Government subsidies: our last, best hope for Cryptanarchy?

[Adam Shostack]

Hey, most of your points about crypto going under the hood are well
taken.  I wanted to echo Peter Gutmann's comments about PGP, and add
that I see PGP as a protocol, and most of the protocols I use daily
(TCP, IP, UDP, DNS, HTTP, SMTP) have not changed in the last 10 years
and I don't need to upgrade my software to deal with them.  Looking at
PGP as a protocol gives you a different perspective.  (I also see
.doc, .xls and .ppt as protocols, and bad ones)

Adam


On Fri, May 24, 2002 at 01:44:53AM -0700, Lucky Green wrote:
| You may be asking yourself: where, oh where, has all the crypto gone?
| Where are the BlackNet's? Where is the untraceable Ecash? Where is the
| Cryptanarchy that we've been waiting for? For that matter...where is the
| crypto?
| 
| The staunchest Cypherpunk will by now have noticed that PGP/GPG usage
| even amongst list members, once the bellwether indicator of Cypherpunks
| crypto adoption success, is in decline.
| 
| NAI has pulled PGP off the shelves. Conspiracy theories as to what may
| have been driving this business decision abound. The fact of the matter
| is that the usage of PGP by businesses, the sole significant source of
| NAI PGP revenue, had long passed its peek. How many business do you know
| that rolled out PGP in the last year? How many do you know that quietly
| stopped using PGP after formally adopting its use with big fanfare a few
| years ago? The facts are that there are more of the latter than of the
| former. Did NAI receive The Briefing? I don't know. Nor does it really
| matter. There wasn't enough money to be made with PGP.
| 
| A well-respected Cypherpunk recently expressed hope that if NAI's PGP
| were to disappear for good, perhaps compatibility problems amongst
| versions of PGP would diminish. A plausible sounding theory, if one were
| to assume that the compatibility problems amongst versions of PGP are
| between versions produced by different vendors. Presumably, the theory
| would go, with only one major supplier left standing, that being GPG
| (yes, I am aware there are others), interop problems with other vendors'
| implementations would pretty much disappear by definition.
| 
| However, a closer inspection of the PGP interoperability problems, which
| have been at one of the issues coming up in just about every single
| discussion I've had with anybody about PGP over the last year, shows
| that the interop problems are not between current versions by multiple
| vendors, but between versions, in some cases by the same vendor, that
| were released over time. The current version of NAI-PGP will
| interoperate just fine with the current version of GPG.
| 
| So why is PGP interoperability such a frequently raised issue? And why
| does the importance of this topic seem to diminish the further away you
| stray from Cypherpunks into the realms of the casual PGP users? The
| answer to the second question is straight-forward. Even the most casual
| user of software tends to be familiar with and acceptant of the need for
| occasional software upgrades. It appears that those that are
| experiencing interop problems are those that are insisting on using up
| to 5-year old versions of PGP. It is true and should come as no surprise
| that those 5-year old versions do indeed have interop problems with
| newer versions of PGP.
| 
| Some may say: I shouldn't need to keep on upgrading my software to be
| able to send encrypted email. Does anybody seriously believe that those
| that insist on using 5-year old versions of PGP have not upgraded their
| operating systems in those 5 years? Indeed, upgraded more their
| operating systems more than once? Or does anybody seriously believe that
| those that insist on using old versions of PGP still run the exact same
| version of their MUA and text editor as they did 5 years ago? Of course
| they don't. If they did, their boxes would long have become unusable due
| to the warez traffic taking place on the machines as a result of the
| countless remote exploits discovered over these last 5 years.
| 
| The reluctance to upgrade to a newer version of PGP does not appear to
| be driven by a refusal or inability to upgrade software in general. This
| reluctance to upgrade appears PGP specific. Why this is the case I do
| not know. (And don't greatly care. I am running the latest version of
| NAI PGP and I can make my copy talk to any version of PGP 2.x or
| higher).
| 
| Now perhaps there may be the rare case of a PGP user that is still
| running PGP 2.x on the same DOS box, using the same mailer and the same
| text editor as they did 5 years ago. I don't know of any such users, but
| that doesn't mean no such users exists within the vastness of the
| Internet. What I do know is that those that I am aware of that are
| complaining about PGP version interoperability problems do not fall into
| the rare category of users who have not upgraded any software at all for
| the last 5 years.
| 
| Since the existence of multiple PGP software providers has not been the
| cause of the interop problems experienced by some, reducing the number
| of PGP implementation providers should not be expected to have a
| significant impact on the number or severity of PGP interop problems
| experienced by the users.
| 
| The same Cypherpunk expressed a hope that absent NAI's PGP, the German
| government group currently funding GPG might be more inclined to fund UI
| work for Windows. Perhaps they would. Assuming for a moment they will,
| would this lead to a better PGP Windows UI than NAI's PGP offered? NAI's
| PGP UI is pretty darn good. Looking at the sorry state of UI's currently
| offered for GPG, even with government funding, I suspect that it will be
| a long time indeed before we will see a GPG UI that will compare
| positively to the current NAI PGP UI. Of course Cypherpunks know that it
| is dangerous to base one's hope for the development of a Cypherpunk
| tools on funding by a government. Be that the US government or the
| German government. Strongly pro-crypto German governmental officials
| have been know for their propensity to stumble out of the windows of
| high story buildings. Warnings regarding the dangers that may lure in
| parking lots come to mind.
| 
| Where has the crypto gone? The crypto has gone under the hood, away from
| the UI, to a place where the crypto will be of most use to the average
| user. Yes, for crypto to be secure against the active, well resourced,
| attacker, the crypto must at one point touch the user to permit the user
| to make a trust decision. But to secure communications from passive
| and/or less resourced attacker, crypto can be placed under the hood.
| 
| I bet a good percentage of the readers of this list that still require
| to be engaged in a form of employment nowadays access their company
| network via some form of VPN. Up by orders of magnitude from a few years
| ago. More importantly, a good percentage of users that have never heard
| of this mailing list and will never hear of this mailing list are using
| strong crypto to access their company's information. The percentage of
| users utilizing strong crypto is increasing daily.
| 
| Another major segment of Internet infrastructure in which strong crypto
| is rapidly becoming the default rather than the exception, at least
| amongst those running their own servers, is SMTP. The percentage of SMTP
| connections to my mail server that use TLS to encrypt SMTP has grown
| from around 30% a few months ago to well over 60% today. This increase
| in the use of STARTTLS on SMTP appears to parallel a loss of sendmail
| MTA market share in favor of postfix. It is just too darn easy to turn
| on support for STARTTLS during a migration to postfix, hence most sites
| performing such a migration appear to do so.
| 
| (I am aware that sendmail and qmail support STARTTLS as well, but the
| increases in the use of STARTTLS that I am seeing at my SMTP server
| coincides with sites switching MTA's to postfix. I see a handful of
| qmail sites using TLS, representing a fraction of the postfix sites, and
| no sendmail site that I have noticed. Having once considered activating
| STARTTLS in sendmail myself, I vividly recall myself reading the
| instructions, bursting out laughing, followed by my researching
| competitive MTA's. Within a week I had switched to postfix. Wished I had
| done so years ago. All these hours that I wasted over those years...
| YMMV).
| 
| An interesting side-effect of the increased adoption of MTA's and MUA's
| that support STARTTLS is that I now have a link that is secure against
| passive eavesdroppers to the majority of those with whom I regularly
| correspond in encrypted email. Is protection against only passive
| eavesdroppers good enough for me? No. Are we a heck of a lot further
| along than we were 5 years ago? I would argue that we are.
| 
| Where has all the crypto gone? It has gone mainstream. Some of you may
| remember the discussions from years ago how we should try to find a way
| to make crypto cool and attractive for the average person.
| 
| This afternoon, I installed the "Britney Spears SmartFlash Kit" on my
| Windows XP test box. For $29.95 plus shipping and handling, you too can
| own a Britney SmartFlash Kit, which includes a USB smartcard reader, a
| Gemplus smartcard (both the reader and card are graced with pictures of
| Britney), and a CD with Gemplus GemSafe smartcard crypto driver software
| (the click-wrap EULA reminds you that export to Cuba, Libya, and other
| naughty countries or those developing biological weapons is strictly
| prohibited. Sorry pop music fans located in Cuba or at the CDC).
| 
| Once you installed the gear and inserted your one of 5 possible Britney
| Spears' smartcards (collect all 5), you will automatically be taken to a
| client-authenticated, 128-bit RC4 encrypted website that provides you
| with exclusive access to such exciting content as 45 second QuickTime
| clips of Britney purchasing chocolates and of course Fe's (Britney's
| most trusted advisor) indispensable advice column. A representative
| sample question follows.
| 
| "Dear Fe:
| I'm 14 but my parents treat me like I am 10! They won't let me go out at
| night, and won't even let me bring a boy to the Homecoming dance. I'm in
| high school and want to do all the things that go along with that, but
| they won't let me! -- Trying to Grow Up, Americus, GA".
| 
| I will spare you Fe's answer (get your own smartcard :), but I won't
| spare you this: if you wonder where crypto has gone, you need to look no
| further than Americus, GA. If the question posed to Fe leaves any doubt
| about the nouveau crypto users' demographics, a drop-down list inquiring
| about the user's age to participate in a contest (smartcard required)
| should help clarify matters. The age selections offered are: [2-6],
| [7-12], [13-15], [16-18], [over 18]. Do not worry should your parents
| disapprove of your choice of music. If you hear your parents walk up to
| your door, just yank the card out of the reader and your browser will
| close instantly.
| 
| Crypto has gone as mainstream as can be. While crypto for crypt's sake
| may not have become cool to everybody, crypto has become a Must Have for
| your average 14 year-old high school freshman girl. Crypto has become
| ubiquitous.
| 
| http://www.britneyspears.com/smartflashcard/index.php
| 
| As to when we'll see BlackNet and untraceable Ecash, who knows. Here's
| hoping to 2005.
| 
| [In the time it took me to write this post, another of the regular
| entries in my maillog has turned on STARTTLS, protecting the SMTP
| connection with EDH and 3DES].
| 
| --Lucky
| 

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume