From bill.stewart at pobox.com Sun Mar 2 12:29:22 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 02 Mar 2003 12:29:22 -0800 Subject: Roger Needham Died - from The Register Message-ID: <5.1.1.6.2.20030302122746.02cf5dc0@idiom.com> -------------------- Obit: Roger Needham By Guy Kewney, Newswireless.net Posted: 02/03/2003 at 12:13 GMT Sadly, we record the death of Roger Needham, computer pioneer... There isn't much more to say, except that the man who was the reason Microsoft set up its research centre in Cambridge, England, has had to lay down his life's work. Cancer ended a legend. He once told me that it was his idea that Microsoft stopped spending money on patenting its research ideas, and instead, to make the results available to other researchers. I wish I'd known him long enough to have some other stories to pass on myself; he left a long legacy of people who attributed their inspiration to having worked with him. Here's what his CV at Microsoft Research says: Roger M Needham, born 1935, was in computing at Cambridge since 1956. His 1961 PhD thesis was on the application of digital computers to problems of classification and grouping. In 1962 he joined the Computer Laboratory, then called the Mathematical Laboratory, and has been on the faculty since 1963. He took a leading role in Cambridge projects in operating systems, time sharing systems, memory protection, local area networks, and distributed systems over the next twenty years. Roger worked at intervals on a variety of topics in security, (his main research interest while with Microsoft) being particularly known for work with Schroeder on authentication protocols (1978) and with Burrows and Abadi on formalism for reasoning about them (1989). Roger graduated from the University of Cambridge in Mathematics and Philosophy in 1956, and then took the Diploma in Numerical Analysis and Automatic Computing in 1957. He had been in computing at Cambridge ever since. He succeeded Maurice Wilkes as Head of the Computer Laboratory from 1980 to 1995, was promoted Professor in 1981, elected to the Royal Society in 1985 and the Royal Academy of Engineering in 1993. He was appointed Pro-Vice-Chancellor in 1996. I only met him a couple of times, both times when Microsoft was doing corporate hospitality to publicise the work it was doing in the Cambridge research facility. He was as knowledgeable as any rumour could have suggested; and as tolerant of an ignorant journalist as any academic could ever be. And I shall never get to know him, now. Guy Kewney is the editor/publisher of Newswireless.Net ----------------------------------------------- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From Somebody Sun Mar 2 11:09:05 2003 From: Somebody (Somebody) Date: Sun, 2 Mar 2003 14:09:05 -0500 Subject: Wiretap Act Does Not Cover Message 'in Storage' For Short Period (was Re: BNA's Internet Law News (ILN) - 2/27/03) Message-ID: Bob, Technically, since their signal speed is slower than light, even transmission lines act as storage devices. Wire tapping is now legal. ----- Original Message ----- From: "R. A. Hettinga" To: Clippable Sent: Sunday, March 02, 2003 3:04 PM Subject: Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period (was Re: BNA's Internet Law News (ILN) - 2/27/03) > > --- begin forwarded text > > > Status: RO > Date: Sun, 02 Mar 2003 14:27:00 -0500 > To: Tim Dierks , "R. A. Hettinga" , > cryptography at wasabisystems.com > From: "Ronald L. Rivest" > Subject: Re: Wiretap Act Does Not Cover Message 'in Storage' For Short > Period (was Re: BNA's Internet Law News (ILN) - 2/27/03) > > > Yes, I was amazed at this ruling as well. > > This ruling seems to fly in the face of the likely intent of > Congress when it passed Wiretap Act. > > If things continue in this direction, we will soon have > rulings and regulations that say: > > -- Carriers must put all calls in storage for a minimum > period of time, sufficient to allow wiretapping. > (Indeed, regulation may not be necessary, as digitization and > buffering of communications is common practice; the > transient use of storage to effect communications > efficiency and reliability should not provide a wiretap > loophole.) > > -- Wiretapping is OK for any phone calls that are routed > through a satellite. > > -- It is OK for the government to house soldiers in your > house, as long as there is even the tiniest opening somewhere in > your house (e.g. a window open, or a chimney flue) > so that "inside" and "outside" connect. > > -- Etc. > > I can also see a market developing for "storage-free" communications > carriers. What happens when you inquire of your carrier as to > whether it can provide such a guarantee or option? > > Cheers, > Ron > > At 09:42 PM 3/1/2003, Tim Dierks wrote: > >At 01:39 PM 2/27/2003 -0500, R. A. Hettinga wrote: > >>At 9:01 AM -0500 on 2/27/03, BNA Highlights wrote: > >> > WIRETAP ACT DOES NOT COVER MESSAGE 'IN STORAGE' FOR SHORT > >> > PERIOD > >> > BNA's Electronic Commerce & Law Report reports that a > >> > federal court in Massachusetts has ruled that the federal > >> > Wiretap Act does not prohibit the improper acquisition of > >> > electronic communications that were "in storage" no matter > >> > how ephemeral that storage may be. The court relied on Konop > >> > v. Hawaiian Airlines Inc., which held that no Wiretap Act > >> > violation occurs when an electronic communication is > >> > accessed while in storage, "even if the interception takes > >> > place during a nanosecond 'juncture' of storage along the > >> > path of transmission." Case name is U.S. v. Councilman. > >> > Article at > >> > > >> > For a free trial to source of this story, visit > >> > http://web.bna.com/products/ip/eplr.htm > > > >This would seem to imply to me that the wiretap act does not apply to any > >normal telephone conversation which is carried at any point in its transit > >by an electronic switch, including all cell phone calls and nearly all > >wireline calls, since any such switch places the data of the ongoing call > >in "storage" for a tiny fraction of a second. > > > > - Tim > > > > > > > >--------------------------------------------------------------------- > >The Cryptography Mailing List > >Unsubscribe by sending "unsubscribe cryptography" to > >majordomo at wasabisystems.com > > Ronald L. Rivest > Room 324, 200 Technology Square, Cambridge MA 02139 > Tel 617-253-5880, Fax 617-258-9738, Email > > --- end forwarded text > > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation > 44 Farquhar Street, Boston, MA 02131 USA > "... however it may deserve respect for its usefulness and antiquity, > [predicting the end of the world] has not been found agreeable to > experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From mab at research.att.com Sun Mar 2 16:06:41 2003 From: mab at research.att.com (Matt Blaze) Date: Sun, 02 Mar 2003 19:06:41 -0500 Subject: Roger Needham Died - from The Register In-Reply-To: Message from Bill Stewart of "Sun, 02 Mar 2003 12:29:22 PST." <5.1.1.6.2.20030302122746.02cf5dc0@idiom.com> Message-ID: <200303030006.h2306fM30295@fbi.crypto.com> Sad, sad news. Roger's pioneering contributions to our art speak (volumes) for themselves, and our field is diminished by the loss of his future insights. But I will miss him most for his enormous generosity, his sharp wit, and his personal integrity. -matt > -------------------- > Obit: Roger Needham > By Guy Kewney, Newswireless.net > Posted: 02/03/2003 at 12:13 GMT > > Sadly, we record the death of Roger Needham, computer pioneer... > > There isn't much more to say, except that the man who was the reason > Microsoft set up its research centre in Cambridge, England, has had to lay > down his life's work. Cancer ended a legend. > > He once told me that it was his idea that Microsoft stopped spending money > on patenting its research ideas, and instead, to make the results available > to other researchers. I wish I'd known him long enough to have some other > stories to pass on myself; he left a long legacy of people who attributed > their inspiration to having worked with him. > > Here's what his CV at Microsoft Research says: > > Roger M Needham, born 1935, was in computing at Cambridge since 1956. His > 1961 PhD thesis was on the application of digital computers to problems of > classification and grouping. In 1962 he joined the Computer Laboratory, > then called the Mathematical Laboratory, and has been on the faculty since > 1963. He took a leading role in Cambridge projects in operating systems, > time sharing systems, memory protection, local area networks, and > distributed systems over the next twenty years. > > Roger worked at intervals on a variety of topics in security, (his main > research interest while with Microsoft) being particularly known for work > with Schroeder on authentication protocols (1978) and with Burrows and > Abadi on formalism for reasoning about them (1989). > > Roger graduated from the University of Cambridge in Mathematics and > Philosophy in 1956, and then took the Diploma in Numerical Analysis and > Automatic Computing in 1957. He had been in computing at Cambridge ever > since. He succeeded Maurice Wilkes as Head of the Computer Laboratory from > 1980 to 1995, was promoted Professor in 1981, elected to the Royal Society > in 1985 and the Royal Academy of Engineering in 1993. He was appointed > Pro-Vice-Chancellor in 1996. > > I only met him a couple of times, both times when Microsoft was doing > corporate hospitality to publicise the work it was doing in the Cambridge > research facility. He was as knowledgeable as any rumour could have > suggested; and as tolerant of an ignorant journalist as any academic could > ever be. And I shall never get to know him, now. > > Guy Kewney is the editor/publisher of Newswireless.Net > > ----------------------------------------------- > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From rah at shipwright.com Sun Mar 2 17:59:11 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 2 Mar 2003 20:59:11 -0500 Subject: Wiretap Act Does Not Cover Message 'in Storage' For Short Period (was Re: BNA's Internet Law News (ILN) - 2/27/03) Message-ID: --- begin forwarded text From mv at cdc.gov Tue Mar 4 10:20:36 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 04 Mar 2003 10:20:36 -0800 Subject: Rogue Vally Cypherpunks Physical Meeting Mar 13 Message-ID: <3E64EE74.13C2EB70@cdc.gov> At 08:55 AM 3/4/03 -0800, cypherpunk-vin at vmeng.com wrote: >What are Cypherpunks? A group of thinkers, programmers and >researchers dedicated to preserve everyone's freedom of speech >through action. > * believers in crypto-anarchy, > * leaning towards libertarianism, > * most importantly, cypherpunks write code! To pick a nit, and clarify something for lurkers, feds, reporters, grand juries and the like: IMHO "believers in crypto anarchy" sounds like a religion. The phrase even parses ambiguously, which may be a feature to the already clued but isn't to those trying to suss you out. I'm not a "believer" but an observer and analyzer. And BTW I don't like all the effects of crypto tech but I have been forced to recognize and consider some of them on this list. "Students of cryptos effect on society" might work. I'm not sure how to fit "anarchy" into there without starting to sound like a rant. "Crypto" might even be too specific as things like interception technology and commerce-systems are also of interest. "Students of crypto's anarchy-tending effect.."? But when some tech is convincingly shown to be anarchy-minimizing or fascist-promoting, I think the rational CP does not lose interest. Drop the "anarchy"; "effects on society" should be enough. Just my $.02. Its your shindig. From mjm at lsil.com Tue Mar 4 12:12:42 2003 From: mjm at lsil.com (Michael Motyka) Date: Tue, 4 Mar 2003 12:12:42 -0800 (PST) Subject: CAPSII protest... Message-ID: Yes Tyler, there is something nasty you can do that will not get you nabbed. It requires the following equipment : airline ticket ( aisle seat ) large pizza with the works quart of yogurt one dozen raw oysters one package of M&Ms ipecac syrup ( or a wafer-thin mint ) Just imagine the effect if almost every flight had one (:or more:) passengers barfing buckets of primordial goo soon after takeoff. Works just as well for trains and buses. It requires massive participation and a large, but not necessarily strong, stomach. I think it expresses quite well how recent events affect us all. This may be a new form of civil disobedience. I hereby place it in the public domain for the benfit of all mankind. I wonder if there's a lab test for ipecac? (: -- From smb at research.att.com Wed Mar 5 11:30:54 2003 From: smb at research.att.com (Steven M. Bellovin) Date: Wed, 05 Mar 2003 14:30:54 -0500 Subject: Wiretap Act Does Not Cover Message 'in Storage' For Short Period (was Re: BNA's Internet Law News (ILN) - 2/27/03) In-Reply-To: Your message of "Sun, 02 Mar 2003 20:59:11 EST." Message-ID: <20030305193054.18B187B4D@berkshire.research.att.com> In message , "R. A. Hettinga" wr ites: > >--- begin forwarded text > > >Status: RO >From: Somebody >To: "R. A. Hettinga" >Subject: Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Perio >d (was Re: BNA's Internet Law News (ILN) - 2/27/03) >Date: Sun, 2 Mar 2003 14:09:05 -0500 > >Bob, > >Technically, since their signal speed is slower than light, even >transmission lines act as storage devices. > >Wire tapping is now legal. > No, that's not waht the decision means. Access to stored messages also requires court permission. The (U.S.) ban on wiretapping without judicial permission is rooted in a Supreme Court decision, Katz v. United States, 389 U.S. 347 (1967) (http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=case&court=us&vol=389&invol=347) which held that a wiretap is a search which thus required a warrant. I don't think there's ever been any doubt that seizing a stored message required a warrant. But in an old case (OLMSTEAD v. U.S., 277 U.S. 438 (1928)) the Court had held that the Fourth Amendment only protected material things, and therefore *not* conversations monitored via a wiretap. That decision was overturned in Katz. The crucial difference, from a law enforcement perspective, is how hard it is to get the requisite court order. A stored message order is relatively easy; a wiretap order is very hard. Note that this distinction is primarily statutory, not (as far as I know) constitutional. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From tim at dierks.org Wed Mar 5 11:40:20 2003 From: tim at dierks.org (Tim Dierks) Date: Wed, 05 Mar 2003 14:40:20 -0500 Subject: Wiretap Act Does Not Cover Message 'in Storage' For Short Period (was Re: BNA's Internet Law News (ILN) - 2/27/03) In-Reply-To: <20030305193054.18B187B4D@berkshire.research.att.com> References: Message-ID: <5.2.1.0.2.20030305143458.0b2cdf38@dierks.org> At 02:30 PM 3/5/2003 -0500, Steven M. Bellovin wrote: > >From: Somebody > > > >Technically, since their signal speed is slower than light, even > >transmission lines act as storage devices. > > > >Wire tapping is now legal. > >The crucial difference, from a law enforcement perspective, is how hard >it is to get the requisite court order. A stored message order is >relatively easy; a wiretap order is very hard. Note that this >distinction is primarily statutory, not (as far as I know) >constitutional. Furthermore, it's apparently not illegal for a non-governmental actor to retrieve stored information which they have access to, although it might be illegal for them to wiretap a communication even if they had access to the physical medium over which it travels. I disagree with "Somebody"'s claim; I don't think that claim would go anywhere in court, since a transmission clearly falls under the category of "wire communication", and it's clear that transmission lines are the very entities the wiretap act has always been intended to protect, so Congress' intent is quite clear, regardless of any argument about "storage". - Tim --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From schear at attbi.com Mon Mar 10 18:02:20 2003 From: schear at attbi.com (Steve Schear) Date: Mon, 10 Mar 2003 18:02:20 -0800 Subject: New release of Invisible IRC available Message-ID: <5.1.0.14.2.20030310180001.0480e5f8@mail.attbi.com> IIP 1.1.0 (stable) is released. (2003-03-10) Invisible IRC Project is a three-tier, peer distributed network designed to be a secure and private transport medium for high speed, low volume, dynamic content. Features: * Perfect Forward Security using Diffie-Hellman Key Exchange Protocol * Constant session key rotation * 128 bit Blowfish node-to-node encryption * 160 bit Blowfish end-to-end encryption * Chaffed traffic to thwart traffic analysis * Secure dynamic routing using cryptographically signed namespaces for node identification * Node level flood control * Seamless use of standard IRC clients * Gui interface * Peer distributed topology for protecting the identity of users * Completely modular in design, all protocols are plug-in capable The IIP software is released under the GPL license and is available for Windows 98/ME/NT/2000/XP, *nix/BSD and Mac OSX. http://invisiblenet.net/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From schear at attbi.com Tue Mar 11 13:17:57 2003 From: schear at attbi.com (Steve Schear) Date: Tue, 11 Mar 2003 13:17:57 -0800 Subject: Groove shills for the DoD: Kapor quits board Message-ID: <5.1.0.14.2.20030311131602.047d0eb0@mail.attbi.com> Software Pioneer Quits Board of Groove By JOHN MARKOFF SAN FRANCISCO, March 10 Mitchell D. Kapor, a personal computer industry software pioneer and a civil liberties activist, has resigned from the board of Groove Networks after learning that the company's software was being used by the Pentagon as part of its development of a domestic surveillance system. http://www.nytimes.com/2003/03/11/business/11PRIV.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From eccmaili at math.uwaterloo.ca Tue Mar 11 13:35:24 2003 From: eccmaili at math.uwaterloo.ca (ECC 2003) Date: Tue, 11 Mar 2003 16:35:24 -0500 (EST) Subject: 2nd announcement for ECC 2003 Message-ID: ------------------------------------------------------------------ THE 7TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2003) University of Waterloo, Waterloo, Ontario, Canada August 11, 12 & 13 2003 SECOND ANNOUNCEMENT March 11, 2003 ECC 2003 is the seventh in a series of annual workshops dedicated to the study of elliptic curve cryptography and related areas. The main themes of ECC 2003 will be: - The discrete logarithm problem. - Efficient parameter generation and point counting. - Provably secure cryptographic protocols. - Efficient software and hardware implementation. - Side-channel attacks. - Deployment of elliptic curve cryptography. It is hoped that the meeting will continue to encourage and stimulate further research on the security and implementation of elliptic curve cryptosystems and related areas, and encourage collaboration between mathematicians, computer scientists and engineers in the academic, industry and government sectors. Attendees of ECC 2003 might also wish to attend SAC 2003 (Ottawa, Aug 14-15) and CRYPTO 2003 (Santa Barbara, Aug 17-21). SPONSORS: Certicom Corp. MITACS Motorola University of Essen University of Waterloo ORGANIZERS: Gerhard Frey (University of Essen) Darrel Hankerson (Auburn University) Alfred Menezes (University of Waterloo) Christof Paar (Ruhr-Universitat Bochum) Edlyn Teske (University of Waterloo) Scott Vanstone (University of Waterloo) CONFIRMED SPEAKERS: Hans Dobbertin (Ruhr-Universitat Bochum, Germany) Florian Hess (University of Bristol, UK) Hugo Krawczyk (Technion, Israel, and IBM Research, USA) Tanja Lange (Ruhr-Universitat Bochum, Germany) Reynald Lercier (Centre d'Electronique de L'Armement, France) Ben Lynn (Stanford University, USA) William Martin (National Security Agency, USA) Christof Paar (Ruhr-Universitat Bochum, Germany) John Proos (University of Waterloo, Canada) Jean-Jacques Quisquater (Universite Catholique de Louvain, Belgium) Pankaj Rohatgi (IBM Research, USA) Victor Shoup (New York University, USA) Jerome Solinas (National Security Agency, USA) Edlyn Teske (University of Waterloo, Canada) CONFERENCE PROGRAMME: There will be approximately 15 invited lectures (and no contributed talks), with the remaining time used for informal discussions. There will be both survey lectures as well as lectures on latest research developments. All lectures will be held on the campus of the University of Waterloo. Further details of the programme and lecture rooms will be provided in the third announcement. REGISTRATION: There will be a registration fee this year of $250 Cdn or $170 US or Euros 160 ($150 Cdn or $100 US or Euros 90 for full-time graduate students). PLEASE REGISTER AS SOON AS POSSIBLE AS SPACE IS LIMITED FOR THIS WORKSHOP; REGISTRATION IS ON A FIRST-COME FIRST-SERVE BASIS. We cannot process a registration until all fees are paid in full. The deadline for all fees to be paid and registration completed has been set for the 1st of August, 2003. To register, complete, in full, the attached REGISTRATION FORM and return it along with your payment to: Mrs. Adrienne Richter, C&O Dept., University of Waterloo, Waterloo, Ontario, Canada N2L 3G1. You can also send your registration form by fax (519-725-5441) or by email (ecc2003 at math.uwaterloo.ca). Confirmation of your registration will be sent by email when payment is received in full. ------------------------cut from here--------------------------------- ECC 2003 CONFERENCE REGISTRATION FORM Fullname: _________________________________________________________ Affiliation: _________________________________________________________ Address: _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ E-Mail Address: _________________________________________________________ Telephone #: _________________________________________________________ Registration Fee: Please check the appropriate box: [ ] Registration .......$250.00 CAD ..............$________ [ ] Registration .......$170.00 USD ..............$________ [ ] Registration .......Euro 160.00 ..............$________ [ ] Full-time Student ..$150.00 CAD ..............$________ [ ] Full-time Student ..$100.00 USD ..............$________ [ ] Full-time Student ..Euro 90.00 ..............$________ Registration Fee includes Banquet: Attending [ ] Yes [ ] No Vegetarian [ ] Yes [ ] No TOTAL AMOUNT PAYABLE: ............................$________ **Make Cheque/Money Order Payable to: ECC 2003 Credit Card Payments: [ ] Visa [ ] MasterCard Cardholder's Name: ________________________________________________ Card Number: ______________________________________________________ Expiration Date: __________________________________________________ Signature: ________________________________________________________ Additional Information: ___________________________________________ -------------------------cut from here------------------------------- TRAVEL: Kitchener-Waterloo is approximately 100km/60miles from Pearson International Airport in Toronto. Ground transportation to Kitchener-Waterloo can be pre-arranged with Airways Transit. TRANSPORTATION TO AND FROM TORONTO AIRPORT PROVIDED BY AIRWAYS TRANSIT It is advisable to book your transportation between the Pearson Airport, Toronto, and Waterloo in advance to receive the advance booking rate of $38 CAD per person, one way, with Airways Transit (open 24 hours a day). Please quote "ECC2003" when making your reservation. Airways is a door-to-door service; they accept cash (Cdn or US funds), MasterCard, Visa and American Express. Upon arrival: Terminal 1: proceed to Ground Transportation Booth, Arrivals Level. Terminal 2: proceed to Airways Transit desk, Arrivals Level, Area E. Terminal 3: proceed to Ground Transportation Booth, Arrivals Level, between Doors B and C. You can make a reservation through their web site: www.airwaystransit.com Or, you can complete the form below and send by mail or fax (519-886-2141) well in advance of your arrival to Airways Transit. They will not fax confirmations: your fax transmission record is confirmation of your reservation. -------------------------cut from here--------------------------------- AIRWAYS TRANSIT ADVANCE BOOKING FORM - ECC 2003 ARRIVAL INFORMATION: ____________________________________________________________ Surname First name ____________________________________________________________ Toronto Arrival Date Airline Flight # ____________________________________________________________ Arrival Time Arriving From ____________________________________________________________ Destination in Kitchener/Waterloo No. in party DEPARTURE INFORMATION: ____________________________________________________________ Surname First name ____________________________________________________________ Toronto Departure Date Airline Flight # ____________________________________________________________ Departure Time Flight # Destination ____________________________________________________________ Pickup From No. in party ____________________________________________________________ Signature Date Send or Fax to: Airways Transit 99A Northland Road Waterloo, Ontario Canada, N2V 1Y8 Fax: (519) 886-2141 Telephone: (519) 886-2121 -----------------------------cut form here-------------------------------- ACCOMMODATIONS: There is a limited block of rooms set aside on a first-come first-serve basis at the Waterloo Inn for the evenings of August 10, 11, 12 and 13, and at the Comfort Inn for the evenings of August 9, 10, 11, 12 and 13. Please note that the Waterloo Inn is sold out for the evening of August 9. COMFORT INN Address: 190 Weber Street North, Waterloo, Ontario, Canada N2J 3H4 Phone: (519) 747-9400 Rate: $80 Cdn plus taxes/night for a single or double room Please quote "ECC 2003" when making your reservation Availability: Evenings of August 9, 10, 11, 12, 13 Cut-off date: July 7, 2003 WATERLOO INN Address: 475 King Street North, Waterloo, Ontario, Canada N2J 2Z5 Phone: (519) 884-0222 Fax: (519) 884-0321 Toll Free: 1-800-361-4708 Website: www.waterlooinn.com Rate: $118 Cdn plus taxes/night for a single or double room Please quote "ECC 2003" when making your reservation Availability: Evenings of August 10, 11, 12, 13 Cut-off date: June 29, 2003 Other hotels close to the University of Waterloo are: UNIVERSITY OF WATERLOO CONFERENCE CENTRE (on-campus accommodation; no air conditioning) Ron Eydt Village, Box 16610, Waterloo, Ontario, Canada N3J 4C1 Phone: 519-884-5400, 519-746-7599 Website: www.conferences.uwaterloo.ca (see "Room Registration") Approx rate: $52 Cdn plus taxes/night DESTINATION INN 547 King Street North, Waterloo, Ontario, Canada N2L 5Z7 Phone: (519) 884-0100 Website: www.destinationinn.com Approx rate: $73 Cdn plus taxes/night BEST WESTERN INN St. Jacobs Country Inn 50 Benjamin Road East, Waterloo, Ontario, Canada N2V 2J9 Phone: (519) 884-9295 Website: www.stjacobscountryinn.com Approx rate: $129 Cdn plus taxes/night THE WATERLOO HOTEL 2 King Street North, Waterloo, Ontario, Canada N2J 2W7 Phone: (519) 885-2626 Website: www.countryinns.org/inn_waterloo.html Approx rate: $120-160 Cdn plus taxes/night HOTEL TO CONFERENCE TRANSPORTATION: A shuttle to/from the campus will be available each day of the conference from the Waterloo Inn and Comfort Inn only. Place and times for pickup and drop-off will be provided in the final announcement. FURTHER INFORMATION: For further information or to return your Registration, please contact: Mrs. Adrienne Richter Department of Combinatorics & Optimization University of Waterloo Waterloo, Ontario, Canada N2L 3G1 e-mail: ecc2003 at math.uwaterloo.ca Fax: (519) 725-5441 Phone: (519) 888-4027 If you did not receive this announcement by email and would like to be added to the mailing list for the third announcement, please send email to ecc2003 at math.uwaterloo.ca. The announcements are also available from the web site www.cacr.math.uwaterloo.ca ------------------------------------------------------------------ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From rah at shipwright.com Wed Mar 12 03:16:19 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 12 Mar 2003 06:16:19 -0500 Subject: 2nd announcement for ECC 2003 Message-ID: --- begin forwarded text From njohnsn at njohnsn.com Wed Mar 12 19:13:40 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Wed, 12 Mar 2003 21:13:40 -0600 Subject: Brinwear at Benetton. In-Reply-To: <10B6AAC2-54CD-11D7-B5D7-000A956B4C74@got.net> References: <10B6AAC2-54CD-11D7-B5D7-000A956B4C74@got.net> Message-ID: <200303122113.40543.njohnsn@njohnsn.com> RFID technology for libraries ... http://www.demco.com/CGI-BIN/LANSAWEB?PROCFUN+LWDCWEB+LWDC025+PRD+ENG+FUNCPARMS+ZZWSESSID(A0200):29762251880047332521+ZZWNAVPAG(A0100):PROMO+DATESEQ(A0140):31210321918+FC_AZZWHDRCMP:DEMCO_HEADER+FC_AZZWNEWZON:ADM+FC_AZZWNAVPAG:PRODUCT+FC_AZZWNEWHDR:DEMCO_HEADER+FC_AZZWCATCDE:+FC_AW_KEYMSCD:+FC_SW_PRDBBID:7483 So the man can now know what books you taking on the flight (Hopefully not the flight training manual for the aircraft). -- Neil Johnson http://www.njohnsn.com PGP key available on request. From bill.stewart at pobox.com Thu Mar 13 22:32:46 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 13 Mar 2003 22:32:46 -0800 Subject: Brumley & Boneh timing attack on OpenSSL Message-ID: <5.1.1.6.2.20030313222547.02e84e40@idiom.com> From Slashdot: http://slashdot.org/article.pl?sid=03/03/14/0012214&mode=thread&tid=172 David Brumley and Dan Boneh write: "Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from a OpenSSL-based server such as Apache with mod_SSL and stunnel running on a machine in the local network. Our results demonstrate that timing attacks against widely deployed network servers are practical. Subsequently, software should implement defenses against timing attacks. Our paper can be found at Stanford's Applied Crypto Group. http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html " Schmoo Group response on cryptonomicon.net http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=263&mode=&order=0&thold=0 Apparently OpenSSL has code to prevent the timing attack, but it's often not compiled in (I'm not sure how much that's for performance reasons as opposed to general ignorance?) They also comment (as did somebody on Slashdot) that "this is distinct from the timing attack described in the paper by Canvel, Hiltgen, Vaudenay, and Vuagnoux last month." That one's an implementation problem and hard to exploit. http://lasecwww.epfl.ch/memo_ssl.shtml http://slashdot.org/article.pl?sid=03/02/20/1956229 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From timcmay at got.net Mon Mar 17 20:59:31 2003 From: timcmay at got.net (Tim May) Date: Mon, 17 Mar 2003 20:59:31 -0800 Subject: Journalists, Diplomats, Others Urged to Evacuate City Message-ID: <67E6F672-58FE-11D7-80BA-0003930F2360@got.net> Journalists, diplomats, inspectors, and civil servants are being urged to evacuate the capital. A timetable of 48 hours has been given. "The Evil Doers will be rooted out and the Evil Ones punished," said one spokesman. However, as of midnight, Eastern Standard Time, there is no evidence that Washington residents are taking these warnings seriously. Needless to say, this is not a threat. I am 3000 miles away, relatively safe on my hilltop. Being the survivalist that I have been for much of the past 30 years, I have a pantry closet filled with canned goods, rice, cereal. And I have a generator, which I expect not to use much. And solar battery rechargers (sufficient to recharge AAs and Ds for my various small radios, even recharge my laptop...this in case my 24-packs of AAs and Ds run out, or my several lead cell battery packs, etc.). And I have my perimeter alarms, my solar-powered intrusion alarms, my rifles, my handguns, my shotguns, my other weapons, my water filters, my colleagues. I don't expect to need this stuff, but I am, as always, happy to be able to just stay at home on my hill and watch the chaos unfold. About the threat to Washington: I think it's relatively high. A nerve gas attack on buildings or the Metro seems likely. (The Japanese AUM cult had Sarin, but was inept. A more capable, military-trained operative has had many months to get into D.C. and wait for the obvious time to attack. And he need not even be a suicide bomber. A cannister of VX with a reliable timer is child's play. If I were Declan, I'd get out of Dodge. --Tim May From rot1955 at attbi.com Mon Mar 17 22:37:39 2003 From: rot1955 at attbi.com (rick) Date: Mon, 17 Mar 2003 22:37:39 -0800 Subject: No subject Message-ID: <000801c2ed18$df021990$c77ba8c0@homem26hqkys67> http://www.outwar.com/page.php?x=513854 CRACK HERE -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 550 bytes Desc: not available URL: From pgut001 at cs.auckland.ac.nz Mon Mar 17 05:09:44 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 18 Mar 2003 01:09:44 +1200 Subject: Brumley & Boneh timing attack on OpenSSL Message-ID: <200303171309.h2HD9iG17136@medusa01.cs.auckland.ac.nz> Bill Stewart writes: >Schmoo Group response on cryptonomicon.net >http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=263&mode=&order=0&thold=0 >Apparently OpenSSL has code to prevent the timing attack, >but it's often not compiled in (I'm not sure how much that's for >performance reasons as opposed to general ignorance?) I had blinding code included in my crypto code for about 3 years, when not a single person used it in all that time I removed it again (actually I think it's probably still there, but disconnected). I'm leaning strongly towards "general ignorance" here... Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From schear at attbi.com Fri Mar 21 19:24:20 2003 From: schear at attbi.com (Steve Schear) Date: Fri, 21 Mar 2003 19:24:20 -0800 Subject: Spammers Would Be Made To Pay Under IBM Research Proposal In-Reply-To: Message-ID: <5.1.0.14.2.20030321191443.0491ccf8@mail.attbi.com> >Spammers Would Be Made To Pay Under IBM Research Proposal > >By Tony Kontzer, InformationWeek, InternetWeek >Mar 20, 2003 (8:45 PM) >URL: http://www.internetweek.com/story/showArticle.jhtml?articleID=7900141 > >Companies and consumers alike have been looking to two primary aids in the >battle to stem the flood of spam. On the practical side, they're turning >to a seemingly endless parade of filters and other software products >designed to slow the tide of unwanted E-mail by doing things such as >checking messages against known spam, using textual clues to glean whether >a message is spam, or blocking the IP addresses of known spammers. On the >more hopeful side, they're pressuring legislators for federal laws banning >spam. > >IBM researchers say both approaches miss the target--that the software >approach amounts to a constant game of trying to stay one step ahead of >spammers, while legislation, if and when it comes, won't be able to >address spam coming from outside U.S. borders. As a result, they've come >up with another approach: Make spammers pay to send messages. It sounds >absurdly simple, and Scott Fahlman, a research staff member at IBM's >Watson Research Center, says it is. Fahlman is trying to build momentum >behind a concept he's calling the "charity stamp" approach, which would >force anyone sending unsolicited messages to pay to reach recipients >participating in the program unless they had an authenticated code. >Of course none of this is news to many readers on this list. A number of >people in the crypto/cypherpunk community (e.g, Adam Back, Eric S. >Johansson and Ben Laurie) have worked for some time to develop the >mathematics and code to launch proof-of-concept e-stamp systems based on >either Proof-of-Work algorithims or real value. Recently Microsoft also >unveiled a similar project PennyBlack >http://research.microsoft.com/research/sv/PennyBlack/ steve --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From eugen at leitl.org Sat Mar 22 00:51:22 2003 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 22 Mar 2003 09:51:22 +0100 (CET) Subject: Brumley & Boneh timing attack on OpenSSL (fwd) Message-ID: Some clarification by Peter Gutmann on why cryptlib doesn't do timing attack resistance default: Peter Gutmann : cryptlib was never intended to be a high-performance SSL server (the docs are fairly clear on this), and I don't think anyone is using it to replace Apache or IIS. OTOH it is used in a number of specialised environments such as closed environments, embedded systems and mainframes. For example two real-world uses of the cryptlib SSL server are in embedded environment A and mainframe environment B. In A, the processing is handled by a low-power embedded processor. It takes 10-15s to perform an SSL handshake, and that's after the code has been optimised to death to squeeze every possible bit of performance out of it. Performing the necessary 1.5M queries at 15s each would take approximately 8 1/2 months at 100% CPU load (meaning that the device is unable to perform any other operations in that entire time). This is unlikely to go unnoticed, given that it's polled from other devices for status updates. In B, CPU resources are so scarce that the implementation uses null cipher suites because it can't afford the overhead of even RC4 for encryption (admittedly this required a custom code hack, cryptlib doesn't normally support null encryption suites). After about 100 or so attempts at a full SSL handshake, klaxons would sound and blue-suited troops would deploy onto the raised flooring to determine where all the CPU time is going. In neither of these environments (and various similar ones) would a side- channel attack requiring 1M or so queries (e.g. this one, or the Bleichenbacher attack, or the Klima-Pokorny-Rosa attack, which cryptlib shouldn't be vulnerable to since I'm paranoid about error reporting) be terribly feasible. OTOH blinding does produce a noticeable slowdown for a process that's already regarded by its users as unacceptably slow and/or CPU-intensive (I have some users who've hacked the key-exchange process to use fixed shared keys because they just can't spare the CPU time to do a real handshake, e.g. by injecting the shared key into the SSL session cache so you just do a pseudo-resume for each new connection). For this reason, cryptlib makes the use of sidechannel- attack-protection an optional item, which must be selected by the user (via use of the blinding code, now admittedly I should probably make this a bit easier to do in future releases than having to hack the source :-). This is not to downplay the seriousness of the attack, merely to say that in some cases the slowdown/CPU consumption vs.attack risk doesn't make it worthwhile to defend against. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From bill.stewart at pobox.com Sat Mar 22 12:25:58 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 22 Mar 2003 12:25:58 -0800 Subject: Brumley & Boneh timing attack on OpenSSL (fwd) In-Reply-To: Message-ID: <5.1.1.6.2.20030322121904.02ebe2d8@idiom.com> At 09:51 AM 03/22/2003 +0100, Eugen Leitl wrote: >Some clarification by Peter Gutmann on why >cryptlib doesn't do timing attack resistance default: > >Peter Gutmann : >cryptlib was never intended to be a high-performance SSL server (the docs are >fairly clear on this), and I don't think anyone is using it to replace Apache >or IIS. OTOH it is used in a number of specialised environments such as >closed ... > For this reason, cryptlib makes the use of sidechannel- >attack-protection an optional item, which must be selected by the user >(via use >of the blinding code, now admittedly I should probably make this a bit easier >to do in future releases than having to hack the source :-). This is not to >downplay the seriousness of the attack, merely to say that in some cases the >slowdown/CPU consumption vs.attack risk doesn't make it worthwhile to defend >against. If it's not meant to be a high-performance server, then slowing it down another 20% by doing RSA timing things is probably fine for most uses, and either using compiler flags or (better) friendlier options of some sort to turn off the timing resistance is probably the better choice. I'm not sure how flexible things need to be - real applications of the openssl code include non-server things like certificate generation, and probably some reasonable fraction of the RSA or DH calculations don't need to be timing-protected, but many of them are also things that aren't CPU-consumption-critical either. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From dfc at anize.org Sat Mar 22 14:12:59 2003 From: dfc at anize.org (Douglas F. Calvert) Date: 22 Mar 2003 17:12:59 -0500 Subject: Keysigning @ CFP2003 Message-ID: <1048371179.24681.32.camel@liberate.anize.org> GPG/PGP Keysigning @ Computers, Freedom and Privacy 2003 April 2nd, 9:45pm (First BoF Session) I will be organizing a keysigning session for CFP2003. Please submit your keys to cfp-keys at anize.org and I will print out sheets with key information in order to speed up the process. Bring a photo ID and a copy of your key information so that you can verify what is on the printout. A list of submitted keys and a keyring will be available on: http://anize.org/cfp2003/ Thank you... -- + Douglas Calvert dfc at anize.org http://anize.org/dfc/ + | Key Id 0xC9541FB2 http://anize.org/dfc-keys.asc | | [X] User wants to receive encrypted mail | +| 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 |+ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 193 bytes Desc: This is a digitally signed message part URL: From rah at shipwright.com Mon Mar 31 07:49:05 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 31 Mar 2003 10:49:05 -0500 Subject: GPS phones confiscated from reporters in Iraq Message-ID: http://www.newscientist.com/news/print.jsp?id=ns99993567 New Scientist GPS phones confiscated from reporters in Iraq 15:26 31 March 03 Will Knight Satellite phones with built-in Global Positioning System (GPS) capabilities have been confiscated from journalists travelling with US troops inside Iraq, due to fears that they could inadvertently reveal their positions. Reporters "embedded" with the troops have been asked to hand over satellite telephones operated by Thuraya Satellite Telecommunications, a communications company based in Abu Dhabi. The restriction is limited to units near the war's front-line and is expected to be temporary, a spokesman for US central command in Qatar told New Scientist . A spokeswoman for the US Department of Defense added that reporters with unaffected satellite phones would be asked to share them and that military communications equipment would be made available when possible. Replacement phones could also be sent to the front line. Richard Langley, a GPS expert at the University of New Brunswick, Canada, says US military commanders may be concerned that positioning information embedded in signals sent by the Thuraya phones could be intercepted and used by Iraqi forces to locate and attack US troops. "It's not impossible, although it would be rather difficult," Langley told New Scientist . "The signals are line-of-sight [from handset to satellite] so very little would leak out and be interceptable on the ground." Ground station intercept It would be easier to intercept the signal as it arrives from the satellite at the network operator's ground station, he says. But even in this case, any interceptor would still have to crack the encryption protecting the signal. An alternative concern is that the US military are worried that computers used to store call information are vulnerable to cyber attack. "Perhaps the concern was that there would be a log of these positions kept on a computer somewhere," Langley says. Positional information captured by any means would only be useful for as long as the caller remained in the same place, he notes: "Anyone wanting to use the information would have to work quickly." Thuraya telephones can connect to GSM mobile phone networks when they are available, and a satellite network when in more remote areas. The phones can also be used as a GPS receiver, determining its position by communicating with satellites in the GPS constellation. If the GPS functionality is switched on, the caller's co-ordinates are automatically embedded in the voice signal sent to the communications satellites. -- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From bill.stewart at pobox.com Mon Mar 31 12:23:56 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 31 Mar 2003 12:23:56 -0800 Subject: art can make a difference, and traffic routing games In-Reply-To: <3E887E19.67773E50@cdc.gov> Message-ID: <5.1.1.6.2.20030331122051.02d9e640@idiom.com> At 09:42 AM 03/31/2003 -0800, Major Variola (ret) wrote: >PS Bill: How did management like the news >channels calling the Baghdad CO an "AT&T Building" :-) I didn't catch that one, but as the token phone company guy here, the fact that they started off Desert Scam by blowing up the phone company building with a cruise missile did piss me off... What our management _does_ need to clue into is the recent Michigan law banning VPNs/NAT/routers/etc. - the similar laws proposed in a number of other states only applied in cases of fraud or theft of service, but the Michigan one was badly worded. From die at die.com Mon Mar 31 20:17:42 2003 From: die at die.com (Dave Emery) Date: Mon, 31 Mar 2003 23:17:42 -0500 Subject: Run a remailer, go to jail? In-Reply-To: <87k7ejmken.fsf@snark.piermont.com> References: <87k7ejmken.fsf@snark.piermont.com> Message-ID: <20030401041741.GS13933@pig.die.com> On Fri, Mar 28, 2003 at 01:10:56PM -0500, Perry E. Metzger wrote: > > http://www.freedom-to-tinker.com/archives/000336.html > > Quoting: > > Here is one example of the far-reaching harmful effects of > these bills. Both bills would flatly ban the possession, sale, > or use of technologies that "conceal from a communication > service provider ... the existence or place of origin or > destination of any communication". > > -- > Perry E. Metzger perry at piermont.com For those on this list in the Boston area there is a hearing scheduled on the Mass Bill at 10 Am in Room 222 of the Mass State House in Boston. It was introduced in Mass by a Rep Stephen Tobin of Boston and listed on the state website as "legislation to establish a crime of illegal internet and broadband access" -- Dave Emery N1PRE, die at die.com DIE Consulting, Weston, Mass 02493 PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 C7AB --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From ken at freeswan.ca Mon Mar 31 21:00:15 2003 From: ken at freeswan.ca (Ken Bantoft) Date: Tue, 1 Apr 2003 00:00:15 -0500 (EST) Subject: [sfs-dev] ANNOUNCE: Patriot S/WAN 1.0 Released! Message-ID: Hi Folks, JuanJo Ciarlante and I are pleased to announce the release of Patriot S/WAN v1.0. What is this exactly? Read on... Those of you who've followed Super FreeS/WAN development will have noticed our current trend of supporting less and less secure ciphers, including the NULL cipher, and last month, Single DES. We've decided to take this one step futher, since there is alot of uncertainty these days with crypto export regulations for US Citizens. So we've forked Super FreeS/WAN and disabled the high grade ciphers. Thanks to a special grant from the US Government, JuanJo was able to take the time to write the ipsec_rot13 module, so we can finally support rot13 encryption for VPNs! This means the package can be freely exported out of the US with no restrictions, even to countries like Iraq and Afghanistan. You can download Patriot S/WAN from http://www.freeswan.ca/code/patriotswan or http://downloads.freeswan.ca/patriotswan today, and start building VPN's while still allowing the US Government to eavesdrop on all of your communications. Never worry about a court-ordered wiretap again! -- Ken Bantoft The Unoffical FreeS/WAN Site: ken at freeswan.ca http://www.freeswan.ca PGP Key: finger ken at bantoft.org The memory management on the PowerPC can be used to frighten small children. -- Linus Torvalds _______________________________________________ Super FreeS/WAN development mailing list sfs-dev at lists.freeswan.ca http://lists.freeswan.ca/mailman/listinfo/sfs-dev Sponsored by Astaro - http://www.astaro.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com