The problem of playing politics with our constitutional rights

Alan alan at ctrl-alt-del.com
Sun Sep 21 23:51:14 PDT 1997



At 12:45 AM 9/22/97 -0500, snow wrote:
>
>> Ok, we write code.  But as James S. Tyre pointed out, if the code is
>> too difficult to use it will not be.  And as Declan pointed out
>> many/most people will not use the crypto if they must think about it.
>> Writing the code is no longer enough.  The code must be usable by the
>> sheeple to work.  How do we do that?
>
>	Pay someone to write easy to use interfaces to the crypto libraries
>already out there. 

The code also has to do some good.  Currently there are some gaping holes
that I have not seen anyone cover very well.  (At least not in a way that
most users could actually use.)

Take, for example, the average home user.  They will most likely be running
Windows 95 or Windows 3.1 on a PC (486 or pentagram processor).  They
connect to the net via TCP/IP over a dialup link.

Now since Louie "tap'em all, let the FBI sort em out" Freeh may or may not
have that 1% of the phone switch tapped, the part that travels over the
phone is vulnerable.  (Microsoft was working on an SSL enabled winsock.dll,
but it has been dropped.  (Any ideas why? *wink* *wink* *nudge* *nudge*
*say no more*))

Even if the person uses PGP for all their mail, the sites they surf, the
ftp sites they visit, and all the addresses they send mail to will still be
visible to the prying eyes of anyone who has the resources to tap the phone
line.

This is something that needs to be covered.  How about an ssl enabled PPP
daemon, as well as the winsock layer to support it? Then you have to get
ISPs to use it. 

IPSec does not (as far as I can tell) resolve this problem, not does it
look like an option for the home user.  (From what I have seen (and I may
be wrong), the key distribution is tied to IP address.  What about dynamic
IP addresses?)  Are there any of the IP encryption key exchange protocols
that deal with dynamic IP?  (And/or have a windows based client?)

SSH is a possible option, but it requires a fair bit of knowledge and
another site to connect to that has not been compromised and where you have
a shell account.  (Most ISPs do not support SSH.  Some do not give you a
shell account.) There is also the possibility of apps not talking through
the IP tunnel and revealing unintended information.

Mail is another hole.  Eudora now distributes PGP 5.0 with the latest
version.  (This version does not do RSA keys. You can get the plug in to do
those keys from PGP inc.)  This is helpful, but there are many other
plug-ins that need to be written.  Support for remailers is lacking.
Windows based code for Mixmaster is also a needed thing.  A good interface
would help immensely.  (Private Idaho was a big step in the right
direction. Integrated with a remailer people already use would be another
big step forward.)

I am sure that people can think of all sorts of other ideas for needed
apps.  But to make them usable for the "general public", the apps will be
needed to be written for Windows.  (As much as I hate to think about it...)

---
|              "That'll make it hot for them!" - Guy Grand               |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano at teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan at ctrl-alt-del.com|







More information about the cypherpunks-legacy mailing list