Thanks for the living hell, and question about OpenSSL

[Tim May]

On Friday, April 25, 2003, at 11:20  AM, Patrick Chkoreff wrote:
> Sincere thanks to everyone for the living hell I went through 
> yesterday.
>
> I do understand the rationale for blinding now.  The math was never the
> problem.  I was mistakenly thinking that because my sacred code did not
> in fact record any IP-based transmission logs, users were safe as far
> as anonymity and privacy were concerned.  What I missed was that if
> someone put a gun to my head and said "Put in some code to keep
> transmission logs and don't tell anybody or I'll kill your family," I
> would in fact obey and the security of the system would be compromised
> without anyone knowing.  As RAH says, force monopolies are a bitch.

More importantly, if there is any way for you to track digital money, 
then whether you _claim_ to be "not recording" or not is irrelevant.

Without blinding (or similar), a system is just another "trust me" 
system.

And "trust me" systems are not interesting.

Not meaning to sound too harsh, but you need to think deeply about what 
cryptography is all about and why "trust me, I promise not to look" 
systems are not desirable or interesting.

(The cipher equivalent of your "because my sacred code did not in fact 
record any IP-based transmission logs" is just the usual central key 
server example: "Digital Datawhack generates keys for its customers but 
does not in fact record them." Yeah, right.)


--Tim May
"A democracy cannot exist as a permanent form of government. It can 
only exist until the voters discover that they can vote themselves 
money from the Public Treasury. From that moment on, the majority 
always votes for the candidate promising the most benefits from the 
Public Treasury with the result that a democracy always collapses over 
loose fiscal policy always followed by dictatorship." --Alexander 
Fraser Tyler