inconsistently, as when he advises one of
his opponents that making a mention of "medications" may be "actionable,"
while ignoring the many, many comments by me, Sandy, and others of our ilk
about people needing to get back on their lithium or thorazine. And, by the
way, it's _not_ actionable to make such jibes, at least not yet.)

Hardly a matter of "imposing my moral values on him," as he is perfectly
free to ignore my comments, or rebut them, etc.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Thu Nov 14 10:01:38 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 14 Nov 1996 10:01:38 -0800 (PST)
Subject: Validating SSNs
In-Reply-To: <v01540b09aeaff516ed6d@[172.17.1.61]>
Message-ID: <v03007801aeb10f2b94a1@[207.167.93.63]>


At 4:18 PM -0600 11/13/96, Rick Smith wrote:

>My guess is that the bank sticks the SSN in a report to the IRS and the
>bank is happy with the SSN as long as the IRS doesn't complain about it.
>
>Now, does the IRS check? I suspect that they don't, either. Their objective
>is to look for "matches" with SSNs that show up on filed tax forms, since
>they want to verify the data on the tax form. Given the behavior of every
>other large database I've ever seen, I'd guess that there would be a huge
>number of SSNs that don't in fact associate with tax forms. If someone High
>Up hasn't decreed that they should chase such things down (and allocated
>heaps of money to do it), they'll ignore the mismatches.
>
>This seems consistent with the reports of people who use bogus SSNs for
>decades at a time.

Indeed, I protected my privacy decades ago by discarding my issued SSN and
substituting a different one. This "phony SSN" is what I use on my tax
returns, my credit cards, and for my employers.

Ha! None of them know that this is not my True Social Security Number!

By this I protect my privacy.


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From attila at primenet.com  Thu Nov 14 10:05:52 1996
From: attila at primenet.com (attila at primenet.com)
Date: Thu, 14 Nov 1996 10:05:52 -0800 (PST)
Subject: No Subject
Message-ID: <199611141806.LAA02189@infowest.com>


Benjamin Grosman <bgrosman at healey.com.au>
Subject: Re: Worrying...
In-Reply-To: <199611140830.TAA26347 at sydney.healey.com.au>
X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v1.16 

In <199611140830.TAA26347 at sydney.healey.com.au>, on 11/14/96 
   at 07:30 PM, Benjamin Grosman <bgrosman at healey.com.au> said:

.Isn't it worrying that so many people can happily devote their time 
.to trying to annoy others?

        well, 40 years ago when I was still an innocent farm child...

    then                            today

    people are basically good.      ...until money is involved.
    of course it's legal.           ...but is it moral? 
    ...things were only fattening.  ...immorality: not getting in on the take
    no need for film ratings        ...is it R, NC, or XXX?
    OK, until proven otherwise      ...God gets credit, the rest pay cash                               

        then there are the the flaming liberals, the Better Red than 
    Deads, the Sierra Club, the ADL, 'THE' Weisman, Arafat, whatever the
    hardline premier 'friend' of Arafat  --and certainly we must include
    the absolute amorality of Bubba and Bitch.

        actually, I can handle a few of the obnoxious.  if they are remote,
    who cares?  if they get too close and persist --well, there are means
    and there are means.
  
--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila






From ph at netcom.com  Thu Nov 14 10:18:11 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 10:18:11 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <v02140b01aeb109742a1d@[192.0.2.1]>


At 11:10 AM 11/14/1996, Mullen Patrick wrote:
> First of all, I would like to apologize if it looked like I accused Peter of
> being involved with a conspiracy.  I have communicated with him privately
> concerning this matter, and am now making my public apology.  Thanks!

"Business you can do with anyone.  Yachting you can only do with
gentlemen." (roughly) -- J.P. Morgan

A public apology was hardly necessary, but it is certainly accepted! ;-)

> Concerning my other statements, I think I was a little confused on the
> implementation of this idea, but now that I've re-read the posts, I'm confused
> in another way.  It seems this feature only applies to mail forwarded through
> a remailer.

While at first this may seem awkward, it's actually a feature because
the remailer operator handles the e-cash and cuts a check once in awhile.

This has the effect of converting a "victim" who hates remailers into
a person who loves spam and loves remailers.  This makes it harder to
outlaw anonymity or impose Dyson-style "limited" anonymity.  Plus, it's
just a good business practice.

> As mentioned on several posts, which may be the main idea, this
> would reduce the amount of noise submitted to lists.  This would be a good
> thing, for sure.  Knowing that your useless messages are costing even $.25
> would be enough to cut down drastically on spam.

And, for people who get their kicks out of spamming people they don't like
it must be galling to have to pay their "victim" money for the privilege!

> However, I still don't see how this is to be implemented for direct email.

Once again, I seem to have combined several ideas in a confusing way.
Initially, I was talking about how a remailer operator would solve his
problem of people abusing the remailer and creating enemies for him
and for remailers in general.  I think it is clear that this solves
the problem.

Once such a feature is in existence, how else could it be used?

That's what the rest of my message was really about.

> How would this work for an entity sending email directly to your account,
> rather than through a remailer?

This assumes that spam has gotten so bad that everybody filters their
mail and only accepts mail on the "accept" list.  People sending mail
directly to your account would get a message back saying that they had
to get on the "free" list or send their mail through one of the approved
remailers.

> The solutions that come to mind are 1) get new mail software which performs
> this filtering/charging...

It is much easier to let the remailer operator hassle with the cash.
Mail software which handles e-cash well is going to take awhile and it
introduces a lot of very real security issues.

Filtering is already widely available in mail programs.  And, it can
be front ended to anything with procmail.

> and 2) have an autoreply that sends mail not sent
> through your "post office" back to the sender with a note saying to route
> it through the "post office."  This "post office" would be much like with
> snail mail.  All it does is collect and redistribute mail (for a small fee,
> of course... :-)  This would be a good business proposition, indeed.  However,
> I don't know how widely accepted it would be.

I don't think you'd necessarily want to route all of your mail through
the post office, just mail which isn't on your "free" list.

Peter Hendrickson
ph at netcom.com







From dave at kachina.jetcafe.org  Thu Nov 14 10:29:17 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Thu, 14 Nov 1996 10:29:17 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611141828.KAA20695@kachina.jetcafe.org>


Mark M. writes:
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> You are misinformed.  Vulis was _not_ prevented from posting to cpunks, thus
> no source of input was removed.  He was simply removed from the distribution
> list.  He can still read and post to the list.

Go back and reread at this time. Notice that I didn't mention *who*
was censored. The error of interpretation was the initial story's 
slant on censorship. I merely expounded on the *story's* slant. 

> The messages were, in addition to being "nasty", extremely off-topic.
> "Off-topic" is much less subjective than "nasty".

But still subjective, and hence still subject to political
availability should the need to criticize Vulis arise.

> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> Governments maintain a monopoly on land, so the "love it or leave it" mentality
> is flawed.  Virtual space does not have the same limitations as physical
> space.  Starting your own mailing list is relatively easy.

For me, yes. Not for most people. I take it you expect *everyone* to
have a UNIX machine connected to the net to ensure free speech? 

> > Notice that the net is compared to a home or private club. Actually
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> Is the net analogous to a country?  If not, then why did you compare starting
> a mailing list to moving to a different country?

I didn't. (and here we go...)

> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?
> And just how plausible do you think this is?  

The plausibility is not in question, the example is meant to
illustrate the ludicrousness of the "ownership" concept when applied
to public mailing lists (and by extension *any* public media).

Are you saying "since this is implausible, the point is invalid"? 
We'll both have fun with that one. 

> I believe it is next to impossible, unless it is the result of
> government regulation.

AT&T tried it. They were just unlucky. 
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

       Self justification is worse than the the original transgression.





From dave at kachina.jetcafe.org  Thu Nov 14 10:32:23 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Thu, 14 Nov 1996 10:32:23 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611141831.KAA20729@kachina.jetcafe.org>


Igor "Gadzooks" Chudov writes:
> Dave Hayes wrote:
> > You won't do this, because I won't let you on the list. I, unlike you
> > or Mr. Gilmore, have the judgement on whom to invite to my list.
> So what's the difference between yours and gilmore's position?

Simple. I choose whom to invite to my parties. Gilmore provides an
open door.

> Long live USENET Cabal!

Neither life nor death, neither good nor bad, neither left nor right,
none of these things to the USENET Cabal. 
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

           Real charity doesn't care if it's tax-deductible or not.






From declan at well.com  Thu Nov 14 10:36:42 1996
From: declan at well.com (Declan McCullagh)
Date: Thu, 14 Nov 1996 10:36:42 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611141831.KAA20729@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961114103529.4170F-100000@well.com>


Isn't choosing who to invite to your parties, or to invite on your mailing
list, an act of private censorship? "Freedom" Knights, indeed.

-Declan



On Thu, 14 Nov 1996, Dave Hayes wrote:

> Igor "Gadzooks" Chudov writes:
> > Dave Hayes wrote:
> > > You won't do this, because I won't let you on the list. I, unlike you
> > > or Mr. Gilmore, have the judgement on whom to invite to my list.
> > So what's the difference between yours and gilmore's position?
> 
> Simple. I choose whom to invite to my parties. Gilmore provides an
> open door.
> 
> > Long live USENET Cabal!
> 
> Neither life nor death, neither good nor bad, neither left nor right,
> none of these things to the USENET Cabal. 
> ------
> Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
>            Real charity doesn't care if it's tax-deductible or not.
> 
> 






From ichudov at algebra.com  Thu Nov 14 10:42:55 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Thu, 14 Nov 1996 10:42:55 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611141831.KAA20729@kachina.jetcafe.org>
Message-ID: <199611141839.MAA01024@manifold.algebra.com>


Dave Hayes wrote:
> Igor "Gadzooks" Chudov writes:
> > Dave Hayes wrote:
> > > You won't do this, because I won't let you on the list. I, unlike you
> > > or Mr. Gilmore, have the judgement on whom to invite to my list.
> > So what's the difference between yours and gilmore's position?
> 
> Simple. I choose whom to invite to my parties. Gilmore provides an
> open door.

Providing an open door does not mean that it is always open to everyone, 
Dave. It only means that it is open to all by default, but that policy
can be reversed for certain individuals. That is not to say that I agree
with Gilmore's the decision to kick Vulis out from cypherpunks, but John's
decision was neither dishonorable nor he was acting outside his powers,
in my opinion.

	- Igor.





From dave at kachina.jetcafe.org  Thu Nov 14 10:42:58 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Thu, 14 Nov 1996 10:42:58 -0800 (PST)
Subject: "Freedom Knights" are closet censors
Message-ID: <199611141842.KAA20786@kachina.jetcafe.org>


> What is "censoring other people's censorship?" 

The act of preventing censorship. You are supposed to be capable at
language, why can't you figure this out.

> Say I argue in favor of the CDA. Would you censor me then? Why not?
> Isn't this censoring others censorship?

Nope. If you sent cancel messages out on USENET for Anti-CDA people,
however, then you would fall under my "censorship". If you somehow
caused mail messages to be deleted in people's mailboxes, I would
find a way to stop that. 

But you can argue all you want. Go ahead, I grant you that permission.
8-)

> I wonder why the so-called "Freedom Knights" are so insecure in their
> beliefs that they will not tolerate a dissenting voice on their mailing 
> list. (Let's forget for the moment that my point in subscribing was to
> disrupt it. That's not the point, is it? "More speech, more
> speech!")

Sorry, that *is* the point. If you tell me you are going to disrupt
the list, I am not going to let you on the list...even though you
are easily ignored. 

Why? 

Consider who is on this list. Dr. Vulis. John "No One Can Handle Me"
Grubor. Steve Boursy. These are people who you can *not* annoy, trust
me. 

No, this is for your benefit much more than ours.  The damage you will
do to yourself is far greater than the damage you will do to our list.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Wisdom (n.) - 1. Something you can learn without knowing it.





From declan at well.com  Thu Nov 14 10:49:38 1996
From: declan at well.com (Declan McCullagh)
Date: Thu, 14 Nov 1996 10:49:38 -0800 (PST)
Subject: "Freedom Knights" are closet censors
In-Reply-To: <199611141842.KAA20786@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961114104601.22840A-100000@well.com>



On Thu, 14 Nov 1996, Dave Hayes wrote:

> Sorry, that *is* the point. If you tell me you are going to disrupt
> the list, I am not going to let you on the list...even though you
> are easily ignored. 

And if Vulis shows Gilmore, though his actions, that he is going to
disrupt cypherpunks, Vulis can be prevented from being on the list...even
though he is easily ignored.

The freedom you, Dave, are exercising as owner and perhaps moderator of
freedom-knights, is precisely the same freedom that Gilmore should and
does enjoy.

That's why neither of your actions is, in truth, "censorship."

-Declan







From dave at kachina.jetcafe.org  Thu Nov 14 10:57:49 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Thu, 14 Nov 1996 10:57:49 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611141857.KAA20984@kachina.jetcafe.org>


> Dave Hayes wrote:
> > Igor "Gadzooks" Chudov writes:
> > > Dave Hayes wrote:
> > > > You won't do this, because I won't let you on the list. I, unlike you
> > > > or Mr. Gilmore, have the judgement on whom to invite to my list.
> > > So what's the difference between yours and gilmore's position?
> > Simple. I choose whom to invite to my parties. Gilmore provides an
> > open door.
> Providing an open door does not mean that it is always open to everyone, 
> Dave. It only means that it is open to all by default, but that policy
> can be reversed for certain individuals. That is not to say that I agree
> with Gilmore's the decision to kick Vulis out from cypherpunks, but John's
> decision was neither dishonorable nor he was acting outside his powers,
> in my opinion.

Technically, John Gilmore did nothing, since Vulis continues to read
and post. Symbolically, he punched holes in his ideology. That's my
opinion.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

 You need not wonder whether you should have a reliable person as a friend. 
               An unreliable person is nobody's friend.










From dave at kachina.jetcafe.org  Thu Nov 14 11:03:41 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Thu, 14 Nov 1996 11:03:41 -0800 (PST)
Subject: "Freedom Knights" are closet censors
Message-ID: <199611141903.LAA21067@kachina.jetcafe.org>


> On Thu, 14 Nov 1996, Dave Hayes wrote:
> > Sorry, that *is* the point. If you tell me you are going to disrupt
> > the list, I am not going to let you on the list...even though you
> > are easily ignored. 
> And if Vulis shows Gilmore, though his actions, that he is going to
> disrupt cypherpunks, Vulis can be prevented from being on the list...even
> though he is easily ignored.

Ah, but that's after the fact of the invite. 

> That's why neither of your actions is, in truth, "censorship."

Now you are starting to make some sense. So why did you write an
editor..er...article that focused on his "censorship"?
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

Nasrudin loaded his donkey with wood for the fire and instead of sitting in 
its saddle, sat astride one of the logs.
"Why don't you sit in the saddle?" someone asked.
"What? And add my weight to what the poor animal has to carry? My weight is 
on the _wood_ and it is going to stay there."





From declan at well.com  Thu Nov 14 11:09:50 1996
From: declan at well.com (Declan McCullagh)
Date: Thu, 14 Nov 1996 11:09:50 -0800 (PST)
Subject: "Freedom Knights" are closet censors
In-Reply-To: <199611141903.LAA21067@kachina.jetcafe.org>
Message-ID: <Pine.GSO.3.95.961114110653.26583C-100000@well.com>


After the fact of the invite doesn't make a difference for the purpose of
our analysis.

I wrote about this (in a column, BTW) because it was an interesting story.

-Declan



On Thu, 14 Nov 1996, Dave Hayes wrote:

> > On Thu, 14 Nov 1996, Dave Hayes wrote:
> > > Sorry, that *is* the point. If you tell me you are going to disrupt
> > > the list, I am not going to let you on the list...even though you
> > > are easily ignored. 
> > And if Vulis shows Gilmore, though his actions, that he is going to
> > disrupt cypherpunks, Vulis can be prevented from being on the list...even
> > though he is easily ignored.
> 
> Ah, but that's after the fact of the invite. 
> 
> > That's why neither of your actions is, in truth, "censorship."
> 
> Now you are starting to make some sense. So why did you write an
> editor..er...article that focused on his "censorship"?
> ------
> Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> Nasrudin loaded his donkey with wood for the fire and instead of sitting in 
> its saddle, sat astride one of the logs.
> "Why don't you sit in the saddle?" someone asked.
> "What? And add my weight to what the poor animal has to carry? My weight is 
> on the _wood_ and it is going to stay there."
> 






From dlv at bwalk.dm.com  Thu Nov 14 11:41:52 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 14 Nov 1996 11:41:52 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611140916.BAA24474@Networking.Stanford.EDU>
Message-ID: <yc8DXD2w165w@bwalk.dm.com>


Richard Charles Graves <llurch at networking.stanford.edu> writes:
> >Man you're nutts. There are very few and quite vast Media Companies
> >in the world, and they're on the verge of becoming monopolies.
> >
> >Even your American President is in reality a puppet of the Trilateral
> >Commission, who effectively also control CNN, the Washington Post,
> >and many many many other things all over the world.
> 
> You're so naive. The Trilateral Commission is just a puppet of General
> Electric, the British Royal Family, the Illuminati, the Council on Foreign
> Relations, the Elders of Zion, the Knights Templar, the Military-
> Industrial Complex, the Communists, the Secret Government, Dead White
> Males, the Freemasons, the CIA, Scientology, and my Aunt Marge.

And the Kook Cabal.

> 
> -rich
>  special agent, zog northwest
>  i do not speak for the world affairs council


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From m5 at tivoli.com  Thu Nov 14 11:43:11 1996
From: m5 at tivoli.com (Mike McNally)
Date: Thu, 14 Nov 1996 11:43:11 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611141857.KAA20984@kachina.jetcafe.org>
Message-ID: <328B75D1.10A@tivoli.com>


Dave Hayes wrote:
>
>  Symbolically, he punched holes in his ideology. That's my
> opinion.

Note that this is only true if John's ideology in the first placed
was what you think it was.  He may have "punched holes" in the
conception of John's ideology that you'd formed in your own mind,
of course.

Thus, John's actions punched no holes in my ideology, since such an
action always has had a perfectly respectable place there.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!





From dlv at bwalk.dm.com  Thu Nov 14 11:43:59 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 14 Nov 1996 11:43:59 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <Pine.SUN.3.94.961113155458.2905D-100000@polaris>
Message-ID: <NH8DXD3w165w@bwalk.dm.com>


Black Unicorn <unicorn at schloss.li> writes:
> The bottom line is that the decision to sue is much like the decision to
> use a legal tax loop.  I would call "idiot" the person who refused to
> utilize that which the government hands him. (Did not Mr. May indicate
> that the $1000.00 or so that the government would hand him was too costly
> to lose, even in the face of estlablishing privacy for his children?  In
> my view that is a rational decision.  Mr. May has priced privacy.  My
> objection to his rationale was that I think the cost of obtaining it can
> be significantly lower).

And I call Timmy May a raving idiot and a censor.


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From keroger at odin.cmp.ilstu.edu  Thu Nov 14 11:44:04 1996
From: keroger at odin.cmp.ilstu.edu (Kyle Rogers)
Date: Thu, 14 Nov 1996 11:44:04 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
Message-ID: <9611141942.AA77098@odin.cmp.ilstu.edu>


In this post you talk about SSN web pages?  I was wondering if someone
could post a URL to one?

thanks

MaINLinE

----------
> From: Black Unicorn <unicorn at schloss.li>
> To: Timothy C. May <tcmay at got.net>
> Cc: cypherpunks at toad.com
> Subject: Re: Secrecy: My life as a nym. (Was: nym blown?)
> Date: Wednesday, November 13, 1996 2:51 PM
> 
> On Tue, 12 Nov 1996, Timothy C. May wrote:
> 
> > At 8:26 AM -0800 11/11/96, Hal Finney wrote:
> > 
> > >I have two kids entering their teens, and I'm sure other list members
are
> > >parents as well.  What can we do for our children to help them enter
their
> > >adult lives with better chances to retain privacy?  Unicorn mentions
keeping
> > >them absent from school on picture day, although I'm not sure how much
this
> > >helps.  I suppose it makes it harder for an investigator to find out
what
> > >they look(ed) like.  Then when they get old enough to drive you have a
new
> > >problem avoiding the photo (and thumbprint) on the license.
> > >
> > >Are there other measures which parents could take while their children
are
> > >young to get them off to a good start, privacy-wise?
> > 
> > I think there are two important domains of privacy to distinguish:
> > 
> > 1. The mundane.
> > 
> > 2, The political.
> > 
> > The mundane domain is what most people think of initially, Things like
"How
> > do I keep my name out of the system?" Or the point about kids.
> > 
> > The fact is, hundreds of millions of names are obviously--and almost
> > unavoidably--in the mundane public sector. I say "almost unavoidably"
> > because driver's licenses and social security numbers are ubiquitous.
> > 
> > (Side note: Jim McCoy's suggestion that kids can be kept off the
> > parental-unit's tax returns and thus not get a SS number is fraught
with
> > problems. Many schools--including public schools--use the SS number for
> > various internal and tracking reasons. Even if the kid is free of SS
> > numbers until he's a teenager--at a cost of thousands of dollars a year
in
> > IRS deductions not taken--he'll essentially have to have an SS number
in
> > his high school years, for a variety of reasons. Maybe this can be
avoided,
> > but I doubt the reward is worth the hassles.)
> 
> Personally, I suggest that the dependent be identified with an erronious
> SSN number.  If the dependent exists it is hard to make a fraud case and
> the deductions are usually allowed anyhow.
> 
> I'm not sure what "a variety of reasons" in the highschool years is.  As
> for hastles, I can't think of what they might be, other than going to the
> SSN web page to construct a properly formatted number which the SSA will
> report as "Issued" (as opposed to "Unissued").  This is one of the few
> pieces of information that is given out.
> 
> Again, DMVs cannot check to see that the number matches the name, only if
> it was issued and if the first three digits correspond to location where
> the number was supposedly "issued" from.  (If not one can always claim to
> have lived in the state that DID issue that number).
> 
> > The second category is that of the political domain. If a person can
> > separate himself from the comments he makes, as Alois^H^H^H^H^H Black
> > Unicorn has done, then it hardly matters--in an important sense--that
his
> > True Name has a SS number on file somewhere.
> 
> I disagree.
> The lack of a social security number makes the first part easier.  They
> are most certainly connected in the research into the few clues that will
> have to slip out, will not lead back to any fact which can be later used
> to narrow down the field.  (The first three numbers of a SSN for
example).
> 
> > This is an important distinction in discussing privacy, I think. If I
had a
> > rug rat, I doubt I'd go to great lengths to avoid getting him or her an
SS
> > number. If the Feds offered me a yearly savings of $1000 or more on my
> > taxes, I'd take it.
> 
> Pity, but still, you can avoid it without sacrificing the dependent
> deduction.
> 
> > (Given that it's almost an inevitability that the kid would have to
"enter
> > the system" at about the age where it really begins to matter, e.g, the
age
> > at which he or she begins to have political beliefs.)
> 
> I don't understand why this is so.  Perhaps I missed a link in the chain
> here?
> 
> --
> Forward complaints to : European Association of Envelope Manufactures
> Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
> Vote Monarchist         Switzerland
> 





From Mullen.Patrick at mail.ndhm.gtegsc.com  Thu Nov 14 12:12:38 1996
From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick)
Date: Thu, 14 Nov 1996 12:12:38 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <n1364137874.80685@mail.ndhm.gtegsc.com>


From: Peter Hendrickson on Thu, Nov 14, 1996 13:22
>This assumes that spam has gotten so bad that everybody filters their
>mail and only accepts mail on the "accept" list.  People sending mail
>directly to your account would get a message back saying that they had
>to get on the "free" list or send their mail through one of the approved
>remailers.

So our ideas on implementation are similar, except you have made the 
distinction that anyone on the "free" list can have direct access.  
Unfortunately, your idea pivots on the idea spam has exploded to unbearable
proportions.  My complaint on this isn't your idea, it's the projection
such an event may occur.  While I hope this plan won't ever be necessary,
at least not on such a global scale, the application of such techniques
toward a mailing list sounds decent.  I'm still thinking about how I would
go about charging WRT mailing lists;  anonymous postings are puzzling me
at the moment.  Which brings up another topic:  How would an anonymous
remailer operate?  It's hard to eliminate an audit trail when there is some
monetary tie back to you, whether it be credit card, ecash (assuming they
never quite figure out anonymizing it), ... 

PM 





From jmwillis at yooper.switch.rockwell.com  Thu Nov 14 12:15:42 1996
From: jmwillis at yooper.switch.rockwell.com (John Willis)
Date: Thu, 14 Nov 1996 12:15:42 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <328B7E1E.529B@switch.rockwell.com>


> X-Sender: ph at netcom15.netcom.com
>  Mime-Version: 1.0
>  Date: Tue, 12 Nov 1996 17:07:41 -0800
>  To: cypherpunks at toad.com
>  From: ph at netcom.com (Peter Hendrickson)
>  Subject: Remailer Abuse Solutions
>  Sender: owner-cypherpunks at toad.com
>  Precedence: bulk
> 
> What do you do if you are operating a remailer and somebody complains
>  they are getting spammed?  That's easy, you keep a list of people that
>  you don't send mail to.  What's hard is if that person wants to receive
>  other anonymous mail.

...
 
>  This also eliminates the spam problem generally.  If you are plagued
>  by spam, create a list of names you will accept mail from.  When a
>  message comes in that is not on the list, return a message directing
>  them to send you the mail through a paying remailer.
> 

...

>  The solution: don't accept anonymous mail.  Only people on the "approved"
>  list would be allowed to post.  People who wish to post anonymously
>  could then send mail through the paying remailer to people on the
>  "approved" list and request that their message be relayed.  Most people
>  on the list would be happy to accept a dollar or two to provide this
>  service.  This would eliminate inappropriate mail while allowing anybody
>  to post.
> 


I don't know if this has been covered before...

Why not incorporate an approved senders list function in mail readers? 
(Or at least
accomodate a plug-in?)

Have the mail reader keep a history of all addresses ever mailed to. 
These will automatically be approved, unless you later delete them from
the list.

If you are on a listserv of whatever nature and you want to receive mail
from list readers off the list, have the mail reader update the approved
list by querying (when?) the addresses of those on the list.

If you post to a usenet group, and you want off-group mail from the
group's readers, have the mail reader grab a list of addresses of people
who have posted on that newsgroup.

Continue to use a kill file to kill the spammers from listserv and
usenet address sources.

These are just general suggestions which could hooked up as options by
mailing list, newsgroup, etc.

What do you think?





From jmr at shopmiami.com  Thu Nov 14 12:16:41 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Thu, 14 Nov 1996 12:16:41 -0800 (PST)
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
Message-ID: <199611142016.PAA32984@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com, perry at piermont.com,
 cmcurtin at research.megasoft.com
Date: Fri Nov 15 03:15:03 1996
- From http://www.research.megasoft.com/people/cmcurtin/snake-oil-faq.html

...

Snake-Oil Warning Signs 

...

     Technobabble 

     If the vendor's description appears to be confusing nonsense, it may 
very well be so, even to an expert in the field. One sign of technobabble is 
a description which uses newly invented terms or trademarked terms without 
actually explaining how the system works. Technobabble is a good way to 
confuse a potential user and to mask the vendor's own lack of expertise. 

     And consider this: if the marketing material isn't clear, why expect 
the instruction manual to be any better? Even the best product can be 
useless if it isn't applied properly. If you can't understand what a vendor 
is saying, you're probably better off finding something that makes more 
sense. 
...

Dear Matt,

Maybe something about needing a thesaurus to translate their marketing stuff 
needs to be added to this. ;)
JMR


Please note new 2000bit PGPkey & new address <jmr at shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
Please avoid using old 1024bit PGPkey E9BD6D35 anymore. Thanks.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMowmjDUhsGSn1j2pAQE8+AfNFzbsFx76mrkA8h2KruRspX3T23s6xla2
Vi7dbHBsFlRe5H6rpZ/deUYY4w9TYZ3ItV5uD6Gk6NQwh72Qv2x9CBnBaf0Sp6gO
Zjym5LxM0tyvAcbmLCkAIGf96LSuCbg5/MnRKwlvxyXKyQVzXtQ979i8WlUqRS8j
Qst/fZPeO8pTWGo7E37Ag44c69csPAwlSZbBgKsEONdt9Z5aIKfphjDmLWoVCTa+
pYhP3F1EZvGP9EaG4oVXYv0W+ZzsFDqO8uc+wCuTPl4/1Vdp+XK2W8M7yy5twGey
08tqJ5XMTUGWzsW2/90mLsmEHh6J0o0KkNVjKBexED/MKw==
=SzY/
-----END PGP SIGNATURE-----






From jw250 at columbia.edu  Thu Nov 14 12:24:48 1996
From: jw250 at columbia.edu (Jim Wise)
Date: Thu, 14 Nov 1996 12:24:48 -0800 (PST)
Subject: Dossier on Tim May is Easily Obtainable
In-Reply-To: <199611140434.UAA19210@toad.com>
Message-ID: <Pine.SUN.3.95L.961114152017.5396B-100000@merhaba.cc.columbia.edu>


On Wed, 13 Nov 1996, Sean Roach wrote:

> Ball lightning?  Plasma weapon?  Could I have a copy of the schematics?
> I've long been interested in obtaining (purchasing, building) a plasma
> weapon.  (I'm also been interested in obtaining a EM pulse cannon, but
> that's a different story.)

from fortune(6):

	``What this country needs is a good $5 plasma weapon."

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From cmcurtin at research.megasoft.com  Thu Nov 14 12:25:34 1996
From: cmcurtin at research.megasoft.com (C Matthew Curtin)
Date: Thu, 14 Nov 1996 12:25:34 -0800 (PST)
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
In-Reply-To: <199611142016.PAA32984@osceola.gate.net>
Message-ID: <199611142018.PAA05542@goffette.research.megasoft.com>


-----BEGIN PGP SIGNED MESSAGE-----


Hi Jim.

>>>>> "Jim" == Jim Ray <jmr at shopmiami.com> writes:

Jim> Maybe something about needing a thesaurus to translate their
Jim> marketing stuff needs to be added to this. ;)

I was actually thinking of linking to a page that is basically a CGI
version of the "travesty" Perl script. I'll have it take some
crypto-related words from a local online file, then when the user hits
a button, it'll create a one paragraph marketing-sounding blurb about
crypto.

The test, of course, is to see if the marketing material of a given
product sounds too much like pseudorandom gibberish :-)

- -- 
Matt Curtin  cmcurtin at research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Have you encrypted your data today?

iQEVAwUBMot+T36R34u/f3zNAQEV3Qf8C/zBETxHH6uUs0/qy507g0fTLNcom9lV
WX9/I3ozNpgFWAMyrqCSpPy3lmUHtNrbjGguA+/AAtC9DQYn8MEbhpLGz/Z9QGn5
QSo0VBW995yOTxCiWAFFHTy+47ehdoUzVz+zk1BlQSd1h5Z+Z8ycOxAgXu6wtkj/
hANSGa7hRavFG2JD+M6wx1IdajQcQngyTK4M9zJlxBRQwY+mMfD2LfENqZAXbrfl
dnqrnY3i8FBerK4wuIahFuhkFtUqq3pv5PR49vIgc9xjJWUpGlRnorKNxo7qmBPg
kj6/sBcFLHgvd57j2wRK+KUrWEH1KBWx1H8PhanHMc0/3BjNVJLjtA==
=OEu+
-----END PGP SIGNATURE-----





From nobody at replay.com  Thu Nov 14 12:42:22 1996
From: nobody at replay.com (Anonymous)
Date: Thu, 14 Nov 1996 12:42:22 -0800 (PST)
Subject: Black Unicorn exposed?
Message-ID: <199611142041.VAA03436@basement.replay.com>



Ahem. He used that nym in a post to cypherpunks
just a few months ago...






From schneier at counterpane.com  Thu Nov 14 12:51:11 1996
From: schneier at counterpane.com (Bruce Schneier)
Date: Thu, 14 Nov 1996 12:51:11 -0800 (PST)
Subject: New Website: Bruce Schneier, Applied Cryptography, Blowfish,Counterpane
Message-ID: <v03007804aeb126a1d81f@[206.11.192.36]>


I finally have a Website:

    http://www.counterpane.com

On the site I have information on Applied Cryptography, Blowfish,
Counterpane Systems consulting, and more.  The site has the latest errata,
information on ordering the book and source code disks, and the final copy
of "Why Cryptography is Harder Than it Looks."

If you have a website that mentions Bruce Schneier, Applied Cryptography,
Blowfish, or Counterpane Systems, please point to my website.  If you sell
or give away a product that uses Blowfish, please let me know so that I can
point to it.  If you are running an ftp server that has the Blowfish code
available, please tell me so that I can send people to you.

Thanks,
Bruce

**************************************************************************
* Bruce Schneier                 For information on APPLIED CRYPTOGRAPHY
* Counterpane Systems            2nd EDITION (15% discount and errata),
* schneier at counterpane.com       Counterpane Systems's consulting services,
* http://www.counterpane.com/    or the Blowfish algorithm, see my website.
**************************************************************************







From newtonm at papa.uncp.edu  Thu Nov 14 12:57:41 1996
From: newtonm at papa.uncp.edu (newtonm at papa.uncp.edu)
Date: Thu, 14 Nov 1996 12:57:41 -0800 (PST)
Subject: ??????????????????????
Message-ID: <009AB5CC.FF1721B2.131@papa.uncp.edu>


I have a breif question for all you folks out there.... 
Does anyone know the email address and procedure for sending your mail via
"cypherpunks" so that it changes your e-mail address so that the person 
recieving your e-mail message sees on the mesage that its only from
an anonymous source?





From shamrock at netcom.com  Thu Nov 14 13:14:08 1996
From: shamrock at netcom.com (Lucky Green)
Date: Thu, 14 Nov 1996 13:14:08 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <v03007813aeb0506ae6a3@[206.119.69.46]>
Message-ID: <Pine.3.89.9611141346.A16468-0100000@netcom6>


On Wed, 13 Nov 1996, Robert Hettinga wrote:

> At 10:43 pm -0500 11/13/96, Lucky Green wrote:
> >I agree. Support for soon to be patent free algrithms is a good thing. I
> >hope that in version 4.0, after the users had time to migrate to
> >DSS/ElGamal, PGP will fully move away from RSA.
> 
> Speaking of patent-free, :-), can you do blind signatures without RSA?

Yes, but you still need to license the blind signature patent itself.

--Lucky





From roach_s at alph.swosu.edu  Thu Nov 14 13:19:06 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 14 Nov 1996 13:19:06 -0800 (PST)
Subject: take me off your mailing list
Message-ID: <199611142118.NAA15875@toad.com>


At 12:15 PM 11/13/96 -0500, CLERK PHILLIP G ROBERTS wrote:
>unsubcribe cypherpunks
>
I sent this individual the appropiate address copied from the new subscriber
mailings distributed by the Majordomo bot on sign up.  I also noted the
spelling error for him that has often been mentioned in this list, assuming
that that might have been his trouble in the first place.  Any wagers on how
many posts it will take before he gets it right?  Any motions to petition
for an alias for the command minus the s?






From roach_s at alph.swosu.edu  Thu Nov 14 13:20:52 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 14 Nov 1996 13:20:52 -0800 (PST)
Subject: [noise] Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611142119.NAA15883@toad.com>


At 01:16 AM 11/14/96 -0800, Richard Charles Graves wrote:
>hyperlex at hol.gr ("George A. Stathis") wrote:
>>
>>>> Mr. Gilmore, and other like minded parties, might want to consider
>>>> what would happen if one parent company owned *all* communications
>>>> media. Would they they be so supportive of the ideology of ownership
>>>> and communciation they espouse?
>>>
>>>And just how plausible do you think this is?  I believe it is next to
>>>impossible, unless it is the result of government regulation.
>>
>>Man you're nutts. There are very few and quite vast Media Companies
>>in the world, and they're on the verge of becoming monopolies.
>>
>>Even your American President is in reality a puppet of the Trilateral
>>Commission, who effectively also control CNN, the Washington Post,
>>and many many many other things all over the world.
>
>You're so naive. The Trilateral Commission is just a puppet of General
>Electric, the British Royal Family, the Illuminati, the Council on Foreign
>Relations, the Elders of Zion, the Knights Templar, the Military-
>Industrial Complex, the Communists, the Secret Government, Dead White
>Males, the Freemasons, the CIA, Scientology, and my Aunt Marge.

Big deal, the General Electric, the British Royal Family, the Illuminati,
the Council on Foreign Relations, the Elders of Zion, the Knights Templar,
the Military-Industrial Complex, the Communists, the Secret Government, Dead
White Males, the Freemasons, the CIA, and Scientology are all controlled by
Greys.  Your Aunt Marge, however, is controlled by the lizard people,(or the
giant preying mantises, whichever came in on the last grey shuttle.)
By the way, they also control, AT&T, MCI, Sprint, FedEx, the U.S. Postal
Service, McDonalds, and the professors at Stanford.  Now you know why they
all act like aliens.  P.S.  If you are a professor, don't come by my house,
I've got a captured alien energy weapon, actually I think it's a wound
cautizer of some type, but it makes a good weapon.






From rcgraves at ix.netcom.com  Thu Nov 14 14:00:57 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Thu, 14 Nov 1996 14:00:57 -0800 (PST)
Subject: "Freedom Knights" are closet censors
In-Reply-To: <Pine.GSO.3.95.961114070057.11045F-100000@well.com>
Message-ID: <328B967F.5478@ix.netcom.com>


Declan McCullagh wrote:
> 
> What is "censoring other people's censorship?" Say I argue in favor of 
> the CDA. Would you censor me then? Why not? Isn't this censoring 
> others censorship?
> 
> I wonder why the so-called "Freedom Knights" are so insecure in their
> beliefs that they will not tolerate a dissenting voice on their 
> mailing list. (Let's forget for the moment that my point in 
> subscribing was to disrupt it. That's not the point, is it? "More
> speech, more speech!")

Declan, why won't you let me on the so-called fight-censorship list? 
Just asking.

-rich





From hyperlex at hol.gr  Thu Nov 14 14:04:06 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Thu, 14 Nov 1996 14:04:06 -0800 (PST)
Subject: The TRILATERAL COMMISSION -was: [REBUTTAL] Censorship on...
Message-ID: <199611150202.AAA01935@prometheus.hol.gr>


At 12:34 �� 14/11/1996 -0500, Mark M. wrote:
(in response to me saying):
>> Man you're nutts. There are very few and quite vast Media Companies
>> in the world, and they're on the verge of becoming monopolies.
>> 
>> Even your American President is in reality a puppet of the Trilateral
>> Commission, who effectively also control CNN, the Washington Post,
>> and many many many other things all over the world.
>> 
>> And you are saying that control of the media by ownership is
>> impossible?  You're far out maaan! :-)
>> 
>> Only in America such a naive opinion could actually be _believed_.
>> (here I go again... aga! :-) )
>
>Is this a troll?

Nope; It's the truth. Expressed like a sarcastic joke as well, but
it's _true_. And not intended to be a troll at all.

As regards the "gullibility", it's plainly dangerous; And cultivated
by the Media, apparently stronger in the U.S. than in many other places.

But: How many times do I have to state explicitly that my grumbles about
America are not "anti-American" (troll) propaganda? Nope; They're grumbles
about _freedoms_, that if you Americans lose, the rest of the world will
_also_ lose, (even quicker, I think)... Here is a REAL example:



(written by E. Francis, on the "Trilateral Commission", and distributed
 to all members of his own -private- mailing list, of which I'm a part).


>THE LAND OF SHADOWS
>
>     Early this month is the last presidential 
>"election" before the year 2000. As of this writing and 
>long before, the election was decided in favor of Bill 
>Clinton. It works out astrologically, but the real 
>reason is because Clinton's bosses control the 
>corporations that control the nation, and they also 
>happen to own the major media which, shall we say, help 
>the public make up its mind about who to vote for -- 
>media like CNN, NBC, The Washington Post, The New York 
>Times, Tribune Co., Time-Warner and others.
>     This is not speculation, and if you would allow me 
>to pre-empt this astrological column with a brief 
>expos�, I will explain. All of these news organizations 
>are members of an international institution called the 
>Trilateral Commission (which is listed in the Manhattan 
>phone book, by the way). Bill Clinton and more than 20 
>of his cabinet ministers are also on the list. Bob Dole 
>isn't a member, and neither is Jack Kemp, so in a very 
>real sense, they are the outsider candidates.
>     Since the organization's creation in 1973, every 
>White House has had Trilateral Commission 
>representation, starting with former Vice President 
>Nelson D. Rockefeller, the brother of the Commission's 
>co-founder, David Rockefeller. In 1976, Jimmy Carter, a 
>member of the Commission and close associate of the 
>Rockefellers, was "elected" president, and so on down 
>the line in an unbroken chain through Bill Clinton. In 
>one presidential election in the 1980s, all three 
>candidates were Trilateralists! And in the election 
>right before the current one, it was Trilateralist 
>George Bush versus Trilateralist Bill Clinton. It's a 
>little like both candidates in the old Soviet elections 
>coming from the Communist party.
>     You may wonder, "What's the big deal?" But look at 
>it this way. What if every president or vice president 
>for the past 22 years had been an executive of Grumman 
>Aerospace or a graduate of Harvard University? You 
>might suspect that Grumman or Harvard had a little 
>extra influence and was getting its people into 
>positions of power. But since the nation's most 
>powerful media are also represented on the Commission, 
>its existence rarely gets reported, and its true nature 
>is never accurately reported except in the alternative 
>media. Check the National Newspaper Index in any 
>library and you'll find, at most, one or two references 
>to the Commission, and both seek to belittle its 
>importance.
>     And people who are involved in the organization 
>don't like to talk about it. I recently caught up with 
>Secretary of the Interior (and Trilateral Commission 
>member) Bruce Babbit while he was on a speaking 
>engagement at the posh Mohonk Mountain House in my 
>area. A number of newspaper reporters were gathered 
>around him asking him the usual trivia. When I asked 
>him directly about his involvement on the commission, 
>and the president's, and that of some two dozen other 
>cabinet members, with the red light of a video camera 
>coming from behind me, Bruce cracked a joke about how I 
>would be a popular guy "out west" (ostensibly where 
>everybody has weird political theories), then he turned 
>tail and ran away from the news conference.
>     Commission membership also includes key federal 
>legislators, people on the incredibly powerful Federal 
>Reserve Board, major bankers and the CEOs of numerous 
>corporations of the General Electric and General Foods 
>ilk. And it's an international institution as well, 
>_majority-dominated by business and political interests 
>in other lands, particularly Germany and Japan_. 
>Consider the implications. It is arguable that the 
>Trilateral White House is dominated by government and 
>business interests of foreign nations, which is 
>clearly, blatantly unconstitutional.
>     The above-mentioned national media directly 
>involved with this organization, which set the national 
>news agenda here in the U.S. and for much of the 
>western world, are the same ones which are manipulating 
>the current election by sanitizing all the news that 
>should be coming out of Washington and elsewhere, by 
>not tallying the impressive pile of corpses collecting 
>around the President, and most of all, by bombarding us 
>with PR-generated trivia and commercials 24 hours a day 
>when there are somewhat more significant things to 
>concern ourselves with.
>     And of course, the economy keeps getting better.
>     But just in case you ever wondered just how it 
>happened that some unknown governor of Arkansas ended 
>up tooling around the globe aboard Air Force One, now 
>you have a clue. And in case you thought people were 
>stupid, well, this makes a good case for people just 
>being manipulated. But of course, you'd have no way of 
>knowing this if the only place you got your information 
>was a television set or newspaper. Perhaps this is why 
>big government is so interested in censoring the 
>Internet.
>     I don't believe that the Trilateral Commission is 
>a conspiracy, I believe it's just one fact of how the 
>ruling class of the Western world organizes itself. 
>     There are other levels of aristocratic shadow-
>government organization, and they're quite worth while 
>to study, but this one sure points to some interesting 
>possibilities, and boy, the fact that you never hear it 
>mentioned should make really you wonder.
>     Not that there isn't enough to wonder about 
>already, and not that any of it matters.
>     After all, nothing really happens nowadays. Flight 
>800 got shot down, but nobody did it. It just sort of 
>exploded and fell out of the sky. Not only wasn't there 
>a perpetrator, there wasn't even a cause determined for 
>the explosion!
>     We have wars�-- safe ones, where nobody comes back 
>with their arms and legs blown off. The federal budget 
>deficit increased by a few billion dollars in the time 
>it took me to write this article, and yet it's 
>meaningless. There is no public mention of the 
>Constitutional amendment, the famous 14th Amendment, 
>which explicitly states, "The validity of the public 
>debt of the United States...shall not be questioned." 
>It's the law of the land!
>     So, lest I blow a few too many of my brain cells 
>thinking about this, I will now go back to being an 
>astrologer.
>     End of expos�	
>










From mpd at netcom.com  Thu Nov 14 14:11:30 1996
From: mpd at netcom.com (mpd at netcom.com)
Date: Thu, 14 Nov 1996 14:11:30 -0800 (PST)
Subject: FCPUNX:Small 'Hard' Problems Wanted
Message-ID: <199611142211.OAA21942@netcom12.netcom.com>


Eli Brandt <eli at gs160.sp.cs.cmu.edu> writes:

 > (I'm getting this this through fcpunks, so my reply is
 > going to you. If you reply, you can cc cypherpunks if you
 > want.)

Ok.

[snip]

 >> ... I plan to test it on reduced round DES, full 16 round
 >> DES, and some RSA problems of various sizes.

 > These are all in NP (though not necessarily NP-C), so you
 > can certainly solve them with SAT, but I'd be *very*
 > surprised if SAT were an efficient way to do it.  If
 > SAT-reduction beats the number field sieve at factoring, for
 > example, you've got a major research result.

Actually, I would expect any AI algorithm which has some notion
of convergence to beat all of the "combination of congruences"
factoring methods, which are essentially exhaustive searches,
albeit it under the image of some useful transformations and
homomorphisms.

SAT (boolean satisfiability) does not seem to illuminate
factoring or other cyptographic problems in any obvious way. Even
a prime implicant covering of a typical strong cryptographic
function would be mondo huge in terms of memory.  Crypto problems
map pretty nicely into circuit problems, however, and circuit
satisfiability seems to be a nice wedge with which to attack a
number of the most popular ones.  Of course, you can go back and
forth between circuit and SAT problems, but thinking in terms of
circuits allows you to add the correct additional variables to a
problem which would be gigantic if you did the output directly in
terms of the input bits.

I will wait to see if this thing munches through DES of various
rounds before claiming any "research results."

 >> I already have C code to map RSA and n-round DES problems
 >> into an appropriate circuit satisfiability problem

 > How big a SAT problem does an n-bit RSA or n-round DES
 > problem turn into?

Well - the typical DES S-Box requires between 130-155 2-input
logical operations to express its 4 bit output in terms of its 6
bit input if you basically construct it in the obvious no-brainer
way without attempting any clever optimization.

Throw in a few XORs, and you can wire 2 round DES in about 2,500
one and two input logical operations, and the full 16 round DES
takes about 25,000.  I'm sure this can be improved upon greatly,
if someone wanted to tweek the wiring diagram.

What I've done to convert DES to a circuit satisfiability problem
is to make a logical network with (56+64+64) input bits and 1
output bit. The input consists of (key,plaintext,ciphertext).  I
pass both the plaintext and ciphertext through the IP, and do
half the rounds on each with the appropriate subkeys.  Then I XOR
opposite 32 bit sections between them, OR it all together, and
complement the output.

This yields something which lights up if the key maps the
provided plaintext into the provided ciphertext and outputs zero
otherwise.  When it is instantated with a particular
plaintext/ciphertext pair, this diagram can be munched by the
previously mentioned algorithm to yield a possibly non-empty set
of keys.

RSA is a little bit more messy.  Given a modulus between 2^k < N
< 2^(k-1), you can construct a circuit which when instantated
with the modulus bits will light up if and only if the larger
of the two distinct primes is input.  The way I do this requires
only two multiplicative operations, one being a modular
reciprocal of an odd number modulo 2^k, and the other being a
multiplication.  Both of these are wired as N^2 algorithms,
using successive approximation, although near-linear algorithms
probably exist.

As a data point, a circuit which lights up when RSA-140 is input
can be done in about a million NANDs.  Someone has offered me
some time on a 64 meg ultraSparc to try some RSA problems, but I
am going to debug the C version on DES first.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $






From rcgraves at ix.netcom.com  Thu Nov 14 14:15:40 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Thu, 14 Nov 1996 14:15:40 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace! [NOISE] [NEEDLESS TO SAY]
In-Reply-To: <199611141440.IAA06766@mailhost.onramp.net>
Message-ID: <328B99EE.8D3@ix.netcom.com>


aga wrote:
> 
> On Wed, 13 Nov 1996, Declan McCullagh wrote:
> 
> > I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale
> > of meaningless political rants.

You've got a low tolerance. I'd only give him a 7.

> Jealousy rears it's ugly head.  You just wish you had the credibility
> that Dave Hayes has.

Wow.

> This Declan_McCullagh is a long-time cabal.member, so his critique
> of a Freedom-Knight like Dave Hayes is to be given short shrift.

Wrong. The Cabal (TINC) voted en masse against rec.music.white-powder;
Declan took your side, and even violated the fascist Cabal Rules by 
distributing a marked ballot on a closed mailing list. He's been on the 
Cabal (TINC) shit list (TINSH) ever since.

> None of that analogy is applicable to the cyberpunks list.
> When a list gets as big as that, it it no longer to be considered
> a "mailing-list" but it is a _public_ forum.  The whole problem
> here is the abuse of power by both the EFF and John Gilmore.

Then why are you still posting? I thought The Cabal (TINC) had ordered 
you into the Gulag.

> No, he is saying that people can use an e-mail filter and not listen
> to Vulis if they want to.  It was a very simple thing; are you too
> uneducated to know how to use an e-mail filter?

No, I can assure you that he does.

Love,

-rich
 netscum, http://www.mindspring.com/~netscum/gravesr0.html





From mpd at netcom.com  Thu Nov 14 14:21:05 1996
From: mpd at netcom.com (Mike Duvos)
Date: Thu, 14 Nov 1996 14:21:05 -0800 (PST)
Subject: FCPUNX:Small "Hard" Problems Wanted
Message-ID: <199611142220.OAA23433@netcom12.netcom.com>


Eli Brandt <eli at gs160.sp.cs.cmu.edu> writes:

 > (I'm getting this this through fcpunks, so my reply is
 > going to you. If you reply, you can cc cypherpunks if you
 > want.)

Ok.

[snip]

 >> ... I plan to test it on reduced round DES, full 16 round
 >> DES, and some RSA problems of various sizes.

 > These are all in NP (though not necessarily NP-C), so you
 > can certainly solve them with SAT, but I'd be *very*
 > surprised if SAT were an efficient way to do it.  If
 > SAT-reduction beats the number field sieve at factoring, for
 > example, you've got a major research result.

Actually, I would expect any AI algorithm which has some notion
of convergence to beat all of the "combination of congruences"
factoring methods, which are essentially exhaustive searches,
albeit it under the image of some useful transformations and
homomorphisms.

SAT (boolean satisfiability) does not seem to illuminate
factoring or other cyptographic problems in any obvious way. Even
a prime implicant covering of a typical strong cryptographic
function would be mondo huge in terms of memory.  Crypto problems
map pretty nicely into circuit problems, however, and circuit
satisfiability seems to be a nice wedge with which to attack a
number of the most popular ones.  Of course, you can go back and
forth between circuit and SAT problems, but thinking in terms of
circuits allows you to add the correct additional variables to a
problem which would be gigantic if you did the output directly in
terms of the input bits.

I will wait to see if this thing munches through DES of various
rounds before claiming any "research results."

 >> I already have C code to map RSA and n-round DES problems
 >> into an appropriate circuit satisfiability problem

 > How big a SAT problem does an n-bit RSA or n-round DES
 > problem turn into?

Well - the typical DES S-Box requires between 130-155 2-input
logical operations to express its 4 bit output in terms of its 6
bit input if you basically construct it in the obvious no-brainer
way without attempting any clever optimization.

Throw in a few XORs, and you can wire 2 round DES in about 2,500
one and two input logical operations, and the full 16 round DES
takes about 25,000.  I'm sure this can be improved upon greatly,
if someone wanted to tweek the wiring diagram.

What I've done to convert DES to a circuit satisfiability problem
is to make a logical network with (56+64+64) input bits and 1
output bit. The input consists of (key,plaintext,ciphertext).  I
pass both the plaintext and ciphertext through the IP, and do
half the rounds on each with the appropriate subkeys.  Then I XOR
opposite 32 bit sections between them, OR it all together, and
complement the output.

This yields something which lights up if the key maps the
provided plaintext into the provided ciphertext and outputs zero
otherwise.  When it is instantated with a particular
plaintext/ciphertext pair, this diagram can be munched by the
previously mentioned algorithm to yield a possibly non-empty set
of keys.

RSA is a little bit more messy.  Given a modulus between 2^k < N
< 2^(k-1), you can construct a circuit which when instantated
with the modulus bits will light up if and only if the larger
of the two distinct primes is input.  The way I do this requires
only two multiplicative operations, one being a modular
reciprocal of an odd number modulo 2^k, and the other being a
multiplication.  Both of these are wired as N^2 algorithms,
using successive approximation, although near-linear algorithms
probably exist.

As a data point, a circuit which lights up when RSA-140 is input
can be done in about a million NANDs.  Someone has offered me
some time on a 64 meg ultraSparc to try some RSA problems, but I
am going to debug the C version on DES first.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $






From ph at netcom.com  Thu Nov 14 14:41:51 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 14:41:51 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <v02140b05aeb13a70acf4@[192.0.2.1]>


At 3:12 PM 11/14/1996, Mullen Patrick wrote:
>From: Peter Hendrickson on Thu, Nov 14, 1996 13:22
>> This assumes that spam has gotten so bad that everybody filters their
>> mail and only accepts mail on the "accept" list.  People sending mail
>> directly to your account would get a message back saying that they had
>> to get on the "free" list or send their mail through one of the approved
>> remailers.

> So our ideas on implementation are similar, except you have made the
> distinction that anyone on the "free" list can have direct access.
> Unfortunately, your idea pivots on the idea spam has exploded to unbearable
> proportions.  My complaint on this isn't your idea, it's the projection
> such an event may occur.

People complain all the time about advertising spam.

People have been maliciously spamming other people since the beginning
of time.  (The epoch here is the birth of the Net.)

The problem has arrived.  Right now it is merely irritating, but we
have already seen calls for more control and more legislation.  In my
view, that would be a disaster.  Let's head it off at the pass.

> While I hope this plan won't ever be necessary, at least not on such a
> global scale, the application of such techniques toward a mailing list
> sounds decent.

This may sound like a quibble, but it really isn't: I am not talking about
a global scale at all.  A very small group of people can make use of
this technology successfully.  It doesn't matter whether everybody in
the world uses it or just people who are tired of spam - it still works.

You only need one remailer operator to do this and it will be fully
available.

> I'm still thinking about how I would go about charging WRT mailing lists;
> anonymous postings are puzzling me at the moment.

I was probably a little quick on the keys.  Charging to send to a mailing
list does not solve the spam problem.  Why?  Because it is worth a dollar
to send an advertisement to 3000 people.  What it does do is cut down
on "me too" posts and encourage people to make the best use of the
bandwidth they are paying for.  It would be easy for a remailer operator
to do this if mail were accepted only from the "paying" remailer.

However, if you restrict postings to an approved group of people, perhaps
everybody on the mailing list, you can eliminate spam.  How, then, do we
allow anonymous postings to come through?  Individual people on the list
can receive the proposed post and forward it to the list if it is
appropriate.  They could even charge a fee for doing it.  That's easy to
do if there is a "paying" remailer which will handle the money for them.

> Which brings up another topic:  How would an anonymous remailer operate?
> It's hard to eliminate an audit trail when there is some monetary tie back
> to you, whether it be credit card, ecash (assuming they never quite figure
> out anonymizing it), ...

I assumed untraceable cash transactions for small amounts were available.

E-cash, the product licensed by Digicash, offers full payee anonymity and
would be an ideal candidate.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Thu Nov 14 15:14:13 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 15:14:13 -0800 (PST)
Subject: Playing Cards
Message-ID: <v02140b06aeb157d093c7@[192.0.2.1]>


A number of us have been concerned about how PGP generates entropy.
Striking the keyboard beats using time as a source of random numbers,
but the degree of entropy is not well understood.  Are there machines
where - for some reason - the keyboard strikes fall into some sort
of pattern?

And that's just when you are generating your public/private key pair.
What happens when you are just generating 128-bit keys for individual
messages?  Where is the entropy coming from?  I don't understand
completely, but somehow PGP collects entropy from the system and then
runs it into IDEA and then uses the numbers from the output.  When the
program is not running, a pool of this data is kept in randseed.bin.

We already know it's a problem because it is hard to understand what
it is even doing, much less determine if it is consistent with sound
engineering practice.

This problem is certainly not confined to PGP.  A lot of people have
worked hard to make computers deterministic.  What do you do when you
need entropy?

Yes, you can buy a chip which generates random numbers at nearly any
bandwidth you like.  But, right there you have a problem.  How do you
know the output is really random?  The answer is that you do not.

Playing cards are a nice source of randomness because they are widely
available and their behavior has been under study for a long time by
people with strong financial reasons for finding flaws.  I slightly
prefer cards to dice because dice may be slightly predictable or even
loaded.

It would be nice if cryptography software would allow you to enter
randomly selected playing cards from time to time to increase the
entropy of keys.  Careful people (Black Unicorn?) would enter the
cards prior to sending each message.

A well shuffled deck of 54 cards has about 237 bits of entropy.  This
is easy to use: the program asks the order of the cards, converts this
to a string, and runs it through a one-way hash.  (Entering the cards
is a bit of a nuisance.  Is there an easy way to have them read
automatically?)

The Economist reports that seven riffle shuffles bring a deck "very
close to being random".  ("Science and Technology: How to win at poker
and other science lessons" The Economist, October 12, 1996, pp:88-89.)

Cards have other uses.  You can assign a (large) number to each
configuration of the deck.  This allows you to use a deck of cards to
represent numbers.  That is certainly convenient for generating large
random numbers.  I have included some Lisp code below which converts
both ways between shuffled decks of cards and unique numbers.

This could be quite useful for strong steganography.  Let's say you
have 230 bits you want to deliver across a border.  It is unlikely
that anybody will study a deck of cards very carefully.  Of course,
you need not limit yourself to cards.  Any set of objects which can be
ordered will do the trick.  For instance, a shelf with 100 books may
be used to store 524 bits.  One thousand books may store 8529 bits.
How many bits can you store in that database which is in apparently
random order?

You can hide your data in two decks.  There is a natural order to
cards: pick your favorite ordering of the suits and then do the rest
numerically.  However, if you shuffle one deck of cards and lay them
in a row, you could use that ordering to define the mapping of the
second deck of cards to numbers.  The Enemy may seize one deck or the
other, but without both, the number will not be revealed.  While I
hesitate to use the term, this is a one-time pad.  The first deck can
be thought of as the key and the second deck is the message.

How the Lisp Code Works
-----------------------

Let's use as an example a deck of five cards numbered from 0 to 4.
There are 5! = 120 combinations of these cards.  We can think
of each card as a "digit" in a slightly odd numbering system.

In decimal arithmetic, we have columns whose value increments by 10^0,
10^1, 10^2, etc.  In our numbering system of five cards, columns
increment by 0, 1, 2!, 3!, and 4!.

Consider the card sequence of (4 3 2 1 0).  We wish to compute the
value stored in the leftmost column.  Since there are five choices of
cards, this divides the number of possible combinations into five
pieces of 4! combinations each.  So, in this example, the value in the
first column will be 4*4! = 96.  This leaves us with cards (3 2 1 0).
We can look at this as a smaller number represented by a deck of four
cards.  This smaller number is added later to the larger number to get
the final total number for our original deck.  The first column of our
smaller deck is 3*3! = 18.  The next one is 2*2! = 4, the one after
that is 1*1! = 1, and the last card never matters because there is
only one card to choose (0*0!).  The total is 96 + 18 + 4 + 1 = 119.
This is the highest number we can represent with a deck of five
cards.

Consider the card sequence (0 1 2 3 4).  This is the smallest value we
can represent, 0.  The value of the first column is 0*4! = 0.  This
leaves us with (1 2 3 4).  But what has happened here?  We can't treat
this as a normal smaller deck because it is missing a card.  Besides,
1*1! = 1, which is not the zero we expected.  We must renumber the
cards so that it is a reasonable deck again.  The sequence of cards we
should really be looking at is (0 1 2 3).  This means the value of the
next column should be 0*3!.  Then we renumber the deck and continue
until we run out of cards.  The answer is 0.

For an exercise, what is the value of (4 2 1 3 0)? (Answer at end.)

Now, how do we construct the deck given only the number defining its
combination?  The code below is recursive.  It computes the first
digit and then calls itself to recursively find the remaining cards.
The cards returned are always an internally consistent deck of cards;
that is, if sorted they will be consecutively numbered starting from
0.  When a new card is inserted, the cards have to be renumbered to
accomodate the new one by incrementing every card which has the same
or greater face value as the card being inserted.  (Insertion is
slightly misleading here because you place the card at the head of the
list.  Insertion refers to the conceptual process of inserting the
card into the pre-existing order and adjusting the other values to
allow it.)

In other languages, this might be a little more complicated to
implement.  Lisp provides a nice bignum package and also (I believe) a
compiler which knows how to convert the recursive routines below into
iterative routines.  This code performs quite well even on a small
slow machine.

;;;-*- Mode: Lisp; Package: COMMON-LISP-USER -*-

(defun compute-combination-number (cards)
  "Converts list of numbered cards into a unique number representing
their order."
  (cond ((> (length cards) 1)
         (+ (* (car cards)
               (factorial (1- (length cards))))
            (compute-combination-number (renumber-cards cards))))
        (t 0)))

(defun renumber-cards (cards)
  "Removes lead card from deck, decrements higher numbered cards
by one so there are no gaps."
  (let ((renumbered-cards-reversed)
        (lead-card (car cards)))
    (dolist (card (cdr cards))
      (cond ((> card lead-card)
             (push (1- card) renumbered-cards-reversed))
            (t
             (push card renumbered-cards-reversed))))
    (reverse renumbered-cards-reversed)))

(defun reconstruct-deck (combination-number deck-size)
  "Converts unique number representing order of a deck of cards
and returns a list of numbers representing the deck."
  (cond ((not (<= deck-size 1))
         (multiple-value-bind (digit remaining-combination-number)
                              (floor combination-number
                                     (factorial (1- deck-size)))
           (insert-card digit (reconstruct-deck
                               remaining-combination-number
                               (1- deck-size)))))
        (t (list 0))))

(defun insert-card (new-card card-list)
  "Inserts a card into a deck, increasing by one every card which
is of higher or equal number so there are no duplicate cards."
  (let ((new-deck-reversed))
    (push new-card new-deck-reversed)
    (dolist (card card-list)
      (cond ((>= card new-card)
             (push (1+ card) new-deck-reversed))
            (t
             (push card new-deck-reversed))))
    (reverse new-deck-reversed)))

(defun factorial (number)
  (cond ((or (= number 1) (= number 0)) 1)
        (t (* number (factorial (1- number))))))

;;; Testing routines

(defun shuffle-deck (deck-size)
  (randomize-list (build-card-list deck-size)))

(defun randomize-list (some-list)
  (do ((randomized-list nil))
      ((null some-list) randomized-list)
    (let ((item-number (random (length some-list))))
      (push (elt some-list item-number)
            randomized-list)
      (setf some-list
            (remove (elt some-list item-number) some-list)))))

(defun build-card-list (deck-size)
  "Returns a list of consecutive numbers representing a deck of
cards."
  (do ((card-list nil)
       (count 0 (1+ count)))
      ((= deck-size count) card-list)
    (push count card-list)))

(defun identicalp (list-one list-two)
  "Returns non-nil if the two lists are identical."
  (eval (cons 'and (map 'list #'equal list-one list-two))))

(defun exhaustively-test-card-combinations (deck-size)
  "Verifies that the correct deck is reconstructed from the unique
order number for every combination of a small deck of cards."
  (let ((combinations (factorial deck-size)))
    (do ((combo-number 0 (1+ combo-number)))
        ((= combinations combo-number) t)
      (cond ((not (= (compute-combination-number
                      (reconstruct-deck combo-number deck-size))
                     combo-number))
             (warn "Test failed for ~D" combo-number))))))

(defun test-one-deck (deck-size)
  "Shuffles a deck of cards and verifies that it may be reconstructed
from the unique number representing its order."
  (let* ((original-deck (shuffle-deck deck-size))
         (reconstructed-deck (reconstruct-deck
                              (compute-combination-number original-deck)
                              deck-size)))
    (cond ((not (identicalp original-deck reconstructed-deck))
           (warn "Test failed for ~A" original-deck)))))

(defun test-many-decks (trials max-deck-size)
  "Shuffles trials decks of maximum size max-deck-size and verifies
that their order may be reconstructed from the unique number we compute."
  (do ((trial-number 0 (1+ trial-number)))
      ((= trials trial-number) t)
    (test-one-deck (1+ (random max-deck-size)))))

(defun complete-combination-test ()
  "Good test of all the card combination routines."
  (format t "Performing exhaustive test.~%")
  (exhaustively-test-card-combinations 6)
  (format t "Performing random test on large decks.~%")
  (test-many-decks 10 100))

;; (Exercise Answer: (4 2 1 3 0) = 111)







From thug at pan-net.de  Thu Nov 14 15:39:07 1996
From: thug at pan-net.de (Thug)
Date: Thu, 14 Nov 1996 15:39:07 -0800 (PST)
Subject: [Fwd: [Fwd: Send this out to as many people as possible!!]]
Message-ID: <328BAEFA.549C@pan-net.de>

An embedded message was scrubbed...
From: unknown sender
Subject: no subject
Date: no date
Size: 4712
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961114/74772d1f/attachment.mht>

From ph at netcom.com  Thu Nov 14 15:44:26 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 15:44:26 -0800 (PST)
Subject: Remailer Pricing
Message-ID: <v02140b07aeb1587ebcaf@[192.0.2.1]>


At 6:02 PM 11/14/1996, Mullen Patrick wrote:
>Peter Hendrickson switched the transistors to say:
>> E-cash, the product licensed by Digicash, offers full payee anonymity and
>> would be an ideal candidate.

> Oops.  I forgot.  :-)  I guess this idea would work.  But, there would be a
> very large price for anonymity - two mailers holding their hands out for a
> piece of the pie.

> Well, I must admit you seem to have this idea pretty well thought out, and
> it just may work.  The hardest part of the plan would probably be gaining
> acceptance.  True, everyone loves getting a check, especially if all they
> had to do was open and close email to have it register as being read, but
> the hard part is getting people to accept having to pay to send someone a
> message.  Of course, there's the argument that currently we pay for stamps...
> :-)

It looks like I wasn't perfectly clear again.  Sorry about that.  The user
does not tell anybody whether or not the mail has been read.  In fact,
it's nobody's business but their own.  This is the advertiser's problem,
and I don't really care whether they solve it.  In fact, the user does
not have to put the remailer on the accept list.  He or she just has
to tell the remailer operator that they would like to receive a dollar
(or whatever) if the remailer operator sends them any mail.

Perhaps we've been thinking about anonymous mail the wrong way.  Is it
like the U.S. Post Office where you have to physically go someplace,
buy a stamp, physically write your message, put it in a physical envelope,
carry it to a box someplace, and then wait (maybe four days) for it to
arrive, all for "only" 32 cents?  Or is it more like Federal Express
where you pay 20 bucks and it arrives the next day, for sure, every time?

Earlier today somebody sent a message about his scary former employers
and (apparently) how they just kill people.  Would that person pay, say,
$5 to have the message delivered reliably and very anonymously?  My
judgement is that it would be worth every penny, and probably more.

Right now the remailer network is a mess.  There just aren't that many
remailers operating in a timely and reliable manner.  I am not knocking
the remailer operators for this, it's just clear that "free" doesn't
make it worth their while to keep the remailers operating perfectly
at all times.

It is especially important that anonymous mail be delivered in a timely
and reliable manner because you probably will not have a good way to
verify that it arrived.  And reliability is absolutely required if
you are chaining remailers because errors multiply.  The top five
remailers in Raph's latest report had these reliabilities: 99.77%,
99.28%, 99.23%, 99.18%, and 98.78%.  If you chain those remailers, your
failure rate is 3.71%, which is just too high.

And, the long delays in sending messages through the remailers make it
hard for people to get up and running because it takes hours to determine
whether it worked, if it worked at all.

Furthermore, many remailers don't use 2048-bit keys.  Why not?  Because
they don't want to spend money on the cycles.  That's okay with me -
it's charity.  But, if I pay a dollar for a remailer, I can expect
to be able to use a very strong key.

A good pricing strategy for remailers would be to charge, say, $1 for
instant delivery, $.50 for 30 minute delivery, etc.  To generate
interest, 4 hour delays could be imposed for free remailing, if the
resources are available.

Peter Hendrickson
ph at netcom.com







From Mullen.Patrick at mail.ndhm.gtegsc.com  Thu Nov 14 15:46:09 1996
From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick)
Date: Thu, 14 Nov 1996 15:46:09 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <n1364127665.90445@mail.ndhm.gtegsc.com>


Peter Hendrickson switched the transistors to say:
>> While I hope this plan won't ever be necessary, at least not on such a
>> global scale, the application of such techniques toward a mailing list
>> sounds decent.

>This may sound like a quibble, but it really isn't: I am not talking about
>a global scale at all.  A very small group of people can make use of
>this technology successfully.  It doesn't matter whether everybody in
>the world uses it or just people who are tired of spam - it still works.

Yeah, I knew I used a bad choice of words.  I meant global as in "all-
encompassing" rather than the geographical definition.

>However, if you restrict postings to an approved group of people, perhaps
>everybody on the mailing list, you can eliminate spam.  How, then, do we
>allow anonymous postings to come through?  Individual people on the list
>can receive the proposed post and forward it to the list if it is
>appropriate.  They could even charge a fee for doing it.  That's easy to
>do if there is a "paying" remailer which will handle the money for them.

>> Which brings up another topic:  How would an anonymous remailer operate?
>> It's hard to eliminate an audit trail when there is some monetary tie back
>> to you, whether it be credit card, ecash (assuming they never quite figure
>> out anonymizing it), ...

>I assumed untraceable cash transactions for small amounts were available.

>E-cash, the product licensed by Digicash, offers full payee anonymity and
>would be an ideal candidate.

Oops.  I forgot.  :-)  I guess this idea would work.  But, there would be a
very large price for anonymity - two mailers holding their hands out for a 
piece of the pie.

Well, I must admit you seem to have this idea pretty well thought out, and 
it just may work.  The hardest part of the plan would probably be gaining
acceptance.  True, everyone loves getting a check, especially if all they
had to do was open and close email to have it register as being read, but
the hard part is getting people to accept having to pay to send someone a
message.  Of course, there's the argument that currently we pay for stamps...
:-)

PM

>Peter Hendrickson
>ph at netcom.com



------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;14 Nov 1996 17:46:22 -0400
Received: from netcom18.netcom.com by delphi.ndhm.gtegsc.com with SMTP;
          Thu, 14 Nov 1996 22:42:05 GMT
Received: from [192.0.2.1] (ph at netcom3.netcom.com [192.100.81.103]) by
netcom18.netcom.com (8.6.13/Netcom)
	id OAA05098; Thu, 14 Nov 1996 14:40:19 -0800
X-Sender: ph at netcom15.netcom.com
Message-Id: <v02140b05aeb13a70acf4@[192.0.2.1]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 14 Nov 1996 14:40:29 -0800
To: "Mullen Patrick" <Mullen.Patrick at mail.ndhm.gtegsc.com>
From: ph at netcom.com (Peter Hendrickson)
Subject: RE: Remailer Abuse Solutions
Cc: "Cypherpunks" <cypherpunks at toad.com>





From rcgraves at ix.netcom.com  Thu Nov 14 15:53:30 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Thu, 14 Nov 1996 15:53:30 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News [NOISE] [MOMMY]
In-Reply-To: <199611131951.LAA16239@kachina.jetcafe.org>
Message-ID: <328BAB81.5EC0@ix.netcom.com>


Dave Hayes wrote:
> 
> > Cypher-Censored
> > By Declan McCullagh (declan at well.com)[...]
> A need for attention can be overcome by refraining from the denial
> that the need exists, followed by careful observation of that need.
> More can be said on this, but this is not the forum. Such a need
> is not and should never be a reason for censorship.

In other words, Dave Hayes wants his mommy.

-rich





From hyperlex at hol.gr  Thu Nov 14 16:05:31 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Thu, 14 Nov 1996 16:05:31 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611150403.CAA10921@prometheus.hol.gr>


At 08:30 �� 14/11/1996 -0500, aga wrote:
>> * Dave says "Notice that the net is compared to a home or private club." 
>> Wrong. I never compared the Net to such. However, a mailing list run on a
>> computer in someone's home with his own cash is very similar to a private
>> club.  There are private speech restrictions on the Net. Gated communities
>> exist.  Try to join the "lawprofs" mailing list. You can't; you're not
>> (and quite obviously anything but) a law professor. Censorship? Not quite. 
>> 
>None of that analogy is applicable to the cyberpunks list.
>When a list gets as big as that, it it no longer to be considered
>a "mailing-list" but it is a _public_ forum.  The whole problem
>here is the abuse of power by both the EFF and John Gilmore.

Indeed. But it's not only a question of 'size'. Perhaps less people might
take part, but it would still be a _public_ list, just as an "open meeting"
announced to take place in a _private_ house, is still an open meeting.

Does the fact that the _building_ used by the meeting is private and
possibly donated for this purpose make the meeting less public (than
explicitly announced)?

This analogy (meeting = mailing-list, building-owner=list-owner) is
_quite_ exact, as a matter of fact, and it's not at all a 'party'.










>> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
>> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
>
>Wrong!  The cyberpunks mailing list is PUBLIC property and should
>NOT be controlled by John Gilmore!  This just goes to show the real
>facist censorship motives that the EFF has behind it.

Yep. Morevover, ANOTHER _sense_ in which the cypherpunks list is
PUBLIC is the following:  Posters are the _owners_ of their _ideas_.
So the messages in the list are the (intellectual) property of the
people who wrote them; not the list-owner's. The false analogy here
is between a mailing list and a newspaper; But the newspaper (1) is
sold in ALL public places (2) is dependent on money and works (in the
end) for the financial best interests of its owner, and (3) is not
interactive, i.e. the readers are not at all _also_ writers in it.

We have to clear these things up, dear aga, and no longer misunderstand
each other. Perhaps when I burst out (one of the first) against Dimitri's
expulsion I shouldn't have used the adjective 'Yankee', in denouncing
the mentality you also denounce. The reason I said 'Yankee' is because
it seems to be _very_ common in your part of the world. It's not because
I 'hate' or 'envy' Yanks! But I strongly believe that there are quite
common _assumptions_ appearing again and again throughout the Net,
which _do_ originate in the States, among the people you _also_ oppose.

In my part of the world, NOBODY would EVER, seriously claim that an "open
meeting" held in his house is subject to his "censorship". Then the
meeting would by definition NOT be public...

Other than these (serious points) we both seem to love our countries
and this has nothing to do with nationalism or petty patriotism (IMO).




>Time to kill the EFF, and let it rot in hell.  They are disgrace
>to the entire InterNet community.  I run 6 different mailing lists,
>and have NEVER puled the plug on anyone, even when they criticize me.
>
>The first time is the time when you lose all credibility, and there
>is never any forgiveness for a plug-puller.

THIS is a very SERIOUS point: Censorship is like... prostitution.
The first time a person accepts money to offer a... blow-job, is
sufficient for the loss of all sexual credibility. Similarly, people
who ban someone from some medium of expression become _PIMPS_, which
is far worse than whores (whose therapeutic role has been grossly
underestimated by the world's cultures)... ROTFL!!!!

Indeed, in my country, we use the word "pimp" for an editor who
sacks journalists because of disagreeing with their opinions.
(even though as I said the 'journalism' analogy is irrelevant here).

Finally, only a fool or a bigot would fail to realize the
seriousness and the correctness of what aga has said.

So I shake your hand, Yankee rascal! :-)
Peace
George






From snow at smoke.suba.com  Thu Nov 14 16:47:05 1996
From: snow at smoke.suba.com (snow)
Date: Thu, 14 Nov 1996 16:47:05 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611140501.XAA05790@manifold.algebra.com>
Message-ID: <199611150101.TAA00362@smoke.suba.com>


> 
> Dave Hayes wrote:
> > You won't do this, because I won't let you on the list. I, unlike you
> > or Mr. Gilmore, have the judgement on whom to invite to my list.
> So what's the difference between yours and gilmore's position?
> Long live USENET Cabal!

     Gilmore give you the rope and allows you to hang yourself. Hayes 
just shoots you between the eyes. 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From roach_s at alph.swosu.edu  Thu Nov 14 16:48:59 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Thu, 14 Nov 1996 16:48:59 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611150046.QAA20765@toad.com>


>On Wed, 13 Nov 1996, Mark M. wrote:

>> Mark
>> - -- 
>> finger -l for PGP key
>> PGP encrypted mail prefered.

To which, at 08:42 AM 11/14/96 -0500, aga wrote:

>Why?  Are you a criminal?
>What are you hiding behind your PGP?

Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
is a criminal?  Charlie McCarthy might have said that.






From snow at smoke.suba.com  Thu Nov 14 17:06:12 1996
From: snow at smoke.suba.com (snow)
Date: Thu, 14 Nov 1996 17:06:12 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611140715.FAA01670@prometheus.hol.gr>
Message-ID: <199611150122.TAA00419@smoke.suba.com>


George wrote:
> At 06:34 =EC=EC 13/11/1996 -0500, Mark M. wrote:
> (in response to):
> >Governments maintain a monopoly on land, so the "love it or leave it"=
>  mentality
> >is flawed.  Virtual space does not have the same limitations as physical
> >space.  Starting your own mailing list is relatively easy.
> Not at all easy, for a lot of people. Moreover, it's very time-consuming.
> It's only easy if you are prepared to put up with costs of time, money,
> and also... service providers (who don't always agree with you)...

     It is not that difficult in term of money or access to start a 
mailing list. 

    I believe there is a equation that operates in life that goes something
like this:
   
    Intelligence + Money + Time * will = Results 

    As one goes up, the other two can drop. Will is kinda nebulous, but is 
always less than result.

    I am not a rocket scientist, but I was able to get majordomo to work
(to a degree) on a server I own, yes, I own the server, and no, I don't 
pay for it with cash. I do a favor for someone, and they gave me the 
machine (http://www.encodex.com/~pov to see the favor). The access is 
provided by some people I occasionally do work for, as long as the machine
is not causing a problem, or too much bandwidth, they let me run it.

    This would make the equation:

    Intelligence + money + time * will = Result
        Some     +  0    + a bit * some = A server with 4 or 5 mailing lists. 

> In a lot of places in the world, starting mailing lists is almost
> impossible unless you can be _inside_ an Internet Provider Company
> (and use Unix or whatever they use, in their own machines).
    
     A simple mailing list could simply be a 8 dollar a month email account
with a long .forward file.  

> Man you're nutts. There are very few and quite vast Media Companies
> in the world, and they're on the verge of becoming monopolies.

     For every "tentacle" of the Vast Media Conglomerates, there is 
some loose nut with a photocopier (or access to Kinko's). 

> Even your American President is in reality a puppet of the Trilateral
> Commission, who effectively also control CNN, the Washington Post,
> and many many many other things all over the world.

     WHO is nuts? 

> And you are saying that control of the media by ownership is
> impossible?  You're far out maaan! :-)
> Only in America such a naive opinion could actually be _believed_.
> (here I go again... aga! :-) )
> George
> P.S. Even if you offered me a million dollars I'd stay away from
>      your country. My sanity is much more valuable.  :-)
>      (The Immigration Authorities in the U.S. have missed the point:
>       We DON'T want to come to you guys. It's the last thing we'd want!)

     One of these days reality is going to hit you like a runaway 
freight train. 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From nobody at replay.com  Thu Nov 14 17:13:22 1996
From: nobody at replay.com (nobody at replay.com)
Date: Thu, 14 Nov 1996 17:13:22 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
Message-ID: <199611150113.UAA25639@anon.lcs.mit.edu>



-----BEGIN PGP SIGNED MESSAGE-----

Declan McCullagh wrote:
> 
> The mere fact that a privately-owned discussion group becomes popular 
> does not mean that it becomes a public forum.

This is true. On the other hand, privately-owned public forums do exist. 
Chartered FreeNets, for example, and the facilities of private Universities 
like Carnegie Mellon. There may be a fine line somewhere, but I don't 
believe we need to draw it, because what is at issue here is the character 
of the moderator, not the legality of his action.

We're just spinning wheels here talking in the abstract. I actually agree 
with Vulis's reasoning -- you need to look at the facts of the case in 
order to determine whether an act of censorship, or heckler control, or 
editing, or whatever, was proper. But apply that reasoning to Vulis's case, 
and you conclude that he's completely in the wrong, by any standard.

> Say I start a poetry mailing list to discuss Blake's writings. I have
> three people on it. One becomes obnoxious and emailbombs the list 
> since he disagrees with my interpretation of "A Memorable Fancy." Do I 
> have the right to kick him off? 

Clearly. And if your statement of the facts is correct, then you would be 
right in exercising your right. If there is more to the story, though, or 
if your story is wrong... well, then you still have the right to be a jerk, 
but you are, nonetheless, a jerk. In the cypherpunks case, though, the only 
jerk here is Vulis. It is worthless and IMO dangerous to prove that by 
arguing from first principles. The "Freedom Knight" kooks are correct in 
pointing out that every "philosophical" argument you've made can be and has 
been misused. Try a little empirical evidence; there is plenty to go 
around. "Truth is far more fragile than fiction... reason alone cannot 
protect it." Proof is syntactic; truth is semantic.

> How is this different from a private poetry reading in my home?

It differs in one small but important way: it all happens in the digital 
domain, so it can all be archived in its entirety. It is more difficult to 
lie about what happens online (but not impossible, as Vulis and company 
demonstrate). In an online forum, you have access to *all* the empirical 
evidence. There's no reason to rely on pure reason.

So enough already with the hypothetical cases. You've got a specific case 
of your own that, oddly, you still haven't mentioned.

- -rich


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMovDK5NcNyVVy0jxAQGjIAH8DTYuUzkwt7+9i4RNCPkspNBEj7MBoH0Z
CluHlmULFdamQ1HPDAXRct/DoqPzsXR+IzlMOr0y4bPFtMq1y+kEZw==
=TA0F
-----END PGP SIGNATURE-----





From nobody at replay.com  Thu Nov 14 17:18:07 1996
From: nobody at replay.com (Anonymous)
Date: Thu, 14 Nov 1996 17:18:07 -0800 (PST)
Subject: Media seekers, reputation and banishment
Message-ID: <199611150117.CAA06588@basement.replay.com>


Seems like the Freedom-Knights are seeking a little publicity? Perhaps an interview in Wired?
A column in the WaPo? A spot on www.TV.com? Are these the same folks who gather around
at fires and crime scenes trying to get into the camera? "Hi Mom! We're on CP now! Look
at me!"

bwahahhhaha

I find the aga/hayes posts amusing. It's amazing at how people have refined their skills at rhetoric,
debate and insults. The poisoned pen gets much practice.

So the aga/hayes posts attempt to extract reputation from Gilmore and Declan. It is interesting
to see how attacts on reputation are futile as reputation is built up (or spent) gradually. Pointing
a finger and shouting "You are stoopid!" is obviously ineffective at damaging any credibility other
than that of the person holding the finger. Remove the insults and aga and Hayes offer little 
in the way of compelling arguements.

Maybe Gilmore made a mistake in removing DV from CP. Perhaps it is a contradiction of some ideal
of open dialog and free speech. DV seems to have unlimitted energy for insults, rants, and blather,
so removing him directly (with the actual effect of simply making it less convienent for him or her to 
post) was a practical move not a philosophical move. A practical move to assert the will of the 
community.

A community offers few punishments for asocial behavior. Killfiles are partly effective. But the strongest
punishment is banishment. 

The issue is not "is banishing unruly louts from the discussion censorship" as censorship is a state
of being threatened with loss of liberty for what one says. The issue is "do we individually banish
asocial louts or collectively?" and of course how do we decide who to banish. All of this  is certainly 
easier when done individually yet it is often prudent and effective to have someone take
action when they are in a position to do be effective. Gilmore acted properly in my opinion. And DV
remains in my killfile.

diGriz





From nobody at cypherpunks.ca  Thu Nov 14 17:51:01 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 14 Nov 1996 17:51:01 -0800 (PST)
Subject: Cryptoanarchy in the field
Message-ID: <199611150137.RAA16422@abraham.cs.berkeley.edu>


At 5:44 AM 11/13/1996, Adam Back wrote:
>>What we need is an experiment.  Let's pick a country with a near
>>police state and design a system so that people in that country
>>can freely and securely communicate with each other and the outside
>>world with minimal chance of arrest.  Once the system is available,
>>we can see if it succeeds in the field.  I'll leave others to
>>suggest the target.
>
>I would suggest starting with remailers, rather than interactive
>traffic such as web traffic would be the easier target.  Might even
>present a positive spin in the press for anonymity and remailers for a
>change.

Positive publicity?  How about Iraq?  What kind of computer equipment does
the Army have?  What happens when the Iraqi Army suddenly becomes able
to conspire?

What if they were provided only with authentication of anonymous
identities.  How much could they do with "underground newspapers"
that traveled on sneaker net?

>So what good stego techniques are there for text.  Do singaporeans use
>a non ascii character set?  (As the Chinese use things like Big5
>encoding). Anyone know of any features of the character set that
>Singaporeans use which could be used for a subliminal channel?

How many people in Singapore speak English?

>Sure, if you keep cypherpunks list going even after crypto discussions
>have been outlawed, you can keep discussions, and then the ammount of
>ecash usage, and bandwidth may be more condusive to working out
>anonymous payment systems.

Pornography is a powerful motivator that need not involve money.
The CIA used to trade porn for secrets during the Cold War.  It seems
low ranking Russian officers used it to reward obedient young soldiers
who were not allowed to leave custody during their first two years
of service.







From kb4vwa at juno.com  Thu Nov 14 18:32:23 1996
From: kb4vwa at juno.com (Edward R. Figueroa)
Date: Thu, 14 Nov 1996 18:32:23 -0800 (PST)
Subject: The Conspiracy To Erect An Electronic Iron Curtain
Message-ID: <19961114.205947.7711.21.kb4vwa@juno.com>


An Essay by L. R. Beam 


The internet, perhaps the last truly free means of information exchange
in the Western World, may soon be choked by censorship and governmental
controls. The circumscribing of the net may cause the death of what has
become the first people-to-people exchange of ideas and information on a
world wide basis. The forces behind this effort appear at first glance to
be an unlikely coalition of conspirators, the CIA, some Jewish Religious
groups, and various foreign governments. While this unholy alliance for
censorship and control may seem unusual to some, politics makes the bed
for these strange fellows. Indisputably, an international cabal of
special interest groups both within and out of governments are working
both openly and secretly to end the unregulated direct exchange of
information between people. At stake is nothing less then the regaining
of information control which the internet has shattered. Up for grabs is
nothing more than the thinking and decision making abilities of informed
men. 

Information has flowed from the top down for most of this century.
Filtering of information by middle men from government, newspapers, radio, and then television has left most Americans depending upon Paul Harvey
"for the rest of the story." Suddenly, almost without warning, the
internet mushroomed into popularity connecting people all over the world
together electronically and thereby threatening the power of those who
disseminate information. If information is power, then the control of
information is more power. The ideas of men are shaped by what they are told. For those who hope to erect a "New World Order" upon what they view
as the antiquated ashes of free speech, control of the internet has
jumped to near top of the list of "things to do." Governments and
religious groups manipulate and control people by what they are allowed
to know or not know. A decision has been made by the information brokers
to end unregulated information exchange. Overnight the propaganda begins
as these forces build their case for control and censorship. 

Quickly the nightly news lights up with horror stories of pornography on
the net. Minutes later the same channel runs four hours of lurid
programming bringing profanity, sex, sodomitizers and violence into the
homes of viewers who were just shocked about porno on the net.
Newspapers carrier feature length stories about children being lured
from home over the computer telephone line, as if somehow typing a
request to a child for sex over the phone line is more effective than
saying it over the same phone line. The Anti-Defamation League issues a
report saying that bomb plans can be found on the net along with anti-
Jewish opinion. As if the same were not available in every public library in the United States. Politicians in Washington began to talk about
"protecting the children." The same politicians who's destructive social
policies and no win wars have destroyed more mothers sons than all the pagan empires of the past. Rabbi Abraham Cooper calls for censorship of politically incorrect ideas in Canada and asks for the establishment of an
"internet police." A delegation from the Nazi- hunting Simon Wiesenthal
Center in Vienna Austria, which has for the most part ran out of eighty
year old former Nazis to hunt, takes on the new task of information
censors and asks Italian Prime Minister Lamberto Dini, European Union
president to back World Jewish Congress initiatives to stop those who disagree on the impact and importance of the holocaust from using the
internet. Then in a joint effort of the ADL and the Simon Wiesenthal
Center letters are mailed to Internet service providers in early 1996
urging providers not to carry messages that contain non-complimentary
opinion about Jews, which is quickly labeled as "cyberhate speech." This
is but a glimpse of the public efforts of the information censors to
unleash "info police" on the net. It is clear that those who have previously served as the middlemen of politically correct information are
distraught at their having been taken out of the loop. 

Meanwhile, sources within the federal government, who wish to remain
unnamed, reveal that there are considerable behind the scene efforts to
bring the flow of information under government control. In the
labyrinthine bunkers of the CIA in Arlington Virginia, a team of
planners has begun discussion on how to control the net by establishing
internet node servers throughout the system that will act as a
"strainer" of unwanted electronic information flow (there are
indications this process has begun now). The Army Security Agency (ASA),
which has the worlds most sophisticated signals intelligence and electronic monitoring capabilities has began setting up clandestine servers to
monitor traffic, catalog, classify, and achieve. 

>From the above sampling of events, it is clear that both government and
pressure groups with sacred cows to defend have determined that
uncontrolled information flow between people is a threat to their
interests. The results of this statist thinking will lead to a "war on
information" similar to the "war on drugs," curtailing free speech and
informed opinion. Like the war on drugs the real objective will not be
to save society but rather to control society. CYBER WARS are breaking out between the people and government over the flow of information. What
is wanted by these would be internet thought police is nothing less then
the right of government and religious (in this case Judaism) imprimatur
on the transfer of electronic information: an electron iron curtain. 

Efforts at censorship by religious groups are not new to this continent.
The Spanish Catholic church which saw nothing of value among the
writings of Aztecs and Mayans ordered their books burned in contempt. Like them, Rabbi Abraham Cooper and the Anti-defamation League see nothing of value in the words of those who beg to disagree. Black robed priests
yelled the smear words of the 16th century "Vile heretic!" and labeled
non-catholics "pagan savages." Rabbi Cooper and his religious cohorts of
the new inquisition cry "anti-Semitic" and label those who believe
differently "hatemongers." The words have changed, but for those
shouting them the objective is the same: eliminate the opposition, the
opponent is never answered; he is discredited. Fear kept many silent who
would have otherwise opposed the Catholic Inquisition. Fear of the rack
and straps of being labeled anti-Semitic will keep many quite today. The
call now for censorship by Rabbis is much like the pyres of Priests in
the fifteenth century it is an electronic equivalent of book burning.
The zealots willingness to accept only his personal vision of the world
around him has led mankind down this same pernicious path before.
Intolerance it is clear, is not solely a non- Jewish characteristic. A
new inquisition has begun. This one will seek out the heretics of the
internet for the stake. Each age it seems, has it's TORQUEMADA. 

A warning of what is to come: as the Federal Government, Anti-Defamation
League, and the Central Intelligence Agency seek to squelch or control
the net, look for senseless acts of random electronic violence. These
acts of subterfuge will be committed by computer nerds at CIA and the ADL or their agent provocateurs and will appear to have been perpetrated by
"white racists," "neo-nazis," "patriots," "extremist anti-government
radicals," "hackers," or other identifiable dissidents of the right and left. The purpose of these incidents will be similar to those of a drive
by shooting to terrorize people into submission. In this case consent is
wanted for censorship rather than drug turf but the principal is the
same: a political/religious gang wants control. Understand that
establishment media, as the propaganda arm of the government, will on
cue make the call for censorship of the net. Those who have the
resources to employ the best politicians money can buy also own
newspapers, radio and television networks, for all serve their design.
That design being the control of people through the filtering of
information and repressive laws. After investing billions of dollars in media/information empires and politicians, all geared to work in tangent
keeping people under control, these modern day equivalents of the book
burners of former ages will not willingly let unfettered information
exchange hinder their efforts. With at least four federal agencies (FBI,
CIA, FINCEN, and ASA) investing hundreds of millions in advanced computer
systems designed solely to monitor and track people technological warfare
between the people and government will be a major component of the rest
of this century and perhaps longer. 

The new head of the CIA John Deutsch was hand picked by Bill Clinton and
his backers to carry forward plans for a technological police state to
rest upon the typical shoulders of bullet proof vests, black boots, and
front doors shattering under their assault. Air Force Lieutenant Colonel
Edward G. Lansdale, CIA operative par excellence, personally recruited
the new CIA director for his first Government job in the early 1960's at
just 22. Deutsch became one of Secretary of Defense Robert MacNamara's
('we never intended to win in Viet Nam') whiz kids in the Pentagon who
would help to design the Vietnam War; a slaughterhouse for other kids
not so fortuity as to have political connections. Deutsch has held
political posts under Democratic administrations and advisory or
academic positions during Republican administrations. Deutsch became
part of the elite permanent government of the United States that is
accountable to no one, and immune to the oversight process. The shell
game of elections and political parties have no effect on their
careers.. This select cadre move in and out of various Federal agencies
and advisory positions, always on the public dole, never elected,
spending their entire lives trying to control the affairs of others.
Much like the secret CIA Air Base (Area 51) at Groom Lake in
southeastern Nevada, there is an aureole of secrecy surrounding their
lives and functions. Deutsch's grandfather was a diamond merchant who
ran the Zionist Federation of Belgium and he is therefore expected to
work closely with the ADL and other pro-censorship groups. President
Clinton appointed Deutsch as Director Central Intelligence in May of
1995 at the moment when the bombing of the Federal kindergarten in
Oklahoma had allowed his Administration to launch a maximum
political/propaganda counter-offensive against the rapidly growing
discontent with, and mistrust of the federal government. Black smoke,
mutilated bodies, dying children, crying distraught mothers, created
exactly the atmosphere the government needed to turn things around. John
Deutsch is the man in charge of that effort for the government. 

Censorship is a word of many meanings. In a narrow sense it of course may
refer to suppression of information, or ideas. In a broader sense
however, it is the rape of the human mind: Taking away that which is
needed to make fair, informed opinions about this life. The mental
rapist of today is no different in his goals than the back ally pervert who by force assaults a defenseless woman, taking from someone else that which he has no right to. Both acts are the works of the most
contemptible sorts of humankind, desperate men, fearful of the light of
day. What is being called for by the online information censors is the
equivalent to Bosnian ethnic cleansing' a sort of information cleansing
of the internet. 

It seems ironic to many that the ADL which has made innumerable calls for
"diversity" would spearhead these efforts at censorship. What is being
called for by them, the Simon Wiesenthal Center, and Rabbi Cooper is the
equivalent to Bosnian ethnic cleansing' a sort of information cleansing
of the internet. Perhaps a new organizational motto of "Many Cultures, One Opinion" would be more in line with true ADL objectives. It is not
just a little bit odd that the same people who fear firearms in the hands of the people fear information in the minds of people. The ADL
supported the recent government ban on certain types of firearms just as
it supports government action to censor the net. As firearms laws only
disarm honest citizens who obey the laws, information bans only effect
people who desire to think for themselves. One pundit has already
quipped that "I'll give up my information when they pry my cold dead fingers from the keyboard." 

In closing the author would like to make two additional things clear.
First, there are Jews who oppose censorship although to this point their
voice is but a whisper compared to the intolerance of the Anti- Defamation League and Rabbi Cooper. Second, that writing about Jewish religious
leaders and government spymasters operating in a collusive effort to
erect an electron iron curtain to restrict freedom of speech and
information does not make one anti-Semitic or anti-government. The truth
is anti-Semitic. The government is erecting a police state. The author
opposes both oppressive religious groups and repressive government. If
speaking the truth and opposing tyranny makes one anti-Semitic and
anti-government, then I am both... 





From unicorn at schloss.li  Thu Nov 14 18:45:55 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Thu, 14 Nov 1996 18:45:55 -0800 (PST)
Subject: Validating SSNs
In-Reply-To: <Pine.SOL.3.91.961113202851.18335A-100000@rigel.infonex.com>
Message-ID: <Pine.SUN.3.94.961114214245.24555B-100000@polaris>


On Wed, 13 Nov 1996, putney wrote:

> >At 4:13 PM 11/13/96, Black Unicorn wrote:
> 
> >>Exercise for the reader:  How does the bank verify SSNs?
> 
> >OK, I'll bite.
> 
> >My guess is that the bank sticks the SSN in a report to the IRS and the
> >bank is happy with the SSN as long as the IRS doesn't complain about it.
> 
> >Now, does the IRS check? I suspect that they don't, either. Their objective
> >is to look for "matches" with SSNs that show up on filed tax forms, since
> >they want to verify the data on the tax form. Given the behavior of every
> >other large database I've ever seen, I'd guess that there would be a huge
> >number of SSNs that don't in fact associate with tax forms. If someone High
> >Up hasn't decreed that they should chase such things down (and allocated
> >heaps of money to do it), they'll ignore the mismatches.
> 
> >This seems consistent with the reports of people who use bogus SSNs for
> >decades at a time.
> 
> >Rick.
> >smith at sctc.com
> 
> Yup - You've got it right.  A bank's responsibility is to make the SSN 
> match on tape with what the IRS has - thats it.  It was part of the big 
> stink in the 80's when congress first said that all banks had to withhold 
> on all interest, the banks yelled, and then the SSN match program was 
> instituted.

Wrong.  A bank's responsibility is to report the SSN given to the IRS and
forget about it until told to do otherwise.

> 
> There are significant fines for banks that do not follow up on 
> mis-matches, or do not begin "back-up" withholding.  One person is no big 
> deal, but they add up fast!

There are fines for refusing to comply with IRS directives to do so.
There is no direct responsibility for financial institutions in the
United States to investigate the SSN their customer provides other than to
complain to the depositor.

> The IRS's job is to collect income so if the number matches with a filing 
> then a-okay!
> 
> Yo.
> 
> Putney

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From rcgraves at ix.netcom.com  Thu Nov 14 18:47:53 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Thu, 14 Nov 1996 18:47:53 -0800 (PST)
Subject: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <328BD9B5.3AAF@ix.netcom.com>


Robert Hettinga wrote:
> 
> At 8:02 pm -0500 11/11/96, Rich Graves wrote:
> 
> >You people are wimps. The only real effect of the good doctor's rants
> >has been, as Mr. May indicated, to get the good doctor on the "don't
> >hire" list.
> 
> Sorry. I wasn't clear. My tongue was planted firmly in cheek there.
> I'm "frequently tempted" in the same way I'm "frequently tempted" to
> rip someone's head off and shit down their neck.

Sorry for the misinterpretation. Clearly your reputation has not 
persisted in my mind with sufficent clarity since the last time I was 
involved in a cypherpunks discussion. (Or possibly this issue has 
brought together such strange bedfollows that I'm ready to believe that 
anything is possible.)

> >People are just going to have to be smarter than they've ever been.
> >The Net enables sharing and verifying real information just as it
> >enables disinformation. Sure disinformation will always be cheaper to 
> >produce and more appealing to the eye (fact is harder to accept than 
> >fiction because fictional plots are written to make sense), but 
> >disinformation tends to cancel itself out.
> 
> I agree, but, I think that, in the long run, disinformation may cost 
> more. Lying always involves more work, and thus cost, than telling the 
> truth. In order to support a lie you have to keep weaving a coherent 
> tissue of other lies around the original lie to support it, all of 
> which makes the original lie more and more non-plausible. In other 
> words, the more "resolution" you get on a lie, the more it looks like
> a lie.

I disagree. You're assuming that you're dealing with a rational person 
who wants to be believed. It is not difficult to come up with examples 
of pure disinformation that is just "thrown out there" and never 
supported. Keep repeating the same lie, and *nonspecialists* will assume 
that there is a "debate" going on. To take an example that won't make me 
sound "politically correct," let's say the national security 
establishment tries to spread the rumor that the remailers are run by 
spooks (we've all seen the rumor; I'm not arguing and do not really 
believe that the rumor was started by spooks, but let's assume for the 
sake of argument that it was). *We* all know that this is nonsense; but 
*nonspecialists* and journalists will seize on "the controversy," and 
the perception of danger will create a real chilling effect on remailer 
use. There are still people out there who refuse to use any version of 
PGP after 2.3 because of such repeated rumors. Absolutely no one is 
trying to back them up with more complex lies; but the rumor persists.

> Maybe that's the "cancel itself out" you're talking about.

No, actually I meant that competing propaganda tends to kill itself -- 
normal people tend just to throw up their hands and say "What the hell 
does it matter anyway" -- but your interpretation is worth talking 
about, too.

> Of course, that implies critical thinking on the part of the listener,
> or at least access to critical information, which is what the net
> provides at a cheap price, like you said.

No. It requires both. And sometimes, technical skill. How many people 
here know enough to evaluate the data concerning, to take a notorious 
example, the Kennedy assassination? I accept the historical consensus, 
but I know there are a lot of otherwise rational people on cypherpunks 
who are convinced that there was some sort of coverup (which sort, they 
often don't know or care; but they're conviced there was one). Oliver 
Stone got some ridiculous movie made based on this non-thesis (actually 
two, counting Nixon). People growing up today are learning pseudohistory 
and pseudoscience from Oliver Stone, "The X Files," "Dark Skies," and 
"Millenium." I find that scary. The net is better than TV, because it 
allows more responses, but I'm not sure how much better.

> So, maybe what we're saying here is that disinformation costs more
> than information, but if disinformer has more money, or at least
> communication resources, it'll be believed.

No, I think pure disinformation is cheaper. Period. And often, it 
doesn't have to be "believed" -- you just need to raise "suspicions" 
among nonspecialists. That is sufficent to destroy consensus and trust 
in social institutions. At the risk of sounding politically correct, how 
many nonspecialists "suspect" that the accepted history of the Holocaust 
*could* be a massive propaganda plot? (Yeah, yeah, I know the "soap 
stories" and the Polich Communists' exaggeration of the non-Jewish death 
toll at Auschwitz and all that rot, but I mean the basic facts, which 
are often denied. If you want to jump on this point, take it to 
alt.revisionism, which I read closely.) Absolutely no historians believe 
that, but lots of nonspecialists do. This doesn't mean that they believe 
it to be true; it just means that there's doubt. This kind of "doubt" is 
not the same as skepticism. Skepticism is good. Skeptical inquiry means 
you decide to take the time to investigate a story. Stubborn, cynical 
doubt, especially when based on ignorance and prejudice, is something 
else entirely.

> On a geodesic network, this is much harder, because centralized
> nodes choke on their information load, and can't spread lies as 
> cheaply as they can on a hierarchically controlled communication 
> network, like broadcast, or even print, media.

I disagree with two of your premises. Knowing several real journalists 
(as opposed to opinion columnists), I don't consider print or broadcast 
to be particularly hierarchical. The difficulty of propagating 
disinformation depends on whether you want people to believe, or merely 
"suspect." The TWA 800 friendly-fire fiction doesn't have to be accepted 
as definitely true for it to cause trouble. The "supicion" of Richard 
Jewell doesn't have to be accepted as definitely true for it to cause 
trouble. Disinformation is more often about sowing fear, uncertainty, 
and doubt than it is about belief. Sold the right way, it can propagate 
itself; the (IMO) disinformation that the CIA is directly responsible 
for the crack-cocaine epidemic is spread by radical blacks who see it as 
a racist crime, and by radical-right conspiracy mongers who want to tie 
Clinton to the Mena story. Either way, the meme virus spreads. How many 
different kinds of groups are saying how many different groups "created" 
the AIDS virus? You don't have to "believe" that it's true for the meme 
to spread.

> >The opposite of the Black Unicorn approach to nym safety is the Liz
> >Taylor approach: "As long as they spell my name right, I don't care."
> >Nobody I care about is going to listen to some crank, or if they do,
> >they'll email me to check the facts, or if they don't, I have
> >alternative outlets for information. As long as I live in a free 
> >country with a free Internet, they can't touch me.
> 
> Say 'amen' somebody. Reputation is reputation, nym or not. However, 
> nyms allow something very important. Since the net enables reputation 
> to persist (functionally) forever, nyms allow you to "start over", 
> much in the same way that geographic frontiers have functioned
> historically.

To some extent, but not fully. There is a certain cachet in being 
recognized as someone who uses "your real name."

"We pledge our lives, our fortunes, and our sacred honour."

"John Hancock."

> The paradox of ubiquitous network computing is it takes away privacy
> by creating persistant information accessable to anyone, while at the
> same time creating perfect pseudonymity and thus new reputation.

Pseudonymity is only perfect where artificial boundaries such as respect 
for netiquette are erected. If someone really wanted to track you down, 
they could either find you, or "out" you as a pseudonym "afraid to use 
your own name." Both can be damaging (to your reputation or otherwise). 
In order to put your life on the line for something, you need a life 
story.

-rich





From ddt at pgp.com  Thu Nov 14 19:08:55 1996
From: ddt at pgp.com (Dave Del Torto)
Date: Thu, 14 Nov 1996 19:08:55 -0800 (PST)
Subject: One Big Telecoms Company
In-Reply-To: <3.0b36.32.19961114095406.007664e4@panix.com>
Message-ID: <v0310081aaeb180b92d26@[205.180.136.70]>


In Reply to the Message wherein it was written:

[elided]
>If government monopolies can't hack it, what chance do private companies
>have?

Um, a _better_ one, now that government monopolies are largely out of the
way, leaving significant infrastructure for them to use? There's this one
little company called MCI, see, and there's this _other_ little company
called BT, and...

 {rrring-rrring}

Operator: "Thank you for using MonoTel: and how may we help you today?"
You:      "I'd like to place a call...?"
Operator: "And who would you like to call today, Sir?"
You:      "Uh, my big bother Sam in Washington, please. He's at 212, 555..."
Operator: "I see. Hrmm, let me see if management says it's OK for me to
           dial that number for you... please hold while I look up our
           policy on you calling your family."
 {long pause}
Operator: "Hello, Sir?
You:      "Um, yes, hello?"
Operator: "Um, Sir, have you paid your phone bill for today?"
You:      "Well, gee, I _think_ so... how much was it for today?"
Operator: "Well, our rates went up again at Noon, so that may account for
           the discrepancy. Let me connect you to our Loan Officer so you
           can arrange payment..."
You:      "No, PLEASE, I just need to call my brother, plea-"
Operator: {click... buzz... whirr}
Loan Ofcr:"Hello. Loan Department. May I please have your 20-bit
           customer fingerprint?"
You:      "Uh, sure. Let's see.... 01 D4 3E...{etc}...C2 0A."
Loan Ofcr:"OK, fine. Now, what can I do for you today, Sir?
You:      "Look, I just want to call my big brother Sam in DC, and they
           connected me to you instead..."
Loan Ofcr:"Oh, I see, and have you paid your daily bill today, Sir?"
You:      "Well, I THOUGHT I did. I went to the telephone, I inserted my
           MonoTel smartcard and I dialled the passcode. Then it sucked the
           card in and didn't give it back to me! I figured it was enough."
Loan Ofcr:"Well, it happens to allof us, Sir, don't feel bad. Now, what
           sort of collateral will you be putting up for this call? Do you
           own or rent?
You:      "Well, I used to own, but then I decided to add a modem line, so
           I had to refinance..."
Loan Ofcr:"Ahhh, so this will be a third or a fourth phone mortgage for
           you?"

   dave

____________________________________________________________________________
"The Occupational Safety & Health Administration (OSHA) has determined that
 the Maximum Load Capacity of my butt is two (2) persons at one time,
 unless I install handrails or safety straps. As you have arrived sixth in
 line to ride my ass, please take a number and wait your turn. Thank you."

________________________________________________________________________
Dave Del Torto                                      +1.415.65432.31  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web







From rcgraves at ix.netcom.com  Thu Nov 14 19:21:43 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Thu, 14 Nov 1996 19:21:43 -0800 (PST)
Subject: ??????????????????????
In-Reply-To: <009AB5CC.FF1721B2.131@papa.uncp.edu>
Message-ID: <328BE1A2.29AF@ix.netcom.com>


newtonm at papa.uncp.edu (We Know Where You Live) wrote:
> 
> I have a breif question for all you folks out there....
> Does anyone know the email address and procedure for sending your mail 
> via "cypherpunks" so that it changes your e-mail address so that the 
> person recieving your e-mail message sees on the mesage that its only 
> from an anonymous source?

Nope. Never heard of such a thing. If you ever figure it out, be sure to 
get back to us.

-rich





From jimbell at pacifier.com  Thu Nov 14 19:27:03 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 14 Nov 1996 19:27:03 -0800 (PST)
Subject: Conspiring to commit voodoo
Message-ID: <199611150326.TAA07305@mail.pacifier.com>


At 09:57 PM 11/12/96 -0500, Black Unicorn wrote:
>A friend of mine tells an interesting story.
>On driving to a convenience store early in wee hours, he sees a man
>splayed across the hood of a parked car, perhaps dead.  Being the good
>citizen he is he tracks down a police car and reports the incident.
>Instead of investigating the "body," the police decide to pull him over
>and write him $700 in tickets for various fictitous violations (all of
>which were later thrown out).  He, as would any reasonable
>citizen, protested, not so much for the tickets, but for the
>possibility that the prone man might need medical attention.
>(The incident was not called in on the radio).  He took the
>tickets and remarked something to the effect of, "I can't
>believe this is what one gets for trying to be a good citizen,
>trying to get involved."  Officer's response:  "Yep.  Next time 
>don't bother."  Eventually, some 30 mintues later the police drive to the
>location and revive what was a sleeping bum, take my friend to the station
>and make him wake his wife to bail him out to the tune of $250
>Total cost: $300 in legal fees to fight the "violations."


This story further confirms my lack of respect for Unicorn.  

While this story certainly teaches us to avoid contact with the police, it 
turns out that it ALSO shows that, ultimately, the current system is 
apparently set up to profit lawyers, police, judges, and other vermin.  
Those groups made out just fine as a consequence of the above incident:  The 
cop(s) harassed a "safe" victim, rather than actually going out and doing 
their job.  A lawyer got paid the money for, at best, merely ceasing the 
harassment the cops started.  The judge made it all look "legal," although 
not proper, and could feel good about himself for (aside from collecting his 
paycheck) turning the victim loose.  In short, the harassment wasn't UNDONE, 
it was merely STOPPED, for now.  The cops had, in fact, succeeded in causing 
the victim to lose $300.  Which, interestingly enough, was  probably the 
point of the whole exercise.

AP, on the other hand, would have fixed this problem, permanently.  The cop 
would be dead, eventually if not immediately.  The lawyer would be out of a 
job, as well as the judge.  In practice, AP would have deterred all such 
abuse, which means that it would have succeeded where Unicorn's implicit 
recommendation ("get a lawyer") would have failed.




 

Jim Bell
jimbell at pacifier.com





From sandfort at crl.com  Thu Nov 14 19:39:19 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 14 Nov 1996 19:39:19 -0800 (PST)
Subject: Cryptoanarchy in the field
In-Reply-To: <199611150137.RAA16422@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.91.961114193318.12707A-100000@crl8.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Thu, 14 Nov 1996, yet another John Anonymous MacDonald wrote:

> How many people in Singapore speak English?

Essentially all of them.  It's the main official language.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From jimbell at pacifier.com  Thu Nov 14 19:40:47 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 14 Nov 1996 19:40:47 -0800 (PST)
Subject: A Disservice to Mr. Bell
Message-ID: <199611150340.TAA08395@mail.pacifier.com>


At 12:14 PM 11/14/96 -0500, hallam at vesuvius.ai.mit.edu wrote:
>
>>As for the "self-selected" issue:  In almost all areas of human endeavor, 
>>things are (often?  usually?) done by people who are "self-selected."  I 
>>suggest that there is simply no reason that even "self-selected" courts 
>>cannot work.
>
>Oh I forgot to mention, last week we found you guilty of sedition, it
>was a pity you were not present to put your case but maybe if you had 
>bothere to read the court roster you would have attended.

You might be surprised to learn that this kind of thing doesn't bother me at 
all.  To whatever extent such commonlaw courts act like loose cannons, they 
will primarily tend to do so against those who are most abusive of the 
public's perceived rights.  Like a non-lethal version of AP, those people 
who are most abusive of the public (primarily current government employees 
and officeholders) will be named most often in commonlaw court proceedings.  
Eventually, they will begin to behave.

>>1.  Commonlaw courts predate the US Constitution by a few hundred years.  
>>The former does not depend on the latter for authority or credibility.  
>
>Untrue, the US constitution replaced all previous constitutions.

But commonlaw courts were not a product of previous constitutions.  And the 
US constitution certainly didn't "replace all previous constitutions":  
state constitutions were "replaced."    The only document the Federal 
constitution arguably "replaced" was the Articles of the Confederation.

> Thats
>what the supremacy clause is all about. All previously existing courts
>were extinguished.

Ah!  So you admit that these courts were "previously existing," huh?  Well, 
if that's the case, merely read the 9th and 10th amendments and tell me how 
you're so sure that "all previously existing courts were extinguished."


>>2.  The US Constitution is, at most, a statement of the authority of the 
>>FEDERAL portion of government.
>
>It also includes a supremacy cluase and a "due process" clause. The
>due process clause means amongst other things that noone can be subjected 
>to proceedings that are not authorised under the constitution.

Anyone in state court are "subjected to proceedings that are not authorized 
under the [Federal] constitution."  Clearly, state courts operated before 
the Federal Constitution existed.  And the "due process clause" may simply 
apply to the Federal government, not necessarily all individuals or the 
organizations they form.


>>3. The Federal Constitution only references states, and I don't think it 
>>references state Constitutions at all.
>
>There is no logical reason why it should, if a state exists it has a process
>of government, a boundary to its authority and performs legislative,
>excutive and judicial functions. The explicit recognition of the states
>was necessary since otherwise the supremacy clause would claim to extinguish
>their rights. 

There's a big inconsistency with what you just said.  It was the 
representatives of the STATES which WROTE the US Constitution.  Their 
ratification was _necessary_ to approve that document.  If states were not 
recognized, nor their representatives, they would have been unable to ratify 
the Federal constitution.  It would be, therefore, totally illogical to 
believe that the product of their writing could somehow "extinguish" the 
rights of the citizens, let alone the states.  You're obviously confused.


>The authority of the states to make law is explicitly 
>stated.

Whatever it said, it was not necessary to have said it.  The 9th and 10th 
amendments make it clear that any power not explicitly granted the Feds was 
reserved to the states or the people.


>>You should have said, SOME courts.  Not "the courts," implying ALL the 
>>courts.  Notice that the US Federal Constitution (at least, to my 
>>recollection) does not describe or regulate state courts, or for that matter 
>>local courts.
>
>It recognises the states, and thus their constitutions. If you can find 
>a state which omitted a supremacy clause from its constitution then you
>might have a point.
>
>
>As a practical matter however the immediate effect of claiming to issue
>proceedings under "common law courts" is from now on almost certain to 
>be criminal and civil proceedings followed by long jail sentences.

Oh, really?  It certainly isn't "criminal."  At most, you might try to claim 
that it is legally irrelevant.  After all, if commonlaw courts don't really 
exist, then nothing they do has legal weight, and thus it's a legal nullity. 
 But your commentary seems to indicate that no, what commonlaw courts do is 
not only real and significant, it's also going to be called "criminal."  In 
other words, it's a threat to the existing legal monopoly.


>While Jim Bell can pick nits and pretend that he is a lawyer the people
>recognised as lawyers in our society act in a different matter. 

All of whom are trained to recognize the existing legal monopoly.

>It is 
>an empirical fact that those convicted in federal and state courts
>go to jail, those convicted in "common law kangeroo courts do not". In
>fact the only people who do are the judges, jurors and other 
>instigators.

Of what relevance is this?  Sending a person to jail is only one of many 
ways a court can exercise its power.  


>It is an empirical fact that the authority of "common law" courts 
>is not recognised by society. 

"Society"?  I think you mean "the people who believe they are in charge."  
The "thuggerati" would be one way to identify them.

The vast majority of the population of the US are simply unaware of 
commonlaw courts.  In fact, it's quite possible that the vast majority of 
the population can't quote even a single law verbatim.   The average person 
knows nothing of the history of commonlaw courts, and therefore what he 
"recognizes" is unlikely to include them  


>They can be dealt with easily enough,
>the intended victim need only apply to a real court for an injuction
>prohibiting proceedings,

What "proceedings"?  You just said that commonlaw courts do not exist, and 
that their actions are legally irrelevant.  Why should an "intended victim" 
NEED to "apply to a real [sic] court for an injunction"?  An "injunction" is 
generally obtained to prevent somebody from doing something that he'd 
otherwise have the power (and, often, the right) to do absent the injunction.


>turn up to the "court" to serve the injunction
>and if people insist on proceeding apply to the real court for 
>enforcement of the original order since anyone participating in the 
>"common law court" would then be in contempt. 

They would only be "in contempt" if their actions were legally relevant, 
which you have already denied.


Your problem is obvious:  You're desperate, and you can't promote a 
consistent argument.  I, far more honestly, started by pointing out the fact 
that commonlaw courts are but one type of court, and they were in 
competition with equity courts in England for centuries.   It's a power 
stuggle, quite analogous to the free market, and if anything their long 
absense  will only make the competition keener.  Naturally, the opponents of 
commonlaw courts  (and, "opponents" are exactly what they are; they are 
biased on one side of the issue) want to deny past reality as well as 
prevent the resurgence of those courts.


Jim Bell
jimbell at pacifier.com





From vznuri at netcom.com  Thu Nov 14 19:47:15 1996
From: vznuri at netcom.com (Vladimir Z. Nuri)
Date: Thu, 14 Nov 1996 19:47:15 -0800 (PST)
Subject: No Subject
In-Reply-To: <1.5.4.32.19961114131814.006c3730@pop.pipeline.com>
Message-ID: <199611150347.TAA10625@netcom20.netcom.com>



>
>Cypherpunks does not seem to me to be anything like the well-
>regulated lists you ascribe to Prof Volokh.
>

Declan should rest his point here. the cpunk listis notorious
for being way astray. yet cpunks continuously argue against
anyone with a moderator type role. could there be some correlation
between lack of moderation/leadership on the list and the 
piles of noise that people incessantly complain about? of 
course I'm insane for suggesting this.

I've repeatedly advocated
the usefulness of a good moderator. cpunks believe that such
a role is anti-anarchic (which it is), and therefore bogus.
the root of this is deeper, it relates to the psychology of
EH, TCM, JG who all have very love-hate relationships
with leadership.

this list suffers neglect by its creators 
unlike any other mailing list I know of in cyberspace, and
they are proud of that neglect, instead they call it "anarchy"
and claim it is a major blessing.

I think many people need to learn a lesson that cyberspace
doesn't change certain basic realities, such as how important
a dynamic leader is in forward motion in any area. but they
will have plenty of opportunities to learn over the next
few years and decades. and I'll be snickering in the sidelines
as long as they wonder aloud why their realities are as
they are and they find the deficiencies therein inscrutable.





From ichudov at algebra.com  Thu Nov 14 19:49:37 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Thu, 14 Nov 1996 19:49:37 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328B75D1.10A@tivoli.com>
Message-ID: <199611150338.VAA04307@manifold.algebra.com>


Mike McNally wrote:
> 
> Dave Hayes wrote:
> >
> >  Symbolically, he punched holes in his ideology. That's my
> > opinion.
> 
> Note that this is only true if John's ideology in the first placed
> was what you think it was.  He may have "punched holes" in the
> conception of John's ideology that you'd formed in your own mind,
> of course.

Umm, even if we accept Dave's claim that Gilmore pinched holes in 
his ideology, these holes are no bigger than Dave Hayes's own holes,
since he exercises censorship of Freedom Fighters mailing list.

	- Igor.





From hallam at vesuvius.ai.mit.edu  Thu Nov 14 19:57:08 1996
From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu)
Date: Thu, 14 Nov 1996 19:57:08 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <199611150340.TAA08395@mail.pacifier.com>
Message-ID: <9611150401.AA01751@vesuvius.ai.mit.edu>



>You might be surprised to learn that this kind of thing doesn't bother me at 
>all.  To whatever extent such commonlaw courts act like loose cannons, they 
>will primarily tend to do so against those who are most abusive of the 
>public's perceived rights.

As a matter of fact the montana fruitcakes were principally into 
racial bigotry. If you care to read the documents they filed you would
know that.

>> Thats
>>what the supremacy clause is all about. All previously existing courts
>>were extinguished.

>Ah!  So you admit that these courts were "previously existing," huh?  Well, 
>if that's the case, merely read the 9th and 10th amendments and tell me how 
>you're so sure that "all previously existing courts were extinguished."

I admit no such thing if you could understand logic you would
realize that. There were pre-existing courts, those of King George.
They were extingished. Had common law courts existed (they did not
but for the sake of arguement I am indulging you in your fantasy) 
they would exist no longer.


		Phill






From sameer at c2.net  Thu Nov 14 20:06:27 1996
From: sameer at c2.net (sameer)
Date: Thu, 14 Nov 1996 20:06:27 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <Pine.SUN.3.94.961113224825.7335F-100000@polaris>
Message-ID: <199611150406.UAA04043@blacklodge.c2.net>


> 
> I'm still mildly curious as to why support for >128 bit keys is not
> available in any form I know of.

	What do you mean? 3DES ships with Stronghold, and will ship
with C2Net's other products as well.

-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net
http://www.c2.net/				sameer at c2.net





From rcgraves at ix.netcom.com  Thu Nov 14 20:15:51 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Thu, 14 Nov 1996 20:15:51 -0800 (PST)
Subject: Could Declan or some libertarian explain this?
Message-ID: <Pine.GUL.3.95.961114200538.29970B-100000@Networking.Stanford.EDU>


>From the so-called fight-censorship list. I would ask there, but the list
owner won't let me, and I won't stoop to Vulis's level.

|        PLEASE MARK MY WORDS: IF MY BOOK IS NOT RE-PUBLISHED AND AVAILABLE
|IN BOOKSTORES, THE CAUSE OF ACADEMIC FREEDOM IN THE WEST WILL BE IN A SORRY
|STATE.  FEW ACADEMICS WOULD BE PREPARED TO SUFFER THE MANY BLOWS AND
|THREATS THAT I HAVE NOW ENDURED FOR SIX MONTHS. IF 'The 'g' Factor'
|DISAPPEARS, SO WILL OTHER SERIOUS PRODUCTS OF RESEARCH AND SCHOLARSHIP --
|ESPECIALLY IF THEY ARE DEEMED "CONTROVERSIAL" BY THE LIBERAL-LEFT. 

His complaint is that his publisher stopped distribution of his book arguing
that blacks are mentally inferior to whites.

Could someone please explain to me how Chris Brand is different from Vulis? 
I mean in form; in practice, Declan is bashing Vulis for not recognizing
rights of private editorial control, but uncritically passing on Mr. Brand's
message alleging that private editorial control is censorship. Far be it
from me to criticize Declan's right to exercise editorial control over
substantive dissent and factual correction, but I was just wondering. 

-rich






From list at infowar.com  Thu Nov 14 21:19:32 1996
From: list at infowar.com (list)
Date: Thu, 14 Nov 1996 21:19:32 -0800 (PST)
Subject: infowar Digest for 14 Nov 1996
Message-ID: <199611150519.VAA27299@toad.com>


                       infowar Digest for 14 Nov 1996

Topics covered in this issue include:

   1: Flight Information Resource
             by Betty at infowar.com
   2: Flight Information Resource
             by Betty at infowar.com



--------------------------------------------------------------------------
1                                Message:0001                            1
--------------------------------------------------------------------------
To: infowar at infowar.com
From: "Betty G. O'Hearn" <betty at infowar.com>
Subject:


Infowar            Thursday November 14 1996        Volume 01: Number 03

We thank our sponsors:

Internet Security Solutions
New Dimensions International - Security Training
Secure Computing Corporation
HOMECOM Communications
National Computer Security Association
OPEN SOURCE SOLUTIONS, Inc.
__________________________________________________
Infowar at infowar.com is brought to you in the  the interest of an open,=
 unclassified exchange of information and ideas as a means for advancement=
 of Information Warfare related issues.   Topics of discussion for this list=
 include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques,=
 Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD.=20

As the list expands we will adapt to the needs and desires of our=
 subscribers.=20
__________________________________________________________
To: Infowar at infowar.com
From: winn at infowar.com
Subject: MCTL Process

Infowar.com is proud to have been given permission to publish the=20
latest  Military Critical Technologies List - Part I:  Weapons Systems=20
Technologies.=20

THE MCTL Process is the systemic ongoing assessment and analyses of=
 technologies to determine which technologies are Militarily Critical and=
 therefore should have additional controlsplaced  on them or made subject to=
 export control.=20

This document is the first of three parts.  Part two:  Weapons of Mass=20
Production and  Part three: Critical Developing Technologies  are in=
 development=20
and will be published when completed and made available to us.   Don't miss=
=20
reading this! Download Acrobat as the file is in  .pdf format. (acrobat=
 readers are free)  This file will be posted the week of November 17 1996.
------------------------------------------------------------
To:   Betty at infowar.com
From: "Eric L. Nelson, M.A." <enelson at nosc.mil>
Subject: G-TWO RECRUITMENT FORM
Sender: owner-g-two at majordomo.netcom.com

Please use this ammended form to inform your DOD intel
and CI colleagues about g-two.  Please discard previous
editions.

Thanks,

EL Nelson
moderator


Get The Word Out (G-TWO) is designed to provide direct assistance=20
to DOD intelligence and counterintelligence teams by providing=20
open-source intelligence and news summaries pertinent to DOD=20
interests.  Topics include:

    Political:
	Politics of intelligence.
	Political history of hotspots/groups/personalities.

    Information:
	WWW locations of intelligence usefulness with brief summaries.
	Lists, databases, and archives accessible via the internet.
	Resource sharing.

    NBC-M (nuclear, biological, chemical & medical):
	Biochem threat analysis/events (outbreaks).
	Medical technology and issues related to DOD missions/personnel.
	Tracking the development of NBC capabilities by country/group.

    Terrorism:
	Threat/threat mindsets/tactical intent.
	Issues related to security and threat issues.
	International Crime.
	New developments in terrorism.
	New technology/weapons systems with CT application.
	Info. on capability of Special Teams/personnel.

    Military/Intel Agencies:
	Force protection.
	OPSEC.
	Military plans/policies. =20
	Reports on terrorism/counter-terrorism activities.
	Data on military forces and capabilities (order of battle).

    Analysis:
	More analysis by SME's (subject matter experts).
	Emerging threat analysis.
	EOD/chemical analysis.
	Group profies (themes, objectives, etc.)  Who are these people?
	Cultural profiles and key info/customs to know.

    Technology & Industrial:
	Hacking/Infowar.
	Technology/precursor tracking, what is being procured by others.
	Industrial/technical intelligence on foreign countries-=20
		what are they doing?

    Other:
	Central/South American, and Caribbean information. =20
	Psychological profiles/cultural profiles of groups/personalities.
	Deception.
	Stateless Warfare Issues (gangs, 4th generation warfare).
	State department info. =20
	Washington Early Bird news summaries. =20
	World hot spot info.
	Information warfare.
        Daily news articles on terrorism and related issues
        State Department country studies
        State Department terrorist groups/personalities files
        Emergency News Network (ENN) updates
        Intelligent Concepts Daily News Summaries
        Special support tasking
	News flashes
        More to be added soon!

MEMBERSHIP: Limited to DOD intelligence and counterintelligence
personnel, (active, reserve, or retired).  Non-DOD intel/CI
applicants may request a waiver by demonstrating a need for=20
inclusion, (such as law enforcement intelligence, FBI, etc.)
To apply for membership answer the following questions and email
to Eric Nelson at:    =20

		enelson at rohan.sdsu.edu

<send the following>

 NAME/RANK:
 MILITARY UNIT/ORG:
 JOB TITLE:
 EMAIL ADDRESS:
 REG/RES/RET?
 NAME OF PERSON WHO REFERRED YOU (MANDATORY):

<clip here and send>

------------------------------------------------------------
From: "Robert A. Walton" <waltonr at meade-emh2.army.mil>=20
Subject: DC Area Infowar Event
Cc: "Betty G. O'Hearn" <betty at infowar.com>
Date: Thu, 14 Nov 1996 17:04:22 +0000

You may wish to post the following notice.

The Maryland chapter of Armed Forces Communications and Electronics=20
Association will have a luncheon meeting at the Fort Meade Officer's Club=20
on Tuesday, 19 November.  The lunch is at 11:45, the program follows at=20
12:30.  The speaker is Brigadier General Jaeger.  The topic is=20
"Information Warfare Exercise Lessons Learned."

The cost is $10.00 for the luncheon if you register today or Friday, or=20
$12.00 at the door Tuesday.  If you are interested in going, please call=20
Vicki Neuman at 301-317-9474 to make a reservation.

Thanks
Bob Walton
------------------------------------------------------------
To: infowar at infowar.com
From: aludwig at pacbell.net
Subject: Legal aspects of information warfare

My name is Aaron Ludwig and I am a third year law student at Whittier Law=20
School.  I am currently writing a law review article about the legal=20
aspects of information warfare.  If anyone has any insight or helpful=20
information regarding this topic please contact me at=20
aaronludwig at juno.com or simply reply to this mail.  The following are=20
just a few of the questions I hope to analyze and answer:

If the U.S. sustains an information-based attack, does this warrant an=20
armed response?(i.e., what constitutes an attack?)

What laws are involved in carrying out or defending against information=20
attacks?  What laws are involved in the detection of enemy information=20
warriors?

Last, but not least, I wonder whether anyone can tell me how to get a=20
hold of the proceedings of any of the information warfare conferences. =20
Keep in mind that I am a highly-leveraged (broke) law student.

Thank you.

Aaron
------------------------------------------------------------
To:       Infowar at infowar.com
From:   Betty at infowar.com
Subject:  Defense Science Board Task Force

 Defense Science Board Task Force on Information Warfare-Defense=20
(IW-D), will be issuing a report in the next few days.  Federal Computer=
 Week=20
has an interesting article stating that the report called the threat of an=
 IW=20
attack "significant," adding that the nation's "vulnerabilities are=
 numerous,=20
[and] the countermeasures are extremely limited...." You can read the=
 article at=20
  http://www.fcw.com/pubs/fcw/1111/duck.htm.  We will be publishing the=
 report=20
as it is made available to us.
------------------------------------------------------------
Date: 11 Nov 1996 20:13:20 CST
Subject: Flight Information Resource
Sender: owner-g-two at majordomo.netcom.com

ENN Info Update
11/11/96 - 20:00CST

New Information Resource Assists in Tracking Domestic Flights

(ENN) A free service called "Flight Trax" is now available on the
World-Wide-Web.
This  new information resource allows one to track the progress of any
domestic airflight within the contigious 48 states.

Call up:  http://www.amerwxcncpt.com/ with your favorite internet
browser. The program will ask you for the flight number, the airline, and=
 the destination airport (using the FAA designated three-letter code). The=
 program will
then show you the kind of aricraft used, its flight's path, its location
on that path (accurate to within two or three minutes), and its expected
time of arrival at its destination. It will not tell you why it may have
been delayed.

The information is provided by Flyte-Comm of Ft. Lauderdale, FL, which
uses data from the FAA to produce the flight estimates.  Might be prove
useful while waiting for Grandma's flight to come in from Des Moines, or
a variety of other uses.

Courtesy of:

EmergencyNet News Service
Emergency Response & Research Institute
6348 N. Milwaukee Ave., #312
Chicago, IL. 60646
(773) 631-3774 - Voice
(773) 631-4703 - Fax
(773) 631-3467 - Modem/Emergency BBS On-Line
http://www.emergency.com - Website
enn at emergency.com - E-mail
------------------------------------------------------------
END

Infowar            Thursday November 14 1996        Volume 01: Number 03


DIRECT REQUESTS to:    list at infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe infowar        TO JOIN GROUP
Unsubscribe infowar    TO LEAVE GROUP
Help infowar               TO RECEIVE HELP=20
TO POST A MESSAGE:  E-Mail to   infowar at infowar.com =20

_____________________________________________________
Infowar.Com
Interpact, Inc.
Winn Schwartau
winn at infowar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361  FAX

Sponsor Opportunities/Comments/Help

Betty G. O'Hearn
Assistant to Winn Schwartau
http://www.infowar.com
betty at infowar.com
813-367-7277  Voice
813-363-7277  FAX



--------------------------------------------------------------------------
2                                Message:0002                            2
--------------------------------------------------------------------------
To: infowar at infowar.com
From: "Betty G. O'Hearn" <betty at infowar.com>
Subject:


Infowar            Thursday November 14 1996        Volume 01: Number 03

We thank our sponsors:

Internet Security Solutions
New Dimensions International - Security Training
Secure Computing Corporation
HOMECOM Communications
National Computer Security Association
OPEN SOURCE SOLUTIONS, Inc.
__________________________________________________
Infowar at infowar.com is brought to you in the  the interest of an open, unclassified exchange of information and ideas as a means for advancement of Information Warfare related issues.   Topics of discussion for this list include:  Infowar, Electronic Civil Defense, Hacking, Defensive Techniques, Policy, Non-Lethals, Psyops, Chemical Warfare Agents and WMD. 

As the list expands we will adapt to the needs and desires of our subscribers. 
__________________________________________________________
To: Infowar at infowar.com
From: winn at infowar.com
Subject: MCTL Process

Infowar.com is proud to have been given permission to publish the 
latest  Military Critical Technologies List - Part I:  Weapons Systems 
Technologies. 

THE MCTL Process is the systemic ongoing assessment and analyses of technologies to determine which technologies are Militarily Critical and therefore should have additional controlsplaced  on them or made subject to export control. 

This document is the first of three parts.  Part two:  Weapons of Mass 
Production and  Part three: Critical Developing Technologies  are in development 
and will be published when completed and made available to us.   Don't miss 
reading this! Download Acrobat as the file is in  .pdf format. (acrobat readers are free)  This file will be posted the week of November 17 1996.
------------------------------------------------------------
To:   Betty at infowar.com
From: "Eric L. Nelson, M.A." <enelson at nosc.mil>
Subject: G-TWO RECRUITMENT FORM
Sender: owner-g-two at majordomo.netcom.com

Please use this ammended form to inform your DOD intel
and CI colleagues about g-two.  Please discard previous
editions.

Thanks,

EL Nelson
moderator


Get The Word Out (G-TWO) is designed to provide direct assistance 
to DOD intelligence and counterintelligence teams by providing 
open-source intelligence and news summaries pertinent to DOD 
interests.  Topics include:

    Political:
	Politics of intelligence.
	Political history of hotspots/groups/personalities.

    Information:
	WWW locations of intelligence usefulness with brief summaries.
	Lists, databases, and archives accessible via the internet.
	Resource sharing.

    NBC-M (nuclear, biological, chemical & medical):
	Biochem threat analysis/events (outbreaks).
	Medical technology and issues related to DOD missions/personnel.
	Tracking the development of NBC capabilities by country/group.

    Terrorism:
	Threat/threat mindsets/tactical intent.
	Issues related to security and threat issues.
	International Crime.
	New developments in terrorism.
	New technology/weapons systems with CT application.
	Info. on capability of Special Teams/personnel.

    Military/Intel Agencies:
	Force protection.
	OPSEC.
	Military plans/policies.  
	Reports on terrorism/counter-terrorism activities.
	Data on military forces and capabilities (order of battle).

    Analysis:
	More analysis by SME's (subject matter experts).
	Emerging threat analysis.
	EOD/chemical analysis.
	Group profies (themes, objectives, etc.)  Who are these people?
	Cultural profiles and key info/customs to know.

    Technology & Industrial:
	Hacking/Infowar.
	Technology/precursor tracking, what is being procured by others.
	Industrial/technical intelligence on foreign countries- 
		what are they doing?

    Other:
	Central/South American, and Caribbean information.  
	Psychological profiles/cultural profiles of groups/personalities.
	Deception.
	Stateless Warfare Issues (gangs, 4th generation warfare).
	State department info.  
	Washington Early Bird news summaries.  
	World hot spot info.
	Information warfare.
        Daily news articles on terrorism and related issues
        State Department country studies
        State Department terrorist groups/personalities files
        Emergency News Network (ENN) updates
        Intelligent Concepts Daily News Summaries
        Special support tasking
	News flashes
        More to be added soon!

MEMBERSHIP: Limited to DOD intelligence and counterintelligence
personnel, (active, reserve, or retired).  Non-DOD intel/CI
applicants may request a waiver by demonstrating a need for 
inclusion, (such as law enforcement intelligence, FBI, etc.)
To apply for membership answer the following questions and email
to Eric Nelson at:     

		enelson at rohan.sdsu.edu

<send the following>

 NAME/RANK:
 MILITARY UNIT/ORG:
 JOB TITLE:
 EMAIL ADDRESS:
 REG/RES/RET?
 NAME OF PERSON WHO REFERRED YOU (MANDATORY):

<clip here and send>

------------------------------------------------------------
From: "Robert A. Walton" <waltonr at meade-emh2.army.mil> 
Subject: DC Area Infowar Event
Cc: "Betty G. O'Hearn" <betty at infowar.com>
Date: Thu, 14 Nov 1996 17:04:22 +0000

You may wish to post the following notice.

The Maryland chapter of Armed Forces Communications and Electronics 
Association will have a luncheon meeting at the Fort Meade Officer's Club 
on Tuesday, 19 November.  The lunch is at 11:45, the program follows at 
12:30.  The speaker is Brigadier General Jaeger.  The topic is 
"Information Warfare Exercise Lessons Learned."

The cost is $10.00 for the luncheon if you register today or Friday, or 
$12.00 at the door Tuesday.  If you are interested in going, please call 
Vicki Neuman at 301-317-9474 to make a reservation.

Thanks
Bob Walton
------------------------------------------------------------
To: infowar at infowar.com
From: aludwig at pacbell.net
Subject: Legal aspects of information warfare

My name is Aaron Ludwig and I am a third year law student at Whittier Law 
School.  I am currently writing a law review article about the legal 
aspects of information warfare.  If anyone has any insight or helpful 
information regarding this topic please contact me at 
aaronludwig at juno.com or simply reply to this mail.  The following are 
just a few of the questions I hope to analyze and answer:

If the U.S. sustains an information-based attack, does this warrant an 
armed response?(i.e., what constitutes an attack?)

What laws are involved in carrying out or defending against information 
attacks?  What laws are involved in the detection of enemy information 
warriors?

Last, but not least, I wonder whether anyone can tell me how to get a 
hold of the proceedings of any of the information warfare conferences.  
Keep in mind that I am a highly-leveraged (broke) law student.

Thank you.

Aaron
------------------------------------------------------------
To:       Infowar at infowar.com
From:   Betty at infowar.com
Subject:  Defense Science Board Task Force

 Defense Science Board Task Force on Information Warfare-Defense 
(IW-D), will be issuing a report in the next few days.  Federal Computer Week 
has an interesting article stating that the report called the threat of an IW 
attack "significant," adding that the nation's "vulnerabilities are numerous, 
[and] the countermeasures are extremely limited...." You can read the article at 
  http://www.fcw.com/pubs/fcw/1111/duck.htm.  We will be publishing the report 
as it is made available to us.
------------------------------------------------------------
Date: 11 Nov 1996 20:13:20 CST
Subject: Flight Information Resource
Sender: owner-g-two at majordomo.netcom.com

ENN Info Update
11/11/96 - 20:00CST

New Information Resource Assists in Tracking Domestic Flights

(ENN) A free service called "Flight Trax" is now available on the
World-Wide-Web.
This  new information resource allows one to track the progress of any
domestic airflight within the contigious 48 states.

Call up:  http://www.amerwxcncpt.com/ with your favorite internet
browser. The program will ask you for the flight number, the airline, and the destination airport (using the FAA designated three-letter code). The program will
then show you the kind of aricraft used, its flight's path, its location
on that path (accurate to within two or three minutes), and its expected
time of arrival at its destination. It will not tell you why it may have
been delayed.

The information is provided by Flyte-Comm of Ft. Lauderdale, FL, which
uses data from the FAA to produce the flight estimates.  Might be prove
useful while waiting for Grandma's flight to come in from Des Moines, or
a variety of other uses.

Courtesy of:

EmergencyNet News Service
Emergency Response & Research Institute
6348 N. Milwaukee Ave., #312
Chicago, IL. 60646
(773) 631-3774 - Voice
(773) 631-4703 - Fax
(773) 631-3467 - Modem/Emergency BBS On-Line
http://www.emergency.com - Website
enn at emergency.com - E-mail
------------------------------------------------------------
END

Infowar            Thursday November 14 1996        Volume 01: Number 03


DIRECT REQUESTS to:    list at infowar.com with one-line in the BODY, NOT
in the subject line.

Subscribe infowar        TO JOIN GROUP
Unsubscribe infowar    TO LEAVE GROUP
Help infowar               TO RECEIVE HELP 
TO POST A MESSAGE:  E-Mail to   infowar at infowar.com  

_____________________________________________________
Infowar.Com
Interpact, Inc.
Winn Schwartau
winn at infowar.com
http://www.infowar.com
813-393-6600  Voice
813-393-6361  FAX

Sponsor Opportunities/Comments/Help

Betty G. O'Hearn
Assistant to Winn Schwartau
http://www.infowar.com
betty at infowar.com
813-367-7277  Voice
813-363-7277  FAX







From vedekgar at compcurr.com  Thu Nov 14 21:25:50 1996
From: vedekgar at compcurr.com (Newsletter)
Date: Thu, 14 Nov 1996 21:25:50 -0800 (PST)
Subject: Inside Currents Vol. 1, No. 6
Message-ID: <3.0.32.19961114171734.009b8210@mail.compcurr.com>


*******************************************************
Inside Currents
Vol 1, No. 6
November 1996

This is the electronic newsletter you requested when 
you joined Computer Currents Interactive at
http://www.currents.net.  
*******************************************************

If you would like to REMOVE yourself from this 
newsletter mailing list, you may send an "unsubscribe" 
message to Computer Currents Interactive.

***To unsubscribe, address your message to 
listserv at compcurr.com.  Leave the subject area 
in the header blank.  In the body, simply type 

unsubscribe newsletter

For security reasons you will then receive a message asking
you to confirm your actions by replying with an "ok"
(without quotes) in the body of your message.

If this newsletter has been forwarded to you 
and you wish to SUBSCRIBE, you may join 
Computer Currents Interactive at 
http://www.currents.net.

If you have any further questions, 
please send a message to insidecurrents at compcurr.com.


*******************************************************
IN THIS INSIDE CURRENTS:

1. Our online computer forums are up and running. Get some free advice!
        http://www.currents.net/

2. We've launched a new section: The Computer Advisor
        http://www.currents.net/cciu/advisor/advisor.html

3.  If you're looking to buy computer equipment, try NetQuote.
        http://www.currents.net/services/netquote/netquote.html

4.  BookPoint: We've made it easier for you to buy books in our online
database
        http://www.bookpoint.com/

5. COMDEX�Meet us in Las Vegas at the biggest computer show in the country.
*******************************************************


1. Get some free advice: Our online computer forums are up and running.

We�ve opened up our bulletin boards to give Computer Currents Interactive
users some free advice.  Our online forums are fast becoming the best place
to stop in with your computer questions and to share your experience and
compare notes with others.  Watch for advice from our computer
advisors�industry experts who will help you get the most out of your computer.

        http://www.currents.net/


2. We've launched a new section: The Computer Advisor

In our newly redesigned Computer Advisor section, you�ll find state-of-the
industry news and reviews, along with simple how -to materials to help you
use your computer to its best advantage.  We also offer up HelpLinks to the
most helpful sites on the web.

        http://www.currents.net/cciu/advisor/advisor.html


3.  If you're looking to buy computer equipment, try NetQuote.

Our easy-to-use service brings computer stores to you. You tell us what kind
of equipment you want. We'll send your specifications out to stores in your
area, and they'll contact you with a price quote. It's minimum-effort
comparison shopping, exclusively for our members

        http://www.currents.net/services/netquote/netquote.html


4.  BookPoint: We've made it easier for you to buy books in our online
database

Beginning this week, you'll find current computer-related bestseller
books available online at a 10% discount.  Also in BookPoint (our partnership
with Stacey�s Professional Bookstore) you can access our growing database of
professional books.  All the books are available to CCI members at a discount.

        http://www.bookpoint.com/books/picks.html


5. COMDEX�Meet us in Las Vegas at the biggest computer trade show in the
country

It's the biggest computer tribal gathering of the year, and we'll be at
Pavilion #4, booth #P4705 just outside of the Las Vegas Convention Center.
Stop by to meet our staff, tell us what you like (and dislike) about our
site and what you'd like to see more of in the future. Viva Las Vegas!

*******************************************************
Computer Currents Interactive   http://www.currents.net

*******************************************************





From ph at netcom.com  Thu Nov 14 21:36:00 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Thu, 14 Nov 1996 21:36:00 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <v02140b01aeb1a0ff57d2@[192.0.2.1]>


I read awhile ago that certain members of Parliament do not speak
their mind regarding the situation in Northern Ireland.  The reason
they give is that they have children and they fear the IRA.

There are times when one wishes to speak anonymously, yet speak
as a member of a group.

Is there a way to take published public keys and combine them with
your own in such a way that your identity is not compromised, but
it is clear beyond a doubt that you control one of a set of public
keys?

Peter Hendrickson
ph at netcom.com







From jimbell at pacifier.com  Thu Nov 14 21:49:59 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 14 Nov 1996 21:49:59 -0800 (PST)
Subject: A Disservice to Mr. Bell
Message-ID: <199611150549.VAA18649@mail.pacifier.com>


At 11:01 PM 11/14/96 -0500, hallam at vesuvius.ai.mit.edu wrote:

>>> Thats
>>>what the supremacy clause is all about. All previously existing courts
>>>were extinguished.
>
>>Ah!  So you admit that these courts were "previously existing," huh?  Well, 
>>if that's the case, merely read the 9th and 10th amendments and tell me how 
>>you're so sure that "all previously existing courts were extinguished."
>
>I admit no such thing if you could understand logic you would
>realize that. There were pre-existing courts, those of King George.

Misleading.  And wrong.  Wrong, because existing state courts were not 
eliminated.  And misleading, because both "commonlaw" and "equity" courts 
were "those of King George."  At least, the judges were appointed by the 
King.  But the revolution merely meant that George no longer had the 
authority to appoint the judges; it does not mean that the courts were, 
themselves, eliminated as institutions.

>They were extingished. 

"Extinguished"?  Like a fire, or something like that?  You really need to 
start using more exact terminology.  I think you're trying to read a lot 
more into the US Constitution than was written into it.  In order to be able 
to claim that it had an effect, you need to document that effect.  Find the 
particular section which "extinguished" a court.  Moreover, you need to 
explain why you're ignoring the 9th and 10th amendments, both of which make 
it clear that there was much continuity not affected by the Federal 
constitution.


>Had common law courts existed (they did not
>but for the sake of arguement I am indulging you in your fantasy) 

When did they not exist? Be very specific; are you referring to just 
America, or Britain as well?


>they would exist no longer.

You haven't documented this claim.



Jim Bell
jimbell at pacifier.com





From snow at smoke.suba.com  Thu Nov 14 22:03:32 1996
From: snow at smoke.suba.com (snow)
Date: Thu, 14 Nov 1996 22:03:32 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611131951.LAA16239@kachina.jetcafe.org>
Message-ID: <199611150619.AAA01605@smoke.suba.com>


> [This is a rebuttal to a misguided news article.]
> > Cypher-Censored
> > By Declan McCullagh (declan at well.com)
> Thank you for leaving your email address. It makes this easier.
> You people (read: the unaware and hypnotized masses, which includes
> reporters who's desire for attention and political safety holds them
> in line with the consensual illusion) keep missing the real issue, and
> substituting issues which only hold themselves in place.

     So you are explaining your problems in advance. Good, it tells 
thoughtful readers to take you with a grain of salt.  

> [Those of you who know, please excuse the mediaistic terms used in
> this rebuttal. One must use the symbols one is given to communicate
> at the level of understanding of those who use them.]

    Ok, I will try to keep from using too long words so you can understand
me. 

> In person-to-person interaction, one's only real defense against what
> one decides to call "unwanted" is to remove oneself from the arena of
> interaction. It may not be possible to ignore or run away from certain
> sources of input. 

     You forget "shutting down" the source of input. Turning off the 
radio, TV etc, or turning off the person speaking. 

> Logically, we must conclude that those who frequently and repeatedly
> cry for the censorship or removal of any source of input from
> cyberspace are either:
> 
> 	-quite clueless about the tools at their disposal
> 	-ideologically or personally opposed to the source of input
> or	-in need of large amounts of attention from others

    No problems with that. 

> >    The list is on Gilmore's machine and he can do what he wants with
> >    it; he can moderate the postings, he can censor material, he can
> >    shut the whole thing down. By kicking off an offending user, a
> >    list owner merely exercises his property right. There's no
> >    government involvement, so the First Amendment doesn't apply. And
> >    the deleted, disgruntled user is free to start his own mailing
> >    list with different rules.
> 
> Notice how, once the opposition is admitted to, the rationalization
> begins. Suddenly this is not a matter of censorship, but of ownership.
> Just as suddenly, the classic anti-free-speech arguments of "if you
> don't like it, start yer own" begin to surface. (Anyone ever notice
> how this resembles the "love it or leave it" mentality of certain
> American patriotic organizations?)

     It still isn't censorship. Censorship, at least in my dictionary, 
refers to censor, which uses the word "Official" several times. Mr. 
Gilmore is not an "Official" in a government sense, he maybe in the EFF
sense, but this is not an "Official" EFF organ, so that doesn't count. 

     He is the OWNER of this list, and the machine it runs on. If he chooses
(which he didn't) to keep someone from using the list, it is his right.

> What would ideological opposition be without the attempt at analogy? 
> Here we witness another example:
> 
> >        But then the question is whether Gilmore should have exercised
> >    that right, especially in such an open forum. Again, I think Gilmore's
> >    actions were justified. Consider inviting someone into your home or
> >    private club. If your guest is a boor, you might ask him to leave. If
> >    your guest is an slobbish drunk of a boor, you have a responsibility
> >    to require him to leave before he ruins the evening of others.
> 
> Notice that the net is compared to a home or private club. Actually

     WRONG. the "net' wasn't compared to either a home or a private club,
THIS LIST WAS. No one has the right to kick anyone off public streets, the
police _do_, but I seriously doubt that they could arrest you for refusing.
Gilmore didn't "Ban" Vulis from "The Net" (in fact he didn't even ban him 
from the list, he just removed him from the distribution list), he didn't
even try.

     He also didn't prevent Vulis from posting, tho' he could have. 

> the net is neither, however that would not serve the purposes of this
> analogy, so this fact is convienently forgotton. 
> The net is a wonderful place. Any ideology, no matter who disagrees or
> agrees with it, can be expressed and discussed here...assuming those
> who oppose this ideology do not have their way with the source of
> expression. There is a more refined and deeper truth to be found
> in the very existence of the set of all human ideologies, which is
> just beginning to show itself to some netizens. Unfortunately, this
> truth can be ruined when people equate some notion of value to 
> sources which ignore all but a tiny subset of the set of all ideologies:

     Again I repeat myself:

    Vulis was not "removed" in any way, shape, or form from "the net", all
Gilmore did was "Turn his back" on Vulis, saying in effect "Your bullshit
isn't wanted here". 

    He didn't tell Vulis to keep his opnion to himself, no one on this list 
did. He, and others here were asking Vulis to stop his repeated personel 
attacks on other list members, some were asking him to stop his vitrolic 
rants on racial and ethnic groups as well, which were _way_ off topic.  

> >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> >    lists and has kicked people off to maintain better editorial control.
> >    Volokh says that the most valuable publications are those that
> >    exercise the highest degree of editorial control.

> Value to whom and for what? If the editorial control produces one
> small element of the set of all ideologies, then this is only of value
> to the people who support this ideology. Given that the set of 

     You know, from your position I'd say you have a very clear view of 
your colon. 

     "Editorial Control" means that someone decides who get's published and
who doesn't. From your opposition to it, I guess you think that a magazine
dedicated to poetry should print all poems submitted, or as many, selected
in some sort of non-judgemental order, as they can fit. Or that a magazine
should print any writings submitted to it. 

     I run 4 mailing lists, one is personal, one is in the process of coming
online, and 2 are up and running. One of these has a rule: No Politics allowed.
I guess I am a pathetic little censorous worm huh? Nope. That rule was put 
there for a very good reason, and I am that reason. I love to talk politics,
but that is the WRONG FORUM for it. 

    Just like this is the wrong forum for Vulis to spew his shit. 

> people who support an issue is smaller than the set of people
> who support and oppose an issue, would the value not increase
> by allowing both sides of an issue equal speaking time? 

    Yes, and the cypherpunks list DOES THAT. Vulis wasn't kicked off for 
opposing Crypto, or the spread of Crypto, he was kicked off for littering,
and for refusing to stop littering. Actually he was kicked off for daring 
Gilmore to make him stop littering.  

> >        For his part, Gilmore calls removing the Russian mathematician "an
> >    act of leadership." He says: "It said we've all been putting up with
> >    this guy and it's time to stop. You're not welcome here... It seemed
> >    to me that a lot of the posts on cypherpunks were missing the mark.
> >    They seemed to have an idea that their ability to speak through my
> >    machine was guaranteed by the Constitution."
> 
> It is sad to note that this is the leader of one of America's
> forerunning organizations of freedom who says these words. For all
> *his* ideology of free speech, this statement reveals the hypocrasy he
> lives with for all to see. The true litmus test of free speech is to
> encounter speech that you *want* to censor.

     Not really, he was simply refusing to let Vulis share his (Gilmore's)
podium. 

> Mr. Gilmore, and other like minded parties, might want to consider
> what would happen if one parent company owned *all* communications
> media. Would they they be so supportive of the ideology of ownership
> and communciation they espouse?

     How would this happen? Setting up a press is fairly easy, at least 
a small hand operated press. Start your own magazine, start your own
mailing list. 

     That is what freedom is, the ability to _do it yourself_ not the 
requirement that others do it for you, or allow you to use what they 
have already built. 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From wombat at mcfeely.bsfs.org  Thu Nov 14 22:15:04 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Thu, 14 Nov 1996 22:15:04 -0800 (PST)
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
In-Reply-To: <Pine.BSI.3.95.961114030250.472F-100000@citrine.cyberstation.net>
Message-ID: <Pine.BSF.3.91.961115000356.12942G-100000@mcfeely.bsfs.org>



Look closely - it may be stego ...

-r.w.

On Thu, 14 Nov 1996 wichita at cyberstation.net wrote:

> 
>          Fermented Pear Juice == Supercilious Pap
> 
>          There they go again, the imperium, or so they think, of
>          cryptographic shamans are trying to bamboozle list readers
>          into believing their warped cryptographic gimcrackery. They
>          do not need Zadoc to anoint themselves the Solomons of the
>          cryptographic world. They think that they are perfectly
>          capable of doing it to themselves. Have they ever
>          cracked a single meaningful cryptographic system?  Have they ever
>          implemented a significant cryptographic system?


<SNIP>





From snow at smoke.suba.com  Thu Nov 14 22:37:51 1996
From: snow at smoke.suba.com (snow)
Date: Thu, 14 Nov 1996 22:37:51 -0800 (PST)
Subject: Mounting Crypted directories on Multiuser Machines.
Message-ID: <199611150654.AAA01811@smoke.suba.com>


 
 I was wondering about something: 
 
       Say you have a unix (or other multi-user OS) box, how hard would 
 it be for someone who was good at programming to modify Blaze's CFS to 
 allow the following:
 
       Every user has a directory:
 
      /home/usr1/
           /usr2/
           /usr3/
 
       and inside each directory they have:
 
       /home/usr1/html/
                 /files/
                 /.login    
                 /.usr1crypt
 
      such that /.usr1crypt gets mounted at _login_ time as a crypted file
 system under /files.
 
      The way I envision this is that one would log in (either from the console,
 or via ssh ideally) and be presented with the option of mounting said directory
 and asked for a passphrase, then the directory gets mounted. 
 
      I took a look at Blaze's CFS, but he mentions that it is really only for 
 a single user system, and well <looks sheepish I can't get it to compile 
 on my machine, so I can't really play with it on my end. 
 
      I would think that this would be fairly difficult, otherwise it would 
 have already been done right? 
 
      Or am I missing something more basic? 
 
      It would seem that running something like this would do 2 things.
   
      1) It would be much more difficult to prove that a service provider 
         knew what files a user was keeping lying around because unless
         the user was logged in, not even the Sysadmin could "peek" at the
         files.
      2) Provide the user with greater privacy. Users could keep PGP keys 
         on the system without much risk, and as long as access was either
         thru the console, or thru something like ssh, you should be rather
         safe. 
  
       Is anyone working toward something like this? I kinda got the idea that
 CFS was more designed and intended for single-user-at-a-time systems, but the
 application I had in mind was more of a (old) C2-type organization. 
 
 
 Petro, Christopher C.
 petro at suba.com <prefered for any non-list stuff
 snow at smoke.suba.com





From hallam at vesuvius.ai.mit.edu  Thu Nov 14 22:38:32 1996
From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu)
Date: Thu, 14 Nov 1996 22:38:32 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <199611150549.VAA18649@mail.pacifier.com>
Message-ID: <9611150643.AA01829@vesuvius.ai.mit.edu>



Jim appears to be arguing that the "common law" courts heis refering
to had judges appointed by the King. If so the right to appoint
judges to those posts passed to the US government under the treaty
of Paris. 

The Common Law in the UK was the kings law since the Norman conquest.
It is as any schoolboy knows judge made law. The doctrine of precedent
has become more and more prominent since the renaisance though, effectively
preventing judicial lawmaking except in areas where no law is believed
to exist.

As a system of government I don't think very much of the idea of a 
bunch of klansmen getting together to decide who they dislike. Sounds
much more like a lynch mob than a system of government to me. 

Since Browne couldn't even manage fourth place, despite the attentions
of the net it doesn't look as if the US people are particularly 
inclined to the libertarian view. Nader managed a vote about 20%
higher despite only running in a handful of states while Browne was
on the ballot in every state. Contrary to Bellsclaim that the state
is being challenged by libertarian and millitia ideas it looks to
me that the tide is flowing in the opposite direction if its flowing
at all.

	Phill





From teddygee at visi.net  Thu Nov 14 22:48:24 1996
From: teddygee at visi.net (Ted Garrett)
Date: Thu, 14 Nov 1996 22:48:24 -0800 (PST)
Subject: [CRYPTO] web-of-trust, signatures, and anonymity
Message-ID: <Pine.LNX.3.95.961115010358.1916C-100000@tgrafix.livesys.net>


-----BEGIN PGP SIGNED MESSAGE-----


Ok, People...

Let's say that I receive a message via a mailing list from an entity.

This message is signed with a PGP public key.  Being that I am
interested in some of the ideas proposed by this entity, I respond to
the message, but I fat-finger my mailer and it sends out the message
unsigned.  However, my .signature is reasonably automated and my
public key id is included there.

I obtain the the public key associated with the original entity from
the keyservers and the signature verifies, but the key on the servers
is not signed.

Concurrently, I receive a message in response to a message I sent to
this entity, which comes to me encrypted with my public key and signed
with the private key paired off to the public key I obtained for
this entity from a keyserver.

Being a believer in anonymity, I feel that whatever person, machine,
or thing which placed the key on the keyserver and kindly responded to
my message is reasonably expected to be the owner of the private key
associated with the public key I obtained.  Is this a fallacy?

Am I wrong to sign the public key I got from the keyserver and return
said key to the address purported to be the entity of ownership?  What
the entity does with the signature is, in my opinion up to it.

Is it unrealistic to assign the probability of two entities being able
to generate signatures for the same public key as close to zero?
(consider that this is a 2047 bit key)

Am I opening myself to attacks?  By this, I mean to ask whether
or not MY key is in any way possibly compromised in the exchange
described.

I keep a separate and 'unpublished' keypair to be used for physically
met individuals.  The public key of this keypair is NEVER sent by any
means other than physically.  This key signs only the keys of the
people I meet in person or have extensive telephone conversations
with.  While people who recieve the signature of this key also get a
copy of it, I only distribute this key to those I trust not to
disseminate it further.

- ---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
pgp-public-keys at pgp.mit.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQEVAwUBMowSJc1+l8EKBK5FAQEg2Af/agcalrlyDK+Ku+Qq7cnODOJjFIcsDAjh
LLuA6KG2DeDQUiAH72uL5WgdiHQaZroAhqRsFGDic3zmc0YGDQkI4W2KTTsVFi08
ubcX9JCnOGuDWxLIwvBdCX/FxDsPyrhTeEUNjjkXp+5k+BdxzLTfbUgbnLgM/BGJ
wD3Bq+evmTr86ul0SLUs3KL5h0488LhalPYTKtm9hdO9f3K01kz5W+FLUK3lXKJb
YH2e2Ob2Nr/uSH6ElluSMVGtU09i+s40uloqokzAyB7NuTStSCupqUw0nHQKFIY7
Or8uwmZF6c7ivtacstViZ7/6xM0km7wmoyWsee3gxe63LH/Mqr25/A==
=0HFl
-----END PGP SIGNATURE-----





From shamrock at netcom.com  Thu Nov 14 23:25:57 1996
From: shamrock at netcom.com (Lucky Green)
Date: Thu, 14 Nov 1996 23:25:57 -0800 (PST)
Subject: It is getting easier
Message-ID: <Pine.3.89.9611142353.A14422-0100000@netcom6>


[From an infowar article on the list]
>(ENN) A free service called "Flight Trax" is now available on the
>World-Wide-Web.
>This  new information resource allows one to track the progress of any
>domestic airflight within the contigious 48 states.
>
>Call up:  http://www.amerwxcncpt.com/ with your favorite internet
>browser. The program will ask you for the flight number, the airline, 
and the destination airport (using the FAA designated three-letter code). 
>The program will
>then show you the kind of aricraft used, its flight's path, its location
>on that path (accurate to within two or three minutes), and its expected
>time of arrival at its destination. It will not tell you why it may have
>been delayed.
>The information is provided by Flyte-Comm of Ft. Lauderdale, FL, which
>uses data from the FAA to produce the flight estimates.  Might be prove

If I remember correctly, some of the newer transponders used on 
commercial aircraft actually transmit GPS data back to the controller in 
real time. I wonder how long it will be before the FAA will include such 
information in their database.

"To obtain the position of any passenger flight in the US within 10 
meters, click here."

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred






From aba at dcs.ex.ac.uk  Thu Nov 14 23:55:53 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Thu, 14 Nov 1996 23:55:53 -0800 (PST)
Subject: Secrecy: My life as a nym. (Was: nym blown?)
In-Reply-To: <199611141540.HAA05676@toad.com>
Message-ID: <199611141649.QAA00383@server.test.net>



Sean Roach <roach_s at alph.swosu.edu> writes:
> At 05:22 PM 11/13/96 GMT, Adam Back wrote:
> ...
> >Nym sues nym.  I think not.  An alternate view of slander law suits is
> >as a way to encourage the use of Nyms.  Certainly the dissenters of
> >the unnamed pseudo religious have learnt the value of nyms, remailers
> >and so forth.  There are distinct advantages to nyms.
> ...
> They learned the value all right.  Right up to the time that one of the
> founding remailers disclosed thier return addresses to save the rest of the
> hard drive.  There are definate advantages to TRULY anonymous remailers too.
> Ones where the return address is not stored.  

Yep.  Some people even voiced the opinion that it was a good thing
that penet closed down, because now people would have to use better
remailers.  At the time the first address was released from penet
their was discussion of the cypherpunks type I remailers.  The ease of
use isn't there though.  Alpha and newnym remailers are provide
replyable email addresses and are much better than penet, though also
not perfect.

Ease of use seems to be a huge requirement for many people, which is
presumably what lead to penets success.  Programs like private Idaho
mean that there is little excuse for not using real remailers.

> For mailing lists and newsgroups, where you are going to get
> conformation on your post when its relayed to you, why do you need
> the return address anyway?  Someone inside the group uses a
> remailer, just post your comments to the list, that person will most
> likely see it there.  I assume that these already exist somewhere.

People have done this (even with messages encrypted to the recipient
only) eg Pr0duct Cypher <cypherpunks at toad.com>, Henry Hastur
<alt.security.pgp>.  This is also the purpose, I believe, of the
alt.anonymous.messages newsgroup.

A good remailer reference is Galactus:

	http://www.stack.urc.tue.nl/~galactus/remailers/

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From markm at voicenet.com  Fri Nov 15 00:01:04 1996
From: markm at voicenet.com (Mark M.)
Date: Fri, 15 Nov 1996 00:01:04 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v02140b01aeb1a0ff57d2@[192.0.2.1]>
Message-ID: <Pine.LNX.3.95.961115024717.3497A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 14 Nov 1996, Peter Hendrickson wrote:

> I read awhile ago that certain members of Parliament do not speak
> their mind regarding the situation in Northern Ireland.  The reason
> they give is that they have children and they fear the IRA.
> 
> There are times when one wishes to speak anonymously, yet speak
> as a member of a group.
> 
> Is there a way to take published public keys and combine them with
> your own in such a way that your identity is not compromised, but
> it is clear beyond a doubt that you control one of a set of public
> keys?

One way would be to have some trusted third party issue a signature for any
key that belongs to a member of the group.  The problem with this method is
that the certificate issuer knows which keys belong to which members.  This
can be solved by blind-signing the keys.  A single secret key could be
distributed to every member, but this is vulnerable to security problems.
Also, it would be impossible to determine if a group of messages were each
issued by different people or if it was the same person.

I don't know if there is any better cryptographic protocol to handle a
situation like this.  Oblivious signatures might be a possibility, but I don't
know how they work and if they could be used in such a protocol.

Mark
- --   
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMowjzizIPc7jvyFpAQGWnQf/fH+RLAE8AUW8CrASprXuHZH/z2/30M6l
zWeC8E43dh1Hy4YLqeNyKNblHp717vla2/EeOJQUuKN0FBMdJoJVGP+dH4BKMgWA
mobfOhq+n+vDQCvwonkrjy2oq5+2ULS6uIkGLvaMRrCWwJ9wElE6LHOAo/Tz9Y8p
71ICTn6k9z6V67Aeu/5q0GyY4QrLdPZqxNpjW7LqGkV5LNTTttqxCiWlrpRqLRJu
81qgBrDZtTG0nB8emqW3lpTag48yyeePAAYMuryLQ3y7lDfrQloZ+t5MtOgnrUlw
dVvQ2hIn9KVNKlkmJi/7aLFUZxp5jNaEtP1+LxPGHouiJC3utp3cJA==
=I6hn
-----END PGP SIGNATURE-----






From E.J.Koops at kub.nl  Fri Nov 15 00:08:35 1996
From: E.J.Koops at kub.nl (Bert-Jaap Koops)
Date: Fri, 15 Nov 1996 00:08:35 -0800 (PST)
Subject: PGP3.0 & ElGamal
Message-ID: <AAA18C4332B@frw3.kub.nl>


paul at fatmans.demon.co.uk wrote:
> I know 3.0 uses discrete log cryptography but whether it will be 
> El Gamal or DH or other I don`t know. I would imagine in the end it 
> would come down to a question of what is unpatented first and I have 
> no idea on the patent date for El Gamal (is it even patented?) but DH 
> hasn`t long to go....

According to Schneier, ElGamal isn't patented, but claimed to be 
covered by the Diffie-Hellman patent, which expires 29 April 1997.

Bert-Jaap





From hyperlex at hol.gr  Fri Nov 15 00:39:20 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Fri, 15 Nov 1996 00:39:20 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611151030.IAA25710@prometheus.hol.gr>


At 07:22 �� 14/11/1996 -0600, snow wrote:
>    Intelligence + money + time * will = Result
>        Some     +  0    + a bit * some = A server with 4 or 5 mailing lists. 

Indeed!  But I tend to use them for A.I. Research, and there is little
left of 'em for them mailing listes ya knaw! :-) :-)


>     For every "tentacle" of the Vast Media Conglomerates, there is 
>some loose nut with a photocopier (or access to Kinko's). 

Thank Goddess! :-)


>> Even your American President is in reality a puppet of the Trilateral
>> Commission, who effectively also control CNN, the Washington Post,
>> and many many many other things all over the world.
>
>     WHO is nuts? 

The American and European public, i.e. _we_ who trust those people! :-)



>> P.S. Even if you offered me a million dollars I'd stay away from
>>      your country. My sanity is much more valuable.  :-)
>>      (The Immigration Authorities in the U.S. have missed the point:
>>       We DON'T want to come to you guys. It's the last thing we'd want!)
>
>     One of these days reality is going to hit you like a runaway 
>freight train. 


You mean my check for $ 1.000.000 is... coming? :-)

Cheers
George

P.S.  The reasons I'd decline the check are simply the difficulties in
      having to (1) hide from your authorities as an 'illegal immigrant',
      (2) having to work for someone else as opposed to myself (as I do
      over here) andf (3) having to hire a psychiatrist sooner or later!

All this maan, is more costly than $ 1.000.000.

And... yes, I _am_ nutts! (Aren't we all? ;-) )






From hyperlex at hol.gr  Fri Nov 15 00:48:48 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Fri, 15 Nov 1996 00:48:48 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611151044.IAA25992@prometheus.hol.gr>


At 12:19 �� 15/11/1996 -0600, snow wrote:
(in the end)...
>     That is what freedom is, the ability to _do it yourself_ not the 
>requirement that others do it for you, or allow you to use what they 
>have already built. 

Hey man, do they sell "FREEDOM KITS" in American Supermarkets? :-)
ROTFL!


(and started saying):
[...]
>> Just as suddenly, the classic anti-free-speech arguments of "if you
>> don't like it, start yer own" begin to surface. (Anyone ever notice
>> how this resembles the "love it or leave it" mentality of certain
>> American patriotic organizations?)
>
>     It still isn't censorship. Censorship, at least in my dictionary, 
>refers to censor, which uses the word "Official" several times.

You mean that if... Dr. Dimitri Vulis hires a Mafia-man to kill ya, 
(to silence you) this wouldn't be censorship, since it would not be
"Official"  ? :-)

>Mr. 
>Gilmore is not an "Official" in a government sense, he maybe in the EFF
>sense, but this is not an "Official" EFF organ, so that doesn't count. 


OK, any bombs thrown in the offices of the Ecological Party are not
official censorship either. It was _unofficial_ censorship by... "Motor
Oil Corporation" trying to stop the Flow of Information (about their
oil leakages polluting the Mediterranean Sea)... See what I mean?



>     He is the OWNER of this list, and the machine it runs on. If he chooses
>(which he didn't) to keep someone from using the list, it is his right.

If I own a building and invite you to an open meeting inside this building
do I own what you _say_ or your rights to _say_ it? 





>     "Editorial Control" means that someone decides who get's published and
>who doesn't. From your opposition to it, I guess you think that a magazine
>dedicated to poetry should print all poems submitted, or as many, selected
>in some sort of non-judgemental order, as they can fit. Or that a magazine
>should print any writings submitted to it. 

See my other posting about why the "Editorial" analogy has serious flaws.

I don't see 'em mailing listes hangin' over the kiosk in the centre of
town, ya know. Nor does the list-ownere make his bread out of 'em. And
finally, we readers aren't as stupid as to forget that we are also the
WRITERS of them mailing listes! :-) :-)




>> Mr. Gilmore, and other like minded parties, might want to consider
>> what would happen if one parent company owned *all* communications
>> media. Would they they be so supportive of the ideology of ownership
>> and communciation they espouse?
>
>     How would this happen? Setting up a press is fairly easy, at least 
>a small hand operated press. Start your own magazine, start your own
>mailing list. 

Bulshit!  If this happened, nobody would exist to allow us to express
ourselvers. Even if we build own "Resistance Movement" (or an alternative
kind of Internet) the damage would be serious and irreversible!

Are you telling us that setting up an entire _PRESS_ is fairly easy?

Listen man, it's not. My printer (who printed the boxes for my software)
will tell you this!  He'll also explain why my major competitor in Greece
owns an entire Printing/Publishing house just for Computer Manuals
(Singular S.A.).

Setting up a mailing list is not _that_ easy, but it's still much more
intricate and difficult than accepting the Basic Principles of Free
Expression: DON'T KICK OUT GUESTS YOU INVITE TO "OPEN MEETINGS".
(In the Internet or anywhere else in fact). If you don't like 'em
guests don't invite them in the first place, or don't call your
meetings "OPEN".

e.g. Just as aga tolerates me and vice versa, so should Gilmore
tolerate Dimitri Vulis. 



Cheers
George






From rcgraves at ix.netcom.com  Fri Nov 15 01:09:53 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Fri, 15 Nov 1996 01:09:53 -0800 (PST)
Subject: The Conspiracy To Erect An Electronic Iron Curtain
In-Reply-To: <19961114.205947.7711.21.kb4vwa@juno.com>
Message-ID: <328C33AD.3E78@ix.netcom.com>


Someone using the name "Edward R. Figueroa" <kb4vwa at juno.com> today 
wrote:
> 
> An Essay by L. R. Beam

Oh, come on, I'm sure everybody's read this several times, since it was 
spammed so widely back in February. A URL would do. You can read lots 
more by and about Louis Beam, who uses an AOL account, at 
http://www.nizkor.org/ftp.cgi?people/b/beam.louis or 
http://www.stormfront.org, and so on. I recommend "Leaderless 
Resistance."

If you want someone who would be more likely to appeal to cypherpunks, 
try John Gardner <ygg at netcom.com>; he's a little softer around the 
edges, and he's local. "Dave Harman" never showed up for a cypherpunks 
meeting, but maybe Yggdrasil will. Why not; we were going to invite 
Vulis. John has my number.

-rich





From aga at dhp.com  Fri Nov 15 03:58:56 1996
From: aga at dhp.com (aga)
Date: Fri, 15 Nov 1996 03:58:56 -0800 (PST)
Subject: "Freedom Knights" are closet censors
In-Reply-To: <Pine.GSO.3.95.961114104601.22840A-100000@well.com>
Message-ID: <Pine.LNX.3.95.961115065233.2693C-100000@dhp.com>


On Thu, 14 Nov 1996, Declan McCullagh wrote:

> Date: Thu, 14 Nov 1996 10:48:41 -0800 (PST)
> From: Declan McCullagh <declan at well.com>
> Reply-To: freedom-knights at jetcafe.org
> To: Dave Hayes <dave at kachina.jetcafe.org>
> Cc: freedom-knights at jetcafe.org, cypherpunks at toad.com
> Subject: Re: "Freedom Knights" are closet censors 
> 
> 
> On Thu, 14 Nov 1996, Dave Hayes wrote:
> 
> > Sorry, that *is* the point. If you tell me you are going to disrupt
> > the list, I am not going to let you on the list...even though you
> > are easily ignored. 
> 
> And if Vulis shows Gilmore, though his actions, that he is going to
> disrupt cypherpunks, Vulis can be prevented from being on the list...even
> though he is easily ignored.
> 
> The freedom you, Dave, are exercising as owner and perhaps moderator of
> freedom-knights, is precisely the same freedom that Gilmore should and
> does enjoy.
> 

Bullshit!  There is NO similarity at ALL between the cyberpunks list
and the F-K list, and the comparison between the two is grossly
misplaced.

> That's why neither of your actions is, in truth, "censorship."
> 
> -Declan

Gilmore's shit would better be called the "EFF's-fucking of the
people," since he thinks he can use his EFF status and past reputation
as a wedge. There is just no excuse for ever pulling any plug, ever.

-john






From aga at dhp.com  Fri Nov 15 04:18:29 1996
From: aga at dhp.com (aga)
Date: Fri, 15 Nov 1996 04:18:29 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611150046.TAA12925@dhp.com>
Message-ID: <Pine.LNX.3.95.961115071542.2693G-100000@dhp.com>


On Thu, 14 Nov 1996, Sean Roach wrote:

> Date: Thu, 14 Nov 1996 19:46:08 -0500
> From: Sean Roach <roach_s at alph.swosu.edu>
> To: aga <aga at dhp.com>, cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> >On Wed, 13 Nov 1996, Mark M. wrote:
> 
> >> Mark
> >> - -- 
> >> finger -l for PGP key
> >> PGP encrypted mail prefered.
> 
> To which, at 08:42 AM 11/14/96 -0500, aga wrote:
> 
> >Why?  Are you a criminal?
> >What are you hiding behind your PGP?
> 
> Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
> is a criminal?  Charlie McCarthy might have said that.
> 

It just "looks" that way on the net.  I do live-fucking, newsgroup
flooding, mailbombing, vote-tampering and defamation all legally,
and OPENLY on the InterNet.

The more you PGP, the worse you look.  Nobody reads your e-mail,
so stop being so paranoid.

-aga






From frissell at panix.com  Fri Nov 15 04:53:11 1996
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 15 Nov 1996 04:53:11 -0800 (PST)
Subject: One Big Telecoms Company
Message-ID: <3.0b36.32.19961115075321.006e0500@panix.com>


At 07:02 PM 11/14/96 -0800, Dave Del Torto wrote:
>Um, a _better_ one, now that government monopolies are largely out of the
>way, leaving significant infrastructure for them to use? There's this one
>little company called MCI, see, and there's this _other_ little company
>called BT, and...

There are now 150 Long Distance telephone companies in the US vs 1 when I
was a kid.

There are now 5 or 6 broadcast and 150 cable TV networks in the US vs 3
when I was a kid.

There will soon be 5 cellular and PCS companies in NYC vs 0 when I was a kid.

There are now 6000 ISPs vs 0 when I was a kid.

DCF






From aga at dhp.com  Fri Nov 15 05:00:58 1996
From: aga at dhp.com (aga)
Date: Fri, 15 Nov 1996 05:00:58 -0800 (PST)
Subject: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <199611150619.AAA01605@smoke.suba.com>
Message-ID: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>


On Fri, 15 Nov 1996, snow wrote:

> Date: Fri, 15 Nov 1996 00:19:46 -0600 (CST)
> From: snow <snow at smoke.suba.com>
> Reply-To: freedom-knights at jetcafe.org
> To: Dave Hayes <dave at kachina.jetcafe.org>
> Cc: freedom-knights at jetcafe.org, declan at well.com, cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
> 
> > [This is a rebuttal to a misguided news article.]
> > > Cypher-Censored
> > > By Declan McCullagh (declan at well.com)
> > Thank you for leaving your email address. It makes this easier.
> > You people (read: the unaware and hypnotized masses, which includes
> > reporters who's desire for attention and political safety holds them
> > in line with the consensual illusion) keep missing the real issue, and
> > substituting issues which only hold themselves in place.
> 
>      So you are explaining your problems in advance. Good, it tells 
> thoughtful readers to take you with a grain of salt.  
> 
> > [Those of you who know, please excuse the mediaistic terms used in
> > this rebuttal. One must use the symbols one is given to communicate
> > at the level of understanding of those who use them.]
> 
>     Ok, I will try to keep from using too long words so you can understand
> me. 
> 
> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
> 
>      You forget "shutting down" the source of input. Turning off the 
> radio, TV etc, or turning off the person speaking. 
> 

It ain't the person, but the language that Gilmore tried to censor.

> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> 
>     No problems with that. 
> 
> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > 
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> 
>      It still isn't censorship. Censorship, at least in my dictionary, 
> refers to censor, which uses the word "Official" several times. Mr. 
> Gilmore is not an "Official" in a government sense, he maybe in the EFF
> sense, but this is not an "Official" EFF organ, so that doesn't count. 
> 
>      He is the OWNER of this list, and the machine it runs on. If he chooses
> (which he didn't) to keep someone from using the list, it is his right.
> 

No it ain't; not after the list gets so big.  Public newsgroups
lose all rights of censorship by the owners, and that is law.

> > What would ideological opposition be without the attempt at analogy? 
> > Here we witness another example:
> > 
> > >        But then the question is whether Gilmore should have exercised
> > >    that right, especially in such an open forum. Again, I think Gilmore's
> > >    actions were justified. Consider inviting someone into your home or
> > >    private club. If your guest is a boor, you might ask him to leave. If
> > >    your guest is an slobbish drunk of a boor, you have a responsibility
> > >    to require him to leave before he ruins the evening of others.
> > 
> > Notice that the net is compared to a home or private club. Actually
> 
>      WRONG. the "net' wasn't compared to either a home or a private club,
> THIS LIST WAS. No one has the right to kick anyone off public streets, the
> police _do_, but I seriously doubt that they could arrest you for refusing.
> Gilmore didn't "Ban" Vulis from "The Net" (in fact he didn't even ban him 
> from the list, he just removed him from the distribution list), he didn't
> even try.
> 
>      He also didn't prevent Vulis from posting, tho' he could have. 
> 
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> > The net is a wonderful place. Any ideology, no matter who disagrees or
> > agrees with it, can be expressed and discussed here...assuming those
> > who oppose this ideology do not have their way with the source of
> > expression. There is a more refined and deeper truth to be found
> > in the very existence of the set of all human ideologies, which is
> > just beginning to show itself to some netizens. Unfortunately, this
> > truth can be ruined when people equate some notion of value to 
> > sources which ignore all but a tiny subset of the set of all ideologies:
> 
>      Again I repeat myself:
> 
>     Vulis was not "removed" in any way, shape, or form from "the net", all
> Gilmore did was "Turn his back" on Vulis, saying in effect "Your bullshit
> isn't wanted here". 
> 
>     He didn't tell Vulis to keep his opnion to himself, no one on this list 
> did. He, and others here were asking Vulis to stop his repeated personel 
> attacks on other list members, some were asking him to stop his vitrolic 
> rants on racial and ethnic groups as well, which were _way_ off topic.  
> 

Now THAT is what makes John Gilmore an ASSHOLE!
"personel(sic) attacks on other list members" and "vitriolic rants on
racial and ethnic groups" are normal things for the InterNet, and they
should NEVER be suppressed. I reserve the right to call you a nigger
or a kike any time that I want to, asshole, and you has better get
used to it. What the fuck nationality is Gilmore anyway?  Is he a
wild-jew or crazy irishman or what?  

> > >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> > >    lists and has kicked people off to maintain better editorial control.
> > >    Volokh says that the most valuable publications are those that
> > >    exercise the highest degree of editorial control.
> 
> > Value to whom and for what? If the editorial control produces one
> > small element of the set of all ideologies, then this is only of value
> > to the people who support this ideology. Given that the set of 
> 
>      You know, from your position I'd say you have a very clear view of 
> your colon. 
> 
>      "Editorial Control" means that someone decides who get's published and
> who doesn't. From your opposition to it, I guess you think that a magazine
> dedicated to poetry should print all poems submitted, or as many, selected
> in some sort of non-judgemental order, as they can fit. Or that a magazine
> should print any writings submitted to it. 
> 
>      I run 4 mailing lists, one is personal, one is in the process of coming
> online, and 2 are up and running. One of these has a rule: No Politics allowed.
> I guess I am a pathetic little censorous worm huh? Nope. That rule was put 
> there for a very good reason, and I am that reason. I love to talk politics,
> but that is the WRONG FORUM for it. 
> 
>     Just like this is the wrong forum for Vulis to spew his shit. 
> 

No it ain't, asshole.

> > people who support an issue is smaller than the set of people
> > who support and oppose an issue, would the value not increase
> > by allowing both sides of an issue equal speaking time? 
> 
>     Yes, and the cypherpunks list DOES THAT. Vulis wasn't kicked off for 
> opposing Crypto, or the spread of Crypto, he was kicked off for littering,
> and for refusing to stop littering. Actually he was kicked off for daring 
> Gilmore to make him stop littering.  
> 

Get used to the shit, asshole.

> > >        For his part, Gilmore calls removing the Russian mathematician "an
> > >    act of leadership." He says: "It said we've all been putting up with
> > >    this guy and it's time to stop. You're not welcome here... It seemed
> > >    to me that a lot of the posts on cypherpunks were missing the mark.
> > >    They seemed to have an idea that their ability to speak through my
> > >    machine was guaranteed by the Constitution."
> > 
> > It is sad to note that this is the leader of one of America's
> > forerunning organizations of freedom who says these words. For all
> > *his* ideology of free speech, this statement reveals the hypocrasy he
> > lives with for all to see. The true litmus test of free speech is to
> > encounter speech that you *want* to censor.
> 
>      Not really, he was simply refusing to let Vulis share his (Gilmore's)
> podium. 
> 

No, he was just trying to control Dr. Vulis's language, and that
sucks.  John Gilmore must be added to the net.scum web-page.

> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?
> 
>      How would this happen? Setting up a press is fairly easy, at least 
> a small hand operated press. Start your own magazine, start your own
> mailing list. 
> 

Right, but don't ever preclude me calling you a nigger or a kike,
or a chink or a spic or a wap, etc., motherfucker.

>      That is what freedom is, the ability to _do it yourself_ not the 
> requirement that others do it for you, or allow you to use what they 
> have already built. 
> 
> Petro, Christopher C.
> petro at suba.com <prefered for any non-list stuff>
> snow at smoke.suba.com
> 

This whole thing boils down to John Gilmore not liking
"rants" or "personal attacks."  What does that chicken-shit
punk hide behind in real life?  When his terminal is not
protecting him?  John Gilmore is connected with the corrupt
cabal boys anyway, so he should be dismissed as anybody having
any credibility any more.

"Once you pull the first plug, you are forever more a whore,"
as the greeks would say.

-aga






From jya at pipeline.com  Fri Nov 15 05:34:40 1996
From: jya at pipeline.com (John Young)
Date: Fri, 15 Nov 1996 05:34:40 -0800 (PST)
Subject: Well-regulated
Message-ID: <1.5.4.32.19961115133235.00669638@pop.pipeline.com>


Vladimir Z. Nuri wrote:

>>Cypherpunks does not seem to me to be anything like the well-
>>regulated lists you ascribe to Prof Volokh.
>>
>
>Declan should rest his point here. the cpunk list is notorious
>for being way astray. yet cpunks continuously argue against
>anyone with a moderator type role. could there be some correlation
>between lack of moderation/leadership on the list and the 
>piles of noise that people incessantly complain about? of 
>course I'm insane for suggesting this.


Vlad,


"Well-regulated" means different things to different mind-sets.

As do "leadership," "moderator" and "anarchy."

All can be fulfilled in diametrically opposite ways: benevolent
suppression of assent to attain uninspired unanimity or pissed 
respect for your opponents skill at insulting you and your ideas,
sexual preferences, hair style, even, ahem, code and writing 
abilities.

What you call "way astray" about cypherpunks I would call
"healthy waywardness of stray cats."

I say, let the wild cats grow and wail backalley of the spiffy facades 
and green lawns; let them disturb sly cultivators of the currently 
fashionable, marketable career-boosting management of the
Internet herd.

That's my critique of the 1st Amend mongers (spit): too narrow-
minded about freedom of speech, they always give themselves
away by fanaticism about proper grammar and spelling and
behavior, well, you know, demanding polymorphous heathens 
do it like missionaries who think tongues are only for talking.

Heed the complicity of God and Mammon, one person's butthole 
is another person's way to heaven on earth. As missionaries admit
about the joys of exotic lands and stray cat codes and wailing
discourse.

The Occident is a prig, and overly addicted to a tight-laced 
definitions of propriety, heirarchy and rank. That's "well-regulated"
at its worst and meanest and murderous and censorious.







From camcc at abraxis.com  Fri Nov 15 05:50:21 1996
From: camcc at abraxis.com (Alec)
Date: Fri, 15 Nov 1996 05:50:21 -0800 (PST)
Subject: Why I shall never undescribe
Message-ID: <3.0.32.19961115085016.00696094@smtp1.abraxis.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 277 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961115/eae075f9/attachment.bin>

From rent_control at msn.com  Fri Nov 15 05:58:04 1996
From: rent_control at msn.com (Stephen Boursy)
Date: Fri, 15 Nov 1996 05:58:04 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <UPMAIL07.199611151356330254@msn.com>




----------
From:  aga
Sent:  Thursday, November 14, 1996 8:30 AM
To:  freedom-knights at jetcafe.org
Cc:  Dave Hayes; InterNet Freedom Council; Declan McCullagh; 
cypherpunks at toad.com
Subject:  Censor John Gilmore -- EFF is a disgrace!

On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Date: Wed, 13 Nov 1996 13:12:50 -0800 (PST)
> From: Declan McCullagh <declan at well.com>
> Reply-To: freedom-knights at jetcafe.org
> To: Dave Hayes <dave at kachina.jetcafe.org>
> Cc: freedom-knights at jetcafe.org, cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> I am amused. I gave Dave Hayes about an 8.5 out of 10 on the scale of
> meaningless political rants.
> 

Jealousy rears it's ugly head.  You just wish you had the credibility
that Dave Hayes has.

Declan has no credibility but quite honestly it doesn't seem to
be worth much effort on the Freedom Knight list to debate
the censorous fool.  Let's keep our energies in that regard
to the public forum where exposure to this type of nonsense
will do the most good.


> * "Political safety?" I stand by my record as a writer. Check out
> http://www.eff.org/pub/Publications/Declan_McCullagh/ for some of my
> recent articles. Political safety? Hardly.
> 

This Declan_McCullagh is a long-time cabal.member, so his critique
of a Freedom-Knight like Dave Hayes is to be given short shrift.


And again-he's not worth the effort debating privately.  As far as
the mailing list goes I'm sure we can get forwards from some kind
soul and just post the whole thing publically on usenet for
free and open discussion.


> * Dave says "Notice that the net is compared to a home or private club." 
> Wrong. I never compared the Net to such. However, a mailing list run on a
> computer in someone's home with his own cash is very similar to a private
> club.  There are private speech restrictions on the Net. Gated communities
> exist.  Try to join the "lawprofs" mailing list. You can't; you're not
> (and quite obviously anything but) a law professor. Censorship? Not quite. 
> 

None of that analogy is applicable to the cyberpunks list.
When a list gets as big as that, it it no longer to be considered
a "mailing-list" but it is a _public_ forum.  The whole problem
here is the abuse of power by both the EFF and John Gilmore.


  Well then let's put their precious censored mailing list in 
the public domain.


> * Contrary to what you seem to be asserting, Gilmore hasn't blocked Vulis
> from posting. 
> 
> * Dave warns us to consider "what would happen if one parent company owned
> *all* communications media." Then we have problems. I've written about
> this in an Internet Underground magazine column. However, this is not the
> case now. Or are you arguing the government should get involved and force
> Gilmore to allow Vulis on his list?
> 

No, he is saying that people can use an e-mail filter and not listen
to Vulis if they want to.  It was a very simple thing; are you too
uneducated to know how to use an e-mail filter?


  Any idiot can use an email filter-he knows that.  Again-on our
mailing list he's not worth the effort-let's take the subject and 
their mailing list to usenet.

                                       Steve

> By the way, if you haven't figured it out yet, Mr. "Freedom Knight of
> Usenet,"  a private mailing list is NOT Usenet. Get a clue. 
> 

Wrong!  The cyberpunks mailing list is PUBLIC property and should
NOT be controlled by John Gilmore!  This just goes to show the real
facist censorship motives that the EFF has behind it.

Time to kill the EFF, and let it rot in hell.  They are disgrace
to the entire InterNet community.  I run 6 different mailing lists,
and have NEVER puled the plug on anyone, even when they criticize me.

The first time is the time when you lose all credibility, and there
is never any forgiveness for a plug-puller.


> -Declan
> 

-aga.admin
InterNet Freedom Council
> 
> 
> 
> 
> 
> On Wed, 13 Nov 1996, Dave Hayes wrote:
> 
> > [This is a rebuttal to a misguided news article.]
> > 
> > > Cypher-Censored
> > > By Declan McCullagh (declan at well.com)
> > 
> > Thank you for leaving your email address. It makes this easier.
> > 
> > You people (read: the unaware and hypnotized masses, which includes
> > reporters who's desire for attention and political safety holds them
> > in line with the consensual illusion) keep missing the real issue, and
> > substituting issues which only hold themselves in place.
> > 
> > [Those of you who know, please excuse the mediaistic terms used in
> > this rebuttal. One must use the symbols one is given to communicate
> > at the level of understanding of those who use them.]
> > 
> > >        Thus began a debate over what the concept of censorship means in 
a
> > >    forum devoted to opposing it. Did Gilmore have the right to show 
Vulis
> > >    the virtual door? Or should he have let the ad hominem attacks
> > >    continue, encouraging people to set their filters accordingly? The
> > >    incident raises deeper questions about how a virtual community can
> > >    prevent one person from ruining the forum for all and whether only
> > >    government controls on expression can be called "censorship."
> > 
> > "Cyberspace" is interacted with using tools under the control of the
> > interactor. 
> > 

yes, and all you need is a simple mail filter.

> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
> > 
> > In cyberspace, however, it is not only possible but necessary and even
> > desirable. Cyberspace allows one to interact with many more people
> > then can fit in any given physical space. One simply -cannot- receive
> > input from 2000 people and not employ some sort of filtering
> > mechanism. Indeed, cyberspace has many buttons and switches (and even
> > programmatic filters) which allow one to -completely- control whom one
> > interacts with.
> > 
> > Logically, we must conclude that those who frequently and repeatedly
> > cry for the censorship or removal of any source of input from
> > cyberspace are either:
> > 
> > 	-quite clueless about the tools at their disposal
> > 	-ideologically or personally opposed to the source of input
> > or	-in need of large amounts of attention from others
> > 
> > Cluelessness can be overcome by appropriate teaching and interest in
> > learning (the latter issue we can safely assume users of popular but
> > ineffectual windowing OSes are not able to overcome). Such
> > cluelessness, however, is not and should never be a reason for 
> > censorship.
> > 
> > A need for attention can be overcome by refraining from the denial
> > that the need exists, followed by careful observation of that need. 
> > More can be said on this, but this is not the forum. Such a need
> > is not and should never be a reason for censorship. 
> > 
> > Idelological opposition is another matter entirely. To understand this
> > better, we'll need to observe this in action. Here is an example:
> > 
> > >        Vulis portrays himself as a victim, but as I posted to the list
> > >    last week, I disagree. Anyone who's spent any time on the
> > >    100-plus-messages-a-day list can read for themselves the kind of 
nasty
> > >    daily messages that came from Vulis's keyboard. 
> > 
> > "Nasty" is, of course, by this reporter's standard of "nasty". Granted
> > this standard may in fact be shared by Mr. Gilmore, however a shared
> > standard is not necessarily an appropriate or correct standard. 
> > 
> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > 
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
> > 
> > What would ideological opposition be without the attempt at analogy? 
> > Here we witness another example:
> > 
> > >        But then the question is whether Gilmore should have exercised
> > >    that right, especially in such an open forum. Again, I think 
Gilmore's
> > >    actions were justified. Consider inviting someone into your home or
> > >    private club. If your guest is a boor, you might ask him to leave. If
> > >    your guest is an slobbish drunk of a boor, you have a responsibility
> > >    to require him to leave before he ruins the evening of others.
> > 
> > Notice that the net is compared to a home or private club. Actually
> > the net is neither, however that would not serve the purposes of this
> > analogy, so this fact is convienently forgotton. 
> > 
> > The net is a wonderful place. Any ideology, no matter who disagrees or
> > agrees with it, can be expressed and discussed here...assuming those
> > who oppose this ideology do not have their way with the source of
> > expression. There is a more refined and deeper truth to be found
> > in the very existence of the set of all human ideologies, which is
> > just beginning to show itself to some netizens. Unfortunately, this
> > truth can be ruined when people equate some notion of value to 
> > sources which ignore all but a tiny subset of the set of all ideologies:
> > 
> > >        Eugene Volokh, a law professor at UCLA, runs a number of mailing
> > >    lists and has kicked people off to maintain better editorial control.
> > >    Volokh says that the most valuable publications are those that
> > >    exercise the highest degree of editorial control.
> > 
> > Value to whom and for what? If the editorial control produces one
> > small element of the set of all ideologies, then this is only of value
> > to the people who support this ideology. Given that the set of 
> > people who support an issue is smaller than the set of people
> > who support and oppose an issue, would the value not increase
> > by allowing both sides of an issue equal speaking time? 
> > 
> > >        For his part, Gilmore calls removing the Russian mathematician 
"an
> > >    act of leadership." He says: "It said we've all been putting up with
> > >    this guy and it's time to stop. You're not welcome here... It seemed
> > >    to me that a lot of the posts on cypherpunks were missing the mark.
> > >    They seemed to have an idea that their ability to speak through my
> > >    machine was guaranteed by the Constitution."
> > 
> > It is sad to note that this is the leader of one of America's
> > forerunning organizations of freedom who says these words. For all
> > *his* ideology of free speech, this statement reveals the hypocrasy he
> > lives with for all to see. The true litmus test of free speech is to
> > encounter speech that you *want* to censor.
> > 
> > Mr. Gilmore, and other like minded parties, might want to consider
> > what would happen if one parent company owned *all* communications
> > media. Would they they be so supportive of the ideology of ownership
> > and communciation they espouse?

Indeed.  The EFF is a disgrace to the entire InterNet.
The EFF is definitely a censorship organization, and
it should never be trusted again.

> > ------
> > Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> > Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> > 
> > Truth (n.) - the most deadly weapon ever discovered by humanity. Capable 
> > of destroying entire perceptual sets, cultures, and realities. Outlawed 
> > by all governments everywhere. Possession is normally punishable by death.
> > 
> > 
> 






From aba at dcs.ex.ac.uk  Fri Nov 15 06:03:55 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Fri, 15 Nov 1996 06:03:55 -0800 (PST)
Subject: moderation vs filtering
In-Reply-To: <199611150347.TAA10625@netcom20.netcom.com>
Message-ID: <199611150156.BAA00364@server.test.net>



Vlad Nuri <vznuri at netcom.com> writes:
> >Cypherpunks does not seem to me to be anything like the well-
> >regulated lists you ascribe to Prof Volokh.
> >
> 
> Declan should rest his point here. the cpunk listis notorious
> for being way astray. yet cpunks continuously argue against
> anyone with a moderator type role. could there be some correlation
> between lack of moderation/leadership on the list and the 
> piles of noise that people incessantly complain about? of 
> course I'm insane for suggesting this.

Lack of a moderator doesn't preclude you from reading one of the
filtered lists.  If anyone doesn't want to take the time to filter
their own reading, they can subscribe to one of the filtered lists.
This gives you more choice than a centrally censored/moderated list;
you choose which filtered list to subscribe to, or to subscribe to the
unfiltered list, or to do your own filtering via kill files, junking
threads etc.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From adam at homeport.org  Fri Nov 15 06:35:30 1996
From: adam at homeport.org (Adam Shostack)
Date: Fri, 15 Nov 1996 06:35:30 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v02140b01aeb1a0ff57d2@[192.0.2.1]>
Message-ID: <199611151432.JAA26727@homeport.org>


	Most of the usual arguments about disallowing anonymity
actually apply to a Parliment.  There is a responsibility involved in
the execution of power.  

	This is not to condone attacking children, or killing ones
political opponents.  For an MP to imply that something he wants to
say will likely get him/his kids killed probably means that he wants
to use the power of the state in some way likely to quite upset at
least a few people.  If this is the case, then allowing him to
anonymously, and without responsibility, direct the power of the state
is congruent to tyranny.

	To answer the technical end of your question, you could build
a DC net where joining required a signed key, or build a mix which
will only accept messages signed by a member of the group.  If the
mixmasters all agree to only accept messages signed by the group, then
each mixmaster can be made a member of the group, and sign its
outbound messages as being recieved with a signature, allowing
anonymous chaining.

Adam

Peter Hendrickson wrote:
| I read awhile ago that certain members of Parliament do not speak
| their mind regarding the situation in Northern Ireland.  The reason
| they give is that they have children and they fear the IRA.
| 
| There are times when one wishes to speak anonymously, yet speak
| as a member of a group.
| 
| Is there a way to take published public keys and combine them with
| your own in such a way that your identity is not compromised, but
| it is clear beyond a doubt that you control one of a set of public
| keys?

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From m5 at tivoli.com  Fri Nov 15 07:05:50 1996
From: m5 at tivoli.com (Mike McNally)
Date: Fri, 15 Nov 1996 07:05:50 -0800 (PST)
Subject: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328C8654.4813@tivoli.com>


aga wrote:
> 
> No it ain't; not after the list gets so big.  Public newsgroups
> lose all rights of censorship by the owners, and that is law.

Guffaw, guffaw.

(So what if John decided simply to pull the plug on toad in order to
plug in a new hot tub?)

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!





From LISTSERV at MAIL.COMPCURR.COM  Fri Nov 15 07:09:36 1996
From: LISTSERV at MAIL.COMPCURR.COM (L-Soft list server at CCI (1.8b))
Date: Fri, 15 Nov 1996 07:09:36 -0800 (PST)
Subject: Command confirmation request (057CCA)
Message-ID: <199611151609.IAA16003@mail.compcurr.com>


Your command:

                           SIGNOFF NEWSLETTER

has been received. For security reasons, you are now required to reply to
this  message, as  explained  below,  to confirm  the  execution of  your
command. If  you have problems with  this procedure, you can  contact the
list owner directly (NEWSLETTER-request at MAIL.COMPCURR.COM)  and ask to be
manually removed from the list.

To confirm  the execution of  your command,  simply reply to  the present
message and type  "ok" (without the quotes) as the  text of your message.
Just the word "ok" - do not  retype the command. This procedure will work
with any mail  program that fully conforms to the  Internet standards for
electronic  mail. If  you receive  an error  message, try  sending a  new
message to LISTSERV at MAIL.COMPCURR.COM (without using the "reply" function
-  this is  very important)  and type  "ok 057CCA"  as the  text of  your
message.

Finally,  your command  will be  cancelled  automatically if  you do  not
confirm it  within 48h. After that  time, you must start  over and resend
the command to get  a new confirmation code. If you  change your mind and
decide that  you do NOT want  to confirm the command,  simply discard the
present message and let the command expire on its own.





From ph at netcom.com  Fri Nov 15 07:12:59 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 07:12:59 -0800 (PST)
Subject: [POLITICS] Re: Members of Parliament Problem
Message-ID: <v02140b01aeb231abd199@[192.0.2.1]>


At 9:32 AM 11/15/1996, Adam Shostack wrote:
>         Most of the usual arguments about disallowing anonymity
> actually apply to a Parliment.  There is a responsibility involved in
> the execution of power.

>         This is not to condone attacking children, or killing ones
> political opponents.  For an MP to imply that something he wants to
> say will likely get him/his kids killed probably means that he wants
> to use the power of the state in some way likely to quite upset at
> least a few people.  If this is the case, then allowing him to
> anonymously, and without responsibility, direct the power of the state
> is congruent to tyranny.

Please allow me to respectfully disagree.

Let's consider another issue: recreational drugs.  We can be pretty
sure that a sizeable number of Congressmen use marijuana and see
no reason for it to be illegal.  Yet, to speak about it would be
understood to be political suicide with possible legal repercussions.
Were Congressmen able to speak anonymously, such an issue could be
discussed.  It is more likely that good policy results from discussion.

Or, consider homosexuality.  We can be pretty sure that a significant
number of Congressmen are homosexual.  Yet, to discuss it would be,
for many, political suicide.  Many other Congressmen support
anti-discrimination laws for homosexuals, but are afraid to discuss
it.

Or, consider spending bills.  The Congress is spending our money
for us faster than they can collect it.  Nobody seems to really want
this to be happening, but they can't help it.  Discussion of the
issue may require alienating certain constituents or stating unpleasant
truths which would affect a Congressman's relationship with other
Congressmen.  Speaking anonymously would allow Congressmen to simply
speak the truth without fear of retribution, just like anyone else.

If a small group of people are upset enough to kill somebody for what
they say, I have difficulty immediately describing them as oppressed.
I am making no statement regarding any particular group.

What is more, I believe that political leaders should be subjected to
the same laws as everyone else.  Like many on this list, I do not
believe the citizens have any sort of responsibility to speak
non-anonymously.

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Fri Nov 15 07:16:12 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 07:16:12 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <v02140b02aeb235099c35@[192.0.2.1]>


At 9:32 AM 11/15/1996, Adam Shostack wrote:
>        To answer the technical end of your question, you could build
> a DC net where joining required a signed key, or build a mix which
> will only accept messages signed by a member of the group.  If the
> mixmasters all agree to only accept messages signed by the group, then
> each mixmaster can be made a member of the group, and sign its
> outbound messages as being recieved with a signature, allowing
> anonymous chaining.

I'll have to research this.  Thank you for the idea.

What I would really like to see is a way in which the "shields" are
not required to participate at all, other than by publishing their
public key.  If terrorists are involved, they may not wish to be on
the suspect list.

I've been toying with schemes that multiply the Ns from everybody's
public key to create a new semi-anonymous public key.  The only
problem is that in each case either identity is revealed or the
person seeking semi-anonymously reveals their secret key.  So,
I am not quite there.  ;-)

Peter Hendrickson
ph at netcom.com







From ph at netcom.com  Fri Nov 15 07:22:25 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 07:22:25 -0800 (PST)
Subject: Playing Cards
Message-ID: <v02140b03aeb239f7c4bb@[192.0.2.1]>


(My apologies to those who are seeing this twice.  I sent it
yesterday but it does not seem to have made it through.)

A number of us have been concerned about how PGP generates entropy.
Striking the keyboard beats using time as a source of random numbers,
but the degree of entropy is not well understood.  Are there machines
where - for some reason - the keyboard strikes fall into some sort
of pattern?

And that's just when you are generating your public/private key pair.
What happens when you are just generating 128-bit keys for individual
messages?  Where is the entropy coming from?  I don't understand
completely, but somehow PGP collects entropy from the system and then
runs it into IDEA and then uses the numbers from the output.  When the
program is not running, a pool of this data is kept in randseed.bin.

We already know it's a problem because it is hard to understand what
it is even doing, much less determine if it is consistent with sound
engineering practice.

This problem is certainly not confined to PGP.  A lot of people have
worked hard to make computers deterministic.  What do you do when you
need entropy?

Yes, you can buy a chip which generates random numbers at nearly any
bandwidth you like.  But, right there you have a problem.  How do you
know the output is really random?  The answer is that you do not.

Playing cards are a nice source of randomness because they are widely
available and their behavior has been under study for a long time by
people with strong financial reasons for finding flaws.  I slightly
prefer cards to dice because dice may be slightly predictable or even
loaded.

It would be nice if cryptography software would allow you to enter
randomly selected playing cards from time to time to increase the
entropy of keys.  Careful people (Black Unicorn?) would enter the
cards prior to sending each message.

A well shuffled deck of 54 cards has about 237 bits of entropy.  This
is easy to use: the program asks the order of the cards, converts this
to a string, and runs it through a one-way hash.  (Entering the cards
is a bit of a nuisance.  Is there an easy way to have them read
automatically?)

The Economist reports that seven riffle shuffles bring a deck "very
close to being random".  ("Science and Technology: How to win at poker
and other science lessons" The Economist, October 12, 1996, pp:88-89.)

Cards have other uses.  You can assign a (large) number to each
configuration of the deck.  This allows you to use a deck of cards to
represent numbers.  That is certainly convenient for generating large
random numbers.  I have included some Lisp code below which converts
both ways between shuffled decks of cards and unique numbers.

This could be quite useful for strong steganography.  Let's say you
have 230 bits you want to deliver across a border.  It is unlikely
that anybody will study a deck of cards very carefully.  Of course,
you need not limit yourself to cards.  Any set of objects which can be
ordered will do the trick.  For instance, a shelf with 100 books may
be used to store 524 bits.  One thousand books may store 8529 bits.
How many bits can you store in that database which is in apparently
random order?

You can hide your data in two decks.  There is a natural order to
cards: pick your favorite ordering of the suits and then do the rest
numerically.  However, if you shuffle one deck of cards and lay them
in a row, you could use that ordering to define the mapping of the
second deck of cards to numbers.  The Enemy may seize one deck or the
other, but without both, the number will not be revealed.  While I
hesitate to use the term, this is a one-time pad.  The first deck can
be thought of as the key and the second deck is the message.

How the Lisp Code Works
-----------------------

Let's use as an example a deck of five cards numbered from 0 to 4.
There are 5! = 120 combinations of these cards.  We can think
of each card as a "digit" in a slightly odd numbering system.

In decimal arithmetic, we have columns whose value increments by 10^0,
10^1, 10^2, etc.  In our numbering system of five cards, columns
increment by 0, 1, 2!, 3!, and 4!.

Consider the card sequence of (4 3 2 1 0).  We wish to compute the
value stored in the leftmost column.  Since there are five choices of
cards, this divides the number of possible combinations into five
pieces of 4! combinations each.  So, in this example, the value in the
first column will be 4*4! = 96.  This leaves us with cards (3 2 1 0).
We can look at this as a smaller number represented by a deck of four
cards.  This smaller number is added later to the larger number to get
the final total number for our original deck.  The first column of our
smaller deck is 3*3! = 18.  The next one is 2*2! = 4, the one after
that is 1*1! = 1, and the last card never matters because there is
only one card to choose (0*0!).  The total is 96 + 18 + 4 + 1 = 119.
This is the highest number we can represent with a deck of five
cards.

Consider the card sequence (0 1 2 3 4).  This is the smallest value we
can represent, 0.  The value of the first column is 0*4! = 0.  This
leaves us with (1 2 3 4).  But what has happened here?  We can't treat
this as a normal smaller deck because it is missing a card.  Besides,
1*1! = 1, which is not the zero we expected.  We must renumber the
cards so that it is a reasonable deck again.  The sequence of cards we
should really be looking at is (0 1 2 3).  This means the value of the
next column should be 0*3!.  Then we renumber the deck and continue
until we run out of cards.  The answer is 0.

For an exercise, what is the value of (4 2 1 3 0)? (Answer at end.)

Now, how do we construct the deck given only the number defining its
combination?  The code below is recursive.  It computes the first
digit and then calls itself to recursively find the remaining cards.
The cards returned are always an internally consistent deck of cards;
that is, if sorted they will be consecutively numbered starting from
0.  When a new card is inserted, the cards have to be renumbered to
accomodate the new one by incrementing every card which has the same
or greater face value as the card being inserted.  (Insertion is
slightly misleading here because you place the card at the head of the
list.  Insertion refers to the conceptual process of inserting the
card into the pre-existing order and adjusting the other values to
allow it.)

In other languages, this might be a little more complicated to
implement.  Lisp provides a nice bignum package and also (I believe) a
compiler which knows how to convert the recursive routines below into
iterative routines.  This code performs quite well even on a small
slow machine.

;;;-*- Mode: Lisp; Package: COMMON-LISP-USER -*-

(defun compute-combination-number (cards)
  "Converts list of numbered cards into a unique number representing
their order."
  (cond ((> (length cards) 1)
         (+ (* (car cards)
               (factorial (1- (length cards))))
            (compute-combination-number (renumber-cards cards))))
        (t 0)))

(defun renumber-cards (cards)
  "Removes lead card from deck, decrements higher numbered cards
by one so there are no gaps."
  (let ((renumbered-cards-reversed)
        (lead-card (car cards)))
    (dolist (card (cdr cards))
      (cond ((> card lead-card)
             (push (1- card) renumbered-cards-reversed))
            (t
             (push card renumbered-cards-reversed))))
    (reverse renumbered-cards-reversed)))

(defun reconstruct-deck (combination-number deck-size)
  "Converts unique number representing order of a deck of cards
and returns a list of numbers representing the deck."
  (cond ((not (<= deck-size 1))
         (multiple-value-bind (digit remaining-combination-number)
                              (floor combination-number
                                     (factorial (1- deck-size)))
           (insert-card digit (reconstruct-deck
                               remaining-combination-number
                               (1- deck-size)))))
        (t (list 0))))

(defun insert-card (new-card card-list)
  "Inserts a card into a deck, increasing by one every card which
is of higher or equal number so there are no duplicate cards."
  (let ((new-deck-reversed))
    (push new-card new-deck-reversed)
    (dolist (card card-list)
      (cond ((>= card new-card)
             (push (1+ card) new-deck-reversed))
            (t
             (push card new-deck-reversed))))
    (reverse new-deck-reversed)))

(defun factorial (number)
  (cond ((or (= number 1) (= number 0)) 1)
        (t (* number (factorial (1- number))))))

;;; Testing routines

(defun shuffle-deck (deck-size)
  (randomize-list (build-card-list deck-size)))

(defun randomize-list (some-list)
  (do ((randomized-list nil))
      ((null some-list) randomized-list)
    (let ((item-number (random (length some-list))))
      (push (elt some-list item-number)
            randomized-list)
      (setf some-list
            (remove (elt some-list item-number) some-list)))))

(defun build-card-list (deck-size)
  "Returns a list of consecutive numbers representing a deck of
cards."
  (do ((card-list nil)
       (count 0 (1+ count)))
      ((= deck-size count) card-list)
    (push count card-list)))

(defun identicalp (list-one list-two)
  "Returns non-nil if the two lists are identical."
  (eval (cons 'and (map 'list #'equal list-one list-two))))

(defun exhaustively-test-card-combinations (deck-size)
  "Verifies that the correct deck is reconstructed from the unique
order number for every combination of a small deck of cards."
  (let ((combinations (factorial deck-size)))
    (do ((combo-number 0 (1+ combo-number)))
        ((= combinations combo-number) t)
      (cond ((not (= (compute-combination-number
                      (reconstruct-deck combo-number deck-size))
                     combo-number))
             (warn "Test failed for ~D" combo-number))))))

(defun test-one-deck (deck-size)
  "Shuffles a deck of cards and verifies that it may be reconstructed
from the unique number representing its order."
  (let* ((original-deck (shuffle-deck deck-size))
         (reconstructed-deck (reconstruct-deck
                              (compute-combination-number original-deck)
                              deck-size)))
    (cond ((not (identicalp original-deck reconstructed-deck))
           (warn "Test failed for ~A" original-deck)))))

(defun test-many-decks (trials max-deck-size)
  "Shuffles trials decks of maximum size max-deck-size and verifies
that their order may be reconstructed from the unique number we compute."
  (do ((trial-number 0 (1+ trial-number)))
      ((= trials trial-number) t)
    (test-one-deck (1+ (random max-deck-size)))))

(defun complete-combination-test ()
  "Good test of all the card combination routines."
  (format t "Performing exhaustive test.~%")
  (exhaustively-test-card-combinations 6)
  (format t "Performing random test on large decks.~%")
  (test-many-decks 10 100))

;; (Exercise Answer: (4 2 1 3 0) = 111)







From jya at pipeline.com  Fri Nov 15 07:37:06 1996
From: jya at pipeline.com (John Young)
Date: Fri, 15 Nov 1996 07:37:06 -0800 (PST)
Subject: ABI_tch
Message-ID: <1.5.4.32.19961115153148.006c67a4@pop.pipeline.com>


   11-15-96. WaJo:

   "History of Software Begins With the Work Of Some Brainy
   Women"

      The Army called the women "computers." One day word
      spread that the brightest "computers" were needed to
      work on a new machine called the Eniac, setting dozens
      of dials and plugging a ganglia of heavy black cables
      into the face of the machine, a different configuration
      for every problem -- "programming," they came to call
      it. "The Eniac," says one woman, now 71, "was a son of
      a bitch to program."

   -----

   http://jya.com/abitch.txt  (6 kb)

   ABI_tch








From paul at fatmans.demon.co.uk  Fri Nov 15 07:38:57 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Fri, 15 Nov 1996 07:38:57 -0800 (PST)
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice
Message-ID: <848071227.510148.0@fatmans.demon.co.uk>



>          Since the IPG algorithm is impregnable, obviously no
>          individual, or collection of individuals, from said
>          Universities, the Cypherpunks, or the Coderpunks has been
>          able to crack the system. Of course, this inability to do the
>          impossible applies not only to the present but for all time,
>          for all eternity."


Look, 

do you seriously think that university researchers, professors and 
data security consultants have nothing better to do with their time 
than look at your pathetic collection of cryptographic stocking 
fillers.

I thought you had finally gone away when I saw no posts from you for 
about a week. I am depressed beyond belief to see you have returned 
to interrupt the flow of discussion.... Leave and never return...

I truly have never hear anyone speak as much bollocks as you in my 
entire life, even those who have studied the art for many years...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From dthorn at gte.net  Fri Nov 15 07:40:46 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 15 Nov 1996 07:40:46 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961112093119.7009B-100000@well.com>
Message-ID: <328C8847.49F7@gte.net>


nelson at crynwr.com wrote:
>  > So you disagree.  Well, the last sentence above says it all - this "list"
>  > that you and 1900+ other people spend so much time on is "just property"
>  > (like a slave), it's censorable (meaning freedom of speech is *specifically
>  > excluded*), and it's terminable without notice (meaning that it's really
>  > just one person's private fantasy, and we'll all bozos on the bus, as it were).

> Yup.  Clearly, then you will wish to start your own mailing list,
> which you will promise is not property, not censorable, and not
> terminable without notice.  Do it!  Don't let us tell you you can't
> (not that anyone is)!  I suspect that you will quickly change your
> opinion of mailing list owners.

I'll bet you're one of those people who tell your kids "Just wait 'till
you grow up - then you'll realize just how smart us parents really are",
etc. etc.  Am I right, Mr. Cliche?  Why do you even bother?







From dthorn at gte.net  Fri Nov 15 07:40:53 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 15 Nov 1996 07:40:53 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961114065326.11045D-100000@well.com>
Message-ID: <328C8BEE.4014@gte.net>


Declan McCullagh wrote:
> The mere fact that a privately-owned discussion group becomes popular does
> not mean that it becomes a public forum.
> Say I start a poetry mailing list to discuss Blake's writings. I have
> three people on it. One becomes obnoxious and emailbombs the list since he
> disagrees with my interpretation of "A Memorable Fancy." Do I have the
> right to kick him off? How is this different from a private poetry reading
> in my home?

A gentleman whose name I don't have once wrote:  "Freedom (if it is worth
something and to be preserved) is not the freedom to do whatever you want
to do, it is the freedom to do what you ought to do."

One could look at it both ways, of course.

But in all fairness, let's look at a seemingly unrelated example for
perspective:

Say I work in a software shop, and my boss, who has a big monitor and a
really good 1280 x 1024 video card, makes a large document with all kinds
of fonts, including very small ones, which he can see clearly on his
system.  He gives the .DOC to me to review, however, I have a cheap VGA
card and 12-inch monitor, and can't see much of the text clearly.

My boss gets on my case, and rides me because I'm stalling on the review,
since I can't see the text clearly.  I point out that he's not being fair,
but other people at work join his side and tell me that "He's the owner,
he has the right to do whatever he wants, including terminate your job",
and so forth.

(But he's still an asshole, you see).  You do understand that, yes?






From froomkin at law.miami.edu  Fri Nov 15 08:20:10 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Fri, 15 Nov 1996 08:20:10 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <3.0.32.19961112152531.00a068b0@rpcp.mit.edu>
Message-ID: <Pine.SUN.3.95.961115111117.23903H-100000@viper.law.miami.edu>


I think there's some funny accounting here...

On Tue, 12 Nov 1996, Joseph M. Reagle Jr., for whom I have considerable
respect and who ordinarily posts very sensible things but appears to have
lent his account to someone else appeared to have written: 

> o TAXES THOUGHT EXPERIMENT
> 
>  1) I generate $100 of productivity for my company

I will assume you measure productivity by "sales". 

Note also that it's debatable whether this $100 of sales is exactly "your" 
productivity.  In some sense it's really the company's, ie a joint product
of your labor, their capital, and the labor of other people in the
production/sales chain: If you could do it alone, you would, so as to
capture the full benefit yourself.  That is why economists sometimes
measure labor productivity by "salary" on the theory that the market
accurately measures what your output is worth.  

Note also that the analysis that follows is not really affected by whether
you meant "sales"  or "my contribution to the sale". 

>  2) Company is taxed %30, $70 left

No.  Company is NOT taxed on gross sales. Corporate income tax does not
work like sales tax.  With some minor exceptions relating to pass-through
rules, foreign sales, and some complex timing issues, corporate tax is
ordinarily levied on NET PROFITS.  Thus, the company first deducts all the
"costs" it can identify, even if those were not necessarily involved in
producing that (or any) sales.  E.g.  advertising, your salary, corporate
junkets, rent, etc.  And lets not forget corporate tax sheltering too... 

>  3) Company pay shareholders and costs, $30 is left

Again, no.  Shareholders come AFTER payroll and costs.

>  4) Company pays me

See above.

>  5) I pay 40% in taxes, so $18 left

I'm afraid you are conflating the MARGINAL rate (and when you consider
federal, state and local taxes varies by state) with the AVERAGE rate.
Here in FL. for example there is no state or local income tax.  With tax
sheltering, mortgage deductions etc. no one pays 40% -- the middle class
pay a lower average rate, the upper class pay a much lower average rate.

>  6) With $18 I can buy a $16.82 object (%07 sales tax).

By now we are into science fiction.

> 
> Results:
>  1) I see $16.82 realization from $100 productivity increase.
>  * Govt. gets $49.26 of my productivity, or nearly 3 times the amount I get.

Totally skewed, sorry.  I don't know what the real numbers are, but the
government gets *much* less than this.  I'm sure the aggregate numbers can
be found in the statistical abstract of the U.S. or the council of
economic advisors' annual report to the president, neither of which
happens to be in my office right now.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From dlv at bwalk.dm.com  Fri Nov 15 08:26:41 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 15 Nov 1996 08:26:41 -0800 (PST)
Subject: Get back on your medications....
In-Reply-To: <v03007800aeb10c74f181@[207.167.93.63]>
Message-ID: <RcTFXD2w165w@bwalk.dm.com>


"Timothy C. May" <tcmay at got.net> writes:
> (I also find his threats applied inconsistently, as when he advises one of
> his opponents that making a mention of "medications" may be "actionable,"
> while ignoring the many, many comments by me, Sandy, and others of our ilk
> about people needing to get back on their lithium or thorazine. And, by the
> way, it's _not_ actionable to make such jibes, at least not yet.)

Of course anything is actionable. Access to courts is a basic right.
Somebody flames by Timmy May and accused of being a Ritaline junkie (or
whatever) may file a defamation of character lawsuit. It would probably
be junked, but he can file.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From nobody at cypherpunks.ca  Fri Nov 15 08:50:20 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 15 Nov 1996 08:50:20 -0800 (PST)
Subject: Cryptoanarchy in the field
Message-ID: <199611151647.IAA01227@abraham.cs.berkeley.edu>



At 7:35 PM 11/14/1996, Sandy Sandfort wrote:
>On Thu, 14 Nov 1996, yet another John Anonymous MacDonald wrote:
                      ^^^^^^^^^^^

Problem?







From markm at voicenet.com  Fri Nov 15 09:00:38 1996
From: markm at voicenet.com (Mark M.)
Date: Fri, 15 Nov 1996 09:00:38 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <9611150643.AA01829@vesuvius.ai.mit.edu>
Message-ID: <Pine.LNX.3.95.961115114821.447A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996 hallam at vesuvius.ai.mit.edu wrote:

> Since Browne couldn't even manage fourth place, despite the attentions
> of the net it doesn't look as if the US people are particularly 
> inclined to the libertarian view. Nader managed a vote about 20%
> higher despite only running in a handful of states while Browne was
> on the ballot in every state. Contrary to Bellsclaim that the state
> is being challenged by libertarian and millitia ideas it looks to
> me that the tide is flowing in the opposite direction if its flowing
> at all.

Your logic is flawed.  Most registered voters have never even heard of Browne.
Those who have are probably not familiar with his views.  There are definitely
more people who have heard of Nader than Browne.  It's easy to understand why
this logic is incorrect: If Bob ran for president and the only people who voted
for him were three of his friends, this does not necessarily imply that there
are only three people in the entire country who have never heard of him.  It
does imply that Bob needs a lot more exposure.

If Browne's views were not popular, then he would have not been able to get on
the ballot in all 50 states.  Note that the libertarian party is the only
non-mainstream party in history to get a candidate registered in all 50 states
twice in a row.  It's also the third largest political party in the country.
The election turnouts for libertarian candidates for for senate and
representatives were published in many newspapers along with the democratic
and republican turnouts.  It was the only non-demopublican party listed.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoyiDCzIPc7jvyFpAQHe5wf+JqDGzgzAcdBmYoBf5/zOOk6OcyegPRE9
xodMzK58luKVSsq6aJIq11Q3XNeiKBdN9gkxHyEn3h8Xphappko+tZEqQp4SHcb3
HRNA872YFNU58ZWjTKOCRWteWEw3OCoEPq9GIQDf6exOwlVwJZ2qti+uG4ZyQoz1
pnO4nl2SW1zq/5T3Tq49O60slqxE3yFbcEQq75ZRKIISxDyCFLw6uL0hsg5lHYTi
m8V2BQX/STGC981IvxDtoNYsBMVj2EyZChVS0wqHmfn5b/KexisaeB1OO8Nq/DJ/
m5X1s3mk5gfVwwwHLIX84VsxQr/TrGTiV+GICOfc/miCUylGG/ZAFw==
=gisl
-----END PGP SIGNATURE-----






From markm at voicenet.com  Fri Nov 15 09:03:32 1996
From: markm at voicenet.com (Mark M.)
Date: Fri, 15 Nov 1996 09:03:32 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <AAA18C4332B@frw3.kub.nl>
Message-ID: <Pine.LNX.3.95.961115120321.447B-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996, Bert-Jaap Koops wrote:

> paul at fatmans.demon.co.uk wrote:
> > I know 3.0 uses discrete log cryptography but whether it will be 
> > El Gamal or DH or other I don`t know. I would imagine in the end it 
> > would come down to a question of what is unpatented first and I have 
> > no idea on the patent date for El Gamal (is it even patented?) but DH 
> > hasn`t long to go....
> 
> According to Schneier, ElGamal isn't patented, but claimed to be 
> covered by the Diffie-Hellman patent, which expires 29 April 1997.

Actually, it expires in either September or October of 1997.  The expiration
time of patents was changed from 17 after it is issued to 20 years after
application.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMoyi7yzIPc7jvyFpAQGhyAgAzdXoWBPJ6ZJPvU1Wksya1BmIYnq6owb2
vhOFWeDNuWX/X7m16dOlr4kdRCD7vV8ErOZXvgga0NSHqlKSJ2HD4gmFnFJLuZKn
OSh/mNRkkPKR4UypIjgnj4nLPTVkswldXFvJ43NGb2tJ25f/GjecZNQTDBaomcdZ
ZLExK4i/nY/xCY1N+If/gTzSPNgL/zldWQkc12M1Nn2dHPe7b74GFsUWEN7zgKnG
W5wdj7yzD9s6n1Jyk5zl8bDC386AchXqY1ikeaDU2CduEHNQjGWApWiPEJUZGRxJ
u77piV/dtjaecYlVxui91GnJ9VVRbDbPMaMNhbZrAGexTXXxKBnHbQ==
=vfjp
-----END PGP SIGNATURE-----






From hallam at vesuvius.ai.mit.edu  Fri Nov 15 09:14:48 1996
From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu)
Date: Fri, 15 Nov 1996 09:14:48 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <Pine.LNX.3.95.961115114821.447A-100000@gak.voicenet.com>
Message-ID: <9611151718.AA02034@vesuvius.ai.mit.edu>



>Note that the libertarian party is the only
>non-mainstream party in history to get a candidate registered in all 50 states
>twice in a row. 

Untrue, Ross Perot managed it and gained ten times the votes.
Also the natural law party managed it, a fact which kida points
to the significance of the achievement. 

>It's also the third largest political party in the country.

Also untrue, the Reform party is a considerably more significant 
force. 

	Phill





From nobody at huge.cajones.com  Fri Nov 15 09:29:47 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 15 Nov 1996 09:29:47 -0800 (PST)
Subject: ??????????????????????
Message-ID: <199611151729.JAA17912@mailmasher.com>



At 3:57 PM 11/14/1996, newtonm at papa.uncp.edu wrote:
>I have a breif question for all you folks out there.... 
>Does anyone know the email address and procedure for sending your mail via
>"cypherpunks" so that it changes your e-mail address so that the person 
>recieving your e-mail message sees on the mesage that its only from
>an anonymous source?

A customer!  You came to the right place, sir.

We are glad you asked us for assistance and we will do our best to
get you involved in the use of anonymous remailers.  The more people
who know how to use this technology, the better.

An anonymous remailer takes mail and forwards it after removing
identifying information.  However, this is not done by "sending
your mail via "cypherpunks" ".  The cypherpunks is just a mailing
list.  Instead, you send your message to one of the 20 or so
volunteer-run anonymous remailers.

Here are some URLs you may find helpful:

http://www.replay.com/remailer/anon.html
http://www.seattle-webworks.com/pgp/
http://www.stack.urc.tue.nl/~galactus/remailers/
http://www.cs.berkeley.edu/~raph/remailer-list.html

BTW, your subject line "??????????????????????" is likely to generate
hostility.  It is generally considered to be a breach of etiquette to
send a message to a large mailing list without indicating the subject.
For instance, a good topic for this message would have been "Help with
Anonymous Remailers".  Since you are clearly new to the net, I am sure
you did not intend rudeness.

Santa's Little Helper







From paul at fatmans.demon.co.uk  Fri Nov 15 09:29:56 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Fri, 15 Nov 1996 09:29:56 -0800 (PST)
Subject: The Key for the IPG 200 Megabytes at NETPRIVACY.COM
Message-ID: <848071226.510145.0@fatmans.demon.co.uk>



> In response to the numerous requests for us to post the key that we used
> to produce the almost 200 megabytes of raw encryptor stream at our web
> site, we are pleased to provide the ASCII values of same as follows: 

Numerous requests? - I was right, he is halucinating...


> In order for those few who have not had the opportunity to check it out,
> we will leave it up another week and then take it down and put up a
> new shorter one, maybe a 2,560,000 byte one permanently and a monthly
> 2,560,000 byte one where we publish the key each month. 

No-one wants to... 

> Of course, no university, coderpunk( no offense intended please), or
> cypherpunk , or any collection of same has broken the system, nor will
> they ever.  As most of you now know, it is unbreakable. We have had over
> 100 universities, IBM, Microsoft, Intel, several dozen different
> government agencies,  and thousands of others to download the data and
> look at the algorithm. Of course, like everyone else, they have been
> benighted.

Oh do be quiet you self satisfied smug little man.


Every single member of this list and indeed of other forums in which 
you post (I don`t know of any but I assume it is not just us you 
annoy) knows you are a fool.

Some while ago I seem to recall you offering to sell your company for 
one dollar if anyone could break your last algorithm, it was sumarily 
broken - why are you still owner of the company? - Oh I get it, they 
wouldn`t pay a dollar for it, neither would I. But seriously, was 
this you, and why didn`t you sell the company, and how are people to 
trust you now knowing this past debacle...

Go away, you are like an unpopular bore at a party who doesn`t seem 
to realise that everyone wants him to leave....

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From nobody at cypherpunks.ca  Fri Nov 15 09:35:08 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 15 Nov 1996 09:35:08 -0800 (PST)
Subject: Water supplies
Message-ID: <199611151729.JAA01932@abraham.cs.berkeley.edu>



It should be easy to poison a water supply and kill many people.
Yet, this never happens.  Why would this be?

Surely, there are malicious folks who want to do it.







From nobody at huge.cajones.com  Fri Nov 15 09:42:07 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 15 Nov 1996 09:42:07 -0800 (PST)
Subject: EFF Board, again
Message-ID: <199611151742.JAA20332@mailmasher.com>



Tim O'Reilly's been talking publicly about starting a "Sierra Club"
which would "protect" the "environment of the Net".  What does he want
to do?

It might be a way to tell companies what kind of software they can
publish and at what price.  ORA has been having trouble competing with
Microsoft.  Naturally, they cast themselves as altruistic good guys.

Whatever O'Reilly is talking about, it sounds like more trouble from
the general vicinity of the EFF Board.







From alzheimer at juno.com  Fri Nov 15 09:54:40 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Fri, 15 Nov 1996 09:54:40 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961115.103440.9159.1.alzheimer@juno.com>


Financial Times: Tuesday, November 9, 1996 
 
Visa Set to Test 'Electronic Purse' 
 
By George Graham
 
Visa, the international payments card consortium, has picked Leeds for a
trial
next year of its electronic purse, a plastic card with an embedded
computer
chip which can be loaded with cash and used for small purchases.
 
The Visa Cash card was launched last year in the US and widely promoted
this summer in Atlanta during the Olympic Games. Other pilots have been
launched in Argentina, Australia, Canada, Colombia, Hong Kong, New
Zealand and Spain. 
 
The card will clash directly with the UK-developed Mondex card, another
electronic purse about to be taken over by MasterCard. 
 
Mondex is currently on trial in Swindon, and at the universities of
Exeter and
York, and a Hong Kong trial was launched this week. 
 
Visa Cash will be launched by Abbey National, Barclays Bank, the
Co-operative Bank, Halifax Building Society, Lloyds TSB and the Royal
Bank of Scotland.
 
Visa said it did not expect banks to charge customers for the empty card
during the pilot. It hopes that 2,000-3,000 merchants will accept the
card. 
 
Electronic purses are designed to act as a substitute for cash for
regular
purchases such as newspapers or bus tickets. 
 
Because the money is already loaded on the card, a shop can accept it
immediately without a signature or a personal identification number, and
without a telephone call to the bank's computer for authorisation. 
 
That makes them economical for much smaller transactions than a credit or
debit card would be used for. 
 
But ordinary bank cards will soon also contain a computer chip. The
Association for Payment Clearing Services, which runs the UK's payment
systems, plans to start chip card trials next October in Bristol,
Edinburgh and
Northampton. 
 
Banks could start replacing the UK's 90m magnetic strip cards with chip
cards by next summer. 
 
The initial purpose is to produce a card that is harder to counterfeit
than
today's magnetic strip cards. 
 
But extra security features such as electronic signature recognition or
even
biometric keys -- retina scans or palm prints -- could also be loaded on
to
the chip. 
 
Plastic card fraud losses have halved in the last four years to #83.3m
last
year, and many banks now doubt whether chip cards will cut fraud by
enough to justify their extra cost. 
 
But bankers are also intrigued by the potential for using the chip to add
extra
services to their payment cards. 
 
 
American Banker: Wednesday, November 13, 1996
 
Mellon Starts Internet-Based Corporate Service
 
By STEVEN MARJANOVIC
 
Mellon Bank Corp. has launched an Internet-based electronic commerce
service for its corporate customers. 
 
The service, which uses encryption and authentication software from
Premenos Technology Corp. of Concord, Calif., lets corporate customers
send payments and related information to the bank over the Internet using
standard electronic data interchange formats. 
 
The deal is a new example of how banks are slowly growing more confident
about the security of sending sensitive payment and business information
over
the public network. 
 
Mellon says it is confident it can conduct secure transactions over the
open
medium after a six-month "testing" phase of Premenos' security features. 
 
The goal of the pilot was to "try to kill the software," by cracking its
public
key-private key data encryption features, said Mauro DeFelice, manager of
security and technical services at Pittsburgh-based Mellon. 
 
"We wanted to make sure we knew what our risk was," he said. 
 
A rising number of banks are looking to use the Internet as a channel for
corporate banking transactions. 
 
The attraction, according to Lawrence Forman, cash management analyst at
Ernst & Young, is that the Internet is much cheaper than alternatives,
like the
automated clearing house network or value-added private networks. 
 
But he said not all banks are comfortable with the Internet yet. Further,
he
questioned whether Internet security issues have been adequately
addressed,
and noted that many institutions, like Citicorp, remained "very wary of
it." 
 
Encryption measures are still relatively new technologies, Mr. Foreman
noted, and "as volume picks up, the incentive for criminals to break
these
algorithms will grow," he said. 
 
Several banks send and receive EDI payment transmissions over the
Internet,
including BankAmerica Corp., and Banc One Corp. 
 
Chase Manhattan Corp. recently struck a deal with Premenos to conduct
EDI transactions with Diamond Shamrock Inc., an oil refinery based in San
Antonio, Texas. 
 
Mellon's first customer for its new service is Bell Atlantic Corp. 
 
Mellon now issues as many as 10,000 payment and payment-related
transmissions daily. The bank receives files via the Internet, processes
them
with its EDI translation system, and initiates ACH transactions, Fed Wire
electronic funds transfers, or issues checks. 
 
Mellon has offered customers EDI services using payment formats found on
the ACH network for five years. The Internet's advantage, aside from its
ubiquity, is cheaper transmission rates. The deal between Mellon and
Premenos is mutually beneficial. 
 
Mr. DeFelice said the bank, which licensed Premenos' software at a
discount, can offer competitive EDI services to a larger market of
business
customers. Premenos gets access to Mellon's extensive corporate customer
base. 
 
Bell Atlantic at one point wanted to develop EDI software for the
Internet
with Mellon. But it scrapped those plans, opting instead to use software
Premenos had already developed. 
 
  
 
Financial Times: Tuesday, November 12, 1996
 
US Lawyers Turn to Fraud-Busting
 
In murder mysteries, getting rid of the body is the biggest problem.
Fraudsters face a different dilemma: they need to lay their hands on the
spoils
once the hue and cry has calmed. 
 
Two American lawyers have set up a company to prevent them doing just
that. Mr Irving Cohen and Mr Martin Kennedy believe there are enormous
opportunities for recovering money taken illegally. 
 
"The US Treasury has estimated that $ 500bn of off-shore funds are assets
protected from creditors," says Mr Kennedy, who has worked on bad debt
recovery with banks such as CIBC and Bank of Tokyo. The reason the
money is not recovered, he says, is because "there is no understanding
that
deliberately hidden assets can be recovered." 
 
Interclaim plans to take advantage of that with a form of global
factoring. It 
is looking for debts worth at least $ 5m, and with an average value of $
20m. 
 
"This is a completely new kind of company," Mr Kennedy says, "but it is
going to open up a field where there is going to be competition in five
to 10
years." 
 
The reasons large sums lie unrecovered are a combination of financial
services regulations and psychology. A bank faced with a probable bad
debt
is legally required to make provisions, but that act moves the debt from
a
profit centre to the bank's recovery or special loans department. 
 
More crucially, once the provision has been made, the bank and its
shareholders have already accepted the loss; it is written into the
accounts
and the impetus to pursue it is lost. "Institutions have lost their faith
in
traditional methods of recovery," Mr Kennedy say. According to KPMG,
the accountants, such methods usually recover 2-4 per cent of the debt;
Interclaim believes its recovery rates will be closer to 20 per cent. 
 
Part of that success will come from its "find, freeze and settle"
philosophy. It
aims to find the money and freeze the assets, thus immobilising the
fraudster
and bringing him to the settle ment table quickly. 
 
"These individuals are not interested in complying with the rule of law,"
Mr
Irving says. "And we are not interested in grinding through the
legislation for
five or 10 years. If we find someone whose 12-year-old daughter has $ 10m
in her bank account, we can be sure she didn't get that from a paper
round." 
 
The philosophy relies on an understanding of the fraudster and his
assumptions. He is, says Mr Kennedy, not only cunning but arrogant; he
regards his victims with derision. But criminals are also usually
pragmatic. So
when faced with an adversary who outwits them, they capitulate quickly. 
 
Interclaim either buys claims outright for between 0.5 per cent to 6 per
cent
of their value, or works with the institution in a joint venture. It will
spend
between $ 250,000 and $ 500,000 to enforce and prosecute a claim, though
the cost of recovery bears no relation to the size of the claim.
 
 





From andrew_loewenstern at il.us.swissbank.com  Fri Nov 15 10:12:33 1996
From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern)
Date: Fri, 15 Nov 1996 10:12:33 -0800 (PST)
Subject: Remailer Abuse Solutions
In-Reply-To: <v02140b05aeb13a70acf4@[192.0.2.1]>
Message-ID: <9611151747.AA00864@ch1d157nwk>


Peter Hendrickson writes:
>  E-cash, the product licensed by Digicash, offers full payee
>  anonymity and would be an ideal candidate.

Actually, the current impelmentation of ecash only offers _payer_ anonynmity  
and not payee anonymity.  If the payer reveals the blinding factors and/or  
coin numbers to the bank then the payee is caught when attempting to deposit.   
This on purpose, to prevent scenarios such as the kidnapping one from  
actually happening.  The solution, of course, is for the payee to generate and  
blind the coins and order the payer to have them signed.  Money changers are  
another option, but require you to trust them.


andrew





From jer+ at andrew.cmu.edu  Fri Nov 15 10:13:21 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Fri, 15 Nov 1996 10:13:21 -0800 (PST)
Subject: Mounting Crypted directories on Multiuser Machines.
In-Reply-To: <199611150654.AAA01811@smoke.suba.com>
Message-ID: <0mX=9z200YUe0_o5E0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

snow <snow at smoke.suba.com> writes:
<sniup description of user directories>
>        and inside each directory they have:
>  
>        /home/usr1/html/
>                  /files/
>                  /.login    
>                  /.usr1crypt
>  
>       such that /.usr1crypt gets mounted at _login_ time as a crypted file
>  system under /files.

Umm, I guess you could make mount setuid root or something. Is this
just a linux thing? But wait, there's more.  

>       Or am I missing something more basic? 

Yup.

>       It would seem that running something like this would do 2 things.
>    
>       1) It would be much more difficult to prove that a service provider 
>          knew what files a user was keeping lying around because unless
>          the user was logged in, not even the Sysadmin could "peek" at the
>          files.

There's nothing to prevent root from grabbing your password when you
log in. Root can see *everything.*

>       2) Provide the user with greater privacy. Users could keep PGP keys 
>          on the system without much risk, and as long as access was either
>          thru the console, or thru something like ssh, you should be rather
>          safe. 

If a user on the system has your password, they can edit your .login
to give them your filesystem password. If they have the root password,
well, you're screwed.

AKAIK, the only benefit od encrypted drives is that the sysadmin
cannot be forced to reveal the contents of the drive (5th amendment
and all). You could do the same thing on a multiuser system by having
one encrypted partition, and making symlinks from each user's
directory to their directy in the encrypted drive. This would be a bit
more efficient, I think.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMoyyeckz/YzIV3P5AQGrQwMAr+mOugO6IlmlXdOZzTKXHF/+gZCf5ZJe
qVan7XukQ/2xS1/kchSgnXJt5m00jDuwh/onfCblhb2eOKUP4+Wum93U9vXfEuxW
LJp6Za2S2xCK3oMa1InZtSGGFJkPFs6t
=HyQ2
-----END PGP SIGNATURE-----





From ddt at pgp.com  Fri Nov 15 10:32:03 1996
From: ddt at pgp.com (Dave Del Torto)
Date: Fri, 15 Nov 1996 10:32:03 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <847990496.613504.0@fatmans.demon.co.uk>
Message-ID: <v03100803aeb1b55e8a4e@[205.180.136.70]>


> Can someone confirm that PGP3.0 will use ElGamal?

Yes, it will.

________________________________________________________________________
Dave Del Torto                                      +1.415.65432.31  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web







From shamrock at netcom.com  Fri Nov 15 10:38:56 1996
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 15 Nov 1996 10:38:56 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v02140b02aeb235099c35@[192.0.2.1]>
Message-ID: <Pine.3.89.9611151034.A15706-0100000@netcom14>


On Fri, 15 Nov 1996, Peter Hendrickson wrote:

> At 9:32 AM 11/15/1996, Adam Shostack wrote:
> I've been toying with schemes that multiply the Ns from everybody's
> public key to create a new semi-anonymous public key.  The only
> problem is that in each case either identity is revealed or the
> person seeking semi-anonymously reveals their secret key.  So,
> I am not quite there.  ;-)

I think that Chaum wrote some papers on group signatures. I'll try to dig 
them out. But it probably won't be before Sunday.

--Lucky





From snow at smoke.suba.com  Fri Nov 15 11:04:50 1996
From: snow at smoke.suba.com (snow)
Date: Fri, 15 Nov 1996 11:04:50 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611151044.IAA25992@prometheus.hol.gr>
Message-ID: <199611151919.NAA01357@smoke.suba.com>


> At 12:19 =F0=EC 15/11/1996 -0600, snow wrote:
> (in the end)...
> >     That is what freedom is, the ability to _do it yourself_ not the=20
> >requirement that others do it for you, or allow you to use what they=20
> >have already built.=20
> Hey man, do they sell "FREEDOM KITS" in American Supermarkets? :-)
> ROTFL!

      Nope, you have to make your own. The Kit is mostly Education, which
is available to all. 

> (and started saying):
> [...]
> >> Just as suddenly, the classic anti-free-speech arguments of "if you
> >> don't like it, start yer own" begin to surface. (Anyone ever notice
> >> how this resembles the "love it or leave it" mentality of certain
> >> American patriotic organizations?)
> >     It still isn't censorship. Censorship, at least in my dictionary,=20
> >refers to censor, which uses the word "Official" several times.
> You mean that if... Dr. Dimitri Vulis hires a Mafia-man to kill ya,=20
> (to silence you) this wouldn't be censorship, since it would not be
> "Official"  ? :-)

     It would not be censorship, it would be Conspiracy to murder (I 
believe, the Legal types could give you the proper charge) on Vulis's part,
and attempted murder on the Hit Man's part. 

> 
> >Mr.=20
> >Gilmore is not an "Official" in a government sense, he maybe in the EFF
> >sense, but this is not an "Official" EFF organ, so that doesn't count.=20
> 
> OK, any bombs thrown in the offices of the Ecological Party are not
> official censorship either. It was _unofficial_ censorship by... "Motor
> Oil Corporation" trying to stop the Flow of Information (about their
> oil leakages polluting the Mediterranean Sea)... See what I mean?

     That is NOT censorship. A rake is not a shovel, you can dig with it,
but that doesn't make it a shovel. It simply isn't. 

> >     He is the OWNER of this list, and the machine it runs on. If he=
>  chooses
> >(which he didn't) to keep someone from using the list, it is his right.
> If I own a building and invite you to an open meeting inside this building
> do I own what you _say_ or your rights to _say_ it?=20

     Red Herring. Gilmore never claimed ownership over anyones writing, 
nor did he even make the claim that Vulis didn't have the right to 
say what he said, all he "claimed" (note quotes) was that Vulis wasn't 
welcome to say it here. 

> >     "Editorial Control" means that someone decides who get's published and
> >who doesn't. From your opposition to it, I guess you think that a magazine
> >dedicated to poetry should print all poems submitted, or as many, selected
> >in some sort of non-judgemental order, as they can fit. Or that a magazine
> >should print any writings submitted to it.=20
> See my other posting about why the "Editorial" analogy has serious flaws.

     I don't buy it.

> I don't see 'em mailing listes hangin' over the kiosk in the centre of

     Not yet. 

> town, ya know. Nor does the list-ownere make his bread out of 'em. And

     Wether he makes money off it or not is irrelevant. 

> finally, we readers aren't as stupid as to forget that we are also the
> WRITERS of them mailing listes! :-) :-)

     As the poets who send their drivel/art to a poetry mag. are the 
WRITERS of that magazine. 

> >> Mr. Gilmore, and other like minded parties, might want to consider
> >> what would happen if one parent company owned *all* communications
> >> media. Would they they be so supportive of the ideology of ownership
> >> and communciation they espouse?
> >     How would this happen? Setting up a press is fairly easy, at least=20
> >a small hand operated press. Start your own magazine, start your own
> >mailing list.=20
> 
> Bulshit!  If this happened, nobody would exist to allow us to express

     This doesn't make sense. 

> Are you telling us that setting up an entire _PRESS_ is fairly easy?
> Listen man, it's not. My printer (who printed the boxes for my software)
> will tell you this!  He'll also explain why my major competitor in Greece
> owns an entire Printing/Publishing house just for Computer Manuals
> (Singular S.A.).

     Setting up an entire Offset Web Press is difficult, setting up a 
press that will print on boxes and shit is not easy. Setting up 
a small hand operated press isn't that difficult. Note, I didn't say 
build, I just said set up. I have, in the past run a Vandercook Universal,
a small letter press. These are available used at very low costs by 
hobbyists all over America, and probably other parts of the world. Ture
your output is limited to what you can crank thru the press, but this
is just an example. 

    As I noted somewhere else, there are always Photocopiers, and 
small presses will never go away, there just is too much market for short
run stuff that the boys with the big presses don't want to deal with. 

> Setting up a mailing list is not _that_ easy, but it's still much more
> intricate and difficult than accepting the Basic Principles of Free
> Expression: DON'T KICK OUT GUESTS YOU INVITE TO "OPEN MEETINGS".
> (In the Internet or anywhere else in fact). If you don't like 'em
> guests don't invite them in the first place, or don't call your
> meetings "OPEN".

     Very few of the people on this list were "invited" most simply 
wandered in.

     Try this, organize a small "open meeting" of around 1500 to 2000
people. Show up, act like a fucking drunk, scream rude and untrue things
at the speakers, piss on the other guests. Let me know if people try
to get you to leave. 

> e.g. Just as aga tolerates me and vice versa, so should Gilmore
> tolerate Dimitri Vulis.=20

     It wan't his opnions, it was his actions. That is the difference.

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From attila at primenet.com  Fri Nov 15 11:23:30 1996
From: attila at primenet.com (attila at primenet.com)
Date: Fri, 15 Nov 1996 11:23:30 -0800 (PST)
Subject: Sarcasm for Jody. [WAS: Top Ten Corporate Security Needs?]
In-Reply-To: <199611151336.IAA00800@clipper.hq.tis.com>
Message-ID: <199611151923.MAA11169@infowest.com>


In <199611151336.IAA00800 at clipper.hq.tis.com>, on 11/15/96 
   at 08:35 AM, Jody C Patilla <jcp at tis.com> said:

:> "The Top Ten Corporate Security Needs of MIS"
:> 

:Since Mark Riggins wants free assistance in doing his marketing research,
:I can certainly oblige, but I would have to say that my clients tell me
:there are only three things they want:

:1. Total security.
:2. Totally transparent access from everywhere.
:3. And all of it for free.

:and there you have it, sports fans!
:- jcp

        ...truer words were never spoken;  and, when there is a problem,
    the man will call up and say "It dont work!..."  to which you ask:
    "OK, _what_ does not work?..."   and this sequence is repeated again
    and again  -ad nauseum--  "..._IT_ dont work!  I keep telling you!"  

       The call escalates all the way to your head freak, who has never
    suffered fools well... (and should never be permitteed to
    talk to a real customer, much less a prospective customer)...

        The probably simple problem (Maybe  ...it was unplugged?) is 
    resolved by the guru asking the client: "...why in the fuck would 
    you do something as 'stupid and ignorant' as _that_?!?).   

        Of course, the resolution is a lost customer....   "Minor
    problem,.." says the guru: "he's a jerk, we dont need him...."

        And, redder than a russian beet, cradling the talking instrument
    with plastic shattering impact, our beloved peter-principle
    corporate honcho screams at his staff:  "...I told you stupid nerds
    you should have gone with Bill Gates --someone smart!"

            -attila
--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila







From markm at voicenet.com  Fri Nov 15 11:28:03 1996
From: markm at voicenet.com (Mark M.)
Date: Fri, 15 Nov 1996 11:28:03 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <9611151718.AA02034@vesuvius.ai.mit.edu>
Message-ID: <Pine.LNX.3.95.961115141513.813A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996 hallam at vesuvius.ai.mit.edu wrote:

> >Note that the libertarian party is the only
> >non-mainstream party in history to get a candidate registered in all 50
> >states
> >twice in a row. 
> 
> Untrue, Ross Perot managed it and gained ten times the votes.
> Also the natural law party managed it, a fact which kida points
> to the significance of the achievement. 

Ross Perot isn't a political party.  The Natural Law Party most certainly did
not get registered in all 50 states twice in a row.  This is only their second
election and they only got registered in 36 states in 1992.  Ross Perot may
have gained ten times the votes, but he did it with 100 times the money.  He
also accepted matching funds.

> 
> >It's also the third largest political party in the country.
> 
> Also untrue, the Reform party is a considerably more significant 
> force. 

The Libertarian party has branches in all 50 states and has run candidates for
the senate and representatives.  The Libertarian party's homepage does say
that they are the third largest political party and the Reform party's page
does not seem to have any info on number of members or anything that would
contradict the Libertarian party's claim.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMozEsCzIPc7jvyFpAQHwvAgAgsY/u51gi5Di9UkgoT3YrghHjRyLq7Aw
lxeFPzkZ2WcNGqE8Hs8p8K0zf/sykANoHiO7hA4afTAKgAu2MtIRgiGTyxEz186Z
wmfKohkYLDiDWchXHKdjU/u9ll+jmlH2Frnc29baaSG+mWDEKWIB4cQkZHL0hD/c
CWXX4Acyi1kHC/AIM1TKDne2Taf7JMOzOXiRgR31P94zwjZyQ3QcfPWfG99Yk/gn
lp9drlH7jIM/8KciJh1O1/Kfuu75uitAyk/VDXJET10FtVVJa5h+YU/82AYlwuNk
jHEr8GUxkkQyN+aXLWW4Pjvc+nrlM50D41DTgHPJ8/rf8ATYORfcNQ==
=vUos
-----END PGP SIGNATURE-----






From markm at voicenet.com  Fri Nov 15 11:48:54 1996
From: markm at voicenet.com (Mark M.)
Date: Fri, 15 Nov 1996 11:48:54 -0800 (PST)
Subject: Playing Cards
In-Reply-To: <v02140b03aeb239f7c4bb@[192.0.2.1]>
Message-ID: <Pine.LNX.3.95.961115143422.813B-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996, Peter Hendrickson wrote:

> (My apologies to those who are seeing this twice.  I sent it
> yesterday but it does not seem to have made it through.)
> 
> A number of us have been concerned about how PGP generates entropy.
> Striking the keyboard beats using time as a source of random numbers,
> but the degree of entropy is not well understood.  Are there machines
> where - for some reason - the keyboard strikes fall into some sort
> of pattern?
> 
> And that's just when you are generating your public/private key pair.
> What happens when you are just generating 128-bit keys for individual
> messages?  Where is the entropy coming from?  I don't understand
> completely, but somehow PGP collects entropy from the system and then
> runs it into IDEA and then uses the numbers from the output.  When the
> program is not running, a pool of this data is kept in randseed.bin.

PGP uses the hash of the message to preprocess the randseed.bin file and
postprocesses it with the session key.  It uses the randseed.bin file as
a PRNG to generate the session key.

> We already know it's a problem because it is hard to understand what
> it is even doing, much less determine if it is consistent with sound
> engineering practice.

PGP uses a variation of ANSI X9.17 for key generation.  This is considered to
be a secure method.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.





-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMozI/CzIPc7jvyFpAQG+NAgAvPWsnTb7S/ohtHcyQG8DCaSlKtHt+FMF
4qtLNtBzi8Y27WRtl9HHojdgYGVxuT45e4W9r3WOtLjaMkrYPdIKUcxSABkhr3Zd
03pfVePg/ws3p+ynmpInMj8vr3lAYPlcFp5cPJdKl8WhZTSxXFCQ92q7xckzoW5S
J9iUiIgnYf8n7qcfNSQI9rVw2d3Dv6rccqdYtfNA+UUe6jlwIbooITZ89EhVHWzw
2BTZF+xOVenK058uQQFIzU99Bkaz35Hl3CC41TX/Ka2CZXBhAzjD++xtcapu1PE7
moEzKde5cgYZ+R1d7TZwvudkAtdlx7xo4GDfxI5O+KR+FOyDNqMdoQ==
=JTNn
-----END PGP SIGNATURE-----






From raph at kiwi.cs.berkeley.edu  Fri Nov 15 11:56:34 1996
From: raph at kiwi.cs.berkeley.edu (Raph Levien)
Date: Fri, 15 Nov 1996 11:56:34 -0800 (PST)
Subject: Cypherpunk chat server
Message-ID: <199611151953.LAA28022@kiwi.cs.berkeley.edu>


Cypherpunks,

   This is to announce the general opening of the cypherpunk Web chat
server. It is at:

      http://kiwi.cs.berkeley.edu:5080/

   For added privacy, there is an SSL version at:

      https://kiwi.cs.berkeley.edu:4433/

   I wrote this server to experiment with asynchronous stream
transformation programming techniques, and for fun. I hope it is of
some benefit to the cypherpunks community.

   Enjoy!

Raph





From gnu at toad.com  Fri Nov 15 12:05:10 1996
From: gnu at toad.com (John Gilmore)
Date: Fri, 15 Nov 1996 12:05:10 -0800 (PST)
Subject: HP announcing some International Cryptography stuff on Monday
Message-ID: <199611152005.MAA16893@toad.com>


Are they the next Big Company to knuckle under to the Feds?  Their
pcmcia-with-local-country-surveillance-chip-socket initiative never
seemed to go anywhere.

 PALO ALTO, Calif.(BUSINESS WIRE)Nov. 15, 1996 Hewlett-Packard Company 
today announced that Lewis E. Platt, HP chairman, president and chief 
executive officer, will host a press and analyst event on Monday, Nov. 
18, that will showcase the fact that a significant barrier to conducting 
secured business transactions and communications over the Internet has 
been cleared. 
   Expected to join Platt at the International Cryptography Framework 
announcement are Brad Silverberg, senior vice president of Microsoft(R)'s 
Internet Platform and Tools Division, and Ron Smith, senior vice 
president and general manager of Intel's Semiconductor Products Group. 
   The event will be held at 9:30 a.m. (registration at 9:00 a.m.) in the 
White and Murrow Rooms of the National Press Club, 529 14th Street N.W., 
Washington. 
   Members of the press and analysts should contact HP's Lisa 
Arruiza-DeLeon at 408/447-5331 to register for an event that will 
showcase an approach to solving the data security and integrity issues 
that have impaired and frightened users and companies from exploiting the 
full power of the Internet. 






From lordvidarr+ at CMU.EDU  Fri Nov 15 12:11:55 1996
From: lordvidarr+ at CMU.EDU (Adam Gulkis)
Date: Fri, 15 Nov 1996 12:11:55 -0800 (PST)
Subject: ideal secure personal computer system
In-Reply-To: <l03010605aeab7149a687@[152.3.87.2]>
Message-ID: <0mXAsVG00YUo0KeqY0@andrew.cmu.edu>


a locked startup disk is not a good idea, if it is even possible.
Most applications setup scratch space on the startup volume.  It would
be a better idea to setup a partition for applications and lock it, if
you feel that is necessary.  Norton DiskLock is a nice tool that
provides a startup password protection as well as screensaver
password.  It will request a password if the machine sleeps or to
reboot after a crash.

A. Gulkis
-------------------------------------------------------------------
Electronic and Time Based media? whats that?
                                http://valhalla.res.cmu.edu/vidarr/
President, Screaming Viking Research Labs
                                Reinventing Perceptions of Reality
pgp key: finger vidarr at valhalla.res.cmu.edu		
-------------------------------------------------------------------

tom bryce <tjb at acpub.duke.edu> writes:
> Here's a question: if one were designing for oneself a secure personal
> computer system, for use in, say, word processing, spreadsheet,
> communications, the usuals - what system would one purchase and how would
> one set it up?
> 
> For example, on the Mac I would envision this as the ideal system:
> 
> (1) Get a power mac
> (2) Partition the hard drive into two partitions:
>     install the system folder on one and a copy of CryptDisk
>     make this the startup partition and make it READ ONLY with aliases to
>     folders you want to be modiyfable (such as Eudora Folder in the sys folder)
>     place these folders on the encrypted partition
> (3) Completely fill the other partition with a CryptDisk file so there is no
>     room for other stuff to be written. Adjust the partition size if needed.
> (4) Install a screen saver (such as shareware Eclipse) that will password lock
>     the screen after a few minutes of inactivity, and set CryptDisk to dismount
>     the external partition after a few minutes of inactivity (or longer)
> 
> This would be a basic setup. If one had more complex ideas, such as setting
> it up so casual onlookers would not notice the system was protected, you
> could do things like have a decoy normal partition with system folder to
> boot from by default, to be bypassed with an external locked system folder
> disk, after which one could dismount the decoy partition and mount the
> encrypted partition.
> 
> If locking the startup volume turns out to be too much of a pain, one could
> install trashguard from Highware software and set it to triple overwrite
> deleted files, and otherwise not lock the startup partition.
> 
> How would things work on Windows 95? I imagine most of the old DOS-based
> encryption utilities may have compatibility problems with W95. What would a
> similar ideal system be for a PC?
> 
> Tom





From Tunny at inference.com  Fri Nov 15 12:16:47 1996
From: Tunny at inference.com (James A. Tunnicliffe)
Date: Fri, 15 Nov 1996 12:16:47 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961115201523Z-5419@landru.novato.inference2.com>


Aga wrote:
> > >Why?  Are you a criminal?
> > >What are you hiding behind your PGP?
> >
> > Okay, I'll bite.  Where is it said that a person who wants h[is,er]
> > privacy
> > is a criminal?  Charlie McCarthy might have said that.

[...deletia...]

> The more you PGP, the worse you look.  Nobody reads your e-mail,
> so stop being so paranoid.
>
> -aga

Sigh. I really don't have time for unimaginative trollers, and
you've caught your limit, so into the killfile you go. Still, I
would appreciate it if you could see your way clear to quit
posting these trolls on cypherpunks, since it does make it harder
to effectively filter the responses from people who make the
mistake of taking you seriously.

Thank you for your kind consideration,

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny at Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================




begin 600 WINMAIL.DAT
M>)\^(AH4`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0 at 36%I;"Y.;W1E`#$(`06 `P`.````S <+``\`
M# `/`!<`!0`D`0$@@ ,`#@```,P'"P`/``P`#P`8``4`)0$!"8 !`"$````Q
M.45"-#DQ148T,T1$,#$Q.3,P0S P04$P,$$U1C8P1 `B!P$-@ 0``@````(`
M`@`!!( !`$ ```!213H at 6U)%0E545$%,72!#96YS;W)S:&EP(&]N(&-Y<&AE
M<G!U;FMS/RP at 9G)O;2!4:&4 at 3F5T;'D at 3F5W<R `K!4!`Y &`/0&```:````
M`P`F```````#`#8``````!X`< `!````/ ```%M214)55%1!3%T at 0V5N<V]R
M<VAI<"!O;B!C>7!H97)P=6YK<S\L(&9R;VT at 5&AE($YE=&QY($YE=W,@``(!
M<0`!````&P````&[TRS")QY)ZGT]]!'0DPP`J@"E]@T``&Y*9P`#`"X`````
M``,`!A"T5Q>Q`P`'$$<#```>``@0`0```&4```!!1T%74D]413I72%D_05)%
M64]504-224U)3D%,/U=(051!4D593U5(241)3D="14A)3D193U524$=0/T]+
M05DL24Q,0DE415=(15)%25-)5%-!24142$%405!%4E-/3E=(3U=!``````,`
M$! ``````P`1$ `````"`0D0`0```+\#``"[`P``(@8``$Q:1G6BU5!"_P`*
M`0\"%0*D`^0%ZP*#`% 3`U0"`&-H"L!S973N, at 8`!L,"@S(#Q@<3`H,&,P1&
M`@!P<G$Q()<(50>R`H,T$P]F-0/%0Q2S$B)S=&5M`H!]%PJ ",\)V3L9GS(U
M-0\"@ J!#;$+8&YG,3 ^,Q0@"PH4(0OQ$W!G8:P@=P-@&' Z"H4^'T(@5VAY
M/R 3<64 at VGD(8" >8 4!;0N !T Z/Q[L805 "L @)&AI0F0+@&<@8F4BP&[&
M9" R!<!01U A*A[I`$]K87DL($DGTFP#(&)I&' N'^ ?H-\$D" @! `G``5 
M<PMP(X#2="(#(' $D',"(!YP+&AO'G `<'0$(&A;-00`+ 2071[I%-!I=KT`
MT'D>Z2<1((D?X$,1P69L") %T&-#"L GP'FR("#09V@%0!' =B @S2=W+ at J%
M"H5;+B_@#;"^;!(`!S OX2FV'N=4)L!_+9 %L" D(_$ET"? ("!W3P6P$? @
M,QDP;VLF at 4Z:;P;@9"V &:!A9 0 at V2.C92T`P ,0+![G*&#Q)V!T;W C(2+R
M-E$*L2T`<&\BT"[F/A[G+6';'E N_%,ML2: 2322)A!U+8!D`B G+>4P4 > 
M(-L"$ 7 =0,``,!G(.$P4+\[D at -@)A H0270`'!D"H7%($$G+B%C874MPB.C
M^RS0(-!T)= V40N -I RTS)K`Q!L9@,0("1G;WTF@%,P4"80)=$*A3,@=?)L
M(X!A<!30!9 ',!AP_R<R!I @,P6 at 0O(1\" C0K&?); @D# P"L% 87%U)E#Y
M"H5P;QA@(O(RX3-1/3-7!" H<2K <";!<#Q0:_,]H0"0;F-#PSL0!Y$`P/YK
M0\,1P02!"H5 80W!!9!_/.(ZX4$1&'!%\3'1&:!S_T;P`( 'D0-2*"$VH$$Q
M***_2B,RX0J%(- 88$HR;T0 at OT_1(O(@0A'P!1 (8',ZX/<N[3' `'!K(#,\
M$B.C4''_(X %H "!!($\T0(@-;92%O4\4&XJUCU6CU>?6*]9OZ(]"H4 at 2F$'
M at D$F@#U5PFE%L :02\ ?X"!\8R:@7/!E8CHBL ) <- Z+R]W7= N"X!+P L9
MH$EA+ at 6@;2]^=/]5V27 at 7B85$4C !;!4 at URR^2/Q($8B\4BQ!1 ",%U @2QQ
M02 R,R!%$B 21F+004-BL$0@,-EC8#<W6N9?`T!?UUZB3URA7,%F#Q_@,S9C
MH#=8($0Y9S!BT#-CD#/E$B U8M Y0U8?:;]JSR]KWUI>+OP8P0!O$ ! `#D`
M0&7"NS'3NP$#`/$_"00```(!1P`!````,0```&,]55,[83T at .W ]26YF97)E
M;F-E.VP]3$%.1%)5+3DV,3$Q-3(P,34R,UHM-30Q.0`````"`?D_`0```$H`
M````````W*= R,!"$!JTN0@`*R_A@@$`````````+T\]24Y&15)%3D-%+T]5
M/4Y/5D%43R]#3CU214-)4$E%3E13+T-./5153DY9````'@#X/P$````5````
M2F%M97, at 02X@5'5N;FEC;&EF9F4``````@'[/P$```!*`````````-RG0,C 
M0A :M+D(`"LOX8(!`````````"]//4E.1D5214Y#12]/53U.3U9!5$\O0TX]
M4D5#25!)14Y44R]#3CU454Y.60```!X`^C\!````%0```$IA;65S($$N(%1U
M;FYI8VQI9F9E`````$ `!S 0RY$3,=.[`4 `"#!P10V\,=.[`0,`#33]/P``
M`@$4- $````0````5)2AP"E_$!NEAP@`*RHE%QX`/0`!````!0```%)%.B `
M````"P`I```````+`",```````(!?P`!````4 ```#QC/553)6$]7R5P/4EN
M9F5R96YC925L/4Q!3D1252TY-C$Q,34R,#$U,C-:+34T,3E ;&%N9')U+FYO
7=F%T;RYI;F9E<F5N8V4R+F-O;3X``P(R
`
end





From dave at kachina.jetcafe.org  Fri Nov 15 12:40:53 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Fri, 15 Nov 1996 12:40:53 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611152040.MAA25591@kachina.jetcafe.org>


Mike McNally writes:
> Dave Hayes wrote:
> >  Symbolically, he punched holes in his ideology. That's my
> > opinion.
> Note that this is only true if John's ideology in the first place
> was what you think it was.  

Excellent point. In point of fact, even if John Gilmore explained
his ideology to me, I would *still* only have an ideology that was
what I thought it was. There is no chance that I can get John
Gilmore's exact ideology in my mind since our minds work differently. 

> He may have "punched holes" in the conception of John's ideology
> that you'd formed in your own mind, of course.

Yes, that is the case. Of course, my conception of "free speech" is
unique. I see no difference between a government, a group of network
administrators, or a panel of judges when it comes to censorship.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

The King decided to force his subjects to tell the truth. Nasrudin was 
first in line.  They asked him, "Where are you going?  Tell the truth
or be hanged"  "I am going," said Nasrudin, "to be hanged on that gallows."  
"I don't believe you."  "Very well, if I have told a lie, then hang me!" 
"But that would make it the truth!" "Exactly," said Nasrudin, "your truth."






From maldrich at grci.com  Fri Nov 15 12:42:45 1996
From: maldrich at grci.com (Mark O. Aldrich)
Date: Fri, 15 Nov 1996 12:42:45 -0800 (PST)
Subject: your mail
In-Reply-To: <9611140239.AA16352@cow.net>
Message-ID: <Pine.SCO.3.93.961115150059.22054E-100000@grctechs.va.grci.com>


On Wed, 13 Nov 1996, Bovine Remailer wrote:

> Foulmouthed <name snipped> rehashes his lies like a rabid parrot choking
> on a stale mantra stuck in its poisonous beak.

Obviously, we're taking "<user name> sucks" messages to a new level.
The author seems to be striving for some display of literary prowess,
albeit one that's a tad heavy on similes.

So that we can all save some time (why use valuable time to think of "you
suck" messages, when you can just have the computer build them for you?),
perhaps folks should take a look at the "Chomskybot" that's running at
"http://www.ling.lsa.umich.edu/cgi-bin/chomsky.pl".  Being familiar with
Noam Chomsky helps, but most everyone will see the value of what the site
has to offer.

By changing the initiating, subject, verbal and terminating phrases, the
Chomskybot should be able to provide exactly what's needed when trading
insults with other Cypherpunks.  We can have contests for "Best of Breed" 
(hell, we *already* have contests, it's just that nobody ever wins any
prizes), and "genre" categories based on upcoming events, holidays,
political headlines, etc.  Eventually, someone will link the Perl code
into procmail or cron, and we can have a new "<user name> sucks" message
automatically mailed to the list every few seconds by battling Cypherpunk
super-computer-powered "clans".  When enough automated insults fill the
list, human interaction will simply cease and then we can all enjoy the
enormous amounts of free time that we'll have since we won't actually
have to read anything any longer. 

So, we got any Perl programmers out there?

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich at grci.com       |
|What I paid                              | MAldrich at dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------






From tcmay at got.net  Fri Nov 15 12:45:42 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 15 Nov 1996 12:45:42 -0800 (PST)
Subject: A New Crypto Announcement--Could be Ominous
Message-ID: <v03007803aeb2869761df@[207.167.93.63]>


(My traffic from the Cypherpunks list comes in bursts interspersed by long
gaps, so I don't know if this has been reported. It seems significant to
me.)

A few excerpts:

H-P ( Hewlett-Packard Co ) says RSA Data ( Security Dynamics Technologies
Inc ) in codes deal

PALO ALTO, Calif., Nov 15 (Reuter) - Hewlett-Packard Co. said Security
Dynamics Technologies Inc's RSA Data Security Inc electronic encryption
company is involved in its planned announcement Monday of new advance in
encryption technology.

Hewlett-Packard said technology the company's Chairman and Chief Executive
Lewis Platt is due to detail at the National Press Club on Monday aims
to resolve this roadblock in the use of electronic commerce over the Internet.
   ^^^^^^^^^^^^^^^^^^^^^^[emphasis added by Tim]

Hewlett-Packard officials declined to give precise details, but said the
technology has already received backing from the U.S. government and other
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
governments which it did not name, as well as major industry players.

Senior executives of Microsoft Corp and Intel Corp are among those
scheduled to make presentations on Monday, Hewlett-Packard said, but it
declined to identify other companies whose technologies will be involved.

----end of item---

It sounds ominous to me. Another backroom deal, probably for some form of
key recovery strategy, aka GAK.

--Tim May, awaiting Monday's announcement with trepidation

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From frantz at netcom.com  Fri Nov 15 12:58:53 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 15 Nov 1996 12:58:53 -0800 (PST)
Subject: It is getting easier
Message-ID: <199611152058.MAA26324@netcom6.netcom.com>


At 11:25 PM 11/14/96 -0800, Lucky Green wrote:
>If I remember correctly, some of the newer transponders used on 
>commercial aircraft actually transmit GPS data back to the controller in 
>real time. I wonder how long it will be before the FAA will include such 
>information in their database.

I don't think new transponders make much difference.  The old ones heighten
the radar image of the airplane which gives an accurate 2D position.  This
position is automatically entered into the FAA computer which maintains the
ATC controller's display.  In the old style, altitude is determined by an
altimeter on the airplane which encoded into the transponder signal.

If newer transponders are returning GPS signals, the position may be more
accurate (but probably not unless they can decode the selective
availability signal).  (OBCrypto for those who care.)


>"To obtain the position of any passenger flight in the US within 10 
>meters, click here."

In either case, the Passenger Name Records for the flight are in the
airlines databases (and have been there for many years), and the airplane's
physical position is in the FAA's computer (and has been for many years). 
The ability to find the current position of an airplane, or a passenger
remains dependent on the incentives and disincentives for database linking
and application development.  There are no insurmountable technical
problems.  The technical problems are those of getting old-technology
software to do something new.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From frantz at netcom.com  Fri Nov 15 12:59:20 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 15 Nov 1996 12:59:20 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611152058.MAA26315@netcom6.netcom.com>


aga <aga at dhp.com> wrote:
>Let's stay on topic here -- John Gilmore is a censorous asshole
>for pulling Vulis's plug.  The topic has nothing to do with
>the Freedom-Knights.

At 12:19 AM 11/15/96 -0600, snow wrote:
>> [This is a rebuttal to a misguided news article.]
>> > Cypher-Censored
>> > By Declan McCullagh (declan at well.com)
>> >    The list is on Gilmore's machine and he can do what he wants with
>> >    it; he can moderate the postings, he can censor material, he can
>> >    shut the whole thing down. By kicking off an offending user, a
>> >    list owner merely exercises his property right. There's no
>> >    government involvement, so the First Amendment doesn't apply. And
>> >    the deleted, disgruntled user is free to start his own mailing
>> >    list with different rules.
>> 
>> Notice how, once the opposition is admitted to, the rationalization
>> begins. Suddenly this is not a matter of censorship, but of ownership.
>> Just as suddenly, the classic anti-free-speech arguments of "if you
>> don't like it, start yer own" begin to surface. (Anyone ever notice
>> how this resembles the "love it or leave it" mentality of certain
>> American patriotic organizations?)
>
>     It still isn't censorship. Censorship, at least in my dictionary, 
>refers to censor, which uses the word "Official" several times. Mr. 
>Gilmore is not an "Official" in a government sense, he maybe in the EFF
>sense, but this is not an "Official" EFF organ, so that doesn't count. 

Even more important is the fact that Mr. Gilmore did not prevent Mr. Vulis
from speaking.  No restraint on speech implies no censorship.  Therefor Mr.
Vulis was not censored.  Q.E.D.

You all are perfectly free to like or not like what Mr. Gilmore did. 
However, don't call it censorship because it wasn't.

-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From frantz at netcom.com  Fri Nov 15 12:59:26 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 15 Nov 1996 12:59:26 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <199611152058.MAA26346@netcom6.netcom.com>


At  1:44 PM 11/13/96 +0000, Adam Back wrote:
>A very good idea.  There was some discussion of this kind of thing a
>while back about doing this for Singapore.  The suggestion at the time
>was not to do it perfectly, but rather to arrange something simple to
>allow people to circumvent the censorship enforced through their
>compulsory use of a government censored web proxy.

I hope it is ready.  To quote from William Safire's 11/14/96 NYT column:

"Let's run a test.  "Information Technology and Political Control in
Singapore" is a paper just issued by Prof. Gary Rodan of Murdoch University
in Perth, Australia, distribued by Chalmers Johnson of the Japan Policy
Research Institute in Cardiff, Calif.  It's on this web site:
http://www.nmjc.ord/jpri/.

"If Lee blocks access, Singaporeans, try E-mail: cjohnson at ucsd.edu.  But be
careful, global business executives: the Architect of the New Century [Lee
Kuan Yew - wsf] may be monitoring everything you download."


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From dave at kachina.jetcafe.org  Fri Nov 15 12:59:31 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Fri, 15 Nov 1996 12:59:31 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611152059.MAA25768@kachina.jetcafe.org>


> Umm, even if we accept Dave's claim that Gilmore pinched holes in 
> his ideology, these holes are no bigger than Dave Hayes's own holes,
> since he exercises censorship of Freedom Fighters mailing list.

Firstly, there is no "Freedom Fighters" mailing list. 

I have done nothing Gilmore didn't do. People can still send their
missives to freedom-knights without being subscribed.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

A person being delivered from the danger of a fierce lion does not object
whether this service is performed by unknown or illustrious individuals.

Why, therefore, do people seek knowledge from celebrities?







From nobody at huge.cajones.com  Fri Nov 15 13:12:35 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Fri, 15 Nov 1996 13:12:35 -0800 (PST)
Subject: Media seekers, reputation and banishment
Message-ID: <199611152112.NAA21513@mailmasher.com>



> A community offers few punishments for asocial behavior. Killfiles
> are partly effective. But the strongest punishment is banishment.

The "community" didn't decide anything.  John Gilmore did.  His
machine, his mailing list, his decision, and his responsibility.

> The issue is "do we individually banish asocial louts or
> collectively?" and of course how do we decide who to banish.

Collectively => ban for people who don't want to ban the person.

> All of this is certainly easier when done individually yet it is
> often prudent and effective to have someone take action when they
> are in a position to do be effective. Gilmore acted properly in my
> opinion. And DV remains in my killfile.

If you still need a killfile, Gilmore wasn't very effective, was he?







From dave at kachina.jetcafe.org  Fri Nov 15 13:15:12 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Fri, 15 Nov 1996 13:15:12 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611152113.NAA25851@kachina.jetcafe.org>


>      So you are explaining your problems in advance. Good, it tells 
> thoughtful readers to take you with a grain of salt.  

What a wonderfully self-referential statement. That's exactly what
this statement does for you...

> > In person-to-person interaction, one's only real defense against what
> > one decides to call "unwanted" is to remove oneself from the arena of
> > interaction. It may not be possible to ignore or run away from certain
> > sources of input. 
>      You forget "shutting down" the source of input. Turning off the 
> radio, TV etc, or turning off the person speaking. 

If people have difficulty ignoring those on a mailing list or
newsgroup that they do not like, how can you expect them to know about
this herculean feat of responsibility?

> > >    The list is on Gilmore's machine and he can do what he wants with
> > >    it; he can moderate the postings, he can censor material, he can
> > >    shut the whole thing down. By kicking off an offending user, a
> > >    list owner merely exercises his property right. There's no
> > >    government involvement, so the First Amendment doesn't apply. And
> > >    the deleted, disgruntled user is free to start his own mailing
> > >    list with different rules.
> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)
>      It still isn't censorship. 

Call it what you will. In my eyes, here is someone who is attempting
(ineffectually, which is perhaps deliberate) to stop messages from
being sent to another human which used to be sent to that other human.

Censorship? Ownership? Why does ownership justify dishonor?

> Censorship, at least in my dictionary, refers to censor, which uses
> the word "Official" several times. Mr.  Gilmore is not an "Official"
> in a government sense, he maybe in the EFF sense, but this is not an
> "Official" EFF organ, so that doesn't count.

But he is an official of the list. Censorship is not just practiced by
governments...

>      "Editorial Control" means that someone decides who get's published and
> who doesn't. From your opposition to it, I guess you think that a magazine
> dedicated to poetry should print all poems submitted, or as many, selected
> in some sort of non-judgemental order, as they can fit. Or that a magazine
> should print any writings submitted to it. 

Resistance to lack of editorial control prevents one from seeing
the true nature of ideologies and opinions. Maybe you don't want this,
but why deny it to others? Still...

>      I run 4 mailing lists, one is personal, one is in the process of coming
> online, and 2 are up and running. One of these has a rule: No Politics allowed.
> I guess I am a pathetic little censorous worm huh? 

If that is what you wish to call yourself. I maintain no such position.

>      That is what freedom is, the ability to _do it yourself_ not the 
> requirement that others do it for you, or allow you to use what they 
> have already built. 

Freedom is anything but categorizable in the terms you are using.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

It has been said that man is a rational animal.  All my life I have
been searching for evidence which could support this.





From rah at shipwright.com  Fri Nov 15 13:43:42 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 15 Nov 1996 13:43:42 -0800 (PST)
Subject: Internet banking: more on Mbanx
Message-ID: <v0300781aaeb232b7b23d@[206.119.69.46]>



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: Enzo Michelangeli <enzo at ima.com>
MIME-Version: 1.0
Precedence: Bulk
Date: Fri, 15 Nov 1996 17:28:50 +0800 (hkt)
From: Enzo Michelangeli <enzo at ima.com>
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: Re: Internet banking: more on Mbanx

On Fri, 15 Nov 1996, networks at vir.com wrote:

> Unfortunately, their promotional literature does not go
> into their Internet services.  The information I was given over
> the phone was that by signing up they would supply me with
> the 128bit version of Netscape for secure transactions.

People outside of the US may be interested to know that there is a small,
fully legal, free browser with 128-bit SSL security: it's called
WorkHorse, and is available with ftp from ftp.mkt.co.uk (that must have
got a 110 bps feed, if the connection speed is of any indication). The
link inside Banknet's home page, at http://mkn.co.uk/bank/, seems to be
wrong and anyway most browsers time out before getting connected.

WorkHorse's interface is pretty ugly and the rendition is buggy, but the
SSL connection does work: I got through mbanx's "Sign in" link
at http://www.mbanx.com/banxing/5welcome.html , whereas MSIE and NS3 were
kicked out due to their 40-bit RC4 limit.

Enzo




--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From eb at comsec.com  Fri Nov 15 13:46:06 1996
From: eb at comsec.com (Eric Blossom)
Date: Fri, 15 Nov 1996 13:46:06 -0800 (PST)
Subject: 3DES export stories? [was: British Telecom merger with MCI]
In-Reply-To: <Pine.SUN.3.91.961105090403.5329B-100000@tipper.oit.unc.edu>
Message-ID: <199611152126.NAA02273@comsec.com>


> On Mon, 4 Nov 1996, Adam Shostack wrote:
> 
> > Phil Karn failed to get an export license for 3des for foriegn offices
> > of Qualcomm, staffed by Americans.  See
> > www.eff.org/pub/Crypto/ITAR_export/nsa_3des_export_denial_0396.letter 
> 
> [whoops] 
> That's unusual - certainly, for the bigger companies it seems to be pretty
> automatic, especially for NATO countries. Of course, it could just be that 
> Phil is "known to the authorities". 

Sorry that the follow up is so late,  but can anyone give me *any*
examples where export of 3DES has been approved?  Please be as specific
as possible as to destination countries, use, etc.  First hand
knowledge is preferred.

Thanks,
Eric Blossom





From froomkin at law.miami.edu  Fri Nov 15 13:53:33 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Fri, 15 Nov 1996 13:53:33 -0800 (PST)
Subject: HP announcement re encryption (fwd)
Message-ID: <Pine.SUN.3.95.961115165515.27778A-100000@viper.law.miami.edu>


---------- Forwarded message ----------
Date: Fri, 15 Nov 1996 16:27:22 -0500 (EST)
>From: Ross Stapleton-Gray [email was here]
Subject: HP announcement re encryption

>From Reuters... for those in the DC area, it'll be at the National Press
Club at 8am Monday...


PALO ALTO, Calif. (Reuter) - Hewlett-Packard Co. said Friday that it will
unveil a breakthrough agreement on Monday in the long-deadlocked debate
over software encryption, a development that could eliminate a key
impediment to the growth of electronic commerce via the Internet.

A spokesman said H-P Chairman and Chief Executive Lewis Platt will provide
details of a deal involving computer industry leaders, the Clinton
administation and other governments at a press conference in Washington. 


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 








From Mullen.Patrick at mail.ndhm.gtegsc.com  Fri Nov 15 13:57:36 1996
From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick)
Date: Fri, 15 Nov 1996 13:57:36 -0800 (PST)
Subject: Remailer Pricing
Message-ID: <n1364045177.55582@mail.ndhm.gtegsc.com>


Peter Hendrickson's electrons stated
>It looks like I wasn't perfectly clear again.  Sorry about that.  The user
>does not tell anybody whether or not the mail has been read.  In fact,
>it's nobody's business but their own.  This is the advertiser's problem,
>and I don't really care whether they solve it.  In fact, the user does
>not have to put the remailer on the accept list.  He or she just has
>to tell the remailer operator that they would like to receive a dollar
>(or whatever) if the remailer operator sends them any mail.

Small point, but noted.  I thought the word "read" was mentioned, but 
obviously it was "received"...

Perhaps we've been thinking about anonymous mail the wrong way.  Is it
like the U.S. Post Office where you have to physically go someplace,
buy a stamp, physically write your message, put it in a physical envelope,
carry it to a box someplace, and then wait (maybe four days) for it to
arrive, all for "only" 32 cents?  Or is it more like Federal Express
where you pay 20 bucks and it arrives the next day, for sure, every time?

Earlier today somebody sent a message about his scary former employers
and (apparently) how they just kill people.  Would that person pay, say,
$5 to have the message delivered reliably and very anonymously?  My
judgement is that it would be worth every penny, and probably more.

>Right now the remailer network is a mess.  There just aren't that many
>remailers operating in a timely and reliable manner.  I am not knocking
>the remailer operators for this, it's just clear that "free" doesn't
>make it worth their while to keep the remailers operating perfectly
>at all times.

Very true.  This strengthens my point that the remailer operator would
want a piece of the pie, as well...

>A good pricing strategy for remailers would be to charge, say, $1 for
>instant delivery, $.50 for 30 minute delivery, etc.  To generate
>interest, 4 hour delays could be imposed for free remailing, if the
>resources are available.

fTotalCostOfDelivery = fCostOfReceipt + nRemailersUsed * fRemailerCost

Obviously, nRemailersUsed is only necessary for anonymous chaining...

Don't get me wrong, there's nothing meant by this equation, no point 
trying to be made, nothing.  I'm just showing you the pricing strategy.

I strongly agree with you that paying for remailer use would greatly 
improve service, and would probably be a good thing.  In the case of
chaining, there would have to be a great deal of trust involved so none
of the remailers stole all the postage w/out forwarding the message.  
(Just a thought, anyway)

Here's an idea I was tossing around sometime earlier--
One capitalist idea that would invalidate this theory.  A remailer would
make a lot of money if they made a deal with an advertiser, esp. an 
advertising agency (containing ads for many companies, if I chose the 
wrong words) if they eliminated incoming postage, and possibly paid outgoing 
postage or had the ad agency pay the postage (within limits, of course).
The remailer would then tag on advertisements to each mailing.  Direct
marketing (Note: This is what we're trying to avoid, but I see it happening)
The non-charging remailer would become wildly popular, as they don't 
charge postage, and they would be fast, because they would have corporate
sponsorship.  This idea is *far* from being farfetched; it exists now.
Every mail I receive at my free geocities account has an ad attached.

Patrick







From ph at netcom.com  Fri Nov 15 14:06:37 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 14:06:37 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
Message-ID: <v02140b0faeb28e92a655@[192.0.2.1]>


At 1:02 PM 11/15/1996, Bill Frantz wrote:
>At  1:44 PM 11/13/96 +0000, Adam Back wrote:
     ^^^^^^^^^^^^^^^^^^^^^^
>> A very good idea.  There was some discussion of this kind of thing a
>> while back about doing this for Singapore.  The suggestion at the time
>> was not to do it perfectly, but rather to arrange something simple to
>> allow people to circumvent the censorship enforced through their
>> compulsory use of a government censored web proxy.

> I hope it is ready.  To quote from William Safire's 11/14/96 NYT column:
                                                      ^^^^^^^^

> "Let's run a test.  "Information Technology and Political Control in
> Singapore" is a paper just issued by Prof. Gary Rodan of Murdoch University
> in Perth, Australia, distribued by Chalmers Johnson of the Japan Policy
> Research Institute in Cardiff, Calif.  It's on this web site:
> http://www.nmjc.ord/jpri/.

> "If Lee blocks access, Singaporeans, try E-mail: cjohnson at ucsd.edu.  But be
> careful, global business executives: the Architect of the New Century [Lee
> Kuan Yew - wsf] may be monitoring everything you download."

Guess Safire hits the Cypherpunks list when he needs material!

Peter







From froomkin at law.miami.edu  Fri Nov 15 14:08:15 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Fri, 15 Nov 1996 14:08:15 -0800 (PST)
Subject: Clipper 3.11 executive order
Message-ID: <Pine.SUN.3.95.961115171049.27778D-100000@viper.law.miami.edu>


http://library.whitehouse.gov/PressReleases.cgi?date=0&briefing=4 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From blancw at microsoft.com  Fri Nov 15 14:10:07 1996
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 15 Nov 1996 14:10:07 -0800 (PST)
Subject: Leadership and Inscrutable Deficiencies
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961115220908Z-7244@INET-01-IMC.microsoft.com>


From:	Vladimir Z. Nuri, in his Ancient Warrior mode:

I think many people need to learn a lesson that cyberspace doesn't
change certain basic realities, such as how important a dynamic leader
is in forward motion in any area. but they
will have plenty of opportunities to learn over the next few years and
decades. and I'll be snickering in the sidelines as long as they wonder
aloud why their realities are as they are and they find the deficiencies
therein inscrutable.
.....................................................

Oh, Nuri, you're so Morally Superior and so far above us, being more
"up" than anyone on inscrutable deficiencies.    I find it incredible to
realize that it will take *years* in cyberspace before I learn about the
immutability of basic realities (and maybe about the Incommensurability
of the Diagonal, too).  

Definitely it will be a very, very long time before I feel the need of
being led (around, by the nose?), in place of exercising self-control
and reasoned judgement.


   ..
Blanc






From froomkin at law.miami.edu  Fri Nov 15 14:24:43 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Fri, 15 Nov 1996 14:24:43 -0800 (PST)
Subject: Mirror of new export control regulations
Message-ID: <Pine.SUN.3.95.961115172400.27778G-100000@viper.law.miami.edu>


Because it appears that the whitehouse URL changes daily for press
releases, I've put a link to a copy of the text of the rules at the top of
my homepage.  You can also skip straight to it at:

http://www.law.miami.edu/~froomkin/nov96-regs.htm

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From minow at apple.com  Fri Nov 15 14:47:28 1996
From: minow at apple.com (Martin Minow)
Date: Fri, 15 Nov 1996 14:47:28 -0800 (PST)
Subject: One Big Telecoms Company
In-Reply-To: <3.0b36.32.19961115075321.006e0500@panix.com>
Message-ID: <v03007810aeb2a32160e2@[17.202.40.158]>


>At 07:02 PM 11/14/96 -0800, Dave Del Torto wrote:
>
>There are now 150 Long Distance telephone companies in the US vs 1 when I
>was a kid.
>
>There are now 5 or 6 broadcast and 150 cable TV networks in the US vs 3
>when I was a kid.
>
>There will soon be 5 cellular and PCS companies in NYC vs 0 when I was a kid.
>
>There are now 6000 ISPs vs 0 when I was a kid.
>

Better grow up quick, Dave, I can't take much more change.

Martin Minow
minow at apple.com








From hallam at vesuvius.ai.mit.edu  Fri Nov 15 15:01:24 1996
From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu)
Date: Fri, 15 Nov 1996 15:01:24 -0800 (PST)
Subject: New Cryptography Regulations
Message-ID: <9611152305.AA00627@vesuvius.ai.mit.edu>



The changes themselves are pretty technical

http://docs.whitehouse.gov/white-house-publications/
 1996/11/1996-11-15-exec-order-on-crypto-export-controls-administration.text



http://docs.whitehouse.gov/white-house-publications/
 1996/11/1996-11-15-president-letter-on-change-in-crypto-export-control.text


The main change is that from now on the decisions are to be made 
by the department of commerce and not by the department of state.

This is probably good news since the commerce department has the
interests of industry as its primary mission.

There is a third document I believe but its not yet been issued.


		Phill





From mccoy at communities.com  Fri Nov 15 15:01:56 1996
From: mccoy at communities.com (Jim McCoy)
Date: Fri, 15 Nov 1996 15:01:56 -0800 (PST)
Subject: ideal secure personal computer system
In-Reply-To: <l03010605aeab7149a687@[152.3.87.2]>
Message-ID: <v03007805aeb2a4bb46e0@[205.162.51.35]>


Adam Gulkis <lordvidarr+ at CMU.EDU> writes:
>a locked startup disk is not a good idea, if it is even possible.
>Most applications setup scratch space on the startup volume.

And it is this sort of scratch space which the user does not want
to have on the unencrypted partition.  Unless the _system_ requires
writable area on the startup volume there is no disadvantage to locking
that volume.  Once the system is up and running use alias folders in the
system folder for those apps which are inconsiderate enough not to
ask you where they will be creating temp space.

jim







From mccoy at communities.com  Fri Nov 15 15:03:06 1996
From: mccoy at communities.com (Jim McCoy)
Date: Fri, 15 Nov 1996 15:03:06 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v02140b02aeb235099c35@[192.0.2.1]>
Message-ID: <v03007804aeb2a16c7fc4@[205.162.51.35]>


Lucky writes:
>
>> At 9:32 AM 11/15/1996, Adam Shostack wrote:
>> I've been toying with schemes that multiply the Ns from everybody's
>> public key to create a new semi-anonymous public key.  The only
>> problem is that in each case either identity is revealed or the
>> person seeking semi-anonymously reveals their secret key.  So,
>> I am not quite there.  ;-)
>
>I think that Chaum wrote some papers on group signatures. I'll try to dig
>them out. But it probably won't be before Sunday.

There are several types of "group signature" schemes out there.  The one
which Chaum wrote about was signatures which require a group to perform
verification of the signature in relation to his undeniable signature
system (Lidong Chen advanced this a bit further to make the scheme more
general.)  There are also systems in which group or subset of a group is
necessary to sign the message, the original work was by Yves Desmet in his
paper "Social Cryptography" in Crypto 88 or 89 I think.  There have been
various advancements on these systems, with different threshold schemes
applied, the ability to have "super-votes" among the shares or veto schemes,
mechanisms using distributed computation to securely perform the signing
or encryption, as well other bells and whistles.  At one point I was thinking
about such systems in the context of the DNSSEC work as a means for creating
a pseudonymous top-level domain with the same mechanisms for adjudication and
dispute resolution as the current system through group signatures but had to
set it aside to work on something a bit more practical.  If anyone is really
interested I could probably put together a fairly comprehensive listing of
the literature in this particular area...

jim








From security at kinch.ark.com  Fri Nov 15 15:14:36 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Fri, 15 Nov 1996 15:14:36 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961115071542.2693G-100000@dhp.com>
Message-ID: <Pine.LNX.3.95.961115150539.8326C-100000@kinch.ark.com>


So, you send all of your snail mail on post cards do you? No
sealed envelopes at all? Afterall you have nothing to hide, right?

Of course not, privacy isn't about being a criminal, its about being
private. It is not akin to anonymity, *perhaps* those who work
anonymously have `something to hide' (still doesn't necessarily make
them a criminal, however), I'll let someone else field that as I feel
that anonymity is rarely a good thing. 

Privacy, on the other hand, simply means that not everything I do is any
of your business and I would just as soon you not be tempted to even
bother trying to find out. 

Of course, if all of your personal mail (including financial statements
etc) is sent on post cards, then (while I think you would be crazy) I
will at least admit you are consistent. Else, I think you need to look
hard at the logic you are using.

cheers


On Fri, 15 Nov 1996, aga wrote:

> On Thu, 14 Nov 1996, Sean Roach wrote:
> 
> > Date: Thu, 14 Nov 1996 19:46:08 -0500
> > From: Sean Roach <roach_s at alph.swosu.edu>
> > To: aga <aga at dhp.com>, cypherpunks at toad.com
> > Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> > 
> > >On Wed, 13 Nov 1996, Mark M. wrote:
> > 
> > >> Mark
> > >> - -- 
> > >> finger -l for PGP key
> > >> PGP encrypted mail prefered.
> > 
> > To which, at 08:42 AM 11/14/96 -0500, aga wrote:
> > 
> > >Why?  Are you a criminal?
> > >What are you hiding behind your PGP?
> > 
> > Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
> > is a criminal?  Charlie McCarthy might have said that.
> > 
> 
> It just "looks" that way on the net.  I do live-fucking, newsgroup
> flooding, mailbombing, vote-tampering and defamation all legally,
> and OPENLY on the InterNet.
> 
> The more you PGP, the worse you look.  Nobody reads your e-mail,
> so stop being so paranoid.
> 
> -aga
> 






From frantz at netcom.com  Fri Nov 15 15:14:37 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 15 Nov 1996 15:14:37 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <199611152314.PAA06897@netcom6.netcom.com>


At  3:10 PM 11/15/96 -0500, Adam Gulkis wrote:
>a locked startup disk is not a good idea, if it is even possible.

A system file and boot blocks you know can't be written to is a wonderful
aid to a comfortable sleep.  For a number of things, I would like to boot
off CDROM.  (E.g. the program which checks the cryptographic hash of all
the executables on my hard drive and delivers me a report.)


>Most applications setup scratch space on the startup volume.

It would be better if they set up scratch space on the writable volume with
the most available space.  VM/CMS provided a system call to to this in the
late 1960s/early 1970s.  "Modern" systems should provide a similar service.


>It would
>be a better idea to setup a partition for applications and lock it, if
>you feel that is necessary.  Norton DiskLock is a nice tool that
>provides a startup password protection as well as screensaver
>password.  It will request a password if the machine sleeps or to
>reboot after a crash.

Protection against strangers walking up to your machine and using it is
nice, and easy to do.  Protection against viruses which install Trojan
horses in your system would also be nice, but is very hard to do in systems
where programs run with all the privileges of their users.  Examples
include (in alpha order): DOS, MacOS, Unix, and Windows (including NT).


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From declan at eff.org  Fri Nov 15 15:28:48 1996
From: declan at eff.org (Declan McCullagh)
Date: Fri, 15 Nov 1996 15:28:48 -0800 (PST)
Subject: Reminder -- DCCP Meeting on Saturday, November 16
Message-ID: <Pine.SUN.3.91.961115152753.17166A-100000@eff.org>






---------- Forwarded message ----------

WHAT: DC Cypherpunks Meeting

WHEN: Saturday, November 16, 1996 @ 3 pm

WHERE: 1050 Connecticut Ave NW, Suite 850, Washington, DC
       (Between K and L streets)

WHO: From phone on eighth floor, call to be let in

WHY: A description of the crypto protocols used in the SET (Secure
     Electronic Transaction) standard
     
     A PGP key signing
     
HOW: Take the orange/blue line to Farragut West, walk two blocks north
     (past the park), 1050 Conn. Ave will be on left
     
     Take the red line to Farragut North, exit on L street at base
     of 1050 Conn. Ave
     
     From Baltimore, take BaltWashExpy south. It turns into New York
     Avenue, which turns into Massachusetts Avenue. Take Mass. Ave
     westbound to Dupont Circle. Then take Connecticut Avenue southbound.
     1050 Conn. Ave will be about four blocks away on your right.

MORE INFO: http://www.isse.gmu.edu/~pfarrell/dccp/








From mccoy at communities.com  Fri Nov 15 15:36:18 1996
From: mccoy at communities.com (Jim McCoy)
Date: Fri, 15 Nov 1996 15:36:18 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <Pine.3.89.9611151034.A15706-0100000@netcom14>
Message-ID: <v03007807aeb2ac971fb2@[205.162.51.35]>


I wrote:
>[...] There are also systems in which group or subset of a group is
>necessary to sign the message, the original work was by Yves Desmet in his
>paper "Social Cryptography" in Crypto 88 or 89 I think.

Correction:  That should have been "Society and Group Oriented
Cryptography: A new approach" by Yves Desmedt in Crypto '87  [It
was sitting next to my desk and I was too lazy to reach over and
check...sigh.]  This particular paper deals with groups recieving
messages and requiring a subset to decrypt, a later paper by Desmedt
(or maybe Desmedt and Yao) deals with the signature system I
described.

jim








From rcgraves at ix.netcom.com  Fri Nov 15 15:54:18 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Fri, 15 Nov 1996 15:54:18 -0800 (PST)
Subject: Validating SSNs
In-Reply-To: <v03007801aeb10f2b94a1@[207.167.93.63]>
Message-ID: <328D0286.4075@ix.netcom.com>


Timothy C. May wrote:
> 
> Indeed, I protected my privacy decades ago by discarding my issued SSN 
> and substituting a different one. This "phony SSN" is what I use on my 
> tax returns, my credit cards, and for my employers.
> 
> Ha! None of them know that this is not my True Social Security Number!
> 
> By this I protect my privacy.

Brilliant! Little do they know that when they analyze your spending 
patterns, your addresses, your employment, your education, and your 
kids, they're really investigating something that has NOTHING TO DO WITH 
YOU!

[Just in case there are people too thick to understand "subtlety."] 

-rich





From rcgraves at ix.netcom.com  Fri Nov 15 16:02:30 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Fri, 15 Nov 1996 16:02:30 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v02140b01aeb1a0ff57d2@[192.0.2.1]>
Message-ID: <328D0476.4C3B@ix.netcom.com>


Peter Hendrickson wrote:
> 
> I read awhile ago that certain members of Parliament do not speak
> their mind regarding the situation in Northern Ireland.  The reason
> they give is that they have children and they fear the IRA.
> 
> There are times when one wishes to speak anonymously, yet speak
> as a member of a group.
> 
> Is there a way to take published public keys and combine them with
> your own in such a way that your identity is not compromised, but
> it is clear beyond a doubt that you control one of a set of public
> keys?

One way to implement this would be to set up a remailer that only 
accepts input signed by a key on its ring.

Or just share a secret key. It would have to be timestamped, i.e., 
"104th Congress Key."

You either need to trust a shared server to know and then blind your 
identity, or trust the people with whom you share a secret key not to 
give that key to non-group members.

-rich





From rcgraves at ix.netcom.com  Fri Nov 15 16:07:24 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Fri, 15 Nov 1996 16:07:24 -0800 (PST)
Subject: THAT is what makes John Gilmore an ASSHOLE! [NOISE] [HOT TUBBING]
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328D0583.653@ix.netcom.com>


Mike McNally wrote:
> 
> aga wrote:
> >
> > No it ain't; not after the list gets so big.  Public newsgroups
> > lose all rights of censorship by the owners, and that is law.
> 
> Guffaw, guffaw.
> 
> (So what if John decided simply to pull the plug on toad in order to
> plug in a new hot tub?)

Cool. I've always wanted a hot tub.

-rich





From dactyl at mail.zynet.co.uk  Fri Nov 15 16:10:10 1996
From: dactyl at mail.zynet.co.uk (Terry Wright)
Date: Fri, 15 Nov 1996 16:10:10 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <1.5.4.32.19961116000659.00667988@mail.zynet.co.uk>


>It just "looks" that way on the net.  I do live-fucking, newsgroup
>flooding, mailbombing, vote-tampering and defamation all legally,
>and OPENLY on the InterNet.
>
>The more you PGP, the worse you look.  Nobody reads your e-mail,
>so stop being so paranoid.
>
>-aga
>
>
Who is this idiot?






From osborne at gateway.grumman.com  Fri Nov 15 16:34:43 1996
From: osborne at gateway.grumman.com (Rick Osborne)
Date: Fri, 15 Nov 1996 16:34:43 -0800 (PST)
Subject: Key Escrow
Message-ID: <3.0b36.32.19961115193400.0093c210@gateway.grumman.com>


For my Professional Ethics class I was charged to do an essay on something
topical and analyze it using the three main systems of ethics
(Utilitarianism, Kantian Rights, and Justice as fairness.)  I have pretty
much wrapped up the essay and was hoping I could get some feedback from you
guys (and gals, to be PC) about it.  It is supposed to stay under 5 pages,
and is intended for Joe non-crypto-user, so I wasn't allowed to ramble on
about crypto, but I would still like some feedback.

Anyone who is interested can obtain the document at:
http://www.spacey.net/oringer/rickoz/Ethics.htm
and the original Word 7.0 version at:
http://www.spacey.net/oringer/rickoz/Ethics.doc

Thanks,
Rick


Rick Osborne / C++ VB Pascal HTML VRML Java / osborne at gateway.grumman.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Women like a guy who looks trim, neat.  You got to be sharp.  I look
like I'm wearing a circus tent.  Any minute now a little tiny car, with
sixteen clowns in it is gonna come flying out my butt."






From reece at taz.nceye.net  Fri Nov 15 17:04:41 1996
From: reece at taz.nceye.net (Bryan Reece)
Date: Fri, 15 Nov 1996 17:04:41 -0800 (PST)
Subject: Remailer Abuse Solutions
In-Reply-To: <v02140b05aeb13a70acf4@[192.0.2.1]>
Message-ID: <19961116010422.15952.qmail@taz.nceye.net>


   Content-Type: text/plain; charset="us-ascii"
   Date: Thu, 14 Nov 1996 14:40:29 -0800
   From: ph at netcom.com (Peter Hendrickson)



   E-cash, the product licensed by Digicash, offers full payee anonymity and
   would be an ideal candidate.


  ECASH AND PRIVACY

One of the unique features of ecash is payer anonymity. When paying
with ecash the identity of the payer is not revealed
automatically. This way the payer stays in control of information
about himself. During a payment a payer can of course identify
himself, but only when he chooses so.

Ecash offers one-sided anonymity; when clearing a transaction the
payee is identified by the bank.

    (according to http://www.digicash.com/ecash/about.html)



But what about Okamoto and Ohta's digital cash scheme published in
Crypto '91?  It appears to be fully untraceable and transferable.  Of
course, I haven't heard of anyone trying to use this scheme (has it
been broken?)






From hal at rain.org  Fri Nov 15 17:23:31 1996
From: hal at rain.org (Hal Finney)
Date: Fri, 15 Nov 1996 17:23:31 -0800 (PST)
Subject: National Emergency
Message-ID: <199611160123.RAA00315@crypt.hfinney.com>


Michael Froomkin posted to the cyberia list a pointer to the Clinton
administration's new export policy.  He has a copy on his web site at:
<URL: http://www.law.miami.edu/~froomkin/nov96-regs.htm >.  The thing
I found interesting is that it refers to the fact that we are currently
living under a state of national emergency!  I searched on the whitehouse
web site and couldn't find the executive order referred to (maybe it was
classified) but did find this one:

	For Immediate Release                             June 30, 1994 


			  Executive Order 
			      #12923 
			   - - - - - - - 

	     Continuation Of Export Control Regulations 


	  By the authority vested in me as President by the  
	Constitution and the laws of the United States of America,  
	including but not limited to section 203 of the International  
	Emergency Economic Powers Act ("Act") (50 U.S.C. 1702), I, William  
	J. Clinton, President of the United States of America, findthat  
	the unrestricted access of foreign parties to U.S. goods,  
	technology, and technical data and the existence of certain  
	boycott practices of foreign nations, in light of the expiration  
	of the Export Administration Act of 1979, as amended (50 U.S.C.  
	App. 2401 et seq.), constitute an unusual and extraordinarythreat  
	to the national security, foreign policy, and economy of the  
	United States and hereby declare a national emergency with respect  
	to that threat. 

Apparently this state of emergency is still in effect.  This is what
gives the President the power to unilaterally make changes in the export
policy.  It would be nice if our congresspeople would take some
responsibility in this matter.

Hal





From Bryondp at aol.com  Fri Nov 15 17:38:57 1996
From: Bryondp at aol.com (Bryondp at aol.com)
Date: Fri, 15 Nov 1996 17:38:57 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <961115203806_1150025335@emout03.mail.aol.com>


take me off this fucking list





From junger at pdj2-ra.F-REMOTE.CWRU.Edu  Fri Nov 15 17:54:47 1996
From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Date: Fri, 15 Nov 1996 17:54:47 -0800 (PST)
Subject: Executive order on crypto
Message-ID: <199611160154.UAA23706@pdj2-ra.F-REMOTE.CWRU.Edu>



Ok, stop squabbling.  Here is something important.

The President has issued a couple of Executive Orders today that
transfer crypto to Commerce (eventually) and that make things worse,
not better, as far as I can tell at a quick reading.

An important portion of the Executive Orders is a rehash of arguments
that the government has made unsuccessfully in the Bernstein case and
has also made in my case.

I found out about the order from a posting by Michael Froomkin on
Cyberia-L.  The URL of the Executive Order, for today at least, is:

  http://library.whitehouse.gov/PressReleases.cgi?date=0&briefing=4

Michael Froomkin has also put up a mirror at:

  http://www.law.miami.edu/~froomkin/nov96-regs.htm

I will have a copy up on my web server (http://samsara.law.cwru.edu)
before the evening is over.

It seems (again just at a quick reading) that the government is now
limiting, or pretending to limit, its regulations on the ``export''
of cryptographic software to communications over the internet or on
bulletin boards.  As I read the Executive Orders they require that the
final regulations shall contain the same sort of restrictions on
crypto information that the Computer Decency Act applies to
indecency--if the CDA cases are upheld by the Supreme Court, I think
that these provisions will be struck down on the authority of that
decision.

The Executive Orders are not yet in effect.  That awaits the
proclamation of final regulations, which may be hard to draft--or may
be issued on Monday for all I know.

And argument in Junger v. Christopher is scheduled for Wednesday.

Law is fun!

Peter
--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger at pdj2-ra.f-remote.cwru.edu    junger at samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu





From tcmay at got.net  Fri Nov 15 18:07:32 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 15 Nov 1996 18:07:32 -0800 (PST)
Subject: ideal secure personal computer system
In-Reply-To: <l03010605aeab7149a687@[152.3.87.2]>
Message-ID: <v03007806aeb2d2482a72@[207.167.93.63]>


At 3:10 PM -0500 11/15/96, Adam Gulkis wrote:
>a locked startup disk is not a good idea, if it is even possible.
>Most applications setup scratch space on the startup volume.  It would
>be a better idea to setup a partition for applications and lock it, if
>you feel that is necessary.  Norton DiskLock is a nice tool that
>provides a startup password protection as well as screensaver
>password.  It will request a password if the machine sleeps or to
>reboot after a crash.

Since others have mentioned Macs in this thread, and since I have a Mac, I
should point out that booting from a locked startup disk is possible, even
common. Namely, a CD-ROM.

What an OS would _like_ to write is not the same thing as what it _must_ write.

Also, for Unix systems there are similar approaches. Hugh Daniel has been
working on a "read-only" startup disk for Unix.

I don't know anything about DOS or Windows, except that every Intel chip
sale helps me financially.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From abd at cdt.org  Fri Nov 15 18:09:37 1996
From: abd at cdt.org (Alan Davidson)
Date: Fri, 15 Nov 1996 18:09:37 -0800 (PST)
Subject: Mirror of new export control regulations
In-Reply-To: <Pine.SUN.3.95.961115172400.27778G-100000@viper.law.miami.edu>
Message-ID: <v03007813aeb2cf590667@[204.157.127.123]>



>http://www.law.miami.edu/~froomkin/nov96-regs.htm


It gets even more interesting.  In addition to signing today's Executive
Order on encryption, the President also designated Ambassador David L.
Aaron as the new "Special Envoy for Cryptography."  (Really, I'm not making
this up.)

According to the White House, this Special Envoy will have "responsibility
to promote the growth of electronic commerce and robust, secure global
communications in a manner that protects the public safety and national
security. . . . Ambassador Aaron will promote international cooperation,
coordinate U.S. contacts with foreign governments on encryption matters and
provide a focal point for identifying and resolving bilateral and
multilateral encryption issues."

CDT's Web site also has the text of the President's Executive Order,
Presidential Memorandum on Encryption Export Policy, and letter to
Congress, at

	http://www.cdt.org/crypto/clipper311

The White House Crypto Envoy press release should be posted there shortly.

What happens next?  According to the Administration, we can expect two new
Rules -- one from the State Department, transferring its jurisdiction to
Commerce; and one from the Commerce Department, spelling out exactly how it
will approve products for export, what the requirements for approved key
recovery centers and key recovery plans will look like, etc.  That last
rule is where the rubber really hits the road.  We'll finally have a chance
to talk concretely about whether the Administration's key recovery/export
control policy meets the privacy needs of computer users.  Hopefully there
will be a comment period for concerned parties to make their views known...


Alan Davidson, Staff Counsel                 202.637.9800 (v)
Center for Democracy and Technology          202.637.0968 (f)
1634 Eye St. NW, Suite 1100                  <abd at cdt.org>
Washington, DC 20006                         PGP key via finger









From jya at pipeline.com  Fri Nov 15 18:52:03 1996
From: jya at pipeline.com (John Young)
Date: Fri, 15 Nov 1996 18:52:03 -0800 (PST)
Subject: National Emergency
Message-ID: <1.5.4.32.19961116025012.00719c0c@pop.pipeline.com>


Hal Finney wrote:

>I found interesting is that it refers to the fact that we are currently
>living under a state of national emergency!  [Snip]

The same emergency was invoked for the same purpose in December,
1995, with citation of the elusive EO 12924 identical to the latest EO.

     See: http://jya.com/exporeg1.htm







From tcmay at got.net  Fri Nov 15 18:57:25 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 15 Nov 1996 18:57:25 -0800 (PST)
Subject: National Emergency
In-Reply-To: <199611160123.RAA00315@crypt.hfinney.com>
Message-ID: <v03007800aeb2dc721dbf@[207.167.93.63]>


At 5:23 PM -0800 11/15/96, Hal Finney wrote:
>Michael Froomkin posted to the cyberia list a pointer to the Clinton
>administration's new export policy.  He has a copy on his web site at:
><URL: http://www.law.miami.edu/~froomkin/nov96-regs.htm >.  The thing
>I found interesting is that it refers to the fact that we are currently
>living under a state of national emergency!  I searched on the whitehouse
>web site and couldn't find the executive order referred to (maybe it was
>classified) but did find this one:

Use the source, young Hal! While the White House Web site may not have it
online, Alta Vista turns up 113 hits (though not all valid) to it.

Basically, this was one of the alphabet soup of Emergency Orders, National
Security Decision Directives, and Executive Decisions passed or enacted
(sometimes in secrecy) during the last 30 years of the Continuing Emergency.

(Nixon's wage-price freezes, the oil embargo actions, the strategic
reserves, the anti-inflation measures, various Carter emergencies, and
various Reagan emergency orders, including NSDD-145, which directly affects
control of communicaitons, cryptography, etc.)

FEMA, the Federal Emergency Preparedness Agency, took over several of these
emergency orders (the running of them) in the late 70s.

Standard stuff for we conspiracy buffs. One doesn't need to invoke
historical groups like the Illuminati to see that the levers of power are
pulled by strange folks.

One of the things that most people don't appreciate is that these emergency
orders are essentially never repealed. (Not too surprising--if I was in
government, I wouldn't voluntarily give back any additional powers, either.
And the only consituency for rolling them back is the membership of the
evil militias, so nothing happens.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jer+ at andrew.cmu.edu  Fri Nov 15 19:23:57 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Fri, 15 Nov 1996 19:23:57 -0800 (PST)
Subject: ideal secure personal computer system
In-Reply-To: <l03010605aeab7149a687@[152.3.87.2]>
Message-ID: <0mXHB5200YUe0teHk0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Adam Gulkis <lordvidarr+ at CMU.EDU> writes:
> a locked startup disk is not a good idea, if it is even possible.
> Most applications setup scratch space on the startup volume. 

It is possible, although it does break things, for example ResEdit and
AppleTalk. Then again, locking a disk doesn't gain you much security.

> It would
> be a better idea to setup a partition for applications and lock it, if
> you feel that is necessary.  Norton DiskLock is a nice tool that
> provides a startup password protection as well as screensaver
> password.  It will request a password if the machine sleeps or to
> reboot after a crash.

A good locking screen saver is essential, however, a driver level
password checker (which is what I assume Norton is) is not that
helpful. 
"Look ma! I stole Adam Gulkis's hard disk, now the secrets of the
 screaming viking lie open before me!" 
"That's nice dear, why don't you pop it in the machine and show your
 father?" 
"Okay <rummages with screwdrivers> Awww, Jeez, he used Norton
 DiskLock, I can't mount the drive."
"Here's a Silverlining disk, just 'update' the driver."
"Aw, thanks mom!"

You really do need to encrypt the drive, otherwise methods such as
replacing the drivers or reading the disk with a microscope will
extract the data quite easily.

A friend of mine just got back from a kerberos conferance at MIT, at
dinner one night they were talking about fun-n-easy ways to extract
data from a machine. One of them mentioned that after a while, a "on"
bit in RAM tends to leak out onto the surrounding sillicon, providing
a record of your memory. I'd imagine that your PGP passphrase sitting
in one location in memory for a few days would burn itself in pretty
good. The solution to this problem is to invert your RAM every once in
a while, so each bit is on and off for about the same amount of time.
I wonder if it'd be possible to build a device that goes between your
motherboard and your SIMMs that would invert and decode your RAM. I
could see wierd timing issues popping up, but I don't know enought
about OSes and computer architecture to know.

Of course, no computer is "secure" without a thermite charge above the
hard drive, and a tamper-resistant case.
"Well, Billy, the Sevret Service is here, they want to take away your
 computer (and telephone, and cassette tapes ,and etc.)"
"Okay, mom. It's right over here, Mr. Scarry Secret Service dude."
<lift> "Ffffffts"
"Hey, Billy, what's that smoke coming out of your computer?" 

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo0zPskz/YzIV3P5AQELwwMAgvAXIyzTpr6L4Niuy8G+dxzdRxNMBXB2
T8GvoXSLnD5DId/pefMHuKBg2qbKwUyEiQJH9wlUaY2Iq6XO4/nU5lMxyFUkkMbN
8Uah5HDxJ3r/UxWRXGFYXbaKlxuSkw0F
=edZH
-----END PGP SIGNATURE-----





From jimbell at pacifier.com  Fri Nov 15 19:35:24 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 15 Nov 1996 19:35:24 -0800 (PST)
Subject: A Disservice to Mr. Bell
Message-ID: <199611160335.TAA10530@mail.pacifier.com>


At 01:43 AM 11/15/96 -0500, hallam at vesuvius.ai.mit.edu wrote:
>
>Jim appears to be arguing that the "common law" courts heis refering
>to had judges appointed by the King. If so the right to appoint
>judges to those posts passed to the US government under the treaty
>of Paris. 

WRONG!   One of the main principles of the US Constitution is that the 
government has no "rights," per se:  It merely has specific authority 
granted to it by the people and the states of America.  A treaty with a 
defeated monarch did not and could not grant authority to the Federal 
governemnt that it did not already have.

Also, you've screwed up on the timeline:  The Treaty of Paris was signed in 
1783, and the US Constitution was finalized in 1787, four years later.  
Quite simply, the Federal government of the US didn't exist when the Treaty 
was made. No "rights" could be transferred to a non-existent branch of 
government.

I suppose you'll now claim that the "rights" were transferred to the states, 
right?  Well, the states did not have their own Constitutions, either.    
And unless those Constitutions mentioned commonlaw courts, it's pretty 
obvious that the public did not anticipate including those powers in those 
state governments.  It is obvious that King George relinquished that power; 
what you'll be unable to show is that this power flowed to any entity other 
than the people of America, every one of them.


>The Common Law in the UK was the kings law since the Norman conquest.
>It is as any schoolboy knows judge made law. The doctrine of precedent
>has become more and more prominent since the renaisance though, effectively
>preventing judicial lawmaking except in areas where no law is believed
>to exist.
>
>As a system of government I don't think very much of the idea of a 
>bunch of klansmen getting together to decide who they dislike. Sounds
>much more like a lynch mob than a system of government to me. 

For every "bunch of klansmen" getting together, you'll have a few hundred 
bunches of far more reasonable people.  


Jim Bell
jimbell at pacifier.com





From snow at smoke.suba.com  Fri Nov 15 19:57:57 1996
From: snow at smoke.suba.com (snow)
Date: Fri, 15 Nov 1996 19:57:57 -0800 (PST)
Subject: Remailer Pricing
In-Reply-To: <v02140b07aeb1587ebcaf@[192.0.2.1]>
Message-ID: <199611160401.WAA00377@smoke.suba.com>


> At 6:02 PM 11/14/1996, Mullen Patrick wrote:
> And, the long delays in sending messages through the remailers make it
> hard for people to get up and running because it takes hours to determine
> whether it worked, if it worked at all.
> A good pricing strategy for remailers would be to charge, say, $1 for
> instant delivery, $.50 for 30 minute delivery, etc.  To generate
> interest, 4 hour delays could be imposed for free remailing, if the
> resources are available.

     There is a good reason for the delays. 

     As far as I understand it, it deals with traffic analysis.

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From tcmay at got.net  Fri Nov 15 20:15:08 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 15 Nov 1996 20:15:08 -0800 (PST)
Subject: Mirror of new export control regulations
In-Reply-To: <Pine.SUN.3.95.961115172400.27778G-100000@viper.law.miami.edu>
Message-ID: <v03007801aeb2f057ca8e@[207.167.93.63]>


At 9:10 PM -0500 11/15/96, Alan Davidson wrote:
>>http://www.law.miami.edu/~froomkin/nov96-regs.htm
>
>
>It gets even more interesting.  In addition to signing today's Executive
>Order on encryption, the President also designated Ambassador David L.
>Aaron as the new "Special Envoy for Cryptography."  (Really, I'm not making
>this up.)

Could this be the same David Aaron who writes thriller novels about nuclear
terrorism?


(I don't know that it is, by the way, nor am I making a joke. A David
Aaron, with also diplomatic ties, wrote at least one fine thriller some
years back. If he's the crypto czar, he can probably spin an appropriately
scary story to tell the recalcitrant Third Worlders he'll be dealing
with...countries like France, Britain, etc.)

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From adam at homeport.org  Fri Nov 15 20:18:30 1996
From: adam at homeport.org (Adam Shostack)
Date: Fri, 15 Nov 1996 20:18:30 -0800 (PST)
Subject: A question about PGP Pass phrases.
In-Reply-To: <199611130715.BAA00511@smoke.suba.com>
Message-ID: <199611160415.XAA01631@homeport.org>


Tim May & I had a conversation about this in which Tim posted the
great analogy of searching galaxies in the possible passphrase space.
The thread covered the question pretty well.

Adam

(Tim, do you have a copy of your post?  I can't think of the right
search terms for Altavista)

snow wrote:
|      A very basic question then:
| 
|      What _would_ be a passphrase of sufficient length and entropy? 
| 
|      I would assume that the phrase "Off we go, into the while blue yonder"
| would not be sufficient, but what about "0ff they went, in'ta the black viod"?
| 
|      I would guess that either would be difficult to out right guess, but the 
| second would be considerably less likely. Not as unlikely as 
| "KIB&^%(*h89hgv&*hjV6*ibHF&90n", but a hell of a lot easier to remember.
| 
|     It has been several months since I read the PGP users guide, and I don't 
| remember any discussion of that in it, but I could be wrong. 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From tcmay at got.net  Fri Nov 15 20:24:57 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 15 Nov 1996 20:24:57 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611150046.QAA20765@toad.com>
Message-ID: <v03007802aeb2f3046b97@[207.167.93.63]>


At 4:46 PM -0800 11/14/96, Sean Roach wrote:
>>On Wed, 13 Nov 1996, Mark M. wrote:

>To which, at 08:42 AM 11/14/96 -0500, aga wrote:
>
>>Why?  Are you a criminal?
>>What are you hiding behind your PGP?
>
>Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
>is a criminal?  Charlie McCarthy might have said that.

You mean in his book "Crypto by Dummies"?

Or were you perhaps thinking of Joe?

(Gene is unlikely; Clean Gene didn't have much to say about secrecy.)

And Lewis has not been seen on our list in many a month.

--Tim Not-a-McCarthy



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From silly at ugcs.caltech.edu  Fri Nov 15 20:26:36 1996
From: silly at ugcs.caltech.edu (me)
Date: Fri, 15 Nov 1996 20:26:36 -0800 (PST)
Subject: National Emergency
In-Reply-To: <cypherpunks.v03007800aeb2dc721dbf@[207.167.93.63]>
Message-ID: <56jfp1$l8r@gap.cco.caltech.edu>


"Timothy C. May" <tcmay at got.net> writes:

>Use the source, young Hal! While the White House Web site may not have it
>online, Alta Vista turns up 113 hits (though not all valid) to it.

>Basically, this was one of the alphabet soup of Emergency Orders, National
>Security Decision Directives, and Executive Decisions passed or enacted
>(sometimes in secrecy) during the last 30 years of the Continuing Emergency.
I've spent a great deal of time looking for an archive of these sorts of 
actions, especially executive orders, but in general *all* the crap that
spews from the White House.  Is there one?  Most of my searches led to
dead links.  

I know that the WhiteHouse.gov site has Clinton's EO's (searchable, or,
with a little finagling, a list of them), but I want *all* of them.

I'd love to see a site which has all these things.

(me)





From adam at homeport.org  Fri Nov 15 20:34:10 1996
From: adam at homeport.org (Adam Shostack)
Date: Fri, 15 Nov 1996 20:34:10 -0800 (PST)
Subject: [POLITICS] Re: Members of Parliament Problem
In-Reply-To: <v02140b01aeb231abd199@[192.0.2.1]>
Message-ID: <199611160431.XAA01797@homeport.org>


Peter Hendrickson wrote:
| At 9:32 AM 11/15/1996, Adam Shostack wrote:
| >         Most of the usual arguments about disallowing anonymity
| > actually apply to a Parliment.  There is a responsibility involved in
| > the execution of power.
| 
| >         This is not to condone attacking children, or killing ones
| > political opponents.  For an MP to imply that something he wants to
| > say will likely get him/his kids killed probably means that he wants
| > to use the power of the state in some way likely to quite upset at
| > least a few people.  If this is the case, then allowing him to
| > anonymously, and without responsibility, direct the power of the state
| > is congruent to tyranny.
| 
| Please allow me to respectfully disagree.

	No! :)

| Let's consider another issue: recreational drugs.  We can be pretty
| sure that a sizeable number of Congressmen use marijuana and see
| no reason for it to be illegal.  Yet, to speak about it would be
| understood to be political suicide with possible legal repercussions.
| Were Congressmen able to speak anonymously, such an issue could be
| discussed.  It is more likely that good policy results from discussion.

	So, if 'anonymous Senator' came out for legalization, it would
be declared that it was Kennedy, source of all Liberal Evil.  Good
policy comes from leaders standing up and leading.  Since they don't,
I'm a crypto-anarchist.  To try and help the Congress become more
effective is not in anyones interest, except that class of person who 
makes their living off the workings of government.

	There are lots of variations on the argument that politics is
from the greek poly, meaning many, and ticks, a small bloodsucking
animal.  My interest in creating new, consensual realities is that I
don't want to be forced to care about the congress.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From hal at rain.org  Fri Nov 15 20:34:34 1996
From: hal at rain.org (Hal Finney)
Date: Fri, 15 Nov 1996 20:34:34 -0800 (PST)
Subject: Playing Cards
Message-ID: <199611160304.TAA00446@crypt.hfinney.com>


From: ph at netcom.com (Peter Hendrickson)
> A well shuffled deck of 54 cards has about 237 bits of entropy.  This
> is easy to use: the program asks the order of the cards, converts this
> to a string, and runs it through a one-way hash.  (Entering the cards
> is a bit of a nuisance.  Is there an easy way to have them read
> automatically?)

I heard that Bruce Schneier has devised a cryptosystem based on a card
deck for a future book by Neal Stephenson.  It is supposed to be simple
enough for a person to use manually, but complicated enough that it can't
be broken by computer.  Your idea of using cards as a one time pad is
somewhat similar, maybe, although I think Bruce's was designed to be
useful for long messages, providing computational rather than unconditional
security.

> How the Lisp Code Works
> -----------------------
>
> Let's use as an example a deck of five cards numbered from 0 to 4.
> There are 5! = 120 combinations of these cards.  We can think
> of each card as a "digit" in a slightly odd numbering system.

This is very interesting; I've never seen this algorithm before.  It
is a nice way to turn a number into a permutation, and vice versa.

> For an exercise, what is the value of (4 2 1 3 0)? (Answer at end.)

This would be 4*4! + 2*3! + 1*2! + 1(was 3)*1! + 0*0!, or as you say:

> ;; (Exercise Answer: (4 2 1 3 0) = 111)

Hal





From omega at bigeasy.com  Fri Nov 15 20:41:31 1996
From: omega at bigeasy.com (Omegaman)
Date: Fri, 15 Nov 1996 20:41:31 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.GSO.3.95.961113061359.725B-100000@well.com>
Message-ID: <Pine.LNX.3.95.961115233704.106A-100000@jolietjake.com>


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Yes, I understand this. It's quite obvious; being removed from the
> subscriber list hasn't slowed Vulis at all. When I was writing the piece
> Vulis seemed to have slowed his ad hominem attacks and instead was talking
> about censorship (something that is within the charter of the list), but
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
		    
Actually, Declan, it's not.  "info cypherpunks" in the body of a message to
majordomo at toad.com yields the welcome message to the list -- the closest
thing to a charter available.  The subjects of censorship and free speech
are neither mentioned nor alluded to anywhere within that document.

The subjects of censorship & free speech do bear some relationship to the
list's expressed subject and are certainly near and dear to most cypherpunk
hearts.  The government cannot prevent us from discussing the implications 
of privacy enabled by strong crypto.  

Free speech & censorship may even be interesting, entertaining, & important
topics -- hence their consistent recurrance in discussions.  But the above 
assertion is factually wrong.



_______________________________________________________________
 Omegaman <mailto:omega at bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________







From dthorn at gte.net  Fri Nov 15 21:00:02 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 15 Nov 1996 21:00:02 -0800 (PST)
Subject: The Conspiracy To Erect An Electronic Iron Curtain
In-Reply-To: <19961114.205947.7711.21.kb4vwa@juno.com>
Message-ID: <328D1F5C.1ABF@gte.net>


Edward R. Figueroa wrote:
> An Essay by L. R. Beam
> The internet, perhaps the last truly free means of information exchange
> in the Western World, may soon be choked by censorship and governmental
> controls. The circumscribing of the net may cause the death of what has
> become the first people-to-people exchange of ideas and information on a
> world wide basis. The forces behind this effort appear at first glance to
> be an unlikely coalition of conspirators, the CIA, some Jewish Religious
> groups, and various foreign governments. While this unholy alliance for
> censorship and control may seem unusual to some, politics makes the bed
> for these strange fellows. Indisputably, an international cabal of
> special interest groups both within and out of governments are working
> both openly and secretly to end the unregulated direct exchange of
> information between people. At stake is nothing less then the regaining
> of information control which the internet has shattered. Up for grabs is
> nothing more than the thinking and decision making abilities of informed men.

[snip, snip]

> In closing the author would like to make two additional things clear.
> First, there are Jews who oppose censorship although to this point their
> voice is but a whisper compared to the intolerance of the Anti-Defamation
> League and Rabbi Cooper. Second, that writing about Jewish religious
> leaders and government spymasters operating in a collusive effort to
> erect an electron iron curtain to restrict freedom of speech and
> information does not make one anti-Semitic or anti-government. The truth
> is anti-Semitic. The government is erecting a police state. The author
> opposes both oppressive religious groups and repressive government. If
> speaking the truth and opposing tyranny makes one anti-Semitic and
> anti-government, then I am both...

I wish there were a way to inform people that the ADL is not a "Jewish"
group just because they so claim.  Informed persons have pointed to the
not-so-coincidental founding of this organization at approximately the
same time as the Federal Reserve and the Income Tax, and just a few years
after the founding of the FBI by Napoleon's grandson.

Word is that while the World Jewish Congress declared war on Hitler in
1933, the ADL actually *suppressed* Jewish dissent in the U.S., at least
until 1937-38, because it was "good for business". I wouldn't call these
ADL people "Jewish", I'd call them pals of Prescott Bush and Averell
Harriman, to name a couple of supreme scumbags.  The same people and
ideology who propped up Hitler are foaming at the mouth now over their
good fortunes in China and other parts of SE Asia.

As far as whether a person's ethnicity makes a difference in their govt.
positions, a la the DCI, it's my feeling that certain ties and loyalties
are exploited by the scum at the top for their own gain (and they don't
give a damn about religion, at least in any normal sense), and to see a
possible analogy for this, look at Stone's JFK movie, where the CIA et al
were using gay men that they could blackmail at the time, for jobs where
they didn't want people to talk.

BTW, 1913 (nice number, huh?) was the year for the 3 things listed above.
Those things were enacted in the Taft administration, Taft being the
grandson of the founder of Skull and Bones, the control group for the
Bush and Harriman clan.  Wot a coincidence, eh?







From dthorn at gte.net  Fri Nov 15 21:00:14 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 15 Nov 1996 21:00:14 -0800 (PST)
Subject: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <328D2595.89B@gte.net>


Rich Graves wrote:
> Robert Hettinga wrote:
> > At 8:02 pm -0500 11/11/96, Rich Graves wrote:

[snippo]

> No. It requires both. And sometimes, technical skill. How many people
> here know enough to evaluate the data concerning, to take a notorious
> example, the Kennedy assassination? I accept the historical consensus,
> but I know there are a lot of otherwise rational people on cypherpunks
> who are convinced that there was some sort of coverup (which sort, they
> often don't know or care; but they're conviced there was one). Oliver
> Stone got some ridiculous movie made based on this non-thesis (actually
> two, counting Nixon). People growing up today are learning pseudohistory
> and pseudoscience from Oliver Stone, "The X Files," "Dark Skies," and
> "Millenium." I find that scary. The net is better than TV, because it
> allows more responses, but I'm not sure how much better.

You accept the historical consensus?  And which historical consensus is
that?  The non-consensus investigated by the prime suspect (Johnson)?
Or the consensus investigated by the people's representatives, i.e. the
House of Representatives?

Maybe you didn't know that the #2 man should be considered the primary
suspect, huh?  And a coverup, by golly!  Imagine that the U.S. government
would do such a thing?  Couldn't be, could it?

They were just hiding the Zapruder film for 12 years in our best interest,
right?  No need to show the people Kennedy's upper torso (about 100 pounds
of weight) being blown violently *backward* as a result of a frontal shot,
since "Oswald" couldn't have been in front.  Nosiree!

Next thing you're gonna say is that "Oswald" shot Tippit with his *revolver*
and then stopped to unload the spent shells by the body, yes?

And Jack Ruby was just an irate citizen who felt sorry for Jackie, huh?

I prefer not to judge people by just one posting, but like Noam Chomsky,
with his "I can't see *anyone* who would have wanted Kennedy dead"
bullshit, I just can't buy the notion that whoever wrote the above crap
about the "historical consensus" doesn't really know what's going on.

A disinformer posing as an idiot.  Go figure.







From dthorn at gte.net  Fri Nov 15 21:00:26 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 15 Nov 1996 21:00:26 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611150619.AAA01605@smoke.suba.com>
Message-ID: <328D2BB7.71DC@gte.net>


snow wrote:
> > [This is a rebuttal to a misguided news article.]
> > > Cypher-Censored
> > > By Declan McCullagh (declan at well.com)

[snip, snip]

> > Notice how, once the opposition is admitted to, the rationalization
> > begins. Suddenly this is not a matter of censorship, but of ownership.
> > Just as suddenly, the classic anti-free-speech arguments of "if you
> > don't like it, start yer own" begin to surface. (Anyone ever notice
> > how this resembles the "love it or leave it" mentality of certain
> > American patriotic organizations?)

> It still isn't censorship. Censorship, at least in my dictionary,
> refers to censor, which uses the word "Official" several times. Mr.
> Gilmore is not an "Official" in a government sense, he maybe in the EFF
> sense, but this is not an "Official" EFF organ, so that doesn't count.

We *are* talking about the cypherpunks list, yes?  Then, in terms of the
list, John Gilmore *is* the official, hence a censor, plying his skills.

Why all the denial and repeated (redundant) blathering about John's
*right* to something he allegedly owns?  Simple.  The folks who put this
stuff out want desperately to believe that this list they spend so much
time on is "really OK", and not a censored medium.  Denial is the key.






From nobody at cypherpunks.ca  Fri Nov 15 21:05:07 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Fri, 15 Nov 1996 21:05:07 -0800 (PST)
Subject: IDEA patent
Message-ID: <199611160458.UAA17262@abraham.cs.berkeley.edu>



IDEA is a good algorithm much faster than 3DES and
probably stronger but its not very popular outside
of PGP because it is patented.

I remember someone posting here or in another
crypto list about a modified keyschedual to allow
keys of weird size.

My question is could this modification or
something more proven like PRNG-generated subkeys
be used to avoid the IDEA patent? Everyone says it
only takes a small change to avoid a patent. The
problem is a small change can break an algorithm.
Some algorithms like Blowfish generate subkeys
from a PRNG so it might be a safe change for IDEA.

I'm posting this anonymously because I dont know
what peoples feelings are on patent avoidance.







From alan at ctrl-alt-del.com  Fri Nov 15 21:20:00 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Fri, 15 Nov 1996 21:20:00 -0800 (PST)
Subject: New Cryptography Regulations
Message-ID: <3.0b36.32.19961115211217.00dced24@mail.teleport.com>


At 06:05 PM 11/15/96 -0500, hallam at vesuvius.ai.mit.edu wrote:

>The main change is that from now on the decisions are to be made 
>by the department of commerce and not by the department of state.
>
>This is probably good news since the commerce department has the
>interests of industry as its primary mission.

I am expecting them to use the Interstate commerce clause in the
Constitution to enable them to enact whatever rules they want without that
pesky "freedom of speech" thing getting in the way.  I am sure that any
commerce secretary that dare to loosen the export restrictions would
quickly find him/herself out of a job.

Clinton and Gore have both shown that they get arroused at the thought of
being able to read everyone else's e-mail and listen to their phone calls.
I don't expect them to do anything that would thwart that fetish. (Power is
the ultamite turn-on.  When you can pry into the details of every part of a
person's life, you have a great deal of power.  Clinton/Gore/etc have shown
no resistance to that seduction.)

I expect that this will add more bodies to the LaBrea ITAR pits, not take
any away.

>There is a third document I believe but its not yet been issued.

Waiting for the third shoe to drop?

---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From dthorn at gte.net  Fri Nov 15 21:24:50 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 15 Nov 1996 21:24:50 -0800 (PST)
Subject: One Big Telecoms Company
In-Reply-To: <3.0b36.32.19961115075321.006e0500@panix.com>
Message-ID: <328D4FD1.6B0D@gte.net>


Duncan Frissell wrote:
> At 07:02 PM 11/14/96 -0800, Dave Del Torto wrote:
> >Um, a _better_ one, now that government monopolies are largely out of the
> >way, leaving significant infrastructure for them to use? There's this one
> >little company called MCI, see, and there's this _other_ little company
> >called BT, and...

> There are now 150 Long Distance telephone companies in the US vs 1 when I
> was a kid.
> There are now 5 or 6 broadcast and 150 cable TV networks in the US vs 3
> when I was a kid.
> There will soon be 5 cellular and PCS companies in NYC vs 0 when I was a kid.
> There are now 6000 ISPs vs 0 when I was a kid.

Progress?  Most major cities (when I was a kid) had *several* competing
newspapers, some of which would *not* be afraid to print news about
(for example) a meeting of some of the world's top movers and shakers
outside of Toronto a few months ago.

Not today!  (BTW, even La Opinion in L.A. is run by a CFR member, as is
/was the AFL-CIO).

There wasn't any television when I was a kid, and frankly, there hasn't
been a significant improvement on that.

When I was a kid, you could expect to find phones anywhere that you could
use to call long distance with.  Today, the phone you find will probably
make it very difficult to get through to a reliable (price *and* service-
wise) provider, and when you do, you can get cut off after 3 minutes like
the outside phones do in Burbank on Victory Blvd., outside the McDonald's.
And of course, you could have someone call you back on those phones way
back when, which is getting rarer by the minute today.

The Internet *does* offer some freedom that we the people haven't enjoyed
much of in the past, but let's give it some time.  As I'm sure you know,
there's been a massive media consolidation in the U.S. in the past decade
or so, and it's continuing unabated.

Consider the above comments (by Duncan?) to be wishful thinking.






From dthorn at gte.net  Fri Nov 15 21:33:27 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 15 Nov 1996 21:33:27 -0800 (PST)
Subject: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328D51CC.3853@gte.net>


Mike McNally wrote:
> aga wrote:
> > No it ain't; not after the list gets so big.  Public newsgroups
> > lose all rights of censorship by the owners, and that is law.

> Guffaw, guffaw.
> (So what if John decided simply to pull the plug on toad in order to
> plug in a new hot tub?)

Well, what if he did?  Are you sure that would make aga look like a fool,
or would it make you look like a fool, since it would tend to confirm
what people like aga have been saying?






From azur at netcom.com  Fri Nov 15 21:49:30 1996
From: azur at netcom.com (Steve Schear)
Date: Fri, 15 Nov 1996 21:49:30 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <v02140b01aeb3002591ab@[10.0.2.15]>


>A friend of mine just got back from a kerberos conferance at MIT, at
>dinner one night they were talking about fun-n-easy ways to extract
>data from a machine. One of them mentioned that after a while, a "on"
>Of course, no computer is "secure" without a thermite charge above the
>hard drive, and a tamper-resistant case.
>"Well, Billy, the Sevret Service is here, they want to take away your
> computer (and telephone, and cassette tapes ,and etc.)"
>"Okay, mom. It's right over here, Mr. Scarry Secret Service dude."
><lift> "Ffffffts"
>"Hey, Billy, what's that smoke coming out of your computer?"
>

I discussed this seriously with an engineering acquaintence who has done
drive design for a number of major companies.  He thought this could be
easily achieved technically but might present some significant hurdles for
getting UL approval :-)  Seriously though, there might be a market for an
Mission Impossible drive retrofit kits which could be triggered by SW or
HW.

--Steve


PGP Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear             | Internet: azur at netcom.com
Lamarr Labs              | Voice: 1-702-658-2654
7075 West Gowan Road     | Fax: 1-702-658-2673
Suite 2148               |
Las Vegas, NV 89129      |
---------------------------------------------------------------------

Internet and Wireless Development

Defeat the Demopublican Unity Party. Vote no on Clinton/Dole in November.
   Vote Harry Browne, Libertarian, for President.
http://www.harrybrowne96.org







From ph at netcom.com  Fri Nov 15 21:50:42 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 21:50:42 -0800 (PST)
Subject: Playing Cards
Message-ID: <v02140b01aeb302e6b38c@[192.0.2.1]>


At 7:04 PM 11/15/1996, Hal Finney wrote:
>From: ph at netcom.com (Peter Hendrickson)
>> A well shuffled deck of 54 cards has about 237 bits of entropy.  This
>> is easy to use: the program asks the order of the cards, converts this
>> to a string, and runs it through a one-way hash.  (Entering the cards
>> is a bit of a nuisance.  Is there an easy way to have them read
>> automatically?)

> I heard that Bruce Schneier has devised a cryptosystem based on a card
> deck for a future book by Neal Stephenson.  It is supposed to be simple
> enough for a person to use manually, but complicated enough that it can't
> be broken by computer.  Your idea of using cards as a one time pad is
> somewhat similar, maybe, although I think Bruce's was designed to be
> useful for long messages, providing computational rather than unconditional
> security.

I, for one, am dying of curiousity.  When I asked him about it, he said
he would disclose it "soon".

Peter







From ph at netcom.com  Fri Nov 15 21:52:28 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 15 Nov 1996 21:52:28 -0800 (PST)
Subject: [POLITICS] Re: Members of Parliament Problem
Message-ID: <v02140b02aeb30446063a@[192.0.2.1]>


At 11:31 PM 11/15/1996, Adam Shostack wrote:
>        So, if 'anonymous Senator' came out for legalization, it would
> be declared that it was Kennedy, source of all Liberal Evil.  Good
> policy comes from leaders standing up and leading.  Since they don't,
> I'm a crypto-anarchist.  To try and help the Congress become more
> effective is not in anyones interest, except that class of person who
> makes their living off the workings of government.

>         There are lots of variations on the argument that politics is
> from the greek poly, meaning many, and ticks, a small bloodsucking
> animal.  My interest in creating new, consensual realities is that I
> don't want to be forced to care about the congress.

I may have misunderstood you, but when you suggested "disallowing"
Congressmen to use anonymity, it did not sound consensual.  Even
blood sucking parasites should be allowed to benefit from
cryptoanarchy.

I for one, would be most interested in what Congressmen would have
to say if they knew their words could in no way be traced back to
them.  I suspect that there are a lot of basketcases in Congress
and that this would become clear from the horrible things they would
have to say when they were sure nobody was looking.

Peter







From hyperlex at hol.gr  Fri Nov 15 22:09:05 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Fri, 15 Nov 1996 22:09:05 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611161007.IAA06044@prometheus.hol.gr>


At 01:19 �� 15/11/1996 -0600, snow wrote:
>> Hey man, do they sell "FREEDOM KITS" in American Supermarkets? :-)
>> ROTFL!
>
>      Nope, you have to make your own. The Kit is mostly Education, which
>is available to all. 

Pity; I thought them kits came with a Free Modem Trial Offer! ROTFL! :-)

Seriously, of course...
You have a point there, but... who will educate our educators?
-(if part of this "education" hinders and discourages our Liberty)?




>> >> Just as suddenly, the classic anti-free-speech arguments of "if you
>> >> don't like it, start yer own" begin to surface. (Anyone ever notice
>> >> how this resembles the "love it or leave it" mentality of certain
>> >> American patriotic organizations?)
>> >     It still isn't censorship. Censorship, at least in my dictionary,=20
>> >refers to censor, which uses the word "Official" several times.
>> You mean that if... Dr. Dimitri Vulis hires a Mafia-man to kill ya,=20
>> (to silence you) this wouldn't be censorship, since it would not be
>> "Official"  ? :-)
>
>     It would not be censorship, it would be Conspiracy to murder (I 
>believe, the Legal types could give you the proper charge) on Vulis's part,
>and attempted murder on the Hit Man's part. 

Even Worse! Some dictatorships, as you know, use this type of murder
continually... Even democracies in fact, if we remember JF KEnnedy et.al.

In a _philosophical_ sense, such acts of violence are indeed censorship,
(in the wider sense) of the most brutal kind.
Of course, I agree that in a _dictionary_ sense, you are mostly right...

HOWEVER: It is part our DUTY as Free Men to OVERCOME a serious FALLACY of
most EDUCATION: equating Wider Truths with Narrow Dictionary Definitions.

- I would call these Truths "broader" but I wouldn't like the joke about
  Open Minds liking... Wide Broads!  (Ever heard it?)  ROTFL!!! :-)






>> e.g. Just as aga tolerates me and vice versa, so should Gilmore
>> tolerate Dimitri Vulis.=20
>
>     It wan't his opnions, it was his actions. That is the difference.

There is no difference. Aga is a great guy who in a moment of nationalistic
misunderstanding, called me a number of bad names. And so did I. These are
what you call "actions". They are completely harmless. I am more concerned
about the... flies sitting on the surface of my monitor, hindering my eyes.

So-called "unacceptable" (speech-)acts are less dangerous than FLIES!
:-)

Best Regards and Surrealistic Greek Greetings
George








From cabeen at netcom.com  Fri Nov 15 22:09:16 1996
From: cabeen at netcom.com (Ted Cabeen)
Date: Fri, 15 Nov 1996 22:09:16 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <3.0.32.19961116000841.0095b850@netcom6.netcom.com>


At 06:11 PM 11/15/96 -0800, you wrote:
>Since others have mentioned Macs in this thread, and since I have a Mac, I
>should point out that booting from a locked startup disk is possible, even
>common. Namely, a CD-ROM.
Next time you try booting off of a locked startup disk, try opening the
chooser.  It won't open because to use the chooser requires the startup
disk to be unlocked.  (Last time I checked)
>What an OS would _like_ to write is not the same thing as what it _must_
write.
Yeah, but on mac, some basic functions must write to the boot drive.

--
______________________________________________________________________________
Ted Cabeen         http://shadowland.rh.uchicago.edu         cabeen at netcom.com
Check Website or finger for PGP Public Key        secabeen at midway.uchicago.edu
"I have taken all knowledge to be my province." -F. Bacon   cococabeen at aol.com
"Human kind cannot bear very much reality."-T.S.Eliot 73126.626 at compuserve.com





From azur at netcom.com  Fri Nov 15 22:13:55 1996
From: azur at netcom.com (Steve Schear)
Date: Fri, 15 Nov 1996 22:13:55 -0800 (PST)
Subject: Time Digital: Crime Online
Message-ID: <v02140b02aeb307b85941@[10.0.2.15]>


The winter edition of this bi-monthly has an amusing article, pg 54-58,
about how orgnaized crime is getting more organized with modern technology.
Cases in point:

* A Queens, NY bookie operation doing $65 million per year busted by taping
the their faxes and decoding their hard drives at least one of which had a
menchman's mother's name as the password.

* Cali cartels using up-to-date data management, encryption and SIGINT
methods.  A CIA quote, "...the level of sophistication of the Cali cartel
was about at the level of the KGB when the Soviet Union fell apart."

* According to the article the cost of 'scrubbing' money costs about $0.20
on the dollar in volume.

* The European Union Bank is mentioned as a possible safe haven for laundering.

Among the criminal's tools of the trade, cell phones, scanners and PGP.

-- Steve







From Adamsc at io-online.com  Fri Nov 15 22:51:58 1996
From: Adamsc at io-online.com (Adamsc)
Date: Fri, 15 Nov 1996 22:51:58 -0800 (PST)
Subject: NT insecurity
Message-ID: <19961116064952843.AAA201@rn232.io-online.com>


Given the recent comments about insecure machines, I thought it was
interesting to note that you can clear *every* password on an NT box by using
a diskeditor to corrupt the password file (Boot off of a floppy and use
NTFSDOS if you have to).  It'll reboot several times and then you'll be
allowed to login.

#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From bdolan at USIT.NET  Fri Nov 15 23:25:08 1996
From: bdolan at USIT.NET (Brad Dolan)
Date: Fri, 15 Nov 1996 23:25:08 -0800 (PST)
Subject: Mirror of new export control regulations
In-Reply-To: <v03007801aeb2f057ca8e@[207.167.93.63]>
Message-ID: <Pine.GSO.3.95.961116015745.877B-100000@use.usit.net>


Looks like a trend.  

  In his day job, U.S. Army Maj. Ralph Peters is a strategist for the
  White House Drug czar.  In his spare time, he is a best-selling novelist
  - a kind of thinking man's Tom Clancy - whose previous five books have
  sales totaling at least a million copies world-wide. 
 
  [...H]is next novel, "Twilight of the Heroes," to be published next
  month (Avon, 464 pages, $6.50), is a sharp critique of the U.S. war
  against drug smuggling from South America.

  [...Peters says] a lot is going right in U.S. drug policy nowadays,
  which he calls "a disaster" before Gen. McCaffrey took over.

  [...] Using fiction, he says, lets him speak to a wider audience: "If I
  had written a clinical study of drug policy, it might have sold 2,000
  copies." [...]

    - WSJ, 11/12/96, review by T.E. Ricks, Pentagon Correspondent

In his day job, by the way, Maj. Peters authors articles arguing for
assassination of drug criminals and such.  Much more efficient than
bothering with evidence, trials, and such nuisances.

bd

On Fri, 15 Nov 1996, Timothy C. May wrote:

> At 9:10 PM -0500 11/15/96, Alan Davidson wrote:
> >>http://www.law.miami.edu/~froomkin/nov96-regs.htm
> >
> >
> >It gets even more interesting.  In addition to signing today's Executive
> >Order on encryption, the President also designated Ambassador David L.
> >Aaron as the new "Special Envoy for Cryptography."  (Really, I'm not making
> >this up.)
> 
> Could this be the same David Aaron who writes thriller novels about nuclear
> terrorism?
> 
> 
> (I don't know that it is, by the way, nor am I making a joke. A David
> Aaron, with also diplomatic ties, wrote at least one fine thriller some
> years back. If he's the crypto czar, he can probably spin an appropriately
> scary story to tell the recalcitrant Third Worlders he'll be dealing
> with...countries like France, Britain, etc.)
> 
> --Tim May
> 
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 






From tcmay at got.net  Fri Nov 15 23:30:12 1996
From: tcmay at got.net (Timothy C. May)
Date: Fri, 15 Nov 1996 23:30:12 -0800 (PST)
Subject: Passwords as Galaxies, and Status of the Archives
In-Reply-To: <199611130715.BAA00511@smoke.suba.com>
Message-ID: <v03007804aeb31c5c2260@[207.167.93.63]>


At 11:15 PM -0500 11/15/96, Adam Shostack wrote:
>Tim May & I had a conversation about this in which Tim posted the
>great analogy of searching galaxies in the possible passphrase space.
>The thread covered the question pretty well.
>
>Adam
>
>(Tim, do you have a copy of your post?  I can't think of the right
>search terms for Altavista)

The name of my post was "Passwords as Galaxies." Alas, it does not show up
in an Alta Vista search, so it's probably not in the few archived periods
still available (*).

The approximate date was mid-June 1996. I know this from some followup
posts I still have. Unfortunately, my increasingly twitchy Macintosh--an
architecture that appears to be sinking under the weight of inconsistent
versions, extensions, and other such cruftiness--has dropped a lot of
chunks of my Eudora archives. My backups may have the missing sections, but
I don't have time to sort through them now.

Someone else should have it. Mid-June. "Passwords as Galaxies."

(* And speaking of the Cypherpunks archives, has anyone heard _anything_
from Todd Masco about progress on his site? His Web page,
http://www.hks.net/cpunks/index.html, just reports the same old news:

------------
"March 18, 1996

The cypherpunks and coderpunks pages will be unavailable for the next
couple of days as we switch over to a new line. We apologize for any
inconvenience this might cause.


June 06, 1996

Not to worry, we know the archives are still down. Just a bit longer,
Please be patient."
--------------

Someone alluded to threats by large newspapers to prosecute Copyright
violations (that is, the archive site perpetuates copyright violations, and
Web search engines compound the seriousness) as being a reason the archive
have not come back up. Anyone know if this is really true?

Todd, are you still reading us?

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From gcjones at speedlink.com  Fri Nov 15 23:49:52 1996
From: gcjones at speedlink.com (Glenn C. Jones)
Date: Fri, 15 Nov 1996 23:49:52 -0800 (PST)
Subject: Clinton Issues Exec Order on Crypto Export [long]
Message-ID: <328D6536.24DA@speedlink.com>


November 15, 1996

TEXT OF A LETTER FROM THE PRESIDENT TO THE SPEAKER OF THE
HOUSE OF REPRESENTATIVES AND THE PRESIDENT OF THE SENATE


                           THE WHITE HOUSE
  
                    Office of the Press Secretary
  
  _______________________________________________________________
  
  For Immediate Release                         November 15, 1996
  
  
  
                        TEXT OF A LETTER FROM
                   THE PRESIDENT TO THE SPEAKER OF
                   THE HOUSE OF REPRESENTATIVES AND
                     THE PRESIDENT OF THE SENATE
  
  
                          November 15, 1996
  
  
  
  Dear Mr. Speaker:     (Dear Mr. President:)
  
  In order to take additional steps with respect to the 
  national emergency described and declared in Executive 
  Order 12924 of August 19, 1994, and continued on August 15, 
  1995, and August 14, 1996, necessitated by the expiration of 
  the Export Administration Act (EAA) on August 20, 1994, I hereby 
  report to the Congress that pursuant to section 204(b) of the 
  International Emergency Economic Powers Act, 50 U.S.C. 1703(b) 
  (the "Act"), I have today exercised the authority granted by the 
  Act to issue an Executive order (a copy of which is attached) to 
  revise the provisions that apply to the administration of the 
  export control system maintained by Department of Commerce in 
  the Export Administration Regulations, 15 CFR Part 730 et seq.
  
  The new Executive order relates to my decision to transfer 
  certain encryption products from the United States Munitions 
  List administered by the Department of State to the Commerce 
  Control List administered by the Department of Commerce.  
  When I made that decision I also decided to amend Executive 
  Order 12981 of December 5, 1995, which sets forth procedures 
  for the interagency review and disposition of dual-use export 
  license applications, to include the Department of Justice 
  among the agencies that have the opportunity to review such 
  applications with respect to encryption products transferred 
  to Department of Commerce control.
  
  Also, in issuing the new order, I provided for appropriate 
  controls on the export and foreign dissemination of encryption 
  products transferred to the Department of Commerce.  Among 
  other provisions, I determined that the export of encryption 
  products transferred to Department of Commerce control could 
  harm national security and foreign policy interests of the 
  United States even where comparable products are or appear to 
  be available from foreign sources.  Accordingly, the new order 
  makes clear that any EAA provision dealing with issuance of 
  licenses or removal of controls based on foreign availability 
  considerations shall not apply with respect to export controls 
  on such encryption products.  Notwithstanding this, the 
  Secretary of Commerce retains the discretion to consider the 
  foreign availability of comparable encryption products in any 
  particular case.
  
                                Sincerely,
  
  
                                WILLIAM J. CLINTON
  
  
                               #  #  #

                           THE WHITE HOUSE
  
                    Office of the Press Secretary
  
  _______________________________________________________________
  
  For Immediate Release                         November 15, 1996
  
  
  
                          November 15, 1996
  
  
  
  MEMORANDUM FOR THE VICE PRESIDENT
                 THE SECRETARY OF STATE
                 THE SECRETARY OF THE TREASURY
                 THE SECRETARY OF DEFENSE
                 THE ATTORNEY GENERAL
                 THE SECRETARY OF COMMERCE
                 UNITED STATES TRADE REPRESENTATIVE
                 DIRECTOR OF THE OFFICE OF MANAGEMENT AND BUDGET
                 CHIEF OF STAFF TO THE PRESIDENT
                 DIRECTOR OF CENTRAL INTELLIGENCE
                 DIRECTOR, FEDERAL BUREAU OF INVESTIGATION
                 DIRECTOR, NATIONAL SECURITY AGENCY
                 ASSISTANT TO THE PRESIDENT FOR NATIONAL
                    SECURITY AFFAIRS
                 ASSISTANT TO THE PRESIDENT FOR ECONOMIC POLICY
                 ASSISTANT TO THE PRESIDENT FOR SCIENCE AND
                    TECHNOLOGY POLICY
                 
  SUBJECT:       Encryption Export Policy
  
  
  Encryption products, when used outside the United States, can 
  jeopardize our foreign policy and national security interests.  
  Moreover, such products, when used by international criminal 
  organizations, can threaten the safety of U.S. citizens here 
  and abroad, as well as the safety of the citizens of other 
  countries.  The exportation of encryption products accordingly 
  must be controlled to further U.S. foreign policy objectives, 
  and promote our national security, including the protection of 
  the safety of U.S. citizens abroad.  Nonetheless, because of 
  the increasingly widespread use of encryption products for the 
  legitimate protection of the privacy of data and communications 
  in nonmilitary contexts; because of the importance to U.S. 
  economic interests of the market for encryption products; 
  and because, pursuant to the terms set forth in the Executive 
  order entitled Administration of Export Controls on Encryption 
  Products (the "new Executive order") of November 15, 1996, 
  Commerce Department controls of the export of such dual-use 
  encryption products can be accomplished without compromising 
  U.S. foreign policy objectives and national security interests, 
  I have determined at this time not to continue to designate such 
  encryption products as defense articles on the United States 
  Munitions List.
  
  Accordingly, under the powers vested in me by the Constitution 
  and the laws of the United States, I direct that:
  
  1.  Encryption products that presently are or would be 
  designated in Category XIII of the United States Munitions 
  List and regulated by the Department of State pursuant to 
  the Arms Export Control Act (22 U.S.C. 2778 et seq.) shall 
  be transferred to the Commerce Control List, and regulated 
  by the Department of Commerce under the authority conferred 
  in Executive Order 12924 of August 19, 1994 (as continued on 
  August 15, 1995, and August 14, 1996), Executive Order 12981 
  of December 5, 1995, and the new Executive order except 
  that encryption products specifically designed, developed, 
  configured, adapted, or modified for military applications 
  (including command, control, and intelligence applications), 
  shall continue to be designated as defense articles, shall 
  remain on the United States Munitions List, and shall continue 
  to be controlled under the Arms Export Control Act.  The 
  transfer described in this paragraph shall be effective upon 
  the issuance of final regulations (the "Final Regulations") 
  implementing the safeguards specified in this directive and 
  in the new Executive order.
  
  2.  The Final Regulations shall specify that the encryption 
  products specified in section 1 of this memorandum shall be 
  placed on the Commerce Control List administered by the 
  Department of Commerce.  The Department of Commerce shall, 
  to the extent permitted by law, administer the export of such 
  encryption products, including encryption software, pursuant 
  to the requirements of sections 5 and 6 of the former Export 
  Administration Act (50 U.S.C. App. 2405 and 2406), and the 
  regulations thereunder, as continued in effect by Executive 
  Order 12924 of August 19, 1994 (continued on August 15, 1995, 
  and on August 14, 1996), except as otherwise indicated in or 
  modified by the new Executive order, Executive Order 12981 of 
  December 5, 1995, and any Executive orders and laws cited 
  therein.
  
  3.  The Final Regulations shall provide that encryption 
  products described in section 1 of this memorandum can be 
  licensed for export only if the requirements of the controls 
  of both sections 5 and 6 of the former Export Administration 
  Act (50 U.S.C. App. 2405 and 2406), and the regulations 
  thereunder, as modified by the new Executive order, Executive 
  Order 12981 of December 5, 1995, and any Executive orders 
  and laws cited therein, are satisfied.  Consistent with 
  section 742.1(f) of the current Export Administration 
  Regulations, the Final Regulations shall ensure that a license 
  for such a product will be issued only if an application can 
  be and is approved under both section 5 and section 6.  The 
  controls on such products will apply to all destinations.  
  Except for those products transferred to the Commerce Control 
  List prior to the effective date of the Final Regulations, 
  exports and reexports of encryption products shall initially be 
  subject to case-by-case review to ensure that export thereof 
  would be consistent with U.S. foreign policy objectives and 
  national security interests, including the safety of U.S. 
  citizens.  Consideration shall be given to more liberalized 
  licensing treatment of each such individual product after 
  interagency review is completed.  The Final Regulations shall 
  also effectuate all other specific objectives and directives set 
  forth in this directive.
  
  4.  Because encryption source code can easily and mechanically 
  be transformed into object code, and because export of such 
  source code is controlled because of the code's functional 
  capacity, rather than because of any "information" such code 
  might convey, the Final Regulations shall specify that 
  encryption source code shall be treated as an encryption 
  product, and not as technical data or technology, for export 
  licensing purposes.
  
  5.  All provisions in the Final Regulations regarding 
  "de minimis" domestic content of items shall not apply with 
  respect to the encryption products described in paragraph 1 
  of this memorandum.
  
  6.  The Final Regulations shall, in a manner consistent with 
  section 16(5)(C) of the EAA, 50 U.S.C. App. 2415(5)(C), provide 
  that it will constitute an export of encryption source code 
  or object code software for a person to make such software 
  available for transfer outside the United States, over radio, 
  electromagnetic, photooptical, or photoelectric communications 
  facilities accessible to persons outside the United States, 
  including transfer from electronic bulletin boards and Internet 
  file transfer protocol sites, unless the party making the 
  software available takes precautions adequate to prevent the 
  unauthorized transfer of such code outside the United States.
  
  7.  Until the Final Regulations are issued, the Department of 
  State shall continue to have authority to administer the export 
  of encryption products described in section 1 of this memorandum 
  as defense articles designated in Category XIII of the United 
  States Munitions List, pursuant to the Arms Export Control Act.
  
  8.  Upon enactment of any legislation reauthorizing the 
  administration of export controls, the Secretary of Defense, 
  the Secretary of State, and the Attorney General shall reexamine 
  whether adequate controls on encryption products can be 
  maintained under the provisions of the new statute and advise 
  the Secretary of Commerce of their conclusions as well as any 
  recommendations for action.  If adequate controls on encryption 
  products cannot be maintained under a new statute, then such 
  products shall, where consistent with law, be designated or 
  redesignated as defense articles under 22 U.S.C. 2778(a)(1), 
  to be placed on the United States Munitions List and controlled 
  pursuant to the terms of the Arms Export Control Act and the 
  International Traffic in Arms Regulations.  Any disputes 
  regarding the decision to designate or redesignate shall be 
  resolved by the President.
  
  
  
                                     WILLIAM J. CLINTON
  
  
  
                                # # #

                           THE WHITE HOUSE
  
                    Office of the Press Secretary
  
  _______________________________________________________________
  
  For Immediate Release                         November 15, 1996
  
  
                           EXECUTIVE ORDER
  
                            - - - - - - -
  
       ADMINISTRATION OF EXPORT CONTROLS ON ENCRYPTION PRODUCTS
  
  
       By the authority vested in me as President by the 
  Constitution and the laws of the United States of America, 
  including but not limited to the International Emergency 
  Economic Powers Act (50 U.S.C. 1701 et seq.), and in order to 
  take additional steps with respect to the national emergency 
  described and declared in Executive Order 12924 of August 19, 
  1994, and continued on August 15, 1995, and on August 14, 1996, 
  I, WILLIAM J. CLINTON, President of the United States of 
  America, have decided that the provisions set forth below shall 
  apply to administration of the export control system maintained 
  by the Export Administration Regulations, 15 CFR Part 730 
  et seq. ("the EAR").  Accordingly, it is hereby ordered as 
  follows:
  
       Section 1.  Treatment of Encryption Products.  In order 
  to provide for appropriate controls on the export and foreign 
  dissemination of encryption products, export controls of 
  encryption products that are or would be, on this date, 
  designated as defense articles in Category XIII of the 
  United States Munitions List and regulated by the United States 
  Department of State pursuant to the Arms Export Control Act, 
  22 U.S.C. 2778 et seq. ("the AECA"), but that subsequently are 
  placed on the Commerce Control List in the EAR, shall be subject 
  to the following conditions:  (a)  I have determined that the 
  export of encryption products described in this section could 
  harm national security and foreign policy interests even where 
  comparable products are or appear to be available from sources 
  outside the United States, and that facts and questions 
  concerning the foreign availability of such encryption products 
  cannot be made subject to public disclosure or judicial review 
  without revealing or implicating classified information that 
  could harm United States national security and foreign policy 
  interests.  Accordingly, sections 4(c) and 6(h)(2)-(4) of 
  the Export Administration Act of 1979 ("the EAA"), 50 U.S.C. 
  App. 2403(c) and 2405(h)(2)-(4), as amended and as continued 
  in effect by Executive Order 12924 of August 19, 1994, and 
  by notices of August 15, 1995, and August 14, 1996, all 
  other analogous provisions of the EAA relating to foreign 
  availability, and the regulations in the EAR relating to such 
  EAA provisions, shall not be applicable with respect to export 
  controls on such encryption products.  Notwithstanding this, 
  the Secretary of Commerce ("Secretary") may, in his discretion, 
  consider the foreign availability of comparable encryption 
  products in determining whether to issue a license in a 
  particular case or to remove controls on particular products, 
  but is not required to issue licenses in particular cases or 
  to remove controls on particular products based on such 
  consideration;
  
       (b)  Executive Order 12981, as amended by Executive 
  Order 13020 of October 12, 1996, is further amended as follows:
  
       (1)  A new section 6 is added to read as follows:  
  "Sec. 6.  Encryption Products.  In conducting the license 
  review described in section 1 above, with respect to export 
  controls of encryption products that are or would be, on 
  November 15, 1996, designated as defense articles in Category 
  XIII of the United States Munitions List and regulated by the 
  United States Department of State pursuant to the Arms Export 
  Control Act, 22 U.S.C. 2778 et seq., but that subsequently are 
  placed on the Commerce Control List in the Export Administration 
  Regulations, the Departments of State, Defense, Energy, and 
  Justice and the Arms Control and Disarmament Agency shall have 
  the opportunity to review any export license application 
  submitted to the Department of Commerce.  The Department of 
  Justice shall, with respect to such encryption products, be a 
  voting member of the Export Administration Review Board 
  described in section 5(a)(1) of this order and of the Advisory 
  Committee on Export Policy described in section 5(a)(2) of this 
  order.  The Department of Justice shall be a full member of the 
  Operating Committee of the ACEP described in section 5(a)(3) of 
  this order, and of any other committees and consultation groups 
  reviewing export controls with respect to such encryption 
  products."
  
       (2)  Sections 6 and 7 of Executive Order 12981 of 
  December 5, 1995, are renumbered as new sections 7 and 8, 
  respectively.
  
       (c)  Because the export of encryption software, like the 
  export of other encryption products described in this section, 
  must be controlled because of such software's functional 
  capacity, rather than because of any possible informational 
  value of such software, such software shall not be considered 
  or treated as "technology," as that term is defined in 
  section 16 of the EAA (50 U.S.C. App. 2415) and in the EAR 
  (61 Fed. Reg. 12714, March 25, 1996);
  
       (d)  With respect to encryption products described in this 
  section, the Secretary shall take such actions, including the 
  promulgation of rules, regulations, and amendments thereto, as 
  may be necessary to control the export of assistance (including 
  training) to foreign persons in the same manner and to the same 
  extent as the export of such assistance is controlled under the 
  AECA, as amended by section 151 of Public Law 104-164;
  
       (e)  Appropriate controls on the export and foreign 
  dissemination of encryption products described in this section 
  may include, but are not limited to, measures that promote the 
  use of strong encryption products and the development of a key 
  recovery management infrastructure; and
  
       (f)  Regulation of encryption products described in this 
  section shall be subject to such further conditions as the 
  President may direct.
  
       Sec. 2.  Effective Date.  The provisions described in 
  section 1 shall take effect as soon as any encryption products 
  described in section 1 are placed on the Commerce Control List 
  in the EAR.
  
       Sec. 3.  Judicial Review.  This order is intended only to 
  improve the internal management of the executive branch and to 
  ensure the implementation of appropriate controls on the export 
  and foreign dissemination of encryption products.  It is not 
  intended to, and does not, create any rights to administrative 
  or judicial review, or any other right or benefit or trust 
  responsibility, substantive or procedural, enforceable 
  by a party against the United States, its agencies or 
  instrumentalities, its officers or employees, or any other 
  person.
  
  
  
                                WILLIAM J. CLINTON
  
  THE WHITE HOUSE,
      November 15, 1996.





From hyperlex at hol.gr  Sat Nov 16 00:27:17 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sat, 16 Nov 1996 00:27:17 -0800 (PST)
Subject: THAT is what makes (ANY) "John" an ASSHOLE!
Message-ID: <199611161225.KAA11219@prometheus.hol.gr>


Flames? What flames?  Hm...

I'm neither a fireman, nor a... pyromaniac! :-)

******************************************************************
Gradually, I came to the conclusion that "Flame wars" rage-on
because of INTOLERANCE.  Typically, they develop at a "meta-level"
to the flames _themselves_, and escalate when people start talking
about "getting offended" and that kind of shit, aiming at CONTROL.
******************************************************************



At 08:00 �� 15/11/1996 -0500, aga wrote:

>This whole thing boils down to John Gilmore not liking
>"rants" or "personal attacks."  What does that chicken-shit
                                 **************************
>punk hide behind in real life?  When his terminal is not
 ********************************************************
>protecting him?
 ***************
  ^^^
VERY IMPORTANT ($1000-) QUESTION HERE!
( I've often wondered myself... )

i.e. (the wider issue) HOW does cowardice manage to *fake* power?

Well, having lived outside my country for about 15 years, at first
I tried to blame... some nationalities (such as the English) for
possessing the cowardice which is the root of the problem.
(-NOT true, in fact. Being "reserved" is not always "cowardly").

Then I blamed the... gullible Americans; then my... "buzuki-minded"
Greek compatriots (those who've never been outside their villages).
(BTW a "buzuki" is a fuckin-awful Greek/Turkish musical instrument
 I can't stand, which puts me in the minority over here)... :-)

However, it's a deeper and wider problem than such narrow "national"
explanations. Boils down to _personal_ growth, maturity, tolerance,
and the ability to respond in a "tit-for-tat" basis, rather than a
"look mummy what they've done to me" mentality-basis (TM/worldwide).

Another way of looking at it is this: DO NOT carry guns when going
to the... saloon (or to the Internet discussion)... :-)
( A list-owner's _only_ gun is "forcible unsubcription". )


Tit-for-Tat is simple enough, and does NOT always imply escalation;
e.g. If someone calls me an asshole, I _also_ call the guy an
asshole. It doesn't have to continue... Then (and only then)
_if_ he and I calm down, we MIGHT buy each other drinks!

The Anglo-Saxon way of Politeness and the Greek way of Expressiveness
are not incompatible, BTW: Oscar Wilde said that "A gentleman is a man
who knows _when_ to be rude".

Of course, gentlemen ALSO make mistakes. (AND admit them, bravely;
in direct contrast to the view that "a man admits no mistake").

But if you called me an asshole, and I REFRAINED from answering back,
becoming friends again would be indeed humiliating: THIS is the Greek
way, as I understand it; Insults can be *CATHARTIC*. Censoring insults
is HIDEOUS, HOSTILE, and DANGEROUS. I can forgive ANY insult, but NOT
an act of censorship. Either we speak as equals, or else we kill each
other. And censorship is like _spiritual_ MURDER, philosophically.

I also never understood why an insult offends the "insultee"; Is not
"hurt" an indication that the "offensive" attributions are TRUE?

Some of my English friends never understood why the Greeks burst
out in laughter with some of the most horrifying insults... :-)



>John Gilmore is connected with the corrupt
>cabal boys anyway, so he should be dismissed as anybody having
>any credibility any more.
>
>"Once you pull the first plug, you are forever more a whore,"
  **********************************************************
>as the greeks would say.

A ha ha! :-)
Indeed (and it rhymes!)

Minor Correction: (Once pulling a plug) one is a pimp, not a whore.
A whore's worst problem is that she OBEYS her pimp.
And we intend NOT TO become WHORES for the benefit of (would-be-)
Net-pimps censoring us in order to hide their cowardice in REAL life.


Regards
George

P.S.
Why do I agree with Aga? My life outside the Net guarantees SOME sanity;
E.g. the climate here allows me to swim nearly every day in the beach! :-)
(except in December/January/February). So,
I prefer to be liked for what I am, or what I do in _real_ life, rather
than for my... scribbles in the Net (as I write for... pleasure mostly!)

*************************************************************************
"A beautiful female ass is worth a thousand Buddhas".
                        (Greek... Heterosexist Zen-saying). :-)
*************************************************************************

P.S.2 (added later)
Semantically speaking, the word "poutana"(whore) in Greek can also mean...
someone really clever, ya know. So let's not underestimate whores! :-)

Here is a list of a few WEIRD semantic connotations in the Greek language:

"Big Whore"  ("megali poutana")  =  Very shrewd clever guy; Shrewd salesman.

"Big Faggot" ("megalos poustis") =  Very Devious (or Secretive) Impauster.

"Big Wanker" ("megalos malakas") =  Very gullible stupid guy; Clueless fool.

"Big Pimp"   ("megalo-tavatzis") =  Authoritarian or Censorous Media Director.

The sexual connotations are often LOST; those listed above are more valid. :)

Complaints about "political correctness" are irrelevant. You hear gay people
call each other "poustis" and women call each other the same names too...







From shamrock at netcom.com  Sat Nov 16 00:43:07 1996
From: shamrock at netcom.com (Lucky Green)
Date: Sat, 16 Nov 1996 00:43:07 -0800 (PST)
Subject: National Emergency
In-Reply-To: <1.5.4.32.19961116025012.00719c0c@pop.pipeline.com>
Message-ID: <Pine.3.89.9611160011.A20385-0100000@netcom14>


On Fri, 15 Nov 1996, John Young wrote:

> Hal Finney wrote:
> 
> >I found interesting is that it refers to the fact that we are currently
> >living under a state of national emergency!  [Snip]
> 
> The same emergency was invoked for the same purpose in December,
> 1995, with citation of the elusive EO 12924 identical to the latest EO.

Sorry if I am a bit slow here. We are under a state of emergency?

--Lucky





From shamrock at netcom.com  Sat Nov 16 00:49:35 1996
From: shamrock at netcom.com (Lucky Green)
Date: Sat, 16 Nov 1996 00:49:35 -0800 (PST)
Subject: Passwords as Galaxies, and Status of the Archives
In-Reply-To: <v03007804aeb31c5c2260@[207.167.93.63]>
Message-ID: <Pine.3.89.9611160013.A20385-0100000@netcom14>


I think it was "Passwords are galaxies in hyperspace". I may be wrong. 
Either way, this was an excellent tread.


-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
   Member JPFO. "America's Aggressive Civil Rights Organization"

On Fri, 15 Nov 1996, Timothy C. May wrote:

> At 11:15 PM -0500 11/15/96, Adam Shostack wrote:
> >Tim May & I had a conversation about this in which Tim posted the
> >great analogy of searching galaxies in the possible passphrase space.
> >The thread covered the question pretty well.
> >
> >Adam
> >
> >(Tim, do you have a copy of your post?  I can't think of the right
> >search terms for Altavista)
> 
> The name of my post was "Passwords as Galaxies." Alas, it does not show up
> in an Alta Vista search, so it's probably not in the few archived periods
> still available (*).
> 
> The approximate date was mid-June 1996. I know this from some followup
> posts I still have. Unfortunately, my increasingly twitchy Macintosh--an
> architecture that appears to be sinking under the weight of inconsistent
> versions, extensions, and other such cruftiness--has dropped a lot of
> chunks of my Eudora archives. My backups may have the missing sections, but
> I don't have time to sort through them now.
> 
> Someone else should have it. Mid-June. "Passwords as Galaxies."
> 
> (* And speaking of the Cypherpunks archives, has anyone heard _anything_
> from Todd Masco about progress on his site? His Web page,
> http://www.hks.net/cpunks/index.html, just reports the same old news:
> 
> ------------
> "March 18, 1996
> 
> The cypherpunks and coderpunks pages will be unavailable for the next
> couple of days as we switch over to a new line. We apologize for any
> inconvenience this might cause.
> 
> 
> June 06, 1996
> 
> Not to worry, we know the archives are still down. Just a bit longer,
> Please be patient."
> --------------
> 
> Someone alluded to threats by large newspapers to prosecute Copyright
> violations (that is, the archive site perpetuates copyright violations, and
> Web search engines compound the seriousness) as being a reason the archive
> have not come back up. Anyone know if this is really true?
> 
> Todd, are you still reading us?
> 
> --Tim May
> 
> 
> 
> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
> 
> 
> 
> 
> 





From aga at dhp.com  Sat Nov 16 01:36:21 1996
From: aga at dhp.com (aga)
Date: Sat, 16 Nov 1996 01:36:21 -0800 (PST)
Subject: Fat Cocksucker John Gilmore-ASSHOLE!
In-Reply-To: <328C8654.4813@tivoli.com>
Message-ID: <Pine.LNX.3.95.961116042518.3091C-100000@dhp.com>


On Fri, 15 Nov 1996, Mike McNally wrote:

> Date: Fri, 15 Nov 1996 09:03:48 -0600
> From: Mike McNally <m5 at tivoli.com>
> Reply-To: freedom-knights at jetcafe.org
> To: aga <aga at dhp.com>
> Cc: freedom-knights at jetcafe.org, Dave Hayes <dave at kachina.jetcafe.org>,
>     declan at well.com, InterNet Freedom Council <ifc at pgh.org>,
>     cypherpunks at toad.com
> Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
> 
> aga wrote:
> > 
> > No it ain't; not after the list gets so big.  Public newsgroups
> > lose all rights of censorship by the owners, and that is law.
> 
> Guffaw, guffaw.
> 
PUKE , PUKE !!!  You are a stupid bastard to laugh.

> (So what if John decided simply to pull the plug on toad in order to
> plug in a new hot tub?)
> 

So what the fuck?  That matters not.  The point is that the 
cypherpunks is an "all or nothing" proposition.  There is no
"in between" allowed any more.  After a certain level, EVERYTHING
reaches the "public doamin," and that is the *common-law of
cyberspace.*

Like, why is the fatso John Gilmore out here talking about this?
Steve Boursy says all of this should go to UseNet, so it goes.

> ______c_________________________________________________________________
> Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
> mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
> http://www.io.com/~m101/                 * processing" are different!
> 

We want John Gilmore to respond to this censorous matter on the net.

-aga






From alan at ctrl-alt-del.com  Sat Nov 16 01:52:45 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Sat, 16 Nov 1996 01:52:45 -0800 (PST)
Subject: Giving Kill Files a Workout...
Message-ID: <3.0b36.32.19961116015217.00e4c738@mail.teleport.com>


What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"

So far i have killfiled three people in the past two days.  (That is the
total number I filtered to trash before that date.)

For those of you who are sick of wading through this mess, I am willing to
show you what it will take to filter those of your choice to /dev/null or
its local equivelent. (procmail can be your friend!)

Maybe after some creative filtering, the list will settle back to the usual
noise, instead of the net-loon noise.



---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From aga at dhp.com  Sat Nov 16 02:08:56 1996
From: aga at dhp.com (aga)
Date: Sat, 16 Nov 1996 02:08:56 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <c=US%a=_%p=Inference%l=LANDRU-961115201523Z-5419@landru.novato.inference2.com>
Message-ID: <Pine.LNX.3.95.961116050451.3091G-100000@dhp.com>


On Fri, 15 Nov 1996, James A. Tunnicliffe
 wrote:

> Date: Fri, 15 Nov 1996 12:15:23 -0800
> From: "James A. Tunnicliffe" <Tunny at inference.com>
> To: 'aga' <aga at dhp.com>
> Cc: 'cypherpunks' <cypherpunks at toad.com>
> Subject: RE: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> Aga wrote:
> > > >Why?  Are you a criminal?
> > > >What are you hiding behind your PGP?
> > > 
> > > Okay, I'll bite.  Where is it said that a person who wants h[is,er]
> > > privacy
> > > is a criminal?  Charlie McCarthy might have said that.
> 
> [...deletia...]
> 
> > The more you PGP, the worse you look.  Nobody reads your e-mail,
> > so stop being so paranoid.
> >
> > -aga
> 
> Sigh. I really don't have time for unimaginative trollers, and
> you've caught your limit, so into the killfile you go. Still, I
> would appreciate it if you could see your way clear to quit
> posting these trolls on cypherpunks, since it does make it harder
> to effectively filter the responses from people who make the
> mistake of taking you seriously.
> 

Look dude, I do not post anything to cypherpunks; I never joined the
mailing list, so that list is irrelevant.

> Thank you for your kind consideration,
> 

That is kool, dude.  But tell me; just why the hell did you
put the cypherpunks mailing list in the header?  I never joined the
fucking list, so nothing that i write would go to that list.
See, right away, you have the appearance of a back-stabber.

> Tunny
> ======================================================================
>  James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
>  Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
>  tunny at Inference.com    |                    36 07 D9 33 3D 32 53 9C
> ======================================================================
> 
> 

Again, only suspicious people use PGP.  get ready to fuck and
wipe your ass in public.

-a






From tfs at adsl-122.cais.com  Sat Nov 16 02:25:35 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Sat, 16 Nov 1996 02:25:35 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <UPMAIL07.199611151356330254@msn.com>
Message-ID: <9611161024.AA00954@adsl-122.cais.com>


Stephen Boursy wrote, along with a horde of others with no lives:
[lots of worthless crap snipped out]
> 
> None of that analogy is applicable to the cyberpunks list.
> When a list gets as big as that, it it no longer to be considered
> a "mailing-list" but it is a _public_ forum.  The whole problem
> here is the abuse of power by both the EFF and John Gilmore.
> 
It's not an abuse of power. It was an effort to curtail inappropriate
SPAM. Much like this entire topic has become non-crypto SPAM on the
cypherpunks list. 
> 
>   Well then let's put their precious censored mailing list in 
> the public domain.

Hmm, above that you tried to argue that it wasn't a list, but a
"public forum", logicly then you state that it is allready in
the "public domain". Then you turn around and say it isn't, and
should be taken from a private forum into the "public domain".
Perhaps if you stopped ranting, you might realize your mistake. 

> 
> 
> Wrong!  The cyberpunks mailing list is PUBLIC property and should
> NOT be controlled by John Gilmore!  This just goes to show the real
> facist censorship motives that the EFF has behind it.

Ahh, but you previously said it wasn't public property. 
That aside, just because you say it is, doesn't mean it's so. Now
I realize that up there at MonopolySoft, that sort of logic actually
works, but in the real world it doesn't. The content may very well be
"public property" as such, but the list itself, and where it resides
are not public property. 

> 
> Time to kill the EFF, and let it rot in hell.  They are disgrace
> to the entire InterNet community.  I run 6 different mailing lists,
> and have NEVER puled the plug on anyone, even when they criticize me.

Please, the EFF is NOT a Cypherpunks organization. They may share
some of the same goals, but they arn't the same. This should be obvious
to even the most logicly deficient. 
Oh, and it's spelled "internet", and when use inside a sentance, it isn't
capitolized, no matter what Bill tells you. And if you pulled the plug
on any of your 6 lists, the members would have the option of reforming
another list someplace else, but it would be YOUR OPTION to pull the
plug, unless you were "only" the adminstrator, and not the list "owner".
John owns the list in the classic sense. (Ok I realize I may have lost
you there Mr. "InterNet", but the way it works is that either organizations
or individuals own lists, in this case it's an individual.)

> 
> The first time is the time when you lose all credibility, and there
> is never any forgiveness for a plug-puller.
> 

All bullshit aside, this whole thing has NOTHING to do with crypto.
And it has very VERY little to do with censorship either. And it's
gotten way, way out of hand. I suggest that it might be better not
to spam cypherpunks with this stuff, and to give it a rest. Between
the 2 lists & various people I see represented here, with all due &
serious respect, you folks have GOT to have better, more important,
and far more deserving issues to devote your time to. I would hope
that you would take a few moments and think about those things, and
consider acting appropriatly in light of those thoughts.

Tim Scanlon








From unicorn at schloss.li  Sat Nov 16 02:26:42 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 16 Nov 1996 02:26:42 -0800 (PST)
Subject: Conspiring to commit voodoo
In-Reply-To: <199611150326.TAA07305@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961116052424.15846A-100000@polaris>


On Thu, 14 Nov 1996, jim bell wrote:

> This story further confirms my lack of respect for Unicorn.  

Mr. Bell, if you keep complimenting me I'll begin to think perhaps I'm
being hit on.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From aga at dhp.com  Sat Nov 16 02:27:58 1996
From: aga at dhp.com (aga)
Date: Sat, 16 Nov 1996 02:27:58 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611152058.MAA26315@netcom6.netcom.com>
Message-ID: <Pine.LNX.3.95.961116051946.3091I-100000@dhp.com>


On Fri, 15 Nov 1996, Bill Frantz wrote:

> Date: Fri, 15 Nov 1996 13:02:04 -0800
> From: Bill Frantz <frantz at netcom.com>
> To: snow <snow at smoke.suba.com>, Dave Hayes <dave at kachina.jetcafe.org>,
>     aga <aga at dhp.com>
> Cc: declan at well.com, cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
> 
> aga <aga at dhp.com> wrote:
> >Let's stay on topic here -- John Gilmore is a censorous asshole
> >for pulling Vulis's plug.  The topic has nothing to do with
> >the Freedom-Knights.
> 
> At 12:19 AM 11/15/96 -0600, snow wrote:
> >> [This is a rebuttal to a misguided news article.]
> >> > Cypher-Censored
> >> > By Declan McCullagh (declan at well.com)
> >> >    The list is on Gilmore's machine and he can do what he wants with
> >> >    it; he can moderate the postings, he can censor material, he can
> >> >    shut the whole thing down. By kicking off an offending user, a
> >> >    list owner merely exercises his property right. There's no
> >> >    government involvement, so the First Amendment doesn't apply. And
> >> >    the deleted, disgruntled user is free to start his own mailing
> >> >    list with different rules.
> >> 
> >> Notice how, once the opposition is admitted to, the rationalization
> >> begins. Suddenly this is not a matter of censorship, but of ownership.
> >> Just as suddenly, the classic anti-free-speech arguments of "if you
> >> don't like it, start yer own" begin to surface. (Anyone ever notice
> >> how this resembles the "love it or leave it" mentality of certain
> >> American patriotic organizations?)
> >
> >     It still isn't censorship. Censorship, at least in my dictionary, 
> >refers to censor, which uses the word "Official" several times. Mr. 
> >Gilmore is not an "Official" in a government sense, he maybe in the EFF
> >sense, but this is not an "Official" EFF organ, so that doesn't count. 
> 
> Even more important is the fact that Mr. Gilmore did not prevent Mr. Vulis
> from speaking.  No restraint on speech implies no censorship.  Therefor Mr.
> Vulis was not censored.  Q.E.D.
> 
> You all are perfectly free to like or not like what Mr. Gilmore did. 
> However, don't call it censorship because it wasn't.
> 

Yes it WAS!!  He censored the mode and manner of the speaker.
He censored the personal attacks and the rants and the racial
diatribes!  And that SUCKS!  Gilmore was a fucking asshole for
doing it!  And Gilmore is the WORST kind of censor that there
can be, one who censors a person's "style."

-aga.admin
InterNet Freedom Council






From aga at dhp.com  Sat Nov 16 02:28:22 1996
From: aga at dhp.com (aga)
Date: Sat, 16 Nov 1996 02:28:22 -0800 (PST)
Subject: Fat Cocksucker John Gilmore-ASSHOLE!
Message-ID: <199611161028.EAA12575@mailhost.onramp.net>


On Fri, 15 Nov 1996, Mike McNally wrote:

> Date: Fri, 15 Nov 1996 09:03:48 -0600
> From: Mike McNally <m5 at tivoli.com>
> Reply-To: freedom-knights at jetcafe.org
> To: aga <aga at dhp.com>
> Cc: freedom-knights at jetcafe.org, Dave Hayes <dave at kachina.jetcafe.org>,
>     declan at well.com, InterNet Freedom Council <ifc at pgh.org>,
>     cypherpunks at toad.com
> Subject: Re: THAT is what makes John Gilmore an ASSHOLE!
> 
> aga wrote:
> > 
> > No it ain't; not after the list gets so big.  Public newsgroups
> > lose all rights of censorship by the owners, and that is law.
> 
> Guffaw, guffaw.
> 
PUKE , PUKE !!!  You are a stupid bastard to laugh.

> (So what if John decided simply to pull the plug on toad in order to
> plug in a new hot tub?)
> 

So what the fuck?  That matters not.  The point is that the 
cypherpunks is an "all or nothing" proposition.  There is no
"in between" allowed any more.  After a certain level, EVERYTHING
reaches the "public doamin," and that is the *common-law of
cyberspace.*

Like, why is the fatso John Gilmore out here talking about this?
Steve Boursy says all of this should go to UseNet, so it goes.

> ______c_________________________________________________________________
> Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
> mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
> http://www.io.com/~m101/                 * processing" are different!
> 

We want John Gilmore to respond to this censorous matter on the net.

-aga








From paul at fatmans.demon.co.uk  Sat Nov 16 02:58:59 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Sat, 16 Nov 1996 02:58:59 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <848137382.624190.0@fatmans.demon.co.uk>


-----BEGIN PGP SIGNED MESSAGE-----


> Is there a way to take published public keys and combine them with
> your own in such a way that your identity is not compromised, but
> it is clear beyond a doubt that you control one of a set of public
> keys?

An obvious solution would be a shared public key/private key pair 
between a number of users then use them for digital signatures and 
route the messages through an anonymous server.


You could also have an arbitrated blind signature protocol whereby 
trent shares a keypair with all users. bob encrypts his comment, M 
with the key he shares with trent. On recieving it trent carries out 
a blind signature on it and publishes it, as trent knows only bob has 
the shared key, K he knows bob said M but as it is a blind sigature 
and he is likely to be signing a lot of messages (trent is of course 
a computer program) he doesn`t know which message came from bob.

Also Chaums group signatures could be used but unfortunately the 
arbitrator can find out who said what, but does not normally know.
Also trent can forge digital signatures with this protocol.
Chaum further mentions protocols for this sort of thing that do not 
even need an arbitrator but I don`t have the papers on this.


  

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: cp850

iQCVAwUBMoyPCr5OPIRbv66xAQE6pQQAvs/NVY8s6Uid186CAQf8Q+iZucYtzRM7
iNjR0RkiNMnYACgHG0NO9UfkPgKGdomMQrGJFubH9O2/fnbMAIGZh8gv+k9P7iYl
5lMfCtCQe4AgeCyS2YRLMEYQiI6MAqWn4HoTzA58gWRbtOHeIZNpw/vc/hTqBbA7
3sDsOGYqqCk=
=kiS8
-----END PGP SIGNATURE-----

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From aga at dhp.com  Sat Nov 16 03:00:05 1996
From: aga at dhp.com (aga)
Date: Sat, 16 Nov 1996 03:00:05 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961115150539.8326C-100000@kinch.ark.com>
Message-ID: <Pine.LNX.3.95.961116053753.3091K-100000@dhp.com>


On Fri, 15 Nov 1996, Dave Kinchlea wrote:

> Date: Fri, 15 Nov 1996 15:18:12 -0800 (PST)
> From: Dave Kinchlea <security at kinch.ark.com>
> To: aga <aga at dhp.com>
> Cc: cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> So, you send all of your snail mail on post cards do you? No
> sealed envelopes at all? Afterall you have nothing to hide, right?
> 

Irrelevant analogy; snail.mail and e-mail.  The former is in physical
form, and the latter usually never is.

> Of course not, privacy isn't about being a criminal, its about being
> private. It is not akin to anonymity, *perhaps* those who work
> anonymously have `something to hide' (still doesn't necessarily make
> them a criminal, however), 

Anonymity on the InterNet is a Constitutional right, and is the
sole supporter of freedom of speech.

> I'll let someone else field that as I feel
> that anonymity is rarely a good thing. 
> 

I disagree, anonymity is a good thing that will never
be questioned by anybody, but your PGP will, and it
is really not safe anyway.

> Privacy, on the other hand, simply means that not everything I do is any
> of your business and I would just as soon you not be tempted to even
> bother trying to find out. 
> 

If you do not send it to me by e-mail, I will never see it.
Why are you so paranoid that someone is reading your e-mail?
I never do anything criminal, so I could give a shit less if
everybody reads all of my fucking mail.

> Of course, if all of your personal mail (including financial statements
> etc) is sent on post cards, then (while I think you would be crazy) I
> will at least admit you are consistent. Else, I think you need to look
> hard at the logic you are using.
> 

Again, inconsistant analogy.  This is nothing but photons in it's
ultimate form, and it will never see paper.  Anything that _you_
print is not attributable to me, and any e-mail printed by you
would never be acceptable as a court exhibit.

stop getting cyberspace mixed up with print.

why do you put that cypherpunks address in the header?
just where did this e-mail originate from?

Steve, are you on that cypherpunks list?

-aga






From aga at dhp.com  Sat Nov 16 03:13:14 1996
From: aga at dhp.com (aga)
Date: Sat, 16 Nov 1996 03:13:14 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <961115203806_1150025335@emout03.mail.aol.com>
Message-ID: <Pine.LNX.3.95.961116061123.3091N-100000@dhp.com>


On Fri, 15 Nov 1996 Bryondp at aol.com wrote:

> Date: Fri, 15 Nov 1996 20:38:08 -0500
> From: Bryondp at aol.com
> To: aga at dhp.com
> Cc: dave at kachina.jetcafe.org, ifc at pgh.org, declan at well.com,
>     cypherpunks at toad.com
> Subject: Re: Censor John Gilmore -- EFF is a disgrace!
> 
> take me off this fucking list
> 

you ain't on any of my lists, dude.
like what fucking list are you on, anyway?






From aga at dhp.com  Sat Nov 16 04:01:06 1996
From: aga at dhp.com (aga)
Date: Sat, 16 Nov 1996 04:01:06 -0800 (PST)
Subject: Does John Gilmore suck tale's cock, too?
In-Reply-To: <9611161024.AA00954@adsl-122.cais.com>
Message-ID: <Pine.LNX.3.95.961116064606.3091R-100000@dhp.com>


On Sat, 16 Nov 1996, Tim Scanlon wrote:

> Date: Sat, 16 Nov 1996 05:24:56 -0500 (EST)
> From: Tim Scanlon <tfs at adsl-122.cais.com>
> To: Stephen Boursy <rent_control at msn.com>
> Cc: aga at dhp.com, freedom-knights at jetcafe.org, cypherpunks at toad.com,
>     dave at kachina.jetcafe.org, declan at well.com, ifc at pgh.org
> Subject: Re: Censor John Gilmore -- EFF is a disgrace!
> 
> Stephen Boursy wrote, along with a horde of others with no lives:
> [lots of worthless crap snipped out]
> > 
> > None of that analogy is applicable to the cyberpunks list.
> > When a list gets as big as that, it it no longer to be considered
> > a "mailing-list" but it is a _public_ forum.  The whole problem
> > here is the abuse of power by both the EFF and John Gilmore.
> > 
> It's not an abuse of power. It was an effort to curtail inappropriate
> SPAM. Much like this entire topic has become non-crypto SPAM on the
> cypherpunks list. 
> > 

No it was not SPAM.  John Gilmore attacked Vulis's style, plain
and simple.  Next time I see John GilMore, I will call him a
censorous motherfucker in public.

> >   Well then let's put their precious censored mailing list in 
> > the public domain.
> 
> Hmm, above that you tried to argue that it wasn't a list, but a
> "public forum", logicly then you state that it is allready in
> the "public domain". Then you turn around and say it isn't, and
> should be taken from a private forum into the "public domain".
> Perhaps if you stopped ranting, you might realize your mistake. 
> 

You missed the whole fucking point, and I ain't going
to waste time saying it again.

> > 
> > 
> > Wrong!  The cyberpunks mailing list is PUBLIC property and should
> > NOT be controlled by John Gilmore!  This just goes to show the real
> > facist censorship motives that the EFF has behind it.
> 
> Ahh, but you previously said it wasn't public property. 
> That aside, just because you say it is, doesn't mean it's so. Now
> I realize that up there at MonopolySoft, that sort of logic actually
> works, but in the real world it doesn't. The content may very well be
> "public property" as such, but the list itself, and where it resides
> are not public property. 
> 
> > 
> > Time to kill the EFF, and let it rot in hell.  They are disgrace
> > to the entire InterNet community.  I run 6 different mailing lists,
> > and have NEVER puled the plug on anyone, even when they criticize me.
> 
> Please, the EFF is NOT a Cypherpunks organization. They may share
> some of the same goals, but they arn't the same. This should be obvious
> to even the most logicly deficient. 
> Oh, and it's spelled "internet", 

No it is not, asshole!  That is the old way of doing things.
It is NOW and always will be the "InterNet" -- I helped build the
motherfucker in 1969, I should know.


and when use inside a sentance, it isn't
> capitolized, no matter what Bill tells you. 

No, it is capitalized, because Grubor tells you.
The name is the GruBoursyNet.

> And if you pulled the plug
> on any of your 6 lists, the members would have the option of reforming
> another list someplace else, but it would be YOUR OPTION to pull the
> plug, unless you were "only" the adminstrator, and not the list "owner".
> John owns the list in the classic sense. (Ok I realize I may have lost
> you there Mr. "InterNet", but the way it works is that either organizations
> or individuals own lists, in this case it's an individual.)
> 
> > 
> > The first time is the time when you lose all credibility, and there
> > is never any forgiveness for a plug-puller.
> > 
> 
> All bullshit aside, this whole thing has NOTHING to do with crypto.
> And it has very VERY little to do with censorship either. And it's
> gotten way, way out of hand. I suggest that it might be better not
> to spam cypherpunks with this stuff, and to give it a rest. Between

I never would join that mailing list, because it is all a bunch
of shit.  The EFF must die, and that is all there is to it.

> the 2 lists & various people I see represented here, with all due &
> serious respect, you folks have GOT to have better, more important,
> and far more deserving issues to devote your time to. I would hope
> that you would take a few moments and think about those things, and
> consider acting appropriatly in light of those thoughts.
> 
> Tim Scanlon
> 

Look Tim, you ain't even on the IFC or the F-K lists, so
what the fuck do you care anyway?  Just go publish this shit
on UseNet, like Mr. Boursy says you should do, and stop
bothering our mailing lists.

Stupid pervert cabal.cocksucker, I bet.

Does John Gilmore suck tale's cock, too?

-aga






From amp at pobox.com  Sat Nov 16 04:50:16 1996
From: amp at pobox.com (amp)
Date: Sat, 16 Nov 1996 04:50:16 -0800 (PST)
Subject: National Emergency
Message-ID: <01IBWMRFDH409BVDF2@MAIL-CLUSTER.PCY.MCI.NET>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Sat Nov 16 06:48:39 1996
 
> I know that the WhiteHouse.gov site has Clinton's EO's (searchable, or,
> with a little finagling, a list of them), but I want *all* of them.
> 
> I'd love to see a site which has all these things.

as would i.

i'd appreciate it if anyone with access to same could post a url or mail me 
about it. 

amp
===
amp at pobox.com
Earth First! We'll strip mine the other planets later!
===
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMo24KVUbR1RWr40pAQHgLwf+PJBccxl5eKIyxoK1AWodP5WYPioIP1SN
zqXo1eNL3CiK/e+UOYJRO4anLpdaZvo/1KJZAsaBZue/OsWqXFkLa67ziGygfZqG
fPCCR5yOuSNS/dKFCW4pbEHWDjw4mw59wmws+xQy5uuZp6seLfduuzdaGLS+HIYn
Ad3weBoafThhtZ47w9DR71ZWFOL2FVvBJNJDhcdN/7zyhBGdhkMics+1EdbI1Z83
Ypu3Uyj9iMk68CrcdRfRTBa0tZq4vSRmFaifzYWgiocIlrit6Bdm4GYueS5Y2Dor
kSLpBo34bgWx1bgofx8qCwKZZka+DE3IGixaeJUspVLL4GYIZSsADQ==
=B+cq
-----END PGP SIGNATURE-----






From wb8foz at wauug.erols.com  Sat Nov 16 04:54:11 1996
From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states)
Date: Sat, 16 Nov 1996 04:54:11 -0800 (PST)
Subject: It is getting easier
In-Reply-To: <199611152058.MAA26324@netcom6.netcom.com>
Message-ID: <199611161254.HAA17949@wauug.erols.com>


Bill Frantz sez:
> 
> At 11:25 PM 11/14/96 -0800, Lucky Green wrote:
> >If I remember correctly, some of the newer transponders used on 
> >commercial aircraft actually transmit GPS data back to the controller in 
> >real time. I wonder how long it will be before the FAA will include such 
> >information in their database.
> 
> I don't think new transponders make much difference.  The old ones heighten
> the radar image of the airplane which gives an accurate 2D position.  This

I missed how this got the 'Punk material, but a friend is running
parts of a test of this.

The en-route radar is roughly the same age as those IBM 360's in the
Centers that you keep hearing about. 

The current approach is radar, [?2 ghz] with interrogation of a
1 ghz transponder via the same array. The xponder has 4 octal digits
and {Mode C} the altitude from an accompanying encoding altimeter.

So the alternate approach is a GPS receiver with a transponder
replying to interrogations with position and altitude. For the most
part, in the "en-route" stage, the futzing by DOD is not a concern
-- all receivers in a given area are equally deceived. [Recall that
the goal is to avoid Delhi incidents.]

During departure and approach, the a/c will use 'differential GPS'
whereby a GPS RX at a known benchmark on the airport will broadcast
what error IT sees. [Errors are roughly linear within X mile zone.]
DGPS will be as good or better than many existing Instrument Landing
Systems, i.e. a few feet in all 3 dimensions...


-- 
A host is a host from coast to coast.................wb8foz at nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433





From clay.olbon at dynetics.com  Sat Nov 16 05:27:02 1996
From: clay.olbon at dynetics.com (Clay Olbon II)
Date: Sat, 16 Nov 1996 05:27:02 -0800 (PST)
Subject: PGP3.0 & ElGamal
Message-ID: <1.5.4.32.19961116132534.00685bf4@ix.netcom.com>


At 08:06 PM 11/14/96 -0800, you wrote:
>> 
>> I'm still mildly curious as to why support for >128 bit keys is not
>> available in any form I know of.
>
>	What do you mean? 3DES ships with Stronghold, and will ship
>with C2Net's other products as well.

Yes, but I believe 3DES has an effective key length of only 112 bits.  Of
course, even this is more than sufficient for a long time to come. 

        Clay

>
>-- 
>Sameer Parekh					Voice:   510-986-8770
>President					FAX:     510-986-8777
>C2Net
>http://www.c2.net/				sameer at c2.net
>
>
*******************************************************
Clay Olbon			clay.olbon at dynetics.com
engineer, programmer, statistitian, etc.
Dynetics, Inc.
**********************************************tanstaafl






From junger at pdj2-ra.F-REMOTE.CWRU.Edu  Sat Nov 16 05:41:57 1996
From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Date: Sat, 16 Nov 1996 05:41:57 -0800 (PST)
Subject: San Jose Mercury News declares encryption battle over
Message-ID: <199611161340.IAA28024@pdj2-ra.F-REMOTE.CWRU.Edu>



  Headline:  Encryption battle ends peacefully

             Technology will block circuitry in exports without U.S.
             licensing

  Byline:    BY RORY J. O'CONNOR
             Mercury News Washington Bureau

  Date:      Published: Nov. 16, 1996

  Opening:   WASHINGTON -- Computer companies and the federal
             government appear to have peacefully resolved a fierce
             battle over the export of powerful coding software in
             computers.

             The computer makers plan to use new technology that would
             block the use of code circuitry in exported computers
             unless both buyer and seller obtain licenses in this
             country.

             The coding software is designed to help people prevent
             their electronic mail, files, credit-card numbers and the
             like from being read by hackers and thieves.

  URL:      http://www.sjmercury.com/business/compute/encrypt1115.htm 

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger at pdj2-ra.f-remote.cwru.edu    junger at samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu





From adam at homeport.org  Sat Nov 16 05:44:06 1996
From: adam at homeport.org (Adam Shostack)
Date: Sat, 16 Nov 1996 05:44:06 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v03007804aeb2a16c7fc4@[205.162.51.35]>
Message-ID: <199611161321.IAA03313@homeport.org>


Jim McCoy wrote:
| Lucky writes:

For the record, this was Peter Hendrickson, not me.

| >> At 9:32 AM 11/15/1996, Adam Shostack wrote:
| >> I've been toying with schemes that multiply the Ns from everybody's
| >> public key to create a new semi-anonymous public key.  The only
| >> problem is that in each case either identity is revealed or the
| >> person seeking semi-anonymously reveals their secret key.  So,
| >> I am not quite there.  ;-)
| >
| >I think that Chaum wrote some papers on group signatures. I'll try to dig
| >them out. But it probably won't be before Sunday.

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume










From apteryx at super.zippo.com  Sat Nov 16 06:41:02 1996
From: apteryx at super.zippo.com (Mark Heaney)
Date: Sat, 16 Nov 1996 06:41:02 -0800 (PST)
Subject: A New Crypto Announcement--Could be Ominous
In-Reply-To: <v03007803aeb2869761df@[207.167.93.63]>
Message-ID: <3290d021.3724525@super.zippo.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 15 Nov 1996 12:49:55 -0800, you wrote:

[snip]
>----end of item---
>
>It sounds ominous to me. Another backroom deal, probably for some form of
>key recovery strategy, aka GAK.
[snip]

It sure looks like it, the following quotes from CNN's web page:  

http://www.cnn.com/TECH/9611/15/encryption.reut/index.html

make it pretty clear that US government-approved export of strong
cryptography is part of the announcement. What else could it be except
gak? 

"If the encryption technology has won the backing of industry and the
U.S. and other governments -- which Hewlett-Packard officials say is
the case -- the development could eliminate a key obstacle to the
growth of electronic commerce via the Internet. "

and

"The technology will make it possible to export products containing
so-called "strong encryption," which have not been exportable under
national security laws dating back to the Cold War. "

Mark


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo3R9N36bir1/qfZAQFGvgMAv274G+Gqaf5RsKkcofh4LJfDjHioKqVU
bc+TPQZJSqDRnXbEpdkKlRGznN7+LPCKXyq/tsIT5PpNBJdyLDJJ9pzrwpGIHDCK
6Qiwa4qWEeye9Lj2YTvLLyQNXcDYgMLr
=O/qi
-----END PGP SIGNATURE-----






From ichudov at algebra.com  Sat Nov 16 06:43:30 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 16 Nov 1996 06:43:30 -0800 (PST)
Subject: ideal secure personal computer system
In-Reply-To: <199611152314.PAA06897@netcom6.netcom.com>
Message-ID: <199611160624.AAA10312@manifold.algebra.com>


Bill Frantz wrote:
> Protection against strangers walking up to your machine and using it is
> nice, and easy to do.  Protection against viruses which install Trojan
> horses in your system would also be nice, but is very hard to do in systems
> where programs run with all the privileges of their users.  Examples
> include (in alpha order): DOS, MacOS, Unix, and Windows (including NT).

I wonder what are the operating systems where programs may be run with
_less_ privileges than the user who starts them? Is VMS one of such 
systems?

thanks

	- Igor.





From junger at pdj2-ra.F-REMOTE.CWRU.Edu  Sat Nov 16 07:49:17 1996
From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger)
Date: Sat, 16 Nov 1996 07:49:17 -0800 (PST)
Subject: Executive Order establishing national emergency
Message-ID: <199611161547.KAA00567@pdj2-ra.F-REMOTE.CWRU.Edu>



Since apparently people are having some difficult in finding
Executive Order No. 12924, which continued the authority for the
Export Control Regulations that are administered by the Commerce
Department, I am posting a copy here.  This is taken from the entry
for 50 USC 1701 in the House of Representatives internet law library.

----------------------begin quoted text-----------------------------


       EX. ORD. NO. 12924. CONTINUATION OF EXPORT CONTROL REGULATIONS

      Ex. Ord. No. 12924, Aug. 19, 1994, 59 F.R. 43437, provided:

      By the authority vested in me as President by the Constitution

    and the laws of the United States of America, including but not

    limited to section 203 of the International Emergency Economic

    Powers Act (''Act'') (50 U.S.C. 1702), I, WILLIAM J. CLINTON,

    President of the United States of America, find that the

    unrestricted access of foreign parties to U.S. goods, technology,

    and technical data and the existence of certain boycott practices

    of foreign nations, in light of the expiration of the Export

    Administration Act of 1979, as amended (50 U.S.C. App. 2401 et

    seq.), constitute an unusual and extraordinary threat to the

    national security, foreign policy, and economy of the United States

    and hereby declare a national emergency with respect to that

    threat.

      Accordingly, in order (a) to exercise the necessary vigilance

    over exports and activities affecting the national security of the

    United States; (b) to further significantly the foreign policy of

    the United States, including its policy with respect to cooperation

    by U.S. persons with certain foreign boycott activities, and to

    fulfill its international responsibilities; and (c) to protect the

    domestic economy from the excessive drain of scarce materials and

    reduce the serious economic impact of foreign demand, it is hereby

    ordered as follows:

      Section 1. To the extent permitted by law, the provisions of the

    Export Administration Act of 1979, as amended, and the provisions

    for administration of the Export Administration Act of 1979, as

    amended, shall be carried out under this order so as to continue in

    full force and effect and amend, as necessary, the export control

    system heretofore maintained by the Export Administration

    regulations issued under the Export Administration Act of 1979, as

    amended.  The delegations of authority set forth in Executive Order

    No. 12002 of July 7, 1977 (50 App. U.S.C. 2403 note), as amended by

    Executive Order No. 12755 of March 12, 1991; Executive Order No.

    12214 of May 2, 1980 (50 App. U.S.C. 2403 note); Executive Order

    No. 12735 of November 16, 1990 (50 U.S.C. 1701 note); and Executive

    Order No. 12851 of June 11, 1993 (22 U.S.C. 2797 note), shall be

    incorporated in this order and shall apply to the exercise of

    authorities under this order.

      Sec. 2. All rules and regulations issued or continued in effect

    by the Secretary of Commerce under the authority of the Export

    Administration Act of 1979, as amended (50 App. U.S.C. 2401 et

    seq.), including those published in Title 15, Subtitle B, Chapter

    VII, Subchapter C, of the Code of Federal Regulations, Parts 768

    through 799, and all orders, regulations, licenses, and other forms

    of administrative action issued, taken, or continued in effect

    pursuant thereto, shall, until amended or revoked by the Secretary

    of Commerce, remain in full force and effect as if issued or taken

    pursuant to this order, except that the provisions of sections

    203(b)(2) and 206 of the Act (50 U.S.C. 1702(b)(2) and 1705) shall

    control over any inconsistent provisions in the regulations.

    Nothing in this section shall affect the continued applicability of

    administrative sanctions provided for by the regulations described

    above.

      Sec. 3. Provisions for administration of section 38(e) of the

    Arms Export Control Act (22 U.S.C. 2778(e)) may be made and shall

    continue in full force and effect until amended or revoked under

    the authority of section 203 of the Act (50 U.S.C. 1702). To the

    extent permitted by law, this order also shall constitute authority

    for the issuance and continuation in full force and effect of all

    rules and regulations by the President or his delegate, and all

    orders, licenses, and other forms of administrative actions issued,

    taken, or continued in effect pursuant thereto, relating to the

    administration of section 38(e).

      Sec. 4. Executive Order No. 12923 of June 30, 1994, is revoked,

    and that declaration of emergency is rescinded.  The revocation of

    Executive Order No. 12923 shall not affect any violation of any

    rules, regulations, orders, licenses, and other forms of

    administrative action under that order that occurred during the

    period the order was in effect.

      Sec. 5. This order shall be effective as of midnight between

    August 20, 1994, and August 21, 1994, and shall remain in effect

    until terminated.                                William J. Clinton.


----------------------end quoted text-------------------------------


--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
Internet:  junger at pdj2-ra.f-remote.cwru.edu    junger at samsara.law.cwru.edu
		     URL:  http://samsara.law.cwru.edu





From m5 at tivoli.com  Sat Nov 16 08:01:23 1996
From: m5 at tivoli.com (Mike McNally)
Date: Sat, 16 Nov 1996 08:01:23 -0800 (PST)
Subject: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328DE511.28E5@tivoli.com>


Dale Thorn wrote:
> 
> Mike McNally wrote:
> 
> > (So what if John decided simply to pull the plug on toad in order to
> > plug in a new hot tub?)
> 
> Well, what if he did?  Are you sure that would make aga look like a 
> fool,

No, and it's not clear to me why you think my question had anything to
do with my wanting "aga" to look like a fool.  That was not my intent.
I simply question the claim by "aga" that somehow Mr. Gilmore is 
obligated to provide his services and capital to support the "public
property" that the cypherpunks list has allegedly become, as opposed
to treating it like the ephemeral by-product of software running on a
computer he owns.


> or would it make you look like a fool, since it would tend to confirm
> what people like aga have been saying?

I presume that you and aga already think I'm a fool, or worse, but
I don't trouble myself with understanding the fancies of inscrutable 
intellects.

______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!





From security at kinch.ark.com  Sat Nov 16 08:04:54 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Sat, 16 Nov 1996 08:04:54 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116053753.3091K-100000@dhp.com>
Message-ID: <Pine.LNX.3.95.961116074506.1181B-100000@kinch.ark.com>


On Sat, 16 Nov 1996, aga wrote:

> On Fri, 15 Nov 1996, Dave Kinchlea wrote:
> 
> > 
> > So, you send all of your snail mail on post cards do you? No
> > sealed envelopes at all? Afterall you have nothing to hide, right?
> > 
> 
> Irrelevant analogy; snail.mail and e-mail.  The former is in physical
> form, and the latter usually never is.

No kidding, thanks for that information. Perhaps you can explain how it
is relevant?

> 
> > Of course not, privacy isn't about being a criminal, its about being
> > private. It is not akin to anonymity, *perhaps* those who work
> > anonymously have `something to hide' (still doesn't necessarily make
> > them a criminal, however), 
> 
> Anonymity on the InterNet is a Constitutional right, and is the
> sole supporter of freedom of speech.

Another irrelevant and completely inaccurate point. I utilize free
speech everyday yet I manage to do it without anonymity. 

> 
> > I'll let someone else field that as I feel
> > that anonymity is rarely a good thing. 
> > 
> 
> I disagree, anonymity is a good thing that will never
> be questioned by anybody, but your PGP will, and it
> is really not safe anyway.

ha ha ha, not by anybody huh. What world do you live in? I know plenty
of people who feel that if you must say something anonymously `you must
be hiding something, probably a criminal!'. I don't subscribe to this, I
feel that most people who post anonymously are just chicken-shits, but
that too is besides the point. It *is* questioned by many people.

 And as to PGP not being safe, perhaps you could expand a bit on this,
it hasn't hurt me or anyone I know, seems pretty safe to me. To address
what I assume your point was, it acts as a prefectly good sealed
envelope (and I believe quite a bit more), in the context of my original
reply, this is quite `safe'.

> 
> > Privacy, on the other hand, simply means that not everything I do is any
> > of your business and I would just as soon you not be tempted to even
> > bother trying to find out. 
> > 
> 
> If you do not send it to me by e-mail, I will never see it.

Nor will you see my post-card that I send to my mom, how does that
change the nature of a post-card OR email?

> Why are you so paranoid that someone is reading your e-mail?

Paranoid? No, but why make it easy for anyone to do so? 

> I never do anything criminal, so I could give a shit less if
> everybody reads all of my fucking mail.

so how is it different, besides being electronic, from snail mail? I
repeat, why don't you use post-cards exclusively for mail? Oh yes, that
is `print', a totally different thing, geesh.

> 
> > Of course, if all of your personal mail (including financial statements
> > etc) is sent on post cards, then (while I think you would be crazy) I
> > will at least admit you are consistent. Else, I think you need to look
> > hard at the logic you are using.
> > 
> 
> Again, inconsistant analogy.  This is nothing but photons in it's
> ultimate form, and it will never see paper.  Anything that _you_
> print is not attributable to me, and any e-mail printed by you
> would never be acceptable as a court exhibit.

You appear to be confused, I look at what I wrote and I see nothing at
all that mentions courts. I am talking about personal privacy and the
analogy is not at all inconsistent. (and paper mail is nothing but atoms
in it's ultimate form, so what?)
> 
> stop getting cyberspace mixed up with print.

Why do you think there is something magical about `cyberspace'? Privacy
is privacy, period. Communication is communication, period. There is no
reason to differentiate private communication via print and private
communication via cyberspace. Both are desirable for exactly the same
reasons. 

 > 
> why do you put that cypherpunks address in the header?
> just where did this e-mail originate from?

Thats how it landed on my plate, thats where I send it back, seems
reasonable to me.
 
cheers, kinch







From hal at rain.org  Sat Nov 16 08:07:22 1996
From: hal at rain.org (Hal Finney)
Date: Sat, 16 Nov 1996 08:07:22 -0800 (PST)
Subject: Remailer Pricing
Message-ID: <199611160510.VAA00606@crypt.hfinney.com>


From: ph at netcom.com (Peter Hendrickson)
> Right now the remailer network is a mess.  There just aren't that many
> remailers operating in a timely and reliable manner.  I am not knocking
> the remailer operators for this, it's just clear that "free" doesn't
> make it worth their while to keep the remailers operating perfectly
> at all times.

I agree with this very much.  For a long time we have had two contradictory
notions floating around: nobody will pay for remailing services because
free ones are available, and the remailer network can't be reliable because
the operators don't have the resources to make them work better.  Clearly
if people understand that the choice is between free remailers that don't
work well and for-pay ones which do, things look a little different.

Peter's idea of having the remailers keep accounts for people receiving
anonymous mail, possibly even sending them a monthly check, would
completely change the spam equation.

> Furthermore, many remailers don't use 2048-bit keys.  Why not?  Because
> they don't want to spend money on the cycles.  That's okay with me -
> it's charity.  But, if I pay a dollar for a remailer, I can expect
> to be able to use a very strong key.

Actually when I ran a remailer I had a small key because it was on a system
which I did not control.  The small key was meant as a signal to potential
users that my system wasn't all that secure.

The big problem that I always saw with the for-pay remailing model was
the fear of greater liability when abusive mail goes through the remailer.
I felt that operating a service for free would make it easier for me
to argue that I was offering a public service, while running it for pay
would mean that I would be profiting from the abuse.  I don't know if
this is really a valid argument, though.

Hal





From froomkin at law.miami.edu  Sat Nov 16 08:34:35 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Sat, 16 Nov 1996 08:34:35 -0800 (PST)
Subject: National Emergency
In-Reply-To: <01IBWMRFDH409BVDF2@MAIL-CLUSTER.PCY.MCI.NET>
Message-ID: <Pine.SUN.3.95.961116113147.2809C-100000@viper.law.miami.edu>


For more on the "national emergency" see the postscript to my revised "son
of clipper" essay:

http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm#POSTSCRIPT

you can of course begin at the beginning with this URL:
 
http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm

Please note that all this was written BEFORE the new announcements on Nov.
15.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 







From scs at lokkur.dexter.mi.us  Sat Nov 16 08:36:28 1996
From: scs at lokkur.dexter.mi.us (Steve Simmons)
Date: Sat, 16 Nov 1996 08:36:28 -0800 (PST)
Subject: Fat Cocksucker John Gilmore-ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961116042518.3091C-100000@dhp.com>
Message-ID: <56kqff$ffv@lokkur.dexter.mi.us>


aga <aga at dhp.com> writes:

> Subject: ``Fat Cocksucker John Gilmore-ASSHOLE!''
 . . . [[ drivel removed ]] . . .
>Steve Boursy says all of this should go to UseNet, so it goes.
 . . . [[ drivel removed ]] . . .

Since the previous Subject: in this chain was different, I presume that
aga installed the one quoted above.

Normally I just killfile these sorts of things without reading, but that
subject line caught my interest.  Clearly the author is using all three
as insult.

Let's thing about this for a second.  The author makes value judgements
based on body weight and sexual orientation.  What does this tell us about
the authors reasoning ability?

Congratulations, aja, you've developed a firm reputation based on your
public actions.

plonk
-- 
  ``I tell you, we are here on earth to fart around, and don't let anybody
tell you any different.''
	Kurt Vonnegut, quoted in Harpers (11-95)





From sandfort at crl.com  Sat Nov 16 08:39:15 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 16 Nov 1996 08:39:15 -0800 (PST)
Subject: Does John Gilmore...
In-Reply-To: <Pine.LNX.3.95.961116064606.3091R-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961116081612.19901D-100000@crl4.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 16 Nov 1996, aga wrote:

> The cyberpunks mailing list is PUBLIC property and should NOT
> be controlled by John Gilmore!  This just goes to show the real
> facist censorship motives that the EFF has behind it.

I have a suggestion for "Aga" and others who believe this sort of
nonsense.  Please do us all a favor and try to sue John.  I'm sure 
that among all jack-leg and wannabe lawyers on this list that they
can come up with a viable cause of action.  And John has deep 
pockets; you could (literally) make out like bandits AND rescue 
"freedom of speech" on privately maintained mailing lists.  You 
could be heroes (or look ten times as foolish as you already do).


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From snow at smoke.suba.com  Sat Nov 16 08:45:35 1996
From: snow at smoke.suba.com (snow)
Date: Sat, 16 Nov 1996 08:45:35 -0800 (PST)
Subject: The TRILATERAL COMMISSION -was: [REBUTTAL] Censorship on...
In-Reply-To: <199611150202.AAA01935@prometheus.hol.gr>
Message-ID: <199611161701.LAA01032@smoke.suba.com>


> As regards the "gullibility", it's plainly dangerous; And cultivated
> by the Media, apparently stronger in the U.S. than in many other places.
> (written by E. Francis, on the "Trilateral Commission", and distributed
>  to all members of his own -private- mailing list, of which I'm a part).
> >THE LAND OF SHADOWS
> >
> >     Early this month is the last presidential=20
> >"election" before the year 2000. As of this writing and=20
> >long before, the election was decided in favor of Bill=20
> >Clinton. It works out astrologically, but the real=20
              ^^^^^^^^^^^^^^^^^^^^^^^^^         
    I think this just about says it all.

    Go talk to Don Wood. 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From sandfort at crl.com  Sat Nov 16 08:54:24 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 16 Nov 1996 08:54:24 -0800 (PST)
Subject: AGA'S LIMITED VOCABULARY
In-Reply-To: <199611161028.EAA12575@mailhost.onramp.net>
Message-ID: <Pine.SUN.3.91.961116083904.19901E-100000@crl4.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sat, 16 Nov 1996, legal expert aga wrote:

> ...cypherpunks is an "all or nothing" proposition...After a
> certain level, EVERYTHING reaches the "public doamin," and that
> is the *common-law of cyberspace.*

As I'm sure aga knows, "common law" is that form of jurisprudence 
in which cases of first which are appealed to a higher court set
legal precedents which are subsequently binding on lower courts.

I must admit, it appears "Aga" has the advantage of me, as I did
not study the *common-law of cyberspace* back when I was in law
school.  (Unfortunately, my education pre-dates the existance of
cyberspace.)

As a favor to me and other's on the list who would like to know
as much as "Aga" does about the *common-law of cyberspace* I ask
"Aga" to please share his knowledge with us.  For starters, a 
list of the most relevant appelate cases embodied in the *common-
law of cyberspace* would be appreciated.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From LISTSERV at MAIL.COMPCURR.COM  Sat Nov 16 08:57:12 1996
From: LISTSERV at MAIL.COMPCURR.COM (L-Soft list server at CCI (1.8b))
Date: Sat, 16 Nov 1996 08:57:12 -0800 (PST)
Subject: Output of your job "cypherpunks"
Message-ID: <199611161756.JAA00016@mail.compcurr.com>


> ok
Confirming:
> SIGNOFF NEWSLETTER
You have been removed from the NEWSLETTER list.

Summary of resource utilization
-------------------------------
 CPU time:        0.200 sec                Device I/O:        0
 Overhead CPU:    0.000 sec                Paging I/O:        0
 CPU model:         Pentium 90/100 (30M)





From minow at apple.com  Sat Nov 16 09:11:58 1996
From: minow at apple.com (Martin Minow)
Date: Sat, 16 Nov 1996 09:11:58 -0800 (PST)
Subject: Clipper 3.11 executive order
In-Reply-To: <Pine.SUN.3.95.961115171049.27778D-100000@viper.law.miami.edu>
Message-ID: <v03007802aeb3a1bae4a1@[17.219.103.51]>


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----

In a message to Cypherpunks, Professor Froomkin referenced a presidential
press release concerning Clipper.
  http://library.whitehouse.gov/PressReleases.cgi?date=0&briefing=4

Note that this URL will give you today's briefing. To find the
original, you'll have to scan back through the website to find
November 15th, or you can read the rest of this long message.

Martin Minow
minow at apple.com

                           THE WHITE HOUSE

                    Office of the Press Secretary

  _______________________________________________________________

  For Immediate Release                         November 15, 1996



                        TEXT OF A LETTER FROM
                   THE PRESIDENT TO THE SPEAKER OF
                   THE HOUSE OF REPRESENTATIVES AND
                     THE PRESIDENT OF THE SENATE


                          November 15, 1996



  Dear Mr. Speaker:     (Dear Mr. President:)

  In order to take additional steps with respect to the
  national emergency described and declared in Executive
  Order 12924 of August 19, 1994, and continued on August 15,
  1995, and August 14, 1996, necessitated by the expiration of
  the Export Administration Act (EAA) on August 20, 1994, I hereby
  report to the Congress that pursuant to section 204(b) of the
  International Emergency Economic Powers Act, 50 U.S.C. 1703(b)
  (the "Act"), I have today exercised the authority granted by the
  Act to issue an Executive order (a copy of which is attached) to
  revise the provisions that apply to the administration of the
  export control system maintained by Department of Commerce in
  the Export Administration Regulations, 15 CFR Part 730 et seq.

  The new Executive order relates to my decision to transfer
  certain encryption products from the United States Munitions
  List administered by the Department of State to the Commerce
  Control List administered by the Department of Commerce.
  When I made that decision I also decided to amend Executive
  Order 12981 of December 5, 1995, which sets forth procedures
  for the interagency review and disposition of dual-use export
  license applications, to include the Department of Justice
  among the agencies that have the opportunity to review such
  applications with respect to encryption products transferred
  to Department of Commerce control.

  Also, in issuing the new order, I provided for appropriate
  controls on the export and foreign dissemination of encryption
  products transferred to the Department of Commerce.  Among
  other provisions, I determined that the export of encryption
  products transferred to Department of Commerce control could
  harm national security and foreign policy interests of the
  United States even where comparable products are or appear to
  be available from foreign sources.  Accordingly, the new order
  makes clear that any EAA provision dealing with issuance of
  licenses or removal of controls based on foreign availability
  considerations shall not apply with respect to export controls
  on such encryption products.  Notwithstanding this, the
  Secretary of Commerce retains the discretion to consider the
  foreign availability of comparable encryption products in any
  particular case.

                                Sincerely,


                                WILLIAM J. CLINTON


                               #  #  #

                           THE WHITE HOUSE

                    Office of the Press Secretary

  _______________________________________________________________

  For Immediate Release                         November 15, 1996



                          November 15, 1996



  MEMORANDUM FOR THE VICE PRESIDENT
                 THE SECRETARY OF STATE
                 THE SECRETARY OF THE TREASURY
                 THE SECRETARY OF DEFENSE
                 THE ATTORNEY GENERAL
                 THE SECRETARY OF COMMERCE
                 UNITED STATES TRADE REPRESENTATIVE
                 DIRECTOR OF THE OFFICE OF MANAGEMENT AND BUDGET
                 CHIEF OF STAFF TO THE PRESIDENT
                 DIRECTOR OF CENTRAL INTELLIGENCE
                 DIRECTOR, FEDERAL BUREAU OF INVESTIGATION
                 DIRECTOR, NATIONAL SECURITY AGENCY
                 ASSISTANT TO THE PRESIDENT FOR NATIONAL
                    SECURITY AFFAIRS
                 ASSISTANT TO THE PRESIDENT FOR ECONOMIC POLICY
                 ASSISTANT TO THE PRESIDENT FOR SCIENCE AND
                    TECHNOLOGY POLICY

  SUBJECT:       Encryption Export Policy


  Encryption products, when used outside the United States, can
  jeopardize our foreign policy and national security interests.
  Moreover, such products, when used by international criminal
  organizations, can threaten the safety of U.S. citizens here
  and abroad, as well as the safety of the citizens of other
  countries.  The exportation of encryption products accordingly
  must be controlled to further U.S. foreign policy objectives,
  and promote our national security, including the protection of
  the safety of U.S. citizens abroad.  Nonetheless, because of
  the increasingly widespread use of encryption products for the
  legitimate protection of the privacy of data and communications
  in nonmilitary contexts; because of the importance to U.S.
  economic interests of the market for encryption products;
  and because, pursuant to the terms set forth in the Executive
  order entitled Administration of Export Controls on Encryption
  Products (the "new Executive order") of November 15, 1996,
  Commerce Department controls of the export of such dual-use
  encryption products can be accomplished without compromising
  U.S. foreign policy objectives and national security interests,
  I have determined at this time not to continue to designate such
  encryption products as defense articles on the United States
  Munitions List.

  Accordingly, under the powers vested in me by the Constitution
  and the laws of the United States, I direct that:

  1.  Encryption products that presently are or would be
  designated in Category XIII of the United States Munitions
  List and regulated by the Department of State pursuant to
  the Arms Export Control Act (22 U.S.C. 2778 et seq.) shall
  be transferred to the Commerce Control List, and regulated
  by the Department of Commerce under the authority conferred

                                 more

                                                    (OVER)

                                  2

  in Executive Order 12924 of August 19, 1994 (as continued on
  August 15, 1995, and August 14, 1996), Executive Order 12981
  of December 5, 1995, and the new Executive order except
  that encryption products specifically designed, developed,
  configured, adapted, or modified for military applications
  (including command, control, and intelligence applications),
  shall continue to be designated as defense articles, shall
  remain on the United States Munitions List, and shall continue
  to be controlled under the Arms Export Control Act.  The
  transfer described in this paragraph shall be effective upon
  the issuance of final regulations (the "Final Regulations")
  implementing the safeguards specified in this directive and
  in the new Executive order.

  2.  The Final Regulations shall specify that the encryption
  products specified in section 1 of this memorandum shall be
  placed on the Commerce Control List administered by the
  Department of Commerce.  The Department of Commerce shall,
  to the extent permitted by law, administer the export of such
  encryption products, including encryption software, pursuant
  to the requirements of sections 5 and 6 of the former Export
  Administration Act (50 U.S.C. App. 2405 and 2406), and the
  regulations thereunder, as continued in effect by Executive
  Order 12924 of August 19, 1994 (continued on August 15, 1995,
  and on August 14, 1996), except as otherwise indicated in or
  modified by the new Executive order, Executive Order 12981 of
  December 5, 1995, and any Executive orders and laws cited
  therein.

  3.  The Final Regulations shall provide that encryption
  products described in section 1 of this memorandum can be
  licensed for export only if the requirements of the controls
  of both sections 5 and 6 of the former Export Administration
  Act (50 U.S.C. App. 2405 and 2406), and the regulations
  thereunder, as modified by the new Executive order, Executive
  Order 12981 of December 5, 1995, and any Executive orders
  and laws cited therein, are satisfied.  Consistent with
  section 742.1(f) of the current Export Administration
  Regulations, the Final Regulations shall ensure that a license
  for such a product will be issued only if an application can
  be and is approved under both section 5 and section 6.  The
  controls on such products will apply to all destinations.
  Except for those products transferred to the Commerce Control
  List prior to the effective date of the Final Regulations,
  exports and reexports of encryption products shall initially be
  subject to case-by-case review to ensure that export thereof
  would be consistent with U.S. foreign policy objectives and
  national security interests, including the safety of U.S.
  citizens.  Consideration shall be given to more liberalized
  licensing treatment of each such individual product after
  interagency review is completed.  The Final Regulations shall
  also effectuate all other specific objectives and directives set
  forth in this directive.

  4.  Because encryption source code can easily and mechanically
  be transformed into object code, and because export of such
  source code is controlled because of the code's functional
  capacity, rather than because of any "information" such code
  might convey, the Final Regulations shall specify that
  encryption source code shall be treated as an encryption
  product, and not as technical data or technology, for export
  licensing purposes.

  5.  All provisions in the Final Regulations regarding
  "de minimis" domestic content of items shall not apply with
  respect to the encryption products described in paragraph 1
  of this memorandum.

                                 more

                                  3

  6.  The Final Regulations shall, in a manner consistent with
  section 16(5)(C) of the EAA, 50 U.S.C. App. 2415(5)(C), provide
  that it will constitute an export of encryption source code
  or object code software for a person to make such software
  available for transfer outside the United States, over radio,
  electromagnetic, photooptical, or photoelectric communications
  facilities accessible to persons outside the United States,
  including transfer from electronic bulletin boards and Internet
  file transfer protocol sites, unless the party making the
  software available takes precautions adequate to prevent the
  unauthorized transfer of such code outside the United States.

  7.  Until the Final Regulations are issued, the Department of
  State shall continue to have authority to administer the export
  of encryption products described in section 1 of this memorandum
  as defense articles designated in Category XIII of the United
  States Munitions List, pursuant to the Arms Export Control Act.

  8.  Upon enactment of any legislation reauthorizing the
  administration of export controls, the Secretary of Defense,
  the Secretary of State, and the Attorney General shall reexamine
  whether adequate controls on encryption products can be
  maintained under the provisions of the new statute and advise
  the Secretary of Commerce of their conclusions as well as any
  recommendations for action.  If adequate controls on encryption
  products cannot be maintained under a new statute, then such
  products shall, where consistent with law, be designated or
  redesignated as defense articles under 22 U.S.C. 2778(a)(1),
  to be placed on the United States Munitions List and controlled
  pursuant to the terms of the Arms Export Control Act and the
  International Traffic in Arms Regulations.  Any disputes
  regarding the decision to designate or redesignate shall be
  resolved by the President.



                                     WILLIAM J. CLINTON



                                # # #

                           THE WHITE HOUSE

                    Office of the Press Secretary

  _______________________________________________________________

  For Immediate Release                         November 15, 1996


                           EXECUTIVE ORDER

                            - - - - - - -

       ADMINISTRATION OF EXPORT CONTROLS ON ENCRYPTION PRODUCTS


       By the authority vested in me as President by the
  Constitution and the laws of the United States of America,
  including but not limited to the International Emergency
  Economic Powers Act (50 U.S.C. 1701 et seq.), and in order to
  take additional steps with respect to the national emergency
  described and declared in Executive Order 12924 of August 19,
  1994, and continued on August 15, 1995, and on August 14, 1996,
  I, WILLIAM J. CLINTON, President of the United States of
  America, have decided that the provisions set forth below shall
  apply to administration of the export control system maintained
  by the Export Administration Regulations, 15 CFR Part 730
  et seq. ("the EAR").  Accordingly, it is hereby ordered as
  follows:

       Section 1.  Treatment of Encryption Products.  In order
  to provide for appropriate controls on the export and foreign
  dissemination of encryption products, export controls of
  encryption products that are or would be, on this date,
  designated as defense articles in Category XIII of the
  United States Munitions List and regulated by the United States
  Department of State pursuant to the Arms Export Control Act,
  22 U.S.C. 2778 et seq. ("the AECA"), but that subsequently are
  placed on the Commerce Control List in the EAR, shall be subject
  to the following conditions:  (a)  I have determined that the
  export of encryption products described in this section could
  harm national security and foreign policy interests even where
  comparable products are or appear to be available from sources
  outside the United States, and that facts and questions
  concerning the foreign availability of such encryption products
  cannot be made subject to public disclosure or judicial review
  without revealing or implicating classified information that
  could harm United States national security and foreign policy
  interests.  Accordingly, sections 4(c) and 6(h)(2)-(4) of
  the Export Administration Act of 1979 ("the EAA"), 50 U.S.C.
  App. 2403(c) and 2405(h)(2)-(4), as amended and as continued
  in effect by Executive Order 12924 of August 19, 1994, and
  by notices of August 15, 1995, and August 14, 1996, all
  other analogous provisions of the EAA relating to foreign
  availability, and the regulations in the EAR relating to such
  EAA provisions, shall not be applicable with respect to export
  controls on such encryption products.  Notwithstanding this,
  the Secretary of Commerce ("Secretary") may, in his discretion,
  consider the foreign availability of comparable encryption
  products in determining whether to issue a license in a
  particular case or to remove controls on particular products,
  but is not required to issue licenses in particular cases or
  to remove controls on particular products based on such
  consideration;

       (b)  Executive Order 12981, as amended by Executive
  Order 13020 of October 12, 1996, is further amended as follows:

       (1)  A new section 6 is added to read as follows:
  "Sec. 6.  Encryption Products.  In conducting the license
  review described in section 1 above, with respect to export
  controls of encryption products that are or would be, on
  November 15, 1996, designated as defense articles in Category


                                 more

                                                    (OVER)

                                  2

  XIII of the United States Munitions List and regulated by the
  United States Department of State pursuant to the Arms Export
  Control Act, 22 U.S.C. 2778 et seq., but that subsequently are
  placed on the Commerce Control List in the Export Administration
  Regulations, the Departments of State, Defense, Energy, and
  Justice and the Arms Control and Disarmament Agency shall have
  the opportunity to review any export license application
  submitted to the Department of Commerce.  The Department of
  Justice shall, with respect to such encryption products, be a
  voting member of the Export Administration Review Board
  described in section 5(a)(1) of this order and of the Advisory
  Committee on Export Policy described in section 5(a)(2) of this
  order.  The Department of Justice shall be a full member of the
  Operating Committee of the ACEP described in section 5(a)(3) of
  this order, and of any other committees and consultation groups
  reviewing export controls with respect to such encryption
  products."

       (2)  Sections 6 and 7 of Executive Order 12981 of
  December 5, 1995, are renumbered as new sections 7 and 8,
  respectively.

       (c)  Because the export of encryption software, like the
  export of other encryption products described in this section,
  must be controlled because of such software's functional
  capacity, rather than because of any possible informational
  value of such software, such software shall not be considered
  or treated as "technology," as that term is defined in
  section 16 of the EAA (50 U.S.C. App. 2415) and in the EAR
  (61 Fed. Reg. 12714, March 25, 1996);

       (d)  With respect to encryption products described in this
  section, the Secretary shall take such actions, including the
  promulgation of rules, regulations, and amendments thereto, as
  may be necessary to control the export of assistance (including
  training) to foreign persons in the same manner and to the same
  extent as the export of such assistance is controlled under the
  AECA, as amended by section 151 of Public Law 104-164;

       (e)  Appropriate controls on the export and foreign
  dissemination of encryption products described in this section
  may include, but are not limited to, measures that promote the
  use of strong encryption products and the development of a key
  recovery management infrastructure; and

       (f)  Regulation of encryption products described in this
  section shall be subject to such further conditions as the
  President may direct.

       Sec. 2.  Effective Date.  The provisions described in
  section 1 shall take effect as soon as any encryption products
  described in section 1 are placed on the Commerce Control List
  in the EAR.

       Sec. 3.  Judicial Review.  This order is intended only to
  improve the internal management of the executive branch and to
  ensure the implementation of appropriate controls on the export
  and foreign dissemination of encryption products.  It is not
  intended to, and does not, create any rights to administrative
  or judicial review, or any other right or benefit or trust
  responsibility, substantive or procedural, enforceable
  by a party against the United States, its agencies or
  instrumentalities, its officers or employees, or any other
  person.



                                WILLIAM J. CLINTON

  THE WHITE HOUSE,
      November 15, 1996.


-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b4 e22

iQCVAwUBMo3yMW23+ciinrc5AQGThQQAwBOZ9AV6IB+0lp2VHs6h+AAkb/XOiTsj
PpzXuD7TwWItvNErM1nV1f7KP5X7uzhLdAwZZVdBeOrKzzqm2WtvMCFBBjrStpDp
M71ckQTU+CPsACj55VVN5Vo4puMheiiWVodYQbr0RvV8L/u/3+89K6HL21zK4lmk
znvyInZUJKo=
=IFje
-----END PGP SIGNATURE-----







From markm at voicenet.com  Sat Nov 16 09:18:04 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 16 Nov 1996 09:18:04 -0800 (PST)
Subject: PGP3.0 & ElGamal
In-Reply-To: <1.5.4.32.19961116132534.00685bf4@ix.netcom.com>
Message-ID: <Pine.LNX.3.95.961116121708.769B-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 16 Nov 1996, Clay Olbon II wrote:

> At 08:06 PM 11/14/96 -0800, you wrote:
> >> 
> >> I'm still mildly curious as to why support for >128 bit keys is not
> >> available in any form I know of.
> >
> >	What do you mean? 3DES ships with Stronghold, and will ship
> >with C2Net's other products as well.
> 
> Yes, but I believe 3DES has an effective key length of only 112 bits.  Of
> course, even this is more than sufficient for a long time to come. 

3DES can have an effective key length of 168 bits if 3 keys are used instead
of two.  There are no security problems that I know of from using 3 keys.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMo332izIPc7jvyFpAQE8ZggAmtBzP2/B72Q++Ce4Yw2Iz/eBJsPf3kNq
nM6BrUZArHSRgNXp4/g/DLmBrfw1cRO5X1P1sEfNd0OPo/VnjKjNEhqBea/lZlW4
0GwOnXbotHDlthz/t1POiHV2yMy7EvDelVZynuEIoqpE2/6koxJ/DJjD27t++6ka
atGAXbCKgsS68JQOCzZT2r1webXIlqbouKKpSiTFDTTS2jnSiFBa3CE89U7Udbbw
Fvg+sUGicxN2f9PzuE+x1PGJLaHHbqMcz1ObyJWyIljNERpgGrV6LEwIccq/k8hn
2ikFb8EvnIQXtUCtghDztr8nOLWhGUMrO2pFvV4Cr5BeSO1DWXs1qA==
=fVkb
-----END PGP SIGNATURE-----






From dlv at bwalk.dm.com  Sat Nov 16 09:20:37 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:20:37 -0800 (PST)
Subject: Gilmore Sucks! and so does the EFF !!/Censorship on cypherpunks?
In-Reply-To: <328A8917.495C@earthlink.net>
Message-ID: <8wwHXD26w165w@bwalk.dm.com>


Stephen Boursy <boursy at earthlink.net> writes:
> aga wrote:
> >
> > On Wed, 13 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> > >
> > > Cypher-Censored
> > > By Declan McCullagh (declan at well.com)
> >
> > The EFF is just a sham, and Gilmore is just another censor.
> > Gilmore can now be known as the "plug-pulling punk."

Very apt.

>    The EFF is owned and operated, heart, body and soul, by the
> corporate interests of the net.  They don't give a damn about
> individual user rights at all--they are to my mind the opposition.

That would be fine if they didn't pretend to be what they're not.
They're welcome to support or oppose free speech for anyone they
please, but they lie and pretend to support free speech not only
for their corporate clients. Clearly, John Gilmore has no credibility.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 09:20:38 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:20:38 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <v03007802aeb2f3046b97@[207.167.93.63]>
Message-ID: <5FwHXD22w165w@bwalk.dm.com>


"Timothy C. May" <tcmay at got.net> writes:
> >is a criminal?  Charlie McCarthy might have said that.
>
> And Lewis has not been seen on our list in many a month.

Lewis has been "playing Gilmore" on the coderpunks mailing list, warning
people about off-topic traffic. It's curious that I've been kicked off the
coderpunks list as well.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 09:20:46 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:20:46 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328D2BB7.71DC@gte.net>
Message-ID: <m9VHXD21w165w@bwalk.dm.com>


Dale Thorn <dthorn at gte.net> writes:
>
> > It still isn't censorship. Censorship, at least in my dictionary,
> > refers to censor, which uses the word "Official" several times. Mr.
> > Gilmore is not an "Official" in a government sense, he maybe in the EFF
> > sense, but this is not an "Official" EFF organ, so that doesn't count.
>
> We *are* talking about the cypherpunks list, yes?  Then, in terms of the
> list, John Gilmore *is* the official, hence a censor, plying his skills.

I suspect that some of the people saying this have a serious drug/alcohol
problem and are very adept at denying tthat they have one. Denial is a
transferrable skill.

> Why all the denial and repeated (redundant) blathering about John's
> *right* to something he allegedly owns?  Simple.  The folks who put this
> stuff out want desperately to believe that this list they spend so much
> time on is "really OK", and not a censored medium.  Denial is the key.

Kind of reminds you of "1984", doesn't it? War is peace. Love is hate. Timmy
May (fart) is a crypto expert. John Gilmore is neither official nor a censor.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 09:20:48 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:20:48 -0800 (PST)
Subject: Fat Cocksucker John Gilmore-ASSHOLE!
In-Reply-To: <199611161028.EAA12575@mailhost.onramp.net>
Message-ID: <o8uHXD17w165w@bwalk.dm.com>


aga <aga at dhp.com> writes:
> > (So what if John decided simply to pull the plug on toad in order to
> > plug in a new hot tub?)
>
> So what the fuck?  That matters not.  The point is that the
> cypherpunks is an "all or nothing" proposition.  There is no
> "in between" allowed any more.  After a certain level, EVERYTHING
> reaches the "public doamin," and that is the *common-law of
> cyberspace.*

He might as well - he's got zero credibility. Let him soak in the hot
tub with all the Cygnus Support employees, whose biggest qualification
for getting a job with John Gilmore is to have a big dick.

> Like, why is the fatso John Gilmore out here talking about this?
> Steve Boursy says all of this should go to UseNet, so it goes.

Yes - remember how John Gilmore opposed creating an unmoderated cypherpunks
newsgroup, so he could stay in "control"?

> We want John Gilmore to respond to this censorous matter on the net.

He tried to keep his censorship secret, but he's been forced to talk about it.
In fact, he called his shameful actions "an act of leadership". He sounds
like Hitler.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 09:22:44 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:22:44 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116053753.3091K-100000@dhp.com>
Message-ID: <6DVHXD18w165w@bwalk.dm.com>


aga <aga at dhp.com> writes:
>
> > Of course not, privacy isn't about being a criminal, its about being
> > private. It is not akin to anonymity, *perhaps* those who work
> > anonymously have `something to hide' (still doesn't necessarily make
> > them a criminal, however),
>
> Anonymity on the InterNet is a Constitutional right, and is the
> sole supporter of freedom of speech.

Significantly, Bruce Bough and other EFF/John Gilmore supporters are against
total anonymity just like they're against free speech. They wants to be able
to track down and silence anyone who uses the anonymous remailers to say
something "homophobic" or otherwise politically incorrect - a kind of
"identify escrow".

> > Privacy, on the other hand, simply means that not everything I do is any
> > of your business and I would just as soon you not be tempted to even
> > bother trying to find out.
> >
>
> If you do not send it to me by e-mail, I will never see it.
> Why are you so paranoid that someone is reading your e-mail?
> I never do anything criminal, so I could give a shit less if
> everybody reads all of my fucking mail.

I again remind you the lying shyster Jim Ray who tries to "guest" who
might be behind various anonymous postings and complains to the suspects'
postmasters just in case. What a lying piece of shit. Does anyone know the
snail address for Judge Kozinski? Jim Ray's been boasting so much about his
correspondense with the good judge, that we must warn him about Jim's lies
and hypocricy (notably, his *true* position on anonymity).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 09:22:51 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:22:51 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116051946.3091I-100000@dhp.com>
Message-ID: <aTuHXD15w165w@bwalk.dm.com>


aga <aga at dhp.com> writes:
[quoting some jerk]
> > >     It still isn't censorship. Censorship, at least in my dictionary,
> > >refers to censor, which uses the word "Official" several times. Mr.
> > >Gilmore is not an "Official" in a government sense, he maybe in the EFF
> > >sense, but this is not an "Official" EFF organ, so that doesn't count.

This is bullshit on several counts. First, censorship does not have to be
government-sponsored. Second, John Gilmore's dishonorable actions were
carried out in his official capacity as the list owner. That's how they're
different, e.g., from the dishonorable actions by the lying shyster Jim Ray.

> > Even more important is the fact that Mr. Gilmore did not prevent Mr. Vulis
> > from speaking.  No restraint on speech implies no censorship.  Therefor Mr.
> > Vulis was not censored.  Q.E.D.

This is bullshit. John Gilmore "panalized" me because he didn't like what
I was saying. First he tried to be sneaky about it, then he openly boasted
of his actions.

> > You all are perfectly free to like or not like what Mr. Gilmore did.
> > However, don't call it censorship because it wasn't.
> >
>
> Yes it WAS!!  He censored the mode and manner of the speaker.
> He censored the personal attacks and the rants and the racial
> diatribes!  And that SUCKS!  Gilmore was a fucking asshole for
> doing it!  And Gilmore is the WORST kind of censor that there
> can be, one who censors a person's "style."

I agree. Moreover John Gilmore pulls plugs in an arbitrary and capricious
manner. He did not pull Timmy May's plug for personal attacks, non-crypto-
related rants, racial diatribes about "crazy Russians", religous attacks
on Mormons, and general ignorance and stupidity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 09:22:59 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:22:59 -0800 (PST)
Subject: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961116082852.11393D-100000@dhp.com>
Message-ID: <iXVHXD20w165w@bwalk.dm.com>


aga <aga at dhp.com> writes:
> >
> > If you send mail to "cypherpunks at toad.com", either directly, OR
> > in a "Cc:" which is a 'carbon copy', it will goto the the cypherpunks
> > mailing list WETHER YOU ARE SUBSCRIBED OR NOT. It still goes.
> >
>
> Well, that is really a fuck-up by John Gilmore, is it not?
> Just when is the asshole going to learn how to run a mailing list?

Never, but he might get some Cygnus support employee to do it for him. :-)

John has the right to configure his private mailing list to reject submissions
from non-subscribers or even sepecific people - but not the balls.

> > In any case trying to reason with you is like trying to talk
> > to a tree stump. It's giving me a headache. So I'm not going
> > to accept any mail from you any more. Anything you send that
> > get's to me via the cypherpunks mailing list, or via direct
> > mail from yourself will be returned unread, to you. I'm not
> > under any obligation to accept any traffic from you, so I won't.
>
> Good, just tell Gilmore what an asshole he is for letting
> mail go to his mailing list that is not intended to go there.
> And stop sending me your stupid e-mail.  Send this shit to
> usenet like Mr. Boursy told you to do.

Again John Gilmore/EFF demonstrate their true agenda: they can filter
out the e-mail they don't like, but they want to prevent others from
reading it as well. Clearly their concern for free speech extends only
to their corporate sponsors, such as net.pronography peddlers.

> > You may have a right to a voice, but I have a right not to listen
> > I'm not going to infringe on your right to rant, but damned if
> > I have to listen to a single packet of it. The saw cuts both ways.
>
> time for the alt.asshole.john-gilmore newsgroup

An excellent idea, Dr. Grubor! Shall we newgroup alt.flame.john-gilmore or
alt.bonehead.john-gilmore or both?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 09:23:04 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:23:04 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <9611161024.AA00954@adsl-122.cais.com>
Message-ID: <PeuHXD14w165w@bwalk.dm.com>


Tim Scanlon <tfs at adsl-122.cais.com> writes:

> Stephen Boursy wrote, along with a horde of others with no lives:
> [lots of worthless crap snipped out]
> >
> > None of that analogy is applicable to the cyberpunks list.
> > When a list gets as big as that, it it no longer to be considered
> > a "mailing-list" but it is a _public_ forum.  The whole problem
> > here is the abuse of power by both the EFF and John Gilmore.
> >
> It's not an abuse of power. It was an effort to curtail inappropriate
> SPAM. Much like this entire topic has become non-crypto SPAM on the
> cypherpunks list.

I wonder how John Gilmore and his pals define "SPAM"? (always capitalized)
Is their definition content-based (e.g., any information criticial of EFF/
Usenet Cabal), or is it self-referential - any information that EFF wants
to suppress through forged cancels and plug-pulling is therefore SPAM and
must be suppressed?

> >   Well then let's put their precious censored mailing list in
> > the public domain.
>
> Hmm, above that you tried to argue that it wasn't a list, but a
> "public forum", logicly then you state that it is allready in
> the "public domain". Then you turn around and say it isn't, and
> should be taken from a private forum into the "public domain".
> Perhaps if you stopped ranting, you might realize your mistake.

There only people ranting here are Timmy May, John Gilmore, and their
supporters. Their position was summarised very well by the lying shyster
Jim Ray: he already killfiled whatever he doesn't like, so he doesn't
see it, but he wants to suppress it so others can't see it either.

> > Time to kill the EFF, and let it rot in hell.  They are disgrace
> > to the entire InterNet community.  I run 6 different mailing lists,
> > and have NEVER puled the plug on anyone, even when they criticize me.
>
> Please, the EFF is NOT a Cypherpunks organization. They may share
> some of the same goals, but they arn't the same. This should be obvious
> to even the most logicly deficient.

EFF has some laudable goals: let the pornography vendors peddle their
wares on the 'net. Unfortunately they're opposed to free speech in general,
as reiterated by John Gilmore quoted by Declan Mcculough. Too bad - but
then EFF never really pretended to promote free speech for anyone other
than its corporate contributors. (It's sort of like the Software Publishers
Association, who doesn't really care of anyone pirates the software sold
by non-members.)

> > The first time is the time when you lose all credibility, and there
> > is never any forgiveness for a plug-puller.
> >
>
> All bullshit aside, this whole thing has NOTHING to do with crypto.
> And it has very VERY little to do with censorship either. And it's
> gotten way, way out of hand. I suggest that it might be better not
> to spam cypherpunks with this stuff, and to give it a rest. Between
> the 2 lists & various people I see represented here, with all due &
> serious respect, you folks have GOT to have better, more important,
> and far more deserving issues to devote your time to. I would hope
> that you would take a few moments and think about those things, and
> consider acting appropriatly in light of those thoughts.

John Gilmore's censorship has gotten way out of hand. Dr. Grubor is not
spamming anyone - you are lying, and your repeated lies will soon earn
you as much "negative crediblity" and John Gilmore's.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 09:24:46 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:24:46 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328AA7B2.22EC@gte.net>
Message-ID: <31wHXD27w165w@bwalk.dm.com>


Dale Thorn <dthorn at gte.net> writes:
>
> >        Vulis portrays himself as a victim, but as I posted to the list
> >    last week, I disagree. Anyone who's spent any time on the
> >    100-plus-messages-a-day list can read for themselves the kind of nasty
> >    daily messages that came from Vulis's keyboard. The list is on
> >    Gilmore's machine and he can do what he wants with it; he can moderate
> >    the postings, he can censor material, he can shut the whole thing down.

Declan is putting his journalistic credibility on the line here...
What's he disagreeing with? John exercised his right to censor me, so I'm
a victim and this list as a whole is a victim. John can shut the whole thing
down and it will again be a victim. John's credibility was also a victim.

> So you disagree.  Well, the last sentence above says it all - this "list"
> that you and 1900+ other people spend so much time on is "just property"
> (like a slave), it's censorable (meaning freedom of speech is *specifically
> excluded*), and it's terminable without notice (meaning that it's really
> just one person's private fantasy, and we'll all bozos on the bus, as it were

Welcome to Cypherpunks! It's remarkable that Declan is hosting the next
DCpunks gathering.

> You and several other "personal friends/insiders" to John Gilmore must be
> laughing your butts off at the erstwhile schmoes like myself, who labor to
> reason with persons like yourself and "gods" like John Gilmore, who, after
> all, are obviously superior to us schmoes, since we sit and beg for our
> portions of email emanating from John "God" Gilmore's Holy Computer.

And heaven forbid you express an opinion that one of John "God" Gilmore's
ass-licking friends doesn't know what the hell he's talking about, and support
it with evidence. Declan spent about an hour picking my brain as to why Timmy
May doesn't know shit about cryptography, is a flamer and a racist and an
asshole. He chose not to print it, because he had nothing to rebut it with.

> Why do you bother telling us that:
>
>   "He can moderate the postings"
>   "He can censor material"
>   "He can shut the whole thing down"
>
> Why?  Is this your way (or "God"'s way) of waving your dicks in our faces?

Yes. John Gilmore suffers from the realization of his own inadequacy.

> Well, I'll tell you what.  You can run your list (or kiss someone's butt
> who does), you can shut the thing down, and you can take a long walk off
> a short pier for all I or most anyone gives a damn, but let's call a spade
> a spade.  You're a suck-up, and Gilmore is a swaggering, overbearing, tin-
> plated dictator with delusions of Godhood.  Satisfied?

You forgot "limp-wristed, EFFeminate, bearded, 50-ish blonde".

Thanks for the comments, Dale.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 09:30:33 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 09:30:33 -0800 (PST)
Subject: EFF Board, again
In-Reply-To: <199611151742.JAA20332@mailmasher.com>
Message-ID: <2oXHXD28w165w@bwalk.dm.com>


nobody at huge.cajones.com (Huge Cajones Remailer) writes:
> Tim O'Reilly's been talking publicly about starting a "Sierra Club"
> which would "protect" the "environment of the Net".  What does he want
> to do?
>
> It might be a way to tell companies what kind of software they can
> publish and at what price.  ORA has been having trouble competing with
> Microsoft.  Naturally, they cast themselves as altruistic good guys.
>
> Whatever O'Reilly is talking about, it sounds like more trouble from
> the general vicinity of the EFF Board.

I think EFF's credibility has been pretty much destroyed by John Gilmore's
censorship and plug-pulling. ORA puts out good books. As a publisher, they
should reconsider being affiliated with a censorour setup like EFF.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From adam at homeport.org  Sat Nov 16 09:36:15 1996
From: adam at homeport.org (Adam Shostack)
Date: Sat, 16 Nov 1996 09:36:15 -0800 (PST)
Subject: "Strong" crypto and export rule changes.
In-Reply-To: <3290d021.3724525@super.zippo.com>
Message-ID: <199611161733.MAA04178@homeport.org>


	What the US government will allow to be exported is not "strong
encryption."  It is encryption only slightly too strong to be broken
by an amateur effort.  For the right investment in custom hardware, it
falls quickly.  (500,000 $US = 3.5 hour avg break).

	Contrast this to strong cryptography, which if you spent the
entire US GDP on cracking hardware, you have a chance of breaking it
before the heat death of the universe.  (Of course, thats a smaller
probability than winning the lottery on a single ticket.)

	They're not letting out anything that they couldn't break
years ago.  They're not really improving the competitiveness of
American business.  They may be allowing change in what will be
deployed in the US, but it won't really change becuase of the
paperwork requirements.

	In other words, the surveilance state is still winning, and
American business is still losing.

Adam


| It sure looks like it, the following quotes from CNN's web page:
| 
| http://www.cnn.com/TECH/9611/15/encryption.reut/index.html

| "The technology will make it possible to export products containing
| so-called "strong encryption," which have not been exportable under
| national security laws dating back to the Cold War. "




-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From geck0 at ilps.com  Sat Nov 16 09:36:51 1996
From: geck0 at ilps.com (L0rD gEcK0)
Date: Sat, 16 Nov 1996 09:36:51 -0800 (PST)
Subject: -=/HaCk, InC.\=-
Message-ID: <9611161737.AA07343@geocities.com>


join #hackinc or #hackteach on efnet and join the group, run by:
L0rD gEcK0
HaRdC0Re
^TWiSTeR^
Painter
Catgrrl
larsk
One Day... The world will be overcome by gEcK0's, and if you havent been
kind to me,
you WILL be sorry!!! ;)

***�خ�g˩K�***






From sshelby at feist.com  Sat Nov 16 09:56:39 1996
From: sshelby at feist.com (Steve Shelby)
Date: Sat, 16 Nov 1996 09:56:39 -0800 (PST)
Subject: MSIE 128 Bit
Message-ID: <199611161756.LAA23570@wichita.fn.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Sat Nov 16 11:56:26 1996

"WorkHorse's interface is pretty ugly and the rendition is buggy, but the
SSL connection does work: I got through mbanx's "Sign in" link
at http://www.mbanx.com/banxing/5welcome.html , whereas MSIE and NS3 were
kicked out due to their 40-bit RC4 limit."




- ----

Microsoft has a 128 bit version of their Explorer available.

You have to jump through a few hoops, but they have it.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMo3yP0F1dOf86f8dAQHs1QQAwYuTk5Lqvb2vBgvOVef1ToFIUtG5JN70
dBmD8JM23N0ZROsF03+wFGUT71pMAuu3BjuJQBOm0r9idPBwdcq6CaVf8QoU5+/Q
tbj6b9PFx9EbpE4bZqoGPf3ePRFg6ImMSdyKDeM5vIMKJO8BwQZugqP2CgblkzlG
yvEgPyiUlek=
=ZlSn
-----END PGP SIGNATURE-----






From richieb at teleport.com  Sat Nov 16 10:01:32 1996
From: richieb at teleport.com (Rich Burroughs)
Date: Sat, 16 Nov 1996 10:01:32 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <3.0.32.19961116100146.0074095c@mail.teleport.com>


At 08:37 AM 11/16/96 -0800, Sandy Sandfort <sandfort at crl.com> wrote:

[snip]
>I have a suggestion for "Aga" and others who believe this sort of
>nonsense.  Please do us all a favor and try to sue John.  I'm sure 
>that among all jack-leg and wannabe lawyers on this list that they
>can come up with a viable cause of action.  And John has deep 
>pockets; you could (literally) make out like bandits AND rescue 
>"freedom of speech" on privately maintained mailing lists. 

Such a case would obviously fail.  John has the right to ban anyone he
wants from a list that he is hosting.

I do question, though, whether or not it was the best way to handle the
situation.  As I have argued, the availability of end-user filtering made
banning Dimitri from the list unnecessary, IMHO.  And the list owner giving
people the boot sure doesn't fit with the picture I have had of what
cypherpunks was about.  YMMV.

I think that John is doing a lot of great things for crypto (his
participation in the Bernstein case, S/WAN, etc.) and I agree with at least
90% of the things I see him doing.  I think he made the wrong call with
Dimitri, though.

>You 
>could be heroes (or look ten times as foolish as you already do).

Actually, if John was trying to cut down on the noise by banning the Kook,
I think it's backfired.  It seems like there is even more irrational
chatter now...


Rich

--
Rich Burroughs
richieb at teleport.com
http://www.teleport.com/~richieb/






From mael at umcc.umcc.umich.edu  Sat Nov 16 10:10:07 1996
From: mael at umcc.umcc.umich.edu (Reza Beha)
Date: Sat, 16 Nov 1996 10:10:07 -0800 (PST)
Subject: HP does it
Message-ID: <m0vOpBd-001YzgC@umcc.umcc.umich.edu>


http://www.cnn.com/TECH/9611/15/encryption.reut/index.html
                                      
            Hewlett-Packard to unveil encryption 'breakthrough'
                                      
                                 encryption
                          links November 15, 1996
                        Web posted at: 9:00 p.m. EST
                                      
   PALO ALTO, California (Reuter) -- Hewlett-Packard Co. said Friday that
    it will unveil technology Monday that will provide a breakthrough in
    the long-deadlocked debate over use of software encoding for secure
                               data traffic.
                                      
    If the encryption technology has won the backing of industry and the
    U.S. and other governments -- which Hewlett-Packard officials say is
     the case -- the development could eliminate a key obstacle to the
              growth of electronic commerce via the Internet.
                                      
      Hewlett-Packard Chairman Lewis Platt will provide details on the
      technology, which includes technology patented by the Palo Alto
     computer giant as well as other technologies, a company spokesman
                                   said.
                                      
      Technology from RSA Data Corp. the de facto standard-setter for
    Internet security, will be involved Hewlett-Packard officials said.
                                      
   Senior Microsoft Corp. and Intel Corp. executives were also scheduled
       to attend Monday's news briefing at the National Press Club in
                Washington, Hewlett-Packard officials said.
                                      
     The technology will make it possible to export products containing
    so-called "strong encryption," which have not been exportable under
            national security laws dating back to the Cold War.
                                      
      Under national security law, the U.S. government has allowed the
       export of software and other computer products containing only
                   "weaker" data encryption technologies.
                                      
   Encryption has been classified as a munition because of its potential
    for use by terrorists, spies or other criminals to conceal messages.
                                      
   Encryption programs use mathematical formulae to scramble confidential
   information, such as electronic mail messages or credit card numbers,
     rendering them unreadable to computer users without a password or
             "software key" that can decode the coded material.
                                      
     For years the domestic computer industry has complained that such
     government restrictions have hampered its competitiveness in world
        markets, and that its customers did not necessarily want the
               government to be able to decode internal data.
                                      
   The industry says the laws have prevented it from offering some of the
     most recent Internet technologies, even within the United States,
      because it is impossible to prevent computer users outside U.S.
   borders from gaining access to technologies publicly available on the
                                 Internet.
                                      
      Companies and their customers want to use encryption to protect
            confidential communications and electronic commerce.
                                      
    Silicon Valley executives recently noted that consumer devices, such
      as WebTV Network's Web-browsing television device that hit store
   shelves this autumn, use the same levels of strong encryption as used
                            in military systems.
                                      
    WebTV said it is using keys composed of 128 bits, or characters, of
     data to encode and decode its communications to its set-top boxes
   providing consumers with the best level of security available over the
                                 Internet.
                                      
   The government recently proposed that the constraint be eliminated by
    providing a key recovery system, in which authorities could recover
     keys to crack messages if they received a court warrant to do so.
                                      
             Industry has rebuffed this as difficult to manage.
                                      
      The solution being offered by Hewlett-Packard would be flexible,
       allowing customers to use the levels of encryption required by
                  different governments, the company said.
                                      
    "This is going to allow very strong encryption," said a spokeswoman.
                                      
   Hewlett-Packard said its technology would provide a means of "solving
       the data security and integrity issues that have impaired and
    frightened users and companies from exploiting the full power of the
                                 Internet."
                                      
            Copyright 1996 Reuters Limited. All rights reserved.





From tfs at adsl-122.cais.com  Sat Nov 16 10:10:30 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Sat, 16 Nov 1996 10:10:30 -0800 (PST)
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
Message-ID: <9611161810.AA03185@adsl-122.cais.com>



all,

"aga at dhp.com", that 'aga' guy, is NOT subscribed to cypherpunks.

What has and is going on is that he was blindly Cc'ing cypherpunks
on everything he wrote that had to do with this... 

I exchanged some mail with the guy, he didn't understand AT ALL that
"cypherpunks at toad.com" was a mailing list address. He seemed to think
that he had to be "subscribed" to the list in order for any traffic
to goto it.

When I pointed out to him that this was not the case, his attitude was
that it was not his fault and that the list was "broken" etc.

If you havn't figured it out, BELIVE ME, talking to this guy is a
definative waste of packets.

He's ranting with basicly no clue about how he's doing the ranting...
And this stuff has now been cross-posted to about 6 newsgroups by
him, in addtion to the 3 mailing lists he's been sending it to.

I ended up asking him why he wasn't jsut cutting to the chase and
posting "Make Money Fast" stuff instead. (he didn't seem to get it.)

I'd suggest ignoring him & hoping he goes away. As it is it was a MAJOR
mistake of mine to even attempt to interject sanity into the whole
stupid thread on this... Why? Because there's better things to worry
about in life. Like this H/P crypto announcment... Or anything crypto
related for that matter. As it is the thread continues like some bad
crack-addled version of the energizer bunny. 




Tim



PS, I just realized my dog does better at staying focused on doing tricks 
that this list does on staying focused on crypto... That's a bit scary. 





From attila at primenet.com  Sat Nov 16 10:14:00 1996
From: attila at primenet.com (attila at primenet.com)
Date: Sat, 16 Nov 1996 10:14:00 -0800 (PST)
Subject: Conspiring to commit voodoo
In-Reply-To: <199611150326.TAA07305@mail.pacifier.com>
Message-ID: <199611161815.LAA10673@infowest.com>


        OK, that's an interesting, but not that isolated an incident....
        
        in the early 60s, I was stopped in Providence late at night by
    an officer (driving a red '57 bird which says 'give me a ticket') . 
    no big real other than the 4+ hours of hassle since the officer
    did not like my license and wanted "proof"  --at 4am. finally,
    they let me call ALA (auto. legal assoc.) and an attorney managed
    to spring me.  

        at that time, the bill was about $150.  ALA paid the bill.

        but, at renewal, the ALA would not renew as a I had "multiple"
    arrests.   seems like the ALA's local contract attorney had 
    "represented" me two more times in his area  --he was paid, I had
    the violations on record  --I just wasn't there for any of it!  Not
    bad for a little extra paperwork --for three phone calls he made
    almost $700!  not bad for 60-62.

        I guess the phantom struck again!

        OK, Jim, tell us WHY you don't respect unicorn for his story? 
    At that time Patriarcha was the NE don --judging from the news
    reports during the years I was at Harvard, AP must have been a
    common practice --except it was probably a closed betting pool.
    time for the three little monkeys on that one....

            -attila

--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila






From jai at aloha.com  Sat Nov 16 10:17:23 1996
From: jai at aloha.com (Dr. Jai Maharaj)
Date: Sat, 16 Nov 1996 10:17:23 -0800 (PST)
Subject: THAT is what makes John Gilmore an ASSHOLE!
Message-ID: <Pine.BSI.3.95.961116081616.29915A-100000@aloha.com>


>> time for the alt.asshole.john-gilmore newsgroup
 
> An excellent idea, Dr. Grubor! Shall we newgroup
> alt.flame.john-gilmore or alt.bonehead.john-gilmore
> or both?
 
In that case, can Gilmore's inclusion in the NetScum
site at   http://www.mindspring.com/~netscum   be far behind?
 
Jai Maharaj
%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:% Om Shanti %:%:%
 







From ben at gonzo.ben.algroup.co.uk  Sat Nov 16 10:31:40 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Sat, 16 Nov 1996 10:31:40 -0800 (PST)
Subject: More Euro Key Escrow
Message-ID: <9611161725.aa16313@gonzo.ben.algroup.co.uk>


I've looked more closely at the "Royal Holloway" protocol, supposedly
under consideration by the EC for key escrow in Europe, though I must say that
anyone who deploys it will get what they deserve.

I have discovered some further weaknesses in the protocol, documented
at:

http://www.algroup.co.uk/crypto/rh.html

Comments are welcome.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From dthorn at gte.net  Sat Nov 16 10:45:34 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 10:45:34 -0800 (PST)
Subject: Giving Kill Files a Workout...
In-Reply-To: <3.0b36.32.19961116015217.00e4c738@mail.teleport.com>
Message-ID: <328DF064.740B@gte.net>


Alan Olsen wrote:
> What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"
> So far i have killfiled three people in the past two days.  (That is the
> total number I filtered to trash before that date.)
> For those of you who are sick of wading through this mess, I am willing to
> show you what it will take to filter those of your choice to /dev/null or
> its local equivelent. (procmail can be your friend!)

Thank you in advance for your filtering instructions (yawn).

BTW, why would anyone give a shit whether you killfiled anyone or not?






From dthorn at gte.net  Sat Nov 16 10:45:34 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 10:45:34 -0800 (PST)
Subject: Could Declan or some libertarian explain this?
In-Reply-To: <Pine.GUL.3.95.961114200538.29970B-100000@Networking.Stanford.EDU>
Message-ID: <328DFEAD.41C@gte.net>


Rich Graves wrote:
> >From the so-called fight-censorship list. I would ask there, but the list
> owner won't let me, and I won't stoop to Vulis's level.
> |        PLEASE MARK MY WORDS: IF MY BOOK IS NOT RE-PUBLISHED AND AVAILABLE
> |IN BOOKSTORES, THE CAUSE OF ACADEMIC FREEDOM IN THE WEST WILL BE IN A SORRY
> |STATE.  FEW ACADEMICS WOULD BE PREPARED TO SUFFER THE MANY BLOWS AND
> |THREATS THAT I HAVE NOW ENDURED FOR SIX MONTHS. IF 'The 'g' Factor'
> |DISAPPEARS, SO WILL OTHER SERIOUS PRODUCTS OF RESEARCH AND SCHOLARSHIP --
> |ESPECIALLY IF THEY ARE DEEMED "CONTROVERSIAL" BY THE LIBERAL-LEFT.

> His complaint is that his publisher stopped distribution of his book arguing
> that blacks are mentally inferior to whites.
> Could someone please explain to me how Chris Brand is different from Vulis?
> I mean in form; in practice, Declan is bashing Vulis for not recognizing
> rights of private editorial control, but uncritically passing on Mr. Brand's
> message alleging that private editorial control is censorship. Far be it
> from me to criticize Declan's right to exercise editorial control over
> substantive dissent and factual correction, but I was just wondering.

Could someone explain to me why we have to have *any* censorship, if
people on a list are given tools to filter with and reminded on occasion
how to use them?







From dthorn at gte.net  Sat Nov 16 10:45:51 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 10:45:51 -0800 (PST)
Subject: A New Crypto Announcement--Could be Ominous
In-Reply-To: <v03007803aeb2869761df@[207.167.93.63]>
Message-ID: <328E0496.2C7C@gte.net>


Timothy C. May wrote:
> (My traffic from the Cypherpunks list comes in bursts interspersed by long
> gaps, so I don't know if this has been reported. It seems significant to me.)
> A few excerpts:
> H-P ( Hewlett-Packard Co ) says RSA Data ( Security Dynamics Technologies
> Inc ) in codes deal
> PALO ALTO, Calif., Nov 15 (Reuter) - Hewlett-Packard Co. said Security
> Dynamics Technologies Inc's RSA Data Security Inc electronic encryption
> company is involved in its planned announcement Monday of new advance in
> encryption technology.
> Hewlett-Packard said technology the company's Chairman and Chief Executive
> Lewis Platt is due to detail at the National Press Club on Monday aims
> to resolve this roadblock in the use of electronic commerce over the Internet.
>    ^^^^^^^^^^^^^^^^^^^^^^[emphasis added by Tim]
> Hewlett-Packard officials declined to give precise details, but said the
> technology has already received backing from the U.S. government and other
>            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> governments which it did not name, as well as major industry players.
> Senior executives of Microsoft Corp and Intel Corp are among those
> scheduled to make presentations on Monday, Hewlett-Packard said, but it
> declined to identify other companies whose technologies will be involved.
> It sounds ominous to me. Another backroom deal, probably for some form of
> key recovery strategy, aka GAK.

In my dealings with Platt's office, I discovered an interesting thing.
His staffers are retired people, who have no mailboxes at HP, and who
you reach only through a single individual, kinda like the concept of
compartmentalization used in military operations.

And believe me, that isn't the only peculiar thing going on there.

Let's just say that HP is a shrewd survivor in a sea of nasty predators.






From hal at rain.org  Sat Nov 16 10:46:36 1996
From: hal at rain.org (Hal Finney)
Date: Sat, 16 Nov 1996 10:46:36 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <199611161725.JAA01334@crypt.hfinney.com>


From: paul at fatmans.demon.co.uk
> You could also have an arbitrated blind signature protocol whereby 
> trent shares a keypair with all users. bob encrypts his comment, M 
> with the key he shares with trent. On recieving it trent carries out 
> a blind signature on it and publishes it, as trent knows only bob has 
> the shared key, K he knows bob said M but as it is a blind sigature 
> and he is likely to be signing a lot of messages (trent is of course 
> a computer program) he doesn`t know which message came from bob.

I don't quite follow how this would work.  If Trent issues a blind
signature, then that means (doesn't it?) that he doesn't see what he
is signing.  So how can he confirm that the message is actually from
a member of the group when he doesn't see it?

> Also Chaums group signatures could be used but unfortunately the 
> arbitrator can find out who said what, but does not normally know.
> Also trent can forge digital signatures with this protocol.
> Chaum further mentions protocols for this sort of thing that do not 
> even need an arbitrator but I don`t have the papers on this.

Not all of Chaum's proposals in the original paper from Eurocrypt 91
have this property.  Here is what he has, somewhat simplified.  Z is
the trusted party for those protocols which use one.

1) Each group member makes up a key which he will use for one signature.
Z signs each key to certify that it is a member of the group.  People
don't re-use keys so that messages are unlinkable.  Z can tell who sent
which message since he knows the keys.

2) Z publishes an RSA modulus N, gives each group member a secret exponent
si, and publishes v = the product of all the si.  Members sign message m
by producing m**si mod N.  Then to confirm the signature they engage in a
zero knowledge protocol to prove that the signature is of the proper form
and that si divides v (without revealing si).  Chaum gives a protocol for
this.

3) Z again publishes an RSA modulus N, and each group member chooses his
own RSA modulus Ni = pi * qi.  To sign message m he produces m**pi mod N.
He then proves in zero knowledge that the signature is of the proper
form and that pi divides the product of all the Ni (without revealing pi).
This is the same zero knowledge protocol as in (2) above.

4) Members agree on a large public prime p with generator g.  Each member
chooses a secret exponent si with public key ki = g**si mod p.  (This is a
standard discrete log cryptosystem setup.)  To sign message m he produces
m**si mod p.  He must then prove in zero knowledge that the signature
is of the proper form and that si is the private exponent corresponding
to the public key of some group member, without revealing exactly which
group member it is for.  The protocol for this is not very efficient.
It uses a cut and choose concept and has to be iterated multiple times.

In methods 1, 2, and 3, Z can tell who made a signature.  In method
2, Z can forge signatures for other members.  Method 4 doesn't use
a trusted party.

Method number 4 is very similar to Chaum's original proposal for
undeniable signatures, although the zero knowledge proof is very different
since he doesn't want to reveal which particular key his exponent
corresponds to.

In the Eurocrypt 94 paper by Chen and Pederson they show a very nice
protocol for proving that you know the exponent corresponding to
one of a set of Diffie Hellman public keys.  This is similar to the
problem in (4) above.  Given k1=g**s1, k2=g**s2, ..., you can prove
that you know one of the si without revealing which one.  The protocol
is pretty simple and just requires one challenge and response, although
the amount of data sent is proportional to the number of ki in the set.

This could be used to prove group membership anonymously.  If there
were a list published of public keys of people on the cypherpunks list,
you could prove you were on that list without revealing your identity.
I think it could be made a signature protocol by having the challenge
c depend on a hash of the message.  But the authors don't do it that
way, they do a more complicated protocol because they are seeking to
achieve unconditional rather than cryptographic anonymity.

Hal





From dthorn at gte.net  Sat Nov 16 10:47:14 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 10:47:14 -0800 (PST)
Subject: [POLITICS] Re: Members of Parliament Problem
In-Reply-To: <v02140b02aeb30446063a@[192.0.2.1]>
Message-ID: <328DFD9B.31E6@gte.net>


Peter Hendrickson wrote:
> At 11:31 PM 11/15/1996, Adam Shostack wrote:
> >        So, if 'anonymous Senator' came out for legalization, it would
> > be declared that it was Kennedy, source of all Liberal Evil.  Good
> > policy comes from leaders standing up and leading.  Since they don't,
> > I'm a crypto-anarchist.  To try and help the Congress become more
> > effective is not in anyones interest, except that class of person who
> > makes their living off the workings of government.
> >         There are lots of variations on the argument that politics is
> > from the greek poly, meaning many, and ticks, a small bloodsucking
> > animal.  My interest in creating new, consensual realities is that I
> > don't want to be forced to care about the congress.

> I may have misunderstood you, but when you suggested "disallowing"
> Congressmen to use anonymity, it did not sound consensual.  Even
> blood sucking parasites should be allowed to benefit from cryptoanarchy.
> I for one, would be most interested in what Congressmen would have
> to say if they knew their words could in no way be traced back to
> them.  I suspect that there are a lot of basketcases in Congress
> and that this would become clear from the horrible things they would
> have to say when they were sure nobody was looking.

Go back to circa 1974-1976, and the Hart-Schweiker (spelling?) report.
Gary Hart telling about the things he saw in the intelligence reports,
etc., and how scary they were.  Fast-forward to Hart's outing in his
Presidential bid, and that confirms what happens when they can't say
things publicly.

I'm only quoting (minimally) one instance here - there are *tons* of
such admissions on the part of high-ranking people, but they're mostly
forgotten due to the avalanche of disinformation dumped on the people
by the big media every day.

Interesting how many people in the U.S., from the very top on down, know
quite a bit of the conspiracy to murder the Kennedys and Dr. King, but
some of the "intellectuals" on this very list can't handle the reality
of that, so they pretend it never happened.  Or, as Laugh-In said back
in the late 1960's, "In a few years, it'll be 'what assassination?'".







From dthorn at gte.net  Sat Nov 16 10:47:31 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 10:47:31 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <9611161024.AA00954@adsl-122.cais.com>
Message-ID: <328E032B.40D7@gte.net>


Tim Scanlon wrote:
> Stephen Boursy wrote, along with a horde of others with no lives:
> [lots of worthless crap snipped out]
> > None of that analogy is applicable to the cyberpunks list.
> > When a list gets as big as that, it it no longer to be considered
> > a "mailing-list" but it is a _public_ forum.  The whole problem
> > here is the abuse of power by both the EFF and John Gilmore.

> It's not an abuse of power. It was an effort to curtail inappropriate
> SPAM. Much like this entire topic has become non-crypto SPAM on the
> cypherpunks list.

[snippo]

> Oh, and it's spelled "internet", and when use inside a sentance, it isn't
> capitolized, no matter what Bill tells you.

Tim is criticizing whom?
Tim, it's spelled "sentence", with an "e".
Tim, it's spelled "capitalized", with an "a".

> And if you pulled the plug
> on any of your 6 lists, the members would have the option of reforming
> another list someplace else, but it would be YOUR OPTION to pull the
> plug, unless you were "only" the adminstrator, and not the list "owner".
> John owns the list in the classic sense. (Ok I realize I may have lost
> you there Mr. "InterNet", but the way it works is that either organizations
> or individuals own lists, in this case it's an individual.)

Speaking of "classis sense", this is yet another bunch of drivel which
says nothing but implies that ownership of the machinery allows the
"owner" to exercise rights over the messages and the messagers.

> All bullshit aside, this whole thing has NOTHING to do with crypto.
> And it has very VERY little to do with censorship either. And it's
> gotten way, way out of hand. I suggest that it might be better not
> to spam cypherpunks with this stuff, and to give it a rest.

Do you talk to yourself a lot, bud?  Why should anyone give a damn what
you think about whether they are on-topic or not, or what they choose to
do with their time? Why don't you go read up on some of these things and
contribute something useful instead?

BTW, I think appropriately is spelled with an "e".







From hal at rain.org  Sat Nov 16 10:48:22 1996
From: hal at rain.org (Hal Finney)
Date: Sat, 16 Nov 1996 10:48:22 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <199611161742.JAA01346@crypt.hfinney.com>


From: Bryan Reece <reece at taz.nceye.net>
> But what about Okamoto and Ohta's digital cash scheme published in
> Crypto '91?  It appears to be fully untraceable and transferable.  Of
> course, I haven't heard of anyone trying to use this scheme (has it
> been broken?)

This digital cash scheme has a big disadvantage which the authors try
to play down.  The problem is that all spending by a particular user is
linkable.  It can't be connected to his True Name but all of it is
linked, in effect, to his nym.  This is bad because it allows profiling
and dossiers to be built up about nyms with interesting spending patterns,
which could then be used to identify which ones should be candidates
for intensive efforts to discover their identity.

Most other digital cash schemes don't allow linkability of the payor's
activities, which is a much better approach.

Hal





From mpd at netcom.com  Sat Nov 16 10:53:13 1996
From: mpd at netcom.com (Mike Duvos)
Date: Sat, 16 Nov 1996 10:53:13 -0800 (PST)
Subject: Does John Gilmore...
In-Reply-To: <3.0.32.19961116100146.0074095c@mail.teleport.com>
Message-ID: <199611161852.KAA19877@netcom8.netcom.com>


Rich Burroughs <richieb at teleport.com> writes:

 > I think that John is doing a lot of great things for crypto
 > (his participation in the Bernstein case, S/WAN, etc.) and I
 > agree with at least 90% of the things I see him doing.  I
 > think he made the wrong call with Dimitri, though.

Banning Dimitri was a really dumb thing to do.  The list is
archived practically in real time on the Web and anyone can post
whether or not they are subscribed, not to mention the
availability of anonymous remailers, with which Cypherpunks is
closely associated.

So we had a unilaterial act, which was completely unenforcable,
that made us all look like a bunch of clueless hypocrites in the
process and filled the list with yet another pointless flame war.

Indeed, we have here another classic example of not quite
grasping the issues involved, much like what we see on a regular
basis from the EFF as they merrily capitulate right and left with
Congressrodents on bills most Cypherpunks find unacceptable. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From mycroft at actrix.gen.nz  Sat Nov 16 11:11:57 1996
From: mycroft at actrix.gen.nz (Paul Foley)
Date: Sat, 16 Nov 1996 11:11:57 -0800 (PST)
Subject: The persistance of reputation
In-Reply-To: <328D2595.89B@gte.net>
Message-ID: <199611161644.FAA08442@mycroft.actrix.gen.nz>


On Fri, 15 Nov 1996 18:23:17 -0800, Dale Thorn wrote:

   A disinformer posing as an idiot.  Go figure.

Nice sig...and here I was thinking you were a real idiot.

<g>

-- 
Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Deliberation, n.:
	The act of examining one's bread to determine which side it is
buttered on.
		-- Ambrose Bierce, "The Devil's Dictionary"





From hal at rain.org  Sat Nov 16 11:14:09 1996
From: hal at rain.org (Hal Finney)
Date: Sat, 16 Nov 1996 11:14:09 -0800 (PST)
Subject: San Jose Mercury News declares encryption battle over
Message-ID: <199611161913.LAA01571@crypt.hfinney.com>


>From the article
	<URL:http://www.sjmercury.com/business/compute/encrypt1115.htm>:

> Under the plan computer makers could equip their machines, including
> personal computers, with electronic ''locks'' of almost any strength. A
> single computer model with strong built-in encryption could legally be
> sold in both domestic and foreign markets.
> 
> The key is that the encryption circuitry would be inactive in exported
> machines, unless both buyer and seller obtained all legally required
> licenses to turn it on.
> 
> Domestic customers, and export buyers with a license, would get a special
> key card to turn on the encryption, according to HP. Manufacturers would
> thus be relieved of the burden of making different computers for export
> than for domestic use.

So it sounds like the idea is to build crypto around card tokens.  I think
HP has been pushing this for some time.  The question is, will this somehow
become the only way to get access to crypto?

Unlike the earlier IBM/CIA announcement, this time Netscape and Microsoft
have apparently been brought on board.  That is a lot worse because these
companies are where most people are going to get their crypto in the future.
If they have open standards, we can make good crypto available.  But if
this announcement signals some kind of closing of the system so that only
hardware tokens will be used, it could become a lot harder to make strong
crypto available.

There are also the economic questions about how much these key cards are
going to cost, and whether they are going to be routinely supplied with
computers or an extra cost item that consumers have to go out and buy.
If the latter, a lot of people won't bother, and we'll just have that much
larger a barrier to widespread use of crypto.

It is certainly very disturbing to see these new moves.  Obviously a great
deal of behind the scenes negotiations and pressure has been occuring.
You have to wonder why Netscape, for example, would forego the opportunity
to differentiate themselves from rival Microsoft by positioning their product
as the one which refuses to bow to government pressure on crypto.

It's also not clear what the hardware manufacturers get out of this.
Their sales overseas have never been blocked.  There has been no demand
for custom crypto hardware.  I don't see how they have been harmed by an
inability to ship computers with built-in encryption hardware.  Granted
there are some possible applications for such systems but I don't see the
market demand which would drive this decision.

Hal





From marks at thawte.com  Sat Nov 16 11:14:48 1996
From: marks at thawte.com (Mark Shuttleworth)
Date: Sat, 16 Nov 1996 11:14:48 -0800 (PST)
Subject: More Euro Key Escrow
In-Reply-To: <9611161725.aa16313@gonzo.ben.algroup.co.uk>
Message-ID: <Pine.LNX.3.95.961116205506.15573B-100000@bilbo.thawte.com>



> I've looked more closely at the "Royal Holloway" protocol, supposedly
> under consideration by the EC for key escrow in Europe, though I must say that
> anyone who deploys it will get what they deserve.

I've taken a personal look at this,  and it's awful.  I'd like to make a
formal submission from Thawte to the EC committee in charge.  Even better,
I'd like to muster industry support against escrow schemes in general in
the EC. If any organisations following this thread would like to join us
in that submission,  please contact me directly.

Thanks,
Mark

--
Mark Shuttleworth
Thawte Consulting






From hal at rain.org  Sat Nov 16 11:17:41 1996
From: hal at rain.org (Hal Finney)
Date: Sat, 16 Nov 1996 11:17:41 -0800 (PST)
Subject: PGP acquires PrivNet
Message-ID: <199611161917.LAA01576@crypt.hfinney.com>


The company I work for, PGP, Inc., announced yesterday that it had bought
PrivNet, makers of Internet Fast Forward cookie-blocking software.  More
info is on the PGP web site at http://www.pgp.com/.  Personally I have a
passionate and irrational hatred of cookies so I am very glad to see this
move!  I can accept them if I'm browsing through an online store and they're
being used to keep track of what I've bought, but so many sites these days
are just snoopy as far as I can tell.  Down with cookies!

Hal





From aba at dcs.ex.ac.uk  Sat Nov 16 11:38:43 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Sat, 16 Nov 1996 11:38:43 -0800 (PST)
Subject: Remailer Abuse Solutions
In-Reply-To: <v02140b05aeb13a70acf4@[192.0.2.1]>
Message-ID: <199611152138.VAA00315@server.test.net>



Peter Hendrickson <ph at netcom.com> writes:
> However, if you restrict postings to an approved group of people, perhaps
> everybody on the mailing list, you can eliminate spam.  How, then, do we
> allow anonymous postings to come through?  Individual people on the list
> can receive the proposed post and forward it to the list if it is
> appropriate.  They could even charge a fee for doing it.  That's easy to
> do if there is a "paying" remailer which will handle the money for them.

Not necessarily a good idea.  The post may be a hot potatoe, and the
forwarder may find themselves in legal trouble.  (Say RC4 & RC2 source
code, NSA handbook, the results of the Mykotronic's dumpster diving
spree, etc).  Exercising `editorial control' has landed some ISPs in
trouble, to the extent that some are specifically avoiding it for that
legal reason alone.  Being _paid_ for forwarding the message may make
that even worse.

Often the posts which would get the anonymous poster (or the true name
forwarder) into the most troublle, are the ones which are most
interesting, and also very on topic.

Howabout someone liberates skipjack and forwards it to you via
remailers with $50 for your trouble.  Do you bite?  I thought not, NSA
interviews, ITAR violation, etc.

If the spam/off topic posts gets to you badly, perhaps you should
subscribe to a filtered list.  Newsreaders with ratings of posts and
reputation handling of posters would probably help a lot also.
Reputations alone doesn't work that well, many posters in my view are
not consistent, they post good stuff usually, but now and then get
drawn into rambling off topic, or noisy discussions, etc.

Ecash for email works better to stop spam sent directly to email
addresses where you don't cash the money as a curtesy, and your
software junks if it doesn't have valid ecash.  Email spam itself is
getting mildly annoying lately, I get a couple a day average at the
moment.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From dlv at bwalk.dm.com  Sat Nov 16 12:10:29 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 12:10:29 -0800 (PST)
Subject: The Key for the IPG 200 Megabytes at NETPRIVACY.COM
In-Reply-To: <848071226.510145.0@fatmans.demon.co.uk>
Message-ID: <N65HXD2w165w@bwalk.dm.com>


paul at fatmans.demon.co.uk writes:
>
> Every single member of this list and indeed of other forums in which
> you post (I don`t know of any but I assume it is not just us you
> annoy) knows you are a fool.

I don't know that he's a fool. I haven't seen him rant about brute force
attacks on one time pads the way some members of this list do. Then again
I'm no loner a member of this list, thanks to John Gilmore's censorship.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 12:10:50 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 12:10:50 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <Pine.SUN.3.95.961115111117.23903H-100000@viper.law.miami.edu>
Message-ID: <o24HXD1w165w@bwalk.dm.com>


"Michael Froomkin - U.Miami School of Law" <froomkin at law.miami.edu> writes:

> I think there's some funny accounting here...

Creative accounting is the name of the game. Pay attention, IRS...

> On Tue, 12 Nov 1996, Joseph M. Reagle Jr., for whom I have considerable
> respect and who ordinarily posts very sensible things but appears to have
> lent his account to someone else appeared to have written:

Another one of John Gilmore's electronic forgeries and fabrications (EFF)?

> > o TAXES THOUGHT EXPERIMENT
> >
> >  1) I generate $100 of productivity for my company
>
> I will assume you measure productivity by "sales".

No, I think he understands that the cost of good sold and other costs are
taken out of "sales" to compute his contribution.

> Note also that it's debatable whether this $100 of sales is exactly "your"
> productivity.  In some sense it's really the company's, ie a joint product
> of your labor, their capital, and the labor of other people in the
> production/sales chain:

And of course you use the infrastructure paid for with your taxes and
other people's taxes (state and federal).

> Note also that the analysis that follows is not really affected by whether
> you meant "sales"  or "my contribution to the sale".
>
> >  2) Company is taxed %30, $70 left
>
> No.  Company is NOT taxed on gross sales. Corporate income tax does not
> work like sales tax.  With some minor exceptions relating to pass-through
> rules, foreign sales, and some complex timing issues, corporate tax is
> ordinarily levied on NET PROFITS.  Thus, the company first deducts all the
> "costs" it can identify, even if those were not necessarily involved in
> producing that (or any) sales.  E.g.  advertising, your salary, corporate
> junkets, rent, etc.  And lets not forget corporate tax sheltering too...

In Germany, a company can put practicially inlimited amounts of money into
tax-deductible reserves. E.g., you can estimate that once in ten years you'll
be unable to collect a debt of 10DEM. Every year you set aside 1DEM as a sort
of self-insurance reserve. The revenue authorites don't bother you if the
assumption of 10DEM every 10 years is overly pessimistic. Therefore German
corporations generally pay little income tax.

> >  3) Company pay shareholders and costs, $30 is left
>
> Again, no.  Shareholders come AFTER payroll and costs.

Dividends are NOT tax-deductible in the U.S. On the other hand, interest is.
Therefore it's sometimes more profitable for a company to raise money by
issuing bonds (debt) and paying tax-deducuble interest than by selling its
stock (equity) and paying non-decuctible dividentds to stockholders.

> >  5) I pay 40% in taxes, so $18 left
>
> I'm afraid you are conflating the MARGINAL rate (and when you consider
> federal, state and local taxes varies by state) with the AVERAGE rate.
> Here in FL. for example there is no state or local income tax.  With tax
> sheltering, mortgage deductions etc. no one pays 40% -- the middle class
> pay a lower average rate, the upper class pay a much lower average rate.

That varies with the locale - here I pay the federal income tax plus the New
York State income tax plus the New York City income tax. I once had a job offer
from IBM at $79K/year in Boca Raton (which I eventually didn't take anyway) -
it's a ridiculous salary in NYC, but a decent one in Florida.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From alan at ctrl-alt-del.com  Sat Nov 16 12:16:32 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Sat, 16 Nov 1996 12:16:32 -0800 (PST)
Subject: Giving Kill Files a Workout...
Message-ID: <3.0b36.32.19961116114021.01089e6c@mail.teleport.com>


At 08:48 AM 11/16/96 -0800, Dale Thorn wrote:
>Alan Olsen wrote:
>> What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"
>> So far i have killfiled three people in the past two days.  (That is the
>> total number I filtered to trash before that date.)
>> For those of you who are sick of wading through this mess, I am willing to
>> show you what it will take to filter those of your choice to /dev/null or
>> its local equivelent. (procmail can be your friend!)
>
>Thank you in advance for your filtering instructions (yawn).
>
>BTW, why would anyone give a shit whether you killfiled anyone or not?

The point is not who or what I care to killfile.  The idea is that it can
be done by most people without a whole lot of hastle.

There are a number of people who do not have experience in setting up
procmail.  I am offering to help them out in the hope that it will strain
out some of the resultant noise from these "Freedom Knight" loons.  (Or at
least keep a number of people from dropping the list from the bogosity.)

I suspect I am in a number of killfiles already...

---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From frissell at panix.com  Sat Nov 16 12:26:02 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 16 Nov 1996 12:26:02 -0800 (PST)
Subject: Validating SSNs
Message-ID: <3.0b36.32.19961116152211.00c8c718@panix.com>


>Timothy C. May wrote:
>> 
>> Indeed, I protected my privacy decades ago by discarding my issued SSN 
>> and substituting a different one. This "phony SSN" is what I use on my 
>> tax returns, my credit cards, and for my employers.
>> 
>> Ha! None of them know that this is not my True Social Security Number!
>> 
>> By this I protect my privacy.

"The Iliad" and "The Odyssey" were not written by Homer but by another
Greek of the same name.

Old joke.

Might I suggest though that you use varying SS numbers and varying names,
addresses, and Dates of Birth so that you deny The Great Enemy a Key_field
in the database of life.

DCF





From frissell at panix.com  Sat Nov 16 12:26:11 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 16 Nov 1996 12:26:11 -0800 (PST)
Subject: Mirror of new export control regulations
Message-ID: <3.0b36.32.19961116152518.00772f30@panix.com>


At 09:10 PM 11/15/96 -0500, Alan Davidson wrote:
>	http://www.cdt.org/crypto/clipper311
>

I'm holding out for Clipper '95 myself.

DCF





From dlv at bwalk.dm.com  Sat Nov 16 12:31:49 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 12:31:49 -0800 (PST)
Subject: Does John Gilmore suck tale's cock, too?
In-Reply-To: <Pine.LNX.3.95.961116064606.3091R-100000@dhp.com>
Message-ID: <1D6HXD3w165w@bwalk.dm.com>


aga <aga at dhp.com> writes:

> > It's not an abuse of power. It was an effort to curtail inappropriate
> > SPAM. Much like this entire topic has become non-crypto SPAM on the
> > cypherpunks list.
>
> No it was not SPAM.  John Gilmore attacked Vulis's style, plain
> and simple.  Next time I see John GilMore, I will call him a
> censorous motherfucker in public.

Thank you, Dr. Grubor. I fully agree with your assessment of John Gilmore.
Note that the claim that I write "SPAM" (in capital letters) is a lie, and
probably actionable.

> > Please, the EFF is NOT a Cypherpunks organization. They may share

Neither has any credibility anymore.

> > some of the same goals, but they arn't the same. This should be obvious
> > to even the most logicly deficient.
> > Oh, and it's spelled "internet",
>
> No it is not, asshole!  That is the old way of doing things.
> It is NOW and always will be the "InterNet" -- I helped build the
> motherfucker in 1969, I should know.

Thank you, Dr. Grubor, for your monumental contributions.

> and when use inside a sentance, it isn't
> > capitolized, no matter what Bill tells you.
         ^
>
> No, it is capitalized, because Grubor tells you.
> The name is the GruBoursyNet.

Yes - the self-appointed censor can't even spell. What a maroon.

> > And if you pulled the plug
> > on any of your 6 lists, the members would have the option of reforming
> > another list someplace else, but it would be YOUR OPTION to pull the
> > plug, unless you were "only" the adminstrator, and not the list "owner".
> > John owns the list in the classic sense. (Ok I realize I may have lost
> > you there Mr. "InterNet", but the way it works is that either organizations
> > or individuals own lists, in this case it's an individual.)

Of course it's John's right to censor his own mailing list. He does too.

> > > The first time is the time when you lose all credibility, and there
> > > is never any forgiveness for a plug-puller.
> >
> > All bullshit aside, this whole thing has NOTHING to do with crypto.
> > And it has very VERY little to do with censorship either. And it's
> > gotten way, way out of hand. I suggest that it might be better not
> > to spam cypherpunks with this stuff, and to give it a rest. Between
>
> I never would join that mailing list, because it is all a bunch
> of shit.  The EFF must die, and that is all there is to it.

The EFF can continue to exist as a reminder of how corporate interests
try to misappropriate the appearance of defending free speech while in
fact engaging in plug-pulling and censorship.

> Stupid pervert cabal.cocksucker, I bet.

Most definitely.

> Does John Gilmore suck tale's cock, too?

I wouldn't be surprised the least bit. Many unhappy customers of Cygnus
Support have found out that the only requirement for being hired by Cugnus
is to be gay; it doesn't matter whether you know anything about the product
you're supposed to support. Thus, Cygnus rips off not only the software
writers (who put their software on the Internet for everyone to use, not
for John Gilmore to get rich(er) with), but also their gullible customers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 12:33:31 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 12:33:31 -0800 (PST)
Subject: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <328DE511.28E5@tivoli.com>
Message-ID: <ks6HXD4w165w@bwalk.dm.com>


Mike McNally <m5 at tivoli.com> writes:

> Dale Thorn wrote:
> >
> > Mike McNally wrote:
> >
> > > (So what if John decided simply to pull the plug on toad in order to
> > > plug in a new hot tub?)
> >
> > Well, what if he did?  Are you sure that would make aga look like a
> > fool,
>
> No, and it's not clear to me why you think my question had anything to
> do with my wanting "aga" to look like a fool.  That was not my intent.
> I simply question the claim by "aga" that somehow Mr. Gilmore is
> obligated to provide his services and capital to support the "public
> property" that the cypherpunks list has allegedly become, as opposed
> to treating it like the ephemeral by-product of software running on a
> computer he owns.

You're still trying to cover up John Gilmore's dishonorable censorship,
which he described as "act of leadership". Hitler-like leadership indeed!

You may recall that when I first reported that I've apparently been forcibly
kicked off this mailing list, Timmy May posted a denial. Now Timmy May doesn't
want journalists to write about this incident, because it exposes John Gilmore
and a hypocrite.

Of course John Gilmore has the right to censor his private mailing list
- why are you denying that he did?

> > or would it make you look like a fool, since it would tend to confirm
> > what people like aga have been saying?
>
> I presume that you and aga already think I'm a fool, or worse, but
> I don't trouble myself with understanding the fancies of inscrutable
> intellects.

Count me in: I too think that Mike's a fool and an EFF/Cabal stooge.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jfricker at vertexgroup.com  Sat Nov 16 12:50:45 1996
From: jfricker at vertexgroup.com (John Fricker)
Date: Sat, 16 Nov 1996 12:50:45 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <19961116205006455.AAA175@dev.vertexgroup.com>


>Igor Chudov @ home (ichudov at algebra.com) said something about Re: ideal secure personal computer system on or about 11/16/96 7:41 AM

>
>Bill Frantz wrote:
>> Protection against strangers walking up to your machine and using it is
>> nice, and easy to do.  Protection against viruses which install Trojan
>> horses in your system would also be nice, but is very hard to do in systems
>> where programs run with all the privileges of their users.  Examples
>> include (in alpha order): DOS, MacOS, Unix, and Windows (including NT).
>
>I wonder what are the operating systems where programs may be run with
>_less_ privileges than the user who starts them? Is VMS one of such 
>systems?
>
>thanks
>
>	- Igor.
>End of message


In WinNT a program may impersonate a user such as Guest. Also, trojan horses are ineffective in NT as typical users do not have write permission to system binaries. 

--j
-----------------------------------
| John Fricker (jfricker at vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------






From roach_s at alph.swosu.edu  Sat Nov 16 13:06:35 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Sat, 16 Nov 1996 13:06:35 -0800 (PST)
Subject: Why I shall never undescribe
Message-ID: <199611162106.NAA18467@toad.com>


At 08:50 AM 11/15/96 -0500, Alec wrote:
>>From: Bovine Remailer <haystack at cow.net>
>>To: cypherpunks at toad.com
>>
>>Foulmouthed Timothy May rehashes his lies like a rabid parrot
>>choking on a stale mantra stuck in its poisonous beak.
>
>Where else today can one find such prose?  Nay poetry!
>
>And they say poetry is dead!

I thought they said that chivilry was dead.






From mhw at wittsend.com  Sat Nov 16 13:29:06 1996
From: mhw at wittsend.com (Michael H. Warfield)
Date: Sat, 16 Nov 1996 13:29:06 -0800 (PST)
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <9611161810.AA03185@adsl-122.cais.com>
Message-ID: <m0vOsH2-0000LkC@wittsend.com>


Tim Scanlon enscribed thusly:

> all,

> "aga at dhp.com", that 'aga' guy, is NOT subscribed to cypherpunks.

> What has and is going on is that he was blindly Cc'ing cypherpunks
> on everything he wrote that had to do with this... 

> I exchanged some mail with the guy, he didn't understand AT ALL that
> "cypherpunks at toad.com" was a mailing list address. He seemed to think
> that he had to be "subscribed" to the list in order for any traffic
> to goto it.

> When I pointed out to him that this was not the case, his attitude was
> that it was not his fault and that the list was "broken" etc.

> If you havn't figured it out, BELIVE ME, talking to this guy is a
> definative waste of packets.

	I have a suggestion...  How 'bout if everybody on this list dropped
a procmail configuration that mailed aga at dhp.com and postmaster at dhp.com
a copy of every message that originated from aga at dhp.com?  Do you think
he would start to "get it" then?

	:
	: - remainder of message deleted...
	:

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!





From ph at netcom.com  Sat Nov 16 13:29:56 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sat, 16 Nov 1996 13:29:56 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <v02140b03aeb3dd600b95@[192.0.2.1]>


At 1:38 PM 11/15/1996, Adam Back wrote:
>Peter Hendrickson <ph at netcom.com> writes:
>> However, if you restrict postings to an approved group of people, perhaps
>> everybody on the mailing list, you can eliminate spam.  How, then, do we
>> allow anonymous postings to come through?  Individual people on the list
>> can receive the proposed post and forward it to the list if it is
>> appropriate.  They could even charge a fee for doing it.  That's easy to
>> do if there is a "paying" remailer which will handle the money for them.

> Not necessarily a good idea.  The post may be a hot potatoe, and the
> forwarder may find themselves in legal trouble.  (Say RC4 & RC2 source
> code, NSA handbook, the results of the Mykotronic's dumpster diving
> spree, etc).  Exercising `editorial control' has landed some ISPs in
> trouble, to the extent that some are specifically avoiding it for that
> legal reason alone.  Being _paid_ for forwarding the message may make
> that even worse.

Yes, this is the part of my proposal with which I felt least comfortable.
Actually, not to flog a dead horse or anything, this is a perfect
application for semi-anonymous authentication.  Anybody on the list
could forward the mail, but nobody need know exactly who sent it.

> Howabout someone liberates skipjack and forwards it to you via
> remailers with $50 for your trouble.  Do you bite?  I thought not, NSA
> interviews, ITAR violation, etc.

Well, there are ways to do this.  For instance, you can send it
to a bunch of other people anonymously at, say, a dollar each.
It will get around quickly, albeit at greater inconvenience and
a higher cost.  But, for something this important that would be
acceptable.

> Ecash for email works better to stop spam sent directly to email
> addresses where you don't cash the money as a curtesy, and your
> software junks if it doesn't have valid ecash.  Email spam itself is
> getting mildly annoying lately, I get a couple a day average at the
> moment.

Except most people don't have e-cash accounts, software that handles
e-cash, or the interest in keeping a site which is secure enough
to handle e-cash.  This is the feature of having the remailer operator
deal with it.  The technology can be introduced to the existing
system with minimal hassle and cost.  All you need is one remailer
operator to do it.

Incidentally, a similar idea can be used to handle flooding attacks
on remailers.  A bad person could take down a remailer by directing
many encrypted packets to it that did not contain any payment.  This
is hard to solve, of course, because the mail all comes from other
remailers.

The solution is for the remailer itself to not accept mail from
other machines that do not pay.  The other remailers in the network
make a payment themselves (out of money they already received)
to make it worthwhile for the remailer to look inside the message
and see if there is even more business.

Does anybody know if military communications systems ever
take this approach?  I know that a highly redundant network is
used when any part of it can be taken out.  What is awkward about
this is that everybody wants to send messages at the very same
time the bandwidth is attenuated; i.e., during battle.

I'm guessing that in practice everybody in the network - all of
whom are basically trusted and identifiable - is ordered to send
only urgent traffic.

But, it would be neat if there was a way to budget bandwidth for
every unit, just like we do for ammunition.

Peter







From roach_s at alph.swosu.edu  Sat Nov 16 13:32:13 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Sat, 16 Nov 1996 13:32:13 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611162132.NAA18928@toad.com>


At 08:29 PM 11/15/96 -0800, Timothy C. May wrote:
>At 4:46 PM -0800 11/14/96, I wrote:
>>>On Wed, 13 Nov 1996, Mark M. wrote:
>
>>To which, at 08:42 AM 11/14/96 -0500, aga wrote:
>>
>>>Why?  Are you a criminal?
>>>What are you hiding behind your PGP?
>>
>>Okay, I'll bite.  Where is it said that a person who wants h[is,er] privacy
>>is a criminal?  Charlie McCarthy might have said that.
>
>You mean in his book "Crypto by Dummies"?
>
>Or were you perhaps thinking of Joe?
>
I was probably thinking of Joe.  I keyed on McCarthy and Charlie was the
first christian name to mind.  I intended to give the name of the former
Senator.  I apologize for not checking the historical accuracy of the name I
did use.






From ph at netcom.com  Sat Nov 16 13:37:02 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sat, 16 Nov 1996 13:37:02 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <v02140b04aeb3e32566af@[192.0.2.1]>


At 1:38 PM 11/15/1996, Adam Back wrote:
>Peter Hendrickson <ph at netcom.com> writes:
>> However, if you restrict postings to an approved group of people, perhaps
>> everybody on the mailing list, you can eliminate spam.  How, then, do we
>> allow anonymous postings to come through?  Individual people on the list
>> can receive the proposed post and forward it to the list if it is
>> appropriate.  They could even charge a fee for doing it.  That's easy to
>> do if there is a "paying" remailer which will handle the money for them.

> Not necessarily a good idea.  The post may be a hot potatoe, and the
> forwarder may find themselves in legal trouble.  (Say RC4 & RC2 source
> code, NSA handbook, the results of the Mykotronic's dumpster diving
> spree, etc).  Exercising `editorial control' has landed some ISPs in
> trouble, to the extent that some are specifically avoiding it for that
> legal reason alone.  Being _paid_ for forwarding the message may make
> that even worse.

> Often the posts which would get the anonymous poster (or the true name
> forwarder) into the most troublle, are the ones which are most
> interesting, and also very on topic.

(In case you get this out of order, this is my second response.)

Another way to have anonymous posting but not be subjected to spam
and the like is to dispense tokens every week to the subscribers.
They can be signed blindly so that anonymity is preserved, just
like e-cash.

Peter Hendrickson
ph at netcom.com







From ponder at freenet.tlh.fl.us  Sat Nov 16 13:39:06 1996
From: ponder at freenet.tlh.fl.us (P. J. Ponder)
Date: Sat, 16 Nov 1996 13:39:06 -0800 (PST)
Subject: Crypto Chango
Message-ID: <Pine.OSF.3.91.961116160854.2163A-100000@fn3.freenet.tlh.fl.us>


 
Steps to changing US encryption policies:
(Note, you must be logged in as US President for this to work.)

1.  Try to bug everyone's phone and computer with special chips.

2.  Get your butt kicked at and missed by technical weenies, and 
    eventually stomped on by your own national research council.

3.  Wait for Congress to show leadership.  (Lose two turns if you 
    actually thought they would do something.) (Return)

4.  Try to tap everything without using any special chips. (Goto 2)

5.  See if any other governments want you to be able to tap their
    stuff, too.

6.  Try to tap everything with half the key tied behind your back
    when you start.  (Goto 2)

7.  Issue the new policies.

Play Again [Y/N]?

Michael Foomkin and John Young have links to the edict.
You may try:
<A HREF="http://www.jya.com/" <John Young (look under Crypto)</A>
<A HREF="http://www.law.miami.edu/~froomkin/" <Prof. Froomkin's Page[?]</A>
please excuse the handmade-from-memory URLs above if they don't work.
. . . a little snippet from the Internet Scout Report . . . 

New from Net Scout
------------------
1. The Scout Toolkit Version 2.0
http://www.cs.wisc.edu/scout/toolkit/
http://wwwscout.cs.wisc.edu/scout/toolkit/
http://rs.internic.net/scout/toolkit/

The most trusted source for information on how to make the Internet work
better for you is now available in extra strength. Version 2.0 of the Scout
Toolkit debuts today, with a completely new interface, many new sections,
and a focus on the future. In addition to the current awareness you've come
to expect from Net Scout, we've added an increased emphasis on analysis and
insight. Sections include: Searching the Internet, Latest Tools and
Technologies, End User's Corner, Net Scout Sidekicks, a Selective Guide to
Publications on the Internet, and Future Internet Directions. The new
Toolkit is mirrored on three sites to allow Internauts unhindered access.

. . .

Copyright Susan Calcari, 1996.  Permission is granted to make and
distribute verbatim copies of the Scout Report provided the copyright
notice and this paragraph is preserved on all copies. The InterNIC
provides information about the Internet to the US research and education
community under a cooperative agreement with the National Science
Foundation: NCR-9218742. The Government has certain rights in this
material.

Any opinions, findings, and conclusions or recommendations expressed in
this publication are those of the author(s) and do not necessarily
reflect the views of the University of Wisconsin - Madison, the National
Science Foundation, AT&T, or Network Solutions, Inc.
. . .






From hyperlex at hol.gr  Sat Nov 16 13:46:24 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sat, 16 Nov 1996 13:46:24 -0800 (PST)
Subject: The TRILATERAL COMMISSION -was: [REBUTTAL] Censorship on...
Message-ID: <199611170144.XAA29610@prometheus.hol.gr>


At 11:01 �� 16/11/1996 -0600, snow wrote:
>> As regards the "gullibility", it's plainly dangerous; And cultivated
>> by the Media, apparently stronger in the U.S. than in many other places.
>> (written by E. Francis, on the "Trilateral Commission", and distributed
>>  to all members of his own -private- mailing list, of which I'm a part).
>> >THE LAND OF SHADOWS
>> >
>> >     Early this month is the last presidential=20
>> >"election" before the year 2000. As of this writing and=20
>> >long before, the election was decided in favor of Bill=20
>> >Clinton. It works out astrologically, but the real=20
>              ^^^^^^^^^^^^^^^^^^^^^^^^^         
>    I think this just about says it all.

A ha ha ha!!!  ROTFL.

You forget that Astrology is... unsuitable for gullible children. :-)



>    Go talk to Don Wood. 

Don't know who the hell Don Wood is.  However, I bet you 
_also_ don't know who Mr. Stringas is. Well, he is the author
of several books about his experience as a prominent C.I.A. official
working for the Trilateral Commission, a former NATO official who
acted as a "link" between the Athens government and Washington, and
he also (at the age of 70+) doesn't give a damn about anyone putting
a bullet in his head (or so he says) which is unlikely anyway since
it would be too "obvious".

Mr. Stringas is not the only one who wrote thousands of pages about
the Trilateral Commission's activities and members (e.g. Clinton).

However, you seem to dismiss well-known facts for the simple reason
that they were originally posted by an astrologer (E. Francis) and
apparently you believe astrologers are by nature non-credible.

That's fine with me. As a highly analytical Virgo with Venus in
Libra, I understand you very well.  :-)

I will reply with a real life JOKE, in this case:

Two days ago I had a rather official meeting with some nice people
with whom we negotiated a contract (of details irrelevant here).
Carrying my notebook computer (as I always do) with several astrology
programs inside it, I actually took it out and made a horoscope for
my... lawyer, who ALSO happens to be a Virgo with Venus in Libra, and
this was hilarious, since we _now_ understood our... similarities.

Then a gentleman came into the room who remarked that Astrology is
only suitable for loonies and gullible morons. He added that for
these people, the Greek word "zodion" applies except without the
'd' and the 'i' in the 3rd and 4rth places inside the word 'zodion'
('Zodion' means 'Zodiac sign'). (If you delete those characters,
you are left with the word 'Zoon' which means 'animal').

An astrologer friend of mine, also in the same room, immediately
replied: Aha! But the way you phrased it, Sir, makes you surely a
virgo, too; probably with a Virgo ascendant, I would say.

The guy stared at us in terror. He WAS a Virgo, and had a Virgo
ascendant, as he himself said.

He promptly stopped talking and looked rather thoughtful...

Perhaps a... coincidence? :-)

Have fun (with astrology).
George











From mhw at wittsend.com  Sat Nov 16 14:02:14 1996
From: mhw at wittsend.com (Michael H. Warfield)
Date: Sat, 16 Nov 1996 14:02:14 -0800 (PST)
Subject: NT insecurity
In-Reply-To: <19961116064952843.AAA201@rn232.io-online.com>
Message-ID: <m0vOsnL-0000ucC@wittsend.com>


Adamsc enscribed thusly:

	Hooo  Hummm...  Another one...

> Given the recent comments about insecure machines, I thought it was
> interesting to note that you can clear *every* password on an NT box by using
> a diskeditor to corrupt the password file (Boot off of a floppy and use
> NTFSDOS if you have to).  It'll reboot several times and then you'll be
> allowed to login.

	Much as I absolutely detest NT, lets reitterate what everyone else
on this list has already heard too TOO many times...  If you have physical
access to the machine, it ain't secure.  It doesn't matter what operating
system or what that operating system offers in the way of security.  If
you can boot it off a floppy, you got it by da balls.  Period.  NT is no
better and no worse than any variation of UNIX out there.  I help a friend
break into a SCO C2 secure Unix box that way.  Booted DOS off the floppy,
hunted down the password entry (it ain't in /etc/passwd in this mother),
and changed it to something we knew.  Was owned by a friend whose EX boy
friend had locked her out of her own system!  Took just a few minutes,
including the programing time.

	Let's beat up on NT about the real things, not phantoms...

> #  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
> #  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
> "That's our advantage at Microsoft; we set the standards and we can change them."
>    --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!





From ichudov at algebra.com  Sat Nov 16 14:07:02 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 16 Nov 1996 14:07:02 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <31wHXD27w165w@bwalk.dm.com>
Message-ID: <199611162203.QAA01201@manifold.algebra.com>


Dr.Dimitri Vulis KOTM wrote:
> You forgot "limp-wristed, EFFeminate, bearded, 50-ish blonde".

What is this supposed to mean? Is that some cultural thing?

	- Igor.





From hyperlex at hol.gr  Sat Nov 16 14:09:11 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sat, 16 Nov 1996 14:09:11 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611170206.AAA01013@prometheus.hol.gr>




At 05:24 �� 16/11/1996 -0500, Tim Scanlon wrote:

>Between
>the 2 lists & various people I see represented here, with all due &
>serious respect, you folks have GOT to have better, more important,
>and far more deserving issues to devote your time to. I would hope
>that you would take a few moments and think about those things, and
>consider acting appropriatly in light of those thoughts.
[...]
>And it's
>gotten way, way out of hand. I suggest that it might be better not
>to spam cypherpunks with this stuff, and to give it a rest.

>Tim Scanlon

I think the expulsion of Dimitri Vulis is HIGHLY on-topic inside the
Freedom Knights List.

As it happens, it is ALSO on topic in the cypherpunks list, no matter
how HARD you try to forget this.

After censoring Dimitri, you will also NATURALLY try to censor others
too, such as myself (receiving notices that I stop "cross-posting" to
the cypherpunks list).

However, you are a HYPOCRITICAL ASSHOLE, becayse you ALSO cross-post
to your own (cypherpynks) list. What you CLEARLY want is to HAVE
THE "LAST WORD" ABOUT THIS ISSUE.

This is typical of all censorship. If your request was SINCERE, you
would be the FIRST to NOT CROSS-POST IT to the cypherpunks list.

Oh Gods of Olympus!  :-)




>Stephen Boursy wrote, along with a horde of others with no lives:
>[lots of worthless crap snipped out]

You mean whatever you disagree with, or perhaps don't bother to read,
you dismiss as 'worthless crap'.

It's funny, this attitude. I find it philosophically inexcusable.
I never dismiss the opinions of others as "worthless crap" when they
are expressed eloquently. What I said instead is that "VERY important
ideas have been expressed from all sides". Perhaps you didn't notice.






 
>> When a list gets as big as that, it it no longer to be considered
>> a "mailing-list" but it is a _public_ forum.  The whole problem
>> here is the abuse of power by both the EFF and John Gilmore.
>> 
>It's not an abuse of power. It was an effort to curtail inappropriate
>SPAM. Much like this entire topic has become non-crypto SPAM on the
>cypherpunks list. 

You have begun REDEFINING "SPAM" according to your personal feelings
and opinions. "SPAM" as EVERYONE ELSE understands it, implies some kind
of _gain_ (e.g. from advertising) inside a posting.

Redefining "SPAM" is consistent with attempts to redefine other known
words as well. Like the word "Censorship", which has been redefined
to mean "ONLY official censorship".

The tendency of closed-minded internet communities to REDEFINE common
words as they deem fit, is RATHER WELL KNOWN, where I come from.

I am a dictionary maker by profession, BTW. (I write some of the
software for it, and run the business. OK, I also do spelling mistakes.
It's not my job to know everything, ya know! :-) :-) )


However, if you take my own opinions for instance, they are expressed
without ANY thought of gain (by definition impossible, since I don't
advertise anything. I write these texts at the intervals of a very
real life, involving a lot of swimming, and a lot of Research. When
my friends and I meet, we laugh a lot with the situation thousands
of miles across the ocean, where... EVEN a "cypherpunks" mailing list
has evicted someone forcibly. Rather typical, as it happens. Gives
you people a bad name you know...








>> The first time is the time when you lose all credibility, and there
>> is never any forgiveness for a plug-puller.
>
>All bullshit aside, this whole thing has NOTHING to do with crypto.
>And it has very VERY little to do with censorship either.

Which means you probably didn't read much of what was said anyway.
Typical...



George








From blancw at cnw.com  Sat Nov 16 14:18:31 1996
From: blancw at cnw.com (blanc)
Date: Sat, 16 Nov 1996 14:18:31 -0800 (PST)
Subject: It Used to Be Eric's Inscrutable Deficiency
Message-ID: <01BBD3C9.2396E740@king1-10.cnw.com>


In glancing through and deleting so many messages about how blasphemous and perverted John Gilmore is for having "censored" one list afficionado (more symbolically than in actual fact), I am amused to recall that it used to be Eric Hughes who was the bad guy identified as the Egotistical Slave Master who abused his ownership privileges.    Now he's left the list, it is JG who gets the drift & drivel about list management.

Strange, too, that those who clamor for freedom of speech are accusing JG of being contrary to his principles.   They expect that just because individuals should be at liberty to speak, everyone must therefore be prepared to tolerate all manner and kind of insults against themselves (or be a passive witness to it).

In that case, it would mean that because individuals are to be free "to do" as they will, therefore that courtesy and manners are no longer valid, that high standards of personal behavior are not important, that self-command is not required, that exercising one's best judgement is of no practical value for life in the real world.

It would mean that in the environment of liberty, it would be incorrect for individuals to prevent assaults against themselves or their morals, against their personal preferences, or against their choice of topics for a discussion list which they started.  This would mean that, for instance, it wouldn't be right for free individuals to prevent from being sexually molested, because it would be "censorship" against the perpetrator.

These complaintants against censorship must not understand the purpose for freedom of action, of expression, etc.; that they do not understand the need for being "free":   

it is so that one may, without interferance from uninvited participants, engage in arranging the elements of one's existence for the greatest benefit to oneself.   Tolerating insulting drivel does not fall into that category.

The environment of liberty to express oneself also permits the exercise of the highest logic possible to an unfettered intelligence.  Filling up the mailing list with irrelevant accusations about bizarre sexual practices is not of any logical benefit towards enlightenment on the subjects of encryption or privacy.   

    ..
Blanc





From dlv at bwalk.dm.com  Sat Nov 16 14:20:16 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 14:20:16 -0800 (PST)
Subject: Output of your job "cypherpunks"
In-Reply-To: <199611161756.JAA00016@mail.compcurr.com>
Message-ID: <L8aiXD12w165w@bwalk.dm.com>


> > ok
> Confirming:
> > SIGNOFF NEWSLETTER
> You have been removed from the NEWSLETTER list.

More plug-pulling from the EFF censor John Gilmore?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 14:20:36 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 14:20:36 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116074506.1181B-100000@kinch.ark.com>
Message-ID: <J50HXD11w165w@bwalk.dm.com>


Dave Kinchlea <security at kinch.ark.com> writes:
> >
> > Irrelevant analogy; snail.mail and e-mail.  The former is in physical
> > form, and the latter usually never is.
>
> No kidding, thanks for that information. Perhaps you can explain how it
> is relevant?

Very simple: snail mail is much more suitable to be used as evidence in court
than e-mail.

> > > Of course not, privacy isn't about being a criminal, its about being
> > > private. It is not akin to anonymity, *perhaps* those who work
> > > anonymously have `something to hide' (still doesn't necessarily make
> > > them a criminal, however),
> >
> > Anonymity on the InterNet is a Constitutional right, and is the
> > sole supporter of freedom of speech.
>
> Another irrelevant and completely inaccurate point. I utilize free
> speech everyday yet I manage to do it without anonymity.

It's ironic that I read Dave's e-mail on John Gilmore's private cypherpunks
mailing list, which is known to be censored by John. If you're subscribed to
this mailing list, then you're definitely not utilizing free speech.

> > I disagree, anonymity is a good thing that will never
> > be questioned by anybody, but your PGP will, and it
> > is really not safe anyway.
>
> ha ha ha, not by anybody huh. What world do you live in? I know plenty
> of people who feel that if you must say something anonymously `you must
> be hiding something, probably a criminal!'. I don't subscribe to this, I
> feel that most people who post anonymously are just chicken-shits, but
> that too is besides the point. It *is* questioned by many people.

It's important to remember that petty censors like Bruce Bough oppose
anonymity - they want whoever says something "politically incorrect" to
be punished for their speech. This is in line with the kind of censorship
John Gilmore practices on the cypherpunks mailing list.

>  And as to PGP not being safe, perhaps you could expand a bit on this,
> it hasn't hurt me or anyone I know, seems pretty safe to me. To address
> what I assume your point was, it acts as a prefectly good sealed
> envelope (and I believe quite a bit more), in the context of my original
> reply, this is quite `safe'.

I don't know that PGP is safe. That's I don't use it.
(The exception are my NoCeMbots which use PGP to sign their notices, because
properly implemented NoCeM clients check digital signatures.)

> > Why are you so paranoid that someone is reading your e-mail?
>
> Paranoid? No, but why make it easy for anyone to do so?

I think the censors' agenda is the opposite: they *don't* want anybody to be
able to read the materials they want to suppress. That why they're not
satisfied by using procmail to filter out the unwanted traffic from their
own mailboxes, but want to impose their censorship on any potential reader.
Read the very revealing complaint from the lying shyster Jim Ray for example.

> > I never do anything criminal, so I could give a shit less if
> > everybody reads all of my fucking mail.
>
> so how is it different, besides being electronic, from snail mail? I
> repeat, why don't you use post-cards exclusively for mail? Oh yes, that
> is `print', a totally different thing, geesh.

One can fit more info in an envelope than on a postcard. I knew people who
do use postcards whenever they can to save on postage.

> > > Of course, if all of your personal mail (including financial statements
> > > etc) is sent on post cards, then (while I think you would be crazy) I
> > > will at least admit you are consistent. Else, I think you need to look
> > > hard at the logic you are using.
> >
> > Again, inconsistant analogy.  This is nothing but photons in it's
> > ultimate form, and it will never see paper.  Anything that _you_
> > print is not attributable to me, and any e-mail printed by you
> > would never be acceptable as a court exhibit.
>
> You appear to be confused, I look at what I wrote and I see nothing at
> all that mentions courts. I am talking about personal privacy and the
> analogy is not at all inconsistent. (and paper mail is nothing but atoms
> in it's ultimate form, so what?)

Now, if a piece of e-mail were digitally signed, then it *might* be
more admissible in court.

> > stop getting cyberspace mixed up with print.
>
> Why do you think there is something magical about `cyberspace'? Privacy
> is privacy, period. Communication is communication, period. There is no
> reason to differentiate private communication via print and private
> communication via cyberspace. Both are desirable for exactly the same
> reasons.

John Gilmore has no credibility.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From hyperlex at hol.gr  Sat Nov 16 14:25:27 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sat, 16 Nov 1996 14:25:27 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611170223.AAA02024@prometheus.hol.gr>


At 05:24 �� 16/11/1996 -0500, Tim Scanlon wrote:
>Stephen Boursy wrote, along with a horde of others with no lives:
>[lots of worthless crap snipped out]

As an aside, some of this "worthless crap" written by Stephen Boursy
and "others with no lives", happens to contain jewels of wisdom and
humility such as the following:

(cut and pasted from another posting):

>> P.S.  I never understood the (American?) preoccupation about... "putting
>>       out flames". If I find flame-messages boring, I don't read them!
>>       If anyone insults me, I reply; If anyone speaks nicely, I also do.
>>       The (American?) preoccupation about flames conceals a deep _fear_
>>       of freedom, freedom of the other person's freedom.
>
>
>   This is very true.  I'm worried about the US--our lack of respect
>for free speech--our extremely poor social services for the poor, etc.
>It is not a country I'm proud of at the moment.  Much of what is 
>praised about the US--our stability of government--is our downfall--we
>should be able to toss a government like we have out on its ass and 
>string up the leaders on telephone polls.


Are you aware... tiny Tim, that Stephen Boursy's comment should make
Americans feel PROUD, and that his response to my rant made me think
a LOT?

Perhaps learning from the humility and wisdom of others has also
been banned inside your... tiny-Tim brain cells.

Happy Recovery
Geirge






From tcmay at got.net  Sat Nov 16 14:41:16 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 16 Nov 1996 14:41:16 -0800 (PST)
Subject: Final Solution to the Crypto Problem
In-Reply-To: <199611161913.LAA01571@crypt.hfinney.com>
Message-ID: <v03007800aeb3f127e77a@[207.167.93.63]>


At 11:13 AM -0800 11/16/96, Hal Finney wrote:
>>From the article
>	<URL:http://www.sjmercury.com/business/compute/encrypt1115.htm>:
...
>> The key is that the encryption circuitry would be inactive in exported
>> machines, unless both buyer and seller obtained all legally required
>> licenses to turn it on.
>>
>> Domestic customers, and export buyers with a license, would get a special
>> key card to turn on the encryption, according to HP. Manufacturers would
>> thus be relieved of the burden of making different computers for export
>> than for domestic use.
>
>So it sounds like the idea is to build crypto around card tokens.  I think
>HP has been pushing this for some time.  The question is, will this somehow
>become the only way to get access to crypto?

And this is the "nightmare scenario" we have talked of for so long: make a
method ubiquitous, but with bones thrown to domestic users...then take away
the bones.

Namely, once the infrastructure is deployed, once most electronic commerce
is handled via card tokens (and card readers are actually pretty cheap, and
volume will drive the price down further), the President can cite some kind
of national emergency, or widespread tax evasion, or whatnot, to announce
that beginning on suc-and-such a date all cards must be licensed, even to
domestic users.

(Many of us thought this has always been the strategy with supposedly
voluntary programs, which Clipper was, of course. Our principal objection
was not that the FBI would use Clipperphones, but that the technology and
related announcements were quite clearly oriented toward getting lots of
people to use the technology, thus establishing de facto access to keys.)

>It is certainly very disturbing to see these new moves.  Obviously a great
>deal of behind the scenes negotiations and pressure has been occuring.

The history of the whole crypto debate these last several years has been
the history of a series of behind-the-scenes meetings, pressurings, and
eventual cave-ins. In all of the iterations of Clippper, we heard about the
programs after corporate "buy-ins" had occurred. (Though in the case of
Clipper, there were some "trial balloons" floated six months earlier, as
you may recall.)

The only hope I see is that in each of these iterations, a different set of
companies got burned by the experience: AT&T, TIS, IBM/Lotus, and now the
latest round of players. (Each of these losers from defunct early rounds of
the Great Clipper Race must feel jilted.)

This one may be the Final Solution to the Crypto Problem, given the
building crescendo of crypto news, the new Congress and new term for the
President,  and the simultaneous announcement of the new Emergency Order
and the RSA-HP-Intel-Microsoft-etc. deal. Hardly coincidental.

Be afraid. Be very afraid.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From Bryondp at aol.com  Sat Nov 16 14:42:57 1996
From: Bryondp at aol.com (Bryondp at aol.com)
Date: Sat, 16 Nov 1996 14:42:57 -0800 (PST)
Subject: More Euro Key Escrow
Message-ID: <961116174108_1183667437@emout16.mail.aol.com>


take me off this list





From tcmay at got.net  Sat Nov 16 14:46:17 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 16 Nov 1996 14:46:17 -0800 (PST)
Subject: Passwords as Galaxies, and Status of the Archives
In-Reply-To: <v03007804aeb31c5c2260@[207.167.93.63]>
Message-ID: <v03007801aeb3f542de2d@[207.167.93.63]>


At 12:49 AM -0800 11/16/96, Lucky Green wrote:
>I think it was "Passwords are galaxies in hyperspace". I may be wrong.
>Either way, this was an excellent tread.
>

Dale Stimson found it, and sent it to me. It's included below. It dated
from June of 1995, not 1996. I don't know why I thought it did.


From: tcmay at netcom.com (Timothy C. May)
Message-Id: <199506081711.KAA09665 at netcom8.netcom.com>
Subject: Passwords as Galaxies in Hyperspace
To: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 8 Jun 1995 10:11:19 -0700 (PDT)
Cc: cypherpunks at toad.com
In-Reply-To: <Pine.SUN.3.91.950608081241.3725A-100000 at crl12.crl.com> from
"Sandy Sandfort" at Jun 8, 95 08:41:22 am
Sender: owner-cypherpunks at toad.com

Sandy Sandfort wrote:

> I've never really questioned the statements that knowledgeable
> C'punks have enunciated about passphrase entropy.  I've just
> accepted the "rules" on faith.  I choose long "nonsense"
> passphrases with quirky spelling, characters and punctuation.

Adam Shostack just gave a good response, based on how programs like
"crack" will try various substitutions on names, common phrases, etc.

I want to give an explanation that is more "hyperdimensional" (you'll
see what I mean in a moment).

> The question I have, is "quessability" all that important a
> consideration?  For example, let us say I started out with the
> following phrase as a "seed":
>
> 	the quick red fox jumped over the lazy brown dog
>
> To convert it into a passphrase, what if I only changed "dog"
> to "d0g"?  Though it would obviously be easy for me to remember,
> I don't see how it would be any easier for an attacker to guess
> this passphrase than it would be if the passphrase were an
> equally long string of randomly generated characters.  The

Because a program can store the most common names and phrases and then
generate a whole bunch of one-character or one-word variants. That is,
the phrase above can be stored and then perhaps 1000 variants can be
tried...missing characters, "blue" instead of "brown," "snazzy"
instead of "quick," etc. This sounds like a lot of variants to try,
but remember that we're talking about a search space that is 10^75
bytes or higher! Anything that helps reduce this search space is useful.

> reason I (I'm sure naively) think this is so, is that to the
> best of my understanding, passphrases are all or nothing--you
> have to guess it 100% correctly or it doesn work.  Even if an
> attacker tries my "seed" because it is a common typing practice,
> it hardly puts him any closer to guessing which one of the
> zillions of ways I may have modified that phrase, if indeed, I
> used that phrase at all.

Oh, but it puts him a _lot_ closer!

> So I guess what I'm asking is:  if my passphrase is very long,
> and I add at least some randomness, is the fact that my original
> famous quote might be tried as part of a "Bartlet's attack, all
> that much of a threat?

Imagine all passwords and passphrases (same thing, actually) occupying
a high-dimensional space...I won't get into what the dimensions are
here--see any good book on information theory, especially Pierce's
"Symbols, Signals and Noise."

The "points" in this space are the passwords/phrases. With a
old-generation 8-character max on passwords, for example, this space
has something like 26^8 = 2 X 10^12 points in it, if only single-case
alphabetic characters are used. If both upper- and lower-case
characters can be used and standard punctuation marks can be used, the
space explodes in size to roughly 75^8 = 10^16 points.

In this space, there are "galaxies" or "clusters" of points
surrounding such points as "sandy" and "tim." Smart cracking programs
will start with thousands or even millions of these points and then
explore the "nearby" variants, as these nearby variants are what
people will often pick as passwords, thinking they are "outsmarting"
the computers!

Extending this to 30-character or even 50-character pass _phrases_ has
identical math, except the numbers are _much_ larger, and the
"universe" is much vaster.

Somewhere in that universe is the phrase "the quick red fox.....",
surrounded by a large cloud of points a short Hamming distance away:
"the quick red fob...," "the quick red fux...," etc. And in that same
galaxy, albeit a little furhter away, are the variants on entire
_words_. Still further out from the "galactic core" are such phrases
as "the quickest red cat...."

Searching in these galaxies still beats searching the entire space. In
any case, if one is to try searching the entire space, starting in the
galaxies makes more sense.

(In practice, an entire 10^75 point space will not be searched by
brute force, I am sure. And, in practice, I have no idea how far out
in the "arms" of the "galaxies" the NSA's supercomputers will
venture....)

A question one might ask is what gives "shape" to this universe? Why
do I say there's a "galaxy" of points surrounding "sandy" or "the
quick red fox...."? Why not a galaxy around "g*E at ks)hc"?

This gets to the culture-dependent aspects of "randomness" and
"entropy."

Fact is, just as Sandy thinks starting with "the quick red fox..." or
some other easily memorizable phrase is a good strategy, so too will
computers. All a matter of entropy.


I hope this explanation helps. I'm partial to geometrical and
space-oriented descriptions, and reading Pierce's explanation of
Shannon's Theorem in terms of n-dimensional spaces was one of the
highpoints of my high-school experience, lo those almost 30 years ago.

(The n-dimensional model neatly explains a lot of things, including
signal-to-noise ratios, the effects of signal power, correlation
between signals, and error-correcting codes. Great stuff!)

--Tim May



--
..........................................................................
Timothy C. May         | "I am not now, nor have I ever been, a member of
tcmay at netcom.com       |  a militia group."
Corralitos, CA         |  --Tim May's statement before the 1995 Hearings
                       |    of the House Un-American Activities Committee
The "Crypto Anarchy" sig will soon return.

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From dlv at bwalk.dm.com  Sat Nov 16 14:50:24 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 14:50:24 -0800 (PST)
Subject: Fat Cocksucker John Gilmore-ASSHOLE!
In-Reply-To: <56kqff$ffv@lokkur.dexter.mi.us>
Message-ID: <65BiXD13w165w@bwalk.dm.com>


scs at lokkur.dexter.mi.us (Steve Simmons) writes:

> Let's thing about this for a second.  The author makes value judgements
> based on body weight and sexual orientation.  What does this tell us about
> the authors reasoning ability?

Well - I don't care about John Gilmore's sexual orientation (hint: it ain't
straight :-), but I don't think he's fat. In fact, last time I saw him, I
noticed that he's gotten very thin, and wondered if he's sick or something.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From cvhd at indyweb.net  Sat Nov 16 14:50:42 1996
From: cvhd at indyweb.net (cvhd at indyweb.net)
Date: Sat, 16 Nov 1996 14:50:42 -0800 (PST)
Subject: Giving Kill Files a Workout...
Message-ID: <3.0b36.32.19961116175025.006b441c@indyweb.net>


At 01:52 AM 11/16/96 -0800, you wrote:

>What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"

>So far i have killfiled three people in the past two days.  (That is the
>total number I filtered to trash before that date.)

>For those of you who are sick of wading through this mess, I am willing to
>show you what it will take to filter those of your choice to /dev/null or
>its local equivelent. (procmail can be your friend!)

>Maybe after some creative filtering, the list will settle back to the usual
>noise, instead of the net-loon noise.

As the smoke from the first rounds of cyber-gunfire of the Gilmore vs
Vulius shootout were wafting thru C-space several of us were bemoaning the
fact that the entire issue hadn't been handled thru creative filtering on
the part of list members as opposed to the heavy-handed "Big-Bro'ish" plug
pulling by Mr. Gilmore.  The "net-loon noise" level increase was
predictable.  Like you I will continue to perform creative filtering in
order to extract the 4 out of 240 messages worth reading in any given 48
hour period. 

cvhd 





From gbroiles at netbox.com  Sat Nov 16 14:51:03 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Sat, 16 Nov 1996 14:51:03 -0800 (PST)
Subject: Mailing list liability (fwd)
Message-ID: <3.0b28.32.19961110014235.0071328c@mail.io.com>


At 11:13 PM 11/9/96 -0600, Jim Choate wrote:
>> From markm at gak Sat Nov  9 21:03:24 1996
>> Note that none of these say anything about any commercial service being
held
>> liable for defamatory statements because the service cancelled a user's
>> account or prevented a user from posting in certain areas.  I really don't
>> see why you consider unsubscribing someone from a mailing list the
equivalent
>> of monitoring posts and exercising editorial control.
>
>It is exactly editorial control because it prevents, a priori, submissions by
>Vulis under that account. He is FORCED to resort to other means. That is
>what the courts will see, it is what the jury will see, and it is what will
>eventualy sink the list, and place its operator under financial burden for
>years.

This is inaccurate. Vulis is still sending posts to the list and they are
distributed to subscribers. You seem to have assumed that submissions are
only accepted from subscribers. This assumption is wrong.

>I joined this list under my own volition, I agreed to no review by the list
>operator at any time. I did not agree to not hurt his feelings with my
>comments or views. I did not agree to agree with the operator of the list.
>I did not agree to make him feel warm and fuzzy inside. I agreed to NOTHING
>other than my permission for him to put your submissions in my email box.

I have a very hard time seeing a contract here - I don't think there was
anything close to a "meeting of the minds" to the terms you seem to
imagine, nor do I see any consideration. As you've indicated above, you
took on no obligations - which suggests that your relationship to the list
owner is not that of a party to a contract, but as a recipient of a gift.
The donor of a gift (or series of gifts) is free to stop giving at their
whim. 

> The
>only way I can be removed from this list and not open the operator up to
>legal consequences is by my own volition or the total cessation of this list.
>This applies to every member subscribed so long as their is no proviso posted
>at subscription time.

I disagree strongly. I also strongly disagree that there was/is any
contract between Gilmore and list subscribers or authors. And I strongly
disagree with your ideas about posting notices and the "default" situation
where notices aren't posted. I think that you're mixing up your analyses re
defamation and contract (they are **not** the same thing). I also think
you're using contract-style language to describe obligations apparently
imposed by law, which is misleading. Further, I'm not aware of any law
which would impose the obligations you imagine. If you've got better
information, perhaps you'd be kind enough to post a citation so the rest of
us can catch up with you.

The case summaries you posted don't support your conclusion. The only one
that's even in the neighborhood is Stratton-Oakmont; which, as I pointed
out before, is appreciably different factually (the degree of control was
much greater, the forum was advertised as a controlled one, and the
defendant inspected the message before it was made public), did not receive
further scrutiny at an appellate level, and has been criticized by
commentators and scholars as being poorly reasoned. Stratton-Oakmont is a
poor case to rely upon. As far as I can tell, you're basing your legal
conclusion on the depth and quality of your feelings about this issue,
which is always a mistake.

Finally (and dispositively), the entire field of liability for "publishers"
of online information was changed by the Communications Decency Act. See
<http://www.gdf.com/lb4-1.htm#N3> for more.

But this discussion reminds me of the unproductive discussions that various
legal-minded folks (myself included) have had with Jim Bell from time to
time. And I try not to spend time on unproductive pursuits. So I am not
going to write more about this. I've offered my analysis, and readers can &
will give it whatever weight they think it merits. If I don't respond to
your messages, it's not because I don't think you're wrong, it's because I
don't think saying it over & over helps anyone. Mike Godwin has written and
thought a lot about liability for defamation in the online service provider
context. I recommend his work to people who want to learn more.

It's clear that you think John Gilmore did the wrong thing when he excluded
Vulis. The notion that a relatively inflexible and harsh liability scheme
awaits system operators who wander into some form of content control can be
an attractive one. I don't blame you for liking that idea. But your
conclusion is not supported by case law nor traditional theories of
contract, tort, or property law. The result you want (any content control =
duty to inspect every message = harsh result) might be a good one but it is
not the state of the law today. If you're getting your legal information
from computer media or mass media you're probably getting partially
incorrect information or interpretation. 

--
Greg Broiles                | "In this court, appellant and respondent are the
gbroiles at netbox.com         |  same person. Each party has filed a brief."
http://www.io.com/~gbroiles |  Lodi v. Lodi, 173 Cal.App.3d 628, 219 Cal.
                            |  Rptr. 116 (3rd Dist, 1985)






From dlv at bwalk.dm.com  Sat Nov 16 14:52:14 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 14:52:14 -0800 (PST)
Subject: MSIE 128 Bit
In-Reply-To: <199611161756.LAA23570@wichita.fn.net>
Message-ID: <ayciXD14w165w@bwalk.dm.com>


Steve Shelby <sshelby at feist.com> writes:
>
> Microsoft has a 128 bit version of their Explorer available.
>
> You have to jump through a few hoops, but they have it.

How about maiking available on a European mirror site with no questions asked?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From frissell at panix.com  Sat Nov 16 15:01:55 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 16 Nov 1996 15:01:55 -0800 (PST)
Subject: One Big Telecoms Company
Message-ID: <3.0b36.32.19961116165519.00cebb24@panix.com>


At 09:23 PM 11/15/96 -0800, Dale Thorn wrote:

>Progress?  Most major cities (when I was a kid) had *several* competing
>newspapers, 

Few realize that NYC today has circa 20 daily newspapers (circa 5 in
English and circa 15 in other languages).  

In addition, I can read a hundred daily newspapers (or more) on the nets.

DCF





From dshipman at ewol.com  Sat Nov 16 15:18:53 1996
From: dshipman at ewol.com (Dave Shipman)
Date: Sat, 16 Nov 1996 15:18:53 -0800 (PST)
Subject: THAT is what makes ---Snipshit---------
Message-ID: <3.0.32.19961116181623.00697054@mail.ewol.com>


>>> time for ------Snipshit---------
>> An excellent --------Snipshit-------------
> 
>In that case ---------------Snipshit------------
 
>Jai Maharaj
>%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:% Om Shanti %:%:%

Splash!! Another one falls from filter to Crap Bucket. Damn, a week ago I
didn't even know how to *use* a filter!


DLS
---------------
A fanatic is one who can't change his mind and won't change the
subject.
                -- Winston Churchill






From dlv at bwalk.dm.com  Sat Nov 16 15:21:34 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 15:21:34 -0800 (PST)
Subject: Does John Gilmore...
In-Reply-To: <3.0.32.19961116100146.0074095c@mail.teleport.com>
Message-ID: <PRDiXD15w165w@bwalk.dm.com>


Rich Burroughs <richieb at teleport.com> writes:
> >I have a suggestion for "Aga" and others who believe this sort of
> >nonsense.  Please do us all a favor and try to sue John.  I'm sure
> >that among all jack-leg and wannabe lawyers on this list that they
> >can come up with a viable cause of action.  And John has deep
> >pockets; you could (literally) make out like bandits AND rescue
> >"freedom of speech" on privately maintained mailing lists.
>
> Such a case would obviously fail.  John has the right to ban anyone he
> wants from a list that he is hosting.

Sure he does - I've been saying all along that John Gilmore has the right to
act dishonorably, which he exercises. Yet the censorship supporters keep
attributing to me the diametrically opposite view - that the state can force
John to carry even the opinions he disagrees with. This is not what I've been
saying, of course. John Gilmore lied when he attributed this opinion to me (as
quoted by Declan McCulough). Only his honor could force him to do that, but he
has no honor and no credibility. John had the right to exercise censorship on
his private mailing list, which is precisely what he did.

> I do question, though, whether or not it was the best way to handle the
> situation.  As I have argued, the availability of end-user filtering made
> banning Dimitri from the list unnecessary, IMHO.  And the list owner giving
> people the boot sure doesn't fit with the picture I have had of what
> cypherpunks was about.  YMMV.

Same here - I used to have respect for John Gilmore, but now I don't.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ichudov at algebra.com  Sat Nov 16 15:50:33 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 16 Nov 1996 15:50:33 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <o24HXD1w165w@bwalk.dm.com>
Message-ID: <199611162345.RAA02111@manifold.algebra.com>


Dr.Dimitri Vulis KOTM wrote:
> > >  3) Company pay shareholders and costs, $30 is left
> >
> > Again, no.  Shareholders come AFTER payroll and costs.
> 
> Dividends are NOT tax-deductible in the U.S. On the other hand, interest is.
> Therefore it's sometimes more profitable for a company to raise money by
> issuing bonds (debt) and paying tax-deducuble interest than by selling its
> stock (equity) and paying non-decuctible dividentds to stockholders.

This statement is very questionable. Various classes of shareholders
(such as pension funds and IRA account holders, among others) pay no 
taxes on dividends. Corporations pay taxes only from about 30% of
dividend income that they receive.

There is, in fact, a neat theorem that says that (*_under certain 
assumptions_*) the value of a firm does not depend on its capital
structure.

> > >  5) I pay 40% in taxes, so $18 left
> >
> > I'm afraid you are conflating the MARGINAL rate (and when you consider
> > federal, state and local taxes varies by state) with the AVERAGE rate.
> > Here in FL. for example there is no state or local income tax.  With tax
> > sheltering, mortgage deductions etc. no one pays 40% -- the middle class
> > pay a lower average rate, the upper class pay a much lower average rate.
> 
> That varies with the locale - here I pay the federal income tax plus the New
> York State income tax plus the New York City income tax. I once had a job offer
> from IBM at $79K/year in Boca Raton (which I eventually didn't take anyway) -
> it's a ridiculous salary in NYC, but a decent one in Florida.

You forget about alligators.

	- Igor.





From jer+ at andrew.cmu.edu  Sat Nov 16 16:00:45 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Sat, 16 Nov 1996 16:00:45 -0800 (PST)
Subject: Remailer Pricing
In-Reply-To: <n1364045177.55582@mail.ndhm.gtegsc.com>
Message-ID: <0mXZIy200YUf13OHI0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

"Mullen Patrick" <Mullen.Patrick at mail.ndhm.gtegsc.com> writes:
> Peter Hendrickson's electrons stated
> >
<snip>
> 
> Perhaps we've been thinking about anonymous mail the wrong way.  Is it
> like the U.S. Post Office where you have to physically go someplace,
> buy a stamp, physically write your message, put it in a physical envelope,
> carry it to a box someplace, and then wait (maybe four days) for it to
> arrive, all for "only" 32 cents?  Or is it more like Federal Express
> where you pay 20 bucks and it arrives the next day, for sure, every time?
> 
> Earlier today somebody sent a message about his scary former employers
> and (apparently) how they just kill people.  Would that person pay, say,
> $5 to have the message delivered reliably and very anonymously?  My
> judgement is that it would be worth every penny, and probably more.

Umm, okay, great. So we eliminate all the spam, all the harrassment,
all the frivolous anonymous mail, everyone who uses anon remailers as
a matter of course, and what do you get? One message slowly going
through the system, tracked every step of the way by <indert evil org
here>. Message reordering doesn't help much with one message. The
remailer net *needs* traffic. Preventing spammers is one thing,
discouraging use of remailers in general is another.

> 
> >Right now the remailer network is a mess.  There just aren't that many
> >remailers operating in a timely and reliable manner.  I am not knocking
> >the remailer operators for this, it's just clear that "free" doesn't
> >make it worth their while to keep the remailers operating perfectly
> >at all times.
> 
> Very true.  This strengthens my point that the remailer operator would
> want a piece of the pie, as well...

I suggest that US$.15 to US$.05 per message would be quite reasonable
compensation. The price can't be high enough to make people think
about it, unless they're going to send lots of messages.

> >A good pricing strategy for remailers would be to charge, say, $1 for
> >instant delivery, $.50 for 30 minute delivery, etc.  To generate
> >interest, 4 hour delays could be imposed for free remailing, if the
> >resources are available.
> 
> fTotalCostOfDelivery = fCostOfReceipt + nRemailersUsed * fRemailerCost
> 
> Obviously, nRemailersUsed is only necessary for anonymous chaining...
> 
> Don't get me wrong, there's nothing meant by this equation, no point 
> trying to be made, nothing.  I'm just showing you the pricing strategy.

This pricing strategy would greatly serve the cause of traffic
analysis. There has to be enought delay to collect enought messages to
do some reordering. You could send out bogus messages, but iy wouldn't
be too too difficult to track them far enough to see that they don't
go anywhere interesting.

> I strongly agree with you that paying for remailer use would greatly 
> improve service, and would probably be a good thing.  In the case of
> chaining, there would have to be a great deal of trust involved so none
> of the remailers stole all the postage w/out forwarding the message.  
> (Just a thought, anyway)

That's why you would PGP encrypt the cash. "Trust? What's that, I've
got (ta da) STRONG CRYPTO!"

> Here's an idea I was tossing around sometime earlier--
> One capitalist idea that would invalidate this theory.  A remailer would
> make a lot of money if they made a deal with an advertiser, esp. an 
> advertising agency (containing ads for many companies, if I chose the 
> wrong words) if they eliminated incoming postage, and possibly paid outgoing 
> postage or had the ad agency pay the postage (within limits, of course).
> The remailer would then tag on advertisements to each mailing.  Direct
> marketing (Note: This is what we're trying to avoid, but I see it happening)
> The non-charging remailer would become wildly popular, as they don't 
> charge postage, and they would be fast, because they would have corporate
> sponsorship.  This idea is *far* from being farfetched; it exists now.
> Every mail I receive at my free geocities account has an ad attached.

If remailer prices were trivial, I don't think this would happen.
Besides, chaingin blows this away. The only time an ad gets delivered
to a person is when the advertising remailer delivers it to its final
destination. 

Interesting... those interested in not having to put lots of effort
into management operate internal-only remailers, those interested in
making a buck operate termious-only remailers...

Whee. Diversity. The species evolves.
Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo5VMckz/YzIV3P5AQFtpwL+JyMwXeo3c606U9ROexVrvy90xdoBYxBO
pBjZ4ujrt5kT7j1Y1A/uRz3qSzBfD94d2nmWNmAkoeTIW9POvO9dwpo8qBUsaAim
JKTFst8apoTpMWyWfh9E2E1pAwUcNN2j
=rxiV
-----END PGP SIGNATURE-----





From hyperlex at hol.gr  Sat Nov 16 16:09:58 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sat, 16 Nov 1996 16:09:58 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611170408.CAA08642@prometheus.hol.gr>


At 06:00 �� 16/11/1996 EST, Dr.Dimitri Vulis KOTM wrote:
>Rich Burroughs <richieb at teleport.com> writes:
>> >I have a suggestion for "Aga" and others who believe this sort of
>> >nonsense.  Please do us all a favor and try to sue John.  I'm sure
>> >that among all jack-leg and wannabe lawyers on this list that they
>> >can come up with a viable cause of action.  And John has deep
>> >pockets; you could (literally) make out like bandits AND rescue
>> >"freedom of speech" on privately maintained mailing lists.
>>
>> Such a case would obviously fail.  John has the right to ban anyone he
>> wants from a list that he is hosting.
>
>Sure he does - I've been saying all along that John Gilmore has the right to
>act dishonorably, which he exercises. Yet the censorship supporters keep
>attributing to me the diametrically opposite view - that the state can force
>John to carry even the opinions he disagrees with. This is not what I've been
>saying, of course. John Gilmore lied when he attributed this opinion to me (as
>quoted by Declan McCulough). Only his honor could force him to do that, but he
>has no honor and no credibility. John had the right to exercise censorship on
>his private mailing list, which is precisely what he did.
>
>> I do question, though, whether or not it was the best way to handle the
>> situation.  As I have argued, the availability of end-user filtering made
>> banning Dimitri from the list unnecessary, IMHO.  And the list owner giving
>> people the boot sure doesn't fit with the picture I have had of what
>> cypherpunks was about.  YMMV.
>
>Same here - I used to have respect for John Gilmore, but now I don't.


Neither do I, or my friends who heard about it.

What worries me is that people still subscribe to the cypherpunks list
after this assault on free speech takes place.

If pimps like Gilmore ever succeed in controlling people in the Net,
it will be because of people accepting to become prostituted.

I am not a petty nationalist, but where I come from, after such an
expulsion a lot of people would unsubscribe, and the issue would appear
in the daily newspapers (several pages of which every week are devoted
to Internet news and activities).

Pity I'm too busy nowadays (in dictionary software production). I would
gladly write articles on Dimitri's expulsion and the facade of Free
Speech in mailing lists etc., as I occasionally have written articles
as a part-time journalist.

Believe me, the nature of the (cypherpunks) list as well as the
importance of the person expelled (at one time I wanted to interview
Dimitri for other things he exposed), makes VERY HOT NEWS indeed.

But since I have no time, it's likely someone else will report this.

What we're REALLY interested in, is exposing fallacies about
Freedom of Speech when "private mailing lists" are the biggest threat
to it, nowadays, ever since the Net was invented.

I will pass this on to relevant people and see what happens.

Sincerily
George A. Stathis

P.S. already cross-posted this to "Eleftherotypia", perhaps the biggest
     and most democratic-minded newspaper in Athens, Greece.
     (if it bounces, I got the address wrong and will resend).






From dlv at bwalk.dm.com  Sat Nov 16 16:10:34 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 16:10:34 -0800 (PST)
Subject: Giving Kill Files a Workout...
In-Reply-To: <328DF064.740B@gte.net>
Message-ID: <H7FiXD17w165w@bwalk.dm.com>


Dale Thorn <dthorn at gte.net> writes:

> Alan Olsen wrote:
> > What a week!  What is this?  "Net Loon pig-pile on Cypherpunks day?"
> > So far i have killfiled three people in the past two days.  (That is the
> > total number I filtered to trash before that date.)
> > For those of you who are sick of wading through this mess, I am willing to
> > show you what it will take to filter those of your choice to /dev/null or
> > its local equivelent. (procmail can be your friend!)
>
> Thank you in advance for your filtering instructions (yawn).
>
> BTW, why would anyone give a shit whether you killfiled anyone or not?

But, Dale, that's the whole point of censorship: people like Alan Olsen
and John Gilmore and Jim Ray aren't satisfied when they've killfiles a
source of noise they consider annoying so it doesn't bother them anymore.
They feel compelled to silence it altogether. They claim altruistically
that they don't want the noise to bother anyone else, such as the clueless
newbies who keep subscribing to this mailing list and don't know how to
use mail filters. (Sandy Sanford's concern for them was soooo touching...)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From tcmay at got.net  Sat Nov 16 16:16:40 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 16 Nov 1996 16:16:40 -0800 (PST)
Subject: Don't Feed the Animals!
Message-ID: <v03007800aeb405c5abe0@[207.167.93.63]>



Fact is, I now have more people in my Eudora filter file that at any time
in the four years this list has existed. Also a fact, there are more people
on this list that at any time in history (despite what some of the New Wave
journalists are writing about "the death of the Cypherpunks list").

Fact is, the attention being given to Vulis, Aga, Stathis, Boursy, and
other list disruptors (or clueless cross-posters) is _exactly_ what they
thrive on: controversy. Being the center of so much attention strokes their
egos.

I suspect John Gilmore made a tactical error in kicking Vulis off the list,
as there are so _many_ workarounds. Vulis is clearly posting more messages,
of even greater vitriol, than ever before. Dozens of messages just so far
today. And his supporters and detractors are chiming in with equally
juvenile taunts. This "aga" personna, for example, seems dead-set on doing
whatever he can to get himself added to the "Unwelcome on Cypherpunks"
list. A predictable effect, I'm afraid.

Not that I question John's right to do as he pleases with his machines.
This list is, after all, operated at his expense on his hardware.

[A minor note, though. I disagree with the abstract notion that John
"created" the list, and now "owns" the list. Eric Hughes, Hugh Daniel, and
I proposed a mailing list after the first Cypherpunks meeting, and Hugh set
it up. John volunteered his machine, toad, as he has volunteered it for so
many other projects in the past. While John is in an important sense free
to discontinue his hosting of the list, it is also true that traditional
notions of "ownership" are not the full story. For example, if the San
Francisco Marriot Hotel plays host to the CFP Conference, in any sense is
it proper to say they "own" the conference? If a church volunteers space
for a club meeting, do they "own" the club? However, in both cases the host
may kick out an especially uncouth or disruptive attendee, modulo specific
contract language agreed to by the parties, and this is, I think, all John
has claimed to be doing with Vulis. Perhaps a mistake, but certainly within
reason. I think John has taken a hands-off attitude toward the list, and
has never imposed restrictions on topic, membership, etc. This one case
involving Vulis was well-described by John: he asked Vulis to stop sending
50K byte rants about the Armenians and Turks to the list--consider that
50KB x 1500 destinations = 75 MB of outgoing traffic, modulo corrections
for aliases, compression, etc. Vulis responded with more insults, basically
saying "Make me!!!!" Gilmore said, "OK."]


And the issue is not just killfiles and filters. It's a matter of not
giving the juvenile disruptors the results they crave.

Yes, this message is itself likely to trigger at least a couple of "More
lies from Timmy [fart] May" spews from Vulis, and a couple of incoherent
rants from newcomers Stathis and Aga. I've been saying little on this
issue, compared to dozens of Vulis rants every day (ironic that he calls
_me_ the main ranter!), but it's time to remind folks of a basic Net maxim:

DON'T FEED THE ANIMALS.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From hyperlex at hol.gr  Sat Nov 16 16:25:33 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sat, 16 Nov 1996 16:25:33 -0800 (PST)
Subject: Giving Kill Files a Workout...
Message-ID: <199611170424.CAA09647@prometheus.hol.gr>


At 06:52 �� 16/11/1996 EST, Dr.Dimitri Vulis KOTM wrote:
>> Thank you in advance for your filtering instructions (yawn).
>>
>> BTW, why would anyone give a shit whether you killfiled anyone or not?
>
>But, Dale, that's the whole point of censorship: people like Alan Olsen
>and John Gilmore and Jim Ray aren't satisfied when they've killfiles a
>source of noise they consider annoying so it doesn't bother them anymore.
>They feel compelled to silence it altogether. They claim altruistically
>that they don't want the noise to bother anyone else, such as the clueless
>newbies who keep subscribing to this mailing list and don't know how to
>use mail filters. (Sandy Sanford's concern for them was soooo touching...)


Rather infuriating, too, that newbies are PATRONISED. It's well known
among my own circle that forcible expulsions from mailing lists serve
the purpose of controlling the information-flow to _newbies_ mostly;
since hard-liners and experts know how to killfile anyone anyway...

But sometimes, in other mailing lists, "killfile-terrorism" appears,
meaning an attempt to influence EVERY newbie into killfiling someone
whose messages are no longer read, but the messages of his critics
are read.

It's a return to the MIDDLE AGES, because it means that the words of
the prosecutor are heard, but the defense of the accused is deleted.

Greek friends and I have been studying this Mechanism of Repression
for rather a long time. It's probably encouraged by the EFF, too, in
the sense that (the goal is): Turn the Internet into cows and sheep
flocked together by pimp-cowboy list-owners.

It nearly turned me into a Yankee-hater till I realized there are
quite a few open-minded Americans similarly infuriated and concerned.

One Net-friend of mine (an American lady) has a doctorate in History
and Law and remarked that FEW PEOPLE IN THE STATES REALIZE WHAT THIS
IS ALL ABOUT, and how EASY it is for the freedom-bashers to succeed.

Lastly, I have now read nearly ALL of Dimitri Vulis' postings (in
the F-K list), and consider it CRIMINAL censorship if anyone tries
to stop him from speaking out. His talent at exposing fallacies is
magnificient.

This is the beginning of the END of pimping-on-the-net in the
name of "privacy".

George







From omega at bigeasy.com  Sat Nov 16 16:29:15 1996
From: omega at bigeasy.com (Omegaman)
Date: Sat, 16 Nov 1996 16:29:15 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
Message-ID: <Pine.LNX.3.95.961116193634.2811A-100000@jolietjake.com>


On Wed, 13 Nov 1996, Declan McCullagh wrote:

> Yes, I understand this. It's quite obvious; being removed from the
> subscriber list hasn't slowed Vulis at all. When I was writing the piece
> Vulis seemed to have slowed his ad hominem attacks and instead was talking
> about censorship (something that is within the charter of the list), but
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
		    
Actually, Declan, it's not.  "info cypherpunks" in the body of a message to
majordomo at toad.com yields the welcome message to the list -- the closest
thing to a charter available.  The subjects of censorship and free speech
are neither mentioned nor alluded to anywhere within that document.

The subjects of censorship & free speech do bear some relationship to the
list's expressed subject and are certainly near and dear to most cypherpunk
hearts.  The government cannot prevent us from discussing the implications 
of privacy enabled by strong crypto.  

Free speech & censorship may even be interesting, entertaining, & important
topics -- hence their consistent recurrance in discussions.  But the above 
assertion is factually wrong.



_______________________________________________________________
 Omegaman <mailto:omega at bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________








From ghio at myriad.alias.net  Sat Nov 16 17:04:30 1996
From: ghio at myriad.alias.net (Matthew Ghio)
Date: Sat, 16 Nov 1996 17:04:30 -0800 (PST)
Subject: NT insecurity
In-Reply-To: <19961116064952843.AAA201@rn232.io-online.com>
Message-ID: <199611170102.UAA06180@myriad>


"Chris Adams" <adamsc at io-online.com> wrote:
> Given the recent comments about insecure machines, I thought it was
> interesting to note that you can clear *every* password on an NT box
> by using a diskeditor to corrupt the password file (Boot off of a floppy
> and use NTFSDOS if you have to).  It'll reboot several times and then
> you'll be allowed to login.

You can do the same with every other operating system that doesn't have
an encrypted filesystem; Microsoft was just the only company dumb enough
to claim their filesystem was secure because they didn't think that
anyone would reverse-engineer it.





From jer+ at andrew.cmu.edu  Sat Nov 16 17:15:56 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Sat, 16 Nov 1996 17:15:56 -0800 (PST)
Subject: "Strong" crypto and export rule changes.
In-Reply-To: <199611161733.MAA04178@homeport.org>
Message-ID: <0mXaQD200YUf13OMA0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Adam Shostack <adam at homeport.org> writes:
>         What the US government will allow to be exported is not "strong
> encryption."  It is encryption only slightly too strong to be broken
> by an amateur effort.  For the right investment in custom hardware, it
> falls quickly.  (500,000 $US = 3.5 hour avg break).
<snip>
>         In other words, the surveilance state is still winning, and
> American business is still losing.

Umm, I'm not expert, but it seems to me that the proposal removes the
"munitions" classification. It seems the USG has removed its defense
in court chanllenges to export restrictions. Am I totally off-base
here?

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo5nCMkz/YzIV3P5AQGV6wMAgvyLL+A+aYqDFJIPoXSA5g9Bl2NHObJs
wduNAvsxKSWANYRAOpEm+HKlhVCIHH0ZGQvRTVTrcsLn2AV56HuaR9xOX4dud3kZ
F0rYapIKCyfyj7E3RagYGigXcDSXIWe2
=lKg5
-----END PGP SIGNATURE-----





From jya at pipeline.com  Sat Nov 16 17:19:12 1996
From: jya at pipeline.com (John Young)
Date: Sat, 16 Nov 1996 17:19:12 -0800 (PST)
Subject: Final Solution to the Crypto Problem
Message-ID: <1.5.4.32.19961117011708.007245d0@pop.pipeline.com>


Tim May wrote:

>Namely, once the infrastructure is deployed, once most electronic commerce
>is handled via card tokens (and card readers are actually pretty cheap, and
>volume will drive the price down further), the President can cite some kind
>of national emergency, or widespread tax evasion, or whatnot, to announce
>that beginning on suc-and-such a date all cards must be licensed, even to
>domestic users.

Not to diminish the validity of Tim's alarm, is there not reason to
anticipate that
these tokens will be crackable. And thus continue the race between crypto 
enforcers and crackers?

In addition to the recent successes against smart cards, there seems to be 
trouble with the government's program for widespread use of Fortezza cards, 
according to complaints of various military and civilian sites. The Fortezza
site at ljl.com seems to have been set up so that open, easily accessible
information could be gotten by the harried military users (see, for example,
the list of Fortezza complaints at http://infosec.nosc.mil ).

Moreover, there is surely to be continued competition among the players
who are trying to increase their market share -- both government and
commercial, both domestic and international. Will they not continue to 
attack each other's crypto products? And will not each nation's government
continue to subsidize their favored producers in international economic and
military contentions?

The point is made on cypherpunks that the odds are increasingly on the 
crackers even if there are periodic gains by behind-the-scenes plots among
the enforcers and there temporary allies (as Tim notes, these are often short-
term romances). And that hardware systems are the most vulnerable due 
to their illusory physical security -- the fatal conceit that brawn can beat 
brains in crypto, as it claims it used to do in iron- and fire-power (that was
before iron became subservient to code).

Finally, take a look at the history of these "emergency" Executive Orders 
outlined in No. 12924 posted by Peter Junger. Then look at the predecessors 
to those at www.house.gov. They go back through several administrations 
and confirm what Hal first raised: there is a concerted effort to get around 
accountability for the continuation of the so-called emergency, and 
successive Congresses have been complicit in the camouflage.








From froomkin at law.miami.edu  Sat Nov 16 17:21:49 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Sat, 16 Nov 1996 17:21:49 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <199611161725.JAA01334@crypt.hfinney.com>
Message-ID: <Pine.SUN.3.95.961116201838.5107B-100000@viper.law.miami.edu>


On Sat, 16 Nov 1996, Hal Finney wrote:
> 
> I don't quite follow how this would work.  If Trent issues a blind
> signature, then that means (doesn't it?) that he doesn't see what he
> is signing.  So how can he confirm that the message is actually from
> a member of the group when he doesn't see it?

There are two ways to do this.

Method number one is to have the person present 100 messages for blind
signature.  You unblind 99, check that the data is there; the odds are
good it's there in other one.  If any of the 99 are duds, you kick the
cheater out of the system.

The disadvantage of course is that the blind signer gets to read the
message.  (Actually the other 99 copies of it, but no secrecy for the
signer.)  This wasn't a problem for digital cash where each "message" was
a unique digital coin, but is a problem here.

Brands has a better scheme that I don't understand exactly.  He recently
attempted to explain it to me thusly:

==start quote

In fact, the original Chaum/Fiat/Naor protocol was cut-and-choose,
where you would basically do the work for 100 coins in order to
obtain a single one that contains your identity; in my protocol
the bank sends to the user a single number, the user responds with
a single challenge, and the bank then provides a single response--
from this the user can compute exactly one blinded coin, that
nevertheless contains an identifier no matter how the user performs
the blinding. As a result, the protocol, while complex as to why
it is secure and in particular why the identifier cannot be gotten
rid of, is highly efficient. (To withdraw a coin, both the bank and
the user need not do more real-time computations than the work
for a single modular *multi*plication (not exponentiation)).

Thanks again!
Stefan Brands,
------------------------------------------------------
CWI, Kruislaan 413, 1098 SJ Amsterdam, The Netherlands
E-mail: brands at cwi.nl, URL: http://www.cwi.nl/~brands/

===end quote

Can anyone tell me more?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 








From jai at aloha.com  Sat Nov 16 17:52:32 1996
From: jai at aloha.com (Dr. Jai Maharaj)
Date: Sat, 16 Nov 1996 17:52:32 -0800 (PST)
Subject: Giving Kill Files a Workout...
Message-ID: <Pine.BSI.3.95.961116154415.792A-100000@aloha.com>


On Sun, 17 Nov 1996 02:24:11 -0200 UTC,
in message <199611170424.CAA09647 at prometheus.hol.gr>,
"George A. Stathis" <hyperlex at hol.gr> wrote:
> [...]
> Rather infuriating, too, that newbies are PATRONISED. [...]
 
The practice is widespread in the newsgroups, of course. Years
ago when I first started participating in the security and
crypto groups I received many messages from vigilantes who
instructed me to pay no attention to certain posters.  It
became quite obvious after only a few days that the persons to
be avoided and censored were the creative ones with new ideas
and the promise for a better Net.  On the other hand, the
self-appointed cops were the unimaginative pipsqueaks who
were, quite frankly, involved in promoting only their
mediocrity.  They felt threatened by the wiser and brighter.
 
> Lastly, I have now read nearly ALL of Dimitri Vulis'
> postings (in the F-K list), and consider it CRIMINAL
> censorship if anyone tries to stop him from speaking out.
> His talent at exposing fallacies is magnificient. This is
> the beginning of the END of pimping-on-the-net in the name
> of "privacy". George
 
His work in exposing the thugs of  lava.net  aka
lava(tory).net  is really appreciated here in Hawaii [*] by
freedom-loving netters.  Thanks to Dr. Vulis and others, the
Cabal (spit) and the Lynch Mob (vomit) are nearly dead.
 
Hawaii Footnote [*]

A member of the international press who is traveling with
President Clinton during his vacation here asked me earlier
today, "How's the Internet doing, got a story for me?"  I think
I may suggest the issues being discussed here.  Perhaps non-
governmental-censorship matters have not received enough
attention in the mass-media yet.

Jai Maharaj            Aloha!                                              
%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:%:% Om Shanti %:%:%







From dlv at bwalk.dm.com  Sat Nov 16 18:00:18 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 18:00:18 -0800 (PST)
Subject: Could Declan or some libertarian explain this?
In-Reply-To: <328DFEAD.41C@gte.net>
Message-ID: <8kJiXD21w165w@bwalk.dm.com>


Dale Thorn <dthorn at gte.net> writes:

> Rich Graves wrote:
> > >From the so-called fight-censorship list. I would ask there, but the list
> > owner won't let me, and I won't stoop to Vulis's level.
> > |        PLEASE MARK MY WORDS: IF MY BOOK IS NOT RE-PUBLISHED AND AVAILABLE
> > |IN BOOKSTORES, THE CAUSE OF ACADEMIC FREEDOM IN THE WEST WILL BE IN A SORR
> > |STATE.  FEW ACADEMICS WOULD BE PREPARED TO SUFFER THE MANY BLOWS AND
> > |THREATS THAT I HAVE NOW ENDURED FOR SIX MONTHS. IF 'The 'g' Factor'
> > |DISAPPEARS, SO WILL OTHER SERIOUS PRODUCTS OF RESEARCH AND SCHOLARSHIP --
> > |ESPECIALLY IF THEY ARE DEEMED "CONTROVERSIAL" BY THE LIBERAL-LEFT.
>
> > His complaint is that his publisher stopped distribution of his book arguin
> > that blacks are mentally inferior to whites.
> > Could someone please explain to me how Chris Brand is different from Vulis?

The poor guy said something politically incorrect and got censored?

> > I mean in form; in practice, Declan is bashing Vulis for not recognizing
> > rights of private editorial control, but uncritically passing on Mr. Brand'

I don't think Declan said this: if he did, then he was lying. I spnet about
an hour on the phone with him, and I said, among other things, that John
definitely had the right to censor anyone on his private mailing list, which
this is; and John has the right to destroy his own credibility, which he did.
This caused Declan to giggle. Those who attend the DCpunks meeting at Declan's
place can confirm that Declan has a decidedly unheterosexual giggle. Declan
attributes to John Gilmore the claim that I somehow appeal to the state to
protect me from John Gilmore's censorship, which is a lie - that's why I
call John Gilmore a liar, and not Declan. I used Declan to get out pretty
much the message I wanted. I'm satisfied with his writeup.

Actually, there is one passage where he said I object because I wasn't warned
in advance that I'd be unsubscribed. This is not what I told him. I said,
I sent a bunch of e-mails to majordomo at toad.com saying "who cypherpunks" and
"who coderpunks" and "help" and got no response. Eventually I tried the same
from another account and got a response. It was very rude of John to have
majordomo "play dead" without telling me. That's why I call John Gilmore a
sneaky bitch. I don't think Declan understood what I told him. It's clearly
a case of cluelessness, not an intentional lie, as is the case with John.

> > message alleging that private editorial control is censorship. Far be it
> > from me to criticize Declan's right to exercise editorial control over
> > substantive dissent and factual correction, but I was just wondering.
>
> Could someone explain to me why we have to have *any* censorship, if
> people on a list are given tools to filter with and reminded on occasion
> how to use them?

I think this was explained many times over by the likes of Jim Ray and
Sandy Standord: they can filter out the information that bothers them,
but they're bothered even more when someone else receives the information
they don't want them to receive. That's why they seek to silence whoever
they disagree with and not just filter them out of their own mailboxes.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From Adamsc at io-online.com  Sat Nov 16 18:05:10 1996
From: Adamsc at io-online.com (Adamsc)
Date: Sat, 16 Nov 1996 18:05:10 -0800 (PST)
Subject: NT insecurity
Message-ID: <19961117020255750.AAA212@rn234.io-online.com>


On Sat, 16 Nov 1996 17:00:56 -0500 (EST), Michael H. Warfield wrote:

>	Hooo  Hummm...  Another one...

>> Given the recent comments about insecure machines, I thought it was
>> interesting to note that you can clear *every* password on an NT box by using
>> a diskeditor to corrupt the password file (Boot off of a floppy and use
>> NTFSDOS if you have to).  It'll reboot several times and then you'll be
>> allowed to login.

>	Much as I absolutely detest NT, lets reitterate what everyone else
>on this list has already heard too TOO many times...  If you have physical
>access to the machine, it ain't secure.  It doesn't matter what operating

True.  However, as has been reiterated many times, NT is being marketed as a
secure platform.  Unix people tend to know that you need to work to secure
it.  MS hype might lead some of the non-cypherpunk admin types to believe
it's secure.  Trust me. I hear from these people all the time!

#  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From nobody at huge.cajones.com  Sat Nov 16 18:22:42 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Sat, 16 Nov 1996 18:22:42 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <199611170222.SAA10990@mailmasher.com>



Privacy is a hassle.  Is it worth it?

Which unfortunate situations does privacy prevent?  What are the odds
that they will occur?  How much effort will it take to prevent these
outcomes?  As a model, use the present and future situation of a
typical reader of this list.







From tcmay at got.net  Sat Nov 16 18:46:20 1996
From: tcmay at got.net (Timothy C. May)
Date: Sat, 16 Nov 1996 18:46:20 -0800 (PST)
Subject: Cypherpunks State of Emergency
In-Reply-To: <1.5.4.32.19961117011708.007245d0@pop.pipeline.com>
Message-ID: <v03007801aeb42b9f9114@[207.167.93.63]>



I think it's apparent that the events of Friday, with the other shoe to
drop on Monday (the H-P/Intel/Microsoft/etc. Final Capitulation), signal to
us that we are in a State of Emergency.

The Presidents of this country are in the habit of declaring such States of
Emergency, often essentially secretly (in that the sheeple know little of
such things, and those who speak of NSDDs and PDDs and EOs are demonized by
the media as "conspiracy nuts" and "militia members").

Maybe it's time for us to stop flaming about Vulis and his allies, and
concentrate on the Real War.


At 8:17 PM -0500 11/16/96, John Young wrote:
...
>Not to diminish the validity of Tim's alarm, is there not reason to
>anticipate that
>these tokens will be crackable. And thus continue the race between crypto
>enforcers and crackers?

Well, don't misunderstand me. I'm not saying "Give up."

In fact, the transparent nature of the government's "voluntary key escrow
for domestic users" strategy should cause redoublings and retriplings of
our efforts.

As John's SWAN program emphasizes, there still are no _import restrictions_
on crypto (and there may be severe constitutional impediments, as we've
debated several times). Get enough alternate channels using non-GAK crypto,
and even the latest Clipper won't succeed.

And sabotaging the GAK scheme in more devious ways remains an option. (I
hear some nym on BlackNet is still bidding $125,000 payable to any offshore
account for certain details related sabotaging GAK.)


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From hyperlex at hol.gr  Sat Nov 16 18:48:55 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sat, 16 Nov 1996 18:48:55 -0800 (PST)
Subject: Giving Kill Files a Workout...
Message-ID: <199611170647.EAA14563@prometheus.hol.gr>


At 03:52 �� 16/11/1996 -1000, Dr. Jai Maharaj wrote:
>A member of the international press who is traveling with
>President Clinton during his vacation here asked me earlier
>today, "How's the Internet doing, got a story for me?"  I think
>I may suggest the issues being discussed here.  Perhaps non-
>governmental-censorship matters have not received enough
>attention in the mass-media yet.

Quite true, and the same thing I was told by the Chief-Editor
of "Info" (the weekly Internet-supplement of a prominent Greek
journal -Eleftherotypia).

One last comment is important here:

******************************************************************
If the 'neo-liberal' ideology of EVERYTHING becoming 'privatised'
succeeds, then non-governmental censorship is MUCH more important
the governmental censorship.
******************************************************************

The Internet is a threat to the 'traditional' role of the media,
and 'list-owners' try tp behave like patronising conventional
newspaper-editors. All the filth that was hidden in the closet
of the journalistic profession comes out, as a result, in the
Net. These people want to _model_ mailing lists after journals
-ironically at a time when many journalists are free to write
what they like sometimes against the opinions of the journal-owners.

Perhaps our only hope is that... Freedom sells.

George








From Dietrich_Kappe at redweb.com  Sat Nov 16 19:09:05 1996
From: Dietrich_Kappe at redweb.com (Dietrich J. Kappe)
Date: Sat, 16 Nov 1996 19:09:05 -0800 (PST)
Subject: Exploring hooks in MSIE
Message-ID: <328E80BC.FF@redweb.com>


A little bird told me that MSIE has Javascript hooks that allow a site
to check whether all Microsoft products on a client machine are properly
licensed. Has anyone investigated the Javascript (err, Jscript)
implementation in MSIE to see if this is true?

The same little bird told me that MS is building some use of this
"feature" into their Websites. Can any MS consultants corroborate on
this issue?

This is just a rumor. The names of the birds have been changed to
protect the innocent.

DJK





From attila at primenet.com  Sat Nov 16 19:25:12 1996
From: attila at primenet.com (attila at primenet.com)
Date: Sat, 16 Nov 1996 19:25:12 -0800 (PST)
Subject: National Emergency
Message-ID: <199611170326.UAA22741@infowest.com>


In <v03007800aeb2dc721dbf@[207.167.93.63]>, on 11/15/96 
   at 06:59 PM, "Timothy C. May" <tcmay at got.net> said:

:[snip...]
:One of the things that most people don't appreciate is that these emergency
:orders are essentially never repealed. (Not too surprising--if I was in
:government, I wouldn't voluntarily give back any additional powers, either.
:And the only consituency for rolling them back is the membership of the
:evil militias, so nothing happens.)
:

        yes, you are absolutely right.  absolute power corrupts 
    absolutely and a government given (or taking) extra powers is not 
    likely to surrender same --they hope everyone forgets?

        maybe there is an analogy:

            militias:       the only way they'll take my weapon
                            is from my cooling, smoking hand....

            prez:           the only way they'll take my executive privileges
                            is to vote me out of office --IF I consent to leave.

--
    without arms they do not resist; 
        without communication they know not what to resist.
                -attila


[snip...]
:Basically, this was one of the alphabet soup of Emergency Orders, National
:Security Decision Directives, and Executive Decisions passed or enacted
:(sometimes in secrecy) during the last 30 years of the Continuing Emergency.

:(Nixon's wage-price freezes, the oil embargo actions, the strategic
:reserves, the anti-inflation measures, various Carter emergencies, and
:various Reagan emergency orders, including NSDD-145, which directly affects
:control of communicaitons, cryptography, etc.)

:FEMA, the Federal Emergency Preparedness Agency, took over several of these
:emergency orders (the running of them) in the late 70s.

:Standard stuff for we conspiracy buffs. One doesn't need to invoke
:historical groups like the Illuminati to see that the levers of power are
:pulled by strange folks.







From attila at primenet.com  Sat Nov 16 19:25:19 1996
From: attila at primenet.com (attila at primenet.com)
Date: Sat, 16 Nov 1996 19:25:19 -0800 (PST)
Subject: War Powers, Executive Orders, &c [was: National Emergency]
In-Reply-To: <199611160123.RAA00315@crypt.hfinney.com>
Message-ID: <199611170326.UAA22749@infowest.com>


In <199611160123.RAA00315 at crypt.hfinney.com>, on 11/15/96 
   at 05:23 PM, Hal Finney <hal at rain.org> said:

:  [snip]  The thing
:I found interesting is that it refers to the fact that we are currently
:living under a state of national emergency!  I searched on the whitehouse
:web site and couldn't find the executive order referred to (maybe it was
:classified) 
:
:  [snip]

        I remember, sometime ago, stumbling across a reference  that an 
    Executive Order for a State of National Emergency at the request of 
    James Stanton from Lincoln has never been withdrawn.  

        does not make a lot of difference anyway --Slick Willie would: 

            a) ignore any restrictions not to his liking; or,

            b) write a new one.

        actually, the ones to worry about are the various interlocking
    Executive Orders for FEMA --that is a pure police state with total
    property condemnation without process or compensation.

        that, and the even more ominous "survey" given to all USMC 
    spec-op/recon units (including my oldest boy) and all Navy Seals:
    
        46. The U.S. government declares a ban on the possession, sale,
            transportation, and transfer of all non-sporting firearms. 
            ...Consider the following statement:
      
                I would fire upon U.S. citizens who refuse or resist 
                confiscation of firearms banned by the U.S. government." 

                        --The USMC 29 Palms Combat Arms Survey

    one last parting shot:

          without arms they do not resist; 
            without communication they know not what to resist.
                    --attila
 

--
    Cyberspace and Information are Freedom!  
        FUCK your WIPO, too. 
                -attila






From security at kinch.ark.com  Sat Nov 16 19:42:59 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Sat, 16 Nov 1996 19:42:59 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <J50HXD11w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961116193331.1181H-100000@kinch.ark.com>


I told myself that I wouldn't do this but ....

On Sat, 16 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Dave Kinchlea <security at kinch.ark.com> writes:
> > >
> > > Irrelevant analogy; snail.mail and e-mail.  The former is in physical
> > > form, and the latter usually never is.
> >
> > No kidding, thanks for that information. Perhaps you can explain how it
> > is relevant?
> 
> Very simple: snail mail is much more suitable to be used as evidence in court
> than e-mail.

But I wasn't talking about evidence in court, ALL I was talking about
was personal privacy in a (wasted) reply to aga's assertion that only
criminals would want to use PGP for email. I made the simple observation
that I think it is reasonable for me to not want others to read personal
(e)mail, period. Nothing about courts, law, free speech or anything
else. That was aga's straw-man, not mine.

[...]

> > Another irrelevant and completely inaccurate point. I utilize free
> > speech everyday yet I manage to do it without anonymity.
> 
> It's ironic that I read Dave's e-mail on John Gilmore's private cypherpunks
> mailing list, which is known to be censored by John. If you're subscribed to
> this mailing list, then you're definitely not utilizing free speech.

On the contrary, nothing and nobody has stopped me (or you apparently) 
from speaking openly and freely. You are just being silly.

I didn't even say I opposed anonymity, I just find it distasteful.
 
[...] 

> I don't know that PGP is safe. That's I don't use it.
> (The exception are my NoCeMbots which use PGP to sign their notices, because
> properly implemented NoCeM clients check digital signatures.)

Well, in case you missed it, I was simply having fun with the word
`safe'. As I do not do things illegal and there is nothing in my
encrypted or non-encrypted mail that would get me into trouble, it is of
course perfectly `safe' even if the encryption were broken. Much more
than adequate for the `envelope' that I want it for. 
 
> > > Why are you so paranoid that someone is reading your e-mail?
> >
> > Paranoid? No, but why make it easy for anyone to do so?
> 
> I think the censors' agenda is the opposite: they *don't* want anybody to be

Blah blah blah, this is your argument not mine. I won't help you here.

cheers, kinch







From dlv at bwalk.dm.com  Sat Nov 16 20:10:17 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 20:10:17 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <199611162203.QAA01201@manifold.algebra.com>
Message-ID: <FaqiXD25w165w@bwalk.dm.com>


ichudov at algebra.com (Igor Chudov @ home) writes:

> Dr.Dimitri Vulis KOTM wrote:
> > You forgot "limp-wristed, EFFeminate, bearded, 50-ish blonde".
>
> What is this supposed to mean? Is that some cultural thing?

"Who", not "what".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 16 20:10:26 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 16 Nov 1996 20:10:26 -0800 (PST)
Subject: Another apologist for John Gilmore's censorship
In-Reply-To: <01BBD3C9.2396E740@king1-10.cnw.com>
Message-ID: <cVqiXD27w165w@bwalk.dm.com>


blanc <blancw at cnw.com> writes:

> In glancing through and deleting so many messages about how blasphemous =
> and perverted John Gilmore is for having "censored" one list afficionado =

Why the quotes? John Gilmore censored me with no quotes.

> Strange, too, that those who clamor for freedom of speech are accusing =
> JG of being contrary to his principles.

No. John Gilmore's actions are contrary to free speech, but his own
principles clearly don't include free speech. He has no credibility.

>                                           They expect that just because =
> individuals should be at liberty to speak, everyone must therefore be =
> prepared to tolerate all manner and kind of insults against themselves =
> (or be a passive witness to it).

Not true. An honorable person would tolerate all speech and either ignore
it or respond with more speech. A dishonorable person, such as John Gilmore,
seeks to silence the speech he doesn't like.

> In that case, it would mean that because individuals are to be free "to =
> do" as they will, therefore that courtesy and manners are no longer =
> valid, that high standards of personal behavior are not important, that =
> self-command is not required, that exercising one's best judgement is of =
> no practical value for life in the real world.

Funny you should mention manners. Censorship is rude. John Gilmore's plug-
pulling has got to be one of the rudest acts ever perpetrated on this
mailing list. Note also that he hasn't pulled the plugs of other very
rude people, like Timmy May (fart).

> It would mean that in the environment of liberty, it would be incorrect =
> for individuals to prevent assaults against themselves or their morals, =
> against their personal preferences, or against their choice of topics =
> for a discussion list which they started.  This would mean that, for =
> instance, it wouldn't be right for free individuals to prevent from =
> being sexually molested, because it would be "censorship" against the =
> perpetrator.

Speech is not action. Action is not speech.

> These complaintants against censorship must not understand the purpose =
> for freedom of action, of expression, etc.; that they do not understand =
> the need for being "free":  =20
>
> it is so that one may, without interferance from uninvited participants, =
> engage in arranging the elements of one's existence for the greatest =
> benefit to oneself.   Tolerating insulting drivel does not fall into =
> that category.
>
> The environment of liberty to express oneself also permits the exercise =
> of the highest logic possible to an unfettered intelligence.  Filling up =
> the mailing list with irrelevant accusations about bizarre sexual =
> practices is not of any logical benefit towards enlightenment on the =
> subjects of encryption or privacy.  =20

I don't think John Gilmore's sexual practices are *that* bizarre. The Kinsey
report estimates that 10% of the population shares his practices.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From CaShaky at aol.com  Sat Nov 16 20:21:03 1996
From: CaShaky at aol.com (CaShaky at aol.com)
Date: Sat, 16 Nov 1996 20:21:03 -0800 (PST)
Subject: opinions on www.accutrade.com security?
Message-ID: <961116232020_227622933@emout04.mail.aol.com>


Hi,

Do any of you security knowledgeable people have any information on the
security of accutrade? I opened an account with them prior to subscribing
<sp? lol> to this list. I am now considering closing said account because of
what i have learned from this list. How easy or hard would it be for a hacker
to diddle with the accounts? To access the accounts all you need is a 9 digit
account number and a 4 digit pin number. But from what I have gleaned from
here is that the real leak in security is in attacking the OS directly.

If this post is inappropriate to this list I apoligize in advance, but i have
come to the conclusion that there are very bright and knowledgeable people on
this list (once you filter out the noise) and would appreciate your opinions.

Thank you
CaShaky







From steve at edmweb.com  Sat Nov 16 20:26:12 1996
From: steve at edmweb.com (Steve Reid)
Date: Sat, 16 Nov 1996 20:26:12 -0800 (PST)
Subject: PGP3.0 & ElGamal
Message-ID: <Pine.BSF.3.91.961116193436.193B-100000@bitbucket.edmweb.com>


>> Yes, but I believe 3DES has an effective key length of only 112 bits.
>> Of course, even this is more than sufficient for a long time to come. 
> 3DES can have an effective key length of 168 bits if 3 keys are used
> instead of two.  There are no security problems that I know of from 
> using 3 keys. 

The Meet In The Middle attack (MITM, not to be confused with Man In The
Middle) is a time-memory tradeoff that works against any multiple
encryption. 

Triple encryption:
ciphertext = encrypt(k3, decrypt(k2, encrypt(k1, plaintext)))
plaintext  = decrypt(k3, encrypt(k2, decrypt(k1, ciphertext)))

An MITM attack, as I understand it, works by decrypting from one end and 
encrypting from the other...

Step 1- decrypt(x3, ciphertext) for every possible x3, and store all the
results. This requires 2^56 operations and 2^56*8 bytes (550 petabytes?)
of memory when done against 3DES. Quite a lot, but it might be doable. 

Step 2- decrypt(x2, encrypt(x1, plaintext)) for every possible x1,x2. 
This require 2^112 steps with 3DES. If the result you get can be found in
the table built by step 1 then you've figured all three keys. 





From froomkin at law.miami.edu  Sat Nov 16 20:27:27 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Sat, 16 Nov 1996 20:27:27 -0800 (PST)
Subject: A word on "emergencies" [WAS Re: Final Solution to the Crypto ]
In-Reply-To: <1.5.4.32.19961117011708.007245d0@pop.pipeline.com>
Message-ID: <Pine.SUN.3.95.961116230726.5675C-100000@viper.law.miami.edu>


I would like to dampen a little of the panic and FUD that seems to be
breeding on the question of the "national emergency" declared to keep the
bulk of the Export Administration Act regulations in effect after the
statute itself lapsed by its own terms.  [Note, by the way, that the EAA
rules are the *mild* ones.  The *tough* ones are still in force and are
not going away ... kill the EAA rules, and they start reclassifying
everything back to the Military List?]

Whether you like it or not, Congress has delegated to the President
sweeping authority to declare "national emergencies" due to foreign
threats.  In wartime the authority is very extensive; in peacetime almost
as great.  The authority is found in the "International Economic Emergency
Powers Act" (IEEPA).  While the President's determination that an
"emergency" exists is not reviewable, actions taken under IEEPA authority
*are* reviewable, indeed more reviewable than acts taken under the export
control laws. Of course since the delegation of power is broad, it's often
hard to win.

There have been LOTS of Presidential declaration of "emergencies" under
IEEPA and its predecessor statutes (e.g.the "trading with the enemy act",
which still applies in wartime).  Indeed, there are fewer today than
before Congress attempted to reform the system and required most of the
large number of emergencies in force to cease.  For example, every time
the President orders an embargo, e.g. against Iran, the statute requires
that he first declare an "emergency".

My point is not that Congress was wise to give the President this power. 
That's debatable; it's even more debatable that the intent was for it to
be quite as broad as the courts have found it to be (see e.g. Harold Koh's
book, The National Security Constitution, for more info). 

And, the point is not that Presidents are using this power in a wise or
measured way.  It's obvious that they are not.   At any given time
since WWI, many many (too many) "national emergencies" have been in force.

And, the point is especially not that this President was wise to declare
an emergency on these facts (although in his defense, several previous
presidents did exactly the same thing when previous editions of the EAA
lapsed; it seems to be something of a tradition...). 

Rather, my point is a simple one.  The fact that the President has
declared an emergency here is primarily a technical legal event.  It is
not a sign that martial law is about to be declared, that they are coming
to take you or your [fill in blank] away, or that anything fundamental has
changed.  Multi-year emergencies in which the executive uses one statute
to compensate for the Congressional decision/failure to pass another
statute is not, I submit, a particularly telling sign of a mature and
healthy democracy.  But this goes to large and gradual processes, not to
anything that suddenly happened. 

Again, for some background on all this, written before the Nov. 15
anouncements, see 
http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm#POSTSCRIPT

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506(fax) 
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From dthorn at gte.net  Sat Nov 16 20:29:13 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 20:29:13 -0800 (PST)
Subject: THAT is what makes John Gilmore an ASSHOLE!
In-Reply-To: <Pine.LNX.3.95.961115073500.2693I-100000@dhp.com>
Message-ID: <328E79CB.103F@gte.net>


Mike McNally wrote:
> Dale Thorn wrote:
> > Mike McNally wrote:
> > > (So what if John decided simply to pull the plug on toad in order to
> > > plug in a new hot tub?)

> > Well, what if he did?  Are you sure that would make aga look like a
> > fool, or would it make you look like a fool, since it would tend to
> > confirm what people like aga have been saying?

> No, and it's not clear to me why you think my question had anything to
> do with my wanting "aga" to look like a fool.  That was not my intent.

You mean you really respected what "aga" was saying?

> I simply question the claim by "aga" that somehow Mr. Gilmore is
> obligated to provide his services and capital to support the "public
> property" that the cypherpunks list has allegedly become, as opposed
> to treating it like the ephemeral by-product of software running on a
> computer he owns.

Neither "aga", nor myself, nor anyone else I know has suggested what you
claim, anymore than we would obligate ourselves to do it. This is merely
a classic denial technique you and others are using.

The fact is, the list does run, and you'd have a hard time convincing me
or anyone else that (according to your claim) John would somehow be spending
*more* capital and doing *more* support if he hadn't cut the "Doctor" off
of the list.

What myself and others would like to see (and we're willing to argue for
such a thing as much as is humanly possible) is a non-hypocritical list,
where a person is not banned for the content of their speech as Vulis was.

People who agree with you drone on ad nauseam about Vulis' "actions",
another denial technique IMO. What Vulis *did* was speech, not "actions".

Frankly, I would much rather read his postings than the anti-speech drivel
that's been posted so much here lately.

I'm guessing John must be thinking one of a couple things:

1. Like a home property in Beverly Hills, where all the lawns are neatly
   trimmed, and everyone behaves so properly, John looks at "his" list one
   day and freaks out, saying to himself something like "gadzooks, Vulis
   is trashing my list, as though he moved in next door and lowered the
   value of "my property".

   And don't get me wrong, I understand the feeling, it's just that when
   you've decided you have a "right" to control something like cypherpunks,
   all you're really going to accomplish is to lessen your own reputation,
   because you can't control cypherpunks like you can property in B.Hills.

   If you like the Beverly Hills analogy, try to come up with a scenario
   where (as in Beverly Hills) you can get the cooperation and approval of
   85% - 95% of the residents (subscribers) to boot out the undesirables.

2. John may have become concerned about his possible liability for some
   of the postings (accusations of child molesting, etc.), and panicked
   and did the knee-jerk damage control he thought best.

   Now, under ordinary circumstances, a list "owner" or operator may not
   be responsible for any of the traffic content, as long as it can be
   demonstrated that they "weren't aware" of any libelous content. In the
   case of cypherpunks, though, Gilmore could scarcely deny knowing about
   some of this stuff.  **This is mere conjecture on my part**.







From dthorn at gte.net  Sat Nov 16 20:29:25 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 20:29:25 -0800 (PST)
Subject: A New Crypto Announcement--Could be Ominous
In-Reply-To: <v03007803aeb2869761df@[207.167.93.63]>
Message-ID: <328E7C44.C55@gte.net>


Mark Heaney wrote:
> >It sounds ominous to me. Another backroom deal, probably for some form of
> >key recovery strategy, aka GAK.

> It sure looks like it, the following quotes from CNN's web page:
> http://www.cnn.com/TECH/9611/15/encryption.reut/index.html
> make it pretty clear that US government-approved export of strong
> cryptography is part of the announcement. What else could it be except gak?
> "If the encryption technology has won the backing of industry and the
> U.S. and other governments -- which Hewlett-Packard officials say is
> the case -- the development could eliminate a key obstacle to the
> growth of electronic commerce via the Internet. "
> "The technology will make it possible to export products containing
> so-called "strong encryption," which have not been exportable under
> national security laws dating back to the Cold War. "

Just a thought:  You remember that Uncle Dave (Packard, now deceased) was
the assistant Sec. of Defense, etc.  Don't think for a minute Lew Platt
and his boys don't have this one in the bag.

I once asked a couple of their PR engineers (they used to have those) if
HP would ever release (for example) the internals of their 1MB1 Capricorn
chip, which ran at 0.6 mhz (that's 640 khz!), and their answer as best I
remember was words and gestures to the effect of "no f______ way".

HP knows what's breakable and what's not, unlike you and me, and you just
know they're not going to put anything *really* important out there where
Bill and Hillary can get their paws on it.  Seems to me it's a matter of
who are you gonna line up with when the shit comes down, so to speak.







From dthorn at gte.net  Sat Nov 16 20:29:35 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 20:29:35 -0800 (PST)
Subject: San Jose Mercury News declares encryption battle over
In-Reply-To: <199611161913.LAA01571@crypt.hfinney.com>
Message-ID: <328E8BEC.2D76@gte.net>


Hal Finney wrote:
> >From the article
> <URL:http://www.sjmercury.com/business/compute/encrypt1115.htm>:
> > Under the plan computer makers could equip their machines, including
> > personal computers, with electronic ''locks'' of almost any strength. A
> > single computer model with strong built-in encryption could legally be
> > sold in both domestic and foreign markets.
> > The key is that the encryption circuitry would be inactive in exported
> > machines, unless both buyer and seller obtained all legally required
> > licenses to turn it on.
> > Domestic customers, and export buyers with a license, would get a special
> > key card to turn on the encryption, according to HP. Manufacturers would
> > thus be relieved of the burden of making different computers for export
> > than for domestic use.

> So it sounds like the idea is to build crypto around card tokens.  I think
> HP has been pushing this for some time.  The question is, will this somehow
> become the only way to get access to crypto?

[snip]

Point 1: HP (if you follow their history) would love to do something
exactly like this.  Microsloth and several hardware vendors (including
HP) are currently working on handheld computers which run a subset of
Win95 (called Pegasus), which are due out this year.  If this project
flies, they'll surely graduate it to laptops, to portable phones and
pagers, etc. etc.  Building a certain amount of the O/S into ROM has
its advantages....

Point 2: I've said something like this before, but here's a place where
it could mean something.  If c-punks and others could divvy up as many
of the supporting functions of "strong" crypto as possible, and issue
them in a set of commonly-available libraries for any and all programmers,
along with source code, then an application programmer (theoretically)
could order up some of these libraries and write some useful crypto code
in short order.  This would be much better than taking on thousands of
lines of source code directly.  This would also allow several vendors to
issue similar libraries, and surely someone on the Net could arrange
for comparitive product reviews.

This way, once you have a product up and running, if you (for example)
would like to replace the XYZ function with something a little better,
without impacting the rest of the code, you could order a replacement
for that function and plug it in, perhaps with no code modifications.







From dthorn at gte.net  Sat Nov 16 20:29:50 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 20:29:50 -0800 (PST)
Subject: The persistance of reputation
In-Reply-To: <199611161644.FAA08442@mycroft.actrix.gen.nz>
Message-ID: <328E91A3.15FD@gte.net>


Paul Foley wrote:
> On Fri, 15 Nov 1996 18:23:17 -0800, Dale Thorn wrote:
>    A disinformer posing as an idiot.  Go figure.
> Nice sig...and here I was thinking you were a real idiot.

I'll refrain from saying anything nasty here, since there is no info
in this posting to comment on, i.e., I don't know who you are.

However, when you decide to CC cypherpunks with a flame like you just
did, you could show *them* some consideration by leaving in some of the
material so they know what the hell you're talking about.






From jehill at w6bhz.calpoly.edu  Sat Nov 16 20:57:41 1996
From: jehill at w6bhz.calpoly.edu (Joshua E. Hill)
Date: Sat, 16 Nov 1996 20:57:41 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
Message-ID: <199611170451.UAA05059@hyperion.boxes.org>



	I'm trying to think of a function to replace UNIX's crypt(3).  
My design criteria are as follows:

	1) I want it to be secure.
	2) I would like to use a cryptographic hash.
	3) I would like to use well understood cryptographic primitives.
	4) I would like to use a salt, and I would like the salt to be
	considerably larger than the current salt.
	5) I would like the process to be able to be more computationally
	intensive than crypt(3).
	6) The ability to use the algorithm in any setting domestic (US)
	and abroad is a concern, but not a primary one.

	#1 is important for the obvious reasons.
	#2 is important because a one way hash allows for a secure way of
checking the original password against the entered password.  No password
should be able to be recovered by simply reading a file, or finding an
internal key.
	#3 is basicly a result of #1
	#4 and 5 makes the password system more resistant to a dictionary-
type attack.  Several of the more popular password guessers (ie: Crack)
get a significant speed increase from the fact that they only have to hash 
each of the words once per salt.  I would like it to be possible for each
user to have an independent salt (for any reasonable system size).  I would
also like this function to be able to be scaled to that it can be slower
than crypt(3).  This will also hinder a dictionary attack.
	#6 is a byproduct of silly legal concerns.

The algorithm that I developed was heavily influenced by RFCs 1852 [1] 
and 1828 [2] (IP Authentication using SHA and MD5, respectively), and 
"Keying Hash Functions for Message Authentication" by Mihir Bellare, 
Ran Canetti, and Hugo Krawczyk [3]

This algorithm borrows several concepts from [3]:
	The idea of the keyed hash, where the key is used as the hash's 
	IV, or Initial Value. Its security is completely based on the
	choice of the key, and the strength of the underlying hash
	function.

	The concept of the NMAC (Nested MAC), and security analysis
	of it.


The Algorithm:

Given that:
. = the concatenation operator
P = the user pass phrase
H(m) = the hash of the message m
l = length of the hash returned by H(m)
H(k,m) = the keyed hash of message m, using key k (as the IV)
N = salt, length l = (n1 . n2) where n1 and n2 are sub-salts
i = the iteration number
E = a temporary value = (e1 . e2)
K = key = (k1,k2), where k1 and k2 are the sub-keys used in the NMAC
NMAC(k, m) = H(k1, H(k2, m))

In several cases a value is said to be equal to the concatenation
of two other values (we'll take N as an example); ie 
N = (n1 . n2)
This means that N is divided into two equal sized chunks, n1 and n2.
(n1 . n2) = N

initially:
(1) E = H (P)
(2) k1 = (e1 . n1), k2 = (e2 . n2)
(3) T0 = NMAC(K, n)

And then:
(4) T(i) = NMAC(K, T(i-1) . n . T(i-1))
(repeat (4) a number of times)

In (1) the user pass phrase is hashed using the non keyed hash, and the 
resulting value is kept in E. 

In (2) k1 is formed by concatenating the first half of E and the
first half of the salt.  k2 is formed by concatenating the second
half of the key with the second half of the salt.  Now each sub-key
is of length l.

In (3) the NMAC of n is assigned to T0

and then in (4) T(i) is calculated by doing the NMAC of the value
of the previous hash concatenated with n concatenated with the value
the previous hash.

Step (4) is repeated a known number of iterations.

"Keying Hash Functions..." [3] seems to imply that the security of this
hash would be based on the length of l and the underlying hash function, H.  
Because of the way that K is used, the security granted is a function 
of l/2, not l.  (For further explanation see [3])

I was thinking of implementing this using SHA-1.  
This would lead to a 160 bit value for l, hence the security would be 
based on an 80 bit key.

Some modifications that I have considered, and would like feedback on
are:

I was thinking of making the keys used for the hash come from the
previous hashes, and then hash a constant string.  ie:
T(i) = NMAC(T(i-2) . T(i-1), P . n . P)
instead of having a more-or-less constant key, and constantly changing
what is being hashed.

I also am not sure that the string that I'm hashing is ideal.  
Would (n . P . n ) be better?

- -------------------------------------------------------------------------
[1] Metzger, P. and Simpson, W. "Request for Comments: 1852, 
	IP Authentication using Keyed SHA"

[2] Metzger, P. and Simpson, W. "Request for Comments: 1828,
	IP Authentication using Keyed MD5"

[3] Bellare, Mihir and Canetti, Ran and Krawczyk, Hugo. "Keying
	Hash Functions for Message Authentication"

I very much appreciate comments on any portion of this, or on my general
approach.
			Thanks,
			Joshua


-----------------------------Joshua E. Hill-----------------------------
|   If you not part of the solution, you're part of the precipitate    |
-------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------





From gt6511a at cad.gatech.edu  Sat Nov 16 20:58:11 1996
From: gt6511a at cad.gatech.edu (Lone_Wolf)
Date: Sat, 16 Nov 1996 20:58:11 -0800 (PST)
Subject: NT insecurity
In-Reply-To: <19961117020255750.AAA212@rn234.io-online.com>
Message-ID: <199611170457.XAA20573@gypsy.cad.gatech.edu>


# 
# On Sat, 16 Nov 1996 17:00:56 -0500 (EST), Michael H. Warfield wrote:
# 
# >	Hooo  Hummm...  Another one...
# 
# >> Given the recent comments about insecure machines, I thought it was
# >> interesting to note that you can clear *every* password on an NT box by using
# >> a diskeditor to corrupt the password file (Boot off of a floppy and use
# >> NTFSDOS if you have to).  It'll reboot several times and then you'll be
# >> allowed to login.
# 
# >	Much as I absolutely detest NT, lets reitterate what everyone else
# >on this list has already heard too TOO many times...  If you have physical
# >access to the machine, it ain't secure.  It doesn't matter what operating
# 
# True.  However, as has been reiterated many times, NT is being marketed as a
# secure platform.  Unix people tend to know that you need to work to secure
# it.  MS hype might lead some of the non-cypherpunk admin types to believe
# it's secure.  Trust me. I hear from these people all the time!

As do I.  In fact, in a decision made prior to my joining my current employer,
the IS manager actually advocated security by obscurity, believing that NT was
so new that nobody would know the security flaws in it.  So our firewall is
an NT platform with a commercial firewall product on it.  Which limits our
functionality (we call up for support saying "this is what we want to do", and
they say "Oh, our Unix version will do that, but not our NT version".  Not to
mention, it's pretty bad when your firewall crashes out from under (leaving no
access, instead of open access, but it STILl interferes with getting work
done, especially since 90% of my work involves a remote site on the other side
of the firewall).

James
# 
# #  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
# #  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
# "That's our advantage at Microsoft; we set the standards and we can change them."
#    --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)
# 
# 
# 






From snow at smoke.suba.com  Sat Nov 16 20:59:54 1996
From: snow at smoke.suba.com (snow)
Date: Sat, 16 Nov 1996 20:59:54 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <9611151718.AA02034@vesuvius.ai.mit.edu>
Message-ID: <199611170516.XAA02653@smoke.suba.com>


> >It's also the third largest political party in the country.

> Also untrue, the Reform party is a considerably more significant 
> force. 

     Third Largest != third most significant force. Most people who 
vote Perot are either Repubs or Democrats, not "Reform Party" members. 

     In the 2000 election, were there are no incumbents, Perot's numers
will be about the same as the Libertarians, and if Perot doesn't make 
the ballot (either death or too sick) the reform party won't even be 
on the map.

     Perot doesn't have that many supporters, just more people who 
have heard of him, so when they get to the Voting Booth, they looked 
an Clinton and almost threw up, then looked at Dole, but couldn't 
get their hand to their nose, so they punched the next name they
recognized. Perot.  


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From snow at smoke.suba.com  Sat Nov 16 21:01:07 1996
From: snow at smoke.suba.com (snow)
Date: Sat, 16 Nov 1996 21:01:07 -0800 (PST)
Subject: ??????????????????????
In-Reply-To: <199611151729.JAA17912@mailmasher.com>
Message-ID: <199611170518.XAA02663@smoke.suba.com>


> you did not intend rudeness.
> 
> Santa's Little Helper
  ^^^^^
     You missspelled Satan...





From rcgraves at ix.netcom.com  Sat Nov 16 21:11:40 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Sat, 16 Nov 1996 21:11:40 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116193634.2811A-100000@jolietjake.com>
Message-ID: <328E9EB6.539E@ix.netcom.com>


Omegaman wrote:
> 
> On Wed, 13 Nov 1996, Declan McCullagh wrote:
> 
> > Yes, I understand this. It's quite obvious; being removed from the
> > subscriber list hasn't slowed Vulis at all. When I was writing the piece
> > Vulis seemed to have slowed his ad hominem attacks and instead was talking
> > about censorship (something that is within the charter of the list), but
>                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Actually, Declan, it's not.  "info cypherpunks" in the body of a message to
> majordomo at toad.com yields the welcome message to the list -- the closest
> thing to a charter available.  The subjects of censorship and free speech
> are neither mentioned nor alluded to anywhere within that document.

This is true.

Declan's "fight-censorship" list, though, is supposed to be about censorship,
and he's allowing no criticism of his positions there.

-rich





From snow at smoke.suba.com  Sat Nov 16 21:36:42 1996
From: snow at smoke.suba.com (snow)
Date: Sat, 16 Nov 1996 21:36:42 -0800 (PST)
Subject: ideal secure personal computer system
In-Reply-To: <v02140b01aeb3002591ab@[10.0.2.15]>
Message-ID: <199611170553.XAA02749@smoke.suba.com>


> >A friend of mine just got back from a kerberos conferance at MIT, at
> >dinner one night they were talking about fun-n-easy ways to extract
> I discussed this seriously with an engineering acquaintence who has done
> drive design for a number of major companies.  He thought this could be
> easily achieved technically but might present some significant hurdles for
> getting UL approval :-)  Seriously though, there might be a market for an
> Mission Impossible drive retrofit kits which could be triggered by SW or
> HW.

     Well, how about this: spaced between each platter is 2 small files,
when the destroy is iniated, they simple dust off the platters. 

     Problem: 
     Power has to be on, 
     solution: don't turn the machine off unless you have to.   
               small (just enough to spin the drives up) battery in the
               drive case. 

     This shouldn't have too much trouble getting by the U.L.

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From snow at smoke.suba.com  Sat Nov 16 21:51:16 1996
From: snow at smoke.suba.com (snow)
Date: Sat, 16 Nov 1996 21:51:16 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <9611161024.AA00954@adsl-122.cais.com>
Message-ID: <199611170607.AAA02836@smoke.suba.com>


> Stephen Boursy wrote, along with a horde of others with no lives:
> [lots of worthless crap snipped out]
> > None of that analogy is applicable to the cyberpunks list.
> > When a list gets as big as that, it it no longer to be considered
> > a "mailing-list" but it is a _public_ forum.  The whole problem
> > here is the abuse of power by both the EFF and John Gilmore.

    Boursy is a twit who has lost more accounts that Vulis.

    Ignore him.

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From dthorn at gte.net  Sat Nov 16 21:58:05 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 21:58:05 -0800 (PST)
Subject: One Big Telecoms Company
In-Reply-To: <3.0b36.32.19961116165519.00cebb24@panix.com>
Message-ID: <328EA1DB.64FC@gte.net>


Duncan Frissell wrote:
> At 09:23 PM 11/15/96 -0800, Dale Thorn wrote:
> >Progress?  Most major cities (when I was a kid) had *several* competing
> >newspapers,

> Few realize that NYC today has circa 20 daily newspapers (circa 5 in
> English and circa 15 in other languages).
> In addition, I can read a hundred daily newspapers (or more) on the nets.

I'm jealous.  And I'm not kidding.  The NY Times costs $1.50 or $2.00 for
a daily in L.A., and considering the La-La Times is $0.25, paying 6 times
as much for the NY paper seems almost reasonable.

Out here in Disney Hell, we have 2 (count 'em) papers for 12 million or
so people in the L.A. basin, the O.C. Register (same as L.A. Times, but
reflavored for the suburban white folk in Orange County), and of course,
the (barf) L.A. Times itself.

A few years ago, the L.A. Weekly (free) enjoyed both an immense distribution
and a pretty good reputation.  Gone.  Long gone.  There's a much smaller
free weekly in O.C. (of all places) that has much of the credibility that
the L.A. Weekly gave up, but sadly, very limited distribution.

But I'm sure that goes to all levels in comparing NY and L.A.  If you
wanna collect a good stack of independent reading material in NY, I'll
bet you don't have to drive through 100 miles of hell to get the stuff.

So far NY has been pretty well insulated from what goes on here, and I
suppose that's because anyone who values such things as intellectual
freedom would prefer to live there as opposed to La-La land.  But if
you're saying it can't happen there, or that things really are getting
better, no.

Media consolidation is a public fact, it's been all over the financial
pages for some time now.  Have you not heard (just to name a couple of
examples) of the big weapons manufacturers like GE and Westinghouse
buying up NBC, CBS, etc.  Most Americans, you should know, get their
news from these guys.







From dthorn at gte.net  Sat Nov 16 21:58:06 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 21:58:06 -0800 (PST)
Subject: Don't Feed the Animals!
In-Reply-To: <v03007800aeb405c5abe0@[207.167.93.63]>
Message-ID: <328EA802.1B19@gte.net>


Timothy C. May wrote:
> Fact is, I now have more people in my Eudora filter file that at any time
> in the four years this list has existed. Also a fact, there are more people
> on this list that at any time in history (despite what some of the New Wave
> journalists are writing about "the death of the Cypherpunks list").

[snip]

> This one case
> involving Vulis was well-described by John: he asked Vulis to stop sending
> 50K byte rants about the Armenians and Turks to the list--consider that
> 50KB x 1500 destinations = 75 MB of outgoing traffic, modulo corrections
> for aliases, compression, etc. Vulis responded with more insults, basically
> saying "Make me!!!!" Gilmore said, "OK."]

[mo' snip]

I've been hammered on for a nearly-50k posting, which is pretty much just
a one-time deal for me, so I know what you're saying.  Is there some way
around this problem? I'd hate to take a coffee break and find my computer
downloaded 100 50kb messages of anything, especially considering the
duplication that takes place here.

I'd hate to think that all of this discussion comes down to a message-size
problem.






From dthorn at gte.net  Sat Nov 16 21:59:57 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 16 Nov 1996 21:59:57 -0800 (PST)
Subject: It Used to Be Eric's Inscrutable Deficiency
In-Reply-To: <01BBD3C9.2396E740@king1-10.cnw.com>
Message-ID: <328E9830.406@gte.net>


blanc wrote:
> In glancing through and deleting so many messages about how blasphemous and perverted John Gilmore is for having "censored" one list afficionado (more symbolic
> Strange, too, that those who clamor for freedom of speech are accusing JG of being contrary to his principles.   They expect that just because individuals shou
> In that case, it would mean that because individuals are to be free "to do" as they will, therefore that courtesy and manners are no longer valid, that high st
> It would mean that in the environment of liberty, it would be incorrect for individuals to prevent assaults against themselves or their morals, against their p
> These complaintants against censorship must not understand the purpose for freedom of action, of expression, etc.; that they do not understand the need for bei
> it is so that one may, without interferance from uninvited participants, engage in arranging the elements of one's existence for the greatest benefit to onesel
> The environment of liberty to express oneself also permits the exercise of the highest logic possible to an unfettered intelligence.  Filling up the mailing li

Your text was not line-wrapped or whatever.  All your other postings were
as far as I know.  BTW, I think you're confusing practicality and what's
good for one individual with what's good long-term for everyone.

Perhaps, giving Gilmore the momentary benefit of the doubt, he had his
back against the proverbial wall in some sense, and he did what he felt
he had no choice but to do. Who knows? The point now for many subscribers
is not whether Gilmore had to make one of those damned-if-you-do/damned-
if-you-don't decisions (which we're all glad *we* didn't have to make),
the point is now to look at the fallout, and whether Gilmore is going
to make additional comments/justifications on this list, or whether he
will simply clam up with that old-fashioned hillbilly stubbornness that
my ancestors (for example) were quite famous for.







From rcgraves at ix.netcom.com  Sat Nov 16 22:06:03 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Sat, 16 Nov 1996 22:06:03 -0800 (PST)
Subject: Mailing list liability (fwd)
In-Reply-To: <3.0b28.32.19961110014235.0071328c@mail.io.com>
Message-ID: <328EAB6C.2638@ix.netcom.com>


Sorry if someone already brought this up, but I don't see it
threading back. (I haven't read the article, either, but I
probably will, since soon I'll be mentoring a political group
in addition to the two technical groups I moderate.)

-rich

Date: Tue, 22 Oct 1996 14:24:59 -0400 (EDT)
From: Mark Eckenwiler <eck at panix.com>
To: cyberia-l at listserv.aol.com, moderators at uunet.uu.net
Subject: New law review article re Usenet moderators


Taylor, Jeffrey M., Liability of Usenet Moderators for
Defamation Published by Others: Flinging the Law of Defamation Into
Cyberspace, Florida Law Review April 1995. v. 47, n. 2 pp. 247-86

I have not yet read it, so I can't vouch for quality of analysis.

--
"We can imagine no reason why, with ordinary care, human toes could not be
left out of chewing tobacco, and if toes are found in chewing tobacco, it
seems to us that somebody has been very careless."  _Pillars v. R.J. Reynolds
Tobacco Co._, 78 So. 365, 366 (Miss. 1918). |  Mark Eckenwiler  eck at panix.com





From hal at rain.org  Sat Nov 16 22:25:26 1996
From: hal at rain.org (Hal Finney)
Date: Sat, 16 Nov 1996 22:25:26 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <199611170625.WAA03050@crypt.hfinney.com>


From: "Michael Froomkin - U.Miami School of Law" <froomkin at law.miami.edu>
> [Discussion of blind signatures]
>
> Brands has a better scheme that I don't understand exactly.  He recently
> attempted to explain it to me thusly:
>
> [Brands quote elided]
>
> Can anyone tell me more?

We had quite a bit of discussion of Brands' technology on the list a
couple of years ago.  Take a look at <URL:
http://chaos.taylored.com:1000/0Z/Digital-Cash/Protocols/Brands/Brands-Cash-Notes.gz >
which has several pages discussing discrete logs and some of the ideas
behind Brands' protocols.  Unfortunately I am getting cut-off versions
of these pages tonight, along with occasional failures to find a route
to this server, so hopefully it is just the net acting up again.

Hal





From hal at rain.org  Sat Nov 16 22:32:55 1996
From: hal at rain.org (Hal Finney)
Date: Sat, 16 Nov 1996 22:32:55 -0800 (PST)
Subject: Remailer Abuse Solutions
Message-ID: <199611170631.WAA03064@crypt.hfinney.com>


From: ph at netcom.com (Peter Hendrickson)
> Another way to have anonymous posting but not be subjected to spam
> and the like is to dispense tokens every week to the subscribers.
> They can be signed blindly so that anonymity is preserved, just
> like e-cash.

I had proposed a similar idea to this a few years ago.  You would dispense
tokens, each of which needed to be included in an anonymous message.
So this prevents spam.  But it can also deal with abuse.

After sending the message, if it was not abusive, a new blinded token
would be broadcast which could only be decrypted by the sender of the
original message.  But if it was abusive, no new token would be sent.
Remailer users would watch these token broadcasts and get their new
tokens each time they sent a message.  The remailer might have to delay
issuing the replacement tokens for a day or two to give the recipient
time to complain.

If you gave everyone in the world an initial supply of a few tokens,
then every time they abused, they'd lose one.  But as long as they use
the remailer reasonably they can continue to use it forever because they
get a new token for each one they use.  Messages still remain completely
unlinkable and the remailer has no way of learning anything from the
tokens it sees since they were all issued in blinded form.

Hal





From hal at rain.org  Sat Nov 16 22:49:20 1996
From: hal at rain.org (Hal Finney)
Date: Sat, 16 Nov 1996 22:49:20 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <199611170649.WAA03091@crypt.hfinney.com>


David Brin has an article in the December issue of Wired arguing that
privacy is obsolete and was never that great an idea in the first place.
I corresponded with him a few years ago when he was working on a draft
of a book which would develop this idea.  Needless to say, I disagreed
with many of his views.  Here is an excerpt from a letter I sent to him
where I defended the notion that privacy is valuable:

===

You suggest that the main motivation which someone might have for protecting
privacy is that they are engaged in some illicit activities:

page 45: "Why should I really care if someone sees this?  I have nothing to
hide."

But aren't exceptions to this quite common in real life?  What about the gay
man who doesn't want to come out of the closet?  What about the
environmentalist who works in the clerical department of an oil company with
little tolerance for such beliefs? What about the closet atheist in the
fundamentalist Midwestern town?

Maybe you'd say that all of these people should expose their secrets, or have
them exposed for them, and that the world would be a better place. (Actually,
you do seem to say this, and I'll discuss it later.)  But I think this assumes
a certain level of tolerance on the part of society. What if this is wrong?
What if society, or just your neighbors, or your boss, is not so tolerant?
What if you lose your job, or get hounded from your neighborhood, once these
secrets are exposed?

I really don't think we have any right to second-guess the decisions people
have made about what they will reveal and what they will keep private.  They
are the ones who have to live with the consequences.  They are the ones who
should make the decisions.  For you to say that people should have "nothing to
hide" is awfully facile.  If you had admitted in your book to be a pedophile
or a white supremacist, coming out of the closet as a demonstration of your
faith in the values of openness, that would at least indicate that you had
experienced that of which you had written.  But of course even that would not
give you the right to presume to tell others to follow the same course.  In my
opinion.

Furthermore, there is a long tradition of anonymity and pseudonymity in
literature.  Probably the most prominent examples are the Federalist Papers,
published anonymously due to fear of political retribution.  The whole area of
politically-inspired anonymity is another counter-example to this notion that
people only want privacy for evil purposes.  How can you look back at the
history of even this country, which probably has one of the best records in
the world, and feel confident that no one will ever be wiser to express an
unpopular view anonymously?  Even if you feel safe about it in the U.S., your
suggestions would have world-wide impact. There are many countries in the
world where criticizing the government will have to be done anonymously if it
is done at all.

This raises the point that anonymity may promote criticism.  You go to some
lengths to praise the value of critical commentary as a route to the truth.
Yet in real life political considerations are one of the most potent blocks to
criticism, and these often apply most strongly to those who are in the best
position to criticize.  It is only through anonymity that much of the most
useful criticism can arise.  This is why we have our "whistle-blower" laws,
anonymous informants, etc.  Yes, anonymity can be easily misused in this
regard.  Information supplied anonymously needs to be carefully verified
before it can be relied on.  But I don't see the value in stripping the shield
of anonymity from people who would like to expose some injustice but are
afraid of the personal consequences.

===

Hal





From hyperlex at hol.gr  Sat Nov 16 23:01:59 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sat, 16 Nov 1996 23:01:59 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611171100.JAA21839@prometheus.hol.gr>


At 12:07 �� 17/11/1996 -0600, snow wrote:
>> Stephen Boursy wrote, along with a horde of others with no lives:
>> [lots of worthless crap snipped out]
>> > None of that analogy is applicable to the cyberpunks list.
>> > When a list gets as big as that, it it no longer to be considered
>> > a "mailing-list" but it is a _public_ forum.  The whole problem
>> > here is the abuse of power by both the EFF and John Gilmore.
>
>    Boursy is a twit who has lost more accounts that Vulis.

In this case, I'd quote a poet who said
"I am not sorry for the poets who were left without an audience,
 I am sorry for the audiences who were left without any poets".

I would suggest that it is not at all a "safe" indication of personal
or intellectual _worth_, (of Mr. Boursy or of anyone) "how many
accounts he has lost".

For two reasons:
(1)  As I read Mr. Boursy's postings, I see no indication that he is
     either deranged, or evil, or lacking sanity or maturity. If he
     had these qualities, they'd sooner or later show up inside the F-K
     list, to which I subscribe for several months (nearly a year?).

(2)  The situation inside the "less official" side of thje Internet,
     at the moment (aka mailing lists) is so notoriously repressive
     that perhaps a _minority_ of mailing lists do not indulge in
     so-called "forcible unsubscriptions". E.g. what about the "Orgonomy
     mailing list" kicked out an eloquent critic of its owner (Dr.
     Demeo) (can find all names and details if you like) just because
     he opposed Dr. Demeo's "experiments" in an Israeli desert which
     (allegedly, according to the critic) resulted in people's deaths.
     I mention this case, because I was present there, and because
     (just like the "Cypherpunks" list) it was directly or indirectly
     related to issues of Freedom ("Orgonomy" being the "Alternative
     Psychology" of a rather unconventional thinker called Wilhelm Reich
     who died in an American jail after the McCarthian State framed him).




>    Ignore him.

It is not ethical to send such strong negative _injunctions_ to masses
of people and also to strangers (the 1900-strong members of the cyberphunks
list for instance). Because, you may or may not have strong reasons for
believing you are justified in such invalidation, but more than a 1000
people are now _told_ by (self-appointed) "experts" such as yourself what
and whom to ignore or to believe. (Like sheep led to the slaughter)...

This was my objection also inside the F-K list, for _some_ of the postings
in the past, but none of these postings was connected with acts of
censorship, or with "sweeping generalisations" without evidence. On several
occasions that I searched and found who or what they were talking about,
I discovered they were talking about people whose activities were indeed
horrifying (forged cancellations etc) and who also fought back.

But what you are doing now, extending the "1-person-blacklist" to your
number-two-entry (Mr. Boursy) is exactly the thing that I hoped you might
avoid.


        First they kicked out Dimitri Vulis.
        
        Then they slandered and kept out Steve Boursy.
        
        Then...
        
        When they came after me, there was nobody left to support me.


(You can perhaps realize what this paraphrase is about)... :-(


Sincerily, and with... Sanity of Mind :-)
George Stathis









From snow at smoke.suba.com  Sat Nov 16 23:08:06 1996
From: snow at smoke.suba.com (snow)
Date: Sat, 16 Nov 1996 23:08:06 -0800 (PST)
Subject: Crypto Bounties: Another Thought that crossed my mind.
Message-ID: <199611170725.BAA03182@smoke.suba.com>



Here we go again:

      There are is a lot of software that we would all like to see
developed and deployed right? 

      There are a lot of people out there who write code, sometimes 
even freely redistributable code, but they have to eat, and get their
net access right? 

     Well, I was thinking, what if a "Crypto Software Bounty Server"
were set up, so that someone could propose a tool that they would like 
to see, along with an initial bounty. Others could contribute toward that
bounty (anonymously if they wish) until either the tool was delivered.

     The original issuer sets standards for the software (i.e. "easy to
use interface to mixmaster remailers for Macintosh", then must define
easy to use; Software considered delivered when in [alpha beta late-beta 
&etc.]). The first to present software meeting these qualifications gets 
the bounty, with the caviate that the software must be either gnu-copylefted,
or some similar "free use" copyright, after all, "The Net" paid for it...

     Some of the problems (and potential solutions) I can think of in this:

     1) Refusing to honor the contract--Maybe when a project is proposed,
        some other people (for a small percentage of the total) sign on
        as judges. When they feel that it reached the stated goal, then
        it is done. -Or- Money put up is non-refundable, and the bounty
        stays in the "bank" until claimed. 

     2) If the money stays in the bank until claimed, people might not 
        put up that much (or enough) to make a specific project worthwile--
      
        This could be solved by allowing the "bounty" to lapse in one 
        of 3 ways:

        A) <x> length of time after the initial proposal (bad because 
           i) someone could already be working on it; ii) bad because
           other people might add to the bounty, so a potential programmer
           might not start until the "pot" has grown to a certain level.

        B) <x> length of time after the last addition to the bounty,
           bad for both i & ii above. 

           These can both be gotten around (and other problems) by allowing
           programmers to "register" with the service that they are working 
           on a project (either anonymous registery, so that people will 
           still contribute to the project, or list those registered so 
           that people know [if who] someone is working on it)

     3) Funding: The server (in both the machine and the organizational sense)
        could be funded by:
 
        A) Interest on the money accumulated.
 
        B) A percentage of the bounty (say 10%) 

        C) Both A & B.  
  
Has anything like this been proposed before? I know that the FSF (IIRC) accepts
contributions, but I am thinking of something more targeted, more "market 
driven" if you will. 

This could be expanded to non-crypto software as well, just think, if half 
the X Window users ponied up $5 a peice for a "good, easy to use non-motif
word processor", how long do you think it would take for someone to start 
coding a MS Word killer? 
 
Comments?


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From sandfort at crl.com  Sat Nov 16 23:24:15 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 16 Nov 1996 23:24:15 -0800 (PST)
Subject: Does John Gilmore...
In-Reply-To: <199611170408.CAA08642@prometheus.hol.gr>
Message-ID: <Pine.SUN.3.91.961116230248.26747B-100000@crl11.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 17 Nov 1996, George A. Stathis wrote:

> What worries me is that people still subscribe to the
> cypherpunks list after this assault on free speech takes place.

So I guess we won't be seeing George around here any more (or 
did he just me OTHER people should unsubscribe?).

> ...I would gladly write articles on Dimitri's expulsion and the
> facade of Free Speech in mailing lists etc.,...But since I have
> no time, it's likely someone else will report this.

What was that from Thomas Paine about summer soldiers and
sunshine patriots?  Three cheers for George and his commitment
to "Free Speech."  I know I'm impressed.
 

 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From attila at primenet.com  Sat Nov 16 23:46:17 1996
From: attila at primenet.com (attila at primenet.com)
Date: Sat, 16 Nov 1996 23:46:17 -0800 (PST)
Subject: San Jose Mercury News declares encryption battle over
In-Reply-To: <328E8BEC.2D76@gte.net>
Message-ID: <199611170747.AAA27780@infowest.com>



-----BEGIN PGP SIGNED MESSAGE-----

In <328E8BEC.2D76 at gte.net>, on 11/16/96 
   at 07:52 PM, Dale Thorn <dthorn at gte.net> said:

::Point 2: I've said something like this before, but here's a place where
::it could mean something.  If c-punks and others could divvy up as many
::of the supporting functions of "strong" crypto as possible, and issue
::them in a set of commonly-available libraries for any and all programmers,
::along with source code, then an application programmer (theoretically)
::could order up some of these libraries and write some useful crypto code
::in short order.  
::
        one of the best proposals in many years --we have all made good 
    use of library code over the years, unless the simpleton coder has a
    obsessive-compulsive masochistic need to write an extra 20-50,000 
    lines of 'reinvent the wheel' code.

        there are several linkable libraries floating around, with 
    multiple types, etc.  the only one I looked at a couple of years
    ago needed some extensive work on its calling and return
    conventions --ever hear of structures?

::This would be much better than taking on thousands of
::lines of source code directly.  This would also allow several vendors to
::issue similar libraries, and surely someone on the Net could arrange
::for comparitive product reviews.

::This way, once you have a product up and running, if you (for example)
::would like to replace the XYZ function with something a little better,
::without impacting the rest of the code, you could order a replacement
::for that function and plug it in, perhaps with no code modifications.
::
        ah, yes.  reusable code for disposable programmers!

        and, I agree with the premise on widespread free distribution
    add sand to the governent grease.  make sure every college has 
    complete project kits for free and we will have a new generation of
    expert cryto-application programmers within 5 years. 
        
        needless to say,the workbook needs to mix in a subtle dose of
    freedom of speech, &c.  don't espouse our usual anarchy, etc. or 
    the school admins (always on the leaing edge of the liberals) will
    have none of it.

        every one else puts in for government money to fund these kind
    of developments --make them their junk, but lose it all at 
    distribution --or have a separate organization deal with the 
    logistics.  once you have the product, and for every platform, the
    rest of it is standard word-of-mouth, something for nothing, and
    "fun."  call the package 'voodoo' and ship with a doll fashioned 
    after Bubba  --prestuck with pins.

            -attila

- --
        maybe there is an analogy:

        militias:       the only way they'll take my weapon
                        is from my cooling, smoking hand....

        prez:           the only way they'll take my executive privileges
                        is to vote me out of office --IF I consent to leave.

                <attila>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMo7CHb04kQrCC2kFAQHgLAP+MjgD0/ekgiQF1VBkhWQ+JOG0PrYRXg+p
F+l8zViJAigJbYwGxRlDEYm4Kl8z1ktNigLlr6t0uPbEmX4c5KPtDl4tEokrTsMk
uxLz8GB6zlKBGuDoBylbGNIGYUTXWaNhYcFL8bOcu+uRSAETsaAiPKynEkwFsigU
bgFenDTzMhc=
=1K7E
-----END PGP SIGNATURE-----






From hyperlex at hol.gr  Sat Nov 16 23:51:37 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sat, 16 Nov 1996 23:51:37 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611171150.JAA23268@prometheus.hol.gr>


At 11:11 �� 16/11/1996 -0800, Sandy Sandfort wrote:
>C'punks,
>
>On Sun, 17 Nov 1996, George A. Stathis wrote:
>
>> What worries me is that people still subscribe to the
>> cypherpunks list after this assault on free speech takes place.
>
>So I guess we won't be seeing George around here any more (or 
>did he just me OTHER people should unsubscribe?).

Rest assured that... I am not subscribed to your list anyway.
Maybe I allowed 5 or 6 messages to reach you, since the 'recipients'
contained your list in the first place.

It's part of *your* attempt (AFTER Dimitri's expulsion) to "have the
last word".  :-)  - NOT mine! :-)
 

Perhapds I'd subscribe to your list if serious discussions on...
crypography take place, which would enable me to better... protect
my own software by some kind of encryption. But I decided to lower
my prices and publish (my dictionaries) unprotected anyway! :-)

As regards 'PGP'...
I don't give a damn anymore who reads my mail, since I got used
to infringements of privacy anyway (since my childhood days in
a dictatorship).

In any case, It is not my style to 'hinder other people's discussions'.

And if a list contains more than 1000 people INDIFFERENT to Freedom
of Speech, it's not AT ALL 'my' kind of list anyway... :-)





>> ...I would gladly write articles on Dimitri's expulsion and the
>> facade of Free Speech in mailing lists etc.,...But since I have
>> no time, it's likely someone else will report this.
>
>What was that from Thomas Paine about summer soldiers and
>sunshine patriots?  Three cheers for George and his commitment
>to "Free Speech."  I know I'm impressed.


Aha! aha! aha!  :-)

You are on the verge on "taking the piss out of" (even) Thomas Paine!

How has it happened that you are so determined in your anti-Vulistic
zeal, so as to sacrifice even what the rest of the World admires in
your country?

I always liked Americans for their support of Individual Rights,
their Constitution, Jefferson and Thomas Paine, things like that...

Well, if you want all these reasons to vanish in thin air,
good luck in your next... forcible unsubscriptions! :-)

<shrug>
George

P.S. I have heard cynical Americans before, being 'sarcastic' against
     selfless supporters of Free Speech. A lot of you people can't
     even imagine a selfless cause without financial gain. Such is
     the... Mafia world of... pimping and prostitution, I suppose... :-)     
(-joke!) ROTFL






From ReplyOnly at ByMail.com  Sat Nov 16 23:54:51 1996
From: ReplyOnly at ByMail.com (ReplyOnly at ByMail.com)
Date: Sat, 16 Nov 1996 23:54:51 -0800 (PST)
Subject: ~~~ F.Y.I. ~~~
Message-ID: <199611170730.AAA05037@bud.indirect.com>


Dear Friend,

The Only Internet Book you will ever Need....

So you're on the Internet, but don't know what to do,
where to go, or how to do it. This EXCITING 175 page,
14 chapter, E-Book will cover everything from the
World Wide Web, Veronica, IRC Clients, Gopher, Telnet,
Advanced Email, and how to set up your own electronic
store front.  Whether you're a veteran on the net or
have just begun, there is something to LEARN from
"Your Personal Guide to the Internet". The Internet is
growing daily and it is quickly becoming the wave of
the future.

Have you ever wondered what people are talking about
when they mention FTP or client-server protocol? Has
it made you feel left out when you didn't understand
their lingo? Everyone knows that KNOWLEDGE is POWER,
so why not learn more and take advantage of it?
Picture this.  You buy a beautiful boat, and you go
to take it out on the lake.  You get there, you can
start the boat, but can't get it to go anywhere.  That
is how many people are on the Internet.  They have the
software and the ability to go online, but don't know
what to do with it.  This is where "Your Personal Guide
to the Internet" comes in.  Just as a boat manual  would
have been useful to allow you to go on your trip, this
guide will allow you to do just about ANYTHING that you
can imagine on the Internet.

So, how much will this knowledge cost you? Simply, $4.00!
That's right, FOUR DOLLARS.  Why are we selling it for a such
a LOW PRICE?  We feel that everyone who is online should
be able to use the Internet to their full capabilities.
Why go to the bookstore and spend $50 to $100 on Internet
books, when you can get everything you need for $4.00?
This is a MUST HAVE!  Do not pass up this
OPPORTUNITY!  This is a LIMITED OFFER.

**** If you order within 10 days, As a  SPECIAL BONUS, you
will also receive "1000 Places to Advertise for Free"!

**** ORDER FORM (print this out and mail it along with your
cash, check or money order):


Name ______________________________

Address ____________________________

City _______________________________

State_______________________________

Zip Code ____________________________

Phone Number (if sending check) ______________________

Email Address ________________________ at _______________________

Would you like this on diskette ($7.00 includes S & H)
or emailed to you for only $4.00? (circle one)

Make All Checks Payable To: Creative Financial Alternatives

Send check or money order to:

Creative Financial Alternatives
14837 Detroit Ave. 
Suite 135
Cleveland, OH  44107


***Orders will be shipped within 48 hours upon receipt.***

***Please Note:  All checks are held for 5 business days..































***Due to the Overwhelming demand Please Don't Reply Back
   By E-Mail.






From hyperlex at hol.gr  Sun Nov 17 00:16:37 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sun, 17 Nov 1996 00:16:37 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611171215.KAA24079@prometheus.hol.gr>


At 11:11 �� 16/11/1996 -0800, Sandy Sandfort wrote:
>> ...I would gladly write articles on Dimitri's expulsion and the
>> facade of Free Speech in mailing lists etc.,...But since I have
>> no time, it's likely someone else will report this.
>
>What was that from Thomas Paine about summer soldiers and
>sunshine patriots?  Three cheers for George and his commitment
>to "Free Speech."  I know I'm impressed.


You mean that if I launched an entire publicity campaign against
the censorship of Dimitri Vulis and similar evils, I would not
thoroughly enjoy it, or not get paid the newspapers here, for it?
(the standard rates per column)?

Poor soul! :-) What you see as 'voluntarism' or 'sacrifice' is
in reality quite the opposite. Which is why...
NOT writing about it is an act of generosity, NOT the other way round.
(Which is why I'll make sure SOMEBODY writes about it).


Tsk, tsk, tsk
George






From stewarts at ix.netcom.com  Sun Nov 17 00:25:06 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Sun, 17 Nov 1996 00:25:06 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
Message-ID: <1.5.4.32.19961117112455.003ac9d4@popd.ix.netcom.com>


At 08:51 PM 11/16/96 -0800, "Joshua E. Hill" <jehill at w6bhz.calpoly.edu> wrote:
>	I'm trying to think of a function to replace UNIX's crypt(3).  
>My design criteria are as follows:
...
>NMAC(k, m) = H(k1, H(k2, m))
....
>Would (n . P . n ) be better?

NMAC is probably a bit stronger, but the real question is why
you want to reinvent crypt(3).  It was fine for logging in from a
hardwired or dialup dumb terminal, but in a network environment you
really need some sort of one-time password system.  S/Key, for instance.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From blancw at cnw.com  Sun Nov 17 00:53:41 1996
From: blancw at cnw.com (blanc)
Date: Sun, 17 Nov 1996 00:53:41 -0800 (PST)
Subject: Another apologist for John Gilmore's censorship
Message-ID: <01BBD421.F6C167A0@king1-28.cnw.com>


From:	Dr.Dimitri Vulis KOTM

dv:     Why the quotes? John Gilmore censored me with no quotes.

bw:   Don't worry about it.

dv:   No. John Gilmore's actions are contrary to free speech, but his own
principles clearly don't include free speech. He has no credibility.

bw:   I guess you think this will bring me anguish.

dv:    Not true. An honorable person would tolerate all speech and either ignore
it or respond with more speech. A dishonorable person, such as John Gilmore,
seeks to silence the speech he doesn't like.

bw:   You're not obliged to be dishonorable even if others are.

dv:    .....Note also that he hasn't pulled the plugs of other very rude people, like Timmy May (fart).

bw:   He's not obliged to be rude only according to your preference.

dv:    Speech is not action. Action is not speech.

bw:   But the principle regarding the tolerance of insults is the same in both cases.

dv:   I don't think John Gilmore's sexual practices are *that* bizarre. The Kinsey
report estimates that 10% of the population shares his practices.

bw:   I guess you think you're talking to someone who gives a flip.

   ..
Blanc







From raymond at advcable.com  Sun Nov 17 01:07:51 1996
From: raymond at advcable.com (Raymond Mereniuk)
Date: Sun, 17 Nov 1996 01:07:51 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News-Reply
Message-ID: <s28e64b6.071@zed.ca>


>>> aga <aga at dhp.com>  11/16/96, 02:26am >>>
On Fri, 15 Nov 1996, Bill Frantz wrote:

>Yes it WAS!!  He censored the mode and manner of the speaker.
>He censored the personal attacks and the rants and the racial
>diatribes!  And that SUCKS!  Gilmore was a fucking asshole for
>doing it!  And Gilmore is the WORST kind of censor that there
>can be, one who censors a person's "style."
>-aga.admin
>InterNet Freedom Council

You state that Mr. Gilmore censored someone but yet I still see that
someone's messages being propagated by `cypherpunks at toad.com'.  If Mr
Gilmore was really trying to censor someone he sure did a bad job of
it and can be criticzed for that much as I still see mail from the
censored party.  

Have you every lived, or been involved, in a society where
censorship, or local distortion, of facts was the norm??  Do you have
any idea how the powers that be discredit any voice in which they
don't like the message (or even the tone) and the lengths they go to
ensure the offical line is only one which is presented in a
reasonable form??  Have you ever been arrested and interrogated by
the local anti-corruption police because you made too much money and
dealt with a company where one particular person was known to accept
brides so therefore you must be corrupt??  So far no big deal, a
simple misunderstanding - but the anti-corruption police know how you
live your life and since you work long hours you must be cooking the
books.  

There is censorship in this society but it is so not so blatant and
is probably more dependent on what the established media choses to
report or not report.  Mr. Gilmore only made it slightly more
difficult for one particular player, who was misbehaving badly, to be
heard but did not totally remove that player's ability to be heard.  

If you are truly concerned about censorship you should be more
concerned about how the current administration's polices in regards
to cryptography will affect your future freedoms to communicate in a
manner in which is completely private and will subject you to no
government review of the subject matter discussed.  


Virtually

Raymond at advcable.com






From unicorn at schloss.li  Sun Nov 17 01:12:58 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 17 Nov 1996 01:12:58 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <199611170222.SAA10990@mailmasher.com>
Message-ID: <Pine.SUN.3.94.961117041113.2926A-100000@polaris>


On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:

> Date: Sat, 16 Nov 1996 18:22:33 -0800
> From: Huge Cajones Remailer <nobody at huge.cajones.com>
> To: cypherpunks at toad.com
> Subject: The Utility of Privacy
> 
> 
> Privacy is a hassle.  Is it worth it?
> 
> Which unfortunate situations does privacy prevent?  What are the odds
> that they will occur?  How much effort will it take to prevent these
> outcomes?  As a model, use the present and future situation of a
> typical reader of this list.

Insurance is a hassle.  Is it worth it?

Which unfortunate situations does insurance prevent?  What are the odds
that they will occur?  How much effort will it take to prevent these
outcomes?  As a model, use the present and future situation of a
typical reader of this list.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From rcgraves at ix.netcom.com  Sun Nov 17 01:49:46 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Sun, 17 Nov 1996 01:49:46 -0800 (PST)
Subject: The persistance of reputation
In-Reply-To: <199611161644.FAA08442@mycroft.actrix.gen.nz>
Message-ID: <328EDFBE.2EC9@ix.netcom.com>


Dale Thorn wrote:
> 
> Paul Foley wrote:
> > On Fri, 15 Nov 1996 18:23:17 -0800, Dale Thorn wrote:
> >    A disinformer posing as an idiot.  Go figure.
> > Nice sig...and here I was thinking you were a real idiot.
> 
> I'll refrain from saying anything nasty here, since there is no info
> in this posting to comment on, i.e., I don't know who you are.
> 
> However, when you decide to CC cypherpunks with a flame like you just
> did, you could show *them* some consideration by leaving in some of
> the material so they know what the hell you're talking about.

That would be redundant. Everyone on cypherpunks receives what you send 
to the list, and thus has access to the source material, if desired. 
Paul's humor was surely appreciated by the people who have killfiled you 
and thus miss your posts unless there's a followup.

-rich





From unicorn at schloss.li  Sun Nov 17 02:10:24 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 17 Nov 1996 02:10:24 -0800 (PST)
Subject: Does John Gilmore...
In-Reply-To: <199611171150.JAA23268@prometheus.hol.gr>
Message-ID: <Pine.SUN.3.94.961117050102.3022F-100000@polaris>


On Sun, 17 Nov 1996, George A. Stathis wrote:

[...]

> As regards 'PGP'...
> I don't give a damn anymore who reads my mail, since I got used
> to infringements of privacy anyway (since my childhood days in
> a dictatorship).

[...]

> P.S. I have heard cynical Americans before, being 'sarcastic' against
>      selfless supporters of Free Speech. A lot of you people can't
>      even imagine a selfless cause without financial gain. Such is
>      the... Mafia world of... pimping and prostitution, I suppose... :-)     
> (-joke!) ROTFL

The problem with people too used to dictatorships is that they grow
so accustomed to taking those favors and incentives which are dictated to
them that the freedom (and responsibility) of "financial gain" seem like
too much work.

Much easier to just work for food.  "The all-knowing General Pinoriega
would have given us money if we needed it."

Of course the result is an increased dependence on the state.

Market economies which approach true "free market" status provide no
foothold for regulation.  You cannot really have one without the
other.  (Note the coming backlash against free speech and free markets in
the United States).

The free market will ever be the only real path to free speech, because,
in essence, it is free speech.

Free speech does not, however, require that all speech be universally
broadcast to each and every citizen on the planet free of charge.  That's
"subsidized speech."

Consider long and hard if that is the path that you would like to take.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From hyperlex at hol.gr  Sun Nov 17 02:41:45 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sun, 17 Nov 1996 02:41:45 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611171440.MAA29860@prometheus.hol.gr>


At 05:08 �� 17/11/1996 -0500, Black Unicorn wrote:
>The problem with people too used to dictatorships is that they grow
>so accustomed to taking those favors and incentives which are dictated to
>them that the freedom (and responsibility) of "financial gain" seem like
>too much work.


Boy oh boy!!!! :-) Financial Gain being "too much work"??? :-)

Hey dude, I work for myself, you know. Ever since childhood, I learned
how not to rely on ANYBODY.

I experienced no "favors" nor "incentives" whatsoever, all my life.
The taxation here is designed to drain the blood of all SMALL businesses
(like mine) and favor the big businesses.
There is very poor welfare here, too. America is almost... socialist
in some respects compared to the Greek welfare state.

Your 'model' of what's going on is more appropriate for the Russians
and the Eastern Block (former) dictatorships, in which case I agree! :-)



>The free market will ever be the only real path to free speech, because,
>in essence, it is free speech.

The free market is the _precondition_ for free speech. But Free speech
does NOT necessarily follow from it. What happened in GREECE and CHILE
in fact is a living proof of this: Such countries had ENTIRELY free
market and NO FREE SPEECH. This is right-wing fascism, as you know.
I hope you agree with these clarifications. I don't see why not...



>Much easier to just work for food.  "The all-knowing General Pinoriega
>would have given us money if we needed it."

The 'all-knowing' dictators of Chile (installed by US involvement)
gave NO money to ANYBODY (but big businesses and American corporations).

As for the Nicaraguan case, the scandal of the C.I.A. financing the
contras using drug-money from selling drugs to American Blacks has
been thoroughly exposed in the rest of the world.

The only 'all-knowing' philanthropists around the world have been
the Stalinist lunatics who are nowdays replaced by (more 'professional'
Mafiozos).

You should be glad to be American, in fact! :-)
(At least you are ruled by the Trilateral Commission; the Mafia plays
 only a secondary role in your politics). :-)




>Of course the result is an increased dependence on the state.


We never run out of saliva spitting on the face of the (Greek) state
over here. Same is true all over the world...



>Market economies which approach true "free market" status provide no
>foothold for regulation.  You cannot really have one without the
>other.

This is a big discussion. The free market _is_ the only way. I agree.
However, as I explained in another (private and humourous) posting,
for instance, I am a winter-swimmer, and use the facilities of a beach
run and owned by the State here in Greece, which will probably CLOSE
DOWN, as soon as it is privatised. At the moment, it's a gift to us
-10 or 20 'winter-swimmers' operating at a loss, not a profit. One
must be on guard for extreme views, neo-liberal or otherwise)... :-)



>(Note the coming backlash against free speech and free markets in
>the United States).

I am in solidarity with your worries, and in favour of both.
But... Sometimes one does not 'automatically' imply the other.



>Free speech does not, however, require that all speech be universally
>broadcast to each and every citizen on the planet free of charge.  That's
>"subsidized speech."

How much should I be charged for every word I utter?  In 1990 I was being
PAID for every word I wrote. Not so anymore! :-) :-)
At least you could afford (as the English say)... 1 penny for these
thoughts! ROTFL!!!! :-)


>Consider long and hard if that is the path that you would like to take.


Me? I voluntarily waste my time, dude, to write my opinions for free! :-)
It's the last thing I do for free, after some rare friendships
and other rare precious things in life.  Don't we al have such things? :-)

If we don't write _some_ opinions for free we'd all become... whores
waiting for the next pimp to exercise 'list-owner's rights on our speech.
Or get bribed to tell lies, and so on! :-) :-)

Perhaps my clarifications helped.
George


P.S.
In Logic, Complete Systems are Consistent, and Consistent Systems
are Incomplete. Thus, 'extreme views' of any kind are impractical.
(theorem of Goedel in Logic and Mathematics applied in practice).






From tfs at adsl-122.cais.com  Sun Nov 17 02:52:17 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Sun, 17 Nov 1996 02:52:17 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <199611171100.JAA21839@prometheus.hol.gr>
Message-ID: <9611171051.AA05251@adsl-122.cais.com>


George A. Stathis wrote:
> 
> This was my objection also inside the F-K list, for _some_ of the postings
> in the past, but none of these postings was connected with acts of
> censorship, or with "sweeping generalisations" without evidence. On several
> occasions that I searched and found who or what they were talking about,
> I discovered they were talking about people whose activities were indeed
> horrifying (forged cancellations etc) and who also fought back.

Horrifying eh? Hmm I found this just a bit to priceless to resist.
I guess it falls under the old 'but I'll defend your right...' way
of looking at things...

In any case, here you go, this is the latest contribution of software
from Dimitri to the values of freedom of expression and non-censoring
& all that blather.

#From Phrack 49, file p49-09 published this month:
                            .oO Phrack Magazine Oo.

                        Volume Seven, Issue Forty-Nine
                        
                                 File 09 of 16

                          by Dr.Dimitri Vulis (KOTM)

               A Content-Blind Cancelbot for Usenet (CBCB)

And what follows, is Dr. Dimitri, defender of freedom of expression,
champion of the anti-censors on the net, posting code to the world to
engage in exactly those activities that everyone has been ranting about
as being so utterly "horrifying (forged cancellations etc)" as it were.

Amusing to say the least.

Tim








From hyperlex at hol.gr  Sun Nov 17 02:59:57 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sun, 17 Nov 1996 02:59:57 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611171458.MAA00739@prometheus.hol.gr>


At 05:51 �� 17/11/1996 -0500, Tim Scanlon wrote:
>George A. Stathis wrote:
>> This was my objection also inside the F-K list, for _some_ of the postings
>> in the past, but none of these postings was connected with acts of
>> censorship, or with "sweeping generalisations" without evidence. On several
>> occasions that I searched and found who or what they were talking about,
>> I discovered they were talking about people whose activities were indeed
>> horrifying (forged cancellations etc) and who also fought back.
>
>Horrifying eh? Hmm I found this just a bit to priceless to resist.
>I guess it falls under the old 'but I'll defend your right...' way
>of looking at things...
>
>In any case, here you go, this is the latest contribution of software
>from Dimitri to the values of freedom of expression and non-censoring
>& all that blather.
>
>#From Phrack 49, file p49-09 published this month:
>                            .oO Phrack Magazine Oo.
>
>                        Volume Seven, Issue Forty-Nine
>                        
>                                 File 09 of 16
>
>                          by Dr.Dimitri Vulis (KOTM)
>
>               A Content-Blind Cancelbot for Usenet (CBCB)
>
>And what follows, is Dr. Dimitri, defender of freedom of expression,
>champion of the anti-censors on the net, posting code to the world to
>engage in exactly those activities that everyone has been ranting about
>as being so utterly "horrifying (forged cancellations etc)" as it were.
>
>Amusing to say the least.
>
>Tim

Well, this is why we _NEED_ this discussion; we _NEED_ Dimitri to explain
his ideas and his critics ALSO to explain his ideas.

My guess is that Dimitri's 'CANCELBOT' is intended to remove pure spam.

A little while ago, I received Spam from the same source an 8th time.
It even automatically replied to my... complaint AS IF it was not a
complaint but a request for info, and it also... forged my E-mail
address.

If Dimitri Vulis (and others) possess the technical genious to relieve
us of such very annoying spam-problems, I don't see at all how this
contradicts Free Speech, or the right of people to speak when invited
to open meetings.

In any case, I am extremely greatful for the info, and would appreciate
the full text and the sources of it.

Cheers
George






From hyperlex at hol.gr  Sun Nov 17 03:15:38 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sun, 17 Nov 1996 03:15:38 -0800 (PST)
Subject: Does John Gilmore...(CORRECTION)
Message-ID: <199611171514.NAA01626@prometheus.hol.gr>


At 12:40 �� 17/11/1996 -0200, George A. Stathis wrote:
>In Logic, Complete Systems are Consistent, and Consistent Systems
>are Incomplete. Thus, 'extreme views' of any kind are impractical.
>(theorem of Goedel in Logic and Mathematics applied in practice).

Boy oh Boy! time to flame myself this time:
"Complete Systems are INconsistent, and Consistent Systems
 are INcomplete". At least in the Predicate Calculus.

This is why I look forward to Dimitri explaining his 'Cancelbot'
in detail. It's possible that the _misuse_ of such an innovation
would be against the original goal (of Spam-elimination etc).

In any case, while you all go to sleep, it's me for me to do some work!
:-)
George






From aga at dhp.com  Sun Nov 17 04:19:42 1996
From: aga at dhp.com (aga)
Date: Sun, 17 Nov 1996 04:19:42 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
In-Reply-To: <Pine.LNX.3.95.961116074506.1181B-100000@kinch.ark.com>
Message-ID: <Pine.LNX.3.95.961117071330.25183B-100000@dhp.com>


On Sat, 16 Nov 1996, Dave Kinchlea wrote:

> Date: Sat, 16 Nov 1996 08:08:39 -0800 (PST)
> From: Dave Kinchlea <security at kinch.ark.com>
> Reply-To: freedom-knights at jetcafe.org
> To: aga <aga at dhp.com>
> Cc: InterNet Freedom Council <ifc at pgh.org>, freedom-knights at jetcafe.org,
>     cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly News 
> 
> On Sat, 16 Nov 1996, aga wrote:
> 
> > On Fri, 15 Nov 1996, Dave Kinchlea wrote:
> > 
> > > 
> > > So, you send all of your snail mail on post cards do you? No
> > > sealed envelopes at all? Afterall you have nothing to hide, right?
> > > 
> > 
> > Irrelevant analogy; snail.mail and e-mail.  The former is in physical
> > form, and the latter usually never is.
> 
> No kidding, thanks for that information. Perhaps you can explain how it
> is relevant?
> 

it is not -- I said irrelevant.

> > 
> > > Of course not, privacy isn't about being a criminal, its about being
> > > private. It is not akin to anonymity, *perhaps* those who work
> > > anonymously have `something to hide' (still doesn't necessarily make
> > > them a criminal, however), 
> > 
> > Anonymity on the InterNet is a Constitutional right, and is the
> > sole supporter of freedom of speech.
> 
> Another irrelevant and completely inaccurate point. I utilize free
> speech everyday yet I manage to do it without anonymity. 
> 
> > 

so? that is you. but if a motherfucker wants to be anonymous, he
must be allowed; there is no exception to the rule.

> > > I'll let someone else field that as I feel
> > > that anonymity is rarely a good thing. 
> > > 
> > 
> > I disagree, anonymity is a good thing that will never
> > be questioned by anybody, but your PGP will, and it
> > is really not safe anyway.
> 
> ha ha ha, not by anybody huh. What world do you live in? I know plenty
> of people who feel that if you must say something anonymously `you must
> be hiding something, probably a criminal!'. I don't subscribe to this, I
> feel that most people who post anonymously are just chicken-shits, but
> that too is besides the point. It *is* questioned by many people.
> 

fuck them.

>  And as to PGP not being safe, perhaps you could expand a bit on this,
> it hasn't hurt me or anyone I know, seems pretty safe to me. To address
> what I assume your point was, it acts as a prefectly good sealed
> envelope (and I believe quite a bit more), in the context of my original
> reply, this is quite `safe'.
> 

never ever rely on something being encoded and not able to be
unencoded, that is not possible.  whatever man can do, man can
undue, and that is a law of nature that has no exception.

> > 
> > > Privacy, on the other hand, simply means that not everything I do is any
> > > of your business and I would just as soon you not be tempted to even
> > > bother trying to find out. 
> > > 
> > 
> > If you do not send it to me by e-mail, I will never see it.
> 
> Nor will you see my post-card that I send to my mom, how does that
> change the nature of a post-card OR email?
> 
> > Why are you so paranoid that someone is reading your e-mail?
> 
> Paranoid? No, but why make it easy for anyone to do so? 
> 
> > I never do anything criminal, so I could give a shit less if
> > everybody reads all of my fucking mail.
> 
> so how is it different, besides being electronic, from snail mail? I
> repeat, why don't you use post-cards exclusively for mail? Oh yes, that
> is `print', a totally different thing, geesh.
> 

no, you just need envelopes for multiple pages.

> > 
> > > Of course, if all of your personal mail (including financial statements
> > > etc) is sent on post cards, then (while I think you would be crazy) I
> > > will at least admit you are consistent. Else, I think you need to look
> > > hard at the logic you are using.
> > > 
> > 
> > Again, inconsistant analogy.  This is nothing but photons in it's
> > ultimate form, and it will never see paper.  Anything that _you_
> > print is not attributable to me, and any e-mail printed by you
> > would never be acceptable as a court exhibit.
> 
> You appear to be confused, I look at what I wrote and I see nothing at
> all that mentions courts. I am talking about personal privacy and the
> analogy is not at all inconsistent. (and paper mail is nothing but atoms
> in it's ultimate form, so what?)
> > 

You have it. Just never print anything.

> > stop getting cyberspace mixed up with print.
> 
> Why do you think there is something magical about `cyberspace'? Privacy
> is privacy, period. Communication is communication, period. There is no
> reason to differentiate private communication via print and private
> communication via cyberspace. Both are desirable for exactly the same
> reasons. 
> 
>  > 
> > why do you put that cypherpunks address in the header?
> > just where did this e-mail originate from?
> 
> Thats how it landed on my plate, thats where I send it back, seems
> reasonable to me.
>  

Yeah, but some motherfucker is sending this shit to that list
I think.  What a fucking joke that is.

> cheers, kinch
> 
> 
 cheers,

-aga






From aga at dhp.com  Sun Nov 17 04:36:13 1996
From: aga at dhp.com (aga)
Date: Sun, 17 Nov 1996 04:36:13 -0800 (PST)
Subject: AGA'S LIMITED VOCABULARY
In-Reply-To: <Pine.SUN.3.91.961116083904.19901E-100000@crl4.crl.com>
Message-ID: <Pine.LNX.3.95.961117072058.25183C-100000@dhp.com>


On Sat, 16 Nov 1996, Sandy Sandfort wrote:

> Date: Sat, 16 Nov 1996 08:51:37 -0800 (PST)
> From: Sandy Sandfort <sandfort at crl.com>
> To: aga <aga at dhp.com>
> Cc: cypherpunks at toad.com
> Subject: Re: AGA'S LIMITED VOCABULARY
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 

Now just one moment cunt.  This ain't cyberpunks.
I never joined that motherfucking list.  If you want
to talk to me, you dump the motherfucking list.  That
fucking list is a waste of time, and I ain't going to
reply to any of those assholes any more.

If you want to talk to me, you go to the Freedom-Knights
or the InterNet Freedom Council ONLY.

> On Sat, 16 Nov 1996, legal expert aga wrote:
> 
> > ...cypherpunks is an "all or nothing" proposition...After a
> > certain level, EVERYTHING reaches the "public doamin," and that
> > is the *common-law of cyberspace.*
> 
> As I'm sure aga knows, "common law" is that form of jurisprudence 
> in which cases of first which are appealed to a higher court set
> legal precedents which are subsequently binding on lower courts.
> 
> I must admit, it appears "Aga" has the advantage of me, as I did
> not study the *common-law of cyberspace* back when I was in law
> school.  (Unfortunately, my education pre-dates the existance of
> cyberspace.)
> 

What year did you graduate from Law School?

> As a favor to me and other's on the list who would like to know
> as much as "Aga" does about the *common-law of cyberspace* I ask
> "Aga" to please share his knowledge with us.  For starters, a 
> list of the most relevant appelate cases embodied in the *common-
> law of cyberspace* would be appreciated.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 

Just how old are you, Sandy?

Again, we dump the stupid fucking list, or I don't talk
with you any more.

out,

-aga






From aga at dhp.com  Sun Nov 17 04:40:56 1996
From: aga at dhp.com (aga)
Date: Sun, 17 Nov 1996 04:40:56 -0800 (PST)
Subject: Fuck You Dumb Cunt
In-Reply-To: <Pine.SUN.3.91.961116081612.19901D-100000@crl4.crl.com>
Message-ID: <Pine.LNX.3.95.961117073649.25183D-100000@dhp.com>


On Sat, 16 Nov 1996, Sandy Sandfort wrote:

> Date: Sat, 16 Nov 1996 08:37:14 -0800 (PST)
> From: Sandy Sandfort <sandfort at crl.com>
> To: aga <aga at dhp.com>
> Cc: Cypherpunks <cypherpunks at toad.com>
> Subject: Re: Does John Gilmore...
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Sat, 16 Nov 1996, aga wrote:
> 
> > The cyberpunks mailing list is PUBLIC property and should NOT
> > be controlled by John Gilmore!  This just goes to show the real
> > facist censorship motives that the EFF has behind it.
> 
> I have a suggestion for "Aga" and others who believe this sort of
> nonsense.  Please do us all a favor and try to sue John.  I'm sure 
> that among all jack-leg and wannabe lawyers on this list that they
> can come up with a viable cause of action.  And John has deep 
> pockets; you could (literally) make out like bandits AND rescue 
> "freedom of speech" on privately maintained mailing lists.  You 
> could be heroes (or look ten times as foolish as you already do).
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 

fuck you dumb cunt.  I told you to leave that list off of your
fucking headers -- you just do not listen, do you?

Anybody that supports John Gilmore is an asshole bitch or cocksucker
one of the two.

out.

-a






From dlv at bwalk.dm.com  Sun Nov 17 05:08:43 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 05:08:43 -0800 (PST)
Subject: Censorship on cypherpunks?, from The Netly News
In-Reply-To: <328E9EB6.539E@ix.netcom.com>
Message-ID: <XcgJXD29w165w@bwalk.dm.com>


Rich Graves <rcgraves at ix.netcom.com> writes:

> Omegaman wrote:
> >
> > On Wed, 13 Nov 1996, Declan McCullagh wrote:
> >
> > > Yes, I understand this. It's quite obvious; being removed from the
> > > subscriber list hasn't slowed Vulis at all. When I was writing the piece
> > > Vulis seemed to have slowed his ad hominem attacks and instead was talkin
> > > about censorship (something that is within the charter of the list), but
> >                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > Actually, Declan, it's not.  "info cypherpunks" in the body of a message to
> > majordomo at toad.com yields the welcome message to the list -- the closest
> > thing to a charter available.  The subjects of censorship and free speech
> > are neither mentioned nor alluded to anywhere within that document.
>
> This is true.
>
> Declan's "fight-censorship" list, though, is supposed to be about censorship,
> and he's allowing no criticism of his positions there.

He's exercising his property rights at the expense of his credibility.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jya at pipeline.com  Sun Nov 17 05:49:33 1996
From: jya at pipeline.com (John Young)
Date: Sun, 17 Nov 1996 05:49:33 -0800 (PST)
Subject: A word on "emergencies" [WAS Re: Final Solution to the Crypto ]
Message-ID: <1.5.4.32.19961117134727.00693658@pop.pipeline.com>


Michael Froomkin wrote:

>Rather, my point is a simple one.  The fact that the President has
>declared an emergency here is primarily a technical legal event.  It is
>not a sign that martial law is about to be declared, that they are coming
>to take you or your [fill in blank] away, or that anything fundamental has
>changed.  Multi-year emergencies in which the executive uses one statute
>to compensate for the Congressional decision/failure to pass another
>statute is not, I submit, a particularly telling sign of a mature and
>healthy democracy.  But this goes to large and gradual processes, not to
>anything that suddenly happened. 

Thanks for the steady-hand reassurance. Your papers are balm.

Was it not Hal's original ironic lament about the current charade -- that
it's business as usual among the jaded insiders who are confident that 
they know how power really works.

The disdain for public accountability -- cynical extension of declared 
emegencies well past their time -- is what breeds the desire of outsiders
to protect themselves from insiders. Hence, the desire for crypto, 
especially the cryptanalytic kind that ventilates those privileged inside
communications.

The battle may be between cryptogologists and lawyers, it seems to me,
the struggle for supremacy between privacy-protecting code and 
privilege-protecting secrecy.

Hoary national security proclamations have become much more lethal 
munitions than cryptography, and it is these incitements that need ... what, 
X-rating? What can be done to supplant these thrilling, crowd-
rousing proclamations of national threats -- ancient, vulgar strategems 
around the globe?








From adam at homeport.org  Sun Nov 17 05:49:42 1996
From: adam at homeport.org (Adam Shostack)
Date: Sun, 17 Nov 1996 05:49:42 -0800 (PST)
Subject: San Jose Mercury News declares encryption battle over
In-Reply-To: <199611170747.AAA27780@infowest.com>
Message-ID: <199611171346.IAA02035@homeport.org>


	I agree wholeheartedly.  In fact, to make it easier to find
libraries, I created a page with links to 7 libraries with at least
one pubic key system & one private key system included.

www.homeport.org/~adam/crypto

	The tools are out there.

Adam


attila at primenet.com wrote:
| In <328E8BEC.2D76 at gte.net>, on 11/16/96
|    at 07:52 PM, Dale Thorn <dthorn at gte.net> said:
| 
| ::Point 2: I've said something like this before, but here's a place where
| ::it could mean something.  If c-punks and others could divvy up as many
| ::of the supporting functions of "strong" crypto as possible, and issue
| ::them in a set of commonly-available libraries for any and all programmers,
| ::along with source code, then an application programmer (theoretically)
| ::could order up some of these libraries and write some useful crypto code
| ::in short order.
| ::
|         one of the best proposals in many years --we have all made good
|     use of library code over the years, unless the simpleton coder has a
|     obsessive-compulsive masochistic need to write an extra 20-50,000
|     lines of 'reinvent the wheel' code.
| 
|         there are several linkable libraries floating around, with
|     multiple types, etc.  the only one I looked at a couple of years
|     ago needed some extensive work on its calling and return
|     conventions --ever hear of structures?


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From nobody at cypherpunks.ca  Sun Nov 17 05:50:01 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 17 Nov 1996 05:50:01 -0800 (PST)
Subject: Could Declan or some libertarian explain this?
Message-ID: <199611171336.FAA16570@abraham.cs.berkeley.edu>


Dale Thorn wrote:

>Could someone explain to me why we have to have *any* censorship, if
>people on a list are given tools to filter with and reminded on occasion
>how to use them?

You are the reason, you can't shut up and you have little or nothing to say. plonk.







From aga at dhp.com  Sun Nov 17 05:50:06 1996
From: aga at dhp.com (aga)
Date: Sun, 17 Nov 1996 05:50:06 -0800 (PST)
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <m0vOsH2-0000LkC@wittsend.com>
Message-ID: <Pine.LNX.3.95.961117083907.25183G-100000@dhp.com>


On Sat, 16 Nov 1996, Michael H. Warfield wrote:

> Date: Sat, 16 Nov 1996 16:27:35 -0500 (EST)
> From: "Michael H. Warfield" <mhw at wittsend.com>
> To: Tim Scanlon <tfs at adsl-122.cais.com>
> Cc: cypherpunks at toad.com, aga at dhp.com, postmaster at dhp.com
> Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
> 
> Tim Scanlon enscribed thusly:
> 
> > all,
> 
> > "aga at dhp.com", that 'aga' guy, is NOT subscribed to cypherpunks.
> 
> > What has and is going on is that he was blindly Cc'ing cypherpunks
> > on everything he wrote that had to do with this... 
> 
> > I exchanged some mail with the guy, he didn't understand AT ALL that
> > "cypherpunks at toad.com" was a mailing list address. He seemed to think
> > that he had to be "subscribed" to the list in order for any traffic
> > to goto it.
> 

No stupid, you miss the point.  What I told you is that I never
added the cypherpunks address to the fucking list.  And I do
not chop headers.  Get the story straight.  YOU put the address
in the header, and not me.

> > When I pointed out to him that this was not the case, his attitude was
> > that it was not his fault and that the list was "broken" etc.
> 
> > If you havn't figured it out, BELIVE ME, talking to this guy is a
> > definative waste of packets.
> 
> 	I have a suggestion...  How 'bout if everybody on this list dropped
> a procmail configuration that mailed aga at dhp.com and postmaster at dhp.com
> a copy of every message that originated from aga at dhp.com?  Do you think
> he would start to "get it" then?
> 

Look you cocksucking bastard.  If you start harassing my postmaster,
I will put you out of business.  I never put any fucking cyberpunks
address in any e-mail, so don't go blaming me.  

I have a habit of never chopping headers, so YOU had better chop
the fucking cyberpunks header at once, and stop harassing this
location!  Do you want me to sue your ISP ?  Keep up your 
unwanted e-mail to this address, and it will happen.

> 	:
> 	: - remainder of message deleted....
> 	:
> 
> 	Mike
> -- 
>  Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
>   (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
>   NIC whois:  MHW9      |  An optimist believes we live in the best of all
>  PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
> 

That is your last warning, Mike.  If you start harasing my postmaster,
I will have your fucking ass in Federal Court before you can blink.

-aga,Esq.






From deviant at pooh-corner.com  Sun Nov 17 06:21:58 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 17 Nov 1996 06:21:58 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <199611170451.UAA05059@hyperion.boxes.org>
Message-ID: <Pine.LNX.3.94.961117141454.2208A-100000@random.sp.org>


On Sat, 16 Nov 1996, Joshua E. Hill wrote:

> 
> 	I'm trying to think of a function to replace UNIX's crypt(3).  
> My design criteria are as follows:
> 

Why? UNIX passwords with password shadowing are as secure as any password
system is going to get.  If your security holes are with passwords, its
because your admin is to lazy to install needed security provissions, not
because the system of checking passwords is bad.

If you're worried about network sniffing and the like, get SSH.  Other
than that you're wasting your time.

 --Deviant
Without followers, evil cannot spread.
                -- Spock, "And The Children Shall Lead", stardate 5029.5








From adam at homeport.org  Sun Nov 17 06:35:40 1996
From: adam at homeport.org (Adam Shostack)
Date: Sun, 17 Nov 1996 06:35:40 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117141454.2208A-100000@random.sp.org>
Message-ID: <199611171432.JAA02213@homeport.org>


The Deviant wrote:
| On Sat, 16 Nov 1996, Joshua E. Hill wrote:
| > 	I'm trying to think of a function to replace UNIX's crypt(3).  
| > My design criteria are as follows:

| Why? UNIX passwords with password shadowing are as secure as any password
| system is going to get.  If your security holes are with passwords, its
| because your admin is to lazy to install needed security provissions, not
| because the system of checking passwords is bad.

	A longer salt would make running crack against a large
password file slower.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From sandfort at crl.com  Sun Nov 17 07:54:23 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 17 Nov 1996 07:54:23 -0800 (PST)
Subject: AGA'S LIMITED VOCABULARY
In-Reply-To: <Pine.LNX.3.95.961117072058.25183C-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961117072848.20717D-100000@crl7.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks and others,

On Sun, 17 Nov 1996, aga wrote:

> Now just one moment cunt. 

Colorful, yet sadly ineffectual.  

> This ain't cyberpunks.

No, it's Cypherpunks (and others).  
         ^^^^^^^^^^^
> I never joined that motherfucking list. 

Perhaps you are laboring under a misconception.  Cypherpunks is
about the use of technology to protect privacy.  Perhaps you 
were confusing it with that other list you are on:
alt.sex.yourmother.

> If you want to talk to me, you dump the motherfucking list. 
> That fucking list is a waste of time, and I ain't going to
> reply to any of those assholes any more.

Let me guess; you weren't an English major, right?

> If you want to talk to me, you go to the Freedom-Knights
> or the InterNet Freedom Council ONLY.

Thanks for your suggestion.
 
> What year did you graduate from Law School?

Irrelevant, but it was 1975.  More importantly, though, when did
YOU graduate from law school?
 
> Again, we dump the stupid fucking list, or I don't talk
> with you any more.

Kind of funny that you included Cypherpunks in YOUR reply, but
don't want me to.  I guess you prefer having a captive audience
of your cronies.  "Freedom Knights" yeah, right.  

So given your above ultimatum, I guess you are going to weasle
out of sharing your vast legal knowledge with us as per my 
request.  To wit:

> > As a favor to me and other's on the list who would like to know
> > as much as "Aga" does about the *common-law of cyberspace* I ask
> > "Aga" to please share his knowledge with us.  For starters, a
> > list of the most relevant appelate cases embodied in the *common-
> > law of cyberspace* would be appreciated.

What a pity.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From sandfort at crl.com  Sun Nov 17 07:56:04 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 17 Nov 1996 07:56:04 -0800 (PST)
Subject: Fuck You Dumb Cunt
In-Reply-To: <Pine.LNX.3.95.961117073649.25183D-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961117074708.20717E-100000@crl7.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks and others,

On Sun, 17 Nov 1996, aga wrote:

> > I have a suggestion for "Aga" and others who believe this sort of
> > nonsense.  Please do us all a favor and try to sue John.  I'm sure 
> > that among all jack-leg and wannabe lawyers on this list that they
> > can come up with a viable cause of action.  And John has deep 
> > pockets; you could (literally) make out like bandits AND rescue 
> > "freedom of speech" on privately maintained mailing lists.  You 
> > could be heroes (or look ten times as foolish as you already do).

> fuck you dumb cunt. 

Boy, have you got a wrong number.  

> I told you to leave that list off of your fucking headers --
> you just do not listen, do you?

You sure have a problem with free speech, don't you?  I read what
you wrote and ignored it.  I sure feel sorry for any woman who
gets involved with me ("I SAID, get me a beer, bitch!)
 
> Anybody that supports John Gilmore is an asshole bitch or
> cocksucker one of the two.

Yet I am neither.  Perhaps you are in error.

Bye,


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From nobody at huge.cajones.com  Sun Nov 17 08:12:11 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Sun, 17 Nov 1996 08:12:11 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <199611171612.IAA01572@mailmasher.com>



At 4:11 AM 11/17/1996, Black Unicorn wrote:
>On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:
>
>> Date: Sat, 16 Nov 1996 18:22:33 -0800
>> From: Huge Cajones Remailer <nobody at huge.cajones.com>
>> To: cypherpunks at toad.com
>> Subject: The Utility of Privacy
>> 
>> 
>> Privacy is a hassle.  Is it worth it?
>> 
>> Which unfortunate situations does privacy prevent?  What are the odds
>> that they will occur?  How much effort will it take to prevent these
>> outcomes?  As a model, use the present and future situation of a
>> typical reader of this list.
>
>Insurance is a hassle.  Is it worth it?
>
>Which unfortunate situations does insurance prevent?  What are the odds
>that they will occur?  How much effort will it take to prevent these
>outcomes?  As a model, use the present and future situation of a
>typical reader of this list.

I know many people who were happy they had insurance due to car
accidents, health problems, or whatever.  What is more, the odds of
these events are carefully calculated and available.  Call an actuary.

Are there similar sources of information calculating privacy risk?  I
don't think so.

Informally, I don't know anybody who has suffered due to a loss of
privacy.

It may be the case that it is politically beneficial to have a society
of privacy fanatics.  But, this is different from the direct benefit
to each participant.

My question remains unanswered, probably because privacy isn't worth
the effort.







From nobody at huge.cajones.com  Sun Nov 17 08:23:17 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Sun, 17 Nov 1996 08:23:17 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <199611171623.IAA02492@mailmasher.com>



At 10:49 PM 11/16/1996, Hal Finney wrote:
>David Brin has an article in the December issue of Wired arguing that
>privacy is obsolete and was never that great an idea in the first place.

>Maybe you'd say that all of these people should expose their secrets, or have
>them exposed for them, and that the world would be a better place. (Actually,
>you do seem to say this, and I'll discuss it later.)

>I really don't think we have any right to second-guess the decisions people
>have made about what they will reveal and what they will keep private.

This is not my claim.  If free citizens go to the trouble of
protecting their privacy, good for them.

How important is it that I should do so?







From adam at homeport.org  Sun Nov 17 08:29:35 1996
From: adam at homeport.org (Adam Shostack)
Date: Sun, 17 Nov 1996 08:29:35 -0800 (PST)
Subject: "Strong" crypto and export rule changes.
In-Reply-To: <0mXaQD200YUf13OMA0@andrew.cmu.edu>
Message-ID: <199611171626.LAA02780@homeport.org>


Jeremiah A Blatz wrote:
| Adam Shostack <adam at homeport.org> writes:
| >         What the US government will allow to be exported is not "strong
| > encryption."  It is encryption only slightly too strong to be broken
| > by an amateur effort.  For the right investment in custom hardware, it
| > falls quickly.  (500,000 $US = 3.5 hour avg break).
| <snip>
| >         In other words, the surveilance state is still winning, and
| > American business is still losing.
| 
| Umm, I'm not expert, but it seems to me that the proposal removes the
| "munitions" classification. It seems the USG has removed its defense
| in court chanllenges to export restrictions. Am I totally off-base
| here?

	No, but they were going to lose in court anyway.  They're
losing in the marketplace, and they throw us a bone.  We don't want
bones, we want a full lifting of the restrictions.

	We want to stop wasting time on these silly fights, and start
selling things on the net.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From scs at lokkur.dexter.mi.us  Sun Nov 17 08:32:36 1996
From: scs at lokkur.dexter.mi.us (Steve Simmons)
Date: Sun, 17 Nov 1996 08:32:36 -0800 (PST)
Subject: Final Solution to the Crypto Problem
In-Reply-To: <1.5.4.32.19961117011708.007245d0@pop.pipeline.com>
Message-ID: <56nek9$ig0@lokkur.dexter.mi.us>


Cpunks has become an existance proof that the benefits of anarchy are
not worth the price.  Aga, Vultis, it's a damned shame your parents
didn't teach you not to shit where you live.
-- 
  ``I tell you, we are here on earth to fart around, and don't let anybody
tell you any different.''
	Kurt Vonnegut, quoted in Harpers (11-95)





From aga at dhp.com  Sun Nov 17 08:37:47 1996
From: aga at dhp.com (aga)
Date: Sun, 17 Nov 1996 08:37:47 -0800 (PST)
Subject: AGA'S LIMITED VOCABULARY
In-Reply-To: <Pine.SUN.3.91.961117072848.20717D-100000@crl7.crl.com>
Message-ID: <Pine.LNX.3.95.961117112938.2235C-100000@dhp.com>


On Sun, 17 Nov 1996, Sandy Sandfort wrote:

> Date: Sun, 17 Nov 1996 07:45:17 -0800 (PST)
> From: Sandy Sandfort <sandfort at crl.com>
> To: aga <aga at dhp.com>
> Cc: freedom-knights at jetcafe.org, InterNet Freedom Council <ifc at pgh.org>,
>     cypherpunks at toad.com
> Subject: Re: AGA'S LIMITED VOCABULARY
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks and others,
> 
> On Sun, 17 Nov 1996, aga wrote:
> 
> > Now just one moment cunt. 
> 
> Colorful, yet sadly ineffectual.  
> 
> > This ain't cyberpunks.
> 
> No, it's Cypherpunks (and others).  
>          ^^^^^^^^^^^

o.k., a fucking typo.  I make it often, because there
is also an alt.cyberpunks newsgroup, so what the fuck...

> > I never joined that motherfucking list. 
> 
> Perhaps you are laboring under a misconception.  Cypherpunks is
> about the use of technology to protect privacy.  Perhaps you 
> were confusing it with that other list you are on:
> alt.sex.yourmother.
> 

No, it is your mother I have been fucking.

> > If you want to talk to me, you dump the motherfucking list. 
> > That fucking list is a waste of time, and I ain't going to
> > reply to any of those assholes any more.
> 
> Let me guess; you weren't an English major, right?
> 

Hey stupid motherfucker, you still have the cypherpunks mailing
list in the header.  Don't you know how to listen?

> > If you want to talk to me, you go to the Freedom-Knights
> > or the InterNet Freedom Council ONLY.
> 
> Thanks for your suggestion.
>  

And ai am telling you that you get no more responses to any
commo with the cypherpunks list in the header.

dig?

> > What year did you graduate from Law School?
> 
> Irrelevant, but it was 1975.  More importantly, though, when did
> YOU graduate from law school?
>  

1975.  And my school was better than your school.

I was the fucking class President in Law School.  We
fucked on Library tables at Pitt.  Where the fuck did
you go to school?

> > Again, we dump the stupid fucking list, or I don't talk
> > with you any more.
> 
> Kind of funny that you included Cypherpunks in YOUR reply, but
> don't want me to.  I guess you prefer having a captive audience
> of your cronies.  "Freedom Knights" yeah, right.  
> 

no stupid, as I told you, I do not chop headers.
I just will refuse to reply to you any more.

> So given your above ultimatum, I guess you are going to weasle
> out of sharing your vast legal knowledge with us as per my 
> request.  To wit:
> 
> > > As a favor to me and other's on the list who would like to know
> > > as much as "Aga" does about the *common-law of cyberspace* I ask
> > > "Aga" to please share his knowledge with us.  For starters, a
> > > list of the most relevant appelate cases embodied in the *common-
> > > law of cyberspace* would be appreciated.
> 
> What a pity.
> 
> 
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 

You will have to contact the Law Systems Institute for the answers to
your questions.

no more stupid fucking cypherpunks list, PERIOD.

-aGod







From jya at pipeline.com  Sun Nov 17 08:44:11 1996
From: jya at pipeline.com (John Young)
Date: Sun, 17 Nov 1996 08:44:11 -0800 (PST)
Subject: GIV_eus
Message-ID: <1.5.4.32.19961117164212.006da178@pop.pipeline.com>


   11-16-96. WaPo:

   "Air Force Halts Merger of SAIC and Aerospace. Feared
   Change Could Affect Spy Program."

      Aerospace has analyzed all aspects of the nation's
      super-secret satellite and rocket programs, as well as
      space companies' most sensitive proprietary data. The
      Air Force's clubby classified space office feared
      changing Aerospace's status could disrupt operations.
      Many defense contractors have complained about such
      feared contracts for insiders, begging: god, give us.

   -----

   http://jya.com/giveus.txt  (4 kb)

   GIV_eus








From sandfort at crl.com  Sun Nov 17 09:09:16 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 17 Nov 1996 09:09:16 -0800 (PST)
Subject: AGA'S LIMITED VOCABULARY
In-Reply-To: <Pine.LNX.3.95.961117112938.2235C-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961117085451.3816B-100000@crl4.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks and others,

On Sun, 17 Nov 1996, aga wrote:

> Hey stupid motherfucker, you still have the cypherpunks mailing
> list in the header.  Don't you know how to listen?

Sorry, what was that you were saying?  I wasn't listening.
 
> And ai am telling you that you get no more responses to any
> commo with the cypherpunks list in the header.

Promises, promises.
 
> no stupid, as I told you, I do not chop headers.
> I just will refuse to reply to you any more.

OkeeDokee.
 
> You will have to contact the Law Systems Institute for the
> answers to your questions.

Yeah, I kinda thought you were just blowing legal smoke.

> no more stupid fucking cypherpunks list, PERIOD.

Gawd, do all of you (titter) "Freedom-Knights" have sychronized
periods, or what?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








From hyperlex at hol.gr  Sun Nov 17 09:14:40 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sun, 17 Nov 1996 09:14:40 -0800 (PST)
Subject: AGA'S LIMITED VOCABULARY
Message-ID: <199611172113.TAA23081@prometheus.hol.gr>


At 11:37 �� 17/11/1996 -0500, aga wrote:
>> about the use of technology to protect privacy.  Perhaps you 
>> were confusing it with that other list you are on:
>> alt.sex.yourmother.
>
>No, it is your mother I have been fucking.

Pity! Aga should respong to this lady's needs FIRST! :-)

BTW, (paraphrasing Speedy Gonzales)...

I think she really fucks for money, but since you are an aga
she'll fuck you for nothing! :-)







>> > What year did you graduate from Law School?
>> 
>> Irrelevant, but it was 1975.  More importantly, though, when did
>> YOU graduate from law school?
>
>1975.  And my school was better than your school.
>
>I was the fucking class President in Law School.  We
>fucked on Library tables at Pitt.  Where the fuck did
>you go to school?



I can see the beginnings of an... S/M cyber-romance in these lines.
ROTFL!!!

Aga should not forget to carry a... cane in his briefcase.

The more arrogant they sound at first, the more submissive their
fantasies are!  (ALL masochists in fact).  :-)


Love and Jelly Babies
George

P.S.  My first guess is that Sandy is a Piscean, and Aga is a Taurus.
      It would work out better with him being a Scorpio or a Leo, however.
      (My second guesses on Aga). My second guess on Sandy is that she's
      a Virgo, however. In this case avoid her at all costs! ROTFL!!!!
















From nobody at cypherpunks.ca  Sun Nov 17 09:20:11 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 17 Nov 1996 09:20:11 -0800 (PST)
Subject: A word on "emergencies" [WAS Re: Final Solution to the Crypto ]
Message-ID: <199611171715.JAA20014@abraham.cs.berkeley.edu>


Professor Michael Froomkin penned, amid the "freedom knight" noise:

<snip>

>my point is a simple one.  The fact that the President has
>declared an emergency here is primarily a technical legal event.  It is
>not a sign that martial law is about to be declared, that they are coming
>to take you or your [fill in blank] away, or that anything fundamental has
>changed. 

OK, let's fill in the blank. Gun. I have heard noises that sound like you wouldn't mind this, even though I am totally peaceful and would never want to shoot anyone absent extreme provocation (such as armed invasion of my home). The way I see it, martial law could be declared at any time, or it could slowly be declared now, which I think is happening. Checkpoints and house-searches for drugs and drunks are to get us used to checkpoints and house-searches for guns and unauthorised crypto. This is only my opinion, and I fear revealing my identity publicly because people with guns are starting to get used to hiding our emotions if we are peaceful and harmless, like me. I rarely even go to the range and practice anymore (2-4 times a year). I can imagine my kids feeling the same way about sending messages with strong crypto protection.

>Multi-year emergencies in which the executive uses one statute
>to compensate for the Congressional decision/failure to pass another
>statute is not, I submit, a particularly telling sign of a mature and
>healthy democracy.  But this goes to large and gradual processes, not to
>anything that suddenly happened. 

Why am I thinking about boiling frogs now?









From azur at netcom.com  Sun Nov 17 09:26:52 1996
From: azur at netcom.com (Steve Schear)
Date: Sun, 17 Nov 1996 09:26:52 -0800 (PST)
Subject: Crypto Bounties: Another Thought that crossed my mind.
Message-ID: <v02140b04aeb4fae78e96@[10.0.2.15]>


Eric Hughes gave a two-part presentation at DEFCON IV, which he has
subsequently polished up, that addresses: 1. ways to implement a Universal
Priacy System that enables simple and anonymous data hiding using the
existing Net facilites, and 2. a system of intellectual property
distribution and funding which is based more closely on models used in
Hollywood (e.g., completion bonds).

Eric, what's the status of your proposal?

-- Steve

>Here we go again:
>
>      There are is a lot of software that we would all like to see
>developed and deployed right?
>
>      There are a lot of people out there who write code, sometimes
>even freely redistributable code, but they have to eat, and get their
>net access right?
>
>     Well, I was thinking, what if a "Crypto Software Bounty Server"
>were set up, so that someone could propose a tool that they would like
>to see, along with an initial bounty. Others could contribute toward that
>bounty (anonymously if they wish) until either the tool was delivered.
>
>     The original issuer sets standards for the software (i.e. "easy to
>use interface to mixmaster remailers for Macintosh", then must define
>easy to use; Software considered delivered when in [alpha beta late-beta
>&etc.]). The first to present software meeting these qualifications gets
>the bounty, with the caviate that the software must be either gnu-copylefted,
>or some similar "free use" copyright, after all, "The Net" paid for it...
>
>     Some of the problems (and potential solutions) I can think of in this:
>
>     1) Refusing to honor the contract--Maybe when a project is proposed,
>        some other people (for a small percentage of the total) sign on
>        as judges. When they feel that it reached the stated goal, then
>        it is done. -Or- Money put up is non-refundable, and the bounty
>        stays in the "bank" until claimed.
>
>     2) If the money stays in the bank until claimed, people might not
>        put up that much (or enough) to make a specific project worthwile--
>
>        This could be solved by allowing the "bounty" to lapse in one
>        of 3 ways:
>
>        A) <x> length of time after the initial proposal (bad because
>           i) someone could already be working on it; ii) bad because
>           other people might add to the bounty, so a potential programmer
>           might not start until the "pot" has grown to a certain level.
>
>        B) <x> length of time after the last addition to the bounty,
>           bad for both i & ii above.
>
>           These can both be gotten around (and other problems) by allowing
>           programmers to "register" with the service that they are working
>           on a project (either anonymous registery, so that people will
>           still contribute to the project, or list those registered so
>           that people know [if who] someone is working on it)
>
>     3) Funding: The server (in both the machine and the organizational sense)
>        could be funded by:
>
>        A) Interest on the money accumulated.
>
>        B) A percentage of the bounty (say 10%)
>
>        C) Both A & B.
>
>Has anything like this been proposed before? I know that the FSF (IIRC) accepts
>contributions, but I am thinking of something more targeted, more "market
>driven" if you will.
>
>This could be expanded to non-crypto software as well, just think, if half
>the X Window users ponied up $5 a peice for a "good, easy to use non-motif
>word processor", how long do you think it would take for someone to start
>coding a MS Word killer?
>
>Comments?
>
>
>Petro, Christopher C.
>petro at suba.com <prefered for any non-list stuff>
>snow at smoke.suba.com







From deviant at pooh-corner.com  Sun Nov 17 09:28:56 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 17 Nov 1996 09:28:56 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <199611171432.JAA02213@homeport.org>
Message-ID: <Pine.LNX.3.94.961117172527.2314A-100000@random.sp.org>


On Sun, 17 Nov 1996, Adam Shostack wrote:

> The Deviant wrote:
> | On Sat, 16 Nov 1996, Joshua E. Hill wrote:
> | > 	I'm trying to think of a function to replace UNIX's crypt(3).  
> | > My design criteria are as follows:
> 
> | Why? UNIX passwords with password shadowing are as secure as any password
> | system is going to get.  If your security holes are with passwords, its
> | because your admin is to lazy to install needed security provissions, not
> | because the system of checking passwords is bad.
> 
> 	A longer salt would make running crack against a large
> password file slower.

While thats all well and good, it shouldn't be necisary.  If passwords are
shadowed, one must have root access before one can run crack against the
password list, at which time it is innefective.

> 
> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume

Nice sig... I think I'll add it to my list...

 --Deviant
"First things first -- but not necessarily in that order"
                -- The Doctor, "Doctor Who"







From adam at homeport.org  Sun Nov 17 09:37:09 1996
From: adam at homeport.org (Adam Shostack)
Date: Sun, 17 Nov 1996 09:37:09 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117172527.2314A-100000@random.sp.org>
Message-ID: <199611171732.MAA05948@homeport.org>


	Unless you're running yp, or if your wu-ftpd leaves a core
with the password entries still in memory, or sendmail can be used to
read any file on the system...

	Belt *and* suspenders, and a lot more simplicity than wu-ftpd
or sendmail offers you.

Adam
The Deviant wrote:
| On Sun, 17 Nov 1996, Adam Shostack wrote:
| > The Deviant wrote:
| > | On Sat, 16 Nov 1996, Joshua E. Hill wrote:
| > | > 	I'm trying to think of a function to replace UNIX's crypt(3).  
| > | > My design criteria are as follows:
| > 
| > | Why? UNIX passwords with password shadowing are as secure as any password
| > | system is going to get.  If your security holes are with passwords, its
| > | because your admin is to lazy to install needed security provissions, not
| > | because the system of checking passwords is bad.
| > 
| > 	A longer salt would make running crack against a large
| > password file slower.
| 
| While thats all well and good, it shouldn't be necisary.  If passwords are
| shadowed, one must have root access before one can run crack against the
| password list, at which time it is innefective.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From sweisman at cc.huji.ac.il  Sun Nov 17 09:41:28 1996
From: sweisman at cc.huji.ac.il (Scott Weisman)
Date: Sun, 17 Nov 1996 09:41:28 -0800 (PST)
Subject: Strong Encryption for International Versions of Netscape
Message-ID: <3.0.32.19961117193927.006bc720@cc.huji.ac.il>


FOR IMMEDIATE RELEASE: November 17, 1996

ANNOUNCING STRONG ENCRYPTION FOR INTERNATIONAL VERSIONS OF NETSCAPE

JERUSALEM, Israel -- SecureScape Technologies announces the alpha release
of its first product, SecureScape.  This revolutionary program offers
international users of Netscape Navigator the same strong encryption as
that enjoyed by users in North America.

All software encryption products developed in the United States are subject
to export restrictions.  Such exported software is subject to an arbitrary
40-bit key length, compared to the 128-bit (or greater) key length commonly
found in domestic software.  This weakened software is in certain ways
inferior to no encryption at all, since it gives users a false sense of
security.

The Executive Order by President Clinton on November 15, which modifies
U.S. Government policy on export restrictions, still requires requests for
export permits to be considered on a case by case basis.

Furthermore, it is very likely that strong encryption products will be
granted export permits conditional on key-escrow or other compromise
arrangements, because the Executive Order states, "the export of encryption
software . . .  must be controlled . . . such software shall not be
considered or treated as 'technology'."  Implying that encryption software
is still considered a form of munitions.

The irony, of course, is that strong encryption has been widely and easily
available outside of the U.S. for years.  SecureScape was developed using
the freely available SSLeay library, developed by Eric Young of Australia.

SecureScape Technologies was founded by Scott Weisman, a software developer
residing in Jerusalem, to develop and market Internet security products.
The company is seeking investors interested in a strategic partnership.

The SecureScape home page is located at
<http://www.SecureScape.com/secscape/>.  SecureScape currently works with
Netscape versions 1.1 or later on the Windows 95 and Windows NT platforms.

CONTACT:
Scott Weisman
P.O.B. 31194
Jerusalem 91311 ISRAEL
sweisman at SecureScape.com

� 1996 Scott Weisman - All Rights Reserved.
Netscape and Netscape Navigator are trademarks of Netscape Communications
Corporation.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
SecureScape uses software developed by Eric Young (eay at mincom.oz.au).






From mpd at netcom.com  Sun Nov 17 09:55:04 1996
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 17 Nov 1996 09:55:04 -0800 (PST)
Subject: Unsubscriving Briefly
Message-ID: <199611171754.JAA21558@netcom17.netcom.com>


I'm unsubscriving from the list for a few days (weeks?) until the 
noise level drops down a bit.  I'll check it periodically on the Web
and I'm pretty sure that if something happens that shakes the world
of cryptography to its very foundations, someone will probably send 
me some email about it. 

Please continue to party while I am away. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $






From tomvdw at glo.be  Sun Nov 17 09:55:30 1996
From: tomvdw at glo.be (Tom Van de Wiele)
Date: Sun, 17 Nov 1996 09:55:30 -0800 (PST)
Subject: Please take me off the list
Message-ID: <199611171755.SAA25951@phobos.glo.be>


Sir

Please take me off the list.

Thanks

Tom Van de Wiele  -- tomvdw at glo.be





From sven at loop.com  Sun Nov 17 10:37:35 1996
From: sven at loop.com (Sven)
Date: Sun, 17 Nov 1996 10:37:35 -0800 (PST)
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
Message-ID: <199611171834.KAA14867@patty.loop.net>


>> 	I have a suggestion...  How 'bout if everybody on this list dropped
>> a procmail configuration that mailed aga at dhp.com and postmaster at dhp.com
>> a copy of every message that originated from aga at dhp.com?  Do you think
>> he would start to "get it" then?

Why are these people so uptight?

Sven


MOSER016.JPG

|__
   |--> SVEN: a.k.a. Chris Blanc
        Internet consulting/Web design
		
		[ http://www.loop.com/~sven/ ]

Some only sample the dark wine of life's blood...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hqx00000.hqx
Type: application/octet-stream
Size: 59074 bytes
Desc: ""
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961117/cc74c3ee/attachment.obj>

From ses at tipper.oit.unc.edu  Sun Nov 17 10:39:16 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Sun, 17 Nov 1996 10:39:16 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <328D0476.4C3B@ix.netcom.com>
Message-ID: <Pine.SUN.3.91.961117133019.11544A-100000@tipper.oit.unc.edu>


On Fri, 15 Nov 1996, Rich Graves wrote:

> Peter Hendrickson wrote:
> > 
> > 
> > There are times when one wishes to speak anonymously, yet speak
> > as a member of a group.
> 
> You either need to trust a shared server to know and then blind your 
> identity, or trust the people with whom you share a secret key not to 
> give that key to non-group members.

Why not use  blinding for obtaining the certificate? 

Create a number up public/private key pairs, blind them, then do the
cut-and-choose thing with the security officer. He signs the blinded key,
then returns it. Unblind the remaining pubic key, and you've got a public
key with the appropriate signature on it. 

Simon

 ---
If I can get my key back,   it's Key Recovery
If you can get my key back, it's Key Escrow






From roy at sendai.scytale.com  Sun Nov 17 10:42:43 1996
From: roy at sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 17 Nov 1996 10:42:43 -0800 (PST)
Subject: Exploring hooks in MSIE
In-Reply-To: <328E80BC.FF@redweb.com>
Message-ID: <961117.092500.5F7.rnr.w165w@sendai.scytale.com>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, Dietrich_Kappe at redweb.com writes:

> A little bird told me that MSIE has Javascript hooks that allow a site
> to check whether all Microsoft products on a client machine are properly
> licensed. Has anyone investigated the Javascript (err, Jscript)
> implementation in MSIE to see if this is true?
>
> The same little bird told me that MS is building some use of this
> "feature" into their Websites. Can any MS consultants corroborate on
> this issue?

I might have some insight on this after Thursday's afternoon outing to
the Microsoft Web Builder Workshop.  (for those who haven't heard, MSoft
is offering a half-day seminar with major swag... for $89, you walk out
with NT 4.0 server, J++, FrontPage and every instantiation of MSIE)  I
expect to learn some interesting stuff.
- -- 
           Roy M. Silvernail     [ ]      roy at scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey at scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMo8vsxvikii9febJAQGpVAQAnbsa/4+dLKS4hdiOoiDXos76MK/b6lAD
6vHPq69tND9cqVCm24MZz1PbfS4VIY0HoTHiMLgBdgyRtfHW3buipC008uRTUZWH
IS2T2zgxW7MB4IfctKjl5s94JqOSmmn545rJy3K+Ii3ELOqTpqlXsUX6LJMba8De
WzCXyjU9a50=
=gMOu
-----END PGP SIGNATURE-----






From minow at apple.com  Sun Nov 17 10:51:18 1996
From: minow at apple.com (Martin Minow)
Date: Sun, 17 Nov 1996 10:51:18 -0800 (PST)
Subject: Computer CPU chips with built-in crypto?
In-Reply-To: <199611161913.LAA01571@crypt.hfinney.com>
Message-ID: <v03007805aeb4208db8aa@[17.219.102.27]>


In a note to cypherpunks, Hal Finney comments on the new crypto
initiative:
>
>It's also not clear what the hardware manufacturers get out of this.
>Their sales overseas have never been blocked.  There has been no demand
>for custom crypto hardware.  I don't see how they have been harmed by an
>inability to ship computers with built-in encryption hardware.  Granted
>there are some possible applications for such systems but I don't see the
>market demand which would drive this decision.
>

I'm not sure if I can answer this but, at last week's SF cypherpunks
meeting, an Intel engineer asked whether there might be any interest
in a computer chip with some sort of encryption mechanism built
into the chip. As I understand it, this chip would process an
encrypted instruction stream. I.e., it could not execute a program
unless the "key" for that program was first loaded into the chip.

An interesting idea: does anyone have more information?

Martin Minow
minow at apple.com







From usura at replay.com  Sun Nov 17 11:07:56 1996
From: usura at replay.com (Alex de Joode)
Date: Sun, 17 Nov 1996 11:07:56 -0800 (PST)
Subject: MSIE 128 Bit
Message-ID: <199611171907.UAA07862@basement.replay.com>


Dr.Dimitri Vulis KOTM (dlv at bwalk.dm.com) wrote:

: Steve Shelby <sshelby at feist.com> writes:
: >
: > Microsoft has a 128 bit version of their Explorer available.
: >
: > You have to jump through a few hoops, but they have it.

: How about maiking available on a European mirror site with no questions asked?

ftp.replay.com/pub/replay/pub/incoming/0-microsoft/ has one 128 bit version.

--
 Alex de Joode		    http://www.replay.com/people/adejoode
 I have a linux emulator for Win95: it's called "loadlin" ... *g*





From blancw at cnw.com  Sun Nov 17 11:37:36 1996
From: blancw at cnw.com (blanc)
Date: Sun, 17 Nov 1996 11:37:36 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <01BBD47B.EC679D60@king1-22.cnw.com>


From:	Hal Finney

You suggest that the main motivation which someone might have for protecting privacy is that they are engaged in some illicit activities:

page 45: "Why should I really care if someone sees this?  I have nothing to hide."
.....................................................


This statement from David Brin impressed me with the consistency of a certain way of thinking that some people have:

          "I think that having a minimum standard of living is good, therefore everyone should be coerced to contribute to the general welfare."  On the other hand,  "I myself have nothing to hide, therefore no one should be concerned (read: permitted) to do so."

The issue for them in regard of what everyone should/should not do, is whether anything is logical as far as they themselves can see - and the logic revolves around what they themselves think is right;  the extent of their own vision is considered sufficient to determine the parameters of everyone else's life & actions, and therefore sufficient cause to have their measures imposed over all.

But this letter of Hal's brought up an important point:   that even if a person has nothing to hide, it is not the openness or closedness of information which is of concern, but the *responses of others* to that information.    

When an individual wants to live a free & open life, they expose themselves to dangers.   In order to be free to roam, they must have a way to protect themselve from all manner of destructive influences  -  the weather, predatory animals, vicious strangers, etc.    There must be a way to protect what is one's own in order to preserve it.   If it was easier for everyone to defend themselves against attacks on their person or reputation, maybe there would not be as much concern about privacy.   Perhaps if a person could "get away" from others, could continue to have a normal life without too much disruption, once some exciting bit of info was out in public, if they could maintain command over the effects upon their life despite living in a fishbowl, then no one would worry quite as much (although the principle of personal control over one's property remains the same).   But in the meantime, we have but few ways to protect ourselves under the centralized arrangement for protection (police, defense agencies).   

Anyone in a government position is aware of how their public expressions can result in public outcries against them; the secret agencies protect their information files because of what "the enemy" would *do* if they found out about these - even if the agency itself does not consider its activities immoral.

If Information is like munition, privacy is like defense - it is a form of self defense.

    ..
Blanc






From ph at netcom.com  Sun Nov 17 11:43:50 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sun, 17 Nov 1996 11:43:50 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <v02140b05aeb518d83c92@[192.0.2.1]>


At 1:39 PM 11/17/1996, Simon Spero wrote:
>On Fri, 15 Nov 1996, Rich Graves wrote:
>>Peter Hendrickson wrote:
>>> There are times when one wishes to speak anonymously, yet speak
>>> as a member of a group.

>> You either need to trust a shared server to know and then blind your
>> identity, or trust the people with whom you share a secret key not to
>> give that key to non-group members.

> Why not use  blinding for obtaining the certificate?

> Create a number up public/private key pairs, blind them, then do the
> cut-and-choose thing with the security officer. He signs the blinded key,
> then returns it. Unblind the remaining pubic key, and you've got a public
> key with the appropriate signature on it.

Okay, this would work.  But, it requires that all (or at least many) of the
Members of Parliament cooperate.  If not, then the security officer will
be able to make very good guesses about who is speaking.

Parliamentarians may not cooperate for a variety of reasons.  They may
not wish to be attacked by terrorists for the words of others.  They
may believe that cowardice is not to be encouraged.  They may not believe
in anonymity.  It might be too hard for them.

What I would like to see is a method which relies only on published
public keys and no other cooperation from the people who are (more
or less) being used as shields.  This may be impossible.

(A number of people have posted references to other ways of doing
this.  I have yet to track down the references they gave so I don't
know if any of them fit the bill.)

Peter







From hallam at vesuvius.ai.mit.edu  Sun Nov 17 12:43:29 1996
From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu)
Date: Sun, 17 Nov 1996 12:43:29 -0800 (PST)
Subject: A Disservice to Mr. Bell
In-Reply-To: <199611170516.XAA02653@smoke.suba.com>
Message-ID: <9611172048.AA01493@vesuvius.ai.mit.edu>



Petro is right to point out that third largest party does
not mean being the third most influential. But by any standards
Perot is much more influential than an Libertarian candidate.
Perot has managed to get his views onto the national agenda.,
Browne has not.  The only mainstream party to have been in
any measure influenced by libertarian ideas is the Republicans
who are also the party of extreeme social authoritarianism,
even if they don't believe in it they have to fawn on Pat
Robertson's Christian Coalition to get through the primaries.

As for what happens in 2000 it does not appear that the
Republicans will have extricated itself from the religious
right's grip. This will probaly mean that they end up putting
up another compromise candidate like Dole. With Clinton sitting
so far to the right its very difficult for the Republicans
to find any response.

Unless something happens to change things I don't see any
likelyhood of change the next time round. The only factor
likely to change anything would be for Congress to take
campaign finance reform seriously. I doubt that that is going 
to happen because the last Congress sold favours more openly
than any since 1876. During the Communications Decency Act
politicing I was somewhat suprised to find out the cost
of the lobbying effort, after all it shouldn't take more than a 
few plane tickets to send the right people down to DC. Then
I found out that the main cost was buying into the committee
system to get a hearing. I'm not saying that one side or
the other is worse but the tone of the Congress was pretty much
set by Newt Gingrtich accepting an inaugural bribe of a couple
of million from Murdoch, alledged advance payment for a book
that was pulped.

There are good reasons why the rest of the world tends to
turn off when told about America as the "home of Democracy".

	Phill





From deviant at pooh-corner.com  Sun Nov 17 12:44:03 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 17 Nov 1996 12:44:03 -0800 (PST)
Subject: Please take me off the list
In-Reply-To: <199611171755.SAA25951@phobos.glo.be>
Message-ID: <Pine.LNX.3.94.961117202641.181C-100000@random.sp.org>


On Sun, 17 Nov 1996, Tom Van de Wiele wrote:

> Sir
> 
> Please take me off the list.
> 
> Thanks
> 
> Tom Van de Wiele  -- tomvdw at glo.be
> 

Hrmm.. not only did he misspell "unsubscribe", but he sent it to the wrong
address (if he were _really_ trying to get off the list, he would send a
message to majordomo at toad.com with "unsubscribe cypherpunks tomvdw at glo.be"
in the _message body_).

Many bits were transferred in this message...

 --Deviant
To communicate is the beginning of understanding.
                -- AT&T







From hal at rain.org  Sun Nov 17 13:05:48 1996
From: hal at rain.org (Hal Finney)
Date: Sun, 17 Nov 1996 13:05:48 -0800 (PST)
Subject: Computer CPU chips with built-in crypto?
Message-ID: <199611172105.NAA04230@crypt.hfinney.com>


From: Martin Minow <minow at apple.com>
> I'm not sure if I can answer this but, at last week's SF cypherpunks
> meeting, an Intel engineer asked whether there might be any interest
> in a computer chip with some sort of encryption mechanism built
> into the chip. As I understand it, this chip would process an
> encrypted instruction stream. I.e., it could not execute a program
> unless the "key" for that program was first loaded into the chip.
>
> An interesting idea: does anyone have more information?

This sounds like something which might be used in a set-top-box or
"information appliance" application where pay-per-use programs would
be loaded from a CDROM or network connection.

People have been dreaming about pay per use software for many years.
It is a similar idea to the "mini application" concept which would
replace the monolithic super-apps, the Microsoft Words and the giant
do-everything web-browsers/newsreaders/mail-clients, with small, single
function utilities.  This is part of the idea behind Apple's OpenDoc
and Microsoft's OLE.  In the same way, instead of buying a big program
for hundreds of dollars, you'd just download and use the functionality
you needed for a small fee.

Yet in practice it is not clear whether either of these trends will have
any market success.  Monolithic applications seem to be doing very well,
with more integration being the trend, not less.  And the whole idea
of introducing metering to a market which is used to paying just once
for access is one which is bound to meet resistance.  Look at AOL which
is going to single-charge unlimited access to the net.

So in both cases the trend looks to be going in the opposite direction.

Another possible application for the built in encryption is software
piracy protection.  You'd unlock software for your CPU but it would
not run on anybody else's without a different key code.  Here again
there is not much benefit to the end user, unless software prices come
down dramatically when this device is used.  But otherwise the computer
manufacturers are selling computers which have features which will limit
the powers of the buyers, and having to sell them more expensively to
boot because of the special chip.  In these days of razor thin profit
margins in the PC business it is hard to see how this will sell.

Hal





From abostick at netcom.com  Sun Nov 17 13:07:36 1996
From: abostick at netcom.com (Alan Bostick)
Date: Sun, 17 Nov 1996 13:07:36 -0800 (PST)
Subject: [NOISE]  Want to know about this "aga" character?  Read the Grubor FAQ!
Message-ID: <328F7BDD.D1F@netcom.com>


In case you aren't clued in enough to know, "aga at dhp.com" is none other 
than John Grubor, well-known Usenet Kook Of The Month winner for
November, 1995.  He *cannot* be reasoned with.  Don't even try. He
makes Dimitri Vulis appear sane, calm, and rational.

Read the Grubor FAQ, http://kendaco.telebyte.com/dharland/Grubor.FAQ.html 
for more details.

Alan "pseudonum of the LYING FORGER PETER VOROBIEFF!!!!1!" Bostick
-- 
Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick at netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick





From dave at kachina.jetcafe.org  Sun Nov 17 13:12:08 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Sun, 17 Nov 1996 13:12:08 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611172111.NAA04310@kachina.jetcafe.org>


[Multiple CC's trimmed, I don't think anyone at msn.com cares...]

> #From Phrack 49, file p49-09 published this month:
...
>                                  File 09 of 16
>                           by Dr.Dimitri Vulis (KOTM)
>                A Content-Blind Cancelbot for Usenet (CBCB)
...
> And what follows, is Dr. Dimitri, defender of freedom of expression,
> champion of the anti-censors on the net, posting code to the world to
> engage in exactly those activities that everyone has been ranting about
> as being so utterly "horrifying (forged cancellations etc)" as it
> were.

You call yourself on cypherpunks, and you blithely assume that a
Phrack author actually signs his real name? 

Either I thought you guys were *real* hackers and you aren't, or
this is a very funny troll.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

                  "Better to be safe than to be sorry" 
   is a remark of value only when these are the actual alternatives.









From dave at kachina.jetcafe.org  Sun Nov 17 13:16:55 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Sun, 17 Nov 1996 13:16:55 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611172116.NAA04343@kachina.jetcafe.org>


> The free market will ever be the only real path to free speech, because,
> in essence, it is free speech.
> Free speech does not, however, require that all speech be universally
> broadcast to each and every citizen on the planet free of charge.  That's
> "subsidized speech."

Given that the free market rule is "he who has the money makes the
rules", please explain how anything less than "subsidized speech" (as
you put it) is anything close to free speech?

[For those who's assumptions rule their perception: I am *not* arguing
that all speech should be subsidized. I am merely pointing out that
the organization that is spending the money to broadcast is
controlling the speech, hence it is *not* free speech in terms of
freedom or cost.]
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

                If you want to get rid of somebody, 
            just tell them something for their own good.





From tcmay at got.net  Sun Nov 17 13:19:32 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 17 Nov 1996 13:19:32 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v02140b05aeb518d83c92@[192.0.2.1]>
Message-ID: <v03007801aeb52de9d3b0@[207.167.93.63]>


At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:

>What I would like to see is a method which relies only on published
>public keys and no other cooperation from the people who are (more
>or less) being used as shields.  This may be impossible.
>
>(A number of people have posted references to other ways of doing
>this.  I have yet to track down the references they gave so I don't
>know if any of them fit the bill.)

It sounded to me from your initial statement of the problem that this is
the canonical Dining Cryptographers Problem: a group of N persons wishes to
allow communication from one of their number without any possibility that
the message can be traced to a single one of them.

There are of course numerous issues to be dealt with in a DC-Net, some
discussed in Chaum's orginal paper (available at one time at the
Cypherpunks ftp site), some discussed in the followup papers in "Eurocrypt"
some years back, and some discussed by several of us on this list (with,
perforce, not as much academic rigor as the academic papers have).

* Collusion. It will _always_ (repeat: always) be possible for N -1 of the
folks to conspire to identify the member sending the message. No
cryptographic system can possibly prevent that, for basic ontological
reasons.

(For example, if the members of Parliament suspect MP Peter H. to be the
source of anti-British opinions, they may compare notes, agree that none of
them sent the message, and thus know that Peter H. sent it. Of course, can
they be trusted? A meta-issue. But such are the ways even DC-Nets can be
thwarted...by the members themselves. This is beyond cryptography.)

However, the costs and difficulties in collusion to identify a sender can
be made quite high by having multiple DC-Nets, such that collusion would
have to span a critical subset of them.

* Denial of service. Some members of the DC-Net(s) may choose not to
participate, or to "lie" (in terms of doing their XOR operations with their
neigbor), etc. The various DC-Net papers deal with these problems.

For the specific example Peter cites, of a member of Parliament who doesn't
like the possibility of anonymity....well, he wouldn't be part of the
DC-Net would he? Generally, there are no cryptographic solutions that will
encompass the case where some member wants to speak anonymously, but no one
else does. If a message originates from "someone in Parliament," but only
one member of Parliament is set up to speak anonymously, then of course by
simple elimination he is the speaker. As before, this is beyond any
cryptographic solution.

And as soon as N are interested, where N > 1, the possibility of a DC-Net
is present. Obviously, the bigger N is, the better.

There may be easier to implement approaches, such as the ones people have
proposed involving distribution of "voting tokens" (blinded, for anonymity).

Anonymous voting is, in fact, formally equivalent (with some hand-waving
about some details) to the problem of untraceable speaking. The example
Peter cited, of a MP wanting to "speak anonymously" is equivalent to
wanting his vote--on Northern Ireland, for example--to be anonymous.

(Chaum was studying anonymous electronic voting protocols, of course.)

A simple form of this is "blackballing." Members have white and black
balls, and place one of the balls in an urn. Properly implemented, this
gives anonymity.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From hyperlex at hol.gr  Sun Nov 17 13:21:04 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Sun, 17 Nov 1996 13:21:04 -0800 (PST)
Subject: You ought to REALLY look at this...
Message-ID: <199611180117.XAA10583@prometheus.hol.gr>


Ladies and Gentlemen,

I hereby quote a rather remarkable letter, which I pass on to whom it may
concern. I consider it an _honour_ to have received such a letter, even
though the material expressed in the letter is a serious assault on the
entire Western Value System, and possibly Civilisation itself, no joke.

At first I did not believe such a *terrorist* letter could have EVER been
written. And I could never believe myself to be the recipient of it either.

But now I strongly recommend you read it carefully and think about it...

For your OWN benefit, I believe more than mine...

With thanks for your attention
George A. Stathis

P.S. If you take a deep breath, see my (amusing?) comments in the end. :)



>Hops: 0
>Posted-Date: Sun, 17 Nov 1996 20:13:15 -0200 (GMT)
>X-Sender: tcmay at mail.got.net
>Date: Sun, 17 Nov 1996 10:18:36 -0800
>To: "George A. Stathis" <hyperlex at hol.gr>
>From: "Timothy C. May" <tcmay at got.net>
>Subject: Stathis on "Don't Hire" List
>Content-Length: 1426
>
>At 9:00 AM -0200 11/17/96, George A. Stathis wrote:
>
>>It is not ethical to send such strong negative _injunctions_ to masses
>>of people and also to strangers (the 1900-strong members of the cyberphunks
>>list for instance). Because, you may or may not have strong reasons for
>>believing you are justified in such invalidation, but more than a 1000
>>people are now _told_ by (self-appointed) "experts" such as yourself what
>>and whom to ignore or to believe. (Like sheep led to the slaughter)...
>
>"Not ethical"?
>
>But we will do it anyway. Moreover, some of us maintain lists of "Do Not
>Hire" persons. Few high tech or Silicon Valley software companies will hire
>such folks.
>
>Congratulations, Stathis, as you are now on such a list.
>
>
>
>"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
>that the National Security Agency would try to twist their technology."
>[NYT, 1996-10-02]
>We got computers, we're tapping phone lines, I know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."


Comments?


(1)
Well, first of all, Tim May is doing a disservice to the companies who use
his services. They will end up hiring only morons and controllable relics
of human creativity;  Which is why there a WORLD-SHORTAGE of SUPER-
PROGRAMMERS at the moment, as reported e.g. by Byte-magazine.

(2)
If I were a _clever_ American employer, I'd use Tim's 'black list', in
order to HIRE precisely those people whom he considers 'unemployable'... 

(3)
Now I don't want to boast about who I am, but it's strangely ironical
that I _am_ one such "Super-Programmer" (fluent in PROLOG. Assembly, 'C'
and also... English -a computer-lingo as it happens). In the eighties I
was also a painter (of pictures, not walls), and other things...
As a 'New Age' kind of person, I used to admire America for rewarding and
promoting human _talent_, as opposed to human mediocrity, subservience
(the "Yes-Man" attitude), and Evil in the Soul. (as often happened in
old-whore Europe; especially in Greece)... :-)

Nowadays, however, when 'people' like Tim May, are able to dictate to your
admirable High-Technology firms, *what* kind of people to hire and what not
to hire, I can see... very gloomy prospects for American Research, _if_
this type of monstrocity (as his letter) is prevails for too long... :-)

Originally, lists of "unemployable" people, which I had heard of, crossed
my mind as 'probably justified'. As an EMPLOYER MYSELF, with a small but
strong software-house, here in Athens, with at least one important Market 
Success, I do have some experience, you know, of what kind of people *are*
and what kind of people are *not* 'employable'. I once knew a very good but
very egotistic Assembly Language programmer. When he stopped working with
me he stole large sections of my source-code. As a result, I find it hard
to trust 'employees' ever since...


(4)
I would therefore request a list of 'unemployable' people in order to choose
possible collaborators, in my work. They should be highly proficient in
PROLOG code, as well as ASSEMBLY and 'C', and should also be sociable, witty
and independent-minded.  Clashing with personalities like Tim May's may be
considered an added advantage.

(5)
Just for the record, I spoke on the phone with an important partner, told
him what happened, and was told by him that Tim May's letter is the kind
of scum-fascism no serious European Company would ever give credit to...

However, Tim's letter appears not so much to address me personally, as much
as the hordes of gullible, insecure, employment-hungry young Americans, who
are often _terrorised_ into complete SILENCE, since the _slightest_ amount
of free speech in their own natural (or Net-) surroundings, causes Fascist
PUnk-Thugs like TIm May to threaten them with unemployability.

Although Tim May's letter in itself constitutes terroristic harrasment,
threat to libery (via threat of unemployability), and so on, I consider these
labels to be irrelevant in this case, and legal arguments highly irrelevant.

When Nazi Germany deported Einstein it took much less elaborate procedures
than flawed 'unemployability lists'. Perhaps hiring Mafia men to finish us
off would be a much more efficient tactic in this respect. :-)

With Dismay, but also... Inspiration :-)
Geore A. Stathis



P.S. I also cross-posted this DELIBERATELY, this time to the cypherpunks
     list, in order to give more COURAGE to those poor list-members whose
     standard of living suffers the terror and threat of Unemployment,
     just in case they know who is responsible for their future sufferings.









From dave at kachina.jetcafe.org  Sun Nov 17 13:24:02 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Sun, 17 Nov 1996 13:24:02 -0800 (PST)
Subject: Giving Kill Files a Workout...
Message-ID: <199611172123.NAA04405@kachina.jetcafe.org>


Dimitri Vulis writes about unwanted noise:
> They feel compelled to silence it altogether. They claim altruistically
> that they don't want the noise to bother anyone else, such as the clueless
> newbies who keep subscribing to this mailing list and don't know how to
> use mail filters. (Sandy Sanford's concern for them was soooo touching...)

Misplaced altruism is one of the primary causes of social injustice,
authoritarian regimes, and security measures.

It is not possible to be "altruistic" until one realizes that one
doesn't know what true "altruism" is. 
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

    Don't follow in the footsteps of the ancients, seek what they sought.












From tfs at adsl-122.cais.com  Sun Nov 17 13:32:10 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Sun, 17 Nov 1996 13:32:10 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <199611172111.NAA04310@kachina.jetcafe.org>
Message-ID: <9611172131.AA06063@adsl-122.cais.com>


Dave Hayes wrote;
> 
> 
> You call yourself on cypherpunks, and you blithely assume that a
> Phrack author actually signs his real name? 
> 
> Either I thought you guys were *real* hackers and you aren't, or
> this is a very funny troll.

To quote the editors of phrack on this: "Hey, he submitted it and we published it".

If Dimitri wants to deny submission it's up to him. Plenty of people regularly
publish stuff in Phrack using either their real names, or aliases that are
so well connected with their real names as to be inseperable.

Cypherpunks are not hackers, don't confuse the two. 

Tim







From security at kinch.ark.com  Sun Nov 17 13:37:45 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Sun, 17 Nov 1996 13:37:45 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117172527.2314A-100000@random.sp.org>
Message-ID: <Pine.LNX.3.95.961117133536.1181L-100000@kinch.ark.com>


On Sun, 17 Nov 1996, The Deviant wrote:

> On Sun, 17 Nov 1996, Adam Shostack wrote:
> > 	A longer salt would make running crack against a large
> > password file slower.
> 
> While thats all well and good, it shouldn't be necisary.  If passwords are
> shadowed, one must have root access before one can run crack against the
> password list, at which time it is innefective.

I couldn't disagree more (not that I necessarily agree or disagree with
Adam's approach). Sure, once you have root you don't need any other
access, until the hole is found and closed that gave root in the first
place. After that, that /etc/shadow file with the lousy passwords (that
seem inevitable with folks using /etc/shadow as they get complacent
with a false sense of security) provide the would-be cracker with a set
of local accounts to (try to) break in again. Local accounts are
definitely an advantage should you be looking for way to break any Unix
variant.

The moral of the story is: ALWAYS ensure that whatever passwords you
have on your unix system are not beatable by crack, don't rely upon
hiding them because if you are wrong you are in it up to your neck!

cheers, kinch







From cp at panix.com  Sun Nov 17 13:53:39 1996
From: cp at panix.com (Charles Platt)
Date: Sun, 17 Nov 1996 13:53:39 -0800 (PST)
Subject: Emergency powers
Message-ID: <Pine.SUN.3.91.961117164425.15672A-100000@panix.com>


Of course, Michael Froomkin is right in everything he says about
presidential emergency powers. But an unconstitutional abuse of power is
surely not acceptable merely because it has become a routine method for
accomplishing everyday legislative tasks.  First, it allows significant
possibility for future abuse; and second, if the Constitution is routinely
circumvented, this diminishes its general power (as any law loses its
power when it is routinely flouted). The situation is all the more
troubling because it receives so little publicity, outside of militant
"extremist" groups (i.e. those that are crazy enough to believe that
presidential power should be limited in accordance with the law of the
land). When a president can take almost action under the excuse that it's
a "national emergency" (when in fact there is no emergency), and he
doesn't have to answer questions till later, and most citizens are unaware
of this, we have a potentially dangerous situation. They key word here is
"potentially." Michael Froomkin seems relatively sanguine because the
potential for great harm has not been realized. I am not so easily
reassured. 

--Charles Platt






From deviant at pooh-corner.com  Sun Nov 17 14:01:00 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 17 Nov 1996 14:01:00 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.95.961117133536.1181L-100000@kinch.ark.com>
Message-ID: <Pine.LNX.3.94.961117215609.504A-100000@random.sp.org>


On Sun, 17 Nov 1996, Dave Kinchlea wrote:

> On Sun, 17 Nov 1996, The Deviant wrote:
> 
> > On Sun, 17 Nov 1996, Adam Shostack wrote:
> > > 	A longer salt would make running crack against a large
> > > password file slower.
> > 
> > While thats all well and good, it shouldn't be necisary.  If passwords are
> > shadowed, one must have root access before one can run crack against the
> > password list, at which time it is innefective.
> 
> I couldn't disagree more (not that I necessarily agree or disagree with
> Adam's approach). Sure, once you have root you don't need any other
> access, until the hole is found and closed that gave root in the first
> place. After that, that /etc/shadow file with the lousy passwords (that
> seem inevitable with folks using /etc/shadow as they get complacent
> with a false sense of security) provide the would-be cracker with a set
> of local accounts to (try to) break in again. Local accounts are
> definitely an advantage should you be looking for way to break any Unix
> variant.
> 
> The moral of the story is: ALWAYS ensure that whatever passwords you
> have on your unix system are not beatable by crack, don't rely upon
> hiding them because if you are wrong you are in it up to your neck!
> 
> cheers, kinch
> 

Oh.. you misunderstand what I'm saying... I'm not saying its unemportant
for you to have good passwords or anything like that, I'm just pointing
out that rather than replace the entire system, its more prudent to fully
install it.

I still think admins should run crack against their own lists, etc., but
that still shouldn't be a problem to a good cracker.  If you've just
gotten root on a system, you start backdooring everything, not trying to
crack the password list.

 --Deviant
Even God cannot change the past.
                -- Joseph Stalin







From John.Jackson at orci.com  Sun Nov 17 14:04:59 1996
From: John.Jackson at orci.com (John Jackson)
Date: Sun, 17 Nov 1996 14:04:59 -0800 (PST)
Subject: ALERT!  123,000 announced job cuts
Message-ID: <199611171940.MAA04675@rocky.orci.com>


         DOWNSIZED? - RIGHTSIZED? - RESTRUCTURED?
HOW CAN YOU PROTECT YOURSELF FROM THIS EVERYDAY OCCURRENCE?

--->               AT&T  =  123,000 announced job cuts
--->      GENERAL MOTORS =  122,000 announced job cuts
--->               IBM   =  400,000 announced job cuts 
--->    JOE's PRINT SHOP =  2 announced job cuts

Are you dodging the arrows of Corporate America?

Do you know someone (a family member, a friend, maybe even yourself)
who has lost a job during the past six months? Has this person secured
another job that is paying the same salary and benefits as the job
they lost?

There was once a time when people held a job for 20 to 30 years and
retired with a secure pension.  Those days are gone!  So what can the
average person do to protect him or herself financially in the
unfortunate, but all too common, event of losing a job?

Financial advisors have been telling us for years that we should
diversify our investments.  If this concept makes sense, should we not
also diversify our sources of INCOME?  Does it make sense to leave
yourself vulnerable by expecting all of your income to come from one
source?

Rexall, an international company that was founded in 1903, is
flourishing today as a very successful publicly traded company.  You
have no doubt heard of Rexall and are familiar with the more than
7,000 Rexall drug stores around the country.  In fact, more than 87%
of adult Americans today recognize the name Rexall and associate it
with trust and integrity.  Rexall's six divisions are all very
profitable and growing at staggering rates.  

So what does this have to do with you?

Rexall has developed an entrepreneurial arm of its company that helps
individuals build a substantial secondary income stream without the
hassles of ordinary business.  No huge investments, no inventory, no
employees, NO RISK.  This is not some fly-by- night operation.  This
is REXALL!  One of the most well known and respected corporate names
in America.

My partner, Todd Smith, has helped hundreds of people diversify their
income and create substantial passive income streams through the
entrepreneurial arm of the Rexall Companies.  Todd himself has earned
over one million dollars in EACH of the last three years in this
simple, no-stress, home-based business.  He knows what he is doing and
how to help point people, like you, in the right direction.  

If you would like to learn how we can help you create a financial
hedge against a possible downturn in your present employment, or
simply to develop an additional source of passive income, call me
today.  Todd has created an informational audio tape that explains our
entire business and how you can participate in it.

If you are making all the money you want, have your retirement
completely paid for, enjoy your job and can see working it until you
retire, then CONGRATULATIONS.  You are one-in-a-thousand.  On the
other hand, if you are like most Americans that are not happy with
their current financial situation, it would be worth the phone call
and some time listening to Todd's tape.  What have you got to lose? 
If you DON'T call, you have a lot to lose.

Call (303)-480-5841 right now and ask for this free tape to be rushed
to you without any obligation whatsoever.

PS:  The message on this Tape is timely, addresses the societal and
economic forces that WILL change our lives in the coming new century,
and explains precisely why entirely new methods of doing business are
necessary and are evolving.  Your thinking about money, business,
success and your own future will be challenged by this message!

                 (303) 480-5841 - 24 hours
                    ASK FOR TODD's TAPE

                   J. Jackson Associates
             Income Diversification Strategies
                  Parker, Colorado  U.S.A.






From drink at aa.net  Sun Nov 17 14:11:04 1996
From: drink at aa.net (! Drive)
Date: Sun, 17 Nov 1996 14:11:04 -0800 (PST)
Subject: Experience Microsoft Site Builder Workshop Live!
Message-ID: <3.0.32.19961117140504.0069c8cc@aa.net>


Microsoft Site Builder Workshop Live!  ( apprx 2.5 hours )

via Real Audio at  	http://ww3.audionet.com/events/microsoft/

what you need:
	The RealAudio Player
       At least a 28.8Kbps connection to the Internet 
       A screen resolution size of 800 x 600 pixels 


::
Archived On November 13th From The INFOMART In Dallas, TX






From jehill at w6bhz.calpoly.edu  Sun Nov 17 14:17:02 1996
From: jehill at w6bhz.calpoly.edu (Joshua E. Hill)
Date: Sun, 17 Nov 1996 14:17:02 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
Message-ID: <199611172214.OAA15330@hyperion.boxes.org>


I have gotten a lot of e-mail that has said basicly the same things:

	1) Don't try to redo UNIX crypt(3), S-KEY (Secure Shell, etc.)
	is better.

Well... This is most certainly the case.  And if I could force the
people in my user base to use one of these alternatives, I would.
Unfortunately, I cannot.  A fair number of the people who use the
systems that I administer log on through dumb terminals.  If I can't
successfully teach them not to hit the "Ctrl-S" key, how am I going
to teach them to do IDEA encryption in their heads?  Or MD4 hashes
for that matter?  The fact is that if I tried to use S/KEY everyone
would print out their key list for the month, and then promptly
loose it, and regenerate a new one.  Gee... Wouldn't that be secure.
I have to stay with the one password system.

	2) If your administer was worth his weight in spit, you
	would have a shadow password system, and the preexisting
	crypt(3) function would be good enough for you.

Actually, I _am_ the administrator, and I am worth my weight in 
spit.  Rather, I do use a shadow password suite.  However, as 
security professionals, you must know that it is not whether an 
attacker can break into your system, but how long it takes.  Once
there, it is not whether the attacker can gain root, it is how long
it takes (how many of the holes have been patched, and how many are
even known about).  And then to the password file. It is not whether
the attacker can crack _all_ the passwords, it is how long it takes.  
With this algorithm, I hope to increase the last of these values.

	3) The algorithm is too complex (or too simple)

The algorithm that I proposed makes use of a NMAC as a basic 
cryptographic primitive.  The security analysis of the algorithm
should follow the same lines as a hash; that is: if the basic
operator is secure, then the chaining of the operator is secure.
The NMAC is provably as secure as the key used and the underlying
hash function.

I did everything that I could to maintain simplicity throughout the
algorithm's design.  I realize that a simple algorithm is easier to
analyze and check for security.  A fair bit of the complexity is to
make it so that the algorithm is actually a NMAC. 

	4) Why don't you use FreeBSD's MD5 based crypt(8) 
	replacement?

I didn't like FreeBSD's MD5 drop in, because it lacked any
security analysis, and complexity of the algorithm prevented
any serious attempt at said analysis.  It also uses MD5, which
has not held up well to the ravages of time.  The recent
papers on easier ways to find collisions in MD5 did _not_ give
me an attack of the warm-and-fuzzies.  I would like to make use 
of an algorithm that is still thought to be secure.

			Joshua


-----------------------------Joshua E. Hill-----------------------------
|                            Thoreau's Law:                            |
|      If you see a man approaching you with the obvious intention     |
|           of doing you good, you should run for your life.           |
-------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------





From security at kinch.ark.com  Sun Nov 17 14:18:42 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Sun, 17 Nov 1996 14:18:42 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117215609.504A-100000@random.sp.org>
Message-ID: <Pine.LNX.3.95.961117141640.1181M-100000@kinch.ark.com>


On Sun, 17 Nov 1996, The Deviant wrote:
> 
> Oh.. you misunderstand what I'm saying... I'm not saying its unemportant
> for you to have good passwords or anything like that, I'm just pointing
> out that rather than replace the entire system, its more prudent to fully
> install it.
> 
> I still think admins should run crack against their own lists, etc., but
> that still shouldn't be a problem to a good cracker.  If you've just
> gotten root on a system, you start backdooring everything, not trying to
> crack the password list.

Well, this certainly *IS* a different statement than I read from you
before. I don't find anything to disagree with here. Though, if your
passwords can't be cracked, what is the need for shadow passwords? It
simply introduces more variables and offers no more security.

cheers






From deviant at pooh-corner.com  Sun Nov 17 14:23:35 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 17 Nov 1996 14:23:35 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.95.961117141640.1181M-100000@kinch.ark.com>
Message-ID: <Pine.LNX.3.94.961117222029.564A-100000@random.sp.org>


On Sun, 17 Nov 1996, Dave Kinchlea wrote:

> On Sun, 17 Nov 1996, The Deviant wrote:
> > 
> > Oh.. you misunderstand what I'm saying... I'm not saying its unemportant
> > for you to have good passwords or anything like that, I'm just pointing
> > out that rather than replace the entire system, its more prudent to fully
> > install it.
> > 
> > I still think admins should run crack against their own lists, etc., but
> > that still shouldn't be a problem to a good cracker.  If you've just
> > gotten root on a system, you start backdooring everything, not trying to
> > crack the password list.
> 
> Well, this certainly *IS* a different statement than I read from you
> before. I don't find anything to disagree with here. Though, if your
> passwords can't be cracked, what is the need for shadow passwords? It
> simply introduces more variables and offers no more security.

While thats all well and good, its also easier said than done.  A creative
cracker can beat a lot of password filter routines.  As somebody said to
me earlier, belt _and_ suspenders works best. ;)

 --Deviant
Blood flows down one leg and up the other.







From aba at dcs.ex.ac.uk  Sun Nov 17 14:51:35 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Sun, 17 Nov 1996 14:51:35 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <Pine.SUN.3.91.961117133019.11544A-100000@tipper.oit.unc.edu>
Message-ID: <199611171837.SAA00457@server.test.net>



Simon Spero <ses at tipper.oit.unc.edu> writes:
> On Fri, 15 Nov 1996, Rich Graves wrote:
> 
> > Peter Hendrickson wrote:
> > > 
> > > 
> > > There are times when one wishes to speak anonymously, yet speak
> > > as a member of a group.
> > 
> > You either need to trust a shared server to know and then blind your 
> > identity, or trust the people with whom you share a secret key not to 
> > give that key to non-group members.
> 
> Why not use  blinding for obtaining the certificate? 
> 
> Create a number up public/private key pairs, blind them, then do the
> cut-and-choose thing with the security officer. He signs the blinded key,
> then returns it. Unblind the remaining pubic key, and you've got a public
> key with the appropriate signature on it. 

Reasonable, except that it's linkable.  You may not want it to be
linkable, because the more messages signed with the key, the greater
the chance that speech paterns give away the speaker.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From security at kinch.ark.com  Sun Nov 17 14:52:58 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Sun, 17 Nov 1996 14:52:58 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117222029.564A-100000@random.sp.org>
Message-ID: <Pine.LNX.3.95.961117145015.1181N-100000@kinch.ark.com>


On Sun, 17 Nov 1996, The Deviant wrote:
> > 
> > Well, this certainly *IS* a different statement than I read from you
> > before. I don't find anything to disagree with here. Though, if your
> > passwords can't be cracked, what is the need for shadow passwords? It
> > simply introduces more variables and offers no more security.
> 
> While thats all well and good, its also easier said than done.  A creative
> cracker can beat a lot of password filter routines.  As somebody said to
> me earlier, belt _and_ suspenders works best. ;)

Agreed, for a large number of users (say >1,000) it is quite difficult
for one thing, running crack can be too time consuming to be feasible. 
For a small number of users (many of the LANs I administer have less
than 30 users), however, it is not at all difficult. It helps, of
course, if you can trust your local users --- possible when there are
only a few and you know them all, impossible when there are many and
they are faceless. 

The less work I have to do to keep the systems/network secure, the more
time I can make available for *real* work on those system. Few sites can
afford a full-time security person, that is the reality that I live in
anyway. 

cheers, kinch







From dlv at bwalk.dm.com  Sun Nov 17 15:00:55 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 15:00:55 -0800 (PST)
Subject: More lies from Timmy [fart] May
In-Reply-To: <v03007800aeb405c5abe0@[207.167.93.63]>
Message-ID: <gF4JXD36w165w@bwalk.dm.com>


Timmy May <tcmay at got.net> farts:
> Fact is, I now have more people in my Eudora filter file that at any time
> in the four years this list has existed. Also a fact, there are more people

I don't believe Timmy.

> on this list that at any time in history (despite what some of the New Wave
> journalists are writing about "the death of the Cypherpunks list").

This censored forum has no credibility, irrespective of the number of
subscribers.

> I suspect John Gilmore made a tactical error in kicking Vulis off the list,

Timmy tacitly admits that he lied when he claimed that no one had kicked me
off the list.

> has never imposed restrictions on topic, membership, etc. This one case
> involving Vulis was well-described by John: he asked Vulis to stop sending
> 50K byte rants about the Armenians and Turks to the list--consider that
> 50KB x 1500 destinations = 75 MB of outgoing traffic, modulo corrections
> for aliases, compression, etc.

If that's how John Gilmore described it, then he's lying again. He never said
anything to me about the size of my messages, only about their contents.

Moreover if John Gilmore had a problem with the size of articles being sent
to his private mailing list, he would have configured majordomo not to
broadcast submissions above a certain size, the way most majordomo mailing
lists are configured.

John Gilmore is clearly a liar.

> Yes, this message is itself likely to trigger at least a couple of "More
> lies from Timmy [fart] May" spews from Vulis, and a couple of incoherent

Of course Timmy May and John Gilmore would rather lie and not be called liars.

> rants from newcomers Stathis and Aga. I've been saying little on this
> issue, compared to dozens of Vulis rants every day (ironic that he calls
> _me_ the main ranter!)

This from the asshole who rants about "don't hire" lists, "crazy Russians",
and mormons...

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sun Nov 17 15:02:37 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 15:02:37 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <199611162345.RAA02111@manifold.algebra.com>
Message-ID: <wk2JXD35w165w@bwalk.dm.com>


ichudov at algebra.com (Igor "FUCK MNE HARDER" Chudov @ home) writes:
> Dr.Dimitri Vulis KOTM wrote:
> > > >  3) Company pay shareholders and costs, $30 is left
> > >
> > > Again, no.  Shareholders come AFTER payroll and costs.
> >
> > Dividends are NOT tax-deductible in the U.S. On the other hand, interest is
> > Therefore it's sometimes more profitable for a company to raise money by
> > issuing bonds (debt) and paying tax-deducuble interest than by selling its
> > stock (equity) and paying non-decuctible dividentds to stockholders.
>
> This statement is very questionable. Various classes of shareholders
> (such as pension funds and IRA account holders, among others) pay no
> taxes on dividends. Corporations pay taxes only from about 30% of
> dividend income that they receive.

Igor, you begin to sound like an American - i.e., even more stupid than the
50%sovok that you are.

I never said anything about the taxes paid by the dividend _recepients.

> There is, in fact, a neat theorem that says that (*_under certain
> assumptions_*) the value of a firm does not depend on its capital
> structure.

Igor, you begin to sound just like Timmy May - talking about things you know
nothing about. Yes, there's a famous theorem by Franco Modigliani and Merton
Miller, the Nobel prize winners which says that ABSENT TAXES, the value of the
firm doesn't depend on its debt-to-equity ratio. M&M also show that under U.S.
tax laws the best capital structure is 100% debt (again, ignoring other
available deductions, such as depreciation, and increased risk and cost of
borrowing as the debt increases).

"The value of the levered firm is the value of the levered firm plus the
interest tax shield (the amount of debt times the tax rate)."

Companies would borrow less (and people would take out mortgages on their
residences less) if the interest payments weren't tax-deductible.

> > > >  5) I pay 40% in taxes, so $18 left
> > >
> > > I'm afraid you are conflating the MARGINAL rate (and when you consider
> > > federal, state and local taxes varies by state) with the AVERAGE rate.
> > > Here in FL. for example there is no state or local income tax.  With tax
> > > sheltering, mortgage deductions etc. no one pays 40% -- the middle class
> > > pay a lower average rate, the upper class pay a much lower average rate.
> >
> > That varies with the locale - here I pay the federal income tax plus the Ne
> > York State income tax plus the New York City income tax. I once had a job o
> > from IBM at $79K/year in Boca Raton (which I eventually didn't take anyway)
> > it's a ridiculous salary in NYC, but a decent one in Florida.
>
> You forget about alligators.

And sharks.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From nobody at cypherpunks.ca  Sun Nov 17 15:35:20 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 17 Nov 1996 15:35:20 -0800 (PST)
Subject: San Jose Mercury News declares encryption battle over
Message-ID: <199611172320.PAA27704@abraham.cs.berkeley.edu>


Dale how long have you been awake? Take a gander at Wei Dei's Crypto++, Peter Gutman's cryptlib, 
and the half dozen other public domain multi algo source libs available at your finger tips.

Anyone with a compiler on just about any platform has access to implementations of blowfish,
idea, des, gost, the gamut.

So Dale, get coding.

diGriz






From jehill at w6bhz.calpoly.edu  Sun Nov 17 16:02:10 1996
From: jehill at w6bhz.calpoly.edu (Joshua E. Hill)
Date: Sun, 17 Nov 1996 16:02:10 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <Pine.LNX.3.94.961117232804.812A-100000@random.sp.org>
Message-ID: <199611180000.QAA15865@hyperion.boxes.org>


> This is backwards logic; when security begins to hender in the
> functionality of the system, the security needs to be gotten rid of.
hmmm... Now that _completely_ depends on the system.  Now for the system
I administer, the level of security really isn't _that_ high (on the
grand scale of things).  It is, however, high enough that I inconvenience
the users with a pro-active password guesser, and passwords that expire
occasionally.  I suppose that this is a _minor_ inconvenience, but it
raises the level of security a very large amount.  On a less mundane
system (one run by the government, say), security is only _slightly_
less important than being able to use the system in the first place. :)
On this type of system almost any inconvenience is worth the cost.

> > You have previously said that the passwd file should not be available 
> > for public consumption.  Though this is certainly true, it does not
> > hurt that even if the passwd file is available, nothing particularly 
> > useful can be done with it.
> Hince you use pseudorandom password generators and crack.  If you count on
> somebody not being able to preform an opperation quickly, they'll usually
> prove you wrong.

whoa... didn't you just say:
> when security begins to hender in the
> functionality of the system, the security needs to be gotten rid of.
I think that psedu-random password generators would almost certainly
"hinder in the functionality of the system"...  :-)

I want to make it so that users can use passwords > 8 characters, and I 
want to use something a bit better than FreeBSD's solution.  Whether or 
not this is necessarily the One True Way (TM) to security, it will increase
security.  I'm not saying "Hey everyone.  Here is a spiffy new password
system that will make your entire system completely secure!"  I'm saying
"Could everyone please look at this algorithm that I'm thinking of using.
Could you please comment on it, so that I can make it better."  That's it.
All questions on whether or not passwords should shadowed, crackable,
not crackable, or consisting only of the letter "e", aside.  Is this
algorithm secure, and if not, why not.

				Joshua

>  --Deviant
> The Macintosh is Xerox technology at its best.
I very much like your signature... very nice... 

-----------------------------Joshua E. Hill-----------------------------
|                             Allen's Law:                             |
|           Almost anything is easier to get into than out of.         |
-------jehill@<gauss.elee|galaxy.csc|w6bhz|tuba.aix>.calpoly.edu--------





From rcgraves at ix.netcom.com  Sun Nov 17 16:02:16 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Sun, 17 Nov 1996 16:02:16 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v02140b05aeb518d83c92@[192.0.2.1]>
Message-ID: <328FA7FD.6B69@ix.netcom.com>


Peter Hendrickson wrote:
> 
> At 1:39 PM 11/17/1996, Simon Spero wrote:
> >
> > Why not use  blinding for obtaining the certificate?
> 
> > Create a number up public/private key pairs, blind them, then do the
> > cut-and-choose thing with the security officer. He signs the blinded 
> > key, then returns it. Unblind the remaining pubic key, and you've 
> > got a public key with the appropriate signature on it.
> 
> Okay, this would work.  But, it requires that all (or at least many) 
> of the Members of Parliament cooperate.  If not, then the security 
> officer will be able to make very good guesses about who is speaking.
> 
> Parliamentarians may not cooperate for a variety of reasons.  They may
> not wish to be attacked by terrorists for the words of others.  They
> may believe that cowardice is not to be encouraged.  They may not x
> officer will in anonymity.  It might be too hard for them.

Moreover, parliamentarians from different sides of the aisle usually
have different points of view, and an interest in "outing" each other.
A parliament where everyone had the same point of view would be
uninteresting for this problem -- your friendly local terrorist would
just blow up the whole building.

A practical example of this kind of thing is the situation of judges
in Colombia.

-rich





From deviant at pooh-corner.com  Sun Nov 17 16:11:57 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 17 Nov 1996 16:11:57 -0800 (PST)
Subject: RFC: A UNIX crypt(3) replacement
In-Reply-To: <199611180000.QAA15865@hyperion.boxes.org>
Message-ID: <Pine.LNX.3.94.961118000726.870A-100000@random.sp.org>


On Sun, 17 Nov 1996, Joshua E. Hill wrote:

> > This is backwards logic; when security begins to hender in the
> > functionality of the system, the security needs to be gotten rid of.
> hmmm... Now that _completely_ depends on the system.  Now for the system
> I administer, the level of security really isn't _that_ high (on the
> grand scale of things).  It is, however, high enough that I inconvenience
> the users with a pro-active password guesser, and passwords that expire
> occasionally.  I suppose that this is a _minor_ inconvenience, but it
> raises the level of security a very large amount.  On a less mundane
> system (one run by the government, say), security is only _slightly_
> less important than being able to use the system in the first place. :)
> On this type of system almost any inconvenience is worth the cost.
> 
> > > You have previously said that the passwd file should not be available 
> > > for public consumption.  Though this is certainly true, it does not
> > > hurt that even if the passwd file is available, nothing particularly 
> > > useful can be done with it.
> > Hince you use pseudorandom password generators and crack.  If you count on
> > somebody not being able to preform an opperation quickly, they'll usually
> > prove you wrong.
> 
> whoa... didn't you just say:
> > when security begins to hender in the
> > functionality of the system, the security needs to be gotten rid of.
> I think that psedu-random password generators would almost certainly
> "hinder in the functionality of the system"...  :-)
>

Sorry, we place different values on "hinder"... when I say hinder, I mean
get in the way.  Last I checked, a faster machine gets more work done.
Sure, technicly having a password at all hinders usage of the system, but
there is still such thing as necisary evil.  I think trying to develop a
password routine that is deliberatly ineffecient is a Bad Thing though.

> 
> I want to make it so that users can use passwords > 8 characters, and I 

That I can agree with.

> want to use something a bit better than FreeBSD's solution.  Whether or 
> not this is necessarily the One True Way (TM) to security, it will increase
> security.  I'm not saying "Hey everyone.  Here is a spiffy new password
> system that will make your entire system completely secure!"  I'm saying
> "Could everyone please look at this algorithm that I'm thinking of using.
> Could you please comment on it, so that I can make it better."  That's it.
> All questions on whether or not passwords should shadowed, crackable,
> not crackable, or consisting only of the letter "e", aside.  Is this
> algorithm secure, and if not, why not.

Ok, I see your point; I still think its not worth the effort.

> 				Joshua

 --Deviant
Horse racing *is* a stable business ...







From frantz at netcom.com  Sun Nov 17 16:18:31 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 17 Nov 1996 16:18:31 -0800 (PST)
Subject: HP announcing some International Cryptography stuff on Monday
Message-ID: <199611180018.QAA10957@netcom6.netcom.com>


At 12:49 PM 11/15/96 -0800, Timothy C. May wrote:
>It sounds ominous to me. Another backroom deal, probably for some form of
>key recovery strategy, aka GAK.

I'd bet GAK too.  RSADSI has been working on GAK protocols, so these ones
might actually work.  I feel as pessimistic about this one as Lucky usually
is.

At 12:05 PM 11/15/96 -0800, John Gilmore wrote:
>Are they the next Big Company to knuckle under to the Feds?  Their
>pcmcia-with-local-country-surveillance-chip-socket initiative never
>seemed to go anywhere.

Since I am inherently optimistic, one ray of light may be that the San Jose
Mercury News was mentioning the ability to export the system, and then when
the necessary licenses (US and foreign) were obtained, turn on the
encryption.  I guess from this that the encryption is in hardware.  Now,
software/hardware interfaces are usually fairly simple, so what we have
here is a software system with a crypto hook.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From frantz at netcom.com  Sun Nov 17 16:18:36 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 17 Nov 1996 16:18:36 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <199611180018.QAA10981@netcom6.netcom.com>


At 12:24 AM 11/16/96 -0600, Igor Chudov @ home wrote:
>Bill Frantz wrote:
>> Protection against strangers walking up to your machine and using it is
>> nice, and easy to do.  Protection against viruses which install Trojan
>> horses in your system would also be nice, but is very hard to do in systems
>> where programs run with all the privileges of their users.  Examples
>> include (in alpha order): DOS, MacOS, Unix, and Windows (including NT).
>
>I wonder what are the operating systems where programs may be run with
>_less_ privileges than the user who starts them? Is VMS one of such 
>systems?

Ah, you touch on 20+ years of my professional life.  KeyKOS is such a
system as is EROS, a similar system being developed at University of
Pennsylvania.  See:

http://www.cis.upenn.edu:80/~eros/
http://www.cis.upenn.edu/~KeyKOS/
http://www.agorics.com/agorics/allkey.html - For KeyKOS documentation.

In general these systems provide an execution environment where programs
only have access to the resources they need.  Think of it as a Unix chroot
jail which is specifically designed for each program.  Then add controlled
communication links back to the user's terminal and you get the idea. 
Unless a program has a need to write the system file, it won't have the
privilege, even if it's user does have the privilege.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From frantz at netcom.com  Sun Nov 17 16:18:55 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 17 Nov 1996 16:18:55 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <199611180018.QAA11009@netcom6.netcom.com>


At 12:51 PM 11/16/96 -0800, John Fricker wrote:
>In WinNT a program may impersonate a user such as Guest. Also, trojan horses
>are ineffective in NT as typical users do not have write permission to system
>binaries. 

I assume that administrators only run programs from trusted libraries and
do not include their current directory in their path.  They never run
programs that aren't directly related to systems administration etc. etc.
etc.  The typical Trojan horest sits around until someone with the proper
authority runs it.

That is not the way NT is used at one large commercial operation I am
somewhat familar with.  (I'm being obscure to protect the guilty.)  I think
there are very few NT (or Unix) systems which are administrated with a safe
level of paranoia.  I would like to see more compartmentalization in the
system.

(Note that even if it only runs with a user's privileges, a Trojan horse
will have no problem stealing e.g. that user's PGP secret key ring.  Not
everything of value is in system files.  Question, can a user-level Trojan
horse insert itself as a keyboard monitor and get the PGP pass phrase as
well?)


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From twilley at juno.com  Sun Nov 17 16:34:55 1996
From: twilley at juno.com (David Weintraub)
Date: Sun, 17 Nov 1996 16:34:55 -0800 (PST)
Subject: Off the subjects.
Message-ID: <19961117.193051.3502.1.Twilley@juno.com>


Hi all,

     I am anxious to find an E-mail list forum dealing
with financial matters.  Possibly, there exists a forum to find a forum.

     Here in New Jersey there are rumors running about; that 401K's, and
other corporation contribution plans are corporate assets: both their
contribution, and the monies deducted from your
pay, as well as, any other contributions you may
have made.

     In the event of reorganization, in any form, including bankruptcy,
these monies are available for 
redistribution to creditors.  Meaning, not us.

     If true, it's a bit frightening; all and all.

			Thanks,
			Twilley.





From dlv at bwalk.dm.com  Sun Nov 17 16:40:22 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 16:40:22 -0800 (PST)
Subject: Unsubscriving Briefly
In-Reply-To: <199611171754.JAA21558@netcom17.netcom.com>
Message-ID: <Z8akXD2w165w@bwalk.dm.com>


mpd at netcom.com (Mike Duvos) writes:

> I'm unsubscriving from the list for a few days (weeks?) until the
> noise level drops down a bit.  I'll check it periodically on the Web
> and I'm pretty sure that if something happens that shakes the world
> of cryptography to its very foundations, someone will probably send
> me some email about it.
>
> Please continue to party while I am away.

I'm not saying good riddance because Mike was one of the few remaining
people on this mailing lists who actually had brains. Too bad.

Of course, it's all John Gilmore's and Timmy May's fault.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From bdavis at thepoint.net  Sun Nov 17 16:56:31 1996
From: bdavis at thepoint.net (Brian Davis)
Date: Sun, 17 Nov 1996 16:56:31 -0800 (PST)
Subject: Fuck You Dumb Cunt
In-Reply-To: <Pine.LNX.3.95.961117073649.25183D-100000@dhp.com>
Message-ID: <Pine.BSF.3.91.961117194008.12616I-100000@mercury.thepoint.net>


On Sun, 17 Nov 1996, aga wrote:

> On Sat, 16 Nov 1996, Sandy Sandfort wrote:
> 
> > Date: Sat, 16 Nov 1996 08:37:14 -0800 (PST)
> > From: Sandy Sandfort <sandfort at crl.com>
> > To: aga <aga at dhp.com>
> > Cc: Cypherpunks <cypherpunks at toad.com>
> > Subject: Re: Does John Gilmore...
> > 
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >                           SANDY SANDFORT
> >  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> > 
> > C'punks,
> > 
> > On Sat, 16 Nov 1996, aga wrote:
> > 
> > > The cyberpunks mailing list is PUBLIC property and should NOT
> > > be controlled by John Gilmore!  This just goes to show the real
> > > facist censorship motives that the EFF has behind it.
> > 
> > I have a suggestion for "Aga" and others who believe this sort of
> > nonsense.  Please do us all a favor and try to sue John.  I'm sure 
> > that among all jack-leg and wannabe lawyers on this list that they
> > can come up with a viable cause of action.  And John has deep 
> > pockets; you could (literally) make out like bandits AND rescue 
> > "freedom of speech" on privately maintained mailing lists.  You 
> > could be heroes (or look ten times as foolish as you already do).
> > 
> > 
> >  S a n d y
> > 
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 
> 
> fuck you dumb cunt.  I told you to leave that list off of your
> fucking headers -- you just do not listen, do you?

So this great defender of free speech seeks to silence it?  Why not just 
let listmembers use filters?  Those who disapprove of John 
Gilmore's action argue that he should have done that, although you seem 
to believe that the argument doesn't apply when someone fouls your nest. 
John's action wasjustified in my view, although I believe courtesy 
should have caused him to notify Vulis that he was out ... and for all 
the heat he has taken, John should've prevented him from posting to the list.

Regardless of what good he may have done in the past, Vulis was (and is) 
engaged in an enormously egotistical disply of bad manners and off-topic 
posting.  Having just installed Eudora Pro 3.0, I know that I can easily 
filter him out, but have hesitated to use filters in the past.  Vulis may 
be the one to push me over the edge.

I'm especially sorry that some of you don't believe in property rights.  
Some have argued that the list is now a public forum -- apparently 
primarily because a lot of people are listmembers.  This confiscation of 
private property would, I thought, be inimical to the cypherpunks general 
philosophy (to the extent one exists).  I'm sure Louis Freeh will be 
pleased to know that you believe in such confiscation.  With email 
being used by so many people and because it traverses some publicly owned 
sites, you certainly cannot argue that it is not a public forum -- if 
cypherpunks is.  So GAK should be OK, because it is simply an attempt to 
broaden the audience for speech, right?  And, in any event, the 
government could choose to ignore property rights and confiscate the 
speech, as you seek to do with John's privately owned list.

Just because you don't get your way, doesn't mean that what happened was 
illegal or even wrong.  Your authoritarian views would do Stalin proud.

EBD
 
> Anybody that supports John Gilmore is an asshole bitch or cocksucker
> one of the two.

Beautiful use of language.

> 
> out.
> 
> -a
> 
> 





From unicorn at schloss.li  Sun Nov 17 17:04:36 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 17 Nov 1996 17:04:36 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <199611171612.IAA01572@mailmasher.com>
Message-ID: <Pine.SUN.3.94.961117195852.13668A-100000@polaris>


On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:

> Date: Sun, 17 Nov 1996 08:12:12 -0800
> From: Huge Cajones Remailer <nobody at huge.cajones.com>
> To: cypherpunks at toad.com
> Subject: Re: The Utility of Privacy
> 
> 
> At 4:11 AM 11/17/1996, Black Unicorn wrote:
> >On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:
> >
> >> Date: Sat, 16 Nov 1996 18:22:33 -0800
> >> From: Huge Cajones Remailer <nobody at huge.cajones.com>
> >> To: cypherpunks at toad.com
> >> Subject: The Utility of Privacy
> >> 
> >> 
> >> Privacy is a hassle.  Is it worth it?
> >> 
> >> Which unfortunate situations does privacy prevent?  What are the odds
> >> that they will occur?  How much effort will it take to prevent these
> >> outcomes?  As a model, use the present and future situation of a
> >> typical reader of this list.
> >
> >Insurance is a hassle.  Is it worth it?
> >
> >Which unfortunate situations does insurance prevent?  What are the odds
> >that they will occur?  How much effort will it take to prevent these
> >outcomes?  As a model, use the present and future situation of a
> >typical reader of this list.
> 
> I know many people who were happy they had insurance due to car
> accidents, health problems, or whatever.  What is more, the odds of
> these events are carefully calculated and available.  Call an actuary.
> 
> Are there similar sources of information calculating privacy risk?  I
> don't think so.

Ah, so let's ignore the risks, on the grounds that we have no idea what
they might be, or their magnitude.  That's clever.  I like that.

> Informally, I don't know anybody who has suffered due to a loss of
> privacy.

Your circle of associations must be limited.
 
> It may be the case that it is politically beneficial to have a society
> of privacy fanatics.  But, this is different from the direct benefit
> to each participant.

Agreed, but since you do not quantify the magnitude of either of these,
even in terms of speculation, I'm not sure what your point is.

> My question remains unanswered, probably because privacy isn't worth
> the effort.

And no one can answer that question but you.  Privacy is a personal
decision.  I'm sure there are many out there who will suffer no harm even
if their SSN is published in the Wall Street Journal.

Why, however, fail to take out insurance when the cost is so low?  Really
it doesn't take much in the way of effort or money to assure one's
privacy.  (Hint: It's getting cheaper every day in some ways).

Answer: Nearly all of the cost of privacy is concentrated in set up cost.
Maintaince costs are minimal once set up has been made.  Yet getting over
that first hurdle is the biggest leap.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Sun Nov 17 17:05:54 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 17 Nov 1996 17:05:54 -0800 (PST)
Subject: Does John Gilmore...
In-Reply-To: <199611172116.NAA04343@kachina.jetcafe.org>
Message-ID: <Pine.SUN.3.94.961117200415.13668B-100000@polaris>


On Sun, 17 Nov 1996, Dave Hayes wrote:

> Date: Sun, 17 Nov 1996 13:16:14 -0800
> From: Dave Hayes <dave at kachina.jetcafe.org>
> To: Black Unicorn <unicorn at schloss.li>
> Cc: freedom-knights at jetcafe.org, cypherpunks at toad.com
> Subject: Re: Does John Gilmore... 
> 
> > The free market will ever be the only real path to free speech, because,
> > in essence, it is free speech.
> > Free speech does not, however, require that all speech be universally
> > broadcast to each and every citizen on the planet free of charge.  That's
> > "subsidized speech."
> 
> Given that the free market rule is "he who has the money makes the
> rules", please explain how anything less than "subsidized speech" (as
> you put it) is anything close to free speech?
> 
> [For those who's assumptions rule their perception: I am *not* arguing
> that all speech should be subsidized. I am merely pointing out that
> the organization that is spending the money to broadcast is
> controlling the speech, hence it is *not* free speech in terms of
> freedom or cost.]


Again, you confuse free speech with free broadcast.


> ------
> Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
>                 If you want to get rid of somebody, 
>             just tell them something for their own good.
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From janke at unixg.ubc.ca  Sun Nov 17 17:36:18 1996
From: janke at unixg.ubc.ca (janke at unixg.ubc.ca)
Date: Sun, 17 Nov 1996 17:36:18 -0800 (PST)
Subject: DSA over Elliptic Curves
Message-ID: <199611180136.RAA00729@clouds.heaven.org>



Has anyone implemented this yet? I am going to and was wondering
what good sizes for q (the prime corresponding to the
160 bit prime in DSA) and p (the prime corresponding to the 
512-1024 bit prime in DSA) would be?

Leonard






From minow at apple.com  Sun Nov 17 17:38:46 1996
From: minow at apple.com (Martin Minow)
Date: Sun, 17 Nov 1996 17:38:46 -0800 (PST)
Subject: Computer CPU chips with built-in crypto?
In-Reply-To: <199611172105.NAA04230@crypt.hfinney.com>
Message-ID: <v03007803aeb55bc5644c@[17.219.103.245]>


Hal Finney writes:

>Another possible application for the built in encryption is software
>piracy protection.  ...  In these days of razor thin profit
>margins in the PC business it is hard to see how this will sell.
>

Let me offer a possible scenario: we're entering an era when
there is much more chip real-estate than "consumer-grade" PC's
can use. Adding an encryption engine to the instruction stream
could be as simple as adding a series of barrel shifters between
(or inside) the processor cache and the instruction decoder.
(Imagine blowfish or DES -- or something as simple as RC4).

If encryption is turned off, the chip would be bug-for-bug
compatible with the existing PC. The vendor would put the
chip into the ordinary production cycle and, in two to
three years, it would be on the target audience's desktops.
(Remember, it would run existing and new, non-encrypted,
software without change.)

Encryption would be turned on on a module-by-module basis by
operating system "loader" code that would detect a "key required"
cookie in the executable file (or the Open Doc file, or
the Java class file). Before starting the module, the
o.s. loader would lookup the cookie and load the decryption
key into the chip. The customer would purchase a key by
giving a magic number from the software and a magic number
(processor serial number) to the vendor. This could be
done automatically over the network.

Now, a software vendor could provide the latest software for
free from a public FTP site, and could offer a variety of
decryption keys (30 day free trial, one-time-use micropayment,
etc.) at a variety of prices. This could also be integrated
into multiple site-license managers such as KeyServer.
As with KeyServer, key management could be done "invisibly"
over the Internet.

Note that the chip does not offer end users any encryption
or decryption capabilities -- the decrypted instruction
stream cannot be directly examined by end users. On the
other hand, if the encryption key generator was available
to "anybody," it would be trivial to construct secret
messages by generating programs that, when run, constructed
the desired message. For that reason, I suspect that
keys will be limited to a length that "national interests"
are comfortable with.

Martin Minow
minow at apple.com














From hal at rain.org  Sun Nov 17 17:40:29 1996
From: hal at rain.org (Hal Finney)
Date: Sun, 17 Nov 1996 17:40:29 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <199611180140.RAA04560@crypt.hfinney.com>


From: ph at netcom.com (Peter Hendrickson)
> At 1:39 PM 11/17/1996, Simon Spero wrote:
> > Create a number up public/private key pairs, blind them, then do the
> > cut-and-choose thing with the security officer. He signs the blinded key,
> > then returns it. Unblind the remaining pubic key, and you've got a public
> > key with the appropriate signature on it.
>
> Okay, this would work.  But, it requires that all (or at least many) of the
> Members of Parliament cooperate.  If not, then the security officer will
> be able to make very good guesses about who is speaking.
>
> Parliamentarians may not cooperate for a variety of reasons.  They may
> not wish to be attacked by terrorists for the words of others.  They
> may believe that cowardice is not to be encouraged.  They may not believe
> in anonymity.  It might be too hard for them.
>
> What I would like to see is a method which relies only on published
> public keys and no other cooperation from the people who are (more
> or less) being used as shields.  This may be impossible.

The 4th method of Chaum's, from Eurocrypt 91, somewhat satisfies this,
as does a method from the Eurocrypt 94 paper.  Each person can choose
his own public key g**x for a discrete log system.  However, the problem
is that all members of the group have to choose the same prime p as the
modulus, and generator g, for their discrete logs.

The issue of using a common modulus in discrete log systems has been
somewhat controversial.  I think when the government first proposed DSS
they planned to do something like this, one modulus with everyone having
different secret x values with corresponding public keys y = g**x mod p.
This has the advantage that public keys are smaller since everyone uses
the same g and p.  So all you need is one value for your public key.
Without this you have to have g, y, and p be your public key so it is
3 times bigger.

The problem is that the way the main discrete log algorithms work,
once you have broken one discrete log for a certain g and p you can break
all the others very easily.  So the particular g,p pair which is chosen
for everyone to share becomes one very big, fat target to try to apply
discrete log algorithms.

Now this is not necessarily as bad as it seems.  Unlike the case with RSA,
there is no secret information which could be leaked to make solving these
discrete logs easier.  Nobody knows how to do it.  So the only way it can
be done is by a massive operation roughly similar to factoring an RSA
modulus the size of p.  Choosing p of 1000 or 2000 bits should still make
it effectively impossible for anyone to do this.  The numbers are simply
far too large.

Still the consensus of opinion with discrete logs is that the advantages
of slightly smaller keys have not been great enough to justify the risk
involved in having eveyone share a modulus, even though that risk is
seemingly insignificant.  On the other hand maybe for cases like this
the additional advantages to common moduli would be enough to tilt the
argument in the other direction.

Hal





From dlv at bwalk.dm.com  Sun Nov 17 17:50:23 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 17 Nov 1996 17:50:23 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <199611172111.NAA04310@kachina.jetcafe.org>
Message-ID: <0JFkXD6w165w@bwalk.dm.com>


Dave Hayes <dave at kachina.jetcafe.org> writes:
>
> > #From Phrack 49, file p49-09 published this month:
> ...
> >                                  File 09 of 16
> >                           by Dr.Dimitri Vulis (KOTM)
> >                A Content-Blind Cancelbot for Usenet (CBCB)
> ...
> > And what follows, is Dr. Dimitri, defender of freedom of expression,
> > champion of the anti-censors on the net, posting code to the world to
> > engage in exactly those activities that everyone has been ranting about
> > as being so utterly "horrifying (forged cancellations etc)" as it
> > were.

No. Forging cancels is as a harmless prank. Deleting Usenet articles from
news spool based on cancels is a sign of a badly misconfigured server, and
a newasadmin not doing his job.

> You call yourself on cypherpunks, and you blithely assume that a
> Phrack author actually signs his real name?
>
> Either I thought you guys were *real* hackers and you aren't, or
> this is a very funny troll.

Definitely, the plug-pulling assholes on cypherpunks mailing list don't
qualify as hackers. They can't even write code!

Blah blah blah security through obscurity blah blah blah only the Usenet
Cabal has cancelbots blah blah blah only Usenet Cabal knows how to forge
cancels blah blah blah netwide acceptance of unauthenticated cancels is
crucial to fighting spam blah blah blah. See Tim Skirvin's Cancel FAQ.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jmr at shopmiami.com  Sun Nov 17 17:56:02 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Sun, 17 Nov 1996 17:56:02 -0800 (PST)
Subject: Political influence [was: Re: A Disservice to Mr. Bell]
Message-ID: <199611180155.UAA25194@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Mon Nov 18 20:54:31 1996
> 
> ....The only mainstream party to have been in
> any measure influenced by libertarian ideas is the Republicans

...

I suppose that's why Clinton called himself a "libertarian" when it comes to 
gay rights. (Calling yourself something and actually *being* that something 
are, of course, different things.)

Phill, you need to listen more and talk less about libertarian politics, I 
first heard about various wild-sounding now "mainstream" ideas when talking 
with Libertarians. These ideas are now promoted by members of both parties, 
especially during the election campaign season. For one thing, we were 
probably the first party to have a policy against government restrictions on 
the peaceful use of cryptography.
JMR


Regards, Jim Ray

Please note new 2000bit PGPkey & new address <jmr at shopmiami.com>
This key will be valid through election day 2000.
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71
DNRC Minister of Encryption Advocacy
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMpETWzUhsGSn1j2pAQGYQgfMCQSQsEEjekyjOaQTptq3ZGmh4eTbPwdT
Ow6LGMOzNTBaONJlypERAm7S00NAf9/ri6liFL2xR/A51t47PPIg48WO4xYHbB2S
UefMasDZ2q+jT1s9ukUgHL1EgXCJVggAsaN1mSphYlNgVrRoT0zga59MB3ynFVsH
hM4NVJEPCv8waE9WohSLUm6Mp2fvA1zLtGmHdf6fR/R38Yw5aVOTA3ha/hV/zPmH
MQIsN+WV16f4KXAL/0V56y1mnuPJ0TumUJwJNc/lNxhiSdlI9t5l3ywe7Aw1D1xo
TQO4ARkBSN8+/C/g6R9wfEZ+YoAN42NzNpdcATmCgXhwYg==
=hhPT
-----END PGP SIGNATURE-----






From cbarnett at eciad.bc.ca  Sun Nov 17 17:58:57 1996
From: cbarnett at eciad.bc.ca (Clint Barnett)
Date: Sun, 17 Nov 1996 17:58:57 -0800 (PST)
Subject: Why is cryptoanarchy irreversible?
In-Reply-To: <199611120841.AAA16334@infomatch.com>
Message-ID: <Pine.SGI.3.91.961117175306.2712G-100000@oswald>



or possibly a tube of epoxy to keep the cards together permanently, a few 
armed friends/sycophants to keep watch on the house of cards, perhaps a 
few mentally unbalanced people to kidnap or assasinate Person B's friends 
and family, some Marketing and PR men to drum up public support for the 
existance of the house of cards and make people think that it's good and 
deserves to be there, and on and on and on...

couldn't we all just get along?

clint barnett
lord of the cosmos
emily carr institute

On Tue, 12 Nov 1996, Murray Hayes wrote:

> On Fri, 08 Nov 1996 14:46:56 +0100, Matts Kallioniemi wrote:
> 
> >At 17:12 1996-11-07 -0800, jim bell wrote:
> >>Simple analogy:  Suppose you put two people into a room with a deck of 
> >>playing cards and a table, instructing "Person A" to build a house-of-cards, 
> >>and telling "Person B" to stop him from achieving his goal.  Who do you 
> >>think will win?  Obviously, the latter will win:  It's vastly easier to 
> >>knock such a structure down than to build it in the first place,  and all 
> >>"Person B" has to do is occasionally take a whack at the structure. 
> >
> >What if Person A is better armed? Could that change the outcome?
> >
> >
> >
> 
> What if person A has a pack of chewing gum?
> 
> 
> mhayes at infomatch.com
> 
> It's better for us if you don't understand
> It's better for me if you don't understand
>                                              -Tragically Hip
> 
> 
> 
> 
> 
> 





From ph at netcom.com  Sun Nov 17 18:32:33 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sun, 17 Nov 1996 18:32:33 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <v02140b00aeb57052428c@[192.0.2.1]>


At 1:23 PM 11/17/1996, Timothy C. May wrote:
>At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:
> For the specific example Peter cites, of a member of Parliament who doesn't
> like the possibility of anonymity....well, he wouldn't be part of the
> DC-Net would he? Generally, there are no cryptographic solutions that will
> encompass the case where some member wants to speak anonymously, but no one
> else does. If a message originates from "someone in Parliament," but only
> one member of Parliament is set up to speak anonymously, then of course by
> simple elimination he is the speaker. As before, this is beyond any
> cryptographic solution.

It turns out - amazingly enough - that this is not true!

Hal Finney mentioned on Friday a paper by Chaum and Heyst entitled
"Group Signatures."  It was presented at EuroCrypt '91.

I scanned this paper today and it has four schemes, the last of which
requires no participation of a trusted party or the other people
one wishes to hide amongst.  So long as everybody has published their
public key, the rogue Member of Parliament can sign messages without
revealing his identity, yet demonstrating that he is in fact a
Member of Parliament.  (Thanks Hal!)

It uses a zero-knowledge proof.  Hal said earlier that it was not
clear to him that this could be turned into a non-interactive proof.
It isn't clear to me, either.  Whatever the case, I consider
the problem solved.

It would be nice if it were non-interactive, but the rogue MP need only
demonstrate his identity to ten or so publicly trusted parties to have
enough basis to make statements that the world will consider to be credible.

> There may be easier to implement approaches, such as the ones people have
> proposed involving distribution of "voting tokens" (blinded, for anonymity).

> Anonymous voting is, in fact, formally equivalent (with some hand-waving
> about some details) to the problem of untraceable speaking. The example
> Peter cited, of a MP wanting to "speak anonymously" is equivalent to
> wanting his vote--on Northern Ireland, for example--to be anonymous.

I would say that it is slightly different in that anonymous voting
requires that you guarantee that each voter votes only once.  Clearly
these are similar problems.

Tangentially, I would really enjoy the privilege of verifiable anonymous
voting using my computer.  As it is now, I have no way of telling
whether my vote counts or not.  The entire process is handled by
people I don't know and have no particular reason to trust.

> A simple form of this is "blackballing." Members have white and black
> balls, and place one of the balls in an urn. Properly implemented, this
> gives anonymity.

I always wondered where that term came from.  Chaum and Heyst's protocol
above could be used for blackballing in cases where only one black ball
can make the decision.  For instance, some clubs have a rule that any
current member can "blackball" prospective members.  (Sounds harsh?
Not as harsh as learning that a *majority* of the club didn't like you!)

Peter Hendrickson
ph at netcom.com







From ichudov at algebra.com  Sun Nov 17 18:41:00 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sun, 17 Nov 1996 18:41:00 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <wk2JXD35w165w@bwalk.dm.com>
Message-ID: <199611180235.UAA00791@manifold.algebra.com>


Dr.Dimitri Vulis KOTM wrote:
> ichudov at algebra.com (Igor "FUCK MNE HARDER" Chudov @ home) writes:
> > Dr.Dimitri Vulis KOTM wrote:
> > > Therefore it's sometimes more profitable for a company to raise money by
> > > issuing bonds (debt) and paying tax-deducuble interest than by selling its
> > > stock (equity) and paying non-decuctible dividentds to stockholders.
> > There is, in fact, a neat theorem that says that (*_under certain
> > assumptions_*) the value of a firm does not depend on its capital
> > structure.
> 
> Igor, you begin to sound just like Timmy May - talking about things you know
> nothing about. 

Surely I know nothing about finance. Never claimed otherwise.

> Yes, there's a famous theorem by Franco Modigliani and Merton
> Miller, the Nobel prize winners which says that ABSENT TAXES, the value of the
> firm doesn't depend on its debt-to-equity ratio. M&M also show that under U.S.
> tax laws the best capital structure is 100% debt (again, ignoring other
> available deductions, such as depreciation, and increased risk and cost of
> borrowing as the debt increases).

See below.
 
> "The value of the levered firm is the value of the levered firm plus the
> interest tax shield (the amount of debt times the tax rate)."
> 
> Companies would borrow less (and people would take out mortgages on their
> residences less) if the interest payments weren't tax-deductible.

See, for example, Merton H. Miller, "Debt and Taxes", American Finance
Assn., Vol. XXXII, May 1977, No. 2. 

Page 262: ``... They conclude that the balancing of these bankruptcy costs
against the tax gains of debt finance gives rise to an optimal capital
structure, just as the traditional view has always maintained, though
for somewhat different reasons. 

It is this new and currently fashionable version of the optimal
capital structure that I propose to challenge here. I will argue that 
even in a world in which interest payments are fully deductible in
computing corporate income taxes, the value of the firm, in equilibrium,
will still be independent of its capital structure.''

	- Igor.





From shamrock at netcom.com  Sun Nov 17 18:44:29 1996
From: shamrock at netcom.com (Lucky Green)
Date: Sun, 17 Nov 1996 18:44:29 -0800 (PST)
Subject: HP announcing some International Cryptography stuff on Monday
In-Reply-To: <199611180018.QAA10957@netcom6.netcom.com>
Message-ID: <Pine.3.89.9611171813.A12245-0100000@netcom14>


On Sun, 17 Nov 1996, Bill Frantz wrote:

> At 12:49 PM 11/15/96 -0800, Timothy C. May wrote:
> >It sounds ominous to me. Another backroom deal, probably for some form of
> >key recovery strategy, aka GAK.
> 
> I'd bet GAK too.  RSADSI has been working on GAK protocols, so these ones
> might actually work.  I feel as pessimistic about this one as Lucky usually
> is.

I have a hard time believing that Netscape caved. As I wrote in July, HP 
was working on selling our children's birthright to obtain an export 
license for their product. But Netscape participating in this just 
doesn't sound right.

> Since I am inherently optimistic, one ray of light may be that the San Jose
> Mercury News was mentioning the ability to export the system, and then when
> the necessary licenses (US and foreign) were obtained, turn on the
> encryption.  I guess from this that the encryption is in hardware.  Now,
> software/hardware interfaces are usually fairly simple, so what we have
> here is a software system with a crypto hook.

One possibility is that all crypto is done in hardware. The recent 
announcements by many hardware manufacturers that smartcard readers will 
be included in all their products (MS will put them into their keyboards) 
might get the necessary infrastructure deployed.

Of course, no crypto will work without the hardware token. The 
applications use signed code. Hardware tokens are only valid for a 
certain time. Making future mandatory upgrades to Fortezza, etc. a cinch.

--Lucky





From bdolan at USIT.NET  Sun Nov 17 18:44:35 1996
From: bdolan at USIT.NET (Brad Dolan)
Date: Sun, 17 Nov 1996 18:44:35 -0800 (PST)
Subject: TRW sells your credit data to British firm
Message-ID: <Pine.GSO.3.95.961117214248.10421A-100000@use.usit.net>


Assoc. Press 11/14/96:

A British retailer and credit checker said Thursday it was
buying Experian Corp., a former subsidiary of TRW and one of the 
biggest credit-rating business in the United States, for $1.7 billion. 
   
The deal is part of an effort by Great Universal Stores PLC, which owns the
Burberry retail chain and is Britain's largest catalog retailer, to position
itself as a global supplier of credit and marketing information. 

  [I wonder what recourse I have if GUS gets my credit data wrong?  Or 
   decides to share it with MI6?  -bd]
   
Great Universal, known more commonly as GUS, said it would pay $900 million
in cash and borrow the rest of the price for Orange, Calif.-based Experian,
which TRW sold in September. 
   
GUS plans to merge Experian into its credit information business, CCN. 
Experian chairman D. Van Skilling said the two companies have many customers
in common and will be able to provide them easier access to credit information
around the world. 

   [...]

Experian is one of the largest providers of credit reports on consumers with
information on 93 percent of U.S. households and 12 million businesses.
Experian says its database may be the broadest and most current in the country.
The company also helps businesses identify potential customers. 
   
Great Universal entered the credit information business in 1980 and now has
customers throughout Europe and has operations in Asia, South Africa, and the
United States. 
   
TRW completed the sale of Experian for $1.01 billion less than two months
ago. An investor group led by Bain Capital Inc. and Thomas H. Lee Co., both of
Boston, bought the company. TRW kept a 16 percent stake in Experian. 

   [I wonder who the "investor group" is comprised of?  I wonder why TRW would
    sell something for $1B that is apparently valued at $1.7B?  Reminds me of
    the local paper which was sold for $X to an investor group that included 
    Sen. Howard Baker and  (Pres. candidate) Lamar Alexander.  The investor 
    group then resold the paper for $2X or $3X.  What business accumen! -bd]








From ph at netcom.com  Sun Nov 17 18:45:55 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Sun, 17 Nov 1996 18:45:55 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <v02140b03aeb57df576d3@[192.0.2.1]>


At 6:32 PM 11/17/1996, Peter Hendrickson wrote:
>At 1:23 PM 11/17/1996, Timothy C. May wrote:
>>At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:
>> For the specific example Peter cites, of a member of Parliament who doesn't
>> like the possibility of anonymity....well, he wouldn't be part of the
>> DC-Net would he? Generally, there are no cryptographic solutions that will
>> encompass the case where some member wants to speak anonymously, but no one
>> else does. If a message originates from "someone in Parliament," but only
>> one member of Parliament is set up to speak anonymously, then of course by
>> simple elimination he is the speaker. As before, this is beyond any
>> cryptographic solution.

> It turns out - amazingly enough - that this is not true!

It turns out - not so amazingly - that Tim is right!

See Hal Finney's post of about this time.  It turns out that the
other Members of Parliament do have to cooperate.

Sorry about that.

Peter Hendrickson
ph at netcom.com







From hal at rain.org  Sun Nov 17 18:51:25 1996
From: hal at rain.org (Hal Finney)
Date: Sun, 17 Nov 1996 18:51:25 -0800 (PST)
Subject: HP's crypto technology
Message-ID: <199611180213.SAA04599@crypt.hfinney.com>


I was poking about on the hp web server, trying to get some more hints
about the technology they are pushing:

<URL: http://www-dmo.external.hp.com/gsy/press/sevcik.html>

> Date: 7/11/96
> 
> Rich Sevcik, vice president and general manager of the Systems
> Technology Group, testified to a U.S. Senate subcommittee June 12 on
> the importance of cryptography to Hewlett-Packard's ability to compete
> in the international marketplace and to the nation's high-technology
> competitiveness.
>
> [...]
> 
> In conclusion, he introduced HP's technology called the International
> Cryptography Framework (ICF). Products based on ICF would contain a
> suite of cryptography capabilities of various strengths and types,
> all non-functional. A customer then could enable the desired types and
> strengths of cryptography in conformance with export and host government
> regulations by obtaining a stamp-size smart card (known as a "policy
> card"), programmed to turn on the particular cryptography capability
> allowed. This would protect the right of each nation to establish an
> independent policy governing cryptography in digital communication and
> storage. Sevcik showed the subcommittee members a prototype cryptography
> unit and several policy cards. He said HP plans to have an initial
> ICF product available later this year as part of a total smart card
> system solution offered due to an alliance with Informix and GEMPLUS,
> with other ICF-based products planned for next year.
> 
> U.S. export license authorities are finishing their review of this
> first-phase implementation of ICF. "We have been extremely pleased with
> the responsiveness and cooperation of these agencies in the review of
> our technology," Sevcik said. "We have every reason to believe that
> the cryptographic unit and host systems will be granted liberal export
> authorization consistent with our expectations for ICF."


<URL: http://www.hp.com/csopress/95sep26.html>

> Press Release
> 
> HP Announces Alliance with Gemplus and Informix to Deliver Personal
> Information Cards for Consumers
> 
> U.S. Government Reviewing Industry-backed HP International Cryptography
> Framework
> 
> September 26, 1995
> 
> PALO ALTO, Calif., Sept. 26, 1995 -- Hewlett-Packard Company, Gemplus
> and Informix today announced the formation of an alliance to develop a
> secure infrastructure that will enable corporations to speed new services
> to consumers via a credit-card-sized personal information card.
> 
> These cards will carry several thousand times the amount of data carried
> by currently available smart cards. Additionally, the data on these cards
> will be fully encrypted for secure international communication, so the
> card will be able to be used anywhere in the world. HP believes that
> the U.S. government will authorize the export to commercial enterprises
> of products in Phase I(1) of HP's international cryptography framework
> standard -- one of the underlying technologies in the infrastructure
> that will enable the international use of personal information cards. The
> framework is based on HP's open cryptographic structure.
> 
> [...]





From tcmay at got.net  Sun Nov 17 19:13:42 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 17 Nov 1996 19:13:42 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v02140b00aeb57052428c@[192.0.2.1]>
Message-ID: <v03007800aeb58385887b@[207.167.93.63]>


At 6:32 PM -0800 11/17/96, Peter Hendrickson wrote:
>At 1:23 PM 11/17/1996, Timothy C. May wrote:
>>At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:
>> For the specific example Peter cites, of a member of Parliament who doesn't
>> like the possibility of anonymity....well, he wouldn't be part of the
>> DC-Net would he? Generally, there are no cryptographic solutions that will
>> encompass the case where some member wants to speak anonymously, but no one
>> else does. If a message originates from "someone in Parliament," but only
>> one member of Parliament is set up to speak anonymously, then of course by
>> simple elimination he is the speaker. As before, this is beyond any
>> cryptographic solution.
>
>It turns out - amazingly enough - that this is not true!
>
>Hal Finney mentioned on Friday a paper by Chaum and Heyst entitled
>"Group Signatures."  It was presented at EuroCrypt '91.
>
>I scanned this paper today and it has four schemes, the last of which
>requires no participation of a trusted party or the other people
>one wishes to hide amongst.  So long as everybody has published their
>public key, the rogue Member of Parliament can sign messages without
>revealing his identity, yet demonstrating that he is in fact a
>Member of Parliament.  (Thanks Hal!)

OK, so let's make my example concrete. Ten people form a group such as we
have been discussing. A message emanates from the group at some time. Nine
of the members are actually FBI agents. They know they didn't issue the
message. (I mentioned the meta-issue of their lying, so no smart aleck
comments about the FBI planting the message!). Q.E.D., any message must've
come from the 10th member. All the zero knownledge and DC-Net software in
the world can't change this basic existential truth.

This was my point that "this is beyond any cryptographic solution."

Please explain, Peter, how your example of signing messages but not
revealing identity precludes this meta-cryptography means of revealing
identities?

So far as know, in _any_ N-party cryptographic game, if N - 1 are acting as
one (colluding, sharing), this reduces to a 2-party game. And the second
party can always know if he was the source of a message or not. If he was
not, the message must have come from the other party.

(If I am wrong on this, I'll be shocked, and pleasantly surprised that
crypto has revealed something amazing. I rather doubt I will.)

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Sun Nov 17 19:14:56 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 17 Nov 1996 19:14:56 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <v02140b03aeb57df576d3@[192.0.2.1]>
Message-ID: <v03007801aeb586031e72@[207.167.93.63]>


At 6:45 PM -0800 11/17/96, Peter Hendrickson wrote:
>At 6:32 PM 11/17/1996, Peter Hendrickson wrote:
>>At 1:23 PM 11/17/1996, Timothy C. May wrote:
>>>At 11:43 AM -0800 11/17/96, Peter Hendrickson wrote:
>>> For the specific example Peter cites, of a member of Parliament who doesn't
>>> like the possibility of anonymity....well, he wouldn't be part of the
>>> DC-Net would he? Generally, there are no cryptographic solutions that will
>>> encompass the case where some member wants to speak anonymously, but no one
>>> else does. If a message originates from "someone in Parliament," but only
>>> one member of Parliament is set up to speak anonymously, then of course by
>>> simple elimination he is the speaker. As before, this is beyond any
>>> cryptographic solution.
>
>> It turns out - amazingly enough - that this is not true!
>
>It turns out - not so amazingly - that Tim is right!
>
>See Hal Finney's post of about this time.  It turns out that the
>other Members of Parliament do have to cooperate.
>
>Sorry about that.

My response to your first message just was being sent as I was receiving
this one.

Glad to know my intuitions were sound.

--Tim



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From froomkin at law.miami.edu  Sun Nov 17 19:17:55 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Sun, 17 Nov 1996 19:17:55 -0800 (PST)
Subject: Emergency powers
In-Reply-To: <Pine.SUN.3.91.961117164425.15672A-100000@panix.com>
Message-ID: <Pine.SUN.3.95.961117220716.9703C-100000@viper.law.miami.edu>


On Sun, 17 Nov 1996, Charles Platt wrote:

> Of course, Michael Froomkin is right in everything he says about
> presidential emergency powers. But an unconstitutional abuse of power is

After this start, how could I be churlish enough to quibble with anything
you say?

> surely not acceptable merely because it has become a routine method for
> accomplishing everyday legislative tasks.  First, it allows significant

We need to be careful here.  Which is the unconstitutional abuse?

a) The Act giving the President emergency powers (IEEPA)
b) The President's use of the act (in this case or in other cases)
c) The courts' decision that the existence of an emergency (as opposed to
the way the powers are used) is not reviewable (more or less on political
question grounds).
d) all of the above.

If I had to pick, my first choice is probably b, then c, then a.  I have
some sympathy for the willingness of courts to duck national security
issues, although not enough sympathy to encompass the amount of ducking we
get.

> possibility for future abuse; and second, if the Constitution is routinely
> circumvented, this diminishes its general power (as any law loses its

Again, what's the circumvention?  The administration, let us assume
honestly, believes that the spread of strong reliable crypto abroad is a
big threat;  if it happens it cannot be undone. They think it ("reliable") 
hasn't happened yet.  I'm inclined to think they're right about the facts
(see e.g. the thread on c'punx or coderpunx about lousy DES
implementations), so far. 

Is it "unconstitutional" to call this an emergency?  Judgment call.  I
think it's an abuse, but it is (1) routinized (EEA lapses have been dealt
with this way before and NO ONE COMPLAINED, not Congress, not the press,
not the courts, not the exporters, not the public); the administration
could reasonably think this was not a controversial thing to do; (2)
within the letter of the act as interpreted (too loosely) by the courts

So all three branches of government agree this is constitutional, and the
public hasn't complained.   Not exactly the foundation for a revolutionary
moment.  Rather, it is time to complain -- while understanding the
context.

> power when it is routinely flouted). The situation is all the more
> troubling because it receives so little publicity, outside of militant
> "extremist" groups (i.e. those that are crazy enough to believe that
> presidential power should be limited in accordance with the law of the
> land). When a president can take almost action under the excuse that it's

Recall that the President almost certainly couldn't do this if Congress
hadn't passed a statute ("the law of the land").  I still think that
Congress is the place where this should, and perhaps ultimately will, be
decided.

I also bet that if Congress did get sensitized to this issue ... they'd
respond by reactivating the EAA.  I don't get the feeling there is a
groundswell in Congress for abandoning export control (recall that the EAA
controls all dual use munitions -- including missile guidance systems).
This is why the courts are all too likely to allow it.  No one in
government wants to allow weapons parts to be freely exported.

[...]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From ses at tipper.oit.unc.edu  Sun Nov 17 19:24:12 1996
From: ses at tipper.oit.unc.edu (Simon Spero)
Date: Sun, 17 Nov 1996 19:24:12 -0800 (PST)
Subject: Members of Parliament Problem
In-Reply-To: <199611171837.SAA00457@server.test.net>
Message-ID: <Pine.SUN.3.91.961117222151.12758A-100000@tipper.oit.unc.edu>


On Sun, 17 Nov 1996, Adam Back wrote:

> Simon Spero <ses at tipper.oit.unc.edu> writes:
> 
> Reasonable, except that it's linkable.  You may not want it to be
> linkable, because the more messages signed with the key, the greater
> the chance that speech paterns give away the speaker.

How about using ephemerialish keys (keys issued in big batches, etc)? 
All you need is a quick way to generate a few hundred or thousand RSA keys...

Simon





From tcmay at got.net  Sun Nov 17 19:42:56 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 17 Nov 1996 19:42:56 -0800 (PST)
Subject: Filters and Freeh
In-Reply-To: <Pine.LNX.3.95.961117073649.25183D-100000@dhp.com>
Message-ID: <v03007802aeb587b383d2@[207.167.93.63]>


At 7:55 PM -0500 11/17/96, Brian Davis wrote:

>Regardless of what good he may have done in the past, Vulis was (and is)
>engaged in an enormously egotistical disply of bad manners and off-topic
>posting.  Having just installed Eudora Pro 3.0, I know that I can easily
>filter him out, but have hesitated to use filters in the past.  Vulis may
>be the one to push me over the edge.

I've been using Eudora for several years, and Pro since it came out. I
heavily use filters to sort the various mailing lists into their own
folders, so it's natural enough to filter a few names into "Twit" or
"Trash" folders. I do sometimes look over what's in these folders before
emptying them; the status of the messages helps to remind me not to respond
to them, even if I happen to look at them. With Vulis and aga spewing so
much bile, I'm increasingly tempted to empty the trash before even
beginning to read my messages, to remove any temptation to monitor what
they're saying.

I think Gilmore made a tactical error, with predictable effects. But I've
also tried to stay out of either the piling-on or the defense of John.

>primarily because a lot of people are listmembers.  This confiscation of
>private property would, I thought, be inimical to the cypherpunks general
>philosophy (to the extent one exists).  I'm sure Louis Freeh will be
>pleased to know that you believe in such confiscation.  With email

I know you mean this as a jibe (invoking the name of the Great Enemy as the
ally of one's enemy). Even opponents of GAK and Freeh in general don't hold
that Freeh supports confiscation of private property (except in RICO cases,
drug case forfeitures, or when illegal religions are practicing in Waco, or
when...well, maybe he _does_, now that I think about it! :-))


>Just because you don't get your way, doesn't mean that what happened was
>illegal or even wrong.  Your authoritarian views would do Stalin proud.
>

Good sentiments for an ex-prosecutor!

(Again, I should clarify. I doubt many prosecutors are
authoritarian-minded, politically. I even doubt many of them would support
GAK and mandatory key escrow...wait until their own communications are
GAKked, wait until they realize that attorney-client electronic
transmissions are GAKked, with no certainty that  the other side has not
used various national security or whatever justifications for peeking....I
think even the prosecutors of the country will feel some strong civil
libertarian twinges.)

While I don't believe many people in government are "evil" or have "bad
intentions," I'm a strong believer that _systemic_ or _institutional_ evil
is possible. Thus, the wide opposition to mandatory key escrow, just as
civil libertarians of all stripes would oppose mandatory tatooing of
national I.D. barcodes on arms, or the mandatory retro-fitting of all homes
with special curtains containing a police-accessible "transparency mode."

Domestic rules about crypto--when they come, perhaps as early as in the
next several years, depending on external events and on the political
climate--will trigger huge constitutional challenges. Much bigger than the
Bernstein and Junger cases. Maybe bigger than the CDA case.

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Sun Nov 17 20:01:40 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 17 Nov 1996 20:01:40 -0800 (PST)
Subject: What do our Netscape folks have to say?
In-Reply-To: <199611180018.QAA10957@netcom6.netcom.com>
Message-ID: <v03007804aeb58e6b17f8@[207.167.93.63]>


At 6:44 PM -0800 11/17/96, Lucky Green wrote:

>I have a hard time believing that Netscape caved. As I wrote in July, HP
>was working on selling our children's birthright to obtain an export
>license for their product. But Netscape participating in this just
>doesn't sound right.

Indeed, some comments from the usually-vocal Weinstein brothers would be
most welcome.

(I presume they "won't comment on rumors." After Monday's announcement, I
hope we'll hear from the various Netscape people who have commented in the
past.)

If Netscape is part of this sorry situation, it will mean that Jim Clarke's
expression of support for GAK a year ago was the _real_ story, with the "we
won't cave" noises just a pacifier.

By the way, Netscape once promised that their new corporate position was
this: that if the U.S. government insisted on a crippled version for
export, the domestic version would not be crippled at all.

I for one don't think that having the same smartcard, but with different
permissions or approval processes, constitutes having the U.S. version be
"uncrippled."

(Why? Because if Netscape and others widely deploy the H-P/Intel GAK
product, the government could decide any time they want to tighten
licensing for U.S. users, for felons, etc.)

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Sun Nov 17 20:05:45 1996
From: tcmay at got.net (Timothy C. May)
Date: Sun, 17 Nov 1996 20:05:45 -0800 (PST)
Subject: TRW sells your credit data to British firm
In-Reply-To: <Pine.GSO.3.95.961117214248.10421A-100000@use.usit.net>
Message-ID: <v03007805aeb5918cd43d@[207.167.93.63]>


At 9:44 PM -0500 11/17/96, Brad Dolan wrote:

>   [I wonder who the "investor group" is comprised of?  I wonder why TRW would
>    sell something for $1B that is apparently valued at $1.7B?  Reminds me of
>    the local paper which was sold for $X to an investor group that included
>    Sen. Howard Baker and  (Pres. candidate) Lamar Alexander.  The investor
>    group then resold the paper for $2X or $3X.  What business accumen! -bd]

TRW needed to launder $700 M. Or it may'be been a bribe for some other
business deal. Or it may'be been a sweetheart deal for the ex-TRW execs.

Jeez, ask a stupid question...

:-}


--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From jer+ at andrew.cmu.edu  Sun Nov 17 21:13:08 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Sun, 17 Nov 1996 21:13:08 -0800 (PST)
Subject: HP announcing some International Cryptography stuff on Monday
In-Reply-To: <199611180018.QAA10957@netcom6.netcom.com>
Message-ID: <0mXyzk200YUd0WZTA0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

frantz at netcom.com (Bill Frantz) writes:
> At 12:05 PM 11/15/96 -0800, John Gilmore wrote:
> >Are they the next Big Company to knuckle under to the Feds?  Their
> >pcmcia-with-local-country-surveillance-chip-socket initiative never
> >seemed to go anywhere.
> 
> Since I am inherently optimistic, one ray of light may be that the San Jose
> Mercury News was mentioning the ability to export the system, and then when
> the necessary licenses (US and foreign) were obtained, turn on the
> encryption.  I guess from this that the encryption is in hardware.  Now,
> software/hardware interfaces are usually fairly simple, so what we have
> here is a software system with a crypto hook.

So what if the "license" is really the key? Sure, it would be
possible to generate your own kwys, but it's possible to export strong
crypto. Large commercial interests tend not to want to run afoul of
the USG. 

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo/v6skz/YzIV3P5AQG6RwMAleccaFPQO1R4iJbAV/wXj3dF41L8c/5f
pS8meubkoHfxuoywGwXiEyXKL1exzDNFE83L7E5jEHH8XR+gBZEpbV57zt4Ggyyr
eV2DUXWSPmFhO8Pl+BohDYadjY4oFkvQ
=YZut
-----END PGP SIGNATURE-----





From piotrk at opnt.optimus.wroc.pl  Mon Nov 18 00:31:39 1996
From: piotrk at opnt.optimus.wroc.pl (Piotr Kunio)
Date: Mon, 18 Nov 1996 00:31:39 -0800 (PST)
Subject: No Subject
Message-ID: <01BBD533.96D4D6C0@opw13.optimus.wroc.pl>


unsunscribe






From nobody at replay.com  Mon Nov 18 00:50:03 1996
From: nobody at replay.com (Anonymous)
Date: Mon, 18 Nov 1996 00:50:03 -0800 (PST)
Subject: No Subject
Message-ID: <199611180742.IAA24657@basement.replay.com>


>While I don't believe many people in government are "evil" or have "bad
>intentions," I'm a strong believer that _systemic_ or _institutional_ evil
>is possible. Thus, the wide opposition to mandatory key escrow, just as
>civil libertarians of all stripes would oppose mandatory tatooing of
>national I.D. barcodes on arms, or the mandatory retro-fitting of all homes
>with special curtains containing a police-accessible "transparency mode."

And the vision of 1984 looms ever closer. Pity you guys guessed....your activites have put us 12 years behind schedule to date, and we're not happy about that.

--NSA






From dthorn at gte.net  Mon Nov 18 00:50:07 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 18 Nov 1996 00:50:07 -0800 (PST)
Subject: San Jose Mercury News declares encryption battle over
In-Reply-To: <199611170747.AAA27780@infowest.com>
Message-ID: <32900924.5F25@gte.net>


attila at primenet.com wrote:
>    at 07:52 PM, Dale Thorn <dthorn at gte.net> said:
> ::Point 2: I've said something like this before, but here's a place where
> ::it could mean something.  If c-punks and others could divvy up as many
> ::of the supporting functions of "strong" crypto as possible, and issue
> ::them in a set of commonly-available libraries for any and all programmers,
> ::along with source code, then an application programmer (theoretically)
> ::could order up some of these libraries and write some useful crypto code
> ::in short order.

>         one of the best proposals in many years --we have all made good
>     use of library code over the years, unless the simpleton coder has a
>     obsessive-compulsive masochistic need to write an extra 20-50,000
>     lines of 'reinvent the wheel' code.

[remaining text deleted]

I wouldn't bother the list with this kind of suggestion except that,
since so many subscribers feel the situation of freedom -vs- the new
federal urgency to shut down crypto is getting desperate, I urge a
desperate solution, i.e., an unparalleled level of cooperation.

As a personal preference, assuming no government involvement, I would
recommend more creativity and choices, but....







From nobody at huge.cajones.com  Mon Nov 18 00:51:46 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 00:51:46 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <199611180713.XAA26863@mailmasher.com>



At 8:03 PM 11/17/1996, Black Unicorn wrote:
>On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:
>> Are there similar sources of information calculating privacy risk?  I
>> don't think so.
>
>Ah, so let's ignore the risks, on the grounds that we have no idea what
>they might be, or their magnitude.  That's clever.  I like that.

The risks are not being ignored.  What is there to fear?

>> Informally, I don't know anybody who has suffered due to a loss of
>> privacy.
>
>Your circle of associations must be limited.

Examples?

>> My question remains unanswered, probably because privacy isn't worth
>> the effort.
>
>And no one can answer that question but you.  Privacy is a personal
>decision.  I'm sure there are many out there who will suffer no harm even
>if their SSN is published in the Wall Street Journal.

The experience of others has value.

>Why, however, fail to take out insurance when the cost is so low?  Really
>it doesn't take much in the way of effort or money to assure one's
>privacy.  (Hint: It's getting cheaper every day in some ways).
>
>Answer: Nearly all of the cost of privacy is concentrated in set up cost.
>Maintaince costs are minimal once set up has been made.  Yet getting over
>that first hurdle is the biggest leap.

Good.  We are getting somewhere.







From ckuethe at gpu.srv.ualberta.ca  Mon Nov 18 00:53:34 1996
From: ckuethe at gpu.srv.ualberta.ca (C Kuethe)
Date: Mon, 18 Nov 1996 00:53:34 -0800 (PST)
Subject: HP announcing some International Cryptography stuff on Monday
In-Reply-To: <Pine.3.89.9611171813.A12245-0100000@netcom14>
Message-ID: <Pine.A32.3.93.961117233339.14170A-100000@gpu3.srv.ualberta.ca>


On Sun, 17 Nov 1996, Lucky Green wrote:

> One possibility is that all crypto is done in hardware. The recent 
> announcements by many hardware manufacturers that smartcard readers will 
> be included in all their products (MS will put them into their keyboards) 
> might get the necessary infrastructure deployed.
> 
> Of course, no crypto will work without the hardware token. The 
> applications use signed code. Hardware tokens are only valid for a 
> certain time. Making future mandatory upgrades to Fortezza, etc. a cinch.
> 
> --Lucky

Ok... I want everybody to go buy a box of diskettes, and put copies of PGP
on them.  Then we'll save our boxes of PGP for when everything but GAK is
illegal, and the thought police are stealing hard drives.  BTW, I really
like that thermite on the HD thing. A possibly better idea could be
something that eats the platters.... little container of nitric acid.
Anyway.. that's off topic. 

If I'm understanding correctly, In the year 2000 (whatever) when we use
crypt(3) it's just a call to the NSAcryptoGAK chip on the board. and
that's supposed to be good enough for everyone.  What's next? A processor
that detects an unGAK'd software crypto program running and phones the NSA
or whoever?

One more thing... what's this about MD5 being broken... references,
webpages, whatever would be nice.

--
Chris Kuethe <ckuethe at gpu.srv.ualberta.ca> LPGV Electronics and Controls
http://www.ualberta.ca/~ckuethe/
http://www.dcs.ex.ac.uk/~aba/rsa/
RSA in 2 lines of PERL
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






From hyperlex at hol.gr  Mon Nov 18 00:54:42 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Mon, 18 Nov 1996 00:54:42 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611181045.IAA00935@prometheus.hol.gr>


At 08:04 �� 17/11/1996 -0500, Black Unicorn wrote:
>> Given that the free market rule is "he who has the money makes the
>> rules", please explain how anything less than "subsidized speech" (as
>> you put it) is anything close to free speech?
>> 
>> [For those who's assumptions rule their perception: I am *not* arguing
>> that all speech should be subsidized. I am merely pointing out that
>> the organization that is spending the money to broadcast is
>> controlling the speech, hence it is *not* free speech in terms of
>> freedom or cost.]

>Again, you confuse free speech with free broadcast.

Well, I propose a solution to this problem: I don't mind paying fees in
fact, if the prices are reasonable. For instance THIS text was _paid_ for,
since I pay my Internet provider a certain amount of money every month.

It would be unthinkable, however, that my Internet Provider would mess
around with THIS text, or with ANY opinion of mine (I am sure you agree).

Now, a mailing list has _some_ similarities to the services of an
Internet provider, except (usually) the _cost_.  I am sure Mr. Gilmore
would be more than happy to be _paid_ for the (faulty) services he
provides (to his list-members), since e.g. 1900 members times $1 per
2 months (shall we say) would earn him (shall we say) 950 dollars a
month; Not much perhaps in some countries, but enough in most places
as compensation for the services he provides.

The problem with Mr. Gilmore (apart from being an asshole) is really
that he is rather a thick-minded proponent of censorship of his list's
'eccentric' members, that such subtleties don't even cross his mind.








>Forward complaints to : European Association of Envelope Manufactures
>Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
>Vote Monarchist         Switzerland

"Heaven is a place policed by the English, cheered-up by the the Greeks,
 and organized by the Germans. Hell is a place organized by the Greeks,
 policed by the Germans, and cheered-up by the English."

...And what have the noble Swiss got to with this shit?
They are the bankers for both!

:-)
Regards
George









From dlv at bwalk.dm.com  Mon Nov 18 00:58:38 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 00:58:38 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <wk2JXD35w165w@bwalk.dm.com>
Message-ID: <oHNkXD8w165w@bwalk.dm.com>


Oops:

dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes:

> "The value of the levered firm is the value of the levered firm plus the
                                                     ^un
> interest tax shield (the amount of debt times the tax rate)."


---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From haystack at cow.net  Mon Nov 18 00:59:02 1996
From: haystack at cow.net (Bovine Remailer)
Date: Mon, 18 Nov 1996 00:59:02 -0800 (PST)
Subject: No Subject
Message-ID: <9611180453.AA24910@cow.net>


The report estimated no such thing..its an urban myth. Give me a 
citation for the statistic from the report.

On Sun, 17 Nov 1996, blanc wrote:

> From:	Dr.Dimitri Vulis KOTM
[cut]
> dv:   I don't think John Gilmore's sexual practices are *that* bizarre. 
> The Kinsey report estimates that 10% of the population shares his 
> practices.
> 
> bw:   I guess you think you're talking to someone who gives a flip.








From author at pobox.com  Mon Nov 18 00:59:06 1996
From: author at pobox.com (Bob Faw)
Date: Mon, 18 Nov 1996 00:59:06 -0800 (PST)
Subject: [Fwd: National Emergency]
Message-ID: <2.2.16.19961118063228.53b7f698@omail.eee.org>


At 10:15 PM 11/17/96 -0700, you wrote:
>This information may be of interest to you. Forwarded with permission.
>
>--RJ Dawnne Gee

        Why Dawnne, this is only logical--considering that the new
"WEB-access TV" set announced this week has been declared a "weapon" for
export purposes by our government.  When our leaders consider public
information to be a threat to national security, we're in a whole lot more
trouble than most folks realize.
 
bob faw

p.s.  Go to bed, dude, it's getting late.  ;-)

bob

----------------------------------|-------------------------------------
B. D. "Bob" Faw                   |NewMedia Editor, Columnist, Webmaster
Poet, Scholar, WordSmith, Engineer|"American Wine on the Web"
  http://www.eee.org/bobfaw/      |  (a complete Internet wine magazine)
    bob_faw at eee.org               |    http://www.2way.com/food/wine/
      bfaw at cello.gina.calstate.edu|       newbie at pobox.com
        author at pobox.com          |Senior Writer, "Faultline" TV Series
----------------------------------|-------------------------------------
Webmaster, "The Journal of International Information Management" (JIIM)
      http://bpa1.aic.csusb.edu/pages/students/info479/bfaw/jiim/
----------------------------------|-------------------------------------






From llurch at networking.stanford.edu  Mon Nov 18 01:00:42 1996
From: llurch at networking.stanford.edu (Rich Graves)
Date: Mon, 18 Nov 1996 01:00:42 -0800 (PST)
Subject: BayLISA: Randal Schwartz, Just Another Convicted Perl Hacker (fwd)
Message-ID: <Pine.GUL.3.95.961117210230.15571A-100000@Networking.Stanford.EDU>


This should be QUITE entertaining.

-rich

---------- Forwarded message ----------
Date: 17 Nov 1996 19:03:17 -0500
From: Laura de Leon <deleon at cat.hpl.hp.com>
Newsgroups: ba.announce
Subject: BayLISA: Randal Schwartz, Just Another Convicted Perl Hacker

The BayLISA group meets monthly to discuss topics of interest to systems
and network administrators.  The meetings are free and open to the public.

BayLISA holds monthly meetings on the third Thursday of each month at
7:30 PM PST.  We meet at Cisco building J in San Jose, on Tasman Drive near
First street. (This is across the street from the room we met in at Cisco last
month). See www.baylisa.org for more information.  The meetings are also
broadcast via MBONE.

NOTE:  AS OF OCTOBER, WE HAVE MOVED TO CISCO.  This is a new location. Thanks
very much to Synopsys for hosting us.

Schedule
--------
November 21

Randal Schwartz: Just Another Convicted Perl Hacker

This talk will describe how the speaker became a felon in the
process of doing his job as a systems administrator in the
well-publicized Oregon v. Schwartz case (victim: Intel).  It will
include some points about Oregon's current law and the implications
of this case on the computer community.  There will be a special
focus on how to make sure this doesn't happen to you.

There will be copies of Randal's new PERL book available if you would like to
get one signed.


BayLISA Board Elections & member meeting before the regular meeting
At 7:00, Elections for the BayLISA board will be held.  We encourage all
members to vote.  If you aren't a member, this is a good time to join (see our
Web site)


December 19
Our Holiday meeting-- Join us to share goodies and computer horror stories, as
well as descriptions of stupid computer tricks.  There will be a prize for best
story.  This is a very informal meeting, and will not be broadcast on the
MBONE.

January 16
Brent Chapman, Containment Zones (firewalls to keep people in)

February 20
Standards efforts and how they will effect you

March 20
Paul Vixie

[Schedule subject to change]

For further information on BayLISA, check out our web site:
http://www.baylisa.org/

To get further information on the meeting location, you can also ftp it from

	ftp.baylisa.org:/location

For any other information, please send email to:

	info at baylisa.org

If you have any questions, please contact me or the info alias listed above.











From dlv at bwalk.dm.com  Mon Nov 18 01:01:39 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 01:01:39 -0800 (PST)
Subject: [NOISE]  Want to know about this "aga" character?  Read the Grubo
In-Reply-To: <328F7BDD.D1F@netcom.com>
Message-ID: <gqmkXD7w165w@bwalk.dm.com>


In a touching display of Lesbian solidarity, Alan "got AIDS yet" Bostick
<abostick at netcom.com> sheds alt.grelb dandruff in support of his fellow
10%er, the plug-pulling liar and dishonorable censor John Gilmore:

> makes Dimitri Vulis appear sane, calm, and rational.

Bullshit. Nothing and no one makes me appear sane, calm, or rational,
not even The Herb. Read sci.med.cannabis for more details.

> Read the Grubor FAQ, http:blah blah blah
> for more details.

Also read http://www.mindspring.com/~netscum/flaqu for more details on
Alan, John, and their merry playmates.

> Alan "pseudonum of the LYING FORGER PETER VOROBIEFF!!!!1!" Bostick

Are Pidor Voribiev and John Gilmore lovers?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From nobody at huge.cajones.com  Mon Nov 18 01:03:15 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 01:03:15 -0800 (PST)
Subject: The Utility of PrivacyRe: The Utility of Privacy
In-Reply-To: <199611170222.SAA10990@mailmasher.com>
Message-ID: <199611180438.UAA15117@mailmasher.com>


Before we complete your school assignment for you how about letting us 
all know the due date and the credit value first.

On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:
 
> Privacy is a hassle.  Is it worth it?
> 
> Which unfortunate situations does privacy prevent?  What are the odds
> that they will occur?  How much effort will it take to prevent these
> outcomes?  As a model, use the present and future situation of a
> typical reader of this list.







From rcgraves at ix.netcom.com  Mon Nov 18 01:42:44 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Mon, 18 Nov 1996 01:42:44 -0800 (PST)
Subject: Why I shall never undescribe [NOISE] [DEATHS]
In-Reply-To: <199611162106.NAA18467@toad.com>
Message-ID: <32902F74.16C2@ix.netcom.com>


Sean Roach wrote:
> 
> At 08:50 AM 11/15/96 -0500, Alec wrote:
> >>From: Bovine Remailer <haystack at cow.net>
> >>To: cypherpunks at toad.com
> >>
> >>Foulmouthed Timothy May rehashes his lies like a rabid parrot
> >>choking on a stale mantra stuck in its poisonous beak.
> >
> >Where else today can one find such prose?  Nay poetry!
> >
> >And they say poetry is dead!
> 
> I thought they said that chivilry was dead.

No, you're thinking of Elvis.

-rich
 ever so happy to be having such an intellectually
 stimulating conversation in the privacy of his own home





From R.Hirschfeld at cwi.nl  Mon Nov 18 03:09:37 1996
From: R.Hirschfeld at cwi.nl (R.Hirschfeld at cwi.nl)
Date: Mon, 18 Nov 1996 03:09:37 -0800 (PST)
Subject: FC97 Final Call for Papers
Message-ID: <9611181046.AA28355=ray@groen.cwi.nl>


		      Financial Cryptography '97
		  February 24-28 1997, Anguilla, BWI
			FINAL CALL FOR PAPERS


General Information:

Financial Cryptography '97 (FC97) is a new conference on the security
of digital financial transactions.  The first meeting will be held on
the island of Anguilla in the British West Indies on February 24-28,
1997.  FC97 aims to bring together persons involved in both the
financial and data security fields to foster cooperation and exchange
of ideas.

Original papers are solicited on all aspects of financial data
security and digital commerce in general, including

    Anonymous Payments                      Fungibility       
    Authentication                          Home Banking       
    Communication Security                  Identification     
    Conditional Access                      Implementations    
    Copyright Protection                    Loss Tolerance     
    Credit/Debit Cards                      Loyalty Mechanisms 
    Currency Exchange                       Legal Aspects      
    Digital Cash                            Micropayments      
    Digital Receipts                        Network Payments   
    Digital Signatures                      Privacy Issues     
    Economic Implications                   Regulatory Issues  
    Electronic Funds Transfer               Smart Cards        
    Electronic Purses                       Standards
    Electronic Voting                       Tamper Resistance
    Electronic Wallets                      Transferability


Instructions for Authors:

Send a cover letter and 9 copies of an extended abstract to be
received by November 29, 1996 to the Program Chair at the address
given below.

The extended abstract should start with the title and an abstract
followed by a succinct statement appropriate for a non-specialist
reader specifying the subject addressed, its background, the main
achievements, and their significance to financial data security.
Submissions are limited to 15 single-spaced pages of 12pt type.
Notification of acceptance or rejection will be sent to authors no
later than January 17, 1997.

Authors of accepted papers must guarantee that their paper will
be presented at the conference.


Proceedings:

Proceedings of the conference will be published online in the Journal
of Internet Banking and Commerce.  Instructions and deadlines for
submission of final papers will be sent along with notification of
acceptance.


Stipends:

A very limited number of stipends may be available to those unable to
obtain funding to attend the conference.  Students whose papers are
accepted and who will present the paper themselves are encouraged to
apply if such assistance is needed.  Requests for stipends should be
addressed to one of the General Chairs.


Registration:

Conference registration and information on travel, hotels, and
Anguilla itself is available at URL http://www.offshore.com.ai/fc97/.


Workshop:

A workshop, intended for anyone with commercial software development
experience who wants hands-on familiarity with the issues and
technology of financial cryptography, is planned in conjunction with
FC97, to be held during the week preceding the conference.  For
further information, please contact one of the General Chairs.


Send Submissions to:

Rafael Hirschfeld
FC97 Program Chair
CWI
Kruislaan 413
1098 SJ Amsterdam
The Netherlands
email: ray at cwi.nl
phone: +31 20 592 4169
fax: +31 20 592 4199


Program Committee:

Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA
Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA
Rafael Hirschfeld, CWI, Amsterdam, The Netherlands
Arjen Lenstra, Citibank, New York, NY, USA
Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA
Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA
Charles Merrill, McCarter & English, Newark, NJ, USA
Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA
Sholom Rosen, Citibank, New York, NY, USA
Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA


General Chairs:

Robert Hettinga, Shipwright, Boston, MA, USA
   email: rah at shipwright.com
Vincent Cate, Offshore Information Services, Anguilla, BWI
   email: vince at offshore.com.ai


Conference, Exhibits, and Sponsorship Manager:

Julie Rackliffe, Boston, MA, USA
   email: rackliffe at tcm.org


Workshop Leader:

Ian Goldberg, Berkeley, CA, USA
   email: iang at cs.berkeley.edu


Financial Cryptography '97 is held in cooperation with the
International Association for Cryptologic Research.

Those interested in becoming a sponsor of FC97 or in purchasing
exhibit space, please contact the Exhibits and Sponsorship Manager.

A copy of this call for papers as well as other information about the
conference will be available at URL http://www.cwi.nl/conferences/FC97.





From dlv at bwalk.dm.com  Mon Nov 18 05:29:40 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 05:29:40 -0800 (PST)
Subject: Political influence [was: Re: A Disservice to Mr. Bell]
In-Reply-To: <199611180155.UAA25194@osceola.gate.net>
Message-ID: <NsaLXD10w165w@bwalk.dm.com>


Jim Ray <jmr at shopmiami.com> writes:
> I suppose that's why Clinton called himself a "libertarian" when it comes to
> gay rights. (Calling yourself something and actually *being* that something
> are, of course, different things.)

Jim Ray too is a libertarian. Can someone please give me judge Kozinski's
address (e-mail or snail)? Given how Jim Ray boasts of his conversations
with the good judge regarding anonymity, I'd like to share with the good
judge Jim Ray's complaint to postmaster at bwalk. Let him see the lying
shyster's true views on free speech and anonymity.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Mon Nov 18 05:29:48 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 05:29:48 -0800 (PST)
Subject: Off the subjects.
In-Reply-To: <19961117.193051.3502.1.Twilley@juno.com>
Message-ID: <7XaLXD11w165w@bwalk.dm.com>


twilley at juno.com (David Weintraub) writes:

>      I am anxious to find an E-mail list forum dealing
> with financial matters.  Possibly, there exists a forum to find a forum.
>
>      Here in New Jersey there are rumors running about; that 401K's, and
> other corporation contribution plans are corporate assets: both their
> contribution, and the monies deducted from your
> pay, as well as, any other contributions you may
> have made.
>
>      In the event of reorganization, in any form, including bankruptcy,
> these monies are available for
> redistribution to creditors.  Meaning, not us.

Generally speaking, this is true about company-sponsored pension plans,
deferred compensation, etc. Check out the new moderated newsgroup
misc.invest.financial-planning (sp?).

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From rp at rpini.com  Mon Nov 18 06:06:26 1996
From: rp at rpini.com (Remo Pini)
Date: Mon, 18 Nov 1996 06:06:26 -0800 (PST)
Subject: Cypherpunks, Inc?
Message-ID: <9611181404.AA28876@srzts100.alcatel.ch>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: azur at netcom.com, cypherpunks at toad.com
Date: Mon Nov 18 14:00:17 1996
> Now why don't the cypherpunks put together something like the item
> below? In fact, why don't we form some sort of Guild, trademark the term
> cypherpunks (I'll volunteer) and offer cracking and security products
> (like the one below) or services?  A product security endorsement from
> Cypherpunks Inc. could carry a lot of weight :-)

"We", do, check out the cryptocd at www.rpini.com.



- ------< fate favors the prepared mind >------
Remo Pini                        rp at rpini.com
PGP:  http://www.rpini.com/crypto/crypto.html
- ----< words are what reality is made of >----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.rpini.com/crypto/crypto.html

iQEVAwUBMpBd4hFhy5sz+bTpAQFqewf/aJ/xx/hxZn1o/nMKJcLjauCpfcZmxX12
aGD2fJw8PncAzmZAnyxP0/ymK21+mdry1wZPsJXLtqrwJqT8nxPqEXXtfh19MHm9
HB1pDo0nYSOWfP7ENq3lNe995FGEvQ6EMiyy/7PxulcY+0T53Q78CTk6GD0KgPxd
rqmfmxvqNuKERzCONhtirkiwkm2NjFT2ytd7H3VTFSUv7wIHGp2dFiiscC2csP2I
XUlVlQ7w6TUGkO498qSY3wB+ZLHMYYkU21rvKgCTz4AZqmTLRWgZar5g3qlug1uS
RA1r/GB3vfa6KuTcOGowt26FvROEsHu3ZSrZzOry8U0LMo2tgIcNtA==
=vtPA
-----END PGP SIGNATURE-----






From rah at shipwright.com  Mon Nov 18 06:06:27 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 18 Nov 1996 06:06:27 -0800 (PST)
Subject: FC97 Final Call for Papers
Message-ID: <v0300782faeb61786f01e@[206.119.69.46]>



--- begin forwarded text


Sender: e$@thumper.vmeng.com
Reply-To: R.Hirschfeld at cwi.nl
Precedence: Bulk
Date: Mon, 18 Nov 1996 11:46:13 +0100
From: R.Hirschfeld at cwi.nl
To: Multiple recipients of <e$@thumper.vmeng.com>
Subject: FC97 Final Call for Papers

		      Financial Cryptography '97
		  February 24-28 1997, Anguilla, BWI
			FINAL CALL FOR PAPERS


General Information:

Financial Cryptography '97 (FC97) is a new conference on the security
of digital financial transactions.  The first meeting will be held on
the island of Anguilla in the British West Indies on February 24-28,
1997.  FC97 aims to bring together persons involved in both the
financial and data security fields to foster cooperation and exchange
of ideas.

Original papers are solicited on all aspects of financial data
security and digital commerce in general, including

    Anonymous Payments                      Fungibility
    Authentication                          Home Banking
    Communication Security                  Identification
    Conditional Access                      Implementations
    Copyright Protection                    Loss Tolerance
    Credit/Debit Cards                      Loyalty Mechanisms
    Currency Exchange                       Legal Aspects
    Digital Cash                            Micropayments
    Digital Receipts                        Network Payments
    Digital Signatures                      Privacy Issues
    Economic Implications                   Regulatory Issues
    Electronic Funds Transfer               Smart Cards
    Electronic Purses                       Standards
    Electronic Voting                       Tamper Resistance
    Electronic Wallets                      Transferability


Instructions for Authors:

Send a cover letter and 9 copies of an extended abstract to be
received by November 29, 1996 to the Program Chair at the address
given below.

The extended abstract should start with the title and an abstract
followed by a succinct statement appropriate for a non-specialist
reader specifying the subject addressed, its background, the main
achievements, and their significance to financial data security.
Submissions are limited to 15 single-spaced pages of 12pt type.
Notification of acceptance or rejection will be sent to authors no
later than January 17, 1997.

Authors of accepted papers must guarantee that their paper will
be presented at the conference.


Proceedings:

Proceedings of the conference will be published online in the Journal
of Internet Banking and Commerce.  Instructions and deadlines for
submission of final papers will be sent along with notification of
acceptance.


Stipends:

A very limited number of stipends may be available to those unable to
obtain funding to attend the conference.  Students whose papers are
accepted and who will present the paper themselves are encouraged to
apply if such assistance is needed.  Requests for stipends should be
addressed to one of the General Chairs.


Registration:

Conference registration and information on travel, hotels, and
Anguilla itself is available at URL http://www.offshore.com.ai/fc97/.


Workshop:

A workshop, intended for anyone with commercial software development
experience who wants hands-on familiarity with the issues and
technology of financial cryptography, is planned in conjunction with
FC97, to be held during the week preceding the conference.  For
further information, please contact one of the General Chairs.


Send Submissions to:

Rafael Hirschfeld
FC97 Program Chair
CWI
Kruislaan 413
1098 SJ Amsterdam
The Netherlands
email: ray at cwi.nl
phone: +31 20 592 4169
fax: +31 20 592 4199


Program Committee:

Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA
Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA
Rafael Hirschfeld, CWI, Amsterdam, The Netherlands
Arjen Lenstra, Citibank, New York, NY, USA
Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA
Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA
Charles Merrill, McCarter & English, Newark, NJ, USA
Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA
Sholom Rosen, Citibank, New York, NY, USA
Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA


General Chairs:

Robert Hettinga, Shipwright, Boston, MA, USA
   email: rah at shipwright.com
Vincent Cate, Offshore Information Services, Anguilla, BWI
   email: vince at offshore.com.ai


Conference, Exhibits, and Sponsorship Manager:

Julie Rackliffe, Boston, MA, USA
   email: rackliffe at tcm.org


Workshop Leader:

Ian Goldberg, Berkeley, CA, USA
   email: iang at cs.berkeley.edu


Financial Cryptography '97 is held in cooperation with the
International Association for Cryptologic Research.

Those interested in becoming a sponsor of FC97 or in purchasing
exhibit space, please contact the Exhibits and Sponsorship Manager.

A copy of this call for papers as well as other information about the
conference will be available at URL http://www.cwi.nl/conferences/FC97.


--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From jya at pipeline.com  Mon Nov 18 06:10:27 1996
From: jya at pipeline.com (John Young)
Date: Mon, 18 Nov 1996 06:10:27 -0800 (PST)
Subject: DOO_dad
Message-ID: <1.5.4.32.19961118140818.0069e60c@pop.pipeline.com>


Several pieces on the export of encryption regs, the crypto czar,
Motorola's crypto modem, PGP's buy of PrivNet, and Keytronic's 
finger-ID keyboard.

Professor Denning opines that the HP doodad will include GAK.

-----

http://jya.com/doodad.txt

DOO_dad

----------

The NYT has a long report today on a pedophile computer racket 
run from a prison. With details on how investigators were able to
break through hard drive security and use DejaNews to track a 
suspect. A prison computer business was used to cloak the kiddy
pixels. Red flags the Internet's lurid prospects compared to the virtues
of do-me-dads like the Times.

see: www.nytimes.com







From jkroeger at squirrel.owl.de  Mon Nov 18 06:15:54 1996
From: jkroeger at squirrel.owl.de (Johannes Kroeger)
Date: Mon, 18 Nov 1996 06:15:54 -0800 (PST)
Subject: Squirrel goes Mixmaster-only
Message-ID: <19961118140419.21236.qmail@squirrel.owl.de>


-----BEGIN PGP SIGNED MESSAGE-----

Hello remailer users!

I'm sorry, but my ISP complained that the huge mail traffic for
squirrel overloaded their servers.  Effective immediately, my remailer
accepts only Mixmaster packets and is not listed in Raph's type-1
statistics anymore.  The operation of the nym server at weasel.owl.de
is not affected.


Regards,
Johannes

- -- 
Johannes Kroeger		<jkroeger at squirrel.owl.de>
Send me mail with subject "send pgp-key" to get my PGP key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQEVAgUBMpBs1bwPSJ4oQv5pAQF3Agf/UYmh1P7DM0Wqy9Dzoq/e0jZdvcTDHpNH
2MFohAmU1rYn0tKCRW1jUDkG8ULAmfM4HY+aSdKwoihndLL4wTRkhzcl2qePVx6L
69ZEs7EpTLpdiFuTAvIvAD8AInqRZY1WgKII9jk7gccU379gl8nxDZtlIyA89jrG
795R8QWysQs5zfyQ4VtS2s94ZchFJD+Wp5u6fsVhzklsjxwb43EdVZ4/dPUFo7nO
azctBYNpWdJBW2Rf81zQDE2OPPs+2kXcvDXU/cg64gtGVGf+8okysEr2fEqdVkFe
yQsFvpNngaClUSu6xxMIJXiTy3WlbEYXceQE6hUGStq/PkhqKxkqYQ==
=nAT3
-----END PGP SIGNATURE-----





From frogfarm at yakko.cs.wmich.edu  Mon Nov 18 06:37:40 1996
From: frogfarm at yakko.cs.wmich.edu (Damaged Justice)
Date: Mon, 18 Nov 1996 06:37:40 -0800 (PST)
Subject: Cpunks Frog Forwards discontinuation
Message-ID: <199611181437.JAA22942@yakko.cs.wmich.edu>


 
I will be discontinuing my "Cpunks Frog Forwards" filtering service within
one week of the announcement of Perry Metzger's new crypto list, and possibly
sooner if my patience runs out, because 1) I have too many other things to
take care of in my life, 2) there really isn't as great a need for it anymore
due to the number and variety of other filtering services, and 3) my sanity
is being stretched to its limits having to wade through the mountains of
bullshit that now infest my inbox, even with procmail's kindly assistance.
Perry was right: Cypherpunks has become a sewer. As Robert Anton Wilson said,
"Only a sewer accepts everything."
 
Here is a list of the other filtering services I am currently aware of:
 
 o Alan Clegg runs an UNMODERATED cypherpunks digest, which only reduces the
   the volume of separate messages. Subscribe by mailing to
 
    majordomo at gateway.com
 
    (Standard majordomo list -- send "help" in the body for information.)
 
 
 o Eric Blossom runs a commercial "Cypherpunks Lite" for a modest fee,
   approximately 20.00US/year. Mail eb at comsec.com for more info. For a
   sample, read the archive at
 
   ftp://ftp.crl.com/users/co/comsec/cp-lite
 
 
 o Ray Arachelian runs a free filtering service, sticking mostly to news
   and technical stuff with a few other tidbits thrown in. Mail
 
   sunder at dorsai.dorsai.org
 
   for more info, or to be added.
 
 
See you all on the other side.
 
"Cypherpunks write code."
 
--
I let go of the law, and people become honest /  I let go of economics, and
people become prosperous / I let go of religion, and people become serene /
I let go of all desire for the common good,  and the good becomes common as
grass.    .oOo.    [Tao Te Ching, Chapter 57, Stephen Mitchell translation]






From dthorn at gte.net  Mon Nov 18 06:40:05 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 18 Nov 1996 06:40:05 -0800 (PST)
Subject: Does John Gilmore...
In-Reply-To: <199611181045.IAA00935@prometheus.hol.gr>
Message-ID: <329074F1.6E87@gte.net>


George A. Stathis wrote:
> At 08:04 �� 17/11/1996 -0500, Black Unicorn wrote:

[snip]

> "Heaven is a place policed by the English, cheered-up by the the Greeks,
>  and organized by the Germans. Hell is a place organized by the Greeks,
>  policed by the Germans, and cheered-up by the English."

Well, welcome to Hell, George [hee hee].






From raph at CS.Berkeley.EDU  Mon Nov 18 06:52:57 1996
From: raph at CS.Berkeley.EDU (Raph Levien)
Date: Mon, 18 Nov 1996 06:52:57 -0800 (PST)
Subject: List of reliable remailers
Message-ID: <199611181450.GAA03113@kiwi.cs.berkeley.edu>


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list at kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys at kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list at kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail at miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster at remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer at replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias at alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod at nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix at zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer at remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack at holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer at dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer at cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{'nym'} = '<config at nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer at huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix at squirrel.owl.de> cpunk mix pgp hash latent cut ek";
$remailer{"middle"} = "<middleman at jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias at alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman at athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config at weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x at deathsdoor.com> cpunk pgp hash latent post";
$remailer{"reno"} = "<middleman at cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?";
catalyst at netcom.com is _not_ a remailer.
lmccarth at ducie.cs.umass.edu is _not_ a remailer.
usura at replay.com is _not_ a remailer.
remailer at crynwr.com is _not_ a remailer.

nym.alias.net is back up.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the nym or weasel (newnym style) nymservers.

The cyber nymserver is quite reliable for outgoing mail (which is
what's measured here), but is exhibiting serious reliability problems
for incoming mail.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. This seems to be fixed now.

The penet remailer is closed.

Last update: Mon 18 Nov 96 6:48:35 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
jam      remailer at cypherpunks.ca          * **********    14:29  99.94%
balls    remailer at huge.cajones.com        - **********     5:32  99.81%
replay   remailer at replay.com              - **++******     9:22  99.69%
haystack haystack at holy.cow.net            - ***#***--#    24:20  99.57%
cyber    alias at alias.cyberpass.net        - +**+  ++**    37:22  99.46%
weasel   config at weasel.owl.de                  ++-++-   2:11:49  99.16%
middle   middleman at jpunix.com             - -.- * +--   1:53:39  98.71%
lead     mix at zifi.genetics.utah.edu         +++++++++*    35:42  98.50%
squirrel mix at squirrel.owl.de              - ++--+-++    2:19:11  98.29%
reno     middleman at cyberpass.net                 +*--   1:16:19  98.24%
lucifer  lucifer at dhp.com                  - + ++++++++    42:33  98.05%
mix      mixmaster at remail.obscura.com     - -+..+++++-  2:00:45  96.31%
nym      config at nym.alias.net                 #*  *#*#      :42  95.87%
extropia remail at miron.vip.best.com        .---------    9:21:36  92.07%
dustbin  dustman at athensnet.com            -  -++--      3:39:00  69.30%
exon     remailer at remailer.nl.com                   ##  7:06:33  41.67%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien





From sandfort at crl.com  Mon Nov 18 07:09:18 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 18 Nov 1996 07:09:18 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <199611180713.XAA26863@mailmasher.com>
Message-ID: <Pine.SUN.3.91.961118063411.10538D-100000@crl8.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:

> >> Informally, I don't know anybody who has suffered due to a loss of
> >> privacy.
> >
> >Your circle of associations must be limited.
> 
> Examples [of people who have suffered due to loss of privacy]?

Phil Zimmermann often tells the story of a woman whose marriage
was destroyed by the revelation of a long-past indiscretion. 
After her husband divorced her, she committed suicide.

Any number of celebrities have been stalked, attacked and even
killed by obsessed fans who found them through public records.

Every year, children and business executives are kidnapped for
ransom.  The proximate cause of these kidnappings is a breach in
privacy about the whereabouts and schedules of the victim.  

Hitler's gun registration in Germany allowed the Jews to be
disarmed.  I'm sure you are aware of the ultimate consequences
of that little invasion of privacy.

The US Post Office co-operated in the identification and 
imprisonment of people of Japanese ancestry during the second
world war.

The problem with having a whole lot of private information about
you floating around in public is not what damage it can do to you
now, but rather the problems it potentially could cause in the
future.  Just about everyone on this list has been to university.
Not long ago, a college education was essentially a death warrant 
in Cambodia.  Prior to that, a degree was considered a good thing
there.  People saw no reason to hid the fact that they had been
in school.  Trouble is, things changed.

And the trouble today is that things can change now, too.  Think
about the things that you have publicly done or advocated.  Even
if they are as legal as church on Sunday NOW, how comfortable 
will you be about them if there is extreme right or left takeover
in the future?  Start to get the picture?


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From k-hamer at ntx1.cso.uiuc.edu  Mon Nov 18 07:19:27 1996
From: k-hamer at ntx1.cso.uiuc.edu (Kenneth L. Hamer)
Date: Mon, 18 Nov 1996 07:19:27 -0800 (PST)
Subject: NT insecurity
Message-ID: <c=US%a=_%p=UIUC%l=NTX1-961118152200Z-47@ntx1.cso.uiuc.edu>


Really?  Could you provide a reference for this assertion?  What is the
name of the "password file"?  Where is it located on the disk?

I'd be very interested to try this out on one of my test systems,
especially if it is true.  But my experiences with corrupted registry
hives leads me to believe you are incorrect.  NT usually does nothing so
nice when it's registry is corrupted.  That's why we keep "emergency
repair disks" around 8-).
- Ken

>----------
>From: 	Adamsc at io-online.com[SMTP:Adamsc at io-online.com]
>Sent: 	Monday, November 11, 1996 9:36 PM
>To: 	cypherpunks
>Subject: 	BoS: NT insecurity
>
>Given the recent comments about insecure machines, I thought it was
>interesting to note that you can clear *every* password on an NT box by
>using
>a diskeditor to corrupt the password file (Boot off of a floppy and use
>NTFSDOS if you have to).  It'll reboot several times and then you'll be
>allowed to login.
>
>#  Chris Adams <adamsc at io-online.com>   |
>http://www.io-online.com/adamsc/adamsc.htp
>#  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
>"That's our advantage at Microsoft; we set the standards and we can
>change them."
>   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review
>editorial)
>
>





From aga at dhp.com  Mon Nov 18 07:29:15 1996
From: aga at dhp.com (aga)
Date: Mon, 18 Nov 1996 07:29:15 -0800 (PST)
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <199611171834.KAA14867@patty.loop.net>
Message-ID: <Pine.LNX.3.95.961118101854.21676O-100000@dhp.com>


On Sun, 17 Nov 1996, Sven wrote:

> Date: Sun, 17 Nov 1996 10:34:13 -0800
> From: Sven <sven at loop.com>
> To: aga <aga at dhp.com>
> Cc: cypherpunks at toad.com
> Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
> 
> 
> >> 	I have a suggestion...  How 'bout if everybody on this list dropped
> >> a procmail configuration that mailed aga at dhp.com and postmaster at dhp.com
> >> a copy of every message that originated from aga at dhp.com?  Do you think
> >> he would start to "get it" then?
> 

That cocksucker is not dumb enough to try that.  It is him who
will get terminated after I talk with his postmaster.


> Why are these people so uptight?
> 
> Sven
> 
> 

Maybe because John Gilmore is a faggot and takes it up
the ass.  That was the real reason behind the clash.  Dr. Vulis
just does not like Faggots, and Gilmore has admitted to being queer.
The one thing must be said about the Internet is that Faggots are
not allowed to have any Authority positions, and this John Gilmore
Faggot violates that rule.

Never trust anybody who does not fuck cunt.

-aga








From csa at netmaine.com  Mon Nov 18 08:08:47 1996
From: csa at netmaine.com (CSA Administration)
Date: Mon, 18 Nov 1996 08:08:47 -0800 (PST)
Subject: Command confirmation request (057CCA)
Message-ID: <9611181604.AA23932@wicked.netmaine.com>


ok





From jya at pipeline.com  Mon Nov 18 08:21:02 1996
From: jya at pipeline.com (John Young)
Date: Mon, 18 Nov 1996 08:21:02 -0800 (PST)
Subject: TIS + HP
Message-ID: <1.5.4.32.19961118161849.006a3b98@pop.pipeline.com>


A blurb in the Wash Post today says that the HP roll-out
this morning will include TIS's "trusted third party" product.
"One essential ingredient in the equation: technology
developed by TIS. TIS is so far the only company that has 
received permission to export encryption technology 
overseas that exceeds the government's existing 
threshold."

Guess we'll know shortly who else in the System is to be 
Trusted with Information -- other than Thirds, Fourths and
other Dots and Steves.








From jya at pipeline.com  Mon Nov 18 08:44:36 1996
From: jya at pipeline.com (John Young)
Date: Mon, 18 Nov 1996 08:44:36 -0800 (PST)
Subject: POC_ket
Message-ID: <1.5.4.32.19961118164214.006e9e00@pop.pipeline.com>


WaJo reports today on IBM's tiny pocket computer that
transmits data through the body -- to another body or to
a device such as a telephone. Invented by Tom Zimmerman,
formerly of the Media Lab, it can tell "anything you touch
who you are." Being shown at Comdex.

The body as a token. How to crack a human? Grab and 
squeeze out a pass phrase.

-----

http://jya.com/pocket.txt

POC_ket







From paul at fatmans.demon.co.uk  Mon Nov 18 08:50:24 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Mon, 18 Nov 1996 08:50:24 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly N
Message-ID: <848332398.56610.0@fatmans.demon.co.uk>


 
> If you do not send it to me by e-mail, I will never see it.
> Why are you so paranoid that someone is reading your e-mail?
> I never do anything criminal, so I could give a shit less if
> everybody reads all of my fucking mail.

I was trying hard not to get into this thread as it is basically just 
one long flamewar that is getting out of control but I have to 
comment here:

There need be no reason for paranoia. I don`t call it paranoia, I 
call it constant vigilance, to demonize it is a statist position and 
tries to ostricise those who protect their privacy. 

Whether you do anything criminal or not is not the point. Indeed I 
would say that 90-95% of encryption usage is for perfectly legal 
purposes, and only about 0.1% of encrypted material is concerned with 
unethical acts rather than illegal acts. The point is you should 
retain the right to protect your privacy. 
Sure, it`s not illegal to  put forward anarchist arguments in mail today, 
but do you really want your company boss knowing about it? 
 I personally don`t work - I`m a student so it doesn`t matter to me, 
but whether it is right that your employement and political views should 
affect each other they do, so you should be able to protect yourself 
with technology...




 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From jfricker at vertexgroup.com  Mon Nov 18 09:00:52 1996
From: jfricker at vertexgroup.com (John Fricker)
Date: Mon, 18 Nov 1996 09:00:52 -0800 (PST)
Subject: ideal secure personal computer system
Message-ID: <19961118170052753.AAA87@dev.vertexgroup.com>


>Bill Frantz (frantz at netcom.com) said something about RE: ideal secure personal computer system on or about 11/17/96 5:37 PM

>(Note that even if it only runs with a user's privileges, a Trojan horse
>will have no problem stealing e.g. that user's PGP secret key ring.  Not
>everything of value is in system files.  

True enough.

>Question, can a user-level Trojan
>horse insert itself as a keyboard monitor and get the PGP pass phrase as
>well?)

In the September 95 issue of NT Developer Richard Wright describes an NT Key Log Service (started as a challenge after his wife threatened to password protect the familiy accounting software <g>). Source code for such a trojan is provided.

Note that the Login screen is *never* hooked.

There must be a way to walk the chain of system hooks. I'll let you know when I find it as that would be the key to writing a detector.


--j
-----------------------------------
| John Fricker (jfricker at vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------






From declan at well.com  Mon Nov 18 09:05:26 1996
From: declan at well.com (Declan McCullagh)
Date: Mon, 18 Nov 1996 09:05:26 -0800 (PST)
Subject: HP crypto-announcement and key recovery, from The Netly News
Message-ID: <Pine.GSO.3.95.961118090444.15248D-100000@well.com>




---------- Forwarded message ----------
Date: Mon, 18 Nov 1996 09:03:25 -0800 (PST)
From: Declan McCullagh <declan at well.com>
To: fight-censorship at vorlon.mit.edu
Subject: HP crypto-announcement and key recovery, from The Netly News

The Netly News
http://netlynews.com/
November 18, 1996

Under Lock And Key Recovery
By Declan McCullagh (declan at well.com)
                                       
        As a non-event, it was a rather well-attended one. This morning
   Hewlett-Packard Co. threw a press conference in Washington, DC to
   announce that it had vaulted the Federal government's export
   restriction hurdles by including "key recovery" technology in its
   encryption products.
   
        At least that's what the press release said. The reality is
   somewhat less exciting: HP's announcement is crypto-vaporware. "We're
   not making any specific announcements of products today," admitted
   Doug McGowan, HP development director.
   
        HP's move comes after competitors such as IBM and DEC stole the
   limelight last month by being the first to buy into the Clinton
   administration's latest key escrow scheme which would allow U.S. law
   enforcement agencies to locate copies of the private keys used to
   encode files and communications. The company's announcement follows a
   presidential executive order signed last Friday codifying the
   administration's "key recovery" proposal unveiled in October, which
   the White House hopes will splinter an industry previously united in
   opposition to Federal regulations governing encryption exports.
   
        HP responded by flying CEO Lew Platt into town today to announce
   a product using plug-in hardware or software "activation tokens" that
   can vary by country -- but Platt admitted that the tokens don't exist
   yet. Rather, he admitted, it's only a product with "a security
   framework built into it" that currently uses woefully-insecure 40-bit
   DES encryption. Eventually, HP hopes to export crypto that's stronger,
   but the company declined to discuss details.
   
        Dave Banisar, a policy analyst at EPIC, says such a system would
   be "worse" than current policy. "It's got this new detection system in
   it that requires monitoring of your crypto use and program use to
   determine what the national government says is correct," he says.
   
        The "key recovery" technology HP licensing is likely to come from
   Trusted Information Systems Inc., a company founded by former NSAers
   that still enjoys close ties to the spook community. TIS's Commercial
   Key Escrow uses the 56-bit Data Encryption Standard and so was cleared
   for export on January 18, 1996.
   
       "This is the first step toward implementing key recovery. That's a
   policy that's just not going to solve the privacy problem for Internet
   users," says Alan Davidson, staff counsel for the Center for Democracy
   and Technology. "This is the first step on that road toward building
   key recovery for the world. It's a very dangerous thing."
   
        Clinton's executive order is carefully crafted to counter the
   three strategies that crypto privacy proponents have devised to kill
   the export rules: the public relations, the judicial and the
   legislative approaches.
   
        Netizens, privacy advocates and high-tech firms rightfully
   blasted the old export policy, which classified crypto as a
   "munition," as a relic of the cold war -- a sentiment with which even
   The New York Times agreed. So Clinton has reclassified it as a
   non-munition, yet the change is in name only: Netscape browsers remain
   subject to export controls.
   
        Several lawsuits are challenging the constitutionality of the old
   export regulations. So Clinton's executive order contains language
   that EFF's John Gilmore says is designed "to evade the current
   lawsuits" by taking aim at some of the legal arguments.
   
        Administration officials spent an unhappy summer on Capitol Hill
   being grilled by senators who were considering legislation to lift the
   crypto export embargo. So Clinton carefully crafted his announcement
   to defuse some of the reasons to pass this legislation when Congress
   returns in January.

       In other words, the White House has been able to answer or deflect
   many issues that netizens have raised in favor of strong encryption.
   But another argument may not be as easy to counter.
   
        Patrick Ball is a senior program associate at the American
   Association for the Advancement of Science who has traveled the globe
   teaching human rights workers how to protect themselves from
   oppressive governments. The stamps on his passport read like a who's
   who of censor-happy regimes: El Salvador, Ethiopia, Haiti, Guatemala,
   South Africa and Turkey. "I have done PGP training in every country
   I've worked in," says Ball.
   
        To Ball, the debate over crypto isn't about civil rights or
   businesses losing export dollars, but over something much more
   fundamental: human rights. He says: "Why do security police grab
   people and torture them? To get their information. If you build an
   information management system that concentrates information from
   dozens of people, you've made that dozens of times more attractive.
   You've focused the repressive regime's attention on the hard disk. And
   hard disks put up no resistance to torture. You need to give the hard
   disk a way to resist. That's cryptography."
   
        And that's a winning argument.

###







From iang at systemics.com  Mon Nov 18 09:12:04 1996
From: iang at systemics.com (Ian Grigg)
Date: Mon, 18 Nov 1996 09:12:04 -0800 (PST)
Subject: Crypto Bounties: Another Thought that crossed my mind.
In-Reply-To: <199611172011.PAA17213@alpha.pair.com>
Message-ID: <3290992F.2781E494@systemics.com>


snow at smoke.suba.com said:
>       Well, I was thinking, what if a "Crypto Software Bounty Server"
>  were set up, so that someone could propose a tool that they would like
>  to see, along with an initial bounty. Others could contribute toward that
>  bounty (anonymously if they wish) until either the tool was delivered.
> 
>       The original issuer sets standards for the software (i.e. "easy to
>  use interface to mixmaster remailers for Macintosh", then must define
>  easy to use; Software considered delivered when in [alpha beta late-beta
>  &etc.]). The first to present software meeting these qualifications gets
>  the bounty, with the caviate that the software must be either gnu-copylefted,
>  or some similar "free use" copyright, after all, "The Net" paid for it...

Hmmm.  This is a one shot game (is that the term?) whereas software
generally has implications that escape a single sale scenario.  For
example, the more difficult the software, the more risk there is that
someone else will beat you, thus lowering the real risk-adjusted payoff
dramatically.   For this reason, more complex stuff would need some sort
of contract+reputation scenario that allows a repeating game to work.

A contractual alternative could work like this.  I (the initial desirer)
write a contract specifying my requirements.  I publish this as a market
tender, where other desirers can contribute funds, and this becomes a
cumulative sum that grows.  Programmers can offer to supply by naming a
price.  The market clears when the pot of desire equals or exceeds the
lowest offer to supply.

In a simplistic scenario, the contract is now sealed and the work is
done and paid for.

In order to overcome project failure, I could write my contract as a
multi-supplier seed project (often done by governments).  That is, the
pot gets shared around, say, the three best alternatives.  Once
supplied, all are free to pick from the alternatives.

In order to overcome the low silly bid, somehow reputation would have to
be built into the market.  That is, your efforts in the past as
programmer will cause your solution to be better valued than mine.

So perhaps we should turn this around.  Programmers would write
contracts to supply the given requirements at clearance+T, also
specifying the clearance price.  Your price is 2000 for the widget, mine
is 1000.  (That makes three contracts, a widget spec, my work plan and
your work plan.)  The market (the desirers) would then push funds back
and forth between the two until it became clear that one or the other
cleared.  As more pressure increases, more funds pour in.

Then, deliverables could be phased, with monies similarly phased, so
that the market has a chance to monitor.  Now, if it is not delivered,
reputation suffers, and you have to lower your price for the next job
(or hide in shame).

There's a lot of aspects of newbies and switching funds that I havn't
really thought through here.  However, I like this viewpoint because it
eliminates the need for judges.  History shows that a good market
microstructure will beat an authority approach in the long run.

Also note that if you drop the free software assumption, and make it,
say, moneyware, then the market becomes much more workable - the asset
being traded is a share of future revenues.  This has more ramifications
than might be obvious:  Propose a market to write a GAK killer for
e$10,000.  If it clears and is built, is the Dept. of Justice forced to
buy the rights out?

> Has anything like this been proposed before?

I don't know if this has been proposed before, but it is a logical
conclusion of the CP world.  If the Internet transaction costs make
single-person economic entities the most efficient unit in the machine,
and e$ in all its forms provides the oil, then we need some way to
connect up the parts for grand projects where there are hard cash
incentives.  There has to be some mechanism to distribute that cash in
the most efficient manner to produce the result.

BTW, this is a here and now issue, not a hypothetical future.  We have
already found that there is too much work on our plate, and limited
efficiency in farming it out.  Others may have found the same.

-- 
iang
iang at systemics.com





From paul at fatmans.demon.co.uk  Mon Nov 18 09:52:35 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Mon, 18 Nov 1996 09:52:35 -0800 (PST)
Subject: Members of Parliament Problem
Message-ID: <848332398.56609.0@fatmans.demon.co.uk>



> I don't quite follow how this would work.  If Trent issues a blind
> signature, then that means (doesn't it?) that he doesn't see what he
> is signing.  So how can he confirm that the message is actually from
> a member of the group when he doesn't see it?

I should have elaborated a little on this.

My idea was that trent should be able to decrypt the message and 
verify it was meaninful (at least probably so) by some form of 
frequency analysis, as he would be a computer program this would not
be a significant time loss in a system with few users (such as 
parliament as suggested with the initial problem)
if the resulting message didn`t have approximate 
frequency distributions of letters you would expect in natural 
langauge or source code or whatever the message would not be 
published as it is probably an invalid key being used thus decrypting 
to garbage. A better way to do all this would probably just be to 
have Bob sign the message then Trent strip the signature before 
signing it himself but I just dashed this off as a quick response 
without really thinking it through. A nicer protocol would be one 
where the key distribution is easier initially (isn`t this always the 
case ;-)) or even a protocol which isn`t arbitrated, like your reply 
said Chaum mentions protocols for this.



 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From tcmay at got.net  Mon Nov 18 09:53:19 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 18 Nov 1996 09:53:19 -0800 (PST)
Subject: How to Unsubscribe, yet again
In-Reply-To: <01BBD533.96D4D6C0@opw13.optimus.wroc.pl>
Message-ID: <v03007801aeb65341705f@[207.167.93.63]>


At 9:31 AM +0000 11/18/96, Piotr Kunio wrote:
>unsunscribe

I can understand people in other lands having some troubles with many
English words, but one would've thought the constant stream of comments
about the correct spelling of "subscribe" and "unsubscribe" would
eventually get through. Or that people would learn to cut-and-paste from
posted instructions.

Once again, instructions on unsubscribing are included below.

Alas, as usual, those most in need in need of such instructions are the
least likely to ever read these messages.

--Tim





To subscribe to the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: subscribe cypherpunks

To unsubscribe from the Cypherpunks mailing list:

-send a message to: majordomo at toad.com

-body message of: unsubscribe cypherpunks








From gbroiles at netbox.com  Mon Nov 18 09:55:01 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Mon, 18 Nov 1996 09:55:01 -0800 (PST)
Subject: Cypherpunks State of Emergency
Message-ID: <3.0b28.32.19961118095944.007007dc@ricochet.net>


At 06:51 PM 11/16/96 -0800, Tim May wrote:

>And sabotaging the GAK scheme in more devious ways remains an option.

I see several "leverage" points here:

The cards can use either a "dongle" model, similar to that used in ordinary
copy protection, which has to date been a big failure - or they can use an
"on-card processor" model, where the card does the actual crypto
processing. This will be tough to break using the traditional cracking
techniques, but will also be expensive.

And card distribution can be either weak or strict; if it's a weak model
(e.g., cards are sold at Fry's or 7-11 :) or are otherwise easy to come by)
it'll be tough to control their distribution and export. It's a little
easier to control the export of chips than to control the export of
software, but neither is easy. And strict distribution will cost an
enormous amount of time and money as some agency or another is deputized or
created to check credentials, keep records, issue keycards, charge fees,
and so forth.

If cards are easy to come by, requiring them won't be much of a deterrent
to the use of strong crypto; the people the government is supposedly trying
to keep from using crypto (terrorists, spies, etc) are already accustomed
to keeping and purchasing things which are forbidden. If cards are
difficult to come by, that's a big hole waiting for someone to fill with
software crypto, or software tricks to get around the hardware requirements. 

One bug/feature I suspect we'll see will be the inclusion of the keycard's
ID in every message that it signs, facilitating detection of unauthorized
use and traffic analysis. Without this, the scheme seems entirely futile.
(Which is not to say that the US Government hasn't done some futile things
:), but ..) Another likely feature is an expiration date, such that the
cards stop working after X months and the owner must go to the Bureau of
Crypto Control and show his/her credentials and exchange the old card for a
new one. Of course, if you've got outstanding warrants or haven't filed
your taxes or are in arrears for child support or are a "foreign person" or
have been saying illegal/controversial things with your crypto card, well,
perhaps you won't feel like going down to the BCC after all. 

So they're going to have to find a way to make the cards easy/cheap enough
to get that many people will adopt them; but they have to be
expensive/difficult enough to get that people won't want to "lose" them,
lest they fall into the hands of the wrong people. And that seems like a
difficult task, especially if opponents of the scheme continue to provide
cheap/free software-only solutions. And, as always, folks not subject to
the US export regulations won't need to fuss with all of this regulatory
bullshit, and can produce strong software-only crypto, or drop-in
replacements for the "policy chips" which are distributed without
government control. 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles at netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 





From alan at ctrl-alt-del.com  Mon Nov 18 09:57:15 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Mon, 18 Nov 1996 09:57:15 -0800 (PST)
Subject: TIS + HP
Message-ID: <3.0b36.32.19961118095521.00dec794@mail.teleport.com>


At 11:18 AM 11/18/96 -0500, John Young wrote:
>A blurb in the Wash Post today says that the HP roll-out
>this morning will include TIS's "trusted third party" product.
>"One essential ingredient in the equation: technology
>developed by TIS. TIS is so far the only company that has 
>received permission to export encryption technology 
>overseas that exceeds the government's existing 
>threshold."
>
>Guess we'll know shortly who else in the System is to be 
>Trusted with Information -- other than Thirds, Fourths and
>other Dots and Steves.

With TIS bending over for the big GAK Monster in so many ways, it brings up
a question...  (A probibly off-topic one...)

Does anyone know of intentional GAK-like holes put in their Firewall
Toolkit?  They distribute it for free and distribute source, but with their
record i have little trust in the matter...  (Better yet, does anyone have
suggestions for Firewall code that will run under Linux or FreeBSD?)



---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From jya at pipeline.com  Mon Nov 18 10:00:09 1996
From: jya at pipeline.com (John Young)
Date: Mon, 18 Nov 1996 10:00:09 -0800 (PST)
Subject: BIS_sez
Message-ID: <1.5.4.32.19961118175738.006c97e0@pop.pipeline.com>


   11-18-96. FiTi:

   "Electronic money threat to central banks"

      A report issued today by the BIS says that innovations
      such as "electronic purses" or "digital cash" used over
      the Internet could erode central banks' income.
      "However, if issuance of e-money is limited to banks,
      the regulatory framework already in place can be
      extended to cover the new products, but competition and
      innovation might be more limited."

   -----

   http://jya.com/bissez.txt

   BIS_sez








From hal at rain.org  Mon Nov 18 10:09:19 1996
From: hal at rain.org (Hal Finney)
Date: Mon, 18 Nov 1996 10:09:19 -0800 (PST)
Subject: HP proposal available
Message-ID: <199611181809.KAA27124@crypt.hfinney.com>


HP has put up info on its crypto proposal at http://www.hp.com/go/icf.
You can also try http://www.dmo.hp.com/gsy/security/icf/main.html if that
URL is slow.

The basic idea is what we had been speculating, their old
"International Cryptography Framework" based on hardware crypto cards.
It has now been given government approval, which is no big surprise
since the system looks like it's been designed by fed bootlickers.

The claim of other companies signing on is less impressive than it
sounds.  They're using Microsoft's Crypto API, and of course Microsoft
would like plenty of companies to use it.  Intel offers to build some
hardware, which is more business for them.  "Netscape and VeriFone are
exploring a wide range of uses for ICF technology."  That's all they
say about those companies.  This is hardly a commitment; Netscape and
other companies generally keep abreast of everything happening in the
field to keep their options open.  So this is not a resounding
endorsement.

The one good thing about the plan is that since it is very complicated
and requires specialized hardware, we probably won't see any impact from
it for years.  Hopefully it will be obsolete before it can be deployed.

The plan itself is an NSA wet dream.  Not only do you need a token
from Big Brother to activate the crypto in your computer (the token
can be hardware or software, but the crypto card itself apparently
must be hardware), it's also necessary for any application which wants
to use crypto to supply an application specific certificate to the card.
This lets the law enforcement bureaucrats not only determine who gets to
use crypto, but which applications get access to it.  If you want to build
an app which will use crypto you'll have to get permission from the
authorities in order for them to give you a certificate which you can
compile in to let your app run.

The one thing which was not clear was how much of these rules would apply
within the U.S.  In fact notably missing from the press release, white
paper, overviews, slides, etc. on the web site was any discussion of civil
liberties impact.  It certainly was not listed as one of the considerations
in the design of the system.

Overall, I'd say this is just HP trumpeting the unsurprising government
approval of their ICF system and turning it into a press event by providing
some lukewarm "endorsements" from well known companies.  This system looks
to me like it's got a long way to go before it becomes a widely used
standard.

Hal





From aga at dhp.com  Mon Nov 18 10:20:11 1996
From: aga at dhp.com (aga)
Date: Mon, 18 Nov 1996 10:20:11 -0800 (PST)
Subject: NO commo to "Faggot" cypherpunk list
In-Reply-To: <848332398.56610.0@fatmans.demon.co.uk>
Message-ID: <Pine.LNX.3.95.961118131031.6951B-100000@dhp.com>


On Sun, 17 Nov 1996 paul at fatmans.demon.co.uk wrote:

> Date: Sun, 17 Nov 1996 15:01:52 +0000
> From: paul at fatmans.demon.co.uk
> To: aga <aga at dhp.com>
> Cc: cypherpunks at toad.com
> Subject: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly N
> 
>  
> > If you do not send it to me by e-mail, I will never see it.
> > Why are you so paranoid that someone is reading your e-mail?
> > I never do anything criminal, so I could give a shit less if
> > everybody reads all of my fucking mail.
> 
> I was trying hard not to get into this thread as it is basically just 
> one long flamewar that is getting out of control but I have to 
> comment here:
> 
> There need be no reason for paranoia. I don`t call it paranoia, I 
> call it constant vigilance, to demonize it is a statist position and 
> tries to ostricise those who protect their privacy. 
> 
> Whether you do anything criminal or not is not the point. Indeed I 
> would say that 90-95% of encryption usage is for perfectly legal 
> purposes, and only about 0.1% of encrypted material is concerned with 
> unethical acts rather than illegal acts. The point is you should 
> retain the right to protect your privacy. 
> Sure, it`s not illegal to  put forward anarchist arguments in mail today, 
> but do you really want your company boss knowing about it? 

get an anonymous account if you want to do that.

>  I personally don`t work - I`m a student so it doesn`t matter to me, 
> but whether it is right that your employement and political views should 
> affect each other they do, so you should be able to protect yourself 
> with technology...
> 
As I said dude; I no longer respond to any como with the cypherpunks
address in the header.  If you want an answer to your comments,
address your reply to the Freedom-knights list or to me, without
any *punks address in the header.

Any list run by an admitted Faggot is no place where I
will allow an audience.  This is not a reply to your comments.

-aga

> 
>   Datacomms Technologies web authoring and data security
>        Paul Bradley, Paul at fatmans.demon.co.uk
>   Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
>        Http://www.cryptography.home.ml.org/
>       Email for PGP public key, ID: 5BBFAEB1
>      "Don`t forget to mount a scratch monkey"
> 






From gbroiles at netbox.com  Mon Nov 18 10:23:52 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Mon, 18 Nov 1996 10:23:52 -0800 (PST)
Subject: HP announcement
Message-ID: <3.0b28.32.19961118103631.006b5260@ricochet.net>


HP has info on its new crypto stuff on the web now:

<http://www.hp.com/go/security> and
<http://www.hp.com/go/icf>.

It's apparently a crypto coprocessor embedded in a board or chip which
looks for a "policy token" (which is software/data, delivered via network
or smartcard) which is doled out by local "policy servers", "developed and
managed in conformance with national policy". 

Sounds to me like they want to be able to turn off strong crypto the way
they can turn off high-detail GPS during politically/militarily sensitive
events. 

As the press release notes,

"ICF is designed to run any current or future cryptographic algorithms.
Algorithms for key recovery also can be used. "Keys" are strings of
computer code that lock and unlock data. Key recovery is a method that
allows users to unscramble encrypted data if they lose their keys. Users
can decide whether to use key recovery, based on personal needs or domestic
-- or foreign -- government regulations. 

ICF cryptographic units, which can support keys of any length, are
exportable because they are disabled until a Policy Activation Token
activates them again. Policy Activation Tokens can be either a downloadable
software module or a smart card. Policy Activation Tokens trigger
particular algorithms for specific applications, based on needs.
Additionally, ICF adapts easily to current government encryption policies,
new encryption algorithms and changing key-recovery schemes. Customers who
use ICF-based products are offered long-term investment protection, with
rapid flexibility to meet changing needs." 

ICF is "International Cryptography Framework". 

The press release includes quotes from US and French government officials
indicating that the new system will meet their needs.


--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles at netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 





From nobody at cypherpunks.ca  Mon Nov 18 10:52:16 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 18 Nov 1996 10:52:16 -0800 (PST)
Subject: ?????
Message-ID: <199611181848.KAA17573@abraham.cs.berkeley.edu>


Date: Sun, 17 Nov 1996 05:36:00 -0800
To: cypherpunks at toad.com

(John Anonymous MacDonald) apparently wrote:

|Dale Thorn wrote:

|>people on a list are given tools to filter with and reminded on |>occasion
|>how to use them?

|You are the reason, you can't shut up and you have little or nothing |to say. plonk.

I wish I'd said that; my fear is that Dale will take 17 messages to compose his vapid thoughts.

Love you all.





From paul at fatmans.demon.co.uk  Mon Nov 18 10:54:15 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Mon, 18 Nov 1996 10:54:15 -0800 (PST)
Subject: Playing card cryptosystems
Message-ID: <848332390.56562.0@fatmans.demon.co.uk>



> Also I did hear tell that Bruce Schneier was working on a crypto
> algorithm which was designed to work with playing cards, for a book
> which Neal Stephenson is writing.  Presumably painful to use, but
> maybe good plausible deniability, all that you need is a pack of
> cards.

Not even that in fact, there are methods, and I can confirm they work 
because I can do it myself, that allow one to memorize the order of a 
pack of playing cards, some people can even do it with up to 8 packs, 
although this requires a more complicated method. So while encryption 
requires one to have the cards ready (about 8 good riffle shuffles 
will restore a high degree of randomness to a deck) you can keep the 
pad for short messages in your head. But one can do the same with one 
time pads that use other plaintexts as the pad.

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From pcw at access.digex.net  Mon Nov 18 10:56:55 1996
From: pcw at access.digex.net (Peter Wayner)
Date: Mon, 18 Nov 1996 10:56:55 -0800 (PST)
Subject: [QUADRUPLE]-- Rewards for errors in _Digital Cash_
Message-ID: <v02140b1aaeb63bcddb1e@[199.125.128.5]>



I just saw the movie "Ransom" where Mel Gibson gets to be cool
by doubling the reward for the capture of his son's kidnappers.
In that spirit, I'm doubling my reward again. What was once a
reward of $10 for information about a technical error in the
book is now a reward of $40.

Also, I've opened an account with Mark Twain bank so I can pay
the rewards in Digicash. Or, if you prefer First Virtual, I can
handle that as well. Or, if you're old fashioned and want my
signature, you get the proverbial check in the mail.

The details are simple. The first person to report a technical
error in the book gets $40. You're also welcome to make
suggestions for ways to improve the book. I may pay a reward for
these, but I can't make a blanket promise. I'm reaching my
deadline so this offer will only be good until the end of
November,
1996.

So far no one has reported any technical errors. A few have made
suggestions that I've taken. I hope more will continue to offer
suggestions for improving the book because they're a great help
and I will reward them.

Here is the ``fine print'':

1) My decisions on what constitutes an error are final. I could
declare something a ``feature'', not an error. Or I could lump
many errors together and label it ``one''. So if I left out a
page, this could be one error, not 200+ errors in the page
number on all subsequent pages.  But I hope to use this power
benevolently.

2) Technical errors are eligible. Errors in spelling and grammar
aren't. It's just too hard to come up with a logical definition
of correct grammar. Technical errors also involve some amount of
judgement, but I think they are tighter.

3) My decision on who is the ``first'' person to discover an
error is final. I may choose to reward two people who obviously
work independently. I just want to defend against people saying,
"Okay, let's mail him this simulatenously."

4) This offer may be withdrawn at any time. Check my webpage for
details.

5) Copies of the book may be obtained by purchasing them from
1-800-3131277 or from your local bookstore.


Peter Wayner
pcw at access.digex.net
http://www.access.digex.net/~pcw/pcwpage.html
410-433-8275







From m1tca00 at FRB.GOV  Mon Nov 18 11:02:03 1996
From: m1tca00 at FRB.GOV (Thomas C. Allard)
Date: Mon, 18 Nov 1996 11:02:03 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <Pine.SUN.3.91.961118063411.10538D-100000@crl8.crl.com>
Message-ID: <199611181857.NAA23775@bksmp2.FRB.GOV>


> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                           SANDY SANDFORT
>  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> 
> C'punks,
> 
> On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:
> 
> > >> Informally, I don't know anybody who has suffered due to a loss of
> > >> privacy.
> > >
> > >Your circle of associations must be limited.
> > 
> > Examples [of people who have suffered due to loss of privacy]?
> 
[Sandy's list of examples elided for space]
>  S a n d y
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And here's a new one from today's (11/18/96) New York Times:

For complete story, see:
http://www.nytimes.com/yr/mo/day/news/national/child-pornographer.html


On Prison Computer, Files to Make Parents Shiver By Nina Bernstein

For two years, the Federal Bureau of Investigation has been looking into
a computer programming and telemarketing business that is run by inmates
at a Minnesota prison after agents seized child pornography files.

  -30-

The story explains how investiagtors found not just child pornography, but 
a list of names, ages, personal details ("latchkey kids," "speech 
difficulties," etc.) of children "most[ly] girls between 3 and 12" 
alphabetized by town and coded by map coordintates.


rgds-- TA  (tallard at frb.gov)
I don't speak for the Federal Reserve Board, it doesn't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D







From m5 at tivoli.com  Mon Nov 18 11:28:26 1996
From: m5 at tivoli.com (Mike McNally)
Date: Mon, 18 Nov 1996 11:28:26 -0800 (PST)
Subject: HP announcement
In-Reply-To: <3.0b28.32.19961118103631.006b5260@ricochet.net>
Message-ID: <3290B876.5142@tivoli.com>


Greg Broiles wrote:
> 
> HP has info on its new crypto stuff on the web now:

One of the subheadings in the white paper: "Toward a New Commercial
Order."  Ya gotta love it.

A lot of the security (that is, "security" from the point of view of
nervous Federales) seems to rely on certificates and tokens that are
supposedly spoof-proof (I guess).  Looks to me as if application 
certificates will be rather difficult to protect from being "abused".
It's also not clear to me how they'd prevent my flying to Luxembourg,
getting a Policy token that allows any & all crypto functions, and
then flying my butt back to Singapore for an encryption party.


______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!





From tcmay at got.net  Mon Nov 18 11:34:40 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 18 Nov 1996 11:34:40 -0800 (PST)
Subject: POC_ket
In-Reply-To: <1.5.4.32.19961118164214.006e9e00@pop.pipeline.com>
Message-ID: <v03007803aeb669e1c21e@[207.167.93.63]>


At 11:42 AM -0500 11/18/96, John Young wrote:
>WaJo reports today on IBM's tiny pocket computer that
>transmits data through the body -- to another body or to
>a device such as a telephone. Invented by Tom Zimmerman,
>formerly of the Media Lab, it can tell "anything you touch
>who you are." Being shown at Comdex.


Brings new meaning to "Reach out and touch someone."


To make some crypto points, I watched the H-P/Intel/Microsoft CFT press
conference...the Intel guy, Ron Smith, was someone I worked with several
times in the 1980s.

One of the very troubling concerns is the blithe acceptance by all
commentators I saw on how natural it is that "policy cards" would be based
on whatever governments decided was OK. No libertarian or anarchist views
were heard. It was just sort of tacitly accepted that if, for example,
Saudi Arabia wanted to ensure that women could not use the new system, an
appropriate policy card would be denied to women, and that card vendors
would set the gender bit appropriately.

(This was not an example used, but it of course is a reasonable example of
what Muslim countries will do....not to start a flame war, these comments,
but just to point out that many or even most uses of "policy cards" will be
for uses we in the West consider unacceptable.)

I'm also very concerned that ubiquitous use of CFT means a shift to
"machine-centric" key models. Instead of being able to have ephemeral
public keys for various uses, the model assumes basically a simple
machine-to-machine communications model. "Throwaway keys" are not likely.

Now the issue is going to be to what extent the CFT technology displaces
other models, or even whether non-policy card models are restricted or
banned.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From nobody at huge.cajones.com  Mon Nov 18 11:53:40 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 11:53:40 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <199611181953.LAA05242@mailmasher.com>



At 6:55 AM 11/18/1996, Sandy Sandfort wrote:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>                          SANDY SANDFORT
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
>C'punks,
>
>On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:
>
>> >> Informally, I don't know anybody who has suffered due to a loss of
>> >> privacy.
>> >
>> >Your circle of associations must be limited.
>> 
>> Examples [of people who have suffered due to loss of privacy]?
>
>Phil Zimmermann often tells the story of a woman whose marriage
>was destroyed by the revelation of a long-past indiscretion. 
>After her husband divorced her, she committed suicide.

Deceiving your spouse is not a good reason to protect your privacy.

>Any number of celebrities have been stalked, attacked and even
>killed by obsessed fans who found them through public records.

Unfortunately most readers of this list do not have this problem.

>Every year, children and business executives are kidnapped for
>ransom.  The proximate cause of these kidnappings is a breach in
>privacy about the whereabouts and schedules of the victim.  

Or this problem.

>Hitler's gun registration in Germany allowed the Jews to be
>disarmed.  I'm sure you are aware of the ultimate consequences
>of that little invasion of privacy.

Not a bad example, but genocide happens rarely.

Those alert enough to protect their privacy in advance might be alert
enough to get out in time, anyway.

Subjective utility: low.

>The US Post Office co-operated in the identification and 
>imprisonment of people of Japanese ancestry during the second
>world war.

97,000 victims over a ~100 year period.  Doesn't really show up on the
scope, sorry.  (Plus downside bad, but few were murdered.)

>The problem with having a whole lot of private information about
>you floating around in public is not what damage it can do to you
>now, but rather the problems it potentially could cause in the
>future.  Just about everyone on this list has been to university.
>Not long ago, a college education was essentially a death warrant 
>in Cambodia.  Prior to that, a degree was considered a good thing
>there.  People saw no reason to hid the fact that they had been
>in school.  Trouble is, things changed.
>
>And the trouble today is that things can change now, too.  Think
>about the things that you have publicly done or advocated.  Even
>if they are as legal as church on Sunday NOW, how comfortable 
>will you be about them if there is extreme right or left takeover
>in the future?  Start to get the picture?

These things CAN happen.  Will they happen?  Odds are low.

BTW, are you operating under your True Name?







From nobody at huge.cajones.com  Mon Nov 18 11:57:39 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 11:57:39 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <199611181957.LAA05941@mailmasher.com>



At 8:38 PM 11/17/1996, Huge Cajones Remailer wrote:
>Before we complete your school assignment for you how about letting us 
>all know the due date and the credit value first.
>
>On Sat, 16 Nov 1996, Huge Cajones Remailer wrote:
> 
>> Privacy is a hassle.  Is it worth it?
>> 
>> Which unfortunate situations does privacy prevent?  What are the odds
>> that they will occur?  How much effort will it take to prevent these
>> outcomes?  As a model, use the present and future situation of a
>> typical reader of this list.

Insult is not enlightening.

URL?  Book?







From nobody at cypherpunks.ca  Mon Nov 18 12:06:06 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 18 Nov 1996 12:06:06 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <199611182000.MAA23957@abraham.cs.berkeley.edu>



At 11:13 PM 11/17/1996, Huge Cajones Remailer wrote:
> Examples?

How about the draft?  The privacy protected child has options the
others do not.  Legal risk okay - beats getting shot.

diGriz







From aba at dcs.ex.ac.uk  Mon Nov 18 12:10:09 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Mon, 18 Nov 1996 12:10:09 -0800 (PST)
Subject: Computer CPU chips with built-in crypto?
In-Reply-To: <v03007805aeb4208db8aa@[17.219.102.27]>
Message-ID: <199611181205.MAA00114@server.test.net>



Martin Minow <minow at apple.com> writes:
> In a note to cypherpunks, Hal Finney comments on the new crypto
> initiative:
> >
> >It's also not clear what the hardware manufacturers get out of this.
> >Their sales overseas have never been blocked.  There has been no demand
> >for custom crypto hardware.  I don't see how they have been harmed by an
> >inability to ship computers with built-in encryption hardware.  Granted
> >there are some possible applications for such systems but I don't see the
> >market demand which would drive this decision.
> >
> 
> I'm not sure if I can answer this but, at last week's SF cypherpunks
> meeting, an Intel engineer asked whether there might be any interest
> in a computer chip with some sort of encryption mechanism built
> into the chip. As I understand it, this chip would process an
> encrypted instruction stream. I.e., it could not execute a program
> unless the "key" for that program was first loaded into the chip.
> 
> An interesting idea: does anyone have more information?

It is a dangerous idea.  I speculated on this on the list some time
ago.  What we don't want is a clipper CPU which is using skipjack to
decrypt the instruction stream at run-time.  It opens up all sorts of
flexibility for GAK, software copyright protection, and means that
people won't be able to see what code they are running on their own
CPU.

I think it would be a negative technology from a cypherpunks
perspective, particularly if the USG has anything to do with it.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From mhw at wittsend.com  Mon Nov 18 12:20:41 1996
From: mhw at wittsend.com (Michael H. Warfield)
Date: Mon, 18 Nov 1996 12:20:41 -0800 (PST)
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <Pine.LNX.3.95.961118101854.21676O-100000@dhp.com>
Message-ID: <m0vPYmV-0000sZC@wittsend.com>


aga enscribed thusly:

> On Sun, 17 Nov 1996, Sven wrote:

> > Date: Sun, 17 Nov 1996 10:34:13 -0800
> > From: Sven <sven at loop.com>
> > To: aga <aga at dhp.com>
> > Cc: cypherpunks at toad.com
> > Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
> > 
> > 
> > >> 	I have a suggestion...  How 'bout if everybody on this list dropped
> > >> a procmail configuration that mailed aga at dhp.com and postmaster at dhp.com
> > >> a copy of every message that originated from aga at dhp.com?  Do you think
> > >> he would start to "get it" then?


> That cocksucker is not dumb enough to try that.  It is him who
> will get terminated after I talk with his postmaster.

	You're the one who is not too bright.  I got you're message to
"my postmaster".  He be me.  :-)  I wasn't too sympathetic (other than
for your postmaster)...

	Want to try complaining to the company president?  :-)

> > Why are these people so uptight?

> > Sven
	:
	: - Mindless drivel deleted...
	:
> -aga

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!





From nobody at cypherpunks.ca  Mon Nov 18 12:23:29 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Mon, 18 Nov 1996 12:23:29 -0800 (PST)
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
In-Reply-To: <Pine.LNX.3.95.961118101854.21676O-100000@dhp.com>
Message-ID: <199611182006.MAA24108@abraham.cs.berkeley.edu>


> From: aga <aga at dhp.com>
> 
> Maybe because John Gilmore is a faggot and takes it up
> the ass.  That was the real reason behind the clash.  Dr. Vulis
> just does not like Faggots, and Gilmore has admitted to being queer.

So why did Vulis drag the rest of this mailing list into his disputes?
If this is about homosexuality, wouldn't alt.fag.bashing have been a
more appropriate forum for his insults.  This mailing list is about
cryptography and loosely related political issues.  It seems that
several allegedly gay members of the mailing list have a lot more to
contribute on the subject than you or Vulis.  Perhaps you somehow
disagree, but so what?  In either case you must admit that insults
based on sexual orientation are not relevant to this mailing list.

> The one thing must be said about the Internet is that Faggots are
> not allowed to have any Authority positions, and this John Gilmore
> Faggot violates that rule.

They're not?  Where did you get that?  First of all, what do you
define as an Authority position in a completely decentralized network
like the internet?  Are you talking about being a member of IANA or
working for the internic or something?  In that case there clearly is
no such restriction (in fact, any such restriction would probably
result in serious legal problems for the organization that tried to
set such policy).

> Never trust anybody who does not fuck cunt.

Why not?  Is there something obvious I'm missing?  What does someone's
sexual orientation have to do with his or her trustworthiness?

Can you please explain what your point is, and why you need to make it
on cypherpunks?  I mean if you resent John Gilmore being in a position
of authority because for some reason you think he is gay and that
bothers you, why use a mailing list he controls to spread that
message, as you are giving him control over your communications?  I
think most of the people on this mailing list don't give a shit about
anyone's sexual orientation.  You and Vulis have made your point that
you think certain members are gay.  Apparently most of the remaining
members of the list don't believe you and/or don't care.  What more
are you trying to accomplish?

Thanks.





From dave at kachina.jetcafe.org  Mon Nov 18 13:31:06 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Mon, 18 Nov 1996 13:31:06 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611182130.NAA08518@kachina.jetcafe.org>


Black Unicorn writes:
> Dave Hayes writesL:
> > [For those who's assumptions rule their perception: I am *not* arguing
> > that all speech should be subsidized. I am merely pointing out that
> > the organization that is spending the money to broadcast is
> > controlling the speech, hence it is *not* free speech in terms of
> > freedom or cost.]
> Again, you confuse free speech with free broadcast.

Isn't broadcast a subset of speech, especially in this culture?
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

The penalty for laughing in a courtroom is six months in jail; if it were 
not for this penalty, the jury would never hear the evidence.







From dave at kachina.jetcafe.org  Mon Nov 18 13:34:46 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Mon, 18 Nov 1996 13:34:46 -0800 (PST)
Subject: Fuck You Dumb Cunt
Message-ID: <199611182134.NAA08552@kachina.jetcafe.org>


Brian Davis writes:
> I'm especially sorry that some of you don't believe in property
> rights.  

I believe in them, alright. It's just that they seem to be at odds
with freedom of speech. 

They are at odds with a lot of other things as well, but that's
a different fla...er...discussion.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

   History is not usually what has happened.
            History is what some people have thought to be significant.









From sven at loop.com  Mon Nov 18 13:36:38 1996
From: sven at loop.com (Sven)
Date: Mon, 18 Nov 1996 13:36:38 -0800 (PST)
Subject: Warfield's audience is terminated
Message-ID: <199611182136.NAA29416@toad.com>



>I have been advised by my associates that you are a waste of my time.
>My audience for your comments is therefore terminated.

Right on -- that guy came across as a masturbator with the "I'm my own
p0stmastur!1!!1" response and it's probably more effective for both of you
to work separately.

Fuck flames,
Feed trolls.

Sven
|__
   |--> SVEN: a.k.a. Chris Blanc
        Internet consulting/Web design
		
		[ http://www.loop.com/~sven/ ]

Some only sample the dark wine of life's blood...






From shamrock at netcom.com  Mon Nov 18 13:41:03 1996
From: shamrock at netcom.com (Lucky Green)
Date: Mon, 18 Nov 1996 13:41:03 -0800 (PST)
Subject: HP announcement
In-Reply-To: <3.0b28.32.19961118103631.006b5260@ricochet.net>
Message-ID: <Pine.3.89.9611181320.A22847-0100000@netcom14>


Greg wrote:

> Sounds to me like they want to be able to turn off strong crypto the way
> they can turn off high-detail GPS during politically/militarily sensitive
> events. 

That's my analysis as well. That, and we will see crypto strength based on 
the application. Credit card numbers get 3DES, email gets 40bit RC4.

[...]
> Users
> can decide whether to use key recovery, based on personal needs or domestic
> -- or foreign -- government regulations. 

The decision which type of crypto to use is not solely up to the 
user. If it was, a non-US user could just decide to turn on strong 
crypto. The Policy Token must therefore contain a field indicating GAK is 
"optional" or mandatory.

What does this mean? Policy tickets are served from central Policy
Servers. Foreigners only get servers that will turn GAK on by default. US
users get servers, run by an unspecified agency, that will initially send
tickets with a "GAK optional" value. This value can be changed to "GAK
mandatory" in times of national emergencies, suspected terrorist
activities, suspicious behavior, you know the drill.

Flip a central switch, and all crypto goes from "non-GAK" to "GAK". Which of 
course makes it GAK from the outset.

--Lucky






From tfs at adsl-122.cais.com  Mon Nov 18 14:06:08 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Mon, 18 Nov 1996 14:06:08 -0800 (PST)
Subject: U.S. CIA employee caught spying
Message-ID: <9611182205.AA08339@adsl-122.cais.com>



This is on the local DC news;

Harold Nicholson age 46, a CIA employee was arrested for spying today
at Dulles airport. He allegedly has been working for the Russians
for the past 2 years.

He was caught after he failed a series of polys, and bank account 
irregularities had been noticed, as well as suspcious travel.
They got him on hidden video apperently photocopying documents
that he intended to pass along.


Tim

 






From frissell at panix.com  Mon Nov 18 14:13:12 1996
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 18 Nov 1996 14:13:12 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <3.0b36.32.19961118170415.006a7b98@panix.com>


At 11:57 AM 11/18/96 -0800, Huge Cajones Remailer wrote:
>
>At 8:38 PM 11/17/1996, Huge Cajones Remailer wrote:
>>> Privacy is a hassle.  Is it worth it?
>>> 
>>> Which unfortunate situations does privacy prevent?  What are the odds
>>> that they will occur?  How much effort will it take to prevent these
>>> outcomes?  As a model, use the present and future situation of a
>>> typical reader of this list.

Risks of not employing privacy techniques:

1)	You might have to pay 30%+ of your income in taxes.
2)	Your driver's license might be capable of being suspended.
3)	Your children will be more likely to be grabbed by Child Protective
Services.
4)	You are *much* more likely to come to the attention of the authorities.
5)	Your usenet posts on gun control may be reported to the local sheriff's
office and an armed agent of the state may call you.
6)	You may be dunned by debt collectors.
7)	Your property will be at greater risk of forfeiture to the government or
loss to private litigation.
8)	You may have to pay thousands of dollars a year in auto insurance.
9)	You are more likely to lose a job because of something your employer
finds out about you.
10)	If you live in a "non-attainment area" your older car may fail
emissions inspection.

That's all for now.  I've got a million of them.

DCF






From mixmaster at remail.obscura.com  Mon Nov 18 14:29:41 1996
From: mixmaster at remail.obscura.com (Mixmaster)
Date: Mon, 18 Nov 1996 14:29:41 -0800 (PST)
Subject: accutrade
Message-ID: <199611182120.NAA10915@sirius.infonex.com>


Hacking the 9 digit account number and 4 digit PIN will be easier than attacking the OS directly.
Either method though would certainly ring loud bells at Accutrade unless they are infected with 
headinbutt disease.





From sandfort at crl.com  Mon Nov 18 14:30:37 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 18 Nov 1996 14:30:37 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <199611181953.LAA05242@mailmasher.com>
Message-ID: <Pine.SUN.3.91.961118135025.343B-100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Mon, 18 Nov 1996, someone wrote:

> At 6:55 AM 11/18/1996, Sandy Sandfort wrote:

> >On Sun, 17 Nov 1996, Huge Cajones Remailer wrote:

> >> >> Informally, I don't know anybody who has suffered due to a loss of
> >> >> privacy.
> >> Examples [of people who have suffered due to loss of privacy]?

Note in the following exchange that HC firsts asks for examples
of harm, then when clearly unambiguous examples are given, tries 
to imply that the examples are rare, trivial or (most amazingly)
that the victim did suffer, but must have deserved his/her fate!

> >Phil Zimmermann often tells the story of a woman whose marriage
> >was destroyed by the revelation of a long-past indiscretion. 
> >After her husband divorced her, she committed suicide.
> 
> Deceiving your spouse is not a good reason to protect your privacy.

Really?  What if the spouse is violently abusive?  You might 
want to leave him and NOT be tracked down and killed.
 
> >Any number of celebrities have been stalked, attacked and even
> >killed by obsessed fans who found them through public records.
> 
> Unfortunately most readers of this list do not have this problem.

Unfortunately?  You don't have to be famous to be stalked.  Many
ordinary people are being dogged by former or would-be paramors.
Is it HC's contention that this is only a problem when a 
majority of Cypherpunks suffer from it?
 
> >Every year, children and business executives are kidnapped for
> >ransom.  The proximate cause of these kidnappings is a breach in
> >privacy about the whereabouts and schedules of the victim.  
> 
> Or this problem.

How fatuous.

> >Hitler's gun registration in Germany allowed the Jews to be
> >disarmed.  I'm sure you are aware of the ultimate consequences
> >of that little invasion of privacy.
> 
> Not a bad example, but genocide happens rarely.

They happens all to often.  Is this response supposed to be joke?
 
> Those alert enough to protect their privacy in advance might be alert
> enough to get out in time, anyway.

Yeah, I guess HC is right, the slow ones deserved it.
 
> >The US Post Office co-operated in the identification and 
> >imprisonment of people of Japanese ancestry during the second
> >world war.
> 
> 97,000 victims over a ~100 year period.  Doesn't really show up on the
> scope, sorry.  (Plus downside bad, but few were murdered.)

Yeah, just a few.  Okay by me and HC, I recon.
 
> >The problem with having a whole lot of private information about
> >you floating around in public is not what damage it can do to you
> >now, but rather the problems it potentially could cause in the
> >future.  Just about everyone on this list has been to university.
> >Not long ago, a college education was essentially a death warrant 
> >in Cambodia.  Prior to that, a degree was considered a good thing
> >there.  People saw no reason to hid the fact that they had been
> >in school.  Trouble is, things changed.
> >
> >And the trouble today is that things can change now, too.  Think
> >about the things that you have publicly done or advocated.  Even
> >if they are as legal as church on Sunday NOW, how comfortable 
> >will you be about them if there is extreme right or left takeover
> >in the future?  Start to get the picture?
> 
> These things CAN happen.  Will they happen?  Odds are low.

The odds approach unity over time.
 
> BTW, are you operating under your True Name?

NOYB.  More importantly, since you seem to think privacy isn't
all that important why don't you give us your true name, date of
birth, SS#, mother's maiden name, address where you sleep at 
night, pictures of you (and your family), etc.?  After all, as 
you wrote, the "odds are low" anything will come of it.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From tomw at netscape.com  Mon Nov 18 14:54:59 1996
From: tomw at netscape.com (Tom Weinstein)
Date: Mon, 18 Nov 1996 14:54:59 -0800 (PST)
Subject: What do our Netscape folks have to say?
In-Reply-To: <Pine.3.89.9611171813.A12245-0100000@netcom14>
Message-ID: <3290E95B.15FB@netscape.com>


Timothy C. May wrote:
>
> At 6:44 PM -0800 11/17/96, Lucky Green wrote:
>
>> I have a hard time believing that Netscape caved. As I wrote in July,
>> HP was working on selling our children's birthright to obtain an
>> export license for their product. But Netscape participating in this
>> just doesn't sound right.
>
> Indeed, some comments from the usually-vocal Weinstein brothers would
> be most welcome.

Our position on hardware crypto is that if it has a PKCS#11 interface,
we'll probably support it.  To the best of my knowledge, we aren't
endorsing the HP scheme in particular.

-- 
You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      | tomw at netscape.com





From sunder at brainlink.com  Mon Nov 18 14:55:04 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Mon, 18 Nov 1996 14:55:04 -0800 (PST)
Subject: Cpunks Frog Forwards discontinuation
In-Reply-To: <199611181437.JAA22942@yakko.cs.wmich.edu>
Message-ID: <Pine.SUN.3.91.961118175548.23329A-100000@beast.brainlink.com>


On Mon, 18 Nov 1996, Damaged Justice wrote:

>  o Ray Arachelian runs a free filtering service, sticking mostly to news
>    and technical stuff with a few other tidbits thrown in. Mail
>  
>    sunder at dorsai.dorsai.org


This has been moved to sunder at sundernet.com (hosted via brainlink, the 
fascist dorsai account is no more.)

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder at sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================






From Bryondp at aol.com  Mon Nov 18 15:42:41 1996
From: Bryondp at aol.com (Bryondp at aol.com)
Date: Mon, 18 Nov 1996 15:42:41 -0800 (PST)
Subject: POC_ket
Message-ID: <961118184128_1083259824@emout08.mail.aol.com>



Take me off the list!!!!





From editor at cdt.org  Mon Nov 18 15:53:58 1996
From: editor at cdt.org (Bob Palacios)
Date: Mon, 18 Nov 1996 15:53:58 -0800 (PST)
Subject: CDT Policy Post 2.38 - President Takes First Steps TowardsClipper 3.1.1
Message-ID: <v03007803aeb6a50ea233@[204.157.127.16]>


-----------------------------------------------------------------------------
    _____ _____ _______
   / ____|  __ \__   __|   ____        ___               ____             __
  | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
  | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
  | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
   \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
   The Center for Democracy and Technology  /____/     Volume 2, Number 38
----------------------------------------------------------------------------
      A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 38                     November 18, 1996

 CONTENTS: (1) President Takes First Steps Towards Clipper 3.1.1
           (2) Details of the Executive Order
           (3) How to Subscribe/Unsubscribe
           (4) About CDT, contacting us

  ** This document may be redistributed freely with this banner intact **
        Excerpts may be re-posted with permission of <editor at cdt.org>
         ** This document looks best when viewed in COURIER font **
-----------------------------------------------------------------------------

(1) PRESIDENT TAKES FIRST STEPS TOWARDS CLIPPER 3.1.1

In a move that leaves major unanswered questions about the privacy of global
communications on the Internet,  President Clinton has taken the first
concrete steps towards implementing the government's controversial key
recovery encryption proposal.  On Friday November 15, the President appointed
an ambassador-level "Special Envoy for Cryptography" and signed an Executive
Order that gives the Commerce Department jurisdiction over encryption exports
but includes the Justice Department in all such export decisions.  These
developments do little to change the underlying regulations on encryption
that have prevented the development of a strong worldwide encryption standard
needed to protect privacy and security on the Internet.

The full text of the executive order and other relevant background materials
are available on CDT's Encryption Policy Page:

     http://www.cdt.org/crypto/

Friday's White House announcements demonstrate the Administration's
commitment to its dangerous key recovery approach to worldwide encryption.
This approach fails to meet the fundamental privacy needs of computer users
and industry because:

*  International communications are still vulnerable since products sold
   by the dominant U.S. hardware and software manufacturers must conform
   to U.S. export controls.

*  Key recovery won't protect privacy internationally and institutionalizes
   a global government surveillance mechanism without privacy safeguards.

*  U.S. exports are still controlled and uncompetitive making it harder for
   the market to develop a secure global encryption standard.

The Administration policy, initially announced on October 1st and dubbed
"Clipper 3.1.1," leaves Internet users without the technical means to secure
their communications or the international legal standards needed to protect
their privacy.

In other developments this week, Hewlett-Packard and other companies announced
preliminary approval to export new "dormant encryption" products, which
contain strong encryption that can only be activated with a special license.
While this new architecture is expected to make it easier for industry to
market encryption products, this technology does not change the underlying
privacy problems created by the Administration's export control policy.
Granting of licenses to use strong encryption will still be subject to the
current export controls limiting key length and requiring key recovery for
strong encryption.

CONTINUING A DANGEROUS KEY RECOVERY POLICY

The Administration's announcements mark the first real steps towards
implementing an approach to encryption policy based on the dangerous and
untested idea of global key recovery.  This approach would institutionalize
worldwide governmental access to encrypted communications without providing
any privacy standards for electronic communications or stored data.

The Administration's approach leaves computer users at risk operating on a
global network without the technical security provided by strong encryption
or the legal privacy rights afforded here in the United States by the Fourth
Amendment and federal law.  For example, the Administration policy would not
solve the following privacy problems:

*  International communications are still vulnerable.  For example, an
   American individual doing business with someone in France would still
   be forced to use weaker forms of encryption, or use key recovery systems
   that make their communications accessible to law enforcement officials of
   both countries.

*  Key recovery won't protect privacy internationally.  A Chinese dissident
   communicating with supporters in the U.S. and fearful of weaker encryption
   would be to forced to use key recovery. The Administration indicates that
   such key recovery mechanisms would be based on bilateral key-access
   arrangements between governments. Even if the dissident's keys were
   recoverable only in the U.S., such a global key access policy would
   almost certainly make those keys accessible to the Chinese government. If
   the United States expects China to assist U.S. law enforcement with key
   recovery for issues of national interest, such as anti-piracy efforts in
   China, we can also expect China to require U.S. disclosure of keys to its
   law enforcement community.

*  Exports are still controlled and uncompetitive.  A Japanese company using
   exportable U.S. encryption products would be forced to use lower strength
   encryption -- or use an key recovery agent approved by the U.S. law
   enforcement community. This is unlikely to help the global market develop
   a worldwide standard for secure communications.

As a result of this policy, computer users all over the world will be left
with a lowest common denominator infrastructure that does not provide for
either technical security or legal privacy for sensitive communications and
data. CDT believes that any workable U.S. encryption policy must be designed
to protect the privacy and security of Internet users.

------------------------------------------------------------------------

(2) DETAILS OF THE EXECUTIVE ORDER

The Executive Order signed by the President on Friday does not change the
type of encryption products that will be exportable. Rather, it lays the
groundwork for the eventual transfer of encryption export control
jurisdiction from the State Department to the Commerce Department pending
Final Regulations by both departments.

Encryption exports have traditionally been regulated as "munitions"
controlled by the State Department. While the Commerce Department is widely
viewed as more sensitive to the needs of business and individual encryption
users, Commerce is still constrained by Administration encryption policy.
Additional provisions of the Executive Order indicate that the Commerce
Department's encryption controls will continue to be dominated by law
enforcement and national security interests:

*  New Justice Department role in export review committee -- In an unusual
   step, the Order adds the Justice Department to the interagency group
   reviewing Commerce encryption export decisions.

*  Source code treated as a "product" -- The Order specifically singles out
   encryption source code to be given the stricter review scrutiny of a
   "product" rather than a "technology."

*  Broad definition of export -- The export of encryption source code or
   object code is extended to explicitly include posting to FTP sites or
   electronic bulletin boards unless "adequate" precautions are taken to
   prevent transfer abroad. As reflected by a recent Federal Court finding
   in the CDA indecency case that Internet users rarely have control over
   the parties accessing materials via FTP, Usenet, or the Web, this
   provision could have the chilling effect of preventing most
   dissemination or discussion of new cryptographic tools on the Internet.

The Administration's announcements will have little effect on the existing
encryption privacy problem unless the underlying policies governing the
export and use of encryption are changed. These announcements do little to
address the unanswered questions about how privacy will be protected in the
key recovery system envisioned by the Administration.

APPOINTMENT OF THE "SPECIAL ENVOY FOR CRYPTOGRAPHY"

On Friday the President also designated Ambassador David L. Aaron as the
new "Special Envoy for Cryptography."  According to the White House, this
Special Envoy will have "responsibility to promote the growth of electronic
commerce and robust, secure global communications in a manner that protects
the public safety and national security. . . . Ambassador Aaron will promote
international cooperation, coordinate U.S. contacts with foreign governments
on encryption matters and provide a focal point for identifying and resolving
bilateral and multilateral encryption issues."  Ambassador Aaron is currently
the U.S. Ambassador to the OECD.

CDT hopes that the new Special Envoy, as a representative of the United
States, will work to represent the needs of Americans to communicate
privately in the currently insecure global environment.  Until now, U.S.
encryption representation abroad has been dominated by law enforcement and
national security interests. CDT hopes that the new Special Envoy will also
consult with the computer user community, consumers, privacy advocates, and
industry to promote their need for secure networks worldwide.

NEXT STEPS

In the coming months, both the Department of Commerce and the State
Department must issue rules to implement the Administration's new encryption
policy.

*  The State Department will issue a rule transferring its jurisdiction of
   encryption licensing  to the Commerce Department.

*  The Commerce Department will issue rules spelling out exactly how it will
   approve products for export, and what the requirements for approved key
   recovery centers and key recovery plans will look like.

CDT hopes and expects that the Administration will provide an opportunity
for public comment in the rulemaking process to allow input from those
concerned about privacy and security in the formulation of U.S. encryption
policy.

------------------------------------------------------------------------

(3) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
nearly 10,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request at cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------

(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info at cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.38                                           11/18/96
-----------------------------------------------------------------------







From hyperlex at hol.gr  Mon Nov 18 15:55:12 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Mon, 18 Nov 1996 15:55:12 -0800 (PST)
Subject: REQUESTING INFORMATION :-)
Message-ID: <199611190353.BAA09293@prometheus.hol.gr>


f'knights, [hee hee]  (as in c'punks)!!! ROTFL

After the amusing invasion of Sandy-the-cowboy in his attempt
to smash open the already open doors of a virtual (i.e. non-existent)
salloon...  (in the Freedom-Knights list)

(which is a waste of time anyway to watch his show anyway)...
:-)


I REQUEST INFORMATION on those people who compile "Unemployability
Lists" in the USA, as well as ANY other information on this issue.

Senator McCarthy managed to terrorize the entire U.S.A. some decades
ago with such lists (on real paper rather than on computer files).

The "Return to NeoMcCarthyanism" would make an _excellent_ story for
the Greek Newspaper "Eleftherotypia", and some bright young Greek
journalist could seize the opportunity perhaps even for a Headline
Story. Therefore, I include in the recipient list the Greek Newspaper's
Internet Supplement address, and... rub my hands, waiting for your
replies, folks. :-)


We Greeks would like ALL the names of the people who act as "Informers"
of companies denouncing those unfortunate Americans who are doomed
to unemployment. We plan to give these names to all our friends, so
as to warn them WHO to avoid during our summer holidays in Greek
Islands.


Thank you
George A. Stathis
(former columnist in "PC Master" magazine, Athens Greece -1990).

P.S. I wrote each month's MAIN article at the time, and also the monthly
     "A.I." program. I am not active in journalism at the moment, which
     is why someone else is welcome to use the ensuing information.

P.S. TRUST GREEKS. We hold a World Copyright on Freedom of Thought for
     2.500 years or more, and we even donated it to the Public Domain! :-)

     







From unicorn at schloss.li  Mon Nov 18 15:55:34 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Mon, 18 Nov 1996 15:55:34 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <Pine.SUN.3.91.961118063411.10538D-100000@crl8.crl.com>
Message-ID: <Pine.SUN.3.94.961118185330.29557A-100000@polaris>


On Mon, 18 Nov 1996, Sandy Sandfort wrote:

> The problem with having a whole lot of private information about
> you floating around in public is not what damage it can do to you
> now, but rather the problems it potentially could cause in the
> future.  Just about everyone on this list has been to university.
> Not long ago, a college education was essentially a death warrant 
> in Cambodia.  Prior to that, a degree was considered a good thing
> there.  People saw no reason to hid the fact that they had been
> in school.  Trouble is, things changed.

Oh, come on.  That could never happen here.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From boursy at earthlink.net  Mon Nov 18 16:08:33 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Mon, 18 Nov 1996 16:08:33 -0800 (PST)
Subject: Fuck You Dumb Cunt
In-Reply-To: <199611182134.NAA08552@kachina.jetcafe.org>
Message-ID: <3290FB1C.474C@earthlink.net>


Dave Hayes wrote:
> 
> Brian Davis writes:
>
>> I'm especially sorry that some of you don't believe in property
>> rights.
> 
> I believe in them, alright. It's just that they seem to be at odds
> with freedom of speech.
> 
> They are at odds with a lot of other things as well, but that's
> a different fla...er...discussion.


  I believe the posession of property is a priv. to be taken 
away if abused.  There is no such thing as a 'right' to 
property--in fact the very notion seems absurd.

                        Steve





From hua at chromatic.com  Mon Nov 18 16:21:04 1996
From: hua at chromatic.com (Ernest Hua)
Date: Mon, 18 Nov 1996 16:21:04 -0800 (PST)
Subject: How to slow the animals ...
In-Reply-To: <328EA802.1B19@gte.net>
Message-ID: <199611190020.QAA17742@server1.chromatic.com>



It seems that there are many technical means to stop abuse from
the resource usage sense:

1.  Prevent non-members from sending mail to the list.  (This may
    be done already, but since I don't know, I cannot say.)

2.  Limit the rate of new subscription requests (perhaps on a per-
    host or per-domain basis.)

3.  Re-order out-going mail (from toad.com) according to size.
    Drop messages from queue if it gets "reordered" too many times.

4.  Truncating long messages.

5.  Re-order out-going mail (from toad.com) according to time of
    last mail (from the originator).  Basically, limit the rate of
    mail from any particular person or host or domain.

6.  Refuse connections from "known host(s) or domain(s) of
    abusers" during "busy" periods.

These are not whole-sale censorship mechanisms, but just abuse-
resistence measures.

Ern







From boursy at earthlink.net  Mon Nov 18 16:21:50 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Mon, 18 Nov 1996 16:21:50 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
In-Reply-To: <199611171100.JAA21839@prometheus.hol.gr>
Message-ID: <3290FE56.2479@earthlink.net>


George A. Stathis wrote:
> 
> At 12:07 �� 17/11/1996 -0600, snow wrote:
>>
>>    Boursy is a twit who has lost more accounts that Vulis.


  I've lost but one account--world.std.com (Software Tool &
Die) soon to be purchased by the conglomorate Plug Pullers
R US.  That was entirely related to a local rent control
matter.  Now I may be a 'twit'--that is an entirely
different matter.

 
> I would suggest that it is not at all a "safe" indication of personal
> or intellectual _worth_, (of Mr. Boursy or of anyone) "how many
> accounts he has lost".

   I would say though that if one makes false statements as has
this 'snow' character it indicates a lack of credibiltiy.

 
>>    Ignore him.

  Something you seem unable to do.  Isn't it odd how some will
tell you how insignificant and irrelevant you are only to devote
so much of their time and energy to you.  I find that very odd.

 
> It is not ethical to send such strong negative _injunctions_ to masses
> of people and also to strangers (the 1900-strong members of the cyberphunks
> list for instance). 

  Well thanks George but I do think his statement speak for themselves.
I'm not in the least concerned someone like him could harm me--in fact
I find it very amusing that he is deemed 'acceptable for that list
while Dr. Vulis is not.

> Because, you may or may not have strong reasons for
> believing you are justified in such invalidation, but more than a 1000
> people are now _told_ by (self-appointed) "experts" such as yourself what
> and whom to ignore or to believe. (Like sheep led to the slaughter)...


   Well that's sort of like Tiny Tim Skirvin and his Global Killfile--
it does him more harm than those he is after--in fact little Tim reads
my every word.

 
> But what you are doing now, extending the "1-person-blacklist" to your
> number-two-entry (Mr. Boursy) is exactly the thing that I hoped you might
> avoid.

  And based on lies as well--I've only had one account terminated--that
by Barry Shein who lives in Brookline, Ma. and that was entirely do
to real estate industry money and the rent control issue (a statewide
referrendum on rent control which existed only in Brookline, Cambridge,
and Boston)--many millions of dollars at stake there.  Shein is simply
a whore.
 
>         First they kicked out Dimitri Vulis.
> 
>         Then they slandered and kept out Steve Boursy.

  Well my suggestion--given the size of the list and that we have
numerous sympathizers there--is to have all of their posts forwarded
and publically post them for free and open discussion.

                            Steve


> 
>         Then...
> 
>         When they came after me, there was nobody left to support me.
> 
> (You can perhaps realize what this paraphrase is about)... :-(
> 
> Sincerily, and with... Sanity of Mind :-)
> George Stathis





From hyperlex at hol.gr  Mon Nov 18 16:29:21 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Mon, 18 Nov 1996 16:29:21 -0800 (PST)
Subject: Fuck You Dumb Cunt
Message-ID: <199611190428.CAA11326@prometheus.hol.gr>


At 07:11 �� 18/11/1996 -0500, Stephen Boursy wrote:
>Dave Hayes wrote:
>> 
>> Brian Davis writes:
>>
>>> I'm especially sorry that some of you don't believe in property
>>> rights.
>> 
>> I believe in them, alright. It's just that they seem to be at odds
>> with freedom of speech.
>> 
>> They are at odds with a lot of other things as well, but that's
>> a different fla...er...discussion.
>
>
>  I believe the posession of property is a priv. to be taken 
>away if abused.  There is no such thing as a 'right' to 
>property--in fact the very notion seems absurd.
>
>                        Steve

Philosophically, a lot of people would agree with you Steve, and this would
probably place them in dozens of "killfiles", "lists of unemployable persons",
plug-pullable minorities of "kooks" and so on, inside the American Section
of the Internet. No wonder (after malicious slander I have seen directed
against you), that so few people come out with such views. However...

Reality has many facets, and property can mean many things.

"Abusing property" is also punishable already by some (very capitalistic) laws.

I know I deserve everything I own, but do the chicken know it?
The chicken who hide behind roles like Gilmore's for instance.

Surely the ONLY things we most CERTAINLY own, are our bodies and our speech
and other facets of our existence.

If  people were offered large sums of money to cut off one... hand, they'd
probably refuse! :-)  Goddess Venus knows why if a lot of people when
offered similar similar sums of money to chop off their speech, they obey.

I am very troubled at recent events and spend my time wasting yours.
But wait till you see what I figured out... :-)
(with the Greek paper).
George


















From merlyn at stonehenge.com  Mon Nov 18 16:57:39 1996
From: merlyn at stonehenge.com (Randal Schwartz)
Date: Mon, 18 Nov 1996 16:57:39 -0800 (PST)
Subject: LACC: BayLISA: Randal Schwartz, Just Another Convicted Perl Hacker (fwd)
In-Reply-To: <Pine.GUL.3.95.961117210230.15571A-100000@Networking.Stanford.EDU>
Message-ID: <8cpw1a9a1c.fsf@gadget.cscaper.com>


>>>>> "Rich" == Rich Graves <llurch at networking.stanford.edu> writes:

Rich> This should be QUITE entertaining.

Well, it's not like I juggle or anything. :-)

-- 
Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
Email: <merlyn at stonehenge.com> Snail: (Call) PGP-Key: (finger merlyn at ora.com)
Web: My Home Page!
Quote: "I'm telling you, if I could have five lines in my .sig, I would!" -- me





From dlv at bwalk.dm.com  Mon Nov 18 17:01:13 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 17:01:13 -0800 (PST)
Subject: Taxation Thought Experiment
In-Reply-To: <199611180235.UAA00791@manifold.algebra.com>
Message-ID: <gF8LXD13w165w@bwalk.dm.com>


ichudov at algebra.com (Igor Chudov @ home) writes:
> Dr.Dimitri Vulis KOTM wrote:
> > ichudov at algebra.com (Igor "FUCK MNE HARDER" Chudov @ home) writes:
> > > Dr.Dimitri Vulis KOTM wrote:
> > > > Therefore it's sometimes more profitable for a company to raise money b
> > > > issuing bonds (debt) and paying tax-deducuble interest than by selling
> > > > stock (equity) and paying non-decuctible dividentds to stockholders.
> > > There is, in fact, a neat theorem that says that (*_under certain
> > > assumptions_*) the value of a firm does not depend on its capital
> > > structure.
> >
> > Igor, you begin to sound just like Timmy May - talking about things you kno
> > nothing about.
>
> Surely I know nothing about finance. Never claimed otherwise.

Then I suggest that you get hold of an undergraduate book on corporate finance,
such as Ross, Westerfield, Jordan, from Irwin. They just came out with the 3rd
edition). Read their very lucid explanation of M&M's work, and in particular
what they mean by "bankrupcy costs". Sure beats quoting academic papers that
you don't understand.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jimo at astea.com  Mon Nov 18 17:12:16 1996
From: jimo at astea.com (James Ormond)
Date: Mon, 18 Nov 1996 17:12:16 -0800 (PST)
Subject: Extreme Left/Right
Message-ID: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>



Sandy,

I always had trouble understanding what people meant when they used the 
terms "extreme left" and "extreme right".  Then, about 4 months ago, I
saw a guy define the "political spectrum" the way (he said) it used to be 
defined before the definitions were corrupted (by whomever wants to 
divide - and conquer - the people).  It made sense to me.  A spectrum 
afterall, at least when we're talking about colors, starts with one type 
of color and graduates to other, DIFFERENT colors.

He defined the "political spectrum" as follows:

< ------- LEFT                                                 RIGHT ------->

            Monarchy      Oligarchy      Democracy      Republic      Anarchy

Rule by:      ONE            FEW           MANY           LAW           NONE

Examples:   Dictator,     Communist,      Lynch Mob     Constitutional
            King          Fascist State                 Govt (US before
                                                        1930's)


So, according to this definition of the political spectrum, a true 
"leftist" would be a person that supported the government's usurpation of 
individual rights, property rights, human rights, privacy rights, etc.  
Obviously we don't look at it this way.  The government only takes away 
our property (eg. through income taxes), etc. when it's FOR OUR OWN 
GOOD AND THE GOOD OF OUR COUNTRYMEN!!!

Sadly, this can only be done (in this country) by violating the US 
Constitution, and it has been done and it is being done.  

Unfortuneately, the people that support and seek to defend the Constitution 
(according to the political spectrum you see above) are on the right 
(those that support the Republic).  It's not politically correct to call 
yourself a "rightist" these days.  

Of course, there are not too many Americans (including people that call
themselves "leftists" or "liberals") that are willing to publicly admit
that they are opposed to the US Constitution.  I dare say that most 
leftists would actually say that they SUPPORT the US Constitution.  Many
of these people are very concerned about the deterioration of our 
liberties and spend a lot of time and energy educating themselves and 
others about how this is being done.  I know this because I used to 
consider myself a "leftist" (although I was never too fond of applying 
such labels to myself); after all, I had to be SOMEWHERE!!!  My political 
"education" started during the Reagan years.  Since that administration 
was considered "right-wing", I knew I didn't like that (because of the 
BAD things that it was doing) so I must be the opposite.

When I used to listen to a certain "leftist" radio station broadcasting 
out of New York City, they would talk about "left-wing", communist 
dictatorships and "right-wing", fascist dictatorships.  A dictatorship is 
a dictatorship!!!  The "wing" that it comes from makes no difference!!  The 
way the media defines these things makes no sense; you can't have a 
dictatorship on BOTH sides of a POLITICAL SPECTRUM no more than you can 
have YELLOW on both sides of the COLOR SPECTRUM.

Maybe I'm totally wrong in my thinking.  If I am please try to clarify 
things for me.

I bring this to your attention only because I notice that you often use 
these terms in some of your e-mails.

I think that most "leftists" and "rightists" want many of the same 
things.  We can't get together because the language we use has been so 
corrupted.  


Sincerely,

Jim.





From hyperlex at hol.gr  Mon Nov 18 17:21:04 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Mon, 18 Nov 1996 17:21:04 -0800 (PST)
Subject: Censor John Gilmore -- EFF is a disgrace!
Message-ID: <199611190509.DAA13737@prometheus.hol.gr>


Dear "Info",


Mr. Stephen Boursy has made a number of important revelations here.
I went back and read nearly all his posts, and I will say this _again_,
I have found NOTHING to suggest a lack of reliability in what he says.

I am in no way affiliated to Mr. Boursy. I have never seen his face, even.

In fact I had hardly noticed Mr. Boursy's presence till only a few days
ago, when the forcible expulsion of Russian Mathematician Dimitri Vulis
from the "cypherpunks" list fell like a bomb over my naive gullible head.
Only AFTER this, I started reading ALL the previous postings that I had
missed (about 60-70 % of them).

I decided to find out what's happening.

I saw OBVIOUS things, and OBVIOUS LIES, since as a lurker who kept
ALL previous postings (in the Freedom-Knights list and elsewhere) I could
COMPARE my archives to what people claimed.  More often than not, to
my amazement, what a LOT of people claimed were packs of lies. And against
Mr. Boursy and Mr. Dimitri Vulis in particular, entire SEWAGES of lies.

'
So I forward this info to... "INFO", the Weekly Net-Supplement of
"Eleftherotypia", Greece's largest and most democratic newspaper.

The Greek public are rather well informed on the "shiny" side of the
Internet. But (the director of "Info" and I) have met and discussed,
on two occasions, a few months ago,  ALSO the "DARK" side....

Our only problem, is VOLUME. It's like trying to clean up a shit-hole
which has spilled the shit even outside itself, in the garden... :-)

(The AMERICAN section of the internet, i.e. MOST of it).


Here goes...



At 07:24 �� 18/11/1996 -0500, Stephen Boursy wrote:
>George A. Stathis wrote:
>> 
>> At 12:07 �� 17/11/1996 -0600, snow wrote:
>>>
>>>    Boursy is a twit who has lost more accounts that Vulis.
>
>
>  I've lost but one account--world.std.com (Software Tool &
>Die) soon to be purchased by the conglomorate Plug Pullers
>R US.  That was entirely related to a local rent control
>matter.  Now I may be a 'twit'--that is an entirely
>different matter.
>
> 
>> I would suggest that it is not at all a "safe" indication of personal
>> or intellectual _worth_, (of Mr. Boursy or of anyone) "how many
>> accounts he has lost".
>
>   I would say though that if one makes false statements as has
>this 'snow' character it indicates a lack of credibiltiy.
>
> 
>>>    Ignore him.
>
>  Something you seem unable to do.  Isn't it odd how some will
>tell you how insignificant and irrelevant you are only to devote
>so much of their time and energy to you.  I find that very odd.
>
> 
>> It is not ethical to send such strong negative _injunctions_ to masses
>> of people and also to strangers (the 1900-strong members of the cyberphunks
>> list for instance). 
>
>  Well thanks George but I do think his statement speak for themselves.
>I'm not in the least concerned someone like him could harm me--in fact
>I find it very amusing that he is deemed 'acceptable for that list
>while Dr. Vulis is not.
>
>> Because, you may or may not have strong reasons for
>> believing you are justified in such invalidation, but more than a 1000
>> people are now _told_ by (self-appointed) "experts" such as yourself what
>> and whom to ignore or to believe. (Like sheep led to the slaughter)...
>
>
>   Well that's sort of like Tiny Tim Skirvin and his Global Killfile--
>it does him more harm than those he is after--in fact little Tim reads
>my every word.
>
> 
>> But what you are doing now, extending the "1-person-blacklist" to your
>> number-two-entry (Mr. Boursy) is exactly the thing that I hoped you might
>> avoid.
>
>  And based on lies as well--I've only had one account terminated--that
>by Barry Shein who lives in Brookline, Ma. and that was entirely do
>to real estate industry money and the rent control issue (a statewide
>referrendum on rent control which existed only in Brookline, Cambridge,
>and Boston)--many millions of dollars at stake there.  Shein is simply
>a whore.
> 
>>         First they kicked out Dimitri Vulis.
>> 
>>         Then they slandered and kept out Steve Boursy.
>
>  Well my suggestion--given the size of the list and that we have
>numerous sympathizers there--is to have all of their posts forwarded
>and publically post them for free and open discussion.
>
>                            Steve
>
>
>> 
>>         Then...
>> 
>>         When they came after me, there was nobody left to support me.
>> 
>> (You can perhaps realize what this paraphrase is about)... :-(
>> 
>> Sincerily, and with... Sanity of Mind :-)
>> George Stathis
>






From wbear at hotmail.com  Mon Nov 18 17:26:18 1996
From: wbear at hotmail.com (Mark.L. Burton)
Date: Mon, 18 Nov 1996 17:26:18 -0800 (PST)
Subject: (Fwd) National Emergency
Message-ID: <19961118212932.25483.qmail@hotmail.com>



>Subject: (Fwd) National Emergency

 from: gathering at cygnus.com Mailing list alt.gathering.rainbow
>------- Forwarded Message Follows -------
>Date:          Sun, 17 Nov 1996 17:42:58 -0800 (PST)
>From:          Phil Agre <pagre at weber.ucsd.edu>
>To:            rre at weber.ucsd.edu
>Subject:       National Emergency
>Reply-to:      rre-maintainers at weber.ucsd.edu
>
>
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>This message was forwarded through the Red Rock Eater News Service (RRE).
>Send any replies to the original author, listed in the From: field below.
>You are welcome to send the message along to others but please do not use
>the "redirect" command.  For information on RRE, including instructions
>for (un)subscribing, send an empty message to  rre-help at weber.ucsd.edu
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>Date: Fri, 15 Nov 1996 17:23:24 -0800
>From: Hal Finney <hal at rain.org>
>To: cypherpunks at toad.com
>Subject: National Emergency
>
>Michael Froomkin posted to the cyberia list a pointer to the Clinton
>administration's new export policy.  He has a copy on his web site at:
><URL: http://www.law.miami.edu/~froomkin/nov96-regs.htm >.  The thing
>I found interesting is that it refers to the fact that we are currently
>living under a state of national emergency!  I searched on the whitehouse
>web site and couldn't find the executive order referred to (maybe it was
>classified) but did find this one:
>
>For Immediate Release                             June 30, 1994
>
>
>  Executive Order
>      #12923
>   - - - - - - -
>
>     Continuation Of Export Control Regulations
>
>
>  By the authority vested in me as President by the
>Constitution and the laws of the United States of America,
>including but not limited to section 203 of the International
>Emergency Economic Powers Act ("Act") (50 U.S.C. 1702), I, William
>J. Clinton, President of the United States of America, findthat
>the unrestricted access of foreign parties to U.S. goods,
>technology, and technical data and the existence of certain
>boycott practices of foreign nations, in light of the expiration
>of the Export Administration Act of 1979, as amended (50 U.S.C.
>App. 2401 et seq.), constitute an unusual and extraordinarythreat
>to the national security, foreign policy, and economy of the
>United States and hereby declare a national emergency with respect
>to that threat.
>
>Apparently this state of emergency is still in effect.  This is what
>gives the President the power to unilaterally make changes in the export
>policy.  It would be nice if our congresspeople would take some
>responsibility in this matter.
>
>Hal
>
>
>
>{{greywolf at sover.net}}PGP Public key>>
>http://www.sover.net/~greywolf/gwkey.asc
>
********************************************************************** 

 We have been living in a state of serveal national emergancy for some time,but
you wont find any public documents about it.
 The emergancy conserns break away factions with in the U.S.
citezenry.This country is falling apart at the seams and a form of civil war is
predicted soon.
 The Federal govenment will respond by declaring Martial law on all
U.S. Citezens.
 They are allready prepareing for this war.I sugjest We prepair to.


Peace Love and Light :)
Wandering Bear
EarthSky Tribes
Cascadia Nation
Rainbow Family of Living Light
http://www.geocities.com/RainForest/1137

---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------





From nobody at huge.cajones.com  Mon Nov 18 17:28:17 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 18 Nov 1996 17:28:17 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <199611190128.RAA29725@mailmasher.com>



At 2:10 PM 11/18/1996, Sandy Sandfort wrote:
>Note in the following exchange that HC firsts asks for examples
>of harm, then when clearly unambiguous examples are given, tries 
>to imply that the examples are rare, trivial or (most amazingly)
>that the victim did suffer, but must have deserved his/her fate!

You are building a straw man.  Nobody has been said to deserve their
fate.  Their fates appear to be unlikely events.

Contrary to what several privacy advocates have implied, I am not
claiming that people should not be allowed to protect their privacy.
Nor am I claiming that people who protect their privacy are criminals.

I am asking why I should protect my privacy.  Most people have
concluded that it is not worth the bother.  Why are they wrong?

(And, why are privacy advocates uniformly hostile to these questions?
Because they are asked anonymously?)

>> BTW, are you operating under your True Name?
>
>NOYB.

Fair enough.

>More importantly, since you seem to think privacy isn't
>all that important why don't you give us your true name, date of
>birth, SS#, mother's maiden name, address where you sleep at 
>night, pictures of you (and your family), etc.?  After all, as 
>you wrote, the "odds are low" anything will come of it.

Who me?  No way!  :-)

HC







From azur at netcom.com  Mon Nov 18 17:54:17 1996
From: azur at netcom.com (Steve Schear)
Date: Mon, 18 Nov 1996 17:54:17 -0800 (PST)
Subject: Crypto Bounties: Another Thought that crossed my mind.
Message-ID: <v02140b00aeb671969014@[10.0.2.15]>


[snip]
Ian Grigg <iang at systemics.com> wrote:
>In order to overcome project failure, I could write my contract as a
>multi-supplier seed project (often done by governments).  That is, the
>pot gets shared around, say, the three best alternatives.  Once
>supplied, all are free to pick from the alternatives.
>
>In order to overcome the low silly bid, somehow reputation would have to
>be built into the market.  That is, your efforts in the past as
>programmer will cause your solution to be better valued than mine.

Why not the free market rate the programmers.  Have a software
distribution/payment collection system which requires that the programmer
get a completion bond from a 3rd-part insurance company.  If the programmer
fails to deliver as promised and/or on-time the donding company pays the
'investors' back in full. Since the bonding company's money would be at
risk, if the programmer failed to deliver, they have every incentive to
conservatively rate the programmers/companies offering ot build SW to spec.

[snip]
>There's a lot of aspects of newbies and switching funds that I havn't
>really thought through here.  However, I like this viewpoint because it
>eliminates the need for judges.  History shows that a good market
>microstructure will beat an authority approach in the long run.
>
>Also note that if you drop the free software assumption, and make it,
>say, moneyware, then the market becomes much more workable - the asset
>being traded is a share of future revenues.  This has more ramifications
>than might be obvious:  Propose a market to write a GAK killer for
>e$10,000.  If it clears and is built, is the Dept. of Justice forced to
>buy the rights out?
>
>> Has anything like this been proposed before?

Yes, Eric Hughes proposed a broad and structured proposal primarily
addressing this manner of market funding for software development (and
possibly suitable for other intellectual property creation) at DEFCON IV.
My previous comments on completion bonds were taken from his presentation.

--Steve







From zinc at zifi.genetics.utah.edu  Mon Nov 18 18:03:12 1996
From: zinc at zifi.genetics.utah.edu (zinc)
Date: Mon, 18 Nov 1996 18:03:12 -0800 (PST)
Subject: POC_ket
In-Reply-To: <1.5.4.32.19961118164214.006e9e00@pop.pipeline.com>
Message-ID: <lvpw1au9je.fsf@zifi.genetics.utah.edu>


-----BEGIN PGP SIGNED MESSAGE-----

jya at pipeline.com (John Young) writes:

> 
> WaJo reports today on IBM's tiny pocket computer that
> transmits data through the body -- to another body or to
> a device such as a telephone. Invented by Tom Zimmerman,
> formerly of the Media Lab, it can tell "anything you touch
> who you are." Being shown at Comdex.
> 
> The body as a token. How to crack a human? Grab and 
> squeeze out a pass phrase.


this particular paragraph certainly brought some ideas to my head: 

	Among other uses, Mr. Zimmerman says his setup could create
	a "personal area network" over one's body to link the
	various electronic devices a person carries. For instance,
	it could allow a pager attached to one's belt to transmit
	a phone number it receives to a cellular phone carried in
	a pocket. The researcher even imagines a version of the
	small computers that could be built into shoes, with the
	electricity to power them being generated by a person's
	steps.

talk about an opportunity for sniffing data off someone or just
pouring your data own into their 'personal network'.  this is the
'denial of existence' attack - the computer cannot talk to you - you
don't exist...

- -pjf
- -- 
"Those that give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)
			  finger for PGP key
zifi runs LINUX 2.1.9  -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMpEVLU3Qo/lG0AH5AQF91QP7Bq++q50LIvJ75f5MKPuifHgdO9OKZ7Kz
tYRo7YupZrTvhuCF/FO3UBf8l2QJuEPaBXvy8QSGXU/iEi/arBsNQ3o7jZnUKr5V
KAaWNM5qaFc596T3acTHu7ESi6/SYt3/8utdjcSl/a4MhrvVlxqYtQCzkGI3r3W2
IGo8ah5MVmw=
=CMX6
-----END PGP SIGNATURE-----





From shamrock at netcom.com  Mon Nov 18 18:15:31 1996
From: shamrock at netcom.com (Lucky Green)
Date: Mon, 18 Nov 1996 18:15:31 -0800 (PST)
Subject: Taking out the garbage
Message-ID: <Pine.3.89.9611181823.A3117-0100000@netcom6>


Beginning Monday, 11/25/96, I will bounce all email from the various 
(non-)subscribers polluting this list with garbage back to the 
authors. Furthermore, I will attach documents describing basic 
Internet rules of conduct to each bounce.

I would encourage other Cypherpunks to do the same. 

[Flames: /dev/null.]
-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred






From se7en at dis.org  Mon Nov 18 18:41:49 1996
From: se7en at dis.org (se7en)
Date: Mon, 18 Nov 1996 18:41:49 -0800 (PST)
Subject: Digests
Message-ID: <Pine.BSI.3.91.961118190307.11292C-100000@kizmiaz.dis.org>



Well, I finally finished all of them, and they are all currently on-line 
and up-to-date. If anyone ever takes on a similar project, I have some 
advice: don't ever let yourself get behind!

http://www.dis.org/se7en/

under the dc weekly digests section

se7en






From dlv at bwalk.dm.com  Mon Nov 18 19:15:04 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 18 Nov 1996 19:15:04 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <Pine.SUN.3.91.961118063411.10538D-100000@crl8.crl.com>
Message-ID: <J7DmXD21w165w@bwalk.dm.com>


Sandy Sandfort <sandfort at crl.com> writes:
> Any number of celebrities have been stalked, attacked and even
> killed by obsessed fans who found them through public records.

Sandy should learn some English.

> The US Post Office co-operated in the identification and
> imprisonment of people of Japanese ancestry during the second
> world war.

Sandy doesn't see the difference between the Post Office and the Census Bureau.
Sandy is a typical cypherpunk, one of John Gilmore's brainless stormtroopers.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jmr at rmisp.com  Mon Nov 18 19:18:18 1996
From: jmr at rmisp.com (Justin Robbins)
Date: Mon, 18 Nov 1996 19:18:18 -0800 (PST)
Subject: NT insecurity
Message-ID: <3.0.32.19961118194954.00964d10@rmisp.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 724 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961118/c60ea18f/attachment.bin>

From snow at smoke.suba.com  Mon Nov 18 19:25:28 1996
From: snow at smoke.suba.com (snow)
Date: Mon, 18 Nov 1996 19:25:28 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <199611181953.LAA05242@mailmasher.com>
Message-ID: <199611190342.VAA00399@smoke.suba.com>


> At 6:55 AM 11/18/1996, Sandy Sandfort wrote:
> >C'punks,
> >> Examples [of people who have suffered due to loss of privacy]?
> >Phil Zimmermann often tells the story of a woman whose marriage
> >was destroyed by the revelation of a long-past indiscretion. 
> >After her husband divorced her, she committed suicide.
> Deceiving your spouse is not a good reason to protect your privacy.

      Sure it is. Earlier this year I threw a party for my wifes birthday.
A suprise party. I had to deceive her to keep her out of the house I needed
privacy to do this.    

> >Any number of celebrities have been stalked, attacked and even
> >killed by obsessed fans who found them through public records.
> Unfortunately most readers of this list do not have this problem.

     It is still a valid example. Someone made the claim that people do not
need privacy, this is an example of someone who needs it. 
> >Every year, children and business executives are kidnapped for
> >ransom.  The proximate cause of these kidnappings is a breach in
> >privacy about the whereabouts and schedules of the victim.  
> Or this problem.

     See above.

> >Hitler's gun registration in Germany allowed the Jews to be
> >disarmed.  I'm sure you are aware of the ultimate consequences
> >of that little invasion of privacy.
> Not a bad example, but genocide happens rarely.

     Germany. Cambodia, Boznia, Somilia, Rwanda & Zaire. Soviet Russia, 
China...

     All within the last 60 years. 

     Yup. Rarely happen. 

> Those alert enough to protect their privacy in advance might be alert
> enough to get out in time, anyway.
> Subjective utility: low.
> 
> >The US Post Office co-operated in the identification and 
> >imprisonment of people of Japanese ancestry during the second
> >world war.
> 97,000 victims over a ~100 year period.  Doesn't really show up on the
> scope, sorry.  (Plus downside bad, but few were murdered.)

     I am sure that there are other victims in the PO's history, but 
not with as big of numbers. 

     1 is a crime, 100,000 is a crying shame. 

     You know that red thing you see when you open your eyes? It's your 
prostate. 


> >The problem with having a whole lot of private information about
> >you floating around in public is not what damage it can do to you
> >now, but rather the problems it potentially could cause in the
> >will you be about them if there is extreme right or left takeover
> >in the future?  Start to get the picture?
> These things CAN happen.  Will they happen?  Odds are low.
> BTW, are you operating under your True Name?

     I am, but I don't mind being a target. 

     If you think privacy is so bad, why are you indulging in it. 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From ph at netcom.com  Mon Nov 18 20:01:28 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Mon, 18 Nov 1996 20:01:28 -0800 (PST)
Subject: Playing Cards - Caution!
Message-ID: <v02140b00aeb6e056bb78@[192.0.2.1]>


A few days ago I suggested that playing cards are a good source
of entropy.  This was based on claim by Persi Diaconis which
was quoted in The Economist.

I've researched the claim and I now believe it would be wise not to
use playing cards as a source of entropy for cryptographic
applications.

A fully random deck of 52 cards has about 225 bits of entropy.  That
means that each riffle shuffle introduces about 32 bits of entropy.
Intuitively, that seems like a lot of entropy for one riffle shuffle.
I've tried a few riffle shuffles with a sorted deck.  While hardly
scientific, the level of randomness does not look like 32 bits.  Most
of the time the cards alternate.

The claim that 7 riffle shuffles of a deck of 52 cards will bring
the deck to a state of near randomness appears in this book:

Diaconis, Persi "Group Representations in Probability and Statistics"
Hayward, California: Institute of Mathematical Statistics, 1988.
ISBN 0-940600-14-5

The section "An Analysis of Real Riffle Shuffles" begins on page 77.

A model is presented which Diaconis believes is similar to how people
shuffle in real life.  What is troubling from a cryptographic point of
view is that there is little empirical evidence to back this up.  What
is more, Diaconis mentions that there is some variation in shufflers.
A neat shuffler will be less random.  (Side note: The Economist claims
Diaconis can execute 8 perfect shuffles in less than a minute.  This
means the deck is returned to its original order!)

>From the point of view of cryptography, neatness is not a very precise
term and should not be relied upon.

The book says that in the late 1960s, tournament bridge players
started using computers (!) to shuffle the cards as hand shuffling was
considered suspect.  This is less than reassuring.

Nothing I have written here is intended to reflect poorly on Dr.
Diaconis.  We were not solving the same problem, nor have I fully
understood his work.

In my first article I said this:

"Playing cards are a nice source of randomness because they are widely
available and their behavior has been under study for a long time by
people with strong financial reasons for finding flaws.  I slightly
prefer cards to dice because dice may be slightly predictable or even
loaded."

The study of randomness in cards looks much harder to me now.  Also,
flaws which may be exploitable for financial reasons when real money
is on the table may have to be substantially more dramatic than the
flaws required to exploit, for instance, an alleged one-time pad.

Here's why I now prefer dice: Dice are simple.  Each die throw can be
made to be quite independent of all other die throws.  Even loaded dice
may be used by throwing them repeatedly and adding the results mod the
number of sides to the die.  Dice which are suspect may be studied by
repeated throwing.  Non-independence can be more easily studied as
it can be assumed that a throw of the die is, at most, related only
to the previous throw and none before.

Peter Hendrickson
ph at netcom.com







From stewarts at ix.netcom.com  Mon Nov 18 20:17:11 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Mon, 18 Nov 1996 20:17:11 -0800 (PST)
Subject: FCPUNX:Playing Cards
Message-ID: <1.5.4.32.19961119041700.0057ad64@popd.ix.netcom.com>


-----BEGIN PGP UNSIGNED TEXT-----
At 03:14 PM 11/14/96 -0800, ph at netcom.com (Peter Hendrickson) wrote:
>It would be nice if cryptography software would allow you to enter
>randomly selected playing cards from time to time to increase the
>entropy of keys.  Careful people (Black Unicorn?) would enter the
>cards prior to sending each message.

If the keyboard-entropy program you're using hashes in the values
of the keys typed as well as the timing, this can let you improve the
actual entropy of the data you enter.  Get yourself a deck of cards
or some 20-sided D&D dice or toss some yarrow stalks or open a book randomly,
and type in those values rather than the fjfjfjfjfj stuff you
might otherwise use.  Won't hurt, and it'll let you be sure you've
got all the entropy you need*

                                Bill Stewart, lurking from fcpunx

[*Depending on how the universe has been treating you recently...]

-----PGP UNSIGNATURE BLOCK-----
32767WHATISSIXTIMESNINE23THEUMBERHULKHITS42GRATEFULDEAD10OFSWORDS
-----END PGP UNSIGNATURE BLOCK-----

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From deviant at pooh-corner.com  Mon Nov 18 20:56:31 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Mon, 18 Nov 1996 20:56:31 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <199611182000.MAA23957@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.94.961119045250.1139A-100000@random.sp.org>


On Mon, 18 Nov 1996, John Anonymous MacDonald wrote:

> 
> At 11:13 PM 11/17/1996, Huge Cajones Remailer wrote:
> > Examples?
> 
> How about the draft?  The privacy protected child has options the
> others do not.  Legal risk okay - beats getting shot.

Of course, if they fully instate the draft, and you don't fill out the
forms, they'll prosecute you for treason, and then they gas you (which is 
usually much more painfull and damaging than being shot is).

Don't get me wrong, I'm all for privacy; this just isn't the best example.

> diGriz

 --Deviant
Blood flows down one leg and up the other.







From deviant at pooh-corner.com  Mon Nov 18 21:01:05 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Mon, 18 Nov 1996 21:01:05 -0800 (PST)
Subject: How to slow the animals ...
In-Reply-To: <199611190020.QAA17742@server1.chromatic.com>
Message-ID: <Pine.LNX.3.94.961119045608.1139B-100000@random.sp.org>


uOn Mon, 18 Nov 1996, Ernest Hua wrote:

> 
> It seems that there are many technical means to stop abuse from
> the resource usage sense:
> 
> 1.  Prevent non-members from sending mail to the list.  (This may
>     be done already, but since I don't know, I cannot say.)
> 

This makes anonymous remailers not be able to send to the list, which is
(in principle) a Bad Thing.

> 2.  Limit the rate of new subscription requests (perhaps on a per-
>     host or per-domain basis.)
> 

Most domains don't have more than 1 problem user on them and on this list.

> 3.  Re-order out-going mail (from toad.com) according to size.
>     Drop messages from queue if it gets "reordered" too many times.
> 

nononononononono Bad Bad Thing.  If you start doing that, we'll start
getting replies before messages _even more than we do now_.

> 4.  Truncating long messages.
> 

You _must_ be joking...

> 5.  Re-order out-going mail (from toad.com) according to time of
>     last mail (from the originator).  Basically, limit the rate of
>     mail from any particular person or host or domain.
> 

This hinders many discussions; easier and more effecient not to.

> 6.  Refuse connections from "known host(s) or domain(s) of
>     abusers" during "busy" periods.

Which would only really be usefull on users who needed to be removed
anyway.  A Better fix might be to and more disk space to queue messages
in.

> 
> These are not whole-sale censorship mechanisms, but just abuse-
> resistence measures.
> 

"Abuse-resistance" is simple: If somebody abuses the list, warn them.  If
they continue, John does what he did to Vulis. Good Thing. 'nuff said.

> Ern

 --Deviant
Blood flows down one leg and up the other.







From piotrk at opnt.optimus.wroc.pl  Mon Nov 18 21:04:45 1996
From: piotrk at opnt.optimus.wroc.pl (piotrk at opnt.optimus.wroc.pl)
Date: Mon, 18 Nov 1996 21:04:45 -0800 (PST)
Subject: Unsubtroll
Message-ID: <199611190504.AAA09997@anon.lcs.mit.edu>


unsubtroll





From stewarts at ix.netcom.com  Mon Nov 18 21:21:30 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Mon, 18 Nov 1996 21:21:30 -0800 (PST)
Subject: HP GAK Proposal
Message-ID: <1.5.4.32.19961119052111.003c4884@popd.ix.netcom.com>


http://www.dmo.hp.com/gsy/security/icf/main.html
is a proposal by HP; don't know if it's the same as what they
announced Monday.  It's the approach they talked about 6 months ago or so,
hardware solution with "tamperproof" module and government policy plugins.
The example they show pictures of is a PCM-CIA card with little tabs
you can plugin with US, UK, and some other flag on them, which would 
let your card do US, UK, and other flavors of GAK.

It's nice to see an announcement the same week for
strong-crypto plugins for Netscape, developed in Israel.....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk






From whgiii at amaranth.com  Mon Nov 18 21:37:01 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Mon, 18 Nov 1996 21:37:01 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <199611171612.IAA01572@mailmasher.com>
Message-ID: <199611190651.AAA00275@mailhub.amaranth.com>


-----BEGIN PGP SIGNED MESSAGE-----

In <199611171612.IAA01572 at mailmasher.com>, on 11/17/96 at 12:12 PM,
   nobody at huge.cajones.com (Huge Cajones Remailer) said:

>I know many people who were happy they had insurance due to car
>accidents, health problems, or whatever.  What is more, the odds of
>these events are carefully calculated and available.  Call an actuary.

>Are there similar sources of information calculating privacy risk?  I
>don't think so.

>Informally, I don't know anybody who has suffered due to a loss of
>privacy.

>It may be the case that it is politically beneficial to have a society
>of privacy fanatics.  But, this is different from the direct benefit
>to each participant.

>My question remains unanswered, probably because privacy isn't worth
>the effort.

Well I can give you a couple of examples from personel "suffering" from loss of privacy:

#1. While living in KC I had a co-worker obtain my SS# which he then used to have all his
utilities put in my name. (Utility companies only asked for SS#, Name & Place of
employment). I did not find this out until 9mo. later when I went to have utilities turned
on in my new house. (I was previously living in an apartment which utilities were included
in the rent). It took several months, an attorny & many calls to the utility board to get
the mess straightend out.

#2. The Ill. State Police got my name cross-referenced with a convicted fellon in thier
computer system. Didn't find this one out until I needed to get my security clearance
renewed for a contract. Needless to say the client was not pleased. This took over a year
to get straightend out and god only knows how many other computer systems still has me
listed as a convicted car theif. Funniest part is that while this guy was rotting in jail
I was living overseas.

It is all too easy today with the current state of computer & information technology to
get f***ed. Needless to say I take my privacy much more seriously than I did before.

- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    
Cooking With Warp 4.0

Author of E-SECURE - PGP Front End for OS/2

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
*MR/2 ICE: OS/2: Your brain.  Windows: Your brain on drugs.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpE57Y9Co1n+aLhhAQEfuQP/bePn5mwfEPiY96AOG9OhOiY8/nAYUXGJ
dza8KGRexQ1HT4prLm6ZRbMOh13yj+5zUOWU7jUVS3aSTWm83LdBLtMXlL0IuD01
YP06os1BT04+iQ08GhNdhviG2QWuubJfVfIcUMLe+Bekt5sgHx+xlhwRrksWICjP
N90lFbZ73ds=
=pRlg
-----END PGP SIGNATURE-----






From shamrock at netcom.com  Mon Nov 18 22:09:27 1996
From: shamrock at netcom.com (Lucky Green)
Date: Mon, 18 Nov 1996 22:09:27 -0800 (PST)
Subject: How to slow the animals ...
In-Reply-To: <Pine.LNX.3.94.961119045608.1139B-100000@random.sp.org>
Message-ID: <Pine.3.89.9611182253.A23579-0100000@netcom6>


> "Abuse-resistance" is simple: If somebody abuses the list, warn them.  If
> they continue, John does what he did to Vulis. Good Thing. 'nuff said.

As we all noticed, doing what John did was of little help. While I 
support John in his decision, I believe the the offenders should be 
source blocked as well.

--Lucky





From whgiii at amaranth.com  Mon Nov 18 22:20:12 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Mon, 18 Nov 1996 22:20:12 -0800 (PST)
Subject: POC_ket
In-Reply-To: <961118184128_1083259824@emout08.mail.aol.com>
Message-ID: <199611190735.BAA00615@mailhub.amaranth.com>


-----BEGIN PGP SIGNED MESSAGE-----

In <961118184128_1083259824 at emout08.mail.aol.com>, on 11/18/96 at 07:41 PM,
   Bryondp at aol.com said:


>Take me off the list!!!!

Never!!!! You are doomed here forever!!!!!!!!!!!!! mahahahaha!!!!!! 
*MR/2 ICE: I don't do Windows, but OS/2 does.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpFEEo9Co1n+aLhhAQG1tgP+Jw4ls5JrpE5ZO0I/EySfFW3lfONdJbMz
nyGciKeClwN+eJ8Wbz9MjdBq3QLMC+sUNHTmxUuLDmnWA0SobWgl9hnxGUCvdugN
ur1I+WBZVG+VBRQE39THIwe0ncOQgPodGXW2KmpkP9F0Nz7Axd6B6xdlHcxJ36m/
7iC4Jgd6iu0=
=b1jT
-----END PGP SIGNATURE-----






From jer+ at andrew.cmu.edu  Mon Nov 18 22:26:11 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Mon, 18 Nov 1996 22:26:11 -0800 (PST)
Subject: Extreme Left/Right
In-Reply-To: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>
Message-ID: <0mYJ==200YUe083bw0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

James Ormond <jimo at astea.com> writes:
<snip>
> He defined the "political spectrum" as follows:
> 
> < ------- LEFT                                                 RIGHT ------->
> 
>             Monarchy      Oligarchy      Democracy      Republic      Anarchy
> 
> Rule by:      ONE            FEW           MANY           LAW           NONE
> 
> Examples:   Dictator,     Communist,      Lynch Mob     Constitutional
>             King          Fascist State                 Govt (US before
>                                                         1930's)

I prefer the 2 dimentional spectrum (the libretarians tend to push
this) that l;ooks more like this:

                (fucking) Statist



           Left                   Right



                   Anarchist

The statist-anarchist (the lidretarians use "libretarian" instead of
"anarchist") scale is dependant on the centralization of power, and the
left-right scale has to do with the amount of collectivism.

So, the extremem of leftist-statis would be a socialist monarchy
(think China), whereas leftist anarchist societies (like the commune I
lived in last summer) are also possible. To round it out, there's
right(ist? wing?) statist, like say pre-revolution France, and
right(ist/wing) anarchist, which is what most people think of as
anarchy, I guess.

As you hint at in your post, the simple right-left scale is totally
inadequate to describe political beliefs. I think that the one you're
using was created by folks who wanted to demonize leftists.

> Maybe I'm totally wrong in my thinking.  If I am please try to clarify 
> things for me.

Hope I did.

> I think that most "leftists" and "rightists" want many of the same 
> things.  We can't get together because the language we use has been so 
> corrupted.  

Yeah, personally, I'm a moderate-left anarchist. It seems to me that
most folks on this list are rightist anarchist. While our desired
furute worlds are not the same, they are completely compatible as
there is no central power to enforce an economic model on the citizen-
units. Our methods to achieving our goals are also quite similar.

Hope this helps,
Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpFSv8kz/YzIV3P5AQENCwMAgaLrCrefc2y50Zdb8hPdO4enZA3ZvsxW
sLNSqyS6CRuzBWXeCj51FWWVFbWKVyS6BZjnsVkQxJGBli0eI7x8GLP4nPwhz7eq
JCgw8rwGiXIpplMty5RXLD61yfOFpi5o
=GkkO
-----END PGP SIGNATURE-----





From frantz at netcom.com  Mon Nov 18 22:31:28 1996
From: frantz at netcom.com (Bill Frantz)
Date: Mon, 18 Nov 1996 22:31:28 -0800 (PST)
Subject: HP announcing some International Cryptography stuff on Monday
Message-ID: <199611190631.WAA25180@netcom6.netcom.com>


At  6:44 PM 11/17/96 -0800, Lucky Green wrote:
>I have a hard time believing that Netscape caved. As I wrote in July, HP 
>was working on selling our children's birthright to obtain an export 
>license for their product. But Netscape participating in this just 
>doesn't sound right.

I agree about Netscape.  IMHO they started with their hearts in the right
place, but with a naive lack of experience in real-world security.  Since
their hearts are in the right place, and they have good people, they have
improved a LOT in the last year.


>> Since I am inherently optimistic, one ray of light may be that the San Jose
>> Mercury News was mentioning the ability to export the system, and then when
>> the necessary licenses (US and foreign) were obtained, turn on the
>> encryption.  I guess from this that the encryption is in hardware.  Now,
>> software/hardware interfaces are usually fairly simple, so what we have
>> here is a software system with a crypto hook.
>
>One possibility is that all crypto is done in hardware. The recent 
>announcements by many hardware manufacturers that smartcard readers will 
>be included in all their products (MS will put them into their keyboards) 
>might get the necessary infrastructure deployed.

I was assuming that you would interface software crypto where the hardware
crypto goes.  The best way to hack this will depend on the specific
implementation.  (At the same time you are gronking* the software calls to
the hardware, you can gronk the signature checking code.)

* gronk v.t. To hit over the head with a club.  From Johnny Hart's cartoon, B.C.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From whgiii at amaranth.com  Mon Nov 18 22:46:29 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Mon, 18 Nov 1996 22:46:29 -0800 (PST)
Subject: Extreme Left/Right
In-Reply-To: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>
Message-ID: <199611190801.CAA00778@mailhub.amaranth.com>


-----BEGIN PGP SIGNED MESSAGE-----

In <Pine.HPP.3.91.961118184355.23458G-100000 at hpg60.astea.com>, on 11/18/96 at 09:10 PM,
   James Ormond <jimo at astea.com> said:

[snip]

>I think that most "leftists" and "rightists" want many of the same 
>things.  We can't get together because the language we use has been so 
>corrupted.  


Actually most of those today that consider themselfs on the "right" or "left" are truly
socialist/statist. They have their select group of "rights" & special intrests that they
want protected but are often willing to distroy all other rights in the process.

The debate of socialism vs. capitalism died in this country decades ago. It now has
degenerated into what flavor of statism do you want?

Either a people are free or they are not. There is no middle ground. You can't be a little
pregnant. 

- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of E-SECURE - PGP Front End for OS/2

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
*MR/2 ICE: Turn your 486 into a Gameboy: Type WIN at C:\>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpFKL49Co1n+aLhhAQEfoAP/fs56AZntB4nMkNPB5mxTMdFEGHy+7DQb
Vjlu/HAI5ym8/nIjLZaSai/j2Rh+zH5KL65hAH0CTwaXnm2vV8nfwQ5p6PgKQv35
j2+FKoWycYLArpqydRGRtIXNpCMzfMuoNR5xN5OeOaiiXckJhyREVK+rkRyjBazc
fjRq5MIh4+8=
=9hy3
-----END PGP SIGNATURE-----






From jer+ at andrew.cmu.edu  Mon Nov 18 22:56:13 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Mon, 18 Nov 1996 22:56:13 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <199611190128.RAA29725@mailmasher.com>
Message-ID: <0mYJac200YUe083co0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

nobody at huge.cajones.com (Huge Cajones Remailer) writes:
> I am asking why I should protect my privacy.  Most people have
> concluded that it is not worth the bother.  Why are they wrong?
> 
> (And, why are privacy advocates uniformly hostile to these questions?
> Because they are asked anonymously?)

I, too, have been rather confused by the responses. I considered
replying as soon as I saw your(?) original post, but figred that my
views would probably already sitting on someone else's mail spool, so
didn't add a "me too" to the list. Unfortunatly, no one has presented
a clear outline, so here goes.

Protection of your privacy

   From "valid" authorities
       You may not trust your government/police/employer to deal
       with your speech/actions in a way that you find acceptable.
       This is kinda the "dark horse" of provacy, since it allows
       the four horsemen to spred porn and serin across the land.
       However, there are many reasons to not trust the gov't. Maybe
       you sell post to cancer patients. Many people would not
       condem your actions, but the DEA would. This also encompases
       the argument of insurance from political revolution which has
       been much dwellt on. (Is dwellt a word?)

   protection from "criminal" elements
      This is typically the argumnet given by econoists and the like.
      You want to protect your CC # and other personal info. Also,
      those posters to alt.sexual.abuse.recovery might want to protect
      their identities.

Protection of the privacy of others
   So, say you don't care if some high school d00d3z clean out your
   bank account and the MeesePolice imprison you for posession of
   _Arabina Nights_. Using techniques to protect your banal infor-
   mation also protects those with something to hide. Take, for
   example, anonymous remailers. Assuming you encrypt and chain and
   all that Good Stuff, the bad guys can't tell your post to cypher-
   punks asking why you should protect your privacy from Bob's post
   to alt.blacknet giving the location of all US nuke sites. If no
   one except those with someting to hide protected their identity,
   then it would be an easy thing to (under a slightly more oppres-
   sive political regime) toss them in jail. 

The first argument (protecting yourself) has been much talked about in
this thread, but the second has been AKAIK, untouched. I, pesonally,
think crypto is just swell. As such, I pgp sign all my posts/email.
Not only is it one more layer of protection against forges, it helps
spread the PGP meme.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpFZoskz/YzIV3P5AQEQEgL/ST9XHUJ1GmAe53n2P1pRD0kyJX+1r9Iz
LUd5PfDkYdMUIhws2JFGtCjCd4ie7tzIVmGj7km7y9KDPO+ih1Y12sPI4Tc1xS8u
Wp9lXtznFeSZzGwECIGtfJSqphzS53Da
=C6la
-----END PGP SIGNATURE-----





From dthorn at gte.net  Mon Nov 18 22:57:32 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 18 Nov 1996 22:57:32 -0800 (PST)
Subject: ?????
In-Reply-To: <199611181848.KAA17573@abraham.cs.berkeley.edu>
Message-ID: <32915414.311E@gte.net>


John Anonymous MacDonald wrote:
> Date: Sun, 17 Nov 1996 05:36:00 -0800
> To: cypherpunks at toad.com
> (John Anonymous MacDonald) apparently wrote:
> |Dale Thorn wrote:
> |>people on a list are given tools to filter with and reminded on |>occasion
> |>how to use them?

> |You are the reason, you can't shut up and you have little or nothing |to say. plonk.
> I wish I'd said that; my fear is that Dale will take 17 messages to compose his vapid thoughts.
> Love you all.

Strange love, huh?  For the record, I replied to your previous hate mail
privately to avoid putting totally useless stuff on the list, but since
you insist on pressing the (useless) point, Mr./Ms. Censor-happy asshole,
I'll say it publicly (assuming *they* allow it):  Take a hike, a long walk
off a short pier, etc.  Nobody really cares about you or what you think,
probably not even your mother.  This is not a love forum, it's a forum
by and for ego-maniacal paranoids who don't really love anyone but them-
selves, or maybe a really close friend (likely no more than one) just
enough to not kick them out onto the street.

BTW, I'm not saying that ego-maniacal paranoids are necessarily a bad
thing, particularly in a world full of rednecks (their counterpart, but
with less brainpower), just that they need to be reminded now and then
that they are *not* in fact gods or godoids or whatever.

BTW-2, you're probably still smarting from when I told you that your
precious PGP et al is basically 1940's technology attempting to run on
processors that should be relegated to pocket PDA's.  You really should
grow up and work on something that can use the brain cells you have left.







From dthorn at gte.net  Mon Nov 18 22:57:41 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 18 Nov 1996 22:57:41 -0800 (PST)
Subject: Fuck You Dumb Cunt
In-Reply-To: <199611182134.NAA08552@kachina.jetcafe.org>
Message-ID: <32915780.27B0@gte.net>


Stephen Boursy wrote:
> Dave Hayes wrote:
> > Brian Davis writes:
> >> I'm especially sorry that some of you don't believe in property
> >> rights.

> > I believe in them, alright. It's just that they seem to be at odds
> > with freedom of speech.
> > They are at odds with a lot of other things as well, but that's
> > a different fla...er...discussion.

>   I believe the posession of property is a priv. to be taken
> away if abused.  There is no such thing as a 'right' to
> property--in fact the very notion seems absurd.

You've just lumped all possessions into a single category.  There's a
valid argument against private ownership of land when ownership of that
land can be (and usually is) moved from the people at large to just a
few people, then eventually to dictators, etc.

But are you suggesting that if I trade my labor for some material item
which was built with other people's labor, and that material item is
sufficiently portable that it doesn't have to occupy a significant
piece of real estate (i.e., a house, a large boat), *they* should be
able to take that material item away from me anyway on whatever pretext,
on the basis that possession of it is a *privilege*?  Is my paycheck,
given to me directly for my labor just a privilege?






From tcmay at got.net  Mon Nov 18 23:00:17 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 18 Nov 1996 23:00:17 -0800 (PST)
Subject: HP announcement
In-Reply-To: <3.0b28.32.19961118103631.006b5260@ricochet.net>
Message-ID: <v03007802aeb70b2595c7@[207.167.93.63]>


At 1:26 PM -0600 11/18/96, Mike McNally wrote:

>A lot of the security (that is, "security" from the point of view of
>nervous Federales) seems to rely on certificates and tokens that are
>supposedly spoof-proof (I guess).  Looks to me as if application
>certificates will be rather difficult to protect from being "abused".
>It's also not clear to me how they'd prevent my flying to Luxembourg,
>getting a Policy token that allows any & all crypto functions, and
>then flying my butt back to Singapore for an encryption party.

Or using the method someone (Duncan?) suggested a few years ago: recruit a
bunch of derelicts and winos and other such "invisibles" to apply for
Official Permissions in their own True Names, pay them off with the bottle
of Thunderbird promised them, and, voila!, one has a unique Official
Permission (policy card, for example).

Absent biometric identification or other complicated verification (such as
geographic methods...I'm dubious), I can't see how this wouldn't work.

(And I think there will be dozens of other ways to subvert the H-P/Intel
system.)

--Tim May


"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From roy at sendai.scytale.com  Mon Nov 18 23:02:19 1996
From: roy at sendai.scytale.com (Roy M. Silvernail)
Date: Mon, 18 Nov 1996 23:02:19 -0800 (PST)
Subject: Irono-troll (was: Re: The Utility of Privacy)
In-Reply-To: <199611181953.LAA05242@mailmasher.com>
Message-ID: <961118.235844.8Q8.rnr.w165w@sendai.scytale.com>


-----BEGIN PGP SIGNED MESSAGE-----

A troll using nobody at huge.cajones.com writes in reply to Sandy Sanfort a
lot of dismissal of past tragedies resulting from privacy violations.
Hir consistent viewpoint seems to be that protecting ones privacy has no
value.  Then sie has the temerity to ask

> BTW, are you operating under your True Name?

My ironometer is absolutely pegged.
- -- 
Roy M. Silvernail --  roy at scytale.com
           "I used to be disgusted, but now I'm just amused."
            -- from an old T-shirt(ca. 1975), not an Elvis Costello lyric

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpFQkRvikii9febJAQGzMwP9GohOAkCgySe6AMQBo7p5pix5IhpbJ5Ag
srWHv7bp/ARzOx39kMDUhNf/R0+hW4s+emJdn40tRhu0ZKroFzahMU1NPn/COUPO
p1ecbXxmWmUISgB3Xq/rl4kwIf6yx/z0mvId1fXEUGkhu686aaukSvnKJ583VbNL
HlPfR9hS4OM=
=w4LD
-----END PGP SIGNATURE-----






From dthorn at gte.net  Mon Nov 18 23:15:00 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 18 Nov 1996 23:15:00 -0800 (PST)
Subject: Extreme Left/Right
In-Reply-To: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>
Message-ID: <32915E11.3DBE@gte.net>


James Ormond wrote:
> Sandy,
> I always had trouble understanding what people meant when they used the
> terms "extreme left" and "extreme right".  Then, about 4 months ago, I
> saw a guy define the "political spectrum" the way (he said) it used to be
> defined before the definitions were corrupted (by whomever wants to
> divide - and conquer - the people).  It made sense to me.  A spectrum
> afterall, at least when we're talking about colors, starts with one type
> of color and graduates to other, DIFFERENT colors.

[snip]

Tell ya' something you might find amusing:  During the 1992 campaign,
when I worked for awhile for Perot The Populist, I also sent personal
letters to every right- and left-wing organization I could find out
about (a couple thousand orgs and individuals), and I kept track of the
responses.

My records indicated that the orgs and individuals identified closely
with the *Right* were twice as responsive as those on the *Left*, and
easily ten times as friendly.  There's something to be said about the
down-home sincerity of those folks in small-town America, as opposed to
the ruthless, cynical people who mostly populate the left-wing positions
of influence today in big cities.

Of course, if the Right were to seize power from the Left today (i.e.,
take over newpapers, TV, and so on), what I've described might shift
a bit.






From higgins+ at CMU.EDU  Mon Nov 18 23:18:49 1996
From: higgins+ at CMU.EDU (Michael Higgins)
Date: Mon, 18 Nov 1996 23:18:49 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <199611190651.AAA00275@mailhub.amaranth.com>
Message-ID: <gmYJvGG00YUn0Ttc00@andrew.cmu.edu>


Forgive me if I missed it, but there seems to have been little
discussion of the link between privacy and identity in this thread.
(The list is so noisy that I miss a lot of things.)

On most computer systems, one's identity is represented by some
secret, whether it's a login password or a private key.  Obviously, to
maintain the integrity of the identity the secret must be protected
which requires privacy.

Now whether or not I have "something to hide", I very much want to
protect my identity from being usurped.  (He who steals my purse
steals trash...)

Now is it the case that people are interested in stealing identities?
Certainly.  My account on the CMU Andrew system (where this is being
written) was compromised once.  Not out of any animosity toward me,
but simply as a platform to launch a hacking attack on some other
system.  (Universities, and I suspect other networks, are rife with
packet sniffers.  Having been burned once, I rely tremendously on
encrypted connections.)

This is not to say that one's identity-secret is the only secret worth
protecting.  But I thought I'd mention it as something to think about.

	Mike

P.S. In a way, credit card numbers are identities --- the fact that we
just hand them out to people is very disconcerting.  (I'm told that
most credit card fraud is by vendors.)





From mhayes at infomatch.com  Mon Nov 18 23:51:03 1996
From: mhayes at infomatch.com (Murray Hayes)
Date: Mon, 18 Nov 1996 23:51:03 -0800 (PST)
Subject: It is getting easier
Message-ID: <199611190750.XAA19020@infomatch.com>


On Fri, 15 Nov 1996 13:02:10 -0800, Bill Frantz wrote:

>At 11:25 PM 11/14/96 -0800, Lucky Green wrote:
>>If I remember correctly, some of the newer transponders used on 
>>commercial aircraft actually transmit GPS data back to the controller in 
>>real time. I wonder how long it will be before the FAA will include such 
>>information in their database.
>
>I don't think new transponders make much difference.  The old ones heighten
>the radar image of the airplane which gives an accurate 2D position.  This
>position is automatically entered into the FAA computer which maintains the
>ATC controller's display.  In the old style, altitude is determined by an
>altimeter on the airplane which encoded into the transponder signal.
>
>If newer transponders are returning GPS signals, the position may be more
>accurate (but probably not unless they can decode the selective
>availability signal).  (OBCrypto for those who care.)
>
>
>>"To obtain the position of any passenger flight in the US within 10 
>>meters, click here."
>
>In either case, the Passenger Name Records for the flight are in the
>airlines databases (and have been there for many years), and the airplane's
>physical position is in the FAA's computer (and has been for many years). 
>The ability to find the current position of an airplane, or a passenger
>remains dependent on the incentives and disincentives for database linking
>and application development.  There are no insurmountable technical
>problems.  The technical problems are those of getting old-technology
>software to do something new.
>


Wouldn't it be a breach of privacy to alow anyone to know the location
of a passanger?  A plane maybe, but the roster of passangers is 
protected by the Privacy Act.

just my 2 cents.


mhayes at infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip






From jya at pipeline.com  Mon Nov 18 23:51:18 1996
From: jya at pipeline.com (John Young)
Date: Mon, 18 Nov 1996 23:51:18 -0800 (PST)
Subject: Securing Electronic Mail Within HMG
Message-ID: <1.5.4.32.19961119074914.006a7368@pop.pipeline.com>


We have received from an anonymous source a document titled:

"Securing Electronic Mail Within HMG, Part I, Infrastructure 
and Protocol." 21 March 1996.

>From the Introduction:

"This document is the first part of CESG's recommendations for 
securing electronic mail within HMG. The main objective of the 
recommendations is to facilitate pan-government secure inter-
operability of electronic mail, by simplifying the implementation 
of secure electronic mail within government, ensuring secure 
electronic mail between departments is possible, attempting to 
facilitate future inter-operability with commercial users,
maximising the use of commercial technology in a controlled manner,
whilst allowing access to keys for data recovery or law enforcement 
purposes if required."

Other sections describe:

2. Authentication Framework

3. Confidentiality Framework

4. Security Protocol

The document refers to the Royal Holloway program for TTP critiqued 
by Ross Anderson and others as "EuroClipper." Perhaps those with 
more knowledge could make an assessment.

The document consists of 13 pages of text and diagrams, with 
a few gaps.

-----

http://jya.com/sem.htm  (35 kb with 7 jpg images)







From amp at pobox.com  Tue Nov 19 00:01:15 1996
From: amp at pobox.com (amp)
Date: Tue, 19 Nov 1996 00:01:15 -0800 (PST)
Subject: Extreme Left/Right
Message-ID: <01IC0JILZQV49FMADN@MAIL-CLUSTER.PCY.MCI.NET>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: jimo at astea.com, cypherpunks at toad.com
Date: Tue Nov 19 01:59:15 1996
> I always had trouble understanding what people meant when they used the 
> terms "extreme left" and "extreme right".  Then, about 4 months ago, I
> saw a guy define the "political spectrum" the way (he said) it used to be
> defined before the definitions were corrupted (by whomever wants to 
> divide - and conquer - the people).  It made sense to me.  A spectrum 
> afterall, at least when we're talking about colors, starts with one type
> of color and graduates to other, DIFFERENT colors.

The real problem you are having is that the political 'spectrum' is not 1 
dimensional (a line). If you describe it in 2 dimensions, it makes a lot 
more sense. The libertarians have a diagram they call the worlds smallest 
political quiz that describes it fairly well. It can be found at 
http://www.libertarian.com/wwlp/docs/awspq.html?quiz

I first saw mention of a chart similar to this in the 60s. It was a way of 
describing beliefs politically that was put forth by Jerry Pournelle. (Who 
is available on the net btw.)  

 
> When I used to listen to a certain "leftist" radio station broadcasting 
> out of New York City, they would talk about "left-wing", communist 
> dictatorships and "right-wing", fascist dictatorships.  A dictatorship is
> a dictatorship!!!  The "wing" that it comes from makes no difference!! 

Yup. You hit the nail on the head here. This is something that any thinking 
person should recognise. The basic way we are taught to understand and 
reference politics =makes=no=sense=.


>  The 
> way the media defines these things makes no sense; you can't have a 
> dictatorship on BOTH sides of a POLITICAL SPECTRUM no more than you can 
> have YELLOW on both sides of the COLOR SPECTRUM.

Take a gander at the libertarian's chart. I think it is a more accurqte way 
of describing people, and in fact is similar in some ways to what you 
describe. A philosophy is charted based on how one views personal and 
property rights.

amp

===
amp at pobox.com
Earth First! We'll strip mine the other planets later!
===
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpFo01UbR1RWr40pAQG9Xwf/YN1d9WYNjX4NG9J2O5w78+c1XWPXVVII
b8vN9UmfsaG4fXvo+1RY2nwCm20riAQ+4KPpzANSMI5T7LePRuHHR6NcHIDbVnNv
zb7mlxfsvgpUR+cvNDWOsi2gkJoxhJhBn9x3gvsdGKSz2fTUA+5LUgVIrkZjicll
qro7d3omrf4OetDmkehYK1YeAJg3bv1yGj5HMxaMrT8RBzU625goyxz8MBc0PlkL
NrXz7uUdFd1AAElmqenkRp2jjSiZ3dQkenOuaN8T8eV5hAAdnUKLQd36ffBclqKj
D4ggCz27CCvTFtC/wFXFbKOhHXqARk06o4ELJBcVO/Ka8FBVi5+C4Q==
=suQe
-----END PGP SIGNATURE-----






From isptv at access.digex.net  Tue Nov 19 00:17:09 1996
From: isptv at access.digex.net (ISP-TV Main Contact)
Date: Tue, 19 Nov 1996 00:17:09 -0800 (PST)
Subject: "Meeks Unfiltered" on ISP-TV Wednesday nights
Message-ID: <199611190816.DAA15253@access4.digex.net>


*** ISP-TV Program Announcement:

	"Meeks Unfiltered"

*** Wednesday, Nov. 20 ***
*** 8:00 PM ET         ***

Brock N. Meeks, publisher of the 800,000 subscriber CyberWire Dispatch
electronic news service, will bring his crusading style into real-time
Internet video with "Meeks Unfiltered." The live uncensored hour-long
show, produced and distributed through ISP-TV, will explore cyberspace and
cyberpolitics Wednesdays at 8 PM Eastern Time. 

***
If you missed last week's show with Brock and Declan McCullagh, you can
listen to a RealAudio version at:

		 http://www.digex.net/isptv/meeks.html
***

"Meeks Unfiltered" can be viewed on the ISP-TV main CU-SeeMe reflector at
IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at
http://www.digex.net/isptv/members.html

See URL http://www.digex.net/isptv for more information about the ISP-TV
Network

To obtain Enhanced CU-SeeMe software, go to:

	http://goliath.wpine.com/cudownload.htm








From tfs at adsl-122.cais.com  Tue Nov 19 00:23:54 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Tue, 19 Nov 1996 00:23:54 -0800 (PST)
Subject: Exposing GAK / Clipper III
Message-ID: <9611190823.AA09555@adsl-122.cais.com>


(this is my preliminary .02 cents on a part of this so far)

I've been giving the "how to deal with this" question some thought,
as it seems the government strategy is to chip away at our
right to privacy via extorting compromise and any other method
they can come up with. 

It occurs to me that one of the things that has been going on,
is that the Government (US) in it's discussion of crypto and
what it will and won't allow, has been playing on the nature of
the beast somewhat. In that many of the most tradtional uses of
crypto are to keep the conversations of governments private,
there is a neccesary tradition of quiet and secrecy that goes on
about it.

It appears to me that this aspect of "quiet" discussion has carried
over into the discussions with the private sector over it. Well, the
problem I see with that is that it makes little to no sense. There
is no reason for it. In many, many other sectors of the government,
with the defense industry perhaps being the most leading one, 
private entities of all sorts, and particularly corporations, go to
a serious effort to openly lobby their positions as well as what they
want PUBLICLY to the government.

The recent spam of TV ads in the DC area by Lockheed Martin corp. is 
a very good example of this type of effort. 

My point being, what sorts of things the government is asking of
industry should be far more openly disputed and discussed, and lobbied
than they are. Crypto is not the black art, nor is it that-which-has-no
name and should you say it you'll be struck by lightning type of thing
that certain gov entities treat it as, it's a frakin tool to ensure
privacy, and that's all. Granted, it's one hell of a hard tool to work
on and with, but it's still just a tool.

We need more openess from industry and interested corporations. Lame
press confrences that come after the fact are not in their or the
public's interest. Perhaps we as the public should try to encourage that
more directly from corps as well.
 



Tim








From tcmay at got.net  Tue Nov 19 01:04:04 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 19 Nov 1996 01:04:04 -0800 (PST)
Subject: Rogue Governments Issuing Policy Tokens
Message-ID: <v03007800aeb7270c6d3b@[207.167.93.63]>



We've touched on this issue several times, in several contexts.

The problem (for GAK) of "rogue governments" is this: a government such as
Libya or Panama, henceforth to be known as "Rogueitania," issues policy
cards to all of its citizens, and to all those visiting Rogueitania, and
perhaps through the mail to anyone who pays some fee.

So, unless the U.S. actually does implement _import controls_ on such
things, the willingness of Rogouitania to freely issue policy cards with no
restrictions, guts the U.S. system.

(The crypto community does in fact call these issuers "rogue governments."
For example, in the mid-80s this was the subject of some "Crypto" papers
about rogue governments (like Libya) possibly being willing to issue false
passports to agents, terrorists, etc. Gee, the U.S. would have no interest
in doing such a thing, either for their own agents, their own covert action
squads, or their own 50,000 people given false identities in the Witness
Security Program.)

We raised many issues similar to this during the Clipper I, Clipper II,
etc., exercises. The whole issue of why foreign governments would willingly
see the NSA with intercept capabilities for their traffic was never
addressed by the Administration. Nor was the issue of rogue governments.
Nor many other issues.

(I don't even think Denning and her Blue Ribbon Panel ever issued their
final report on their weekend-long study of Clipper....events sort of made
it moot.)

And I don't expect substantive answers to our questions on the latest
Clipper announcement for years, if ever.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From patm at connix.com  Tue Nov 19 01:07:50 1996
From: patm at connix.com (Pat McCotter)
Date: Tue, 19 Nov 1996 01:07:50 -0800 (PST)
Subject: Extreme Left/Right
In-Reply-To: <Pine.HPP.3.91.961118184355.23458G-100000@hpg60.astea.com>
Message-ID: <329174bc.8030604@smtp.connix.com>


On Mon, 18 Nov 1996 20:10:53 -0500 (EST), you wrote:

:
:Sandy,
:
:I always had trouble understanding what people meant when they used the 
:terms "extreme left" and "extreme right".  Then, about 4 months ago, I
:saw a guy define the "political spectrum" the way (he said) it used to be 
:defined before the definitions were corrupted (by whomever wants to 
:divide - and conquer - the people).  It made sense to me.  A spectrum 
:afterall, at least when we're talking about colors, starts with one type 
:of color and graduates to other, DIFFERENT colors.
:
:He defined the "political spectrum" as follows:
:
:< ------- LEFT                                                 RIGHT ------->
:
:            Monarchy      Oligarchy      Democracy      Republic      Anarchy
:
:Rule by:      ONE            FEW           MANY           LAW           NONE
:
:Examples:   Dictator,     Communist,      Lynch Mob     Constitutional
:            King          Fascist State                 Govt (US before
:                                                        1930's)

You forgot the property situation under each.

Anarchy: (IMO belongs left of monarchy, just to keep it mathematical)
           Ownership and distribution of product of ownership
              controlled by the strongest mob.

Monarchy:  Ownership by the one. Privileged few allowed to make use of
              it.

Oligarchy:
           Communist: No private ownership. Distribution of product by
              the state.
           Fascist: Private ownership allowed. Distribution of product
              by the state.

Democracy: Ownership and distribution by the loudest mob.

Republic:  Private ownership and private determination of
              distribution.
            (Major paradigm shift in governance - away from whims of
              one/few/many *people* to *objective laws*.) 
                  NOTE: Key word here is *objective* - not law. Whims
                        are subjective.

--
Pat McCotter
Finger patm at connix.com for PGP Public Key
PGP Key Fingerprint     PGP Key ID D437B2D9
D0 E7 C6 5A 9E EF 0D CF  C7 10 88 2A 73 41 11 24





From SButler at chemson.com  Tue Nov 19 01:12:15 1996
From: SButler at chemson.com (Butler, Scott)
Date: Tue, 19 Nov 1996 01:12:15 -0800 (PST)
Subject: FW: Unsubtroll
Message-ID: <c=GB%a=_%p=CHEMSON%l=CSH_NT0-961119091559Z-4660@csa-ntx.chemson.com>




FOR GOD'S SAKE !!!!!!!!!!!!!!!!!!

>----------
>From: 	piotrk at opnt.optimus.wroc.pl[SMTP:piotrk at opnt.optimus.wroc.pl]
>Sent: 	19 November 1996 05:04
>Subject: 	Unsubtroll
>
>>unsubtroll
>





From alan at ctrl-alt-del.com  Tue Nov 19 01:19:36 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Tue, 19 Nov 1996 01:19:36 -0800 (PST)
Subject: Playing Cards - Caution!
Message-ID: <3.0b36.32.19961119010045.00f72934@mail.teleport.com>


At 08:01 PM 11/18/96 -0800, Peter Hendrickson wrote:
>Here's why I now prefer dice: Dice are simple.  Each die throw can be
>made to be quite independent of all other die throws.  Even loaded dice
>may be used by throwing them repeatedly and adding the results mod the
>number of sides to the die.  Dice which are suspect may be studied by
>repeated throwing.  Non-independence can be more easily studied as
>it can be assumed that a throw of the die is, at most, related only
>to the previous throw and none before.

I used dice to generate my ATM access code for my last bank account.
(10-sided dice left over from my role-gaming days...)  The looks I got from
the bank personnel was pretty hillarious.  They had little to know clue
about guessable passwords or related issues.  (You would be amazed as to
how many people use birthday information and the like for ATM codes.)  But
then again, they though that the "bank at home" software was pretty secure
too...

---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From alan at ctrl-alt-del.com  Tue Nov 19 01:19:42 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Tue, 19 Nov 1996 01:19:42 -0800 (PST)
Subject: Extreme Left/Right
Message-ID: <3.0b36.32.19961119011826.00ff1400@mail.teleport.com>


At 02:59 AM 11/19/96 -0400, amp wrote:

>I first saw mention of a chart similar to this in the 60s. It was a way of 
>describing beliefs politically that was put forth by Jerry Pournelle. (Who 
>is available on the net btw.)  

That must be one hell of a download...  ]:>

>> When I used to listen to a certain "leftist" radio station broadcasting 
>> out of New York City, they would talk about "left-wing", communist 
>> dictatorships and "right-wing", fascist dictatorships.  A dictatorship is
>> a dictatorship!!!  The "wing" that it comes from makes no difference!! 
>
>Yup. You hit the nail on the head here. This is something that any thinking 
>person should recognise. The basic way we are taught to understand and 
>reference politics =makes=no=sense=.

The question is whether you wish to be tortured by the Government forces or
the Peoples Revolutionary army.  (I guess is comes down to which side has
had more practice this week...)  Also, will this be deliberate torture or
the accidental kind.  ("Oops.  Sorry.  We were actually after a dully
elected representative of the four horseman.  You just got in the way.
Maybe it will grow back...")

>>  The 
>> way the media defines these things makes no sense; you can't have a 
>> dictatorship on BOTH sides of a POLITICAL SPECTRUM no more than you can 
>> have YELLOW on both sides of the COLOR SPECTRUM.
>
>Take a gander at the libertarian's chart. I think it is a more accurqte way 
>of describing people, and in fact is similar in some ways to what you 
>describe. A philosophy is charted based on how one views personal and 
>property rights.

This assumes that there are only two basic axises that rights are based
opon.  Some of those can get pretty fuzzy.  To properly describe how the
system works would require an n-dimensional hyperpolygon of indeterminate
size.  (Kind of like describing the black budget.  You know it is there,
but looking at it is difficult, and if they catch you looking the hounds of
tindalos will be coming at you out of every corner of the woodwork.)

Personally, I am a political non-euclidean.


---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From unicorn at schloss.li  Tue Nov 19 02:08:14 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 19 Nov 1996 02:08:14 -0800 (PST)
Subject: Does John Gilmore...
In-Reply-To: <199611182130.NAA08518@kachina.jetcafe.org>
Message-ID: <Pine.SUN.3.94.961119050314.6815B-100000@polaris>


On Mon, 18 Nov 1996, Dave Hayes wrote:

> Date: Mon, 18 Nov 1996 13:30:51 -0800
> From: Dave Hayes <dave at kachina.jetcafe.org>
> To: freedom-knights at jetcafe.org
> Cc: cypherpunks at toad.com
> Subject: Re: Does John Gilmore... 
> 
> Black Unicorn writes:
> > Dave Hayes writesL:
> > > [For those who's assumptions rule their perception: I am *not* arguing
> > > that all speech should be subsidized. I am merely pointing out that
> > > the organization that is spending the money to broadcast is
> > > controlling the speech, hence it is *not* free speech in terms of
> > > freedom or cost.]
> > Again, you confuse free speech with free broadcast.
> 
> Isn't broadcast a subset of speech, especially in this culture?

That which is broadcast is certainly speech.

Trying to draw some kind of "right to be broadcast" as a result is
stupidity or ignorance, or both.

Anyone has the right to, e.g., start a mailing list, or a newsletter.
No one has the right to compell ABC or FOX or John Gilmore or anyone
else to broadcast their speech.  (The rarest exceptions, like equal time
rules, exist in election contexts).

Learn the difference.  Go to law school before you argue free speech
concepts in any detail.  Most importantly, spend more time thinking, less
talking or typing.

> ------
> Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> The penalty for laughing in a courtroom is six months in jail; if it were 
> not for this penalty, the jury would never hear the evidence.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Tue Nov 19 02:12:45 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 19 Nov 1996 02:12:45 -0800 (PST)
Subject: NO commo to "Faggot" cypherpunk list
In-Reply-To: <Pine.LNX.3.95.961118131031.6951B-100000@dhp.com>
Message-ID: <Pine.SUN.3.94.961119050930.6815C-100000@polaris>


On Mon, 18 Nov 1996, aga wrote:

> As I said dude; I no longer respond to any como with the cypherpunks
> address in the header.  If you want an answer to your comments,
> address your reply to the Freedom-knights list or to me, without
> any *punks address in the header.
> 
> Any list run by an admitted Faggot is no place where I
> will allow an audience.

Oh, this guy is for free speech.  Sure.

Freedom Knights?  Try Knights of the KKK.

> 
> -aga
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From aga at dhp.com  Tue Nov 19 02:32:49 1996
From: aga at dhp.com (aga)
Date: Tue, 19 Nov 1996 02:32:49 -0800 (PST)
Subject: BAD FAGGOT John Gilmore
In-Reply-To: <Pine.SUN.3.94.961119050930.6815C-100000@polaris>
Message-ID: <Pine.LNX.3.95.961119052314.18903A-100000@dhp.com>


On Tue, 19 Nov 1996, Black Unicorn wrote:

> Date: Tue, 19 Nov 1996 05:11:23 -0500 (EST)
> From: Black Unicorn <unicorn at schloss.li>
> Reply-To: freedom-knights at jetcafe.org
> To: aga <aga at dhp.com>
> Cc: paul at fatmans.demon.co.uk, freedom-knights at jetcafe.org,
>     cypherpunks at toad.com
> Subject: Re: NO commo to "Faggot" cypherpunk list
> 
> On Mon, 18 Nov 1996, aga wrote:
> 
> > As I said dude; I no longer respond to any como with the cypherpunks
> > address in the header.  If you want an answer to your comments,
> > address your reply to the Freedom-knights list or to me, without
> > any *punks address in the header.
> > 
> > Any list run by an admitted Faggot is no place where I
> > will allow an audience.
> 
> Oh, this guy is for free speech.  Sure.
> 

Hey motherfucker, I TOLD YOU to leave out the stupid
cypherpunks header!  Just when are you going to learn
to listen?!!  You have been around those faggots too much!

Faggots have NOTHING to do with Fredom of Speech!

> Freedom Knights?  Try Knights of the KKK.
> 

Hey cocksucker, the KKK have nothing to do with faggots!

There is a basic understanding in life by ALL GOOD MEN
that Faggots are defective creatures.  NOBODY wants to
be seen with or associated with faggots!

John Gilmore is a Faggot, therefore he is defective.
And we question any of his associates.
open and shut case.

-aga






From amp at pobox.com  Tue Nov 19 02:37:50 1996
From: amp at pobox.com (amp)
Date: Tue, 19 Nov 1996 02:37:50 -0800 (PST)
Subject: Extreme Left/Right
Message-ID: <01IC0OZLG0FI9FMAF8@MAIL-CLUSTER.PCY.MCI.NET>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Tue Nov 19 04:35:41 1996

=snip=
>I first saw mention of a chart similar to this in the 60s. It was a way of 
>describing beliefs politically that was put forth by Jerry Pournelle. (Who 
>is available on the net btw.)  

ao> That must be one hell of a download...  ]:>

I must be getting a bit dense. It took me a while for your comment to
sink in...

>Take a gander at the libertarian's chart. I think it is a more accurqte way 
>of describing people, and in fact is similar in some ways to what you 
>describe. A philosophy is charted based on how one views personal and 
>property rights.

ao> This assumes that there are only two basic axises that rights are
ao> based opon.  Some of those can get pretty fuzzy.  To properly
ao> describe how the system works would require an n-dimensional
ao> hyperpolygon of indeterminate size.  (Kind of like describing the
ao> black budget.  You know it is there, but looking at it is difficult,
ao> and if they catch you looking the hounds of tindalos will be coming
ao> at you out of every corner of the woodwork.)

Agreed. The problem is, how complicated do you want it to be? If we
are going to be classifying people by their political philosophy, the
sustem we use should at least be usable. An n-dimensional model would
probably be a highly accurate representation if properly constructed,
but who would sit through the grilling it requires? (perhaps someone
might be willing to =force= you to be grilled, but it wouldn't be
pleasant imo.)

A third axis would probably pinpoint things a bit better than a
2-dimensional model, but I must admit, I'm at a loss as to exactly
what this third line would be. I think 'personal' and 'economic'
liberty are a pretty good barometer of someone's thinking. It's not,
by any means, perfect, but it is easily understandable even by most
people today.

amp

ao> Personally, I am a political non-euclidean.

Indeed. Thank God the universe is non-euclidean and non-newtonian as well.


===
amp at pobox.com
Earth First! We'll strip mine the other planets later!
===
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpGNflUbR1RWr40pAQEtyAf8DdM8I8wKHftp+wnm6McMPbCRWada8NNC
cfvVMMmcowCEXbzXRli/+BU30YUan3Qr/Uf3nvqsT+yasfHJPEJIaIaUy7J+NC6w
IX+FQqpuDi3Hrh2B805qeq6erc0KWEkJkxZuV1WU1Akt+qk7DWPdVbwSmBF6Ae3z
1K8KxH1Z53NZ8HtWAfPzD6OV+cvCo66a+JwFxrEt02IGoZ6L53p9oQeDY81siGtl
xGmA+1xJ0cZtnqnUY6CuhG6As4iqr254ZdVSnszaI/lPrJCKG/w1aj9+5/UDoU1J
VcJfrTsdYaWDyuhxqeIkPbRNkFNr47KVnnPw7Ebemqmz2RjVdo18xQ==
=AlLl
-----END PGP SIGNATURE-----






From snow at smoke.suba.com  Tue Nov 19 02:48:21 1996
From: snow at smoke.suba.com (snow)
Date: Tue, 19 Nov 1996 02:48:21 -0800 (PST)
Subject: Crypto Bounties: Another Thought that crossed my mind.
In-Reply-To: <3290992F.2781E494@systemics.com>
Message-ID: <199611191105.FAA00216@smoke.suba.com>


> snow at smoke.suba.com said:
> >       Well, I was thinking, what if a "Crypto Software Bounty Server"
> >  were set up, so that someone could propose a tool that they would like
> >  to see, along with an initial bounty. Others could contribute toward that
> >  bounty (anonymously if they wish) until either the tool was delivered.
> >       The original issuer sets standards for the software (i.e. "easy to
> >  use interface to mixmaster remailers for Macintosh", then must define
> >  easy to use; Software considered delivered when in [alpha beta late-beta
> >  &etc.]). The first to present software meeting these qualifications gets
> >  the bounty, with the caviate that the software must be either gnu-copylefted,
> >  or some similar "free use" copyright, after all, "The Net" paid for it...
> Hmmm.  This is a one shot game (is that the term?) whereas software

     Correct term, but not necessarily accurate. 

> generally has implications that escape a single sale scenario.  For
> example, the more difficult the software, the more risk there is that
> someone else will beat you, thus lowering the real risk-adjusted payoff
> dramatically.   For this reason, more complex stuff would need some sort
> of contract+reputation scenario that allows a repeating game to work.

     Not necessarily. It could be set up to keep the Bounty open, to provide
a revenue stream for upgrades, or second, third & etc. bounties for upgrades
bug fixes and new features. 

> A contractual alternative could work like this.  I (the initial desirer)
> write a contract specifying my requirements.  I publish this as a market
> tender, where other desirers can contribute funds, and this becomes a

     <snip>

> eliminates the need for judges.  History shows that a good market
> microstructure will beat an authority approach in the long run.

     Reputation could also eleminate the need for judges. If Matt Blaze, 
or Randall S. were to try to claim a specific bounty, people would be 
more likely to accept their claim than if I were to do so. 

> Also note that if you drop the free software assumption, and make it,
> say, moneyware, then the market becomes much more workable - the asset
> being traded is a share of future revenues.  This has more ramifications
> than might be obvious:  Propose a market to write a GAK killer for
> e$10,000.  If it clears and is built, is the Dept. of Justice forced to
> buy the rights out?

    If it is GNU'd, then there is no one to buy out. I like the idea of 
"free" software. As it stands now, there is a lot of very high quality 
software free software out there (hell, all of the software I use _daily_
is "free" software), and if no one owns it, the government can't use 
copyright laws to restrict it. The feds _can't_ buy it out for a million 
dollars. 

     The other thing about the "bounty server" is that it is simpler to
set up (at least as far as I can see) than your contract model. 

     All you would need is to settle up the details, set up a web server
with the ability to handle ecash, and some sort of accounting and you are
off. Maybe, just to prove you are legit, a performance bond. 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From frissell at panix.com  Tue Nov 19 03:30:59 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 19 Nov 1996 03:30:59 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <3.0b36.32.19961118232424.00b845f8@panix.com>


At 06:54 PM 11/18/96 -0500, Black Unicorn wrote:
>> Not long ago, a college education was essentially a death warrant 
>> in Cambodia.  Prior to that, a degree was considered a good thing
>> there.  People saw no reason to hid the fact that they had been
>> in school.  Trouble is, things changed.
>
>Oh, come on.  That could never happen here.

Where have I heard that line before?  Sandy was giving an actual example of
a general problem.  Educated people were executed in Cambodia.  That may
not happen here but it is very common for innocent legal activities or
characteristics to later become very illegal and subject to punishment.

Examples:

Judaism in Germany in 1900 vs 1940
Smoking in America in 1950 vs 1996
Spanking children in Sweden 1950 vs 1996
Owning gold in America in 1930 vs 1933
Publishing and distributing "Discovery of the Orgone" in the 1940s vs the
1950s 

The problem is that you can't always guess in advance which of your
behaviors or characteristics will get you in trouble later.  

The fewer people who know your affairs the less trouble you will be in when
things change.

DCF

"When I was born, smoking was a virtue and sodomy a vice."





From boursy at earthlink.net  Tue Nov 19 04:08:16 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Tue, 19 Nov 1996 04:08:16 -0800 (PST)
Subject: NO commo to "Faggot" cypherpunk list
In-Reply-To: <199611191448.MAA13513@prometheus.hol.gr>
Message-ID: <3291A407.2E94@earthlink.net>


George A. Stathis wrote:
> 
> Black Unicorn wrote:
>
>>> Any list run by an admitted Faggot is no place 
>>> where I will allow an audience.

  That certainly is your right alough I'd personally
differ.

>>
>>Oh, this guy is for free speech.  Sure.

  I saw nothing to the contrary--did you?


>>Freedom Knights?  Try Knights of the KKK.

  Oh my.
 
> I think you ought to realize by now, Mr. "Black Unicorn", that
> aga (like everyone of us) has a right to his own likes and dislikes.
> They may alienate some people, offend others, but I sincerily believe
> that equating his "dislike of faggots" to the "KKK" is seriously
> misleading.
> 

  One of Dr. Grubor's cosmic purposes in life is to bring
the vermin out of the woodwork--we have yet another.

                          Steve





From dlv at bwalk.dm.com  Tue Nov 19 04:56:59 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 19 Nov 1996 04:56:59 -0800 (PST)
Subject: Cpunks Frog Forwards discontinuation
In-Reply-To: <Pine.SUN.3.91.961118175548.23329A-100000@beast.brainlink.com>
Message-ID: <0N4mXD23w165w@bwalk.dm.com>


Ray Arachelian <sunder at brainlink.com> writes:
>
> This has been moved to sunder at sundernet.com (hosted via brainlink, the
> fascist dorsai account is no more.)

The search engines show ray at earthweb.com, sunder at brainlink.com,
arachel at poly.edu, ray.arachelian at f204.n2603.z1.fido.org, sunder at escape.com,
sunder at dorsai.org, 103070.2610 at compuserve.com, sunder at sundernet.com - wow.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ben at gonzo.ben.algroup.co.uk  Tue Nov 19 04:57:11 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Tue, 19 Nov 1996 04:57:11 -0800 (PST)
Subject: Securing Electronic Mail Within HMG
In-Reply-To: <1.5.4.32.19961119074914.006a7368@pop.pipeline.com>
Message-ID: <9611191154.aa26615@gonzo.ben.algroup.co.uk>


John Young wrote:
> 
> We have received from an anonymous source a document titled:
> 
> "Securing Electronic Mail Within HMG, Part I, Infrastructure 
> and Protocol." 21 March 1996.
> 
> From the Introduction:
> 
> "This document is the first part of CESG's recommendations for 
> securing electronic mail within HMG. The main objective of the 
> recommendations is to facilitate pan-government secure inter-
> operability of electronic mail, by simplifying the implementation 
> of secure electronic mail within government, ensuring secure 
> electronic mail between departments is possible, attempting to 
> facilitate future inter-operability with commercial users,
> maximising the use of commercial technology in a controlled manner,
> whilst allowing access to keys for data recovery or law enforcement 
> purposes if required."
> 
> Other sections describe:
> 
> 2. Authentication Framework
> 
> 3. Confidentiality Framework
> 
> 4. Security Protocol
> 
> The document refers to the Royal Holloway program for TTP critiqued 
> by Ross Anderson and others as "EuroClipper." Perhaps those with 
> more knowledge could make an assessment.
> 
> The document consists of 13 pages of text and diagrams, with 
> a few gaps.

This document is available on the Web, at:

http://www.xopen.org/public/tech/security/pki/casm/casm.htm

see also my "addendum" to Anderson & Roe's paper (which is actually a critique
of the above proposal, rather than RH itself) at:

http://www.algroup.co.uk/crypto/rh.html

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From jya at pipeline.com  Tue Nov 19 05:52:24 1996
From: jya at pipeline.com (John Young)
Date: Tue, 19 Nov 1996 05:52:24 -0800 (PST)
Subject: Securing Electronic Mail Within HMG
Message-ID: <1.5.4.32.19961119134957.006a19d4@pop.pipeline.com>


Ben Laurie wrote:

>This document is available on the Web, at:
>
>http://www.xopen.org/public/tech/security/pki/casm/casm.htm
>
>see also my "addendum" to Anderson & Roe's paper (which is actually a critique
>of the above proposal, rather than RH itself) at:
>
>http://www.algroup.co.uk/crypto/rh.html


Ben rightly points to a complete and handsome forebear of our 
gap-toothed descendant. We withdraw ours.

Thanks Ben. And thanks for your "addendum" to A&R.









From clay.olbon at dynetics.com  Tue Nov 19 06:09:48 1996
From: clay.olbon at dynetics.com (Clay Olbon II)
Date: Tue, 19 Nov 1996 06:09:48 -0800 (PST)
Subject: REQUESTING INFORMATION :-)
Message-ID: <1.5.4.32.19961119140742.006b7604@ix.netcom.com>


At 01:53 AM 11/19/96 -0200, George A. Stathis wrote (in part):

>I REQUEST INFORMATION on those people who compile "Unemployability
>Lists" in the USA, as well as ANY other information on this issue.

You can add me to your list.  I keep an "unemployability list" - although I
don't write it down or put it on a computer.  

>We Greeks would like ALL the names of the people who act as "Informers"
>of companies denouncing those unfortunate Americans who are doomed
>to unemployment. We plan to give these names to all our friends, so
>as to warn them WHO to avoid during our summer holidays in Greek
>Islands.

Why don't you come back to reality.  I have hired and fired people.  Those
that I fired I would not hire again.  There are others I have worked with
that I would never hire (and would strongly recommend against anyone else
hiring).  That is life.  I have little sympathy for the "unfortunate" people
that I may hurt by not recommending their employment.  Generally it is
because they are lazy, stupid, or dishonest.  This is a judgement call on my
part, and others are free to take or discard my recommendations based on my
reputation.  

Here is my recommendation for you.  Take my "unemployables" list.  Hire
everyone on it.  Try to run a business without going broke.

Hiring people based on reputation is a system that works.  I'm sorry if this
impinges on your sensibilities.  Reality has a tendency to do that though.  

        Clay

*******************************************************
Clay Olbon			    olbon at ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl






From iang at systemics.com  Tue Nov 19 06:16:42 1996
From: iang at systemics.com (Ian Grigg)
Date: Tue, 19 Nov 1996 06:16:42 -0800 (PST)
Subject: Crypto Bounties
In-Reply-To: <199611190406.XAA26146@alpha.pair.com>
Message-ID: <3291C196.167EB0E7@systemics.com>


azur at netcom.com wrote:
>  Why not the free market rate the programmers.  Have a software
>  distribution/payment collection system which requires that the programmer
>  get a completion bond from a 3rd-part insurance company.  If the programmer
>  fails to deliver as promised and/or on-time the donding company pays the
>  'investors' back in full. Since the bonding company's money would be at
>  risk, if the programmer failed to deliver, they have every incentive to
>  conservatively rate the programmers/companies offering ot build SW to spec.

What you are essentially doing is buying reputation I guess, although I
am not familiar with completion bonds, so I the following is mostly
conjecture on their nature.

There are two major feature/bugs with the completion bond.  Firstly, it
requires the bonding company to make a judgement, and this adds a weak
point into the link.  That judgement will then result in a lot of
emphasis on the fine print of the contract, and fundamentally, software
doesn't work very well when fine print gets involved.  The notion of
"completion" especially sits oddly with the scenario described, where
freeware of mostly source form gets distributed to a wide group of
programmers who can adjust minor problems fairly easily.  I would guess
that when EDS delivers a product, there are completion ("penalty")
clauses, but when the Internet was "delivered" there was no such clause.

Secondly, the existance of an intermediary points to a major
inefficiency in the market.  Whilst your joy at paying intermediaries
may vary, historically, intermediaries follow a pattern of building
barriers to entry, raising charges, and slowing innovation.  This is
theory that is generally applicable in practice, and it is for this
reason that the emphasis in my post was on removing the single point of
guaruntee.  In the context, I would also question the nature of a
financial entity that was willing to sell its reputation to
cryptoanarchists.

>  >[slash]  However, I like this viewpoint because it
>  >eliminates the need for judges.  History shows that a good market
>  >microstructure will beat an authority approach in the long run.

By aiming for no single point of judgement, the only solution that we
found was to rely on a multi-shot game, with past reputation leading to
up-front payment leading to confirmation of reputation.  As it happens,
the bonding companies will rely heavily on reputation as well, in its
varying forms, anyway.

snow at smoke.suba.com originally asked:
>  >> Has anything like this been proposed before?
> 
>  Yes, Eric Hughes proposed a broad and structured proposal primarily
>  addressing this manner of market funding for software development (and
>  possibly suitable for other intellectual property creation) at DEFCON IV.
>  My previous comments on completion bonds were taken from his presentation.

Yes, I saw that earlier post, and did a quick search for it but no
luck.  If any one can point us at the paper, that would be useful.

On a slightly related note - is there any interest in setting up a
mailgroup for programmers and designers of markets?  There's plenty of
cash stuff out there but I know of no forums for trading of fungible
items.
-- 
iang
iang at systemics.com





From boursy at earthlink.net  Tue Nov 19 06:26:27 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Tue, 19 Nov 1996 06:26:27 -0800 (PST)
Subject: Fuck You Dumb Cunt
In-Reply-To: <199611182134.NAA08552@kachina.jetcafe.org>
Message-ID: <3291C46F.142A@earthlink.net>


Dale Thorn wrote:
> 
> Stephen Boursy wrote:
>>
>> Dave Hayes wrote:
> 
>> > I believe in them, alright. It's just that they seem to be at odds
>> > with freedom of speech.
>> > They are at odds with a lot of other things as well, but that's
>> > a different fla...er...discussion.
> 
>>   I believe the posession of property is a priv. to be taken
>> away if abused.  There is no such thing as a 'right' to
>> property--in fact the very notion seems absurd.
> 
> You've just lumped all possessions into a single category.  There's a
> valid argument against private ownership of land when ownership of that
> land can be (and usually is) moved from the people at large to just a
> few people, then eventually to dictators, etc.


  Well--if you look at the ownership of wealth in the US including
but not limited to real estate you'll find much the same.  And that
ownership is not, to my mind, in the least legitimate.

 
> But are you suggesting that if I trade my labor for some material item
> which was built with other people's labor, and that material item is
> sufficiently portable that it doesn't have to occupy a significant
> piece of real estate (i.e., a house, a large boat), *they* should be
> able to take that material item away from me anyway on whatever pretext,
> on the basis that possession of it is a *privilege*?  Is my paycheck,
> given to me directly for my labor just a privilege?


  That's a fair question.  I don't begrude one's ownership of their
fair share--but I do have serious problems with what we shall
call 'accumulators' if you will.  For them I have contempt and no--
they do not have that right of possession and often such 'work' is
at the expense and on the backs of others.

                               Steve





From trei at process.com  Tue Nov 19 06:40:07 1996
From: trei at process.com (trei at process.com)
Date: Tue, 19 Nov 1996 06:40:07 -0800 (PST)
Subject: [NOISE] U.S. CIA employee caught spying
Message-ID: <199611191440.GAA14684@toad.com>


 Tim Scanlon <tfs at adsl-122.cais.com> writes:
> This is on the local DC news;
> Harold Nicholson age 46, a CIA employee was arrested for spying today
> at Dulles airport. He allegedly has been working for the Russians
> for the past 2 years. 
> He was caught after he failed a series of polys, and bank account 
> irregularities had been noticed, as well as suspcious travel.
> They got him on hidden video apperently photocopying documents
> that he intended to pass along.
> Tim

If he's found guilty, I hope that they throw the book at the traitor. He
apparently  was a trainer of agents, and as such was in a positiona to 
identify many to the Russians. I wonder how many died so he could 
earn his $140,000? 

Peter Trei
trei at porcess.com





From rah at shipwright.com  Tue Nov 19 06:45:35 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 19 Nov 1996 06:45:35 -0800 (PST)
Subject: Nit: "Gronked "
In-Reply-To: <199611190631.WAA25180@netcom6.netcom.com>
Message-ID: <v03007806aeb76df8dba7@[206.119.69.46]>


At 1:34 am -0500 11/19/96, Bill Frantz wrote:
>* gronk v.t. To hit over the head with a club.  From Johnny Hart's
>cartoon, B.C.

Nit: Gronk is actually the noise the dinosaur makes. If you will, saurian
ejaculata (the verbal kind, you pervert!). Thus, to be "gronked" could be
considered be to suffer the indignities of dinosaur breath. :-).

Something the people on this list, who are, er, on the cutting edge of
societal evolution, have no small experience with, as our latest experience
with Hewlett Packard shows...

;-).

Cheers,
Bob

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From rah at shipwright.com  Tue Nov 19 06:46:24 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 19 Nov 1996 06:46:24 -0800 (PST)
Subject: Reputation distortions?
In-Reply-To: <3290992F.2781E494@systemics.com>
Message-ID: <v0300780faeb77279ea48@[206.119.69.46]>


At 6:05 am -0500 11/19/96, snow wrote:
>     Reputation could also eleminate the need for judges. If Matt Blaze,
>or Randall S. were to try to claim a specific bounty, people would be
>more likely to accept their claim than if I were to do so.

But, what about reputation distortions?

There's the famous story about a guy presenting his discovery of the normal
distribution to a scientific society. Gauss was in the audience. He stood
up and said something like, "Oh. I figured that out years ago."

We now call it a "Gaussian" distribution, among other things.

If I remember the story correctly, Gauss never subsequently proved that he
discovered the normal distribution first, and he certainly never published
it at the time he said he discovered it.

Nobody remembers the name of the guy who was presenting the paper, though.
At least, I can't now. :-).

I'm not saying that Gauss *didn't* discover the normal distribution. I'm
saying that he didn't have to *prove* he did. Of course not. He was the
greatest mathematician of his time, and probably since.

I'd call the event a reputation distortion.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From njhm at ns.njh.com  Tue Nov 19 06:47:28 1996
From: njhm at ns.njh.com (Nicolas J. Hammond)
Date: Tue, 19 Nov 1996 06:47:28 -0800 (PST)
Subject: accutrade
In-Reply-To: <199611182120.NAA10915@sirius.infonex.com>
Message-ID: <199611191451.JAA26479@ns.njh.com>


Mixmaster wrote ...
> Hacking the 9 digit account number and 4 digit PIN will be easier than attacking the OS directly.
> Either method though would certainly ring loud bells at Accutrade unless they are infected with 
> headinbutt disease.

No.

If, and this is a big if, the account numbers are issued sequentially,
and I know a starting account number (A), then I try account A+1
with the PIN "1234". If it fails then 1 minutes later I try A+2
also with the PIN "1234" and so on. I'm trying 60 accounts/hour, 1440/day.
It shouldn't trip up errors because most programmers only put error 
counters on each account and we only try each account once.

By laws of probability 1 account in 10000 should have the PIN "1234"
(reality will be different, people choose easy to remember PINs).

Within 4 days I've tried over 5000 accounts and statistically have
a greater than 50% chance that I've got an account number and PIN.

-- 
Nicolas Hammond                                 NJH Security Consulting, Inc.
njh at njh.com                                     211 East Wesley Road
404 262 1633                                    Atlanta
404 812 1984 (Fax)                              GA 30305-3774





From hyperlex at hol.gr  Tue Nov 19 07:14:00 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Tue, 19 Nov 1996 07:14:00 -0800 (PST)
Subject: REQUESTING INFORMATION :-)
Message-ID: <199611191912.RAA05944@prometheus.hol.gr>


At 09:07 �� 19/11/1996 -0500, Clay Olbon II wrote:
9in response to...)
>>to unemployment. We plan to give these names to all our friends, so
>>as to warn them WHO to avoid during our summer holidays in Greek
>>Islands.        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>Why don't you come back to reality.

Gee! hey, hey, hey... that was a joke!... :-)



>I have hired and fired people.  Those
>that I fired I would not hire again. 

So have I, as a matter of fact. Though I found that people who don't
become friends _and_ business _partners_ as well, tend to be useless
due to the _type_ of we're doing here. We don't need 'workers'; we
need co-developers, responsible partners and co-researchers. We are
in Natural Language Processing (with PROLOG/'C'/Assembly).




>There are others I have worked with
>that I would never hire (and would strongly recommend against anyone else
>hiring).  That is life.  I have little sympathy for the "unfortunate" people
>that I may hurt by not recommending their employment.  Generally it is
>because they are lazy, stupid, or dishonest.
                  ^^^^  ^^^^^^     ^^^^^^^^^
I understand you completely here. I sympathize.



>This is a judgement call on my
>part, and others are free to take or discard my recommendations based on my
>reputation.  

You sound honest and down to earth. I like these qualities very much.


>Here is my recommendation for you.  Take my "unemployables" list.  Hire
>everyone on it.  Try to run a business without going broke.

Does your "unemployment list" include Doctor Dimitri Vulis? I'd be greatful
to know this.
Please, seriously now, and if you have such evidence (that
Dimitri is 'lazy', 'stupid' or 'dishonest') send to me if you can...

Please provide _evidence_ for his 'fame'. I will have NO MORE slander behind
the guy's back. WHAT is going on? I've been harrassed and threatended TOO,
just because of defending him or supporting people's rights to a fair trial?

WHERE do you live, dude? In Nazi Germany? :-(

I have no disagreement with your down-to-earth explanations. But...

Sooner or later your 'sheep-leader' Mr. Gilmore will start blocking access
to MORE geniouses (other than Voulis, who I think _could_ be one) to your
list, and then encryption will be entrusted to morons who can at ANY moment
have their coding systems BROKEN!!!


Perhaps you misunderstood my objections to your practises. FROM the moment
that (for instance) people EVEN like myself receive notices (or threats of)
unemployability (as indeed happened in the letter quoted below) it's an
alarming sign that the _criteria_ for unemployability are no longer your
own decent down-to-earth criteria (honesty, intelligence, trust-worthiness)
but very dark and dubious and QUITE FASCIST criteria instead.

It's only recently that the type of fascist harrassment like "We'll put
you on our U-list", has reached such ABUSE, MISUSE, and ALARMING FREQUENCY.
For some people it's become bread and butter and cheese, apparently...


I would say you are a decent, honest, fearless man trying to do a job which
has a LOT of responsibility, and you may be one among a HUNDRED morons who
by adding NAMES in 'unemployability' lists are no fucking different than
TRAITORS of your country and Nazi Sympathizer in Western Europe.

YOU get back to reality and defend your country from fascism (NOt you
personally, because you had the decency and the honesty to reply), the
OTHERS must get back to reality.

BACK-STABBING and SLANDER (of Dimitri or of anyone) has NOTHING to do
with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',
EITHER of 'mobs' OR of 'leaders', or of would-be psychiatrists roaming
the streets looking for 'juvenile kooks', or other types of labels.

You are, most probably, a real person with very real responsibilites.
In this case, I appreciate you a lot, and hopefully my complaints have
reached the right man's ear.


With Appreciation and Thanks
George A. Stathis
(Software Producer and Developer
 ....'harrassed' -he he- by the following... fascist-scum-letter):

***********************************************************************






>Hops: 0
>Received: from you.got.net (root at scir-gotnet.znet.net [207.167.86.126]) by
prometheus.hol.gr (8.7.5/8.7.3) with ESMTP id UAA27071 for
<hyperlex at hol.gr>; Sun, 17 Nov 1996 20:13:15 -0200 (GMT)
>Received: from [207.167.93.63] (tcmay.got.net [207.167.93.63]) by
you.got.net (8.7.5/8.7.3) with ESMTP id KAA22876 for <hyperlex at hol.gr>; Sun,
17 Nov 1996 10:07:06 -0800
>Posted-Date: Sun, 17 Nov 1996 20:13:15 -0200 (GMT)
>Received-Date: Sun, 17 Nov 1996 20:13:15 -0200 (GMT)
>X-Sender: tcmay at mail.got.net
>Message-Id: <v03007800aeb506f5ac49@[207.167.93.63]>
>In-Reply-To: <199611171100.JAA21839 at prometheus.hol.gr>
>Mime-Version: 1.0
>Date: Sun, 17 Nov 1996 10:18:36 -0800
>To: "George A. Stathis" <hyperlex at hol.gr>
>From: "Timothy C. May" <tcmay at got.net>
>Subject: Stathis on "Don't Hire" List
>Content-Type: text/plain; charset="us-ascii"
>Content-Length: 1426
>Status:   
>
>At 9:00 AM -0200 11/17/96, George A. Stathis wrote:
>
>>It is not ethical to send such strong negative _injunctions_ to masses
>>of people and also to strangers (the 1900-strong members of the cyberphunks
>>list for instance). Because, you may or may not have strong reasons for
>>believing you are justified in such invalidation, but more than a 1000
>>people are now _told_ by (self-appointed) "experts" such as yourself what
>>and whom to ignore or to believe. (Like sheep led to the slaughter)...
>
>"Not ethical"?
>
>But we will do it anyway. Moreover, some of us maintain lists of "Do Not
>Hire" persons. Few high tech or Silicon Valley software companies will hire
>such folks.
>
>Congratulations, Stathis, as you are now on such a list.
>
>
>
>"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
>that the National Security Agency would try to twist their technology."
>[NYT, 1996-10-02]
>We got computers, we're tapping phone lines, I know that that ain't allowed.
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May              | Crypto Anarchy: encryption, digital money,
>tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
>Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
>"National borders aren't even speed bumps on the information superhighway."
>
>
>
>
>






From frantz at netcom.com  Tue Nov 19 07:50:14 1996
From: frantz at netcom.com (Bill Frantz)
Date: Tue, 19 Nov 1996 07:50:14 -0800 (PST)
Subject: Irono-troll (was: Re: The Utility of Privacy)
Message-ID: <199611191550.HAA26611@netcom6.netcom.com>


At 11:58 PM 11/18/96 -0600, Roy M. Silvernail wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>A troll using nobody at huge.cajones.com writes in reply to Sandy Sanfort a
>lot of dismissal of past tragedies resulting from privacy violations.
>Hir consistent viewpoint seems to be that protecting ones privacy has no
>value.  Then sie has the temerity to ask
>
>> BTW, are you operating under your True Name?
>
>My ironometer is absolutely pegged.

Mine did too.  It is the most amusing exchange I've seen in a long while. 
An extremely stable nym arguing for privacy against an anonymous remailer
arguing that it isn't important.  It makes up for all the trash talk and
references to sexual orientation that the juveniles have been posting.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From dwiley at pcy.mci.net  Tue Nov 19 07:59:22 1996
From: dwiley at pcy.mci.net (dwiley at pcy.mci.net)
Date: Tue, 19 Nov 1996 07:59:22 -0800 (PST)
Subject: Stolen PC has Credit-Card accounts data
Message-ID: <Pine.GSO.3.95.961119104949.22495B-100000@magilla.pcy.mci.net>



Might wana check out http://www.usatoday.com/money/mds7.htm.

It seems to me that things like this are a bigger threat than actual
attacks by wire.  But I guess Visa was not concerned about their physical
security. Oh well.....To bad for the 314,000 people. Gota love security.
To bad it sounds like the person that stole the PC had little or no
knowladge of what was on the PC. I love this line.....


"Melancon said the account information wasn't encoded but was in
compressed form and not easy for someone outside the Visa system to read."


So I guess uncompress or gunzip might work..:)
Dan






From frissell at panix.com  Tue Nov 19 07:59:55 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 19 Nov 1996 07:59:55 -0800 (PST)
Subject: Used to Be
Message-ID: <3.0b36.32.19961119105900.006b3e00@panix.com>


Used to be that if you wanted dirty words or pictures, you had to go to Paris.

Used to be that if you wanted Nazis, you had to go to Deutschland.

Used to be that if you wanted to know how to blow things up, you had to go
to the US Government Printing Office.

Used to be that if you wanted racists, you had to go to Alabama.

Used to be that if you wanted commies, you had to go to Moscow (or at least
the LSE).

Used to be that if you wanted garrulous bores, you had to go to you local
watering hole.

Used to be that if you wanted child molesters you had to go to your local
public school.

Used to be that if you wanted a cop you had to go to the nearest doughnut
shop.

Now you can get all of the above and more from the privacy of your own home
on the Internet.

DCF

  





From frissell at panix.com  Tue Nov 19 08:01:02 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 19 Nov 1996 08:01:02 -0800 (PST)
Subject: "Right to Privacy" and Crypto
Message-ID: <3.0b36.32.19961119105646.00689b68@panix.com>


Just cleaning up old responses to old messages:

Sometimes I will see long articles on subpoenas, contempt of court, and
compelled testimony in which no one mentions the fact that the only
sanction used is a little bit of imprisonment (two years seems to be the
max).  That's for things you know.  Since software can be made harder to
compel than people, a properly configured system (sort of like a
spendthrift trust where you can't get at it when compelled) may allow you
to dodge sanctions entirely.

Once we get better at human programming, it should be possible to make our
nervous system a secure system that can't respond when coerced.  This can
already be done by conscious self programming in individuation.  I
certainly try to do that.

Studies of the effects of North Korean brainwashing on different types of
POWs showed a wide variability in susceptibility.  Likewise studies of
Moonie brainwashing.  Political "moderates" with little or no ideology find
it hard to resist coercion.  "You can't fight something with nothing."  In
Korea, the prisoners from Turkey, proved impossible to brainwash.  They had
a mental toughness, a tradition of self posession, and a tolerance for
physical discomfort that strengthened their defenses.  Most U.S. Moonie
recruits were from squishy liberal households (like Barbara Underwood of
the Moonie 5 trial).  

I am not as physically tough as a Turkish soldier but I am certainly tough
ideologically.  In resisting coercion I use a form of "name magic" to
strengthen me and weaken the opposition.  If you can control the naming of
an act or a relation, you can dominate the situation even if you are in a
weaker position.  

Thus when Moonie recruiters approached me at the No. 10 Monterey bus stop
in front of the California Academy of Sciences in Golden Gate Park in SF
with their usual "Hi sailor, new in town?" approach ("Are you from out of
town?  We live with a group of people.  Would you like to come to dinner?);
I responded "I'm not interested in the Reverend Moon."  They left me alone.

When confronting con artists, I usually name the general category name of
their cons:  "Spanish Prisoners," "Shell Game," "Bank Examiners Con," etc.

Naming works with the Geheime Staatspolizei as well.  "You can't park
here."  "I'm not parking, I'm standing."  "Well you can't stand here
either."  "OK."

"In nature it's kill or be killed.  In politics it's define or be defined."
-- Szaz

DCF





From jya at pipeline.com  Tue Nov 19 08:38:37 1996
From: jya at pipeline.com (John Young)
Date: Tue, 19 Nov 1996 08:38:37 -0800 (PST)
Subject: CAVE Query
Message-ID: <1.5.4.32.19961119163629.006c216c@pop.pipeline.com>


We've received by black bag a 25-page doc entitled:

     TR45.3, Appendix A to IS-54,  Rev. B

     Dual-Mode Cellular System

     Authentication, Message Encryption, Voice Mask
     Generation, A-Key Verification, and Test Data

     February, 1992. No Source.

It describes the CAVE cryptographic function in detail,
and its use to generate a set of cryptovariables for the 
Cellular Message Encryption Algorithm (CMEA); for 
generation of 520 bits for the duplex voice privacy masks; 
and for other tasks.

Each page warns that information in the document may be
subject to export jurisdiction under ITAR.

Does anyone know if this is already available on the
Web?

TIA of incarceration.






From hal at rain.org  Tue Nov 19 08:56:02 1996
From: hal at rain.org (Hal Finney)
Date: Tue, 19 Nov 1996 08:56:02 -0800 (PST)
Subject: Rogue Governments Issuing Policy Tokens
Message-ID: <199611191649.IAA00949@crypt.hfinney.com>


From: "Timothy C. May" <tcmay at got.net>
> The problem (for GAK) of "rogue governments" is this: a government such as
> Libya or Panama, henceforth to be known as "Rogueitania," issues policy
> cards to all of its citizens, and to all those visiting Rogueitania, and
> perhaps through the mail to anyone who pays some fee.

I don't think this would happen.  Some kind of secret information or
hardware is going to be needed to create policy tokens.  (Otherwise
anybody could make one.)  That means that HP, and therefore ultimately
the U.S. government, is going to have to approve those governments which
are allowed to issue such tokens.  HP will have to provide them some
special hardware or something to make them.  The tokens will only be
accepted if they have proper secrets inside them.

I can't see the U.S. allowing Libya and similar countries to create policy
tokens.  The whole point of this exercise is to prevent these countries
from being able to use strong crypto.  So they will certainly not be on
the approved list.

Does this represent an attempt to establish a de facto U.S. hegemony over
the world, where the U.S. government gets to decide which other governments
have access to crypto?  Not necessarily; other countries will still have
the option to use computers made outside the U.S.  The fact of international
competition will still exist.

If the HP initiative does become a widespread standard (which I think is
unlikely at this point) then we will see the same sorts of flight towards
non U.S. computers that we now see towards non U.S. crypto companies.
Why should an Israeli company buy an American computer with a policy chip
that is ultimately under the control of the U.S. government when they
can get one locally made which has no such restrictions?

And of course all this focus on hardware tokens ignores the fact that
the alternative of software-only crypto will still be present, both for
the domestic market and for the international market where the products
don't come from the U.S.  This will represent additional competition
which the HP proposal must face.

For these reasons I don't think the HP idea solves the export problem
for U.S. hardware and software makers.  And the response by opinion leaders
has ranged from ho-hum to negative, despite the self-serving cheerleading
by HP management.  Companies which try to sell computers with these chips
in them risk getting a "big brother inside" (to use Tim's very effective
slogan) reputation.  I think this initiative is going nowhere.

Hal





From jkroeger at squirrel.owl.de  Tue Nov 19 08:57:21 1996
From: jkroeger at squirrel.owl.de (Johannes Kroeger)
Date: Tue, 19 Nov 1996 08:57:21 -0800 (PST)
Subject: Squirrel Type-1 remailer is up again in PGP-only mode
In-Reply-To: <19961118140419.21236.qmail@squirrel.owl.de>
Message-ID: <19961119163809.9055.qmail@squirrel.owl.de>


Hello remailer users!

I've solved the mail traffic problem with my provider and put
the type-1 remailer at squirrel back up.  But it will only remail
PGP-encrypted messages to reduce the convenience to spammers.

Accepting only encrypted mail should also enhance the security since
it is harder for attackers to identify which encrypted incoming mail
corresponds to which outgoing mail.

Raph, please put the Squirrel remailer

$remailer{"squirrel"} = "<mix at squirrel.owl.de> cpunk mix pgp hash latent cut ek"

on your list again and point out that it only accepts PGP messages.  Thanks.


If someone removed the PGP-key from their keyring,
here is it again (you can find it on the key servers too):

Type Bits/KeyID    Date       User ID
pub  1024/0B11B275 1996/08/08 Squirrel Remailer <mix at squirrel.owl.de>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAjIJ8IkAAAEEAJvmQTdUL2iLpKmZcnrtQuQWdw1zqt7oYVqkWeFa8J0qrunP
smKvfTXmo52y2leLxbKZ6efADvrKq9ThXGF6qREVIdzTOnRYsVIwSSJjqBiDykAU
cz8y/rEDes0oty4TRhysve976RwF3dLK7WU0RrDFj3VBLMhzyiQ+wVoLEbJ1AAUR
tCdTcXVpcnJlbCBSZW1haWxlciA8bWl4QHNxdWlycmVsLm93bC5kZT6JARUCBRAy
DQ4gvA9InihC/mkBAUlnCACgdpUBabYF9mQPaBC69YGxvcmoYQUxtqj7HlSpAAMr
l0HlPNVUHuSqgo3Wo54uIHc4fFA2JYyxi/qETrQU5sHGOHq63H66uPylyzTLfE5v
uIzbMuikNL2f9SIpdPamW2b+4Jep8UNlSGN0hKtbyedBDClJfPYbCXn9FKgwFcoo
UyPTcfiAsV1f97cTGFM88thUVv6pAYNO4quangxnBEtdwY/mrr1xefw36TiC1yPo
PNItxHEFRFxD2aEG5vA5hjRp/Sz5ZXZiY8K9X7hlt+n3MUXfKKz/OldWtF+Q9fOg
a8Kmqj+duqlS2A4NbWp9emujOEzn2giI7+13B8MEyzVliQCVAgUQMgnwiSQ+wVoL
EbJ1AQFKYwP/XqOGRvvjyd3anh42iAG0SASP9e/fIjD8bCymdEhJHdAsNy0H06ns
oaLtH20tHN4BAgUo9i9H8h11+AygF4iJokGz1coP2BJI/O2o7YxR8SBWwk1SSrCb
utbsi00uz/7QN1zb7Gn/sowUahhBsmhbJbkuur6EB5shBqyq0m/5jVE=
=MqM9
-----END PGP PUBLIC KEY BLOCK-----


I apologize for the lost mails during the shutdown.


Regards,
Johannes

-- 
Johannes Kroeger		<jkroeger at squirrel.owl.de>
Send me mail with subject "send pgp-key" to get my PGP key

P.S.:

The type-1 remailer runs under the control of Mixmaster,
and the PGP-only mode is enforced by the following patch
to the Mixmaster source file Mix/Src/main.c:

--- main.c.orig	Sun Oct 27 01:36:46 1996
+++ main.c	Tue Nov 19 15:53:06 1996
@@ -362,12 +362,15 @@
 not a remailer message */
           type=0;
-        } else { /* It is a remailer */
+        } else { /* It is a remailer message */
           fgets(line,255,fptr);
-          if(strstr(line,"Remailer-Type:")==NULL) { /* All Type 2 messages
-start with this so if it is not...*/
-            type =1;
-          } else {
+          if(strstr(line,"Remailer-Type:")==line) { /* All Type 2 messages
+start with this... */
             type =2;
-          }
+          } else
+          if(strstr(line,"Encrypted: PGP")==line) { /* All Type 1 messages
+start with this... */
+            type =1;
+          } else
+            type =0; /* Plaintext messages are not remailed */
         }
         fclose(fptr);





From paul at fatmans.demon.co.uk  Tue Nov 19 09:20:55 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Tue, 19 Nov 1996 09:20:55 -0800 (PST)
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
Message-ID: <848424019.97279.0@fatmans.demon.co.uk>



> 
> That is your last warning, Mike.  If you start harasing my postmaster,
> I will have your fucking ass in Federal Court before you can blink.
> 

I on the other hand can kick your ass because I am in the UK and I 
look forward to doing so immensely unless you stop sending shit to 
the list...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From paul at fatmans.demon.co.uk  Tue Nov 19 09:21:41 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Tue, 19 Nov 1996 09:21:41 -0800 (PST)
Subject: 
Message-ID: <848424026.97278.0@fatmans.demon.co.uk>



> unsunscribe


This stego system must be damn slow seeing as they only ever misspell 
it in one of two positions, ie. unsuXscriXe, X any letter.

Still, i`ll assume it was a cunning plan to trick me into telling him 
how to unsubscribe.

To unsubscribe from the cypherpunks mailing list:

Send a message to majordomo at toad.com with the *MESSAGE BODY* reading
exactly as follows:

unsubscribe cypherpunks you at your.domain.com



   

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From dwa at corsair.com  Tue Nov 19 09:32:57 1996
From: dwa at corsair.com (Dana W. Albrecht)
Date: Tue, 19 Nov 1996 09:32:57 -0800 (PST)
Subject: Taking out the garbage
Message-ID: <199611191733.JAA19742@vishnu.corsair.com>




I'd like to point out that accepting posts from those who are not
technically subscribed to the list is not always a bad idea.  In particular,
many of us read the list through means other than a direct subscription,
be it either a mail-to-news gateway, web server, filtered list, or other
such mechanism.

As a case in point, while I do read the list, my actual email address is not
subscribed to it. :)

While I usually don't contribute to the discussion, I hope that the few
posts I have made from time to time don't fall into the pollution category.
Furthermore, it's often the case that noted cryptographers who are not
subscribed to the list occasionally post valuable contributions to it (e.g.
Matt Blaze).

Non-subscription and pollution are not necessarily related.

Dana W. Albrecht
dwa at corsair.com


Lucky Green <shamrock at netcom.com> writes:  
> Beginning Monday, 11/25/96, I will bounce all email from the various 
> (non-)subscribers polluting this list with garbage back to the 
> authors. Furthermore, I will attach documents describing basic 
> Internet rules of conduct to each bounce.
> 
> I would encourage other Cypherpunks to do the same. 





From nobody at cypherpunks.ca  Tue Nov 19 09:36:03 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 19 Nov 1996 09:36:03 -0800 (PST)
Subject: BAD FAGGOT John Gilmore
In-Reply-To: <Pine.LNX.3.95.961119052314.18903A-100000@dhp.com>
Message-ID: <199611191730.JAA19686@abraham.cs.berkeley.edu>


> From: aga <aga at dhp.com>
> 
> Hey motherfucker, I TOLD YOU to leave out the stupid
> cypherpunks header!  Just when are you going to learn
> to listen?!!  You have been around those faggots too much!
> 
> Faggots have NOTHING to do with Fredom of Speech!
> 
> > Freedom Knights?  Try Knights of the KKK.
> > 
> 
> Hey cocksucker, the KKK have nothing to do with faggots!

Really, then how come you keep posting your messages through
cypherpunks, a list over which an alleged "Faggot" has complete
control?  You keep telling others not to post to the list, but you
keep posting there yourself.  Could it be that you have no authority
yourself, and thus can't even keep your own E-mail away from the
control of "Faggots"?

> There is a basic understanding in life by ALL GOOD MEN
> that Faggots are defective creatures.  NOBODY wants to
> be seen with or associated with faggots!

I guess there aren't very many good men left, and the few who are left
don't have any authority themselves--They are forced to use mailing
lists under the authority of "Faggots."  I guess you loose and the
"Faggots" win.  Game over, now shut up.





From clay.olbon at dynetics.com  Tue Nov 19 10:05:00 1996
From: clay.olbon at dynetics.com (Clay Olbon II)
Date: Tue, 19 Nov 1996 10:05:00 -0800 (PST)
Subject: Reputation based hiring (was REQUESTING INFORMATION)
Message-ID: <1.5.4.32.19961119180257.006c2bb4@ix.netcom.com>


At 05:12 PM 11/19/96 -0200, George A. Stathis wrote (in part):

>Does your "unemployment list" include Doctor Dimitri Vulis? I'd be greatful
>to know this.
>Please, seriously now, and if you have such evidence (that
>Dimitri is 'lazy', 'stupid' or 'dishonest') send to me if you can...

I won't comment on who I will or won't hire.  I will state that I believe
that what a person posts is a relevant issue when it comes time to make a
hiring decision.  Hiring is based on many factors other than simply
technical ability. If someone thinks that another should not be hired for
whatever reason, I support their right to hold that belief and even to
publicize it.  

<rant against cypherpunks deleted>

I won't follow you into the gutter on this one.  That horse has been dead
for days (and it is beginning to smell really bad).

        Clay

*******************************************************
Clay Olbon			    olbon at ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl








From rah at shipwright.com  Tue Nov 19 10:06:42 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 19 Nov 1996 10:06:42 -0800 (PST)
Subject: Monitor Radio Talks Crypto-FUD
Message-ID: <v0300782eaeb79dee2076@[206.119.69.46]>


The FUDgine keeps rolling down the track...

Looks like Monitor Radio's promoting 56-bit encryption. Reporter's name is
Duncan Moon.

Quotes a guy quoting Blaze (not mentioning Matt). Calls 56 bit encryption
"puny in the future", but not now.

The article talks about hardware as giving keylength economic legs, with
some logic I can't quite fathom...

Cheers,
Bob

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From dtodd at corp.usweb.com  Tue Nov 19 10:11:59 1996
From: dtodd at corp.usweb.com (Daniel Todd)
Date: Tue, 19 Nov 1996 10:11:59 -0800 (PST)
Subject: Unsubtroll
Message-ID: <c=US%a=_%p=USWeb_Corporatio%l=RACHEL-961119181113Z-2572@rachel.corp.usweb.com>


uh....   I think the last 5 letters were a hint :-)

--
Daniel D. Todd
Technology Analyst
USWeb Corporation
408.987.3294

>----------
>From: 	Butler, Scott[SMTP:SButler at chemson.com]
>Sent: 	Tuesday, November 19, 1996 12:15 AM
>To: 	'cypherpunks at toad.com'
>Subject: 	FW: Unsubtroll
>
>
>
>FOR GOD'S SAKE !!!!!!!!!!!!!!!!!!
>
>>----------
>>From: 	piotrk at opnt.optimus.wroc.pl[SMTP:piotrk at opnt.optimus.wroc.pl]
>>Sent: 	19 November 1996 05:04
>>Subject: 	Unsubtroll
>>
>>>unsubtroll
>>
>





From blancw at microsoft.com  Tue Nov 19 10:24:02 1996
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 19 Nov 1996 10:24:02 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <c=US%a=_%p=msft%l=RED-81-MSG-961119182225Z-14929@INET-03-IMC.itg.microsoft.com>


Isn't asking about the "utility of privacy" like asking about the
utility of having a self independent from others - a separate identity
of one's own, subject only to one's own command, with complete authority
to determine the occasion of its visibility?   

Is there anything justifiable about separating oneself from the company
of others and becoming non-visible to them, at those times when one is
out of their sight, away from their awareness of one's existence, of
one's activities, of one's thoughts & manners?

What do youall think you are, anyway?   Special?

   ..
Blanc

>
>





From frissell at panix.com  Tue Nov 19 11:24:57 1996
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 19 Nov 1996 11:24:57 -0800 (PST)
Subject: Cyber Power in Forbes
Message-ID: <3.0b36.32.19961119142606.0076577c@panix.com>


Dayglo Yellow on dayglo pink cover of the December 2, 1996 Forbes.

Wired Envy.

       CYBER POWER
gives financial markets a veto
over the President and Congress
     by Peter Huber


DCF





From tcmay at got.net  Tue Nov 19 11:30:48 1996
From: tcmay at got.net (Timothy C. May)
Date: Tue, 19 Nov 1996 11:30:48 -0800 (PST)
Subject: Rogue Governments Issuing Policy Tokens
In-Reply-To: <199611191649.IAA00949@crypt.hfinney.com>
Message-ID: <v03007800aeb7b8522b6a@[207.167.93.63]>


At 8:49 AM -0800 11/19/96, Hal Finney wrote:
>From: "Timothy C. May" <tcmay at got.net>
>> The problem (for GAK) of "rogue governments" is this: a government such as
>> Libya or Panama, henceforth to be known as "Rogueitania," issues policy
>> cards to all of its citizens, and to all those visiting Rogueitania, and
>> perhaps through the mail to anyone who pays some fee.
>
>I don't think this would happen.  Some kind of secret information or
>hardware is going to be needed to create policy tokens.  (Otherwise
>anybody could make one.)  That means that HP, and therefore ultimately
>the U.S. government, is going to have to approve those governments which
>are allowed to issue such tokens.  HP will have to provide them some
>special hardware or something to make them.  The tokens will only be
>accepted if they have proper secrets inside them.

But even such "U.S. approval" is fraught with problems (for the U.S. and
for public relations). Some examples:

- Arab boycott of Israel...will U.S. be complicit in helping the machinery
of the boycott run? (Actually, H-P could run afoul of several U.S. laws...)

- Myanmar (Burma) wants the evil dissidents controlled (a case much
discussed by PRZ). Which side will the U.S. support?

(As noted in the Declan story, the machinery of having government issue
policy cards, if successful, essentially blocks dissidents and
revolutionaries from gaining certain powers. The U.S. _used_ to support
dissidents and revolutionaries in various countries...no longer, I guess.
The price of winning the Cold War: complacency.)

- Many countries trade with Cuba, while the U.S. does not. So, which side
of this dispute does a U.S.-approved policy token support?

(By the way, Canada is one such nation. If Canada gets the key to issuing
policy tokens, they can issue them to those travelling to Cuba on business.
This would make them a "rogue government" vis-a-vis U.S. policy. More
serious examples also exist.)

And so on. Except for a very few countries which are closely aligned with
U.S. policy on nearly every issue, most countries have internal and
external policies with which we as a nation have serious disagreements.

In fact, for nearly every country to which policy tokens are to be licensed
and approved, the U.S. would have to make some policy decisions which are
bound to offend one group or another. And take time. And raise issues here
in the U.S. Take any country, even nominal allies, and these internal
issues are very thorny indeed.


>I can't see the U.S. allowing Libya and similar countries to create policy
>tokens.  The whole point of this exercise is to prevent these countries
>from being able to use strong crypto.  So they will certainly not be on
>the approved list.

I mention Libya as an extreme example (the same example cited in the
Fiat-Shamir "is-a-person" example of rogue governments issuing passports).
The examples above are likely targets for policy card exports, though. The
issue is clear: the list of "fully-compliant" nations is short indeed, and
few nations are going to accept imports of U.S. technology in which the
U.S. government sets the policy on how and where the imports may be used.

I think this will kill "policy tokens" as a viable U.S. export. This,
actually, may be the expected outcome. ("Hey, we gave you permission to
export this stuff...we can't help it if no other countries allow their
citizens to import the stuff.")

>For these reasons I don't think the HP idea solves the export problem
>for U.S. hardware and software makers.  And the response by opinion leaders
>has ranged from ho-hum to negative, despite the self-serving cheerleading
>by HP management.  Companies which try to sell computers with these chips
>in them risk getting a "big brother inside" (to use Tim's very effective
>slogan) reputation.  I think this initiative is going nowhere.

Yes, ironic that the orginal "Big Brother Inside" logo I showed was of
course based on the "Intel Inside" logo...and now Intel is actually
involved in this mess. How appropriate.

Time to dust off those "Big Brother Inside" stickers someone had printed up
a couple of years ago.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From abostick at netcom.com  Tue Nov 19 11:49:05 1996
From: abostick at netcom.com (Alan Bostick)
Date: Tue, 19 Nov 1996 11:49:05 -0800 (PST)
Subject: Playing Cards - Caution!
In-Reply-To: <v02140b00aeb6e056bb78@[192.0.2.1]>
Message-ID: <EMgky8m9Lkmb085yn@netcom.com>


Note: I haven't read Diaconis's work; just some reports of it in the news
section of SCIENCE more than ten years ago, so people should take what
I say with more than a grain of salt.


In article <v02140b00aeb6e056bb78@[192.0.2.1]>,
ph at netcom.com (Peter Hendrickson) wrote:


> A few days ago I suggested that playing cards are a good source
> of entropy.  This was based on claim by Persi Diaconis which
> was quoted in The Economist.
> 
> I've researched the claim and I now believe it would be wise not to
> use playing cards as a source of entropy for cryptographic
> applications.
> 
> A fully random deck of 52 cards has about 225 bits of entropy.  That
> means that each riffle shuffle introduces about 32 bits of entropy.
> Intuitively, that seems like a lot of entropy for one riffle shuffle.
> I've tried a few riffle shuffles with a sorted deck.  While hardly
> scientific, the level of randomness does not look like 32 bits.  Most
> of the time the cards alternate.


Thirty-two bits of randomness in a space that is 225 bits wide leave
room for an awful lot of order.

Here is a (surely oversimplified) model of a less-than-perfect riffle
shuffle:  the deck is divided into two equal stacks, and the shuffler
typically introduces some number k of "errors" that result in a pair
of adjacent cards in the shuffled deck being exchanged (compared to 
a perfectly-shuffled deck).  In a fifty-two-card deck there are fifty-one
possible pairs to exchange.  log2(51) = 5.67, so we get 5.67 bits of 
entropy for each exchange, if the exchanges are distributed uniformly
through the deck.

How many exchanges are needed to get 32 bits of entropy?  That would
be 32/5.67 , or 5.64 .  In other words, to inject that much entropy into
the deck, only about six shuffling errors need to occur in the shuffle.
The vast remnant of the deck is going to be ordered, in the order that
comes from a perfect shuffle. We would expect to see, as you observe,
most of the cards in the deck alternating suit after one riffle shuffle.


> 
> The claim that 7 riffle shuffles of a deck of 52 cards will bring
> the deck to a state of near randomness appears in this book:
> 
> Diaconis, Persi "Group Representations in Probability and Statistics"
> Hayward, California: Institute of Mathematical Statistics, 1988.
> ISBN 0-940600-14-5
> 
> The section "An Analysis of Real Riffle Shuffles" begins on page 77.
> 
> A model is presented which Diaconis believes is similar to how people
> shuffle in real life.  What is troubling from a cryptographic point of
> view is that there is little empirical evidence to back this up.  What
> is more, Diaconis mentions that there is some variation in shufflers.
> A neat shuffler will be less random.  (Side note: The Economist claims
> Diaconis can execute 8 perfect shuffles in less than a minute.  This
> means the deck is returned to its original order!)

Mathematics does not rely on empirical evidence. ;-)

But bear in mind that Diaconis is a stage magician as well as a statistician,
and surely has a lot of direct personal experience with shuffling cards.
> 
> The study of randomness in cards looks much harder to me now.  Also,
> flaws which may be exploitable for financial reasons when real money
> is on the table may have to be substantially more dramatic than the
> flaws required to exploit, for instance, an alleged one-time pad.

Do bear in mind that, unless you distill its entropy through hashing,
a randomly-ordered deck of cards is going to show a lot of seemingly
non-random properties if you try to use it as a one-time pad.  Most
obviously, because each card in the deck is dealt once and only once,
there must of necessity be correlations between cards dealt early in
the deck and cards dealt later.  (Card-counters at blackjack tables
make their money by exploiting these correlations.)

> 
> Here's why I now prefer dice: Dice are simple.  Each die throw can be
> made to be quite independent of all other die throws.  Even loaded dice
> may be used by throwing them repeatedly and adding the results mod the
> number of sides to the die.  Dice which are suspect may be studied by
> repeated throwing.  Non-independence can be more easily studied as
> it can be assumed that a throw of the die is, at most, related only
> to the previous throw and none before.

The randomness of rolling dice is much more easy to interpret than that
of dealt cards.

Alan "Roll me and call me your tumbling dice" Bostick

-- 
Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick at netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick





From aba at dcs.ex.ac.uk  Tue Nov 19 12:24:10 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Tue, 19 Nov 1996 12:24:10 -0800 (PST)
Subject: pgp bugs list?
Message-ID: <199611190950.JAA00412@server.test.net>



I seem to remember someone saying that pgp's +makerandom function was
broken.  However I'm unable to find any confirmation of this with a
web search.

I'm sure there used to be a known pgp bugs list held at MIT?  I can't
find it now.  Anyone know of the bugs lists whereabouts, or could
confirm/refute any security problems with +makerandom?

(premail uses it, pgp stealth could use it, if it worked).

[the (undocumented) feature is this:

	pgp +makerandom=1024 out

creates 1024 bytes of what should be good random nos, in file "out"]

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From rah at shipwright.com  Tue Nov 19 12:29:09 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 19 Nov 1996 12:29:09 -0800 (PST)
Subject: Cyber Power in Forbes
In-Reply-To: <3.0b36.32.19961119142606.0076577c@panix.com>
Message-ID: <v03007845aeb7c86905e8@[206.119.69.46]>


At 2:27 pm -0500 11/19/96, Duncan Frissell wrote:
>Dayglo Yellow on dayglo pink cover of the December 2, 1996 Forbes.
>
>Wired Envy.
>
>       CYBER POWER
>gives financial markets a veto
>over the President and Congress
>     by Peter Huber

Glad to know that St. Pete keeps his hand in...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From unicorn at schloss.li  Tue Nov 19 12:38:48 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 19 Nov 1996 12:38:48 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <3.0b36.32.19961118232424.00b845f8@panix.com>
Message-ID: <Pine.SUN.3.94.961119153435.13259A-100000@polaris>


On Tue, 19 Nov 1996, Duncan Frissell wrote:

> Date: Tue, 19 Nov 1996 06:31:07 -0500
> From: Duncan Frissell <frissell at panix.com>
> To: Black Unicorn <unicorn at schloss.li>, Sandy Sandfort <sandfort at crl.com>
> Cc: Huge Cajones Remailer <nobody at huge.cajones.com>, cypherpunks at toad.com
> Subject: Re: The Utility of Privacy
> 
> At 06:54 PM 11/18/96 -0500, Black Unicorn wrote:
> >> Not long ago, a college education was essentially a death warrant 
> >> in Cambodia.  Prior to that, a degree was considered a good thing
> >> there.  People saw no reason to hid the fact that they had been
> >> in school.  Trouble is, things changed.
> >
> >Oh, come on.  That could never happen here.
> 
> Where have I heard that line before?  Sandy was giving an actual example of
> a general problem.  Educated people were executed in Cambodia.  That may
> not happen here but it is very common for innocent legal activities or
> characteristics to later become very illegal and subject to punishment.

sar'casm n. [LL sarcasmos < Gr sarkasmos < sarkazein, to tear flesh like
dogs, speak bitterly] 1. a taunting, sneering, cutting or caustic remark;
gife or jeer, generally ironic.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From dave at kachina.jetcafe.org  Tue Nov 19 12:41:42 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Tue, 19 Nov 1996 12:41:42 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611192041.MAA04325@kachina.jetcafe.org>


Black Unicorn writes:
> Dave Hayes writes:

> > > Again, you confuse free speech with free broadcast.
> > Isn't broadcast a subset of speech, especially in this culture?
> That which is broadcast is certainly speech.
> Trying to draw some kind of "right to be broadcast" as a result is
> stupidity or ignorance, or both.

Then I suppose you want to control all mailing lists, USENET groups,
and web pages. These are broadcasts, and of course they have no rights
other than what you seem to want to give them.

> Anyone has the right to, e.g., start a mailing list, or a newsletter.
> No one has the right to compell ABC or FOX or John Gilmore or anyone
> else to broadcast their speech.  (The rarest exceptions, like equal time
> rules, exist in election contexts).

But what about this letter? It is cc'd to two mailing lists. I own the
Freedom Knights one, John Gilmore owns the cyperpunks one. Does that
mean that both of us have to approve it before it gets sent? Do we
both own it?

> Learn the difference.  Go to law school before you argue free speech
> concepts in any detail.  

"Laws" do not cover the net's "multicast" technology.

Distinguishing communication types so as to control those who use them
is not going to solve your problem. You are much better off, from a
practical standpoint, learning to control what you see and hear rather
than attempting to control others. 

One does not need a school to see this, it sits under one's nose like
a milk moustache.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

                 One only fights what one thinks is real.







From unicorn at schloss.li  Tue Nov 19 12:42:51 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 19 Nov 1996 12:42:51 -0800 (PST)
Subject: BAD FAGGOT John Gilmore
In-Reply-To: <Pine.LNX.3.95.961119052314.18903A-100000@dhp.com>
Message-ID: <Pine.SUN.3.94.961119154027.13259B-100000@polaris>




Wow, I couldn't have made a stronger case for this individual's lack of
substance in 1 hour of open debate.

On Tue, 19 Nov 1996, aga wrote:

> Date: Tue, 19 Nov 1996 05:32:18 -0500 (EST)
> From: aga <aga at dhp.com>
> To: freedom-knights at jetcafe.org
> Cc: InterNet Freedom Council <ifc at pgh.org>, paul at fatmans.demon.co.uk,
>     cypherpunks at toad.com
> Subject: BAD FAGGOT John Gilmore
> Newsgroups: alt.god.grubor,soc.men,alt.cyberspace,alt.wired,soc.culture.usa,alt.internet.media-coverage,alt.asshole.john-gilmore,comp.admin.policy
> 
> On Tue, 19 Nov 1996, Black Unicorn wrote:
> 
> > Date: Tue, 19 Nov 1996 05:11:23 -0500 (EST)
> > From: Black Unicorn <unicorn at schloss.li>
> > Reply-To: freedom-knights at jetcafe.org
> > To: aga <aga at dhp.com>
> > Cc: paul at fatmans.demon.co.uk, freedom-knights at jetcafe.org,
> >     cypherpunks at toad.com
> > Subject: Re: NO commo to "Faggot" cypherpunk list
> > 
> > On Mon, 18 Nov 1996, aga wrote:
> > 
> > > As I said dude; I no longer respond to any como with the cypherpunks
> > > address in the header.  If you want an answer to your comments,
> > > address your reply to the Freedom-knights list or to me, without
> > > any *punks address in the header.
> > > 
> > > Any list run by an admitted Faggot is no place where I
> > > will allow an audience.
> > 
> > Oh, this guy is for free speech.  Sure.
> > 
> 
> Hey motherfucker, I TOLD YOU to leave out the stupid
> cypherpunks header!  Just when are you going to learn
> to listen?!!  You have been around those faggots too much!
> 
> Faggots have NOTHING to do with Fredom of Speech!
> 
> > Freedom Knights?  Try Knights of the KKK.
> > 
> 
> Hey cocksucker, the KKK have nothing to do with faggots!
> 
> There is a basic understanding in life by ALL GOOD MEN
> that Faggots are defective creatures.  NOBODY wants to
> be seen with or associated with faggots!
> 
> John Gilmore is a Faggot, therefore he is defective.
> And we question any of his associates.
> open and shut case.
> 
> -aga
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From shamrock at netcom.com  Tue Nov 19 12:44:54 1996
From: shamrock at netcom.com (Lucky Green)
Date: Tue, 19 Nov 1996 12:44:54 -0800 (PST)
Subject: Taking out the garbage
In-Reply-To: <199611191733.JAA19742@vishnu.corsair.com>
Message-ID: <Pine.3.89.9611191201.A27439-0100000@netcom6>


On Tue, 19 Nov 1996, Dana W. Albrecht wrote:

> 
> 
> I'd like to point out that accepting posts from those who are not
> technically subscribed to the list is not always a bad idea.

I agree. I am not suggesting that non-subscribers should be blocked from 
posting to the list. Nor am I claiming that non-subscribers post a higher 
rate of garbage to the list. All I am saying is that I will bounce 
garbage originating from non-subscriber and subscriber alike back to the 
authors. I encourage others on the list choose to do the same.

--Lucky





From unicorn at schloss.li  Tue Nov 19 12:49:20 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 19 Nov 1996 12:49:20 -0800 (PST)
Subject: NO commo to "Faggot" cypherpunk list
In-Reply-To: <3291A407.2E94@earthlink.net>
Message-ID: <Pine.SUN.3.94.961119154224.13259D-100000@polaris>


On Tue, 19 Nov 1996, Stephen Boursy wrote:

> Date: Tue, 19 Nov 1996 07:11:51 -0500
> From: Stephen Boursy <boursy at earthlink.net>
> To: freedom-knights at jetcafe.org
> Cc: cypherpunks at toad.com
> Subject: Re: NO commo to "Faggot" cypherpunk list
> 
> George A. Stathis wrote:
> > 
> > Black Unicorn wrote:
> >
> >>> Any list run by an admitted Faggot is no place 
> >>> where I will allow an audience.
> 
>   That certainly is your right alough I'd personally
> differ.


Watch it.  I didn't write the above.

> 
> >>
> >>Oh, this guy is for free speech.  Sure.
> 
>   I saw nothing to the contrary--did you?

Free speech, except for some undesireables, who are defective because I
say so.  I'd call that contrary.

> 
> >>Freedom Knights?  Try Knights of the KKK.
> 
>   Oh my.
>  
> > I think you ought to realize by now, Mr. "Black Unicorn", that
> > aga (like everyone of us) has a right to his own likes and dislikes.
> > They may alienate some people, offend others, but I sincerily believe
> > that equating his "dislike of faggots" to the "KKK" is seriously
> > misleading.

Hate is hate.  Period.  Listen to the KKK sometime.  It's not only the
color of one's skin that attracts their ire.

He can hate whomever he pleases.  When he begins to preach that those
individuals are somehow sub-human, defective, he is advocating anything
but freedom and free speech.  (Unless perhaps you could include in
"freedom" the freedom to put all those of a certain race or sexual
preference on an island somewhere and sink it). 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Tue Nov 19 12:50:49 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 19 Nov 1996 12:50:49 -0800 (PST)
Subject: [NOISE] U.S. CIA employee caught spying
In-Reply-To: <199611191440.GAA14684@toad.com>
Message-ID: <Pine.SUN.3.94.961119154849.13259E-100000@polaris>


On Tue, 19 Nov 1996 trei at process.com wrote:

> Date: Tue, 19 Nov 1996 09:42:01 +0000
> From: trei at process.com
> To: cypherpunks at toad.com
> Cc: trei at toad.com
> Subject: Re: [NOISE] U.S. CIA employee caught spying
> 
>  Tim Scanlon <tfs at adsl-122.cais.com> writes:
> > This is on the local DC news;
> > Harold Nicholson age 46, a CIA employee was arrested for spying today
> > at Dulles airport. He allegedly has been working for the Russians
> > for the past 2 years. 
> > He was caught after he failed a series of polys, and bank account 
> > irregularities had been noticed, as well as suspcious travel.
> > They got him on hidden video apperently photocopying documents
> > that he intended to pass along.
> > Tim
> 
> If he's found guilty, I hope that they throw the book at the traitor. He
> apparently  was a trainer of agents, and as such was in a positiona to 
> identify many to the Russians. I wonder how many died so he could 
> earn his $140,000? 

It seems clear that none died.

He had access (but its unclear if he turned over) a list of every agent
trained in the last two years.

> 
> Peter Trei
> trei at porcess.com
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From jf_avon at citenet.net  Tue Nov 19 13:21:13 1996
From: jf_avon at citenet.net (Jean-Francois Avon)
Date: Tue, 19 Nov 1996 13:21:13 -0800 (PST)
Subject: The Utility of Privacy
Message-ID: <9611192120.AA04926@cti02.citenet.net>


On 19 Nov 96 at 6:31, Duncan Frissell wrote:


> Owning gold in America in 1930 vs 1933

Hi Duncan.

Do you have any documentation or historical references to the reason they gave 
for forbidding ownership of gold?  Just curious...

How about gold backed Magic Money tokens?  :)

Ciao

jfa
Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 





From rcgraves at ix.netcom.com  Tue Nov 19 13:53:17 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Tue, 19 Nov 1996 13:53:17 -0800 (PST)
Subject: The Utility of Privacy
In-Reply-To: <Pine.SUN.3.94.961118185330.29557A-100000@polaris>
Message-ID: <32922C21.438E@ix.netcom.com>


Black Unicorn wrote:
> 
> On Mon, 18 Nov 1996, Sandy Sandfort wrote:
> 
> > The problem with having a whole lot of private information about
> > you floating around in public is not what damage it can do to you
> > now, but rather the problems it potentially could cause in the
> > future.  Just about everyone on this list has been to university.
> > Not long ago, a college education was essentially a death warrant
> > in Cambodia....
> 
> Oh, come on.  That could never happen here.

[Where is "here" for every list member?]

Not bloody likely, no, but Mr. Kasczynski or the Symbionese Liberation
Army could take a disliking to you for similar reasons. And you never 
know where you might travel. I've got a journalist friend who's paranoid 
about appearing at any political event because she's afraid she won't be 
allowed back into China or Southeast Asia if it comes out that she gives 
a damn about human rights.

A seasonal haiku, original author unknown:

Open your present
No, you open your present
Kasczynski Christmas

-rich





From sunder at brainlink.com  Tue Nov 19 14:22:16 1996
From: sunder at brainlink.com (Ray Arachelian)
Date: Tue, 19 Nov 1996 14:22:16 -0800 (PST)
Subject: Cpunks Frog Forwards discontinuation
In-Reply-To: <0N4mXD23w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.91.961119170427.1664A-100000@beast>


On Tue, 19 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Ray Arachelian <sunder at brainlink.com> writes:
> >
> > This has been moved to sunder at sundernet.com (hosted via brainlink, the
> > fascist dorsai account is no more.)
> 
> The search engines show ray at earthweb.com, sunder at brainlink.com,
> arachel at poly.edu, ray.arachelian at f204.n2603.z1.fido.org, sunder at escape.com,
> sunder at dorsai.org, 103070.2610 at compuserve.com, sunder at sundernet.com - wow.

Oh, wow, Vulis has learned to use the search engines, I'm impressed!  Not 
all the accounts you list still work, as you might not have figgured it 
out, search engines remember information that's obsolete, so more than 
half of those are long gone.

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder at sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================






From cyberhawk at mailmasher.com  Tue Nov 19 14:26:26 1996
From: cyberhawk at mailmasher.com (cyberhawk)
Date: Tue, 19 Nov 1996 14:26:26 -0800 (PST)
Subject: Lucky your no punk...
Message-ID: <199611192226.OAA19091@mailmasher.com>


 Lucky Green <shamrock at netcom.com> writes:
 > Beginning Monday, 11/25/96, I will bounce all email from the various
 > (non-)subscribers polluting this list with garbage back to the
 > authors. Furthermore, I will attach documents describing basic
 > Internet rules of conduct to each bounce.
 >
 > I would encourage other Cypherpunks to do the same.

Lucky:

Are you an elitist cypherpunk? It sounds like you've out grown the designation
of punk.

Punk:   1. worthless or unimportant person. 2. a petty hoodlum -adj, 3. poor
in quality.

You are hereby promoted.  You are now a cypher-corporal in the elite crypto
army.  God Speed my boy.

We'll keep a candle lite for you son if you someday choose to return to the
great un-washed masses.

Chow-baby,

Rocky J. Squirrel





From hyperlex at hol.gr  Tue Nov 19 14:33:29 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Tue, 19 Nov 1996 14:33:29 -0800 (PST)
Subject: Reputation based hiring (was REQUESTING INFORMATION)
Message-ID: <199611200231.AAA16348@prometheus.hol.gr>


At 01:02 �� 19/11/1996 -0500, Clay Olbon II wrote:

>I won't comment on who I will or won't hire.  I will state that I believe
                                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>that what a person posts is a relevant issue when it comes time to make a
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>hiring decision.
 ^^^^^^^^^^^^^^^

Very important admission here: WATCH out what you say, folks, from now
on. Say it _real_ nice, or else you WON'T GET HIRED!!! No "abuse", from
now on... :-)

aha, aha, aha! NOW I understand the insecurity and the fear of young
*unemployed* Americans. NOW I understand... :-)



>If someone thinks that another should not be hired for
>whatever reason, I support their right to hold that belief and even to
>publicize it.  

Likewise. But ONLY publicly, in contrast to you (hiding it)...


><rant against cypherpunks deleted>
  ^^^^^^^^^^^^^^^^^^^^^^^^

There was NO rant "against cypherpunks" as such.
You could label my text a 'rant', by all means, but I note with interest
your attempt to turn it "against cypherpunks" (Setting a new target to what
was only a... friendly-clay-bullet, dear Clay). :-)


I would never hire you. What I need is people with a VISION;
NOT people with IMPAIRED VISION, distorting things so unreliably.

I need TRUE VISIONARIES able to work creatively in High Technology.
People like Philip Kahn (Hurrah) and Richard Branson (Hurrah, Bravo);
even Bill Gates himself, were SELF-MADE visionaries.

In contrast... people "threatening others with unemployability files",
are CLAY MEDIOCRITIES.

Your reputation is correct, given the kind of people you are 'selling'.
(Slaves in fact, just like in the SLAVE TRADE times... -High I.Q. slaves).

I would suggest, Clay, that you are indeed doing a good Job. But if you
are a... "Cypherpunk" then... I am the Emperor of Mars! :-)




>I won't follow you into the gutter on this one.  That horse has been dead
                             ^^^^^^
>for days (and it is beginning to smell really bad).
>        Clay                     ^^^^^^^^^^^^^^^^

You know Clay, if only you knew what TREASURE you have giveth me today :-)
I never even knew this existed locked up inside a... Smelly Clay Gutter...

Many thanks anyway
George

P.S. (deleted)


********************* CORPORATE GUTTER FOLLOWS: ***********************

>I would say you are a decent, honest, fearless man trying to do a job which

RANT DELETED


>with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
>guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',

RANT DELETED


>the guy's back. WHAT is going on? I've been harrassed and threatended TOO,
>just because of defending him or supporting people's rights to a fair trial?

RANT DELETED


>I have no disagreement with your down-to-earth explanations. But...
>Sooner or later your 'sheep-leader' Mr. Gilmore will start blocking access
>to MORE geniouses (other than Voulis, who I think _could_ be one) to your
>list, and then encryption will be entrusted to morons who can at ANY moment
>have their coding systems BROKEN!!!

RANT DELETED


>unemployability (as indeed happened in the letter quoted below) it's an
>alarming sign that the _criteria_ for employability are no longer your
>own decent down-to-earth criteria (honesty, intelligence, trust-worthiness)

RANT DELETED


>It's only recently that the type of fascist harrassment like "We'll put
>you on our U-list", has reached such ABUSE, MISUSE, and ALARMING FREQUENCY.

RANT DELETED



>You are, most probably, a real person with very real responsibilites.
>In this case, I appreciate you a lot, and hopefully my complaints have
>reached the right man's ear.


RANT DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

DDDDDDDDDDDDDDDDDDDDDDDDDDDDELETED.


huh?







From snow at smoke.suba.com  Tue Nov 19 14:43:48 1996
From: snow at smoke.suba.com (snow)
Date: Tue, 19 Nov 1996 14:43:48 -0800 (PST)
Subject: Reputation distortions?
In-Reply-To: <v0300780faeb77279ea48@[206.119.69.46]>
Message-ID: <199611192300.RAA01464@smoke.suba.com>


> At 6:05 am -0500 11/19/96, snow wrote:
> >     Reputation could also eleminate the need for judges. If Matt Blaze,
> >or Randall S. were to try to claim a specific bounty, people would be
> >more likely to accept their claim than if I were to do so.
> I'm not saying that Gauss *didn't* discover the normal distribution. I'm
> saying that he didn't have to *prove* he did. Of course not. He was the
> greatest mathematician of his time, and probably since.
> I'd call the event a reputation distortion.

      With either system proposed (market based contracts v.s. bounty) 
you are paid for code. Let's face it, with reputation capital, losses (i.e.
bad moves/actions/whatever) are far more costly than good moves pay. 

     To use a sports analogy: If you fumble the ball, and allow the runner
to score, more people are going to remember it than if you make a couple of
baskets.

     What was the thing that killed Bushes chances of re-election against 
a rather weak canidate? One lie "No new taxes".

     If Gauss had been called on it, what would have happened? If the caller
could _prove_ he was lying, what then? He still would have been the
greatist mathmatician of the time, but he would have been seen as a liar
and a crackpot. We know how that works don't we.  


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From hyperlex at hol.gr  Tue Nov 19 14:45:45 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Tue, 19 Nov 1996 14:45:45 -0800 (PST)
Subject: "Don't Hire Lists" of FASCIST SCUM Tim May
Message-ID: <199611200243.AAA17334@prometheus.hol.gr>


At 10:18 �� 17/11/1996 -0800, Timothy C. May <tcmay at got.net> wrote:
(in response to a rather civilised condemnation of censorship I had written
 as defense of someone _else_, a person whom I don't even know)...

>"Not ethical"?
>
>But we will do it anyway. Moreover, some of us maintain lists of "Do Not
>Hire" persons. Few high tech or Silicon Valley software companies will hire
>such folks.
>
>Congratulations, Stathis, as you are now on such a list.


First of all, I question your right to have 'authority', not only for this,
but for dictating to "Cypherpunks" what persons to trust or to distrust.

BECAUSE you are NOT a "cypherpunk". You are a CypherScumBag-Fascist.

People sent me PRIVATE letters asking how to converse in encrypted E-mail
due to FEARS that people like YOU, ASSHOLE, are monitoring them.

THIS is why you got me angry. I URINATE upon your Unemployability files.
I got BALLS meaning I got my OWN job. And I can tear you apart in front
of everybody NOW, because it took me a fucking long time NOT to need to
remain SILENT in front of FASCIST ASSHOLES LIKE you. DIE, Scum!






Well, my friends and I have been compiling OPEN lists of *Fascist Scum*,
_undesirable_ among...parties and wild sexy holidays in Greek Islands. :-)
For example in _my_ island of Kythera (birthplace of Goddess Venus) where
I also have a house, often relaxing there to flee the 'rat-race' madness.
(whenever I can steal some time from running my _own_ business in Athens).

In any case...
**************************************************************************
Congratulations, Master Tim, you've earned yourself the No[1] place in our
own... _legal_ blacklist of Fascist Scum who are Undesirables in... Greek
Islands. If you ever come to Greece we'll *ruin* your holidays... :-)
**************************************************************************
ROTFL!!!


(seriously now...)



"Unemployability lists" are *illegal* in _Europe_ anyway, you know.
They are specifically illegal in the "Human Rights and Protection of
Private Records of Information" Acts, of the EUROPEAN PARLIAMENT...
The only _legal_ 'unemployability files' in _Europe_ are those involving
penal convictions, as well as _true_ records of previous employment. And
if someone can _prove_ in a European court that someone else's slanderous
activity ruined their prospects of employment, you go to jail, poor Tim...
In Europe, freedom of opinion and style of self-expression OUTSIDE WORK,
are irrelevant, actually.. Even inside a company they're relevant if and
only if they damage the profits or the reputation or other company assets.
(And good programmers are tolerated for being wild eccentrics, _anyway_).

HOWEVER...
This is *nothing*, compared to what _will_ happen in a few years time,
when SUCH so-called 'UNEMPLOYABLE PERSONS FILES' are gonna be taken to
Publicity and also to (European) Justice. We'll convict you to pay such
a great FINE for malicious harm to individuals all over the world, that
you will CRAWL inside a hole somewhere in your United States and never,
************************************************************
ever, ever, attempt to leave the shitty polluted hole of yours anymore.

You will be screaming for help from the ACLU, and hiring bodyguards! :-).


Of course, _Mafia-like Fascist McCarthian Scum_ like yourself laugh with
'human rights laws'... (Especially European Laws)...

So, if THIS didn't scare ya, there is MORE for you AT HOME:

***************************************************************************
The hordes of U.S. University Graduates, left unemployed by the year 2005
or 2010, will LITERALLY FRY YA alive, scumbag Tim, chop off your head and
pin it on a lamp-post, IN YOUR OWN COUNTRY, because they'd be *very* angry
with fascist scum like you, undermining their (already widespread) serious
unemployment, which is likely to cause many deaths in RIOTS and TURMOIL...
***************************************************************************

As for me... :-)

I imagine myself waking up in my Greek island house one day, reading the
NEWS: "Lynch Mob in the States torture and murder controversial holders
of 'unemployability lists', blaming them for their own unemployment"; Wow!

And as I sip my (100% _real_) orange juice with cheerful REAL people, in
a beach-bar near my island-house, I will sigh; starting to tell my friends
a story(!) about WHAT this strange news is about, and WHO was this Fascist
American "Tim May", murdered by mobs of angry young American unemployed...

(MY CONDOLENCES).


In fact...

Long before THIS day is over, poor old Tim, you will start having REAL
nightmares at night:

Because NOBODY can protect you, NOW, when you crawl YOUR streets at night; 

streets already UNSAFE, you know. And THIS lack of safety is part of your

DEPLORABLE standard of living over there: NOT the money; what money BUYS!


So...
Don't *ever* threaten again ANY European, with your "U-lists", especially
Europeans who have their OWN businesses, and who can also write _much_
better software code (in 'PROLOG' & 'Assembler') than you, dumb-old-Tim!

You are ALREADY obsolete, disposable, pseudo-human NOISE; Trash from your
own past, when Senator McCarthy's 'unemployability threats' sent the U.S.
back to the Middle Ages. You are welcome to get BACK to those Middle Ages,
if you like; So as to follow the drain-pipe-highway of OTHERS like you...


>We got computers, we're tapping phone lines, I know that that ain't allowed.

We got computers, we're TRANSCENDING your technology, we'll smash you one day
LEGALLY (if your compatriots don't murder you ILLEGALLY, long before then)...

Tim May,
    May you (already) "live" in an "interesting time" (Chinese Curse).

                     ("live"?... for how long? :-) )


With *much* delight about your self-chosen TROUBLES,

George Alexander Stathis
(Hellenic Software Producer, and PROLOG/ASM programmer)

(my web page is now being prepared with the help of a friend, who lives in
 Kalamata and started his OWN Web site there.






From ichudov at algebra.com  Tue Nov 19 15:08:41 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Tue, 19 Nov 1996 15:08:41 -0800 (PST)
Subject: CAVE Query
In-Reply-To: <1.5.4.32.19961119163629.006c216c@pop.pipeline.com>
Message-ID: <199611192220.QAA03605@manifold.algebra.com>


how about posting it to anonymously to the USENET and providing a link
from your page to DejaNews explaining how to do a filter query.

igor

John Young wrote:
> 
> We've received by black bag a 25-page doc entitled:
> 
>      TR45.3, Appendix A to IS-54,  Rev. B
> 
>      Dual-Mode Cellular System
> 
>      Authentication, Message Encryption, Voice Mask
>      Generation, A-Key Verification, and Test Data
> 
>      February, 1992. No Source.
> 
> It describes the CAVE cryptographic function in detail,
> and its use to generate a set of cryptovariables for the 
> Cellular Message Encryption Algorithm (CMEA); for 
> generation of 520 bits for the duplex voice privacy masks; 
> and for other tasks.
> 
> Each page warns that information in the document may be
> subject to export jurisdiction under ITAR.
> 
> Does anyone know if this is already available on the
> Web?
> 
> TIA of incarceration.
> 



	- Igor.





From aba at dcs.ex.ac.uk  Tue Nov 19 15:14:41 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Tue, 19 Nov 1996 15:14:41 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <3291C46F.142A@earthlink.net>
Message-ID: <199611191237.MAA00639@server.test.net>



Steve Boursy <boursy at earthlink.net> writes:
> Dale Thorn wrote:
> > But are you suggesting that if I trade my labor for some material item
> > which was built with other people's labor, and that material item is
> > sufficiently portable that it doesn't have to occupy a significant
> > piece of real estate (i.e., a house, a large boat), *they* should be
> > able to take that material item away from me anyway on whatever pretext,
> > on the basis that possession of it is a *privilege*?  Is my paycheck,
> > given to me directly for my labor just a privilege?
> 
>   That's a fair question.  I don't begrude one's ownership of their
> fair share--but I do have serious problems with what we shall
> call 'accumulators' if you will.  For them I have contempt and no--
> they do not have that right of possession and often such 'work' is
> at the expense and on the backs of others.

I'm an accululator :-)

The investments I have I worked for.  The investments I have are as a
result of forgone immediate pleasures (no flash cars, foreign
holidays, no hire-purchase, no consumer electronics etc).  You
probably would look down on my current "standard of living" (something
real life aquaintances like to rib me about).

See, if you spend your money now, on the above, you have no right to
criticize me when I look relatively wealthy later.  It's your choice
to blow your money.

Btw, people of your mentality (communists/socialists) already make it
very difficult for me to accumulate, due to the exhorbitant tax rates
to support those who chose to blow their money as soon as they have it
(or often _before_ they have it, incurring 25% APR credit card
interest rates on top).

For the list of abusive taxation regimes thread: UK tax rates are 24%
basic, 40% higher rate.  Plus 10% national insurance `contributions'
(compulsory state pension payments).  Plus 17.5% VAT.  Plus property
tax.  Plus `capital gains' tax (at either 24% or 40%, the same as
whatever income tax rate you're on).  Plus ~400% Fuel tax rates
(petrol is L 2.76 / imperial gallon which is 3.66 US $ / US gallon!).

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From ph at netcom.com  Tue Nov 19 16:17:32 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Tue, 19 Nov 1996 16:17:32 -0800 (PST)
Subject: Playing Cards - Caution!
Message-ID: <v02140b01aeb7f62047d8@[192.0.2.1]>


At 10:57 AM 11/19/1996, Alan Bostick wrote:
> Thirty-two bits of randomness in a space that is 225 bits wide leave
> room for an awful lot of order.

The maximum entropy after one riffle shuffle is actually about
48 bits, assuming the deck was split in half.  That is, n! / k! (n-k)! =
52! / 2 * 26! ~= 4.9592 * 10^14.  log_2 4.9592 * 10^14 = 48 bits.
(Think of one half of the deck of k cards fitting into n possible
holes.  The order of each half of the deck is guaranteed, so this
can be thought of as the number of ways k balls fit into n holes.
What about the other half of the deck?  They just fall into the
empty holes.)

Assume the split introduces about 4 more bits, and we get 52 bits
of possible shuffles.  However, in practice a riffle shuffle may be
more predictable.

It is possible that 32 bits of entropy are introduced with each riffle
shuffle, but it is not obviously true.  For a cryptographic application,
the standard is higher than for almost any other.  So, if it is not
clear that something is the case, probably it shouldn't be used.

>> A model is presented which Diaconis believes is similar to how people
>> shuffle in real life.  What is troubling from a cryptographic point of
>> view is that there is little empirical evidence to back this up.  What
>> is more, Diaconis mentions that there is some variation in shufflers.
>> A neat shuffler will be less random.  (Side note: The Economist claims
>> Diaconis can execute 8 perfect shuffles in less than a minute.  This
>> means the deck is returned to its original order!)

> Mathematics does not rely on empirical evidence. ;-)

That's true, but the application of mathematics certainly does
depend on empirical evidence.  I would be very surprised if Diaconis
made a mistake with the math.  I think the math is what primarily
interests him.  From his book I did not see a lot of evidence that
a great deal of empirical research on card shuffling had been performed.
Rather, a few mathematicians here and there appear to have tried out
the model and decided that it more or less works.  For the standards
we should apply, those of a cryptographic application, this is not
good enough.

>> The study of randomness in cards looks much harder to me now.  Also,
>> flaws which may be exploitable for financial reasons when real money
>> is on the table may have to be substantially more dramatic than the
>> flaws required to exploit, for instance, an alleged one-time pad.

> Do bear in mind that, unless you distill its entropy through hashing,
> a randomly-ordered deck of cards is going to show a lot of seemingly
> non-random properties if you try to use it as a one-time pad.  Most
> obviously, because each card in the deck is dealt once and only once,
> there must of necessity be correlations between cards dealt early in
> the deck and cards dealt later.  (Card-counters at blackjack tables
> make their money by exploiting these correlations.)

I solved this problem in my original message on the subject.  You use
the order of the cards to represent your message.  Then you use a
fully shuffled deck to mix up the mapping of the cards to numbers.  If
the deck is truly randomly ordered, the scheme I proposed is a true
one time pad.  (If I made an error, I would like to hear about it!)

Tangentially, I would be reluctant to rely on a one time pad whose
key was produced by a hash function.  We assume that the hash function
is cryptographically secure, but if we can assume that, we might as
well assume that some cryptosystem is secure.  One time pads are supposed
to avoid those types of assumptions.

> The randomness of rolling dice is much more easy to interpret than that
> of dealt cards.

I agree completely.  In practice, you pretty much have to have a
computer to make use of the original schemes I proposed.

The literature on card shuffling is quite interesting.  A number of people
over many years have worked on this.  It looks to me like there's lots
more interesting work to be done.  Many readers of this list would
probably find Diaconis's book interesting.

There might even be a number of new attacks possible on card games.
If 7 riffle shuffles does not, in fact, bring the deck to complete
entropy it means that a number of combinations of cards are unlikely.
Is the distribution of pokers hands perfectly even?  They may not
be.  Solving this problem in the general case appears to be very
hard.  But, some progress could be made by modeling real shuffling
and looking for patterns in the relationships between the cards
electronically.  Conceivably, poker hands are not as random as people
believe.  While the cards you have in your hand may be random, their
relationship to other cards may not.

This is like a pseudo random number generator.  If you don't notice
the pattern, you will believe you are looking at a random number
stream, but in fact you are not.

However, the entire subject is orthogonal to my goals right now.

Peter Hendrickson
ph at netcom.com







From jgrasty at gate.net  Tue Nov 19 17:11:35 1996
From: jgrasty at gate.net (Joey Grasty)
Date: Tue, 19 Nov 1996 17:11:35 -0800 (PST)
Subject: WinSock Remailer Resuming Operation
Message-ID: <199611200111.UAA38820@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Y'all:

I'm pleased to announce that the WinSock Remailer is resuming
operation tonight at 11:00 PM EST from winsock at rigel.cyberpass.net.

All messages to the remailer must be PGP encrypted.  The public
key for this remailer is:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQBtAzKL9KEAAAEDANpSkWhtxPQXO4A/igS1TKsrHpBIgLd07sgKHmcwGsnPcI5K
h2/T1rm3E8lRw5zKWd5MDs7b9Ku7+/V1SjEs2XmpiX1aJ7oN2LJvQ9OO5Z01CwUA
7LFnSfcOrGCnk0ADrQAFEbQuV2luU29jayBSZW1haWxlciA8d2luc29ja0ByaWdl
bC5jeWJlcnBhc3MubmV0PokAdQMFEDKL9PjDgztlfPQWWQEBlYYC/iv5zt+v8E/N
puymUHLHavlBr9XuP7XVECW3trUxSRdCqnVp1el7fHIQNaN0hw+DW9KutOuumm+u
ZzwStZ94dimBYlmSedZ4t4f6DAOK0WZ6wosi/tV5IGlgCdIQA7o2W4kAdQMFEDKL
9M4OrGCnk0ADrQEBWCYDAIlhADaxwBSb2Edz9A5oqAq6YddIVSJdUwuIiN5TvKPa
oRXdpkpEYRi1JOUPNy+vLCF21c9LLUYcKMxMvIJPGq6OSBy6VzCdaiOS/yBz7fsH
9I4X5IwoNnf0/Mm+di5zlA==
=/UGi
- -----END PGP PUBLIC KEY BLOCK-----

Here's the info for the remailer-list:

$remailer{"winsock"} = "<winsock at rigel.cyberpass.net> cpunk pgp hash cut ksub reord";

I'll be adding "post" to this list after I get a more thorough 
testing of the NNTP code that I added for authentication.  "latent"
is also pending.

The remailer will run every 60 seconds from 12:00 AM to 8:00 AM
every day and whenever I am online.  Cyberpass automatically spools
the messages when I am not connected.

Those of you that want to run your own remailer may obtain a copy 
of the remailer from links from the WinSock Remailer Home Page
at:

  http://www.cyberpass.net/~winsock/

Currently, the remailer runs only under Windows 3.1, but a version
for Windows NT and 95 will be available shortly.

Note:  alt.religion.scientology and alt.clearing.technology are
blocked.  I'm not interested in run-ins with either supporters
or detractors of the Church of Scientology.  Binary and picture
groups are also blocked, but only because I don't have the 
bandwidth to support them.  I invite people who want remailers
to post to these groups to download the remailer and operate it
for themselves.

Regards,

Joey Grasty
Jim Ray
WinSock Remailer Operators


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpJaEQ6sYKeTQAOtAQEhZwMAqPnQG0a6Vm4HSx111ha1VulP7ClWqRba
66v/Ff5hLssO+nWbnEKb3VQ/sJEEdQzGQk2lMGeradxQBt0YANiymGkpNR66uAGg
a5rtisLAfmwJNJSGhvJtPaMd4r7HnSG3
=EN8y
-----END PGP SIGNATURE-----





From unicorn at schloss.li  Tue Nov 19 17:18:59 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Tue, 19 Nov 1996 17:18:59 -0800 (PST)
Subject: Does John Gilmore...
In-Reply-To: <199611192041.MAA04325@kachina.jetcafe.org>
Message-ID: <Pine.SUN.3.94.961119201130.13259J-100000@polaris>


On Tue, 19 Nov 1996, Dave Hayes wrote:

> Date: Tue, 19 Nov 1996 12:41:23 -0800
> From: Dave Hayes <dave at kachina.jetcafe.org>
> To: freedom-knights at jetcafe.org
> Cc: cypherpunks at toad.com
> Subject: Re: Does John Gilmore... 
> 
> Black Unicorn writes:
> > Dave Hayes writes:
> 
> > > > Again, you confuse free speech with free broadcast.
> > > Isn't broadcast a subset of speech, especially in this culture?
> > That which is broadcast is certainly speech.
> > Trying to draw some kind of "right to be broadcast" as a result is
> > stupidity or ignorance, or both.
> 
> Then I suppose you want to control all mailing lists, USENET groups,
> and web pages. These are broadcasts, and of course they have no rights
> other than what you seem to want to give them.

If I owned it, of course I would control it.  Many groups are moderated.
And no university is compelled to carry a group by any law or ethical
principal that I can think of.

You are simply exhibiting the symptoms of a spoiled brat because you have
been fortunate enough, thus far, to rely on the benevolance of whoever is
providing you your newsfeed.  The fact that control is not exercised, does
not mean it doesn't exist.  In reality control is exercised in many ways.

Thus your attempt to demonize me merely exposes your ire for the system as
it now exists, your fanciful dreams of how it should be aside.

> > Anyone has the right to, e.g., start a mailing list, or a newsletter.
> > No one has the right to compell ABC or FOX or John Gilmore or anyone
> > else to broadcast their speech.  (The rarest exceptions, like equal time
> > rules, exist in election contexts).
> 
> But what about this letter? It is cc'd to two mailing lists. I own the
> Freedom Knights one, John Gilmore owns the cyperpunks one. Does that
> mean that both of us have to approve it before it gets sent? Do we
> both own it?

Those bits which go to your list you clearly have the right to regulate.
Those that go to Mr. Gilmore's, likewise.

This is where you fail, with the basic inability to distinguish ownership
of intellectual content and the right to compell its broadcast by whomever
might control the medium.
 
> > Learn the difference.  Go to law school before you argue free speech
> > concepts in any detail.  
> 
> "Laws" do not cover the net's "multicast" technology.

>Snort<  I suppose you live in the only true anarchy?

> Distinguishing communication types so as to control those who use them
> is not going to solve your problem. You are much better off, from a
> practical standpoint, learning to control what you see and hear rather
> than attempting to control others. 

I'm not sure what the above babble means.  I'm not sure you are either.

> One does not need a school to see this, it sits under one's nose like
> a milk moustache.

This is the uneducated man's excuse.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From zachb at netcom.com  Tue Nov 19 17:42:53 1996
From: zachb at netcom.com (Z.B.)
Date: Tue, 19 Nov 1996 17:42:53 -0800 (PST)
Subject: Cracks Are Found In Smartcard Security (fwd)
Message-ID: <Pine.3.89.9611191551.A25119-0100000@netcom>


[This was on the Defcon list...apologies if it's already been posted today.]


Zach Babayco 

zachb at netcom.com <-------finger for PGP public key
http://www.geocities.com/SiliconValley/Park/4127
-----
If you need to know how to set up a mail filter or defend against 
emailbombs, send me a message with the words "get helpfile" (without the 
" marks) in the SUBJECT: header, *NOT THE BODY OF THE MESSAGE!*  I have 
several useful FAQs and documents available.


---------- Forwarded message ----------
Date: Tue, 19 Nov 1996 21:17:49 +0000
From: Simon Gardner <simon at access.org.uk>
To: aaa-list at access.org.uk
Cc: dc-stuff at dis.org
Subject: Cracks Are Found In Smartcard Security

Cracks Are Found In Smartcard Security


Researchers have found a way to attack tough codes, says Michael
McCormack.

A team of Cambridge and German researchers have used ordinary hacking
methods and �150 worth of electronics equipment to crack the "world's
most secure computer chip", used in automated teller machines worldwide.

They say their technique could be used to reprogram a wide variety of
supposedly secure smartcard applications, including the Mondex "money on
a card" bankcard, GSM phones, and satellite TV descramblers.

Dr Ross Anderson, of Cambridge University Computer Laboratory, working
with German researcher Markus Kuhn, used methods pioneered by Sky-TV
hackers to crack the Dallas chip, described by the manufacturer as
having "the most sophisticated security features available in any
microcontroller" and used in most of Britain's cash machines.

The chip decodes the information read from bankcards and authorises the
bank machine to process transactions ordered by the owner. It is also
used by the Mondex system to verify the amount of electronic money
available to the cardholder.

Anderson and Kuhn used cheap and easily built electronic equipment to
send wrong instructions to the chip, observing how it encrypted bad
data. By sending such errors through all parts of the encryption system,
they could work out its key.

"You will have to have backup security"

"Once you know that, you can instruct it to put some zeros on the end of
your Mondex balance, start unscrambling your satellite feed, anything
you like," Anderson said. "Breaking the average smartcard can be done by
anyone with a modicum of technical knowledge by the methods we have
described. The expense is negligible but it is time-consuming."

Their discovery could spell the end of the Mondex system, which relies
entirely on the security of the smartcards for its integrity. "I don't
think you will be able to have floating systems like Mondex any more,
where all the information is held on the smartcards," said Anderson.

"You will have to have backup security with authorisation calls and
auditing, just like ordinary credit cards. The smartcards are no longer
reliable on their own."

John Beric, head of security at Mondex, said security was a moving
target, and he was unconcerned by the findings. "I welcome Dr Anderson's
work, because it's a benchmark that establishes the difficulty of
breaking the system," he said. "I take some comfort that it's taken a
Cambridge academic and a very bright student to do this."

Beric said Mondex had a scheme for continually improving its security by
transparently introducing new smartcard chips every two years. "It's not
static, we're ahead of the criminal now, and we believe the technology
is there to ensure that we stay ahead."

Anderson said his latest research indicated that two of the world's most
widely used systems for encoding sensitive financial information - the
RSA and DES encryption standards used by most banks - could also be
cracked easily."

[The London Telegraph, 19th November 1996]






From hyperlex at hol.gr  Tue Nov 19 17:47:36 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Tue, 19 Nov 1996 17:47:36 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611200546.DAA28027@prometheus.hol.gr>


At 08:17 �� 19/11/1996 -0500, Black Unicorn wrote:
[snip]
>Forward complaints to : European Association of Envelope Manufactures
>Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
>Vote Monarchist         Switzerland
      ^^^^^^^^^^

Monarchiste et... Cypher-punk, n'est pas? :-)

Alors, pour vous Monsieur, je dis:  Liberte Egalite Fraternite.

Peut'etre votre... Rois trouve le medecin contre la... Decapitation.
<plonk>


Alors, combien d'argent vou voulais pour mon droit dans votre
"mailing list", Excellence?  Dit mois, Dit!

Je vous... pris !!! ROTFL

Vive le Rois
Georges :-)

P.S. All the nutcases gather here at once? No wonder they're 'unemployable'.








From deviant at pooh-corner.com  Tue Nov 19 17:54:15 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Tue, 19 Nov 1996 17:54:15 -0800 (PST)
Subject: My PGP Key
Message-ID: <Pine.LNX.3.94.961120015145.3557A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----


I'd just like to say, to everyone with my PGP key, that the one you have
should be removed, it is no longer valid (lost in disk crash).

Also, I've finally gotten around to finding why PGP stopped running for so
long on my machine, and it works now, so here's my new key.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzKSSsQAAAEH/1QbvzR/tN+L759w0oGhqOzp+FputqlVx0Rr7+rWxzULd5Qs
+MXZjMh+187RA7Q2GwNIijOEL27nUqpAmMT8Rb5dc0k0T4ubDCD7/phN31eoUkDy
iV/TnwajrfyEmiFX2Rz1iVc9Zg8VC+x4Uho9pEO9l7cc6PaCFhKXb+hJn/q6ZiCA
GaQPu7wtL+bKu+aENFa+eCXOnCN1UsiTaNIfOYDlB5G+6XzE3yY8pN6kK0uDyfb3
C+ScCcxd7tEaFnn9w9I4Hp6GqNtwoL8RfCHPj9ojvODoLCa5TgQ0aT+LlGsDryhR
5T0vI7tPhuzw4h0hHcVZogIjakQkMJ0SHegg8BUABRG0JVRoZSBEZXZpYW50IDxk
ZXZpYW50QHBvb2gtY29ybmVyLmNvbT4=
=gbdI
- -----END PGP PUBLIC KEY BLOCK-----

 --Deviant
When we write programs that "learn", it turns out we do and they don't.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpJkjTCdEh3oIPAVAQFNogf9FR+TarEEGpVvL/id/cP1mNiB9YsT5t09
8+OWNgIUYid2DIejVWBkNkbdcAmLxYMaqlOmAzqQxizaDqDIjFstNOPwLEmELv1B
XXWv7BqRtI3yKkGs8ntamTbtV7cER1SknBIr5xnfbyDbltMcitApwZ7ixSywc8YQ
o8qq/mEmftDIgoiFcK65Cj/IsMuW+jQIxu+7xH9l3ivoi5H79/lgLTKbPtH9ISdv
e35Y1zIbfsblgyeveJwOVXTBYQd8TFvLylBxDyk+Oh9icpdkt/Qk5277BICw4l1z
KmCkQ1spbumUcd0h2qnZijJPrQWiBqHZYGs/2MAl7pUGbx3gIR3d5w==
=ECKT
-----END PGP SIGNATURE-----






From pclow at extol.com.my  Tue Nov 19 18:01:33 1996
From: pclow at extol.com.my (pclow)
Date: Tue, 19 Nov 1996 18:01:33 -0800 (PST)
Subject: [NOISE] aga isn't on cypherpunks... (and I'm glad)
Message-ID: <96Nov20.181004gmt+0800.21889@portal.extol.com.my>


> 
> That is your last warning, Mike.  If you start harasing my postmaster,
> I will have your fucking ass in Federal Court before you can blink.

Errrr..... what has Paul's oversexed donkey got to do with this list or the Federal
Court? Sorry, I'm not in the US and my knowledge of US culture is very limited.

----------
From: 	paul at fatmans.demon.co.uk[SMTP:paul at fatmans.demon.co.uk]
Sent: 	Monday, November 18, 1996 11:58 PM
To: 	aga
Cc: 	cypherpunks at toad.com
Subject: 	Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)


> 
> That is your last warning, Mike.  If you start harasing my postmaster,
> I will have your fucking ass in Federal Court before you can blink.
> 






From dswain at pacificnet.net  Tue Nov 19 18:05:48 1996
From: dswain at pacificnet.net (David Swain)
Date: Tue, 19 Nov 1996 18:05:48 -0800 (PST)
Subject: Squirrel goes Mixmaster-only
In-Reply-To: <19961118140419.21236.qmail@squirrel.owl.de>
Message-ID: <329266C6.4BE4@pacificnet.net>


Johannes Kroeger wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Hello remailer users!
> 
> I'm sorry, but my ISP complained that the huge mail traffic for
> squirrel overloaded their servers.  Effective immediately, my remailer
> accepts only Mixmaster packets and is not listed in Raph's type-1
> statistics anymore.  The operation of the nym server at weasel.owl.de
> is not affected.
> 
> Regards,
> Johannes
> 
> - --
> Johannes Kroeger                <jkroeger at squirrel.owl.de>
> Send me mail with subject "send pgp-key" to get my PGP key
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: latin1
> 
> iQEVAgUBMpBs1bwPSJ4oQv5pAQF3Agf/UYmh1P7DM0Wqy9Dzoq/e0jZdvcTDHpNH
> 2MFohAmU1rYn0tKCRW1jUDkG8ULAmfM4HY+aSdKwoihndLL4wTRkhzcl2qePVx6L
> 69ZEs7EpTLpdiFuTAvIvAD8AInqRZY1WgKII9jk7gccU379gl8nxDZtlIyA89jrG
> 795R8QWysQs5zfyQ4VtS2s94ZchFJD+Wp5u6fsVhzklsjxwb43EdVZ4/dPUFo7nO
> azctBYNpWdJBW2Rf81zQDE2OPPs+2kXcvDXU/cg64gtGVGf+8okysEr2fEqdVkFe
> yQsFvpNngaClUSu6xxMIJXiTy3WlbEYXceQE6hUGStq/PkhqKxkqYQ==
> =nAT3
> -----END PGP SIGNATURE-----
go fuck yourself





From dswain at pacificnet.net  Tue Nov 19 18:07:41 1996
From: dswain at pacificnet.net (David Swain)
Date: Tue, 19 Nov 1996 18:07:41 -0800 (PST)
Subject: How to Unsubscribe, yet again
In-Reply-To: <v03007801aeb65341705f@[207.167.93.63]>
Message-ID: <32926724.409C@pacificnet.net>


Timothy C. May wrote:
> 
> At 9:31 AM +0000 11/18/96, Piotr Kunio wrote:
> >unsunscribe
> 
> I can understand people in other lands having some troubles with many
> English words, but one would've thought the constant stream of comments
> about the correct spelling of "subscribe" and "unsubscribe" would
> eventually get through. Or that people would learn to cut-and-paste from
> posted instructions.
> 
> Once again, instructions on unsubscribing are included below.
> 
> Alas, as usual, those most in need in need of such instructions are the
> least likely to ever read these messages.
> 
> --Tim
> 
> To subscribe to the Cypherpunks mailing list:
> 
> -send a message to: majordomo at toad.com
> 
> -body message of: subscribe cypherpunks
> 
> To unsubscribe from the Cypherpunks mailing list:
> 
> -send a message to: majordomo at toad.com
> 
> -body message of: unsubscribe cypherpunks
Read the instructions asshole!!!





From se7en at dis.org  Tue Nov 19 18:08:54 1996
From: se7en at dis.org (se7en)
Date: Tue, 19 Nov 1996 18:08:54 -0800 (PST)
Subject: The NSA Responds
Message-ID: <Pine.BSI.3.91.961119180307.16430C-100000@kizmiaz.dis.org>



The NSA responded to a series of 14 questions posed to them by the 
Houston Chronicle regarding their involvement and interest in cryptography.
While this article is not recent, it is still very interesting.

Because of the size, I have not posted it here. It can be found at:

http://www.dis.org/se7en/    and click the on "The NSA"

The question list is:

1. Has the NSA ever imposed or attempted to impose a weakness on any 
cryptographic code to see if it can thus be broken?

2. Has the NSA ever imposed or attempted to impose a weakness on the DES 
or DSS?

3. Is the NSA aware of any weaknesses in the DES or the DSS? The RSA?

4. Has the NSA ever taken advantage of any weaknesses in the DES or the
DSS?

5. Did the NSA play a role in designing the DSS? Why, in the NSA's 
analysis, was it seen as desirable to create the DSS when the apparently 
more robust RSA already stood as a de facto standard?

6. What national interests are served by limiting the power of 
cyptographic schemes used by the public?

7. What national interests are served by limiting the export of 
cryptographic technology?

8. What national interests are at risk, if any, if secure cryptography 
is widely available?

9. What does the NSA see as its legitimate interests in the area of 
cryptography?  Public cryptography?

10. How did NSA enter into negotiations with the Software Publishers 
Association regarding the export of products utilizing cryptographic 
techniques? How was this group chosen, and to what purpose? What statute 
or elected representative authorized the NSA to engage in the
discussions?

11. What is the status of these negotiations?

12. What is the status of export controls on products uing cryptographic 
techniques? How would you respond to those who point to the fact that 
the expot of RSA from the U.S. is controlled, but that its import into 
the U.S. is not?

13. What issues would you like to discuss that I have not addressed?

14. What question or questions would you like to pose of your critics?

se7en





From drose at AZStarNet.com  Tue Nov 19 18:13:20 1996
From: drose at AZStarNet.com (drose at AZStarNet.com)
Date: Tue, 19 Nov 1996 18:13:20 -0800 (PST)
Subject: Dogpile
Message-ID: <199611200212.TAA20052@web.azstarnet.com>


While Rome is burning, and with apologies in advance for the lack of vitriol
in this post, I would like to point out a new and effective means of
searching the Web and Usenet.

Check out Dogpile (with which I have no affiliation).






From rcgraves at ix.netcom.com  Tue Nov 19 18:21:49 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Tue, 19 Nov 1996 18:21:49 -0800 (PST)
Subject: Reputation distortions?
In-Reply-To: <199611192300.RAA01464@smoke.suba.com>
Message-ID: <32926B04.7CAC@ix.netcom.com>


snow wrote:
> 
> > I'm not saying that Gauss *didn't* discover the normal distribution. 
> > I'm saying that he didn't have to *prove* he did. Of course not. He 
> > was the greatest mathematician of his time, and probably since.
> > I'd call the event a reputation distortion.[...]
>      If Gauss had been called on it, what would have happened? If the 
> caller could _prove_ he was lying, what then? He still would have been 
> the greatist mathmatician of the time, but he would have been seen as 
> a liar and a crackpot. We know how that works don't we.

No.

I think the more common case is "the rich get richer, the poor get 
poorer." The truth is insufficent when honesty puts you at a 
disadvantage.

-rich





From iang at cs.berkeley.edu  Tue Nov 19 19:05:53 1996
From: iang at cs.berkeley.edu (Ian Goldberg)
Date: Tue, 19 Nov 1996 19:05:53 -0800 (PST)
Subject: Playing Cards - Caution!
In-Reply-To: <v02140b00aeb6e056bb78@[192.0.2.1]>
Message-ID: <56ts6f$2t9@abraham.cs.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

In article <EMgky8m9Lkmb085yn at netcom.com>,
Alan Bostick <abostick at netcom.com> wrote:
>Note: I haven't read Diaconis's work; just some reports of it in the news
>section of SCIENCE more than ten years ago, so people should take what
>I say with more than a grain of salt.
>
>
>Here is a (surely oversimplified) model of a less-than-perfect riffle
>shuffle:  the deck is divided into two equal stacks, and the shuffler
>typically introduces some number k of "errors" that result in a pair
>of adjacent cards in the shuffled deck being exchanged (compared to 
>a perfectly-shuffled deck).  In a fifty-two-card deck there are fifty-one
>possible pairs to exchange.  log2(51) = 5.67, so we get 5.67 bits of 
>entropy for each exchange, if the exchanges are distributed uniformly
>through the deck.

I studied the "imperfect shuffle" thing in my Randomized Algorithms class
last year.  If I remember correctly, an "imperfect shuffle" is something like
this:

Cut the deck into two piles, left and right.  The number of cards in
(say) the left pile is distributed binomially.

Drop one card at a time to form the new deck.  A card is dropped from the
left or right pile, with probability proportional to the number of cards
remaining in that pile.

   - Ian "someone else can figure out the entropy of this..."

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpJ0CkZRiTErSPb1AQHeJQP/c+LDI5dP1FWBb8TrArZYJ/LGTMsCnSIr
TWXEV1ZC7U30aKcXwYcoRh0COg3iSPpwwNCr8qveZz/F4t2nR9J1feu27NE2AqE/
M4CozehsGoX9jW4/zzZu+2M6YK2EhBlRu5JpsKUax7It0VBQCz34BccT+e/8CXMj
Ym+nS0zF7CM=
=s9HO
-----END PGP SIGNATURE-----





From jmr at shopmiami.com  Tue Nov 19 19:14:33 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Tue, 19 Nov 1996 19:14:33 -0800 (PST)
Subject: Rogue Governments Issuing Policy Tokens
Message-ID: <199611200314.WAA35686@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Wed Nov 20 22:12:52 1996
Hal wrote:

<snip>

> I can't see the U.S. allowing Libya and similar countries to create
>  policy
> tokens.  The whole point of this exercise is to prevent these countries
> from being able to use strong crypto.  So they will certainly not be on
> the approved list.

I think Tim was referring to a "Panama" or "'80s Iraq" situation, rather 
than a stable enemy state like Libya. Unless the hardware has some way of 
making itself have a short lifetime, there will be problems when U.S. policy 
changes or when one is stolen.

<snip>

> Companies which try to sell computers with these
>  chips
> in them risk getting a "big brother inside" (to use Tim's very effective
> slogan) reputation.  I think this initiative is going nowhere.

Amen. Sometimes these policy initiatives seem so ham-handed that the 
suspicious side of me wonders "what they're really up to." They can't 
seriously think they can control this any more than they can control the 
ocean, at least not without an awesome (even for this century) world-wide 
police-state.
JMR

P.S. Please, everyone, try not to feed the flamefest-knights, so they will 
someday (hopefully) go away. Creative killfiling can only do so much.


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr at shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMpPItzUhsGSn1j2pAQF19QfQhGqLa5BBoxcPdX+FGyY6zCQY5jOQA5y5
HJjB28jQGGmqiNFpXsqh2UB+aRMCYknWmshG3kBOsPqpQBiIRaHpUalYTsDxdnIA
bd8rwHvY8uD6aCKdaU1yAE+fXbdLuwClUYL9SbeoLo/84ITRKWNX8LuBCPF5fROS
soRrsx1noLW4V9rFvhYRmFXp7czmHGAl2ItOcndNv1xBLFea8BJ3VdbrNWgTO4rc
Q2glxaqMYqd1gF3Q2uFz2u5NLlh0Ba+1MZCF9MJQ1yXdL4N0Ucov5pAeiBWCg8Ef
h0BkekE6oiE9OUeu3YUZjVb0V4CcUeejUIYPxj/a97RiiA==
=mNwN
-----END PGP SIGNATURE-----






From dlv at bwalk.dm.com  Tue Nov 19 19:30:27 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 19 Nov 1996 19:30:27 -0800 (PST)
Subject: Invitation to PhD defense
In-Reply-To: <56qnou$5va@sdcc12.ucsd.edu>
Message-ID: <2a9NXD28w165w@bwalk.dm.com>


Path: perun!news2.panix.com!panix!newsfeed.internetmci.com!news.sprintlink.net!news-peer.sprintlink.net!howland.erols.net!swrinde!ihnp4.ucsd.edu!sdcc12.ucsd.edu!cs!markus
From: markus at cs.ucsd.edu (Markus Jakobsson)
Newsgroups: sci.crypt
Subject: Invitation to PhD defense
Message-ID: <56qnou$5va at sdcc12.ucsd.edu>
Date: 18 Nov 1996 22:25:34 GMT
Organization: CSE Dept., U.C. San Diego
Lines: 12
NNTP-Posting-Host: beowulf.ucsd.edu

On December 9th, I will defend my thesis, ``Privacy vs. Authenticity'',
proposing an efficient and versatile payment system that balances
privacy requirements against protection against criminals. 
If you are in San Diego at this time, I would like to invite you to
the defense. For more details, please contact me by email.

Markus Jakobsson

-- 
Research: privacy vs. authenticity, digital cash, zero-knowledge.
Homepage: http://www-cse.ucsd.edu/users/markus/
Email   : markus at cs.ucsd.edu





From minow at apple.com  Tue Nov 19 19:58:59 1996
From: minow at apple.com (Martin Minow)
Date: Tue, 19 Nov 1996 19:58:59 -0800 (PST)
Subject: NYT article on Holocaust
Message-ID: <v03007802aeb830c8f401@[17.202.40.158]>


An article in today's (Tue, Nov 19, 1996) New York Times described
how British intelligence had early information of the slaughter of
European Jewery through the decryption of German radio messages.
(Although not noted in the article, this is presumably Ultra
decryption of Enigma).

The information was not acted upon, and the article offers
a number of reasons, among which was a (not unreasonable) fear that
doing so would compromise Ultra. The article also notes that
the decryptions were kept so secret that the information was
not available at post-WW2 war crimes trials (such as Nurenburg).

I suppose that this could offer a counter argument to the NSA FUD
"If you only knew what we know."

Martin.
minow at apple.com









From dlv at bwalk.dm.com  Tue Nov 19 20:00:26 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 19 Nov 1996 20:00:26 -0800 (PST)
Subject: 1996 Codebreakers
In-Reply-To: <199611200032.TAA23642@homeport.org>
Message-ID: <k50NXD29w165w@bwalk.dm.com>


Adam Shostack <adam at homeport.org> writes:
> 	I just got a review copy of the new (1996) ed. of Kahn's The
> Codebreakers from my local used bookstore.  Its a little disapointing,
...
> & DH.  Nothing on Cypherpunks, little on how privacy can be enhanced.

Some folks have a very unrealistic opinion of their own importance.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ph at netcom.com  Tue Nov 19 20:06:41 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Tue, 19 Nov 1996 20:06:41 -0800 (PST)
Subject: Playing Cards - Caution!
Message-ID: <v02140b05aeb82f58b9c5@[192.0.2.1]>


At 6:59 PM 11/19/1996, Ian Goldberg wrote:
> I studied the "imperfect shuffle" thing in my Randomized Algorithms class
> last year.  If I remember correctly, an "imperfect shuffle" is something like
> this:

> Cut the deck into two piles, left and right.  The number of cards in
> (say) the left pile is distributed binomially.

> Drop one card at a time to form the new deck.  A card is dropped from the
> left or right pile, with probability proportional to the number of cards
> remaining in that pile.

>   - Ian "someone else can figure out the entropy of this..."

This is the approach described by Diaconis.  I think his book will
show you how to calculate the entropy, too.  (It's a cool book.
The same section shows how to do a magic trick using three riffle
shuffles.  A member of the audience inserts the mystery card in
the deck after the three riffle shuffles.  Then the magician
spreads the cards on the table and looks for one which does not
line up with one of the several interleaved sequences in the deck.)

However, it is not obvious to me that this is how it works every
time, for sure, guaranteed, no doubt at all, in the real world.
Diaconis mentions that the amount of entropy varies very substantially
by shuffler.  I also judged his experimental data to be limited.

Furthermore, I am suspicious of the model itself.  A binomial distribution
is convenient to use, but I don't think that's how people cut cards
in practice.  I think that it is a much more "pointy" distribution with
lower entropy.  When I cut the deck there are less than 4 bits of entropy.

But, I have to admit that if I worked my way through the book and
learned a little related math, I might be convinced.  But, even then
I would probably judge it to be too tenuous for security applications.

Incidentally, some big names have worked on this problem, like Graham
and Shannon.

Peter Hendrickson
ph at netcom.com







From jf_avon at citenet.net  Tue Nov 19 20:22:00 1996
From: jf_avon at citenet.net (Jean-Francois Avon)
Date: Tue, 19 Nov 1996 20:22:00 -0800 (PST)
Subject: [NOISE] U.S. CIA employee caught spying
Message-ID: <9611200421.AB16984@cti02.citenet.net>


>  Tim Scanlon <tfs at adsl-122.cais.com> writes:
> > This is on the local DC news;
> > Harold Nicholson age 46, a CIA employee was arrested for spying today

Did he used any crypto-tools we use?  Did he used PGP?  Would be fun to hear 
about... :)

jfa
Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 





From dave at kachina.jetcafe.org  Tue Nov 19 20:28:33 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Tue, 19 Nov 1996 20:28:33 -0800 (PST)
Subject: Does John Gilmore...
Message-ID: <199611200427.UAA06378@kachina.jetcafe.org>


> On Tue, 19 Nov 1996, Dave Hayes wrote:
> > Black Unicorn writes:
> > > Dave Hayes writes:
> > > > > Again, you confuse free speech with free broadcast.
> > > > Isn't broadcast a subset of speech, especially in this culture?
> > > That which is broadcast is certainly speech.
> > > Trying to draw some kind of "right to be broadcast" as a result is
> > > stupidity or ignorance, or both.
> > Then I suppose you want to control all mailing lists, USENET groups,
> > and web pages. These are broadcasts, and of course they have no rights
> > other than what you seem to want to give them.
> If I owned it, of course I would control it.  

If you really owned it, you would not need to control it. 

> You are simply exhibiting the symptoms of a spoiled brat because you have
> been fortunate enough, thus far, to rely on the benevolance of whoever is
> providing you your newsfeed.  

Methinks you know not to whom you are speaking to. Those that know may
see just how the seeds of assumptions are sown in this person's mindset.

> The fact that control is not exercised, does not mean it doesn't
> exist.  In reality control is exercised in many ways.

The fact that control exists does not mean it is effective, necessary,
or appropriate. Unchecked need to control is merely an outward sign of
a lack of inner control, which is a disease most control freaks have. 

> Thus your attempt to demonize me merely exposes your ire for the system as
> it now exists, your fanciful dreams of how it should be aside.

I am not attempting to demonize you...you do that to yourself well
enough. I have no interest in your support or opposition, other than
as a tool to show those who can see where certain specific attitudes
come from.

> This is where you fail, with the basic inability to distinguish ownership
> of intellectual content and the right to compell its broadcast by whomever
> might control the medium.

I maintain that it is neither appropriate nor in any sense beneficial
to apply this kind of draconian control to internet communication in
the general sense.

> > > Learn the difference.  Go to law school before you argue free speech
> > > concepts in any detail.  
> > "Laws" do not cover the net's "multicast" technology.
> >Snort<  I suppose you live in the only true anarchy?

Why is it that when less regulation is desirable, the kneejerk
response is to declare that desire anarchistic? 

Human attempts at creating and imposing "law" are arbitrary,
inefficient, and subject to change based on the whim of those 
who claim to own their implementation.

> > Distinguishing communication types so as to control those who use them
> > is not going to solve your problem. You are much better off, from a
> > practical standpoint, learning to control what you see and hear rather
> > than attempting to control others. 
> I'm not sure what the above babble means.  

Hence your attempt to control others.

> I'm not sure you are either.

Hence your inability to understand the concept of "honor".

> > One does not need a school to see this, it sits under one's nose like
> > a milk moustache.
> This is the uneducated man's excuse.

"Education" has very little to do with knowledge and a lot more to do
with external approval, in the sense you appear to be using it.
"Indoctrination" and "Conditioning" are the two terms that best fit
your apparent notion. 

We all know how far those have gotten us in the past 2000 years.
One can see this "progress" by looking at the net's attempts to control
Mr. Grubor...
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

A king who feared wasps once decreed that they would be abolished.

As it happened, they did him no harm. But he was eventually stung to death
by scorpions. 







From drink at aa.net  Tue Nov 19 21:09:40 1996
From: drink at aa.net (! Drive)
Date: Tue, 19 Nov 1996 21:09:40 -0800 (PST)
Subject: Symantec ask user to post registry(passwords and all) in newsgroup
Message-ID: <3.0.32.19691231160000.006923d8@aa.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 796 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961119/68b95429/attachment.bin>

From ichudov at algebra.com  Tue Nov 19 21:16:14 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Tue, 19 Nov 1996 21:16:14 -0800 (PST)
Subject: Reputation based hiring (was REQUESTING INFORMATION)
In-Reply-To: <199611200231.AAA16348@prometheus.hol.gr>
Message-ID: <199611200507.XAA06809@manifold.algebra.com>


George A. Stathis wrote:
> I would never hire you. What I need is people with a VISION;
> NOT people with IMPAIRED VISION, distorting things so unreliably.
> 
> I need TRUE VISIONARIES able to work creatively in High Technology.
> People like Philip Kahn (Hurrah) and Richard Branson (Hurrah, Bravo);
> even Bill Gates himself, were SELF-MADE visionaries.
> 
> In contrast... people "threatening others with unemployability files",
> are CLAY MEDIOCRITIES.

You do not want "visionaries" who will steal your files and ruin your
business. There are many persons who are very smart and creative, and
yet one can expect to have a net loss from hiring them. Intelligence and
any other factor cannot be the sole determinants of employments.

Reputations are very important economically: since everyone knows that
their reputations, and not only current contracts, are on the line, they
avoid incurring losses to their employers for a short-term illicit gain.
That prevents a lot of theft, for example, among other things.

Also, employers have their own gain by discriminating between employees
with an expected loss and employees with expected profit. Employees,
likewise, can gain by having good references from previous employers.

If you, in your "pro-freedom" rage, somehow manage to make employers to
ignore reputations when they make hiring decisions, you will immediately
create incentives for an economically damaging behavior. As a result, 
there would be a net loss in the economy. People will also trust others
less because cheating will not be punished as seriously as it is now.
Lack of trust would force them to waste more money on lawyers.

George, if you calmed down a little bit, you would have thought about
the following: just as people have the right to speak on, say,
cypherpunks mailing list, people have exactly the same right to speak on
"hiring-punks" discussion list. There is not a whole lot of difference.
Limitations to one right (like rules by list owners) are exactly
the same. It is illogical to defend one right and to deny another.

Another issue is, whom should we trust in their "DON'T HIRE ..." 
recommendations? You could insist, for example, that a certain list
made by a certain person should be ignored because that person was
not fit to make hiring recommendations. I do not view such activity
as economically damaging. 

If you, however, fought with the very notion of "unemployability
lists", you would in fact create an economic loss. Of course you are
still free to speak against these lists, but your position is not
sound.

Another issue: can employers base their decisions on the content of
applicant's USENET posts and other public messages? Why not?  Just as
"DON'T HIRE" lists, this is an issue of freedom: employers should be
free to seek whatever information they can find.

I may be completely mistaken, but I think that some of the
freedom-knights misunderstand what freedom of speech means. It is not a
positive right that someone (John Gilmore or Dave Hayes or the
government in form of free subsudized broadcast) should provide. There
is no "right to broadcast". Rather, this is something that the
government cannot regulate and take away. In the broadcast example,
no one should be forbidden by law to broadcast anything. That's it.

Of course, different people can disagree on whether kicking various
persons out of mailing lists and not allowing certain persons to
subscribe to certain mailing lists is a good idea, BUT this is not the
issue of freedom of speech as a constitutional right.

	- Igor.





From nobody at cypherpunks.ca  Tue Nov 19 21:20:14 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 19 Nov 1996 21:20:14 -0800 (PST)
Subject: Lucky your no punk...
In-Reply-To: <199611192226.OAA19091@mailmasher.com>
Message-ID: <199611200514.VAA05121@abraham.cs.berkeley.edu>


> From: cyberhawk <cyberhawk at mailmasher.com>
>
> Lucky:
> 
> Are you an elitist cypherpunk? It sounds like you've out grown the designation
> of punk.
> 
> Punk:   1. worthless or unimportant person. 2. a petty hoodlum -adj, 3. poor
> in quality.

Umm, 4. (English slang, vulgar) Someone who is homosexual.






From craigsw at ozemail.com.au  Tue Nov 19 22:40:04 1996
From: craigsw at ozemail.com.au (Craig S. Wright)
Date: Tue, 19 Nov 1996 22:40:04 -0800 (PST)
Subject: Snare, any info
Message-ID: <01BBD709.894CA640@thorin.ozemail.com.au>


Does anyone have any info on a piece of software called: Snare

It is an encryption program for tcp/ip from windows PC's or so they say

from http://www.capres.com

Thanks Craig






From jf_avon at citenet.net  Tue Nov 19 23:05:01 1996
From: jf_avon at citenet.net (Jean-Francois Avon)
Date: Tue, 19 Nov 1996 23:05:01 -0800 (PST)
Subject: "Don't Hire Lists" of FASCIST SCUM Tim May
Message-ID: <9611200704.AA25470@cti02.citenet.net>


On 20 Nov 96 at 0:43, George A. Stathis wrote:

> In any case...
> **************************************************************************
> Congratulations, Master Tim, you've earned yourself the No[1] place in our
> own... _legal_ blacklist of Fascist Scum who are Undesirables in... Greek
> Islands. If you ever come to Greece we'll *ruin* your holidays... :-)
> **************************************************************************

[snip]

> HOWEVER...
> This is *nothing*, compared to what _will_ happen in a few years time,
> when SUCH so-called 'UNEMPLOYABLE PERSONS FILES' are gonna be taken to
> Publicity and also to (European) Justice. We'll convict you to pay such
> a great FINE for malicious harm to individuals all over the world, that
> you will CRAWL inside a hole somewhere in your United States and never,
> ************************************************************
> ever, ever, attempt to leave the shitty polluted hole of yours anymore.

[snip]

> >We got computers, we're tapping phone lines, I know that that ain't allowed.
> We got computers, we're TRANSCENDING your technology, we'll smash you one
> day LEGALLY (if your compatriots don't murder you ILLEGALLY, long before
> then)... Tim May, May you (already) "live" in an "interesting time" (Chinese
> Curse). ("live"?... for how long? :-) ) With *much* delight about your
> self-chosen TROUBLES, 

Hey George, have you ever heard a guy named Jim Bell?

jfa
Jean-Francois Avon, Montreal QC Canada
"One of theses centuries, the brutes, private or public, who believe
that they can rule their betters by force, will learn the lesson of
what happens when brute force encounters mind and force."
                                              - Ragnar Danneskjold
PGP key at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 





From snow at smoke.suba.com  Tue Nov 19 23:20:10 1996
From: snow at smoke.suba.com (snow)
Date: Tue, 19 Nov 1996 23:20:10 -0800 (PST)
Subject: Reputation based hiring (was REQUESTING INFORMATION)
In-Reply-To: <199611200231.AAA16348@prometheus.hol.gr>
Message-ID: <199611200736.BAA03489@smoke.suba.com>


> At 01:02 =EC=EC 19/11/1996 -0500, Clay Olbon II wrote:
> >with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
> >guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',

    Huh? People are most certainly guilty before "proven" so, the government
just isn't allowed to _assume_ their guilt, or to _act_ like they are guilty.

     If you purchase LSD in America, you are guilty of a felony--Drug 
trafficing. Wether the court _finds_ you guilty or not is another story. 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From aga at dhp.com  Wed Nov 20 02:12:21 1996
From: aga at dhp.com (aga)
Date: Wed, 20 Nov 1996 02:12:21 -0800 (PST)
Subject: FUCK YOU punk/was:Taking out the garbage
In-Reply-To: <P65mXD24w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961120050108.20078A-100000@dhp.com>


On Tue, 19 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Tue, 19 Nov 96 07:42:36 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv at bwalk.dm.com>
> Reply-To: freedom-knights at jetcafe.org
> To: freedom-knights at jetcafe.org
> Subject: Re: Taking out the garbage
> 
> >From cypherpunks-errors at toad.com  Tue Nov 19 02:39:20 1996
> Received: by bwalk.dm.com (1.65/waf)
> 	via UUCP; Tue, 19 Nov 96 07:38:34 EST
> 	for dlv
> Received: from toad.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>         id AA05505 for cypherpunks; Tue, 19 Nov 96 02:39:20 -0500
> Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id SAA02766 for cypherpunks-outgoing; Mon, 18 Nov 1996 18:15:31 -0800 (PST)
> Received: from netcom6.netcom.com (shamrock at netcom6.netcom.com [192.100.81.114]) by toad.com (8.7.5/8.7.3) with SMTP id SAA02760 for <cypherpunks at toad.com>; Mon, 18 Nov 1996 18:15:17 -0800 (PST)
> Received: (from shamrock at localhost) by netcom6.netcom.com (8.6.13/Netcom)
> 	id SAA04695; Mon, 18 Nov 1996 18:15:16 -0800
> Date: Mon, 18 Nov 1996 18:15:15 -0800 (PST)
> From: Lucky Green <shamrock at netcom.com>
> Subject: Taking out the garbage
> To: cypherpunks at toad.com
> Message-Id: <Pine.3.89.9611181823.A3117-0100000 at netcom6>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-cypherpunks at toad.com
> Precedence: bulk
> 
> Beginning Monday, 11/25/96, I will bounce all email from the various 
> (non-)subscribers polluting this list with garbage back to the 
> authors. Furthermore, I will attach documents describing basic 
> Internet rules of conduct to each bounce.
> 

Somebody tell this stupid motherfucker that there are NO "basic
Internet rules of conduct."

He who tries to make or enforce any rules DIES!

> I would encourage other Cypherpunks to do the same. 
> 

Yeah boy, you are a PUNK allright.

A "punk" is a wimp-like pussy, and anybody that associates with
John Gilmore is suspected of also being a faggot.

> [Flames: /dev/null.]
> -- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
> 

If you try to make or enforce any rules and YOU DIE cocksucker!
Your presents shall be totally eliminated form this InterNet!
Your connection will be TERMINATED at once! 

fuck you punk, and fuck all of your "rules"

-aga






From dave at cave.gctech.co.jp  Wed Nov 20 02:39:43 1996
From: dave at cave.gctech.co.jp (David Wuertele)
Date: Wed, 20 Nov 1996 02:39:43 -0800 (PST)
Subject: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <v03007800aeb7b8522b6a@[207.167.93.63]>
Message-ID: <ygelobxjbm7.fsf@cave.gctech.co.jp>


"Timothy C. May" <tcmay at got.net> writes:

> (As noted in the Declan story, the machinery of having government issue
> policy cards, if successful, essentially blocks dissidents and
> revolutionaries from gaining certain powers. The U.S. _used_ to support
> dissidents and revolutionaries in various countries...no longer, I guess.
> The price of winning the Cold War: complacency.)

I don't think it has to do with complacency.  US support for "dissidents and
revolutionaries" was definitely not based on revolutionaryism, nor on
"cold-war" policy support for democracy, as Noam Chomsky likes to drill into
our heads over and over.

> Time to dust off those "Big Brother Inside" stickers someone had printed up
> a couple of years ago.

I know that Intel has succeeded in forcing the "Linux Inside" logo and stickers
off the net on threats of trademark infringement suits.  I have a feeling "Big
Brother Inside" would make them even more upset.

Dave





From aga at dhp.com  Wed Nov 20 02:52:14 1996
From: aga at dhp.com (aga)
Date: Wed, 20 Nov 1996 02:52:14 -0800 (PST)
Subject: The Limey PUNK needs TERMINATED
In-Reply-To: <848424019.97279.0@fatmans.demon.co.uk>
Message-ID: <Pine.LNX.3.95.961120054330.20078D-100000@dhp.com>


On Mon, 18 Nov 1996 paul at fatmans.demon.co.uk wrote:

what are you, fat?
you are now scheduled for termination as a result
of this e-mail.  this is your last warning.

> Date: Mon, 18 Nov 1996 15:58:09 +0000
> From: paul at fatmans.demon.co.uk
> To: aga <aga at dhp.com>
> Cc: cypherpunks at toad.com
> Subject: Re: [NOISE] aga isn't on cypherpunks... (and I'm glad)
> 
> 
> > 
> > That is your last warning, Mike.  If you start harasing my postmaster,
> > I will have your fucking ass in Federal Court before you can blink.
> > 
> 
> I on the other hand can kick your ass because I am in the UK and I 
> look forward to doing so immensely unless you stop sending shit to 
> the list...
> 

Hey you limey PUNK, you can not do SHIT!  If you get out of hand here,
I will mailbomb you into SMITHERINES!  And kill your whole fucking
site with fork-bombs if necessary.

>  
> 
>   Datacomms Technologies web authoring and data security
>        Paul Bradley, Paul at fatmans.demon.co.uk
>   Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
>        Http://www.cryptography.home.ml.org/
>       Email for PGP public key, ID: 5BBFAEB1
>      "Don`t forget to mount a scratch monkey"
> 


Paul Bradley seemsw to be just another faggot suppporting the
main Faggot, John Gilmore.

A "punk" means you are a WIMP!

I think it is about time for the Freedom Knights to
just kick the fucking shit out of the cypherpunks list!

This is your last warning, punk.

If you get out of line again, both you and your list
will be terminated.

-aga






From aga at dhp.com  Wed Nov 20 03:33:04 1996
From: aga at dhp.com (aga)
Date: Wed, 20 Nov 1996 03:33:04 -0800 (PST)
Subject: Does John Gilmore SUCK COCK?
In-Reply-To: <199611200427.UAA06378@kachina.jetcafe.org>
Message-ID: <Pine.LNX.3.95.961120062407.20078J-100000@dhp.com>


Somebody censored the header in this article,
and we put it back.  You know, that is the worst
kind of censorship, when somebody attempts to avoid the issue.

This whole case started with Vulis who is heterosexual vs.
John Gilmore who is homosexual.  The fact is that homosexuals
must not be allowed to have any "control" priveleges on this
Internet any more.

The question is, does this John Gilmore really take it
up the ass?  Whether or not he is a FAGGOT is a very relevant issue
here, and it must not be overlooked.

On Tue, 19 Nov 1996, Dave Hayes wrote:

> Date: Tue, 19 Nov 1996 20:27:53 -0800
> From: Dave Hayes <dave at kachina.jetcafe.org>
> Reply-To: freedom-knights at jetcafe.org
> To: Black Unicorn <unicorn at schloss.li>
> Cc: freedom-knights at jetcafe.org, cypherpunks at toad.com
> Subject: Re: Does John Gilmore... 
> 
> > On Tue, 19 Nov 1996, Dave Hayes wrote:
> > > Black Unicorn writes:
> > > > Dave Hayes writes:
> > > > > > Again, you confuse free speech with free broadcast.
> > > > > Isn't broadcast a subset of speech, especially in this culture?
> > > > That which is broadcast is certainly speech.
> > > > Trying to draw some kind of "right to be broadcast" as a result is
> > > > stupidity or ignorance, or both.
> > > Then I suppose you want to control all mailing lists, USENET groups,
> > > and web pages. These are broadcasts, and of course they have no rights
> > > other than what you seem to want to give them.
> > If I owned it, of course I would control it.  
> 
> If you really owned it, you would not need to control it. 
> 
> > You are simply exhibiting the symptoms of a spoiled brat because you have
> > been fortunate enough, thus far, to rely on the benevolance of whoever is
> > providing you your newsfeed.  
> 
> Methinks you know not to whom you are speaking to. Those that know may
> see just how the seeds of assumptions are sown in this person's mindset.
> 
> > The fact that control is not exercised, does not mean it doesn't
> > exist.  In reality control is exercised in many ways.
> 
> The fact that control exists does not mean it is effective, necessary,
> or appropriate. Unchecked need to control is merely an outward sign of
> a lack of inner control, which is a disease most control freaks have. 
> 
> > Thus your attempt to demonize me merely exposes your ire for the system as
> > it now exists, your fanciful dreams of how it should be aside.
> 
> I am not attempting to demonize you...you do that to yourself well
> enough. I have no interest in your support or opposition, other than
> as a tool to show those who can see where certain specific attitudes
> come from.
> 
> > This is where you fail, with the basic inability to distinguish ownership
> > of intellectual content and the right to compell its broadcast by whomever
> > might control the medium.
> 
> I maintain that it is neither appropriate nor in any sense beneficial
> to apply this kind of draconian control to internet communication in
> the general sense.
> 
> > > > Learn the difference.  Go to law school before you argue free speech
> > > > concepts in any detail.  
> > > "Laws" do not cover the net's "multicast" technology.
> > >Snort<  I suppose you live in the only true anarchy?
> 
> Why is it that when less regulation is desirable, the kneejerk
> response is to declare that desire anarchistic? 
> 
> Human attempts at creating and imposing "law" are arbitrary,
> inefficient, and subject to change based on the whim of those 
> who claim to own their implementation.
> 
> > > Distinguishing communication types so as to control those who use them
> > > is not going to solve your problem. You are much better off, from a
> > > practical standpoint, learning to control what you see and hear rather
> > > than attempting to control others. 
> > I'm not sure what the above babble means.  
> 
> Hence your attempt to control others.
> 
> > I'm not sure you are either.
> 
> Hence your inability to understand the concept of "honor".
> 
> > > One does not need a school to see this, it sits under one's nose like
> > > a milk moustache.
> > This is the uneducated man's excuse.
> 
> "Education" has very little to do with knowledge and a lot more to do
> with external approval, in the sense you appear to be using it.
> "Indoctrination" and "Conditioning" are the two terms that best fit
> your apparent notion. 
> 
> We all know how far those have gotten us in the past 2000 years.
> One can see this "progress" by looking at the net's attempts to control
> Mr. Grubor...

Anyone exercising any attempts at "control" are giving justified
reason for their immediate elimination.

> ------
> Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
> Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet
> 
> A king who feared wasps once decreed that they would be abolished.
> 
> As it happened, they did him no harm. But he was eventually stung to death
> by scorpions. 
> 
> 






From nobody at replay.com  Wed Nov 20 04:49:31 1996
From: nobody at replay.com (Anonymous)
Date: Wed, 20 Nov 1996 04:49:31 -0800 (PST)
Subject: st
Message-ID: <199611201249.NAA20943@basement.replay.com>



s






From alzheimer at juno.com  Wed Nov 20 06:12:27 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Wed, 20 Nov 1996 06:12:27 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961120.081244.12191.0.alzheimer@juno.com>


Associated Press 11/19/96

STOLEN COMPUTER HAS INFORMATION ON 314,000 ACCOUNTS  

Credit card holders often worry that some computer hacker will find his
or her way into their charge accounts. One thief took the low-tech route
and simply took an entire computer, its memory holding information on
hundreds of thousands of some of the best-known cards. The personal
computer was stolen earlier this month from a Visa International office
that processes charges on a number of different credit card brands, Visa
said Monday. Its memory included information on about 314,000 credit card
accounts, including Visa, MasterCard, American Express, Discover and
Diners Club, said Visa spokesman David Melancon. Some issuers, like
Citibank, which had about 33,000 accounts  affected, began calling
customers about the theft early last week. Citibank canceled the cards in
question and issued new ones, said spokeswoman Maria Mendler. The
personal computer was discovered missing from Visa's data processing
center at its main office in Foster City, Calif., on the evening of Nov.
8.  


American Banker, 11/19/96

MASTERCARD WILL BUY 51% OF SMART CARD FIRM MONDEX   

MasterCard International said Monday it would buy 51% of Mondex
International and promised significant investments to create a global
electronic cash system. The pending deal -- one of the card industry's
worst kept secrets -- puts MasterCard in the forefront of the smart card
race. Observers had criticized  MasterCard Cash, a smart card system that
was deemed less than successful in its Australian debut. With Visa Cash
in several pilots around the globe and American Express announcing a
licensing agreement last week for the Proton smart card technology owned
by 60 Belgian banks, many industry observers said the dash for dominance
would now begin in earnest. Mondex, developed by National Westminster
Bank of London and owned by 17 banks worldwide, is to retain its board,
staff, and organizational structure, acting as an independent subsidiary.
 


Financial Times: Monday, November 18, 1996
 
Electronic Money Threat to Banks 
 
By George Graham
 
Central banks could lose billions of dollars of revenue if consumers
start to
jettison the traditional banknote in favour of electronic money,
economists
from the Bank for International Settlements have warned. 
 
A report issued today by the BIS, the central bankers' central bank, says
innovations such as "electronic purses" loaded on to a smart card or
"digital
cash" used for making payments over the Internet could erode central
banks'
income from issuing banknotes. 
 
Note issue is a significant source of revenue for many central banks
because
the private sector must in effect make interest-free deposits to obtain
the
notes. 
 
The BIS cites studies estimating the loss of this "seigniorage" at more
than
$17bn (#10.3bn) for its 11 member countries if prepaid cards were to
eliminate all banknotes below $25 in value, although not all seigniorage
comes to central banks. 
 
Central banks could "consider issuing e-money value themselves" as a way
of
offsetting the lost income, the BIS says. Alternatively, it suggests,
they could
increase mandatory reserve requirements, although this would run counter
to
the trend towards lower minimum reserves. 
 
The BIS report appeared as MasterCard, one of the world's two leading
payment card consortia, prepared to expand its efforts to develop a
widely
accepted electronic purse by taking control of Mondex, a UK-developed
smart card.
 
MasterCard will announce today it is taking a 51 per cent stake in
Mondex,
which is currently on trial in Swindon and Hong Kong. Widespread 
substitution of e-money for cash could make it more difficult for central
banks -- by reducing their ability to control the money supply -- to
affect interest rates. But the BIS says this is unlikely to happen.
 
The BIS report warns that if central banks chose to issue their own
e-money, they "could limit competition or reduce incentives to innovate".
While no restrictions are usually imposed on the issue of single-purpose
prepaid smart cards, such as telephone cards, multipurpose electronic
purses, which can be used as money in a variety of places, raise
different questions. 
 
Some central bankers view them as comparable to deposit accounts, which
in most countries can be managed only by authorised banks. Others see
them
as equivalent to travellers' cheques, on which few restrictions are
imposed. 
 
The BIS report warns that any decision will involve a trade-off: "If
issuance
of e-money is limited to banks, the regulatory framework already in place
can
be extended to cover the new products, but competition and innovation
might
be more limited."
 
 

 
 
Washington Post: Sunday, November 17, 1996
 
Smart Cards Deal Simpler Life for Cash-Phobes
 
By Jane Bryant Quinn
 
The next piece of plastic the banks think you ought to keep in your
wallet is a
smart card. These cards come in several varieties, and most aren't yet
ready
for mass distribution. But pilot projects are forging ahead--in Atlanta,
in New
York City early next year, in Canada and in several other countries. 
 
There's no obvious consumer need for smart cards today. But the bankers
believe that you're going to love them anyway. You may even be mailed one
and urged to try it. 
 
Smart card promoters make the assumption that you hate to carry cash. You
hate fishing for bills and coins to buy a newspaper or a soda. You'd put
down plastic, instead. 
 
This plastic card has money on it, embedded in a computer chip. A $20
card, for example, will give you $20 in spending power.
 

If you buy a 75-cent newspaper, the seller will put your card in a
special
terminal and drain off 75 cents. No identification or signature is
required. 
 
You now have a card with $19.25 left on it. After spending $1 on a soda,
the
value of your card goes down to $18.25. If you forget the amount, you can
check it with a little portable card reader. Some readers also might list
the
last five things you've bought. 
 
Don't confuse a smart card with a debit card. When you pay by debit card,
money is moved automatically from your bank account into the merchant's
bank account. With a smart card, however, you first move money from your
bank account onto the card's computer chip. When you buy something, the
money moves from your card to the merchant's terminal and then,
electronically, to the merchant's bank. 
 
If every merchant, street vendor, taxi driver and bus accepted smart
cards,
you wouldn't have to carry cash. To some, that would be a huge
convenience; to others, it's a shrug. As long as some merchants took
smart
cards and others didn't, however, you'd have to carry both. 
 
Smart cards come in three varieties, some of them more flexible than
others: 
 
- A prepaid, disposable single-purpose card. Telephone cards are a good
example. You pay $10 or $20 for a card, dial a toll-free number, give the
number of your card and then make your telephone call. Minute by minute,
the cost of the call is deducted from the value of the card. When you've
drained all the money out of the card, you throw it out. 
 
- A prepaid, disposable bank card. You buy the card at a bank and can use
it at any store that has a terminal. 
 
- A reloadable card. When your money runs out, you can take it to the
bank,
an ATM or a special kiosk and load it up again. Visa, MasterCard,
Citibank and the Chase Manhattan bank will jointly test a reloadable card
in
a section of New York City next year. A reloadable card could also serve
as
your credit card, debit card or ATM card. 
 
What's in it for the bank? Eventually (although not at first), the bank
probably
would charge you for the card. There might be a fee when you accessed the
ATM to load it up. The merchant also would pay a fee, in return for
getting
what is presumably a more secure transaction. 
 
What's in it for consumers? A very little bit of convenience. Putting
down a
card is a tad quicker than fishing out cash. You always have the
equivalent of
exact change. You wouldn't have to count your change (but you'd have to
use the card reader to be sure the merchant's terminal deducted the right
amount). You may or may not pay more for the card than it costs to get
cash
from an ATM. 
 
For a while, the smart cards probably won't have any more than $100 on
them, and the limit might be lower than that. So they're strictly for
walking-around money. You'd still need your credit card, debit card or
checkbook for more serious shopping. 
 
If the card malfunctions--say, it registers $14 when you're sure you were
carrying $36--the bank can check the balance on the computer chip, says
Ron Braco, a senior vice president at Chase Manhattan. But if you lose
the
card, it's just like losing cash. You're out the money. 
 
Promoters of smart cards blue-sky a lot of national and international
uses that
aren't yet anywhere in sight. I'll probably wait for them. Banks have a
sales
job to do on people like me who don't find it a nuisance to carry cash. 
 
 
U.S. Banker: November 18, 1996
 
Scott Cook Considers His Next Move 
 
By Joseph Radigan
 
Today's home banking market would be very different -- and a lot smaller
--
without Scott Cook's Intuit. But a stab at processing payments fizzled
out,
and some banks still suspect the company wants to steal their customers. 
 
The message boards at America Online's Motley Fool investment center may
be one of the quirkiest sources for stock tips, but then individual
investors
have always been magnets -- or suckers for unconventional advice. 
 
Anyone who logs on to AOL can find a breadth of opinions on a vast
number of publicly traded companies and funds. But in this forum -- where
sage financial advice often takes a back seat to the cyberspace
equivalent of
a food fight, there are no favorites -- not even Intuit Inc., the company
that
since its formation 13 years ago has quietly, steadily nursed its
innovative
home banking program, Quicken, from a cult classic into a consumer
software powerhouse. While this was taking place, bank after bank was
throwing up its hands in frustration over its inability to convince more
than a
handful of customers to do their banking by personal computer. Clearly,
Intuit founder and chairman Scott Cook, a former marketing guy from
Procter & Gamble Co., understood something about consumers' banking
habits that bankers themselves just didn't get. But lately that hasn't
bought 
the
company any favors with some of Motley Fool's regular visitors. 
 
On September 12th, just days before the company reported its results for
the
fiscal year, one posting exemplified the sentiments of a small group of
AOL
subscribers that had soured on Intuit's prospects: "The party is over,
kids.
There was never a chance that a $ 300-million company was going to
control
a multi-trillion-dollar business. To buy into that was nuts to begin
with. Those
who did, most at more than $ 65 a share, are getting a new lesson in
large-bank thinking today." 
 
To see Intuit trashed in an on-line foram is especially ironic. After
all, it 
was
one of Wall Street's hot software stocks just as the high-tech sector
began
soaring to undreamed of heights two years ago, and, thanks to a marketing
relationship with AOL, Quicken and its no-frills stablemate, BankNow, are
the banking options of choice for the on-line service's subscribers.
Plus,
Quicken has become the preferred financial management software among the

computer-literate, and that was what persuaded nearly three dozen banks
to
sign marketing relationships with the company in the last 18 months. 
 
But the last 12 months have been rough on Intuit's stock. The price
peaked
at $ 89.25 in November 1995, and since the beginning of the year, it's
been
caught in a steady downward spiral. By mid-September, when the company
released the earnings for its July fiscal year, the stock was wallowing
around
at barely $ 30 a share. The price rebounded slightly on the news that
Intuit
was selling its money-draining payment-processing unit, but that momentum
evaporated quickly. 
 
"The Street was clearly dropping the stock over the last six months,"
says
Genni Combes, a securities analyst for Hambrecht & Quist. "The back-end
processing was a big drain, and Quicken sales slowed." 
 
Cook still speaks regularly at trade shows, but his one-on-one contacts
with
the press are not as frequent as they once were. In a recent telephone
interview with U.S Banker, he said the stock's price gyrations had more
to
do with factors beyond his company's control than with the firm's
performance. A year ago, the stock market was caught up in its Internet
hysteria, and this spring, when Intuit's price started sliding, it was
primarily
because investors were finally evaluating on-line stocks with a healthy
dose of
much-needed logic. 
 
Whatever the actual cause of Intuit's share decline, the company still
has
plenty of fans. Most people posting messages on AOL are still bullish on
its
prospects, as are most of the professional analysts that follow the
company
for the big brokerage firms. 
 
"Their cash flow is tremendous," says David Farina, an analyst with
William
Blair & Co. in Chicago. Indeed, although Intuit confirmed some of the
worst
fears of its detractors by losing $ 20 million on $ 552 million in sales
during 
its
July 1996 fiscal year, the company did generate a cash flow of $ 44
million.
An important source of that cash flow is the nearly 10 million customers
of
Quicken, some of whom are almost fanatical in their enthusiasm for the
product. As recently as four years ago, Quicken was the whole franchise,
and while its market is still growing, it is now only 20% of the
company's
sales. Much of the firm's recent growth has come from its diversification
into
new markets. One is tax software. In acquiring the publisher of TurboTax,
the company has a product that now accounts for 30% of revenue. Another
important segment is small business accounting, where the QuickBooks
program contributes another 20%. These products will become even more
important to Intuit because the firm's strategy is to build upon
Quicken's
customer base by selling its regular users other programs like TurboTax. 
 
But in the wake of the announcement that the company was selling its
processing unit, Intuit Services Corp., or ISC (the sale is expected to
close in
December), the Menlo Park, CA, software publisher finds itself at what
may
be one of the most important junctures in its history. 
 
In the last year, Microsoft Money picked up market share against Quicken.
Cook says Quicken has recovered some of the ground it lost, but rarely
does
anyone best Bill Gates in a head-to-head shootout. 
 
Several of the three dozen banks that distribute Quicken have at best a
lukewarm commitment to promoting the software, and some would rather
pursue on-line banking strategies that circumvent Intuit. 
 
The on-line world, including that segment of the population that banks
with
Quicken, is rushing headlong toward the Internet, where only a few
companies have established brand names. Moreover, the companies that are
succeeding on the Internet tend not to be established technology firms
like

Microsoft or IBM Corp., but small start-ups devoted solely to doing
business on-line. 
 
Operating costs are rising faster than revenue. Expenses are not out of
control, but marketing in the on-line world challenges even the most
skilled
players, and that is forcing more software companies to steadily spend
more
on marketing and software development. Intuit is no exception. 
 
Revenues rose a healthy 32% last year to $ 552 million, but that rise was
outpaced by the nearly 40% jump in expenses for customer service,
marketing and research and development. And according to analysts like
Hambrecht's Combes, R&D will continue taking a big bite out of the
company's budget. 
 
"It takes tremendous tools to design products for the Internet, and you
have
to spend money on employees," says Combes. "Those costs have been
grossly underestimated" throughout the software industry. No Show
Stoppers None of the challenges confronting Intuit is a show-stopper --
and
some opinionated AOL subscribers notwithstanding, the party is definitely
not over but 1996 had more potholes than anyone could have predicted. The
more than $ 30 million spent on repairing ISC's operations was a big
drain on
management. Another problem has been the indifference, if not downright
hostility, displayed by some banks toward promoting Quicken. Cook now
says that in the wake of the ISC sale, that attitude is changing. Yet
there are
still banks that consider the company a threat. 
 
"The jury is still out on whether the consumer puts more value on the
software or the bank," says Tom Kunz, vice president for electronic
banking
at PNC Bank Corp. 
 
It's probably impossible for a final verdict to ever be reached on this
issue,
but because it's still undecided, some banks have ventured into
electronic
banking very gingerly. This unknown was at the heart of many banks'
suspicion of Microsoft's motives when it tried to buy Intuit, and it is
still
lurking as a possible scenario should cable TV firms and regional Bells
enter
the home banking market. Should banks surrender that brand-name
identification with their customers in some on-line markets, the fear is
that 
the
loss will snowball and lead toward depository institutions becoming mere
payment-shuffling middlemen. 
 
The desire to retain customers' loyalty has been behind some bankinspired
on-line ventures, such as the Internet bank, Security First Network Bank;
the
five-bank partnership that purchased Meca Software Inc. from H&R Block
Inc. and the announcement in September by 16 banks that they would
process home banking payments in a joint venture with IBM Corp. 
 
With Quicken, banks can promote their logos and brand names, but only
after a customer has intentionally purchased the package from a local
software store or bought a new computer with a copy of Quicken
pre-installed. Soon after a customer starts using the program, she can
establish an on-line connection between the bank and her home computer,
provided her bank has a marketing agreement with Intuit. In the last 18
months, some three dozen banks and thrifts have done so. Another 12,000
or so haven't. 
 
The objection bankers like PNC's Kunz have had is that even after the
on-line connection between the bank and the consumer is in place, the
consumer's electronic sessions still begin with them looking at a Quicken
logo. That has always raised the unwelcome prospect that customers would
show more brand-name loyalty to the software than to the bank, and so
even
some of the banks that have marketing contracts with Intuit are only
promoting Quicken half-heartedly. PNC, for example, makes the software
available only to customers who specifically ask for it, and Mike King,

director of alternative banking for Michigan National Bank in Farmington
Hills, MI, says his institution, despite its signing of a processing
agreement 
last
year, "didn't aggressively promote either" Quicken or Money. 
 
"You go into some banks and you have to practically put a gun to their
head"
to get a copy of Quicken, says Meca's president Paul Harrison. The reason
for that reluctance is that the banks that market Quicken are "clearly
cutting
themselves off from any cross-sell opportunity. You open the Intuit box,
and
you have to fill out the form, and the other side of that is an
application for 
an
Intuit credit card," issued by the Travelers Group's bank unit. 
 
Harrison is a direct competitor to Intuit, so it doesn't hurt him one bit
to 
point
out any disagreements between Intuit and the banks. But his point is also
borne out at the Internet site for the Quicken Financial Network, where
all of
the banks and brokerage firms that process payments through ISC are
listed,
although the listings are presented in a manner that doesn't distinguish
any one
bank from the others. Here too, along with lines for Chase Manhattan,
Citibank and Wells Fargo, there's a line for the Quicken Credit Card from
Travelers Bank and a second line for Travelers Bank. 
 
This credit card isn't all that significant, believes Jim Grant, a senior
vice
president for First Chicago NBD Corp. There are so many card offers from
so many issuers, and Intuit's is just one more. A technology company
could
hijack customers' loyalty, Grant allows, "but I just haven't seen any of
it."
He's felt for some time that the fears about Intuit's motives border on
paranoia. 
 
In the last two years, this issue of branding and positioning seemed to
have
become as much of a sore point for Cook as it has for the bankers who
accused him of hogging the market. Whenever he demonstrated Quicken at a
press briefing or a trade show, he was quick to point out the bank's logo
on
the computer screen. 
 
Cook readily acknowledges that Intuit is still trying to hang on to some
brand
name recognition, but he said that it's something of a false issue to
argue that
the Quicken logo should permanently evaporate once a customer has
selected a given on-line banking option. After all, brand names are
routinely
shared in more familiar markets.
 
"When customers walk into McDonald's, they know they're ordering
Coca-Cola," Cook says. What's so bad about applying the same logic to
on-line marketing? 
 
Cook also pointed out that if banks are hesitant to have direct marketing
relationships with Quicken because there are three dozen other banks
whose
names appear on the software program's menu, then those reluctant banks
are really going to be in for a rude awakening when Internet banking
soars off
the charts. Some 500 banks had Web pages by this fall, and if the market
forecasts are accurate, that number could increase five- or ten-fold in
the
next few years. He feels it's unfair to singled out Quicken for
committing
on-line disintermediation. 
 
Some bankers may never be reconciled to Cook's presence in their
business.
As long as somebody else is selling software to their customers, that
person,
whether it's Gates, Cook or someone else, they are going to be looked
upon
as interlopers who are trying to hog "ownership" of the customer
relationship.
A Matter of Ownership When NationsBank chief executive Hugh McColl
addressed a retail banking conference last December, he said, "I get
calls
every week from representatives of technology companies. They all swear
they don't intend to become banks. But they won't have to. With control
of
the medium, they ultimately gain the chance to own our customer
relationships." 
 

But Cook responds, "Owning the customer? I don't know what that means.
We found out with our ISC strategy, that when you don't allow the
customer
-- in this case our bank customer -- to have a choice, they're unhappy.
What
you want is to have the customer seek you out and want to do business
with
you." 
 
Although Cook seems a little bit wiser now, his prior insistence on banks
processing home banking payments through ISC if they wanted to distribute
Quicken only made it more difficult for him to overcome banks' suspicions
about the company's motives. 
 
"We know we need to play in Intuit's world," says PNC's Kurz. But
"there's
a difference between saying 'Connect to me, and I'll provide you this
service',
and saying, 'If you want to connect to me, you have to go through my
processor.'"
 
Throughout Intuit's history, someone who bought a copy of Quicken could
keep their checking account at any bank, and that's still true. In most
cases,
Quicken's customers print out specially formatted paper checks, which can
be ordered through a depositor's bank or directly from the firms that
provide
printed check stock. In 1990, Intuit formed a relationship with Checkfree
Corp. to sidestep the printing of paper checks and make payments
electronically. But less than 10% of its customers chose this option.
Then in
April 1994, Intuit entered the processing business itself when it
purchased
National Payments Clearinghouse for $ 7.6 million. Intuit wanted to use
NPC
for the background wiring for all of its on-line banking and investing
services,
and it was last year that NPC was rechristened Intuit Services Corp. 
 
But the plans never panned out. Intuit couldn't build the necessary
computer
systems quickly enough -- or well enough -- and more than $ 30 million in
R&D costs went down the drain before Cook and his management team
finally concluded they were wasting their time. Things hit bottom earlier
this
year, when some late and improperly filed payments caused a flurry of
stories
in the consumer press. Intuit finally announced the sale of the operation
to
Checkfree in September, for $ 227 million in stock. 
 
The biggest reason the ISC unit was sold, Cook freely acknowledges, was
bankers' unhappiness about having to go through ISC. Most banks prefer to
select a processor independent of their retail software. 
 
Converting home banking payments from paper to electronic form has been a
tough nut to crack for every entrant in the market, not just Intuit. But
Checkfree has had far more luck at it than anyone else. The company now
processes bills for 800,000 consumers, and it will pick up another
300,000
with ISC. About 40% of Checkfree's payments are completed electronically,
but chairman Peter Kight says the conversion process is time-consuming.
More than 40 employees from the Atlanta company are devoted to
marketing electronic payments to merchants and helping them adapt their
computer systems.
 
Still, as recently as a year ago, things looked bright for Intuit's ISC 
strategy.
Individual Quicken customers could still opt to have their payments
processed through Checkfree, but without a link between their bank and
ISC, these consumers didn't have electronic access to their bank
statements
and couldn't use Quicken to transfer balances among accounts. Since banks
had to join forces with ISC if they wanted to offer a complete service
through
Quicken, it appeared that Intuit could bend them to its will. But it
wasn't
meant to be.
 
With the sale of ISC, Intuit seems to have made a brilliant tactical
retreat. It
has hardly given up promoting its own brands, but it has finally
satisfied banks
that they're not going to be forced into doing business with a firm
that's 
intent
on stealing their customer lists. 

 
"The whole fear of Bill Gates or Scott Cook becoming a bank just went
away," says Frank Han, vice president for strategic planning for the $
28-billion-asset Union Bank of California. 
 
The sale coincided with the launch of a strategy called Open Exchange,
which is blueprint for connecting Quicken's users and banks to the
Internet.
In a way, it's a response to a similar strategy Microsoft announced last
March, called Open Financial Connectivity, and IBM's Integrion home
banking venture. 
 
At the very least, the sale of ISC and the proposal of Open Exchange
indicate a new pragmatism on Cook's part. Not long ago, some banks were
so eager for a link to Quicken that they would accept almost any product
distribution terms. But now does not seem to be a time when a hardball
strategy can work in home banking. Software companies like Intuit need
the
banks, the banks need the processing companies like Checkfree, and
everyone depends on everybody else's cooperation. Moreover, should any
of the players move in on one of the other's turf, they may wind up
losing
more than they gain. Intuit's experience with ISC is proof of that. "This
is a
very complex market," says Checkfree's Kight. "Everybody needs to focus."

 
For software companies like Intuit, that focus is now on gathering up as
many
customers as possible, even if it means giving the software away.
Publishers
like Intuit have discovered they can sell much more software by
distributing
packages directly to PC manufacturers, who then ship the software
programs
with every computer they sell. Unfortunately for the publishers, the
wholesale
revenue from this strategy is barely a fraction of that on copies sold
through
traditional retail outlets. But once these consumers have a copy of
Quicken,
Intuit believes it can sell them its other software. 
 
It's all part of a trend in high-tech markets that Citicorp's chief
technology
officer Colin Crook has called "non-linearity:" forsake the up-front
revenue
on your products now with the anticipation that customers will like what
they
see and pay extra for more valuable products down the road. Crook says
banks are going to have to understand this approach and employ it
themselves if they are to succeed in the on-line world. 
 
Intuit is staking its future on just this sort of non-linear approach. If
Cook
succeeds, he may yet find his detractors on the Motley Fool message
boards
eating their words.
 
 
 





From paul at fatmans.demon.co.uk  Wed Nov 20 07:00:42 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Wed, 20 Nov 1996 07:00:42 -0800 (PST)
Subject: Aga the homophobic redneck son of a bitch
Message-ID: <848501939.1021040.0@fatmans.demon.co.uk>



> Hey motherfucker, I TOLD YOU to leave out the stupid
> cypherpunks header!  Just when are you going to learn
> to listen?!!  You have been around those faggots too much!

Listen you cheap ass redneck son of a bitch, your homophobic biggoted 
attitudes do not impress anyone here.

> Faggots have NOTHING to do with Fredom of Speech!

Homosexual people have everything to do with liberty and basic 
freedom, learn how to read and maybe you`d be able to learn something 
about the subject. 

> There is a basic understanding in life by ALL GOOD MEN
> that Faggots are defective creatures.  NOBODY wants to
> be seen with or associated with faggots!

I`m afraid not actually fool. I am not a homosexual myself but 
whatever other peoples sexual orientation it has nothing to do with 
their worth or value in other areas.
 
> John Gilmore is a Faggot, therefore he is defective.
> And we question any of his associates.
> open and shut case.

I think not, I do not think I count myself among John`s "associates" 
and we no doubt disagree on a number of issues but you may ask 
whatever questions about me you choose to. You are the one who needs 
questioning, preferably by a good psychiatrist and failing that a 
night club bouncer with a baseball bat...

Decist and leave, you are hereby killfiled.


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From paul at fatmans.demon.co.uk  Wed Nov 20 07:09:04 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Wed, 20 Nov 1996 07:09:04 -0800 (PST)
Subject: Fuck You Dumb Cunt
Message-ID: <848501960.1021126.0@fatmans.demon.co.uk>


 
>   That's a fair question.  I don't begrude one's ownership of their
> fair share--but I do have serious problems with what we shall
> call 'accumulators' if you will.  For them I have contempt and no--
> they do not have that right of possession and often such 'work' is
> at the expense and on the backs of others.

Oh my god, a COMMUNIST!!!! - Call the morality police someone, 
quick. ;-)



  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From paul at fatmans.demon.co.uk  Wed Nov 20 07:14:04 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Wed, 20 Nov 1996 07:14:04 -0800 (PST)
Subject: Fuck You Dumb Cunt
Message-ID: <848501965.1021146.0@fatmans.demon.co.uk>



 
>   I believe the posession of property is a priv. to be taken 
> away if abused.  There is no such thing as a 'right' to 
> property--in fact the very notion seems absurd.

In what sense do you believe I am given a "privelige" to own what I 
do.

Your very attitude implies some form of statism, in that you believe 
some higher authority has the right to remove that which I lawfully 
accumulated, this is the position taken by those who support the idea 
of taxation etc.

Explain further, if you will, what you mean by this being a 
privelige. In what cases do you believe I do not have the right to 
retain my property?



 
 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From declan at eff.org  Wed Nov 20 07:30:06 1996
From: declan at eff.org (Declan McCullagh)
Date: Wed, 20 Nov 1996 07:30:06 -0800 (PST)
Subject: Cyber Power in Forbes
In-Reply-To: <3.0b36.32.19961119142606.0076577c@panix.com>
Message-ID: <Pine.SUN.3.91.961120072630.2518E-100000@eff.org>


Interesting. I'll pick it up.

Huber likes to say that Orwell was wrong in saying technology is a threat
to civil liberties.Personally, I think the jury's still out and I suspect
he does too. But Huber also believes that saying something loudly,
repeatedly makes it true. 

-Declan


On Tue, 19 Nov 1996, Duncan Frissell wrote:

> Dayglo Yellow on dayglo pink cover of the December 2, 1996 Forbes.
> 
> Wired Envy.
> 
>        CYBER POWER
> gives financial markets a veto
> over the President and Congress
>      by Peter Huber
> 
> 
> DCF
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From nobody at cypherpunks.ca  Wed Nov 20 07:42:30 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 20 Nov 1996 07:42:30 -0800 (PST)
Subject: Rogue Governments Issuing Policy Tokens
In-Reply-To: <v03007800aeb7b8522b6a@[207.167.93.63]>
Message-ID: <199611201533.HAA14944@abraham.cs.berkeley.edu>


"Timothy C. May" <tcmay at got.net> writes:

> I mention Libya as an extreme example (the same example cited in the
> Fiat-Shamir "is-a-person" example of rogue governments issuing passports).
> The examples above are likely targets for policy card exports, though. The
> issue is clear: the list of "fully-compliant" nations is short indeed, and
> few nations are going to accept imports of U.S. technology in which the
> U.S. government sets the policy on how and where the imports may be used.

Most "dual-use" items are export-restricted to Lybia.  That means US
businesses will have trouble selling any computers or even things like
trucks to Lybia.  For crypto tokens not to be available there does not
seem to be a huge deal, in comparison with everything else.





From snow at smoke.suba.com  Wed Nov 20 07:56:26 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 20 Nov 1996 07:56:26 -0800 (PST)
Subject: 1996 Codebreakers
In-Reply-To: <k50NXD29w165w@bwalk.dm.com>
Message-ID: <199611201612.KAA04390@smoke.suba.com>


> Adam Shostack <adam at homeport.org> writes:
> > 	I just got a review copy of the new (1996) ed. of Kahn's The
> > Codebreakers from my local used bookstore.  Its a little disapointing,
> ...
> > & DH.  Nothing on Cypherpunks, little on how privacy can be enhanced.
> Some folks have a very unrealistic opinion of their own importance.

      Yeah, we noticed. 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From jf_avon at citenet.net  Wed Nov 20 08:03:21 1996
From: jf_avon at citenet.net (Jean-Francois Avon)
Date: Wed, 20 Nov 1996 08:03:21 -0800 (PST)
Subject: Cracks Are Found In Smartcard Security (fwd)
Message-ID: <9611201602.AB22689@cti02.citenet.net>


On 19 Nov 96 at 15:36, Z.B. wrote:

> ---------- Forwarded message ----------
> Date: Tue, 19 Nov 1996 21:17:49 +0000
> From: Simon Gardner <simon at access.org.uk>
[snip]
> Subject: Cracks Are Found In Smartcard Security
> 
> Cracks Are Found In Smartcard Security
[snip] 
> Anderson said his latest research indicated that two of the world's most
> widely used systems for encoding sensitive financial information - the
> RSA and DES encryption standards used by most banks - could also be
^^^^^^^
> cracked easily."
^^^^^^^^^^^^^^^^^
> [The London Telegraph, 19th November 1996]

In what context?  (How does that applies to PGP? Did he say that for short 
keys used to encrypt data directly?)

Sorry for my cluelessness.

jfa
Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 





From adam at homeport.org  Wed Nov 20 08:18:16 1996
From: adam at homeport.org (Adam Shostack)
Date: Wed, 20 Nov 1996 08:18:16 -0800 (PST)
Subject: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <ygelobxjbm7.fsf@cave.gctech.co.jp>
Message-ID: <199611201613.LAA26977@homeport.org>


"It is not enough to buy Intel, you must also learn to love Intel."

Besides, the Supremes have ruled that satire allows some degree of
copyright infringement.

Adam


David Wuertele wrote:
| "Timothy C. May" <tcmay at got.net> writes:
| > Time to dust off those "Big Brother Inside" stickers someone had printed up
| > a couple of years ago.
| 
| I know that Intel has succeeded in forcing the "Linux Inside" logo
| and stickers off the net on threats of trademark infringement suits.
| I have a feeling "Big Brother Inside" would make them even more upset.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From Morence81 at aol.com  Wed Nov 20 08:38:56 1996
From: Morence81 at aol.com (Morence81 at aol.com)
Date: Wed, 20 Nov 1996 08:38:56 -0800 (PST)
Subject: Happy Holidays!!!
Message-ID: <961120111929_2048125050@emout19.mail.aol.com>



---------------------
Forwarded message:
Subj:    For the Holidays...
Date:    96-11-20 09:26:40 EST
From:    Morence 81
To:      Morence 81

         Need a special gift to give your family, loved ones, or your friends
from the internet for the Holidays?  You can now send them a personalized
mouse pad printed by Morence Productions.  Simply by mailing a picture of any
size to us, we can scan it, using high quality full color scans, and print
them perfectly onto the mouse pad.  There are absolutely no restrictions on
the photos you can send.  We guarantee that we can scan it and print it onto
the mouse pad for you.  Send in a picture of your girlfriend, boyfriend,
favorite actor, singer, scenery, movie title, computer game, family
portraits..... the possibilities are endless.   Want to add words to your
picture on the mouse pad? No problem!!  Professional computer artists will
renderize fascinating 3D words onto the picture to give it a great effect.
Please take advantage of our great Holiday prices:

1 personalized mouse pad for just $15.00.   Each mouse pad you order after
that is only $10.00!!! No limit on the number of mouse pads you order.  If
you are dissatisfied with the mouse pad(s) after you receive them, simply
send
them back for a complete refund, no questions asked.

Here is all you have to do to get your personalized mouse pads:   Send in
your pictures that you want to be scanned to us (if there are small multiple
pictures that you want to all be printed onto just 1 mouse pad, please
explain in your order.) However you explain in your order how you want it
printed, it will be done.  Remember that the pictures can be any size, they
will automatically be resized to print perfectly on the mouse pad.   There is
no extra cost to get words printed on your mouse pad.  They will be placed
over the picture.  Just let us know in the order what you would like it to
say if anything.

There is a shipping and handling fee of $1.00 for each mouse pad.  The
pictures are returned with your purchase.

Please make checks or money orders to:  John Morence.

John Morence
c/o Morence Productions
2141 Glendale Galleria  #191
Glendale, CA  91210

If you have any questions, please email   <mousepad1 at themall.net>
Or feel free to write to our address.





From jfricker at vertexgroup.com  Wed Nov 20 08:47:13 1996
From: jfricker at vertexgroup.com (John Fricker)
Date: Wed, 20 Nov 1996 08:47:13 -0800 (PST)
Subject: [NOISE] U.S. CIA employee caught spying
Message-ID: <19961120164628965.AAA192@dev.vertexgroup.com>


According to this mornings AP story, the FBI recovered deleted files from his notebook computer. Apparently, working for the CIA does not imply knowledge of basic computer security.

>Jean-Francois Avon (jf_avon at citenet.net) said something about Re: [NOISE] U.S. CIA employee caught spying on or about 11/19/96 10:45 PM

>
>>  Tim Scanlon <tfs at adsl-122.cais.com> writes:
>> > This is on the local DC news;
>> > Harold Nicholson age 46, a CIA employee was arrested for spying today
>
>Did he used any crypto-tools we use?  Did he used PGP?  Would be fun to hear 
>about... :)
>
>jfa
>Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
> DePompadour, Societe d'Importation Ltee
>    Finest Limoges porcelain and crystal
> JFA Technologies, R&D consultants
>    physicists and engineers, LabView programing
>PGP keys at: http://w3.citenet.net/users/jf_avon
>ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
>ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 
>End of message

--j
-----------------------------------
| John Fricker (jfricker at vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------






From tcmay at got.net  Wed Nov 20 09:42:10 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 20 Nov 1996 09:42:10 -0800 (PST)
Subject: Innocent until proven guilty
In-Reply-To: <199611200231.AAA16348@prometheus.hol.gr>
Message-ID: <v03007800aeb8f3907bb2@[207.167.93.63]>


At 1:36 AM -0600 11/20/96, snow wrote:
>> At 01:02 =EC=EC 19/11/1996 -0500, Clay Olbon II wrote:
>> >with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
>> >guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',
>
>    Huh? People are most certainly guilty before "proven" so, the government
>just isn't allowed to _assume_ their guilt, or to _act_ like they are guilty.
>
>     If you purchase LSD in America, you are guilty of a felony--Drug
>trafficing. Wether the court _finds_ you guilty or not is another story.

In this case, the putative crime is "drug trafficking" or "possession,"
depending. One is still presumed innocent until proven guilty. To wit, the
state must prove its case.

I rather suspect that any prosecutors or defense lawyers on this list will
confirm that an LSD case is hardly a case of "guilty until proven innocent."


--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From mjmiski at execpc.com  Wed Nov 20 10:02:13 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Wed, 20 Nov 1996 10:02:13 -0800 (PST)
Subject: Cypherpunks State of Emergency
Message-ID: <199611201801.MAA19090@mail.execpc.com>


(snip)
> I think it's apparent that the events of Friday, with the other shoe to
> drop on Monday (the H-P/Intel/Microsoft/etc. Final Capitulation), signal to
> us that we are in a State of Emergency.
> 
> The Presidents of this country are in the habit of declaring such States of
> Emergency, often essentially secretly (in that the sheeple know little of
> such things, and those who speak of NSDDs and PDDs and EOs are demonized by
> the media as "conspiracy nuts" and "militia members").
> 
> Maybe it's time for us to stop flaming about Vulis and his allies, and
> concentrate on the Real War.
(snip)

I have to agree.  One of the most impressive things I have seen as a 
modern "movement" (yes I realize cpunks are not an organized 
movement, relax) was the massive public relations job done by several 
core cpunks around the 1993 Clipper proposal.  People with largely 
divergent opinions found public ground in their opposition to 
Clipper.  Lets do that again.

One thing that will help is spreading the use of filtering.  Those 
interested in learning how to filter should be able to ask any of us 
and we should all respond ASAP.  The Noise is horrible in here, but I 
only hear it in my trash folder.

[BTW, Tim, thanks for being willing to withstand the crap you go 
through.  You, and others on this list, have consistantly challenged 
and changed my assumptions about society, law and privacy.  I dont 
always agree with you.  But I am glad you are here.]

Matt Miszewski

> "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
> that the National Security Agency would try to twist their technology."
> [NYT, 1996-10-02]
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."
 





From froomkin at law.miami.edu  Wed Nov 20 10:22:46 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Wed, 20 Nov 1996 10:22:46 -0800 (PST)
Subject: Stewart Baker on new crypto rules
Message-ID: <Pine.SUN.3.95.961120132436.4571I-100000@viper.law.miami.edu>


http://www.steptoe.com/oped.htm

argues that industry won't accept any system that threatens to cut off
backwards compatibility after 2 years, hence DES export liberalization
will have to extend beyond the proposed period.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From rah at shipwright.com  Wed Nov 20 10:30:57 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 20 Nov 1996 10:30:57 -0800 (PST)
Subject: COMPUTER THEFT, LOW-TECH STYLE
Message-ID: <v0300781baeb8fbd27f65@[206.119.69.46]>



--- begin forwarded text


X-Sender: oldbear at tiac.net
Date: Wed, 20 Nov 1996 11:12:35 -0500
To: rah at shipwright.com
From: Somebody
Subject: forwarded without comment
Mime-Version: 1.0

COMPUTER THEFT, LOW-TECH STYLE

A thief broke into a Visa International data processing center
in California a couple of weeks ago and stole a personal computer
containing information on about 314,000 credit card accounts,
including Visa, MasterCard, American Express, Discover and Diners
Club, says a Visa spokesman.

Some issuers, including Citibank, began calling customers last
week and have issued new cards.  Others are keeping quiet about
the event and monitoring accounts for unusual activity.

Authorities speculate that the perpetrator was stolen for the
resale value of the hardware, rather than the information it
contained.

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From tcmay at got.net  Wed Nov 20 10:33:55 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 20 Nov 1996 10:33:55 -0800 (PST)
Subject: Cypherpunks State of Emergency
In-Reply-To: <199611201801.MAA19090@mail.execpc.com>
Message-ID: <v03007802aeb8fd80d18f@[207.167.93.63]>


At 11:58 AM +0000 11/20/96, Matthew J. Miszewski wrote:

>I have to agree.  One of the most impressive things I have seen as a
>modern "movement" (yes I realize cpunks are not an organized
>movement, relax) was the massive public relations job done by several
>core cpunks around the 1993 Clipper proposal.  People with largely
>divergent opinions found public ground in their opposition to
>Clipper.  Lets do that again.

Thanks, but I think the opposition to Clipper was very widespread, and
didn't nucleate around our group. (It is true that the "Wired" cover story
hit at the right time, and that 1993 was when a lot of journalists
"discovered" crypto, but it is also likely that this discovery would have
happened anyway, for lots of reasons.)

>[BTW, Tim, thanks for being willing to withstand the crap you go
>through.  You, and others on this list, have consistantly challenged
>and changed my assumptions about society, law and privacy.  I dont
>always agree with you.  But I am glad you are here.]

The messages denouncing me--or Gillmore, or Hughes, or whomever--are easy
to delete and/or filter. It is really the _list_ that is being affected,
not so much _me_. And I long ago gave up on any conceit that I could
control what others did to disrupt the list or did to cheapen the debate.
All I can influence is what I write in my essays, and I have tried to start
new threads on topics of interest to me.

Some call it being phlegmatic (look it up---unlike the word, "gullible,"
this one is actually in the dictionary). Nietzsche called it "amor
fati"--love of one's fate. Muslims and Buddhists put it in slightly
different ways. Whatever, the key is to transcend monkey troop anguish and
resentment over bad things said by others.

For the list's sake, I dislike the childlike rants of Vulis, Aga (Grubor),
Stathis, and others, just as I dislike the list-undermining megabytes of
rants a few years ago by Larry Dettweiler and his various pseudonyms. But I
can't stop them. So, I just filter them as best I can and get on with life.
If some newbies are "taken in" by their rantings, that's life. It ain't
always fair, and I can't worry too much that some newbie or some twit is
convinced by such rants. Nor can I worry that some people think I must be
guilty because I don't rant back at Vulis, Aga, Stathis, etc. (well, I try
not to rant back...sometimes I make some comments, as I'm doing here).

Not speaking for John Gillmore, but if someone is taken in by Aga's rants
about Gillmore being a "BAD FAGGOT, worthy of death," then I think of it as
evolution in action. Plonk.

--Tim May

"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From wombat at mcfeely.bsfs.org  Wed Nov 20 11:20:00 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Wed, 20 Nov 1996 11:20:00 -0800 (PST)
Subject: Does John Gilmore ?
In-Reply-To: <Pine.LNX.3.95.961120062407.20078J-100000@dhp.com>
Message-ID: <Pine.BSF.3.91.961120130826.27866B-100000@mcfeely.bsfs.org>



Grubby! Back under your rock!

On Wed, 20 Nov 1996, aga wrote:

> Somebody censored the header in this article,
> and we put it back.  You know, that is the worst
> kind of censorship, when somebody attempts to avoid the issue.





From mab at research.att.com  Wed Nov 20 11:36:32 1996
From: mab at research.att.com (Matt Blaze)
Date: Wed, 20 Nov 1996 11:36:32 -0800 (PST)
Subject: FYI - Anderson & Kuhn's new "Improved DFA" paper
Message-ID: <199611201934.OAA11249@nsa.research.att.com>


My appologies if this has been posted already.


------- Forwarded Message
From: Ross Anderson <Ross.Anderson at cl.cam.ac.uk>
To: ccc-list at newton.cam.ac.uk
Message-ID: <E0vOSwQ-0000uc-00 at heaton.cl.cam.ac.uk>
Subject: Research Announcement
Sender: owner-ccc-list at newton.cam.ac.uk
Precedence: bulk

                   Improved Differential Fault Analysis

                      Ross J Anderson, Markus G Kuhn

In [1], Biham and Shamir announce an attack on DES based on 200 ciphertexts in
which one-bit errors have been induced by environmental stress. Here we show an
attack that requires less than ten ciphertexts. Furthermore, our attack is
practical in that it uses a fault model that has been implemented in attacks on
real smartcards.

In [2], Biham and Shamir show how their method can be extended to reverse
engineer algorithms whose structure is unknown. Our attack can also be extended
to such cases and is more efficient there too. In [3], Boneh, De Millo and
Lipton discuss how such techniques can be used to attack RSA. Again, their
attack is theoretical only, We show how to do it in practice.


Introduction

A recent research announcement by Biham and Shamir shows that if DES is
implemented in a tamper-resistant package, and this package has the property
that by applying ionising radiation (or some other environmental stress) we can
cause random one-bit errors in the round keys, then we can break DES. If we can
get a series of ciphertexts, each generated from the same plaintext but with a
different one-bit random round key error, then we will need about 200 faulty
ciphertexts to recover the key. In a further announcement [2], they show how on
a similar fault model, the structure of unknown Feistel ciphers can be deduced
from an adequate number of faulty ciphertexts. In each case, the critical
observation is that errors that occur in the last few round of the cipher leak
information about the key, or algorithm structure, respectively.

This work is inspired by a paper of Boneh, DeMillo and Lipton [3] who assume 
(as Biham and Shamir do) that one-bit errors can be caused by radiation or
other environmental stresses. That paper goes on to show that with this fault 
model, RSA can be attacked.

These results have been widely publicised in the press. A frequently voiced
criticism is that the attacks are purely theoretical: no-one has demonstrated
that single bit errors can actually be induced in a DES key schedule or an RSA
computation in any fielded device. In fact, most smartcards hold keys in EEPROM
which also contains much or all of the device's application software. Thus
errors induced by ionising radiation would be much more likely to corrupt
software, thus leading either to a system crash or to uninformative wrong
answers.

We show here that much faster, and completely practical, attacks are possible.
The trick is to induce small changes in the code rather than trying to cause
them in keys or other data.


The Improved Attack Methodology

In a note posted to relevant Internet newsgroups on the 7th November, one of us
pointed out that using clock and power glitches gives a practical way of
implementing the Lenstra variant of the Boneh attack. In this announcement, we
will expand on the threat model, and also show how attacks using clock and
power glitches can give attacks on DES that require many fewer ciphertexts -
less than ten rather than the 200 or so previously required.

In a paper on tamper resistance due to be published next week, we describe a
number of techniques for attacking smartcards and other security processors
[5]. This paper was written some time ago (the first results were presented at
the Isaac Newton Institute, Cambridge, in June) but has been withheld by
agreement with the manufacturer of one of the security processors we have
attacked, so that banking industry clients had some time to take suitable
precautions. Some of the attacks we describe in this paper are new, while
others are already known in various small communities (such as hackers and chip
testers) and are included for the benefit of the wider crypto and security
communities.

One of the latter type is that smartcards and other security processors can
often be attacked using clock and power glitches. The application of a clock
pulse that is much faster than normal, or of a transient in the power supply,
can often cause faulty behaviour in a microprocessor, under which the program
counter is incremented but the current instruction is executed either
incorrectly or not at all. A standard version of this attack is to replace a
single 5MHz clock pulse to a smartcard with four 20MHz pulses.

We do not claim to have invented this attack; it appears to have originated in
the pay-TV hacking community, which has known about it for at least a year. In
that context, it has not been used for attacks on cryptographic algorithms, but
in order to cause output loops to run for longer than the card's programmer
intended, thus dumping key material to the output port.

The glitch attack is described more fully in our tampering article, which will
appear at next week's Usenix Electronic Commerce Workshop [5].

In this note, we point out that attacks based on faulty instructions are not
only proven practical, unlike the as yet undemonstrated fault model of random
single bit errors induced by radiation. They also provide a much more powerful
attack on many cryptographic algorithms. This holds both when we are seeking to
recover a key for a known algorithm such as DES, and when we are trying to
reverse engineer an unknown algorithm that has been provided in a smartcard or 
other tamper resistant processor.


Attacking RSA

A simplified version of the Boneh-DeMillo-Lipton attack, due to Lenstra, is
quoted in [3]: if a smart card computes an RSA signature S on a message M
modulo n = pq by computing it modulo p and q separately and then combining them
using the Chinese Remainder Theorem, and if an error an be induced in (say) the
latter computation, then we can factor n at once as p = gcd(n,S^e-M) where e is
the public exponent.

This is absolutely ideal for a glitch attack. As the card spends most of its
time calculating the signature mod p and mod q, and almost any glitch that
affects the output will do, we do not have to be at all selective about where
in the instruction sequence the glitch is applied. Since only a single
signature is needed, the attack can be performed online: a Mafia eftpos
terminal applies the glitch, factors the modulus, calculates what the correct
signature should be, and sends this on to the bank. 

Thus the Mafia can harvest RSA secret keys without the customer or his bank
noticing anything untoward about the transaction he did at their shop. Given
that implementers of the new EMV electronic purse system propose to have only
10,000 different RSA secret keys per issuing bank, the Mafia will soon be able
to forge cards for a substantial proportion of the user population.


Attacking DES

When we can cause an instruction of our choice to fail, then attacking DES is
simple. We remove one of the xor operations that are used to combine the round
keys with the inputs to the S-boxes from the last two rounds of the cipher, and
repeat this for each of these key bytes in turn. The erroneous ciphertext
outputs that we receive as a result of this attack will each differ from the
genuine ciphertext in the output of usually two, and sometimes three, S-boxes.
Using the techniques of differential cryptanalysis, we obtain about five bits
of information about the eight keybits that were not xor'ed as a result of the
induced fault. So, for example, eight faulty ciphertexts should give us about
40 bits of the key, leaving a trivial keysearch.

Thus DES can be attacked with about one correct and eight faulty ciphertexts.
But how realistic is it to assume that we will be able to target particular
instructions?

In most smartcards, the manufacturer supplies a number of routines in ROM.
Though sometimes presented as an `operating system', the ROM code is more of a
library or toolkit that enables application developers to manage communications
and other facilities. Its routines usually include the DES algorithm (or a
proprietary algorithm such as Telepass), and by buying the manufacturer's
smartcard development toolkit (for typically a few thousand dollars) an
attacker can get full documentation plus real specimens for testing. In this
case, individual DES instructions can be targeted.

When confronted with an unfamiliar implementation, we may have to experiment
somewhat (we have to do this anyway with each card in order to find the correct
glitch parameters [5]). However the search space is relatively small, and on
looking at a few DES implementations it becomes clear that we can usually
recognise the effects of removing a single instruction from either of the last
two rounds. (In fact, many of these instructions yield almost as much
information when removed from the implementation as the key xor instructions
do.) We will discuss this at greater length in a later paper.


The ROM Overwrite Attack

Where the implementation is familiar, there is yet another way to extract keys
from the card - the ROM overwrite attack.

Single bits in a ROM can be overwritten using a laser cutter, and where the DES
implementation is well known, we can find one bit (or a small number of bits)
with the property that changing it will enable the key to be extracted easily.
The details will depend on the implementation but we might well be able, for
example, to make a jump instruction unconditional and thus reduce the number of
rounds in the cipher to one or two. Where the algorithm is kept in EEPROM, we
can use two microprobing needles to set or reset the target bit [6].

Where we have incomplete information on the implementation, ROM overwriting
attacks can be used in other ways. For example, if the DES S-boxes in ROM, we
can identify them using an optical microscope and use our laser cutter to make
all their bits equal. This turns DES into a linear transfromation over GF(2),
and we can extract the key from a single plaintext/ciphertext pair.

Although ROM overwrite (unlike the other attacks suggested in this paper)
involves access to the chip surface, it can be carried out using tools that are
relatively cheap and widely available. So it may be used by attackers who do
not have access to the expensive semiconductor test equipment that professional
pirates use to extract keys directly from smartcards [5].

Returning to the non-invasive attack model, we can always apply clock and power
glitches until simple statistical tests suddenly show a high dependency between
the input and output of the encryption function, indicating that we have
succeeded in reducing the number of rounds. This may be practical even where
the implementation details are unknown.


Reverse Engineering an Unknown Block Cipher

In [2], Biham and Shamir discuss how to identify the structure of an unknown
block cipher in a tamper resistant package (e.g., Skipjack) using one-bit
random errors. As before, they identify faults that affected only the last
round or rounds; this can be done by looking for ciphertexts at a low Hamming
distance from each other. They then identify which output bits correspond to
the left and right halves, and next look at which bits in the left half are
affected by one bit changes in the last-but-one right half. In the case of a
cipher such as DES with S boxes, the structure will quickly become clear and
with enough ciphertexts the values of the S-boxes can be reconstructed. They
report that with 500 ciphertexts the gross structure can be recovered, and with
about 10,000 the S-box entries themselves can be found.

Our technique of causing faults in instructions rather than in data bits is
more effective here too. We can attack the last instruction, then the second
last instruction, and so on.

We will give detailed estimates for DES in the final paper. Let us now consider
an actual classified algorithm. `Red Pike' was designed by GCHQ for encrypting
UK government traffic classified up to `Restricted', and the Department of
Health wishes to use it to encrypt medical records. The British Medical
Association, advised by one of us (Anderson) instead recommended that an
algorithm be chosen that had been in the open literature for at least two years
and had withstood attempts to find shortcuts (triple-DES, Blowfish, SAFER
K-128, WAKE,...).

In order to try and persuade the BMA that Red Pike was sound, the government
commissioned a study of it by four academics [7]. This study states that Red
Pike `uses the same basic operations as RC5' (p 4) in that the principal
operations are add, exclusive or, and left shift. It `has no look-up tables,
virtually no key schedule and requires only five lines of code' (p 4). Other
hints include that `the influence of each key bit quickly cascades' (p 10) and
`each encryption involves of the order of 100 operations' (p 19).

We can thus estimate the effort of reverse engineering Red Pike from a tamper 
resistant hardware implementation by considering the effort needed to mount a 
similar attack on RC5.

Removing the last operation - the addition of key material - yields an output
in which the right hand side is different (it is (B xor A) shl A). This
suggests, correctly, that the cipher is a balanced Feistel network without a
final permutation. Removing the next operation - the shift - makes clear that
it was a 32 bit circular shift but without revealing how it was parametrised.
Removing the next operation - the xor - is transparent, and the next - the
addition of key material in the previous round - yields an output with the
values A and B in the above expression. It thus makes the full structure of
the data-dependent rotation clear. The attacker can now guess that the
algorithm is defined by

          A = ((A xor B) shl B) op key
          B = ((B xor A) shl A) op key

Reverse engineering RC5's rather complex key schedule (and deducing that `op'
is actually +) would require single-stepping back through it separately; but
once we know that `op' is +, we can find the round key bits directly by working
back through the rounds of encryption.

So, apart from its key schedule, RC5 may be about the worst possible algorithm
choice for secret-algorithm hardware applications, where some implementations
may be vulnerable to glitch attacks. If Red Pike is similar but with a simpler
key schedule, then it could be more vulnerable still. However, since the
government plans to make Red Pike available eventually in software, this is not
a direct criticism of the design or choice of that algorithm.

It does all suggest, though, that secret-hardware algorithms should be more
complex; large S-boxes kept in EEPROM (that is separate from the program
memory) may be a sensible way of pushing up the cost of an attack. Other
protective measures that prudent designers would consider include error
detection, multiple encryption with voting, and designing the key schedule so
that the key material from a small number of rounds is not enough for a break.


Conclusion

We have improved on the Differential Fault Analysis of Biham and Shamir. Rather
than needing about 200 faulty ciphertexts to recover a DES key, we need less
than ten. We can factor RSA moduli with a single faulty ciphertext. We can also
reverse engineer completely unknown algorithms; this appears to be faster than
Biham and Shamir's approach in the case of DES, and is particularly easy with
algorithms that have a compact software implementation such as RC5.

Finally, our attacks - unlike those of Biham, Shamir, Boneh, DeMillo and Lipton
- - use a realistic fault model, which has actually been implemented and can be
used against fielded systems.


Acknowledgement

Mike Roe pointed out that the glitch attack on RSA can be done in real time by
a Mafia owned eftpos terminal.


Bibliography

[1] ``A New Cryptanalytic Attack on DES'', E Biham, A Shamir, preprint, 
18/10/96

[2] ``Differential Fault Analysis: Identifying the Structure of Unknown Ciphers
Sealed in Tamper-Proof Devices'', E Biham, A Shamir, preprint, 10/11/96

[3] ``On the Importance of Checking Computations'' D Boneh, RA DeMillo, RJ 
Lipton, preprint

[4] ``A practical variant of the Bellcore attack'', RJ Anderson, posted to
sci.crypt as message ID <55picf$dm3 at lyra.csx.cam.ac.uk>, 7/11/96

[5] ``Tamper Resistance - A Cautionary Note'', RJ Anderson, MG Kuhn, to appear
in Usenix Electronic Commerce workshop, 19/11/96

[6] ``Hardwaresicherheit von Mikrochips in Chipkarten'', Osman Kocar,
Datenschutz und Datensicherheit v 20 no 7 (July 96) pp 421--424

[7] ``Red Pike --- An Assessment'', C Mitchell, S Murphy, F Piper, P Wild,
Codes and Ciphers Ltd 2/10/96

------- End of Forwarded Message






From roach_s at alph.swosu.edu  Wed Nov 20 11:44:40 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Wed, 20 Nov 1996 11:44:40 -0800 (PST)
Subject: How to slow the animals ...
Message-ID: <199611201944.LAA18259@toad.com>


At 05:00 AM 11/19/96 +0000, The Deviant wrote:
>On Mon, 18 Nov 1996, Ernest Hua wrote:
>
...
>> 3.  Re-order out-going mail (from toad.com) according to size.
>>     Drop messages from queue if it gets "reordered" too many times.
>> 
>
>nononononononono Bad Bad Thing.  If you start doing that, we'll start
>getting replies before messages _even more than we do now_.
I thought so too, at first.  As the long post won't be there to reply to,
replies can't beat the origional post to the e-mail box.

Consider, You replied to a post, until you got this post, you could not
reply to it.  When you got the origional post, most everyone else did as
well.  by delaying long posts, replies would be forced to come later.
However, if a person writes a long argument to a post, and that is delayed,
meantime, someone else writes another response which closely mirrors the
first, you have now doubled the responses.  I may have done so here in fact.
What you say would be true if a message could be put on the "back burner"
after half of the receipients received thier copy.  Then, the remaining half
could get the reply before the post.  I believe I may be suffering from
something similar to this now as my e-mail address is probably near the
bottom of the rolls, due to my subscription being less than a month old.






From rod at wired.com  Wed Nov 20 12:06:08 1996
From: rod at wired.com (Roderick Simpson)
Date: Wed, 20 Nov 1996 12:06:08 -0800 (PST)
Subject: Anon
Message-ID: <v02140b03aeb905639c67@[204.62.132.248]>


Who has made the strongest case _against_ anonymity on the Net that you
have ever heard? Someone intelligent and theoretical rather than trapped in
some child porn or commerce pov.

Thanks,
Rod



R o d e r i c k S i m p s o n                                rod at wired.com
A s s o c i a t e P r o d u c e r  T h e H o t W i r e d N e t w o r k
www.braintennis.com                            www.wiredsource.com







From tcmay at got.net  Wed Nov 20 12:53:11 1996
From: tcmay at got.net (Timothy C. May)
Date: Wed, 20 Nov 1996 12:53:11 -0800 (PST)
Subject: Rogue Governments Issuing Policy Tokens
In-Reply-To: <v03007800aeb7b8522b6a@[207.167.93.63]>
Message-ID: <v03007804aeb92046fd09@[207.167.93.63]>


At 7:33 AM -0800 11/20/96, John Anonymous MacDonald wrote:
>"Timothy C. May" <tcmay at got.net> writes:
>
>> I mention Libya as an extreme example (the same example cited in the
>> Fiat-Shamir "is-a-person" example of rogue governments issuing passports).
>> The examples above are likely targets for policy card exports, though. The
>> issue is clear: the list of "fully-compliant" nations is short indeed, and
>> few nations are going to accept imports of U.S. technology in which the
>> U.S. government sets the policy on how and where the imports may be used.
>
>Most "dual-use" items are export-restricted to Lybia.  That means US
>businesses will have trouble selling any computers or even things like
>trucks to Lybia.  For crypto tokens not to be available there does not
>seem to be a huge deal, in comparison with everything else.

As I said in another message, and as others have commented, the specifics
of Libya are not the point. The point I was making--and I cited other
countries besides Libya--remains that any U.S. policy regarding sales to
other countries, with U.S. policies built in, must comprehend the reality
that these government will use policy tokens to their advantage, and that
many uses may not appeal to us.

The "rogue government" problem is discussed in crypto circles...one of my
main points is that the U.S. Administration has consistently failed to
address questions along these lines.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From snow at smoke.suba.com  Wed Nov 20 13:02:51 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 20 Nov 1996 13:02:51 -0800 (PST)
Subject: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <ygelobxjbm7.fsf@cave.gctech.co.jp>
Message-ID: <199611202119.PAA04919@smoke.suba.com>


> 
> "Timothy C. May" <tcmay at got.net> writes:
>> Time to dust off those "Big Brother Inside" stickers someone had printed up
>> a couple of years ago.
>I know that Intel has succeeded in forcing the "Linux Inside" logo and stickers
>off the net on threats of trademark infringement suits.  I have a feeling "Big
>Brother Inside" would make them even more upset.

     Question:

     If one were to start a "big brother inside" campaign against Intel as a 
form of _political_ protest against their (and the goverments) actions and 
policies, would it be considered trademark infringement, or could it be 
"protected speech" under the first amendment? 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From frissell at panix.com  Wed Nov 20 13:14:45 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Nov 1996 13:14:45 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
Message-ID: <3.0b36.32.19961120161314.0076ad68@panix.com>


I'm off straight science fiction these days because the real world is so
science fictional that I find it hard to suspend disbelief.  I do continue
to like military SF though and now straight military fiction.  

The problem with straight SF for me is that computers and networks have
changed the future so much that (in the words of the motto of the SF
Writer's Association) The Future Ain't What It Used to Be.  The science
fictional futures of my childhood are now dead as doornails.  And I can't
enjoy contemporary SF that doesn't include a healthy dose of computers and
networking.  

Unfortunately,  Since I am involved in "defining" the future in the debates
over the effects of the technology, I also can't suspend disbelief and like
stories that come to radically different conclusions about that future than
I have.  This is not old fuddy duddyism (I hope) but arises because the
nature of society these days is such that the future has become much more
of a consensual act on all our parts and I consider it important to hold
fast to my vision of the future and push it so that it comes about.  This
doesn't encourage suspensions of disbelief.  Meanwhile there are plenty of
other things to read.  Not that I get to read that much fiction these days.
 The Nets take too much time.

DCF






From lyalc at cba.com.au  Wed Nov 20 13:17:08 1996
From: lyalc at cba.com.au (lyalc@mail.cba.com.au)
Date: Wed, 20 Nov 1996 13:17:08 -0800 (PST)
Subject: NT insecurity
In-Reply-To: <3.0.32.19961118194954.00964d10@rmisp.com>
Message-ID: <32919A95.159E@mail.cba.com.au>


Justin Robbins wrote:
> 
> Well, for those uninformed out there who believe that you can
> penetrate an NT box using NTFSDOS, the problem remains that security
> in windows NT is a combination between the filesystem NTFS and the
> actual operating system, NT. NTFSDOS only allows reading the drives,
> not writing to them. NT also keeps the security registry

I guess Norton Utilities for DOS don't work if you have NTFSDOS loaded,
then.

Lyal







From frissell at panix.com  Wed Nov 20 13:23:52 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Nov 1996 13:23:52 -0800 (PST)
Subject: Rogue Governments Issuing Policy Tokens
Message-ID: <3.0b36.32.19961120162330.0070a4c4@panix.com>


At 07:33 AM 11/20/96 -0800, John Anonymous MacDonald wrote:
>Most "dual-use" items are export-restricted to Lybia.  That means US
>businesses will have trouble selling any computers or even things like
>trucks to Lybia.  For crypto tokens not to be available there does not
>seem to be a huge deal, in comparison with everything else.

Particularly since Libya bought a bunch of "oil drilling rig transport
trucks" from Oshkosh Truck Corp in the '70s and hired a bunch of Brits to
convert them into tank transporters.  Didn't help them against the deadly
Toyota pickups of the Chadian Defense Forces though.

DCF





From snow at smoke.suba.com  Wed Nov 20 13:28:42 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 20 Nov 1996 13:28:42 -0800 (PST)
Subject: The Limey PUNK needs TERMINATED
In-Reply-To: <Pine.LNX.3.95.961120054330.20078D-100000@dhp.com>
Message-ID: <199611202145.PAA04969@smoke.suba.com>

A non-text attachment was scrubbed...
Name: not available
Type: application/x-pgp-message
Size: 26 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961120/711207b4/attachment.bin>

From kooltek at iol.ie  Wed Nov 20 13:29:32 1996
From: kooltek at iol.ie (Hack Watch News)
Date: Wed, 20 Nov 1996 13:29:32 -0800 (PST)
Subject: Cracks Are Found In Smartcard Security (fwd)
In-Reply-To: <9611201602.AB22689@cti02.citenet.net>
Message-ID: <329377A5.4715@iol.ie>


Jean-Francois Avon wrote:

> In what context?  (How does that applies to PGP? Did he say that for short
> keys used to encrypt data directly?)
> 
> Sorry for my cluelessness.
> 

The smart cards in use by banks to protect transactions seem to use RSA
and DES algorithms. Now these algorithms are computationally difficult
to hack. Therefore an attack via cryptographical route would not be
envisaged by those who specify the system for the bank.

With the research into popping smart cards using fuming Nitric Acid, the
keys used for these transactions could be extracted from a smart card
within a few hours. Thus with the keys extracted, RSA and DES become
even more vulnerable because they are such well known algorithms. It
would be easy for someone to implement them in a pirate smart card as
indeed has been the case in European satellite Pay TV piracy. (France
Telecom used DES as the cryptographical basis for their EuroCrypt-M
access control overlay for the D2-MAC television standard).

The Fiat-Shamir ZKT was also demonstrated to be vulnerable using a
similar approach. It was possible to extract the necessary data to allow
pirate cards to spoof a valid ZKT response. Of course the original
version of this flaw was due to incompetence on the part of the system
designers (they never secured the card-decoder interface
microcontroller). A later implementation integrated the result of the
ZKT with the output of the algorithm thus making it a more secure
implemenation. However the smart card was popped (reverse-engineered
using the techniques desicribed in the paper) making it all academic.

The bottom line is that the security of smart cards is both highly
overrated and depends on a high level of bluff. Most people would not
attack a smart card because they think it is secure. However in European
satellite television piracy, most of the systems have been shown to have
flaws either in the technology or the implementation. (Naturally the
best reference on this is European Scrambling Systems 5 - The Black Book
ISBN: 1-873556-22-5 ;-) )

The relevant paper is at:
http://www.cl.cam.ac.uk/users/rja14/tamper.html

Regards...jmcc





From rcgraves at ix.netcom.com  Wed Nov 20 13:30:50 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Wed, 20 Nov 1996 13:30:50 -0800 (PST)
Subject: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <v03007800aeb7b8522b6a@[207.167.93.63]>
Message-ID: <32937876.77D5@ix.netcom.com>


David Wuertele wrote:
> 
> "Timothy C. May" <tcmay at got.net> writes:
> 
> > Time to dust off those "Big Brother Inside" stickers someone had 
> 
> I know that Intel has succeeded in forcing the "Linux Inside" logo and 
> stickers off the net on threats of trademark infringement suits.  I 
> have a feeling "Big Brother Inside" would make them even more upset.

So? What if they do get upset?

See http://www.x86.org/

-rich





From camcc at abraxis.com  Wed Nov 20 13:52:02 1996
From: camcc at abraxis.com (Alec)
Date: Wed, 20 Nov 1996 13:52:02 -0800 (PST)
Subject: ACLU sues GA over net ban
Message-ID: <3.0.32.19961120165211.0069733c@smtp1.abraxis.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 4993 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961120/93c13863/attachment.bin>

From rah at shipwright.com  Wed Nov 20 14:08:20 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 20 Nov 1996 14:08:20 -0800 (PST)
Subject: Anon
In-Reply-To: <v02140b03aeb905639c67@[204.62.132.248]>
Message-ID: <v03007808aeb93101f7b7@[206.119.69.46]>


At 2:06 pm -0500 11/20/96, Roderick Simpson wrote:
>Who has made the strongest case _against_ anonymity on the Net that you
>have ever heard? Someone intelligent and theoretical rather than trapped in
>some child porn or commerce pov.

Actually, the "commerce pov" will probably be the one which kills all
arguments for anonymity. digital bearer certificates, like digital cash,
are always going to be cheaper than book entries.

Bearer certificates are the ultimate economic argument for anonymity. We
just couldn't implement them until Chaum figured out how.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From jbugden at smtplink.alis.ca  Wed Nov 20 14:15:16 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Wed, 20 Nov 1996 14:15:16 -0800 (PST)
Subject: Social Security workers in bribery plot
Message-ID: <9610208485.AA848538867@smtplink.alis.ca>


Copyright c 1996 Nando.net
Copyright c 1996 From staff and wire reports 

NEW YORK (Nov 20, 1996 4:42 p.m. EST) - Several Social Security 
Administration employees have been charged with giving confidential 
consumer information to credit card thieves in exchange for bribes as 
low as $10, authorities said on Wednesday.

[...]

The investigation began in February when investigators for Citicorp's 
Citibank found that a large number of Citibank credit cards had been 
sent to customers but never received. But the cards had been activated.

[...]

The Social Security Administration then conducted security reviews to 
determine if any employees had accessed files of individuals.

Gimlett said the investigation was significant because it demonstrated 
"the reality that employees of government agencies or corporations who 
have access to personal information may take advantage of their position 
of trust to steal personal information and sell it for financial gain."

[...]






From gexing at mbox.vol.it  Wed Nov 20 14:19:57 1996
From: gexing at mbox.vol.it (Giulio)
Date: Wed, 20 Nov 1996 14:19:57 -0800 (PST)
Subject: No Subject
Message-ID: <199611202219.OAA21780@toad.com>


Unsuscribe Cypherpunks Giulio <gexing at mbox.vol.it>





From unicorn at schloss.li  Wed Nov 20 15:03:22 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 20 Nov 1996 15:03:22 -0800 (PST)
Subject: Rogue Governments Issuing Policy Tokens
In-Reply-To: <199611201533.HAA14944@abraham.cs.berkeley.edu>
Message-ID: <Pine.SUN.3.94.961120180041.29265E-100000@polaris>


On Wed, 20 Nov 1996, John Anonymous MacDonald wrote:

> Date: Wed, 20 Nov 1996 07:33:51 -0800
> From: John Anonymous MacDonald <nobody at cypherpunks.ca>
> To: cypherpunks at toad.com
> Subject: Re: Rogue Governments Issuing Policy Tokens
> 
> "Timothy C. May" <tcmay at got.net> writes:
> 
> > I mention Libya as an extreme example (the same example cited in the
> > Fiat-Shamir "is-a-person" example of rogue governments issuing passports).
> > The examples above are likely targets for policy card exports, though. The
> > issue is clear: the list of "fully-compliant" nations is short indeed, and
> > few nations are going to accept imports of U.S. technology in which the
> > U.S. government sets the policy on how and where the imports may be used.
> 
> Most "dual-use" items are export-restricted to Lybia.  That means US
> businesses will have trouble selling any computers or even things like
> trucks to Lybia.  For crypto tokens not to be available there does not
> seem to be a huge deal, in comparison with everything else.

You've obviously never been to or heard of Brussels.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From cjh at osa.com.au  Wed Nov 20 15:43:57 1996
From: cjh at osa.com.au (cjh at osa.com.au)
Date: Wed, 20 Nov 1996 15:43:57 -0800 (PST)
Subject: SSLeay Legality FAQ
Message-ID: <199611202352.KAA04408@rosella.osa.com.au>


Folk,

Here's version 1.4 of the SSLeay Legality FAQ.  Additions since 1.3 are
in the areas of import/export controls in various countries.

Enjoy!

---------------------------------- Cut Here ----------------------------------

			SSLeay Legality FAQ Version 1.4

Outline:
	Disclaimer
	Legality/Patent Rights table
	Export Considerations
	Patent Considerations
	References
	For more information
	Credits

Disclaimer:

This document may contain gross errors, and neither Clifford Heath nor Open
Software Associates Limited accept any liability for same.  Users should do
their own research and receive professional legal advice.

With regard to the legalities of using SSLeay, there is a number of
geographical considerations, and a number of kinds of legal considerations.

Legality/Patent Rights table:

I've broken the legal considerations into "legal" (will the govt come after
you :-) and "license" (who do you need to pay patent royalties to).

Algor:	Location:	Purpose:	Legal:		License:	Ref:

DES	world-wide	any		mostly#		public domain
RSA	US		indiv/free	only RSAref	free		RSA
RSA	US		commercial	RSAref/BSAFE	from RSADSI*	RSA
DH	US		?		mostly#		Cylink+
DSA/DSS	(based on Diffie-Hellman)
RC4/2	US		any		mostly#		from RSADSI	RSA
RC4	elsewhere	any		mostly#		seems safe
IDEA	US/Europe/Japan	indiv/free	mostly#		free		ASCOM
IDEA	US/Europe/Japan	indiv/commercial mostly#	$US15, ASCOM	ASCOM
IDEA	US/Europe/Japan	company site	mostly#		from ASCOM	ASCOM
IDEA	elsewhere	any		mostly#		free
SAFER	world-wide	any		mostly#		free		Safer
MD2	world-wide	PEM only	yes		free@		rfc1319
MD5	world-wide	any		yes		free@		rfc1321
SHA	world-wide	any		yes		free		
Any(!)	France		any		only with (almost unobtainable) permit
Any(!)	Russia		any		only with permit

Notes:
* RSADSI's patent on RSA (#4,405,829) runs out on 20 Sep 2000.  RSAref is free
  under certain terms, otherwise can be licensed through Concensus.  BSAFE is
  stronger and has RC4 but requires purchase and royalties: $25K up front,
  royalties the larger of 2% or $2, royalty prepayment of $5000 per annum
  required in subsequent years covers 50% of royalties over the following year.
+ DH by itself cannot be used for digital signatures - the El Gamal extension
  provides this. CYLINK claim their DH patent covers El Gamal.  The US patent
  #4,200,770 runs out on 29 April 1997.  The Canadian patent (#1,121,480)
  registered 6 April, 1982, runs out in 1999.
@ Acknowledgement is required - see the RFC.
# Many countries have nominal export controls, including the UK and Australia,
  but I only know of them being enforced in the USA.  MD2/5 and SHA are not
  subject to export controls anywhere that I know of.

Export considerations:

The USA has regulations under ITAR (International Trade in Arms Regulations)
which categorises "cryptographic and ancillary devices" as munitions.
Two classes of export licenses are granted: Distribution Licenses or DL's
and Individual Validated Licenses or IVL's.

To get an IVL you must say who the customer is and why he needs DES (or 3X
DES, etc.).  One may then use the IVL to export to the approved end user.
Thousands are granted every year and very few applications are rejected.

Systems which use cryptography for decryption only, authentication only
(e.g. Kerberos authentication as available from Cybersafe and others), or
can only be used for protecting financial data (e.g Cybercash etc., as long
as it cannot be used for arbitrary messaging) are more-or-less readily
granted a DL.  DLs have also been granted for some implementations of
RC4/40 bits (e.g Netscape).

Canada has back-to-back agreements with the USA's ITAR controls, so it's
easy to get crypto from the USA to Canada but you can't export from Canada.
More information is available from Customs Canada (Revenue Canada) and
Department of External Affairs and these URLs:
http://axion.physics.ubc.ca/ECL.html - Excerpts from the Export Control List
of Canada, and http://insight.mcmaster.ca/org/efc/pages/doc/crypto-export.html
Canada's export controls.

Many other countries have export controls (UK, Australia and others), but
enforcement is less stringent than in the USA.  In Australia, export of
cryptographic software is controlled by Customs Regulations 13B (military
technology) and 13E (Dual Use Technology).  The regulations are administered
by the Defence Signals Directorate - mail to "Director, Strategic Trade
Policy and Operations, Dept of Defence, Anzac Park West Offices APW1-1-OA1,
Canberra, ACT" or fax (06)266-6412 and ask for their "Australian Controls
on the Export of Technology with Civil and Military Applications".  The
Australian regulations are also online at http://www.austlii.edu.au/cgi-bin/sinodisp.pl/au/legis/cth/consol_reg/cer439/sch13.html
Software is defined as "one or more programs fixed in any tangible medium of
expression", which explicitly leaves electronic shipment uncontrolled.
Don't carry or mail media with SSLeay-based software out of Australia -
email or FTP it instead!

The UK Gov't is funding a project at Royal Holloway College which contains
Key Escrow provisions.  Watch for the EC DGXIII introducing European
legislation under the banner "European Trusted Services", or visit
http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html, 
ftp://ftp.dcs.rhbnc.ac.uk/pub/Chris.Mitchell/istr_a2.ps,
ftp://ftp.cl.cam.ac.uk/users/rja14/euroclipper.ps.Z

France disallows *import* and use of crypto technology without a permit,
and Russia requires a permit for use also.

Patent considerations:

According to 35 U.S.C. 271 (a), "whoever makes, uses, offers to sell, sells
or imports ... infringes the patent."  In other words, you better ensure
that you *compile out* and patented algorithms unless you intend to license
them, even if the code is not executed.  In fact, if you are in the USA,
merely ftp'ing SSLeay into the USA is a breach of various patents. (Eric,
you might consider splitting it into two ftp archives, one for the USA and
an additional one for the rest of the world.)

References:

RSA:	http://www.rsa.com/
CYLINK:	http://www.cylink.com/products/security/
ASCOM:	http://www.ascom.ch/Web/systec
Safer:	ftp://ftp.isi.ee.ethz.ch/pub/simpl/

For more information:

http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm - Crypto Law Survey

Credits:

Thanks to to Eric Young, Rich Salz, Donald Lewine, Holger Reif and Bruce
Schneier (author of Applied Cryptography), Peter Trei, Remo Tabanelli,
Ben Laurie, Ulf Moeller, Michael Taylor for their contributions.

------------------------------------------------------------
Clifford Heath                          cjh at osa.com.au
Open Software Associates Limited
29 Ringwood Street / P O Box 401        Phone +613 9871 1694
Ringwood  VIC  3134    AUSTRALIA        Fax   +613 9871 1711
------------------------------------------------------------
  Deploy Applications across the Internet and Intranets!
	 Visit our Web site at http://www.osa.com





From jer+ at andrew.cmu.edu  Wed Nov 20 15:54:50 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Wed, 20 Nov 1996 15:54:50 -0800 (PST)
Subject: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
In-Reply-To: <199611202119.PAA04919@smoke.suba.com>
Message-ID: <0mYtaw200YUf0AY5Q0@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

snow <snow at smoke.suba.com> writes:
> > "Timothy C. May" <tcmay at got.net> writes:
> >> Time to dust off those "Big Brother Inside" stickers someone had printed up
> >> a couple of years ago.
> >I know that Intel has succeeded in forcing the "Linux Inside" logo and sticke\
> rs
> >off the net on threats of trademark infringement suits.  I have a feeling "Big
> >Brother Inside" would make them even more upset.
> 
>      Question:
> 
>      If one were to start a "big brother inside" campaign against Intel as a 
> form of _political_ protest against their (and the goverments) actions and 
> policies, would it be considered trademark infringement, or could it be 
> "protected speech" under the first amendment? 

Trademarks are not copyrights. There is no fair use for trademarks. In
addition, civil suits are not criminal trials. The USG can't throw
your ass in jail for making "big brother inside" stickers, but Intel
can sue your ass off.
In a related note, you may be safe from lible suits...

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpOZsckz/YzIV3P5AQFN0AL/RRUETlRQRgSsREu1xwYnBUSIQ+JAH0jq
chrtsiFeSKALFeuM0oDfSIR4q1WZ4krnmhISdog3bSkrm5eN6D4lsDB2NRofy1oZ
jLAfmuRHUW0A6Kt5nH+PViqNZqEjBL+G
=XMgA
-----END PGP SIGNATURE-----





From deviant at pooh-corner.com  Wed Nov 20 16:09:30 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Wed, 20 Nov 1996 16:09:30 -0800 (PST)
Subject: Innocent until proven guilty
In-Reply-To: <v03007800aeb8f3907bb2@[207.167.93.63]>
Message-ID: <Pine.LNX.3.94.961121000623.6099A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 20 Nov 1996, Timothy C. May wrote:

> At 1:36 AM -0600 11/20/96, snow wrote:
> >> At 01:02 =EC=EC 19/11/1996 -0500, Clay Olbon II wrote:
> >> >with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
> >> >guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',
> >
> >    Huh? People are most certainly guilty before "proven" so, the government
> >just isn't allowed to _assume_ their guilt, or to _act_ like they are guilty.
> >
> >     If you purchase LSD in America, you are guilty of a felony--Drug
> >trafficing. Wether the court _finds_ you guilty or not is another story.
> 
> In this case, the putative crime is "drug trafficking" or "possession,"
> depending. One is still presumed innocent until proven guilty. To wit, the
> state must prove its case.
> 
> I rather suspect that any prosecutors or defense lawyers on this list will
> confirm that an LSD case is hardly a case of "guilty until proven innocent."
> 

Whether you're _presumed_ innocent or not isn't the point he was making.
If you commit a crime, you are guilty of that crime, proven or not.  You
might not be _proven guilty_ in court, which you have to be in order to be
convicted, and you are still _presumed_ innocent.  But you're still guilty
of the crime.

 --Deviant
Talking much about oneself can also be a means to conceal oneself.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpOdcTCdEh3oIPAVAQGICgf+Nblm9lfworbBpqHp1xqnKKBqJj9EZNIA
W17r/RY7TcYJmsVZY3h5jwShvdyZt+Ou04TrQK7t9ZjPqgYyWd5y/P0+tg71dCZn
C/H1IVMLLFn3LR8noXMDznV4NSK0edlYvkgha2DeJGFVpQ2vMg+ck911/oLM3jFK
t7guwVc4/lDahQXtm03/SwBT3H8e7Np74k7X8k2Zge3wbJoqTiLnykTQOKIuAC9Q
+CqJPBoUSkIaYYbn+S5ZCFjNRvwJyGAiEqLeghVY/fRB1ufZT8m7/0wHsmQJPULS
B7mNRZqtYUwGABmfZ5OzlyDag+DFSD56/xhaB3977c8APOVU5sj0Yg==
=Zwdy
-----END PGP SIGNATURE-----






From nobody at cypherpunks.ca  Wed Nov 20 17:05:24 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 20 Nov 1996 17:05:24 -0800 (PST)
Subject: CServe Does The Right Thing
Message-ID: <199611210051.QAA28762@abraham.cs.berkeley.edu>



COMPUSERVE MAY PULL ADMIN UNIT OUT OF GERMANY
CompuServe's administrative operations in Germany may be
transferred to another country because of proposed German
legislation that would make Internet companies block access to
pornography, neo-Nazi material or extremist pictures or writing.
CompuServe says it does not want to be in the position of having to
"censor" the Internet.  (New York Times 19 Nov 96 C5)







From alan at ctrl-alt-del.com  Wed Nov 20 17:08:39 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Wed, 20 Nov 1996 17:08:39 -0800 (PST)
Subject: US supporting dissidents? (was Re: Rogue Governments Issuing Policy Tokens)
Message-ID: <3.0b36.32.19961120170759.00f33e30@mail.teleport.com>


At 06:52 PM 11/20/96 -0500, Jeremiah A Blatz wrote:

>Trademarks are not copyrights. There is no fair use for trademarks. In
>addition, civil suits are not criminal trials. The USG can't throw
>your ass in jail for making "big brother inside" stickers, but Intel
>can sue your ass off.
>In a related note, you may be safe from lible suits...

Make you wonder how Mad magazine has gotten away with it all these years...
 (Maybe we could get Mad to print them!  Would make an interesting cover...)

ObSpyVSSpy:  Mad TV (on Fox) has been running animated Spy V.S. Spy
cartoons.  (Usually one or two per episode.)  Probibly best thing about the
show.  (I mentioned this because one "prominent Cypherpunk" at Orycon had
not known about them.)
 
---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From nobody at zifi.genetics.utah.edu  Wed Nov 20 17:36:39 1996
From: nobody at zifi.genetics.utah.edu (Anonymous)
Date: Wed, 20 Nov 1996 17:36:39 -0800 (PST)
Subject: FUCK YOU punk
Message-ID: <199611210136.SAA01646@zifi.genetics.utah.edu>



_______________________________________________________________________________
From: aga on Wed, Nov 20, 1996 15:24
Subject: FUCK YOU punk/was:Taking out the garbage
To: freedom-knights at jetcafe.org
Cc: cypherpunks at toad.com

>If you try to make or enforce any rules and YOU DIE cocksucker!

You might want to watch yourself.  It would be hard to *not* see this as a
direct threat...

>Your presents shall be totally eliminated form this InterNet!
          ^^^^^^^
Yeah, Lucky!  You better watch out, or there'll be NO CHRISTMAS!! :-)

>Your connection will be TERMINATED at once! 

Suddenly, agatha is everyone's sysadmin...

>fuck you punk, and fuck all of your "rules"

Whether stated or not, there _are_ certain guidelines (or rules) we all 
should follow, just so we aren't *ASSHOLES*...

>-aga






From frissell at panix.com  Wed Nov 20 18:01:12 1996
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 20 Nov 1996 18:01:12 -0800 (PST)
Subject: Anon
Message-ID: <3.0b36.32.19961120210120.00758920@panix.com>


At 12:06 PM 11/20/96 -0700, Roderick Simpson wrote:
>Who has made the strongest case _against_ anonymity on the Net that you
>have ever heard? Someone intelligent and theoretical rather than trapped in
>some child porn or commerce pov.
>
>Thanks,
>Rod

Recruiting for a future Brain Tennis I take it?

The Thursday Computer columnist for the WSJ (whose name escapes me) is a
possibility.  I don't know how strong he is but he is consistently opposed.

I wouldn't recommend L. Detweiler though he is opposed to anonymity.

How about Esther Dyson?

DCF





From abostick at netcom.com  Wed Nov 20 18:02:34 1996
From: abostick at netcom.com (Alan Bostick)
Date: Wed, 20 Nov 1996 18:02:34 -0800 (PST)
Subject: [NOISE] Want to know about this "aga" character? Read the Grubo
In-Reply-To: <gqmkXD7w165w@bwalk.dm.com>
Message-ID: <k51ky8m9L40G085yn@netcom.com>


In article <gqmkXD7w165w at bwalk.dm.com>,
dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote:


> Also read http://www.mindspring.com/~netscum/flaqu for more details on
> Alan, John, and their merry playmates.

Can't you get anything right?  The correct URL is

	http://www.mindspring.com/~netscum/idxflaqu.html

Alan "Proud to keep such distinguished company" Bostick

-- 
Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick at netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick





From hal at rain.org  Wed Nov 20 18:02:45 1996
From: hal at rain.org (Hal Finney)
Date: Wed, 20 Nov 1996 18:02:45 -0800 (PST)
Subject: Anon
Message-ID: <199611210202.SAA10970@crypt.hfinney.com>


As I mentioned a couple of days ago, science fiction writer David Brin
has an argument against not only anonymity, but _privacy_ as well.
Where cypherpunks tend to think of privacy as both beneficial and
inevitable, Brin sees it as harmful and doomed.  He has an article in
the December 1996 issue of Wired discussing his ideas.

BTW cypherpunk Doug Barnes is also quoted several times in the long
article in that issue by Neal Stephenson (Snow Crash, The Diamond Age)
about the undersea cables that carry most transnational information
traffic.

Hal





From snow at smoke.suba.com  Wed Nov 20 18:05:00 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 20 Nov 1996 18:05:00 -0800 (PST)
Subject: Cyber Power in Forbes
In-Reply-To: <Pine.SUN.3.91.961120072630.2518E-100000@eff.org>
Message-ID: <199611210222.UAA05562@smoke.suba.com>


> Interesting. I'll pick it up.
> Huber likes to say that Orwell was wrong in saying technology is a threat
> to civil liberties.Personally, I think the jury's still out and I suspect
> he does too. But Huber also believes that saying something loudly,
 repeatedly makes it true. 

     It isn't the machines, it is the people.

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From hal at rain.org  Wed Nov 20 18:09:15 1996
From: hal at rain.org (Hal Finney)
Date: Wed, 20 Nov 1996 18:09:15 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
Message-ID: <199611210209.SAA10975@crypt.hfinney.com>


From: Duncan Frissell <frissell at panix.com>
> The problem with straight SF for me is that computers and networks have
> changed the future so much that (in the words of the motto of the SF
> Writer's Association) The Future Ain't What It Used to Be.  The science
> fictional futures of my childhood are now dead as doornails.  And I can't
> enjoy contemporary SF that doesn't include a healthy dose of computers and
> networking.  

I find this to be largely true as well.  The cyberpunk genre does the
best job at grappling with the impact of communications tech but it is
traditionally dystopian.  It would be nice to see a story about better
living through crypto.

What fiction can people recommend which presents crypto/privacy issues
realistically?  How about this new book that Neal Stephenson is working
on, does anyone know what it's about?  His short story, "Hack the Spew",
a few months ago (in Wired, I think?) had a strong crypto flavor.

Hal





From snow at smoke.suba.com  Wed Nov 20 18:09:25 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 20 Nov 1996 18:09:25 -0800 (PST)
Subject: Innocent until proven guilty
In-Reply-To: <v03007800aeb8f3907bb2@[207.167.93.63]>
Message-ID: <199611210226.UAA05592@smoke.suba.com>


> 
> At 1:36 AM -0600 11/20/96, snow wrote:
> >> At 01:02 =EC=EC 19/11/1996 -0500, Clay Olbon II wrote:
> >> >with _serious_ issues of 'unemployability'., FURTHERMORE people are NEVER
> >> >guilty before PROVEN so. Guilt or Innocence is NOT a matter of 'opinion',
> >    Huh? People are most certainly guilty before "proven" so, the government
> >just isn't allowed to _assume_ their guilt, or to _act_ like they are guilty.
> >     If you purchase LSD in America, you are guilty of a felony--Drug
> >trafficing. Wether the court _finds_ you guilty or not is another story.
> 
> In this case, the putative crime is "drug trafficking" or "possession,"
> depending. One is still presumed innocent until proven guilty. To wit, the
                          ^^^^^^^^
> state must prove its case.
> I rather suspect that any prosecutors or defense lawyers on this list will
> confirm that an LSD case is hardly a case of "guilty until proven innocent."

      Let me put it this way. Do you really believe that Mr. Simpson is "not
guilty" of murder, even tho' the courts found him so? 

      If I purchase LSD, I am guilty of BOTH trafficing and possession,
I _did_ it. After all, you were the one with the "felon" in your .signature. 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From hal at rain.org  Wed Nov 20 18:27:41 1996
From: hal at rain.org (Hal Finney)
Date: Wed, 20 Nov 1996 18:27:41 -0800 (PST)
Subject: Stewart Baker on new crypto rules
Message-ID: <199611210227.SAA11010@crypt.hfinney.com>


From: "Michael Froomkin - U.Miami School of Law" <froomkin at law.miami.edu>
> http://www.steptoe.com/oped.htm
>
> argues that industry won't accept any system that threatens to cut off
> backwards compatibility after 2 years, hence DES export liberalization
> will have to extend beyond the proposed period.

I take a slightly different moral.  Baker (former NSA attorney) writes:

> If buying key-recovery encryption means customers must give up all
> of their legacy encryption systems, key recovery products will carry a
> near-fatal burden in many markets where encryption is now used widely. The
> transition to key recovery will have to be gradual or it won't happen
> at all.

What I see this as is a call to come up with architectures that will allow
transparent phase-in of government key access (so-called "key recovery")
technology.  The current HP proposal fits in very well with this model.
The appear to be planning on using standard API's so that applications
will be able to switch to using key escrow software without changing the
applications themselves, just the OS.  Maybe there could be a transition
period where both the old and new crypto would both be accepted, then
after a period of time the old wouldn't work any more.

As Baker goes on to say:

> Three years ago, no one in the PC world would have bought an operating
> system that didn't run MS-DOS. Three years from now, we'll be happy to buy
> an operating system that is backward-compatible with Windows 95 but not
> with MS-DOS. And then, at last, we'll throw out all our old DOS programs.

This suggests to me that we need to be vigilant in watching for systems that
will allow for easy "drop in" of key escrow.

Hal





From froomkin at law.miami.edu  Wed Nov 20 19:02:24 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Wed, 20 Nov 1996 19:02:24 -0800 (PST)
Subject: Stewart Baker on new crypto rules
In-Reply-To: <199611210227.SAA11010@crypt.hfinney.com>
Message-ID: <Pine.SUN.3.95.961120220506.12517D-100000@viper.law.miami.edu>


 On Wed, 20 Nov 1996, Hal Finney wrote:
> 
> This suggests to me that we need to be vigilant in watching for systems that
> will allow for easy "drop in" of key escrow.
> 
I dunno.  Drop in in some but not all cases will equal drop out.


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From froomkin at law.miami.edu  Wed Nov 20 19:13:57 1996
From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law)
Date: Wed, 20 Nov 1996 19:13:57 -0800 (PST)
Subject: Anon
In-Reply-To: <v02140b03aeb905639c67@[204.62.132.248]>
Message-ID: <Pine.SUN.3.95.961120221542.12517H-100000@viper.law.miami.edu>


On Wed, 20 Nov 1996, Roderick Simpson wrote:

> Who has made the strongest case _against_ anonymity on the Net that you
> have ever heard? Someone intelligent and theoretical rather than trapped in
> some child porn or commerce pov.
 
For a summary of some arguments made by Justice Scalia and others see

http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid58313


A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law     | froomkin at law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here. 






From dlv at bwalk.dm.com  Wed Nov 20 19:20:14 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 20 Nov 1996 19:20:14 -0800 (PST)
Subject: Anon
In-Reply-To: <v02140b03aeb905639c67@[204.62.132.248]>
Message-ID: <Dw3PXD33w165w@bwalk.dm.com>


rod at wired.com (Roderick Simpson) writes:

> Who has made the strongest case _against_ anonymity on the Net that you
> have ever heard? Someone intelligent and theoretical rather than trapped in
> some child porn or commerce pov.

Cypherpunks themselves are opposed to complete anonymity. They insist on
being able to track down and silence whoever (ab)uses the remailers to
distribute homophobic or otherwise politically incorrect traffic. Just
search the archives for their advocacy of "identify escrow".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From unicorn at schloss.li  Wed Nov 20 19:32:24 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 20 Nov 1996 19:32:24 -0800 (PST)
Subject: Anon
In-Reply-To: <v03007808aeb93101f7b7@[206.119.69.46]>
Message-ID: <Pine.SUN.3.94.961120223040.4194F-100000@polaris>


On Wed, 20 Nov 1996, Robert Hettinga wrote:

> Date: Wed, 20 Nov 1996 17:07:35 -0500
> From: Robert Hettinga <rah at shipwright.com>
> To: Roderick Simpson <rod at wired.com>, cypherpunks at toad.com
> Subject: Re: Anon
> 
> At 2:06 pm -0500 11/20/96, Roderick Simpson wrote:
> >Who has made the strongest case _against_ anonymity on the Net that you
> >have ever heard? Someone intelligent and theoretical rather than trapped in
> >some child porn or commerce pov.
> 
> Actually, the "commerce pov" will probably be the one which kills all
> arguments for anonymity. digital bearer certificates, like digital cash,
> are always going to be cheaper than book entries.
> 
> Bearer certificates are the ultimate economic argument for anonymity. We
> just couldn't implement them until Chaum figured out how.


Wait... I didn't catch the above.

Which is a pro-anonymity and which a con-anonymity argument?

> 
> Cheers,
> Bob Hettinga
> 
> -----------------
> Robert Hettinga (rah at shipwright.com)
> e$, 44 Farquhar Street, Boston, MA 02131 USA
> "The cost of anything is the foregone alternative" -- Walter Johnson
> The e$ Home Page: http://www.vmeng.com/rah/
> 
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From Adamsc at io-online.com  Wed Nov 20 19:39:27 1996
From: Adamsc at io-online.com (Adamsc)
Date: Wed, 20 Nov 1996 19:39:27 -0800 (PST)
Subject: U.S. CIA employee caught spying
Message-ID: <19961121033534640.AAA222@rn244.io-online.com>


On Mon, 18 Nov 1996 17:05:47 -0500 (EST), Tim Scanlon wrote:

>This is on the local DC news;

>Harold Nicholson age 46, a CIA employee was arrested for spying today
>at Dulles airport. He allegedly has been working for the Russians
>for the past 2 years.

Here's a good question to ask: "Why are we getting security policy from the
[un]intelligence agencies?"

What will get mentioned, however, will be: "If he'd been using PGP we'd
never have caught him.  This is why we need GAK!"

#  Chris Adams  <adamsc at io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From jya at pipeline.com  Wed Nov 20 19:47:29 1996
From: jya at pipeline.com (John Young)
Date: Wed, 20 Nov 1996 19:47:29 -0800 (PST)
Subject: CAVE Report
Message-ID: <1.5.4.32.19961121034520.006ab8dc@pop.pipeline.com>


We've put the CAVE-based report at:

   http://jya.com/tr453.htm  (46 kb with 7 images)


CAVE = Cellular Authentication and Voice Encryption algorithm.

Nokia, for one, uses a CAVE algorithm to secure its latest toy.







From lyalc at cba.com.au  Wed Nov 20 20:11:34 1996
From: lyalc at cba.com.au (lyal collins)
Date: Wed, 20 Nov 1996 20:11:34 -0800 (PST)
Subject: Anon
In-Reply-To: <v02140b03aeb905639c67@[204.62.132.248]>
Message-ID: <3293E365.59DE@mail.cba.com.au>


Roderick Simpson wrote:
> 
> Who has made the strongest case _against_ anonymity on the Net that you
> have ever heard? Someone intelligent and theoretical rather than trapped in
> some child porn or commerce pov.

I don't know - they didn't give a name.
Lyal

> 
> Thanks,
> Rod
> 
> R o d e r i c k S i m p s o n                                rod at wired.com
> A s s o c i a t e P r o d u c e r  T h e H o t W i r e d N e t w o r k
> www.braintennis.com                            www.wiredsource.com






From shamrock at netcom.com  Wed Nov 20 20:17:29 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 20 Nov 1996 20:17:29 -0800 (PST)
Subject: Stewart Baker on new crypto rules
In-Reply-To: <199611210227.SAA11010@crypt.hfinney.com>
Message-ID: <Pine.3.89.9611202018.A26330-0100000@netcom14>


On Wed, 20 Nov 1996, Hal Finney wrote:

> What I see this as is a call to come up with architectures that will allow
> transparent phase-in of government key access (so-called "key recovery")
> technology.  The current HP proposal fits in very well with this model.
> The appear to be planning on using standard API's so that applications
> will be able to switch to using key escrow software without changing the
> applications themselves, just the OS.  Maybe there could be a transition
> period where both the old and new crypto would both be accepted, then
> after a period of time the old wouldn't work any more.

Just so we are all clear about what HP is up to: in August, 1996, I
attended a presentation by HP's policy person. He was touting the
anti-four horsemen properties of HP/TIS/unnamed other's "voluntary" "key
recovery"  system. When I pointed out to him that voluntary GAK could not
possibly defend against criminals using strong crypto, since such
criminals are unlikely to register their keys with the "escrow" agency, he
replied: 

"There are many 
possible interpretations of the words 'voluntary' and 'mandatory'."

I am willing to testify to this under oath.

I don't know what dictionary HP is using. Orwell himself must have 
written it.

--Lucky





From roach_s at alph.swosu.edu  Wed Nov 20 20:38:22 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Wed, 20 Nov 1996 20:38:22 -0800 (PST)
Subject: 1996 Codebreakers
Message-ID: <199611210438.UAA02202@toad.com>


>Adam Shostack <adam at homeport.org> writes:
>> 	I just got a review copy of the new (1996) ed. of Kahn's The
>> Codebreakers from my local used bookstore.  Its a little disapointing,
>...
>> & DH.  Nothing on Cypherpunks, little on how privacy can be enhanced.
The above was stripped from a reply made by Dr Dimitri Vulis.

I have just one question, was the copy that you purchased hardcopy or paperback?
I found the paperback in a school library and found that it said that the
technical portion had been abridged to save space, (and money).
I cannot say that I read the whole text, only the first half chapter and
then some skipping around trying to find the RSA algorthim.  I later found
it in a periodical to which I am subscribed.






From rah at shipwright.com  Wed Nov 20 20:49:37 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 20 Nov 1996 20:49:37 -0800 (PST)
Subject: Anon
In-Reply-To: <v03007808aeb93101f7b7@[206.119.69.46]>
Message-ID: <v03007802aeb982a161f1@[206.119.69.46]>


At 10:31 pm -0500 11/20/96, Black Unicorn wrote:
>> Actually, the "commerce pov" will probably be the one which kills all
>> arguments for anonymity. digital bearer certificates, like digital cash,
             ^^^ Oops. Belay that. "against" goes here...

>> are always going to be cheaper than book entries.
>>
>> Bearer certificates are the ultimate economic argument for anonymity. We
>> just couldn't implement them until Chaum figured out how.
>
>
>Wait... I didn't catch the above.
>
>Which is a pro-anonymity and which a con-anonymity argument?

Sorry about that...

Emily Latella, RIP


Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From mycroft at actrix.gen.nz  Wed Nov 20 20:49:50 1996
From: mycroft at actrix.gen.nz (Paul Foley)
Date: Wed, 20 Nov 1996 20:49:50 -0800 (PST)
Subject: FUCK YOU punk/was:Taking out the garbage
In-Reply-To: <Pine.LNX.3.95.961120050108.20078A-100000@dhp.com>
Message-ID: <199611210407.RAA06841@mycroft.actrix.gen.nz>


On Wed, 20 Nov 1996 05:11:47 -0500 (EST), aga <aga at dhp.com> wrote:

   On Tue, 19 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
   >
   > Beginning Monday, 11/25/96, I will bounce all email from the various 
   > (non-)subscribers polluting this list with garbage back to the 
   > authors. Furthermore, I will attach documents describing basic 
   > Internet rules of conduct to each bounce.
   > 

First of all, it wasn't Vulis who wrote that, it was Lucky Green.  Try
to keep your attributions straight.

   Somebody tell this stupid motherfucker that there are NO "basic
   Internet rules of conduct."

Wasn't it you who claimed that cypherpunks was "public domain" because
of just some such "InterNet" rule?

   He who tries to make or enforce any rules DIES!

Is that a rule? :-)

   > I would encourage other Cypherpunks to do the same. 

   Yeah boy, you are a PUNK allright.

And you're a hypocritical fascist asshole.  So what?

-- 
Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
I feel like I am sharing a ``CORN-DOG'' with NIKITA KHRUSCHEV ...





From shamrock at netcom.com  Wed Nov 20 20:51:23 1996
From: shamrock at netcom.com (Lucky Green)
Date: Wed, 20 Nov 1996 20:51:23 -0800 (PST)
Subject: FUCK YOU punk
In-Reply-To: <199611210136.SAA01646@zifi.genetics.utah.edu>
Message-ID: <Pine.3.89.9611201929.A26330-0100000@netcom14>


On Wed, 20 Nov 1996, Anonymous wrote:

> 
> _______________________________________________________________________________
> From: aga on Wed, Nov 20, 1996 15:24
> Subject: FUCK YOU punk/was:Taking out the garbage
> To: freedom-knights at jetcafe.org
> Cc: cypherpunks at toad.com
> 
> >If you try to make or enforce any rules and YOU DIE cocksucker!
> 
> You might want to watch yourself.  It would be hard to *not* see this as a
> direct threat...

Indeed, I am contemplating litigation. I'll have dinner with the local DA 
and Sheriff in a few days. I'll bounce the original message of them as 
well as my attorney and see what they have to say.

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred






From rah at shipwright.com  Wed Nov 20 20:53:10 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 20 Nov 1996 20:53:10 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
In-Reply-To: <199611210209.SAA10975@crypt.hfinney.com>
Message-ID: <v03007808aeb98427bdc3@[206.119.69.46]>


At 9:09 pm -0500 11/20/96, Hal Finney wrote:
>What fiction can people recommend which presents crypto/privacy issues
>realistically?  How about this new book that Neal Stephenson is working
>on, does anyone know what it's about?  His short story, "Hack the Spew",
>a few months ago (in Wired, I think?) had a strong crypto flavor.

His, "Great Samolean Caper" for Time/Pathfinder was pure cryptoanarchy...

I don't know if it's still around though.

Cheers,
Bob

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From stewarts at ix.netcom.com  Wed Nov 20 21:09:16 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Wed, 20 Nov 1996 21:09:16 -0800 (PST)
Subject: Anderson & Kuhn's "Improved DFA" paper
Message-ID: <1.5.4.32.19961121080842.003dcb34@popd.ix.netcom.com>


HP just announced their big new plans for international exportable crypto
using tamperproof PCM-CIA smartcards with multiple tamperproof GAK plugins.
Anderson&Kuhn just announced the latest in a series of attacks on 
"tamperproof" hardware crypto modules by Israeli, UK, and US cryptographers.
Obviously it must be a conspiracy :-)

It's also an opportunity for some well-timed press releases.
Clipper 1's reputation was severely damaged by Matt's attack.
Anybody know if HP's giving out samples, and if there are real or test
GAK plugins for them?

HP URL http://www.dmo.hp.com/gsy/security/icf/main.html

The paper was posted to coderpunks, and it's on 
        ftp://ftp.cl.cam.ac.uk/users/rja14/dfa
Here's the intro:
---------------------------------------------------------------------
                   Improved Differential Fault Analysis

                      Ross J Anderson, Markus G Kuhn

In [1], Biham and Shamir announce an attack on DES based on 200 ciphertexts 
in which one-bit errors have been induced by environmental stress. 
Here we show an attack that requires less than ten ciphertexts. 
Furthermore, our attack is practical in that it uses a fault model that 
has been implemented in attacks on real smartcards.

In [2], Biham and Shamir show how their method can be extended to reverse
engineer algorithms whose structure is unknown.  Our attack can also be 
extended to such cases and is more efficient there too. 
In [3], Boneh, De Millo and Lipton discuss how such techniques can be used
to attack RSA. Again, their attack is theoretical only, 
We show how to do it in practice.

--------------------------------------------------------------------------

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)






From jya at pipeline.com  Wed Nov 20 21:24:04 1996
From: jya at pipeline.com (John Young)
Date: Wed, 20 Nov 1996 21:24:04 -0800 (PST)
Subject: BIS E-money Report
Message-ID: <1.5.4.32.19961121052143.00699534@pop.pipeline.com>


Thanks to IG, we've put a copy of the BIS report on E-money at:

   http://jya.com/bis_emoney.html

Here's a blurb from the intro:

Implications for Central Banks of the Development of Electronic
Money

October 1996

Since the end of 1995 the central banks of the Group of Ten (G-10) 
countries have been studying the development of electronic money 
and the various policy issues which it raises. Much of this work 
has been carried out by the Committee on Payment and Settlement 
Systems (CPSS) or by monetary policy experts from G-10 central 
banks. Electronic money was discussed by BIS member central banks 
at meetings in Basle in July and September 1996. In August, the 
BIS published a report on the Security of Electronic Money 
prepared by the CPSS and the Group of Computer Experts.

This report provides a definition of electronic money and a 
description of its key features. It discusses the factors influencing 
the development of e-money products. Finally, it reviews the policy 
issues raised by e-money developments, as seen from a central bank 
perspective, and discusses the possible policy responses.

--






From crowland at psionic.com  Wed Nov 20 21:29:47 1996
From: crowland at psionic.com (Craig H. Rowland)
Date: Wed, 20 Nov 1996 21:29:47 -0800 (PST)
Subject: New Paper: Covert Channels in the TCP/IP Protocol Suite
Message-ID: <3293E87A.469FB11D@psionic.com>


All,

I have released a new paper entitled: 

Covert Channels in the TCP/IP Protocol Suite

This paper demonstrates several methods of encoding secret data into the
headers of the TCP/IP protocol. Main topics of interest include:

- Encoding data into IP headers.
- Encoding data into TCP headers.

Specific areas of focus allow encoding of data into the IP
identification fields and TCP sequence number fields for clandestine
transmission of data to a remote host. Packets of data appear normal to
network sniffers and packet filters, yet can contain hidden messages in
either plaintext or ciphertext.

Other methods revealed include a new technique where forged packets can
be "bounced" off any Internet connected site to establish a
communication path that appears to originate from the "bounced" host. 
Additionally, several methods are discussed regarding bypassing of
packet filters with encoded data for communication with hosts inside a
protected network.

This paper contains actual demonstrations as well as source code for
Linux 2.x systems to allow encoded transmissions between sites to be
tested.

If you are interested in reading this paper, please visit my website:

http://www.psionic.com/papers.html

This site has VERY limited bandwidth so please be patient if it is slow.

Thank you for your time..

-- Craig





From unicorn at schloss.li  Wed Nov 20 22:07:33 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 20 Nov 1996 22:07:33 -0800 (PST)
Subject: Anon
In-Reply-To: <Dw3PXD33w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961121010553.4194G-100000@polaris>


On Wed, 20 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Wed, 20 Nov 96 21:46:36 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv at bwalk.dm.com>
> To: cypherpunks at toad.com
> Subject: Re: Anon
> 
> rod at wired.com (Roderick Simpson) writes:
> 
> > Who has made the strongest case _against_ anonymity on the Net that you
> > have ever heard? Someone intelligent and theoretical rather than trapped in
> > some child porn or commerce pov.
> 
> Cypherpunks themselves are opposed to complete anonymity. They insist on
> being able to track down and silence whoever (ab)uses the remailers to
> distribute homophobic or otherwise politically incorrect traffic. Just
> search the archives for their advocacy of "identify escrow".

Actually, this is false.

We (if I may speak for "us") don't care who the spamer is, as long as they
shut up.

> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From frantz at netcom.com  Wed Nov 20 22:49:31 1996
From: frantz at netcom.com (Bill Frantz)
Date: Wed, 20 Nov 1996 22:49:31 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
Message-ID: <199611210649.WAA11903@netcom6.netcom.com>


At  6:09 PM 11/20/96 -0800, Hal Finney wrote:
>What fiction can people recommend which presents crypto/privacy issues
>realistically?  How about this new book that Neal Stephenson is working
>on, does anyone know what it's about?  His short story, "Hack the Spew",
>a few months ago (in Wired, I think?) had a strong crypto flavor.

"A Fire Upon the Deep", Vernor Vinge presents one time pads as the most
valuable item in intersteller commerce.  Crypto also plays an important
role during the final battle.  He also has a new take on exceeding the
speed (of light) limit, and a well drawn group-mind species.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From hyperlex at hol.gr  Wed Nov 20 23:11:56 1996
From: hyperlex at hol.gr (George A. Stathis)
Date: Wed, 20 Nov 1996 23:11:56 -0800 (PST)
Subject: The Limey PUNK needs TERMINATED
Message-ID: <199611211110.JAA21413@prometheus.hol.gr>


I saw what happened. It's very sad.



George

P.S. Nobody can threaten another site or another invidual and keep
     one's humanity for too long. I often regret angry emotions,
     as we all do. The saddening thing is when threats get _too_ far.
     I cannot control anybody's behaviour, nor have endless energy
     to explain things. I am but an ignorant little cog in the Wheels
     most of the time, and need an atmosphere of trust like everybody.
     I can see truth buried under a lot of people's rudeness, and I
     can see violence buried in a lot of people's politeness. Silence
     is sometimes the best policy. I do not enforce it on anybody.
     I take a vow of silence when saying anything makes things worse.





     















From cbg at wwa.com  Wed Nov 20 23:20:59 1996
From: cbg at wwa.com (cbg)
Date: Wed, 20 Nov 1996 23:20:59 -0800 (PST)
Subject: NT insecurity
In-Reply-To: <32919A95.159E@mail.cba.com.au>
Message-ID: <Pine.BSD.3.92.961121011909.24974B-100000@shoga.wwa.com>




On Tue, 19 Nov 1996, lyalc at mail.cba.com.au wrote:

> Justin Robbins wrote:
> >
> > Well, for those uninformed out there who believe that you can
> > penetrate an NT box using NTFSDOS, the problem remains that security
> > in windows NT is a combination between the filesystem NTFS and the
> > actual operating system, NT. NTFSDOS only allows reading the drives,
> > not writing to them. NT also keeps the security registry
>
> I guess Norton Utilities for DOS don't work if you have NTFSDOS loaded,
> then.
>

no... from what I read.... NT's security features only work on NTFS
formated drives... if you where to run it on a drive with a FAT partition
then you wouldn't get to use any of it's security features

cbg






From tcmay at got.net  Thu Nov 21 00:10:12 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 21 Nov 1996 00:10:12 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
In-Reply-To: <199611210649.WAA11903@netcom6.netcom.com>
Message-ID: <v03007800aeb9ba1d385e@[207.167.93.63]>



On the issue of why many of us don't read as much SF as we once did...

Speaking for myself,

1. I'm a lot older. The stuff that I thought was really great back when I
was 14-22, or so, and even "pretty good" until I was about 25 or so, now
really looks like dreck. (Not all of it, but more than I thought was dreck
at the time.)

Partly this is age and life experience, partly just increased sophistication.

2. As Duncan noted, helping make the future tends to make fantasies about
the future less compelling.

I often found my work at Intel in the 1970s and into the 80s to be much
more exciting, and much more "science fictionish" than nearly anything I
read in SF. And the same is largely true of recent years. Even the most
interesting of modern SF writers--Vinge, Stephenson, Sterling--are
explicitly using crypto and Cypherpunk themes.

(Vernor V. claimed to a friend of mine that the day he spent talking to
several of us was the most fruitful day he'd spent in a long time...I take
this as evidence that folks like us are to the new generation of SF writers
what folks like members of the British Interplanetary Society were to
writers of past generations.)

3. Some of the best stuff written today is, in my opinion, as well-written
as anything in the past. Some stuff I've liked in recent years:

- Dan Simmons, "Hyperion," and "Hyperion Rising." Very creative, very
literate, very absorbing, and a plausible future. Some cyberpunk themes as
well, but mixed in with several other styles.

(Interestingly, Eric Drexler says he cannot enjoy it because Simmons does
not give nanotechnology a central enough role. This echoes the point Duncan
made, that our personal visions of the future make us less tolerant of
futures which don't match our visions closely enough. And as we get older,
our visions solidify. We become more opinionated, and less "open-minded.")

- David Zindell, "Neverness," "The Broken God," and a third novel in the
series. Less known than Simmons, but well worth checking out.

- Vernor Vinge, "True Names," obviously, "The Peace War," "Marooned in Real
Time," "A Fire Upon the Deep," and his collections of short stories (incl.
"The Ungoverned").

(Caveat: I've been invited to do a chapter for Vinge's forthcoming "True
Names" book, containing essays about computers and society, and, of course,
his novella of the same name. So I may be biased.)

- John Brunner, "The Shockwave Rider," and, my favorite, "Stand on
Zanzibar." Required reading. As Shalmaneser would put it, "Christ, what an
imagination he had."

- Orson Scott Card, "Ender's Game." A good fictional exploration of online
anony mity. In many ways, Cypherpunks was explicity a kind of combination
of "Ender's Game," "True Names," "The Shockwave Rider," and "Atlas
Shrugged."

- Gibson, Stephenson, Fred Pohl, etc.

- and of course Heinlein, though his best stuff is 30-45 years old now

Fortunately, there's a vast amount of stuff to read even if SF is becoming
somewhat worn out.

(Another trend not mentioned yet is that the "science fiction" category is
actually largely made up of "fantasy" and related themes. Readers are buyng
the stuff, so it's hard to argue with it. I don't read it, except for the
occasional fantasy classic (a la Tolkien)...it never spoke to me, and it
never seemed "useful" to me. By "useful" I refer to the fact that when I
was a kid I read SF for tips and motivation, for my chosen field, physics.
The stuff I read, such as Heinlein's novels, truly did speak to me.)

Finally, I could say I have "less time" than when I was younger. Though it
seems this way, it objectively is not the case. When I was a kid I _made_
the time to read a lot. Of course, now my reading and writing is
online--and I'm doing a lot more writing than I did when I was devouring an
SF novel every evening, on average.

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Thu Nov 21 00:15:57 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 21 Nov 1996 00:15:57 -0800 (PST)
Subject: Better ways to spy
In-Reply-To: <19961121033534640.AAA222@rn244.io-online.com>
Message-ID: <v03007801aeb9c03fa937@[207.167.93.63]>


At 6:37 PM -0700 11/20/96, Adamsc wrote:

>What will get mentioned, however, will be: "If he'd been using PGP we'd
>never have caught him.  This is why we need GAK!"
>

Or the more positive way of looking at things:

"If he had been using digital dead drops instead of old-fashioned
postcards, and if he'd been using more sophisticated money management
schemes instead of simple deposits after trips to Europe, he might not have
been caught."

(By the way, it's the dumb and/or careless ones who get caught. I surmise
that for every one caught, an average of two are still spying. And they
probably _are_ wiping their hard drives more carefully, probably _are_
using digital dead drops (a la message pools), and probably _are_ having
their fees wired directly to their offshore accounts.)


--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From martin at mrrl.lut.ac.uk  Thu Nov 21 00:37:14 1996
From: martin at mrrl.lut.ac.uk (Martin Hamilton)
Date: Thu, 21 Nov 1996 00:37:14 -0800 (PST)
Subject: anonymous proxy server in 100 lines of Perl (fwd)
Message-ID: <199611210837.IAA15346@gizmo.lut.ac.uk>


I'm sure this could be squeezed onto one line.  Sheesh - comments even! :-)

Martin

------- Forwarded Message

From: Randal Schwartz <merlyn at stonehenge.com>
To: libwww-perl at ics.UCI.EDU
Subject: anonymous proxy server in 100 lines of Perl
Date: 20 Nov 1996 20:21:43 -0700


No cookies.  No referer.  No From.  All we need is a dozen of these
around the planet. :-)

Gisle, thanks.  You truly are "the wizard of aas". :-)

And yes, this is the code for the next Web Techniques magazine column.

#!/home/merlyn/bin/perl -Tw
use strict;
$ENV{PATH} = join ":", qw(/usr/ucb /bin /usr/bin);
$|++;

## Copyright (c) 1996 by Randal L. Schwartz
## This program is free software; you can redistribute it
## and/or modify it under the same terms as Perl itself.

## Anonymous HTTP proxy (handles http:, gopher:, ftp:)
## requires LWP 5.04 or later

my $HOST = "localhost";
my $PORT = "8008";

sub prefix {
  my $now = localtime;

  join "", map { "[$now] [${$}] $_\n" } split /\n/, join "", @_;
}

$SIG{__WARN__} = sub { warn prefix @_ };
$SIG{__DIE__} = sub { die prefix @_ };
$SIG{CLD} = $SIG{CHLD} = sub { wait; };

my $AGENT;			# global user agent (for efficiency)
BEGIN {
  use LWP::UserAgent;

  @MyAgent::ISA = qw(LWP::UserAgent); # set inheritance

  $AGENT = MyAgent->new;
  $AGENT->agent("anon/0.07");
  $AGENT->env_proxy;
}

sub MyAgent::redirect_ok { 0 } # redirects should pass through

{				### MAIN ###
  use HTTP::Daemon;

  my $master = new HTTP::Daemon
    LocalAddr => $HOST, LocalPort => $PORT;
  warn "set your proxy to <URL:", $master->url, ">";
  my $slave;
  &handle_connection($slave) while $slave = $master->accept;
  exit 0;
}				### END MAIN ###

sub handle_connection {
  my $connection = shift;	# HTTP::Daemon::ClientConn

  my $pid = fork;
  if ($pid) {			# spawn OK, and I'm the parent
    close $connection;
    return;
  }
  ## spawn failed, or I'm a good child
  my $request = $connection->get_request;
  if (defined($request)) {
    my $response = &fetch_request($request);
    $connection->send_response($response);
    close $connection;
  }
  exit 0 if defined $pid;	# exit if I'm a good child with a good parent
}

sub fetch_request {
  my $request = shift;		# HTTP::Request

  use HTTP::Response;

  my $url = $request->url;
  warn "fetching $url";
  if ($url->scheme !~ /^(http|gopher|ftp)$/) {
    my $res = HTTP::Response->new(403, "Forbidden");
    $res->content("bad scheme: @{[$url->scheme]}\n");
    $res;
  } elsif (not $url->rel->netloc) {
    my $res = HTTP::Response->new(403, "Forbidden");
    $res->content("relative URL not permitted\n");
    $res;
  } else {
    &fetch_validated_request($request);
  }
}

sub fetch_validated_request {
  my $request = shift;	# HTTP::Request

  ## uses global $AGENT

  ## warn "orig request: <<<", $request->headers_as_string, ">>>";
  $request->remove_header(qw(User-Agent From Referer Cookie));
  ## warn "anon request: <<<", $request->headers_as_string, ">>>";
  my $response = $AGENT->request($request);
  ## warn "orig response: <<<", $response->headers_as_string, ">>>";
  $response->remove_header(qw(Set-Cookie));
  ## warn "anon response: <<<", $response->headers_as_string, ">>>";
  $response;
}


------- End of Forwarded Message







From firstpr at ozemail.com.au  Thu Nov 21 02:24:10 1996
From: firstpr at ozemail.com.au (Robin Whittle)
Date: Thu, 21 Nov 1996 02:24:10 -0800 (PST)
Subject: Draft OECD crypto guidelines on WWW
Message-ID: <199611211023.VAA02305@oznet02.ozemail.com.au>


I have obtained the OECD draft crypto guidelines from:

   http://www.quintessenz.at/Netzteil/OECD/index.html

where they are a Word 6 file.  I have converted them to HTML and put
them at:

   http://www.ozemail.com.au/~firstpr/crypto/oecd_dr.htm

This is probably not the absolute latest draft, but it is the best I
can get.

I think there is a lot of good material here, but they still seem
wedded to the idea of key-recovery or some other means of governments
accessing plaintext or keys.  They seem to assume there will always be
a copy of the key around the place somewhere.  In general, in the
future cryptographic exchanges will use fresh key-pairs for each
session, so not even the user can get a copy of the private key. Maybe
key-recovery techniques are designed to cope with this, but the
question is why would anyone want to use such a system other than that
the government (and some corporations aligned with the government)
want them to?

There is no reason why ordinary or criminal users should be
interested in key recovery/escrow, or weakened key-spaces - what they
need is simple to use, totally secure, end-to-end encryption.  The
whole aim is to make a bulletproof secure pipe that doesn't depend on
any other data, technology or administrative actions.


The draft guidelines have my comments at the start, including a
suggested rewording of paragraph 88 which currently states that
crypto systems *should* provide for lawful access to the
plaintext/key.  

The OECD people do not seem to have considered the fact that
criminals will wrap their material in a crypto system they can trust
before putting it through the government mandated system that they
don't trust. My comments include a more detailed discussion of this
argument, particularly in the situation where criminals are
communicating with non-criminals.  


   In a nutshell, how is all the cost, risk, doubt and 
   complication of key escrow/recovery etc. justified by its 
   benefits for serious crime prevention/deterrence, when the 
   great majority of criminals and a large number of ordinary 
   private and commercial users will be applying their own 
   strong encryption first?

Does anyone know of writing that specifically tackles this question?

This is a separate question from those about whether governments can
be trusted, or about absolute rights to privacy etc.  It is simply a
cost/benefit analysis.  To me the benefits for reducing serious crime
seem slim indeed and the costs - not least the general feeling that
people may be using daily a system specifically designed for tapping
their communications - seem to be very high.


- Robin

. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr at ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .





From aga at dhp.com  Thu Nov 21 02:25:06 1996
From: aga at dhp.com (aga)
Date: Thu, 21 Nov 1996 02:25:06 -0800 (PST)
Subject: Does John Gilmore EAT Asshole?
In-Reply-To: <Pine.BSF.3.91.961120130826.27866B-100000@mcfeely.bsfs.org>
Message-ID: <Pine.LNX.3.95.961121051941.15546B-100000@dhp.com>


On Wed, 20 Nov 1996, Rabid Wombat wrote:

> Date: Wed, 20 Nov 1996 13:09:17 -0500 (EST)
> From: Rabid Wombat <wombat at mcfeely.bsfs.org>
> To: aga <aga at dhp.com>
> Cc: Black Unicorn <unicorn at schloss.li>, cypherpunks at toad.com
> Subject: Re: Does John Gilmore ?
> 
> 
> Grubby! Back under your rock!
> 

FUCK YOU COCKSUCKER -- as long as you keep writing to be,
I will continue to rip a new asshole in the Faggot John Gilmore
who promotes PUNKs like you.

A 'punk' is a faggot pussy who is really NOT a man!

> On Wed, 20 Nov 1996, aga wrote:
> 
> > Somebody censored the header in this article,
> > and we put it back.  You know, that is the worst
> > kind of censorship, when somebody attempts to avoid the issue.
> 

The faggot Gilmore does take it up the ass and also eat assholes, so
he should be added to the net.scum list at once.

-a






From aga at dhp.com  Thu Nov 21 02:57:25 1996
From: aga at dhp.com (aga)
Date: Thu, 21 Nov 1996 02:57:25 -0800 (PST)
Subject: FUCK YOU punk/was:Taking out the garbage
In-Reply-To: <199611210407.RAA06841@mycroft.actrix.gen.nz>
Message-ID: <Pine.LNX.3.95.961121055159.15546I-100000@dhp.com>


On Thu, 21 Nov 1996, Paul Foley wrote:

> Date: Thu, 21 Nov 1996 17:07:22 +1300
> From: Paul Foley <mycroft at actrix.gen.nz>
> Reply-To: freedom-knights at jetcafe.org
> To: aga at dhp.com, freedom-knights at jetcafe.org, cypherpunks at toad.com
> Subject: Re: FUCK YOU punk/was:Taking out the garbage
> 
> On Wed, 20 Nov 1996 05:11:47 -0500 (EST), aga <aga at dhp.com> wrote:
> 
>    On Tue, 19 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
>    >
>    > Beginning Monday, 11/25/96, I will bounce all email from the various 
>    > (non-)subscribers polluting this list with garbage back to the 
>    > authors. Furthermore, I will attach documents describing basic 
>    > Internet rules of conduct to each bounce.
>    > 
> 
> First of all, it wasn't Vulis who wrote that, it was Lucky Green.  Try
> to keep your attributions straight.
> 

Nobody attributed it to Vulis, and you can tell from
the ">" that it was not from him.

>    Somebody tell this stupid motherfucker that there are NO "basic
>    Internet rules of conduct."
> 
> Wasn't it you who claimed that cypherpunks was "public domain" because
> of just some such "InterNet" rule?
> 

No; there are no rules.  I used to believe in them,
but not no more.

>    He who tries to make or enforce any rules DIES!
> 
> Is that a rule? :-)
> 

That is reality; "DIES" means that your access is terminated;
it has nothing to do with the actual person, stupid.

>    > I would encourage other Cypherpunks to do the same. 
> 
>    Yeah boy, you are a PUNK allright.
> 
> And you're a hypocritical fascist asshole.  So what?
> 

Anybody who would be satisfied to be called a "punk"
is much less of a man than anything I would ever want
to be.  I challenge the motherfucker to a live 
kick-boxing match on the InterNet.

You see, "punks" have NO BALLS!

> -- 
> Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred
> 
> 	   PGP key ID 0x1CA3386D available from keyservers
>     fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
> ----------------------------------------------------------------------
> I feel like I am sharing a ``CORN-DOG'' with NIKITA KHRUSCHEV ...
> 

What the fuck is somebody from New Zealand doing here anyway?
just go away...






From rogers at cccbbs.com  Thu Nov 21 02:57:57 1996
From: rogers at cccbbs.com (Jim & Carla Rogers)
Date: Thu, 21 Nov 1996 02:57:57 -0800 (PST)
Subject: Any RC4 attacks?
Message-ID: <199611211057.CAA11922@toad.com>


Schneier claims that RC4 has not yet fallen to crypanalytic attack. 
Assuming that a sufficient length key is used (>= 128 bits), have there
been any successful attacks?

Jim Rogers







From Alan.Pugh at MCI.Com  Thu Nov 21 03:07:49 1996
From: Alan.Pugh at MCI.Com (Alan Pugh)
Date: Thu, 21 Nov 1996 03:07:49 -0800 (PST)
Subject: Patent Fight Could Add to Cost of Inter
In-Reply-To: <42961121063424/0003701548ND1EM@MCIMAIL.COM>
Message-ID: <Chameleon.848574420.apugh@tx86-8>



By KATHLEEN SAMPEY 
Associated Press Writer 

NEW YORK (AP) _ A little-known patent could raise the cost of 
doing business over the Internet for companies selling software, 
video or other digital products delivered online. 

E-Data Corp. of Secaucus, N.J., is suing 17 companies, including 
McGraw-Hill and CompuServe, to collect licensing fees on the 
patent, which protects downloading of encrypted digital 
information. A court hearing is scheduled Dec. 6 in New York on the 
company's claims. 

Analysts said the patent will not significantly restrain 
Internet commerce, but would raise the cost of doing business on 
the Internet and cause headaches for small start-up companies. 

Some companies, including Adobe Systems and VocalTec, have 
grudgingly paid the licensing fee. Others intend to fight it. 

``We believe it's important to draw a line in the sand and make 
them prove infringement,'' said CompuServe spokeswoman Gail 
Whitcomb. ``We think their claim is way too broad.'' 

Arnold Freilich, E-Data's president, said the company bought 
rights to the patent in 1994. He won't disclose how much the 
company has made from it, but said it covers digital products such 
as text, software, images, music and video transmitted through 
phone lines to customers. 

Companies that take orders for products over the Internet, then 
ship them by mail would not be affected. 

The patent was first issued in 1985 to Charles Freeny Jr. 

Freeny, an electrical engineer, held the digital encryption 
patent until 1989. Unable to make money on it, he sold it for about 
$100,000 to a company called Avedas Corp. 

``I didn't foresee the Internet,'' he said. 

Avedas couldn't make money from it either and has since gone out 
of business. 

By 1994, when E-Data bought the patent for $290,000, the World 
Wide Web had come of age, and so had the possibility of enforcing 
the patent, which expires in 2003. 

Peter Tracy remembers making the acquaintance of U.S. Patent No. 

4,528,643. 

His East Haven, Conn.-based company, MicroPatent, operates a Web 
site where users can search and download patent and trademark 
information for 25 cents a page. 

On March 22, he received a packet from E-Data saying his company 
might be infringing on the patent. He could either pay a fee based 
on the percentage of his Web site profits, or be sued. 

``I felt like I had been sucked into (a) bottomless pit,'' he 
said. 

MicroPatent agreed to pay the licensing fee, which Tracy will 
not disclose. 

The cost of the annual fees range from 1 percent to 5 percent of 
sales under $1 million, according to David Fink, E-Data's attorney. 
For sales over $1 million, the rate is determined on an individual 
basis, he said. 

Several cases already have been dismissed because either 
defendants paid the fees or they were found not to be in violation, 
he said. Cases against Dun & Bradstreet, Decision Support and Meca 
Software were dismissed. Company representatives either could not 
be reached or refused comment. 

IBM spokesman Fred McNeese declined comment on questions about 
E-Data or the licensing fees. 

But companies such as McGraw-Hill are anticipating the December 
court hearing. 

``We fail to see anything that we do in our businesses that 
infringes on this patent,'' said McGraw-Hill spokesman Steven 
Weiss. ``We've asked them continually what we've been doing, and 
E-Data has not told us _ aside from accusing us. 

``We have no plans to pay them anything,'' he said. 

But Freilich said the patent is specific in its description of 
encrypted digital data, which is how many companies have sold such 
information since 1994. 

For example, a customer orders a digital product over the 
Internet, and pays for it through the Internet with a credit card. 
These types of transactions are not all that new, as in 
CompuServe's case. 

But once the product has been downloaded to the customer's 
terminal, an encryption code is provided by the seller to unlock 
the encryption, thereby allowing the customer to use the product. 
It is this added step that Freilich said the patent describes. 

Today's network organization also makes the patent enforceable, 
he said. In 1985 when the patent was granted, there was no such 

thing as an addressable computer or the Web. 

``The technology has brought us to the point where anyone's 
computer terminal is addressable, where encryption is commonplace 
and that has led to the enforcement of this patent,'' Freilich 
said. 

Scott Smith, analyst at Jupiter Communications, predicted the 
case would not dampen Web commerce. 

``I think it's a blip on the radar,'' he said. ``It may hurt 
some of the start ups. But larger companies face this kind of thing 
all the time. They'll be able to shake it off.'' 

While some may accuse E-Data of trying to stifle Internet 
commerce, Fink sees his client's efforts merely as a means to cash 
in on a legitimate, far-sighted investment. 

``Besides,'' he said, ``3 cents on the dollar will not put any 
company out of business.'' 

AP-DS-11-19-96 2327EST 

* * * END OF DELIVERY * * * 






From Zero at mrkev.vabo.cz  Thu Nov 21 03:39:27 1996
From: Zero at mrkev.vabo.cz (Kamil Golombek)
Date: Thu, 21 Nov 1996 03:39:27 -0800 (PST)
Subject: Magic passwodr in BIOS?
Message-ID: <32943F5D.DA2@mrkev.vabo.cz>


Hi,
	yesterday I've read about so called "magic password" in AWARD BIOS. It
was a surprise for me and I wasn't very happy that the way how to bypass
this is so easy. But nevermind, I heve two questions about it. 	First,
is there any way how to disabled "magic password" 589589 in AWARD BIOS?
	Second, does anobody know another "magic passwords" to various BIOSes? 

		Thanks for your answers!
				ZERO





From adam at homeport.org  Thu Nov 21 04:07:40 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 21 Nov 1996 04:07:40 -0800 (PST)
Subject: 1996 Codebreakers
In-Reply-To: <199611210438.UAA02202@toad.com>
Message-ID: <199611211204.HAA02680@homeport.org>


Sean Roach wrote:
| >Adam Shostack <adam at homeport.org> writes:
| >> 	I just got a review copy of the new (1996) ed. of Kahn's The
| >> Codebreakers from my local used bookstore.  Its a little disapointing,
| >...
| >> & DH.  Nothing on Cypherpunks, little on how privacy can be enhanced.
| The above was stripped from a reply made by Dr Dimitri Vulis.
| 
| I have just one question, was the copy that you purchased hardcopy
| or paperback? 

hardback.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From jya at pipeline.com  Thu Nov 21 05:26:39 1996
From: jya at pipeline.com (John Young)
Date: Thu, 21 Nov 1996 05:26:39 -0800 (PST)
Subject: CAVE Table
Message-ID: <1.5.4.32.19961121132426.006aceb4@pop.pipeline.com>


For clarity we've replaced the CAVE Table image in TR45.3 
with HTML and ASCII versions.

The tables are also at:  

     http://jya.com/cavetable.htm







From clay.olbon at dynetics.com  Thu Nov 21 06:11:37 1996
From: clay.olbon at dynetics.com (Clay Olbon II)
Date: Thu, 21 Nov 1996 06:11:37 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <1.5.4.32.19961121141010.006da9a4@ix.netcom.com>


A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
device (http://www.comsec.com/).  The point of this post is to posit a
scenario based on the implications of this product.  This is speculation
based on where I think such products should be heading.

I think we need to keep a couple of goals in mind.  The first, is to get
encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
probably most Americans now buy their phones).  The prices need to be low
enough that people will want to buy them (<$100?).  Is this technically
feasible?  The comsec device from the above URL already demonstrates the
needed capability.  Is the cost target possible?  My guess is soon, given
the lowering costs and increasing capabilities of current processors.

The second goal needs to be to push a similar product for cell-phones.  I
think this will be perhaps an easier sell, given the higher initial cost for
these phones, and their reduced security.  Perhaps a home device could be
sold with the cell-phone as a package deal, so that communications with the
"home base" (i.e your office, home, etc) would be secure.  With the rapid
growth in cell-phone sales, selling a package such as this might ensure a
larger user-base of home devices.

Given that these goals are met, I think widespread use of crypto over phone
lines would become almost inevitable.  However, the fun part would be the
introduction of such products.  The FUD coming from police, the government,
etc. would be amazing to behold.

        Clay



*******************************************************
Clay Olbon			    olbon at ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl






From gimonca at skypoint.com  Thu Nov 21 06:19:19 1996
From: gimonca at skypoint.com (Charles Gimon)
Date: Thu, 21 Nov 1996 06:19:19 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore (fwd)
Message-ID: <m0vQZy8-0000neC@mirage.skypoint.com>


Forwarded message:
> Date: Thu, 21 Nov 1996 00:14:49 -0800
> From: "Timothy C. May" <tcmay at got.net>
> Subject: Re: Why I Don't Read SF Much Anymore
> 

[among other things]

> 
> - Vernor Vinge, "True Names," obviously, "The Peace War," "Marooned in Real
> Time," "A Fire Upon the Deep," and his collections of short stories (incl.
> "The Ungoverned").
> 
> (Caveat: I've been invited to do a chapter for Vinge's forthcoming "True
> Names" book, containing essays about computers and society, and, of course,
> his novella of the same name. So I may be biased.)
> 

Is this the St. Martin's Press "True Names" edition that was listed in 
amazon.com? At one time, it was going to be released August or Sept. of this
year.

I have to mention that the owner of Dreamhaven Books here in Minneapolis
complained to me last year that he has a "truckload" of remaindered copies
of "Peace War". They still have a bunch--every time I've been in there, 
there's a hardbound "Peace War" on display with a price tag of $1.00.
Buying a copy of "True Names" right now is about as easy as buying an
original Dead Sea Scroll--but if anybody wants a cheap copy of "Peace War",
look up Dreamhaven in Minneapolis.

--C.G.







From serw30 at laf.cioe.com  Thu Nov 21 06:32:33 1996
From: serw30 at laf.cioe.com (Eric Wilson)
Date: Thu, 21 Nov 1996 06:32:33 -0800 (PST)
Subject: Magic passwodr in BIOS?
Message-ID: <1.5.4.32.19961121142941.0085b630@gibson.cioe.com>


At 12:39 PM 11/21/96 +0100, you wrote:
>Hi,
>	yesterday I've read about so called "magic password" in AWARD BIOS. It
>was a surprise for me and I wasn't very happy that the way how to bypass
>this is so easy. But nevermind, I heve two questions about it. 	First,
>is there any way how to disabled "magic password" 589589 in AWARD BIOS?
>	Second, does anobody know another "magic passwords" to various BIOSes? 
>
>		Thanks for your answers!
>				ZERO
>
>
I wouldn't be too disappointed with a hole in BIOS password security. Most
of them can be easily defeated by a jumper switch, or shorting a pin on the
system board. 






From nobody at cypherpunks.ca  Thu Nov 21 06:50:39 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 21 Nov 1996 06:50:39 -0800 (PST)
Subject: No Subject
Message-ID: <199611211445.GAA13181@abraham.cs.berkeley.edu>


On Thu, 21 Nov 1996, aga <aga at dhp.com> wrote: 

From: aga <aga at dhp.com>
To: Rabid Wombat <wombat at mcfeely.bsfs.org>
cc: FREEDOM-KNIGHTS at JETCAFE.ORG, Black Unicorn <unicorn at schloss.li>,
        cypherpunks at toad.com
Subject: Re: Does John Gilmore EAT Asshole?


|FUCK YOU COCKSUCKER -- as long as you keep writing to be,
|I will continue to rip a new asshole in the Faggot John Gilmore
|who promotes PUNKs like you.

[snip]

|A 'punk' is a faggot pussy who is really NOT a man!

|The faggot Gilmore does take it up the ass and also eat assholes, so
|he should be added to the net.scum list at once.



I should'a kill-filed this sicko long ago.

Like the raving individuals one passes on the sidewalk, he is best ignored. Leave him for professional care.

>From whence does such trash arise?

Oh me!!










From kkirksey at appstate.campus.mci.net  Thu Nov 21 07:08:41 1996
From: kkirksey at appstate.campus.mci.net (Ken Kirksey)
Date: Thu, 21 Nov 1996 07:08:41 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
Message-ID: <199611211505.KAA28573@appstate-01.campus.mci.net>


>The problem with straight SF for me is that computers and networks have
>changed the future so much that (in the words of the motto of the SF
>Writer's Association) The Future Ain't What It Used to Be.  The science
>fictional futures of my childhood are now dead as doornails.

I still enjoy some of the "old stuff", but not in the same way that I did 
when I was younger. I read those works as period pieces now.  There is a 
certain romance in the Gersnbackian view of the future that I enjoy, 
especially in contrast to the Grim and Gritty (TM) "reality" of most 
modern and post-modern SF.  I still find Heinlein's juveniles to be fun 
reads, probably for this reason.  Ditto for Edgar Rice Burroughs's Mars 
books.

>And I can't
>enjoy contemporary SF that doesn't include a healthy dose of computers and
>networking.  

Computers and networking may not be central to the story the author is 
trying to tell. And with the way things are going, computers and 
networking will become (some would say already have become) such an 
integral part of the culture that they don't warrant special attention.  
Kinda like airplanes, automobiles, television, radio, microwave ovens, 
cellular phones, ad infinitum.  Computer Networks were a new and nove 
idea when _Shockwave Rider_ was written, but now with every car and 
cereal commercial on TV promoting a web site as well, it's not all that 
exciting anymore.

As far as keeping up with current SF, I, like others, don't seem to make 
as much time to read as I used to.  I rely on Gardner Dozios' annual 
_Year's Best Science Fiction_ anthology to keep me up to date and 
introduce me to new writers.  I've always enjoyed the stories he's 
chosen, some more than others, and he's introduced me to some great 
writers that I probably wouldn't have heard about otherwise: Greg Egan, 
Connie Willis, and Terry Bisson, to name a few.  Judging from your 
comments, I think you'd like Greg Egan, especially his novel _Permutation 
City_.

Ken







From jya at pipeline.com  Thu Nov 21 07:39:48 1996
From: jya at pipeline.com (John Young)
Date: Thu, 21 Nov 1996 07:39:48 -0800 (PST)
Subject: ROB_not
Message-ID: <1.5.4.32.19961121153730.006b3b74@pop.pipeline.com>


11-21-96. NYP:

"Treasury Report Will Oppose Federal Taxes on Internet Sales"

   Issues of key escrow, digital cash, anonymous transactions,
   and identifying where in the world transactions occur. Feds claim 
   they differ from greedy states who want to rob the Net golden 
   goose. The report will be posted to www.ustreas.gov for comment.
   (Not there yet at 10:30 EST.)

-----

http://jya.com/robnot.txt

ROB_not







From mjmiski at execpc.com  Thu Nov 21 07:40:12 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Thu, 21 Nov 1996 07:40:12 -0800 (PST)
Subject: Anderson & Kuhn's "Improved DFA" paper
Message-ID: <199611211539.JAA01275@mail.execpc.com>


> It's also an opportunity for some well-timed press releases.
> Clipper 1's reputation was severely damaged by Matt's attack.
> Anybody know if HP's giving out samples, and if there are real or test
> GAK plugins for them?

I agree. There are many people on the list with contacts with the 
media (or ARE the media :).  There was a time that I would suggest 
posting all of our media lists to cypherpunks but, unfortunately, I 
fear that would no longer be productive.  So...

I suggest everyone fire up their fax modems and send out to all of 
the contacts we each have personally.  Even local papers can be 
important in this action.  Make sure your local ISPs understand the 
issues (and maybe even release it in a newsletter or daily email.

> 
> HP URL http://www.dmo.hp.com/gsy/security/icf/main.html
> 
> The paper was posted to coderpunks, and it's on 
>         ftp://ftp.cl.cam.ac.uk/users/rja14/dfa
> Here's the intro:
> ---------------------------------------------------------------------
>                    Improved Differential Fault Analysis
> 
>                       Ross J Anderson, Markus G Kuhn
> 
(Intro snipped) 

Matt





From aie-rd at pobox.oleane.com  Thu Nov 21 07:45:01 1996
From: aie-rd at pobox.oleane.com (Thomas Hennes)
Date: Thu, 21 Nov 1996 07:45:01 -0800 (PST)
Subject: Cryptography in France
Message-ID: <3294796D.1543@pobox.oleane.com>


This is my first post to the cypherpunks mailing list. I've been
monitoring it for a little while now, and I would like to initiate a
thread on the sorry state of public crypto in France, and would much
much appreciate feedback, comments and thoughts on the following.

It is no secret that public crypto here in France is a fucking joke. For
those of you who aren't up-to-date with French gov't policy on the
subject, let me state the simple: Public use of crypto (and esp. STRONG
crypto) is *outlawed* in France. This mere fact gives us (the French)
the dubious achievement of being rated along with the likes of China,
Iran, Iraq and former USSR, to name a few.

Now remember, this comes from a country that labels itself as the "Home
country of the Human Rights", yet denies its citizen access to the
technical means of ensuring REAL privacy. 

A much-needed privacy, considering the phone-tapping scandal that rocked
France two or three years back (then-prez Miterrand himself had ordered
that a whole bunch of people --novelists, journalists, politicians,
artists and various other intellectuals-- have their phone tapped and
their conversations recorded, without any legal permission to do so.
Even an uncle of mine was placed on such a list.).

I _do_ believe that a strong case --legally, economically and
philosophically-- could be made for the legalization of strong public
crypto in France. And I am also confident that we are moving toward a de
facto use of strong crypto in everyday life.

There are several legal points that could force the French gov't to give
some slack on crypto regulation. The first one is, of course, the
process of building Europe (I am not so naive as to believe this will be
a success, but it WILL provide us with some legal power to wield). Of
all nations being part of the EEC, France is the only one that enforces
such restrictions on public crypto. But, and this is my point, French
gov't has made a big fuss about standardization of regulation throughout
EEC and its participants, and when it comes to crypto, I believe they've
put their foot in their mouth!! ;-)

Second legal point: arguing the moral point of freedom of guaranteed
privacy. Outlawing public crypto *might* be unconstitutional,
considering that the French constitutions have always been built around
the anarchists revolutionaries of 1789 declaration of human rights. The
gov't will counter with 'Raison d'Etat' and need for terrorist
surveillance, but this is the same as saying weapon sales should be
prohibited to keep thugs away from weapons. Thugs *always* manage to get
weapons, and terrorists *always* manage to escape surveillance and plant
bombs in our streets and metro system.

Economically, the case could be made for public crypto by underlining
the importance of internet economics. It is a stated and definitive fact
that e-cash cannot exist without cryptographic means. Now if the general
public hasn't got access to strong crypto, why would they risk dealing
in e-cash??? Thus France would be left out of an immense -and as of now
virgin- commercial market, which in the near future would mean
commercial death. And that's not counting all the employement
opportunities that would be, one can speculate, created by the
flourishing of web commercial ventures. Ironically, Netscape has been
granted by the French gov't an 'extraordinary' license to use
cryptography in their Navigator software (even though it's the lame,
40-bit export key size). Which means that, as of now, the one and only
company that WOULD technically allow French citizens to engage in
electronic commerce is a foreign company... So on one hand we have the
French gov't making a huge fuss about 'Cultural Exception' when the
subject at hand is protecting the French TV and movie business --which
nobody actually gives a damn about--, and on the other hand, the very
same gov't not only regulates against strong public crypto, but when it
finally gives in a little, it's to the profit of a foreign company..
Next thing you know, France is going to equip all its phones with the
Clipper chip so that the NSA can listen in on, say, Airbus trade
secrets.. Can you get any dumber than this? The last economically sound
point relates to competition. By forbidding strong public crypto, France
has seriously hampered the ability of French cryptologists to move
forward technically, since they receive much less feedback than, say,
their scandinavian or US counterparts. And I believe that, in the long
term, strong public crypto WILL prevail --I AM optimistic (or is that
naive?). So all the French gov't is doing here is denying would-be
French companies to deal competitively in the crypto market, which I am
sure will explode with the coming of electronic commerce.

My last arguments are of the philosophical/moral/political order.
Politics in France have reached an all-time low at the end of 14 years
of Socialism (some may disagree on this, but this is MY belief).
Corruption is now widespread, at every levels of the public
administration, and at all 'rays' of the political spectrum. Politicians
now have more privileges than the royalty used to have just before the
revolution of 1789, when the laws and budgets were more deftly
controlled by house representatives than they are nowadays. Politicians
nowadays live as a microcosm, in an enclosed glasscase, protecting each
other regardless of ideology or political faith. They act as
superior-class citizens where they were meant to be representative of
the people, the citizens that mandated them as such. So I believe that
strong crypto is not only a right, but a mean that every citizen should
use against the preponderance of such a privileged class, in order to
make the French motto 'Liberte Egalite Fraternite' something else than
an obsolete joke. 

I'm not an anarchist, nor am I illuminated. I'm a regular guy with a
regular job. I'm simply tired of all these self-proclaimed important
people that live in the fast lane with MY taxes. And crypto would be a
mean for me to combat them more efficiently and to bring back some of
that much-needed social equilibrium. And, the hell with it, I want
GUARANTEED PRIVACY.

On Monday 18 Nov. Greg Broiles wrote:

>ICF is "International Cryptography Framework". 
>
>The press release includes quotes from US and >>French<< government officials
>indicating that the new system will meet their needs.

Man, this spells T-R-O-U-B-L-E ... ;-)

Thomas Hennes
aie-rd at pobox.oleane.com

PS: I would've loved to CC this thing to Chirac or PM Jupp�, but neither
of them have actual e-mails, which tells you a lot about the interest
they have in net-business...





From jongalt at pinn.net  Thu Nov 21 08:05:57 1996
From: jongalt at pinn.net (Jon Galt)
Date: Thu, 21 Nov 1996 08:05:57 -0800 (PST)
Subject: Stewart Baker on new crypto rules
In-Reply-To: <199611210227.SAA11010@crypt.hfinney.com>
Message-ID: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>


> On Wed, 20 Nov 1996, Hal Finney wrote:
> 
> Just so we are all clear about what HP is up to: in August, 1996, I
> attended a presentation by HP's policy person. He was touting the
> anti-four horsemen properties of HP/TIS/unnamed other's "voluntary" "key
> recovery"  system. When I pointed out to him that voluntary GAK could not
> possibly defend against criminals using strong crypto, since such
> criminals are unlikely to register their keys with the "escrow" agency, he
> replied: 
> 
> "There are many 
> possible interpretations of the words 'voluntary' and 'mandatory'."
> 
> I am willing to testify to this under oath.
> 
> I don't know what dictionary HP is using. Orwell himself must have 
> written it.

Try Black's Law Dictionary, 6th Edition.  The IRS uses it all the time.






From tcmay at got.net  Thu Nov 21 08:35:20 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 21 Nov 1996 08:35:20 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore (fwd)
In-Reply-To: <m0vQZy8-0000neC@mirage.skypoint.com>
Message-ID: <v03007800aeba35a0682d@[207.167.93.63]>


At 8:19 AM -0600 11/21/96, Charles Gimon wrote:

>> - Vernor Vinge, "True Names," obviously, "The Peace War," "Marooned in Real
>> Time," "A Fire Upon the Deep," and his collections of short stories (incl.
>> "The Ungoverned").
>>
>> (Caveat: I've been invited to do a chapter for Vinge's forthcoming "True
>> Names" book, containing essays about computers and society, and, of course,
>> his novella of the same name. So I may be biased.)
>>
>
>Is this the St. Martin's Press "True Names" edition that was listed in
>amazon.com? At one time, it was going to be released August or Sept. of this
>year.

Yes. It has been delayed 'til next summer.

>I have to mention that the owner of Dreamhaven Books here in Minneapolis
>complained to me last year that he has a "truckload" of remaindered copies
>of "Peace War". They still have a bunch--every time I've been in there,
>there's a hardbound "Peace War" on display with a price tag of $1.00.
>Buying a copy of "True Names" right now is about as easy as buying an
>original Dead Sea Scroll--but if anybody wants a cheap copy of "Peace War",
>look up Dreamhaven in Minneapolis.

An artifact of the pulp age. Publishers try to estimate demand, then
publish that many copies. Usually they guess wrong. Hence, remainders. And
recycling into more pulp.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From nobody at cypherpunks.ca  Thu Nov 21 08:50:23 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 21 Nov 1996 08:50:23 -0800 (PST)
Subject: [TARGET ACQUIRED] Cryptography in France
Message-ID: <199611211647.IAA15836@abraham.cs.berkeley.edu>



At 4:46 PM 11/21/1996, Thomas Hennes wrote:
>I'm not an anarchist, nor am I illuminated. I'm a regular guy with a
>regular job. I'm simply tired of all these self-proclaimed important
>people that live in the fast lane with MY taxes. And crypto would be a
>mean for me to combat them more efficiently and to bring back some of
>that much-needed social equilibrium. And, the hell with it, I want
>GUARANTEED PRIVACY.

Here's our target!  France is the perfect testing ground for a
top-notch cryptoanarchist system.  Lots of computers, lots of smart
users, high taxes, and a police state.







From sandfort at crl.com  Thu Nov 21 08:54:28 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 21 Nov 1996 08:54:28 -0800 (PST)
Subject: Does Grubor EAT ASSHOLE?  Yes, he eats himself.
In-Reply-To: <Pine.LNX.3.95.961121051941.15546B-100000@dhp.com>
Message-ID: <Pine.SUN.3.91.961121081411.23773A-100000@crl2.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

The following is truly noise.  Please ignore it and forgive me 
for playing with the animals.  They are just so much fun when 
they begin to froth at the mouth.  In some ways it's like picking 
at a scab to see what's underneath.

Grubby,

How do you like my NEW Subject line?  Now don't change it, 
because that would be "the worst kind of censorship."  ;-)
So why the big hard-on against John?  Did he turn down your 
advances because he's straight?  Latents who are in denial like
you are so pathetically impotent.  

By the way, I guess you've wimped out on your "threat" not to 
respond to posts CCed to the Cypherpunks list.  (Feel free not 
to respond to this post.  That'll teach me.)

I noted your kickboxing "challenge" in another post.  Obviously, 
you crave physical contact with other men, but cannot admit it to 
yourself, so you seek it through "combat."  Wouldn't Greco-Roman 
wrestling be more your style?  Why you've even got a Greek in 
your group who would probably love it.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From azur at netcom.com  Thu Nov 21 09:37:30 1996
From: azur at netcom.com (Steve Schear)
Date: Thu, 21 Nov 1996 09:37:30 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <v02140b04aeba4390566a@[10.0.2.15]>


>A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
>device (http://www.comsec.com/).  The point of this post is to posit a
>scenario based on the implications of this product.  This is speculation
>based on where I think such products should be heading.
>
>I think we need to keep a couple of goals in mind.  The first, is to get
>encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
>probably most Americans now buy their phones).  The prices need to be low
>enough that people will want to buy them (<$100?).  Is this technically
>feasible?  The comsec device from the above URL already demonstrates the
>needed capability.  Is the cost target possible?  My guess is soon, given
>the lowering costs and increasing capabilities of current processors.

I've worked with these products, while at Cylink, and don't think it will
be posible to reach your $100 figure for a standalone device without
manufacturing volumes of 100,000/month or so--even AT&T's attempt at a
similar device was priced considerably higher.  Given the lack of general
population interest it is very unlightly a market of this volume will
develop.  A more likely scenario is the inclusion of this technology in a
digital cordless phone, since the A/D-D/A circuits are already part of the
design--some analog units already include scrambling circuits--although
increased power consumption and therefore either power supply weight or
decreased talk and standby times could become a maketing problem.  If
you're interested go contact one of the many Asian consumer electronics
companies (see http://www.asiansources.com> tell them how many 10,000's of
units you're willing to buy and have them built for U.S. resale.

>
>The second goal needs to be to push a similar product for cell-phones.  I
>think this will be perhaps an easier sell, given the higher initial cost for
>these phones, and their reduced security.  Perhaps a home device could be
>sold with the cell-phone as a package deal, so that communications with the
>"home base" (i.e your office, home, etc) would be secure.  With the rapid
>growth in cell-phone sales, selling a package such as this might ensure a
>larger user-base of home devices.

Again inclusion in a digital phone is easiest and best, but then again its
already digital and if GSM probably encrypted over the air. Cylink's
briefcase-sized SecureCell was never a success (too heavy and expensive).
Maintaining a >9600bps stable modem link via analog cellular still isn't
easy (even when stationary), but has improved with the availability of
specialized modems.  However, you're right that many more users will be
willing to pay and could be a winning combo.  I'm not sure interconnection
of such a device with most miniature cell phones would be a slam dunk.

>
>Given that these goals are met, I think widespread use of crypto over phone
>lines would become almost inevitable.  However, the fun part would be the
>introduction of such products.  The FUD coming from police, the government,
>etc. would be amazing to behold.
>
>        Clay
>
>
>
>*******************************************************
>Clay Olbon                          olbon at ix.netcom.com
>engineer, programmer, statistitian, etc.
>**********************************************tanstaafl







From paul at fatmans.demon.co.uk  Thu Nov 21 09:43:31 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Thu, 21 Nov 1996 09:43:31 -0800 (PST)
Subject: The Limey PUNK needs TERMINATED
Message-ID: <848597693.516260.0@fatmans.demon.co.uk>



> what are you, fat?

Maybe I am, maybe I`m not, at least I can honestly say I`m not a 
homophobic fuckup.

> you are now scheduled for termination as a result
> of this e-mail.  this is your last warning.

Termination? - give me a break you pre-pubescent "k00l HaKk1nG D0od"


> Hey you limey PUNK, you can not do SHIT!  If you get out of hand here,
> I will mailbomb you into SMITHERINES!  And kill your whole fucking
> site with fork-bombs if necessary.

Go ahead punk, make my day. As they say, your ass is grass and I`m 
the lawnmower. Your postmaster will be forwarded copies of any more 
abusive mail you send me and if, as I suspect, you are about 13 years 
old, I will tell your parents, now go on, shoo.


> Paul Bradley seemsw to be just another faggot suppporting the
> main Faggot, John Gilmore.

Learn how to spell and type. Once you have done that become educated 
as to why someones sexual orientation is their own business and 
nobody elses. Then in about 20 years return when you have something 
worthwhile to add to the discussion.

> A "punk" means you are a WIMP!

Oh no, I`m so depressed now. To think that being a cryptographer 
could mean that I couldn`t kick your scrawny ass. I have no interest 
in your aspersions being cast at my physical prowess. I believe I, 
along with the other members of the list have progressed beyond the 
neanderthal level of insulting and physically pounding people into 
submission. However, you are making me think about returning to this 
practice.
 
> I think it is about time for the Freedom Knights to
> just kick the fucking shit out of the cypherpunks list!

Yes, sure Mr. Grubor.
 
> This is your last warning, punk.

Oh no, was it, looks like I`m being mailbombed then.
 
> If you get out of line again, both you and your list
> will be terminated.

Yes, I knew it. Please, for the sake of all humanity get an education 
you pimply adolescent masturbator.

Good day to you. 


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From jonmill at frds.com  Thu Nov 21 09:47:42 1996
From: jonmill at frds.com (Jonathan Miller)
Date: Thu, 21 Nov 1996 09:47:42 -0800 (PST)
Subject: This AGA d0od
Message-ID: <c=US%a=_%p=Fisher-Rosemount%l=RDSMAIL-961121094930Z-4@rdsmail.frds.com>


Enough is enough already....  I've spoken with your dad and it's no more
Innerspace Invaders for you.  He said you're UNgrounded for two months,
and while you're not outside looking for a real life and real friends,
you must sit in front of the TV and watch Sesame Street and Mr. Rogers
reruns back-to-back on PBS.

After learning to feel good about yourself with Fred's help, it's off to
a session with Dr. Ruth to help you realize you can make yourself feel
good as well.  It is O.K. to touch yourself as long as you're in
private.  We promise not to make fun of you.

-----------------
>From: 	aga[SMTP:aga at dhp.com]
>Sent: 	Thursday, November 21, 1996 2:24 AM
>To: 	Rabid Wombat
>Cc: 	FREEDOM-KNIGHTS at JETCAFE.ORG; Black Unicorn; cypherpunks at toad.com
>Subject: 	Re: Does John Gilmore EAT Asshole?
>
>On Wed, 20 Nov 1996, Rabid Wombat wrote:
>> Grubby! Back under your rock!

AGA responded:
>FUCK YOU COCKSUCKER -- as long as you keep writing to be,
>I will continue to rip a new asshole in the Faggot John Gilmore
>who promotes PUNKs like you.
>
>A 'punk' is a faggot pussy who is really NOT a man!
>
>> On Wed, 20 Nov 1996, aga wrote:
>> 
>> > Somebody censored the header in this article,
>> > and we put it back.  You know, that is the worst
>> > kind of censorship, when somebody attempts to avoid the issue.
>> 
>
>The faggot Gilmore does take it up the ass and also eat assholes, so
>he should be added to the net.scum list at once.
>
>-a
>
>





From asgaard at Cor.sos.sll.se  Thu Nov 21 10:07:36 1996
From: asgaard at Cor.sos.sll.se (Asgaard)
Date: Thu, 21 Nov 1996 10:07:36 -0800 (PST)
Subject: Anderson & Kuhn's "Improved DFA" paper
In-Reply-To: <1.5.4.32.19961121080842.003dcb34@popd.ix.netcom.com>
Message-ID: <Pine.HPP.3.91.961121190800.2140A-100000@cor.sos.sll.se>


On Thu, 21 Nov 1996 stewarts at ix.netcom.com wrote:

> Anderson&Kuhn just announced the latest in a series of attacks on 
> "tamperproof" hardware crypto modules by Israeli, UK, and US cryptographers.

You forgot the Belgians (or is Jean-Jacques Quisquater French?).

Asgaard





From alan at ctrl-alt-del.com  Thu Nov 21 10:09:48 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Thu, 21 Nov 1996 10:09:48 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
Message-ID: <3.0b36.32.19961121100706.0100acac@mail.teleport.com>


At 12:14 AM 11/21/96 -0800, Timothy C. May wrote:
>
>On the issue of why many of us don't read as much SF as we once did...
>
>Speaking for myself,
[Reasons snipped]

I have found my reasons for not reading as much Science Fiction are:

1) Time.

2) The huge pile of technical manuals/books that I need to read.  (I have
been measuring them, not in number of books, but in linear feet.)

3) Many of the bookstores locally (especially the chains) have a HUGE
percentage of their books being "franchise SF".  It is hard to find
something good when you have to wade through the Star Trek, Star Wars,
Doom, Myst, Story set in the world of <famous name> by written by
<unknown>, and assorted Pern-ography.  (The last chain bookstore I went to
had *NOTHING* that I had not read or was willing to read.)  I guess that is
what i get for going to malls...

ObCrypto:  It is ironic that the 2nd edition of The Codebreakers is out.  I
had just done a book search on it and was going to get a local bookstore to
order me a copy.  (The prices on the used market ran anywhere from $20 to
$80!  That is copied that actually sold, not just asking price.)

I guess I will have to do a book search on _The Puzzle Palace_ and maybe it
will get released. (In kind of a strange quantum bookbuying action at a
distance sort of thing...)


---
|  "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com  |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano at teleport.com  |






From m5 at tivoli.com  Thu Nov 21 10:11:57 1996
From: m5 at tivoli.com (Mike McNally)
Date: Thu, 21 Nov 1996 10:11:57 -0800 (PST)
Subject: Finjan "SurfinGate"
Message-ID: <32949B2B.5217@tivoli.com>


Check out http://www.finjan.com and the stuff about "SurfinGate".  The
software supposedly can perform an on-the-fly inspection of a Java 
applet or ActiveX control, and then apply a signature to it along with
a "safety" level qualifier to feed into a configurable policy mechanism.

Any ideas as to how you can look at an ActiveX control and determine
whether it's safe or not?
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!





From tcmay at got.net  Thu Nov 21 10:21:10 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 21 Nov 1996 10:21:10 -0800 (PST)
Subject: The public sees no need for crypto at this time
In-Reply-To: <1.5.4.32.19961121141010.006da9a4@ix.netcom.com>
Message-ID: <v03007800aeba463ea301@[207.167.93.63]>



I believe that at this time the differential market value to customers of
having strong crypto in telephones is near-zero, and in cell-phones is only
slightly greater. My reasons will follow below.

I'm explicitly discussing "things as they are" rather than "things as they
should be."

At 9:10 AM -0500 11/21/96, Clay Olbon II wrote:

>I think we need to keep a couple of goals in mind.  The first, is to get
>encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
>probably most Americans now buy their phones).  The prices need to be low
>enough that people will want to buy them (<$100?).  Is this technically
>feasible?  The comsec device from the above URL already demonstrates the
>needed capability.  Is the cost target possible?  My guess is soon, given
>the lowering costs and increasing capabilities of current processors.

While I would certainly _like_ to see wider use of crypto, and crypto
deployed ubiquitously in products like telephones, cellphones, pagers, and,
of course, computers and networks, I think any honest appraisal of market
conditions must conclude that there is little _average American_ awareness
of, or demand for, crypto.

One could cite many reasons. Here are some that I see. (Note: I'm not
saying these are true for me and thee, nor for everyone else. And these
reasons may change with time. But for now, I think they're pretty accurate.)

* Most people don't think they're targets of wiretapping. They don't think
the FBI is tapping their phones, and they've never even heard of the NSA,
let alone GCHQ, NRO, SDECE, etc.

* "What have I got to hide?"

* Given a choice to use ordinary phone lines or cordless handsets, with
attendant ease-of-eavesdropping issues, they'll take the convenience of
cordless handsets nearly every time. (And the 900 MHz increase-security
cordless handsets are not yet in heavy demand...they'll succeed when
they're as cheap as ordinary cordless phones.)

* Security always takes some effort. The military can have it only by
having elaborate protocols, checks and balances, and essentially full-time
"crypto" personnel to go through the rigamarol of setting up secure
communications and locking up key material according to elaborate
procedures.

(I like to cite the evolution of metal safes. Mosler Safe Company says the
driving force behind safe design, and deployment to merchants and banks,
was the _insurance business_. Instead of preaching about the value of
increased security, the insurers--who knew how to take the long
view--offered rate discounts if stronger safes were installed. Voila,
stronger safes. Until similar incentives exist for data--e.g., insurance
for loss of patient records, confidential dossiers, etc.--I doubt most
people will listen to the "preaching.")

* Look at how few people--myself included--routinely use crypto (digital
signatures, etc.) here on this list! It is now "worth it" to me to
digitally sign all messages. (Please, don't send me your personal
experiences or your scripts for interfacing Pegasus Zapmail to PGP 2.8!)

* Even those with secure phones--STU-IIIs and Clipperphones--admit that
they rarely use the features. (Recall several stories where advocates of
Clipper had to take the books and magazines piled up on top of their
Clipperphones, dust them off, and try to remember how to initiate a secure
conversation!)

* And this raises the problem of: whom do you communicate with securely? If
your friends and family don't have compatible hardware, what's the point?
Sure, some corporations and enterprises will take the plunge and buy sets
of units, but Joe Public will likely not, at least not until a critical
mass of compatible crypto is installed...perhaps a decade or more from now.

* In short, most people don't see the need. They're not doing things they
think would warrant surveillance, and they have no experience with bad
effects from wiretaps or whatnot. Just not on their list of things to worry
about. And they don't want the additional confusion, learning, and
incompatibility with what their friends and coworkers have.

As to the larger issue of "edcucating the public," I think this is almost
always an exhausting and fruitless task. Do-gooders have been trying this
for decades, even longer.

(Don't let me stop you, anyone. But I think it's unlikely that a new
campaign to educate people about a potential risk that they have never seen
any concrete evidence for in their own lives is going to do much.)

When crypto is cheap enough, it may be a selling factor for a consumer
making a choice. How much extra people are willing to pay is unclear. And
there are "sophisticated users" who may pay extra for such features.

And certainly there does not have to be "wide acceptance" for crypto to be
deployed to the "point of no return" (hint: this is a more important goal
to me than acceptance by Joe Public). For example, the SSL and SWAN stuff
is incredibly important, because wide encryption of network traffic, even
if Joe and Jane Public are not using crypto at home, means surveillance and
vacuum-cleaner types of NSA monitoring are made ten thousand times more
difficult. Which may be enough to secure for us the blessings of crypto
anarchy.

P.S. I'll be away at the Hackers Conference in Santa Rosa, CA for the next
several days, and then travelling for the American holiday of Thanksgiving
Day. So, I'll be mostly away from the list for a while.

--Tim May



>The second goal needs to be to push a similar product for cell-phones.  I
>think this will be perhaps an easier sell, given the higher initial cost for
>these phones, and their reduced security.  Perhaps a home device could be
>sold with the cell-phone as a package deal, so that communications with the
>"home base" (i.e your office, home, etc) would be secure.  With the rapid
>growth in cell-phone sales, selling a package such as this might ensure a
>larger user-base of home devices.
>
>Given that these goals are met, I think widespread use of crypto over phone
>lines would become almost inevitable.  However, the fun part would be the
>introduction of such products.  The FUD coming from police, the government,
>etc. would be amazing to behold.
>
>        Clay
>
>
>
>*******************************************************
>Clay Olbon			    olbon at ix.netcom.com
>engineer, programmer, statistitian, etc.
>**********************************************tanstaafl


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From tcmay at got.net  Thu Nov 21 10:28:40 1996
From: tcmay at got.net (Timothy C. May)
Date: Thu, 21 Nov 1996 10:28:40 -0800 (PST)
Subject: [TARGET ACQUIRED] Cryptography in France
In-Reply-To: <199611211647.IAA15836@abraham.cs.berkeley.edu>
Message-ID: <v03007801aeba4f92d42b@[207.167.93.63]>


At 8:47 AM -0800 11/21/96, John Anonymous MacDonald wrote:

>Here's our target!  France is the perfect testing ground for a
>top-notch cryptoanarchist system.  Lots of computers, lots of smart
>users, high taxes, and a police state.

Not likely.

I gave a talk a couple of years ago in France (well, Monte Carlo, actually,
but the conference was heavily francocentric), and it was clear to me that
France is in the Dark Ages on these issues.

Sure, they've got "Minitel," an ostensibly ubiquitous network. But Minitel
is actually a primitive, sub-Prodigy-class system, controlled by the
government of France and associated special interests (France Telecom,
etc.).

The number of French persons actively on the Internet is fairly low--ask
yourself how many ".fr" domain names you've seen lately, and when you last
saw one on Cypherpunks? I see many more Finnish and even New Zealand domain
names.

Further, encryption is heavily restricted in France. As one French friend
put it, "You can apply for a license to use crypto--the same way you would
apply for a license to buy your own Exocet missile."

So, France is somewhere near the bottom of my list of fertile grounds for
crypto anarchy.

--Tim May



Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From kb4vwa at juno.com  Thu Nov 21 10:37:29 1996
From: kb4vwa at juno.com (Edward R. Figueroa)
Date: Thu, 21 Nov 1996 10:37:29 -0800 (PST)
Subject: Word Lists
Message-ID: <19961121.134031.7791.4.kb4vwa@juno.com>


I'm looking for a Large Word List, for a pkcrack program.

Anyone have any idea where to find one, or how to convert a dictionary
formated file to a wordlist file?

Ed





From gbroiles at netbox.com  Thu Nov 21 10:47:34 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Thu, 21 Nov 1996 10:47:34 -0800 (PST)
Subject: killfiling aga@dhp.com
Message-ID: <3.0b28.32.19961121105128.006fd704@ricochet.net>


At 06:45 AM 11/21/96 -0800, nobody at cypherpunks.ca (John Anonymous
MacDonald) wrote:
[discussing aga at dhp.com]
>I should'a kill-filed this sicko long ago.

Agreed. But if you (and other anonymous posters) are going to continue to
reply to him or other unproductive kooks, would you please put their
addresses somewhere in the headers of your messages (perhaps in the To: or
Cc: or Subject:) headers so that the rest of us who are using killfiles
won't have to read your replies? 


--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles at netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 





From janzen at idacom.hp.com  Thu Nov 21 11:04:24 1996
From: janzen at idacom.hp.com (Martin Janzen)
Date: Thu, 21 Nov 1996 11:04:24 -0800 (PST)
Subject: Replying to noise
In-Reply-To: <199611211445.GAA13181@abraham.cs.berkeley.edu>
Message-ID: <9611211904.AA18392@sabel.idacom.hp.com>


An anonymous poster writes:
> On Thu, 21 Nov 1996, aga <aga at dhp.com> wrote: 
> [demented ravings deleted]
> I should'a kill-filed this sicko long ago.
>	 
> >From whence does such trash arise?
>  
> Oh me!!

Yes, that's exactly right.  See, many of us _have_ "kill-filed this sicko"
long ago -- but when you quote these rants in your post, with no subject
line, no "aga@" or "freedom-knights" or what have you in the header, we
get the dubious privilege of seeing them anyway, mail filters or no mail
filters.  If you must respond, perhaps next time you could snip out the
garbage first.


>Like the raving individuals one passes on the sidewalk, he is best
>ignored. Leave him for professional care.

This is good advice.  Please, remember it the next time you're tempted to
respond to such garbage.

If you want help in ignoring him/her/it, and are on a Unix system, I'd be
happy to send you some tips on how to get procmail running.  If you're
on a PC or Mac, I'm sure some knowledgeable c'punk can post similar
information about Eudora filters and the like.

Thanks.  Sorry, all, for sending this to the list, but of course there
was no way to reply directly to the poster.

MJ





From attila at primenet.com  Thu Nov 21 11:35:54 1996
From: attila at primenet.com (attila)
Date: Thu, 21 Nov 1996 11:35:54 -0800 (PST)
Subject: Word Lists
In-Reply-To: <19961121.134031.7791.4.kb4vwa@juno.com>
Message-ID: <Pine.BSI.3.95.961121191801.7460C-100000@usr09.primenet.com>


On Thu, 21 Nov 1996, Edward R. Figueroa wrote:

> I'm looking for a Large Word List, for a pkcrack program.
> 
> Anyone have any idea where to find one, or how to convert a dictionary
> formated file to a wordlist file?
> 

	find a source code copy of unix and find the spelling routine;
    there is a list of approximately 60K base words.  the code has an
    function which checks prefixes, suffixes, variations, etc. I have
    not looked to see if spell is included with "modern" versions of
    unix since the spell code is early 70s --it was in V6. It was also
    included in BSD4.1a/4.2+. 

	I have all of 'em for the last 25 years, in storage somewhere
    --and have not fired over my ancient Pertec 800/1600 open reel 9 track
    tape drive in years! --or I would lift one off for you.

	I do not know of a routine which generates "valid" prefixes,
    suffixes, and the like which would be useful in password cracking
    routines.

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.






From attila at primenet.com  Thu Nov 21 11:48:20 1996
From: attila at primenet.com (attila)
Date: Thu, 21 Nov 1996 11:48:20 -0800 (PST)
Subject: killfiling aga@dhp.com
In-Reply-To: <3.0b28.32.19961121105128.006fd704@ricochet.net>
Message-ID: <Pine.BSI.3.95.961121193908.7460D-100000@usr09.primenet.com>


On Thu, 21 Nov 1996, Greg Broiles wrote:

> At 06:45 AM 11/21/96 -0800, nobody at cypherpunks.ca (John Anonymous
> MacDonald) wrote:
> [discussing aga at dhp.com]
> >I should'a kill-filed this sicko long ago.
> 
> Agreed. But if you (and other anonymous posters) are going to continue to
> reply to him or other unproductive kooks, would you please put their
> addresses somewhere in the headers of your messages (perhaps in the To: or
> Cc: or Subject:) headers so that the rest of us who are using killfiles
> won't have to read your replies? 
> 
	all the remailers I know strip the headers except the subject. 

	If you put another header type line in the body of the text, it
    will still be there --in the body which means your filter does a great
    number of CPU cylces unnecessary.  Suggest: 

	    Subject: [aga@] whatever the current smoke....

    which should pass most of the garden variety remailers. 

	Personally, I think he's so far out, he is almost more humouress
    than he is ignorant, but he's been procmailed....

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.






From vince at web.wa.net  Thu Nov 21 12:03:23 1996
From: vince at web.wa.net (Vince Callaway)
Date: Thu, 21 Nov 1996 12:03:23 -0800 (PST)
Subject: Patent Fight Could Add to Cost of Inter
In-Reply-To: <Chameleon.848574420.apugh@tx86-8>
Message-ID: <Pine.LNX.3.93.961121115723.11445B-100000@web.wa.net>



> ``We believe it's important to draw a line in the sand and make 
> them prove infringement,'' said CompuServe spokeswoman Gail 
> Whitcomb. ``We think their claim is way too broad.'' 

This is quite a statement coming from a company that flexed its muscles on
the .GIF file spec. about 3 years ago.

If I remember right Compuserve caused some some major changes in RIP and
HTTP developement.  Until that time the only graphic format supported in
Mosaic was .GIF.  JPEG was promptly added and there was hot debate about
the issue.

Did not slow down the net much though.






From whgiii at amaranth.com  Thu Nov 21 12:10:10 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Thu, 21 Nov 1996 12:10:10 -0800 (PST)
Subject: <sigh> children
In-Reply-To: <199611211445.GAA13181@abraham.cs.berkeley.edu>
Message-ID: <199611212126.PAA31277@mailhub.amaranth.com>


>On Thu, 21 Nov 1996, aga <aga at dhp.com> wrote: 

>From: aga <aga at dhp.com>
>To: Rabid Wombat <wombat at mcfeely.bsfs.org>
>cc: FREEDOM-KNIGHTS at JETCAFE.ORG, Black Unicorn <unicorn at schloss.li>,
>        cypherpunks at toad.com
>Subject: Re: Does John Gilmore EAT Asshole?


>FUCK YOU COCKSUCKER -- as long as you keep writing to be,
>I will continue to rip a new asshole in the Faggot John Gilmore who
>promotes PUNKs like you.

>[snip]

>A 'punk' is a faggot pussy who is really NOT a man!

>The faggot Gilmore does take it up the ass and also eat assholes, so he
>should be added to the net.scum list at once.


<sigh> Parents you should really lock up you computers when your childern
are home alone.

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii at amaranth.com>
-----------------------------------------------------------






From minow at apple.com  Thu Nov 21 12:20:25 1996
From: minow at apple.com (Martin Minow)
Date: Thu, 21 Nov 1996 12:20:25 -0800 (PST)
Subject: Digital Footprints (Article in UK Guardian)
Message-ID: <3294B96C.7C24@apple.com>


The online edition of the UK Guardian newspaper has a long
article on the way that "Internet users leave traces and records
of every online action, from sending e-mail or posting to
newsgroups to visiting Web sites."

... "At the moment unwanted e-mail is about the limit of the
intrusion, but this could change. Internet commentator Dominique
Paul Noth points out: "You have no guarantee that the information is
intelligently or even accurately employed to your benefit." As more
information is collected, it is more useful to those collecting it
- and less easily controlled."

... One alternative is making yourself anonymous by deleting cookie
files and using mail programs that disguise your identity."

"However, making yourself anonymous online means that you cannot
personalise Web pages, ask for information via e-mail, or join
mailing lists. The issue, as Noth and other commentators recognise,
is more to do with how this information is used. Credit card companies
know what we are buying, and there is a legal framework to control
their use of this information. There is no such framework in force
for online information. 

"It seems that the very lack of "real world" controls over online
activity which many Internet users favour has created the environment
in which marketing companies can thrive. As long as the Internet
is seen as somehow outside the reach of the law, then there will be
those who abuse its freedom. So as you surf for Christmas presents,
look out for surprises in your mailbox as a result"

The full article is at:

http://go2.guardian.co.uk/internet/961121wwonDigitlafootprint.html
(Note that newspaper articles on the Web are often only visible
for a short time.)

Martin Minow
minow at apple.com





From adam at homeport.org  Thu Nov 21 12:40:13 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 21 Nov 1996 12:40:13 -0800 (PST)
Subject: Finjan "SurfinGate"
In-Reply-To: <32949B2B.5217@tivoli.com>
Message-ID: <199611212036.PAA04813@homeport.org>


	These thoughts are generic, and I haven't even looked at the
surfgate web page.

	Does it access a file?  winsock?  hard coded memory addresses?
Does it modify itself (Its code sections)?  What system calls does it
make?  Are they all on the thought safe list?

	If it does not, then you have a first level analysis and can
say that it might not be unsafe; you're a *LOT* better off than you
were before.

	Trying to prove the code is safe is hard.  Looking for obvious
attacks (java that writes .rhosts, mails off /etc/passwd) is not very
hard.   It can lead to a false sense of security.


Adam


Mike McNally wrote:
| Check out http://www.finjan.com and the stuff about "SurfinGate".  The
| software supposedly can perform an on-the-fly inspection of a Java 
| applet or ActiveX control, and then apply a signature to it along with
| a "safety" level qualifier to feed into a configurable policy mechanism.
| 
| Any ideas as to how you can look at an ActiveX control and determine
| whether it's safe or not?
| -- 
| ______c_________________________________________________________________
| Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
| mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
| http://www.io.com/~m101/                 * processing" are different!
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From unicorn at schloss.li  Thu Nov 21 12:45:09 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Thu, 21 Nov 1996 12:45:09 -0800 (PST)
Subject: Stewart Baker on new crypto rules
In-Reply-To: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>
Message-ID: <Pine.SUN.3.94.961121154258.15840I-100000@polaris>


On Thu, 21 Nov 1996, Jon Galt wrote:

> Date: Thu, 21 Nov 96 11:02:30 EST
> From: Jon Galt <jongalt at pinn.net>
> To: shamrock at netcom.com
> Cc: cypherpunks at toad.com, froomkin at law.miami.edu
> Subject: Re: Stewart Baker on new crypto rules
> 
> > On Wed, 20 Nov 1996, Hal Finney wrote:
> > 
> > Just so we are all clear about what HP is up to: in August, 1996, I
> > attended a presentation by HP's policy person. He was touting the
> > anti-four horsemen properties of HP/TIS/unnamed other's "voluntary" "key
> > recovery"  system. When I pointed out to him that voluntary GAK could not
> > possibly defend against criminals using strong crypto, since such
> > criminals are unlikely to register their keys with the "escrow" agency, he
> > replied: 
> > 
> > "There are many 
> > possible interpretations of the words 'voluntary' and 'mandatory'."
> > 
> > I am willing to testify to this under oath.
> > 
> > I don't know what dictionary HP is using. Orwell himself must have 
> > written it.
> 
> Try Black's Law Dictionary, 6th Edition.  The IRS uses it all the time.

Or my favorate supreme court quote:

Threat of loss, not hope of gain, is the essence of coercion.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From Mullen.Patrick at mail.ndhm.gtegsc.com  Thu Nov 21 12:50:31 1996
From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick)
Date: Thu, 21 Nov 1996 12:50:31 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <n1363530815.90062@mail.ndhm.gtegsc.com>


_______________________________________________________________________________
From: Clay Olbon II on Thu, Nov 21, 1996 15:20

>A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
>device (http://www.comsec.com/).  The point of this post is to posit a

The above mentioned crypto phone was incredibly expensive, if I remember
correctly.  What it basically was (Please keep in mind I may be thinking
of a different product) a box containing a modem and a crypto-crunching
CPU.  Phone in one end, processed by said CPU, and send out other end.  I
have/had a similar idea, but I want to try make it a totally software 
product (assuming you have the necessary hw requirements on your computer)
where you talk in through a microphone (can something be wired so you can
use a regular phone plugged into your computer/modem/soundcard???) your
CPU crunches code, and spits out the encrypted data.  Obviously, the
complementing steps would be done on the receiving end.  
Has anyone ever tried anything like this?  

>I think we need to keep a couple of goals in mind.  The first, is to get
>encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
>probably most Americans now buy their phones).  The prices need to be low
>enough that people will want to buy them (<$100?).  Is this technically
>feasible?  The comsec device from the above URL already demonstrates the
>needed capability.  Is the cost target possible?  My guess is soon, given
>the lowering costs and increasing capabilities of current processors.

Goals sound good.  I feel it *definately* has to be below $100.  Personally,
I use a phone bought at K-Mart that cost $12 _after_ tax...  I wouldn't 
mind paying $50 for a techno gizmo that made my conversations, inane as they
may be, private.  The price would also have to be low to assure the other
end has a similar techno-gizmo, or I would have wasted my money.  Anyone
else see the *immediate* need for a standard?

>The second goal needs to be to push a similar product for cell-phones. 

If I'm not mistaken (and I've been known to be from time to time :-), cell
phones are already encrypted between the phone and cell tower.  That way,
they are no less private than a regular phone.  Of course, you may be
referring to further end-to-end encryption built into the phone in addition
to this, but as far as they being less secure than a house phone, I'm not
sure about that one.

>Given that these goals are met, I think widespread use of crypto over phone
>lines would become almost inevitable.  However, the fun part would be the
>introduction of such products.  The FUD coming from police, the government,
>etc. would be amazing to behold.

Agreed! 

>        Clay

>*******************************************************
>Clay Olbon			    olbon at ix.netcom.com
>engineer, programmer, statistitian, etc.
>**********************************************tanstaafl

PM

USER ERROR:  REPLACE AND STRIKE ANY KEY WHEN READY





From m5 at tivoli.com  Thu Nov 21 12:59:51 1996
From: m5 at tivoli.com (Mike McNally)
Date: Thu, 21 Nov 1996 12:59:51 -0800 (PST)
Subject: Finjan "SurfinGate"
In-Reply-To: <199611212036.PAA04813@homeport.org>
Message-ID: <3294C256.6B88@tivoli.com>


Adam Shostack wrote:
> 
>         Does it access a file?  ...

Maybe I should have been more clear.

It's certainly true that one could concoct software that looked for
some tell-tale signs in Java applets or ActiveX controls (though it'd
be a little tricker in the latter case, I suspect).  What worries me
is that this sort of tool might provide a false sense of security to
corporate IS types (people who pay my company lots of money).

(Oh, gee, I see now that the last line of your message was "It could
lead to a false sense of security."  Rare concensus on cypherpunks.)

Anyway, there are lots of products like this (lots of virus scanners
claim to defend against "all current and future viruses"), and they're
not quite the same as sleazy snake-oil pseudo-crypto outfits.  It
worries me, if only as somebody with money in a bank that might be
rendered vulnerable, that a tool like this might be installed under
the illusion that an impenetrable wall has gone up around the 
network.

Seems to me that putting together an ActiveX control that "sneaks" its
way through the firewall risk policy wouldn't be hard.  Unless the 
applet scanner actually simulates execution of the control under a
variety of input conditions (and we know that's not likely) (but prove
me wrong, please) there's not much it can do other than poke around and
check what other DLL's the thing wants to access.  It might be a bit
harder to be sneaky in Java, but I certainly wouldn't bet I could look
at an applet and guarantee its safety to any threshold (if I could, why
not just do that in the browser?).

Believing in the safety of precertified applets/controls is scary 
enough.  Trusting yet another piece of software in the loop just seems
a little wacky to me.


(Oh, and in case Finjan is a Tivoli partner, or for all I know another
IBM company, I'm not speaking for Tivoli.)
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!





From MullenP at ndhm06.ndhm.gtegsc.com  Thu Nov 21 13:44:29 1996
From: MullenP at ndhm06.ndhm.gtegsc.com (Mullen, Patrick)
Date: Thu, 21 Nov 1996 13:44:29 -0800 (PST)
Subject: Word List
Message-ID: <c=US%a=_%p=GTE%l=NDHM06-961121214346Z-21000@ndhm06.ndhm.gtegsc.com>


Note: I changed the list to Cypherpunks, since this is more relative to
that list.

Crack, the UN*X /etc/passwd cracker comes with a very large dictionary.
I
assume you want one for the same purpose (maybe not...).  I can't
remember
for sure, but I believe it is a plain ASCII file.  Go to webcrawler and
request
"crack and unix" (w/out quotes) and you'll find a listing.  A site named
/.hAcKiNg./ or something like that will show up.  It has Crack in pkzip
format.

BTW, this is a DOS application, *not* UN*X...

~ Patrick

>----------
>From: 	kb4vwa at juno.com[SMTP:kb4vwa at juno.com]
>
>I'm looking for a Large Word List.
>
>Anyone have any idea where to find one, or how to convert a dictionary
>formatted file to a wordlist file?
>
>Ed
>





From camcc at abraxis.com  Thu Nov 21 14:29:01 1996
From: camcc at abraxis.com (Alec)
Date: Thu, 21 Nov 1996 14:29:01 -0800 (PST)
Subject: Word Lists
Message-ID: <3.0.32.19961121172905.00696630@smtp1.abraxis.com>


At 01:40 PM 11/21/96, you wrote:
:I'm looking for a Large Word List, for a pkcrack program.
:
:Anyone have any idea where to find one, or how to convert a dictionary
:formated file to a wordlist file?
:
:Ed
:
http://world.std.com/~reinhold/diceware.wordlist.asc

This is the wordlist for Diceware, and I quote, "7776 short English words,
abbreviations and easy to remember character strings. The average length of
each word is about 4.2 characters. The biggest words are six characters long.

The list is based a longer word list posted to the Internet news group
sci.crypt by Peter Kwangjun Suk."

This may not be long enough for your needs.

The address of the Diceware page is 

http://world.std.com/~reinhold/diceware.page.html

Good luck.

Cordially,

Alec                   

PGP Fingerprint:
Type bits/keyID    Date       User ID
pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc at abraxis.com>
          Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
                             






From dave at kachina.jetcafe.org  Thu Nov 21 15:11:15 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Thu, 21 Nov 1996 15:11:15 -0800 (PST)
Subject: [REBUTTAL] Censorship on cypherpunks?, from The Netly News
Message-ID: <199611212309.PAB01049@kachina.jetcafe.org>


Firebeard (ouch!) writes:
> >>>>> Dave Hayes writes:
> >> Yes, ownership gives you a license to censor. I'm going to have a
> >> party in my home a few weeks from now. If I don't like what someone
> >> is doing, I'll kick 'em out. I won't do it lightly, but I will
> >> fight for my right to do so.
> DH> Of course, you may invite anyone you choose, since a party is
> DH> usually had by inviting people whom you select. If you invite them
> DH> and then subsequently kick them out when they do things you do not
> DH> want them to do, I will chastise -you- (if I am present) for your
> DH> lack of judgement in whom to invite. Their behavior would merely
> DH> something to learn from, yours would be fashionably dishonorable.
> 	By "kicking them out", I'd be admitting that my judgement was
> in error.  I'm big enough to admit that.  

But are you "big" (by whatever standard) enough to admit that
"judgement" of others is the error?

> Apparently, you are not big enough to admit such a thing, and would
> prefer to cower in the corner while the person whose character you
> misjudged drives everyone else away.

Why go that far? 

The people *I* generally invite to parties are quite capable of
handling whatever disturbance arises, being "big enough" to realize
that "disruptive influences" are only disruptive if one allows them
that ability.

If I've invited someone who cannot handle their own ability to be
disrupted, only -then- is my judgement in "error" by the standard
of "error" you seem to be espousing. 

> DH> BTW, "Kicking them out" is not censorship. A party and a mailing
> DH> list are usually two different things. The former may include the
> DH> latter, but the latter is not anything like the former.
> >> Oh, and I plan to subscribe to the freedom-knights mailing list and
> >> infest it the way Vulis did cypherpunks. Every hour, on the hour, a
> >> crontab script will flood it with rants about Dave (fart) Hayes.
> DH> You won't do this, because I won't let you on the list. I, unlike
> DH> you or Mr. Gilmore, have the judgement on whom to invite to my
> DH> list.
> 	And Mr Gilmore may not have had the proper judgement, in
> allowing everyone to join the list.  

"Proper" in the sense you seem to mean it, implies that you understand
the goal Mr. Gilmore had in mind in allowing everyone to join the
list.

> But he was big enough to admit that he had made an error in
> judgement, and take steps to deal with that error, rather than deny
> that he had made the error.  Perhaps his judgement was in error
> regarding the steps he took, but I expect that if he reaches the
> conclusion that he was again in error, he will admit that.  Perhaps
> that judgement of mine is in error, but I'm big enough to admit that
> I'm not perfect.

Well. -I-, on the other hand, am so big that I have no need to
copiously announce the obvious fact of my imperfection to the world,
so I can afford to pretend that I am perfect.
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

A passerby caught Nasrudin prying open the window of his own bedroom from 
the outside in the depths of night. "What are you doing? Locked out?"
"Hush!" came the reply. "They say I walk in my sleep. I am trying to surprise
myself and find out."








From maldrich at grci.com  Thu Nov 21 16:43:05 1996
From: maldrich at grci.com (Mark O. Aldrich)
Date: Thu, 21 Nov 1996 16:43:05 -0800 (PST)
Subject: Alias list for killfiling Grubor
Message-ID: <Pine.SCO.3.93.961121181231.13502H-100000@grctechs.va.grci.com>


For those who haven't explored the rich, sick history of John M. Grubor
(aka "aga at dhp.com"), he uses a variety of aliases.  While the "aga"
account seems popular right now, he usually pops over to another when his
killfile ratio gets too high.

To help save time and effort, the following is offered from the Grubor FAQ
that circulates on the Net with some regularity (look in 
alt.bonehead.john-grubor or alt.general.grubor):

Grubor has used, and continues to use, many aliases; usually through free
trial AOL, Prodigy or Compuserve accounts; but he has also paid for many
accounts on local providers. 

Some of Grubor's aliases: 

-manus at manus.org (his vanity domain)
-anything else at manus.org
-drg at telerama.lm.com (likely dead)    
-various pgh.org addresses (apparently another vanity account)
-Zeus (an usaor.net account, now dead)
-maryjane (a Compuserve address, dead)
-DrMacho (drmacho at pgh.nauticom.net, dead)
-Vwqe99b at prodigy.com (formerly using the alias "Amy Martin" now "Stanley
 Brown"; one of two accounts used for posting the infamous "List of
 Homosexuals in the Internet"--not dead, but rarely used) 
-Law Doctor or Doctor of Law used with his drg at manus.org and 
 drg at pgh.nauticom.net (dead) accounts
-two other AOL accounts--lawsystems@ and jgrubor at --are dead.
-aga at dhp.com (still active, but rarely used)
-zando at ix.netcom.com  (a former favorite, likely dead.  He used many
different  aliases with this one claiming alternately that this account
belongs to his mother and his wife.  All indications are that he is the
only one who used it.) 

He has also used CyberLawMaster, Lord Grubor, Lord Grub, and others with
his manus.org and ix.netcom.com addresses.  He morphs his aliases
frequently in an admitted attempt to foil killfiles. 

Possible aliases/morph accounts are:
-nancybett at aol.com (dead) 

All other accounts are generally verified as belonging to Grubor or not
rather quickly.

<end FAQ extract>

He is now also using "drgrubor at aol.com".  Because AOL will toss him fairly
quickly if he's too abusive (and he's already posting under that ID using
"cunt" and "cock" references), he'll probably not morph over there with
the idiocy he's been posting here.  If he does post from that account, I'd
suggest a mass mailing to AOL the moment it happens. 

He's got a KOTM award, but the small blurbs they publish don't do justice
to this small and pathetic little man.  He posts CONSTANTLY to the Usenet,
so checking things like DejaNews will help identify if it's really him
(his volume of posts seems to _never_ be what you'd call "lite").  His DHP
(DataHaven Project) domain is run by two hackers, Wipeout and Panzer Boy. 
Can't say anything based on fact, but I'd say that from their Web pages
that they aren't likely to really care what he says and aren't going to
respond to complaints sent to "postmaster at dhp.com".  If someone with
accurate info on who's selling line time to DHP can poney up a responsible
party to whom complaints can be sent, that might help. 

Now, if we could just get this Grubor weenie hooked up with Helena Kobrin,
maybe they could cause some impossible "stupidity polarization" and set
off an implosion that will drive both of them straight to hell and forever
off the face of the Earth.  Where's Jim Bell when you need him? 

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich at grci.com       |
|What I paid                              | MAldrich at dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------








From jfricker at vertexgroup.com  Thu Nov 21 16:44:03 1996
From: jfricker at vertexgroup.com (John Fricker)
Date: Thu, 21 Nov 1996 16:44:03 -0800 (PST)
Subject: Patent Fight Could Add to Cost of Inter
Message-ID: <19961122004319974.AAA195@dev.vertexgroup.com>


Unisys owns the patent for LZW compression which GIF (and TIFF and many other programs) utilizes. Unisys is the company that put pressure on CIS because CIS had developed the GIF format. 

CIS did nothing other than ruffle many peoples feathers and inspire the PNG team to create a new spec. JPEG support was inevitable across the board.

If I remember correctly the LZW patent expires next year.

The interesting patent I'm waiting to bubble to the top of pond is the one that covers the display of advertising material in a software program. I'm not making that up!

>Vince Callaway (vince at web.wa.net) said something about Re: Patent Fight Could Add to Cost of Inter  on or about 11/21/96 2:32 PM

>
>> ``We believe it's important to draw a line in the sand and make 
>> them prove infringement,'' said CompuServe spokeswoman Gail 
>> Whitcomb. ``We think their claim is way too broad.'' 
>
>This is quite a statement coming from a company that flexed its muscles on
>the .GIF file spec. about 3 years ago.
>
>If I remember right Compuserve caused some some major changes in RIP and
>HTTP developement.  Until that time the only graphic format supported in
>Mosaic was .GIF.  JPEG was promptly added and there was hot debate about
>the issue.
>
>Did not slow down the net much though.
>
>End of message

--j
-----------------------------------
| John Fricker (jfricker at vertexgroup.com)
| -random notes-
| My PGP public key is available by sending me mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------






From hakker1 at hotmail.com  Thu Nov 21 16:52:42 1996
From: hakker1 at hotmail.com (delious hendrixs)
Date: Thu, 21 Nov 1996 16:52:42 -0800 (PST)
Subject: Magic passwodr in BIOS?
Message-ID: <19961121220729.3994.qmail@hotmail.com>


>From sender 
>Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id GAA17822 for
cypherpunks-outgoing; Thu, 21 Nov 1996 06:32:33 -0800 (PST)
>Received: from laf.cioe.com (root at laf.cioe.com [204.120.165.33]) by toad.com
(8.7.5/8.7.3) with ESMTP id GAA17817 for <cypherpunks at toad.com>; Thu, 21 Nov
1996 06:32:27 -0800 (PST)
>Received: from ThisHost (ewilson.roeing.com [206.230.2.100]) by laf.cioe.com
(8.7.5/8.7.3) with SMTP id JAA08462; Thu, 21 Nov 1996 09:33:14 -0500 (EST)
>Message-Id: <1.5.4.32.19961121142941.0085b630 at gibson.cioe.com>
>X-Sender: serw30 at gibson.cioe.com
>X-Mailer: Windows Eudora Light Version 1.5.4 (32)
>Mime-Version: 1.0
>Date: Thu, 21 Nov 1996 09:29:41 -0500
>To: Kamil Golombek <Zero at mrkev.vabo.cz>
>From: Eric Wilson <serw30 at laf.cioe.com>
>Subject: Re: Magic passwodr in BIOS?
>Cc: cypherpunks at toad.com
>Sender: owner-cypherpunks at toad.com
>Precedence: bulk
>Content-Type: multipart/mixed; boundary="--------geoboundary"
>
>
><HTML>
><BODY>
><CENTER>
><A HREF="http://www.geocities.com">Postage paid by: <IMG
SRC="http://www.geocities.com/pictures/newgeobt.gif"></A></CENTER>
></BODY>
></HTML>
>
Another way of defeating any bios system is by turning the on/off button a
whole bunch of times, causing it to reset the bios chip.  Therefore bypassing
the password logon.
Sincerely,
Psionic Damage

---------------------------------------------------------
Get Your *Web-Based* Free Email at http://www.hotmail.com
---------------------------------------------------------





From shamrock at netcom.com  Thu Nov 21 17:23:33 1996
From: shamrock at netcom.com (Lucky Green)
Date: Thu, 21 Nov 1996 17:23:33 -0800 (PST)
Subject: Mass-market crypto phones
In-Reply-To: <n1363530815.90062@mail.ndhm.gtegsc.com>
Message-ID: <Pine.3.89.9611211658.A10580-0100000@netcom14>


On 21 Nov 1996, Mullen Patrick wrote:

> _______________________________________________________________________________
> From: Clay Olbon II on Thu, Nov 21, 1996 15:20
> 
> >A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
> >device (http://www.comsec.com/).  The point of this post is to posit a
> 
> The above mentioned crypto phone was incredibly expensive, if I remember
> correctly.  What it basically was (Please keep in mind I may be thinking
> of a different product) a box containing a modem and a crypto-crunching
> CPU.  Phone in one end, processed by said CPU, and send out other end.  I
> have/had a similar idea, but I want to try make it a totally software 
> product (assuming you have the necessary hw requirements on your computer)
> where you talk in through a microphone (can something be wired so you can
> use a regular phone plugged into your computer/modem/soundcard???) your
> CPU crunches code, and spits out the encrypted data.  Obviously, the
> complementing steps would be done on the receiving end.  
> Has anyone ever tried anything like this?  

Sure. There are Nautilus and PGPFone. The problem is that software-only
solutions are unlikely to provide a sound quality that is acceptable for
everyday use over analog lines. At least not unless you have a very fast
machine and don't intend to use it for anything else than telephony. Here
is why: 

Computer telephony codecs are subject to a tradeoff amongst three main 
factors:

o Voice quality (you want to maximize this)
o Processing power required (you want to minimize this)
o Bandwidth (you definitely want to minimize this)

Imagine the three factors to form the dimensions of a cube. You can get
the choose two values, but not all three. Example: you can get good voice
quality on a machine with a (relatively) slow CPU, if you have a lot of
bandwidth. Or you can get good voice quality on a very fast machine with
little bandwidth. Of the three factors, band with is the most limiting. 
The best codec in the word on the fastest machine can't give you decent
voice quality on a very slow connection. 

So how much bandwidth do you need? An ISDN B-channel, which is designed to
carry one digital telephone conversation, is 64kbps. But a regular POTS
telephone, using an analog line, doesn't have nearly as much bandwidth to
work with. You should not expect an analog modem to link up at a speed of
more than 14.4kpbs. Some lines may link up at only 9600bps.  Forget about
the less than 10% of US phone lines that allow the use of 28.8kbps. You
can't rely on your customers to use your product only over such lines. 

The first problem is therefore to find a software codec that compresses 
your voice down to 14.4kbps. They exist, but they require a lot of 
computations and therefore a fast CPU.

But that's only half the problem. Next, you need to encrypt the 
data steam. The rule of thumb here is: the stronger the crypto, the more 
cycles you need. Since we are talking about strong crypto, such as 
3DES, you will need _a lot_ of cycles.

Once you add the cycles needed by the codec and the cycles needed by the 
crypto, you will find that you, more likely than not, don't get enough 
cycles from your CPU. The obvious solution to this problem is to use a 
codec that uses lossier compression and therefore less cycles, resulting in 
lower speech quality.

Even after sacrificing voice quality, telephony is most likely the only 
task your computer will be able to do while you are on the phone. This 
may work for you, but it won't work for many others. After all, not
many people have a spare 200MHz Pentium sitting around that they don't 
need for anything else.

The alternative is to use dedicated hardware. Remember that a general
purpose CPU is just that: general purpose. If you want to use the box only
for one purpose, there is often a cheaper, better solution available in
special purpose hardware. For the price of the Pentium box, you can build
a much smaller bump-in-the-cord device that delivers great sound, over
slow links, *and* uses strong crypto.

Which is what Eric Blossom <http://www.comsec.com/> did. And he did 
it extremely well, I'd like to add.

I don't want to discourage you. Try the software-only solutions and see 
if they work you. You can find them at 
<ftp://ftp.hacktic.nl/pub/replay/pub/voice/>

--Lucky





From jimbell at pacifier.com  Thu Nov 21 17:31:45 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 21 Nov 1996 17:31:45 -0800 (PST)
Subject: Patent Fight Could Add to Cost of Inter
Message-ID: <199611220131.RAA28545@mail.pacifier.com>


At 05:06 AM 11/21/96 CST, Alan Pugh wrote:
>
>By KATHLEEN SAMPEY 
>Associated Press Writer 
>
>NEW YORK (AP) _ A little-known patent could raise the cost of 
>doing business over the Internet for companies selling software, 
>video or other digital products delivered online. 
>
>E-Data Corp. of Secaucus, N.J., is suing 17 companies, including 
>McGraw-Hill and CompuServe, to collect licensing fees on the 
>patent, which protects downloading of encrypted digital 
>information. A court hearing is scheduled Dec. 6 in New York on the 
>company's claims. 


Notice, as usual, the Orwellian use of the word "protects" in the paragraph 
above.  While apparently written by a journalist, it echoes the usage of 
lawyers.  Nothing is really being "protected," it is being monopolized.


Jim Bell
jimbell at pacifier.com





From kooltek at iol.ie  Thu Nov 21 17:32:12 1996
From: kooltek at iol.ie (Hack Watch News)
Date: Thu, 21 Nov 1996 17:32:12 -0800 (PST)
Subject: Anderson & Kuhn's "Improved DFA" paper
In-Reply-To: <Pine.HPP.3.91.961121190800.2140A-100000@cor.sos.sll.se>
Message-ID: <3295023B.266E@iol.ie>


Asgaard wrote:
> 
> On Thu, 21 Nov 1996 stewarts at ix.netcom.com wrote:
> 
> > Anderson&Kuhn just announced the latest in a series of attacks on
> > "tamperproof" hardware crypto modules by Israeli, UK, and US cryptographers.
> 
> You forgot the Belgians (or is Jean-Jacques Quisquater French?).

Markus Kuhn is German :-)

Regards...jmcc





From paratama at idola.net.id  Thu Nov 21 17:57:32 1996
From: paratama at idola.net.id (paratama at idola.net.id)
Date: Thu, 21 Nov 1996 17:57:32 -0800 (PST)
Subject: FW: RE: FW: Viel Glueck!
Message-ID: <9611220201.AA05596@merak.idola.net.id>


At 11:00 PM 11/21/96 +0100, you wrote:
>> GOOD LUCK TOTEM
>>
>>                                             \\\|||///
>>                                             =========
>>                                         ^   | O   O |
>>                                        / \   \ _v_'/
>>                                         #     _| |_
>>                                        (#) //(     )
>>                                         #\//  |* *|\\
>>                                         #\/  (  *  )/
>>                                         #     =====
>>                                         #     (\|/)
>>                                         #     || ||
>>                                         # .---'| |---.
>>                                         # '---'  ----'
>>
>>
>> This totem has been sent to you for good luck.
>>
>> It has been sent around the world nine times so far.  You will receive
>> good luck within four days of relaying this totem.  Send copies to people
>> you think need good luck. Don't send money as fate has no price. Do not
>> keep this message.  The totem must leave your hands in 96 hours. Send ten
>copies
>> and see what happens in four days.  You will get a surprise.  This is
>> true, even if you are not superstitious.
>>
>> Good luck, but please remember: 10 copies of this message must leave
>> your hands in 96 hours...
>>
>> You must not sign on this message...
>
>
>
>
>
>
>
>
>






From dave at kachina.jetcafe.org  Thu Nov 21 18:36:12 1996
From: dave at kachina.jetcafe.org (Dave Hayes)
Date: Thu, 21 Nov 1996 18:36:12 -0800 (PST)
Subject: wealth and property rights
Message-ID: <199611220235.SAA02028@kachina.jetcafe.org>


> Btw, people of your mentality (communists/socialists) already make it
> very difficult for me to accumulate, due to the exhorbitant tax rates
> to support those who chose to blow their money as soon as they have
> it

I don't necessarily want to support "socialism" nor "capitalism". Both
are extremes of a situation which does no one any good to exist. 

However, I would question the implication that "socialists" are
responsible for the higher tax rates you currently experience.  

For example, I could make a strong case that you really have some
clever "capitalists" who have learned how to express their
"capitalism" quite effectively across the space of all people in a
"country".

8-)
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

         It is the wise bird who builds his nest in a tree.







From ichudov at algebra.com  Thu Nov 21 18:47:11 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Thu, 21 Nov 1996 18:47:11 -0800 (PST)
Subject: killfiling aga@dhp.com
In-Reply-To: <3.0b28.32.19961121105128.006fd704@ricochet.net>
Message-ID: <199611212322.RAA01823@manifold.algebra.com>


Greg Broiles wrote:
> 
> At 06:45 AM 11/21/96 -0800, nobody at cypherpunks.ca (John Anonymous
> MacDonald) wrote:
> [discussing aga at dhp.com]
> >I should'a kill-filed this sicko long ago.
> 
> Agreed. But if you (and other anonymous posters) are going to continue to
> reply to him or other unproductive kooks, would you please put their
> addresses somewhere in the headers of your messages (perhaps in the To: or
> Cc: or Subject:) headers so that the rest of us who are using killfiles
> won't have to read your replies? 

If you use procmail, you can use the following entry to support 
cypherpunks-specific killfile: 

:0
* ^(Sender|From): owner-cypherpunks at toad.com
{
  :0 BHc:
  * !? fgrep -q -i -f $HOME/.procmail/killfile.cpunks
  $MAILDIR/crypto.noflames

  .. some more irrelevant recipes ..
}

Then create ~/.procmail and edit file $HOME/.procmail/killfile.cpunks.
Put there something like

someone at you.want.to.ignore
freedom-knights
someone at else

and so on. This recipe will trash everything with the specified 
addresses mentioned in headers and bodies of incoming cypherpunks
articles. I experimented with this recipe at the height of the f-k
vs. cypherpunks flamewar. It reduced the traffic in half and what 
remained was much more useful.

	- Igor.





From ichudov at algebra.com  Thu Nov 21 19:23:10 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Thu, 21 Nov 1996 19:23:10 -0800 (PST)
Subject: Alias list for killfiling Grubor
In-Reply-To: <Pine.SCO.3.93.961121181231.13502H-100000@grctechs.va.grci.com>
Message-ID: <199611220304.VAA02832@manifold.algebra.com>


Dr. John Martin Grubor is the most harmless and most entertaining 
among all kooks.

His posting volume is a bit high, but other than that DrG never
got anyone in trouble.

igor

Mark O. Aldrich wrote:
> 
> For those who haven't explored the rich, sick history of John M. Grubor
> (aka "aga at dhp.com"), he uses a variety of aliases.  While the "aga"
> account seems popular right now, he usually pops over to another when his
> killfile ratio gets too high.
> 
> To help save time and effort, the following is offered from the Grubor FAQ
> that circulates on the Net with some regularity (look in 
> alt.bonehead.john-grubor or alt.general.grubor):
> 
> Grubor has used, and continues to use, many aliases; usually through free
> trial AOL, Prodigy or Compuserve accounts; but he has also paid for many
> accounts on local providers. 
> 
> Some of Grubor's aliases: 
> 
> -manus at manus.org (his vanity domain)
> -anything else at manus.org
> -drg at telerama.lm.com (likely dead)    
> -various pgh.org addresses (apparently another vanity account)
> -Zeus (an usaor.net account, now dead)
> -maryjane (a Compuserve address, dead)
> -DrMacho (drmacho at pgh.nauticom.net, dead)
> -Vwqe99b at prodigy.com (formerly using the alias "Amy Martin" now "Stanley
>  Brown"; one of two accounts used for posting the infamous "List of
>  Homosexuals in the Internet"--not dead, but rarely used) 
> -Law Doctor or Doctor of Law used with his drg at manus.org and 
>  drg at pgh.nauticom.net (dead) accounts
> -two other AOL accounts--lawsystems@ and jgrubor at --are dead.
> -aga at dhp.com (still active, but rarely used)
> -zando at ix.netcom.com  (a former favorite, likely dead.  He used many
> different  aliases with this one claiming alternately that this account
> belongs to his mother and his wife.  All indications are that he is the
> only one who used it.) 
> 
> He has also used CyberLawMaster, Lord Grubor, Lord Grub, and others with
> his manus.org and ix.netcom.com addresses.  He morphs his aliases
> frequently in an admitted attempt to foil killfiles. 
> 
> Possible aliases/morph accounts are:
> -nancybett at aol.com (dead) 
> 
> All other accounts are generally verified as belonging to Grubor or not
> rather quickly.
> 
> <end FAQ extract>
> 
> He is now also using "drgrubor at aol.com".  Because AOL will toss him fairly
> quickly if he's too abusive (and he's already posting under that ID using
> "cunt" and "cock" references), he'll probably not morph over there with
> the idiocy he's been posting here.  If he does post from that account, I'd
> suggest a mass mailing to AOL the moment it happens. 
> 
> He's got a KOTM award, but the small blurbs they publish don't do justice
> to this small and pathetic little man.  He posts CONSTANTLY to the Usenet,
> so checking things like DejaNews will help identify if it's really him
> (his volume of posts seems to _never_ be what you'd call "lite").  His DHP
> (DataHaven Project) domain is run by two hackers, Wipeout and Panzer Boy. 
> Can't say anything based on fact, but I'd say that from their Web pages
> that they aren't likely to really care what he says and aren't going to
> respond to complaints sent to "postmaster at dhp.com".  If someone with
> accurate info on who's selling line time to DHP can poney up a responsible
> party to whom complaints can be sent, that might help. 
> 
> Now, if we could just get this Grubor weenie hooked up with Helena Kobrin,
> maybe they could cause some impossible "stupidity polarization" and set
> off an implosion that will drive both of them straight to hell and forever
> off the face of the Earth.  Where's Jim Bell when you need him? 
> 
> ------------------------------------------------------------------------- 
> |It's a small world and it smells bad     |        Mark Aldrich         |
> |I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
> |Back                                     |     maldrich at grci.com       |
> |What I paid                              | MAldrich at dockmaster.ncsc.mil|
> |For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
> |_______________________________________________________________________|
> |The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
> |    The opinions expressed herein are strictly those of the author     |
> |         and my employer gets no credit for them whatsoever.           |
> -------------------------------------------------------------------------
> 
> 
> 



	- Igor.





From dispatch at cnet.com  Thu Nov 21 19:23:56 1996
From: dispatch at cnet.com (The CNET newsletter)
Date: Thu, 21 Nov 1996 19:23:56 -0800 (PST)
Subject: CNET News Dispatch  November 21st, 1996
Message-ID: <199611220304.TAA05423@lorelei.cnet.com>


*************************************

CNET NEWS DISPATCH/SPECIAL COMDEX ISSUE
Thursday, November 21, 1996
San Francisco, California, USA

*************************************

Welcome to the fifth in a series of SPECIAL COMDEX ISSUES of the CNET NEWS
DISPATCH, bringing you the latest on the people, products, and parties at
this exciting event. Check out our Comdex page at:

http://www.news.com/Categories/Index/0%2C3%2C38%2C00.html?nd

*************************************

CNET NEWS DISPATCH is a daily newsletter that summarizes the up-to-the
minute technology news presented by CNET's NEWS.COM. It tempts readers with
coverage of today's hottest stories, news in the making, (in)credible
rumors, and other indispensable information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

*************************************

CONTENTS

SCOOPS AND TOP STORIES
       Push comes to shove as Netscape leads tech parade
       CompuServe gets back to basics
       PowerPC not overshadowed at Comdex
       Treasury against Net taxes
       Compaq looks beyond the desktop
       Where do you want to go today? Home.
       Hot products seen at Comdex

ANNOUNCEMENTS
       An easy way for you to customize NEWS.COM
       Search the site for particular topics and articles
       Send us your questions, comments, flotsam, and jetsam
       How to subscribe and unsubscribe
       Late-breaking stories just a click away with Desk Top News

*************************************

PUSH COMES TO SHOVE AS NETSCAPE LEADS TECH PARADE
As more and more people are pulled onto the Internet, more and more of the
Internet is being pushed back to people. This week at Comdex, a type of Web
publishing generically referred to as "push" technology received its most
significant endorsement to date with the introduction of Constellation, the
code name for a new technology from Netscape Communications. (November 21,
1996, 12:15 p.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5641%2C00.html?nd


COMPUSERVE GETS BACK TO BASICS
CompuServe's announcement today that it is closing down its flagging Wow
service by January 31 marks the end of the company's failed attempts to get
a foot in the door of the potentially lucrative consumer online service
business. "They're throwing in the towel in the consumer market," said Mark
Mooradian of Jupiter Communications. Instead, CompuServe, the second-largest
online service with 5 million users worldwide, plans to refocus itself on
its original mission: serving business customers. (November 21, 1996, 1:15
p.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5608%2C00.html?nd


POWERPC NOT OVERSHADOWED AT COMDEX
While Microsoft Windows CE devices may have grabbed most of the attention at
Comdex, important developments in the Mac clone market surfaced, including
new PowerPC reference design platforms from Motorola and IBM and the debut
of a 533-MHz PowerPC prototype system using an Exponential processor.
Motorola this week revealed its Yellowknife PowerPC Platform Reference
Design motherboard that supports the PCI bus and 603e, 604, and 604e PowerPC
microprocessors at clock speeds of up to 240 MHz. (November 21, 1996, 12
p.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5642%2C00.html?nd


TREASURY AGAINST NET TAXES
In a report released today, the U.S. Treasury Department opposed new taxes
on electronic transactions via the Internet, saying income should be taxed
the same whether it comes through existing channels or electronic means. The
report, which makes no formal policy recommendations, also expresses concern
that the Internet may become a tax haven for those who use anonymous
electronic money that cannot be traced and therefore cannot be taxed.
(November 21, 1996, 11:30 a.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5628%2C00.html?nd


COMPAQ LOOKS BEYOND THE DESKTOP
Compaq has expanded its core desktop product lineup to include new efforts
such as NetPCs, network computers (NCs), portable PCs, and handheld devices.
Mike Winkler, the head of Compaq's PC products group, bared the company's
plans for NCs and laid out the future strategy for Windows CE devices in an
interview with CNET at Comdex. (November 21, 1996, 11:15 a.m. PT)

   http://www.news.com/News/Item/0%2C4%2C5645%2C00.html?nd


WHERE DO YOU WANT TO GO TODAY? HOME
Bill Gates must like Comdex. While other CEOs will fly in to deliver a
speech and fly back out the same day, the Microsoft captain has been in Las
Vegas for at least two days, maybe more. "I've seen him in the hotel bar; he
comes in and has a beer all by himself, and everyone's looking at him," said
one attendee. But like sightings of the Other King, rumors of Gates's
unattended wanderings are probably just that. (November 21, 12:09 a.m. PT)

   http://www.news.com/SpecialFeatures/0%2C%2C5624%2C00.html?nd


HOT PRODUCTS SEEN AT COMDEX
Here are some of the hottest new products we found as we wandered the floor
of Fall Comdex. (November 21, 3:00 p.m. PT)

   http://www.cnet.com/Content/Reviews/Hot/contents.html?nd


*************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify the
topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1


SEARCH THE SITE FOR PARTICULAR TOPICS AND ARTICLES
Search the entire NEWS.COM database for stories you saw in News Dispatch, or
track any story we've run.

   http://www.news.com/Searching/Entry/0%2C17%2C0%2C00.html?nd


SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch at cnet.com


HOW TO SUBSCRIBE AND TO UNSUBSCRIBE
To subscribe to News Dispatch: Send mail to listserv at dispatch.cnet.com with
the message:

   subscribe news-dispatch (your name)

in the message body. To unsubscribe send the message:

   unsubscribe news-dispatch


LATE-BREAKING STORIES JUST A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on the
Net? Our Desk Top News feature puts our 20 most recent stories right there
on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd


*************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/





From adam at homeport.org  Thu Nov 21 19:44:30 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 21 Nov 1996 19:44:30 -0800 (PST)
Subject: Mass-market crypto phones
In-Reply-To: <Pine.3.89.9611211658.A10580-0100000@netcom14>
Message-ID: <199611220340.WAA07082@homeport.org>


	I'd just like to second what Lucky wrote at the end of his
very nice summation of the crypto phone hardware issues.  Eric's phones
have damn good voice quality in secure mode.

Adam
	

Lucky Green wrote:

| The alternative is to use dedicated hardware. Remember that a general
| purpose CPU is just that: general purpose. If you want to use the box only
| for one purpose, there is often a cheaper, better solution available in
| special purpose hardware. For the price of the Pentium box, you can build
| a much smaller bump-in-the-cord device that delivers great sound, over
| slow links, *and* uses strong crypto.
| 
| Which is what Eric Blossom <http://www.comsec.com/> did. And he did 
| it extremely well, I'd like to add.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From adam at homeport.org  Thu Nov 21 20:10:50 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 21 Nov 1996 20:10:50 -0800 (PST)
Subject: Finjan "SurfinGate"
In-Reply-To: <3294C256.6B88@tivoli.com>
Message-ID: <199611220406.XAA07196@homeport.org>


Mike McNally wrote:

| Seems to me that putting together an ActiveX control that "sneaks" its
| way through the firewall risk policy wouldn't be hard.  Unless the 
| applet scanner actually simulates execution of the control under a
| variety of input conditions (and we know that's not likely) (but prove
| me wrong, please) there's not much it can do other than poke around and
| check what other DLL's the thing wants to access.  It might be a bit
| harder to be sneaky in Java, but I certainly wouldn't bet I could look
| at an applet and guarantee its safety to any threshold (if I could, why
| not just do that in the browser?).

	Browsers are big, complex bits of technology.  If you built an
applet verifier that ran on a firewall, it could be substantially
smaller than the 6mb of Netscape3.0 (SunOS).  Smaller code is easier
to verify, and less likely to contain bugs.  In addition, you could be
more confident that your policy goals are met in controlling what
applets enter the perimiter that the firewall deliniates.

	Deploying new browsers to every desktop can be challenging.
If you have a java-gw, there is a lesser need for new browsers
everywhere in response to bugs.  Also, you may be able to get the
source to a verifier, but not to the browser.

	Doing a good job in real time would be very tough.  We need
signed capacity requirements, and an organization that will stand by
its certifications of security.  I have at least one client who would
pay for certified ok applets.  (Not certified origin, certified
non-malicious, for various values of non-malicious).

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From field at pipeline.com  Thu Nov 21 20:44:44 1996
From: field at pipeline.com (Richard L. Field)
Date: Thu, 21 Nov 1996 20:44:44 -0800 (PST)
Subject: Database law... silver lining??
Message-ID: <1.5.4.16.19961121234609.222f2c24@pop.pipeline.com>


  Should a database protection law such as HT 3531 be enacted in the U.S.,
it just may turn out to be the best weapon yet for the protection of
personal data.  Why shouldn't a "database" be interpreted to include an
individual's personal data?  All that is required is that it be "arranged in
a systematic or methodical way".  Heck, that's not so hard.  And a "database
maker" isn't necessarily Lexis (the compiler of P-TRAK) and friends, it is
each individual who originally made a "substantive" (i.e., lifetime)
investment in the collection of the contents of his personal database.

  Based on this reasoning, P-TRAK, etc. would be considered an infringing
use, subject to civil and possible criminal actions, injunctions,
impoundment, and monetary relief.  Hmmm...

   - Richard Field






From boursy at earthlink.net  Thu Nov 21 21:17:17 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Thu, 21 Nov 1996 21:17:17 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <199611220235.SAA02028@kachina.jetcafe.org>
Message-ID: <3295382A.23E1@earthlink.net>


Dave Hayes wrote:
> 
>> Btw, people of your mentality (communists/socialists) already make it
>> very difficult for me to accumulate, due to the exhorbitant tax rates
>> to support those who chose to blow their money as soon as they have
>> it
> 
> I don't necessarily want to support "socialism" nor "capitalism". Both
> are extremes of a situation which does no one any good to exist.
> 
> However, I would question the implication that "socialists" are
> responsible for the higher tax rates you currently experience.

  Well labels--'socialist', 'communist', etc. can be quite misleading'
as they mean many different things to different people but they do
push emotional hot buttons.

  I don't understand the 'exhorbitant taxes' thing--in the US our
taxes are absurdly low compared with most of western Europe and
our social services a disgrace.  I don't know what it's like in
the UK but compared with the rest of Western Europe our tax rate
is a joke designed for the upper classes.

				Steve





From boursy at earthlink.net  Thu Nov 21 21:48:54 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Thu, 21 Nov 1996 21:48:54 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <199611191237.MAA00639@server.test.net>
Message-ID: <32953F9F.13E6@earthlink.net>


Adam Back wrote:
> 
> Steve Boursy writes:
>
>>   That's a fair question.  I don't begrude one's ownership of their
>> fair share--but I do have serious problems with what we shall
>> call 'accumulators' if you will.  For them I have contempt and no--
>> they do not have that right of possession and often such 'work' is
>> at the expense and on the backs of others.
> 
> I'm an accululator :-)
> 
> The investments I have I worked for.  

  Well of course you have--but the majority of people
in the world that are poor have worked just as hard
and do not derive the same benefits--that needs to
be changed.

  <clip>

> See, if you spend your money now, on the above, you have no right to
> criticize me when I look relatively wealthy later.  It's your choice
> to blow your money.


  I agree--that's not what I was talking about--the majority of wealth
is handed down not earned--and the ability to earn also more often
than not results in hand me down priv.

 
> Btw, people of your mentality (communists/socialists) already make it
> very difficult for me to accumulate, 

  We do our best--some day we'll take it all away--really.

                             Steve





From norm at netcom.com  Thu Nov 21 21:59:37 1996
From: norm at netcom.com (Norman Hardy)
Date: Thu, 21 Nov 1996 21:59:37 -0800 (PST)
Subject: Computer CPU chips with built-in crypto?
Message-ID: <v03007801aebaec1fa54b@DialupEudora>


An important paper on tamper-proof hardware, discusses CPUs that cypher
their memory bus.

html:           www.cl.cam.ac.uk/users/rja14/tamper.html
postscript      ftp.cl.cam.ac.uk/users/rja14/tamper.ps.gz

Has special relevance to smart cards.







From nobody at cypherpunks.ca  Thu Nov 21 22:06:40 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Thu, 21 Nov 1996 22:06:40 -0800 (PST)
Subject: sci fi
Message-ID: <199611220550.VAA01019@abraham.cs.berkeley.edu>


Without a doubt contemporary SciFi authors such as Vinge and Stephenson have produced
great thought provoking works. Always a good read. 

But sometimes I'm drawn back to the rollicking rampages of EE Doc Smith or the playful
frollicks of Harry Harrison. While not presenting a plausible vision of our future
they do offer a significant amount of enjoyment. Pure brain candy!

So will some exceptionally creative sort spend 3 or 4 hundred pages exploring
BlackNet and the future of global networking? 

Or has anyone looked at what has happened to trivial networks like 
IRC's EFnet to see a potential model for how global networking will become 
balkanized under bandwidth constraints, server cycle shortages,
and over worked sysadmins? One physical connection and many virtual,
private networks with limitted interoperability and crossover. The internet of
the near future may not be the open paradise it is today.

I read in InfoWorld that the Telco Dereg act may destroy the local loop market
for T1 lines from LD COs. As many as 900,000 new T1's may become available at bargain
rates on the order of $40 per month with end point hardware under $700. Watch 
PairGain Technologies as they are the leader in this hardware market and have
some real interesting vox/data over twisted pair toys.

Sheesh, I start out talking SciFi and end up talking PairGain! I guess the future
is now.

diGriz





From Adamsc at io-online.com  Thu Nov 21 22:32:29 1996
From: Adamsc at io-online.com (Adamsc)
Date: Thu, 21 Nov 1996 22:32:29 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
Message-ID: <19961122063012375.AAA217@rn37.io-online.com>


On Thu, 21 Nov 1996 00:14:49 -0800, Timothy C. May wrote:

>On the issue of why many of us don't read as much SF as we once did...

>1. I'm a lot older. The stuff that I thought was really great back when I
>was 14-22, or so, and even "pretty good" until I was about 25 or so, now
>really looks like dreck. (Not all of it, but more than I thought was dreck
>at the time.)

>Partly this is age and life experience, partly just increased sophistication.

Remember Sturgen's (sp?) law: 90% of everything is crap -  I think most of
us just take awhile before we agree.  The SF genre could be characterized by
a couple diamonds buried in a manure pit...

>(Vernor V. claimed to a friend of mine that the day he spent talking to
>several of us was the most fruitful day he'd spent in a long time...I take
>this as evidence that folks like us are to the new generation of SF writers
>what folks like members of the British Interplanetary Society were to
>writers of past generations.)

I'd agree 100%.  A community as small as the SF writers *needs* outside
influence.  Must be neat, though, to read a book and go "I *did* that!"

>(Interestingly, Eric Drexler says he cannot enjoy it because Simmons does
>not give nanotechnology a central enough role. This echoes the point Duncan

nanotech (and other things) can spoil a good story by making things too
easy.  Take most (all?) of Forward's books - great ideas, but it reads like
a press release.

>- Orson Scott Card, "Ender's Game." A good fictional exploration of online
>anony mity. In many ways, Cypherpunks was explicity a kind of combination
>of "Ender's Game," "True Names," "The Shockwave Rider," and "Atlas
>Shrugged."

I think those books are partly responsible for getting a great many people
interested in this sort of thing...

>- and of course Heinlein, though his best stuff is 30-45 years old now

Always a mark of a great SF author: his stuff is still good even if the
science is outdated...   Ditto EE smith - it's funny, when you read things
like the lensmen series it seems cliched until you realize it *is* cliched -
because so many others copied him.

#  Chris Adams  <adamsc at io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From Adamsc at io-online.com  Thu Nov 21 22:39:00 1996
From: Adamsc at io-online.com (Adamsc)
Date: Thu, 21 Nov 1996 22:39:00 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
Message-ID: <19961122063647109.AAA229@rn37.io-online.com>


On Thu, 21 Nov 96 10:05:46 -0500, Ken Kirksey wrote:

>certain romance in the Gersnbackian view of the future that I enjoy, 
>especially in contrast to the Grim and Gritty (TM) "reality" of most 
>modern and post-modern SF.  I still find Heinlein's juveniles to be fun 
>reads, probably for this reason.  Ditto for Edgar Rice Burroughs's Mars 
>books.

That's one thing you could say: The predictors of the future are a lot more
pessimistic than they used to be...


#  Chris Adams  <adamsc at io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From Adamsc at io-online.com  Thu Nov 21 22:47:15 1996
From: Adamsc at io-online.com (Adamsc)
Date: Thu, 21 Nov 1996 22:47:15 -0800 (PST)
Subject: Finjan "SurfinGate"
Message-ID: <19961122064500531.AAA48@rn37.io-online.com>


On Thu, 21 Nov 1996 12:10:51 -0600, Mike McNally wrote:

>Check out http://www.finjan.com and the stuff about "SurfinGate".  The
>software supposedly can perform an on-the-fly inspection of a Java 
>applet or ActiveX control, and then apply a signature to it along with
>a "safety" level qualifier to feed into a configurable policy mechanism.
>
>Any ideas as to how you can look at an ActiveX control and determine
>whether it's safe or not?

You can't.  Anyone who claims to be able to do so is betting their scanning
ability against the collective programming skill of hundreds of
brilliant-but-twisted programmers/hackers.   Remember CHK4BOMB? The old DOS
program that would dump strings from an EXE so you could look for things
like "Happy birthday yoshi"?  They started encrypting and adding
polymorphing and stealthing and . . .

Now you could write a program that would scan for more 'obvious' attacks but
it will probably be a continual catch-up game.  You don't even have the
ability to do checksumming of existing files (like you do w/virii).

#  Chris Adams  <adamsc at io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From gbroiles at netbox.com  Thu Nov 21 23:33:54 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Thu, 21 Nov 1996 23:33:54 -0800 (PST)
Subject: Database law... silver lining??
Message-ID: <3.0b28.32.19961121234708.00728b70@ricochet.net>


At 04:44 AM 11/22/96 GMT, you wrote:
>Real-To:  "Richard L. Field" <field at pipeline.com>
>
>  Should a database protection law such as HT 3531 be enacted in the U.S.,
>it just may turn out to be the best weapon yet for the protection of
>personal data.  Why shouldn't a "database" be interpreted to include an
>individual's personal data?  All that is required is that it be "arranged in
>a systematic or methodical way".  Heck, that's not so hard.  And a "database
>maker" isn't necessarily Lexis (the compiler of P-TRAK) and friends, it is
>each individual who originally made a "substantive" (i.e., lifetime)
>investment in the collection of the contents of his personal database.

Cute, but any such proposal is almost guaranteed to allow for independent
creation from a non-database source - e.g., warranty cards, info extracted
from you when you ask for credit, public records, etc. For example, one
comment to Article 3 of the proposed WIPO treaty on sui generis protection
of databases provides:

"3.02 The protection provided does not preclude any person from
independently collecting, assembling or compiling works, data or materials
from any source other than a protected database."

(see <http://www.loc.gov/copyright/wipo6.html> for more.)

It's very unlikely that Congress (or the PTO) intends to do anything
that'll screw up what's already working well for big database publishers.
Your theory is similar to a patent flavor for databases, while the
proposals floated out so far are much more like copyright - e.g.,
independent creation is OK, but copying is not, even with wide public
distribution, and long protection times. With patent, independent creation
is not OK, copying (the information, not the device) is encouraged/allowed,
and protection time is short.

[Friday, 11/22, is the deadline to submit comments to the PTO asking them
to withdraw consideration of the WIPO database treaty from the conference
in Geneva. (Or encouraging them to submit it, if that's your opinion.)
Comments can be sent to Mr. 
Keith Kupferschmid at diploconf at uspto.gov.)

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles at netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 





From alan at ctrl-alt-del.com  Thu Nov 21 23:36:53 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Thu, 21 Nov 1996 23:36:53 -0800 (PST)
Subject: sci fi
Message-ID: <3.0.32.19961121233535.0106ea44@mail.teleport.com>


At 09:50 PM 11/21/96 -0800, John Anonymous MacDonald wrote:
>Without a doubt contemporary SciFi authors such as Vinge and Stephenson
have produced
>great thought provoking works. Always a good read. 
>
>But sometimes I'm drawn back to the rollicking rampages of EE Doc Smith or
the playful
>frollicks of Harry Harrison. While not presenting a plausible vision of
our future
>they do offer a significant amount of enjoyment. Pure brain candy!

For absolute brain candy, I recommend "Star Smashers of the Galaxy
Rangers".  EE.Doc Smith meets the Hardy Boys.  The ending I had to read
twice...

>So will some exceptionally creative sort spend 3 or 4 hundred pages exploring
>BlackNet and the future of global networking? 

We can only hope.

>Or has anyone looked at what has happened to trivial networks like 
>IRC's EFnet to see a potential model for how global networking will become 
>balkanized under bandwidth constraints, server cycle shortages,
>and over worked sysadmins? One physical connection and many virtual,
>private networks with limitted interoperability and crossover. The
internet of
>the near future may not be the open paradise it is today.

The bandwidth will increase and people will find bigger and better ways to
chew it up.  Governments will make bigger and bigger claims to why their
set of petty rule outweigh other governemnts petty rules, increasing fear,
uncertanty and doubt in the process.  All in all, things will change and
life will go on.  (Unless we all die and then all bets are off.)

>I read in InfoWorld that the Telco Dereg act may destroy the local loop
market
>for T1 lines from LD COs. As many as 900,000 new T1's may become available
at bargain
>rates on the order of $40 per month with end point hardware under $700.
Watch 
>PairGain Technologies as they are the leader in this hardware market and have
>some real interesting vox/data over twisted pair toys.

Mmmm!  Bandwidth!

I hear of people complaining how much time is spent online.  This is going
to be a heroin-like fix to those sort of people.  (I already have access to
a t-1.  It can be pretty damn addicting.  At least when the rest of the net
is willing to cooperate...)  I expect that the big winners in the bandwidth
wars will be the hard drive manufacturers.  Imagine the amount of crap that
will accumulate when downloads take seconds instead on minutes (or hours).
Buy your stock now!

>Sheesh, I start out talking SciFi and end up talking PairGain! I guess the
future
>is now.

Actually the future was last week.  Sorry.  You missed it.

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan at ctrl-alt-del.com|





From 3bmice at nym.alias.net  Fri Nov 22 00:35:40 1996
From: 3bmice at nym.alias.net (Three Blind Mice)
Date: Fri, 22 Nov 1996 00:35:40 -0800 (PST)
Subject: /dev/random and similar
Message-ID: <199611220835.DAA28760@anon.lcs.mit.edu>


There was a thread here a while back about /dev/random and similar devices
for Linux, but I managed to lose the mails and the hks.net archives still
aren't working (any news on that?).  If someone could tell me where I
could find such a driver, I would appreciate it very much.      TIA!

--3bmice






From snow at smoke.suba.com  Fri Nov 22 00:52:33 1996
From: snow at smoke.suba.com (snow)
Date: Fri, 22 Nov 1996 00:52:33 -0800 (PST)
Subject: sci fi
In-Reply-To: <199611220550.VAA01019@abraham.cs.berkeley.edu>
Message-ID: <199611220909.DAA00294@smoke.suba.com>


> 
> diGriz
> 
     As in Slippery Jim?

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From aie-rd at pobox.oleane.com  Fri Nov 22 02:05:34 1996
From: aie-rd at pobox.oleane.com (Thomas Hennes)
Date: Fri, 22 Nov 1996 02:05:34 -0800 (PST)
Subject: [TARGET ACQUIRED] Cryptography in France
In-Reply-To: <v03007801aeba4f92d42b@[207.167.93.63]>
Message-ID: <32957B57.6952@pobox.oleane.com>


Timothy C. May wrote:
> 
> I gave a talk a couple of years ago in France (well, Monte Carlo, actually,
> but the conference was heavily francocentric), and it was clear to me that
> France is in the Dark Ages on these issues.

Not all issues.. France is not in the Dark ages in matters of computer
smarts or network connectivity, but...

> Sure, they've got "Minitel," an ostensibly ubiquitous network. But Minitel
> is actually a primitive, sub-Prodigy-class system, controlled by the
> government of France and associated special interests (France Telecom,
> etc.).

...but yeah, we suffered from the Minitel at the same time that BBSes
were flourishing in the US. Calling the Minitel a sub-Prodigy-class
system is, believe me, an insult to Prodigy. The Minitel transmitted at
75 bps in one direction and 300 bps in the other, and -you had guessed
it- it was only a matter of state-monopoly France Telecom wanting to
make more money whereas they had the technical knowledge to implement a
much better system. The Minitel did nothing but delay the arrival of the
Internet and other PC-based networks, setting networking in France
several years back in terms of technicality and economic opportunity.

> The number of French persons actively on the Internet is fairly low--ask
> yourself how many ".fr" domain names you've seen lately, and when you last
> saw one on Cypherpunks? I see many more Finnish and even New Zealand domain
> names.

Don't let this fool you.. A LOT of net users in France do not have the
dreaded
".fr" domain. There is quite a number of ".com" and ".net" French users
on the Internet. And I am a living example of the fact (this is my real
address up there, not a US-based remailer).

> Further, encryption is heavily restricted in France. As one French friend
> put it, "You can apply for a license to use crypto--the same way you would
> apply for a license to buy your own Exocet missile."

This is sad, because this is true. Which was all the reason why I wrote
the original message in that thread.

> So, France is somewhere near the bottom of my list of fertile grounds for
> crypto anarchy.

Why? It is probably easier to implement crypto anarchy in other, more
fertile grounds, but the question is, is it more _useful_ ?

Thomas Hennes
aie-rd at pobox.oleane.com





From field at pipeline.com  Fri Nov 22 03:03:44 1996
From: field at pipeline.com (Richard L. Field)
Date: Fri, 22 Nov 1996 03:03:44 -0800 (PST)
Subject: Database law... silver lining??
Message-ID: <1.5.4.16.19961122060504.331fc06c@pop.pipeline.com>


   I am not suggesting patent-like protection.  Rather, I'd argue that there
is very little "independent creation" with respect to my personal database.
Provided it is considered my database to begin with, information that I give
on a warranty card, when I ask for credit, etc. remains mine under the
proposed U.S. law.  Just because a third party tries to assemble it from
those sources doesn't mean it suddenly becomes free data, from a
non-database source.  By that line of reasoning, any protected database
would lose all protection upon its publication by a licensee, so long as you
copied it from the licensee and not the originator.  This is not how I read
the proposed law, and it is not how big database publishers would want it read.

   - Richard Field

(Nothing in this line of argument is meant to imply that I am in favor of
the proposal.)



At 11:47 PM 11/21/96 -0800, Greg Broiles wrote:

[my proposal snipped]
>
>Cute, but any such proposal is almost guaranteed to allow for independent
>creation from a non-database source - e.g., warranty cards, info extracted
>from you when you ask for credit, public records, etc. For example, one
>comment to Article 3 of the proposed WIPO treaty on sui generis protection
>of databases provides:
>
>"3.02 The protection provided does not preclude any person from
>independently collecting, assembling or compiling works, data or materials
>from any source other than a protected database."
>
>(see <http://www.loc.gov/copyright/wipo6.html> for more.)
>
>It's very unlikely that Congress (or the PTO) intends to do anything
>that'll screw up what's already working well for big database publishers.
>Your theory is similar to a patent flavor for databases, while the
>proposals floated out so far are much more like copyright - e.g.,
>independent creation is OK, but copying is not, even with wide public
>distribution, and long protection times. With patent, independent creation
>is not OK, copying (the information, not the device) is encouraged/allowed,
>and protection time is short.






From Zero at mrkev.vabo.cz  Fri Nov 22 03:49:38 1996
From: Zero at mrkev.vabo.cz (Kamil Golombek)
Date: Fri, 22 Nov 1996 03:49:38 -0800 (PST)
Subject: for people from .CZ domain
Message-ID: <329586CB.249B@mrkev.vabo.cz>


Hi to all!

	i'd like to meet or know people, who read this list and are from Czech
republic. Some kind of cooperation is possible. Conversation even in
Czech (but i prefer English) . Could you send me an e-mail? Maybe we
live several km far from each other and we aren't able to comunicate. 
	i also apologize to all, who are from different state and must read
this letter. Sorry!
		
		Thanks
			ZERO





From aga at dhp.com  Fri Nov 22 04:34:36 1996
From: aga at dhp.com (aga)
Date: Fri, 22 Nov 1996 04:34:36 -0800 (PST)
Subject: Word List
In-Reply-To: <FsZRXD42w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961122072725.9778F-100000@dhp.com>


On Thu, 21 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Thu, 21 Nov 96 22:34:38 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv at bwalk.dm.com>
> Reply-To: freedom-knights at jetcafe.org
> To: freedom-knights at jetcafe.org
> Subject: Re: Word List
> 
> >From coderpunks-errors at toad.com  Thu Nov 21 21:47:48 1996
> Received: by bwalk.dm.com (1.65/waf)
> 	via UUCP; Thu, 21 Nov 96 22:21:56 EST
> 	for dlv
> Received: from toad.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP;
>         id AA29836 for cypherpunks; Thu, 21 Nov 96 21:47:48 -0500
> Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id RAA03669 for coderpunks-outgoing; Thu, 21 Nov 1996 17:24:43 -0800 (PST)
> Received: from Eden.mindport.net (eden.mindport.net [205.219.167.4]) by toad.com (8.7.5/8.7.3) with SMTP id RAA03664 for <coderpunks at toad.com>; Thu, 21 Nov 1996 17:24:39 -0800 (PST)
> Received: from polaris (polaris.mindport.net [205.219.167.2]) by Eden.mindport.net (8.6.12/8.6.12) with SMTP id UAA29275; Thu, 21 Nov 1996 20:21:36 -0500
> Posted-Date: Thu, 21 Nov 1996 20:21:36 -0500
> Date: Thu, 21 Nov 1996 20:23:17 -0500 (EST)
> From: Black Unicorn <unicorn at schloss.li>
> X-Sender: unicorn at polaris
> To: Johnny Waters - Staff <waters at posh.internext.com>
> Cc: coderpunks at toad.com, jimg at mentat.com
> Subject: Re: Word List
> In-Reply-To: <199611212150.QAA16115 at posh.internext.com>
> Message-Id: <Pine.SUN.3.94.961121202302.21331A-100000 at polaris>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-coderpunks at toad.com
> Precedence: bulk
> 
> On Thu, 21 Nov 1996, Johnny Waters - Staff wrote:
> 
> > Date: Thu, 21 Nov 1996 16:50:24 -0500 (EST)
> > From: Johnny Waters - Staff <waters at posh.internext.com>
> > To: coderpunks at toad.com, jimg at mentat.com
> > Subject: Re: Word List
> > 
> > I have a great 190 meg list I could post to the list (har har)
> > johnny
> 
> Post it to the "freedom-knights" list instead.
> 

If you do that, the cypherpunks mailing list will
be ELIMINATED!   I have about 6 different addresses
to mailbomb from, and about a dozen men to mailbomb with.

> --
> Forward complaints to : European Association of Envelope Manufactures
> Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
> Vote Monarchist         Switzerland
> 

The cypherpunks are faggot PUNKS!
The Freedom Knights are REAL MEN.

go ahead, try and send a 190 meg mailbomb to the F-K list.  It will be
the last you will ever see of cypherpunks.

That is your last warning, you fucking PUNK!
(a PUNK is a wimp with NO BALLS!)

-aga






From dlv at bwalk.dm.com  Fri Nov 22 06:14:51 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 22 Nov 1996 06:14:51 -0800 (PST)
Subject: The public sees no need for crypto at this time
In-Reply-To: <v03007800aeba463ea301@[207.167.93.63]>
Message-ID: <qRPsXD3w165w@bwalk.dm.com>


Timmy may decided to rant about crypto for a change. As always he exposes his
complete lack of knowledge.

"Timothy C. May" <tcmay at got.net> writes:

> * Most people don't think they're targets of wiretapping. They don't think
> the FBI is tapping their phones, and they've never even heard of the NSA,
> let alone GCHQ, NRO, SDECE, etc.
>
> * "What have I got to hide?"

So, demonstrate. Pick up conversations on cellular phones, transcribe
the embarassing ones, post them to Usenet via anonymous remailers.

Sniff the e-mail passing through your site and post it anonymously.

That'll make the news and make people aware that they need privacy.

> (I like to cite the evolution of metal safes. Mosler Safe Company says the
> driving force behind safe design, and deployment to merchants and banks,
> was the _insurance business_. Instead of preaching about the value of
> increased security, the insurers--who knew how to take the long
> view--offered rate discounts if stronger safes were installed. Voila,
> stronger safes. Until similar incentives exist for data--e.g., insurance
> for loss of patient records, confidential dossiers, etc.--I doubt most
> people will listen to the "preaching.")

The pressure from insurers might work in strange ways. E.g. in many
locales the law mandates 10% off car theft insurance premiums for cars
that have certain kinds of alarms. According to most authorities the
alarms are totally useless, but almost all cars in NYC have them, and
they go off in the middle of the night when someone walks by the car -
truly stupid.

Similarly the companies that insure doctors for against malpractice
suits might say one day that all patient records in a computer must be
adequately encrypted in the case PC gets stolen - or they might mandate
that nothing is encrypted w/o some sort of GAK escrow. And this won't
even be gubmint-mandated.

> * Look at how few people--myself included--routinely use crypto (digital
> signatures, etc.)

It's because you're an idiot.

> P.S. I'll be away at the Hackers Conference in Santa Rosa, CA for the next
> several days, and then travelling for the American holiday of Thanksgiving
> Day. So, I'll be mostly away from the list for a while.

That's good.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From trei at process.com  Fri Nov 22 06:38:19 1996
From: trei at process.com (Peter Trei)
Date: Fri, 22 Nov 1996 06:38:19 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <199611221438.GAA12285@toad.com>


 "Clay Olbon" writes:
> If I'm not mistaken (and I've been known to be from time to time :-), cell
> phones are already encrypted between the phone and cell tower.

He's mistaken, at least for analog cellphones in the US - digital
cellphones (just starting to come in now) may have some form
of protection.

Before a law was passed, it was easy and legal to listen in on
cellphones on most scanners and many ham radio outfits (and
even some UHF TVs). Now it's merely easy.

It's kind of pathetic - I'm sure that the billions lost to cellular fraud 
far outweigh the value of crimes that the  LEA groups have been 
able  prevent by preserving their ability to illegally eavesdrop on 
cell calls without a warrant.

Peter Trei
trei at process.com
(standard disclaimer applies)

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei at process.com





From olbon at ix.netcom.com  Fri Nov 22 07:06:54 1996
From: olbon at ix.netcom.com (Clay Olbon II)
Date: Fri, 22 Nov 1996 07:06:54 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <1.5.4.32.19961122150532.006d0fe0@ix.netcom.com>


At 09:41 AM 11/22/96 -6, Peter Trei wrote (in part):
>It's kind of pathetic - I'm sure that the billions lost to cellular fraud 
>far outweigh the value of crimes that the  LEA groups have been 
>able  prevent by preserving their ability to illegally eavesdrop on 
>cell calls without a warrant.

Lots of TV specials lately on stealing cell-phone codes and cloning phones.
Seems to me that this would be ridiculously easy to stop using crypto.  

As a side issue (related to your comment about banning the listening in on
cell-phone calls).  I find it pretty amazing that it is possible to make it
illegal to listen to signals broadcast over public airways.  Yet another way
crypto will help society - it will make such laws restricting our freedoms
obsolete.

        Clay

>Peter Trei
>trei at process.com
>(standard disclaimer applies)
>
>Peter Trei
>Senior Software Engineer
>Purveyor Development Team                                
>Process Software Corporation
>http://www.process.com
>trei at process.com


*******************************************************
Clay Olbon			    olbon at ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl






From ota+ at transarc.com  Fri Nov 22 07:18:01 1996
From: ota+ at transarc.com (Ted Anderson)
Date: Fri, 22 Nov 1996 07:18:01 -0800 (PST)
Subject: Crypto Bounties
In-Reply-To: <199611190406.XAA26146@alpha.pair.com>
Message-ID: <cmZQDm6SMV0=1kqk40@transarc.com>


-----BEGIN PGP SIGNED MESSAGE-----

Regarding the idea of setting up markets (or bounties) for software, I'd
like to direct your attention to the Idea Futures scheme.  This is
currently embodied as a web server at:
    http://www.ideosphere.com/ideosphere/fx/main.html

There is some background on the idea by Robin Hanson who talks
extensively about using it as a funding mechanism.  In addition there is
a whole suit of market claims denominated in fake money.

Ted Anderson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpXDrgGojC9e/wyBAQGPmgP/fXo4g3w9yefWiQK+Lp2RRxpwjwmmTmr3
b75k0deXV5gX/WdcNccvdFEYcZ5MMTEMQYOeFxhPi0Xr5goIJLJ++oPCRGXAWADQ
k98PDgzfM+si8QqT8K7PG+BwejankJsh1npqaJVCE/8dboZBKNFVlsrzg7oGTfw2
adgiDyWD7Og=
=pbS3
-----END PGP SIGNATURE-----





From Mullen.Patrick at mail.ndhm.gtegsc.com  Fri Nov 22 08:34:59 1996
From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick)
Date: Fri, 22 Nov 1996 08:34:59 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <n1363459702.71040@mail.ndhm.gtegsc.com>


_______________________________________________________________________________
From: Adam Shostack on Fri, Nov 22, 1996 1:21

>

>	I'd just like to second what Lucky wrote at the end of his
>very nice summation of the crypto phone hardware issues.  Eric's phones
>have damn good voice quality in secure mode.

I should probably make it more clear that my comment referred to price, NOT
quality.  I'm sure it is a wonderful product (I haven't tried it myself),
but I believe the price tag was at or around $1000.  My comments on the 
hardware used was for demostration purposes, not for saying anything was
wrong with the design strategy.  In fact, I thought it was a perfectly fine
strategy, and easy(ish) to implement.  Basically, it took the dedicated
computer you would need for phone encryption and put it in a cheaper box.

To be honest, I thought he had a good idea.  I just wouldn't want to pay
$1000 for phone encryption.  But, it's rare I have conversations where I
need that much security.  I'm sure the product is worth it; it's just out
of my price range.  And probably out of the price range of the average user.

PM

USER ERROR: REPLACE AND STRIKE ANY KEY WHEN READY






From pjb at ny.ubs.com  Fri Nov 22 08:46:43 1996
From: pjb at ny.ubs.com (pjb at ny.ubs.com)
Date: Fri, 22 Nov 1996 08:46:43 -0800 (PST)
Subject: Word Lists
Message-ID: <199611221646.LAA05431@sherry.ny.ubs.com>


this used to be a good site for what you want. YMMV

"An anonymous ftp server has been built on wocket.vantage.gte.com which 
contains the following files in the pub/standard_dictionary directory:"

	-paul

> From cypherpunks-errors at toad.com Fri Nov 22 03:04:16 1996
> X-Sender: camcc at smtp1.abraxis.com
> X-Mailer: Windows Eudora Pro Version 3.0 (32)
> Date: Thu, 21 Nov 1996 17:29:07 -0500
> To: kb4vwa at juno.com (Edward R. Figueroa)
> From: camcc at abraxis.com (Alec)
> Subject: Re: Word Lists
> Cc: cypherpunks at toad.com
> Mime-Version: 1.0
> Content-Type> : > text/plain> ; > charset="us-ascii"> 
> Sender: owner-cypherpunks at toad.com
> Content-Length: 1012
> 
> At 01:40 PM 11/21/96, you wrote:
> :I'm looking for a Large Word List, for a pkcrack program.
> :
> :Anyone have any idea where to find one, or how to convert a dictionary
> :formated file to a wordlist file?
> :
> :Ed
> :
> http://world.std.com/~reinhold/diceware.wordlist.asc
> 
> This is the wordlist for Diceware, and I quote, "7776 short English words,
> abbreviations and easy to remember character strings. The average length of
> each word is about 4.2 characters. The biggest words are six characters long.
> 
> The list is based a longer word list posted to the Internet news group
> sci.crypt by Peter Kwangjun Suk."
> 
> This may not be long enough for your needs.
> 
> The address of the Diceware page is 
> 
> http://world.std.com/~reinhold/diceware.page.html
> 
> Good luck.
> 
> Cordially,
> 
> Alec                   
> 
> PGP Fingerprint:
> Type bits/keyID    Date       User ID
> pub  1024/41207EE5 1996/04/08 Alec McCrackin <camcc at abraxis.com>
>           Key fingerprint =  09 13 E1 CB B3 0C 88 D9  D7 D4 10 F0 06 7D DF 31 
>                              
> 
> 





From asgaard at Cor.sos.sll.se  Fri Nov 22 09:45:11 1996
From: asgaard at Cor.sos.sll.se (Asgaard)
Date: Fri, 22 Nov 1996 09:45:11 -0800 (PST)
Subject: sci fi
In-Reply-To: <3.0.32.19961121233535.0106ea44@mail.teleport.com>
Message-ID: <Pine.HPP.3.91.961122184210.9205A-100000@cor.sos.sll.se>


On Thu, 21 Nov 1996, Alan Olsen wrote:

> For absolute brain candy, I recommend "Star Smashers of the Galaxy
> Rangers".  EE.Doc Smith meets the Hardy Boys.  The ending I had to read
> twice...

A rather odd book that I found immensely stimulating is
'Venus on a halfshell' by a Nym (allegedly for Kurt Vonnegut,
who in most of his books under his own name now and then
refers to some hilarious non-existing SF story by this 'author').

Asgaard





From markm at voicenet.com  Fri Nov 22 10:29:18 1996
From: markm at voicenet.com (Mark M.)
Date: Fri, 22 Nov 1996 10:29:18 -0800 (PST)
Subject: /dev/random and similar
In-Reply-To: <199611220835.DAA28760@anon.lcs.mit.edu>
Message-ID: <Pine.LNX.3.95.961122132835.505A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 22 Nov 1996, Three Blind Mice wrote:

> There was a thread here a while back about /dev/random and similar devices
> for Linux, but I managed to lose the mails and the hks.net archives still
> aren't working (any news on that?).  If someone could tell me where I
> could find such a driver, I would appreciate it very much.      TIA!

It's part of the kernel (as of 2.0).  All you have to do is create the devices
/dev/random and /dev/urandom with major number 1 and minor numbers 8 and 9
respectively.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpXxbCzIPc7jvyFpAQH5wAgAtLTKQE+oJ5PBL9WMwb6PwAxJLjqf29/B
B7mwg3t884IcxfRJBeXVmUvcK3H9EdvUqgSL/ynK7Njo8xdXbkl0N4SOiYOOl8xT
0fFUvWKUuSV2k2H03X7JnOxw48Ni2rHSrZ8ojI08M3Dt0cuMKg0Dq25pMVfsbmoN
zBxmV1sOFgZKZh5daAI8Kk/Kw4rZS3HJWh1fnnCuOM+87SN7g91ZNxctV+ze1i9t
vLUZuqputFiESNitNIUi/K8qL61b07e3J7XTuGdKEt8fVyNYBVyuCsvnSOlgA29F
lXIaHX9WdIRC4jR9nmN6d49UvraQms1/O5DbV0K0oZ8qgZmc7QtsYw==
=d/l2
-----END PGP SIGNATURE-----






From alan at ctrl-alt-del.com  Fri Nov 22 10:37:53 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Fri, 22 Nov 1996 10:37:53 -0800 (PST)
Subject: sci fi
Message-ID: <3.0.32.19961122103636.01017d20@mail.teleport.com>


At 06:48 PM 11/22/96 +0100, Asgaard wrote:
>On Thu, 21 Nov 1996, Alan Olsen wrote:
>
>> For absolute brain candy, I recommend "Star Smashers of the Galaxy
>> Rangers".  EE.Doc Smith meets the Hardy Boys.  The ending I had to read
>> twice...
>
>A rather odd book that I found immensely stimulating is
>'Venus on a halfshell' by a Nym (allegedly for Kurt Vonnegut,
>who in most of his books under his own name now and then
>refers to some hilarious non-existing SF story by this 'author').

Philip Jose Farmer claimed to have written that one.

It also brings up an interesting point...

Nyms are fairly commonplace amongst the writing community.  (Even Steven
King wrote under a nym (or two).)  In fact there are books listing "nyms of
the famous" for book collectors.  Payment schemes for authors under nyms
are already in place.  (For example, I do a monthly column under a nym and
they have no qualms about paying me.)  DBAs also cover nyms in some respects.

Nyms do not have to have a "sinister purpose" (as the feds would like us to
believe).  I think that they are far more ingraned into the culture than
people realize.  (Where would this world be without Mark Twain (a nym for
Samuel Clemmens), Maxwell Grant (the nym for Walter B. Gibson and others
for the Shadow pulps), and the thousands of other nyms that appear in the
publishing field?)  Just because they are published under a nym does not
mean anyone takes their books less seriously or enjoy them less.  (In fact,
there are many authors that are nyms unbeknownst to the readers.  I would
say that most nyms in the publishing world are...)

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan at ctrl-alt-del.com|





From shamrock at netcom.com  Fri Nov 22 10:41:08 1996
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 22 Nov 1996 10:41:08 -0800 (PST)
Subject: Mass-market crypto phones
In-Reply-To: <199611221438.GAA12285@toad.com>
Message-ID: <Pine.3.89.9611221012.A1281-0100000@netcom6>


On Fri, 22 Nov 1996, Peter Trei wrote:
> It's kind of pathetic - I'm sure that the billions lost to cellular fraud 
> far outweigh the value of crimes that the  LEA groups have been 
> able  prevent by preserving their ability to illegally eavesdrop on 
> cell calls without a warrant.

The LEA's are not intested in saving the public money. They are 
interested in preserving and expanding their power. If it costs 
$1,000,000 per wiretap, who cares? The government has men with guns that 
can always go out and extort more cash from the population.

--Lucky





From jmr at shopmiami.com  Fri Nov 22 11:18:15 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Fri, 22 Nov 1996 11:18:15 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <199611221917.OAA38470@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Sat Nov 23 14:16:14 1996
Peter Trei wrote:

<snip>

> It's kind of pathetic - I'm sure that the billions lost to cellular fraud
> far outweigh the value of crimes that the  LEA groups have been 
> able  prevent by preserving their ability to illegally eavesdrop on 
> cell calls without a warrant.

I agree, but to the LEAs, the "value of crimes" includes asset forfeiture 
"profits," which change that accounting in favor of eavesdropping (in their 
minds, at least). Of course, cellular fraud is paid for by others who, if 
they're politically active at all, are likely to demand even more money for 
the LEAs. A win -- win situation (in their minds, at least).
JMR


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr at shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMpdNgjUhsGSn1j2pAQFCbQfOJss3rMfEaWt1kv8oNfiOvwtoaa15s6lc
vOVqG9dBMKCI41/x+k8Jzsb4pVvQOu4cXtUvIDOojY3JvmEzO9EVl125o8/pDxZy
iNqgpLic8Px0R/uASJCj9T0nnFemRmY+QznaQNMdgLs92nOHuEK6Kfi66lqEGmda
CxeuOSdijI+U741bU1a7xjqhc0uwj4ycsjmBB9nOKPSIsbZZYkYcDirT0z/l1F48
aVFphyzek4FjhIaFNFTdGs9YUkJM7hJJ0EfpxeWUeBAfyjkphrATXnW2WGF/iExo
32h6EYgso94VCT7LiWfK20pQ4Mk43i6xemjDdPS+9oS93Q==
=eZ9E
-----END PGP SIGNATURE-----






From trei at process.com  Fri Nov 22 11:24:15 1996
From: trei at process.com (Peter Trei)
Date: Fri, 22 Nov 1996 11:24:15 -0800 (PST)
Subject: [NOISE] sci fi
Message-ID: <199611221923.LAA15484@toad.com>


> Date:          Fri, 22 Nov 1996 18:48:22 +0100 (MET)
> From:          Asgaard <asgaard at Cor.sos.sll.se>
> To:            cypherpunks at toad.com
> Subject:       re: sci fi

> On Thu, 21 Nov 1996, Alan Olsen wrote:
 
> > For absolute brain candy, I recommend "Star Smashers of the Galaxy
> > Rangers".  EE.Doc Smith meets the Hardy Boys.  The ending I had to read
> > twice...
 
> A rather odd book that I found immensely stimulating is
> 'Venus on a halfshell' by a Nym (allegedly for Kurt Vonnegut,
> who in most of his books under his own name now and then
> refers to some hilarious non-existing SF story by this 'author').

> Asgaard

"Star Smashers" first appeared under a wierd 'Generic Book' imprint
in the late 70s/early 80s. There were a series of them - with plain
white covers and black capital titles such as "SCIENCE FICTION",
 "ROMANCE", "WESTERN", "MYSTERY", etc, all actually by well 
respected authors in their respective fields. I think "Star
Smashers' was by Harry Harrison, but am not sure.

VotHS claimed to have been written by Kilgore Trout, an third rate
SF author who exists only in the works of Kurt Vonnegut. However,
the actual author is Phillip Jose Farmer, whom Kurt granted permission
to use the character as a joke at a party. Farmer then wrote and 
published  VotHS, perfectly imitating Vonnegut's style, to Vonnegut's 
great dismay.

Peter Trei
trei at process.com





From hallam at ai.mit.edu  Fri Nov 22 11:26:25 1996
From: hallam at ai.mit.edu (Phillip M Hallam-Baker)
Date: Fri, 22 Nov 1996 11:26:25 -0800 (PST)
Subject: Patent Fight Could Add to Cost of Inter
Message-ID: <199611221926.LAA15514@toad.com>




----------

> > ``We believe it's important to draw a line in the sand and make 
> > them prove infringement,'' said CompuServe spokeswoman Gail 
> > Whitcomb. ``We think their claim is way too broad.'' 
> 
> This is quite a statement coming from a company that flexed its muscles
on
> the .GIF file spec. about 3 years ago.
> 
> If I remember right Compuserve caused some some major changes in RIP and
> HTTP developement.  Until that time the only graphic format supported in
> Mosaic was .GIF.  JPEG was promptly added and there was hot debate about
> the issue.

Having been at CERN at the time and having been the first person to 
incorporate JPEG into a browser (Arena) I know this to be incorrect.

We intended to put JPEG into the browsers from before the time that 
Marc introduced the IMG tag. Indeed a principle point of discussion
on the list was how to cope with multiple formats. We knew that
GIF was poor and that 24 bit screens would soon become the standard.
On the other hand GIF was better for icons, line drawings and such
and had better support from tools. The question was how to do content
negotiation well and support the best configuration for the particular 
hardware. Marc did not exactly allow much time for comment on the
list and chose to interpret the constructive criticism of his IMG tag
as opposition to the idea of transcluded images. Actually the question
was whether images should be a special class of transcluded object,
it really should be possible to transclude HTML within HTML, something
that frames attempts to do but not particularly well.

The patent issue was not of CompuServe's making. They were unaware of the
UNISYS patent when they developed the spec and had they known about it
would have developed GIF differently. When UNISYS asserted their patent
rights CompuServe had no choice to pay up, they did however negotiate
a blanket license agreement which has assisted the rest of the industry
in making agreements.

The main effect of the patent issue was to give added impetus to the 
PNG (prn. "Ping!") which is a patent free extension of the GIF idea.
Unlike GIF PNG is designed to work on the 24 bit displays we use
today and provide a good, general purpose standard for interchange of
images in a lossless manner. JPEG is fine for presentation of images
but useless as an editing format since it looses information on each 
cycle. It is also poor at handling line drawings and other non 
photographic sources (the P in JPEG is Photographic).

It would be nice if the industry would support PNG more widely since
its probably the best piece of original work to come out of the
Web consortium. I believe that Microsoft are supporting it in their
next browser release and even if they don't both 4.0 browsers are
much better at supporting plug ins. 


		Phill






From gnu at toad.com  Fri Nov 22 11:36:17 1996
From: gnu at toad.com (John Gilmore)
Date: Fri, 22 Nov 1996 11:36:17 -0800 (PST)
Subject: Nov 26 DC: House hearing on compsec & crypto: PRZ, Denning, Lin, ...
Message-ID: <199611221936.LAA15679@toad.com>


DC-area cypherpunks may want to attend to watch the sausage machine in action.

Forwarded-by: Dave Farber <farber at cis.upenn.edu>
Subject: IP: House Briefing on Crypto
From: Dorothy Denning

The Technology Subcommittee of the House Science Committee is holding a
briefing on computer security and encryption at 2:00 PM in Room 2318
Rayburn on Tuesday, November 26.  Panelists are:

  Herb Lin, moderator.  Study director of NRC crypto report.
  Bill Reinsch, Commerce Dept. Undersecretary for Export Administration
  Dan Geer, Director of Engineering, Open Market, Inc.
  John Linn, chair of IETF Common Authentication Technology Working Group
  Dorothy Denning, professor at Georgetown University
  Phil Zimmerman, author of PGP





From shamrock at netcom.com  Fri Nov 22 11:47:27 1996
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 22 Nov 1996 11:47:27 -0800 (PST)
Subject: Mass-market crypto phones
In-Reply-To: <n1363459702.71040@mail.ndhm.gtegsc.com>
Message-ID: <Pine.3.89.9611221147.A7402-0100000@netcom6>


On 22 Nov 1996, Mullen Patrick wrote:
> To be honest, I thought he had a good idea.  I just wouldn't want to pay
> $1000 for phone encryption.  But, it's rare I have conversations where I
> need that much security.  I'm sure the product is worth it; it's just out
> of my price range.  And probably out of the price range of the average user.

It was a good idea. It just is facing some very hard engineering 
challenges. Using software based voice encryption products 
may work for you. By all means, do give them a try. PGPfone has a codec 
for use with an ISDN or better. If you have such a fast line, the voice 
quality is fine. Note that a fast IP connection may or may not suffice. 

Here is why:

Other than bandwidth, the other essential property of the link is constant 
and preferably low delay. I did not mention this in my original 
tutorial, since this
1. We were assuming use over a regular POTS, which already has fairly 
constant delay.
2. There is nothing any codec can do to make up for variable delays.

The reason is simple. If the delay is not constant, such as if you are 
sending UDP packets over the Internet new problems arise. One packet 
may take 50ms and the next packet may take 250ms, if it doesn't just get lost along the 
way. Packets may also arrive out of sequence. One might think the answer 
to this is simply a large buffer at the receiving end. Make the buffer 
large enough, to be reasonably sure that the packets will all be there, say 
500ms. Assuming no other delays, that would mean that you have a 1/2 
second delay between the person saying a word and you hearing it. 
Multiply this by two, since the other side would have the same buffer, 
and you have 1 second delays. Too long for a conversation. And then there 
is echo cancellation. But I'll spare you this. ;-)

--Lucky





From roach_s at alph.swosu.edu  Fri Nov 22 11:50:33 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Fri, 22 Nov 1996 11:50:33 -0800 (PST)
Subject: Stewart Baker on new crypto rules
Message-ID: <199611221950.LAA15884@toad.com>


At 08:17 PM 11/20/96 -0800, Lucky Green wrote:
> he [hp's policy person]
>replied: 
>
>"There are many 
>possible interpretations of the words 'voluntary' and 'mandatory'."
>
>I am willing to testify to this under oath.
>
>I don't know what dictionary HP is using. Orwell himself must have 
>written it.

Well, if the customer does not complain about its inclusion, and chooses to
use it for its simplicity over more secure, "after market" systems, then
thats voluntary.  Thats the same voluntary that means that if the people
don't get out to the polls then they volunteered to keep thier opinions
about how government should be run to themselves.  It will probably be
voluntary, no one tells you that you have to use interNic when using the
internet, but you probably do because it is easier than trying to route
around it to its new competitor (the one issuing URL's ending in .auto and
.bus among others).  No one is telling you to use interNic, no one is
telling you to pay to register with interNic, but it is definately less of a
headache.






From roach_s at alph.swosu.edu  Fri Nov 22 11:50:53 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Fri, 22 Nov 1996 11:50:53 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
Message-ID: <199611221950.LAA15893@toad.com>


At 11:00 PM 11/20/96 -0500, Robert Hettinga wrote:
>At 9:09 pm -0500 11/20/96, Hal Finney wrote:
>>What fiction can people recommend which presents crypto/privacy issues
>>realistically?  How about this new book that Neal Stephenson is working
>>on, does anyone know what it's about?  His short story, "Hack the Spew",
>>a few months ago (in Wired, I think?) had a strong crypto flavor.
>
>His, "Great Samolean Caper" for Time/Pathfinder was pure cryptoanarchy...
>
>I don't know if it's still around though.
>
I saved the whole magazine, I can copy it for you if you like.  I thought
that I had the magazine in the dorm room but I can't seem to find it.






From roach_s at alph.swosu.edu  Fri Nov 22 11:50:56 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Fri, 22 Nov 1996 11:50:56 -0800 (PST)
Subject: Does John Gilmore EAT Asshole?
Message-ID: <199611221950.LAA15899@toad.com>


This aga nut is getting to be a real pain in the... Well lets say that he is
one hellish proctologist.  I am very tempted to send this nut a few copies
of the netscape 1.0 executable.  Worthless and fairly bulky.  AND I would be
a citizen taking action.  When Mr. Gilmore took action, he was lambasted for
his troubles.  Mr. Gilmore, however, had the misfortune of holding a
position of percieved power, I don't.  I assume that aga will not see this
as he doesn't follow the list.






From roach_s at alph.swosu.edu  Fri Nov 22 11:51:01 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Fri, 22 Nov 1996 11:51:01 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <199611221950.LAA15906@toad.com>


At 09:10 AM 11/21/96 -0500, Clay Olbon II wrote:
>A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
>device (http://www.comsec.com/).  The point of this post is to posit a
>scenario based on the implications of this product.  This is speculation
>based on where I think such products should be heading.
>
>I think we need to keep a couple of goals in mind.  The first, is to get
>encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
>probably most Americans now buy their phones).  The prices need to be low
>enough that people will want to buy them (<$100?).  Is this technically
>feasible?  The comsec device from the above URL already demonstrates the
>needed capability.  Is the cost target possible?  My guess is soon, given
>the lowering costs and increasing capabilities of current processors.
>
>The second goal needs to be to push a similar product for cell-phones.  I
>think this will be perhaps an easier sell, given the higher initial cost for
>these phones, and their reduced security.  Perhaps a home device could be
>sold with the cell-phone as a package deal, so that communications with the
>"home base" (i.e your office, home, etc) would be secure.  With the rapid
>growth in cell-phone sales, selling a package such as this might ensure a
>larger user-base of home devices.
>
>Given that these goals are met, I think widespread use of crypto over phone
>lines would become almost inevitable.  However, the fun part would be the
>introduction of such products.  The FUD coming from police, the government,
>etc. would be amazing to behold.
>
At first this seemed to be a challenging goal as public key encryption (at
least the type of which I am aware) requires a public key ring, but then I
thought, what would be the point in real time communitation?
Here is my idea.
The initiating phone sends a public key to the receiving phone.
The receiving phone takes this public key and uses it to prepare the session
key, or perhaps both session keys (one key for each simples circuit), as in PGP.
Both boxes would need to have hybrid circuits in them like the telephone
company uses to filter out the incoming signal from the outgoing signal.
The telephone amplifiers only amplify half of the signal, so it basically
consists of two simplex circuits from the local trunk to the other trunks.
This could be bypassed if the device set between the base and the handset.
Best would be to have the hybrid circuit so that it could work with the more
basic models.
I can only see two problems.
The first problem I can see right now would be randomization, (line noise
sampling?, hold the microphone close to a radio playing static until the LED
starts flashing?)
The second challenge would be getting public key encryption to work with an
analog system.  The device will have to have two analog to digital
converters and two digital to analog converters.  I believe that the
telephone operates with a carrier of about 3000 Hz, thus the box will
probably need to maintain a sampling rate of 1500 Hz or less, if this
frequency will carry voice.  The system will probably need some form of
run-time compression built in as well as sample voice at a low bit depth.
The result, under ideal circumstances will probably be a tinny sound and
loss of fidelity.
The D-A, A-D pair on the telco side could be replaced by a good modem, this
would eliminate some of the problems of the RBOC filters cutting out the
"noise" which would really be signal.
If you set the sampleing rate at 3000 cycles per second, by 8 bits of depth,
you would need to be able to transmit clearly 3000 * 8 bits per second or
24000 bits per second.  That would be 24 KiloBITS per second, about 1/8th
the 28.8 KiloBYTE modems that are commond today.  A 3000 baud modem should
be both cheap and easy to pack into a small package.  This would probably
allow for no compression at 8 bits of sampling depth.
So, the block diagram would be as follows.
                ________________     _______________     ___________
|
                |              | --> |             | --> |         |  Line
to       |
 Line from RBOC | 3000+ Baud   |-----| Public Key  |-----|A-D /D-A |
Telephone     |
----------------| Full Duplex  |     | Encryption  |     |  Pair
|--------------  |
   <--->        | Modem        |-----| Layer       |-----|         |
<--->       |
                |______________| <-- |_____________| <-- |_________|
|



I was thinking that the device could be built into a case about the same
size as a modem or answering machine, possibly a little taller to accomidate
the modem circuit, should a full duplex modem replace the telco end A-D, D-A
pair.
Unfortunately, I have very little experience with circuits.  I can't even
draw out an asyncronis multivibrator right now.  (That is a square wave
generator involving 2 transistors, 4 resistors, and 2 capicitors, not a toy
based around a motor with an off center weight)

P.S. The line on the far right is for alignment, If this line is crooked,
copy and paste the diagram to a standard ASCII editor.  this should
eliminate the pipes and spaces from being shorter than every thing else.






From roach_s at alph.swosu.edu  Fri Nov 22 12:05:44 1996
From: roach_s at alph.swosu.edu (Sean Roach)
Date: Fri, 22 Nov 1996 12:05:44 -0800 (PST)
Subject: [noise] Re: Why I Don't Read SF Much Anymore
Message-ID: <199611222005.MAA16122@toad.com>


At 12:14 AM 11/21/96 -0800, Timothy C. May wrote:
...
>- John Brunner, "The Shockwave Rider," and, my favorite, "Stand on
>Zanzibar." Required reading. As Shalmaneser would put it, "Christ, what an
>imagination he had."
...
Anyone else notice similarites between the protagonist in "The Shockwave
Rider" and "The Pretender" the new Television series.  They both even have
sympathetic pursuers.  Any wagers on how long it will take the pretender to
turn his old handler?
BTW, Tim, I don't mean to offend you by adding noise to the front, but this
post is a little off topic, mine not yours.  I seem to have offended someone
else by doing something similar.






From frantz at netcom.com  Fri Nov 22 12:09:22 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 22 Nov 1996 12:09:22 -0800 (PST)
Subject: The public sees no need for crypto at this time
Message-ID: <199611222009.MAA17707@netcom6.netcom.com>


At 10:25 AM 11/21/96 -0800, Timothy C. May wrote:
>I believe that at this time the differential market value to customers of
>having strong crypto in telephones is near-zero, and in cell-phones is only
>slightly greater. [reasoning deleted].

I generally agree with Tim about consumers.  However, I remember working on
a theater production where we were using Radio Shack 2-way headphones for
communication.  One day while we were setting up, we were able to overhear
a woman discussing (presumably with a girlfriend) her boyfriend and their
sex life over a portable telephone.  You can bet that every available
headset was in use and all other work stopped.

Where I think there is a market and an awareness of a need is in the
corporate world.  I recently saw a corporate security policy which
specifically restricted discussing classified information on portable or
cell phones.  If I were in France (to pick on just one guilty country), I
would not want to discuss secrets involving competitive position vs. a
French company on a landline connection.  The big driving force for
companies is how much the facility costs.  (I recently heard a price of
$700 for non-crypto phones.)  If the cost is low enough, company employees
will have these boxes in their homes.

The other big obstacle is standards.  As far as I can tell, every crypto
phone has its own protocol.  If there were a standard set of protocols, it
would greatly help the market, as it has for so many other products.  As a
first step, I suggest that Eric Blossom and PGP Inc. work together to
develop a mode where their products can communicate with each other.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From wombat at mcfeely.bsfs.org  Fri Nov 22 12:16:38 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Fri, 22 Nov 1996 12:16:38 -0800 (PST)
Subject: FW: RE: FW: Viel Glueck!
In-Reply-To: <9611220201.AA05596@merak.idola.net.id>
Message-ID: <Pine.BSF.3.91.961122140557.3076F-100000@mcfeely.bsfs.org>




On Fri, 22 Nov 1996 paratama at idola.net.id wrote:

> At 11:00 PM 11/21/96 +0100, you wrote:
> >> GOOD LUCK TOTEM
> >>

Oh No! It's the dread totem virus again!

;)

-r.w.






From success at Plink.net  Fri Nov 22 12:33:35 1996
From: success at Plink.net (Success)
Date: Fri, 22 Nov 1996 12:33:35 -0800 (PST)
Subject: WORK ONLINE...PART TIME
Message-ID: <199611221802.NAA27638@psi.com>


WORK ONLINE...PART TIME!

National Software Company is currently seeking independent
agents for marketing their services.  

If you're reading this, you have what it takes, (a computer and 
modem), to start your own business, work part-time or full-time.  

The commissions are great, the products are great, and it sells 
itself. You will be sent all the materials it takes to take orders 
in the convenience of your own home,-manual, order forms, software, 
etc.  

This is a real company, desiring real people worldwide who want in 
on the ground floor.  With all the people getting online via AOL, 
Compuserve, Netscape, the marketing and need is great. 

You must be a self-starter, ready to handle in-bound calls, and 
make between $700-to-$1000 per week to start. Our average agents 
yearly salary is six figures.  

Be your own boss!  Join us and become an independent sales agent.  
For more information and signing up contact: 

DOWNLOAD YOUR FREE INFORMATION DISK FROM THIS WEB SITE. 
http://www.geocities.com/WallStreet/3151/

You simply point and click - just like you do in windows. It is 
a breeze to work with. See for yourself what all the excitement 
is about... download it!

Please note: This is a one time mailing only and you have NOT
been added to any lists for future mailings.







From hua at chromatic.com  Fri Nov 22 12:41:10 1996
From: hua at chromatic.com (Ernest Hua)
Date: Fri, 22 Nov 1996 12:41:10 -0800 (PST)
Subject: Another animal isolation idea ...
Message-ID: <199611212223.OAA07413@ohio.chromatic.com>


How about putting the list o' bad animals in a separate list where the
list server will specially recognize and will not broadcast messages
except back to the sender?

This will be an effective stealth censorship mechanism, which some of
us would like to see happen to the few "animals" contributing the
trash.

Ern





From hua at chromatic.com  Fri Nov 22 13:56:11 1996
From: hua at chromatic.com (Ernest Hua)
Date: Fri, 22 Nov 1996 13:56:11 -0800 (PST)
Subject: Oh fun ... another mass spam mailer ...
Message-ID: <199611222155.NAA07879@server1.chromatic.com>



Why don't these people take a hint?

Ern

------- Forwarded Message

Return-Path: name at worldnet.att.net 
Received: from mtigwc02.worldnet.att.net (mailhost.worldnet.att.net 
[204.127.129.4]) by xenon.chromatic.com (8.7.5/8.7.3) with ESMTP id NAA24359 
for <hua at chromatic.com>; Fri, 22 Nov 1996 13:52:28 -0800 (PST)
Received: from Default ([153.35.19.61]) by mtigwc02.worldnet.att.net
          (post.office MTA v2.0 0613 ) with SMTP id ANQ13190;
          Fri, 22 Nov 1996 19:35:25 +0000
From: removenow at hotmail.com
Date: Fri, 22 Nov 1996 14:36:56 PST
Subject: As featured in Business Week
Message-ID: <19961122174156.ANQ13190 at Default>

Press reply for removal

As Featured in BUSINESS WEEK MAGAZINE
& ENTREPENURE MAGAZINE ..December issue.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SPECIAL OFFER GOOD UNTIL DECEMBER 26th 1996 ONLY
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

free free free free free free free free free free free free free free free
E-MAIL WORKS v3.1a FREE!! WITH PURCHACE OF SECURE 
BULK E-MAILING AND WEB SITE HOSTING SERVICES!!!!!!!!!!!!!
free free free free free free free free free free free free free free free

     That's Right!! When you order our secure bulk e mail hosting services you 
get the best
& most advanced bulk e-mail package for FREE. This product sold for $499 is 
now free!!!!.
Not just a demo, the fully functional version!!!

             Just e mail your request to    1webguy at slip.net

     E Mail Works v3.1 is by far the most advanced bulk e-mail software 
available
 on the market. It's power and depth are only matched by it' s ease of use. 

                                Features
        I
           Sends at 13000 to 15000 per hour with 14.4 modem 
        II
           Posts to thousands of news groups automatically
       III
           Collects at 75000 per 24 hours
           Collect from Aol, Comp-U-Serve, Prodigy & all others
       IV
           Works while your computer is-surfing-getting e mail or word 
processing.
        V
           Easy to use remove name feature.
       VI
           Parsing table 45000 to 100,000 per hour
       VII
           Stand alone - NO Pegasus-Eudora-Freedom- or other email program
           needed
      VIII
           Sends & Gathers & Parsing at the same time! 
       IX
           Marketing Tables
        X
           Time & date stamp on all mailings
       XI
           Filtering system
       XII
           Send live links
      XIII
           Repair data base
       XIV
           Merge data base
       XV
           View data base
       XVI
           Pull down help menu's

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
THE FIRST WEB SITE HOSTING SERVICE FOR
PROFESSIONAL BULK E-MAIL MARKETERS!!!!
Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ONLY $149 per month

With this unique service you send mail using your local dial-up through our
secure SMTP port. The mail you send is first filtered through our remove name
list and then sent.

I
         SECURE T3 CONNECTION WEB SITE HOSTING
          When SoftCell becomes you postmaster you will never have your site
          ripped down again or have you e mail address change
       II
          10 MG WEB DOMAIN
          We transfer or register your domain with internic 
       III
          POP ACCOUNT REMOVE NAMES
          All mail is parsed against several large remove name lists as you 
mail
       IV
          5 MG FLAME PROOF E-MAIL BOX
          We will not except multiple message or unmarked attachments from any 
user.
       V
          FIRE WALL
          Over 70,000 e mail addresses that can not access our server
       VI
          AUTO RESPONDER
          Easy and fast responder

------- End of Forwarded Message







From ph at netcom.com  Fri Nov 22 14:01:33 1996
From: ph at netcom.com (Peter Hendrickson)
Date: Fri, 22 Nov 1996 14:01:33 -0800 (PST)
Subject: Constraining the Program Counter
Message-ID: <v02140b00aebbd272eb96@[192.0.2.1]>


You could build a fairly secure system if all of the executable
code were confined to ROMs.

Is there a way to confine the PC of any popular processors so
that it can only execute code in the ROM?

Ideally, it would be possible to do this with cheap off the
shelf hardware.

Peter Hendrickson
ph at netcom.com







From ichudov at algebra.com  Fri Nov 22 14:13:29 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Fri, 22 Nov 1996 14:13:29 -0800 (PST)
Subject: HP-48G is a perfect toy, thanks to all
Message-ID: <199611222201.QAA09675@manifold.algebra.com>


Thanks to all who recommended me to buy an HP-48G calculator.
It is one of the most perfect toys that an adult can play with.

I used a programmable stack calculator when I was in high school
and it is a true pleasure.

	- Igor.





From Mullen.Patrick at mail.ndhm.gtegsc.com  Fri Nov 22 14:35:55 1996
From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick)
Date: Fri, 22 Nov 1996 14:35:55 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <n1363438071.71871@mail.ndhm.gtegsc.com>


_______________________________________________________________________________
From: Lucky Green on Fri, Nov 22, 1996 14:52
<snip>

>quality is fine. Note that a fast IP connection may or may not suffice. 
                                   ^^^^^^^^^^^^^
<snip>
 
>sending UDP packets over the Internet new problems arise. One packet 
         ^^^^^^^^^^^          ^^^^^^^^
<snip>

>--Lucky

I was going to just listen to the way this thread is going because I find
it fascinating, but now that it has been spelled out, I must make a very
important distinction between my idea and PGPFone, WebPhone, etc. --
These are Web-based programs designed to speak over very long distances
for "free" (neglecting ISP charges, etc.), adding the extra functionality
of encrypting your data along the way so sniffers, etc can't listen in 
on your conversation.

My encryptophone(tm) :-) is purely a modem-modem protocol.  This way, even at
14.4k you get all of your throughput.  No TCP/IP overhead.  No busy Net.
No "Why won't my ISP hold a connection longer than TWO MINUTES!?!?".  The
idea I was tossing around was a simple modem program which takes digitized
voice, encrypts it, pumps it through the phone line directly to the modem
on the other side which undoes it all.  (Yes, I know this is a simplified
view.)  I also know it may not be as useful as the web-based products, but
I also know you don't have to worry about the aforementioned problems and
neither party has to have a Net account.  This eliminates some of the
problems which have been sent to me.  Of course, some of the problems
still apply and must be addressed.  I guess now's the time to admit that
the first and foremost problem is that I have never programmed my soundcard...

I appreciate the tips and pointers everyone has been giving me tremendously.
Hopefully, this thread doesn't do a complete reversal, because I am storing
all hints/suggestions/tips to be used when I can finally get this project
going.  (I'm stubborn.  I need to at least try it, if for no other reason
than to get the knowledge... :-)

Thanks!
PM






From frantz at netcom.com  Fri Nov 22 14:36:32 1996
From: frantz at netcom.com (Bill Frantz)
Date: Fri, 22 Nov 1996 14:36:32 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <199611222236.OAA27264@netcom6.netcom.com>


At 11:50 AM 11/22/96 -0800, Sean Roach wrote:
>At 09:10 AM 11/21/96 -0500, Clay Olbon II wrote:
>>A while back, Eric Blossom posted a URL for a mass-market, phone encyrption
>>device (http://www.comsec.com/)...

>At first this seemed to be a challenging goal as public key encryption (at
>least the type of which I am aware) requires a public key ring, but then I
>thought, what would be the point in real time communitation?

Both Eric's product and PGPhone use Diffie-Hellman key exchange.  They
protect against man-in-the-middle attacks by displaying (part of) the
resulting symmetric key and having the phone's users verify they are both
working with the same key in the conversation.  Until the AIs/eavesdroppers
get good enough to imitate a person on the phone, this verification
technique is good enough.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From shamrock at netcom.com  Fri Nov 22 15:10:43 1996
From: shamrock at netcom.com (Lucky Green)
Date: Fri, 22 Nov 1996 15:10:43 -0800 (PST)
Subject: Mass-market crypto phones
In-Reply-To: <n1363438071.71871@mail.ndhm.gtegsc.com>
Message-ID: <Pine.3.89.9611221558.A28484-0100000@netcom6>


> I was going to just listen to the way this thread is going because I find
> it fascinating, but now that it has been spelled out, I must make a very
> important distinction between my idea and PGPFone, WebPhone, etc. --
> These are Web-based programs designed to speak over very long distances
> for "free" (neglecting ISP charges, etc.), adding the extra functionality
> of encrypting your data along the way so sniffers, etc can't listen in 
> on your conversation.

PGPfone works over POTS and IP. It was not originally designed to work
over IP.  The issues raised in my first post apply to modem/modem
connections and IP based implementations. The issues raised in my second
post apply to IP based implementations only (that's not quite true, but I
don't want to go any deeper into it). 

--Lucky





From adam at homeport.org  Fri Nov 22 15:35:46 1996
From: adam at homeport.org (Adam Shostack)
Date: Fri, 22 Nov 1996 15:35:46 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
In-Reply-To: <199611221950.LAA15893@toad.com>
Message-ID: <199611222331.SAA11266@homeport.org>



| >His, "Great Samolean Caper" for Time/Pathfinder was pure cryptoanarchy...

| I saved the whole magazine, I can copy it for you if you like.  I thought
| that I had the magazine in the dorm room but I can't seem to find it.

Once available at:
http://www.pathfinder.com/time/magazine/domestic/1995/special/special.toc.html

TIME Domestic

SPECIAL ISSUE, Spring 1995 Volume 145, No. 12

Return to Contents page 

FICTION
THE GREAT SIMOLEON CAPER
BY NEAL STEPHENSON

Hard to imagine a less attractive life-style for a young man just out
of college than going back to Bismarck to live with his parents -
unless it's living with his brother in the suburbs of Chicago, which,
naturally, is what I did. Mom at least bakes a mean cherry pie.  Joe,
on the other hand, got me into a permanent emotional headlock and
found some way, every day, to give me psychic noogies. For example,
there was the day he gave me the job of figuring out how many jelly
beans it would take to fill up Soldier Field.

Let us stipulate that it's all my fault; Joe would want me to be clear
on that point. Just as he was always good with people, I was always
good with numbers. As Joe tells me at least once a week, I should have
studied engineering. Drifted between majors instead, ended up with a
major in math and a minor in art - just about the worst thing you can
put on a job app.

Joe, on the other hand, went into the ad game. When the Internet and
optical fiber and HDTV and digital cash all came together and turned
into what we now call the Metaverse, most of the big ad agencies got
hammered - because in the Metaverse, you can actually whip out a gun
and blow the Energizer Bunny's head off, and a lot of people did. Joe
borrowed 10,000 bucks from Mom and Dad and started this clever young
ad agency. If you've spent any time crawling the Metaverse, you've
seen his work - and it's seen you, and talked to you, and followed you
around.

Mom and Dad stayed in their same little house in Bismarck, North
Dakota. None of their neighbors guessed that if they cashed in their
stock in Joe's agency, they'd be worth about $20 million. I nagged
them to diversify their portfolio - you know, buy a bushel basket of
Krugerrands and bury them in the backyard, or maybe put a few million
into a mutual fund. But Mom and Dad felt this would be a no-confidence
vote in Joe. "It'd be," Dad said, "like showing up for your kid's
piano recital with a Walkman."

Joe comes home one January evening with a magnum of champagne. After
giving me the obligatory hazing about whether I'm old enough to drink,
he pours me a glass. He's already banished his two sons to the Home
Theater. They have cranked up the set-top box they got for Christmas.
Patch this baby into your HDTV, and you can cruise the Metaverse,
wander the Web and choose from among several user-friendly operating
systems, each one rife with automatic help systems, customer-service
hot lines and intelligent agents. The theater's subwoofer causes our
silverware to buzz around like sheet-metal hockey players, and
amplified explosions knock swirling nebulas of tiny bubbles loose from
the insides of our champagne glasses. Those low frequencies must
penetrate the young brain somehow, coming in under kids' media-hip
radar and injecting the edfotainucational muchomedia bitstream direct
into their cerebral cortices.

"Hauled down a mother of an account today," Joe explains. "We hype
cars. We hype computers. We hype athletic shoes. But as of three hours
ago, we are hyping a currency."

"What?" says his wife Anne.

"Y'know, like dollars or yen. Except this is a new currency."

"From which country?" I ask. This is like offering lox to a dog: I've
given Joe the chance to enlighten his feckless bro. He hammers back
half a flute of Dom Perignon and shifts into full-on Pitch Mode.

"Forget about countries," he says. "We're talking Simoleons - the
smart, hip new currency of the Metaverse."

"Is this like E-money?" Anne asks.

"We've been doing E-money for e-ons, ever since automated-teller
machines." Joe says, with just the right edge of scorn. "Nowadays we
can use it to go shopping in the Metaverse. But it's still in U.S.
dollars. Smart people are looking for something better."

That was for me. I graduated college with a thousand bucks in savings.
With inflation at 10% and rising, that buys a lot fewer Leinenkugels
than it did a year ago.

"The government's never going to get its act together on the budget,"
Joe says. "It can't.  Inflation will just get worse. People will put
their money elsewhere."

"Inflation would have to get pretty damn high before I'd put my money
into some artificial currency," I say.

"Hell, they're all artificial," Joe says. "If you think about it,
we've been doing this forever.  We put our money in stocks, bonds,
shares of mutual funds. Those things represent real assets -
factories, ships, bananas, software, gold, whatever. Simoleons is just
a new name for those assets. You carry around a smart card and spend
it just like cash. Or else you go shopping in the Metaverse and spend
the money online, and the goods show up on your doorstep the next
morning."

I say, "Who's going to fall for that?"

"Everyone," he says. "For our big promo, we're going to give Simoleons
away to some average Joes at the Super Bowl. We'll check in with them
one, three, six months later, and people will see that this is a safe
and stable place to put their money."

"It doesn't inspire much confidence," I say, "to hand the stuff out
like Monopoly money."

He's ready for this one. "It's not a handout. It's a sweepstakes." And
that's when he asks me to calculate how many jelly beans will fill
Soldier Field.

Two hours later, I'm down at the local galaxy-class grocery store, in
Bulk: a Manhattan of towering Lucite bins filled with steel-cut rolled
oats, off-brand Froot Loops, sun-dried tomatoes, prefabricated
s'mores, macadamias, French roasts and pignolias, all dispensed into
your bag or bucket with a jerk at the handy Plexiglas guillotine. Not
a human being in sight, just robot restocking machines trundling back
and forth on a grid of overhead catwalks and surveillance cameras
hidden in smoked-glass hemispheres. I stroll through the gleaming
Lucite wonderland holding a perfect 6-in. cube improvised from duct
tape and cardboard. I stagger through a glitter gulch of Gummi fauna,
Boston baked beans, gobstoppers, Good & Plenty, Tart'n Tiny. Then,
bingo: bulk jelly beans, premium grade. I put my cube under the spout
and fill it.

Who guesses closest and earliest on the jelly beans wins the
Simoleons. They've hired a Big Six accounting firm to make sure
everything's done right. And since they can't actually fill the
stadium with candy, I'm to come up with the Correct Answer and supply
it to them and, just as important, to keep it secret.

I get home and count the beans: 3,101. Multiply by 8 to get the number
in a cubic foot: 24,808. Now I just need the number of cubic feet in
Soldier Field. My nephews are sprawled like pithed frogs before the
HDTV, teaching themselves physics by lobbing antimatter bombs onto an
offending civilization from high orbit. I prance over the black
zigzags of the control cables and commandeer a unit.

Up on the screen, a cartoon elf or sprite or something pokes its head
out from behind a window, then draws it back. No, I'm not a paranoid
schizophrenic - this is the much-hyped intelligent agent who comes
with the box. I ignore it, make my escape from Gameland and blunder
into a lurid district of the Metaverse where thousands of infomercials
run day and night, each in its own window. I watch an ad for Chinese
folk medicines made from rare-animal parts, genetically engineered and
grown in vats.  Grizzly-bear gallbladders are shown growing like
bunches of grapes in an amber fluid.

The animated sprite comes all the way out, and leans up against the
edge of the infomercial window. "Hey!" it says, in a goofy, exuberant
voice, "I'm Raster! Just speak my name - that's Raster - if you need
any help."

I don't like Raster's looks. It's likely he was wandering the streets
of Toontown and waving a sign saying WILL ANNOY GROWNUPS FOR FOOD
until he was hired by the cable company. He begins flying around the
screen, leaving a trail of glowing fairy dust that fades much too
slowly for my taste.

"Give me the damn encyclopedia!" I shout. Hearing the dread word, my
nephews erupt from the rug and flee.

So I look up Soldier Field. My old Analytic Geometry textbook, still
flecked with insulation from the attic, has been sitting on my thigh
like a lump of ice. By combining some formulas from it with the
encyclopedia's stats . . .

"Hey! Raster!"

Raster is so glad to be wanted that he does figure eights around the
screen. "Calculator!" I shout.

"No need, boss! Simply tell me your desired calculation, and I will do
it in my head!"

So I have a most tedious conversation with Raster, in which I estimate
the number of cubic feet in Soldier Field, rounded to the nearest
foot. I ask Raster to multiply that by 24,808 and he shoots back:
537,824,167,717.

A nongeek wouldn't have thought twice. But I say, "Raster, you have
Spam for brains. It should be an exact multiple of eight!" Evidently
my brother's new box came with one of those defective chips that makes
errors when the numbers get really big.

Raster slaps himself upside the head; loose screws and transistors
tumble out of his ears.  "Darn! Guess I'll have to have a talk with my
programmer!" And then he freezes up for a minute.

My sister-in-law Anne darts into the room, hunched in a don't-mind-me
posture, and looks around. She's terrified that I may have a date in
here. "Who're you talking to?"

"This goofy I.A. that came with your box," I say. "Don't ever use it
to do your taxes, by the way."

She cocks her head. "You know, just yesterday I asked it for help with
a Schedule B, and it gave me a recipe for shellfish bisque."

"Good evening, sir. Good evening, ma'am. What were those numbers
again?" Raster asks. Same voice, but different inflections - more
human. I call out the numbers one more time and he comes back with
537,824,167,720.

"That sounds better," I mutter.

Anne is nonplussed. "Now its voice recognition seems to be working
fine."

"I don't think so. I think my little math problem got forwarded to a
real human being.  When the conversation gets over the head of the
built-in software, it calls for help, and a human steps in and takes
over. He's watching us through the built-in videocam," I explain,
pointing at the fish-eye lens built into the front panel of the
set-top box, "and listening through the built-in mike."

Anne's getting that glazed look in her eyes; I grope for an analog
analogy. "Remember The Exorcist? Well, Raster has just been possessed,
like the chick in the flick. Except it's not just Beelzebub. It's a
customer-service rep."

I've just walked blind into a trap that is yawningly obvious to Anne.
"Maybe that's a job you should apply for!" she exclaims.

The other jaw of the trap closes faster than my teeth chomping down on
my tongue: "I can take your application online right now!" says
Raster.

My sister-in-law is the embodiment of sugary triumph until the next
evening, when I have a good news/bad news conversation with her. Good:
I'm now a Metaverse customer-service rep. Bad: I don't have a cubicle
in some Edge City office complex. I telecommute from home - from her
home, from her sofa. I sit there all day long, munching through my
dwindling stash of tax-deductible jelly beans, wearing an operator's
headset, gripping the control unit, using it like a puppeteer's rig to
control other people's Rasters on other people's screens, all over the
U.S. I can see them - the wide-angle view from their set-top boxes is
piped to a window on my screen. But they can't see me - just Raster,
my avatar, my body in the Metaverse.

Ghastly in the mottled, flattening light of the Tube, people ask me
inane questions about arithmetic. If they're asking for help with
recipes, airplane schedules, child-rearing or home improvement,
they've

already been turfed to someone else. My expertise is pure math only.

Which is pretty sleepy until the next week, when my brother's agency
announces the big Simoleons Sweepstakes. They've hired a knot-kneed
fullback as their spokesman. Within minutes, requests for help from
contestants start flooding in. Every Bears fan in Greater Chicago is
trying to calculate the volume of Soldier Field. They're all doing it
wrong; and even the ones who are doing it right are probably using the
faulty chip in their set-top box. I'm in deep conflict-of-interest
territory here, wanting to reach out with Raster's stubby,
white-gloved, three-fingered hand and slap some sense into these
people.

But I'm sworn to secrecy. Joe has hired me to do the calculations for
the Metrodome, Three Rivers Stadium, RFK Stadium and every other
N.F.L. venue. There's going to be a Simoleons winner in every city.

We are allowed to take 15-minute breaks every four hours. So I crank
up the Home Theater, just to blow the carbon out of its cylinders, and
zip down the main street of the Metaverse to a club that specializes
in my kind of tunes. I'm still "wearing" my Raster uniform, but I
don't care - I'm just one of thousands of Rasters running up and down
the street on their breaks.

My club has a narrow entrance on a narrow alley off a narrow side
street, far from the virtual malls and 3-D video-game amusement parks
that serve as the cash cows for the Metaverse's E-money economy.
Inside, there's a few Rasters on break, but it's mostly people
"wearing" more creative avatars. In the Metaverse, there's no part of
your virtual body you can't pierce, brand or tattoo in an effort to
look weirder than the next guy.

The live band onstage - jacked in from a studio in Prague - isn't very
good, so I duck into the back room where there are virtual racks full
of tapes you can sample, listening to a few seconds from each song. If
you like it, you can download the whole album, with optional
interactive liner notes, videos and sheet music.

I'm pawing through one of these racks when I sense another avatar,
something big and shaggy, sidling up next to me. It mumbles something;
I ignore it. A magisterial throat-clearing noise rumbles in the
subwoofer, crackles in the surround speakers, punches through cleanly
on the center channel above the screen. I turn and look: it's a
heavy-set creature wearing a T shirt emblazoned with a logo HACKERS
1111. It has very long scythe-like claws, which it uses to

grip a hot-pink cylinder. It's much better drawn than Raster; almost
Disney-quality.

The sloth speaks: "537,824,167,720."

"Hey!" I shout. "Who the hell are you?" It lifts the pink cylinder to
its lips and drinks. It's a can of Jolt. "Where'd you get that
number?" I demand. "It's supposed to be a secret."

"The key is under the doormat," the sloth says, then turns around and
walks out of the club.

My 15-minute break is over, so I have to ponder the meaning of this
through the rest of my shift. Then, I drag myself up out of the couch,
open the front door and peel up the doormat.

Sure enough, someone has stuck an envelope under there. Inside is a
sheet of paper with a number on it, written in hexadecimal notation,
which is what computer people use: 0A56 7781 6BE2 2004 89FF 9001 C782
- and so on for about five lines.

The sloth had told me that "the key is under the doormat," and I'm
willing to bet many Simoleons that this number is an encryption key
that will enable me to send and receive coded messages.

So I spend 10 minutes punching it into the set-top box. Raster shows
up and starts to bother me: "Can I help you with anything?"

By the time I've punched in the 256th digit, I've become a little
testy with Raster and said some rude things to him. I'm not proud of
it. Then I hear something that's music to my ears: "I'm sorry, I
didn't understand you," Raster chirps. "Please check your cable
connections - I'm getting some noise on the line."

A second figure materializes on the screen, like a digital genie: it's
the sloth again. "Who the hell are you?" I ask.

The sloth takes another slug of Jolt, stifles a belch and says, "I am
Codex, the Crypto-Anarchist Sloth."

"Your equipment requires maintenance," Raster says. "Please contact
the cable company."

"Your equipment is fine," Codex says. "I'm encrypting your back
channel. To the cable company, it looks like noise. As you fig

ured out, that number is your personal encryption key. No government
or corporation on earth can eavesdrop on us now."

"Gosh, thanks," I say.

"You're welcome," Codex replies. "Now, let's get down to biz. We have
something you want. You have something we want."

"How did you know the answer to the Soldier Field jelly-bean
question?"

"We've got all 27," Codex says. And he rattles off the secret numbers
for Candlestick Park, the Kingdome, the Meadowlands . . .

"Unless you've broken into the accounting firm's vault," I say,
"there's only one way you could have those numbers. You've been
eavesdropping on my little chats with Raster.  You've tapped the line
coming out of this set-top box, haven't you?"

"Oh, that's typical. I suppose you think we're a bunch of socially
inept, acne-ridden, high-IQ teenage hackers who play sophomoric pranks
on the Establishment."

"The thought had crossed my mind," I say. But the fact that the
cartoon sloth can give me such a realistic withering look, as he is
doing now, suggests a much higher level of technical sophistication.
Raster only has six facial expressions and none of them is very good.

"Your brother runs an ad agency, no?"

"Correct."

"He recently signed up Simoleons Corp.?"

"Correct."

"As soon as he did, the government put your house under full-time
surveillance."

Suddenly the glass eyeball in the front of the set-top box is looking
very big and beady to me. "They tapped our infotainment cable?"

"Didn't have to. The cable people are happy to do all the dirty work -
after all, they're beholden to the government for their monopoly. So
all those calculations you did using Raster were piped straight to the
cable company and from there to the government. We've got a mole in
the government who cc'd us everything through an anonymous remailer in
Jyvaskyla, Finland."

"Why should the government care?"

"They care big-time," Codex says. "They're going to destroy Simoleons.
And they're going to step all over your family in the process."

"Why?"

"Because if they don't destroy E-money," Codex says, "E-money will
destroy them."

The next afternoon I show up at my brother's office, in a groovily
refurbished ex-power plant on the near West Side. He finishes rolling
some calls and then waves me into his office, a cavernous space with a
giant steam turbine as a conversation piece. I think it's supposed to
be an irony thing.

"Aren't you supposed to be cruising the I-way for stalled motorists?"
he says.

"Spare me the fraternal heckling," I say. "We crypto-anarchists don't
have time for such things."

"Crypto-anarchists?"

"The word panarchist is also frequently used."

"Cute," he says, rolling the word around in his head. He's already
working up a mental ad campaign for it.

"You're looking flushed and satisfied this afternoon," I say. "Must
have been those two imperial pints of Hog City Porter you had with
your baby-back ribs at Divane's Lakeview Grill."

Suddenly he sits up straight and gets an edgy look about him, as if a
practical joke is in progress, and he's determined not to play the
fool.

"So how'd you know what I had for lunch?"

"Same way I know you've been cheating on your taxes."

"What!?"

"Last year you put a new tax-deductible sofa in your home office. But
that sofa is a hide-a-bed model, which is a no-no."

"Hackers," he says. "Your buddies hacked into my records, didn't
they?"

"You win the Stratolounger."

"I thought they had safeguards on these things now."

"The files are harder to break into. But every time information gets
sent across the wires - like, when Anne uses Raster to do the taxes -
it can be captured and decrypted. Because, my brother, you bought the
default data-security agreement with your box, and the default
agreement sucks."

"So what are you getting at?"

"For that," I say, "we'll have to go someplace that isn't under
surveillance."

"Surveillance!? What the . . . " he begins. But then I nod at the TV
in the corner of his office, with its beady glass eye staring out at
us from the set-top box.

We end up walking along the lakeshore, which, in Chicago in January,
is madness. But we hail from North Dakota, and we have all the
cold-weather gear it takes to do this. I tell him about Raster and the
cable company.

"Oh, Jesus!" he says. "You mean those numbers aren't secret?"

"Not even close. They've been put in the hands of 27 stooges hired by
the the government. The stooges have already FedEx'd their entry forms
with the correct numbers. So, as of now, all of your Simoleons - $27
million worth - are going straight into the hands of the stooges on
Super Bowl Sunday. And they will turn out to be your worst
public-relations nightmare. They will cash in their Simoleons for
comic books and baseball cards and claim it's safer. They will
intentionally go bankrupt and blame it on you. They will show up in
twos and threes on tawdry talk shows to report mysterious
disappearances of their Simoleons during Metaverse transactions. They
will, in short, destroy the image - and the business - of your client.
The result: victory for the government, which hates and fears private
currencies. And bankruptcy for you, and for Mom and Dad."

"How do you figure?"

"Your agency is responsible for screwing up this sweepstakes. Soon as
the debacle hits, your stock plummets. Mom and Dad lose millions in
paper profits they've never had a chance to enjoy. Then your big
shareholders will sue your ass, my brother, and you will lose. You
gambled the value of the company on the faulty data-security built
into your set-top box, and you as a corporate officer are personally
responsible for the losses."

At this point, big brother Joe feels the need to slam himself down on
a park bench, which must feel roughly like sitting on a block of dry
ice. But he doesn't care. He's beyond physical pain. I sort of
expected to feel triumphant at this point, but I don't.

So I let him off the hook. "I just came from your accounting firm," I
say. "I told them I had discovered an error in my calculations - that
my set-top box had a faulty chip. I supplied them with 27 new numbers,
which I worked out by hand, with pencil and paper, in a conference
room in their offices, far from the prying eye of the cable company. I
personally sealed them in an envelope and placed them in their vault."

"So the sweepstakes will come off as planned," he exhales. "Thank
God!"

"Yeah - and while you're at it, thank me and the panarchists," I shoot
back. "I also called Mom and Dad, and told them that they should sell
their stock - just in case the government finds some new way to
sabotage your contest."

"That's probably wise," he says sourly, "but they're going to get
hammered on taxes.  They'll lose 40% of their net worth to the
government, just like that."

"No, they won't," I say. "They aren't paying any taxes."

"Say what?" He lifts his chin off his mittens for the first time in a
while, reinvigorated by the chance to tell me how wrong I am. "Their
cash basis is only $10,000 - you think the IRS won't notice $20
million in capital gains?"

"We didn't invite the IRS," I tell him. "It's none of the IRS's damn
business."

"They have ways to make it their business."

"Not any more. Mom and Dad aren't selling their stock for dollars,
Joe."

"Simoleons? It's the same deal with Simoleons - everything gets
reported to the government."

"Forget Simoleons. Think CryptoCredits."

"CryptoCredits? What the hell is a CryptoCredit?" He stands up and
starts pacing back and forth. Now he's convinced I've traded the
family cow for a handful of magic beans.

"It's what Simoleons ought to be: E-money that is totally private from
the eyes of government."

"How do you know? Isn't any code crackable?"

"Any kind of E-money consists of numbers moving around on wires," I
say. "If you know how to keep your numbers secret, your currency is
safe. If you don't, it's not.  Keeping numbers secret is a problem of
cryptography - a branch of mathematics. Well, Joe, the
crypto-anarchists showed me their math. And it's good math. It's
better than the math the government uses. Better than Simoleons' math
too. No one can mess with CryptoCredits."

He heaves a big sigh. "O.K., O.K. - you want me to say it? I'll say
it. You were right. I was wrong. You studied the right thing in
college after all."

"I'm not worthless scum?"

"Not worthless scum. So. What do these crypto-anarchists want,
anyway?"

For some reason I can't lie to my parents, but Joe's easy. "Nothing,"
I say. "They just wanted to do us a favor, as a way of gaining some
goodwill with us."

"And furthering the righteous cause of World Panarchy?"

"Something like that."

Which brings us to Super Bowl Sunday. We are sitting in a skybox high
up in the Superdome, complete with wet bar, kitchen, waiters and big
TV screens to watch the instant replays of what we've just seen with
our own naked, pitiful, nondigital eyes.

The corporate officers of Simoleons are there. I start sounding them
out on their cryptographic protocols, and it becomes clear that these
people can't calculate their gas mileage without consulting Raster,
much less navigate the subtle and dangerous currents of cutting-edge
cryptography.

A Superdome security man comes in, looking uneasy. "Some, uh,
gentlemen here," he says. "They have tickets that appear to be
authentic."

It's three guys. The first one is a 300 pounder with hair down to his
waist and a beard down to his navel. He must be a Bears fan because he
has painted his face and bare torso blue and orange. The second one
isn't quite as introverted as the first, and the third isn't quite the
button-down conformist the other two are. Mr. Big is carrying an old
milk crate.  What's inside must be heavy, because it looks like it's
about to pull his arms out of their sockets.

"Mr. and Mrs. De Groot?" he says, as he staggers into the room. Heads
turn towards my mom and dad, who, alarmed by the appearance of these
three, have declined to identify themselves. The guy makes for them
and slams the crate down in front of my dad.

"I'm the guy you've known as Codex," he says. "Thanks for naming us as
your broker."

If Joe wasn't a rowing-machine abuser, he'd be blowing aneurysms in
both hemispheres about now. "Your broker is a half-naked
blue-and-orange crypto-anarchist?"

Dad devotes 30 seconds or so to lighting his pipe. Down on the field,
the two-minute warning sounds. Dad puffs out a cloud of

smoke and says, "He seemed like an honest sloth."

"Just in case," Mom says, "we sold half the stock through our broker
in Bismarck. He says we'll have to pay taxes on that."

"We transferred the other half offshore, to Mr. Codex here," Dad says,
"and he converted it into the local currency - tax free."

"Offshore? Where? The Bahamas?" Joe asks.

"The First Distributed Republic," says the big panarchist. "It's a
virtual nation-state. I'm the Minister of Data Security. Our official
currency is CryptoCredits."

"What the hell good is that?" Joe says.

"That was my concern too," Dad says, "so, just as an experiment, I
used my CryptoCredits to buy something a little more tangible."

Dad reaches into the milk crate and heaves out a rectangular object
made of yellow metal.  Mom hauls out another one. She and Dad begin
lining them up on the counter, like King and Queen Midas unloading a
carton of Twinkies.

It takes Joe a few seconds to realize what's happening. He picks up
one of the gold bars and gapes at it. The Simoleons execs crowd around
and inspect the booty.

"Now you see why the government wants to stamp us out," the big guy
says. "We can do what they do - cheaper and better."

For the first time, light dawns on the face of the Simoleons CEO.
"Wait a sec," he says, and puts his hands to his temples. "You can rig
it so that people who use E-money don't have to pay taxes to any
government? Ever?"

"You got it," the big panarchist says. The horn sounds announcing the
end of the first half.

"I have to go down and give away some Simoleons," the CEO says, "but
after that, you and I need to have a talk."

The CEO goes down in the elevator with my brother, carrying a box of
27 smart cards, each of which is loaded up with secret numbers that
makes it worth a million Simoleons. I go over and look out the skybox
window: 27 Americans are congregated down on the 50-yard line, waiting
for their mathematical manna to descend from heaven. They are just the
demographic cross section that my brother was hoping for. You'd never
guess they were all secretly citizens of the First Distributed
Republic.

The crypto-anarchists grab some Jolt from the wet bar and troop out,
so now it's just me, Mom and Dad in the skybox. Dad points at the
field with the stem of his pipe. "Those 27 folks down there," he says.
"They didn't get any help from you, did they?"

I've lied about this successfully to Joe. But I know it won't work
with Mom and Dad.  "Let's put it this way," I say, "not all
panarchists are long-haired, Jolt-slurping maniacs.  Some of them look
like you - exactly like you, as a matter of fact."

Dad nods; I've got him on that one.

"Codex and his people saved the contest, and our family, from
disaster. But there was a quid pro quo."

"Usually is," Dad says.

"But it's good for everyone. What Joe wants - and what his client
wants - is for the promotion to go well, so that a year from now,
everyone who's watching this broadcast today will have a high opinion
of the safety and stability of Simoleons. Right?"

"Right."

"If you give the Simoleons away at random, you're rolling the dice.
But if you give them to people who are secretly panarchists - who have
a vested interest in showing that E-money works - it's a much safer
bet."

"Does the First Distributed Republic have a flag?" Mom asks, out of
left field. I tell her these guys look like sewing enthusiasts. So,
even before the second half starts, she's sketched out a flag on the
back of her program. "It'll be very colorful," she says. "Like a jar
of jelly beans."

Copyright 1995 Time Inc. All rights reserved.







From rah at shipwright.com  Fri Nov 22 15:40:48 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 22 Nov 1996 15:40:48 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
In-Reply-To: <199611221950.LAA15893@toad.com>
Message-ID: <v03007833aebbe6905c92@[206.119.69.46]>


At 2:50 pm -0500 11/22/96, Sean Roach wrote:
>I saved the whole magazine, I can copy it for you if you like.  I thought
>that I had the magazine in the dorm room but I can't seem to find it.

I've got an offer of sending me an electronic copy in progress. I'll dump
it to thumper when I get it and blatantly violate a few copyrights when I
get it. :-).

Cheers,
Bob



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From hallam at ai.mit.edu  Fri Nov 22 15:46:48 1996
From: hallam at ai.mit.edu (Phillip M Hallam-Baker)
Date: Fri, 22 Nov 1996 15:46:48 -0800 (PST)
Subject: Software distribution the cypherpunks way? Was: Patent Fight Could Add to Cost of Inter
Message-ID: <199611222346.PAA19251@toad.com>


This turned into a long article on software distribution.

> NEW YORK (AP) _ A little-known patent could raise the cost of 
> doing business over the Internet for companies selling software, 
> video or other digital products delivered online. 
> 
> E-Data Corp. of Secaucus, N.J., is suing 17 companies, including 
> McGraw-Hill and CompuServe, to collect licensing fees on the 
> patent, which protects downloading of encrypted digital 
> information. A court hearing is scheduled Dec. 6 in New York on the 
> company's claims. 

Although this is one of the most bogus and indefensible patent claims
about I don't think it has any material bearing on the Web. Any that
it does have is likely to be beneficial since the Freeny model is 
inherently broken and non-Web.

What Freeny does is to claim the idea of encrypting an information 
product, delivering it through a computer network (though not a
physical medium, there is another patent that claims that), and selling
the decryption key rather than the product. It is a hot idea if you are
trapped in traditional, pre-Web thinking but not if you understand
the dynamics of the net.

The problem is that encryption is not such a great barrier to 
preventing proliferation of software. If encryption is free than you 
might as well add it in, if there are patent costs then you have
to ask what precisely you gain from encryption. The problem is that 
the information good has to be decrypted before use. Since it is
very difficult to prevent copying after the decryption has occurred
all that the encryption is really doing is to slow down the process
of proliferation.

A more important question is what if anything one gains from 
preventing proliferation. Microsoft has not been hurt by the massive
bootleg copying of its software, far from it. Many business users
are keen to buy non copy protected software because they can then
obtain a "free" copy for their home machine at no cost to 
themselves. This minor peculation is in my view the principle reason 
for the dominance of the PC in the home market. There is no good
reason why a person would buy a $2000 business machine rather
than a $500 home machine when the latter plays much better games.
But add the idea that one can use the software bought by one's 
employer and the PC looks the better buy.

I believe that the success of Netscape demonstrates that copy 
protection is a bad idea. If you believe in free markets then 
the price of any given product is going to come down to the marginal
cost of production. For software sold via the net the marginal
cost is pretty close to zero. The price of the various "Office" 
bundles sold via the stores is astonishingly low. $200 for MSOffice
or Corel Office is a silly price. If the product is bundled with
the machine the price gets even sillier - a few dollars. I expect
that before long we will see machines coming bundled with more than
one office suite because the prices are just too low to make the 
choice irrelevant. 

An important fact to bear in mind is that companies are in general
interested in being honest. There is little incentive for an 
employee to cheat the software vendor. The cost of lawsuits is a
good deterrence since the type of company where management are
likely to encourage software theft is also the type of company
that is likely to have disgruntled ex-employees willing to inform.
As a system manager my principle interest in net O/S such as 
WNT and VMS is that they have good, centralized and standardized
licensing mechanisms that allow me to make sure that the software
has been paid for. Its another reason why site licenses are useful!

The price of net software is likely to be close to the price
the OEM pays, a few dollars. This is likely to be structured
somewhat differently however. I expect to see growth of two 
trends, software rental and componentware.

Componentware, selling the package in small increments is a
poor proposition if selling via physical media. The cost of
a CDROM is low, (few cents), but the cost of post and packing
is high. Selling componentware via the net is considerably more 
interesting. Just as I paid a few bucks for my XV program,
I'm willing to pay a couple of bucks for additional input 
filters. I'd certainly be willing to pay a couple of bucks
for specialized document tools or specialized canned document 
formats (e.g. IDEF0, ESA-Requirements whatever). I see the
potential for componentware being primarily low cost, high
volume. 

Componentware is now on the brink of being practical for three
reasons. First as previously stated the net makes distribution
costs lower. Second modern software applications are considerably
more "open" to extension than previously. In the past most
software houses attempted to produce products that satisfied every
need. Today the large software houses realize that they cannot
hope to satisfy every need but that if they can cover 95% of
a persons needs in a way that allows them to add in the remaining
5% everyone is happy. Finally, Java has legitimized the 
componentware idea. Its worth noting that the technical suitability
of Java to the task is irrelevant. What is important is the fact
that several hundred startup companies have been created to do 
nothing else than make Java applets. Such companies are effectively
committed to make componentware work and it is inevitable that
at least one will succeed in establishing a paradigm for the
others to copy.

The second interesting development is software rental. To 
an extent this already occurs since the rapid rate of software
development means that software rapidly becomes obsolete. Anyone
who is using WordPerfect 3.1 for more than a few hours a year
should probably upgrade to the latest version simply because it 
offers so much more functionality. The recent move by Microsoft
to incorporate the year into their products is intended to 
encourage frequent software upgrades. It is a small step from
this model to one in which software is "leased" for a period of
a year or more at a time.


Of course both componentware and rental strategies have been 
around before the net existed. What the net does is to change
the economics so that low cost, high volume is the mainstream
strategy. Software rental traditionally involves expensive
agreements, typically brokered by lawyers on both sides. The
network means that it will become economic to rent software
in low volume and for short periods.

Joining the componentware and rental strategies together would
point to a distribution strategy in which a corporation would 
lease a certain number of seats worth of fully updated packages.
The seats would be continuously updated on a daily basis as 
additional components passed the supplier's QA.

In this model the purchaser is buying the up-todateness 
of the package. There would be little value in bootlegging
the software since its unlikely that the bootleg version 
would be anything like as convenient.

There would also be scope for different levels of uptodateness.
Just as the Microsoft developer network delivers a bulging binder 
full of CDs to my desk each quarter there will inevitably be a 
large number of developers willing to risk buggy software to 
have access to the cutting edge technology. On the other hand 
there will be people who prefer to wait until others have found 
the bugs, waiting a judicious length of time before updating
unless a patch is a response to a known bug.

Encrypting the distribution process might be worthwhile to 
reduce fraud but the main vulnerability is probably
unauthorized copying after distribution. 


What the Freeny patent covers is thus the old model of software
distribution in the new sales paradigm. There is little point in
taking costly measures to protect the copyright of products 
being sold for small dollar amounts. First Virtual proves this.

Where more expensive software is concerned it would ideally be
best to use the net. But here the price of the patent is simply
too much. The 1% extorted under the patent would easily pay
an intern to stuff a CD in an envelope and send it.


The role for encryption in the software distribution process
is in authenticating the delivered goods. The role of encryption 
is to provide privacy. It is very hard to keep a secret that
every one knows about, still harder to sell information  that is
public knowledge. The net is not an information economy, it
is an access to information technology. Nobody will profit
from merely selling information, they will have to sell 
the ability to access information in better ways, better indexing,
faster access, lower publication delays and so on.

comments?

		Phill

PS in checking this document Microsoft's spellchecker suggested
"Mosaic" when checking the word MSOffice!






From rah at shipwright.com  Fri Nov 22 16:10:58 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 22 Nov 1996 16:10:58 -0800 (PST)
Subject: Why I Don't Read SF Much Anymore
In-Reply-To: <199611221950.LAA15893@toad.com>
Message-ID: <v0300783eaebbf148e103@[206.119.69.46]>


At 6:25 pm -0500 11/22/96, Robert Hettinga wrote:
>I've got an offer of sending me an electronic copy in progress. I'll dump
>it to thumper when I get it and blatantly violate a few copyrights when I
>get it. :-).

Looks like I don't have to do *that* anymore.

Thanks, Adam!

Cheers,

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From jya at pipeline.com  Fri Nov 22 18:00:07 1996
From: jya at pipeline.com (John Young)
Date: Fri, 22 Nov 1996 18:00:07 -0800 (PST)
Subject: Report on Net Tax Policy
Message-ID: <1.5.4.32.19961123015800.006dc44c@pop.pipeline.com>


The US Treasury Department's report "Selected Tax Policy 
Implications of Global Electronic Commerce," reported this 
morning in the NYT, is available at:

     ftp://ftp.fedworld.gov/pub/tel/internet.wp  

     (260 kb; WordPerfect 6.1)

We've prepared an HTML version at:

     http://jya.com/taxpolicy.htm  (140 kb)


Here's the TOC

Section I: Introduction

� � �Executive Summary
� � �1. Introduction 

Section II: Technical Background

� � �2. An Overview of the Global Information Infrastructure 
         or "Information Superhighway"
� � �3. The World Wide Web and Electronic Commerce
� � �4. Security and Encryption
� � �5. Payment Mechanisms 

Section III: Tax Policy and Administration Issues

� � �6. Tax Policy and Administration Issues: General 
         Considerations
� � �7. Substantive Tax Law Issues
� � �8. Tax Administration and Compliance Issues  � � �
     9. Conclusion
� � �Glossary
� � �Notes 







From erp at digiforest.com  Fri Nov 22 18:18:32 1996
From: erp at digiforest.com (Erp)
Date: Fri, 22 Nov 1996 18:18:32 -0800 (PST)
Subject: HP-48G is a perfect toy, thanks to all
In-Reply-To: <199611222201.QAA09675@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.961122185045.12273B-100000@digital.digiforest.com>





On Fri, 22 Nov 1996, Igor Chudov @ home wrote:

> Thanks to all who recommended me to buy an HP-48G calculator.

Should have bough the HP-48GX Graphing Calculator.

> It is one of the most perfect toys that an adult can play with.

There extremely fun!  But the GX holds better more and cooler games...

> 
> I used a programmable stack calculator when I was in high school
> and it is a true pleasure.

Eek -- and how long ago was this *grin*....  Just had to ask that..

> 
> 	- Igor.
> 

Anyways even though the GX is around 215$ ---  and the G is only 80$..
The GX is by far worth it.... 

Ok thats my Two Pence, later...

Erp






From kadafi at shell.cwnet.com  Fri Nov 22 18:59:28 1996
From: kadafi at shell.cwnet.com (Buster de body crab)
Date: Fri, 22 Nov 1996 18:59:28 -0800 (PST)
Subject: Mass-market crypto phones
In-Reply-To: <n1363438071.71871@mail.ndhm.gtegsc.com>
Message-ID: <Pine.BSD/.3.91.961122121706.20445A-100000@shell.cwnet.com>




On 22 Nov 1996, Mullen Patrick wrote:

> _______________________________________________________________________________
> From: Lucky Green on Fri, Nov 22, 1996 14:52
> <snip>
> 
> >quality is fine. Note that a fast IP connection may or may not suffice. 
>                                    ^^^^^^^^^^^^^
> <snip>
>  
> >sending UDP packets over the Internet new problems arise. One packet 
>          ^^^^^^^^^^^          ^^^^^^^^
> <snip>
> 
> >--Lucky
> 
> I was going to just listen to the way this thread is going because I find
> it fascinating, but now that it has been spelled out, I must make a very
> important distinction between my idea and PGPFone, WebPhone, etc. --
> These are Web-based programs designed to speak over very long distances
> for "free" (neglecting ISP charges, etc.), adding the extra functionality
> of encrypting your data along the way so sniffers, etc can't listen in 
> on your conversation.
> 
> My encryptophone(tm) :-) is purely a modem-modem protocol.  This way, even at
> 14.4k you get all of your throughput.  No TCP/IP overhead.  No busy Net.
> No "Why won't my ISP hold a connection longer than TWO MINUTES!?!?".  The
> idea I was tossing around was a simple modem program which takes digitized
> voice, encrypts it, pumps it through the phone line directly to the modem
> on the other side which undoes it all.  (Yes, I know this is a simplified
> view.)  I also know it may not be as useful as the web-based products, but
> I also know you don't have to worry about the aforementioned problems and
> neither party has to have a Net account.  This eliminates some of the
> problems which have been sent to me.  Of course, some of the problems
> still apply and must be addressed.  I guess now's the time to admit that
> the first and foremost problem is that I have never programmed my soundcard...
> 
> I appreciate the tips and pointers everyone has been giving me tremendously.
> Hopefully, this thread doesn't do a complete reversal, because I am storing
> all hints/suggestions/tips to be used when I can finally get this project
> going.  (I'm stubborn.  I need to at least try it, if for no other reason
> than to get the knowledge... :-)
> 
> Thanks!
> PM

There is a program out there called "nautilis" or something like that and 
it works just like the webphones but you need no web.






From ponder at freenet.tlh.fl.us  Fri Nov 22 19:15:20 1996
From: ponder at freenet.tlh.fl.us (P. J. Ponder)
Date: Fri, 22 Nov 1996 19:15:20 -0800 (PST)
Subject: FAQ on legalities SSLeay, &c.
Message-ID: <Pine.OSF.3.91.961122215908.26369G-100000@fn3.freenet.tlh.fl.us>


the recently posted FAQ on crytpo patent expiration dates etc. stated that
MD5 and SHA were not export-restricted anywhere.  The FIPS Pub for SHA
(which I think is numbered 180-1) specifically states that SHA is export
controlled (by ITAR).  I asked this list why it would be controlled, since
it was a signature function, and Perry Metzger replied that crypto hash 
functions make good starting points for building a block cipher program.  

there is a section in Schneier's _Applied Crypto_ on this, too.

anybody heard from the old Perry-grammer on his list project?
I miss him.  He would be having a field day with all this noise.

surprised there hasn't been more chatter about the improved differential 
fault analysis (IDFA).  That is pretty powerful stuff.  They just don't 
make tamper-proof like they used to.  Forget chomping on the keyspace, 
read the modulus and divide by the public key.  I like the reference to 
the 'Mafia EFT/POS'.

ObSciFi:  Go back and read the Preface (by Bruce Sterling) to Gibson's 
_Burning Chrome_ collection.  He talks about the sorry state of SF in the 
1980's and how Gibson, among others, was turning out something new. Hmph.





From dispatch at cnet.com  Fri Nov 22 20:39:46 1996
From: dispatch at cnet.com (The CNET newsletter)
Date: Fri, 22 Nov 1996 20:39:46 -0800 (PST)
Subject: CNET News Dispatch  November 22, 1996
Message-ID: <199611230418.UAA17158@cappone.cnet.com>


*************************************

CNET NEWS DISPATCH/SPECIAL COMDEX ISSUE
Friday, November 22, 1996
San Francisco, California, USA

*************************************

Welcome to the sixth and last in a series of SPECIAL COMDEX ISSUES of the
CNET NEWS DISPATCH, bringing you the latest on the people, products, and
parties at this exciting event. Check out our Comdex page at:

http://www.news.com/Categories/Index/0%2C3%2C38%2C00.html?nd

*************************************

CNET NEWS DISPATCH is a daily newsletter that summarizes the up-to-the
minute technology news presented by CNET's NEWS.COM. It tempts readers with
coverage of today's hottest stories, news in the making, (in)credible
rumors, and other indispensable information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

*************************************

CONTENTS

SCOOPS AND TOP STORIES
     AOL tries to play "The Price is Right" with customers
     Microsoft catches up to its own browser in Macland
     Gates & Grove prove great minds think and clink alike
     It puts the whole...world...in your lap
     Despite IPO mishaps, tech firms still getting VC $$$

ANNOUNCEMENTS
     An easy way for you to customize NEWS.COM
     Search the site for particular topics and articles
     Send us your questions, comments, flotsam, and jetsam
     How to subscribe and unsubscribe
     Late-breaking stories just a click away with Desk Top News

*************************************

AOL TRIES TO PLAY "THE PRICE IS RIGHT" WITH CUSTOMERS
As if he didn't have enough to worry about--blackouts, churn, the growth of
the Web--Steve Case and friends are also wrangling with attorneys generals
in 17 states. The problem is AOL's new pricing policy, which can be summed
up as: "Unless you say 'no,' your rate goes from $9.95 to $19.95." At pixel
time (previously "press time"), the skirmishes were just beginning.

   http://www.news.com/News/Item/0%2C4%2C5674%2C00.html?nd


MICROSOFT CATCHES UP TO ITS OWN BROWSER IN MACLAND
Explorer for Mac users rejoice! Your hybrid platform/browser choice has just
been significantly enhanced by the arrival of Microsoft's Java Virtual
Machine. Some of the Web's most bleeding-edge firms are now rushing to
embrace this new entrant into the market.

   http://www.news.com/News/Item/0%2C4%2C5675%2C00.html?nd


GATES & GROVE PROVE GREAT MINDS THINK AND CLINK ALIKE
First his friend and business buddy Bill Gates misses, then frantically
swerves to catch, the opportunities of the exploding Internet market. Now
Intel chief Andy Grove seems to have jumped into an exploding market late
enough to possibly fall off. Ironically, the product at the center of this
battle is Windows CE, made by none other than Microsoft itself.

   http://www.news.com/News/Item/0%2C4%2C5676%2C00.html?nd

IT PUTS THE WHOLE...WORLD...IN YOUR LAP
People will buy 190,000 of them this year and 4.1 million by 2000. They come
in 20 varieties and move four times faster than analog modem speeds. It fits
in your pocket, but can take you thousands of miles in seconds.

   http://www.news.com/News/Item/0%2C4%2C5669%2C00.html


DESPITE IPO MISHAPS, TECH FIRMS STILL GETTING VC $$$
You've heard about Wired canceling its IPO. Twice. You've heard that the
VC-money-for-neat-Net-ideas bubble has burst. You've heard about apocalyptic
traffic jams that could choke the Web. But to get the real story on how
investors and venture capitalists feel about Net-related firms nowadays, the
old adage of "follow the money" yields interesting results.

   http://www.news.com/News/Item/0%2C4%2C5673%2C00.html?nd


*************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify the
topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1


SEARCH THE SITE FOR PARTICULAR TOPICS AND ARTICLES
Search the entire NEWS.COM database for stories you saw in News Dispatch, or
track any story we've run.

   http://www.news.com/Searching/Entry/0%2C17%2C0%2C00.html?nd


SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch at cnet.com


HOW TO SUBSCRIBE AND TO UNSUBSCRIBE
To subscribe to News Dispatch: Send mail to listserv at dispatch.cnet.com with
the message:

   subscribe news-dispatch (your name)

in the message body. To unsubscribe send the message:

   unsubscribe news-dispatch


LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on the
Net? Our Desk Top News feature puts our 20 most recent stories right there
on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd


*************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/





From deviant at pooh-corner.com  Fri Nov 22 21:11:12 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Fri, 22 Nov 1996 21:11:12 -0800 (PST)
Subject: /dev/random and similar
In-Reply-To: <Pine.LNX.3.95.961122132835.505A-100000@gak.voicenet.com>
Message-ID: <Pine.LNX.3.94.961123050656.11476B-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 22 Nov 1996, Mark M. wrote:

> On Fri, 22 Nov 1996, Three Blind Mice wrote:
> 
> > There was a thread here a while back about /dev/random and similar devices
> > for Linux, but I managed to lose the mails and the hks.net archives still
> > aren't working (any news on that?).  If someone could tell me where I
> > could find such a driver, I would appreciate it very much.      TIA!
> 
> It's part of the kernel (as of 2.0).  All you have to do is create the devices
> /dev/random and /dev/urandom with major number 1 and minor numbers 8 and 9
> respectively.
> 
> Mark

It should be noted, however, that only /dev/random is cryptographically
pseudorandom. (or rather, can be safely treated as such).  /dev/urandom
cuts some strings to be faster, but is less reliable.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

They seem to have learned the habit of cowering before authority even when
not actually threatened.  How very nice for authority.  I decided not to
learn this particular lesson.
                -- Richard Stallman


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpaG9jCdEh3oIPAVAQFuLgf+Jv+p8e4pYsSW9e17aOJhly2343Xo4KdM
SWZzaZRAz2/4Q1T2kKR0VGA5g8NveXw0TotMYadFFB/V6W1ibqcYRmetIvJQbfED
9oGz5SEdTNGrTFEGWlRHYBcEw1bqLEPQ4b2Wov8tdwwQAuHcQic4q3HGIN1xjV+z
3SdLJWxfOWYXxQvrXGtaXEr5mAM8ZxtnpWt0WJuSxlFxDTS2xmOjAx+jr+KnJiih
7pf9Z/Gy4mA6h4u191iDIhP0BQG+84p50y+9Im4kPd0BMFk1+/XUfcyNBV0WL7H/
Odqe4QblkWaJnAL6H4TetLbeaF79hjspJcVNtcy03a+7lsfACPAGjg==
=zl6V
-----END PGP SIGNATURE-----






From declan at eff.org  Fri Nov 22 21:41:58 1996
From: declan at eff.org (Declan McCullagh)
Date: Fri, 22 Nov 1996 21:41:58 -0800 (PST)
Subject: Mass-market crypto phones
In-Reply-To: <Pine.3.89.9611221012.A1281-0100000@netcom6>
Message-ID: <Pine.SUN.3.91.961122213735.17357D-100000@eff.org>


As Hayek reminded us 50 years ago, even democracies can evolve into a 
totalitarian state.

Be ever vigilant, blah.

-Declan

PS: Over margaritas and enchiladas tonight, I was talking with one of the
crypto-ITAR enforcers from State. I mentioned that I'd be going out of the
country soon and taking my PowerBook laptop. Quite sincerely, he urged me
to keep a record of when I left and when I returned for five years. You
see, I have domestic Netscape Navigator on it. Wacky stuff. 


On Fri, 22 Nov 1996, Lucky Green wrote:

> On Fri, 22 Nov 1996, Peter Trei wrote:
> > It's kind of pathetic - I'm sure that the billions lost to cellular fraud 
> > far outweigh the value of crimes that the  LEA groups have been 
> > able  prevent by preserving their ability to illegally eavesdrop on 
> > cell calls without a warrant.
> 
> The LEA's are not intested in saving the public money. They are 
> interested in preserving and expanding their power. If it costs 
> $1,000,000 per wiretap, who cares? The government has men with guns that 
> can always go out and extort more cash from the population.
> 
> --Lucky
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From declan at eff.org  Fri Nov 22 21:47:39 1996
From: declan at eff.org (Declan McCullagh)
Date: Fri, 22 Nov 1996 21:47:39 -0800 (PST)
Subject: Report on Net Tax Policy
In-Reply-To: <1.5.4.32.19961123015800.006dc44c@pop.pipeline.com>
Message-ID: <Pine.SUN.3.91.961122214643.17357F-100000@eff.org>


I started reading it this afternoon and interviewed some folks at 
Treasury about it. Read it. It talks about much of what has been 
discussed on cypherpunks.

-Declan

(And you wonder why *.irs.gov addresses subscribe to this list?)


On Fri, 22 Nov 1996, John Young wrote:

> The US Treasury Department's report "Selected Tax Policy 
> Implications of Global Electronic Commerce," reported this 
> morning in the NYT, is available at:
> 
>      ftp://ftp.fedworld.gov/pub/tel/internet.wp  
> 
>      (260 kb; WordPerfect 6.1)
> 
> We've prepared an HTML version at:
> 
>      http://jya.com/taxpolicy.htm  (140 kb)
> 
> 
> Here's the TOC
> 
> Section I: Introduction
> 
> � � �Executive Summary
> � � �1. Introduction 
> 
> Section II: Technical Background
> 
> � � �2. An Overview of the Global Information Infrastructure 
>          or "Information Superhighway"
> � � �3. The World Wide Web and Electronic Commerce
> � � �4. Security and Encryption
> � � �5. Payment Mechanisms 
> 
> Section III: Tax Policy and Administration Issues
> 
> � � �6. Tax Policy and Administration Issues: General 
>          Considerations
> � � �7. Substantive Tax Law Issues
> � � �8. Tax Administration and Compliance Issues  � � �
>      9. Conclusion
> � � �Glossary
> � � �Notes 
> 
> 


// declan at eff.org // I do not represent the EFF // declan at well.com //







From wichita at cyberstation.net  Sat Nov 23 00:51:59 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 23 Nov 1996 00:51:59 -0800 (PST)
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice + AGA
In-Reply-To: <848071227.510148.0@fatmans.demon.co.uk>
Message-ID: <Pine.BSI.3.95.961122235129.7786A-100000@citrine.cyberstation.net>




On Thu, 14 Nov 1996 paul at fatmans.demon.co.uk wrote:

> 
> >          Since the IPG algorithm is impregnable, obviously no
> >          individual, or collection of individuals, from said
> >          Universities, the Cypherpunks, or the Coderpunks has been
> >          able to crack the system. Of course, this inability to do the
> >          impossible applies not only to the present but for all time,
> >          for all eternity."
> 
> 
> Look, 
> 
> do you seriously think that university researchers, professors and 
> data security consultants have nothing better to do with their time 
> than look at your pathetic collection of cryptographic stocking 
> fillers.
> 
Several of them are. And if I am to believe your private
postings of the past, you have tried but failed, and are thusly
understandably frustrated.  

> I thought you had finally gone away when I saw no posts from you for 
> about a week. I am depressed beyond belief to see you have returned 
> to interrupt the flow of discussion.... Leave and never return...
> 
Sorry about that old chap, but the last Englishmen that had the power
to command us here in the States was George III, and he was a mad
ignorant lunatic Englishman like you. I am not as adept at telling you off
as AGA,  but obviously you insignificant English pawns think that that
you still rule the world. In your ignorance, you are not aware but here in
the United States we have certain rights, that you parasites, not all but
those like you,  in the United Kingdom can no longer deprive us of. Try
reading Thomas Jefferson, Patrick Henry, Thomas Paine, and hundreds of
others. We are no longer yours to command, Dei Gratita.   

Break my system and I will gladly crawl back into the hole that you
somehow think I have emerged from. Until that time, which
thus obviously means forever, or at least without definable limits, you
may expect me to continue to make postings as I may see fit, or respond to
your senseless jabberwocky. You and some of the other  cypherpunks,
coderpunks are cryptographic quacks, you read Shannon and Schenier, and
hang out shingle as a cryptographic expert, when you have no knowledge of
the subject whatsoever. You need to be exposed as the quack you are. 

Of course, the real problem is that you, cannot break my system, 
you are clueless about how to do that and you know it. You
have never broken any significant crypto system and you never will because 
you do not know how. You are a great pretentious turkey, that flaps
his wings and spreads all kinds of crappy gobbledegook because that is
all they know how to do. Every forum like this has their flocks of those 
turkeys, like you, because it puffs up their hyperdeflated ego. 

As to your other postings alleging a break, you know that is not true.
You, John and Adam posted a bunch of crap. Even Perry, has given up
trying to perpetuate that factoid. Even the alleged break was not a
system break, it might have been used to break an individual messages, 
or some messages but that was not the algorithm and you know it. You are a
practioner of Gimcrackery and everyone knows it, including you. 

There are a lot of serious professional people on the Cypherpunks and
Coderpunks lists, but you are certainly not among them. With respect to
you and a few others, I might paraphrase one of your own, one who I
respect enormously as does most other Americans, that being Winston
Churchill. Paraphrasing Sir Winston, "Never have so few, said so much and 
thought they had done so much, when in fact they had said nothing and
done nothing except to splutter baneful balderdash."  

You individually, and as a member of the crytographic claque, have done
enough unwarranted inbongis to  remind me of Rousseau words:

         "The less reasonable a cult is, the more men seek to
                     establish it by force."

Or better still and more succinct, another of your own, Sir Alfred North
Whitehead, another Englishman that I admire, who said:

         "There is no greater hinderance to the progress of thought 
               than an attitude of irritated party-spirit." 
            
Read the postings made in response to my postings. From the beginning,
they have invoked an irritated party-spirit, fortunately not of the
many but only the few of the lunatic fringe of the Cypherpunks -
Coderpunks, like you. 

Another Englishmen, Alexander Pope in verse said it well too:

           "The ruling passion, be it what it will
            The ruling passion conquers reason still."

Your, and the lunatic fringe's ruling passion that you know it all, that
you are right and that makes it right is more of your Delphic
Neanderthal thinking. "Sans doubte," your need for rinforzando dictums is
obviously results from the fact that you are absolutely 
illuminiferous.  


> I truly have never hear anyone speak as much bollocks as you in my 
> entire life, even those who have studied the art for many years...
> 
I do not know what you have never hear, but I have heard and read enough
of your sententious pap to realize that you do not know what you are
writing about. Your ignorance is sublime, you are not only dumb, and
dumber, but you are obviously the dumbest of the dumb with possibly the
exception of fermented pear juice, and with the cypherpunk - coderpunk
imperium, that is saying a lot.  

Lead on McPuff(ery),

With the kindest personal regards,

Don Wood 









From frantz at netcom.com  Sat Nov 23 00:53:34 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 23 Nov 1996 00:53:34 -0800 (PST)
Subject: Star Trek: First Contact
Message-ID: <199611230853.AAA10184@netcom6.netcom.com>


For the fans of E.E.(Doc) Smith, go see this movie.

OBCrypto: Data locks the main computer with a fractal cypher.

OBMoney: Picard states the they don't have money in the 24th century. 
Instead they work for the good of mankind.  Nanotechnology must have made
everything material possible, so the only reward left is status (aka
reputation).


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From wichita at cyberstation.net  Sat Nov 23 01:13:44 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 23 Nov 1996 01:13:44 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSF.3.91.961115000356.12942G-100000@mcfeely.bsfs.org>
Message-ID: <Pine.BSI.3.95.961123025857.17068A-100000@citrine.cyberstation.net>



Do not belive it, it will never happen. It is impossible,  and we can
prove it to your satisfaction.

Please be advised that effective immediately any U.S. or Canadian
corporation (ltd), organization or government group may now receive a free
IPG demonstration system, it has some limitations but it does  allow users
to see how easy it is to use the system compared to existing antiquated
systems. It will also allow users to prove to themselves that the security
is truly peerless.

This offer does not apply to individual users.

To obtain your organization free operational demonstration copy, please
send an e-mail request to:

        ipgsales at cyberstation.net

You must include your snail-mail address and telephone number in said
request. 

The pcopy will allow for multiple users.

With kindest regards,

Don Wood







From jim at santafe.arch.columbia.edu  Sat Nov 23 02:09:01 1996
From: jim at santafe.arch.columbia.edu (Jim Wise)
Date: Sat, 23 Nov 1996 02:09:01 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>
Message-ID: <Pine.NEB.3.94.961123040742.14111A-100000@localhost>


On Fri, 22 Nov 1996, `Jon Galt' wrote:

> What an interesting topic for this list.  I really must point out that most
> wealth in this country is first generation wealth - in other words, most
> wealth is EARNED, not "handed down".
 
Please back this statement up.  The fact is, contrary to our grand self-image,
America has one of the lowest rates of class mobility in the world.  Just shy
of forty percent of the wealth (in land and capital) in the U.S. is possessed
by one percent of the  population.  This far outstrips, for example, 
Great Britain, where the top one percent of society holds 18% of the nation's
wealth.  Continuing down the line, the top 20% of the us population hold more
than 80% of the nation's wealth.  [Source New York Times, April 17. 1995, p.1]

_However_, that's not what I came here to talk to you about tonight:

> too much wealth in relation to those around them.  Adam Back (and
> the cypherpunks?) is (are) against people being prevented from
> accumulating "too much" wealth in relation to those around them.

An oversimplification.  Cypherpunks are in favor of people using technology
to take their own privacy into their own hands.  Anything outside the scope
of this issue is an aside.  Cypherpunks tend toward anarchism / libertarianism
as a result of their strong bent toward personal freedom, but this generalization
obscures the fact that cypherpunks is a _pragmatic_ group, addressing issues
of importance to both left-leaning and right-leaning anarchist / libertarian
types.  To split the group on lines of economic principle is to undermine the
value of this shared ground.  Let's face it -- when it comes to privacy, the
US and the world are in a state of crisis right now.  It would be a serious
mistake to let our disagreements on economic policy drive us from the fight
for liberty.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From unicorn at schloss.li  Sat Nov 23 02:49:15 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 23 Nov 1996 02:49:15 -0800 (PST)
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice + AGA
In-Reply-To: <Pine.BSI.3.95.961122235129.7786A-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.94.961123054542.12685C-100000@polaris>


On Sat, 23 Nov 1996 wichita at cyberstation.net wrote:

> On Thu, 14 Nov 1996 paul at fatmans.demon.co.uk wrote:

> > Look, 

[...]

> > I thought you had finally gone away when I saw no posts from you for 
> > about a week. I am depressed beyond belief to see you have returned 
> > to interrupt the flow of discussion.... Leave and never return...
> > 
> Sorry about that old chap, but the last Englishmen that had the power
> to command us here in the States was George III,

And if you are any indication, it's been downhill ever since he failed.

Vote Monarchist.

> With the kindest personal regards,

Eat lint.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Sat Nov 23 02:59:53 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 23 Nov 1996 02:59:53 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961123025857.17068A-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.94.961123055820.12685D-100000@polaris>


On Sat, 23 Nov 1996 wichita at cyberstation.net wrote:

> To obtain your organization free operational demonstration copy, please
> send an e-mail request to:
> 
>         ipgsales at cyberstation.net
> 
> You must include your snail-mail address and telephone number in said
> request. 

Now THIS has potential!

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Sat Nov 23 03:03:53 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 23 Nov 1996 03:03:53 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <199611230853.AAA10184@netcom6.netcom.com>
Message-ID: <Pine.SUN.3.94.961123060232.12685E-100000@polaris>


On Sat, 23 Nov 1996, Bill Frantz wrote:

> Date: Sat, 23 Nov 1996 00:57:06 -0800
> From: Bill Frantz <frantz at netcom.com>
> To: cypherpunks at toad.com
> Subject: Star Trek: First Contact
> 
> For the fans of E.E.(Doc) Smith, go see this movie.
> 
> OBCrypto: Data locks the main computer with a fractal cypher.
> 
> OBMoney: Picard states the they don't have money in the 24th century. 
> Instead they work for the good of mankind.  Nanotechnology must have made
> everything material possible, so the only reward left is status (aka
> reputation).

Why doesn't everyone have a starship?

> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
> (408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
> frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA
> 
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From jmr at shopmiami.com  Sat Nov 23 07:01:28 1996
From: jmr at shopmiami.com (Jim Ray)
Date: Sat, 23 Nov 1996 07:01:28 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <199611231501.KAA17614@osceola.gate.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Sun Nov 24 09:59:36 1996
Uni wrote:

> On Sat, 23 Nov 1996 wichita at cyberstation.net wrote:
> 
> > To obtain your organization free operational demonstration copy,
>  please
> > send an e-mail request to:
> > 
> >         ipgsales at cyberstation.net
> > 
> > You must include your snail-mail address and telephone number in said
> > request. 
> 
> Now THIS has potential!

Indeed. Note that he calls it "organization free" above. Obviously, his 
operation's entire marketing department is an excellent source of 
randomness.:)
JMR


Regards, Jim Ray
DNRC Minister of Encryption Advocacy

One of the "legitimate concerns of law enforcement" seems to be
that I was born innocent until proven guilty and not the other
way around. -- me

Please note new 2000bit PGPkey & address <jmr at shopmiami.com>
PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5  57 52 64 0E DA BA 2C 71


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEPAwUBMphi3DUhsGSn1j2pAQHJ0gfQzgWGEb2lJ3KSPWGn3td/k2veuxZDjkHu
OlITK3W6zT9MUWqh4KrdvQkt7Z/RzRls+uJPr7ZChS8f6FSHHvGWSmnTBZb+Bav8
JGJqcq+b/BwuUJ0RmVbGL9N7BCCXICroIdGQc1R+DmUuTMcqaAxD9bYWYbs/JSr0
Q00u3L/w8djc74sR2dS3PWmwF9PGLlmKrVQijY/q7WUNhKJDoZR4w511hswVHn1N
BMjR49s+5Gh3N6eaRnKx/B2GnByhvL5Sgai2uPAqT5tFiA7R1nxnHZIlgMplYKsw
27nUWGYFpM+gP/wppw1neZqJcu4xKzg25IN4QIe86T78oA==
=WUGy
-----END PGP SIGNATURE-----






From adam at homeport.org  Sat Nov 23 07:46:03 1996
From: adam at homeport.org (Adam Shostack)
Date: Sat, 23 Nov 1996 07:46:03 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <Pine.SUN.3.94.961123060232.12685E-100000@polaris>
Message-ID: <199611231541.KAA13180@homeport.org>


Black Unicorn wrote:
| On Sat, 23 Nov 1996, Bill Frantz wrote:
| > For the fans of E.E.(Doc) Smith, go see this movie.
| > 
| > OBCrypto: Data locks the main computer with a fractal cypher.
| > 
| > OBMoney: Picard states the they don't have money in the 24th century. 
| > Instead they work for the good of mankind.  Nanotechnology must have made
| > everything material possible, so the only reward left is status (aka
| > reputation).
| 
| Why doesn't everyone have a starship?

	Becuase they've created an insidious welfare state so that no
one wants for basic human needs.  This has sapped the drive of most
people so far that only war generates new technology. Said new
technology is too expensive to give to the common man, who should be
satisfied watching Patrick Stewart, history's greatest Shakesperian
actor.

;)

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From deviant at pooh-corner.com  Sat Nov 23 08:19:43 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sat, 23 Nov 1996 08:19:43 -0800 (PST)
Subject: Q.E.D |= Montgolfiering + Inbongis + Fermented Pear Juice + AGA
In-Reply-To: <Pine.SUN.3.94.961123054542.12685C-100000@polaris>
Message-ID: <Pine.LNX.3.94.961123155648.12428B-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, Black Unicorn wrote:

> On Sat, 23 Nov 1996 wichita at cyberstation.net wrote:
> 
> > On Thu, 14 Nov 1996 paul at fatmans.demon.co.uk wrote:
> 
> > > Look, 
> 
> [...]
> 
> > > I thought you had finally gone away when I saw no posts from you for 
> > > about a week. I am depressed beyond belief to see you have returned 
> > > to interrupt the flow of discussion.... Leave and never return...
> > > 
> > Sorry about that old chap, but the last Englishmen that had the power
> > to command us here in the States was George III,
> 
> And if you are any indication, it's been downhill ever since he failed.
> 

Especially sence wichita was wrong: George III, obviously, didn't have the
power to control us.  If he did, the US would still be a colony.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Blood is thicker than water, and much tastier.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpcfGzCdEh3oIPAVAQHG2Qf/R6VYJMaQuMcUdetSHq1OBdbjbfbomYV9
k0+AzOnVA1Iri5gznj35zlyO3lYNn3ck4NdMjCQJeS1DoFjVJ002EwK6Wn7TKE/s
puNnp6yBco4c0IRcFOP+kriYP9c3xIoU6sa+aJ8Nid07q2Bzqygwyhvt9YwAfGwn
zBOoUEcX9tUGDIjCC3a56qttpPg417XGtbE8M1gER0B9LCHTn5utZtkbv5w3WDu3
uIpp9LNLdCtsHMbaOCcf/84JyxjwcwE2fbqeu3kZGw5K3HB3X64StgQHpHbvHK+u
1UcT5/8JMILF36ZbvmMVquF8fHpdX7T7Pwd6N8MI8t0zozqB57gKPA==
=42lh
-----END PGP SIGNATURE-----






From bdolan at USIT.NET  Sat Nov 23 09:13:32 1996
From: bdolan at USIT.NET (Brad Dolan)
Date: Sat, 23 Nov 1996 09:13:32 -0800 (PST)
Subject: (fwd) HOLLAND URGENT! HELP NEEDED! (fwd)
Message-ID: <Pine.GSO.3.95.961123121025.29417B-100000@use.usit.net>


I don't know anything about the particulars of this plea, but I thought it
nicely illustrated the potential dangers of a national ID card such as we
will soon have.

bd

---------- Forwarded message ----------
#From: "Hillel Barak" <freedom at netvision.net.il>
#Newsgroups: misc.activism.progressive
#Subject: HOLLAND URGENT! HELP NEEDED!
#Date: 22 Nov 1996 20:00:43 GMT

------- Forwarded Message Follows -------

Hier in Holland, we have been in the past few years regularly
confrontated with the problem of Palestinians whose requests for a stay
permit in Holland have been rejected and who have been ordered to leave
the country, although they cannot go back anywhere. It concerns refugees
who are excluded by the "Oslo Agreements", who fled or were expelled from
the countries where they resided and who do not have a nationality or any
valid papers. We have, for instance, people who used to work for the PLO in
Tunis and who had a stay permit there only as employees of the PLO, but
who cannot go back since they don't work for the PLO anymore, or people
who have been expelled from Kuwait after the Gulf War. It appears that
those people's requests for refugee status or stay permit are always
rejected, after which they get an expulsion order. In some cases, they
are put by the police on a flight to Tunis or elsewhere. When they arrive
at the airport there, they are put on the next flight back to Amsterdam.
Then the police here put them in the street, without any paper. They are
supposed to be "expelled", so that they do not exist in Holland. First
they have to find people who can house them. Then, as they have no
papers, not even an identity card, they cannot work, have no right to
medical help, cannot send their children to school, etc... and totally
depend on the charity of the people who house them and are moreover
threatened to be arrested for having no papers each time they have to go
out (as the police who put them in the street does not even give them a
paper explaining why they have no papers: the policy is clearly to insure
that they have such a bad time in Holland that they will in the end seek
refuge elsewhere).

Some people here, who are actively involved in helping refugees, want to
put a complaint to the European Court of Justice and the Council of Europe.
To do so, we need as much legal information as possible on the "legal"
status of those Palestinians refugees who fall out from the "Oslo
Agreements" and do not have any nationality or resident status anywhere.
So please send me as soon as possible any information, legal texts,
etc... about the official status of Palestinian refugees from Tunisia,
Lebanon, Jordan, Syria, Kuwait, Libya or any other country were they might
have lived. I request those of you who are lawyers to ask their
colleagues who are specialized in international law to give legal
information and their advice about the problem. Our point is to show the
European instances that those Palestinians who have been expelled from
the Arab countries where they once resided have legally nowhere to go
and that it is preposterous to deny their existence and give them the
status of "expelled persons" to countries they cannot enter.

I thank you all very much in advance,

Christine Prat

*****************************************************************************
Christine Prat
POB 16545,  1001 RA  Amsterdam
E-mail: Christine.Prat at let.uva.nl                     University of Amsterdam
*****************************************************************************








From pfarrell at netcom.com  Sat Nov 23 09:14:16 1996
From: pfarrell at netcom.com (Pat Farrell)
Date: Sat, 23 Nov 1996 09:14:16 -0800 (PST)
Subject: how much entropy in common answers
Message-ID: <199611231714.JAA21617@netcom5.netcom.com>


I've been playing arround with some code to implement CME's 
secret sharing using low entropy answers. (His write-up
is in http://www.clark.net/pub/cme/html/rump96.html)

In the write-up, Carl says " That means that it has very low entropy. For example, a person's first name has only about 8 bits of entropy. Car makes and models have only 2 to 4 bits of entropy -- especially if one is naming cars desirable to a teenager."

Further on, he says "Therefore, if each answer has entropy E, the attacker must correctly guess T=(EK) bits of answers. If T exceeds 90 bits or so, then the user is reasonably secure from answer-guessing attacks." (where K is the number
of questions)

My question is, how do we measure the entropy of each answer so we can
calculate when we've got 90 or so bits.  I know when I was a teenager,
the list of car lust objects was short, and everyone wanted a Mustang or
Camaro, so the entropy of those two choices was much less than half a bit.

A similar idea was mentioned in a critique of the plot of West Side Story.
The question is, on a hot night in Spanish Harlem, what percentage of
women are named "Maria"?

Clearly there are cultural issues involved. The entropy in a question
such as "what is your favorite brother's name?" is low in an Irish
family like mine where names cluster arround choices such as are Patrick,
John, Sean, and Dan.

So how do we measure the entropy objectively?

Thanks
Pat



Pat Farrell    CyberCash, Inc. 			(703) 715-7834
pfarrell at cybercash.com
#include standard.disclaimer





From rah at shipwright.com  Sat Nov 23 09:29:33 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 23 Nov 1996 09:29:33 -0800 (PST)
Subject: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <v03007802aebc04ebf5f8@[206.119.69.46]>


At 9:47 pm -0500 11/14/96, Rich Graves wrote:

>Sorry for the misinterpretation. Clearly your reputation has not
>persisted in my mind with sufficent clarity since the last time I was
>involved in a cypherpunks discussion.

Now you sound like Tim. :-). An end to this dicussion is just a killfile
away. Be my guest.

>  (Or possibly this issue has
>brought together such strange bedfollows that I'm ready to believe that
>anything is possible.)

"C'mon, Kids! Be-LEIVE! Or Tinkerbell's gonna die!"

>I disagree. You're assuming that you're dealing with a rational person
>who wants to be believed. It is not difficult to come up with examples
>of pure disinformation that is just "thrown out there" and never
>supported. Keep repeating the same lie, and *nonspecialists* will assume
>that there is a "debate" going on.

I agree to disagree. The "Big Lie" only works with mass media. On a
ubiquitous geodesic network, all such bets are off.

>No, actually I meant that competing propaganda tends to kill itself --
>normal people tend just to throw up their hands and say "What the hell
>does it matter anyway" -- but your interpretation is worth talking
>about, too.

See above. When you have an avalanche of dissent from lots of different
voices, all with technically the same size "megaphone", it doesn't take a
new kind of reputation calculus (or even rocket science) to get the idea
that FUD by any other name stinks just the same...

>No. It requires both. And sometimes, technical skill. How many people
>here know enough to evaluate the data concerning, to take a notorious
>example, the Kennedy assassination? I accept the historical consensus,
>but I know there are a lot of otherwise rational people on cypherpunks
>who are convinced that there was some sort of coverup (which sort, they
>often don't know or care; but they're conviced there was one). Oliver
>Stone got some ridiculous movie made based on this non-thesis (actually
>two, counting Nixon). People growing up today are learning pseudohistory
>and pseudoscience from Oliver Stone, "The X Files," "Dark Skies," and
>"Millenium." I find that scary. The net is better than TV, because it
>allows more responses, but I'm not sure how much better.

You're citing mass media again. When you have quasimonopolistic control of
a monster-megaphone the truth tends to get drowned out, or at least
homogenized, in the same way that creationism gets homogenized with real
science for "equal time", say.

>No, I think pure disinformation is cheaper. Period. And often, it
>doesn't have to be "believed" -- you just need to raise "suspicions"
>among nonspecialists.  That is sufficent to destroy consensus and trust
>in social institutions.

Again, you're using big-think here, invoking the power of large
hierarchically organized industrial institutions.

The world don't work that way anymore. Or it won't, soon enough.

>I disagree with two of your premises. Knowing several real journalists
>(as opposed to opinion columnists), I don't consider print or broadcast
>to be particularly hierarchical. The difficulty of propagating
>disinformation depends on whether you want people to believe, or merely
>"suspect." The TWA 800 friendly-fire fiction doesn't have to be accepted
>as definitely true for it to cause trouble. The "supicion" of Richard
>Jewell doesn't have to be accepted as definitely true for it to cause
>trouble. Disinformation is more often about sowing fear, uncertainty,
>and doubt than it is about belief. Sold the right way, it can propagate
>itself; the (IMO) disinformation that the CIA is directly responsible
>for the crack-cocaine epidemic is spread by radical blacks who see it as
>a racist crime, and by radical-right conspiracy mongers who want to tie
>Clinton to the Mena story. Either way, the meme virus spreads. How many
>different kinds of groups are saying how many different groups "created"
>the AIDS virus? You don't have to "believe" that it's true for the meme
>to spread.

Whew. Actually. You're proving my point. In a hierarchically organized
media structure, you get lots of feedback loops repeating the same old shit
over and over, all done in order to keep the channel full during the slack
periods. Let's take TWA 800 frendly fire story. It's been lurking in the
same loony.news and mail groups, and most people on the net think it's a
shit-story. However, Pierre Salanger gets wind of it, puts it into the ABC
evening news as gospel, and all the sudden it's a headline. The power of
the megaphone, all over again. They don't call 'em "gatekeepers" for
nothin', bunky.

>To some extent, but not fully. There is a certain cachet in being
>recognized as someone who uses "your real name."

Reputation is reputation, biometric or otherwise. On the net, your key is
who you are, no matter what your "True Name" is... Kind of like Turing(?)
test, only with reputation, I guess.

>Pseudonymity is only perfect where artificial boundaries such as respect
>for netiquette are erected. If someone really wanted to track you down,
>they could either find you, or "out" you as a pseudonym "afraid to use
>your own name." Both can be damaging (to your reputation or otherwise).
>In order to put your life on the line for something, you need a life
>story.

Okay. Then it should be trivial for you to tell me who "Pr0duct
Cypher"(sp?) is...

Have fun.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From boursy at earthlink.net  Sat Nov 23 09:41:21 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Sat, 23 Nov 1996 09:41:21 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <199611191237.MAA00639@server.test.net>
Message-ID: <32973816.4098@earthlink.net>


Jon Galt wrote:
> 
> Adam Back wrote:
>>> See, if you spend your money now, on the above, you have no right to
>>> criticize me when I look relatively wealthy later.  It's your choice
>>> to blow your money.
> 
>>  Steve Boursy writes:
>>   I agree--that's not what I was talking about--the majority of wealth
>> is handed down not earned--and the ability to earn also more often
>> than not results in hand me down priv.
> 
> What an interesting topic for this list.  


  Yes--crossbreeding has it's advantages.

> I really must point out that most wealth in this country 
> is first generation wealth - in other words, most
> wealth is EARNED, not "handed down".


  That's not even close to the truth.

 
>>> Btw, people of your mentality (communists/socialists) already make it
>>> very difficult for me to accumulate,
>>
>>   We do our best--some day we'll take it all away--really.
>
> 
> Let me just make sure I have this straight.  Stephen Boursy (and the
> freedom-knights?) is (are) against people being allowed to accumulate
> too much wealth in relation to those around them.  Adam Back (and
> the cypherpunks?) is (are) against people being prevented from
> accumulating "too much" wealth in relation to those around them.
> 
> Is that right?


  What a simple mind--coming from an Ann Rand fan though that's really
no surprise.

  Because I'm on the Freedom Knights list you assume I am speaking
on their behalf?  And because Adam is on the cypherpunks list you
assume him to be speaking on their behalf?  That's rather simple
minded.  My tie to Freedom Knights has to do with the belief that
one may freely speek their mind on the net--period.  My beliefs
regarding the redistribution of income may or may not be shared
by different members of the FK list. Personally I don't believe
in the right to accumulate excess wealth and certainly don't 
believe in the 'right' to pass it down through the generations.

                         Steve





From ericm at lne.com  Sat Nov 23 09:50:50 1996
From: ericm at lne.com (Eric Murray)
Date: Sat, 23 Nov 1996 09:50:50 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961123025857.17068A-100000@citrine.cyberstation.net>
Message-ID: <199611231609.IAA32322@slack.lne.com>


wichita at cyberstation.net writes:
> 
> 
> Do not belive it, it will never happen. It is impossible,  and we can
> prove it to your satisfaction.

No, you can't.  It's impossible to prove an algorithim unbreakable.
You can only say that it hasn't been broken yet, but you can't
predict the advances in cryptoanalysis.

If, in two or three years, no one's broken it then maybe it'll seem
like a reasonably-secure algorithim.  Of course when someone does break
it you'll just say "oh, that wasn't the real algorithim" like you did
last time. 

> Please be advised that effective immediately any U.S. or Canadian
> corporation (ltd), organization or government group may now receive a free
> IPG demonstration system, it has some limitations but it does  allow users
> to see how easy it is to use the system compared to existing antiquated
> systems. It will also allow users to prove to themselves that the security
> is truly peerless.
> 
> This offer does not apply to individual users.

Why not?  Not giving it to individuals will keep a number of people
from examining it.  If it's as secure as you say then you wouldn't
care who or how many people look at it, would you?
You could always make the demo time-limited.


-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From frissell at panix.com  Sat Nov 23 09:50:50 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 23 Nov 1996 09:50:50 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <3.0b36.32.19961123113329.0074e444@panix.com>


At 10:40 AM 11/22/96 -0800, Lucky Green wrote:
>The LEA's are not intested in saving the public money. They are 
>interested in preserving and expanding their power. If it costs 
>$1,000,000 per wiretap, who cares? The government has men with guns that 
>can always go out and extort more cash from the population.
>
>--Lucky

They could if they would; but they can't so they won't.  Governments (like
real people) always collect as much revenue as they possibly can at a given
time.  If they could figure out a way to get more they would.  To argue
otherwise is to imply that they are not maximizing their total monetary and
psychic income and are forebearing to grab all they could.  I don't think
members of this list should pay The Great Enemy such a compliment.

Remember the findings of the Public Choice school.

DCF  





From sandfort at crl.com  Sat Nov 23 09:54:27 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 23 Nov 1996 09:54:27 -0800 (PST)
Subject: A.Word.A.Day--syncope (fwd)
Message-ID: <Pine.SUN.3.91.961123094720.6554A-100000@crl7.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

For those of you who don't get Word.A.Day, you might enjoy the
unatributed quote at the bottom of the post.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------- Forwarded message ----------
Date: Sat, 23 Nov 1996 01:52:20 -0500
From: Wordsmith <wsmith at wordsmith.org>
To: linguaphile at wordsmith.org
Subject: A.Word.A.Day--syncope

syn.co.pe \'sin-k*-(.)pe-, 'sin-\ n [LL, fr Gk synkope-, lit., cutting 
   short, fr. synkoptein to cut]short, fr. syn- + koptein to cut - more at 
   CAPON 1: a partial or complete temporary suspension of respiration and 
   circulation due to cerebral ischemia : FAINT 2: the loss of one or more 
   sounds or letters in the interior of a word (as in fo'c'sle for forecastle)

 
 
...........................................................................

The generation of random numbers is too important to be left to chance.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
To subscribe or unsubscribe, please send a message to wsmith at wordsmith.org
with "Subject:" line as "subscribe <Your Real Name>" or "unsubscribe".
Email anu at wordsmith.org if you have any questions, comments or suggestions.
Archives, FAQ, words and more at the WWW site: http://www.wordsmith.org/awad/






From jf_avon at citenet.net  Sat Nov 23 10:09:50 1996
From: jf_avon at citenet.net (Jean-Francois Avon)
Date: Sat, 23 Nov 1996 10:09:50 -0800 (PST)
Subject: wealth and property rights
Message-ID: <9611231809.AA03975@cti02.citenet.net>


On 21 Nov 96 at 18:35, Dave Hayes wrote:

> However, I would question the implication that "socialists" are
> responsible for the higher tax rates you currently experience.  
> 
> For example, I could make a strong case that you really have some
> clever "capitalists" who have learned how to express their
> "capitalism" quite effectively across the space of all people in a
> "country".

OK.  I am not on Cypherpunks anymore but this leftover of the mail queue 
landed in my mailbox.  So, please, reply directly.

I just couldn't let this one pass by me without jumping on it.  :)

Your second paragraph is attacking a straw man.  You even included the word
'capitalist' in double quotes (").  The common point between socialists and
theses so-called "capitalists" is that they both use that fact that some
coercion is enacted on a given population to get rich an/or powerful.  

The socialists seek, as a value, power over producers and your "capitalists"
seek to get rich and/or powerfull. But both blank out the cause of the
obtention of their goals: legally exerted coercion (via govt rules and
powers).  To use terms coined by a well known writer, one is a Witch Doctor,
the other is an Attila (morally sanctionned by the Witch Doctor).  They
natures are not opposite, they are simply both sides of the same coin.

I sometimes wish peoples would use words for what they really mean...

jfa
Please reply or Cc. directly to me.
Jean-Francois Avon, Pierrefonds (Montreal) QC Canada
 DePompadour, Societe d'Importation Ltee
    Finest Limoges porcelain and crystal
 JFA Technologies, R&D consultants
    physicists and engineers, LabView programing
PGP keys at: http://w3.citenet.net/users/jf_avon
ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 
ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C 





From rah at shipwright.com  Sat Nov 23 10:48:41 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Sat, 23 Nov 1996 10:48:41 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <199611230853.AAA10184@netcom6.netcom.com>
Message-ID: <v03007828aebcf00bd828@[206.119.69.46]>


At 3:57 am -0500 11/23/96, Bill Frantz wrote:
>For the fans of E.E.(Doc) Smith, go see this movie.

Lensmen of the world untie your bracelets! Free yourselves from your weevil
capitalist masters!

>OBCrypto: Data locks the main computer with a fractal cypher.

Known source of entropy, those fractals. ;-). Ah... DreckPhysics. Gotta
love it.

>OBMoney: Picard states the they don't have money in the 24th century.
>Instead they work for the good of mankind.

Hrm. Looks like they're ripping off Iain Banks too. :-). First Niven, now
Banks. Life is hard when you have to keep that production pipe full...

>Nanotechnology must have made
>everything material possible, so the only reward left is status (aka
>reputation).

Funny, I didn't think they had nano in the 23rd century. Except for the
"Genesis Bomb". No, wait, that was matte painting, wasn't it?

Even Babylon 5, AKA "Science Fiction He Wrote", has a bigger clue.

Feh.

Yes. I know. Resistance is futile. I've been assimilated. I'll go anyway...

;-).

Cheers,
Bob Hettinga




-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From roy at sendai.scytale.com  Sat Nov 23 10:59:20 1996
From: roy at sendai.scytale.com (Roy M. Silvernail)
Date: Sat, 23 Nov 1996 10:59:20 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961123025857.17068A-100000@citrine.cyberstation.net>
Message-ID: <961123.121809.1L0.rnr.w165w@sendai.scytale.com>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, wichita at cyberstation.net writes:

> Do not belive it, it will never happen. It is impossible,  and we can
> prove it to your satisfaction.

Formally?

*PLONK*
- -- 
           Roy M. Silvernail     [ ]      roy at scytale.com
"There are two major products that came out of Berkeley:
LSD and UNIX.  This is no coincidence."
            -- glen.turner at itd.adelaide.edu.au (Glen Turner)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpdAFxvikii9febJAQH8mAP/dt4GWcbuQL4tuEDNUJUQhqmbGHrcTUiD
zxZrCyxrJyi+z5IGLkfAGGOlAq7Ls5F9/EnN3cvm17AIOEWwPkgBIFx/y4BHrsNJ
oPkthtjx6xNfqq3P6033j+Un8g2EG0kxaSQWh5w5ZI2PXLNJTWszDmhk8dcYxgEW
UP/oDZrb0F8=
=lxMC
-----END PGP SIGNATURE-----






From wombat at mcfeely.bsfs.org  Sat Nov 23 11:06:29 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Sat, 23 Nov 1996 11:06:29 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.NEB.3.94.961123040742.14111A-100000@localhost>
Message-ID: <Pine.BSF.3.91.961123124906.6152C-100000@mcfeely.bsfs.org>




On Sat, 23 Nov 1996, Jim Wise wrote:

> On Fri, 22 Nov 1996, `Jon Galt' wrote:
> 
> > What an interesting topic for this list.  I really must point out that most
> > wealth in this country is first generation wealth - in other words, most
> > wealth is EARNED, not "handed down".
>  
> Please back this statement up.  The fact is, contrary to our grand self-image,
> America has one of the lowest rates of class mobility in the world.  Just shy
> of forty percent of the wealth (in land and capital) in the U.S. is possessed
> by one percent of the  population.  This far outstrips, for example, 
> Great Britain, where the top one percent of society holds 18% of the nation's
> wealth.  Continuing down the line, the top 20% of the us population hold more
> than 80% of the nation's wealth.  [Source New York Times, April 17. 1995, p.1]
> 

Yup. I agree with you here - every year Forbes puts out its list of the 
richest people in America. I'm too lazy to go digging under the coffee 
table to find the issue, but as I recall, a good number of the people on 
the list made their money the old-fasioned way - they inherited it.

Also - most people inthis country do not have true "wealth" - most are
fairly leveraged with mortgages and other loans, so their true net worth
is not all that high.

The "coupon-clipping" class is mostly "old money."

-r.w.






From nobody at cypherpunks.ca  Sat Nov 23 11:20:16 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 23 Nov 1996 11:20:16 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <199611231914.LAA10101@abraham.cs.berkeley.edu>



At 8:09 AM 11/23/1996, Eric Murray wrote:
>No, you can't.  It's impossible to prove an algorithim unbreakable.

No?  Please prove your assertion.

Your claim is similar to IPG's - nobody has done it yet.

Your claim is stronger - hardly anybody has worked on IPG's algorithm,
nor are they likely to.

diGriz







From sunray at globalnet.co.uk  Sat Nov 23 11:43:12 1996
From: sunray at globalnet.co.uk (Steve Crompton)
Date: Sat, 23 Nov 1996 11:43:12 -0800 (PST)
Subject: Announce PGP263UI (long message)
Message-ID: <1.5.4.16.19961123194402.1cafcf4c@mail.globalnet.co.uk>



-----BEGIN PGP SIGNED MESSAGE-----

To All PGP Users:

I am happy to announce the availability of PGP 2.63ui, the successor
to PGP 2.6ui and 2.62ui, an unofficial international release of the
famous public key encryption program, based originally on version
2.3a.

This version is being made available for a number of reasons:

* It is the only version fully compatible with *all* versions of PGP
from 2.0 to 2.7

* It incorporates a number of bug fixes and features not available
in the MIT release (see below) or in Stale Schumaker's 2.6.x.i
releases based on the MIT release.

* This version, like 2.3a and 2.6xui before it, is published under the
terms of the GPL. Consequently:

  - You are not bound by the RSADSI licence since this version does not
  use RSAREF (which forbids commercial use and unauthorised use of the
  cryptograpgic routines), as you are with MIT PGP

  - You are not bound by the MIT licence (which requires the program
  to produce output that cannot be read by earlier versions), as you are
  with both MIT PGP and Staale Schumacher's PGP 2.6.xi.

  - you can therefore do what you like with the code of the program
  provided any derivative work is also GPL'd.

  - The only relevant patent for users outside the USA is Ascom-Tech's
  patent on IDEA. For non-commercial use it's free, anywhere. For
  commercial use you need  a license, but Ascom-Tech offers a single-
  user license for a modest fee. See

    http://www.ascom.ch/systec

Users inside the USA may not legally use 2.63ui, because the RSA
patent is in effect there. USA residents are advised to obtain one
of the MIT versions which have a license for non-commercial use of
RSA.

However, I note in passing that by using the armor_version parameter
in CONFIG.TXT, that armored output from PGP 2.63ui can be made
difficult or impossible to distinguish from other versions.

Note that I personally have not done very much of the actual coding on
this version.  However if bugs are reported or constructive
suggestions for improvements made I will pass them on to the
individual(s) who have done the bulk of the work to make this release
possible.  I am assured that continuing support will be provided.

This is a partial list of the changes and fixes since 2.62ui.
A complete list is in file 263UICHG.ASC, which is inside both
ZIP distribution files.

Added CONFIG.TXT Parameters:

LabelEncrypt = on     # Label Encrypted Armored files with Recipient(s)

This will add readable text in front of an encrypted and armored file
listing the public keys used to encrypt it.  The format of the text is
similar to what appears on the console during (-l) decryption.

PrePendSigV=on      # Prepend Signature Verification msg to output text

When verifying the signature on a text (not binary) file, and a
detached signature (-b) is not requested, PGP 2.63ui will prepend a
message with the results of the signature verification (good or bad)
similar to what appears on the console.

Expanded Compatibility with Early PGP Versions.

version_byte=3 is usually set to Emulate PGP 2.6 after 9/1/94

Version_byte must be set to 2 before encrypting/signing
messages to be decrypted/verified by PGP 2.2 or 2.3a.

Also, unique to PGP 2.63ui, is the ability to set version_byte to 2
in extracted keys (-kx[a]).  This allows PGP 2.63ui to extract keys
which may have been created and/or signed by MIT PGP or by a ui
version with version_byte set to 3 and create an extracted key which
may be added (-ka) by PGP 2.3a.

Note that the reverse is not true. If version_byte=3, keys created
with version_byte=2 are -not- changed when extracted.

Expanded Error Checking

Most disk writes are now checked for errors or running out of disk
space.

Key Generation and other Keyring maintenance operations check for
write access to public and (where required) secret keyrings before
lengthy processing starts.  Previous versions were not checking if the
keyrings were set to read-only, which led to invalid results.

PGP 2.63ui allows you to change UserID's of keys not your own
(corresponding secret key not present).  You can sign the new ID
with your own secret key but (obviously) not with the other person's
secret key.

PGP 2.63ui is distributed in two ZIP files

   pg263ui.zip   [executables & documentation]
   pg263uis.zip  [source code & documentation]

They are currently available at:

ftp://ftp.funet.fi/pub/mirrors/utopia.hacktic.nl/pgp/pc/dos/

ftp://utopia.hacktic.nl/pub/replay/pub/pgp/pc/dos/

Each zip file contains a MANIFEST signed by me which gives the MD5
digests of all other files within the ZIP. You can use the MD5SUM.EXE
program included in pg263ui.zip to verify the MANIFEST (after using
PGP to strip the signature).

Here is the MANIFEST for pg263ui.zip

840317378232e54d03424e7e49a9bd4a *263UICHG.ASC
7408f5f49f74e0209f7a712a10c95e8e *CONFIG.TXT
83c8d06f39a0984066464e9a70e62550 *ES.HLP
64fa593bc5f188cf5a3cda03f3ed0ea5 *FR.HLP
480f583a2ac6776a4de7df6e7382545e *KEYS.ASC
5ba7143bad4739a4b749e492b5eee1ce *LANGUAGE.TXT
ecec59110e8a3bfd7fb195ec5964d5ce *MD5SUM.EXE
ca537810f4fdf5f359ec6583eeb176bb *PGP.EXE
3e2afe9edfc197554e9de9e3d433cdd0 *PGP.HLP
e1ef684d67c7e23143bca9163ce04966 *README.1ST
473d455178341f5f6e5f53394fd5a1d9 *README.2ND
a7491b03c6e87d57e34ec03ace211509 *README23.DOC
01a94cd84d68ea1cb905ce29caf0961e *DOC\BLURB23.TXT
ad4652e2dcfd4a0ecf91a2c01a7defd5 *DOC\COPYING
fbdd95ba04c9d2be5c4b8e2769482c32 *DOC\KEYSERV.DOC
8ab813656498102101d55b9ecfddde98 *DOC\NEWFOR22.DOC
cf12a2daac04470b6ad2b311cc514431 *DOC\NEWFOR23.DOC
5413061db46b1379a5489296c214ee38 *DOC\PGFORMAT.DOC
2a6c84401fc0c3b9febd77dd965c7b4f *DOC\PGP.1
33eeab5a938d0d33b8ca8ecf97038d73 *DOC\PGPDOC1.TXT
ff0d028f72c4632c2b87c099dce92180 *DOC\PGPDOC2.TXT
ca6253109c92944d44a9a1767f0b58ff *DOC\POLITIC.DOC
b648ac7c1c3aa7b0c92f80dc18dc9bcc *DOC\README.VMS
e4cfe2f3c28aab747f2396ae5e0a8ba8 *DOC\SETUP.DOC

Here is the MANIFEST for pg263uis.zip

840317378232e54d03424e7e49a9bd4a *263UICHG.ASC
7408f5f49f74e0209f7a712a10c95e8e *CONFIG.TXT
83c8d06f39a0984066464e9a70e62550 *ES.HLP
64fa593bc5f188cf5a3cda03f3ed0ea5 *FR.HLP
480f583a2ac6776a4de7df6e7382545e *KEYS.ASC
5ba7143bad4739a4b749e492b5eee1ce *LANGUAGE.TXT
3e2afe9edfc197554e9de9e3d433cdd0 *PGP.HLP
a7491b03c6e87d57e34ec03ace211509 *README23.DOC
e1ef684d67c7e23143bca9163ce04966 *README.1ST
473d455178341f5f6e5f53394fd5a1d9 *README.2ND
1a22a466840f14025a5de0118d6daa0d *CONTRIB\README
e8e9f513a273e86170e886c730a73307 *CONTRIB\ELM_NN\MAILPGP
56776ba15d847d005da2c95caa13744f *CONTRIB\ELM_NN\MOREPGP
8ae0fd91ea7ca5e041a5da4b78dce2c1 *CONTRIB\ELM_NN\POSTPGP
a2e4b46d2b0a6613a19061e8755024ca *CONTRIB\ELM_NN\README
0bf0ac13b4d019ed8b010ac3c0d30241 *CONTRIB\EMACS\PGP.EL1
52f5921095dd385796ae5fe6b2badbc6 *CONTRIB\EMACS\PGP.EL2
8de46004960bbca27de290a814fa6585 *CONTRIB\EMACS\RAT-PGP.EL
0188d65c58e003d50871a60412a86e58 *CONTRIB\EMACS\PGPEMACS.DOC
3a256a88091276b667a8283614122a76 *CONTRIB\IDEA\IDEA.ASM
fb995ab5c86fd45fcccc9c385d03c551 *CONTRIB\IDEA\README
1061623e095426e6ece416f75a15c643 *CONTRIB\IDEA\TEST.C
488b1cece84dd0853f491a5d10362ca4 *CONTRIB\MAIL_TIN\MAILPGP
994c5848ed0457eaf60ec086ad86048e *CONTRIB\MAIL_TIN\MOREPGP
f3afdb4e57ea645e7bfdbb1eb969a48c *CONTRIB\MAIL_TIN\POSTPGP
746f7fcfb23fc18974f06243201957eb *CONTRIB\MAIL_TIN\README
c037a9119d14999dc445ea47a75e7d48 *CONTRIB\MAILX\MAILER
06cebf8214342e286a7f3245c724ff4d *CONTRIB\MAILX\PGPMAIL2
eac85d75f64fef85da9afa399368890d *CONTRIB\MD5SUM\MD5SUM.C
5ca3e58ba621523b0d3feb026820fa63 *CONTRIB\MD5SUM\PGP23.MD5
6242095b32ea68409929194ad7e157bd *CONTRIB\MD5SUM\README
7bf7d12fe520767019a71d4f963fa6c8 *CONTRIB\MD5SUM\PGP26UI.MD5
501fc6ccb4e8405d75a72d9acb6a019c *CONTRIB\MH\PGPMAIL.MH
bff01f6723fac1145074f6cce81ef1b8 *CONTRIB\MIME\MIMEPGP.DOC
ded0f233729d58e001746708fb0ecec6 *CONTRIB\MISC\PGPNOHDR.SH
a860741049e3b3285c4d96996a7e59f0 *CONTRIB\MISC\PGPPAGER.C
3af9ddacbe85b67fd3a02ce8a9421a04 *CONTRIB\VI\VIPGP.DOC
01a94cd84d68ea1cb905ce29caf0961e *DOC\BLURB23.TXT
ad4652e2dcfd4a0ecf91a2c01a7defd5 *DOC\COPYING
fbdd95ba04c9d2be5c4b8e2769482c32 *DOC\KEYSERV.DOC
8ab813656498102101d55b9ecfddde98 *DOC\NEWFOR22.DOC
cf12a2daac04470b6ad2b311cc514431 *DOC\NEWFOR23.DOC
5413061db46b1379a5489296c214ee38 *DOC\PGFORMAT.DOC
2a6c84401fc0c3b9febd77dd965c7b4f *DOC\PGP.1
33eeab5a938d0d33b8ca8ecf97038d73 *DOC\PGPDOC1.TXT
ff0d028f72c4632c2b87c099dce92180 *DOC\PGPDOC2.TXT
ca6253109c92944d44a9a1767f0b58ff *DOC\POLITIC.DOC
b648ac7c1c3aa7b0c92f80dc18dc9bcc *DOC\README.VMS
e4cfe2f3c28aab747f2396ae5e0a8ba8 *DOC\SETUP.DOC
a75c34297e3915242232242aa0147bb8 *SRC\3B1_6800.S
baf854e4fd40d02a7b7b7fa2911382be *SRC\68000.S
557168162e418489bc245ab5c4030add *SRC\68000_32.S
57900fde67a6039f1b218972e74bf806 *SRC\80386.S
de3f8236644a00ca45d1c41f400b2fc3 *SRC\8086.ASM
69f8d2757e5c13a1ebf17998a756e8ba *SRC\ARMOR.C
80f3854e9b76eee4167503893135839e *SRC\ARMOR.H
5b9cd4b55699685f37dd594382dda8a7 *SRC\CCC
7fb0b40db91d6da79d38b2f475110fc4 *SRC\CCC.X28
66b7d0786b5d426644591fa347a7e205 *SRC\CHARSET.C
35bbbe1de78008abae59bf12fed41291 *SRC\CHARSET.H
04b95ec3860bc3ecaf56d2fe5d837a68 *SRC\CONFIG.C
eb57f96eea26bee3152fb82a5006e133 *SRC\CONFIG.H
c0741f9f07cb9f7f7dff2be9ac6ed3a0 *SRC\CRYPTO.H
df233c3e5793cae25adc82bd51ffe9c5 *SRC\CRYPTO.C
1c51db6958288d475e066f4b428d1324 *SRC\DESCRIP.MMS
067b372f3f13365acca772f307dd73c9 *SRC\EXITPGP.H
243453889c70b37d7444d29a162ba9bb *SRC\FILEIO.C
bc273e19f5900cac30bfe8d1bc29907a *SRC\FILEIO.H
a0bebb371176f8fd5ea2c34e14be8106 *SRC\GENPRIME.H
4f3f1ca25c8ad16536ba9fa4f2fa07ba *SRC\GENPRIME.C
12fb2c21d044f5cc1264d4e2f8e35d17 *SRC\GETOPT.C
70bc995b674a1041f006e0c85ad128bc *SRC\GETOPT.H
891c95125020cc39df1cfaf531baeac4 *SRC\IDEA.C
cbf974a9968d4cccb3dbbb8c6e197fb3 *SRC\IDEA.H
be2862fa4e729caed7f5284d0a068c2d *SRC\KEYADD.C
a31d39f665562103f27fd51943eb9f80 *SRC\KEYADD.H
fcd92da1ef03062aaaf4a32e9c0bfe1c *SRC\KEYMAINT.C
e8b97adb23122b1e61d1c876d44405f5 *SRC\KEYMAINT.H
b51b6f358baecddf27d2af1f1325b8a8 *SRC\KEYMGMT.H
55f0e339489a329813568e9e43d44087 *SRC\KEYMGMT.C
378c2c04399840ff19a1c428c86b31a3 *SRC\LANGUAGE.C
fa3757f2e65cce62ccd16cf4fa71f0dc *SRC\LANGUAGE.H
2194f583f62eff5db4dacc1d032fd391 *SRC\LMUL.H
465c44debfabb9433c6b0d6416d29ff9 *SRC\M.BAT
46377c4b4ff7deb2bac93c5eee2bbbad *SRC\MAKEFILE.TC
5a7e71d8c85f7cd95825c55cd3f1bae7 *SRC\MAKEFILE.AMY
625825b93e4230440371ee2bc32616e8 *SRC\MAKEFILE.MSC
0fd62dae064f53b0c9caa7ac9302a926 *SRC\MAKEFILE.UNX
08781b63fa78e8743be80da9aace6f9f *SRC\MC68020.S
021582f73d3324be77267a0c60890e6e *SRC\MD5.C
3b254fd2c035f3081ca2ec96ea120f9a *SRC\MD5.H
517550a4f55b76767a524f8997310bae *SRC\MDFILE.C
f54f6dc8ab01cb256d23f59824c38ee7 *SRC\MDFILE.H
5fbaf7195aadb77916f02c6fe3260a45 *SRC\MORE.C
ad3274da77b334827113f23ba7e85730 *SRC\MORE.H
9cb7caf58ca015e4a2a88deb056c539d *SRC\MPIIO.C
4d1446ac5992abe2cf1ea12a8f2d9310 *SRC\MPIIO.H
5b5f0174cdc8d2dcf6c48240ea4bf055 *SRC\MPILIB.H
f86467788e24b8484c9f9c71b8bfb692 *SRC\MPILIB.C
5db4340956609ac9debb9a517371bf9e *SRC\PASSWD.C
9344f7fe246c52d04105ddfae09de625 *SRC\PASSWD.H
8fe5084f2924836c655e84ef7f835674 *SRC\PGP.C
614f9234b18231bf92219c8a257e78cc *SRC\PGP.DEF
88c06903fc5386160e34291da980c421 *SRC\PGP.H
851e15e93234d3c466af5f9c9c932d79 *SRC\PGP.MAK
64459d86a1069f98ed6d471b39614561 *SRC\PGP.OPT
2def18122c0cf2b56e0e8caff3e3ecb5 *SRC\PGP.PRJ
abf28ba7832d89abeac494e3cec45a7c *SRC\PGPPWB.MAK
dbb569238f082bb4048264ffd0eb117a *SRC\PLATFORM.H
19be9bade48954274b84408fa18d4ad0 *SRC\R3000.C
e64d1a208d148cd3c2400f9301360df2 *SRC\R3000.S
766825310519ca3c70395c2ccf986aa7 *SRC\R3KD.S
ba19b4d87c1f1d36f00e1f180b4b9a72 *SRC\RANDOM.C
1aad27b13005436b9e2e9c7537a641e0 *SRC\RANDOM.H
62542804547db44fabdf36bc31d0802e *SRC\RSAGEN.C
6d3eb1bb77e53c7020dc6180c95adeb2 *SRC\RSAGEN.H
d026b1e2ef561bf20790c81578159449 *SRC\RSAGLUE.C
a62a4b12a3837571e13419559c385747 *SRC\RSAGLUE.H
b13fc1755a4d36109604dd027d9a5d36 *SRC\SPARC.S
e01ca7bf8ff1b5fb55b95b762569430d *SRC\SPARC5.S
9d47b06b192c264dcbf2184c1890f05f *SRC\STDLIB.H
1efd1412a867be2b00a0cd66f036c314 *SRC\SYSTEM.H
329e9a279a9cdd4ae241d03839970a6d *SRC\SYSTEM.C
270fa89c0ff884ee10d1a02a1ff9040d *SRC\USUALS.H
30861dd65fdde4a5980b7d4cdf77ffdf *SRC\VAX.MAR
4d38b8dd3fa590edac0c2c9ccbfa2c0f *SRC\VAXCRTL.OPT
0bfbf4243329095d8bedb43e9222c6f4 *SRC\VMSBUILD.COM
1f09c5096052dd04a23f82fbfbf3f735 *SRC\ZBITS.C
9ff737184ab3697105e63c314ee291bb *SRC\ZDEFLATE.C
6ce4f6a3d9a62c1f188a2c22c171242a *SRC\ZFILE_IO.C
20cc87c569e4a1ef96b700f733190201 *SRC\ZGLOBALS.C
7cf642c7a28dab19b5b257d6f06fa3a4 *SRC\ZINFLATE.C
28d41c5aea7551e8c6c3d12e69141adb *SRC\ZIP.C
6e4e3f4ae03d0d6a9d466716bafe719f *SRC\ZIP.H
1602f1e2f0836b7d2af3e071fca8a47e *SRC\ZIPERR.H
d196f856bc08b1740b2679c5f5fd1411 *SRC\ZIPUP.C
988ca6b0f63791ca02524048e666cb72 *SRC\ZIPUP.H
fb27196aa99cf8b47fba10581db5aa24 *SRC\ZMATCH.S
8f5d690f2652a4d4ceab1b41d1b40d01 *SRC\ZMATCH.ASM
56b97156406d0adb0e9b714c2d5bf6c6 *SRC\ZREVISIO.H
7c2f8a376a30a72eb71eff212f1a8b14 *SRC\ZTAILOR.H
17fac9f3271a8650256da28bf31b584b *SRC\ZTREES.C
3f114dac8098c09167d2d2c540520415 *SRC\ZUNZIP.C
d211d2be3334c216808c376cc5b5812e *SRC\ZUNZIP.H

This version of PGP has not been approved by MIT or Phil Zimmerman.
Please do NOT send any questions or bug reports about this version to
either pgp-bugs at MIT or directly to Phil, but rather to me,

Steve Crompton <100645.1716 at CompuServe.COM>
London, 23rd November 1996


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

iQCVAwUBMpc+1Qc2DukbwCfhAQHi8gP+LCT2tFyzHf54CCkzeqQKbfQdFlldddtO
RwwyVLOE6R7HnHuwz8HPFOEKjz85z158Rq0RbpmZqG+G0ynChuqm/80ocEfB83PI
PXLjgTzeOxqdEum9tWpa45UUlMEuC4Puni7t9AUMyNlTmNrunbRMFdcDxIajsV+j
U/0r1tRhPA4=
=G+nz
-----END PGP SIGNATURE-----






From jer+ at andrew.cmu.edu  Sat Nov 23 11:55:30 1996
From: jer+ at andrew.cmu.edu (Jeremiah A Blatz)
Date: Sat, 23 Nov 1996 11:55:30 -0800 (PST)
Subject: sci fi
In-Reply-To: <3.0.32.19961121233535.0106ea44@mail.teleport.com>
Message-ID: <0mZpN1200YUh0A9980@andrew.cmu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Alan Olsen <alan at ctrl-alt-del.com> writes:
> At 09:50 PM 11/21/96 -0800, John Anonymous MacDonald wrote:
> >So will some exceptionally creative sort spend 3 or 4 hundred pages exploring
> >BlackNet and the future of global networking? 
> 
> We can only hope.

Sterling's "Islands in the Net" paints a picture of a global network
as a status quo reinforcing system, and where offshore data havens are
wiped out to the man by one world governemnt enforcers. Probably not
what you had in mind.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpdWO8kz/YzIV3P5AQGtXgMApQtmWDfv18M+PGEC/JVuoZ8JaBg9gfzi
F771J7zNvMFoJgVcCgnoBiXatJCO6bSjb8qgv7wb+p2rLot1mhNEqYCvH70UzTUh
yG6dkJ7VB/iJceIDFAqpHzpkDNjB7ePG
=/OWe
-----END PGP SIGNATURE-----





From ericm at lne.com  Sat Nov 23 12:34:08 1996
From: ericm at lne.com (Eric Murray)
Date: Sat, 23 Nov 1996 12:34:08 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611231914.LAA10101@abraham.cs.berkeley.edu>
Message-ID: <199611232033.MAA01386@slack.lne.com>


John Anonymous MacDonald writes:
> 
> 
> At 8:09 AM 11/23/1996, Eric Murray wrote:
> >No, you can't.  It's impossible to prove an algorithim unbreakable.
> 
> No?  Please prove your assertion.

You can't prove a negative.  The best IPG could say is that
it can't be broken with current technology.
Next week someone might come up with a new way
to break ciphers that renders the IPG algorithim breakable.

You point could have been that the same problem exists
for proofs- that next week someone could come up
with a way to prove, for all time, that an algorithim
really IS unbreakable.  So, to cover that posibility
I should have said "it's currently impossible to
prove an algorithim unbreakable". :-)

 

-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From frantz at netcom.com  Sat Nov 23 13:29:45 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 23 Nov 1996 13:29:45 -0800 (PST)
Subject: Star Trek: First Contact
Message-ID: <199611232129.NAA06160@netcom6.netcom.com>


At  6:02 AM 11/23/96 -0500, Black Unicorn wrote:
>On Sat, 23 Nov 1996, Bill Frantz wrote:
>> OBMoney: Picard states the they don't have money in the 24th century. 
>> Instead they work for the good of mankind.  Nanotechnology must have made
>> everything material possible, so the only reward left is status (aka
>> reputation).
>
>Why doesn't everyone have a starship?

(Tongue firmly in cheek) It seems some feel that their best route to high
status is to be the crew member who beams down and dies.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From hal at rain.org  Sat Nov 23 13:32:47 1996
From: hal at rain.org (Hal Finney)
Date: Sat, 23 Nov 1996 13:32:47 -0800 (PST)
Subject: how much entropy in common answers
Message-ID: <199611232126.NAA00899@crypt.hfinney.com>


From: Pat Farrell <pfarrell at netcom.com>
> Clearly there are cultural issues involved. The entropy in a question
> such as "what is your favorite brother's name?" is low in an Irish
> family like mine where names cluster arround choices such as are Patrick,
> John, Sean, and Dan.
>
> So how do we measure the entropy objectively?

You have to estimate the probability that the attacker will guess what you
have chosen.  This will depend on how much the attacker knows about you.
If he knows that you're Irish, it will help in the question above.  If he
knows the names of your brothers, it will help a lot more.  Probably
it is best to be conservative in assuming what your attacker knows.

If you have four brothers and nobody whom the attacker could ask will
know who is your favorite, but you think he could find out there names,
then he has probably a 1/4 chance of guessing right.  (Actually he
might do better by preferring older brothers rather than younger, etc.)
The amount of entropy is then negative log 2 of the probability, or 2
in this case (2**-2 is 1/4).

For cars, if 50% of people like you would have chosen Mustangs, 
40% Camaros, and the remaining 10% scattered among other brands, then
if your favorite car was a Mustang that is only worth about 1 bit.  But
if your favorite car was an Oldsmobile there might be only 1/100 chance
of the attacker guessing that, so it could be worth 6 or 7 bits.

Hal





From aga at dhp.com  Sat Nov 23 14:17:59 1996
From: aga at dhp.com (aga)
Date: Sat, 23 Nov 1996 14:17:59 -0800 (PST)
Subject: This is your last warning
In-Reply-To: <vpybfs5y35.fsf@grendel.austin.texas.net>
Message-ID: <Pine.LNX.3.95.961123165454.5640D-100000@dhp.com>


On 23 Nov 1996, Firebeard wrote:

> >>>>> aga  writes:
> 
> a> It just "looks" that way on the net.  I do live-fucking, newsgroup
> a> flooding, mailbombing, vote-tampering and defamation all legally,
> a> and OPENLY on the InterNet.
> 

To be truly honest about this, (since you keep
putting that cypherpunks address in the header)
I have not really done any of the above yet, but they are
all perfectly legal in cyberspace.  Just get the
fucking point, there are no laws which can cross borders.

> a> The more you PGP, the worse you look.  Nobody reads your e-mail, so
> a> stop being so paranoid.
> 
> 	Hate to disabuse you, but I've had it done.  I've had military
> investigators hand me copies of email I've received, and ask me to
> explain them, and the actions I took (and did not take) in response.
> 

Just what kind of 'military investigators?'
Since you are a civilian, they should not have even
asked you that question.  You answer by privete email.

The net is clearly not military property but belongs solely
to international anarchists which can not be stopped by any laws.

> -- 
> #include <disclaimer.h>                               /* Sten Drescher */
> ObCDABait:      For she doted upon their paramours, whose flesh is as the
> flesh of asses, and whose issue is like the issue of horses.  [Eze 23:20]
> ObFelony: President Clinton, you suck, and those boys died!
> Unsolicited solicitations will be proofread for a US$500/KB fee.
> 

Now look, I have told you before.  Stop writing to me and
using the cypherpunks address as a cc in the header.

I told you before that I am not going to write to that fucking list
any more, and if I receive any more e-mail from you with their
address in the header, well...

You have been doing this for a number of days now.
This is your last warning.






From pfarrell at netcom.com  Sat Nov 23 14:25:39 1996
From: pfarrell at netcom.com (Pat Farrell)
Date: Sat, 23 Nov 1996 14:25:39 -0800 (PST)
Subject: how much entropy in common answers
Message-ID: <199611232225.OAA15379@netcom5.netcom.com>


At 01:26 PM 11/23/96 -0800, Hal Finney wrote:
>From: Pat Farrell <pfarrell at netcom.com>
>> Clearly there are cultural issues involved. The entropy in a question
>> such as "what is your favorite brother's name?" is low in an Irish
>> family like mine where names cluster arround choices such as are Patrick,
>> John, Sean, and Dan.
>> So how do we measure the entropy objectively?
>
>You have to estimate the probability that the attacker will guess what you
>have chosen.  This will depend on how much the attacker knows about you.
>If he knows that you're Irish, it will help in the question above.  If he
>knows the names of your brothers, it will help a lot more.  Probably
>it is best to be conservative in assuming what your attacker knows.

I was really hoping for some insight into the general problem.
If you knew that my family is Irish, that makes certain names
much more likely. Obviously if you know that I've got five brothers,
a little bit of work will probably let you know that they are Tom, Dick,
Harry, Mike, and John. But that is an example of a terrible question for Carl's
approach. I was asking the more general question.

Carl suggested that in general a first name has about eight bits of entropy.
But knowledge of the social environment can seriously reduce it. Jenifer was
a hugely popular name for girls in the US ten to 20 years ago. You'd
expect more Juan's and Jose's in a Hispanic community, just like you'd expect
the Dan's, Pat's, Mike's, in an Irish community.

I know that the classic definition of entropy is, but without knowledge of
the statistical universe that we're dealing with, how can I measure it?
The probability that a male's first name is Harry is probably pretty low
in general, yet it is exactly 20% if you restrict the world to my brothers.

Carl suggested "What was the name of the first person on whom I had a crush?"
But if 33% of the women are named "Maria" in the local universe, then
that is not much entropy. Yet a name of "Maria McGee" is probably 
fairly high entropy, as it is an unlikely combination. If you were raised
in a small rural area, there might not be all that many possible
answers to Carl's question.

>If you have four brothers and nobody whom the attacker could ask will
>know who is your favorite, but you think he could find out there names,
>then he has probably a 1/4 chance of guessing right.  (Actually he
>might do better by preferring older brothers rather than younger, etc.)

This is exactly the type of local social bias that I want to measure.
We would expect that an older brother could be a role model, etc. and thus
be more likely to be the "favorite"

How do I know when I've got Carl's 90 bits of entropy?

Pat

Pat Farrell    CyberCash, Inc. 			(703) 715-7834
pfarrell at cybercash.com
#include standard.disclaimer





From unicorn at schloss.li  Sat Nov 23 14:55:59 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 23 Nov 1996 14:55:59 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611232033.MAA01386@slack.lne.com>
Message-ID: <Pine.SUN.3.94.961123175345.20738B-100000@polaris>


On Sat, 23 Nov 1996, Eric Murray wrote:

> John Anonymous MacDonald writes:
> > 
> > 
> > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> > 
> > No?  Please prove your assertion.
> 
> You can't prove a negative.  The best IPG could say is that
> it can't be broken with current technology.
> Next week someone might come up with a new way
> to break ciphers that renders the IPG algorithim breakable.

Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From nobody at cypherpunks.ca  Sat Nov 23 16:35:16 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sat, 23 Nov 1996 16:35:16 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <199611240021.QAA16004@abraham.cs.berkeley.edu>



At 12:33 PM 11/23/1996, Eric Murray wrote:
>John Anonymous MacDonald writes:
>> 
>> 
>> At 8:09 AM 11/23/1996, Eric Murray wrote:
>> >No, you can't.  It's impossible to prove an algorithim unbreakable.
>> 
>> No?  Please prove your assertion.
>
>You can't prove a negative.

If it can't be proven, why do you believe it is true?

The good news is that you can prove a negative.  For example, it has
been proven that there is no algorithm which can tell in all cases
whether an algorithm will stop.

>The best IPG could say is that
>it can't be broken with current technology.
>Next week someone might come up with a new way
>to break ciphers that renders the IPG algorithim breakable.

The best they can say is what they did say: they have a proof that
their system is unbreakable.  What you question, quite reasonably,
is whether they have such a proof.

>You point could have been that the same problem exists
>for proofs- that next week someone could come up
>with a way to prove, for all time, that an algorithim
>really IS unbreakable.  So, to cover that posibility
>I should have said "it's currently impossible to
>prove an algorithim unbreakable". :-)

Or, more accurately, nobody credible has seen such a proof.  But, a
clever person might invent one.

IPG is eager to demonstrate their proof.  They should hire a professional
skilled in the art to evaluate their proof and publicly announce the
results.  This costs less than $5000 and would be, presumably, a small part
of their profits should they have invented such an algorithm.

diGriz







From ichudov at algebra.com  Sat Nov 23 17:02:22 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 23 Nov 1996 17:02:22 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.SUN.3.94.961123175345.20738B-100000@polaris>
Message-ID: <199611240059.SAA16286@manifold.algebra.com>


Black Unicorn wrote:
> On Sat, 23 Nov 1996, Eric Murray wrote:
> > John Anonymous MacDonald writes:
> > > 
> > > 
> > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> > > 
> > > No?  Please prove your assertion.
> > 
> > You can't prove a negative.  The best IPG could say is that
> > it can't be broken with current technology.
> > Next week someone might come up with a new way
> > to break ciphers that renders the IPG algorithim breakable.
> 
> Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.

As a crypto amateur, I would appreciate a good technical explanation as
to why IPG's algorithm cannot be considered secure.

Thank you.

	- Igor.





From frantz at netcom.com  Sat Nov 23 18:42:02 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sat, 23 Nov 1996 18:42:02 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <199611240241.SAA29110@netcom6.netcom.com>


At  4:21 PM 11/23/96 -0800, John Anonymous MacDonald wrote:
>At 12:33 PM 11/23/1996, Eric Murray wrote:
>>You point could have been that the same problem exists
>>for proofs- that next week someone could come up
>>with a way to prove, for all time, that an algorithim
>>really IS unbreakable.  So, to cover that posibility
>>I should have said "it's currently impossible to
>>prove an algorithim unbreakable". :-)
>
>Or, more accurately, nobody credible has seen such a proof.  But, a
>clever person might invent one.

I thought Shannon proved one-time-pads to be unbreakable using information
theory.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From deviant at pooh-corner.com  Sat Nov 23 18:58:12 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sat, 23 Nov 1996 18:58:12 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611240021.QAA16004@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.94.961124024959.14102A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:

> 
> At 12:33 PM 11/23/1996, Eric Murray wrote:
> >John Anonymous MacDonald writes:
> >> 
> >> 
> >> At 8:09 AM 11/23/1996, Eric Murray wrote:
> >> >No, you can't.  It's impossible to prove an algorithim unbreakable.
> >> 
> >> No?  Please prove your assertion.
> >
> >You can't prove a negative.
> 
> If it can't be proven, why do you believe it is true?
> 
> The good news is that you can prove a negative.  For example, it has
> been proven that there is no algorithm which can tell in all cases
> whether an algorithm will stop.

No, he was right.  They can't prove that their system is unbreakable.
They _might_ be able to prove that their system hasn't been broken, and
they _might_ be able to prove that it is _unlikely_ that it will be, but
they *CAN NOT* prove that it is unbreakable.  This is the nature of
cryptosystems.

> >The best IPG could say is that
> >it can't be broken with current technology.
> >Next week someone might come up with a new way
> >to break ciphers that renders the IPG algorithim breakable.
> 
> The best they can say is what they did say: they have a proof that
> their system is unbreakable.  What you question, quite reasonably,
> is whether they have such a proof.

It is impossible to prove such a thing.  It's like saying you have proof
that you have the last car of a certain model ever to be built.  Anybody
could come along and build another, and then you don't have the last one.

> 
> >You point could have been that the same problem exists
> >for proofs- that next week someone could come up
> >with a way to prove, for all time, that an algorithim
> >really IS unbreakable.  So, to cover that posibility
> >I should have said "it's currently impossible to
> >prove an algorithim unbreakable". :-)
> 
> Or, more accurately, nobody credible has seen such a proof.  But, a
> clever person might invent one.

There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
be proven.  It never has been proven, and it never will be proven.  People
have new ideas, new algorithms are invented.  Someday, somebody will crack
_all_ the cryptosystems that have now been invented.

> 
> IPG is eager to demonstrate their proof.  They should hire a professional
> skilled in the art to evaluate their proof and publicly announce the
> results.  This costs less than $5000 and would be, presumably, a small part
> of their profits should they have invented such an algorithm.
> 

Or, better yet, release this "proof", so that we may punch holes in its
flawed logic.

> diGriz

Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"By golly, I'm beginning to think Linux really *is* the best thing since
liced bread."
		-- Vance Petree, Virginia Power


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpe5eDCdEh3oIPAVAQF62Qf9HCtS2Ik6pZPgonn+TKPC0tEZeNL30Z7B
zgvE+SL1/RcEcqNnpWZ94pNTVSfPyLJCEksuI1ZB+UzGN4Y8nh3rckUUHtNzNazb
MwXbf5N5+TpYjwNAGJ4GkqoiaMr0RVaoAUWNRiGWuXZDt3wUe8La4amSu45W9qTE
QpDZiwENyKI1BLOkWlMlhO0AFAY6C1C1+QGDMPCX+smbbg81/5qP/6F05F3ALhq9
KVPGw7nJ8ejmqDogLvhUHEVl+JjdpB/zVhlwSgfatRl+ziZzNoIpC0T3Ru5IfD1T
WT9AAKNzqZCBNSeBQCI68B0LEvMta9B0EuzwPq9FnOWXjCaC3G1ymw==
=k1Cr
-----END PGP SIGNATURE-----






From markm at voicenet.com  Sat Nov 23 19:21:52 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 23 Nov 1996 19:21:52 -0800 (PST)
Subject: Announce PGP263UI (long message)
In-Reply-To: <1.5.4.16.19961123194402.1cafcf4c@mail.globalnet.co.uk>
Message-ID: <Pine.LNX.3.95.961123215230.4222A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, Steve Crompton wrote:

> Users inside the USA may not legally use 2.63ui, because the RSA
> patent is in effect there. USA residents are advised to obtain one
> of the MIT versions which have a license for non-commercial use of
> RSA.
> 
> However, I note in passing that by using the armor_version parameter
> in CONFIG.TXT, that armored output from PGP 2.63ui can be made
> difficult or impossible to distinguish from other versions.
> 
> Note that I personally have not done very much of the actual coding on
> this version.  However if bugs are reported or constructive
> suggestions for improvements made I will pass them on to the
> individual(s) who have done the bulk of the work to make this release
> possible.  I am assured that continuing support will be provided.

I found two bugs so far:

This version doesn't recognize either .pgprc or pgp.ini as valid config file
names.  It is very minor, but this functionality is stated in the manual.

One of my favorite options, +makerandom, isn't supported in this version.
This is an undocumented option, but it is useful in many situations.

This version uses +version_byte instead of +Legal_Kludge, but I consider that
a feature.  I haven't had time to experiment with the "Charset:" header.  One
other minor problem is that ClearSig doesn't default to "on".  This could
cause some frustration with new users.

Other then that, it's just fine.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpe/jCzIPc7jvyFpAQGLjwf+JLhVoLMTTH83r6haY/Wz8eCxYyHO4CQv
oluByXrCkGX2MDVKRnmntrChx7yrcN2ZAkb0qSVdFNcrZNvAFlck51t8uuEJQDWi
yAzTuNMJYX2nNz/DZkiuKzVXl+Hh2Xb73MeCoi5lUKI3I8K3VveYA+LG/p9WRCRW
XbDjK/tp8CVAwCKe9wvtcldtevo9S/hYpYOTx7pnrZWF3kSatMYY5A14Jfmcn3F/
TRK0TLoTHFSdrPK1dvnJNu9LO4lVIWp6u9fPu+n/MdYC0eXTQIeOHB1lrjNjYcdt
+rPfcMLS53Imhd/ptHUbNnjaBDZbcG2HDK2799WyP6TZSuf1STmw0A==
=cw2/
-----END PGP SIGNATURE-----






From jya at pipeline.com  Sat Nov 23 19:22:00 1996
From: jya at pipeline.com (John Young)
Date: Sat, 23 Nov 1996 19:22:00 -0800 (PST)
Subject: Security of E-Money
Message-ID: <1.5.4.32.19961124031949.006f6d04@pop.pipeline.com>


The Bank for International Settlements (BIS) published in
August, 1996, "Security of Electronic Money," a long, 
detailed study. Compare this architecture to Anderson/Kuhn's 
and Biham/Shamir's recent demolition.

The orginal is available at:

     http://www.bis.org/publ/cpss18.pdf

Better, Ian Grigg has HTML-ed it at:

      http://www.systemics.com/docs/papers/BIS_smart_security.html







From frissell at panix.com  Sat Nov 23 19:35:40 1996
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 23 Nov 1996 19:35:40 -0800 (PST)
Subject: Mass-market crypto phones
Message-ID: <3.0b36.32.19961123223606.00c3a704@panix.com>


At 09:41 PM 11/22/96 -0800, Declan McCullagh wrote:
>PS: Over margaritas and enchiladas tonight, I was talking with one of the
>crypto-ITAR enforcers from State. I mentioned that I'd be going out of the
>country soon and taking my PowerBook laptop. Quite sincerely, he urged me
>to keep a record of when I left and when I returned for five years. You
>see, I have domestic Netscape Navigator on it. Wacky stuff. 

Comments like that by Feds are meaningless absent the busts of a few
"laptop smugglers."  If they have never busted anyone, it's a dead letter
(all the more so since they legalized casual carry with record keeping).

DCF  





From dthorn at gte.net  Sat Nov 23 19:37:15 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 23 Nov 1996 19:37:15 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <9611231809.AA03975@cti02.citenet.net>
Message-ID: <3297BAFE.1460@gte.net>


Jean-Francois Avon wrote:
> On 21 Nov 96 at 18:35, Dave Hayes wrote:
> > However, I would question the implication that "socialists" are
> > responsible for the higher tax rates you currently experience.
> > For example, I could make a strong case that you really have some
> > clever "capitalists" who have learned how to express their
> > "capitalism" quite effectively across the space of all people in a
> > "country".

[snippo]

Willis Carto, a man who is more discredited in the U.S. than most (he
is alleged to be extremely anti-Semitic, although Mark Lane says not so),
says that "Capitalism is generally just as much an enemy of Free Enterprise
as is Socialism" (quote approximate), since both promote monopolies.

I think you all know of the potential dangers of Populism (Carto's
preference), so perhaps the "Devil is in the details", as they say...






From dthorn at gte.net  Sat Nov 23 19:53:07 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 23 Nov 1996 19:53:07 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611240059.SAA16286@manifold.algebra.com>
Message-ID: <3297C65F.4F7@gte.net>


Igor Chudov @ home wrote:
> Black Unicorn wrote:
> > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > John Anonymous MacDonald writes:
> > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.

> > > > No?  Please prove your assertion.

> > > You can't prove a negative.  The best IPG could say is that
> > > it can't be broken with current technology.
> > > Next week someone might come up with a new way
> > > to break ciphers that renders the IPG algorithim breakable.

> > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.

If you want to do that, why not do so as a response to Don's FAQ?

> As a crypto amateur, I would appreciate a good technical explanation as
> to why IPG's algorithm cannot be considered secure.

Is the concept here that:  Whereas conventional crypto generates/hashes
a *key* with which to encode the text, IPG generates a *pad* from a key,
more or less the length of the text, with which to encode the text??

It seems to me they're putting an additional layer of stuff ("OTP") between
the key generation and the actual encoding, so what's the problem with that,
as a concept?






From grafolog at netcom.com  Sat Nov 23 22:15:57 1996
From: grafolog at netcom.com (jonathon)
Date: Sat, 23 Nov 1996 22:15:57 -0800 (PST)
Subject: (fwd) HOLLAND URGENT! HELP NEEDED! (fwd)
In-Reply-To: <Pine.GSO.3.95.961123121025.29417B-100000@use.usit.net>
Message-ID: <Pine.SUN.3.95.961124061049.24094K-100000@netcom3>


On Sat, 23 Nov 1996, Brad Dolan wrote:

> ---------- Forwarded message ----------
> #From: "Hillel Barak" <freedom at netvision.net.il>

> the country, although they cannot go back anywhere. It concerns refugees
> who are excluded by the "Oslo Agreements", who fled or were expelled from
> the countries where they resided and who do not have a nationality or any

	So they need papers.
	How about a World Service Authority Passport, and ID Document.

	Then let the various countries decide how to ship them to 
	the next country --- whether it be The Netherlands, or Libya,
	or Canada.  

> European instances that those Palestinians who have been expelled from
> the Arab countries where they once resided have legally nowhere to go

	Now why does this part sound like _The Man Without A Country?_

        xan

        jonathon


		Ban Dihydrogen Monoxide Now.






From eli+ at gs160.sp.cs.cmu.edu  Sat Nov 23 22:26:07 1996
From: eli+ at gs160.sp.cs.cmu.edu (eli+ at gs160.sp.cs.cmu.edu)
Date: Sat, 23 Nov 1996 22:26:07 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <+cmu.andrew.internet.cypherpunks+QmZwXG:00UfAQ10EcF@andrew.cmu.edu>
Message-ID: <199611240626.WAA28924@toad.com>


Dale Thorn writes:
>Is the concept here that:  Whereas conventional crypto generates/hashes
>a *key* with which to encode the text, IPG generates a *pad* from a key,
>more or less the length of the text, with which to encode the text??

A cryptosystem is given a key by the user.  A block cipher uses it to
encrypt chunks of plaintext, perhaps 8 bytes long.  (This is an
oversimplification.)  A stream cipher uses it to generate a pseudorandom
sequence that is combined with the plaintext.  IPG's product is a stream
cipher.

>It seems to me they're putting an additional layer of stuff ("OTP") between
>the key generation and the actual encoding, so what's the problem with that,
>as a concept?

The first problem is the name "OTP".  A one-time pad is a well-defined
thing, and this isn't it; they'd like to be associated with the term
because the one-time pad is in fact provably secure.

So they have a stream cipher.  Is it a good stream cipher?  Well, nobody
knows, because no cryptanalysts have taken the time to attack it.  There
aren't all that many who publish in the open literature, and there are
thousands of amateur proprietary schemes out there -- who has the time?
If it were designed by someone known to be competent (RC4), or if it
were widely used (pkzip), somebody might think it worth looking at.

If you're not a cryptanalyst yourself (and I'm not, but at least I know
it!), all you have to go on is the history of similar schemes.  This is
not encouraging; there are outfits which for a moderate fee will crack
the proprietary encryption offered by dozens of popular products.  IPG's
history is even less encouraging

Maybe this one's different from all of those.  How valuable a secret
would you like to wager on that?  If IPG wants credibility, they should
retain a respected cryptographer, or several, to attack their scheme.

(Or just publish Don's proof of unbreakability.  Since the scheme is
provably _not_ information-theoretically secure, this must be a proof of
computational security, presumably a superpolynomial lower bound.  And
as the scheme is trivially breakable in NP time, Mr. Wood is sitting on
a _major_ result, a resolution to the central problem in computational
complexity theory: a proof that P != NP.  Do publish, sir.)

-- 
   Eli Brandt
   eli+ at cs.cmu.edu





From snow at smoke.suba.com  Sun Nov 24 00:01:44 1996
From: snow at smoke.suba.com (snow)
Date: Sun, 24 Nov 1996 00:01:44 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611240059.SAA16286@manifold.algebra.com>
Message-ID: <199611240818.CAA03694@smoke.suba.com>


Igor:
> > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> 
> As a crypto amateur, I would appreciate a good technical explanation as
> to why IPG's algorithm cannot be considered secure.

     I am sure that someone will correct me if I am wrong, but:

     The algorythm cannot be considered secure until it has been 
peer-reviewed. They refuse to release the algorythm for review, simply saying
that "you can't break the code" therefore "it is secure". I personally have 
a hard time with the cryptograms in the sunday newspaper, never mind something
that would take a real cryptographer longer than a cup of coffee to figure
out.

     Am I close here?    


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From snow at smoke.suba.com  Sun Nov 24 00:02:37 1996
From: snow at smoke.suba.com (snow)
Date: Sun, 24 Nov 1996 00:02:37 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124024959.14102A-100000@random.sp.org>
Message-ID: <199611240820.CAA03712@smoke.suba.com>


> On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > diGriz
> 
> Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

     The Stainless Steel Rat. Harry Harrison.

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com






From dlv at bwalk.dm.com  Sun Nov 24 00:30:57 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 00:30:57 -0800 (PST)
Subject: The public sees no need for crypto at this time
In-Reply-To: <199611222009.MAA17707@netcom6.netcom.com>
Message-ID: <07ZVXD7w165w@bwalk.dm.com>


frantz at netcom.com (Bill Frantz) writes:

> At 10:25 AM 11/21/96 -0800, Timothy C. May wrote:
> >I believe that at this time the differential market value to customers of
> >having strong crypto in telephones is near-zero, and in cell-phones is only
> >slightly greater. [reasoning deleted].
>
> I generally agree with Tim about consumers.  However, I remember working on
> a theater production where we were using Radio Shack 2-way headphones for
> communication.  One day while we were setting up, we were able to overhear
> a woman discussing (presumably with a girlfriend) her boyfriend and their
> sex life over a portable telephone.  You can bet that every available
> headset was in use and all other work stopped.

So - get a scanner (which may be illegal), put a horny kid to transcribe
whatever you hear, and post it to usenet via the anonymous remailers.

That'll catch the media's attention.

> Where I think there is a market and an awareness of a need is in the
> corporate world.  I recently saw a corporate security policy which
> specifically restricted discussing classified information on portable or
> cell phones.  If I were in France (to pick on just one guilty country), I
> would not want to discuss secrets involving competitive position vs. a
> French company on a landline connection.  The big driving force for
> companies is how much the facility costs.  (I recently heard a price of
> $700 for non-crypto phones.)  If the cost is low enough, company employees
> will have these boxes in their homes.
>
> The other big obstacle is standards.  As far as I can tell, every crypto
> phone has its own protocol.  If there were a standard set of protocols, it
> would greatly help the market, as it has for so many other products.  As a
> first step, I suggest that Eric Blossom and PGP Inc. work together to
> develop a mode where their products can communicate with each other.

I've been on the Internet for close to 15 years. I used to tell people how
wonderful it is and how they should use it at least for e-mail. And they'd
say to me, most of the people they want to talk to either don't use e-mail
or are on systems not connected to the Internet back then, like Compuserve.
And they were right at that time.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From nobody at cypherpunks.ca  Sun Nov 24 00:39:55 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 24 Nov 1996 00:39:55 -0800 (PST)
Subject: Does John Gilmore eat ass?
Message-ID: <199611240831.AAA23014@abraham.cs.berkeley.edu>


aga <aga at dhp.com> writes:

> The question is, does this John Gilmore really take it
> up the ass?  Whether or not he is a FAGGOT is a very relevant issue
> here, and it must not be overlooked.

The Evil Queen of Cypherpunks swings both ways.  John Gilmore also
eats Dorothy Denning's (clean-shaven) pussy.  He won't eat Esther
Dyson's pussy because it smells so bad.





From dlv at bwalk.dm.com  Sun Nov 24 00:40:09 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 00:40:09 -0800 (PST)
Subject: Recovery after flood
Message-ID: <T52VXD10w165w@bwalk.dm.com>


I'd appreciate a response from M.Aldrich and anyone else who's into disaster
recovery:

Someone I know had their (paper) files submerged in water. Now all the papers
(most of them xerocopies, some photographs) are stuck together. They are, of
course, confidential to some degree. Can someone refer us to someone in
the Boston area who could assist in recovering the files?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From unicorn at schloss.li  Sun Nov 24 01:02:42 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 24 Nov 1996 01:02:42 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611240626.WAA28924@toad.com>
Message-ID: <Pine.SUN.3.94.961124035914.20738L-100000@polaris>


On Sun, 24 Nov 1996 eli+ at gs160.sp.cs.cmu.edu wrote:

> Maybe this one's different from all of those.  How valuable a secret
> would you like to wager on that?  If IPG wants credibility, they should
> retain a respected cryptographer, or several, to attack their scheme.

"They" attempt this nearly daily by trying to taunt c'punks into
evaluating the product for free.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From rcgraves at ix.netcom.com  Sun Nov 24 01:05:26 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Sun, 24 Nov 1996 01:05:26 -0800 (PST)
Subject: The persistance of reputation
In-Reply-To: <v03007800aea91c1473f2@[206.119.69.46]>
Message-ID: <32980FEB.6026@ix.netcom.com>


Robert Hettinga wrote:
> 
> At 9:47 pm -0500 11/14/96, Rich Graves wrote:

[Lots deleted; I agree that I was unwittingly proving some of your 
points with some of mine, thanks for the lesson...]

> >Pseudonymity is only perfect where artificial boundaries such as 
> >respect for netiquette are erected. If someone really wanted to track 
> >you down, they could either find you, or "out" you as a pseudonym 
> >"afraid to use your own name." Both can be damaging (to your 
> >reputation or otherwise). In order to put your life on the line for 
> >something, you need a life story.
> 
> Okay. Then it should be trivial for you to tell me who "Pr0duct
> Cypher"(sp?) is...

Sure. I'll give you the answer in email; no need to bother the whole 
list.

But what kind of reputation does Pr0duct Cypher have, really? What has 
Pr0duct Cypher done or said that you cannot independently verify? In 
what sense do you "trust" Pr0duct Cypher? What you're trusting is 
source code, which is self-certifying. If Pr0duct Cypher tried to tell 
you about events in history or in a foreign country, or about technical 
subjects in which you had no personal competence, would you trust the 
information? Why should people who know nothing about crypto code trust 
Pr0duct Cypher's tools? (In reality the answer is: they don't. They buy 
from less technically adept companies that they can sue if things go 
wrong.)

Among specialists, collegial discussion works for establishing 
reputation. But where you need to put faith in someone or something that 
you cannot independently verify, real personal accountability is still 
useful. Why do you trust your doctor? Would you buy food or water (or a 
gun) from an anonymous source with no verifiable meatspace presence? 

-rich





From nobody at cypherpunks.ca  Sun Nov 24 01:05:56 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 24 Nov 1996 01:05:56 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <199611240904.BAA23488@abraham.cs.berkeley.edu>



At 6:56 PM 11/23/1996, The Deviant wrote:
>On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
>> The good news is that you can prove a negative.  For example, it has
>> been proven that there is no algorithm which can tell in all cases
>> whether an algorithm will stop.
>
>No, he was right.  They can't prove that their system is unbreakable.
>They _might_ be able to prove that their system hasn't been broken, and
>they _might_ be able to prove that it is _unlikely_ that it will be, but
>they *CAN NOT* prove that it is unbreakable.  This is the nature of
>cryptosystems.

Please prove your assertion.

If you can't prove this, and you can't find anybody else who has, why
should we believe it?

>> diGriz
>
>Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

Oops!

diGriz







From roy at sendai.scytale.com  Sun Nov 24 01:33:05 1996
From: roy at sendai.scytale.com (Roy M. Silvernail)
Date: Sun, 24 Nov 1996 01:33:05 -0800 (PST)
Subject: [NOISE] Re: Star Trek: First Contact
In-Reply-To: <v03007828aebcf00bd828@[206.119.69.46]>
Message-ID: <961124.010850.6B5.rnr.w165w@sendai.scytale.com>


-----BEGIN PGP SIGNED MESSAGE-----

[ I freely admit this is noise ]

In list.cypherpunks, rah at shipwright.com writes:

> At 3:57 am -0500 11/23/96, Bill Frantz wrote:
>>For the fans of E.E.(Doc) Smith, go see this movie.
>
> Lensmen of the world untie your bracelets! Free yourselves from your weevil
> capitalist masters!

C'mon, both of you... 'First Contact' falls _way_ short of Doc Smithean
proportions.  Although Data's charade did kinda remind me of the fourth
Skylark book, in terms of plot-device rescue of a failing direction.
(IMHO, Doc Smith is the master of the over-the-top school of sci-fi
plotting)

> Even Babylon 5, AKA "Science Fiction He Wrote", has a bigger clue.

B5 is my current favorite TV sci-fi, when I even turn the damned thing
on.
- -- 
           Roy M. Silvernail     [ ]      roy at scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint =  31 86 EC B9 DB 76 A7 54  13 0B 6A 6B CC 09 18 B6
                Key available from pubkey at scytale.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpf1iRvikii9febJAQEK4wP+MEQIK5EoFf5UC9MQrm5MEeBcB1dhLsbQ
aB2ZxZ0DzRQX8YqYpSCVlnvBc9XvtGTvHq+hK0t88HRLv0vFnD6By+cZaOlFmwMM
NTXXpQl+PbYL0mNEEIZe+4ZmOrjsZSzROpuXBAu2t7ijaSp+PzGKV8Boq6BWfw+M
hNdqkK5friw=
=vMae
-----END PGP SIGNATURE-----






From lucifer at dhp.com  Sun Nov 24 01:38:25 1996
From: lucifer at dhp.com (Anonymous)
Date: Sun, 24 Nov 1996 01:38:25 -0800 (PST)
Subject: Does John Gilmore eat ass?
Message-ID: <199611240938.EAA29906@dhp.com>


aga <aga at dhp.com> writes:

> The question is, does this John Gilmore really take it
> up the ass?  Whether or not he is a FAGGOT is a very relevant issue
> here, and it must not be overlooked.

The Evil Queen of Cypherpunks swings both ways.  John Gilmore also
eats Dorothy Denning's (clean-shaven) pussy.  He won't eat Esther
Dyson's pussy because it smells so bad.






From aga at dhp.com  Sun Nov 24 03:15:30 1996
From: aga at dhp.com (aga)
Date: Sun, 24 Nov 1996 03:15:30 -0800 (PST)
Subject: John Gilmore eats ass at the EFF
In-Reply-To: <199611240831.AAA23014@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.95.961124061012.30913B-100000@dhp.com>


On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:

> aga <aga at dhp.com> writes:
> 
> > The question is, does this John Gilmore really take it
> > up the ass?  Whether or not he is a FAGGOT is a very relevant issue
> > here, and it must not be overlooked.
> 
> The Evil Queen of Cypherpunks swings both ways.  John Gilmore also
> eats Dorothy Denning's (clean-shaven) pussy.  He won't eat Esther
> Dyson's pussy because it smells so bad.
> 

So now the truth comes out.

So this John Gilmore of the EFF is an AC/DC homosexual, huh?
They are the most dangerous kind.

And the EFF is the most dangerous kind of an organization;
one which alleges to be for freedom but is actually a censorous sham.








From deviant at pooh-corner.com  Sun Nov 24 06:19:09 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 24 Nov 1996 06:19:09 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611240241.SAA29110@netcom6.netcom.com>
Message-ID: <Pine.LNX.3.94.961124141239.15389B-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, Bill Frantz wrote:

> At  4:21 PM 11/23/96 -0800, John Anonymous MacDonald wrote:
> >At 12:33 PM 11/23/1996, Eric Murray wrote:
> >>You point could have been that the same problem exists
> >>for proofs- that next week someone could come up
> >>with a way to prove, for all time, that an algorithim
> >>really IS unbreakable.  So, to cover that posibility
> >>I should have said "it's currently impossible to
> >>prove an algorithim unbreakable". :-)
> >
> >Or, more accurately, nobody credible has seen such a proof.  But, a
> >clever person might invent one.
> 
> I thought Shannon proved one-time-pads to be unbreakable using information
> theory.

Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
no matter what key you use, it _will_ decrypt, so your plaintext is still
hidden simply because it could decrypt to whatever the person trying to
decrypt it wants it to.  Its not that its unbreakable, its that its
breakable in _so many ways_.  

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Do, or do not; there is no try.
		-- Yoda


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMphYvDCdEh3oIPAVAQGVWQf/UGedrHA9F0wqBBn0aUGNpP/0D2TOVTGm
JBKhsCHoACMhowkHGMSEumnWQZ8mJ1pUAht306p2smVd+XWqRia1c73fwES+a/9X
PEjaW3f6e8vsGnfQBlft0gEtaGzbwN9Dpbg01qxbpsLo9G0WqcrK8mHbOUISODjl
uyRbVZXvpdL88pNMDsoc/4p1MhTY+2eYZvp/CSfQZNjn+mSnD8MVO/EyFSfWj5t2
oEiO1R+h0xN6KHPwv8jDybuelbs8voCHEDY5rDFGB5VKsI+9nqStPwUVb39S0Vec
z5UPdrUUpfXP1aGxASYN9A88OLhzR00zCvtOPB/cp48FS6zC1PcH/A==
=7Ik9
-----END PGP SIGNATURE-----






From deviant at pooh-corner.com  Sun Nov 24 06:54:43 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 24 Nov 1996 06:54:43 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <3297C65F.4F7@gte.net>
Message-ID: <Pine.LNX.3.94.961124145135.15531A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, Dale Thorn wrote:

> Igor Chudov @ home wrote:
> > Black Unicorn wrote:
> > > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > > John Anonymous MacDonald writes:
> > > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> 
> > > > > No?  Please prove your assertion.
> 
> > > > You can't prove a negative.  The best IPG could say is that
> > > > it can't be broken with current technology.
> > > > Next week someone might come up with a new way
> > > > to break ciphers that renders the IPG algorithim breakable.
> 
> > > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> 
> If you want to do that, why not do so as a response to Don's FAQ?
> 
> > As a crypto amateur, I would appreciate a good technical explanation as
> > to why IPG's algorithm cannot be considered secure.
> 
> Is the concept here that:  Whereas conventional crypto generates/hashes
> a *key* with which to encode the text, IPG generates a *pad* from a key,
> more or less the length of the text, with which to encode the text??
> 
> It seems to me they're putting an additional layer of stuff ("OTP") between
> the key generation and the actual encoding, so what's the problem with that,
> as a concept?

a) what they're claiming is OTP isn't OTP.  They use algorithmicly
generated "random" numbers.  Random numbers can't be algorithmicly
generated.  If the numbers in "OTP" aren't random, it isn't OTP.  Its also
very vulnerable.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Traveling through hyperspace isn't like dusting crops, boy.
                -- Han Solo


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMphhTDCdEh3oIPAVAQHkUwf/TrWD92xbC+jE+FT4rZ0OFeNmhwqrd+wn
nQOuazsKxmeK9+Kcp8/RUX9gQB6zIDiweEJJYStZvN/U+PEWOxOlFbaoFyMw5iVv
t832kYmtuNS1mqOwN8FK1EJrV6m3dI+zLq1+svfjwkKOpmwhMJsOyYEkiR9zuH9a
68Bdlioksutw/GIfkfQ6NFIgGxhN5736Mg6On8rq8Y+pdgg6ce3vIsxYydj/bE8s
W2v//wNFSvLY0iOVK0weHX9rGL1W0ITH34gfiSct6cZZYLMdxynjLm+NmENontQo
mW9ry3h9t/H/IwadXLt3I3PjzY6pNiQYmMWXuNk5X43rjV2wPweCCQ==
=uZnB
-----END PGP SIGNATURE-----






From deviant at pooh-corner.com  Sun Nov 24 07:12:07 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 24 Nov 1996 07:12:07 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611240904.BAA23488@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.94.961124150747.15531B-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:

> 
> At 6:56 PM 11/23/1996, The Deviant wrote:
> >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> >> The good news is that you can prove a negative.  For example, it has
> >> been proven that there is no algorithm which can tell in all cases
> >> whether an algorithm will stop.
> >
> >No, he was right.  They can't prove that their system is unbreakable.
> >They _might_ be able to prove that their system hasn't been broken, and
> >they _might_ be able to prove that it is _unlikely_ that it will be, but
> >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> >cryptosystems.
> 
> Please prove your assertion.
> 
> If you can't prove this, and you can't find anybody else who has, why
> should we believe it?

Prove it?  Thats like saying "prove that the sun is bright on a sunny
day".  Its completely obvious.  If somebody has a new idea on how to
attack their algorithm, it might work.  Then the system will have been
broken.  You never know when somebody will come up with a new idea, so the
best you can truthfully say is "it hasn't been broken *YET*".  As I
remember, this was mentioned in more than one respected crypto book,
including "Applied Cryptography" (Schneier).

> diGriz

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"All in all is all we are."
		-- Kurt Cobain


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMphlZjCdEh3oIPAVAQF6xQf+Is1KFSNZQexVQeCP6eDywN8Zv4iuUVX4
xmzzwNrziDO5rKZk1o6ol4G7oEk4EBi9OQOSC9ph12USjMYNLuqZGKcTSRlhgnb7
Jd9llDxpGlITI8omeYVGxlClUgwNYdudKVTCcpsElF4bR2uY066J9uyWeJIUhL13
F7cc+SD6iBtYOaGudAMheEaW+wzM4kcgSiNFWO6rDkU3LKNlqg2LEcjeZGIW8QQh
nxD06NKm807Cue/EiPYxwJmoQHFlZ5VjCkONj8GCgayBLUkJXIK6JIexQg9BS/Bx
RlV38j0OcCbtyzm4xcF+jEcNO6+7rrUC6TSW07k5jyjZXik/K6lZ/Q==
=M1Yr
-----END PGP SIGNATURE-----






From avint at netvision.net.il  Sun Nov 24 07:47:52 1996
From: avint at netvision.net.il (test)
Date: Sun, 24 Nov 1996 07:47:52 -0800 (PST)
Subject: Does John Gilmore eat ass?
Message-ID: <199611241547.RAA00518@mail.netvision.net.il>


unsuscribe
:-)

----------
> From: John Anonymous MacDonald <nobody at cypherpunks.ca>
> To: cypherpunks at toad.com; freedom-knights at jetcafe.org;
denning at cs.georgetown.edu; edyson at edventure.com
> Subject: Re: Does John Gilmore eat ass?
> Date: Sunday, November 24, 1996 10:31 AM
> 
> aga <aga at dhp.com> writes:
> 
> > The question is, does this John Gilmore really take it
> > up the ass?  Whether or not he is a FAGGOT is a very relevant issue
> > here, and it must not be overlooked.
> 
> The Evil Queen of Cypherpunks swings both ways.  John Gilmore also
> eats Dorothy Denning's (clean-shaven) pussy.  He won't eat Esther
> Dyson's pussy because it smells so bad.





From beta at eb.com  Sun Nov 24 07:51:29 1996
From: beta at eb.com (Beta Test)
Date: Sun, 24 Nov 1996 07:51:29 -0800 (PST)
Subject: Britannica Online Subscription Offer
Message-ID: <9611241550.AA27780@eb.com>



Dear Pathfinder Free Trial Participant,

Thank you for participating in this special free trial subscription
offer of Britannica Online exclusively for Time Warner's Pathfinder
users. This free trial will be ending soon, and I would like to
extend you a special discount to encourage you to become a
Britannica Online subscriber. I hope you have had ample opportunity
to sample all Britannica has to offer, and if you haven't used our
service recently, I encourage you to take these *final weeks* to
experience the only information resource offering this degree of
depth, breadth, and interactivity.  

	As a Pathfinder reader you know that NASA recently sent a
Mars probe to begin a 10-month interplanetary voyage.  Read our
"Mars" article to find out what scientists have already discovered
about the Red Planet, then follow an Internet link to the Los
Alamos National Laboratory to view craters on Mars.

	Are you interested in health and nutrition?  Review the
extensive "Nutrition" article in Britannica Online, and look for
the nutrient content in what you had for breakfast.

	Planning a trip over the holidays?  Visit our "Nations of
the World" feature to review the history, map, flag, and national
statistics of the country you're considering before you finalize
those travel plans.  

So whether you're interested in learning more about Mars, troubles
in Iraq, or the latest hurricane, Britannica Online is regularly
updated to give you access to articles on people, places, and
events around the world.  It includes the text of the entire
32-volume Encyclopaedia Britannica, plus more than 2100 articles
not available anywhere else.  Articles are written by notable
scholars in their fields of expertise, including more Nobel Prize
winners than any other encyclopedia.

For about 50 cents a day you'll have access to the only reference
source that combines the information power of the world's premier
encyclopedia with thousands of direct links to related
information.  

To sign-up for Britannica Online --
* Access the registration form at http://www.eb.com:195/bol/ by
  selecting either the monthly or annual subscription option
* Enter PTF149A in the promotion code box for an annual
  subscription of $149 (our normal $25 registration fee will be
  waived for you as a Pathfinder user)
  Enter PTF149M in the promotion code box for a monthly
  subscription of $14.95
* Review to make sure information is complete and accurate, then
  submit

Every day you and your family can learn something new about the
events that are making history now. Your free trial will end in
two weeks, so please don't let this opportunity pass you by. 
I'm positive you'll discover that finding quality information
has never been easier.  

Sincerely,
Lisa Girolimetti
Marketing Manager, Online Products
Encyclopaedia Britannica, Inc.






From unicorn at schloss.li  Sun Nov 24 08:22:30 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 24 Nov 1996 08:22:30 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611240820.CAA03712@smoke.suba.com>
Message-ID: <Pine.SUN.3.94.961124112020.1802A-100000@polaris>



> > On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > > diGriz
> > 
> > Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

Actually, rather clever if you're trying to estlablish reputation.  Just
make sure you use the right key.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Sun Nov 24 08:41:55 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 24 Nov 1996 08:41:55 -0800 (PST)
Subject: Recovery after flood
In-Reply-To: <T52VXD10w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961124113821.1802C-100000@polaris>


On Sun, 24 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Sun, 24 Nov 96 03:15:40 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv at bwalk.dm.com>
> To: cypherpunks at toad.com
> Subject: Recovery after flood
> 
> I'd appreciate a response from M.Aldrich and anyone else who's into disaster
> recovery:
> 
> Someone I know had their (paper) files submerged in water. Now all the papers
> (most of them xerocopies, some photographs) are stuck together. They are, of
> course, confidential to some degree. Can someone refer us to someone in
> the Boston area who could assist in recovering the files?

Try the restoration departments of the suburb Boston Museums.
Expect to pay out the nose and rectum.

> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From abostick at netcom.com  Sun Nov 24 11:12:03 1996
From: abostick at netcom.com (Alan Bostick)
Date: Sun, 24 Nov 1996 11:12:03 -0800 (PST)
Subject: Alias list for killfiling Gr%b%r
In-Reply-To: <199611220304.VAA02832@manifold.algebra.com>
Message-ID: <o2fly8m9L8Ec085yn@netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

In article <199611220304.VAA02832 at manifold.algebra.com>,
ichudov at algebra.com (Igor Chudov @ home) wrote:

> Dr. John Martin Grubor is the most harmless and most entertaining 
> among all kooks.
> 
> His posting volume is a bit high, but other than that DrG never
> got anyone in trouble.

I dunno about "harmless".  Publishing lists of "known homosexuals"
can have repercussions that outweigh their entertainment value.

- -- 
Alan Bostick               | You know those chemicals women have in them,
                           | when they've got PMS? Well, men have those very
mailto:abostick at netcom.com | same chemicals in them *all the time*.
news:alt.grelb             |           Margaret Atwood, THE ROBBER BRIDE
http://www.alumni.caltech.edu/~abostick

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMpX+N+VevBgtmhnpAQFgpAL/YqC7+EpmfT83Zylt4YT5iROTSTqLnKWs
4L8X+WfM7yav2quuvS1UDusAJQsqeRKjkarAzz37ntU4QfslXGx8sFi+gZylhgdc
f0jGRNqlFPvTDUb/JQ86XNleukJTUx7n
=qBCN
-----END PGP SIGNATURE-----





From alan at ctrl-alt-del.com  Sun Nov 24 12:18:48 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Sun, 24 Nov 1996 12:18:48 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <3.0.32.19961124115028.00dc1358@mail.teleport.com>


At 04:00 AM 11/24/96 -0500, Black Unicorn wrote:
>On Sun, 24 Nov 1996 eli+ at gs160.sp.cs.cmu.edu wrote:
>
>> Maybe this one's different from all of those.  How valuable a secret
>> would you like to wager on that?  If IPG wants credibility, they should
>> retain a respected cryptographer, or several, to attack their scheme.
>
>"They" attempt this nearly daily by trying to taunt c'punks into
>evaluating the product for free.

Then someone should not do it for free.  They should do it as a "data
recovery tool", advertise widely, make a few bucks, and show what a piece
of crap the IPG snakeoil is in the first place.

Cracktools are starting to become a profitable business as more and more
snakeoil products appear on the market.  (Most are marketed to law
enforcement, but that will probibly change...)

There is a buck or two to be made here.

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan at ctrl-alt-del.com|





From alan at ctrl-alt-del.com  Sun Nov 24 12:18:49 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Sun, 24 Nov 1996 12:18:49 -0800 (PST)
Subject: Don Woods -- Crypto Creationist
Message-ID: <3.0.32.19961124114330.00dc0bec@mail.teleport.com>


At 02:18 AM 11/24/96 -0600, snow wrote:

>     The algorythm cannot be considered secure until it has been 
>peer-reviewed. They refuse to release the algorythm for review, simply saying
>that "you can't break the code" therefore "it is secure". 

Furthermore, in "Real Science", the burden of proof is on the one making
the claim, not on the one everyone else to disprove it.

So far Mr. Wood has not provided any *proof* as to the substance of his
claims.  He has provided some of the more interesting rants I have seen of
late.  (Analysis of his style of posting is probibly better left to the
Psychceramics list than Cypherpunks.)

Until he posts the algorythm (or at least some basis as to why we should
trust his claims), his claims are worthless.  (As they would say on
talk.origins: "Evidence is the coin of the realm here!".)

The reason that names like Shamir and Rivest and the host of others are
trusted is because their material has been reviewed by the rest of the
cryptographic community for errors.  They have a reputation in the
community.  Mr. Woods does not.  He has to earn it.  So far he has not done
so...

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan at ctrl-alt-del.com|





From alan at ctrl-alt-del.com  Sun Nov 24 12:20:29 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Sun, 24 Nov 1996 12:20:29 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <3.0.32.19961124120423.00dc1358@mail.teleport.com>


At 11:21 AM 11/24/96 -0500, Black Unicorn wrote:
>
>> > On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
>> > > diGriz
>> > 
>> > Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.
>
>Actually, rather clever if you're trying to estlablish reputation.  Just
>make sure you use the right key.

Reputation is not the only reason to use a "name" with an anon remailer.
Sometimes you want to post (and have a reputation) that is entirely
seperable from your "real life" persona.  Maybe you have a job where being
involved with "The Evil Cypherpunks(tm)" could result in hastles at work
(or even firing) if known.  (I recieved flack from one company I worked
with for posting here... Until they needed a remailer set up and someone to
explain how their software worked...  But that is another story.)

Cypherpunks is gated to a number of Usenet News servers.  (Teleport is a
good example.)  It is also archived in a number of search engines.
(Altavista if I remember correctly, is one of them.)  Someone who does not
want their words to come back any byte them might just use such a method to
protect themselves.

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan at ctrl-alt-del.com|





From ben at gonzo.ben.algroup.co.uk  Sun Nov 24 13:40:23 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Sun, 24 Nov 1996 13:40:23 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124150747.15531B-100000@random.sp.org>
Message-ID: <9611242036.aa13728@gonzo.ben.algroup.co.uk>


The Deviant wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> 
> > 
> > At 6:56 PM 11/23/1996, The Deviant wrote:
> > >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > >> The good news is that you can prove a negative.  For example, it has
> > >> been proven that there is no algorithm which can tell in all cases
> > >> whether an algorithm will stop.
> > >
> > >No, he was right.  They can't prove that their system is unbreakable.
> > >They _might_ be able to prove that their system hasn't been broken, and
> > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > >cryptosystems.
> > 
> > Please prove your assertion.
> > 
> > If you can't prove this, and you can't find anybody else who has, why
> > should we believe it?
> 
> Prove it?  Thats like saying "prove that the sun is bright on a sunny
> day".  Its completely obvious.  If somebody has a new idea on how to
> attack their algorithm, it might work.  Then the system will have been
> broken.  You never know when somebody will come up with a new idea, so the
> best you can truthfully say is "it hasn't been broken *YET*".  As I
> remember, this was mentioned in more than one respected crypto book,
> including "Applied Cryptography" (Schneier).

It seems appropriate to quote Schneier on the subject:

"Those who claim to have an unbreakable cipher simply because they can't break
it are either geniuses or fools. Unfortunately, there are more of the latter in
the world."

And...

"Believe it or not, there is a perfect encryption system. It's called a
one-time pad..."

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From cypherpunks at count04.mry.scruznet.com  Sun Nov 24 13:45:09 1996
From: cypherpunks at count04.mry.scruznet.com (cypherpunks at count04.mry.scruznet.com)
Date: Sun, 24 Nov 1996 13:45:09 -0800 (PST)
Subject: Recovery after flood
In-Reply-To: <Pine.SUN.3.94.961124113821.1802C-100000@polaris>
Message-ID: <199611242147.NAA02431@count04.pleiku.com>



Hi Dimitri,
     depends on whether the binder in the glue is sticking or just
plain simply mud, if the documents are NOT fragile antiquities and
instead are modern photocopy paper and modern photographic papers
experiment in a very small area of the doc with freon tape cleaner
(it evaporates very rapidly) to try and free the areas of stickage
try other solvents also(this is how I cleaned a stack of crypto proceedings
that had been cat peed and stuck together), hope its going better for you..

   cheers
   kelly





From unicorn at schloss.li  Sun Nov 24 13:53:55 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 24 Nov 1996 13:53:55 -0800 (PST)
Subject: [Noise] Re: Thanks/was:This is your last warning
In-Reply-To: <Pine.LNX.3.95.961124121241.5205A-100000@dhp.com>
Message-ID: <Pine.SUN.3.94.961124162856.5157A-100000@polaris>


On Sun, 24 Nov 1996, aga wrote:

> > > Not really, I had an I.Q. of 149, and a perfect 4.00 from
> > > two different colleges, before I did my Doctorate in Law.
> > 
> > 149 puts you at the low end of the scale, or used to, around here.
> > 
> 
> True, they say genius only starts at 150; but I think I have
> improved since then.

This betrays your ignorance.  I.Q. is scaled according to age.  One does
not "improve."

> > The fact (if true) that you bothered to get a Doctorate in Law, rather
> > than a Juris Doctor, tends to disprove the above however.
> > 
> 
> Look dude, a Juris Doctor IS a Doctorate of Law.

Incorrect.

One can obtain a Doctorate in Law, (As in Dr.) but it is generally a
pointless endeavor except in some civil law jurisdictions.  (Liechtenstein
is a good example, where many attornies have a Dr.Iur. (Dr.) while others
merely have a Lic.Iur. (J.D.) ).

A J.D. requires no dissertation.
A Doctorate in Law does.

I submit you know too little about any of these to have attained either
one.

> Do not confuse it with a L.L.D. which is a "Doctorate
> of Legal Letters"  A J.D. is the only current valid
> Doctorate that you can do in plain "Law."

Incorrect.

A J.D. is not a true Doctorate, and even if it were, it would not be the
only current valid "Doctorate" that you can "do" in "plain Law."

Georgetown, as an example, offers a Doctorate in Law degree which requires
a J.D., an LL.M. and three years of legal teaching experience simply to
qualify for the program.

A Doctor of Judicial Science program is also available with many of the
same requirements.

Both programs require a dissertation and a defense of same.

San Marcos University is also known for an exceptional Doctor of Laws
program.

Incidently, LL.D.s are rare and generally useful only in European circles.

As usual, you have overextended your bounds and now find yourself swimming
in water over your head.

> > > 
> > > > Go to law school.  In the meantime, shut up.
> > > > 
> > > 
> > > Go and eat your swiss cheese, as that is apparently all you
> > > are good for.  My mercenaries are too busy to go to europe
> > > right now.
> > 
> > I prefer Chedder.
> > 
> > Be careful who you threaten.  It might get you in trouble.
> > 
> 
> Threatening to wipe out your location on the InterNet is
> not against ANY law whatsoever, and I can mailbomb you, do
> a DOS attack, fork-bomb attack and virus attack against you,
> all of which are perfectly legal.

Actually, they are not.  Unauthorized access of a computer system is a
crime.  Anyone who had a "doctorate" in law would know this.

I doubt your reference to mercenaries was merely a threat to my system,
but keep pushing if you like.

> > > Look asshole, I graduated from Law School with a Doctorate
> > > in 1975.  Now just go away and stop interfering with our
> > > American Net.

Which law school?  And did you do a dissertation?  What is its title?  Do
you practice?  What state are you licensed in?

> Face the real fact of life though dude.  There is absolutely NO LAW
> which prevents me from attacking and/or eliminating any address
> outside of the USA, that is, even if there were any law which would
> prevent me from doing the same thing to any non-government
> computer right here, which there is not.

Ok, do it.  We'll see.

> Your only protection on this Internet is to have a dozen different
> addresses to access from.  I can put a dozen computers up on
> a dozen different T1's right now, if need be.

I suggest a hobby which entails more physical activity.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Sun Nov 24 13:57:14 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 24 Nov 1996 13:57:14 -0800 (PST)
Subject: Recovery after flood
In-Reply-To: <Pine.SUN.3.94.961124113821.1802C-100000@polaris>
Message-ID: <Pine.SUN.3.94.961124165542.5157B-100000@polaris>


On Sun, 24 Nov 1996, Black Unicorn wrote:

> > Someone I know had their (paper) files submerged in water. Now all the papers
> > (most of them xerocopies, some photographs) are stuck together. They are, of
> > course, confidential to some degree. Can someone refer us to someone in
> > the Boston area who could assist in recovering the files?
> 
> Try the restoration departments of the suburb Boston Museums.
                                         ^^^^^^ suPurb
> Expect to pay out the nose and rectum.
> 
> > 
> > ---
> > 
> > Dr.Dimitri Vulis KOTM
> > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> > 
> 
> --
> Forward complaints to : European Association of Envelope Manufactures
> Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
> Vote Monarchist         Switzerland
> 
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From sven at loop.com  Sun Nov 24 14:32:45 1996
From: sven at loop.com (Sven)
Date: Sun, 24 Nov 1996 14:32:45 -0800 (PST)
Subject: GELP/was:Word List
Message-ID: <2.2.32.19961124223123.009dd8b0@pop.loop.com>



>That should be a "what" is GELP.

It's a type of sea weed.

GOAT
|__
   |--> SVEN: a.k.a. Chris Blanc
        Internet consulting/Web design
		
		[ http://www.loop.com/~sven/ ]

Some only sample the dark wine of life's blood...






From deviant at pooh-corner.com  Sun Nov 24 14:35:57 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 24 Nov 1996 14:35:57 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <9611242036.aa13728@gonzo.ben.algroup.co.uk>
Message-ID: <Pine.LNX.3.94.961124223038.17852A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 24 Nov 1996, Ben Laurie wrote:

> It seems appropriate to quote Schneier on the subject:
> 
> "Those who claim to have an unbreakable cipher simply because they can't break
> it are either geniuses or fools. Unfortunately, there are more of the latter in
> the world."
> 

Thanks (I still can't afford a cp to quote from)

> And...
> 
> "Believe it or not, there is a perfect encryption system. It's called a
> one-time pad..."
> 

Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
you never know which break was the correct one ;)

> Cheers,
> 
> Ben.
> 

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

The only constant is change.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpjM7TCdEh3oIPAVAQGGEgf+Od+v0JWudWMXE2aOTjc4boMaexa7cMwx
D1fpO/s07jmMmhtT/gK0f1vw1+hxD3tAvhZniFYaGjmCiWFJK3l/kM/K6a8JPnev
6GhHLxGue9YDJm2uRtWjWMne179OxmWkv7kywM5L3f7/llQ83Q8AegG89s+BKgvb
Hf5/kvI4aTO7eJ1XRzbN6SUfWJm69raQcHPWVP626yZ8MSFBcCx+Cc5E3heFYePf
dxps/e5inAvqPlbY1EtkLfdvMk+FAJBzoUURvKYxLsf2vvVQ9CuPqfP4oRfjRCsv
f+3EMVNCWJ3lPUOEGU05T5yDPema8sX9gnrpDOf1y9+8v5jcphOMqg==
=kqPj
-----END PGP SIGNATURE-----






From ben at gonzo.ben.algroup.co.uk  Sun Nov 24 14:53:54 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Sun, 24 Nov 1996 14:53:54 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124223038.17852A-100000@random.sp.org>
Message-ID: <9611242151.aa13916@gonzo.ben.algroup.co.uk>


The Deviant wrote:
> On Sun, 24 Nov 1996, Ben Laurie wrote:
> > And...
> > 
> > "Believe it or not, there is a perfect encryption system. It's called a
> > one-time pad..."
> > 
> 
> Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
> you never know which break was the correct one ;)

Note that Schneier says "perfect", not "unbreakable".

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From lharrison at mhv.net  Sun Nov 24 15:17:53 1996
From: lharrison at mhv.net (Lynne L. Harrison)
Date: Sun, 24 Nov 1996 15:17:53 -0800 (PST)
Subject: Photobuster to beat radar...
Message-ID: <9611242318.AA23328@super.mhv.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks at toad.com
Date: Sun Nov 24 18:19:39 1996

At URL: http://www.havenofhope.org/photobuster/photob2.html

Photobuster is a spin off from a specialty electronics company (Grand 
Systems) who saw the need for a system to foil the photo radar picture. We 
realize that people like your selves don't usually speed on purpose and 
can't afford to pay hundreds of semolies just because you look away from the 
speedometer from time to time.
Our easily installed electronic Photobuster unit is a an electronically 
triggered device that mounts in the rear window with a satellite unit that 
mounts at the license plate.  It watches the right side of the road for a 
photo radar setup. If you are driving at speeds in excess of the operators 
setting on the photo radar, it will attempt to photograph your car. When it 
does this the Photobuster senses the attempt and triggers a return response 
rendering the radar photo useless. It has an audible warning and a visual 
light to let you know each time you save 100 bucks. This unit only triggers 
if the photo radar attempts to photograph your car.
NOTE: Photobuster has nothing covering your plate as is with other filter, 
poleroid and lenticular optical devices. We are told it is not legal in most
areas, to install any kind of plastic cover over the plate, see through or 
not. 


************************************************************
Lynne L. Harrison, Esq.       |    "The key to life:
Poughkeepsie, New York        |     - Get up;
lharrison at mhv.net             |     - Survive;
http://www.dueprocess.com     |     - Go to bed."
************************************************************

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpjYDD5A4+Z4Wnt9AQGEiwP+OwSodqT2IMQJIFxf/OPFIr7JSJJY7uWc
tBfpskpydWvpcKe49PZMbflNOsTgjuW/MyRXLwu8j/mMIEKqwe7KvYPEVUIHNjx3
by3dLMglaihuObbAViewOTS2mjat2bWtB24cGwHI1/94gc8trLlXS3VTtCQYcnkl
Btw1KpGDCek=
=pfBU
-----END PGP SIGNATURE-----






From frantz at netcom.com  Sun Nov 24 15:49:56 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 24 Nov 1996 15:49:56 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <199611242349.PAA02899@netcom6.netcom.com>


At  2:16 PM 11/24/96 +0000, The Deviant wrote:
>On Sat, 23 Nov 1996, Bill Frantz wrote:
>> I thought Shannon proved one-time-pads to be unbreakable using information
>> theory.
>
>Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
>no matter what key you use, it _will_ decrypt, so your plaintext is still
>hidden simply because it could decrypt to whatever the person trying to
>decrypt it wants it to.  Its not that its unbreakable, its that its
>breakable in _so many ways_.  

I think we differ on the definition of "unbreakable".  A quick stab at my
(admittedly very vague) definition includes the inability of the analyst to
determine (by the structure of the plaintext) that he has a correct
decryption.

When I look in AC2, Schneier uses "break" in many ways.  Let me evaluate
OTP against his taxonomy of attacks:

Ciphertext-only:   Unbreakable
Known-plaintext:   Unbreakable, since the pad is never reused
Chosen-plaintext:  Unbreakable, ditto
Adaptive-chosen-plaintext: Unbreakable, ditto
Chosen-ciphertext: This attack doesn't seem to apply
Chosen-key:        This attack requires that the OTP doesn't have 
                   1-bit-of-entropy/bit which implies it isn't an OTP.
Rubber-hose:       Since any decryption is equally plausable, OTPs are
                   resistant to this attack.  OTOH, it means they may 
                   keep beating you even after you've given them the
                   correct decryption.
Purchase-key:      This attack seems the only way to break an OTP.
 
If you accept Purchase-key as a valid attack, and it certainly has worked
in many real-life situations, then no system is "unbreakable" and there is
not any point in using the term.  If you leave it out of the valid forms of
attack, because all systems are vulnerable to it so it doesn't help in
selecting a cryptosystem, then the OTP is "unbreakable".

How do you want to define "unbreakable"?


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From frantz at netcom.com  Sun Nov 24 15:50:18 1996
From: frantz at netcom.com (Bill Frantz)
Date: Sun, 24 Nov 1996 15:50:18 -0800 (PST)
Subject: Aga is talking to himself
Message-ID: <199611242349.PAA02909@netcom6.netcom.com>


At  6:15 AM 11/24/96 -0500, aga <aga at dhp.com> wrote:
>On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
actually the message was from lucifer at dhp.com:

>> aga <aga at dhp.com> writes:
... messages suppressed

It looks like our juvenile "friend" is talking to himself.  I am truely
sorry that he feels a need to harass ladies who have actually made
something of their lives.


-------------------------------------------------------------------------
Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA







From dlv at bwalk.dm.com  Sun Nov 24 16:40:12 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 16:40:12 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <3.0.32.19961124115028.00dc1358@mail.teleport.com>
Message-ID: <c2aXXD25w165w@bwalk.dm.com>


Alan Olsen <alan at ctrl-alt-del.com> babbles:
> At 04:00 AM 11/24/96 -0500, Black Unicorn wrote:
> >On Sun, 24 Nov 1996 eli+ at gs160.sp.cs.cmu.edu wrote:
> >
> >> Maybe this one's different from all of those.  How valuable a secret
> >> would you like to wager on that?  If IPG wants credibility, they should
> >> retain a respected cryptographer, or several, to attack their scheme.
> >
> >"They" attempt this nearly daily by trying to taunt c'punks into
> >evaluating the product for free.
>
> Then someone should not do it for free.  They should do it as a "data
> recovery tool", advertise widely, make a few bucks, and show what a piece
> of crap the IPG snakeoil is in the first place.
>
> Cracktools are starting to become a profitable business as more and more
> snakeoil products appear on the market.  (Most are marketed to law
> enforcement, but that will probibly change...)
>
> There is a buck or two to be made here.

There's probably more money to be made by blackmailing the snake-oil
peddler (pay me so I don't release the cracktool for your crap) than
by selling the cracktools themselves.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From nobody at cypherpunks.ca  Sun Nov 24 16:51:11 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 24 Nov 1996 16:51:11 -0800 (PST)
Subject: Killfiling stupid faggots
Message-ID: <199611250039.QAA06444@abraham.cs.berkeley.edu>


abostick at netcom.com (Alan Bostick) writes:
>
> In article <199611220304.VAA02832 at manifold.algebra.com>,
> ichudov at algebra.com (Igor Chudov @ home) wrote:
>
> > Dr. John Martin Grubor is the most harmless and most entertaining
> > among all kooks.
> >
> > His posting volume is a bit high, but other than that DrG never
> > got anyone in trouble.
>
> I dunno about "harmless".  Publishing lists of "known homosexuals"
> can have repercussions that outweigh their entertainment value.

Yes. John Gilmore met Alan Bostick through Grubor's list.
They fucked each other in the ass (how's that for entertainment!)
but now John Gilmore has AIDS.

P.S. Whoever said Gilmore is bi and eats pussy is a fucking liar.
Gilmore is 100% queer. He hasn't touched pussy since he was born.

diGriz





From drose at AZStarNet.com  Sun Nov 24 17:35:11 1996
From: drose at AZStarNet.com (drose at AZStarNet.com)
Date: Sun, 24 Nov 1996 17:35:11 -0800 (PST)
Subject: Sameer R.I.P.
Message-ID: <199611250134.SAA12821@web.azstarnet.com>


C2 has a nice corporate-style fig leaf on its site.  Sameer has decided, it
seems, to get out of the anonymity business and pursue other interests.

Nice run while it lasted.

FYI, Sameer does mention that his recent legal brouhaha had nothing to do
with this decision.






From nobody at cypherpunks.ca  Sun Nov 24 17:35:19 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Sun, 24 Nov 1996 17:35:19 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <199611250124.RAA07293@abraham.cs.berkeley.edu>



At 7:10 AM 11/24/1996, The Deviant wrote:
>On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
>> At 6:56 PM 11/23/1996, The Deviant wrote:
>> >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
>> >> The good news is that you can prove a negative.  For example, it has
>> >> been proven that there is no algorithm which can tell in all cases
>> >> whether an algorithm will stop.
>> >
>> >No, he was right.  They can't prove that their system is unbreakable.
>> >They _might_ be able to prove that their system hasn't been broken, and
>> >they _might_ be able to prove that it is _unlikely_ that it will be, but
>> >they *CAN NOT* prove that it is unbreakable.  This is the nature of
>> >cryptosystems.
>> 
>> Please prove your assertion.
>> 
>> If you can't prove this, and you can't find anybody else who has, why
>> should we believe it?
>
>Prove it?  Thats like saying "prove that the sun is bright on a sunny
>day".  Its completely obvious.

In other words, you can't prove it.  Thought so.

>If somebody has a new idea on how to attack their algorithm, it might
>work.  Then the system will have been broken.  You never know when
>somebody will come up with a new idea, so the best you can truthfully
>say is "it hasn't been broken *YET*".  As I remember, this was mentioned
>in more than one respected crypto book, including "Applied Cryptography"
>(Schneier).

Page number?

Perhaps it would be helpful to hear a possible proof.  If somebody
were to show that breaking a certain cryptographic algorithm was
NP-complete, many people would find this almost as good as proof that
the algorithm is unbreakable.

Then if a clever person were to show that the NP-complete problems
were not solvable in any faster way than we presently know how, you
would have proof that a cryptographic algorithm was unbreakable.

There is no obvious reason why such a proof is not possible.

diGriz







From ichudov at algebra.com  Sun Nov 24 17:36:57 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sun, 24 Nov 1996 17:36:57 -0800 (PST)
Subject: kickouts done the Cypherpunks way...
Message-ID: <199611250134.TAA23699@manifold.algebra.com>


Hi,

Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
for his obnoxious letters to the mailing list.

Mr. X, however, is concerned that Mr. Y would subscribe through some
proxy address and would continue replying to messages to foobarpunks.

It is assumed that the only person out of the whole universe, Mr. Y, 
cannot be trusted. The problem is that X does not know which of the 
subscribers is Mr. Y.

The question is, is there a technical way to disable Mr. Y from
reading the list, or detect which subscription address is a proxy for Y?

If we assume that, at the moment when Y was kicked out, he was not
subscribed through any other addresses, the solution becomes simple:
for any new subscription request we require a letter of recommendation 
from some other subscriber. Since other subscribers are presumed to
be trustworthy, their recommendations would be sufficient. It is 
actually being done in some of the mailing lists.

The problem becomes more complex when Mr. Y is already presumed to have
infiltrated the mailing list, possibly through several proxy addresses.

Is there any way to detect/find which if the subscriber is Y? One of
the simple-minded solutions is to _mutate_ mailing list messages
so that all readers get slightly different copies of mailing list messages
for each recipient. (Such mutations may include common misspellings,
inserting spaces, etc)

If the mailing list bot keeps track of what changes were made in 
messages to which individual, and if we assume that Mr. Y has to quote 
significant parts of messages he replies to, finally the variations
in messages may be reconciled with variations in quoted parts.

Mr. Y is not stupid, and may go as far as comparing letters, received
through different proxy addresses, in order to detect "variations"
and avoid quoting them.

The question is, is there a strategy of making variations and detecting
them in quotes to finally catch Mr. Y?

	- Igor.





From stewarts at ix.netcom.com  Sun Nov 24 18:11:42 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Sun, 24 Nov 1996 18:11:42 -0800 (PST)
Subject: The American Black Chamber - Yardley - Re: 1996 Codebreakers
Message-ID: <1.5.4.32.19961125021110.003ad168@popd.ix.netcom.com>


Adam Shostack <adam at homeport.org> wrote:
>	I just got a review copy of the new (1996) ed. of Kahn's The
>Codebreakers from my local used bookstore.  Its a little disapointing,
>about 20 new pages of material.  Kahn states in the forward that all
>the new material is in a chapter at the end.
.......
>	Anyway, copies should be in bookstores soon.  If you don't
>have a copy already, Kahn is the definitive history book, and is well
>worth having.

I just got a copy* of the 1981 "The American Black Chamber", by
Herbert O. Yardley, with a new (1981) intro by Kahn. ISBN 0-345-29867-5.
The original had been published in 1931, went through a couple printings,
and sold twice as many copies in Japan as the US.  In 1933 the US passed a 
law banning the publishing of any material that had been published in
diplomatic codes, and of course they withheld permission for future printings.  

Lots of good material on the state of crypto from WWI through the 1920s.
Crypto wasn't yet on a mathematical basis, though it was starting to
emerge in cryptanalysis.  After the World War ended, most of the traffic was
cracking diplomatic correspondence, especially for disarmament negotiations.
Getting users to take crypto seriously was a problem - most of the US
communications during the Spanish-American war used a sort of "rot-1898",
and even during the World War, military plans were often broadcast on
radio using wimpy codes, causing much damage to both sides.  
Codes were generally designed by people who didn't have extensive cracking 
experience, and therefore most new codes were easily cracked as well.
  
Yardley's organization diverted some of its expertise to cracking secret
inks, which were extensively used by German spies.  Language and cultural
differences caused surprising difficulties - there was one person they could
find who knew German shorthand systems, and finding Japanese language
experience after the war was difficult, since they didn't want to use
Japanes immigrants for security reasons and most missionaries wouldn't do
military work (both for ethical reasons and because it would lead the
Japanese government to crack down on missions to Japan, Korea, and China.)

Kahn speculates that the ability to crack Japanese naval codes in WWII was
probably enhanced by Yardley's people's work - PURPLE was much stronger
than the earlier Japanese diplomatic codes, but the Japanese Navy believed
that "This time, it's all right" (cable chief, to foreign minister :-),
when it wasn't.

Yardley reports at the end of the book that he believed the science of
cryptography would die out - AT&T had invented a cypher machine during
the war, and had invented one-time pads, and the combination would make
code clerks obsolete and codes unbreakable......

Shortly after that, in 1929, the new Secretary of State was shocked to 
discover that his department was funding eavesdropping. 
        "Gentlemen don't read each others' mail."

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)






From sandfort at crl.com  Sun Nov 24 18:24:13 1996
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 24 Nov 1996 18:24:13 -0800 (PST)
Subject: Sameer R.I.P.
In-Reply-To: <199611250134.SAA12821@web.azstarnet.com>
Message-ID: <Pine.SUN.3.91.961124181724.21637E-100000@crl10.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

On Sun, 24 Nov 1996 drose at AZStarNet.com wrote:

> Sameer has decided, it seems, to get out of the anonymity
> business and pursue other interests.

Well, I guess you could call privacy guaranteed by strong crypto,
"other interests."  Seems right in the middle of what Cypherpunks
are all about.  If you like strong crypto, you'll love what's
coming next from C2Net.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From azur at netcom.com  Sun Nov 24 18:56:11 1996
From: azur at netcom.com (Steve Schear)
Date: Sun, 24 Nov 1996 18:56:11 -0800 (PST)
Subject: Sameer R.I.P.
Message-ID: <v02140b03aebebb252aba@[10.0.2.15]>


>C2 has a nice corporate-style fig leaf on its site.  Sameer has decided, it
>seems, to get out of the anonymity business and pursue other interests.
>
>Nice run while it lasted.
>
>FYI, Sameer does mention that his recent legal brouhaha had nothing to do
>with this decision.

C2 is still appears comitted to anonymity, they just don't want consumer
accounts which were unprofitable.  C2 will still support anonymous Web
pages and offers the Web-access Anonmizer.







From drose at AZStarNet.com  Sun Nov 24 19:11:57 1996
From: drose at AZStarNet.com (drose at AZStarNet.com)
Date: Sun, 24 Nov 1996 19:11:57 -0800 (PST)
Subject: Sameer R.I.P.
Message-ID: <199611250311.UAA05745@web.azstarnet.com>


On Sun, 24 Nov 1996 Sandy Sandfort <sandfort at crl.com> wrote:

>On Sun, 24 Nov 1996 drose at AZStarNet.com wrote:
>
>> Sameer has decided, it seems, to get out of the anonymity
>> business and pursue other interests.
>
>Well, I guess you could call privacy guaranteed by strong crypto,
>"other interests."  Seems right in the middle of what Cypherpunks
>are all about.  If you like strong crypto, you'll love what's
>coming next from C2Net.

Point well taken.  Most people who are in the market for a Web server,
however, are cognizant of the fact that along with Netscape, Microsoft, Open
Market, O'Reilly et al, Sameer has been for some time now selling a well
regarded product: namely, his proprietary version of Apache.

I guess my point was that, notwithstanding Sameer's estimable commercial
software offerings, the *news* is that 
he has, to repeat myself, abandoned the anonymity business with respect to
many of his traditional public Internet services.

Certainly, no slight was intended.  I "like strong crypto", so I naturally
look forward to stuff from C2Net that, in your opinion, I'll "love."

David M. Rose
drose at azstarnet.com






From Adamsc at io-online.com  Sun Nov 24 20:27:51 1996
From: Adamsc at io-online.com (Adamsc)
Date: Sun, 24 Nov 1996 20:27:51 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <19961125042533203.AAA253@rn07.io-online.com>


On Sun, 24 Nov 1996 02:20:25 -0600 (CST), snow wrote:

>> > diGriz

>> Use an anon. remailer and sign your posts.  Brilliant.  Just brilliant.

>     The Stainless Steel Rat. Harry Harrison.

Just as an off-topic SF note, how many people on the list read this series
during their formative years?  How many of them thought it was a guide book?

#  Chris Adams  <adamsc at io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
#  <cadams at acucobol.com>                 | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
   --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)







From declan at well.com  Sun Nov 24 20:32:50 1996
From: declan at well.com (Declan McCullagh)
Date: Sun, 24 Nov 1996 20:32:50 -0800 (PST)
Subject: Stewart Baker on HP-Intel-Microsoft Crypto Announcement
Message-ID: <Pine.sos5.3.91.961124233126.12016D-100000@cp.pathfinder.com>



---------- Forwarded message ----------
Date: Sun, 24 Nov 1996 22:14:34 -0500
From: Dave Farber <farber at cis.upenn.edu>
To: interesting-people mailing list <interesting-people at eff.org>
Subject: IP: HP-Intel-Microsoft Crypto Announcement

Date: Sun, 24 Nov 96 21:43:47 EST
From: "Stewart Baker" <sbaker at mail.steptoe.com>
To: farber at cis.upenn.edu
Subject: HP-Intel-Microsoft Crypto Announcement

     

  

I also attended the Hewlett-Packard/Intel/Microsoft announcement, and 
I thought it might be useful to offer a slightly different perspective
from Ross Stapleton-Gray's and Declan McCullagh's notes.

It's understandable, given the coincidence of the two events, that 
Ross and Declan saw the announcement as tied to the government's key 
recovery initiative, but I think they may have been led astray by the 
timing.  As I understand it, the HP framework is not so much an 
embrace of government regulation in this field as a recognition by 
some major companies that governments simply are not going to get out 
of the business of regulating encryption soon, or at least not soon 
enough for the people who want to build a secure global network right 
now.  I see the announcement as an effort by business to sidestep the 
policy debate, to say to the politicians, "Whatever crypto policy you 
decide to adopt, this system will work with it."

So, in my view, the HP technology is significant mainly for its 
flexibility rather than for supporting key recovery or any other 
particular policy.  It allows PC manufacturers to build into their 
products virtually any form of encryption that a user could want and 
to ship those products around the world without falling afoul of 
export controls or domestic regulations on encryption.

>From a security point of view, this is important because it allows 
commoditization of security hardware.  One of the reasons why 
encryption hardware has not spread is that individualized licensing 
and local restrictions make it imprudent to include hardware security 
as a standard feature in PCs aimed at mass markets.  The HP system has
safeguards that have evidently persuaded governments that they can 
allow mass market sales of hardware encryption without giving up their
current regulatory authority.

What does this mean for the government's key escrow policy?  First, as
we heard at the news conference, HP's system will run the TIS 
commercial key recovery system (and presumably the CertCo./Bankers 
Trust system as well).  So it will make key recovery products 
available to buyers.  But it will also run 40-bit encryption, DES, and
other strong algorithms without escrow.  The customer decides what 
crypto to use; the framework doesn't favor one of those technologies 
over the other, except that it allows customers to buy strong 
key-recovery crypto today with the knowledge that the hardware won't 
become obsolete tomorrow if government policies change and something 
more attractive comes along.

As a separate point, I'm not sure Declan is right to call this 
vaporware.  The basic hardware has been available for a while.  (I saw
an early demo a few years ago.)  It sounds as though the R&D is done; 
all that remains is engineering, and maybe not too much of that.









From deviant at pooh-corner.com  Sun Nov 24 20:40:53 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sun, 24 Nov 1996 20:40:53 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611242349.PAA02899@netcom6.netcom.com>
Message-ID: <Pine.LNX.3.94.961125043454.344A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 24 Nov 1996, Bill Frantz wrote:

> At  2:16 PM 11/24/96 +0000, The Deviant wrote:
> >On Sat, 23 Nov 1996, Bill Frantz wrote:
> >> I thought Shannon proved one-time-pads to be unbreakable using information
> >> theory.
> >
> >Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
> >no matter what key you use, it _will_ decrypt, so your plaintext is still
> >hidden simply because it could decrypt to whatever the person trying to
> >decrypt it wants it to.  Its not that its unbreakable, its that its
> >breakable in _so many ways_.  
> 
> I think we differ on the definition of "unbreakable".  A quick stab at my
> (admittedly very vague) definition includes the inability of the analyst to
> determine (by the structure of the plaintext) that he has a correct
> decryption.

Well, I was speaking mathematicly (sortof).  When I say "unbreakable", I
mean that you can't figure out the plaintext given only the cyphertext.
In this sence, you can't prove an algorithm "unbreakable", for the reasons
stated *so many times* on this list, and OTP is very very breakable, but
the information you get after breaking it isn't usefull to you.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"It's kind of fun to do the impossible."
                -- Walt Disney


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpkiizCdEh3oIPAVAQGRsQf8DzuJ46pHR23KXgMmcjioqgpBaOTCxXRq
MkiGkY7F8GJo8qNhmYmBlpPDPET/mIXsxjdedD4ye6Er47WLKi/7P8ZLBoJcuVPR
N+Jg3H6Umfhb+Pm6zAVmM9PRJ7JXYMGRkvezGWij7gYaB9COs9df7cjsTtEOIo6J
+1RGkud4bBFw05k94Mv9bNpB4Ns51IinPmiSNEU3AT36y/O22gIlkxmrHsRf+rOQ
UHxL/uQS+m1awq9ArtwqEcI4RQeQoDnFZraAJ6QkNE+VexZ8uzLcSr/pV+WzQYD3
5MGz/fc5aXL1jZnwIkXhmwRb4fjk76DqQTc9t1mGzBIUVTgR6OFbiw==
=/b+e
-----END PGP SIGNATURE-----






From ichudov at algebra.com  Sun Nov 24 21:48:47 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sun, 24 Nov 1996 21:48:47 -0800 (PST)
Subject: kickouts done the Cypherpunks way...
In-Reply-To: <199611250540.AAA03123@anon.lcs.mit.edu>
Message-ID: <199611250543.XAA00779@algebra>


killfiles work fine with me too. that was not the point.

i was not really interested in the practical problem that this list just
had, but rather was wondering whether it was theoretically possible
to identify and exclude one untrusted person from a trusted list.

igor

lcs Mixmaster Remailer wrote:
> 
> ichudov at algebra.com (Igor Chudov @ home) writes:
> 
> > Hi,
> > 
> > Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
> > for his obnoxious letters to the mailing list.
> > 
> > Mr. X, however, is concerned that Mr. Y would subscribe through some
> > proxy address and would continue replying to messages to foobarpunks.
> > 
> > It is assumed that the only person out of the whole universe, Mr. Y, 
> > cannot be trusted. The problem is that X does not know which of the 
> > subscribers is Mr. Y.
> > 
> > The question is, is there a technical way to disable Mr. Y from
> > reading the list, or detect which subscription address is a proxy for Y?
> 
> The answer is no.  Plenty of sites gate mailing lists to local
> newsgroups, and allow open or relatively open NNTP access.  It's also
> silly to assume every other person in the universe is trustworthy.
> 
> If Mr. Y sends lots of obnoxious mail to a mailing list or news group,
> the proper thing to do is to put Mr. Y in your killfile and encourage
> others to do so.  That way you don't get bothered by his annoying
> messages, and if enough people follow suit, people stop responding to
> Mr. Y's messages.  This can be even be extended to cover anonymous
> posts using NoCeM-like systems.
> 
> If you try to boot Mr. Y off the mailing list using technical means,
> several bad things will happen:  First of all you will fail, which
> will give Mr. Y a great deal of satisfaction.  Second of all, you will
> drive Mr. Y to start posting under different names, making him
> considerably harder to killfile.  Third of all, you will double the
> traffic on the mailing list by starting flamewars about whether this
> failed booting attempt was ethical, legal, intelligent, homosexual,
> scatological, or just plain useless.  Since at this point tons of
> people will be replying to threads, a killfile becomes even harder to
> manage.
> 
> So don't look for convoluted technical solutions to Mr. Y's
> personality problems.  Just use a little basic common sense.  If you
> don't like the way someone behaves on a mailing list, just ignore the
> damn person.  Anything else is just going to make matters worse, as
> recent history clearly demonstrates.
> 



	- Igor.





From mix at anon.lcs.mit.edu  Sun Nov 24 22:00:06 1996
From: mix at anon.lcs.mit.edu (lcs Mixmaster Remailer)
Date: Sun, 24 Nov 1996 22:00:06 -0800 (PST)
Subject: kickouts done the Cypherpunks way...
In-Reply-To: <199611250134.TAA23699@manifold.algebra.com>
Message-ID: <199611250600.BAA04274@anon.lcs.mit.edu>


ichudov at algebra.com (Igor Chudov @ home) writes:

> Hi,
> 
> Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
> for his obnoxious letters to the mailing list.
> 
> Mr. X, however, is concerned that Mr. Y would subscribe through some
> proxy address and would continue replying to messages to foobarpunks.
> 
> It is assumed that the only person out of the whole universe, Mr. Y, 
> cannot be trusted. The problem is that X does not know which of the 
> subscribers is Mr. Y.
> 
> The question is, is there a technical way to disable Mr. Y from
> reading the list, or detect which subscription address is a proxy for Y?

The answer is no.  Plenty of sites gate mailing lists to local
newsgroups, and allow open or relatively open NNTP access.  It's also
silly to assume every other person in the universe is trustworthy.

If Mr. Y sends lots of obnoxious mail to a mailing list or news group,
the proper thing to do is to put Mr. Y in your killfile and encourage
others to do so.  That way you don't get bothered by his annoying
messages, and if enough people follow suit, people stop responding to
Mr. Y's messages.  This can be even be extended to cover anonymous
posts using NoCeM-like systems.

If you try to boot Mr. Y off the mailing list using technical means,
several bad things will happen:  First of all you will fail, which
will give Mr. Y a great deal of satisfaction.  Second of all, you will
drive Mr. Y to start posting under different names, making him
considerably harder to killfile.  Third of all, you will double the
traffic on the mailing list by starting flamewars about whether this
failed booting attempt was ethical, legal, intelligent, homosexual,
scatological, or just plain useless.  Since at this point tons of
people will be replying to threads, a killfile becomes even harder to
manage.

So don't look for convoluted technical solutions to Mr. Y's
personality problems.  Just use a little basic common sense.  If you
don't like the way someone behaves on a mailing list, just ignore the
damn person.  Anything else is just going to make matters worse, as
recent history clearly demonstrates.





From unicorn at schloss.li  Sun Nov 24 23:17:05 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 24 Nov 1996 23:17:05 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <c2aXXD25w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961125021451.5157G-100000@polaris>


On Sun, 24 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Sun, 24 Nov 96 19:25:35 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv at bwalk.dm.com>
> To: cypherpunks at toad.com
> Subject: Re: IPG Algorith Broken!
> 
> Alan Olsen <alan at ctrl-alt-del.com> babbles:
> > At 04:00 AM 11/24/96 -0500, Black Unicorn wrote:
> > >On Sun, 24 Nov 1996 eli+ at gs160.sp.cs.cmu.edu wrote:
> > >
> > >> Maybe this one's different from all of those.  How valuable a secret
> > >> would you like to wager on that?  If IPG wants credibility, they should
> > >> retain a respected cryptographer, or several, to attack their scheme.
> > >
> > >"They" attempt this nearly daily by trying to taunt c'punks into
> > >evaluating the product for free.
> >
> > Then someone should not do it for free.  They should do it as a "data
> > recovery tool", advertise widely, make a few bucks, and show what a piece
> > of crap the IPG snakeoil is in the first place.
> >
> > Cracktools are starting to become a profitable business as more and more
> > snakeoil products appear on the market.  (Most are marketed to law
> > enforcement, but that will probibly change...)
> >
> > There is a buck or two to be made here.
> 
> There's probably more money to be made by blackmailing the snake-oil
> peddler (pay me so I don't release the cracktool for your crap) than
> by selling the cracktools themselves.

Your both right.
The correct approach is to blackmail the peddler, and then sell the
cracker after the peddler has got enough of the product out there to make
your sales significant.

In this day and age of throw-away identity, you can make money coming and
going.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Sun Nov 24 23:18:24 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 24 Nov 1996 23:18:24 -0800 (PST)
Subject: Sameer R.I.P.
In-Reply-To: <199611250134.SAA12821@web.azstarnet.com>
Message-ID: <Pine.SUN.3.94.961125021701.5157H-100000@polaris>


On Sun, 24 Nov 1996 drose at AZStarNet.com wrote:

> C2 has a nice corporate-style fig leaf on its site.  Sameer has decided, it
> seems, to get out of the anonymity business and pursue other interests.
> 
> Nice run while it lasted.
> 
> FYI, Sameer does mention that his recent legal brouhaha had nothing to do
> with this decision.

Specifics...?  Fig leaf?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From dlv at bwalk.dm.com  Sun Nov 24 23:22:28 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 23:22:28 -0800 (PST)
Subject: P.S. on chain letters
Message-ID: <F4eXXD27w165w@bwalk.dm.com>


A week or so ago I was ranting about chain letters and other memes - well,
today I came across some well-research Web site hosted by Kenneth Han (Black
Unicorn may know him) - check out http://www.gwu.edu/~khan if you care
about more analysis of the Craig Sherhorn phenomenon.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sun Nov 24 23:26:57 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 24 Nov 1996 23:26:57 -0800 (PST)
Subject: Recovery after flood
In-Reply-To: <199611242147.NAA02431@count04.pleiku.com>
Message-ID: <BNcXXD26w165w@bwalk.dm.com>


Thanks Kelly!! I'll tell them to try the freon tape cleaner. (I don't have
the papers myself.) From what I've seen, it looked like the copier's toner
got dissolved in the water and is acting as a glue. The files were submerged
for a while (stupid) and when they pulled them out, they let them dry w/o
separating the pages (even more stupid). I hope there will still be some
images on the pages if we get them unstuck :-) :-) :-)

This reminds me of how we once recovered a piece of electrical equipment
from seawater, and we were told to basically keep in in a bucket of water
until it could be cleaned properly. Changing the surroundings even for
something that seems more "natural" is always additional stress on the
damaged equipment and loses more information.

Thanks again for the advice - I appreciate it because it would be quite a
pity if all of it were lost.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From unicorn at schloss.li  Sun Nov 24 23:31:24 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 24 Nov 1996 23:31:24 -0800 (PST)
Subject: kickouts done the Cypherpunks way...
In-Reply-To: <199611250134.TAA23699@manifold.algebra.com>
Message-ID: <Pine.SUN.3.94.961125022016.5157I-100000@polaris>


On Sun, 24 Nov 1996, Igor Chudov @ home wrote:

> The question is, is there a strategy of making variations and detecting
> them in quotes to finally catch Mr. Y?

It's not a new concept if thats what you mean.  Has many names.  "Canary
trapping, imposed distribution attributation" and others.

Generally either a single non-spelling error is introduced (generally with
punctuation), or several errors are introduced in different patterns
throughout the document.  Word order is another common variation to use.  
At the most basic level, a script could easily introduce e.g., a
semicolon in place of a comma once in a document, and in a different
place for each document. The "phantom serial number" of a given document
is obtained by counting the commas encountered before a semicolon is
found.  

If a correlation between serial number and original recipiant is
maintained, the first tier of the avenue by which the document is escaping
is easily identified.

Of course this method assumes that the documents are distributed onward
without alteration or summarizing.

More complicated variations can be introduced as is needed.
(Paragraph/subject order, names of participants, etc.)

Coderpunks might have a harder time.  For obvious reasons technical
writings are much more sensitive to even minor alterations.

> 	- Igor.
> 

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Sun Nov 24 23:49:34 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sun, 24 Nov 1996 23:49:34 -0800 (PST)
Subject: kickouts done the Cypherpunks way...
In-Reply-To: <199611250600.BAA04274@anon.lcs.mit.edu>
Message-ID: <Pine.SUN.3.94.961125024347.5157J-100000@polaris>


On Mon, 25 Nov 1996, lcs Mixmaster Remailer wrote:

> ichudov at algebra.com (Igor Chudov @ home) writes:
> 
> > Hi,
> > 
> > Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
> > for his obnoxious letters to the mailing list.
> > 
> > Mr. X, however, is concerned that Mr. Y would subscribe through some
> > proxy address and would continue replying to messages to foobarpunks.
> > 
> > It is assumed that the only person out of the whole universe, Mr. Y, 
> > cannot be trusted. The problem is that X does not know which of the 
> > subscribers is Mr. Y.
> > 
> > The question is, is there a technical way to disable Mr. Y from
> > reading the list, or detect which subscription address is a proxy for Y?
> 
> The answer is no.  Plenty of sites gate mailing lists to local
> newsgroups, and allow open or relatively open NNTP access.  It's also
> silly to assume every other person in the universe is trustworthy.

Process of elimination.
If the document that goes to a newsgroup is document #5, then you can
concentrate on the path after #5.  Which newsgroup is it?  Easily
determined by selectively seeding documents to different newsgroups.  You
get the idea.  Message pools complicate the process, but are not
impossible to deal with, particularly when output to the newsgroup can be
controled, as it can here, either by killing the feed the the group, or to
the party posting there.

This all of course begs the question as to whether this is even a good
idea, you address it below:

> 
> If Mr. Y sends lots of obnoxious mail to a mailing list or news group,
> the proper thing to do is to put Mr. Y in your killfile and encourage
> others to do so.  That way you don't get bothered by his annoying
> messages, and if enough people follow suit, people stop responding to
> Mr. Y's messages.  This can be even be extended to cover anonymous
> posts using NoCeM-like systems.

Agreed.  But not because it is technically impossible.

> If you try to boot Mr. Y off the mailing list using technical means,
> several bad things will happen:  First of all you will fail, which
> will give Mr. Y a great deal of satisfaction.  Second of all, you will
> drive Mr. Y to start posting under different names, making him
> considerably harder to killfile.

Not really.  Simply continue to seed and watch new subscriptions to the
list.  That narrows down the leak quite well.

Same thing as winding up agent nets that use dead-drops.  Identigy one
step at a time.

> Third of all, you will double the
> traffic on the mailing list by starting flamewars about whether this
> failed booting attempt was ethical, legal, intelligent, homosexual,
> scatological, or just plain useless.  Since at this point tons of
> people will be replying to threads, a killfile becomes even harder to
> manage.

Agreed.

> So don't look for convoluted technical solutions to Mr. Y's
> personality problems.  Just use a little basic common sense.  If you
> don't like the way someone behaves on a mailing list, just ignore the
> damn person.  Anything else is just going to make matters worse, as
> recent history clearly demonstrates.

Mostly agreed.


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From mccoy at communities.com  Sun Nov 24 23:55:38 1996
From: mccoy at communities.com (Jim McCoy)
Date: Sun, 24 Nov 1996 23:55:38 -0800 (PST)
Subject: Sameer R.I.P.
In-Reply-To: <199611250134.SAA12821@web.azstarnet.com>
Message-ID: <v03007800aebf00a81c0f@[205.162.51.35]>



drose at AZStarNet.com wrote:
> Sameer has decided, it seems, to get out of the anonymity
> business and pursue other interests.

Sameer was offering the net an essentially free service and
people should be greteful that it lasted as long as it did.
If people are so full of rightous indignation over this they
should pick up the torch and carry on using their own dime.
[OTOH, a word of explanation would have been nice...]

Sandy writes:
>Well, I guess you could call privacy guaranteed by strong crypto,
>"other interests."  Seems right in the middle of what Cypherpunks
>are all about.  If you like strong crypto, you'll love what's
>coming next from C2Net.

Translation:  C2 has a product which is making money.  Providing
support for a service which is essentially making no money was
taking time away from things like Stronghold and development of
other products.  The latter are much more important to C2 because
it lets them hire all kinds of nice people like Sandy :)

jim







From moroni at scranton.com  Mon Nov 25 00:28:29 1996
From: moroni at scranton.com (Moroni)
Date: Mon, 25 Nov 1996 00:28:29 -0800 (PST)
Subject: kickouts done the Cypherpunks way...
In-Reply-To: <199611250134.TAA23699@manifold.algebra.com>
Message-ID: <Pine.LNX.3.95.961125032550.9643A-100000@user1.scranton.com>


    The problem is that a nobody wanting to join the mailing list to learn
the subject matter of the list probably will not know anyone to sponsor
him.The second problem is that some isps go down occasionally and the mail
bounces back to the list which results in a subscription stop. How than
would one know to whom to go and ask for a recommendation. These  are
certainly things to consider .



On Sun, 24 Nov 1996, Igor Chudov @ home wrote:

> Date: Sun, 24 Nov 1996 19:34:09 -0600 (CST)
> From: "Igor Chudov @ home" <ichudov at algebra.com>
> To: cypherpunks at toad.com
> Subject: kickouts done the Cypherpunks way...
> 
> Hi,
> 
> Suppose Mr. X, owner of foobarpunks mailing list, wants to kick out Mr. Y,
> for his obnoxious letters to the mailing list.
> 
> Mr. X, however, is concerned that Mr. Y would subscribe through some
> proxy address and would continue replying to messages to foobarpunks.
> 
> It is assumed that the only person out of the whole universe, Mr. Y, 
> cannot be trusted. The problem is that X does not know which of the 
> subscribers is Mr. Y.
> 
> The question is, is there a technical way to disable Mr. Y from
> reading the list, or detect which subscription address is a proxy for Y?
> 
> If we assume that, at the moment when Y was kicked out, he was not
> subscribed through any other addresses, the solution becomes simple:
> for any new subscription request we require a letter of recommendation 
> from some other subscriber. Since other subscribers are presumed to
> be trustworthy, their recommendations would be sufficient. It is 
> actually being done in some of the mailing lists.
> 
> The problem becomes more complex when Mr. Y is already presumed to have
> infiltrated the mailing list, possibly through several proxy addresses.
> 
> Is there any way to detect/find which if the subscriber is Y? One of
> the simple-minded solutions is to _mutate_ mailing list messages
> so that all readers get slightly different copies of mailing list messages
> for each recipient. (Such mutations may include common misspellings,
> inserting spaces, etc)
> 
> If the mailing list bot keeps track of what changes were made in 
> messages to which individual, and if we assume that Mr. Y has to quote 
> significant parts of messages he replies to, finally the variations
> in messages may be reconciled with variations in quoted parts.
> 
> Mr. Y is not stupid, and may go as far as comparing letters, received
> through different proxy addresses, in order to detect "variations"
> and avoid quoting them.
> 
> The question is, is there a strategy of making variations and detecting
> them in quotes to finally catch Mr. Y?
> 
> 	- Igor.
> 
















       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
       x   No success can compensate for failure in the home.  x
       x                                                       x
       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx






From inssdl at dstn21.dct.ac.uk  Mon Nov 25 00:32:36 1996
From: inssdl at dstn21.dct.ac.uk (inssdl)
Date: Mon, 25 Nov 1996 00:32:36 -0800 (PST)
Subject: A source of entropy?
Message-ID: <9611250834.AA11220@dstn21.dct.ac.uk>


Last weekend I spent time formatting a little over 100 new floppies. When 
I was staring at the monitor between changes, I started looking at the 
volume serial number that was being thrown up for each disk.

These *appeared* to be unpredictable from the previous serial number given.

If the serial number is represented as xxxx-yyyy then sometimes yyyy 
would be one less than the previous yyyy but xxxx always seemed to be 
"random".

The disks were all brand new, no errors (from a couple of boxes of 50 and 
some odd ones), formatted at the Win95 DOS prompt with 'format a: /u' no 
volume labels and pressing 'y' to format the next disk.

Would anyone like to comment on the possible entropy from these serial 
numbers, even if it's only to say "Don't be daft, DOS derives the 
numbers like this..."

I'll probably be doing a similar number next weekend. If any interest is 
generated from this post, I could always record the serial numbers given 
to the next batch to look for correlations.

(Please don't reply with 'invest in a bulk-formatter' - I can't afford 
one right now.)

**********************************************************************
David Lucas PGDip Software Engineering @@ BEng(Hons) Civil Engineering
Postgraduate Software Engineer, University of Abertay Dundee, SCOTLAND
@ E-mail: inssdl at dstn21.dct.ac.uk @ 2+2 = 5  for large values of two @
If you're not living on the edge, then you're taking up too much space
Organisations can't have opinions, only people can and these are mine.
Dave's Doorstep is back!!!! - http://river.tay.ac.uk/~i95dl/index.html
**********************************************************************





From ben at gonzo.ben.algroup.co.uk  Mon Nov 25 01:50:06 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Mon, 25 Nov 1996 01:50:06 -0800 (PST)
Subject: Sameer R.I.P.
In-Reply-To: <199611250311.UAA05745@web.azstarnet.com>
Message-ID: <9611250846.aa15199@gonzo.ben.algroup.co.uk>


drose at azstarnet.com wrote:
> 
> On Sun, 24 Nov 1996 Sandy Sandfort <sandfort at crl.com> wrote:
> 
> >On Sun, 24 Nov 1996 drose at AZStarNet.com wrote:
> >
> >> Sameer has decided, it seems, to get out of the anonymity
> >> business and pursue other interests.
> >
> >Well, I guess you could call privacy guaranteed by strong crypto,
> >"other interests."  Seems right in the middle of what Cypherpunks
> >are all about.  If you like strong crypto, you'll love what's
> >coming next from C2Net.
> 
> Point well taken.  Most people who are in the market for a Web server,
> however, are cognizant of the fact that along with Netscape, Microsoft, Open
> Market, O'Reilly et al, Sameer has been for some time now selling a well
> regarded product: namely, his proprietary version of Apache.

Actually, its my proprietary version of Apache, rebadged and with some extras.
My version is free. I'm pleased to hear it is "well regarded", though ;-)

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From aga at dhp.com  Mon Nov 25 02:56:24 1996
From: aga at dhp.com (aga)
Date: Mon, 25 Nov 1996 02:56:24 -0800 (PST)
Subject: KILL cypherpunks !!!
In-Reply-To: <Pine.SUN.3.94.961124162856.5157A-100000@polaris>
Message-ID: <Pine.LNX.3.95.961125052017.6797B-200000@dhp.com>

On Sun, 24 Nov 1996, Black Unicorn wrote:

dude, you put the cypherpunks list in the header again.
You really want that list killed, do you not?

> On Sun, 24 Nov 1996, aga wrote:
> 
> > > > Not really, I had an I.Q. of 149, and a perfect 4.00 from
> > > > two different colleges, before I did my Doctorate in Law.
> > > 
> > > 149 puts you at the low end of the scale, or used to, around here.
> > > 
> > 
> > True, they say genius only starts at 150; but I think I have
> > improved since then.
> 
> This betrays your ignorance.  I.Q. is scaled according to age.  One does
> not "improve."
> 

I have no ignorance, except for being ignorant of stupid people
who call themselves "punks."

> > > The fact (if true) that you bothered to get a Doctorate in Law, rather
> > > than a Juris Doctor, tends to disprove the above however.
> > > 
> > 
> > Look dude, a Juris Doctor IS a Doctorate of Law.
> 
> Incorrect.
> 

Look asshole; it says "LAW DOCTOR" -- that is what "Juris Doctor"
means, stupid.  And I am about to stick the motherfucking Laws
right up your cocksucking ASS!

> One can obtain a Doctorate in Law, (As in Dr.) but it is generally a
> pointless endeavor except in some civil law jurisdictions.  (Liechtenstein
> is a good example, where many attornies have a Dr.Iur. (Dr.) while others
> merely have a Lic.Iur. (J.D.) ).
> 
> A J.D. requires no dissertation.
> A Doctorate in Law does.
> 

Wrong.  A J.D. requires a 75 page moot-court dissertation which
is always new legal research.

> I submit you know too little about any of these to have attained either
> one.
> 
> > Do not confuse it with a L.L.D. which is a "Doctorate
> > of Legal Letters"  A J.D. is the only current valid
> > Doctorate that you can do in plain "Law."
> 
> Incorrect.
> 
> A J.D. is not a true Doctorate, and even if it were, it would not be the
> only current valid "Doctorate" that you can "do" in "plain Law."
> 

"Juris" means Law.  So Juris Doctor means "Law Doctor."

> Georgetown, as an example, offers a Doctorate in Law degree which requires
> a J.D., an LL.M. and three years of legal teaching experience simply to
> qualify for the program.
> 

that is irrelevant, and you are off-topic.

> A Doctor of Judicial Science program is also available with many of the
> same requirements.
> 
> Both programs require a dissertation and a defense of same.
> 
> San Marcos University is also known for an exceptional Doctor of Laws
> program.
> 
> Incidently, LL.D.s are rare and generally useful only in European circles.
> 

Europe is also irrelevant, and you keep missing the point here.
You have added the cypherpunks list again, and that was forbidden.

> As usual, you have overextended your bounds and now find yourself swimming
> in water over your head.
> 

look asshole, you really want that list killed, do you not?
I have no bounds, as you will soon learn.

> > > > 
> > > > > Go to law school.  In the meantime, shut up.
> > > > > 
> > > > 
> > > > Go and eat your swiss cheese, as that is apparently all you
> > > > are good for.  My mercenaries are too busy to go to europe
> > > > right now.
> > > 
> > > I prefer Chedder.
> > > 
> > > Be careful who you threaten.  It might get you in trouble.
> > > 
> > 
> > Threatening to wipe out your location on the InterNet is
> > not against ANY law whatsoever, and I can mailbomb you, do
> > a DOS attack, fork-bomb attack and virus attack against you,
> > all of which are perfectly legal.
> 
> Actually, they are not.  Unauthorized access of a computer system is a
> crime.  Anyone who had a "doctorate" in law would know this.
> 

WRONG!  There is NO crime which covers anything that one does
internationally!   And mailbombing is NOT "Unauthorized access,"
regardless of where it occurs!

> I doubt your reference to mercenaries was merely a threat to my system,
> but keep pushing if you like.
> 
> > > > Look asshole, I graduated from Law School with a Doctorate
> > > > in 1975.  Now just go away and stop interfering with our
> > > > American Net.
> 
> Which law school?  And did you do a dissertation?  What is its title?  Do
> you practice?  What state are you licensed in?
> 

Pitt-1975; Dissertation was in 1983 actions.  I practiced for
six years, and then became perfect.  I currently do not practice for
any parties other than myself, family, corporation or Institutes,
and I need no license for that. And since I do not carry any
license from any State, there is NOTHING that you can do to stop me.
The State disciplinary board has no jurisdiction, nor does any
Law.  A Criminal Lawyer is a specialist in ripping new assholes
on the witness stand, and that must now also be practiced on the net,
it seems.  Remember, you are the one who asked for this, "Sadam."

This is a world-wide internet problem that you are about to get
taken care of.  You will be among the first locations to be
eliminated.  And just remember that your termination is your own
doing.  You had your chance to keep the fucking cypherpunks list
OFF of your e-mail to me, and blew it.

> > Face the real fact of life though dude.  There is absolutely NO LAW
> > which prevents me from attacking and/or eliminating any address
> > outside of the USA, that is, even if there were any law which would
> > prevent me from doing the same thing to any non-government
> > computer right here, which there is not.
> 
> Ok, do it.  We'll see.
> 

You asked for it, so what you have coming is your own doing.

> > Your only protection on this Internet is to have a dozen different
> > addresses to access from.  I can put a dozen computers up on
> > a dozen different T1's right now, if need be.
> 
> I suggest a hobby which entails more physical activity.
> 

I pump iron and run three times a week.  And as a Tae Kwon Do
black belt holder, I get lots of physical activity. I am in
better physical shape than any other man that you know.

> --
> Forward complaints to : European Association of Envelope Manufactures
> Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
> Vote Monarchist         Switzerland
> 

Now YOU have added the cypherpunks list again.
A proper reaction is justified, so have the cypherpunks
thank you for what is coming...

And just understand, as far as the internet is concerned, Europe does
not mean SHIT!

Your audience is terminated, permanently.





From aga at dhp.com  Mon Nov 25 03:06:59 1996
From: aga at dhp.com (aga)
Date: Mon, 25 Nov 1996 03:06:59 -0800 (PST)
Subject: The Despicable Faggot/Re: Killfiling stupid faggots
In-Reply-To: <199611250039.QAA06444@abraham.cs.berkeley.edu>
Message-ID: <Pine.LNX.3.95.961125060218.6797E-100000@dhp.com>


On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:

> abostick at netcom.com (Alan Bostick) writes:
> >
> > In article <199611220304.VAA02832 at manifold.algebra.com>,
> > ichudov at algebra.com (Igor Chudov @ home) wrote:
> >
> > > Dr. John Martin Grubor is the most harmless and most entertaining
> > > among all kooks.
> > >
> > > His posting volume is a bit high, but other than that DrG never
> > > got anyone in trouble.
> >
> > I dunno about "harmless".  Publishing lists of "known homosexuals"
> > can have repercussions that outweigh their entertainment value.
> 
> Yes. John Gilmore met Alan Bostick through Grubor's list.
> They fucked each other in the ass (how's that for entertainment!)
> but now John Gilmore has AIDS.
> 
> P.S. Whoever said Gilmore is bi and eats pussy is a fucking liar.
> Gilmore is 100% queer. He hasn't touched pussy since he was born.
> 
> diGriz
> 

Yes, John Gilmore is an example of a despicable Faggot.

The EFF should be exposed for the sewer of Faggots that it
really is.






From EBDAVIS at aol.com  Mon Nov 25 04:24:19 1996
From: EBDAVIS at aol.com (EBDAVIS at aol.com)
Date: Mon, 25 Nov 1996 04:24:19 -0800 (PST)
Subject: Fwd: Your Email Privacy Has Been Compromised
Message-ID: <961125072341_805751587@emout02.mail.aol.com>


FYI
---------------------
Forwarded message:
From:	securityadmn at netsecurity.yes
Date: 96-11-18 05:31:58 EST




This Message Contains Important Information About Violations
of Your On-Line Privacy.



*Email and Online Security Violations.*
Please be advised that information contained in email is similar 
to a post card.  It can easily be read in transit and does not go 
directly from your computer, to the computer of the recipient.  
Your message often passes through the hands of countless 
computer systems on its path to where you sent it.  Because of 
this, it can easily be seen by many prying eyes on the way to its 
destination.  If you are mailing personal, business or financial 
data it is unwise to use traditional email.  There are many people 
on the net who profit by snooping in the open "post card" style 
email that most account holders utilize.  Programs are readily 
available to make this task simple.  Additionally, many people 
are purchasing mailing lists which contain your email address.  
If you do not wish to receive unsolicited email, there are a 
number of free and highly effective steps you can take to 
recapture your privacy.

The personal exposure spoken of is not limited to email.  If you 
make use of other internet services such as the World Wide 
Web, your privacy is at even greater risk.  Unless secure, any 
information you enter on a form can be read in transit, just like 
email.  Additionally, most of the information providers you contact 
on the web routinely collect information about you in high detail.  
This information goes right down to where you are located, and 
what kind of computer and operating system you use!

To combat this problem, many countermeasures have been 
developed of which most account holders remain unaware.  The 
on line criminals would like to keep it that way.  Every net citizen 
needs to learn to stop sending "Post Cards" and stop allowing 
distant machines to accumulate large amounts of information 
about who they are and their interests.

There are many simple things you should be doing right now to 
protect your privacy.  Most of the best countermeasures available 
are FREE.  This is because there is still a very strong vein of 
computer experts on the net who believe in an individual's right to 
privacy.  There are excellent, completely free  programs that you 
should be using right now to browse the web in an untraceable 
and private manner, and send email that only the recipient can 
read!

You don't need to be a computer expert to use these tools.  They 
often take little or no additional time and are designed to be very 
simple for the computer illiterate to use.  The computer gurus 
that designed these programs know that it is extremely important 
that average net citizens make use of them.  They have designed 
and continually revised them with that in mind.

My name is Jeff Martin, my associates and I have spent a great 
deal of time researching this subject. It is my goal to provide you 
with access to the best resources available to keep your 
communications private.  My information relates to both email 
and other aspects of the internet such as the World Wide Web.  
This information was put together because I don't feel that others 
are making it available in this form of wide distribution, and it 
needs to be done.  The internet is just like a city in that you need 
some street smarts to keep yourself as safe as possible.  That's 
the kind of information I wish would have been provided to me 
when I began to go on line, and it is what I have tried hard to put 
together to help you out.

In my program you'll learn:

*How to send email that cannot be traced.

*How to send email to your friends and associates that cannot 
be read in transit.

*How to post anonymously to Newsgroups.

*How to browse the web and download files anonymously.

*Why you should (almost) never send financial information over 
the net.

*How to prevent your name from being gathered and sold for 
bulk email use.

*And Much, Much, Much, More ....

My package is a treasure trove of valuable information collected 
to guarantee your privacy!

This is the first time I am making this information available.  In a 
short while, the program will be retailing for $59.95.  However, if 
you respond within the next 7 days of receiving this message you 
will receive the special price of $19.95.  Because of the amazing 
expansion of the internet, I have decided to make this offer so 
that everyone can afford to learn how to protect themselves from 
the net's growing criminal element.  After seven days you may 
still order the program at its retail price of $59.95.

Additionally, if you order within the next 48 hours, I'll include a 
very special report about how you can get a free email address 
and account to use from just about anywhere in the U.S.  I'll 
show you how, but you must order within the next 48 hours!

HOW TO ORDER
I strive very hard to protect your security.  I do not accept 
unsecure credit card or check information by email, because it is 
too easily intercepted.  While this could increase my orders, I feel 
that your security as a customer is more important. I am a small
business person and keeping up with phoned and faxed in orders
has proven to be too difficult for me.  Therefore I now only accept
orders via postal (snail) mail.  Please be certain to give me your
email address when ordering.  I prefer to ship orders via email
so that you can have my information as soon as possible.

To order send a check, money order, or credit card information
(Visa, MasterCard, Discover) to me at:

Jeff Martin
POB 72106
Newport, Kentucky 41072

Any credit card orders must use the attached form below.
Thank you very much for your time.

Best Wishes,

Jeff Martin


This information will always be held in the strictest confidence.
 
 Credit Card:    Visa    Mastercard    Discover
 
 Card #:______________________________________
 
 Expiration Date:__________________
 
 Name on Card:________________________________
 
 Please indicate amount $__________ ($19.95) or (59.95)
 
 
 SIGNATURE:x________________________ 

DATE:x__________________
 

Copyright 1996, Jeff Martin.  All rights reserved.



































From cracker at icon.co.za  Mon Nov 25 05:46:40 1996
From: cracker at icon.co.za (cracker at icon.co.za)
Date: Mon, 25 Nov 1996 05:46:40 -0800 (PST)
Subject: Symantec's claim.
Message-ID: <199611251345.PAA22057@mail2.icon.co.za>



In light of recent claims,i would like somebody to clear this up for me.
There seems to be a great deal of conjecture over wether or not the Deeyenda Virus exhists.
Symantec denies it's existence,although i hear differently??
Greatly appreciate anyone who can shed some light on the subject,even though C-punks list doesnt usually deal with this topic of thought ;)
Anyone come across the pkz300 trojan,if you have it send it please.
A student,a paper,and a possible future career are at stake here,so please dig deep into your 
pockets!!!!!! Asking a lot i know!

J a m e s
"Lead.Follow. Or get out of the way"
-----------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker at icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----









From cracker at icon.co.za  Mon Nov 25 05:46:41 1996
From: cracker at icon.co.za (cracker at icon.co.za)
Date: Mon, 25 Nov 1996 05:46:41 -0800 (PST)
Subject: Symantec's claim.
Message-ID: <199611251345.PAA22053@mail2.icon.co.za>



In light of recent claims,i would like somebody to clear this up for me.
There seems to be a great deal of conjecture over wether or not the Deeyenda Virus exhists.
Symantec denies it's existence,although i hear differently??
Greatly appreciate anyone who can shed some light on the subject,even though C-punks list doesnt usually deal with this topic of thought ;)
Anyone come across the pkz300 trojan,if you have it send it please.
A student,a paper,and a possible future career are at stake here,so please dig deep into your 
pockets!!!!!! Asking a lot i know!

J a m e s
"Lead.Follow. Or get out of the way"
-----------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker at icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----









From dlv at bwalk.dm.com  Mon Nov 25 06:43:22 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 25 Nov 1996 06:43:22 -0800 (PST)
Subject: [Noise] Re: Thanks/was:This is your last warning
In-Reply-To: <Pine.SUN.3.94.961124162856.5157A-100000@polaris>
Message-ID: <T3cyXD31w165w@bwalk.dm.com>


Black Unicorn <unicorn at schloss.li> writes:
<stuff>

I was curious about BU's choice of domain name - after all, schloss.li is the
same box as polaris.mindport.net in Norwich, CT. So I ran an altavista search
on schloss*. Like, wow! There are thousands and thousands of Web pages with
schloss* in them, and most of them may have nothing to do with Black Unicorn.

E.g., did you know that Leah Rabin's maiden name was Schlossberg?

There's a Robert Lev Schlossberg <robby at gwis2.circ.gwu.edu>.

One George Schlossberg, an attorney with Cotten and Selfon, was quoted on NPR.

Another attorney's name comes up on several interesting bankrupcy cases:
Schlossberg and DiGirolamo, P.A.
Roger Schlossberg
134 West Washington St.
Hagerstown, MD 21740
301-739-8610

A Neil Schlossberg graduated ca 1965 from Aiglon College, a boarding school in
Switzerland.

A Herbert Schlossberg, born in 1935, says this about himself:

]A considerable part of my career has been in the academic world. I have been
]an assistant professor of history at the University of Waterloo in Ontario,
]Canada; chairman of the social science division at the Harrisburg Area
]Community College in Pennsylvania; and academic dean at Shepherd College in
]West Virginia. In addition I have been an intelligence analyst in the CIA, and
]have been in the financial planning industry. I am presently serving as
]project director in the Fieldstead Institute, working on a book tentatively
]titled "The Silent Revolution and the Making of Victorian England. "

The net is lousy with Schloss*, yet BU's domain name may be just a red herring!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From raph at CS.Berkeley.EDU  Mon Nov 25 06:52:54 1996
From: raph at CS.Berkeley.EDU (Raph Levien)
Date: Mon, 25 Nov 1996 06:52:54 -0800 (PST)
Subject: List of reliable remailers
Message-ID: <199611251450.GAA08463@kiwi.cs.berkeley.edu>


   I operate a remailer pinging service which collects detailed
information about remailer features and reliability.

   To use it, just finger remailer-list at kiwi.cs.berkeley.edu

   There is also a Web version of the same information, plus lots of
interesting links to remailer-related resources, at:
http://www.cs.berkeley.edu/~raph/remailer-list.html

   This information is used by premail, a remailer chaining and PGP
encrypting client for outgoing mail. For more information, see:
http://www.c2.org/~raph/premail.html

   For the PGP public keys of the remailers, finger
pgpkeys at kiwi.cs.berkeley.edu

This is the current info:

                                 REMAILER LIST

   This is an automatically generated listing of remailers. The first
   part of the listing shows the remailers along with configuration
   options and special features for each of the remailers. The second
   part shows the 12-day history, and average latency and uptime for each
   remailer. You can also get this list by fingering
   remailer-list at kiwi.cs.berkeley.edu.

$remailer{"extropia"} = "<remail at miron.vip.best.com> cpunk pgp special";
$remailer{"mix"} = "<mixmaster at remail.obscura.com> cpunk mix pgp hash latent cut ek ksub reord ?";
$remailer{"replay"} = "<remailer at replay.com> cpunk mix pgp hash latent cut post ek";
$remailer{'alpha'} = '<alias at alpha.c2.org> alpha pgp';
$remailer{'nymrod'} = '<nymrod at nym.jpunix.com> alpha pgp';
$remailer{"lead"} = "<mix at zifi.genetics.utah.edu> cpunk mix pgp hash latent cut ek";
$remailer{"exon"} = "<remailer at remailer.nl.com> cpunk pgp hash latent cut ek";
$remailer{"haystack"} = "<haystack at holy.cow.net> cpunk mix pgp hash latent cut ek";
$remailer{"lucifer"} = "<lucifer at dhp.com> cpunk mix pgp hash latent cut ek";
$remailer{"jam"} = "<remailer at cypherpunks.ca> cpunk mix pgp hash latent cut ek";
$remailer{'nym'} = '<config at nym.alias.net> newnym pgp';
$remailer{"balls"} = "<remailer at huge.cajones.com> cpunk pgp hash latent cut ek";
$remailer{"squirrel"} = "<mix at squirrel.owl.de> cpunk mix pgp pgponly hash latent cut ek";
$remailer{"middle"} = "<middleman at jpunix.com> cpunk mix pgp hash middle latent cut ek reord ?";
$remailer{'cyber'} = '<alias at alias.cyberpass.net> alpha pgp';
$remailer{"dustbin"} = "<dustman at athensnet.com> cpunk pgp hash latent cut ek mix reord middle ?";
$remailer{'weasel'} = '<config at weasel.owl.de> newnym pgp';
$remailer{"death"} = "<x at deathsdoor.com> cpunk pgp hash latent post";
$remailer{"reno"} = "<middleman at cyberpass.net> cpunk mix pgp hash middle latent cut ek reord ?";
catalyst at netcom.com is _not_ a remailer.
lmccarth at ducie.cs.umass.edu is _not_ a remailer.
usura at replay.com is _not_ a remailer.
remailer at crynwr.com is _not_ a remailer.

There is no remailer at relay.com.

Groups of remailers sharing a machine or operator:
(cyber mix)
(weasel squirrel)

The alpha and nymrod nymservers are down due to abuse. However, you
can use the nym or weasel (newnym style) nymservers.

The cyber nymserver is quite reliable for outgoing mail (which is
what's measured here), but is exhibiting serious reliability problems
for incoming mail.

The squirrel remailer accepts PGP encrypted mail only.

403 Permission denied errors have been caused by a flaky disk on the
Berkeley WWW server. This seems to be fixed now.

The penet remailer is closed.

Last update: Mon 25 Nov 96 6:45:17 PST
remailer  email address                        history  latency  uptime
-----------------------------------------------------------------------
weasel   config at weasel.owl.de             -++---++++++  1:58:22  99.99%
jam      remailer at cypherpunks.ca          ************    14:14  99.98%
haystack haystack at holy.cow.net            **--#+**#**#     7:03  99.89%
cyber    alias at alias.cyberpass.net         ++**++*****    35:06  99.84%
balls    remailer at huge.cajones.com        ****** *****     5:08  99.79%
lucifer  lucifer at dhp.com                  ++++++++++++    38:35  99.62%
lead     mix at zifi.genetics.utah.edu       +++++-+*++++    39:55  99.61%
extropia remail at miron.vip.best.com        ---.-------   7:31:23  99.55%
nym      config at nym.alias.net              *#**###*+##     1:05  99.51%
squirrel mix at squirrel.owl.de              -++  ++++++   2:02:00  98.98%
mix      mixmaster at remail.obscura.com     ++++--+++-+   1:16:28  98.92%
reno     middleman at cyberpass.net          +*---------   2:30:43  98.78%
replay   remailer at replay.com              ********** *    10:10  98.48%
middle   middleman at jpunix.com              +------ --   2:40:34  97.86%
dustbin  dustman at athensnet.com            -  .-+*+  ++  3:09:24  95.37%
exon     remailer at remailer.nl.com            #########  1:40:10  86.24%

   History key
     * # response in less than 5 minutes.
     * * response in less than 1 hour.
     * + response in less than 4 hours.
     * - response in less than 24 hours.
     * . response in more than 1 day.
     * _ response came back too late (more than 2 days).

   cpunk
          A major class of remailers. Supports Request-Remailing-To:
          field.
          
   eric
          A variant of the cpunk style. Uses Anon-Send-To: instead.
          
   penet
          The third class of remailers (at least for right now). Uses
          X-Anon-To: in the header.
          
   pgp
          Remailer supports encryption with PGP. A period after the
          keyword means that the short name, rather than the full email
          address, should be used as the encryption key ID.
          
   hash
          Supports ## pasting, so anything can be put into the headers of
          outgoing messages.
          
   ksub
          Remailer always kills subject header, even in non-pgp mode.
          
   nsub
          Remailer always preserves subject header, even in pgp mode.
          
   latent
          Supports Matt Ghio's Latent-Time: option.
          
   cut
          Supports Matt Ghio's Cutmarks: option.
          
   post
          Post to Usenet using Post-To: or Anon-Post-To: header.
          
   ek
          Encrypt responses in reply blocks using Encrypt-Key: header.
          
   special
          Accepts only pgp encrypted messages.
          
   mix
          Can accept messages in Mixmaster format.
          
   reord
          Attempts to foil traffic analysis by reordering messages. Note:
          I'm relying on the word of the remailer operator here, and
          haven't verified the reord info myself.

   mon
          Remailer has been known to monitor contents of private email.
          
   filter
          Remailer has been known to filter messages based on content. If
          not listed in conjunction with mon, then only messages destined
          for public forums are subject to filtering.
          

Raph Levien





From wireinfo at wire-in.com  Mon Nov 25 07:05:09 1996
From: wireinfo at wire-in.com (wireinfo)
Date: Mon, 25 Nov 1996 07:05:09 -0800 (PST)
Subject: GELP/was:Word List
Message-ID: <199611251504.JAA08234@mail1.phoenix.net>


>>That should be a "what" is GELP.
>
>It's a type of sea weed.

it's a dessert topping. <bong gurgle>,

iMp



------------------------------------------------------------------------
"Call any vegetable, and the chances are good /
 That the vegetable will respond to you."
 Frank Zappa
------------------------------------------------------------------------
|    any replies go here    |     no e-mail replies to usenet posts    |
------------------------------------------------------------------------





From nobody at replay.com  Mon Nov 25 07:09:26 1996
From: nobody at replay.com (Anonymous)
Date: Mon, 25 Nov 1996 07:09:26 -0800 (PST)
Subject: John Gilmore is playing with himself
Message-ID: <199611251507.QAA07561@basement.replay.com>


frantz at netcom.com (Bill Frantz) wrote:

>At  6:15 AM 11/24/96 -0500, aga <aga at dhp.com> wrote:
>>On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
>actually the message was from lucifer at dhp.com:
>
>>> aga <aga at dhp.com> writes:
>... messages suppressed

You bet they want to suppress the truth about them being faggots!

Faggot John Gilmore does NOT eat pussy. He only eats asshole if it's got
a big dick up in front. Whoever calls Gilmore bisexual is a fucking liar.
John likes to suck cocks at his San Fransicso bathhouse (the Toad Hole).

>It looks like our juvenile "friend" is talking to himself.  I am truely
>sorry that he feels a need to harass ladies who have actually made  ^
>something of their lives.

Gilmore's friends try to drag every lady Gilmore knows into this shit.
Gilmore is a fag. Gilmore does NOT eat pussy. Not Denning's, not Dyson's.

>-------------------------------------------------------------------------
>Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
>(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
>frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA

You can say that again, good buddy.

diGriz





From rah at shipwright.com  Mon Nov 25 07:11:47 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 25 Nov 1996 07:11:47 -0800 (PST)
Subject: DCSB: Money Laundering -- The Headless Horseman of the Infocalypse
Message-ID: <v0300781daebf6496bc62@[206.119.69.46]>


-----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL-----




                 The Digital Commerce Society of Boston

                              Presents
                           "Black Unicorn"

                         "Money Laundering --
               The Headless Horseman of the Infocalypse"



                        Tuesday, December 3, 1996
                               12 - 2 PM
                   The Downtown Harvard Club of Boston
                     One Federal Street, Boston, MA


S. L. vonBernhardt, <mailto:unicorn at schloss.li>, is an attorney, a member
of the board of directors of two European financial institutions, author
of "Practical and Legal Problems Confronting the Asset Concealer in
Relation to Offshore Financial and Corporate Entities" and a former
member of the intelligence community.  He is currently working to develop
and preserve institutions dedicated to traditional standards of financial
privacy.


One of the most disturbing products of the "war on drugs" has been the
effective criminalization of many forms of formerly legal financial
transactions.  The resulting legislation places serious burdens on
financial institutions in the form of "due diligence" requirements, as
well as building what can be an inflexible barrier before those who would
implement uncompromised digital commerce systems.  Mr. vonBernhardt will
address the legislative burdens imposed on financial institutions, the
likely impact on future systems of digital commerce, potential solutions
through regulatory arbitrage, and the practical problems facing
jurisdictions seeking to enforce regulations in the face of advanced
systems of digital commerce.

No cameras, please.


This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, December 3, 1996 from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, One Federal Street. The price for lunch is
$27.50. This price includes lunch, room rental, and the speaker's lunch.
;-).  The Harvard Club *does* have dress code: jackets and ties for men,
and "appropriate business attire" for women.

We need to receive a company check, or money order, (or, if we *really*
know you, a personal check) payable to "The Harvard Club of Boston", by
Saturday, November 30, or you won't be on the list for lunch.  Checks
payable to anyone else but The Harvard Club of Boston will have to be
sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston".

If anyone has questions, or has a problem with these arrangements (We've
had to work with glacial A/P departments more than once, for instance),
please let us know via e-mail, and we'll see if we can work something
out.

Planned speakers for DCSB are:

 January    Rodney Thayer    Applying PGP To Digital Commerce
 February   David Kaufman    1996 in Review / Predictions for 1997
 March      TBA
 April      Stewart Baker    Encryption Policy and Digital Commerce

We are actively searching for future speakers.  If you are in Boston on
the first Tuesday of the month, and you would like to make a
presentation to the Society, please send e-mail to the DCSB Program
Commmittee, care of Robert Hettinga, rah at shipwright.com .

For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to majordomo at ai.mit.edu .  If you
want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the
body of a message to majordomo at ai.mit.edu .

Looking forward to seeing you there!

Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston



-----BEGIN PGP SIGNATURE-----BY SAFEMAIL-----
Version: 1.0b4 e22

iQCVAwUBMpmydfgyLN8bw6ZVAQEvkQQAnmg8R3OF4IJpc+xVCRut8O0O9M4ZKOkG
5iD8b+XkdAZ7UTCqAQqqL8CTIlhEn9KLzRGIQbhx+V66qAbs/9nNRFMcFgmAjKy8
TuJlRNmjgF09jrr5tWgGpH9J5K1jmGqMDOc27Cr7TLMmgdTbzcQS9oUfpmoRpNns
SFShKt2JHxA=
=5/Zo
-----END PGP SIGNATURE-----

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From pjb at ny.ubs.com  Mon Nov 25 07:58:33 1996
From: pjb at ny.ubs.com (pjb at ny.ubs.com)
Date: Mon, 25 Nov 1996 07:58:33 -0800 (PST)
Subject: Secret Powers
Message-ID: <199611251558.KAA08303@sherry.ny.ubs.com>


i have just completed Secret Powers (reading it, that is).

unless you live in NZ, i don't think that there is much here for you.  even 
the NZ stuff was pretty tame, unless you have been living under a rock, there 
is nothing here that wasn't already known.  lots of pictures of NZ politicians 
and such stuff.  also, a picture of a vax with a caption that implies that 
these are the NSA's echelon-network computers, sigh.

the author can't seem to stay focused for very long.  also, it's hard to see 
what his underlying message is, unless, of course, it's simply to sell books 
and make money, which is in no way a bad thing.  on the one hand, he keeps 
harping on the theme of how the UKUSA (but really NSA) is forever telling NZ 
what to collect and what to do,  and how NZ should be their own masters, but 
then he talks about how very much data NZ receives every day from the NSA. 
 i guess he never heard the one about the one who pays the piper getting to 
call the tune.

he also keeps trying to make something sinister about the use of acronyms and 
code words, and insists that the radomes are to prevent anyone from calculating 
the look angle and therefore the likely satellites that the dish is looking 
at.  at another point, however, he mentions how the salt water corrosion destroyed 
an antenna array, but never seems to be able to figure out that radomes also 
protect the equipment inside from these very destructive elements.  in general, 
a lot of nonsense that doesn't every get tied together.
 
there is also this recurring theme about NZ's independence and it's nuclear-free 
shit.
perhaps there are really people in NZ that care about this stuff, but in this 
day and age, it's hard to image that there would be.

it's not like the book is poorly written or researched or anything like that, 
and it's certainly a hell of a lot more than i have done, but otherwise, .......

money isn't  much of a problem to me, so i don't regret buying this book, but 
if you aren't in the same position, i'd give this one a miss.  better to wait 
for the new release of The Puzzle Palace.  BTW, does anyone have an update 
on this? are the authors having friendly chats with the boys from the fort, 
or something like that?

if however, you really want to read it, the publishers were very prompt about 
selling me a copy  and shipping it to me via air, and were generally pleasant 
to deal with.

cheers,
        -paul








From alzheimer at juno.com  Mon Nov 25 08:51:16 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Mon, 25 Nov 1996 08:51:16 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961125.104841.12159.2.alzheimer@juno.com>


[This should make you feel better about GAK]


New York Times: Thursday, November 21, 1996
 
Social Security Workers Held In Frauds Using Credit Cards
 
By LYNDA RICHARDSON
 
Federal officials announced the arrests of a group of Social Security
Administration employees Wednesday, charging them with passing

confidential information on at least 1,000 people to credit-card thieves
for
bribes as little as $10. 
 
Under the scheme, the employees would give out confidential information
that
would allow the credit-card thieves to use the cards when they made
purchases. The authorities think the thieves were able to obtain the
cards by
stealing them through the mail, in some cases.
 
The authorities said six current or former employees and a former
security
guard with the agency were arrested Tuesday in the scheme, which resulted
in at least $10 million in losses to credit card issuers from October
1995 to
this June. The credit card issuers are Citibank, Visa and Mastercard. 
 
The employees were charged with bribery and misuse of a government
computer, and face prison terms of 2 to 15 years and fines up to
$250,000. 
 
The arrests resulted from a federal investigation that began in February
into
what computer experts say may be one of the biggest breaches of security
of
federal government data on residents. 
 
Officials said 20 people have been arrested, including 10 current or
former
employees of the Social Security Administration. The scheme was first
detected in February by Citibank, which noticed an unusual amount of
fraudulent charges on credit cards it had mailed to customers but that
the
customers said they had not received, officials said. 
 
Like many banks, Citibank has a security procedure that requires
customers
who receive new cards to activate them by calling a toll-free telephone
number and provide some personal information, like their mother's maiden
name, to activate the credit card. 
 
The bank discovered that its security system had been foiled in dozens of
cases in which cards were activated by someone who was not the cardholder
but had access to the cardholder's mother's maiden name. 
 
Investigators for the Social Security Administration, which keeps files
of
maternal maiden names and records the identification number of employees
who call up files, determined that an employee at the Brooklyn Social
Security office had illegally looked at the personal records of nearly
two
dozen people and sold the information to conspirators, who activated
credit
cards, said Philip A. Gambino, an agency spokesman. 
 
Based on information from that employee, the agency identified several
other
employees who had illegally released confidential information, often in
exchange for bribes. Those arrested this week were described as low-level
workers, including claim representatives and clerks. 
 
In 1,000 cases, credit cards were activated using information illegally
provided by the government employees, Gambino said. 
 
``Most have been fired and the others are in the process of being
fired,'' he
said. 
 
Officials said the thieves who approached the Social Security employees
already had access to Social Security numbers and wanted the numbers run
through the agency's database. Social Security numbers are the closest
thing
to a universal identifier that Americans have, and are widely available
from
public sources like college and employee ID cards and hospital tags, and
even driver's licenses in more than 30 states. 
 
The investigation has resulted in the arrests of nine people, including
seven
Nigerians, who are accused of receiving or using the stolen confidential
information to commit various types of credit card fraud, said Brian F.
Gimlett, the special agent in charge of the Secret Service in New York. 
 
He said the stolen or reissued credit cards were used to buy merchandise,
obtain cash advances and line-of-credit checks and make illegal
withdrawals
from automated teller machines. 
 
Gimlett said the conspirators who approached the government workers were

not part of an organized crime ring. 
 
``Actually, most were individual operations, but doing the same type of
crime,'' he said. ``This is another example of greedy people finding new
ways
to compromise the security systems to financially gain from credit card
fraud
and other types of fraud.'' 
 

 
EFT Report: November 20, 1996
 
Micro Card Targets U.S. Smart Card Market
 
Bull CP8 Transac, of France, says it wants to help U.S. banks issue smart
cards through its U.S. subsidiary, Micro Card Technologies, of Billerica,
Mass. The company believes that 60 percent of the smart card opportunity
resides here, says Gerald Hubbard, vice president of marketing. That
market
is expected to grow to a total of about $100 million to $200 million by
the
year 2000, according to industry figures. 
 
Debit and stored-value cards are targeted as the first smart-card
applications
to be issued in the United States. 
 
As a result, Micro Card is forming alliances throughout the card industry
to
penetrate the U.S. market. It recently partnered with NBS, of Plainfield,
N.J., one of the nation's largest card manufacturers. 
 
Bull's strategy is similar to that of its competitors, says Ben Miller, 
president
of CardTech/SecurTech in Bethesda, Md. 
 
All the world's major smart card firm are bringing smart card
capabilities in
from offshore and have set up acquisitions or partnerships with U.S. card
manufacturers to build strength and confidence from American bankers,
Miller says. Schlumberger, also of France, recently bought Malco. 
 
The existing manufacturing facilities are secure and card association
compliant, helping the companies earn industry trust. The firms, in turn,
receive an existing revenue stream from the magnetic stripe sales, Miller
says.
 
Micro Card claims it has the longest U.S. history of its competitors. It
set up
shop here in 1984 and has since participated in several smart card
closed-system initiatives. For example, U.S. Marine Corp.'s recruits in
Parris
Island, S.C., receive their pay on CP8 Micro Cards, which are accepted at
post exchanges for cash withdrawals and purchases. Micro Card also has
been selected to provide half of the card readers in the Citibank and
Chase
Manhattan Bank smart card pilot in New York. 
 
Micro Card sells readers, encoders and several different types of cards
ranging from the basic one-issuer, multiple-application system, called
SCOT,
to its high-end electronic purse card that can handle multiple
applications
from several unconnected service providers, says Hubbard. Its crypto card
uses public key cryptography to secure transactions, Hubbard says. 
 

Micro Card's systems all contain microprocessors and comply with Europay,
MasterCard and Visa (EMV) standards as well as International Standards
Organization specifications, he adds. Micro Card also is partnering with
Redmond, Wash.-based Microsoft and several smart card vendors to
develop integration standards for smart cards and personal computers. 
 
 
 
Evening Standard (London): Monday, November 18, 1996
 
Smart Card Code is Cracked
 
By Flora Hunter 
 
A Cambridge scientist has broken the smart card code, casting doubt over
the card's future as the ultimate security device. 
 
Dr Ross Anderson's work, published today, has been kept secret for six
months to allow institutions such as the Bank of England to review
security. 
 
The Cambridge University computer expert claims his methods of accessing
information from smart cards, which were previously thought impenetrable,
could be used by organised criminals using simple equipment. 
 
He is warning banks and other financial institutions to rethink their
security
operations, as his breakthrough could lay bare the private financial
secrets of
everyone from governments to the holders of High Street bank accounts.
 
Smart cards are used as identity tokens in satellite TV cards and bank
cards.
They are also used as top-level security passes at nuclear installations.
The
Government recently announced plans to store information such as driving
licence, tax, social security and pension details on individual smart
cards. 
 
Today, Dr Anderson said: 'For a number of years these smart cards and
processors have been marketed as tamper-proof. If you try and get into
their
chip using whatever method, they are supposed to be inaccessible. 
 
'We have developed techniques that can get into most of these smart cards
and I believe they can all be accessed. Banks are moving away from
magnetic cards towards smart cards to improve security but they are going
to
have to think again. 
 
'They are going to have to rethink their whole security process because
we
have shown the security processors can be attacked with the kind of
equipment available to any undergraduate. 'Organised criminals could use
the
techniques to cause disaster to financial institutions.' 
 
Smart cards can store information on a tiny microchip embedded in the
plastic which lets the user access electronic and computer systems. 
 
Banks and other financial institutions must now make immediate changes to
their sophisticated security systems, which could cost millions of
pounds. 
 
In conjunction with an American colleague, Dr Anderson has perfected
techniques that could cause havoc. 
 
Dr Anderson said: 'We have been in consultation with the Bank of England
and various national intelligence agencies. We agreed to postpone
publishing
our paper to give them a chance to look at the findings. A lot of people
have
put all their eggs in one basket by relying on smart cards for security.
Now
the basket has been tipped over.' 
 
 

American Banker: Thursday, November 21, 1996
 
Wells, 31 Others Ease Downloading of Account Data from
Internet 
 
By DREW CLARK
 
Wells Fargo & Co. and 31 community banks and credit unions announced
that their customers will be able to download account information from
the
Internet with the click of a button. The technology is one of the first
uses of
Microsoft Corp.'s set of standards for electronic financial connections,
which
were introduced last March. 
 
Called Active Statement Technology, advocates say that it will simplify
the
process of transferring account files from the World Wide Web to personal
financial software programs. 
 
Making data on Web sites easier to download is likely to
encourage banking customers to go to the sites, industry
observers said. That, in turn, would offer banks more
chance to promote their services on the Internet. 
 
"Today we offer both our Quicken and our Microsoft Money customers the
ability to download information into their software spreadsheets," said
Wells
Fargo spokeswoman Janet Otsuki. But the features of Microsoft's new
technology "will allow Money customers to have a more direct and more
efficient downloading experience." 
 
The benefits of that arrangement are hardly accidental from the
standpoint of
Microsoft, which has been aggressively battling Intuit Inc. for a greater
share
of the personal financial software market. Intuit's Quicken leads Money
by
75% to 20%, according to a recent independent consumer study. 
 
Microsoft offers its technology for free to all financial institutions,
and it
encourages banks to link their Web sites so that their customers will
find a
trial offer for the Money product. 
 
Competing Web browsers will be able to download financial data, but

Microsoft Money 97 is the only financial software able automatically to
receive the information.
 
"We expect this will be a de facto technology that any bank would want to
incorporate," said Matthew Cone, a business development manager at
Microsoft. 
 
Others familiar with Active Statement Technology said the program's
ability
to recognize information that has already been recorded offers a crucial
advantage over the widely used Quicken Import Format. 
 
"Comparing the Quicken Import Format to (Microsoft's technology) is like
comparing apples to oranges," responded Intuit senior vice president Eric
Dunn. "Automatic reconciling has been possible in both Quicken and Money
for over a year." 
 
By now, 275 financial institutions offer some form of PC banking, and 46
let
customers gain access to their accounts from the Web, according to the
Seattle-based Online Banking Report. But encouraging customers to come
over via the Web may hold benefits for banks. 
 
"Instead of starting with Money or Quicken, customers start at the bank's
Web site," said Paul Fiore, chief executive of Digital Insight. 
 
The Camarillo, Calif., company has helped 28 credit unions develop
transactional Web sites. Without having to pay Microsoft for a direct
connection, all those institutions now offer their customers the ability
to
download their finances easily into Money 97. 
 
How soon will that affect consumers at those institutions? Cathi
Cavanagh,
home banking coordinator at the Plano, Tex., Community Credit Union, is
already watching: "I am personally going to look to see if people are
converting from Quicken to Microsoft Money." 
 
 





From jk at stallion.ee  Mon Nov 25 09:06:07 1996
From: jk at stallion.ee (Jyri Kaljundi)
Date: Mon, 25 Nov 1996 09:06:07 -0800 (PST)
Subject: Israel crypto restrictions
Message-ID: <Pine.GSO.3.95.961125190042.16124A-100000@nebula>



Does anyonw knoe about crypto export restrictions in Israel? The Crypto
Law Survey (http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm) says that
there are some restrictions, but "their scope is not clear". Also I have
been iformed of occasions when a company in Israel does not export strong
crypto. Still I believe I have seen many programs from Israel that have
unlimited strong algorithms.

The real question is, why can't Checkpoint who manufactures the Firewall-1
sell DES version in Europe, but only in US and Canada. Elsewhere they use
a proprietary algorithm called FWZ (48-bit). I have not any analysis done
on FWZ so I don't think anyone is using it.

J�ri Kaljundi                         AS Stallion
jk at stallion.ee                        WWW ja andmeturvateenused
                                      http://www.stallion.ee/






From alzheimer at juno.com  Mon Nov 25 09:14:52 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Mon, 25 Nov 1996 09:14:52 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961125.111418.12159.4.alzheimer@juno.com>


[This should make you feel better about GAK]


New York Times: Thursday, November 21, 1996
 
Social Security Workers Held In Frauds Using Credit Cards
 
By LYNDA RICHARDSON
 
Federal officials announced the arrests of a group of Social Security
Administration employees Wednesday, charging them with passing

confidential information on at least 1,000 people to credit-card thieves
for
bribes as little as $10. 
 
Under the scheme, the employees would give out confidential information
that
would allow the credit-card thieves to use the cards when they made
purchases. The authorities think the thieves were able to obtain the
cards by
stealing them through the mail, in some cases.
 
The authorities said six current or former employees and a former
security
guard with the agency were arrested Tuesday in the scheme, which resulted
in at least $10 million in losses to credit card issuers from October
1995 to
this June. The credit card issuers are Citibank, Visa and Mastercard. 
 
The employees were charged with bribery and misuse of a government
computer, and face prison terms of 2 to 15 years and fines up to
$250,000. 
 
The arrests resulted from a federal investigation that began in February
into
what computer experts say may be one of the biggest breaches of security
of
federal government data on residents. 
 
Officials said 20 people have been arrested, including 10 current or
former
employees of the Social Security Administration. The scheme was first
detected in February by Citibank, which noticed an unusual amount of
fraudulent charges on credit cards it had mailed to customers but that
the
customers said they had not received, officials said. 
 
Like many banks, Citibank has a security procedure that requires
customers
who receive new cards to activate them by calling a toll-free telephone
number and provide some personal information, like their mother's maiden
name, to activate the credit card. 
 
The bank discovered that its security system had been foiled in dozens of
cases in which cards were activated by someone who was not the cardholder
but had access to the cardholder's mother's maiden name. 
 
Investigators for the Social Security Administration, which keeps files
of
maternal maiden names and records the identification number of employees
who call up files, determined that an employee at the Brooklyn Social
Security office had illegally looked at the personal records of nearly
two
dozen people and sold the information to conspirators, who activated
credit
cards, said Philip A. Gambino, an agency spokesman. 
 
Based on information from that employee, the agency identified several
other
employees who had illegally released confidential information, often in
exchange for bribes. Those arrested this week were described as low-level
workers, including claim representatives and clerks. 
 
In 1,000 cases, credit cards were activated using information illegally
provided by the government employees, Gambino said. 
 
``Most have been fired and the others are in the process of being
fired,'' he
said. 
 
Officials said the thieves who approached the Social Security employees
already had access to Social Security numbers and wanted the numbers run
through the agency's database. Social Security numbers are the closest
thing
to a universal identifier that Americans have, and are widely available
from
public sources like college and employee ID cards and hospital tags, and
even driver's licenses in more than 30 states. 
 
The investigation has resulted in the arrests of nine people, including
seven
Nigerians, who are accused of receiving or using the stolen confidential
information to commit various types of credit card fraud, said Brian F.
Gimlett, the special agent in charge of the Secret Service in New York. 
 
He said the stolen or reissued credit cards were used to buy merchandise,
obtain cash advances and line-of-credit checks and make illegal
withdrawals
from automated teller machines. 
 
Gimlett said the conspirators who approached the government workers were

not part of an organized crime ring. 
 
``Actually, most were individual operations, but doing the same type of
crime,'' he said. ``This is another example of greedy people finding new
ways
to compromise the security systems to financially gain from credit card
fraud
and other types of fraud.'' 
 

 
EFT Report: November 20, 1996
 
Micro Card Targets U.S. Smart Card Market
 
Bull CP8 Transac, of France, says it wants to help U.S. banks issue smart
cards through its U.S. subsidiary, Micro Card Technologies, of Billerica,
Mass. The company believes that 60 percent of the smart card opportunity
resides here, says Gerald Hubbard, vice president of marketing. That
market
is expected to grow to a total of about $100 million to $200 million by
the
year 2000, according to industry figures. 
 
Debit and stored-value cards are targeted as the first smart-card
applications
to be issued in the United States. 
 
As a result, Micro Card is forming alliances throughout the card industry
to
penetrate the U.S. market. It recently partnered with NBS, of Plainfield,
N.J., one of the nation's largest card manufacturers. 
 
Bull's strategy is similar to that of its competitors, says Ben Miller, 
president
of CardTech/SecurTech in Bethesda, Md. 
 
All the world's major smart card firm are bringing smart card
capabilities in
from offshore and have set up acquisitions or partnerships with U.S. card
manufacturers to build strength and confidence from American bankers,
Miller says. Schlumberger, also of France, recently bought Malco. 
 
The existing manufacturing facilities are secure and card association
compliant, helping the companies earn industry trust. The firms, in turn,
receive an existing revenue stream from the magnetic stripe sales, Miller
says.
 
Micro Card claims it has the longest U.S. history of its competitors. It
set up
shop here in 1984 and has since participated in several smart card
closed-system initiatives. For example, U.S. Marine Corp.'s recruits in
Parris
Island, S.C., receive their pay on CP8 Micro Cards, which are accepted at
post exchanges for cash withdrawals and purchases. Micro Card also has
been selected to provide half of the card readers in the Citibank and
Chase
Manhattan Bank smart card pilot in New York. 
 
Micro Card sells readers, encoders and several different types of cards
ranging from the basic one-issuer, multiple-application system, called
SCOT,
to its high-end electronic purse card that can handle multiple
applications
from several unconnected service providers, says Hubbard. Its crypto card
uses public key cryptography to secure transactions, Hubbard says. 
 

Micro Card's systems all contain microprocessors and comply with Europay,
MasterCard and Visa (EMV) standards as well as International Standards
Organization specifications, he adds. Micro Card also is partnering with
Redmond, Wash.-based Microsoft and several smart card vendors to
develop integration standards for smart cards and personal computers. 
 
 
 
Evening Standard (London): Monday, November 18, 1996
 
Smart Card Code is Cracked
 
By Flora Hunter 
 
A Cambridge scientist has broken the smart card code, casting doubt over
the card's future as the ultimate security device. 
 
Dr Ross Anderson's work, published today, has been kept secret for six
months to allow institutions such as the Bank of England to review
security. 
 
The Cambridge University computer expert claims his methods of accessing
information from smart cards, which were previously thought impenetrable,
could be used by organised criminals using simple equipment. 
 
He is warning banks and other financial institutions to rethink their
security
operations, as his breakthrough could lay bare the private financial
secrets of
everyone from governments to the holders of High Street bank accounts.
 
Smart cards are used as identity tokens in satellite TV cards and bank
cards.
They are also used as top-level security passes at nuclear installations.
The
Government recently announced plans to store information such as driving
licence, tax, social security and pension details on individual smart
cards. 
 
Today, Dr Anderson said: 'For a number of years these smart cards and
processors have been marketed as tamper-proof. If you try and get into
their
chip using whatever method, they are supposed to be inaccessible. 
 
'We have developed techniques that can get into most of these smart cards
and I believe they can all be accessed. Banks are moving away from
magnetic cards towards smart cards to improve security but they are going
to
have to think again. 
 
'They are going to have to rethink their whole security process because
we
have shown the security processors can be attacked with the kind of
equipment available to any undergraduate. 'Organised criminals could use
the
techniques to cause disaster to financial institutions.' 
 
Smart cards can store information on a tiny microchip embedded in the
plastic which lets the user access electronic and computer systems. 
 
Banks and other financial institutions must now make immediate changes to
their sophisticated security systems, which could cost millions of
pounds. 
 
In conjunction with an American colleague, Dr Anderson has perfected
techniques that could cause havoc. 
 
Dr Anderson said: 'We have been in consultation with the Bank of England
and various national intelligence agencies. We agreed to postpone
publishing
our paper to give them a chance to look at the findings. A lot of people
have
put all their eggs in one basket by relying on smart cards for security.
Now
the basket has been tipped over.' 
 
 

American Banker: Thursday, November 21, 1996
 
Wells, 31 Others Ease Downloading of Account Data from
Internet 
 
By DREW CLARK
 
Wells Fargo & Co. and 31 community banks and credit unions announced
that their customers will be able to download account information from
the
Internet with the click of a button. The technology is one of the first
uses of
Microsoft Corp.'s set of standards for electronic financial connections,
which
were introduced last March. 
 
Called Active Statement Technology, advocates say that it will simplify
the
process of transferring account files from the World Wide Web to personal
financial software programs. 
 
Making data on Web sites easier to download is likely to
encourage banking customers to go to the sites, industry
observers said. That, in turn, would offer banks more
chance to promote their services on the Internet. 
 
"Today we offer both our Quicken and our Microsoft Money customers the
ability to download information into their software spreadsheets," said
Wells
Fargo spokeswoman Janet Otsuki. But the features of Microsoft's new
technology "will allow Money customers to have a more direct and more
efficient downloading experience." 
 
The benefits of that arrangement are hardly accidental from the
standpoint of
Microsoft, which has been aggressively battling Intuit Inc. for a greater
share
of the personal financial software market. Intuit's Quicken leads Money
by
75% to 20%, according to a recent independent consumer study. 
 
Microsoft offers its technology for free to all financial institutions,
and it
encourages banks to link their Web sites so that their customers will
find a
trial offer for the Money product. 
 
Competing Web browsers will be able to download financial data, but

Microsoft Money 97 is the only financial software able automatically to
receive the information.
 
"We expect this will be a de facto technology that any bank would want to
incorporate," said Matthew Cone, a business development manager at
Microsoft. 
 
Others familiar with Active Statement Technology said the program's
ability
to recognize information that has already been recorded offers a crucial
advantage over the widely used Quicken Import Format. 
 
"Comparing the Quicken Import Format to (Microsoft's technology) is like
comparing apples to oranges," responded Intuit senior vice president Eric
Dunn. "Automatic reconciling has been possible in both Quicken and Money
for over a year." 
 
By now, 275 financial institutions offer some form of PC banking, and 46
let
customers gain access to their accounts from the Web, according to the
Seattle-based Online Banking Report. But encouraging customers to come
over via the Web may hold benefits for banks. 
 
"Instead of starting with Money or Quicken, customers start at the bank's
Web site," said Paul Fiore, chief executive of Digital Insight. 
 
The Camarillo, Calif., company has helped 28 credit unions develop
transactional Web sites. Without having to pay Microsoft for a direct
connection, all those institutions now offer their customers the ability
to
download their finances easily into Money 97. 
 
How soon will that affect consumers at those institutions? Cathi
Cavanagh,
home banking coordinator at the Plano, Tex., Community Credit Union, is
already watching: "I am personally going to look to see if people are
converting from Quicken to Microsoft Money." 
 
 





From m5 at tivoli.com  Mon Nov 25 09:40:08 1996
From: m5 at tivoli.com (Mike McNally)
Date: Mon, 25 Nov 1996 09:40:08 -0800 (PST)
Subject: Smart card attacks vs. clipper?
Message-ID: <3299D9C1.5A53@tivoli.com>


Has any work been done (yet) using the recently-publicised techniques
used to foil smart card tamperproofing against Clipper implementations?

Seems like it's a bit of a different story, since in the Clipper's
case the algorithm is (ostensibly) unknown, but I'm just curious as
to whether there is some compromise of its security-through-obscurity.
-- 
______c_________________________________________________________________
Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
http://www.io.com/~m101/                 * processing" are different!





From vipul at pobox.com  Mon Nov 25 10:18:41 1996
From: vipul at pobox.com (Vipul Ved Prakash)
Date: Mon, 25 Nov 1996 10:18:41 -0800 (PST)
Subject: Forming a multinational
Message-ID: <199611252351.XAA00369@fountainhead.net>


Hi, 

I am physically located in India and want to start up a  US firm that will operate in India. Basically 
the firm will be a multonational with regional offices in couple of countries, to start with India 
and prolly one somewhere in Europe sometime later. The business involves a tie up with another US firm. 
These people will obviosly require USD payements, while most of the money we'll make will be in Indian 
rupees, since initially we'll be _actually_ operating only in India. 

The problems here are :

x. Can I, an Indian citizen start a US firm? 
x. Is it _legal_ to transfer Rupees funds to our root US firm and buy dollars with it to 
   pay our partners there?
x. Who will sell us USDs? Foreign Exchange offices? Firms like Accu-Rate?
x. What is the tax situation in US for non-citizens?
x. Is US the best place to start such a firm, primary need is to be able to pay dollars to US partner,
   while earning in rupees, without any legal hassles.   

Any help will be appreiciated,

Best,
Vipul

-- 

Vipul Ved Prakash                 | - Electronic Security & Crypto 
vipul at pobox.com 	          | - Internet & Intranets 
91 11 2233328                     | - Web Development & PERL 
198 Madhuban IP Extension         | - Linux & Open Systems 
Delhi, INDIA 110 092              | - (Networked) Multimedia






From nobody at replay.com  Mon Nov 25 10:21:32 1996
From: nobody at replay.com (Anonymous)
Date: Mon, 25 Nov 1996 10:21:32 -0800 (PST)
Subject: Virus-Hoax
Message-ID: <199611251817.TAA26582@basement.replay.com>


> 
> Date: Sat, 23 Nov 1996 18:43:18 -0800
> From: "David Crawford by way of Fence-Walker(UNCL clicking in fm home)" <crawford at eek.llnl.gov>
> Subject: CIAC Bulletin H-05: Internet Hoaxes
> X-Digest: Volume 9 : Issue 230
> 
> - ----BEGIN PGP SIGNED MESSAGE-----
> 
> 
>              __________________________________________________________
> 
>                        The U.S. Department of Energy
>                     Computer Incident Advisory Capability
>                            ___  __ __    _     ___
>                           /       |     /_\   /
>                           \___  __|__  /   \  \___
>              __________________________________________________________
> 
>                              INFORMATION BULLETIN
> 
>             Internet Hoaxes: PKZ300, Irina, Good Times, Deeyenda, Ghost
> 
> November 20, 1996 15:00 GMT                                        Number H-05
> ______________________________________________________________________________
> PROBLEM:       This bulletin addresses the following hoaxes and erroneous
>                warnings: PKZ300 Warning, Irina, Good Times, Deeyenda, and
>                Ghost.exe
> PLATFORM:      All, via e-mail
> DAMAGE:        Time lost reading and responding to the messages
> SOLUTION:      Pass unvalidated warnings only to your computer security
>                department or incident response team. See below on how to
>                recognize validated and unvalidated warnings and hoaxes.
> ______________________________________________________________________________
> VULNERABILITY  New hoaxes and warnings have appeared on the Internet and old
> ASSESSMENT:    hoaxes are still being cirulated.
> ______________________________________________________________________________
> 
> 
> Introduction
> ============
> 
> The Internet is constantly being flooded with information about computer
> viruses and Trojans. However, interspersed among real virus notices are
> computer virus hoaxes. While these hoaxes do not infect systems, they are
> still time consuming and costly to handle. At CIAC, we find that we are
> spending much more time de-bunking hoaxes than handling real virus incidents.
> This advisory addresses the most recent warnings that have appeared on the
> Internet and are being circulated throughout world today. We will also address
> the history behind virus hoaxes, how to identify a hoax, and what to do if you
> think a message is or is not a hoax. Users are requested to please not spread
> unconfirmed warnings about viruses and Trojans. If you receive an unvalidated
> warning, don't pass it to all your friends, pass it to your computer security
> manager to validate first. Validated warnings from the incident response teams
> and antivirus vendors have valid return addresses and are usually PGP signed
> with the organization's key.
> 
> PKZ300 Warning
> ==============
> 
> The PKZ300 Trojan is a real Trojan program, but the initial warning about it
> was released over a year ago. For information pertaining to PKZ300 Trojan
> reference CIAC Notes issue 95-10, that was released in June of 1995.
> 
> http://ciac.llnl.gov/ciac/notes/Notes10.shtml
> 
> The warning itself, on the other hand, is gaining urban legend status. There
> has been an extremely limited number of sightings of this Trojan and those
> appeared over a year ago. Even though the Trojan warning is real, the repeated
> circulation of the warning is a nuisance. Individuals who need the current
> release of  PKZIP should visit the PKWARE web page at http://www.pkware.com.
> CIAC recommends that you DO NOT recirculate the warning about this particular
> Trojan.
> 
> Irina Virus Hoax
> ================
> 
> The "Irina" virus warnings are a hoax. The former head of an electronic
> publishing company circulated the warning to create publicity for a new
> interactive book by the same name. The publishing company has apologized for
> the publicity stunt that backfired and panicked Internet users worldwide. The
> original warning claimed to be from a Professor Edward Pridedaux of the
> College of Slavic Studies in London; there is no such person or college.
> However, London's School of  Slavonic and East European Studies has been
> inundated with calls. This poorly thought-out publicity stunt was highly
> irresponsible. For more information pertaining to this hoax, reference the
> UK Daily Telegraph at http://www.telegraph.co.uk.
> 
> Good Times Virus Hoax
> =====================
> 
> The "Good Times" virus warnings are a hoax. There is no virus by that name in
> existence today. These warnings have been circulating the Internet for years.
> The user community must become aware that it is unlikely that a virus can be
> constructed to behave in the manner ascribed in the "Good Times" virus
> warning. For more information related to this urban legend, reference CIAC
> Notes 95-09.
> 
> http://ciac.llnl.gov/ciac/notes/Notes09.shtml
> 
> Deeyenda Virus Hoax
> ===================
> 
> The "Deeyenda" virus warnings are a hoax. CIAC has received inqueries
> regarding the validity of the Deeyenda virus. The warnings are very similar
> to those for Good Times, stating that the FCC issued a warning about it,
> and that it is self activating and can destroy the contents of a machine
> just by being downloaded. Users should note that the FCC does not and will
> not issue virus or Trojan warnings. It is not their job to do so. As of this
> date, there are no known viruses with the name Deeyenda in existence. For a
> virus to spread, it  must be executed. Reading a mail message does not execute
> the mail message. Trojans and viruses have been found as executable attachments
> to mail messages, but they must be extracted and executed to do any harm. CIAC
> still affirms that reading E-mail, using typical mail agents, can not activate
> malicious code delivered in or with the message.
> 
> Ghost.exe Warning
> =================
> 
> The Ghost.exe program was originally distributed as a free screen saver
> containing some advertising information for the author's company (Access
> Softek). The program opens a window that shows a Halloween background with
> ghosts flying around the screen. On any Friday the 13th, the program window
> title changes and the ghosts fly off the window and around the screen. Someone
> apparently got worried and sent a message indicating that this might be a
> Trojan. The warning grew until the it said that Ghost.exe was a Trojan that
> would destroy your hard drive and the developers got a lot of nasty phone
> calls (their names and phone numbers were in the About box of the program.)
> A simple phone call to the number listed in the program would have stopped
> this warning from being sent out. The original ghost.exe program is just cute;
> it does not do anything damaging. Note that this does not mean that ghost
> could not be infected with a virus that does do damage, so the normal
> antivirus procedure of scanning it before running it should be followed.
> 
> History of Virus Hoaxes
> =======================
> 
> Since 1988, computer virus hoaxes have been circulating the Internet. In
> October of that year, according to Ferbrache ("A pathology of Computer
> Viruses" Springer, London, 1992) one of the first virus hoaxes was the
> 2400 baud modem virus:
> 
> 	SUBJ: Really Nasty Virus
>  	AREA: GENERAL (1)
> 
>  	I've just discovered probably the world's worst computer virus
>  	yet. I had just finished a late night session of BBS'ing and file
>  	treading when I exited Telix 3 and attempted to run pkxarc to
>  	unarc the software I had downloaded. Next thing I knew my hard
>  	disk was seeking all over and it was apparently writing random
>  	sectors. Thank god for strong coffee and a recent backup.
>  	Everything was back to normal, so I called the BBS again and
>  	downloaded a file. When I went to use ddir to list the directory,
>  	my hard disk was getting trashed again. I tried Procomm Plus TD
>  	and also PC Talk 3. Same results every time. Something was up so I
>  	hooked up to my test equipment and different modems (I do research
>  	and development for a local computer telecommunications company
>  	and have an in-house lab at my disposal). After another hour of
>  	corrupted hard drives I found what I think is the world's worst
>  	computer virus yet. The virus distributes itself on the modem sub-
>  	carrier present in all 2400 baud and up modems. The sub-carrier is
>  	used for ROM and register debugging purposes only, and otherwise
>  	serves no othr (sp) purpose. The virus sets a bit pattern in one
>  	of the internal modem registers, but it seemed to screw up the
>  	other registers on my USR. A modem that has been "infected" with
>  	this virus will then transmit the virus to other modems that use a
>  	subcarrier (I suppose those who use 300 and 1200 baud modems
>  	should be immune). The virus then attaches itself to all binary
>  	incoming data and infects the host computer's hard disk. The only
>  	way to get rid of this virus is to completely reset all the modem
>  	registers by hand, but I haven't found a way to vaccinate a modem
>  	against the virus, but there is the possibility of building a
>  	subcarrier filter. I am calling on a 1200 baud modem to enter this
>  	message, and have advised the sysops of the two other boards
>  	(names withheld). I don't know how this virus originated, but I'm
>  	sure it is the work of someone in the computer telecommunications
>  	field such as myself. Probably the best thing to do now is to
>  	stick to 1200 baud until we figure this thing out.
> 
> 	Mike RoChenle
> 
> This bogus virus description spawned a humorous alert by Robert Morris III :
> 
>  	Date: 11-31-88 (24:60)	Number: 32769
>  	To: ALL	Refer#: NONE
>  	From: ROBERT MORRIS III	Read: (N/A)
>  	Subj: VIRUS ALERT	Status: PUBLIC MESSAGE
> 
>  	Warning: There's a new virus on the loose that's worse than
>  	anything I've seen before! It gets in through the power line,
>  	riding on the powerline 60 Hz subcarrier. It works by changing the
>  	serial port pinouts, and by reversing the direction one's disks
>  	spin. Over 300,000 systems have been hit by it here in Murphy,
>  	West Dakota alone! And that's just in the last 12 minutes.
> 
> 	It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac,
>  	RSX-11, ITS, TRS-80, and VHS systems.
> 
>  	To prevent the spresd of the worm:
> 
>  	1) Don't use the powerline.
>  	2) Don't use batteries either, since there are rumors that this
>  	  virus has invaded most major battery plants and is infecting the
>  	  positive poles of the batteries. (You might try hooking up just
>  	  the negative pole.)
>  	3) Don't upload or download files.
>  	4) Don't store files on floppy disks or hard disks.
>  	5) Don't read messages. Not even this one!
>  	6) Don't use serial ports, modems, or phone lines.
>  	7) Don't use keyboards, screens, or printers.
>  	8) Don't use switches, CPUs, memories, microprocessors, or
>  	  mainframes.
>  	9) Don't use electric lights, electric or gas heat or
>  	  airconditioning, running water, writing, fire, clothing or the
>  	  wheel.
> 
>  	I'm sure if we are all careful to follow these 9 easy steps, this
>  	virus can be eradicated, and the precious electronic flui9ds of
>  	our computers can be kept pure.
> 
>  	---RTM III
> 
> Since that time virus hoaxes have flooded the Internet.With thousands of
> viruses worldwide, virus paranoia in the community has risen to an extremely
> high level. It is this paranoia that fuels virus hoaxes. A good example of
> this behavior is the "Good Times" virus hoax which started in 1994 and is
> still circulating the Internet today. Instead of spreading from one computer
> to another by itself, Good Times relies on people to pass it along.
> 
> How to Identify a Hoax
> ======================
> 
> There are several methods to identify virus hoaxes, but first consider what
> makes a successful hoax on the Internet. There are two known factors that make
> a successful virus hoax, they are: (1) technical sounding language, and
> (2) credibility by association. If the warning uses the proper technical
> jargon, most individuals, including technologically savy individuals, tend to
> believe the warning is real. For example, the Good Times hoax says that
> "...if the program is not stopped, the computer's processor will be placed in
> an nth-complexity infinite binary loop which can severely damage the
> processor...". The first time you read this, it sounds like it might be
> something real. With a little research, you find that there is no such thing
> as an nth-complexity infinite binary loop and that processors are designed
> to run loops for weeks at a time without damage.
> 
> When we say credibility by association we are referring to whom sent the
> warning. If the janitor at a large technological organization sends a warning
> to someone outside of that organization, people on the outside tend to believe
> the warning because the company should know about those things. Even though
> the person sending the warning may not have a clue what he is talking about,
> the prestigue of the company backs the warning, making it appear real. If a
> manager at the company sends the warning, the message is doubly backed by the
> company's and the manager's reputations.
> 
> Individuals should also be especially alert if the warning urges you to pass
> it on to your friends. This should raise a red flag that the warning may be
> a hoax. Another flag to watch for is when the warning indicates that it is a
> Federal Communication Commission (FCC) warning. According to the FCC, they
> have not and never will disseminate warnings on viruses. It is not part of
> their job.
> 
> CIAC recommends that you DO NOT circulate virus warnings without first
> checking with an authoritative source. Authoritative sources are your computer
> system security administrator or a computer incident advisory team. Real
> warnings about viruses and other network problems are issued by different
> response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by
> the sending team using PGP. If you download a warning from a teams web site or
> validate the PGP signature, you can usually be assured that the warning is
> real. Warnings without the name of the person sending the original notice, or
> warnings with names, addresses and phone numbers that do not actually exist
> are probably hoaxes.
> 
> What to Do When You Receive a Warning
> =====================================
> 
> Upon receiving a warning, you should examine its PGP signature to see that it
> is from a real response team or antivirus organization. To do so, you will
> need a copy of the PGP software and the public signature of the team that
> sent the message. The CIAC signature is available from the CIAC web server
> at:
> 
> http://ciac.llnl.gov
> 
> If there is no PGP signature, see if the warning includes the name of the
> person submitting the original warning. Contact that person to see if he/she
> really wrote the warning and if he/she really touched the virus. If he/she is
> passing on a rumor or if the address of the person does not exist or if
> there is any questions about theauthenticity or the warning, do not circulate
> it to others. Instead, send the warning to your computer security manager or
> incident response team and let them validate it. When in doubt, do not send
> it out to the world. Your computer security managers and the incident response
> teams teams have experts who try to stay current on viruses and their warnings.
> In addition, most anti-virus companies have a web page containing information
> about most known viruses and hoaxes. You can also call or check the web site
> of the company that produces the product that is supposed to contain the virus.
> Checking the PKWARE site for the current releases of PKZip would stop the
> circulation of the warning about PKZ300 since there is no released version 3
> of PKZip. Another useful web site is the "Computer Virus Myths home page"
> (http://www.kumite.com/myths/) which contains descriptions of several known
> hoaxes. In most cases, common sense would eliminate Internet hoaxes.
> 
> - -----------------------------------------------------------------------------
> 
> CIAC, the Computer Incident Advisory Capability, is the computer
> security incident response team for the U.S. Department of Energy
> (DOE) and the emergency backup response team for the National
> Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
> National Laboratory in Livermore, California. CIAC is also a founding
> member of FIRST, the Forum of Incident Response and Security Teams, a
> global organization established to foster cooperation and coordination
> among computer security teams worldwide.
> 
> CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
> can be contacted at:
>     Voice:    +1 510-422-8193
>     FAX:      +1 510-423-8002
>     STU-III:  +1 510-423-2604
>     E-mail:   ciac at llnl.gov
> 
> For emergencies and off-hour assistance, DOE, DOE contractor sites,
> and the NIH may contact CIAC 24-hours a day. During off hours (5PM -
> 8AM PST), call the CIAC voice number 510-422-8193 and leave a message,
> or call 800-759-7243 (800-SKY-PAGE) to send a Sky Page. CIAC has two
> Sky Page PIN numbers, the primary PIN number, 8550070, is for the CIAC
> duty person, and the secondary PIN number, 8550074 is for the CIAC
> Project Leader.
> 
> Previous CIAC notices, anti-virus software, and other information are
> available from the CIAC Computer Security Archive.
> 
>    World Wide Web:      http://ciac.llnl.gov/
>    Anonymous FTP:       ciac.llnl.gov (128.115.19.53)
>    Modem access:        +1 (510) 423-4753 (28.8K baud)
>                         +1 (510) 423-3331 (28.8K baud)
> 
> CIAC has several self-subscribing mailing lists for electronic
> publications:
> 1. CIAC-BULLETIN for Advisories, highest priority - time critical
>    information and Bulletins, important computer security information;
> 2. CIAC-NOTES for Notes, a collection of computer security articles;
> 3. SPI-ANNOUNCE for official news about Security Profile Inspector
>    (SPI) software updates, new features, distribution and
>    availability;
> 4. SPI-NOTES, for discussion of problems and solutions regarding the
>    use of SPI products.
> 
> Our mailing lists are managed by a public domain software package
> called ListProcessor, which ignores E-mail header subject lines. To
> subscribe (add yourself) to one of our mailing lists, send the
> following request as the E-mail message body, substituting
> CIAC-BULLETIN, CIAC-NOTES, SPI-ANNOUNCE or SPI-NOTES for list-name and
> valid information for LastName FirstName and PhoneNumber when sending
> 
> E-mail to       ciac-listproc at llnl.gov:
>         subscribe list-name LastName, FirstName PhoneNumber
>   e.g., subscribe ciac-notes OHara, Scarlett W. 404-555-1212 x36
> 
> You will receive an acknowledgment containing address, initial PIN,
> and information on how to change either of them, cancel your
> subscription, or get help.
> 
> PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
> communities receive CIAC bulletins.  If you are not part of these
> communities, please contact your agency's response team to report
> incidents. Your agency's team will coordinate with CIAC. The Forum of
> Incident Response and Security Teams (FIRST) is a world-wide
> organization. A list of FIRST member organizations and their
> constituencies can be obtained by sending email to
> docserver at first.org with an empty subject line and a message body
> containing the line: send first-contacts.
> 
> This document was prepared as an account of work sponsored by an
> agency of the United States Government. Neither the United States
> Government nor the University of California nor any of their
> employees, makes any warranty, express or implied, or assumes any
> legal liability or responsibility for the accuracy, completeness, or
> usefulness of any information, apparatus, product, or process
> disclosed, or represents that its use would not infringe privately
> owned rights. Reference herein to any specific commercial products,
> process, or service by trade name, trademark, manufacturer, or
> otherwise, does not necessarily constitute or imply its endorsement,
> recommendation or favoring by the United States Government or the
> University of California. The views and opinions of authors expressed
> herein do not necessarily state or reflect those of the United States
> Government or the University of California, and shall not be used for
> advertising or product endorsement purposes.
> 
> LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
> 
> G-43: Vulnerabilities in Sendmail
> G-44: SCO Unix Vulnerability
> G-45: Vulnerability in HP VUE
> G-46: Vulnerabilities in Transarc DCE and DFS
> G-47: Unix FLEXlm Vulnerabilities
> G-48: TCP SYN Flooding and IP Spoofing Attacks
> H-01: Vulnerabilities in bash
> H-02: SUN's TCP SYN Flooding Solutions
> H-03: HP-UX_suid_Vulnerabilities
> H-04: HP-UX  Ping Vulnerability
> 
> RECENT CIAC NOTES ISSUED (Previous Notes available from CIAC)
> 
> Notes 07 - 3/29/95     A comprehensive review of SATAN
> 
> Notes 08 - 4/4/95      A Courtney update
> 
> Notes 09 - 4/24/95     More on the "Good Times" virus urban legend
> 
> Notes 10 - 6/16/95     PKZ300B Trojan, Logdaemon/FreeBSD, vulnerability
>                        in S/Key, EBOLA Virus Hoax, and Caibua Virus
> 
> Notes 11 - 7/31/95     Virus Update, Hats Off to Administrators,
>                        America On-Line Virus Scare, SPI 3.2.2 Released,
>                        The Die_Hard Virus
> 
> Notes 12 - 9/12/95     Securely configuring Public Telnet Services, X
>                        Windows, beta release of Merlin, Microsoft Word
>                        Macro Viruses, Allegations of Inappropriate Data
>                        Collection in Win95
> 
> Notes 96-01 - 3/18/96  Java and JavaScript Vulnerabilities, FIRST
>                        Conference Announcement, Security and Web Search
>                        Engines, Microsoft Word Macro Virus Update
> 
> - ----BEGIN PGP SIGNATURE-----
> Version: 2.6.1
> Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface
> 
> iQCVAwUBMpN8qrnzJzdsy3QZAQHpZgP/V+NTN7AwEtWCM46sSBMFnEuz0NxmN9X2
> DMOFnATcUSNvukXBPAMc3LMYmnjhp+CrqDyfQCWVBUaHDTmb3yKTTsexYev5alyd
> cSR4uZjQrMjO1pu16HG7BS+faxaP+E/FVEcbAof9a+tjX4aj9LTOM/Nt8Hb6Aazo
> eRHTBH+AYy4=
> =fBQM
> - ----END PGP SIGNATURE-----
> 
> ------------------------------
> 
>  





From shamrock at netcom.com  Mon Nov 25 10:58:19 1996
From: shamrock at netcom.com (Lucky Green)
Date: Mon, 25 Nov 1996 10:58:19 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <199611230853.AAA10184@netcom6.netcom.com>
Message-ID: <Pine.3.89.9611251007.A22766-0100000@netcom6>


The what is that gread for Gold-Latinum(sp?) all about? No money? Don't 
believe it.


-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred

On Sat, 23 Nov 1996, Bill Frantz wrote:

> For the fans of E.E.(Doc) Smith, go see this movie.
> 
> OBCrypto: Data locks the main computer with a fractal cypher.
> 
> OBMoney: Picard states the they don't have money in the 24th century. 
> Instead they work for the good of mankind.  Nanotechnology must have made
> everything material possible, so the only reward left is status (aka
> reputation).
> 
> 
> -------------------------------------------------------------------------
> Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
> (408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
> frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA
> 
> 
> 





From paul at fatmans.demon.co.uk  Mon Nov 25 11:24:44 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Mon, 25 Nov 1996 11:24:44 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <848946795.108071.0@fatmans.demon.co.uk>



>      The algorythm cannot be considered secure until it has been 
> peer-reviewed. They refuse to release the algorythm for review, simply saying
> that "you can't break the code" therefore "it is secure". 

This isn`t strictly true. Don Wood (spit) has actually released the 
algorithm details for review. It`s just that no-one considers it even 
worthy of looking at. I wearily downloaded the details then realised 
I had better things to do than sift through pages of pompous self 
important drivel about "software one time pads."


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From rudd_a at alph.swosu.edu  Mon Nov 25 11:24:44 1996
From: rudd_a at alph.swosu.edu (Amy Rudd)
Date: Mon, 25 Nov 1996 11:24:44 -0800 (PST)
Subject: public
Message-ID: <v01540b01aebf5a364b89@[164.58.41.89]>


I am new here, and I was wondering, why are there still stupid, immature
people on line who have the audacity, here in the 90's, to still call
people a "cocksucking faggot".  I mean no offense here, but please, stop
using such offensive words!  Thanks....   As I said, I am new here, and am
a libertarian/anarchist who wants the government to butt out of our
lives...I am very interested in privacy, and am also against censorship.  I
hope there are others out there who feel as I do, but if not, I guess I'll
find out I'm on the wrong place!!   :-)   Anyhow, I hope you can welcome a
Cincinnati goth who lives in Oklahoma...thanks!!....Amy


****************************************************************************
*****
*
*     It's better to regret something you did than something you
*                                                          *
didn't do.                                             *
*                                                                              *
*                                                                              *
********************************************************************************







From alan at ctrl-alt-del.com  Mon Nov 25 11:39:21 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Mon, 25 Nov 1996 11:39:21 -0800 (PST)
Subject: Symantec's claim.
Message-ID: <3.0.32.19961125104940.006ab9a8@mail.teleport.com>


At 03:45 PM 11/25/96 +0200, cracker at icon.co.za wrote:
>
>In light of recent claims,i would like somebody to clear this up for me.
>There seems to be a great deal of conjecture over wether or not the
Deeyenda Virus exhists.
>Symantec denies it's existence,although i hear differently??
>Greatly appreciate anyone who can shed some light on the subject,even
though C-punks list doesnt usually deal with this topic of thought ;)
>Anyone come across the pkz300 trojan,if you have it send it please.
>A student,a paper,and a possible future career are at stake here,so please
dig deep into your 
>pockets!!!!!! Asking a lot i know!

Deeyenda is a hoax.  (Very similar to "Good Times" and aimed towards the
same audience.)

Info on it can be found at:

http://www.kumite.com/myths/myth027.htm


---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan at ctrl-alt-del.com|





From janimmo at rigel.infonex.com  Mon Nov 25 12:02:32 1996
From: janimmo at rigel.infonex.com (Jeffrey A Nimmo)
Date: Mon, 25 Nov 1996 12:02:32 -0800 (PST)
Subject: Fwd: Your Email Privacy Has Been Compromised
In-Reply-To: <961125072341_805751587@emout02.mail.aol.com>
Message-ID: <Pine.SOL.3.91.961125112659.29484A-100000@rigel.infonex.com>



On Mon, 25 Nov 1996 EBDAVIS at aol.com wrote:

> From:	securityadmn at netsecurity.yes

I'm going to take a wild stab in the dark and say that this is
a forged e-mail address.

> In my program you'll learn:
> 
> *How to send email that cannot be traced.

Well, I for one hope he doesn't just mean forging the "From:"
header like he did above.

> My package is a treasure trove of valuable information collected 
> to guarantee your privacy!

"Guarantee?" I didn't think that was possible. I know it's possible
to make it so difficult to read your mail that it wasn't worth the
bother.

> This is the first time I am making this information available.  In a 
> short while, the program will be retailing for $59.95.  However, if 
> you respond within the next 7 days of receiving this message you 
> will receive the special price of $19.95.  Because of the amazing 
> expansion of the internet, I have decided to make this offer so 
> that everyone can afford to learn how to protect themselves from 
> the net's growing criminal element.  After seven days you may 
> still order the program at its retail price of $59.95.

Well, if he's for real (which I doubt), and he gives detailed
instructions for the newbie on how to set up PGP on all
platforms, Premail, Mixmaster, the nym servers, the anonymizer,
etc., then it might be worth it to some people. However, I found
that doing it the hard way (trial and error), was not only
cheaper, but helped me understand the programs better.

> Additionally, if you order within the next 48 hours, I'll include a 
> very special report about how you can get a free email address 
> and account to use from just about anywhere in the U.S.  I'll 
> show you how, but you must order within the next 48 hours!

I hope he's not referring to the nym servers, as they aren't
real accounts.

> Please be certain to give me your
> email address when ordering.  I prefer to ship orders via email
> so that you can have my information as soon as possible.

I wonder if it might just be a case of:

"Okay, here's your PGP FAQ, nym FAQ, Mixmaster FAQ, Anonymity
FAQ, and anonymizer URL. Thanks for the twenty bucks! See ya'!"

> To order send a check, money order, or credit card information
> (Visa, MasterCard, Discover) to me at:

But what about all the evil postman who are just waiting for
you to send your credit card number through the mail? And I thought
he was concerned about our security?

> Copyright 1996, Jeff Martin.  All rights reserved.

What's he copyrighting? His e-mail message or his credit
card form?





From cvhd at indyweb.net  Mon Nov 25 12:09:38 1996
From: cvhd at indyweb.net (cvhd at indyweb.net)
Date: Mon, 25 Nov 1996 12:09:38 -0800 (PST)
Subject: Symantec's claim.
Message-ID: <3.0b36.32.19961125150845.0069fa64@indyweb.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 21697 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961125/f553dbf2/attachment.bin>

From sameer at c2.net  Mon Nov 25 12:12:04 1996
From: sameer at c2.net (sameer)
Date: Mon, 25 Nov 1996 12:12:04 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <199611252011.MAA27220@clotho.c2.org>


For Release November 25, 1996
C2Net Contact: Douglas Barnes, +1 510 986 8770
UK Web Contact: Dave Williams, +44 0113 222 0046 


      SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE

Oakland, CA -- C2Net and UK Web, Ltd., announced today the beta
release of a new product, "SafePassage Web Proxy." International users
of popular web browsers such as Netscape or Microsoft Internet
Explorer can use SafePassage to make secure web connections using
full-strength cryptography.  Prior to this release, international
users of these browsers had to use weak cryptography, which could be
easily broken.

"SafePassage is the perfect complement to our Stronghold web server,"
said Mark Cox, Stronghold Product Manager for UK Web. "we've been
marketing the international version of Stronghold with full strength
cryptography for two months now, but we knew we would need matching
strong cryptography on the browser side as well. SafePassage Web Proxy
answers this need."

SafePassage provides secure connections using strong cryptography for
any browser that supports standard SSL tunneling. It currently runs on
Windows 3.1 and Windows 95.

"We don't believe in using codes so weak that foreign governments,
criminals or bored college students can break them," said C2Net
President Sameer Parekh, "we also oppose plans to put all your
cryptography keys in a few places, where they can be sold to the
highest bidder by traitors like Aldrich Ames, or recent suspect Harold
J. Nicholson."

Current "export" versions of Netscape and MSIE use a weak cipher that
has been broken by online groups, such as the "Cypherpunks." Companies
like HP and IBM, bowing to government pressure, have been promoting
seemingly innocuous "key recovery" plans that would require
centralized key storage and easy government access to -- or abuse of
-- cryptography keys.

Beta versions of SafePassage can be downloaded at no cost from UK
Web's site at: http://stronghold.ukweb.com/safepassage. It is
currently unavailable for distribution within the US and Canada, but a
domestic version will be made available in the near future.

The final release will be free for personal, educational, or other
non-commercial use; for information on site licenses and bundling,
send e-mail to safepassage at c2.net; or by phone, contact Douglas Barnes
at +1 510 986 8773, or Dave Williams at +44 0113 222 0046.

UK Web Limited is a leading Internet services company specialising in
server technology, Internet security, business solutions and effective
site design.

C2Net is the leading provider of uncompromising security on the
Internet.  C2Net provides a wide array of Internet privacy services
and powerful network security software.

Netscape Navigator and Netscape Enterprise are trademarks of Netscape
Communications Corporation. Microsoft Internet Explorer and Microsoft
Internet Information Server are trademarks of Microsoft Corporation.
Stronghold and SafePassage are trademarks of C2Net.





From lile at art.net  Mon Nov 25 12:13:22 1996
From: lile at art.net (Lile Elam)
Date: Mon, 25 Nov 1996 12:13:22 -0800 (PST)
Subject: Where do I send this to get them stopped?
Message-ID: <199611252010.MAA24298@art.net>


Hi all,

How can we stop such aweful programs? Is there a group I
can send this to who trouble shoots spam?

thanks,

-lile
(a webmaster at art.net)


----- Begin Included Message -----

>From 10ehnmugs6l6 at MAIL-CLUSTER.PCY.MCI.NET Sun Nov 24 11:40:48 1996
Date: Sun, 24 Nov 1996 12:45:02 +0000
From: Emerald at earthstar.com
Subject: FREE demo
To: Emerald11249601 at MAIL-CLUSTER.PCY.MCI.NET
Reply-to: Emerald at earthstar.com
MIME-version: 1.0
X-Mailer: Pegasus Mail for Windows (v2.32)
Content-Type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Priority: normal
Comments: Authenticated sender is <10ehnmugs6l6 at mail14.MCI2000.com>
Content-Length: 175

Are you interested in sending bulk e-mails?
I know of a great new program!
You can even test out the demo for FREE!
Send me an e-mail for more details.

Emerald at earthstar.com


----- End Included Message -----






From paul at fatmans.demon.co.uk  Mon Nov 25 12:14:56 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Mon, 25 Nov 1996 12:14:56 -0800 (PST)
Subject: (Fwd) New Mersenne Prime!
Message-ID: <848946796.108078.0@fatmans.demon.co.uk>


------- Forwarded Message Follows -------

New Mersenne Prime!  2^1398269-1 is prime!
------------------------------------------

Thanks to everyone's hard work, GIMPS (Great Internet Mersenne Prime Search)
has discovered the 35th known Mersenne Prime!  Joel Armengaud made the 
discovery on November 13.  Amazingly, he kept this secret while he
double-checked the find on two other computers.  On the 18th, he notified
Richard Crandall, Chris Caldwell, and myself.  I verified it on my machine
on the 20th.  Slowinski, who was out of town at the time, provided the
independent verification on the 22nd.

More information can be found at these three web sites:
	http://www.sjmercury.com/business/compute/prime1122.htm
	http://ourworld.compuserve.com/homepages/justforfun/1398269.htm
	http://www.utm.edu/research/primes/notes/1398269.html

As had been agreed upon before hand, credit for this new prime will go
to Armengaud, Woltman, et. al.



  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From stewarts at ix.netcom.com  Mon Nov 25 12:24:14 1996
From: stewarts at ix.netcom.com (stewarts at ix.netcom.com)
Date: Mon, 25 Nov 1996 12:24:14 -0800 (PST)
Subject: Pyramid schemes and cryptoanarchy
Message-ID: <1.5.4.32.19961125201114.003a831c@popd.ix.netcom.com>


At 11:23 AM 11/10/96 -0500, clay.olbon at dynetics.com wrote:
>It seems that pyramid scheme spamming has increased of late (if that is
>possible!).  In my lifetime, I can only remember a single snail-mail
>instance of a pyramid scheme - over the net it is an entirely different
>story (although the number of instances is probably proportional to the
>number of lists I subsribe to).  With fully anonymous digital cash will come
>the ability to develop untraceable pyramid schemes.  As a staunch believer
>in the free market, I find laws against these schemes distasteful, quite
>hypocrytical (i.e. Social Security), and soon to be unenforceable.

Aside from illegality, snail-mail pyramid spamming is rare because it costs
enough money per piece of mail that it's hard to make money given the
fraction of recipients who are both suckers and not too lazy to respond.
Email, on the other hand, is cheap, and sending large quantities is easy.
So you can expect to see a lot more email pyramid spamming, and electronic
money, whether digicash or traceable, will make it more popular.

On the other hand, I don't see anonymity helping it much - to the extent
that the public understands it, they'll realize that the people higher
up on the pyramid may all be tentacles, and they've got to mail out 
an address that's "theirs" to collect any money from lower-down suckers.
Dealing with complexity tends to encourage clues, or at least delay,
which is death for most pyramid scams.  Pyramid schemes benefit more from
traceable cash and non-anonymous suckers who can be targeted for later scams.

Multi-level marketing reacts interestingly with the Internet.
Where it's relatively legitimate, rather than a scam, it's a scaleable way 
for a company to hire a bunch of sales people that grows about as fast as the
sales of the product, who don't have to be paid if sales drop off,
and pay for advertising through sales people and word-of-mouth rather than 
expensive broadcasting.  The Internet and electronic communication in general
encourage small, flexible niche businesses that grow, sell stuff, and close.
So MLM is useful for them, especially if their product is physical stuff
rather than bits, and lower transaction costs make it easier to pay
the sales people (either anonymously or taxably....)

On the other hand, lower transaction costs make it easy to broadcast and
deliver information to potential customers and deliver stuff by NextDayAir,
and of course you can deliver bits for almost-free.  So MLM probably won't
work well for commodities with competing suppliers, like phone cards, soap, 
and high-tech motor oil, but may survive for products where personal
recommendations are important, like Super Blue-Green Algae and Smart Drugs, 
(where the sales rep and customer know each other and anonymity at most
keeps out greedy tax collectors and meddling FDA censors)
or where the sales person performs some useful part of the process,
like made-to-measure lingerie or direct personal loan collections.



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
#     (If this is posted to cypherpunks, I'm currently lurking from fcpunx,
#     so please Cc: me on replies.  Thanks.)






From dwa at corsair.com  Mon Nov 25 12:27:20 1996
From: dwa at corsair.com (Dana W. Albrecht)
Date: Mon, 25 Nov 1996 12:27:20 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
Message-ID: <199611252028.MAA16855@vishnu.corsair.com>




Our friend Don Woods seems to have inadvertently sparked what could be a 
useful and serious discussion regarding "provably secure cryptography."

Not to be confused with the usual "unbreakable" snake oil we see peddled 
so often, I refer to systems for which rigorous mathematical proof that 
"there are no shortcuts" exists.  To my knowledge, no such systems, with 
the exception of a real one-time pad, exist today.  However, I also 
under the impression that ongoing research on this topic continues.  For 
example, consider the work being done on "Lattice" cryptosystems (see 
http://jya.com/lattice.htm).

"diGriz" is right.  Nothing precludes the existence of a cryptographic 
algorithm for which a rigorous mathematical proof of "security" exists
--- where "security" means a provable lower bound on the time required 
for recovery of the key.  Indeed, it seems that finding such an 
algorithm --- or providing the necessary rigorous proof for a current 
algorithm --- is a laudable goal of academic cryptographic research.

Rigorous proofs of the non-existence of an algorithm are not new.  
Neither are rigorous proofs that any algorithm which can solve a given 
problem requires a minimal running time.  Or, in an even stronger sense, 
that a particular known algorithm for a given problem is indeed a 
(provably) optimal algorithm for that problem.

For a (non-cryptographic) example of a proof of the first sort --- that 
is, that "there exists no algorithm" --- consider the famous "Halting 
Problem" for Turing machines.  (I believe someone else has also 
mentioned this.)  There are many proofs such as this one, often related, 
though the Halting Problem itself is perhaps the most famous example.

For an (again, non-cryptographic) example of a proof of the second sort 
--- that is, that "any algorithm that solves a given problem requires a 
minimal running time" --- consider the proof that the "minimal" number 
of key comparisons in the worst case required to sort a random list of 
elements for which only an ordering relationship is known is O(nlog(n)).  
See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
"binary" search which requires O(log(n)) comparisons to find a given 
element in the worst case is provably the optimal algorithm for this 
task.

Turning once again to cryptography, there is presumably an "optimal" 
algorithm for factoring a "general" number in the "worst" case.  Of 
course, known algorithms for factorization seem to regularly improve and 
no one has even suggested that any current algorithm is (provably) the 
"optimal" algorithm.  Worse case bounds on running time for currently 
known algorithms can certainly be produced, but no one currently knows 
if these are the best algorithms.

However, just as one can say, "How do you know that tomorrow some 
brilliant mathematician will not produce a polynomial time factorization 
algorithm?" one can also say, "How do you know that tomorrow some 
brilliant mathematician will not provide a rigorous proof that all 
factorization algorithms --- in the worse case --- require some 
specified minimal running time?"

While the current state of mathematical knowledge suggests that this is 
not likely to happen anytime soon for the factorization problem, it is 
encouraging to see work in areas where more rigorous proofs of security 
are within closer reach.  Again, I refer to work on Lattice problems.  
If the types of rigorous proof regarding "what can't be done" that are 
known for the Halting Problem, sorting, and searching are available for 
cryptographic problems, then this is indeed a major (and laudable) 
advance in cryptography.

Obviously, discussion on this topic is unrelated to such security 
problems as implementation mistakes, fault analysis, outright theft of 
keys, etc.  I hope that I've been careful to explain what I mean by 
"provably secure" and that it's not interpreted to include these types 
of attacks.

I'm interested in the current state of research (if any) on this topic.  
Other than what John Young sent to the list some time ago about Lattice 
stuff --- which is certainly far from prime time --- I've not seen 
anything else.  I also haven't devoted a lot of time to looking.

Relevant pieces of the earlier thread are included below.

Comments, anyone?

Dana W. Albrecht
dwa at corsair.com

----------------------------------------------------------------------------


Eric Murray <ericm at lne.com> writes:
> Don Wood <wichita at cyberstation.net> writes:
> > Do not belive it, it will never happen. It is impossible,  and we can
> > prove it to your satisfaction.
> 
> No, you can't.  It's impossible to prove an algorithim unbreakable.
> You can only say that it hasn't been broken yet, but you can't
> predict the advances in cryptoanalysis.
> 
> If, in two or three years, no one's broken it then maybe it'll seem
> like a reasonably-secure algorithim.  Of course when someone does break
> it you'll just say "oh, that wasn't the real algorithim" like you did
> last time.

[ Snip ]

> You can't prove a negative.  The best IPG could say is that
> it can't be broken with current technology.
> Next week someone might come up with a new way
> to break ciphers that renders the IPG algorithim breakable.
> 
> You point could have been that the same problem exists
> for proofs- that next week someone could come up
> with a way to prove, for all time, that an algorithim
> really IS unbreakable.  So, to cover that posibility
> I should have said "it's currently impossible to
> prove an algorithim unbreakable". :-)

----------------------------------------------------------------------------

"diGriz" anonymously writes: 
> The good news is that you can prove a negative.  For example, it has
> been proven that there is no algorithm which can tell in all cases
> whether an algorithm will stop.

[ Snip ] 

> The best they can say is what they did say: they have a proof that
> their system is unbreakable.  What you question, quite reasonably,
> is whether they have such a proof.

[ Snip ]
 
> Or, more accurately, nobody credible has seen such a proof.  But, a
> clever person might invent one.

----------------------------------------------------------------------------

The Deviant <deviant at pooh-corner.com> writes: 
> No, he was right.  They can't prove that their system is unbreakable.
> They _might_ be able to prove that their system hasn't been broken, and
> they _might_ be able to prove that it is _unlikely_ that it will be, but
> they *CAN NOT* prove that it is unbreakable.  This is the nature of
> cryptosystems.
> 
> > >The best IPG could say is that
> > >it can't be broken with current technology.
> > >Next week someone might come up with a new way
> > >to break ciphers that renders the IPG algorithim breakable.
> > 
> > The best they can say is what they did say: they have a proof that
> > their system is unbreakable.  What you question, quite reasonably,
> > is whether they have such a proof.
> 
> It is impossible to prove such a thing.  It's like saying you have proof
> that you have the last car of a certain model ever to be built.  Anybody
> could come along and build another, and then you don't have the last one.
> 
> > 
> > >You point could have been that the same problem exists
> > >for proofs- that next week someone could come up
> > >with a way to prove, for all time, that an algorithim
> > >really IS unbreakable.  So, to cover that posibility
> > >I should have said "it's currently impossible to
> > >prove an algorithim unbreakable". :-)
> > 
> > Or, more accurately, nobody credible has seen such a proof.  But, a
> > clever person might invent one.
> 
> There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
> universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
> be proven.  It never has been proven, and it never will be proven.  People
> have new ideas, new algorithms are invented.  Someday, somebody will crack
> _all_ the cryptosystems that have now been invented.

[ Snip ]

> diGriz anonymous writes:
> > At 6:56 PM 11/23/1996, The Deviant wrote:
> > >No, he was right.  They can't prove that their system is unbreakable.
> > >They _might_ be able to prove that their system hasn't been broken, and
> > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > >cryptosystems.
> > 
> > Please prove your assertion.
> > 
> > If you can't prove this, and you can't find anybody else who has, why
> > should we believe it?
> 
> Prove it?  Thats like saying "prove that the sun is bright on a sunny
> day".  Its completely obvious.  If somebody has a new idea on how to
> attack their algorithm, it might work.  Then the system will have been
> broken.  You never know when somebody will come up with a new idea, so the
> best you can truthfully say is "it hasn't been broken *YET*".  As I
> remember, this was mentioned in more than one respected crypto book,
> including "Applied Cryptography" (Schneier).

----------------------------------------------------------------------------

"diGriz" Anonymously responds:
> Page number?
> 
> Perhaps it would be helpful to hear a possible proof.  If somebody
> were to show that breaking a certain cryptographic algorithm was
> NP-complete, many people would find this almost as good as proof that
> the algorithm is unbreakable.
> 
> Then if a clever person were to show that the NP-complete problems
> were not solvable in any faster way than we presently know how, you
> would have proof that a cryptographic algorithm was unbreakable.
> 
> There is no obvious reason why such a proof is not possible.
> 
> diGriz





From paul at fatmans.demon.co.uk  Mon Nov 25 13:04:27 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Mon, 25 Nov 1996 13:04:27 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <848946795.108068.0@fatmans.demon.co.uk>



>Is the concept here that:  Whereas conventional crypto generates/hashes
>a *key* with which to encode the text, IPG generates a *pad* from a key,
>more or less the length of the text, with which to encode the text??

It makes no difference whatsoever, no PRNG can have more entropy in 
the output stream than there was in the initial seed. Indeed, in 
general, the longer the PRNG runs for the more chance an adversary 
has of breaking it due to an increased amount of output.

>It seems to me they're putting an additional layer of stuff ("OTP") between
>the key generation and the actual encoding, so what's the problem with that,
>as a concept?

Well for a start it`s not a one time pad because that requires a 
totally real random pad. They have a stream cipher, as for whether it 
is any good or not I would normally not trust a man with the talent 
for bullshit Don Wood has.


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From markm at voicenet.com  Mon Nov 25 13:28:38 1996
From: markm at voicenet.com (Mark M.)
Date: Mon, 25 Nov 1996 13:28:38 -0800 (PST)
Subject: A source of entropy?
In-Reply-To: <9611250834.AA11220@dstn21.dct.ac.uk>
Message-ID: <Pine.LNX.3.95.961125162439.520A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 25 Nov 1996, inssdl wrote:

> Last weekend I spent time formatting a little over 100 new floppies. When 
> I was staring at the monitor between changes, I started looking at the 
> volume serial number that was being thrown up for each disk.
> 
> These *appeared* to be unpredictable from the previous serial number given.
> 
> If the serial number is represented as xxxx-yyyy then sometimes yyyy 
> would be one less than the previous yyyy but xxxx always seemed to be 
> "random".

The serial number is derived from the time of day.  This is used by a lot of
programs to get a few bits of entropy, so the disk serial number will probably
not add much entropy.  Here's a post I saved from alt.hackers that explains the
exact algorithm:

From: jsl2228 at acf4.nyu.edu (jsl2228)
Newsgroups: alt.hackers
Subject: Re: Disk Serial Numbers.
Date: 17 May 1995 04:36:00 GMT


MICHAEL PAUL DANIEL (mdanie at wilbur.mbark.swin.oz.au) wrote:
: Just a quick question.. How does MS-DOS determine the serial number when
: you format a disk??

        It's not a pesudo-randum number #, it actually has a formula.  It's
based on the current date & time.

unsigned long int NS;  (Serial numbers are 32 bits)

NS = (  ( ( ((seconds << 8) + hundreth) ) +
            ((day << 8) + month) ) << 16 ) +
       (   ((hour << 8) + minutes) + year);

        Try this: get a disk that is already formatted (but whose data you
don't care about:)

>FORMAT A:/Q/U/V:""

        Format the disk once, note the serial number, then immediately
format it again.  Note that the second serial number only differs in
a few digits from the first.
[rest deleted]

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpoP1yzIPc7jvyFpAQHRrwf9ErlmAu6WObOvxPIX1ZC1NhpeoLOJXO8T
WfLow0dDTKqN7+kfHNbE3sFJpX5hZptglsLqB2I0xFobdOlbDhTIQ34qZ0ZNIKTG
CX+ILythFWw4bAGnHanecK80FTpMP9lQRBMSZt+CrKi5YteLkdHHsS2aq+JdbHlI
RJkNiVfwkHdfLvIiKDAQqx7IzjW2oM7Q32D2zySb8aDNB2cn7CawlJauq69ultWG
O1axD7wf2q3G4NccvgZQx4c0W6loF7NWgiDQVchvI6eCxILDg5LYrj7aH9RfomcO
4sTjdoxXaopZiRt5lhLCXtx9+z4VKtuSuFyTCDM8xLoNPEcbYrFXow==
=GXvQ
-----END PGP SIGNATURE-----






From rah at shipwright.com  Mon Nov 25 13:39:27 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 25 Nov 1996 13:39:27 -0800 (PST)
Subject: Anarcho-Science Fiction
Message-ID: <199611252138.QAA29046@mailnfs0.tiac.net>


At 2:08 am -0500 11/24/96, Roy M. Silvernail wrote:
>[ I freely admit this is noise ]

Yeah. What he said.

>C'mon, both of you... 'First Contact' falls _way_ short of Doc Smithean
>proportions.  Although Data's charade did kinda remind me of the fourth
>Skylark book, in terms of plot-device rescue of a failing direction.
>(IMHO, Doc Smith is the master of the over-the-top school of sci-fi
>plotting)

Unfortunately, I've had trouble sticking my tounge in my cheek far enough
for people to see it lately. My apologies.

>> Even Babylon 5, AKA "Science Fiction He Wrote", has a bigger clue.
>
>B5 is my current favorite TV sci-fi, when I even turn the damned thing
>on.

Ditto. Again, I was trying so hard to be facile that I wasn't clear enough.
:-). For all the constraints of televised science fiction, I *really* like
JMS and B5. Especially compared to the pseudoscientific sugar-coated
totalitarian happy horseshit that passes for Star "Treck" these days. Much
less such scienceless silliness as the X-Files, or Lois and Clark.

However, at the risk of being forced into the trap of science fiction which
tells more about when it was written than the future, I find the
presentation in science fiction of faster-than-light travel, "alien" visits
or travel to "alien" cultures, time travel, prophecy, telepathy, (or any
other pseudomystical claptrap) to be extremely annoying. Almost as annoying
as "fantasy", which doesn't even belong near the science fiction bookrack
(how about the "romance novels" section? ;-)). Much less, a science fiction
bookstore. For instance, I think the concepts of faster-than-light travel
and anything beyond rudimentary interstellar radio reception of other
civilizations belongs in the era of the Lensman's "inertialess" drive. An
almost pretelegraphic, age-of-sail world view, developd when sea power was
still the dominant form of "projecting" force.

However, I do look forward to science fiction with cryptoanarchic
economies, and, interestingly enough, a solarcentric universe. People just
don't understand that we have a monsterous amount of undeveloped physical
resources in this solar system. I expect that when we actually look down
with any accuracy on the moon's poles, for instance, we'll find water
buried there ("where the sun don't shine" as a friend put it a few days
ago), just like it is on Murcury. The belt alone is big enough for us to
spread out into into it for the next, say, 7000 years. That's at the human
species' historic argicultural and industrial growth rates, the very same
"frighteningly asymtotic" growth rates that had the Club of Rome gibbering
hysterically in the early 70's. Before, of course, we came to our senses
and remembered that Malthus is still quite dead.

A central fact of human existance is that progress is always more
"geometric" than population growth. Every time we discover a way to extend
human life expectancy, the population grows until everyone goes through a
demographic transition and figures out they don't have to breed so much to
get the same rewards out of life anymore.

We're humans. We build stuff. We always find new resources, and we always
use them to our own advantage. So, what else is new? The extinction rates
that happen and the habitat modifications that humans *always* make when
they take over a new ecosystem have been with us ever since we had the
ability to kill at a distance and use fire. A very long time. Modern humans
grew up living on savannahs, so they cut or burn down forests so they can
hunt game or grow food. (Or suburban lawns, for that matter.) The
aborigines burned their habitat for 40,000 years. The American prairies
have evolved to burn, a process immesurably accellerated by the active
burning by 14,000 years of humans.

Fortunately, we're about to be confronted with our toughest resource
challenge yet. An "ecosystem", or more properly, a set of ecosystems, that
we're going to have to build ourselves, from scratch, outside the earth's
atmosphere, either free-floating in space, or on the surface of an
inhospitable planet. I used to think that that will mean that we would then
use the opportunity to "save" the rest of the species of this planet from
certain extinction. Earth as biopark. Now I see that kind of thinking is
pure romantic hogwash. We are not anti-nature. We *are* nature. We will do
what it takes for us to survive, like any other species. Earth will not be
"saved", it will continue to be modified to our own needs. Because, like
the metaphorical dog, we can. <ewww!!!> :-).  We may not make the same
disaster of it that we made of the Tigris-Euphrates valleys or the
Southeastern Mediterranean, but the "conserving" nature is an oxymoron. Or
maybe even a tautology.

Anyway, this also means taking other species with us when we move off the
earth, and changing those species, and ourselves, to meet the physical
conditions of survival in a new paradigm of extraterrestrial resources. By
way of my own politically correct "reclaiming" of language, I mean
"extraterrestrial resources" literally, of course. Not "extraterrestrial"
as in ETs or BEM's, or LGM's or UFO's, or any other such "alien" bunk. I'm
carving my own crop circles into the landscape of pseudoscience, if you
will, ;-), and using "extraterrestrial" to mean just what it says: off the
earth.


Speaking of other "species", I now also see the technology of cryptofinance
to be integral to this next stage of human expansion. Centralized
industrial control regimes aren't suited to extremely decentralized
automated decisions, like the kind that could happen in a micromarket. I
think that eventually, the idea of micromoney as processor food will create
the economic efficiencies necessary to coordinate the very large
macroengineering projects that extraterrestrial existance will require. If
you can use cryptofinancial controls to organize a swarm of
habitat-building bots, then your structure appears to an observer like it's
building itself. The bots work because they're paid to. They "evolve" into
more efficient builders of stuff because they make more money when they do,
and they compete with each other to do it. By the same token, the money is
not raised by some kind of central financial "action-figure" like McNamara,
or William Sword, or J. Pierpont Morgan, (and especially not a World Bank
McNamara-mandarin) but by a swarm of millions (or billions) of finance-bots
of various kinds living throughout a geodesic economy looking for places to
park their excess cash.

Central project planning considers such competition wasteful, and the
paradox is that the Misian calculation argument holds for a manager of a
macroenterprise the same way it did for any Soviet Commisar. Sooner or
later, you can't figure it all out in enough detail to execute it, and
that's where the project stops. I think we'll step through this dilemma
into a world where everything is, as Kevin Kelly says, "Out of Control",
where stuff happens not because someone planned it down to the last detail,
but because, like the above dog, it can <ewwww!>.


So, what does that mean in terms of science fiction? Well, certainly
Stevenson understands all this, only he's not as much of a space-opera
hound as I am.

Sterling's "Schismatrix" handles extraterrestrial society fairly well, but
it certainly is pre-cryptoanarchy. I didn't like "Islands in the Net" even
though it had the same theme of taking someone out of their mileu and
stopping time around them while the world passed them by. In IitN, the
heroine was being captured by guerillas, in Schmatrix, it was kidnapping
and putting people in suspended animation for a decade or two, just for
kicks.

Frankly, protocrypto or no, Vinge strikes me as more than a little silly at
times, with stasis fields, and physical constants varying with your
distance from the galactic core, and talking dogs and all that other stuff.

Cherryh writes almost perfect space opera, among other things, and I see
her as a perfect decendant of Smith and Heinlein. People I think I now lump
in with Forrester's classic "Hornblower" novels.

I really like Ian Banks, but even his ideas and certainly his politics (and
not his story telling, of course) now pales in comparison to the stuff you
get from imagining the consequences of a geodesic economy.

Gibson now seems positively industrial, and even the Difference Engine
makes perfect sense when seen in this light...


One of the reasons I don't like science fiction anymore is that, like a lot
of people here have said about themselves, and for the first time in my
life, I'm out in front of the science fiction writers on something which is
so fundemental that, frankly, their stuff now makes me laugh. This from
someone who not too long ago read science fiction by the yard. I suppose
this will eventually make me want to evangelize stuff like cryptoanarchy,
financial cryptography, and micromoney mitochondria to science fiction
authors.

Or, maybe, just by shooting our mouths off here and by being archived doing
so, all of us already have done our evangelizing.

On the other hand, some day this stuff will be old hat, and I can go back
to buying science fiction by the yard to learn about new stuff.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From markm at voicenet.com  Mon Nov 25 13:42:29 1996
From: markm at voicenet.com (Mark M.)
Date: Mon, 25 Nov 1996 13:42:29 -0800 (PST)
Subject: Skipjack patent and GATT
Message-ID: <Pine.LNX.3.95.961125163437.520B-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

Since Skipjack is protected by a secrecy order, the NSA can patent the
algorithm without disclosing it.  As soon as it is reverse-engineered, the
patent is officially issued and expires 17 years from the time it was issued.
GATT now changes the patent laws so that a patent expires 20 years after
application.  Does anyone know how this will affect the Skipjack patent?  If
the secrecy order is considered application, then that would shorten the
lifetime of the patent considerably (assuming it isn't disclosed or reverse-
engineered any time soon).  I doubt this is the case, and I suspect that either
the 17 year lifetime will still apply or the patent will expire 20 years after
the patent is issued.  TIA.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpoTWyzIPc7jvyFpAQFHywf8Do9Fni5GC0kfL0XR7FGM6yLhVwLNgf4h
XJZlpMMML46MWmmqwjfJnCgi+ktMQMHxTT2mCYA2eIzEBq0FbAc8M9340Xkx0KPH
L1qi2tQ1ZCKnUdVWYENYL65uJAk4dB3lgsnmBJwNb80GD3tP6LVSq5wFSa2pz/Pu
3HO5YNUHmTfvrtZE2wt/7CMwJNxEPTKpTGAbDnwkri6y2u2aDrUD1nhnlfzqUz86
85TNTIpqPo06d3g1wKSKmddwqYeu3kpyu0khdUzS5rjj/7sJAECLQi2IlXkXOLjo
OsaKG+sl9UNSYn9wrU+HvE9BbhlmC4B1sfOHPBqJDQ405QWurQHSZg==
=sRxa
-----END PGP SIGNATURE-----






From wombat at mcfeely.bsfs.org  Mon Nov 25 13:54:59 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Mon, 25 Nov 1996 13:54:59 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>
Message-ID: <Pine.BSF.3.91.961125154224.10423A-100000@mcfeely.bsfs.org>


> > Yup. I agree with you here - every year Forbes puts out its list of the
> > richest people in America. I'm too lazy to go digging under the coffee 
> > table to find the issue, but as I recall, a good number of the people on
> > the list made their money the old-fasioned way - they inherited it.
> >
> > Also - most people inthis country do not have true "wealth" - most are
> > fairly leveraged with mortgages and other loans, so their true net worth
> > is not all that high.
> >
> > The "coupon-clipping" class is mostly "old money."
> 
> Well since so many people are commenting on it, I'd better explain.  I have
> heard a number of times that of all the millionaires in this country, the vast
> majority of them are first-generation millionaires.  I'll certainly admit that
> that's different than saying most of the wealth is first-generation wealth.  And
> sorry, but I can't give a specific source.
> 

I have no doubt that the above is correct - but a million ($) just isn't
what it used to be. Even if all the "millionaires" are 1st generation
wealth, the million+ -aires certainly aren't. 

-r.w.






From mjmiski at execpc.com  Mon Nov 25 14:28:28 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Mon, 25 Nov 1996 14:28:28 -0800 (PST)
Subject: Smart card attacks vs. clipper?
Message-ID: <199611252228.QAA28569@mail.execpc.com>


(snip)
> Seems like it's a bit of a different story, since in the Clipper's
> case the algorithm is (ostensibly) unknown, but I'm just curious as
> to whether there is some compromise of its security-through-obscurity.

Actually, in a more recent attack to be published at USENIX (if i 
remember correctly) the attack being performed can also be utilized 
to help determine unknown algorithms.  I will try to dig up the 
reference (unless someone gets to it first).

Matt

> -- 
> ______c_________________________________________________________________
> Mike M Nally * IBM % Tivoli * Austin TX  * How quickly we forget that
> mailto:m5 at tivoli.com mailto:m101 at io.com  * "deer processing" and "data
> http://www.io.com/~m101/                 * processing" are different!
> 
> 





From wombat at mcfeely.bsfs.org  Mon Nov 25 16:07:21 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Mon, 25 Nov 1996 16:07:21 -0800 (PST)
Subject: Symantec's claim.
In-Reply-To: <3.0b36.32.19961125150845.0069fa64@indyweb.net>
Message-ID: <Pine.BSF.3.91.961125172520.10599A-100000@mcfeely.bsfs.org>




On Mon, 25 Nov 1996 cvhd at indyweb.net wrote:

> At 03:45 PM 11/25/96 +0200, you wrote:
> 
> 
> >In light of recent claims,i would like somebody to clear this up for me.
> 
> 
> I'll try...
> 

> 
> >A student,a paper,and a possible future career are at stake here,so please dig deep into your 
> 
> >pockets!!!!!! Asking a lot i know!
> 

Kinda sad when students can't even run an alta vista search for themselves.

I get pulled away from my usual work to do 4-5 technical interviews a 
week. I always throw in a few questions that no normal person should know 
the answers to. The ones that make up bullshit lose points, but the ones 
that tell me they don't know the answer, and then tell me how they'd go 
about finding out get hired. I know I'll be able to count on them to deliver.

-r.w.






From unicorn at schloss.li  Mon Nov 25 16:29:49 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Mon, 25 Nov 1996 16:29:49 -0800 (PST)
Subject: KILL cypherpunks !!!
In-Reply-To: <Pine.LNX.3.95.961125052017.6797B-200000@dhp.com>
Message-ID: <Pine.SUN.3.94.961125190244.23785A-100000@polaris>


On Mon, 25 Nov 1996, aga wrote:

> On Sun, 24 Nov 1996, Black Unicorn wrote:
> 
> dude, you put the cypherpunks list in the header again.
> You really want that list killed, do you not?


Yes, please kill us.

> > > Look dude, a Juris Doctor IS a Doctorate of Law.
> > 
> > Incorrect.
> > 
> 
> Look asshole; it says "LAW DOCTOR" -- that is what "Juris Doctor"
> means, stupid.  And I am about to stick the motherfucking Laws
> right up your cocksucking ASS!

Well, unfortunately the force of your will can't change fact.  Nor can the
use of profanity or caps.

> > One can obtain a Doctorate in Law, (As in Dr.) but it is generally a
> > pointless endeavor except in some civil law jurisdictions.  (Liechtenstein
> > is a good example, where many attornies have a Dr.Iur. (Dr.) while others
> > merely have a Lic.Iur. (J.D.) ).
> > 
> > A J.D. requires no dissertation.
> > A Doctorate in Law does.
> > 
> 
> Wrong.  A J.D. requires a 75 page moot-court dissertation which
> is always new legal research.

Funny, I got mine without preforming such research.
I think you better write to Harvard and Georgetown and tell them they are
in trouble.  Their requirements are nothing like this.

> > A J.D. is not a true Doctorate, and even if it were, it would not be the
> > only current valid "Doctorate" that you can "do" in "plain Law."
> > 
> 
> "Juris" means Law.  So Juris Doctor means "Law Doctor."

Ah, QED then, right?

And the Pawnee tribe must be from india cause they are called "Indians."

> > Georgetown, as an example, offers a Doctorate in Law degree which requires
> > a J.D., an LL.M. and three years of legal teaching experience simply to
> > qualify for the program.
> > 
> 
> that is irrelevant, and you are off-topic.

You claim that a J.D. and Doctorate in Law are the same degree.  I show
you a specific example which indicates otherwise, and it is irrelevant,
and off topic?

> > A Doctor of Judicial Science program is also available with many of the
> > same requirements.
> > 
> > Both programs require a dissertation and a defense of same.
> > 
> > San Marcos University is also known for an exceptional Doctor of Laws
> > program.
> > 
> > Incidently, LL.D.s are rare and generally useful only in European circles.
> > 
> 
> Europe is also irrelevant, and you keep missing the point here.
> You have added the cypherpunks list again, and that was forbidden.

Oh, I've been a baaad boy.
 
> > As usual, you have overextended your bounds and now find yourself swimming
> > in water over your head.
> > 
> 
> look asshole, you really want that list killed, do you not?
> I have no bounds, as you will soon learn.

I'm cowering from the big powerful hacker with a Doctorate in Law and such
scary words.

> > > > > Go and eat your swiss cheese, as that is apparently all you
> > > > > are good for.  My mercenaries are too busy to go to europe
> > > > > right now.
> > > > 
> > > > I prefer Chedder.
> > > > 
> > > > Be careful who you threaten.  It might get you in trouble.
> > > > 
> > > 
> > > Threatening to wipe out your location on the InterNet is
> > > not against ANY law whatsoever, and I can mailbomb you, do
> > > a DOS attack, fork-bomb attack and virus attack against you,
> > > all of which are perfectly legal.
> > 
> > Actually, they are not.  Unauthorized access of a computer system is a
> > crime.  Anyone who had a "doctorate" in law would know this.
> > 
> 
> WRONG!  There is NO crime which covers anything that one does
> internationally!   And mailbombing is NOT "Unauthorized access,"
> regardless of where it occurs!

Study up on situs of a criminal act and jurisdiction please.

> 
> > I doubt your reference to mercenaries was merely a threat to my system,
> > but keep pushing if you like.
> > 
> > > > > Look asshole, I graduated from Law School with a Doctorate
> > > > > in 1975.  Now just go away and stop interfering with our
> > > > > American Net.
> > 
> > Which law school?  And did you do a dissertation?  What is its title?  Do
> > you practice?  What state are you licensed in?
> > 
> 
> Pitt-1975; Dissertation was in 1983 actions.  I practiced for
> six years, and then became perfect.

Which is why the Pennsylvania bar decided you had to be disbared.  I see.

> I currently do not practice for
> any parties other than myself, family, corporation or Institutes,
> and I need no license for that.

Good thing too or you'd be fined for practicing without a license.

> And since I do not carry any
> license from any State, there is NOTHING that you can do to stop me.
> The State disciplinary board has no jurisdiction, nor does any
> Law.

You seem quite familiar with the disciplinary boards proceedures.  I think
a query for their records might be interesting.  Perhaps it would make an
entertaining post.


> A Criminal Lawyer is a specialist in ripping new assholes
> on the witness stand.

Clearly you were never a criminal lawyer.

> This is a world-wide internet problem that you are about to get
> taken care of.  You will be among the first locations to be
> eliminated.  And just remember that your termination is your own
> doing.  You had your chance to keep the fucking cypherpunks list
> OFF of your e-mail to me, and blew it.

Oops, now what will I ever do?

> I pump iron and run three times a week.  And as a Tae Kwon Do
> black belt holder, I get lots of physical activity. I am in
> better physical shape than any other man that you know.

I have a date this weekend already, thanks.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From unicorn at schloss.li  Mon Nov 25 16:48:25 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Mon, 25 Nov 1996 16:48:25 -0800 (PST)
Subject: [Noise] Re: Thanks/was:This is your last warning
In-Reply-To: <T3cyXD31w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961125193434.24149A-100000@polaris>


On Mon, 25 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Mon, 25 Nov 96 09:07:16 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv at bwalk.dm.com>
> To: cypherpunks at toad.com, freedom-knights at toad.com
> Subject: Re: [Noise] Re: Thanks/was:This is your last warning
> 
> Black Unicorn <unicorn at schloss.li> writes:
> <stuff>
> 
> I was curious about BU's choice of domain name - after all, schloss.li is the
> same box as polaris.mindport.net in Norwich, CT. So I ran an altavista search
> on schloss*. Like, wow! There are thousands and thousands of Web pages with
> schloss* in them, and most of them may have nothing to do with Black Unicorn.

You could easily have saved the time with a german dictionary.
Schloss means castle, or fort.  I didn't select the domain name.

Schloss was originally set up for use out of Vaduz, but plans changed and 
I returned to the D.C area.  Since I'm in the U.S. it points to mindport
now, when I move back overseas, it will follow.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From azur at netcom.com  Mon Nov 25 17:08:33 1996
From: azur at netcom.com (Steve Schear)
Date: Mon, 25 Nov 1996 17:08:33 -0800 (PST)
Subject: Exon Countdown Clock and farewell messages
Message-ID: <v02140b04aebfedff4261@[10.0.2.15]>


This is a draft of my letter to our dear retiring senator.  Any suggested
improvements?

-------------
Honorable Senator Exon,

Although in all likelyhood you will never read this memorandum, I wish to
express my sincere regret at your retirement and thanks for your many years
of ignoble service to our nation misrepresenting the wishes of your
constituents.

You have served as a stallwart against change as did those who resisted the
telephone, automobile, radio, television and computer (to name but a few)
before you.  You are a champion of politically correct thinking and
behaviour, perhaps the most dangerous manifestation of an American trend to
intolerence and obedience to social rules.

It is a shame we will not have your carcass to kick around in the halls of
Congress come next term.  All the luck you're due.

-- Steve Schear







From ckuethe at gpu.srv.ualberta.ca  Mon Nov 25 17:12:35 1996
From: ckuethe at gpu.srv.ualberta.ca (C Kuethe)
Date: Mon, 25 Nov 1996 17:12:35 -0800 (PST)
Subject: [CRYPTO] Bank Cards, Interac, Bank Machines, etc
Message-ID: <Pine.A32.3.93.961125180056.73404A-100000@gpu4.srv.ualberta.ca>


I'd like to hear what everyone knows about security holes in bank
machines.  I don't believe in that little bank machine cracker they used
in Terminator 2, but I'm interested in the algorithms and protocols the
ABM uses to communicate w/ the home bank.  My bank says they have some
special chip inside the ABM to secure the transfer, and that's all they
told me.  

I also heard that the magnetic stripe on the back contains your card
number (the shiny metallized numbers on the front) encrypted using DES
using your PIN as the key.  Way out to lunch?  Too close for comfort?  Any
knowledge...heck, even rumors.... would be appreciated.  That way we can
see what kind of FUD is out there.  My bet is that the magstrip with DES'd
card number on it theory is FUD.  But my bank did say that there were some
fraudulent transfers (read successful hits) in Europe.  I bank with Alberta
Treasury Branches, and they said their hardware is immune to the attack
that was performed in Europe.... I will have to dig a bit on that one.

Anyway, I hope I hear something from all of you soon...

--
Chris Kuethe <ckuethe at gpu.srv.ualberta.ca> LPGV Electronics and Controls
http://www.ualberta.ca/~ckuethe/
RSA in 2 lines of PERL: http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`








From aba at dcs.ex.ac.uk  Mon Nov 25 17:16:42 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Mon, 25 Nov 1996 17:16:42 -0800 (PST)
Subject: Announce PGP263UI (long message)
In-Reply-To: <Pine.LNX.3.95.961123215230.4222A-100000@gak.voicenet.com>
Message-ID: <199611242036.UAA00120@server.test.net>



Mark M <markm at voicenet.com> writes:
> Steve Crompton <sunray at globalnet.co.uk> writes:
> > Note that I personally have not done very much of the actual coding on
> > this version.  However if bugs are reported or constructive
> > suggestions for improvements made I will pass them on to the
> > individual(s) who have done the bulk of the work to make this release
> > possible.  I am assured that continuing support will be provided.
> 
> I found two bugs so far:
> 
> This version doesn't recognize either .pgprc or pgp.ini as valid config file
> names.  It is very minor, but this functionality is stated in the manual.
> 
> One of my favorite options, +makerandom, isn't supported in this version.
> This is an undocumented option, but it is useful in many situations.

makerandom is broken anyway.  Security alert: don't use +makerandom in
pgp2.6.3/pgp2.6.2.  The random number generator isn't initialised
before use.  (Details courtesy of Jeff Schiller I haven't looked that
up in the source in detail yet).

> This version uses +version_byte instead of +Legal_Kludge, but I consider that
> a feature.  I haven't had time to experiment with the "Charset:" header.  One
> other minor problem is that ClearSig doesn't default to "on".  This could
> cause some frustration with new users.

I was under the impression that with the Legal_Kludge option for
pgp263i, that it already was compatible with old versions of pgp using
the version byte of 2.

What else does pgp263ui offer?  The GNU license?  What about pgp3?
Some people aren't going to be very happy if you do a GNU version of
that, as GNU doesn't preclude selling commercially provided that
source is provided.

Adam

PS Steve and friends: I've got some stealth code close to usable in
the form of a patch to pgp263 if you want it :-)
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From attila at primenet.com  Mon Nov 25 19:00:17 1996
From: attila at primenet.com (attila at primenet.com)
Date: Mon, 25 Nov 1996 19:00:17 -0800 (PST)
Subject: DOO_dad
In-Reply-To: <1.5.4.32.19961118140818.0069e60c@pop.pipeline.com>
Message-ID: <199611260300.UAA06630@infowest.com>


-----BEGIN PGP SIGNED MESSAGE-----

        ah, yeah, the doodads, the big doodads. 

        ...seems like these to ol' 'Nam buddies were hanging off the 
    bars one night when one stops and backs up his scooter to see a 
    billboard:

        "1000 yards ahead. Ruby's Bar. She'll pay you $1,000 
        for every inch your big thang hangs past your doodads!"
    
        Big Mike yells over the roar of the unmuffled engines: "we're
    stopping at Ruby's.  they putt ahead to a roadhouse; behind the
    bar is an attractive woman;  Big Mike says he's on for the ruler;
    she motions him to a back room: "...what ya got?"

        Big Mike slaps his big thang on the table; Ruby whistles with
    lust and asks: "...but where are your doodads"

        unfazed: "Saigon!"


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMppcrr04kQrCC2kFAQFwfAQAuUoMDQMHCEp7kKhqgncikyNdpSqBwM4g
Gd0FNucFqVHu+13U4EwBL/7dDKJgPSePtJTqFBB4M2FMc10FlXqDpjf+E6hmxppP
nHEjE33FXa1hiv00ZavZcfxabfhAiJRT2qZwnOafv6OFEVGPkYLbjBCmrNajRoQl
ruoxcqMri2U=
=I/oP
-----END PGP SIGNATURE-----


--
  without arms they do not resist; 
    without communication they know not what to resist.
        -attila






From serw30 at laf.cioe.com  Mon Nov 25 19:06:23 1996
From: serw30 at laf.cioe.com (Eric Wilson)
Date: Mon, 25 Nov 1996 19:06:23 -0800 (PST)
Subject: KILL cypherpunks !!!
Message-ID: <1.5.4.32.19961126030705.00815840@gibson.cioe.com>


At 07:28 PM 11/25/96 -0500, you wrote:
>On Mon, 25 Nov 1996, aga wrote:

< whole bunch of stuff >  

>> This is a world-wide internet problem that you are about to get
>> taken care of.  You will be among the first locations to be
>> eliminated.  And just remember that your termination is your own
>> doing.  You had your chance to keep the fucking cypherpunks list
>> OFF of your e-mail to me, and blew it.
>
>Oops, now what will I ever do?

Wow, I'm going to miss cypherpunks. I didn't post much, but I've always
been an avid reader (sniff). If I only had it to do all over again...
Oh, by the way, since you're planning on doing away with things, could you 
get rid of some of these outfits that do the mass e-mails, thanks in advance.


>> I pump iron and run three times a week.  And as a Tae Kwon Do
>> black belt holder, I get lots of physical activity. I am in
>> better physical shape than any other man that you know.
>
>I have a date this weekend already, thanks.

I find you're martial arts reference very interesting. But if you were truly
any good, you wouldn't be waving it in everyones face like a banner. I find
your demeanor to be that of someone that has never practiced the warrior
arts. If you had, you'd have developed more respect for your fellow human
beings. 
        I'm guessing you're a very lonely person, whos only way of getting
attention is to try and cause a conflict. Share your pain with us, and
together we'll grow stronger ( Star Trek reference ;)). But if you can't do
that, shut 
off your computer ( or leave your terminal), and go find someone to talk to,
like a counselor. 


Eric Wilson
-----------------------------------------------------------------
Join the BugList! 
"How many times?" The Blind Man  
http://case.cioe.com/~serw30






From snow at smoke.suba.com  Mon Nov 25 19:14:07 1996
From: snow at smoke.suba.com (snow)
Date: Mon, 25 Nov 1996 19:14:07 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.BSF.3.91.961125154224.10423A-100000@mcfeely.bsfs.org>
Message-ID: <199611260331.VAA00208@smoke.suba.com>


>>>Yup. I agree with you here - every year Forbes puts out its list of the
>>>fairly leveraged with mortgages and other loans, so their true net worth
>>>is not all that high.
>>>The "coupon-clipping" class is mostly "old money."
>>Well since so many people are commenting on it, I'd better explain.  I have
>>heard a number of times that of all the millionaires in this country, the vast
>>majority of them are first-generation millionaires.  I'll certainly admit that
>>that's different than saying most of the wealth is first-generation wealth.  And
>>sorry, but I can't give a specific source.
> I have no doubt that the above is correct - but a million ($) just isn't
> what it used to be. Even if all the "millionaires" are 1st generation
> wealth, the million+ -aires certainly aren't. 

     Bill Gates. Sam Walton. 

     2 very large examples. Waltons heirs got most of his wealth, so they 
are second generation. 

     While it may be that "most" of the wealth is controlled by few entities,
exactly _what_ are those entities, and what does that wealth consist of? 

    Real estate? Money in the bank? -or- things like stocks, bonds, and 
other _investments_? 
Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From markm at voicenet.com  Mon Nov 25 19:27:12 1996
From: markm at voicenet.com (Mark M.)
Date: Mon, 25 Nov 1996 19:27:12 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <Pine.LNX.3.95.961125222558.1418A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 25 Nov 1996, Dana W. Albrecht wrote:

> I'm interested in the current state of research (if any) on this topic.  
> Other than what John Young sent to the list some time ago about Lattice 
> stuff --- which is certainly far from prime time --- I've not seen 
> anything else.  I also haven't devoted a lot of time to looking.
> 
> Relevant pieces of the earlier thread are included below.
> 
> Comments, anyone?

Matt Blaze did some work on NP-complete Feistel ciphers.  I don't know much
about the details.  The paper is at ftp.research.att.com/dist/mab/turtle.ps

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMppkIizIPc7jvyFpAQFzYQf7BM9AZR0I7FWEbnvtmBZPYiW4xUARRpTL
eqoeDuA474PMenN/iEYUTRilxfdvUycBgBXLav8RaE+ZYLUuqu3G5uixsM0iwT+5
3nma1/xtNwv9F420nacWDzzSFatg77/SnbsaJ6/EFROHgy8EAz/cie5cZEtCkPJe
s6BFEe32deHHCqlzFamoCE+8UOtyOtGeBtyX4prC/+RfUI0UMU6PXiD1LicvA5C7
cEE7/K4qb8ku7+3qcp1LE47iN0Icuy8xK9N3oX6B00XxwzYX7kqmV4wDRbE0DxcP
O7cmrE395Y+J2w4VenDMw65XLI6Cp1INK2Ev+3/c4Nf+FNaQ/I8jRw==
=xvkT
-----END PGP SIGNATURE-----






From omega at bigeasy.com  Mon Nov 25 19:28:53 1996
From: omega at bigeasy.com (Omegaman)
Date: Mon, 25 Nov 1996 19:28:53 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <3.0.32.19961124120423.00dc1358@mail.teleport.com>
Message-ID: <Pine.LNX.3.95.961125222418.81A-100000@jolietjake.com>


On Sun, 24 Nov 1996, Alan Olsen wrote:

> >Actually, rather clever if you're trying to estlablish reputation.  Just
> >make sure you use the right key.

very true 

> Reputation is not the only reason to use a "name" with an anon remailer.
> Sometimes you want to post (and have a reputation) that is entirely
> seperable from your "real life" persona.  Maybe you have a job where being

Stay with one nym long enough and the opposite may become true.  I've used
this nym for so long -- though not in these circles -- that I elected to
associate my true name with it.  The nym had far more built-up repuation
that my true name ever would.  (Of course, that's all meaningless here.)

Besides, I *like* the nym.  There is that psychological component of playing
with an alter-ego.  A lot can be said and done behind the veil of a nym that
might not be otherwise.  While many see this a threatening condition I have
always viewed it as an advantage.  Furthermore, it is a somewhat ironic
avenue to truth.  Politeness is not always conducive to getting to the heart
of an issue; nyms have little need for politeness or sugarcoating.

> Cypherpunks is gated to a number of Usenet News servers.  (Teleport is a
> good example.)  It is also archived in a number of search engines.
> (Altavista if I remember correctly, is one of them.)  Someone who does not
> want their words to come back any byte them might just use such a method to
> protect themselves.

And I would assume another nym in such a circumstance.

_______________________________________________________________
 Omegaman <mailto:omega at bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________







From deviant at pooh-corner.com  Mon Nov 25 19:45:38 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Mon, 25 Nov 1996 19:45:38 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <Pine.LNX.3.94.961126020057.2424A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 25 Nov 1996, Dana W. Albrecht wrote:

> Our friend Don Woods seems to have inadvertently sparked what could be a 
> useful and serious discussion regarding "provably secure cryptography."
> 
> Not to be confused with the usual "unbreakable" snake oil we see peddled 
> so often, I refer to systems for which rigorous mathematical proof that 
> "there are no shortcuts" exists.  To my knowledge, no such systems, with 
> the exception of a real one-time pad, exist today.  However, I also 

As I have argued many times, that is correct.  OTP, with real random
numbers, and no-reusage, etc, etc, is the only "perfect" cryptosystem, and
even it has its problems (like key exchange, for instance).

> 
> Rigorous proofs of the non-existence of an algorithm are not new.  
> Neither are rigorous proofs that any algorithm which can solve a given 
> problem requires a minimal running time.  Or, in an even stronger sense, 

Hrmmm... I seem to see a problem (namely Moore's first law) in assigning
anything a "minimal running time".  Perhaps "minimal instruction count"
would be more suited to your example.  Because if you're talking about
time, it essentially boils down to "the longer something takes the less
time it takes".

> that a particular known algorithm for a given problem is indeed a 
> (provably) optimal algorithm for that problem.

Never happen.  It just won't.  As a rule, there's _always_ a faster way.

> Turning once again to cryptography, there is presumably an "optimal" 
> algorithm for factoring a "general" number in the "worst" case.  Of 

Ok, now I have to pose a question: If cryptographers actually beleive
this, why continue to search for a faster one.

> course, known algorithms for factorization seem to regularly improve and 
> no one has even suggested that any current algorithm is (provably) the 
> "optimal" algorithm.  Worse case bounds on running time for currently 
> known algorithms can certainly be produced, but no one currently knows 
> if these are the best algorithms.

Again I say, there's _always_ a faster way.

> 
> However, just as one can say, "How do you know that tomorrow some 
> brilliant mathematician will not produce a polynomial time factorization 
> algorithm?" one can also say, "How do you know that tomorrow some 
> brilliant mathematician will not provide a rigorous proof that all 
> factorization algorithms --- in the worse case --- require some 
> specified minimal running time?"

Again I say, it just won't happen.  It can't, and I can't prove that for
the same reasons that it can't happen.

> Obviously, discussion on this topic is unrelated to such security 
> problems as implementation mistakes, fault analysis, outright theft of 
> keys, etc.  I hope that I've been careful to explain what I mean by 
> "provably secure" and that it's not interpreted to include these types 
> of attacks.

Yes, I must commend you on your amazing tact in asking this incredebly
irrevelant question.

> Comments, anyone?
> 
> Dana W. Albrecht
> dwa at corsair.com
> 

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Unix is the worst operating system; except for all others.
                -- Berry Kercheval


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMppmkTCdEh3oIPAVAQF50wf+J2Gz8P7stqKD4sesCHmWWYNZX1vf2zU0
nBQhkDABuE2fjJnNpUijc13Vls5K6owkL4LeWEHW2mvwCU1tqseRJSUm8m8ckEh1
M/CBu7lJplFj2QYcK+vFvg1+dOpuZycvhROKb0VO6zbB3PTLi9Cc4iJpwIhqDyDG
zCurg4Ccc1cW7I7lTSfeSlRVVqF5FfCTP0GmqS1lcr+NWSPdHIqgZRGHq5n2+nUU
y16ksaIKJMGJ8bzCFb8Q02ii7JUJF3JyYbgsGRWQMHxN+W0mx2E3Crh3+q4ieK/R
ehGnKh4ZjOPY4RRDLQJfuLTvBBccdoKvSimyKHRoybZYIjTra9jYHQ==
=9qjq
-----END PGP SIGNATURE-----






From osborne at gateway.grumman.com  Mon Nov 25 19:46:44 1996
From: osborne at gateway.grumman.com (Rick Osborne)
Date: Mon, 25 Nov 1996 19:46:44 -0800 (PST)
Subject: Need info on non-OS specific random functions (pref C++)
Message-ID: <3.0.32.19961125224604.0091fec0@gateway.grumman.com>


I am looking for information on non-OS specific RNGs. Nothing really
complex, just easily portable to a few different OSs and compilers.  Any
pointers would be appreciated.
Thanks!


Rick Osborne / osborne at gateway.grumman.com / Northrop Grumman Corporation
-------------------------------------------------------------------------
Q: How many surrealists does it take to screw in a lightbulb?
A: Two.  One to hold the giraffe and the other to fill the bathtub with
brightly colored machine tools.






From accessnt at ozemail.com.au  Mon Nov 25 20:06:53 1996
From: accessnt at ozemail.com.au (Mark Neely)
Date: Mon, 25 Nov 1996 20:06:53 -0800 (PST)
Subject: An interesting tid-bit
Message-ID: <3.0b36.32.19961126133618.006d8e9c@ozemail.com.au>


I was just testing out some new search software, and polled Alta Vista to
see how it all worked. I used "sex" as my search term, and Alta Vista
reported that their were "no documents matching - sex ignored"!

Interestingly enough it will let you search with other, sex-related terms
(such as "nude", "f*ck" etc), but not sex!

Very bizarre indeed.

Mark
Mark Neely - accessnt at ozemail.com.au
Lawyer, Internet Consultant, Professional Cynic & Author

BizWeb: For Serious Intrepreneurs - www.maximedia.com.au/bizweb





From jimbell at pacifier.com  Mon Nov 25 21:04:03 1996
From: jimbell at pacifier.com (jim bell)
Date: Mon, 25 Nov 1996 21:04:03 -0800 (PST)
Subject: market for hardware RNG?
Message-ID: <199611260503.VAA27444@mail.pacifier.com>


I'm considering building a PCB to make a hardware random number generator.  
My first impression is that it will consist of a reverse-biased zener (for a 
broadband source of uncorrelated white noise) driving one of those one-chip 
FM recivers, with the audio output driving an 8-10 bit flash A/D convertor.  
Fairly simple.  For cryptologic applications, the output would have to be 
hashed down to a somewhat smaller output of bits since not all outputs are 
equally probable, but I suppose after such massaging it could produce at 
least 2 bits of randomness per sample at a 10 kilosamples per second or so, 
possibly much more with a wideband receiver chip.

But on thinking about this a little more, I began to wonder if anybody 
really wants this.  Pessimistically, it occurs to me that:

1.  Many if not most people don't even understand why a hardware RNG is 
desirable.

2.  Users of programs like PGP today already get at least a fairly decent 
RNG already.  Would they want better?  (I'm not suggesting a total 
replacement; I assume that the output of any hardware RNG would be hashed 
with more "traditional" PC sources, like disk timings, keyboard timings, 
etc, which should deter attempts to attack just the hardware part.)

3.    Even hardware RNG's aren't "perfect":  they could be subverted, 
replaced, or perhaps influenced.  Would someone who was sufficiently 
sophisticated as to recognize the need for it actually accept a real, 
functioning device?


On the other hand... if this kind of pessimism had infected Phil Zimmermann 
before he wrote PGP 1.0, he might have deleted the first 50 lines of code, 
erased the file, and said, "fuck it!"





Jim Bell
jimbell at pacifier.com





From netsurf at pixi.com  Mon Nov 25 21:06:48 1996
From: netsurf at pixi.com (James D. Wilson)
Date: Mon, 25 Nov 1996 21:06:48 -0800 (PST)
Subject: Symantec's claim.
Message-ID: <01BBDB03.5A145F50@netsurfer2.pixi.com>


  See:  http://www.alw.nih.gov/Security/security.html, and the attachment re Irina, Good Times, etc.

   

----------
From: 	cracker at icon.co.za
Sent: 	Monday, November 25, 1996 3:45 AM
To: 	cypherpunks at toad.com
Subject: 	Symantec's claim.


In light of recent claims,i would like somebody to clear this up for me.
There seems to be a great deal of conjecture over wether or not the Deeyenda Virus exhists.
Symantec denies it's existence,although i hear differently??
Greatly appreciate anyone who can shed some light on the subject,even though C-punks list doesnt usually deal with this topic of thought ;)
Anyone come across the pkz300 trojan,if you have it send it please.
A student,a paper,and a possible future career are at stake here,so please dig deep into your 
pockets!!!!!! Asking a lot i know!

J a m e s
"Lead.Follow. Or get out of the way"
-----------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker at icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----







-------------- next part --------------
A non-text attachment was scrubbed...
Name: bin00001.bin
Type: application/octet-stream
Size: 71 bytes
Desc: "Internet Hoaxes- PKZ300- Irina- Good Times- Deeyenda- Ghost (DAVE).url"
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/19961125/af456938/attachment.bin>

From dlv at bwalk.dm.com  Mon Nov 25 21:30:15 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 25 Nov 1996 21:30:15 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <848946795.108071.0@fatmans.demon.co.uk>
Message-ID: <FL8yXD37w165w@bwalk.dm.com>


paul at fatmans.demon.co.uk writes:

>
> >      The algorythm cannot be considered secure until it has been
> > peer-reviewed. They refuse to release the algorythm for review, simply sayi
> > that "you can't break the code" therefore "it is secure".
>
> This isn`t strictly true. Don Wood (spit) has actually released the
> algorithm details for review.

What did poor Don Wood do to deserve the (spit) after his name? Is he a liar
and a content-based plug-puller, like John Gilmore (spit)? Is he an ignorant
pseudo-cryptoid like Paul "Brute Force Attack on One-Time Pad" Bradley (spit)?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From tag at silvix.sirinet.net  Mon Nov 25 21:34:11 1996
From: tag at silvix.sirinet.net (Tim Tartaglia)
Date: Mon, 25 Nov 1996 21:34:11 -0800 (PST)
Subject: Netscape working with the NSA.
Message-ID: <199611260534.FAA14999@silvix.sirinet.net>



Check out the following:
http://www-tradoc.army.mil/dcsim/browser.htm

Here's an excerpt:

> ...Netscape has been working with NSA...Their proposed solution is based
> on the use of Fortezza card technology.  In November NSA expects to
> certify Netscape Navigator 3.0 for "unclassified but sensitive" use...

Tim






From shamrock at netcom.com  Mon Nov 25 21:55:47 1996
From: shamrock at netcom.com (Lucky Green)
Date: Mon, 25 Nov 1996 21:55:47 -0800 (PST)
Subject: The dish on TEMPEST
Message-ID: <Pine.3.89.9611252135.A18061-0100000@netcom6>


The following is from a tread involving a friend of mine. An ex-military 
fellow. Take it for what you want. I believe him.



>>>     This depends in large part on the strength of the
>> >     degausser and how long it remains powered up.  The one
>> >     I have I used to "clean" 10.5 inch tape reels written
>> >     at FM broadcast quality to a noise level -20db down from
>> >     brand new tape - this back in my quadraphonic stereo
>> >     days.  It will not quite suck satellites out of orbit...
>> >     TWA planes, maybe.
>> 
>> 
>> -20dB down from new would be a better spec if new tape was typically 
>> nulled rather than just blank low-level white noise.
>> 
>> However, even so, a SQUID is a very scary thing....


    I've been out of commission for a week and found 276
    messages in my in-box today.

    The tapes I was writing about were those already
    "prepared" for recording "items of interest", and
    had already been degaussed in the preparation
    procedure to FM broadcast standards then/there.
    My little hummer would take whatever whit noise
    remained even then to a further 20 dBA DOWN from 
    the ridiculous levels then/there specified.

    In other words, it's pretty good.  Of course,
    IF Big Brother wants, there are any number of ways
    for him to obtain whatever information he wishes.

    I recall long, long ago, I was privileged to watch
    a demo of equipment (1955 or 1956, I forget exactly)
    in a truck parked a MILE away from our CommCenter,
    in the years before Faraday cages, TEMPEST, etc., 
    and watch these guys print out a 5x5 copy of our
    top secret traffic as it was read by the [elided upon request]
    one-time-tape encryption devices.

    Shortly after that demo, our CommCenter was moved 
    into a cave (no joke) and modified to "low level"
    dc signalling voltages.  And other measures were taken to 
    screen the area...

    I _have_ led an interesting life...


    As for Squids, only if you read Jules Verne are
    they scary. Otherwise, cleaned and fried with 
    a tangy dipping sauce,  well, that's another story!

--Lucky





From unicorn at schloss.li  Mon Nov 25 22:09:40 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Mon, 25 Nov 1996 22:09:40 -0800 (PST)
Subject: [Noise] Re: Need info on non-OS specific random functions (pref C++)
In-Reply-To: <3.0.32.19961125224604.0091fec0@gateway.grumman.com>
Message-ID: <Pine.SUN.3.94.961126010743.28781F-100000@polaris>


On Mon, 25 Nov 1996, Rick Osborne wrote:

> Rick Osborne / osborne at gateway.grumman.com / Northrop Grumman Corporation
> -------------------------------------------------------------------------
> Q: How many surrealists does it take to screw in a lightbulb?
> A: Two.  One to hold the giraffe and the other to fill the bathtub with
> brightly colored machine tools.

The correct answer is:

A fish.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From dthorn at gte.net  Mon Nov 25 22:19:44 1996
From: dthorn at gte.net (Dale Thorn)
Date: Mon, 25 Nov 1996 22:19:44 -0800 (PST)
Subject: [Noise] Re: Thanks/was:This is your last warning
In-Reply-To: <T3cyXD31w165w@bwalk.dm.com>
Message-ID: <329A8BEA.FD9@gte.net>


Dr.Dimitri Vulis KOTM wrote:
> Black Unicorn <unicorn at schloss.li> writes:
> I was curious about BU's choice of domain name - after all, schloss.li is the
> same box as polaris.mindport.net in Norwich, CT. So I ran an altavista search
> on schloss*. Like, wow! There are thousands and thousands of Web pages with
> schloss* in them, and most of them may have nothing to do with Black Unicorn.
> E.g., did you know that Leah Rabin's maiden name was Schlossberg?
> There's a Robert Lev Schlossberg <robby at gwis2.circ.gwu.edu>.
> One George Schlossberg, an attorney with Cotten and Selfon, was quoted on NPR.
> Another attorney's name comes up on several interesting bankrupcy cases:
> Schlossberg and DiGirolamo, P.A.
> Roger Schlossberg
> 134 West Washington St.
> Hagerstown, MD 21740
> 301-739-8610
> A Neil Schlossberg graduated ca 1965 from Aiglon College, a boarding school in
> Switzerland.
> A Herbert Schlossberg, born in 1935, says this about himself:

[snip]

Isn't Caroline Kennedy married to a Schlossberg, or something very similar?






From tcmay at got.net  Mon Nov 25 22:39:23 1996
From: tcmay at got.net (Timothy C. May)
Date: Mon, 25 Nov 1996 22:39:23 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <v03007800aec03fd247fd@[207.167.93.63]>


At 10:30 PM -0500 11/25/96, Mark M. wrote:

>Matt Blaze did some work on NP-complete Feistel ciphers.  I don't know much
>about the details.  The paper is at ftp.research.att.com/dist/mab/turtle.ps

Matt described some of his (preliminary) results at an evening crypto
session at the Hackers Conference. The motivation was that secret key
ciphers, with the exception of one time pads, tend to be based on crufty,
ad hoc mechanisms, without any kind of provable security (again, with the
exception of true one time pads, which are of course known to be
information-theoretically secure).

It didn't seem to me that Matt had completed his work, and I don't believe
that any usable cipher has resulted (usable in the sense of being a
distibuted, ready to deploy cipher). He mentioned speeds comparable to DES.

Several people in this thread have commented on how nice it would be to
have a cipher provably as "good" as NP-complete problems are "hard"
(loosely speaking).

A noble goal. This was actually a motivation for the Founding Fathers of
Modern Cryptography, of course. Merkle, for example, believed that certain
"puzzle problems" could be used, with the security engendered by
NP-complete problems. The knapsack problem, generally, for example. It
turned out of course that the specifics of the proposed knapsack problem
implementations were not really fully equivalent to the general knapsack
problem, and were in fact breakable.

This is worth bearing in mind. Even if a problem is NP-complete, a
cryptosystem based on it may (and historically, _will_) often fail to be as
strong.

--Tim May


Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









From mix at anon.lcs.mit.edu  Mon Nov 25 22:40:08 1996
From: mix at anon.lcs.mit.edu (lcs Mixmaster Remailer)
Date: Mon, 25 Nov 1996 22:40:08 -0800 (PST)
Subject: An interesting tid-bit
In-Reply-To: <3.0b36.32.19961126133618.006d8e9c@ozemail.com.au>
Message-ID: <199611260640.BAA29851@anon.lcs.mit.edu>


Mark Neely <accessnt at ozemail.com.au> writes:

> 
> I was just testing out some new search software, and polled Alta Vista to
> see how it all worked. I used "sex" as my search term, and Alta Vista
> reported that their were "no documents matching - sex ignored"!
> 
> Interestingly enough it will let you search with other, sex-related terms
> (such as "nude", "f*ck" etc), but not sex!
> 
> Very bizarre indeed.

This seems to be true of any word that shows up more than a certain
number of times.  For example, I got the same results when searching
for the words "the" and "and".  On the other hand, combination
searches (such as "sex discrimination") seem to work fine.  You can
also use the + operator to limit searches to pages with the word sex.
Thus:

   censorship sex

and

   censorship

are exactly the same search (because sex is ignored), but

   censorship +sex

searches for censorship (initially ignoring sex),
and then turns up only pages which contain the word sex.  Consequently
"+sex" is actually a valid search to find pages which contain the word
sex, but again such a search is not very likely to be useful.

This isn't any kind of censorship attempt on the part of DEC, just a
basic realization that when 8,883,803 web pages contain the word sex,
it doesn't make sense for alta-vista to bother sorting them by date
for you.





From shamrock at netcom.com  Mon Nov 25 23:01:06 1996
From: shamrock at netcom.com (Lucky Green)
Date: Mon, 25 Nov 1996 23:01:06 -0800 (PST)
Subject: Donate your spare cycles to a good cause
Message-ID: <Pine.3.89.9611252228.A24125-0100000@netcom6>


It's that time of year. Please donate the spare cycles on your Pentium or 
PowerPC to a good cause and help find a new Mersenne prime while you 
sleep. See http://ourworld.compuserve.com/homepages/justforfun/range.htm
for details.

Seriously, folks, what is your PC's CPU doing half the time? I thought so.

-- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred






From cdaemon at goblin.punk.net  Mon Nov 25 23:03:35 1996
From: cdaemon at goblin.punk.net (Checkered Daemon)
Date: Mon, 25 Nov 1996 23:03:35 -0800 (PST)
Subject: public
In-Reply-To: <v01540b01aebf5a364b89@[164.58.41.89]>
Message-ID: <199611260804.AAA01498@goblin.punk.net>


> 
> I am new here, and I was wondering, why are there still stupid, immature
> people on line who have the audacity, here in the 90's, to still call
> people a "cocksucking faggot".  

The technical term is "homosexual panic".  It refers to people who have 
grown up being constantly told that they should hate homosexuals, yet
are constantly waking up at 3am from a dream in which they were taking
a nine inch cock up their ass and loving it.

It's related to the fact that most rapists are actually terrified of
women.

As always, consider the source.

-- 
Checkered Daemon                              cdaemon at goblin.punk.net

Delirium:  There must be a word for it ... the thing that lets you know that
           TIME is happening.  IS there a word?
Sandman:   CHANGE.
Delirium:  Oh.  I was AFRAID of that.





From dispatch at cnet.com  Mon Nov 25 23:10:02 1996
From: dispatch at cnet.com (The CNET newsletter)
Date: Mon, 25 Nov 1996 23:10:02 -0800 (PST)
Subject: CNET News Dispatch  November 25th, 1996
Message-ID: <199611260654.WAA21502@cappone.cnet.com>


*************************************

CNET NEWS DISPATCH
Monday, November 25, 1996
San Francisco, California, USA

*************************************

CNET NEWS DISPATCH is a daily newsletter that summarizes the up-to-the
minute technology news presented by CNET's NEWS.COM. It tempts readers with
coverage of today's hottest stories, news in the making, (in)credible
rumors, and other indispensable information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

*************************************

CONTENTS

SCOOPS AND TOP STORIES

    Mother of all notebooks to be shot out of Canon in December
    The Web version of driving your car at blazing speeds of up to 325mph
    Death, where is thy...ping?(?)
    "Honey? Could you answer the toaster? I'm talking to Frank on the
    microwave."
    Comdex sucks! No, it rules! Sucks! Rules! Does not! Does so!
    Oh, so that's why O.J. has that battered copy of Neuromacer

ANNOUNCEMENTS
     An easy way for you to customize NEWS.COM
     Search the site for particular topics and articles
     Send us your questions, comments, flotsam, and jetsam
     How to subscribe and unsubscribe
     Late-breaking stories just a click away with Desk Top News

*************************************

SCOOPS AND TOP STORIES

MOTHER OF ALL NOTEBOOKS TO BE SHOT OUT OF CANON
Here are some numbers that might keep ThinkPad and PowerBook vendors up late
at night: 200-MHz Pentium processor, 13.3-inch active-matrix display, 1.4GB
hard drive, 8X CD-ROM drive. These formidable figures apply to Canon's
3200FX notebook, appearing in December at a showroom near you. It should
thus become the highest-performance notebook on the market --but is it worth
the price?...

   http://www.news.com/News/Item/0%2C4%2C5692%2C00.html?nd

*************************************

THE WEB VERSION OF DRIVING YOUR CAR AT 325 MPH
Have you been impressed by Peak Technologies' Peak Net.Jet, whose creators
have dubbed it the "turbocharger for the Internet"? If so, keep an eye on
the horizon for Datalytics' Web accelerator, Blaze, which will supposedly
let users surf the Web up to five times faster than they do today. The
company claims that four key weapons in Blaze's arsenal give it the edge
over existing accelerators, not to mention a team of blue-chip bundling
partners...

   http://www.news.com/News/Item/0%2C4%2C5707%2C00.html?nd

*************************************

DEATH, WHERE IS THY...PING?(?)
Maybe you've never been pinged. Maybe you've never known the feeling of
being on the business end of a huge chunk of data that overwhelms and then
shuts down your machine. But if it DOES happen to you (as Karl Malden used
to say), what will you do? What WILL you do? StorageTek's Network Systems
Group claims it has the magic bullet that is a mere four lines long and
takes only seconds to download...

   http://www.news.com/News/Item/0%2C4%2C5708%2C00.html?nd

*************************************

"HONEY? COULD YOU ANSWER THE TOASTER?
I'M TALKING TO FRANK ON THE MICROWAVE..."
Even before the appearance of the much-awaited "information appliances" that
are supposed to help us live like the Jetsons, Mitsubishi Electric America
and Diba are trying to drive down their cost by as much as half using new
chip technology. Some of the miracle gadgets expected include set-top boxes
with email and Web access, Internet-enabled phones with touch-screen
interfaces, and a "tour guide" device with a CD-ROM and built-in camera that
visitors could use in self-guided tours of museums and exhibits. Oh, and
don't forget to ask for the exciting "Toast Waiting" feature...

   http://www.news.com/News/Item/0%2C4%2C5704%2C00.html

*************************************

COMDEX SUCKS! NO, IT RULES! SUCKS! RULES! DOES NOT! DOES TOO!
If you've been to Comdex and survived, how did you manage it? NEWS.COM wants
your war stories. We will publish the best five, and the winners--picked on
a totally subjective basis by our editorial staff--will get supercool CNET
T-shirts. Mail suggestions at news.com, and include the words 'Comdex stories'
in the subject header of your message. To paraphrase the Prez, "Let us feel
yur paynnne..."

   http://www.news.com/Comdex/?nd

*************************************

OH, SO THAT'S WHY O.J. HAS THAT BATTERED COPY OF NEUROMANCER...
As humorist Dave Barry might solemnly intone, "We are not making this up."
Yes, Virginia, hackers did indeed vandalize the O.J. Simpson civil trial
section of AOL's Court TV site. A user reported that when he clicked onto
the particular section, a screen popped up with the words, "This area is
under construction," and, "It's a PIC of OLAF." Such esoteric language puts
this one right up where with Dan Rather's surreal "Kenneth, what is the
frequency" episode...

   http://www.news.com/News/Item/0%2C4%2C5712%2C00.html?nd

*************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify the
topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1


SEARCH THE SITE FOR PARTICULAR TOPICS AND ARTICLES
Search the entire NEWS.COM database for stories you saw in News Dispatch, or
track any story we've run.

   http://www.news.com/Searching/Entry/0%2C17%2C0%2C00.html?nd


SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch at cnet.com


HOW TO SUBSCRIBE AND TO UNSUBSCRIBE
To subscribe to News Dispatch: Send mail to listserv at dispatch.cnet.com with
the message:

   subscribe news-dispatch (your name)

in the message body. To unsubscribe send the message:

   unsubscribe news-dispatch


LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on the
Net? Our Desk Top News feature puts our 20 most recent stories right there
on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd


*************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/





From alan at ctrl-alt-del.com  Mon Nov 25 23:24:38 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Mon, 25 Nov 1996 23:24:38 -0800 (PST)
Subject: Symantec's claim.
Message-ID: <3.0.32.19961125232313.0114b81c@mail.teleport.com>


At 03:45 PM 11/25/96 +0200, cracker at icon.co.za wrote:

>Anyone come across the pkz300 trojan,if you have it send it please.

Why would you want it?

The PKZ 3.0 trojan is at least 5 years old.  (I am amazed I can still read
the disk my copy is on without the magnetic media flaking off.)  It is a
pretty pathetic trojan at that...

And no, I am not going to send you a copy.  You would use it not for good,
but for evil.  (And not the fun sort of evil either.  That required things
and devices you are far to young to know about...  As well as black leather
clad women with <ahem> ...  Sorry...)

I suggest that you put your inquisitive nature into researching something
that will do you some good.  (Or at least, get you out of the house.)

---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan at ctrl-alt-del.com|





From nobody at huge.cajones.com  Mon Nov 25 23:34:01 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Mon, 25 Nov 1996 23:34:01 -0800 (PST)
Subject: [GAK] Clipper chip
Message-ID: <199611260734.XAA26037@mailmasher.com>


Tim C[rook] May likes to lick the semen-shit mixture that accumulates in the crack
of his mother's ass.






From dlv at bwalk.dm.com  Mon Nov 25 23:39:41 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 25 Nov 1996 23:39:41 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <9NJZXD42w165w@bwalk.dm.com>


"Dana W. Albrecht" <dwa at corsair.com> writes:
> Our friend Don Woods seems to have inadvertently sparked what could be a
> useful and serious discussion regarding "provably secure cryptography."

Sure beats Timmy May's idiotic rants... Don Woods knows much more about
crypto than Timmy May, Paul Bradley, and all other "cypherpunks" combined.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ichudov at algebra.com  Mon Nov 25 23:39:58 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Mon, 25 Nov 1996 23:39:58 -0800 (PST)
Subject: Another Nutty Idea about SPAM
Message-ID: <199611260706.BAA07407@algebra>


Steven Garman wrote:
> I have had yet another twisted idea.  I would be interested in your thoughts.
> 
> Once method of combatting the spammers is to use disinformation.  For example
> we use new addresses for their "remove" lists to check on their honesty.
> 
> What about attacking the lists themselves with false data?  Say you run a site.
> You can make and delete accounts as you please.  So, make a whole bunch of
> new accounts, and submit them by various means to places that will probably 
> use them in bulk e-mail lists.  Then, delete the accounts.  Viola, the lists
> have some worthless addresses.

Another nutty idea: to create a database of people who do NOT want to
receive unsolicited advertisements, and make it widely available.

The obvious problem is that some very uncsrupulous spammers would want
to grab this database and use it as a source of email addresses. 

This problem has a solution, however: instead of distributing people's
email addresses, distribute MD5 checksums of their addresses. For 
example, an entry for ichudov at algebra.com would be 

	b51175dae78f25427351d5e3ff43de30

There is no way to guess the original text from an MD5 checksum.

Spammers should be advised to exclude all addresses with MD5 checksums from
that database from the recipient list, and include instructions on how
to get one added to the database into their spams.

Database maintainers could even provide a email filter-bot that would
accept recipient lists by email and send back the same lists, but
WITHOUT addresses that wish not to receive spam. This way stupid
low-tech spammers (who make up the majority) will be able to process
their email lists quickly and easily.

This database may be maintained centrally. Users may be able to sign up
for inclusion into that database by email or by filling out a Web-based 
form. Identity verifications may be done by using cookie protocol.

	- Igor.






From dlv at bwalk.dm.com  Mon Nov 25 23:41:22 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 25 Nov 1996 23:41:22 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <848946795.108068.0@fatmans.demon.co.uk>
Message-ID: <NJJZXD41w165w@bwalk.dm.com>


paul at fatmans.demon.co.uk writes:
> >It seems to me they're putting an additional layer of stuff ("OTP") between
> >the key generation and the actual encoding, so what's the problem with that,
> >as a concept?
>
> Well for a start it`s not a one time pad because that requires a
> totally real random pad. They have a stream cipher, as for whether it
> is any good or not I would normally not trust a man with the talent
> for bullshit Don Wood has.

I suppose Paul doesn't consider his own ruminations about "brute force attacks
against one-time pads" to be "bullshit".

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dwa at corsair.com  Tue Nov 26 00:13:11 1996
From: dwa at corsair.com (Dana W. Albrecht)
Date: Tue, 26 Nov 1996 00:13:11 -0800 (PST)
Subject: Provably "Secure" Crypto
Message-ID: <199611260813.AAA17644@vishnu.corsair.com>




The Deviant <deviant at pooh-corner.com> writes: 
> On Mon, 25 Nov 1996, Dana W. Albrecht wrote:
> > Rigorous proofs of the non-existence of an algorithm are not new.  
> > Neither are rigorous proofs that any algorithm which can solve a given 
> > problem requires a minimal running time.  Or, in an even stronger sense, 
> 
> Hrmmm... I seem to see a problem (namely Moore's first law) in assigning
> anything a "minimal running time".  Perhaps "minimal instruction count"
> would be more suited to your example.  Because if you're talking about
> time, it essentially boils down to "the longer something takes the less
> time it takes".
> 
> > that a particular known algorithm for a given problem is indeed a 
> > (provably) optimal algorithm for that problem.
> 
> Never happen.  It just won't.  As a rule, there's _always_ a faster way.

This is just simply not true.  In fact, since you seem to have gracefully
failed to quote the section of my prior post which demonstrates otherwise,
let me re-iterate it:

> > For a (non-cryptographic) example of a proof of the first sort --- that 
> > is, that "there exists no algorithm" --- consider the famous "Halting 
> > Problem" for Turing machines.  (I believe someone else has also 
> > mentioned this.)  There are many proofs such as this one, often related, 
> > though the Halting Problem itself is perhaps the most famous example.
> > 
> > For an (again, non-cryptographic) example of a proof of the second sort 
> > --- that is, that "any algorithm that solves a given problem requires a 
> > minimal running time" --- consider the proof that the "minimal" number 
> > of key comparisons in the worst case required to sort a random list of 
> > elements for which only an ordering relationship is known is O(nlog(n)).  
> > See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
> > "binary" search which requires O(log(n)) comparisons to find a given 
> > element in the worst case is provably the optimal algorithm for this 
> > task.

Which part of this have you failed to understand?  Look in section 5.3.1
of Volume 3 of "The Art of Computer Programming" by Knuth.  You will find
there a rigorous proof that the "information theoretic lower bound" of
an algorithm which sorts by comparison of keys is O(nlg(n)).

Alternatively, refer to section 6.2.1 of the same book where it is
demonstrated that a binary search by comparison of keys on a sorted list
where no other information is available is an "optimum" algorithm.

If you wish to discuss this further, then you're going to have to directly
address what's widely known and beautifully articulated in Knuth.

> > Turning once again to cryptography, there is presumably an "optimal" 
> > algorithm for factoring a "general" number in the "worst" case.  Of 
> 
> Ok, now I have to pose a question: If cryptographers actually beleive
> this, why continue to search for a faster one.

That's easy.  That an "optimum" factorization algorithm exists does not
mean it is _known_.  Similarly, while one might demonstrate a mathematical
lower bound on the worst-case running times of all possible (known and
unknown) factorization algorithms, this does not mean that an actual
algorithm which runs in this time is known, nor does it even mean that
an actual algorithm which runs in this time even exists.

If you want a completely useless (but easy to prove) lower bound on the
number of operations a factorization algorithm must necessarily have,
I submit to you a trivial one:  1.  Proof of this is left to the reader. :)
Proofs of more interesting lower bounds left to experienced mathematicians.

> > Turning once again to cryptography, there is presumably an "optimal" 
> > algorithm for factoring a "general" number in the "worst" case.  Of 
> > course, known algorithms for factorization seem to regularly improve and 
> > no one has even suggested that any current algorithm is (provably) the 
> > "optimal" algorithm.  Worse case bounds on running time for currently 
> > known algorithms can certainly be produced, but no one currently knows 
> > if these are the best algorithms.
> 
> Again I say, there's _always_ a faster way.

No, there's not.  While no proofs of useful lower bounds on factorization
algorithms are presently known, this does NOT mean that they do not exist.
That such proofs exist for other, simpler algorithms (see above) just
simply refutes this statement.

> > Obviously, discussion on this topic is unrelated to such security 
> > problems as implementation mistakes, fault analysis, outright theft of 
> > keys, etc.  I hope that I've been careful to explain what I mean by 
> > "provably secure" and that it's not interpreted to include these types 
> > of attacks.
> 
> Yes, I must commend you on your amazing tact in asking this incredebly
> irrevelant question.

You're welcome to think it's irrelevant.  I, for one, am glad that people
like Matt Blaze took the trouble to do some work in this area.  I'm also
grateful that this has been pointed out to me in response to my previous
post.  (Thanks to "Mark M." <markm at voicenet.com>)

Dana W. Albrecht
dwa at corsair.com







From gbroiles at netbox.com  Tue Nov 26 00:20:16 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Tue, 26 Nov 1996 00:20:16 -0800 (PST)
Subject: Netscape working with the NSA.
Message-ID: <3.0.32.19961126003002.006e0328@ricochet.net>


At 05:34 AM 11/26/96 +0000, Tim Tartaglia wrote:
>
>Check out the following:
>http://www-tradoc.army.mil/dcsim/browser.htm
>
>Here's an excerpt:
>
>> ...Netscape has been working with NSA...Their proposed solution is based
>> on the use of Fortezza card technology.  In November NSA expects to
>> certify Netscape Navigator 3.0 for "unclassified but sensitive" use...

The NSA has two main tasks: gathering [foreign] signals intelligence
("SIGINT") and making it difficult/impossible for other parties to get
signal intelligence from the US ("INFOSEC").

Given the context of the information you found, it looks like they're
negotiating with Netscape and Microsoft to evaluate the strength of their
browsers to that the browsers can be used for "unclassified but sensitive"
tasks; that is to say, NSA is operating in their "protect domestic data"
mode, not their "wiretap everything" mode.

Certifying the browsers (or other domestic privacy tools) as safe if
they're not (or if they've got designed-in weaknesses) would play a very
dangerous game - the NSA would gain little and risk a lot. They could (and
probably do, or will soon) mandate the use of GAK crypto for official
"sensitive" applications; so adding hidden weaknesses (which are
essentially stealth GAK) doesn't give them much they don't have already,
but it does create the potential that a third party will learn of the
hidden weakness (through careful study or exploiting a traitor or whatever)
and then have access to information the gov't would like to keep private
for an unknown period of time - followed by a sudden expensive & disruptive
switch of crypto tools when the discovery of the weakness became known. 

So it seems unlikely that there's anything bad going on here; it doesn't
make much sense for the NSA (or other TLA) to intentionally weaken a crypto
app and then certify it as secure for government use. They want to keep the
good stuff for themselves, and make us use the weak software. They don't
seem to be especially shy about telling us when they want to spy on us. 

I suppose it's possible to see government contracts as a foot in the door
to economic "incentivization", e.g., if Netscape and Microsoft want the
govt's money/approval badly enough, they'll switch over to the dark side.
But this danger is pretty much unavoidable; and the government's got enough
ways to coerce folks (cf. Jim Bidzos and the guys who want to run him over
in the parking lot) that this seems mild by comparison. If the government
chooses to apply some pressure to incentivize a corporation, they'll find a
way. 

So far, it appears that they played fair when they certified DES as secure
- and folks on the outside have been banging away on DES for almost 20
years, without finding any trapdoors. The balance of risks suggests that
they'll probably keep playing fair when certifying privacy tools; not
because they're nice guys, but because it's in their best interests to do so. 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles at netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 





From rcgraves at ix.netcom.com  Tue Nov 26 00:43:05 1996
From: rcgraves at ix.netcom.com (Rich Graves)
Date: Tue, 26 Nov 1996 00:43:05 -0800 (PST)
Subject: Netscape working with the NSA.
In-Reply-To: <199611260534.FAA14999@silvix.sirinet.net>
Message-ID: <329AADE9.26BF@ix.netcom.com>


Tim Tartaglia wrote:
> 
> Check out the following:
> http://www-tradoc.army.mil/dcsim/browser.htm

That's very old news. See the cypherpunks archives from almost a full 
year ago; there was an abortive outcry when someone misinterpreted the 
initial press release on this project. Netscape is to support a Fortezza 
security plug-in for military users in addition to, not instead of, 
existing standards.

-rich





From petro at smoke.suba.com  Tue Nov 26 01:25:01 1996
From: petro at smoke.suba.com (Petro)
Date: Tue, 26 Nov 1996 01:25:01 -0800 (PST)
Subject: Bounty Server, Revisited.
Message-ID: <199611260942.DAA00413@smoke.suba.com>



     I have started drafting a proposal statement for the Bounty server. 

     This is where I am at right now. I need as many comments on this 
     as to the way it will work as possible. 

     I am posting this from petro at smoke.suba.com because that is my 
primary account rather than snow, which is only for cypherpunks. Sorry 
for any killfiles this sneaks by. 

     Please reply to snow at smoke.suba.com or the list. Thanks.      

Bounty Server, The proposal:
Version 0.1

Abstract:

     This proposal is an attempt to outline a system for awarding cash 
     payments for the creation of new technologies without the overhead
     or ownership associated with conventional systems such as contract
     or work-for-hire, or employee-employer systems. 

     The objective is to actually bring this system online. 

Background:

     There is a lot of software floating around. It basically falls into
     5 catagories: Commercial, Shareware, Freeware, Gnu (and other 
     "Copyleft" schemes) and Public Domain. 
     <Need to fill this in, but at this point we all know what the 5 types 
     are> 

     It is the "Copylefted" software that interests me at this point. There
     is quite a bit of high quality "Gnu" software, and at least one
     operating system based on the GNU mentality (linux) however there 
     is a dearth of _enduser_ tools such as mail and news readers for 
     the more popular end user operating systems, word processors and 
     graphics editing software, easy to use Graphic Design Software (TeX
     is NOT easy to use) and easy to use Cryptographic software. 

     In order to get these kinds of tools, especially the Cryptographic 
     tools widely deployed, there needs to be a reason for someone to 
     invest the time and effort into polishing the user interfaces and 
     designing them for the average internet user to operate. Figuring
     out new algorythms is fun. Being on the cutting edge, or flipping 
     the bird at Governments is fun. Doing something that has already 
     been done isn't nearly as sexy, yet to deploy the kinds of tools 
     we want _today_ and promote the development of the kings of tools 
     we will want tomorrow, there needs to be some sort of mechanism 
     in place to pay programmers to make these tools. 

     This mechanism (IMO) should be "market" driven, it should allow the 
     community of users to decide which projects should have priority, 
     and which shouldn't. 

     This mechanism should be as flexible as possible. 

     This mechanism should be as simple as possible, and as easy to use as 
     possible. 

     Originally I proposed this to apply to software, but I don't see why 
     it should stop at software. Initally the server will be restricted 
     to software, but I hope that this will work out, and be expanded 
     further. 
     
The proposal:

    What I am going to attempt to do is to set up a "Bounty Server" where 
    someone can iniate a "bounty" on a peice of technology. The initator
    will write up a set of specifications for the technology, and an initial 
    award to be paid to the developer. They then post it on the server and 
    send their initial "bid" to the organization.  

    This is the "bounty". Other people can add to this bounty, allowing the 
    totals to add until someone claims that bounty by providing proof of 
    development to the initiator of the bounty. In software terms they would 
    upload the software to the server and notify the originator of the bounty,
    and the server operators. Other technology will be figured out as it 
    becomes necessary.

    Originally I was going to put the stipulation in that the software written
    must be Copylefted. I decided that that wasn't really necessary, but 
    rather simply desired. To aid in that desire, I am going to build in 
    an initative to releaseing the software "copylefted".

To get more specific: 

    A bounty is considered to be posted when the initial payment is cleared 
    by the bank, and the specifications (discussed later are considered clear 
    enough to avoid interpretation problems.  

    The initial bounty contract gets posted to the WWW server, (possibly) to 
    a "developers list" of interested people, and (possibly) to an 
    appropriate UseNet Newsgroup. 

    Once the bounty is posted, other people can "bid up" or add to the bounty,
    and their contribution will be added to the total bounty as well as their 
    "name" (email address) added to a list of contributors (unless they 
    request not to). The amount they gave will not be listed. It isn't 
    important. At this point contributions and initial bids will be 
    accepted by credit card, check, money order, and possibly ecash 
    (e-cash will be taken at some point, but it really isn't important
    at this point since almost no one uses it.)

    The first developer to upload a _working_ package to the server will 
    be awarded the total bounty, minus "brokerage" fees (discussed later) 
    "First" will be soley determined by the time stamp of the server. As soon
    as the package is uploaded, the initiator and the server adminstrator 
    will be notifed, and the bounty marked "claimed". If the package is 
    accepted by the initiator, the bounty will be marked "closed", the 
    package moved to an FTP site for distribution (if Copylefted) or 
    moved offline if not (archived copies will be kept for legal reasons--
    more on that later). At that point a check for the developer will 
    be cut (or ecash mailed if that works out).   
    
    The Server Adminstrator will also do an cursory check to make sure that
    there are no obvious copyright violations. 

    In the event that there is a conflict between the initiator and the 
    developer, the claim will go into adjudication. The server adminstrators
    decesion is final, and he will make every effort to settle the claim
    fairly. Adjudication will incur an additional fee (see the fees section).  
 
Writing the bounty: 

    The bounty specifications should include the following: 

    1) Target Operating Enviroment (i.e. Operating System for Software, and
       whatever for other technology)

    2) What the desired technology is intended to be used for (i.e. a 
       Word Processor, a Hardware RNG etc, whatever)

    3) Desired Characteristics of the technology--specific features 
       of the technology. It isn't enough to say that you want a 
       word processor, you must specify minimum features you wish this 
       technology to contain (i.e. WYSIWYG, Postscript output, Outliner etc.)

    4) Desired "quality" level: Proof of Concept, Alpha, Beta, Release etc. 

    5) Copyright status desired--whether the software will be owned by the 
       initiator of the bounty (in which case it is unlikely that anyone 
       else will contribute), owned by the programmer (well someone might
       be that magnanomous), or "copylefted".

    6) Where the initiators money is to go if the bounty is not claimed: 
       I will provide a short (8 or 10) list of charities that the money 
       will go to if the bounty is not met. This is to keep the initiator
       honest, as well as the server. Each contributor will also get this 
       choice. 

    I am sure that I am missing something here, and I will need some 
    assistance in fleshing this out, as well as a couple of people to write
    different specs as examples.  

Adding to the bounty:

    The bounty will be considered added to when the deposit clears and 
    is credited by the bank. 

    A person adding to the bounty will also be allowed to choose from the 
    list as to where they would like their money to go if the bounty 
    expires.   
 
Fees:

    The Organization will get 2% of any bounty where the software or 
    Technology that is copylefted. 20% of any other scheme.
 
    Adjudication will incur an additional fee of 2 to 5% depending on the 
    difficulty in judging the claim. 

    All interest that acrues belongs to the Organization, and will be used 
    to defray any costs, or to provide for additional bounties should there
    be an apprecialble excess.

Status:

    At this point in time I am (obviously) still in the process of developing 
    the procedures. I have registered a Domain Name (bounty.org) and I have 
    a couple promises off assistance in certain areas. As well, I have 
    a server to start off with.  
 
Where I need help at this point: 

    Legal issues. Any lawyers want to talk to me about this? 
 
    Comments. 

I will be working on this, revising it, and soon I will be putting it up on 
www.bounty.org.  

Postmodernism is the refusal to think--Ron Carrier            petro at suba.com 
Deconstruction is the refusal to believe that anyone else can either.
Revolution and War are not murder unless you lose. This is a basic tenet 
of civilization.--Jim Choate on the cpunks list.






From cracker at icon.co.za  Tue Nov 26 01:35:49 1996
From: cracker at icon.co.za (cracker at icon.co.za)
Date: Tue, 26 Nov 1996 01:35:49 -0800 (PST)
Subject: Tell me this,referring to Symantec's claim.
Message-ID: <199611260935.LAA26567@mail1.icon.co.za>



Okay granted,i am virtually sure Deeyenda does not exhist,but i asked a simple question.
Altavista is a cute idea though ;) 
Who posted this shit then,someone care to get back to him????
>The internet community has again been plagued by another virus.This message is being spread
>throughout the internet,including USENET posting,EMAIL and other inherent activities...The 
>reason for all the attention is because of the nature of this virus and the potential security risks
>it makes.Instead of a destructive trojan virus (most viruses!),this virus,referred to as Deeyenda
>Maddick,performs a comprehensive search on your computer,looking for valuable information
>such as email and login,passwords,credit cards,personal info,etc. The Deeyenda virus also has
>the capability to stay memory resident whil running a host of applications and operating systems,
>such as Windows 3.11 and Windows 95.What this means to internet users is that when a login and
>PASSWORD are sent to the server,this virus can COPY this information and SEND IT OUT TO AN
>UNKNOWN ADDRESS (varies).
>The reson for this warning is because the Deeyenda virus is virtually undetectable.Once attacked
>your computer will be unsecure.Although it can attack any O/S,this virus is most likely to attack >those users viewing Java enhanced Web Pages (Netscape 2.0 + Microsoft Internet Explorer 3.0 +
>which are running on Windows 95) . Researchers at Princeton University have found this on a >number of world wide web pages and fear its spread.
> Please pass this on,for we must alert the general public at the security risks
>Steven K. Johnson
>Computer Center
>Carnegie Mellon University
>(412) 455-3756
>e-mail : SJohnson14 at cmu.edu

Sounds like a pretty amazing virus to me??? More a crock of shit than anything else,but...
Hey maybe it'll run for president as well....
Sorry to inconvenience anybody,ridicule should have a purpose ;)

J a m e s
"Lead.Follow. Or get out of the way"
--------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker at icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----








From cracker at icon.co.za  Tue Nov 26 01:37:30 1996
From: cracker at icon.co.za (cracker at icon.co.za)
Date: Tue, 26 Nov 1996 01:37:30 -0800 (PST)
Subject: Tell me this,referring to Symantec's claim.
Message-ID: <199611260935.LAA26558@mail1.icon.co.za>



Okay granted,i am virtually sure Deeyenda does not exhist,but i asked a simple question.
Altavista is a cute idea though ;) 
Who posted this shit then,someone care to get back to him????
>The internet community has again been plagued by another virus.This message is being spread
>throughout the internet,including USENET posting,EMAIL and other inherent activities...The 
>reason for all the attention is because of the nature of this virus and the potential security risks
>it makes.Instead of a destructive trojan virus (most viruses!),this virus,referred to as Deeyenda
>Maddick,performs a comprehensive search on your computer,looking for valuable information
>such as email and login,passwords,credit cards,personal info,etc. The Deeyenda virus also has
>the capability to stay memory resident whil running a host of applications and operating systems,
>such as Windows 3.11 and Windows 95.What this means to internet users is that when a login and
>PASSWORD are sent to the server,this virus can COPY this information and SEND IT OUT TO AN
>UNKNOWN ADDRESS (varies).
>The reson for this warning is because the Deeyenda virus is virtually undetectable.Once attacked
>your computer will be unsecure.Although it can attack any O/S,this virus is most likely to attack >those users viewing Java enhanced Web Pages (Netscape 2.0 + Microsoft Internet Explorer 3.0 +
>which are running on Windows 95) . Researchers at Princeton University have found this on a >number of world wide web pages and fear its spread.
> Please pass this on,for we must alert the general public at the security risks
>Steven K. Johnson
>Computer Center
>Carnegie Mellon University
>(412) 455-3756
>e-mail : SJohnson14 at cmu.edu

Sounds like a pretty amazing virus to me??? More a crock of shit than anything else,but...
Hey maybe it'll run for president as well....
Sorry to inconvenience anybody,ridicule should have a purpose ;)

J a m e s
"Lead.Follow. Or get out of the way"
--------------------------------------------------------------------------------------------
Type Bits/KeyID    Date       User ID
pub  1024/9E318AA5 1996/09/24 Cracker <cracker at icon.co.za>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJHdKwAAAEEALl3A6auLG0JLdtgEzl6KfPNqbTTSDX4L4To2b7PLqGDVV5r
BezC9dD/ITrCK9M64juiQ2p/DNjIihnXlEsJCy2btypStypQgU1fvAei3AnZ1cQ8
NiAnHNS+ImUAJgZjSHEQSevGE53IUovmWQ7YHUz9VpTTCtoJoUKxYuqeMYqlAAUR
tBxDcmFja2VyIDxjcmFja2VyQGljb24uY28uemE+iQCVAwUQMkd0rkKxYuqeMYql
AQEjagP/cYgGLAkWZJLeRcM4URwBX3J/0R54DadVnsvvoxDkzilv7U02IXZGZGnA
CvXsu2sThS7qDBiHFop/OZs3WmlQbQ4BAZ/hiCs5tSU2e7fkk0EKxsGAD1pTbw/J
rRU4WePLc++vv+6CBKw5NCSR5kMh8H3X4qtZZ9dYX9zsuzWKdpk=
=YGH8
-----END PGP PUBLIC KEY BLOCK-----








From mycroft at actrix.gen.nz  Tue Nov 26 03:41:54 1996
From: mycroft at actrix.gen.nz (Paul Foley)
Date: Tue, 26 Nov 1996 03:41:54 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <Pine.LNX.3.94.961126020057.2424A-100000@random.sp.org>
Message-ID: <199611261141.AAA03817@mycroft.actrix.gen.nz>


On Tue, 26 Nov 1996 03:39:35 +0000 (GMT), The Deviant wrote:

   On Mon, 25 Nov 1996, Dana W. Albrecht wrote:

   > so often, I refer to systems for which rigorous mathematical proof that 
   > "there are no shortcuts" exists.  To my knowledge, no such systems, with 
   > the exception of a real one-time pad, exist today.  However, I also 

   As I have argued many times, that is correct.  OTP, with real random
   numbers, and no-reusage, etc, etc, is the only "perfect" cryptosystem, and
   even it has its problems (like key exchange, for instance).

The only one known at this time, not necessarily the only one
possible.  Are you aware of some proof that no other cryptosystem can
be secure (in the way Dana talks about)?

   > Rigorous proofs of the non-existence of an algorithm are not new.  
   > Neither are rigorous proofs that any algorithm which can solve a given 
   > problem requires a minimal running time.  Or, in an even stronger sense, 

   Hrmmm... I seem to see a problem (namely Moore's first law) in assigning

There's a Moore's second law?

   anything a "minimal running time".  Perhaps "minimal instruction count"
   would be more suited to your example.  Because if you're talking about
   time, it essentially boils down to "the longer something takes the less
   time it takes".

"Minimal running time" doesn't really mean time in hours.  Obviously
hardware gets faster all the time.  It means complexity -- O(n^2)
takes more time than O(log(n)), regardless of how fast your hardware
is.  In other words, if takes f(x) time units, but the units are
arbitrary.

"Minimal instruction count" is pretty meaningless (change the
instruction set to arrive at any figure you like).

   > that a particular known algorithm for a given problem is indeed a 
   > (provably) optimal algorithm for that problem.

   Never happen.  It just won't.  As a rule, there's _always_ a faster way.

But there _are_ such proofs ("reductio ad absurdum".  Assume this is
_not_ the best algorithm.  Then there is some better algorithm.
Figure out some properties this better algorithm must have.  Something
like "1 == 2" comes up, therefore there is no such better algorithm.)

Of course you can do it (whatever "it" is) faster with faster
hardware, or maybe better implementation.  And there are sometimes
special-case shortcuts...(a OTP has innumerable "weak keys" -- all
'0's being the most obvious -- of course it's _possible_ that your
random pad just happens to transform your real message into valid
English text, but I doubt this argument would save you from the firing
squad :-) The chance of generating an all-'0' pad ((1/n)^x, n=range of
values in pad, x=number of blocks (characters) in message) is a lot
better than the chance of getting some unrelated-but-meaningful text
as output (I don't even know where start on that one -- it's the
"monkeys in the British Museum" scenario))

   > Turning once again to cryptography, there is presumably an "optimal" 
   > algorithm for factoring a "general" number in the "worst" case.  Of 

   Ok, now I have to pose a question: If cryptographers actually beleive
   this, why continue to search for a faster one.

Because no-one's found the optimal solution yet (or at least not
proved that it is optimal).

   > "optimal" algorithm.  Worse case bounds on running time for currently 
   > known algorithms can certainly be produced, but no one currently knows 
   > if these are the best algorithms.

   Again I say, there's _always_ a faster way.

But you're arguing "faster" in terms of clock time (which is obviously
true, but not necessarily useful).  Something that takes O(n^2) time
can be done in arbitrarily short clock time (given fast enough
hardware), but is still slower than something that takes O(log(n))
time.  If you make n big enough, the O(n^2) calculation may not be
worth doing, while the O(log(n)) calculation is still fairly fast (in
reality, of course, you'd prefer something that takes much longer than
n^2).

-- 
Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Christ:
	A man who was born at least 5,000 years ahead of his time.





From aga at dhp.com  Tue Nov 26 03:46:33 1996
From: aga at dhp.com (aga)
Date: Tue, 26 Nov 1996 03:46:33 -0800 (PST)
Subject: John Gilmore the EFF Faggot
In-Reply-To: <199611251507.QAA07561@basement.replay.com>
Message-ID: <Pine.LNX.3.95.961126063946.1790B-100000@dhp.com>


This data on John Gilmore must be published.
His sucking cock at this San Fransisco bathhouse
is something that everybody should know about.

On Mon, 25 Nov 1996, Anonymous wrote:

> frantz at netcom.com (Bill Frantz) wrote:
> 
> >At  6:15 AM 11/24/96 -0500, aga <aga at dhp.com> wrote:
> >>On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> >actually the message was from lucifer at dhp.com:
> >
> >>> aga <aga at dhp.com> writes:
> >... messages suppressed
> 
> You bet they want to suppress the truth about them being faggots!
> 
> Faggot John Gilmore does NOT eat pussy. He only eats asshole if it's got
> a big dick up in front. Whoever calls Gilmore bisexual is a fucking liar.
> John likes to suck cocks at his San Fransicso bathhouse (the Toad Hole).
> 
> >It looks like our juvenile "friend" is talking to himself.  I am truely
> >sorry that he feels a need to harass ladies who have actually made  ^
> >something of their lives.
> 
> Gilmore's friends try to drag every lady Gilmore knows into this shit.
> Gilmore is a fag. Gilmore does NOT eat pussy. Not Denning's, not Dyson's.
> 
> >-------------------------------------------------------------------------
> >Bill Frantz       | The lottery is a tax on    | Periwinkle -- Consulting
> >(408)356-8506     | those who can't do math.   | 16345 Englewood Ave.
> >frantz at netcom.com |       - Who 1st said this? | Los Gatos, CA 95032, USA
> 
> You can say that again, good buddy.
> 
> diGriz
> 

does this John Gilmore have AIDS yet?

DEATH to the EFF !!!






From peter.allan at aeat.co.uk  Tue Nov 26 04:18:32 1996
From: peter.allan at aeat.co.uk (Peter M Allan)
Date: Tue, 26 Nov 1996 04:18:32 -0800 (PST)
Subject: Provably "Secure" Crypto
Message-ID: <9611261218.AA06559@clare.risley.aeat.co.uk>




 Dana W. Albrecht originally wrote:

 > Rigorous proofs of the non-existence of an algorithm are not new.  
 > Neither are rigorous proofs that any algorithm which can solve a given 
 > problem requires a minimal running time.  Or, in an even stronger sense, 

 > For a (non-cryptographic) example of a proof of the first sort --- that 
 > is, that "there exists no algorithm" --- consider the famous "Halting 
 > Problem" for Turing machines.  (I believe someone else has also 
 > mentioned this.)  There are many proofs such as this one, often related, 
 > though the Halting Problem itself is perhaps the most famous example.
 > 
 > For an (again, non-cryptographic) example of a proof of the second sort 
 > --- that is, that "any algorithm that solves a given problem requires a 
 > minimal running time" --- consider the proof that the "minimal" number 
 > of key comparisons in the worst case required to sort a random list of 
 > elements for which only an ordering relationship is known is O(nlog(n)).  
 > See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
 > "binary" search which requires O(log(n)) comparisons to find a given 
 > element in the worst case is provably the optimal algorithm for this 
 > task.

 Dana W. Albrecht (dwa at corsair.com) replies to
 The Deviant <deviant at pooh-corner.com> like this:
 
> Which part of this have you failed to understand?  Look in section 5.3.1
> of Volume 3 of "The Art of Computer Programming" by Knuth.  You will find
> there a rigorous proof that the "information theoretic lower bound" of
> an algorithm which sorts by comparison of keys is O(nlg(n)).


That is a bound on a _reliable_ algorithm.  A faster one is to shuffle
the elements and present it as sorted.  Lightning fast, but only with
low probability of correctness.  That is what we are up against in a key
search attack.  The other guy just might guess my 100 bit key first time,
millionth time or whatever - early enough anyway.

So to get a lower bound you have to show that a lucky guess cannot be
distinguished from an unlucky one - and if you do that without a one
time pad I take my hat off.

 
 -- Peter Allan    peter.allan at aeat.co.uk





From nobody at replay.com  Tue Nov 26 04:42:35 1996
From: nobody at replay.com (Anonymous)
Date: Tue, 26 Nov 1996 04:42:35 -0800 (PST)
Subject: No Subject
Message-ID: <199611261242.NAA09329@basement.replay.com>


oh mindless aga,

>> This betrays your ignorance.  I.Q. is scaled according to age.  One does
>> not "improve."

Certainly not in your case.
 
>
>I have no ignorance, except for being ignorant of stupid people
>who call themselves "punks."

If you are ignorant of them, then how do you know that they are "stupid"?

>Look asshole; it says "LAW DOCTOR" -- that is what "Juris Doctor"
>means, stupid.  And I am about to stick the motherfucking Laws
>right up your cocksucking ASS!

How is this possible? It seems that you are possible of rather contemptible contortions!


>"Juris" means Law.  So Juris Doctor means "Law Doctor."

Clinging to technicalities here, aren't we?

>that is irrelevant, and you are off-topic.

Oooh! Oooh! Point the finger here, aga, at YOURSELF!

>Europe is also irrelevant, and you keep missing the point here.
>You have added the cypherpunks list again, and that was forbidden.

What a wonderful statement: Europe is irrelevant!!! A truly educated mind here. 

>look asshole, you really want that list killed, do you not?
>I have no bounds, as you will soon learn.

When one is clapped in irons and thrown into prison for whatever it is that your acts can be classified under, then I am pretty sure they have _some_ bounds.

>> > > Be careful who you threaten.  It might get you in trouble.

One wonders if you ever pay attention to what you actually write, aga?

>WRONG!  There is NO crime which covers anything that one does
>internationally!   And mailbombing is NOT "Unauthorized access,"
>regardless of where it occurs!

Uhm...oops, aga, you're wrong here, there are plenty of crimes that are international crimes. War crimes for example, which o against the Geneva convention. Child abduction crimes, which go against the Hague convention. But I am sure they will give you a slight slap on the  wrist, after all, you are only a stupid hillbilly with no idea of the law.

>Pitt-1975; Dissertation was in 1983 actions.  I practiced for
>six years, and then became perfect.  I currently do not practice for
>any parties other than myself, family, corporation or Institutes,
>and I need no license for that. And since I do not carry any
>license from any State, there is NOTHING that you can do to stop me.

Assassination comes to mind...

>The State disciplinary board has no jurisdiction, nor does any
>Law.  A Criminal Lawyer is a specialist in ripping new assholes
>on the witness stand, and that must now also be practiced on the net,
>it seems.  Remember, you are the one who asked for this, "Sadam."

You seem to have this absolute _fascination_ with asses, faggots, cocks, and ripping _new_ assholes (as if you weren't a big enough one already. This is obviously some sort of concious repression: you just can't face the truth, can you, aga?

>This is a world-wide internet problem that you are about to get
>taken care of.  You will be among the first locations to be
>eliminated.  And just remember that your termination is your own
>doing.  You had your chance to keep the fucking cypherpunks list
>OFF of your e-mail to me, and blew it.

Do we run and hide now, mommy?

>> I suggest a hobby which entails more physical activity.
>> 
>
>I pump iron and run three times a week.  And as a Tae Kwon Do
>black belt holder, I get lots of physical activity. I am in
>better physical shape than any other man that you know.

He/she/it pumps iron, does he/she/it? Whilst running? No mean feat for a thing without a brain. Assuming that you are better than anyone else you have probably never met, someone who probably has no desire to meet a thing like yourself, is yet another example of your sheer assonance!

>And just understand, as far as the internet is concerned, Europe does
>not mean SHIT!

Of course not...I am sure the European Internet thinks the same as you. After all, an inanimate object seems to think just as much as you!


--The Edge






From boursy at earthlink.net  Tue Nov 26 05:07:16 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Tue, 26 Nov 1996 05:07:16 -0800 (PST)
Subject: John Gilmore the EFF Faggot
In-Reply-To: <Pine.LNX.3.95.961126063946.1790B-100000@dhp.com>
Message-ID: <329AEC5F.4E48@earthlink.net>


aga wrote:
> 
> DEATH to the EFF !!!


  Well the EFF has been morally dead for a very
long time--the majority of their funing comes
from large corporate interests, they ALWAYS side
with business owners ove users, and the ACLU shot
them down for their active role in approval
of the Exon Ammendment.  They are essentially a
lobby for business interests on the net and
could give a shit about individual users rights.
They are not deserving of any respect.

                       Steve





From ppomes at Qualcomm.com  Tue Nov 26 06:09:34 1996
From: ppomes at Qualcomm.com (Paul Pomes)
Date: Tue, 26 Nov 1996 06:09:34 -0800 (PST)
Subject: market for hardware RNG?
In-Reply-To: <199611260503.VAA27444@mail.pacifier.com>
Message-ID: <13033.849017303@zelkova.qualcomm.com>


There are some commercial products worth studying.  See
<http://rainbow.rmi.net/~comscire/> for one.

/pbp






From aga at dhp.com  Tue Nov 26 06:10:31 1996
From: aga at dhp.com (aga)
Date: Tue, 26 Nov 1996 06:10:31 -0800 (PST)
Subject: John Gilmore the EFF Faggot
In-Reply-To: <329AEC5F.4E48@earthlink.net>
Message-ID: <Pine.LNX.3.95.961126090027.4030H-100000@dhp.com>


On Tue, 26 Nov 1996, Stephen Boursy wrote:

> aga wrote:
> > 
> > DEATH to the EFF !!!
> 
> 
>   Well the EFF has been morally dead for a very
> long time--the majority of their funing comes
> from large corporate interests, they ALWAYS side
> with business owners over users, 

Yes, and that is the most disgusting thing about
them.  They got their original money from the Greatfull Dead,
and now that they are dead, the EFF is a whore.
Users should always come before any ISP.

> and the ACLU shot
> them down for their active role in approval
> of the Exon Ammendment.  

Yes, thank God for the ACLU jews.  Without them we would
all be in a lot of trouble.

> They are essentially a
> lobby for business interests on the net and
> could give a shit about individual users rights.

Very true, and they are directly associated with the UUNET 
cabal.  And since their leader is a faggot, they should not
be recognized as a valid representative of any Netizens.

> They are not deserving of any respect.
> 
>                        Steve
> 

Particularly since John Gilmore is an admitted
bath-house Faggot, who spreads AIDS all over SF.






From rah at shipwright.com  Tue Nov 26 07:18:10 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 26 Nov 1996 07:18:10 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <Pine.LNX.3.94.961126020057.2424A-100000@random.sp.org>
Message-ID: <v03007816aec0afa72c97@[206.119.69.46]>


At 6:41 am -0500 11/26/96, Paul Foley wrote:
>There's a Moore's second law?

"When the fabs cost $10 billion to build, all bets are off." ;-)

That's expected to happen in 10 years or so. Fab prices have been going up
by an order of magnitude every N years since the beginning of
semiconductors. Forbes did an article on this earlier this year, I think.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From omega at bigeasy.com  Tue Nov 26 08:34:07 1996
From: omega at bigeasy.com (Omegaman)
Date: Tue, 26 Nov 1996 08:34:07 -0800 (PST)
Subject: Another Nutty Idea about SPAM
Message-ID: <199611261635.KAA04691@bigeasy.com>


> Steven Garman wrote:
> > Once method of combatting the spammers is to use disinformation.  For example
> > we use new addresses for their "remove" lists to check on their honesty.
> > 
> > What about attacking the lists themselves with false data?  Say you run a site.
(snip)

Igor Chudov wrote:
> Another nutty idea: to create a database of people who do NOT want to
> receive unsolicited advertisements, and make it widely available.

Of course.  But this does not address the issue of "unscrupulous 
spammers" which is what Steven was commenting upon.
 
> The obvious problem is that some very uncsrupulous spammers would want
> to grab this database and use it as a source of email addresses. 
> 
> This problem has a solution, however: instead of distributing people's
> email addresses, distribute MD5 checksums of their addresses. For 
> example, an entry for ichudov at algebra.com would be 
> 
> 	b51175dae78f25427351d5e3ff43de30
> 
> There is no way to guess the original text from an MD5 checksum.
> 
> Spammers should be advised to exclude all addresses with MD5 checksums from
> that database from the recipient list, and include instructions on how
> to get one added to the database into their spams.

Okay fine.  The spammer is "advised" but if he is unscrupulous in the 
first place, he'll simply ignore the advice and continue bulk-mailing 
to every address he can grab.  
 
> Database maintainers could even provide a email filter-bot that would
> accept recipient lists by email and send back the same lists, but
> WITHOUT addresses that wish not to receive spam. This way stupid
> low-tech spammers (who make up the majority) will be able to process
> their email lists quickly and easily.

Indeed, stupid low-tech spammers would benefit from such a service if 
they wish to honor "do not send" requests.
 
> This database may be maintained centrally. Users may be able to sign up
> for inclusion into that database by email or by filling out a Web-based 
> form. Identity verifications may be done by using cookie protocol.

I like the idea and if I had the resources, I would do it personally. 
Optimistically, many bulk e-mailers would sign on to the plan.  
(Ironically, one would probably have to solicit bulk e-mailers to 
sign up).  However, many, being unscrupulous, ignorant, etc. will not 
be involved.

The only way I see to get bulk e-mailers to utilize this service is 
to offer a positive and/or negative incentive for usage of the 
service.  ie. "What do I gain by elminating people from my bulk 
mail-outs?  What can be done if I don't follow this protocol?"

Ideas?  Comments?

me
--------------------------------------------------------------
 Omegaman <mailto:omega at bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------





From root at deimos.ceddec.com  Tue Nov 26 08:47:39 1996
From: root at deimos.ceddec.com (Tom Zerucha)
Date: Tue, 26 Nov 1996 08:47:39 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <MAPI.Id.0016.006f6e67616c74203030303730303037@MAPI.to.RFC822>
Message-ID: <Pine.LNX.3.95.961126110818.4290A-100000@deimos.ceddec.com>


Some basic points on the thread

1. For wealth to be "handed down", it must be earned or confiscated first.
Mao's widow lived quite well during Mao's life and for a while after his
death.  Also, if there was no direct way to pass wealth on to offspring,
it would be consumed or destroyed by the generation which created it.  You
may not agree with the choice of the original Kennedys and Rockefellers,
but limiting that choice is not without consequence - the wealth will
still not end up where you want it, and a great amount will be left
uncreated.

2. In a socialist society wealth is confiscated at gunpoint.  In a
capitalist society, I have to provide something that you want more than
your wealth in order to obtain it.  Bill Gates has lots of money because
people buy Windows.  They can have Linux for the price of a download or
cheap CD.  Are the people who choose to give $100 to Bill Gates evil?  Why
doesn't Bill Gates give me a copy of Windows 95 if I give $100 to Mother
Theresa?  Is Bill Gates evil?  If Bill Gates received nothing for Windows,
how would he pay his employees and manufacturers who develop and package
it, or should they be content to be charitable slaves and starve as long
as Mother Theresa gets the $100?  Linux is "better" and free.  Maybe we
should dissolve Microsoft and take all it's wealth and give it to the
poor and tell everyone to use Linux and stop wasting their wealth.  Of
course people might object, so we need to bring in the guns and tanks,
just like Stalin needed to do to the uncharitable Ukranians.

3. If wealth isn't being transferred, it is most likely because Government
has created a monopoly or oligopoly.  If I have a better idea for a car, I
cannot simply just build one, since any modification to the powertrain has
to be certified by the EPA.  So if I could get 2 Miles/gallon better
mileage without a change in emissions for a $50 modification, I still have
to spend over $1 Million satisfying the bureaucracy and generating no
profit.  The existing auto industries have no incentive to change this
because these are sunk costs, and they can keep their oligopoly.

4. When you say wealth isn't being transferred, it is also generally
untrue.  While someone may be controlling it, their control is usually not
to leave it under a matress (which would make my wealth comparatively more
valuable).  Microsoft has lots of money because the foundations and Nth
generation wealthy are putting the funds into stocks and bonds of
corporations like Microsoft and government debt.  The companies are
renting the wealth of others.  They wouldn't stay wealthy long if all they
engaged in was consumption.  In this case, economies of scale work with
investment - it takes a fixed amount of analysis to guarantee a greater
profit, so $100 will not be invested as efficiently as $100 Million.

5. Government is the least efficient means of resolving the problem.  The
current welfare system is such that simply transferring the budget of all
the programs would make every poor person middle class.  Confiscating the
wealth of the rich would likely be used employ more people generating
endless debates about who to give it to, than actual beneficiaries.  You
can see this with some class action cases (e.g. asbestos) where the
lawyers split up big fees, and the injured plaintiffs get only a token
amount.

6. No one has given any reason why the dollar following the 10-millionth
has less claim of ownership than the first 10-million.  You can dislike
the situation, but I would like to hear a *consistent* theory of property
rights that holds a sliding scale of claim based on volume.  Does the
grocer with 200 tomatoes need to give away 20 because a store down the
street has only 180?  What if the situation is reversed the next day?

tz at execpc.com
finger tz at execpc.com for PGP key






From alzheimer at juno.com  Tue Nov 26 09:16:18 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Tue, 26 Nov 1996 09:16:18 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961126.111614.12279.1.alzheimer@juno.com>



Forbes: December 2, 1996
 
Cyberpower 
 
By Peter Huber 
 
James Carville once wisecracked that he wanted to be reincarnated as the
bond market. What did he mean by that? He meant that modern,
electronically connected markets are more powerful than any politician.
To
put it another way: The modem is redefining democracy. 
 
British Telecom timed its announcement perfectly--on the eve of the
election.
Think of BT's $20 billion merger with MCI as an antidote to bad
government. By providing efficient, integrated global data connections,
telecommunication companies now offer voters the ultimate shopping
experience: shopping for better government. 
 
Travel the wires and see what I mean. To a degree that may astound you,
your computer and your telephone enable you to choose what you like in
the
way of Federal Reserve, FDIC, SEC, FDA, OSHA, EEOC, NLRB or
other cans in the alphabet soup aisles of modern regulation. 
 
The idea of choosing government is not, of course, new. If you don't like
California law on the subject, you drive to Reno for marriage, divorce or
gambling. To Mexico to buy cut-rate medicines unapproved in the U.S. To
Florida to go bankrupt or to die. The urge to take a political hike has
been
there all along. What has changed is the ease and convenience. 
 
In the past you had to vote with your feet. Now you can vote with your
modem, too. The Web supplies an instant global storefront. While the U.S.
market still dominates the Internet, 36% of servers are now outside this

country. Virtual establishments on the Web already offer incorporation in
Belize, bank accounts in Switzerland, currency trading in Germany,
brokerage accounts in New Zealand. International 800 numbers are
proliferating. 
 
Money, the most liquid of assets, has become the hardest to regulate.
Rich
people have always parked their money abroad when they didn't trust the
political climate at home. Today millions of ordinary investors can move
their
wealth between currencies and countries as fast as they can click icons
on a
screen. 
 
For some this is just an opportunity to cheat on their taxes. A Hamburg
currency trader promises "tax-free profits." A Swiss on-line banker
emphasizes "banking secrecy" and "protecting the privacy of bank
clients."
Swiss safe deposit boxes, the bank assures you, "cannot be sealed by
foreign
authorities in case of civil offenses." Other on-line offshore entities
brazenly
tout "tax-free" advantages for U.S. depositors. 
 
But evading tax collectors remains a sideshow in the vast business of
international, wired finance. The center of the action involves the
completely
legal evasion of inept central bankers. More than $1 trillion in foreign
exchange changes hands each day around the world. (By comparison,
turnover of all stocks on the New York Stock Exchange for an entire year
is
only around $4 trillion.) One in seven equity trades in today's world
involves
a foreigner as a counterparty. And even illiquid assets--real estate, for
example--are increasingly being securitized and then traded on global
markets. 
 
As Walter Wriston, former Citicorp chief executive and author of The
Twilight of Sovereignty (Charles Scribner's Sons, 1992), says:
"Governments
have lost control of the international value of their currency." A single
integrated world market for tradable financial assets is taking shape.
Lowell
Bryan and Diana Farrell of McKinsey & Co. describe this evolution in
Market Unbound: Unleashing Global Capitalism (John Wiley & Sons, 1996).
 
The upshot? The prudent investor can now select investments based on the
central bankers standing behind them, just as he now chooses a stock
based
on his appraisal of the chief executive officer. Do you think the German
central bank is wavering? Try Alan Greenspan. If you think he is on the
wrong track, try New Zealand. Global mutual funds have limitless ability
to
move capital among local, state, national and international
portfolios--equity,
debt, currencies, futures, the lot. By far the most effective way to vote

against
new government spending is to buy some other government's bonds. This
kind of balloting is in fact conducted continually--by banks, pension
funds
and mutual funds. These are the new, private treasuries. 
 
By dispatching its capital elsewhere, the electorate can almost instantly
depress the economy and thus the government's tax revenues. For any
government that's seriously in debt, the globalization of financial
markets puts
a double squeeze on new discretionary spending. If global capitalists
lose
faith and drive up interest rates, it isn't just new spending that costs
more, 
it's
also the refinancing of old debt. The modemization of finance explains
the
federal government's mass conversion to more balanced budgets. 
 
As Bryan and Farrell discuss in their book, the tremendous new mobility
of
private capital sharply curtails government power over macroeconomic
policy. Budget planners and central bankers become little more than fancy
bookkeepers. They don't orchestrate economic forces, they react to them. 
 
Whether they talk left or right, governments worldwide have little choice
but
to abandon fiscally suicidal policies, most notably the practice of
issuing

long-term debt to finance current entitlements. Improvident governments
that
don't believe this end up like Mexico in 1995, with a collapsing peso and
an
overnight flight of capital. Even Washington's wisest understand the new
reality. "I used to think if there was reincarnation I wanted to come
back as
the President, the Pope or a .400 baseball hitter," Clinton adviser James
Carville quipped two years ago. "But now I want to come back as the bond
market. You can intimidate everybody." 
 
Including, of course, government regulators. Wires are imposing a strict
new
discipline on the regulators of private banks, too. At a recent Cato
Institute
conference on the future of money, University of Georgia economist
Lawrence H. White described how new payment technologies have lowered
the cost of wiring money from $20 to 2 cents per transaction. This opens
up
the world of offshore banking to small investors--and it's all perfectly
legal, 
so
long as you keep paying your income taxes. Offshore banks pay higher
interest on deposits and charge lower rates on loans because they aren't
subject to the wide array of bank taxes, mandatory insurance premiums and
antiredlining decrees imposed by U.S. regulators. For the first time,
small
depositors can decide for themselves whether the Federal Deposit
Insurance
Corp. is really worth the price they pay in less favorable interest
rates. 
 
Securities regulation can now easily be circumvented in much the same
way.
With stock exchanges and brokerage accounts moving on-line, you can hold
and trade U.S. equities completely outside U.S. jurisdiction. If the
Securities
& Exchange Commission goes over the edge of the regulatory Laffer
Curve--by passing rules that stifle rather than protect--investors will
easily 
be
able to move to a Swiss broker, a London exchange or a Canadian
commodities trader. The value of regulation, positive or negative,
becomes
something you shop around for, just as you shop for a trusty broker or
low
trading fees. 
 
Labor will never be as fluid as capital, but does follow it. The 1980s
taught
us that manufacturing jobs could escape U.S. unions, labor laws, tort
lawyers
and environmental regulators much more easily than we had realized. The
aluminum still comes from an Alcoa mill in the U.S., but some 20% of the
Boeing 777 airframe structure is built by Japanese workers at a
Kawasaki/Mitsubishi/Fuji consortium. The wings and the cockpit of
McDonnell Douglas' MD-95 are being built in South Korea. 
 
To be sure, most U.S. jobs, particularly the services that account for
54% of
the U.S. economy, are still in nontradable sectors. If you live in
Fresno, you
can't easily get a haircut from a coiffeur in France. But services do
already
make up over 20% of global trade, and they represent the fastest-growing
component of both trade and foreign direct investment worldwide. American
companies outsource data entry to countries in the Caribbean.
Manufacturers
outsource product design, logistics management, R&D and customer service
across national borders, too. U.S. insurance, tax consulting and
accounting
companies send claims and forms overseas for processing. Software, films,
music, finance, advertising, and even health care and education all move
as
well. Haircuts? Not yet, but there's already serious talk of
telemedicine. 
 
The Boeing way of choosing labor is now embedded in the structure of some
39,000 large, transnational corporations, which collectively hold over
$2.7
trillion of assets outside their home-base countries. New foreign direct
investment in the 26 nations in the Organization for Economic Cooperation
&
Development rose by 53% in 1995, while outflows from these countries
increased by 42%. (For cross-border holdings of tradable securities, see

chart, p. 146.) "The very phrase `international trade' has begun to sound
obsolete," Wriston says in an interview. 
 
Again, information and communications technologies are the critical new
lubricant. Many services, especially financial and anything involving
software,
consist of nothing but information and can be moved by wire alone. Moving
solid goods still requires cheap transportation, too, but the cost of
hauling
things around keeps dropping, energy costs notwithstanding. And many of
the products being hauled--everything from cameras to cars--keep getting
smaller and lighter as they get electronically smarter. 
 
Once a manager in Detroit learns how to use the telecosm to outsource to
Toledo, Ohio, she can outsource to Toledo, Spain; with cyber power all
physical distances are roughly the same. And with this kind of global
production system in place, a manufacturing company can move jobs and
capital around like pieces on a chessboard, shopping continually for the
best-priced labor--and the best labor laws. As Norman Macrae, former
deputy editor of the Economist, foresaw some years ago, corporations of
the
future are not going to be nationally based, and they "aren't going to
have
long-lasting lines of production in settled places." Their managers will
be able
to move jobs almost as fast as governments can rewrite employment laws.
At
the margin, the managers of these transnational companies will adjust
their
portfolios of labor in much the same way as the manager of the Templeton
Growth Fund trades stocks.
 
So where does the globalization of labor markets leave the countless
national
regulators of employment and work? Whatever they address-- parental
leave, handicaps or the minimum wage--laws that deny economic reality
cannot be enforced if the jobs can pick up and leave. Much as they hate
the
fact, government bureaucrats are beginning to accept it. Yes, Washington
did
recently raise the minimum wage, but the real story there was how little
and
how late. The long-term global political trend is away from all such
dictates,
not toward them. 
 
When she thinks of herself as "labor" the average American citizen may
not
like this at all. But as a consumer she's collaborating enthusiastically.
She
buys Nikes and Nintendos made in Asian factories. She demands profit from
her mutual fund and pension plan, not patriotic loss. Before long, she'll
shop
for life insurance in London and health insurance in Geneva, and the
offshore
actuaries will discriminate fiercely in favor of the healthy. In the
1980s the
chief executive of Chrysler might have decided to buy a few million car
engines from Korea. Today millions of individual Americans are gaining
the
power to shop anywhere they please. No longer can consumers, any more
than investors or corporate managers, be economically quarantined. 
 
This means that consumer protection regulators face serious competition.
An
abortion now comes in a pill; there's little to stop you from buying that
from
an on-line pharmacy in Monaco if you have to. For years the FDA blocked
sales of kits that allowed home testing for the AIDS virus. So a South
African
company peddled a $100 kit on the Internet, with delivery by mail. And
the
owner boasted openly that he was in business to thwart the regulators
overseas. 
 
The daughter of a magazine editor I know needed a special asthma drug
that
the Food & Drug Administration hasn't yet seen fit to approve. Her dad
E-mailed a contact in Paris, and the medicine arrived by air several days
later. He would not have bought a drug from China or Belize, but he was
willing to trust France. The world's drug regulators, in short, compete
for his
custom. A wide range of routine diagnostic services could easily be
offered

to U.S. citizens from laboratories in Bermuda. The Web would handle
marketing and payment. Federal Express would deliver. 
 
What holds for lab tests holds for morals and culture, too. Nevada can
dispatch strip shows and blackjack tables to any computer in Utah. If we
shut down Nevada, gaming houses farther afield will quickly fill the
electronic
void. A two-minute Web search turns up the Aruba Palms, off the coast of
Venezuela. Download free software and link into the hotel's casino for
real-time blackjack, poker and slots, as well as full sports-book action.
Or
try out any of a dozen on-line gambling alternatives in Argentina,
Belize,
Antigua or the U.K. Or play the national lottery of Liechtenstein. Use
your
credit card, or use E-cash if you want to make both gains and losses
completely anonymous. 
 
When it comes to pure content regulation--pornography the most vivid
example--government authorities have lost their grip completely. If you
don't
like Utah's censors, three clicks of a mouse will put you under the
unbuttoned
authority of Utrecht. Canada has instructed its citizens not to watch too
much
U.S. television. But it's laughably easy now for Canadians to buy a small
satellite dish and get subscription fees billed to a nominally U.S.
address.
Technology has rendered completely obsolete the very idea that government
authorities can control morality and culture. Politicians may still give 
speeches
about these things, but everyone knows the talk is just reactionary
twaddle. 
 
All of this should be very reassuring. Most of us won't leave the
country, not
in person and not by wire. We won't have to. Competition improves the
quality of everything else; it will improve the quality of government,
too. Most
politicians are pragmatists. They'll grasp that they have to deliver a
good
service at an attractive price--or lose market share to the competition.
Bill
Clinton understands this. Like James Carville, he learned that the bond
market runs the most powerful polls of all. Clinton ran as a budget
conservative. 
 
The trend is already clear in monetary and fiscal matters, where the
competition for good government is the fiercest. Many of the abrupt
currency
swings of yesteryear--overnight devaluations, for example--just don't
happen
as much anymore. Wired financial markets are less volatile and much more
honest. Nearly all industrial countries have brought their annual
inflation 
rates
under 3%. In The Death of Inflation: Surviving & Thriving in the Zero Era
(Nicholas Brealey Publishing, 1996), Roger Bootle argues that the
globalization of financial and labor markets left them no choice. 
 
Within this country, large states like California seem to be learning the
same
lesson. They have to stay in line on tax rates, investment climate and so
forth--or lose jobs, investment and residents to their better-governed
neighbors. And while rigorous comparisons are difficult, it does appear
that
industrialized nations are gradually converging toward quite similar
regulatory
structures in monetary policy, banking, insurance and securities trading.
The
overall price that competing governments charge citizens for service--the
tax
rate--seems to be converging, too. Take away health insurance, which some
countries book as "private" rather than "public," and you find that the
tax
rates in industrialized countries are all quite close--much more so than
they
were in the 1960s. 
 
Governments that don't keep up with the competition can lose market share
fast. Years ago Delaware developed a well-designed service called
corporate law. Most big U.S. companies are Delaware corporations now.
Other states tried to protect their consumers from high interest rates.
So

Citibank set up operations in South Dakota to issue credit cards
nationally. In
June the Supreme Court ruled that California residents may not challenge
Citibank's late-payment fees as usurious under California law: The fees
on
Citibank cards are South Dakota's legal responsibility. The usury police
in
other states can all take a permanent vacation. 
 
We, the people, are all shipping tycoons now, with mobile wealth and
mobile
labor. We can choose Liberia's flag, for its unmeddlesome bureaucracy, or
London's insurance, for its trustworthy courts. As managers, workers and
consumers, we buy government in much the same way we buy shoes. Not
through bribes or political action committees or anything like that--we
buy it
by paying taxes and complying with the laws. But when shopping in one
government's mall gets too expensive or inconvenient, we shop in
another's. 
 
So the old political carnival, filled as it was with freaks and geeks, is
over.
The old game of big promises on election day, soon forgotten in the
enjoyment of power, is over. Citizens now vote continually, with London,
Bonn and Tokyo on the ballot, too. 
 
 





From alzheimer at juno.com  Tue Nov 26 09:16:20 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Tue, 26 Nov 1996 09:16:20 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961126.111613.12279.0.alzheimer@juno.com>


 
American Banker: Friday, November 22, 1996
 
MasterCard Raps Visa Security After Theft 
 
By JEREMY QUITTNER
 
The theft of a personal computer with several hundred thousand credit
card
accounts stored in its memory has led MasterCard to suggest the security
procedures of rival Visa are inadequate. The computer, stolen from Visa's
San Mateo, Calif., data processing center early this month, contained
information transmitted from point of sale machines for 314,000 active
credit
card accounts -- from Visa, MasterCard, American Express, Discover, and
Citicorp's Diners Club.
 
Visa has offered to pay $20 per account, potentially $6.3 million, to
replace
the cards. 
 
Although the five brands reacted quickly to the crime, and there has been
no
loss due to fraud, the incident shows how account information is
vulnerable to
fraud and theft from many directions. 
 
Michael Stenger, special agent, financial crimes division for the U.S.
Secret

Service, said criminals will go after account information wherever they
can
find it. 
 
"The computer is seen as a facilitator and a storage point," he said.
"The main
thing is (the thieves) need the information." 
 
Account information from the different credit card networks is commonly
routed through MasterCard and Visa processing systems from point of sale
machines, and sent to the appropriate party. 
 
"The question is, why was the information downloaded?" asked MasterCard
spokesman Sean Healy. "We don't do that type of downloading." 
 
He said MasterCard stores point of sale information on cartridges in high
security locations in its St. Louis processing facility, where it would
be
"virtually impossible to replicate" the Visa theft. 
 
However, David Melancon, a Visa International spokesman, contended,
"Any card company that processes transactions" downloads account
information. 
 
Jerome Svigals, a smart-card and security consultant in Redwood City,
Calif., said Visa would have downloaded this information only if it was
working in the capacity of Vital Processing Services, its merchant
processing
arm. 
 
He added the computer probably contained magnetic stripe information,
such
as account numbers, expiration dates, and encrypted verification codes. 
 
"There is little or no protection against this problem," he said. 
 
Visa said it may have been an inside job, although no one has been
arrested.
The thief or thieves were probably more interested in the computer
hardware
than the account information, Visa said. 
 
"We have had rigorous plant security, but obviously not secure enough,"
Mr.
Melancon added. 
 
Visa, which said the vast majority of affected accounts were its own,
said it
immediately contacted all the parties involved and recommended they get
in
touch with cardholders. 
 
Mr. Healy said the stolen computer contained information on accounts at
500
of MasterCard's member banks. 
 
"We are recommending they close the affected accounts and issue new
cards," Mr. Healy said. "We are monitoring authorizations very closely
and
have issued a worldwide security alert." 
 
American Express, on the other hand, has chosen to monitor its own
accounts without informing cardholders. It would not specify how many of
its
accounts were involved. 
 
"The accounts are being monitored for fraud, but we have not found any,"
said Gail Wasserman, an American Express spokeswoman. 
 
Diners Club and Dean Witter, Discover & Co. said they were taking
measures to protect their cardholders. 
 
  
American Banker: Friday, November 22, 1996
 
Bank Group Issues Guidelines for Protecting Consumer
Privacy 
 
By Barbara A. Rehm
 
Retail bankers on Thursday unveiled a nine-point plan to safeguard
financial
information about their customers. 
 
The Consumer Bankers Association is providing the privacy blueprint to
its
members, 900 financial institutions with more than $2.5 trillion in
assets. 
 
"We are confident that these guidelines will enable our members to
continue
delivering top-quality service and choice while maintaining the trust of
consumers," said Pam Flaherty, Citibank senior vice president and a
member of trade group's board. 
 
The guidelines, in the works for two years, are designed to help banks
maintain customer confidentiality standards even as new technologies
speed
information processing. 
 
For example, under the plan, banks "will limit the use and collection of
information about our customers to what is necessary to administer our
business, provide superior service, and offer opportunities that we think
will
be of interest to them." 
 
The blueprint also notes that banks will provide data about their
customers
only to "reputable information reporting agencies." 
 
The Consumer Bankers issued the privacy guidelines to show the federal
government that the banking industry is policing itself and no new
regulations
are needed. 
 
 
American Banker: Friday, November 22, 1996
 
Get On-Line Quickly or Get Left Behind 
 
By JENNIFER KINGSON BLOOM and JEFFREY KUTLER 
 
Almost 600 people paid a quick visit this week to a future in which most
consumers carry smart cards, do most of their banking and shopping on the
Internet, and rest assured that their financial institutions have taken
all
necessary steps to ensure payment security and personal privacy. 
 
By now the bankers among the 600 have returned to a reality in which most
chief executive officers don't know much about personal computers, pay
more attention to commercial loan spreads and credit card profitability
than
to information technology, and still need convincing to pour a lot of
investment capital into creating the aforementioned future. 
 
The vision of the possible appeared at American Banker's second annual
conference on financial services in cyberspace. After three days of
almost
boundless enthusiasm for electronic cash and virtual banking, these
concepts
didn't sound futuristic at all. 
 
Stirring up a revival-meeting atmosphere, Mondex USA chairman Dudley
Nigg referred to Internet banking as "the Holy Grail." But no longer does
he
consider it beyond bankers' grasp. Giving the opening speech Monday, the
Wells Fargo Bank executive vice president decried the industry's past sin
of
"giving away the branch channel for free and charging for on-line service
...
How ludicrous!" 
 
After Wells saw the light and dropped its fees for PC users, on-line
customers jumped from 20,000 in early 1995 to 270,000 today -- 110,000
of them via the Internet. Mr. Nigg expects two million Internet customers
in
five years. 
 
It provides an unusual opening, he said, to "satisfy customer needs
(while) we
lower our costs ... That's the kind of economics that chairmen in our
industry
love to hear about, and is rare in banking. Rare is the channel where
costs
can be driven down." 
 
Mr. Nigg, speaking the same day MasterCard announced its acquisition of
51% of Mondex International, a smart card program he fervently supports,

lived up to his keynote billing with the conference's most quotable
quote: "If
we don't get aboard this train early, we will miss it." 
 
He said technology is advancing so quickly and decisively that bankers no
longer have the luxury of waiting for lower prices or more definitive
outcomes
before making a move. 
 
"If we regard this as purely hype, we will forfeit this opportunity to
others
who are waiting in the wings," Mr. Nigg said. "We have traditionally been
slow to step up. In the past, second-movers had an opportunity to meet
the
train. Today, people are waiting for us to act. If we don't do so,
somebody
else will step in and take our place." 
 
"Don't do nothing, waiting to see if Internet commerce is real," said
Verifone
Inc. vice president Roger Bertman, picking up the theme two days later
when
discussing bank-merchant relationships. "It is absolutely clear you will
miss an
opportunity and risk losing pieces of your merchant portfolios." 
 
The Internet and personal financial management software like Intuit
Inc.'s
Quicken are "wedges driving financial services into the home," said Adam
Schoenfeld, vice president of publishing at Jupiter Communications in New
York. 
 
Though many attempts at electronic financial services were "poorly
conceived
and executed," he said, banks are serving two million customers by PC,
and
more than three times that number express interest in the medium,
according
to a recent Jupiter-Find/SVP study. 
 
Veterans of earlier, unsuccessful attempts at revolutionizing banking
behavior
like to bat around ideas on why the 1990s are different. 
 
One obvious reason is the breakneck spread of personal computers into
consumers' homes. Huntington Bancshares senior vice president William
Randle, a conference co-chairman, cited an October survey that said 19
million U.S. households now use home computers for some aspect of
financial management. 
 
He also showed a commercial that touted the home banking capabilities of
Packard Bell's products. "When manufacturers of computers start
advertising
banking as an application, times are moving fast," he concluded. 
 
There were other ideas as well. Gaurang Desai, a vice president at
Montgomery Securities, said vendors and bankers are growing more
comfortable with one another and are working together more productively.
Henry Lichstein, a vice president and technology strategist at Citibank,
said
banks are learning how to market on-line services so they are attractive
to
consumers. 
 
Pointing out that Citibank has offered home banking for a decade, he said
the
program began "in earnest" last year when the bank stopped charging for
it.
 
In 1996, Mr. Lichstein said, "the big change was the Internet." 
 
And David Frankel, banking business manager at the Prodigy on-line
service,
recalled that when his company introduced on-line banking in 1988, it
fell flat.
 
Prodigy has spent the last eight months reconstructing its service for
the
Internet. "People are moving to the Internet directly at almost alarming
speed," Mr. Frankel said. "We have recognized the future of the Internet
and
the ultimate demise of proprietary on-line services." 
 
Several speakers predicted that the introduction this year of television
sets
with Web browsers will jump-start home banking for the mass of consumers.
 
In the Jupiter Communications survey, 25% of households with personal
computers said they "would prefer to get their electronic financial
services
through the television," said Mr. Schoenfeld. 
 
Mr. Lichstein defined the task at hand -- "the process of anticipating
change
and aligning oneself to it" -- as "finding the strategic groove." 
 
Something is in a strategic groove, he said, when "if we do not step up
to the

challenge, someone else will." By that definition, Mr. Nigg was
describing
strategic grooves for the Internet and smart cards, particularly Mondex,
which can operate as both a real-world cash substitute and a
virtual-world
payment transmission device. 
 
Mr. Lichstein put smart cards and consumer electronic banking in that
very
context. "The strategic groove in home banking," he said, "is in full
swing." 
 
Critical or dissenting voices were pretty much drowned out. Charlotte
Wingfield, a KPMG Peat Marwick partner, said she got a respectful
reception to what she called the only presentation covering the biggest
mode
of banking distribution -- the branch. 
 
Citing a consumer survey KPMG commissioned from Yankelovich Partners,
Ms. Wingfield concluded that "the branch's demise is greatly
exaggerated."
Her data indicated that even frequent PC users put "banking in person"
ahead
of software-based services on their list of preferences. 
 
Agreeing with Ms. Wingfield, a member of the audience who works for a
technology company grumbled about the pro-virtual majority. "They make it
sound like everybody has to be on the Internet by next Tuesday, or
they're
toast. That just isn't the case." 
 
Even a bank executive from the Northeast who is well versed in the
Internet
and intranets said, "I think it's all hype." 
 
In one session that devolved into a small-scale cat fight among software
vendors, a Microsoft Corp. executive was trying to take the high road:
Other
purveyors of personal financial management software divulged the number
of
users they had doing on-line banking, but he wasn't going to play the
numbers
game. 
 
A representative of Intuit said 400,000 people were banking on-line
through
Quicken and BankNow. The chief executive of Meca Software said he had
200,000 active users. 
 
When Microsoft's turn came, Richard Bray, a product manager, kept
insisting that 10% of Microsoft Money users were doing on-line banking.
When pressed for specific numbers, he would go no further. 
 
Unluckily for Mr. Bray, he was also scheduled to speak again later in the
day
about the Microsoft Network for the Internet. It was in that speech that
he
casually said: "Two and a half million people use Microsoft Money." 
 
And 10% of 2.5 million would be ... William N. Melton, founder and
president of Cybercash Inc., was torn within himself. He took a break
from
the American Banker conference to fly to the giant Comdex computer trade
show in Las Vegas and returned with what he termed a "manic-depressive
problem."
 
When he first arrived in Scottsdale, he became "manic" when he learned
that
the bankers there had apparently gotten religion on the subject of the
Internet. 
 
"We've been trying to talk to bankers for a long time, and said, 'The
Internet
is really here,"' he said. "I didn't think they were really getting it."
 
After jetting off to Comdex, though, he became "depressed" that while the
250,000 people attending the show were "all doing nothing but thinking
about
the Internet," they didn't seem to be moving quickly enough toward
on-line
commerce. 
 
"We've been working on SET (the Secure Electronic Transactions protocol)
for one to one and a half years, and hopefully within six months we'll
have
interoperability tests," Mr. Melton said with some disdain. 
 
After returning to Arizona, Mr. Melton swung back to manic mode. Hearing
details about MasterCard's buy into Mondex persuaded him that "maybe it's
going to happen." 
 
Mr. Melton was emphatic about what was needed to help make "it" happen:
he called on banks to "unilaterally issue digital certificates" to get
customers
accustomed to on-line commerce and comfortable with evolving privacy and
security measures. 
 

Mr. Melton and Mr. Bertman, general manager of the Internet commerce
division at Verifone (another company Mr. Melton founded), acknowledged
some other impediments or potential obstacles.
 
"By 2000, the privacy issue will have really hit," Mr. Melton predicted.
He
said the negative consequences of such an explosive political issue could
be
mitigated by banks' convincing the public they have addressed it. But he
warned of "a huge public debate." 
 
Mr. Bertman said the industry must help consumers and merchants make
sense of a dizzying array of payment methods and options. Verifone and
Cybercash, among others, have proposed "virtual wallets" as a solution. 
 
"Technologists tend to oversimplify the payments world," he said, "but
there
are some very complex issues" that financial institutions are best placed
to
resolve. 
 
Mr. Bertman added that while most discussions have focused on the on-
line
consumer, bank-merchant relationships are at least as critical and have
been
"underestimated and under-understood." 
 
"There is a question of how many banks do you need on the Internet," Mr.
Melton said. "This is not a polite question, but it's going to become
very
competitive - more so than in the physical world where you are protected
by
the walls of geography." 
 
Mr. Melton was ready to declare victory on the security issue, saying,
"It's
essentially done." 
 
Given the availability of data encryption techniques and specifications
like
SET, which is being developed by MasterCard and Visa, he said: "Tell your
customers, 'Don't worry. We'll take care of it'." 
 
Mr. Bertman said the SET development process will take well into next
year,
but the card industry should move ahead with Internet payments." Sholom
Rosen, a vice president at Citibank who has invented a computer-
to-computer electronic money system, raised a red flag. 
 
He said electronic currencies like those being promoted for the Internet
--
Citibank's is not among them -- raise security issues different from
those in
conventional commerce, and they are not fully addressed by "strong
encryption and protocols." 
 
For example, Mr. Rosen said, counterfeit losses are conventionally borne
by
the party who is discovered passing fake currency. In on-line commerce,
the
issuer of money -- likely a bank -- is the victim, with consequences for
solvency and systemic risk that Mr. Rosen said haven't been thought
through.
 
Mr. Rosen stated in an interview that Mr. Melton and others are in an
"entrepreneurial mode" and understandably eager to embrace exciting new
things. 
 
"Comdex is fine, but banks are in the business of having to manage
risks,"
Mr. Rosen said. 
 


ABA Banking Journal: November, 1996
 
Are You "Toast"? 
 
By William W. Streeter
 
Has anyone walked up to you recently and said, "You're toast"? As you
might surmise, the question has nothing to do with sun or food. It has to
do
with history, as in, "You're history, pal."
 
And that's how author Don Tapscott meant it when he used the expression
in
his presentation at the ABA Annual Convention last month. 
 
He was speaking about the digital revolution, and with the single word
"toast," he likely captured the collective angst of most people in the
room. 
 
As author of the best-selling book, The Digital Economy, Tapscott is a
prophet of the new order resulting from the digitizing of information.
Like
many of his ilk, his presentation was both mesmerizing and unsettling. He
spoke of the likely disappearance of entire industries under the
onslaught of
the Internet, specifically referencing travel agents and food
wholesalers. 
 
He didn't foretell that fate for banking, but he did speak of the
"disintermediation" of the middleman. 
 

"If you're in the middleman business, start looking for a job," he said. 
 
It shouldn't take long to realize that banking falls under that heading. 
Consider
that traditional banking is deposit intermediation, while the more recent
additions to the business have largely been brokerage. Sounds like a
"middleman" business to us. 
 
Tapscott urged bankers to "reintermediate." We haven't a clue what that
means, but he did cite examples of several banks that have embraced the
Internet -- Security First Network Bank being one (look for an update on
it
next month); Wells Fargo and The Bank of Montreal being two others. 
 
There's no denying that certain business have been displaced by
electronics.
The advent of desktop publishing software, for example, radically altered
the
"pre-press" and typesetting business that thrived pretty much since
Gutenberg. Typesetting in particular was wiped out by computers in the
space of about ten years. The function of putting words into type didn't
disappear, it was simply transferred to publications' staffs, at a
considerable
savings. 
 
Those publications themselves face a challenge with the emergence of the
Internet as a radically different means of disseminating information. 
 
Is banking similarly challenged? The answer without a doubt is "yes."
Will the
industry disappear like the typesetters? There are two considerations in
answering that question. First, the typesetting business disappeared
because
electronics gave publishers greater flexibility at less cost. The same
case is
made by proponents of banking via the Internet, but it's not clear yet
whether
a majority of people and businesses are ready to do banking that way. 
 
Second, "banking" and "industry" are labels. The functions performed
under
those labels will of course continue as long as there is money, or more
broadly, exchange of value. 
 
If by being "digitized" a product or service or process becomes more
convenient, more flexible, or less expensive, the marketplace will
embrace it.
And it will probably do so pretty quickly. 
 
None of this says that there won't be a need for people to meet with
people.
Maybe many "face-to-face" meetings will occur by high-quality video
connection. But all of them won't. There will still be a need to be
reassured
about something in person; to shake hands on a deal; or to look someone
in
the eye -- a live eye. 
 
As a proxy for this, consider that e-mail hasn't eliminated the need to
speak
by phone, any more than telephones eliminated the need to write or to see
someone in person. 
 
Changes in fundamental technology have always caused business casualties
-- as with the proverbial buggy whip example. 
 
Part of top management's job is to stay abreast of changing technology,
and
to hire and train people who can communicate in, and deal with, whatever
medium is appropriate. The difference now is that the change to a digital
age
will bring more far-reaching changes than anything seen recently, and is
occurring at dizzying speed. 
 
For sure, money isn't likely to go away soon, and neither, therefore, is
financial services. That should ease some of the angst you may feel under
the
relentless barrage of "The Digital Age." But don't get comfortable
either, or
you will be toast. 


Retail Delivery Systems News: November 22, 1996
 
Mondex Deal Changes MasterCard Strategy
 
Expect some turmoil in the smart card market as MasterCard International,
of New York, readjusts its strategy in the wake of buying a majority
interest
in Mondex, of London, a bank partnership formed to pilot smart cards in
England. 
 
The long-time rumored acquisition represents one of the largest
investments
of a U.S. company in smart card technology.
 
Estimates are that MasterCard paid between $100 million and $150 million
for the majority interest. 
 
MasterCard will adopt Mondex's technology as its strategic chip platform,
the companies say. 
 
This raises questions for the future of pilots, such as the one planned
in New
York City's West Side by Citibank and Chase Manhattan and for the
validity of vendor hardware and software created to work with MasterCash,

analysts say. The New York pilot, which is meant to prove
interoperability of
the MasterCard and Visa systems, already has been delayed until the
second
quarter of 1997. 
 
Additionally, MasterCard has lost several of its key officers in the
MasterCash division, raising questions about who is leading the venture,
RDSN has learned. 
 
"A number of companies would like to see a crystallization of
MasterCard's
strategy with smart cards," says Dave Lott, an analyst with Dove
Associates
in Atlanta. "The deal raises a lot of questions in terms of what are they
going
to do with the product (MasterCash) that they've developed up to this
time." 
 

 
Washington Post: Sunday, November 24, 1996
 
The Uncertain Value of 'Smart Cards' 
 
By Jane Bryant Quinn
 
The next piece of plastic the banks think you ought to keep in your
wallet is a
"smart card." These cards come in several varieties and most aren't ready
for
mass distribution. But pilot projects are forging ahead in Atlanta and
New
York City early next year, and in Canada and several countries abroad. 
 
There's no obvious consumer need for smart cards today. But the bankers
believe that you're going to love them anyway. You may even be mailed one
and urged to try it. 
 
Smart card promoters make the assumption that you hate to carry cash. You
hate fishing for bills and coins to buy a newspaper or a soda. You'd put
down plastic, instead. 
 
This plastic card has money on it, embedded in a computer chip. A $ 20
card, for example, will give you $ 20 in spending power. 
 
If you buy a 75-cent newspaper, the seller will put your card in a
special
terminal and drain off 75 cents. No identification or signature is
required. 
 
You now have a card with $ 19.25 left on it. After spending $ 1 on a
soda,
the value of your card goes down to $ 18.25. If you forget the amount,
you
can check it with a little portable card reader. Some readers also might
list
the last five things you bought. 
 

Don't confuse a smart card with a debit card. When you pay by debit card,
money is moved automatically from your bank account into the merchant's
bank account. With a smart card, however, you first move money from your
bank account onto the card's computer chip. When you buy something, the
money moves from your card to the merchant's terminal and then,
electronically, to the merchant's bank. 
 
If every merchant, street vendor, taxi driver and bus accepted smart
cards,
you wouldn't have to carry cash. To some, that would be a huge
convenience; to others, it's a shrug. But as long as some merchants took
smart cards and others didn't, you'd have to carry both. 
 
Smart cards come in three varieties, some of them more flexible than
others: 
 
* A prepaid, disposable single-purpose card. Telephone cards are a good
example. You pay $ 10 or $ 20 for a card, dial an 800-number, give the
number of your card and then make your telephone call. Minute by minute,
the cost of the call is deducted from the value of the card. When you've
spent
all the money on the card, you throw it out. 
 
* A prepaid, disposable bank card. You buy the card at a bank and can use
it at any store that has a terminal. 
 
* A reloadable card. When your money runs out, you can take it to a bank,
an automated teller machine or a special kiosk and load it up again.
Visa,
MasterCard, Citibank and the Chase Manhattan bank will jointly test a
reloadable card in a section of New York City next year. A reloadable
card
also could serve as your credit card, debit card or ATM card. 
 
What's in it for the banks? Eventually (although not at first), the banks
probably would charge you for the card. There might be a fee when you
used
an ATM to load it up. The merchant also would pay a fee, in return for
getting what is presumably a more secure transaction. 
 
What's in it for consumers? A very little bit of convenience. Putting
down a
card is a tad quicker than fishing out cash. You always have the
equivalent of
exact change. You wouldn't have to count your change, but you'd have to
use the card reader to be sure the merchant's terminal deducted the right
amount. You may or may not pay more for the card than it costs to get
cash
from an ATM. 
 
For a while, the smart cards probably won't have any more than $ 100 on
them and the limit might be lower. So they're strictly for walking-around
money. You'd still need your credit card, debit card or checkbook for
more
serious shopping. 
 
If the card malfunctions -- say, it registers $ 14 when you're sure you
were
carrying $ 36 -- a bank can check the balance on the computer chip, says
Ron Braco, a senior vice president at Chase Manhattan. But if you lose
the
card, it's just like losing cash. You're out the money. 
 
Promoters of smart cards promise a lot of national and international uses
that
aren't yet anywhere in sight. I'll probably wait for them. Banks have a
sales
job to do on people like me who don't find it a nuisance to carry cash.
 
 


Forbes: December 2, 1996
 
Banks are pushing new ATM cards that doubleas a Visa or a MasterCard.
Avoid 'em.
 
Carte Blanche For Crooks 
 
By Alexandra Alger 
 
Chances are that yet another chunk of unsolicited plastic has popped up
in
your mailbox. It is not just another credit card. It's a combination new
ATM
card and charge card. You can use it to withdraw cash from automated
teller
machines, as you do with your current ATM card. Or you can use it to
charge purchases, without having to use your PIN (personal identification
number). "It's as convenient as a credit card, but it's not credit! The
amount
of your purchase is immediately deducted from the balance in your
checking

account," says the brochure sent out by one major bank. And therein lies
the
danger--it's a debit card. We don't like it for three reasons: 
 
* It could give a thief carte blanche to your checking account. In case
of
fraudulent use of your debit card, you are the one who is instantly
out-of-pocket, not the bank. You may have to fight the bank to recover
your
money, and you could lose it completely if you don't report the loss
right
away. Meanwhile, your bank balance and credit line could be depleted, and
your checks could be bouncing all over town. 
 
* You lose the credit float, of 30 days or so, that you get with a
zero-balance
credit card. 
 
* You lose the option of withholding payments--important leverage in case
of
disputed charges. 
 
Banks are flooding the mails with these new cards. Visa has launched a
multimillion-dollar national TV campaign to promote its debit cards,
starring
football superstar Deion Sanders. Some 4,000 U.S. banks, S&Ls and credit
unions are issuing MasterCard- and Visa-affiliated debit cards--double
the
number of a year ago. Most of the nation's biggest banks have already
joined
the party, including California's Bank of America and New York's Chase
Manhattan Corp. (to its new Chemical Bank customers). Citibank is
planning its blitz next year. 
 
For banks, what's not to like? Merchants pay card issuers an
"interchange"
fee--typically 1% to 2% of the transaction value. Some banks even charge
customers $1 to $1.50 a month just to have the card. 
 
Debit cards also help wean bank customers from costly check-writing. It
costs banks $1.10 or so to process every check, but only 27 cents to
handle
a debit card transaction, says Edward Neumann, director of Dove
Associates, a bank consulting firm in Washington, D.C. 
 
Bankers insist that the cards are good for customers, too. "The key is
convenience--that's what we're selling," says John Russell, a spokesman
for
Banc One in Columbus, Ohio, the first bank to offer a debit card and now
the largest issuer of them (over 4 million). 
 
But we think this convenience comes at too high a risk. Some debit- card
crooks are subtle. They'll use swiped debit cards occasionally, charging
up
relatively small amounts. As long as the account holders overlook the
charges
on their bank statements, the party continues. The thief has a kind of
annuity. 
 
Roy Funderburk Jr. learned about this the hard way. The 53-year-old mail
carrier from Alexandria, Va. was going over his bank statement when he
noticed two debit-card charges in one day at an Exxon station he
occasionally used in Washington, D.C. That sent him back to statements
for
previous months. What he found were $1,000 in bogus gas station charges
made over a nine-month period. No charge was more than $20. He hadn't
lost his Visa debit card, so was baffled about the misuse. 
 
Funderburk's branch manager at American Security Bank (now
NationsBank) told him not to worry, he would be reimbursed for his
losses.
But a month later Funderburk got word that he'd only be recompensed for
the fraudulent charges made within the previous 60 days-- $247. He was
out
$761. Funderburk was furious. He went to the Washington Police
Department, the Secret Service--even the FBI. The latter two told him
they
only looked into cases involving at least $5,000. 
 
Finally, on the advice of a lawyer, he took the bank to small-claims
court. He
struck out there, too; the judge shook his head and told Funderburk the
bank
didn't owe him anything under federal bank rules, and there was nothing
he
could do. 
 
The story has a happy ending. Out of the blue, an American Security
lawyer
called Funderburk about settling. Funderburk said he just wanted his
money

back, without interest. Fine, the attorney said. Within hours the money
was
back in his checking account. But what an ordeal! 
 
How had the thief pulled off the thefts? All he needed to get started was
the
number on Funderburk's debit card, perhaps from a discarded receipt. A
phony card could be made, using that number. 
 
Still, Funderburk was lucky. Banks will normally assume liability for
fraudulent use only if you notify them within two days after you miss
your
card. In that case your loss is limited to $50--often, you won't be
charged at
all. But wait any longer, and you could be liable for as much as $500 of
your
own checking account losses. If you fail to report the fraud within 60
days,
the bank doesn't have to give you a cent. 
 
Your chances of getting hit are uncomfortably high. Last year Visa and
MasterCard issuers shouldered $19 million in fraud-related losses on
their
debit cards, says the Nilson Report, an industry newsletter in Oxnard,
Calif.
PIN-related ATM fraud accounts for $100 million to $200 million in annual
losses. 
 
That is small potatoes compared with the estimated $3 billion in annual
credit-card fraud losses (FORBES, Aug. 26). But, says John Wisniewski, a
postal inspector in Pittsburgh:"The bad guys are just starting to figure
out how
to misuse them."
 
One of the more ingenious ATM scams involved a bogus telephone. At an
ATM in Miami, Fla. crooks put plastic sleeves into the card slots. When
customers saw their cards were swallowed by the machine, they picked up
the telephone provided to dial the posted customer service number. 
 
But the phone was provided by the thieves, and the posted number put
customers in touch with a thief, not a bank employee. The thief then
asked
customers for their PIN as identification and promised that replacement
cards
would be mailed out in a matter of days. 
 
The crooks then plucked out the stuck ATM cards with tweezers and were
off to the races. 
 
Our advice is to avoid the ATM-debit card. When your ATM card expires,
request a simple replacement instead of the new combo card you'll be
mailed. In our view, the risks of the combo far outweigh the potential
rewards. 
 
 






From root at deimos.ceddec.com  Tue Nov 26 09:23:15 1996
From: root at deimos.ceddec.com (Tom Zerucha)
Date: Tue, 26 Nov 1996 09:23:15 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <199611230853.AAA10184@netcom6.netcom.com>
Message-ID: <Pine.LNX.3.95.961126115402.4290C-100000@deimos.ceddec.com>


On Sat, 23 Nov 1996, Bill Frantz wrote:

> OBMoney: Picard states the they don't have money in the 24th century. 
> Instead they work for the good of mankind.  Nanotechnology must have made
> everything material possible, so the only reward left is status (aka
> reputation).

They travel faster than light, meet all kinds of life forms, 99.5% of
which are either humanoid of the same dimensions as terran humans too.
>From Gulliver (who had different sizes and species) to gullible.

They don't exchange anything?  DS9 indicated the academy used transporter
credits?  Replicator credits in Voyager?  Were they exchangable?  They
don't have money, they have credits.  They work for the good of mankind,
but get credits anyway.

Either space travel is paid for, or it is rationed, or both (I get on the
list, when my number nears the top, I change places with the highest
bidder).  How are finite (scarce) resources allocated?  A super computer
program (which may be considered fair, but I think the computer scientists
probably have the most luxuries in such a society).

Unless, earth decayed into a barter economy!

The Borg don't need money (individual exchange), but they don't seem to
have much use for minds (individual expression) either.

Acutally, Star-Trek is pure fiction.  Adam Smith and Ricardo proved
certain theorems in economics.  If Star Trek were at the same level of
science in astrophysics as economics, they would have to find a way
through the crystal spheres that let the sun and planets go around the
(flat) earth.  When they are not being bled to cure fevers (Captain - this
is Beverly Crusher - something terrible has happened - we've run out of
leeches!).

Economic Illiteracy is a problem.  People complain about not having wealth
but won't read the first book (Hidden Order by David Friedman is a good
start, he even has a web page with sample chapter and errata at
http://www.best.com/~ddfr).

Whither Latinum?

Actually one property of Latinum should be that it would be economically
inefficient to replicate or otherwise inflate.  Another that it should
have one or more unique properties that made it easy to authenticate.  And
it should be durable.  Gold had these in 1000 BC - Mines were few, A
"touchstone" could show if it was pure (v.s. dilution with silver), and it
doesn't rust.  In the 1800s fine-line engraving was the authentication and
anti-replication method of choice, since it was capital intensive to set
up, but you can tell if a geometric pattern is irregular.  Now we will
have cybercheques with digital signatures - forgeable if you have a
trillion dollars worth of computer time.

(see, it is on-topic).

tz at execpc.com
finger tz at execpc.com for PGP key






From nobody at cypherpunks.ca  Tue Nov 26 09:43:14 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 26 Nov 1996 09:43:14 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
Message-ID: <199611261728.JAA14047@abraham.cs.berkeley.edu>



At 7:39 PM 11/25/1996, The Deviant wrote:
>> Rigorous proofs of the non-existence of an algorithm are not new.  
>> Neither are rigorous proofs that any algorithm which can solve a given 
>> problem requires a minimal running time.  Or, in an even stronger sense, 

>Hrmmm... I seem to see a problem (namely Moore's first law) in assigning
>anything a "minimal running time".  Perhaps "minimal instruction count"
>would be more suited to your example.  Because if you're talking about
>time, it essentially boils down to "the longer something takes the less
>time it takes".

"Introduction to Algorithms" by Cormen, Leiserson, and Rivest is a
good introduction to Big O notation.  The problem you raise is the
motivation behind this notation.

diGriz







From nobody at cypherpunks.ca  Tue Nov 26 09:43:14 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 26 Nov 1996 09:43:14 -0800 (PST)
Subject: Provably "Secure" Crypto
Message-ID: <199611261737.JAA14215@abraham.cs.berkeley.edu>



At 4:18 AM 11/26/1996, Peter M Allan wrote:
>> Which part of this have you failed to understand?  Look in section 5.3.1
>> of Volume 3 of "The Art of Computer Programming" by Knuth.  You will find
>> there a rigorous proof that the "information theoretic lower bound" of
>> an algorithm which sorts by comparison of keys is O(nlg(n)).

>That is a bound on a _reliable_ algorithm.  A faster one is to shuffle
>the elements and present it as sorted.  Lightning fast, but only with
>low probability of correctness.  That is what we are up against in a key
>search attack.  The other guy just might guess my 100 bit key first time,
>millionth time or whatever - early enough anyway.

>So to get a lower bound you have to show that a lucky guess cannot be
>distinguished from an unlucky one - and if you do that without a one
>time pad I take my hat off.

If the chance of a successful guess is absurdly low, the algorithm can
be considered to be secure.  It is quite unlikely that you will guess
a random 128-bit key.  Hence, you could have a secure algorithm in
which a successful guess can be distinguished from an unsuccessful
one.

diGriz







From nobody at cypherpunks.ca  Tue Nov 26 09:44:57 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 26 Nov 1996 09:44:57 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
Message-ID: <199611261727.JAA14042@abraham.cs.berkeley.edu>



At 12:28 PM 11/25/1996, Dana W. Albrecht wrote:
>For an (again, non-cryptographic) example of a proof of the second sort 
>--- that is, that "any algorithm that solves a given problem requires a 
>minimal running time" --- consider the proof that the "minimal" number 
>of key comparisons in the worst case required to sort a random list of 
>elements for which only an ordering relationship is known is O(nlog(n)).  
>See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
>"binary" search which requires O(log(n)) comparisons to find a given 
>element in the worst case is provably the optimal algorithm for this 
>task.

What is the longest running provably optimal algorithm?  Would it be
possible to construct a crypto system from it?

A relatively weak crypto system which is provably no weaker than it
appeared would have its uses.

>Comments, anyone?

Congratulations on your excellent post.

diGriz







From paul at fatmans.demon.co.uk  Tue Nov 26 09:48:41 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Tue, 26 Nov 1996 09:48:41 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <849030317.93771.0@fatmans.demon.co.uk>



 Known-plaintext:   Unbreakable, since the pad is never reused
 Chosen-plaintext:  Unbreakable, ditto
 Adaptive-chosen-plaintext: Unbreakable, ditto

Correct but for a different reason. Re-using the pad does render the 
security useless but the other reason is if we know part of the pad 
AND the ciphertext (and hence the plaintext) or part of the plaintext 
and the ciphertext and therefore the pad, We cannot solve the rest of 
the ciphertext as the pad is true random and the next bits are 
independent of all the previous ones so we cannot predict from what 
we have.

A better definition of unbreakable, IMHO, is that there is no way to 
determine the plaintext given unlimited ciphertext and computational 
resources. Sure, this isn`t a complete definition but at least it 
definites perfect security in an analytic sense.



 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From kkirksey at appstate.campus.mci.net  Tue Nov 26 09:49:36 1996
From: kkirksey at appstate.campus.mci.net (Ken Kirksey)
Date: Tue, 26 Nov 1996 09:49:36 -0800 (PST)
Subject: sci fi
Message-ID: <199611261745.MAA19832@appstate-01.campus.mci.net>


>(Where would this world be without Mark Twain (a nym for
>Samuel Clemmens), Maxwell Grant (the nym for Walter B. Gibson and others
>for the Shadow pulps), and the thousands of other nyms that appear in the
>publishing field?)

Heinlein used a few nyms.  His best stories were published under the 
names Robert Heinlein and Anson Macdonald.  The Heinlein/Macdonald split 
came about because John W. Campbell didn't want it to look like 
_Astounding_ was being dominated by one other, though the quailty of the 
stories was about the same. (All but a couple of dthe Future History 
stories were published under one of these names, but I don't remember 
which).  Heinlein used other nyms for stories of lesser quailty, or 
stories he sold to other markets in genres other than sf.   He created 
one nym to sell off stories that he described as "stinkeroos", and went 
so far as to get a separate PO Box in the name of this nym so that it 
couldn't be associated with Robert Heinlein.

Ken





From paul at fatmans.demon.co.uk  Tue Nov 26 09:55:30 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Tue, 26 Nov 1996 09:55:30 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <849030305.93656.0@fatmans.demon.co.uk>



> > Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
> > you never know which break was the correct one ;)
> 
> Note that Schneier says "perfect", not "unbreakable".

yes,

Perfect is a better term. Strictly speaking it is because there is no 
finite unicity distance (the amount of ciphertext with which the 
cipher can theoretically be broken). So, stricly speaking, for a given 
message C and a prospective pad, P, out of a set of N pads which may 
or may not be correct:

P(P|C) = N^-1

The length of C and the amount of ciphertexts given have no effect in 
determining the key, nor is there any prospect of a know plaintext 
attack as the pad is true random and the next bits are totally 
independent of any others before them.
Of course the reason it is perfect is because there are many 
different pads which give valid decryptions and there is no way of 
knowing which one is correct.

IPG`s algorithm is definitely NOT an OTP and Don Wood is a snakeoil 
merchant.


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From mjmiski at execpc.com  Tue Nov 26 10:13:40 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Tue, 26 Nov 1996 10:13:40 -0800 (PST)
Subject: market for hardware RNG?
Message-ID: <199611261813.MAA11361@mail.execpc.com>


> But on thinking about this a little more, I began to wonder if anybody 
> really wants this.  Pessimistically, it occurs to me that:
> 
> 1.  Many if not most people don't even understand why a hardware RNG is 
> desirable.

While your potential market is small, it is dedicated.  Developers of 
crypto products are always looking for good random sources.  People 
that really NEED more reliable sources of random bits are willing to 
pay for them.  I dont think your market will be end users.  But a 
little market research should turn up a healthy margin for you.

> 2.  Users of programs like PGP today already get at least a fairly decent 
> RNG already.  Would they want better?  (I'm not suggesting a total 
> replacement; I assume that the output of any hardware RNG would be hashed 
> with more "traditional" PC sources, like disk timings, keyboard timings, 
> etc, which should deter attempts to attack just the hardware part.)

Why would you hash good RNG output?  I understand your desire to 
deter hardware only attacks.  I just think it might be an 
overreaction.  Of course mine could be an under-reaction 8-)

> 
> 3.    Even hardware RNG's aren't "perfect":  they could be subverted, 
> replaced, or perhaps influenced.  Would someone who was sufficiently 
> sophisticated as to recognize the need for it actually accept a real, 
> functioning device?

It would have to go through rigorous testing in the crypto community. 
 RNGs v. PRNGs goes through a yearly debate here on cpunks.  There 
have been some good discussions on the use of white noise and other 
potential hardware sources.  Im not sure if hks is back up or not, 
but you might look there.

If an independant entity could certify the product with a good 
reputation for dedication to the community, you would get much 
milage.  PGP, Inc. might be interested for instance.  I mean I have 
used PGP for years but have not had the time to go through the code, 
etc.  I trust it because Phil's reputation precedes him.

> On the other hand... if this kind of pessimism had infected Phil Zimmermann 
> before he wrote PGP 1.0, he might have deleted the first 50 lines of code, 
> erased the file, and said, "fuck it!"

Go for it Jim.  I would be happy to support you in any way I could.  
Let me know.  It sounds like a good idea.

> 
> Jim Bell
> jimbell at pacifier.com

Matt
 
_________________________________________________________________________
Matthew J. Miszewski                 |               <mjmiski at execpc.com>
Practice Crypto Civil Disobedience   |  Export your favorite Cryptosystem
-------------------------------------------------------------------------
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From wombat at mcfeely.bsfs.org  Tue Nov 26 10:17:28 1996
From: wombat at mcfeely.bsfs.org (Rabid Wombat)
Date: Tue, 26 Nov 1996 10:17:28 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <199611260331.VAA00208@smoke.suba.com>
Message-ID: <Pine.BSF.3.91.961126120317.12312B-100000@mcfeely.bsfs.org>


> exactly _what_ are those entities, and what does that wealth consist of? 
> 
>     Real estate? Money in the bank? -or- things like stocks, bonds, and 
> other _investments_? 
> Petro, Christopher C.
> petro at suba.com <prefered for any non-list stuff>
> snow at smoke.suba.com
> 

Take a look in the Forbes 400 listings of th of the most wealthy 
Americans. I'm sure you can find a copy at your local library. If not, 
there's a copy somewhere under my sofa, next to an old tennis ball 
covered with dog spit.

The tennis ball, that is. Although one of the Hunts has a few teeth 
marks ...

:)

-r.w.






From iang at systemics.com  Tue Nov 26 10:56:43 1996
From: iang at systemics.com (Ian Grigg)
Date: Tue, 26 Nov 1996 10:56:43 -0800 (PST)
Subject: Bounty Server, Revisited.
Message-ID: <199611261858.TAA25374@internal-mail.systemics.com>


Hi, Snow,

>      I have started drafting a proposal statement for the Bounty server. 

Wow, you've gotta move fast in this game :))

> Bounty Server, The proposal:
> Version 0.1
> 
> Abstract:
[chop where agreed or not disagreed]

> Background:
>      It is the "Copylefted" software that interests me at this point.

OK, although for my model, I am assuming that all forms are covered.

> The proposal:
> 
>     What I am going to attempt to do is to set up a "Bounty Server" where 
>     someone can iniate a "bounty" on a peice of technology. The initator
>     will write up a set of specifications for the technology, and an initial 
>     award to be paid to the developer. They then post it on the server and 
>     send their initial "bid" to the organization.  

Separate this out, for clarity of model.  The initiator (I used
Proposer, and called her Alice coz Alice always initiates) proposes
the specification, or task.  There is no need for Alice to submit an
initial bid, although they have that option, as a buyer.

BTW, bid to do what?  Using market terminology, I have assumed thay
bid is to buy, that is provide cash.  Offer is to sell, that is provide
software.  Ah, yes, bid is add to bounty.

>     This is the "bounty". Other people can add to this bounty, allowing the 
>     totals to add until someone claims that bounty by providing proof of 
>     development to the initiator of the bounty. In software terms they would 
>     upload the software to the server and notify the originator of the bounty,
>     and the server operators. Other technology will be figured out as it 
>     becomes necessary.

This is where I have put most of my efforts, because I need to design the
microstructure that is built into our market.

>     Originally I was going to put the stipulation in that the software written
>     must be Copylefted. I decided that that wasn't really necessary, but 
>     rather simply desired. To aid in that desire, I am going to build in 
>     an initative to releaseing the software "copylefted".

Absolutely - let the market decide.  Some of us, for example, do not like
copyleft.

> To get more specific: 
  [chop]
>     The first developer to upload a _working_ package to the server will 
>     be awarded the total bounty, ...

This worries me.  If I, as a junior programmer, am looking to enter the
market, I will have the daunting task of beating everyone else.  Real life
doesn't work that way - there are ways in which I can pick up some newbie
tasks for low money, so as to build up experience and/or reputation.

I guess the notion of bounty is just that - first one takes all.
However, I think that the solution might be a bit limited in the
long run.

Interesting in that my proposal leads to task distribution by awarding
contracts, your proposal leads to task incentives by rewarding speed.

>     "First" will be soley determined by the time stamp of the server. As soon
>     as the package is uploaded, the initiator and the server adminstrator 
>     will be notifed, and the bounty marked "claimed". If the package is 
>     accepted by the initiator, the bounty will be marked "closed", the 
>     package moved to an FTP site for distribution (if Copylefted) or 
>     moved offline if not (archived copies will be kept for legal reasons--
>     more on that later). At that point a check for the developer will 
>     be cut (or ecash mailed if that works out).   

OK, my proposals specifically assume no need for a "decision" by Alice.
That's not to say either is right, it's just that I prefer to design
something that eliminates the individual decision rather than cope
with the complexities.  I believe it will result, in the end, in a
more efficient market.

>     The Server Adminstrator will also do an cursory check to make sure that
>     there are no obvious copyright violations. 
> 
>     In the event that there is a conflict between the initiator and the 
>     developer, the claim will go into adjudication. The server adminstrators
>     decesion is final, and he will make every effort to settle the claim
>     fairly. Adjudication will incur an additional fee (see the fees section). 

Same as above, no adjudication in my system.
Although, it is possible to add underwriters,
by simply making the task offerers (Bob and Carol)
into bond writers who front for programmers.

> Status:
> 
>     At this point in time I am (obviously) still in the process of developing 
>     the procedures. I have registered a Domain Name (bounty.org) and I have 
>     a couple promises off assistance in certain areas. As well, I have 
>     a server to start off with.  

Wow, *gotta* move fast.  As I say, our stuff is based on a lot of
pre-existing software, so we make a lot of assumptions.  Given our
different approaches we may end up with competing systems rather
than one, but that's fine, indeed highly valuable as an experimental
approach.

What's financing you in this?  Or should I say, monetarily enthusing?

I have started writing (last night :)) this all up as a paper for
presentation to FC97.  If you want, we could collaborate, or I will
just document your efforts, and concentrate on presenting mine.

My efforts are now at
    http://www.systemics.com/docs/papers/task_market.html

TTFN
iang.





From anonymous at miron.vip.best.com  Tue Nov 26 11:09:38 1996
From: anonymous at miron.vip.best.com (anonymous at miron.vip.best.com)
Date: Tue, 26 Nov 1996 11:09:38 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <199611252011.MAA27220@clotho.c2.org>
Message-ID: <199611261857.KAA00518@miron.vip.best.com>


> From: sameer <sameer at c2.net>:
> 
>       SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE

BTW, this doesn't come with source code.





From Scottauge at aol.com  Tue Nov 26 11:15:32 1996
From: Scottauge at aol.com (Scottauge at aol.com)
Date: Tue, 26 Nov 1996 11:15:32 -0800 (PST)
Subject: [CRYPTO] Bank Cards, Interac, Bank Machines, etc
Message-ID: <961126141446_1586812475@emout02.mail.aol.com>


In a message dated 96-11-25 22:17:41 EST, you write:

> I also heard that the magnetic stripe on the back contains your card
>  number (the shiny metallized numbers on the front) encrypted using DES
>  using your PIN as the key.  Way out to lunch?  Too close for comfort?

This seems to be pretty unlikely, cuz I changed my PIN and was still able to
use the same card.  This means:

1) They can write to a card (pretty unlikely - but not ruling it out - jus
don't know)

2) There are more PINs to a card than one (pretty unlikely cuz I chose my
number)

What I suspect is:

Obtain card number
Obtain PIN
Send both to computer controlling transactions
This computer inputs both to an algorithm that says Yea or Nay to continuing
(like the numbers point to a valid check/credit/savings account or GL
account)...

Perform transaction (data likely encrypted the same way back and forth for
defeating listening devices)....

There may be a hash to the account, the result is not an account number, or
some huge look-up database is in play matching PINs to card numbers to
accounts.





From omega at bigeasy.com  Tue Nov 26 11:46:00 1996
From: omega at bigeasy.com (Omegaman)
Date: Tue, 26 Nov 1996 11:46:00 -0800 (PST)
Subject: Bounty Server, Revisited.
Message-ID: <199611261946.NAA05804@bigeasy.com>



>      The objective is to actually bring this system online. 

"cypherpunks write code."  good.

> Background:
> 
>      There is a lot of software floating around. It basically falls into
>      5 catagories: Commercial, Shareware, Freeware, Gnu (and other 
>      "Copyleft" schemes) and Public Domain. 
>      <Need to fill this in, but at this point we all know what the 5 types 
>      are> 
> 
>      It is the "Copylefted" software that interests me at this point. There
>      is quite a bit of high quality "Gnu" software, and at least one
>      operating system based on the GNU mentality (linux) however there 
>      is a dearth of _enduser_ tools such as mail and news readers for 
>      the more popular end user operating systems, word processors and 
>      graphics editing software, easy to use Graphic Design Software (TeX
>      is NOT easy to use) and easy to use Cryptographic software. 

many would pay good money for Linux native versions of programs like 
Wordperfect, Corelpaint & draw, Pagemaker , etc.

>     4) Desired "quality" level: Proof of Concept, Alpha, Beta, Release etc. 

Needs flesh.  What defines "alpha" or "beta" for purposes of bounty 
or is that up to the person initiating the bounty?
 
>     6) Where the initiators money is to go if the bounty is not claimed: 
>        I will provide a short (8 or 10) list of charities that the money 
>        will go to if the bounty is not met. This is to keep the initiator
>        honest, as well as the server. Each contributor will also get this 
>        choice. 

Do you have the charities in mind?  They should be listed in the 
abstract, I think.


Who will be publicize the initial bounty offer -- the server or 
bounty initiator?  Information about a specific software project will 
need to be disseminated beyond bounty.org.  


More details on conflict resolution are needed in a final draft.  The 
process and priorites the server administator will use to make his 
judgements should be abastractly discussed and possibly 1 or 2 
specific hypotheticals detailed.

me
--------------------------------------------------------------
 Omegaman <mailto:omega at bigeasy.com>
 PGP Key fingerprint =  6D 31 C3 00 77 8C D1 C2  
                        59 0A 01 E3 AF 81 94 63 
Send a message with the text "get key" in the 
"Subject:" field to get a copy of my public key.
--------------------------------------------------------------





From whgiii at amaranth.com  Tue Nov 26 13:01:52 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Tue, 26 Nov 1996 13:01:52 -0800 (PST)
Subject: Dorthy Denning is a boot-licking fasicist!!!
Message-ID: <199611262215.QAA21070@mailhub.amaranth.com>


Hi,

I don't know if anyone watched the House Subcomitty on Computers &
Technology today on C-Span.

Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing
computer security.

Dorthy Denning gave the most pro-government speech I have ever heard. Is
this clueless bitch on the government payroll?!!

William Reinsch is a lying bastard. Fucking politions!! Fucking
goverment!! They all deserve a long rope!!

Phil Zimmerman was quite good at attacking the government policies.

<sigh> We are truly a country of fools to have put these jackbooted
facisit bastards back into office.

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii at amaranth.com>
-----------------------------------------------------------






From cman at c2.net  Tue Nov 26 13:26:15 1996
From: cman at c2.net (Douglas Barnes)
Date: Tue, 26 Nov 1996 13:26:15 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <2.2.32.19961126212424.00cba538@blacklodge.c2.net>



>>       SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
>
>BTW, this doesn't come with source code.
>

No, it does not come with source code. Site licenses and OEM
bundling packages will come with a source code option. Partners
who work with us in internationalizing the product may also
receive source code. However, it did not seem to be useful or
appropriate for a consumer-level product like this.

We are trying to find a happy medium between making sure that the
security is well-reviewed, and doing things that make business
sense and map onto standard industry practice for selling software
products. 

Note that SafePassage uses SSLeay for its encryption and SSL
protocol layer; SSLeay has publicly available source code, and has 
been extensively reviewed.

Douglas Barnes
C2Net







From nobody at replay.com  Tue Nov 26 13:58:02 1996
From: nobody at replay.com (Anonymous)
Date: Tue, 26 Nov 1996 13:58:02 -0800 (PST)
Subject: No Subject
Message-ID: <199611262152.WAA01587@basement.replay.com>


oh mindless aga,

>> This betrays your ignorance.  I.Q. is scaled according to age.  One does
>> not "improve."

Certainly not in your case.
 
>
>I have no ignorance, except for being ignorant of stupid people
>who call themselves "punks."

If you are ignorant of them, then how do you know that they are "stupid"?

>Look asshole; it says "LAW DOCTOR" -- that is what "Juris Doctor"
>means, stupid.  And I am about to stick the motherfucking Laws
>right up your cocksucking ASS!

How is this possible? It seems that you are possible of rather contemptible contortions!


>"Juris" means Law.  So Juris Doctor means "Law Doctor."

Clinging to technicalities here, aren't we?

>that is irrelevant, and you are off-topic.

Oooh! Oooh! Point the finger here, aga, at YOURSELF!

>Europe is also irrelevant, and you keep missing the point here.
>You have added the cypherpunks list again, and that was forbidden.

What a wonderful statement: Europe is irrelevant!!! A truly educated mind here. 

>look asshole, you really want that list killed, do you not?
>I have no bounds, as you will soon learn.

When one is clapped in irons and thrown into prison for whatever it is that your acts can be classified under, then I am pretty sure they have _some_ bounds.

>> > > Be careful who you threaten.  It might get you in trouble.

One wonders if you ever pay attention to what you actually write, aga?

>WRONG!  There is NO crime which covers anything that one does
>internationally!   And mailbombing is NOT "Unauthorized access,"
>regardless of where it occurs!

Uhm...oops, aga, you're wrong here, there are plenty of crimes that are international crimes. War crimes for example, which o against the Geneva convention. Child abduction crimes, which go against the Hague convention. But I am sure they will give you a slight slap on the  wrist, after all, you are only a stupid hillbilly with no idea of the law.

>Pitt-1975; Dissertation was in 1983 actions.  I practiced for
>six years, and then became perfect.  I currently do not practice for
>any parties other than myself, family, corporation or Institutes,
>and I need no license for that. And since I do not carry any
>license from any State, there is NOTHING that you can do to stop me.

Assassination comes to mind...

>The State disciplinary board has no jurisdiction, nor does any
>Law.  A Criminal Lawyer is a specialist in ripping new assholes
>on the witness stand, and that must now also be practiced on the net,
>it seems.  Remember, you are the one who asked for this, "Sadam."

You seem to have this absolute _fascination_ with asses, faggots, cocks, and ripping _new_ assholes (as if you weren't a big enough one already. This is obviously some sort of concious repression: you just can't face the truth, can you, aga?

>This is a world-wide internet problem that you are about to get
>taken care of.  You will be among the first locations to be
>eliminated.  And just remember that your termination is your own
>doing.  You had your chance to keep the fucking cypherpunks list
>OFF of your e-mail to me, and blew it.

Do we run and hide now, mommy?

>> I suggest a hobby which entails more physical activity.
>> 
>
>I pump iron and run three times a week.  And as a Tae Kwon Do
>black belt holder, I get lots of physical activity. I am in
>better physical shape than any other man that you know.

He/she/it pumps iron, does he/she/it? Whilst running? No mean feat for a thing without a brain. Assuming that you are better than anyone else you have probably never met, someone who probably has no desire to meet a thing like yourself, is yet another example of your sheer assonance!

>And just understand, as far as the internet is concerned, Europe does
>not mean SHIT!

Of course not...I am sure the European Internet thinks the same as you. After all, an inanimate object seems to think just as much as you!


--The Edge








From mjmiski at execpc.com  Tue Nov 26 14:25:44 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Tue, 26 Nov 1996 14:25:44 -0800 (PST)
Subject: Bounty Server, Revisited.
Message-ID: <199611262225.QAA22449@mail.execpc.com>


(snip)
> BTW, bid to do what?  Using market terminology, I have assumed thay
> bid is to buy, that is provide cash.  Offer is to sell, that is provide
> software.  Ah, yes, bid is add to bounty.
(snip)

Ian and Snow,

I think it would be extremely valuable to have the ability to "offer" 
and to "bid".  If Joe Student has much spare time and wants to 
develop a tool for themselves they should also have the option to 
"offer" it to the bounty server.  If any one is interested, offers 
could be made.

Good luck to you both.  This sounds like it is coming along.

> TTFN
> iang.

Matt
 
_________________________________________________________________________
Matthew J. Miszewski                 |               <mjmiski at execpc.com>
Practice Crypto Civil Disobedience   |  Export your favorite Cryptosystem
-------------------------------------------------------------------------
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From aba at dcs.ex.ac.uk  Tue Nov 26 15:21:06 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Tue, 26 Nov 1996 15:21:06 -0800 (PST)
Subject: Provably "Secure" Crypto
In-Reply-To: <199611261737.JAA14215@abraham.cs.berkeley.edu>
Message-ID: <199611251503.PAA00381@server.test.net>



deGriz wrote:
> At 4:18 AM 11/26/1996, Peter M Allan wrote:
> >That is a bound on a _reliable_ algorithm.  A faster one is to shuffle
> >the elements and present it as sorted.  Lightning fast, but only with
> >low probability of correctness.  That is what we are up against in a key
> >search attack.  The other guy just might guess my 100 bit key first time,
> >millionth time or whatever - early enough anyway.
> 
> >So to get a lower bound you have to show that a lucky guess cannot be
> >distinguished from an unlucky one - and if you do that without a one
> >time pad I take my hat off.
> 
> If the chance of a successful guess is absurdly low, the algorithm can
> be considered to be secure.  It is quite unlikely that you will guess
> a random 128-bit key.  

Agreed.  However you _can_ instantly verify once you have guessed.
This makes the algorithm cryptographically secure, but _not_ perfectly
secure as is the case with a OTP with a truly random pad.

I think we agree, it is just a distinction in definitions of terms.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From aba at dcs.ex.ac.uk  Tue Nov 26 15:21:23 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Tue, 26 Nov 1996 15:21:23 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <848946795.108068.0@fatmans.demon.co.uk>
Message-ID: <199611251519.PAA00399@server.test.net>



Paul Fatman writes:
> someone else writes:
> >Is the concept here that:  Whereas conventional crypto generates/hashes
> >a *key* with which to encode the text, IPG generates a *pad* from a key,
> >more or less the length of the text, with which to encode the text??
> 
> It makes no difference whatsoever, no PRNG can have more entropy in 
> the output stream than there was in the initial seed. Indeed, in 
> general, the longer the PRNG runs for the more chance an adversary 
> has of breaking it due to an increased amount of output.

Also the distinction between generating a psuedo random pad, and
XORing that with the data and conventional ciphers is small and
largely a matter of interpretation.  This _is_ for example how RC4
works: RC4 has a PRNG the output of which is XORed with the data to be
encrypted.  The seed to the RC4 PRNG is the cryptographic key.  If you
prefered, an equivalent view of RC4 would be to say it produces a
pseudo randomly generated PAD which is XORed with the data.

Ron Rivests algorithm however has received independent review, and
since it's "leak", academic review.  It has survived unblemished so
far.

For Don Wood's algorithm on the other hand, I have seen no reports of
any independent or academic or even casual review.  This doesn't prove
a negative, but it bodes badly for his algorithm in my view.

If he was serious about his algorithm, he would attempt to get it
published in a peer reviewed cryptographic journal, and/or pay for
high reputation independent cryptographic consultants to examine it.

That is my advice to Don,

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From aba at dcs.ex.ac.uk  Tue Nov 26 15:34:38 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Tue, 26 Nov 1996 15:34:38 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <2.2.32.19961126212424.00cba538@blacklodge.c2.net>
Message-ID: <199611251533.PAA00540@server.test.net>



Doug Barnes <cman at c2.net> writes:
> >>       SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
> >
> >BTW, this doesn't come with source code.
> >
> 
> No, it does not come with source code. Site licenses and OEM
> bundling packages will come with a source code option. Partners
> who work with us in internationalizing the product may also
> receive source code. However, it did not seem to be useful or
> appropriate for a consumer-level product like this.

I'm curious as to how C2 is going about this `internationalization'
process?  Do you do your software development outside the US?  Do you
do a joint development inside and outside with clean room code?  Do
you export software with hooks, and employ lawyers to defend against
the possibility of getting knobbled for ITAR violation on this basis?

Regardless, congratulations on another good product, deliverable
worldwide.  A very cypherpunkly goal, strong crypto deployment.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From sameer at c2.net  Tue Nov 26 15:54:14 1996
From: sameer at c2.net (sameer)
Date: Tue, 26 Nov 1996 15:54:14 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <199611251533.PAA00540@server.test.net>
Message-ID: <199611262353.PAA24264@clotho.c2.org>


> 
> I'm curious as to how C2 is going about this `internationalization'

	'internationalization' refers not to ITAR, but to things such
as language in dialog boxes, using periods instead of commas, in
numbers, etc.

	All our development is done outside the US. We don't export
software with hooks, that's illegal.

-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net
http://www.c2.net/				sameer at c2.net





From ichudov at algebra.com  Tue Nov 26 16:42:43 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Tue, 26 Nov 1996 16:42:43 -0800 (PST)
Subject: Another Nutty Idea about SPAM
In-Reply-To: <199611261635.KAA04691@bigeasy.com>
Message-ID: <199611270037.SAA11474@algebra>


Omegaman wrote:
> Igor Chudov wrote:
> > Another nutty idea: to create a database of people who do NOT want to
> > receive unsolicited advertisements, and make it widely available.
> 
> Of course.  But this does not address the issue of "unscrupulous 
> spammers" which is what Steven was commenting upon.

Surely, you are right. See below, however.

> > The obvious problem is that some very uncsrupulous spammers would want
> > to grab this database and use it as a source of email addresses. 
> > 
> > This problem has a solution, however: instead of distributing people's
> > email addresses, distribute MD5 checksums of their addresses. For 
> > example, an entry for ichudov at algebra.com would be 
> > 
> > 	b51175dae78f25427351d5e3ff43de30
> > 
> > There is no way to guess the original text from an MD5 checksum.
> > 
> > Spammers should be advised to exclude all addresses with MD5 checksums from
> > that database from the recipient list, and include instructions on how
> > to get one added to the database into their spams.
> 
> Okay fine.  The spammer is "advised" but if he is unscrupulous in the 
> first place, he'll simply ignore the advice and continue bulk-mailing 
> to every address he can grab.  

In which case the spam-fighting mob will harass him.

> > Database maintainers could even provide a email filter-bot that would
> > accept recipient lists by email and send back the same lists, but
> > WITHOUT addresses that wish not to receive spam. This way stupid
> > low-tech spammers (who make up the majority) will be able to process
> > their email lists quickly and easily.
> 
> Indeed, stupid low-tech spammers would benefit from such a service if 
> they wish to honor "do not send" requests.
>  
> > This database may be maintained centrally. Users may be able to sign up
> > for inclusion into that database by email or by filling out a Web-based 
> > form. Identity verifications may be done by using cookie protocol.
> 
> I like the idea and if I had the resources, I would do it personally. 

I think that a regular unix account would have enough functionality
to implement it.

> Optimistically, many bulk e-mailers would sign on to the plan.  
> (Ironically, one would probably have to solicit bulk e-mailers to 
> sign up).  However, many, being unscrupulous, ignorant, etc. will not 
> be involved.
> 
> The only way I see to get bulk e-mailers to utilize this service is 
> to offer a positive and/or negative incentive for usage of the 
> service.  ie. "What do I gain by elminating people from my bulk 
> mail-outs?  What can be done if I don't follow this protocol?"
> 
> Ideas?  Comments?

I think that the incentive for spammers to actually use this service is
that spam-fighters can agree not to yank their accounts and not to
go after them if they use that "no spam please" database.

This arrangement basically makes everyone happy, for obvious reasons.

	- Igor.





From nobody at cypherpunks.ca  Tue Nov 26 16:56:03 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Tue, 26 Nov 1996 16:56:03 -0800 (PST)
Subject: Provably "Secure" Crypto
Message-ID: <199611270034.QAA21978@abraham.cs.berkeley.edu>



At 7:03 AM 11/25/1996, Adam Back wrote:
>deGriz (sic) wrote:
>> At 4:18 AM 11/26/1996, Peter M Allan wrote:
>> >That is a bound on a _reliable_ algorithm.  A faster one is to shuffle
>> >the elements and present it as sorted.  Lightning fast, but only with
>> >low probability of correctness.  That is what we are up against in a key
>> >search attack.  The other guy just might guess my 100 bit key first time,
>> >millionth time or whatever - early enough anyway.
>> 
>> >So to get a lower bound you have to show that a lucky guess cannot be
>> >distinguished from an unlucky one - and if you do that without a one
>> >time pad I take my hat off.
>> 
>> If the chance of a successful guess is absurdly low, the algorithm can
>> be considered to be secure.  It is quite unlikely that you will guess
>> a random 128-bit key.  
>
>Agreed.  However you _can_ instantly verify once you have guessed.
>This makes the algorithm cryptographically secure, but _not_ perfectly
>secure as is the case with a OTP with a truly random pad.
>
>I think we agree, it is just a distinction in definitions of terms.

We are in agreement.  I would add, for the benefit of others, that it
is a good idea to keep in mind that the focus of our work is to build
physical systems which are secure.  For instance, we determine the
primality of numbers using probabilistic methods.  This is not
"perfect" in the sense that a OTP is, but it is certainly good enough
to bet somebody else's life on it.  ;-)

OTPs, for that matter, are engineering problems, too.  It is difficult
to find a random number generator in which we have complete
confidence.  If we buy a board from somebody, how do we know there
isn't a back door?  How do we know they did a good job?  Many
commercially available hardware random number generators are of
shockingly poor quality.  Caveat emptor.

diGriz







From ichudov at algebra.com  Tue Nov 26 17:00:50 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Tue, 26 Nov 1996 17:00:50 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <849030305.93656.0@fatmans.demon.co.uk>
Message-ID: <199611270044.SAA11917@algebra>


paul at fatmans.demon.co.uk wrote:
> Perfect is a better term. Strictly speaking it is because there is no 
> finite unicity distance (the amount of ciphertext with which the 
> cipher can theoretically be broken). So, stricly speaking, for a given 
> message C and a prospective pad, P, out of a set of N pads which may 
> or may not be correct:
> 
> P(P|C) = N^-1

What does it mean?

	- Igor.





From jc105558 at spruce.hsu.edu  Tue Nov 26 17:01:25 1996
From: jc105558 at spruce.hsu.edu (jc105558 at spruce.hsu.edu)
Date: Tue, 26 Nov 1996 17:01:25 -0800 (PST)
Subject: wealth and property rights
Message-ID: <009ABBF7.ACB06A80.64@SPRUCE.HSU.EDU>


From:	MX%"dave at kachina.jetcafe.org" 22-NOV-1996 00:41:58.20
To:	MX%"aba at dcs.ex.ac.uk"
CC:	MX%"freedom-knights at kachina.jetcafe.org",MX%"cypherpunks at toad.com"
Subj:	Re: wealth and property rights

Return-Path: <cypherpunks-errors at toad.com>
Received: from toad.com by spruce.HSU.EDU (MX V4.1 VAX) with SMTP; Fri, 22 Nov
          1996 00:41:55 EST
Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id SAA04549 for
          cypherpunks-outgoing; Thu, 21 Nov 1996 18:36:12 -0800 (PST)
Received: from kachina.jetcafe.org (jetcafe.org [207.155.21.2]) by toad.com
          (8.7.5/8.7.3) with ESMTP id SAA04544 for <cypherpunks at toad.com>; Thu,
          21 Nov 1996 18:36:08 -0800 (PST)
Received: from [127.0.0.1] ([127.0.0.1]) by kachina.jetcafe.org (8.7.5/8.7.3)
          with SMTP id SAA02028; Thu, 21 Nov 1996 18:35:51 -0800 (PST)
Message-ID: <199611220235.SAA02028 at kachina.jetcafe.org>
X-Authentication-Warning: kachina.jetcafe.org: Host [127.0.0.1] didn't use HELO
    protocol
To: Adam Back <aba at dcs.ex.ac.uk>
CC: freedom-knights at kachina.jetcafe.org, cypherpunks at toad.com
Subject: Re: wealth and property rights
Date: Thu, 21 Nov 1996 18:35:49 -0800
From: Dave Hayes <dave at kachina.jetcafe.org>
Sender: owner-cypherpunks at toad.com
Precedence: bulk

> Btw, people of your mentality (communists/socialists) already make it
> very difficult for me to accumulate, due to the exhorbitant tax rates
> to support those who chose to blow their money as soon as they have
> it

I don't necessarily want to support "socialism" nor "capitalism". Both
are extremes of a situation which does no one any good to exist. 

However, I would question the implication that "socialists" are
responsible for the higher tax rates you currently experience.  

For example, I could make a strong case that you really have some
clever "capitalists" who have learned how to express their
"capitalism" quite effectively across the space of all people in a
"country".

8-)
------
Dave Hayes - Altadena CA, USA - dave at jetcafe.org 
Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet

         It is the wise bird who builds his nest in a tree.







From rah at shipwright.com  Tue Nov 26 17:05:10 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 26 Nov 1996 17:05:10 -0800 (PST)
Subject: CHANGE: Visa-Free List - How to gain another nationality
Message-ID: <v0300780caec141bbec1d@[206.119.69.46]>



--- begin forwarded text


Date:         Tue, 26 Nov 1996 14:22:07 -0600
Reply-To: sanwar at bclimser.demon.co.uk
Sender: NEW-LIST - New List Announcements <NEW-LIST at LISTSERV.NODAK.EDU>
From: Sanwar Ali <sanwar at bclimser.demon.co.uk>
Organization: BCL Immigration Services
Subject:      CHANGE: Visa-Free List - How to gain another nationality
To: NEW-LIST at LISTSERV.NODAK.EDU

   The VISA-FREE list has now had a change in address for all requests
   to the server.  Instead of it ending with pobox.com after the @ sign
   it will be majordomo.pobox.com.  Below are the new details for the
   list.

VISA-FREE on majordomo at majordomo.pobox.com

Discussion of how to gain another nationality for visa-free travel

VISA-FREE an unmoderated discussion list covering the problems
associated with international travel.  In particular the issues
discussed will cover acquiring a different nationality to overcome
these problems.  VISA-FREE is open to anyone wanting more information
on visa-free travel, or with useful tips about gaining another
nationality quickly.  It is also open to specialists in nationality
law.

Documentation covering the relevant laws of countries that grant their
citizenship quickly are archived at:

http://www.bclimser.demon.co.uk/bclgovnt.htm

Also information covering problems that people have experienced when
using a new passport will be covered.   There are archives of many of
the digests at:

http://www.bclimser.demon.co.uk/bclarchv.htm

There will also be an e-journal called "THE VISA-FREE JOURNAL" sent to
subscribers.  Anyone wishing to write to the list-owner directly to
discuss relevant issues and who does not wish this circulated to the
list may do so. The address is s.riley at pobox.com.  Please also state
whether you would mind if your comments are put into the journal.  The
list-owner will respect any requests for privacy.

*IMPORTANT: Anyone offering specialist assistance to VISA-FREE must
provide the list owner with the relevant laws applicable to any
citizenship programme offered, in the form of plain text to be
archived and made available to the list.  Also the legal basis of any
programme must be fully verified with the list owner before permission
is granted for circulation to the list.  This is to safeguard the
integrity of the list.  Permission will not be unreasonably withheld
from such people.  At the same time the list -owner reserves the right
to exclude those people who do not adhere to the purpose of the list,
engage in unnecessary flaming or offer services of a dubious nature.*

To subscribe to VISA-FREE, please send the message:

             SUBSCRIBE VISA-FREE           (without your name!)

                           or for the digest

             SUBSCRIBE VISA-FREE-DIGEST

to majordomo at majordomo.pobox.com

To send messages to the full list use  visa-free at majordomo.pobox.com

For messages to the list owner use  s.riley at pobox.com

Home Page: http://www.bclimser.demon.co.uk/bclvisfr.htm

Owner:  Sam Riley (AKA "Sanwar Ali")  s.riley at pobox.com

The list-owner's public key is:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi/xbwUAAAEEALZolxs1l/DbYtEOIJV71EdsDepzR+DhLPPATIMwYiYgU9Yc
PRIa6aUI4VKrtz23/3Nz4pFP45kCfKUehsJ3oqtXzGWqCqIpPVm4q4d6oV44Csn5
EykR3ujlzYaCopzsYRD9E/EIaxVztnIantfLeN0IwQL0k9XazPkj64yNL1lpAAUR
tCRTYW0gUmlsZXkgPHNhbUBiY2xpbXNlci5kZW1vbi5jby51az4=
=nj7+
-----END PGP PUBLIC KEY BLOCK-----

                                 -------
Use this information at your own risk.  For more information and disclaimer
send E-mail to LISTSERV at LISTSERV.NODAK.EDU with the command  INFO NEW-LIST
in the body.

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From jya at pipeline.com  Tue Nov 26 17:37:36 1996
From: jya at pipeline.com (John Young)
Date: Tue, 26 Nov 1996 17:37:36 -0800 (PST)
Subject: TIA Invites
Message-ID: <1.5.4.32.19961127013503.0067151c@pop.pipeline.com>


A rep of the Telecommunications Industry Association
telephoned to say that TIA has invited authority to 
investigate disclosure of TIA's TR45.3 to the unworthy.







From allyn at allyn.com  Tue Nov 26 17:57:54 1996
From: allyn at allyn.com (Mark Allyn 206-860-9454)
Date: Tue, 26 Nov 1996 17:57:54 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <Pine.LNX.3.95.961126115402.4290C-100000@deimos.ceddec.com>
Message-ID: <199611270201.SAA29256@mark.allyn.com>


Are any of the characters in the new Star Trek gay?

I have heard rumor that Data was supposed to be.

Mark





From boursy at earthlink.net  Tue Nov 26 18:05:14 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Tue, 26 Nov 1996 18:05:14 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961126110818.4290A-100000@deimos.ceddec.com>
Message-ID: <329BA29F.B97@earthlink.net>


Tom Zerucha wrote:
> 
> Some basic points on the thread
> 
>1. For wealth to be "handed down", it must be earned or confiscated first.
>Mao's widow lived quite well during Mao's life and for a while after his
>death.  

  Well China is nor more of an example of communism than Argentina
is of Capitalism--they are both totalitarim regimes that use ideology
as an excuse to plunder.  It would be unfair for example to use
Marcos wife (and her shoe collection) as an example of why 
capitalism doesn't work.


> Also, if there was no direct way to pass wealth on to offspring,
> it would be consumed or destroyed by the generation which created it.  

  Perhaps by some--not most.  Many die without wills--the wealthy
tend to be much more careful with such things of course but you could
allow provisions to have a percentage donated to non-political chartible 
organizations.


> You may not agree with the choice of the original Kennedys and 
> Rockefellers, but limiting that choice is not without consequence 
> - the wealth will still not end up where you want it, and a great 
> amount will be left uncreated.

  I sincerely don't believe that.  If you look at your above
examples, or Bill Gates below, much of their motivation is not
the accumulation of weath per se but rather power and performance.
I know I would do much the same job (not that I'm in the wealthy)
even if the salary were more or less--I enjoy it (I'm a programmer).
Same is true for education--much of the motivation is either 
intrinsic or status oriented and has little or nothing to do with
marketablity.

 
> 2. In a socialist society wealth is confiscated at gunpoint.  

  Not at all--no more or less so than in capatilistic societies.


> In a capitalist society, I have to provide something that you want 
> more than your wealth in order to obtain it.  

  That's true--as with all labor--but it is a matter of scale.  
Gates would do the same thing if you limited his income just
for the sake of power accumulation--he's got all the money
he could ever consume.  That's not his real motive.

 
> 3. If wealth isn't being transferred, it is most likely because Government
> has created a monopoly or oligopoly.  If I have a better idea for a car, I
> cannot simply just build one, since any modification to the powertrain has
> to be certified by the EPA.  So if I could get 2 Miles/gallon better
> mileage without a change in emissions for a $50 modification, I still have
> to spend over $1 Million satisfying the bureaucracy and generating no
> profit.  The existing auto industries have no incentive to change this
> because these are sunk costs, and they can keep their oligopoly.

  Yes-our auto industry is a disgrace and I agree we do no favors
protecting them or bailing them out.  On the other hand goverment 
must protect against the creation of business monopoly which is
even more stifling.

 
> 4. When you say wealth isn't being transferred, it is also generally
> untrue.  While someone may be controlling it, their control is usually not
> to leave it under a matress (which would make my wealth comparatively more


   Sorry to chop out so much about Microsoft--but sure most wealth is
transferred in this country--that's a statisitical fact.  Yes--there
is consumption but when accumalation gets into the multi-millions that
becomes irrelevant--money grows as you know--stocks, property, etc. and
that is all that is passed down.  There are few on either of these mailing
lists that if given 10 million dollars could not sit on their ass for
the rest of their lives consuming comfortably and watch their money double
by the time they pass away.

 
> 5. Government is the least efficient means of resolving the problem.  The

   As inefficeint as it is it is really the only effective means.  A
simple 100% inheritance tax would be very helpful as would limitations
on how much property a given individual (and a corporation is a virutal
individual) may own.

 
> 6. No one has given any reason why the dollar following the 10-millionth
> has less claim of ownership than the first 10-million.  You can dislike
> the situation, but I would like to hear a *consistent* theory of property
> rights that holds a sliding scale of claim based on volume.  Does the
> grocer with 200 tomatoes need to give away 20 because a store down the
> street has only 180?  What if the situation is reversed the next day?


  Well the original issue we were discussing was the fact that
a majority of wealth in the US in not earned--it is inherited.  That
can be changed very quickly with proper legislation.

  As to your other issue here--earnings and limitations on accumulation,
much would be equalized without inheritance.  But yes--there would
still be accumulators--most would still produce regardless of
limits because as I said their motives are not simply income--power,
prestige, etc. all come in to play as well as the gratification that
comes with winning.  Gates enjoys his cover on Time Mag. much more
than a few extra million a day.

  But the basic answer to your argument--from my standpoint--is that
some people are extremely intellegent, others very gifted in other
ways, others very dull witted, etc.  Some possess artistic genius
that can pay off immediately, others have none that is valued dollar
wise by society.  I sincerly don't believe one has the right to
live better than the other--that the rewards, if different, sould
be negligable.  

  If I could make as much as I do know programming by working as
a clerk in a convenience store or whatever I would still choose to
do what I am doing.  If you are in a different situation you're
in the wrong career.

                            Steve





From zerkle at cs.ucdavis.edu  Tue Nov 26 19:26:59 1996
From: zerkle at cs.ucdavis.edu (Dan Zerkle)
Date: Tue, 26 Nov 1996 19:26:59 -0800 (PST)
Subject: Another Nutty Idea about SPAM
Message-ID: <9611270326.AA20816@toadflax.cs.ucdavis.edu>


(apologies if this appears twice...I'm easily confused)

> From: ichudov at algebra.com (Igor Chudov @ home)

> It is not illegal to make unsolicited phone calls. People must
> take an _action_ (request to be removed from call lists) in order
> not to be bothered.

Yes.  However, there is an organization that will send out such
a list to a large number of big companies that do telemarketing.
If any of those companies call any of the people on the list, they
each send a bill for $100.  If the bill isn't paid, they sue for
the money.  They always get the money.

The telemarketers really hate these people, which means that they
are doing their job.

So, for the spammers, what I'm proposing is not that people *need*
to take action to avoid getting spammed, but that they *can* take
action if they want to get paid for spam.

					-Dan





From attila at primenet.com  Tue Nov 26 20:17:19 1996
From: attila at primenet.com (attila at primenet.com)
Date: Tue, 26 Nov 1996 20:17:19 -0800 (PST)
Subject: Another Nutty Idea about SPAM
In-Reply-To: <199611270037.SAA11474@algebra>
Message-ID: <199611270417.VAA15665@infowest.com>


In <199611270037.SAA11474 at algebra>, on 11/26/96 
   at 06:37 PM, ichudov at algebra.com (Igor Chudov @ home) said:

::Omegaman wrote:
::> Igor Chudov wrote:

::> 
::> Okay fine.  The spammer is "advised" but if he is unscrupulous in the 
::> first place, he'll simply ignore the advice and continue bulk-mailing 
::> to every address he can grab.  

::In which case the spam-fighting mob will harass him.
                                          ^^^^^^^^
        strange choice of words, when I first read it,
    my mind read _harvest_.


::> > Database maintainers could even provide a email filter-bot that would
::> > accept recipient lists by email and send back the same lists, but
::> > WITHOUT addresses that wish not to receive spam. This way stupid
::> > low-tech spammers (who make up the majority) will be able to process
::> > their email lists quickly and easily.
::> 
::> Indeed, stupid low-tech spammers would benefit from such a service if 
::> they wish to honor "do not send" requests.
::>  
        well, I've always figured that people are basically OK 
    until proven otherwise --or their is money involved. 
        then there are lawyers....

--
  maybe there is an analogy:

  militias:   "the only way they'll take my weapon
              is from my cooling, smoking hand...."

  bubba:      "the only way they'll take my executive privileges
              is to impeach me --IF I consent to leave."

            <attila>






From dlv at bwalk.dm.com  Tue Nov 26 20:22:48 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 26 Nov 1996 20:22:48 -0800 (PST)
Subject: Another Nutty Idea about SPAM
In-Reply-To: <199611260706.BAA07407@algebra>
Message-ID: <y791XD7w165w@bwalk.dm.com>


ichudov at algebra.com (Igor Chudov @ home) writes:
> Another nutty idea: to create a database of people who do NOT want to
> receive unsolicited advertisements, and make it widely available.

This is not a nutty idea at all. It's a very good idea.

> The obvious problem is that some very uncsrupulous spammers would want
> to grab this database and use it as a source of email addresses.
>
> This problem has a solution, however: instead of distributing people's
> email addresses, distribute MD5 checksums of their addresses. For
> example, an entry for ichudov at algebra.com would be
>
> 	b51175dae78f25427351d5e3ff43de30
>
> There is no way to guess the original text from an MD5 checksum.

You misspelled SHA. :-)

> Spammers should be advised to exclude all addresses with MD5 checksums from
> that database from the recipient list, and include instructions on how
> to get one added to the database into their spams.
>
> Database maintainers could even provide a email filter-bot that would
> accept recipient lists by email and send back the same lists, but
> WITHOUT addresses that wish not to receive spam. This way stupid
> low-tech spammers (who make up the majority) will be able to process
> their email lists quickly and easily.
>
> This database may be maintained centrally. Users may be able to sign up
> for inclusion into that database by email or by filling out a Web-based
> form. Identity verifications may be done by using cookie protocol.

This was discussed on this mailing list around September. Check the
archives for good ideas how to add wildcards (like *@algebra.com) to
the hashed list.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From attila at primenet.com  Tue Nov 26 21:18:52 1996
From: attila at primenet.com (attila at primenet.com)
Date: Tue, 26 Nov 1996 21:18:52 -0800 (PST)
Subject: Dorthy Denning is a boot-licking fasicist!!!
In-Reply-To: <199611262215.QAA21070@mailhub.amaranth.com>
Message-ID: <199611270518.WAA17658@infowest.com>


In <199611262215.QAA21070 at mailhub.amaranth.com>, on 11/26/96 
   at 03:38 PM, "William H. Geiger III" <whgiii at amaranth.com> said:

[snip]

-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

::Dorthy Denning gave the most pro-government speech I have ever heard. Is
::this clueless bitch on the government payroll?!!
::
        that she is, most assuredly, but you'll never prove it.

::William Reinsch is a lying bastard. Fucking politions!! Fucking
::goverment!! They all deserve a long rope!!
::

::Phil Zimmerman was quite good at attacking the government policies.
::

::<sigh> We are truly a country of fools to have put these jackbooted
::facisit bastards back into office.
::
        is there a different kind that we are permitted to elect?

        I always thought our truth reporting news media, despite their
    control by big money gave us choices, like

            a republican who has the socialist instincts of FDR, or

            a hill-billy pseudo leftist who sounds like he expects his
            subjects to believe he is a "centrist" or

            Harry Brown, a "republican" in sheep's clothing who just
            wants to give the states the federales' right to declare
            justice at our expense.  Harry received less than 300,000
            votes this time --35% of what the last candidate --guess
            ol Harry was the only one who did not fool the people, or

            big ears and deep pockets... not bad. all that money bought
            8% of the disaffected vote.

        the only _constitutionalist_ running for President was Howard
    Phillips.  I might have voted for the first time in my life if he
    had been on the ballot in Utah.

        some democracy, an assemblage of whores.
            unfortunately, we are the whores
        
                    sorry O'Rourk, for masticating your quote.

        australia was settle by English prisoners, mostly bankrupts and
    the like. after the original religious settlers, America was settled
    by every bounder who dream of piracy and the liberty to rape, 
    pillage and burn.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMpvOgr04kQrCC2kFAQE9hQP/SwBElDVDaFOweLChe3vCfIBooDY4TtDJ
oKwDmIYotUvH6a/x5hxJEBJiQB/8h3FGZwtXuxaH6NFN4uzl/QcVsASaGuStIt98
NG/RvemzKYUblgMcTIyAwCnEyCoclG1ve/9XeCggojsnu6CgWhPTP9Ov2snWDc+4
u0wd2UH78CY=
=oSac
-----END PGP SIGNATURE-----


--
  Cyberspace is OUR Freedom.  
    FUCK your CDA!
        -attila

--
  Cyberspace and Information are Freedom!  
    FUCK your WIPO, too. 
        -attila

--
  maybe there is an analogy:

  militias:   "the only way they'll take my weapon
              is from my cooling, smoking hand...."

  prez:       "the only way they'll take my executive privileges
              is to impeach me --IF I consent to leave."

            <attila>
--
  without arms they do not resist; 
    without communication they know not what to resist.
        -attila
--
  one of the few conclusions shared by the enlightened: 
    the absolute, corrosive contempt for our elected officials.
        -attila
--
  Politicians are like diapers.
    They both need prompt and regular replacement, 
    and for the same reason.
        -attila
--
 "In nature, stupidity gets you killed.
   In the workplace, it gets you promoted.
    In politics, it gets you re-elected."
        --attila

--
 "Every government is an assemblage of whores.
   Unfortunately, in a democracy, we are the whores."
        --O'Rourke







From packrat at iinet.net.au  Tue Nov 26 23:09:37 1996
From: packrat at iinet.net.au (Bruce Murphy)
Date: Tue, 26 Nov 1996 23:09:37 -0800 (PST)
Subject: public
In-Reply-To: <v01540b01aebf5a364b89@[164.58.41.89]>
Message-ID: <199611270715.PAA00828@ratbox.rattus.uwa.edu.au>


>>>>> "A" == Amy Rudd <rudd_a at alph.swosu.edu> writes:


A>I am new here, and I was wondering, why are there still stupid, immature
A>people on line who have the audacity, here in the 90's, to still call
A>people a "cocksucking faggot".  I mean no offense here, but please, stop
A>using such offensive words!  Thanks....   As I said, I am new here, and am

<grin> You are probably going to want to see if the mail program you
use will allow you to sort all the mail from this list into a separate
folder. There is so much of it that you will probably start to lose
track of your personal mail.

Apart from that, there are a number of people on the list who very
very rarely ever contribute anything worth reading. There are two
approaches to this: you can learn to recognise the posts and ignore
them, as I do, or again if you mail software allows it, you can get it
to automatially discard posts from these people.

A>a libertarian/anarchist who wants the government to butt out of our
A>lives...I am very interested in privacy, and am also against censorship.  I
A>hope there are others out there who feel as I do, but if not, I guess I'll
A>find out I'm on the wrong place!!   :-)   Anyhow, I hope you can welcome a
A>Cincinnati goth who lives in Oklahoma...thanks!!....Amy

If you can stand the list, you might well get into some interesting
discussions. Give it a try for while though.

A>****************************************************************************
A>*****
A>*
A>*     It's better to regret something you did than something you
A>*                                                          *
A>didn't do.                                             *
A>*                                                                           *
A>*                                                                           *
A>****************************************************************************

Any chance of you cutting the size of your signature down a bit?

B.
--
Packrat (BSc/BE;COSO;Wombat II Designer)
Nihil illegitemi carborvndvm.









From tgkelli at tiger.towson.edu  Tue Nov 26 23:19:13 1996
From: tgkelli at tiger.towson.edu (Kathleen M. Ellis)
Date: Tue, 26 Nov 1996 23:19:13 -0800 (PST)
Subject: Today's hearing (Re: Dorthy Denning is a boot-licking fasicist!!!)
In-Reply-To: <199611262215.QAA21070@mailhub.amaranth.com>
Message-ID: <Pine.SGI.3.93.961127020934.1567B-100000@tiger.towson.edu>


On Tue, 26 Nov 1996, William H. Geiger III wrote:

> Hi,
> 
> I don't know if anyone watched the House Subcomitty on Computers &
> Technology today on C-Span.

I was there today in DC at the hearing.  

> Dorthy Denning gave the most pro-government speech I have ever heard. Is
> this clueless bitch on the government payroll?!!
> William Reinsch is a lying bastard. Fucking politions!! Fucking
> goverment!! They all deserve a long rope!!

Settle down.  Neither of them was _that_ bad... just business as usual.
My favorite Denning remark though, was when PRZ brought up the fact taht
the FBI's latest legislative goal had been to obtain the
capability/permission to wiretap 1% of the population, and she tried to
refute it.  (It was later brought up by an audience member from the ACLU
that Louis Freeh's remarks to those effect were in the congressional
record).

Reinsch's shining moments came when he became so worn down by the
opposition that he made the "look, it was Clinton's order.  He's my boss,
so i just have to do what he says" type of response.

> Phil Zimmerman was quite good at attacking the government policies.

Dan Geer, of Open Market, and (umm...somebody) of Open Vision systems also
did very well.

> <sigh> We are truly a country of fools to have put these jackbooted
> facisit bastards back into office.

Neither Denning nor Reinsch is an elected official.  Any president we
elect, unless they run with a specific pro-crypto plank in their platform
will do the same thing...they're all in bed with the LEA's.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The Semi-Carless Kathleen Ellis    NEW ADDRESS: tgkelli at tiger.towson.edu
I hate the web.			       http://tiger.towson.edu/~tgkelli/
I love encryption.    1996/08/30 Kathleen Ellis <kelli at tiger.towson.edu> 
pub  2047/21853015     F8 D6 96 B2 C6 5A 08 15  43 BE 9E CF 18 8F 1B F0

"Someone tried to get me to run nachos on my box once.  Said it was better
than sunos, more cheese".
						-r4j00g4






From dispatch at cnet.com  Tue Nov 26 23:22:46 1996
From: dispatch at cnet.com (The CNET newsletter)
Date: Tue, 26 Nov 1996 23:22:46 -0800 (PST)
Subject: CNET News Dispatch  November 26th, 1996
Message-ID: <199611270708.XAA06780@central.cnet.com>


***************************************

NEWS.COM DAILY DISPATCH
6:10 p.m. (PT)
Tuesday, November 26, 1996
San Francisco, California, USA

***************************************

WELCOME!

***************************************

The NEWS.COM DAILY DISPATCH highlights the up-to-the minute technology news
presented by NEWS.COM. It tempts readers with coverage of today's hottest
stories, news in the making, (in)credible rumors, and other indispensable
information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

***************************************

CONTENTS

SCOOPS AND TOP STORIES

        The legislation that launched thousands of cyberspace ribbons
        The Nostradamus of the semiconductor market speaketh!
        Comdex sucks! No, it rules! Sucks! Does not! Does so!
        Might that be the virogen.asexual virus in your software?

ANNOUNCEMENTS
     An easy way for you to customize NEWS.COM
     Late-breaking stories just a click away with Desk Top News
     Send us your questions, comments, flotsam, and jetsam

***************************************

SCOOPS AND TOP STORIES

THE LEGISLATION THAT LAUNCHED THOUSANDS OF CYBERSPACE RIBBONS
It's baaaack... The Supreme Court will decide tomorrow whether it should
review the CDA--the legislation cyberspace loves to hate--or simply put it
out to pasture. Swirling around inside this legal vortex are issues of free
speech, the definition of "obscene," and a potential $250,000 fine for
transgressors. Maybe CDA really stands for "Can't download anything..."

   http://www.news.com/News/Item/0%2C4%2C5743%2C00.html?nd

***************************************

THE NOSTRADAMUS OF THE SEMICONDUCTOR MARKET SPEAKETH!
Who better than a Robertson, Stephens semiconductor analyst to take you on a
guided tour of the volatile world of semiconductor stocks? Dan Niles
demystifies the market's plummeting and rising...distinguishes between
trends and blips, and pontificates on where semiconductor stocks are going
in the long run. [Hint: Can you say $275 billion?...]

   http://www.news.com/Perspectives/perspectives.html?ntb.pers?nd

***************************************

COMDEX SUCKS! NO, IT RULES! SUCKS! DOES NOT! DOES SO!
If you've been to Comdex and survived, how did you manage it? NEWS.COM wants
your war stories. We will publish the best five, and the winners--picked on
a totally subjective basis by our editorial staff--will get supercool CNET
T-shirts. Mail suggestions at news.com, and include the words 'Comdex stories'
in the subject of your message. To paraphrase the Prez, "Let us feel yur
paynnne..."

   http://www.news.com/Comdex/?nd

***************************************

MIGHT THAT BE THE VIROGEN.ASEXUAL VIRUS IN YOUR SOFTWARE?
Downloaders of PointCast's version 1.2 got a bit of a shock for their
trouble, namely a Norton antivirus software-generated message that told them
they had contracted a virus with the esoteric moniker "Virogen.asexual."
While the scare isn't in league with the benzene-in-the-Perrier snafu of a
few years back, there were still ruffled feathers that needed smoothing.

   http://www.news.com/News/Item/0%2C4%2C5745%2C00.html?nd

***************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify the
topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1

***************************************

LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on the
Net? Our Desk Top News feature puts our 20 most recent stories right there
on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd

***************************************

SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch at cnet.com

***************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/





From ben at gonzo.ben.algroup.co.uk  Wed Nov 27 00:15:54 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Wed, 27 Nov 1996 00:15:54 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <2.2.32.19961126212424.00cba538@blacklodge.c2.net>
Message-ID: <9611270712.aa22352@gonzo.ben.algroup.co.uk>


Douglas Barnes wrote:
> 
> 
> >>       SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
> >
> >BTW, this doesn't come with source code.
> >
> 
> No, it does not come with source code. Site licenses and OEM
> bundling packages will come with a source code option. Partners
> who work with us in internationalizing the product may also
> receive source code. However, it did not seem to be useful or
> appropriate for a consumer-level product like this.
> 
> We are trying to find a happy medium between making sure that the
> security is well-reviewed, and doing things that make business
> sense and map onto standard industry practice for selling software
> products. 

Really? Who reviewed the security of SafePassage?

> 
> Note that SafePassage uses SSLeay for its encryption and SSL
> protocol layer; SSLeay has publicly available source code, and has 
> been extensively reviewed.

I've never seen a security review of SSLeay, and if anyone gave it a clean bill
of health, they didn't have their eye on the ball. Note, I'm not knocking
SSLeay here, it is a wonderful lump of code, but it hasn't been written with
security in mind (IMHO).

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From firstpr at ozemail.com.au  Wed Nov 27 03:55:08 1996
From: firstpr at ozemail.com.au (Robin Whittle)
Date: Wed, 27 Nov 1996 03:55:08 -0800 (PST)
Subject: Dorthy Denning is a boot-licking fasicist!!!
Message-ID: <199611271154.WAA26338@oznet02.ozemail.com.au>


William H. Geiger III <whgiii at amaranth.com> wrote:

> Dorthy Denning is a boot-licking fasicist!!!

> Dorthy Denning gave the most pro-government speech I have ever
> heard. Is this clueless bitch on the government payroll?!!

Spelling please!  "Dorothy".  She is a US academic.

It may be emotionally satisfying to rail against (what for us may be
evident as) the wickedness and stupidity of our opponents.

I did not see the testimony, so I can't comment on it.

However I believe that Dorothy Denning is motivated as much as many of
us by the desire for a healthy society.  The sharp difference in
crypto policy can probably be explained by a differing understanding
of:

1 - The likely behaviour of professional criminals, normal people,
    government officials and criminal government officials in the
    future with various forms of crypto system.

2 - Different levels of trust and fear regarding crime in general,
    big-time crime in particular and the use and abuse of law 
    enforcement and other government powers.

3 - Probably other things too.


I think that there are different personality types at work here. 
Adding to that is the tendency for governments to employ people who
generally trust governments, their desire to perpetuate their former
abilities to detect and deter crime and especially the problem of
*groupthink*.

Groupthink is the tendency for like minded individuals to reject
uncomfortable notions, and so develop a seriously inadequate
understanding of reality.

JFK admitted they were stupid to commence the Bay of Pigs invasion. 
Clinton will probably say the same thing about crypto export controls.

There is clear evidence that, being surrounded by like minded 
advisers, both presidents were the victims of groupthink.

If we nod our heads to "Dorthy Denning is a boot-licking fasicist!!!"
then we too are succumbing to groupthink.

See:

   http://www.ozemail.com.au/~firstpr/crypto/oecd_dr.htm

for Dorothy Denning's response to my challenge for justifying costs of
key-escrow/recovery against the likely benefit in crime reduction. I
don't think it is a very strong response, and while many on this list
will know more about her than I do, her response does not strike me as
the work of someone who is unintelligent, uninterested in the future
of society or a fascist.

The net result of various misunderstandings (such as Clinton and Co.
must have about the freely available nature of strong crypto) may well
be stupidity on a grand scale.

There are personality types who lean away from privacy and towards
dangerous levels of government control.  I think this can be amplified
by the circumstances in which these people work - and groupthink is a
big part of that.  

oecd_dr.htm is a recent draft of some OECD crypto work, with my
comments, especially concerning the likely behaviour of criminals
communicating both with other criminals and with non-criminals.  It
also has some information on an essay by Irving L. Janis called "Group
Think" which I recommend to everyone who is involved in policy
debates.

- Robin





. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr at ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .





From snow at smoke.suba.com  Wed Nov 27 04:16:47 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 27 Nov 1996 04:16:47 -0800 (PST)
Subject: Today's hearing (Re: Dorthy Denning is a boot-licking fasicist!!!)
In-Reply-To: <Pine.SGI.3.93.961127020934.1567B-100000@tiger.towson.edu>
Message-ID: <199611271234.GAA03465@smoke.suba.com>


> On Tue, 26 Nov 1996, William H. Geiger III wrote:
> > Dorthy Denning gave the most pro-government speech I have ever heard. Is
> > this clueless bitch on the government payroll?!!
> > William Reinsch is a lying bastard. Fucking politions!! Fucking
> > goverment!! They all deserve a long rope!!
> Settle down.  Neither of them was _that_ bad... just business as usual.

     Business as usual is _that_ bad.

> > <sigh> We are truly a country of fools to have put these jackbooted
> > facisit bastards back into office.
> 
> Neither Denning nor Reinsch is an elected official.  Any president we
> elect, unless they run with a specific pro-crypto plank in their platform
> will do the same thing...they're all in bed with the LEA's.

     Well, it's been said before, you are know by the company you keep. 

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From jim at santafe.arch.columbia.edu  Wed Nov 27 04:40:47 1996
From: jim at santafe.arch.columbia.edu (Jim Wise)
Date: Wed, 27 Nov 1996 04:40:47 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961126110818.4290A-100000@deimos.ceddec.com>
Message-ID: <Pine.NEB.3.94.961127071424.513A-100000@localhost>


On Tue, 26 Nov 1996, Tom Zerucha wrote:

> 2. In a socialist society wealth is confiscated at gunpoint.  In a
> capitalist society, I have to provide something that you want more than
> your wealth in order to obtain it.  Bill Gates has lots of money because

You are confusing the difference between capitalism and socialism with that
between authoritarianism and anarchism.  If you think that money isn't taken
at gunpoint in this society, try not paying taxes for a while...  Or more
subtly and more brutally, try not paying for food and shelter for a while...

Conversely to suggest that all socialist economies rely on state enforcement
contradicts generations of communal life among groups such as the Amish...

A more accurate division, if you are looking for sweeping generalizations,
is to say that all statist systems (and it is immaterial to me whether the
state calls itself a `government', a `collective', or a `corporation')
sustain themselves by theft, while in a free society, a more open system
is possible.

Were a truly free society to exist, you or I could choose our own economic
system, rather than being coerced into whatever system is profitable for
those currently in power.  I tend to believe that a communal existance
under such circumstances would be ideal.  I suspect you would seek for
capitalism.  So be it.  Of course, whether a system such as ours could
survive without the national guard, an army, and a police state to keep the
lower classes in line is another question...

> 4. When you say wealth isn't being transferred, it is also generally
> untrue.  While someone may be controlling it, their control is usually not

Each year a smaller percentage of the population controls a larger percentage
of the wealth, while the income and holdings of the average citizen drops.
Wealth certainly is being transferred...  In the wrong direction.

> 5. Government is the least efficient means of resolving the problem.  The

I doubt you'll find very many (any?) on cypherpunks who would contest this.
Again, you are confusing the difference between socialism and capitalism
with that between statism and anarchism.

> current welfare system is such that simply transferring the budget of all
> the programs would make every poor person middle class.  Confiscating the
> wealth of the rich would likely be used employ more people generating
> endless debates about who to give it to, than actual beneficiaries.  You

Actually there are plenty of beneficiaries.  Mostly corporate.

You do realize, I assume, that three times as much of your tax money goes
to corporate welfare than to actual welfare...
[Source: Michael Moore, ``Big Welfare Mamas'', in _Downsize_This_, NY 1996]

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From olbon at ix.netcom.com  Wed Nov 27 05:21:01 1996
From: olbon at ix.netcom.com (Clay Olbon II)
Date: Wed, 27 Nov 1996 05:21:01 -0800 (PST)
Subject: wealth and property rights
Message-ID: <1.5.4.32.19961127131858.006ebe30@popd.ix.netcom.com>


At 09:08 PM 11/26/96 -0500, Stephen Boursy <boursy at earthlink.net> wrote:
>  I sincerely don't believe that.  If you look at your above
>examples, or Bill Gates below, much of their motivation is not
>the accumulation of weath per se but rather power and performance.
>I know I would do much the same job (not that I'm in the wealthy)
>even if the salary were more or less--I enjoy it (I'm a programmer).
>Same is true for education--much of the motivation is either 
>intrinsic or status oriented and has little or nothing to do with
>marketablity.

This is provably bullshit.  Look at the HUGE numbers of people in this
country who make the economic decision to do nothing and go on welfare vs.
going to work.  Examine carefully the economic performance of the US vs the
Soviet Union - two countries with quite similar natural resources and
population.  To believe as you do belongs in the same category as believing
in the tooth fairy and Santa Claus.  It requires complete ignorance of reality.

>> In a capitalist society, I have to provide something that you want 
>> more than your wealth in order to obtain it.  
>
>  That's true--as with all labor--but it is a matter of scale.  
>Gates would do the same thing if you limited his income just
>for the sake of power accumulation--he's got all the money
>he could ever consume.  That's not his real motive.

More bullshit.  You don't know what anyones motives are.  To ascribe your
motivations to Bill Gates is unrealistic.  

What is your defined limit on what people should earn?  A thought
experiment.  The govt decides that the maximum anyone can earn in a lifetime
is $10M.  Bill Gates earns his $10M, he then decides that he doesn't feel
like working for free, so he quits.  Pretty soon, the people most effective
at creating wealth in society will all "reach their limit" and quit.  Then
the economic growth rates in this country can approach those of the
socialist societies that you seem to adore.  Either that or the best and
brightest will leave.  
 

>> 5. Government is the least efficient means of resolving the problem.  The
>
>   As inefficeint as it is it is really the only effective means.  A
>simple 100% inheritance tax would be very helpful as would limitations
>on how much property a given individual (and a corporation is a virutal
>individual) may own.

See my above points.  Implement this and prepare the for US to become a
third world country.  100% inheritance taxes would probably be the largest
incentive for people to leave (they leave now with ONLY a 50% inheritance
tax).  And who would get the money?  Those who are producing nothing, giving
them even greater incentives for producing nothing (heck, get welfare
payments up around $50K and I would quit work - I could find lots of
enjoyable and intellectually stimulating ways to keep myself busy!).


>  As to your other issue here--earnings and limitations on accumulation,
>much would be equalized without inheritance.  But yes--there would
>still be accumulators--most would still produce regardless of
>limits because as I said their motives are not simply income--power,
>prestige, etc. all come in to play as well as the gratification that
>comes with winning.  Gates enjoys his cover on Time Mag. much more
>than a few extra million a day.

Bullshit.  See above.

>  But the basic answer to your argument--from my standpoint--is that
>some people are extremely intellegent, others very gifted in other
>ways, others very dull witted, etc.  Some possess artistic genius
>that can pay off immediately, others have none that is valued dollar
>wise by society.  I sincerly don't believe one has the right to
>live better than the other--that the rewards, if different, sould
>be negligable.  
>
>  If I could make as much as I do know programming by working as
>a clerk in a convenience store or whatever I would still choose to
>do what I am doing.  If you are in a different situation you're
>in the wrong career.

You are extremely idealistic.  Try coming back to reality.  Examine the
"test cases" for the policies you advocate (and there are plenty of examples
of socialist policies both in this country and others) - and realistically
assess the consequences.  If you do this, you will find that these policies
are unworkable, and lead to lower - not higher standards of living for
everyone.  

        Clay
*******************************************************
Clay Olbon			    olbon at ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl






From ca3sal at isis.sunderland.ac.uk  Wed Nov 27 05:23:45 1996
From: ca3sal at isis.sunderland.ac.uk (Stephen.George.Allport)
Date: Wed, 27 Nov 1996 05:23:45 -0800 (PST)
Subject: [CRYPTO] Bank Cards, Interac, Bank Machines, etc
Message-ID: <199611271317.NAA04913@cis506.cis.sund.ac.uk>


There was someone jailed a couple of months ago in the UK for ATM fraud.
He and his mates set up cameras watching people type in there PIN number and 
then manufatered dummy cards. I will try and dig out any more info.

Ste





From omega at bigeasy.com  Wed Nov 27 05:35:57 1996
From: omega at bigeasy.com (Omegaman)
Date: Wed, 27 Nov 1996 05:35:57 -0800 (PST)
Subject: Another Nutty Idea about SPAM
In-Reply-To: <199611270417.VAA15665@infowest.com>
Message-ID: <Pine.LNX.3.95.961127083929.386A-100000@jolietjake.com>


On Wed, 27 Nov 1996 attila at primenet.com wrote:

>         well, I've always figured that people are basically OK 
>     until proven otherwise --or their is money involved. 
>         then there are lawyers....
> 

</devil's advocate mode>

That's the crux of my point.  The spammer's fundamental motivation is money.
People who don't want to receive bulk mailings won't spend money with the
spammers.  However, many spammers don't see it that way.  "What's in it for
me?"  ie. who's gonna pay the spammer for NOT sending his bulk e-mail just
because some folks don't want it.

</end devil's advocate mode>

me
_______________________________________________________________
 Omegaman <mailto:omega at bigeasy.com> 
  PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
                        59 0A 01 E3 AF 81 94 63 
 Send e-mail with "get key" in the "Subject:" 
 field to get a copy of my public key
_______________________________________________________________







From nobody at cypherpunks.ca  Wed Nov 27 05:57:47 1996
From: nobody at cypherpunks.ca (John Anonymous MacDonald)
Date: Wed, 27 Nov 1996 05:57:47 -0800 (PST)
Subject: No Subject
Message-ID: <199611271348.FAA32168@abraham.cs.berkeley.edu>


Does anyone have any experience with this product she/he would like to share? This is the Win95 model.

:Stealth Encryptor

:Stealth Encryptor offers the following functions: 

:    Stealth Encryptor, List Mode 
:    Stealth Encryptor, Browser Mode 
:    Important Files Backup with auto encryption 
:    File Shredder 
:    E-Mail Encryptor 
:    Drag and Drop support 
:    Dockable Toolbar 
:    Stealth Media Encryption, super speed for large image, multimedia and exe files 
:   DES encryption 
:    32 bit performance, compatible with Windows 95 and Windows NT 

:http://www.tropsoft.com/stealth

Many thanks.

A c'punks survivor (so far)!





From stronghold at ukweb.com  Wed Nov 27 06:08:18 1996
From: stronghold at ukweb.com (SafePassage Downloader)
Date: Wed, 27 Nov 1996 06:08:18 -0800 (PST)
Subject: Your login/password for SafePassage beta
Message-ID: <199611271407.OAA14579@www.ukweb.com>


You can now download SafePassage. You'll need the following login/password:

Login: cypherpunks at toad.com
Password: 2xLBsxut

Go to http://stronghold.ukweb.com/safepassage/ and select "Download" -- 
you'll be prompted for your login/password, after which you'll be able to
download the software.   Make sure you keep your login/password
private.   Revealing your login/password to anyone is a violation of the
license agreement.







From jaltarri at lix.intercom.es  Wed Nov 27 07:05:40 1996
From: jaltarri at lix.intercom.es (josep)
Date: Wed, 27 Nov 1996 07:05:40 -0800 (PST)
Subject: No Subject
Message-ID: <v02140b00aec20a12e611@[194.179.122.140]>


unsuscribe cypherpunks jaltarri at lix.intercom.es







From whgiii at amaranth.com  Wed Nov 27 07:12:46 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Wed, 27 Nov 1996 07:12:46 -0800 (PST)
Subject: Today's hearing (Re: Dorthy Denning is a boot-licking fasicist!!!)
In-Reply-To: <199611271234.GAA03465@smoke.suba.com>
Message-ID: <199611271626.KAA30854@mailhub.amaranth.com>


In <199611271234.GAA03465 at smoke.suba.com>, on 11/27/96 
   at 06:34 AM, snow <snow at smoke.suba.com> said:

>> On Tue, 26 Nov 1996, William H. Geiger III wrote:
>> > Dorthy Denning gave the most pro-government speech I have ever heard. Is
>> > this clueless bitch on the government payroll?!!
>> > William Reinsch is a lying bastard. Fucking politions!! Fucking
>> > goverment!! They all deserve a long rope!!
>> Settle down.  Neither of them was _that_ bad... just business as usual.

>     Business as usual is _that_ bad.

>> > <sigh> We are truly a country of fools to have put these jackbooted
>> > facisit bastards back into office.
>> 
>> Neither Denning nor Reinsch is an elected official.  Any president we
>> elect, unless they run with a specific pro-crypto plank in their platform
>> will do the same thing...they're all in bed with the LEA's.

>     Well, it's been said before, you are know by the company you keep. 

<sigh> well after my survivalist training & military training in the '80's
I thought I was well prepaired for those dam Ruskies. Seems the way things
are going I am going to need them for those dam Americans. Who Knew

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii at amaranth.com>
-----------------------------------------------------------






From mycroft at actrix.gen.nz  Wed Nov 27 07:12:56 1996
From: mycroft at actrix.gen.nz (Paul Foley)
Date: Wed, 27 Nov 1996 07:12:56 -0800 (PST)
Subject: Bounty Server, Revisited.
In-Reply-To: <199611261946.NAA05804@bigeasy.com>
Message-ID: <199611271319.CAA15233@mycroft.actrix.gen.nz>


On Tue, 26 Nov 1996 13:48:47 +0000, "Omegaman" wrote:

   >      graphics editing software, easy to use Graphic Design Software (TeX
   >      is NOT easy to use) and easy to use Cryptographic software. 

TeX *may* not be easy to learn (the price of The TeXBook is well worth
it), but it's not hard to use.  It's not suited to graphic-laden
documents, though.

   many would pay good money for Linux native versions of programs like 
   Wordperfect, Corelpaint & draw, Pagemaker , etc.

WordPerfect, at least, is available (from Caldera).  And then there
are the ApplixWare and StarOffice suites.  I've been hearing rumours
about CorelDraw for quite a while, but nothing concrete yet AFAIK, and
Corel are supposed to be doing a Java-based office suite that will run
under Linux+JDK.

-- 
Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Mandrell: "You know what I think?"
Doctor:   "Ah, ah that's a catch question. With a brain your size you
	  don't think, right?"
		-- Dr. Who





From dlv at bwalk.dm.com  Wed Nov 27 07:18:46 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 07:18:46 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <199611270201.SAA29256@mark.allyn.com>
Message-ID: <4g12XD8w165w@bwalk.dm.com>


Mark Allyn 206-860-9454 <allyn at allyn.com> writes:

> Are any of the characters in the new Star Trek gay?

The bold guy who plays Captain Picard is very gay in real life.
(He probably hated all those love episodes with women :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From whgiii at amaranth.com  Wed Nov 27 07:24:04 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Wed, 27 Nov 1996 07:24:04 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <009ABBF7.ACB06A80.64@SPRUCE.HSU.EDU>
Message-ID: <199611271638.KAA30991@mailhub.amaranth.com>


In <009ABBF7.ACB06A80.64 at SPRUCE.HSU.EDU>, on 11/22/96 
   at 12:18 PM, jc105558 at spruce.hsu.edu said:

>> Btw, people of your mentality (communists/socialists) already make it
>> very difficult for me to accumulate, due to the exhorbitant tax rates
>> to support those who chose to blow their money as soon as they have
>> it

>I don't necessarily want to support "socialism" nor "capitalism". Both
>are extremes of a situation which does no one any good to exist. 

>However, I would question the implication that "socialists" are
>responsible for the higher tax rates you currently experience.  

>For example, I could make a strong case that you really have some clever
>"capitalists" who have learned how to express their
>"capitalism" quite effectively across the space of all people in a
>"country".

What a crock!!

socialist/communist are theifs; plain & simple. They beleive they have the
right to steal from one to give to another. 

capitalists beleive in an exchange in property/services at a rate the
market will bare.

socialists example: You have somthing I want/need & I am going to take it
from you.

capitalists example: You have somthing I want/need what can I give you in
exchange.

socialism uses FORCE to take what it wants while the capitilism you have a
free & volintary exchange.

why is this so hard to understand??

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii at amaranth.com>
-----------------------------------------------------------






From kozubik at shoelace.FirstLink.com  Wed Nov 27 07:25:34 1996
From: kozubik at shoelace.FirstLink.com (John Kozubik)
Date: Wed, 27 Nov 1996 07:25:34 -0800 (PST)
Subject: your mail
In-Reply-To: <199611262152.WAA01587@basement.replay.com>
Message-ID: <Pine.SOL.3.91.961127081839.6595A-100000@shoelace.FirstLink.com>



> >> This betrays your ignorance.  I.Q. is scaled according to age.  One does
> >> not "improve."

I am new to the list, and I was going to just sit and absorb for a few 
weeks, but....

Yes, the IQ scale that we generally refer to is based on age, ie. a 10 
year old and a 5 year old that perform equally will have different IQ scores.

However, it is now generally accepted in the psychology field that your 
brain can degrade or improve over time based on the stresses placed upon 
it.  Basically what this means is that your brain is like a muscle, and 
the more you use it, the higher your IQ becomes.

Contrary to popular armchair psychology, there is no significant evidence 
that IQ and age are inversely related.  In general, however, the older we 
get, the less we use our brain, and it becomes like a muscle that we no 
longer use.

The point: Yes, you can improve your brain, and you can take proactive 
steps to increase your IQ.

(back to lurk mode)





From pavelk at dator3.anet.cz  Wed Nov 27 07:28:57 1996
From: pavelk at dator3.anet.cz (Pavel Korensky)
Date: Wed, 27 Nov 1996 07:28:57 -0800 (PST)
Subject: Sound card as a random number source ??
Message-ID: <199611271529.QAA00236@zenith.dator3.anet.cz>


Hello,

when I read about hardware random number generators in this mailing list, I got
one idea. Maybe it sounds crazy, but is it possible to use soundcard
(SoundBlaster for example) as a source for really random numbers ?
What if I connect the input line of the soundcard with some external source of
noise, like FM receiver or Dolby Surround decoder (with built-in white noise
generator) or tape recorder with blank (erased) tape. It is possible to sample
the sound (noise) and use the sampled values as a random numbers ? And how much
random is this source ? 
I tried to find some mentions about this method with altavista, but I didn't
found anything.

Bye PavelK


--
****************************************************************************
*                    Pavel Korensky (pavelk at dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************





From droelke at rdxsunhost.aud.alcatel.com  Wed Nov 27 07:34:52 1996
From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke)
Date: Wed, 27 Nov 1996 07:34:52 -0800 (PST)
Subject: TIA Invites
Message-ID: <9611271528.AA15128@spirit.aud.alcatel.com>



> From: John Young <jya at pipeline.com>
>
> A rep of the Telecommunications Industry Association
> telephoned to say that TIA has invited authority to 
> investigate disclosure of TIA's TR45.3 to the unworthy.
> 
> 

Did I miss something... What is this disclosure of TR45.3 about?

------------------------------------------------------------------
Dan Oelke                                  Alcatel Network Systems
droelke at aud.alcatel.com                             Richardson, TX






From nobody at huge.cajones.com  Wed Nov 27 07:52:25 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Wed, 27 Nov 1996 07:52:25 -0800 (PST)
Subject: Dorthy Denning is a boot-licking fasicist!!!
Message-ID: <199611271552.HAA29224@mailmasher.com>


"William H. Geiger III" <whgiii at amaranth.com> writes:

>I don't know if anyone watched the House Subcomitty on Computers &
>Technology today on C-Span.

No, we watched 'Dorothy does Georgetown" on C-Spam.

>Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing
>computer security.
>
>Dorthy Denning gave the most pro-government speech I have ever heard. Is
>this clueless bitch on the government payroll?!!

Yes.

>William Reinsch is a lying bastard. Fucking politions!! Fucking
>goverment!! They all deserve a long rope!!

Start with Socks the queer cat.

>Phil Zimmerman was quite good at attacking the government policies.
>
><sigh> We are truly a country of fools to have put these jackbooted
>facisit bastards back into office.

"Dorothy Denning" is a man in drag. "She" has a bigger dick that
"her" boyfriend John Gilmore, the cocksucker faggot from EFF.

>-----------------------------------------------------------
>"William H. Geiger III" <whgiii at amaranth.com>
>-----------------------------------------------------------

Just say GAK to chicks with dicks!

diGriz





From snow at smoke.suba.com  Wed Nov 27 07:53:46 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 27 Nov 1996 07:53:46 -0800 (PST)
Subject: Today's hearing (Re: Dorthy Denning is a boot-licking fasicist!!!)
In-Reply-To: <199611271624.KAA30828@mailhub.amaranth.com>
Message-ID: <199611271610.KAA00236@smoke.suba.com>


>    at 06:34 AM, snow <snow at smoke.suba.com> said:
> >     Well, it's been said before, you are know by the company you keep. 
> <sigh> well after my survivalist training & military training in the '80's
> I thought I was well prepaired for those dam Ruskies. Seems the way things
> are going I am going to need them for those dam Americans. Who Knew

      Some people kinda suspected it would happen. I mean, when I was 
in the military, and I looked at the goons I was serving with, I realized
what the enemy was.


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From mpd at netcom.com  Wed Nov 27 10:10:24 1996
From: mpd at netcom.com (Mike Duvos)
Date: Wed, 27 Nov 1996 10:10:24 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
Message-ID: <199611271810.KAA02393@netcom17.netcom.com>


William H. Geiger III writes:

 > Dorthy Denning is a boot-licking fasicist!!!

 > William Reinsch is a lying bastard. Fucking politions!!
 > Fucking goverment!! They all deserve a long rope!!

It is perhaps a point in Dr. Denning's favor that her most
vitriolic detractors can spell neither "Dorothy" nor "fascist".

I must admit that I am at a loss to understand the heat which
Dorothy Denning generates on the Cypherpunks list, which seems to
be second only to the heat generated by posting recipes for roast
feline in rec.pets.cats.

All of the people I know who have met her find her to be a
pleasant person, and the occasional Email messages we have
exchanged have certainly been positive and friendly.  While she
tends to view the Four Horsemen of the Infocolypse as a bit more
threatening than the typical Cypherpunk, I don't think her views
are so extreme as to justify the continuous screams of "crypto
toady", "government suckup", and "wicked witch" which seem to pop
up in response to her every utterance.

I would even go so far as to say that this list would be a lot
more entertaining if she were contributing to it, and sci.crypt
is certainly a less interesting place now than it was in bygone
days when she was posting there.

Perhaps Tim can add his own thoughts to this thread. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From dbell at maths.tcd.ie  Wed Nov 27 10:34:41 1996
From: dbell at maths.tcd.ie (Derek Bell)
Date: Wed, 27 Nov 1996 10:34:41 -0800 (PST)
Subject: Dorthy Denning is a boot-licking fasicist!!!
In-Reply-To: <199611271154.WAA26338@oznet02.ozemail.com.au>
Message-ID: <9611271834.aa13916@salmon.maths.tcd.ie>


-----BEGIN PGP SIGNED MESSAGE-----


In message <199611271154.WAA26338 at oznet02.ozemail.com.au>, Robin Whittle writes
:
>It may be emotionally satisfying to rail against (what for us may be
>evident as) the wickedness and stupidity of our opponents.

	Indeed, making a habit calling anyone who disagrees with your
stance leads to kneejerk behaviour, like that which is probably behind
key-escrow (and the CDA, but that's not the point).

>If we nod our heads to "Dorthy Denning is a boot-licking fasicist!!!"
>then we too are succumbing to groupthink.

	Good point and a thoughtful post too!

	Derek

Derek Bell  dbell at maths.tcd.ie                | "Donuts - is there _anything_
WWW: http://www.maths.tcd.ie/~dbell/index.html|        they can't do?"
PGPkey: http://www.maths.tcd.ie/~dbell/key.asc|        - Homer Simpson



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAgUBMpyJnlXdSMogwMcZAQE14AP/UC7LfVgaGcXe/ojkq+Ci6p3ZrFEkUI46
VRTeEl8cvTtO5vojlJdY8Xok9bRytiE0jf1XqI7v++ixWauTL4ui4ef3sKYYZZ1L
Ivd14DHviv9C5VKmnehrk5ZSJP1ns7HuA0nK742M09Q1eRXkeVgss4ykTCi1Oafg
122wnIi2BVc=
=+9Wg
-----END PGP SIGNATURE-----





From security at kinch.ark.com  Wed Nov 27 10:51:30 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Wed, 27 Nov 1996 10:51:30 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <1.5.4.32.19961127131858.006ebe30@popd.ix.netcom.com>
Message-ID: <Pine.LNX.3.95.961127104249.550B-100000@kinch.ark.com>


On Wed, 27 Nov 1996, Clay Olbon II wrote:
> 
> This is provably bullshit.  Look at the HUGE numbers of people in this
> country who make the economic decision to do nothing and go on welfare vs.
> going to work.  Examine carefully the economic performance of the US vs the

I don't know how much people get on welfare in your country but I
suspect that it is even less than in this country (Canada). Anyone who
truly believes that people make the `economic decision to do nothing and
go on welfare vs. going to work' has, in my opinion, no &^%* idea what
they are talking about. Just try to *live* on a welfare wage for a few
months to see how silly this thought is. While there may well be a few
`welfare-moms' (which is not necessarily a bad thing, taking care of
children is an investment for society), the vast majority of people on
welfare (at least here)  would *much* rather get a decent job and work
for their money. There are, perhaps, a few people who would rather not
work for minimum wage (who find it impossible to feed their family on
that) but I suspect that those folks are few and far between. 

[...]
 
> More bullshit.  You don't know what anyones motives are.  To ascribe your
> motivations to Bill Gates is unrealistic.  

But you claim to know the motives of those on welfare: pot->kettle->black

Just to be clear, I don't really agree with the original points being
made, but your views seem just as far off as the ones you are opposing, 
perhaps further. 

cheers, kinch







From trei at process.com  Wed Nov 27 10:56:38 1996
From: trei at process.com (Peter Trei)
Date: Wed, 27 Nov 1996 10:56:38 -0800 (PST)
Subject: NIST seeks DES replacement.
Message-ID: <199611271856.KAA12134@toad.com>


See:

http://www.fcw.com/pubs/fcw/1111/des.htm

Federal Computer Week, Nov 11, 1996.

"DES set for overhaul." by HEATHER HARRELD

The content is kind of thin, but it amounts to a statement that
NIST is preparing a Federal Register request for a successor to
DES. Most the article concerns the termendous hassle replacing
DES will be for government agencies (FCW is a trade rag for people
working with computers in the Federal and State sectors - I used to
get it when I was at MITRE.)

There's a truely clueless comment at the end, where Mike Schwartz
of "Prime Factors Inc., an Oregon-based security firm" is quoted
as saying "...DES shows no signs of weakening."

-----------------------------

While 3DES-EDE is the obvious replacement, it would be far from an
easy switch, since there are a huge number of fielded devices for 
handling the 64 bit single DES keys.

I wonder how good a drop-in replacement could be made
if the goal was to NOT have to replace the key handling 
infrastructure - just replace a single software module or chip.

If we use the bits currently devoted to parity in DES keys for
actual key data, we gain 8 bits, or a factor of x256 in the keyspace.

If we further complicate the key schedule setup, so it's much slower 
than DES in both hardware and software (lots of rotates, multiplies, 
state, etc), we can make life a lot more difficult for brute force attacks.

Maybe some version of Blowfish, using the same key twice - I have
not studied Blowfish, so I don't know if this introduces an obvious
weakness.

Happy Thanksgiving!

Peter Trei
trei at process.com

Peter Trei
Senior Software Engineer
Purveyor Development Team                                
Process Software Corporation
http://www.process.com
trei at process.com





From jw250 at columbia.edu  Wed Nov 27 11:17:59 1996
From: jw250 at columbia.edu (Jim Wise)
Date: Wed, 27 Nov 1996 11:17:59 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <1.5.4.32.19961127131858.006ebe30@popd.ix.netcom.com>
Message-ID: <Pine.SUN.3.95L.961127135907.23624C-100000@aloha.cc.columbia.edu>


On Wed, 27 Nov 1996, Clay Olbon II wrote:

> This is provably bullshit.  Look at the HUGE numbers of people in this
> country who make the economic decision to do nothing and go on welfare vs.
> going to work.  Examine carefully the economic performance of the US vs the

Actually, at the risk of interrupting your little diatribe, the average
welfare recipient is on the dole for under 4 months.  While we're on the
subject, I may as well point out that the average welfare recipiant is also
white, lives in a lower-middle class suburban neighborhood, and has two or
fewer children, but you'd never know it from watching the pols...

At any rate, as I mentioned in my last post, you and I are paying three times
as much to corporate welfare as to personal welfare...

[Source: Michael Moore _Downsize_This_, NY Crown Books, 1996]

> See my above points.  Implement this and prepare the for US to become a
> third world country.  100% inheritance taxes would probably be the largest
> incentive for people to leave (they leave now with ONLY a 50% inheritance

Actually, the US has one of the lowest tax rates in the world, and far
less of your tax money goes to welfare (or foreign aid, or disaster relief,
etc.) than in any other industrialized nation...

[ibid]

> tax).  And who would get the money?  Those who are producing nothing, giving

Yes, your taxes do go to those who are producing nothing, namely a bunch of
CEOs and wealthy shareholders

> them even greater incentives for producing nothing (heck, get welfare
> payments up around $50K and I would quit work - I could find lots of
> enjoyable and intellectually stimulating ways to keep myself busy!).

Or welfare payments of up to $500 million at a shot, if you happen to be GE, or
General Motors...

> Bullshit.  See above.

You keep using that word...  I do not think it means what you think it means...

> You are extremely idealistic.  Try coming back to reality.  Examine the
> "test cases" for the policies you advocate (and there are plenty of examples
> of socialist policies both in this country and others) - and realistically

The only examples of large-scale socialism we have are in extremely statist
environemnts.  Statism is brutal and innefficient no matter what economic
system it pays lip service to.

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From markm at voicenet.com  Wed Nov 27 11:23:41 1996
From: markm at voicenet.com (Mark M.)
Date: Wed, 27 Nov 1996 11:23:41 -0800 (PST)
Subject: Sound card as a random number source ??
In-Reply-To: <199611271529.QAA00236@zenith.dator3.anet.cz>
Message-ID: <Pine.LNX.3.95.961127142046.562A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, Pavel Korensky wrote:

> when I read about hardware random number generators in this mailing list, I got
> one idea. Maybe it sounds crazy, but is it possible to use soundcard
> (SoundBlaster for example) as a source for really random numbers ?
> What if I connect the input line of the soundcard with some external source of
> noise, like FM receiver or Dolby Surround decoder (with built-in white noise
> generator) or tape recorder with blank (erased) tape. It is possible to sample
> the sound (noise) and use the sampled values as a random numbers ? And how much
> random is this source ? 

The LSBs of a recording of white noise or static should be pretty random.
This should not be your only source of entropy as it's very easy for an
attacker to bias the signals.  If a one-way hash is applied to the output, it
does make it much more difficult for an attacker to predict or influence the
RNG.

Mark
- - -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMpyV2SzIPc7jvyFpAQF8+ggAvRmoEaJqaK80j1RxKAp7Y44gjKxWlVPd
pZlD+9P8bwoKQWZsMtKwG790d34ebmqnDVm6ES9mcp2HI1lqHrjDub6+dBPZyRjo
+NPhdtRmLZ4iqzE9n0xAPTeMDJGQOmxKQHHJCzOmG5nio5OFPyJzAbZy9DkNiH8A
n6xp+YBtC3gL7NKufMo0ehVW4XMM4EkwKmpIRMHM+m9Q8lhsQxzPr2+GaDQwo18s
jkrEB4xK+wnscpsjz/c7hvNnutgdVjlCU7xhDuR+prb4dHwAqhraXDgrpZuhZC8M
+Wyau1/11VXAfY03e8i/CiFrE4d6h9li95EopBuO6EfcjWZGgMH80g==
=FSod
-----END PGP SIGNATURE-----






From alan at ctrl-alt-del.com  Wed Nov 27 11:31:47 1996
From: alan at ctrl-alt-del.com (Alan Olsen)
Date: Wed, 27 Nov 1996 11:31:47 -0800 (PST)
Subject: PBS Re-runs...
Message-ID: <3.0.32.19961127113058.00eef880@mail.teleport.com>


PBS locally was rerunning an episode of "Life on the Internet" last night.
It was the one about PGP and Phil Zimerman.

It was pretty old (by net standards).  Phil had just gotten his case
dropped.  (And they mentioned the FBI's "Search for the Unibomber" page.

What I found frightening about the whole thing was Jim Kalstrom's comments
during the whole thing.  He brought up the Four Horsemen, as well as their
brothers, cousins, sisters, and the contents of a large family horseman
reunion.  He kept mentioning as to how we had to be able to tap CRIMINALS.
What he never mentioned is who those suspected criminals are.  ("We have
met the enemy and they is us!")  Personally I found the argument on the
government side pretty weak.  (My wife's comment was that they got lazy
using all these newfangled toys and did not want to have to get back to
doing real police work and real investigations.)  Kalstrom made it pretty
clear by his own words that he wanted to "catch the bad guys" and he did
not care what rights he trod on doing it.

Phil came off real well on the program.

The one thing that failed to mention is the amount of foreign development
that has gone into PGP.  (As well as the availability of it at sites around
the world.)


---
|              "Remember: You can't have BSDM without BSD."              |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan at ctrl-alt-del.com|





From maldrich at grci.com  Wed Nov 27 11:39:25 1996
From: maldrich at grci.com (Mark O. Aldrich)
Date: Wed, 27 Nov 1996 11:39:25 -0800 (PST)
Subject: Your login/password for SafePassage beta
In-Reply-To: <199611271407.OAA14579@www.ukweb.com>
Message-ID: <Pine.SCO.3.93.961127142519.798G-100000@grctechs.va.grci.com>


On Wed, 27 Nov 1996, SafePassage Downloader wrote:

> You can now download SafePassage. You'll need the following login/password:
> 
> Login: cypherpunks at toad.com
> Password: 2xLBsxut
> 
> Go to http://stronghold.ukweb.com/safepassage/ and select "Download" -- 
> you'll be prompted for your login/password, after which you'll be able to
> download the software.   Make sure you keep your login/password
> private.   Revealing your login/password to anyone is a violation of the
> license agreement.

Is this to say that you wrote your license agreement with the foolish
premise that an e-mail address belongs to just one person?  Maybe you need
to really understand how the Internet works before you write a license
agreement based on incorrect assumptions and your personal preferences for
how things ought to be. 

------------------------------------------------------------------------- 
|It's a small world and it smells bad     |        Mark Aldrich         |
|I'd buy another if I had                 |   GRCI INFOSEC Engineering  |
|Back                                     |     maldrich at grci.com       |
|What I paid                              | MAldrich at dockmaster.ncsc.mil|
|For another mother****er in a motorcade  |Quote from "Sisters of Mercy"|
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------






From sfnf9uy at scfn.thpl.lib.fl.us  Wed Nov 27 11:40:49 1996
From: sfnf9uy at scfn.thpl.lib.fl.us (Napalm)
Date: Wed, 27 Nov 1996 11:40:49 -0800 (PST)
Subject: PO-2 Brain wave meters.
Message-ID: <Pine.SUN.3.95.961127135855.800A-100000@scfn>


Has NE1 heard of these things? Supposedly you plug it into your printer
port and it shows you your brain waves so you can try to reach "alpha"
waves or something. I think they cost around $500.
If it`s for real you could do some neat things with it; how bout your
computer waking up when you wake up...
	that terminator 2 plot comes closer every day....
NEway if anybody knows anything about it let`s have it.
 L8R	-Napalm					SFNF9UY at SCFN.THPL.LIB.FL.US






From hallam at ai.mit.edu  Wed Nov 27 11:44:35 1996
From: hallam at ai.mit.edu (Phillip M. Hallam-Baker)
Date: Wed, 27 Nov 1996 11:44:35 -0800 (PST)
Subject: IQ and age
Message-ID: <01BBDC71.A2A247E0@crecy.ai.mit.edu>




>Contrary to popular armchair psychology, there is no significant evidence 
>that IQ and age are inversely related.  In general, however, the older we 
>get, the less we use our brain, and it becomes like a muscle that we no 
>longer use.

Contrary to popular belief there is no sound evidence for believing many
of the claims made for IQ tests. IQ measures ones ability to do IQ 
tests and little else. 

They were originally invented as a means of measuring the response of 
mentally defective patients so that their progress under different
treatment regimes could be compared. 

There is no evidence to support the many claims made that IQ measures
"innate" intelligence. If you practice IQ tests your score will increase.
When I was 10 I used to spend each Friday afternoon practicing IQ tests 
for the entry examination to the upper school. My "IQ" increased by
30 points over that time, an most of the people in the class managed
to improve their score by at least 10.

>The point: Yes, you can improve your brain, and you can take proactive 
>steps to increase your IQ.

Absolutely, it may not be the best idea if you want to be able to fit
in socially however. You will then have to leave in a world where 
everyone you meet has a lower IQ.


	Phill











From hallam at ai.mit.edu  Wed Nov 27 11:44:41 1996
From: hallam at ai.mit.edu (Phillip M. Hallam-Baker)
Date: Wed, 27 Nov 1996 11:44:41 -0800 (PST)
Subject: Star Trek: First Contact
Message-ID: <01BBDC71.A4889410@crecy.ai.mit.edu>



>> Are any of the characters in the new Star Trek gay?

>The bold guy who plays Captain Picard is very gay in real life.
>(He probably hated all those love episodes with women :-)

Actually the opposite is the case, he is a notorious womanizer. He played
a gay man in the recent remake of La Cage aux Folles and made the point
that he has also played Stjannus in "I Claudius" and nobody asked if he
was a homicidal maniac.

Yet more proof that nothing Dimitri says is relevant or interesting.

	Phill








From hua at chromatic.com  Wed Nov 27 12:01:33 1996
From: hua at chromatic.com (Ernest Hua)
Date: Wed, 27 Nov 1996 12:01:33 -0800 (PST)
Subject: Hurray!  A good example of rational thinking ...
In-Reply-To: <199611271154.WAA26338@oznet02.ozemail.com.au>
Message-ID: <199611272000.MAA18790@server1.chromatic.com>



> From: Robin Whittle
>
> > Dorthy Denning is a boot-licking fasicist!!!
>
> It may be emotionally satisfying to rail against (what for us may be
> evident as) the wickedness and stupidity of our opponents.
> [SNIP]
> If we nod our heads to "Dorthy Denning is a boot-licking fasicist!!!"
> then we too are succumbing to groupthink.

I must commend Robin for a well-said comment.

It is truly counter-productive to insist on conspiracy theories and
anti-government rhetoric.  Sure, there have been conspiracies in the
past.  Sure, there have been more than our fair share of atrocities.

However, the real issues are privacy, security, freedom of speech, and
effective policy enforcement.  When we start calling names like "jack
booted thugs" and the like, we are sinking to the same low levels that
Freeh and (more appropriately) Gorelick use when they cry wolf and
foretell futuristic electronic meltdowns.

More importantly, while the public is cynical and skeptical, it isn't
exactly embracing the right-wing militia movements either.  It would
be a great disservice to the cause if cypherpunks were, in the minds
of the public, tightly associated with the likes of Timothy McVey.

Ern







From olbon at ix.netcom.com  Wed Nov 27 12:12:22 1996
From: olbon at ix.netcom.com (Clay Olbon II)
Date: Wed, 27 Nov 1996 12:12:22 -0800 (PST)
Subject: wealth and property rights
Message-ID: <1.5.4.32.19961127200939.006d71c0@popd.ix.netcom.com>


At 10:54 AM 11/27/96 -0800, Dave Kinchlea wrote:
>On Wed, 27 Nov 1996, Clay Olbon II wrote:
>> 
>> This is provably bullshit.  Look at the HUGE numbers of people in this
>> country who make the economic decision to do nothing and go on welfare vs.
>> going to work.  Examine carefully the economic performance of the US vs the
>
>I don't know how much people get on welfare in your country but I
>suspect that it is even less than in this country (Canada). Anyone who
>truly believes that people make the `economic decision to do nothing and
>go on welfare vs. going to work' has, in my opinion, no &^%* idea what
>they are talking about. Just try to *live* on a welfare wage for a few
>months to see how silly this thought is. While there may well be a few
>`welfare-moms' (which is not necessarily a bad thing, taking care of
>children is an investment for society), the vast majority of people on
>welfare (at least here)  would *much* rather get a decent job and work
>for their money. There are, perhaps, a few people who would rather not
>work for minimum wage (who find it impossible to feed their family on
>that) but I suspect that those folks are few and far between. 

The average welfare benefit (including food stamps, medicaid, and all the
other myriad programs) is $10/hr.  Compare to a minimum wage of $5/hr.
Offer most welfare recipients a minimum wage job and they will laugh in your
face.  (In fact, here in Michigan most employers are already paying several
$$ above minimum wage, and often these jobs are unfilled).

>> More bullshit.  You don't know what anyones motives are.  To ascribe your
>> motivations to Bill Gates is unrealistic.  
>
>But you claim to know the motives of those on welfare: pot->kettle->black

I don't claim to know the motives.  I am examining empirical evidence.  As
the welfare benefit increases, more go on welfare, as it decreases, less go
on welfare.  Someone is making economic decisions, consciously or
unconsciously.  

        Clay


*******************************************************
Clay Olbon			    olbon at ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl






From root at deimos.ceddec.com  Wed Nov 27 12:21:51 1996
From: root at deimos.ceddec.com (Tom Zerucha)
Date: Wed, 27 Nov 1996 12:21:51 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <329BA29F.B97@earthlink.net>
Message-ID: <Pine.LNX.3.95.961127145308.1948B-100000@deimos.ceddec.com>


On Tue, 26 Nov 1996, Stephen Boursy wrote:

>   Well the original issue we were discussing was the fact that
> a majority of wealth in the US in not earned--it is inherited.  That
> can be changed very quickly with proper legislation.

It may also be an advantage.  Anyone looking today at what passing wealth
onto the offspring does to them would make them more likely to give it to
someone else.  (I don't agree with Ayn Rand on everything, but Atlas
Shrugged has a short treatise on money, and one point she makes is that
inherited wealth is always squandered unless those who inherit it are as
good at handling it as the parent - I can also add, unless they go into
politics and rig the game).

>   As to your other issue here--earnings and limitations on accumulation,
> much would be equalized without inheritance.  But yes--there would
> still be accumulators--most would still produce regardless of
> limits because as I said their motives are not simply income--power,
> prestige, etc. all come in to play as well as the gratification that
> comes with winning.  Gates enjoys his cover on Time Mag. much more
> than a few extra million a day.

I believe in strong laws to prevent the accumulation of power.  Lord
Acton (Power tends to corrupt) was a Classical Liberal.  Wealth is one
form of power, but it is self regulating in that you can only do so
much damage until you go bankrupt.  When you own the guns, there is
much less limitation.  Gates can buy Time and put his face on every
week, but I don't think people would keep buying Time if Gates was the
only feature.  Time also puts Gates on because he is newsworthy.

>   But the basic answer to your argument--from my standpoint--is that
> some people are extremely intellegent, others very gifted in other
> ways, others very dull witted, etc.  Some possess artistic genius
> that can pay off immediately, others have none that is valued dollar
> wise by society.  I sincerly don't believe one has the right to
> live better than the other--that the rewards, if different, sould
> be negligable.  

The problem IS one of value.  When you say someone has a valuable
talent, that is not valued "dollar-wise", what value does it have?  If
you are setting yourself up as god you can give an answer, but
otherwise I don't think any of us have enough information.  Price
defines how valuable something ACUTALLY IS to society, not how much it
would be valued in Utopia, or in a particular person's utopia.

I like music of the period from Bach through Beethoven.  I, as god,
would discourage Sibelius and DeBussey from being played.  You
probably have different tastes, and as god, would favor different
music.  I express myself by buying recordings of Bach, Schubert, etc.
You buy others.  That is how the value is shown, and how rewards are
equitably distributed.  People like me paying for a CD of the goldberg
variations send information in the form of price to those considering
producing the recording.

Rock Stars and Atheletes are far more overvalued (and tend to be
corrupted by it) in a moral-philosophical sense, so should we close
down all the stadia, and only produce classical CDs - this would be
the first step toward your idea of a "just" society.

I think there are a lot of stupid people out there who would be happy
on half the income doing something they like.  But if someone values
money more than frustration, it is their choice, and I don't have the
right to violate it.  I like music, but am terrible at making it, so I
program, which I also like instead, and I don't do ironwork which
might pay well, but I don't enjoy.

I am left to the terrible justice of my own choices.

>   If I could make as much as I do know programming by working as
> a clerk in a convenience store or whatever I would still choose to
> do what I am doing.  If you are in a different situation you're
> in the wrong career.

Then I would suggest you live by your own words and become a store
clerk and work on free software.  You have no right to be happily
employed doing something you enjoy while there are miserable clerks
out there.  You should free an existing clerk to pursue his dream for
a while.  Or is it "A free market for me, but not for thee"?

I have a very good job BECAUSE it is what I like doing.  I could
easily double my income by changing my condition and battling uphill
as an independent contractor.  But I make a choice between money and
contentment.  We all do.  And I cannot set up a better system.

tz at execpc.com
finger tz at execpc.com for PGP key






From bgrosman at healey.com.au  Wed Nov 27 12:29:15 1996
From: bgrosman at healey.com.au (Benjamin Grosman)
Date: Wed, 27 Nov 1996 12:29:15 -0800 (PST)
Subject: First Contact
Message-ID: <2.2.32.19961128172612.00746164@healey.com.au>


Dear All,

Is there anything in First Contact to do with Crypto at all? Just that it
opened out here today, and I'm going to see it.

Yours Sincerely,

Benjamin Grosman




-------------------------------------------------------------
bgrosman at healey.com.au -- http://www.healey.com.au/~bgrosman/
		PGP Encrypted Mail Preferred

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzKNX9oAAAEEAOIx4HkRU4vckgguzERhVCxgy5psmngHUoW10Xl8kBkjnuc/
ACysH1K98UXlGfet9zjn/XN4RMnGq64EHXvJu56H7OHhwhoerTpVIW5MUYt+QExk
KKnRNrdq8WVGoaMywSM4qKbaJr8aNMBWkldUKR4NElvAjIEEO9z0msNPp33RAAUR
tClCZW5qYW1pbiBHcm9zbWFuIDxiZ3Jvc21hbkBoZWFsZXkuY29tLmF1PokAlQMF
EDKNX9vc9JrDT6d90QEBxVYEAL5nw1NiyaPpG8R2x7lNcqOcavj/cCmDYT8swT02
Z0AO0C7PGpgp9V38Yyki0FB3yaiJhIQ3Kw6xCtuI8f1F4Vfql/nZebzQERl8kTa4
sI/4xSKRT/Riw/wSGupagU1F1wYIPlXOCdUilIfLzVf4IOsxKjJMdm7aKladSxkV
N7Yg
=Yapx
-----END PGP PUBLIC KEY BLOCK-----








From olbon at ix.netcom.com  Wed Nov 27 12:36:26 1996
From: olbon at ix.netcom.com (Clay Olbon II)
Date: Wed, 27 Nov 1996 12:36:26 -0800 (PST)
Subject: wealth and property rights
Message-ID: <1.5.4.32.19961127203425.006dff10@popd.ix.netcom.com>


At 02:17 PM 11/27/96 -0500, Jim Wise wrote:
>Actually, at the risk of interrupting your little diatribe, the average
>welfare recipient is on the dole for under 4 months.  While we're on the
>subject, I may as well point out that the average welfare recipiant is also
>white, lives in a lower-middle class suburban neighborhood, and has two or
>fewer children, but you'd never know it from watching the pols...

Just because lots of white folks get it for a short time it must be OK then
;-) Welfare (and the so-called safety net) hurt far more people than it
helps.  The poverty rate in this country is unchanged after 30 years of
transfer payments totalling over a trillion dollars.  The worst living
conditions in the country are in areas of subsidized housing.  It ought to
start clicking with someone soon that the only people the current system
really helps are in Washington DC. I don't have a solution, but I can face
the reality that what we currently have doesn't work.  By extension, I
believe that most changes offered (more $$, minor tweaks to the system),
will offer similarly poor results.

>
>At any rate, as I mentioned in my last post, you and I are paying three times
>as much to corporate welfare as to personal welfare...
>
>[Source: Michael Moore _Downsize_This_, NY Crown Books, 1996]
 
Micheal Moore is far down on my list of reputable authors.  His point is
blatantly untrue, as it equates direct transfer payments (welfare) to tax
breaks (in the same light, your mortgage and dependant deductions should
count as transfer payments to individuals).  Not that I am for corporate
welfare.  Personally, I am for elimination of corporate income tax entirely
- who do you think really pays it?  Hint - it is you and me in higher prices
for goods and lower return on investments.  As such, it is the worst kind of
tax, an invisible one.

>> See my above points.  Implement this and prepare the for US to become a
>> third world country.  100% inheritance taxes would probably be the largest
>> incentive for people to leave (they leave now with ONLY a 50% inheritance
>
>Actually, the US has one of the lowest tax rates in the world, and far
>less of your tax money goes to welfare (or foreign aid, or disaster relief,
>etc.) than in any other industrialized nation...

BINGO!  You win the prize.  We also have lower unemployment, higher GDP
growth and more economic stability than any of the other large
industrialized counties. You think there might be a correlation there? 

>Yes, your taxes do go to those who are producing nothing, namely a bunch of
>CEOs and wealthy shareholders

This is just silly.  If you run a business you are employing lots of folks,
and you are delivering a product or service.  This is producing.  If you are
a shareholder, you are risking your capital to support a business, hoping
that business will grow, producing more jobs, etc.  Besides, because of the
growth of 401K plans, the majority of Americans now fall into the
shareholder category. 

>> them even greater incentives for producing nothing (heck, get welfare
>> payments up around $50K and I would quit work - I could find lots of
>> enjoyable and intellectually stimulating ways to keep myself busy!).
>
>Or welfare payments of up to $500 million at a shot, if you happen to be GE, or
>General Motors...

As I said, I don't agree with corporate welfare.  Of course, GM produces far
more jobs than the average welfare recipient.


>The only examples of large-scale socialism we have are in extremely statist
>environemnts.  Statism is brutal and innefficient no matter what economic
>system it pays lip service to.

Agreed.  But how do you redistribute wealth without a statist society?  The
only reason I pay taxes is because I will go to jail if I don't.

        Clay


*******************************************************
Clay Olbon			    olbon at ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl






From security at kinch.ark.com  Wed Nov 27 12:45:09 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Wed, 27 Nov 1996 12:45:09 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <1.5.4.32.19961127200939.006d71c0@popd.ix.netcom.com>
Message-ID: <Pine.LNX.3.95.961127123103.550D-100000@kinch.ark.com>


On Wed, 27 Nov 1996, Clay Olbon II wrote:
> 
> The average welfare benefit (including food stamps, medicaid, and all the
> other myriad programs) is $10/hr.  Compare to a minimum wage of $5/hr.
> Offer most welfare recipients a minimum wage job and they will laugh in your
> face.  (In fact, here in Michigan most employers are already paying several
> $$ above minimum wage, and often these jobs are unfilled).

I am not in a position to argue with you, I simply don't have the facts.
My question is, do You? can you cite where this figure came from, it
sounds like Republican rhetoric to me. Of course, I will point out, that
minimum wage is simply not enough to feed a family. It is (or at least
it should be) reserved for single folks just starting out. 
> 
> >> More bullshit.  You don't know what anyones motives are.  To ascribe your
> >> motivations to Bill Gates is unrealistic.  
> >
> >But you claim to know the motives of those on welfare: pot->kettle->black
> 
> I don't claim to know the motives.  I am examining empirical evidence.  As

Sure you do: "economic decision to do nothing and go on welfare vs.
going to work". It seems to me that you are claiming their motives are
econmic, is there some other way we should read that sentence?

> the welfare benefit increases, more go on welfare, as it decreases, less go
> on welfare.  Someone is making economic decisions, consciously or
> unconsciously.  

It takes an awful lot to prove a causal relationship, empirical evidence
notwithstanding. You haven't made your case, as far as I am concerned
(not that you need to convince me), there are a myriad of other factors
involved. I have no doubt that given two (or three) poor choices, most
will choose the lesser evil and that *may* mean choosing welfare over
working, but I seriously doubt that this is anything but a small
minority of the cases of people who are actually using the system.

You suggest that what ought to be done is give less welfare. If your
thesis is correct, I suggest that better paying jobs is the real answer
(assuming you agree that minimum wage is too little for most to live
on). Shrinking welfare payouts may serve to get people off welfare but
it won't make it any easier to live on low wages. We DO have a duty to
help our neighbours, do we not? Or has greed taken over entirely?

I repeat, however, I do not know enough about your system and I am going
to just shut up about it now.

cheers, kinch







From jw250 at columbia.edu  Wed Nov 27 12:47:06 1996
From: jw250 at columbia.edu (Jim Wise)
Date: Wed, 27 Nov 1996 12:47:06 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <199611271638.KAA30991@mailhub.amaranth.com>
Message-ID: <Pine.SUN.3.95L.961127153457.18734A-100000@merhaba.cc.columbia.edu>


On Wed, 27 Nov 1996, William H. Geiger III wrote:

[...snip...]

> socialism uses FORCE to take what it wants while the capitilism you have a
> free & volintary exchange.

No.  Some systems are based on coercion, some are based on freedom.  This is a
completely different issue from whether a system is based on sharing or
hoarding...  As several people have been trying to explain to you, there are
really _two_ axes at work here.  (Something, for all my differences with its
authors, the `Libertarian Test' shows quite well)  One the one hand, some ssytems
are statist while others are anarchistic/librtarian.  On the other hand, some
systems are based on individual ownership, while others are based on communal
cooperation.  These axes are completely independent.

In a statist system, it doesn't matter whether you call yourself a `socialism' or
a `capitalism' -- the state can only preserve itself through theft and brutality.

On the other hand, in a free system, you would have the option of pursuing
capitalism, hoarding goods to trade with those of similar beliefs, while those who,
as myself, believe that more can be accomplished by pooling efforts and resources
would be free to work toward such a community.  Surely you do not find socialism
so frightening that you would deny us the right to seek it _for_ourselves_...

> why is this so hard to understand??

Because it is a gross oversimplification based on a misunderstanding of the basic
issues at stake...

--
				Jim Wise
				System Administrator
				GSAPP, Columbia University
				jim at santafe.arch.columbia.edu
				http://www.arch.columbia.edu/~jim
				* Finger for PGP public key *






From root at deimos.ceddec.com  Wed Nov 27 12:49:39 1996
From: root at deimos.ceddec.com (Tom Zerucha)
Date: Wed, 27 Nov 1996 12:49:39 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.NEB.3.94.961127071424.513A-100000@localhost>
Message-ID: <Pine.LNX.3.95.961127142948.1948A-100000@deimos.ceddec.com>


We DON'T live in a "capitalist" (free market, if you prefer) society.  If
we didn't have socalism transferring wealth, I would not need to pay
taxes, nor worry about having government take my wealth at gunpoint. 

Saying that Argentina is "capitalist" is the mistake, not that it is an
example where it does not work.  I would like an example where socialism
does work - by "work" I mean that resources are used efficiently.  Hong
Kong and Singapore exist.  The latter is far from free, politically, but
the economic freedom leads to efficient use of resources.  The closest
thing to a "working" socialist society I can think of is a monastary (many
do become wealthy), but I don't think the majority of the population can
emulate it.  The Amish may be socialist, but are they economically
efficient?  Any real capitalist society will be inferior to an imaginary
socialist utopia, just as cars are far more efficient where inertia and
aerodynamics don't exist.

Also, to define terms (for the purposes here, and to correct confusion
from earlier posts):

Socialism is where the government controls the means of production (this
includes regulation, so that I may "own" a factory, but the government
tells me what to produce, and/or how much and/or at what price). 

Capitalism (or pick another word) is where private individuals
(potentially acting collectively in a corporation) control the means of
production, and make the decisions of what and how much to produce, and
what price to sell it at.  Capital is a factor in production.

By Capitalism, I don't mean corpratism.  Corporations find it in their
interest to pass protectionist laws and corporate welfare benefits and
thus destroy free enterprise.  If you can keep small businesses to a
minimum, they will have less chance of becoming competitors.  But
corpratism requires government to set the product, quantity, or price,
which is under my definition of socialism.

I also don't mean anarchy, in the sense that I have to protect myself
individually from violence, theft, and fraud.  That is one of the few
proper functions of government.  Trade doesn't flourish when each
monitary transaction is trumped by weapons.

My point is that the Capitalist (free enterprise) society will be
wealthier and happier than a socialist society, not that it will be
perfect.

Corporations will benefit from many things, even in a free enterprise
society - and I hope they do, since (with the current bias against
independent contractors - another socialist idea) I stand a better chance
of being employed and making money the more healthy corporations compete
for my labor.

tz at execpc.com
finger tz at execpc.com for PGP key










From adam at homeport.org  Wed Nov 27 12:57:10 1996
From: adam at homeport.org (Adam Shostack)
Date: Wed, 27 Nov 1996 12:57:10 -0800 (PST)
Subject: Sound card as a random number source ??
In-Reply-To: <199611271529.QAA00236@zenith.dator3.anet.cz>
Message-ID: <199611272052.PAA17382@homeport.org>


Have you tried it without a mike plugged in?
Always think about failure modes.

Adam


Pavel Korensky wrote:
| Hello,
| 
| when I read about hardware random number generators in this mailing list, I got
| one idea. Maybe it sounds crazy, but is it possible to use soundcard
| (SoundBlaster for example) as a source for really random numbers ?
| What if I connect the input line of the soundcard with some external source of
| noise, like FM receiver or Dolby Surround decoder (with built-in white noise
| generator) or tape recorder with blank (erased) tape. It is possible to sample
| the sound (noise) and use the sampled values as a random numbers ? And how much
| random is this source ? 
| I tried to find some mentions about this method with altavista, but I didn't
| found anything.
| 
| Bye PavelK
| 
| 
| --
| ****************************************************************************
| *                    Pavel Korensky (pavelk at dator3.anet.cz)                *
| *     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
| *  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
| ****************************************************************************
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From mwohler at ix.netcom.com  Wed Nov 27 13:04:56 1996
From: mwohler at ix.netcom.com (Marc J. Wohler)
Date: Wed, 27 Nov 1996 13:04:56 -0800 (PST)
Subject: NYC area Cpunks  Meeting?
Message-ID: <3.0.32.19961127155830.00688ce8@popd.ix.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

NYC area Cpunk's,

I have obtained a meeting place on the upper west side of Manhattan.
It is available on Tuesday or Thursday 12/17 or 12/19.
What would be your interest in a meeting (party?).
Ideas & suggestions for agenda-speaker-entertainment?

Season's Greetings to all,
Marc
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpyrGGeikzgqLB7pAQE2xwQAyVipF2GeVLQCW2MYhfnWt0RSMb+jiSAX
G9ufnekOv2Y54lpXX0rctpbjQ81bCZx4rpWfEzhnogteKhqx/DBYEH/2WCShmZW/
kk2ahsLcep30sBm3c6T3P0tN1qyi3hYHYZCOpK5ptkI1OGjX9FtGDrWSdY5lyWBT
RGIxqzpZtBw=
=fFNa
-----END PGP SIGNATURE-----







From olbon at ix.netcom.com  Wed Nov 27 13:10:14 1996
From: olbon at ix.netcom.com (Clay Olbon II)
Date: Wed, 27 Nov 1996 13:10:14 -0800 (PST)
Subject: wealth and property rights
Message-ID: <1.5.4.32.19961127210637.006e33c4@popd.ix.netcom.com>


At 12:46 PM 11/27/96 -0800, Dave Kinchlea <security at kinch.ark.com> wrote:
>On Wed, 27 Nov 1996, Clay Olbon II wrote:
>> 
>> The average welfare benefit (including food stamps, medicaid, and all the
>> other myriad programs) is $10/hr.  Compare to a minimum wage of $5/hr.
>> Offer most welfare recipients a minimum wage job and they will laugh in your
>> face.  (In fact, here in Michigan most employers are already paying several
>> $$ above minimum wage, and often these jobs are unfilled).
>
>I am not in a position to argue with you, I simply don't have the facts.
>My question is, do You? can you cite where this figure came from, it
>sounds like Republican rhetoric to me. Of course, I will point out, that
>minimum wage is simply not enough to feed a family. It is (or at least
>it should be) reserved for single folks just starting out.

Can't give you the exact date, but it was an article in our local paper (The
Detroit News).  The $10 figure is not exact, as the actual number varies
from state to state, I remember that number as being about average.
 
>> >> More bullshit.  You don't know what anyones motives are.  To ascribe your
>> >> motivations to Bill Gates is unrealistic.  
>> >
>> >But you claim to know the motives of those on welfare: pot->kettle->black
>> 
>> I don't claim to know the motives.  I am examining empirical evidence.  As
>
>Sure you do: "economic decision to do nothing and go on welfare vs.
>going to work". It seems to me that you are claiming their motives are
>econmic, is there some other way we should read that sentence?

You got me there :-)

>It takes an awful lot to prove a causal relationship, empirical evidence
>notwithstanding. You haven't made your case, as far as I am concerned
>(not that you need to convince me), there are a myriad of other factors
>involved. I have no doubt that given two (or three) poor choices, most
>will choose the lesser evil and that *may* mean choosing welfare over
>working, but I seriously doubt that this is anything but a small
>minority of the cases of people who are actually using the system.
>
>You suggest that what ought to be done is give less welfare. If your
>thesis is correct, I suggest that better paying jobs is the real answer
>(assuming you agree that minimum wage is too little for most to live
>on). Shrinking welfare payouts may serve to get people off welfare but
>it won't make it any easier to live on low wages. We DO have a duty to
>help our neighbours, do we not? Or has greed taken over entirely?

I don't mind helping my neighbors.  Of course, they live next door and I
know them!  The problem is that the welfare creates a system where behaviour
that is generally bad for society is subsidized.  The incentives are all
wrong.  And no, I don't think the minimum wage should be increased either.
Increasing the minimum wage at a time when you are pushing people off of
welfare is the wrong action, because it decreases the number of jobs
available.  

        Clay
*******************************************************
Clay Olbon			    olbon at ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl






From rah at shipwright.com  Wed Nov 27 13:49:01 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 27 Nov 1996 13:49:01 -0800 (PST)
Subject: Winn Sings on NPR
Message-ID: <v03007846aec26748e7e4@[206.119.69.46]>


As I write this, Winn Schwartau and a guy from RAND are riffing (at great
length) on NPR about InfoWar FUD.

ChingChing!

I love it when that cash register rings...

Cheers,
Bob Hettinga

-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From LISTSERV at DISPATCH.CNET.COM  Wed Nov 27 13:51:14 1996
From: LISTSERV at DISPATCH.CNET.COM (L-Soft list server at CNET, THE COMPUTER NETWORK (1.8b))
Date: Wed, 27 Nov 1996 13:51:14 -0800 (PST)
Subject: Your request to sign off the DISPATCH list
Message-ID: <199611272151.NAA17141@toad.com>


Wed, 27 Nov 1996 13:49:02


Hi,

If you're reading this message, then you  must have tried to reply to the
Digital Dispatch  or to one  of the  Shareware Dispatches. These  are all
read-only mailing lists.

If you  are trying to subscribe  or unsubscribe to a  Shareware Dispatch,
please follow  the instructions given  near the  end of your  most recent
dispatch, the procedure for eash list is slightly different.

If you're trying to subscribe or  unsubscribe, to Digital Dispatch, or if
you have changed  email addresses and would like to  receive mail at your
new address, please follow these instructions exactly:

1. To unsubscribe, send a message to dispatch at cnet.com with the following
in the body:

unsubscribe me at somewhere.com

For example unsubscribe janedoe at whatsup.com

Your name will be automatically be dropped from our distribution list.

2. To  subscribe a  new email  address in the  case of  a change,  send a
message from the account that  you wish to subscribe to dispatch at cnet.com
with the following in the body:

subscribe me at somewhere.com

For example subscribe janedoe at whatsup.com

Your name  will be automatically be  added to our distribution  list, and
you'll start receiving Digital Dispatch the very next week.

3. If  you have previously  attempted to unsubscribe without  success you
may have several usernames or aliases, or perhaps you're having your mail
forwarded from one machine to another. If this is the case, please follow
the instructions in the email message  you received from the "L-Soft list
server at C|NET: the computer network (1.8b)".

4.  If you  any questions  which  are not  answered here,  please send  a
message to support at cnet.com


Thanks for writing.

c|net's support staff-







From jbugden at smtplink.alis.ca  Wed Nov 27 13:52:47 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Wed, 27 Nov 1996 13:52:47 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
Message-ID: <9610278491.AA849142344@smtplink.alis.ca>


mpd at netcom.com (Mike Duvos) wrote:
>It is perhaps a point in Dr. Denning's favor that her most
>vitriolic detractors can spell neither "Dorothy" nor "fascist".
>
>I must admit that I am at a loss to understand the heat which
>Dorothy Denning generates on the Cypherpunks list
 
It should not surprise you too much, as people have often vilified those they
disagree with. 
 
The more you accept the other person as a human being, the more difficult it
becomes to dismiss their view without first confronting the issues. It's easier
to treat them as an idiot, and then their views becomes idiotic by association.

I know all this, and still I do it.

Ciao,
James






From LISTSERV at DISPATCH.CNET.COM  Wed Nov 27 13:52:55 1996
From: LISTSERV at DISPATCH.CNET.COM (L-Soft list server at CNET, THE COMPUTER NETWORK (1.8b))
Date: Wed, 27 Nov 1996 13:52:55 -0800 (PST)
Subject: Output of your job "cypherpunks"
Message-ID: <199611272151.NAA17143@toad.com>


> signoff dispatch
You are not subscribed to the  DISPATCH list under the address your message
came  from (cypherpunks at TOAD.COM).  You  are being  mailed some  additional
information with a few hints on getting your subscription cancelled. Please
read these instructions before trying anything else.

Summary of resource utilization
-------------------------------
 CPU time:        0.020 sec
 Overhead CPU:    0.020 sec
 CPU model:         2xPentium (192M)





From robertb at tritro.com.au  Wed Nov 27 14:38:41 1996
From: robertb at tritro.com.au (Robert Barnes)
Date: Wed, 27 Nov 1996 14:38:41 -0800 (PST)
Subject: List membership
Message-ID: <c=AU%a=_%p=Tritronics_.Aust%l=TRI_NT5-961127223754Z-327@net.tritro.com.au>


Is cypherpunks subscribed to some CNET new service list by design or
accident?

I looks like SPAM to me.

</enter confession mode>

I must admit that in my frenzy to unsubscribe I attempted to unsubscribe
cypherpunks.

</exit confession mode>

RAB

--------------------------------------------------------------
Robert Barnes                     Phone: +61 7 32529722
Engineering Manager               Fax:   +61 7 32571403
Tritronics (Australia) Pty Ltd    Email: robertb at tritro.com.au

PGP Key fingerprint
  =  02 A6 22 5E 26 D3 7C 4D  E2 91 9E 15 AC EA B1 58
Send e-mail with "get key" in the "Subject:" field to get
a copy of my public key





From snow at smoke.suba.com  Wed Nov 27 14:45:16 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 27 Nov 1996 14:45:16 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961127104249.550B-100000@kinch.ark.com>
Message-ID: <199611272302.RAA01129@smoke.suba.com>


> 
> On Wed, 27 Nov 1996, Clay Olbon II wrote:
> > This is provably bullshit.  Look at the HUGE numbers of people in this
> > country who make the economic decision to do nothing and go on welfare vs.
> > going to work.  Examine carefully the economic performance of the US vs the
> I don't know how much people get on welfare in your country but I
> suspect that it is even less than in this country (Canada). Anyone who
> truly believes that people make the `economic decision to do nothing and
> go on welfare vs. going to work' has, in my opinion, no &^%* idea what

     If you think that most people on welfare live _purely_ off welfare 
then you are smokin stupid weed. 

> they are talking about. Just try to *live* on a welfare wage for a few
> months to see how silly this thought is. While there may well be a few
> `welfare-moms' (which is not necessarily a bad thing, taking care of
> children is an investment for society), the vast majority of people on

     I would like to formally invite you to come live in my neighborhood 
for a couple weeks and see how these "welfare" moms are "taking care of 
their children". 

 welfare (at least here)  would *much* rather get a decent job and work
> for their money. There are, perhaps, a few people who would rather not
> work for minimum wage (who find it impossible to feed their family on
> that) but I suspect that those folks are few and far between. 

     You are living in a dream world. In most major cities there are NO 
full time minimum wage jobs left, other than waiting tables (which pays 
minimum + tips) Macdonalds starts people at 6 to 6.50 an hour. 

> > More bullshit.  You don't know what anyones motives are.  To ascribe your
> > motivations to Bill Gates is unrealistic.  
> But you claim to know the motives of those on welfare: pot->kettle->black
> Just to be clear, I don't really agree with the original points being
> made, but your views seem just as far off as the ones you are opposing, 
> perhaps further. 

    Speaking of Pot Kettle Black. 

    In the Chicago paper last sunday there were over 30 pages of Help Wanted 
ads. There is a lot of work out there, and there are a lot of agencies who
will help you find work, and train for work. There is no reason why anyone 
needs welfare. Stupid and lazy is not a reason. 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From mjmiski at execpc.com  Wed Nov 27 15:02:28 1996
From: mjmiski at execpc.com (Matthew J. Miszewski)
Date: Wed, 27 Nov 1996 15:02:28 -0800 (PST)
Subject: PO-2 Brain wave meters.
Message-ID: <199611272301.RAA18971@mail.execpc.com>


> Subject:       PO-2 Brain wave meters.

Have not heard of them.  Doubt they exist in any end-user, commercial 
product.  Take it from someone who has gone through fun 
Electro-encephelagrams (EEG) before.  You don't want to.


> Has NE1 heard of these things? Supposedly you plug it into your printer
> port and it shows you your brain waves so you can try to reach "alpha"
> waves or something. I think they cost around $500.
> If it`s for real you could do some neat things with it; how bout your
> computer waking up when you wake up...
> 	that terminator 2 plot comes closer every day....
> NEway if anybody knows anything about it let`s have it.
>  L8R	-Napalm					SFNF9UY at SCFN.THPL.LIB.FL.US

Matt 
_________________________________________________________________________
Matthew J. Miszewski                 |               <mjmiski at execpc.com>
Practice Crypto Civil Disobedience   |  Export your favorite Cryptosystem
-------------------------------------------------------------------------
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From sven at loop.com  Wed Nov 27 15:06:46 1996
From: sven at loop.com (Sven)
Date: Wed, 27 Nov 1996 15:06:46 -0800 (PST)
Subject: God described
Message-ID: <2.2.32.19961127223906.00a55e78@pop.loop.com>


>
>                        MATHEMATICAL MODEL OF GOD AND JESUS
>
>Sexual Sin and Christians
>
>   19940404
>
>   Charles Magee (Not available via Internet),
>   See also:
>     * Classification of Religions
>     * Life After Death
>
>This article's surreality index is 'U' (unreal).
>
>To solve the question of if sex is a sin in Christianity, the following
>model has been constructed.  In this model God is a point mass, centered
>at the origin of our XYZ space.  Christ, we assume, is at the right hand
>of God, about 100 centimeters away.  His mass is probably around 75
>kilograms.
>
>Since God has a very large mass (a bit less than infinity), Christ, who
>we assume is in a circular orbit around God, has a very large momentum,
>and hence has a very small wavelength.  This means that Christ's
>uncertainty is quite small, so we can therefore conclude that he is
>fairly certain in all that he does.
>
>Now let us consider a sinner.  We shall place him at a large distance from
>God, say one inch and 45 million light-years.  He, being at a constant
>distance from God and thus in a circular orbit, and having approximately
>the same mass as Christ, will be travelling significantly slower than
>Christ, and will therefore be more uncertain.  One should also consider,
>however, that since Christ's orbit could fit in a kiddie pool, while the
>sinner's would encompass not only our galaxy, but a few of the nearby ones
>as well, that the sinner gets around more, sees more, and is generally a
>more knowledgeable guy than the Savior.  This fits in with traditional
>wisdom.
>
>Mary, the Mother of Jesus, being a fairly pure person, is close to God.
>This means that she must be a fast woman.  From this situation we can draw
>the conclusion that sinners have a lot more potential than saints, since
>less of their energy is stored as kinetic energy.  Further insights can be
>gained when we look at the situation of the heathen.
>
>A heathen is someone who, in general, is not affected by God.  This means
>that they are at least an infinite distance from him.  Now, assuming that
>one of these folk starts, by random causes, to travel towards God, he will
>convert his potential energy to kinetic energy during the approach, or
>descent.  Since he started out an infinite distance away, but with some
>kinetic energy of his own, he will approach God on a hyperbolic trajectory
>and then disappear into space again, never to be seen again.  If his
>approach is such that it brings him inside the orbit of The Son of God,
>then right after his closest approach, the heathen's velocity will be
>greater than Jesus', which means that he will be more sure of himself in
>his escape than Christ who is in orbit.  This is an interesting notion,
>but some of the side ramifications are even more intriguing.
>
>Without any orbiters, therefore, God would not be able to attract anyone;
>all approaching bodies would have either parabolic or hyperbolic
>trajectories.  However, once God has an orbiter, the two of them could
>collaborate to capture other bodies.  This means that heathens that get
>too close to believers in their approaches might get trapped, and by the
>same token, believers who are buzzed by heathens could be ejected.
>
>And what, the reader asks at this point, does any of this have to do with
>sex?  Well, the answer is this:  Sex, as we all know, is the union of two
>or more people.  This, in our analogy, would be represented as a collision.
>Now, in Christianity, almost all of the holy figures are male.  For God, a
>collision between any of these close in folk would be disastrous, because,
>even if we assume they are indestructible, such a high energy collision
>would either:
>
>          A) Eject one of the men out of orbit (becoming a heathen)
>          B) Cause one of them to fall into God (to die)
>          C) Give them highly irregular elliptical orbits (becoming a
>             doubter)
>
>All of these would be bad for God, because in the first two he would lose
>orbiters, making His chance at capturing new ones less, and in the third
>case He would have a much greater chance of more collisions, as the
>elliptical orbiters would cross many of the unaffected circular orbits.
>Therefore, God probably disapproves of these collisions.

|__
   |--> SVEN: a.k.a. Chris Blanc
        Internet consulting/Web design
		
		[ http://www.loop.com/~sven/ ]

Some only sample the dark wine of life's blood...






From mpd at netcom.com  Wed Nov 27 15:30:37 1996
From: mpd at netcom.com (Mike Duvos)
Date: Wed, 27 Nov 1996 15:30:37 -0800 (PST)
Subject: Turning Peas Into Stars
Message-ID: <199611272330.PAA10125@netcom23.netcom.com>


In sci.math, David Madore <madore at clipper.ens.fr> writes:

 > Fanciful but true statement: it is possible to cut a pea in a
 > finite number of pieces, and rearrange them so as to make a ball
 > the size of the sun (leaving no holes, of course).

Nothing to do with crypto, of course, but at least it has something
to do with math. 

Does anyone remember Martin Gardner's April Fool's Day "Mathematical
Games" column in Sci Am in which he proposed the Banach-Tarski Paradox
as a practical method of turning a solid gold sphere into two solid
gold spheres each identical to the original?

A nice illustration of why all sets can't be measurable. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $








From snow at smoke.suba.com  Wed Nov 27 15:51:27 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 27 Nov 1996 15:51:27 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.SUN.3.95L.961127135907.23624C-100000@aloha.cc.columbia.edu>
Message-ID: <199611272312.RAA01152@smoke.suba.com>


> On Wed, 27 Nov 1996, Clay Olbon II wrote:
> > This is provably bullshit.  Look at the HUGE numbers of people in this
> > country who make the economic decision to do nothing and go on welfare vs.
> > going to work.  Examine carefully the economic performance of the US vs the
> Actually, at the risk of interrupting your little diatribe, the average
> welfare recipient is on the dole for under 4 months.  While we're on the
> subject, I may as well point out that the average welfare recipiant is also
> white, lives in a lower-middle class suburban neighborhood, and has two or
> fewer children, but you'd never know it from watching the pols...

     These people are using welfare as it was intended to be used, and while 
they are the vast majority numbers wise, they probably account for less than
40% of expendatures. 

> At any rate, as I mentioned in my last post, you and I are paying three times
> as much to corporate welfare as to personal welfare...

    Which should be eliminated completely and with as much haste as possible. 

> > tax).  And who would get the money?  Those who are producing nothing, giving
> Yes, your taxes do go to those who are producing nothing, namely a bunch of
> CEOs and wealthy shareholders
 
     Wealthy shareholders may not be producers in the strictest sense of the 
word, but without them (or rather without their capital) many businesses ]
would not have been able to grow or get started. They produce _jobs_ which 
is more that can be said of your average machine-punch operator. 

     CEO's produce decesions(sp?). That is sufficient for the shareholders. 
   

> > Bullshit.  See above.
>You keep using that word...  I do not think it means what you think it means...

    You sure do. 

> > You are extremely idealistic.  Try coming back to reality.  Examine the
> > "test cases" for the policies you advocate (and there are plenty of examples
> > of socialist policies both in this country and others) - and realistically
> The only examples of large-scale socialism we have are in extremely statist
> environemnts.  Statism is brutal and innefficient no matter what economic
> system it pays lip service to.

     Socialism can _only_ exist in an extremely statist enviroment.
 
Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com





From hua at chromatic.com  Wed Nov 27 15:55:21 1996
From: hua at chromatic.com (Ernest Hua)
Date: Wed, 27 Nov 1996 15:55:21 -0800 (PST)
Subject: TV/Radio: Crypto Policy on NPR
Message-ID: <199611272353.PAA04644@ohio.chromatic.com>


McNeil & Lehear (sp?)  (ok, I know, one of them is gone, but I forgot
which) News Hour had a segment on crypto policy.  Generally a balanced
non-technical report, except that there is no mention of the free
speech issue.

If there is a repeat near you, it's worth listening to, to hear (or
see) what the informed non-technical public hears (sees).

Ern





From security at kinch.ark.com  Wed Nov 27 15:59:17 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Wed, 27 Nov 1996 15:59:17 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <199611272302.RAA01129@smoke.suba.com>
Message-ID: <Pine.LNX.3.95.961127145412.550E-100000@kinch.ark.com>


On Wed, 27 Nov 1996, snow wrote:
You are clearly an angry young man. I am sorry you have such a poor
opinion of people, I am even more sorry if it is justified. You can
believe me or not, but what you describe is *not* the ordinary case in
this country. Of course, in this country we have a disgusting 10+%
unemployment rate. Even if people DO want to work, there are no jobs.

All that aside, I can tell you do not have a family if you thing that
$6.50/hr is a living! Even accounting for the difference in our dollar,
I would say that is barely subsistence income for a single person. Are
we *all* not worthy of more than that?

cheers, kinch


Key fingerprint =  CE 54 C3 93 48 C0 74 A0  D5 CA F8 3E F9 A3 0B B7 






From mclow at owl.csusm.edu  Wed Nov 27 16:03:20 1996
From: mclow at owl.csusm.edu (Marshall Clow)
Date: Wed, 27 Nov 1996 16:03:20 -0800 (PST)
Subject: New white house internet commerce report
Message-ID: <v03100a00aec2842b0214@[207.67.246.99]>


the full report can be found at:
	<http://www5.zdnet.com/zdnn/content/inwo/1127/inwo0001.html>

Whitehouse Releases Blueprint For Major Net Issues Concerning Government 
And Commerce 
By Will Rodger 
November 27, 1996 02:35:13 PM EST
Inter at ctive Week Online 

The White House will release a blueprint for the governance of personal 
and business transactions over the Internet early next week that 
drafters and industry alike say marks a turning point in the Clinton 
administration's approach to cyberspace.

The document, a product of an 18-agency working group headed by 
presidential Senior Adviser Ira Magaziner, covers every cyberspace major 
issue before governments and Internet users worldwide. Though in many 
ways it is a restatement of approaches already suggested elsewhere, the 
document urges a shift towards free market forces on the Net and a 
rejection of government interference in electronic commerce.

The blueprint also represents the first time the administration has 
issued unambiguous policy statements regarding tariffs, censorship on 
the Internet and establishment of a body of international law for 
commerce.

[more snipped]

-- Marshall

Marshall Clow     Aladdin Systems   <mailto:mclow at mailhost2.csusm.edu>

Warning: Objects in calendar are closer than they appear.







From whgiii at amaranth.com  Wed Nov 27 16:48:16 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Wed, 27 Nov 1996 16:48:16 -0800 (PST)
Subject: Hurray!  A good example of rational thinking ...
In-Reply-To: <199611272000.MAA18790@server1.chromatic.com>
Message-ID: <199611280202.UAA04506@mailhub.amaranth.com>


-----BEGIN PGP SIGNED MESSAGE-----

In <199611272000.MAA18790 at server1.chromatic.com>, on 11/27/96 at 04:00 PM,
   Ernest Hua <hua at chromatic.com> said:


>> From: Robin Whittle
>>
>> > Dorthy Denning is a boot-licking fasicist!!!
>>
>> It may be emotionally satisfying to rail against (what for us may be
>> evident as) the wickedness and stupidity of our opponents.
>> [SNIP]
>> If we nod our heads to "Dorthy Denning is a boot-licking fasicist!!!"
>> then we too are succumbing to groupthink.

>I must commend Robin for a well-said comment.

>It is truly counter-productive to insist on conspiracy theories and
>anti-government rhetoric.  Sure, there have been conspiracies in the
>past.  Sure, there have been more than our fair share of atrocities.

>However, the real issues are privacy, security, freedom of speech, and
>effective policy enforcement.  When we start calling names like "jack
>booted thugs" and the like, we are sinking to the same low levels that
>Freeh and (more appropriately) Gorelick use when they cry wolf and
>foretell futuristic electronic meltdowns.

>More importantly, while the public is cynical and skeptical, it isn't
>exactly embracing the right-wing militia movements either.  It would
>be a great disservice to the cause if cypherpunks were, in the minds
>of the public, tightly associated with the likes of Timothy McVey.

Not at all. We need more people shouting from the mountain tops at what are governments
are doing.

We are not as free as we were 10yrs ago. We are not as free as we were 100yrs ago. Hell we
are not as free as we were under King George over 200yrs. ago!!

The issue of cryptology is only one area of attack on our freedoms. Just one small piece
in the Big Picture. Below are some of the some of the trends we have to look forward to:

National ID's:
- --------------

All citizens will be required to be registered with the state. The state will require any
changes in address.

The administration tried this once already with their failed "health care" plan.

Tracking of movement of all citizens:
- -------------------------------------

Experiments on this is going on right now with cellular phones that transmit location of
cars. (actually the phones just send out a signal and the receivers triangulate on them).

Also "alarm" systems that can be activated by police to transmit location of vehicles.
(same principal as above).

Display of documentation for all Public transport:
- --------------------------------------------------

The Airlines are just a start.

It should be noted that it is only a matter of time before travel permits are required.

Display of documentation for Employment:
- ----------------------------------------

Got to get those nasty Illegals.

hmmm... How long before the right to work is considered a privilege?


Electronic Cash:
- ----------------

Paper & Coin money will be eliminated. Everyone will have their Debit cards in which all
transactions will be recorded. This is currently being done with Credit Cards.

IMHO anonymous e-cash will not survive government control.


Automated Drift-Net Fishing of Phone conversations:
- ---------------------------------------------------

With the continued advance in Voice Recognition the police forces will soon put this
technology to use. A prime example is the Fbi's request for the ability to tap 1% of all
lines. The FBI has nowhere the staff or budget to make use of this many taps. They only
way such a system is feasible is with automated systems searching for key words/phrases.

Federal Thought Crimes:
- -----------------------

Currently certain types of "political incorrect" speach are Illegal.

As distasteful as the word "Niggar" is I don't not consider it a crime to say it
regardless of how offensive it may be. Any while telling dirty jokes in front of one's
secretary may not be polite I don't consider that illegal either. Will doing either of
these will get you nailed on civil rights violations & sexual harassment charges.

Others are treated as illegal even if not formally so.

Bill Clinton after the Oklahoma bombings tried blaming "Rush Limbaugh" for the incident.
Rush's crime?? Being opposed to the political party in power at the time. 


Internet Drift-Net Fishing:
- ---------------------------

Much simpler than the phone lines as everything is already in text (e-mail).


GAK (THE BIG LIE):
- ------------------

In all the Clipper proposals from the government it has always been said that it would be
a voluntary system. This is the BIG LIE. For GAK to have a chance of working it must have
the following qualities:

1) Mandatory.

2) All other forms of encryption must be made illegal.

3) Must be global.

The administration is hard at work on #3 by putting pressure on its trading partners to go
the GAK way. #1 & #2 wouldn't be made public policy until the infrastructure is in place.
The EFF has recovered some documents through the Freedom of Information Act that state
just that (what wasn't blocked out).


Loss of property rights:
- ------------------------

A couple of months ago Bill Clinton by Presidential Order STOLE over 1 million acres of
land. This land contained some of the richest, low sulfur, coal fields in the country. 




Now you criticize me for not playing nice with people who either through deliberate
planning or ignorance aid and abet the above policies?? Sorry but I will not. I am not a
sheep & I will not lay down and be slaughtered.

Now I am not calling for out & out anarchy but neither will I support or condone those who
so blatantly disregard the Constitution, the Bill of Rights, and basic human rights &
dignities.


I was born a free man, in charge of my destiny, with inalienable right endowed by my
creator. I will not be made a slave of the state but will fight and die a free man.


- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
*MR/2 ICE: "Do your parents *know* you are Ramones?" - Ms. Togar

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpzUI49Co1n+aLhhAQHu2gQAlBbVMGH0DEgPqkvCnkavPEcP12HZXevG
hHmP9EPKOz5ON9E5BdhIYUeiCmQh8qIuG5DTIDAsFjCAsFqZjJfHlRv64RkYZv1Z
RQQsVzJV/tXBP4FzhnOOpfWCzwOgaLVEL+YwxS09O87B693eLBKVtjptD89MUSOl
GagJf8vygzY=
=VdNx
-----END PGP SIGNATURE-----
 
*MR/2 ICE: Win3.1? For fast relief call 800-3-IBM-OS2.






From adam at homeport.org  Wed Nov 27 16:51:02 1996
From: adam at homeport.org (Adam Shostack)
Date: Wed, 27 Nov 1996 16:51:02 -0800 (PST)
Subject: Israel crypto restrictions
In-Reply-To: <Pine.GSO.3.95.961125190042.16124A-100000@nebula>
Message-ID: <199611280046.TAA18800@homeport.org>


Jyri Kaljundi wrote:

| The real question is, why can't Checkpoint who manufactures the Firewall-1
| sell DES version in Europe, but only in US and Canada. Elsewhere they use
| a proprietary algorithm called FWZ (48-bit). I have not any analysis done
| on FWZ so I don't think anyone is using it.

	They're listed on NASDAQ (CKP).  This makes them an American
company for purposes of export controls.  (This from an employee of
Checkpoint who I asked that exact question.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From allyn at allyn.com  Wed Nov 27 17:34:00 1996
From: allyn at allyn.com (Mark Allyn 206-860-9454)
Date: Wed, 27 Nov 1996 17:34:00 -0800 (PST)
Subject: First Contact
In-Reply-To: <2.2.32.19961128172612.00746164@healey.com.au>
Message-ID: <199611280137.RAA03347@mark.allyn.com>


I think that the character Data uses either PGP or some
sort of crypto system to lock up the ship's computer.

At least if you spend any reasonable time here in 
cypherpunks, coderpunks, or other crypto related
areas, you should recognise what he uses. 

I have not seen seen it; I am guessing that maybe
they are using something to excite the juices of
us Internet folks.

Mark





From deviant at pooh-corner.com  Wed Nov 27 17:43:52 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Wed, 27 Nov 1996 17:43:52 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <4g12XD8w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.94.961128014103.7011A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Mark Allyn 206-860-9454 <allyn at allyn.com> writes:
> 
> > Are any of the characters in the new Star Trek gay?
> 
> The bold guy who plays Captain Picard is very gay in real life.
> (He probably hated all those love episodes with women :-)
> 

Patrick Stewart is married, isn't he?

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

A casual stroll through a lunatic asylum shows that faith does not prove
anything.
		-- Friedrich Nietzsche


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpzt2jCdEh3oIPAVAQHbnwf+NvpCdksFCALMF4bq/Uk4Cm09slO0uCS+
MBTDHZHjRnpSd2Dm8iHk2XkRfg6QLB79KVW3wWvT6wAClX5+cT7+KaMRuWZ5L5Ck
qxHCHK+S0Mm+lfVAWpRG/XR4U2SBwKMasi5sbTuyzumlDnkEIwbqEMBbdaWd6Z+r
CnYiVXEicmR29xCbfbRYdUbCpc/fgJHNOC4WetEt/9mdXEiXi26tzI2bF1TjvjtI
sr6grbrWQvW8EtIJukTPr0LK825xeOkGMNEhX09GlZS+7+5czV+4RxAHBVSWMupC
kgQV24pmAk8X/o8s6Y0dp/3GjEuJWIlY1s77hEBgt7vGVKcWsFdtFg==
=hvRL
-----END PGP SIGNATURE-----






From hua at chromatic.com  Wed Nov 27 17:44:53 1996
From: hua at chromatic.com (Ernest Hua)
Date: Wed, 27 Nov 1996 17:44:53 -0800 (PST)
Subject: Hurray! A good example of rational thinking ...
In-Reply-To: <199611280201.UAA04501@mailhub.amaranth.com>
Message-ID: <199611280144.RAA19906@server1.chromatic.com>



> > It is truly counter-productive to insist on conspiracy theories and
> > anti-government rhetoric.  Sure, there have been conspiracies in the
> > past.  Sure, there have been more than our fair share of atrocities.
>
> > However, the real issues are privacy, security, freedom of speech, and
> > effective policy enforcement.  When we start calling names like "jack
> > booted thugs" and the like, we are sinking to the same low levels that
> > Freeh and (more appropriately) Gorelick use when they cry wolf and
> > foretell futuristic electronic meltdowns.
>
> > More importantly, while the public is cynical and skeptical, it isn't
> > exactly embracing the right-wing militia movements either.  It would
> > be a great disservice to the cause if cypherpunks were, in the minds
> > of the public, tightly associated with the likes of Timothy McVey.

> Not at all. We need more people shouting from the mountain tops at
> what are governments are doing.

I do believe we need to get more visibility on the seriousness of the
issues.  I don't think the average person understands why it was so
hard to conspire against the people before the telecommunications age,
and why it "could" (not necessarily "would") be now.

There is a lot of knowledge to pass on before someone can truly
appreciate the extent of the need for privacy and freedom protections.
While it is bad that the extent of the body of knowledge turns off
most people's willingness to learn, the sheer vastness of the task of
setting up this infrastructure also makes it very difficult for the
NSA or any other agency to become the secret puppet master.

Not that they have not been trying.

But to accuse them of necessarily harboring evil purposes is not only
counter-productive, but most probably incorrect.  Most public sector
servants are not the New World Order loonies that the militia's have
been prepared to fight.  It would be safe to say that the NSA, the CIA
and the FBI are filled with mostly red-blooded Americans with solid
allegiance to the basic principles which you and I cherish.

The questions is, why have 3 branches of government?  Why have
multiple conflicting agencies for any given task or goal?  Why not
just choose a "good guy" once and for all and let him (or her) do the
"right thing"?  It's not that we don't trust him when we first elect
him.  It's a question of what he would do with that power?  And those
that succeed him?

That is why we don't "just trust them".

It's too bad that we can't hold Reagan responsible for Iran-Contra
just because he's presiding over the executive branch at the time.
After all, we expect him to be responsible (whether he knew about it
or not).  Why not drop all these stupid laws that PREVENT the citizens
from suing the government for incompetence?

> We are not as free as we were 10yrs ago. We are not as free as we
> were 100yrs ago. Hell we are not as free as we were under King
> George over 200yrs. ago!!

I seriously doubt you "long" for the King George days.  If you do,
well, we are just not in the same universe.

> The issue of cryptology is only one area of attack on our
> freedoms. Just one small piece in the Big Picture. Below are some of
> the some of the trends we have to look forward to:
>
> National ID's:
> Tracking of movement of all citizens:
> Display of documentation for all Public transport:
> Display of documentation for Employment:
> Electronic Cash:
> Automated Drift-Net Fishing of Phone conversations:
> Federal Thought Crimes:

Have you ever consider the possibility that maybe ... just maybe ...
the government really IS as incompetent as it is reputed to be?

Consider this ...

If you were a know-nothing beaurocrat, how would you run a large
institution?  Top-down?  Probably.  Gather as much info as you can?
Of course.  Require that everyone trust your judgement (a la
"executive priviledge")?  Naturally.  If there were guaranteed
political opposition, no matter what you do, would you just push
for more power/priviledge/money in everything you do?  Damn right!
Especially if you don't know how many of these things you push for
will be won ...

Oh, and there is this minor problem with some of these methods
clashing with the Constitution ...  Oh bother!

I'm simply saying that it natural for the branch of the government
primarily responsible for law enforcement and national security to
care deeply about that side of any issue.  If I were president, I
would play the same political games Clinton is playing.  A president
is not just responsible for the specific free speech of programmers or
specific privacy rights of individuals.  He is responsible for a much
bigger picture.  It just so happens that, in our nation, we value
"individual" liberty much more than anything else (including anybody
else's "big picture").  Therefore, there are a lot of people against
the more obvious methods of invasion of privacy.  But let's face it,
the public just isn't very informed or consistent on the topic; it is
just easily swept up in hysteria.

> I was born a free man, in charge of my destiny, with inalienable
> right endowed by my creator. I will not be made a slave of the state
> but will fight and die a free man.

You were born to your mother and father, who are members of a society
which has long built up imperfect infrastructures for surviving and
thriving on the land which it depends.  If you were alone in the vast
American plains, you can claim you have infinite rights, and no one
would disagree with you.  You, your mother, your father, make
trade-offs everyday on your purest rights versus your practical
rights.  Your purest rights are mostly given lip service, and then
where it matters more, protected by gentlemen's agreements, sometimes
backed by force.  But the right itself is not enforced by any real
means.  It is the threat of punishment that keeps the right from being
violated.

Cryptography is one of those interesting areas where, for once, man
can prove, for all practical purposes, that there is a hard limit
somewhere that he can draw.  More importantly, it is also genuine
protection of a "right", specifically, a right to privacy, which
society previously protected using the old methods (threat of
punishment).

Imagine a line in the sand ... if you cross it, someone shoots you in
the leg.  You can still cross it, but you'll suffer the consequences.
With cryptography, you cannot cross it, no matter what you do.  This
brings into question whether or not it was useful (to you and to
society) to shoot you MOST of the time, but not if you present a good
reason to cross it first.

THIS is the interesting part of all of this.  I don't like to see this
issue drowned out by all the conspiracy talk (which no one on this
list is in any position of proving or fixing unilaterally).

Ern







From allyn at allyn.com  Wed Nov 27 17:45:11 1996
From: allyn at allyn.com (Mark Allyn 206-860-9454)
Date: Wed, 27 Nov 1996 17:45:11 -0800 (PST)
Subject: PO-2 Brain wave meters.
In-Reply-To: <Pine.SUN.3.95.961127135855.800A-100000@scfn>
Message-ID: <199611280149.RAA03445@mark.allyn.com>


> Has NE1 heard of these things? Supposedly you plug it into your printer
> port and it shows you your brain waves so you can try to reach "alpha"
> waves or something. I think they cost around $500.
> If it`s for real you could do some neat things with it; how bout your
> computer waking up when you wake up...
> 	that terminator 2 plot comes closer every day....
> NEway if anybody knows anything about it let`s have it.
>  L8R	-Napalm					SFNF9UY at SCFN.THPL.LIB.FL.US

Yes. I was connected to one when I was about 5 years old. I am 43
now.

My psychiatrist was doing tests on me at that time.

The device was made by a company called Grass Instruments. It was
located at the James Jackson Putman's Childrens' Center, which is
located in Roxbury, which is near Boston, Mass. 

My psychiatrist, who is Dr. Norman Paul, now on the medical school
faculty at Harvard University would know more about it and about 
the company.

Mark Allyn
allyn at allyn.com





From dlv at bwalk.dm.com  Wed Nov 27 18:00:18 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:00:18 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <Pine.LNX.3.94.961128014103.7011A-100000@random.sp.org>
Message-ID: <g1y3XD2w165w@bwalk.dm.com>


The Deviant <deviant at pooh-corner.com> writes:
> >
> > > Are any of the characters in the new Star Trek gay?
> >
> > The bold guy who plays Captain Picard is very gay in real life.
>
> Patrick Stewart is married, isn't he?

To a man or a woman?

Meeeeauw!
Meeeeauw!
Meeeeauw!
Meeeeauw!

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Wed Nov 27 18:00:27 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:00:27 -0800 (PST)
Subject: NYC area Cpunks  Meeting?
In-Reply-To: <3.0.32.19961127155830.00688ce8@popd.ix.netcom.com>
Message-ID: <6wy3XD1w165w@bwalk.dm.com>


"Marc J. Wohler" <mwohler at ix.netcom.com> writes:
>
> NYC area Cpunk's,
>
> I have obtained a meeting place on the upper west side of Manhattan.
> It is available on Tuesday or Thursday 12/17 or 12/19.
> What would be your interest in a meeting (party?).

I might be interested, although I do _not_ consider myself a "cypherpunk".

> Ideas & suggestions for agenda-speaker-entertainment?

"Timmy May and his sexual perversions."

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Wed Nov 27 18:10:20 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:10:20 -0800 (PST)
Subject: Hurray!  A good example of rational thinking ...
In-Reply-To: <199611272000.MAA18790@server1.chromatic.com>
Message-ID: <c4y3XD3w165w@bwalk.dm.com>


Ernest Hua <hua at chromatic.com> writes:
>                                                             It would
> be a great disservice to the cause if cypherpunks were, in the minds
> of the public, tightly associated with the likes of Timothy McVey.

Or Timothy C. May (fart), a clueless moron totally ignorant of cryptography.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Wed Nov 27 18:12:04 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:12:04 -0800 (PST)
Subject: Star Trek: First Contact
In-Reply-To: <01BBDC71.A4889410@crecy.ai.mit.edu>
Message-ID: <g6y3XD4w165w@bwalk.dm.com>


"Phillip M. Hallam-Baker" <hallam at ai.mit.edu> writes:
> Actually the opposite is the case, he is a notorious womanizer.

Are _you gay, Phil?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From rah at shipwright.com  Wed Nov 27 18:12:29 1996
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 27 Nov 1996 18:12:29 -0800 (PST)
Subject: Issuers of E-money
Message-ID: <v03007856aec29fb43cc7@[206.119.69.46]>



--- begin forwarded text


Date: Thu, 28 Nov 96 01:31:21 +0100
To: dcsb at ai.mit.edu
Subject: Issuers of E-money
From: a9050756 at unet.univie.ac.at (Mike Alexander)
Sender: bounce-dcsb at ai.mit.edu
Precedence: bulk
Reply-To: a9050756 at unet.univie.ac.at (Mike Alexander)


I'd like to compile a current list of actual Internet-based E-money issuers
and
wich technology they are using; pls. mail me any additions to the list from
the
Cybercash homepage below. I will then post the complete list back here if
it's
long enough.  (info on trials is OK also) THX

American Heritage Bankcard
Banque SOFINCO
Barnett
BayBanks Credit Corporation
Boatmen's Credit Card Bank
Busey Bank
Chittenden Bank
Compass Bank
First Bank of Beverly Hills

Bank of Hawaii

First Bankcard Center
First Hawaiian Bank
First National Bank of Omaha
First Union Corporation
First USA Paymentech

Humboldt Bank

Huntington Bank

Michigan National Bank

National Bank of the Redwoods
Norwest
PNC Bank
Silicon Valley Bank
SouthTrust Bank
Unified Merchant Services / Nationsbank
U.S. Bank
Vantage Services, Inc.
Wells Fargo Bank

Best Regards,

Michael Alexander
Doctoral Student at the University of Vienna

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i

mQCNAzIhxYwAAAEEALtfkL/X6GuZpEECWnmkmbqqtGwNalb94Om82VUiBE8iU1OX
2e5WXQGsq1oManSqVQn3TpVo7VE9pMJr5vITAmkEA6szGRt5zbK5u/dIqhLnJnRE
sVpiY61Xw6RvQKoXX7LSqOYSCqvIiY8GJ5gRpiKQNPZVuJRqbLipmU0fPqylAAUR
tDFNaWNoYWVsIEYuIEFsZXhhbmRlciA8YTkwNTA3NTZAdW5ldC51bml2aWUuYWMu
YXQ+iQCVAwUQMiHFjbipmU0fPqylAQGy4QP+LjB6lZXVYFZDpoVB7j8AGvkghSsr
XicZapXPmsFX6xpt+S29EF4DGoDJIDq6VLJMZ2rQ1gFfEvvWzL7ekZ3orhLSpJoO
WWRZF1MNZVWBNhzxBcdK2T6yrx4cBwQX7t299Ho0y1Go69VE9e3LN8YInIXoQYp5
bc4M0u16GqmV5eI=
=5l49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB at ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







From dlv at bwalk.dm.com  Wed Nov 27 18:20:18 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 18:20:18 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <199611271810.KAA02393@netcom17.netcom.com>
Message-ID: <giw3XD10w165w@bwalk.dm.com>


mpd at netcom.com (Mike Duvos) writes:

> William H. Geiger III writes:
>
>  > Dorthy Denning is a boot-licking fasicist!!!
>
>  > William Reinsch is a lying bastard. Fucking politions!!
>  > Fucking goverment!! They all deserve a long rope!!
>
> It is perhaps a point in Dr. Denning's favor that her most
> vitriolic detractors can spell neither "Dorothy" nor "fascist".

Yes. On the Internet it may not be immediately evident that the other side
of the debate is represented by clueless juveniles with whom you simply
wouldn't talk in a physical encounter. Trying to explain the need for key
escrow to a 15-year-old self-professed "Libertarian" (or indeed trying to
explain anything about cryptography to a group that collectively claims that
discussions of elliptic curves are "off-topic") is literally throwing pearls
before the swine.

> I must admit that I am at a loss to understand the heat which
> Dorothy Denning generates on the Cypherpunks list, which seems to
> be second only to the heat generated by posting recipes for roast
> feline in rec.pets.cats.

I've seen other people abused on this mailing list - usually, whoever
knows more about cryptography then the regular "lynch mob".

> All of the people I know who have met her find her to be a
> pleasant person, and the occasional Email messages we have
> exchanged have certainly been positive and friendly.  While she
> tends to view the Four Horsemen of the Infocolypse as a bit more
> threatening than the typical Cypherpunk, I don't think her views
> are so extreme as to justify the continuous screams of "crypto
> toady", "government suckup", and "wicked witch" which seem to pop
> up in response to her every utterance.

I had the pleasure of meeting Dr. Denning in person and I asked her
about her views on GAK. Her responses made a lot of sense to me. Most
businesses, if they thought about it, would prohibit their employers
from having information on company computers encrypted so the owner
of the computer can't read them. This is just good business sense.

> I would even go so far as to say that this list would be a lot
> more entertaining if she were contributing to it, and sci.crypt
> is certainly a less interesting place now than it was in bygone
> days when she was posting there.

This mailing list suffers from the presence of several mentally disturbed
juveniles who a) are clearly ignorant of cryptography (e.g. rant about
brute force attacks on OTP); b) are cognizant of their utter ignorance and
stupidity; c) are envious of anyone who does know what s/he's talking
about.

So, they feel compelled to harrass anyone who's smarter / more
knowledgeable than they are (sometimes using the anonymous remailers) in
an effort to drive all intelligent discussion off their "private mailing
list", so ignoramuses like Bradley can sound like "local experts".

The continuing verbal abuse of Dr. Denning is no different from the abuse
previously heaped on Fred Cohen or David Sternlight or yours truly.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From deviant at pooh-corner.com  Wed Nov 27 18:43:14 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Wed, 27 Nov 1996 18:43:14 -0800 (PST)
Subject: Sound card as a random number source ??
In-Reply-To: <199611272052.PAA17382@homeport.org>
Message-ID: <Pine.LNX.3.94.961128023730.7011B-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, Adam Shostack wrote:

> Have you tried it without a mike plugged in?
> Always think about failure modes.
> 
> Adam
> 
> 
> Pavel Korensky wrote:
> | Hello,
> | 
> | when I read about hardware random number generators in this mailing list, I got
> | one idea. Maybe it sounds crazy, but is it possible to use soundcard
> | (SoundBlaster for example) as a source for really random numbers ?
> | What if I connect the input line of the soundcard with some external source of
> | noise, like FM receiver or Dolby Surround decoder (with built-in white noise
> | generator) or tape recorder with blank (erased) tape. It is possible to sample
> | the sound (noise) and use the sampled values as a random numbers ? And how much
> | random is this source ? 
> | I tried to find some mentions about this method with altavista, but I didn't
> | found anything.
> | 
> | Bye PavelK
> | 

Also, try reading from the PC speaker (this is usually a device on the
sound card) without the speaker as input... the leads usually make enough
of an antena to get all of your hardwares RF emissions, which should be
a good source of random numbers.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

The best way to accelerate a Macintoy is at 9.8 meters per second per second.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMpz7YTCdEh3oIPAVAQGHgAf6A9uZgb5as6BKUaoEs+e4SPjdzZ0yzbEt
nX7wNShQMIPD7VgwFhFQoKabvvf2jJchd6vBZqlvvaiOUqxf90IrUH3r1Ih+HcYl
XkOzjXU9UlhwjzPlB+JJYH1o4m0lAfaB8R8Qx86cv+oZM8KfVaIOlgRu2q07dpIe
5CGBPZIB3ehg5wZwGwTwNRvT4RRzOwNa+JcoAViksN8yHuX70y9IgQAyFCXdQXeg
2H/lni/R8Q/Yi2OFGEzjn2km93rcb8xMvl+N98ilXOUnO8ahXmjf69DOWR43Yn8h
VWW4dSQLdtjpP7reO06Vkeqxy4+SyKkB4gdCDw6F+eiR5ttr6mbEZA==
=BytF
-----END PGP SIGNATURE-----






From dthorn at gte.net  Wed Nov 27 18:59:54 1996
From: dthorn at gte.net (Dale Thorn)
Date: Wed, 27 Nov 1996 18:59:54 -0800 (PST)
Subject: IQ and age
In-Reply-To: <01BBDC71.A2A247E0@crecy.ai.mit.edu>
Message-ID: <329CFFB7.E37@gte.net>


Phillip M. Hallam-Baker wrote:
> >Contrary to popular armchair psychology, there is no significant evidence
> >that IQ and age are inversely related.  In general, however, the older we
> >get, the less we use our brain, and it becomes like a muscle that we no
> >longer use.

> Contrary to popular belief there is no sound evidence for believing many
> of the claims made for IQ tests. IQ measures ones ability to do IQ
> tests and little else.
> They were originally invented as a means of measuring the response of
> mentally defective patients so that their progress under different
> treatment regimes could be compared.
> There is no evidence to support the many claims made that IQ measures
> "innate" intelligence. If you practice IQ tests your score will increase.
> When I was 10 I used to spend each Friday afternoon practicing IQ tests
> for the entry examination to the upper school. My "IQ" increased by
> 30 points over that time, an most of the people in the class managed
> to improve their score by at least 10.

> >The point: Yes, you can improve your brain, and you can take proactive
> >steps to increase your IQ.

> Absolutely, it may not be the best idea if you want to be able to fit
> in socially however. You will then have to leave in a world where
> everyone you meet has a lower IQ.

The biggest influence on IQ are the so-called "engrams" (fears, super-
stitions, anxieties, etc.) planted in your brain early in life.

Some of this can be overcome with mental exercise, and awareness of what
negative influences are holding you back.  Much easier said than done!

IQ as they attempt to measure it can probably be most easily explained
as pattern matching skills. Unfortunately for testing, and although you
can be every bit as intelligent at 70 as at 10, your pattern-matching
skills change and evolve over time, so any given tests will only apply
(more or less) at the age group they are optimized for.






From tfs at adsl-122.cais.com  Wed Nov 27 19:34:24 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Wed, 27 Nov 1996 19:34:24 -0800 (PST)
Subject: DSP's & crypto
Message-ID: <9611280334.AA01875@adsl-122.cais.com>



About a year or 2 ago I read some stuff in sci.crypt about
some people doing encryption stuff, I belive with DES, using
DSP chips, I am interested in finding the folks who were working
on it, or related code. If anyone out there has that sort of info
I would appreciate some pointers in their direction.

Thanks,

Tim Scanlon








From drose at AZStarNet.com  Wed Nov 27 19:34:49 1996
From: drose at AZStarNet.com (drose at AZStarNet.com)
Date: Wed, 27 Nov 1996 19:34:49 -0800 (PST)
Subject: Star Trek: First Contact
Message-ID: <199611280334.UAA14254@web.azstarnet.com>


On Wed, 27 Nov 1996, The Deviant <deviant at pooh-corner.com> wrote:
>
>On Wed, 27 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
>
>> Mark Allyn 206-860-9454 <allyn at allyn.com> writes:
>> 
>> > Are any of the characters in the new Star Trek gay?
>> 
>> The bold guy who plays Captain Picard is very gay in real life.
>> (He probably hated all those love episodes with women :-)
>> 
>
>Patrick Stewart is married, isn't he?

So was Rock Hudson.  Let's not forget that in the '50s, Liberace sued
(successfully! - and collected significant monetary damages!) "Confidential"
magazine for implying that he was homosexual.  Not that it makes any
difference at all.






From gbroiles at netbox.com  Wed Nov 27 19:39:20 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Wed, 27 Nov 1996 19:39:20 -0800 (PST)
Subject: Your login/password for SafePassage beta
Message-ID: <3.0.32.19961127195023.00714be4@mail.io.com>


At 02:27 PM 11/27/96 -0500, Mark O. Aldrich wrote:
>On Wed, 27 Nov 1996, SafePassage Downloader wrote:
>> You can now download SafePassage. You'll need the following login/password:
>> 
>> Login: cypherpunks at toad.com
>> Password: [elided]
>> 
>> Go to http://stronghold.ukweb.com/safepassage/ and select "Download" -- 
>> you'll be prompted for your login/password, after which you'll be able to
>> download the software.   Make sure you keep your login/password
>> private.   Revealing your login/password to anyone is a violation of the
>> license agreement.
>
>Is this to say that you wrote your license agreement with the foolish
>premise that an e-mail address belongs to just one person?  Maybe you need
>to really understand how the Internet works before you write a license
>agreement based on incorrect assumptions and your personal preferences for
>how things ought to be. 

The message that UKWeb sends with the SafePassage beta userid/password is
incorrect - not because it makes any of the assumptions you're ascribing to
UKWeb and license writers, but because the license itself fails to require
the person who agreed to it to keep the userid/pw combination confidential.

But you are entirely off the mark with your assumptions about the
assumptions made by the writer of the license. I am the person who wrote
the license. (Actually, I modified some pre-existing license text, merged
some in from another source, and generally did the sort of copying &
pasting that's considered perfectly acceptable in the legal field and is
considered copyright infringement if a programmer does it.) And I made no
such assumption. And I know enough about how the Internet works to laugh at
anyone says they "really understand how the Internet works." (Hint: before
and during law school, I worked as a consultant to ISP's who needed
technical assistance.) 

You would do well to heed your own advice and learn something about law
before making grand statements about "how [things] work". UKWeb does not
enter into an agreement with anyone (or everyone) who receives E-mail. It
enters into an agreement with the person who fills out the form to download
the software. People and organizations who haven't filled out the form
don't have an agreement with UKWeb to use the software; and absent that
agreement, their use isn't legal. 

I'm not interested in turning this molehill into a mountain. The beta test
of the software is unwittingly functioning as a beta test of the license
document; this morning's message revealed something I missed when I worked
on the license agreement. It will be corrected shortly. 

(This seems to be as good a time as any to announce that I'm now one of the
Cpunks who's working at C2Net.) 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles at netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 





From whgiii at amaranth.com  Wed Nov 27 19:47:16 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Wed, 27 Nov 1996 19:47:16 -0800 (PST)
Subject: Hurray! A good example of rational thinking ...
In-Reply-To: <199611280144.RAA19906@server1.chromatic.com>
Message-ID: <199611280501.XAA06603@mailhub.amaranth.com>


-----BEGIN PGP SIGNED MESSAGE-----

In <199611280144.RAA19906 at server1.chromatic.com>, on 11/27/96 at 09:44 PM,
   Ernest Hua <hua at chromatic.com> said:


>> > It is truly counter-productive to insist on conspiracy theories and
>> > anti-government rhetoric.  Sure, there have been conspiracies in the
>> > past.  Sure, there have been more than our fair share of atrocities.
>>
>> > However, the real issues are privacy, security, freedom of speech, and
>> > effective policy enforcement.  When we start calling names like "jack
>> > booted thugs" and the like, we are sinking to the same low levels that
>> > Freeh and (more appropriately) Gorelick use when they cry wolf and
>> > foretell futuristic electronic meltdowns.
>>
>> > More importantly, while the public is cynical and skeptical, it isn't
>> > exactly embracing the right-wing militia movements either.  It would
>> > be a great disservice to the cause if cypherpunks were, in the minds
>> > of the public, tightly associated with the likes of Timothy McVey.

>> Not at all. We need more people shouting from the mountain tops at
>> what are governments are doing.

>I do believe we need to get more visibility on the seriousness of the
>issues.  I don't think the average person understands why it was so
>hard to conspire against the people before the telecommunications age,
>and why it "could" (not necessarily "would") be now.

>There is a lot of knowledge to pass on before someone can truly
>appreciate the extent of the need for privacy and freedom protections.
>While it is bad that the extent of the body of knowledge turns off
>most people's willingness to learn, the sheer vastness of the task of
>setting up this infrastructure also makes it very difficult for the
>NSA or any other agency to become the secret puppet master.

>Not that they have not been trying.

>But to accuse them of necessarily harboring evil purposes is not only
>counter-productive, but most probably incorrect.  Most public sector
>servants are not the New World Order loonies that the militia's have
>been prepared to fight.  It would be safe to say that the NSA, the CIA
>and the FBI are filled with mostly red-blooded Americans with solid
>allegiance to the basic principles which you and I cherish.

Hate the sin but not the sinner? :)

It really is irrelavent weather the reduction in freedoms is cause by "evil conspiritors"
or "well intentioned patriots". The end result is the same. When you wake-up one day and
find that every thing you say & everything you do falls under the watchfull eye of "Big
Brother" will you really care how things got that way?

>The questions is, why have 3 branches of government?  Why have
>multiple conflicting agencies for any given task or goal?  Why not
>just choose a "good guy" once and for all and let him (or her) do the
>"right thing"?  It's not that we don't trust him when we first elect
>him.  It's a question of what he would do with that power?  And those
>that succeed him?

>That is why we don't "just trust them".

>It's too bad that we can't hold Reagan responsible for Iran-Contra
>just because he's presiding over the executive branch at the time.
>After all, we expect him to be responsible (whether he knew about it
>or not).  Why not drop all these stupid laws that PREVENT the citizens
>from suing the government for incompetence?

>> We are not as free as we were 10yrs ago. We are not as free as we
>> were 100yrs ago. Hell we are not as free as we were under King
>> George over 200yrs. ago!!

>I seriously doubt you "long" for the King George days.  If you do,
>well, we are just not in the same universe.

>> The issue of cryptology is only one area of attack on our
>> freedoms. Just one small piece in the Big Picture. Below are some of
>> the some of the trends we have to look forward to:
>>
>> National ID's:
>> Tracking of movement of all citizens:
>> Display of documentation for all Public transport:
>> Display of documentation for Employment:
>> Electronic Cash:
>> Automated Drift-Net Fishing of Phone conversations:
>> Federal Thought Crimes:

>Have you ever consider the possibility that maybe ... just maybe ...
>the government really IS as incompetent as it is reputed to be?

I'v worked with them I KNOW they are. :)

>Consider this ...

>If you were a know-nothing beaurocrat, how would you run a large
>institution?  Top-down?  Probably.  Gather as much info as you can?
>Of course.  Require that everyone trust your judgement (a la
>"executive priviledge")?  Naturally.  If there were guaranteed
>political opposition, no matter what you do, would you just push
>for more power/priviledge/money in everything you do?  Damn right!
>Especially if you don't know how many of these things you push for
>will be won ...

>Oh, and there is this minor problem with some of these methods
>clashing with the Constitution ...  Oh bother!

>I'm simply saying that it natural for the branch of the government
>primarily responsible for law enforcement and national security to
>care deeply about that side of any issue.  If I were president, I
>would play the same political games Clinton is playing.  A president
>is not just responsible for the specific free speech of programmers or
>specific privacy rights of individuals.  He is responsible for a much
>bigger picture.  It just so happens that, in our nation, we value
>"individual" liberty much more than anything else (including anybody
>else's "big picture").  Therefore, there are a lot of people against
>the more obvious methods of invasion of privacy.  But let's face it,
>the public just isn't very informed or consistent on the topic; it is
>just easily swept up in hysteria.

See this is where you & I part ways. It is a Presidents responciblity as it is the
responcibility of all civil servants wether elected or appointed or hired. They all take
an oath of office To protect & defend the Constitution against all enemies foriegn &
domestic ... Not the country, not the "big picture", not the current establishment but the
Constitution. The cornerstone that the Constitution is built on is that the People are in
charge. Not the FBI, not the NSA, not the CIA, not the Joint Cheifs but the People. It
also says that the power of the governmnet is limited, they can only do so much and no
more. All rights & powers not explicitly given to the goverment belong to the People. This
doesn't mean that well if we have a really good reason or if we lie real good about it we
can over step out authority. NO it means what it says only this and no more!! Big Picture
be damed!! I doubt that the People would take much comfort know that they had all been
sold into slavery but it was necisary for the Big Picture.

>> I was born a free man, in charge of my destiny, with inalienable
>> right endowed by my creator. I will not be made a slave of the state
>> but will fight and die a free man.

>You were born to your mother and father, who are members of a society
>which has long built up imperfect infrastructures for surviving and
>thriving on the land which it depends.  If you were alone in the vast
>American plains, you can claim you have infinite rights, and no one
>would disagree with you.  You, your mother, your father, make
>trade-offs everyday on your purest rights versus your practical
>rights.  Your purest rights are mostly given lip service, and then
>where it matters more, protected by gentlemen's agreements, sometimes
>backed by force.  But the right itself is not enforced by any real
>means.  It is the threat of punishment that keeps the right from being
>violated.

I never claimed infinite rights I claimed inalienable rights there is a difference.
Infinite rights implies rights without ends. Inalienable rights implies rights that can
not be taken away. They are my rights reguardless of the efforts of petty would be
dictators or government bureaucrats. They may conduct them selfs in a manor that violate
my rights but that does not mean that I no longer have those rights. 

>Cryptography is one of those interesting areas where, for once, man
>can prove, for all practical purposes, that there is a hard limit
>somewhere that he can draw.  More importantly, it is also genuine
>protection of a "right", specifically, a right to privacy, which
>society previously protected using the old methods (threat of
>punishment).

>Imagine a line in the sand ... if you cross it, someone shoots you in
>the leg.  You can still cross it, but you'll suffer the consequences.
>With cryptography, you cannot cross it, no matter what you do.  This
>brings into question whether or not it was useful (to you and to
>society) to shoot you MOST of the time, but not if you present a good
>reason to cross it first.

>THIS is the interesting part of all of this.  I don't like to see this
>issue drowned out by all the conspiracy talk (which no one on this
>list is in any position of proving or fixing unilaterally).

I never claimed any "conspiracy". No mention of the Tri-Lateral Commision or New World
Order. :)

I am just pointing out what is happening here and now. Our elected officals, appointed
officers, and government employes are disregarding the Constitution and violating out
rights. I could care less why. I want it stoped and stoped now. I will do what ever is
nessicary to inform others that this is happening and hopefully convince them that this
should stop. If some one steals your car do you really car if it was a lone "crack head"
that did it or an orginized criminal cospiracy (MOB) that did it? It is wrong, it is
illegal, and it must stop.

- --
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
*MR/2 ICE: I don't do Windows, but OS/2 does.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpz+CI9Co1n+aLhhAQFYpgQAmp1UmeUCLQENaiDq1F8gu/LnEsOKYhHK
nCsLcgKe4juFeti/I65a3XEymG2M2MxNqLkBiM5FHEKtAjcUeaBXYpiGaQP/PEaw
fD7ZkpSMBJhVdUXsxZG4+ZIBu6EFrx6MMGM1Bzk7tuAd7tK8tjdpDb2CKg7tFCmp
+OH+nRjGrvc=
=8uXk
-----END PGP SIGNATURE-----
 
*MR/2 ICE: I smashed a Window and saw... OS/2.






From ichudov at algebra.com  Wed Nov 27 20:16:01 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Wed, 27 Nov 1996 20:16:01 -0800 (PST)
Subject: Is /dev/random good enough to generate one-time pads?
Message-ID: <199611280345.VAA22700@algebra>


Subj sez it all.

Thank you.

	- Igor.





From dlv at bwalk.dm.com  Wed Nov 27 20:20:25 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 20:20:25 -0800 (PST)
Subject: TV/Radio: Crypto Policy on NPR
In-Reply-To: <199611272353.PAA04644@ohio.chromatic.com>
Message-ID: <3i63XD12w165w@bwalk.dm.com>


Ernest Hua <hua at chromatic.com> writes:

> McNeil & Lehear (sp?)  (ok, I know, one of them is gone, but I forgot
> which) News Hour had a segment on crypto policy.  Generally a balanced
> non-technical report, except that there is no mention of the free
> speech issue.

Do you think they should have mentioned that cypherpunks are against free
speech and that John Gilmore (spit) is a liar and a content-based censor?

Gilmore is irrelevant and not worth mentioning.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Wed Nov 27 20:22:11 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Wed, 27 Nov 1996 20:22:11 -0800 (PST)
Subject: Israel crypto restrictions
In-Reply-To: <199611280046.TAA18800@homeport.org>
Message-ID: <R053XD11w165w@bwalk.dm.com>


Adam Shostack <adam at homeport.org> writes:
> 	They're listed on NASDAQ (CKP).  This makes them an American
> company for purposes of export controls.  (This from an employee of
> Checkpoint who I asked that exact question.)

This is truly bizarre. First, if they were on the NASDAQ, they'd have a
4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDAQ.
IBM (IBM) and F (Ford) are on the New York stock exchange and/or
American stock exchange.

Sometimes the stock of a foreign company is traded in the U.S. in the form
of American Depository Receipts (ADRs) not sponsored by the company. How
could that impose any obligation on it?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From unicorn at schloss.li  Wed Nov 27 20:37:01 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Wed, 27 Nov 1996 20:37:01 -0800 (PST)
Subject: Hurray!  A good example of rational thinking ...
In-Reply-To: <c4y3XD3w165w@bwalk.dm.com>
Message-ID: <Pine.SUN.3.94.961127233516.7266G-100000@polaris>


On Wed, 27 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Date: Wed, 27 Nov 96 20:53:11 EST
> From: "Dr.Dimitri Vulis KOTM" <dlv at bwalk.dm.com>
> To: cypherpunks at toad.com
> Subject: Re: Hurray!  A good example of rational thinking ...
> 
> Ernest Hua <hua at chromatic.com> writes:
> >                                                             It would
> > be a great disservice to the cause if cypherpunks were, in the minds
> > of the public, tightly associated with the likes of Timothy McVey.
> 
> Or Timothy C. May (fart), a clueless moron totally ignorant of cryptography.

I suppose I'm an idiot for asking.

But could you please knock it off?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From whgiii at amaranth.com  Wed Nov 27 20:41:30 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Wed, 27 Nov 1996 20:41:30 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <giw3XD10w165w@bwalk.dm.com>
Message-ID: <199611280555.XAA07103@mailhub.amaranth.com>


In <giw3XD10w165w at bwalk.dm.com>, on 11/27/96 at 08:57 PM,
   dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) said:

>I had the pleasure of meeting Dr. Denning in person and I asked her
>about her views on GAK. Her responses made a lot of sense to me. Most
>businesses, if they thought about it, would prohibit their employers
>from having information on company computers encrypted so the owner
>of the computer can't read them. This is just good business sense.

<sigh> GAK - Government Access to Keys and corporate control of encryption procedures &
keys are two completely different issues. This is just more smoke and mirrors to cloud &
confuse the issue. There are many solutions currently available for a company to handle
the encryption of their data including the use of "master keys" to prevent data loss (an
option available even with PGP). Government mandated infrastructure of GAK is unnecessary
and unwarranted for such purposes.

--
-----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    WebExplorer & Java Enhanced!!!
Cooking With Warp 4.0

Author of PGPMR2 - PGP Front End for MR/2 Ice

Look for MR/2 Tips & Rexx Scripts
Get Work Place Shell for Windows!!
PGP & MR/2 the only way for secure e-mail.
                            
Finger whgiii at amaranth.com for PGP Key and other info
-----------------------------------------------------------
 
*MR/2 ICE: What I like about MS is its loyalty to customers!






From snow at smoke.suba.com  Wed Nov 27 20:47:34 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 27 Nov 1996 20:47:34 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961127145308.1948B-100000@deimos.ceddec.com>
Message-ID: <199611280504.XAA01800@smoke.suba.com>



tz at execpc.com:
> I am left to the terrible justice of my own choices.

     That is a .sig line, for my other account.

Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com






From snow at smoke.suba.com  Wed Nov 27 21:04:11 1996
From: snow at smoke.suba.com (snow)
Date: Wed, 27 Nov 1996 21:04:11 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <9610278491.AA849142344@smtplink.alis.ca>
Message-ID: <199611280521.XAA01849@smoke.suba.com>


> mpd at netcom.com (Mike Duvos) wrote:
>>It is perhaps a point in Dr. Denning's favor that her most
>>vitriolic detractors can spell neither "Dorothy" nor "fascist".
>>I must admit that I am at a loss to understand the heat which
>>Dorothy Denning generates on the Cypherpunks list
>It should not surprise you too much, as people have often vilified those th=
> ey
> disagree with.=20
> The more you accept the other person as a human being, the more difficult it
> becomes to dismiss their view without first confronting the issues. It's ea=
> sier
> to treat them as an idiot, and then their views becomes idiotic by associat=
> ion.

     I don't think anyone believes Denning is an Idiot. Maybe that her
position is Idiotic, that she give the wrong weight to certain ideas and
beliefs when taking a position, but not an idiot.

     I also don't think that you _have_ to vilify your opponent when engaging
in political conflict. I have had many many arguments in my life over 
issues such as Socialism, Government (lack of) Rights, Peoples Rights etc. In
some cases I called my opponents idiots and worse. Usually because they were.
In other cases I was clearly dealing with an intelligent individual who either
was getting the wrong information, or started with different premises(sp?) 
than me. 

     Denning clearly believes that the government is a better judge of me and
my fellow man than I am. She is wrong, and history proves that. Does that
make her an idiot? No. Foolish? Perhaps. 

     As to facist, I don't really know her well enough to tell, but anytime 
someone believes that the government has the right to tell private enterprise
what they can and can't produce, that person is getting very very near to 
being facist. If the foo shits... 


Petro, Christopher C.
petro at suba.com <prefered for any non-list stuff>
snow at smoke.suba.com






From ichudov at algebra.com  Wed Nov 27 21:07:33 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Wed, 27 Nov 1996 21:07:33 -0800 (PST)
Subject: IQ and age
In-Reply-To: <329CFFB7.E37@gte.net>
Message-ID: <199611280447.WAA23636@algebra>


Dale Thorn wrote:
> The biggest influence on IQ are the so-called "engrams" (fears, super-
> stitions, anxieties, etc.) planted in your brain early in life.
> 
> Some of this can be overcome with mental exercise, and awareness of what
> negative influences are holding you back.  Much easier said than done!
> 
> IQ as they attempt to measure it can probably be most easily explained
> as pattern matching skills. Unfortunately for testing, and although you
> can be every bit as intelligent at 70 as at 10, your pattern-matching
> skills change and evolve over time, so any given tests will only apply
> (more or less) at the age group they are optimized for.
> 

Would you dismiss strong correlations between IQ and success in life 
and academia as something irrelevant?

	- Igor.





From deviant at pooh-corner.com  Wed Nov 27 21:40:29 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Wed, 27 Nov 1996 21:40:29 -0800 (PST)
Subject: Hurray!  A good example of rational thinking ...
In-Reply-To: <199611280202.UAA04506@mailhub.amaranth.com>
Message-ID: <Pine.LNX.3.94.961128053456.530A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, William H. Geiger III wrote:

> We are not as free as we were 10yrs ago. We are not as free as we were 100yrs ago. Hell we
> are not as free as we were under King George over 200yrs. ago!!

If you honestly believe that we are less free than when trained and payed
soldiers of the British army lived in the homes of unpaid, untrained
American colonists in order to keep the colonists from working against the
government, then you *REALLY* need to review your outlook on your life,
and of history.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Without followers, evil cannot spread.
                -- Spock, "And The Children Shall Lead", stardate 5029.5


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp0lXzCdEh3oIPAVAQHd7Af+Lop1A4R0Y144THRVdp8op3chIDk/Gcoi
LdZrRr9z6kio4Vsl56kX5CUaqC2uFWrr4cfxdPabZr4EiibQVa0V/51fuz6ZyNcu
Hw6yQWehDZ7af19/sEyCb38iqhzhEopZN/pfxv74QpbIQyJ5/In6EiXV/bZnwAKw
7AumNg/6A9Bx6EChYOnfIhQ2iQqVKoh1rM16hgoUelryi7x7Si4dVz664bCY3RjV
3sy3cWSAlnciVLuWrTR2k5RGRs3vwDhrByFiY6qcbw/1NQCQR+HaRi6IGnnF4dO7
DF59egW850pbZRi6sok33j7lmC447KEVlSdwVzw6Uf/KCheZV42sGQ==
=yF03
-----END PGP SIGNATURE-----






From kozubik at shoelace.FirstLink.com  Wed Nov 27 22:34:05 1996
From: kozubik at shoelace.FirstLink.com (John Kozubik)
Date: Wed, 27 Nov 1996 22:34:05 -0800 (PST)
Subject: IQ and age
In-Reply-To: <329CFFB7.E37@gte.net>
Message-ID: <Pine.SOL.3.91.961127233002.7223A-100000@shoelace.FirstLink.com>


> 
> > Contrary to popular belief there is no sound evidence for believing many
> > of the claims made for IQ tests. IQ measures ones ability to do IQ
> > tests and little else.

agreed. well put.

> > They were originally invented as a means of measuring the response of
> > mentally defective patients so that their progress under different
> > treatment regimes could be compared.

I will, however, have to point out, that the IG test was not originally 
developed to measure the response of mentally defective patients to anything.

The first IQ test was developed to gauge the academic progress of school 
children.  That is why the scores are calculated according to age.

Yes, they were at a later date used for what you mentioned, and many 
other things at that.

I agree with everything else you said.







From varange at crl.com  Wed Nov 27 22:54:25 1996
From: varange at crl.com (Troy Varange)
Date: Wed, 27 Nov 1996 22:54:25 -0800 (PST)
Subject: The Difference Between The Right And Left
Message-ID: <Love@22594>


	The French Revolution perhaps provided the best
	definition as the origional coiners of the terms.

	The Left is for radical change and the Right is for
	evolutionary change.

	That would put mainstream politics decidedly on the right
	wing side of the political spectrum.

	The left wing is a rather motly collection including many
	anarchists, communists and nazis, yet many of the same
	types are decidedly right wing.

	A historical anecdote would be the Bucharin-Rykov wing of
	the Bolshevik party in the late twenties. They were right 
	wing while Stalin was left wing.  Yet, Bucharin would be
	considered quite radical for today's bean counting
	politics.

	This is, of course, confusing to y'all because your all a
	bunch of stupid college kids.

-- 
Cheers!





From snow at smoke.suba.com  Thu Nov 28 00:35:27 1996
From: snow at smoke.suba.com (snow)
Date: Thu, 28 Nov 1996 00:35:27 -0800 (PST)
Subject: Bountyserver Round2
Message-ID: <199611280853.CAA02271@smoke.suba.com>



Thank you all for you comments and input. I am in the process of rewriting
the propsal to make things clearer, and to revise some of the procedures. 

The original draft will, and the revision will be up at 
<http://www.bounty.com/proposal.draft.html> by the time most of you get this.

I am making a single reply, rather than one at a time to save time and 
bandwidth. I wrote these replies before I started working on the revisions
to the proposal, so things might have changed a bit.  

Matt:
> >      This mechanism should be as simple as possible, and as easy to use as 
> I assume you will make it all web based?  Make sure you are using a 

     Yes. It is going to be web based, with (hopefully) email and Usenet 
access.

> secure server.  Pay close attention to security of the underlying OS. 

     I am planning on using Apache-SSL or Stronghold, if I can afford it, with
Linux as the underlying OS. I plan on disabling telnet access as soon as the
server starts accepting credit card numbers. Anyone who then need shell access
will have to use SSH. 

> >      Originally I proposed this to apply to software, but I don't see why 
> >      it should stop at software. Initally the server will be restricted 
> >      to software, but I hope that this will work out, and be expanded 
> There is no reason that it should only apply to software, so I am 
> glad you are thinking this way.  Realize that your costs will go up 

     Software is my main objective, and software is easier.  

> if you applythis to non-software related industry.  You may need to 
> hire experts in other industries, etc.  Of course, it may all pay off 
> anyway for you.

     Yeah. There is that. The other technologies I was thinking of were more
in the realm of algorythms and protocals rather than hardware. Hardware is 
possible, but difficult, and may (would) be better suited to Ian's proposal.

>> The proposal:
>>     What I am going to attempt to do is to set up a "Bounty Server" where 
>>     send their initial "bid" to the organization.  
> Presumably web forms that generate a standard piece of output so that 
> developers dont have to sift through "original" specs.  I have 
> questions about bids, but ill get to that later.

    Prozactly. 

>>    This is the "bounty". Other people can add to this bounty, allowing the 
>>    and the server operators. Other technology will be figured out as it 
>>    becomes necessary.
> You will need to make several things clear here.  When people "add" 

    <snip>

> not.  It is not impossible to solve this problem, it just takes a bit 
> of good wording in the Contract.

     I understand that. If you are willing, I will ask for your opnion on the 
wording.
 
>>   The initial bounty contract gets posted to the WWW server, (possibly) to 
>>    a "developers list" of interested people, and (possibly) to an 
>>    appropriate UseNet Newsgroup.
 
>This may not be a popular point but you asked for legal tips 
>(/disclaimer BTW, this is not to be relied upon as legal advice.  I am
>  giving it only to make you aware of some issues that you may want to look 
> into.disclaimer/).  You need to be aware of possible discrimination 
> claims.  There is a theory called disparate impact which you may have 
> a problem with.  You should find a way to distribute these 
> announcements as widely as possible.  This is a tricky area and one 
> you should be aware of.  The final decision, of course, is yours.

     I don't really understand this. I plan on spreading the word as far as 
possible, but if I only post information in one or two places, isn't that 
my choice? If I am tryind to hire someone am I required to place adds 
everywhere I can, or can I choose my medium? 

>>  Once the bounty is posted, other people can "bid up" or add to the bounty,
>>  and their contribution will be added to the total bounty as well as their 
>>  accepted by credit card, check, money order, and possibly ecash 
>>  (e-cash will be taken at some point, but it really isn't important
>>  at this point since almost no one uses it.)
> 
> It would be good to accept ecash and maybe contact MarkTwain to see 
> if you can set up discount accounts for your developers.  The people 
> involved in this project would be familiar enough to give the system 
> a boost.  Why do you think the amount people give is not relevant?

     I wasn't refering to the amount, but rather ecash being not-relevant 
AT THIS POINT <runs and hides behind asbestos sheild> Not many people 
have ecash accounts, so it isn't a priority. It would be nice tho'.

     As to the amount: It really doesn't matter, but I am thinking of making
a minium of $5, just because anything less really isn't worth the book keeping,
but I really haven't made up my mind. 


>>   The first developer to upload a _working_ package to the server will 
>>   be cut (or ecash mailed if that works out).   
> Why do you think you need to keep an archived copy?  If you deal with 
> Copyrighted material you MUST get a license up front.  That shouldnt 
> be a problem for you since the developers are benefiting, but I am 
> just curious as to your thought process here.

     Archival copies are for legal reasons. Copyrighted material other than
that uploaded by the authors is not going to be allowed, and part of the 
agreement is that they allow the Server to keep a copy for historical/legal 
reasons. 

>>   The Server Adminstrator will also do an cursory check to make sure that
>>   there are no obvious copyright violations. 
> This needs to be much more than cursory.  If you put a copylefted 
> piece on an open ftp site and it winds up to be copyrighted guess who 
> could get named in the suit.  Not only should you vigorously research 

     I will have the name of the submitter, and I will make a "good 
faith" effort to detect copyrights. I think that is enough. I don't 
(in fact I doubt any one person does) have enough knowlege to know
every peice of software out there. I am more worried about people 
decompiling commercial products. 

>>   In the event that there is a conflict between the initiator and the 
>>   developer, the claim will go into adjudication. The server adminstrators
>>   decesion is final, and he will make every effort to settle the claim
>>   fairly. Adjudication will incur an additional fee (see the fees section).  
> appearance of impropriety is important but more important to you is 
> the need to have someone other than yourself to blame.  You dont want 
> to be held responsible for an "anti-developer" decision if you dont 
> have to.

    I am hoping that reputations will handle this.      
 
> > Writing the bounty: 
>>   The bounty specifications should include the following: 
>>      else will contribute), owned by the programmer (well someone might
>>      be that magnanomous), or "copylefted".
> 
> This will be up to the writer.  It might not be a good idea for the 
> initiator to have input here as it will be a wedge causing more 
> adjudication than it is worth.

    I disagree. The iniator (hence forth known as Alice) is establishing 
the rules, it is up to that person to set forth the conditions. If the 
writer doesn't like it, they don't write it, and Alice looses her money.
If enough people add to the pot, someone will bite, and Alice gets what
Alice wants.  
 
>>   6) Where the initiators money is to go if the bounty is not claimed: 
>>      choice. 
> Why not give it back to the initiator (minus a fee for the 
> opportunity).  While I am sure you have good charities in mind, 
> people on the net dont like being forced to do anything.  Keeping the 
> charity donation as an option is a good idea.

     To keep Alice from reniging once the money is given, it is gone. It 
means that you have the choice of software or nothing.  

> > Adding to the bounty:
> > Fees:
>>   The Organization will get 2% of any bounty where the software or 
>>   Technology that is copylefted. 20% of any other scheme.
> 20% seems steep.  You might want to at least start out with a 
> discount on this percentage.  I like the discount for copylefting.  

     20% is an 18% penalty for not Copylefting the software. It means that
I am going thru a lot of work, and not getting what I want, so I am 
going to get something. I want this server to produce Free Software.

>>   Adjudication will incur an additional fee of 2 to 5% depending on the 
>>   difficulty in judging the claim. 
> This needs to be a certain percentage not a range.  If need be assign 
> it via hourly charges.  It is not easy to get people to stay out of 
> also encourage you to include the amount in all of the bids.  You can 
> spread exposure and lower the rate.

     You are probably right. I really want to charge each equally. 

> > Where I need help at this point: 
>>   Legal issues. Any lawyers want to talk to me about this? 
> Let me know if you have any questions.  None of this is legal 
> advice...blah,blah,blah.

     Fine.   

> Looks like a good start.  Keep me informed.

    Thanks. 

==========================================================================

Omegaman:
>>    The objective is to actually bring this system online. 
> "cypherpunks write code."  good.

     Soemthing like that. 

> > Background:
>>    graphics editing software, easy to use Graphic Design Software (TeX
>>    is NOT easy to use) and easy to use Cryptographic software. 
> many would pay good money for Linux native versions of programs like 
> Wordperfect, Corelpaint & draw, Pagemaker , etc.

     I think "pay for" might be a little strong a word. "Assist" is more 
accurate.  

>>   4) Desired "quality" level: Proof of Concept, Alpha, Beta, Release etc. 
> Needs flesh.  What defines "alpha" or "beta" for purposes of bounty 
> or is that up to the person initiating the bounty?

     If I can find good working defininations (sp?) I will use them. Otherwise
I will insist that Alice document what it wants. 

>>   6) Where the initiators money is to go if the bounty is not claimed: 
>>      honest, as well as the server. Each contributor will also get this 
>>      choice. 
> Do you have the charities in mind?  They should be listed in the 
> abstract, I think.

     March of Dimes, NORML, NRA, ACLU, GNU Foundation, FSF, SPLC.  

     As the time gets closer this will get more exact. 

> Who will be publicize the initial bounty offer -- the server or 
> bounty initiator?  Information about a specific software project will 
> need to be disseminated beyond bounty.org.  

     Automated positing to relevant newsgroups, and maybe a mail list 
for those interested. 

> More details on conflict resolution are needed in a final draft.  The 
> process and priorites the server administator will use to make his 
> specific hypotheticals detailed.

     Ok. 

=======================================================================

Peter Allan:
> Snow,

I know, Spell Check. 

>> Abstract:
> "new technologies" doesn't seem to be what you mean later on.
> I suspect you will get _higher_ overheads with this.   For instance
> suppose 2 people start work on something, and one wins the bounty,
> the other goes unrewarded.   To compensate each coder for this risk

     That is life. First to market means a lot. Look at Lotus.

     I am contemplating adding in a place for developers to meet and 
collaborate, sharing the bounty. 

>>      community of users to decide which projects should have priority, 
>>      and which shouldn't. 
> Hmmm.    What about people ahead of the game - like PRZ.

     He get a VC or two and goes commercial.

>>     award to be paid to the developer. They then post it on the server and 
>>     send their initial "bid" to the organization.  
>    
> Where is the scope for iterative discussion of the spec ?
> This is _the_ killer stage for most work.

     This is Alices responcibility. 

>>     This is the "bounty". Other people can add to this bounty, allowing the 
>>     totals to add until someone claims that bounty by providing proof of 
> What about proof to the satisfaction of other contributors ?
> How do I know Bill and Ben aren't cheating by starting and claiming
> a bounty to which I contribute ?  (Bill and Ben are fictitious in this
> example. <g> )

     Good point. Solututions? 

>>        I will provide a short (8 or 10) list of charities that the money 
>>        honest, as well as the server. Each contributor will also get this 
>>        choice. 
> How does this keep anyone honest ? 

     Keeps them from reniging (sp?) on the bid. 

===========================================================================

Ian:
> Hi, Snow,
>>    I have started drafting a proposal statement for the Bounty server. 
> Wow, you've gotta move fast in this game :))

     If I don't keep the inertia up, I will never get it done. 

> [chop where agreed or not disagreed]
> > Background:
>>    It is the "Copylefted" software that interests me at this point.
> OK, although for my model, I am assuming that all forms are covered.

     As I pointed out in private email, I think our model serves different 
objectives. 

> > The proposal:
>>   What I am going to attempt to do is to set up a "Bounty Server" where 
>>   someone can iniate a "bounty" on a peice of technology. The initator

> Separate this out, for clarity of model.  The initiator (I used
> Proposer, and called her Alice coz Alice always initiates) proposes

     I will do that.  

> BTW, bid to do what?  Using market terminology, I have assumed thay
> bid is to buy, that is provide cash.  Offer is to sell, that is provide
> software.  Ah, yes, bid is add to bounty.

      Think if it as a bet. Kinda like Mr. Bells AP proposal, Alice is 
betting that the software _won't_ get written. Once the bet is high enough,
it _will_ get written. 

>>   This is the "bounty". Other people can add to this bounty, allowing the 
>>   development to the initiator of the bounty. In software terms they would 
>>   and the server operators. Other technology will be figured out as it 
>>   becomes necessary.
> This is where I have put most of my efforts, because I need to design the
> microstructure that is built into our market.

     I am going to try to keep it simple, and let the thing evolve as 
necessary. As Alex (a former reader of this list) put it, the first anonymous
remailer was a perl hack done in an afternoon, and improvements came from that.

     Things will improve as needed, I am just trying to think things out
as thoroughly as possible first. 

>>   Originally I was going to put the stipulation in that the software written
>>   rather simply desired. To aid in that desire, I am going to build in 
>>   an initative to releaseing the software "copylefted".
> Absolutely - let the market decide.  Some of us, for example, do not like
> copyleft.

     What do you have against "copylefted" software? Is it the specific 
GNU copyleft, or the concept? 

> > To get more specific: 
>   [chop]
>>   The first developer to upload a _working_ package to the server will 
>>   be awarded the total bounty, ...
> This worries me.  If I, as a junior programmer, am looking to enter the
> market, I will have the daunting task of beating everyone else.  Real life
> doesn't work that way - there are ways in which I can pick up some newbie
> tasks for low money, so as to build up experience and/or reputation.

     1) As a junior programmer, you take on simpler bounties first.
     
     2) Team up with a more advanced programmer, pool efforts and split 
        the bounty. 

     
> I guess the notion of bounty is just that - first one takes all.
> However, I think that the solution might be a bit limited in the
> long run.

     It isn't intended to solve all problems, just some. 

> Interesting in that my proposal leads to task distribution by awarding
> contracts, your proposal leads to task incentives by rewarding speed.

    Yours seems suited for longer and more involved tasks. Mine to shorter.

>>   "First" will be soley determined by the time stamp of the server. As soon
>>   as the package is uploaded, the initiator and the server adminstrator 
>>   will be notifed, and the bounty marked "claimed". If the package is 
>>   be cut (or ecash mailed if that works out).   
> OK, my proposals specifically assume no need for a "decision" by Alice.
> That's not to say either is right, it's just that I prefer to design
> something that eliminates the individual decision rather than cope
> with the complexities.  I believe it will result, in the end, in a
> more efficient market.

    It might be more efficient to have a "paid" staff to evaluate the 
product to make sure it meets the specs. I don't have the funds to 
set up that infrastructure. 

>>   The Server Adminstrator will also do an cursory check to make sure that
>>   fairly. Adjudication will incur an additional fee (see the fees section). 
> Same as above, no adjudication in my system.
> Although, it is possible to add underwriters,
> by simply making the task offerers (Bob and Carol)
> into bond writers who front for programmers.

     I am hoping that it doesn't come up too much. Honesty and reputation
should help. 

> > Status:
>>   At this point in time I am (obviously) still in the process of developing 
>>   the procedures. I have registered a Domain Name (bounty.org) and I have 
>>   a couple promises off assistance in certain areas. As well, I have 
>>   a server to start off with.  
> Wow, *gotta* move fast.  As I say, our stuff is based on a lot of
> pre-existing software, so we make a lot of assumptions.  Given our

    You are starting with the software, and then figuring out the rest. 
I am doing it the other way. 

> different approaches we may end up with competing systems rather
> than one, but that's fine, indeed highly valuable as an experimental
> approach.

     I don't think that the two proposals will necessarily compete. 

> What's financing you in this?  Or should I say, monetarily enthusing?

     Financing?

========================================================================


Blake:

> I missed the original discussion of this idea, but it sounds delightful to me.
> A couple of thoughts on your most recent post:
> What counts as a  copyleft should be explicitly defined, i.e. just the GPL,
> or how about Perl's artistic license... or Aladdin's GhostScript agreement?

     Ok. I will put up examples of each, and let Alice choose. 

> Public domain software should incur no larger percentage fee than copylefted
> works.

     True. 

> How is the expiration for a bounty determined?

     I am thinking either 2 years after initial, or 12 months after last 
contribution, With a 1 year one time extension if someone claims to be "working
on it". 
 
> Adjudication fees should be split in some fashion between parties.  (Otherwise
> the initiator has nothing to lose from disputing.  (Unless of course you'd
> like to
> handle that on a reputation basis.))

     I am hoping that reputation and the threat of adjudication will prevent 
it from happening. 

     That is one area that does need work tho'. 
==========================================================================

Jim Cook:

>    be awarded the total bounty, minus "brokerage" fees (discussed later)
>    "First" will be soley determined by the time stamp of the server.

<SNIP>
I don't like this way of picking a winner ... because I think it would
encourage fast and dirty work ... instead of quality ... better I think
would be a process analogous to peer review for grants and publications ...
with the added feature that the submission of a product is announced ... so
that competitors who are almost done can get their entry in also ... and the
initiators can evaluate several products simultaneously
<SNIP>

My reply:

     In a way it _does_ encourage quick and dirty work, like the first 
cpunks remailer, hacked together in an afternoon, then came the rest. 
     It is a way to get _more_ software out there, hopefully some of it 
will be good, some bad. It really can't be much worse than the dreck comming 
out of some of the commercial houses.  
 
     I am thinking of a way of implementing checks tho'.

=====================================================================

Thanks for the comments. Keep them coming. The original draft will 
be up at <http://www.bounty.com/proposal.draft.html> later tonight.








From furballs at netcom.com  Thu Nov 28 01:07:31 1996
From: furballs at netcom.com (furballs)
Date: Thu, 28 Nov 1996 01:07:31 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961127145412.550E-100000@kinch.ark.com>
Message-ID: <Pine.3.89.9611280114.A12327-0100000@netcom>




On Wed, 27 Nov 1996, Dave Kinchlea wrote:

> On Wed, 27 Nov 1996, snow wrote:
> You are clearly an angry young man. I am sorry you have such a poor
> opinion of people, I am even more sorry if it is justified. You can
> believe me or not, but what you describe is *not* the ordinary case in
> this country. Of course, in this country we have a disgusting 10+%
> unemployment rate. Even if people DO want to work, there are no jobs.
> 
> All that aside, I can tell you do not have a family if you thing that
> $6.50/hr is a living! Even accounting for the difference in our dollar,
> I would say that is barely subsistence income for a single person. Are
> we *all* not worthy of more than that?
> 
> cheers, kinch
> 

The above is a catchall I have heard too many times in trying to justify 
a minimum wage. What most people fail to remember is that it is not 
whether or not a person is worthy of the wage, but more to the point what 
someone is willing to pay for their time to exercise a skill set they 
have developed.

Those who understand this simple principle and are willing to work to be 
successful, by whatever defintion of success they apply, will ultimately 
achieve their goal. 

...Paul






From pavelk at dator3.anet.cz  Thu Nov 28 03:25:30 1996
From: pavelk at dator3.anet.cz (Pavel Korensky)
Date: Thu, 28 Nov 1996 03:25:30 -0800 (PST)
Subject: Sound card as a random number source ??
In-Reply-To: <199611272052.PAA17382@homeport.org>
Message-ID: <199611281123.MAA00250@zenith.dator3.anet.cz>


Adam Shostack <adam at homeport.org> wrote:
> Have you tried it without a mike plugged in?
> Always think about failure modes.
> 
> Adam
> 

But there always can be some kind of test, like presampling and testing if the
input is not dead. 
And of course some kind of hash algorithm must be applied to the sampled stream
(MD5 ?).

Bye PavelK


--
****************************************************************************
*                    Pavel Korensky (pavelk at dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************





From mycroft at actrix.gen.nz  Thu Nov 28 03:28:58 1996
From: mycroft at actrix.gen.nz (Paul Foley)
Date: Thu, 28 Nov 1996 03:28:58 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <giw3XD10w165w@bwalk.dm.com>
Message-ID: <199611281111.AAA26386@mycroft.actrix.gen.nz>


On Wed, 27 Nov 96 19:57:27 EST, Dr.Dimitri Vulis KOTM wrote:

   Yes. On the Internet it may not be immediately evident that the other side
   of the debate is represented by clueless juveniles with whom you simply
   wouldn't talk in a physical encounter. Trying to explain the need for key

Or people who act like clueless juveniles on the net, while seeming to
be nice, rational adults in real life.  I hear you fit that
description fairly well (I, of course, can only speak for the online side).

   > I must admit that I am at a loss to understand the heat which
   > Dorothy Denning generates on the Cypherpunks list, which seems to
   > be second only to the heat generated by posting recipes for roast
   > feline in rec.pets.cats.

   I've seen other people abused on this mailing list - usually, whoever
   knows more about cryptography then the regular "lynch mob".

"Knows more" == "rants endlessly about how the letters "Q.E.D." and
some nonsense about hot air balloons render a cryptosystem
unbreakable."

   I had the pleasure of meeting Dr. Denning in person and I asked her
   about her views on GAK. Her responses made a lot of sense to me. Most
   businesses, if they thought about it, would prohibit their employers
   from having information on company computers encrypted so the owner
   of the computer can't read them. This is just good business sense.

Of course it is.  And they can do this, today, without any
legislation!  I believe the commercial version of PGP (Business
Edition?) has support for this.

This is, of course, totally unrelated to GAK (unless you consider
people to be the property of their government, I suppose).

   This mailing list suffers from the presence of several mentally disturbed
   juveniles who a) are clearly ignorant of cryptography (e.g. rant about
   brute force attacks on OTP); b) are cognizant of their utter ignorance and
   stupidity; c) are envious of anyone who does know what s/he's talking
   about.

d) rant endlessly about Tim May.
e) put "(fart)" or "(spit)" after every other word.
f) rant about John Gilmore's alleged sexual preferences.  (I seem to
   recall something about Tsutomu Shimomura "stealing" his girlfriend??)
g) continually bring up Paul Bradley's "brute forcing a OTP" post,
   which was quite clearly a simple misunderstanding.

[and h) probably rant about me for a while now.  Prove me wrong.]

   So, they feel compelled to harrass anyone who's smarter / more
   knowledgeable than they are (sometimes using the anonymous remailers) in

Ah!  That explains the "Timmy (fart) May" posts!  *Now* I get it!

   The continuing verbal abuse of Dr. Denning is no different from the abuse
   previously heaped on Fred Cohen or David Sternlight or yours truly.

The only "continuing verbal abuse" I've seen on this list is you and
those "Freedom Knight" twits abusing Tim May and John Gilmore.

-- 
Paul Foley <mycroft at actrix.gen.nz>       ---         PGPmail preferred

	   PGP key ID 0x1CA3386D available from keyservers
    fingerprint = 4A 76 83 D8 99 BC ED 33  C5 02 81 C9 BF 7A 91 E8
----------------------------------------------------------------------
Whom computers would destroy, they must first drive mad.





From aga at dhp.com  Thu Nov 28 03:46:04 1996
From: aga at dhp.com (aga)
Date: Thu, 28 Nov 1996 03:46:04 -0800 (PST)
Subject: Dorthy Denning is a boot-licking fasicist!!!
In-Reply-To: <199611271552.HAA29224@mailmasher.com>
Message-ID: <Pine.LNX.3.95.961128063650.24234B-100000@dhp.com>


On Wed, 27 Nov 1996, Huge Cajones Remailer wrote:

> "William H. Geiger III" <whgiii at amaranth.com> writes:
> 
> >I don't know if anyone watched the House Subcomitty on Computers &
> >Technology today on C-Span.
> 
> No, we watched 'Dorothy does Georgetown" on C-Spam.
> 
> >Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing
> >computer security.
> >
> >Dorthy Denning gave the most pro-government speech I have ever heard. Is
> >this clueless bitch on the government payroll?!!
> 
> Yes.
> 
> >William Reinsch is a lying bastard. Fucking politions!! Fucking
> >goverment!! They all deserve a long rope!!
> 
> Start with Socks the queer cat.
> 
> >Phil Zimmerman was quite good at attacking the government policies.
> >
> ><sigh> We are truly a country of fools to have put these jackbooted
> >facisit bastards back into office.
> 

Don't worry about it.  Doctress Neutopia can suck Bill's dick,
and all will be fine. {;-)-~

> "Dorothy Denning" is a man in drag. "She" has a bigger dick that
> "her" boyfriend John Gilmore, the cocksucker faggot from EFF.
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Is that cocksucker AC/DC or what?
Is it true that him and John Perry Barlow do 69 on video?                                   
> 
> >-----------------------------------------------------------
> >"William H. Geiger III" <whgiii at amaranth.com>
> >-----------------------------------------------------------
> 
> Just say GAK to chicks with dicks!
> 
> diGriz
> 

Please define "GAK" and leave the headers intact.

-a






From sunray at globalnet.co.uk  Thu Nov 28 04:08:57 1996
From: sunray at globalnet.co.uk (Steve Crompton)
Date: Thu, 28 Nov 1996 04:08:57 -0800 (PST)
Subject: PGP263UI
Message-ID: <1.5.4.16.19961128120853.1a1fe4ba@mail.globalnet.co.uk>


-----BEGIN PGP SIGNED MESSAGE-----

Adam Back posted re PGP 2.63ui

>I was under the impression that with the Legal_Kludge option for
>pgp263i, that it already was compatible with old versions of pgp using
>the version byte of 2.

We kept the control structure of the original ui version by "Matthew".
But the compatibility of 2.63ui has been expanded to allow it
to Export public keys generated with Version=3 (Legal_Kludge=on)
to old versions (2.3a) of PGP.

>What else does pgp263ui offer? The GNU license? What about pgp3?
>Some people aren't going to be very happy if you do a GNU version of
>that, as GNU doesn't preclude selling commercially provided that
>source is provided.

See the original announcement for the numerous fixes & enhancements
not currently available in 2.6.2 or 2.6.3ia including

Added CONFIG.TXT parameters/functions LabelEncrypt and PrePendSigV
Expanded disk write error checking
Ability to edit other people's keys's UserID's.

We have no current plans re PGP 3.0. Probably a GNU version of it
is not legally possible. But if source is released independent
enhancements would be, depending on the license.

It also remains to be seen if or how fast PGP 3.0, if it ever
comes, will supplant previous versions of PGP in public
acceptance.


>PS Steve and friends: I've got some stealth code close to usable in
>the form of a patch to pgp263 if you want it :-)

Yes. Please send me a copy and we'll take a look at it. But the
external stealth utility currently available is quite adequate in
my view.

Steve Crompton <sunray at globalnet.co.uk>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

iQEVAwUBMp11UxRHWQsRmI2RAQE/EggAwtnT312Wmi7dWn4sYK/GxVJDqbKpuGuh
yVekVPRsrBRQlhcQqm1ICzucGMOd+uDNTNqoxx82tBzjAphN2adANayin3I7FpW1
mkvdCj77pzkEwqc60OcPjqRg5q9xKsPCczAmaHBVmuyKjCDJemEzLMUQsrllohha
c3v4WcRgB+epnDpF0hpdDYH7aiIo/FmN59ItcMEvrytkt5Hv7GjZq974UC/1ALik
sFsML7QWp6bpVNzDeE8H7FmrT7kKVBddQwQcwFP2dPHOaFdqMRPjVcIxxjiOs5/o
I3sCaH8L5VAF/WivcRCvYOBV+kklbTQsJIdt/eTrCGtTpoWtjVhyyw==
=VPSl
-----END PGP SIGNATURE-----






From sunray at globalnet.co.uk  Thu Nov 28 04:10:37 1996
From: sunray at globalnet.co.uk (Steve Crompton)
Date: Thu, 28 Nov 1996 04:10:37 -0800 (PST)
Subject: PGP263UI
Message-ID: <1.5.4.16.19961128120855.1a1f3dd8@mail.globalnet.co.uk>


-----BEGIN PGP SIGNED MESSAGE-----

Mark M. (markm at voicenet.com) wrote on
  Sat, 23 Nov 1996 22:24:41 -0500 (EST)

>...

>> Note that I personally have not done very much of the actual coding on
>> this version. However if bugs are reported or constructive
>> suggestions for improvements made I will pass them on to the
>> individual(s) who have done the bulk of the work to make this release
>> possible. I am assured that continuing support will be provided.

>I found two bugs so far:
>
>This version doesn't recognize either .pgprc or pgp.ini as valid
>config file names.  It is very minor, but this functionality is
>stated in the manual.

I couldn't find any mention of either filename in -our- docs.
Please point out the reference if I missed it. I think this was
an MIT "feature". I don't plan to copy it.

>One of my favorite options, +makerandom, isn't supported in this
>version.  This is an undocumented option, but it is useful in
>many situations.

Not as useful as you might think. A bug has been reported in the
MIT version that +makerandom produces -weak- pseudo-random
output, as (I am told) can be verified by just generating a large
"random" file and viewing it with a hex viewer, looking for
regular patterns. I don't know if this was ever fixed in Stale's
version. This bug does not produce a weakness in the normal
functions of MIT or Stale's PGP.

MIT heavily rewrote the random number functions for their
versions of PGP and the +makerandom feature depends on this
rewrite. I did not want to try to import "mass quantities" of
code from MIT both to respect their copyright and to maintain to
some degree the independence of the MIT-derived and 2.3a-derived
versions to that a bug in one might not be reproduced in the
other.

For Random numbers up to 24 bytes (192 bits), just use a -copy-
of RANDSEED.BIN.

For a longer random file, just encrypt (either RSA or
conventional IDEA) a file a little longer than the file desired.
Throw away a few hundred bytes from the start and end. The result
will be just as strongly random as +makerandom even without the
current bug.

>This version uses +version_byte instead of +Legal_Kludge, but I
>consider that a feature.  I haven't had time to experiment with
>the "Charset:"  header.  One other minor problem is that
>ClearSig doesn't default to "on".  This could cause some
>frustration with new users.

I haven't tried to imlpement the "Charset" header and probably
won't. If this feature is important to you, use Stale's version.
I will look into this for the next version, but no promises.

Clearsig is working correctly as we document it. Another MIT
change. It would be more work to change the documentation than
the code, but I will consider this for the next release.

>Other then that, it's just fine.

Thanks for your constructive criticism and comments.


Steve Crompton 100645.1716 at compuserve.com (preferred)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

iQEVAwUBMp14FhRHWQsRmI2RAQHndggAgNdcOqya2NPX+8KOkoj1qoYnGBRprREK
t0l3sK2HHqUQwTwKSkW5ugD898kG26HjCVlMsqfgQVcw+3nAhZgU/t7MCU9/orD8
yUc9vtXr/C4lLJHTtDGVpjPfRAJpV0m0myDwoqXZo4gTrkoQG43mKaE4eLv9qcl4
zGv4fMv/lh7hUwfUsZ6c7ULGPfKeYtknO1Hh3gKYX6HJPz5Qki2toIdH8qxpw51v
CC/Q/MLxLQUGYH/jdHqvUSSD0G1QIu/D/LlL9VaUtPJemqPOuBGmk+ywvE7AAfNG
uEnO/AumU3j1yPnFXqv5pUKGxP1gKbMyKR8lrEwWcrDapaiC6mW4oQ==
=qk2B
-----END PGP SIGNATURE-----






From lurker at mail.tcbi.com  Thu Nov 28 04:38:22 1996
From: lurker at mail.tcbi.com (Lurker)
Date: Thu, 28 Nov 1996 04:38:22 -0800 (PST)
Subject: IQ and age
Message-ID: <3.0.32.19961128064857.006aec20@mail.tcbi.com>


At 10:47 PM 11/27/96 -0600, Igor Chudov @ home wrote:
>Dale Thorn wrote:
>> The biggest influence on IQ are the so-called "engrams" (fears, super-
>> stitions, anxieties, etc.) planted in your brain early in life.
>> 
>> Some of this can be overcome with mental exercise, and awareness of what
>> negative influences are holding you back.  Much easier said than done!
>> 
>> IQ as they attempt to measure it can probably be most easily explained
>> as pattern matching skills. Unfortunately for testing, and although you
>> can be every bit as intelligent at 70 as at 10, your pattern-matching
>> skills change and evolve over time, so any given tests will only apply
>> (more or less) at the age group they are optimized for.
>> 
>
>Would you dismiss strong correlations between IQ and success in life 
>and academia as something irrelevant?
>

I would.  If you look at who has the oppertunities to go college you will
note that those who are good at taking tests (SAT, ACT, or IQ) are those
who get to go.  You will also note that money also breeds success, or can
someone give me an argument for the fact that there are more rich kids
going to Harvard, Yale, Stanford, and the like than poor kids. (These
schools almost gaurentee success.)

If you want to find a correlation look for it in money not tests.  And if
you are insistant on finding it in tests, ask why the scores are as they
are (was the test written to the advantage of one group over another or can
one group buy the "A" with special courses which teach the skills needed to
score high.)







From bgrosman at healey.com.au  Thu Nov 28 04:39:22 1996
From: bgrosman at healey.com.au (Benjamin Grosman)
Date: Thu, 28 Nov 1996 04:39:22 -0800 (PST)
Subject: The Difference Between The Right And Left
Message-ID: <2.2.32.19961129093614.0074bd4c@healey.com.au>


Dear Sir,
[snip generalised rambling]

>	The left wing is a rather motly collection including many
>	anarchists, communists and nazis, yet many of the same
>	types are decidedly right wing.
>
>	A historical anecdote would be the Bucharin-Rykov wing of
>	the Bolshevik party in the late twenties. They were right 
>	wing while Stalin was left wing.  Yet, Bucharin would be
>	considered quite radical for today's bean counting
>	politics.

Even easier, take the Nazi Party. There name points towards the left wing of
the political spectrum, and yet their policies were left wing only for the
higher echelon, which makes them right wing, as their policies weren't for
the good of the people overall. Their decided tyranny of many spectrums of
the population was also deliberately right wing. And yet the regime was not
tyrannical according to the mould developed by Stalin. It was popular: it
was voted in, and it was supported by the majority of the people throughout
it's rule.

I think you have some decent points. But they are off topic in this list,
and also highly generalised. Such a dissentation is worthy of a thesis, not
a mere hundred or so words.

Yours Sincerely,

Benjamin Grosman


>	This is, of course, confusing to y'all because your all a
>	bunch of stupid college kids.
>
>-- 
>Cheers!
>
>




-------------------------------------------------------------
bgrosman at healey.com.au -- http://www.healey.com.au/~bgrosman/
		PGP Encrypted Mail Preferred

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzKNX9oAAAEEAOIx4HkRU4vckgguzERhVCxgy5psmngHUoW10Xl8kBkjnuc/
ACysH1K98UXlGfet9zjn/XN4RMnGq64EHXvJu56H7OHhwhoerTpVIW5MUYt+QExk
KKnRNrdq8WVGoaMywSM4qKbaJr8aNMBWkldUKR4NElvAjIEEO9z0msNPp33RAAUR
tClCZW5qYW1pbiBHcm9zbWFuIDxiZ3Jvc21hbkBoZWFsZXkuY29tLmF1PokAlQMF
EDKNX9vc9JrDT6d90QEBxVYEAL5nw1NiyaPpG8R2x7lNcqOcavj/cCmDYT8swT02
Z0AO0C7PGpgp9V38Yyki0FB3yaiJhIQ3Kw6xCtuI8f1F4Vfql/nZebzQERl8kTa4
sI/4xSKRT/Riw/wSGupagU1F1wYIPlXOCdUilIfLzVf4IOsxKjJMdm7aKladSxkV
N7Yg
=Yapx
-----END PGP PUBLIC KEY BLOCK-----








From cmcurtin at research.megasoft.com  Thu Nov 28 06:06:12 1996
From: cmcurtin at research.megasoft.com (C Matthew Curtin)
Date: Thu, 28 Nov 1996 06:06:12 -0800 (PST)
Subject: COMPUTER THEFT, LOW-TECH STYLE
In-Reply-To: <v0300781baeb8fbd27f65@[206.119.69.46]>
Message-ID: <199611281359.IAA03684@goffette.research.megasoft.com>


>>>>> "Robert" == Robert Hettinga <rah at shipwright.com> writes:

Robert> COMPUTER THEFT, LOW-TECH STYLE

Robert> A thief broke into a Visa International data processing center
Robert> in California a couple of weeks ago and stole a personal
Robert> computer containing information on about 314,000 credit card
Robert> accounts, including Visa, MasterCard, American Express,
Robert> Discover and Diners Club, says a Visa spokesman.

Not a big surprise. As we build increasingly secure systems, we shift
the weakest point of the entire system into the realm of physical
access. Honestly, I'm surprised that we don't see this  sort of thing
more often. (Or maybe they're just going undetected.) After all, it is
the weakest point at which a system will be attacked.

Robert> Authorities speculate that the perpetrator was stolen for the
Robert> resale value of the hardware, rather than the information it
Robert> contained.

Uh-huh. Wouldn't want to cause any kind of a panic among the masses,
would we? Noooo, not when the perception of our super-secure credit
card networks and other financial information infrastructure is at
stake. (And Watergate was a simple bungled burglary, right?)

-- 
Matt Curtin  cmcurtin at research.megasoft.com  Megasoft, Inc   Chief Scientist
http://www.research.megasoft.com/people/cmcurtin/   I speak only for myself.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet





From jk at stallion.ee  Thu Nov 28 06:12:03 1996
From: jk at stallion.ee (Jyri Kaljundi)
Date: Thu, 28 Nov 1996 06:12:03 -0800 (PST)
Subject: Israel crypto restrictions
In-Reply-To: <R053XD11w165w@bwalk.dm.com>
Message-ID: <Pine.GSO.3.95.961128160804.11147C-100000@nebula>


On Wed, 27 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Adam Shostack <adam at homeport.org> writes:
> > 	They're listed on NASDAQ (CKP).  This makes them an American
> > company for purposes of export controls.  (This from an employee of
> > Checkpoint who I asked that exact question.)
> 
> This is truly bizarre. First, if they were on the NASDAQ, they'd have a
> 4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDAQ.
> IBM (IBM) and F (Ford) are on the New York stock exchange and/or
> American stock exchange.

The actual ticker symbol for Check Point Software Technologies Ltd. is
CHKPF.

Juri Kaljundi
jk at stallion.ee






From adam at homeport.org  Thu Nov 28 06:13:15 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 28 Nov 1996 06:13:15 -0800 (PST)
Subject: Israel crypto restrictions
In-Reply-To: <R053XD11w165w@bwalk.dm.com>
Message-ID: <199611281409.JAA21283@homeport.org>


Dr.Dimitri Vulis KOTM wrote:
| Adam Shostack <adam at homeport.org> writes:
| > 	They're listed on NASDAQ (CKP).  This makes them an American
| > company for purposes of export controls.  (This from an employee of
| > Checkpoint who I asked that exact question.)
| 
| This is truly bizarre. First, if they were on the NASDAQ, they'd have a
| 4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDAQ.
| IBM (IBM) and F (Ford) are on the New York stock exchange and/or
| American stock exchange.

	Oops.  Misread my stock service.  I usually pay little
attention to what exchange something is traded on.  CKP is on the
NYSE.

| Sometimes the stock of a foreign company is traded in the U.S. in the form
| of American Depository Receipts (ADRs) not sponsored by the company. How
| could that impose any obligation on it?

	"He asks, as if the ITARs were logical."

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From jbugden at smtplink.alis.ca  Thu Nov 28 06:35:25 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Thu, 28 Nov 1996 06:35:25 -0800 (PST)
Subject: IQ and age
Message-ID: <9610288492.AA849202497@smtplink.alis.ca>



ichudov at algebra.com (Igor Chudov) wrote:
>Would you dismiss strong correlations between IQ and success in life 
>and academia as something irrelevant?

Remember: Correlation is not causation. In this as in many other correlations,
unreported third factors can strongly affect the outcome. 

In England, Cyril Burt devised an IQ test given to English school children at
age 11 in order to decide whether they should proceed through the trade school
system or university system. Unsurprisingly, those with higher IQs at age 11
(whatever the reason) typically received better educations and greater monetary
success in life.

In France, you may find that rich parents correlate well to "success in life and
academia" substantially because they achieve more frequent placement in
polytechnical institutions which correspond to the best universities in the U.S.
and Canada. Poorer students, independently of IQ, usually go to less capable
institutions.

In the U.S., the Graduate Management Admissions Test (GMAT) administered by ETS
is often required for people applying for post-graduate studies. The obstensible
reason is that it gives an indication of the probable ability of the applicant
to succeed in the course. By ETS's own figures, the correlation is only 30% with
successful completion of one year of studies and lower for full completion.
There are higher correlations for other factors (incoming institution, age), yet
the GMAT number is still mandatory. The draw of a single number is compelling.

Did I mention that ETS is also a monopoly.

Ciao,
James

If you can't measure it, it doesn't exist.

"What hit him?" "I don't know, I didn't see."






From olbon at ix.netcom.com  Thu Nov 28 06:41:02 1996
From: olbon at ix.netcom.com (Clay Olbon II)
Date: Thu, 28 Nov 1996 06:41:02 -0800 (PST)
Subject: IQ and age
Message-ID: <1.5.4.32.19961128143859.00703224@popd.ix.netcom.com>


Have we had an influx of fuzzy-thinking liberals lately?  Not that this is a
bad thing, it is hard to argue with people who agree with you on everything :-)

At 06:49 AM 11/28/96 -0600, Lurker wrote:
>>I would.  If you look at who has the oppertunities to go college you will
>note that those who are good at taking tests (SAT, ACT, or IQ) are those
>who get to go.  You will also note that money also breeds success, or can
>someone give me an argument for the fact that there are more rich kids
>going to Harvard, Yale, Stanford, and the like than poor kids. (These
>schools almost gaurentee success.)

The ability to spell helps to gaurentee success as well.  Seriously, you
ignore the correlation between performance in college and standardized test
scores.  There is a reason these are used in admissions - they are actually
pretty good predictors of the ability to perform college level work.

>If you want to find a correlation look for it in money not tests.  And if
>you are insistant on finding it in tests, ask why the scores are as they
>are (was the test written to the advantage of one group over another or can
>one group buy the "A" with special courses which teach the skills needed to
>score high.)

Oh, I forgot.  Only certain racial/ethnic groups are capable of
understanding basic mathematical concepts.  Of course, caucasians are one of
these groups (since they consistently are outperformed by immigrants from
other countries).  

I know it makes you feel good to believe that all that is wrong is caused by
conspiracies led by the EVIL RICH in this country.  I happen to feel better
believing in the potential for any individual in this country to succeed
through hard work.

        Clay
*******************************************************
Clay Olbon			    olbon at ix.netcom.com
engineer, programmer, statistitian, etc.
**********************************************tanstaafl






From bryce at digicash.com  Thu Nov 28 06:54:39 1996
From: bryce at digicash.com (Bryce)
Date: Thu, 28 Nov 1996 06:54:39 -0800 (PST)
Subject: The House Rules At The Permanent Virtual Cypherpunks Party
Message-ID: <199611281454.PAA12144@digicash.com>



-----BEGIN PGP SIGNED MESSAGE-----

Here is a document I just hacked.  I am breaking several of the
Rules by posting it, since I am not actually subscribed to
cypherpunks right now.


Enjoy.


Bryce


- -------


0.  Hello

Welcome to the cypherpunks mailing list!  Starting now, you
will receive hundreds of email letters every week on the
subject of privacy and social change in an age of cryptographic
networks.


PLEASE, for everyone's sake, SAVE THIS MESSAGE!


If you ever want to remove yourself from this mailing list, 
you can send mail to <majordomo at toad.com> (NOT
<cypherpunks at toad.com>) with the following command (correctly 
spelled) in the body of your e-mail message:

    unsubscribe cypherpunks Their Name <them at theiraddress.xxx>

Here's the general information for the list you've subscribed 
to, in case you don't already have it:



I.  Etiquette -- The House Rules At The Virtual Cypherpunks Party

The Meta-Rule:  It's John Gilmore's virtual house.  He is the 
sole owner of the computer (toad.com) that hosts cypherpunks 
and the sole authority over what the users of that computer 
(you) can do with it.


Rule 1:  Do not _ever_ send email to the list 
<cypherpunks at toad.com> asking how to accomplish some 
administrative task like unsubscribing yourself.  If you do,
you will be roundly flamed, and nobody will answer your
question.  Instead, send email to <majordomo at toad.com>, or read
the "Administrivia" section below.

Rule 2:  Don't forward articles from other forums to
cypherpunks.  We can find it ourselves the same place you did
if we want to read it.  If you have something useful to say 
about the article, then consider writing a review of the 
article or a response to it and posting _your_ article along 
with a pointer to the original article.

Rule 3:  Don't cross-post articles to cypherpunks as well as to
other lists.  

Rule 4:  Read before you post.  If you are new, don't post at
_all_ until you have read a few weeks of discussion.

Rule 5:  When replying to a message, ask yourself if more than
a thousand other subscribers really need to see your response,
or if is more appropriate to reply privately.

Rule 6:  Don't ask questions which are already answered in the
resources described below.  How can you know whether your
question is already answered in those resources?  Simple:  read
them.

Rule 7:  Don't publically reply to someone just to flame
him/her because it makes you feel better.  We are not here to
make you feel better; we are here to read quality discussion
about certain issues.  Some people actually _specialize_ in 
tempting their adversaries into publically flaming them.  
Don't be a stooge by falling for it.


Advice:

The cypherpunks list is not designed for beginners, although
they are welcome.  If you are totally new to crypto, please 
get and read the crypto FAQs referenced below.  These 
documents are a good introduction.  Crypto is a subtle field 
and a good understanding will not come without some study.  
Please, as a courtesy to all, do some reading to make sure 
that your question is not already frequently asked.

We've noticed that people who post a lot usually have less to 
say.  Refrain from contributing too much.

Re-read your article before your send it.  Then re-read it
again.  I'm serious-- go back over it _twice_.  Really.  It 
helps.

Assume any message from you to the list, no matter how 
insignificant or casual, is archived somewhere for eternity 
for future employers and acquaintances to read (it probably 
is).  You may even wish to unsubscribe right now and then 
re-subscribe under a "nym," rather than using your true name, 
if your views are especially controversial or your job 
prospects are sensitive.



II.  Administrivia -- How To Unsubscribe And Stuff


If you don't know how to do something, like unsubscribe, send mail to

        majordomo at toad.com

and the software robot which answers that address will send you back 
instructions on how to do what you want.  If you don't know the majordomo 
syntax, an empty message to this address will get you a help file, as will a 
command 'help' in the body.  Even with all this automated help, you may 
still encounter problems.  If you get really stuck, please feel free to 
contact me directly at the address I use for mailing list management:

        cypherpunks-owner at toad.com

Please use this address for all mailing list management issues.  Hint: if 
you try to unsubscribe yourself from a different account than you signed up 
for, it likely won't work.  Log back into your old account and try again.  
If you no longer have access to that account, mail me at the list management 
address above.  Also, please realize that there will be some cypherpunks 
messages "in transit" to you at the time you unsubscribe.  If you get a 
response that says you are unsubscribed, but the messages keep coming, wait 
a day and they should stop.

For other questions, my list management address is not the best place, since 
I don't read it every day.  To reach me otherwise, send mail to

        eric at remailer.net (Is Eric still doing this?)

This address is appropriate for emergencies (and wanting to get off the list 
is never an emergency), such as the list continuously spewing articles.  
Please don't send me mail to my regular mailbox asking to be removed; I'll 
just send you back a form letter.

Do not mail to the whole list asking to be removed.  It's rude.  The
majordomo address is made exactly for this purpose.

To post to the whole list, send mail to

        cypherpunks at toad.com

If your mail bounces repeatedly, you will be removed from the list. Nothing 
personal, but I have to look at all the bounce messages.

[There is no digest version available.] (We should put in info here about 
subscribing to Alan's digest at gateway.com and the 2(?) filtered versions 
of the list here. Does someone have all that?)

There is an announcements list which is moderated and has low volume. 
Announcements for physical cypherpunks meetings, new software and important 
developments will be posted there.  Mail to

        cypherpunks-announce-request at toad.com

if you want to be added or removed to the announce list.  All announcements 
also go out to the full cypherpunks list, so there is no need to subscribe 
to both.



III.  About Other Forums

There are other forums to use on the subject of cryptography.  The Usenet 
group sci.crypt deals with technical cryptography; cypherpunks deals with 
technical details but slants the discussion toward their social 
implications.  The Usenet group talk.politics.crypto, as it says, is for 
political theorizing, and cypherpunks gets its share of that, but 
cypherpunks is all pro-crypto; the debates on this list are about how to 
best get crypto out there.  The Usenet group alt.security.pgp is a 
pgp-specific group, and questions about pgp as such are likely better asked 
there than here.  Ditto for alt.security.ripem. If you are beginning to use 
PGP and have questions, you can also subscribe to the PGPusers list by 
sending mail to pgp-users-request at rivertown.net with a subject of subscribe, 
or as an alternative way to subscribe use their Web Mailing List Gateway at 
http://pgp.rivertown.net/#Subscribe



IV.  About Net.Loons On cypherpunks

The cypherpunks list has attracted a fair number of net.loons 
in its day.  If you see an inflammatory article that seems too
crazy to be serious, then it probably is.

The hallmark of these loons is rudeness, and the preferred 
policy in just to ignore their postings (tempting as it is to 
respond).  Replies have never, ever, not even once resulted in
anything constructive and usually create huge flamewars on the
list.  Please, please, don't feed the animals.



V. Resources.

A. The sci.crypt FAQ

anonymous ftp to rtfm.mit.edu:pub/usenet-by-group/sci.crypt

The cryptography FAQ is good online intro to crypto.  Very much worth 
reading.  Last I looked, it was in ten parts.

B. cypherpunks ftp site

anonymous ftp to ftp.csua.berkeley.edu:pub/cypherpunks

This site contains code, information, rants, and other miscellany. There is 
a glossary there that all new members should download and read.  Also 
recommended for all users are Hal Finney's instructions on how to use the 
anonymous remailer system; the remailer sources are there for the 
perl-literate.

C. Bruce Schneier's _Applied Cryptography_, published by Wiley

This is required reading for any serious technical cypherpunk.  An excellent 
overview of the field, it describes many of the basic algorithms and 
protocols with their mathematical descriptions.  Some of the stuff at the 
edges of the scope of the book is a little incomplete, so short descriptions 
in here should lead to library research for the latest papers, or to the 
list for the current thinking.  All in all, a solid and valuable book.  It's 
even got the cypherpunks-request address.

D. For a more technical, lower volume, and much less policy-politics 
oriented list, you might try to subscribe to the coderpunks list, which 
branched off of cypherpunks some time ago, due to frustration with loons. It 
also runs at toad, and you can be considered for subscription by sending 
mail to Majordomo at toad.com with these words in the body of the message: 

subscribe coderpunks Their Name <them at theiraddress.xxx>

E. The Snake Oil FAQ, by Matt Curtin & others, located at:

   http://www.research.megasoft.com/people/cmcurtin/snake-oil-faq.html

Has some useful warning signs to keep in mind. "Snake Oil," here, means 
"weak cryptography," which brings us to...

F. An incomplete cypherpunks translation list:

PGP -- Pretty Good Privacy software.
PRZ -- Philip R. Zimmermann, PGP's author.
GAK -- Government Access to Keys (for crypto, but it might as well be for 
your front door).
KRAP -- Key Recovery Access Program (a brand new flavor of GAK).
TLAs -- Three Letter Agencies (the alphabet soup of the US government -- 
FBI, DEA, IRS, CIA, DIA, NRO, ATF, NSA -- all your favorites).
NSA -- the US National Security Agency in Fort Meade, Maryland, responsible 
for encryption codes and computer security for the entire US government.
LEAs -- Law Enforcement Agencies (see above, at least when they're not busy 
breaking the law themselves...).
ITAR -- International Traffic in Arms Regulations. A silly US government 
regulation outlawing the "export" of strong cryptography software which is 
all over the planet anyway.

[Please suggest other resources and acronyms.]



IV. Famous last words

My preferred e-mail address for list maintenance topics only is
hughes at toad.com.  All other mail, including emergency mail, should go
to hughes at ah.com, where I read mail much more regularly.

Enjoy and deploy.

Eric

[From here on I changed/added nothing (it's gospel, after all:). -- JMR]
- ----------------------------------------------------------------------------

Cypherpunks assume privacy is a good thing and wish there were more
of it.  Cypherpunks acknowledge that those who want privacy must
create it for themselves and not expect governments, corporations, or
other large, faceless organizations to grant them privacy out of
beneficence.  Cypherpunks know that people have been creating their
own privacy for centuries with whispers, envelopes, closed doors, and
couriers.  Cypherpunks do not seek to prevent other people from
speaking about their experiences or their opinions.

The most important means to the defense of privacy is encryption. To
encrypt is to indicate the desire for privacy.  But to encrypt with
weak cryptography is to indicate not too much desire for privacy.
Cypherpunks hope that all people desiring privacy will learn how best
to defend it.

Cypherpunks are therefore devoted to cryptography.  Cypherpunks wish
to learn about it, to teach it, to implement it, and to make more of
it.  Cypherpunks know that cryptographic protocols make social
structures.  Cypherpunks know how to attack a system and how to
defend it.  Cypherpunks know just how hard it is to make good
cryptosystems.

Cypherpunks love to practice.  They love to play with public key
cryptography.  They love to play with anonymous and pseudonymous mail
forwarding and delivery.  They love to play with DC-nets.  They love
to play with secure communications of all kinds.

Cypherpunks write code.  They know that someone has to write code to
defend privacy, and since it's their privacy, they're going to write
it.  Cypherpunks publish their code so that their fellow cypherpunks
may practice and play with it.  Cypherpunks realize that security is
not built in a day and are patient with incremental progress.

Cypherpunks don't care if you don't like the software they write. 
Cypherpunks know that software can't be destroyed.  Cypherpunks know
that a widely dispersed system can't be shut down.

Cypherpunks will make the networks safe for privacy.

[Last updated 11/28/95]



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2

iQB1AwUBMp2nikjbHy8sKZitAQGoiQMAgAfvKA0751PAW6ivMQ0+KQfa19cuueFY
VqPWxJSMXBE+8v37+sx6nn7FN/qFYkoccaBkOJdOZb7zu2kX+ptV/T153F6cFFFT
6RULRhMKQOiWB7JV+fdr2QV136hR8U/1
=AKDO
-----END PGP SIGNATURE-----





From deviant at pooh-corner.com  Thu Nov 28 07:34:20 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Thu, 28 Nov 1996 07:34:20 -0800 (PST)
Subject: Is /dev/random good enough to generate one-time pads?
In-Reply-To: <199611280345.VAA22700@algebra>
Message-ID: <Pine.LNX.3.94.961128152339.1435A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 27 Nov 1996, Igor Chudov @ home wrote:

> Subj sez it all.
> 
> Thank you.
> 
> 	- Igor.

Yes, as a matter of fact it is.  /dev/random is based on an entropy pool
taken from hardware interrupts and such, thus is a RNG, not a PRNG (thats
right IPG, Linux uses hardware to get random numbers... imagine that!).
/dev/urandom is, however, a PRNG...

Below is the doc that comes with the linux source, if you want more
info... (this was taken from my /usr/src/linux/drivers/char/random.c, the
code _would be_ at the end, but i think 1200 lines of C might be a bit
excessive to answer your question)

- ----BEGIN random.c EXCERPT-----
/*
 * random.c -- A strong random number generator
 *
 * Version 1.00, last modified 26-May-96
 * 
 * Copyright Theodore Ts'o, 1994, 1995, 1996.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, and the entire permission notice in its entirety,
 *    including the disclaimer of warranties.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote
 *    products derived from this software without specific prior
 *    written permission.
 * 
 * ALTERNATIVELY, this product may be distributed under the terms of
 * the GNU Public License, in which case the provisions of the GPL are
 * required INSTEAD OF the above restrictions.  (This clause is
 * necessary due to a potential bad interaction between the GPL and
 * the restrictions contained in a BSD-style copyright.)
 * 
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * (now, with legal B.S. out of the way.....) 
 * 
 * This routine gathers environmental noise from device drivers, etc.,
 * and returns good random numbers, suitable for cryptographic use.
 * Besides the obvious cryptographic uses, these numbers are also good
 * for seeding TCP sequence numbers, and other places where it is
 * desirable to have numbers which are not only random, but hard to
 * predict by an attacker.
 *
 * Theory of operation
 * ===================
 * 
 * Computers are very predictable devices.  Hence it is extremely hard
 * to produce truly random numbers on a computer --- as opposed to
 * pseudo-random numbers, which can easily generated by using a
 * algorithm.  Unfortunately, it is very easy for attackers to guess
 * the sequence of pseudo-random number generators, and for some
 * applications this is not acceptable.  So instead, we must try to
 * gather "environmental noise" from the computer's environment, which
 * must be hard for outside attackers to observe, and use that to
 * generate random numbers.  In a Unix environment, this is best done
 * from inside the kernel.
 * 
 * Sources of randomness from the environment include inter-keyboard
 * timings, inter-interrupt timings from some interrupts, and other
 * events which are both (a) non-deterministic and (b) hard for an
 * outside observer to measure.  Randomness from these sources are
 * added to an "entropy pool", which is mixed using a CRC-like function.
 * This is not cryptographically strong, but it is adequate assuming
 * the randomness is not chosen maliciously, and it is fast enough that
 * the overhead of doing it on every interrupt is very reasonable.
 * As random bytes are mixed into the entropy pool, the routines keep
 * an *estimate* of how many bits of randomness have been stored into
 * the random number generator's internal state.
 * 
 * When random bytes are desired, they are obtained by taking the MD5
 * hash of the contents of the "entropy pool".  The MD5 hash avoids
 * exposing the internal state of the entropy pool.  It is believed to
 * be computationally infeasible to derive any useful information
 * about the input of MD5 from its output.  Even if it is possible to
 * analyze MD5 in some clever way, as long as the amount of data
 * returned from the generator is less than the inherent entropy in
 * the pool, the output data is totally unpredictable.  For this
 * reason, the routine decreases its internal estimate of how many
 * bits of "true randomness" are contained in the entropy pool as it
 * outputs random numbers.
 * 
 * If this estimate goes to zero, the routine can still generate
 * random numbers; however, an attacker may (at least in theory) be
 * able to infer the future output of the generator from prior
 * outputs.  This requires successful cryptanalysis of MD5, which is
 * not believed to be feasible, but there is a remote possibility.
 * Nonetheless, these numbers should be useful for the vast majority
 * of purposes.
 * 
 * Exported interfaces ---- output
 * ===============================
 * 
 * There are three exported interfaces; the first is one designed to
 * be used from within the kernel:
 *
 * 	void get_random_bytes(void *buf, int nbytes);
 *
 * This interface will return the requested number of random bytes,
 * and place it in the requested buffer.
 * 
 * The two other interfaces are two character devices /dev/random and
 * /dev/urandom.  /dev/random is suitable for use when very high
 * quality randomness is desired (for example, for key generation or
 * one-time pads), as it will only return a maximum of the number of
 * bits of randomness (as estimated by the random number generator)
 * contained in the entropy pool.
 * 
 * The /dev/urandom device does not have this limit, and will return
 * as many bytes as are requested.  As more and more random bytes are
 * requested without giving time for the entropy pool to recharge,
 * this will result in random numbers that are merely cryptographically
 * strong.  For many applications, however, this is acceptable.
 *
 * Exported interfaces ---- input
 * ==============================
 * 
 * The current exported interfaces for gathering environmental noise
 * from the devices are:
 * 
 * 	void add_keyboard_randomness(unsigned char scancode);
 * 	void add_mouse_randomness(__u32 mouse_data);
 * 	void add_interrupt_randomness(int irq);
 * 	void add_blkdev_randomness(int irq);
 * 
 * add_keyboard_randomness() uses the inter-keypress timing, as well as the
 * scancode as random inputs into the "entropy pool".
 * 
 * add_mouse_randomness() uses the mouse interrupt timing, as well as
 * the reported position of the mouse from the hardware.
 *
 * add_interrupt_randomness() uses the inter-interrupt timing as random
 * inputs to the entropy pool.  Note that not all interrupts are good
 * sources of randomness!  For example, the timer interrupts is not a
 * good choice, because the periodicity of the interrupts is to
 * regular, and hence predictable to an attacker.  Disk interrupts are
 * a better measure, since the timing of the disk interrupts are more
 * unpredictable.
 * 
 * add_blkdev_randomness() times the finishing time of block requests.
 * 
 * All of these routines try to estimate how many bits of randomness a
 * particular randomness source.  They do this by keeping track of the
 * first and second order deltas of the event timings.
 *
 * Ensuring unpredictability at system startup
 * ============================================
 * 
 * When any operating system starts up, it will go through a sequence
 * of actions that are fairly predictable by an adversary, especially
 * if the start-up does not involve interaction with a human operator.
 * This reduces the actual number of bits of unpredictability in the
 * entropy pool below the value in entropy_count.  In order to
 * counteract this effect, it helps to carry information in the
 * entropy pool across shut-downs and start-ups.  To do this, put the
 * following lines an appropriate script which is run during the boot
 * sequence: 
 *
 *	echo "Initializing random number generator..."
 *	# Carry a random seed from start-up to start-up
 *	# Load and then save 512 bytes, which is the size of the entropy pool
 * 	if [ -f /etc/random-seed ]; then
 *		cat /etc/random-seed >/dev/urandom
 * 	fi
 *	dd if=/dev/urandom of=/etc/random-seed count=1
 *
 * and the following lines in an appropriate script which is run as
 * the system is shutdown:
 * 
 *	# Carry a random seed from shut-down to start-up
 *	# Save 512 bytes, which is the size of the entropy pool
 *	echo "Saving random seed..."
 *	dd if=/dev/urandom of=/etc/random-seed count=1
 * 
 * For example, on many Linux systems, the appropriate scripts are
 * usually /etc/rc.d/rc.local and /etc/rc.d/rc.0, respectively.
 * 
 * Effectively, these commands cause the contents of the entropy pool
 * to be saved at shut-down time and reloaded into the entropy pool at
 * start-up.  (The 'dd' in the addition to the bootup script is to
 * make sure that /etc/random-seed is different for every start-up,
 * even if the system crashes without executing rc.0.)  Even with
 * complete knowledge of the start-up activities, predicting the state
 * of the entropy pool requires knowledge of the previous history of
 * the system.
 *
 * Configuring the /dev/random driver under Linux
 * ==============================================
 *
 * The /dev/random driver under Linux uses minor numbers 8 and 9 of
 * the /dev/mem major number (#1).  So if your system does not have
 * /dev/random and /dev/urandom created already, they can be created
 * by using the commands:
 *
 * 	mknod /dev/random c 1 8
 * 	mknod /dev/urandom c 1 9
 * 
 * Acknowledgements:
 * =================
 *
 * Ideas for constructing this random number generator were derived
 * from the Pretty Good Privacy's random number generator, and from
 * private discussions with Phil Karn.  Colin Plumb provided a faster
 * random number generator, which speed up the mixing function of the
 * entropy pool, taken from PGP 3.0 (under development).  It has since
 * been modified by myself to provide better mixing in the case where
 * the input values to add_entropy_word() are mostly small numbers.
 * Dale Worley has also contributed many useful ideas and suggestions
 * to improve this driver.
 * 
 * Any flaws in the design are solely my responsibility, and should
 * not be attributed to the Phil, Colin, or any of authors of PGP.
 * 
 * The code for MD5 transform was taken from Colin Plumb's
 * implementation, which has been placed in the public domain.  The
 * MD5 cryptographic checksum was devised by Ronald Rivest, and is
 * documented in RFC 1321, "The MD5 Message Digest Algorithm".
 * 
 * Further background information on this topic may be obtained from
 * RFC 1750, "Randomness Recommendations for Security", by Donald
 * Eastlake, Steve Crocker, and Jeff Schiller.
 */
- ----END random.c EXCERPT----

This answer your question?

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

        "Evil does seek to maintain power by suppressing the truth."
        "Or by misleading the innocent."
                -- Spock and McCoy, "And The Children Shall Lead",
                   stardate 5029.5.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp2wWTCdEh3oIPAVAQGXDwf9F8OyHkVFGBDtb2mXrkYy89KewH9uylVS
VQAmEwxAggAC/C/FbhhXcQNWVCCmcRCvXFMXtZmxnc5dP2/Hn+kzAJuXjBJLA8bO
EcgWTGYCuyoZhXcon63FCW1EXg8/9qakfb66B3kc+tsx5UVbSlbzk4wfNPAzXWFE
V1ASeaoE708Dd/FN+2DODyFXssJ4aVxDYm8tv07AD7WYT4rbW896om0nKynj1DCW
xgA9+GVs37El2gMhz9j7sS3WouFnEckCmXuUWKzSUBGA68T5eJqSRywOs0ePgPQi
+t6KABJ20TEQX4u8wAvdg/F58B4wZZPcE66IAIITeDQm+uE+a5NilA==
=9zj/
-----END PGP SIGNATURE-----






From nobody at huge.cajones.com  Thu Nov 28 07:44:03 1996
From: nobody at huge.cajones.com (Huge Cajones Remailer)
Date: Thu, 28 Nov 1996 07:44:03 -0800 (PST)
Subject: Eudora/PGP Plug-in--Free
Message-ID: <199611281544.HAA12685@mailmasher.com>


                             Eudora/PGP Plug-In

Download version 0.20 from the Web:
   * http://www.prism.gatech.edu/~gt6525c/eppi/epp16_02.zip
     (for 16-bit version of Eudora 3.0 for Windows 3.1)
   * http://www.prism.gatech.edu/~gt6525c/eppi/epp32_02.zip
     (for 32-bit version of Eudora 3.0 for Windows NT/95)

If you don't have Web access, but have FTP access, try the following sites.
Note that if the version you are trying to get was released today or just a few days ago, it may not have shown up at the sites below yet, so give it a few days:

papa.indstate.edu: /pub/winsock-l/mail/epp16_02.zip
                   /pub/winsock-l/Windows95/mail/epp32_02.zip
                   /pub/winsock-l/WindowsNT/mail/epp32_02.zip

ftp.winsite.com:   /pub/pc/win3/winsock/epp16_02.zip
                   /pub/pc/win95/winsock/epp32_02.zip

If you want to be automatically notified of new versions, send e-mail to gt6525c at prism.gatech.edu with the subject of "eppi news", and the following message body:

join
stop





From dlv at bwalk.dm.com  Thu Nov 28 07:51:06 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 07:51:06 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <199611280555.XAA07103@mailhub.amaranth.com>
Message-ID: <BR14XD16w165w@bwalk.dm.com>


"William H. Geiger III" <whgiii at amaranth.com> writes:
> <sigh> GAK - Government Access to Keys and corporate control of encryption pr
> keys are two completely different issues. This is just more smoke and mirrors
> confuse the issue. There are many solutions currently available for a company
> the encryption of their data including the use of "master keys" to prevent da
> option available even with PGP). Government mandated infrastructure of GAK is
> and unwarranted for such purposes.

Surely someone who can't learn to format their text to 80 columns (perhaps
because he uses a dead operating system) has no credibility when he speaks
of technical things he clearly knows nothing about.

You remind me of a student in my C++ class who just couldn't understand why a
certain C expression evaluated to what it did. We made it simpler and simpler
until we had no variables left and this expression (w/o parens) on the board:
                                   1+1*2
The student forcefully argued that it should be equal to 4.

> Cooking With Warp 4.0

Another sign of cluelessness. OS/2 is dead. I've beein using OS/2 since v 1.0,
but now I'm moving to NT 4.0. I need to find the device drivers for all my
hardware.

Choke on your turkey. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Thu Nov 28 07:52:04 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 07:52:04 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <199611281111.AAA26386@mycroft.actrix.gen.nz>
Message-ID: <c6X4XD15w165w@bwalk.dm.com>


Paul Foley <mycroft at actrix.gen.nz> writes:

> On Wed, 27 Nov 96 19:57:27 EST, Dr.Dimitri Vulis KOTM wrote:
>
>    Yes. On the Internet it may not be immediately evident that the other side
>    of the debate is represented by clueless juveniles with whom you simply
>    wouldn't talk in a physical encounter. Trying to explain the need for key
>
> Or people who act like clueless juveniles on the net, while seeming to
> be nice, rational adults in real life.  I hear you fit that
> description fairly well (I, of course, can only speak for the online side).

That's in the eye of the beholder. I certainly don't have to be polite if I
choose to address a cybergang of raving ignorant flamers who oppose free
speech and advocate content-based censorship. Is John Gilmore polite to me?

>    > I must admit that I am at a loss to understand the heat which
>    > Dorothy Denning generates on the Cypherpunks list, which seems to
>    > be second only to the heat generated by posting recipes for roast
>    > feline in rec.pets.cats.
>
>    I've seen other people abused on this mailing list - usually, whoever
>    knows more about cryptography then the regular "lynch mob".
>
> "Knows more" == "rants endlessly about how the letters "Q.E.D." and
> some nonsense about hot air balloons render a cryptosystem
> unbreakable."

You're lying. I never said anything like that. Fred Cohen never said
anything like that. Dorothy Denning (whose name the cypherpunks can't spell)
never said anything like that. On the contrary, Paul Bradley who rants about
brute force attacks on OTP, is considered top 'punks' cryptography expert.

>    I had the pleasure of meeting Dr. Denning in person and I asked her
>    about her views on GAK. Her responses made a lot of sense to me. Most
>    businesses, if they thought about it, would prohibit their employers
>    from having information on company computers encrypted so the owner
>    of the computer can't read them. This is just good business sense.
>
> Of course it is.  And they can do this, today, without any
> legislation!  I believe the commercial version of PGP (Business
> Edition?) has support for this.
>
> This is, of course, totally unrelated to GAK (unless you consider
> people to be the property of their government, I suppose).

This semester I'm teaching an undergraduate course in economics and I find it
very challenging to explain, e.g. the Laffer curve to students who have never
paid any taxes. Or, some students couldn't understand the difference between
different flat-rate pre-paid medical plans vs. pay-as-you-go medical plans.
They've never encountered anything like this in their lives and it takes weeks
for new concepts to sink in.

Indeed, I recall how a few years ago my wife was teaching a calculus course
and she told me about an inner-city student who was reasonably bright, but
had never left the inner city in her life. She had trouble with word
problems involving, e.g., mountains (popular in calculus texts :-) because
she had never seen one and couldn't quite understand what it was.

When cypherpunk juveniles rant about GAK, they are unable to present any
arguments for or against it other than personal attacks and name-calling
(like the recent pile of sexual innuendo e-mailed anonymously to Dr.Denning).
To me this shows that they're ignorant of the cryptography issues involved,
of law enforcement, of corporate data security policy, and are either too
young to know or unwilling to learn.

Why do you think I don't discuss my work on this mailing list?

>    This mailing list suffers from the presence of several mentally disturbed
>    juveniles who a) are clearly ignorant of cryptography (e.g. rant about
>    brute force attacks on OTP); b) are cognizant of their utter ignorance and
>    stupidity; c) are envious of anyone who does know what s/he's talking
>    about.
>
> d) rant endlessly about Tim May.
> e) put "(fart)" or "(spit)" after every other word.
> f) rant about John Gilmore's alleged sexual preferences.  (I seem to
>    recall something about Tsutomu Shimomura "stealing" his girlfriend??)

Huh? I met Tsutomu once, briefly. I'm sure he's capable of stealing people's
girlfriends, being rich and good-looking, but I doubt very much that John
Gilmore has one. (Not that it's relevant. Cygnus Support's hiring practices
are relevant, since they demonstrate what an asshole Gilmore is. I used to
respect Gilmore, but not anymore. He's a liar and a content-based censor.)

> g) continually bring up Paul Bradley's "brute forcing a OTP" post,
>    which was quite clearly a simple misunderstanding.
>
> [and h) probably rant about me for a while now.  Prove me wrong.]

Yeah, let's talk about Paul Bradley. (A U.K. undergraduate who probably
doesn't deserve the time we spend talking about him.) Paul flames
ceaselessly on the cypherpunks mailing list, refers to Don Wood as "Don Wood
(spit)", has sent me numerous threatening e-mails, does not understand what
either "brute force" or "OTP" is, and is unwilling to learn. Now, most
undergraduates don't know what brute force and/or OTP are, but they can
learn and they do learn if they intend to discuss the subject at such
length. Paul is a typical ignorant "cypherpunk". He likes to rant about
crypto because it's "kewl", but doesn't want to invest the time in learning
the meaning of the words he (mis)uses. "Punks" is well-chosen name.

>    So, they feel compelled to harrass anyone who's smarter / more
>    knowledgeable than they are (sometimes using the anonymous remailers) in
>
> Ah!  That explains the "Timmy (fart) May" posts!  *Now* I get it!

Tim May is a coward, afraid to sign his name on his own flames. E.g., I've
received several hate e-mails via the anonymous remailers saying stuff like
"kill all Russian immigrants". Tim May is known to hate immigrants and Jews
(advocates the destruction of Israel etc).

>    The continuing verbal abuse of Dr. Denning is no different from the abuse
>    previously heaped on Fred Cohen or David Sternlight or yours truly.
>
> The only "continuing verbal abuse" I've seen on this list is you and
> those "Freedom Knight" twits abusing Tim May and John Gilmore.

You're lying again - or you don't consider cypherpunks calling Dr. Denning
"clueless bitch" to be verbal abuse?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From adam at homeport.org  Thu Nov 28 08:16:16 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 28 Nov 1996 08:16:16 -0800 (PST)
Subject: TIA Invites
In-Reply-To: <1.5.4.32.19961127013503.0067151c@pop.pipeline.com>
Message-ID: <199611281613.LAA21744@homeport.org>


John Young wrote:
| A rep of the Telecommunications Industry Association
| telephoned to say that TIA has invited authority to 
| investigate disclosure of TIA's TR45.3 to the unworthy.

	Did they say what they were investigating?  Usually, talking
to the unworthy is not a crime.  :)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From whgiii at amaranth.com  Thu Nov 28 08:23:38 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Thu, 28 Nov 1996 08:23:38 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <199611281157.DAA12088@infomatch.com>
Message-ID: <199611281738.LAA11076@mailhub.amaranth.com>


In <199611281157.DAA12088 at infomatch.com>, on 11/28/96 
   at 04:53 AM, "Murray Hayes" <mhayes at infomatch.com> said:

>On Wed, 27 Nov 96 10:16:20 -0500, William H. Geiger III wrote:

>>In <009ABBF7.ACB06A80.64 at SPRUCE.HSU.EDU>, on 11/22/96 
>>   at 12:18 PM, jc105558 at spruce.hsu.edu said:
>>
>>
>>socialism uses FORCE to take what it wants while the capitilism you have a
>>free & volintary exchange.
>>
>>why is this so hard to understand??
>>

>Don't be an idiot.  Socialism has nothing to do with force.  It is an
>economic system not a military stance.  

>Communisist belive:

>>From each according to there abilities
>To each according to there needs.

>Socialist belive:

>>From each according to there abilities
>To each accoring to there contirbution.

>They are very similar, BUT HAVE NOTHING TO DO WITH FORCE!!!
>Some countries have very socialized systems with democracy.  Those people
>want socalized everything.  The US is socialized to a very small degree. 
>The UK is socialized to a further degree.
 
<sigh> socialism has EVERTHING to do with force. Socialism is based on the
TAKING from one to give to another. Without FORCE or the threat of FORCE
most people will not allow their hard earned property to be taken away
from them.

You look at any socialist program in the "democracies". Every one is a)
Manditory b) Backed by FORCE.



No socialist program has ever been implemented on a large scale without
the use of FORCE. It just can't work without it. I do not wish to be part
of the socialist programs in the U.S. Medicare, Medicaide, Welfaire, SS,
WIC, FoodStamps, ...ect. It is only because of the threat of the use of
FORCE against me that I continue to pay for such programs AGAINST MY WILL.

This is the same everywhere. If these were programs that the majority were
willing to participate volentary then why are they Manditory?? Why use the
FORCE of government to implement them?? 

Because socialism is THEIFT and people naturally resist the theift of
their property.



-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii at amaranth.com>
-----------------------------------------------------------






From adam at homeport.org  Thu Nov 28 08:33:06 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 28 Nov 1996 08:33:06 -0800 (PST)
Subject: Anon
In-Reply-To: <199611210202.SAA10970@crypt.hfinney.com>
Message-ID: <199611281629.LAA21815@homeport.org>


	Brin's argument has two ideas that I find annoying.  One is
that the changes he forsees are inevitable, the other is that security
is not about economics.

	The idea that universal surveillance is inevitable is based on
the assumption that everyone lives in a city, and the technologies of
spying can be cheaply deployed.  A good deal of privacy can be
obtained by moving a small or large distance away.  Monitoring
technology is not cheap.  When it is cheap, the network links to
connect it all will still be expensive.  (etc.  The economics of a
surveillance state lead to something in the mix, people, cameras,
policemen to make arrests etc, being expensive.)

	The second mistake is related, and assumes that the rich can
be forced to give up the privacy that the poor have already lost.  The
expense of a defense is related to the effort involved in breaking
that defense.  If I have a mansion with grounds, I can deploy defenses
against the low cost cameras and bugs for less than my privacy is
worth to me.  I can also team up with my neighbors to have a well
defended enclave.

	So the surveillance state that Brin wants will not apply to
the rich, but only the poor.  I wonder if it will affect him.

Adam

Hal Finney wrote:
| As I mentioned a couple of days ago, science fiction writer David Brin
| has an argument against not only anonymity, but _privacy_ as well.
| Where cypherpunks tend to think of privacy as both beneficial and
| inevitable, Brin sees it as harmful and doomed.  He has an article in
| the December 1996 issue of Wired discussing his ideas.
| 
| BTW cypherpunk Doug Barnes is also quoted several times in the long
| article in that issue by Neal Stephenson (Snow Crash, The Diamond Age)
| about the undersea cables that carry most transnational information
| traffic.
| 
| Hal
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







From dlv at bwalk.dm.com  Thu Nov 28 08:40:07 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 08:40:07 -0800 (PST)
Subject: Israel crypto restrictions
In-Reply-To: <199611281409.JAA21283@homeport.org>
Message-ID: <3J24XD17w165w@bwalk.dm.com>


Adam Shostack <adam at homeport.org> writes:
> Dr.Dimitri Vulis KOTM wrote:
> | Adam Shostack <adam at homeport.org> writes:
> | > 	They're listed on NASDAQ (CKP).  This makes them an American
> | > company for purposes of export controls.  (This from an employee of
> | > Checkpoint who I asked that exact question.)
> |
> | This is truly bizarre. First, if they were on the NASDAQ, they'd have a
> | 4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDA
> | IBM (IBM) and F (Ford) are on the New York stock exchange and/or
> | American stock exchange.
>
> 	Oops.  Misread my stock service.  I usually pay little
> attention to what exchange something is traded on.  CKP is on the
> NYSE.

The exchange is of little relevance to most small investors. It matters, e.g.,
if you're trying to figure out your transaction costs. If you buy or sell an
exchange-listed stock, then there's the stock price (money going to the shares'
old owner or coming from the new owner) and a separate commission going to your
broker (3c/share if you're smart). With NASDAQ stocks, you buy them at ask
price and sell them at bid price. The spread between the two prices is the
broker's source of revenue. You can't tell how much of the money you paid went
for the shares and how much to the broker. For the same reason the volume
figures in most sources have to be divided by 2 for NASDAQ issues to be
comparable with exchange-listed issues.

Anyway it's irrelevant in this case.

> | Sometimes the stock of a foreign company is traded in the U.S. in the form
> | of American Depository Receipts (ADRs) not sponsored by the company. How
> | could that impose any obligation on it?
>
> 	"He asks, as if the ITARs were logical."

Fuck ITAR, fuck being (un)sponsored, consider the SEC disclosure requirements.
In the U.S., a publicly traded company has to file reports with the SEC and
make them publicly available. There's the big annual report (10K etc) at the
end of the fiscal year, and little quarterly reports (10Q etc). Other countries
have different requrements. E.g. in Japan they only have the annual report and
the semiannual (QII) one - not for QI and QIII. Sony's ADRs (SNY) are traded in
the U.S. pretty actively, but neither Sony nor any other Japanese company I
know of issues QI or QIII reports.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From null at void.gov  Thu Nov 28 09:09:41 1996
From: null at void.gov (null at void.gov)
Date: Thu, 28 Nov 1996 09:09:41 -0800 (PST)
Subject: Whitehouse Releases Blueprint...
Message-ID: <3.0.32.19961128091318.0068f958@best.com>



Notably, the emphasis is on the needs of business, not "people."

We are in an excellent position to observe and document the process whereby
"business" -- that is, organizations motivated primarily, if not exclusively,
by the desire for short-term profits accruing to vested interests -- comes
to dominate and control a technology.  The auto and television industries come
to mind as two prior examples.  We are about to see the net go the same way.
Take notes.

			"I have to praise the administration and Ira for
                      reaching out to the private sector for
                      comments," Computers and Communication
                      Industry Association President Ed Black said.
                      "There's a great emphasis on the needs of
                      business here."

                      Even so, privacy activists remained
                      disappointed with many of the document's
                      features. "This isn't anything new," said David
                      Banisar, counsel to the Electronic Privacy and
                      Information Center. "The privacy stuff is
                      terrible. They say it's market driven, but
                      markets don't work with privacy. It's like what
                      happened with P-Trak."







From geeman at best.com  Thu Nov 28 09:10:01 1996
From: geeman at best.com (geeman at best.com)
Date: Thu, 28 Nov 1996 09:10:01 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <3.0.32.19961128085237.0069afc0@best.com>


At 07:12 AM 11/27/96 +0000, you wrote:
.....etc
Can you be more specific?
What are the vulnerabilities you are aware of?

>I've never seen a security review of SSLeay, and if anyone gave it a clean
bill
>of health, they didn't have their eye on the ball. Note, I'm not knocking
>SSLeay here, it is a wonderful lump of code, but it hasn't been written with
>security in mind (IMHO).
>
>Cheers,
>
>Ben.
>
>-- 
>Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
>Freelance Consultant and  Fax:   +44 (181) 994 6472
>Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>London, England.          Apache-SSL author
>
>





From dthorn at gte.net  Thu Nov 28 09:35:06 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 09:35:06 -0800 (PST)
Subject: Hurray! A good example of rational thinking ...
In-Reply-To: <199611280144.RAA19906@server1.chromatic.com>
Message-ID: <329DC21B.4361@gte.net>


Ernest Hua wrote:
> > > It is truly counter-productive to insist on conspiracy theories and
> > > anti-government rhetoric.  Sure, there have been conspiracies in the
> > > past.  Sure, there have been more than our fair share of atrocities.

[mucho snippo]

The danger in conspiracy theories (and you can check the L.A. Times for
verification of this) is that they are often tied in to anti-Semitism
and other forms of racism, and/or provide an excuse to....

The fact is, though, that only government possesses the power to ruin the
lives of masses of people, which they have often done, even in this century.
Anyone who says "the conspiracies aren't true" and "anti-government rhetoric
is automatically bad", etc. is just sticking their head in the sand.

The militias are a necessary correction to government excess, however
negative the implications of militia power might be.

As far as the difficulty in creating the infrastructure to monitor every-
one, well, it exists and is growing by the minute.  All "they" have to do
is listen in, and have smart programs to sort out what they want to look
at (which they certainly do).  Think of it as a percentage deal.  The
people the govt. most want to monitor are the ones who are the most
active in their travel and communication, therefore, it greatly reduces
the monitoring load.







From dthorn at gte.net  Thu Nov 28 09:35:13 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 09:35:13 -0800 (PST)
Subject: IQ and age
In-Reply-To: <199611280447.WAA23636@algebra>
Message-ID: <329DC5A0.6228@gte.net>


Igor Chudov @ home wrote:
> Dale Thorn wrote:
> > The biggest influence on IQ are the so-called "engrams" (fears, super-
> > stitions, anxieties, etc.) planted in your brain early in life.
> > Some of this can be overcome with mental exercise, and awareness of what
> > negative influences are holding you back.  Much easier said than done!
> > IQ as they attempt to measure it can probably be most easily explained
> > as pattern matching skills. Unfortunately for testing, and although you
> > can be every bit as intelligent at 70 as at 10, your pattern-matching
> > skills change and evolve over time, so any given tests will only apply
> > (more or less) at the age group they are optimized for.

> Would you dismiss strong correlations between IQ and success in life
> and academia as something irrelevant?

Not at all, and I think you could make some interesting equations out of
this if you wanted to spend the time.

Factors for raw intelligence, i.e., pattern matching skills.
Factors for aggressiveness, assertiveness, self-confidence, etc.
Factors for manipulative ability (to manipulate people, etc.).  I don't
know how to properly categorize this last item, but perhaps a professional
psychologist would.

In sum, I think you could observe successful people and establish most
of the relevant factors, but be aware - if you are not an insider in
several of these "success circles", you might miss one or more key
factors, particularly those that would be denied by successful people,
such as willingness to do things people don't like to talk about openly.







From dthorn at gte.net  Thu Nov 28 09:35:19 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 09:35:19 -0800 (PST)
Subject: TV/Radio: Crypto Policy on NPR
In-Reply-To: <3i63XD12w165w@bwalk.dm.com>
Message-ID: <329DC778.71AB@gte.net>


Dr.Dimitri Vulis KOTM wrote:
> Ernest Hua <hua at chromatic.com> writes:
> > McNeil & Lehear (sp?)  (ok, I know, one of them is gone, but I forgot
> > which) News Hour had a segment on crypto policy.  Generally a balanced
> > non-technical report, except that there is no mention of the free
> > speech issue.

> Do you think they should have mentioned that cypherpunks are against free
> speech and that John Gilmore (spit) is a liar and a content-based censor?
> Gilmore is irrelevant and not worth mentioning.

BTW, there's an excellent picture in the Public Domain showing Robert
McNeil (sp?) looking over the fence on the grassy knoll, seconds after
they blew off the president's head.  I guess ol' Bob musta been one of
those "extremely few, ignorant, stupid people" who thought shots may
have come from somewhere besides the depository (per O.C. Register).







From jbugden at smtplink.alis.ca  Thu Nov 28 09:40:38 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Thu, 28 Nov 1996 09:40:38 -0800 (PST)
Subject: IQ and age
Message-ID: <9610288492.AA849213618@smtplink.alis.ca>


Clay Olbon II <olbon at ix.netcom.com> wrote:
>Seriously, you ignore the correlation between performance in college and
standardized test scores.  There is a reason these are used in admissions - they
are actually pretty good predictors of the ability to perform college level
work. <
 
This is a commonly held fiction that is not supported by the evidence. As stated
in another message, the infomration given out by ETS, who administer the GMAT
and SAT, indicate that there is a low correlation between GMAT scores and
successful completion of even first year education programs. This also ignores
the issue of why other, better, widely available predictors are not used
instead.
 
>Oh, I forgot.  Only certain racial/ethnic groups are capable of understanding
basic mathematical concepts. <
 
There was a good Scientific American article on cultural influences on learning
within the last year or two. It examined Asian groups noted achievements in
tests and the parental and cultural support for scholastic achievement.
 
Another anecdotal example is in the opening chapters of "Surely You're Joking,
Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
vivant. He describes how his mother introduced a doctor, a general and a
professor with the same respectful tones indicating to him that a career in
academia was as highly valued as any other high position in society.
 
>I happen to feel better believing in the potential for any individual in this
country to succeed through hard work. <
 
I do to. But how good are your feelings as predictors of actual success?
 
James






From olbon at ix.netcom.com  Thu Nov 28 10:08:42 1996
From: olbon at ix.netcom.com (Clay Olbon II)
Date: Thu, 28 Nov 1996 10:08:42 -0800 (PST)
Subject: IQ and age
Message-ID: <1.5.4.32.19961128180712.006ec3ec@popd.ix.netcom.com>


At 12:40 PM 11/28/96 EST, jbugden at smtplink.alis.ca wrote:
>Clay Olbon II <olbon at ix.netcom.com> wrote:
>>Seriously, you ignore the correlation between performance in college and
>standardized test scores.  There is a reason these are used in admissions -
they
>are actually pretty good predictors of the ability to perform college level
>work. <
> 
>This is a commonly held fiction that is not supported by the evidence. As
stated
>in another message, the infomration given out by ETS, who administer the GMAT
>and SAT, indicate that there is a low correlation between GMAT scores and
>successful completion of even first year education programs. This also ignores
>the issue of why other, better, widely available predictors are not used
>instead.

Apples and oranges.  I was referring to the correlation of college GPA to
SAT scores (which is higher than the correlation between high school GPA and
college GPA).  GPA measures the ability to do college-level work.  As such,
SAT scores are very relevant.  As you said, <completion> of college probably
does involve lots of other factors. I would not expect a high correlation
between standardized test scores and completion rates.

> 
>>Oh, I forgot.  Only certain racial/ethnic groups are capable of understanding
>basic mathematical concepts. <
> 
>There was a good Scientific American article on cultural influences on learning
>within the last year or two. It examined Asian groups noted achievements in
>tests and the parental and cultural support for scholastic achievement.

My point exactly.  It is these cultural factors, not the amount of money the
parents make, that is really the important aspect.  It does seem unfortunate
however that in many lower income families, there is less of an emphasis on
scholastic achievement.  

>Another anecdotal example is in the opening chapters of "Surely You're Joking,
>Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
>vivant. He describes how his mother introduced a doctor, a general and a
>professor with the same respectful tones indicating to him that a career in
>academia was as highly valued as any other high position in society.
> 
>>I happen to feel better believing in the potential for any individual in this
>country to succeed through hard work. <
> 
>I do to. But how good are your feelings as predictors of actual success?

Anecdotal evidence, but I have known people at many levels of society.  I
have never met anyone who "works hard" that is in dire straits.  Some have
struggled for a time (I know I did!), but eventually the hard work paid off.

        Clay






From attila at primenet.com  Thu Nov 28 10:15:24 1996
From: attila at primenet.com (attila at primenet.com)
Date: Thu, 28 Nov 1996 10:15:24 -0800 (PST)
Subject: The Difference Between The Right And Left
In-Reply-To: <Love@22594>
Message-ID: <199611281815.LAA06924@infowest.com>


-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------


In <Love at 22594>, on 11/27/96 
   at 10:47 PM, varange at crl.com (Troy Varange) said:

::
::	This is, of course, confusing to y'all because your all a
::	bunch of stupid college kids.
::
        NO, NO, NO!  you have propounded an absurdity. The truth is:

        Your "bunch of stupid college kids" are the only ones who _do_
    understand.  They simply are still young enough to sincerely believe
    they have inately been blessed with all the assimilated knowledge of
    the generations!

        You must progress to an old man before you fully comprehend that
    true knowledge has eluded you in your miniscule slice of infinite 
    time and _your_ future is not truly limitless. 

        so spake Attila!

                | The pen may often be mightier than the sword,
 *<%%%%%%%%%%%%|+>-================================-------------------
                | but, the sword sure as hell is faster....


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp3QxL04kQrCC2kFAQFMwwP5AeCDlzzEFFFUvulcjzq8qy4vkczYJ4nr
rXV8pCjyqH8ovtxqEAbH8flKggwWO3a9oxIAvSmAp35yl+C7+60CBL7BJ3yPlQFr
uuazqmotWHTjy7s6tq7ZjphMMH+PxlhbhuUp+O9pR2nw8M5REFoYiW6s/kiBIxd7
lNXLGI0lpNY=
=LtZL
-----END PGP SIGNATURE-----

  ==== begin original propounderance of all-powerful knowledge ====

::	The French Revolution perhaps provided the best
::	definition as the origional coiners of the terms.
::
::	The Left is for radical change and the Right is for
::	evolutionary change.
::
::	That would put mainstream politics decidedly on the right
::	wing side of the political spectrum.
::
::	The left wing is a rather motly collection including many
::	anarchists, communists and nazis, yet many of the same
::	types are decidedly right wing.
::
::	A historical anecdote would be the Bucharin-Rykov wing of
::	the Bolshevik party in the late twenties. They were right 
::	wing while Stalin was left wing.  Yet, Bucharin would be
::	considered quite radical for today's bean counting
::	politics.
::
::	This is, of course, confusing to y'all because your all a
::	bunch of stupid college kids.
::








From tgkelli at tiger.towson.edu  Thu Nov 28 10:45:20 1996
From: tgkelli at tiger.towson.edu (Kathleen M. Ellis)
Date: Thu, 28 Nov 1996 10:45:20 -0800 (PST)
Subject: Dorthy Denning is a boot-licking fasicist!!!
In-Reply-To: <Pine.LNX.3.95.961128063650.24234B-100000@dhp.com>
Message-ID: <Pine.SGI.3.93.961128125719.27120A-100000@tiger.towson.edu>


On Thu, 28 Nov 1996, aga wrote:

<Ignoring the blatant stupidity, foolish Gilmore- and Denning-baiting and
other general irrelevancies from "aga", William Geiger, and the "Huge
Cojones Remailer" posts>

> Please define "GAK" and leave the headers intact.
> 
> -a

GAK - An acronym coined by cryptographer Carl Ellison (presently employed
by Cybercash) which stands for Government Access to Keys.  It's a
standardized term we (we = folks who are actually interested in the study
of cryptography and the development of public policy surrounding it) use
in the face of constantly changing government terms for what (to us) 
translates to being exactly the same (unacceptable) policy (Key Escrow,
Key Recovery and the various phases of the Clipper development). 

A brief word on abuse... by calling Gilmore or anybody else a "faggot"
doesn't win me over to your cause, as is the case with many others on the
cypherpunks list.  Further, while I may not agree with Dr. Denning's
perspective on these issues, I respect her as a writer, a cryptographer,
and as a computer scientist.  I also (groan if you must)  admire her as a
woman who has maintained such a high-profile position in such a religious
debate, given that she probably gets mail like yours all the time. 


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The Semi-Carless Kathleen Ellis    NEW ADDRESS: tgkelli at tiger.towson.edu
I hate the web.			       http://tiger.towson.edu/~tgkelli/
I love encryption.    1996/08/30 Kathleen Ellis <kelli at tiger.towson.edu> 
pub  2047/21853015     F8 D6 96 B2 C6 5A 08 15  43 BE 9E CF 18 8F 1B F0

"Someone tried to get me to run nachos on my box once.  Said it was better
than sunos, more cheese".
						-r4j00g4






From ichudov at algebra.com  Thu Nov 28 11:04:12 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Thu, 28 Nov 1996 11:04:12 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <c6X4XD15w165w@bwalk.dm.com>
Message-ID: <199611281834.MAA00656@manifold.algebra.com>


Dr.Dimitri Vulis KOTM wrote:
> 
> Why do you think I don't discuss my work on this mailing list?
> 

Lemme take a guess, there is probably a good number of people
who have a genuine interest as to where you work.

	- Igor.





From whgiii at amaranth.com  Thu Nov 28 11:30:54 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Thu, 28 Nov 1996 11:30:54 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <BR14XD16w165w@bwalk.dm.com>
Message-ID: <199611282045.OAA12565@mailhub.amaranth.com>


In <BR14XD16w165w at bwalk.dm.com>, on 11/28/96 
   at 10:26 AM, dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) said:

>"William H. Geiger III" <whgiii at amaranth.com> writes:
>> <sigh> GAK - Government Access to Keys and corporate control of encryption pr
>> keys are two completely different issues. This is just more smoke and mirrors
>> confuse the issue. There are many solutions currently available for a company
>> the encryption of their data including the use of "master keys" to prevent da
>> option available even with PGP). Government mandated infrastructure of GAK is
>> and unwarranted for such purposes.

>Surely someone who can't learn to format their text to 80 columns
>(perhaps because he uses a dead operating system) has no credibility when
>he speaks of technical things he clearly knows nothing about.

Are you incapable of turning on the word-wrap on your editor??

>You remind me of a student in my C++ class who just couldn't understand
>why a certain C expression evaluated to what it did. We made it simpler
>and simpler until we had no variables left and this expression (w/o
>parens) on the board:
>                                   1+1*2
>The student forcefully argued that it should be equal to 4.

Well seems to be a lack in your teaching ability if you are unable to
teach a collage student basic arithmatic order of operations.

>> Cooking With Warp 4.0

>Another sign of cluelessness. OS/2 is dead. I've beein using OS/2 since v
>1.0, but now I'm moving to NT 4.0. I need to find the device drivers for
>all my hardware.

hmmm... Ahhh and NT is better??

>Choke on your turkey. :-)

hmmm... no responce to the actual issue?? What's wrong Dimitri ? Only
capable of your enless rants? 

<sigh> back to the twit filter you go.

-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii at amaranth.com>
-----------------------------------------------------------






From reece at taz.nceye.net  Thu Nov 28 11:39:46 1996
From: reece at taz.nceye.net (Bryan Reece)
Date: Thu, 28 Nov 1996 11:39:46 -0800 (PST)
Subject: Is /dev/random good enough to generate one-time pads?
In-Reply-To: <Pine.LNX.3.94.961128152339.1435A-100000@random.sp.org>
Message-ID: <19961128194007.12992.qmail@taz.nceye.net>


   Date: Thu, 28 Nov 1996 15:31:28 +0000 (GMT)
   From: The Deviant <deviant at pooh-corner.com>

   On Wed, 27 Nov 1996, Igor Chudov @ home wrote:

   > Subj sez it all.
   > 
   > Thank you.
   > 
   > 	- Igor.

   Yes, as a matter of fact it is.  /dev/random is based on an entropy pool
   taken from hardware interrupts and such, thus is a RNG, not a PRNG (thats
   right IPG, Linux uses hardware to get random numbers... imagine that!).
   /dev/urandom is, however, a PRNG...

Only if you try to pull out more bits than you can get from /dev/random.

Note that /dev/random on a single-user system doesn't generate bits
fast enough to be practical for OTP generation (try od -tc1
/dev/random sometime; you'll get about 512 bytes if you haven't used
it lately, then reads will block until enough unpredictable things
happen ).  Of course, you can add more randomness sources.

How good a source would a radio or diode noise source connected to the
parallel port's IRQ input be?  It certainly sounds like it would be
cheap enough.





From jya at pipeline.com  Thu Nov 28 11:50:32 1996
From: jya at pipeline.com (John Young)
Date: Thu, 28 Nov 1996 11:50:32 -0800 (PST)
Subject: TIA Invites
Message-ID: <1.5.4.32.19961128194743.006709a8@pop.pipeline.com>


Adam Shostack wrote:

>Did they say what they were investigating?  Usually, talking
>to the unworthy is not a crime.  :)


The TIA rep asked if I knew TR45.3 is ITAR-ed.

The document has such a notice, I answered.

TIA said, we've told the Feds it's on your Web site.

But why tell me, I asked.

Thought you'd like to know we told the Feds, TIA said.







From ben at gonzo.ben.algroup.co.uk  Thu Nov 28 12:10:57 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Thu, 28 Nov 1996 12:10:57 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <3.0.32.19961128085237.0069afc0@best.com>
Message-ID: <9611281907.aa27702@gonzo.ben.algroup.co.uk>


geeman at best.com wrote:
> 
> At 07:12 AM 11/27/96 +0000, you wrote:
> .....etc
> Can you be more specific?
> What are the vulnerabilities you are aware of?

I think I would discuss this with the author before going public, to give
him the usual opportunity to clean up before all hell breaks loose. However,
that is what I'd call "work" rather than "fun", so I'd want paying for it.

No doubt I'll take it up with Eric at some point, when neither of us has
anything better to do.

My impression is that Eric is more interested in speed and functionality than
strict security (and considering the incredible vulnerability that is more or
less inherent in an SSL implementation, I feel the same). I could be wrong, of
course.

I will say that I'm not aware of any problems that a good firewall and physical
security don't take care of. That isn't to say there aren't any - I haven't
looked that hard.

Cheers,

Ben.

> 
> >I've never seen a security review of SSLeay, and if anyone gave it a clean
> bill
> >of health, they didn't have their eye on the ball. Note, I'm not knocking
> >SSLeay here, it is a wonderful lump of code, but it hasn't been written with
> >security in mind (IMHO).
> >
> >Cheers,
> >
> >Ben.
> >
> >-- 
> >Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
> >Freelance Consultant and  Fax:   +44 (181) 994 6472
> >Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
> >A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
> >London, England.          Apache-SSL author
> >
> >

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From aga at dhp.com  Thu Nov 28 12:30:18 1996
From: aga at dhp.com (aga)
Date: Thu, 28 Nov 1996 12:30:18 -0800 (PST)
Subject: Dorthy Denning is a boot-licking fasicist!!!
Message-ID: <199611282030.OAA25514@mailhost.onramp.net>


On Wed, 27 Nov 1996, Huge Cajones Remailer wrote:

> "William H. Geiger III" <whgiii at amaranth.com> writes:
> 
> >I don't know if anyone watched the House Subcomitty on Computers &
> >Technology today on C-Span.
> 
> No, we watched 'Dorothy does Georgetown" on C-Spam.
> 
> >Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing
> >computer security.
> >
> >Dorthy Denning gave the most pro-government speech I have ever heard. Is
> >this clueless bitch on the government payroll?!!
> 
> Yes.
> 
> >William Reinsch is a lying bastard. Fucking politions!! Fucking
> >goverment!! They all deserve a long rope!!
> 
> Start with Socks the queer cat.
> 
> >Phil Zimmerman was quite good at attacking the government policies.
> >
> ><sigh> We are truly a country of fools to have put these jackbooted
> >facisit bastards back into office.
> 

Don't worry about it.  Doctress Neutopia can suck Bill's dick,
and all will be fine. {;-)-~

> "Dorothy Denning" is a man in drag. "She" has a bigger dick that
> "her" boyfriend John Gilmore, the cocksucker faggot from EFF.
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Is that cocksucker AC/DC or what?
Is it true that him and John Perry Barlow do 69 on video?                                   
> 
> >-----------------------------------------------------------
> >"William H. Geiger III" <whgiii at amaranth.com>
> >-----------------------------------------------------------
> 
> Just say GAK to chicks with dicks!
> 
> diGriz
> 

Please define "GAK" and leave the headers intact.

-a








From dlv at bwalk.dm.com  Thu Nov 28 12:40:41 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 12:40:41 -0800 (PST)
Subject: More anonymous hate mail from John Gilmore, Timmy May, and friends
In-Reply-To: <199611281623.JAA03709@zifi.genetics.utah.edu>
Message-ID: <Lee5XD20w165w@bwalk.dm.com>


I've received the following e-mail from an anonymous coward. It didn't
have any carriage returns (I added them).

>Date: Thu, 28 Nov 1996 09:23:00 -0700
>Message-Id: <199611281623.JAA03709 at zifi.genetics.utah.edu>
>To: dlv at bwalk.dm.com
>From: nobody at zifi.genetics.utah.edu (Anonymous)
>Comments: Please report misuse of this automated remailing service to <complaints at zifi.genetics.utah.edu>
>Subject: Yo, Kook! Read this.
>
>...
>
>>"Phillip M. Hallam-Baker" <hallam at ai.mit.edu> writes:
>>> Actually the opposite is the case, he is a notorious womanizer.
>>
>>Are _you gay, Phil?
>
>Look, Kook. Can you at least wait 24 hours after complaining about eliptic
>curves being somehow off-topic (as I recall, it was 50k rants about Armenian
>genocide that got your dumb ass booted) before posting your own off-topic
>sewage? Who gives a flying fuck who is or isn't gay or perverted or whatever
>in their private lives? What does it have to do with crypto, or proficiency
>in programming, or anything that matters to most of the list? It seems to me
>that you should try casting your "pearls" before the much more "noble"
>animals of the freedom-knights, who (as opposed to me) _DO_ care who is or
>isn't homosexual. Get back on your meds, it'll do you (and the list) good.
>
>me

One of the meanings of "punk" is "young homosexual". There are a lot of them
on the "cypherpunks" mailing list, trying to be social and to make friends.

They think that the "cypher" part is "kewl" and even rant about it, without
understanding the meanings of the technical terms they use (like the
recurrent rant about brute-force attacks on one-time pads). But they don't
know much about cryptography, so when someone, e.g., tries to talk about
elliptic curves, the "punk" crowd screams that it's "off-topic".

Today is Thanksgiving, so I hope you choke on your turkey (or whatever else
ends up in your mouth :-). I'm thankful that I wasn't born in this country,
because Americans are so stupid.





From dlv at bwalk.dm.com  Thu Nov 28 12:42:36 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 12:42:36 -0800 (PST)
Subject: Israel crypto restrictions
In-Reply-To: <Pine.GSO.3.95.961128160804.11147C-100000@nebula>
Message-ID: <R0D5XD19w165w@bwalk.dm.com>


Jyri Kaljundi <jk at stallion.ee> writes:
> > > 	They're listed on NASDAQ (CKP).  This makes them an American
> > > company for purposes of export controls.  (This from an employee of
> > > Checkpoint who I asked that exact question.)
> >
> > This is truly bizarre. First, if they were on the NASDAQ, they'd have a
> > 4-letter ticker symbol, not a 3-letter symbol. MSFT (Microsoft) is on NASDA
> > IBM (IBM) and F (Ford) are on the New York stock exchange and/or
> > American stock exchange.
>
> The actual ticker symbol for Check Point Software Technologies Ltd. is
> CHKPF.

Scitex is an Israeli company run by Shamirs. Their ticker symbol is SCIXF.
They make the best high-end color printers in the world.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From attila at primenet.com  Thu Nov 28 13:26:53 1996
From: attila at primenet.com (attila at primenet.com)
Date: Thu, 28 Nov 1996 13:26:53 -0800 (PST)
Subject: KUDOS to Kathleen: [Re: Dorthy Denning is a boot-licking fasicist!!!]
In-Reply-To: <Pine.SGI.3.93.961128125719.27120A-100000@tiger.towson.edu>
Message-ID: <199611282127.OAA10714@infowest.com>


In <Pine.SGI.3.93.961128125719.27120A-100000 at tiger.towson.edu>, on 11/28/96 
   at 01:46 PM, "Kathleen M. Ellis" <tgkelli at tiger.towson.edu> said:

::[snip]
::A brief word on abuse... by calling Gilmore or anybody else a "faggot"
::doesn't win me over to your cause, as is the case with many others on
::the cypherpunks list.  Further, while I may not agree with Dr. Denning's
::perspective on these issues, I respect her as a writer, a cryptographer,
::and as a computer scientist.  I also (groan if you must)  admire her as
::a woman who has maintained such a high-profile position in such a
::religious debate, given that she probably gets mail like yours all the
::time. 
::
-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

        good, solid statement of purpose which too few of us practice. 
    it is general human nature to be protective (usually in a jealous 
    sense) of our nurtured opinions. However, that is not an excuse to 
    be abusive of another.  

        It is one thing to be vituperatively demonstrative, another to 
    criticize anothers view point by epithetical allegorations, and 
    another, with careful consideration, to disagree with _civilized_
    clinically definable examples which delineate your viewport.

        ...but I always make an exception for sarcasm!

    or, as I have said before:

    "Profanity is a crutch for inarticulate motherfuckers.
      but profanity is occasionally condonable as enlightened punctuation."
            --attila

    of course,

        "Violence is the last refuge of the incompetent."
                --Isaac Asimov


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp4DN704kQrCC2kFAQGknAQAuC9PsS2HkXVp0ZdVjd3clWXn7P4F16RQ
oHK6TDeWpUs1+ZxEoP6rSyyPjBOT/nJv4yi/uRu8wkIdLEyvb/JCHu/jWSnobr3C
H74oCh9O1UOMMmFxJ4/UrJB1MCb0ZyN9EqlAFYdz0kGdW7MP9R0dkzl7LLalokhT
TP1jEd6gnXs=
=d/cZ
-----END PGP SIGNATURE-----

--
  without arms they do not resist; 
    without communication they know not what to resist.
        -attila





From dlv at bwalk.dm.com  Thu Nov 28 15:10:10 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 15:10:10 -0800 (PST)
Subject: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199611281454.PAA12144@digicash.com>
Message-ID: <N3i5XD21w165w@bwalk.dm.com>


Bryce <bryce at digicash.com> writes:
> The Meta-Rule:  It's John Gilmore's virtual house.  He is the
> sole owner of the computer (toad.com) that hosts cypherpunks
> and the sole authority over what the users of that computer
> (you) can do with it.

Since John Gilmore and his sexual preferences are discussed so much on
this mailing list, you really should say a few more words about him.

Like, mention that John is a liar and a content-based censor.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From steve at edmweb.com  Thu Nov 28 16:27:33 1996
From: steve at edmweb.com (Steve Reid)
Date: Thu, 28 Nov 1996 16:27:33 -0800 (PST)
Subject: Is /dev/random good enough to generate one-time pads?
Message-ID: <Pine.BSF.3.91.961128153422.182A-100000@bitbucket.edmweb.com>


> > Subj sez it all.
> Yes, as a matter of fact it is.  /dev/random is based on an entropy pool
> taken from hardware interrupts and such, thus is a RNG, not a PRNG

I expect it would be "good enough", but it is not _perfectly_ random, and 
so it wouldn't be a true one-time pad.

Because it uses MD5, the bits are not all provably independent. You get 
(very strong) cryptographic security instead of perfect security.

The one-time pad is easy to explain in theory, but implementing it
perfectly is extremely difficult. Many people believe that quantum events
are the only source of perfect randomness, but most methods for harvesting
that randomness could introduce statistical properties. For example, a
radioactive substance may have exactly a 50% chance of emitting a particle
given a certain amount of time, but what happens if your timer isn't
perfect? 

One-way hashes are good at removing such obvious and not-so-obvious
statistical properties, but like a PRNG, you can't prove that the bits it
produces are all completely independent. It's definately "good enough",
but it's not perfect. 






From lucifer at dhp.com  Thu Nov 28 17:02:48 1996
From: lucifer at dhp.com (Anonymous)
Date: Thu, 28 Nov 1996 17:02:48 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <9611281907.aa27702@gonzo.ben.algroup.co.uk>
Message-ID: <199611290102.UAA13822@dhp.com>


> From: Ben Laurie <ben at gonzo.ben.algroup.co.uk>
> 
> I think I would discuss this with the author before going public, to give
> him the usual opportunity to clean up before all hell breaks loose. However,
> that is what I'd call "work" rather than "fun", so I'd want paying for it.

Translation:  You don't really know what you are talking about.

> My impression is that Eric is more interested in speed and functionality than
> strict security (and considering the incredible vulnerability that is more or
> less inherent in an SSL implementation, I feel the same). I could be wrong, of
> course.

How is any security hole inherent in an SSL implementation?  The
protocol itself may not give you everything you need, but regardless
of whether or not the protocol is useable for any given task (or any
task at all), nothing precludes a secure implementation.






From dthorn at gte.net  Thu Nov 28 17:14:38 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 17:14:38 -0800 (PST)
Subject: IQ and age
In-Reply-To: <9610288492.AA849213618@smtplink.alis.ca>
Message-ID: <329E38E2.4585@gte.net>


jbugden at smtplink.alis.ca wrote:
> Clay Olbon II <olbon at ix.netcom.com> wrote:
> >Seriously, you ignore the correlation between performance in college and
> >standardized test scores.  There is a reason these are used in admissions - they
> >are actually pretty good predictors of the ability to perform college level
> >work.

> This is a commonly held fiction that is not supported by the evidence. As stated
> in another message, the infomration given out by ETS, who administer the GMAT
> and SAT, indicate that there is a low correlation between GMAT scores and
> successful completion of even first year education programs. This also ignores
> the issue of why other, better, widely available predictors are not used
> instead.

> >Oh, I forgot.  Only certain racial/ethnic groups are capable of understanding
> >basic mathematical concepts. <

> There was a good Scientific American article on cultural influences on learning
> within the last year or two. It examined Asian groups noted achievements in
> tests and the parental and cultural support for scholastic achievement.
> Another anecdotal example is in the opening chapters of "Surely You're Joking,
> Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
> vivant. He describes how his mother introduced a doctor, a general and a
> professor with the same respectful tones indicating to him that a career in
> academia was as highly valued as any other high position in society.

Speaking of Feynman (who was not only a scientific genius, but was rather
shrewd in his personal judgements as well), when approached by David Lifton
(I believe) on the subject of the sudden large-volume displacement of JFK's
upper torso in the fatal head shot, Feynman found a subtle inconsistency
in the frames of the film, and thereby excused himself from rendering an
opinion.

For comparison, when Allen Dulles was confronted directly with the same
evidence, he said "I don't see any backward movement".






From haystack at cow.net  Thu Nov 28 18:02:13 1996
From: haystack at cow.net (Bovine Remailer)
Date: Thu, 28 Nov 1996 18:02:13 -0800 (PST)
Subject: No Subject
Message-ID: <9611290148.AA16350@cow.net>


On Thu, 28 Nov 1996 jbugden at smtplink.alis.ca wrote:

> Another anecdotal example is in the opening chapters of "Surely You're Joking,
> Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
> vivant. He describes how his mother introduced a doctor, a general and a
> professor with the same respectful tones indicating to him that a career in
> academia was as highly valued as any other high position in society.

Your lower middle class slip is showing.







From guyb at ionia-mi.net  Thu Nov 28 18:09:29 1996
From: guyb at ionia-mi.net (Guy Buckingham)
Date: Thu, 28 Nov 1996 18:09:29 -0800 (PST)
Subject: IQ and age
In-Reply-To: <3.0.32.19961128064857.006aec20@mail.tcbi.com>
Message-ID: <329DC888.7B7F@ionia-mi.net>


Lurker wrote:
> 
> At 10:47 PM 11/27/96 -0600, Igor Chudov @ home wrote:
> >Dale Thorn wrote:
> >> The biggest influence on IQ are the so-called "engrams" (fears, super-
> >> stitions, anxieties, etc.) planted in your brain early in life.
> >>
> >> Some of this can be overcome with mental exercise, and awareness of what
> >> negative influences are holding you back.  Much easier said than done!
> >>
> >> IQ as they attempt to measure it can probably be most easily explained
> >> as pattern matching skills. Unfortunately for testing, and although you
> >> can be every bit as intelligent at 70 as at 10, your pattern-matching
> >> skills change and evolve over time, so any given tests will only apply
> >> (more or less) at the age group they are optimized for.
> >>
> >
> >Would you dismiss strong correlations between IQ and success in life
> >and academia as something irrelevant?
> >
> 
> I would.  If you look at who has the oppertunities to go college you will
> note that those who are good at taking tests (SAT, ACT, or IQ) are those
> who get to go.  You will also note that money also breeds success, or can
> someone give me an argument for the fact that there are more rich kids
> going to Harvard, Yale, Stanford, and the like than poor kids. (These
> schools almost gaurentee success.)
> 
> If you want to find a correlation look for it in money not tests.  And if
> you are insistant on finding it in tests, ask why the scores are as they
> are (was the test written to the advantage of one group over another or can
> one group buy the "A" with special courses which teach the skills needed to
> score high.)

     I can understand a person's interest in IQ, but if anyone has been
reading the "stuff" posted lately beware that an enormous amount of it
has been wrong.  As an example it used to be that IQs were a ratio
between you chronological and developmental age, but that only works for
people up to the age of 16, using the first tests used to measure
inteligence quotients.  Think about it.  If this ratio was always the
case, as implied, a person would always have to score higher as they got
older in order to maintain the same IQ.  Take a test and you'd know this
was not possible.  As another example "engrams" in pyschology, really
not mainstream pyschology, actually refer to a concept in The Church of
Scientology or an episode of Star Trek.  I think what is being mentioned
is really so-called "crystalline intelligence".  

     These are just some examples.  I am not writing this as a rant;
just don't want the spread of "misinformation".  If someone would like
more authoritative information I could help.  I am not an expert in the
field, but do teach it.





From dthorn at gte.net  Thu Nov 28 19:24:49 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 19:24:49 -0800 (PST)
Subject: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199611281454.PAA12144@digicash.com>
Message-ID: <329E4432.4D93@gte.net>


Bryce wrote:
> Here is a document I just hacked.  I am breaking several of the Rules
> by posting it, since I am not actually subscribed to cypherpunks
> right now.
> Welcome to the cypherpunks mailing list!  Starting now, you will
> receive hundreds of email letters every week on the subject of
> privacy and social change in an age of cryptographic networks.

[snip]

> I.  Etiquette -- The House Rules At The Virtual Cypherpunks Party
> The Meta-Rule:  It's John Gilmore's virtual house.  He is the
> sole owner of the computer (toad.com) that hosts cypherpunks
> and the sole authority over what the users of that computer
> (you) can do with it.

[mo' snip]

Ordinarily, I'd leave this post alone, but I really hate it when people
twist ideas for their own philosophical purposes.  To whit: "John is the
sole authority over what the users of his computer can do with his
computer" (quote approximate).

I don't *do* anything with *his* computer. I send email into the ether
with an address on it, and he picks it up at his discretion and does
what he wants with it.  I am in no way involved in that process, and I
do not share *any* responsibility for how he handles the email. As far
as his authority goes, I've been subscribed for several months now, and
I don't recall a single statement by Gilmore himself as to what this
"authority" thing means.  But then, why should he, and why should you?
It's patently obvious to anyone with a brain, and we don't need some
authoritarian boot-licking computer-bureaucrat telling us how it is.







From dthorn at gte.net  Thu Nov 28 19:24:51 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 19:24:51 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <199611271638.KAA30991@mailhub.amaranth.com>
Message-ID: <329E55E4.21D0@gte.net>


William H. Geiger III wrote:
>    at 12:18 PM, jc105558 at spruce.hsu.edu said:

[snippo]

> socialist/communist are theifs; plain & simple. They beleive they have the
> right to steal from one to give to another.
> capitalists beleive in an exchange in property/services at a rate the
> market will bare.
> socialists example: You have somthing I want/need & I am going to take it
> from you.
> capitalists example: You have somthing I want/need what can I give you in
> exchange.
> socialism uses FORCE to take what it wants while the capitilism you have a
> free & volintary exchange.

Close, but the cigar doesn't burn long enough.  Capitalism, as said by
one who knows, is as much an enemy (well, almost) of Free Enterprise as
is Socialism, due to Capitalism rewarding monopolies as they do, with
their Golden Parachutes et al discouraging real investment on the part
of most corporate "leaders".

Just don't confuse "Free Trade" with "Free Enterprise".






From dthorn at gte.net  Thu Nov 28 19:24:56 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 19:24:56 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <Pine.LNX.3.95.961127123103.550D-100000@kinch.ark.com>
Message-ID: <329E4B60.5FDD@gte.net>


Dave Kinchlea wrote:
> On Wed, 27 Nov 1996, Clay Olbon II wrote:
> > The average welfare benefit (including food stamps, medicaid, and all the
> > other myriad programs) is $10/hr.  Compare to a minimum wage of $5/hr.
> > Offer most welfare recipients a minimum wage job and they will laugh in your
> > face.  (In fact, here in Michigan most employers are already paying several
> > $$ above minimum wage, and often these jobs are unfilled).

> I am not in a position to argue with you, I simply don't have the facts.
> My question is, do You? can you cite where this figure came from, it
> sounds like Republican rhetoric to me. Of course, I will point out, that
> minimum wage is simply not enough to feed a family. It is (or at least
> it should be) reserved for single folks just starting out.

[snip]

Sorry for the extra mail, but I couldn't resist.  At age 12, in a family
of 7, my father lost his salaried job at Goodyear corporate HQ, and we
went on welfare for awhile.  I can tell you for a fact that both then and
now, welfare is worth *more* than $10/hour, if you have a family.

We not only got lots of food free from the govt. food warehouse, but they
took care of the other annoyances to some extent.  Some help was county
welfare, some federal.  Then, when my father didn't go back to the gravy
job, my mother got a good job with (you guessed it) the county welfare
dept., got a good supervisor position, and has retired with a nice pension.

Today I'm a well-paid computer programmer, and yet once again I'm on the
receiving end of welfare benefits (you would not believe how many there
are) in a round-about way, which I can't explain for obvious reasons.

Problem is, even though I can see billions going to people who don't need
the money, I can't think of a solution that could be evaluated as *fair*
by the people who pay for the system.  To suggest that we could support
people only when they *really* need the help would be to suggest what,
bread lines, maybe, instead of a check in the mailbox every so often?







From dthorn at gte.net  Thu Nov 28 19:25:08 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 19:25:08 -0800 (PST)
Subject: Anon
In-Reply-To: <199611281629.LAA21815@homeport.org>
Message-ID: <329E3E80.6CB6@gte.net>


Adam Shostack wrote:
> Brin's argument has two ideas that I find annoying.  One is that the
> changes he forsees are inevitable, the other is that security
> is not about economics.
> The idea that universal surveillance is inevitable is based on
> the assumption that everyone lives in a city, and the technologies of
> spying can be cheaply deployed.  A good deal of privacy can be
> obtained by moving a small or large distance away.  Monitoring
> technology is not cheap.  When it is cheap, the network links to
> connect it all will still be expensive.  (etc.  The economics of a
> surveillance state lead to something in the mix, people, cameras,
> policemen to make arrests etc, being expensive.)

[snippo]

The rich, whether living alone or in an enclave, will have security
technology several generations behind Big Brother.  But then, Big Bro'
is not just one agency.  The NSA will be able to monitor the rich 100%
no matter what they do, whereas the FBI (in 1996 for example) will not
be so well equipped.

As far as the unit cost of surveillance goes, it's cheaper every day.
Hard disk (and other storage) space is way, way up per dollar, processing
speeds and I/O are improving greatly per dollar, and the type of custom
database software and O/S employed by the top surveillance pros is not
at all analogous to the stuff most people use on Unix, DOS, or other
common small computer systems.  I did some pioneer work in high-speed
database work, and the software makes a BIG difference in unit cost of
surveillance.

Sometimes, when ordinary controls don't work because specific groups of
people put up more than the normal amount of resistance, stronger measures
are employed to counter the resistance, i.e., Willie Williams bombing the
Move neighborhood in Philly, Reno burning down the Waco "compound", or
W.T. "Burn-'em" Sherman making his point in Georgia (USA).







From adam at homeport.org  Thu Nov 28 19:40:01 1996
From: adam at homeport.org (Adam Shostack)
Date: Thu, 28 Nov 1996 19:40:01 -0800 (PST)
Subject: Anon
In-Reply-To: <329E3E80.6CB6@gte.net>
Message-ID: <199611290336.WAA23956@homeport.org>


Dale Thorn wrote:
| Adam Shostack wrote:
| > Brin's argument has two ideas that I find annoying.  One is that the
| > changes he forsees are inevitable, the other is that security
| > is not about economics.
| > The idea that universal surveillance is inevitable is based on
| > the assumption that everyone lives in a city, and the technologies of
| > spying can be cheaply deployed.  A good deal of privacy can be
| > obtained by moving a small or large distance away.  Monitoring
| > technology is not cheap.  When it is cheap, the network links to
| > connect it all will still be expensive.  (etc.  The economics of a
| > surveillance state lead to something in the mix, people, cameras,
| > policemen to make arrests etc, being expensive.)

| As far as the unit cost of surveillance goes, it's cheaper every day.
| Hard disk (and other storage) space is way, way up per dollar, processing
| speeds and I/O are improving greatly per dollar, and the type of custom
| database software and O/S employed by the top surveillance pros is not
| at all analogous to the stuff most people use on Unix, DOS, or other
| common small computer systems.  I did some pioneer work in high-speed
| database work, and the software makes a BIG difference in unit cost of
| surveillance.

	Could you give me a cost estimate for keeping video of the
last 10 minutes of 250 million lives?  This is essentially one of
Brin's suggestions, and it strikes me as astoundingly pricey, even if
you just consider the cost of cameras, fiber, switches, and vcrs, and
ignore the problem of deciding what tape to keep.

	Some back of the envelope leads me to over a trillion,
figuring that a second of video takes 10kb, and disk costs about
$50/mb.  250m cameras at $40 each, fiber connections at $400 each,
etc.

Adam

-- 
"Pretty soon, you're talking about real money."







From deviant at pooh-corner.com  Thu Nov 28 20:24:08 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Thu, 28 Nov 1996 20:24:08 -0800 (PST)
Subject: Is /dev/random good enough to generate one-time pads?
In-Reply-To: <Pine.BSF.3.91.961128153422.182A-100000@bitbucket.edmweb.com>
Message-ID: <Pine.LNX.3.94.961129041858.1139C-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 28 Nov 1996, Steve Reid wrote:

> > > Subj sez it all.
> > Yes, as a matter of fact it is.  /dev/random is based on an entropy pool
> > taken from hardware interrupts and such, thus is a RNG, not a PRNG
> 
> I expect it would be "good enough", but it is not _perfectly_ random, and 
> so it wouldn't be a true one-time pad.
> 
> Because it uses MD5, the bits are not all provably independent. You get 
> (very strong) cryptographic security instead of perfect security.
> 
> The one-time pad is easy to explain in theory, but implementing it
> perfectly is extremely difficult. Many people believe that quantum events
> are the only source of perfect randomness, but most methods for harvesting
> that randomness could introduce statistical properties. For example, a
> radioactive substance may have exactly a 50% chance of emitting a particle
> given a certain amount of time, but what happens if your timer isn't
> perfect? 
> 
> One-way hashes are good at removing such obvious and not-so-obvious
> statistical properties, but like a PRNG, you can't prove that the bits it
> produces are all completely independent. It's definately "good enough",
> but it's not perfect. 

One the same note, I must say that implimentation of OTP perfectly is
impossible; you can _never_ prove you have truly random numbers.  The
point is that if the numbers are reasonably independant of each other (i
know -- sortof a contradiction) then they are, as you said, good enough.

The real problem with OTP is still key exchange ;)

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

All extremists should be taken out and shot.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp5lHzCdEh3oIPAVAQEFxQf9EYQtOcxuNCyHE0VN309pT4ZqHiOCmDHK
+rxy6/M9EDJSywJTd7GC/cVwenHBiR7PjSpJ4tWxTvRrcM58BcF6x0BqSioDpUCj
MBOW+SqYSRtUSEdvdNwdrqKfbZbOQK9dkZ9Dznczj5OKacUJKHdb1A1bfPQPDMh8
1YaOUXTHlcXqX6bOMZ+4Jt2JT8A7dI2EJUxuWIwF3nDyaLW7m8qi5w6k1090Y/3x
4lQinZQIcGZ57J57UP+JfzssbM5RnbVgJTxT+VSVf9QrxrHmZfQTJo0uJ2qC0NwS
LPaNT8eQ6MEWdFJMEI4bGNMWec4yw/3UhKHhAPVkT51Teap3DzIeAQ==
=tx76
-----END PGP SIGNATURE-----






From dlv at bwalk.dm.com  Thu Nov 28 20:40:19 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 20:40:19 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <199611281834.MAA00656@manifold.algebra.com>
Message-ID: <0315XD25w165w@bwalk.dm.com>


ichudov at algebra.com (Igor Chudov @ home) writes:

> Dr.Dimitri Vulis KOTM wrote:
> >
> > Why do you think I don't discuss my work on this mailing list?
> >
>
> Lemme take a guess, there is probably a good number of people
> who have a genuine interest as to where you work.

My Ph.D. thesis is avaiable from UMI. I doubt that anyone subscribed to this
mailing list has enough clue to understand any of it. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Thu Nov 28 20:42:00 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Thu, 28 Nov 1996 20:42:00 -0800 (PST)
Subject: IQ and age
In-Reply-To: <329E38E2.4585@gte.net>
Message-ID: <cL15XD24w165w@bwalk.dm.com>


Dale Thorn <dthorn at gte.net> writes:
> Speaking of Feynman (who was not only a scientific genius, but was rather
> shrewd in his personal judgements as well), when approached by David Lifton
> (I believe) on the subject of the sudden large-volume displacement of JFK's
> upper torso in the fatal head shot, Feynman found a subtle inconsistency
> in the frames of the film, and thereby excused himself from rendering an
> opinion.

Hi Dale,

The Kennedy motherfucker deserved to die. Whoever shot him did the right thing.

Joe Kennedy was a murderous bootlegger gangster who bought the presidency for
his kid. The French did a great job exterminating their aristos during the
Revolution. So did the Russians. That's what this country needs.

Who cares who shot Kennedy as long as he aimed well. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From kkoller at panix.com  Thu Nov 28 21:00:05 1996
From: kkoller at panix.com (captain.sarcastic)
Date: Thu, 28 Nov 1996 21:00:05 -0800 (PST)
Subject: desecration
Message-ID: <199611290459.XAA06828@panix.com>


http://www.christiangallery.com/digest.html





From dsmith at prairienet.org  Thu Nov 28 21:39:59 1996
From: dsmith at prairienet.org (David E. Smith)
Date: Thu, 28 Nov 1996 21:39:59 -0800 (PST)
Subject: First Contact
Message-ID: <199611290539.XAA16366@cdale3.midwest.net>


-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: allyn at allyn.com, cypherpunks at toad.com
Date: Thu Nov 28 23:40:50 1996
> I think that the character Data uses either PGP or some
> sort of crypto system to lock up the ship's computer.
The term used is "fractal cypher."  It's not a terribly
significant plot point IMO (although, for longtime fans
of ST:TNG, there is some juicy humor with Data and the
Borg "Queen" when she tries some, er, unconventional
tactics to try to get him to reveal it.)

> At least if you spend any reasonable time here in 
> cypherpunks, coderpunks, or other crypto related
> areas, you should recognise what he uses. 
AFAIK the "fractal cypher" is just a couple of clever
technobabble words thrown together for effect.

> I have not seen seen it; I am guessing that maybe
> they are using something to excite the juices of
> us Internet folks.
If they are, they're not doing a good job.  :)

> Mark
dave

- ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702
dsmith at prairienet.org        http://www.prairienet.org/~dsmith
send mail with subject of "send pgp-key" for my PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp53b3EZTZHwCEpFAQHZQQf9HCh0nR44oSTGZDYCeElkqUfSUX759F2M
WoUCuJ10EGO6L1euUiwpyg1eBcgicscOliwf0KNYMSdwj2hfAp/gXhWUR8o0XydU
NvnCrOSu2iTvvkzZixB4uuIhKUB8z5Rfzv2Sz0EHWK2XKcBvRhht96uKR7mi+wIg
QSfBgdx+RVFIVbFCIA6PWJ3NhRU6p/c+5ptm0fVAJOJJ4uHWswP58l3aimI6Ormu
TrxEgFs+BezsqvJLNw3ZcAWCYSkOUKJiCC//w/e210RBEJKZOgiht7sSUTJqQDsx
6Z7mnU0hPfOE2Eco+b0zL4U/B7xskUX22OCuDlcsgLsoK1kggsZgjw==
=ciV0
-----END PGP SIGNATURE-----






From dthorn at gte.net  Thu Nov 28 21:43:01 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 21:43:01 -0800 (PST)
Subject: SMTP import error #-5
In-Reply-To: <199611290354.VAA07416@mail.gte.net>
Message-ID: <329E77D3.6B31@gte.net>


No Alias Created wrote:
> Igor Chudov @ home wrote:
> > Dale Thorn wrote:
> > > The biggest influence on IQ are the so-called "engrams" (fears, super-
> > > stitions, anxieties, etc.) planted in your brain early in life.
> > > Some of this can be overcome with mental exercise, and awareness of what
> > > negative influences are holding you back.  Much easier said than done!
> > > IQ as they attempt to measure it can probably be most easily explained
> > > as pattern matching skills. Unfortunately for testing, and although you
> > > can be every bit as intelligent at 70 as at 10, your pattern-matching
> > > skills change and evolve over time, so any given tests will only apply
> > > (more or less) at the age group they are optimized for.
> 
> > Would you dismiss strong correlations between IQ and success in life
> > and academia as something irrelevant?
> 
> Not at all, and I think you could make some interesting equations out of
> this if you wanted to spend the time.
> 
> Factors for raw intelligence, i.e., pattern matching skills.
> Factors for aggressiveness, assertiveness, self-confidence, etc.
> Factors for manipulative ability (to manipulate people, etc.).  I don't
> know how to properly categorize this last item, but perhaps a professional
> psychologist would.
> 
> In sum, I think you could observe successful people and establish most
> of the relevant factors, but be aware - if you are not an insider in
> several of these "success circles", you might miss one or more key
> factors, particularly those that would be denied by successful people,
> such as willingness to do things people don't like to talk about openly.

Another new error message!  Seems like a new one every couple days now.






From dthorn at gte.net  Thu Nov 28 21:46:35 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 21:46:35 -0800 (PST)
Subject: SMTP import error #-5
In-Reply-To: <199611290354.VAA07568@mail.gte.net>
Message-ID: <329E7897.3454@gte.net>


No Alias Created wrote:
> Dr.Dimitri Vulis KOTM wrote:
> > Ernest Hua <hua at chromatic.com> writes:
> > > McNeil & Lehear (sp?)  (ok, I know, one of them is gone, but I forgot
> > > which) News Hour had a segment on crypto policy.  Generally a balanced
> > > non-technical report, except that there is no mention of the free
> > > speech issue.

> > Do you think they should have mentioned that cypherpunks are against free
> > speech and that John Gilmore (spit) is a liar and a content-based censor?
> > Gilmore is irrelevant and not worth mentioning.

> BTW, there's an excellent picture in the Public Domain showing Robert
> McNeil (sp?) looking over the fence on the grassy knoll, seconds after
> they blew off the president's head.  I guess ol' Bob musta been one of
> those "extremely few, ignorant, stupid people" who thought shots may
> have come from somewhere besides the depository (per O.C. Register).

Another new error message!  Seems like every other day now.






From dthorn at gte.net  Thu Nov 28 21:49:02 1996
From: dthorn at gte.net (Dale Thorn)
Date: Thu, 28 Nov 1996 21:49:02 -0800 (PST)
Subject: SMTP import error #-5
In-Reply-To: <199611290354.VAA07486@mail.gte.net>
Message-ID: <329E7933.3043@gte.net>


No Alias Created wrote:
> Ernest Hua wrote:
> > > > It is truly counter-productive to insist on conspiracy theories and
> > > > anti-government rhetoric.  Sure, there have been conspiracies in the
> > > > past.  Sure, there have been more than our fair share of atrocities.
> 
> [mucho snippo]
> 
> The danger in conspiracy theories (and you can check the L.A. Times for
> verification of this) is that they are often tied in to anti-Semitism
> and other forms of racism, and/or provide an excuse to....
> 
> The fact is, though, that only government possesses the power to ruin the
> lives of masses of people, which they have often done, even in this century.
> Anyone who says "the conspiracies aren't true" and "anti-government rhetoric
> is automatically bad", etc. is just sticking their head in the sand.
> 
> The militias are a necessary correction to government excess, however
> negative the implications of militia power might be.
> 
> As far as the difficulty in creating the infrastructure to monitor every-
> one, well, it exists and is growing by the minute.  All "they" have to do
> is listen in, and have smart programs to sort out what they want to look
> at (which they certainly do).  Think of it as a percentage deal.  The
> people the govt. most want to monitor are the ones who are the most
> active in their travel and communication, therefore, it greatly reduces
> the monitoring load.

Another new error message.  Every other day, a new error.  Who's doing
this?






From cman at c2.net  Thu Nov 28 21:49:45 1996
From: cman at c2.net (Doug Barnes)
Date: Thu, 28 Nov 1996 21:49:45 -0800 (PST)
Subject: Anon
In-Reply-To: <199611281629.LAA21815@homeport.org>
Message-ID: <199611290549.VAA09766@atropos.c2.org>


> Hal Finney wrote:
> | As I mentioned a couple of days ago, science fiction writer David Brin
> | has an argument against not only anonymity, but _privacy_ as well.
> | Where cypherpunks tend to think of privacy as both beneficial and
> | inevitable, Brin sees it as harmful and doomed.  He has an article in
> | the December 1996 issue of Wired discussing his ideas.
> | 
> | BTW cypherpunk Doug Barnes is also quoted several times in the long
> | article in that issue by Neal Stephenson (Snow Crash, The Diamond Age)
> | about the undersea cables that carry most transnational information
> | traffic.
> | 
> | Hal
> | 
> 
> 

Our December Wired has yet to put in its appearance, so I haven't
had a chance to read it yet, except for a quick scan of Neal's
article (at Fry's) to make sure the intrepid editors at Wired hadn't 
screwed up my quotes. I did, however, review some notes on this subject 
that David Brin gave to Steve Jackson, back when Steve and I were 
working on IO.COM a couple years ago. 

There are many arguments against David's position; let's grant the
possibility of near-perfect surveilance if it has popular support
(which is pretty dubious, but has been addressed by others), and
see what arguments remain:

1) I would conjecture that popular approval would make or break
   this kind of system. It's amazing what kind of spontaneous civil
   disobedience can spring up once there's a critical mass of 
   distaste for something like this.

   (Taiwan story warning...) This reminds me of the pirate cable
   TV wars, which hit their peak during my stay there -- essentially,
   the government had outlawed cable TV altogether, mostly because
   they controlled most of the existing media outlets, and didn't
   believe the citizen-units needed more than what they had. Various
   entrepreneurs began wiring Taipei for cable -- sloppy, ad-hoc
   cable lays that were strung from building to building. The gov't
   would come and cut the cables; new cables would be laid. People
   paid their cable bills, but could never quite manage to identify
   the cable installer when the government came around asking. 
   Programming consisted of a van with a bunch of VCRs and a small
   satellite dish, that would plug into the network at various places.
   It go to the point where in some areas there was so much cable, it
   was tricky to figure out which were the old ones and which were
   the new. Eventually, the government gave up and licensed some
   cable operators.

   One could very much see this sort of thing working in reverse.

2) At the moment in this country, we're seeing civil liberties in
   general being rolled back because right now most people are 
   more afraid of crime that they're afraid of the government. This
   was not always the case, and it's unlikely to remain the case.
   We're essentially losing these liberties because people have MTV-
   attention spans, the media is complacent, and, frankly, the
   government hasn't done enough awful things recently enough, to 
   enough different kinds of people to provoke general disquiet. 

   Give it time, and a few more Wacos.

3) I would argue that perfect surveilance lives in the same realm
   of Platonic ideals as "chairness" and "perfect security."  So
   there are going to be some exceptions, and some flaws.

   Now, given this less-than-perfect surveilance state, that is, 
   surveilance is easier than privacy; a few people can have some
   privacy, but it's really expensive and requires spending some
   multiple of what opponents spend on surveilance (this is the
   opposite of how things are now, but humor me.) Who is going to
   have this privacy? What are they going to do with it? What is
   the public reaction going to be to the abuses that grow out
   of this? My guess is that large governments and large corporations
   will have this privacy (a matter of national security, etc.)
   and will eventually succumb to temptation and use it to perpetrate 
   various nasty things on the general populace while keeping 
   themselves in power.

   Full knowledge != full wisdom. Also, in time, all monopolists get
   complacent and stupid.

4) Assuming that enough people get riled up, see #1. If the 
   state of affairs can be reversed, folks will try to reverse it;
   if not, it's been nice knowing you, citizen-units.

Contrast this to what happens against a backdrop of privacy; it's
possible for much smaller entities to take larger entities (such
as governments or large corporations) by surprise, to outmaneuver
them, swarm over them, and pull them down. (I can't seem to
shake the image of primitive hunters going for a mastodon, here...)
It helps prevent the perpetuation of especially dense concentrations
of wealth & power, it allows markets to function properly, and 
enables folks to plot against tyrannical governments. 

In Brin's world, how does the little startup protect its technology
from Microsoft?

In Brin's world, how does a new political party campaign against the 
unscrupulous incumbents, who have access to the tiny bit of remaining 
privacy, while they have none?

In Brin's world, how does a Christian in Iran avoid that knock on
the door?

Some things to think about.

Doug

PS -- DO read Neal Stephenson's article in the same Wired; it's 
      a bit boosterish, but it's the funniest tract on fiber
      optic cable you'll ever read. It gives a good idea of
      where things are headed (deregulation, disintermediation 
      of cable laying services, cable as speculative investment
      as opposed to guaranteed utility, etc.). I'd argue things
      aren't headed that way as quickly as Neal indicates, but
      certainly where FLAG is landing, it's acting as a catalyst
      for change of this sort.

PPS -- Does anyone know why Fry's gets Wired _weeks_ before actual
       subscribers?






From ichudov at algebra.com  Thu Nov 28 23:06:41 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Thu, 28 Nov 1996 23:06:41 -0800 (PST)
Subject: Anon
In-Reply-To: <199611290336.WAA23956@homeport.org>
Message-ID: <199611290626.AAA03912@manifold.algebra.com>


Adam Shostack wrote:
> 	Could you give me a cost estimate for keeping video of the
> last 10 minutes of 250 million lives?  This is essentially one of
> Brin's suggestions, and it strikes me as astoundingly pricey, even if
> you just consider the cost of cameras, fiber, switches, and vcrs, and
> ignore the problem of deciding what tape to keep.
> 
> 	Some back of the envelope leads me to over a trillion,
> figuring that a second of video takes 10kb, and disk costs about
> $50/mb.  250m cameras at $40 each, fiber connections at $400 each,
> etc.

That's 50 CENTS per megabyte, but actually it is twice less than that.

My calculation (storage costs only, assume 10kb/sec/person):

6000KB * 0.25c/MB * 2.5E8 = 375 million.

Good money, but not even close to your number.

Also, storing data on optical disks is about $20/600MB, which is only
three cents per megabyte -- ten times less than above.

Even though this is storage media cost alone, 37.5 million surely 
sounds like a reasonable number -- it is 15 cents per person, or
90 cents per hour, or $22.6 per day per person. A little steep, but after
several years this cost may decline tenfold.

Of course my rough calculation missed a lot of important expenses.

	- Igor.





From jimbell at pacifier.com  Thu Nov 28 23:07:06 1996
From: jimbell at pacifier.com (jim bell)
Date: Thu, 28 Nov 1996 23:07:06 -0800 (PST)
Subject: market for hardware RNG?
Message-ID: <199611290706.XAA01029@mail.pacifier.com>


At 12:12 PM 11/26/96 +0000, Matthew J. Miszewski wrote:

>> 2.  Users of programs like PGP today already get at least a fairly decent 
>> RNG already.  Would they want better?  (I'm not suggesting a total 
>> replacement; I assume that the output of any hardware RNG would be hashed 
>> with more "traditional" PC sources, like disk timings, keyboard timings, 
>> etc, which should deter attempts to attack just the hardware part.)
>
>Why would you hash good RNG output? 

Re-read (read?) Applied Cryptography.  Hardware RNG's contain biases, even 
though they may only be tiny ones.  For example, a RNG based on radioactive 
decay and a geiger counter has a certain minimum "dead time" between decays 
that introduces a slight bias.  Most electronic circuits naively intended to 
generate random numbers contain similar biases.  If I build a device to 
generate ones and zeroes based on electronic noise, I must assume that there 
there will be some non-randomness in the output, however small.  This is 
somewhat equivalent to saying that there is somewhat less than 1.000000 bit 
of entropy in each bit of the RNG output.  If I recall correctly, a data 
stream with 0.5 bits of entropy per bit might be one that contains 
uncorrelated bits which are "0" 3/4s of the time, "1" 1/4 of the time.  

Fortunately, as I recall it is possible to, in effect, "distill" the 
randomness of the sample using hashing.  Start out with 200 bits with 0.5 
bits per bit of entropy, and you can produce 100 bits with 1.0000 bit per 
bit of entropy.  (Condensing the thing even further can't put more than 1 
bit of entropy into each bit; but what it does do is provide some margin for 
entropy sources whose biases may vary somewhat.)  The advantage, however, is 
that it is probably far easier to distinguish 0.2 bits per bit of entropy 
from 0.1 bits, compared with distinguishing 0.99 bits from 1.000 bits.  If 
you know you have at least 0.2 bits per bit, hashing down a factor of 10 
would produce a solidly random output.

If I understand the process correctly, this means that the "figure of merit" 
of any RNG should be the number of bits of randomized output it can 
successfully create per second.  100,000 bits per second of output with 0.5 
bits of entropy per bit is, therefore, better than 10,000 bits with 1.000 
bits per bit, because the former can be converted to 50,000 bits of unbiased 
output per second.  This result may not be exactly counter-intuitive, but it 
is at least NON-intuitive.   

But what this does do is to provide an opportunity:  Build a circuit that 
generates reasonably random output at 10x rate, hash it down to 1x, and you 
can be reasonably certain that the result is cryptographically random.  The 
software could monitor the input to ensure that it remains substantially 
better than needed to guarantee random output.



>I understand your desire to 
>deter hardware only attacks.  I just think it might be an 
>overreaction.  Of course mine could be an under-reaction 8-)

I think if the hardware RNG could be corrupted and that would compromise the 
security appreciably, it WOULD be compromised in important-enough 
situations.  However, adding hashing with more "traditional" sources of 
randomness would make the job futile.  Corrupting the hardware RNG device 
would merely make the system fall back to the current level of security.


>> 3.    Even hardware RNG's aren't "perfect":  they could be subverted, 
>> replaced, or perhaps influenced.  Would someone who was sufficiently 
>> sophisticated as to recognize the need for it actually accept a real, 
>> functioning device?
>
>It would have to go through rigorous testing in the crypto community. 
> RNGs v. PRNGs goes through a yearly debate here on cpunks.  There 
>have been some good discussions on the use of white noise and other 
>potential hardware sources.  Im not sure if hks is back up or not, 
>but you might look there.

Well, we have a chicken-and-egg problem.  Until a commonly-used program 
(like PGP, maybe) easily gives the public the option to include a hardware 
RNG as part of its sources of randomness, few people will be inclined to 
implement such devices and they will remain atrociously expensive...so 
nobody will buy them.


>If an independant entity could certify the product with a good 
>reputation for dedication to the community, you would get much 
>milage.  PGP, Inc. might be interested for instance.  I mean I have 
>used PGP for years but have not had the time to go through the code, 
>etc.  I trust it because Phil's reputation precedes him.

Well, with all due respect, if Phil hesitates to install a hardware random 
source link into a piece of software simply because he thinks that to do so 
puts his reputation on the line, he's placing a high hurdle in front of the 
development of good, economical hardware randomizers.  There's plenty that 
software can do to protect itself from a compromised hardware RNG; 
monitoring the biases of the input and hashing it more than adequately is a 
good start.  It should be possible to ensure that a hardware RNG can only 
improve security, not reduce it.


 
Jim Bell
jimbell at pacifier.com





From daniel at earthstar.com  Fri Nov 29 00:22:33 1996
From: daniel at earthstar.com (daniel at earthstar.com)
Date: Fri, 29 Nov 1996 00:22:33 -0800 (PST)
Subject: Buy your COMPUTER parts direct from any wholesaler!
Message-ID: <199611290822.AAA00824@toad.com>


BUY QUALITY COMPUTERS AND COMPUTER PARTS 
DIRT CHEAP!!!

YOU'RE THROWING YOUR HARD-EARNED MONEY AWAY, 
if you're not buying your computer parts direct from wholesalers, 
using my method.

Stop relying on unethical computer salesmen to sell you your computer 
and all its ancillary parts. Why pay full retail. With my method, you can 
not only PAY WHOLESALE PRICES, but your purchases will be 
TAX FREE, coming from out of state!

You could be buying computer parts for your friends, neighbors, family, 
coworkers, employers and anyone else. You choose if you add a profit 
for yourself or not.

I was the purchasing agent for over six years with a multimillion dollar 
computer company. I've been in the business for myself for the last four 
years. Believe me, I know what I'm talking about. And I'm willing to 
share my secrets, along with a list of hundreds of contacts in the 
wholesale computer business for just $4.95.

If you still need convincing, E-Mail me at daniel at earthstar.com. If 
you're already convinced that my nominal fee is well worth the fantastic 
savings you can begin enjoying on your computer parts, send $5.00
to Daniel Decker,11904 Blueway Ave. , OKC, OK 73162
Be sure and include your e-mail address

I will immediately e-mail you my secret, oh-so-easy method to getting 
wholesale costs, tax free, and the list of wholesale computer companies. 
The list includes the contact names and phone numbers that will help 
you find any part you need, from RAM chips to CD ROM burners.
I'm so confident that this information will pay for itself many times
over, I'll refund the COMPLETE purchase price if your not 100
percent satisfied. No questions asked, no hard feelings, period.

WHAT ARE YOU WAITING FOR?  The longer you wait, the more 
money you could be wasting. Contact me immediately. I'm ready to 
help you save money.

			Daniel Decker
			daniel at earthstar.com








From mixmaster at remail.obscura.com  Fri Nov 29 01:03:05 1996
From: mixmaster at remail.obscura.com (Mixmaster)
Date: Fri, 29 Nov 1996 01:03:05 -0800 (PST)
Subject: [ANNOUNCEMENT] Enigma
Message-ID: <199611290806.AAA29595@sirius.infonex.com>


Tim C[reep] May's family tree goes straight up. All of his
ancestors were siblings, to dumb to recognize each other in
the dark.

     _
    {~}
   ( V-) Tim C[reep] May
   '|Y|'
   _|||_





From ben at gonzo.ben.algroup.co.uk  Fri Nov 29 01:52:55 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Fri, 29 Nov 1996 01:52:55 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <199611290102.UAA13822@dhp.com>
Message-ID: <9611290849.aa28944@gonzo.ben.algroup.co.uk>


Anonymous wrote:
> 
> > From: Ben Laurie <ben at gonzo.ben.algroup.co.uk>
> > 
> > I think I would discuss this with the author before going public, to give
> > him the usual opportunity to clean up before all hell breaks loose. However,
> > that is what I'd call "work" rather than "fun", so I'd want paying for it.
> 
> Translation:  You don't really know what you are talking about.
> 
> > My impression is that Eric is more interested in speed and functionality than
> > strict security (and considering the incredible vulnerability that is more or
> > less inherent in an SSL implementation, I feel the same). I could be wrong, of
> > course.
> 
> How is any security hole inherent in an SSL implementation?  The
> protocol itself may not give you everything you need, but regardless
> of whether or not the protocol is useable for any given task (or any
> task at all), nothing precludes a secure implementation.

SSL requires the keying material to be available at all times. This is rather
different from many applications of cryptography, where one can keep keying
material safely locked away except when it is needed.

This is the inherent vulnerability.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From mhayes at infomatch.com  Fri Nov 29 02:02:22 1996
From: mhayes at infomatch.com (Murray Hayes)
Date: Fri, 29 Nov 1996 02:02:22 -0800 (PST)
Subject: Fwd: Re: wealth and property rights
Message-ID: <199611291002.CAA07224@infomatch.com>


On Wed, 27 Nov 1996 10:54:51 -0800 (PST), Dave Kinchlea wrote:

>On Wed, 27 Nov 1996, Clay Olbon II wrote:
>> 
>> This is provably bullshit.  Look at the HUGE numbers of people in this
>> country who make the economic decision to do nothing and go on welfare vs.
>> going to work.  Examine carefully the economic performance of the US vs the
>
>I don't know how much people get on welfare in your country but I
>suspect that it is even less than in this country (Canada). Anyone who
>truly believes that people make the `economic decision to do nothing and
>go on welfare vs. going to work' has, in my opinion, no &^%* idea what
>they are talking about. Just try to *live* on a welfare wage for a few
>months to see how silly this thought is. While there may well be a few

Hmmm, only a few years ago the Finacial Post did a report on welfare in
Ontario.  The maximum benifit package (for two adults, two children or
something like that) came to about 34 000 dollars.  YES 34 000 dollars.
Actually, the figure the Post published was wrong.  Welfare Ontario said
they were a couple of hundred dollars UNDER the true value.

Of course that isn't all in cash.  It comes as subsidies houseing, free diapers,
free baby food......  

Are you telling me that it would be hard to live on 34 grand?  I wasn't aware
that our dollar was so weak....

And then there is the B.C./Alberta fiasco.  The final check welfare recipients
get in Alberta just happens to be the exact amount it costs to buy a bus ticket 
to B.C.

The B.C. govn't gave up ALL federal funding of their welfare program to
impose a rule that required 3 months of residence before benifits would
be given.  

I don't even want to start talking about the newfys.

What it comes down to is this.  Eventually we as a society will have to
make a choice.  We will have to chose between hurting the people who
work and hurting the people who don't work.  You can't have it both ways.
IF  you MUST make the choice, who will you choose?


mhayes at infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip






From mhayes at infomatch.com  Fri Nov 29 02:16:19 1996
From: mhayes at infomatch.com (Murray Hayes)
Date: Fri, 29 Nov 1996 02:16:19 -0800 (PST)
Subject: wealth and property rights
Message-ID: <199611291016.CAA17877@infomatch.com>


On Wed, 27 Nov 1996 15:00:36 -0800 (PST), Dave Kinchlea wrote:

>On Wed, 27 Nov 1996, snow wrote:
>You are clearly an angry young man. I am sorry you have such a poor
>opinion of people, I am even more sorry if it is justified. You can
>believe me or not, but what you describe is *not* the ordinary case in
>this country. Of course, in this country we have a disgusting 10+%
>unemployment rate. Even if people DO want to work, there are no jobs.
>
>All that aside, I can tell you do not have a family if you thing that
>$6.50/hr is a living! Even accounting for the difference in our dollar,
>I would say that is barely subsistence income for a single person. Are
>we *all* not worthy of more than that?
>

Yes, there are maany angry young men in this country.  Unions prevent
young men from compeating in the market place.  Unemployment Insurance 
artificialy increases the unemployment rate by 2% (this is a figure that
many people more knowledgable than me have stated)  welfare increases
the unemployment rate by another 1%.  The Canadian Pension Plan is
out of money and yet I am still forced to contribute and for what???
Will it still exist when I retire?  Not bloody likely.

Fortunatly NAFTA has forced some of our companies to compeat or
die.  Take a look at Canadian.  Are they gone?  I didn't get to watch the
news today......

I'll bet that most of the employees would gladly take a 10% wage cut
to save to company but the union leaders won't let them vote on it.  Why?
Because they would loose power.  Look at what the govn't do.  Most of
them just contribute to the problem by offering hand outs.  They don't
need hand outs!  ONE gov't (Alberta) offered to lower the fuel taxes.


YAAAAA RALPH!!!  (Who's ecinomic reforms incidentally (sp)  was 
hearalded by the Post as a model for govn't across North America)

Cut taxes and kill the union leaders.

Sorry for siting my sources.....


mhayes at infomatch.com

It's better for us if you don't understand
It's better for me if you don't understand
                                             -Tragically Hip






From pavelk at dator3.anet.cz  Fri Nov 29 03:32:06 1996
From: pavelk at dator3.anet.cz (Pavel Korensky)
Date: Fri, 29 Nov 1996 03:32:06 -0800 (PST)
Subject: Sound card as a random number source ??
In-Reply-To: <849204012.65013.0@fatmans.demon.co.uk>
Message-ID: <199611291130.MAA00171@zenith.dator3.anet.cz>


paul at fatmans.demon.co.uk wrote:
> 
> I`m not entirely sure about the possibility of correlations in any of 
> these sources but they aren`t really a good idea because all can be 
> accessed by someone else. eg. Steal your random noise audio tape, 
> sample dolby decoded sound at the same time as you etc.

And what if I will use FM receiver, tuned on some channel where is the noise.
If the potentional attacker don't know the what channel was tuned, he is not
able to reproduce this IMHO. Of course, maybe it is possible to record the whole
spectrum to tapes, but I think that the noise will change when recorded and
played back from tape.

Bye PavelK


--
****************************************************************************
*                    Pavel Korensky (pavelk at dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************





From rodger at worldnet.att.net  Fri Nov 29 05:16:31 1996
From: rodger at worldnet.att.net (Will Rodger)
Date: Fri, 29 Nov 1996 05:16:31 -0800 (PST)
Subject: Whitehouse Releases Blueprint...
Message-ID: <3.0.32.19961129081302.006bb848@postoffice.worldnet.att.net>


At 04:08 AM 11/29/96 +0000, you wrote:

>
> Notably, the emphasis is on the needs of business, not "people."
> 
> We are in an excellent position to observe and document the process whereby
> "business" -- that is, organizations motivated primarily, if not
exclusively,
> by the desire for short-term profits accruing to vested interests -- comes
> to dominate and control a technology.  The auto and television industries
come
> to mind as two prior examples.  We are about to see the net go the same way.
> Take notes.
> 
> 			"I have to praise the administration and Ira for
>                       reaching out to the private sector for
>                       comments," Computers and Communication
>                       Industry Association President Ed Black said.
>                       "There's a great emphasis on the needs of
>                       business here."
> 
>                       Even so, privacy activists remained
>                       disappointed with many of the document's
>                       features. "This isn't anything new," said David
>                       Banisar, counsel to the Electronic Privacy and
>                       Information Center. "The privacy stuff is
>                       terrible. They say it's market driven, but
>                       markets don't work with privacy. It's like what
>                       happened with P-Trak."
> 

You bring up a point that is implied - but not explicit - in the article.
And it's a good one. Funny thing is, two of the _industry_ folks suggested
individuals probably needed to be included in the document more than they
were. Neither was keen on being quoted on the record regarding non-business
interests, of course.

Given the attitude of the folks I talked to, I suspect non-business
interests are still fairly important to the White House on this one. 

And remember: Ira Magaziner won no friends in industry with his health care
proposals a couple of years back; some folks think he's leaning in favor of
industry at least initially to make sure what happened then doesn't happen
again.

If Netizens find suggestions from the administration too heavy-handed, my
guess is there's still time to move the discussion.

Cheers.

Will Rodger
Washington Bureau Chief
Inter at ctive Week






From aba at dcs.ex.ac.uk  Fri Nov 29 05:33:30 1996
From: aba at dcs.ex.ac.uk (Adam Back)
Date: Fri, 29 Nov 1996 05:33:30 -0800 (PST)
Subject: under 80 chars to a line PLEASE!
In-Reply-To: <199611282045.OAA12565@mailhub.amaranth.com>
Message-ID: <199611270629.GAA00259@server.test.net>



William Geiger <whgiii at amaranth.com> writes:
> Dimitri Vulis <dlv at bwalk.dm.com> writes:
> >Surely someone who can't learn to format their text to 80 columns
> >(perhaps because he uses a dead operating system) has no credibility when
> >he speaks of technical things he clearly knows nothing about.
> 
> Are you incapable of turning on the word-wrap on your editor??

You may not get along with Dimitri, but in this case you are clearly
in the wrong.  If you consult any newbie FAQs for USENET, mailing
lists, netiquette, etc. you should notice that lines less than 80
chars long are recommended.

People who insist on splurging 120 char. long lines are usually poorly
read.  It just looks so disgusting as to be near unreadable on the
majority of newsreading software.  With the volume of this list, and
the fact that the cluefull actually do produce < 80 long lines, I'm
sure many just don't have the patience to read such stuff.

Retorts about how the reader should ajust their software to your
non-compliance to the accepted standards is just ridiculous.

I've also got a beef with people who produce mime encoded junk.
Things where all lines end in `=', and punctuation characters are mime
encoded.  Yuck!  Turn it off!

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`





From dlv at bwalk.dm.com  Fri Nov 29 06:00:25 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 29 Nov 1996 06:00:25 -0800 (PST)
Subject: Anon
In-Reply-To: <199611290549.VAA09766@atropos.c2.org>
Message-ID: <a5o6XD27w165w@bwalk.dm.com>


Doug Barnes <cman at c2.net> writes:
>    (Taiwan story warning...) This reminds me of the pirate cable
>    TV wars, which hit their peak during my stay there -- essentially,
>    the government had outlawed cable TV altogether, mostly because
>    they controlled most of the existing media outlets, and didn't
>    believe the citizen-units needed more than what they had. Various
>    entrepreneurs began wiring Taipei for cable -- sloppy, ad-hoc
>    cable lays that were strung from building to building. The gov't
>    would come and cut the cables; new cables would be laid. People
>    paid their cable bills, but could never quite manage to identify
>    the cable installer when the government came around asking.
>    Programming consisted of a van with a bunch of VCRs and a small
>    satellite dish, that would plug into the network at various places.
>    It go to the point where in some areas there was so much cable, it
>    was tricky to figure out which were the old ones and which were
>    the new. Eventually, the government gave up and licensed some
>    cable operators.

Now, what would the U.S. government (state or los federales) do in a similar
situation? They'd probably fine any resident found with a cable TV thousands
of dollars and if that didn't work, they'd start jailing people. Maybe even
burn a few TV viewers, a la Waco. :-)

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From jbugden at smtplink.alis.ca  Fri Nov 29 06:22:19 1996
From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca)
Date: Fri, 29 Nov 1996 06:22:19 -0800 (PST)
Subject: Your Freudian slip is showing
Message-ID: <9610298492.AA849288115@smtplink.alis.ca>



Bovine Remailer <haystack at cow.net> wrote:
>On Thu, 28 Nov 1996 jbugden at smtplink.alis.ca wrote:
>
>> Another anecdotal example is in the opening chapters of "Surely You're
Joking,
>> Mr. Feynman" by Richard Feynman, the late Caltech professor and general bon
>> vivant. He describes how his mother introduced a doctor, a general and a
>> professor with the same respectful tones indicating to him that a career in
>> academia was as highly valued as any other high position in society.
>
>Your lower middle class slip is showing.
 
Damn right! Everything I have I earned myself. I'm not some pampered child of
rich parents. My God, when I think of what my father went through when he was
growing up and what he endured to feed our family, I'm amazed that he didn't
drop dead in his tracks.
 
The fact that my granfather was a well respected municipal politician didn't
insulate them from the effects of the depression. When my father was young he
had to walk almost four miles to and from school, and it was uphill both ways.
Then when he got home he had to chop wood with a hammer. Of course he could have
used an axe, but it was usually dark by this time - they couldn't afford lights
- and he found that a miss with the hammer was less likely to cause severe leg
trauma.
 
After getting his hand crushed in a printing press as a young man and later,
after being layed off after 26 years of hard toil and loyal effort, he wasn't
bitter when he was forced to retired on a pension of $650 per year. He was proud
to have worked hard all his life and succeeded in his own small but not
completely insignificant way.
 
Look where I'm pointing, not at what I'm pointing with.
 
James









From pjb at ny.ubs.com  Fri Nov 29 07:07:14 1996
From: pjb at ny.ubs.com (pjb at ny.ubs.com)
Date: Fri, 29 Nov 1996 07:07:14 -0800 (PST)
Subject: cgi-bin vulnerability
Message-ID: <199611291506.KAA16645@sherry.ny.ubs.com>


does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
vulnerability? 

cheers,
	-paul






From paul at fatmans.demon.co.uk  Fri Nov 29 07:26:41 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Fri, 29 Nov 1996 07:26:41 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
Message-ID: <849280424.615121.0@fatmans.demon.co.uk>



> So, they feel compelled to harrass anyone who's smarter / more
> knowledgeable than they are (sometimes using the anonymous remailers) in
> an effort to drive all intelligent discussion off their "private mailing
> list", so ignoramuses like Bradley can sound like "local experts".

I think you might be missing the very succinct and subtle point that 
all you ever contributed to this list (despite your knowledge of 
cryptography) was rants about sovok jews and Tim Mays sexual 
orientation. I happen to be knowledgable about cryptography but even 
if I`m not an expert I do tend to post things that are of value and 
interest as opposed to worthless flames.


 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From ben at gonzo.ben.algroup.co.uk  Fri Nov 29 07:40:51 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Fri, 29 Nov 1996 07:40:51 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
In-Reply-To: <199611290102.UAA13822@dhp.com>
Message-ID: <9611291437.aa29729@gonzo.ben.algroup.co.uk>


Anonymous wrote:
> 
> > From: Ben Laurie <ben at gonzo.ben.algroup.co.uk>
> > 
> > I think I would discuss this with the author before going public, to give
> > him the usual opportunity to clean up before all hell breaks loose. However,
> > that is what I'd call "work" rather than "fun", so I'd want paying for it.
> 
> Translation:  You don't really know what you are talking about.

I know that personal attacks are the currency on this list, but I may as well
point out that it is precisely because I do know what I'm talking about that I
can reasonably expect to be paid to do the talking.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From gen2600 at aracnet.com  Fri Nov 29 08:21:38 1996
From: gen2600 at aracnet.com (Genocide)
Date: Fri, 29 Nov 1996 08:21:38 -0800 (PST)
Subject: First Contact
In-Reply-To: <2.2.32.19961128172612.00746164@healey.com.au>
Message-ID: <Pine.LNX.3.95.961129082137.19764A-100000@shelob.aracnet.com>


On Thu, 28 Nov 1996, Benjamin Grosman wrote:

> Is there anything in First Contact to do with Crypto at all? Just that it
> opened out here today, and I'm going to see it.

	Actually, I believe Data encrypts the main computer with a fractal
key!


Genocide
Head of the Genocide2600 Group


============================================================================
		   **Coming soon! www.Genocide2600.com!!**
        ____________________
 *---===|                  |===---*
 *---===|     Genocide     |===---*   "You have heard of me,
 *---===|       2600       |===---*    You have known what I have done,
 *---===|__________________|===---*    But if you really SEE me,
                                       You'll know your time has come."
Email:
gen2600 at aracnet.com
					   Available on the web:
Beeper: (503) 204-3606
					Http://www.aracnet.com/~gen2600


Something I've been known to babble in my sleep:

   It is by caffeine alone that I set my mind in motion.
   It is by the Mountain Dew that the thoughts acquire speed,
   the lips acquire stains, the stains become a warning.
   It is by caffeine alone that I set my mind in motion.

============================================================================







From asgaard at Cor.sos.sll.se  Fri Nov 29 08:52:33 1996
From: asgaard at Cor.sos.sll.se (Asgaard)
Date: Fri, 29 Nov 1996 08:52:33 -0800 (PST)
Subject: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <199611281454.PAA12144@digicash.com>
Message-ID: <Pine.HPP.3.91.961129170630.7957A-100000@cor.sos.sll.se>



> Rule 2:  Don't forward articles from other forums to
> cypherpunks.  We can find it ourselves the same place you did

This is not universally true. Everyone doesn't have access to
a functional News server or even to the Web, and some interesting
stuff could come from closed commercial sites etc.

But even if everyone had global access, I think there is a place for
forwarded articles on the CP list. It's a convenient way to keep
up with the happenings to passively watch on-topic items drop into
one's mailbox or to be able to request longer pieces with very few
keystrokes, jya-style. The most lazy of us will hardly even light
up our browsers for a maybe-interesting URL.

The problem is off-topic or quasi-on-topic forwards, including EPIC/EFF
kind of announcements. And all forwards would benefit from a personal
comment by the forwarder (at the beginning of the mail, NOT after the
10 screens document) where he explains what is interesting cp-wise.


Asgaard






From harmon at tenet.edu  Fri Nov 29 09:14:37 1996
From: harmon at tenet.edu (Dan Harmon)
Date: Fri, 29 Nov 1996 09:14:37 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <0315XD25w165w@bwalk.dm.com>
Message-ID: <Pine.OSF.3.91.961129111229.9065D-100000@beall.tenet.edu>


Of(spit) course(spit) you(spit) are(spit) correct(spit).

On Thu, 28 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> ichudov at algebra.com (Igor Chudov @ home) writes: 
> 
> > Dr.Dimitri Vulis KOTM wrote:
> > >
> > > Why do you think I don't discuss my work on this mailing list?
> > >
> >
> > Lemme take a guess, there is probably a good number of people
> > who have a genuine interest as to where you work.
> 
> My Ph.D. thesis is avaiable from UMI. I doubt that anyone subscribed to this
> mailing list has enough clue to understand any of it. :-)
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 





From dthorn at gte.net  Fri Nov 29 09:20:44 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 29 Nov 1996 09:20:44 -0800 (PST)
Subject: Anon
In-Reply-To: <199611290626.AAA03912@manifold.algebra.com>
Message-ID: <329F1B54.7152@gte.net>


Igor Chudov @ home wrote:
> Adam Shostack wrote:
> >       Could you give me a cost estimate for keeping video of the
> > last 10 minutes of 250 million lives?  This is essentially one of
> > Brin's suggestions, and it strikes me as astoundingly pricey, even if
> > you just consider the cost of cameras, fiber, switches, and vcrs, and
> > ignore the problem of deciding what tape to keep.
> >       Some back of the envelope leads me to over a trillion,
> > figuring that a second of video takes 10kb, and disk costs about
> > $50/mb.  250m cameras at $40 each, fiber connections at $400 each,
> > etc.

> That's 50 CENTS per megabyte, but actually it is twice less than that.
> My calculation (storage costs only, assume 10kb/sec/person):
> 6000KB * 0.25c/MB * 2.5E8 = 375 million.
> Good money, but not even close to your number.
> Also, storing data on optical disks is about $20/600MB, which is only
> three cents per megabyte -- ten times less than above.
> Even though this is storage media cost alone, 37.5 million surely
> sounds like a reasonable number -- it is 15 cents per person, or
> 90 cents per hour, or $22.6 per day per person. A little steep, but after
> several years this cost may decline tenfold.
> Of course my rough calculation missed a lot of important expenses.

The idea of keeping exhaustive real-time video on all persons is a straw-
man fallacy, I believe.  The real issue is to be able to serveil all or
nearly all persons simultaneously, then, using techniques that won't be
available to the general population for many years (if ever), the agencies
in question can analyze the info and narrow the more intensive aspects of
the surveillance to selected persons.






From dthorn at gte.net  Fri Nov 29 09:34:02 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 29 Nov 1996 09:34:02 -0800 (PST)
Subject: Anon
In-Reply-To: <199611290549.VAA09766@atropos.c2.org>
Message-ID: <329F1E68.6EF8@gte.net>


Doug Barnes wrote:
> > Hal Finney wrote:
> > | As I mentioned a couple of days ago, science fiction writer David Brin
> > | has an argument against not only anonymity, but _privacy_ as well.
> > | Where cypherpunks tend to think of privacy as both beneficial and
> > | inevitable, Brin sees it as harmful and doomed.  He has an article in
> > | the December 1996 issue of Wired discussing his ideas.

[snip]

> There are many arguments against David's position; let's grant the
> possibility of near-perfect surveilance if it has popular support
> (which is pretty dubious, but has been addressed by others), and
> see what arguments remain:
> 1) I would conjecture that popular approval would make or break
>    this kind of system. It's amazing what kind of spontaneous civil
>    disobedience can spring up once there's a critical mass of
>    distaste for something like this.
>    (Taiwan story warning...) This reminds me of the pirate cable
>    TV wars, which hit their peak during my stay there -- essentially,
>    the government had outlawed cable TV altogether, mostly because
>    they controlled most of the existing media outlets, and didn't
>    believe the citizen-units needed more than what they had. Various
>    entrepreneurs began wiring Taipei for cable -- sloppy, ad-hoc
>    cable lays that were strung from building to building. The gov't
>    would come and cut the cables; new cables would be laid. People
>    paid their cable bills, but could never quite manage to identify
>    the cable installer when the government came around asking.
>    Programming consisted of a van with a bunch of VCRs and a small
>    satellite dish, that would plug into the network at various places.
>    It go to the point where in some areas there was so much cable, it
>    was tricky to figure out which were the old ones and which were
>    the new. Eventually, the government gave up and licensed some
>    cable operators.

[mo' snip]

The above comments, and the snipped comments about "a few more Wacos will
wake the people up etc.", assume that the govt. hasn't learned anything
about the politics of mass surveillance over the past few decades.

In fact, they've learned a lot.  The surveillance can be kept completely
quiet, and when they need to take someone out, they can do that very
quietly as well.  And not a whole lot of people will be angry, because
they'll crank up the reputation destructo-machine/P.R. press to preclude
any problems there.

Waco was an aberration, because key people were hiding behind a quantity
of other non-key people, and the FBI blundered in and grandstanded to the
point of creating a Kent State kind of scene.  To suggest that future
Waco's are necessary to take out troublemakers is shortsighted.






From jimbell at pacifier.com  Fri Nov 29 09:47:04 1996
From: jimbell at pacifier.com (jim bell)
Date: Fri, 29 Nov 1996 09:47:04 -0800 (PST)
Subject: market for hardware RNG?
Message-ID: <199611291746.JAA22571@mail.pacifier.com>


At 06:08 AM 11/26/96 -0800, Paul Pomes wrote:
>There are some commercial products worth studying.  See
><http://rainbow.rmi.net/~comscire/> for one.

Thanks for the reference.  However, I was very unimpressed with their price 
of $295 dollars.  I don't doubt that there are certain organizations 
(banks?) which would have no problem affording them, but that's well out of 
the range of ordinary consumer items.    I just bought a 10x CDROM drive for 
$100; somehow I think that a hardware RNG should cost less than that.  
Volume is a big issue, I suppose.


Jim Bell
jimbell at pacifier.com





From dlv at bwalk.dm.com  Fri Nov 29 09:50:28 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 29 Nov 1996 09:50:28 -0800 (PST)
Subject: Counterproductive Dorothy Denning Flames
In-Reply-To: <849280424.615121.0@fatmans.demon.co.uk>
Message-ID: <yX16XD2w165w@bwalk.dm.com>


paul at fatmans.demon.co.uk writes:
> all you ever contributed to this list (despite your knowledge of 
> cryptography) was rants about sovok jews and Tim Mays sexual 

You are lying again.  Anyone who bothers to search the archives of
this list for my name will see that 1) I never said anything about
any "Sovok jews", 2) I used to contribute a great deal of technical
discussion before all the techincal people left this list.

Tim May is a vicious anti-Semite who rants about destroying the state
of Israel and exterminating all Jews. Timmy lies that I too am an
anti-Semite (I'm actually Jewish) and now Paul repeats Tim's lies.

> orientation. I happen to be knowledgable about cryptography but even 
> if I`m not an expert I do tend to post things that are of value and 
> interest as opposed to worthless flames.

Paul lies again. Paul's contributions to this mailing lists contsist of
assinine rants about "brute force attacks on OTP" and attacks on people
who know more than him, such as Don Woods (whom Paul calls "Don Woods (spit").

Paul's calling cryptorelevant discussion "bullshit" and e-mailing me
multiple copies of my own cypherpunks writings with the word "fuckhead:
added are some of the examples of his worthless flames and net-abuse.

I guess John Gilmore finds Paul Bradley a suitable ass-boy.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From null at void.gov  Fri Nov 29 09:53:03 1996
From: null at void.gov (null at void.gov)
Date: Fri, 29 Nov 1996 09:53:03 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <3.0.32.19961129095226.006a0428@best.com>


I would say that depends on -where- &/or -how- you store the premaster/master,
and is dependent on platform threat models rather than attacks on the wire.  
These are different problem spaces with different solutions, which some
contemplated
changes to SSL may help address: some tweaks may be useful to support more
secure secret management on the platforms.  But I would not go so far as to
say
that these issues make SSL or an implementation insecure per-se, until I
did the
complete job.  

If my platform is compromised such that the master or premaster secret
can be subverted, then I have problems that go way deeper than SSL or a
particular
implementation of it.

Would you like to propose some fixes?  We would be very interested.

Ben Laurie wrote ....
>SSL requires the keying material to be available at all times. This is rather
>different from many applications of cryptography, where one can keep keying
>material safely locked away except when it is needed.
>
>This is the inherent vulnerability.
>
>Cheers,
>
>Ben.
>
>-- 
>Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
>Freelance Consultant and  Fax:   +44 (181) 994 6472
>Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>London, England.          Apache-SSL author
>
>





From null at void.gov  Fri Nov 29 09:53:08 1996
From: null at void.gov (null at void.gov)
Date: Fri, 29 Nov 1996 09:53:08 -0800 (PST)
Subject: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
Message-ID: <3.0.32.19961129093439.0069cb88@best.com>


Well, then, tanslation:

"I say SSLEAY is not secure - but to actually do the homework
to back my assertion then someone has to pay me."

Hmmmph.  Not very useful.  Nor credible.

>I think I would discuss this with the author before going public, to give
>him the usual opportunity to clean up before all hell breaks loose. However,
>that is what I'd call "work" rather than "fun", so I'd want paying for it.
>
>No doubt I'll take it up with Eric at some point, when neither of us has
>anything better to do.
>
>My impression is that Eric is more interested in speed and functionality than
>strict security (and considering the incredible vulnerability that is more or
>less inherent in an SSL implementation, I feel the same). I could be
wrong, of
>course.
>
>I will say that I'm not aware of any problems that a good firewall and
physical
>security don't take care of. That isn't to say there aren't any - I haven't
>looked that hard.
>
>Cheers,
>
>Ben.
>
>> 
>> >I've never seen a security review of SSLeay, and if anyone gave it a clean
>> bill
>> >of health, they didn't have their eye on the ball. Note, I'm not knocking
>> >SSLeay here, it is a wonderful lump of code, but it hasn't been written
with
>> >security in mind (IMHO).
>> >
>> >Cheers,
>> >
>> >Ben.
>> >
>> >-- 
>> >Ben Laurie                Phone: +44 (181) 994 6435  Email:
ben at algroup.co.uk
>> >Freelance Consultant and  Fax:   +44 (181) 994 6472
>> >Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>> >A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>> >London, England.          Apache-SSL author
>> >
>> >
>
>-- 
>Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
>Freelance Consultant and  Fax:   +44 (181) 994 6472
>Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
>A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
>London, England.          Apache-SSL author
>
>





From deviant at pooh-corner.com  Fri Nov 29 09:55:54 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Fri, 29 Nov 1996 09:55:54 -0800 (PST)
Subject: cgi-bin vulnerability
In-Reply-To: <199611291506.KAA16645@sherry.ny.ubs.com>
Message-ID: <Pine.LNX.3.94.961129175308.3227A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 29 Nov 1996 pjb at ny.ubs.com wrote:

> does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
> vulnerability? 
> 
> cheers,
> 	-paul
> 

If you can't figure out how, you probably don't need to know. (actually,
its so simple the average high school student could probablyfigure it out,
if they knew what %0A meant... oops.. wasn't supposed to tell you that...
;)

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"All in all is all we are."
		-- Kurt Cobain


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp8jSjCdEh3oIPAVAQFkoAf+Nu62ObHyWHgDvkWAqqH7QTw4svfkELTB
d5E8S1ghkyxL1219LwGljelQ+uHaZt4EGB/nnDfQo7H2J9fMDR1CLJRC+h95xxKM
mKuAVbVT1W3nPm4+WP5DIplMvF/xVmextdbGLmAfYQksXQ4uGNRuaawS9G2ffYLP
erBEN9XuxvVY0AnTYCErnpDdOhh4BNTi2+os86Ea+mXt2FG3D8y0pdfRSnOJm2YU
yvQ7pUrMfhl9DGauc+lvb42B8OXWElnjYIFloxWr+rxACzS6NCbGF3izjfTv+2HX
tRZUuwYNee3j+p7kDY9ebANJqWUcMtR9To5za1/vlA4QAtPl5HsaVw==
=3/ok
-----END PGP SIGNATURE-----






From alzheimer at juno.com  Fri Nov 29 10:15:31 1996
From: alzheimer at juno.com (Ronald Raygun Remailer)
Date: Fri, 29 Nov 1996 10:15:31 -0800 (PST)
Subject: Copyright violations
Message-ID: <19961129.121618.11423.1.alzheimer@juno.com>


 
News Release (USCIB): Tuesday, November 26, 1996
 
Banks Making Sweeping Changes in Operations to Meet
Challenges of International Markets
 
Study finds international banks applying mix of reengineering and new
technology to improve operations. In an effort to reduce costs and boost
productivity, international banks are reengineering their operations
departments and updating technology at increased rates, according to a
two-year study of top international banking operations officers conducted
by
the U.S. Council on International Banking (USCIB) and the USCIB
Foundation. 
 
Operations departments, which generally maintain activity other than
retail
banking or customer service, are becoming increasingly critical in
international
banking, due to the explosive growth of transnational business and the
convergence of commercial and investment bank activities. Such industry
developments have left many corporate clients looking for "one-stop
shopping" for their banking matters as an easier way to meet their
financing
needs. 
 
At the USCIB Annual Conference in mid-November, it was noted that
banks are going to have to employ more agility in order to satisfy their
corporate clients' escalating demands for simplicity. The increasing cost
of
running an operations department is also forcing executives to take a
sharper
look at where they can trim their budgets. 
 
According to the USCIB study the annual operations department budget is
now $ 15 million, compared with $ 9 million in 1995, an increase of more
than sixty-six (66%) percent. In more than half (52%) of the operations
departments surveyed, labor costs accounted for fifty (50%) percent or
more
of their budgets. 
 
To reduce costs, executives have turned to reengineering and downsizing.
Thirty six (36%) percent have reengineered their departments, and of
those,

sixty-three (63%) percent reported the action had reduced costs and
improved productivity. 
 
Nearly one-half (49%) of operations executives have either downsized
their
departments in the past year or plan to in the one to come. In addition,
all of
the executives surveyed plan to invest in technology over the next 12
months
in order to speed up operations and handle the increase in international
transaction banking. Ninety-six (96%) percent of respondents say they
will
invest in technology, up from eighty-nine (89%) percent in 1995. 
 
Just under half of surveyed operations departments use a technology
system
that is over three years old, and sixty-three (63%) percent of
prospective
buyers expect to spend more than $100,000 to replace or upgrade aging
equipment in the next year. 
 
The U.S. Council on International Banking (USCIB) is a national
association
representing more than 320 U.S. and foreign-based financial institutions
with
operations or subsidiaries in the United States. 
 
One of the oldest U.S. banking associations, the USCIB works to
standardize international banking rules and practices, serves as advocate
to
U.S. and international regulatory bodies on policy issues that affect its
membership, and provides training and information to bankers throughout
the
United States. 
 
This study included 55 of its members and other executives and was
conducted in late July and August, 1996.
 
 





From security at kinch.ark.com  Fri Nov 29 10:27:11 1996
From: security at kinch.ark.com (Dave Kinchlea)
Date: Fri, 29 Nov 1996 10:27:11 -0800 (PST)
Subject: wealth and property rights
In-Reply-To: <199611291016.CAA17877@infomatch.com>
Message-ID: <Pine.LNX.3.95.961129101236.550O-100000@kinch.ark.com>


On Fri, 29 Nov 1996, Murray Hayes wrote:
> 
> Yes, there are maany angry young men in this country.  Unions prevent
> young men from compeating in the market place.  Unemployment Insurance 
> artificialy increases the unemployment rate by 2% (this is a figure that
> many people more knowledgable than me have stated)  welfare increases
> the unemployment rate by another 1%.  The Canadian Pension Plan is
> out of money and yet I am still forced to contribute and for what???
> Will it still exist when I retire?  Not bloody likely.

I won't argue with your figures, I don't believe them but lets use them
for arguments sake. UI (or is it EI now?) + welfare increase the
unemployment rate by a combined 3%, that still leaves (at least) 7+%
unemployed, a significant number! Meanwhile, major corporations who are
significantly adding to the unemployment rate themselves (heard of
`downsizing') are making record profits. That too must be the poor
people's fault, yes?

You have a right to be angry about CPP, it pisses me too for I know I
won't get a dime either. But the people you *should* be mad at are the
seniors and politians who allowed this to happen, not the people on the
low end.

FWIW, I agree with you about the Unions (for the most part). Many have
lost sight of the reasons they were formed in the first place. The
leaders of those unions, at least the biggies, have become the monster
they so love to hate. The recent Canadian Airline fiasco is a prime
example.

> Fortunatly NAFTA has forced some of our companies to compeat or
> die.  Take a look at Canadian.  Are they gone?  I didn't get to watch the
> news today......

Last I heard, the CAW was still refusing to allow a vote. I would love
to see that union broken myself.
 
> I'll bet that most of the employees would gladly take a 10% wage cut
> to save to company but the union leaders won't let them vote on it.  Why?
> Because they would loose power.  Look at what the govn't do.  Most of
> them just contribute to the problem by offering hand outs.  They don't
> need hand outs!  ONE gov't (Alberta) offered to lower the fuel taxes.
> 
> 
> YAAAAA RALPH!!!  (Who's ecinomic reforms incidentally (sp)  was 
> hearalded by the Post as a model for govn't across North America)

Who has also been implicated in some form of insider trading, not the
white knight everyone would have us believe. 
 
> Cut taxes and kill the union leaders.
> 
> Sorry for siting my sources.....

I assume you mean: "Sorry for NOT citing my sources"

cheers, kinch

PS: I am not going to keep this up, at least not on cypherpunks, it has
zip to do with the charter.






From pjb at ny.ubs.com  Fri Nov 29 10:48:52 1996
From: pjb at ny.ubs.com (pjb at ny.ubs.com)
Date: Fri, 29 Nov 1996 10:48:52 -0800 (PST)
Subject: cgi-bin vulnerability
Message-ID: <199611291848.NAA16684@sherry.ny.ubs.com>


i think that i understand what you are trying to say, however, my purpose
in asking for this information has nothing to do with what i know.
i am pulling together a series of tests for our firewall, and am not
satisfied that the entries/cracks that i know are the only ones that exist,
therefore, i ask others for their input.  seems reasonable, doesn't it?

thanks for you response.

cheers,
	-paul

> From deviant at pooh-corner.com Fri Nov 29 12:55:52 1996
> Date: Fri, 29 Nov 1996 17:54:10 +0000 (GMT)
> From: The Deviant <deviant at pooh-corner.com>
> X-Sender: deviant at random.sp.org
> To: pjb at ny.ubs.com
> cc: cypherpunks at toad.com
> Subject: Re: cgi-bin vulnerability
> Organization: The Silicon Pirates
> MIME-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Content-Length: 1025
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Fri, 29 Nov 1996 pjb at ny.ubs.com wrote:
> 
> > does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
> > vulnerability? 
> > 
> > cheers,
> > 	-paul
> > 
> 
> If you can't figure out how, you probably don't need to know. (actually,
> its so simple the average high school student could probablyfigure it out,
> if they knew what %0A meant... oops.. wasn't supposed to tell you that...
> ;)
> 
>  --Deviant
>    PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39
> 
> "All in all is all we are."
> 		-- Kurt Cobain
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQEVAwUBMp8jSjCdEh3oIPAVAQFkoAf+Nu62ObHyWHgDvkWAqqH7QTw4svfkELTB
> d5E8S1ghkyxL1219LwGljelQ+uHaZt4EGB/nnDfQo7H2J9fMDR1CLJRC+h95xxKM
> mKuAVbVT1W3nPm4+WP5DIplMvF/xVmextdbGLmAfYQksXQ4uGNRuaawS9G2ffYLP
> erBEN9XuxvVY0AnTYCErnpDdOhh4BNTi2+os86Ea+mXt2FG3D8y0pdfRSnOJm2YU
> yvQ7pUrMfhl9DGauc+lvb42B8OXWElnjYIFloxWr+rxACzS6NCbGF3izjfTv+2HX
> tRZUuwYNee3j+p7kDY9ebANJqWUcMtR9To5za1/vlA4QAtPl5HsaVw==
> =3/ok
> -----END PGP SIGNATURE-----
> 
> 





From ben at gonzo.ben.algroup.co.uk  Fri Nov 29 11:03:57 1996
From: ben at gonzo.ben.algroup.co.uk (Ben Laurie)
Date: Fri, 29 Nov 1996 11:03:57 -0800 (PST)
Subject: SSLeay security
Message-ID: <9611291800.aa00402@gonzo.ben.algroup.co.uk>


It seems I have expressed myself poorly. My point was that, as far as I am
aware, SSLeay has not been widely reviewed. A lot of people use it, sure, but
that is not review.

Since there are obvious defects in the code, from a security point of view,
such as failure to scrub keys, it wouldn't get a clean bill of health from me.

Of course, these kinds of defects require other defects in the user's security
policy (such as running on an operating system which permits free access to
memory) to exploit.

There may or may not be worse problems. I don't know. And I won't know until
either it becomes important to me, someone pays me to find out, or someone else
points them out.

I'm not saying that I'm aware of defects which are not obvious but my
experience in using it suggests that it may have them - it isn't that hard to
crash, and where there are crashes lurk possible security holes. Tracking
these down is where it stops being fun. At least for me.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben at algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author





From nobody at replay.com  Fri Nov 29 11:23:38 1996
From: nobody at replay.com (Anonymous)
Date: Fri, 29 Nov 1996 11:23:38 -0800 (PST)
Subject: Seditious Cable!
Message-ID: <199611291923.UAA25308@basement.replay.com>


 dlv at bwalk.dm.com wrote to All:

 d> Doug Barnes <cman at c2.net> writes:
 >> (Taiwan story warning...) This reminds me of the pirate cable
 >> TV wars, which hit their peak during my stay there --

[...]

 d> Now, what would the U.S. government (state or los federales) do in a
 d> similar situation? They'd probably fine any resident found with a
 d> cable TV thousands of dollars and if that didn't work, they'd start
 d> jailing people. Maybe even burn a few TV viewers, a la Waco. :-)

And these are the folks you want to maintain your key escrow?






From attila at primenet.com  Fri Nov 29 11:33:02 1996
From: attila at primenet.com (attila at primenet.com)
Date: Fri, 29 Nov 1996 11:33:02 -0800 (PST)
Subject: denial of service and government rights
Message-ID: <199611291933.MAA05426@infowest.com>


-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------


        read the last line. the usual rules of evidence which give
    the feds the right to anything they well please --constitutional
    or not!  if seizure of a victims property can by obtained a 
    search and sieze warrant for the victimized "object,"  a whole
    new mode of regulation has begun.

        all the government will do to suppress sites as they please,
    is to initiate a few attacks themselves --and they will.

        I got tired of paying Lexus $150 for idle months after dumping
    West for almost $500/month --otherwise I would run down the Feds
    kangaroo ruling which seems to grant them this absurd right. 
    Several on the list are still maintaining accounts...  ?

        ====== begin forwarded text ======

Computer Attacks Show New Patterns

The major trends in computer break-ins involve denial of service 
and data-driven attacks, says a Department of Justice lawyer.  
Denial of service occurs when an attacker "bombs" an Internet 
service provider with so many e-mail messages that the server 
becomes overloaded and shuts down. Data-driven attacks occur when 
a virus program is disguised as a data-only file.  The file can be 
hidden in a Java program on a Web page, and when a visitor clicks 
on the site, he or she unwittingly downloads the virus.  A computer 
crime consultant with SAIC warns that these attacks can be launched 
on an innocent party's Web server, but once that happens, the server 
can become the subject of a wiretap and a search warrant.  "The title 
of your computer vests with the government as soon as a hacker uses 
it to commit a crime," he says.  

[BNA Daily Report for Executives 25 Nov 96 A20]

    ====== end forwarded text ======

- --
 "In nature, stupidity gets you killed.
   In the workplace, it gets you promoted.
    In politics, it gets you re-elected."
        --attila


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp83lr04kQrCC2kFAQFYuAP/bLbraU6rFFLQZpFfsvxiGrbm7W26p3t9
GffgoN/LA6OBqIEUpAdPxGoVqco7RDpHHprhObEV4MorR3BsK6pl5EVNbc3Xp7OC
pxFThx0O08bscdmVBSYAUsU2hXMuW2AiuAkxBwCRdaG0bxswr97JQI9ye+pjKTPw
cARrd7QLmz4=
=vUe3
-----END PGP SIGNATURE-----







From attila at primenet.com  Fri Nov 29 12:12:50 1996
From: attila at primenet.com (attila at primenet.com)
Date: Fri, 29 Nov 1996 12:12:50 -0800 (PST)
Subject: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <Pine.HPP.3.91.961129170630.7957A-100000@cor.sos.sll.se>
Message-ID: <199611292013.NAA06282@infowest.com>


-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

In <Pine.HPP.3.91.961129170630.7957A-100000 at cor.sos.sll.se>, on 11/29/96 
   at 05:55 PM, Asgaard <asgaard at Cor.sos.sll.se> said:

::> Rule 2:  Don't forward articles from other forums to
::> cypherpunks.  We can find it ourselves the same place you did

::This is not universally true. Everyone doesn't have access to a
::functional News server or even to the Web, and some interesting stuff
::could come from closed commercial sites etc.
::
        for instance, I read a lot of liberal hogwash lists [know thine
    enemy].  there are lists after lists about lists. sorting out the
    precisely cut and trimmed info is hard --and there is not time to
    read a man who is being paid by the word!  

    good summaries with pointers is essential.
      
:: [snip] ...to be able to request longer pieces with very few keystrokes,
::jya-style. 
::
        john provides an extremely valuable service by covering a broad
    spectrum of sources.  since I read others, I am considering using
    the auto-respond features of procmail to do the same.  however, I
    sure wont cover as much ground as john does!

:: The most lazy of us will hardly even light up our browsers
::for a maybe-interesting URL.
::
        unfortunately, that is too true --even when your mail browser 
    will pass the URL to the browser which is often in the background
    anyway.

::The problem is off-topic or quasi-on-topic forwards, including EPIC/EFF
::kind of announcements. 
::
    hard to discern sometimes

::And all forwards would benefit from a personal
::comment by the forwarder (at the beginning of the mail, NOT after the 10
::screens document) where he explains what is interesting cp-wise.

        ABSOLUTELY!  always put your comments and the "pointer" out front 
    --even if you are planning interline comments.

- --
  without arms they do not resist; 
    without communication they know not what to resist.
        -attila

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp9DRb04kQrCC2kFAQH7FAP/U0Xrs8/w61tudGrDmj/XpoLFXCsWdq0l
xab+rBby242AVJN0BxULUTVH+F4hblIcJGy52gWTKdwcKHS9lShmhgTFbRpepO+L
GLdX+LV6fiBr4SoyD+1+pQBdzmYGyjmXiG3Xp8JoB9q2OBTdJbgoLsCHB6dX97Pe
KR3Z7XsowSw=
=WUSX
-----END PGP SIGNATURE-----







From jeremey at veriweb.com  Fri Nov 29 12:18:29 1996
From: jeremey at veriweb.com (Jeremey Barrett)
Date: Fri, 29 Nov 1996 12:18:29 -0800 (PST)
Subject: cgi-bin vulnerability
In-Reply-To: <199611291506.KAA16645@sherry.ny.ubs.com>
Message-ID: <Pine.BSI.3.93.961129121825.16250A-100000@descartes.veriweb.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 29 Nov 1996 pjb at ny.ubs.com wrote:

> does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
> vulnerability? 
> 

Read 2600 this month.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeremey Barrett
Senior Software Engineer                         jeremey at veriweb.com
VeriWeb Internet Corp.                           http://www.veriweb.com/

PGP Key fingerprint =  3B 42 1E D4 4B 17 0D 80  DC 59 6F 59 04 C3 83 64
PGP Public Key: http://www.veriweb.com/people/jeremey/pgpkey.html
                
		"less is more."  -- Mies van de Rohe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMp9FUy/fy+vkqMxNAQEVNgP+N8iV50TXnDkLInlT4a6dsmrbqh5fHpcS
OcgRWquV0vuZ/gl7SWN+nxpMPLeg1foHS3nfYu4D9OQJtumdbQXdgbiAk61hOli3
5YKsFbMF0xtfuWRZ8wLzL0R8Qa5jQGaQbIrS4IkH7mJyxsoMeUYPMWjklH7kf79Y
oP+REy9dxUA=
=ekPQ
-----END PGP SIGNATURE-----






From sunray at globalnet.co.uk  Fri Nov 29 12:58:43 1996
From: sunray at globalnet.co.uk (Steve Crompton)
Date: Fri, 29 Nov 1996 12:58:43 -0800 (PST)
Subject: PGP 2.63ui support for the MAC
Message-ID: <1.5.4.16.19961129205846.32e7ceb2@mail.globalnet.co.uk>


-----BEGIN PGP SIGNED MESSAGE-----


Subject: PGP 2.63ui support for the MAC

I have received a few inquiries about support for the Macintosh.

Unfortunately, the small team working on PGP 2.63ui does not have
the expertise or tools to support the MAC or platforms other than
MSDOS.

However, since we have published our source code, we welcome
participation by people who want to add support for the MAC or
other platforms.  All we ask is that any changes be controlled by
conditional compile statements so that we can maintain a unified
source code for all platforms.

American friends who are concerned about legal difficulties may
contact me via encrypted Email in strictest confidence.

Finally, I understand that Stale's MIT-based version of PGP does
have a good selection of support for the MAC and various other
platforms. We are not going to object strenuously if some of our
enhancements, now unique to 2.63ui, find their way into a future
release of Stale's version.

Steve Crompton 100645.1716 at compuserve.com  (preferred)


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

iQEVAwUBMp9MIhRHWQsRmI2RAQGD/wgAuuBRclY2ovL7uZ7nukcR9maz85GSCYS7
gbYcToxWhZMA3YMMDmV8260qG9BmF0dHoNt39HfEjcordiTU2gLOTmyWqTIWXyA3
uRuKwZQiGPc2bxf+p62G0KdXEdEPcJ98vZWAxVkZwNDlkTg8FZ+O0NsQOPkBMSCO
cE+kiJDk/71CEMwBhu4Q2QN9KBtX+MpcOvT6v1M5vIFAtO31OHaiz/0/tBCitpDP
ukNX8Ntmht+/Izmma3lQaiuFo3i6pXH7qPxKBE38ZNU+w/CtiEPoy/uWN69L3l2D
6RIBbtdvbIkE6ZWotuPcsy/TxqJNsDdnztksfP2EpoKCG9vnHoaU3w==
=8vJt
-----END PGP SIGNATURE-----


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

mQCNAy+FS/kAAAEEAKsKQxcaOw8GQpGXEm4hCfqWyeVlh2Ai9AYvXxPy1VrWYNUu
NDafHwhfoAjM1apHT6CcISw9D4NNeJtXWutv8mKQjumsITzGZ/mSRlOLzxTbdOtD
qyuXjSWt2TIm+ffttbZLsurP8genv4LFDHxGiVeKaAA64CnI4wc2DukbwCfhAAUR
tC1TdGVwaGVuIENyb21wdG9uIDwxMDA2NDUuMTcxNkBjb21wdXNlcnZlLmNvbT6J
AJUDBRAw062s3ic1/dqHwMcBATFuA/9HeAnZWL8MVHSx3/Ux5vRKxpAqrKs9llgN
5RmaGX+lBW6GASnSdpyrBXTG7+li/X57Jmgq04X3rWZm34Qdo6D2266aKkXc9PkM
njuMpmw29Ejza5VYUlz8jMm5vUDEgaPtA5a4JL9+HLhCPCv298177kFZrZBvUgll
1/PO1bpTaokAlQMFEC/tv3UuGDEtkMU5FQEBxYAD/Rsbr7PlHSOns3WsULqmdU9Z
1vKrlmp/sma950jMRC75tJNE1R0eBcE+1eHWkpDhcQ2rlpVTiEcO3IcOBv4ycAjG
ZeVcv7hEmMd+Rf+75L/Y0DAZEB9SjX46TTagEYAURK/qWMl47nZpQiyo2VyM/5Br
3fGzuUH/ZE8gjhdYVTQE
=WBzQ
-----END PGP PUBLIC KEY BLOCK-----






From slothrop at poisson.com  Fri Nov 29 13:17:40 1996
From: slothrop at poisson.com (Slothrop)
Date: Fri, 29 Nov 1996 13:17:40 -0800 (PST)
Subject: A URL for Dimitri
Message-ID: <199611292116.NAA04015@dns2.noc.best.net>


http://www.torah.org/learning/halashon/

jd
--
Jason Durbin
Stop Reading Here<--





From jya at pipeline.com  Fri Nov 29 13:36:21 1996
From: jya at pipeline.com (John Young)
Date: Fri, 29 Nov 1996 13:36:21 -0800 (PST)
Subject: LON_ely
Message-ID: <1.5.4.32.19961129213336.0068b898@pop.pipeline.com>


 11-25-96:

 "Intel Enters Encryption Market With HP For PCMCIA Card "

 So far, HP is the only computer company offering the
 combination PCMCIA and smart card encryption hardware.

 VLSI and Tandem are developing an encryption chip for use 
 on a PCMCIA card. VLSI built the infamous Clipper chip 
 developed by the NSA that was shot down as a proposed 
 government standard after overwhelming industry opposition.

 In a separate development, National Semi, one of two suppliers 
 of the Fortessa encryption card, scaled back its government 
 encryption operations. Program delays, slim margins, and 
 contract disputes with the NSA disillusioned the chip maker.

-----

 LON_ely  (5 kb)






From mrosen at peganet.com  Fri Nov 29 15:40:46 1996
From: mrosen at peganet.com (Mark Rosen)
Date: Fri, 29 Nov 1996 15:40:46 -0800 (PST)
Subject: Announcement: Very Good Privacy
Message-ID: <199611292343.SAA15315@mercury.peganet.com>


	I have written an encryption program called Very Good Privacy for Windows
95/NT. It supports drag-and-drop encryption using the following algorithms:
ASCII (Caesar), BlowFish, DES, IDEA, NewDES, RC4, Safer SK-128, and
Vigenere. After the files are encrypted, the user has the option of
securely deleting the source files using a stream of random text. Very Good
Privacy is shareware with a $5-$10 registration fee. Please note: Pretty
Good Privacy is only "pretty good" but Very Good Privacy is "very good."
:-)

VGP can be downloaded at: http://www.geocities.com/SiliconValley/Pines/2690
If you have any questions, please e-mail vgp at cryogen.com





From dthorn at gte.net  Fri Nov 29 18:28:04 1996
From: dthorn at gte.net (Dale Thorn)
Date: Fri, 29 Nov 1996 18:28:04 -0800 (PST)
Subject: The House Rules At The Permanent Virtual Cypherpunks Party
In-Reply-To: <Pine.HPP.3.91.961129170630.7957A-100000@cor.sos.sll.se>
Message-ID: <329F9BA0.541B@gte.net>


Asgaard wrote:
> > Rule 2:  Don't forward articles from other forums to
> > cypherpunks.  We can find it ourselves the same place you did

[snippo]

I wrote a short response to one point in the original post, and it got
"lost" somehow.

Bryce (I think) said words to the effect that "We (subscribers) are doing
something with John's computer, etc.", as though the list subscribers are
actually operating John's computer, with John's kind permission and over-
view (as though children being supervised in school).

What I said was:  I don't *do* anything with John's computer, I merely
mail messages with an address on them, and John can remail or dispose of
those messages as he wishes, as long as he doesn't modify them or otherwise
use them for any purpose besides what they were intended for.

Bryce's (I think) writing was clearly an example of the kind of double-
speak that 1984-ish censors use to justify their actions, and I for one
cannot let that kind of B.S. go unchallenged.






From gbroiles at netbox.com  Fri Nov 29 19:56:45 1996
From: gbroiles at netbox.com (Greg Broiles)
Date: Fri, 29 Nov 1996 19:56:45 -0800 (PST)
Subject: denial of service and government rights
Message-ID: <3.0.32.19961129195752.00730f7c@mail.io.com>


-----BEGIN PGP SIGNED MESSAGE-----

I see two general arguments that go in the direction of the SAIC
consultant's comments:

1.	Seizure & retention as evidence or instrumentality of a crime - e.g., if
someone breaks into my house, steals my gun, and uses it to shoot someone,
it'll be a long damn time before I get my gun back. The prosecution will
likely want to do various forensic tests, the defense may want to do its
own, the prosecutor will want to wave it around at trial, it may even go
back to the jury room to pass around while they deliberate - and if there's
a mistrial/new trial granted, the cycle starts again. (Off of the top of my
head, I can't remember what happens to physical evidence after trial but
during appeal.) Generally, people who are unfortunate enough to have
property which gets sucked into a criminal investigation/trial are just out
of luck. Bummer. I don't see any reason why this wouldn't be true for a
computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure (but seizure is not
forfeiture) of "property that constitutes evidence of the commission of a
criminal offense". 

2. 	Forfeiture of the instrumentality of a crime, or of a nuisance - cf.
_Bennis v. Michigan_ <http://www.law.cornell.edu/supct/cases/94-8729.html>,
the recent Supreme Court case where the "Justices" (cough cough) upheld the
forfeiture of a wife's half interest in a car which was used (without her
knowledge/consent) by her husband to facilitate the crime of prostitution.
The Supreme Court rejected the idea that the Fifth Amendment's takings
clause or the Fourteenth Amendment's due process clause prevents the
forfeiture of the instrumentality of a crime without a showing of
culpability on the part of the owners. Some forfeiture statues (e.g., 21
USC 881, 1989 Oregon Laws Chapter 791, both re drug-related forfeitures)
provide for an "innocent owner" defense to forfeiture, but the Supreme
Court doesn't seem to think that's required as a matter of constitutional
law.  Fed.Rul.Crim.Pro 41(b)(3) allows the seizure of "property designed or
intended for use or which is or has been used as the means of committing a
criminal offense".

 There's an excellent resource available re computer search & seizure at
<http://www.epic.org/security/computer_search_guidelines.txt> - it's the US
DOJ's "Guidelines for Searching & Seizing Computers", pried loose by an
EPIC FOIA request and scanned.

But there's a big difference between "seizure" and "forfeiture". It's
possible that recent legislation has done for computer crime what the drug
forfeiture laws have done with respect to title in property - 21 USC 881(h)
indicates that "All right, title, and interest in property described in
subsection (a) of this section [e.g., property used in connection with a
drug crime] shall vest in the United States upon commission of the act
giving rise to forfeiture under this section." Given the innocent owner
defenses available in an 881 forfeiture, (h) sounds scarier than it works
out to be.

So yes, there may be a statute which gives title to the government in
computers used to commit crimes, and no, the Supreme Court won't
necessarily care about an "innocent owner". (Then again, it may make a
difference if we're talking about a computer owned by a corporation with
political clout, instead of the half-owner of a $600 car used for
surreptitious blow jobs. Your cynicism may vary.) I can't seem to find any
such statute, but like Ben Laurie pointed out w.r.t. security reviews,
there's a line between what folks are willing to do for free, and what
feels like work. Digging through a lot of teeny type in the Federal
Register/Congressional Record isn't my idea of a good time, so I'll leave
the "is there a statute?" question for someone else. I poked around on
EPIC's web site and thomas.loc.gov and in 18 USC without finding a computer
crime seizure statute, but I may just be too tired. :( 
 
At 07:26 PM 11/29/96 +0000, Attila wrote:

>        I got tired of paying Lexus $150 for idle months after dumping
>    West for almost $500/month --otherwise I would run down the Feds
>    kangaroo ruling which seems to grant them this absurd right. 
>    Several on the list are still maintaining accounts...  ?
>
>        ====== begin forwarded text ======
>
>Computer Attacks Show New Patterns
>
>The major trends in computer break-ins involve denial of service 
>and data-driven attacks, says a Department of Justice lawyer.  
>Denial of service occurs when an attacker "bombs" an Internet 
>service provider with so many e-mail messages that the server 
>becomes overloaded and shuts down. Data-driven attacks occur when 
>a virus program is disguised as a data-only file.  The file can be 
>hidden in a Java program on a Web page, and when a visitor clicks 
>on the site, he or she unwittingly downloads the virus.  A computer 
>crime consultant with SAIC warns that these attacks can be launched 
>on an innocent party's Web server, but once that happens, the server 
>can become the subject of a wiretap and a search warrant.  "The title 
>of your computer vests with the government as soon as a hacker uses 
>it to commit a crime," he says.  
>
>[BNA Daily Report for Executives 25 Nov 96 A20]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp+GSv37pMWUJFlhAQHEmgf+IfYnc0w47Ja/ETFlt08uHA7OWV9NJetd
l3gA4av00CwST1FRtdizAC0C4t2MHT6kzHb1j8NzncazAvgjdTEa9Vd31UTR0HgU
4dYbu9e+YtYT6NcaD4HszewxVo/gfpUKBobOA2lVe1QLR1Dzqbx2cbsmxKgDsdzE
Y/TATalZ7c7BkAXJBBgmXs8QYpsBWGUpmf8PUB3731MpGyF6H4gpmssxefjvGghE
eQ27k3hkPlZiKGI5MeZrFhUZXJj3VPu4B3/gC+ZFm2M8Jh4z5Wo4r7w690eb9hky
dGkUzQOb6sdh3ee1oJzwNWXE7R6DCL+3uiGA8Slt0hPOSBo2LBY2Zg==
=dQn5
-----END PGP SIGNATURE-----

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles at netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 





From tfs at adsl-122.cais.com  Fri Nov 29 20:37:33 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Fri, 29 Nov 1996 20:37:33 -0800 (PST)
Subject: KUDOS to Kathleen: [Re: Dorthy Denning is a boot-licking fasicist!!!]
In-Reply-To: <199611282127.OAA10714@infowest.com>
Message-ID: <9611300437.AA05806@adsl-122.cais.com>


attila at primenet.com wrote:
> 
> 
>         good, solid statement of purpose which too few of us practice. 
>     it is general human nature to be protective (usually in a jealous 
>     sense) of our nurtured opinions. However, that is not an excuse to 
>     be abusive of another.  

Unfortunatly the "too few of us practice" line could have read
'too few of us on cypherpunks practice'. Crypto has really been
suffused by noise on this list badly. One of the reasons I origionaly
signed on this list was that it was a really happening place for
crypto & cypherpunk-ish "values" (as it were), and other venues were
just "too noisey". I recently, out of dispair, checked some of the
'other' venues, and found them to have 90% more crypto related stuff.
It's rather sad, too much freak ranting & political bs, and too
little crypto. 

>         It is one thing to be vituperatively demonstrative, another to 
>     criticize anothers view point by epithetical allegorations, and 
>     another, with careful consideration, to disagree with _civilized_
>     clinically definable examples which delineate your viewport.
> 
When it comes to the Dennings, (I speak of Mr. & Mrs., they are fairly
blissfully married.) they are two people who are some of the MOST 
flameproof that I have ever seen. Rank insults are NOT going to get
anyone anywhere with them, except to possibly increase their sense
of persecution. Peter Denning is not a very popular guy with everyone
where he works to say the least, and has suffered some absolutly withering
attacks for HIS politics at George Mason university, to a degree that
makes even the most intense crap I've seen tossed around Cypherpunks look
contemptibly childish.

In a nutshell, all this anti-denning ranting on here is bush league,
amateur hour, kiddie stuff compared to what they've gotten elsewhere
for different reasons. (Well marginaly, they're facists, and that
is pretty much a shared theme with their politics in multiple arenas)

If you're one of the people who's written with that slant on this
thread and is going "but"... Trust me, you're both unimpressive and
non-competative on the insult-the-dennings front. As an example,
Peter had his face pasted over that of Hitler's in a poster that was
widely circulated on the GMU campus (that imfamous shot of Hitler
& Mussolini arm in arm, with Mr. M. being another prof.) by anonymous
types who were seeking (I guess <rolls his eyes>) to piss him
off in reply to some of his more extreme academic political positions.

If you want to accomplish something, I'd reccomend developing 
REAL-WORLD arguments to their facisim, and working on making THOSE
withering, rather than wasting time with _talentless_ insults.
Yes the Dennings are scary folks who would be right at home in
1941 Germany, but no, insults arn't going to even break wind in
their direction... You need to do _far_ better.

(with apoligies to attila, who all this was NOT directed at)
Tim Scanlon









From dlv at bwalk.dm.com  Fri Nov 29 21:20:15 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Fri, 29 Nov 1996 21:20:15 -0800 (PST)
Subject: More anonymous hate mail from John Gilmore, Timmy May, and
In-Reply-To: <199611291954.LAA10738@adnetsol.adnetsol.com>
Message-ID: <imV7XD33w165w@bwalk.dm.com>


"Ross Wright" <rwright at adnetsol.com> writes:

> On or About 28 Nov 96 at 15:21, Dr.Dimitri Vulis KOTM wrote:
>
> > because Americans are so stupid.
>
> Come on, doc.  That's a bit of a generalization.  You don't want to
> piss off people who like you, now, do you?

Hi Ross - well, generally, I think most people are stupid, irrespective of
their ethnicity. I'm just trying to piss off some more c-punks. :-)

OK, OK, point taken, I'll desist.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From Paramar at ns.sinfo.net  Fri Nov 29 23:26:21 1996
From: Paramar at ns.sinfo.net (Juan Manuel)
Date: Fri, 29 Nov 1996 23:26:21 -0800 (PST)
Subject: No Subject
Message-ID: <199611300727.CAA13093@ns.sinfo.net>


sign-off

--
JUAN MANUEL RICO
CIUDAD DE PANAMA - PANAMA

HTTP://www.paramar.com/index.html
mailto:jmro at paramar.com
mailto:info at paramar.com

PARAMAR IMPORT & EXPORT, LTDA.
SERVICIO DE PRIMERA CLASE A SU CARGA
TEL: 507 2239836 - FAX: 507 2239837
--





From wichita at cyberstation.net  Fri Nov 29 23:40:56 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Fri, 29 Nov 1996 23:40:56 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <FL8yXD37w165w@bwalk.dm.com>
Message-ID: <Pine.BSI.3.95.961130013052.19278A-100000@citrine.cyberstation.net>




On Mon, 25 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> paul at fatmans.demon.co.uk writes:
> 
> >
> > >      The algorythm cannot be considered secure until it has been
> > > peer-reviewed. They refuse to release the algorythm for review, simply sayi
> > > that "you can't break the code" therefore "it is secure".
> >
> > This isn`t strictly true. Don Wood (spit) has actually released the
> > algorithm details for review.
> 
> What did poor Don Wood do to deserve the (spit) after his name? Is he a liar
> and a content-based plug-puller, like John Gilmore (spit)? Is he an ignorant
> pseudo-cryptoid like Paul "Brute Force Attack on One-Time Pad" Bradley (spit)?

Amen, and that is only a small part of the gobbldegook that  Bradley and
his claque  have turkey squatted on you. As I have said before,
    PBradleyinfo = PBradleyinfo log_base_infinity PBradleyinfo 

Thanks Dr. Vulis and DT and others for yur kindness.


With Kindest regards,

Don Wood







From wichita at cyberstation.net  Fri Nov 29 23:42:38 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Fri, 29 Nov 1996 23:42:38 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <NJJZXD41w165w@bwalk.dm.com>
Message-ID: <Pine.BSI.3.95.961130014145.19278B-100000@citrine.cyberstation.net>




On Tue, 26 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> paul at fatmans.demon.co.uk writes:
> > >It seems to me they're putting an additional layer of stuff ("OTP") between
> > >the key generation and the actual encoding, so what's the problem with that,
> > >as a concept?
> >
> > Well for a start it`s not a one time pad because that requires a
> > totally real random pad. They have a stream cipher, as for whether it
> > is any good or not I would normally not trust a man with the talent
> > for bullshit Don Wood has.
> 
> I suppose Paul doesn't consider his own ruminations about "brute force attacks
> against one-time pads" to be "bullshit".
> 
> 
I could not agree more,

Don Wood






From grafolog at netcom.com  Sat Nov 30 00:09:46 1996
From: grafolog at netcom.com (jonathon)
Date: Sat, 30 Nov 1996 00:09:46 -0800 (PST)
Subject: Announcement: Very Good Privacy
In-Reply-To: <199611292343.SAA15315@mercury.peganet.com>
Message-ID: <Pine.SUN.3.95.961130080157.18557I-100000@netcom17>


On Fri, 29 Nov 1996, Mark Rosen wrote:

> 	I have written an encryption program called Very Good Privacy 

	Trademark violation here.   Probably not a good thing.

> 95/NT. It supports drag-and-drop encryption using the following algorithms:
> ASCII (Caesar), BlowFish, DES, IDEA, NewDES, RC4, Safer SK-128, and
> Vigenere. After the files are encrypted, the user has the option of

	<< text deleted >>

> Good Privacy is only "pretty good" but Very Good Privacy is "very good."

	I'm not sure how an encryption product that uses encryption
	algorithms weaker than Pretty Good Privacy can be described
	as being better than PGP.  

	Especially when all the algorithms listed have known problems
	of one kind, or another.   << And yes, I know that the known
	problems -- in some instances --- are entirely theoretical in
	nature.  >>

        xan

        jonathon
        grafolog at netcom.com


	SpamByte:  The amount of spam Sanford Wallace sends to AOL
		   in one 24 hour period.  
		   Roughly 1 000 Terabytes sent every 24 hours.  

	T3 Connection:   The connection that AOL needs to deal with 
		the spam Sanford Wallaces send to them in one day,
		so that legitimate users can contact people at AOL.

	






From wichita at cyberstation.net  Sat Nov 30 00:15:07 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 00:15:07 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611240241.SAA29110@netcom6.netcom.com>
Message-ID: <Pine.BSI.3.95.961130015710.19278C-100000@citrine.cyberstation.net>




On Sat, 23 Nov 1996, Bill Frantz wrote:

> >>I should have said "it's currently impossible to
> >>prove an algorithim unbreakable". :-)
> >
> >Or, more accurately, nobody credible has seen such a proof.  But, a
> >clever person might invent one.
> 
> I thought Shannon proved one-time-pads to be unbreakable using information
> theory.
> 
Shannon did, but Paul Bradley and friends(sic) proved that he/they could
brute force OTPs, its on the record, so I guess Shannon was wrong, Nes
pas?  Someone as certain of his facts as PB cannot possibly be wrong, or
did he say he was asleep - I guess so, he is obviously always asleep.

I also can prove that our algorithm cannot be broken. All you
have to do is to examine the algorithm and you will understand why it is
unbreakable. That is a lot of chutzpah, but once you understand the
algorithm and how simple it is to prove its unbreakability, then you will
understand that our claim is absolutely correct.

Unfortunately, many of you would rather beat your fingers on the
keyboard about the abstract than find out the truth for yourself. It
is really very simple. Again, I repeat, if you would like a free copy,
please send a e-mail request to:

                     ipsales at cyberstation.net

As for the algorithm, it is at:

                     netprivacy.com



With kindest regards, 

Don Wood






From wichita at cyberstation.net  Sat Nov 30 00:21:22 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 00:21:22 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124024959.14102A-100000@random.sp.org>
Message-ID: <Pine.BSI.3.95.961130021602.19278D-100000@citrine.cyberstation.net>




On Sun, 24 Nov 1996, The Deviant wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> 
> > 
> > At 12:33 PM 11/23/1996, Eric Murray wrote:
> > >John Anonymous MacDonald writes:
> > >> 
> > >> 
> > >> At 8:09 AM 11/23/1996, Eric Murray wrote:
> > >> >No, you can't.  It's impossible to prove an algorithim unbreakable.
> > >> 
> > >> No?  Please prove your assertion.
> > >
> > >You can't prove a negative.
> > 
> > If it can't be proven, why do you believe it is true?
> > 
> > The good news is that you can prove a negative.  For example, it has
> > been proven that there is no algorithm which can tell in all cases
> > whether an algorithm will stop.
> 
> No, he was right.  They can't prove that their system is unbreakable.
> They _might_ be able to prove that their system hasn't been broken, and
> they _might_ be able to prove that it is _unlikely_ that it will be, but
> they *CAN NOT* prove that it is unbreakable.  This is the nature of
> cryptosystems.
> 
> > >The best IPG could say is that
> > >it can't be broken with current technology.
> > >Next week someone might come up with a new way
> > >to break ciphers that renders the IPG algorithim breakable.
> > 
> > The best they can say is what they did say: they have a proof that
> > their system is unbreakable.  What you question, quite reasonably,
> > is whether they have such a proof.
> 
> It is impossible to prove such a thing.  It's like saying you have proof
> that you have the last car of a certain model ever to be built.  Anybody
> could come along and build another, and then you don't have the last one.
> 
> > 
> > >You point could have been that the same problem exists
> > >for proofs- that next week someone could come up
> > >with a way to prove, for all time, that an algorithim
> > >really IS unbreakable.  So, to cover that posibility
> > >I should have said "it's currently impossible to
> > >prove an algorithim unbreakable". :-)
> > 
> > Or, more accurately, nobody credible has seen such a proof.  But, a
> > clever person might invent one.
> 
> There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
> universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
> be proven.  It never has been proven, and it never will be proven.  People
> have new ideas, new algorithms are invented.  Someday, somebody will crack
> _all_ the cryptosystems that have now been invented.
> 

To repeat Frantz', I thought Shannon proved OTPs were unbreakable. I can
also assure you that they are unbreakable, because you cannot solve a
three variable equation where only one variable is known, ie. the
ciphertext. That is a fact, not an opinion like God, or Oswald, there are
facts and opinions. It is a fact that OTPs are unbreakable and it is a
fact that our system is unbreakable. Q.E.D. for the very same reasons
except that we must use exclusionary proof instead of inclusionary proof
like Shannon. 

With Kindest Regards,

Don Wood







From wichita at cyberstation.net  Sat Nov 30 00:27:49 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 00:27:49 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <3297C65F.4F7@gte.net>
Message-ID: <Pine.BSI.3.95.961130022230.19278E-100000@citrine.cyberstation.net>




On Sat, 23 Nov 1996, Dale Thorn wrote:

> Igor Chudov @ home wrote:
> > Black Unicorn wrote:
> > > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > > John Anonymous MacDonald writes:
> > > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> 
> > > > > No?  Please prove your assertion.
> 
> > > > You can't prove a negative.  The best IPG could say is that
> > > > it can't be broken with current technology.
> > > > Next week someone might come up with a new way
> > > > to break ciphers that renders the IPG algorithim breakable.
> 
> > > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> 
> If you want to do that, why not do so as a response to Don's FAQ?
> 
> > As a crypto amateur, I would appreciate a good technical explanation as
> > to why IPG's algorithm cannot be considered secure.
> 
> Is the concept here that:  Whereas conventional crypto generates/hashes
> a *key* with which to encode the text, IPG generates a *pad* from a key,
> more or less the length of the text, with which to encode the text??
> 
> It seems to me they're putting an additional layer of stuff ("OTP") between
> the key generation and the actual encoding, so what's the problem with that,
> as a concept?
> 
That is one reasonable interpretation/explanation  of what we are doing.
It is also extremely fast and is used one time only, guaranteed unless the
user deliberately sabotages their own system.
The process is quite simple and discussed in detail at our web site,

               netprivacy.com

Obviously, a number of you have read it. 

With kindest regards,

Don Wood
 






From attila at primenet.com  Sat Nov 30 00:28:54 1996
From: attila at primenet.com (attila at primenet.com)
Date: Sat, 30 Nov 1996 00:28:54 -0800 (PST)
Subject: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <9611300437.AA05806@adsl-122.cais.com>
Message-ID: <199611300829.BAA22027@infowest.com>


In <9611300437.AA05806 at adsl-122.cais.com>, on 11/29/96 
   at 11:37 PM, Tim Scanlon <tfs at adsl-122.cais.com> said:

::(with apoligies to attila, who all this was NOT directed at) Tim Scanlon

        no, I didn't read it that way, Tim. thanx for the tag though!  

-----BEGIN PGP SIGNED MESSAGE-----


- ----------------------------------------------------------------------

    follow on:

        I am aware of the Dennings and their politics --and, I suspect 
    like you, have no illusions that much of anything will change their 
    opinions.  Like many, she (I have never met him) appears as a 
    gracious, intelligent individual.

        however, she certainly is a "find" for the Clinton team (who
    appear as fascist in their approach to crypto and gun control as 
    Hitler). Bubba could never have created so exquisite a spokesman...

        1935 will go down in history! For the first time a civilized 
        nation has full gun registration! Our streets will be safer, 
        our police more efficient, and the world will follow our 
        lead in the future!
            --Adolf Hitler

    in fact, protecting free speech through cryptography is even more
    important than gun control (not much, though --they go hand-in-hand)

    ...and, Bubba is writing new history. witness the infamous question
    #46 of a very real questionnaire given to all black-shirt Marine and 
    Seal units --we all _know_ these units do not exist....

            46. The U.S. government declares a ban on the possession, 
            sale, transportation, and transfer of all non-sporting 
            firearms. Consider the following statement:
      
                I would fire upon U.S. citizens who refuse or resist 
                confiscation of firearms banned by the U.S. government.

    this was a survey given at USMC 29 Palms, Pendleton, LeJuene, etc.
    I was aware of the survey _before_ it was given to my son --who 
    _was_ a black-shirt NCO.  The survey also included questions
    covering command and direction from UN officers on US soil, against
    our people.  The Feds tried to pass it off as someones Masters
    research  -a different person at different bases. 

    Now, how does that information get passed around?  am I preaching
    to the choir, yet?    

        In truth, successful dictators are usually very popular. 
        Their regimes are distinguished not by silence but by 
        roaring crowds and festive rallies. Benito Mussolini, 
        Adolf Hitler, Juan Peron, Mao Zedong, and Fidel Castro 
        all mastered the technique of amplifying their support, 
        while reducing opposition to no more than private grumbles. ... 
            --Tyranny Without Dictators, SOBRAN'S March 1996.

    and a made for television sorry excuse for an executive with his
    fingers on the football (which some claim has been taken away from
    him by the SS (notice the similarity in the initials) since the SS
    does not trust his cocaine violence.

        in other words, how about we spend the time productively,
    creating _intelligent_ critiques and opposition to the direct 
    assault on The Bill of Rights by a pack of raving Federalists.

        it's the same old story: Adams, Hamilton, and Madison believed
    in all powerful central governments --in fact, they would have just
    as soon settled for an "American" king.  ...they became the 
    "Federalists."  interesting --Jefferson, who is revered as the 
    founder of the Democratic Party which opposed "Federalists," would
    not accept any responsibility for the tax and spend welfare state
    Democratic Party of today --he'd be a Conservative.

        we, and I mean all of us, who contribute the bulk of the 
    "opinions" to cypherpunks gave the mainstream press the biggest
    possible hole to run straight over us, declaring us anarchists
    and wild-eyed fanatics. unless we as a group mend our ways, and
    turn out intelligent reasoning for the advance of cryptography as
    a mainstream way of life, we will be forever consigned not only to
    the dustbin, but subject to the ridicule of both the press and the
    government.

        None of us are above a little sarcasm --but let's get the 
    vituperative effluent out of the system.  do whatever you wish in
    private mail, but keep the profane rantings off the list.

            this goes for you, Dimitri; and "aga" too.    

        meanwhile, Ms. Denning goes on shilling for the apocalypse...

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: Encrypted with 2.6.3i. Requires 2.6 or later.

iQCVAwUBMp/ulb04kQrCC2kFAQHkOgQAoWbQWUgVn69+o1qfuUIn8KqQ9LkiVyZl
6aQIXGrbajQ/0Zz7el3Lxg6Es43wKTevsyrwCHNbJYnZsRq3ezRzawSTisUWVv5t
3JtCK1hD6lcEGENmZaBIhc77ZXAyOkugoCzLQIO8+YhZCbBoTghxyfZcm0XqknMb
T814uGQ+FeQ=
=zlrH
-----END PGP SIGNATURE-----








From wichita at cyberstation.net  Sat Nov 30 00:41:41 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 00:41:41 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.LNX.3.94.961124141239.15389B-100000@random.sp.org>
Message-ID: <Pine.BSI.3.95.961130023512.19278G-100000@citrine.cyberstation.net>




On Sun, 24 Nov 1996, The Deviant wrote:

> > At  4:21 PM 11/23/96 -0800, John Anonymous MacDonald wrote:
> > >At 12:33 PM 11/23/1996, Eric Murray wrote:
> > >>You point could have been that the same problem exists
> > >>for proofs- that next week someone could come up
> > >>with a way to prove, for all time, that an algorithim
> > >>really IS unbreakable.  So, to cover that posibility
> > >>I should have said "it's currently impossible to
> > >>prove an algorithim unbreakable". :-)
> > >
> > >Or, more accurately, nobody credible has seen such a proof.  But, a
> > >clever person might invent one.
> > 
> > I thought Shannon proved one-time-pads to be unbreakable using information
> > theory.
> 
> Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
> no matter what key you use, it _will_ decrypt, so your plaintext is still
> hidden simply because it could decrypt to whatever the person trying to
> decrypt it wants it to.  Its not that its unbreakable, its that its
> breakable in _so many ways_.  
> 

More nonsense - unbreakable means that you cannot determine what the
plaintext is. Shannon proved that you cannot prove what the plaintext
is for OTPs, or for the system we have developed either. The fact that it
could possibly be any plain text simply is another way of saying that it
is unbreakable, they are one and the same thing. Like so many you are
talking in circles and do not know what you are talking about or you
would not waste your time on such nonsense - Paul Bradley even knows how
to brute force OTPs, so you must be wrong there to.

With Kindest regards,

Don Wood
 

> 
> 






From wichita at cyberstation.net  Sat Nov 30 01:00:20 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 01:00:20 -0800 (PST)
Subject: IPG Algorith Broken!  Chudov - Thorn etal,
In-Reply-To: <Pine.LNX.3.94.961124145135.15531A-100000@random.sp.org>
Message-ID: <Pine.BSI.3.95.961130024219.19278H-100000@citrine.cyberstation.net>




On Sun, 24 Nov 1996, The Deviant wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sat, 23 Nov 1996, Dale Thorn wrote:
> 
> > Igor Chudov @ home wrote:
> > > Black Unicorn wrote:
> > > > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > > > John Anonymous MacDonald writes:
> > > > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> > 
> > > > > > No?  Please prove your assertion.
> > 
> > > > > You can't prove a negative.  The best IPG could say is that
> > > > > it can't be broken with current technology.
> > > > > Next week someone might come up with a new way
> > > > > to break ciphers that renders the IPG algorithim breakable.
> > 
> > > > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> > 
> > If you want to do that, why not do so as a response to Don's FAQ?
> > 
> > > As a crypto amateur, I would appreciate a good technical explanation as
> > > to why IPG's algorithm cannot be considered secure.
> > 
> > Is the concept here that:  Whereas conventional crypto generates/hashes
> > a *key* with which to encode the text, IPG generates a *pad* from a key,
> > more or less the length of the text, with which to encode the text??
> > 
> > It seems to me they're putting an additional layer of stuff ("OTP") between
> > the key generation and the actual encoding, so what's the problem with that,
> > as a concept?
> 
> a) what they're claiming is OTP isn't OTP.  They use algorithmicly
> generated "random" numbers.  Random numbers can't be algorithmicly
> generated.  If the numbers in "OTP" aren't random, it isn't OTP.  Its also
> very vulnerable.
> 
To quote the bard, King John, Act II at the end, Mad World, Mad Kings, Mad
Composition. We have repeatedly stated that we do not generate random
numbers, and agree that only hardware can generate true random numbers. I
have worked on more OTPs than probably all of the public responders to 
the cypherpunks lists put together. I know what kinds of tests that an OTP
must pass, and what they look like - I have designed very comprehensive
systems to analyzed them.

What I was trying to do,  using the neologism of "Software OTP," was to
point out that the encryptor stream will pass any of the tests that as
hardware produced OTP will. It is quite remarkable that so many of you
Simpleton's talk about the system without looking at it. Many of you have
and have found it to be intriguing. Paul Bradley admits to downloading the
system, he spent over five hours doing it according to our log, but he says
that he never did anything with it. Anyone that believes that also
believes that Paul knows how to brute force OTPs.

With Kindest regards,

Don Wood
[A






From wichita at cyberstation.net  Sat Nov 30 01:10:43 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 01:10:43 -0800 (PST)
Subject: Don Woods -- Crypto Creationist - Shannon Proof
In-Reply-To: <3.0.32.19961124114330.00dc0bec@mail.teleport.com>
Message-ID: <Pine.BSI.3.95.961130030250.19278I-100000@citrine.cyberstation.net>




On Sun, 24 Nov 1996, Alan Olsen wrote:

> At 02:18 AM 11/24/96 -0600, snow wrote:
> 
> >     The algorythm cannot be considered secure until it has been 
> >peer-reviewed. They refuse to release the algorythm for review, simply saying
> >that "you can't break the code" therefore "it is secure". 
> 
> Furthermore, in "Real Science", the burden of proof is on the one making
> the claim, not on the one everyone else to disprove it.
> 
> So far Mr. Wood has not provided any *proof* as to the substance of his
> claims.  He has provided some of the more interesting rants I have seen of
> late.  (Analysis of his style of posting is probibly better left to the
> Psychceramics list than Cypherpunks.)
> 
> Until he posts the algorythm (or at least some basis as to why we should
> trust his claims), his claims are worthless.  (As they would say on
> talk.origins: "Evidence is the coin of the realm here!".)
> 
You are correct other than for the fact that we have posted the
algorithm:

       http://www.netprivacy.com


And we have proven that it is unbreakable, as most of you are aware. Just 
look at the algorithm and you will understand why! It is self evident as
proven by Shannon. 

Also, there is no "s" in my last name, it is Wood, though call me
anything that you like. 

Also, as far as Perry not responding to me, he does but not on the
Cypherpunks list anymore. The other list is not personal, so we correspond
in private,

With kindest regards,

Don Wood






From wichita at cyberstation.net  Sat Nov 30 01:15:19 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 01:15:19 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <9611242036.aa13728@gonzo.ben.algroup.co.uk>
Message-ID: <Pine.BSI.3.95.961130031128.19278J-100000@citrine.cyberstation.net>




On Sun, 24 Nov 1996, Ben Laurie wrote:

> The Deviant wrote:
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> > 
> > > 
> > > At 6:56 PM 11/23/1996, The Deviant wrote:
> > > >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > > >> The good news is that you can prove a negative.  For example, it has
> > > >> been proven that there is no algorithm which can tell in all cases
> > > >> whether an algorithm will stop.
> > > >
> > > >No, he was right.  They can't prove that their system is unbreakable.
> > > >They _might_ be able to prove that their system hasn't been broken, and
> > > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > > >cryptosystems.
> > > 
> > > Please prove your assertion.
> > > 
> > > If you can't prove this, and you can't find anybody else who has, why
> > > should we believe it?
> > 
> > Prove it?  Thats like saying "prove that the sun is bright on a sunny
> > day".  Its completely obvious.  If somebody has a new idea on how to
> > attack their algorithm, it might work.  Then the system will have been
> > broken.  You never know when somebody will come up with a new idea, so the
> > best you can truthfully say is "it hasn't been broken *YET*".  As I
> > remember, this was mentioned in more than one respected crypto book,
> > including "Applied Cryptography" (Schneier).
> 
> It seems appropriate to quote Schneier on the subject:
> 
> "Those who claim to have an unbreakable cipher simply because they can't break
> it are either geniuses or fools. Unfortunately, there are more of the latter in
> the world."
>
I cannot argue with that, obviously he is correct.
> 
> And...
> 
> "Believe it or not, there is a perfect encryption system. It's called a
> one-time pad..."
> 
Paul Bradley and others believe that you can brute force One Time Pads.
Of course, you cannot and neither can you brute force our system. It is
mathematically impossible as we have expounded on at length in past
postings.

With Kindest regards,

Don Wood







From wichita at cyberstation.net  Sat Nov 30 01:20:59 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 01:20:59 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611250124.RAA07293@abraham.cs.berkeley.edu>
Message-ID: <Pine.BSI.3.95.961130031903.19278K-100000@citrine.cyberstation.net>




On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:

> 
> At 7:10 AM 11/24/1996, The Deviant wrote:
> >On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> >> At 6:56 PM 11/23/1996, The Deviant wrote:
> >> >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> >> >> The good news is that you can prove a negative.  For example, it has
> >> >> been proven that there is no algorithm which can tell in all cases
> >> >> whether an algorithm will stop.
> >> >
> >> >No, he was right.  They can't prove that their system is unbreakable.
> >> >They _might_ be able to prove that their system hasn't been broken, and
> >> >they _might_ be able to prove that it is _unlikely_ that it will be, but
> >> >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> >> >cryptosystems.
> >> 
> >> Please prove your assertion.
> >> 
> >> If you can't prove this, and you can't find anybody else who has, why
> >> should we believe it?
> >
> >Prove it?  Thats like saying "prove that the sun is bright on a sunny
> >day".  Its completely obvious.
> 
> In other words, you can't prove it.  Thought so.
> 
> >If somebody has a new idea on how to attack their algorithm, it might
> >work.  Then the system will have been broken.  You never know when
> >somebody will come up with a new idea, so the best you can truthfully
> >say is "it hasn't been broken *YET*".  As I remember, this was mentioned
> >in more than one respected crypto book, including "Applied Cryptography"
> >(Schneier).
> 
> Page number?
> 
> Perhaps it would be helpful to hear a possible proof.  If somebody
> were to show that breaking a certain cryptographic algorithm was
> NP-complete, many people would find this almost as good as proof that
> the algorithm is unbreakable.
> 
> Then if a clever person were to show that the NP-complete problems
> were not solvable in any faster way than we presently know how, you
> would have proof that a cryptographic algorithm was unbreakable.
> 
> There is no obvious reason why such a proof is not possible.
> 
> diGriz
> 
> 
I agree entirely, it is self evident that our system is unbreakable. Look
at it, as this author obviously has, and you will discover that truth for
yourself.

With kindest regards,

Don Wood


 






From wichita at cyberstation.net  Sat Nov 30 01:26:31 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 01:26:31 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <c2aXXD25w165w@bwalk.dm.com>
Message-ID: <Pine.BSI.3.95.961130032229.19278L-100000@citrine.cyberstation.net>




On Sun, 24 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> Alan Olsen <alan at ctrl-alt-del.com> babbles:
> > At 04:00 AM 11/24/96 -0500, Black Unicorn wrote:
> > >On Sun, 24 Nov 1996 eli+ at gs160.sp.cs.cmu.edu wrote:
> > >
> > >> Maybe this one's different from all of those.  How valuable a secret
> > >> would you like to wager on that?  If IPG wants credibility, they should
> > >> retain a respected cryptographer, or several, to attack their scheme.
> > >
> > >"They" attempt this nearly daily by trying to taunt c'punks into
> > >evaluating the product for free.
> >
> > Then someone should not do it for free.  They should do it as a "data
> > recovery tool", advertise widely, make a few bucks, and show what a piece
> > of crap the IPG snakeoil is in the first place.
> >
That is impossible, it is self evident that it cannot be done. There are
some people who are trying to break it, but they will obviously find that
is impossible.

> > Cracktools are starting to become a profitable business as more and more
> > snakeoil products appear on the market.  (Most are marketed to law
> > enforcement, but that will probibly change...)
> >
> > There is a buck or two to be made here.
> 
> There's probably more money to be made by blackmailing the snake-oil
> peddler (pay me so I don't release the cracktool for your crap) than
> by selling the cracktools themselves.
> 
> ---
Give up, no one can break the IPG system. That is a fact, not an opinion,
like some of the cypherpunks.

With kindest regards,

Don Wood






From wichita at cyberstation.net  Sat Nov 30 01:57:21 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 01:57:21 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <849030317.93771.0@fatmans.demon.co.uk>
Message-ID: <Pine.BSI.3.95.961130033459.19278M-100000@citrine.cyberstation.net>




On Mon, 25 Nov 1996 paul at fatbrain.demon.co.uk wrote:

> 
>  Known-plaintext:   Unbreakable, since the pad is never reused
>  Chosen-plaintext:  Unbreakable, ditto
>  Adaptive-chosen-plaintext: Unbreakable, ditto
> 
> Correct but for a different reason. 
No correct period, for the same reason. To paraphrase Gertrude Stein, an
OTP is an OTP is an OTP.


>Re-using the pad does render the 
> security useless but the other reason is if we know part of the pad 
> AND the ciphertext (and hence the plaintext) or part of the plaintext 
> and the ciphertext and therefore the pad, We cannot solve the rest of 
> the ciphertext as the pad is true random and the next bits are 
> independent of all the previous ones so we cannot predict from what 
> we have.
> 
More dumbest information, from FAT BRAIN. If an OTP is used more than
once, it is not an OTP by definition. Plaintext xor Plaintext, even in
derivative forms. Like so much of his dribble, that paragraph contains 
some words but I challenge anyone to tell us what it means. It simply
does not say anything which translates into anything meaningful.    


Frequently, you fill in some, and maybe even all of the plaintext, if you
have part of the plain text, for example if you have the partial signature
of a message emanating from the White House of:

       Wi      Jef            on

You might reasonably conclude that the missing characters could be filled
in to be: 
        
       William Jefferson Clinton


Two plaintexts xored together can reveal much more than you might think.

With Kindest regards,

Don Wood






From wichita at cyberstation.net  Sat Nov 30 02:05:10 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 02:05:10 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <849030305.93656.0@fatmans.demon.co.uk>
Message-ID: <Pine.BSI.3.95.961130040004.19278O-100000@citrine.cyberstation.net>




On , 25 Nov 1996 paul at fatbrain.demon.co.uk wrote:

> 
> > > Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
> > > you never know which break was the correct one ;)
> > 
> > Note that Schneier says "perfect", not "unbreakable".
> 

More gobbledegook about nothing. Yes it is perfect and yes it is
unbreakable!

snip......
> 
> IPG`s algorithm is definitely NOT an OTP and Don Wood is a snakeoil 
> merchant.
>

Play it Paul, (or is it Sam, or fatbrain).

Never has one person said so much and said nothing,

Lead on McPuff(ery)

 
With kindest regards,

Don Wood







From wichita at cyberstation.net  Sat Nov 30 02:15:40 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 02:15:40 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611270044.SAA11917@algebra>
Message-ID: <Pine.BSI.3.95.961130040801.19278Q-100000@citrine.cyberstation.net>




On Tue, 26 Nov 1996, Igor Chudov @ home wrote:

> paul at fatmans.demon.co.uk wrote:
> > Perfect is a better term. Strictly speaking it is because there is no 
> > finite unicity distance (the amount of ciphertext with which the 
> > cipher can theoretically be broken). So, stricly speaking, for a given 
> > message C and a prospective pad, P, out of a set of N pads which may 
> > or may not be correct:
> > 
> > P(P|C) = N^-1
> 
> What does it mean?
> 
Yes, McPuff, what does it mean. Like all of your other pabulum, it does not
mean anything that has any significance to anyone living or yet to live.
I also greatly appreciate you defining unicity distance for me, I have
always wanted to know that.

With kindest regards,

Don Wood







From wichita at cyberstation.net  Sat Nov 30 02:23:19 1996
From: wichita at cyberstation.net (wichita at cyberstation.net)
Date: Sat, 30 Nov 1996 02:23:19 -0800 (PST)
Subject: Provably "Secure" Crypto (was: IPG Algorithm Broken!)
In-Reply-To: <199611252028.MAA16855@vishnu.corsair.com>
Message-ID: <Pine.BSI.3.95.961130041844.19278R-100000@citrine.cyberstation.net>




On Mon, 25 Nov 1996, Dana W. Albrecht wrote:

> 
> 
> Our friend Don Woods seems to have inadvertently sparked what could be a 
> useful and serious discussion regarding "provably secure cryptography."



Not only that But I have proven that the IPG system is perfect, see the
proof at:

           http://www.netprivacy.com 

> 
And you can prove it to yourself, it is patently self evident iwhen you
examine the algorithm and uinderstand what it does.Need I say more.
Find out yourself.

Your friend,

Don Wood

> Not to be confused with the usual "unbreakable" snake oil we see peddled 
> so often, I refer to systems for which rigorous mathematical proof that 
> "there are no shortcuts" exists.  To my knowledge, no such systems, with 
> the exception of a real one-time pad, exist today.  However, I also 
> under the impression that ongoing research on this topic continues.  For 
> example, consider the work being done on "Lattice" cryptosystems (see 
> http://jya.com/lattice.htm).
> 
> "diGriz" is right.  Nothing precludes the existence of a cryptographic 
> algorithm for which a rigorous mathematical proof of "security" exists
> --- where "security" means a provable lower bound on the time required 
> for recovery of the key.  Indeed, it seems that finding such an 
> algorithm --- or providing the necessary rigorous proof for a current 
> algorithm --- is a laudable goal of academic cryptographic research.
> 
> Rigorous proofs of the non-existence of an algorithm are not new.  
> Neither are rigorous proofs that any algorithm which can solve a given 
> problem requires a minimal running time.  Or, in an even stronger sense, 
> that a particular known algorithm for a given problem is indeed a 
> (provably) optimal algorithm for that problem.
> 
> For a (non-cryptographic) example of a proof of the first sort --- that 
> is, that "there exists no algorithm" --- consider the famous "Halting 
> Problem" for Turing machines.  (I believe someone else has also 
> mentioned this.)  There are many proofs such as this one, often related, 
> though the Halting Problem itself is perhaps the most famous example.
> 
> For an (again, non-cryptographic) example of a proof of the second sort 
> --- that is, that "any algorithm that solves a given problem requires a 
> minimal running time" --- consider the proof that the "minimal" number 
> of key comparisons in the worst case required to sort a random list of 
> elements for which only an ordering relationship is known is O(nlog(n)).  
> See Knuth, Volume 3, section 5.3.  For a simpler example, a standard 
> "binary" search which requires O(log(n)) comparisons to find a given 
> element in the worst case is provably the optimal algorithm for this 
> task.
> 
> Turning once again to cryptography, there is presumably an "optimal" 
> algorithm for factoring a "general" number in the "worst" case.  Of 
> course, known algorithms for factorization seem to regularly improve and 
> no one has even suggested that any current algorithm is (provably) the 
> "optimal" algorithm.  Worse case bounds on running time for currently 
> known algorithms can certainly be produced, but no one currently knows 
> if these are the best algorithms.
> 
> However, just as one can say, "How do you know that tomorrow some 
> brilliant mathematician will not produce a polynomial time factorization 
> algorithm?" one can also say, "How do you know that tomorrow some 
> brilliant mathematician will not provide a rigorous proof that all 
> factorization algorithms --- in the worse case --- require some 
> specified minimal running time?"
> 
> While the current state of mathematical knowledge suggests that this is 
> not likely to happen anytime soon for the factorization problem, it is 
> encouraging to see work in areas where more rigorous proofs of security 
> are within closer reach.  Again, I refer to work on Lattice problems.  
> If the types of rigorous proof regarding "what can't be done" that are 
> known for the Halting Problem, sorting, and searching are available for 
> cryptographic problems, then this is indeed a major (and laudable) 
> advance in cryptography.
> 
> Obviously, discussion on this topic is unrelated to such security 
> problems as implementation mistakes, fault analysis, outright theft of 
> keys, etc.  I hope that I've been careful to explain what I mean by 
> "provably secure" and that it's not interpreted to include these types 
> of attacks.
> 
> I'm interested in the current state of research (if any) on this topic.  
> Other than what John Young sent to the list some time ago about Lattice 
> stuff --- which is certainly far from prime time --- I've not seen 
> anything else.  I also haven't devoted a lot of time to looking.
> 
> Relevant pieces of the earlier thread are included below.
> 
> Comments, anyone?
> 
> Dana W. Albrecht
> dwa at corsair.com
> 
> ----------------------------------------------------------------------------
> 
> 
> Eric Murray <ericm at lne.com> writes:
> > Don Wood <wichita at cyberstation.net> writes:
> > > Do not belive it, it will never happen. It is impossible,  and we can
> > > prove it to your satisfaction.
> > 
> > No, you can't.  It's impossible to prove an algorithim unbreakable.
> > You can only say that it hasn't been broken yet, but you can't
> > predict the advances in cryptoanalysis.
> > 
> > If, in two or three years, no one's broken it then maybe it'll seem
> > like a reasonably-secure algorithim.  Of course when someone does break
> > it you'll just say "oh, that wasn't the real algorithim" like you did
> > last time.
> 
> [ Snip ]
> 
> > You can't prove a negative.  The best IPG could say is that
> > it can't be broken with current technology.
> > Next week someone might come up with a new way
> > to break ciphers that renders the IPG algorithim breakable.
> > 
> > You point could have been that the same problem exists
> > for proofs- that next week someone could come up
> > with a way to prove, for all time, that an algorithim
> > really IS unbreakable.  So, to cover that posibility
> > I should have said "it's currently impossible to
> > prove an algorithim unbreakable". :-)
> 
> ----------------------------------------------------------------------------
> 
> "diGriz" anonymously writes: 
> > The good news is that you can prove a negative.  For example, it has
> > been proven that there is no algorithm which can tell in all cases
> > whether an algorithm will stop.
> 
> [ Snip ] 
> 
> > The best they can say is what they did say: they have a proof that
> > their system is unbreakable.  What you question, quite reasonably,
> > is whether they have such a proof.
> 
> [ Snip ]
>  
> > Or, more accurately, nobody credible has seen such a proof.  But, a
> > clever person might invent one.
> 
> ----------------------------------------------------------------------------
> 
> The Deviant <deviant at pooh-corner.com> writes: 
> > No, he was right.  They can't prove that their system is unbreakable.
> > They _might_ be able to prove that their system hasn't been broken, and
> > they _might_ be able to prove that it is _unlikely_ that it will be, but
> > they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > cryptosystems.
> > 
> > > >The best IPG could say is that
> > > >it can't be broken with current technology.
> > > >Next week someone might come up with a new way
> > > >to break ciphers that renders the IPG algorithim breakable.
> > > 
> > > The best they can say is what they did say: they have a proof that
> > > their system is unbreakable.  What you question, quite reasonably,
> > > is whether they have such a proof.
> > 
> > It is impossible to prove such a thing.  It's like saying you have proof
> > that you have the last car of a certain model ever to be built.  Anybody
> > could come along and build another, and then you don't have the last one.
> > 
> > > 
> > > >You point could have been that the same problem exists
> > > >for proofs- that next week someone could come up
> > > >with a way to prove, for all time, that an algorithim
> > > >really IS unbreakable.  So, to cover that posibility
> > > >I should have said "it's currently impossible to
> > > >prove an algorithim unbreakable". :-)
> > > 
> > > Or, more accurately, nobody credible has seen such a proof.  But, a
> > > clever person might invent one.
> > 
> > There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
> > universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
> > be proven.  It never has been proven, and it never will be proven.  People
> > have new ideas, new algorithms are invented.  Someday, somebody will crack
> > _all_ the cryptosystems that have now been invented.
> 
> [ Snip ]
> 
> > diGriz anonymous writes:
> > > At 6:56 PM 11/23/1996, The Deviant wrote:
> > > >No, he was right.  They can't prove that their system is unbreakable.
> > > >They _might_ be able to prove that their system hasn't been broken, and
> > > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > > >cryptosystems.
> > > 
> > > Please prove your assertion.
> > > 
> > > If you can't prove this, and you can't find anybody else who has, why
> > > should we believe it?
> > 
> > Prove it?  Thats like saying "prove that the sun is bright on a sunny
> > day".  Its completely obvious.  If somebody has a new idea on how to
> > attack their algorithm, it might work.  Then the system will have been
> > broken.  You never know when somebody will come up with a new idea, so the
> > best you can truthfully say is "it hasn't been broken *YET*".  As I
> > remember, this was mentioned in more than one respected crypto book,
> > including "Applied Cryptography" (Schneier).
> 
> ----------------------------------------------------------------------------
> 
> "diGriz" Anonymously responds:
> > Page number?
> > 
> > Perhaps it would be helpful to hear a possible proof.  If somebody
> > were to show that breaking a certain cryptographic algorithm was
> > NP-complete, many people would find this almost as good as proof that
> > the algorithm is unbreakable.
> > 
> > Then if a clever person were to show that the NP-complete problems
> > were not solvable in any faster way than we presently know how, you
> > would have proof that a cryptographic algorithm was unbreakable.
> > 
> > There is no obvious reason why such a proof is not possible.
> > 
> > diGriz
> 



With Kindest regards,

Don Wood






From paul at fatmans.demon.co.uk  Sat Nov 30 03:12:34 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Sat, 30 Nov 1996 03:12:34 -0800 (PST)
Subject: Sound card as a random number source ??
Message-ID: <849351681.94527.0@fatmans.demon.co.uk>



 
> And what if I will use FM receiver, tuned on some channel where is the noise.
> If the potentional attacker don't know the what channel was tuned, he is not
> able to reproduce this IMHO. Of course, maybe it is possible to record the whole
> spectrum to tapes, but I think that the noise will change when recorded and
> played back from tape.


It might possibly be random enough, especially if you use a tape 
recorder of a reasonably poor quality, thus inducing wow and flutter 
noise to the recording before it is sampled. anyone else care to 
comment?

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From bgrosman at healey.com.au  Sat Nov 30 04:08:14 1996
From: bgrosman at healey.com.au (Benjamin Grosman)
Date: Sat, 30 Nov 1996 04:08:14 -0800 (PST)
Subject: Announcement: Very Good Privacy
Message-ID: <2.2.32.19961201090304.0075804c@healey.com.au>


Dear Sir,

>	I'm not sure how an encryption product that uses encryption
>	algorithms weaker than Pretty Good Privacy can be described
>	as being better than PGP.  
>
>	Especially when all the algorithms listed have known problems
>	of one kind, or another.   << And yes, I know that the known
>	problems -- in some instances --- are entirely theoretical in
>	nature.  >>

What puzzles me is that he included two cyphers that are _extremely_ easy to
break, the vignere cypher and the ascii cypher. Why include these? And what
is his new permutation of RC4 and DES?

Yours Sincerely,

Benjamin Grosman






From pgut001 at cs.auckland.ac.nz  Sat Nov 30 05:22:11 1996
From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz)
Date: Sat, 30 Nov 1996 05:22:11 -0800 (PST)
Subject: Strong-crypto smart cards in Singapore and Germany
Message-ID: <84936010217079@cs26.cs.auckland.ac.nz>


Wednesday's "Straits Times" contains two front-page articles on the 
introduction of a CashCard which acts as an electronic wallet capable of 
storing from $10-$200 ("Dr Hu launches cash-in-a-card payment system"), and an 
identity card capable of Internet electronic transactions with (presumably 
RSA) 1024-bit encryption ("50,000 to take part in electronic ID trials").  The 
ID card can also be implemented as software on disk.  It appears to be purely 
a form of storing an ID which is then transmitted in encrypted form.  The 
CashCard, on the other hard, is an electronic wallet developed by a group of 
Singapore banks.  There are no details on how it works, except that it doesn't 
have any sort of protection - it's up to you to make sure the card isn't 
stolen.
 
The standardisation committee of the German banks have also produced an 
electronic wallet which should have 25 million (yes, 25M) users by January of 
next year.  Again, this is a pure electronic wallet, with 2-key triple DES and 
768-bit (to become 1024-bit) RSA encryption.  The relevant standards are still 
in the process of being translated, but should be available Real Soon Now (the 
complete specification will be made public).  This looks like a very nice 
system, and unlike Mondex doesn't rely entirely on the hope that criminals 
can't get at the data on the card.
 
Peter.
 






From dlv at bwalk.dm.com  Sat Nov 30 08:10:52 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:10:52 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130033459.19278M-100000@citrine.cyberstation.net>
Message-ID: <TeP8XD35w165w@bwalk.dm.com>


Don Wood <wichita at cyberstation.net> writes:
>
> On Mon, 25 Nov 1996 paul at fatbrain.demon.co.uk wrote:
>
> More dumbest information, from FAT BRAIN. ...

Don, a word of caution. You've been excrutiatingly civil throughout this
discussion, while the cypherpunks have been, well, punks. Paul Bradley's
favorite arguments are to put "(spit)" after your name or to call anything
he can't understand "bullshit". Paul can get away with it, but if you stoop
on their level, then a) you sound more like them, and you don't want to
do that, I'm sure, b) you might get a nastygram from John Gilmore, the
50-ish long-haired bitch who's the "owner" of this "private mailing list".

Caution: John Gilmore is a liar and a content-based censor.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 30 08:10:53 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:10:53 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130023512.19278G-100000@citrine.cyberstation.net>
Message-ID: <e3o8XD34w165w@bwalk.dm.com>


Don Wood <wichita at cyberstation.net> writes:
> > Different ball game.  OTP isn't "unbreakable" .  OTPs are secure because
> > no matter what key you use, it _will_ decrypt, so your plaintext is still
> > hidden simply because it could decrypt to whatever the person trying to
> > decrypt it wants it to.  Its not that its unbreakable, its that its
> > breakable in _so many ways_.
>
> More nonsense - unbreakable means that you cannot determine what the
> plaintext is. Shannon proved that you cannot prove what the plaintext
> is for OTPs, or for the system we have developed either. The fact that it
> could possibly be any plain text simply is another way of saying that it
> is unbreakable, they are one and the same thing. Like so many you are
> talking in circles and do not know what you are talking about or you
> would not waste your time on such nonsense - Paul Bradley even knows how
> to brute force OTPs, so you must be wrong there to.

That's precisely right - (almost all) cypherpunks have no idea what they're
talking about. They use "kewl" words without understanding what they mean.
The recent discussion of whether the (allegedly gay) droid Data used PGP
or "fractal encryption" in some scifi movie is a good example.

Some of these bullies, like Paul Bradley, realize that they don't know
the meanings of the words they use. Paul Bradley not only posts nonsense
about brute force attacks on OTP, but also harrasses anyone who exposes
his utter ignorance, in en effort to intimidate them into shutting up.

"Cypherpunks'" opinion of any proposed new cryptosystem is worthless and
irrelevant.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 30 08:12:34 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:12:34 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130032229.19278L-100000@citrine.cyberstation.net>
Message-ID: <aqP8XD37w165w@bwalk.dm.com>


Don Wood <wichita at cyberstation.net> writes:
> On Sun, 24 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
> >
> > There's probably more money to be made by blackmailing the snake-oil
> > peddler (pay me so I don't release the cracktool for your crap) than
> > by selling the cracktools themselves.
> >
> Give up, no one can break the IPG system. That is a fact, not an opinion,
> like some of the cypherpunks.

I've been *very* busy lately and have not had a chance to examine the IPG
system with the level detail it deserves. So far I haven't seen any weaknesses
discussed on this mailing list. The above quote does NOT refer to your system.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 30 08:12:34 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:12:34 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130013052.19278A-100000@citrine.cyberstation.net>
Message-ID: <BVP8XD38w165w@bwalk.dm.com>


Don Wood <wichita at cyberstation.net> writes:

> On Mon, 25 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
>
> > paul at fatmans.demon.co.uk writes:
> >
> > >
> > > >      The algorythm cannot be considered secure until it has been
> > > > peer-reviewed. They refuse to release the algorythm for review, simply
> > > > that "you can't break the code" therefore "it is secure".
> > >
> > > This isn`t strictly true. Don Wood (spit) has actually released the
> > > algorithm details for review.
> >
> > What did poor Don Wood do to deserve the (spit) after his name? Is he a lia
> > and a content-based plug-puller, like John Gilmore (spit)? Is he an ignoran
> > pseudo-cryptoid like Paul "Brute Force Attack on One-Time Pad" Bradley (spi
>
> Amen, and that is only a small part of the gobbldegook that  Bradley and
> his claque  have turkey squatted on you. As I have said before,
>     PBradleyinfo = PBradleyinfo log_base_infinity PBradleyinfo

Pabulum @ Fatbrain about says it all... This net.thug tries to indimidate his
"opponents" by using, without understanding, "kewl" words like "unicity
distance". When that doesn't work, he resorts to words like "bullshit" and to
putting "(spit)" after his "opponents'" names. Paul also mailbombed me by
e-mailing me many copies of my own cypherpunks articles with various
obscenities attached, so I had to have him filtered out. He clearly has no
more credibility than John Gilmore, and their opinions about any proposed
cryptosystem are worthless and totally irrelevant.

Paul should switch to writing science fiction about "brute-force attacks on
one-time pads", where he can use "kewl"-sounding words like "unicity distance"
whose meanings he doesn't understand, and he'll be crtiticized less. Like, no
one would criticize Larry Niven if "Ringworld" were shown to be nonsense from
mechanical engineering point of view, because mechanical engineering is a
complex technical subject, just like cryptography, and science fiction is
escapist entertainment for juveniles, not a technical discussion forum, just
like the "cypherpunks" mailing list. A science fiction writer doesn't have to
understand the meaning of the technical terms he (ab)uses. Creative licence,
you know.

> Thanks Dr. Vulis and DT and others for yur kindness.

You're very welcome. I've seen other people harrassed, verbally abused, and
either hounded off of this mailing list, or forcibly unsubscribed by John
Gilmore, its lying owner, and most of them happen to be Jewish (myself, Fred
Cohen, David Sternlight...) Dale too is starting to get flamed. I wonder if
that has anything to do with Tim May's rants about the descruction of Israel
and extermination of all Jews?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From whgiii at amaranth.com  Sat Nov 30 08:24:28 1996
From: whgiii at amaranth.com (William H. Geiger III)
Date: Sat, 30 Nov 1996 08:24:28 -0800 (PST)
Subject: Strong-crypto smart cards in Singapore and Germany
In-Reply-To: <84936010217079@cs26.cs.auckland.ac.nz>
Message-ID: <199611301740.LAA29497@mailhub.amaranth.com>


In <84936010217079 at cs26.cs.auckland.ac.nz>, on 12/01/96 
   at 02:21 AM, pgut001 at cs.auckland.ac.nz said:

>Wednesday's "Straits Times" contains two front-page articles on the 
>introduction of a CashCard which acts as an electronic wallet capable of 
>storing from $10-$200 ("Dr Hu launches cash-in-a-card payment system"),
>and an  identity card capable of Internet electronic transactions with
>(presumably  RSA) 1024-bit encryption ("50,000 to take part in electronic
>ID trials").  The  ID card can also be implemented as software on disk. 
>It appears to be purely  a form of storing an ID which is then
>transmitted in encrypted form.  The  CashCard, on the other hard, is an
>electronic wallet developed by a group of  Singapore banks.  There are no
>details on how it works, except that it doesn't  have any sort of
>protection - it's up to you to make sure the card isn't  stolen.
> 
>The standardisation committee of the German banks have also produced an 
>electronic wallet which should have 25 million (yes, 25M) users by
>January of  next year.  Again, this is a pure electronic wallet, with
>2-key triple DES and  768-bit (to become 1024-bit) RSA encryption.  The
>relevant standards are still  in the process of being translated, but
>should be available Real Soon Now (the  complete specification will be
>made public).  This looks like a very nice  system, and unlike Mondex
>doesn't rely entirely on the hope that criminals  can't get at the data
>on the card.
> 

<sigh> Big Brother comming to a bank near you.

Does anyone understand the implications of a society moving to an
electroinc cash based system??

All trasactions will be recorded, moitored, tracked & analysed. This is
not just the government that one has to worry about but corporations also.

Insurance industry:

- Gee Mr. Jones seems that you buy too much junk food & red meat. Our
actuaries say this makes you a "high risk".

- Gee Ms. Smith you speend too much money at the bars. Our actuaries say
you are a high risk for DUI & accidents. 

Company Employment:

- Gee Mr. Thompson you spend too much on beer & cigarettes. Oh yes we
don't like the magizines you read either.

IRS:

- Well, well, well Mr & Ms Washington our records show that you spent
$50,000 last year but only declaired $35,000 care to explain where the
extra money came from??

And the bueaty of this system is the crypto. Every transaction you make
has your crypto signature. No deniability. Your John Hancock on every pack
of ciggarettes, case of beer, every Playboy magizine, every book you buy,
any charities or political orginizations you contribute to. Every intamate
detail of your life in someones computer somewhere.


Ahhhh... What a Brave New World we are creating!

P.S. For those of you dreaming of anonymous e-cash & the crypto anarchy of
the future; do you really think the government & banking industries are
going to give up controll of the curency regardless of what for it takes? 


-- 
-----------------------------------------------------------
"William H. Geiger III" <whgiii at amaranth.com>
-----------------------------------------------------------






From dlv at bwalk.dm.com  Sat Nov 30 08:41:03 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 08:41:03 -0800 (PST)
Subject: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <199611300829.BAA22027@infowest.com>
Message-ID: <NLR8XD40w165w@bwalk.dm.com>


attila at primenet.com writes:
>         we, and I mean all of us, who contribute the bulk of the
>     "opinions" to cypherpunks gave the mainstream press the biggest
>     possible hole to run straight over us, declaring us anarchists
>     and wild-eyed fanatics. unless we as a group mend our ways, and
>     turn out intelligent reasoning for the advance of cryptography as
>     a mainstream way of life, we will be forever consigned not only to
>     the dustbin, but subject to the ridicule of both the press and the
>     government.

Ridicule is what John Gilmore and EFF deserve, and more.

>         None of us are above a little sarcasm --but let's get the
>     vituperative effluent out of the system.  do whatever you wish in
>     private mail, but keep the profane rantings off the list.
>
>             this goes for you, Dimitri; and "aga" too.

I suspect John Gilmore is opposed to the spread of cryptography and privacy
technology. He _opposed my efforts to template NPOs for running the anonymous
remailers, because he believes in "identity escrow" - the ability of the
remailer operators to track down and silence whoever "abuses" their network to
say things "homophobic" and otherwise politically incorrect. John Gilmore and
his pack of 'punks would rather see no crypto deployed than widely available
weak crypto with hooks that permit easy replacement by stronger crypto.
Is John Gilmore an NSA plant, an "agent provocateur"?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From mrosen at peganet.com  Sat Nov 30 08:54:53 1996
From: mrosen at peganet.com (Mark Rosen)
Date: Sat, 30 Nov 1996 08:54:53 -0800 (PST)
Subject: Announcement: Very Good Privacy
Message-ID: <199611301658.LAA05327@mercury.peganet.com>


> What puzzles me is that he included two cyphers that are _extremely_ easy
to
> break, the vignere cypher and the ascii cypher. Why include these? And
what
> is his new permutation of RC4 and DES?
	The reason I included ASCII and Vigenere was because they are very fast;
on a friend's machine, I can get 1.7mb/s with ASCII but only around 600k/s
with NewDES, the fastest "secure" cipher. I do agree that it is kind of
redundant to include both ASCII and Vigenere, as from a cracking
standpoint, they are both identical. As for Psuedo-RC4, that is just to try
to avoid a lawsuit from RSADSI; RC4 is a trademark. NewDES is an actual
algorithm; it's even mentioned in Applied Cryptography. It does have some
holes and is in fact less secure than DES (refer to Applied Cryptography
for details on this); I included that because it is fast and provides much,
much more security than ASCII or Vigenere, even if it is less secure than
DES.


Mark Rosen
FireSoft - http://www.geocities.com/SiliconValley/Pines/2690
Mark Eats AOL - http://www.geocities.com/TimesSquare/6660





From mrosen at peganet.com  Sat Nov 30 08:57:35 1996
From: mrosen at peganet.com (Mark Rosen)
Date: Sat, 30 Nov 1996 08:57:35 -0800 (PST)
Subject: Announcement: Very Good Privacy
Message-ID: <199611301700.MAA05435@mercury.peganet.com>


> > 	I have written an encryption program called Very Good Privacy 
> 
> 	Trademark violation here.   Probably not a good thing.
	Is PGP trademarked? Are you sure? And if it is, is naming something Very
Good Privacy a violation? Why? Legal people, please help!

> 	I'm not sure how an encryption product that uses encryption
> 	algorithms weaker than Pretty Good Privacy can be described
> 	as being better than PGP.  
> 
> 	Especially when all the algorithms listed have known problems
> 	of one kind, or another.   << And yes, I know that the known
> 	problems -- in some instances --- are entirely theoretical in
> 	nature.  >>
	In your quote, you deleted the smiley about VGP. It's a joke. Your claim
that VGP is weaker than PGP is unfounded, as VGP uses IDEA, which is the
symmetric algorithm used in PGP. ASCII and Vigenere are very weak, but they
are fast and geared toward people who simply want to stop their brother or
sister from getting into something. As for the security of other
algorithms, BlowFish is used in PGPfone and RC4 is used in SSL -- since you
control the key size in VGP, you can make RC4 virtually unbreakable (not to
mention the problem of the attacker figuring out the key size in the first
place).

Mark Rosen
FireSoft - http://www.geocities.com/SiliconValley/Pines/2690
Mark Eats AOL - http://www.geocities.com/TimesSquare/6660





From dlv at bwalk.dm.com  Sat Nov 30 09:30:14 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 09:30:14 -0800 (PST)
Subject: Seditious Cable!
In-Reply-To: <199611291923.UAA25308@basement.replay.com>
Message-ID: <XFu8XD50w165w@bwalk.dm.com>


nobody at replay.com (Anonymous) writes:

>  dlv at bwalk.dm.com wrote to All:
>
>  d> Doug Barnes <cman at c2.net> writes:
>  >> (Taiwan story warning...) This reminds me of the pirate cable
>  >> TV wars, which hit their peak during my stay there --
>
> [...]
>
>  d> Now, what would the U.S. government (state or los federales) do in a
>  d> similar situation? They'd probably fine any resident found with a
>  d> cable TV thousands of dollars and if that didn't work, they'd start
>  d> jailing people. Maybe even burn a few TV viewers, a la Waco. :-)
>
> And these are the folks you want to maintain your key escrow?

This is another example of lies being spread by John Gilmore and his cronies.
I don't want the U.S. Government to maintain my or anyone else's key escrow.

                        JOHN GILMORE IS A LIAR.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dthorn at gte.net  Sat Nov 30 09:58:37 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 30 Nov 1996 09:58:37 -0800 (PST)
Subject: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <199611300829.BAA22027@infowest.com>
Message-ID: <32A070DF.49A5@gte.net>


attila at primenet.com wrote:
> In <9611300437.AA05806 at adsl-122.cais.com>, on 11/29/96
>    at 11:37 PM, Tim Scanlon <tfs at adsl-122.cais.com> said:
> ::(with apoligies to attila, who all this was NOT directed at) Tim Scanlon
>         no, I didn't read it that way, Tim. thanx for the tag though!

[snip]

I hope a lot of people read this - an excellent post in spite of the
paranoia.  However, there's a suggestion below (and perhaps in the [snip])
that government would use the rants by "aga" and the famous "Doctor" to
cut back on freedom, that somehow it would prove that cypherpunks are
inherently or latently "crazy" or whatever.

It's never been my impression that those kinds of rants had anything to
do with govt. clampdowns, in fact, the clamping down would more likely
follow the cypherpunks' heavy-handed responses to said rants.  Seems to
me that teaching how to filter would be the universal solution.

> 
>         None of us are above a little sarcasm --but let's get the
>     vituperative effluent out of the system.  do whatever you wish in
>     private mail, but keep the profane rantings off the list.
>             this goes for you, Dimitri; and "aga" too.







From dispatch at cnet.com  Sat Nov 30 10:02:59 1996
From: dispatch at cnet.com (The CNET newsletter)
Date: Sat, 30 Nov 1996 10:02:59 -0800 (PST)
Subject: NEWS.COM DAILY DISPATCH
Message-ID: <199611301748.JAA03431@cappone.cnet.com>


***************************************

NEWS.COM DAILY DISPATCH
Wednesday, November 27, 1996
San Francisco, California, USA

***************************************

WELCOME!

***************************************

The NEWS.COM DAILY DISPATCH highlights the up-to-the minute technology news
presented by NEWS.COM. It tempts readers with coverage of today's hottest
stories, news in the making, (in)credible rumors, and other indispensable
information.

For complete versions of the stories updated all day long, head over to:

   http://www.news.com/?nd

***************************************

CONTENTS

SCOOPS AND TOP STORIES
     Online rivals Gates and Case circle each other
     Attention Comdex survivors! Need someone to feel yur paynnne?
     AOL's prix fixe might cause another service delay
     Intel's multimedia chip: More suitable for fun & games than business?


ANNOUNCEMENTS
     An easy way for you to customize NEWS.COM
     Late-breaking stories just a click away with Desk Top News
     Send us your questions, comments, flotsam, and jetsam

***************************************

SCOOPS AND TOP STORIES

ONLINE RIVALS GATES AND CASE CIRCLE EACH OTHER
The online world has become a killing field. CompuServe pulls the plug on
its consumer-based Wow service; Prodigy, at the bottom of the heap,
transmogrifies Kafka-like into an ISP. Now, as the mighty Web threatens to
consume all in its path, these two cyberbehemoths engage in a struggle for
the whole enchilada.

   http://www.news.com/SpecialFeatures/0%2C5%2C5770%2C00.html?nd


ATTENTION COMDEX SURVIVORS! NEED SOMEONE TO FEEL YUR PAYNNNE?
Okay, you've been through a lot, granted...but speaking out about your
Comdex trials and tribulations can help the all-important healing process
begin. So please, send us your war stories. We will publish the five best,
and the winners--picked on a totally subjective basis by our editorial
staff-- will get supercool CNET T-shirts. Send your tales to
suggestions at news.com, and include the words 'Comdex stories' in the subject
of your message. P.S. Don't forget to check out our comprehensive coverage
of the sublime and the ridiculous at Comdex '96.

   http://www.news.com/Comdex/?nd


AOL'S PRIX FIXE OFFER MIGHT CAUSE ANOTHER SERVICE DELAY
Just when you AOLers thought it was safe to go back online, the possibility
of another service glitch rises up on the cyberhorizon. Starting on December
1, AOL's 7 million users have the option of switching to an all-you-can-eat
pricing offer; the resultant "usage surge" may cause service delays,
according to a recent AOL announcement. Wise users might consider getting
their heavy surfing done this long weekend, once that turkey-induced coma
sets in.

   http://www.news.com/News/Item/0%2C4%2C5783%2C00.html?nd


INTEL'S MULTIMEDIA CHIP: MORE SUITABLE FOR FUN AND GAMES THAN BUSINESS
Intel's latest technological achievement, the MMX Pentium processor, would
certainly be ideal for running sophisticated business applications--that is,
if there WERE sophisticated business applications for it to run. At this
point, MMX seems more useful in entertainment and gaming settings than in
the executive suite. The $64,000 question: will developers build for this
flashy new kid on the block?

   http://www.news.com/News/Item/0%2C4%2C5782%2C00.html?nd


***************************************

ANNOUNCEMENTS

AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM
So many bits, so little time? Sounds like you need Custom News. Identify
the topics, keywords, or sections you're most interested in, and Custom News
will a create a page of headlines and summaries for all stories that match
your criteria. Check it out at:

http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1

***************************************

LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS
How would you like having split-second access to the very latest news on
the Net? Our Desk Top News feature puts our 20 most recent stories right
there on your desktop for you to review at any time. Here's how it works:

1. From any story, click Desk Top News in the top right.
2. A window will open showing our last 20 stories.
3. Click on a headline to display the story.
4. Desk Top News updates itself every 30 minutes.
5. You become known as Ms./Mr. Cyber-Info. It feels good.

   http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd

***************************************

SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM
If you have any questions, suggestions or remarks, send us a message:

   newsdispatch at cnet.com

***************************************

CNET: The Computer Network
   http://www.cnet.com/
   http://www.news.com/
   http://www.gamecenter.com/
   http://www.download.com/
   http://www.search.com/
   http://www.shareware.com/





From ichudov at algebra.com  Sat Nov 30 10:03:22 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 10:03:22 -0800 (PST)
Subject: Ignoramus Chewed-Off on IPG algorithm
Message-ID: <199611301759.LAA13760@manifold.algebra.com>


Hi,

I was sort of tired of endless talk that "IPG algorithm was not 
peer-reviewed, blah blah blah, so we won't even look at it, 
blah blah blah", and decided to look at what Don Wood writes and
try to see how his program actually works. 

Of course, I am not an expert in cryptography, and will appreciate all
corrections. The web page to look at is http://www.netprivacy.com/algo.html,
and it describes IPG algorithm in some detail.

First of all, the description of the algorithm is extremely unclear. I
understand that this may be Don Wood's writing style, but it is certainly 
not the most efficient style for precise communications. I suggest that
Don tries to rewrite his description to be more structured.

Second, I seriously suspect that his algorithm of "trimming" is NOT
going to work right. Just to remind everyone, he generates pseudo-random
A(JV), B(JV), C(JV) such that

	16384 <  C < 20361
	         B < 12227
	A arbitrary (at least the web page contains no restrictions 
	  on the value of A).

and then goes on to "trimming" -- a process that obtains a new value
of A that is LESS than 16384 through this algorithm: 

       DO
         JV=JV+1
         IF JV=53 THEN JV=0
         A(JV)=(A(JV)+B(JV)) MOD C(JV)
       UNTIL A(JV)<16384

We shall first note that THERE ARE CASES WHEN THIS ALGORITHM WILL NEVER
STOP! For example, if all A values are _initially_ 16385 and all C
values are 16386 and all B's are 0, it is obvious that the pseudocode 
above will be stuck in endless loop.

No good for IPG algorithm.

in fact, if only some triplets of A, B, and C have B == 0 and 16384 < A < C,
these triplets will always be ignored (skipped) by his trimming process.

Second, IPG's claim that ``Of even greater importance is the second role
of producing a distribution of the numbers 0 to 16383, so that the
number of each of those numbers produce, asymptotically approach an
even distribution, in the same way that theoretically a true random
number generator produces a set of numbers whose frequency
asymptotically approach an even distribution'' is FALSE:

I do not see why the distribution of A's should necessarily contain all
numbers from 0 to 16383, less to "approach" an even distribution. For
example, if all initial A, B, and Cs are even numbers, we'll obviously
never get an odd number for A(JV), no matter how many iterations.

If, say, 40 out of 53 of triplets A, B, and C contain only even numbers
(not a statistical impossibility!), then about 75% of resulting values of
A(JV) will be even.

No good for the keystream. There are many more imperfections than just
related to all-even triplets.

- - - -

Let's go on, to the description of the "scrambling tables" and 
actual encryption.

He uses three tables, DIFF, DISP, DETR, each containing 4096 elements.
DISP is randomly generated (or so I understand his term "prescrambled"),
DIFF is a random transposition of DISP (same values as in DISP, but in
another order), and DETR, again, is filled with some random data.

It does not really matter to my analysis how DISP and DETR are generated.

Here's how he encrypts the data (in a loop for I from 0 to 4095):

                       D1=(D1+A(JV)) AND 4095
                       D2=DISP((D2+D1) AND 4095)
                       F=DETR(D2)<<8
                       D3=(D3+D2) AND 4095
                       BUF(DIFF(I))=BUF(DIFF(I)) XOR (F+(DETR(DISP(D3))))

I.e., D1, D2, and D3 are regenerated each pass of the loop and then are
used to encrypt item DIFF[I] (i.e., 2-byte word with index DIFF[i], NOT
I). 

That is very bad: what it means is that we are not guaranteed that all
BUF[i] will be scrambled! It is fairly clear that about 1/(e*e) (e is
the base of natural logs) will be left unscrambled!!!

This follows from the fact that even with perfectly random numbers used
as DIFF[i], the probability that a cell J will be scrambled is 2/4096
(it is 2 and not 1 since each hit covers two bytes and not one).
Therefore, the probability  that cell J will be left unscrambled is

                (1-2/4096) ** 4096

which is approximately equal exp(-2) == 1/(e*e).

It means that 1 out of seven characters will be left unencrypted at all.

No good for a stream cipher. I think that his cipher could have been
made stronger if he actually did not use DIFF[i] as an index and used
I instead.

Still, of course, his algorithm has nothing to do with one time pads.
Since this is clearly not a matter of high theories but a simple question 
of accepted definitions, there is little point to argue about it and I
preferred to address details of his algorithm instead.

There may be more problems with IPG algorithm that I simply missed.

I would appreciate your corrections and notes.

Thank you.

	- Igor.





From unicorn at schloss.li  Sat Nov 30 10:12:04 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 30 Nov 1996 10:12:04 -0800 (PST)
Subject: denial of service and government rights
In-Reply-To: <3.0.32.19961129195752.00730f7c@mail.io.com>
Message-ID: <Pine.SUN.3.94.961130124851.5120K-100000@polaris>


On Fri, 29 Nov 1996, Greg Broiles wrote:

> 1.	Seizure & retention as evidence or instrumentality of a crime - e.g., if
> someone breaks into my house, steals my gun, and uses it to shoot someone,
> it'll be a long damn time before I get my gun back.

[...]

> of luck. Bummer. I don't see any reason why this wouldn't be true for a
> computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure (but seizure is not
> forfeiture) of "property that constitutes evidence of the commission of a
> criminal offense". 

It is true of computers.
Take the case of Ripco (the Chicago BBS raided in the SunDevil raids back
when).

I don't think "Dr. Ripco" has yet gotten his equipment back.  I don't know
for sure, but what I do know is that 5 years after the raid, he still had
certainly not gotten anything back.  Keep in mind that the feds took
everything which even looked computer-like in his rather substantial
workshop, including telephones, VCR equipment, burners, the works.

Recall also that Ripco was never specifically charged (or the minor
charges that they did try to pin didn't stick).

Also recall that Ripco (now ripco.com) was raided with a -sealed- warrant.
I dont think that the contents of that warrant have, even today, been
released (though I could be mistaken).  Certainly 5 years after they had
not.

> 2. 	Forfeiture of the instrumentality of a crime, or of a nuisance - cf.
> _Bennis v. Michigan_ <http://www.law.cornell.edu/supct/cases/94-8729.html>,
> the recent Supreme Court case where the "Justices" (cough cough) upheld the
> forfeiture of a wife's half interest in a car which was used (without her
> knowledge/consent) by her husband to facilitate the crime of prostitution.

See my past article on this case.

> The Supreme Court rejected the idea that the Fifth Amendment's takings
> clause or the Fourteenth Amendment's due process clause prevents the
> forfeiture of the instrumentality of a crime without a showing of
> culpability on the part of the owners. Some forfeiture statues (e.g., 21
> USC 881, 1989 Oregon Laws Chapter 791, both re drug-related forfeitures)
> provide for an "innocent owner" defense to forfeiture, but the Supreme
> Court doesn't seem to think that's required as a matter of constitutional
> law.  Fed.Rul.Crim.Pro 41(b)(3) allows the seizure of "property designed or
> intended for use or which is or has been used as the means of committing a
> criminal offense".

Nice summary.

>  There's an excellent resource available re computer search & seizure at
> <http://www.epic.org/security/computer_search_guidelines.txt> - it's the US
> DOJ's "Guidelines for Searching & Seizing Computers", pried loose by an
> EPIC FOIA request and scanned.
> 
> But there's a big difference between "seizure" and "forfeiture".

I'd argue with computer hardware it is a distinction without a difference.
Seizing computer hardware (like Ripco's stuff) for in excess of 5 years is
tantamount to forfeiture given depreciation and so forth.

Add to this the very liberal rules about how long the feds can take to
even CHARGE you with a crime after seizure....

> It's
> possible that recent legislation has done for computer crime what the drug
> forfeiture laws have done with respect to title in property - 21 USC 881(h)
> indicates that "All right, title, and interest in property described in
> subsection (a) of this section [e.g., property used in connection with a
> drug crime] shall vest in the United States upon commission of the act
> giving rise to forfeiture under this section." Given the innocent owner
> defenses available in an 881 forfeiture, (h) sounds scarier than it works
> out to be.

RICO has the same problems, and also in the context of innocent 3rd
parties.  Innocent owner protection is mostly in the form of definition.
Specifically what is an "instrumentality of the crime" and what is a
"passive object" which just happened to be involved.  The real weakness is
that this is generally a question of law and tends to end up in the hands
of judges, not juries, to decide.  It has factual elements, to be sure,
but not enough in the current construct to make me feel secure that a jury
is really the only gateway to finding something an "instrumentality."

> So yes, there may be a statute which gives title to the government in
> computers used to commit crimes, and no, the Supreme Court won't
> necessarily care about an "innocent owner".

Again, I would argue that such a statute needn't even exist given the
rules already well estlablished and demonstrated in action with regard to
indefinate seizure of computer hardware even in the absence of criminal
claims against the owner.

Also, take note that many states are adopting unique civil forfeiture
approaches.  Research into the federal system, while generally giving one
the flavor, cannot give you the full picture.  (Michigan and Indiana are
mavericks here).

> >on the site, he or she unwittingly downloads the virus.  A computer 
> >crime consultant with SAIC warns that these attacks can be launched 
> >on an innocent party's Web server, but once that happens, the server 
> >can become the subject of a wiretap and a search warrant.  "The title 
> >of your computer vests with the government as soon as a hacker uses 
> >it to commit a crime," he says.  

Strictly speaking, he may be correct, however, I doubt very much that a
judge would ignore a motion for a temporary restraining order pleading
that the server in question is the primary income stream for the (ISP,
marketing company, bank, etc.).

Also note carefully the distinction between "instrumentality of the crime"
and "passive participating element" in the crime.  Now if the hacker was
co-owner of the server....

Again, I think the question of forfeiture somewhat meaningless in that
the server could be taken as evidence and not be returned until it's value
is <1/50th of the purchase price regardless of the complicity of the
owner.

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From markm at voicenet.com  Sat Nov 30 10:13:39 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 30 Nov 1996 10:13:39 -0800 (PST)
Subject: Announcement: Very Good Privacy
In-Reply-To: <Pine.SUN.3.95.961130080157.18557I-100000@netcom17>
Message-ID: <Pine.LNX.3.95.961130131239.357A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 30 Nov 1996, jonathon wrote:

> On Fri, 29 Nov 1996, Mark Rosen wrote:
> 
> > 	I have written an encryption program called Very Good Privacy 
> 
> 	Trademark violation here.   Probably not a good thing.

Nope.  "Pretty Good" is trademarked, but "Very Good" isn't.

> 	I'm not sure how an encryption product that uses encryption
> 	algorithms weaker than Pretty Good Privacy can be described
> 	as being better than PGP.  

Both programs use IDEA.  How is this weaker?

> 
> 	Especially when all the algorithms listed have known problems
> 	of one kind, or another.   << And yes, I know that the known
> 	problems -- in some instances --- are entirely theoretical in
> 	nature.  >>

RC4 has stood up to cryptanalysis.  It's secure as long as the same key isn't
used twice.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMqB58CzIPc7jvyFpAQGEgwf/VZ8gf+W84DV0cSCSnUNgKEqF/G2fKX4C
bJAkY1FSz3edH4Y+KyWkVIVkpLRmBTSNTV45secSeyVGdvnjAX4zcnUld6hOIGSc
bqE6hge9CQpWxsojckulwNTPphL4ZRLLA4UJViObOYZs8jJi6b4aZ8FPHfQwCdBh
H64rGSGsEFj3WuDoH4nVgnNzwxXxLLllTAOOic8HFqRn2BeqxGRlkvGTraxE+on/
pKQ55CUQNBUu7L05lGp4njc1qZRpe9EeCLChRCEP6FVmy9iBtIRFH+lzRquDR+A4
lARm8zR1QKwDcCSzz8OPN52Lp/rICmcHWR7Lfhw/Vy8D6NxqG1lmuA==
=CPKh
-----END PGP SIGNATURE-----






From ichudov at algebra.com  Sat Nov 30 10:25:50 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 10:25:50 -0800 (PST)
Subject: Ignoramus Chewed-Off on IPG algorithm
In-Reply-To: <no.id>
Message-ID: <199611301803.MAA13859@manifold.algebra.com>


Igor Chudov @ home wrote:
> 
> Hi,
> 
> I was sort of tired of endless talk that "IPG algorithm was not 
> peer-reviewed, blah blah blah, so we won't even look at it, 
> blah blah blah", and decided to look at what Don Wood writes and
> try to see how his program actually works. 
> 
> Of course, I am not an expert in cryptography, and will appreciate all
> corrections. The web page to look at is http://www.netprivacy.com/algo.html,
> and it describes IPG algorithm in some detail.
> 
> First of all, the description of the algorithm is extremely unclear. I
> understand that this may be Don Wood's writing style, but it is certainly 
> not the most efficient style for precise communications. I suggest that
> Don tries to rewrite his description to be more structured.
> 
> Second, I seriously suspect that his algorithm of "trimming" is NOT
> going to work right. Just to remind everyone, he generates pseudo-random
> A(JV), B(JV), C(JV) such that
> 
> 	16384 <  C < 20361
> 	         B < 12227
> 	A arbitrary (at least the web page contains no restrictions 
> 	  on the value of A).
> 
> and then goes on to "trimming" -- a process that obtains a new value
> of A that is LESS than 16384 through this algorithm: 
> 
>        DO
>          JV=JV+1
>          IF JV=53 THEN JV=0
>          A(JV)=(A(JV)+B(JV)) MOD C(JV)
>        UNTIL A(JV)<16384
> 
> We shall first note that THERE ARE CASES WHEN THIS ALGORITHM WILL NEVER
> STOP! For example, if all A values are _initially_ 16385 and all C
> values are 16386 and all B's are 0, it is obvious that the pseudocode 
> above will be stuck in endless loop.
> 
> No good for IPG algorithm.
> 
> in fact, if only some triplets of A, B, and C have B == 0 and 16384 < A < C,
> these triplets will always be ignored (skipped) by his trimming process.

Note also that if B(K) == 1, his algorithm will need to make C passes
through the loop for JV == k, in order to generate a new value of A(JV).

This is very inefficient and results in a bias for triplets with high
Bs -- because they will generate good A(JV) more frequently.

	- Igor.





From ichudov at algebra.com  Sat Nov 30 10:26:03 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 10:26:03 -0800 (PST)
Subject: IPG Algorith Broken!u
In-Reply-To: <Pine.BSI.3.95.961130040004.19278O-100000@citrine.cyberstation.net>
Message-ID: <199611301820.MAA13953@manifold.algebra.com>


wichita at cyberstation.net wrote:
> On , 25 Nov 1996 paul at fatbrain.demon.co.uk wrote:
> > > > Ahh... an OTP isn't unbreakable.  Its just so encredibly breakable that
> > > > you never know which break was the correct one ;)
> > > 
> > > Note that Schneier says "perfect", not "unbreakable".
> > 
> 
> More gobbledegook about nothing. Yes it is perfect and yes it is
> unbreakable!

Don, please look at my message that analyzes your algorithm in some
detail. I think that your algorithm is far from perfect because, among
other things, your system would leave about 1 out of 7 characters
unencrypted, and also because your A(JV) are not as good as you claim 
them to be.

	- Igor.





From ichudov at algebra.com  Sat Nov 30 10:36:55 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 10:36:55 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130021602.19278D-100000@citrine.cyberstation.net>
Message-ID: <199611301830.MAA14034@manifold.algebra.com>


wichita at cyberstation.net wrote:
> > There *IS NO SUCH PROOF*.  Just like you can't prove that god created the
> > universe, or that Oswald shot Kennedy, and so on and so forth.  It can't
> > be proven.  It never has been proven, and it never will be proven.  People
> > have new ideas, new algorithms are invented.  Someday, somebody will crack
> > _all_ the cryptosystems that have now been invented.
> > 
> 
> To repeat Frantz', I thought Shannon proved OTPs were unbreakable. I can
> also assure you that they are unbreakable, because you cannot solve a
> three variable equation where only one variable is known, ie. the
> ciphertext. That is a fact, not an opinion like God, or Oswald, there are
> facts and opinions. It is a fact that OTPs are unbreakable and it is a
> fact that our system is unbreakable. Q.E.D. for the very same reasons
> except that we must use exclusionary proof instead of inclusionary proof
> like Shannon. 

Don, can you give us this proof please? I mean really complete proof, 
not vague references to other people's theorems and metadiscussions. 

I do agree with you that your opponents freuquently attack you without
actually proving what they say. This is unfortunate. I do hope that you, 
though, can be above your detractors able to produce real proofs without
resorting to namecalling and character assassination.

I.e., your bashing of Paul Bradley, for example, may or may not
concvince me that Paul does not understand cryptography. It will NOT
convince me, though, that IPG system is good. I am not interested in
your attacks on persons, however right you may be. Rather, it is
important that you give us a good proof of security of IPG system.

Thanks

	- Igor.





From reece at taz.nceye.net  Sat Nov 30 11:19:16 1996
From: reece at taz.nceye.net (Bryan Reece)
Date: Sat, 30 Nov 1996 11:19:16 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130023512.19278G-100000@citrine.cyberstation.net>
Message-ID: <19961130191901.17546.qmail@taz.nceye.net>


   From: wichita at cyberstation.net
   Date: Sat, 30 Nov 1996 02:41:28 -0600 (CST)
   cc: Bill Frantz <frantz at netcom.com>,
	   John Anonymous MacDonald <nobody at cypherpunks.ca>, cypherpunks at toad.com
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

   Shannon proved that you cannot prove what the plaintext
   is for OTPs,


Let P, K, and C represent bit strings of equal length.  Given a
ciphertext C, for every plaintext P there exists a key K such that

  P XOR K = C.

This is true (K=P XOR C).


   or for the system we have developed either.

False.

Let P and C represent byte strings of equal (arbitrary) length and K
represent the key string of fixed length.

The IPG algorithm can be summarized

  C = P XOR PRNG(K)

where PRNG(K) is the output of the pseudo-random number generator with
seed K.  The details of the PRNG are unimportant for this argument.

For every ciphertext C longer than K, there exists a plaintext P such that
no K will satisfy

  C = P XOR PRNG(K).

Proof: There are 256^length(K) possible keys (roughly 10^34322).
There are therefore at most this many possible decryotions of the
given plaintext.  Since length(C) > length(K), there are more possible
plaintexts than possible decryptions.

Shannon's proof of the security of the OTP therefore doesn't
apply to IPG's cipher.

Assume that the PRNG is resistant to analysis. Given the size of the
keyspace, it is not feasible to search the whole keyspace hoping
something like a plaintext pops out.  However, it is easy to take a
key obtained through some other means and verify that the plaintext
makes sense.  Since the PRNG is assumed resistant to analysis, this
constitutes proof that the plaintext is correct (since it's infeasible
to find a key that decrypts the ciphertext to another plausible
plaintext).

Of course, all encryption algorithms short of the OTP allow an
attacker to prove a key correct, but most cryptographers don't claim
their algorithms to be as secure as OTPs.






From ichudov at algebra.com  Sat Nov 30 11:58:22 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 11:58:22 -0800 (PST)
Subject: Ignoramus Chewed-Off on IPG algorithm
In-Reply-To: <no.id>
Message-ID: <199611301953.NAA14436@manifold.algebra.com>


Igor Chudov @ home wrote:
> 
> Let's go on, to the description of the "scrambling tables" and 
> actual encryption.
> 
> He uses three tables, DIFF, DISP, DETR, each containing 4096 elements.
> DISP is randomly generated (or so I understand his term "prescrambled"),
> DIFF is a random transposition of DISP (same values as in DISP, but in
> another order), and DETR, again, is filled with some random data.
> 

Correction: by "scrambling" Don means transposing elements of the 
table containing 4096 numbers 1-4096.

	- Igor.





From aga at dhp.com  Sat Nov 30 12:03:39 1996
From: aga at dhp.com (aga)
Date: Sat, 30 Nov 1996 12:03:39 -0800 (PST)
Subject: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <NLR8XD40w165w@bwalk.dm.com>
Message-ID: <Pine.LNX.3.95.961130145407.24591C-100000@dhp.com>


On Sat, 30 Nov 1996, Dr.Dimitri Vulis KOTM wrote:

> attila at primenet.com writes:
> >         we, and I mean all of us, who contribute the bulk of the
> >     "opinions" to cypherpunks gave the mainstream press the biggest
> >     possible hole to run straight over us, declaring us anarchists
> >     and wild-eyed fanatics. unless we as a group mend our ways, and
> >     turn out intelligent reasoning for the advance of cryptography as
> >     a mainstream way of life, we will be forever consigned not only to
> >     the dustbin, but subject to the ridicule of both the press and the
> >     government.
> 
> Ridicule is what John Gilmore and EFF deserve, and more.
> 
> >         None of us are above a little sarcasm --but let's get the
> >     vituperative effluent out of the system.  do whatever you wish in
> >     private mail, but keep the profane rantings off the list.
> >
> >             this goes for you, Dimitri; and "aga" too.
> 

Well, if it does not apply to Boursy, then you are still going
to get a royal ass-kicking. The EFF and Gilmore are too connected
to UUNET and the cabal to have any credibility on this usenet any
m.

And DIG: I never even subscribed to the stupid fucking list!
All I ever did was respond to the cypherpunks out of a courtesy to
never cut headers.  I could give a shit less about whatever you
"punks" do.  I ain't no "punk" and I don't like the word when
there is an admitted faggot at the helm.

And the guy being a faggot is the whole reason why the EFF
or the cypherpunks have no credibility.  A sick fucking culture it
is now defined as, by most onlookers.

> I suspect John Gilmore is opposed to the spread of cryptography and privacy
> technology. He _opposed my efforts to template NPOs for running the anonymous
> remailers, because he believes in "identity escrow" - the ability of the
> remailer operators to track down and silence whoever "abuses" their network to
> say things "homophobic" and otherwise politically incorrect. John Gilmore and
> his pack of 'punks would rather see no crypto deployed than widely available
> weak crypto with hooks that permit easy replacement by stronger crypto.
> Is John Gilmore an NSA plant, an "agent provocateur"?
> 
> ---
> 
> Dr.Dimitri Vulis KOTM
> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
> 

Admitted homosexuals have no place in the modern usenet.
Now keep your replies to the cypherpunks list; I don't
want to hear any more punk shit!

-aga






From dlv at bwalk.dm.com  Sat Nov 30 12:30:08 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 12:30:08 -0800 (PST)
Subject: Building a DC-NET
In-Reply-To: <Pine.SUN.3.94.961130123354.5120J-100000@polaris>
Message-ID: <V928XD4w165w@bwalk.dm.com>


Black Unicorn <unicorn at schloss.li> writes:

> On Sat, 30 Nov 1996, Simon Spero wrote:
>
> > (what's the Alice/Bob name for someone  trying a denial of service attack?)
>
> Louis?

John the petty small-time bitch?

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From dlv at bwalk.dm.com  Sat Nov 30 12:40:10 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 12:40:10 -0800 (PST)
Subject: "CypherPunks" and The Pink Swastika
Message-ID: <4q48XD5w165w@bwalk.dm.com>


"Slothrop" <slothrop at poisson.com> writes:
<anti-semitic spam>

Read the _Pink Swastika_ to learn more about the role the likes of
Jason Durbin and John Gilmore played in Hitler's rise to power.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From ericm at lne.com  Sat Nov 30 13:20:07 1996
From: ericm at lne.com (Eric Murray)
Date: Sat, 30 Nov 1996 13:20:07 -0800 (PST)
Subject: IPG algorithim
In-Reply-To: <199611301953.NAA14436@manifold.algebra.com>
Message-ID: <199611302118.NAA12825@slack.lne.com>




I have translated the IPG algorithim's "engine" to C, to generate
some random values from it for testing purposes.  It does not
look very random in either the xnoisesph program or the DIEHARD
test battery.   However I may well have misinterprested Mr. Wood's
description (his writing is, as Mr. Chudov points out, difficult to
understand) or written my code incorrectly.  Here it is, play
with it yourself.  To my untrained eye the lack of randomness
in what's essentially a stream cipher would be disturbing.
However I am not a cryptoanalysist so I do not know to
what extent this weakens the cipher.


The IPG description does not say (but implies to me) that
the various tables that are to be filled in by "random" values must
be filled in by PRNGs that are seeded with the same seeds by
each of the party that knows the key.  Otherwise the "encryptor
streams" that are generated will be unrelated and decryption will not
be possible.  To make my test work I have used the simple rand()
function to fill in the tables.


Corrections are welcome.



#include <stdio.h>

/* a C translation of the IPG "EUREKA" algorithim's "engine".
** This is supposed to produce random numbers for the IPG
** "encryptor stream".
** See http://www.netprivacy.com/ for the original description.
** Eric Murray  ericm at lne.com  This code placed under GNU copyleft.  */

/* machine-dependent stuff, change to suit different platforms: */
typedef unsigned char byte;
typedef unsigned short uint16;


/* tables: */
uint16 A[53];
uint16 B[53];
uint16 C[53];


int init_table(uint16*table, uint16 min, uint16 max)
{
	/* IPG specifies no algorithim for producing the "random"
	** initial values in the ABC tables, but it's obvious that
	** it requires a PRNG that's somehow seeded from the "key".
	** I've just used rand() here.  In UNIX rand() called with no
	** seed is supposed to seed itself with 0. */
	int i;
	int count, r;

	for(i = 0; i < 53; i++) {
		table[i] = min + (rand() % (max - min));
	}
}

main(int argc, char **argv)
{
	uint16 jv;
	int argcnt, i, n, count, diehard, nelem;

	diehard = 0;
	argcnt = 1;
	if (argc >= 2) {
		if (strncmp(argv[argcnt],"-d") == 0) {
			diehard++;
			argcnt++;
		}
	}
	if (argc > argcnt - 1 ) {
		n = atoi(argv[argcnt]);
		fprintf(stderr,"Generating %d values\n",n);
	}
	else {
		n = 2000;
	}

	/* seed tables: */
	fprintf(stderr,"Seeding:  A");  fflush(stderr);
	init_table(A,0,65535);
	fprintf(stderr," B");  fflush(stderr);
	init_table(B,0,12227);
	fprintf(stderr," C");  fflush(stderr);
	init_table(C,16384,20361);
	fprintf(stderr,"\n");  fflush(stderr);

	/* generate n values: */
	for(; n > 0; n--) {
		/* jv is "random" (where's it seeded from?) */
		jv = (uint16)(rand() % 53);

		/* count limits the number of traverses to 53^2 so we don't get stuck */
		for(count = 0; count < 2809; count++) {
			jv++;
			if (jv == 53) jv = 0;
			A[jv] = (A[jv] + B[jv]) % C[jv];
			if (A[jv] < 16384) break;
		}
		if (count == 2809) fprintf(stderr,"Oops.\n");
		else {
			if (!diehard) {
				printf("%d\n",A[jv]);
			}
			else {
				/* print output in DIEHARD required format:
				** actually since we have 16-bit ints and DIEHARD
				** wants 32-bit ints, we print 20 per line instead of 10 */
				if (nelem++ > 19) {printf("\n"); nelem = 0;}
				printf("%4.4x",(unsigned int)A[jv]);
			}
		}
	}
}



-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From ichudov at algebra.com  Sat Nov 30 13:30:14 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 13:30:14 -0800 (PST)
Subject: IPG algorithim
In-Reply-To: <199611302118.NAA12825@slack.lne.com>
Message-ID: <199611302127.PAA14989@manifold.algebra.com>


Eric Murray wrote:
> 
> 
> 
> I have translated the IPG algorithim's "engine" to C, to generate
> some random values from it for testing purposes.  It does not
> look very random in either the xnoisesph program or the DIEHARD
> test battery.   However I may well have misinterprested Mr. Wood's
> description (his writing is, as Mr. Chudov points out, difficult to
> understand) or written my code incorrectly.  Here it is, play
> with it yourself.  To my untrained eye the lack of randomness
> in what's essentially a stream cipher would be disturbing.
> However I am not a cryptoanalysist so I do not know to
> what extent this weakens the cipher.

Thanks for an interestnig approach to testing (see below).

> The IPG description does not say (but implies to me) that
> the various tables that are to be filled in by "random" values must
> be filled in by PRNGs that are seeded with the same seeds by
> each of the party that knows the key.  Otherwise the "encryptor
> streams" that are generated will be unrelated and decryption will not
> be possible.  To make my test work I have used the simple rand()
> function to fill in the tables.

A good point.

> Corrections are welcome.

see below.
 
> 
> #include <stdio.h>
> 
> /* a C translation of the IPG "EUREKA" algorithim's "engine".
> ** This is supposed to produce random numbers for the IPG
> ** "encryptor stream".
> ** See http://www.netprivacy.com/ for the original description.
> ** Eric Murray  ericm at lne.com  This code placed under GNU copyleft.  */
> 
> /* machine-dependent stuff, change to suit different platforms: */
> typedef unsigned char byte;
> typedef unsigned short uint16;
> 
> 
> /* tables: */
> uint16 A[53];
> uint16 B[53];
> uint16 C[53];
> 
> 
> int init_table(uint16*table, uint16 min, uint16 max)
> {
> 	/* IPG specifies no algorithim for producing the "random"
> 	** initial values in the ABC tables, but it's obvious that
> 	** it requires a PRNG that's somehow seeded from the "key".
> 	** I've just used rand() here.  In UNIX rand() called with no
> 	** seed is supposed to seed itself with 0. */
> 	int i;
> 	int count, r;
> 
> 	for(i = 0; i < 53; i++) {
> 		table[i] = min + (rand() % (max - min));
> 	}
> }
> 
> main(int argc, char **argv)
> {
> 	uint16 jv;
> 	int argcnt, i, n, count, diehard, nelem;
> 
> 	diehard = 0;
> 	argcnt = 1;

how about doing randomize()?

> 	if (argc >= 2) {
> 		if (strncmp(argv[argcnt],"-d") == 0) {
> 			diehard++;
> 			argcnt++;
> 		}
> 	}
> 	if (argc > argcnt - 1 ) {
> 		n = atoi(argv[argcnt]);
> 		fprintf(stderr,"Generating %d values\n",n);
> 	}
> 	else {
> 		n = 2000;
> 	}
> 
> 	/* seed tables: */
> 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> 	init_table(A,0,65535);
> 	fprintf(stderr," B");  fflush(stderr);
> 	init_table(B,0,12227);
> 	fprintf(stderr," C");  fflush(stderr);
> 	init_table(C,16384,20361);
> 	fprintf(stderr,"\n");  fflush(stderr);
> 
> 	/* generate n values: */
> 	for(; n > 0; n--) {
> 		/* jv is "random" (where's it seeded from?) */
> 		jv = (uint16)(rand() % 53);
> 
> 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> 		for(count = 0; count < 2809; count++) {

2809 is a too small limit. For example, if ALL B == 1, A == 16385, and 
C == 20361, the loop may need (20361-16385) passes to get to the < 16384
value.

Again, if all A = 16385, all B = 0, all C = 16386, the loop will never 
end with a correct A (your code reflects that).

> 			jv++;
> 			if (jv == 53) jv = 0;
> 			A[jv] = (A[jv] + B[jv]) % C[jv];
> 			if (A[jv] < 16384) break;
> 		}
> 		if (count == 2809) fprintf(stderr,"Oops.\n");
> 		else {
> 			if (!diehard) {
> 				printf("%d\n",A[jv]);
> 			}
> 			else {
> 				/* print output in DIEHARD required format:
> 				** actually since we have 16-bit ints and DIEHARD
> 				** wants 32-bit ints, we print 20 per line instead of 10 */
> 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> 				printf("%4.4x",(unsigned int)A[jv]);
> 			}
> 		}
> 	}
> }
> 
> 

You are also bringing a good point that Chi-squared tests are not
sufficient to make any conclusions about usefulness of this particular
pseudo random number generator.

	- Igor.





From marc at mtjeff.com  Sat Nov 30 13:46:47 1996
From: marc at mtjeff.com (Marc)
Date: Sat, 30 Nov 1996 13:46:47 -0800 (PST)
Subject: Strong-crypto smart cards in Singapore and Germany
In-Reply-To: <199611301740.LAA29497@mailhub.amaranth.com>
Message-ID: <199611302146.NAA07673@beowulf.got.net>


> P.S. For those of you dreaming of anonymous e-cash & the crypto anarchy of
> the future; do you really think the government & banking industries are
> going to give up controll of the curency regardless of what for it takes? 

But its not a matter of "giving it up", its more "not being given it."
There is little control with cash now, only some if the serial numbers are
prerecorded and watched for, and even then not to a paint where they can
come stomp on you before you walk out of the mall. But I agree, it is
unlikely that banks would pass up the opportunity, all in the name of
"loss reduction" and "profit through sharing of demographics"



Marc
marc at mtjeff.com  






From ichudov at algebra.com  Sat Nov 30 14:16:03 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 14:16:03 -0800 (PST)
Subject: IPG algorithim
In-Reply-To: <199611302118.NAA12825@slack.lne.com>
Message-ID: <199611302150.PAA15126@manifold.algebra.com>


[This is an addition to my previous reply to Eric]

It bugs me that you are using rand() (a fairly lame pseudo-random
function that was never intended to be used in cryptographic
applications) to seed A, B, C and JV and then test the A(JV) for
randomness. Some may object to that. Just for fun, I am attaching a hex
dump of output from my /dev/random (Linux 2.0.24). You could simply take
these truly random values and put them in initial A, B, C and JV, just
to be sure.

I doubt though that your results (poor randomness of A(JV)) will be
any different.

igor

0000000 c76d 74ac b253 ffc3 ae97 e092 629c 7a53
0000010 087a 21e6 8c2c 0ab6 a03a ea3c 0c71 a748
0000020 68f0 540d a4f2 0a2b b62b 4ab6 ddaa d3e4
0000030 a795 51f3 7dff 067d 2f6b 8d18 fa23 0200
0000040 99df 1d97 e232 b8d5 381f cf1e 7ea8 d971
0000050 8aa0 df0b cf41 53e2 a9f5 5304 dc28 c242
0000060 c01b 5990 75a1 688d 497f cc54 d336 217e
0000070 7dd7 4800 09d4 ff5b 53b8 6308 d38f 60f5
0000080 513a 3ea7 90f6 4cdf e783 6a14 145a e2b1
0000090 2041 6bb5 f417 6109 6101 fecd b7f1 7287
00000a0 f31a 6cb4 d559 ed7c 1be8 e0ca 21f9 8779
00000b0 701e bbcc 8909 7743 bfef c5ef 0f60 cd6a
00000c0 565b 30b5 e710 5f66 aa83 0751 5bc7 867e
00000d0 87a8 8511 9969 d101 c1bb 871b a2e5 f579
00000e0 5e14 9167 480a 9fc2 8354 5769 4ee0 7765
00000f0 faf5 c29f 25ad 77ea 9ecf 39b4 2d11 969f
0000100 099c f85a 7240 9922 0513 d607 41ea ba29
0000110 1886 2611 e577 50c6 87af 393a 782a 6666
0000120 9ae0 221e ec58 ce2e de77 b6de 5821 82e9
0000130 db17 5027 7e57 567a 2e82 f056 01d0 2cde
0000140 0314 ac33 78bd d569 215e b8d7 6a3b 0caa
0000150 b44f 8c6c 04de 4cf2 e111 2803 a073 7d27
0000160 f78c 9d28 70ca 1cd4 ce53 5dea 3141 efa9
0000170 8246 c7ee 4ed3 e49a 8d97 8ded d818 327a
0000180 f999 e044 ff28 ffe9 0254 535c 7e70 a09c
0000190 af58 bcd2 07b0 8146 f4cc 7568 751c c6ee
00001a0 b6b7 be3f d870 84ce 7f8c 3ec4 1427 09fc
00001b0 706e 93f8 9752 230b 74cd 0b0b 38be ba5b
00001c0 a9a6 062a cdee f11d d367 37e2 ec4f 90e4
00001d0 9019 d9ff 2ff9 fb5d 559b 4dd0 2ab0 7e35
00001e0 184a 3e90 f072 7349 007f 5d41 c176 8d8a
00001f0 a30c 1a68 eca6 63f4 256f 88e1 2cec dc1a
0000200 a0ac 90f0 b515 2fbc 2778 4e66 2323 7528
0000210 59c3 c3a9 3ccd e29d 315a fa6a 7821 f6e4
0000220 7977 5e9f df6c f87e 5d15 5693 3da8 9790
0000230 faaf d028 0c05 f5f0 160a 8cb7 f726 18cf
0000240 796d 77c5 3c2e 5ddb f770 7183 3c17 81b7
0000250 b0ff ad01 a4d3 26a1 7821 d210 376a 8283
0000260 3860 61a9 c509 e34c 46a4 7f70 b2ff 18db
0000270 24ad 97b5 e474 eee2 9036 c125 3fdb 88ce
0000280 824a 3096 98fc 0b9f 2f3a 6ac3 25e1 8d08
0000290 46c6 7218 ea87 3c6d 6395 6fc5 34b0 1447
00002a0 ddb3 b3af fdbf b545 5f47 0fe6 bfd0 e799
00002b0 99f6 1fc6 c70b 524f 717f a25d 9f08 f78a
00002c0 e230 b4b9 2045 5652 9677 5ce3 a827 9e8f
00002d0 261f 4650 c731 afbb e257 8410 621a 09aa
00002e0 d991 7a3b bb68 4995 fd15 2afc 8e26 842b
00002f0 cdf7 2d13 4055 9d22 be44 aa16 ed06 db8a
0000300 4210 714b 330d 6c9e 3f81 c993 4d8b 2f6b
0000310 134f 1566 8170 9cc6 4cff d188 78c4 29ae
0000320 27ec 731f 391c 6241 ffaf 2967 8756 1517
0000330 5d1a e807 c477 7757 bd6a ff4c 1cf1 01ce
0000340 dfa7 25b4 5a4f 9cf0 e96e 2d69 0de0 c24e
0000350 0a2c 9ec8 112d 0851 c028 917b b00b f9a0
0000360 0b07 b9f0 c4ef 4426 1cce c8c8 7186 8c24
0000370 9868 fe68 9136 1316 1e58 e883 5aa9 1298
0000380 c0ed eaa4 aaa2 7f23 48d1 5056 8837 06ec
0000390 5f69 ce3a 3d5b 1e7a 7545 e237 352d d887
00003a0 df9c 734d a441 7fa5 6685 eff0 4ce8 1876
00003b0 f9c9 2e18 f825 3a3a a6b8 e0cc 5d49 136a
00003c0 853d dd88 c0f8 befc 8b87 e261 fd73 09af
00003d0 b392 3afa f38e 6a25 cc5d b624 1012 49f3
00003e0 31b0 196c aa02 b3f2 454a 7817 2198 5ad7
00003f0 84c5 f22d 8b6e cdc9 12c3 d0b5 b866 9976
0000400 97a7 3b5e dedf 201d 50f5 99a6 bf54 04ab
0000410 a34e 3a66 538c 51a0 c00b 7ae8 f2ae 6343
0000420 c5f1 1ef1 1f8f 7415 5b50 53a4 33ad d046
0000430 13b6 62a2 cc34 feee 7fda 671a 2b28 a36c
0000440 a806 15be 1ccc b5b9 ef85 04ca 168c 8cd0
0000450 c44e d117 a6c8 cbaf 3b5b 581c d94a 8469
0000460 effb 0f18 cd45 5c77 6ab1 1289 e385 9771
0000470 199f 5610 8095 be8b e257 2ef8 a221 99ee
0000480 1d8b c81c 9781 e803 e4ab 4afb 5669 efb1
0000490 b31f 36e2 5930 b838 e84c 4f6e a709 0c40
00004a0 fefe c530 4ee2 ee3a aa2e e278 de99 8b1e
00004b0 4e83 c98a 47cd 4715 081d 7c7d 5f6f 657c
00004c0 49b5 70c0 937a d4c2 39ff d282 8768 1d7c
00004d0 40fe 1ed1 59b9 d0f7 b4cc 55b3 5da2 4118
00004e0 14dc 4b71 202a fb96 0bed 6d2a 03d6 2f2d
00004f0 9056 8d84 8b6e 948b 4b89 efd1 53ba 9a13
0000500 ea01 770a dc40 fcad bf69 cf60 7884 3f66
0000510 b057 2e82 3745 2839 f68d f637 ad95 5463
0000520 ff3c 353d 08b2 44c2 72bb b25b f60d 0dbf
0000530 455a e9b4 8bbf 3307 071a f720 f00e 0217
0000540 f8cc f7cc 2cc4 ef14 e6b6 7dbc ceff 2dea
0000550 fc34 ed72 d59b 8cd2 794c 2d11 e470 ba44
0000560 bff3 c531 b38b 5398 4a46 63be d86b ae19
0000570 d6a4 2e8d da0d 0ff9 a3db 2cc4 0494 72b1
0000580 b871 1f7e b8da a2f0 2f63 b522 3212 43da
0000590 f910 374e b1f5 5462 8db0 65ef 5e5b 9bf1
00005a0 9337 5003 31fc 47a9 8c06 d0d8 c8ab 8732
00005b0 ff5e 7fe3 b43c 9ba0 14dd f31f cf4c a5b5
00005c0 5552 b1ee 0ee6 a38f dc2b 32ac ab80 e12d
00005d0 be8c ad7d 89e9 5cda 0781 f30c b1d1 3163
00005e0 72f9 bcbe 5972 1862 3a15 660f 4227 b168
00005f0 280d 35fa 1765 46f3 468b 0538 44fc 216e
0000600 30f6 8340 6805 7f5c a280 fcdf 563d 9751
0000610 50c9 fb04 065c 12ec 9ce3 34ee 2a3d f821
0000620 d43e b64e 067f fd26 5e94 b7d1 9b28 fbcf
0000630 811b 4631 6018 5385 1297 e37a b0ea c6fd

Eric Murray wrote:
> 
> 
> 
> I have translated the IPG algorithim's "engine" to C, to generate
> some random values from it for testing purposes.  It does not
> look very random in either the xnoisesph program or the DIEHARD
> test battery.   However I may well have misinterprested Mr. Wood's
> description (his writing is, as Mr. Chudov points out, difficult to
> understand) or written my code incorrectly.  Here it is, play
> with it yourself.  To my untrained eye the lack of randomness
> in what's essentially a stream cipher would be disturbing.
> However I am not a cryptoanalysist so I do not know to
> what extent this weakens the cipher.
> 
> 
> The IPG description does not say (but implies to me) that
> the various tables that are to be filled in by "random" values must
> be filled in by PRNGs that are seeded with the same seeds by
> each of the party that knows the key.  Otherwise the "encryptor
> streams" that are generated will be unrelated and decryption will not
> be possible.  To make my test work I have used the simple rand()
> function to fill in the tables.
> 
> 
> Corrections are welcome.
> 
> 
> 
> #include <stdio.h>
> 
> /* a C translation of the IPG "EUREKA" algorithim's "engine".
> ** This is supposed to produce random numbers for the IPG
> ** "encryptor stream".
> ** See http://www.netprivacy.com/ for the original description.
> ** Eric Murray  ericm at lne.com  This code placed under GNU copyleft.  */
> 
> /* machine-dependent stuff, change to suit different platforms: */
> typedef unsigned char byte;
> typedef unsigned short uint16;
> 
> 
> /* tables: */
> uint16 A[53];
> uint16 B[53];
> uint16 C[53];
> 
> 
> int init_table(uint16*table, uint16 min, uint16 max)
> {
> 	/* IPG specifies no algorithim for producing the "random"
> 	** initial values in the ABC tables, but it's obvious that
> 	** it requires a PRNG that's somehow seeded from the "key".
> 	** I've just used rand() here.  In UNIX rand() called with no
> 	** seed is supposed to seed itself with 0. */
> 	int i;
> 	int count, r;
> 
> 	for(i = 0; i < 53; i++) {
> 		table[i] = min + (rand() % (max - min));
> 	}
> }
> 
> main(int argc, char **argv)
> {
> 	uint16 jv;
> 	int argcnt, i, n, count, diehard, nelem;
> 
> 	diehard = 0;
> 	argcnt = 1;
> 	if (argc >= 2) {
> 		if (strncmp(argv[argcnt],"-d") == 0) {
> 			diehard++;
> 			argcnt++;
> 		}
> 	}
> 	if (argc > argcnt - 1 ) {
> 		n = atoi(argv[argcnt]);
> 		fprintf(stderr,"Generating %d values\n",n);
> 	}
> 	else {
> 		n = 2000;
> 	}
> 
> 	/* seed tables: */
> 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> 	init_table(A,0,65535);
> 	fprintf(stderr," B");  fflush(stderr);
> 	init_table(B,0,12227);
> 	fprintf(stderr," C");  fflush(stderr);
> 	init_table(C,16384,20361);
> 	fprintf(stderr,"\n");  fflush(stderr);
> 
> 	/* generate n values: */
> 	for(; n > 0; n--) {
> 		/* jv is "random" (where's it seeded from?) */
> 		jv = (uint16)(rand() % 53);
> 
> 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> 		for(count = 0; count < 2809; count++) {
> 			jv++;
> 			if (jv == 53) jv = 0;
> 			A[jv] = (A[jv] + B[jv]) % C[jv];
> 			if (A[jv] < 16384) break;
> 		}
> 		if (count == 2809) fprintf(stderr,"Oops.\n");
> 		else {
> 			if (!diehard) {
> 				printf("%d\n",A[jv]);
> 			}
> 			else {
> 				/* print output in DIEHARD required format:
> 				** actually since we have 16-bit ints and DIEHARD
> 				** wants 32-bit ints, we print 20 per line instead of 10 */
> 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> 				printf("%4.4x",(unsigned int)A[jv]);
> 			}
> 		}
> 	}
> }
> 
> 
> 
> -- 
> Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
> PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
> 



	- Igor.





From paul at fatmans.demon.co.uk  Sat Nov 30 15:09:08 1996
From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk)
Date: Sat, 30 Nov 1996 15:09:08 -0800 (PST)
Subject: IPG Algorith Broken!
Message-ID: <849391118.629483.0@fatmans.demon.co.uk>



> Some of these bullies, like Paul Bradley, realize that they don't know
> the meanings of the words they use. Paul Bradley not only posts nonsense
> about brute force attacks on OTP, but also harrasses anyone who exposes
> his utter ignorance, in en effort to intimidate them into shutting up.

You don`t seem to realise that not only is my reputation unnafected 
by your worthless drivel about "brute force attacks on one time 
pads", which everyone else apart from you and Don immediately 
accepted as a simple misunderstanding of the topic of the message (I 
was talking about stream ciphers), but I am finding it rather amusing 
to watch the level of your rants deteriorate to the point where you 
now label anyone who actually posts about cryptography on this list 
as a "k00l hAcKiNg D00d" who knows nothing of what he is talking 
about. And as for harrasing people to shut up if you had been 
watching the traffic on the list you would have noticed that I 
disagreed with John over throwing you off the list. I simply wonder 
if the reason you appear to be so calm offline but a foaming at the 
mouth lunatic online is that you are scared someone is going to give 
you the good kicking you so rightly deserve.

> "Cypherpunks'" opinion of any proposed new cryptosystem is worthless and
> irrelevant.

And I suppose the opinion of a man who cannot control his urges to 
post rants about "sovok jews" and armenian refugees is of great value 
to the learned and worthy???

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul at fatmans.demon.co.uk
  Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





From varange at crl.com  Sat Nov 30 15:09:30 1996
From: varange at crl.com (Troy Varange)
Date: Sat, 30 Nov 1996 15:09:30 -0800 (PST)
Subject: Copyright violations
In-Reply-To: <alzheimer@juno.com>
Message-ID: <Love@22694>


	But software wants to be free!

-- 
Cheers!





From ericm at lne.com  Sat Nov 30 16:22:28 1996
From: ericm at lne.com (Eric Murray)
Date: Sat, 30 Nov 1996 16:22:28 -0800 (PST)
Subject: IPG algorithim
In-Reply-To: <199611302150.PAA15126@manifold.algebra.com>
Message-ID: <199612010021.QAA14426@slack.lne.com>



Igor Chudov @ home writes:
> 
> [This is an addition to my previous reply to Eric]
> 
> It bugs me that you are using rand() (a fairly lame pseudo-random
> function that was never intended to be used in cryptographic
> applications) to seed A, B, C and JV and then test the A(JV) for
> randomness. Some may object to that.

Yea, you're right, rand() is lame.

I added /dev/random to my Linux box and changed my small test to use it.
I also changed the way that I use JV- I had been setting it to a random
value for each trip through the "engine", but since I beleive that
its value can't really be random (if you want to be able to have someone
decrypt your stuff :-) but must be exchanged in the key, I set it
to a random value once and then let it float.  It's also a lot faster
that way, /dev/random is pretty slow (because it's looking for real
random material).

My results from xnoisesph were wrong- xnoisesph wants random bytes
instead of random integers in ascii format as I was producing.
Changing it (as I have below) makes the xnoisesph output look
much better, but it still isn't all that random.  The random seed generators
I have written that get their randomness from repeated calls
to high-resolution timers and hashes of system log files do better.
I also fixed a minor bug in arg processing.






#include <stdio.h>
#include <fcntl.h>

/* a C translation of the IPG "EUREKA" algorithim's "engine".
** This is supposed to produce random numbers for the IPG
** "encryptor stream".
** See http://www.netprivacy.com/ for the original description.
** Eric Murray  ericm at lne.com  This code placed under GNU copyleft. 
** V0.2 */

typedef unsigned char byte;
typedef unsigned short uint16;


/* tables: */
uint16 A[53];
uint16 B[53];
uint16 C[53];


#ifndef NO_DEV_RANDOM
uint16 getrand()
{
	uint16 ret;
	int fd = open("/dev/random",O_RDONLY);
	if (fd <= 0) {
		perror("/dev/random"); exit(-1);
	}
	read(fd,(unsigned char *)(&ret),sizeof(ret));
	close(fd);
	return(ret);
}
#else
/* do something appropriate for your OS here, rand() is lame. */
#define getrand rand
#endif


int init_table(uint16*table, uint16 min, uint16 max)
{
	/* IPG specifies no algorithim for producing the "random"
	** initial values in the ABC tables, but it's obvious that
	** it requires a PRNG that's somehow seeded from the "key".
	** I've used /dev/random here, so there's no question that
	** I'm starting out with pretty good random values. */
	int i;
	int count, r;

	for(i = 0; i < 53; i++) {
		table[i] = min + (getrand() % (max - min));
	}
}

main(int argc, char **argv)
{
	uint16 jv;
	int argcnt, i, n, count, diehard, nelem;

	diehard = 0;
	argcnt = 1;
	if (argc >= 2) {
		if (strncmp(argv[argcnt],"-d",2) == 0) {
			diehard++;
			argcnt++;
		}
	}
	if (argc > argcnt - 1 ) {
		n = atoi(argv[argcnt]);
		fprintf(stderr,"Generating %d values\n",n);
	}
	else {
		n = 2000;
	}

	/* seed tables: */
	fprintf(stderr,"Seeding:  A");  fflush(stderr);
	init_table(A,0,65535);
	fprintf(stderr," B");  fflush(stderr);
	init_table(B,0,12227);
	fprintf(stderr," C");  fflush(stderr);
	init_table(C,16384,20361);
	fprintf(stderr,"\n");  fflush(stderr);

	/* generate n values: */
	/* jv is "random" (where's it seeded from?) */
	jv = (uint16)(getrand() % 53);
	for(; n > 0; n--) {

		/* count limits the number of traverses to 53^2 so we don't get stuck */
		/* 2809 is actually too low per Chudov:
		** "For example, if ALL B == 1, A == 16385, and C == 20361, the
		**  loop may need (20361-16385) passes to get to the < 16384 value."
		*/
		for(count = 0; count < 2809; count++) {
			jv++;
			if (jv == 53) jv = 0;
			A[jv] = (A[jv] + B[jv]) % C[jv];
			if (A[jv] < 16384) break;
		}
		if (count == 2809) fprintf(stderr,"Oops.\n");
		else {
			if (!diehard) {
				write(1,(unsigned char *)&A[jv],sizeof(uint16));
			}
			else {
				/* print output in DIEHARD required format:
				** actually since we have 16-bit ints and DIEHARD
				** wants 32-bit ints, we print 20 per line instead of 10 */
				if (nelem++ > 19) {printf("\n"); nelem = 0;}
				printf("%4.4x",(unsigned int)A[jv]);
			}
		}
	}
}
-- 
Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





From ichudov at algebra.com  Sat Nov 30 16:34:16 1996
From: ichudov at algebra.com (Igor Chudov @ home)
Date: Sat, 30 Nov 1996 16:34:16 -0800 (PST)
Subject: IPG algorithim
In-Reply-To: <199612010021.QAA14426@slack.lne.com>
Message-ID: <199612010026.SAA15878@manifold.algebra.com>


Eric Murray wrote:
> Igor Chudov @ home writes:
> > [This is an addition to my previous reply to Eric]
> > It bugs me that you are using rand() (a fairly lame pseudo-random
> > function that was never intended to be used in cryptographic
> > applications) to seed A, B, C and JV and then test the A(JV) for
> > randomness. Some may object to that.
> 
> Yea, you're right, rand() is lame.
> 
> I added /dev/random to my Linux box and changed my small test to use it.
> I also changed the way that I use JV- I had been setting it to a random
> value for each trip through the "engine", but since I beleive that
> its value can't really be random (if you want to be able to have someone
> decrypt your stuff :-) but must be exchanged in the key, I set it
> to a random value once and then let it float.  It's also a lot faster
> that way, /dev/random is pretty slow (because it's looking for real
> random material).

Oh yes! Surely, jv should be set to a random value during the
setup. Thereafter it should simply be incremented modulo 53.

> My results from xnoisesph were wrong- xnoisesph wants random bytes
> instead of random integers in ascii format as I was producing.
> Changing it (as I have below) makes the xnoisesph output look
> much better, but it still isn't all that random.  The random seed generators

Can you publish the results? And what does xnoisesph do exactly?

> I have written that get their randomness from repeated calls
> to high-resolution timers and hashes of system log files do better.
> I also fixed a minor bug in arg processing.






> #include <stdio.h>
> #include <fcntl.h>
> 
> /* a C translation of the IPG "EUREKA" algorithim's "engine".
> ** This is supposed to produce random numbers for the IPG
> ** "encryptor stream".
> ** See http://www.netprivacy.com/ for the original description.
> ** Eric Murray  ericm at lne.com  This code placed under GNU copyleft. 
> ** V0.2 */
> 
> typedef unsigned char byte;
> typedef unsigned short uint16;
> 
> 
> /* tables: */
> uint16 A[53];
> uint16 B[53];
> uint16 C[53];
> 
> 
> #ifndef NO_DEV_RANDOM
> uint16 getrand()
> {
> 	uint16 ret;
> 	int fd = open("/dev/random",O_RDONLY);
> 	if (fd <= 0) {
> 		perror("/dev/random"); exit(-1);
> 	}
> 	read(fd,(unsigned char *)(&ret),sizeof(ret));
> 	close(fd);
> 	return(ret);
> }
> #else
> /* do something appropriate for your OS here, rand() is lame. */
> #define getrand rand
> #endif
> 
> 
> int init_table(uint16*table, uint16 min, uint16 max)
> {
> 	/* IPG specifies no algorithim for producing the "random"
> 	** initial values in the ABC tables, but it's obvious that
> 	** it requires a PRNG that's somehow seeded from the "key".
> 	** I've used /dev/random here, so there's no question that
> 	** I'm starting out with pretty good random values. */
> 	int i;
> 	int count, r;
> 
> 	for(i = 0; i < 53; i++) {
> 		table[i] = min + (getrand() % (max - min));
> 	}
> }
> 
> main(int argc, char **argv)
> {
> 	uint16 jv;
> 	int argcnt, i, n, count, diehard, nelem;
> 
> 	diehard = 0;
> 	argcnt = 1;
> 	if (argc >= 2) {
> 		if (strncmp(argv[argcnt],"-d",2) == 0) {
> 			diehard++;
> 			argcnt++;
> 		}
> 	}
> 	if (argc > argcnt - 1 ) {
> 		n = atoi(argv[argcnt]);
> 		fprintf(stderr,"Generating %d values\n",n);
> 	}
> 	else {
> 		n = 2000;
> 	}
> 
> 	/* seed tables: */
> 	fprintf(stderr,"Seeding:  A");  fflush(stderr);
> 	init_table(A,0,65535);
> 	fprintf(stderr," B");  fflush(stderr);
> 	init_table(B,0,12227);
> 	fprintf(stderr," C");  fflush(stderr);
> 	init_table(C,16384,20361);
> 	fprintf(stderr,"\n");  fflush(stderr);
> 
> 	/* generate n values: */
> 	/* jv is "random" (where's it seeded from?) */
> 	jv = (uint16)(getrand() % 53);
> 	for(; n > 0; n--) {
> 
> 		/* count limits the number of traverses to 53^2 so we don't get stuck */
> 		/* 2809 is actually too low per Chudov:
> 		** "For example, if ALL B == 1, A == 16385, and C == 20361, the
> 		**  loop may need (20361-16385) passes to get to the < 16384 value."
> 		*/
> 		for(count = 0; count < 2809; count++) {
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

replace 2809 with (20361-16385) * 53 + 1000


> 			jv++;
> 			if (jv == 53) jv = 0;
> 			A[jv] = (A[jv] + B[jv]) % C[jv];
> 			if (A[jv] < 16384) break;
> 		}
> 		if (count == 2809) fprintf(stderr,"Oops.\n");
                            ^^^^^^

and here

> 		else {
> 			if (!diehard) {
> 				write(1,(unsigned char *)&A[jv],sizeof(uint16));
> 			}
> 			else {
> 				/* print output in DIEHARD required format:
> 				** actually since we have 16-bit ints and DIEHARD
> 				** wants 32-bit ints, we print 20 per line instead of 10 */
> 				if (nelem++ > 19) {printf("\n"); nelem = 0;}
> 				printf("%4.4x",(unsigned int)A[jv]);
> 			}
> 		}
> 	}
> }
> -- 
> Eric Murray  ericm at lne.com  ericm at motorcycle.com  http://www.lne.com/ericm
> PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF
> 



	- Igor.





From boursy at earthlink.net  Sat Nov 30 18:01:45 1996
From: boursy at earthlink.net (Stephen Boursy)
Date: Sat, 30 Nov 1996 18:01:45 -0800 (PST)
Subject: The Rise and Fall of Cypherpunks  WAS [Re: the Dennings]
In-Reply-To: <Pine.LNX.3.95.961130145407.24591C-100000@dhp.com>
Message-ID: <32A0E79B.417E@earthlink.net>


aga wrote:
> 
>>
>> Ridicule is what John Gilmore and EFF deserve, and more.

  That's to good for them--complete contempt is more called 
for.

 
> Well, if it does not apply to Boursy, then you are still going
> to get a royal ass-kicking. The EFF and Gilmore are too connected
> to UUNET and the cabal to have any credibility on this usenet any
> m.

  
  The EFF is a corporate whore with no interest whatsoever in the
rights of individual users--they will side with the business owners
every time.  And not to forget they signed off on the Exon Ammendment
much to the contempt of the ACLU.

                         Steve





From bogus@does.not.exist.com  Sat Nov 30 18:25:27 1996
From: bogus@does.not.exist.com (Anonymous)
Date: Sat, 30 Nov 1996 18:25:27 -0800 (PST)
Subject: denial of service and government rights
Message-ID: <199612010225.VAA05194@dhp.com>



This thread is probably already due for a change in
the Subject line, but I'll leave it untouched for 
the moment.

On 30 Nov 96 at 13:10, Black Unicorn wrote:

> On Fri, 29 Nov 1996, Greg Broiles wrote:

> [...]
> 
> > I don't see any reason why this wouldn't be true for a
> > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure 
> > (but seizure is not forfeiture) of "property that 
> > constitutes evidence of the commission of a
> > criminal offense". 
> 
> It is true of computers.
> Take the case of Ripco (the Chicago BBS raided in the 
> SunDevil raids back when).
> 
> I don't think "Dr. Ripco" has yet gotten his equipment 
> back.  I don't know for sure, but what I do know is 
> that 5 years after the raid, he still had certainly 
> not gotten anything back.
[....] 
> Recall also that Ripco was never specifically charged 
> (or the minor charges that they did try to pin didn't 
> stick).
> 
> Also recall that Ripco (now ripco.com) was raided with a
> -sealed- warrant. I dont think that the contents of that 
> warrant have, even today, been released (though I could 
> be mistaken).  Certainly 5 years after they had not.

[....]
> > But there's a big difference between "seizure" and 
> > "forfeiture".
> 
> I'd argue with computer hardware it is a distinction 
> without a difference. Seizing computer hardware (like 
> Ripco's stuff) for in excess of 5 years is tantamount
> to forfeiture given depreciation and so forth.
> 
> Add to this the very liberal rules about how long the 
> feds can take to even CHARGE you with a crime after 
> seizure....

And it sums to a very bleak picture, indeed.

[....]
> > So yes, there may be a statute which gives title to
> > the government in computers used to commit crimes, 
> > and no, the Supreme Court won't necessarily care 
> > about an "innocent owner".
> 
> Again, I would argue that such a statute needn't even 
> exist given the rules already well estlablished and 
> demonstrated in action with regard to indefinate 
> seizure of computer hardware even in the absence of 
> criminal claims against the owner.

Please forgive my naivete, but are there no legal
weapons available to the 'victims' in such cases?
I'm passingly familiar with the Operation Sundevil
fiasco -- i.e., with the outcome re the principal
'charges'.  I'm appalled, however, at the apparent 
lack of remedies for return of such seized property.
Are individuals who find themselves in such a 
predicament simply at the government's mercy (there's
an oxymoron for ya)??


Tired Fighter






From dthorn at gte.net  Sat Nov 30 18:47:45 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 30 Nov 1996 18:47:45 -0800 (PST)
Subject: IPG algorithim
In-Reply-To: <199611302118.NAA12825@slack.lne.com>
Message-ID: <32A0EE99.1023@gte.net>


Eric Murray wrote:
> I have translated the IPG algorithim's "engine" to C, to generate

[snippo]

Now that's what I call amazing.  Maybe I could rewrite PGP
tomorrow (hee hee).






From dthorn at gte.net  Sat Nov 30 21:52:17 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 30 Nov 1996 21:52:17 -0800 (PST)
Subject: denial of service and government rights
In-Reply-To: <199612010225.VAA05194@dhp.com>
Message-ID: <32A11CFB.421@gte.net>


Tired.Fighter at dhp.com wrote:
> On 30 Nov 96 at 13:10, Black Unicorn wrote:
> > On Fri, 29 Nov 1996, Greg Broiles wrote:
> > > I don't see any reason why this wouldn't be true for a
> > > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure
> > > (but seizure is not forfeiture) of "property that
> > > constitutes evidence of the commission of a
> > > criminal offense".

[snip]

> Please forgive my naivete, but are there no legal
> weapons available to the 'victims' in such cases?
> I'm passingly familiar with the Operation Sundevil
> fiasco -- i.e., with the outcome re the principal
> 'charges'.  I'm appalled, however, at the apparent
> lack of remedies for return of such seized property.
> Are individuals who find themselves in such a
> predicament simply at the government's mercy (there's
> an oxymoron for ya)??

Just in case someone replies saying "It's not all that bad", or "It can't
happen here", etc., you should know this:

The United States government has not been responsive to the people for
a long time, but what's become evident in recent years is that they're
also no longer responsive to basic law and order.

They do respond to extreme pressure, as was applied in the Weaver, Waco,
and other similar cases, but, as a general rule, they do whatever they
want all the way to the top of the Justice dept. with impunity.

Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
niece(?) of a Kuwaiti official to testify in front of Congress in full
view of the American people on television, that the Iraquis were throwing
babies out of incubators in Kuwait, thereby securing the necessary votes
in Congress to prosecute the Gulf War.

When it was discovered (after the "war") that the Incubator Baby Scandal
was a lie, nobody was prosecuted.  Further, in blatant violation of the
U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth
II of England.

There are also numerous examples of the Justice dept. being caught red-
handed forging documents to frame people for whom they had no evidence or
insufficient evidence to prosecute, and what happens in those cases?
Nothing.






From unicorn at schloss.li  Sat Nov 30 21:53:04 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 30 Nov 1996 21:53:04 -0800 (PST)
Subject: denial of service and government rights
In-Reply-To: <199612010225.VAA05194@dhp.com>
Message-ID: <Pine.SUN.3.94.961201004837.5120U-100000@polaris>


On Sat, 30 Nov 1996, Anonymous wrote:

> > Again, I would argue that such a statute needn't even 
> > exist given the rules already well estlablished and 
> > demonstrated in action with regard to indefinate 
> > seizure of computer hardware even in the absence of 
> > criminal claims against the owner.
> 
> Please forgive my naivete, but are there no legal
> weapons available to the 'victims' in such cases?
> I'm passingly familiar with the Operation Sundevil
> fiasco -- i.e., with the outcome re the principal
> 'charges'.  I'm appalled, however, at the apparent 
> lack of remedies for return of such seized property.
> Are individuals who find themselves in such a 
> predicament simply at the government's mercy (there's
> an oxymoron for ya)??

Of course you can fight a seizure, and try to compell them to return your
property.  About all they have to say to get a judge to look at you like
you're crazy is "Your Honor, this is material evidence being used in the
ongoing investigation of a crime.  We can't simply hand it back and try
and rent time with it to do our forensics tests...."


--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland






From deviant at pooh-corner.com  Sat Nov 30 22:01:51 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sat, 30 Nov 1996 22:01:51 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130031128.19278J-100000@citrine.cyberstation.net>
Message-ID: <Pine.LNX.3.94.961201055717.6492A-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 30 Nov 1996 wichita at cyberstation.net wrote:

> 
> 
> On Sun, 24 Nov 1996, Ben Laurie wrote:
> 
> > The Deviant wrote:
> > > 
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > 
> > > On Sun, 24 Nov 1996, John Anonymous MacDonald wrote:
> > > 
> > > > 
> > > > At 6:56 PM 11/23/1996, The Deviant wrote:
> > > > >On Sat, 23 Nov 1996, John Anonymous MacDonald wrote:
> > > > >> The good news is that you can prove a negative.  For example, it has
> > > > >> been proven that there is no algorithm which can tell in all cases
> > > > >> whether an algorithm will stop.
> > > > >
> > > > >No, he was right.  They can't prove that their system is unbreakable.
> > > > >They _might_ be able to prove that their system hasn't been broken, and
> > > > >they _might_ be able to prove that it is _unlikely_ that it will be, but
> > > > >they *CAN NOT* prove that it is unbreakable.  This is the nature of
> > > > >cryptosystems.
> > > > 
> > > > Please prove your assertion.
> > > > 
> > > > If you can't prove this, and you can't find anybody else who has, why
> > > > should we believe it?
> > > 
> > > Prove it?  Thats like saying "prove that the sun is bright on a sunny
> > > day".  Its completely obvious.  If somebody has a new idea on how to
> > > attack their algorithm, it might work.  Then the system will have been
> > > broken.  You never know when somebody will come up with a new idea, so the
> > > best you can truthfully say is "it hasn't been broken *YET*".  As I
> > > remember, this was mentioned in more than one respected crypto book,
> > > including "Applied Cryptography" (Schneier).
> > 
> > It seems appropriate to quote Schneier on the subject:
> > 
> > "Those who claim to have an unbreakable cipher simply because they can't break
> > it are either geniuses or fools. Unfortunately, there are more of the latter in
> > the world."
> >
> I cannot argue with that, obviously he is correct.
> > 
> > And...
> > 
> > "Believe it or not, there is a perfect encryption system. It's called a
> > one-time pad..."
> > 
> Paul Bradley and others believe that you can brute force One Time Pads.
> Of course, you cannot and neither can you brute force our system. It is
> mathematically impossible as we have expounded on at length in past
> postings.
> 
> With Kindest regards,
> 
> Don Wood
> 

The closest anybody has come to mathematically proving anything about the
IPG algorithm was what you just said, which is nothing.  "It has been
proven" and "we have posted proof" are neither mathematical nor proof.


 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

It would be illogical to assume that all conditions remain stable.
                -- Spock, "The Enterprise Incident", stardate 5027.3


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqEenzCdEh3oIPAVAQENdgf+KaWnvbuaJ9cNruJCSWV9n32/YOsOZwyJ
HhRLUCrDDhzxMPTOkxmj749qt/mIruOFVjMHBz8bIdnzY43Q16Tt3LTC6cII8pvA
i45R4OLnpG6zmKK+/w2/ewMhdpEL5P8f1Pjlzl3VhBqpriC7S22VIhSrc+gA1WTD
z9UwJDtt3w54i3P74r+n8HFWjN8pI/Mu3S6og1rPytavxf/xlEmnTjEA/bEKEq36
3DSNgLBC7dslm/qvc7UKghKBPhPFGc3LiYGdWamTO2YPtn4+rHb8ObGG+Gy441ZC
fFngIJ8T8cTWEDqEQtkdQrkxuBRueomUsKRygJjpw9it4+wTN7OjKQ==
=nR5o
-----END PGP SIGNATURE-----






From dthorn at gte.net  Sat Nov 30 22:06:05 1996
From: dthorn at gte.net (Dale Thorn)
Date: Sat, 30 Nov 1996 22:06:05 -0800 (PST)
Subject: denial of service and government rights
In-Reply-To: <199612010552.XAA08222@mail.gte.net>
Message-ID: <32A1203E.502B@gte.net>


Mail Delivery Subsystem wrote:
> ----- The following addresses had delivery problems -----
> <Tired.Fighter at dhp.com>  (unrecoverable error)
> 550 <Tired.Fighter at dhp.com>... User unknown

>    ----- Original message follows -----
> Tired.Fighter at dhp.com wrote:
> > On 30 Nov 96 at 13:10, Black Unicorn wrote:
> > > On Fri, 29 Nov 1996, Greg Broiles wrote:
> > > > I don't see any reason why this wouldn't be true for a
> > > > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure
> > > > (but seizure is not forfeiture) of "property that
> > > > constitutes evidence of the commission of a
> > > > criminal offense".
> 
> [snip]
> 
> > Please forgive my naivete, but are there no legal
> > weapons available to the 'victims' in such cases?
> > I'm passingly familiar with the Operation Sundevil
> > fiasco -- i.e., with the outcome re the principal
> > 'charges'.  I'm appalled, however, at the apparent
> > lack of remedies for return of such seized property.
> > Are individuals who find themselves in such a
> > predicament simply at the government's mercy (there's
> > an oxymoron for ya)??
> 
> Just in case someone replies saying "It's not all that bad", or "It can't
> happen here", etc., you should know this:
> 
> The United States government has not been responsive to the people for
> a long time, but what's become evident in recent years is that they're
> also no longer responsive to basic law and order.
> 
> They do respond to extreme pressure, as was applied in the Weaver, Waco,
> and other similar cases, but, as a general rule, they do whatever they
> want all the way to the top of the Justice dept. with impunity.
> 
> Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> niece(?) of a Kuwaiti official to testify in front of Congress in full
> view of the American people on television, that the Iraquis were throwing
> babies out of incubators in Kuwait, thereby securing the necessary votes
> in Congress to prosecute the Gulf War.
> 
> When it was discovered (after the "war") that the Incubator Baby Scandal
> was a lie, nobody was prosecuted.  Further, in blatant violation of the
> U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth
> II of England.
> 
> There are also numerous examples of the Justice dept. being caught red-
> handed forging documents to frame people for whom they had no evidence or
> insufficient evidence to prosecute, and what happens in those cases?
> Nothing.






From deviant at pooh-corner.com  Sat Nov 30 22:19:24 1996
From: deviant at pooh-corner.com (The Deviant)
Date: Sat, 30 Nov 1996 22:19:24 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <Pine.BSI.3.95.961130033459.19278M-100000@citrine.cyberstation.net>
Message-ID: <Pine.LNX.3.94.961201061412.6492B-100000@random.sp.org>


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 30 Nov 1996 wichita at cyberstation.net wrote:

> No correct period, for the same reason. To paraphrase Gertrude Stein, an
> OTP is an OTP is an OTP.

And IPGs algorithm is not OTP, so what you're saying is irrelevant.

> More dumbest information, from FAT BRAIN. If an OTP is used more than
> once, it is not an OTP by definition. Plaintext xor Plaintext, even in

Correction.  If I generate a completely random number, and use it in my
pad, and then generate another random number, and the 2 randoms happen to
be the same, they are still perfectly valid pads; as long as the numbers
were truly random.  Don't get me wrong -- its still stupid to use the same
one twice, and it defies the point, but it is not "not an OTP by
definition".

> derivative forms. Like so much of his dribble, that paragraph contains 
> some words but I challenge anyone to tell us what it means. It simply
> does not say anything which translates into anything meaningful.    

Stop describing what you write.

> Frequently, you fill in some, and maybe even all of the plaintext, if you
> have part of the plain text, for example if you have the partial signature
> of a message emanating from the White House of:
> 
>        Wi      Jef            on
> 
> You might reasonably conclude that the missing characters could be filled
> in to be: 
>         
>        William Jefferson Clinton
> 
> 
> Two plaintexts xored together can reveal much more than you might think.
> 

This is, as they say, completely irrelevant.

> Don Wood

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Unix is the worst operating system; except for all others.
                -- Berry Kercheval


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMqEjBDCdEh3oIPAVAQFu4Af+NhUpKK24vICvSbV6v5YdQUxGoegwFk8j
S0K0KM3HN7cLnLDPQPWnjtLROkDmh3RBzYZ9DurJmtVX9qC9d95hca4Z+6jyvdJx
oQaUYFil9X7hukQZPU3idsX6XsmXCJXUpB/v+XktfkeqC0Rzp9h1fAVfAu7JNA7b
q/TbCah4yLe4WZORnySds4nTd0hq19niyO6XCesEddL6DEOS2i5rtRe/ATXSmelu
vX16LpvsUIkiyCLMpnPQWBNZbSPOZ9OXDGgj4NNKGP0EFI/eNzwQdNNuBc7dXELk
+g3Dk7F9co0HhqmoDjoX7B3l3MnvozziepfV7KAh5O7cr+iFa7lecQ==
=aeRZ
-----END PGP SIGNATURE-----






From grafolog at netcom.com  Sat Nov 30 22:24:57 1996
From: grafolog at netcom.com (jonathon)
Date: Sat, 30 Nov 1996 22:24:57 -0800 (PST)
Subject: Announcement: Very Good Privacy
In-Reply-To: <Pine.LNX.3.95.961130131239.357A-100000@gak.voicenet.com>
Message-ID: <Pine.SUN.3.95.961201061050.6961C-100000@netcom23>


On Sat, 30 Nov 1996, Mark M. wrote:

> On Sat, 30 Nov 1996, jonathon wrote:
> > On Fri, 29 Nov 1996, Mark Rosen wrote:
> > > 	I have written an encryption program called Very Good Privacy 
> > 	Trademark violation here.   Probably not a good thing.
> Nope.  "Pretty Good" is trademarked, but "Very Good" isn't.

	Very Good Privacy is violating the trademark of Pretty Good
	Privacy.   At least this is a simple, straightforward 
	easy to see and easier to sue on violation than most 
	other trademark violation cases are.

> > 	I'm not sure how an encryption product that uses encryption
> > 	algorithms weaker than Pretty Good Privacy can be described
> Both programs use IDEA.  How is this weaker?

	IDEA & RC4 were the only algorithms listed that AC2
	doesn't list 
	as having a security flaw.  And that isn't even true, if 
	one considers "weak keys" to be a security flaw, for IDEA.
	
	Some of the others are breakable on the fly, by a human.	

> RC4 has stood up to cryptanalysis.  It's secure as long as the same key
> isn't used twice.

	"Not used twice" is the operative phrase.

        xan

        jonathon
        grafolog at netcom.com



	SpamByte:  The amount of spam Sanford Wallace sends to AOL
		   in one 24 hour period.  
		   Roughly 1 000 Terabytes sent every 24 hours.  

	T3 Connection:   The connection that AOL needs to deal with 
		the spam Sanford Wallaces send to them in one day,
		so that legitimate users can contact people at AOL.

	






From kozubik at shoelace.FirstLink.com  Sat Nov 30 22:32:52 1996
From: kozubik at shoelace.FirstLink.com (John Kozubik)
Date: Sat, 30 Nov 1996 22:32:52 -0800 (PST)
Subject: The Difference Between The Right And Left
In-Reply-To: <Love@22594>
Message-ID: <Pine.SOL.3.91.961130233129.9314A-100000@shoelace.FirstLink.com>


> 
> 	This is, of course, confusing to y'all because your all a
> 	bunch of stupid college kids.

At least we know where to use a contraction............^^^^






From markm at voicenet.com  Sat Nov 30 22:47:09 1996
From: markm at voicenet.com (Mark M.)
Date: Sat, 30 Nov 1996 22:47:09 -0800 (PST)
Subject: Announcement: Very Good Privacy
In-Reply-To: <Pine.SUN.3.95.961201061050.6961C-100000@netcom23>
Message-ID: <Pine.LNX.3.95.961201013725.2291A-100000@gak.voicenet.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 1 Dec 1996, jonathon wrote:

> > > 	I'm not sure how an encryption product that uses encryption
> > > 	algorithms weaker than Pretty Good Privacy can be described
> > Both programs use IDEA.  How is this weaker?
> 
> 	IDEA & RC4 were the only algorithms listed that AC2
> 	doesn't list 
> 	as having a security flaw.  And that isn't even true, if 
> 	one considers "weak keys" to be a security flaw, for IDEA.

My point was that both programs use IDEA, so you couldn't characterize on as
weaker than the other one.  Weak algorithms are an option, but that doesn't
make the program any weaker.

Nearly every algorithm has some weak keys.  One out of every 2^96 IDEA keys
are weak.  If this is considered a security flaw, then every algorithm with
a keyspace of less than 96 bits is a "security flaw" because someone could
pick the correct key on the first try.  Besides, it's easy to prevent weak keys
from being chosen, even though it obviously isn't necessary.

> 	Some of the others are breakable on the fly, by a human.	
> 
> > RC4 has stood up to cryptanalysis.  It's secure as long as the same key
> > isn't used twice.
> 
> 	"Not used twice" is the operative phrase.

That doesn't mean it shouldn't be an option.  I encrypt my files with different
passphrases, so RC4 wouldn't be a problem in a case like that.

Mark
- -- 
finger -l for PGP key
PGP encrypted mail prefered.
0xf9b22ba5 now revoked

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQEVAwUBMqEqQyzIPc7jvyFpAQHTIQf+LtUIH50HH7FKUGq4i9RgM3yDwXLkL1eV
zQJeO862DGGLF/mYy/vs7UH1NQsTu3XR2pT9tWnurboSJgS8qekUfslGo6wb+gyT
u4RoYV7a+h8A2JTUPQKLbJt6uYVw1jLCFfHlo6xkFP9TGedsVWwdB0hE+gX2EJHl
ckMcFKpdNWkYAcdwhKRdXz/737JDlFvNi4s0DyZ5AgP/bcEVqeb7IpBJPEDlu0Jf
GiwJvxtJ7SAcuvkDSUghKVeS8/uL3S6IRY4Gl+t5SYpO2Pf8bGUW3hl60w7dWQa/
WABQ4iDltFYPzBKoskW4vvaOc4bP7FfqVNgmeQyhKdXBd8nXh60tog==
=T2Lb
-----END PGP SIGNATURE-----






From tfs at adsl-122.cais.com  Sat Nov 30 22:55:00 1996
From: tfs at adsl-122.cais.com (Tim Scanlon)
Date: Sat, 30 Nov 1996 22:55:00 -0800 (PST)
Subject: Punative Seizure was: Re: denial of service and ...
Message-ID: <9612010654.AA08123@adsl-122.cais.com>



Tired.Fighter at dhp.com wrote:
> 
> 
> This thread is probably already due for a change in
> the Subject line, but I'll leave it untouched for 
> the moment.

I changed it, because I'm very familiar with what's being discussed.
I also snipped huge chunks, but tried to leave the salient stuff.
  
> On 30 Nov 96 at 13:10, Black Unicorn wrote:
> > On Fri, 29 Nov 1996, Greg Broiles wrote:
> > 
> > > I don't see any reason why this wouldn't be true for a
> > > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure 
> > > (but seizure is not forfeiture) of "property that 
> > > constitutes evidence of the commission of a
> > > criminal offense". 
> [....] 
> > Recall also that Ripco was never specifically charged 
> > (or the minor charges that they did try to pin didn't 
> > stick).
> > Also recall that Ripco (now ripco.com) was raided with a
> > -sealed- warrant. I dont think that the contents of that 
> > warrant have, even today, been released (though I could 
> > be mistaken).  Certainly 5 years after they had not.
> [....]

Yes, it was & is sealed, the justification being that the 
investigation was "ongoing". The whole thig was weak & shameless,
but it works for the feds. Never mind that it's total & utter bullshit.


> > > But there's a big difference between "seizure" and 
> > > "forfeiture".

Not really. Only technicly. The technique used by LEO's is one that is
known as "Punative Seizure", and is well known in the Computer Underground.
It's standard practice for LEO's to engage in seizure of computer 
equipment and just to keep it. Much of the time it is accompanied with
an explicit and literal threat of prosecution if the unindited suspect
asks for the equipment back. It's cheaper than prosecuting, easier to
accomplish, and often achives the goal of "taking the bad guy off the 
street" without resort to such niceties as having a case that would
hold the moisture of a drop of spit.

It is such common practice, that most hackers who have been around for
even short lengths of time are very familiar with the practice. In cases
involving juviniles, it's a very effective technique. In those specific
types of incidents the drill is as follows:

Suspect "H", a 15 year old male, living at home with his parents, does
something to bring him under suspicion that he is involved in computer
fraud. Incidents are ongoing and seem to point to the suspect, local
or federal agents become interested in the suspect due to information
provided by a C.I. So they go fishing, and seize his equipment.

Seizure is accompanied in concert with several other actions and goals,
One of which is to explore the contents of the computer for further
evidence of wrongdoing. Since aquiring search warrents for such actions
are notoriously broad and relativly easy to come by, this is an effective
technique. The seizure usualy is stratigicly done to minimize parental
involvment and possible protections, in order to give investigators time
alone with the juvinile suspect to question him without the intervention
of his guardians. Basicly they want Mom or Pop out of the picture long 
enough to pump the kid for info before the parents can insist on
legal counsel. Obviously they use whatever info they can get...
	Keep in mind a poorly socialized, but bright, teenager is likely
to be a rather talkative target and an easy mark for interrogatory
techniques. "We find they want to talk, and often brag about their
exploits" is such a well worn quote, that I'd have to attribute it
to about 7 sources if I tried... You can extrapolate on this.

The next stage is threats to the parents of the juvinile, usualy big
federal time, that sort of thing, to try to terroroize them into
insisting on little Johnny's co-operation. Usualy this is done without
the advice of counsel if the feds can pull it off. There's a tradition
of inflating numbers far beyond anything rational, so the "damages" are
insanely high, and markedly fictional to anyone who knows how to cost
such stuff out. It's in the favor of everyone involved to 'play ball'
on cost inflation, for a multitude of reasons. Again, you can extrapolate
why. The E911 case is a great example of fictional cost inflation.

At that point they have Johnny under the gun, the parents terrorized,
and can either work that for further co-operation, or let the kid
dangle for a few years & pretty much make sure he never sees a computer.
What can I say, it works for them. Don't expect them to care any,
they've accomplished their goals. Quite often, as I have said, they
will explicitly say "Don't ask for your stuff back or we'll charge you".
(And YES that is a direct quote given to me on more than one occasion
by people who've had such encounters.)

In the case of adult individuals, the setup is nearly the same, wether
it is a consultant running a small buisness, or a college student. The
only big differences are threats to reputation, either academicly, or
in the community at large. After all, once branded an 'evil hacker' by
the police or media, what company would do buisness with such a 
scoundrel. Never mind wether or not they have a thing to do with
computer security, that part's utterly irrelivant. In the case of
college students, usualy it's a threat of expusion & prosecution etc.
Obviously techniques vary. But one thing is clear, there's plenty
of "examples" that have been made to terrorize people. I'm sure
you can think of a few, and probably will sit there and go 'yea but
he deserved it...' Well, when you think that I suggest very strongly that
you rethink it, and consider that perhaps you don't have all, or even
any, facts that have not been spun and spoon fed to you.  

The nuber of such punative seizures that I am aware of runs into
the hundreds.

> 
> And it sums to a very bleak picture, indeed.
> 
Bleak? heh, get used to it. Hell, this is so damned common that
it's made it into comic books as a normal operative procedure.
Look in "The Hacker Files" to find it. It's a comic book put out
in 1993 by D.C. Comics, and in the Jan issue, Vol 6, Page 14-15
you can see  exactly what I'm referencing. Obviously this is not
something new.

This is why the guidelines that were procured via FOIA by EPIC are
so important. Hell, look at the 2600 pentagon-city case for some
real chilling stuff. The Secret Service mounted what amounts to a
covert operation against attendee's at a 2600 meeting at a mall
in Northern Virginia. 

In any case, the search guidelines are pretty important, so is
the Steve Jackson Games case when it comes to ISP/Web Site providers
and the like. As is the ECPA, as it relates to individuals and 
service providers. There is substantive law on this stuff, you just
have to dig a bit to find it. Some of these "high profile examples" 
didn't work out too damned well cause of organizations like the EFF
& later on EPIC and the ACLU. 

Pardon me if I don't seem alarmed or appropriatly indignant, but I've
long since gotten used to getting calls as 4 am from some poor fucking
kid who's had his life ripped to shreds because he was doing something
relativly innocuous but altogether stupid and disruprive enough to
have him attract attention. Much less having similar calls from peoples
counsels who have no freaking clue how to proceed in defending their
clients. 

As for this type of activity from LEO's? Get used to it, this is how
it's done in America. I'm totaly sure that there's going to soon be
some poor freaking ISP out there who's going to be hit with very 
similar techniques, and in all probability prosecuted to provide
an example or 2. They need a few good examples for ISP's really,
there arn't enough right now. And, I am equaly sure that there's been
some quiet seizures & returns with deals involving "co-operation" 
of ISP's for warez and the like. 

I sure as hell have a very hard time beliving that Sameer and everyone
else who got hit with him by the SPA and their fucking goons were 
unique. I suspect they were to be an "example" however, as the SPA
has a traditional role of both being stooges & goons for Federal Law
Enforcment, and an appropriately one-step-removed publicity outlet. 
The SPA is much like what "railroad security" was in the 1800's,
basicly a private police force that operates allmost outside the law.

As to what anyone can do? Well not much, from what I've seen. It's
just not trendy to defend individual civil liberties, the EFF tossed
in the towel in favor of Telco donations. EPIC is doing a good job
with the resources they have, they could use some serious donations,
and it would be money well spent. Beyond that you have the ACLU, and
that's pretty much it. Too many software and hardware corporations
lost any moral compass at the end of the 80's and in the early 90's,
and don't consider such things to be a neccesary part of their world.
It's hard to compete with guys in black suits who wave the flag allot
and mutter about secrecy and such things. They're the same damned
bunch that want us all to have GAK too, so don't think you're somehow
immune cause you arn't a "hacker". You may soon be a 
"pirate cryptographer", and find yourself in the company of child
pornographers and terrorists. (What? Oh you've noticed you allready ARE?,
well, get used to it, it's only gonna get louder. First they came for
the hackers, now it's your turn.) 


Tim



 







From dlv at bwalk.dm.com  Sat Nov 30 23:30:16 1996
From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 30 Nov 1996 23:30:16 -0800 (PST)
Subject: IPG Algorith Broken!
In-Reply-To: <199611301830.MAA14034@manifold.algebra.com>
Message-ID: <D4q9XD10w165w@bwalk.dm.com>


ichudov at algebra.com (Igor Chudov @ home) writes to Don Wood:
>
> I.e., your bashing of Paul Bradley, for example, may or may not
> concvince me that Paul does not understand cryptography.

However Paul Bradley's own rants, such as the recurrent discussion of
"brute force attacks on one-time pads" should convince everyone that
Paul Bradley doesn't know anything about cryptography and is unwilling
to learn.

As a teacher, I'm used to getting a class full of people who don't know
much about the subject at the beginning of the semester and learn a great
deal about it by the end of the semester. If you've never taught, you
can't imagine the feeling of accomplishment and personal satisfaction that
comes with it.

I get occasional assholes who are unwilling and unable to learn. I've never
seen a gang so dense as the "cypherpunks". Not even on Usenet.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





From unicorn at schloss.li  Sat Nov 30 23:56:37 1996
From: unicorn at schloss.li (Black Unicorn)
Date: Sat, 30 Nov 1996 23:56:37 -0800 (PST)
Subject: denial of service and government rights
In-Reply-To: <32A1203E.502B@gte.net>
Message-ID: <Pine.SUN.3.94.961201024623.5120X-100000@polaris>


On Sat, 30 Nov 1996, Dale Thorn wrote:

> > Just in case someone replies saying "It's not all that bad", or "It can't
> > happen here", etc., you should know this:
> > 
> > The United States government has not been responsive to the people for
> > a long time, but what's become evident in recent years is that they're
> > also no longer responsive to basic law and order.
> > 
> > They do respond to extreme pressure, as was applied in the Weaver, Waco,
> > and other similar cases, but, as a general rule, they do whatever they
> > want all the way to the top of the Justice dept. with impunity.
> > 
> > Example:  George Bush's old pal at the Wash. DC P.R. firm hires the
> > niece(?) of a Kuwaiti official to testify in front of Congress in full
> > view of the American people on television, that the Iraquis were throwing
> > babies out of incubators in Kuwait, thereby securing the necessary votes
> > in Congress to prosecute the Gulf War.

At that time the country was already at war and if you read the war powers
act and look at the dates, you'll find that he probably could have
prosecuted it without congress.

60 minutes did a nice piece on this, BTW, and even they admitted that the
wool might have been pulled over the eyes of the Bush Staff.

> > When it was discovered (after the "war") that the Incubator Baby Scandal
> > was a lie, nobody was prosecuted.

Prosecuted for what?

> > Further, in blatant violation of the
> > U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth
> > II of England.

Careful.  The knighthoods in question (Knight's Cross of the Victorian
Order if I recall) do not infringe on foreign decorations restrictions
when they are granted in an honorary context, as both were - again if my
recall is correct.

Several American citizens have been inducted into foreign orders of merit
and some have been inducted into badge and even sash orders.

One noteable was even inducted into the Order of the Bath (extra points
for the name of said citizen).

> > There are also numerous examples of the Justice dept. being caught red-
> > handed forging documents to frame people for whom they had no evidence or
> > insufficient evidence to prosecute, and what happens in those cases?
> > Nothing.

Examples...?

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland