Thanks for the living hell, and question about OpenSSL

[Patrick Chkoreff]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sincere thanks to everyone for the living hell I went through yesterday.

I do understand the rationale for blinding now.  The math was never the 
problem.  I was mistakenly thinking that because my sacred code did not 
in fact record any IP-based transmission logs, users were safe as far 
as anonymity and privacy were concerned.  What I missed was that if 
someone put a gun to my head and said "Put in some code to keep 
transmission logs and don't tell anybody or I'll kill your family," I 
would in fact obey and the security of the system would be compromised 
without anyone knowing.  As RAH says, force monopolies are a bitch.

So I'm taking blinding under my wing and working out some example 
scenarios of exactly how a system might work.  I want to be able to 
describe it to novices.  For example, you go to the post office and 
ship 10 gold coins to such-and-such bank.  After they receive the 
coins, you fire up this program on your computer and do this-and-that.  
Then to transmit value to your friend in Helsinki, you do this other 
thing over here.  Then your friend in Helsinki fires up a program and 
does such-and-such, and three days later 7 gold coins appear on his 
doorstep.  That kind of thing.  Something that makes a roomful of 
people who know nothing about modular arithmetic brighten up and think 
"Hey, I really think I could *use* that."

On a technical note, I really like what I see at http://openssl.org and 
I'm mucking around with it as a possible platform.  Does anybody have 
any comments or concerns regarding the suitability of OpenSSL for the 
purposes we are discussing here?

- -- Patrick
http://fexl.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPql8dlA7g7bodUwLEQKZVACgsNa3EpC7JbZU8uG2HiSmwuj91MoAoL4Z
h5uLPRjXdbdOtCCTsclCAy8X
=YlsU
-----END PGP SIGNATURE-----