From wcs at anchor.ho.att.com  Tue Feb  1 00:30:29 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 1 Feb 94 00:30:29 PST
Subject: 2-way anonymous via SASE
Message-ID: <9402010825.AA26310@anchor.ho.att.com>


Hal Finney writes:
> From: "Jon 'Iain' Boone" <boone at psc.edu>
> >   So, you use a chain of anonymous-id's to set up your return-path?
> 
> Unfortunately, return-paths are not exactly the strong point of the
> current cypherpunks remailers :-).  That is what much of the discussion
> in this thread has discussed: how to best allow for convenient but secure
> return paths.

Yeah; the only solutions I've seen so far either give you some persistence,
like anon.penet.fi, or no replies, or have generally been pretty ugly,
requiring rapidly-increasing numbers of messages to set up chains
of anonymous IDs, or use broadcast, like the Blacknet "post to Usenet"
or DCnets.  AIR-MAIL may be a start.
It seems to need something that supports a small but >1 number of replies
to make a non-ugly system, which means either some kind of Time-To-Live or
destruct messages from one or both ends need to be supported.

		Bill





From wcs at anchor.ho.att.com  Tue Feb  1 00:45:25 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 1 Feb 94 00:45:25 PST
Subject: PGP keyid collisions?
Message-ID: <9402010844.AA26415@anchor.ho.att.com>


I had discussed the benefit of putting PGP keyID or fingerprint
in signatures to reduce spoofing for people who distribute by finger
or unreliable keyservers, though obviously signatures are what
gives you the confidence that a key is valid.

Hal points out that brute-forcing a 24-bit Key-ID isn't all that hard;
the usual formulas tell you what fraction of numbers are prime in the 
desired range, though without looking them up I'd expect it would take
around 2**30 - 2**35 tries to find a specific one; I suppose this 
means the NSA has already done it :-)

> I understand there is already at least one 24-bit collision on the
> public key servers, not unexpected given a few thousand keys.

I assume PGP does the right thing, except in cases of pilot error
(e.g. doing key lookup by KeyID) ?  Even if it does, this has
some design impact on systems using random public-private key generation
for meet-me remailer cutouts.
		Bill
		
# Bill Stewart  AT&T Global Information Systems, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From franz at cs.ucdavis.edu  Tue Feb  1 00:55:25 1994
From: franz at cs.ucdavis.edu (Roy Franz)
Date: Tue, 1 Feb 94 00:55:25 PST
Subject: BlackNet - what is it?
Message-ID: <Pine.3.89.9402010035.A18050-0100000@burks.cs.ucdavis.edu>



Hi,
   I have seen BlackNet referred to several times.  Could someone
say a few words about it?

Thanks,
Roy

-----------------------------------------------------------
Roy B. Franz				rbfranz at ucdavis.edu
Software Engineer
Viewgraphics, Inc







From wcs at anchor.ho.att.com  Tue Feb  1 01:20:29 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 1 Feb 94 01:20:29 PST
Subject: BlackNet - what is it?
Message-ID: <9402010919.AA26665@anchor.ho.att.com>


Blacknet wasn't real; it was a posting Tim May anonymously posted advertising
network support for various illegal services, including where to
send your digicash blackmail or ransom payments and the like.
Basically to try to get us to think about the implications of the
technologies we're developing and potential for abuse and paranoia.

On the other hand, maybe it wasn't *really* Tim May anonymously posting it,
and the Tentacles of Detweiler will be posting GIFs of you and your
friends talking to notorious politicians to alt.your.mother
and releasing that new virus with your name on the banner page unless
you help Eric start a digibank to deposit some ransom money in. :-)

		Bill,or someone like him





From wcs at anchor.ho.att.com  Tue Feb  1 02:00:29 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 1 Feb 94 02:00:29 PST
Subject: 4th ammendment and Cryptography
Message-ID: <9402010955.AA26853@anchor.ho.att.com>


I'll second Phil Karn's recommendation of Caroline Kennedy's book,
though I do remember it having somewhat of a liberal "Government is Good" bias.
Unless I'm mixing it up with another book I read around the same time,
it's also the one place where I've seen a recent 3rd Amendment case.
The case was interesting largely because 3rd Amendment cases are
very rare; the U.S. government hasn't quartered troops in people's homes
except during the War Between The States, when it was ignoring
the Constitution and Bill of Rights anyway.  The issue was a prison
guard strike, in which the National Guard was brought in to replace
striking guards until the contract dispute was settled.  Guards at the
prison had rooms there for sleeping and off-duty use, and the National
Guard, which is part of the military, used them during the strike.
The guards contended that this was quartering troops in their homes.
I think the government won the case rather than the prison guards,
since it was really stretching the point.

Phil's concerns about not freaking people out by emphasizing that the
Second Amendment is designed to make overthrowing governments possible
are well-placed (notwithstanding the fact that it's true.)
It may be good rhetoric to use at a pro-gun meeting, though a lot of
the NRA people I've met tend to get upset by the word "anarchy",
but the general public just barely tolerates duck hunting and
really has no desire for violent revolution, and frankly, neither do I.

We're trying to go for their hearts and minds here, and issues like
privacy, freedom of speech, and Big Brother tapping your phone
are a lot more attractive to most people.  Even the ideas that
private communications can make government obsolete and that obsolete
institutions can fail are pretty scary to people who've been educated
in government schools, and associating crypto-privacy with the
more extreme radically-correct side of the Gun Nuts will lose them -
especially when there *are* legitimate concerns about use of
anonymity and digicash for blackmail, ransom, and funding of real terrorists,
plus the government's favorite drug dealer scare.

Besides, walking around making unattributed quotations from the
writings of the Founding Fathers tends to get you treated like
David Koresh or at the very least Michael Milken....

			Bill
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From MILKA%PLSZUS11.BITNET at SEARN.SUNET.SE  Tue Feb  1 04:05:27 1994
From: MILKA%PLSZUS11.BITNET at SEARN.SUNET.SE (Doodeck)
Date: Tue, 1 Feb 94 04:05:27 PST
Subject: PGPkeys (ftp access)
Message-ID: <9402011203.AA14567@toad.com>


> Subject: PGPTools
> From: m at BlueRose.com (M Carling)
> I don't have ftp access here. Could some kind person please email it
> to me?

I don't have ftp (or Internet) access either. Try using
one of BITFTP (BITnet FTP I think) services. Automated info
response will be send to you upon sending mail with message body
containing word "help" (without quotes) to one of the following
addresses:
bitftp at pucc.princeton.edu or
bitftp at pucc.bitnet (located in USA)
bitftp at plearn.edu.pl  or
bitftp at plearn.bitnet (located in Central Europe)

Just before onset of twenty first century such ftp 'access'
may seem ridiculous but it really works as I have transferred
megabytes of data this way.

Good Luck !

Doodeck.





From m5 at vail.tivoli.com  Tue Feb  1 06:00:34 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Tue, 1 Feb 94 06:00:34 PST
Subject: Matsui-san Attack
In-Reply-To: <9401312111.AA15451@atlanta.wti.com>
Message-ID: <9402011356.AA06070@vail.tivoli.com>



Huh?  Two years of breathing space?  I don't think so.  Networks of
many fast workstations (snakes, SPARC-10's, Alphas, whatever) aren't
exactly rare; I'm sure I could equal that mflop horsepower here, and
I'm double sure I could have done it while at DEC.  I frequently ran a
home-grown distributed fractal image generator at DEC harnessing 75
workstations, about 20 of them Alphas.

The real question is whether this new attack is bogus.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From dmandl at lehman.com  Tue Feb  1 06:45:28 1994
From: dmandl at lehman.com (David Mandl)
Date: Tue, 1 Feb 94 06:45:28 PST
Subject: Cypherpunk article in NY Newsday
Message-ID: <9402011442.AA09401@disvnm2.lehman.com>


There's a decent cypherpunk piece in today's New York Newsday.
It was written by Joshua Quittner, who apparently attended the
most recent meeting out in CA.  It's more or less the usual,
very upbeat and supportive, with some quotes from Eric H.
and remarks on digibanking basics, Clipper, etc.

   --Dave.





From boone at psc.edu  Tue Feb  1 07:10:34 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Tue, 1 Feb 94 07:10:34 PST
Subject: 2-way anonymous via SASE
In-Reply-To: <199402010131.RAA05280@jobe.shell.portal.com>
Message-ID: <9402011510.AA03122@igi.psc.edu>



Hal <hfinney at shell.portal.com>  writes:
>
> From: "Jon 'Iain' Boone" <boone at psc.edu>
> 
> >   What if you have a remailer that only assigns you an id for that message
> >   so that your id is equivalent to (say) the Message-ID (or some portion
> >   thereof)?  How do you return-path without specifying?
> 
> Your syntax is a bit hard to follow here, but I'm guessing that you are
> proposing such a remailer as a way of providing for return paths.  The
> remailer would remember the message-id's of outgoing messages, and would
> remember where those messages came from.  Then if a reply came back for
> one of those message-id's it could send it to that remembered address.
> 
> There were some proposals along these lines made last year, or maybe back
> in 1992.  This scheme doesn't seem to generalize well to multi-remailer
> paths.  Also, I think people would be nervous about having remailers keep
> this kind of out-to-in mapping information.

  I think that I am confused.  Please bear with me.  

  Jim Miller <jim at bilbo.suite.com> writes:
  >
  > The general idea is that each anonymous messages will include a SASE that
  > can be used to reply to the sender, without revealing the identity of the
  > sender to the message recipient.  To reply, the recipient will copy the
  > SASE from the original message and past it into a special section of the
  > reply message.  Remailers will examine this section of the reply message
  > and use its contents to route the message back to the sender of the
  > original message.

  Now, what is this SASE?  Apparently it is either a) a fully-specified
  return-path (presumably a chain of anonymous ids at various remailers),
  b) a next-hop address (anonymousid at the next remailer that "knows"
  where to send the message), or c) some combination of the previous two.

  Is there another possibility that I have missed?

  Let's assume that the SASE is of type-a.
  
  Let's assume three remailers (and my accounts on them) named:

  anon1+ at foo.bar.edu
  anon2+ at biff.bam.com
  anon3+ at fred.barney.org
  
  Then, if I want to anonymously send mail to you ( <hfinney at shell.protal.com> )
  , I need to specifiy your address as normal, but specifiy some optional 
  header (X-Anonymous-Sender-Path) like this:

  <anon3+"anon2+"anon1+ at foo.bar.edu"@biff.bam.com"@fred.barney.org> 
  
  which says to my mailer that, while the ultimate destination is 
  <hfinney at shell.portal.com>, it should first mail it to the 
  X-Anonymous-Sender-Path address.

  HOST: fred.barney.org  Account: anon3+

  This anon3+ at fred.barney.org account will accept the mail (it accepts anything
  like anon3+*@fred.barney.org, so it doesn't matter about the stuff in quotes)
  It then strips off the anon3+ at fred.barney.org section, and re-writes the
  X-Anonymous-Sender-Path to read like this:

  <anon2+"anon1+ at foo.bar.edu"@biff.bam.com>

  It would then instantiate another optional header (X-Anonymous-Return-Path)
  like this:

  <anon3+ at fred.barney.org>

  It would change the Sender: header to say "Anonymous User 3" or whatever 
  it would normally say, and mail it to biff.bam.com.

  HOST: biff.bam.com  Account: anon2+

  This account accepts the mail and re-writes the headers like this:

  X-A-S-P: <anon1+ at foo.bar.edu>

  X-A-R-P: <anon2+"anon3+ at fred.barney.org"@biff.bam.com>

  Sender: "Anonymous User 2"@biff.bam.com

  and mails the mail to anon1+ at foo.bar.edu

  HOST: foo.bar.edu  Account: anon1+

  This account accepts the mail and re-writes the headers like this:

  X-A-R-P: <anon1+"anon2+"anon3+ at fred.barney.org"@biff.bam.com"@foo.bar.edu>

  Sender: "Anonymous User 1"@foo.bar.edu

  Notice that it leaves off the X-Anonymous-Sender-Path: header since it is
  empty.

  It then mails it to hfinney at shell.portal.com.

  You receive the mail and read the message.  Now, the sender indicates that
  it is from "Anonymous User 1"@foo.bar.edu, but the X-A-R-P: indicates that
  it is really from anon3+ at fred.barney.org!  So, as long as fred.barney.org
  can be trusted, no one can tell who I am, right?  And, except for anon3,
  none of the others needs to be my account!  This requires changing the
  mail agent on my end, though, and possibly yours.

  Replying follows the same sort of path, except in reverse.

  Of course, you could also allow for a Return-Path header which was not
  re-writeable, to force a seperate path to get back to me.  And, you can
  also change the software so that I initially send to 
  hfinney%shell.portal.com at fred.barney.org, which would *not* require any
  rewriting of mail-agent software.

  Is this at all coherent?

  If the return-path is type B, I don't see how you can avoid having the
  ID-mapping which makes the overall scheme weaker.  I don't have a good
  handle of the type c.


> I understand there is already at least one 24-bit collision on the
> public key servers, not unexpected given a few thousand keys.

  Hmm... I'm not sure I followed all of the math, but how's this for
  a signature?


 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From f_griffith at ccsvax.sfasu.edu  Tue Feb  1 07:15:28 1994
From: f_griffith at ccsvax.sfasu.edu (Reynolds Griffith)
Date: Tue, 1 Feb 94 07:15:28 PST
Subject: Privacy As Roadkill
Message-ID: <9402011513.AA16876@toad.com>


>Date: Mon, 31 Jan 1994 12:37:12 -0800 (PST)
>From: Dave Wren <dwren at olympus.net>
>Subject: Privacy As Roadkill
>To: "libernet at Dartmouth.edu" <libernet at Dartmouth.EDU>
>Errors-To: owner-libernet at Dartmouth.EDU
>Sender: owner-libernet at Dartmouth.EDU
>Reply-To: libernet at Dartmouth.EDU
>Precedence: bulk
>X-Mailing-List: libernet at Dartmouth.EDU
>
>
>---------- Forwarded message ----------
>Date: Sun, 30 Jan 1994 21:00:50 -0800
>From: "Brock N. Meeks" <brock at well.sf.ca.us>
>To: com-priv at psi.com
>Subject: Privacy As Roadkill
>
>
> 
>Jacking in from a "Private No More" Port:
> 
>Washington, DC -- If privacy isn't already the first victim of
>roadkill along the information superhighway, then it's about to be.
> 
>A law enforcement panel addressing the Administration's Information
>Infrastructure Task Force Working Group on Privacy told a public
>meeting here last week that it wanted to "front load" the National
>Information Infrastructure with trap door technologies that would
>allow them to easy access to digital conversations;  eavesdropping
>on any conversation or capturing electronic communications
>midstream.
> 
>But only for "the bad guys."  Us honest, hard working, law abiding
>citizens have nothing to fear from these law enforcement agencies
>selling out our privacy rights to make their jobs easier.  Nope, we
>can rest easy, knowing that child pornographers, drug traffickers
>and organized crime families will be sufficiently thwarted by law
>enforcement's proposed built-in gadgetry for the national
>information infrastructure.
> 
>There's just a small problem:  Law enforcement agencies, any law
>enforcement agency, has yet to prove it needs all these proposed
>digital trap doors.  In fact, according to a U.S. Assistant
>Attorney appearing on the panel, "Right now most law enforcement
>personnel don't have any idea what the NII is."
> 
>Gore Gives Go Ahead
>===================
> 
>Panel members, representing the Justice Dept., FBI and U.S.
>Attorney's office, said that they took Vice President Gore's
>promise that the White House would work to ensure that the NII
>would "help law enforcement agencies thwart criminals and
>terrorists who might use advanced telecommunications to commit
>crimes," as tacit approval of their proposals to push for digital
>wiretap access and government mandated encryption policies.
> 
>Gore buried those remarks deep in a speech he made in Los Angeles
>earlier this month when the Administration first fleshed out how it
>planned to rewrite the rules for communications in a newer, perhaps
>more enlightened age.  Those remarks went unnoticed by the
>mainstream press.  But readers here were forewarned.
> 
>Fuck Ross Perot's NAFTA-induced "giant sucking sound."  That
>"thump" you just heard was Law Enforcement running over the privacy
>rights of the American public on its way to the information
>superhighway.  The real crime is that the collision barely dented
>the damn fender.
> 
>This cunning and calculated move by law enforcement to install
>interception technologies all along the information superhighway
>was blithely referred to as "proactive" law enforcement policy by
>Assistant U.S. Attorney, Northern Dist. of California Kent Walker. 
>Designing these technologies into future networks, which include
>all telephone systems, would ensure that law enforcement
>organizations "have the same capabilities that we all enjoy right
>now," Walker said.
> 
>With today's wiretap operations, the Feds must get a court to
>approve their request, but only after supplying enough evidence
>warrant one.  But Walker seemed to be lobbying for the opposite. 
>Giving the Feds the ability to listen in first and give
>justification later was "no big difference," he said. Besides, "it
>would save time and money."
> 
>It's Us vs. Them
>=================
> 
>For Walker privacy issues weighed against law enforcement needs are
>black and white, or rather "good guys" vs. "bad guys."   For
>example, he said the rapid rise of private (read: non-government
>controlled) encryption technologies didn't mean law enforcement
>would have to work harder.  On the contrary, "it only means we'll
>catch less criminals," he said.                    
> 
>But if law enforcement is merely concerned with the task of "just
>putting the bad guys in jail," as James Settle, head of the FBI's
>National Computer Crime Squad states, then why are we seeing an
>unprecedented move by government intelligence agencies into areas
>they have historically shied from?  Because law enforcement
>agencies know their window of opportunity for asserting their
>influence is right now, right at the time the government is about
>to take on a fundamental shift in how it deals privacy issues
>within the networks that make up the NII, says David Sobel, general
>counsel for Computer Professionals for Social Responsibility
>(CPSR), who also spoke as a panel member.
> 
>"Because of law enforcement's concerns (regarding digital
>technologies), we're seeing an unprecedented involvement by federal
>security agencies in the domestic law enforcement activities,"
>Sobel said.
> 
>Sobel dropped-kicked this chilling fact from behind the closed
>doors of the Clinton Administration into the IITF's lap:  For the
>first time in history, the National Security Agency (NSA) "is now
>deeply involved in the design of the public telecommunications
>network."
> 
>Go ahead.  Read it again.
> 
>Sobel backs up his claims with hundreds of pages of previously
>classified memos and reports obtained under the Freedom of
>Information Act.  The involvement of the NSA in the design of our
>telephone networks is, Sobel believes, a violation of federal
>statutes.
> 
>Sobel's also concerned that the public might soon be looking down
>the throat of a classified telecommunications standard being
>created.  Another move he calls "unprecedented," is that if the
>NSA, FBI and other law enforcement organizations have their way,
>the design of the national telecommunications network will end up
>classified and withheld from the public.
> 
>Sobel is dead bang on target with his warnings.
> 
>The telecommunications industry and FBI have set up an ad hoc
>working group to see if a technical fix for digital wiretapping can
>be found to make the Bureau happy.  That way, legislation doesn't
>need to be passed that might mandate such FBI access and stick the
>Baby Bells with eating the full cost of reengineering their
>networks.
> 
>This joint group was formed during a March 26, 1992 meeting at
>FBI's Quantico, Va., facilities, according previously classified
>FBI documents released under Freedom of Information Act. The group
>was only formalized late last year, working under the auspices of
>the Alliance for Telecommunications Industry Solutions (ATIS).  The
>joint industry-FBI group operates under the innocuous sounding name
>of the Electronic Communications Service Provider Committee
>(ECSPC).
> 
>The ECSPC meets monthly with intent of seeking a technological
>"solution" to the FBI's request for putting a trap door into
>digital switches that would allow them easy access to those
>conversations. To date, no industry solution has been found for the
>digital wiretap problem, according to Kenneth Raymond, a Nynex
>telephone company engineer, who is the industry co-chairman of the
>group.
> 
>Oh, there's also a small, but nagging problem:  The FBI hasn't
>provided a concrete basis that such solutions are needed, Raymond
>said.  CPSR's Sobel raised these same points during the panel
>discussion.
> 
>The telecommunications industry is focused on "trying to evaluate
>just what is the nature of the [digital access] problem and how we
>can best solve it in some reasonable way that is consistent with
>cost and demand," Raymond said.   One solution might be to write
>digital wiretap access into future switch specifications, he said.
> 
>If and when the industry does find that solution, do you think the
>FBI will put out a press release to tell us about it? "I doubt it
>very much," said FBI agent Barry Smith with the Bureau's
>Congressional Affairs office. "It will be done quietly, with no
>media fanfare."
> 
>Is it just me or are these headlights getting REALLY close?
> 
>The FBI's Settle is also adamant about trap door specifications
>being written into any blue prints for the National Information
>Infrastructure. But there's a catch.  Settle calls these "security
>measures," because they'll give his office a better chance at
>"catching bad guys."  He wants all networks "to be required to
>install some kind of standard for security."  And who's writing
>those standards?  You guessed it:  The NSA with input from the FBI
>and other assorted spook agencies.
> 
>Settle defends these standards saying that the "best we have going
>for us is that the criminal element hasn't yet figured out how to
>use this stuff [encryption and networks in general].  When they do,
>we'll be in trouble. We want to stay ahead of the curve."
> 
>In the meantime, his division has to hustle.  The FBI currently has
>only 25 "net literate" personnel, Settle admitted. "Most of these
>were recruited 2 years ago," he said.  Most have computer science
>degrees and were systems administrators at time, he said.
> 
>You think that's funny?  Hell, the Net is a still small community,
>relatively speaking.  One of your friends is probably an FBI Net
>Snitch, working for Settle.  Don't laugh.
> 
>Don't Look Now, Your Privacy Is Showing
>=======================================
> 
>The law enforcement establishment doesn't think you really know
>what you expect when it comes to privacy.
> 
>U.S. Attorney Walker says:  "If you ask the public, 'Is privacy
>more important than catching criminals?'  They'll tell you, 'No.'"
> 
>(Write him with your own thoughts, won't you?)
> 
>Because of views like Walker's, the Electronic Communications
>Privacy Act (ECPA) "needs to be broader," said Mike Godwin, legal
>services counsel, for Electronic Frontier Foundation, speaking as
>a panel member.  The ECPA protects transmitted data, but it also
>needs to protect stored data, he said.  "A person's expectation of
>privacy doesn't end when they store something on a hard disk."
> 
>But Walker brushed Godwin aside saying, "It's easy to get caught up
>in the rhetoric that privacy is the end all be all."
> 
>Do you have an expectation of privacy for things you store on your
>hard disk, in your own home?  Walker says that idea is up for
>debate:  "Part of this working group is to establish what is a
>reasonable expectation of privacy."
> 
>That's right.  Toss everything you know or thought you knew about
>privacy out the fucking window, as you cruise down the fast lane of
>the information superhighway.  Why?  Because for people like
>Walker, those guardians of justice, "There has to be a balance
>between privacy needs and law enforcement needs to catch
>criminals," he says.
> 
>Balance, yes.  Total abrogation of my rights?  Fat chance.
> 
> 
>Meeks out...
> 
>
>
>
>
>






From jazz at hal.com  Tue Feb  1 07:35:28 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 07:35:28 PST
Subject: Archiving mail-lists...
Message-ID: <9402011530.AA13741@jazz.hal.com>



   I would be interested in a discussion on the mail-list on this
   issue. Please refrain from sending personal mail. In particular do you
   think such a archive without every members permission is un-ethical?

Unethical, hell; illegal is closer to it. I retain the copyright to
everything I post; although implicit permission to redistribute to the
mailing list is granted when I send to cypherpunks at toad.com, I have granted
no permission to anyone else to use my intellectual property (i.e. my posts,
valuable or not) for any other purpose.
   
   Would a archivist necessarily need the permission of the mail-list
   sponser?

In an actively-moderated group (i.e. where the moderator chooses which
messages to forward, constructs digests, etc.) the moderator possesses a
copyright on the collection of material (but not on the material itself); if
you were republishing a substantial part of the collection (in your case,
all of it) you'd need rights to the collection copyright also.

Study copyright law (including the Berne Convention, to which most nations
having Usenet sites are signatories). Understand what you're getting
yourself into.

Jason





From frissell at panix.com  Tue Feb  1 07:55:27 1994
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 1 Feb 94 07:55:27 PST
Subject: 4th ammendment and C
Message-ID: <199402011550.AA14431@panix.com>


W >it's also the one place where I've seen a recent 3rd Amendment case.

The Third Amendment.  Answer to the question "What Amendment of the Bill 
of Rights *doesn't* the US Government violate thousands of times a day?"

W >but the general public just barely tolerates duck hunting and
W >really has no desire for violent revolution, and frankly, neither do 
W >I.

Not violent revolution.  Just an alternative source of authority or 
defense.  A reality check on tyranny.  A badge of sovereignty.  You can't 
be sovereign without weapons.

W >We're trying to go for their hearts and minds here, and issues like
W >privacy, freedom of speech, and Big Brother tapping your phone
W >are a lot more attractive to most people.

The whole point of this list is that we can achieve a technological fix 
for the "problems of human interaction."  We can free ourselves and others 
without changing anyone's mind.  That changes of ideology can follow new 
technologies and the social institutions they spawn.

W >Even the ideas that private communications can make government obsolete
W >and that obsolete institutions can fail are pretty scary to people
W >who've been educated in government schools, and associating
W >crypto-privacy with the more extreme radically-correct side of the Gun
W >Nuts will lose them.

Then the bulk of the population has a lot of frights coming and we are 
providing a public service by letting them confront their fears early in 
the game.  

What we are doing is predicting not advocating.  If social changes 
increase people's personal liberties, their liberties are increased 
whether we point them out or not.  

In any case, our sort of analysis is creeping into the straight business 
press (particularly Forbes) and when C. Wright Wriston (former Citibank 
CEO) writes a book like "The Twilight of Sovereignty" how off the wall can 
we be?

W >especially when there *are* legitimate concerns about use of
W >anonymity and digicash for blackmail, ransom, and funding of real 
W >terrorists, plus the government's favorite drug dealer scare.

These people could use existing techniques but mostly don't.  Can you 
*believe* the WTC bombers getting their dough by an open wire transfer 
from the BRD?

W >Besides, walking around making unattributed quotations from the
W >writings of the Founding Fathers tends to get you treated like
W >David Koresh or at the very least Michael Milken....

I don't remember Mike quoting the Founding Parents.  His only mistake was 
copping a plea.

DCF

Western Civilization didn't invent tyranny, slavery, racism, or the
oppression of women.  What it did do is eliminate those evils (to the 
extent they have been eliminated).  The rest of the world should be damn 
grateful and if they're not we should return them to the ancient tyrannies 
from which we so recently rescued them.  Would serve them right.

--- WinQwk 2.0b#1165                                                    





From jazz at hal.com  Tue Feb  1 08:05:27 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 08:05:27 PST
Subject: archiving on inet
Message-ID: <9402011601.AA13762@jazz.hal.com>


   So if I sell (at a profit) a netnews feed to subscribers via modem, it
   is not copyright infringement, but if I sell the same data on a CDROM,
   you cliam copyright infringement.

Yep. When you're providing a netnews feed, you're acting as a node in a
store-and-forward network. A CD-ROM is not a part of a store-and-forward
network; it is a permanently fixed repository of information. You can't hold
up a netnews feed in a courtroom and point at it saying "there it is"; you
*can* do so with a CD-ROM.

   So I suppose you want to give some
   kind of list of what types of media are acceptable for transmitting
   netnews feeds, and which are not?

A CD-ROM isn't a medium for transmitting netnews feeds; it's a permanently
fixed copy of the contents of such a feed. Static versus dynamic; permanent,
ephemeral. Is this hard to understand?

   The plain and simple fact is: When you post a message to usenet, you do
   so with the expectation that others will receive it.  You can have no
   way of knowing or limiting who may get it; that is given by the nature
   of the network.  Usenet news is, and is intended to be, publicly
   accessable information.  If there is something you don't want
   distributed, then DON'T POST IT!

Learn a little about law; while you're at it, learn a little about usenet.
When you post a message to usenet, you have tossed it into a flood-routed
store-and-forward network. You implicitly give permission for copying
appropriate to the propagation of messages in that network. You neither
grant permission nor withhold permission for Fair Use. Everything else,
though, is not granted unless explicitly granted.

If I post a message, under the terms of the Berne Convention and current US
copyright law, a recipient was not granted the right to print a copy and
publish it in a book. What makes you think I granted them permission to
publish a copy in a CD-ROM? The only permission I granted was that they
could (a) read it and (b) forward it via usenet protocols.

Jason





From hfinney at shell.portal.com  Tue Feb  1 08:10:34 1994
From: hfinney at shell.portal.com (Hal)
Date: Tue, 1 Feb 94 08:10:34 PST
Subject: PGP keyid collisions?
Message-ID: <199402011607.IAA22359@jobe.shell.portal.com>


From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204)
> Hal points out that brute-forcing a 24-bit Key-ID isn't all that hard;
> the usual formulas tell you what fraction of numbers are prime in the 
> desired range, though without looking them up I'd expect it would take
> around 2**30 - 2**35 tries to find a specific one; I suppose this 
> means the NSA has already done it :-)

Right, but the point is that you have to search for a prime q anyway;
PGP's algorithm is basically to repeat q += 2 until you find a q which
is prime.  It uses a sieve to speed this up a lot.  I was pointing out
that you can basically change the 2 to a 2^24, still use a sieve, and
find a key just about as fast.  So matching an existing key ID should not
take much if any longer than just generating a PGP key in the first place.

> > I understand there is already at least one 24-bit collision on the
> > public key servers, not unexpected given a few thousand keys.
> 
> I assume PGP does the right thing, except in cases of pilot error
> (e.g. doing key lookup by KeyID) ?  Even if it does, this has
> some design impact on systems using random public-private key generation
> for meet-me remailer cutouts.
> 		Bill

PGP actually uses a 64-bit key ID internally, only displaying the lower
24 bits for conciseness.  It would be practically impossible to get a
64-bit key ID collision by accident (well, almost impossible, anyway).
However, the technique I mentioned could easily generate such collisions.
PGP does check for the case of matching key ID and does something, but I
forget what.  24-bit key ID matches shouldn't have any effect except for,
as Bill says, extracting/deleting keys based on key ID.

Hal






From wex at media.mit.edu  Tue Feb  1 08:45:27 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Tue, 1 Feb 94 08:45:27 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011530.AA13741@jazz.hal.com>
Message-ID: <9402011645.AA04676@media.mit.edu>


Ah, the old I'm-not-a-lawyer-but-I-play-one-on-the-net.

Problem with Jason Zions' position:
	- Not at all clear that Berne applies to electronic mail, even of a
personal nature
	- Not at all clear that postings to a publicly-read list like this
are not equivalent to speech in a public place (ie not necessarily
copyrighted)
	- Not at all clear what the status of private communications is vis
a vis publication.  The courts in the US seem to be flip-flopping all over
the place in a couple of recent cases involving correspondence used to write
biographies (one of L Ron Hubbard sticks in my mind and I forget who the
other was about).

You can't just wave your hand and say the magic word "Berne" and thereby
prevent someone from archiving, reposting etc your messages to this list.

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group	wex at media.mit.edu
Voice: 617-258-9168 Page: 617-945-1842		an53607 at anon.penet.fi
All the world's a stage and most of us are desperately unrehearsed.





From mnemonic at eff.org  Tue Feb  1 09:05:27 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 1 Feb 94 09:05:27 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011645.AA04676@media.mit.edu>
Message-ID: <199402011701.MAA08013@eff.org>


 
Alan Wexelblat writesK

> Ah, the old I'm-not-a-lawyer-but-I-play-one-on-the-net.
> 
> Problem with Jason Zions' position:
> 	- Not at all clear that Berne applies to electronic mail, even of a
> personal nature

Hey, it's clear to me.

> 	- Not at all clear that postings to a publicly-read list like this
> are not equivalent to speech in a public place (ie not necessarily
> copyrighted)

That's not the measure of copyright. It's whether the expression has been
instantiated in a tangible medium.

> 	- Not at all clear what the status of private communications is vis
> a vis publication.  The courts in the US seem to be flip-flopping all over
> the place in a couple of recent cases involving correspondence used to write
> biographies (one of L Ron Hubbard sticks in my mind and I forget who the
> other was about).
 
They flipflop because of the trickiness of Fair Use--there's no
hard-and-fast rule as to what qualifies.

> You can't just wave your hand and say the magic word "Berne" and thereby
> prevent someone from archiving, reposting etc your messages to this list.
 
True, but you can say "Berne" and settle the issue of copyright.



--Mike







From jazz at hal.com  Tue Feb  1 09:05:34 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 09:05:34 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011645.AA04676@media.mit.edu>
Message-ID: <9402011704.AA13796@jazz.hal.com>


Alan -

  - Not at all clear that Berne applies to electronic mail, even of a
    personal nature

Copyright exists from the moment the work is set down in concrete form. Are
you arguing that email is not concrete?

   - Not at all clear that postings to a publicly-read list like this
     are not equivalent to speech in a public place (ie not necessarily
     copyrighted)

Ah. The old "if the NFL has to remind us that its broadcast of the superbowl
is copyrighted, so do you" argument.

Okay, let's try this on for size.

Copyright 1994 Jason Zions. Permission to copy and transmit for the purpose
of propagation of the Cypherpunks mailing list in email or local-newsgroup
(usenet) forms is granted; all other rights are reserved.

   - Not at all clear what the status of private communications is vis
     a vis publication.

But this isn't private communication.

   You can't just wave your hand and say the magic word "Berne" and thereby
   prevent someone from archiving, reposting etc your messages to this list.

Law is a complex thing, isn't it. I'd better go back and reread the code and
current decisions. I'm spending more of my time tracking the CompuServe MIDI
copyright actions, though.

Jason





From kshep at netcom.com  Tue Feb  1 09:10:34 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 09:10:34 PST
Subject: archiving on inet
In-Reply-To: <9402011601.AA13762@jazz.hal.com>
Message-ID: <Pine.3.85.9402011100.A29594-0100000@netcom8>


Dear Jason,

I don't think you are neccissarily correct about making an archive of the 
usenet. You may be correct, but I don't believe this point has been 
litigated yet. Furthermore, just because something is forwarded and 
something is archived I don't believe is expressly covered in copyright 
law. Others could argue that postings by their very nature, when posted 
become "public domain", and thus not copyrightable. I practice law, but 
am not a copyright/trademark specialist. Also, as was posted earlier 
someone is already making an archive of the usenet. See earlier postings. 
Finally what is the tangible difference between storing usenet postings 
on a hard disk for an indefinite time, or on a cd-rom, or a cd that is 
re-writable, or tape or any other storage device? Not very much I would 
argue.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Jason Zions wrote:

>    So if I sell (at a profit) a netnews feed to subscribers via modem, it
>    is not copyright infringement, but if I sell the same data on a CDROM,
>    you cliam copyright infringement.
> 
> Yep. When you're providing a netnews feed, you're acting as a node in a
> store-and-forward network. A CD-ROM is not a part of a store-and-forward
> network; it is a permanently fixed repository of information. You can't hold
> up a netnews feed in a courtroom and point at it saying "there it is"; you
> *can* do so with a CD-ROM.
> 
>    So I suppose you want to give some
>    kind of list of what types of media are acceptable for transmitting
>    netnews feeds, and which are not?
> 
> A CD-ROM isn't a medium for transmitting netnews feeds; it's a permanently
> fixed copy of the contents of such a feed. Static versus dynamic; permanent,
> ephemeral. Is this hard to understand?
> 
>    The plain and simple fact is: When you post a message to usenet, you do
>    so with the expectation that others will receive it.  You can have no
>    way of knowing or limiting who may get it; that is given by the nature
>    of the network.  Usenet news is, and is intended to be, publicly
>    accessable information.  If there is something you don't want
>    distributed, then DON'T POST IT!
> 
> Learn a little about law; while you're at it, learn a little about usenet.
> When you post a message to usenet, you have tossed it into a flood-routed
> store-and-forward network. You implicitly give permission for copying
> appropriate to the propagation of messages in that network. You neither
> grant permission nor withhold permission for Fair Use. Everything else,
> though, is not granted unless explicitly granted.
> 
> If I post a message, under the terms of the Berne Convention and current US
> copyright law, a recipient was not granted the right to print a copy and
> publish it in a book. What makes you think I granted them permission to
> publish a copy in a CD-ROM? The only permission I granted was that they
> could (a) read it and (b) forward it via usenet protocols.
> 
> Jason
> 






From wex at media.mit.edu  Tue Feb  1 09:35:27 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Tue, 1 Feb 94 09:35:27 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011704.AA13796@jazz.hal.com>
Message-ID: <9402011731.AA09417@media.mit.edu>


> Are you arguing that email is not concrete?

Ayup.  If it was, we wouldn't need digital signatures on clear-text msgs,
no?

Mike Godwin says it's clear to him; I'd say that he represents a vanguard of
progressive thinkers applying the law to new areas.  I'd also bet that
vanguard is about a 10% minority at the moment.

--Alan






From ravage at wixer.bga.com  Tue Feb  1 09:40:35 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Tue, 1 Feb 94 09:40:35 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011530.AA13741@jazz.hal.com>
Message-ID: <9402011727.AA04285@wixer>


>
>
>    I would be interested in a discussion on the mail-list on this
>    issue. Please refrain from sending personal mail. In particular do you
>    think such a archive without every members permission is un-ethical?
>
> Unethical, hell; illegal is closer to it. I retain the copyright to
> everything I post; although implicit permission to redistribute to the
> mailing list is granted when I send to cypherpunks at toad.com, I have granted
> no permission to anyone else to use my intellectual property (i.e. my posts,
> valuable or not) for any other purpose.
>
>    Would a archivist necessarily need the permission of the mail-list
>    sponser?
>
> In an actively-moderated group (i.e. where the moderator chooses which
> messages to forward, constructs digests, etc.) the moderator possesses a
> copyright on the collection of material (but not on the material itself); if
> you were republishing a substantial part of the collection (in your case,
> all of it) you'd need rights to the collection copyright also.
>
> Study copyright law (including the Berne Convention, to which most nations
> having Usenet sites are signatories). Understand what you're getting
> yourself into.
>
> Jason
>

It is no more illegal (at the present time) for me to store your posting to
every usenet or inet service that I have access to on my hard-drive or a CD-
Rom for re-sale than it is for you to store my posting on your drive or print
it out to the printer.

When I got my account I did not sign any kind of agreement relating to me
retaining my rights to any material I chose to place on the net for
dissimenation to others. There IS an implied motivation to put that material
in the public domain so that others may use it for the betterment of all.

If you are serious about your view then please forward a money order for
$1000 dollars for having my original post stored on whatever medium you used
to reply to it.

There is no legal precedence at this time that would necessarily and
automaticaly copyright every entry I (or you) made, Berne not withstanding,
to inet or usenet. If that position is valid then each and every one of us is
commiting copyright infringement for storing the material on a hard drive.
When discussing copyright there is no involvment in medium of transmission
other than what the original author limits it to prior to release of that
material.

The motivation for bringing this topic up is that it provides a perfect way
to make the commen wide-spread usage of encryption a commen and everyday
occurance. Namely, authors who wish to retain all rights should do one of two
things. They should either encrypt the file and require potential users to
contact the author or distributor for keys to unlock it or else it should be
mandator for a author to put some sort of fair-use statement in their
releases that specificly delineates what the fair-use of that material is.
Users of usenet/inet do not read minds and can't necessarily imply what the
original motivation was, this means (to me anyway) that the responsibility of
enlightening potential users falls solely on the shoulders of the author.






From jazz at hal.com  Tue Feb  1 09:45:28 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 09:45:28 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011731.AA09417@media.mit.edu>
Message-ID: <9402011742.AA00212@jazz.hal.com>


>> Are you arguing that email is not concrete?
>
>Ayup.  If it was, we wouldn't need digital signatures on clear-text msgs,
>no?

Not the point; "concrete" does not mean immutable. If it did, then things
written in pencil, or eraseable ink, or created in mutable media (videotape,
audio tape, ...) would not be copyrightable either.

Jason





From pdn at dwroll.dw.att.com  Tue Feb  1 09:50:35 1994
From: pdn at dwroll.dw.att.com (Philippe Nave)
Date: Tue, 1 Feb 94 09:50:35 PST
Subject: Matsui-san Attack
In-Reply-To: <9401312111.AA15451@atlanta.wti.com>
Message-ID: <9402011745.AA19697@toad.com>


-----BEGIN PGP SIGNED MESSAGE-----

buckley at wti.com writes :
> 
> [continuing thread on ease of cracking DES/PEM]
> 
> Using a comparable breaker on the average machine, it is going
> to take two years to "break the scheme".
> That leaves two years to create stronger/tighter strategies.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Concerns about the validity about the 'two years' figure aside, does this
really 'leave you two years?' The technology to store messages (even ones
currently uncrackable) has been online for years already- unless your 
encrypted data is such that you don't mind having it examined by anybody
with a DES cracker, you are already at risk. In terms of careers, legal
action, and politics, a two-year event horizon is negligible. As advances
in computer power continue, the 'two-year' figure will continue to shrink.

Taking the long view, I view the PEM/DES debate as virtually identical to
the Clipper debate; Clipper's 'trap door' mindset is more overt, but getting
everbody involved in PEM/DES when the cracking technology is clearly in 
sight is no better.

- -- 
........................................................................
Philippe D. Nave, Jr.   | The person who does not use message encryption
pdn at dwroll.dw.att.com   | will soon be at the mercy of those who DO...
Denver, Colorado USA    | PGP public key: by arrangement.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU6UHwvlW1K2YdE1AQGG4gQAqM+LthMCzEo3T2O+fLhKih8uNYUoHhvK
6zvDWjW2PW/t/N7TdWpA2oJ2dVmpABa3ENeNvju0qrEW91CVoU5JwBMHiCxSTrOn
wtK4fcQ7m+GBvvoLO6WW5tr+FZcVluzZbJrIcnaLQVWqP/P5Bmfjspd/GfROAduX
/oR4u9pFSvk=
=O5HV
-----END PGP SIGNATURE-----




From jazz at hal.com  Tue Feb  1 09:55:27 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 09:55:27 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.85.9402011100.A29594-0100000@netcom8>
Message-ID: <9402011752.AA00225@jazz.hal.com>



> Furthermore, just because something is forwarded and something is archived
>I don't believe is expressly covered in copyright law.

It's not the forwarding or the archiving that makes anything covered by
copyright law; it is the setting down, in concrete form, the expression of
an idea.

> Others could argue that postings by their very nature, when posted 
>become "public domain", and thus not copyrightable.

Not successfully in court, I should think. How is a posting any different
than the production of a radio program which is distributed by
store-and-forward satellite distribution and then played through the radio
station and received at your home radio? The mechanisms are close to
identical in their attributes; tapes at the stations have some lifetime,
timeshifting can occur, special equipment is needed to perceive the work,
etc.

>Finally what is the tangible difference between storing usenet postings 
>on a hard disk for an indefinite time, or on a cd-rom, or a cd that is 
>re-writable, or tape or any other storage device? Not very much I would 
>argue.

If you were a ligitimate recipient of the work in the first place (i.e. got
it in a newsfeed) and you store those postings for your own use or for the
use of others on that node in the store-and-forward network, then you can
keep the work 'til the bits rot. Infringement occurs when you copy those
bits onto some medium for some purpose other than store-and-forward
propagation or the allowed fair-use exceptions; stuffing articles on a
CD-ROM and selling them falls into neither category and hence is an
infringement.

Jason





From ravage at wixer.bga.com  Tue Feb  1 10:00:34 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Tue, 1 Feb 94 10:00:34 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011704.AA13796@jazz.hal.com>
Message-ID: <9402011744.AA06092@wixer>


>
> Alan -
>
>   - Not at all clear that Berne applies to electronic mail, even of a
>     personal nature
>
> Copyright exists from the moment the work is set down in concrete form. Are
> you arguing that email is not concrete?
>
>    - Not at all clear that postings to a publicly-read list like this
>      are not equivalent to speech in a public place (ie not necessarily
>      copyrighted)
>
> Ah. The old "if the NFL has to remind us that its broadcast of the superbowl
> is copyrighted, so do you" argument.
>
> Okay, let's try this on for size.
>
> Copyright 1994 Jason Zions. Permission to copy and transmit for the purpose
> of propagation of the Cypherpunks mailing list in email or local-newsgroup
> (usenet) forms is granted; all other rights are reserved.
>
>    - Not at all clear what the status of private communications is vis
>      a vis publication.
>
> But this isn't private communication.
>
>    You can't just wave your hand and say the magic word "Berne" and thereby
>    prevent someone from archiving, reposting etc your messages to this list.
>
> Law is a complex thing, isn't it. I'd better go back and reread the code and
> current decisions. I'm spending more of my time tracking the CompuServe MIDI
> copyright actions, though.
>
> Jason
>

I have to admit that I have broken your fair use copyright notice
inadvertantly.

I have stored an image of your message in the ram on my system which is not a
part of inet or usenet nor involved in any way with the transmission to other
nodes of such stored material.

Berne works great for paper, audio recordings, movies, etc. It does not work
for networked information transmission.






From ravage at wixer.bga.com  Tue Feb  1 10:00:36 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Tue, 1 Feb 94 10:00:36 PST
Subject: archiving on inet
In-Reply-To: <9402011734.AA00188@jazz.hal.com>
Message-ID: <9402011745.AA06230@wixer>


>
> Jim -
>
> >Where is this agreement that it is ok to distribute material through a 'stor
e-
> >and-forward' network stated in the copyright law? I would be very interested

> >in the proviso that exempts such networks from liability.
>
> It's not embedded in the law; as I said, it's an implicit permission I grant
> when I post a message to such a network. Just as, when you buy a program on
> a floppy disk, you are implicitly granted the right to copy it from the disk
> into your computer's memory in order to run it: the nature of the work
> requires that specific type of copying. There's nothing new there.
>
> >The bottem line is that when I got my feed I was not asked to sign any kinjd

> >of waiver releasing any material that I generate from copyright infringement

> >as long as it was on a hard drive (or any other media). I did not sign any
> >kind of contract at all as a matter of fact. Legaly I still retain my right
> >of copyright on every bit on every drive (whether magnetic or otherwise) in
> >the internet and even your personal drive if you transfer the mail and other

> >material to it for offline processing.
>
> One more time. The nature of the work and your chosen distribution medium
> (netnews) requires a variety of copying for it to work: store-and-forward
> for propagation, copying into the memory of my system and onto my screen so
> I can read it. You grant permission to do that implicitly when you make the
> work available by that mechanism.
>
> Once I have received the copy you have implicitly authorized me to have,
> what I can *do* with that copy is governed by the Copyright Act and its fair
> use exemptions. I can use it for purposes of scholarship (i.e. I can keep it
> in an online or paper folder and refer to it later) and I can excerpt pieces
> for critique, among other things.  What I *cannot* do is redistribute it by
> any other mechanisms and for any purpose other than your initial netnews
> distribution.
>
> I have spent a lot of time studying this part of the law. Really. I already
> heeded my glib advice about reading the damn copyright act. Have you?
>
> Jason
>

when I buy a software program the copyright notice specificaly states that I
am allowed to make copies for backup purposes. Some of them notices on high-
dollar packages even tell me how many I can keep and whether I can keep them
on a network or not.






From jimn8 at netcom.com  Tue Feb  1 10:05:28 1994
From: jimn8 at netcom.com (Jim Nitchals)
Date: Tue, 1 Feb 94 10:05:28 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.85.9402011100.A29594-0100000@netcom8>
Message-ID: <199402011803.KAA11756@mail.netcom.com>


Kirk writes,

> 
> Dear Jason,
> 
> I don't think you are neccissarily correct about making an archive of the 
> usenet. You may be correct, but I don't believe this point has been 
> litigated yet. Furthermore, just because something is forwarded and 
> something is archived I don't believe is expressly covered in copyright 
> law. Others could argue that postings by their very nature, when posted 
> become "public domain", and thus not copyrightable. I practice law, but 
> am not a copyright/trademark specialist. Also, as was posted earlier 
> someone is already making an archive of the usenet. See earlier postings. 
> Finally what is the tangible difference between storing usenet postings 
> on a hard disk for an indefinite time, or on a cd-rom, or a cd that is 
> re-writable, or tape or any other storage device? Not very much I would 
> argue.

Let me argue against Usenet archiving on a different point.  Archiving
violates the poster's implicit right to cancel or provide an expiration
date for his posting.

Do Usenet archivers provide a revised CD-ROM with the cancelled posts
removed on a regular basis, and ensure the original disks are returned?
Without such a guarantee, the owners of those messages aren't able to
exercise reasonable control over the messages.

There's a clear harm done when a cancel message isn't honored in this
situation: a potential employer may see a message written in anger or
the author was in an exceptionally bad state of mind, yet the author
(responsibly) sent out a cancel message just after the CD-ROM happened
to be pressed.

A second-hand copy of such an incriminating message is hearsay, and
should rightfully be considered with suspicion by a potential employer,
but a Usenet CD-ROM carries considerably more weight.

I'm not a lawyer, but it *seems* to me that when you publish a message
from a set of newsgroups containing a 'control' group that allows
retraction of messages, you're agreeing to honor those retractions when
they're issued by the original poster.  If that's not obvious enough,
when a message contains an expiration date, the author CLEARLY has a
reasonable expectation of having it honored.  I'd go further and say
there's a strongly implied agreement that says, "if you want to use
and republish this information, you must honor my expiration date."

Most of us have special words for someone who refuses to honor such
an implied agreement, even if it's made void by the message being
considered "in the public domain."

> 
> Kirk Sheppard
> 
> kshep at netcom.com
> 




From jazz at hal.com  Tue Feb  1 10:10:36 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 10:10:36 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011727.AA04285@wixer>
Message-ID: <9402011809.AA00254@jazz.hal.com>


>If you are serious about your view then please forward a money order for
>$1000 dollars for having my original post stored on whatever medium you used
>to reply to it.

Sigh. One more time.

The courts have recognized that permission to make copies which are
essential for the perception of the work is implicitly granted by the
copyright owner when the work is distributed. In order to perceive your
copyrighted works my system *must* make a copy or three to get it to me (as
would intervening systems if we both lived on uucp links instead of
internet). This is relatively old ground that was plowed by computer cases;
the exact issue of having to load a copy of a program into ram in order to
execute it has indeed been the subject of litigation.

The quote from your message I include above falls under the Fair Use
exceptions, under both Scholarship and Criticism.

>There is no legal precedence at this time that would necessarily and
>automaticaly copyright every entry I (or you) made, Berne not withstanding,
>to inet or usenet. [...] When discussing copyright there is no involvment in
>medium of transmission other than what the original author limits it to
>prior to release of that material.

But this is *precisely* what the current law says. From the moment the work
exists in concrete form, and a posting *is* concrete form, copyright exists.
Usenet and Internet are merely distribution mechanisms, the use of which may
cause the copyright holder to implicitly grant certain rights (as described
above).

>From another message:

>when I buy a software program the copyright notice specificaly states that I
>am allowed to make copies for backup purposes. Some of them notices on high-
>dollar packages even tell me how many I can keep and whether I can keep them
>on a network or not.

Yep. Backups are separate from implicit rights granted due to the medium of
expression; I'm not sure what this has to do with anything, except that
there is a recognized right for you to make a backup of your usenet news
archives. But you can't distribute that backup.

>From yet another message:

>I have to admit that I have broken your fair use copyright notice
>inadvertantly.
>
>I have stored an image of your message in the ram on my system which is not a
>part of inet or usenet nor involved in any way with the transmission to other
>nodes of such stored material.

You can't perceive the work without loading it into some device that can
turn electrical signals into something perceivable by a human; ram on a
computer is as good as anything else. As I stated above, this has been
covered by case law; it's a copy necessary to the perception of the work.
(The identical case arises with CDs - the bits are copied into a buffer in
your CD-player before they're fed through the D/A converters. This copy is
necessary to perceiving the work and hence permission is implicitly
granted.)

Jason





From kshep at netcom.com  Tue Feb  1 10:20:35 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 10:20:35 PST
Subject: archiving on inet
In-Reply-To: <9402011752.AA00225@jazz.hal.com>
Message-ID: <Pine.3.85.9402011327.A13472-0100000@netcom8>


Usenet copyrightable? I still doubt it. Of course, the only way to 
find out is to file a very expensive lawsuit. Most posters would not find 
their postings worth the expense to sue on copyright. Only a very rich 
dilletante, or someone less rich who is a fanatic on the subject is 
likely to do so.  Also, you would have a hard time answering the 
difference between charging for a usenet feed and charging for a cd-rom, 
again I see little difference except that one is more prompt in time than 
the other. But, again, my newsfeed from a BBS which might be 24 hrs 
delayed, and my netcom account which is much faster and a cd-rom differs 
only as to time removed from the original posting. 

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Jason Zions wrote:

> 
> > Furthermore, just because something is forwarded and something is archived
> >I don't believe is expressly covered in copyright law.
> 
> It's not the forwarding or the archiving that makes anything covered by
> copyright law; it is the setting down, in concrete form, the expression of
> an idea.
> 
> > Others could argue that postings by their very nature, when posted 
> >become "public domain", and thus not copyrightable.
> 
> Not successfully in court, I should think. How is a posting any different
> than the production of a radio program which is distributed by
> store-and-forward satellite distribution and then played through the radio
> station and received at your home radio? The mechanisms are close to
> identical in their attributes; tapes at the stations have some lifetime,
> timeshifting can occur, special equipment is needed to perceive the work,
> etc.
> 
> >Finally what is the tangible difference between storing usenet postings 
> >on a hard disk for an indefinite time, or on a cd-rom, or a cd that is 
> >re-writable, or tape or any other storage device? Not very much I would 
> >argue.
> 
> If you were a ligitimate recipient of the work in the first place (i.e. got
> it in a newsfeed) and you store those postings for your own use or for the
> use of others on that node in the store-and-forward network, then you can
> keep the work 'til the bits rot. Infringement occurs when you copy those
> bits onto some medium for some purpose other than store-and-forward
> propagation or the allowed fair-use exceptions; stuffing articles on a
> CD-ROM and selling them falls into neither category and hence is an
> infringement.
> 
> Jason
> 






From lefty at apple.com  Tue Feb  1 10:45:27 1994
From: lefty at apple.com (Lefty)
Date: Tue, 1 Feb 94 10:45:27 PST
Subject: archiving on inet
Message-ID: <9402011838.AA12820@federal-excess.apple.com>


Kirk Sheppard asks
>
>Finally what is the tangible difference between storing usenet postings 
>on a hard disk for an indefinite time, or on a cd-rom, or a cd that is 
>re-writable, or tape or any other storage device? Not very much I would 
>argue.

I don't believe that _storage_ is the issue at all.  If I purchase a copy
of a book, I don't believe that I'm violating copyright by making an
archival copy of it _for_ _my_ _own_ _use_.

If I start distributing or selling copies to other people, however, that's
a different matter.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From m5 at vail.tivoli.com  Tue Feb  1 11:00:37 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Tue, 1 Feb 94 11:00:37 PST
Subject: archiving on inet
In-Reply-To: <199402011803.KAA11756@mail.netcom.com>
Message-ID: <9402011857.AA07465@vail.tivoli.com>



Jim Nitchals writes:
 > Let me argue against Usenet archiving on a different point.  Archiving
 > violates the poster's implicit right to cancel or provide an expiration
 > date for his posting.

"Implicit right to cancel"?  Where'd that come from?

 >         a potential employer may see a message written in anger or
 > the author was in an exceptionally bad state of mind...

There's a poem by Carl Sandburg with some relevance to this.  I don't
see why the feature of cancel messages (which aren't guaranteed to
work anyway) carries with it a new right.

 > I'm not a lawyer, but it *seems* to me that when you publish a message
 > from a set of newsgroups containing a 'control' group that allows
 > retraction of messages, you're agreeing to honor those retractions when
 > they're issued by the original poster.  

I am perfectly free to implement my own news system and mailer that
does not honor cancel messages.  What authority would force me to do
so if I don't want to?

 > when a message contains an expiration date, the author CLEARLY has a
 > reasonable expectation of having it honored.  

Why?  Does he have an equally clear right to expect that the message
does not get deleted before then?

 > I'd go further and say
 > there's a strongly implied agreement that says, "if you want to use
 > and republish this information, you must honor my expiration date."

This seems pretty specious to me.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From mnemonic at eff.org  Tue Feb  1 11:10:37 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 1 Feb 94 11:10:37 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.85.9402011327.A13472-0100000@netcom8>
Message-ID: <199402011902.OAA09623@eff.org>


 
Kirk Sheppard writes:

> Usenet copyrightable? I still doubt it.

You shouldn't. Usenet postings are copyrighted the moment they are
instantiated in a tangible medium.


--Mike







From cknight at crl.com  Tue Feb  1 11:15:29 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 11:15:29 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.85.9402011100.A29594-0100000@netcom8>
Message-ID: <Pine.3.87.9402011111.A18730-0100000@crl.crl.com>




On Tue, 1 Feb 1994, Kirk Sheppard wrote:

> law. Others could argue that postings by their very nature, when posted 
> become "public domain", and thus not copyrightable. I practice law, but 

If I use your logic, a published article in a magazine becomes public domain 
because it has become available to a large number of subscribers.


> Finally what is the tangible difference between storing usenet postings 
> on a hard disk for an indefinite time, or on a cd-rom, or a cd that is 
> re-writable, or tape or any other storage device? Not very much I would 
> argue.

Tangible difference...  Lets see...  A CD-ROM can be duplicated and sold 
for profit, and doing so with net archives violates the copyrights of any 
message author who cares to file class action or personal...  Who did you 
say had that archive, and were they selling it?

-ck







From cknight at crl.com  Tue Feb  1 11:25:29 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 11:25:29 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011727.AA04285@wixer>
Message-ID: <Pine.3.87.9402011155.A18730-0100000@crl.crl.com>




On Tue, 1 Feb 1994, Jim choate wrote:

> It is no more illegal (at the present time) for me to store your posting to
> every usenet or inet service that I have access to on my hard-drive or a CD-
> Rom for re-sale than it is for you to store my posting on your drive or print
> it out to the printer.

I think the question of storage goes beyond copyright law.  I have yet to 
find someone who lost a suit for owning a copy of a magazine.  But since 
you feel the way you do about CDs, why don't you scan in a couple of 
issues of Life magazine, master it, and try to sell it?  Do they supply 
Inet feeds in prison?

> 
> When I got my account I did not sign any kind of agreement relating to me
> retaining my rights to any material I chose to place on the net for
> dissimenation to others. 

Have you ever published an article in say a not-for profit journal?  Just 
because you don't sine a contract guaranteeing your rights DOES NOT mean 
you have given them up!

There IS an implied motivation to put that material

> If you are serious about your view then please forward a money order for
> $1000 dollars for having my original post stored on whatever medium you used
> to reply to it.

Now that you have set your rate, I set mine.  Please remit your check of 
$10,000....  I think this is getting a bit carried away.  Copyright cases 
generally relate to the sale or use of material belonging to an author.  
As I said above, I have never heard of a case where someone lost a suit 
for posessing a 1942 issue of Life magazine.



-ck


The material in this message composed by me, lines NOT preceeded by the 
">", is expressly copyrighted as the posession of Chris Knight.  You may 
reply to this message, forward this message, and store it for PRIVATE 
use.  Any attempt to sell this material either alone, or as part of an 
archive will be met by me, at you backdoor, late at night, with a chaninsaw.
I have the DOOM cheats!  I am invincible!   ;>

p.s.  The above bit of humor is copyrighted 1994, cmk.






From cknight at crl.com  Tue Feb  1 11:30:37 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 11:30:37 PST
Subject: Archiving mail-lists...
In-Reply-To: <9402011744.AA06092@wixer>
Message-ID: <Pine.3.87.9402011116.A18730-0100000@crl.crl.com>




On Tue, 1 Feb 1994, Jim choate wrote:

> I have to admit that I have broken your fair use copyright notice
> inadvertantly.
> 
> I have stored an image of your message in the ram on my system which is not a
> part of inet or usenet nor involved in any way with the transmission to other
> nodes of such stored material.

Are you claiming to have sold your RAM, while still powered, for a 
profit?  Knowing that it contained copyrighted work?  Shame on you.


> Berne works great for paper, audio recordings, movies, etc. It does not work
> for networked information transmission.

I'm sorry, I didn not realize I was talking to a supreme court justice.  
Had I known you had the ultimate authority on this subject, I would not 
have been wasting your time, or mine.

Perhaps we should try this.  You sell archives of the net, and we'll file 
a class action suit...  I'll back up my beliefs with actions, how about you?


-ck







From kshep at netcom.com  Tue Feb  1 11:30:39 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 11:30:39 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.87.9402011111.A18730-0100000@crl.crl.com>
Message-ID: <Pine.3.85.9402011400.A27297-0100000@netcom9>


Regarding the archive I believe it was some company in Canada, I'm not 
sure. There was a thread about this archiving question on another group I 
suppose in the last three weeks. I can't remember where I saw it, if it 
wasn't here. Sorry. And about "paying" for the cd-rom, I pay for the 
usenet feed, and none of us who post are getting royalty payments from 
any of the internet providers. So answer the question again, what is the 
difference in paying an internet provider for access to usenet, and 
paying a cd-rom provider for access to usenet? None materially, except 
that the cd is not interactive, and some providers are (not all as in 
bbs' that don't send e-mail to the internet, but have some usenet 
groups.) There is no material difference that I can determine.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Chris Knight wrote:

> 
> 
> On Tue, 1 Feb 1994, Kirk Sheppard wrote:
> 
> > law. Others could argue that postings by their very nature, when posted 
> > become "public domain", and thus not copyrightable. I practice law, but 
> 
> If I use your logic, a published article in a magazine becomes public domain 
> because it has become available to a large number of subscribers.
> 
> 
> > Finally what is the tangible difference between storing usenet postings 
> > on a hard disk for an indefinite time, or on a cd-rom, or a cd that is 
> > re-writable, or tape or any other storage device? Not very much I would 
> > argue.
> 
> Tangible difference...  Lets see...  A CD-ROM can be duplicated and sold 
> for profit, and doing so with net archives violates the copyrights of any 
> message author who cares to file class action or personal...  Who did you 
> say had that archive, and were they selling it?
> 
> -ck
> 
> 
> 






From kshep at netcom.com  Tue Feb  1 11:35:36 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 11:35:36 PST
Subject: archiving on inet
In-Reply-To: <9402011838.AA12820@federal-excess.apple.com>
Message-ID: <Pine.3.85.9402011445.A27297-0100000@netcom9>


This book analogy is not accurate. It is my contention that usenet 
postings are not copyrighted. Our postings are not disseminated like a 
book, we are paid nothing for the use of our postings on the multitude 
of machines that our postings appear. Or, in the alternative, if 
copyrighted, by posting them in the electronic ether, we give up most of 
our rights regarding dissemination, copying etc. Perhaps we may still 
have some residual rights regarding accuracy and the like. Also the 
posting regarding the legal blurbs on software, really was off point, 
since what they they were refering to was a "license", and again there is 
some doubt about how enforceable the individual licenses that the 
software companies give. That is, some of these licenses may have 
provisions that are not enforceable.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Lefty wrote:

> Kirk Sheppard asks
> >
> >Finally what is the tangible difference between storing usenet postings 
> >on a hard disk for an indefinite time, or on a cd-rom, or a cd that is 
> >re-writable, or tape or any other storage device? Not very much I would 
> >argue.
> 
> I don't believe that _storage_ is the issue at all.  If I purchase a copy
> of a book, I don't believe that I'm violating copyright by making an
> archival copy of it _for_ _my_ _own_ _use_.
> 
> If I start distributing or selling copies to other people, however, that's
> a different matter.
> 
> --
> Lefty (lefty at apple.com)
> C:.M:.C:., D:.O:.D:.
> 
> 
> 






From lefty at apple.com  Tue Feb  1 11:45:27 1994
From: lefty at apple.com (Lefty)
Date: Tue, 1 Feb 94 11:45:27 PST
Subject: archiving on inet
Message-ID: <9402011948.AB17603@federal-excess.apple.com>


>Usenet copyrightable? I still doubt it. Of course, the only way to 
>find out is to file a very expensive lawsuit. Most posters would not find 
>their postings worth the expense to sue on copyright. Only a very rich 
>dilletante, or someone less rich who is a fanatic on the subject is 
>likely to do so.  Also, you would have a hard time answering the 
>difference between charging for a usenet feed and charging for a cd-rom, 
>again I see little difference except that one is more prompt in time than 
>the other. But, again, my newsfeed from a BBS which might be 24 hrs 
>delayed, and my netcom account which is much faster and a cd-rom differs 
>only as to time removed from the original posting. 

So, would you argue, on the same grounds, that you didn't believe that a
movie delivered into your home via a cable feed could be copyrighted?

How about a movie on a laser disk?

Do you understand that there's is a difference between personal use, which
does not infringe copyright, and redistribution, which does?

Are you _sure_ you're an attorney?

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From dwomack at runner.utsa.edu  Tue Feb  1 11:50:36 1994
From: dwomack at runner.utsa.edu (David L Womack)
Date: Tue, 1 Feb 94 11:50:36 PST
Subject: PGP
Message-ID: <9402011949.AA18718@runner.utsa.edu>


I was wondering if anyone has an answer to
a question on PGP....

About how many calculations does it take
to crack a 1024 bit key?  If someone
has limitless time, money, etc., they
can break it...but how many calculations
does it take?

Also, there is a password used to protect
the keyrings.  Assuming a strong password
how many calculations does that take to
break?

If there isn't some special method, an
assumption that leads nowhere, just how
much "brute force" effort is really required?

Thanks, Dave




From cknight at crl.com  Tue Feb  1 11:55:28 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 11:55:28 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.85.9402011400.A27297-0100000@netcom9>
Message-ID: <Pine.3.87.9402011113.A18730-0100000@crl.crl.com>




On Tue, 1 Feb 1994, Kirk Sheppard wrote:

> Regarding the archive I believe it was some company in Canada, I'm not 
> sure. There was a thread about this archiving question on another group I 
> suppose in the last three weeks. I can't remember where I saw it, if it 
> wasn't here. Sorry. And about "paying" for the cd-rom, I pay for the 
> usenet feed, and none of us who post are getting royalty payments from 
> any of the internet providers. So answer the question again, what is the 
> difference in paying an internet provider for access to usenet, and 
> paying a cd-rom provider for access to usenet? None materially, except 
> that the cd is not interactive, and some providers are (not all as in 
> bbs' that don't send e-mail to the internet, but have some usenet 
> groups.) There is no material difference that I can determine.

I'm just glad you are not a politician.

If all you are concerned with is "Material differnce", then you think 
it's perfectly ok for me to sell you a good copy of a magazine?  By your 
"logic" (loosely used), you had to pay for the copy, and you had to pay 
for the original, so what's the difference?  The difference is the WILL 
AND PERMISSION of the author!  As the author of this message, I willingly 
placed it within the net.  I HAVE NOT, NOR WILL NOT, GIVE FREE PERMISSION 
TO A CD-ROM PUBLISHING HOUSE TO PUBLISH MY WORK.

The basis of copyright law is the protection of the author's rights.  One 
of these rights is the choice of distribution.

Perhaps you should try writing for money sometime.  You might actually 
appreciate what you seem to be trying to tear apart.


-ck






From talon57 at well.sf.ca.us  Tue Feb  1 11:55:38 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Tue, 1 Feb 94 11:55:38 PST
Subject: clipper petition
Message-ID: <199402011952.LAA01629@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----

CPSR sends:

                Electronic Petition to Oppose Clipper  
                      Please Distribute Widely

>On January 24, many of the nation's leading experts in
>cryptography and computer security wrote President Clinton and
>asked him to withdraw the Clipper proposal.
  
>The public response to the letter has been extremely favorable,
>including coverage in the New York Times and numerous computer and
>security trade magazines.

>Many people have expressed interest in adding their names to the
>letter.  In  response to these requests, CPSR is organizing an
>Internet petition drive to oppose the Clipper proposal.  We will
>deliver the signed petition to the White House, complete with the
>names of all the people who oppose Clipper.

>To sign on to the letter, send a message to:

     Clipper.petition at cpsr.org

>with the message "I oppose Clipper" (no quotes)

>You will receive a return message confirming your vote.


- From noclipr at snyside.sunnyside.com Tue Feb  1 08:39:20 1994
Date: Tue, 1 Feb 1994 08:39:14 -0800
From: clipper.petition at snyside.sunnyside.com (via CPSR automation)
Subject: Your petition regarding opposition to Clipper
Apparently-To: Brian D Williams <talon57 at well.sf.ca.us>

Your name has been added to the petition asking President Clinton
to withdraw the Clipper proposal.

We will deliver the signed petition to the White House at the end
of the project. If you have any comments or questions, please email
us at clipper at washofc.cpsr.org.



  "We have not yet begun to Encrypt!!"



Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced comunication is
                  indistinguishable from noise." --Steve Witham
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU6xXtCcBnAsu2t1AQHs8wP/cpftWyNnUtvEBcp5SuY/YR9h45DO/W7H
VlgiVXf/aiOULr0dCMgJdu5BhoeV/C6MXEP0xfPNPSsk4JbpO2bn0yfcDLT69heU
9dGPE1ygVZsX4bOesk8s9eTaE+vSGpQcHXaotGrTWXo5Zsi7SFqdhraJEXFx9wnb
g6lln31WF1A=
=O1C5
-----END PGP SIGNATURE-----






From kshep at netcom.com  Tue Feb  1 12:05:27 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 12:05:27 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.87.9402011113.A18730-0100000@crl.crl.com>
Message-ID: <Pine.3.85.9402011412.A29897-0100000@netcom9>


Dear Mr. Knight,

I am not interested in "tearing apart" anything, I was just participating 
in a discussion. Ad hominem attacks are really unjustified. Even though 
you have a hard time understanding my arguments, I have refrained from 
calling you stupid, until now. You are not only stupid, but silly. "I'm 
glad your're not a politician" is a non-sequitur, and is certainly 
irrelevant to the discussion. Further, this whole discussion is entirely 
"academic", since there is absolutely no case law on this particular 
subject. So if you are so excited about it, collect your pennies and hire 
an attorney to enforce your copyright, I'm sure my brethern could use the 
business.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Chris Knight wrote:

> 
> 
> On Tue, 1 Feb 1994, Kirk Sheppard wrote:
> 
> > Regarding the archive I believe it was some company in Canada, I'm not 
> > sure. There was a thread about this archiving question on another group I 
> > suppose in the last three weeks. I can't remember where I saw it, if it 
> > wasn't here. Sorry. And about "paying" for the cd-rom, I pay for the 
> > usenet feed, and none of us who post are getting royalty payments from 
> > any of the internet providers. So answer the question again, what is the 
> > difference in paying an internet provider for access to usenet, and 
> > paying a cd-rom provider for access to usenet? None materially, except 
> > that the cd is not interactive, and some providers are (not all as in 
> > bbs' that don't send e-mail to the internet, but have some usenet 
> > groups.) There is no material difference that I can determine.
> 
> I'm just glad you are not a politician.
> 
> If all you are concerned with is "Material differnce", then you think 
> it's perfectly ok for me to sell you a good copy of a magazine?  By your 
> "logic" (loosely used), you had to pay for the copy, and you had to pay 
> for the original, so what's the difference?  The difference is the WILL 
> AND PERMISSION of the author!  As the author of this message, I willingly 
> placed it within the net.  I HAVE NOT, NOR WILL NOT, GIVE FREE PERMISSION 
> TO A CD-ROM PUBLISHING HOUSE TO PUBLISH MY WORK.
> 
> The basis of copyright law is the protection of the author's rights.  One 
> of these rights is the choice of distribution.
> 
> Perhaps you should try writing for money sometime.  You might actually 
> appreciate what you seem to be trying to tear apart.
> 
> 
> -ck
> 
> 






From kshep at netcom.com  Tue Feb  1 12:15:29 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 12:15:29 PST
Subject: Archiving mail-lists...
In-Reply-To: <Pine.3.87.9402011116.A18730-0100000@crl.crl.com>
Message-ID: <Pine.3.85.9402011524.A29897-0100000@netcom9>


Master Knight does seem a bit intolerant, doesn't he?

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Chris Knight wrote:

> 
> 
> On Tue, 1 Feb 1994, Jim choate wrote:
> 
> > I have to admit that I have broken your fair use copyright notice
> > inadvertantly.
> > 
> > I have stored an image of your message in the ram on my system which is not a
> > part of inet or usenet nor involved in any way with the transmission to other
> > nodes of such stored material.
> 
> Are you claiming to have sold your RAM, while still powered, for a 
> profit?  Knowing that it contained copyrighted work?  Shame on you.
> 
> 
> > Berne works great for paper, audio recordings, movies, etc. It does not work
> > for networked information transmission.
> 
> I'm sorry, I didn not realize I was talking to a supreme court justice.  
> Had I known you had the ultimate authority on this subject, I would not 
> have been wasting your time, or mine.
> 
> Perhaps we should try this.  You sell archives of the net, and we'll file 
> a class action suit...  I'll back up my beliefs with actions, how about you?
> 
> 
> -ck
> 
> 
> 






From jazz at hal.com  Tue Feb  1 12:25:27 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 12:25:27 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.85.9402011400.A27297-0100000@netcom9>
Message-ID: <9402012021.AA01756@jazz.hal.com>


> So answer the question again, what is the 
>difference in paying an internet provider for access to usenet, and 
>paying a cd-rom provider for access to usenet?

It's the difference between listening to the radio yourself and buying a
home-made tape of the radio program from someone else. The first is legal;
the second is, generally, not.

Better yet, it's the difference between watching a program on HBO when you
are getting that service legally (i.e. paying for it) and buying a tape of
the same program from a friend who has HBO. Whether or not you also have
legal access to HBO, the sale of the tape infringes on the copyright of the
program.

Jason





From mccoy at ccwf.cc.utexas.edu  Tue Feb  1 12:25:40 1994
From: mccoy at ccwf.cc.utexas.edu (Jim McCoy)
Date: Tue, 1 Feb 94 12:25:40 PST
Subject: archiving on inet
In-Reply-To: <9402011752.AA00225@jazz.hal.com>
Message-ID: <199402012023.AA26109@tramp.cc.utexas.edu>


Jason Zions <jazz at hal.com> writes:
> 
> > Others could argue that postings by their very nature, when posted 
> >become "public domain", and thus not copyrightable.
> 
> Not successfully in court, I should think. How is a posting any different
> than the production of a radio program which is distributed by
> store-and-forward satellite distribution and then played through the radio
> station and received at your home radio? [...]

It is the difference between "broadcast" and "interactive communication."
Tell me, if I call in to the talk show you are distribute as part of your
radio program, do _I_ now own the copyright to a portion of your show?

> >Finally what is the tangible difference between storing usenet postings 
> >on [any particular storage media]
>
> If you were a ligitimate recipient of the work in the first place (i.e. got
> it in a newsfeed) and you store those postings for your own use or for the
> use of others on that node in the store-and-forward network, then you can
> keep the work 'til the bits rot. Infringement occurs when you copy those
> bits onto some medium for some purpose other than store-and-forward
> propagation or the allowed fair-use exceptions; stuffing articles on a
> CD-ROM and selling them falls into neither category and hence is an
> infringement.

Buzzz.  According to your logic all that one needs to do is to change the
label on the order from from "Usenet articles on CD-ROM" to "Quarterly
Usenet Feed distributed on CD-ROM" and I am in the clear.  I am not selling
a collectoin containing your articles, I am providing a low-bandwidth
newsfeed to those who do not have the same level of connectivity you have
or that want the excitement of seeing thier newsfeed delivered over the
"original information superhighway" (aka postal services.)  It is still
store-and-forward, it is just store-forever-and-forward-not-so-often.

But under all the smoke and mirrors nothing changes the fact that I am
selling archives of the Usenet.  No amount of puffed up indignation is
going to change the fact that your Usenet posting or message to a mailing
list is of no real value to you and is honestly as free as a bird once it
hits the wire.

jim




From pmetzger at lehman.com  Tue Feb  1 12:30:38 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 1 Feb 94 12:30:38 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.87.9402011113.A18730-0100000@crl.crl.com>
Message-ID: <199402012029.PAA03234@snark>



Chris Knight says:
> If all you are concerned with is "Material differnce", then you think 
> it's perfectly ok for me to sell you a good copy of a magazine?  By your 
> "logic" (loosely used), you had to pay for the copy, and you had to pay 
> for the original, so what's the difference?  The difference is the WILL 
> AND PERMISSION of the author!  As the author of this message, I willingly 
> placed it within the net.  I HAVE NOT, NOR WILL NOT, GIVE FREE PERMISSION 
> TO A CD-ROM PUBLISHING HOUSE TO PUBLISH MY WORK.

Try to sue for damages when your work is available for free to
millions of people. The judge will laugh in your face, copyright or
no. Damages are, after all, related to lost revenue -- if you allow
anyone who wants to see something for free in one medium, you will
have a fucking hard time to keep them from examining it in another
equivalent medium. Usenet is NOT a magazine. Failing to put a
copyright notice in your work destroys whats left of your ability to
do anything. I'm sure you can pay a lawyer to sue for you, but this
isn't exactly one anyone is going to take on contingency.

.pm





From nate at VIS.ColoState.EDU  Tue Feb  1 12:35:27 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Tue, 1 Feb 94 12:35:27 PST
Subject: new, improved remailer GUI
Message-ID: <9402012034.AA04618@vangogh.VIS.ColoState.EDU>


-----BEGIN PGP SIGNED MESSAGE-----



I have added some features to the remailer GUI I built in Mosaic.

It now has a radio button for choosing to use the CP remailers,
and toggle switches for selecting remailers.  It's also been moved,
and the old one is no longer there, so don't use it.

it's new location is:

http://monet.vis.colostate.edu/~nate/mailer.html

Give it a try, and tell me what you think.  BTW, this one is
fully open for business, so use it as much as you like!

- -nate

- -- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From kshep at netcom.com  Tue Feb  1 12:35:39 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 12:35:39 PST
Subject: Archiving mail-lists...
In-Reply-To: <Pine.3.87.9402011116.A18730-0100000@crl.crl.com>
Message-ID: <Pine.3.85.9402011507.A5791-0100000@netcom9>


On Tue, 1 Feb 1994, Chris Knight wrote:

<Perhaps we should try this.  You sell archives of the net, and we'll file
<a class action suit...  I'll back up my beliefs with actions, how about you?
 

This appears to be merely hot air, since despite all his talk Master 
Knight hasn't taken any "action" and it is doubtful that he has the money 
or other "necessities" requisite for doing so. Also, notice the term 
"beliefs", which explains a lot. I thought were were having a discussion 
on a legal or academic basis, not one involving religeous or 
philosophical "beliefs" or faith.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Chris Knight wrote:

> 
> 
> On Tue, 1 Feb 1994, Jim choate wrote:
> 
> > I have to admit that I have broken your fair use copyright notice
> > inadvertantly.
> > 
> > I have stored an image of your message in the ram on my system which is not a
> > part of inet or usenet nor involved in any way with the transmission to other
> > nodes of such stored material.
> 
> Are you claiming to have sold your RAM, while still powered, for a 
> profit?  Knowing that it contained copyrighted work?  Shame on you.
> 
> 
> > Berne works great for paper, audio recordings, movies, etc. It does not work
> > for networked information transmission.
> 
> I'm sorry, I didn not realize I was talking to a supreme court justice.  
> Had I known you had the ultimate authority on this subject, I would not 
> have been wasting your time, or mine.
> 
> Perhaps we should try this.  You sell archives of the net, and we'll file 
> a class action suit...  I'll back up my beliefs with actions, how about you?
> 
> 
> -ck
> 
> 






From jazz at hal.com  Tue Feb  1 12:35:41 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 12:35:41 PST
Subject: archiving on inet
In-Reply-To: <199402012023.AA26109@tramp.cc.utexas.edu>
Message-ID: <9402012033.AA01805@jazz.hal.com>


>It is the difference between "broadcast" and "interactive communication."
>Tell me, if I call in to the talk show you are distribute as part of your
>radio program, do _I_ now own the copyright to a portion of your show?

This is an interesting point of discussion. The question becomes one of
determining what the protected work is. Given that it is a call-in show, the
entire show would be a protected work and its copyright would belong to the
show's creator. I do not know if you retain copyright in the small part of
the work which represents your own intellectual property (i.e. what you
say), but I suspect it could be argued that you gave your permission to
broadcast your work when you called in to begin with. It gets murkier to me
with respect to compensation from the sale of transcripts or recordings.
Mike, is there case law here?

>But under all the smoke and mirrors nothing changes the fact that I am
>selling archives of the Usenet.  No amount of puffed up indignation is
>going to change the fact that your Usenet posting or message to a mailing
>list is of no real value to you and is honestly as free as a bird once it
>hits the wire.

We differ on the use of the word "honestly". In practice, enforcement is
well-nigh impossible; nonetheless, according to the letter of the law, my
words are my property to do with as I see fit. If I state that they may not
be recorded on optical media, the law requires you to honor that.

Jason

Copyright 1994 Jason Zions. Copying for the purpose of propagation of the
Cypherpunks mailing list in email or usenet news form is permitted, except
no copy shall be made in permanent optical storage media without the express
permission of the author. All other rights reserved.





From warlord at MIT.EDU  Tue Feb  1 12:45:27 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 1 Feb 94 12:45:27 PST
Subject: PGP
In-Reply-To: <9402011949.AA18718@runner.utsa.edu>
Message-ID: <9402012041.AA12750@toxicwaste.media.mit.edu>


Well, I don't know exactly how many calculations are necessary,
but I've seen some posts that have given general numbers...

Let me give some examples to try to answer your question.
Currently, we estimate about 2500 MIP-years have gone into
trying to factor RSA129 (about 425 bits).  We estimate we
are about 60% through... The whole project taking about 5000 
MIP-years.

Figure that every ten decimal digits adds one order of magnitude. 
So, a 512-bit (~155-digit) key would require about 5e7 MIP-years.  
And a 1024-bit key would require approximately 5e22 MIP-years.  
(These are approximations -- please do not quote these numbers).

Brute-forcing IDEA takes about as much computation as factoring
something between a 1200 and 3000 bit RSA key (I've heard both
numbers, but I don't know the numbers).  So, in the current
implementation, RSA is the weak link!

Since the passphrase is just a hash to an IDEA key, breaking the
secret ring is as hard as either dictionary attacking the key, or
breaking IDEA, which is harder than factoring the RSA key, given
current knowledge about the algorithms.

I hope this answers your questions.  If someone has real numbers
to put in here, please update mine!

-derek






From kshep at netcom.com  Tue Feb  1 12:45:39 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 12:45:39 PST
Subject: archiving on inet
In-Reply-To: <9402012021.AA01756@jazz.hal.com>
Message-ID: <Pine.3.85.9402011548.A5791-0100000@netcom9>


This is not an accurate comparison. A posting on usenet is not the same 
item as a program on HBO or the radio. In what way does my internet provider 
(netcom) have a "legal" distribution of usenet news, while a cd-rom 
provider does not? HBO has paid for the use of the programs it broadcasts 
that are produced by others, hence they have a contract between 
themselves and the owners of the copyright. No providers of usenet news 
have any agreements between themselves and the posters regarding 
copyrights. Netcom and all the other internet providers receive postings 
"free" and a cd-rom manufacturer has the same "right" to use postings as 
any other internet provider.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Jason Zions wrote:

> > So answer the question again, what is the 
> >difference in paying an internet provider for access to usenet, and 
> >paying a cd-rom provider for access to usenet?
> 
> It's the difference between listening to the radio yourself and buying a
> home-made tape of the radio program from someone else. The first is legal;
> the second is, generally, not.
> 
> Better yet, it's the difference between watching a program on HBO when you
> are getting that service legally (i.e. paying for it) and buying a tape of
> the same program from a friend who has HBO. Whether or not you also have
> legal access to HBO, the sale of the tape infringes on the copyright of the
> program.
> 
> Jason
> 






From cknight at crl.com  Tue Feb  1 13:05:28 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 13:05:28 PST
Subject: Why is Chris Knight a Twerp?
In-Reply-To: <Pine.3.85.9402011507.A29897-0100000@netcom9>
Message-ID: <Pine.3.87.9402011257.A2238-0100000@crl.crl.com>



It sure was short trip for you to go from person to prick.

My "attacks" have been on your logic.  Something that has always been a 
prime goal of a debate.  Lacking anything intellignet to say, you resort 
to the text quoted below, and your attempted personal slight of refering 
to me as "Master Knight" in your current posts.

Is there any chance that this will get back to the discussion at hand, or 
are you tired of this toy and trying to find something else to play with?

If all you have left is attacks, name calling, and rudeness, perhaps you 
should find other toys and leave the discussions to adults.

-ck

On 
Tue, 1 Feb 1994, Kirk Sheppard wrote:

> Dear Stupid,
> 
> Why you are intent on attacking me for no reason is beyond me. I didn't 
> attack you personally, what is the matter with you? Also I am not 
> interested in gratuitous advice regarding "trying to write sometime". I 
> can see why you might be bitter as you obviously lack the intelligence 
> and education to make much money writing. 
> 
> Kirk Sheppard
> 
> kshep at netcom.com
> 
> P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
> Bethesda, MD 20824-0911      Live On Your Knees."
> U.S.A.
> 			    			     - Emiliano Zapata
> 
> 
> 






From pmetzger at lehman.com  Tue Feb  1 13:05:39 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 1 Feb 94 13:05:39 PST
Subject: archiving on inet
In-Reply-To: <9402012021.AA01756@jazz.hal.com>
Message-ID: <199402012103.QAA03285@snark>



Jason Zions says:
> > So answer the question again, what is the 
> >difference in paying an internet provider for access to usenet, and 
> >paying a cd-rom provider for access to usenet?
> 
> It's the difference between listening to the radio yourself and buying a
> home-made tape of the radio program from someone else. The first is legal;
> the second is, generally, not.

The reason selling a tape of a radio show isn't legal is because then
you can play it as often as you like. On the other hand, usenet is
already distributed in a form that lets you read the messages as often
as you like. You can archive them forever, and in fact thats part of
the news software.

.pm





From kshep at netcom.com  Tue Feb  1 13:05:43 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 13:05:43 PST
Subject: archiving on inet
In-Reply-To: <9402011948.AB17603@federal-excess.apple.com>
Message-ID: <Pine.3.85.9402011555.A9978-0100000@netcom9>


Dear Master Lefty,

You too, have fallen into the same trap, as Master Knight, i.e.,  ad hominem 
attacks, unprovoked, launched merely because I disagree with you. As to 
your arguments, no I don't think you have followed my logic at all, and I 
certainly cannot follow or agree with your assertions. My point is that 
the redistribution of usenet postings by  Netcom, my local bbs, me on my 
hard disk to others for pay or not, or by cd-rom are not different and it 
is just as legal for Netcom to charge me for providing me a usenet feed 
as it is legal for a cd-rom manufacturer to do the same, neither is 
paying us a dime nor are they obligated to do so. Personal use is not at 
all relevant. Netcom, Delphi are copying and providing usenet newsfeeds 
as a commercial service, without paying any royalties to the authors of 
the usenet postings. And we can all do the same and use any medium we 
want to  whether you or Master Knight like it or understand it.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Lefty wrote:

> >Usenet copyrightable? I still doubt it. Of course, the only way to 
> >find out is to file a very expensive lawsuit. Most posters would not find 
> >their postings worth the expense to sue on copyright. Only a very rich 
> >dilletante, or someone less rich who is a fanatic on the subject is 
> >likely to do so.  Also, you would have a hard time answering the 
> >difference between charging for a usenet feed and charging for a cd-rom, 
> >again I see little difference except that one is more prompt in time than 
> >the other. But, again, my newsfeed from a BBS which might be 24 hrs 
> >delayed, and my netcom account which is much faster and a cd-rom differs 
> >only as to time removed from the original posting. 
> 
> So, would you argue, on the same grounds, that you didn't believe that a
> movie delivered into your home via a cable feed could be copyrighted?
> 
> How about a movie on a laser disk?
> 
> Do you understand that there's is a difference between personal use, which
> does not infringe copyright, and redistribution, which does?
> 
> Are you _sure_ you're an attorney?
> 
> --
> Lefty (lefty at apple.com)
> C:.M:.C:., D:.O:.D:.
> 
> 
> 






From mnemonic at eff.org  Tue Feb  1 13:10:40 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 1 Feb 94 13:10:40 PST
Subject: archiving on inet
In-Reply-To: <9402012033.AA01805@jazz.hal.com>
Message-ID: <199402012105.QAA11615@eff.org>


 
Jim writes:

> I do not know if you retain copyright in the small part of
> the work which represents your own intellectual property (i.e. what you
> say), but I suspect it could be argued that you gave your permission to
> broadcast your work when you called in to begin with. It gets murkier to me
> with respect to compensation from the sale of transcripts or recordings.
> Mike, is there case law here?

Not to my knowledge. But there's no disputing among lawyers that copyright
law applies.


--Mike







From kshep at netcom.com  Tue Feb  1 13:15:29 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 13:15:29 PST
Subject: archiving on inet
In-Reply-To: <199402012023.AA26109@tramp.cc.utexas.edu>
Message-ID: <Pine.3.85.9402011602.A9978-0100000@netcom9>


Well said, Jim.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Jim McCoy wrote:

> Jason Zions <jazz at hal.com> writes:
> > 
> > > Others could argue that postings by their very nature, when posted 
> > >become "public domain", and thus not copyrightable.
> > 
> > Not successfully in court, I should think. How is a posting any different
> > than the production of a radio program which is distributed by
> > store-and-forward satellite distribution and then played through the radio
> > station and received at your home radio? [...]
> 
> It is the difference between "broadcast" and "interactive communication."
> Tell me, if I call in to the talk show you are distribute as part of your
> radio program, do _I_ now own the copyright to a portion of your show?
> 
> > >Finally what is the tangible difference between storing usenet postings 
> > >on [any particular storage media]
> >
> > If you were a ligitimate recipient of the work in the first place (i.e. got
> > it in a newsfeed) and you store those postings for your own use or for the
> > use of others on that node in the store-and-forward network, then you can
> > keep the work 'til the bits rot. Infringement occurs when you copy those
> > bits onto some medium for some purpose other than store-and-forward
> > propagation or the allowed fair-use exceptions; stuffing articles on a
> > CD-ROM and selling them falls into neither category and hence is an
> > infringement.
> 
> Buzzz.  According to your logic all that one needs to do is to change the
> label on the order from from "Usenet articles on CD-ROM" to "Quarterly
> Usenet Feed distributed on CD-ROM" and I am in the clear.  I am not selling
> a collectoin containing your articles, I am providing a low-bandwidth
> newsfeed to those who do not have the same level of connectivity you have
> or that want the excitement of seeing thier newsfeed delivered over the
> "original information superhighway" (aka postal services.)  It is still
> store-and-forward, it is just store-forever-and-forward-not-so-often.
> 
> But under all the smoke and mirrors nothing changes the fact that I am
> selling archives of the Usenet.  No amount of puffed up indignation is
> going to change the fact that your Usenet posting or message to a mailing
> list is of no real value to you and is honestly as free as a bird once it
> hits the wire.
> 
> jim
> 






From mnemonic at eff.org  Tue Feb  1 13:25:28 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 1 Feb 94 13:25:28 PST
Subject: archiving on inet
In-Reply-To: <199402012029.PAA03234@snark>
Message-ID: <199402012121.QAA11869@eff.org>


> 
 
> Try to sue for damages when your work is available for free to
> millions of people. The judge will laugh in your face, copyright or
> no. Damages are, after all, related to lost revenue -- if you allow
> anyone who wants to see something for free in one medium, you will
> have a fucking hard time to keep them from examining it in another
> equivalent medium.

One can register the work and sue for statutory damages and attorneys'
fees. No need to prove damages in such a case.

If the Copyright Act is amended this year, it may be that one need not
even register the work.


--Mike


 





From cknight at crl.com  Tue Feb  1 13:25:41 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 13:25:41 PST
Subject: Why is Chris Knight a Twerp and an Idiot?
In-Reply-To: <Pine.3.85.9402011618.A9978-0100000@netcom9>
Message-ID: <Pine.3.87.9402011317.A2238-0100000@crl.crl.com>




On Tue, 1 Feb 1994, Kirk Sheppard wrote:

> Dear Master Knight,
> 
> You have a double standard, or a bad memory. Saying "I'm glad your'e not 
> a politician" is most definitly a personal attack on me, not my 
> arguments. 

An incorrect jump of conclusions.  This was a comment on your arguments.  
I would not sleep well at night if the arguemnts you use were helping to 
write the laws regarding copyright and intelectual property.

> You became a prick first, and I am happy to join in. 

Happy?  Perhaps "At Home" is a better turn of phrase.  If fact, it seems 
you were looking for an excuse to switch to flame mode.

> If you look at the thread carefully you will see that you made the ad hominem 
> attack first, I do admit in joining you in the gutter however. Also, I 
> really don't care what you're thoughts are? Why should I. 

Why should you care?  I would like to end this useless chatter and go 
back to the discussion.  It appears that you do not.


> Just stop calling names when it hasn't been done to you. Or didn't your're 
mother and father teach you that, Master Knight?

It hadn't?  OOPS!  I guess I misread the subject of this message...  
Seems you have the thread confused.


-ck






From jazz at hal.com  Tue Feb  1 13:25:45 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 13:25:45 PST
Subject: archiving on inet
In-Reply-To: <199402012103.QAA03285@snark>
Message-ID: <9402012121.AA01984@jazz.hal.com>


>The reason selling a tape of a radio show isn't legal is because then
>you can play it as often as you like.

Even if you made play-once-and-then-self-destruct tapes like on Mission
Impossible, selling them would still be illegal. You've made an unauthorized
copy, plain and simple.

>You can archive them forever, and in fact thats part of the news software.

Yes, you, a recipient, can archive them forever. You *cannot* distribute
that archive in any form whatsoever.

I'm struggling with drawing an appropriate distinction between CD-ROM as
newsfeed medium and CD-ROM as archive medium. If a newsfeed provider sent
you a quarterly newsfeed on CD-ROM which you then fed into your normal news
system as if it were a live feed, after which you broke the CD-ROM; that
looks like a high-bandwidth-delay-product newsfeed. If a provider sent you a
quarterly newsfeed in Cnews directory form which you then mounted onto your
news system, I'd buy that as a newsfeed. If the provider sent to a newsfeed
in Cnews form which you mounted someplace other than as a part of the news
system - now an archive has been created and sold. But if you mounted it as
part of Cnews and then copied it via news onto your own CD-ROM drive, then
it seems like it'd be a personal archive.

No one said this was gonna be easy. It seems like I'm swallowing camels and
straining out flies, but these flies are camel-sized.

Jason

Copyright 1994 Jason Zions. Copying or retransmission for the purpose of
propagation of the Cypherpunks mailing list in email or newsfeed form is
permitted, except that no copy may be made on any permanent digital optical
storage medium.





From pmetzger at lehman.com  Tue Feb  1 13:25:46 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 1 Feb 94 13:25:46 PST
Subject: Archiving mail-lists...
In-Reply-To: <Pine.3.85.9402011507.A5791-0100000@netcom9>
Message-ID: <199402012121.QAA03308@snark>



Kirk Sheppard says:
> On Tue, 1 Feb 1994, Chris Knight wrote:
> 
> <Perhaps we should try this.  You sell archives of the net, and we'll file
> <a class action suit...  I'll back up my beliefs with actions, how about you?
> 
> This appears to be merely hot air, since despite all his talk Master 
> Knight hasn't taken any "action" and it is doubtful that he has the money 
> or other "necessities" requisite for doing so. Also, notice the term 
> "beliefs", which explains a lot. I thought were were having a discussion 
> on a legal or academic basis, not one involving religeous or 
> philosophical "beliefs" or faith.

Archives of the net are already being sold. Furthermore, some folks at
the FBI got a newsfeed from uunet years ago by magtape when they
didn't have a direct uucp link. I'd say that anyone who thinks they
can actually succeed at such a suit is welcome to try, but I wouldn't
break a sweat worrying about it.

Yes, you have a copyright over your work -- however, once you've
posted it to the net it is likely practically impossible to restrict
distribution. Since you've already allowed it to be distributed on
demand to anyone for free it is hard to claim damages if it is
distributed to anyone via some medium you don't like.

Archives of all of usenet already exist. I was talking with Eric Fair
at Usenix about using a Cray at Apple to produce an index of all
usenet traffic thus far -- it likely won't happen, but those worried
about such possibilities are welcome to have their lawyers send me
nasty letters.

If you want your stuff to have limited distribution, you have to make
a conscious effort to limit distribution or you have likely lost all
cause of action. Posting to the net is likely implicit concent to
unlimited distribution, since it is in fact what will happen and you
have no reasonable expectation of anything else.

Perry





From pmetzger at lehman.com  Tue Feb  1 13:30:41 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 1 Feb 94 13:30:41 PST
Subject: archiving on inet
In-Reply-To: <199402012121.QAA11869@eff.org>
Message-ID: <199402012126.QAA03329@snark>



Mike Godwin says:
> > Try to sue for damages when your work is available for free to
> > millions of people. The judge will laugh in your face, copyright or
> > no. Damages are, after all, related to lost revenue -- if you allow
> > anyone who wants to see something for free in one medium, you will
> > have a fucking hard time to keep them from examining it in another
> > equivalent medium.
> 
> One can register the work and sue for statutory damages and attorneys'
> fees. No need to prove damages in such a case.

Absolutely true, but one has to say "Copyright" in the work in such a
case. Virtually no usenet work has that magic word in it. From what I
understand, if you don't say "Copyright" they can stop you in court
but there is a presumption going for the defendant.

Perry





From lefty at apple.com  Tue Feb  1 13:30:44 1994
From: lefty at apple.com (Lefty)
Date: Tue, 1 Feb 94 13:30:44 PST
Subject: archiving on inet
Message-ID: <9402012115.AA22993@internal.apple.com>


Kirk "I Can't Believe It's a Law Firm!" Sheppard astounds me by posting
>
>This book analogy is not accurate. It is my contention that usenet 
>postings are not copyrighted.  Our postings are not disseminated like a book...

Immaterial.  What on earth does "like a book" mean?  Do you contend that
only works printed on paper can have copyright protection, or only works
which are sold in bookstores, or only works which are bound in signatures?

As a trivial counterexample, movies broadcast over cable and songs played
on the radio retain copyright, without any question or doubt.  They aren't
"disseminated like a book", either.

>we are paid nothing for the use of our postings on the multitude 
>of machines that our postings appear.

Are you suggesting that there is any connection whatsoever between the
ability to copyright a given work and some third party's willingness to pay
for it?

Are you claiming that if I write a book and decide to give copies away
rather than sell them that my work is thereby not copyrighted?  If so,
you're clearly and without any doubt whatsoever in error.

Are you _positive_ you're a lawyer?

>Or, in the alternative, if copyrighted, by posting them in the electronic
>>ether, we give up most of our rights regarding dissemination, copying etc.

Aha.  This would explain why there's no legal problem with my recording the
complete works of the Beatles off the radio and then reselling them, no
doubt.

>Perhaps we may still 
>have some residual rights regarding accuracy and the like. Also the 
>posting regarding the legal blurbs on software, really was off point, 
>since what they they were refering to was a "license", and again there is 
>some doubt about how enforceable the individual licenses that the 
>software companies give. That is, some of these licenses may have 
>provisions that are not enforceable.

So, let's see here.

Let's say, for the sake of argument, that I'm Stephen King.

I write a book, using a word processing program on my computer, and saving
the results to a magmeto-optical disk.  Is it copyrighted?  Clearly, it is.

I sell the book to a publisher, who prints it onto paper, sews the paper
into signatures, binds it between covers, and sells several million
instantiations of this book to B. Dalton's.  Is it still copyrighted? 
Clearly, it is.

THe publisher takes a copy of my magneto-optical disk, adds some support
software licensed from Voyager, Inc., and presses a CD-ROM version of my
book.  Is it still copyrighted?  Clearly, it is.

At the same time, I distribute several long sections of the book, via
email, to a private mailing list of friends.  Is the book still
copyrighted?  Clearly, it is.

OK, now, here's the tough one.  I give one of my friend's permission to
post a long (i.e. clearly too long to constitute "fair use") section of
this book to rec.arts.books, with a copyright notice prominently displayed
at the very beginning of the posting, i.e.

          Copyright (c) 1994 by Stephen King.  All rights reserved.

You claim that this posting, suddenly and magically, no longer enjoys
copyright protection.  On what basis?

To approach this issue in another way, I wonder whether you're familiar
with "Internet Talk Radio", a scheme wherein voice broadcasts can be done
over the Internet.  If I were to pay the appropriate fees to ASCAP to allow
me to broadcast a song by Pearl Jam over Internet Talk Radio, are you
claiming that Pearl Jam's copyright to _their_ _own_ _music_ would be
destroyed by _my_ having played it back over this medium?  This would
clearly seem to be your contention.

I think you need to give this a wee bit more thought, Kirk.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From pmetzger at lehman.com  Tue Feb  1 13:35:29 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 1 Feb 94 13:35:29 PST
Subject: archiving on inet
In-Reply-To: <9402012121.AA01984@jazz.hal.com>
Message-ID: <199402012131.QAA03337@snark>



Jason Zions says:
> >You can archive them forever, and in fact thats part of the news software.
> 
> Yes, you, a recipient, can archive them forever. You *cannot* distribute
> that archive in any form whatsoever.

The news software is explicitly designed to allow remote hosts to
request articles from each other.  Article numbers are never reused --
I can just use a nasty hierarchical storage system to keep all the
news articles I ever receive online.  So, how can you reconcile the
existance of the news software with your quaint notions? Are you
claiming that CNews and INN break the law? Are you claiming usenet is
illegal or something?

> I'm struggling with drawing an appropriate distinction between CD-ROM as
> newsfeed medium and CD-ROM as archive medium.

Maybe you are struggling because there is no reasonable way to make
the distinction?

> Copyright 1994 Jason Zions. Copying or retransmission for the purpose of
> propagation of the Cypherpunks mailing list in email or newsfeed form is
> permitted, except that no copy may be made on any permanent digital optical
> storage medium.

Well, you can now sue all the people who back up their home
directories nightly to optical disk. I believe all the folks at Bell
Labs who use Plan-9 are now in violation of your "copyright".

Perry





From lefty at apple.com  Tue Feb  1 13:35:40 1994
From: lefty at apple.com (Lefty)
Date: Tue, 1 Feb 94 13:35:40 PST
Subject: archiving on inet
Message-ID: <9402012127.AA23182@internal.apple.com>


>You too, have fallen into the same trap, as Master Knight, i.e.,  ad hominem 
>attacks, unprovoked, launched merely because I disagree with you.

Please feel free to identify the "ad hominem attack" to which you're
referring.  I _have_ questioned your claim to be an attorney, largely
because I do not believe that anyone could manage to pass a bar exam while
being so utterly ignorant of the basest rudiments of copyright law.

>As to 
>your arguments, no I don't think you have followed my logic at all, and I 
>certainly cannot follow or agree with your assertions.

I found no logic in your postings.  This explains, I think, my inability to
follow it.  I suspect that there are other explanations for _your_
inability to follow, or respond to, _my_ assertions.

>My point is that 
>the redistribution of usenet postings by  Netcom, my local bbs, me on my 
>hard disk to others for pay or not, or by cd-rom are not different and it 
>is just as legal for Netcom to charge me for providing me a usenet feed 
>as it is legal for a cd-rom manufacturer to do the same, neither is 
>paying us a dime nor are they obligated to do so.
>
>Personal use is not at all relevant.

No!?  How is it, then, that _I_ can copy a movie legally from HBO but I
can't legally sell the tape to you, eh?

>Netcom, Delphi are copying and providing usenet newsfeeds 
>as a commercial service, without paying any royalties to the authors of 
>the usenet postings. And we can all do the same and use any medium we 
>want to  whether you or Master Knight like it or understand it.

None of which has anything, specifically, to do with copyright.

Do you understand the concept of "intellectual property" in the least?

Are you absolutely, positively, thoroughly _certain_ you're a lawyer?

(Hey, can I repost that private email you sent me?  I'm sure the list would
_love_ to see so deeply reasoned and clearly thought out an argument. 
Besides, you don't believe that it's copyrighted, do you?)

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From cknight at crl.com  Tue Feb  1 13:40:41 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 13:40:41 PST
Subject: archiving on inet
In-Reply-To: <199402012029.PAA03234@snark>
Message-ID: <Pine.3.87.9402011355.A2238-0100000@crl.crl.com>




On Tue, 1 Feb 1994, Perry E. Metzger wrote:

> Try to sue for damages when your work is available for free to
> millions of people. The judge will laugh in your face, copyright or
> no. Damages are, after all, related to lost revenue 

Lost revenue can be measured in more than one way.  Besides estimated 
loss of sales, it can be measured in profit earned by the defendant.  If 
an author published a story in a magazine once, and never intends to 
publish it again, this does not give you the right to sell his story 
because he wasn't going to be making money on it anywhay.


> anyone who wants to see something for free in one medium, you will 
> have a fucking hard time to keep them from examining it in another
> equivalent medium. 

Profanity aside, that's not an entirely logical arguemnt.  There are 
plenty of free publications in the US that contain copyrighted work.  
Publishing in a "free medium" does not strip your rights.


-ck






From mnemonic at eff.org  Tue Feb  1 13:40:44 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 1 Feb 94 13:40:44 PST
Subject: archiving on inet
In-Reply-To: <199402012126.QAA03329@snark>
Message-ID: <199402012139.QAA12055@eff.org>


 
Perry writes:

> Mike Godwin says:
> > > Try to sue for damages when your work is available for free to
> > > millions of people. The judge will laugh in your face, copyright or
> > > no. Damages are, after all, related to lost revenue -- if you allow
> > > anyone who wants to see something for free in one medium, you will
> > > have a fucking hard time to keep them from examining it in another
> > > equivalent medium.
> > 
> > One can register the work and sue for statutory damages and attorneys'
> > fees. No need to prove damages in such a case.
> 
> Absolutely true, but one has to say "Copyright" in the work in such a
> case.

This is not true.

> Virtually no usenet work has that magic word in it. From what I
> understand, if you don't say "Copyright" they can stop you in court
> but there is a presumption going for the defendant.

May have been true in the old days, but it isn't true now.


--Mike







From cknight at crl.com  Tue Feb  1 13:50:41 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 13:50:41 PST
Subject: Archiving mail-lists...
In-Reply-To: <Pine.3.85.9402011507.A5791-0100000@netcom9>
Message-ID: <Pine.3.87.9402011307.A2238-0100000@crl.crl.com>




On Tue, 1 Feb 1994, Kirk Sheppard wrote:

> On Tue, 1 Feb 1994, Chris Knight wrote:
> 
> <Perhaps we should try this.  You sell archives of the net, and we'll file
> <a class action suit...  I'll back up my beliefs with actions, how about you?
>  
> 
> This appears to be merely hot air, since despite all his talk Master 
> Knight hasn't taken any "action" and it is doubtful that he has the money 
> or other "necessities" requisite for doing so. 

And what sort of action am I supposed to take?  This was, to my knowledge a 
discussion.  And who is this "Master Knight"?


> Also, notice the term 
> "beliefs", which explains a lot. I thought were were having a discussion 
> on a legal or academic basis, not one involving religeous or 
> philosophical "beliefs" or faith.

All of us, including yourself Mr. Sheppard, have been discussing 
theoretical law and rights.  Until it is tried in court, we are all 
stating how we BELIEVE it will go.  This has nothing to do with religion, 
or philosophy; merely interpretation of law.


-ck






From kshep at netcom.com  Tue Feb  1 14:10:41 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 14:10:41 PST
Subject: Archiving mail-lists...
In-Reply-To: <Pine.3.87.9402011307.A2238-0100000@crl.crl.com>
Message-ID: <Pine.3.85.9402011739.A14632-0100000@netcom9>


"Master" is the term one uses in place of "Mister" or "Mr." when politely 
addressing a male, under the age of majority.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Chris Knight wrote:

> 
> 
> On Tue, 1 Feb 1994, Kirk Sheppard wrote:
> 
> > On Tue, 1 Feb 1994, Chris Knight wrote:
> > 
> > <Perhaps we should try this.  You sell archives of the net, and we'll file
> > <a class action suit...  I'll back up my beliefs with actions, how about you?
> >  
> > 
> > This appears to be merely hot air, since despite all his talk Master 
> > Knight hasn't taken any "action" and it is doubtful that he has the money 
> > or other "necessities" requisite for doing so. 
> 
> And what sort of action am I supposed to take?  This was, to my knowledge a 
> discussion.  And who is this "Master Knight"?
> 
> 
> > Also, notice the term 
> > "beliefs", which explains a lot. I thought were were having a discussion 
> > on a legal or academic basis, not one involving religeous or 
> > philosophical "beliefs" or faith.
> 
> All of us, including yourself Mr. Sheppard, have been discussing 
> theoretical law and rights.  Until it is tried in court, we are all 
> stating how we BELIEVE it will go.  This has nothing to do with religion, 
> or philosophy; merely interpretation of law.
> 
> 
> -ck
> 
> 






From mcb at net.bio.net  Tue Feb  1 14:10:45 1994
From: mcb at net.bio.net (Michael C. Berch)
Date: Tue, 1 Feb 94 14:10:45 PST
Subject: archiving on inet
Message-ID: <9402012207.AA29009@net.bio.net>


Jason Zion writes:
> Yep. When you're providing a netnews feed, you're acting as a node in a
> store-and-forward network. A CD-ROM is not a part of a store-and-forward
> network; it is a permanently fixed repository of information. You can't hold
> up a netnews feed in a courtroom and point at it saying "there it is"; you
> *can* do so with a CD-ROM.
> 
>    So I suppose you want to give some
>    kind of list of what types of media are acceptable for transmitting
>    netnews feeds, and which are not?

You seem awfully confident about something that has never, to my
knowledge, been litigated at the appellate level.  The difference you
posit between a netnews feed and a CD-ROM seems very tenuous to me --
not the kind of thing I would feel supreme confidence in trying to
convince a judge of.  As far as "holding something up" and saying
"there it is", I could do the same thing in court with a hard disk
containing a news spool and a CD-ROM drive containing a CD with a copy
of a news feed.  Set up two windows side-by side and they have the
same article in them, right down to the Message-ID, byte count, even a
CRC or SNEFRU checksum.  *Now* try to convince the court they are
different animals for copyright purposes...

> A CD-ROM isn't a medium for transmitting netnews feeds; it's a permanently
> fixed copy of the contents of such a feed. Static versus dynamic; permanent,
> ephemeral. Is this hard to understand?

Yes, very.  And I have been in computing since 1975 and a licensed
attorney since 1981.  So I think it is fair to say that if I find this
murky and confusing, and believe that copyright law does not divide these
types of cases into neat little boxes, then others may as well.

>    The plain and simple fact is: When you post a message to usenet, you do
>    so with the expectation that others will receive it.  You can have no
>    way of knowing or limiting who may get it; that is given by the nature
>    of the network.  Usenet news is, and is intended to be, publicly
>    accessable information.  If there is something you don't want
>    distributed, then DON'T POST IT!
> 
> Learn a little about law; while you're at it, learn a little about usenet.
> When you post a message to usenet, you have tossed it into a flood-routed
> store-and-forward network. You implicitly give permission for copying
> appropriate to the propagation of messages in that network. You neither
> grant permission nor withhold permission for Fair Use. Everything else,
> though, is not granted unless explicitly granted.
> 
> If I post a message, under the terms of the Berne Convention and current US
> copyright law, a recipient was not granted the right to print a copy and
> publish it in a book. What makes you think I granted them permission to
> publish a copy in a CD-ROM? The only permission I granted was that they
> could (a) read it and (b) forward it via usenet protocols.

Except that it is extremely difficult to put one's finger on "Usenet
protocols".  *Most* people are using (for example) RFC1036-compliant
Netnews article formats and either NNTP or UUCP for transport.  BUT,
this certainly does not apply to everybody -- some people read
newsgroups as e-mail (SMTP, UUCP, QuickMail, cc:mail, Lotus Notes,
etc.).  Some people receive netnews feeds in the form of magnetic
tape; some as large batched file transmissions on IBM mainframe
networks.  Some get news articles via friends who operate informal
"clipping services" and save and print articles of interest and send
them via snail-mail.  Some people archive newsgroups and put them on
FTP/gopher/WWW/WAIS server where they may be indexed and  retrieved 
years later.  

I would not want to have the burden of convincing a court that any of
these are beyond the purview of "Usenet" and thus, in your scheme,
implicitly copyright infringements.

It is not that I vehemently disagree with any of the points made
above -- who knows what will eventually evolve as a legal standard? --
I just think that it is a wildly unsettled area and pronouncements
of bright-line criteria in the absence of relevant legislation *or*
jurisprudence is fatuous at best.

--
Michael C. Berch
mcb at net.bio.net / mcb at postmodern.com






From lefty at apple.com  Tue Feb  1 14:15:28 1994
From: lefty at apple.com (Lefty)
Date: Tue, 1 Feb 94 14:15:28 PST
Subject: archiving on inet
Message-ID: <9402012201.AA23756@internal.apple.com>


>This is not an accurate comparison. A posting on usenet is not the same 
>item as a program on HBO or the radio.

So you claim.  How does it differ, though?

>In what way does my internet provider 
>(netcom) have a "legal" distribution of usenet news, while a cd-rom 
>provider does not?

I have "provided" my postings to Usenet, for the personal use of Usenet
subscribers.  By providing my postings to a particular distribution
mechanism, I implicitly give permission for them to be redistributed _via_
_that_ _mechanism_.  I _do_ _not_ give permission for them to be repackaged
and resold via another medium, any more than David Byrne has given me
permission to resell cassettes of his music by allowing it to be broadcast
on the radio.

>HBO has paid for the use of the programs it broadcasts 
>that are produced by others, hence they have a contract between 
>themselves and the owners of the copyright.

And, hence, they have permission to distribute it over the medium of cable
televison transmission.  This does not, in and of itself, give them the
right to, for instance, resell laser disks of the movies they broadcast.

>No providers of usenet news 
>have any agreements between themselves and the posters regarding 
>copyrights.

An author doesn't _need_ an agreement to assert copyright.  Were you,
somehow, ignorant of that?

>Netcom and all the other internet providers receive postings 
>"free" and a cd-rom manufacturer has the same "right" to use postings as 
>any other internet provider.

Quite correct.  The CD-ROM manufacture may _read_ them.  Period.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From cknight at crl.com  Tue Feb  1 14:20:41 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 14:20:41 PST
Subject: Archiving mail-lists...
In-Reply-To: <Pine.3.85.9402011739.A14632-0100000@netcom9>
Message-ID: <Pine.3.87.9402011409.A11290-0100000@crl.crl.com>




On Tue, 1 Feb 1994, Kirk Sheppard wrote:

> "Master" is the term one uses in place of "Mister" or "Mr." when politely 
> addressing a male, under the age of majority.
> 

I confess to some doubts as to your intentions of politeness.  But, being 
of open mind I will put it to the test:  Mr Sheppard, I am above the "age 
of majority", and request that you refrain from using an incorrect form of 
title.

-ck







From sfi at verity.com  Tue Feb  1 14:20:48 1994
From: sfi at verity.com (Stefan Fielding-Isaacs)
Date: Tue, 1 Feb 94 14:20:48 PST
Subject: archiving on inet
Message-ID: <9402012220.AA24439@verity.com>



	>From: "Perry E. Metzger" <pmetzger at lehman.com>
>	>
>	>
>	>Chris Knight says:
>	>> If all you are concerned with is "Material differnce", then you think 
>	>> it's perfectly ok for me to sell you a good copy of a magazine?  By your 
>	>> "logic" (loosely used), you had to pay for the copy, and you had to pay 
>	>> for the original, so what's the difference?  The difference is the WILL 
>	>> AND PERMISSION of the author!  As the author of this message, I willingly 
>	>> placed it within the net.  I HAVE NOT, NOR WILL NOT, GIVE FREE PERMISSION 
>	>> TO A CD-ROM PUBLISHING HOUSE TO PUBLISH MY WORK.
>	>
>	>Try to sue for damages when your work is available for free to
>	>millions of people. The judge will laugh in your face, copyright or
>	>no. Damages are, after all, related to lost revenue -- if you allow
>	>anyone who wants to see something for free in one medium, you will
>	>have a fucking hard time to keep them from examining it in another
>	>equivalent medium. Usenet is NOT a magazine. Failing to put a
>	>copyright notice in your work destroys whats left of your ability to
>	>do anything. I'm sure you can pay a lawyer to sue for you, but this
>	>isn't exactly one anyone is going to take on contingency.

 I believe this is completely fallacious. Simply because I don't include
 a copyright statement _does not_ mean that my material is not copyrighted
 (look it up).

 Secondly, the issue at hand is not so much redistribution (I think that
 can be resolved by attribution) but rather that the redistribution was
 done for profit. I think that is where you can be hanged (metaphorically
 speaking).

 I do not think it wise to defend such an indefensible (morally and legally)
 position. Perhaps you should reconsider.

 Stef





From lefty at apple.com  Tue Feb  1 14:45:29 1994
From: lefty at apple.com (Lefty)
Date: Tue, 1 Feb 94 14:45:29 PST
Subject: Why is Kirk Sheppard Wasting Our Time? (was Re: Why is Chris Knight aTwerp?)
Message-ID: <9402012230.AA24339@internal.apple.com>


I have in fact myself received _two_ such _billets doux_ from Kirk "I claim
without evidence to be a lawyer, but so far I only play one badly on the
net" Sheppard.

I've asked his permission three times whether I can repost them, but have
gotten no specific response, other than further insults, silliness and
blathering.

I can't help but wonder why, given his strongly negative reaction to people
who try to argue with him, why on earth he might be inclined to pursue the
law as a profession.

Nor can I help but wonder how seriously I need to take someone who
addresses mail to me with the subjects "Why is Lefty a Twerp?" and "Why is
Lefty a Twerp and an Idiot?", wherein he complains about ad hominem
attacks.

I also wonder, given his tendency to call those who _do_ argue with him
"twerp" and "idiot", whether he receives many citations for contempt of
court.

>Is there any chance that this will get back to the discussion at hand, or 
>are you tired of this toy and trying to find something else to play with?

Highly doubtful.  I enjoy a battle of wits as much as the next person, but
I'm afraid I have to draw the line at an unarmed opponent.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From kshep at netcom.com  Tue Feb  1 14:50:41 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 14:50:41 PST
Subject: Master v. Mister
In-Reply-To: <Pine.3.87.9402011409.A11290-0100000@crl.crl.com>
Message-ID: <Pine.3.85.9402011759.A14632-0100000@netcom9>


Dear Master Knight,

Normally, I would be happy to oblige in using one's requested term of 
address, however I may make an exception in this case as you want fair 
play to be one sided. According to Master Knight, it is OK to start with 
ad hominem attacks, but not to answer them. Also, Master Knight has this 
devious habit of posting "private mail" on this list. Twice, now I have 
answered Master Knight's personal insults with a "private" reply so as to 
ease the burden on the other members of this  very active list, and twice 
Master Knight, shamelessly  posts follow-ups to the list. Not very 
honorable, Master Knight. So no, if I ever have the need to address you 
again it will be "Master" for you.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Chris Knight wrote:

> 
> 
> On Tue, 1 Feb 1994, Kirk Sheppard wrote:
> 
> > "Master" is the term one uses in place of "Mister" or "Mr." when politely 
> > addressing a male, under the age of majority.
> > 
> 
> I confess to some doubts as to your intentions of politeness.  But, being 
> of open mind I will put it to the test:  Mr Sheppard, I am above the "age 
> of majority", and request that you refrain from using an incorrect form of 
> title.
> 
> -ck
> 
> 
> 






From pmetzger at lehman.com  Tue Feb  1 15:05:29 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 1 Feb 94 15:05:29 PST
Subject: archiving on inet
In-Reply-To: <9402012220.AA24439@verity.com>
Message-ID: <199402012303.SAA03443@snark>



Stefan Fielding-Isaacs says:
>  I believe this is completely fallacious. Simply because I don't include
>  a copyright statement _does not_ mean that my material is not copyrighted
>  (look it up).

It does change the nature of the damages you can claim and the nature
of the process by which you prove copyright, as does registration of
the material.

>  Secondly, the issue at hand is not so much redistribution (I think that
>  can be resolved by attribution) but rather that the redistribution was
>  done for profit. I think that is where you can be hanged (metaphorically
>  speaking).

Redistribution of netnews is already done for profit, or haven't you
heard of uunet?

Perry





From kshep at netcom.com  Tue Feb  1 15:05:42 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Tue, 1 Feb 94 15:05:42 PST
Subject: Why is Chris Knight a Twerp?
In-Reply-To: <Pine.3.87.9402011257.A2238-0100000@crl.crl.com>
Message-ID: <Pine.3.85.9402011721.A14632-0100000@netcom9>


This is a prime example of Master Knight posting "private" e-mail to the 
list as a method of retaliation and ad hominem attack. Notice that he 
defames himself by being too lazy to change the "Subject" line. My sincere 
apology to the readers of this very active list. I will not reply 
publically to Master Knight any further as this entire thread is not 
within the list subject. 

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata


On Tue, 1 Feb 1994, Chris Knight wrote:

> 
> It sure was short trip for you to go from person to prick.
> 
> My "attacks" have been on your logic.  Something that has always been a 
> prime goal of a debate.  Lacking anything intellignet to say, you resort 
> to the text quoted below, and your attempted personal slight of refering 
> to me as "Master Knight" in your current posts.
> 
> Is there any chance that this will get back to the discussion at hand, or 
> are you tired of this toy and trying to find something else to play with?
> 
> If all you have left is attacks, name calling, and rudeness, perhaps you 
> should find other toys and leave the discussions to adults.
> 
> -ck
> 
> On 
> Tue, 1 Feb 1994, Kirk Sheppard wrote:
> 
> > Dear Stupid,
> > 
> > Why you are intent on attacking me for no reason is beyond me. I didn't 
> > attack you personally, what is the matter with you? Also I am not 
> > interested in gratuitous advice regarding "trying to write sometime". I 
> > can see why you might be bitter as you obviously lack the intelligence 
> > and education to make much money writing. 
> > 
> > Kirk Sheppard
> > 
> > kshep at netcom.com
> > 
> > P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
> > Bethesda, MD 20824-0911      Live On Your Knees."
> > U.S.A.
> > 			    			     - Emiliano Zapata
> > 
> > 
> > 
> 
> 






From loki at nately.UCSD.EDU  Tue Feb  1 15:05:48 1994
From: loki at nately.UCSD.EDU (Lance Cottrell)
Date: Tue, 1 Feb 94 15:05:48 PST
Subject: SASE Suggestion
Message-ID: <9402012306.AA09568@nately.UCSD.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

I have been meditating on this problem of return
addresses, and have a proposal. The remailers
can not be allowed to choose the return path,
as any corrupted remailer will corrupt the rest
of the path. I suggest the following SASE packet
format.

Notation:
A(foo) = foo encrypted to remailer A
P = some sort of one use postage token.
end is a flag indicating the final destination.
x,y,z,b are large random integers.
n is a large prime.

Packet:
This will rout reply from A -> B -> C -> Bob

A(P,x,B,B(P,y,C,C(P,z,Bob,end))),A(b,n,message)

Upon receiving the packet, A does the following:

A decrypts the packet (both parts separately).

A calculates a new b' = b^x mod n and encrypts
B(b',n,message)

So B receives B(P,y,C,C(P,z,Bob,end)),B(b',n,message)

C receives C(P,z,Bob,end),C(b'',n,message)

Analysis:
The message, which would normally be encrypted to Bob,
is never transmitted in the clear. Bob can easily
compute b'' to confirm that the message was correctly
routed, but this reveals no information about the path
the message has taken. The first remailer will refuse
to deliver the message twice, because of the expired
postage token, so the same path will not be reused.

So, what do you think? It does require some work from
the remailers, but not too much more than now.

- ----------------------------------------------------------
Lance Cottrell	who does not speak for CASS/UCSD
loki at nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
			--Nietzsche
- ----------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU7fRFVkk3dax7hlAQH4MgP9HIQPR3esnHbJuELXtCmTGXvQoLHgoA+L
OeW1WOM6WczcOEwzFRsto8k2vrTsSMDPAqhTm+Ylgy83x8ez+yquoKmfFqiNQzWY
Vcoy7ng/Jgu9i9snIGlsVdq6cpKTS8YKiR3EmnQrbpXetL7cFBZRN4yJ+dadS77q
cT2rY82uzw4=
=YTIz
-----END PGP SIGNATURE-----





From cknight at crl.com  Tue Feb  1 15:05:49 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 1 Feb 94 15:05:49 PST
Subject: Capt'n Kirk and Major Tom...  Both lost in space...
In-Reply-To: <Pine.3.85.9402011708.A14632-0100000@netcom9>
Message-ID: <Pine.3.87.9402011444.A16567-0100000@crl.crl.com>



I did not consider that a flame war, it was just a bit of banter.

You seem to lack both a sense of humor, and the intelligence to discern 
it in others.

As for re-posting personal mail, there is nothing unethical about it.  
Your vehemence on this point just goes to prove how much you wanted to 
hide your true personality from those on the net.

Since you don't seem to want to end this, I will.  Post all you want, 
personal and private.  You have proven beyond a doubt that you have no 
points of view worth discussing, nothing to be learned, and nothing worth 
replying to.

-ck 


On Tue, 1 Feb 1994, Kirk Sheppard wrote:

> Dear Master Knight,
> 
> You have quickly forgotten the crap about sending valium etc. You started 
> the flame war then by reading my small post literally and started it 
> today by making personal insults. This is your habit. My habit is to 
> respond in kind. Also, the trick of reposting private mail to a list 
> shows the level of your personal ethics. Quite low from this  vantage point.
> 
> Kirk Sheppard
> 
> kshep at netcom.com
> 
> P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
> Bethesda, MD 20824-0911      Live On Your Knees."
> U.S.A.
> 			    			     - Emiliano Zapata
> 
> 
> On Tue, 1 Feb 1994, Chris Knight wrote:
> 
> > 
> > 
> > On Tue, 1 Feb 1994, Kirk Sheppard wrote:
> > 
> > > This is the second idiotic flame war you have started with me in the last 
> > > two weeks. 
> > 
> > Perhaps you have your mail lists confused.  Until only a week ago, I 
> > was not posting in this echo.  Secondly, you started this "war".
> > 
> > > I would never again apologize to you. 
> > 
> > There was a first?
> > 
> > > I do take some small pleasure in the fact that you are so lazy that you 
> > > don't change the subject line when you reply, so on each reply you republish
> > > the condition of your being. It gives me a small chuckle each time I read the 
> > > "truth" of your intellect.
> > 
> > It is truely sad that these are the pleasures in your life.
> > 
> > 
> > 
> 
> 
> 
> 






From mnemonic at eff.org  Tue Feb  1 15:20:42 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 1 Feb 94 15:20:42 PST
Subject: Archiving mail-lists...
In-Reply-To: <199402012121.QAA03308@snark>
Message-ID: <199402012316.SAA13735@eff.org>


 
> Yes, you have a copyright over your work -- however, once you've
> posted it to the net it is likely practically impossible to restrict
> distribution.

Practical impossibility != legal impossibility.

> Since you've already allowed it to be distributed on
> demand to anyone for free it is hard to claim damages if it is
> distributed to anyone via some medium you don't like.
 
Hard, yes, but not impossible. Most copyright actions involving works that
are not being sold resort to statutory damages. And you can register your
copyright *after* the infringement occurs.


--Mike







From klbarrus at owlnet.rice.edu  Tue Feb  1 15:25:29 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Tue, 1 Feb 94 15:25:29 PST
Subject: PGP
Message-ID: <9402012321.AA07980@wahoo.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

>About how many calculations does it take to crack a 1024 bit key?  If
>someone has limitless time, money, etc., they can break it...but how
>many calculations does it take?

I did some calculations on this a few months ago, and it works out to
be on the order of 4.42 10^29 steps.  So then you can figure out how
much real time it takes given machine speed.

I also made some calculations for other sizes - to get the rest of the
article gopher to chaos.bsu.edu and look at Misc/"Bits and Factoring
Difficulty" where I have been archiving various cypherpunks posts,
apparently flying the face of copyright laws blah blah blah blah.

Since I wrote that I give permission for it to be at the gopher site
;)

>Also, there is a password used to protect the keyrings.  Assuming a
>strong password how many calculations does that take to break?

Well, if it's an 128 bit IDEA password, and brute force is the fastest
way to "break" it, then 2^128 = 3.4 10^38.

Karl Barrus
klbarrus at owlnet.rice.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU7jtYOA7OpLWtYzAQFV8wQAjugItETGxmxMkXyGN798/9DwUnhpHU7g
A7NskB3jBRSFvFJYwp1B/0c80v2I14LjZg1FHU2zlUD2NPza91mSRc0hW4WcY3Sq
2RQjZIUBxz9Fu+4XPEQWT7iFOh+MhGbx60h5QktXDaJaS46QrrsPz2SXaMbdG7iu
BiyraoH3mu8=
=aMtI
-----END PGP SIGNATURE-----





From klbarrus at owlnet.rice.edu  Tue Feb  1 15:30:42 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Tue, 1 Feb 94 15:30:42 PST
Subject: PGP
Message-ID: <9402012329.AA08073@wahoo.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

>Brute-forcing IDEA takes about as much computation as factoring
>something between a 1200 and 3000 bit RSA key (I've heard both
>numbers, but I don't know the numbers).  So, in the current
>implementation, RSA is the weak link!

Yes, I think that the turnaround point is right around 1600 bits, at
which IDEA is "easier" than RSA.

Assuming of course brute force is the fastest way to break IDEA;
the fastest (known|published) factoring method runs in time
proportional to the formula I typed out, etc.

Karl Barrus
klbarrus at owlnet.rice.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU7l2IOA7OpLWtYzAQE7fwP6A6ENOTE7dUl0gbqEk17NRLPnExCHa2za
HEt3LTfbn/0gpTfrwnKUTCKP3TAvnVJJ/cDFxRR1RkaTyHxA0RvQR/b8SosFK2Uc
HEY5I5AqNVUKE9TceDXcBnYmmMbZAIMpdMMTknrn3Eyo1kcfLGTfOInH0wM35Rdl
/o/sPMmc23s=
=S2+w
-----END PGP SIGNATURE-----





From jthomas at access.digex.net  Tue Feb  1 15:35:29 1994
From: jthomas at access.digex.net (Joe Thomas)
Date: Tue, 1 Feb 94 15:35:29 PST
Subject: archiving on inet
In-Reply-To: <9402012021.AA01756@jazz.hal.com>
Message-ID: <Pine.3.05.9402011809.B17142-b100000@access1.digex.net>


On Tue, 1 Feb 1994, Jason Zions wrote:

> > So answer the question again, what is the 
> >difference in paying an internet provider for access to usenet, and 
> >paying a cd-rom provider for access to usenet?
> . . .
> Better yet, it's the difference between watching a program on HBO when you
> are getting that service legally (i.e. paying for it) and buying a tape of
> the same program from a friend who has HBO. Whether or not you also have
> legal access to HBO, the sale of the tape infringes on the copyright of the
> program.

Several variations on this analogy have been posted, but I still don't see
how it applies to Usenet.

If HBO allowed anyone who could receive its signal to pass it along to
anyone else, without a prior license agreement, I would say it would have
little grounds for trying to prevent the sale of programs taped off HBO.

But to attempt to bring this back from misc.legal to cypherpunks territory...
Have people here thought about what happens to the concept of intellectual
property in an environment of strong cryptography and cheap anonymity? 
When there's no way for the government to enforce Berne on movies and
electronic books, what hope is there for Usenet postings?

Joe







From nate at VIS.ColoState.EDU  Tue Feb  1 15:45:44 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Tue, 1 Feb 94 15:45:44 PST
Subject: new remailer online
Message-ID: <9402012345.AA05789@vangogh.VIS.ColoState.EDU>


-----BEGIN PGP SIGNED MESSAGE-----



There is a new anonymous remailer online at:

   nate at vis.colostate.edu

It does not yet support pgp encryption, but it does remail
fine.  This is also the standard remailer used by by WWW
remailer GUI (even if no mailers are checked).

I will be releasing a copy of my remailer GUI and software
in the next day or so.

- -nate sammons

- -- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From hojunya at ecf.toronto.edu  Tue Feb  1 16:05:29 1994
From: hojunya at ecf.toronto.edu (HO JUNYA)
Date: Tue, 1 Feb 94 16:05:29 PST
Subject: "bio-radar"?
Message-ID: <94Feb1.190048edt.5810@cannon.ecf.toronto.edu>



In the current issue of Defense Electronics, the editor talks about
some "bio-radar" technology, in the hands of both the US and the
Soviet bloc..  Does anyone know more about this, or know where to
get more information?





From loki at nately.UCSD.EDU  Tue Feb  1 16:10:45 1994
From: loki at nately.UCSD.EDU (Lance Cottrell)
Date: Tue, 1 Feb 94 16:10:45 PST
Subject: archiving on inet
Message-ID: <9402020008.AA09772@nately.UCSD.EDU>


This thread seems way off topic.

		Lance





From jim at bilbo.suite.com  Tue Feb  1 16:25:29 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 1 Feb 94 16:25:29 PST
Subject: Why is Chris Knight a Twerp?
Message-ID: <9402020019.AA02559@bilbo.suite.com>




Please take the "archiving mail-list" thread to e-mail.

Thank you,

Jim_Miller at suite.com






From jimn8 at netcom.com  Tue Feb  1 16:30:45 1994
From: jimn8 at netcom.com (Jim Nitchals)
Date: Tue, 1 Feb 94 16:30:45 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.85.9402011548.A5791-0100000@netcom9>
Message-ID: <199402020030.QAA20097@mail.netcom.com>


> 
> This is not an accurate comparison. A posting on usenet is not the same 
> item as a program on HBO or the radio. In what way does my internet provider 
> (netcom) have a "legal" distribution of usenet news, while a cd-rom 
> provider does not?

I've already said it.  I own the copyright to my posts, and only permit
them to be distributed by Usenet because I can *cancel* and provide
expiration dates with my posts.  CD-ROMs do not provide these standard
Usenet message control features.

If I issue a cancel message, it's obvious that I'm asserting control
over the further distribution of my content (sites that ignore them
notwithstanding.)  Any time a CD-ROM is published with my message, and
it contains an expiration date or is later cancelled, the publication
violates my right as a copyright holder to retract my message.

[portions deleted]                         >  No providers of usenet news
> have any agreements between themselves and the posters regarding 
> copyrights. Netcom and all the other internet providers receive postings 
> "free" and a cd-rom manufacturer has the same "right" to use postings as 
> any other internet provider.

My expiration dates or cancel messages are perfectly reasonable ways
to communicate the way in which I'm exercising my copyright.  Netcom
and other service providers currently honor those communications, but
CD-ROM publishers of Usenet news do not.
> 
> Kirk Sheppard
> 
> kshep at netcom.com
> 
> P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
> Bethesda, MD 20824-0911      Live On Your Knees."
> U.S.A.
> 			    			     - Emiliano Zapata
> 




From ebrandt at jarthur.Claremont.EDU  Tue Feb  1 16:35:30 1994
From: ebrandt at jarthur.Claremont.EDU (Eli Brandt)
Date: Tue, 1 Feb 94 16:35:30 PST
Subject: archiving on inet
In-Reply-To: <9402011752.AA00225@jazz.hal.com>
Message-ID: <9402020035.AA00478@toad.com>


> From: Jason Zions <jazz at hal.com>

> Infringement occurs when you copy those bits onto some medium for
> some purpose other than store-and-forward propagation or the allowed
> fair-use exceptions; stuffing articles on a CD-ROM and selling them
> falls into neither category and hence is an infringement.
 
This is hardly cut-and-dried.  Try the defense lawyer's
interpretation: recipients of the CD-ROM are leaf nodes; the CD-ROM
is a convenient transport medium.  Usenet has been propagated over
magtape, after all.  CD-ROM is the modern equivalent, cheaper to cut
than a tape.

You seem to be concerned that your words might be stored on a
`permanent' medium.  You should be.  Anything you post is propagated
to a vast and unknown number of systems worldwide.  *Somebody* is
going to archive it, maybe back it up to WORM.  You know this
already, so what's the big deal about a CD-ROM?

I agree with your basic contention that authors of Usenet postings
retain copyright minus some concession to the nature of the medium.
But your concessions are unrealistically limited.  In the real world,
you can't count on the destruction of every copy of your `ephemeral'
article.  You can't know or control the media of propagation.  You
can't expect the RFCs to be followed to the letter -- the bulk of
news systems these days are probably neighborhood BBSes who run their
gateway software out of the box.  This is Usenet; post if you can
accept it.

   Eli   ebrandt at jarthur.claremont.edu





From jimn8 at netcom.com  Tue Feb  1 16:40:47 1994
From: jimn8 at netcom.com (Jim Nitchals)
Date: Tue, 1 Feb 94 16:40:47 PST
Subject: archiving on inet
In-Reply-To: <199402012131.QAA03337@snark>
Message-ID: <199402020036.QAA20961@mail.netcom.com>


> 
> 
> Jason Zions says:
[portions deleted]
> 
> > I'm struggling with drawing an appropriate distinction between CD-ROM as
> > newsfeed medium and CD-ROM as archive medium.
> 
> Maybe you are struggling because there is no reasonable way to make
> the distinction?

There is.  Copyright 1994 James Nitchals.  Duplication and redistribution
rights permitted only until the expiration date or issuance of a cancel
message by the author.

CD-ROM publishers cannot honor the request except by reissuing the CD-ROM
without my content.  Anyone who backs up their home directory is safe,
but if they redistribute my article after it's expired or cancelled, they
are in violation of my copyright.






From jazz at hal.com  Tue Feb  1 16:40:53 1994
From: jazz at hal.com (Jason Zions)
Date: Tue, 1 Feb 94 16:40:53 PST
Subject: The Death of Statutory Compensation for Intellectual Property (was pissing contest)
In-Reply-To: <Pine.3.05.9402011809.B17142-b100000@access1.digex.net>
Message-ID: <9402020038.AA02579@jazz.hal.com>


>Have people here thought about what happens to the concept of intellectual
>property in an environment of strong cryptography and cheap anonymity? 
>When there's no way for the government to enforce Berne on movies and
>electronic books, what hope is there for Usenet postings?

I was wondering when it was going to come around to this.

Surprise. Within ten years, the entire concept of intellectual property will
be radically altered, if not completely gone. The whole thing will become so
completely unenforceable that something will give; I'm not sure what, but
something.

At the Austin Crypto Conference, John Perry Barlow was asked what he thought
would happen to copyright. As I recall, he said something along the lines of
this: that compensation for intellectual property would cease to be a thing
of law and become a thing of interpersonal relationships. That people would
pay the producers of stuff they liked as an incentive for them to produce
more. That the ability of the Internet and its services to make
widely-separated people into a community, with all the emotions and duties
humans tend to experience in communities, would ensure a kind of darwinism
amongst the "stuff" out there; the stuff people liked would get supported
out of that sense of community, and the stuff people didn't like would not.

Would you pay $895 for a CD-ROM version of the Oxford Unabridged Dictionary?
If you could get it for almost nothing on the net, would you be willing to
send a check for $10 to the Oxford folks who made it possible?

Shareware is the future of just about all intellectual property. Once a
movie is released on video, it will be cloned and copied to rapidly that
they'll sell, what, a few hundred? Everyone else will trade perfect copies
around. There are only a few ways the studios could get huge bucks:

1) Shareware. Ask each owner of a copy to send a few bucks. Personally, I'd
rather send it to the director and actors and crew than to the back-office
overhead, but what the hell.

2) Stick with theatrical release. It'll get swiped from there too; film is
so expensive that the first users of really high-quality digital video will
be the studios, at which point it's just a question of dubbing the digital
bits (no film involved anymore).

3) Charge out the wazoo for the video tapes. Doesn't matter; the
Blockbuster's of the world will pay for one copy, which will be rented and
cloned.

4) Serializing digital copies to track down the "leaker". All you need is
two copies from different sources to find steganographically-hidden bits or
to produce a combination of the two that has a unique fingerprint that
doesn't match anything already shipping.

Within ten years it's all over.

Until then, until societal changes occur to help creative people get paid
the money they deserve for the fruits of their labors, try and stay honest
with the law as it is, eh? It's not that expensive to do it by the book
(send your check to the copyright clearance center for printed matter, for
example) and it's the primary feedback mechanism you have to the creators of
the works you like.

Jason

Copyright 1994 Jason Zions. You can copy this to propagate cypherpunks
mailing list as email or local newsgroups; no permanent digital optical
copies allowed (except for backup purposes, which I can't restrict anyway;
see relevant case law).





From mg5n+ at andrew.cmu.edu  Tue Feb  1 16:50:47 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Tue, 1 Feb 94 16:50:47 PST
Subject: Archiving on inet
Message-ID: <YhHjSSC00awOERPEVd@andrew.cmu.edu>


Wow, this usenet copyright issue has touched off a pretty heated debate.  

Let me just make a few points:

In most usenet areas, there are no limitations on who may receive the
group.  By posting to such an area, you imply that you intend your post
to be received by an unrestricted audience.  This, of course, includes
the possibility that some readers of the newsfeed will be reading it in
a time-delayed manner, such as a dialup newsfeed over slip, uucp, or
other protocol.  A CD-ROM is just another form of delayed newsfeed.

There are many areas availiable where restrictions are placed upon who
may receive the feed.  Many mailing lists, such as extropians, have this
policy.  Anyone receiving that list agrees that they will not
redistribute the messages, and that includes selling CD-ROMs.  If you
have something which you would like to limit the distribution of, there
are many forums availiable where the readers consent that they will
abide by such a policy.  The general readers of usenet have not
consented to any such agreement.

What offends me is that some hypocritical people would send a message to
an area that they know is public domain, and then complain that they
didn't want their message distributed.  When you post, you should decide
weather or not you want it public domain.  But don't complain if you
change your mind after the fact.

I reccomend that everyone who is concerned about the distribution of
some document that you wrote, (ie research paper, commentary, etc) post
a message in a public forum giving a brief overview, and then state that
it is copyrighted, and that anyone who agrees to respect your terms of
non-distribution should send you email and that you will send them a
copy.  This also allows you to place an expiration time limit on it, so
that someone won't find it reading outdated usenet news.

To continue Lefty's cable TV analogy:  A cable TV company can charge you
a fee for assisting you in receiving a publicly availiable signal. 
However, they do not have copyright on that signal - they can't stop you
from buying your own antenna, nor can they stop a competing cable
company (if the municipality allows it).  The cable company is selling
you their assistance in receiving a publicly availiable signal.  They do
not own that signal or the copyright to it.  They are merely a common
carrier of the communication.  In the same way, internet service
companies like netcom are merely providing a service which aids you in
receiving a publicly availiable signal.  Selling the netnews feed either
on a CD-ROM is no different.  They are not selling the posts - they are
selling their communications services which allow you to receive it. 
They have no copyright on the posts.  They are NOT SELLING COPYRIGHTED
MATERIAL - they are SELLING A COMMUNICATIONS SERVICE.

If a TV station was to take the broadcast of a competing station, add
their own commercials etc, and rebroadcasts it, then we have copyright
infringement.  They are taking someone else's material and using it for
their own benefit - here we have copyright infringement.  The cable
company does not do this - they are simply distributing the signal
unaltered, commercial advertisements and all.  In the same way, if
someone is selling complete, unaltered archives of usenet, it is a
communication service.  If they're taking posts, modifying for their own
purposes, and selling at a profit, we have the possibility of copyright
infringement.  I hope you all understand the difference.





From frissell at panix.com  Tue Feb  1 17:00:49 1994
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 1 Feb 94 17:00:49 PST
Subject: Cypherpunk article in NY
Message-ID: <199402020055.AA18359@panix.com>


Life in Cyberspace - Joshua Quittner
New York Newsday - Page 59
Tuesday, 01 February 1994

CODING UP A BIT OF PRIVACY

MOUNTAIN VIEW, Calif.

This must be how the Founding Fathers looked when they hacked out the 
Constitution :

A roomful of young men, mostly--frazzled hair, eager eyes, wild beards,
arms flailing and fingers jabbing in air, reaching for big ideas.  You
can't help but feel it; urgency tempers their voices.  The earnest men 
plan and argue in this corporate conference room as the last sun rays of
a winter Saturday afternoon fade in through a skylight.

Time is running out for the Cypherpunks.

There is much work to be done before the information highway arrives.
The information highway --- that 500-channel shopping mall/cineplex
championed by cable and telephone companies --- is a noxious concept to
the people in this room.  They are not technophobes or Luddites, these
Cypherpunks,  Instead, they are a collection of clever computer 
programmers, engineers and wire heads from some of the nation's best-known 
Silicon Valley software houses and hardware shops.

This is their central question:  In a future world where all information 
is centralized on a network, where all information is tracked by the bit, 
where every purchase you make and every communication can be monitored by 
corporate America, how does privacy survive?  If you go to the bookstore 
now and buy a book, you can pay in cash.  No one knows your name or what 
you purchased.  "What happens to cash transactions on the information 
highway?" they ask.

The Cypherpunks believe that they can preserve your privacy through good 
cyphers, or codes.  But they must hurry, must get their codes out and 
their networks up and running.

"The whole information highway thing is now part of the public eye," 
explain Eric Hughes, a founder of the Cypherpunk movement.  "If we don't 
change it now, it'll be impossible later."  The Cypherpunks know what 
technology is capable of.  We visit them today because they represent one 
edge of the national debate on the structure of the information highway.  
And as we all know, extreme positions help define the middle.

Many of the Cypherpunks have been heavy Internet users for years and hope 
to preserve the communal spirit of that freewheeling world of 
interconnected computer networks.  They dread the coming commercial 
network of televisions and computers, saying it will displace the 
Internet and destroy many of the freedoms they now enjoy.

So the Cypherpunks, with the kind of zeal they professionally bring to 
marathon, 72-hour sessions hacking computer code, are plotting to keep 
free networks alive.  That's "free" in the sense of unfettered, 
unmonitored, uncensored.

One way they're going about it is by spreading easy-to-use, cheap 
cryptography.  Cryptography is the science of keeping two-way 
communication private.  Computers, it turns out, are revolutionary 
cryptographic tools, able to encode and decode files quickly.  For the 
first time, virtually unbreakable codes are now possible, thanks to 
computers.

The Cypherpunks post cryptographic software on the Internet where anyone 
can access it, and can encode their communications, including electronic 
mail, pictures and video.

The the U.S. government is concerned, as governments always are, about 
the spread of powerful cryptography (terrorists could use it, kidnappers 
could use it, drug dealers could use it, all of them on cellular phones 
that encode conversations).  It currently is pushing its own commercial 
cryptographic standard, through a special chip known as the Clipper.  The 
chip is reviled by Cypherpunks and other civil libertarians because it 
provides a back door that law-enforcement agencies could enter, with the 
proper warrants, for surveillance.

By getting good, unbreakable cryptography out there now, the Cypherpunks 
hope, whatever the government finally decides will be moot.

Software has a wonderful property, the Cypherpunks are fond of saying:  
Once it's created, it can never be destroyed.  It can be copied 
infinitely, from computer to computer, spreading like a secret.  Come 
what may, unbreakable Cypherpunk code, and Cypherpunk networks, will be 
out there forever, they hope.  But just to be safe, the Cypherpunks are 
toying with different network-related plans to create an economy of 
"digicash" --- network money that, like the dollars in your pocket, isn't 
tied to a user's credit cards or other personal identification.  Digicash 
will help pay for Cypherpunk networks and will allow people to purchase 
goods without revealing their identity.

"I'm starting a bank, and it's not going to be a U.S. bank," Hughes 
says.  He standing at the whiteboard now.  A strawberry-blond ponytail 
dangles down his back and he grasps a magic marker in his hand.  "We have 
several long-term strategies, one of which is the elimination of central 
banks."  He tells the assembled crowd what they already know.  Heads 
nod.  Some people take notes.

Hughes is a self-employed programmer in Berkeley.  His hand flies across 
the whiteboard, sketching out a schematic diagram, showing how his bank 
will operate.  The bank will store depositors' money (he's thinking a 
$200 minimum deposit) and disburse payments to anyone --- all over the 
Internet.  It will be based abroad, maybe in Mexico.  A Cypherpunk 
network bank is one way to pay for a network of truly encrypted, private 
communications, you see.

"Is this going to lead the way to portable laptop ATM machines?" someone 
else asks.

"First Bank of Cyberspace!" yells one person.

"First Internet bank!" yells another.

"The Nth National Bank!"

Laughter.  Billy goat beards bob.
There is much work to be done.


*******************************
Net Tips

If you have e-mail access to the Internet, you can subscribe free to the 
Cypherpunks mailing list, which circulates to about 750 people daily.  
Send an e-mail message to:  cypherpunks-request at toad.com with the word "
Subscribe" and your name in body of message.  More information about 
cryptography, as well as cryptographic software, can be obtained over the
Internet by ftp'ing to: ftp.soda.berkeley.edu
********************************

Thanks to Lois for entering this article.
--- WinQwk 2.0b#1165                                                                                                                  





From jim at bilbo.suite.com  Tue Feb  1 17:20:48 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 1 Feb 94 17:20:48 PST
Subject: SASE Suggestion
Message-ID: <9402020114.AA03481@bilbo.suite.com>




Lance Cottrell writes:

> I have been meditating on this problem of return
> addresses, and have a proposal. The remailers
> can not be allowed to choose the return path,
> as any corrupted remailer will corrupt the rest
> of the path.

As I understand it, the remailers don't "chose" the return path, Bob (the  
sender of the original message) choses the return path when he creates the  
SASE.  All the remailers do is interpret the part of the SASE that becomes  
readable to them after decrypting the SASE portion sent to them from the  
previous hop.  If all is working, what becomes readable is the address of  
the next hop (closer to Bob) and some misc other stuff (postage, maybe,  
and perhaps another encryption key).

Am I not understanding something correctly?

Jim_Miller at suite.com






From lefty at apple.com  Tue Feb  1 17:25:31 1994
From: lefty at apple.com (Lefty)
Date: Tue, 1 Feb 94 17:25:31 PST
Subject: Another Request
Message-ID: <9402020106.AA27839@internal.apple.com>


Can anyone give me a pointer to where I might find information about Kerberos?

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From lefty at apple.com  Tue Feb  1 17:25:47 1994
From: lefty at apple.com (Lefty)
Date: Tue, 1 Feb 94 17:25:47 PST
Subject: A Request
Message-ID: <9402020106.AA27836@internal.apple.com>


A few weeks ago, an ad from Microsoft looking for a staff cryptographic
expert was posted.  If anyone saved a copy, can they please forward it to
me?

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From tcmay at netcom.com  Tue Feb  1 17:25:53 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 1 Feb 94 17:25:53 PST
Subject: archiving on inet
In-Reply-To: <Pine.3.05.9402011809.B17142-b100000@access1.digex.net>
Message-ID: <199402020123.RAA16841@mail.netcom.com>



Boy, this has been one of the most contentious, arguing-in-circles
thread I've seen in a long time. I was getting ready to delete all
these posts by lawyers, semi-lawyers, wannabee-lawyers, and
non-lawyers when I ran across this nice and concise post by Joe Thomas:

> But to attempt to bring this back from misc.legal to cypherpunks territory...
> Have people here thought about what happens to the concept of intellectual
> property in an environment of strong cryptography and cheap anonymity? 
> When there's no way for the government to enforce Berne on movies and
> electronic books, what hope is there for Usenet postings?
> 
> Joe

Exactly! The copyright laws, confusing as they may be, are basically
unenforceable for _private_ and _mostly private_ behaviors. Xeroxing
books, sheet music, and the like is done routinely--stand in a copy
shop for a while and watch what happens. And these things are
indisputably violations of copyright (there is a "grey zone" for short
copying jobs, under the "fair use" interpretatins, but certainly not
for copying entire chapters or books, or sheet music). Ditto for
copying software, as we all know. 

Copying CDs onto tapes is a murkier issue, because of the recent
revisions to the laws and the so-called "tape tax," which collects a
royalty on blank tape while allowing essentially unlimited copying for
_personal_ use (e.g., I can safely tape CDs onto DAT so long as I
don't then _sell_ them).

Where the rubber meets the road on all this stuff is when a visible,
public situation occurs--the college instructor who makes Xerox copies
of a textbook (not his own, but maybe even that is a violation) and
distributes or sells them to a class, the musician in a public concert
who is seen with piles of Xeroxed sheet music, the guy selling dubbed
videos at a flea market, the corporation buying one copy of a program
and then duplicating it for 30 employees, etc. In these cases, a
whistleblower can call in the Music Police (don't know their real
name), the Data Narcs (SPA), etc., and some action _may_ be taken.
(Rarely, for many reasons.)

The hair-splitting about whether making backup copies of Usenet
constitutes any kind of violation is not all that useful. The issue is
what happens when--as is inevitable--folks sell compilations of other
people's postings. Indeed, there was a raging debate on this several
years ago when Brad Templeton was planning to sell a book of the best
jokes he's seen in rec.humor.funny. Maybe the book even came out....I
never did hear the outcome. Anyone know?

With strong crypto and anonymous systems, few actions will be
publically visible enough to allow enforcement and sanctions. 

Copyrighted material may be sent through remailers to protect the
source (recall the "Information Liberation Front"). Ditto for other
kinds of "software."

A brave new world. My fear is that the NII will be structured so as to
limit crypto use with a public rationale of preventing these kinds of
abuse (the private rationale being the NSA/FBI/national security state
sorts of things).


--Tim May, who's not a lawyer and doesn't want to become one

(and who hates to see fine minds devoted to the credo "Cypherpunks
study law")


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From klbarrus at owlnet.rice.edu  Tue Feb  1 17:40:48 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Tue, 1 Feb 94 17:40:48 PST
Subject: REMAIL: ping, script
Message-ID: <9402020140.AA07524@screech.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

I've been catching up on past messages; I see there was some interest
in scripts for pinging remailers, and some questions about how many
there are, etc.

Here is the data file and script I use to ping non-special remailers.
Note: remailer #12 will only remail if you attach "digital cash",
remailer #20 batches until midnight, remailer #21 requires encryption.

Save this as "remailer.data"

- ----------8< cut here >8----------
01:n:remailer at chaos.bsu.edu
02:n:nowhere at bsu-cs.bsu.edu
03:n:hh at cicada.berkeley.edu
04:n:hh at pmantis.berkeley.edu
05:n:hh at soda.berkeley.edu
06:n:00x at uclink.berkeley.edu
07:y:hal at alumni.caltech.edu
08:y:ebrandt at jarthur.claremont.edu
09:y:catalyst at netcom.com
10:y:sameer at netcom.com
11:y:remailer at rebma.mn.org
12:y:elee6ue at rosebud.ee.uh.edu
13:y:elee7h5 at rosebud.ee.uh.edu
14:y:hfinney at shell.portal.com
15:y:sameer at soda.berkeley.edu
16:y:remail at tamsun.tamu.edu
17:y:remail at tamaix.tamu.edu
18:y:remailer at utter.dis.org
19:y:remailer at entropy.linet.org
20:y:elee9sf at menudo.uh.edu
21:s:remail at extropia.wimsey.com
- ----------8< cut here >8----------

and then the script

- ----------8< cut here >8----------
#!/usr/local/bin/perl
#ping the anonymous remailers
#Karl L. Barrus <klbarrus at owlnet.rice.edu>

open (IN,  "remailer.data") || die "Can't open remailer.data\n";

while (<IN>) {
  ($num, $rest) = split(/:/, $_, 2);
  $remailers{$num} = $rest;
}
close (IN);

#ping all remailers except special ones
foreach $i (sort keys(%remailers)) {
  ($mode, $name) = split(/:/, $remailers{$i});
  print "remail via $name" if $mode ne "s";

  open (MAIL, "| /usr/lib/sendmail " . $name);
  print MAIL "To: " . $name;
  print MAIL "From: nobody\n";
  print MAIL "Subject: test " . $i . "\n";
  print MAIL "Request-Remailing-To: klbarrus at owlnet.rice.edu\n";
  print MAIL "\ntesting :-)\n";
  close (MAIL);
  sleep 5;
}
- ----------8< cut here >8----------

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU8EUIOA7OpLWtYzAQFbjAQAhMj765Rd7r4BgRkXnRKmSRuJRphyNz/6
3Q7N4v+rQME44ZtiufDkxEyxj/M7s+bMXRqP+2n+gXVSaAgXq/g2CFrVisyvL70P
6RS//XHaoThJHRPp9x0/p9fO2MMeqOct0YXtYWi2C9LlU8B9/smjm7/Qg6q65tgk
D3FgR6YAlZI=
=bl8B
-----END PGP SIGNATURE-----





From warlord at MIT.EDU  Tue Feb  1 18:35:28 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 1 Feb 94 18:35:28 PST
Subject: Another Request
In-Reply-To: <9402020106.AA27839@internal.apple.com>
Message-ID: <9402020234.AA14461@toxicwaste.media.mit.edu>


You can obtain a lot of documentation from the anonymous ftp site:
	ftp://athena-dist.mit.edu/pub/kerberos/doc

There are a lot of papers, docs, etc in that directory.

Hope this helps.

-derek





From jthomas at access.digex.net  Tue Feb  1 18:55:28 1994
From: jthomas at access.digex.net (Joe Thomas)
Date: Tue, 1 Feb 94 18:55:28 PST
Subject: The Death of Statutory Compensation for Intellectual Property (was pissing contest)
In-Reply-To: <9402020038.AA02579@jazz.hal.com>
Message-ID: <Pine.3.05.9402012025.C18786-c100000@access3.digex.net>


On Tue, 1 Feb 1994, Jason Zions wrote:

> Surprise. Within ten years, the entire concept of intellectual property will
> be radically altered, if not completely gone. The whole thing will become so
> completely unenforceable that something will give; I'm not sure what, but
> something.

Here's my slant on it:

Without government coercion, "intellectual property" is limited to its
only natural form -- a secret.  If you don't want everyone to have certain
information, don't tell anyone.  At the very least, don't tell anyone who
has no incentive to keep the information to himself.

> At the Austin Crypto Conference, John Perry Barlow was asked what he thought
> would happen to copyright. As I recall, he said something along the lines of
> this: that compensation for intellectual property would cease to be a thing
> of law and become a thing of interpersonal relationships. That people would
> pay the producers of stuff they liked as an incentive for them to produce
> more. That the ability of the Internet and its services to make
> widely-separated people into a community, with all the emotions and duties
> humans tend to experience in communities, would ensure a kind of darwinism
> amongst the "stuff" out there; the stuff people liked would get supported
> out of that sense of community, and the stuff people didn't like would not.


EFF Co-Founder Solves Prisoner's Dilemma
   Game Theorists Had Neglected
  "Community Spirit," Says Barlow

> Shareware is the future of just about all intellectual property.

Maybe.  I wouldn't expect to get rich on it, though...

>         There are only a few ways the studios could get huge bucks:

[most of list deleted]

> 4) Serializing digital copies to track down the "leaker". All you need is
> two copies from different sources to find steganographically-hidden bits or
> to produce a combination of the two that has a unique fingerprint that
> doesn't match anything already shipping.

Is this really a settled issue?  I'll bet I could devise a scheme for
tagging a large number of copies of an image, such that the information
available to a cheater from two images isn't enough to produce an
untraceable copy.  Such a scheme would entail some image degradation -- if
you didn't mess with some visible bits in each picture, a cheater would
only have to randomize all the "invisible" bits.

But of course this stuff is only useful if the work is distributed
non-anonymously in the first place.  It doesn't do QVC/Paramount much good
to know that an2538295 was the one responsible for redistributing 10,000
copies of Star Trek L.

Computer software and other interactive works should fare better, since
the publishers can restrict their distribution to secure machines on a
network.  Customers would pay to use the software, but never receive a copy of
their own.  Reverse-engineering even "Dragon's Lair"-type games would be
non-trivial and error-prone.  And after getting ripped off for a bad
interactive copy, most people would probably be happy to pay a premium for
the real thing.

Joe







From ebrandt at jarthur.Claremont.EDU  Tue Feb  1 19:30:49 1994
From: ebrandt at jarthur.Claremont.EDU (Eli Brandt)
Date: Tue, 1 Feb 94 19:30:49 PST
Subject: fwd: Canadian gov't eavesdropping
In-Reply-To: <94Feb1.201622est.83288(2)@ivory.educom.edu>
Message-ID: <9402020326.AA05527@toad.com>


> Date:	Tue, 1 Feb 1994 20:21:46 -0500
[...]
> HIGH-TECH SNOOP GADGET.  A super-secret branch of the Canadian Security
> Intelligence Service has awarded three contracts to a Montreal firm to make
> equipment that can quickly isolate key words and phrases from millions of
> airborne phone, fax, radio signals and other transmissions. The hardware
> has the "Orwellian potential to sweep through ... and keep records of all
> conversations," said one CSIS critic.  (CTV National News, 01/31/94 11:00
> pm).

Dunno how feasible this kind of keyword recognition presently is,
but here's another reason to encrypt.

> EDUPAGE. To subscribe to Edupage send e-mail to listproc at educom.edu,
> containing the following text: SUB EDUPAGE yourfirstname yourlastname. To

   Eli   ebrandt at jarthur.claremont.edu





From jim at bilbo.suite.com  Tue Feb  1 21:20:49 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 1 Feb 94 21:20:49 PST
Subject: 2-way anonymous via SASE
Message-ID: <9402020513.AA07003@bilbo.suite.com>



Jon Boone writes:

>  Now, what is this SASE?  Apparently it is either a) a
> fully-specified   return-path (presumably a chain of
> anonymous ids at various remailers),   b) a next-hop
> address (anonymousid at the next remailer that "knows"  

> where to send the message), or c) some combination of the
> previous two.
> 

>   Is there another possibility that I have missed? 

> 


The SASE's that I've been describing are not type a, b, or c.

"b" is closest, except the next-hop address is not an "anonymousid at the  
next remailer", rather, it is simply the e-mail address of the next  
remailer to send to.

The SASE is structured somewhat like a message enclosed in a bunch of  
nested digital envelopes.  If you don't understand "message enclosed in a  
bunch of nested digital envelopes" then you will have a hard time  
understanding SASE's (at least the type of SASE's I'm describing).


** Using Nested Envelopes for sending anonymous e-mail (simplified) **

Say Bob wants to send a message to Ted, routing the message through R1 and  
R2, and finally to Ted.  First of all, Bob needs to know the e-mail  
address of R1, R2, and Ted.  Bob also needs to know the public-key of R1,  
and R2.  He will probably also want to know the public-key of Ted, but  
that is not required.

[Notice that I did *not* say the Bob needed to have an anonymous account  
id at each of the remailers.  There are different types of remailers.   
Some provide anonymous accounts, others simple forward e-mail.  In the  
description below, I am referring to remailers that just forward e-mail.]


To send to Ted, Bob constructs the following: (not considering SASE's yet)

      R1_PK(R2-addr, R2_PK(Ted-addr, Ted_PK(message)))

where:
   XX_PK(stuff)     stuff encrypted with XX's public-key
   XX-addr          e-mail address of XX


Bob sends this mess to R1.

>From R1's point of view, R1 receives

      R1_PK(stuff1)
      

R1 decrypts "stuff1" and gets:

      R2-addr, R2_PK(stuff2)

R1, strips off "R2-addr" and e-mails R2_PK(stuff2) to "R2-addr".

R2 receives

     R2_PK(stuff2)
    

R2 decrypts "stuff2" and gets

     Ted-addr, Ted_PK(message)

R2 strips off "Ted-addr" and e-mails Ted_PK(message) to "Ted-addr".

Ted receives

     Ted_PK(message)
     

Ted decrypts it, and gets Bob's message.


As you can see, you need to use a special type of remailer to get this to  
work.  Not all remailers support the "decrypt, strip, and re-send"  
operation.

You seem to be familiar with the type of remailer that sets up an  
anonymizing "account" (e.g. an12345 at anon.penet.fi).  These "Penet-style"   
remailers give you an easy mechanism for doing 2-way anonymous  
communication.  Ted can use ordinary e-mail commands to send a reply  
addressed to "an12345 at anon.penet.fi".

The "decrypt, strip, and re-send" remailers do not provide a trivial way  
to send reply messages.  The SASE mechanism is an attempt to extend these  
types of remailers so Ted can reply to whomever sent him the anonymous  
message (Ted doesn't know anything about the original sender, not even a  
anonymous id.  Ted only knows that R2 forwarded a message to him).


Jim_Miller at suite.com






From jim at bilbo.suite.com  Tue Feb  1 21:40:48 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 1 Feb 94 21:40:48 PST
Subject: 2-way anonymous via SASE
Message-ID: <9402020534.AA07060@bilbo.suite.com>



I finally got around to downloading and reading the remailer stuff from  
the cypherpunks ftp site*.  I could have saved myself some embarrassment  
if I had read it before posting my "original" SASE idea.  The file

     pub/cypherpunks/remailer/hals.instructions

describes a mechanism that is basically a simplified SASE.

Oh well...

Jim_Miller at suite.com

---------
*ftp soda.berkeley.edu





From nobody at qwerty.org  Tue Feb  1 22:10:49 1994
From: nobody at qwerty.org (nobody at qwerty.org)
Date: Tue, 1 Feb 94 22:10:49 PST
Subject: New Remailer Up.
Message-ID: <199402020607.WAA29302@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Greetings.

New remailer: qwerty at netcom.com.

No logs. Only a "counter" that works by appending the word "R" or "ER" to a
text file so I can get an idea if anyone is using it. However, I'm sure the
Netcom and other site's mail logs will be enough to track serious abusers
of anonymity down, without my help. This remailer is dedicated to honest
people who desire PRIVACY.

(The extra "-" and "space" characters at the beginning of some lines are an
artifact of my signing this with PGP).

Accepts standard,
::
Request-Remailing-To: address
(space)
message

or standard,
::
Encrypted:PGP
(blank line)
- -----BEGIN PGP MESSAGE-----
Version: 2.3

Blah blah blah.
- -----END PGP MESSAGE-----
(blank line)
Optional message here.

in which the first two lines of the decrypted message contains,
::
Request-Remailing-To: address
(blank line)

Spelling mistakes will land mail in my mail box where I will emotionlessly
delete them. Leaving out the blank lines may cause messages to dissapear.

Public key for Qwerty Remailer <qwerty at netcom.com>,

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQCNAi1NtgAAAAEEALD07N5RllpklGhOQaiYtRupb+8Jm1M34ya8rxmcNUCVndcb
JgH9EW1Z2VvkJ3vTcEOOBK9jM/HCIGDqBbQZR8VOLbLNOD7VQIzTpyTOmZJCMSZG
bqZtRtP6KDtMcTx1SgHq9LiRNz5YUyB3WOV963y8W/x00QS4yGkgCDZkVQXZAAUR
tCNRd2VydHkgUmVtYWlsZXIgPHF3ZXJ0eUBuZXRjb20uY29tPokAlQIFEC1OzEgE
sxus60J9UQEB224D/jUcYRnXmIj9nt4Y7sjGYTmO+v7b9W+rsxYLn6+hCGmx5iQJ
zPr3ggvm8ylBZnNp3WUxssDlb9GyiK801vzm6HDXWd/yCeGXHX7YB2DDFd5WrK70
/XGTMGv3gvNnExIM+UVv5tl8y/YXOfeLWWGttD6a60MkUNxAOGT9qBsUTqJNiQCV
AgUQLU3TdWkgCDZkVQXZAQH1ygP/TCY7T0PdNVRUVbEpN9YsbxFKhFT/7+hZTySr
Md0j2GrObjcRc7aa0c9lEZrtKpaDCJkgF+7k20z1eQpw7zD/dO+ZsSqni62TLGYa
pdTsAiYbev90Nb+1S2ST36KvIgJSmQS6zvgpToTRpGwYhJhqTZhTo8Z2U5ufb+SF
TsNMd0Q=
=BXnK
- -----END PGP PUBLIC KEY BLOCK-----

See the PGP FAQ for how to use encrypted remailers. Send mail to
na38138 at anon.penet.fi with subject "Bomb me!" for Gary Edstrom's PGP FAQ
and my "Here's How to MacPGP!" guide.
That's NA (not AN), thirty-eight, one-thirty-eight.

Thanks to Hal Finney for sending me updated perl scripts and a working copy
of UNIX PGP2.3a. I am looking into ViaCrypt UNIX PGP 2.4 as well.

Send mail regarding the remailer to qwerty at netcom.com.

 -Xenon

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLU77FgSzG6zrQn1RAQHlvgQAj2S4bYB+5dEDubfzk8etdBOSbehxfF/o
B8ycAHgbHjs0SI9HEb0Xm9RJP+ZLtFfD8J7KgOWe0cJlWdy8NKwJxh55Uqn6yiQn
IHB2M9x51nXD3ySCIH8f2USXuHYj8qiInzvQwP6naNiC0vU9E+4ab02Th+IbC8zL
n9Jthe+vTf8=
=MEvY
-----END PGP SIGNATURE-----






From nobody at qwerty.org  Tue Feb  1 22:55:29 1994
From: nobody at qwerty.org (nobody at qwerty.org)
Date: Tue, 1 Feb 94 22:55:29 PST
Subject: SuperPing1.2
Message-ID: <199402020651.WAA05123@mail.netcom.com>


This may not be elegant, but it works well in my account. It checks
the entire Cypherpunk remailer network connections and is user friendly.

-Xenon

#!/usr/bin/perl
# Change this to reflect where your system has perl.

# SuperPing version 1.2: Ping Cyperpunk remailer connections.
# Now pings in both directions, as I have learned they are NOT equivalent.
# Brought to you by Xenon <na38138 at anon.penet.fi>.
# Thanks to Alan Barrett for teaching me some perl.

# Warning: outputs ~40 e-mails at a time. May give "too many processes"
# error towards the end if you haven't killed all of your stopped jobs.
# Increase the sleep(sec) time if needed. 

# Be careful. If mail bounces between any two remailers in either
# direction, "Mr. Remailer Operator" will obtain a full mailbox! 

# To test the program, comment out all the remailers in the list and add
# YOUR address at least three times to the list of "remailers".

# You MUST make a file called .PingFile that contains:
#::
#Request-Remailing-To: your.address
#
#Ping!
#
#-----Begin Test-----
#Test
#-----End Test-----

# Will also function as a convenient method to shut down all remailers at
# once by making .PingFile 500K instead of 1K. Not recommended if you
# value your life ;-). 

# List of remailers (not complete). Make any line a comment to remove that
# line's remailer. cicada and pmantis are not meant for heavy traffic so I
# have removed them. Soda is commented for no particular reason.

@Rm = (
"catalyst at netcom.com",
"remailer at dis.org",
"ebrandt at jarthur.claremont.edu",
"remailer at merde.dis.org",
"qwerty at netcom.com",
"elee7h5 at rosebud.ee.uh.edu",
"hfinney at shell.portal.com",
#"hh at soda.berkeley.edu",
);

#Nicknames for output and subject lines.

@Nick = (
"catalyst",
"dis.org",
"jarthur",
"merde",
"qwerty",
"rosebud",
"shell",
#"soda",
);

# Select a marking character for this SuperPing session.
@Mark = ("A","B","C","D","E","F","G","H","I","J","K","L","M","N","O",
"P","Q","R","S","T","U","V","W","X","Y","Z");

srand(time);
$M = $Mark[rand(26)];

# Strings, since lines got too long below.
# Obviously this could be written better using sendmail but I'm writing
# perl code without KNOWING any perl.

  $A = "(echo \"::\" ; echo \"Request-Remailing-To: ";
  $B = " ; echo \"\" ; cat .PingFile) | mail -s \"$M.";

# Send a "Ping!" between all combinations of two remailers, in both
# directions. $Num is a count that ends up in the Subject line. Each number
# is used twice, with a < and > telling which direction the mail went. Change
# "system" to "print" to see the Unix commands being produced. 

foreach $Sec (0..$#Rm) {
    foreach $First ($Sec+1..$#Rm) {
     $Num++ ;

     $C = " $Nick[$First] > $Nick[$Sec]\" " ;
     system "$A$Rm[$Sec]\"$B$Num$C$Rm[$First]";
     print "$M.$Num $Nick[$First] > $Nick[$Sec]\n";
     sleep(1) ;
 
     $C = " $Nick[$First] < $Nick[$Sec]\" " ;
     system "$A$Rm[$First]\"$B$Num$C$Rm[$Sec]";
     print "$M.$Num $Nick[$First] < $Nick[$Sec]\n";
     sleep(1) ;
   }
}


# Output (with only catalyst, qwerty and rosebud checked) looks like this:

# S.1 qwerty > catalyst
# S.1 qwerty < catalyst
# S.2 rosebud > catalyst
# S.2 rosebud < catalyst
# S.3 rosebud > qwerty
# S.3 rosebud < qwerty

# These are printed out as the program progresses and they also appear as
# the Subject of each piece of mail.

# alias g '(grep Subject: /usr/spool/mail/n/name | sort -t. +1 -n) | more'
# will make the command "g" give a list of received pings, in order. /n/name
# is your part of the mail spool. You should also check that the received
# pings really came from the second remailer instead of getting short
# circuited by the first remailer.

# Sample output mail as received by a remailer:
# 
#From: Your name <your.address>
#Message-Id: <numbers at your.site>
#To: qwerty at netcom.com
#Subject: S.1 qwerty > catalyst
#Status: R
#
#::
#Request-Remailing-To: catalyst at netcom.com
#
#::
#Request-Remailing-To: your.address
#
#Ping!
#
#-----Begin Test-----
#Test
#-----End Test-----





From ritter at cactus.org  Tue Feb  1 23:25:29 1994
From: ritter at cactus.org (Terry Ritter)
Date: Tue, 1 Feb 94 23:25:29 PST
Subject: NxM DES
Message-ID: <9402020724.AA29200@cactus.org>





                   Ritter Software Engineering
                       2609 Choctaw Trail
                       Austin, Texas 78745
                (512) 892-0494, ritter at cactus.org



          Strong Block Ciphers from Weak Ones: NxM DES
               A New Class of DES Operating Modes

                          Terry Ritter
                        January 31, 1994


Introduction

Many security vendors are now preparing a new generation of software
and hardware products.  Given the well-known criticism of DES, and the
government's unwillingness to publish their new Skipjack algorithm,
much attention has been focused on triple-DES as a replacement for DES.
But triple-DES requires three times the processing of normal DES, and
retains the same small block size which must be increasingly vulnerable
to improved dictionary attacks.  Thus it is reasonable to seek
alternatives to triple-DES, and compare them with respect to keyspace,
processing requirements, and block size.  Vendors should be cautioned
that triple-DES is not the only, nor necessarily the best, alternative
to DES.  They should consider delaying implementation of alternatives
until a consensus develops on exactly what the replacement should be.

New ciphering algorithms are often challenged to "prove" they are
stronger than DES.  Since it is impossible to measure the "strength"
of a cipher (and there has been no absolute proof of strength for any
practical cipher), new cipher algorithms are often considered
curiosities.  On the other hand, DES itself is well-known and accepted
(despite having no proof of strength), so there seems to be great
interest in the possibility of forming from DES a stronger cipher. 
Triple-DES is one approach at forming that stronger cipher, and is what
we could call a 1x3 DES structure: one DES block wide by three DES
cipherings deep.  Naturally, we expect software for any three-level
ciphering to operate at about one-third the speed of normal DES. 

There is an alternative approach which offers a larger keyspace,
reduced processing, and larger block sizes (which, nevertheless, can
often be used without data-expansion beyond that of normal DES).  I
call that approach "NxM DES," of which 2x2 DES is perhaps the easiest
nontrivial example:


2x2 DES

Instead of repeatedly enciphering a single 8-byte block, consider using
multiple DES cipherings to form a 16-byte block operation and thereby
improve plaintext block statistics.  2x2 DES will be two DES blocks
wide by two DES cipherings deep.  

First, encipher two data blocks with DES, each under a different key. 
Exchange half the data in the first and second blocks.  Then encipher
the resulting blocks again, using two more keys:

Let us denote a DES enciphering by:  

     ciphertext := DESe( plaintext, key ) .  

We want to encipher two DES-size blocks, call them A and B, and end up
with ciphertext blocks G and H:

     C := DESe( A, k1 );          D := DESe( B, k2 );
     E := C[0..3],D[4..7];        F := D[0..3],C[4..7];
     G := DESe( E, k3 );          H := DESe( F, k4 );

The byte-index notation on the second line is intended to convey the
exchange of the rightmost four bytes of the first two DES ciphertexts. 
The exchange is a permutation, costless in hardware, and simple and
cheap in software.  This particular permutation is also a self-inverse,
so that the same permutation can be used for both enciphering and
deciphering.  If we give each two-bytes of data a symbol and denote the
original data as:

     0123  4567

then after the permutation we have:

     0167  4523 .

For example,

     A:    01A1D6D039776742       B:   5CD54CA83DEF57DA
     k1:   7CA110454A1A6E57       k2:  0131D9619DC1376E
     C:    690F5B0D9A26939B       D:   7A389D10354BD271
     E:    690f5b0d354bd271       F:   7a389d109a26939b
     k3:   07A1133E4A0B2686       k4:  3849674C2602319E
     G:    b4de11d10c55c267       H:   64f1a0b723d360a7 .

Deciphering is similar to enciphering, except that the last-stage keys
are used first, and we use DES deciphering instead of enciphering:

     E := DESd( G, k3 );          F := DESd( H, k4 );
     C := E[0..3],F[4..7];        D := E[0..3],F[4..7];
     A := DESd( C, k1 );          B := DESd( D, k2 );

Thus, 2x2 DES enciphers DES blocks A and B to DES blocks G and H in
four DES cipherings.  This is faster than triple DES, because twice as
much data are enciphered in each block:  2x2 DES has a cost similar to
double-DES.  But 2x2 DES is potentially stronger than triple-DES,
because each of the resulting ciphertext bits is a function of 128
plaintext bits (instead of 64), as well as three DES keys.  (Although
four keys are used in 2x2 DES, only three keys affect each output
block, a 168-bit keyspace.) 

2x2 DES does have a larger block size, so, when used alone, last-block
padding overhead increases from four bytes (on average) to eight; a
four-byte data expansion.  Naturally, when used alone in CBC mode, the
initialization vector (IV) will also be larger, 16 bytes instead of 8. 
This 12-byte overall increase in overhead should be weighed against the
stronger 16-byte block size, since strength is the reason for moving
away from normal DES in the first place.  


4x2 DES

In a manner similar to 2x2 DES, we can consider enciphering four DES
blocks of plaintext, sharing data between them, and then enciphering
the resulting four blocks again.  4x2 DES has a larger keyspace than
2x2 DES, yet retains the same ciphering cost.  4x2 DES does have some
additional last-block and IV overhead, in return for a greater keyspace
and larger block-size strength.  Each 4x2 ciphering requires eight DES
keys:  

     E[0..7] := DESe( A, k1 );
     F[0..7] := DESe( B, k2 );
     G[0..7] := DESe( C, k3 );
     H[0..7] := DESe( D, k4 );

     (swap right-hand half of the data in {E,F} and {G,H})
     I := E[0..3],F[4..7]
     J := F[0..3],E[4..7]
     K := G[0..3],H[4..7]
     L := H[0..3],G[4..7]

     (swap the middle half of the data in {I,L} and {J,K})
     M := I[0..1],L[2..5],I[6..7]
     N := J[0..1],K[2..5],J[6..7]
     O := K[0..1],J[2..5],K[6..7]
     P := L[0..1],I[2..5],L[6..7]

     Q := DESe( M, k5 );
     R := DESe( N, k6 );
     S := DESe( O, k7 );
     T := DESe( P, k8 );

The intermediate permutation involves four 32-bit exchange operations,
an expense still trivial compared to the DES ciphering operations.  (In
a hardware implementation, the byte-swaps are the connections always
needed between stages, just connected differently, with no added
expense at all.)  This permutation is also a self-inverse.  If we
denote each two-bytes of the data symbolically:

     0123  4567  89ab cdef

then after the permutation, we have:

     0da7  49e3  852f c16b .


Alternately, if we denote the data prior to permutation as:

     0000  1111  2222 3333

then after the permutation we have:

     0321  1230  2103 3012 ,

showing that each permuted block contains exactly two bytes from each
of the four original DES blocks.  Each 8-byte output block in 4x2 DES
is a function of 32 bytes of input plaintext, as well as five DES keys,
a 280-bit keyspace.

For example,

     A:    01A1D6D039776742       B:   5CD54CA83DEF57DA 
     C:    0248D43806F67172       D:   51454B582DDF440A

     k1:   7CA110454A1A6E57       k2:  0131D9619DC1376E
     k3:   07A1133E4A0B2686       k4:  3849674C2602319E

     E:    690F5B0D9A26939B       F:   7A389D10354BD271
     G:    868EBB51CAB4599A       H:   7178876E01F19B2A

     M:    690f876ecab4d271       N:   7a38bb5101f1939b 
     O:    868e9d109a269b2a       P:   71785b0d354b599a

     k5:   04B915BA43FEB5B6       k6:  0113B970FD34F2CE
     k7:   0170F175468FB5E6       k8:  43297FAD38E373FE

     Q:    89af722f592664c4       R:   012d483a04db300f
     S:    dd60060ad098e3e0       T:   a3832dc4ff5c99ad .


Again, 4x2 DES deciphering is similar, except that we use the last-
stage keys first, and DES deciphering instead of enciphering.  


NxM DES

8x2 DES would have a 64-byte block and 16 DES keys, yet should still
be considerably faster than triple-DES.  Even larger blocks are
possible, but would seem to require exchange operations on non-byte
boundaries (to assure that each permuted block contains bits from each
stage-one ciphertext block), so 16x2 DES and larger structures may have
a larger software permutation cost.  Nevertheless, the Nx2 approach
gives us a way to increase the keyspace while generally retaining
processing costs similar to double-DES.

DES structures with additional ciphering levels, such as 2x3 DES or
4x3 DES, are also available, at a processing cost similar to triple-
DES, but with the increased strength of a larger block size.  A 2x3 DES
structure would have a 280-bit keyspace similar to 4x2 DES, but with
50 percent higher processing costs.  A 4x3 DES structure could be
appropriate for some applications, but would have a huge 504-bit
keyspace which would require us to create, transport and store the
associated 84-byte key set.  


Large Blocks in Existing Systems

It should be possible to adapt many existing systems to use larger
blocks without further data expansion.  Consider an 82-byte message,
which would normally be structured as eleven 8-byte DES blocks, for a
total of 88 bytes:  An NxM DES alternative might use two 4x2 DES
blocks, one 2x2 DES block, and one 1x3 DES block, for 32+32+16+8 or 88
bytes, exactly the same as normal DES.  A 63-byte message (normally 8
DES blocks) would use just two 4x2 DES blocks for a total of 64 bytes,
also the same as normal DES.  If larger blocks are always used until
smaller blocks would be more efficient, there is exactly one way to
structure any given amount of data, and the resulting length is
sufficient to reproduce the multiple-size blocking structure.  The
overhead of these blocking manipulations remains insignificant when
compared to the DES ciphering operations.  We could call this sort of
use of multi-size blocking "NxM+ DES," and 4x2+2x2+1x3 DES (which we
could call "4x2+ DES") would seem to be a very practical system.  

Clearly, in CBC mode, 4x2 DES will require a larger IV than normal DES. 
Perhaps the IV could be transferred as part of the key-exchange; there
is obviously no way to avoid using larger keys if we want a stronger
cipher, whatever approach we use.  Smaller blocks at the end of a data
area could just take the left-most part of the preceding block as their
chain value.  Similarly, a 2x2 DES block might use the left-most two
DES keys at both levels of a 4x2 DES block (k1,k2,k5,k6), while a 1x3
DES block might just use the first three keys of the 2x2 DES block.  

Overall, 4x2+ DES might be a simple firmware upgrade for existing DES
hardware.  


Summary

Because the DES cipher is well known, there is interest in creating a
stronger cipher which builds on normal DES as a base.  By introducing
a larger block width in addition to repeated cipherings, additional
complexity can be obtained with a moderate increase in processing. 
This approach is unusual in that various levels of strength can be
obtained at virtually the same processing cost, a cost comparable to
double-DES and substantially less than triple-DES.  Furthermore, the
larger data blocks can be used even in systems which would not support
data expansion beyond that inherent in normal DES.  Consequently, the
NxM DES approach would seem to have significant practical advantages
over either double-DES or triple-DES as a replacement for DES.  

NxM DES is a product of my own research.  I am not aware that this
approach has been previously published.  







From sameer at soda.berkeley.edu  Wed Feb  2 00:30:50 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Wed, 2 Feb 94 00:30:50 PST
Subject: Anonymous mail service up for alpha testing
Message-ID: <m0pRcum-00010YC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

	I've written a small anonymous mail service, and it's now
available for testing. There's no security, and I'll be keeping logs,
so don't think that it's secure, in any way. It's also running on a
PPP link which isn't connected all the time, so it's rather flaky.
	(I'll set it up as a real service once I get a real link-- if
anyone else wants to do it, they're welcome to use my code.)

	How to get an anonymous account:

	Send mail to admin at infinity.hip.berkeley.edu -- include in the
message a login, a "Full Name", a choice of remailer, and an encrypted
return address block encrypted with that remailer's public key.
	I'll set it up.

	How the anonymous account works:

	Someone will send mail to
login at infinity.hip.berkeley.edu. Then the system looks up in a table
which remailer is associated with that login. It then sends out mail
to that remailer, starting with the contents of the encrypted return
address block, then a "##" and then all of the message to
login at infinity, with "Received" lines taken out.

	Thus once the message gets to the last remailer of the chain
in the encrypted return block, the ## pasts the identifying
information of the person mailing to login at infinity.hip in the header
of the message. (It *should* do that...) If the person mailing to the
infinity address would like anonymity he/she should use an anon-mailer
on his/her end.

The encrypted-return address you send me should look like:

::
Encrypted: PGP

- -----BEGIN PGP MESSAGE-----
etc.

	Make sure you include that ::/Encrypted or the remailer which
gets it won't know that it's PGP encrypted.

	Remember, this is just setup for testing. Don't use it for
real applications.

- -Sameer

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU9jrni7eNFdXppdAQH/FwP/b9pllDYnW6L4x0y1dVnC6km9TQ9lTw2x
U/ea87JnguYSHYRxOk6lZoBBx5ZH/A48OCHJztzWHaSP2Tq69Oro4FTrtRcpTjbf
ti8L97x9+Xvx1A6/Vkw1nuS5MRJ8SoPUV4bDKFdf80Ykhik5bk8b0WOUew1uF6dq
QJzyDsKDFQU=
=2EIr
-----END PGP SIGNATURE-----




From qwerty at netcom.com  Wed Feb  2 01:10:50 1994
From: qwerty at netcom.com (Qwerty Uiopas)
Date: Wed, 2 Feb 94 01:10:50 PST
Subject: New Remailer Up.
Message-ID: <199402020908.BAA13212@mail.netcom.com>


...and, to mail to an anon.penet.fi address, you must change the an1234 to
na1234 (not anonymous), for I have a password/anon.penet.fi address for
this account but I don't wish to either 1) give it out so anyone could then
change it, or 2) have Julf remove it, so anyone could remail to anon.penet.fi
but a few could also forge mail from qwerty to set a password.

-Xenon





From edgar at spectrx.saigon.com  Wed Feb  2 01:10:56 1994
From: edgar at spectrx.saigon.com (Edgar W. Swank)
Date: Wed, 2 Feb 94 01:10:56 PST
Subject: Remailer Tearline Conventins
Message-ID: <wo44gc6w165w@spectrx.saigon.com>


-----BEGIN PGP SIGNED MESSAGE-----

Someone (not me) asked about remailer tearline conventions to
eliminate automatic sigs:

    Though this subject came up some months ago, I never noticed any
    final decision.

    Is there now an accepted tearline convention for the generic
    cypherpunks remailers?  The mail handler here and at most of my
    other accounts automagically adds the host address and/or my
    address to all outgoing mail, which
    is...well..._counterproductive_ when sending mail to a remailer.
    The extropia remailer by accepting encrypted messages avoids this
    problem, but most of the other remailers seem to have no
    provisions for excluding extraneous text and address footers.

    Was there ever a "8<----(cut here)" arrangement agreed upon and
    incorporated into the remailers?

I'm the one who brought this up "months ago" and the short answer to
your question is "no."

One remailer

    Hall Remailer     <nowhere at bsu-cs.bsu.edu>

added a "cut line" of

   --ignore--

[no indentation in actual use].  I tested this when Hall first
announced it and it seems to work.  You would be advised to test it
yourself before relying on it.  Unfortunately the Hall Remailer is one
of the remailers that does not support encryption.  AFIK, this "cut
line" code was never propagated to any other Cypherpunks remailers.

At the time I brought this up, the attitude of most remailer operators
(Chael Hall and Miron Cuperman notably excepted) was that anyone who
couldn't figure out how and remember to turn off their auto sig didn't
deserve any privacy.

I recommend that you always use the wimsey (extropia) remailer as the
first (or only) leg of a remailer chain.  It is also the only
Cypherpunks remailer outside the USA (it's in Canada) which will make
tracing msgs a little more difficult for USA authorities.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU5FJt4nNf3ah8DHAQECYQP/f2LDs7Tq1PfrH4PQBOR0Iu1XIrCDztZB
dVapPFSjfF2Y20ljWqHsMK7xjUpfLpaXluFogav9DpGgey/zrO48MJJf8gFBGsJA
7gsOUl3Yc3VDPWvWI18zN4MgYeeEfRoTXIToWSeiadJmiEMq5m0hqs1bjZwOmmSr
rewqGMxMUeI=
=U43w
-----END PGP SIGNATURE-----

--
edgar at spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From nobody at qwerty.org  Wed Feb  2 02:10:49 1994
From: nobody at qwerty.org (nobody at qwerty.org)
Date: Wed, 2 Feb 94 02:10:49 PST
Subject: SuperPing1.2
Message-ID: <199402021008.CAA22797@mail.netcom.com>


If it wasn't obvious, SuperPing is the sort of utility that only needs to
be run say once a day by ONE person out there. Since I did it today, and
I haven't reported any down links, you can be rest assured the network
is fully connected, at least the remailers listed in the code.

-Xenon





From nobody at qwerty.org  Wed Feb  2 02:25:28 1994
From: nobody at qwerty.org (nobody at qwerty.org)
Date: Wed, 2 Feb 94 02:25:28 PST
Subject: Remailer Tearline ConventiOns.
Message-ID: <199402021025.CAA23813@mail.netcom.com>


Edgar wrote,
"I recommend that you always use the wimsey (extropia) remailer as the
first (or only) leg of a remailer chain."

I'm not too familiar with extropia these days. Does it have a direct
internet connection? What is its characteristics? I'm trying to make
up a more useful list of remailers, with details, since different
users do have different needs for remailers. Thanks.

-Xenon





From pmetzger at lehman.com  Wed Feb  2 04:15:30 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 2 Feb 94 04:15:30 PST
Subject: archiving on inet
In-Reply-To: <9402012201.AA23756@internal.apple.com>
Message-ID: <199402021211.HAA05378@snark>



Lefty says:
> >In what way does my internet provider 
> >(netcom) have a "legal" distribution of usenet news, while a cd-rom 
> >provider does not?
> 
> I have "provided" my postings to Usenet, for the personal use of Usenet
> subscribers.

Excellent. Now, please tell me how to determine if someone is a
subscriber. Is there a big subscriber list available somewhere for the
judge to check?

>  By providing my postings to a particular distribution
> mechanism, I implicitly give permission for them to be redistributed _via_
> _that_ _mechanism_.  I _do_ _not_ give permission for them to be repackaged
> and resold via another medium, any more than David Byrne has given me
> permission to resell cassettes of his music by allowing it to be broadcast
> on the radio.

Wonderful. Now, can you please explain what the usenet transmission
mechanism is? It obviously includes magtapes. It appears to include
CD-ROMs -- they have been used to distribute newsfeeds for years
now. In theory, an NNTP site that never expires articles makes those
articles available forever via NNTP, so time is obviously not a
criterion. Usenet has always been gatewayed to email, so email isn't
excluded (indeed, CNews explicitly provides a "by email" news
distribution mechanism). So, what exactly, is NOT part of the usenet
mechanism?

Perry





From pmetzger at lehman.com  Wed Feb  2 04:20:53 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 2 Feb 94 04:20:53 PST
Subject: archiving on inet
In-Reply-To: <199402020036.QAA20961@mail.netcom.com>
Message-ID: <199402021218.HAA05396@snark>



Now all you have to do is explain what an "expiration date" is and
explain the legal liability of sites that miss cancel messages by
accident. 

.pm

Jim Nitchals says:
> There is.  Copyright 1994 James Nitchals.  Duplication and redistribution
> rights permitted only until the expiration date or issuance of a cancel
> message by the author.
> 
> CD-ROM publishers cannot honor the request except by reissuing the CD-ROM
> without my content.  Anyone who backs up their home directory is safe,
> but if they redistribute my article after it's expired or cancelled, they
> are in violation of my copyright.
> 
> 





From pmetzger at lehman.com  Wed Feb  2 04:25:30 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 2 Feb 94 04:25:30 PST
Subject: archiving on inet
In-Reply-To: <199402020030.QAA20097@mail.netcom.com>
Message-ID: <199402021222.HAA05404@snark>



Many news systems don't understand expiration dates, and some don't
grok cancel messages. CD-ROMs can easily carry cancel messages, too,
by the way -- they are a transport medium.

Next bright idea?

Anyway, people who want to use the law to restrict distribution of
their news articles are extremely foolish. Your words are out there
and they WILL be read. Forever. You can't help it. If you find your
words embarassing, don't say them.

.pm

Jim Nitchals says:
> I've already said it.  I own the copyright to my posts, and only permit
> them to be distributed by Usenet because I can *cancel* and provide
> expiration dates with my posts.  CD-ROMs do not provide these standard
> Usenet message control features.
> 
> If I issue a cancel message, it's obvious that I'm asserting control
> over the further distribution of my content (sites that ignore them
> notwithstanding.)  Any time a CD-ROM is published with my message, and
> it contains an expiration date or is later cancelled, the publication
> violates my right as a copyright holder to retract my message.
> 
> [portions deleted]                         >  No providers of usenet news
> > have any agreements between themselves and the posters regarding 
> > copyrights. Netcom and all the other internet providers receive postings 
> > "free" and a cd-rom manufacturer has the same "right" to use postings as 
> > any other internet provider.
> 
> My expiration dates or cancel messages are perfectly reasonable ways
> to communicate the way in which I'm exercising my copyright.  Netcom
> and other service providers currently honor those communications, but
> CD-ROM publishers of Usenet news do not.
> > 
> > Kirk Sheppard
> > 
> > kshep at netcom.com
> > 
> > P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
> > Bethesda, MD 20824-0911      Live On Your Knees."
> > U.S.A.
> > 			    			     - Emiliano Zapata
> > 





From boone at psc.edu  Wed Feb  2 07:00:55 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Wed, 2 Feb 94 07:00:55 PST
Subject: New Remailer Up.
In-Reply-To: <199402020607.WAA29302@mail.netcom.com>
Message-ID: <9402021500.AA11889@igi.psc.edu>



nobody at qwerty.org  writes:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Greetings.
> 
> New remailer: qwerty at netcom.com.
> 
> No logs. Only a "counter" that works by appending the word "R" or "ER" to a
> text file so I can get an idea if anyone is using it. However, I'm sure the
> Netcom and other site's mail logs will be enough to track serious abusers
> of anonymity down, without my help. This remailer is dedicated to honest
> people who desire PRIVACY.

  Is the sendmail (I assume you are using sendmail for SMTP services) daemon
  set up so that it *doesn't* log to /usr/spool/mqueue/syslog [or any other
  syslog facility]?  Otherwise, it may well be possible to track the usage
  of the remailer through browsing the syslog logs.

  This is one of the problems (it seems to me) with using a remailer and
  *not* having root access.  Unless you can convince your sysadmin to
  remove the syslog mechanism that sendmail uses, you may be exposing your
  users (presumably by accident).

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From hughes at ah.com  Wed Feb  2 07:40:56 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 2 Feb 94 07:40:56 PST
Subject: New Remailer Up.
In-Reply-To: <9402021500.AA11889@igi.psc.edu>
Message-ID: <9402021536.AA17122@ah.com>



>> New remailer: qwerty at netcom.com.

>  Is the sendmail [...] daemon
>  set up so that it *doesn't* log to /usr/spool/mqueue/syslog [...] ?

>  This is one of the problems (it seems to me) with using a remailer and
>  *not* having root access.

The remailers could implement their own outoing SMTP, to get rid of
one end of the log, albeit the less important end.

They could also run a SMTP server on a non-reserved TCP port, but that
would require a few things:

-- The remailer would have to be in the process table at all times and
listening to some TCP port.  Right now the remailer is activated by
incoming mail and appears only transiently in the process table.

-- The remailer chain would have to know to use the alternate port
when sending.  This should require new syntax for setting up source
routes.

It would, however, eliminate the standard mail logging.

Eric





From hughes at ah.com  Wed Feb  2 08:15:32 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 2 Feb 94 08:15:32 PST
Subject: On return addresses
Message-ID: <9402021609.AA17192@ah.com>


I've been troubled for many months by an invariant in all forms of
return address schemes: The outside world contains sufficient
_persistent_ information to find a real adress.  There are lots of
clever schemes to split this information up so as to require
reassembly between many parties, but the information is still out of
one's control.  (I use 'reassembly' rather than 'collusion' since the
latter indicates an intent; see my rant of a few days ago.)  The
fundamental problem seems impenetrable.

So how do we solve it?  By abandoning return addresses and using mail
spool facilities.

Consider the following service.  

1. I have a machine and I'll sell you an address on it, say
"onyma at privacy.net".  This address is _not_ an account, merely an
address.  Your mail is password or public key protected.

2. When mail come in for you, it sits in a spool.  This service comes
with a spool of a certain size and an allowance for checking your mail
at a certain rate, with overages at extra cost for both.  (This is to
bound known promised capacity of the machine by a sufficient amount of
money to pay for it.)

3. Your mail sits in the spool until you access it with, say, a POP
client like Eudora.  Just point the client at a different address to
pick up mail.  The server can further support a number of protocols
for getting the mail, including a mail server command of "send me a
mailbox file of my waiting mail".

The main advantage is that the only _persistent_ information out in
the world is the address itself and the authenticator (password or
public key).  The address is already public and the authenticator is
arbitrary, so no identity information is persistent.  

A complete chain could still be forged between sender and receiving
pseudonym, but we now have some amount of forward secrecy.  If in fact
an intermediate link does discard connection information, it is gone
forever.  With any kind of SASE, however, the information therein,
however encrypted, still contains a full path back.

Now consider two ways of getting your mail out of this service,
supposing you don't trust the service with your identity.

A IP redirector can be with POP service to conceal origin from the
mail service.  An IP redirector is a remailer for packets, with a
bidirectional link set up when the service starts and removed when it
goes away.  Matt Blaze has a name for this--'packet laundry'--which is
a wonderful but politically unfortunate term.  The IP redirectors can
be chained just like remailers.

With a mail server, the command to 'send me my mailbox' can be sent to
a remailer address with an encrypted remailing block prepended.  In
this case, however, the encrypted remailer block is provided with the
mail command that requests the mailbox and it is not by design stored
persistently.  (By design.  It could, of course, actually be stored.)
The address on the other side of the first remailer hop could be
another mail spooing service, in addition.

The elimination of persistent identifying information for return paths
is a worthwhile design objective.  I propose that we start thinking
about it more thoroughly.

Eric





From sameer at soda.berkeley.edu  Wed Feb  2 08:50:56 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Wed, 2 Feb 94 08:50:56 PST
Subject: REMAIL: ping, script
In-Reply-To: <9402020140.AA07524@screech.owlnet.rice.edu>
Message-ID: <m0pRkQt-00010lC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Karl Lui Barrus spake:
> 10:y:sameer at netcom.com
> 15:y:sameer at soda.berkeley.edu

	These remailers are down. :-(

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU/UkXi7eNFdXppdAQEJ6wP/ZyqgG4nF32c8/4MaG/DNaqeHJpd1KyW1
YfZ58gR9GzWlnE7zhDgfiLRo1I0W6PVUO7mMxj8aIou7xhzME3F9fwqZfPbX8yZN
DWbSY4yDBgSyVu1wcs5gtwOK8htlLdpinBxDXjSh6rH6d9tQEQi55tXz6ocveveI
i1euOShTWoI=
=9Hax
-----END PGP SIGNATURE-----




From ravage at wixer.bga.com  Wed Feb  2 09:11:06 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Wed, 2 Feb 94 09:11:06 PST
Subject: Archiving on Inet
Message-ID: <9402021708.AA09079@wixer>


I would like to ask all subscribers who are not addressing the issues of this
question to please move their responces to private mail. I have no interest
in exploring your personalities or views of others personalities.

If a global network is to survive there must be a commen understanding of
what is public domain and what is private or commercial. At the present time
this is completely new ground. The fact is that the copyright laws of the US
are of little interest to a net user in Moscow, Russia or Pretoria, S. Africa.

If as a cpunk you don't feel that a anonymous regulatory agency can protect
your privacy why do you feel they can protect your intellectual property? The
issue has direct bearing on both intellectual property and the wide spread
use of cryptographic techniques. As a active cpunk it seems to me that your
first motivation after producing the actual code is to creat a atmosphere
where it can be used for the betterment of all. To create a useable global
community (what I am striving for) it seems to me that entries on that
network must be public domain by default. Otherwise every country who joins,
and by reduction every potential user, will have to agree on how to
recompense each and every user who desires to be paid for their submissions.
This, to me, leads incontrovertibly to the conclusion of a beurocratic
nightmare that will not significanly assist anyone other than the regulatory
agencies. The only other answer that seems even close to working (and I
consider this a stretch of the imagination) is one where everyone is given
access for free and the governments regulate the traffic completely and pat
for it with tax dollars.

As to the issue as it applies to community bbs'es. I run such a system and am
in the process of getting it on the net. As part of this project I have 2
other systems that I will be providing feeds for. These systems are all run
by individuals who have these boxes sitting in their den. By insisting on a
priori copyright of all material it is my opinion that you are creating a
situation which will prevent the growth of such systems. Now if we don't have
regulatory agencies and the sites are indipendant (and I assume self
supporting) how can we expect some Joe or Jill to put up a system to help the
people in their neighborhood if they have to keep looking over thier
shoulders for the copyright police? The answer is they won't put up such
systems and we all loose.

By providing strong crypto tools for business and individuals to protect
their intellectual and commercial property we are creating an open door
atmosphere which motivates people to join the network for their own enjoyment
and edification. This to me is more important than keeping the present view
(as applied to non-networked environments) of copyright. It is time that we
as uses of Internet set a precedence before the legislators set one for us
that will in the long run only assist those already in power by strangthening
the need for regulatory agencies.

I strongly suggest that you all consider this idea from the global and long
term view. I think you will find that the view "information wants to be free'
is the way to go.

To this end I propose that organizations such as EFF and cpunks take the
position of a priori public domain status of network submissions. Also that
all individuals who wish to retain intellectual or commercial rights either
use strong crypto w/ e-mail distribution of keys or a change be implimented
in message headers such that sites who don't wish to carry such material can
filter it, along with this should be a requirement that any such non-
crptographicly secure material must contain a fair use policy at the
beginning of each and every document.

It is time we quite letting big brother tell us what we can do with our ideas
and how to distribute them.






From nobody at qwerty.org  Wed Feb  2 09:15:32 1994
From: nobody at qwerty.org (nobody at qwerty.org)
Date: Wed, 2 Feb 94 09:15:32 PST
Subject: New Remailer Up.
Message-ID: <199402021713.JAA08629@mail.netcom.com>


Jon Boone wrote,
"  Is the sendmail (I assume you are using sendmail for SMTP services) daemon
  set up so that it *doesn't* log to /usr/spool/mqueue/syslog [or any other
  syslog facility]?  Otherwise, it may well be possible to track the usage
  of the remailer through browsing the syslog logs.

  This is one of the problems (it seems to me) with using a remailer and
  *not* having root access.  Unless you can convince your sysadmin to
  remove the syslog mechanism that sendmail uses, you may be exposing your
  users (presumably by accident)."

No, fortunately for other users, I do not have root access on Netcom ;-).
So who is going to be doing this browsing? Other Netcom users can't read
the mqueue:

qwerty: cd /usr/spool
qwerty: ls
cron        lpd.lock    news        news4       uucp
locks       mail        news2       rwho        uucppublic
lpd         mqueue      news3       secretmail  uumaps
qwerty: cd mqueue
mqueue: Permission denied
qwerty: ls -la
total 480
drwxr-sr-x 15 bin           512 Feb  2 01:38 .
drwxr-xr-x 13 root          512 Feb  2 01:38 ..
drwxr-sr-x  4 root          512 Feb  2 01:38 cron
drwxr-sr-x  2 uucp          512 Feb  2 08:30 locks
drwxrwsr-x  2 daemon        512 Feb  2 03:47 lpd
-rw-r--r--  1 root            4 Feb  2 01:38 lpd.lock
drwxrwsrwt  4 root       430080 Feb  2 08:37 mail
drwxr-s---  2 root        18944 Feb  2 08:37 mqueue
drwxr-xr-x284 netnews     12288 Feb  2 05:29 news
drwxr-sr-x  2 netnews       512 Aug 28 17:03 news2
drwxr-sr-x  2 netnews       512 Aug 28 17:03 news3
drwxr-sr-x  2 netnews       512 Jan 16 19:56 news4
drwxr-sr-x  2 root          512 Jan 31 14:40 rwho
drwxrwsrwx  2 bin           512 Nov  3 08:49 secretmail
drwxr-sr-x 11 uucp          512 Feb  2 01:38 uucp
lrwxrwxrwx  1 root           20 Nov 26 15:48 uucppublic -> /usr/hack/uucppublic
drwxrwxr-x  5 netnews     12288 Feb  2 05:48 uumaps

"Is the sendmail (I assume you are using sendmail for SMTP services) daemon
  set up so that it *doesn't* log to /usr/spool/mqueue/syslog [or any other
  syslog facility]?  Otherwise, it may well be possible to track the usage
  of the remailer through browsing the syslog logs."

I'm using Hal's remailer, so ask him the details of what I have running.
How many of those private sites with remailers having root, keep NO personal
logs? Any? I would like to compile a more detailed listing of the details
about each remailer's capabilities, situation, and policy statements.

If someone sends anonymous mail through my mailer victimizing someone in
a criminal manner, and law enforcement convinces Netcom to check the logs,
then more power to them. If someone sends mail discussing large doses of
vitamin C, when vitamin supplementys are banned a year from now, and the
FDA wants to arrest them, and Netcom allows them to see the mqueue then
that would be unfortunate indeed. I am running a remailer. Here is the
situation. What more can I offer? I would ask people to look at the
various remailers and ask in a street smart practical manner what the
pros and cons of each one is.

What, exactly, does the mqueue record? How long does it get saved? I
needed remailers to maintain some simple privacy by distancing myself
from the character Xenon. No 5AM fone calls and letters from people
asking me to send them PGP.... I figured if I was going to become the
largest volume user of the remailers, I should become a remailer
myself. The other option was to use the Netcom account to directly
mail out what I am sending to people, but that wasn't as fun of an
idea.

-Xenon





From mmarkley at microsoft.com  Wed Feb  2 09:30:56 1994
From: mmarkley at microsoft.com (Mike Markley)
Date: Wed, 2 Feb 94 09:30:56 PST
Subject: fwd: Canadian gov't eavesdropping
Message-ID: <9402021727.AA04813@netmail2.microsoft.com>


| From: Eli Brandt  <netmail!ebrandt at jarthur.Claremont.EDU>
| To: cypherpunks list  <cypherpunks at toad.com>
| Subject: fwd: Canadian gov't eavesdropping
| Date: Tuesday, February 01, 1994 7:26PM
|
| Received: from relay2.UU.NET by netmail.microsoft.com with SMTP (5.65/25-eef)
| 	id AA07450; Tue, 1 Feb 94 19:59:09 -0800
| Received: from toad.com by relay2.UU.NET with SMTP
| 	(5.61/UUNET-internet-primary) id AAwbln22133; Tue, 1 Feb 94 22:55:33 -0500
| Received: by toad.com id AA05602; Tue, 1 Feb 94 19:30:49 PST
| Received: by toad.com id AA05533; Tue, 1 Feb 94 19:26:28 PST
| Return-Path: <ebrandt at jarthur.Claremont.EDU>
| Received: from jarthur.Claremont.EDU ([134.173.42.1]) by
| toad.com id AA05527; Tue, 1 Feb 94 19:26:21 PST
| Message-Id: <9402020326.AA05527 at toad.com>
| In-Reply-To: <94Feb1.201622est.83288(2)@ivory.educom.edu>;
| from "E-D-U-P-A-G-E" at Feb 1, 94 8:21 pm
| X-Arcane-Subliminal-Header: fooquayleglorkpsilocybinrkbapinkyogsothothquux
| X-Mailer: ELM [version 2.3 PL11]
|
| > Date:	Tue, 1 Feb 1994 20:21:46 -0500
| [...]
| > HIGH-TECH SNOOP GADGET.  A super-secret branch of the Canadian Security
| > Intelligence Service has awarded three contracts to a Montreal firm to make
| > equipment that can quickly isolate key words and phrases from millions of
| > airborne phone, fax, radio signals and other transmissions. The hardware
| > has the "Orwellian potential to sweep through ... and keep records of all
| > conversations," said one CSIS critic.  (CTV National News, 01/31/94 11:00
| > pm).
|
| Dunno how feasible this kind of keyword recognition presently is,
| but here's another reason to encrypt.

I'd be curious to see how they are going to do voice recognition on 
random conversations. Unless I am very sadly out of date you need to 
teach the pattern matcher individual voices.


|
| > EDUPAGE. To subscribe to Edupage send e-mail to listproc at educom.edu,
| > containing the following text: SUB EDUPAGE yourfirstname yourlastname. To
|
|    Eli   ebrandt at jarthur.claremont.edu
|
|
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Mike Markley              || The opinions here do not represent the
mmarkley at microsoft.com    || opinions of my employer. Attempts to
			  || associate the two are pointless.

   "I want to look at life, In the available light"
					- Neil Peart -






From werner at mc.ab.com  Wed Feb  2 09:40:57 1994
From: werner at mc.ab.com (werner at mc.ab.com)
Date: Wed, 2 Feb 94 09:40:57 PST
Subject: remailers
Message-ID: <9402021739.AA04726@werner.mc.ab.com>


Hi,

Can a remailer be used to post to an arbitrary Usenet group?

Is the above a stupid question?





From blake.coverett at canrem.com  Wed Feb  2 10:00:56 1994
From: blake.coverett at canrem.com (Blake Coverett)
Date: Wed, 2 Feb 94 10:00:56 PST
Subject: archiving on inet
In-Reply-To: <9402011752.AA00225@jazz.hal.com>
Message-ID: <60.2666.6525.0C19348B@canrem.com>


jazz at hal.com, in a message on 1 February, wrote:

JA> If you were a ligitimate recipient of the work in the first place (i.e. g
JA> it in a newsfeed) and you store those postings for your own use or for th
JA> use of others on that node in the store-and-forward network, then you can
JA> keep the work 'til the bits rot. Infringement occurs when you copy those
JA> bits onto some medium for some purpose other than store-and-forward
JA> propagation or the allowed fair-use exceptions; stuffing articles on a
JA> CD-ROM and selling them falls into neither category and hence is an
JA> infringement.

Hmm... why is "stuffing articles on a CD-ROM and selling them" not a type
of store-and-forward propagation?  Usenet is not just a bunch of machines
speaking CNews.

I agree that you have a copyright on the expression of ideas that make up
a Usenet post.  However I maintain that by posting them on Usenet you are
explicitly allowing them to be distributed (either freely or for a cost)
by all methods used to distribute Usenet.


I would seem obvious to me that taking a nice piece of Usenet prose 
and publishing it a collection of essays would be in violation of
a copyright.  On the other hand, publishing the same thing in a collection 
of this month's Usenet traffic would not.  People redistribute and sell
your Usenet postings all the time, why would it make a difference if they
do so via CD-ROM?


-Blake  
(Never underestimate the bandwidth of a trunk full of CD-ROMs)  
...
 * ATP/DJgcc 1.42 * blake.coverett at canrem.com, disclaimers? fooey!







From nobody at qwerty.org  Wed Feb  2 10:15:56 1994
From: nobody at qwerty.org (nobody at qwerty.org)
Date: Wed, 2 Feb 94 10:15:56 PST
Subject: remailers
Message-ID: <199402021815.KAA24792@mail.netcom.com>


werner asked,
"Can a remailer be used to post to an arbitrary Usenet group?"

newsgroup at news.cs.indiana.edu posts things quickly via e-mail. When I
use anon.penet.fi for Usenet, I often use this, since it is quite a bit
faster than using anon.penet.fi's posting feature.

"Is the above a stupid question?"

Is this a stupid answer? Both are in various FAQs.

-Xenon






From pgpkeys at wasabi.io.com  Wed Feb  2 10:20:56 1994
From: pgpkeys at wasabi.io.com (PGP Slave Key Server)
Date: Wed, 2 Feb 94 10:20:56 PST
Subject: system logging
Message-ID: <199402021245.MAA19515@wasabi.io.com>


> Greetings.
>
> New remailer: qwerty at netcom.com.
>
> No logs. Only a "counter" that works by appending the word "R" or "ER" to a
> text file so I can get an idea if anyone is using it. However, I'm sure the
> Netcom and other site's mail logs will be enough to track serious abusers
> of anonymity down, without my help. This remailer is dedicated to honest
> people who desire PRIVACY.

People should be aware that whether Niko makes personal logs on his
qwerty account or not, the public logs on netcom show more than enough
info to trivially track people down.

By the way it's very bad practice to forge From: lines, especially
with completely non-existant site names like qwerty.org...perhaps
you should ask netcom to register it for you.  Or if they charge real
money for it, your postmaster at columbia.edu might do it for free if
you asked him nicely.





From nobody at qwerty.org  Wed Feb  2 10:25:33 1994
From: nobody at qwerty.org (nobody at qwerty.org)
Date: Wed, 2 Feb 94 10:25:33 PST
Subject: fwd Canadian gov't eavesdropping
Message-ID: <199402021825.KAA27093@mail.netcom.com>


Mike Markley say,
"I'd be curious to see how they are going to do voice recognition on
random conversations. Unless I am very sadly out of date you need to
teach the pattern matcher individual voices."

But of course they will just collect voice samples from everyone soon,
and use them to IDENTIFY you. It'll probably be put on our US national
health care cards. Ever since I started worrying about leaving DNA on
postage stamps, I've started to think what can be done will be done.

-Xenon





From gnu  Wed Feb  2 10:25:56 1994
From: gnu (John Gilmore)
Date: Wed, 2 Feb 94 10:25:56 PST
Subject: Josh Quittner's Newsday column on Cypherpunks
Message-ID: <9402021823.AA26464@toad.com>


Date:      Wed, 02 Feb 1994 10:41:42 est
From: "josh quittner" <quit at newsday.com>
To: gnu at cygnus.com
Subject:   newsday column

Hiya John:
Here's the little column I did for my newspaper on the cypherpunks
meeting I sat in on last month. Thought you might be interested. I know
it's laymanlike, but if you want, you have my permission to distribute
it to your list. I told Eric I'd send him a copy, but I left his email
address at home, so if you'd be good enough, would you either pass this 
on to him or email me his address so I can? Thanks. Hope all is well with
you. Be glad you're not freezing your ass off back here.
	Regards,
	-jq


PUBLICATION DATE      Tuesday. February 1, 1994
EDITION               NASSAU AND SUFFOLK
SECTION               DISCOVERY
PAGE                  53
OTHER EDITIONS        59 C
HEADLINE              Life In Cyberspace
                      COMPUTERS IN THE ^90s
                      Coding Up a Bit of Privacy
BYLINE                Joshua Quittner
DATELINE              MOUNTAIN VIEW, Calif.
LENGTH                91   Lines

  MOUNTAIN VIEW, Calif.
       THIS MUST BE HOW the Founding Fathers looked when they hacked out
  the Constitution:
      A roomful of young men, mostly  -  frazzled hair, eager eyes, wild
  beards, arms flailing and fingers jabbing the air, reaching for big
  ideas. You can't help but feel it; urgency tempers their voices. The
  earnest men plan and argue in this corporate conference room as the last
  sun rays of a winter Saturday afternoon fade in through a skylight. 
      Time is running out for the Cypherpunks.
      There is much work to be done before the information highway
  arrives. The information highway   -   that 500-channel shopping mall /
  cineplex championed by cable and telephone companies   -   is a noxious
  concept to the people in this room. They are not technophobes or
  Luddites, these Cypherpunks. Instead, they are a collection of clever
  computer programers, engineers and wire heads from some of the nation's
  best-known Silicon Valley software houses and hardware shops.
      This is their central question: In a future world where all
  information is centralized on a network, where all information is
  tracked by the bit, where every purchase you make and every
  communication can be monitored by corporate America, how does privacy
  survive? If you go to a bookstore now and buy a book, you can pay in
  cash. No one knows your name or what you purchased. "What happens to
  cash transactions on the information highway?" they ask.
      The Cypherpunks believe that they can preserve your privacy through
  good cyphers, or codes. But they must hurry, must get their codes out
  and their networks up and running.
       "The whole information highway thing is now part of the public
  eye," explains Eric Hughes, a founder of the Cypherpunk movement. "If we
  don't change it now, it'll be impossible later."
     The Cypherpunks know what technology is capable of. We visit them
  today because they represent one edge of the national debate on the
  structure of the information highway. And as we all know, extreme
  positions help define the middle.
      Many of the Cypherpunks have been heavy Internet users for years and
  hope to preserve the communal spirit of that freewheeling world of
  interconnected computer networks. They dread the coming commercial
  network of televisions and computers, saying it will displace the
  Internet and destroy many of the freedoms they now enjoy.
      So the Cypherpunks, with the kind of zeal they professionally bring
  to marathon, 72-hour sessions hacking computer code, are plotting to
  keep free networks alive. That's "free" in the sense of unfettered,
  unmonitored, uncensored.
      One way they're going about it is by spreading easy-to-use, cheap
  cryptography. Cryptography is the science of keeping two-way
  communication private. Computers, it turns out, are revolutionary
  cryptographic tools, able to encode and decode files quickly. For the
  first time, virtually unbreakable codes are now possible, thanks to
  computers.
      The Cypherpunks post cryptographic software on the Internet where
  anyone can access it, and can encode their communications, including
  electronic mail, pictures and video. 
      But the U.S. government is concerned, as governments always are,
  about the spread of powerful cryptography (terrorists could use it,
  kidnapers could use it, drug dealers could use it, all of them on
  cellular phones that encode conversations). It currently is pushing its
  own commercial cryptographic standard, through a special chip known as
  the Clipper. The chip is reviled by Cypherpunks and other civil
  libertarians because it provides a back door that law-enforcement
  agencies could enter, with the proper warrants, for surveillance. 
      By getting good, unbreakable cryptography out there now, the
  Cypherpunks hope, whatever the government finally decides will be moot.
      Software has a wonderful property, the Cypherpunks are fond of
  saying: Once it's created, it can never be destroyed. It can be copied
  infinitely, from computer to computer, spreading like a secret. Come
  what may, unbreakable Cypherpunk code, and Cypherpunk networks, will be
  out there forever, they hope. But just to be safe, the Cypherpunks are
  toying with different network-related plans to create an economy of 
  "digicash"   -   network money that, like the dollars in your pocket,
  isn't tied to a user's credit cards or other personal identification.
  Digicash will help pay for Cypherpunk networks and will allow people to
  purchase goods without revealing their identity.
     "I'm starting a bank, and it's not going to be a U.S. bank," Hughes
  says. He's standing at the whiteboard now. A strawberry-blond ponytail
  dangles down his back and he grasps a magic marker in his hand. "We have
  several long-term strategies, one of which is the elimination of central
  banks." He tells the assembled crowd what they already know. Heads nod.
  Some people take notes.
      Hughes is a self-employed programer in Berkeley. His hand flies
  across the whiteboard, sketching out a schematic diagram, showing how
  his bank will operate. The bank will store depositers^ money (he's
  thinking a $200 minimum deposit) and disburse payments to anyone   - 
  all over the Internet. It will be based abroad, maybe in Mexico. A
  Cypherpunk network bank is one way to pay for a network of truly
  encrypted, private communications, you see.
      "Is this going to lead the way to portable laptop ATM machines?"
  someone asks in the back. People snicker. 
      "Have you thought about its name?" someone else asks.
      "First Bank of Cyberspace!" yells one person.
      "First Internet Bank!" yells another.
      "The Nth National Bank!"
      Laughter. Billy goat beards bob.
      There is much work to be done.

--end of story--
-- 
          josh quittner
             vox: 516-843-2806
                fax: 516-843-2873
                   quit at newsday.com





From wjm at MIT.EDU  Wed Feb  2 10:30:57 1994
From: wjm at MIT.EDU (william j mitchell)
Date: Wed, 2 Feb 94 10:30:57 PST
Subject: unsubscribe wjm@mit.edu
Message-ID: <9402021826.AA26210@MIT.EDU>


unsubscribe wjm at mit.edu





From pgpkeys at wasabi.io.com  Wed Feb  2 10:45:32 1994
From: pgpkeys at wasabi.io.com (PGP Slave Key Server)
Date: Wed, 2 Feb 94 10:45:32 PST
Subject: New US keyserver now fully operational - pgp-public-keys@io.com
Message-ID: <199402021313.NAA19622@wasabi.io.com>


The US-based keyserver  'pgp-public-keys at io.com' is now open to the public.

Come one, come all!

Here is the current file as returned by 'Subject: help'.

This site is a PGP key server SLAVE site.  It behaves
very similarly to the European PGP master sites, but there
are a few small differences which will be noted below.
The most noticable difference is that it answers your
requests immediately instead of waiting for a daily
batch job to run :-)

The particular installation at io.com does *not* log the details of
requests for keys, however the fact that you have sent mail to the
key server at all is logged in the daily sendmail logs.  These logs
will be erased automatically after one week.


PGP Public Keyservers
---------------------

There are PGP public key servers which allow one to exchange public
keys running through the Internet and UUCP mail systems.

This service is NOT supported in any way whatsoever by the schools or
organizations on which these servers run.  It is here only to help
transfer keys between PGP users.  It does NOT attempt to guarantee
that a key is a valid key; use the signators on a key for that kind of
security.  This service can be discontinued at any time without prior
notification.

Each keyserver processes requests in the form of mail messages.  The
commands for the server are entered on the Subject: line.

        To: pgp-public-keys at io.com
        From: johndoe at some.site.edu
        Subject: help

Sending your key to ONE server is enough.  After it processes your
key, it will forward your add request to other servers automagically.

For example, to add your key to the keyserver, or to update your key if it is
already there, send a message similar to the following to any server:

        To: pgp-public-keys at io.com
        From: johndoe at some.site.edu
        Subject: add

        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: 2.2

        <blah blah blah>
        -----END PGP PUBLIC KEY BLOCK-----

COMPROMISED KEYS:  Create a Key Revocation Certificate (read the PGP
docs on how to do that) and mail your key to the server once again,
with the ADD command.

Valid commands are:

Command                Message body contains
---------------------- -------------------------------------------------
ADD                    Your PGP public key (key to add is body of msg)
                       *** Note: your update is forwarded to a master
                           server and may take a few days to reappear
INDEX                  List all PGP keys the server knows about (-kv)
VERBOSE INDEX          List all PGP keys, verbose format (-kvv)
GET                    Get the whole public key ring
GET 0xA1B2C3           Get a single key by Key ID
                       *** Note: the master servers allow you to omit
                           the 0x in front of the Key ID.  The slave
                           servers do not.
GET userid             Get a single key by User ID
MGET substr            List all keys which match "substr"
                       *** Note: this is different from the master servers
                           which return the keys themselves, not just a
                           listing of their Key IDs.  Also the master
                           servers accept a wild-card expression; at
                           the moment we do not.
LAST days              Get the keys updated in the last `days' days
                       *** Note: not yet implemented
------------------------------------------------------------------------

Examples for the MGET command:

        MGET michael         Lists all keys which have "michael" in them
        MGET @iastate.edu    Lists all keys which contain "@iastate.edu"


Check the Usenet newsgroup alt.security.pgp for updates to this system
and for new sites.

Based on a document originally by Michael <explorer at iastate.edu>





From cknight at crl.com  Wed Feb  2 10:55:33 1994
From: cknight at crl.com (Chris Knight)
Date: Wed, 2 Feb 94 10:55:33 PST
Subject: fwd: Canadian gov't eavesdropping
In-Reply-To: <9402021727.AA04813@netmail2.microsoft.com>
Message-ID: <Pine.3.87.9402021054.A21677-0100000@crl.crl.com>




On Wed, 2 Feb 1994, Mike Markley wrote:

> 
> I'd be curious to see how they are going to do voice recognition on 
> random conversations. Unless I am very sadly out of date you need to 
> teach the pattern matcher individual voices.
> 
Drop by your nearest Apple Macintosh dealer and ask them to show you the 
speach recognition system that comes shipped with the Quadra AV series.

I gave a demo in a crowded room, and a stereo in the background...  
Several people took turns asking the computer what time it was, open the 
control panel, etc.  I think you will be suprised.


-ck







From boone at psc.edu  Wed Feb  2 10:55:58 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Wed, 2 Feb 94 10:55:58 PST
Subject: New Remailer Up.
In-Reply-To: <199402021713.JAA08629@mail.netcom.com>
Message-ID: <9402021852.AA15745@igi.psc.edu>



nobody at qwerty.org  writes:
>
> Jon Boone wrote,
> "  Is the sendmail (I assume you are using sendmail for SMTP services) daemon
>   set up so that it *doesn't* log to /usr/spool/mqueue/syslog [or any other
>   syslog facility]?  Otherwise, it may well be possible to track the usage
>   of the remailer through browsing the syslog logs.
> 
> No, fortunately for other users, I do not have root access on Netcom ;-).
> So who is going to be doing this browsing? Other Netcom users can't read
> the mqueue:
> 
> qwerty: cd /usr/spool
> qwerty: ls
> cron        lpd.lock    news        news4       uucp
> locks       mail        news2       rwho        uucppublic
> lpd         mqueue      news3       secretmail  uumaps
> qwerty: cd mqueue
> mqueue: Permission denied
> qwerty: ls -la
> total 480
> drwxr-sr-x 15 bin           512 Feb  2 01:38 .
> drwxr-xr-x 13 root          512 Feb  2 01:38 ..
> drwxr-sr-x  4 root          512 Feb  2 01:38 cron
> drwxr-sr-x  2 uucp          512 Feb  2 08:30 locks
> drwxrwsr-x  2 daemon        512 Feb  2 03:47 lpd
> -rw-r--r--  1 root            4 Feb  2 01:38 lpd.lock
> drwxrwsrwt  4 root       430080 Feb  2 08:37 mail
> drwxr-s---  2 root        18944 Feb  2 08:37 mqueue
> drwxr-xr-x284 netnews     12288 Feb  2 05:29 news
> drwxr-sr-x  2 netnews       512 Aug 28 17:03 news2
> drwxr-sr-x  2 netnews       512 Aug 28 17:03 news3
> drwxr-sr-x  2 netnews       512 Jan 16 19:56 news4
> drwxr-sr-x  2 root          512 Jan 31 14:40 rwho
> drwxrwsrwx  2 bin           512 Nov  3 08:49 secretmail
> drwxr-sr-x 11 uucp          512 Feb  2 01:38 uucp
> lrwxrwxrwx  1 root           20 Nov 26 15:48 uucppublic -> /usr/hack/uucppubl
ic
> drwxrwxr-x  5 netnews     12288 Feb  2 05:48 uumaps

  Well, anyone who is the group which owns mqueue (you need to do an ls -ldg
  to show this info) can read the directory and (likely) the logs.  It would
  not be unusual for the daemon or bin id's to be allowed read access to these
  files/directories, so anyone who could exploit the latest sendmail bug
  could end up reading those files...

  And that doesn't even go into the potential access by legitimate sysadmins
  who may not care too much about other users' privacy...

> I'm using Hal's remailer, so ask him the details of what I have running.
> How many of those private sites with remailers having root, keep NO personal
> logs? Any? I would like to compile a more detailed listing of the details
> about each remailer's capabilities, situation, and policy statements.

  As would I.

> If someone sends anonymous mail through my mailer victimizing someone in
> a criminal manner, and law enforcement convinces Netcom to check the logs,
> then more power to them. If someone sends mail discussing large doses of
> vitamin C, when vitamin supplementys are banned a year from now, and the
> FDA wants to arrest them, and Netcom allows them to see the mqueue then
> that would be unfortunate indeed. I am running a remailer. Here is the
> situation. What more can I offer? I would ask people to look at the
> various remailers and ask in a street smart practical manner what the
> pros and cons of each one is.

  Good advice.  Caveat Emptor!

> What, exactly, does the mqueue record? How long does it get saved? 

  Here is an example of what sendmail might log to syslog:

Feb  2 12:31:18 localhost: 15068 sendmail: AA15068: message-id= \
		<199402021713.JAA08629 at mail.netcom.com>
Feb  2 12:31:18 localhost: 15068 sendmail: AA15068: from= \
		<owner-cypherpunks at toad.com>, size=4402, class=0, \
		received from mailer.psc.edu (128.182.62.100)
Feb  2 12:31:19 localhost: 15070 sendmail: AA15068: to=<boone at igi.psc.edu>, \
		delay=00:00:13, stat=Sent

I have re-formatted the lines to make them easier to read...  This is the log
of you sending this mail to me...

Here's my previous response, which I sent to the list, logged again...

Feb  2 10:00:27 localhost: 11889 sendmail: AA11889: message-id= \
			   <9402021500.AA11889 at igi.psc.edu>
Feb  2 10:00:27 localhost: 11889 sendmail: AA11889: from=<boone at igi.psc.edu>,
			   size=1391, class=0, received from local
Feb  2 10:00:31 localhost: 11891 sendmail: AA11889: to=<cypherpunks at toad.com>,
			   delay=00:00:04, stat=Sent

And here's the list sending it back to me...

Feb  2 10:19:09 localhost: 13086 sendmail: AA13086: message-id= \
			   <9402021500.AA11889 at igi.psc.edu>
Feb  2 10:19:09 localhost: 13086 sendmail: AA13086: from= \
			   <owner-cypherpunks at toad.com>, size=2028, class=0, \
			   received from mailer.psc.edu (128.182.62.100)
Feb  2 10:19:11 localhost: 13089 sendmail: AA13086: to=<boone at igi.psc.edu>, \
			   delay=00:00:02, stat=Sent

If the mailer recieves a lot of messages, then it would not be easy (if at all
possible to correlate the messages received with the id's that they were sent
out to...).  If the traffic load is small, then correlation is fairly easy.

Similarly, if the load is very high, it might become easier -- if I set up a 
script which sent mail to a particular anonid every 2 seconds or so, I would
probably be able to correlate, given access to the syslog logs.  Of course,
I could forgo the logs and just look at the packets passed on your network,
but we were discussing the use of the syslog logs.


> I needed remailers to maintain some simple privacy by distancing myself
> from the character Xenon. 

  Aside from traffic obscuring random messages, a forced, random delay and
  a medium sized load of traffic seem to be the best ways to defeat the use
  of the syslog logs.  Disabling syslog calls in sendmail (or whatever you
  use for SMTP) would be an even better tack to take.  Remember folks, even
  if I can't get root when the machine is up, I may be able to force it into
  single-user mode and access the logs then -- physical security of the 
  machines [as well as software security] is an important consideration of
  *any* remailer you use.

> No 5AM fone calls and letters from people asking me to send them PGP.... 
> I figured if I was going to become the largest volume user of the remailers, 
> I should become a remailer myself. The other option was to use the Netcom 
> account to directly mail out what I am sending to people, but that wasn't 
> as fun of an idea.

  I'm not advising you to not be a remailer, but you should be aware of the
  potential holes -- even if you can't do anything about them...

  If you're concerned with your own personal privacy, I can't think of a
  good way to ensure that you will not be "outed" from your anon-id.
  Even if you use a personal machine which connects to the network via a
  dialup slip IP pool, the provider is likely to keep logs of what machines
  have access to that pool and who their owners are...  And, of course, a
  permanent connection (T1 or the like) is a dead give-away...

  We really need the IP security -- the proposal put forward by Mssr. Blaze
  and Mssr. Ioannidis for encrypted-IP would help.. but you still rely on
  having the other side *not* log...

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From talon57 at well.sf.ca.us  Wed Feb  2 11:00:59 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Wed, 2 Feb 94 11:00:59 PST
Subject: digital signatures/copyright
Message-ID: <199402021858.KAA17982@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----

 A question for Mike Godwin and other attorneys on the list:

 Could one make a case that the use of Digital signatures in
messages imply's copyright retention by the author?

 Does digital signature=copyright or is it at least equivalent?



Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced comunication is
                  indistinguishable from noise." --Steve Witham
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU/2HdCcBnAsu2t1AQF15gP+IqS3o0gNeHng9BSqlk95KzmPwp3oo70p
j2FVYHNOeUKgDSAAwvWr+p3/DOwTafSkJf4A5gW33NOKr0E9JZ4In349RAoueTku
J94VMajT4i7yhOC8X41RPkVLlCltPDRo04SS8h5UFnEk/zFxiTkvXY9mpBcK3yUw
vYY9pbmupSc=
=KbXS
-----END PGP SIGNATURE-----







From mnemonic at eff.org  Wed Feb  2 11:25:33 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Wed, 2 Feb 94 11:25:33 PST
Subject: digital signatures/copyright
In-Reply-To: <199402021858.KAA17982@well.sf.ca.us>
Message-ID: <199402021924.OAA23853@eff.org>


 
>  A question for Mike Godwin and other attorneys on the list:
> 
>  Could one make a case that the use of Digital signatures in
> messages imply's copyright retention by the author?

I suppose one could, but, really, there's no issue of "copyright
retention" out there. Post something to the Net, and it's copyrighted, and
you hold the copyright. Doesn't matter whether you've digsigged it or not.

>  Does digital signature=copyright or is it at least equivalent?
 
No.



--Mike







From Tomaz.Borstnar at arnes.si  Wed Feb  2 11:35:32 1994
From: Tomaz.Borstnar at arnes.si (Tomaz Borstnar)
Date: Wed, 2 Feb 94 11:35:32 PST
Subject: New US keyserver now fully operational - pgp-public-keys@io.com
In-Reply-To: <199402021313.NAA19622@wasabi.io.com>
Message-ID: <9402021932.AA27987@toad.com>


In-reply-to: Your message dated: Wed, 02 Feb 1994 13:13:22 GMT
> The US-based keyserver  'pgp-public-keys at io.com' is now open to the public.

I would like to set up server in Slovenia and don't want to reinvent wheel so
I need server's software. Where can one get it?


Thanks in advance.

	Tomaz





From bob at USCWS4.gat.com  Wed Feb  2 11:51:01 1994
From: bob at USCWS4.gat.com (bob harvey)
Date: Wed, 2 Feb 94 11:51:01 PST
Subject: No Subject
Message-ID: <9402021945.AA12911@USCWS4.gat.com>


unsubscribe bob at USCWS4.gat.com






From nobody at qwerty.org  Wed Feb  2 12:01:00 1994
From: nobody at qwerty.org (nobody at qwerty.org)
Date: Wed, 2 Feb 94 12:01:00 PST
Subject: New Remailer Up.
Message-ID: <199402021959.LAA15215@mail.netcom.com>


Jon wrote,
"  Aside from traffic obscuring random messages, a forced, random delay and
  a medium sized load of traffic seem to be the best ways to defeat the use
..."

How LONG should the such a random delay BE, at max? I am not willing to add
more than 10-15 minutes, max. Is this worth it then? Hours is just too
primitive when it comes to electronic communications. Even minutes!

-Xenon





From reagle at gl.umbc.edu  Wed Feb  2 12:05:33 1994
From: reagle at gl.umbc.edu (Joseph Reagle Jr.)
Date: Wed, 2 Feb 94 12:05:33 PST
Subject: test
Message-ID: <199402022003.PAA24245@xsg02.gl.umbc.edu>


Regards,
Joseph M. Reagle Jr.   | 
reagle at umbc.edu        | It's celluar peptide cake with mint frosting!
jreagl1 at umbc8.umbc.edu |         -- Worf





From smb at research.att.com  Wed Feb  2 12:06:10 1994
From: smb at research.att.com (smb at research.att.com)
Date: Wed, 2 Feb 94 12:06:10 PST
Subject: digital signatures/copyright
Message-ID: <9402022005.AA28855@toad.com>


It's worth noting that U.S. copyright law makes explicit provision
for copyrighting anonymous works.





From nobody at qwerty.org  Wed Feb  2 12:21:02 1994
From: nobody at qwerty.org (nobody at qwerty.org)
Date: Wed, 2 Feb 94 12:21:02 PST
Subject: system logging
Message-ID: <199402022017.MAA20262@mail.netcom.com>


PGP Slave,

Could you please announce my full name, phone number, address, visa card
number, a giff of my signature, height, weight and driver's licence number
not only to the Cypherpunks mailing list but to many usenet groups as well,
since you obviously feel I no longer wish to be known to the masses as
Xenon, and I instead want them to start calling me and postal mailing me
asking for copies of PGP. Thanks asshole. I thought the people on this
list were concerned with privacy, but I was wrong. I mention Xenon in
my personal .plan, but I ask people to let me keep the small amount of
extra privacy I still retain.

You wrote,
"qwerty account or not, the public logs on netcom show more than enough
info to trivially track people down."

Trivial? And so you hack out the info that a message went from remailer
A through qwerty and on to remailer B, at a certain time. You haven't
tracked down anyone my friend.

-Xenon





From DBS5112 at ibm.MtSAC.edu  Wed Feb  2 12:51:02 1994
From: DBS5112 at ibm.MtSAC.edu (DBS5112 at ibm.MtSAC.edu)
Date: Wed, 2 Feb 94 12:51:02 PST
Subject: unsubscribe
Message-ID: <9402022047.AA29669@toad.com>


(mailing to cypherpunks-request at toad.com doesn't seem to work)...
please unsubscribe me from the list...
                                  thanxs





From nobody at pmantis.berkeley.edu  Wed Feb  2 13:05:34 1994
From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu)
Date: Wed, 2 Feb 94 13:05:34 PST
Subject: anonymous mail
Message-ID: <9402022101.AA15882@pmantis.berkeley.edu>


There's a jerk that's been mail-bombing me, and I can't do anything
because he's root at his site.  Would it be ethical to use a remailer to 
bomb him back?

Or maybe I shoudl simply fakemail a message to 
alt.fan.rush-limbaugh at anon.penet.fi with his name and have the contents 
say something like 'Limbaugh sucks', or post to alt.sex.wanted with the 
subject 'SWF virgin seeks man for first time'.

Any ideas on how to get someone back, or at least make life annoying?






From mab at research.att.com  Wed Feb  2 13:11:01 1994
From: mab at research.att.com (Matt Blaze)
Date: Wed, 2 Feb 94 13:11:01 PST
Subject: Notes on key escrow meeting with NSA
Message-ID: <9402022105.AA18514@big.l1135.att.com>


A group from NSA and FBI met the other day with a group of us at Bell
Labs to discuss the key escrow proposal.  They were surprisingly
forthcoming and open to discussion and debate, and were willing to at
least listen to hard questions.  They didn't object when asked if we
could summarize what we learned to the net.  Incidentally, the people
at the meeting seemed to base a large part of their understanding of
public opinion on Usenet postings.  Postings to sci.crypt and
talk.politics.crypto seem to actually have an influence on our
government.

A number of things came out at the meeting that we didn't previously
know or that clarified previously released information.  What follows
is a rough summary; needless to say, nothing here should be taken as
gospel, or representing the official positions of anybody.  Also,
nothing here should be taken as an endorsement of key escrow, clipper,
or anything else by the authors; we're just reporting.  These notes
are based on the collective memory of Steve Bellovin, Matt Blaze, Jack
Lacy, and Mike Reiter; there may be errors or misunderstandings.
Please forgive the rough style.  Note also the use of "~ ~" for
'approximate quotes' (a marvelous Whit Diffie-ism).

NSA's stated goals and motives for all this:
	* DES is at the end of its useful life
	* Sensitive, unclassified government data needs protection
	* This should be made available to US Citizens
	* US business data abroad especially needs protection
	* The new technology should not preclude law enforcement access

They indicated that the thinking was not that criminals would use key
escrowed crypto, but that they should not field a system that
criminals could easily use against them.  The existence of key escrow
would deter them from using crypto in the first place.  The FBI
representative said that they expect to catch "~only the stupid
criminals~" through the escrow system.

Another stated reason for key escrow is that they do not think that
even government-spec crypto devices can be kept physically secure.
They do expect enough to be diverted to the black market that they feel
they need a response.  NSA's emphasis was on the foreign black market...

There seems to be a desire to manipulate the market, by having the
fixed cost of key escrow cryptography amortized over the government
market.  Any private sector devices would have to sell a much larger
number of units to compete on price.  (This was somewhere between an
implication and an explicit statement on their part.)

When asked about cryptography in software, "~...if you want US
government cryptography, you must do it with hardware~".

Clipper chips should be available (to product vendors) in June.  You
can't just buy loose chips - they have to be installed in approved
products.  Your application interface has to be approved by NIST for
you to get your hands on the chips.

An interesting point came up about the reverse-engineering resistance
of the chips: they are designed to resist reverse engineering the data
in the chip without destroying the chip.  It is not clear (from the
information presented at the meeting) whether the chips are equally
resistant to destructive reverse-engineering to learn the skipjack
algorithm.   They said the algorithm was patented, but they may have
been joking.  ("~And if that doesn't scare you enough, we'll turn the
patent over to PKP.~")

The resistance to reverse engineering is not considered absolute by
NSA.  They do feel that "~it would require the resources of a national
laboratory, and anyone with that much money can design their own
cryptosystem that's just as strong.~"

They repeated several times that there are "~no plans to regulate the
use of alternate encryption within the US by US citizens.~"  They also
indicated they "~weren't naive~" and didn't think that they could if
they wanted to.

There were 919 authorized wiretaps, and 10,000 pen register monitors,
in 1992.  They do not have any figures yet on how often cryptography
was used to frustrate wiretaps.

They do not yet have a production version of the "decoder" box used by
law enforcement.  Initially, the family key will be split (by the same
XOR method) and handled by two different people in the athorized
agencies.  There is presently only one family key.  The specifications
of the escrow exploitation mechanism are not yet final, either; they
are considering the possibility of having the central site strip off
the outer layers of encryption, and only sending the session key back
to the decoder box.

The escrow authorities will NOT require presentation of a court order
prior to releasing the keys.  Instead, the agency will fill out a form
certifying that they have a legal authorization.  This is also backed
up with a separate confirmation from the prosecutor's office.  The
escrow agencies will supply any key requested and will not themselves
verify that the keys requested are associated with the particular court
order.

The NSA did not answer a question as to whether the national security
community would obtain keys from the same escrow mechanism for their
(legally authorized) intelligence gathering or whether some other
mechanism would exist for them to get the keys.

The masks for the Clipper/Capstone chip are unclassified (but are
protected by trade secret) and the chips can be produced in an
unclassified foundry.  Part of the programming in the secure vault
includes "~installing part of the Skipjack algorithm.~" Later
discussion indicated that the part of the algorithm installed in the
secure vault are the "S-tables", suggesting that perhaps unprogrammed
Clipper chips can be programmed to implement other 80-bit key, 32 round
ciphers.

The Capstone chip includes an ARM-6 RISC processor that can be used for
other things when no cryptographic functions are performed.  In
particular, it can be used by vendors as their own on-board processor.
The I/O to the processor is shut off when a crypto operation is in
progress.

They passed around a Tessera PCMCIA (type 1) card.  These cards
contain a Capstone chip and can be used by general purpose PC
applications.  The cards themselves might not be export controlled.
(Unfortunately, they took the sample card back with them...)  The card
will digitally sign a challenge from the host, so you can't substitute
a bogus card.  The cards have non-volatile onboard storage for users'
secret keys and for the public keys of a certifying authority.

They are building a library/API for Tessera, called Catapult, that
will provide an interface suitable for many different applications.
They have prototype email and ftp applications that already uses it.
They intend to eventually give away source code for this library.
They responded favorably to the suggestion that they put it up for
anonymous ftp.

Applications (which can use the library and which the NSA approves for
government use) will be responsible for managing the LEAF field.  Note
that they intend to apply key escrowed Skipjack to other applications,
including mail and file encryption.  The LEAF would be included in
such places as the mail header or the file attributes.  This implies
that it is possible to omit sending the LEAF -- but the decrypt chip
won't work right if it doesn't get one.

When asked, they indicated that it might be possible wire up a pair of
Clipper/Capstone chips to not transmit the LEAF field, but that the
way to do this is "~not obvious from the interface we give you~" and
"~you'd have to be careful not to make mistakes~".  They gave a lot of
attention to obvious ways to get around the LEAF.

The unit key is generated via Skipjack itself, from random seeds
provided by the two escrow agencies (approximately monthly, though
that isn't certain yet).  They say they prefer a software generation
process because its correct behavior is auditable.

Capstone (but not Clipper) could be configured to allow independent
loading of the two key halves, in separate facilities.  "~It's your
money [meaning American taxpayers].~"

The LEAF field contains 80 bits for the traffic key, encrypted via the
unit key in "~a unique mode <grin>~", 32 bits for the unit id, and a 16
bit checksum of some sort.  (We didn't waste our breath asking what the
checksum algorithm was.)  This is all encrypted under the family key
using "~another mode <grin>~".

They expressed a great deal of willingness to make any sort of
reasonable changes that vendors needed for their products.  They are
trying *very* hard to get Skipjack and key escrow into lots of
products.






From pmetzger at lehman.com  Wed Feb  2 13:25:34 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 2 Feb 94 13:25:34 PST
Subject: anonymous mail
In-Reply-To: <9402022101.AA15882@pmantis.berkeley.edu>
Message-ID: <199402022122.QAA05944@snark>



nobody at pmantis.berkeley.edu says:
> There's a jerk that's been mail-bombing me, and I can't do anything
> because he's root at his site.  Would it be ethical to use a remailer to 
> bomb him back?
> 
> Or maybe I shoudl simply fakemail a message to 
> alt.fan.rush-limbaugh at anon.penet.fi with his name and have the contents 
> say something like 'Limbaugh sucks', or post to alt.sex.wanted with the 
> subject 'SWF virgin seeks man for first time'.
> 
> Any ideas on how to get someone back, or at least make life annoying?

Call his network service provider and explain that he's violating
federal law by attempting to disrupt your service from his site.
Alternatively, rig your sendmail.cf file to forward any mail he sends
you back to him.

.pm





From beker at netcom.com  Wed Feb  2 13:45:33 1994
From: beker at netcom.com (Brian Beker)
Date: Wed, 2 Feb 94 13:45:33 PST
Subject: Anonymous mail service up for alpha testing
In-Reply-To: <m0pRcum-00010YC@infinity.hip.berkeley.edu>
Message-ID: <Pine.3.85.9402021356.A11138-0100000@netcom5>


On Wed, 2 Feb 1994, Sameer wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 	I've written a small anonymous mail service, and it's now
> available for testing. There's no security, and I'll be keeping logs,
> so don't think that it's secure, in any way. 

Excellently and well done, Sameer!  Ah, the pleasure of seeing a budding 
cypherpunk do us all some good.  Keep us posted.

Mucho Obligado, Amigo,
brianB






From paul at poboy.b17c.ingr.com  Wed Feb  2 13:51:01 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Wed, 2 Feb 94 13:51:01 PST
Subject: Notes on key escrow meeting with NSA
In-Reply-To: <9402022105.AA18514@big.l1135.att.com>
Message-ID: <199402022151.AA02282@poboy.b17c.ingr.com>


Thank you very much for a) taking the time to meet with these people
and b) posting a lucid and timely summary to the list.

-Paul Robichaux

-- 
Paul Robichaux, KD4JZG     | "Though we live in trying times 
perobich at ingr.com          |  We're the ones who have to try." - Neil Peart
Intergraph Federal Systems | Be a cryptography user- ask me how.






From nate at VIS.ColoState.EDU  Wed Feb  2 13:51:12 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Wed, 2 Feb 94 13:51:12 PST
Subject: WWW Anonymous Remailer Software release
Message-ID: <9402022148.AA12174@vangogh.VIS.ColoState.EDU>


-----BEGIN PGP SIGNED MESSAGE-----



I have modified my WWW Anonymous remailer interface and put it up
for ftp on vangogh.vis.colostate.edu in /pub/nate/remailer

There is a README in there which should explain how to set it
up, but if I missed anything, please tell me.

The remailer no longer needs you to tell it that you're using the 
remailers, it just knows.

Hope you like it,

- -nate

- -- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From qwerty-remailer at netcom.com  Wed Feb  2 13:55:33 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 2 Feb 94 13:55:33 PST
Subject: Remailer FAQ. Info request!
Message-ID: <199402022153.NAA10067@mail.netcom.com>


I have only seen unsatisfying info on the remailers out there. If people
know the details up front, the Cypherpunk remailers will become more popular.
Different people have different needs for remailing as well.

Please help me out with this. I would appreciate info from operators as
well as users of remailers. If you do not want to disclose a specific
bit of info, I will enter it as "N/A". If I get no answer at all I will
leave it as "?". Send responses to qwerty at netcom.com. If you wish your
remailer be taken off the list I will comply.

-Xenon

Xenon's Full Disclosure Remailer List.

Remailer   Who's Fast?   PGP?    Logs?   Comments
---------- ----- ------- ------- ------  ------------------------------------
bsu-cs     NSA?   +      ?       ?       Strips Subject.
catalyst   Scott  +      Y(2.3a) ?
choas      NSA?   +      ?       ?       Strips Subject.
cicada     Eric   ++     N       ?       Tread lightly.
dis.org    NSA?   -      Y(2.3a) ?
extropia   NSA?   ?      Y(2.3a) ?       Only accepts PGP remailing.
jarthur    Eli    +/--   ?       ?
menudo     NSA?   --     ?       ?
merde      NSA?   -/--   ?       ?       batches out at midnight??
penet.fi   Julf   --     N       Stats   <48K. Overloaded. Slow.
pmantis    Eric   ++     N       ?       Tread lightly.
qwerty     Xenon  +      Y(2.3a) Count
rosebud    NSA?   ++/-   Y(2.3a) ?
shell      Hal    ++/+/- Y(2.3a) Stats+
soda       Eric   ++/-   N       Stats+? Can post to Usenet


++ <5 min
- ~10-30 min delay
-- pinging isn't practical due to long delays
+ ~10 min
+/- sometimes +, sometimes -
Normal internet mail delays are common, and are not equivalent in the two
directions between any two remailers. Mail still gets through.

Full: full copies of all mail is archived. My large volume mailing should
      help put a stop to this.
Stats: logs of when mail was remailed.
Stats+: logs of when and where mail was remailed.
None: operator keeps no logs.
Count: simple counter.

bsu-cs    nowhere at bsu-cs.bsu.edu
catalyst  catalyst at netcom.com
chaos     remailer at chaos.bsu.edu
cicada    hh at cicada.berkeley.edu
dis.org   remailer at dis.org
extropia  remail at extropia.wimsey.com
jarthur   ebrandt at jarthur.claremont.edu
menudo    nobody at Menudo.UH.EDU
merde     remailer at merde.dis.org
penet.fi  anon.penet.fi
pmantis   hh at pmantis.berkeley.edu
qwerty    qwerty at netcom.com
rosebud   elee7h5 at rosebud.ee.uh.edu
shell     hfinney at shell.portal.com
soda      hh at soda.berkeley.edu

Discontinued remailers still on some lists out there:

phantom at mead.u.washington.edu
remail at tamaix.tamu.edu
sameer at netcom.com (spelling?)
sameer at berkeley.edu (spelling?)
cdodhner at indirect.com
remailer at entropy.linet.org??
00x at uclink.berkeley.edu?
hal at alumni.cco.caltech.edu?
remail at tamaix.tamu.edu?
remailer at entropy.linet.org?

Background on each remailer:

bsu-cs:
Run by Chael Hall.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Comments: ??
History: ??

catalyst:
Run by Scott Collins.
Machine: personal dial-up account on Netcom.
Problems policy: ?? Contact ??
Software: ??
Comments: ??
History: ??

chaos:
Run by ??
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Comments: finger remailer.help at chaos.bsu.edu for info. ??
History: ??

cicada:
Run by Eric Hollander.
Machine: ???
Problems policy: ?? Contact ??
Software: ??
Comments: being "phased out".

dis.org:
Run by ??
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Comments: ??
History: ??

extropia:
Run by ??
Machine: ??
Problems policy: ??  Contact ??
Software: ??
Comments: ??
History: ??

jarthur:
Run by Eli Brandt.
Maching: ??
Problems policy: ?? Contact ??
Software: ??
Comments: ??
History: ??

menudo:
Run by ??
Maching: ??
Problems policy: ?? Contact ??
Software: ??
Comments: Stores messages and sends them at midnight??
History: ??

merde:
Run by ??
Maching: ??
Problems policy: ?? Contact ??
Software: ??
Comments: ??
History: ??

penet.fi:
Run by Julf (last name?)
Machine: ?? Operator owned.
Problems policy: Account revokation. Contact ??@anon.penet.fi.
Software: custom.
Comments: ??
History: ??

pmantis:
Run by Eric Hollander.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Comments: being "phased out".
History: ??

qwerty:
Run by Xenon.
Machine: dial-up account on Netcom.
Problems policy: "What problems?". Contact qwerty at netcom.com.
Software: Hal's remailer.
Comments: ??
History: Up 2/94. Set up by Xenon who needed more remailers to use to send
         PGP info to people with, since anon.penet.fi was overloaded.

rosebud:
Run by Karl Barrus.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Comments: ??
History: ??

shell:
Run by Hal Finney.
Machine: ??
Problems policy: ?? Contact ??
Software: Hal's Remailer.?
Comments: ??
History: ??

soda:
Run by Eric Hollander.
Run by: ??
Machine: ??
Problems policy: ?? Blocking of addresses. Mail sent to problem causer.
                 Contact ??
Software: custom. ??
Comments: Was keeping full logs till Xenon's bulk mailing venture. ??
History: ??

Remailer Public Keys:

Anonymous Remailer <catalyst at netcom.com>
1024-bit key, Key ID C0EA49, created 1993/08/30
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQCNAiyBTjoAAAEEAMIKpRnqXb82TOQpx/vEDwGPXndXaxtfiZeSLZqullWCEbd4
YkCHG/F1i3Wzq4Pgz6nSbb58vMS5RonY7+ZC6IHI8zBpp9oMW3u+lqbk8Z61x49d
xwAKlE7Zsk/pOeGrqbsidm83WUqlSGgyOpvq0A8LzT4+WPra8ZvHue9jwOpJAAUR
tChBbm9ueW1vdXMgUmVtYWlsZXIgPGNhdGFseXN0QG5ldGNvbS5jb20+iQCVAgUQ
LIaqhIOA7OpLWtYzAQH4sgQAsc6s3X75LwWTV65Dw76wdSRKuoI57F2ZZWjSOIQK
n1CWUn6YEYOIs3kkdHNd0uz9Mspoy+6BsnWGSW11r8k88VThEoVpJ74o91apR1ML
yCEdD7O/+nZK8N484+mN2BcKOdeze4QvgTt+qHHUd+Q5alW9VfXtbNImmSnI3FC/
8n4=
=Hh6a
-----END PGP PUBLIC KEY BLOCK-----

Remailing Service <remailer at dis.org>
512-bit key, Key ID 64E8A7, created 1993/03/05
Also known as:  Anonymous Remailer <remailer at utter.dis.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQBNAiuX3kAAAAECAMd6YkS3ylajgNSzX+wYLrpW03D+99OFvePQLlR5N+R5iZBr
y4FbAMeDj+eCeEAqiEyNjUxHN5tGlqx1g6tk6KcABRG0JFJlbWFpbGluZyBTZXJ2
aWNlIDxyZW1haWxlckBkaXMub3JnPokAVQIFECwomeN8p7i9YJH3xQEBDhEB/A7+
RLEw2bGJeBdBy0yXn5mIenda/tHHs9NGXJZR5BvOsU9EwVY+9s86E33R2/tgqAjY
UYc5MiWS0r1+H9Zw+FeJAJUCBRArmsesg4Ds6kta1jMBAW4zA/4waabkcIHN93Jy
/9OMXhRDqrRf2kickmeUWOGHF0KALLo37kAqfDvMNDtFs1u3WbdaBWdTSiLR8qIM
6TQNq0IEhAeny07AVweLlIpJc7lVN7biHqVIPknxJTAI/xscybuMUin3yALzFpWR
54uFMbd45iuKWBJ2/IGdUYcd39H0FbQsIEFub255bW91cyBSZW1haWxlciA8cmVt
YWlsZXJAdXR0ZXIuZGlzLm9yZz6JAJUCBRArmsmdg4Ds6kta1jMBAbdwA/9m2GYJ
978xxchux7nnl4HAo3N+A2Nx+n40kQftWNiyJwivrG8kYwDI24QYaUpr2l6+2HDd
xedEOFsX6DiHbDQK5J7dGYOigASmZHPs39lEdJ3AHvrTVYVYjOxBMQ2W6p+Q5rbn
qxfmVlqRMzPRosPJ1gpbfcTzIpqznwSTl7tztQ==
=v3Hk
-----END PGP PUBLIC KEY BLOCK-----

Remailer <remail at extropia.wimsey.com>
1024-bit key, Key ID B5A32F, created 1992/12/13
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQCNAisrAP0AAAEEAJr3OwIfOIOoh9JndwwqFg+VyWFTAyM8S0B7wyGKI+A9sMAB
mbSOIU52EszvLdZk8NH8mrOD9m3EZlt9gXOjln881RMilAunnzdXaJ6ffBKqPL+l
yiefCbCo6wScVNfMSV6Di/2HMoFzVqukwRjTx8lqKt6hgy0uedtwcCemtaMvAAUR
tCVSZW1haWxlciA8cmVtYWlsQGV4dHJvcGlhLndpbXNleS5jb20+iQCVAgUQK2SV
p4OA7OpLWtYzAQG8eQP9F9ye/F/rXhJLNR5W/HV5k+f6E0zWSgtmTTWUYyydfJw+
lKDEDH6v+OFOFE3+fuTIL5l0zsNMSMdF5u7thSSWiwcFgaBFQF9NWmeL/uByOTSY
tsB6DQSbw656SBH7c7V7jvUsPit/DubwBXZi9sOlULau3kQqXeeQxPhNE+bpMy6J
AJUCBRArKwSLk3G+8Dfo40MBAXYAA/4hCVDFD0zG47pYPMg+y7NPE5LktWt2Hcwt
Z4CRuT5A3eWGtG8Sd5QuHzbE4S9mD3CFn79bxZi0UDhryD8dsCG4eHiCpAcZqSvR
JSkpgamdRaUQHNmMxv5goxHhRem6wXrKxZQNn5/S0NtQOrS6QKhFlGrzDIh/2ad1
J9qpyzJ/IYkARQIFECsrA9RLrSJixHgP9wEBNcEBewWpzywKk/SBDwocXebJmsT6
zug/ae78U/cu9kTX620Xcj1zqOdx9Y9Ppwem9YShaQ==
=I7QE
-----END PGP PUBLIC KEY BLOCK-----

jarthur remailer  c/o <ebrandt at jarthur.claremont.edu>
512-bit key, Key ID 7D154B, created 1993/04/04
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQBNAiu+hVUAAAECAMVjEfl2IMNgSOJ+/fx1V6EbH50ofa6K4r1PBKMmkcHQextP
ghwC4lXIgaAWUlLJ9x61+qf4jB5fpNUZLrF9FUsABRG0NWphcnRodXIgcmVtYWls
ZXIgIGMvbyA8ZWJyYW5kdEBqYXJ0aHVyLmNsYXJlbW9udC5lZHU+iQCVAgUQK8M/
BIOA7OpLWtYzAQGJRAP9GIVi0qoQW4bjU9sikIPG4zIEbQ9O3rU1vd2uCrrnGQMM
tdE9NoOx4umoVZKYTpCc96TlFQetb2UVd9JhaayXO7+nwNNHYgApkRJboolq9UzU
wCRBA8k1EMAkdzCjzYglpZIQJz2yNP50Izu7g2LMbC1pHQX3CHVL7YlQrKGNLz4=
=ItNk
-----END PGP PUBLIC KEY BLOCK-----

Qwerty Remailer <qwerty at netcom.com>
1024-bit key, Key ID 5505D9, created 1994/02/01
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQCNAi1NtgAAAAEEALD07N5RllpklGhOQaiYtRupb+8Jm1M34ya8rxmcNUCVndcb
JgH9EW1Z2VvkJ3vTcEOOBK9jM/HCIGDqBbQZR8VOLbLNOD7VQIzTpyTOmZJCMSZG
bqZtRtP6KDtMcTx1SgHq9LiRNz5YUyB3WOV963y8W/x00QS4yGkgCDZkVQXZAAUR
tCNRd2VydHkgUmVtYWlsZXIgPHF3ZXJ0eUBuZXRjb20uY29tPokAlQIFEC1OzEgE
sxus60J9UQEB224D/jUcYRnXmIj9nt4Y7sjGYTmO+v7b9W+rsxYLn6+hCGmx5iQJ
zPr3ggvm8ylBZnNp3WUxssDlb9GyiK801vzm6HDXWd/yCeGXHX7YB2DDFd5WrK70
/XGTMGv3gvNnExIM+UVv5tl8y/YXOfeLWWGttD6a60MkUNxAOGT9qBsUTqJNiQCV
AgUQLU3TdWkgCDZkVQXZAQH1ygP/TCY7T0PdNVRUVbEpN9YsbxFKhFT/7+hZTySr
Md0j2GrObjcRc7aa0c9lEZrtKpaDCJkgF+7k20z1eQpw7zD/dO+ZsSqni62TLGYa
pdTsAiYbev90Nb+1S2ST36KvIgJSmQS6zvgpToTRpGwYhJhqTZhTo8Z2U5ufb+SF
TsNMd0Q=
=BXnK
-----END PGP PUBLIC KEY BLOCK-----

Remailer (remailer at rebma.mn.org)
1024-bit key, Key ID BA80A9, created 1992/11/26
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQCNAisUI2QAAAEEAKgm07Hsje5KpmXYd5azk0R6AES+qK7LcofnVGojUs7GBghD
WbwrmW8oOEOhRorlShRALKeYspV4xYIw4WDkJcJxuf1B254scz1urF/Eem3zPW9b
yPAx7W/cGwvs6SouZvFcSDq4v1zApvGE9hP4szPzHeGmVr0NVNeaDK0guoCpAAUR
tCBSZW1haWxlciAocmVtYWlsZXJAcmVibWEubW4ub3JnKYkAlQIFECtkldODgOzq
S1rWMwEBnx8D/1p9vNDfnSzgKhd0q0xF0KTQWBzbQgXFeWLTUwLPLN30vGQRZHVc
IrOSzjCOSflhcl0zc7tp7q+GQkVT5P/PIUG0yeL0mFi+oUswcws14LRaelYmVbgw
OsjwJ7g4vwKICqzOWRVsdtSurMfw/65LzdgSUNPS18pGpD/4MJF3kHpkiQCVAgUQ
KxQkYRiQVHeOVJ+HAQHXOAP/Usb0O200RU8V13GRQs/D4CSRuZKiWuolSZXH/fLd
BLUC1b69WoXTKGBaC+DvvRvv7EyfDM78jWeHQUrayF3UmTHgVUIDly3KpTNUWOTU
0TpVppFzkG8EPWdTG1SF5HRZcNznR/4A0eBE2THbYwZG+mGx4zJer86TzyilKfsM
is4=
=jbyA
-----END PGP PUBLIC KEY BLOCK-----

remailer03 <elee7h5 at rosebud.ee.uh.edu>
1022-bit key, Key ID ABFBB3, created 1992/12/02
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQCNAiscKOYAAAED/jmrZbh5t5HgEHDGE2zzFZx3sIplEjIFRFsLpCfJYBfN36Rm
uT8VGIyCcUSmCTqEOJ5HJZF58CUCOsy3B215ptOvbZdGijC3Qs7FbtGHKGA49q0v
gBgVIcjjyppRI9YjfqlI2gUKDLPceCTw20ODAA7UTKYIa3IBS32zjcrFq/uzAAUR
tCZyZW1haWxlcjAzIDxlbGVlN2g1QHJvc2VidWQuZWUudWguZWR1PokAlQIFECtk
lUeDgOzqS1rWMwEBUdAEAIosaOm/+kTsQI53GAqPXr08v5AAfwup5lDiUbCWp17C
ueYHZrP4zolAqQ7kyWrkIeHgJHkX3yB6YH/jQ0MeDZERXS69kq2SGVQSH6inGoF9
3WerfGRpdONa597JVcRpklzMUz6bmXnhsiEm/K1FP9pNOZYyS6h/3gs92ikezq3X
iQBVAgUQKxwo79I3XvyZ21fpAQG27AIAk7r8plkjpH1X9uQcsqFqjdjJtXGmHCeA
dLV7tiviHlljDe2RqOKkjfFsQtzZV+yjCNXr8OhW0TiE0J5WqBwECA==
=VK3C
-----END PGP PUBLIC KEY BLOCK-----

Remailing Service <hfinney at shell.portal.com>
510-bit key, Key ID 5620D5, created 1992/11/15
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3

mQBNAisGf+IAAAEB/ieS6th8hI1QBjGpmctVvsIxZBtmpykVXc3psh0XVfH4sECS
ugouk2zm/PJtt59A2E5SO3xjpDjeKlkQ745WINUABRG0LFJlbWFpbGluZyBTZXJ2
aWNlIDxoZmlubmV5QHNoZWxsLnBvcnRhbC5jb20+iQCVAgUQK3Azm4OA7OpLWtYz
AQHzawQAwZPaJUR9iNwyKMDm4bRSao0uu381pq6rR3nw0RI+DSLKTXPqDaT3xBmL
dVv1PVguLcoao/TRLkAheV7CIxodEiI9lAC2o6lqSXCP+vm3jYmulSgUlKafXYbj
LAbZpsKRAUjCpyx0wlYmoHhkA+NZDzMcWp6/1/rM/V1i4Jbt2+GJAJUCBRArBpKv
qBMDr1ghTDcBASTlBACfTqODpVub15MK5A4i6eiqU8MDQGW0P0wUovPkNjscH22l
0AfRteXEUM+nB+Xwk16RG/GdrG8r9PbWzSCx6nBYb7Fj0nPnRPtS/u69THNTF2gU
2BD0j2vZF81lEHOYy6Ixao2b6Hxmab2mRta2eTg7CV6XP3eRFDPisVqgooAWgw==
=arSc
-----END PGP PUBLIC KEY BLOCK-----






From jim at uu4.psi.com  Wed Feb  2 14:05:33 1994
From: jim at uu4.psi.com (jim at uu4.psi.com)
Date: Wed, 2 Feb 94 14:05:33 PST
Subject: contemplating remailer postage
Message-ID: <9402022200.AA01456@uu4.psi.com>




Although lot of people (including me) have mentioned Digital Stamps, or  
remailer postage, when describing advanced remailers, I've yet to see a  
good description of a practical remailer postage mechanism.  I assume it  
will be (or has been) modeled after one of the Chaumian digital cash  
protocols.  If there has been work done on a remailer postage mechanism,  
could somebody post the details? (or a reference)

Here's what I think would make up a practical remailer postage mechanism:

I think that each remailer should issue its own stamps, rather than using  
a central digital postage service.  The existence of a centralize digital  
postage service creates a single point of failure for the entire remailer  
system.  It also complicates the protocol needed to validate digital  
stamps and check for double spending.  Of course, having each remailer  
issue its own stamps would increase the complexity for the users of the  
remailer system.  However, I believe the increased user-side complexity  
can be completely hidden within a good set of scripts (e.g. the scripts  
could maintain a subdirectory for each remailer to hold stamps for that  
remailer).

If all digital stamps have the same "denomination", then the protocol for  
obtaining stamps can be greatly simplified.  You wont need to engage in a  
cut-and-choose protocol with the remailer (see page 121, Digital Cash  
Protocol #4, Applied Cryptography).  To obtain 100 stamps from R1, Bob  
would generate and blind 100 uniqueness strings (random numbers large  
enough that they are unlikely to collide with anyone else's) and send them  
all to R1.  R1 would simply sign all 100 of them and send them back.  Bob  
would unblind them and store them in his "R1_stamps" subdirectory.

Given the low value of individual stamps, it is probably not necessary to  
try to determine who is attempting to double spend stamps.  Therefore,  
stamps wouldn't need the identity strings used in Digital Cash Protocol  
#4.  Also, since the remailer is both "bank" and "merchant", there's no  
chance of the "merchant" cheating the "bank".

...

When Bob wants to route a message through R1, he place an R1 stamp at the  
appropriate level within the nested envelopes.  These stamps can also be  
used in SASE's.

When R1 receives a stamped message (or SASE) it will check the signature  
of the stamp.  If the signature doesn't verify, R1 discards the message.   
If the signature verifies, R1 checks the uniqueness string against his  
archive of "used" stamps.  If the uniqueness string is present in the  
archive, the stamp has already been used and the message will be  
discarded.  If the uniqueness string is not present in the archive, R1  
will route the message on to the next hop.  Finally, R1 places the  
uniqueness string in his "used stamp" archive.

Seems simple enough.  The major sticking point (to me) is the remailer's  
"used stamp" archive.  This could grow to be very large.  Something needs  
to be done to keep the archive from getting too large.

One idea is to have the remailer periodically change the key it uses to  
sign stamps.  Changing the "stamp validation key" effectively invalidates  
all unused stamps signed by that key.  If you haven't used the stamp by  
that time, you're out of luck.  The remailer can purge its "used stamp"  
archive whenever it changes its "stamp validation key".

Of course, invalidating peoples' unused stamps out from under them is not  
a nice thing for a remailer to do.  The remailer could provide a mechanism  
whereby people could get new stamps from old, unused stamps.  To make this  
work, the remailer would have to retain the previous "used stamp" archive  
for a while to give people a chance to get new stamps.  However, there  
still needs to be a limit on how long the remailer retains the "used  
stamp" archives for old validation keys.  If you wait too long, you would  
lose any chance to get new stamps from old.

Comments welcome.

Jim_Miller at suite.com





From reagle at gl.umbc.edu  Wed Feb  2 14:45:33 1994
From: reagle at gl.umbc.edu (Joseph Reagle Jr.)
Date: Wed, 2 Feb 94 14:45:33 PST
Subject: Quantum Crypto.
In-Reply-To: <Pine.3.85.9402021356.A11138-0100000@netcom5>
Message-ID: <Pine.3.89.9402021751.A13320-0100000@umbc8.umbc.edu>



[Here is the conclusion to my QC paper, unfortunately I can't get the 
whole file into a PS format because of the faulty file translators in the 
Mac applications.]

Conclusion
	Quantum cryptography has proven to be an interesting and novel 
application of quantum physics.   It does posses some severe limitations 
that I have considered.
	Optimistic predictions of it�s affective area is still far below 
100 km.  This may of course change depending on technological 
development.  It has been suggested to me that one could have secure 
stations where interception and reception of the message would be 
allowed. [10]  This is possible, but weakens the �absoluteness� that is 
the appeal of quantum cryptography.  
	A basic assumption is made previous to the research mentioned: 
that Eve will not interfere on the public channel.  It could be very 
possible that Eve would set herself up between Alice and Bob on the 
quantum and private channels, and act as a relay station that I mentioned 
in the first point.  She would have to impersonate both Alice and Bob, 
who in reality might not even be on the same public and quantum channels, 
but merely think they are.  Public key methods could be used for 
authentication, but this destroys the motivation for the use of quantum 
cryptography.
		I feel the solution here is in the definition of 
�public�.  Meaning a random and public switching of public channels, 
phone numbers and such.  Even this may be subverted by a very powerful 
Eve who may also control the phone company�s switching circuits.  Perhaps 
further thought can resolve this issue, but the problem of identification 
and authentication on the public channel is severe.
	Further, quantum cryptography is subject to a denial of service 
attack.  If Eve wishes, she may destroy the unique and expensive quantum 
channel, or merely observe everything that goes by, not caring to read 
the information, just making it unsuitable for use by Alice and Bob.  
Ekert�s concept of keeping shared EPR pairs in permanent storage (perhaps 
using a superconductor to warehouse keys when the quantum channel is 
open) is not yet feasible, and it will be necessary to keep these keys 
somewhere , but the security of keys is not a problem unique to quantum 
cryptography.  
		I look forward to the resolution of these issues and the 
further  development of the technology that will allow quantum 
cryptography to become a �practical� security mechanism.


1.	C. Bennett. Science.. vol. 257, p. 752 (August, 1992).
2,	C. Bennett, G. Brassard, and A. Ekert.  Scientific American. p. 	
	50 (Oct., 1992)
3.	A. Ekert, Phys. Rev. Lett. vol. 67, p. 661 (1991)
4.	C. Bennet, and G. Brassard, Phys. Rev. Lett. vol. 68, p. 557 	(1992)
5.	A. Ekert, J. Rarity, P. Tapster, and G. Palma, Phys. Rev. Lett. 
	vol. 	69, p. 1293, (1993).
6.	A. Muller, J. Breguet, and N. Gisin. Europhs. Lett., vol. 23 (6), 
p. 	383 (1993).
7. 	S. Barnett, and S. Phoenix. Phys. Rev. A, vol 48 (1), p. R5, 
	(July, 	1993).
8.	C. Bennett. Phys. Rev. Lett. vol 68 (21), p. 3121 (1992)
9.	D. Denning. Cryptography and Data Security.
10.     Personal e-mail as a follow-up to a posting to sci.crypt.  I have 	
	unfortunately lost the person�s name.







From qwerty-remailer at netcom.com  Wed Feb  2 15:01:01 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 2 Feb 94 15:01:01 PST
Subject: New remailer up.
Message-ID: <199402022259.OAA21968@mail.netcom.com>


Out of personal curiousity concerning the claims of how trivial
"traffic analysis" of the qwerty or catalyst remailers on Netcom
would be for "anyone" to carry out, I offer $20 to the first
person to reveal from which SITE this message originated from.
Please do not announce my name or login ID. Just the site. I am
logged into a friend's account and I am remailing this with no
encryption just through qwerty at netcom.com. It is now 5:41 PM EST.

You do not have to reveal your methods to receive the award, which
I will mail to you. Happy hacking you WIMPS.

If you wish to remain anonymous, mail the answer to qwerty at netcom.com
and my lips are sealed except for announcing success.

-Xenon





From pmetzger at lehman.com  Wed Feb  2 15:15:33 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 2 Feb 94 15:15:33 PST
Subject: New remailer up.
In-Reply-To: <199402022259.OAA21968@mail.netcom.com>
Message-ID: <199402022311.SAA06225@snark>



Tapping Netcom's net connections would take more than $20 of effort.
Up it to $50,000 and I'll happily take on your offer. However, I am
going to need assurances that the money will actually be paid.

Perry Metzger

qwerty-remailer at netcom.com says:
> Out of personal curiousity concerning the claims of how trivial
> "traffic analysis" of the qwerty or catalyst remailers on Netcom
> would be for "anyone" to carry out, I offer $20 to the first
> person to reveal from which SITE this message originated from.
> Please do not announce my name or login ID. Just the site. I am
> logged into a friend's account and I am remailing this with no
> encryption just through qwerty at netcom.com. It is now 5:41 PM EST.
> 
> You do not have to reveal your methods to receive the award, which
> I will mail to you. Happy hacking you WIMPS.
> 
> If you wish to remain anonymous, mail the answer to qwerty at netcom.com
> and my lips are sealed except for announcing success.
> 
> -Xenon





From daemon at fidonet.fidonet.org  Wed Feb  2 12:40:28 1994
From: daemon at fidonet.fidonet.org (Gateway Mail Daemon)
Date: 02 Feb 94 15:40:28 -0500
Subject: Message returned to sender
Message-ID: <e0f_9402021540@nisc.fidonet.org>


(Invalid host or address: cypherecho at f21.n216.z1.fidonet.org)

The address you are trying to send to does not exist on
this side of the gateway.  If you have any problems, email
the postmaster of this gateway for assistance.

Please note that the biggest reason for bounced messages is due
to a simple typo.  Please, double check your spelling!

A copy of the original message is listed below:

-----8< cut here 8< ------------------------------------
>From owner-cypherpunks at toad.com  Wed Feb  2 12:30:16 1994
Received: from relay2.UU.NET by zeus.ieee.org (4.1/Z-3.46-01.31.94)
	id AA12961; Wed, 2 Feb 94 12:30:16 EST
Received: from toad.com by relay2.UU.NET with SMTP 
	(5.61/UUNET-internet-primary) id AAwbnp25485; Wed, 2 Feb 94 12:25:12 -0500
Received: by toad.com id AA24880; Wed, 2 Feb 94 09:11:06 PST
Received: by toad.com id AA24877; Wed, 2 Feb 94 09:11:05 PST
Return-Path: <ravage at wixer.bga.com>
Received: from ghostwheel.bga.com ([198.3.118.4]) by toad.com id AA24873; Wed, 2 Feb 94 09:10:58 PST
Received: from wixer.UUCP by ghostwheel.bga.com with UUCP id AA05678
  (5.65c/IDA-1.4.4 for cypherpunks at toad.com); Wed, 2 Feb 1994 11:09:24 -0600
Received: by wixer (5.65/1.35)
	id AA09079; Wed, 2 Feb 94 11:08:26 -0600
Message-Id: <9402021708.AA09079 at wixer>
Subject: Archiving on Inet
To: cypherpunks at toad.com
Date: Wed, 2 Feb 94 11:08:26 CST
From: Jim choate <ravage at wixer.bga.com>
X-Mailer: ELM [version 2.3 PL11]

I would like to ask all subscribers who are not addressing the issues of this
question to please move their responces to private mail. I have no interest
in exploring your personalities or views of others personalities.

If a global network is to survive there must be a commen understanding of
what is public domain and what is private or commercial. At the present time
this is completely new ground. The fact is that the copyright laws of the US
are of little interest to a net user in Moscow, Russia or Pretoria, S. Africa.

If as a cpunk you don't feel that a anonymous regulatory agency can protect
your privacy why do you feel they can protect your intellectual property? The
issue has direct bearing on both intellectual property and the wide spread
use of cryptographic techniques. As a active cpunk it seems to me that your
first motivation after producing the actual code is to creat a atmosphere
where it can be used for the betterment of all. To create a useable global
community (what I am striving for) it seems to me that entries on that
network must be public domain by default. Otherwise every country who joins,
and by reduction every potential user, will have to agree on how to
recompense each and every user who desires to be paid for their submissions.
This, to me, leads incontrovertibly to the conclusion of a beurocratic
nightmare that will not significanly assist anyone other than the regulatory
agencies. The only other answer that seems even close to working (and I
consider this a stretch of the imagination) is one where everyone is given
access for free and the governments regulate the traffic completely and pat
for it with tax dollars.

As to the issue as it applies to community bbs'es. I run such a system and am
in the process of getting it on the net. As part of this project I have 2
other systems that I will be providing feeds for. These systems are all run
by individuals who have these boxes sitting in their den. By insisting on a
priori copyright of all material it is my opinion that you are creating a
situation which will prevent the growth of such systems. Now if we don't have
regulatory agencies and the sites are indipendant (and I assume self
supporting) how can we expect some Joe or Jill to put up a system to help the
people in their neighborhood if they have to keep looking over thier
shoulders for the copyright police? The answer is they won't put up such
systems and we all loose.

By providing strong crypto tools for business and individuals to protect
their intellectual and commercial property we are creating an open door
atmosphere which motivates people to join the network for their own enjoyment
and edification. This to me is more important than keeping the present view
(as applied to non-networked environments) of copyright. It is time that we
as uses of Internet set a precedence before the legislators set one for us
that will in the long run only assist those already in power by strangthening
the need for regulatory agencies.

I strongly suggest that you all consider this idea from the global and long
term view. I think you will find that the view "information wants to be free'
is the way to go.

To this end I propose that organizations such as EFF and cpunks take the
position of a priori public domain status of network submissions. Also that
all individuals who wish to retain intellectual or commercial rights either
use strong crypto w/ e-mail distribution of keys or a change be implimented
in message headers such that sites who don't wish to carry such material can
filter it, along with this should be a requirement that any such non-
crptographicly secure material must contain a fair use policy at the
beginning of each and every document.

It is time we quite letting big brother tell us what we can do with our ideas
and how to distribute them.






From qwerty-remailer at netcom.com  Wed Feb  2 16:01:02 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 2 Feb 94 16:01:02 PST
Subject: New remailer up.
Message-ID: <199402022358.PAA02516@mail.netcom.com>


Perry Metzger wrote,
"Tapping Netcom's net connections would take more than $20 of effort.
Up it to $50,000 and I'll happily take on your offer. However, I am
going to need assurances that the money will actually be paid."

This is exactly the point I was trying to make. I wanted the
word "trivial" to be clarified by those who were being so vocal
about dismissing a remailer on Netcom.

You'll also need a good lawyer when Netcom finds your tap ;-).

But I'm sure some skilled hacker will be able to tell me the site and
I'll happily be out $20, in say, a couple days? No use hacking my
password, as I keep no logs (for now). The reason it's only $20, is
that I am indeed honestly interested in knowing something about my
remailer's security, and I don't know enough internet/Unix to risk
being a total sucker.

-Xenon






From lefty at apple.com  Wed Feb  2 16:06:13 1994
From: lefty at apple.com (Lefty)
Date: Wed, 2 Feb 94 16:06:13 PST
Subject: New remailer up.
Message-ID: <9402030002.AA22907@internal.apple.com>


>Tapping Netcom's net connections would take more than $20 of effort.
>Up it to $50,000 and I'll happily take on your offer. However, I am
>going to need assurances that the money will actually be paid.

Oh, very, _very_ impressive.

Hey, Xenon, _I'll_ do it for only $47,500, but I'll need 50% up front.

"Oh, I don't mind a parasite; it's a _cut-rate_ one I object to..."

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From kshep at netcom.com  Wed Feb  2 16:15:32 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Wed, 2 Feb 94 16:15:32 PST
Subject: List Scum and Other Dross (was: system logging)
In-Reply-To: <199402022017.MAA20262@mail.netcom.com>
Message-ID: <Pine.3.85.9402021928.A14809-0100000@netcom6>


On Wed, 2 Feb 1994 nobody at qwerty.org wrote:

> PGP Slave,
> 
> Could you please announce my full name, phone number, address, visa card
> number, a giff of my signature, height, weight and driver's licence number
> not only to the Cypherpunks mailing list but to many usenet groups as well,
> since you obviously feel I no longer wish to be known to the masses as
> Xenon, and I instead want them to start calling me and postal mailing me
> asking for copies of PGP. Thanks asshole. I thought the people on this
> list were concerned with privacy, but I was wrong. I mention Xenon in
> my personal .plan, but I ask people to let me keep the small amount of
> extra privacy I still retain.

My sympathies to you. Others, too, on this list have no respect for 
privacy, as they post private e-mail to the list with out permission, but 
make threats in private unposted e-mail. This especially applies to those 
who violate privacy and make threats under pseudonyms at places and 
servers that don't support finger or netfind. It is ironic, but sadly 
this is what the "notorious" Detweiler was teaching us. 

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata







From bgold at tlcnet.aps.muohio.edu  Wed Feb  2 16:21:02 1994
From: bgold at tlcnet.aps.muohio.edu (Bruce Goldflies)
Date: Wed, 2 Feb 94 16:21:02 PST
Subject: unsubscribe
Message-ID: <9402030020.AA00850@tlcnet.aps.muohio.edu>


please unsubscribe me from the list
Thanks





From pmetzger at lehman.com  Wed Feb  2 16:21:14 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 2 Feb 94 16:21:14 PST
Subject: New remailer up.
In-Reply-To: <199402022358.PAA02516@mail.netcom.com>
Message-ID: <199402030019.TAA06390@snark>



qwerty-remailer at netcom.com says:
> Perry Metzger wrote,
> "Tapping Netcom's net connections would take more than $20 of effort.
> Up it to $50,000 and I'll happily take on your offer. However, I am
> going to need assurances that the money will actually be paid."
> 
> This is exactly the point I was trying to make. I wanted the
> word "trivial" to be clarified by those who were being so vocal
> about dismissing a remailer on Netcom.

Well, the problem is that NETCOM has logs that are good enough that
THEY can trivally trace things if they want. Assuming they are doing
normal SMTP logging tracking you down should be easy. I would require
a network tap assuming that I wasn't going to have their help.
However, make no mistake that Netcom can and will cooperate with the
police if you use your remailer in a way that the government doesn't
like, so it seems that the security afforded isn't that good.

> But I'm sure some skilled hacker will be able to tell me the site and
> I'll happily be out $20, in say, a couple days?

Without any information out of the network logs or the network itself,
no one is going to be able to say. Besides, $20 is a paltry sum for
the amount of work involved.

> No use hacking my password, as I keep no logs (for now).

Netcom keeps logs.

.pm





From loki at nately.UCSD.EDU  Wed Feb  2 16:41:03 1994
From: loki at nately.UCSD.EDU (Lance Cottrell)
Date: Wed, 2 Feb 94 16:41:03 PST
Subject: SASE Suggestion
Message-ID: <9402030041.AA12425@nately.UCSD.EDU>



:Lance Cottrell writes:
:
:> I have been meditating on this problem of return
:> addresses, and have a proposal. The remailers
:> can not be allowed to choose the return path,
:> as any corrupted remailer will corrupt the rest
:> of the path.
:
Jim Miller writes:
:As I understand it, the remailers don't "chose" the return path, Bob (the  
:sender of the original message) choses the return path when he creates the  
:SASE.  All the remailers do is interpret the part of the SASE that becomes  
:readable to them after decrypting the SASE portion sent to them from the  
:previous hop.  If all is working, what becomes readable is the address of  
:the next hop (closer to Bob) and some misc other stuff (postage, maybe,  
:and perhaps another encryption key).
:
:Am I not understanding something correctly?
:
:Jim_Miller at suite.com
:

One SASE scheme recently suggested involved sending a request for
a SASE to a ramailer, stating the number of jumps required. It then
sent it to another remailer, and so on. Each adding a layer, and eventually
sending the results to the desired correspondent. I mentioned that if the
first remailer was corrupted, that the whole chain was (it would only send
to other corrupt remailers).
----------------------------------------------------------
Lance Cottrell	who does not speak for CASS/UCSD
loki at nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
			--Nietzsche
----------------------------------------------------------





From qwerty-remailer at netcom.com  Wed Feb  2 17:21:03 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 2 Feb 94 17:21:03 PST
Subject: New remailer up.
Message-ID: <199402030119.RAA17214@mail.netcom.com>


Perry wrote,
"However, make no mistake that Netcom can and will cooperate with the
police if you use your remailer in a way that the government doesn't
like, so it seems that the security afforded isn't that good."

So you aren't interested unless you can commit serious felony crimes
using a given remailer? I would be happy if criminals stayed away from
my remailer. What do you mean by "security"? And if the police find out
a personally owned machine was involved, I couldn't imagine them not
just swooping in at midnight and taking it away at gunpoint. I hope
those privately owned machines don't have logs ;-). In my mind, the whole
secret to gaining privacy is not attracting attention in the first place.
Using a remailer DOES allow a person to communicate anonymously with
someone else, in two directions. If a party has enough power to tap
Netcom, then sendmail logs or no sendmail logs, they will find you.

and,
"Besides, $20 is a paltry sum for the amount of work involved."

Think of it as a trophy, which I'm sure most understood. I'm not offering
you a job.

I appreciate your view though, and since I've posted a request for
remailer comments, might you help us all and send me some comments about
the various remailers and what types of security each affords? If some
wish to use remailers for serious underground activity, which should they
use or not use? If they just want to keep bounced mail from telling their
system postmaster who they're talking to, then that's a different type
of security need.

-Xenon





From wisej at acf4.NYU.EDU  Wed Feb  2 17:21:14 1994
From: wisej at acf4.NYU.EDU (wisej)
Date: Wed, 2 Feb 94 17:21:14 PST
Subject: fwd: Canadian gov't eavesdropping
In-Reply-To: <9402021727.AA04813@netmail2.microsoft.com>
Message-ID: <Pine.3.87.9402022029.A16772-0100000@acf4.NYU.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 2 Feb 1994, Mike Markley wrote:

> | From: Eli Brandt  <netmail!ebrandt at jarthur.Claremont.EDU>

> | > HIGH-TECH SNOOP GADGET.  A super-secret branch of the Canadian Security
> | > Intelligence Service has awarded three contracts to a Montreal firm to mak
e
> | > equipment that can quickly isolate key words and phrases from millions of
> | > airborne phone, fax, radio signals and other transmissions. The hardware
> | > has the "Orwellian potential to sweep through ... and keep records of all
> | > conversations," said one CSIS critic.  (CTV National News, 01/31/94 11:00
> | > pm).
> |
> | Dunno how feasible this kind of keyword recognition presently is,
> | but here's another reason to encrypt.
>
> I'd be curious to see how they are going to do voice recognition on
> random conversations. Unless I am very sadly out of date you need to
> teach the pattern matcher individual voices.
>
You'd be surprised.  For example, Plaintalk, a system extension bundled with the
AV-series macintoshes, does voice recognition based solely on phonemes.  
Although it is not perfect yet, I can personally attest to having walked up to a
model on display in a store, tried a few simple commands by voice, and had no 
problem with recognition.  The technology _is_ there.

				Jim Wise
				wisej at acf4.nyu.edu
				jaw7254 at acfcluster.nyu.edu
-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVBRwzS8O1DgkhNpAQEQcgP/cQZm7qvbwTzRrHFVO7NeGtTKCoguSqng
kH/6Mj2HOkndDydTpeZh5Zcb9JeuZHERagcD6ese71Yjihry/KTh6fNzDnYJhb/N
5vOlZZAa/8LgnLaF3IZWJJmrHqhTGlitD9AFMrFGrt420ij4GzTWsLN93Ctm7MBg
sWZvuj9JL7o=
=U/4B
-----END PGP SIGNATURE-----







From qwerty-remailer at netcom.com  Wed Feb  2 17:31:14 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 2 Feb 94 17:31:14 PST
Subject: New remailer up.
Message-ID: <199402030131.RAA20660@mail.netcom.com>


Sure, a vanilla user at netcom probably can't track the remailer logs,
unless of course there are BUGS in SENDMAIL (gasp!) or SunOS or whatever.
But remailers aren't just to keep random users from knowing who you are
so you can post better anonymous letters to alt.sex.anonymous.
At least some of us would like real privacy, and consider remailers
a useful part of this, and this means that if you're using remailers
to communicate with your sources for the newspaper article you're writing
on the CIA's cocaine delivery shortfalls or the NSA/Trilateralist designs for
the National Health Care ID Card or your mayor's child pornography habits,
that nobody can track you or your sources down easily.
That means that root at netcom.com can't do it using the root password,
even if they want to comply with the subpoena, and the Secret Service
can't do it after confiscating netcom's machines or wiretapping their phones.

Non-encrypting remailers can never really get that good, but they can
at least d part of the job, and encrypting remailer networks may get
that good if there's enough traffic through the system.

So meanwhile, are you giving root at netcom.com permission to try to
identify the source of your mail and win the $20 for finding out
whether you're really Xenon or you're really L.D.'s evil twin Skippy?
(No idea if they'll try, or if they're even listening....)

					- Radon
					





From frissell at panix.com  Wed Feb  2 17:55:34 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 2 Feb 94 17:55:34 PST
Subject: Josh Quittner`s Newsday c
Message-ID: <199402030153.AA21905@panix.com>


Welcome to new lurkers (if any) from our recent NYT and Newsday publicity.

To give you something a little more interesting than "Is Usenet in the 
Public Domain?" to read, here is my response to Joshua Quittner's column 
in Newsday.

>Tuesday, 01 February 1994
>
>CODING UP A BIT OF PRIVACY
>
>Time is running out for the Cypherpunks.

Actually we have all the time in the world.  One cannot build a New 
Information Infrastructure without including the tools that anyone can 
use to communicate privately.

>This is their central question:  In a future world where all information 
>is centralized on a network, where all information is tracked by the bit, 
>where every purchase you make and every communication can be monitored by 
>corporate America, how does privacy survive?  

More of a problem in the past than in the future.  When P.J. O'Rourke had 
lived in a small New Hampshire town for a year or so and went to the 
store to shop for some clothes the clerk remarked, "That's not the brand 
of underwear you usually buy."  One's life was more of an open book in 
the village and the tribe than it will be in the electronic village.  
Particularly since you can build private networks/"places" that exclude 
anyone you want.

>"The whole information highway thing is now part of the public eye," 
>explain Eric Hughes, a founder of the Cypherpunk movement.  "If we don't 
>change it now, it'll be impossible later."

Misquote?  It's usually better to do the job early than late but the 
nature of network communications is such that it's hard to control at any 
time.

>They dread the coming commercial network of televisions and computers, 
>saying it will displace the Internet and destroy many of the freedoms 
they
>now enjoy.

Surely not the anarcho capitalists who probably represent a majority of 
active cypherpunks.

>For the first time, virtually unbreakable codes are now possible, thanks 
to 
>computers.

I won't say it.  Certainly computers make it easier to *use* encryption.

>The the U.S. government is concerned, as governments always are, about 
>the spread of powerful cryptography (terrorists could use it, kidnappers 
>could use it, drug dealers could use it,

Communications intercepts are rarely used to prosecute crimes.

>The (Clipper) chip is reviled by Cypherpunks and other civil libertarians 
>because it provides a back door that law-enforcement agencies could 
enter,
>with the proper warrants, for surveillance.

Warrants not required, just a certification that the law enforcement 
agency has proper authority to do a communications intercept.

>"I'm starting a bank, and it's not going to be a U.S. bank," Hughes 
>says.  

>The bank will store depositors' money (he's thinking a $200 minimum 
>deposit) and disburse payments to anyone --- all over the Internet.  It 
>will be based abroad, maybe in Mexico. 

Where did Mexico come from?

>A Cypherpunk network bank is one way to pay for a network of truly 
>encrypted, private communications, you see.

Along with lots of other nice things.  Computers have been killing 
traditional banks for years (ever since they enabled the creation of 
Money Market Funds in the '70s).  Netbank (and its many competitors) will 
continue the process.

***********

Duncan Frissell

You don't have to be nice to nation states you meet on the way up if 
you're not coming back down. 
--- WinQwk 2.0b#1165                                                                     





From mediak at well.sf.ca.us  Wed Feb  2 18:11:03 1994
From: mediak at well.sf.ca.us (Joseph Matheny)
Date: Wed, 2 Feb 94 18:11:03 PST
Subject: UNSUBSCRIBE
Message-ID: <199402030210.SAA22612@well.sf.ca.us>


Unsubscribe:mediak at well.sf.ca.us





From qwerty-remailer at netcom.com  Wed Feb  2 18:11:14 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 2 Feb 94 18:11:14 PST
Subject: New remailer up.
Message-ID: <199402030211.SAA00952@mail.netcom.com>


"So meanwhile, are you giving root at netcom.com permission to try to
identify the source of your mail and win the $20 for finding out
whether you're really Xenon or you're really L.D.'s evil twin Skippy?"

I have no answer to that. I don't know what "permission" means in this
context. I never discluded Netcom employees though. I doubt they would
wish to appear to have lax security by posting the answer though.

Does L.D. have an evil twin? I hope he doesn't get a Unix account.

Seriously, your comments were the first I've seen that really explain to
me what sort of security problem a Netcom remailer faces. Now then, I
ask you as well, might you fill in a few of the blanks in the remailer
list I posted. I could send it to you if you missed it. What are the
"serious" remailers, do they keep mail logs, and are they reliable?

-Xenon





From qwerty-remailer at netcom.com  Wed Feb  2 18:16:14 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 2 Feb 94 18:16:14 PST
Subject: anonymous mail bombers and what to do about them
Message-ID: <199402030216.SAA01922@mail.netcom.com>


Don't feed the animals.

Generally, when one person is mail-bombing another, either there 
has been a fair amount of provocation by at least one of the parties,
and escalation of childishness isn't as useful as trying to
resolve some of your differences, though it can offer a certain amount
of basic 4-year-old ego satisfaction.  

If somebody's mail-bombing you, and they're root, and they're not doing
it anonymously, you don't need to either; the worst revealing your 
identity will do at that point is encourage them to mail-bomb you.
And your system administrator probably already knows who you are by now,
assuming the bombing has been at a high rate.

If the bomber is root on his home machine, and the bombs include
bad words that aren't mere reflections of your words to him,
you could always complain to the phone company that you're receiving
obscene phone calls.  I doubt the policies or laws about that
specify whether the calls have to be made in spoken English....

If the bomber is root on his business machine, you can complain to
his management, assuming you can locate them.  Some managers get
very bent out of shape about this and do random clueless things,
others conservatively protect their company images,
others ask what state and federal laws have been broken and
tell you to stifle yourself if the answer is "none".

If the bomber is root on his home PC at a university,
arbitrary randomness can occur.

On the other hand, if you're really L- D-, and the person who is
mailbombing you is Perry Metzger, expending large amounts of
childishness in his direction will not accomplish anything positive
for either of you, and if both of you start sending N copies of
each others' mail to each other, exponential growth will not
help either of your systems.  If you're not really L- D-, but
the person who is mailbombing you is still Perry, try talking
rationally to him; he can do that just fine if he thinks it's worthwhile.

If you're really L- D-, and the person is or is not Perry, we can help.
Post your full name, home address with precise latitude  and longitude,
and we'll be happy to deliver some advanced plutonium products 
you may find useful in resolving your problems.

				"Deuterium"
				(oh - wait - maybe I'm "Tritium" today?)
				(or was that "Lithium"?)
				





From CHRISTI1 at MUVMS6.WVNET.EDU  Wed Feb  2 18:21:03 1994
From: CHRISTI1 at MUVMS6.WVNET.EDU (IGOR)
Date: Wed, 2 Feb 94 18:21:03 PST
Subject: anonymous mail
Message-ID: <01H8FA8ERMXS001OXX@MUVMS6.WVNET.EDU>


If there is an admin above him, speak with that admin, also mail cert at cert.org
and mail the nsf explaining to them what has been happening, or mail
kfithen at cert.org  She is a really nice lady, and she could help you on this. 
If all else fails, do that and send the fakemail...if you are sure that you
wont get caught.

Bob


                                    \////           
 			            (0 0)                                  
 *------------------------------oOO--(_)--OOo---------------------------------*
 | Bob Christian II  "IGOR"      *       Internet:Christi1 at muvms6.mu.wvnet.edu|
 | Marshall University         *****     E-Mail: Christi1 at muvms6.wvnet.edu    |
 | Huntington, WV                *       GET HIGH....LEARN TO FLY!  IP-ASEL   |
 | Student/D.J 88.1 WMUL FM      *       Major:Undecided(CJ/LAW) Minor:AVT    |
 *----------------------------------------------------------------------------*
--I love flying because there is no speed limit(^10k) and Radar is your friend!
--Marshall assumes no libility for what I say, because my words are MINE!






From wcs at anchor.ho.att.com  Wed Feb  2 18:35:34 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 2 Feb 94 18:35:34 PST
Subject: Qwerty Remailer Delays
Message-ID: <9402030231.AA03865@anchor.ho.att.com>


It's not very clear how long the delays should be; depends on traffic
to/from your remailer and to some extent to/from the other sites
your remailer cooperates with and the machine it runs on.

If the delay is near-zero, relative to the rest of your traffic,
traffic-analysts can see mail going to your remailer,
followed quickly by similar-sized mail going to another location,
and guess that the two are related, especially if they're
reading the mail itself.  (For instance, if netcom is a bunch of
machines on an Ethernet, and somebody breaks root on one of them,
packet-sniffing the net may catch a non-trivial amount of your
mail going in at least one direction.  It's certainly easier than
tapping all the phones if you don't have a warrant.)

How much you need also depends on your threat model - do you expect
monitoring by netcom users only, active monitoring by root,
logfile examination without ongoing monitoring, etc....?

If there are a bunch of other messages in between,
especially if you're sending most of them to the same destination
(e.g. instead of always choosing a random remailer to send through,
you pick one remailer and send a batch of N messages to it;
and maybe use a different remailer for the next batch)
then it's harder to correlate incoming and outgoing messages.

One strategy for batching is to accumulate N messages and send them
at once, rather than delaying for N minutes.  This may cause rather long
delays, unless you either get lots of traffic or else give up
and send the real message and some fake ones after rand{5..N} minutes.
(If you use  fixed N, it's easy to track when traffic is low.)

Bill





From wcs at anchor.ho.att.com  Wed Feb  2 18:41:04 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 2 Feb 94 18:41:04 PST
Subject: digital signatures/copyright
Message-ID: <9402030239.AA03921@anchor.ho.att.com>


-----BEGIN PGP SIGNED MESSAGE-----

Brian Williams asks:
>  Could one make a case that the use of Digital signatures in
>  messages imply's copyright retention by the author?

No - you can make a case that the author doesn't want his words to be 
forged or tampered with, and is using technology rather than law to enforce it.

Doesn't affect the rest of the legal situation, though one could
try to argue either that the author was or was not expecting copyright.

-----BEGIN PGP SIGNATURE-----
Version: 2.3z

iQCVAgUBLU/2HdCcBnAsu2t1AQF15gP+IqS3o0gNeHng9BSqlk95KzmPwp3oo70p
j2FVYHNOeUKgDSAAwvWr+p3/DOwTafSkJf4A5gW33NOKr0E9JZ4In349RAoueTku
J94VMajT4i7yhOC8X41RPkVLlCltPDRo04SS8h5UFnEk/zFxiTkvXY9mpBcK3yUw
vYY9pbmupSc=
=KbXS
-----END PGP SIGNATURE-----



		Bill





From pgpkeys at wasabi.io.com  Wed Feb  2 18:51:03 1994
From: pgpkeys at wasabi.io.com (PGP Slave Key Server)
Date: Wed, 2 Feb 94 18:51:03 PST
Subject: New server up.
Message-ID: <199402022116.VAA20077@wasabi.io.com>


	PGP Slave,

I hear and obey O Master.

	Could you please announce my full name, phone number, address, visa card
	number, a giff of my signature, height, weight and driver's licence number
	not only to the Cypherpunks mailing list but to many usenet groups as well,

If you insist :-)  (Can you give me a few more days to comply?...I`m having
some trouble getting a copy of your signature.  One of the guys in the chem
faculty says he knows where he can get one at the weekend...)

	since you obviously feel I no longer wish to be known to the masses as
	Xenon, and I instead want them to start calling me and postal mailing me
	asking for copies of PGP. Thanks asshole. I thought the people on this
	list were concerned with privacy, but I was wrong. I mention Xenon in
	my personal .plan, but I ask people to let me keep the small amount of
	extra privacy I still retain.

Hey bud, you`ve clearly misunderstood the whole point of the movement.  You
get whatever privacy you can make for yourself through technology.  Any dolt
who goes to the extent of using two remailers and a penet id to hide his
identity then puts his nym`s secret key in his True Name signature file
gets the privacy he deserves.  Anyway, whats the big deal?...noone who
read my post will have a clue who you are unless you tell them yourself; and
anyone who could track you down from the two bits of info in that post is
more than capable of tracking you down the same way I did from the public
logs on netcom.  I was just waving enough of a red rag at you to make the
point forcefully...  (remember your the one arguing against putting delays
more than 15 minutes in a remailer system...)

The point I was making was that you cannot rely on trust such as a lack of
logs alone to keep things like remailer chains secure...you *have* to build
the security into the technology and the protocols.  You must assume that
The Bad Guys (tm) have full access to all the logs of all the machines that
run remailers...if not directly then by watching the wires.  So any remailer
scheme has to include dummy traffic, significant delays, and encrypted input
way back at the sender`s end.  And the protocol has to be such that a remailer
chain is as strong as its strongest link, not as weak as its weakest link,
meaning if 9 out of 10 remailers have been compromised but the 10`th is run by
Honest Joe, then Honest Joe`s trustworthiness is sufficient to defeat the evil
forces of TBG with there 9 bogus servers.

	You wrote,
	"qwerty account or not, the public logs on netcom show more than enough
	info to trivially track people down."

	Trivial? And so you hack out the info that a message went from remailer
	A through qwerty and on to remailer B, at a certain time. You haven't
	tracked down anyone my friend.

Yo dude, I found *you* didn`t I?  And it took me less than 5 minutes.  So
bite me.

PS How to build your own mailer logs on netcom...just stay on long enough
and keep typing `mailq`...no problemo...I can`t be bothered but if I could
thats how I`d track traffic through qwerty for your $20...





From qwerty-remailer at netcom.com  Wed Feb  2 19:11:03 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 2 Feb 94 19:11:03 PST
Subject: New remailer up
Message-ID: <199402030311.TAA14987@mail.netcom.com>


I haven't really kept track of which remailers are how reliable;
they're almost all relatively new and experimental,
people are hacking software, they go up and down a lot,
and I almost never use them anyway.  I also don't like
keeping track of the syntax and which ::'s are followed by which ##s :-)

Julf's anon.penet.fi remailer is serious; he's done a lot of work
to get a private machine, payng for a reasonably expensive
64kbps line himself, and has it located somewhere that only 3 people know.
(The original was located at a university, and somebody decided
they wanted it Closed.)  It's also outside the US, which is useful,
.  On the other hand, it works differently than the one-way anonymous remailers,
uses up a substantial fraction of the net.bandwidth into FInland,
and costs him real bucks - somebody ought to start a US equivalent
and deload him.

I'd guess tht extropia is also probably well-run, or at least 
has good features.  But I haven't used it.





From kevin at axon.cs.byu.edu  Wed Feb  2 19:35:34 1994
From: kevin at axon.cs.byu.edu (Kevin Vanhorn)
Date: Wed, 2 Feb 94 19:35:34 PST
Subject: New remailer up.
In-Reply-To: <199402030119.RAA17214@mail.netcom.com>
Message-ID: <9402030335.AA16272@axon.cs.byu.edu>


>> However, make no mistake that Netcom can and will cooperate with the
>> police if you use your remailer in a way that the government doesn't
>> like, so it seems that the security afforded isn't that good."
>
> So you aren't interested unless you can commit serious felony crimes
> using a given remailer? I would be happy if criminals stayed away from

Things "that the government doesn't like" and "serious felony crimes"
are not the same.  People in positions of governmental power have
all too often in the past used that power to harrass others who have
committed no crime.  Remember how Nixon used to sic the IRS on his
political enemies?  And the ATF has a sordid history of harrassing
harmless people, including trying to trick them into committing
technical violations of obscure gun-control regulations.  Often enough,
government officials harrass people who have broken no law, but have
only behaved in a way that those officials WANT to be made illegal.

-----------------------------------------------------------------------------
Kevin S. Van Horn     | It is the means that determine the ends.
kevin at bert.cs.byu.edu |






From remailer at merde.dis.org  Wed Feb  2 20:01:04 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Wed, 2 Feb 94 20:01:04 PST
Subject: PGPTools Minor Bug
Message-ID: <9402030359.AA28381@merde.dis.org>


-----BEGIN PGP SIGNED MESSAGE-----

There is a minor bug in PGPTOOLS.C which needs to be fixed. In 
pgp_extract_rsa, two lines need to be added. This variable was not being
cleared. When the precision was later set to max, there was garbage left
in the high-order bytes of the mpi. This caused the size of the MPI to be
wrong, and the function would not decrypt 2.2 or earlier packets. It could
also occasionally fail to decrypt a 2.3 packet. Sorry about that.

					   Pr0duct Cypher

/* Decrypts and extracts the key from an RSA-encrypted block */
/* Returns true if successful, false if not */
int pgp_extract_rsa(struct fifo *f,byte ideakey[16],
     struct pgp_pubkey *pk,struct pgp_seckey *sk)
{
struct mpi *p=safemalloc(sizeof(struct mpi));
struct mpi *c=safemalloc(sizeof(struct mpi));
unit *dp=safemalloc(sizeof(unitarr));
unit *dq=safemalloc(sizeof(unitarr));
unit *temp=safemalloc(sizeof(unitarr));
byte result;

word16 checksum=0;
byte *pp;
byte type;
word32 length;
set_precision(MAX_UNIT_PRECISION);        <--------- ADD
mp_burn(p->value);                        <--------- ADD
set_precision(bits2units(pk->n.bits+SLOP_BITS));
pgp_examine_packet(f,&type,&length);

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLU4ptsGoFIWXVYodAQG3GQQApg45mfrbfoUP4BhrtmvE+zRGdSp6zx9+
M7GDnJ+vpCVzQj6S7Z+y1RZ4FFAT6yX/63oeVvhW8FzNZ1s5xOZivbIZrhC6WPJU
qZiuy/veXD7OrWpUJueucT5xPF/Nsjdx3w2DiAy2x7YtRycpzugMSpSdvJcCcOuK
rGBkPV2eJDc=
=+WVh
-----END PGP SIGNATURE-----





From fnerd at smds.com  Wed Feb  2 20:15:34 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Wed, 2 Feb 94 20:15:34 PST
Subject: fwd: Canadian gov't eavesdropping
Message-ID: <9402030355.AA05275@smds.com>


Mike Markley says-

> I'd be curious to see how they are going to do voice recognition on 
> random conversations. Unless I am very sadly out of date you need to 
> teach the pattern matcher individual voices.

I remember a story from a conference in the sixties where someone 
wanted to prove the point that it's much easier to make a recognizer 
for all voices if you're only looking for a certain word.  So he built 
a "watermelon" box.  He sits this up on the podium with him and gives 
his talk, which naturally at some point gets to...

"...a single word, for instance 'watermelon.'" *beep!*

Then later there's a Q&A period, of course...

A: Please step up to the microphone...
Q: You mean all this thing does is recognize the word "watermelon,"
   *beep!* and that it can recognize the word "watermelon" *beep!*
   no matter who says it?
A: That's right, it's an any-speaker, "watermelon" *beep!* recognizer.
Q2: Why the word... "watermelon" *beep!* exactly?
...

-fnerd *BZZZT! AAAAARRRRROOOOGAH!*
quote me
- -
cryptocosmology- sufficiently advanced communication is indistinguishable
                 from noise - god is in the least significant bits
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From matthew at gandalf.rutgers.edu  Wed Feb  2 20:31:04 1994
From: matthew at gandalf.rutgers.edu (Matthew Bernardini)
Date: Wed, 2 Feb 94 20:31:04 PST
Subject: Archiving mail-lists...
Message-ID: <CMM-RU.1.3.760249617.matthew@gandalf.rutgers.edu>


What do you call 1,000 copyright lawyers chained to the bottom of the ocean ?








1)A good start.
2)A drop in the bucket.
3)A boring Swim Party.



I can't take five hundred messages in a week from people calling each other
names and including 500 lines of previous posts !!!!
Give my mailbox a rest, eh ?





From remailer-admin at chaos.bsu.edu  Wed Feb  2 20:41:04 1994
From: remailer-admin at chaos.bsu.edu (Anonymous)
Date: Wed, 2 Feb 94 20:41:04 PST
Subject: No Subject
Message-ID: <199402030530.XAA11324@chaos.bsu.edu>



Perry almost wrote:

> Anyway, people who want to use the law to restrict distribution of
> their software are extremely foolish. Your code is out there
> it WILL be copied. Forever. You can't help it. If you don't want
> people to use your software, don't write it.






From newsham at uhunix.uhcc.Hawaii.Edu  Wed Feb  2 21:26:04 1994
From: newsham at uhunix.uhcc.Hawaii.Edu (Tim Newsham)
Date: Wed, 2 Feb 94 21:26:04 PST
Subject: LPC on ADSP2105
Message-ID: <9402030525.AA18455@uhunix.uhcc.Hawaii.Edu>




I have recently finished my senior project on low-bandwidth coding
of speech.  I outline an implementation of Linear Predictive Coding
(LPC) on the ADSP2105.  I am making the paper and the source code
freely available in hopes that it may interest and possibly help
someone.  In order to avoid having to mail out copies seperately
to everyone who is interested I am putting the paper temporarily
on:

    ftp.uu.net:/tmp/lpc-paper.tar.gz

If you know of an archive for which this paper is suitable please
let me know how to submit it there or submit it yourself and let
me know.  The archive is a tar'ed collection of files, to unpack:

   gzip -d lpc-paper.tar.gz
   tar xvfp lpc-paper.tar

The contents of the archive are:

   Makefile
   README
   a4.sty
   lpc.ps
   lpc.tex
   lpc4b.asm
   notes.tex
   schematic
   schematic.ps
   source.tex
   
and contain postscript and LaTeX formats of the document. 

Here is the abstract:

\begin{abstract}
An implemenation of Linear Predictive Coding, a low-bandwidth 
speech encoding scheme, 
built around the ADSP-2105 signal processing CPU is described.  The
hardware schematics and software source code listing are included.
\end{abstract}

                                   Tim N.

(ps.  I am no longer subscribed to the cypherpunks list so
if you wish to reply, send the reply directly to me)






From catalyst-remailer at netcom.com  Wed Feb  2 22:25:35 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Wed, 2 Feb 94 22:25:35 PST
Subject: New remailer up.
Message-ID: <199402030624.WAA23896@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

ndw1: mail qwerty at netcom.com
Subject: Re: new server up.
::
Request-Remailing-To: cypherpunks at toad.com

(Skip to end for actual remailer discussion.)

PGP Slave,
"If you insist :-)  (Can you give me a few more days to comply?...I'm having
some trouble getting a copy of your signature.  One of the guys in the chem
faculty says he knows where he can get one at the weekend...)"

Thanks again. Now everyone knows to never tell YOU any secrets, no matter
how trivial they might be, since you will post them. Who's the 'punk?

and,
"Hey bud, you`ve clearly misunderstood the whole point of the movement.  You
get whatever privacy you can make for yourself through technology.  Any dolt
who goes to the extent of using two remailers and a penet id to hide his
identity then puts his nym`s secret key in his True Name signature file
gets the privacy he deserves."

I'm not sure you understand what -----BEGIN PUBLIC KEY BLOCK----- means.
Or were you fingering someone else? Am I missing something?

I am using two remailers to help out with the lack of traffic, not to hide my
identity.

There are many levels of privacy, and the one I am concerned with does not
involve anything other than that Usenetters who are NEWBIES being forced to
contact me via e-mail. It also involves not having the people I work around
who are not my close friends gossiping about, mindlessly, about "what I am
trying to hide" with my use of PGP. This is a personal thing, and using
a nickname on Usenet is as strong of security as I need to meet this need.

When I joined this list and started using Cypherpunk remailers I decided to
not maintain my anonymity in a vigorous manner. I think you are trying to
show off what a super hacker you are by typing "last qwerty", or even just
"finger qwerty" from outside, to see my local site that I telnet in from,
then typing the master-hacker magic-line "rusers my.site". I am impressed
that you too can type these commands, and you get the Xenon Hacker God
Award for the entire year of 1994. However, I would rather talk about
remailer security levels than trying to cope with someone embarrassing
themselves posting their "discovery" of my "real identity".

I am not "hiding my identity", I am maintaining a minimal amount of PERSONAL
privacy, at a security level that fits my needs; I am using a NICKNAME. For this
purpose, qwerty and catalyst serve me well. I'm not sure why you have so
much fun disrespecting a person's privacy. I arrived here with a simple
question, "Can I use your remailers for bulk mailing of 1-3MB a day to
people wanting the PGP FAQ and MacPGP Guide? What are the qualities
of each remailer?" I think I understand the movement quite well, but
I understand there IS NO fully secure remailer network which I would bet my
life on. And I understand and am acting upon what few seem to care about,
which is getting a large number of people outside of the internet-skilled culture
using secure encryption. There are 50-100 million Mac and Windows users,
and the majority of those with a modem use their internet connection for simple
e-mail ONLY. Many only HAVE e-mail in fact. PGP has mass media attention,
but very few are using it since they can't get it by a 1-800 number. I hope
ViaCrypt will change this, with Mac and Windows versions.

 -----BEGIN REMAILER DISCUSSION BLOCK-----

and,
"logs on netcom.  I was just waving enough of a red rag at you to make the
point forcefully...  (remember your the one arguing against putting delays
more than 15 minutes in a remailer system...)"

Finally we are talking about remailers! Thank-you. My telnet log is public.
Netcom's sendmail logs are not (?). There IS a difference. I was arguing
against long delays, which should only be needed if no baseline traffic is
going on. Many people will not be able to function well if say, mail is
batched out at midnight. Rapid two-way communication is very important these
days in getting ANYTHING done, be it above ground OR underground.

and,
"PS How to build your own mailer logs on netcom...just stay on long enough
and keep typing `mailq`...no problemo...I can`t be bothered but if I could
thats how I`d track traffic through qwerty for your $20..."

Now you really do get an award, but not the $20 since that will go to the person
who WAS downloading mailq logs from Netcom ;-). You seem to be absolutely
right. Here is an outgoing piece of mail sent from qwerty:

qwerty: mail alt.test at news.cs.indiana.edu
Subject: Ignore ignore test.
This is a test of 'mailq'.





From catalyst-remailer at netcom.com  Wed Feb  2 22:35:35 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Wed, 2 Feb 94 22:35:35 PST
Subject: New remailer up.
Message-ID: <199402030633.WAA01347@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

(Skip to end for actual remailer discussion.)

PGP Slave,
"If you insist :-)  (Can you give me a few more days to comply?...I'm having
some trouble getting a copy of your signature.  One of the guys in the chem
faculty says he knows where he can get one at the weekend...)"

Thanks again. Now everyone knows to never tell YOU any secrets, no matter
how trivial they might be, since you will post them. Who's the 'punk?

and,
"Hey bud, you`ve clearly misunderstood the whole point of the movement.  You
get whatever privacy you can make for yourself through technology.  Any dolt
who goes to the extent of using two remailers and a penet id to hide his
identity then puts his nym`s secret key in his True Name signature file
gets the privacy he deserves."

I'm not sure you understand what -----BEGIN PUBLIC KEY BLOCK----- means.
Or were you fingering someone else? Am I missing something?

I am using two remailers to help out with the lack of traffic, not to hide my
identity.

There are many levels of privacy, and the one I am concerned with does not
involve anything other than that Usenetters who are NEWBIES being forced to
contact me via e-mail. It also involves not having the people I work around
who are not my close friends gossiping about, mindlessly, about "what I am
trying to hide" with my use of PGP. This is a personal thing, and using
a nickname on Usenet is as strong of security as I need to meet this need.

When I joined this list and started using Cypherpunk remailers I decided to
not maintain my anonymity in a vigorous manner. I think you are trying to
show off what a super hacker you are by typing "last qwerty", or even just
"finger qwerty" from outside, to see my local site that I telnet in from,
then typing the master-hacker magic-line "rusers my.site". I am impressed
that you too can type these commands, and you get the Xenon Hacker God
Award for the entire year of 1994. However, I would rather talk about
remailer security levels than trying to cope with someone embarrassing
themselves posting their "discovery" of my "real identity".

I am not "hiding my identity", I am maintaining a minimal amount of PERSONAL
privacy, at a security level that fits my needs; I am using a NICKNAME. For this
purpose, qwerty and catalyst serve me well. I'm not sure why you have so
much fun disrespecting a person's privacy. I arrived here with a simple
question, "Can I use your remailers for bulk mailing of 1-3MB a day to
people wanting the PGP FAQ and MacPGP Guide? What are the qualities
of each remailer?" I think I understand the movement quite well, but
I understand there IS NO fully secure remailer network which I would bet my
life on. And I understand and am acting upon what few seem to care about,
which is getting a large number of people outside of the internet-skilled
culture using secure encryption. There are 50-100 million Mac and Windows
users, and the majority of those with a modem use their internet connection
for simple e-mail ONLY. Many only HAVE e-mail in fact. PGP has mass media
attention, but very few are using it since they can't get it by a 1-800 number.
I hope ViaCrypt will change this, with Mac and Windows versions.

 -----BEGIN REMAILER DISCUSSION BLOCK-----

and,
"logs on netcom.  I was just waving enough of a red rag at you to make the
point forcefully...  (remember your the one arguing against putting delays
more than 15 minutes in a remailer system...)"

Finally we are talking about remailers! Thank-you. My telnet log is public.
Netcom's sendmail logs are not (?). There IS a difference. I was arguing
against long delays, which should only be needed if no baseline traffic is
going on. Many people will not be able to function well if say, mail is
batched out at midnight. Rapid two-way communication is very important these
days in getting ANYTHING done, be it above ground OR underground.

and,
"PS How to build your own mailer logs on netcom...just stay on long enough
and keep typing `mailq`...no problemo...I can`t be bothered but if I could
thats how I`d track traffic through qwerty for your $20..."

Now you really do get an award, but not the $20 since that will go to the person
who WAS downloading mailq logs from Netcom ;-). You seem to be absolutely
right. Here is an outgoing piece of mail sent from qwerty:

qwerty: mail alt.test at news.cs.indiana.edu
Subject: Ignore ignore test.
This is a test of 'mailq'.

qwerty: mailq
                Mail Queue (58 requests)
 --Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient------------
(much deleted....)
UAA29300*      27 Wed Feb  2 20:13 qwerty
                                   alt.test at news.cs.indiana.edu

And some incoming, as bounced off of hh at cicada.berkeley.edu:

UAA29978*       6 Wed Feb  2 20:20 <hh at cicada.berkeley.edu>
                                   "|/u1/qwerty/remail/slocal.pl"

slocal.pl is part of Hal's remailer scripts.

So who has a remailer to send me that will avoid this? Looks like I'd not use
qwerty or catalyst as the first or last stop in a remailing chain. But if the
only way to track this is AS the mail arrives or goes out, I'd still classify
qwerty/catalyst as being good for casual security uses such as my post
to Usenet above. It would be a lot faster than anon.penet.fi! Then again, a
person could blackmail someone for posting to alt.sex.bestiality. When can
I and many others switch from Netcom to a pubic service Unix network
that is private/secure?

*Again, I'm trying to compile a list of remailers and what levels of
   security each entails. Such a list does not seem to exist. If you ever
   want more traffic....

 -----END REMAILER DISCUSSION BLOCK-----

PGP Slave, despite this misunderstanding, could we declare peace and get
on with a discussion about REMAILERS, instead of my nickname. I'm out
here to learn and try to contribute what I can. I am sending info about
secure encryption to at least a dozen people a day, many of whom would
not otherwise get their hands on PGP or even the PGP FAQ, and I have thus
become the most prolific user of the Cypherpunk remailers. I am doing this
randomly, chained between two remailer at a time. This volume could triple
if I started advertising. I don't misunderstand the movement?

 -Nik (Xenon)

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVBTPASzG6zrQn1RAQH2/QP/dexRZeXe7KRZpADn+hCBUoUExelRJ6hv
A6kARzcymCAa3571u1XDauIcmNTPXDQTQ4bf3D5x94eR2AM43NjPcVBWkZcUYgEk
ROGkIP3fAFnpBCbn0RZPOhIfYt8NnvWY53knRd5JxJbJ6jQxjRG9SfADs2ip8Fpl
v4p6WPlnFHM=
=j2FI
-----END PGP SIGNATURE-----





From qwerty-remailer at netcom.com  Wed Feb  2 23:05:35 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 2 Feb 94 23:05:35 PST
Subject: New remailer up.
Message-ID: <199402030705.XAA03827@mail.netcom.com>


I must thank Hal Finney for pointing me to 'gopher chaos.bsu.edu'. I will
be much better informed about remailers for having found this site. I'm
not sure why it's taken a week for someone on this list to tell me this.

-Nik (Xenon)





From nobody at pmantis.berkeley.edu  Wed Feb  2 23:31:05 1994
From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu)
Date: Wed, 2 Feb 94 23:31:05 PST
Subject: A serious question of ethics
Message-ID: <9402030727.AA27027@pmantis.berkeley.edu>


Ok, I'm in a bit of a quandry.  While surfing the net last week, I
happened across an address addached to a machine that belongs the the 
federal reserve.  No big deal.  I telnetted there on a lark, and entered 
'guest' for the account.  It dropped me into a shell.  It didn't ask for 
a password.  Intrigued, I did a little looking around.  Nothing special, 
a CDRom and about 80 accounts.  But(!!), /etc/passwd was there and 
available and not using shadows.  No, I didn't snatch a copy.

Quandry(ies)

1)  Should I alert someone there about the obvious (and, IMHO serious) 
seciruty hole?

	or

2)  Should I ignore it?

3)  Should I take advantage of it (well, maybe not)

----------

I don't like to see systems so open, no matter who they belong too, and 
the fact that the governments (whether you like them or not) has one this 
open REALLY bothers me. 

But, I also wonder what kind of trouble I could get into.  Technically, I 
violated something just by being there as I didn't have permission, and 
the fact I accessed the passwd file makes it even worse.  If I report it, 
I could be in deep shit.

I could mail to them via a remailer (like penet.fi, so that they could 
answer for more information if needed).  That is a little securer and 
Julf is out of jurisdiction of the FBI hunting me down.

Yes, I'm a little paranoid, but Uncle Sam likes to make examples out of 
white-collar hackers, and for me it was pure and dumb luck (like a jury 
would believe a 22 year-old computer geek isn't trying to gain illegal 
access).

Any suggestions?  Please?  I consider this to be serious (most may not).






From gnu  Wed Feb  2 23:41:05 1994
From: gnu (John Gilmore)
Date: Wed, 2 Feb 94 23:41:05 PST
Subject: Commodity Jurisdiction success for Kerberos Bones!
Message-ID: <9402030739.AA08429@toad.com>


(            )				United States Department of State
( State Dept )				Bureau of Politico-Military Affairs
(    Logo    )				Office of Defense Trade Controls
(            )
					Washington, D.C. 20522-0602

In reply refer to			   Feb  1 1994
OTDC Case:  CJ-012-94

YOUR LETTER DATED:   January 13, 1994

REQUEST FOR COMMODITY JURISDICTION FOR:  "Kerberos 900104
bones.tar.Z patchlevel 6" software program

This commodity jurisdiction (CJ) request was referred to the 
Departments of Commerce and Defense for their review and
recommendations.  As a result, the Department of State has
determined that the referenced commodity falls under the licensing 
jurisdiction of the Department of Commerce.  Please consult that
agency's Office of Technology and Policy Analysis at (202) 482-4145
to determine their requirements prior to export.

Should you require further assistance on this matter, please contact
Maj. Gary Oncale at (703) 875-5655.

			Sincerely,

			   (signed -- but it doesn't look 
			    anything like the name below)

			William B. Robinson
			Director
			Office of Defense Trade Controls






John Gilmore
Cygnus Support
1937 Landings Drive
Mt. View, CA 94043

		-- end of letter from State Department --

Now, what does it mean that we got a Commodity Jurisdiction for the
Kerberos Bones?

It means that the State Department has formally excused itself from
worrying about us exporting the Bones.  If the Commerce Department lets
us do it, it's fine with the State Department.  Exporting the Bones
will not violate the International Traffic in Arms Regulations (ITAR).
(Doing so might still violate other laws -- the State Dept has
expressed no opinion on that.)

This is no surprise, since the Kerberos Bones were deliberately
emasculated to remove anything that might cause the State Department or
the NSA to get upset.  The letter just confirms that that effort was a
success.

I will do a formal check with the Commerce Department, as suggested in
the State Department letter.  My current understanding is that under
Commerce rules (the Export Administration Act), publicly available
software can be exported to any destination.

In particular, I believe this means that there's nothing to fear from
putting up the Bones for ordinary FTP.  (There's a serious First
Amendment issue being debated, over whether export control laws can
prevent you from publishing software via FTP at all -- but even the
most paranoid should now figure it's not an issue for the Bones.)

I encourage people and companies who are interested in export issues
to submit a commodity jurisdiction request for some software that you
want to export, and go through the process.  In public.  The State
Department and NSA don't publish their guidelines for what is exportable
and what isn't, so the only way we-the-public are going to find out
is by asking, and then telling each other.

I've set up an FTP archive of such information on
ftp://ftp.cygnus.com/pub/export.  It includes `cjr.kit', which is the
info you need to file your own CJ Requests, and three files regarding
Commerce Department licensing.  `commerce.gtda.license.faq' in
particular is a FAQ from the Commerce Department about when the General
license for Technical Data to All destinations lets you export without
any paperwork.
-- 
John Gilmore                gnu at toad.com  --  gnu at cygnus.com  --  gnu at eff.org
Can we talk in private?        Join me in the Electronic Frontier Foundation.
Not if the FBI and NSA have their way.            Ask membership at eff.org how.





From sameer at soda.berkeley.edu  Thu Feb  3 00:36:05 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Thu, 3 Feb 94 00:36:05 PST
Subject: J. Michael Diehl's procmail-pgp
Message-ID: <m0pRyXZ-00010yC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

	If J. Mike Diehl is out there (mail to the address I have for
him is bouncing) or someone else has that procmail-pgp .procmailrc he
has written, I would appreciate it if you sent it to me. Thanks!

- -Sameer


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVCoZni7eNFdXppdAQHzQwP/eXkVO/lN0794NwREP/YXfpF3xVubCYAA
TN6F+fjv3zpxkp95GRDbwpIxiw/Aytz/5qXjgJfV0Gatrc8CNPj/zbzBdB0Wc7Yq
kcaLJYwoBCazhUy6gC+3w1A79H8Uav8bgbWfx2coBQMhp69+OYyH88GuNf+01m+4
LTNcml4sJEc=
=InuS
-----END PGP SIGNATURE-----




From rpmartin at acs.ucalgary.ca  Thu Feb  3 00:55:34 1994
From: rpmartin at acs.ucalgary.ca (Rob P. Martin)
Date: Thu, 3 Feb 94 00:55:34 PST
Subject: Qwerty Remailer Delays
In-Reply-To: <9402030231.AA03865@anchor.ho.att.com>
Message-ID: <9402030854.AA69861@acs2.acs.ucalgary.ca>


> 
> It's not very clear how long the delays should be; depends on traffic
> to/from your remailer and to some extent to/from the other sites
> your remailer cooperates with and the machine it runs on.
> 
> If the delay is near-zero, relative to the rest of your traffic,
> traffic-analysts can see mail going to your remailer,
> followed quickly by similar-sized mail going to another location,
> and guess that the two are related, especially if they're
> reading the mail itself.  (For instance, if netcom is a bunch of

I have an idea I don't think has been proposed before.  There has
been a lot of discussion of having "background noise" by having
remailers mail random messages to various bit-buckets and other
remailers on a constant basis.  But why not do it this way.  If a
remailer recieves a message of size N, it holds that message for
a short (< 15min) period of time, and then it sends out X (5 <
rnd X <15) messages of size N, some going to remailers as noise
messages, some going to bit buckets as dummy recipients, and of
course one heading on it's origional route.  One problem with
this is that messages would multiply, ie. 'A' sends to remailer
'B' whichs sends 10 messages out, 5 to other remailers who in
turn send out 10 messages a piece, 5 of which goes to other
remailers who again multiply this.  And you end up with one of
those annoying commercials, where, he tells 5 friends, and they
tell 5 friends until the network shuts down.  So Remailers must
establish some code (which would be send pgp encrypted) that
would give a message a max possible life span of say 5-10
generations. (even that may be too much) 

	Well it is just my $.02 (and Canadian cents at that!)

	Rob

"Remeber, the day after tomorrow is the second day of the rest of
your life." 
     Unknown.






From wcs at anchor.ho.att.com  Thu Feb  3 01:21:05 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 3 Feb 94 01:21:05 PST
Subject: A serious question of ethics
Message-ID: <9402030916.AA06954@anchor.ho.att.com>


Well, if the Federal Reserve has a guest account with no password,
maybe they're inviting guests...  Ok,, mailing them through a remailer
might not hurt, though it might point out to them that remailers exist,
if they haven't figured it out already.

Personally, if I were logged on to one of their machines,
I'd start looking for the "print" command :-)

			Signed, Anonymous

--





From tcmay at netcom.com  Thu Feb  3 02:21:06 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 3 Feb 94 02:21:06 PST
Subject: (fwd) Notes on key escrow meeting with NSA
Message-ID: <199402031018.CAA19497@mail.netcom.com>



This interesting report on the Clipper/Capstone/Tessera Key Escrow
system was posted by Matt Blaze to several groups. I hope most of you
have seen it already, but for those who haven't, here it is.

Apologies for using bandwidth to reproduce an article here, but I
think the machinations over Clipper and key escrow in general are
pretty germane to the Cypherpunks charter.

--Tim May


Newsgroups:
sci.crypt,talk.politics.crypto,comp.org.eff.talk,alt.privacy.clipper
From: mab at research.att.com (Matt Blaze) Subject: Notes on key escrow
meeting with NSA Organization: AT&T Date: Wed, 2 Feb 1994 21:02:55 GMT
Message-ID: <mab.760222975 at merckx>


A group from NSA and FBI met the other day with a group of us at Bell
Labs to discuss the key escrow proposal.  They were surprisingly
forthcoming and open to discussion and debate, and were willing to at
least listen to hard questions.  They didn't object when asked if we
could summarize what we learned to the net.  Incidentally, the people
at the meeting seemed to base a large part of their understanding of
public opinion on Usenet postings.  Postings to sci.crypt and
talk.politics.crypto seem to actually have an influence on our
government.

A number of things came out at the meeting that we didn't previously
know or that clarified previously released information.  What follows
is a rough summary; needless to say, nothing here should be taken as
gospel, or representing the official positions of anybody.  Also,
nothing here should be taken as an endorsement of key escrow, clipper,
or anything else by the authors; we're just reporting.  These notes
are based on the collective memory of Steve Bellovin, Matt Blaze, Jack
Lacy, and Mike Reiter; there may be errors or misunderstandings.
Please forgive the rough style.  Note also the use of "~ ~" for
'approximate quotes' (a marvelous Whit Diffie-ism).

NSA's stated goals and motives for all this:
	* DES is at the end of its useful life
	* Sensitive, unclassified government data needs protection
	* This should be made available to US Citizens
	* US business data abroad especially needs protection
	* The new technology should not preclude law enforcement access

They indicated that the thinking was not that criminals would use key
escrowed crypto, but that they should not field a system that
criminals could easily use against them.  The existence of key escrow
would deter them from using crypto in the first place.  The FBI
representative said that they expect to catch "~only the stupid
criminals~" through the escrow system.

Another stated reason for key escrow is that they do not think that
even government-spec crypto devices can be kept physically secure.
They do expect enough to be diverted to the black market that they feel
they need a response.  NSA's emphasis was on the foreign black market...

There seems to be a desire to manipulate the market, by having the
fixed cost of key escrow cryptography amortized over the government
market.  Any private sector devices would have to sell a much larger
number of units to compete on price.  (This was somewhere between an
implication and an explicit statement on their part.)

When asked about cryptography in software, "~...if you want US
government cryptography, you must do it with hardware~".

Clipper chips should be available (to product vendors) in June.  You
can't just buy loose chips - they have to be installed in approved
products.  Your application interface has to be approved by NIST for
you to get your hands on the chips.

An interesting point came up about the reverse-engineering resistance
of the chips: they are designed to resist reverse engineering the data
in the chip without destroying the chip.  It is not clear (from the
information presented at the meeting) whether the chips are equally
resistant to destructive reverse-engineering to learn the skipjack
algorithm.   They said the algorithm was patented, but they may have
been joking.  ("~And if that doesn't scare you enough, we'll turn the
patent over to PKP.~")

The resistance to reverse engineering is not considered absolute by
NSA.  They do feel that "~it would require the resources of a national
laboratory, and anyone with that much money can design their own
cryptosystem that's just as strong.~"

They repeated several times that there are "~no plans to regulate the
use of alternate encryption within the US by US citizens.~"  They also
indicated they "~weren't naive~" and didn't think that they could if
they wanted to.

There were 919 authorized wiretaps, and 10,000 pen register monitors,
in 1992.  They do not have any figures yet on how often cryptography
was used to frustrate wiretaps.

They do not yet have a production version of the "decoder" box used by
law enforcement.  Initially, the family key will be split (by the same
XOR method) and handled by two different people in the athorized
agencies.  There is presently only one family key.  The specifications
of the escrow exploitation mechanism are not yet final, either; they
are considering the possibility of having the central site strip off
the outer layers of encryption, and only sending the session key back
to the decoder box.

The escrow authorities will NOT require presentation of a court order
prior to releasing the keys.  Instead, the agency will fill out a form
certifying that they have a legal authorization.  This is also backed
up with a separate confirmation from the prosecutor's office.  The
escrow agencies will supply any key requested and will not themselves
verify that the keys requested are associated with the particular court
order.

The NSA did not answer a question as to whether the national security
community would obtain keys from the same escrow mechanism for their
(legally authorized) intelligence gathering or whether some other
mechanism would exist for them to get the keys.

The masks for the Clipper/Capstone chip are unclassified (but are
protected by trade secret) and the chips can be produced in an
unclassified foundry.  Part of the programming in the secure vault
includes "~installing part of the Skipjack algorithm.~" Later
discussion indicated that the part of the algorithm installed in the
secure vault are the "S-tables", suggesting that perhaps unprogrammed
Clipper chips can be programmed to implement other 80-bit key, 32 round
ciphers.

The Capstone chip includes an ARM-6 RISC processor that can be used for
other things when no cryptographic functions are performed.  In
particular, it can be used by vendors as their own on-board processor.
The I/O to the processor is shut off when a crypto operation is in
progress.

They passed around a Tessera PCMCIA (type 1) card.  These cards
contain a Capstone chip and can be used by general purpose PC
applications.  The cards themselves might not be export controlled.
(Unfortunately, they took the sample card back with them...)  The card
will digitally sign a challenge from the host, so you can't substitute
a bogus card.  The cards have non-volatile onboard storage for users'
secret keys and for the public keys of a certifying authority.

They are building a library/API for Tessera, called Catapult, that
will provide an interface suitable for many different applications.
They have prototype email and ftp applications that already uses it.
They intend to eventually give away source code for this library.
They responded favorably to the suggestion that they put it up for
anonymous ftp.

Applications (which can use the library and which the NSA approves for
government use) will be responsible for managing the LEAF field.  Note
that they intend to apply key escrowed Skipjack to other applications,
including mail and file encryption.  The LEAF would be included in
such places as the mail header or the file attributes.  This implies
that it is possible to omit sending the LEAF -- but the decrypt chip
won't work right if it doesn't get one.

When asked, they indicated that it might be possible wire up a pair of
Clipper/Capstone chips to not transmit the LEAF field, but that the
way to do this is "~not obvious from the interface we give you~" and
"~you'd have to be careful not to make mistakes~".  They gave a lot of
attention to obvious ways to get around the LEAF.

The unit key is generated via Skipjack itself, from random seeds
provided by the two escrow agencies (approximately monthly, though
that isn't certain yet).  They say they prefer a software generation
process because its correct behavior is auditable.

Capstone (but not Clipper) could be configured to allow independent
loading of the two key halves, in separate facilities.  "~It's your
money [meaning American taxpayers].~"

The LEAF field contains 80 bits for the traffic key, encrypted via the
unit key in "~a unique mode <grin>~", 32 bits for the unit id, and a 16
bit checksum of some sort.  (We didn't waste our breath asking what the
checksum algorithm was.)  This is all encrypted under the family key
using "~another mode <grin>~".

They expressed a great deal of willingness to make any sort of
reasonable changes that vendors needed for their products.  They are
trying *very* hard to get Skipjack and key escrow into lots of
products.

***end of article***







From m5 at vail.tivoli.com  Thu Feb  3 05:36:11 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 3 Feb 94 05:36:11 PST
Subject: A serious question of ethics
In-Reply-To: <9402030727.AA27027@pmantis.berkeley.edu>
Message-ID: <9402031335.AA17716@vail.tivoli.com>



This seems like a textbook example of an ideal use of a remailer.
What makes you hesitant to use that method?  As you say, it's unlikely
that the government would go to the extensive trouble of trying to
bust you if you go through penet.  The worst that could happen would
be that they'd ignore the blowing whistle, but that'd be their
problem.

Note that there may be some way that they could figure out where you
telnetted in from once you alert them to the security hole.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From mg5n+ at andrew.cmu.edu  Thu Feb  3 08:54:43 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Thu, 3 Feb 94 08:54:43 PST
Subject: Canadian gov't eavesdropping
In-Reply-To: <9402021727.AA04813@netmail2.microsoft.com>
Message-ID: <khIGbGu00awQI2M1A1@andrew.cmu.edu>


Eli Brandt <ebrandt at jarthur.Claremont.EDU>
  sent the the following to cypherpunks:

> > HIGH-TECH SNOOP GADGET.  A super-secret branch of the Canadian
> > Security Intelligence Service has awarded three contracts to a Montreal
> > firm to make equipment that can quickly isolate key words and
> > phrases from millions of airborne phone, fax, radio signals and other
> > transmissions. The hardware has the "Orwellian potential to sweep
> > through ... and keep records of all conversations," said one CSIS critic.
> > (CTV National News, 01/31/94 11:00 pm).
>
> Dunno how feasible this kind of keyword recognition presently is,
> but here's another reason to encrypt.

VERY feasible.  The US government has had this technology for several
years; the Canadians are just catching up.  In the late 80s the US
military launched a satellite to spy on the Russians.  The satellite was
programmed to scan radio transmissions - especially cellular phones -
searching for key words which might be related to military or government
activities.  It seems a few communist party members got a little too
confortable with their cellular phones in their limosuines, and spoke
very loosely about some secret government projects...

They have mentioned this in the series "Space Age" which airs
periodically on PBS.





From CHRISTI1 at MUVMS6.WVNET.EDU  Thu Feb  3 08:59:45 1994
From: CHRISTI1 at MUVMS6.WVNET.EDU (IGOR)
Date: Thu, 3 Feb 94 08:59:45 PST
Subject: Can you see....
Message-ID: <01H8G0JDA9FE001WLN@MUVMS6.WVNET.EDU>


in VMS if someone goes into the sendmail services (i.e. port 25 and see what
they send out?)

Bob


                                    \////           
 			            (0 0)                                  
 *------------------------------oOO--(_)--OOo---------------------------------*
 | Bob Christian II  "IGOR"      *       Internet:Christi1 at muvms6.mu.wvnet.edu|
 | Marshall University         *****     E-Mail: Christi1 at muvms6.wvnet.edu    |
 | Huntington, WV                *       GET HIGH....LEARN TO FLY!  IP-ASEL   |
 | Student/D.J 88.1 WMUL FM      *       Major:Undecided(CJ/LAW) Minor:AVT    |
 *----------------------------------------------------------------------------*
--I love flying because there is no speed limit(^10k) and Radar is your friend!
--Marshall assumes no libility for what I say, because my words are MINE!






From pmetzger at lehman.com  Thu Feb  3 08:59:46 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 3 Feb 94 08:59:46 PST
Subject: No Subject
In-Reply-To: <199402030530.XAA11324@chaos.bsu.edu>
Message-ID: <199402031414.JAA10810@snark>



Anonymous says:
> 
> Perry almost wrote:
> 
> > Anyway, people who want to use the law to restrict distribution of
> > their software are extremely foolish. Your code is out there
> > it WILL be copied. Forever. You can't help it. If you don't want
> > people to use your software, don't write it.

Of course, Perry didn't write that, and the person reading his
messages obviously had an extremely weak understanding of what Perry
had suggested in his messages (which was that if you are giving
something away for free to all comers it is hard to argue economic
damages have occured in "unauthorized" distribution), so it makes
sense that the person replying would be too embarassed to use his own
name.

Perry





From CHRISTI1 at MUVMS6.WVNET.EDU  Thu Feb  3 08:59:46 1994
From: CHRISTI1 at MUVMS6.WVNET.EDU (IGOR)
Date: Thu, 3 Feb 94 08:59:46 PST
Subject: UNSUBSCRIBE
Message-ID: <01H8G0CIH0LQ001WLN@MUVMS6.WVNET.EDU>


UNSUBSCRIBE

And yes I have tried the -request part.

Bob 

                                    \////           
 			            (0 0)                                  
 *------------------------------oOO--(_)--OOo---------------------------------*
 | Bob Christian II  "IGOR"      *       Internet:Christi1 at muvms6.mu.wvnet.edu|
 | Marshall University         *****     E-Mail: Christi1 at muvms6.wvnet.edu    |
 | Huntington, WV                *       GET HIGH....LEARN TO FLY!  IP-ASEL   |
 | Student/D.J 88.1 WMUL FM      *       Major:Undecided(CJ/LAW) Minor:AVT    |
 *----------------------------------------------------------------------------*
--I love flying because there is no speed limit(^10k) and Radar is your friend!
--Marshall assumes no libility for what I say, because my words are MINE!






From boone at psc.edu  Thu Feb  3 08:59:46 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Thu, 3 Feb 94 08:59:46 PST
Subject: New remailer up.
In-Reply-To: <199402022259.OAA21968@mail.netcom.com>
Message-ID: <9402031518.AA22688@igi.psc.edu>



qwerty-remailer at netcom.com  writes:
> Out of personal curiousity concerning the claims of how trivial
> "traffic analysis" of the qwerty or catalyst remailers on Netcom
> would be for "anyone" to carry out, I offer $20 to the first
> person to reveal from which SITE this message originated from.
> Please do not announce my name or login ID. Just the site. I am
> logged into a friend's account and I am remailing this with no
> encryption just through qwerty at netcom.com. It is now 5:41 PM EST.
> 
> You do not have to reveal your methods to receive the award, which
> I will mail to you. Happy hacking you WIMPS.
> 
> If you wish to remain anonymous, mail the answer to qwerty at netcom.com
> and my lips are sealed except for announcing success.

  Can someone from netcom mail me the syslog logs...


 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From boone at psc.edu  Thu Feb  3 09:04:43 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Thu, 3 Feb 94 09:04:43 PST
Subject: New remailer up.
In-Reply-To: <199402030119.RAA17214@mail.netcom.com>
Message-ID: <9402031548.AA23590@igi.psc.edu>



qwerty-remailer at netcom.com  writes:
>
> Perry wrote,
> "However, make no mistake that Netcom can and will cooperate with the
> police if you use your remailer in a way that the government doesn't
> like, so it seems that the security afforded isn't that good."
> 
> So you aren't interested unless you can commit serious felony crimes
> using a given remailer? I would be happy if criminals stayed away from
> my remailer. What do you mean by "security"? And if the police find out
> a personally owned machine was involved, I couldn't imagine them not
> just swooping in at midnight and taking it away at gunpoint. I hope
> those privately owned machines don't have logs ;-). In my mind, the whole
> secret to gaining privacy is not attracting attention in the first place.
> Using a remailer DOES allow a person to communicate anonymously with
> someone else, in two directions. If a party has enough power to tap
> Netcom, then sendmail logs or no sendmail logs, they will find you.

  It seems that most (if not all) of netcom's unix machines are SunOS
  based.  If that is the case, by installing NIT in the kernel, one
  would be able to grab all of the packets that flow across that
  ethernet (192.100.81)  This includes your remailer mail.  The "cost"
  to set this up would be the risk of being caught and the time and 
  trouble to come up with root on one of their sun machines.  Aside
  from the obvious legal risks, there are ethical considerations to 
  keep in mind.  While I personally would not attempt such a thing,
  there are many out there who feel otherwise.  

  I won't hack into mail.netcom.com to demonstrate that it is possible
  to figure out who used your remailer.  But, if one of the admins from
  netcom wants to send me their syslogs, I'll do my best to put together
  a correlation.

> and,
> "Besides, $20 is a paltry sum for the amount of work involved."
> 
> Think of it as a trophy, which I'm sure most understood. I'm not offering
> you a job.

  Yes, but the trophy is hardly worth the effort.  Even though it wouldn't
  cost $50,000 in terms of actual equipment or time, it might well take
  such a sum to cause Perry to take the risk of being caught.  Unless the
  netcom folks are real slouches, I would think that they would notice
  that their kernel had been re-compiled and the machine rebooted.  Good
  luck not being detected...  Of course, there is always the off chance
  that they already have NIT compiled into the kernel...

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From mg5n+ at andrew.cmu.edu  Thu Feb  3 09:09:43 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Thu, 3 Feb 94 09:09:43 PST
Subject: contemplating remailer postage
In-Reply-To: <9402022200.AA01456@uu4.psi.com>
Message-ID: <IhIGwnW00awQA2M2Ep@andrew.cmu.edu>


Jim_Miller at suite.com wrote:

> Seems simple enough.  The major sticking point (to me) is the remailer's
> "used stamp" archive.  This could grow to be very large.  Something needs
> to be done to keep the archive from getting too large.
>
> One idea is to have the remailer periodically change the key it uses to
> sign stamps.  Changing the "stamp validation key" effectively invalidates
> all unused stamps signed by that key.  If you haven't used the stamp by
> that time, you're out of luck.  The remailer can purge its "used stamp"
> archive whenever it changes its "stamp validation key".
>
> Of course, invalidating peoples' unused stamps out from under them is
> not a nice thing for a remailer to do.  The remailer could provide a
> mechanism whereby people could get new stamps from old, unused
> stamps.  To make this work, the remailer would have to retain the
> previous "used stamp" archive for a while to give people a chance to get
> new stamps.  However, there still needs to be a limit on how long the
> remailer retains the "used stamp" archives for old validation keys.  If
> you wait too long, you would lose any chance to get new stamps from old.
>
> Comments welcome.

How about this: 

Issue numbered stamps sequentially.  Encrypt them and add a
cryptographic checksum to each stamp.  You then create a database such
that one bit of data corresponds to one stamp.  With a mere 64K
database, you could issue and keep track of 524288 postage stamps.  That
ought to last you a few years.  (At 100 letters a day, it would last
over 14 years.  Most cypherpunk remailers get considerably less than 100
emails a day.)





From darrellp at cajal.uoregon.edu  Thu Feb  3 11:19:43 1994
From: darrellp at cajal.uoregon.edu (Darrell Perko)
Date: Thu, 3 Feb 94 11:19:43 PST
Subject: Unsubscribe.
Message-ID: <9402031918.AA05711@cajal.uoregon.edu>


Please unsubscribe me.  Thanks.





From drzaphod at brewmeister.xstablu.com  Thu Feb  3 12:09:44 1994
From: drzaphod at brewmeister.xstablu.com (DrZaphod)
Date: Thu, 3 Feb 94 12:09:44 PST
Subject: A serious question of ethics
In-Reply-To: <9402030727.AA27027@pmantis.berkeley.edu>
Message-ID: <m0pSA96-0003DcC@brewmeister.xstablu.com>


> 3)  Should I take advantage of it (well, maybe not)

	How about offering your services to them as a security 
consultant.. grin.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From mg5n+ at andrew.cmu.edu  Thu Feb  3 12:24:46 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Thu, 3 Feb 94 12:24:46 PST
Subject: New remailer up.
In-Reply-To: <9402031548.AA23590@igi.psc.edu>
Message-ID: <UhIJlGi00awHMorUcc@andrew.cmu.edu>


"Jon 'Iain' Boone" <boone at psc.edu>

> Yes, but the trophy is hardly worth the effort.  Even though it wouldn't
> cost $50,000 in terms of actual equipment or time, it might well take
> such a sum to cause Perry to take the risk of being caught.  Unless the
> netcom folks are real slouches, I would think that they would notice
> that their kernel had been re-compiled and the machine rebooted.  Good
> luck not being detected...  Of course, there is always the off chance
> that they already have NIT compiled into the kernel...

Ah, yes, but if you were a skilled machine lanugage hacker you could use
a dissassembler to patch the code while it was in RAM.  Very difficult
to do, but also very difficult to detect.  In theory, if you could steal
their kernal (or had a similiar one) and you compiled it on your own Sun
station, you could could probably isolate the routines you needed to
patch, write a program to locate the processes running on root, scan
memory looking for that subroutine, and then let you insert your own. 
The Netcom folks would have to look pretty hard to catch on to that type
of attack...and if they rebooted - poof! - the evidence disappears!  :)

It's certainly more than $20 worth of work tho...  and you'd still have
to find a way to get to root (or at least grab control of the cpu chip
for a few microseconds).

What kind of cpu do Suns use anyway?  (I've never used a sun before, and
I don't know much about them.)  I know NeXT used the 680x0...  What
about DEC?
(I'm just a PC user type showing my ignorace about other systems. :-)





From hkhenson at cup.portal.com  Thu Feb  3 12:34:46 1994
From: hkhenson at cup.portal.com (hkhenson at cup.portal.com)
Date: Thu, 3 Feb 94 12:34:46 PST
Subject: San Jose BBS subject to Memphis standards?
Message-ID: <9402031230.1.2582@cup.portal.com>


Just got word a few minutes ago that Robert Thomas (who ran Amateur 
Action BBS) and his wife were picked up on a Federal warrant for 
obscenity from Memphis, TN.  From what I hear from a local Postal 
inspector, they are going to extradited to TN to face charges there 
because the Feds have a choice of trying a person at either end of a 
transaction. 

This really sucks! 

I find it akin to busting a pron shop owner in New York for one of his 
customers taking "filthy pictures" back to Hicksvill. 

In operation Longarm the Feds argued that the person downloading stuff 
was responsible for knowing if it was illegal.  This at least makes 
some sense.  But, if BBS owners have to be responsible for knowing the 
what is considered obscene in all 50 states and each locality, then the 
onramps to the Information Superhighway are going to be choked off by 
the most backwater places in the country! 


Keith Henson 

(The entire tale of AA has been posted.  I can repost if more than a 
few want it.)

----

The above was widely posted, this below is going to the cypherpunks 
list only.  (for all the protection that may provide :) )

I have rather mixed feeling about the feds making these kinds of 
busts.  I sort of wish they would not try to apply obscenity standards 
from the least enlightened parts of the country to all of the net 
community.  ON the other hand, the serious adult bbs owners have 
enough computing resources (and now a strong motivation!) that 
encrypting, digital payments, "webs of trust," DC nets, etc. can be 
implemented at relatively low cost to them.  If the feds persist, I 
suspect that adult bbs's are where--for all the trouble it may later 
cause--cypherpunk code will *really* get wide use. 

If you have things on which you want further information, please cc me 
by email as well as sending it to the list.  I recently took on 
running Xanadu Operating Company, and am days behind reading the list 

Keith Henson





From The.Ghost  Thu Feb  3 12:54:46 1994
From: The.Ghost (The.Ghost)
Date: Thu, 3 Feb 94 12:54:46 PST
Subject: No Subject
Message-ID: <9402032051.AA08204@banneker.Stanford.EDU>


testing...





From nobody at shell.portal.com  Thu Feb  3 13:14:48 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 3 Feb 94 13:14:48 PST
Subject: San Jose BBS subject to Memphis standards?
Message-ID: <199402032112.NAA26624@jobe.shell.portal.com>


This is one of the best essays I've seen concerning the burning of the
Constitution and Bill of Rights. Looking just at porno isn't the big
picture. It's consensual crimes in general. Too bad most people only
care about their corner of the room, cause the house is on fire and
it'll get to their corner soon.

Subject: January 1994 -- Casualties of War Drug prohibition has shot gaping holes in the Bill of Rights.

Magazine: Reason
Issue: February 1994
Title: Casualties of War Drug prohibition has shot gaping holes in the Bill of Rights.
Author: Steven B. Duke and Albert C. Gross


At 2 a.m. on June 29, 1991, Tracy White of Los Angeles was awakened by the
explosion of a diversionary grenade set off in a trash can outside her front
door. She stumbled out into the upstairs hallway and was met by a shaft of light
and a man's voice. "Freeze," he said. "Police."

At that moment, her bedroom windows shattered and two men clad in black hoods
swung into the room. Her three infants shrieked in fright. Several guns were
pointed at her. More men dressed in black bounded through the bathroom window.
One ran into an adjoining bedroom and pinned Tracy's sister Yolanda and her
12-year-old daughter behind a door. The youngster tried to squirm free and found
the barrel of a pistol against her head. She closed her eyes and urinated on
herself. "I thought," she later said, "he was going to kill me.

The police had been searching for White's cousin, a reputed gang member, who did
not live there and was not there when the raid occurred. The White apartment was
left a shambles. Almost all the windows were gone, crystal glassware was reduced
to shards, and a chunk was missing from a couch armrest. Six months after the
raid, White and her children still refused to move back into the old apartment,
unable to find peace of mind in a place that reminded them of hooded men
crashing through their windows.

The injuries inflicted on the Whites were mostly psychological, but some
searches are lethal. In Atlanta, in 1991, a pre-Christmas raid by nine cops with
guns drawn awakened Bobby Bowman as they broke down his door with a battering
ram. Bowman, who says he thought he was being robbed, opened fire with a
shotgun. A gunfight ensued, and Bowman's 8-year-old stepson, Xavier, who had
been sleeping in the front room, was killed by a detective's bullet. The police
found $780 worth of crack in Bowman's apartment.

Teresa Nelson, Georgia director of the American Civil Liberties Union,
questioned whether it was worth the life of an innocent 8-year-old to get
evidence in a drug case, but Atlanta police defended the tactics, as do police
across the country. They claim that surprise and overwhelming force are
necessary to minimize destruction of evidence. Many also make the debatable
claim that violent attacks reduce the danger to the police from counterattacks.

Such raids and ransackings are standard procedure in most large cities and,
except in the most outrageous cases, they receive the approval of courts. Police
can get search warrants on the flimsiest of suspicion -- even the word of an
anonymous informant. In many cases, though, the police don't even bother to get
a warrant, since they are virtually unfettered by the risk of successful suits
or other sanctions, especially if they confine their warrantless invasions to
poor members of minority groups.

The Fourth Amendment of the U.S. Constitution, which guarantees against
"unreasonable searches and seizures" and prohibits warrants on anything but
"probable cause," is a casualty of the drug war. Other provisions intended to
protect Americans from overzealous law enforcement -- the right to defense counsel,
the right to a fair trial, and the right to property -- are also in danger. The
debris of the war on drugs may ultimately include shreds of the Constitution as
well as splintered doors, shattered glass, and broken furniture.

Since the early 1970s, almost all the searches  and seizures reaching the
U.S. Supreme Court have been upheld. The Court has held, for example,
that a search made on an invalid warrant does not require any remedy so long as
the police acted in "good faith." People may be stopped in their cars, in
airports, on trains, or on buses, and subjected to questioning and dog sniffs of
their persons and possessions. Police may search an open field without warrant
or cause, even if it has "no trespassing" signs and the police incursion is a
criminal offense. They may also, as in Orwell's 1984, conduct close helicopter
surveillance of our homes and backyards.

If it is outside the house, they may search our garbage without cause. If 
they have "reasonable suspicion," the police may even search our persons
and possessions. Mobile homes, closed containers within cars, as well as cars
themselves may be searched without a warrant.

The Court has also held, in the 1985 case United States v. Montoya De Hernandez,
that an international traveler, if a suspected "balloon swallower," may, without
warrant or probable cause, be seized as she arrives at the airport,
strip-searched, and ordered to remain incommunicado until she defecates over a
wastebasket under the watchful eye of two matrons. In sanctioning such an
18-hour ordeal, Chief Justice William H. Rehnquist unabashedly listed other
invasions that the Court had upheld: "[F]irst class mail may be opened without a
warrant on less than probable cause.IAutomotive travelers may be stoppedInear
the border without individualized suspicion even if the stop is based largely on
ethnicityIand boats on inland waters with ready access to the sea may be hailed
and boarded with no suspicion whatever." Those incursions, as well as detention
for defecation, Rehnquist said, are responses to "the veritable national crisis
in law enforcement caused by smuggling of illegal narcotics.

In the compulsory defecation case, as in countless others, searches or seizures
have been up- held on nothing more than "reasonable" or even "articulable"
suspicion that drugs are being transported. That level of suspicion can be
achieved by matching up the victim of the search or seizure with a few of the
characteristics contained in secret "drug-courier profiles" that rely heavily
upon ethnic stereotypes. As a result of such profiles, hundreds of innocent
people are subjected to indignities every day.

Twenty-seven-year-old Kurt Disser is an example. A diamond dealer, he frequently
drives between San Diego and Los Angeles on business. Sixty-six miles from the
Mexican border, on Interstate Route 5, near San Clemente, the Immigration and
Naturalization Service maintains a checkpoint, allegedly to detect illegal
aliens but increasingly serving in the drug war. Most of the 115,000 drivers who
pass through the checkpoint each day are merely required to slow down while an
officer glances at them. Disser, however, was stopped and searched 15 of the 30
times he traversed the route during a 17-month period. On several occasions, he
was frisked and his car trunk was searched. Drug-sniffing dogs were given
repeated whiffs of Disser's car. Several times, agents told him the dogs
detected drugs and this led to a full search. No evidence of drugs or
criminality of any kind was ever found. Disser has no criminal record. He was
stopped and searched solely because of his appearance (he has long hair and
drives an elderly Cadillac, both characteristics apparently found in the
profiles).

Hispanics and "hippie types" bear the brunt of the profiles near our southern
border, but young African Americans suffer from them throughout the country. An
African American who drives a car with an out-of-state license plate is likely
to be stopped almost anywhere he goes in the United States. A survey of car
stoppings on the New Jersey Turnpike revealed that, although only 4.7 percent of
the cars were driven by blacks with out-of-state plates, 80 percent of the drug
arrests were of such people. In 1991 the Pittsburgh Press examined 121 cases in
which travelers were searched and no drugs were found. Seventy-seven percent of
the people were black, Hispanic, or Asian. In Memphis, about 75 percent of the
air travelers stopped by drug police in 1989 were black, yet only 4 percent of
the flying public is black.

Almost as offensive as relying on racial characteristics in a profile
to justify searches or seizures is permitting the trivial and subjective
profile characteristics to count as "reasonable" or "articulable" suspicion.
Warren Ferguson, a judge on the U.S. Court of Appeals for the Ninth Circuit, has
observed that the Drug Enforcement Administration's profiles have a
"chameleon-like way of adapting to any particular set of observations." In one
case, a suspicious circumstance (profile characteristic) was deplaning first. In
another, it was deplaning last. In a third, it was deplaning in the middle. A
one-way ticket was said to be a suspicious circumstance in one case; a
round-trip ticket was suspicious in another. Taking a nonstop flight was
suspicious in one case, while changing planes was suspicious in another.
Traveling alone fit a profile in one case; having a companion did so in another.
Behaving nervously was a tipoff in one case; acting calmly was suspicious in
another.

Another favorite basis for suspicion is that the suspect is traveling to or from
a major source city for drugs, even though every U.S. city with a major airport
qualifies for that designation. Even the same agents take contradictory
positions. In Tennessee, the Pittsburgh Press reports, an agent testified that
he was leery of a man because he "walked quickly through the airport." Six weeks
later, the same agent swore that his suspicions were aroused by a man because he
"walked with intentional slowness after getting off the bus.

As even their users admit, the profiles are self-fulfilling. If the profiles are
based on who is searched and found guilty, the guilty will necessarily fit the
profiles. The DEA claims to catch 3,000 or more drug violators through the
profiles, but no records are kept of how many people are hassled, detained, or
searched to produce the 3,000. The DEA keeps no records of the profile system's
failures.

Some numbers, however, are available. Rudy Sandoval, a commander of Denver's
vice bureau, estimated that his police conducted 2,000 airport searches in 1990,
yielding only 49 arrests. In Pittsburgh, where records were kept, 527 people
were searched in 1990, and 49 were arrested. In the Buffalo airport, in 1989,
600 people were stopped by police and only 10 were arrested. Said George Pratt,
a judge on the U.S. Court of Appeals for the Second Circuit: "It appears that
they have sacrificed the Fourth Amendment by detaining 590 innocent people in
order to arrest 10 who are not -- all in the name of the `war on drugs.' When, 
pray tell, will it end? Where are we going?

What the drug war has done to the Fourth Amendment, it has also done to the
Sixth. The Sixth Amendment guarantees, among other things, that in "all
criminal prosecutions" the accused shall enjoy "the assistance of counsel for
his defense." No other right is as precious to one accused of crime as the right
of counsel. A loyal, competent lawyer is essential for the protection of every
other right the defendant has, including the right to a fair trial.

In recognition of that fact, the definition of the enemy in the war against
drugs has been expanded. Not only are drug sellers and drug users targets, so
are their lawyers. Criminal-defense lawyers, especially if they practice in
federal courts, have increasingly come to expect their law offices to be
searched, their phones to be tapped, or their offices bugged. They are rarely
surprised when they get Internal Revenue Service summonses seeking information
about their criminal clients, about themselves, or about both.

Prosecutors frequently serve subpoenas on defense lawyers prior to trial,
requiring them to produce documents and testify about their client before a
grand jury, in secret. Having thus driven a wedge between client and attorney,
creating mistrust of the lawyer at least and a disqualifying conflict of
interest at worst, the prosecutor is then in a strong position to coerce a
guilty plea or, in intractable cases, to seek disqualification of the lawyer on
the eve of trial, when no other lawyer has time to prepare a defense.

The courts have upheld all these practices, the effect of which is to deprive
the accused of his only real defensive armament. The Supreme Court added a
powerful missile to the government's arsenal when it held, in the 1989 case
Caplin & Drysdale v. United States, that federal authorities could freeze and
later obtain the forfeiture of the assets of a person accused of a drug crime,
so that he would have no money with which to pay a lawyer.

The centuries-old tradition that confidential conversations between a lawyer and
client cannot be divulged without the consent of the client also seems headed
for the basement of American legal history. Courts have held that because
"monitoring" of conversations in jails and prisons is well-known, any
attorney-client conversations that are eavesdropped upon or tapped are fair
game -- they have been implicitly "consented" to. This absurd fiction was even
applied to Col. Manuel Noriega, who barely speaks English. After he was
kidnapped in Panama and thrown in a Miami jail, his phone conversations with his
lawyers were "monitored." A federal court found he waived his rights by talking
on the phone.

Courts have expanded other exceptions to the attorney-client privilege to the
point that little is left of the privilege in criminal prosecutions. Two
exceptions together almost swallow the privilege: 1) If the attorney's services
were sought, in whole or in part, to aid in the commission of a crime or a
fraud, the crime-fraud exception applies; 2) if necessary to clear himself of
suspicion, the attorney can disclose privileged confidential communications,
even if they bury the client. In short, if the interests of attorney and client
are in conflict, the interests of the attorney prevail.

Anyone accused of being involved with illegal drugs who is (or ever has been)
guilty of the crime charged or any other acquisitive crime and hires a lawyer is
necessarily seeking, at least in part, to cover up past crimes and to avoid
future claims against his assets, such as tax claims, forfeiture claims, and the
like. Courts have ruled that it's enough for prosecutors to show there is
"probable cause" to believe the attorney is helping his client achieve such
objectives, which are usually regarded as impermissible. (Probable cause can
even be based on the attorney-client conversations themselves.) It is not
possible to separate consultations concerning past money-making crimes, to which
the attorney-client privilege supposedly still applies, and consultations about
future crimes or frauds, to which the privilege does not apply. Faced with such
overlaps, courts commonly find there is no privilege.

Even if the crime-fraud exception does not destroy the privilege, the second,
save-the-lawyer-at-any-cost exception often will. A prosecutor can apparently
trump the privilege simply by making insinuations about the complicity of
counsel in the client's alleged criminal activities. The lawyer can then betray
the client to clear himself. That this rule permits the prosecutor to destroy
the accused's privilege by a mere insinuation seems not to bother either courts
or experts on legal ethics.

Courts have also upheld recent requirements that criminal-defense lawyers report
to the IRS anyone who pays them $10,000 or more in cash, whether a client or a
third party. Attorneys who have refused to make such reports about their clients
have been jailed. As of 1986, it is also a felony for anyone, including a
lawyer, to accept money or property in excess of $10,000 that was derived from
specified unlawful activity.

It is no defense for a lawyer or any other recipient that the money or property
was received for legitimate goods or services, even essential legal services.
Nor is it a defense that the attorney had nothing to do with the illegal
activity that generated the money or property. Nor is it a defense that the
attorney was unaware of the specific kind of criminal activity that produced the
money. It is not even a defense for the attorney that he had no actual knowledge
that the money or property was illegally derived. "Willful blindness" is a
substitute for knowledge, and the lifestyle of the client -- fitting stereotypes
of how drug dealers comport themselves -- may go far toward establishing the
attorney's guilty "knowledge" or "willful blindness." Thus, an attorney who
represents a person who is charged with a drug offense who "looks like" a drug
dealer is at risk of being indicted also.

Defense lawyers therefore risk losing not only their fee but their freedom and
their license to practice law for trying to protect the constitutional rights of
their clients. And the possible charges against lawyers are not limited to
accepting "tainted" money as payment of a fee. Lawyers who help their clients
avoid indictment or who represent them in business dealings, such as real-estate
transactions, can be indicted with the client for money laundering, tax evasion,
or even drug trafficking. Attorneys who confine their professional activities
solely to defending clients who have already been arrested on charges still risk
their own indictment, for "obstruction of justice" if nothing else.

Nobody knows what the limits of that crime are. Many prosecutors think that
anything a defense attorney does that might be helpful in defending the client
is such an obstruction. Courts have not yet embraced that interpretation, but
neither have they repudiated it. According to Columbia University law professor
H. Richard Uviller, a former prosecutor, it is almost possible to say that the
statute threatens a five-year penalty for virtually any conduct that the
government deems evasive, abusive, or inconvenient while a judicial proceeding
is pending.

It has always been difficult for persons accused of drug crimes to find
competent attorneys willing to bear the stigma of being "a drug dealer's
lawyer." But now that such attorneys also risk losing both their fees and their
freedom, privately retained drug-defense lawyers are on their way to
extinction -- which is what the Congress and the Supreme Court appear to want.

Court opinions that chisel away at specific constitutional guarantees
ought to be alarming to all who value liberty, but such decisions are
at least visible and are subject to intense scrutiny and criticism. Legal
scholar Steven Wisotsky calls the result of this chiseling process "the Emerging
`Drug Exception' to the Bill of Rights." A less visible and therefore more
ominous "drug exception" corrodes the amorphous right to a fair trial protected
by the Fifth and 14th Amendments' Due Process clauses.

In most drug prosecutions, the trial proceedings are ignored by the press and no
opinions are written by the trial judges justifying or explaining their rulings.
Those accused of crime must rely on the integrity of appellate judges to
scrutinize the record and ensure that the trial proceedings were fair and
consistent with due process. Yet in many courts criminal convictions and long
prison sentences are routinely upheld without even hearing argument of the
appeal and without even the writing of an appellate opinion. In such cases,
there is no basis for believing that the appellate judges bothered to read the
briefs or understood the issues, much less that they dealt with them fairly.

The prevailing, although rarely acknowledged, attitude in American courts is
that almost any trial is too good for a person accused of a drug crime. That
attitude was succinctly displayed in a remark by one of the most liberal Supreme
Court justices. In a 1987 interview with Life, Thurgood Marshall said, "If it's
a dope case, I won't even read the petition. I ain't giving no break to no dope
dealer." That statement caught the attention of some in the legal profession,
but it produced neither a bark of criticism nor a paragraph of protest.

The pressures that the drug war have brought to bear on already overburdened
courts have produced a breakdown in both their integrity and the respect in
which they are held. Many defense lawyers and scholars are convinced that
appellate judges will say anything to uphold a drug conviction. If such judges
don't affirm without writing any opinion at all, they often issue unsigned
opinions and, because such opinions are so shoddy, forbid their publication. The
courts will not even allow lawyers to cite such "opinions" as precedent in other
cases. Finally, when they do publish their opinions, judges often invent
nonexistent "facts" to support their affirmances. Respect for the American
judiciary by lawyers who appear before them has probably never been lower.

Occasionally, a judge rails against the trampling of rights under the tanks of
the drug war. Usually, this is done as part of a multi-judge panel, where a
judge can dissent from the decision of the majority while having no discernible
effect on the outcome. Such dissenting opinions can ring the bells of
freedom while the majority orders the defendant packed off to prison. The
dissenter has little responsibility for what he says, since he is not deciding
the case. Protests by judges at the trial level, where a single judge is
responsible for the outcome, require more courage and happen less often.

One such judge was U.S. Magistrate Peter Nimkoff of Miami. Nimkoff frequently
offended prosecutors and other judges by granting bail to defendants accused of
major drug crimes. Most judges either order the defendant detained without any
bail at all -- a power given to them by the 1984 Bail Reform Act -- or find out how much bail the defendant can post and then set bail at five or 10 times that
amount. Nimkoff asserted that the Constitution presumes the innocence of all
persons accused of crime, even a drug crime.

In a 1984 case, he blasted as "outrageous" the tactics of a DEA agent who,
posing as a friend of a lawyer's client, tried to get the Miami attorney to
divulge confidential communications from his client. DEA agents then tried to
implicate the lawyer himself in an escape plot. Failing that, they obtained a
search warrant on a fraudulent affidavit and thus were able to read privileged
letters between attorney and client. In another case, Nimkoff denounced the
DEA's use of a female informant who set up at least 40 men, enticing them into
drug deals after developing a sexual relationship with them. The "boyfriend"
would be busted, and the "girlfriend" would get paid by the DEA.

Finally, in 1986, Nimkoff had enough. He resigned to protest the relentless
erosion of rights and the governmental abuses of power with which he was daily
confronted. In a press conference, he decried the view "that there are two
constitutions -- one for criminal cases generally and another for drug cases." 
Such a view is not only wrong, he said. It "invites police officers to behave 
like criminals. And they do." Nimkoff's lamentations had the impact of a flower
falling in the forest. Miami's major newspaper, the Herald, found nothing about
his resignation or his press conference that warranted reporting.

The drug war's threats to the Bill of Rights extend not only to those
civil liberties favored by ACLU liberals but also to property rights.
The signers of the Declaration of Independence believed, with John Locke, that
the right of property was fundamental, inalienable, an aspect of humanity. They
regarded liberty as impossible without property, which was the guardian of every
other right. These beliefs are reflected in constitutional text. The Fifth
Amendment declares that "no person shall be deprived of life, liberty or
property without due process of law; nor shall private property be taken for
public use, without just compensation." Under forfeiture statutes enacted since
1970, however, both deprivations occur routinely, with the approval of courts.

Under federal statutes, any property is subject to forfeiture if it is "used, or
intended to be used, in any manner or part, to commit or to facilitate the
commission" of a drug crime. (See "Ill-Gotten Gains," August/September 1993.) No
one need be convicted or even accused of a crime for forfeiture to occur.
Forfeiture is a "civil" matter. Title vests in the government instantly upon the
existence of the use or the intention to use the property in connection with a
drug offense. All the government needs to establish its right to seize the
property is "probable cause," the same flimsy standard needed to get a search
warrant.

The government can take a home on no stronger a showing than it needs to take a
look inside. Hearsay or even an anonymous informant can suffice. No legal
proceedings are required before personal property may be seized. If the police
have "probable cause" concerning a car, a boat, or an airplane, they just grab
it. Although a hearing has to take place before property can be repossessed at
the behest of a conditional seller, before a driver's license can be revoked,
before welfare benefits can be terminated, and before a state employee can be
fired, persons can have their motor homes confiscated without any proceedings of
any kind, if the confiscation is a drug forfeiture. There may be a right to
contest the forfeiture after the seizure, but even this right is lost if not
promptly asserted. Moreover, the costs of hiring a lawyer and suing to recover
the seized property may be prohibitive unless the seized property is of great
value.

As construed by the courts, the forfeiture statutes also encourage police to
make blatantly unconstitutional seizures. Property may be seized without
probable cause -- on a naked hunch -- and still be retained and forfeited. Courts hold
that illegally seized property may be forfeited if the police establish probable
cause at the forfeiture proceeding itself. It doesn't matter that there was no
cause whatever for the seizure; it doesn't matter that the seizure was illegal,
even unconstitutional. If the government can later establish probable cause
(through the seized property itself or investigation occurring after the
seizure), that is sufficient to uphold a forfeiture.

If the government wants to seize real property without notice, it has to get a
court's approval, but that is as easy as getting a search warrant. A seizure
warrant is obtained in the same way as a search warrant and on the same hearsay
grounds. In 1988, a six-story apartment building in New York, containing 41
apartments, was seized on such a warrant, which the appellate court upheld.

No civilized country imposes criminal punishment for mere evil intentions, but
the forfeiture statutes -- since they are "civil," not "criminal" -- are apparently
subject to no such limitation. In 1991 the U.S. Court of Appeals for the Third
Circuit held that a home was forfeitable because the owner, when he applied for
a home equity loan, "intended" to use the proceeds to buy drugs. By the time the
loan actually came through, he had used other funds for that purpose, but that
didn't matter, the court said, because he had intended to use the home to secure
a loan, the proceeds of which he intended to use for drugs. The home was
therefore no longer his. It would apparently have made no difference if he never
even applied for the loan, as long as he thought about it.

Any activities within a home that relate to drugs are sufficient for forfeiture
of the home: a phone call to or from a source; the possession of chemicals,
wrappers, paraphernalia of any kind; the storing or reading of any how-to books
on the cultivation or production of drugs. The operative question is whether any
of these activities was "intended" to facilitate a drug offense.

If a car is driven to or from a place where drugs are bought or sold and is then
parked in a garage attached to a home, the home has been used to store the car,
which facilitated the transaction, and is probably forfeitable along with the
car. If the home is located on a 120-acre farm, the entire farm goes as well. If
only a few square feet of land in a remote section of a farm are devoted to
marijuana plants, the grower loses not only the entire farm, but, if it is on
the same land as the farm, his home as well.

Once any property qualifies for forfeiture, almost any other property owned or
possessed by the same person can fall into the forfeiture pot. Notions about how
otherwise "innocent" property can "facilitate" illegal activities are almost
limitless. In a 1991 Hawaii case, when drug proceeds were deposited in a bank
account that contained several hundred thousand dollars in "clean" funds, the
entire account was declared forfeit on the theory that the "clean" funds
facilitated the laundering of the tainted funds. In a 1989 case involving a drug
dealer who owned and operated a ranch in Georgia, his quarter horses -- all 27 of
them -- were forfeited on the theory that, as part of a legitimate business, the
livestock helped create a "front" for the owner's illegal activities. On this
theory, the more "innocent" one's use of property is, the more effective it is
as a "front" or "cover" and therefore the more clearly forfeitable.

Entire hotels have been forfeited because one or more rooms were used by guests
for drug transactions. Entire apartment houses have been lost because drug
activities occurred in some apartments. In 1991 proceedings were brought to
forfeit fraternity houses at the University of Virginia because some of the
members sold drugs there. Those seizures created a stir, but they pale when
compared to the potential. Imagine the government taking over New York's Plaza
Hotel or one of the giant casino hotels in Atlantic City or Las Vegas on the
same theory. Or taking over a company town because of a single drug sale or
backyard marijuana plant. Harvard University is also available for the taking.
There are certainly drug sales, drug use, even drug manufacturing taking place
on campus.

Under federal law, property owners can defeat civil forfeiture if they
can prove either that the claimed offending use did not occur and was
not even intended, or that the offending use occurred or was intended "without
the knowledge or consent of that owner." Unfortunately, even this seemingly
clear provision provides little protection for innocent owners. Courts have
treated "knowledge" and "willful blindness" as equivalents and have then merged
"willful blindness" into "negligence.

Despite the plain language of the statute, most courts are unwilling to lift a
forfeiture unless the owners can prove that the offending activity not only
occurred without their knowledge or consent, but also that they did all that
"reasonably could be expected to prevent the proscribed use of the property."
The owner has been conscripted as a police officer to ensure that no improper
use is made of the property. In a 1990 Milwaukee case, the owner of a 36-unit
apartment building plagued by dope dealing evicted 10 tenants suspected of drug
use, gave a master key to the police, forwarded tips to the police, and even
hired two security firms. The city seized the building anyway.

If owners discover that their property is being used to "facilitate" drug use or
sale, what can they do to ensure that they will not lose their property to
forfeiture? Nothing, probably. If they call the police and inform on their
tenants, they have established their knowledge, as of the date they informed,
which will usually be sufficient for forfeiture. Informing the police may go far
toward establishing that owners did not "consent" to the illicit use, but many
courts have held that the owner must both lack knowledge and not consent to the
illicit use.

As scary as forfeiture already is, it is spreading to other offenses. When it is
extended to new areas, the punishment becomes drastically disproportionate to
the offense and the constitutional safeguards of criminal procedure are
circumvented. Already, federal forfeiture statutes apply to pornography,
gambling, and several other offenses, as well as drugs. Some state forfeiture
laws apply to property used in any felony. The forfeiture of cars used in sex
offenses is commonplace. Hartford, Connecticut, recently began confiscating the
cars of johns who cruise neighborhoods looking for prostitutes. Some states take
one's car for drunk driving.

Where will it end? Why not extend forfeiture to income-tax evasion and take the
homes of the millions -- some say as many as 30 million -- who cheat on their taxes?
The statutory basis for forfeiting homes and businesses of tax evaders is
already in place. The Internal Revenue Code reads: "It shall be unlawful to have
or possess any property intended for use in violating the provisions of the
Internal Revenue Service LawsIor which has been so used, and no property rights
shall exist in any such property.

Although use of this provision has mainly been limited to seizures of moonshine
and gambling equipment, and sometimes businesses, there is no reason, given the
breadth of the drug forfeiture decisions, why it can't be employed to take the
homes and offices of tax evaders and even those of their accountants and
lawyers. A congressman who failed to pay Social Security tax on wages of his
housekeeper could lose his home. Moreover, unlike drug forfeiture, the tax
forfeiture statutes have no innocent-owner defense.

If there is a shard of moral justification for forfeiture, it is that an owner,
duly forewarned, chooses to use or permit his property to be used illegally and
therefore voluntarily "waives" his constitutional rights of property. But such a
"waiver" theory can be extended to destroy all rights and all liberty. It is a
cancer on the Constitution, certain to metastasize if not eliminated soon.

Steven B. Duke is Law of Science and Technology Professor at Yale Law School.
Albert C. Gross is an attorney and writer in San Diego. This article is adapted
from their book, America's Longest War: Rethinking Our Tragic Crusade Against
Drugs (Putnam).

    ------------------------------------------------------------
    The contents of this file are copyright 1993 by the publisher
    in whose directory this file appeared.  Unauthorized copying
    of this information is strictly forbidden.  Please read the
    general notice at the top menu of the Gopher Server for
    the Electronic Newsstand.  For information regarding reprints,
    please send mail to REPRINTS at Enews.Com
    ------------------------------------------------------------


 









From pgpkeys at wasabi.io.com  Thu Feb  3 13:14:48 1994
From: pgpkeys at wasabi.io.com (PGP Slave Key Server)
Date: Thu, 3 Feb 94 13:14:48 PST
Subject: PGP KEYS NOW BY FINGER!  *** STOP PRESS ***
Message-ID: <199402031525.PAA03435@wasabi.io.com>


pgp key server functionality just took a great leap forward today when
io.com's email server suddenly went interactive!

finger @wasabi.io.com      for details
        ^^^^^^
        Note the 'wasabi' - finger @io.com won't work.

You can get a list of users by doing:   finger user at wasabi.io.com
or even:                                finger user at host@wasabi.io.com

And once you find their Key ID from the summary listing, you can
then do:
                                        finger 0x123456 at wasabi.io.com
                                                 ^^^^^^
                                                  The hex digits from the keyid


Have fun!

The Mgt.

PS The finger requests to this server are *NOT* logged.
(At least by us.  Who knows what the NSA is up to :-) )





From qwerty-remailer at netcom.com  Thu Feb  3 13:29:44 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Thu, 3 Feb 94 13:29:44 PST
Subject: New remailer up.
Message-ID: <199402032127.NAA18079@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

qwerty at netcom.com gains a bit bucket.

::
Request-Remailing-To: /dev/null

Bye bye mail.  "BB" entered into my counter.

Comments? Are slashes OK in a header line?

- -Nik (Xenon)


-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVElIwSzG6zrQn1RAQE1qAP9Fu4tDpJclibx3CuzHGICpshNwULdYmn2
zfBMC+wuHGWvDvTtDX0+0HxfxLouOKAvvESJFt35Y0YSszT8KZmarSz5msOA179v
+trsnSPw/BhjNvKQlhxHm7HpOr8JNoL3gB2zHz3EISEkdDtvRE3LRj4wu20P8DaP
7reDXreuDE4=
=n99G
-----END PGP SIGNATURE-----





From hlin at nas.edu  Thu Feb  3 13:54:46 1994
From: hlin at nas.edu (Herb Lin)
Date: Thu, 3 Feb 94 13:54:46 PST
Subject: Study of National Cryptography Policy
Message-ID: <9401037603.AA760322850@nas.edu>



February 3, 1994

To: Whom It May Concern
Subject: A Study of National Cryptography Policy

This message should be forwarded to any and all individuals or groups that
may be interested.

-----------------------------------------------

In a message broadcast electronically and by fax in December 1993, the
Computer Science and Telecommunications Board (CSTB) of the National
Research Council (NRC) issued a call for nominations of possible committee
members who would undertake a study of national policy with respect to the
use and regulation of cryptography.  This report was requested by the U.S.
Congress in the Defense Authorization Bill for FY 1994.

That message said that ALL committee members (and associated staff) would
have to be cleared at the "SI/TK" level.  Since that time, there has been some
discussion of a study that would only require SOME members of the study
committee to be cleared.  Thus, in the interests of casting the broadest
possible net to capture the necessary expertise, we are re-issuing the call for
nominations to find those people who otherwise fit the criteria below but who
would have been reluctant to accept security clearances or to undergo the
required investigation.

It is expected that the study committee will be a high-level group that will
command credibility and respect across the range of government, academic,
commercial, and private interests.  The committee will include members with
expertise in areas such as:

  - relevant computer and communications technology;
  - cryptographic technologies and cryptanalysis;
  - foreign, national security, and intelligence affairs;
  - law enforcement;
  - commercial interests (both users and technology vendors); and
  - privacy and consumer interests.

Committee members will be chosen for their stature, expertise, and seniority
in their fields; their willingness to listen and consider fairly other points of
view; and their ability to contribute to the formulation of consensus
positions.
The committee as a whole will be chosen to reflect the range of judgment and
opinion on the subject under consideration.

Note that NRC rules regarding conflict of interest forbid the selection as
committee members of individuals that have substantial personal financial
interests that might be significantly affected by the outcome of the study; in
addition, individuals currently employed by the federal government are
ineligible to serve on the study committee.

Please forward suggestions for people to participate in this project to
CSTB at NAS.EDU by February 11, 1993; please include their institutional
affiliations, their field(s) of expertise, a note describing how the criteria
described above apply to them, and a way to contact them.  For our
administrative convenience, please put in the "SUBJECT:" field of your
message the words "crypto person".

If you would like a copy of the original solicitation, please send a request to
CSTB at NAS.EDU.

On the National Research Council

The National Research Council (NRC) is the operating arm of the Academy
complex, which includes the National Academy of Sciences, the National
Academy of Engineering, and the Institute of Medicine. The NRC is a source
of impartial and independent advice to the federal government and other
policy makers that is able to bring to bear the best scientific and technical
talent in the nation to answer questions of national significance.  In addition,
it often acts as a neutral party in convening meetings among multiple
stakeholders on any given issue, thereby facilitating the generation of
consensus on controversial issues.

The Computer Science and Telecommunications Board (CSTB) of the NRC
considers technical and policy issues pertaining to computer science,
telecommunications, and associated technologies.  CSTB monitors the health
of the computer science, computing technology, and telecommunications
fields, including attention as appropriate to the issues of human resources and
information infrastructure and initiates studies involving computer science,
computing technology, and telecommunications as critical resources and
sources of national economic strength.  A list of CSTB publications is
available on request.





From jim at bilbo.suite.com  Thu Feb  3 15:14:49 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 3 Feb 94 15:14:49 PST
Subject: contemplating remailer postage
Message-ID: <9402032304.AA18410@bilbo.suite.com>




Matthew J Ghio writes:

> How about this: 

> 

> Issue numbered stamps sequentially.  Encrypt them and
> add a cryptographic checksum to each stamp.  You then
> create a database such that one bit of data corresponds to
> one stamp.  With a mere 64K database, you could issue and
> keep track of 524288 postage stamps.  That ought to last
> you a few years.  (At 100 letters a day, it would last over 14
> years.  Most cypherpunk remailers get considerably less
> than 100 emails a day.)
> 

> 

> 


If the remailer constructs the stamp, rather than just signs it blindly,  
it could keep a log of which stamps were issued to which users.  The  
remailer could then use this information to figure out the original sender  
of a stamped message regardless of how many other remailers the message  
passed through.

To thwart this, users would have to purchase stamps anonymously.  However,  
this begs the question: How does the user anonymously purchase stamps for  
the first remailer?  I suppose you could use "free" remailers to send  
anonymous purchase requests to stamp-issuing remailers.

The system I described does not require you to purchase stamps  
anonymously.  You can purchase stamps directly from each remailer without  
giving the remailer the opportunity to record which stamp went to which  
user.  To understand why this is true you need to understand how blind  
signatures work.  The book "Applied Cryptography (Bruce Schneier)" gives a  
good description of the properties of blind signatures.  That is how I  
learned about them.

The remailer could still record the fact that you purchased stamps, thus  
alerting the bad guys that you plan to use the remailer system.  However,  
I don't think it is possible to prevent the bad guys from learning that  
you use remailers.  I assume the bad guys will be logging all traffic to  
the remailers and would learn about your use of remailers, stamps or no  
stamps.


Jim_Miller at suite.com





From mg5n+ at andrew.cmu.edu  Thu Feb  3 15:14:49 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Thu, 3 Feb 94 15:14:49 PST
Subject: No Subject
In-Reply-To: <9402032051.AA08204@banneker.Stanford.EDU>
Message-ID: <AhIMGvW00VBANK_lU_@andrew.cmu.edu>


The.Ghost at toad.com writes:

> Received: by toad.com id AA04069; Thu, 3 Feb 94 12:51:58 PST
> Received: from banneker.Stanford.EDU ([36.14.0.77]) by toad.com id
AA04063; Thu, 3 Feb 94 12:51:55 PST
> Received: by banneker.Stanford.EDU (5.57/Ultrix3.0-C)
>	id AA08204; Thu, 3 Feb 94 12:51:14 -0800
> Date: Thu, 3 Feb 94 12:51:14 -0800
> From: The.Ghost at toad.com
> Message-Id: <9402032051.AA08204 at banneker.Stanford.EDU>
> Apparently-To: cypherpunks at toad.com
>
> testing...

Wow, look, someone at Stanford figured out how to use port 25!

I hope that's a new anonymous remailer that you're testing there... :)





From hughes at ah.com  Thu Feb  3 15:24:48 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 3 Feb 94 15:24:48 PST
Subject: ADMIN: list statistics
Message-ID: <9402032319.AA20066@ah.com>


I gathered some list statistics for the subscriber base as of
Thursday, February 3, 1994, 12:00 noon.

657 subscription addresses total. 49 contain the string 'cypher' and
are suspected gateways, either to individuals or large groups, so the
exact amount is extremely hard to pin down.

Here are the subscribers, broken down by top-level domain

 300 com	USA commercial
 204 edu	USA educational
  25 org	USA organizational
  18 ca		Canada
  15 net	networks
  13 us		USA geographical
  10 uk		United Kingdom
   9 uucp	UUCP links
   8 se		Sweden
   7 gov	USA government
   7 au		Australia
   6 fi		Finland
   5 no		Norway
   4 de		Denmark
   3 mil	USA military
   3 it		Italy
   2 fido	Fidonet
   2 za		South Africa
   2 mx		Mexico
   1 ve		Venezuela
   1 su		USSR (er, someone call a NIC)
   1 si		( ? Slovenia ? )
   1 sg		Singapore
   1 nl		Netherlands
   1 jp		Japan
   1 in		India
   1 ie		Ireland
   1 hk		Hong Kong
   1 gb		United Kingdom
   1 fr		France
   1 es		Spain
   1 ee		?
   1 ec		Ecuador

If anybody knows for sure where SI and EE are, I'd love to know.  My
list of ISO country codes is a little old.

Here are the top individual domain names.  We can see who has market
share, at least.

  51 netcom.com
  16 aol.com
   9 mcimail.com
   8 well.sf.ca.us
   7 delphi.com
   6 world.std.com
   5 umich.edu
   5 shell.portal.com
   5 microsoft.com
   5 cleveland.Freenet.Edu
   5 CompuServe.COM
   4 phantom.com
   4 panix.com
   4 gnu.ai.mit.edu
   4 crl.com
   4 apple.com
   3 ucsu.Colorado.EDU
   3 toad.com
   3 prodigy.com
   3 nyx.cs.du.edu
   3 mason1.gmu.edu
   3 engin.umich.edu
   3 ecf.toronto.edu
   3 anon.penet.fi
   3 access.digex.com
   3 CUNYVM.CUNY.EDU

Happy lack of trails.

Eric





From ravage at wixer.bga.com  Thu Feb  3 15:24:49 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Thu, 3 Feb 94 15:24:49 PST
Subject: Message returned to sender (fwd)
Message-ID: <9402031634.AA14363@wixer>


Forwarded message:




From jim at bilbo.suite.com  Thu Feb  3 15:39:44 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 3 Feb 94 15:39:44 PST
Subject: SASE Suggestion
Message-ID: <9402032330.AA18898@bilbo.suite.com>



Lance Cottrell writes:

> One SASE scheme recently suggested involved sending a
> request for a SASE to a ramailer, stating the number of
> jumps required. It then sent it to another remailer, and
> so on. Each adding a layer, and eventually sending the
> results to the desired correspondent. I mentioned that
> if the first remailer was corrupted, that the whole chain
> was (it would only send to other corrupt remailers). 

> 


Oh, I see.  I was confused as to which scheme you were talking about.  You  
were refering (I think) to the "prepaid mailer" idea Tim May described in  
his "Re: Anonymous Anonymous ftp" post of Jan 27.


Jim_Miller at suite.com





From hayden at krypton.mankato.msus.edu  Thu Feb  3 15:54:48 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Thu, 3 Feb 94 15:54:48 PST
Subject: ADMIN: list statistics
In-Reply-To: <9402032319.AA20066@ah.com>
Message-ID: <Pine.3.89.9402031747.A11773-0100000@krypton.mankato.msus.edu>


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 3 Feb 1994, Eric Hughes wrote:

>    1 si		( ? Slovenia ? )
>    1 ee		?

> If anybody knows for sure where SI and EE are, I'd love to know.  My
> list of ISO country codes is a little old.

si =	Slovenia (you were right)
ee = 	Estonia

Source:  The Big Dummy's Guide to the Internet
	 Adam Gaffin and Jorg Heitkotter
	 Available at ftp.eff.org


____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
- -=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVGO553BsrEqkf9NAQFd6AQAiu8TlrJ5ZU52vpfvMrS/YMYaCZCc6uZ2
yLoUcWBsv4FSbk2pXwjMTacWBvvFonKntwUT3GtWB0GRUqRzLCOYRG5cqcb0iPgC
uK8BXhyTXcHxZXAfSW+qI53z+4dwCb9Tc/WRihkNuS+RaPWIBIllLRxtyiUQKopr
fTDAVeWr7OM=
=Jhqu
-----END PGP SIGNATURE-----





From Tomaz.Borstnar at arnes.si  Thu Feb  3 15:54:48 1994
From: Tomaz.Borstnar at arnes.si (Tomaz Borstnar)
Date: Thu, 3 Feb 94 15:54:48 PST
Subject: ADMIN: list statistics
In-Reply-To: <9402032319.AA20066@ah.com>
Message-ID: <9402032349.AA06456@toad.com>


In-reply-to: Your message dated: Thu, 03 Feb 1994 15:19:11 PST
>    1 si		( ? Slovenia ? )

Good. :)

Yeah, it's Slovenia. :)

Tomaz





From hughes at ah.com  Thu Feb  3 16:04:48 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 3 Feb 94 16:04:48 PST
Subject: ADMIN: list statistics
In-Reply-To: <9402032319.AA20066@ah.com>
Message-ID: <9402040000.AA20195@ah.com>


Followups to me have yielded the following info:

SI = Slovenia
EE = Estonia

One subscriber each.

Thanks to Tomaz and Stephen for the info.

Eric





From pgpkeys at wasabi.io.com  Thu Feb  3 16:49:44 1994
From: pgpkeys at wasabi.io.com (PGP Slave Key Server)
Date: Thu, 3 Feb 94 16:49:44 PST
Subject: A question of ethics.
Message-ID: <199402031859.SAA03790@wasabi.io.com>


>Ok, I'm in a bit of a quandry.  While surfing the net last week, I
>happened across an address addached to a machine that belongs the the 
>federal reserve.  No big deal.  I telnetted there on a lark, and entered 
>'guest' for the account.  It dropped me into a shell.  It didn't ask for 
>a password.  Intrigued, I did a little looking around.  Nothing special, 
>a CDRom and about 80 accounts.  But(!!), /etc/passwd was there and 
>available and not using shadows.  No, I didn't snatch a copy.
>
>Quandry(ies)
>
>1)  Should I alert someone there about the obvious (and, IMHO serious) 
>seciruty hole?
>
>	or
>
>2)  Should I ignore it?
>
>3)  Should I take advantage of it (well, maybe not)
>
>----------
>
>I don't like to see systems so open, no matter who they belong too, and 
>the fact that the governments (whether you like them or not) has one this 
>open REALLY bothers me. 
>
>But, I also wonder what kind of trouble I could get into.  Technically, I 
>violated something just by being there as I didn't have permission, and 
>the fact I accessed the passwd file makes it even worse.  If I report it, 
>I could be in deep shit.
>
>I could mail to them via a remailer (like penet.fi, so that they could 
>answer for more information if needed).  That is a little securer and 
>Julf is out of jurisdiction of the FBI hunting me down.
>
>Yes, I'm a little paranoid, but Uncle Sam likes to make examples out of 
>white-collar hackers, and for me it was pure and dumb luck (like a jury 
>would believe a 22 year-old computer geek isn't trying to gain illegal 
>access).
>
>Any suggestions?  Please?  I consider this to be serious (most may not).

Go to a COCOT and call Ms Flanagan below.  *Not* the Tech contact, who is
most likely the person who fucked up and will want to cover his butt.  The
admin contact should be more sympathetic...

   20th and C Streets, NW
   Washington, DC 20551

   Domain Name: FRB.GOV

   Administrative Contact:
      Flanagan, Elizabeth R.  (ERF7)  erf at FED.FRB.GOV
      (202) 452-2672
   Technical Contact, Zone Contact:
      Drzyzgula, Robert P.  (RPD5)  rcd at FED.FRB.GOV
      (202) 452-3425

   Record last updated on 14-Aug-91.

   Domain servers in listed order:

   NS.UU.NET                    137.39.1.3
   UUCP-GW-1.PA.DEC.COM         16.1.0.18
   UUCP-GW-2.PA.DEC.COM         16.1.0.19







From cmckie at ccs.carleton.ca  Thu Feb  3 17:29:44 1994
From: cmckie at ccs.carleton.ca (Craig McKie)
Date: Thu, 3 Feb 94 17:29:44 PST
Subject: Canadian voice recognition article
Message-ID: <9402040124.AA03270@superior.YP.nobel>


Spy Agency works on eavesdropping device for phones, faxes
New snoop gadget would identify voices carried through air

The Canadian Press

Used on page 1, Ottawa Citizen, Monday January 31, 1994

   An elite wing of Canada's spy agency is secretly developing devices
that can monitor and identify voices carried through the air by phone,
fax and radio signals, according to a broadcast report citing
government documents.
   The Communications Security Establishment is a super-secret branch
of the Canadian Security Intelligence Service that specializes in
gathering signals intelligence - SIGINT to insiders.
   Since 1989, the CSE has awarded three contracts worth $1.1 million
to a Montreal firm to make machines that can quickly isolate key words
and phrases from the millions of signals the CSE monitors each day,
CTV reported Sunday.
   In May 1983, the CSE awarded the Centre de Recherche Informatique
de Montreal a contract to develop a "speaker identification system,"
which can pick voices from the electronic haze and identify them.
   "Its frightening," says Bill Robinson, a researcher with the peace
group, Project Ploughshares. "It has Orwellian potential to sweep
through everybody's conversations. As computers get faster and faster,
theoretically, one would be able to keep records of all
conversations."
   The CSE is supposed to provide the federal government with foreign
intelligence, but parliamentarians have often voiced concerns about
the agency's potential to violate the privacy of Canadians.
   Liberal MP Derek Lee, the head of a Commons committee that oversees
Canada's spy agency, said the CSE is overstepping its mandate.
   "Have they been asked, or have they decided for themselves to take
on a new role that requires them to analyse the human voice? And if
they have, they've gone beyond what I think they've told us."
   The CSE is accountable to Parliament through the defence minister.
   But Defense Minister David Colonette told CTV her was unaware of
the CSE's latest electronic snooping projects.
   "This is the first I've heard of this," Collenette said. "It is
certainly something I'll discuss with my officials."
   While in Opposition, the Liberals pledged to make the CSE more
accountable.
   With a budget of about $250 milliojn and more than 800 employees
the CSE operates out of a building on Heron Road in Confederation
Heights surrounded by a barbed-wire fence.
   Its work is considered so sensitive that employees are told not to
take commercial flights, in case the plane is hijacked and they are
held hostage.





From anonymous at extropia.wimsey.com  Thu Feb  3 17:49:44 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Thu, 3 Feb 94 17:49:44 PST
Subject: Remailer Tearline Conventions
Message-ID: <199402040132.AA19447@xtropia>


 * Reply to msg originally in CYPHERPUNKS

 Uu> From: edgar at spectrx.saigon.com (Edgar W. Swank)

 Uu> Someone (not me) asked about remailer tearline conventions to
 Uu> eliminate automatic sigs:

 Uu> I'm the one who brought this up "months ago" and the short answer to
 Uu> your question is "no."

 Uu> Hall Remailer     <nowhere at bsu-cs.bsu.edu>
 Uu> added a "cut line" of
 Uu> --ignore--

 Uu> At the time I brought this up, the attitude of most remailer operators
 Uu> (Chael Hall and Miron Cuperman notably excepted) was that anyone who
 Uu> couldn't figure out how and remember to turn off their auto sig didn't
 Uu> deserve any privacy.

An astonishing bit of Internet provincial fuckheadedness, I must say!
When one considers that there are _many_ other nets that gate into
Internet these days and innumerable store-and-forward host systems whose
message handling processes are _completely_ beyond the control of the
end user (even smug Cypherpunk geniuses), this attitude mystifies me.

 Uu> I recommend that you always use the wimsey (extropia) remailer as the
 Uu> first (or only) leg of a remailer chain.  It is also the only
 Uu> Cypherpunks remailer outside the USA (it's in Canada) which will make
 Uu> tracing msgs a little more difficult for USA authorities.

That remail at extropia.wimsey.com is in Canada specifically makes
communications with it fair game for NSA interception, however.






From kshep at netcom.com  Thu Feb  3 19:04:49 1994
From: kshep at netcom.com (Kirk Sheppard)
Date: Thu, 3 Feb 94 19:04:49 PST
Subject: Remailer Tearline Conventions
In-Reply-To: <199402040132.AA19447@xtropia>
Message-ID: <Pine.3.85.9402032200.A25248-0100000@netcom9>



On Thu, 3 Feb 1994 anonymous at extropia.wimsey.com wrote:

> 
> That remail at extropia.wimsey.com is in Canada specifically makes
> communications with it fair game for NSA interception, however.

NSA interception is world wide.

Kirk Sheppard

kshep at netcom.com

P. O. Box 30911             "It is  Better to Die on Your Feet Than to 
Bethesda, MD 20824-0911      Live On Your Knees."
U.S.A.
			    			     - Emiliano Zapata







From jim at bilbo.suite.com  Thu Feb  3 19:19:44 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 3 Feb 94 19:19:44 PST
Subject: On return addresses
Message-ID: <9402040310.AA22295@bilbo.suite.com>



Eric Hughes writes:

> I've been troubled for many months by an invariant in all forms of
> return address schemes: The outside world contains sufficient
> _persistent_ information to find a real adress.
> 

> [stuff deleted]
> 

> So how do we solve it?  By abandoning return addresses and
> using mail spool facilities. 

> 

> [more stuff deleted]
>
> 1. I have a machine and I'll sell you an address on it...
>
> 2. When mail come in for you, it sits in a spool...
>
> 3. Your mail sits in the spool until you access it with... a
> mail server command of "send me a mailbox file of my
> waiting mail".
> 

> [even more stuff deleted]
>
> The elimination of persistent identifying information
> for return paths is a worthwhile design objective.  I
> propose that we start thinking about it more thoroughly.
> 

> Eric 

> 


Let me see if I understand your idea correctly.  I am picturing  
something like the following:

There will exist a bunch of remailers that, in addition to forwarding  
mail, will also sell mailboxes.  (I'm combining the remailer with the  
mail spools to add to the mix of messages to and from).  The  
"mailboxes" are actually e-mail addresses referring to a  
pseudo-account on some machine that hosts a remailer/mail spooler.

Bob would purchase a number of mailboxes scattered throughout the  
remailer/mail spooler system.  Bob would give out the address of one  
of these mailboxes to people so they can send "reply" messages to  
him.  Messages addressed to Bob's "public" mailbox would be spooled  
by the remailer hosting that mailbox.

Periodically (perhaps frequently), Bob would send an anonymous  
message (via other remailers) to the remailer hosting his public  
mailbox to command the remailer to send the contents of his mailbox  
to one of his other mailboxes.  The remailer wouldn't necessarily  
know it's sending to another mailbox, it's just sends to an address  
supplied in the command message.

Bob repeats this process to move his messages from his second mailbox  
to his third mailbox, and so on.  Eventually, he moves his messages  
from his Nth mailbox to his "real" address.

Is this approximately what you had in mind?  I left out IP  
redirectors and POP clients because I'm not familiar with them.

Jim_Miller at suite.com





From fringeware at illuminati.io.com  Thu Feb  3 20:04:49 1994
From: fringeware at illuminati.io.com (FringeWare List)
Date: Thu, 3 Feb 94 20:04:49 PST
Subject: CRYPTO - New US keyserver now fully operational -
Message-ID: <199402031618.KAA29816@illuminati.IO.COM>


Sent from the cyberdeck of: pgpkeys at wasabi.io.com (PGP Slave Key Server)

The US-based keyserver  'pgp-public-keys at io.com' is now open to the public.

Come one, come all!

Here is the current file as returned by 'Subject: help'.

This site is a PGP key server SLAVE site.  It behaves
very similarly to the European PGP master sites, but there
are a few small differences which will be noted below.
The most noticable difference is that it answers your
requests immediately instead of waiting for a daily
batch job to run :-)

The particular installation at io.com does *not* log the details of
requests for keys, however the fact that you have sent mail to the
key server at all is logged in the daily sendmail logs.  These logs
will be erased automatically after one week.


PGP Public Keyservers
---------------------

There are PGP public key servers which allow one to exchange public
keys running through the Internet and UUCP mail systems.

This service is NOT supported in any way whatsoever by the schools or
organizations on which these servers run.  It is here only to help
transfer keys between PGP users.  It does NOT attempt to guarantee
that a key is a valid key; use the signators on a key for that kind of
security.  This service can be discontinued at any time without prior
notification.

Each keyserver processes requests in the form of mail messages.  The
commands for the server are entered on the Subject: line.

        To: pgp-public-keys at io.com
        From: johndoe at some.site.edu
        Subject: help

Sending your key to ONE server is enough.  After it processes your
key, it will forward your add request to other servers automagically.

For example, to add your key to the keyserver, or to update your key if it is
already there, send a message similar to the following to any server:

        To: pgp-public-keys at io.com
        From: johndoe at some.site.edu
        Subject: add

        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: 2.2

        <blah blah blah>
        -----END PGP PUBLIC KEY BLOCK-----

COMPROMISED KEYS:  Create a Key Revocation Certificate (read the PGP
docs on how to do that) and mail your key to the server once again,
with the ADD command.

Valid commands are:

Command                Message body contains
---------------------- -------------------------------------------------
ADD                    Your PGP public key (key to add is body of msg)
                       *** Note: your update is forwarded to a master
                           server and may take a few days to reappear
INDEX                  List all PGP keys the server knows about (-kv)
VERBOSE INDEX          List all PGP keys, verbose format (-kvv)
GET                    Get the whole public key ring
GET 0xA1B2C3           Get a single key by Key ID
                       *** Note: the master servers allow you to omit
                           the 0x in front of the Key ID.  The slave
                           servers do not.
GET userid             Get a single key by User ID
MGET substr            List all keys which match "substr"
                       *** Note: this is different from the master servers
                           which return the keys themselves, not just a
                           listing of their Key IDs.  Also the master
                           servers accept a wild-card expression; at
                           the moment we do not.
LAST days              Get the keys updated in the last `days' days
                       *** Note: not yet implemented
------------------------------------------------------------------------

Examples for the MGET command:

        MGET michael         Lists all keys which have "michael" in them
        MGET @iastate.edu    Lists all keys which contain "@iastate.edu"


Check the Usenet newsgroup alt.security.pgp for updates to this system
and for new sites.

Based on a document originally by Michael <explorer at iastate.edu>







From jdblair at nextsrv.cas.muohio.EDU  Thu Feb  3 20:14:49 1994
From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU)
Date: Thu, 3 Feb 94 20:14:49 PST
Subject: Prodigy Hard Drive Scans
Message-ID: <9402040414.AA25368@ nextsrv.cas.muohio.EDU >


I heard from a friend that Prodigy was scanning user's hard drives. 
Basically, when you logged on Prodigy made a complete directory of your
hard drive and uploaded it.  Prodigy was using this to find out what
applications you used so they could direct the appropriate advertising
towards you.  Apparently, they're suffering several lawsuits now because
of it.

My friend heard this on the trailing end of a radio talk show.  If it was
really happening, it sounds horrible.  Could Secure Drive be set up to
stop this kind of attack?

Can anyone tell me if this is more than a rumour?  If it is more than a
rumour, would you be able to point me towards some information about this?

-john.
jdblair at nextsrv.cas.muohio.edu





From tcmay at netcom.com  Thu Feb  3 20:39:44 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 3 Feb 94 20:39:44 PST
Subject: Prodigy Hard Drive Scans
In-Reply-To: <9402040414.AA25368@ nextsrv.cas.muohio.EDU >
Message-ID: <199402040436.UAA14470@mail.netcom.com>



> I heard from a friend that Prodigy was scanning user's hard drives. 
> Basically, when you logged on Prodigy made a complete directory of your
> hard drive and uploaded it.  Prodigy was using this to find out what
> applications you used so they could direct the appropriate advertising
> towards you.  Apparently, they're suffering several lawsuits now because
> of it.
> 
> My friend heard this on the trailing end of a radio talk show.  If it was
> really happening, it sounds horrible.  Could Secure Drive be set up to
> stop this kind of attack?
> 
> Can anyone tell me if this is more than a rumour?  If it is more than a
> rumour, would you be able to point me towards some information about this?

Just a rumor, disposed of several years ago. A hot topic of debate
around 1990.

This rumor arose because Prodigy set aside a block of user disk space
for its own files. Sometimes this block had random stuff in it (recall
that "erasing" a file doesn't actually overwrite the disk, it just
removes pointers to the stuff being erased and allows other stuff to
later be overwritten over it). Prodigy used part (a small part, given
1200- and 2400-baud modems in use then) of this block to send back to
the main computers, so in principle it could see miscellaneous scraps
of erased data.

But this was accidental, was a tiny fraction of the disk, was not used
or even looked at by Prodigy, and would have absolutely no value in
determining applications used. (Think about what a samll random chunk
of "erased" disk space would really mean in terms of telling outsiders
what applications you use!)

Ironically, an old college buddy of mine is now in charge of e-mail
for Prodigy, in White Plains, New York. He visited me last summer and
I showed him a _real_ computer service (Netcom) and we had a few good
chortles about this Prodigy Conspiracy.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From nobody at shell.portal.com  Thu Feb  3 20:59:44 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 3 Feb 94 20:59:44 PST
Subject: New remailer up.
Message-ID: <199402040459.UAA04387@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Jon Boone expressed what seems to be a consensus, " I won't hack into
mail.netcom.com to demonstrate that it is possible to figure out who used
your remailer. But, if one of the admins from netcom wants to send me their
syslogs, I'll do my best to put together a correlation."

Netcom logs mail. The mail queue is viewable by most anyone willing to set
up a mail queue logging routine. If someone wants to see the mail logs
after it is no longer in the mail queue they have to be root on Netcom or
illegally hack in. If the FDA wants your illegal smart drugs, they might
get Netcom to hand over mail logs. If a hacker or the NSA taps into root,
they don't need mail logs; they'll just "wiretap" the qwerty account,
including its secret key and pass phrase.

Is there any OTHER serious but unrelated problems with a Netcom remailer?

Now I know what warnings and hints to put in qwerty's .plan: "Since Netcom
keeps mail logs, people should only have contact with qwerty via other
remailers or send mail out from qwerty only to public sites like Usenet or
a mailing list, so the real addresses of the users never shows up on
Netcom's logs or in the mail queue. It is also best to use encryption in
case someone is reading the contents instead of just the logs."

Routing through qwerty will add another layer of difficulty to someone
trying to track down a message sender, since if forces them to get Netcom's
sendmail logs after the fact or to make their own logs every day of the
year from an account on Netcom. Is this legal for say the FDA to do? How
about my new idea for a company called "Netlog!" in which I log the mail
queue on Netcom and offer to sell CD ROMs containing a year's mail logs
from Netcom? These tricks could be made more difficult with traffic
analysis countermeasures.

However, the issue seems more touchy than this rationalization for the
existance of Netcom remailers. Not assuming qwerty remains in its current
state, will adding qwerty to a mailing chain, say between extropia to
hfinney at shell, using encryption, add to or decrease security? The question
needs to be answered, with the assumption that someone IS collecting mail
queue logs. How would you have me alter qwerty so that this link ADDED to
the security of a chain? More than an hour delay must be avoided by making
the scheme more sophisticated, in my view. If I add a 0-30 min. random
delay, with added dummy traffic going out from qwerty in a circle through
other remailers and back to qwerty's bit bucket, every few minutes, would
this make it useful also to SERIOUS remailer users?

Before I start throwing out ideas that I'm sure aren't new to readers here,
I have a simple question that perhaps I should post to comp.unix.questions
or comp.lang.perl, but.... Can I, and how would I, get a perl script to
kick in and send out mail every few minutes when I am NOT logged in. Is this
possible on Netcom?

The question is pretty general, and involves any public access or personal
account machine. So send me a remailer or tell me how to patch Hal's.

 -Nik (Xenon)

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVGOgQSzG6zrQn1RAQFGLAP+N31dNMjnArEOklm4AeruT7pu6LgfNdUM
OawRDPY8CYgxYi5kJ4yByh7+uD+Asr7FCMaKacln8YwO6oOz3FlceNupC1czWFI5
NWuS9b4r5ZPKpLClv9K3oY1QvRePc1r0Ypl4SYCtZux/7U787BoyT/VUHmkfwple
I6X6+irFXns=
=6Klu
-----END PGP SIGNATURE-----





From wcs at anchor.ho.att.com  Thu Feb  3 23:04:52 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 3 Feb 94 23:04:52 PST
Subject: Remailer Tearline Conventions
Message-ID: <9402040701.AA23632@anchor.ho.att.com>


> > That remail at extropia.wimsey.com is in Canada specifically makes
> > communications with it fair game for NSA interception, however.
> 
> NSA interception is world wide.

On the other hand, extropia uses PGP encrypted messages to its
remailer, and NSA PGP-breaking is distinctly *not* world-wide.
I assume it doesn't use PGP encryption for the anonymous outgoing side,
but you can always encrypt the message before encrypting it for extropia.





From wcs at anchor.ho.att.com  Thu Feb  3 23:14:52 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 3 Feb 94 23:14:52 PST
Subject: finger user@wasabi.io.com
Message-ID: <9402040712.AA23739@anchor.ho.att.com>


Neat stuff!  You can finger billstewart at wasabi.io.com,
even though I don't exactly have an account there...
Is the source code available for your finger daemon?

It doesn't seem to have any regular-expression matching;
it mostly matches exact character strings, presumably case-insensitive.
I couldn't figure out how to get it to match spaces, though:
requesting 'bill stewart' got all the bills and all the stewarts,
rather than getting the lines with bill stewart in them.

	Thanks!





From hfinney at shell.portal.com  Thu Feb  3 23:19:44 1994
From: hfinney at shell.portal.com (Hal)
Date: Thu, 3 Feb 94 23:19:44 PST
Subject: Running regularly
Message-ID: <199402040708.XAA17954@jobe.shell.portal.com>


> Before I start throwing out ideas that I'm sure aren't new to readers here,
> I have a simple question that perhaps I should post to comp.unix.questions
> or comp.lang.perl, but.... Can I, and how would I, get a perl script to
> kick in and send out mail every few minutes when I am NOT logged in. Is this
> possible on Netcom?

Most public Unix systems will not let you do this, in my experience.
The two Unix commands which usually give you the ability to run programs
at regular intervals are "at" and "crontab".  You can read the man pages
and try running these to see if they are enabled for you.

I had an idea for how to get around this, so that people could run batching
remailers which sent out mail, say, every 30 minutes or whatever.  (Unlike
Xenon, I am of a generation which is accustomed to waiting more than a few
seconds for mail to travel across the country!)  The idea was simply for
someone who DID have an account which would let them use at or cron, to
run a program which would simply send a "ding" message (not to be confused
with a "ping" message :) at regular intervals to a list of subscribers.
This message could have a special header field so that the remailer programs
could easily recognize it and take whatever action they wanted, like running
Karl Barrus' script to scan a directory for pending outgoing remailer mail
and send it out.  (Karl has had batching running for months, as well as
postage-stamp-based remailers (albeit with non-anonymous stamps).  He is
way ahead of most of this discussion.)

Hal






From hfinney at shell.portal.com  Thu Feb  3 23:24:53 1994
From: hfinney at shell.portal.com (Hal)
Date: Thu, 3 Feb 94 23:24:53 PST
Subject: contemplating remailer postage
Message-ID: <199402040715.XAA18357@jobe.shell.portal.com>


As Jim points out, Matthew's scheme for one-bit-per-stamp has the
problem that it requires non-anonymous stamps.  Jim suggested a variant
on Chaum's digital cash where the stamp numbers would be re-blinded by
the recipient so that the remailer would not recognize them (but could
verify their validity).

Matthew's bitmap idea could still be used, though.  The incoming stamp
numbers could be hashed down to, say, 24 bits.  This could then be an
index into a 2^24-bit file, which would take 2 MB.  Set the bit when the
stamp is used, and reject the mail if the bit is already set.

Granted, this would create false rejections.  But email is already not
perfectly reliable.  You could send 160,000 messages before you had as
many as 1% false rejections (2^24 / 100).  I think this would be better
than trying to save this many digital stamps and check through the list
each time for duplications.

Hal






From catalyst-remailer at netcom.com  Thu Feb  3 23:34:53 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Thu, 3 Feb 94 23:34:53 PST
Subject: Remailer FAQ. Details.
Message-ID: <199402040732.XAA02211@mail.netcom.com>


I hope I can get a bit more attention to this, now that it has become more
sophisticated. Please code warriers, take a break and let the human race
know what the existing remailers are all about. I know exactly why they
don't have enough traffic; knowledge about them is still insider
knowledge. A list of remailer addresses and year-old partial info from a
request made my Tim May was all I could find. Specs needed.

I will send this to Gary Edstrom for the PGP FAQ if I don't have to spend
the rest of my life compiling it. Mail info to qwerty at netcom.com. I'm
interested in hearing from users as well as operators. 

-Nik (Xenon)

Xenon's Full Disclosure Remailer List.

Remailer  Fast?  OpLog SysLog Subj Batch RD NL CPU Phys PGP BitB ?what else?
--------- ------ ----- ------ ---- ----- -- -- --- ---- --- ---- -----------
bsu-cs    +      ?      ?/?    +    ?    ?   ?  ?   ?   23a  ?
catalyst  +      N?    SM/MQ   -    -    ?   -  PA  M   23a  -
choas     +      ?      ?/?    +    ?    ?   ?  ?   ?   -    -
cicada    ++     ?      ?/?    -    -    -   -  ?   ?   -    -
dis.org   -      ?      ?/?    -    ?    ?   ?  ?   ?   23a  ?
extropia  ?      ?      ?/?    +    ?    ?   ?  Pr? ?   23a  ?
jarthur   +/--   St    SM/MQ?  -    ?    ?   ?  Un  ?   23a  -
menudo    --     ?      ?/?    -    t1   ?   ?  ?   ?   -    ?
merde     -/--   ?      ?/?    -    ?    ?   ?  ?   ?   -    ?
penet.fi  --     St     ?/?    -    t?   24  +  Pr  H   -    -
pmantis   ++     ?      ?/?    -    ?    -   -  ?   ?   -    -
qwerty    +      C     SM/MQ   -    -    -   -  PA  M   23a  +
rosebud   ++/-   ?      ?/?    -    -    -   ?  ?   ?   23a  ?
remba       ?    ?      ?/?    ?    ?    ?   ?  ?   ?   23a  ?
shell     ++/+/- St     ?/?    -    ?    ?   ?  ?   ?   23a  -
soda      ++/-   St+?   ?/?    -    ?    ?   ?  ?   ?   -

Subj: Strips Subject header?
NL: Non-linear remailing? 123->231.
RD: Random delay added (max, in hours)?
Batch: Batched remailing? t2 means twice daily. n5 means after 5 messages.
CPU: Pr = private. PA = account on public access machine. Un = university.
Phys: Physical security of the CPU, especially at night. H/M/L.
BitB: BitBucket feature?

Fast?:
++ <5 min
+   5-10 min.
-  ~10-30 min delay
--  Pinging isn't practical due to long delays, but may be more secure.
+/- Sometimes +, sometimes -
Normal internet mail delays are common, and are not equivalent in the two
directions between any two remailers. Mail still gets through.

OpLog:
F: Full copies of all mail is archived. My large volume mailing should
   help put a stop to this.
St: Stats logs of when mail was remailed.
St+: Stats logs of when and where mail was remailed.
St-: Simple counter.
N: Operator keeps no logs.

SysLog:
SM: sendmail logs of when and where mail was exchanged. Root access.
MQ: mailqueue accessible by anyone on the site. Could make logs.

bsu-cs    nowhere at bsu-cs.bsu.edu
catalyst  catalyst at netcom.com
chaos     remailer at chaos.bsu.edu
cicada    hh at cicada.berkeley.edu
dis.org   remailer at dis.org
extropia  remail at extropia.wimsey.com
jarthur   ebrandt at jarthur.claremont.edu
menudo    nobody at Menudo.UH.EDU
merde     remailer at merde.dis.org
penet.fi  anon.penet.fi
pmantis   hh at pmantis.berkeley.edu
qwerty    qwerty at netcom.com
rosebud   elee7h5 at rosebud.ee.uh.edu
shell     hfinney at shell.portal.com
soda      hh at soda.berkeley.edu

Discontinued remailers still on some lists out there:

phantom at mead.u.washington.edu
remail at tamaix.tamu.edu
sameer at netcom.com (spelling?)
sameer at berkeley.edu (spelling?)
cdodhner at indirect.com
remailer at entropy.linet.org??
00x at uclink.berkeley.edu?
remail at tamaix.tamu.edu?
remailer at entropy.linet.org?

Background on each remailer:

bsu-cs:
Run by Chael Hall.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security: ??
Comments:
History: ??

catalyst:
Run by Scott Collins.
Machine: personal dial-up account on Netcom.
Problems policy: Outgoing address blocking, with proof of ID.
         Contact catalyst at netcom.com.
Software: Customized Hal's ?
Security: Netcom keeps sendmail logs, which root at netcom.com can read.
          Any Netcom user could also compile his own sendmail logs, by
          constantly logging mail as it arrives and leaves.
Comments:
History: ??

chaos:
Run by ??
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security:
Comments: Finger remailer.help at chaos.bsu.edu for info using any remailer. ??
          gopher chaos.bsu.edu for a collection of info about Cypherpunks.
Comments:
History: ??

cicada:
Run by Eric Hollander.
Machine: ???
Problems policy: ?? Contact ??
Software: ??
Security: Tread lightly. Being "phased out".

dis.org:
Run by ??
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security: ??
Comments:
History: ??

extropia:
Run by ??
Machine: ??
Problems policy: ??  Contact ??
Software: ??
Security: ??
Comments: Only accepts PGP remailing. ::/Encrypted:PGP header is optional.
          Privately owned, in Canada.
History: ??

jarthur:
Run by Eli Brandt.
Machine: Sequent Symmetry.
Problems policy: Destination blocking is available w/ sufficient ID.
                 Contact ebrandt at jarthur.claremont.edu.
Software: the usual, tweaked for MMDF. Hal's?
Security: jarthur keeps sendmail logs.
Comments:
History: Set up late '92.  PGP added mid-'93.

menudo:
Run by ??
Maching: ??
Problems policy: ?? Contact ??
Software: ??
Security: Stores messages and sends them at midnight??
Comments:
History: ??

merde:
Run by ??
Maching: ??
Problems policy: ?? Contact ??
Software: ??
Security: ??
Comments:
History: ??

penet.fi:
Run by Julf (last name?)
Machine: ?? Operator owned.
Problems policy: Account revokation. Contact ??@anon.penet.fi.
Software: custom.
Security:
Comments: By far the most popular remailer, dwarfing in a day what the
          entire Cypherpunk remailers combined carry in a month. Supports
          easy return addresses as well as non-anonymous mailing to
          someone's anonymous address (na1234... instead of an1234...).
          Your real address is kept on Julf's hard disk, but is fairly safe
          there, especially if you do not abuse your anonymity to harass
          someone. On a bad day your mail and especially Usenet posts may
          be delayed up to two days. Very reliable though. Sends error
          messages back to you for failed mail. Limited to 48K mail.
History: ??

pmantis:
Run by Eric Hollander.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security: Tread lightly. Being "phased out".
Comments:
History: ??

qwerty:
Run by Xenon.
Machine: dial-up account on Netcom.
Problems policy: "What problems?". Contact qwerty at netcom.com.
Software: Hal's remailer.
Security: Netcom keeps sendmail logs, which root at netcom.com can read.
          Any Netcom user could also compile his own sendmail logs, by
          constantly logging mil as it arrives and leaves.
Comments: You must use na1234 at anon.penet.fi not an1234 at anon.penet.fi.
          Finger qwerty at netcom.com for a blurb on the remailer and updates
          on its software.
          Request-Remailing-To: /dev/null is a bit bucket.
          whitehouse.gov gets blocked and fully logged.
History: Up 2/94. Set up by Xenon who needed more remailers to use to send
         PGP info to people with, since anon.penet.fi was overloaded.

rembe:
Run by ?
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security: ??
Comments: ??
History: ??

rosebud:
Run by Karl Barrus.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security: ??
Comments:
History: ??

shell:
Run by Hal Finney.
Machine: ??
Problems policy: ?? Contact ??
Software: Hal's Remailer.
Security: ??
Comments: whitehouse.gov blocked and fully logged.
          hal at alumni.caltech.edu forwards all mail to shell.
History: ??

soda:
Run by Eric Hollander.
Run by: ??
Machine: ??
Problems policy: ?? Blocking of addresses. Mail sent to problem causer.
                 Contact ??
Software: custom. ??
Security: ??
Comments:
History: ??

Remailer Public Keys:
(I've got these...)





From jkreznar at ininx.com  Fri Feb  4 00:44:53 1994
From: jkreznar at ininx.com (John E. Kreznar)
Date: Fri, 4 Feb 94 00:44:53 PST
Subject: New remailer up
In-Reply-To: <199402030311.TAA14987@mail.netcom.com>
Message-ID: <9402040838.AA06813@ininx>


-----BEGIN PGP SIGNED MESSAGE-----

> Julf's anon.penet.fi remailer is serious; he's done a lot of work
> to get a private machine, payng for a reasonably expensive
> 64kbps line himself, and has it located somewhere that only 3 people know.

How can this be?  What about the people who operate his connection point
to the net?  Wouldn't they know where his machine is located?  What is
the physical embodiment of his 64kbps line?  Can't that line be traced
to its terminus?

	John E. Kreznar		| Relations among people to be by
	jkreznar at ininx.com	| mutual consent, or not at all.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVIJS8Dhz44ugybJAQHzdAP+JXuFhoq8mksb733rTgfLQJMVZrLzZsjI
qxRd+ijfS7EjqELajoNivY+gOjvjJ6V1LpXhTTnC+1Zkcaf6C7JK+qgLuH3GbrQp
XkWMeuoIxw3ThyVAYF6mFqPQ5ARAda+HckMeTRS/Cm3Nl2p6LK8s2c1lxbXWg/Dl
C5ZLsqF6dWY=
=UlVb
-----END PGP SIGNATURE-----





From mech at eff.org  Fri Feb  4 01:54:53 1994
From: mech at eff.org (Stanton McCandlish)
Date: Fri, 4 Feb 94 01:54:53 PST
Subject: info on local/regional groups & sublists
Message-ID: <199402040948.EAA19495@eff.org>


For my OUTPOSTS list/FAQ, if you have any (public) inforation about local
cypherpunks groups and sublists, like the Austin lists, or the UK branch,
please let me know via personal email. Need to put out a new version of
the FAQ soon, and am missing much info.  All I have so far is:

        Main general: hughes at soda.berkeley.edu
        Main subscribe requests: cypherpunks-request at toad.com
        Main FTP: soda.berkeley.edu, pub/cypherpunks
        Hardware general: jdblair at nextsrv.cas.muohio.edu
        Hardware requests: cp-hardware-request at nextsrv.cas.muohio.edu
        Wonks general: cypherwonks-owner at lassie.eunet.fi
        Wonks requests: majordomo at lists.eunet.fi (message body of:
                       subscribe cypherwonks [1st & last name] [address])
        Austin general: Jim McCoy <mccoy at bongo.cc.utexas.edu>
                        Doug Barnes <barnes at io.com>
        Austin req. austin-cypherpunks-request at bongo.cc.utexas.edu
                    austin-cypherpunks-announce-request at bongo.cc.utexas.edu
        Austin FTP: ftp.cc.utexas.edu, pub/cypherpunks

Any info on other CP groups, corrections to what little I have, pointers
to other CP file sites, gopher/WWW/Wais servers, etc. all appreciated.
Even some BBS number, snailmail addresses for any local groups that are
getting less virtually, more physically organized, etc.  That, and
relevant other lists (anything that might be consider "online activist" or
civil libertarian in nature) and resources.

Again, please send via email to mech at eff.org rather than on the list.

Muchas gracias in advance!

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From boone at psc.edu  Fri Feb  4 05:05:03 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Fri, 4 Feb 94 05:05:03 PST
Subject: ADMIN: list statistics
In-Reply-To: <9402032319.AA20066@ah.com>
Message-ID: <9402041301.AA04130@igi.psc.edu>



hughes at ah.com (Eric Hughes)  writes:
>
>    1 si		( ? Slovenia ? )  

   Yep, this is correct.

>    1 ee		?

   This is estonia.


 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From CCVARGA at delphi.com  Fri Feb  4 05:55:03 1994
From: CCVARGA at delphi.com (CCVARGA at delphi.com)
Date: Fri, 4 Feb 94 05:55:03 PST
Subject: CONTENT AND QUALITY NET DISCUSSION.
Message-ID: <01H8HCEZOUGI91W5VO@delphi.com>


GENTLEMEN,  MOST OF MEANINGFUL DISCUSSION ON THE NET HAVE BEEN BOTH
WELL THOUGHT AND INTELLECTUALLY "NON'TRIVIAL".  THE REMAILING OF 
MULTIPLE COPIES OF HIGH NOISE INFORMATION DRIBBLE WOULD CAUSE ME TO 
LOOK AT THE TRAFFIC ON THE NET AND AS : IS IT WORTH IT?
RIGHT NOW, THE NUMBER OF UNSUBSCRIBE MESSAGES LEADS ME TO BELIEVE 
THAT IT IS NOT.  IF THIS IS WHAT TOAD WANTS, SO BE IT. IF THERE IS 
AN INDIVIDUAL AMONG YOU THAT WOULD LIKE TO MAKE A CASE FOR 
CONTINUED SUBSCRIPTION, I WOULD REALLY APPRECIATE SERIOUS REPLY'S.
CCVARGA at DELPHI.COM





From jwc00 at cas.org  Fri Feb  4 06:15:06 1994
From: jwc00 at cas.org (Jim Cooper jwc00@cas.org; 614-447-3600 ext 3581)
Date: Fri, 4 Feb 94 06:15:06 PST
Subject: Subscribe
Message-ID: <9402040913.AA4494@cas.org>


Subscribe cypherpunks Jim Cooper





From davidm at smtplink.chey.com  Fri Feb  4 06:49:50 1994
From: davidm at smtplink.chey.com (David Michel)
Date: Fri, 4 Feb 94 06:49:50 PST
Subject: Prodigy Hard Drive Scans
Message-ID: <9402040948.A03416@smtplink.chey.com>


Prodigy durring installation sets up a temp/swap file on your hard disk.
Now this part is a funtion of DOS, 
Delete a file and all the data is there just the FAT entry is gone.
So what ever is on the disk at the location of the temp/swap file is 
what can be seen at the prodigy end.
davidm at chey.com






From dmandl at lehman.com  Fri Feb  4 06:50:04 1994
From: dmandl at lehman.com (David Mandl)
Date: Fri, 4 Feb 94 06:50:04 PST
Subject: CONTENT AND QUALITY NET DISCUSSION.
Message-ID: <9402041446.AA05230@disvnm2.lehman.com>


> From: CCVARGA at delphi.com
> 
> GENTLEMEN,  MOST OF MEANINGFUL DISCUSSION ON THE NET HAVE BEEN BOTH
> WELL THOUGHT AND INTELLECTUALLY "NON'TRIVIAL".  THE REMAILING OF 
> MULTIPLE COPIES OF HIGH NOISE INFORMATION DRIBBLE WOULD CAUSE ME TO 
> LOOK AT THE TRAFFIC ON THE NET AND AS : IS IT WORTH IT?
> RIGHT NOW, THE NUMBER OF UNSUBSCRIBE MESSAGES LEADS ME TO BELIEVE 
> THAT IT IS NOT.  IF THIS IS WHAT TOAD WANTS, SO BE IT. IF THERE IS 
> AN INDIVIDUAL AMONG YOU THAT WOULD LIKE TO MAKE A CASE FOR 
> CONTINUED SUBSCRIPTION, I WOULD REALLY APPRECIATE SERIOUS REPLY'S.
> CCVARGA at DELPHI.COM

So--another noisemaker complaining about noise on the list.  Why don't
you decide for yourself whether it's worth continuing your subscription?
Would you actually base your decision on the number of people who
tell you that it's worth continuing?  If you're new to the list, why
don't you stick around for a while and see what you think?  If not,
you're probably fully capable of deciding for yourself now whether this
is the place for you.

Related issue: The number of people unsubscribing because of excessive
noise who are so rude and clueless as to post their unsubscribe requests
to the entire list (thereby increasing noise) is really getting to me.
Almost no tangential or "off-topic" thread pollutes this list as much as
unsubscribe requests that everyone has to read.  The cypherpunks welcome
message clearly states that unsubscribe messages should be sent to
cypherpunks-request at toad.com.  Simple.  Again, the list administrator is
a human being, not a machine, so those requests may take a couple of days
to process.  Big deal.  Losing your patience and whining to the list is
as useful as pushing the elevator call button a hundred times, and has the
added disadvantage of getting hundreds of people really angry.  It also
makes you look like a clueless newbie.

I usually send these messages to individuals, not the whole list, but it
seems that there's been an increase in unsubs sent to all of us.

Again, folks, if you want to unsubscribe (which I'm not encouraging you
to do), it's

cypherpunks-request at toad.com

   --Dave.





From SERPE at morgan.com  Fri Feb  4 06:59:52 1994
From: SERPE at morgan.com (SERPE at morgan.com)
Date: Fri, 4 Feb 94 06:59:52 PST
Subject: unsubscribe
Message-ID: <94Feb4.095752est.41748@gateway.morgan.com>



please unsubscribe me.  Thanks and good luck!!





From sdw at meaddata.com  Fri Feb  4 07:09:50 1994
From: sdw at meaddata.com (Stephen Williams)
Date: Fri, 4 Feb 94 07:09:50 PST
Subject: New remailer up
In-Reply-To: <9402040838.AA06813@ininx>
Message-ID: <9402041508.AA18037@jungle.meaddata.com>


> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> > Julf's anon.penet.fi remailer is serious; he's done a lot of work
> > to get a private machine, payng for a reasonably expensive
> > 64kbps line himself, and has it located somewhere that only 3 people know.
> 
> How can this be?  What about the people who operate his connection point
> to the net?  Wouldn't they know where his machine is located?  What is
> the physical embodiment of his 64kbps line?  Can't that line be traced
> to its terminus?

That started me down an interesting line of thought...

You can get spread spectrum radio/data modems that do 256Kbits/sec
(Cylink) and can go up to 30 Miles.  It is unlicensed in the US
because it is limited to .8watts (I think).  I believe 10 miles is the
limit with an omnidirectional antenna.  Spread spectrum should be
pretty hard to triangulate on.  Remember that the technology came from
unjammable military radios.

I think you'd have to have a fairly sophisticated scanner to even pick
it up.

Using a creative arrangement, this could provide a good cover for
physical location.  (If you could get the server in the back of a city
bus or something...)

> 	John E. Kreznar		| Relations among people to be by
> 	jkreznar at ininx.com	| mutual consent, or not at all.

sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net sdw at meaddata.com
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together




From matthew at gandalf.rutgers.edu  Fri Feb  4 07:45:06 1994
From: matthew at gandalf.rutgers.edu (Matthew Bernardini)
Date: Fri, 4 Feb 94 07:45:06 PST
Subject: Running regularly
Message-ID: <CMM-RU.1.3.760376482.matthew@gandalf.rutgers.edu>


> > Before I start throwing out ideas that I'm sure aren't new to readers here,
> > I have a simple question that perhaps I should post to comp.unix.questions
> > or comp.lang.perl, but.... Can I, and how would I, get a perl script to
> > kick in and send out mail every few minutes when I am NOT logged in. Is this
> > possible on Netcom?
> 
> Most public Unix systems will not let you do this, in my experience.
> The two Unix commands which usually give you the ability to run programs
> at regular intervals are "at" and "crontab".  You can read the man pages
> and try running these to see if they are enabled for you.
> 
> I had an idea for how to get around this, so that people could run batching
> remailers which sent out mail, say, every 30 minutes or whatever.  (Unlike
> Xenon, I am of a generation which is accustomed to waiting more than a few
> seconds for mail to travel across the country!)  The idea was simply for
> someone who DID have an account which would let them use at or cron, to
> run a program which would simply send a "ding" message (not to be confused
> with a "ping" message :) at regular intervals to a list of subscribers.
> This message could have a special header field so that the remailer programs
> could easily recognize it and take whatever action they wanted, like running
> Karl Barrus' script to scan a directory for pending outgoing remailer mail
> and send it out.  (Karl has had batching running for months, as well as
> postage-stamp-based remailers (albeit with non-anonymous stamps).  He is
> way ahead of most of this discussion.)
> 
> Hal
> 
> 


Perhaps this is too rudimentary .....

Why not make two shell scripts, one that sleeps for so long (say 20 minutes)
using the unix sleep command, and then calls the remailer scripts in an
infinite while loop.  This would work if you set it up as a background
process,and you don't need to be root for it to work.  Only downsides are
that when the machine crashes you have to log back in and restart script,
your sleep command will always be in the top window if your sys-admin is
watching, and you have to be careful not to spawn to many processes and
bring the system down.

Matt





From mech at eff.org  Fri Feb  4 07:49:50 1994
From: mech at eff.org (Stanton McCandlish)
Date: Fri, 4 Feb 94 07:49:50 PST
Subject: White House crypto briefings: Clipper, FIPS, escrow agents, export
Message-ID: <199402041548.KAA22031@eff.org>


Briefings on Federal Encryption Policy/Telecommunications Security

Today (Feb 4), the Administration will hold 2 briefings about cryptography
and the Clipper chip.  The briefings will "report on a review of federal
policies and procedures for encryption and telecommunications
security-related products and technologies."

The first briefing, at 11am EST (i.e., in less that half an hour of this
posting), will update Congressional committee staff, and the second will
address concerns of industry reps, public interest groups, privacy
advocates and other non-government parties.  EFF will attend this second
meeting, at 1pm EST.

EFF will share what it learns about the results of either briefing
as soon as possible.  

An early "heads up" from the the Administration indicates that the main
subjects for the briefings will be:

        Administration will announce Clipper/Skipjack Federal Information
          Processing Standard (FIPS)
        Justice Dept. key escrow procedures to be announced
        Announcement of Treasury and NIST as Escrow Agents
        Decisions on encrytion products that fit under current export
          standards announced.

Other topics also likely to be addressed (unconfirmed):

        State Dept. will, surprisingly, streamline procedures for 
          export of Clipper
        Administration not going forward with DSS licensing agreement
          with PKP/RSADSI.

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From rondavis at datawatch.com  Fri Feb  4 08:15:07 1994
From: rondavis at datawatch.com (Ron Davis)
Date: Fri, 4 Feb 94 08:15:07 PST
Subject: d3des code question
Message-ID: <9402041113.aa05790@gateway.datawatch.com>


Has anyone had any experience using the DES code by Richard Outerbridge
that appears in the back of Applied Crypto, and is available via ftp from
ripem.msu.edu?  Specifically can someone send me an example of how to call
the functions?

Thanks.

___________________________________________________________________________
"I want to know God's thoughts...the rest are details."
                                           -- Albert Einstein
_________________________________________
Ron Davis                                  rondavis at datawatch.com       
Datawatch, Research Triangle Park, NC      (919)549-0711






From schneier at chinet.com  Fri Feb  4 08:45:09 1994
From: schneier at chinet.com (Bruce Schneier)
Date: Fri, 4 Feb 94 08:45:09 PST
Subject: Review of APPLIED CRYPTOGRAPHY in Cryptologia
Message-ID: <m0pSTHe-000BycC@chinet.chinet.com>



The following review of APPLIED CRYPTOGRAPHY appeared in the
January 1994 issue of Cryptologia (v. 18, n. 1).  Written by
Louis Kruh.

     The past twenty years have seen an explosive growth in
     public research into cryptology, accompanied by an
     unprecedented public awareness of matters cryptologic. 
     Programmers and engineers trying to benefit from the fruits
     of this research, to solve real-world problems, have often
     been stymied by not knowing where to start looking, let
     alone when to stop.  This book is for them.  Written as a
     "comprehensive reference work for modern cryptology" the
     book succeeds both as an encyclopedia survey of the past
     twenty hears of public research and as a hansom "how-to"
     cookbook of the state-of-the-art.  It could well have been
     subtitled "The Joy of Encrypting."

     The author's style is colloquial and informal, but never
     imprecise.  Theory takes a back seat to clarity and
     directness, without deliberate misrepresentation; unabashed
     informed opinion wins out over academic hesitations.  Since
     the work is a practical snapshot of the field, circa mid-to-
     late 1993, several of the book's recommendations may prove
     timely: new results seem to be reported monthly.  While his
     political axe is never concealed the book is written as a
     whetstone for others rather than a soapbox rant, and the
     focus is manifestly practical solutions and the tools with
     which to achieve them.

     After a forward from Whitfield Diffie the author explains
     foundations; examined protocols; discusses techniques;
     presents algorithms; explores the real world (including
     legal and political aspects); and finishes up by printing
     read-to-run C source code programs of several of the
     algorithms, including ENIGMA, DES and IDEA.  Reflecting the
     confused nature of the real world, a set of IBM PC disks
     containing the sources published in the book is available
     from the author--but only to residents of the USA and
     Canada.  Drawing on 908 references and the collected
     experience of contributors throughout the Internet and
     around the world, this book will be a useful addition to the
     library of any active or wouldbe security practitioner.

It's the first review of the book that has appeared in print, and
I am very pleased with it.  The book has turned out to fill two
very different niches.  One, it is the book that people are being
handed to read when they want to learn about the field.  Two, it
is the reference work that people are turning to first if they
want to find out about some aspect of cryptography.  The third
important niche, which the book does not fill, is that of a
textbook.  This field sorely needs a textbook.  Anyone
interested?

Bruce


From qwerty-remailer at netcom.com  Fri Feb  4 09:25:09 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Fri, 4 Feb 94 09:25:09 PST
Subject: New remailer up.
Message-ID: <199402041723.JAA29445@mail.netcom.com>



>Before I start throwing out ideas that I'm sure aren't new to readers here,
>I have a simple question that perhaps I should post to comp.unix.questions
>or comp.lang.perl, but.... Can I, and how would I, get a perl script to
>kick in and send out mail every few minutes when I am NOT logged in. Is this
>possible on Netcom?

Rather than try to run in some asynchronous mode as you suggest, why
not do the following when each message arrives:

   place message in your queue, designating random hold time

   foreach message in the queue that's been held long enough
         send random number (1<=n<=3) dummy messages
         send the queued message
         send random number (1<=n<=5) dummy messages

The whole thing remains data-driven while you're not logged in
and can be manually flushed if you are logged in.  So long as
there is a steady stream of traffic, messages won't get stalled
for long times.  You could even send some 'activation' messages
at controlled intervals from some comfortable site (where you can
use cron), routed via another remailer.

Just some ideas off the top of my head.





From richardr at netcom.com  Fri Feb  4 09:39:48 1994
From: richardr at netcom.com (Richard L. Robertson)
Date: Fri, 4 Feb 94 09:39:48 PST
Subject: Practical Pencil & Paper Encryption (computerizable)
Message-ID: <199402041738.JAA19453@mail.netcom.com>



Bruce Schneier   <schneier at chinet.chinet.com>

     in Message-ID: <CEtKr4.7B7 at chinet.chinet.com>
              Date: Wed, 13 Oct 1993 05:04:13 GMT
           Subject: Pencil and paper encryption algorithm

proposed a pencil-and-paper encryption algorithm that could be used
without computers, but was still secure against computer-aided
attacks.  

I answered with what I felt were several practical usage problems
with his proposed methodology that made it infeasible to reliably
encrypt and decrypt messages in a finite time.

During a much needed vacation from the practical realities of work
and life, I have attempted to come up with a simplified message
encryption algorithm that meets Bruce's criteria and is practical
in use.

I took as design constraints that an inexpensive (< $30) pocket
calculator was acceptable for performing any necessary
calculations, but that something as big and complex as an HP-48 or
an Apple Newton was unacceptable. I also changed the requirement
from "secure against computer-aided attacks" to "highly resistant
against computer aided attacks".

My first attempt used a simple, multiple memory, non-programmable
Radio Shack checkbook pocket calculator. While the methodology met
the "resistance" criterion, it failed the practical test of error-
free calculation in a finite time. It turned out to be possible to
get reliable encryption and decryption by applying the result
cross-checking techniques used in hand pencil-and-paper
calculation, however the time required for error-free encryption
was exorbitant.

By relaxing the design constraints to allow limited programmability
in the pocket calculator, I was able to adequately address the
problem of speed of error-free encryption calculations. 

The constraint that I adopted was that the calculator's program
steps must be simple and compact enough for the user to be able to
memorize and to be able to re-enter the program into the calculator
each time that it was used to encrypt or decrypt a message. I
believe that this satisfies the reasonable requirement that there
be no incriminating evidence left lying around in the calculator
between encryption sessions.

The following encryption procedure was tested using an $18 Radio
Shack Model EC-4021 programmable scientific calculator. The
algorithms were modified as necessary to conform to the practical
limitations of the calculator keypad and limited programming
capabilities.

With only moderate training time (a couple of hours) I was able to
reliably encrypt and decrypt messages at a rate of 8-10 characters
per minute. The primary speed limitation was the actual tran-
scription on the results by pencil onto paper.

I would appreciate any and all comments, criticisms, error corrections
and suggestions for improvements.


Richard Robertson           richardr at netcom.com

------------------------------------------------------------
            A "Pencil and Paper" Encryption Algorithm
                     for Pocket Calculators

              Copyright 1993   Richard L. Robertson

Contents

     A:   Encryption Confusion Generators
     B:   Substitution Cipher Technique
     C:   Transposition Cipher Technique
     D:   Encryption Key Management
     E:   Cryptographic Hardness
     F:   Message Encryption Example
     G:   Sample Message Key Generation



A:   Encryption Confusion Generators

The core confusion generator chosen is a variation on the non-
linear equation Logistic Difference Equation (LDE). This is
selected for its adequate PRNG properties and its simplicity of
calculation.

The standard basic LDE can be written as 

     X[n+1] = R * X[n] * (1 - X[n])
          where     R = 4, and
                    0 < X[n] < 1

While the output of the LDE has reasonable unpredictability, this
basic formulation has limited cryptographic usefulness, partly
because of limited sequence length and partly because the seed can
be derived with sufficient information about successive values,
even if "jitterized" (as described by Terry Ritter).

By revising the constraints slightly to

               3.99 < R < 4.0

the resulting output is "sub-chaotic" but still has very good PRNG
properties. Another advantage of using R < 4.0 is that rounding
errors in calculations do not cause any numerical values that
result in the PRNG sequence degenerating from calculation errors.
Extensive numerical trials on a 486 PC with 15-digit (decimal)
floating point calculations have not uncovered any values of R or
X[n] that result in short or degenerate PRNG sequences.

The average length of a pseudo-random sequence from a (modified)
LDE is a function of the number of digits of precision used in the
calculations. For 9-digit fractional numbers, the expected length
of a pseudo-random sequence is ~ 3 * 10^4 and there are ~ 3 * 10^4
independent sequences. The sequence length is adequate for pencil
and paper encryption since messages would rarely exceed 200
characters.

To develop a reasonably secure cryptographic methodology using the
modified LDE as the confusion generator, proceed as follows:

1 -  Select two non-linear (LDE) confusion generators

               G1 = R * X * (1 - X),  and
               G2 = R'* Y* (1 - Y)

               where R' = 0.999 * R (used because of limitations in
                                   the number of memory registers
                                   in the pocket calculator)

2 -  The cryptographic key (or seed) consists of the values

          R, X[0] and Y[0],  where

               0 < X[0]  < 1  is a 9-digit key
               0 < Y[0]  < 1  is a 9-digit key
               3.99 < R < 4.0 is a 7-digit key

     The total key length is 25 digits, giving a key space size of
     10^25.  The keys are short enough to be easily memorized.  (If
     you are not convinced of this assertion, consider how many
     phone numbers, PIN numbers, bank account numbers, etc that the
     average person routinely commits to memory)


3 -  Select a non-linear combiner for the output of two confusion
     generators.

          This is the first level of serious cryptographic
          strength.

     We will chose the function

          K = G1 <*> G2

          where <*> is the floating point multiplication operator
          with rounding (see Knuth, Seminumerical Algorithms for
          details).

               At little inspection will show that it is not possible to
     recover the values G1 and G2 from a given K because K is not
     uniquely factorable. The rounding performed during the
     multiplication discards information necessary for factoring.

     In fact, for any 0 < K < 1, *all* values of G1 > K are valid
     factors of K. Rephrased, for any K {0 < K < 1} and for any p
     {1 > p > K, there exists at least one q {1 > q > K} such that
     K = p <*> q.

          Note: Because of rounding, numbers of the form K =
          (1/b)^n (where b is the base) are the only
          exceptions to this statement. For K = (1/b)^n, q =
          1-(1/b)^n is not a factor of K. 

     Recovering a sequence of G1 and G2 values from a sequence of
     K values, and from that recovering the cryptographic keys R,
     X[0] and Y[0], requires solving a series of simultaneous non-
     linear high-order polynomial equations.  I am not aware of any
     practical way to do this in the literature.

     Brute force recovery of the sequence of n-digit G1 and G2
     values requires checking a minimum of 10^(n*3) n-tuples 
     {G1,G2,G'1,G'2,G''1,G''2} to determine which are possible
     solutions for the generator functions G1 and G2.

4 -  Choose a domain transformation from quasi-continuous floating
     point to the finite to select digits from K to use for data
     encryption.

          This is the second level of serious cryptographic
          strength.

     Choose any algorithm for selecting a cipher value K' of either
     1 or 2 digits from "around the middle" of the value K to use
     for performing the encryption. Because the confusion
     generators G1 and G2 are independent and have reasonably
     uniform digit distributions, the nonlinear combination K = G1
     <*> G2 also has a reasonably uniform digit distribution. 

     For any particular 1-digit value K', there are 10^8 possible
     values of K that could have generated it.  For any particular
     2-digit value K', there are 10^7 possible corresponding values
     for K.

5a - Use the sequence {K'} as the key for a Vigenere cipher

5b - Use the sequence {K'} to control a pseudo-random transposition
     cipher.

5c - Combine (5a) and (5b). Use (5a) to "bit-level" the message
     text, then use (5b) to superencipher the output of (5a).

          This would require two complete encryption steps and is
          probably too labor and time intensive to be worth while
          for pencil and paper encryption.

In summary, the steps for calculating the encryption sequence K'
are as follows:

               X [n+1] = R * X[n] * (1 - X[n])
               Y [n+1] = .999 * R * Y[n] * (1 - Y[n])

               K [n+1] = X[n+1] * Y[n+1]
               K'[n+1] = 1 or 2 low-order digits of int (10^5 * K[n+1])


B:   Substitution Cipher Technique

In this system, the key consists of a series {K'} of 2-digit values
that is as long as the message. These are added to the plaintext
message characters modulo 100, considered the alphabet as numbered
from Sp=00, A=01 to Z=26, etc. This is your basic Vigenere cipher
with the cipher key as long as the message.

Decryption performs the same series of steps on the ciphertext
message characters except that subtraction modulo 100 is used.

Given that the K' form an unpredictable sequence, this is
equivalent to a one-time pad Vernam cipher where the one-time pad
does not have to be transmitted to the receiver. The message
recipient can regenerate the series {K'} from knowledge of the
cipher key <R,X[0],Y[0]>. 

The only problems that need to be addressed are the resistance of
the sequence {K'} to computer-assisted attack and how to manage the
necessary set of secret keys {<R,X[0],Y[0]>}, since one key-tuple
is consumed by each message.


In summary, the steps for encrypting a message M are as follows:

        compute K[n] as described above
        C[n] = 2 low-order digits of int (10^5 * K[n]) + M[n]

        where  M[n] is the nth plaintext character, and
               C[n] is the nth ciphertext character


and the steps for decrypting a ciphertext C are as follows:

        compute K[n] as described above
        M[n] = 2 low-order digits of 
               int (100001 - (10^5 * K[n]) + C[n])

        where  M[n] is the nth plaintext character, and
               C[n] is the nth ciphertext character

C:             Transposition Cipher Technique

In this system, the key consists of a series {K'} of 1-digit values
that is longer than the message.

     1 -  Write down the plaintext message into blocks of length 10
          (because the calculator operates in decimal mode). Repeat
          the message at least once because the algorithm will
          encipher more characters than are in the message. The
          exact number of excess characters enciphered is random
          but bounded.

          If the message text is:
               "Now is the time for all good men to come to the
               aid of their party."

          then this is written in blocks of 10 as:

                       1234567890

                       |Now is the|
                       | time for |
                       |all good m|
                       |en to come|
                       | to the ai|
                       |d of their|
                       | party.Now|
                       | is the ti|
                       |me for all|

           Repeat the message text as required.

     2 -  Calculate the sequence of 1-digit numbers {K'}

     3 -  For each value K', select and output the next unused
          character in column K'. Mark the selected character as
          used.

     4 -  Repeat this process until all characters in the base
          message have been transmitted.


Decryption proceeds as follows:

     1 -  Calculate the sequence of 1-digit numbers {K'}

     2 -  Get the next ciphertext character and place it in the
          next available column K'

     3 -  Repeat this process for all ciphertext characters.

     4 -  The row in which that last character is placed is the
          last row of the message. Discard any rows following that
          row because they are just random padding added by the
          encryption algorithm.

Transposition ciphers are substantially harder to attack than
substitution ciphers and normally require a lot of hand work. 
Normally they are attacked by anagramming when there is some
knowledge of the expected message contents.

I would assert, based on a moderate literature search, that this
pseudo-random transposition has no known effective methods for
attack because there are no fixed column boundaries and character
positions are pseudo-random. 

If the cryptographic key <R,X[0],Y[0]> is changed with each message
there should be no way short of brute force anagramming or a brute
force key space search to break this cipher because the
cryptographic cipher values are never exposed for cryptanalysis.


D:   Key Management

     To make the subsitution cipher encryption useful the key must
     be changed with each message because it is a one-time pad
     method. The encryption method has already addressed and
     eliminated the need for the sender to transmit a copy of the
     OTP to the receiver by having the receiver independently
     recreated the OTP used to encrypt the message. 

     While having a separate, unique encryption key for each
     message is less important for the transposition cipher, it
     does strengthen the cipher against any attack if the key can
     be easily changed for each message.  

     In order to not have to transmit each key used to generate the
     OTP for each message to the receiver, a technique must be
     developed that provides a similar facility. If this can be
     accomplished, then the only secret that the sender and
     receiver must share is a single, small master key. Sharing a
     small amount of secret information is a fairly easy problem to
     solve in practice.

     Inspection of the method for generating the encryption
     confus*ion sequence shows a way to accomplish the desired key
     management. Consider the sequence of values {K[i]}.  It is
     obvious from the earlier discussion that there are only two
     ways to be able to predict subsequent values K[n+1] from the
     series of values {K[1] ... K[n]}:

       -  obtain the generating seeds for G1 and G2 by brute force
          examining sets of possible values {G1[i],G2[i]} obtained
          by factoring {K[i]}. This would require examining at
          least ~ 10^24 (2^80) possible sets {G1[i],G2[i]} and as
          such is not feasible with current computing technology.

       -  obtain the generating seeds for G1 and G2 by solving a
          set of simultaneous high-order nonlinear system of
          equations. This is an extremely hard problem that is not
          (as far as my literature search has taken me) amenable to
          solution at this time.

     In  order to make the problem slightly harder for the crypt-
     analyst, the key generation algorithm chosen will not use the
     sequence {K[i]} directly so as not to expose the actual values
     K[n], but will use K[n] as a starting point for another
     nonlinear combiner. Again, the algorithms have been adjusted
     to compensate for the limitations of the pocket calculator.

To generate a cryptographically (reasonably) secure sequence of
encryption keys using the modified LDE as the confusion generator,
proceed as follows:

1 -  Select two non-linear (LDE) confusion generators

               G1 = R * X * (1 - X),  and
               G2 = R'* Y* (1 - Y)

               where R' = 0.999 * R (used because of limitations in
                                   the number of memory registers
                                   in the pocket calculator)

2 -  The master cryptographic key (or seed) consists of the values

        R, X[0] and Y[0],  where

               0 < X[0] < 1   is a 9-digit key
               0 < Y[0] < 1   is a 9-digit key
               3.99 < R < 4.0 is a 7-digit key

     The total key length is 25 digits, giving a key space size of
     10^25.  The keys are short enough to be easily memorized.  (If
     you are not convinced of this assertion, consider how many
     phone numbers, PIN numbers, bank account numbers, etc that the
     average person routinely commits to memory)


3 -  Select a non-linear combiner for the output of two confusion
     generators.

          This is the first level of serious cryptographic
          strength.

     We will chose the function

          K = G1 <*> G2

          where <*> is the floating point multiplication operator
          with rounding (see Knuth, Seminumerical Algorithms for
          details).

4 -            To generate the Nth message key iterate the basic sequence
     generator N times. Then use the values K[N] ... to alter the
     generator parameters R, X and Y as follows:

               R <- 3.99 + (K[n]/100)
               X <- K'[n+1] where K'[i] <> K[i] because the
                              generating parameters are different
               Y <- K'[n+2]
               R <- 3,99 + (K'(n+3)/100)

5 -  The final resulting values <R,X,Y> become the cryptographic
     key for the Nth message being encrypted or decrypted and are
     used as described above for message encryption and decryption.
     Only the value N must be transmitted with the message, not the
     values of the message key <R,X,Y>, because the receiver can
     recreate the message key from N and the master key shared by
     the sender and receiver.

     The only additional requirement for security is that no key be
     reused. This is easy to implement by having the sender number
     the messages as they are encrypted. The receiver verifies that
     a message is valid by rejected any message where the message
     number N is less than the message number of the last message
     received. This will prevent replay attacks in the event that
     an opponent obtains a message key.

In summary, the steps for calculating the encryption key <R,X,Y>
for the Nth message are as follows:

          Repeat N times:
               X [i+1] = R * X[i] * (1 - X[i])
               Y [i+1] = .999 * R * Y[i] * (1 - Y[i])
               K [i+1] = X[i+1] * Y[i+1]
               {end repeat}

          R <- 3.99 + (K[N]/100)
             calculate K[N+1]
          X <- K'[N+1]
             calculate K'[N+2]
          Y <- K'[N+2]
             calculate K'[N+3]
          R <- 3.99 + (K'[N+3]/100)

     The message encryption key conists of the values <R,X,Y> at
     the conclusion of this calculation.


E:   Cryptographic Hardness

Key space searches:

     The key space size is ~ 10^25 (~ 2^80), which is too large for
     brute force search with currently available computing
     resources.
     Because the key values are random 9-digit numbers there is no
     possible dictionary attack.


Known Plaintext:

     A known plaintext attack will immediately give the cipher
     sequence {K'}. However, an absolute minimum of 3 sequential
     values of the sequence {K} are needed to derive the encryption
     key <R,X[0],Y[0]>. For the 2-digit sequence {K'} used in the
     substitution cipher, this requires checking the validity of
     the encryption keys derived from the (at least) 10^21 (2^70)
     possible triples {K1,K2,K3}. This is well beyond current
     computational capabilities.

     Since each key <R,X[0],Y[0]> is used only once, possession of
     the key for one message does not give the opponent any direct
     value in a known plaintext attack. To determine the key for
     subsequent messages, at least 3 successive keys must be
     accumulated in order for the cryptanalyst to attack the key
     management.

Chosen Plaintext:

     No advantage over known plaintext.

Key Management:

     Same problems (or worse) for the cryptanalyst as aKnown
     Plaintext attack.

Differential Cryptanalysis:

     I don't see that this is applicable because the key changes
     with each message.


F:   Message Encryption Example:

     Sample message to be enciphered

           "Now is the time for all good men to come to
           the aid of their party."

     Message buffer is padded with repeats of the message, but
     it would be better to pad with randomly chosen text.

     The encryption calculations were performed on a Radio Shack
     Model EC-4021 programmable scientific calculator.

           Image of Message Text Buffer

     =========================================
     : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 :
     =========================================
0    | N | O | W |   | I | S |   | T | H | E |
     +---+---+---+---+---+---+---+---+---+---+
1    |   | T | I | M | E |   | F | O | R |   |
     +---+---+---+---+---+---+---+---+---+---+
2    | A | L | L |   | G | O | O | D |   | M |
     +---+---+---+---+---+---+---+---+---+---+
3    | E | N |   | T | O |   | C | O | M | E |
     +---+---+---+---+---+---+---+---+---+---+
4    |   | T | O |   | T | H | E |   | A | I |
     +---+---+---+---+---+---+---+---+---+---+
5    | D |   | O | F |   | T | H | E | I | R |
     +---+---+---+---+---+---+---+---+---+---+
     |   | P | A | R | T | Y | . | N | O | W | <- Message ends at
     =========================================    this line
7    |   | I | S |   | T | H | E |   | T | I |
     +---+---+---+---+---+---+---+---+---+---+ Buffer is loaded with
8    | M | E |   | F | O | R |   | A | L | L | repeated copies of the
     +---+---+---+---+---+---+---+---+---+---+ message text
9    |   | G | O | O | D |   | M | E | N |   |
     +---+---+---+---+---+---+---+---+---+---+
10   | T | O |   | C | O | M | E |   | T | O |
     +---+---+---+---+---+---+---+---+---+---+
11   |   | T | H | E |   | A | I | D |   | O |
     +---+---+---+---+---+---+---+---+---+---+
12   | F |   | T | H | E | I | R |   | P | A |
     +---+---+---+---+---+---+---+---+---+---+
13   | R | T | Y | . | N | O | W |   | I | S |
     +---+---+---+---+---+---+---+---+---+---+
14   |   | T | H | E |   | T | I | M | E |   |
     +---+---+---+---+---+---+---+---+---+---+
15   | F | O | R |   | A | L | L |   | G | O |
     +---+---+---+---+---+---+---+---+---+---+
16   | O | D |   | M | E | N |   | T | O |   |
     +---+---+---+---+---+---+---+---+---+---+
17   | C | O | M | E |   | T | O |   | T | H |
     +---+---+---+---+---+---+---+---+---+---+
18   | E |   | A | I | D |   | O | F |   | T |
     +---+---+---+---+---+---+---+---+---+---+
19   | H | E | I | R |   | P | A | R | T | Y |
     +---+---+---+---+---+---+---+---+---+---+

============================================================

     Substitution Encipherment of Sample Text

     The Message Encryption Key 

            X[0] = 0.123456789     register K1
            R    = 3.995678901     register K2
            Y[0] = 0.234567891     register M

            Calculator set to No Rounding (2nd Fn - Tab - .)
                       ie, show all decimal digits

     Substitution Cipher Character Translation Table

            Sp 00   J  10     T  20
            A  01   K  11     U  21
            B  02   L  12     V  22
            C  03   M  13     W  23
            D  04   N  14     X  24
            E  05   O  15     Y  25
            F  06   P  16     Z  26
            G  07   Q  17     .  27
            H  08   R  18
            I  09   S  19      


      Plain Text converted to decimal representation

     =========================================
     : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 :
     =========================================
0    | 14| 15| 23| 00| 09| 19| 00| 20| 08| 05|
     +---+---+---+---+---+---+---+---+---+---+
1    | 00| 20| 09| 13| 05| 00| 06| 15| 18| 00|
     +---+---+---+---+---+---+---+---+---+---+
2    | 01| 12| 12| 00| 07| 15| 15| 04| 00| 13|
     +---+---+---+---+---+---+---+---+---+---+
3    | 05| 14| 00| 20| 15| 00| 03| 15| 13| 05|
     +---+---+---+---+---+---+---+---+---+---+
4    | 00| 20| 15| 00| 20| 08| 05| 00| 01| 09|
     +---+---+---+---+---+---+---+---+---+---+
5    | 04| 00| 15| 06| 00| 20| 08| 05| 09| 18|
     +---+---+---+---+---+---+---+---+---+---+
6    | 00| 16| 01| 18| 20| 25| 27| * |         <-  * := EOM
     +---+---+---+---+---+---+---+---+


     Cipher Text in decimal representation

     =========================================
     : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 :
     =========================================
0    | 03| 96| 69| 02| 83| 49| 28| 31| 22| 13|
     +---+---+---+---+---+---+---+---+---+---+
1    | 21| 63| 92| 03| 90| 45| 72| 08| 26| 34|
     +---+---+---+---+---+---+---+---+---+---+
2    | 15| 65| 62| 01| 34| 84| 50| 12| 62| 83|
     +---+---+---+---+---+---+---+---+---+---+
3    | 07| 41| 71| 33| 72| 64| 38| 96| 73| 25|
     +---+---+---+---+---+---+---+---+---+---+
4    | 16| 96| 06| 57| 93| 39| 8 | 47| 60| 96|
     +---+---+---+---+---+---+---+---+---+---+
5    | 29| 49| 88| 37| 39| 37| 61| 24| 68| 38|
     +---+---+---+---+---+---+---+---+---+---+
6    | 60| 90| 25| 96| 67| 84| 65| * |         <-  * := EOM
     +---+---+---+---+---+---+---+---+



============================================================


     Transposition Encrypted Message Text

     The Message Encryption Key 

          X[0] = 0.123456789       register K
          R    = 3.995678901       register K2
          Y[0] = 0.234567891       register M

          Set calculator rounding to 0 decimal digits
                  (2nd Fn - Tab - 0)

                  ie, show only integer portion of answer

            Encrypted message in blocks of 10 letters

                       |HO T NR IT||AM ES OWOT|
                       | FE D EMLD||IF LOG  M |
                       |HC ORN  AE||OIOTOE MEI|
                       |TFTN TA LO||TE APH. DR|
                       |OSC ITW IE||Y|*               <-* := EOM

     =========================================
     : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 :
     =========================================
0    | H | O |   | T |   | N | R |   | I | T |
     +---+---+---+---+---+---+---+---+---+---+
1    | A | M |   | E | S |   | O | W | O | T |
     +---+---+---+---+---+---+---+---+---+---+
2    |   | F | E |   | D |   | E | M | L | D |
     +---+---+---+---+---+---+---+---+---+---+
3    | I | F |   | L | O | G |   |   | M |   |
     +---+---+---+---+---+---+---+---+---+---+
4    | H | C |   | O | R | N |   |   | A | E |
     +---+---+---+---+---+---+---+---+---+---+
5    | O | I | O | T | O | E |   | M | E | I |
     +---+---+---+---+---+---+---+---+---+---+
6    | T | F | T | N |   | T | A |   | L | O |
     +---+---+---+---+---+---+---+---+---+---+
7    | T | E |   | A | P | H | . |   | D | R |
     +---+---+---+---+---+---+---+---+---+---+
8    | O | S | C |   | I | T | W |   | I | E |
     +---+---+---+---+---+---+---+---+---+---+
9    | Y | * |                                 <- * := EOM
     +---+---+
 

============================================================


            Decrypted Transposition Message

     =========================================
     : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 :
     =========================================
0    | N | O | W |   | I | S |   | T | H | E |
     +---+---+---+---+---+---+---+---+---+---+
1    |   | T | I | M | E |   | F | O | R |   |
     +---+---+---+---+---+---+---+---+---+---+
2    | A | L | L |   | G | O | O | D |   | M |
     +---+---+---+---+---+---+---+---+---+---+
3    | E | N |   | T | O |   | C | O | M | E |
     +---+---+---+---+---+---+---+---+---+---+
4    |   | T | O |   | T | H | E |   | A | I |
     +---+---+---+---+---+---+---+---+---+---+
5    | D |   | O | F |   | T | H | E | I | R |
     +---+---+---+---+---+---+---+---+---+---+
6    |   | P | A | R | T | Y*| . | N | O | W | * := Last char
     +---+---+---+---+---+---+---+---+---+---+                received
7    |   | I | S |   |           |   | T | I |
     +---+---+---+---+           +---+---+---+    all partially
8    | M | E |   | F |           | A | L |         filled rows 
     +---+---+   +---+           +---+---+         after the row 
9    |   |       | O |           | E |                           with the last
     +---+       +---+           +---+                           char received
10   | T |       | C |           |   |                           are discarded
     +---+       +---+           +---+
11   |   |                       | D |
     +---+                       +---+
12                               |   | 
                                 +---+

     The actual shape of any particular received message block will
     vary randomly with the key and the length of the message
     transmitted.  


============================================================



     Transposition column selection table

     The Message Encryption Key 

          X[0] = 0.123456789       register K1
          R    = 3.995678901       register K2
          Y[0] = 0.234567891       register M

          Set calculator rounding to 0 decimal digits
               (2nd Fn - Tab - 0)

               ie, show only integer portion of answer


     =========================================
     : 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 :
     =========================================
0    | 9 | 2 | 7 | 2 | 4 | 1 | 9 | 1 | 5 | 8 |
     +---+---+---+---+---+---+---+---+---+---+
1    | 1 | 4 | 4 | 1 | 6 | 6 | 6 | 3 | 8 | 4 |
     +---+---+---+---+---+---+---+---+---+---+
2    | 4 | 4 | 0 | 1 | 8 | 9 | 5 | 9 | 2 | 1 |
     +---+---+---+---+---+---+---+---+---+---+
3    | 3 | 7 | 1 | 3 | 7 | 5 | 6 | 1 | 1 | 0 |
     +---+---+---+---+---+---+---+---+---+---+
4    | 6 | 7 | 1 | 8 | 4 | 2 | 3 | 8 | 9 | 8 |
     +---+---+---+---+---+---+---+---+---+---+
5    | 5 | 9 | 3 | 2 | 9 | 7 | 4 | 0 | 0 | 0 |
     +---+---+---+---+---+---+---+---+---+---+
6    | 1 | 4 | 5 | 8 | 8 | 9 | 8 | 2 | 9 | 3 |
     +---+---+---+---+---+---+---+---+---+---+
7    | 6 | 8 | 5 | 3 | 2 | 7 | 7 | 8 | 8 | 0 |
     +---+---+---+---+---+---+---+---+---+---+
8    | 4 | 3 | 4 | 1 | 2 | 5 | 0 | 8 | 0 | 2 |
     +---+---+---+---+---+---+---+---+---+---+
9    | 6 | 7 | 2 | 1 | 1 | 2 | 6 | 4 | 1 | 3 |
     +---+---+---+---+---+---+---+---+---+---+
10   | 2 | 6 | 6 | 1 | 8 | 9 | 5 | 1 | 2 | 8 |
     +---+---+---+---+---+---+---+---+---+---+



G:   Sample Message Key Generation


     The Master Encryption Key 

            X[0] = 0.567890123     register K1
            R    = 3.998901234     register K2
            Y[0] = 0.345678912     register M

            Calculator set to No Rounding (2nd Fn - Tab - .)
                       ie, show all decimal digits

     Calculate the Message Encryption Key for the 5th message

         Repeat calculation of K[i] 5 times
                K[1] = 0.886684581
                K[2] = 0.025546435
                K[3] = 0.246545962
                K[4] = 0.268216342
                K[5] = 0.589846665

          R <- 3.99 + (K[5]/100) = 3.995898467
                K'[6] = 0.337260078
          X <- K'[6] = 0.337260078
                K'[7] = 0.83623299
          Y <- K'[7] = 0.83623299
                K'[8] = 0.208478335
          R <- 3.99 + (K'[8]/100) = 3.992084783

     The resulting Message Encryption Key for message #5 is:

          X[0] = 0.381353099       register K1
          R    = 3.992084783       register K2
          Y[0] = 0.546680583       register M





From sameer at soda.berkeley.edu  Fri Feb  4 09:45:09 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Fri, 4 Feb 94 09:45:09 PST
Subject: removing a key from the keyserver. (eeps)
Message-ID: <m0pSUV3-00011WC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

	I seem to have a bit of a problem--

	There's about 4 different public keys with my name on them,
and I only use of them these days. I don't have the secret keys for
the unused keys-- they've been retired to the great bit bit bucket in
the sky..
	Is there some way I can get these keys off the servers?


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVKIAni7eNFdXppdAQGhcwQAgzqGzRmirI/7hfkcZj1UzXdloM1PjWw1
M+GbREctd4pkUTTZNQQI15bOFf7OQRNvE3/Yi7HqlqNlEbXGjS/RYG262SX+zi+5
QLF8fs2kzQc5gH/CRQUHMhnr8tceokhFzTU1sF2yDRb/h+5hJbFG4cTYv+W0A0se
IDCzSfgBa00=
=UDOy
-----END PGP SIGNATURE-----




From blake.coverett at canrem.com  Fri Feb  4 09:55:09 1994
From: blake.coverett at canrem.com (Blake Coverett)
Date: Fri, 4 Feb 94 09:55:09 PST
Subject: San Jose BBS subject to M
In-Reply-To: <199402032112.NAA26624@jobe.shell.portal.com>
Message-ID: <60.2831.6525.0C1938ED@canrem.com>


> This is one of the best essays I've seen concerning the burning of the
> Constitution and Bill of Rights. Looking just at porno isn't the big
> picture. It's consensual crimes in general. Too bad most people only
> care about their corner of the room, cause the house is on fire and
> it'll get to their corner soon.

Hmm... wish I had the exact original handy to mis-quote,

They came for the drug dealers, 
    but I wasn't a drug dealer so I said nothing
They came for the pornographers,
    but I wasn't a pornographer so I said nothing
They came for the gamblers,
    but I wasn't a gambler so I said nothing
Then they came for me,
    but there was no one left to say a thing


-Blake (who is feeling very cynical about life in general)  
...
 * ATP/DJgcc 1.42 * blake.coverett at canrem.com, disclaimers? fooey!






From PURTEB at vaxc.hofstra.edu  Fri Feb  4 09:59:51 1994
From: PURTEB at vaxc.hofstra.edu (PURTEB at vaxc.hofstra.edu)
Date: Fri, 4 Feb 94 09:59:51 PST
Subject: Information
Message-ID: <01H8HL3EC4ZS94EJ83@vaxc.hofstra.edu>


To Whom It May Concern:

I'd like some information/literature on you cryptography software.  My 
friend, Brian, is the one who is actually interested, so please send
any info to:

                          BRIAN T.L. STRAUSS
                          357 Doris Avenue
                          Franklin Square, NY  11010

Or, if necessary, you may email any info to the vax account listed at
the bottom of this letter.

Thank you.

Theresa Barley


_______________________________________________________________________________
Theresa Barley                       
Hofstra University                      "Only visiting this planet."
Purchasing Department

purteb at vaxc.hofstra.edu





From wex at media.mit.edu  Fri Feb  4 10:29:52 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Fri, 4 Feb 94 10:29:52 PST
Subject: CERT advisory
Message-ID: <9402041825.AA27913@media.mit.edu>


[Some items of interest to C-punks include CERT's advocacy of stopping
cleartext transmission of password (no shit sherlock), and their proposed
solutions, including the use of one-time passwords which I had queried about
on this list a few months back.  Of course they don't mention any sort of
real encryption, let alone PGP.  How hard would it be to build in PGP
security to the transmission layer of something like FTP?  Seems like a
fairly simple problem, given that any site which supports anonymous FTP can
publish a public key.  Even if we assume that encryption would slow down the
file transmission too much, we could still use it for the
login/authentication part of the session...  --AW]

Begin forwarded message:

From: CERT Advisory <cert-advisory-request at cert.org>
Date: Thu, 3 Feb 94 21:14:40 EST
To: cert-advisory at cert.org
Subject: CERT Advisory - Ongoing Network Monitoring Attacks
Organization: Computer Emergency Response Team : 412-268-7090

=============================================================================
CA-94:01                         CERT Advisory
                               February 3, 1994
                      Ongoing Network Monitoring Attacks
-----------------------------------------------------------------------------
                                   

In the past week, CERT has observed a dramatic increase in reports of
intruders monitoring network traffic.  Systems of some service
providers have been compromised, and all systems that offer remote
access through rlogin, telnet, and FTP are at risk.  Intruders have
already captured access information for tens of thousands of systems
across the Internet.

The current attacks involve a network monitoring tool that uses the
promiscuous mode of a specific network interface, /dev/nit, to capture
host and user authentication information on all newly opened FTP,
telnet, and rlogin sessions.

In the short-term, CERT recommends that all users on sites that offer
remote access change passwords on any network-accessed account. In
addition, all sites having systems that support the /dev/nit interface
should disable this feature if it is not used and attempt to prevent
unauthorized access if the feature is necessary. A procedure for
accomplishing this is described in Section III.B.2 below.  Systems
known to support the interface are SunOS 4.x (Sun3 and Sun4
architectures) and Solbourne systems; there may be others. Sun Solaris
systems do not support the /dev/nit interface. If you have a system
other than Sun or Solbourne, contact your vendor to find if this
interface is supported.

While the current attack is specific to /dev/nit, the short-term
workaround does not constitute a solution.  The best long-term
solution currently available for this attack is to reduce or eliminate
the transmission of reusable passwords in clear-text over the network.


-----------------------------------------------------------------------------

I.   Description

     Root-compromised systems that support a promiscuous network
     interface are being used by intruders to collect host and user
     authentication information visible on the network.

     The intruders first penetrate a system and gain root access
     through an unpatched vulnerability (solutions and workarounds for
     these vulnerabilities have been described in previous CERT
     advisories, which are available anonymous FTP from
     info.cert.org).  


     The intruders then run a network monitoring tool that captures up
     to the first 128 keystrokes of all newly opened FTP, telnet, and
     rlogin sessions visible within the compromised system's domain.
     These keystrokes usually contain host, account, and password
     information for user accounts on other systems; the intruders log
     these for later retrieval.  The intruders typically install
     Trojan horse programs to support subsequent access to the
     compromised system and to hide their network monitoring process.

II.  Impact

     All connected network sites that use the network to access remote
     systems are at risk from this attack.
     

     All user account and password information derived from FTP,
     telnet, and rlogin sessions and passing through the same network
     as the compromised host could be disclosed.


III. Approach

     There are three steps in CERT's recommended approach to the
     problem:

     - Detect if the network monitoring tool is running on any of your
       hosts that support a promiscuous network interface.

     - Protect against this attack either by disabling the network
       interface for those systems that do not use this feature or by
       attempting to prevent unauthorized use of the feature on systems
       where this interface is necessary.

     - Scope the extent of the attack and recover in the event that
       the network monitoring tool is discovered.


     A.  Detection

         The network monitoring tool can be run under a variety of
         process names and log to a variety of filenames.  Thus, the
         best method for detecting the tool is to look for 1) Trojan
         horse programs commonly used in conjunction with this attack,
         2) any suspect processes running on the system, and 3) the
         unauthorized use of /dev/nit.

         1) Trojan horse programs: 


         The intruders have been found to replace one or more of the
         following programs with a Trojan horse version in conjunction
         with this attack:

           /usr/etc/in.telnetd 

           and /bin/login -  Used to provide back-door access for the
                             intruders to retrieve information
           /bin/ps  - Used to disguise the network monitoring process
           

         Because the intruders install Trojan horse variations of
         standard UNIX commands, CERT recommends not using other
         commands such as the standard UNIX sum(1) or cmp(1) commands
         to locate the Trojan horse programs on the system until these
         programs can be restored from distribution media, run from
         read-only media (such as a mounted CD-ROM), or verified using
         cryptographic checksum information.
         

         In addition to the possibility of having the checksum
         programs replaced by the intruders, the Trojan horse programs
         mentioned above may have been engineered to produce the same
         standard checksum and timestamp as the legitimate version.
         Because of this, the standard UNIX sum(1) command and the
         timestamps associated with the programs are not sufficient to
         determine whether the programs have been replaced.

         CERT recommends that you use both the /usr/5bin/sum and
         /bin/sum commands to compare against the distribution media
         and assure that the programs have not been replaced.  The use
         of cmp(1), MD5, Tripwire (only if the baseline checksums were
         created on a distribution system), and other cryptographic
         checksum tools are also sufficient to detect these Trojan
         horse programs, provided these programs were not available
         for modification by the intruder.  If the distribution is
         available on CD-ROM or other read-only device, it may be
         possible to compare against these volumes or run programs off
         these media.

         2) Suspect processes: 


         Although the name of the network monitoring tool can vary
         from attack to attack, it is possible to detect a suspect
         process running as root using ps(1) or other process-listing
         commands.  Until the ps(1) command has been verified against
         distribution media, it should not be relied upon--a Trojan
         horse version is being used by the intruders to hide the
         monitoring process.  Some process names that have been
         observed are sendmail, es, and in.netd.  The arguments to the
         process also provide an indication of where the log file is
         located.  If the "-F" flag is set on the process, the
         filename following indicates the location of the log file
         used for the collection of authentication information for
         later retrieval by the intruders.

         3) Unauthorized use of /dev/nit:

         If the network monitoring tool is currently running on your
         system, it is possible to detect this by checking for
         unauthorized use of the /dev/nit interface.  CERT has created
         a minimal tool for this purpose.  The source code for this
         tool is available via anonymous FTP on info.cert.org in the
         /pub/tools/cpm directory or on ftp.uu.net in the 

         /pub/security/cpm directory as cpm.1.0.tar.Z.  The checksum
         information is:

         Filename                Standard UNIX Sum         System V Sum
        --------------           -----------------         ------------
         cpm.1.0.tar.Z:               11097 6                 24453 12 


         MD5 Checksum
         MD5 (cpm.1.0.tar.Z) = e29d43f3a86e647f7ff2aa453329a155

         This archive contains a readme file, also included as
         Appendix C of this advisory, containing instructions on
         installing and using this detection tool.

     B.  Prevention

         There are two actions that are effective in preventing this
         attack.  A long-term solution requires eliminating
         transmission of clear-text passwords on the network.  For
         this specific attack, however, a short-term workaround
         exists.  Both of these are described below.

         1) Long-term prevention:

         CERT recognizes that the only effective long-term solution to
         prevent these attacks is by not transmitting reusable
         clear-text passwords on the network.  CERT has collected some
         information on relevant technologies.  This information is
         included as Appendix B in this advisory.  Note: These
         solutions will not protect against transient or remote access
         transmission of clear-text passwords through the network.

         Until everyone connected to your network is using the above
         technologies, your policy should allow only authorized users
         and programs access to promiscuous network interfaces.  The
         tool described in Section III.A.3 above may be helpful in
         verifying this restricted access.

         2) Short-term workaround:

         Regardless of whether the network monitoring software is
         detected on your system, CERT recommends that ALL SITES take
         action to prevent unauthorized network monitoring on their
         systems. You can do this either by removing the interface, if
         it is not used on the system or by attempting to prevent the
         misuse of this interface.

         For systems other than Sun and Solbourne, contact your vendor
         to find out if promiscuous mode network access is supported
         and, if so, what is the recommended method to disable or
         monitor this feature.

         For SunOS 4.x and Solbourne systems, the promiscuous
         interface to the network can be eliminated by removing the
         /dev/nit capability from the kernel.  The procedure for doing
         so is outlined below (see your system manuals for more
         details).  Once the procedure is complete, you may remove the
         device file /dev/nit since it is no longer functional.

         Procedure for removing /dev/nit from the kernel:

         1. Become root on the system. 


         2. Apply "method 1" as outlined in the System and Network
         Administration manual, in the section, "Sun System
         Administration Procedures," Chapter 9, "Reconfiguring the
         System Kernel."  Excerpts from the method are reproduced
         below:

         # cd /usr/kvm/sys/sun[3,3x,4,4c]/conf
         # cp CONFIG_FILE SYS_NAME  


         [Note that at this step, you should replace the CONFIG_FILE
         with your system specific configuration file if one exists.]

         # chmod +w SYS_NAME
         # vi SYS_NAME

            #
            # The following are for streams NIT support.  NIT is used by
            # etherfind, traffic, rarpd, and ndbootd.  As a rule of thumb,
            # NIT is almost always needed on a server and almost never
            # needed on a diskless client.
            #
            pseudo-device   snit            # streams NIT
            pseudo-device   pf              # packet filter
            pseudo-device   nbuf            # NIT buffering module
         

         [Comment out the preceding three lines; save and exit the
         editor before proceeding.]

         # config SYS_NAME
         # cd ../SYS_NAME
         # make

         # mv /vmunix /vmunix.old
         # cp vmunix /vmunix

         # /etc/halt
         > b

         [This step will reboot the system with the new kernel.]

         [NOTE that even after the new kernel is installed, you need
         to take care to ensure that the previous vmunix.old , or
         other kernel, is not used to reboot the system.]


     C.  Scope and recovery

         If you detect the network monitoring software at your site,
         CERT recommends following three steps to successfully
         determine the scope of the problem and to recover from this
         attack.

         1. Restore the system that was subjected to the network
         monitoring software.

         The systems on which the network monitoring and/or Trojan
         horse programs are found have been compromised at the root
         level; your system configuration may have been altered.  See
         Appendix A of this advisory for help with recovery.

         2. Consider changing router, server, and privileged account
         passwords due to the wide-spread nature of these attacks.
         

         Since this threat involves monitoring remote connections,
         take care to change these passwords using some mechanism
         other than remote telnet, rlogin, or FTP access.

         3. Urge users to change passwords on local and remote
         accounts.

         Users who access accounts using telnet, rlogin, or FTP either
         to or from systems within the compromised domain should
         change their passwords after the intruder's network monitor
         has been disabled.
         

         4. Notify remote sites connected from or through the local
         domain of the network compromise.

         Encourage the remote sites to check their systems for
         unauthorized activity.  Be aware that if your site routes
         network traffic between external domains, both of these
         domains may have been compromised by the network monitoring
         software.


---------------------------------------------------------------------------
The CERT Coordination Center thanks the members of the FIRST community
as well as the many technical experts around the Internet who
participated in creating this advisory.  Special thanks to Eugene
Spafford of Purdue University for his contributions.
---------------------------------------------------------------------------

 If you believe that your system has been compromised, contact the CERT
 Coordination Center or your representative in Forum of Incident
 Response and Security Teams (FIRST).

 Internet E-mail: cert at cert.org
 Telephone: 412-268-7090 (24-hour hotline)
            CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
            and are on call for emergencies during other hours.

 CERT Coordination Center
 Software Engineering Institute
 Carnegie Mellon University
 Pittsburgh, PA 15213-3890

 Past advisories, information about FIRST representatives, and other
 information related to computer security are available for anonymous 

 FTP from info.cert.org.

 ---------------------------------------------------------------------------
 Appendix A:  

                    RECOVERING FROM A UNIX ROOT COMPROMISE

A.   Immediate recovery technique

        1) Disconnect from the network or operate the system in
           single- user mode during the recovery.  This will keep users
           and intruders from accessing the system.

        2) Verify system binaries and configuration files against the
           vendor's media (do not rely on timestamp information to
           provide an indication of modification).  Do not trust any
           verification tool such as cmp(1) located on the compromised
           system as it, too, may have been modified by the intruder.
           In addition, do not trust the results of the standard UNIX
           sum(1) program as we have seen intruders modify system
           files in such a way that the checksums remain the same.
           Replace any modified files from the vendor's media, not
           from backups.

                                -- or --

           Reload your system from the vendor's media.

        3) Search the system for new or modified setuid root files.

                find / -user root -perm -4000 -print

           If you are using NFS or AFS file systems, use ncheck to
           search the local file systems.

                ncheck -s /dev/sd0a

        4) Change the password on all accounts.

        5) Don't trust your backups for reloading any file used by
           root.  You do not want to re-introduce files altered by an
           intruder.


B.   Improving the security of your system

        1) CERT Security Checklist
           Using the checklist will help you identify security
           weaknesses or modifications to your systems.  The CERT
           Security Checklist is based on information gained from
           computer security incidents reported to CERT. It is
           available via anonymous FTP from info.cert.org in the file
           pub/tech_tips/security_info.
        

        2) Security Tools
           Use security tools such as COPS and Tripwire to check for
           security configuration weaknesses and for modifications
           made by intruders.  We suggest storing these security
           tools, their configuration files, and databases offline or
           encrypted.  TCP daemon wrapper programs provide additional
           logging and access control.  These tools are available via
           anonymous FTP from info.cert.org in the pub/tools
           directory.

        3) CERT Advisories
           Review past CERT advisories (both vendor-specific and
           generic) and install all appropriate patches or workarounds
           as described in the advisories.  CERT advisories and other
           security-related information are available via anonymous
           FTP from info.cert.org in the pub/cert_advisories
           directory.

           To join the CERT Advisory mailing list, send a request to:

                        cert-advisory-request at cert.org

           Please include contact information, including a telephone number.

        


CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Copyright (c) Carnegie Mellon University 1994




---------------------------------------------------------------------------
Appendix B:  

                         ONE-TIME PASSWORDS

Given today's networked environments, CERT recommends that sites
concerned about the security and integrity of their systems and
networks consider moving away from standard, reusable passwords. CERT
has seen many incidents involving Trojan network programs (e.g.,
telnet and rlogin) and network packet sniffing programs.  These
programs capture clear-text hostname, account name, password triplets.
Intruders can use the captured information for subsequent access to
those hosts and accounts.  This is possible because 1) the password is
used over and over (hence the term "reusable"), and 2) the password
passes across the network in clear text.

Several authentication techniques have been developed that address
this problem. Among these techniques are challenge-response
technologies that provide passwords that are only used once (commonly
called one-time passwords). This document provides a list of sources
for products that provide this capability. The decision to use a
product is the responsibility of each organization, and each
organization should perform its own evaluation and selection.

I.  Public Domain packages

S/KEY(TM)
        The S/KEY package is publicly available (no fee) via
        anonymous FTP from:

                thumper.bellcore.com            /pub/nmh directory

        There are three subdirectories:

                skey            UNIX code and documents on S/KEY.
                                Includes the change needed to login,
                                and stand-alone commands (such as "key"),
                                that computes the one-time password for
                                the user, given the secret password and
                                the S/KEY command.

                dos             DOS or DOS/WINDOWS S/KEY programs.  Includes
                                DOS version of "key" and "termkey" which is
                                a TSR program.
                

                mac             One-time password calculation utility for 

                                the Mac.


II.  Commercial Products

Secure Net Key (SNK)                            (Do-it-yourself project)
        Digital Pathways, Inc.
        201 Ravendale Dr.
        Mountainview, Ca. 94043-5216
        USA
        Phone: 415-964-0707 

        Fax: (415) 961-7487

                Products:
                        handheld authentication calculators  (SNK004)
                        serial line auth interruptors (guardian)

        Note: Secure Net Key (SNK) is des-based, and therefore restricted
        from US export.

Secure ID                                       (complete turnkey systems)
        Security Dynamics
        One Alewife Center
        Cambridge, MA   02140-2312
        USA
        Phone: 617-547-7820
        Fax: (617) 354-8836

                 Products:
                        SecurID changing number authentication card
                        ACE server software

        SecureID is time-synchronized using a 'proprietary' number 

        generation algorithm

WatchWord and WatchWord II
        Racal-Guardata 

        480 Spring Park Place
        Herndon, VA 22070
        703-471-0892
        1-800-521-6261 ext 217

                 Products:
                        Watchword authentication calculator
                        Encrypting modems

        Alpha-numeric keypad, digital signature capability

SafeWord 

        Enigma Logic, Inc. 

        2151 Salvio #301   

        Concord, CA 94520  

        510-827-5707
        Fax: (510)827-2593

                Products:
                        DES Silver card authentication calculator
                        SafeWord Multisync card authentication calculator

        Available for UNIX, VMS, MVS, MS-DOS, Tandum, Stratus, as well as
        other OS versions.  Supports one-time passwords and super
        smartcards from several vendors.





---------------------------------------------------------------------------
Appendix C:  

                         cpm 1.0 README FILE


       cpm -  check for network interfaces in promiscuous mode.

Copyright (c) Carnegie Mellon University 1994
Thursday Feb 3 1994

CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890


   This program is free software; you can distribute it and/or modify
   it as long as you retain the Carnegie Mellon copyright statement.

   It can be obtained via anonymous FTP from info.cert.org:pub/tools/cpm.tar.Z.

   This program is distributed WITHOUT ANY WARRANTY; without the IMPLIED
   WARRANTY of merchantability or fitness for a particular purpose.

   This package contains:
       README
       MANIFEST
       cpm.1
       cpm.c

   To create cpm under SunOS, type:
   % cc -Bstatic -o cpm cpm.c 


   On machines that support dynamic loading, such as Sun's, CERT recommends
   that programs be statically linked so that this feature is disabled.

   CERT recommends that after you install cpm in your favorite directory,
   you take measures to ensure the integrity of the program by noting
   the size and checksums of the source code and resulting binary.


   The following is an example of the output of cpm and its exit status.

   Running cpm on a machine where both the le0 and le2 interfaces are
   in promiscuous mode, under csh(1):

   % cpm
   le0
   le2
   % echo $status
   2
   %

   Running cpm on a machine where no interfaces are in promiscuous 

   mode, under csh(1):

   % cpm
   % echo $status
   0
   %








From edgar at spectrx.saigon.com  Fri Feb  4 10:35:10 1994
From: edgar at spectrx.saigon.com (Edgar W. Swank)
Date: Fri, 4 Feb 94 10:35:10 PST
Subject: Announcing SecureDrive 1.3A
Message-ID: <e2H9gc11w165w@spectrx.saigon.com>


-----BEGIN PGP SIGNED MESSAGE-----

This is to announce the availability of Version 1.3A of SecureDrive.

This is a maintenance release of SecureDrive 1.3.  It mainly fixes
reported problems and has minimal new function.  See file BUGS13.DOC.
The only visible functional change from 1.3 is the appearance of
msg

   Check bytes in Disk x: Boot Sector need updating from 1.3 to
   1.1/1.3A. Proceed?

which will be issued by both LOGIN and CRYPTDSK when they attempt to
verify a passphrase on a hard disk or diskette encrypted by version
1.3 CRYPTDSK operating in version 1.1 compatability mode.  This
corrects the error in computing the check bytes used to verify the
passphrase and updates the check bytes to the correct 1.1 value and
WRITES back the boot sector. Note that once this update has taken
place, this disk cannot be decrypted by release 1.3 anymore.

Releases 1.3 and 1.3A of Secure Drive are based on releases 1.0 and
1.1, mostly written by

  Mike Ingle <mikeingle at delphi.com>

and version 1.2, with significant new code by myself.

The code which we wrote is not copyrighted, but the program contains GNU
Copylefted code, and therefore may be freely distributed under the terms of
the GNU General Public Licence. See file COPYING for legalese.

Version 1.2 and 1.3 add significant new function.

As of Version 1.2, you may use an operand /PGP with LOGIN, either
by itself, or with other operands. By itself,

  LOGIN /PGP

will prompt for a passphrase and set the PGPPASS environment variable with
whatever is entered. If PGPPASS is already set then

  LOGIN D: /PGP

or

  LOGIN /F /PGP

will use whatever PGPPASS is set to as the passphrase. For the hard
disk partition, LOGIN will test the PGPPASS passphrase. If it is incorrect,
then it will prompt you for another passphrase.

If PGPPASS is NOT set when these forms of LOGIN are used, than a passphrase
is prompted for AND PGPPASS is set to this passphrase. This is more
secure than using the SET command since LOGIN only echoes "*"'s when
entering the passphrase.

As of Version 1.2, typing LOGIN /C /PGP will clear the SecureDrive crypto
keys from memory AND clear the PGPPASS environment variable. This is done
in a manner less likely to leave your passphrase in memory than just using
the DOS SET command.  In addition, Version 1.2 clears all the free memory
it can find, which is likely to include some plaintext.  However, if you
want to be absolutely sure all traces of sensitive data are erased from
memory then turning off the computer is still recommended.

As of version 1.2, if PGPPASS is set before you run CRYPTDSK, CRYPTDSK
will ask to use the value of PGPPASS for the passphrase before
prompting you (for encryption), or try PGPPASS (for decryption).
Obviously, if you encrypt or decrypt a lot of diskettes at once, this
feature can save you a lot of typing.

The purpose of these changes is to allow you to enter a single passphrase
only once per boot IF you choose to use the same passphrase for your PGP
secret key, your SecureDrive encrypted hard disk partition, and SecureDrive
encrypted floppies.

Version 1.3 supports up to four hard drive partitions in "safe" mode,
only one of which may be active at any given time.  One purpose of
having multiple encrypted hard disk partitions is so that up to four
users (perhaps members of a family) can each have their own encrypted
partition with its own unique passphrase.  This allows up to four
users to have privacy from each other, even if they all use the same
PC and physical hard disk(s).

Version 1.3 gives you a choice of whether to use the version 1.1
passphrase digest or to use the (faster but perhaps slightly less
secure) 1.0 version.  If you select 1.0 compatiblity, it's unnecessary
to decrypt and re-encrypt your 1.0-encrypted hard disk partition(s)
and floppies.

If you decide to switch to 1.1 passphrases, Version 1.3 CRYPTDSK will
allow you to convert in one pass with no plaintext stored on disk.

Version 1.3 includes the 1.2 changes for using PGPPASS. There are
additional ehhancements to allow you to use the hard disk passphrase
for the floppy disks without typing it in, even if PGPPASS is not set
or is something different.

Version 1.3 CRYPTDSK will operate on hard drives with SECTSR loaded.
It uses SECTSR to protect the disk during conversion and will leave an
encrypted disk partition in protected mode.

Mike Ingle and I have different opinions on the distribution of
SecureDrive.  Under the GNU General License (copyleft) I do not need
Mike's permission to distribute version 1.3 and I have not asked for
same.  My policy on distribution is in the version 1.3 doc:

    Exporting this program.  Cryptography is export controlled, and
    sending this program outside the country may be illegal.  Don't do
    it.

    The "author" of versions 1.2 and 1.3, Edgar Swank, says that the
    export ban should not prevent you from placing this program on
    public BBS's and anonymous FTP sites in the US and Canada.  If
    individuals outside the US/Canada use the internet or
    international long distance to obtain copies of the program, THEY
    may be breaking US law.

    Any such foreign individuals should be aware that US law
    enforcement may legally (under US law) apprehend individuals who
    break US laws even if such individuals are not on or even have
    never been on US soil.  Such apprehension may remove such
    individuals directly to US jurisdiction without benefit of
    extradition proceedings in such individuals' home country(ies).
    This has actually happened in at least two cases, Mexico --
    suspect in murder of US drug agent, Panama -- Noriega -- indicted
    in absencia for drug smuggling.  As is well known, after a small
    war with Panama, Noriega was brought to the USA, tried and
    convicted.  He is now a guest of the US Government in a Florida
    prison.

SecureDrive Version 1.3A is already available for download on the
following public BBS's as SECDR13A.ZIP:

  Eagle's Nest         (408)223-9821
  Flying Dutchman      (408)294-3065

Also I have a report (unverified so far) that Version 1.3 may now
be obtained from a mailserver. Send mail to

Server at Star.Hou.TX.US

with body text that looks like this

get /files/public/secdr13a.zip
quit

Please attempt to use the mailserver or the two BBS's above before
requesting a copy directly from me.

I will send a FEW more copies via E-mail to persons with a US/Canada
net address who request a copy AND promise to upload it to a
USA/Canada e-mail fileserver or anonymous FTP site.  (I don't have
access to FTP from my account here).

I will announce here as I learn of Version 1.3A availability via
additional automated e-mail or FTP sites.

Here is the contents of SECDR13A.ZIP:

 Length  Method   Size  Ratio   Date    Time    CRC-32  Attr  Name
 ------  ------   ----- -----   ----    ----   -------- ----  ----
  18321  DeflatX   6914  63%  06-14-93  22:27  0767480b --w-  COPYING
   1332  DeflatX    518  62%  01-30-94  09:30  bbb5655c --w-  MAKEFILE
   1632  DeflatX   1260  23%  12-04-93  00:43  980125ec --w-  KEY.ASC
  19664  DeflatX   4183  79%  11-19-93  21:42  22c2502c --w-  CRYPT2.ASM
   1355  DeflatX    629  54%  01-21-94  08:44  db63ade4 --w-  RLDBIOS.ASM
  24652  DeflatX   7740  69%  01-29-94  14:51  d0f5feaf --w-  SECTSR.ASM
   7507  DeflatX   2581  66%  12-29-93  21:15  ceda9b20 --w-  SETENV.ASM
     33  Stored      33   0%  07-16-93  06:09  aa6151a5 --w-  M.BAT
  16175  DeflatX   3949  76%  01-29-94  17:57  88215957 --w-  CRYPTDSK.C
  12260  DeflatX   3167  75%  01-29-94  18:27  7b10d96f --w-  LOGIN.C
  11557  DeflatX   3277  72%  05-09-93  19:38  e71f3eea --w-  MD5.C
  10860  DeflatX   2878  74%  01-29-94  18:07  3a9154c0 --w-  SDCOMMON.C
   1778  DeflatX   1160  35%  01-30-94  09:31  48688ff7 --w-  SECTSR.COM
   1152  DeflatX    586  50%  01-30-94  10:15  e44c593f --w-  BUGS13.DOC
  31425  DeflatX  10610  67%  01-30-94  09:59  235f457a --w-  SECDRV.DOC
  35024  DeflatX  16598  53%  01-30-94  09:31  99417b77 --w-  CRYPTDSK.EXE
  34072  DeflatX  16021  53%  01-30-94  09:31  26a2fb82 --w-  LOGIN.EXE
   3407  DeflatX   1097  68%  05-11-93  12:49  f1f58517 --w-  MD5.H
   3020  DeflatX    909  70%  01-24-94  03:32  8ee1c1f6 --w-  SECDRV.H
   1254  DeflatX    541  57%  05-09-93  19:39  182978aa --w-  USUALS.H
    152  Stored     152   0%  01-30-94  10:03  68a2560c --w-  SECTSR.SIG
    152  Stored     152   0%  01-30-94  10:04  a1d33655 --w-  LOGIN.SIG
    152  Stored     152   0%  01-30-94  10:04  845de45f --w-  CRYPTDSK.SIG
 ------          ------  ---                                  -------
 236936           85107  65%                                       23


Also note that the ZIP file contains PGP detached signatures (*.SIG)
for the executable files.  Finally here is my public key, also
available on many public keyservers; note who has signed it.

Type bits/keyID   Date       User ID
pub  1024/87C0C7 1992/10/17  Edgar W. Swank <edgar at spectrx.saigon.com>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCNAirfypkAAAEEAKe2jziPeFw6hY19clR2GtQ4gtGCSSVOTgPKEJzHfuC74Scf
9PEuu1kebLhHk43A9wo1vr52o4jpH/P/tnFmRtBQOMzLUzAt5rMucswtSVviMQS2
hBuc9yGJKWHVcyfA79EARKEYTdhx+2qKI+hFJcPE+rmD8wVoF94nNf3ah8DHAAUR
tClFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYWlnb24uY29tPokAlQIF
ECwAALo04ip/MkW/XQEBmNQD/0jUVqT0LMoVvw7Zz2FXyWrdBn6bRlyGxeqQWhig
DXRipZ824/fHbA2vkbAczEayw8ZpwRVmhWNsxxWhjYFIi92KYJbAP/XIbr+rEuTI
hPKKKKhuuGLUWhfXhCFluHjs3CA6ZQwnT4jnu1NlCkcnWLbL4ktqub2zLwrHCPUe
31L1iQCUAgUQK9Y50xgzoWUItwfFAQHPrAPzBbf6lQyzwbUwdxayzLDoh3Hygnun
Looi+yzziEVQchOgSt3sLe2I108DLxTgp+26lJYTAZB+Gg8HGyB+Nz6263D0XlVU
XQi9/7CSRyd8bhYFeuFPwFzHPWZlyLDAIsuaEfBsmp2DBLgffvhUCqiiWYmP9oa+
rOA+5IHS+xN8tIkAVQIFECu5dYOzvL/Jh3qmYQEBYDICAI5KdaTiPr2Y1OtRCTi6
xMG6hnRNalvK9C5d/bxrKnUYqsfSpKayX+Ts9psmq6a6doOrX3AAtgcZuTCYUfQk
d22JAJUCBRArlzITocE4X0qvAOUBAahdA/4rRoSVp3G+Ki0wvkcAvpnwt7vSEYpH
XSkyoC8LdAqs9bft5NDTOykgw5H1qFG1Doqk6oR0yxY0k91eVoBVclLWDb94sNO3
JjHJKO/QdODik5DpmXEnQhBfLlujuYkCtJjoBv1+QdImnnv9aNidGuLAneNvZ+UN
NqfE3IRShzNw3IkAlQIFECtj5iw2VpfGMt2Y2QEBDEYD/2iMMml65eFaNWrNP7ab
Yh8QW3+Mnjyl5CNpAjGkxejmIm4nZKqUHN5DuGzpJDnstRwbz6daXK15XcoM1m8g
uhu6UzIwHs9+hbKE6inTCz4C0mE55PSmvF/ejjexnGzsiFpuFnjN/sRrSHc57flO
IUWBCZD8Hizz3aYBxmvwJ863iQCVAgUQKxEXHOJ13g7/Z/cLAQGyYgP/apcv9V2M
bHFgU0hl0D4MLqGjBReUfDroxQCsgsTb/0nr1W9yltBMqYPgD7ThLAf2rxIPNbGy
D7VUA27LTwQTS6n2mbtkHOvGQVw7J2GwTA6319Gf0Qne0M1h7VJWjFX0Vzjuh/nk
6btxM2uTLSF2nUsDXe5/9N5XeesFhrbXNrM=
=4fGE
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVFwE94nNf3ah8DHAQEkVQP/QzHZ0oqDW3XYrpYANTfeA7hIMgweKz8N
7/UpkV5XHhePwEfJA3fFn2Gs/BwF6Oy0xsJOk16AIE5JtAWqp5x3jzQ6BuJhkhhk
RcVrmtqqBfj8PMnpm3rdQRUMC9CftxA/m06y3Cw5FHgxvrOXcZfyrsBIR26UejsI
4fOY+JjlglQ=
=sBOp
-----END PGP SIGNATURE-----

--
edgar at spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From hughes at ah.com  Fri Feb  4 10:45:10 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 4 Feb 94 10:45:10 PST
Subject: STEG: a real-life use for steganography
Message-ID: <9402041840.AA21942@ah.com>


I had an extremely interesting conversation with a fellow last night,
say, X.  A mutual friend of ours had steered him towards me.

X has contacts in a country C which will remain nameless.  The
government of C is extremely repressive and has a large internal
police force.  The situation, evidently, is one similar to the old
USSR, where masks behind masks were used in daily life, little is
exactly as it appears, and the default discourse is sideways speaking.

The scenario is almost worst-case.  There is a need for steganography,
since the use of cryptography is grounds for suppression; likewise
there is a need for covert channels.  There is a need for
double-blinding of identities, since one's friends may be difficult to
detect.  And so on.  

The aspect that _is_ good is that C is not the whole world, and there
are plenty of us not in C.  The first most useful facility to set up,
X thinks, is simply news from outside of C as a bypass of the media in
C--wire service articles about C, for example, as well as a feed of
the newsgroup "soc.culture.<C>".

Here's the technique we came up with last night.  C has an indigenous
music M which is periodically performed in the United States.  We were
thinking about pressing short-run CD's of these live performances.  We
all know where the news feeds go.  The CD's would be distributed via
standard music channels and would be surprisingly brisk sellers.  The
costs of the project can evidently be footed by willing members of the
M industry in C.

Now let me address the standard comment "Oh, steganography completely
solves that problem."  Please.  That's like saying, "Oh, just use an
internal combustion engine to solve your long distance transport
problems."  Such statements are a failure of imagination and
seriousness.

A practical system to carry this project out is quite large.  I see at
least the following pieces needed:

 -- A facility to gather the data being put on the disks.  This by
itself is no trivial task, since it involves the collection of many
disparate sources.

 -- An authoring system to arrange the data, once collected, into a
usable structure.

 -- An encryption system for the arranged data.  Such a system can't
treat the data as one long stream, because of the segmented nature of
the data.  The ability to mount the CD as a file system would be good
leverage for other programmers.

 -- A mastering system to combine a music master CD (done separately)
and a data master (in some format) into a new music master CD.  This
will, at the least require a machine with a CD reader and writer.
Blank media, FYI, for a CD writer are about $20/disk.  The CD writer
is about $5K.  These numbers are approximate and falling rapidly.

 -- A CD pressing facility.  These are commercially available at quite
reasonable cost in quantities in the 100's.

 -- A CD distribution system.  This will likely be the M industry, and
thankfully the details of international shipping and customs will be
taken care of, as well as retail distribution.

 -- A decryption system to get the data off the CD.

 -- Client software to make use of the information.  It need not all
be in text format.

 -- A key distribution system.  A secret key per CD and word of mouth
may be sufficient.  A system to make rememberable sentences out of an
arbitrary 128 bits (and the inverse) would be useful to facilitate
word of mouth.

This is no small task.  Those interested in participating may start
working on any of the above.  The tasks are fairly separable.  Here
are some that I can identify as critical.

 -- A standard for encoding data into the low bits of an audio CD.
This will likely require a lot of specific knowledge of the low level
encoding and error correction systems used in CD's.  I do know that
they are not simple, being much more than bit-correcting linear codes.

 -- A standard for the encoding of file system data onto these low
bits.  This should be a separate document, even though the design of
this will be influenced by the bit encoding standard.  Some adaptation
of existing file system standards may be appropriate.

 -- A standard for the encryption format for the file system.  It may
be that Matt Blaze's CFS cryptograpy can be lifted wholesale.

 -- Multiplatform software support for all of the above.

I am pleased to have a real example to work on, rather than a lot of
wixering about hypotheticals.

I welcome discussion of this topic.  

Eric





From freeman at MasPar.COM  Fri Feb  4 10:55:12 1994
From: freeman at MasPar.COM (Jay R. Freeman)
Date: Fri, 4 Feb 94 10:55:12 PST
Subject: San Jose BBS subject to M
Message-ID: <9402041855.AA00762@cleo.MasPar.Com>


> Hmm... wish I had the exact original handy to mis-quote ...

  Is this the one you mean?

                First they came for the Communists,
                  and I didn't speak up,
                    because I wasn't a Communist.
                Then they came for the Jews,
                  and I didn't speak up,
                    because I wasn't a Jew.
                Then they came for the Catholics,
                  and I didn't speak up,
                    because I was a Protestant.
                Then they came for me,
                  and by that time there was no one
                    left to speak up for me.

                by Rev. Martin Niemoller, 1945.





From MCALVINK at ccmail.sunysb.edu  Fri Feb  4 11:15:20 1994
From: MCALVINK at ccmail.sunysb.edu (MCALVINK at ccmail.sunysb.edu)
Date: Fri, 4 Feb 94 11:15:20 PST
Subject: UNSUB
Message-ID: <01H8HO3DOA2Q95N79W@ccmail.sunysb.edu>


UNSUBSCRIBE m calvinkoons






From nobody at shell.portal.com  Fri Feb  4 11:25:15 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 4 Feb 94 11:25:15 PST
Subject: REMAILERS: Netcoms Policy and hazards to remailers
Message-ID: <199402041921.LAA06512@jobe.shell.portal.com>


An issue arose today with Netcoms
DASD migration... My Account was moved from /ux/accountname
to /uxx/accountname, which caused my .forward file to begin bouncing
mail. Netcoms sysadms promptly moved my .forward to
.forard.bak to eliminate the bounces and notified me via
the now working mail. During my conversation with the admin I asked specifically
what Netcoms policy vis-a-vis ECPA, search warrants, and
warrantless requests from Law enforcement of any kind for
both e-mail in transit and stored files.. The
answer was as it should be. A "proper" search arrant would
be required prior to cooperation with LE. Netcom as a policy
ill NOT provide ANY materials other than account name
without a search warrant, unless an account on netcom
is used to crack another site and netcom is liable(
in which case they will file a complaint and give cooperation
to investigating officers.) a warrant is required for release.
The subject of remailer and crypto out of a netcom account didnt
elicit any comment from the sysadmin...)
Tomorrow I will call and ask specifically on that area...

  anon






From mg5n+ at andrew.cmu.edu  Fri Feb  4 11:29:55 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Fri, 4 Feb 94 11:29:55 PST
Subject: Running regularly
In-Reply-To: <CMM-RU.1.3.760376482.matthew@gandalf.rutgers.edu>
Message-ID: <ohIe6mW00awO8hvVIq@andrew.cmu.edu>


Matthew Bernardini <matthew at gandalf.rutgers.edu> wrote:

> Why not make two shell scripts, one that sleeps for so long (say 20 minutes)
> using the unix sleep command, and then calls the remailer scripts in an
> infinite while loop.  This would work if you set it up as a background
> process,and you don't need to be root for it to work.  Only downsides are
> that when the machine crashes you have to log back in and restart script,
> your sleep command will always be in the top window if your sys-admin
> is watching, and you have to be careful not to spawn to many processes and
> bring the system down.

I tried this on the system here, but it killed off the process when I
logged off.

As for starting too many processes, just don't start them...  leave it
as one single process that just repeats itself indefinently with sleeps
in between.





From beker at netcom.com  Fri Feb  4 12:09:54 1994
From: beker at netcom.com (Brian Beker)
Date: Fri, 4 Feb 94 12:09:54 PST
Subject: Remailer Delays
Message-ID: <Pine.3.85.9402041253.A23998-0100000@netcom7>



The last two messages I've sent through remailers have taken upwards of 
two days to arrive at their destinations.  Parallel messages sent 
directly arrived immediately.

The two remailers are Hal's and rebma.

What is making this happen?  Is it related to all the recent PGP FAQ 
traffic?  Which remailers if any are not suffering from these lags?

THX,
B






From wex at media.mit.edu  Fri Feb  4 12:10:14 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Fri, 4 Feb 94 12:10:14 PST
Subject: STEG: a real-life use for steganography
In-Reply-To: <9402041840.AA21942@ah.com>
Message-ID: <9402042009.AA09438@media.mit.edu>


Hunh.  I'm surprised that you would select a fixed medium (CDs) for a
variable information source.  How often do you plan to press new CDs?

Would it not be simpler to use steganography to encode the desired
information into GIFs of, say, US weather maps?  These maps are revised
quite often and it would be natural to send person X a new weather map every
day or so.

Yes, as we all know from past discussions, it's possible for someone who
knows what you're doing to recover the data "hidden" in the pictures.  But
how likely is that to happen?  What's the cost of this (or another non-
media-dependent solution) versus the complexity and cost of using CDs as
your transport mechanism?

[About the CDs: what will the sound like when played on a normal CD player?
Isn't this likely to attract attention?]

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group	wex at media.mit.edu
Voice: 617-258-9168 Page: 617-945-1842		an53607 at anon.penet.fi
All the world's a stage and most of us are desperately unrehearsed.





From mab at research.att.com  Fri Feb  4 12:10:15 1994
From: mab at research.att.com (Matt Blaze)
Date: Fri, 4 Feb 94 12:10:15 PST
Subject: Followup: Notes on key escrow meeting with NSA
Message-ID: <9402042007.AA25589@big.l1135.att.com>


Newsgroups: sci.crypt,talk.politics.crypto,comp.org.eff.talk,alt.privacy.clipper
Subject: Re: Notes on key escrow meeting with NSA

In a recent article, I wrote:
>A group from NSA and FBI met the other day with a group of us at Bell
>Labs to discuss the key escrow proposal.  They were surprisingly
>forthcoming and open to discussion and debate, and were willing to at
>least listen to hard questions.  They didn't object when asked if we
>could summarize what we learned to the net.  Incidentally, the people
>at the meeting seemed to base a large part of their understanding of
>public opinion on Usenet postings.  Postings to sci.crypt and
>talk.politics.crypto seem to actually have an influence on our
>government.
>
>A number of things came out at the meeting that we didn't previously
>know or that clarified previously released information.  What follows
>is a rough summary; needless to say, nothing here should be taken as
>gospel, or representing the official positions of anybody.  Also,
>nothing here should be taken as an endorsement of key escrow, clipper,
>or anything else by the authors; we're just reporting.  These notes
>are based on the collective memory of Steve Bellovin, Matt Blaze, Jack
>Lacy, and Mike Reiter; there may be errors or misunderstandings.
>Please forgive the rough style.  Note also the use of "~ ~" for
>'approximate quotes' (a marvelous Whit Diffie-ism).

A couple of clarifications and new recollections.  Same disclaimers as
above.

The NSA people were asked whether they would consider evaluating
ciphers submitted by the private sector as opposed to simply proposing a
new cipher as a "black box" as they did with Skipjack.  They said they
can't do this because, among other things, of the extraordinary effort
required to properly test a new cipher.  They said that it often takes
from 8-12 years to design, evaluate and certify a new algorithm, and
that Skipjack began development "~about 10 years ago.~"  I asked if we
should infer anything from that about the value of the (limited time
and resource) civilian Skipjack review.  They took that with good
humor, but they did say that the civilian review was at least
presented with and able to evaluate some of the results of NSA's
previous internal reviews.

Regarding the scale of the escrow exploitation system, they said that
they did not yet have a final operational specification for the escrow
protocols, but did say that the escrow agencies would be expected to
deliver keys "~within about 2 hours~"  and are aiming for "~close to
real time.~" Initially, the FBI would have the decoder box, but
eventually, depending on costs and demand, any law enforcement agency
authorized to conduct wiretaps would be able to buy one.  The two
escrow agencies will be responsible for verifying the certification
from and securely delivering the key halves to any such police
department.

As an aside, we've since been informed by a member of the civilian
Skipjack review committee that the rationale for not having the escrow
agency see the actual wiretap order is so that they do not have access
to the mapping between key serial numbers and people/telephones.

Also, on second reading, I wasn't at all clear about the reverse
engineering resistance of the chips.  I wrote:

>...they are designed to resist reverse engineering the data in the
>chip without destroying the chip.  It is not clear (from the
>information presented at the meeting) whether the chips are equally
>resistant to destructive reverse-engineering to learn the skipjack
>algorithm....

That is, the chips are designed to resist non-destructive reverse
engineering to obtain the unit keys.  They do not believe that it is
possible to obtain the unit key of a particular chip without destroying
the chip.  They did not present any assertions about resistance to
destructive reverse engineering, such that several chips can be taken
apart and destroyed in the process, to learn the Skipjack algorithm.

Finally, I should have made clear that "Clipper" is more properly
called the "MYK-78T".

-matt






From Lyle_Seaman at transarc.com  Fri Feb  4 12:25:15 1994
From: Lyle_Seaman at transarc.com (Lyle_Seaman at transarc.com)
Date: Fri, 4 Feb 94 12:25:15 PST
Subject: Read-Once Messages?
In-Reply-To: <9401311747.AA12799@federal-excess.apple.com>
Message-ID: <QhIeqzeSMUw8QmXzRb@transarc.com>


lefty at apple.com (Lefty) writes:
> Has there been any work done on messages that can be read a single time,
> preferably only by a designated recipient, and is not amenable to being
> captured as it is "played"?  I know that Gibson's poem _Agrippa_ had some
> sort of self-destruct feature built into it, but I don't know what
> mechanism was used to implement this.

I think I received one of these once, but I can't remember what it was.







From dm at hri.com  Fri Feb  4 12:39:54 1994
From: dm at hri.com (dm at hri.com)
Date: Fri, 4 Feb 94 12:39:54 PST
Subject: Running regularly
In-Reply-To: <ohIe6mW00awO8hvVIq@andrew.cmu.edu>
Message-ID: <9402042034.AA29033@sparc31.hri.com>



      
   Date: Fri,  4 Feb 1994 14:27:46 -0500 (EST)
   From: Matthew J Ghio <mg5n+ at andrew.cmu.edu>
   
   Matthew Bernardini <matthew at gandalf.rutgers.edu> wrote:
   
   > Why not make two shell scripts, one that sleeps for so long (say 20 minutes)
   > using the unix sleep command, and then calls the remailer scripts in an
   > infinite while loop.  This would work if you set it up as a background
   > process,and you don't need to be root for it to work.  
   
   I tried this on the system here, but it killed off the process when I
   logged off.

If it's a UNIX system, try using the ``nohup'' (for ``no-hang-up'',
from the days when you connected to computers by telephone) command to
keep your background process alive after you log out.





From nobody at shell.portal.com  Fri Feb  4 12:45:15 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 4 Feb 94 12:45:15 PST
Subject: Magic Money Digicash System
Message-ID: <199402042044.MAA28800@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Magic Money Digital Cash System
Brought To You By Pr0duct Cypher
Based on PGP Tools - The Crypto Construction Set
Send to csn.org, should appear under /mpj somewhere

Magic Money is a digital cash system designed for use over electronic mail.
The system is online and untraceable. Online means that each transaction
involves an exchange with a server, to prevent double-spending. Untraceable
means that it is impossible for anyone to trace transactions, or to match
a withdrawal with a deposit, or to match two coins in any way.

The system consists of two modules, the server and the client. Magic Money
uses the PGP ascii-armored message format for all communication between the
server and client. All traffic is encrypted, and messages from the server
to the client are signed. Untraceability is provided by a Chaum-style blind
signature. Note that the blind signature is patented, as is RSA. Using it
for experimental purposes only shouldn't get you in trouble.

Digicash is represented by discrete coins, the denominations of which are
chosen by the server operator. Coins are RSA-signed, with a different e/d
pair for each denomination. The server does not store any money. All coins
are stored by the client module. The server accepts old coins and blind-
signs new coins, and checks off the old ones on a spent list.

Suppose Alice wants to pay Bob some Magic Money. Alice uses her client
module to extract some coins from her account (file). She then mails those
coins to Bob, using a secure channel such as a PGP message. Bob runs his
client module on the coins. The client module checks the signatures, and
totals up the value of the coins. 

It then prompts Bob to choose the values of new coins which total the same
value as the old ones. For example, Alice sends Bob a 64-unit coin. Bob
chooses a 32-unit and two 16-unit coins. The client module then generates
proto-coins, which are blinded but unsigned. It produces an output file
containing Alice's coins, and the new proto-coins.

Bob mails this to the server. The server counts up Alice's coins, checks
their signatures, and checks for double-spending. It puts the coins on the
cancelled list, signs the proto-coins, and mails them back to Bob. Bob runs
his client module on the reply message. It unblinds the signed coins and
adds them to his coin file. This completes the transfer.

The Magic Money server is a filter, accepting input from stdin and sending
output to stdout. To set up a server, you first compile the server program
and install it in its own directory. Dump some random junk in a file called
rand.dat. This and the system clock is hashed to generate random numbers.

Then execute "s i" to initialize the server. It will prompt you for some
information. For the denominations, I would use powers of 2 (1, 2, 4, 8,
16, 32, 64, 128...) because they minimize the number of coins needed to
transfer any amount. The server will create a key and an e/d list. An
ascii-armored copy of the server's public key is written to bank.asc. Users
must have this key to use the server, so however you publicize your server,
include the key.

Set up the system so that, when a message comes in, the server is executed
and the message (which need not be cleaned up first) is piped into stdin.
The output from the server should be mailed back to the user. The server
can be run through a remailer, if you don't want to reveal your location.
This would be easiest through a penet-style remailer. Operating through a
cypherpunks-style remailer would require an external mechanism to handle
reply headers. However you do it, just see to it that messages go into the
server and the output goes back to the right user.

If you just want to experiment on one machine, put the server and client in
different directories, to prevent their files from interfering with each
other. Set up a shell script/batch file to feed the client's output into
the server and return the server's reply.

The server has the ability to include a message to the client. If the file
msg.txt exists in the server's directory, it will be included in the
server's replies, and the clients will display it. The client will wait for
a keypress after displaying the message, so the last line should be "press
any key to continue" or something similar. The message should not be longer
than one screen, because there is no "more" in the client. The main use for
the message is to warn users of expirations (see below), but you can send
anything you want.

To set up a client, compile the client module (unless the server operator
was nice enough to provide a binary [hint]) and put it in its own
directory. Put some random junk (for random numbers) into rand.dat, and put
the server's ascii-armored key in bank.asc. Now execute "c -i" to
initialize your client. It will create a key and generate "output.asc"
which should be mailed to the server. When the reply comes back, save it
in a file and run "c <file>". This will initialize your e-list and coin
name files. If the server has a msg.txt, you will see it.

Now get another user to send you some coins. Coins are binary, not ascii-
armored, because we assume you will use a PGP message or other "envelope"
to transport them. Execute "c <file>" to process your coins. The client
will show the denominations as the signatures are checked. It will show the
total, and allow you to choose denominations for the new coins you want to
generate. Then it will generate a file "output.asc" which should be mailed
to the server. Take the server's reply and run "c <file>" on it. It will
extract and unblind the coins, displaying them as it does so. When it is
done, you will have some coins to spend.

To pay someone some coins, execute "c -p". The client will show a list of
coins you have, and allow you to choose values to extract. These will be
copied into "coins.dat", which you then mail to the person you want to pay.
He does as above to deposit them. Do not lose "coins.dat" because the coins
are removed from your file as they are extracted.

Server maintenance and expirations: the server must keep track of all the
coins which have ever been spent, at 16 bytes each. While the server uses
an efficient hash file to maintain speed, the file will eventually grow to
consume the entire filesystem of the host machine. There must be a way to
clear it out eventually.

The server operator executes "s n" to generate a new e/d list. The old list
will be renamed. Old coins are still valid at this point. The server
operator should put up a message warning users to exchange their old coins.
The next time a user interacts with the server, his elist will be updated
automatically, and the old one renamed. 

The user can (and should be warned to) execute "c -x" to automatically
exchange all his old coins for new ones. After a reasonable time, and
plenty of warning (!) the server operator executes "s d" to delete the old
spent list, efile, and dfile. Old coins are now worthless. The next time
a user interacts with the server, his old elist will be deleted
automatically by his client. Old coins will now show up as having zero
value, and a "c -x" will discard them as "expired coins". If the user was
dumb enough not to exchange his coins, too bad.

The server will only sign as much value as it receives, so the amount of
money in circulation remains constant. We have a chicken-and-egg problem:
how is value created? The server operator has the magical ability to create
new coins from thin air. He executes "s m <x> <x> <x>" where x is the
denomination of the coins he wants. The result is a coins.dat file, which
can be mailed to a user and processed by his client module. The server just
signs the coins directly, without any blinding.

Coins are represented by RSA integers in the normal PGP-signature format.
The coin is 16 bytes, padded in the same way that PGP 2.3a pads a
signature. The coin is stored signed, that is, raised to the d power. There
is no hashing involved; RSA is used directly.

To blind a coin, the client generates a blinding factor, a large random
number. The random number is raised to the appropriate e power, modulo the
server's n. It is then multiplied with the unsigned coin, generating a
blinded "proto-coin", which is sent to the server. The server signs the
blinded coin by raising to the power d. This "decrypts" the blinding factor
at the same time as it signs the coin, because RSA is multiplicative. Then
the client divides out the blinding factor, leaving the signed coin.

How big should the blinding factor be? I am not sure. Right now, it is set
to the modulus minus one byte. This is certainly secure, but it takes a
long time to unblind because mp_inv is a slow operation. If you know how
long it needs to be, feel free to change it.

Now, if you're still awake, comes the fun part: how do you introduce real
value into your digicash system? How, for that matter, do you even get
people to play with it?

What makes gold valuable? It has some useful properties: it is a good
conductor, is resistant to corrosion and chemicals, etc. But those have
only recently become important. Why has gold been valuable for thousands
of years? It's pretty, it's shiny, and most importantly, it is scarce.

Digicash is pretty and shiny. People have been talking about it for years,
but few have actually used it. You can make your cash more interesting by
giving your server a provocative name. Running it through a remailer could
give it an 'underground' feel, which would attract people.

Your digicash should be scarce. Don't give it away in large quantities. Get
some people to play with your server, passing coins back and forth. Have
a contest - the first person who (breaks this code, answers this question,
etc.) wins some digital money. Once people start getting interested, your
digital money will be in demand. Make sure demand always exceeds supply. 

If some people get servers up and running, and if there is any interest,
I can write an automatic client which will accept and pay out Magic Money
without human intervention. Please let me know if you have an application
for this, or any other ideas for the system.

                                              Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVChQcGoFIWXVYodAQFDhAQAlOdUdnZZxarfxIbACZlHv+Hza+lLkaQl
2eMBro4Bu/QV6wjnTPfw4AND8HbsgdCYjsh7B6XBkpLqVqSk0/fBkwrb4jmvG/bD
sU2ccYm2Da9qShHaYWSqApugVA+0bPc9LSHxpbbrAfXIkMQvYqKQMjde6VW4zecZ
fZAtf6J/7TY=
=N7Kb
-----END PGP SIGNATURE-----





From sdw at meaddata.com  Fri Feb  4 12:49:55 1994
From: sdw at meaddata.com (Stephen Williams)
Date: Fri, 4 Feb 94 12:49:55 PST
Subject: Running regularly
In-Reply-To: <ohIe6mW00awO8hvVIq@andrew.cmu.edu>
Message-ID: <9402042046.AA20030@jungle.meaddata.com>


> 
> Matthew Bernardini <matthew at gandalf.rutgers.edu> wrote:
> 
> > Why not make two shell scripts, one that sleeps for so long (say 20 minutes)
> > using the unix sleep command, and then calls the remailer scripts in an
> > infinite while loop.  This would work if you set it up as a background
...
> I tried this on the system here, but it killed off the process when I
> logged off.
> 
> As for starting too many processes, just don't start them...  leave it
> as one single process that just repeats itself indefinently with sleeps
> in between.

You did try to nohup it, right?

nohup script blabla...

sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net sdw at meaddata.com
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together




From nobody at shell.portal.com  Fri Feb  4 13:29:54 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 4 Feb 94 13:29:54 PST
Subject: remailer delays
Message-ID: <199402042129.NAA11271@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Brian Beker asked,
"The last two messages I've sent through remailers have taken upwards of
two days to arrive at their destinations.  Parallel messages sent
directly arrived immediately.

The two remailers are Hal's and rebma.

What is making this happen?  Is it related to all the recent PGP FAQ
traffic?  Which remailers if any are not suffering from these lags?"

I am not using remba at all, not even pinging it. The last three days
have seen the "Bomb me!" request dwindle to about 5-6 a day. Hal's ("shell")
is working without a glitch. That leaves remba. If I can get my list of
remailer details completed, people like you with specific needs (today you
want speed) will be happier. The fast remailers that I am using and have
had NO problem with are:

@remailers = (
"catalyst at netcom.com",
"remailer at dis.org",
"ebrandt at jarthur.claremont.edu",
"remailer at merde.dis.org",
"elee7h5 at rosebud.ee.uh.edu",
"hfinney at shell.portal.com",
"hh at soda.berkeley.edu",
"qwerty at netcom.com"
);

These are not necessarily the most secure ones, but they are all pingable
with variable 5 minute to 1 hour delays for the pings to come back. If speed
is of concern, these are your remailers. cicada and pmantis are also quite
fast but are not meant for what I need them for. I am very sensitive to
kicking mailers off my list if I cause a problem, even once. The merde and
dis.org remailers often add an hour delay, seeming to batch things out.
jarthur is often ~10 minutes, but just as often an hour.

- From my incomplete List:

Remailer  Fast?  OpLog SysLog Subj Batch RD NL CPU Phys PGP BitB
 -------- ------ ----- ------ ---- ----- -- -- --- ---- --- ---- ----------
bsu-cs    +      ?      ?/?    +    ?    ?   ?  ?   ?   23a  ?
catalyst  +      N?    SM/MQ   -    -    ?   -  PA  M   23a  -
choas     +      ?      ?/?    +    ?    ?   ?  ?   ?   -    -
cicada    ++     ?      ?/?    -    -    -   -  ?   ?   -    -
dis.org   -/--   ?      ?/?    -    ?    ?   ?  ?   ?   23a  ?
extropia  +/?    ?      ?/?    +    ?    ?   ?  Pr? ?   23a  ?
jarthur   +/--   St    SM/MQ?  -    ?    ?   ?  Un  ?   23a  -
menudo    --     ?      ?/?    -    t1   ?   ?  ?   ?   -    ?
merde     -/--   ?      ?/?    -    ?    ?   ?  ?   ?   -    ?
penet.fi  --     St     ?/?    -    t?   24  +  Pr  H   -    -
pmantis   ++     ?      ?/?    -    ?    -   -  ?   ?   -    -
qwerty    +      C     SM/MQ   -    -    -   -  PA  M   23a  +
rosebud   ++/-   ?      ?/?    -    -    -   ?  ?   ?   23a  ?
remba       ?    ?      ?/?    ?    ?    ?   ?  ?   ?   23a  ?
shell     ++/+/- St     ?/?    -    ?    ?   ?  ?   ?   23a  -
soda      ++/-   St+?   ?/?    -    ?    ?   ?  ?   ?   -

Subj: Strips Subject header?
NL: Non-linear remailing? 123->231.
RD: Random delay added (max, in hours)?
Batch: Batched remailing? t2 means twice daily. n5 means after 5 messages.
CPU: Pr = private. PA = account on public access machine. Un = university.
Phys: Physical security of the CPU, especially at night. H/M/L.
BitB: BitBucket feature?

Fast?:
++ <5 min
+   5-10 min.
 -  ~10-30 min delay
 --  pinging isn't practical due to long delays
+/- sometimes +, sometimes -
Normal internet mail delays are common, and are not equivalent in the two
directions between any two remailers. Mail still gets through.

OpLog:
F: full copies of all mail is archived. My large volume mailing should
   help put a stop to this.
St: Stats logs of when mail was remailed.
St+: Stats logs of when and where mail was remailed.
St-: simple counter.
N: operator keeps no logs.

SysLog:
SM: sendmail logs of when and where mail was exchanged. Root access.
MQ: mailqueue accessible by anyone on the site. Could make logs.

 -Nik (Xenon)

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVJ3RwSzG6zrQn1RAQEfFQP/Rkt6bVBWCetn4YH/dm7LJ+EhAia+NXDy
EutlgmKJKXPc2eh3pypVb0cxdlMr/dOidXrTY3LzCF4iHOc7/l1FNegkbrJltf9R
+rOHyh23FDnQZE8NIxq9KLr++iUxMFsq8UfmNy+Z5ojMh2Nc+54CBSHoAMMEryPG
oEOu5i3jK08=
=nfRB
-----END PGP SIGNATURE-----





From hfinney at shell.portal.com  Fri Feb  4 13:59:53 1994
From: hfinney at shell.portal.com (Hal)
Date: Fri, 4 Feb 94 13:59:53 PST
Subject: Magic Money Digicash System
Message-ID: <199402042158.NAA09840@jobe.shell.portal.com>


Wow!  Hot stuff!

I looked at csn.org, but I didn't find magic money.  The pgp_tools
has been there for a while, of course.  Somebody post when they find
it.

Hats off to Pr0duct Cypher!

Hal






From MIKEINGLE at delphi.com  Fri Feb  4 14:25:16 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Fri, 4 Feb 94 14:25:16 PST
Subject: Prodigy snooping
Message-ID: <01H8GY0YK46W91W1I6@delphi.com>


>I heard from a friend that Prodigy was scanning user's hard drives. 
>Basically, when you logged on Prodigy made a complete directory of your
>hard drive and uploaded it.  Prodigy was using this to find out what
>applications you used so they could direct the appropriate advertising
>towards you.  Apparently, they're suffering several lawsuits now because
>of it.

This tale has been around for a while. Prodigy makes a huge file, over
1 MB, on your hard drive and stores information there to speed up the data
transfer. People started finding bits of their files in there. They
claimed that Prodigy was snooping into their systems. Prodigy denied it
and claimed that their software just didn't bother to clear the disk space
when it allocated it, so whatever was there, stayed there until the space
was used. They distributed a utility which would zero out that information.
Whether they were really snooping or not, who knows? If they were, they
were pretty stupid to leave clear text in the file.
 
>My friend heard this on the trailing end of a radio talk show.  If it was
>really happening, it sounds horrible.  Could Secure Drive be set up to
>stop this kind of attack?

Secure Drive would stop it if you weren't logged into the encrypted drive
when you ran Prodigy. Of course, if you were logged in and they knew about
Secure Drive, they could get your encryption key as well as your data...

--- Mike






From dave_taffs at rainbow.mentorg.com  Fri Feb  4 14:25:19 1994
From: dave_taffs at rainbow.mentorg.com (Dave Taffs)
Date: Fri, 4 Feb 94 14:25:19 PST
Subject: request for information
Message-ID: <199402042217.AA29743@fpd.MENTORG.COM>



I saw the following on imp-interest, and thought somebody here might
be interested in responding (perhaps?)...

PS: She has David Chaum's internet address by now, I'm certain...

to:     imp-interest at thumper.bellcore.com
from:   owner-imp-interest at thumper.bellcore.com
date:   Fri, 4 Feb 1994 10:29:56 -0500 (EST)
subj:   Digicash story/Internet Letter
sender: jayne levin <helen at access.digex.net>
sent:   02/04/1994  8:33 am (PDT)
---------                                                                    **|

I would like to explore the issue of digital cash in my next issue of The
Internet Letter. I am trying to contact David Chaum but don't have his
e-mail address, so I'd appreciate any help in making contact with him.

I'd also like to get a grip on some of the issues involved in developing
digital cash as well as the status of work in this area. Who else should I
talk to?

Jayne

Jayne Levin                                           Net Week Inc.
Editor                                  220 National Press Building
The Internet Letter                     Washington, D.C. 20045  USA
+1 202 638 6020                                Fax: +1 202 638 6019







From rcain at netcom.com  Fri Feb  4 14:25:20 1994
From: rcain at netcom.com (Robert Cain)
Date: Fri, 4 Feb 94 14:25:20 PST
Subject: Running regularly
In-Reply-To: <199402040708.XAA17954@jobe.shell.portal.com>
Message-ID: <199402042225.OAA24297@mail.netcom.com>


Hal sez:
> 
> > Before I start throwing out ideas that I'm sure aren't new to readers here,
> > I have a simple question that perhaps I should post to comp.unix.questions
> > or comp.lang.perl, but.... Can I, and how would I, get a perl script to
> > kick in and send out mail every few minutes when I am NOT logged in. Is this
> > possible on Netcom?
> 
> Most public Unix systems will not let you do this, in my experience.
> The two Unix commands which usually give you the ability to run programs
> at regular intervals are "at" and "crontab".  You can read the man pages
> and try running these to see if they are enabled for you.
> 

If you run into this, there is a sneaky way to do it if you have a
friend somewhere that doesn't restrict at or crontab and if your system
provides elm and will will honor a .forward file.  Have your friend set
up a crontab that mails you a short note with some header
characteristic that the filter program for elm can recognize via the
filter-rules file and kick off an invocation of whatever you want to do
each time it recieves one of these notes.  Sneaky but it works.  :-)


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From mnemonic at eff.org  Fri Feb  4 14:59:57 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 4 Feb 94 14:59:57 PST
Subject: interagency_workgroup.notice (fwd)
Message-ID: <199402042256.RAA00559@eff.org>


Forwarded message:


From mbriceno at netcom.com  Fri Feb  4 15:00:17 1994
From: mbriceno at netcom.com (Marc Briceno)
Date: Fri, 4 Feb 94 15:00:17 PST
Subject: Running regularly
Message-ID: <199402042300.PAA18374@mail.netcom.com>


Xenon askend:
>> Before I start throwing out ideas that I'm sure aren't new to readers here,
>> I have a simple question that perhaps I should post to comp.unix.questions
>> or comp.lang.perl, but.... Can I, and how would I, get a perl script to
>> kick in and send out mail every few minutes when I am NOT logged in. Is this
>> possible on Netcom?

Hal answered:
>Most public Unix systems will not let you do this, in my experience.
>The two Unix commands which usually give you the ability to run programs
>at regular intervals are "at" and "crontab".  You can read the man pages
>and try running these to see if they are enabled for you.

Netcom has a "policy against detached processes because of the load they
put on the system and therfore 'crontab' and 'at' disabled for all
users.(Netcom support)" To make your life even harder they kill all your
processes upon hangup.
Here is (half) the workaround:

They forgot to disable "sleep" and they also didn't disable "nohup."
You can simply write a script that sleeps for 30 min, executes your program
and goes back to sleep. Call it with "nohup script &" and you're in
business.

The next problem that must be addressed is the auto-logout upon >14min of
inactivity on the modem level that Netcom imposes on you. There is a simple
2 line command that you can add to your .login file to disable the
auto-logout. I saw it once posted in one of the Netcom newsgroups, but I
lost it. Perhaps you might post the question there. I would not advise to
ask Netcom support for it... Some of the messages responding to the above
post talked about "supending the account for intentionally disabling, blah,
blah" 8-)

Good luck,

-- Marc Briceno <mbriceno at netcom.com>
   PGP public key by finger






From mnemonic at eff.org  Fri Feb  4 15:00:19 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 4 Feb 94 15:00:19 PST
Subject: reno_key_escrow.statement (fwd)
Message-ID: <199402042259.RAA00674@eff.org>


Forwarded message:


From mnemonic at eff.org  Fri Feb  4 15:05:17 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 4 Feb 94 15:05:17 PST
Subject: gore_crypto.statement (fwd)
Message-ID: <199402042301.SAA00879@eff.org>


Forwarded message:


From mnemonic at eff.org  Fri Feb  4 15:05:18 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 4 Feb 94 15:05:18 PST
Subject: harris.statement (fwd)
Message-ID: <199402042300.SAA00784@eff.org>


Forwarded message:


From mnemonic at eff.org  Fri Feb  4 15:05:21 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 4 Feb 94 15:05:21 PST
Subject: clipper_q-and-a.txt (fwd)
Message-ID: <199402042300.SAA00796@eff.org>


Forwarded message:


From mnemonic at eff.org  Fri Feb  4 15:09:57 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 4 Feb 94 15:09:57 PST
Subject: wh_press_secy.statement (fwd)
Message-ID: <199402042301.SAA00849@eff.org>


Forwarded message:


From mnemonic at eff.org  Fri Feb  4 15:10:17 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 4 Feb 94 15:10:17 PST
Subject: doj_escrow_intercept.procedures (fwd)
Message-ID: <199402042259.RAA00682@eff.org>


Forwarded message:


From mengel at dcdmwm.fnal.gov  Fri Feb  4 15:29:56 1994
From: mengel at dcdmwm.fnal.gov (Marc W. Mengel)
Date: Fri, 4 Feb 94 15:29:56 PST
Subject: CERT advisory
In-Reply-To: <9402041825.AA27913@media.mit.edu>
Message-ID: <9402042327.AA43567@dcdmwm.fnal.gov>



In <9402041825.AA27913 at media.mit.edu>  you write:
  [Some items of interest to C-punks include CERT's advocacy of stopping
  cleartext transmission of password (no shit sherlock), and their proposed
  solutions, including the use of one-time passwords which I had queried about
  on this list a few months back.  Of course they don't mention any sort of
  real encryption, let alone PGP.  How hard would it be to build in PGP
  security to the transmission layer of something like FTP?  Seems like a
  fairly simple problem, given that any site which supports anonymous FTP can
  publish a public key.  Even if we assume that encryption would slow down the
  file transmission too much, we could still use it for the
  login/authentication part of the session...  --AW]

Since the command channel is flat ascii, one could extend the protocol
with a pgp-password command, which would send the password encrypted in the
server's public key.  Similarly one could use the sort of convention that
the wu-ftpd does to request encrypted files... simply request file.pgp,
just like you request file.z, file.gz, etc.

Of course, there really *ought* to be an RFC for it, but I'm thinking
something like a command

 	666 PGPL
	-----BEGIN PGP MESSAGE-----
	...
	-----END PGP MESSAGE-----

which would send an encrypted login and password.

The other piece to hack up would be the ftp client, it would have to
ask for your login/password on the ftp server host, then crank that
through pgp, and send an ELOGIN command down the socket -- no problem.

The big issue, in my mind, is how the ftpd is going to get the key
to unlock the *system's* private key... Do you compile it into the
code?  Should ftpd ask for it when it comes up? 

Marc





From fnerd at smds.com  Fri Feb  4 15:45:17 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Fri, 4 Feb 94 15:45:17 PST
Subject: STEG: a real-life use for steganography
Message-ID: <9402042330.AA14310@smds.com>


Eric talks about a hypothetical system S which he discussed with
real acquaintance X of country C (with repressive government G), 
for stegging information I in through exogenously-produced CDs of 
indigenous music M.

One problem is that S is proposed for use by lots of people in C.
That means the whole system won't be a secret for long.  Soon
G will know not only which records and which equipment to ban, but
also the passphrases for the records--so why encrypt or even
camoflage it?

Maybe making copies of existing popular records would help.
Classics that lots of people already have.  Are there already 
records produced for C but manufactured outside of C?  Do they 
import music popular outside C?

>  -- A facility to gather the data being put on the disks.  This by
> itself is no trivial task, since it involves the collection of many
> disparate sources.

Maybe the newsgroup you mention is just the thing for the second-to-
last step in the chain.  It can combine efforts of people who don't 
have to know each other.

>  -- An encryption system for the arranged data.  Such a system can't
> treat the data as one long stream, because of the segmented nature of
> the data.  

There's also the problem of recovering from errors on the CD.

> The ability to mount the CD as a file system would be good
> leverage for other programmers.

>  -- A decryption system to get the data off the CD.

Can most CR ROM drives read the raw music format?  Many?
If not, can the bit stream to the ADC in a CD player be intercepted?
Maybe the best hardware from a physical camoflage standpoint would be 
those little CDROM drives that double as "walkmen".

> A system to make rememberable sentences out of an
> arbitrary 128 bits (and the inverse) would be useful to facilitate
> word of mouth.

Isn't it good enough to always start with sentences invented by 
people and encode into bits?

> encoding and error correction systems used in CD's.  I do know that
> they are not simple, being much more than bit-correcting linear codes.

I think when they're not giving you exactly what you put in, they're
doing desparate things like repeating the last few milliseconds.  So
about all you can do is put CRCs and IDs on blocks (maybe small 
blocks?) and be able to deal with lost and misplaced blocks.
It might be useful to have signatures on block boundaries so you could
recognize them out of continuous streams.  Maybe you would just take
two blocks worth of data and slide your buffer along one byte at a
time till you got a good CRC...but by then you would have received
a lot more data.  Better have a long buffer.

>  -- A standard for the encoding of file system data onto these low
> bits.  This should be a separate document, even though the design of
> this will be influenced by the bit encoding standard.  Some adaptation
> of existing file system standards may be appropriate.

Here, too, you need to deal with lost blocks.  Having one copy of the
root of the index might not be great.  Also, assuming you're using
modified CD players instead of CDROM drives, you might want to take
advantage of the music track structure.

-fnerd
quote me

- -
skip sweet sweetbacks badass skipjack song, jack.  3x, fast.
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From nobody at shell.portal.com  Fri Feb  4 15:55:19 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 4 Feb 94 15:55:19 PST
Subject: For Pr0duct Cypher: faster mp_inv
Message-ID: <199402042353.PAA17274@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Pr0duct Cypher wrote:

> How big should the blinding factor be? I am not sure. Right now, it is set
> to the modulus minus one byte. This is certainly secure, but it takes a
> long time to unblind because mp_inv is a slow operation. If you know how
> long it needs to be, feel free to change it.

PGP's mp_inv is needlessly slow.  It works OK for the little numbers
they normally use ("e" exponents) but bogs down for big numbers.
Fortunately I wrote a fast version of mp_inv some time ago just for
this application (blinding).  You might say it is "blindingly" fast!

Here it is, from my private copy of pgp source.  With this you can
choose anything for your blinding.  You will probably want to change
it to use your safemalloc.


#ifdef OLD_MPINV
/* Replaced by a faster routine, below */
void mp_inv(unitptr x,unitptr a,unitptr n)
	/* Euclid's algorithm extended to compute multiplicative inverse.
	   Computes x such that a*x mod n = 1, where 0<a<n */
{
	/*	The variable u is unnecessary for the algorithm, but is 
		included in comments for mathematical clarity. 
	*/
	short i;
	unit y[MAX_UNIT_PRECISION], temp[MAX_UNIT_PRECISION];
	unit gcopies[3][MAX_UNIT_PRECISION], vcopies[3][MAX_UNIT_PRECISION];
#define g(i) (  &(gcopies[i][0])  )
#define v(i) (  &(vcopies[i][0])  )
/*	unit ucopies[3][MAX_UNIT_PRECISION]; */
/* #define u(i) (  &(ucopies[i][0])  ) */
	mp_move(g(0),n); mp_move(g(1),a);
/*	mp_init(u(0),1); mp_init(u(1),0); */
	mp_init(v(0),0); mp_init(v(1),1);
	i=1;
	while (testne(g(i),0))
	{	/* we know that at this point,  g(i) = u(i)*n + v(i)*a  */	
		mp_udiv( g(iplus1), y, g(iminus1), g(i) );
		mp_mult(temp,y,v(i)); mp_move(v(iplus1),v(iminus1)); mp_sub(v(iplus1),temp);
	/*	mp_mult(temp,y,u(i)); mp_move(u(iplus1),u(iminus1)); mp_sub(u(iplus1),temp); */
		i = iplus1;
	}
	mp_move(x,v(iminus1));
	if (mp_tstminus(x))
		mp_add(x,n);
	mp_burn(g(iminus1));	/* burn the evidence on the stack...*/
	mp_burn(g(iplus1));
	mp_burn(v(0));
	mp_burn(v(1));
	mp_burn(v(2));
	mp_burn(y);
	mp_burn(temp);
#undef g
#undef v
}	/* mp_inv */

#else /* OLD_MPINV */

/* Faster mp_inv, based on "Fast Multiplicative Inverse in Modular
 * Arithmetic", J. Gordon, in Cryptography and Coding, edited by
 * Henry J. Beker and F.C. Piper, 1989.
 * The mapping from the variables in that paper to our variables is,
 * roughly, M->n, X->a, HCF->u(iminus1), U->u(i), temp->u(iplus1),
 * INV->v(iminus1), V->v(i), temp->v(iplus1).  We rotate the assignment to temp
 * and INV in their 2nd block of code.
 */
void mp_inv(unitptr x,unitptr a,unitptr n)
	/* Euclid's algorithm extended to compute multiplicative inverse.
	   Computes x such that a*x mod n = 1, where 0<a<n */
{
	/*	The variable u is unnecessary for the algorithm, but is 
		included in comments for mathematical clarity. 
	*/
	int shifts;
	int i = 1;
	int enterloop;
	unit vcopies[3][MAX_UNIT_PRECISION], ucopies[3][MAX_UNIT_PRECISION];
#define u(i) (  &(ucopies[i][0])  )
#define v(i) (  &(vcopies[i][0])  )
/* Modify this to do one division at the beginning.  That makes it faster.
	mp_move(u(0),n); mp_move(u(1),a);
	mp_init(v(0),0); mp_init(v(1),1); mp_init(v(2),1);
 */
	mp_move(u(0),a); mp_init(v(0),1);
	/* Init U to n%a, V to -n/a. */
	mp_udiv(u(1), v(1), n, a); mp_neg(v(1)); mp_move(v(2),v(1));
	do {
		enterloop = 0;
		shifts = -1;
		if (mp_compare(u(i),u(iminus1)) > 0)	/* if U > HCF then */
			mp_init(u(iplus1),0);
		else {
			enterloop = 1;
			mp_move(u(iplus1),u(i));			/* temp := U */
			while (mp_compare(u(iplus1),u(iminus1)) <= 0) {	/* temp<=HCF */
				++shifts;
				mp_shift_left(u(iplus1));		/* leftshift(temp,1) */
			}
			mp_shift_right_bits(u(iplus1),1);	/* rightshift(temp,1) */
		}
		mp_sub(u(iminus1),u(iplus1));			/* temp := HCF - temp */
		mp_move(u(iplus1),u(iminus1));

		i = iplus1;		/* V := tempV, tempV := INV, INV := V, */
						/* U := tempU, tempU := HCF, HCF := U; */
						/* (All simultaneous) */

		if (enterloop) {
			while (shifts--)
				mp_shift_left(v(i));			/* leftshift(V,shifts) */
			mp_sub(v(iplus1),v(i));				/* temp = temp - V */
		}
		mp_move(v(i),v(iplus1));				/* V := temp */
	} while (testne(u(i),0) && mp_compare(u(i),u(iminus1))!=0);
	mp_move(x,v(iminus1));
	if (mp_tstminus(x))
		mp_add(x,n);
	mp_burn(u(0));	/* burn the evidence on the stack...*/
	mp_burn(u(1));
	mp_burn(u(2));
	mp_burn(v(0));
	mp_burn(v(1));
	mp_burn(v(2));
#undef u
#undef v
}	/* mp_inv */
#endif /* OLD_MPINV */

-----BEGIN PGP SIGNATURE-----
Version: 2.1e

iQCVAgUBLVLeoArkCJ6S8691AQH9/QP+LRZ4oXiwNTUkpK7/4uJWhvJCLHPsCNsR
YXruZCgY1448DRpbNV4PCtFg/GhDqvJpsWtWOy3lFZIO9zxrDb/tsIfruIJJZr0w
lpWhhY+xUJNQYuqgu69EOY2IhJPiyZ+AyMuE4uYscuxEKmAEdLm/BAypX1zNplue
NdURpM+pPw4=
=f7BH
-----END PGP SIGNATURE-----





From matthew at gandalf.rutgers.edu  Fri Feb  4 16:09:57 1994
From: matthew at gandalf.rutgers.edu (Matthew Bernardini)
Date: Fri, 4 Feb 94 16:09:57 PST
Subject: Running regularly
Message-ID: <CMM-RU.1.3.760406745.matthew@gandalf.rutgers.edu>


> Matthew Bernardini <matthew at gandalf.rutgers.edu> wrote:
> 
> > Why not make two shell scripts, one that sleeps for so long (say 20 minutes)
> > using the unix sleep command, and then calls the remailer scripts in an
> > infinite while loop.  This would work if you set it up as a background
> > process,and you don't need to be root for it to work.  Only downsides are
> > that when the machine crashes you have to log back in and restart script,
> > your sleep command will always be in the top window if your sys-admin
> > is watching, and you have to be careful not to spawn to many processes and
> > bring the system down.
> 
> I tried this on the system here, but it killed off the process when I
> logged off.
> 
> As for starting too many processes, just don't start them...  leave it
> as one single process that just repeats itself indefinently with sleeps
> in between.
> 

Did the processes get killed BECAUSE you logged off ?
Or did they get killed because you left a single process runnning in the
background for an extended period of time and an automated script killed the
job.  Why not ask the sysadmin how to setup a long computational job for a
couple of days ?  I don't think any sysadmin would have a problem with that.
Then you could find out if the jobs are killed automatically somehow.

If it turns out that it was just the process that was automatically killed
on a time interval, then you could easily write a script that would spawn a
new process and then kill the parent.

Matt





From huntting at glarp.com  Fri Feb  4 16:19:57 1994
From: huntting at glarp.com (Brad Huntting)
Date: Fri, 4 Feb 94 16:19:57 PST
Subject: CERT advisory
In-Reply-To: <9402042327.AA43567@dcdmwm.fnal.gov>
Message-ID: <199402050015.AA01939@misc.glarp.com>



> Since the command channel is flat ascii, one could extend the protocol
> with a pgp-password command, which would send the password encrypted in the
> server's public key.  Similarly one could use the sort of convention that
> the wu-ftpd does to request encrypted files... simply request file.pgp,
> just like you request file.z, file.gz, etc.

There is an Internet draft (draft-ietf-cat-ftpsec-03.txt) on ftp
encription and authentication extensions.  I dont recall if it
includes a public key method, but if not it would probably be easy
to incorporate.


brad





From nobody at soda.berkeley.edu  Fri Feb  4 16:25:18 1994
From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu)
Date: Fri, 4 Feb 94 16:25:18 PST
Subject: clipper_q-and-a.txt
Message-ID: <199402050021.QAA04630@soda.berkeley.edu>


Q.      Who will hold the escrowed keys?

A.      The government.






From nobody at shell.portal.com  Fri Feb  4 16:30:17 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 4 Feb 94 16:30:17 PST
Subject: wh_press_secy.statement
Message-ID: <199402050030.QAA21462@jobe.shell.portal.com>


The following is a self contradictory statement, if considered to apply for
the time period of the next 20 years as the govenment's policy, and it down
right PISSES ME OFF. Fuck you, government.

>The Administration believes that the steps being announced today
>will help provide Americans with the telecommunications security
>they need without compromising the capability of law enforcement
>agencies and national intelligence agencies. Today, any American can
>purchase and use any type of encryption product. The
>Administration does not intend to change that policy. Nor do we have
>any intention of restrictiog domestic encryption or mandating the use
>of a particular technology.





From pmetzger at lehman.com  Fri Feb  4 16:55:17 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Fri, 4 Feb 94 16:55:17 PST
Subject: Food for thought
Message-ID: <199402050052.TAA19116@snark>



In conjunction with the latest Big Brother Chip announcements, I've
dug up an article I wrote for the net a while back. Some of it seems a
bit weak now, but so much of it still feels current that I decided to
repost it here.

----------------------------------------------------------------------

Newsgroups: sci.crypt
Subject: The Escrow Database.
Summary: 
Expires: 
References: <1993Apr18.034352.19470 at news.clarkson.edu> <strnlghtC5puor.704 at netcom.com> <bontchev.735230663 at fbihh>
Sender: 
Followup-To: 
Distribution: 
Organization: Partnership for an America Free Drug
Keywords: 

Here is a disturbing thought.

Now, we no longer live in the days of big filing cabinets. We live in
the electronic age. I asked myself, how big could the escrow database
get? How hard might it be to steal the whole thing, particularly were
I an NSA official operating with the tacit permission of the escrow
houses? (We can pretend that such will not happen, but thats naive.)

Well, lets see. Ten bytes of each escrow half. Lets asume ten bytes of
serial number -- in fact, I believe the serial number is smaller, but
this is an order of magnitude calculation. We assume 250*10^6 as the
population, and that each person has a key. I get five gigabytes for
each of the two escrow databases. Fits conveniently on a single very
valuable Exabyte tape. This can only get easier with time, but who
cares -- I can already hold all the clipper keys in the country in my
pocket on two 8mm tapes.

Admittely, they will think of safeguards. They won't put the whole
database on one disk, prehaps. Maybe they will throw stumbling blocks
in the way. This changes nothing -- they keys will be needed every day
by hundreds if not thousands of law enforcement types, so convenience
will dictate that the system permit quick electronic retrieval. At
some point, with or without collusion by the agencies, those exabyte
tapes are going to get cut. Dorothy Denning and David Sternlight will
doubtless claim this can't happen -- but we know that "can't" is a
prayer, not a word that in this instance connotes realism.

With two exabyte tapes in your pocket, you would hold the keys for
every person's conversations in the country in your hands. Yeah, you
need the "master key" two -- but thats just ten bytes of information
that have to be stored an awful lot of places.

Come to think of it, even if the NSA getting a copy of the database
isn't a threat to you because unlike me you have no contraversial
political views, consider foreign intelligence services. You know, the
ones that David Sternlight wants to protect us from because of the
evil industrial espionage that they do. The French apparently do have
a big spying operation in friendly countries to get industrial
secrets, so he isn't being completely irrational here (although why
our companies couldn't use cryptosystems without back doors is left
unexplained by those that point out this threat.) 

Presumably, foreign intelligence services can get moles into the NSA
and other agencies. We have proof by example of this: its happened
many times. Presumably, someday they will get their hands on some
fraction of the keys. You can't avoid that sort of thing.

Don't pretend that no one unauthorized will ever get their hands on
the escrow databases.

We crypto types are all taught something very important at the
beginning of intro to cryptography -- security must depend on the
easily changed key that you pick to run your system, and not on a
secret. The escrow databases aren't the sorts of secrets that our
teachers told us about, but they are the sort of big secrets they
would lump into this category. Imagine trying to replace 100 million
Clipper chips.

I cannot believe that the NSA or whomever it is thats doing this
doesn't realize all this already. They are too smart. There are too
many of them who have made their bones in the real world. I suspect
that they know precisely what they are doing -- and that what they are
doing is giving us the appearance of safety so that they can continue
to surveil in spite of the growth of strong cryptography. I suspect
that they realize that they can't put things off forever, but they can
try to delay things as long as possible.

Who knows. Maybe even some of the higher ups, the inevitable
bureaucratic types that rise in any organization, really do believe
that this scheme might give people some security, even as their
subordinates in Fort Meade wring their hands over the foolishness of
it all.






From hughes at ah.com  Fri Feb  4 16:59:57 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 4 Feb 94 16:59:57 PST
Subject: CERT advisory
In-Reply-To: <9402042327.AA43567@dcdmwm.fnal.gov>
Message-ID: <9402050055.AA22719@ah.com>


>The big issue, in my mind, is how the ftpd is going to get the key
>to unlock the *system's* private key... Do you compile it into the
>code?  Should ftpd ask for it when it comes up? 

Since active interception is not nearly so easy as passive listening,
it would be appropriate to use a Diffie-Hellman key exchange in this
situation.  This protocol has no persistent private keys, so the issue
of keeping a private key around securely is not an issue.

Eric





From hughes at ah.com  Fri Feb  4 17:05:18 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 4 Feb 94 17:05:18 PST
Subject: Running regularly
In-Reply-To: <CMM-RU.1.3.760406745.matthew@gandalf.rutgers.edu>
Message-ID: <9402050100.AA22751@ah.com>


>If it turns out that it was just the process that was automatically killed
>on a time interval, then you could easily write a script that would spawn a
>new process and then kill the parent.

To continue the explanation, no single process would ever execute for
a long time, since it would, phoenix-like, periodically die and be
reborn.

A clever mail filter hack could also check to see if it was still
alive (say, with a socket) and then start it running again if it had
stopped.

Eric





From koontzd at lrcs.loral.com  Fri Feb  4 17:05:20 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Fri, 4 Feb 94 17:05:20 PST
Subject: No Subject
Message-ID: <9402050102.AA08460@io.lrcs.loral.com>


Subject: clipper_q-and-a.txt
>Q.      Who will hold the escrowed keys?

>.      The government.

All this bullshit doesnot state that a court order is required, rather
'legal authorization', which means the NSA for foreign intellingence
purposes without a court order.

Perhaps what is needed is statuatory protection to prevent the NSA
from eavesdropping on U.S. Citizens, communicating domestically,
without a court order.

Lets close a loop hole - no more SHAMROCK





From jcook at pro-storm.metronet.com  Fri Feb  4 17:09:57 1994
From: jcook at pro-storm.metronet.com (Julian Cook)
Date: Fri, 4 Feb 94 17:09:57 PST
Subject: Unsubscribe
Message-ID: <b468211@pro-storm.metronet.com>


Unsubscribe me please






From smb at research.att.com  Fri Feb  4 17:39:57 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 4 Feb 94 17:39:57 PST
Subject: CERT advisory
Message-ID: <9402050138.AA04593@toad.com>


	 >The big issue, in my mind, is how the ftpd is going to get the key
	 >to unlock the *system's* private key... Do you compile it into the
	 >code?  Should ftpd ask for it when it comes up? 

	 Since active interception is not nearly so easy as passive listening,
	 it would be appropriate to use a Diffie-Hellman key exchange in this
	 situation.  This protocol has no persistent private keys, so the issue
	 of keeping a private key around securely is not an issue.

But you still have to type a password to a command that itself could
have been compromised.  (Not that D-H wouldn't be a tremendous help,
of course.)

All of the hand-held authenticators I'm familiar with require that
the host -- or a dedicated, trusted, security server -- keep a secret
key per user.  That's not a great idea.  Bellcore's S/Key doesn't,
but I don't know of any hardware devices that implement it.  Another
possibility would be hand-held digital signature boxes that could sign
a random challenge from the host.





From fb at cyberg.win.net  Fri Feb  4 17:45:17 1994
From: fb at cyberg.win.net (Francis Barrett)
Date: Fri, 4 Feb 94 17:45:17 PST
Subject: Magic Money Digicash System
Message-ID: <81@cyberg.win.net>



 > Magic Money is a digital cash system designed for use over
 > electronic mail. The system is online and untraceable. Online
 > means that each transaction involves an exchange with a server,
 > to prevent double-spending. Untraceable means that it is
 > impossible for anyone to trace transactions, or to match a
 > withdrawal with a deposit, or to match two coins in any way.

This is the neatest thing I have read in a long time.  Where can I get
one?

 > The client module then generates proto-coins, which are
 > blinded but unsigned. It produces an output file containing
 > Alice's coins, and the new proto-coins.

 > Bob mails this to the server. The server counts up Alice's
 > coins, checks their signatures, and checks for
 > double-spending. It puts the coins on the cancelled list,
 > signs the proto-coins, and mails them back to Bob. Bob runs
 > his client module on the reply message. It unblinds the
 > signed coins and adds them to his coin file. This completes
 > the transfer.

A few questions.  Since the client which generates the proto-coins is
under the control of the consumer, the bank has no way of making sure
that he is not running his own code, or that the RNG he is using is
cryptographically strong, or even that he is not distributing modified
client programs to other users.

How does the bank deal with collisions in the 16 byte values of coins?
What if the user picks the numeric values for the server to sign in a
way which leaks information about the banks private key?  RSA is much
more secure when signing random-esque data, like a message digest,
than it is when signing numbers provided to it by some outside party.

Similarly, how can the consumer trust the bank's representation that
money has already been spent?  Surely the bank should be required to
publish a list of cancelled coins and timestamps with a running MD5
hash periodically for inspection by the unwashed masses.

What do you do about lost messages from the server to the client.
Once coins have been recorded as spent, they cannot be redeemed again.
Yet the mail message containing the new coins may have been lost in
transit.


---------------------------------------------------------------
Francis Barrett, F.R.C. |  Thou canst not travel on the path  |
The Cybernetics Guild   |  before thou hast become the Path   |
fb at cyberg.win.net       |  itself.                            |
---------------------------------------------------------------






From brown  Fri Feb  4 14:47:38 1994
From: brown (Dan Brown)
Date: Fri, 4 Feb 1994 17:47:38 -0500
Subject: clipper_q-and-a.txt
Message-ID: <199402042247.RAA00190@eff.org>

>From the White House   

*****************************************************************

Embargoed until 3:00 p.m. EST Feb. 4, 1994

QUESTIONS AND ANSWERS ABOUT THE
CLINTON ADMINISTRATION'S ENCRYPTION POLICY

Q. 	What were the findings of the encryption technology review?

A. 	The review confirmed that sound encryption technology is 
needed to help ensure that digital information in both computer 
and telecommunications systems is protected against unauthorized 
disclosure or tampering. It also verified the importance of 
preserving the ability of law enforcement to understand encrypted 
communications when conducting authorized wiretaps. Key escrow 
technology meets these objectives.

Specific decisions were made to enable federal agencies and the 
private sector to use the key escrow technology on a voluntary 
basis and to allow the export of key escrow encryption products.

In addition, the Department of State will streamline export 
licensing procedures for products that can be exported under 
current regulations in order to help U.S. companies to sell their 
products abroad.

To meet the critical need for ways to verify the author and sender 
of an electronic message -- something that is crucial to business 
applications for the National Information Infrastructure -- the 
federal government is committed to ensuring the availability of a 
royalty-free, public-domain Digital Signature Standard.

Finally, an interagency working group has been established to 
continue to address these issues and to maintain a dialogue with 
industry and public interest groups.

Q. 	 Who has been consulted during this review? The Congress? 
Industry? What mechanism is there for continuing consultation?

A.	 Following the President's directive announced on April 16, 
1993, extensive discussions have been held with Congress, 
industry, and privacy rights groups on encryption issues. Formal 
public comment was solicited on the Escrowed Encryption Standard 
and on a wide variety of issues related to the review through the 
Computer System Security and Privacy Advisory Board.

The White House Office of Science and Technology Policy and the 
National Security Council will chair the interagency working 
group. The group will seek input from the private sector both 
informally and through several existing advisory committees. It 
also will work closely with the Information Policy Committee of 
the Information Infrastructure Task Force, which is responsible 
for coordinating Administration telecommunications and information 
policy.

Q. 	If national security and law enforcement interests require 
continued export controls of encryption, what specific benefits 
can U.S. encryption manufacturers expect?

A.	The reforms will simplify encryption product export licensing 
and speed the review of encryption product exports. Among other 
benefits, manufacturers should see expedited delivery of products, 
reduced shipping and reporting costs, and fewer individual license 
requests -- especially for small businesses that cannot afford 
international distributors. A personal exemption for business 
travellers using encryption products will eliminate delays and 
inconvenience when they want to take encryption products out of 
the U.S. temporarily.

Q.	Why is the key escrow standard being adopted?

A.	The key escrow mechanism will provide Americans and 
government agencies with encryption products that are more secure, 
more convenient, and less expensive than others readily available 
today -- while at the same time meeting the legitimate needs of 
law enforcement.

Q. 	Will the standard be mandatory?

A. 	No. The Administration has repeatedly stressed that the key 
escrow technology, and this standard, is for voluntary use by 
federal and other government agencies and by the private sector. 
The standard that is being issued only applies to federal agencies 
-- and it is voluntary.

Does this approach expand the authority of government agencies to 
listen in on phone conversations?

No Key escrow technology provides government agencies with no 
[sic] new authorities to access the content of the private 
conversations of Americans.

Q.	Will the devices be exportable? Will other devices that use 
the government hardware?

A.	Yes. After an initial review of the product, the State 
Department will permit the export of devices incorporating key 
escrow technology to most end users. One of the attractions of 
this technology is the protection it can give to U.S. companies 
operating at home and abroad.

Q.	Suppose a law enforcement agency is conducting a wiretap on a 
drug smuggling ring and intercepts a conversation encrypted using 
the device. What would they have to do to decipher the message?

A.	They would have to obtain legal authorization, normally a 
court order, to do the wiretap in the first place. They would then 
present documentation, including a certification of this 
authorization, to the two entities responsible for safeguarding 
the keys. (The key is split into component parts, which are stored 
separately in order to ensure the security of the key escrow 
system.) They then obtain the components for the keys for the 
device being used by the drug smugglers. The components are then 
combined and the message can be read.

Q.	Who will hold the escrowed keys?

A.	The Attorney General has selected two U.S. agencies to hold 
the escrowed key components: the Treasury Department's Automated 
Systems Division and the Commerce Department's National Institute 
of Standards and Technology.

Q.	How strong is the security in the device? How can I be sure 
how strong the security is?

A.	This system is more secure than many other voice encryption 
system readily available today. While the algorithm upon which the 
Escrowed Encryption Standard is based will remain classified to 
protect the security of the system, an independent panel of 
cryptography experts found that the algorithm provides significant 
protection. In fact, the panel concluded that it will be 36 years 
until the cost of breaking the algorithm will be equal to the cost 
of breaking the current Data Encryption Standard now being used.

Q.	Is there a "trap door" that would allow unauthorized access 
to the keys?

A.	No. There is no trapdoor.

Q.	Whose decision was it to propose this product?

A.	The National Security Council, the Justice Department, the 
Commerce Department, and other key agencies were involved in this 
decision. The approach has been endorsed by the President, the 
Vice President, and appropriate Cabinet officials.





From brown  Fri Feb  4 14:47:39 1994
From: brown (Dan Brown)
Date: Fri, 4 Feb 1994 17:47:39 -0500
Subject: doj_escrow_intercept.procedures
Message-ID: <199402042247.RAA00193@eff.org>

U.S. Department of Justice
Washington, D.C. 20530

February 4, 1994



AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS    
     IN CONJUNCTION WITH INTERCEPTS PURSUANT TO TITLE III

The following are the procedures for the release of escrowed key 
components in conjunction with lawfully authorized interception of 
communications encrypted with a key-escrow encryption method. 
These procedures cover all electronic surveillance conducted 
pursuant to Title III of the Omnibus crime Control and Safe 
Streets Act of 1968, as amended (Title III), Title 18, United 
States Code, Section 2510 et seq.

	1) In each case there shall be a legal authorization for the 
interception of wire and/or electronic communications.

	2) All electronic surveillance court orders under Title III 
shall contain provisions authorizing after-the-fact minimization, 
pursuant to 18 U.S.C. 2518(5), permitting the interception and 
retention of coded communications, including encrypted 
communications.

	3) In the event that federal law enforcement agents discover 
during the course of any lawfully authorized interception that 
communications encrypted with a key escrow encryption method are 
being utilized, they may obtain a certification from the 
investigative agency conducting the investigation, or the Attorney 
General of the United States or designee thereof. Such 
certification shall

		(a) identify the law enforcement agency or other 
authority conducting the interception and the person providing the 
certification; 

		(b) certify that necessary legal authorization has been 
obtained to conduct electronic surveillance regarding these 
communications; 

		(c) specify the termination date of the period for which 
interception has been authorized; 

		(d) identify by docket number or other suitable method 
of specification the source of the authorization;

		(e) certify that communications covered by that 
authorization are being encrypted with a key-escrow encryption 
method;

		(f) specify the identifier (ID) number of the key escrow 
encryption chip providing such encryption; and

		(g) specify the serial (ID) number of the key-escrow 
decryption device that will be used by the law enforcement agency 
or other authority for decryption of the intercepted 
communications.

	4) The agency conducting the interception shall submit this 
certification to each of the designated key component escrow 
agents. If the certification has been provided by an investigative 
agency, as soon thereafter as practicable, an attorney associated 
with the United States Attorney's Office supervising the 
investigation shall provide each of the key component escrow 
agents with written confirmation of the certification.

	5) Upon receiving the certification from the requesting 
investigative agency, each key component escrow agent shall 
release the necessary key component to the requesting agency. The 
key components shall be provided in a manner that assures they 
cannot be used other than in conjunction with the lawfully 
authorized electronic surveillance for which they were requested.

	6) Each of the key component escrow agents shall retain a 
copy of the certification of the requesting agency, as well as the 
subsequent confirmation of the United States Attorney's Office. In 
addition, the requesting agency shall retain a copy of the 
certification and provide copies to the following for retention in 
accordance with normal record keeping requirements:

		(a) the United States Attorney's Office supervising the 
investigation, and
		
		(b) the Department of Justice, Office of Enforcement 
Operations.

	7) Upon, or prior to, completion of the electronic 
surveillance phase of the investigation, the ability of the 
requesting agency to decrypt intercepted communications shall 
terminate, and the requesting agency may not retain the key 
components.

	8) The Department of Justice shall, in each such case,

		(a) ascertain the existence of authorizations for 
electronic surveillance in cases for which escrowed key components 
have been released;

		(b) ascertain that key components for a particular key 
escrow encryption chip are being used only by an investigative 
agency authorized to conduct electronic surveillance of 
communications encrypted with that chip; and 

		(c) ascertain that, no later than the completion of the 
electronic surveillance phase of the investigation, the ability of 
the requesting agency to decrypt intercepted communications is 
terminated.

	9) In reporting to the Administrative Office of the United 
States Courts pursuant to 18 U.S.C. Section 2519(2), the Assistant 
Attorney General for the Criminal Division shall, with respect to 
any order for authorized electronic surveillance for which 
escrowed encryption components were released and used for 
decryption, specifically note that fact.

These procedures do not create, and are not intended to create, 
any substantive rights for individuals intercepted through 
electronic surveillance, and noncompliance with these procedures 
shall not provide the basis for any motion to suppress or other 
objection to the introduction of electronic surveillance evidence 
lawfully acquired.

*************************************************************



U.S. Department of Justice
Washington, D.C. 20530

February 4, 1994



AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
    IN CONJUNCTION WITH INTERCEPTS PURSUANT TO STATE STATUTES

Key component escrow agents may only release escrowed key 
components to law enforcement or prosecutorial authorities for use 
in conjunction with lawfully authorized interception of 
communications encrypted with a key-escrow encryption method. 
These procedures apply to the release of key components to State 
and local law enforcement or prosecutorial authorities for use in 
conjunction with interceptions conducted pursuant to relevant 
State statutes authorizing electronic surveillance, and Title III 
of the Omnibus crime Control and Safe Streets Act of 1968, as 
amended, Title 18, United States Code, Section 2510 et seq.

	1) The state or local law enforcement or prosecutorial 
authority must be conducting an interception of wire and/or 
electronic communications pursuant to lawful authorization.

	2) Requests for release of escrowed key components must be 
submitted to the key component escrow agents by the principal 
prosecuting attorney of the State, or of a political subdivision 
thereof, responsible for the lawfully authorized electronic 
surveillance.

	3) The principal prosecuting attorney of such State or 
political subdivision of such State shall submit with the request 
for escrowed key components a certification that shall

		(a) identify the law enforcement agency or other 
authority conducting the interception and the prosecuting attorney 
responsible therefor; 

		(b) certify that necessary legal authorization for 
interception has been obtained to conduct electronic surveillance 
regarding these communications; 

		(c) specify the termination date of the period for which 
interception has been authorize;

		(d) identify by docket number or other suitable method 
of specification the source of the authorization;

		(e) certify that communications covered by that 
authorization are being encrypted with a key-escrow encryption 
method;

		(f) specify the identifier (ID) number of the key escrow 
chip providing such encryption; and 

		(g) specify the serial (ID) number of the key-escrow 
decryption device that will be used by the law enforcement agency 
or other authority for decryption of the intercepted 
communications.

	4) Such certification must be submitted by the principal 
prosecuting attorney of that State or political subdivision to 
each of the designated key component escrow agents.

	5) Upon receiving the certification from the principal 
prosecuting attorney of the State or political subdivision, each 
key component escrow agent shall release the necessary key 
component to the intercepting State or local law enforcement 
agency or other authority. The key components shall be provided in 
a manner that assures they cannot be used other than in 
conjunction with the lawfully authorized electronic surveillance 
for which they were requested.

	6) Each of the key component escrow agents shall retain a 
copy of the certification of the principal prosecuting attorney of 
the State or political subdivision. In addition, such prosecuting 
attorney shall provide a copy of the certification to the 
Department of Justice, for retention in accordance with normal 
record keeping requirements.

	7) Upon, or prior to, completion of the electronic 
surveillance phase of the investigation, the ability of the 
intercepting law enforcement agency or other authority to decrypt 
intercepted communications shall terminate, and the intercepting 
law enforcement agency or other authority may not retain the key 
components.

	8) The Department of Justice may, in each such case, make 
inquiry to

		(a) ascertain the existence of authorizations for 
electronic surveillance in cases for which escrowed key components 
have been released;

		(b) ascertain that key components for a particular key 
escrow encryption chip are being used only by an investigative 
agency authorized to conduct electronic surveillance of 
communications encrypted with that chip; and

		(c) ascertain that, no later than the completion of the 
electronic surveillance phase of the investigation, the ability of 
the requesting agency to decrypt intercepted communications is 
terminated.

	9) In reporting to the Administrative Office of the United 
States Courts pursuant to 18 U.S.C. Section 2519(2), the principal 
prosecuting attorney of a State or of a political subdivision of a 
State may, with respect to any order for authorized electronic 
surveillance for which escrowed encryption components were 
released and used for decryption, desire to note that fact.

These procedures do not create, and are not intended to create, 
any substantive rights for individuals intercepted through 
electronic surveillance, and noncompliance with these procedures 
shall not provide the basis for any motion to suppress or other 
objection to the introduction of electronic surveillance evidence 
lawfully acquired.

*************************************************************



U.S. Department of Justice
Washington D.C. 20530

February 4, 1994



AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY COMPONENTS
         IN CONJUNCTION WITH INTERCEPTS PURSUANT TO FISA

The following are the procedures for the release of escrowed key 
components in conjunction with lawfully authorized interception of 
communications encrypted with a key-escrow encryption method. 
These procedures cover all electronic surveillance conducted 
pursuant to the Foreign Intelligence Surveillance Act (FISA), Pub. 
L. 95-511, which appears at Title 50, U.S. Code, Section 1801 et 
seq.

	1 ) In each case there shall be a legal authorization for the 
interception of wire and/or electronic communications.

	2) In the event that federal authorities discover during the 
course of any lawfully authorized interception that communications 
encrypted with a key-escrow encryption method are being utilized, 
they may obtain a certification from an agency authorized to 
participate in the conduct of the interception, or from the 
Attorney General of the United States or designee thereof. Such 
certification shall

		(a) identify the agency participating in the conduct of 
the interception and the person providing the certification;

		to conduct electronic surveillance regarding these 
communications;

		(c) specify the termination date of the period for which 
interception has been authorized;

		(d) identify by docket number or other suitable method 
of specification the source of the authorization;

		(e) certify that communications covered by that 
authorization are being encrypted with a key-escrow encryption 
method;

		(f) specify the identifier (ID) number of the key escrow 
encryption chip providing such encryption; and

		(g) specify the serial (ID) number of the key-escrow 
decryption device that will be used by the agency participating in 
the conduct of the interception for decryption of the intercepted 
communications.

	4) This certification shall be submitted to each of the 
designated key component escrow agents. If the certification has 
been provided by an agency authorized to participate in the 
conduct of the interception, a copy shall be provided to the 
Department of Justice, Office of Intelligence Policy and Review. 
As soon as possible, an attorney associated with that office shall 
provide each of the key component escrow agents with written 
confirmation of the certification.

	5) Upon receiving the certification, each key component 
escrow agent shall release the necessary key component to the 
agency participating in the conduct of the interception. The key 
components shall be provided in a manner that assures they cannot 
be used other than in conjunction with the lawfully authorized 
electronic surveillance for which they were requested.

	6) Each of the key component escrow agents shall retain a 
copy of the certification, as well as the subsequent written 
confirmation of the Department of Justice, Office of Intelligence 
Policy and Review.

	7) Upon, or prior to, completion of the electronic 
surveillance phase of the investigation, the ability of the agency 
participating in the conduct of the interception to decrypt 
intercepted communications shall terminate, and such agency may 
not retain the key components.

	8)   The Department of Justice shall, in each such case,

		(a) ascertain the existence of authorizations for 
electronic surveillance in cases for which escrowed key components 
have been released;

		(b) ascertain that key components for a particular key 
escrow encryption chip are being used only by an agency authorized 
to participate in the conduct of the interception of 
communications encrypted with that chip; and 

		(c) ascertain that, no later than the completion of the 
electronic surveillance phase of the investigation, the ability of 
the agency participating in the conduct of the interception to 
decrypt intercepted communications is terminated.

	9) Reports to the House Permanent Select Committee on 
Intelligence and the Senate Select Committee on Intelligence, 
pursuant to Section 108 of FISA, shall, with respect to any order 
for authorized electronic surveillance for which escrowed 
encryption components were released and used for decryption, 
specifically note that fact.

These procedures do not create, and are not intended to create, 
any substantive rights for individuals intercepted through 
electronic surveillance, and noncompliance with these procedures 
shall not provide the basis for any motion to suppress or other 
objection to the introduction of electronic surveillance evidence 
lawfully acquired.






From brown  Fri Feb  4 14:47:40 1994
From: brown (Dan Brown)
Date: Fri, 4 Feb 1994 17:47:40 -0500
Subject: gore_crypto.statement
Message-ID: <199402042247.RAA00195@eff.org>

THE WHITE HOUSE
OFFICE OF THE VICE PRESIDENT

EMBARGOED UNTIL, 3: 00 PM EST             CONTACT: 202/456-7035 
February 4, 1994


STATEMENT OF THE VICE PRESIDENT


Today's announcements on encryption represent important steps in 
the implementation of the Administration's policy on this critical 
issue. Our policy is designed to provide better encryption to 
individuals and businesses while ensuring that the needs of law 
enforcement and national security are met.

Encryption is a law and order issue since it can be used by criminals 
to thwart wiretaps and avoid detection and prosecution. It also has 
huge strategic value. Encryption technology and cryptoanalysis 
turned the tide in the Pacific and elsewhere during World War II.

[end of statement]





From brown  Fri Feb  4 14:47:41 1994
From: brown (Dan Brown)
Date: Fri, 4 Feb 1994 17:47:41 -0500
Subject: interagency_workgroup.notice
Message-ID: <199402042247.RAA00199@eff.org>

>From the White House
Feb. 4, 1994

******************************************************************

WORKING GROUP ON DATA SECURITY



The Administration has created a new interagency working on data 
security to deal with issues like encryption and digital 
telephony. This group will be chaired by the White House Office of 
Science and Technology Policy and the National Security Council 
and will include representatives of the agencies that have 
participated in Presidential Review Directive 27, which called for 
a comprehensive review of the impact of encryption technology and 
advanced digital telecomrnunications systems. Agencies 
participating in the new working group include the Office of 
Management and Budget, FBI, Department of Justice, Department of 
Comrnerce, National Security Agency, the Department of Treasury, 
and the Department of State. The group will work closely with the 
Inforrnation Comrnittee of the Information Infrastructure Task 
Force, which is responsible for coordinating Administration 
telecommunications and inforrnation policy. It will seek input 
from the private sector both informally and through groups like 
the National Security Telecommunications Advisory Committee and 
the U.S. Advisory Committee on the National Information 
Infrastructure.

The working group will develop and irnplement Administration 
policies on encryption. Advanced encryption technology can provide 
better privacy protection for individuals, but can also thwart 
efforts by law enforcement agencies to use wiretaps to catch and 
prosecute criminals. The working group will attempt to reconcile 
the need of privacy and the needs of law enforcement. Last April, 
the Administration announced development of the Clipper chip, a 
new computer chip designed to provide better telecomrnunications 
security without compromising the ability of law enforcement to do 
wiretaps. The working group will work with industry to develop and 
apply technologies like the Clipper Chip, to evaluate possible 
alternatives to the Clipper Chip, and to review and refine 
Administration policies regarding encryption as developments 
warrant.

In addition, the working group will coordinate Administration 
policies regarding digital telephony. As more and more telephone 
companies install high-speed, digital communications links, it 
becomes more and more difficult for law enforcement agencies to 
conduct wiretaps. The working group will work with industry to 
ensure that new digital telecommunications systems are designed in 
a way that ensures that do not prevent courtauthorized wiretaps.

For more information on the interagency working group, contact 
Matt Heymann at NIST Public Affairs (301/975-2758), Mike Nelson at 
OSTP (202/395-6175), or Ray Mislock at NSC (202/395-4614).





From brown  Fri Feb  4 14:47:41 1994
From: brown (Dan Brown)
Date: Fri, 4 Feb 1994 17:47:41 -0500
Subject: harris.statement
Message-ID: <199402042247.RAA00197@eff.org>

United States Department of State
Washington, D.C. 20520

EMBARGOED FOR RELEASE, 3:00 PM EST, FEB. 4, 1994



Statement of
Dr. Martha Harris
Deputy Assistant Secretary of State
for Political-Military Affairs
February 4, 1994


Encryption -- Export Control Reform


The Secretary of State is announcing today measures arising from 
the Administration's decision to reform export control procedures 
applicable to products incorporating encryption technology. These 
reforms are part of the Administration's effort to eliminate 
unnecessary controls and ensure efficient implementation. The 
reforms will simplify encryption product export licensing and 
speed the review of encryption product exports, thus helping U.S. 
manufacturers to compete more effectively in the global market. 
While there will be no changes in the types of equipment 
controlled by the Munitions List, we are announcing measures to 
expedite licensing.

Last year the President announced an initiative to encourage U.S. 
manufacturers and users of encryption to take advantage of a 
government technology (the key-escrow chip) that provides 
excellent security while ensuring that the Government has a means 
to decode the encryption when lawfully authorized, such as when 
executing a court-authorized warrant in connection with a criminal 
investigation. At the time he announced this initiative, the 
President directed a comprehensive review of U.S. policy regarding 
domestic use and export of encryption technology. The reforms we 
are announcing today result from that review.

The President has determined that vital U.S. national security and 
law enforcement interests compel maintaining appropriate control 
of encryption. Still, there is much that can be done to reform 
existing controls to ensure that they are efficiently implemented 
and to maintain U.S. leadership in the world market for encryption 
technology. Accordingly, the President has asked the Secretary of 
State to take immediate action to implement a number of procedural 
reforms. The reforms are:

* License Reform: Under new licensing arrangements, encryption 
manufacturers will be able to ship their products from the United 
States directly to customers within approved regions without 
obtaining individual licenses for each end user. This will improve 
the ability of our manufacturers to provide expedited delivery of 
products, and to reduce shipping and tracking costs. It should 
also reduce the number of individual license requests, especially 
for small businesses that cannot afford international 
distributors.

* Rapid review of export license applications: A significant 
number of encryption export license applications can be reviewed 
more quickly. For such exports, we have set a license turnaround 
goal of two working days.

* Personal use exemption: We will no longer require that U.S. 
citizens obtain an export license prior to taking encryption 
products out of the U.S. temporarily for their own personal use. 
In the past, this requirement caused delays and inconvenience for 
business travellers.

* Allow exports of key-escrow encryption: After initial review, 
key-escrow encryption products may now be exported to most end 
users. Additionally, key-escrow products will qualify for special 
licensing arrangements.

These reforms should have the effect of minimizing the impact of 
export controls on U.S. industry. The Department of State will 
take all appropriate actions to ensure that these reforms are 
implemented as quickly as possible. The Secretary of State asks 
that encryption product manufacturers evaluate the impact of these 
reforms over the next year and provide feedback both on how the 
reforms have worked out and on recommendations for additional 
procedural reforms.

The contact point for further information on these reforms is Rose 
Biancaniello, Office of Defense Trade Controls, Bureau of 
Political-Military Affairs, Department of State, (703) 875-6644.





From brown  Fri Feb  4 14:47:42 1994
From: brown (Dan Brown)
Date: Fri, 4 Feb 1994 17:47:42 -0500
Subject: reno_key_escrow.statement
Message-ID: <199402042247.RAA00201@eff.org>

Department of Justice

EMBARGOED FOR 3 P.M. RELEASE                                   AG 
FRIDAY, FEBRUARY 4, 1994                           (202) 616-2771


ATTORNEY GENERAL MAKES KEY ESCROW ENCRYPTION ANNOUNCEMENTS



Attorney General Janet Reno today announced selection of the two 
U.S. Government entities that will hold the escrowed key 
components for encryption using the key escrow encryption method. 
At the same time, the Attorney General made public procedures 
under which encryption key components will be released to 
government agencies for decrypting communications subject to 
lawful wiretaps.

Key Escrow Encryption (formerly referred to as Clipper Chip ) 
strikes an excellent balance between protection of communications 
privacy and protection of society. It permits the use in 
commercial telecommunications products of chips that provide 
extremely strong encryption, but can be decrypted, when necessary, 
by government agencies conducting legally authorized wiretaps. 
Decryption is accomplished by use of keys--80-bit binary numbers--
that are unique to each individual encryption chip. Each unique 
key is in turn split into two components, which must be recombined 
in order to decrypt communications. Knowing one component does not 
make decryption any more feasible than not knowing either one.

The two escrow agents are the National Institute of Standards and 
Technology (NIST), a part of the Department of Commerce, and the 
Automated Systems Division of the Department of the Treasury. The 
two escrow agents were chosen because of their abilities to 
safeguard sensitive information, while at the same time being able 
to respond in a timely fashion when wiretaps encounter encrypted 
communications. In addition, NIST is responsible for establishing 
standards for protection of sensitive, unclassified information in 
Federal computer systems.

The escrow agents will act under strict procedures, which are 
being made public today, that will ensure the security of the key 
components and govern their release for use in conjunction with 
lawful wiretaps. They will be responsible for holding the key 
components: for each chip, one agent will hold one of the key 
components, and the second agent will hold the other. Neither will 
release a key component, except to a government agency with a 
requirement to obtain it in connection with a lawfully authorized 
wiretap. The system does not change the rules under which 
government agencies are authorized to conduct wiretaps.

When an authorized government agency encounters suspected key-
escrow encryption, a written request will have to be submitted to 
the two escrow agents. The request will, among other things, have 
to identify the responsible agency and the individuals involved; 
certify that the agency is involved in a lawfully authorized 
wiretap; specify the wiretap's source of authorization and its 
duration; and specify the serial number of the key-escrow 
encryption chip being used. In every case, an attorney involved in 
the investigation will have to provide the escrow agents assurance 
that a validly authorized wiretap is being conducted.

Upon receipt of a proper request, the escrow agents will transmit 
their respective key components to the appropriate agency. The 
components will be combined within a decrypt device, which only 
then will be able to decrypt communications protected by key-
escrow encryption. When the wiretap authorization ends, the device 
s ability to decrypt communications using that particular chip 
will also be ended.

The Department of Justice will, at the various stages of the 
process, take steps to monitor compliance with the procedures.





From brown  Fri Feb  4 14:47:44 1994
From: brown (Dan Brown)
Date: Fri, 4 Feb 1994 17:47:44 -0500
Subject: wh_press_secy.statement
Message-ID: <199402042247.RAA00203@eff.org>

THE WHITE HOUSE                                 CONTACT: 202 156-7035
OFFlCE OF THE PRESS SECRETARY

EMBARGOED UNTIL 3 PM (EST) FRIDAY, February 4, 1994


STATEMENT OF THE PRESS SECRETARY


Last April, the Administration announced a comprehensive 
interagency review of encryption technology, to be overseen by the 
National Security Council. Today, the Administration is taking a 
number of steps to implement the recommendations resulting from 
that review.

Advanced encryption technology offers individuals and businesses 
an inexpensive and easy way to encode data and telephone 
conversations. Unfortunately, the same encryption technology that 
can help Americans protect business secrets and personal privacy 
can also be used by terrorists, drug dealers, and other criminals.

In the past, Federal policies on encryption have reflected primarily 
the needs of law enforcement and national security. The Clinton 
Administration has sought to balance these needs with the needs of 
businesses and individuals for security and privacy. That is why, 
today the National Institute of Standards ant Technology (NIST) is 
committing to ensure a royalty-free, public-domain Digital Signature 
Standard. Over many years, NIST has been developing digital 
signature technology that would provide a way to verify the author 
and sender of an electronic message. Such technology will be critical 
for a wide range of business applications for the National 
Information Infrastructure. A digital signature standard will enable 
individuals to transact business electronically rather than having to 
exchange signed paper contracts. The Administration has determined 
that such technology should not be subject to private royalty 
payments, and it will be taking steps to ensure that royalties are not 
required for use of a digital signature. Had digital signatures been in 
widespread use, the recent security problems with the Intemet 
would have been avoided.

Last April, the Administration released the Key Escrow chip (also 
known as the "Clipper Chip") that would provide Americans with 
secure telecommunications without compromising the ability of law 
enforcement agencies to carry out legally authorized wiretaps. Today, 
the Department of Commerce and the Department of Justice are 
taking steps to enable the use of such technology both in the U.S. and 
overseas. At the same time, the Administration is announcing its 
intent to work with industry to develop other key escrow products 
that might better meet the needs of individuals and industry, 
particularly the American computer and telecommunications 
industry. Specific steps being announced today include:

-  Approval by the Commerce Secretary of the Escrowed Encryption     
   Standard (EES) as a voluntary Federal Informahon Processing    
   Standard, which will enable govemment gencies to purchase the  
   Key Escrow chip for use with telephones nd modems. The 
   department's National Institute of Standards and Technology   
   (NIST) will publish the standard.

-  Publication by the Department of Justice of procedurs for the     
   release of escrowed keys and the announcement of NIST and the 
   Automated Services Division of the Treasury Department as the 
   escrow agents that will store the keys needed for decryption of 
   communications using the Key Escrow chip. Nothing in these 
   procedures will diminish tne existing legal and procedural 
   requirements that protect Americans from unauthorized wiretaps.

-  New procedures to allow export of products containing the Key 
   Escrow chip to most countries.

In addition, the Department of State will streamline export licensing 
procedures for encryption products that can be exported under 
current export regulations in order to help American companies sell 
their products overseas. In the past, it could take weeks for a 
company to obtain an export license for encryption products, and 
each shipment might require a separate license. The new procedures 
announced today will substantially reduce administrative delays and 
paperwork for encryption exports.

To implement the Administration's encryption policy, an interagency 
Working Group on Encryption and Telecommunications has been 
established. It will be chaired by the White House Office of Science 
and Technology Policy and the National Security Council and will 
include representatives of the Departments of Commerce, Justice, 
State, and Treasury as well as the FBI, the National Security Agency, 
the Office of Management and Budget, and the National Economic 
Council. This group will work with industry and public-interest 
groups to develop new encryption technologies and to review and 
refine Administration policies regarding encryption, as needed.

The Administration is expanding its efforts to work with industry to 
improve on the Key Escrow chip, to develop key-escrow software, 
and to examine alternatives to the Key Escrow chip. NIST will lead 
these efforts and will request additional staff and resources for this 
purpose.

We understand that many in industry would like to see all 
encryption products exportable. However, if encryption technology is 
made freely available worldwide, it would no doubt be usod 
extensively by terrorists, drug dealers, and other criminals to harm 
Americans both in the U.S. and abroad. For this reason, the 
Administration will continue to restrict export of the most 
sophisticated encryption devices, both to preserve our own foreign 
intelligence gathering capability and because of the concerns of our 
allies who fear that strong encryption technology would inhibit their 
law enforcement capabilities.

At the same time, the Administration understands the benefits that 
encryption and related technologies can provide to users of 
computers and telecommunications networks. Indeed, many of the 
applications of the evolving National Information Infrastructure will 
require some form of encryption. That is why the Administration 
plans to work more closely with the private sector to develop new 
forms of encryption that can protect privacy and corporate secrets 
without undermining the ability of law-enforcement agencies to 
conduct legally authorized wiretaps. That is also why the 
Administration is committed to make available free of charge a 
Digital Signature Standard.

The Administration believes that the steps being announced today 
will help provide Americans with the telecommunications security 
they need without compromising the capability of law enforcement 
agencies and national intelligence agencies. Today, any American can 
purchase and use any type of encryption product. The 
Administration does not intend to change that policy. Nor do we have 
any intention of restrictiog domestic encryption or mandating the use 
of a particular technology.






From smb at research.att.com  Fri Feb  4 17:49:56 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 4 Feb 94 17:49:56 PST
Subject: No Subject
Message-ID: <9402050149.AA05059@toad.com>


	 Subject: clipper_q-and-a.txt
	 >Q.      Who will hold the escrowed keys?

	 >.      The government.

	 All this bullshit doesnot state that a court order is required, rather
	 'legal authorization', which means the NSA for foreign intellingence
	 purposes without a court order.

	 Perhaps what is needed is statuatory protection to prevent the NSA
	 from eavesdropping on U.S. Citizens, communicating domestically,
	 without a court order.

The law already says that.  The government's right to spy on non-Americans
is spelled out in the Foreign Intelligence Surveillance Act, 50 USC 1801.
Enforcing it is another matter, of course.

I saw an AP wire story today that's illuminating.  It seems that for
years, members of the Tennessee Highway Patrol have been subpoenaing
phone company records without proper authority.  They've been using
a rubber stamp with the commissioner's signature, apparently without
his knowledge or consent -- which he probably wouldn't have given, since
under Tennessee law the Highway Patrol can deal with crimes committed
on a highway, car theft, odometer tampering, or (of course) drug
dealing.  The only state police agency that has such subpoena authority
is the Tennessee Bureau of Investigation -- and even they're limited;
the D.A. is supposed to do such things after authorization by the grand
jury.

And the phone company -- they complied, of course; they had no idea
(they said) that the subpoenas were illegal.





From nobody at shell.portal.com  Fri Feb  4 18:55:19 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 4 Feb 94 18:55:19 PST
Subject: KERT Advisory
Message-ID: <199402050251.SAA12755@jobe.shell.portal.com>


From: KERT Advisory <kert-advisory-request at kremvax.su>
Date: Fri, 4 Feb 94 21:14:40 EST
To: kert-advisory at kremvax.su
Subject: KERT Advisory - Ongoing Network Monitoring Attacks
Organization: Komputer Emergency Response Team : 714-731-0699

=============================================================================
KA-94:01                         KERT Advisory
                               February 4, 1994
                      Ongoing Network Monitoring Attacks
-----------------------------------------------------------------------------
                                   

In the past week, KERT has observed a dramatic increase in reports of
intruders wishing to monitor network traffic.  Systems of some service
providers have been compromised, and all systems that offer remote
access through normal channels are at risk.  The intruders have
already captured information from tens of thousands of users
outside the political boundaries of the United States.

The current attacks involve a network monitoring tool that uses the
promiscuous mode of a specific network interface, the telephone, to
capture host and user identities and data on newly established
telephone sessions.

In the short-term, CERT recommends that all users at all sites that offer
remote access resist attempts by any persons or organizations to
install Trojan-horse devices which purport to "enhance" privacy but in
fact are designed to provide unauthorized access to sensitive information.

While the current attack is specific to /dev/Clipper, the short-term
workaround does not constitute a solution.  The best long-term
solution currently available for this attack is to reduce or eliminate
the transmission of user data in clear-text over the network, and to
reduce or eliminate the access of the intruders to the network
interface design and specification process.

-----------------------------------------------------------------------------






From mech  Fri Feb  4 16:01:34 1994
From: mech (Stanton McCandlish)
Date: Fri, 4 Feb 1994 19:01:34 -0500 (EST)
Subject: Alert--Admin. names escrow agents, no compromise on Clipper - 7 files
Message-ID: <199402050001.TAA02297@eff.org>

EFF Press Release            04/04/94             * DISTRIBUTE WIDELY *

At two briefings, Feb. 4, 1994, the Clinton Administration and various
agencies gave statements before a Congressional committee, and later
representatives of civil liberties organizations, industry spokespersons
and privacy advocates.  The Electronic Frontier Foundation's position,
based on what we have seen and heard from the Administration today, is
that the White House is set on a course that pursues Cold War national
security and law enforcement interests to the detriment of individual
privacy and civil liberties.

The news is grim.  The Administration is:

 * not backing down on Clipper
 * not backing down on key escrow
 * not backing down on selection of escrow agents
 * already adamant on escrowed key access procedures
 * not willing to elminate ITAR restrictions
 * hiding behind exaggerated threats of "drug dealers" and "terrorists"

The material released to the industry and advocacy version of the briefing
have been placed online at ftp.eff.org (long before their online
availability from goverment access sites, one might add).  See below for
specific details.

No information regarding the Congressional committee version of the briefing
has been announced.  EFF Director Jerry Berman, who attended the private
sector meeting, reported the following:

"The White House and other officials briefed industry on its Clipper chip
and encryption review. While the review is not yet complete, they have
reached several policy conclusions.  First, Clipper will be proposed as
a new Federal Information Processing Standard (FIPS) next Wednesday. [Feb.
9]  It will be "vountary" for government agencies and the private sector
to use. They are actively asking other vendors to jump in to make the
market a Clipper market. Export licensing processes will be speeded up but
export restrictions will not be lifted in the interests of national
security. The reason was stated bluntly at the briefing : to frustrate
competition with clipper by other powerful encryption schemes by making
them  difficult to market, and to "prevent" strong encryption from leaving
the country thus supposedly making the job of law enforcement and
intelligence more difficult.  Again in the interest of national security. Of
course, Clipper will be exportable but they would not comment on how other
governments will view this.  Treasury and NIST will be the escrow agents
and Justice asserted that there was no necessity for legislation to
implement the escrow procedures.

"I asked if there would be a report to explain the rationale for choosing
these results - we have no explanation of the Administration's thinking, or
any brief in support of the results. They replied that there would be no
report because they have been unable to write one, due to the complexity of
the issue.

"One Administation spokesperson said this was the Bosnia of
Telecommunications. I asked, if this was so, how, in the absense of some
policy explanation, could we know if our policy here will be as successful
as our policy in Bosnia?"

The announcements, authorization procedures for release of escrowed keys,
and q-and-a documents from the private sector briefing are online at EFF.

They are:

"Statement of the [White House] Press Secretary" [White House]
file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_press_secy.statement

"Statement of the Vice President" [very short - WH]
file://ftp.eff.org/pub/EFF/Policy/Crypto/gore_crypto.statement

"Attorney General Makes Key Escrow Encryption Announcements" [Dept. of Just.]
file://ftp.eff.org/pub/EFF/Policy/Crypto/reno_key_escrow.statement

"Authorization Procedures for Release pf Emcryption Key Components in
Conjunction with Intercepts Pursuant to Title III/State Statutes/FISA"
[3 docs. in one file - DoJ]
file://ftp.eff.org/pub/EFF/Policy/Crypto/doj_escrow_intercept.rules

"Working Group on Data Security" [WH]
file://ftp.eff.org/pub/EFF/Policy/Crypto/interagency_workgroup.announce

"Statement of Dr. Martha Harris Dep. Asst. Secy. of State for Polit.-Mil.
Affairs: Encryption - Export Control Reform" [Dept. of State]
file://ftp.eff.org/pub/EFF/Policy/Crypto/harris_export.statement

"Questions and Answers about the Clinton Administration's Encryption 
Policy" [WH]
file://ftp.eff.org/pub/EFF/Policy/Crypto/wh_crypto.q-a

These files are available via anonymous ftp, or via WWW at:
http://www.eff.org/ in the "EFF ftp site" menu off the front page.

Gopher access:
gopher://gopher.eff.org/
Look in "EFF Files"/"Papers and Testimony"/"Crypto"

All 7 of these documents will be posted widely on the net immediately
following this notice. 

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O





From chris.replogle at ledge.com  Fri Feb  4 21:15:21 1994
From: chris.replogle at ledge.com (Chris Replogle)
Date: Fri, 4 Feb 94 21:15:21 PST
Subject: UNSUB
In-Reply-To: <01H8HO3DOA2Q95N79W@ccmail.sunysb.edu>
Message-ID: <cf.3792.51.0C2EE163@ledge.com>


Subject: UNSUB

UNSUBSCRIBE





From wex at media.mit.edu  Fri Feb  4 21:35:20 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Fri, 4 Feb 94 21:35:20 PST
Subject: CERT advisory
In-Reply-To: <9402042327.AA43567@dcdmwm.fnal.gov>
Message-ID: <9402050532.AA24459@media.mit.edu>


My instant opinion is that the private key for a site/machine has to be held
by that site/machine's administrator.  Therefore, the ftpd would need to get
the private key entered at startup time.

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group	wex at media.mit.edu
Voice: 617-258-9168 Page: 617-945-1842		an53607 at anon.penet.fi
All the world's a stage and most of us are desperately unrehearsed.





From hughes at ah.com  Fri Feb  4 21:35:22 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 4 Feb 94 21:35:22 PST
Subject: IMPORTANT: unsubscription
Message-ID: <9402050534.AA23137@ah.com>


This is the mail I send to everyone who tries to unsubscribe by
sending to the list.  After I send this message, I delete it from my
inbox and take no further action to that piece of mail.

Read it.

Eric
-----------------------------------------------------------------------------
The cypherpunks list is for discussions on implementing cryptography.
To mail to the whole list, send mail to

	cypherpunks at toad.com

Every mail message sent to this address will be forwarded to everyone
on the list.  Make sure that the message you wish to send is
appropriate for such a broad delivery.


If you want to be added or removed from the cypherpunks list, or have
any other questions which pertain to list management, send mail to

	cypherpunks-request at toad.com

I don't manage the list from my regular account, so such mail which
ends up in my ah.com account will just get you another copy of this
file.

Eric Hughes 
   maintainer of the lists cypherpunks at toad.com and
   cypherpunks-announce at toad.com







From Seth.Morris at lambada.oit.unc.edu  Fri Feb  4 21:55:20 1994
From: Seth.Morris at lambada.oit.unc.edu (Seth Morris)
Date: Fri, 4 Feb 94 21:55:20 PST
Subject: Hughes' "real-life use for steganography"
Message-ID: <9402050552.AA21327@lambada.oit.unc.edu>


 [Eric Hughes described a situation where data smuggling is required,
and asks for discussion on practicle and practicable mechanisms (with
appropriate and far too rare here emphasis on practicable). This is
the sort of real-worldish issue I've been on this list for, so,
despite my opinion that this doesn't sound like a real case, I'd like
to add my thoughts.]

 What is needed here is not encryption, by steg, of course. Why worry
about key distribution at all? If the data is being sent in bulk, it
will find itself into the hands of the local Big Bro, and the transport
medium will be exposed and (presumable) confiscated. This will get the 
M industry into trouble, and lose the transport medium. 
 This seems more like a case for point-to-point transport to several
distribution sites withis the country, where more anonymous transport
must be arranged. At the very least, no industry should be placed at risk
without the means to protect itself.
 Maybe DAT tapes of "bootleg" recordings of music M? Like Grateful Dead
tapes, only edited to contain the data. This way, only certain tapes have
data, and the tapes can find their way into the hands of those who can 
decode and distribute.
 Is there, within the country, a suitable transport medium that is transient
and frequent? Someone suggested weather maps (sorry I forgot someone's name)
 but these don't seem perfect. What about scanned in art GIFs on a ntionally
available network? Hmmm....... Compuserve?

 The problem I have with using steg as the mass-transport (other than loss
of transport medium once it is discovered and loss of a cultural industry)
is that it only reaches those with CD-ROMs. This is generally a small
percentage of people. Some in-country transport to the technologically 
uneducated is necessary. This may be out of the scope of this discussion.

 For the initial transport, why be cross-platform? If MS-DOS machines
with CD-ROM or DAT readers are acailable (or PIC's can be brought in...
hmmm... anyone know how to encode a Photo-CD? "Tourist shots...
Grand Canyon, Yosemite Nat'l Prak..."), there is some program on
comp.binaries.ibm.pc that can encode some .com files as readable text
(Not uuencode, the text IS the .com file). A simple de-stegger could be
sent in this way written on a sheet of paper. Something similar could
be worked out for other platforms (maybe not this simle, though).


 They key problem I see is regular, bulk transport of data to be distributed
to a mass of people at random containing cantraband information is 
unlikely to sustain an information revolution. Distribution of the data
to a few people who can make use of it while remaining anonymous seems
more effective. Better still would be to find some way that anyone could
receive ALL the information easily and untraceably, which is what I think
the CD scheme was aimed at.  Unfortunately, it is risky and only gets data
to the privedledged few.

 Sorry if this rambled, I'm doing this off the top of my head and with
a fever.

 Seth Morris (Seth.Morris at LaUNChpad.unc.edu)




From mbriceno at netcom.com  Fri Feb  4 22:20:00 1994
From: mbriceno at netcom.com (Marc Briceno)
Date: Fri, 4 Feb 94 22:20:00 PST
Subject: Running regularly
Message-ID: <199402050618.WAA20365@mail.netcom.com>


I wrote:
>> The next problem that must be addressed is the auto-logout upon >14min of
>> inactivity on the modem level that Netcom imposes on you. There is a simple
>> 2 line command that you can add to your .login file to disable the
>> auto-logout. I saw it once posted in one of the Netcom newsgroups, but I
>> lost it. Perhaps you might post the question there. I would not advise to

Ed Carp wrote:
>Did you ever get an answer to this one???  I know that TMOUT in bash controls
>the shell timeout - does this have an effect??

I don't know if TMOUT has anything to do with it. I posted the queston in
the appropriate Netcom newsgroups and hope that the original poster will
see it and send me his script. Once he does I will post it to the list.
After all,there is no reason why one shouldn't be able to use one's
computer for other purposes while Netcom's machine is factoring that 50
digit number ;-)


-- Marc Briceno <mbriceno at netcom.com>
   PGP public key by finger






From matthew at gandalf.rutgers.edu  Fri Feb  4 22:45:20 1994
From: matthew at gandalf.rutgers.edu (Matthew Bernardini)
Date: Fri, 4 Feb 94 22:45:20 PST
Subject: Stego for Video ?
Message-ID: <CMM-RU.1.3.760430533.matthew@gandalf.rutgers.edu>



Have any programs been written that would allow for three dimensional stego
in moving pictures ?  I think this would make it a little more difficult to
detect.

How about more advanced graphical techniques like using a stego file as a map
in a renderer ?  The person who received the picture would know for instance
that all the vertical walls, or all the brick surfaces, etc were stego
encrypted messages.  It would take some sophistication to reverse engineer
the rendered picture, but necessity is the mother of invention.  The actual
image would not contain any specific information, but would be a disguised
"envelope" for other pictures within the picture.

Matt

-----------------------------------------------------------------------------
                        |               Rutgers University Computing Services
Matthew Bernardini      |               Hill Micro/Graphics Center
7804 McCormick          |               Site-Manager
(908) 878-0946          |               017 Hill Center
                        |               (908) 932-3129  (908) 932-4921
-----------------------------------------------------------------------------







From MIKEINGLE at delphi.com  Fri Feb  4 22:45:23 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Fri, 4 Feb 94 22:45:23 PST
Subject: ViaCrypt Encryption Hardware
Message-ID: <01H8IA4ZZZBC8ZF180@delphi.com>


Some interesting flyers for ViaCrypt hardware encryption devices:

There are three of them. The DigiSig+ D350 is an external device which
hooks up to a parallel port. The D355 is similar but hooks up to a serial
port. Both of these are flat boxes that look like external modems. The
D360 is an internal board, and the D150 is a software emulator. All of
them do the same things: RSA, DES, and DSS. The hardware devices have
tamper-resistant memory to store secret keys, which can be generated
internally. ViaCrypt says the hardware boxes will support PGP soon.
All of the devices are controlled by a script language. The hardware
units take ISO Memory Cards. ViaCrypt PGP is also selling for $99.
ViaCrypt's number is 1-800-536-2664 or 602-944-0773

--- Mike

For the person who requested my PGP key:

Type bits/keyID   Date       User ID
pub  1024/569A09 1993/07/31  Mike Ingle <mikeingle at delphi.com>
sig       87C0C7               Edgar W. Swank <edgar at spectrx.saigon.com>
sig       9C0865               W.Meredith <Genie w.meredith at genic.geis.com>
Key fingerprint =  AB B7 D7 70 4D 32 72 64  79 63 7F 05 07 1D 62 5D 

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCNAixa6xEAAAEEAN0a4+5zXcAbvGCkhWMowzko1fjc+9Q/kWsPXPABJ1H12wmZ
fvsTOlIZKsYVG9oulz6N928btkP+CBWAKEyykDSaD3/HQBpg5T3/T6CVQCCkfGJx
qvdJa6OdY0f7d83o2MX2P58veYqgXuiDSL0BUtqXcF1GNeV+ra2f+EADVpoJAAUR
tCFNaWtlIEluZ2xlIDxtaWtlaW5nbGVAZGVscGhpLmNvbT6JAJUCBRAtTrsZ3ic1
/dqHwMcBAYXmBACRfSLCOBa3VfIMf4IhwqqxBToNqzJuD1g9N97A6SJ7/7E4/ux+
gulv3EsQJl2SXA6tnKPaZVPdDEOwW0+I+/YyT4YkeXiu7y7bgQSjeGdiElJaMboO
vNcdNUaDWBn0t3+h1B9UGE29/CyHXPGVzkh8W+mK1J+3GrrCxoIZch9RTIkAlQIF
EC0hm4Q+dhgw+ZwIZQEBXxcEAKw8CGgLbYjmPPeFSvc9KGnPn10ky8ltuFwRg5zu
tLN70WpkQtivHA74d4CTYroklOj//HiBlVAb04Pl31Ypug6F3PUiEZC4thlJ4BeF
3q4LJSHvD70gYZ3uzwEn/ZOqfAn79ehsVpsiCfh6haZN0oJfJpz7Tr5c1eVAyl99
ZAdb
=/VCZ
-----END PGP PUBLIC KEY BLOCK-----





From MIKEINGLE at delphi.com  Fri Feb  4 23:30:03 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Fri, 4 Feb 94 23:30:03 PST
Subject: Looking for lost mail
Message-ID: <01H8IA420KRM8ZF180@delphi.com>


I lost some list mail today. Could someone please forward me the missing
messages? These are the last ones I got. Everything between this and the
"KERT Advisory" joke is what I lost. Thanks, Mike

Some people have been asking how to run background tasks on Netcom.
How about this: have your task run, then send a ping to a remailer.
When the ping comes back, your .forward file will start the task back
up and it can run, then ping the remailer again.

From:   IN%"mech at eff.org"  "Stanton McCandlish"  4-FEB-1994 20:44:29.91
To:     IN%"eff-board at eff.org"
CC:     IN%"eff-staff at eff.org", IN%"comp-org-eff-talk at cs.utexas.edu", 
           [ everywhere ]
Subj:   White House crypto briefings: Clipper, FIPS, escrow agents, export

From:   IN%"smb at research.att.com"  4-FEB-1994 21:03:12.11
To:     IN%"hughes at ah.com"
CC:     IN%"cypherpunks at toad.com"
Subj:   RE: CERT advisory

From:   IN%"fb at cyberg.win.net"  4-FEB-1994 21:08:15.44
To:     IN%"cypherpunks at toad.com"
Subj:   RE: Magic Money Digicash System






From hfinney at shell.portal.com  Fri Feb  4 23:40:06 1994
From: hfinney at shell.portal.com (Hal)
Date: Fri, 4 Feb 94 23:40:06 PST
Subject: Magic Money Digicash System
Message-ID: <199402050738.XAA07723@jobe.shell.portal.com>


From: fb at cyberg.win.net (Francis Barrett)
>  > Magic Money is a digital cash system designed for use over
>  > electronic mail.
> This is the neatest thing I have read in a long time.  Where can I get
> one?

FTP to csn.org, cd to /mpj, read the file README.MPJ which will tell you
a directory to switch to, do that, cd to pgp-tools (or pgp_tools, or
pgptools, I forget which), and get magicmny.zip.  Then unzip and build it.

> A few questions.  Since the client which generates the proto-coins is
> under the control of the consumer, the bank has no way of making sure
> that he is not running his own code, or that the RNG he is using is
> cryptographically strong, or even that he is not distributing modified
> client programs to other users.

None of these things should cause major problems.  At worst useless coins
would be generated.  Initially, users might send their coins in right away
to confirm that they are OK until they get some confidence in the program.

> How does the bank deal with collisions in the 16 byte values of coins?

This will practially never happen if they are chosen randomly.  Bad
randomness could produce coins which match ones which have already been
spent (if somehow your RNG got into exactly the same state as someone
else's), so they would be valueless.  I think the program makes you
initialize a random file before using it, so just make sure you put
something random there!

> What if the user picks the numeric values for the server to sign in a
> way which leaks information about the banks private key?  RSA is much
> more secure when signing random-esque data, like a message digest,
> than it is when signing numbers provided to it by some outside party.

I don't think there are any values you can sign which would give away a
private key.  Even signing "1" or "2" should be safe, I think, since the
secret key is the size of the modulus.

I ftp'd a paper recently mentioned on imp-interest (on "anonymous
credit cards") which claimed that new cash could be generated from sets
of old cash in Chaum's scheme.  I don't believe this, and the ref was
to a paper "in preparation" by the authors.  I'll try sending them
email to ask about this.

> Similarly, how can the consumer trust the bank's representation that
> money has already been spent?  Surely the bank should be required to
> publish a list of cancelled coins and timestamps with a running MD5
> hash periodically for inspection by the unwashed masses.

Here is how this problem would arise.  Alice has some cash, which she
sends to Bob to buy something.  Bob sends it to the bank to be verified
and turned into fresh cash before he will send the goods to Alice.  But
the bank says the cash has been spent before, and Bob reports this to
Alice.  Alice insists that she has never spent this cash before.

Now, this is like a mystery story.  Who is telling the truth?  Maybe Alice
is lying.  Maybe the bank is lying.  Maybe they are both telling the truth
and someone broke in and stole Alice's cash while she was sleeping, copying
it from her computer and spending it before she could.

Ignoring that last possibility for a minute, it is basically Alice's word
against the bank's.  In general, in situations like this, we often go by
the reputation of the parties involved.  If the bank really is cheating,
there will be lots of other people like Alice, people with good reputations,
who are making similar charges.  This will make people stop trusting the
bank.  On the other hand, if Alice is cheating, this is probably not the first
time.  In time she will get a reputation for being untrustworthy.

The idea of publishing lists of used coins is interesting but I'm not sure
it helps.  Double-spending could easily occur close together in time, between
publication of lists.  A cheating bank could claim a coin had been spent
just before the actual coin came in.

> What do you do about lost messages from the server to the client.
> Once coins have been recorded as spent, they cannot be redeemed again.
> Yet the mail message containing the new coins may have been lost in
> transit.

The server should re-transmit the message if it does not arive.  We
discussed this a while back and it appears safe for everyone in these
protocols to re-transmit messages freely if the other person claims
never to have gotten them.  Even if they are lying, what is the harm -
you are just sending them information they already have.

Good questions.

Hal





From ld231782 at longs.lance.colostate.edu  Sat Feb  5 00:45:22 1994
From: ld231782 at longs.lance.colostate.edu (L. Detweiler)
Date: Sat, 5 Feb 94 00:45:22 PST
Subject: SQUISH II, the SEQUEL
Message-ID: <199402050840.BAA18743@longs.lance.colostate.edu>


Hello, my mailbox has been awfully quiet lately from cypherpunk rants,
and I need a bit of a massage at the moment, so I wanted to ask you a
question. Have you considered what I was saying about preventing
`abuse' of remailers? I have given you some time to formulate a plan. 
 
so-- could someone email me your new official Cypherpunk ethical
guidelines for anonymous posting, involving your opinions and
procedures on libel, harassment, and `violent death threats'?

what's that? you don't have an official policy or any safeguards?

I guess that means that `anything goes' (quite literally!)

kind of a disturbing policy, because someone simultaneously very
ingenious and malicious could create some major annoyances. I guess you
already know that. but even the past `operations' could pale in
comparison to future ones. the possibilities are really limitless.
imagine what can be accomplished when no one is held accountable for
what they post! why, it is a recipe for Utopia. cypherpunks, I so
admire your vision of the future.

BTW, I want to commend you anonymous site operators for your
resilience. it does appear that the remailers are fairly secure, at
least, that is the picture portrayed to `outsiders'. of course, with
insiders, it is a different story. but in a certain interesting
application of anonymous remailers, e.g. an enemy attacking the
remailers themselves, the confidentiality of identity among `insiders'
is not critical. in fact, it can be very satisfying for an enemy to
strike his foe, even while the foe sees his face, but can do nothing
about it because of his own predicament. even more delightful (for the
attacker, that is!) is the situation where the `predicament' is not
even due to the attacker, but entirely the enemy himself. in other
words, the most effective and devastating tactic of guerilla warfare is
to twist technology to get your enemy to shoot *himself*.





From remailer at merde.dis.org  Sat Feb  5 01:35:22 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Sat, 5 Feb 94 01:35:22 PST
Subject: He's baaaaack!
Message-ID: <9402050930.AA02620@merde.dis.org>


Just when you thought it was safe to go back on the internet...
He's baaaaack! Remailer operators, please lock him out now, before he
does whatever he is getting ready to do. Better yet, set it up so when
he sends to a remailer, he gets back a hundred copies, and one gets
forwarded to his sysadmin with his name on it.
 





From catalyst-remailer at netcom.com  Sat Feb  5 03:15:25 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Sat, 5 Feb 94 03:15:25 PST
Subject: Magic Money questions
Message-ID: <199402051111.DAA11286@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Magic Money is available from csn.org in the same directory as pgptools.
Be sure to add in the fast mp_inv posted here. It speeds up the unblinding
of a 1024-bit coin from 2 minutes to 3 seconds. Thanks to whoever posted
that code. I will include it in the next release, as soon as some people
shake down the current one for bugs.

fb at cyberg.win.net wrote:

>A few questions.  Since the client which generates the proto-coins is
>under the control of the consumer, the bank has no way of making sure
>that he is not running his own code, or that the RNG he is using is
>cryptographically strong, or even that he is not distributing modified
>client programs to other users.

If his RNG is bad, he is only hurting himself. If he gets the same coin
as another person, and that coin has already been spent, his coins will
bounce, costing him money. Same is true if he corrupts his packets - 
the server looks for the ASN string, and if it's not there, bounces the
transaction. He can run his own code if he wants to.

>How does the bank deal with collisions in the 16 byte values of coins?

There shouldn't be any, except for deliberate double-spending. The coins
are 128-bits, so you'd need 2^64 of them before the odds favor a collision.
The odds of a coin collision are equal to the odds of two messages having
the same PGP signature.

>What if the user picks the numeric values for the server to sign in a
>way which leaks information about the banks private key?  RSA is much
>more secure when signing random-esque data, like a message digest,
>than it is when signing numbers provided to it by some outside party.

This is a problem, if this attack is feasible. The coins won't spend if
they don't have the proper ASN string in them, but the server has no way
to see what it is signing. Can someone produce values which will reveal the
private key?

I've heard of attacks which involve getting signatures on factors of a
message, and multiplying them to get a forged signature. These won't work
here, because each coin value is signed with a different d. All you could do
is multiply several invalid coins of value x to get one valid coin of the
same value. But a signature leaking the private key - that is a new one for
me. Please tell me about this attack. How would one prevent it without using
a cut-and-choose protocol?

Applied Cryptography suggests (page 106) that it is okay to dispense with the
cut-and-choose portion of a blind signature in cases (such as this one) where
the user is motivated not to provide a corrupted coin. The coins use different
e's from the bank's PGP key, so a coin could not be used to forge a message
from the bank.

>Similarly, how can the consumer trust the bank's representation that
>money has already been spent?  Surely the bank should be required to
>publish a list of cancelled coins and timestamps with a running MD5
>hash periodically for inspection by the unwashed masses.

There is no punishment for double-spending. The transaction is simply thrown
out. The bank, in fact, has no way to identify the customer. What could the
bank hope to accomplish by claiming that a coin was already spent? It can
print more coins at any time, so it has no reason to cheat. A server will
have to protect its reputation by not printing too much money or otherwise
making its users angry. If you want to put in an MD5, it wouldn't be hard.

>What do you do about lost messages from the server to the client.
>Once coins have been recorded as spent, they cannot be redeemed again.
>Yet the mail message containing the new coins may have been lost in
>transit.

What can be done? The server can hold onto outgoing messages for a while,
and can have a means of remailing those which are lost. Or the message can
be mailed back to the user through two different routes, to increase the
reliability of the system. But one cash-like property of digital money is
that, if you lose the data, you're SOL.

I don't claim the system is perfect. But it's a start, and in my opinion,
that is what digicash needs right now: a start.

These Clipper postings have me worried. It seems as though the government is
in a big hurry to get Clipper on the market. They only have one shot at this.
What needs coded now? A menu-driven PGP? Any ideas for new projects?

                                                   Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVNAjcGoFIWXVYodAQHtgwP+OTFcxAbZL8uvVeBbwwn4/N1jnLGeHFRB
lw7U3Y3ciESs0PBRDu1JO4hOqzpW7Ch+GkY1z+ueWD8m4+EoroacJMcTI28EKGm3
+2eV0KpQsKfcfsPCfMFVKhqBRAzcwJhFdziFbPvG9g4CU9/Huz4ff8KiSud8zdWO
n8odZHk5zTs=
=6Yw2
-----END PGP SIGNATURE-----





From nobody at shell.portal.com  Sat Feb  5 03:20:09 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 5 Feb 94 03:20:09 PST
Subject: Encrypted Snail Remailer.
Message-ID: <199402051120.DAA15779@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Disclaimer: Please take this as a work of science fiction, a short
monologue by the character in a novel. It is meant to stimulate discussion
and to express concerns that have recently turned from vague to clear, in
my mind. I have great respect for the people out here, but I can not help
myself. I very much want a secure network of remailers, but I fear the
problem is the design, inflexible and non-private, of the internet itself.
This is dedicated to those such as Phil Zimmerman and Pr0duct Cypher,
individuals who seem to see the larger picture, that which involves
humanity, not just internet culture 1994.

              -=New Secure Remailer Service Announcement=-

For discussion purposes only until I post my mailbox address and buy that
128/256MB drive ;-) !

Ultimate in remailer technology. Only slightly slower than many Cypher
remailers, but much less traceable. Up to 250MB at once. Encrypt your
message with the (possibly anonymous) public key of a friend or contact,
signing it with your anonymous secret key. Encrypt that, along with the
friend's postal address, with my public key. Put it on a new DOS or Mac
floppy, or 128/256MB Optical Disk, avoiding finger prints and DNA on the
postage stamp. Send it with a fake return address from a pubic mailbox to
my yet to be announced post office box. I will decrypt the forwarding
address on my PowerBook, not at home, and mail it from various Manhattan
street mailboxes, with no return address (or one you send me). I will then
securely overwrite the file from my hard disk. Of course, you can include
an anonymous encrypted return address as part of your message to the
recipient. The cost is $5 cash, plus $1/MB of encrypted message to cover
the CPU time. 

Express mail would in fact be AS fast as the serious Cypher remailers, but
would cost you $20 since I have to pay in cash at a post office, or get a
money order to use FedEx, and then make up a fake return address if you
leave one out. Until a new generation of internet remailers are produced, I
make claim to my remailer service being much more secure. There is also no
need keeping logs to protect my liability, since no one knows that my
remailer was where it came from.

One of the most serious weakness of any internet remailer is that you tell
someone spying on the recipient exactly which remailer site a piece of mail
came from, as well as when. I asked about faking internet mail but was told
that this was "frowned upon" for internet mail. Too bad. REALLY too bad.
With mine, it could be any individual in NYC, and the time of day doesn't
mean much. It thus involves a lot more than a few keystrokes on the assumed
NSA internet logging database to trace it back to the sender. Fairly
obvious and fairly illegal spying on me and the other manual remailers out
there would be required, as well as opening mailboxes before the mailman
arrived. A TEMPEST attack on a PowerBook in public in different locations
just isn't going to happen very often. Bugging my PowerBook isn't possible
since I always carry it with me (and know what it's insides look like in
detail).

Secure encryption being available to the common man is what will change the
world. I'm not yet convinced that internet remailers will have a similar
influence unless they are able to resist the presence of full site-to-site
monitoring by the government and hackers, a thing which should thus be
assumed by their designers. Cryptoanarchy doesn't mean the internet. It
means encryption.

Given that snail mail encrypted remailing is already possible, the reason
for a new, secure remailer generation isn't really security but is speed,
convenience, flexibility, and cost. The same reasons for ANY use of the
internet. But current serious remailers are neither fast nor convenient,
and they don't have a BILLION messages going through them a day to mix your
secret messages into, like postal mail DOES. They tag mail as having BEEN
remailed as well. Even when ALL e-mail is encrypted you haven't done
anything for anonymity until all e-mail is also REMAILED, with no logs or
remailer sites appearing in the headers. E-mail is free now. Remailing
needs to be free too, or what advantage has it over snail mail, given that
it does the same thing? The only way I can see all mail being remailed,
assuming it is already all encrypted, is if every personal e-mail account
was itself a remailer. I don't see this happening unless the Cypherpunks
themselves write the software for the "data highway". Otherwise I will
never trust remailers since as I've said to others, I can't SEE the wires.

PGP is what's happening. Digital money too. But the INTERNET, even with
(centralized) remailers is just a Big Brother nationwide wiretap. So don't
use wires.

What is my liability, if I am a remailer and the authorities intercept a
message to a gangster? None, since they don't know I remailed it. Can any
internet remailer be so lucky? I could say I don't KNOW if I remailed it
(no logs), even if they find a return address as encrypted in my public
key; "Any one of dozens of Manhattan snail remailers could have sent it."
However, if your return address IS encrypted with my public key, law
enforcement can, most likely LEGALLY, demand my pass phrase. Of course
they'll only know the return address using the pass phrase and secret key
of the receiver.

Again though, this situation is BETTER security than internet remailers,
since the pass phrase for the remailer is in my head, not plain text in a
perl code. They can't secretly download my memory, or at least not YET ;-).
Breaking into your remailer site without a trace is conceivable though. I'd
find it similarly attractive but more rewarding than dumpster diving.
Commercial sites are easiest, especially small high tech companies.

Are these sites TEMPEST secure? Tempest based on simple radio receivers is
primitive compared to what modern spectroscopy could conceivably do, even
at a distance. I'd imagine ACTIVE spectrosopies could do much more or you
could actively induce a current in a given direction at a given frequency.
How about having your CPU mail me its secret key and pass phrase? Things
like this are only getting easier, fast. VERY fast. Another reason to not
trust fixed-location centralized remailers. I don't even like the idea of
personal accounts on a Unix machine. Every laptop should be an internet
node, and an encrypted remailer. Only when central remailers are no longer
there to attack will we have safe anonymity without using snail remailing.
Hell I can't even get more than three fucking e-mails in response when I
ask for INFORMATION about the existing remailers. I thank Eli and Hal, but
I guess the NSA doesn't hand out info on the dozen Cypherpunk remailers IT
is running. Zero knowledge (yup), reputations (lowsy or non existent except
for anon.penet.fi), information markets (selling remailer pass phrases and
sendmail logs), anonymous networks (snail mail only), collapse of
governments (yes, but not using the existing nationwide wiretap, er...
internet). Fuck, I'm sounding like Detweiler. But I'm ranting for MORE
cryptoanarchy.

Another internet-like standardization such as that of e-mail headers, has
very sadly crept into PGP itself, weakening it as the secure encryptor. PGP
2.3a still has no "random data block" output format, in which the ONLY way
to even KNOW it's a PGP message is to successfully decrypt it. I asked
about this on alt.security.pgp, generated little interest, but was told a
future version may have this option (just gossip). I say it should be the
STANDARD. Internet-like standards should NOT be the guiding force behind
CRYPTOGRAPHIC standards. Get the fuck off the internet, and write me a real
encryptor. How can steganography work if it's so easy to figure out if what
is extracted is an encrypted message? Given the upcoming non-voluntary
second generation Clipper, steg will have to become the norm.

And don't port PGP to the Mac and Windows, port it FROM them; over 100
million strong and growing. "Five to one baby." News of the revolution will
not be posted. Thanks for PGP. Thanks for the CPU. Like those Cypherpunk
T-shirts though! Boot up and slam dance. Kewl! Nice sig!

If my remailer, the ONLY acceptably secure encrypted remailer that exists,
catches on, I may add a modem feature, involving pay phones. I've already
written the needed secure code (none). And remember, security begins with
people, not technology, always has, always will.

 -=Xenon=-

P.S. gosub disclaimer.

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVM1wwSzG6zrQn1RAQF8kwP/YetocN9urSgB4X9u70ZABFeLawEkwu56
jFDWZgDG+Z/81vFkVWTC7gvfDDB4Rjy0qeEhuq187zeRJ3fKCRPkkHz7swDV3V+o
RA9waKWz7tdxglkW98bJIKpC9rYp4lvtxPWgtAsLTs6b9tJqvXmp2S+OcjcyV6sE
gKI25vPg5Ww=
=zjED
-----END PGP SIGNATURE-----






From garet.jax at nitelog.com  Sat Feb  5 05:45:29 1994
From: garet.jax at nitelog.com (Garet Jax)
Date: Sat, 5 Feb 94 05:45:29 PST
Subject: Remailers Revisited
In-Reply-To: <9401230638.AA05002@terminus.us.dell.com>
Message-ID: <cb.61523.10.0CD03BEC@nitelog.com>



Why not set up a mailgroup (such as cypherpunks.pgp) wherein ALL
messages are PGP encrypted?  Once one subscribes to the group, she would
receive a message containing both the standard further information about
the group as well as public and PRIVATE PGP for the mail group keys to
add to her PGP key ring.

Then whenever she sent a message to the group remailer
(cypherpunks.pgp at toad.com) it would already be PGP encrypted with the
group key.  And anyone who received that message would be able to open
and read it because they would already have the private key for the
group.

The remailer could check the messages before forwarding them to the list
subscribers to make sure that they are PGP encrypted.  If they aren't
then they wouldn't be sent... a nice side effect of this would be that
the list subscribers would no longer receive those 'unsubscribe user'
messages as most likely these would not have been encrypted before
mailing.

-Garet          {Garet.Jax at nitelog.com}





From garet.jax at nitelog.com  Sat Feb  5 05:45:33 1994
From: garet.jax at nitelog.com (Garet Jax)
Date: Sat, 5 Feb 94 05:45:33 PST
Subject: how to solve this prob.
In-Reply-To: <9401272306.AA26581@toad.com>
Message-ID: <cb.61524.10.0CD03BED@nitelog.com>



There MUST be some way that the LISTSERV software can be modified
so that a user can send an unsubscribe message to the -request line
for another user.

Take this Detweiler for example.  If he forgets where to send his
unsubscribe message and sends it to the list instead, someone could send
an unsubscribe message to the proper address for him. ex:

   'unsubscribe [ listname ] user at e-mail.addr'

The system would note that the name of the person sending the
unsubscribe message ( user1 ) was different from the one who was being
unsubscribed ( user2 ) , and would, after unsubscribing user2 send a
message to user2 telling him that he had been unsubscribed from the list
by user1. ex:

   'Dear user2, you have been unsubscribed from the Cypherpunks
   list by user1.  If you wish to resubscribe, send a message
   containing...'

That way, instead of the list readers bombarding the folks who send
the unsubscribe requests to the list, they could simply forward the
request to the proper place.

Now, how do we get it implemented?






From mnemonic at eff.org  Sat Feb  5 07:05:37 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Sat, 5 Feb 94 07:05:37 PST
Subject: Alert--Admin. names escrow agents, no compromise on Clipper - 7 files (fwd)
Message-ID: <199402051502.KAA07424@eff.org>


Forwarded message:


From ravage at wixer.bga.com  Sat Feb  5 07:10:14 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Sat, 5 Feb 94 07:10:14 PST
Subject: how to solve this prob.
In-Reply-To: <cb.61524.10.0CD03BED@nitelog.com>
Message-ID: <9402051453.AA02769@wixer>


>
>
> There MUST be some way that the LISTSERV software can be modified
> so that a user can send an unsubscribe message to the -request line
> for another user.
>
> Take this Detweiler for example.  If he forgets where to send his
> unsubscribe message and sends it to the list instead, someone could send
> an unsubscribe message to the proper address for him. ex:
>
>    'unsubscribe [ listname ] user at e-mail.addr'
>
> The system would note that the name of the person sending the
> unsubscribe message ( user1 ) was different from the one who was being
> unsubscribed ( user2 ) , and would, after unsubscribing user2 send a
> message to user2 telling him that he had been unsubscribed from the list
> by user1. ex:
>
>    'Dear user2, you have been unsubscribed from the Cypherpunks
>    list by user1.  If you wish to resubscribe, send a message
>    containing...'
>
> That way, instead of the list readers bombarding the folks who send
> the unsubscribe requests to the list, they could simply forward the
> request to the proper place.
>
> Now, how do we get it implemented?
>

To keep this type of service from being abused there would need to be some
kind of validation. At the very least the listproc should receive some form
of 'ok' from the user being deleted in absentia. Otherwise the list would
desolve into a morass of people unsubscribing others who annoyed them for no
other reason than agravated neurosis. In general it would do nothing but
double the load, further reducing bandwidth.






From mnemonic at eff.org  Sat Feb  5 07:40:15 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Sat, 5 Feb 94 07:40:15 PST
Subject: your mail
In-Reply-To: <9402050102.AA08460@io.lrcs.loral.com>
Message-ID: <199402051538.KAA07593@eff.org>


 
David Koontz writes:

> All this bullshit doesnot state that a court order is required, rather
> 'legal authorization', which means the NSA for foreign intellingence
> purposes without a court order.

The Foreign Intelligence Surveillance Act (FISA) requires a court order
for such taps.


--Mike







From frissell at panix.com  Sat Feb  5 08:15:34 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 5 Feb 94 08:15:34 PST
Subject: Clipper "Above the Fold"
Message-ID: <199402051611.AA02906@panix.com>


Clipper and the Admin decision to adopt same is reported in a front page 
(above the fold) article in the Saturday New York Times.

Usual errors about how the "backdoor" would work and about how warrants 
would be required to get the keys.

All the usual suspects.  Good placement though.

DCF 
--- WinQwk 2.0b#1165                                                                     





From bgold at tlcnet.aps.muohio.edu  Sat Feb  5 09:10:15 1994
From: bgold at tlcnet.aps.muohio.edu (Bruce Goldflies)
Date: Sat, 5 Feb 94 09:10:15 PST
Subject: unsubscribe
Message-ID: <9402051708.AA05261@tlcnet.aps.muohio.edu>


unsubscribe





From klbarrus at owlnet.rice.edu  Sat Feb  5 09:10:36 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Sat, 5 Feb 94 09:10:36 PST
Subject: MAIL: tearlines, policies
Message-ID: <9402051708.AA05317@arcadien.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Fellow cypherpunks,

Hm... I'm falling further behind list mail; the day after the security
situation at Rice was fixed (~2 weeks off internet) the hard disk
crashed.

* About remailer policies:

Try to gopher site (chaos.bsu.edu) in "Anonymous Mail"/"Remailer
Policies" I can only really describe what goes on at elee7h5 at rosebud,
elee6ue at rosebud, and elee9sf at menudo.uh.edu.

* About tearlines:

There is no standard I'm aware of, although a quick and dirty trick is
to place a single period in the first column.  Most remailers pipe to
/usr/lib/sendmail (and not "/usr/lib/sendmail -oi") so a single period
will end a mail message.  Try it before you rely on it to strip the
rest of your message.  I beleive Miron Cuperman (extropia remailer)
invokes sendmail with -oi.

* About old discontinued remailers:

I remember another discontinued remailer ?@cs.buffalo.edu.  I don't
remember the name, but the student was forced to shut it down because
the university said that running an anonymous remailer basically made
computing resources available to non-students.

* About the remailers I started/run:

Remailer  Fast?  OpLog SysLog Subj Batch RD NL CPU Phys PGP BitB
- --------- ------ ----- ------ ---- ----- -- -- --- ---- --- ---- ----------
menudo    --     N      SM    -    t1    ?   Y  Un   H   23a  ?
rosebud   ++/-   N      MQ    -    -     -   N  Un   M   23a  ?

elee9sf at menudo also accepts RIPEM encryption
elee6ue at rosebud requires "digital cash" (basically random strings I made)

Errors on elee9sf at menudo are forwarded klbarrus at owlnet.rice.edu where
they are deleted.  I still get mail at that address which is why I
have it forwarded and not just dropped.

Errors on rosebud are dropped

Karl Barrus
klbarrus at owlnet.rice.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVPSY4OA7OpLWtYzAQHDCgQAphyqkkgHtXblB1C5OlyCPZQD2/6IQ7YD
FaYOHBG+NmnUMKl1bz8T9LcDKGvUKFSLW9SmI64MOqv78HF7QIXLILPG4mQ/Yn3j
+zv5WyIEMofyMWUxkkWl8G/eIdCT2nB6vGNgQ8/hvhdG4DvGSpgNlwSB8itRTRwK
j5DOz+wdQeM=
=u1Y6
-----END PGP SIGNATURE-----





From klbarrus at owlnet.rice.edu  Sat Feb  5 09:25:39 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Sat, 5 Feb 94 09:25:39 PST
Subject: MAIL: questionnaire
Message-ID: <9402051721.AA05442@arcadien.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

bsu-cs:
Run by Chael Hall.
Contact at same address

chaos:
Run by Chael Hall.
Contact at same address

dis.org/merde:
Run by Peter Shipley

extropia:
Run by Miron Cuperman
Comments: not directly connected, introduces some delay

menudo:
Run by Karl Barrus
Maching: University machine
Problems policy: see policy at gopher site.
Contact elee9sf at menudo.uh.edu or klbarrus at owlnet.rice.edu
Software: Hal's remailer code with a few modifications by myself
Security: batches incoming message, sends them out randomly at midnight.
Comments: also accepts RIPEM, pads messages to 1K with random stuff
(an experimental approach, Hal has code to pad inside PGP messages).
History: ??

penet.fi:
Run by Julf (Johan Helsingus)

rebma:
Run by Bill (O'Hanlon?  not quite sure)
Machine: privately owned
Comments: not directly connected, introduces some delay
History: 2nd oldest remailer

rosebud: (elee7h5 at rosebud.ee.uh.edu)
Run by Karl Barrus.
Machine: univerisity
Problems policy: see gopher site
Contact klbarrus at owlnet.rice.edu
Software: standard scripts
Security: syslog file can be read
Comments: errors are dropped
History: 3rd oldest remailer

rosebud: (elee6ue at rosebud.ee.uh.edu)
Run by Karl Barrus.
Machine: univerisity
Problems policy: see gopher site
Contact klbarrus at owlnet.rice.edu
Software: standard scripts modified to accept cash strings
Security: syslog file can be read
Comments: errors are dropped

Karl Barrus
klbarrus at owlnet.rice.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVPVe4OA7OpLWtYzAQFWmAP+KnsEAO+EnOvDNZQ1+leUiFz+rDheosD/
7XaM26uMWfrCQuXaWmVtxsTPOuU1Qw3qyqCz5ah6X2mzC1GvaDd+SXGwr9LH2/3x
+v/7y+PDfi7SMZluLX6qumXi5k9NPztBrbcdTWEbu04PAahshlKNWbGU/XAzc+b+
jgwUBudWPZA=
=SfIz
-----END PGP SIGNATURE-----





From aa377 at cleveland.Freenet.Edu  Sat Feb  5 09:55:37 1994
From: aa377 at cleveland.Freenet.Edu (Ken Kopin)
Date: Sat, 5 Feb 94 09:55:37 PST
Subject: how to solve this prob.
Message-ID: <9402051752.AA09134@slc8.INS.CWRU.Edu>


>
>
>There MUST be some way that the LISTSERV software can be modified
>so that a user can send an unsubscribe message to the -request line
>for another user.
>
>Take this Detweiler for example.  If he forgets where to send his
>unsubscribe message and sends it to the list instead, someone could send
>an unsubscribe message to the proper address for him. ex:
>
>   'unsubscribe [ listname ] user at e-mail.addr'
>
>The system would note that the name of the person sending the
>unsubscribe message ( user1 ) was different from the one who was being
>unsubscribed ( user2 ) , and would, after unsubscribing user2 send a
>message to user2 telling him that he had been unsubscribed from the list
>by user1. ex:
>
>   'Dear user2, you have been unsubscribed from the Cypherpunks
>   list by user1.  If you wish to resubscribe, send a message
>   containing...'
>
>That way, instead of the list readers bombarding the folks who send
>the unsubscribe requests to the list, they could simply forward the
>request to the proper place.
>
>Now, how do we get it implemented?
>
>
>
    EEEEEEEEK! You've got to be kidding! Take this L. Detweiler guy.
He sets up a script and every name that comes from toad.com gets deleted
from the list. Good way to destroy the list. How many times do YOU
want to resubscribe?

                           Ken Kopin -JAFL (Just a F****** lurker)

--
      *** I Buy KOOL-AID Points ***     |Internet: aa377 at Cleveland.Freenet.Edu
         1-499    1/3 cent each.        |
         500-1499 1/2 cent each.        |Disclaimer: It'll never stand up
         1500-?    1 cent each.         |            in court.





From rcain at netcom.com  Sat Feb  5 10:20:14 1994
From: rcain at netcom.com (Robert Cain)
Date: Sat, 5 Feb 94 10:20:14 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
Message-ID: <199402051816.KAA28356@mail.netcom.com>



In the Diffie-Hellman exchange there is a well-known-prime, w, and a
well-knwon-modulus, m.  For those interested that don't know I think
it then proceeds as follows (don't have notes in front of me so please
someone correct me if I'm misremembering it) where ** is the power or
exponentiation operator and % is the modulus operator:

	1) Bob generates a one time random prime, b, then computes
		B = (w ** b) % m
	   and sends B to Carol.

	2) Carol generates a one time random prime, c, then computes
		C = (w ** c) % m
	   and sends C to Bob.

	3) Bob generates a session key:
		K = (B ** c) % m

	4) Carol generates a session key:
		K = (C ** b) % m

Carol and Bob have the same K because:
	K == (C ** b) % m == (B ** c) % m == (w ** (b * c)) % m

>From just the knowledge of B and C a snoop cannot determine
b from B, within computational reason (the root modulus being as
difficult as factoring), nor c from C, and because K cannot be 
determined from B and C without knowing b or c, she is screwed.

Now, the tutorial over :-), the question is; is there a "standard"
well-known-prime, w, and a "standard" well-known-modulus, m, and if
not, let's define one.  I suppose that PGP uses a well known pair but
they are big and not easy to hand around without going through media (I
think.)  When defined algorithmically they might be easier to actually
incorporate in a program or a product than great big numbers.  If this
has not been done, I propose a simply stated algorithm for finding a
"standard" w and m that will allow interoperation among all future
implementations of D-H as follows:

	Let "standard" w be the first prime found probing from the
	starting point w' = n!, with a well-known n that should be
	small. I am not sure what n should be to generate a large
	enough w'.  Let's just say the smallest n that generates a 1000
	digit number.  There is a well known primality testing
	algorithm by Lenstra that is pretty agreed upon by the number
	theory crowd (I have it coded by Lenstra and more on that
	later.) So, let w be the first number larger than w' that
	passes Lenstra's primality test.  Any program or device
	employing D-H will have this algorithm in it somewhere for
	generating each session specific b and c so all we need to
	agree on is 1000 (or whatever is decided to be a large enough
	prime for all practical purposes.)

I leave a "standard" for m up for discussion because I don't have
the material in front of me that tells the criterion for selecting
strong m's and there are some considerations.  I would like it to
be algoritmically defined though using standard long modulus, long
integer arthmetic and some small, easy to remember number.

Whatcha think?

Oh, for those of you that actually code this stuff like me, I have
Lenstra's long integer function package in C that I "ported" from K&R
to ANSI and edited and reorganized the documentation in the process.  I
interacted with him in that process and it is a stable and reliable
package.  This was a year ago so he has most likely added to it by now
but this snapshot I have is very complete and has way more than is
needed to do nearly anything in crypto.  And it is by Lenstra himself!
A cool guy BTW.  The problem:  I did have to make some changes to
macros and sundry things to ANSIfy it and may have introduced errors.
It runs his demonstration programs that are part of the package and
gives the correct results and these programs exercise a good part of
it, especially the areas I had to mess with.  BUT: I have not had the
time to sit down and look hard at a true verification suite and he
doesn't have one either. So, caveat emptor, I offer this package (and
the original from which it was derived) to *one* person that can put it
in a relevant ftp site.  Is that you, Sameer?

BTW, D-H is useless across a medium in which there can be an active
snoop or spoof as I guess we call him.  Whit, Marty and Ron agree as of
a discussion a year ago.  The spoof just has a pair of boxes and
separately negotiates a session with Bob and one with Carol so that
clear text passes between his pair.  There is no way in theory to
detect the presence of our friendly spoof.  :-)

I've found a solution to this that is more than sufficiently secure in
practice and even theoretically secure in most practical situations.
I'm not sure what to do with it.  I would like to retire on it though
(and get a couple "voluntary income tax" liens off my back :-) and
perhaps even endow some kind of institute.  Actually I worry more about
being retired because of it if you get my paranoid drift.  I guess that
is why I'm lettin' y'all know about it here first.  I am also curious
about how you folks here feel about someone wanting to personally
benefit financially from an algorithm/protocol invention/discovery like
this but I don't want nor will get into any flame war.  :-(


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021

 "Morality is largely a rationalization of the  point you happen to occupy
  in the power pattern at a given time.  If you're a *Have-Not* you're out
  to *get*, and   your morality is an appeal to a law higher than man-made
  laws--the noblest  ideals of  justice and  equality.  When you  become a 
  *Have* then you are out to *keep* and your morality is one of law, order
  and the rights of property over other rights."

                                                       Saul D. Alinsky
                                                          1909-1972

--------------PGP 1.0 or 2.0 public key available on request.------------------




From klbarrus at owlnet.rice.edu  Sat Feb  5 10:25:38 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Sat, 5 Feb 94 10:25:38 PST
Subject: MAIL: Re: remailers revisted
Message-ID: <9402051823.AA06395@arcadien.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

- From a few weeks ago (recently for me :-)

>Given that my understanding is basically correct, why couldn't
>the remailer system be set up similarly to the way IRC is?

Your system sounds great.  However, don't you have to be root to run
the server side of things (put it in /etc/inetd.conf)?  Or the
alternative is to leave a process continually running listening for
connections, right?  Leaving a process running isn't feasible for me,
even if it forks all the time (especially now with the recent security
problem on owlnet).

Or is there another way that an ordinary user can pull this off?  If
so I'd like to hear about it and work on an idea I've had for a while.

Karl Barrus
<klbarrus at owlnet.rice.edu>


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVPkGoOA7OpLWtYzAQGa0wQAnh38YhoBl8fPemQRf79y44FgEVkRXHZX
eNGNkNQ28Hy7aa21ni0FDViGLtauZO2akaYncL5GLEu6LYgr+pMjHThU0li16LQL
ADOO8W1xUCyLu/hrNXKmlw+fQ0UoPPm8h10tTn+6D8XFzDDPGvKglRKpTkKVMHoa
geMLZSbC8yI=
=sBov
-----END PGP SIGNATURE-----





From 73772.2614 at CompuServe.COM  Sat Feb  5 10:40:15 1994
From: 73772.2614 at CompuServe.COM (Arlene Zeichner)
Date: Sat, 5 Feb 94 10:40:15 PST
Subject: unsub,add to announce pls
Message-ID: <940205183542_73772.2614_FHC115-1@CompuServe.COM>


Please unsubscribe. It's great but too technical for me.






From rcain at netcom.com  Sat Feb  5 10:50:16 1994
From: rcain at netcom.com (Robert Cain)
Date: Sat, 5 Feb 94 10:50:16 PST
Subject: doj_escrow_intercept.procedures (fwd)
In-Reply-To: <199402042259.RAA00682@eff.org>
Message-ID: <199402051847.KAA02401@mail.netcom.com>



Wow! That procedure, if it could be verified to be followed, is almost
good enough to satisfy my queasy feeling that some *very dificult* and
*very publicly* accessable means of opening a back door might just not
be appropriate.  Even though this goes strongly against my personal
interest I can envision situations where I would want them to have that
ability.  Imagine that it is your city that gets a terrorist nuke built
in one of its basements.  Truly secure and easy communication makes
that a whole lot easier but then since a truly secure box is real
simple to make, it sort of obviates the reasoning for trying to do the
standardization anyway.  Anybody who really wants absolute security
will be able to get it at some price that won't be too high.  :-)

I would like to propose us the challenge to come up with a way
utilizing this crypto technology and signatures and such to guarantee a
verifiable trail whenever it is done that is available to any court
of law.  The implication is clear that other forms will be outlawed
if this package is sold.  No point in even doing it otherwise.  So
in case they win this one I suggest that, as Tom Lehrer talks about
on his album Revisited, we "Be Prepared."  :-)


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From arthurc at crl.com  Sat Feb  5 10:50:38 1994
From: arthurc at crl.com (Arthur Chandler)
Date: Sat, 5 Feb 94 10:50:38 PST
Subject: FIRST CYPHERPUNKS VIRTUAL MEETING
In-Reply-To: <9402032319.AA20066@ah.com>
Message-ID: <Pine.3.87.9402051000.A18297-0100000@crl2.crl.com>


              FIRST CYPHERPUNKS VIRTUAL MEETING AT BAYMOO

     The first cypherpunks virtual conference will be held at BayMOO on
Wednesday, February 9, at 8pm PST (11 EST).  To get there:
       telnet (or use a client) mud.crl.com 8888
 Follow instructions for login. Type help for any topic when you get into
the MOO.  @go Cypherpunk Central to get to the main room, then type HALL
to get to the conference hall. 
   One of the virtues of this hall is that there can be large scale AND
small scale discussions going on at the same time. Here, briefly, is how
it works: 
  A. People login and go the Cypherpunk Hall
  B. One person can assume the facilitator's chair. This allows the
facilitator to set several options for the room's function.
  C. In one mode, the facilitator allows open conversation: any can speak,
and all can be heard. 
  D. In another mode, the facilitator sets the allowable number of
speakers. Those wishing to speak must request permission from the
facilitator, who can set the number anywhere from one on up.  Those
wishing to speak must request, and are given a place in line; when any of
the current speakers yield, the next in line move up automatically to
speaker status.
 E. BUT -- and here is the ingenious feature of this
conference room-- folks can sit in any of 8 rows.  If they speak while
sitting in those rows and the room is in facilitated mode, only those
sitting in their row can hear them.  The net effect is that small
conversations can take place within the larger room, but they do not
interrupt the main course of the moderated discussion. 
   F. In addition, the virtual meeting room also has a built-in [about]
function. This feature allows all participants to indicate, by a bracketed
phrase in front of their names, the topic under discussion. In this way,
if the subject begins to drift, explicit acknowledgement of the change
can be made in the [about] header. Example: 
 
   agore [about clipperchips]: So you see, we really have your
                               welfare at heart.
   hthoreau [about clipperchips]: I decline your help.
   agore [about help]: Are you arguing that the government should 
                       just let illicit operations take place unmonitored?
  hthoreau [about interference]: That depends...


  This conference hall is still beta, so be patient if buglets appear. 
  I'll also try to put in a virtual bar for more laid-back chat.  The bar 
will be connected to Cypherpunk Central. Just examine the bartender to 
see how to order drinks -- or to concoct your own.
  Hope to see you there! 








From nobody at pmantis.berkeley.edu  Sat Feb  5 11:15:39 1994
From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu)
Date: Sat, 5 Feb 94 11:15:39 PST
Subject: Military & dependants
Message-ID: <9402051912.AA21376@pmantis.berkeley.edu>


Can American Military members or their family take copies of PGP
or other encryption programs with them when being stationed at
overseas bases?  Aren't the overseas installations considered to
be American soil while occupied, thus permitting such transfers?

---
There can be only one!





From garet.jax at nitelog.com  Sat Feb  5 11:15:40 1994
From: garet.jax at nitelog.com (Garet Jax)
Date: Sat, 5 Feb 94 11:15:40 PST
Subject: Remailer Tearline Variant
In-Reply-To: <9401312103.AA02297@toad.com>
Message-ID: <cb.61665.10.0CD03BF5@nitelog.com>



Eli ebrandt at jarthur.claremont.edu said:
>Bill Stewart said:
>> Julf's anon.penet.fi remailer  cuts off anything resembling a signature,
>> using the convention that a -- line (or maybe an all-dash line?)
>> is a signature, since some of the common mail and news programs use that,

>Picking any fixed sig marker is likely to cause problems -- notice
>how often anon.penet.fi messages show up truncated due to a line of
>hyphens.  A more flexible possibility: allow an X-Sig-Marker: header,
>which specifies a pattern/regexp to strip after.  Actually, the
>sig marker line itself should be stripped as well, in case it
>contains identifying information.

>> formal and mimeish, or a simpler '--truncate here--' sort of line
>> that gets retained across remailing so additional junk doesn't accrete.

>I don't see the problem you're guarding against.  Could you explain?
>Seems that sig elision needs to be done once, by the first hop, and
>then you're home free.

Actually a variation on this '--truncate here--' scheme might solve the
user-selected multiple-remailer scheme that we're trying to get up here.
Place the 'truncate' or '::'  line at the beginning of your message,
just after the last local header line.  Then add routing instructions
for the remailer.  Then maybe another 'truncate' message followed by
more routing instructions for the next remailer chosen.  Then a blank
line and your message.

BEGIN example:

From: [me]
Message-Id: <[number]@[mysite]>
To: hh at cicada.berkeley.edu
Subject: Hi there!

::

Request-Remailing-To: hh at pmantis.berkeley.edu

::

Request-Remailing-To: elee7h5 at rosebud.ee.uh.edu

::

Request-Remailing-To: cypherpunks at toad.com

Eli ebrandt at jarthur.claremont.edu said:
>Bill Stewart said:
>> Julf's anon.penet.fi remailer  cuts off anything resembling a signature,
>> using the convention that a -- line (or maybe an all-dash line?)
>> is a signature, since some of the common mail and news programs use that,
...

END example

Each remailer would only strip off the first 'Request-Remailing-To:'
instruction in the message.  The remailer would assume that anything
following that was part of the message, until it reached the signature,
which it would truncate.  Then it would remail the new 'message' as
requested.






From m5 at vail.tivoli.com  Sat Feb  5 11:30:19 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sat, 5 Feb 94 11:30:19 PST
Subject: doj_escrow_intercept.procedures (fwd)
In-Reply-To: <199402042259.RAA00682@eff.org>
Message-ID: <9402051926.AA10212@vail.tivoli.com>



Robert Cain writes:
 > Wow! That procedure...

I'm having great difficulty extracting meaning from your prose, but I
think you're saying that you like that the government has escrowed
keys to Clipper phones for use in "national emergencies".

 > Imagine that it is your city that gets a terrorist nuke built
 > in one of its basements.

We don't have many basements in Austin.

 > Truly secure and easy communication makes
 > that a whole lot easier 

Makes *what* a whole lot easier, building the bomb or catching the
bombers?

 > but then since a truly secure box is real
 > simple to make, 

Really?

 > it sort of obviates the reasoning for trying to do the
 > standardization anyway.

Obviates the reasoning?  I'm confused.

 > Anybody who really wants absolute security
 > will be able to get it at some price that won't be too high.  :-)

So what exactly are you talking about?  Sounds like you're happy the
government introduced Clipper because it's so easy for anyone to build
secure cryptographic devices.  I'm having trouble understanding this.

 > I would like to propose us the challenge to come up with a way
 > utilizing this crypto technology and signatures and such to guarantee a
 > verifiable trail whenever it is done that is available to any court
 > of law.

Whenever *what* is done?  Whenever somebody builds a nuclear bomb?

 > The implication is clear ... I suggest that, as Tom Lehrer talks about
 > on his album Revisited, we "Be Prepared."  :-)

I think we should start with, "Be Lucid."

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From rcain at netcom.com  Sat Feb  5 11:35:40 1994
From: rcain at netcom.com (Robert Cain)
Date: Sat, 5 Feb 94 11:35:40 PST
Subject: Crypto Regulation Reform
Message-ID: <199402051934.LAA08528@mail.netcom.com>




Mr. President,

I am watching with great interest the activity with regard to cyrpto
regulation and have an observation I would like to share.  The
following was excerpted from the Harris statement:

> 
> The President has determined that vital U.S. national security and 
> law enforcement interests compel maintaining appropriate control 
> of encryption. Still, there is much that can be done to reform 
> existing controls to ensure that they are efficiently implemented 
> and to maintain U.S. leadership in the world market for encryption 
> technology. Accordingly, the President has asked the Secretary of 
> State to take immediate action to implement a number of procedural 
> reforms. The reforms are:
> 

While I totally understand the concern here and am in sympathy with the
reasoning, assuming benign adherence to the procedures, I think you are
in effect jousting windmills with this attempt to control or regulate
crypto.  It is simply too easy to build and distribute inexpensive
devices that are *truly secure*, without back doors to make it other
than delusional to think that the people that we would not want to have
this technology won't.  A device can be made right now at lower cost
than a computer modem, much lower, that could be inserted between any
phone and the wall that would make it impossible, no matter what laws
are in place, to tap either passively or acitively, communication that
passes between two of these devices.  I know how to do it, could do it
and probably will just for the fun of it at least.  If I can there are
many others that can also.  In fact I personally know several.  These
devices can be credit card size and even fit in a wallet.  They can
easily be smuggled in and will be.  A black market will flourish and
nothing will have been accomplished except the expenditure of a lot of
futile money and creation of more crime in an inflated, lucrative
market.

We simply must accept that point-to-point secure communication is a
part of our electronic environment and swallow the bitter pill that no
matter what the valid arguments are for regulation, it is effectively
not possible, so that national security and law enforcement are going
to be denied, in the near future, a tool in their arsenel and will have
to come up with new ways of gathering this intelligence.

Please abandon this effort before we throw good money after bad and
create a worse situation than we will have without it.

I would like whoever processes this email to forward a copy to the
following contact.

> The contact point for further information on these reforms is Rose 
> Biancaniello, Office of Defense Trade Controls, Bureau of 
> Political-Military Affairs, Department of State, (703) 875-6644.

Sincerely,

Bob Cain

-- 
Bob Cain    rcain at netcom.com   408-354-8021




From FISHMAN%SNYFARVA.bitnet at CUNYVM.CUNY.EDU  Sat Feb  5 11:45:40 1994
From: FISHMAN%SNYFARVA.bitnet at CUNYVM.CUNY.EDU (FISHMAN%SNYFARVA.bitnet at CUNYVM.CUNY.EDU)
Date: Sat, 5 Feb 94 11:45:40 PST
Subject: Apologies, but . . .
Message-ID: <01H8J3B5YJFK8Y56KS@SNYFARVA.BITNET>


        I read Eric's "welcome" file several times after signing on and *know*
that I sent a request to unsubscribe to the correct address; I also recall his
stating that sending an unsub message here would tar and feather me as a
"newbie," but . . . two attempts to unsub via the prescribed route have yielded
nothing more than an additional 75 or more files from this list.

        I respect the effort being made but can recognize it when I'm over my
head:  I'm a poet not a programmer.  And I need help extricating myself from
this web.

        Thanks.

Cordially,
***************
Charles Fishman





From rcain at netcom.com  Sat Feb  5 11:45:41 1994
From: rcain at netcom.com (Robert Cain)
Date: Sat, 5 Feb 94 11:45:41 PST
Subject: CERT advisory
In-Reply-To: <9402050055.AA22719@ah.com>
Message-ID: <199402051944.LAA09776@mail.netcom.com>


Eric Hughes sez:
> 
> Since active interception is not nearly so easy as passive listening,

This isn't true of anything but the aether itself or a point to point
wire with integrity.  In any switched or networked system with routing,
active interception is trivial.  That is why D-H has a lower level
of applicability than generally considered.

> it would be appropriate to use a Diffie-Hellman key exchange in this
> situation.  This protocol has no persistent private keys, so the issue
> of keeping a private key around securely is not an issue.

Yes, the one time key usage is an important factor in the D-H.
Nothing can be determined from one session that will help in
breaking another.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From m5 at vail.tivoli.com  Sat Feb  5 12:20:19 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sat, 5 Feb 94 12:20:19 PST
Subject: Crypto Regulation Reform
In-Reply-To: <199402051934.LAA08528@mail.netcom.com>
Message-ID: <9402052019.AA10570@vail.tivoli.com>



Robert Cain writes:
 > A device can be made right now at lower cost
 > than a computer modem, much lower, that could be inserted between any
 > phone and the wall that would make it impossible, no matter what laws
 > are in place, to tap either passively or acitively, communication that
 > passes between two of these devices.  I know how to do it, could do it
 > and probably will just for the fun of it at least.  

Uhh, could you tell us?  Sounds like quite a breakthrough.  Credit
card sized?  Much cheaper than a modem, like $50 maybe?  And it
digititizes and securely encrypts speech (full duplex?) on the fly?

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From rcain at netcom.com  Sat Feb  5 12:20:41 1994
From: rcain at netcom.com (Robert Cain)
Date: Sat, 5 Feb 94 12:20:41 PST
Subject: doj_escrow_intercept.procedures (fwd)
In-Reply-To: <9402051926.AA10212@vail.tivoli.com>
Message-ID: <199402052018.MAA14027@mail.netcom.com>



Mike McNally sez:
> 
> 
> Robert Cain writes:
>  > Wow! That procedure...
> 
> I'm having great difficulty extracting meaning from your prose, but I

Hmmm, others have been having that problem lately.  :-)

> think you're saying that you like that the government has escrowed
> keys to Clipper phones for use in "national emergencies".

Yes, after long consideration that, that as I said runs counter to my
self interest, I had to come to the conclusion first that is was in
fact desirable to have a means to tap.  It should be very difficult
though and verifiable.

> 
>  > Imagine that it is your city that gets a terrorist nuke built
>  > in one of its basements.
> 
> We don't have many basements in Austin.

:-)

> 
>  > Truly secure and easy communication makes
>  > that a whole lot easier 
> 
> Makes *what* a whole lot easier, building the bomb or catching the
> bombers?

It makes it easier for any clandestine plan to be established and
carried out.  This is the greatest fear they have.  Arbitrary networks
of people with arbitrary purposes can be securely formed world wide
within the limits of the trust inherent in the people.  Can you spell
r e v o l u t i o n?  It's not me that's paranoid, it's them.  :-)

> 
>  > but then since a truly secure box is real
>  > simple to make, 
> 
> Really?

Yep.  It would take me about three months of full time effort and
would be almost a single chip.  I am not the only one by any means.

> 
>  > it sort of obviates the reasoning for trying to do the
>  > standardization anyway.
> 
> Obviates the reasoning?  I'm confused.

Well, if it is as easy as I contend to make devices that are truly
secure all the people that they would want to be able to monitor
would undoubtedly have one.

> 
>  > Anybody who really wants absolute security
>  > will be able to get it at some price that won't be too high.  :-)
> 
> So what exactly are you talking about?  Sounds like you're happy the
> government introduced Clipper because it's so easy for anyone to build
> secure cryptographic devices.  I'm having trouble understanding this.

No, I think now that Clipper is ultimately stupid.  I do think that if
it were *not* possible to easily get around it (black market probably,
remember the "blue boxes" of yore :-) and not possible probably to even
detect the illegal device's use (just use it as a front end to a
Clipper :-), then an escrow system which was benign (I realize some
think that an oxymoron) would be a good idea.

> 
>  > I would like to propose us the challenge to come up with a way
>  > utilizing this crypto technology and signatures and such to guarantee a
>  > verifiable trail whenever it is done that is available to any court
>  > of law.
> 
> Whenever *what* is done?  Whenever somebody builds a nuclear bomb?

Whenever they use whatever process they may set up to allow back
door entry.  I'm wondering if something analogous to a paper
trail could be guaranteed using our technology.  I don't know
if that is possible but have an inkling that it is.

> 
>  > The implication is clear ... I suggest that, as Tom Lehrer talks about
>  > on his album Revisited, we "Be Prepared."  :-)
> 
> I think we should start with, "Be Lucid."

Or learn to write better.  I'm workin' on it.  :-)

Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From mg5n+ at andrew.cmu.edu  Sat Feb  5 12:25:41 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sat, 5 Feb 94 12:25:41 PST
Subject: Info on anonymous remailers
Message-ID: <MhIzyyC00VpD4VDkYS@andrew.cmu.edu>


I am pleased to report on the performance of our two newest remailers,
qwerty at netcom.com and nate at vis.colostate.edu.  Both remailers had a very
good response time.

Here are the latest ping-times:
Ping messages sent at Thu, 3 Feb 1994 17:49:24 -0500 (EST).
Replies received:

nobody at shell.portal.com          17:50:19 (+0:00:55)
nobody at vangogh.VIS.ColoState.EDU 17:50:29 (+0:01:05)
nobody at rosebud.ee.uh.edu         17:50:31 (+0:01:07)
qwerty-remailer at netcom.com       17:50:33 (+0:01:09)
catalyst-remailer at netcom.com     17:50:33 (+0:01:09)
nowhere at bsu-cs.bsu.edu           17:50:40 (+0:01:16)
remailer-admin at chaos.bsu.edu     17:50:48 (+0:01:24)
nobody at pmantis.berkeley.edu      17:51:08 (+0:01:44)
nobody at soda.berkeley.edu         17:51:26 (+0:02:02)
remailer at dis.org                 18:27:51 (+0:38:27)
nobody at cicada.berkeley.edu       18:28:05 (+0:38:41)
nobody at jarthur.Claremont.EDU     20:54:25 (+3:05:01)


The addresses of the above remailers are:

hfinney at shell.portal.com
catalyst at netcom.com
elee7h5 at rosebud.ee.uh.edu
nowhere at bsu-cs.bsu.edu
remailer at chaos.bsu.edu
hh at cicada.berkeley.edu
hh at pmantis.berkeley.edu
hh at soda.berkeley.edu
ebrandt at jarthur.claremont.edu
remailer at merde.dis.org
qwerty at netcom.com
nate at vis.colostate.edu


This test did not include any of the special-purpose anonymous
remailers.  For a complete list of remailers, send mail to
mg5n+remailers at andrew.cmu.edu.  You will receive an automated reply.





From hayden at krypton.mankato.msus.edu  Sat Feb  5 13:35:46 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Sat, 5 Feb 94 13:35:46 PST
Subject: FIRST CYPHERPUNKS VIRTUAL MEETING
In-Reply-To: <Pine.3.87.9402051000.A18297-0100000@crl2.crl.com>
Message-ID: <Pine.3.89.9402051512.B5579-0100000@krypton.mankato.msus.edu>


Is a MOO really the best method to carry out the virtual meeting?  My 
expierience has been that they are most unfriendly, espicially if you are 
clientless.

I'd think a series of IRC channels would work better, but maybe I'm wrong.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From hfinney at shell.portal.com  Sat Feb  5 14:05:45 1994
From: hfinney at shell.portal.com (Hal)
Date: Sat, 5 Feb 94 14:05:45 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
Message-ID: <199402052205.OAA06854@jobe.shell.portal.com>


Quite a few misconceptions here, I'm afraid:

From: rcain at netcom.com (Robert Cain)
> In the Diffie-Hellman exchange there is a well-known-prime, w, and a
> well-knwon-modulus, m.

w is supposed to be a "generator" of the group of integers mod m.  It does
not have to be prime.  It is supposed to be such that the series w**0, w**1,
w**2,...,w**m-1 does not repeat but goes through all the integers less than m.
Testing for such w's is pretty easy if you know the factorization of m,
involving a few arithmetic tests.

> For those interested that don't know I think
> it then proceeds as follows (don't have notes in front of me so please
> someone correct me if I'm misremembering it) where ** is the power or
> exponentiation operator and % is the modulus operator:
> 
> 	1) Bob generates a one time random prime, b, then computes

b does not have to be prime; it is a random number less than m.

> 		B = (w ** b) % m
> 	   and sends B to Carol.
> 
> 	2) Carol generates a one time random prime, c, then computes

Likewise, c does not have to be prime; it is a random number less than m.

> 		C = (w ** c) % m
> 	   and sends C to Bob.
> 
> 	3) Bob generates a session key:

Carol does this, not Bob.

> 		K = (B ** c) % m
> 
> 	4) Carol generates a session key:

Bob does this, not Carol.

> 		K = (C ** b) % m
>[...]
> Now, the tutorial over :-), the question is; is there a "standard"
> well-known-prime, w, and a "standard" well-known-modulus, m, and if
             ^^^^^-- generator
> not, let's define one.

I don't think there is a need for this.  The two sides need to agree on
a pair but they could just pick it at the beginning.  If everyone uses
the same m,w it would help attackers of the scheme to focus their efforts
on these numbers.  I believe there was some discussion of using well-known
numbers in the Digital Signature Standard (which is based on the same
problem as DH) but I don't know what the resolution was.

> I suppose that PGP uses a well known pair but
> they are big and not easy to hand around without going through media (I
> think.)

PGP does not uses DH and has no well known numbers.

If you do want well known numbers, I really think it will not be that bad
just to put them into the program.  Coming up with an algorithm to choose
and test a generator from scratch is probably going to be larger and
certainly going to be far slower than just hard-wiring the number in.

Hal





From smb at research.att.com  Sat Feb  5 14:35:45 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sat, 5 Feb 94 14:35:45 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
Message-ID: <9402052233.AA04867@toad.com>


	 
	 In the Diffie-Hellman exchange there is a well-known-prime, w, and a
	 well-knwon-modulus, m.  For those interested that don't know I think
	 it then proceeds as follows (don't have notes in front of me so please
	 someone correct me if I'm misremembering it) where ** is the power or
	 exponentiation operator and % is the modulus operator:

	 	1) Bob generates a one time random prime, b, then computes
	 		B = (w ** b) % m
	 	   and sends B to Carol.

	 	2) Carol generates a one time random prime, c, then computes
	 		C = (w ** c) % m
	 	   and sends C to Bob.

	 	3) Bob generates a session key:
	 		K = (B ** c) % m

	 	4) Carol generates a session key:
	 		K = (C ** b) % m

	 Carol and Bob have the same K because:
	 	K == (C ** b) % m == (B ** c) % m == (w ** (b * c)) % m

	 >From just the knowledge of B and C a snoop cannot determine
	 b from B, within computational reason (the root modulus being as
	 difficult as factoring), nor c from C, and because K cannot be 
	 determined from B and C without knowing b or c, she is screwed.

Close, but not quite.  The modulus m should be primed for best results.
Some folks have used a power of 2 for m, since that makes the modulus
operation easier, but it also makes cracking it easier, for comparable
sizes.  Next, the base w should be a primitive root of the group GF(m).

More seriously, your equations are subtly wrong -- Bob and Carol can't
do the calculations you've given.  Bob should calculate (C**b)%m -- he
knows b and C, but doesn't know c.  Similarly, Carol calculates (B**c)%m.

	 Now, the tutorial over :-), the question is; is there a "standard"
	 well-known-prime, w, and a "standard" well-known-modulus, m, and if
	 not, let's define one.  I suppose that PGP uses a well known pair but
	 they are big and not easy to hand around without going through media (I
	 think.)  When defined algorithmically they might be easier to actually
	 incorporate in a program or a product than great big numbers.  If this
	 has not been done, I propose a simply stated algorithm for finding a
	 "standard" w and m that will allow interoperation among all future
	 implementations of D-H as follows:

(deleted)

Two problems...  First, many attacks on the discrete log problem are
based on massive precomputation for a known modulus.  That probably
isn't an issue when you get to ~1K bits (*not* digits!).  Second, you
need to specify things far more concretely, and in particular define
the random number generation process.  You can't pick w till you know m.

	 I've found a solution to this that is more than sufficiently secure in
	 practice and even theoretically secure in most practical situations.

Well, I'd certainly be interested in hearing about it...  There have
been a number of mechanisms for preventing eavesdropping with DH;
a lot depends on what assumptions you want to make.  My attempts --
which involve the two parties sharing a weak (i.e., PIN- or password-grade
secret) can be found in /dist/smb/{neke,aeke}.ps on research.att.com.
There's also Rivest and Shamir's Interlock Protocol (April '84 CACM).
Davies and Price suggest using it for authentication, but Mike Merritt
and I showed that that doesn't work under certain circumstances.

		--Steve Bellovin





From nobody at shell.portal.com  Sat Feb  5 15:05:47 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 5 Feb 94 15:05:47 PST
Subject: CypherPUNKS. Not!
Message-ID: <199402052302.PAA13278@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Disclaimer: In this essay, I explore the "punk" aspect of "Cypherpunk".
I wish to provoke, but not disrespect. I am trying to learn and stir things
up, and fend off a certain boredom and inertia that seems to set in when
new ideas seem to be scarce, or worse, shunned. I am a fool throwing
out ideas. You can learn a lot from a fool.

Dedicated to Nikola Tesla and Buckminster Fuller.

You ain't punks. Light rock and Muzak for you. Wouldn't want to upset an
RFC standard. Oh no no, that would be FROWNED upon! We might loose our
Netcom accounts. How can we download Wired and Mondo articles then? Are you
crazy? Detweiler and Sternlight might narc on us, and get us in fearful
trouble. We don't want trouble we just want to fit in and cruise for babes
with our e-money and bOING bOING ties. Please send more e-postage; your
remailer account's gone dry.

You got a problem; the problem is YOU. -Sid Vicious/Sex Pistols

When will all remailers forge mail headers so no one knows which site's
sendmail logs to subpoena or hack into? Forge Message-ID's too. Forge
everything. You can do it with postal mail, legally. When will every
account be a remailer? The internet SUCKS. What's the flag for PGP to
output its "random data block" format? Get off the internet. Message up, to
satellite, from remailer, message down to the world. No one knows who's
decrypting. And besides, "What encrypted message?" God doesn't give out His
sendmail logs. Wires, you can't see them. You can't trust them. If you rely
on technology for your security, stop using wires. And once your remailers
ARE more secure, old Uncle Sam's comin' t' pull the plug, 'cause they know
where to find that CPU. I'm comin' too. Sounds like fun. I wonder what sort
of sexy pass phrase you're using. What's your address? I want to send you
$1. Oh, here's the address in the Thomas Register. You're out a $1.

 * WWW - World Wide Wiretap *
Get Off the Internet and Write Us a Real Encryptor.
Get Off the Internet and Write Us a Real Encryptor.
Oh glee, the net loonies are sending megajoules not megabytes.
Real addresses not e-addresses. Can I still hit 'd' for "diffuse"?
I can't see you; I can't touch you.
I want privacy.
I want real friends.
I want off the internet.
Get Off the Internet and Write Us a Real Encryptor.

 -=Xenon=-

Dead Kennedys / Bedtime for Democracy and other works:

@SONG: Anarchy for Sale

Step right up folks

Anarchy for sale!
T-shirts only 10 dollars
Badges only 3.50
I nicked the design, never asked the band
I never listen to them either

Buy buy buy from Circle A
Like hula hoops, it's a disposable craze
Another fast-food fad to throw away

CHORUS
Get your anarchy for sale
Anarchy for sale
Anarchy for sale

Sheep unite!
Get your cuddly boots and studs
Be sure to rebel in proper style
Rebel along the paths we pick
Out of fear of peer pressure we create

Hey you!-
Get those flyers off my wall
No commie peace shit in my boutique
No one here cares what that all means

CHORUS

Our town sucks
Our scene rules
To belong you must buy into it
So we sold you metal spike bracelets....

C'mon let's see a good fight

CHORUS

@SONG: Chickenshit Conformist

Punk's not dead
It just deserves to die
When it becomes another stale cartoon
A close-minded, self-centered social club
Ideas don't matter, it's who you know

If the music's gotten boring
It's because of the people
Who want everyone to sound the same

Who drive bright people out
Of our so-called scene
'Til all that's left
Is just a meaningless fad

Hardcore formulas are dogshit
Change and caring are what's real
Is this a state of mind
Or just another label

The joy and hope of an alternative
Have become its own cliche
A hairstyle's not a lifestyle
Imagine Sid Vicious at 35

Who needs a scene
Scared to love and to feel
Judging everythng
By loud fast rules appeal

Who played last night?
"I don't know, I forgot.
But diving off the stage
Was a lot of fun."

CHORUS
So eager to please
Peer pressure decrees
So eager to please
Peer pressure decrees
Make the same old mistakes
Again and again,
Chickenshit conformist
Like your parents

What's ripped us apart even more than drugs
Are the thieves and the goddamn liars
Flipping people off when they share their stuff
When someone falls are there any friends?

Harder core than thou for a year or two
Then it's time to get a real job
Others stay home, it's no fun to go out
When the gigs are wrecked by gangs and thugs

When the thugs form bands, look who gets record deals
>From New York metal labels looking to scam
Who sign the most racist queerbashing bands they can find
To make a buck revving kids up for war

Walk tall, act small
Only as tough as gang approval
Unity is bullshit
When it's under someone's fat boot

Where's the common cause
Too many factions
Safely sulk in their shells
Agree with us on everything
Or we won't help with anythng
That kind of attitude
JUst makes a split grow wider

Guess who's laughing while the world explodes
When we're all crybabies
Who fight best among ouselves

CHORUS

That farty old rock and roll attitude's back
"It's competition, man, we wanna break big."
Who needs friends when the money's good
That's right, the '70s are back.

Cock-rock metal's like a bad laxative
It just don't move me, ya know?
The music's OK when there's more ideas than solos
Do we rally need the attitude too?

Shedding thin skin too quickly
As a fan it disappoints me
Same old stupid sexist lyrics
Or is Satan all you can think of?

Crossover is just another word
For lack of ideas
Maybe what we need
Are more trolls under the bridge
Wil the metalheads finally learn something-
Or will the punks throw away their education?

No one's ever the best
Once they believe their own press
"Maturing" don't mean rehashing
Mistakes of the past

CHORUS

The more things change
The more they stay the same
We can't grow
When we won't criticize ourselves
The '60s weren't all failure
It's the '70s that stunk
As the clock ticks we dig the same hole

Music scenes ain't real life
They won't get rid of the bomb
Won't eliminate rape
Or bring down the banks
Any kind of real change
Takes more time and work
Than changing channels on a TV set

CHORUS

@SONG: Fleshdunce

We're world industry's thoughtlords
The entertainment wing
We keep you all in line

By fixing your free will
Surround you with pop fantasies
Just slightly out of reach
To soften all the blows
Of your forced daily routine

We strip-mine your underground culture
Take the bite out and rinse it clean
Give ourselves credit for creating it
Then sell it back to you
At twice the price

Our pool of talent vampires
Has blown into your town
To dazzle, sign and milk you
All strictly on our own terms

You think you've got a lot to say
We'll change that real soon
You're not a person anymore
We've made you a cartoon

By the time we're through remolding you
You won't even recognize your face
There's no end to the eager beavers
Drawn the moths to our Babylon's mirage

Conveyor belt of fleshdunce
They all want to do the fleshdunce
Conveyor belt of fleshdunce
Who all want to do the fleshdance

@SONG: Where Do Ya Draw the Line

Seems like the more I think I know
The more I find I don't
Every answer opens up so many questions

anarchy sounds good to me
Then someone asks, "Who'd fix the sewers?"
"Would the rednecks just play king
Of the neighborhood?"

How many liberators
Really want to be dictators
Every theory has its holes
When real life steps in

So how do we feed
And make room for
All the people crowded on our earth
And transfer all that wealth
>From the rich to those who need it

CHORUS
Where do ya draw the line
Where do ya draw the line
I'm not telling you
I'm asking you

Ever notice hard line radicals
Can go on start trips too
Where no one's pure and right
Except themselves

"I'm cleansed of the system."
('Cept when my amp needs electric power)
Or-"The Party Line says no.
Feminists can't wear fishnets."

You wanna help stop war?
Well, we reject your application
You crack too many jokes
And you eat meat

What better way to turn people off
Than to twist ideas for change
Into one more church
That forgets we're all human beings
Where do ya draw the line?

In Toronto someone blew up
A cruise missile warhead plant
10 slightly hurt, 4 million dollars damage

Why not destroy private property
When it's used against you and me
Is that violence
Or self-defence
You tell me

CHORUS

Turn on
Tune in
Cop out

@SONG: PULL MY STRINGS

I'm tired of self-respect
I can't afford a car
I wanna be a prefab superstar

I wanna be a tool
Don't need no soul
Wanna make big money
Playing rock and roll

I'll make my music boring
I'll play my music slow
I ain't no artist I'm a businessman
No ideas of my own

I won't offend
Or rock the boat
Just sex and drugs
And rock and roll

Drool, drool, drool, drool, drool (etc.)
My payola!
Drool, drool, drool, drool, drool (etc.)
My payola!

You'll pay ten bucks to see me
On a fifteen foot high stage
Fatass bouncers kick the shit
Out of kids who try to dance

If my friends say
I''ve lost my guts
I'll laugh and say
That's rock and roll

But there's just one problem...

Is my cock big enough
Is my brain small enough
For you to make me a star
Give me a toot,
I'll sell you my soul
Pull my strings and I'll go far

And when I'm rich
And meet Bob Hope
We'll shoot some golf
And shoot some dope

Is my cock big enough
Is my brain small enough
For you to make me a star
Give me a toot,
I'll sell you my soul
Pull my strings and I'll go far

@SONG: SHORT SONGS

I love short songs.

@SONG: Stealing People's Mail
  Words and Music by Biafra

We ain't going to the party
We ain't going to the game
We ain't going to the disco
Ain't gonna cruise down main
We're stealing people's mail
      stealing people's mail
      stealing people's mail
On a friday night
Drivin' in the mountains
Winding round and round
Rummage thru your mailboxes
Take your mail back to town
And we got license plates, wedding gifts, tax returns
Checks to politicians from real estate firms,
Money, bills and cancelled checks,
Pretty funny pictures of your kids
We're stealing peopl's mail
On a Friday night
We're stealing people's mail
By the pale moonlight
We got grocery sackful after grocery sackful
Grocery sackful after grocery sackful
Grocery sackful after grocery sackful
Of the private lives of you
Ha Ha
People say we're crazy
We're sick and all alone
But when we read your letters
We're rolling on the floor
We got more license plates, wedding gifts, tax returns
Checks to politicians from real estate firms,
Money, bills and cancelled checks
We cut relationships with your friends
We're gonna steal your mail
By the pale moonlight
We better not get caught
We'll be drugged and shocked
'Til we come out born-again christians....

@SONG: NAZI PUNKS FUCK OFF

Punk ain't no religious cult
Punk means thinking for yourself
You ain't hardcore cos you spike your hair
When a jock still lives inside your head

Nazi punks
Nazi punks
Nazi punks - Fuck Off!

Nazi punks
Nazi punks
Nazi punks - Fuck Off!

If you've come to fight, get outa here
You ain't no better than the bouncers
We ain't trying to be police
When you ape the cops it ain't anarchy

Nazi punks
Nazi punks
Nazi punks - Fuck Off!

Nazi punks
Nazi punks
Nazi punks - Fuck Off!

Ten guys jump one, what a man
You fight each other, the police state wins
Stab your backs when you trash our halls
Trash a bank if you've got real balls

You still think swastikas look cool
The real nazis run your schools
They're coaches, businessmen and cops
In a real fourth reich you'll be the first to go

Nazi punks
Nazi punks
Nazi punks - Fuck Off!

Nazi punks
Nazi punks
Nazi punks - Fuck Off!

You'll be the first to go
You'll be the first to go
You'll be the first to go
Unless you think...

@SONG: TERMINAL PREPPIE

         I go to college
         That makes me so cool
         I live in a dorm
         And show off by the pool
         I join the right clubs
         Just to make an impression
         I block out thinking
         It won't get me ahead

         My ambition in life
         Is to look good on paper
         All I want is a slot
         In some big corporation

         John Belushi's my hero
         I Lampoon and ape him
         My news of the world
         Comes from Sports Illustrated

         I'm proud of my trophies
         Like my empty beer cans
         Stacked in rows up the wall
         To impress all my friends

         No, I'm not here to learn
         I just want to get drunk
         And major in business
         And be taught how to fuck

         Win!  Win!
         I always play to win
         Wanna fit in like a cog
         In the faceless machine

         (chorus)
         I'm a terminal terminal terminal preppie
         Terminal terminal terminal preppie
         Terminal terminal terminal terminal
         Terminal terminal terminal terminal

         I want a wife with tits
         Who just smiles all the time
         In my centerfold world
         Filled with Springsteen and wine

         Some day I'll have power
         Some day I'll have boats
         A tract in some suburb
         With Thanksgivings to host

         (chorus)
         I'm a terminal terminal terminal preppie
         Terminal terminal terminal preppie
         Terminal terminal terminal preppie

@SONG: I AM THE OWL

         I am your plumber
         No I never went away
         I still bug your bedrooms
         And pick up everything you say
         It can be a boring job
         To monitor all day your excess talk

         I hear when you're drinking
         And cheating on your lonely wife
         I play tape recordings
         Of you to my friends at night

         We've got our girl in bed with you
         You're on candid camera
         We just un-elected you

         (chorus)
         I am the owl
         I seek out the fowl
         Wipe 'em away
         Keep America free
         For clean livin' folks like me

         If you demonstrate
         Angainst somebody we like
         I'll slip on a wig
         And see if I can start a riot
         Transform you to an angry mob
         All your leaders go to jail for my job


         But we aren't the russians
         Political trials are taboo
         We've got our secret
         Ways of getting rid of you
         Fill you full of LSD
         Turn you loose on a freeway

         (chorus)

         Send you spinning
         Send you spinning
         Send you spinning all over the freeway
         Spinning on the crowded freeway
         Spinning on the freeway
         Spinning on the freeway
         Spin...
         Spin...
         Spin - Lookout

         The Press, they never even cared
         Why a youth leader walked into a speeding car
         In ten years we'll leek the truth
         By then it's only so much paper

         Watergate hurt
         But nothing really ever changed
         A teeny bit quieter
         But we still play our little games
         We still play our little games
         We still play our little games
         We still play our little games
         We still play a lot of games
         I am the owl

         (chorus)

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVPbtQSzG6zrQn1RAQHIwAP/VW6tak/NGsOeHdD57Aj1NgsGaRkJaojQ
R96d91Kdh7f9n0QQiC+l3FRb+utKB6Clf2EIjnWLbG1ZGesKpRLAaKaaL3lcwHrT
8yNGuVDk4nmCHzBbI/uC+z9U6qrY7HWwjSU6fq5Gd9EpirBtmFHO8AyZtF+ZgiZe
xSL7rwOdJ4U=
=lMsr
-----END PGP SIGNATURE-----





From koontzd at lrcs.loral.com  Sat Feb  5 16:05:48 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Sat, 5 Feb 94 16:05:48 PST
Subject: your mail
Message-ID: <9402060000.AA09012@io.lrcs.loral.com>


>David Koontz writes:

>> All this bullshit doesnot state that a court order is required, rather
>> 'legal authorization', which means the NSA for foreign intellingence
>> purposes without a court order.

>The Foreign Intelligence Surveillance Act (FISA) requires a court order
>The Foreign Intelligence Surveillance Act (FISA) requires a court order
>for such taps.

>--Mike

>From a secret court that has never (NEVER), turned down a request.





From wcs at anchor.ho.att.com  Sat Feb  5 18:25:48 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sat, 5 Feb 94 18:25:48 PST
Subject: Problem with some digicash applications
Message-ID: <9402060224.AA04502@anchor.ho.att.com>


One security hole in online digicash systems of the Chaum variety is
that you _do_ need to make sure the money is only transmitted in
encrypted forms not susceptible to playback attacks.
(I haven't read the magic-money code yet...)
The threat scenarios look like this:
             cash                cash
Alice--------------------->Bob---fast_net-----slow_net--------->Bank
         \                       \                      /
          \_______________________\___Eve_____________/

If Eve can read the cash either before Bob gets it or before Bob's
message gets from his fast LAN across the slow part of the net
to the bank, then she can occasionally spend it before Bob can.
(This is especially likely if she's Bob's favorite remailer
or network provider.)  (On-line validation through slow remailers???)

It's probably not much of a problem for radio-tollbooths,
since the tollbooth(=Bob=bank) gets it as fast as Eve does.
It's also not a problem if Eve can't find the cash part of a message
between Alice and Bob or Bob and the bank.  
Unencrypted messages might let Eve subsitute her bank account for Bob's.

But consider fixed-format messages of the form:
	RSA(Key), IDEACBC[Key](Cash,Account#)
which might be commonly used by a Teller Machine or the digicash
equivalent of a credit card authorization box.
If Eve stomps on the Account-number bits, even though she can't
break the encryption to substitute her account number for Bob's,
she can substitute a random account number for Bob's.
This acts as a denial-of-service attack against Bob.

As a defense, either the message has to contain signatures or at least
MACs for validation, and be rejected if invalid, or the format
needs to make it impossible to find the account number field
or to modify it without trashing the cash as well.

A solution that's probably _not_ acceptible is for the Bank
to return a message of the form
	Sign[Bank](OK,Cash,Account#)
since this reveals the account number, which loses some privacy.
It maybe ok to use a hash of the account number, or a nonce + the
account number encrypted with the account-owner's public key.
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From qwerty-remailer at netcom.com  Sat Feb  5 19:10:23 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Sat, 5 Feb 94 19:10:23 PST
Subject: Military & dependants
Message-ID: <199402060308.TAA28240@mail.netcom.com>


Nobody asks:
> Can American Military members or their family take copies of PGP
> or other encryption programs with them when being stationed at
> overseas bases?  Aren't the overseas installations considered to
> be American soil while occupied, thus permitting such transfers?

I'm not sure what the ITAR rules say about export of armaments by
the military; it would be nice if it were illegal :-)

Also don't know if sending to American military bases overseas
counts as export, especially if it involves going through
non-US territory (if there is such a thing any more :-()

Use of encryption technology by the military is probably subject to
all sorts of rules; use for official purposes certainly is.
You could probably get in major trouble for doing so without authorization,
and I doubt PGP is officially approved; it's certainly not approved
for classified information.

Patent issues are also involved; the government is allowed to use
RSA as part of the terms of the funding deals for their research,
but this presumably doesn't apply to private use by government
employees.  On the other hand, IDEA wasn't developed with US funds,
and its patent probably doesn't give the government any rights 
to use it.  Ascom Tech probably could try to restrict it if they wanted.





From wcs at anchor.ho.att.com  Sat Feb  5 19:35:48 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sat, 5 Feb 94 19:35:48 PST
Subject: Magic Money questions
Message-ID: <9402060330.AA05021@anchor.ho.att.com>


>What does the bank hope to accomplish by claiming a coin was already spent?
>It can print more coins any time, so it has no reason to cheat.

If the bank issues coins in return for real money, and then refuses to
accept them back, it's gained the amount of money it just ripped off.
Doing this often enough to be noticed loses reputation, of course;
you can sometimes get away with it if you're a government central bank
and get a law made saying you no longer have to pay back silver for those
paper dollar notes.  On the other hand, printing extra coins doesn't
get you anything, since nobody gave you any real money for them.

Of course, if you can start up a big bank in remailer-space,
and get lots of depositors, but nobody knows where you are,
you can ignore the damage to your reputation by ripping off
all your depositors at once and forwarding your email to Argentina,
just as bank-embezzlers occasionally abscond with the whole pile.





From hughes at ah.com  Sat Feb  5 19:45:48 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 5 Feb 94 19:45:48 PST
Subject: Apologies, but . . .
In-Reply-To: <01H8J3B5YJFK8Y56KS@SNYFARVA.BITNET>
Message-ID: <9402060344.AA17504@ah.com>


Had you read the message closely, you would have read that I maintain
the list by hand and do not immediately get to all requests.

Eric
-----------------------------------------------------------------------------
The cypherpunks list is for discussions on implementing cryptography.
To mail to the whole list, send mail to

	cypherpunks at toad.com

Every mail message sent to this address will be forwarded to everyone
on the list.  Make sure that the message you wish to send is
appropriate for such a broad delivery.


If you want to be added or removed from the cypherpunks list, or have
any other questions which pertain to list management, send mail to

	cypherpunks-request at toad.com

I don't manage the list from my regular account, so such mail which
ends up in my ah.com account will just get you another copy of this
file.

Eric Hughes 
   maintainer of the lists cypherpunks at toad.com and
   cypherpunks-announce at toad.com








From hughes at ah.com  Sat Feb  5 19:45:49 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 5 Feb 94 19:45:49 PST
Subject: CERT advisory
In-Reply-To: <199402051944.LAA09776@mail.netcom.com>
Message-ID: <9402060343.AA17498@ah.com>


>> Since active interception is not nearly so easy as passive listening,

>This isn't true of anything but the aether itself or a point to point
>wire with integrity.  In any switched or networked system with routing,
>active interception is trivial.  

Possible?  Yes.

Trivial?  Bullshit.

It's all economics, and the resources required to intercept packets
and spoof protocols is significantly greater than that merely to watch
packets go by.  There are many fewer people with these greater
resources, which include access to routers.

Both active and passive attacks are possible in a packet forwarding
system.  Merely because both are possible does not mean that they are
the same.

D-H is not a panacea, but its use for password transmission would
completely solve the Ethernet sniffing problem.  That alone indicates
that active and passive attacks are different in nature and in the
defences appropriate.

D-H doesn't require any prearranged keying material, which is its
primary advantage against passive attacks.  Since distribution and
storage of keying material is an as-yet pragmatically unsolved
problem, it is unwise to insist upon prearranged keys when a partial
solution, D-H, is available immediately.

Eric





From jdwilson at gold.chem.hawaii.edu  Sat Feb  5 20:35:48 1994
From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA)
Date: Sat, 5 Feb 94 20:35:48 PST
Subject: Soap Boxx's Brother??
Message-ID: <9402060430.AA14604@gold.chem.hawaii.edu>


Taken from paperboy a briefing given by Mr. Dennix Boxx - any relation to
Soap? <hehehe>



Forwarded message:
> From paperboy at tecnet2.jcte.jcs.mil Thu Feb  3 17:01:04 1994
> Date: Fri, 4 Feb 94 02:26:12 GMT
> Message-Id: <9402040226.AA01090 at tecnet2.jcte.jcs.mil>
> To: jdwilson at gold.chem.hawaii.edu
> From: paperboy at tecnet2.jcte.jcs.mil
> Posted: Fri Feb  4 02:26:10 GMT 1994
> Subject: News Briefing 02/03/94
> 
> DoD News Briefing
> Thursday, February 3, 1994 - 1:00 p.m.
> Mr. Dennis Boxx, Deputy ATSD, Public Affairs
> 
> 
>      Mr. Boxx:  Good afternoon.  I've got a couple of
> announcements.
> 
>      Today we have a Memorandum for Correspondents, which
> announces that Secretary of Defense-Designate William Perry will
> leave Washington, Friday evening, to attend the Munich Conference
> on Security Policy '94.  Deputy Secretary Perry is scheduled to
> deliver the U.S. address at the conference on Sunday morning.
> Throughout the weekend he will also hold bilateral meetings with

 -Jim






From nate at VIS.ColoState.EDU  Sat Feb  5 21:00:22 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Sat, 5 Feb 94 21:00:22 PST
Subject: Please, please write to your reps!
Message-ID: <9402060500.AA02903@vangogh.VIS.ColoState.EDU>



In light of recent news from the EFF concerning the Clipper/
SkipJack/Key Escrow/Rape of Privacy issues (see
comp.org.eff.news), I would like to ask everyone out there
to take the time (a few minutes, maybe an hour if you really take
time) to write to your Congress-unit and Senator, as well as
the President, Vice President, etc... and voice your
strong opposition to the recent policy decisions about
Clipper.
 
Also, write to CNN and any other news agencies (ABC,
NBC, CBS, BBC, etc) and tell them that they should get
their act together and start to cover this issue, as it
certainly is "newsworthy"
  
Thanks for your time, and please write.
   
-nate sammons
    
-- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From nobody at pmantis.berkeley.edu  Sat Feb  5 21:10:23 1994
From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu)
Date: Sat, 5 Feb 94 21:10:23 PST
Subject: Remailer Security
Message-ID: <9402060508.AA24108@pmantis.berkeley.edu>


Just a qucik question.

How safe am I from being traced if I use a remailer?  If I hop it through 
say three of them?





From nate at VIS.ColoState.EDU  Sat Feb  5 21:20:22 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Sat, 5 Feb 94 21:20:22 PST
Subject: bounce from <MAILER-DAEMON@rosedale.org> ??
Message-ID: <9402060519.AA02971@vangogh.VIS.ColoState.EDU>



I just posted to the list about writing to congress-units, etc,
and was sent a bounce from <MAILER-DAEMON at rosedale.org> that the
recipient's mailbox was full...  anyone else get this?

-nate

-- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From nobody at shell.portal.com  Sat Feb  5 21:40:22 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 5 Feb 94 21:40:22 PST
Subject: Remailer security.
Message-ID: <199402060537.VAA12987@jobe.shell.portal.com>


Mr. Someone asked,
>Just a qucik question.

>How safe am I from being traced if I use a remailer?  If I hop it through
>say three of them?

Depends on how much they are willing to pay for the extropia secret key and
pass phrase that I am selling. Too bad they don't guard their company at
night, and don't use rotary locks instead of six pin tumblers. How much do
you think your enemy is willing to offer?

The point is.... Decide for yourself. No one knows.

-Citizen #487-22-3398/C class.





From hughes at ah.com  Sat Feb  5 21:50:22 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 5 Feb 94 21:50:22 PST
Subject: ADMIN: bounce from <MAILER-DAEMON@rosedale.org> ??
In-Reply-To: <9402060519.AA02971@vangogh.VIS.ColoState.EDU>
Message-ID: <9402060546.AA17852@ah.com>


I've removed the relevant bouncing address from the list.

In the future, such question can be directed to me at hughes at ah.com,
since this kind of list problem is best dealt with quicker than normal
requests.

Eric





From nate at VIS.ColoState.EDU  Sat Feb  5 23:05:49 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Sat, 5 Feb 94 23:05:49 PST
Subject: a little information, please...
Message-ID: <9402060704.AA03216@vangogh.VIS.ColoState.EDU>


-----BEGIN PGP SIGNED MESSAGE-----



Could some kind sole out there please tell me a few things?

1)  How many legal wiretaps are conducted each year?

2)  How much will it cost to implement the key escrow system,
    specifically, how much startup cost and how much per year
    to maintain?

3)  How much money is lost per year as a result of strict export
    controls on encryption technology?  (Lost from business
    revinue, that is)

4)  How much money has it cost to design the Clipper Chip and
    the DSS?

Thanks,

- -nate

- -- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From nobody at shell.portal.com  Sat Feb  5 23:40:22 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 5 Feb 94 23:40:22 PST
Subject: Magic Money Update
Message-ID: <199402060740.XAA24069@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

<mmnyfast.zip update sent to csn.org>

This is an update for Magic Money. The PGPKGEN.C here contains a very fast
mp_inv function, provided by an anonymous poster on the Cypherpunks list,
which reduces the time to unblind a 1024-bit coin from minutes to a few
seconds. 

The C.C contains a new -r option which generates a blank message,
similar to the -i option, without generating a new key. This should be used
by infrequent server users, to update their elists and make sure they do not
miss an expiration. The message generated by -r has no coins, but causes the
server to reply.

Blinding is now fast enough to use a 1024-bit server key. A server operator
should re-integrate the assembly-language speedups from PGP, or the server
will be very slow in signing coins. The PGP makefile might help you do this.

                                           Pr0duct Cypher


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVSTlsGoFIWXVYodAQGIVgP/aU0rqTccbAonRO2Mv4O3Z9WAXswy1BkN
VY1psOyNTgT+C7Uvet1dm92rlRgvShAEcF5CK7crrO+hjhp7QgU6rnCY5ZrAN/i5
Oavn8CZcjxGb7nSkMhPQIIO7yoeKJoV+zaIYJ8uhGwSI6s7L/sDRsqebpxqoN4Bv
EMAIK3BZ8Zg=
=uahV
-----END PGP SIGNATURE-----





From mgream at acacia.itd.uts.edu.au  Sun Feb  6 00:10:24 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Sun, 6 Feb 94 00:10:24 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <9402052233.AA04867@toad.com>
Message-ID: <9402060811.AA24965@acacia.itd.uts.EDU.AU>


Earlier, smb at research.att.com wrote:

> There's also Rivest and Shamir's Interlock Protocol (April '84 CACM).
> Davies and Price suggest using it for authentication, but Mike Merritt
> and I showed that that doesn't work under certain circumstances.

Diffie, Wiener et al in "Authentication and Authenticated Key Exchanges"
(Designs, Codes and Cryptography, 2, 1992) discuss the need to combine key 
exchange and authentication, amongst other things. Anyway, the upshot is 
that a Station To Station protocol is developed and discussed which is 
based on the original D-H system. Damn, I don't have the paper which me,
so I'm not sure whether third party certification is needed.

The accompanying discussion, relating to secure protocol requirements and 
so on struck me as quite good at the time IMHO.

Matthew.
-- 
Matthew Gream, ph: (02)-821-2043
	M.Gream at uts.edu.au.





From karn at qualcomm.com  Sun Feb  6 00:10:50 1994
From: karn at qualcomm.com (Phil Karn)
Date: Sun, 6 Feb 94 00:10:50 PST
Subject: archiving on inet
In-Reply-To: <199402021222.HAA05404@snark>
Message-ID: <199402060805.AAA19940@servo.qualcomm.com>


>Anyway, people who want to use the law to restrict distribution of
>their news articles are extremely foolish. Your words are out there
>and they WILL be read. Forever. You can't help it. If you find your
>words embarassing, don't say them.

Yeah. You guys should lighten up. You won't be able to keep your posts
off of CD-ROM collections, but you might still have some fun with the
vendors.

The next release of my KA9Q NOS software, prior versions of which have
already appeared on quite a few CD-ROMs, will contain a copyright
notice that explicitly grants permission to CD-ROM publishers to carry
it for free -- on the condition that they send me a free copy of the
disk.

Most already do, as a courtesy, usually when I show up at their booths
at the Dayton Hamvention. My new notice should take care of the
rest. Heck, each one probably costs them no more than a buck to make,
so how could they object? Seems like a win-win situation to me. They
enhance their sales and I build up a nice CD-ROM collection quite
cheaply...

By the way, there's a very good reason why you should *welcome* the
availability of USENET archives on CD-ROM. Imagine that one day you
toss out on the net a clever little idea in the hope that someone may
find it useful. You don't think much of it at the time. Several years
later, much to your dismay, you discover that some slimeball has
stolen and been granted a patent on your idea. You're convinced they
got it from your original USENET article, but how do you prove it?
Simple -- if your original comments were preserved for posterity on a
commercial CD-ROM, complete with silk-screen label showing the dates
of the articles it contains.

Don't laugh - this has already happened to me. Fortunately, I had also
published my idea in a ham radio journal more than a year before the
bogus patent application was filed. But if I hadn't, I'd now be
frantically looking around for 5-year-old USENET archives.

Phil





From nobody at shell.portal.com  Sun Feb  6 00:10:50 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 6 Feb 94 00:10:50 PST
Subject: Magic Money vulnerabilities?
Message-ID: <199402060810.AAA25213@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

People have mentioned possible attacks against Magic Money.

I don't think it is possible to send the server a value to sign which
would reveal the server's secret key. The server signs your message x by
raising x to the power d. If you know x^d and x, finding d would seem to be
a discrete-logarithm problem, which is just as intractible as factoring.
Can a small or otherwise rigged x help you to find d? If so, participating
in any blind signature protocol is very dangerous, but I don't think that
you can find d this way.

wcs at anchor.ho.att.com wrote: (some deleted) 

(attack 1)

>One security hole in online digicash systems of the Chaum variety is
>that you _do_ need to make sure the money is only transmitted in
>encrypted forms not susceptible to playback attacks.

>If Eve can read the cash either before Bob gets it or before Bob's
>message gets from his fast LAN across the slow part of the net
>to the bank, then she can occasionally spend it before Bob can.

(attack 2)

>If Eve stomps on the Account-number bits, even though she can't
>break the encryption to substitute her account number for Bob's,
>she can substitute a random account number for Bob's.
>This acts as a denial-of-service attack against Bob.

>As a defense, either the message has to contain signatures or at least
>MACs for validation, and be rejected if invalid, or the format
>needs to make it impossible to find the account number field
>or to modify it without trashing the cash as well.

Magic Money is not susceptible to the first (intercept) attack, because
the coins are encrypted with the server's public key. The reply is also
encrypted with a response key sent to the server inside the encrypted
packet. The server signs its responses, so you couldn't send someone some
bogus coins and then fake the server's response to fool the person into
believing that the coins were good.

Magic Money has no account numbers; the server just exchanges old coins 
for new coins immediately. A version of the second attack is a problem. The
message from the user to the server has no authentication. It is just an
encrypted PGP message to the server. There is an RSA packet and an IDEA
packet, and the data is directly inside the IDEA packet. 

If you were to dearmor the message and garble something near the end, then 
re-armor it, the server would bounce the garbled coins with a bad signature. 
Some of the first coins would already have been cancelled, and their value 
would be lost. To prevent this, the next version will MD5 the data packet 
before encrypting it, and include the MD5 value. This will be checked, and 
if it is bad, the message will be thrown out before processing any of the 
coins. This is not a pressing problem. Who would go to all the trouble to
make a remailer detect and corrupt certain messages? The person doing the
corrupting would not have anything to gain.

A while ago I read of a program in alpha-test called Nautilus. This was
specifically designed to compress speech for modem transmission. The author
said that the beta, when it was ready, would be Copylefted. PGP Tools, if
combined with Nautilus, has everything you need to do a secure phone. With
the Clipper push, we need one badly, and now. It should use PGP keys for
authentication, but either DH or a one-shot RSA key for key exchange. That
way they can't record the session and demand your key later, as they could
if you used your regular PGP key for the key exchange.

                                             Pr0duct Cypher


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVSdtMGoFIWXVYodAQHC9AQApMjaIF2+h0k6Zb2YSwjkFL1/zAgCXJU+
Dm+kS0us9kusKMc2wr2pc4cEzQow9apM/Od2CisXAaRtHZNUyE8tN3mYWEPxAdcd
6qG03ZekvTqQB+do2HBGRAH3KXGscPIDCyjuh9iIKp9bB7/GWLNoAYm7fPjxpIYz
gnWTuRyBme4=
=wOox
-----END PGP SIGNATURE-----





From cknight at crl.com  Sun Feb  6 00:50:23 1994
From: cknight at crl.com (Chris Knight)
Date: Sun, 6 Feb 94 00:50:23 PST
Subject: archiving on inet
In-Reply-To: <199402060805.AAA19940@servo.qualcomm.com>
Message-ID: <Pine.3.87.9402060033.A15279-0100000@crl2.crl.com>




On Sun, 6 Feb 1994, Phil Karn wrote:

> The next release of my KA9Q NOS software, prior versions of which have
> already appeared on quite a few CD-ROMs, will contain a copyright
> notice that explicitly grants permission to CD-ROM publishers to carry
> it for free -- on the condition that they send me a free copy of the
> disk.

It's a good idea...  But can you see a CD-ROM publisher sending a free CD 
to everyone who puts that in a disclaimer?  Still... It's more likely 
than calculating royalties!


-ck







From julf at penet.fi  Sun Feb  6 02:35:51 1994
From: julf at penet.fi (Johan Helsingius)
Date: Sun, 6 Feb 94 02:35:51 PST
Subject: FIRST CYPHERPUNKS VIRTUAL MEETING
In-Reply-To: <Pine.3.89.9402051512.B5579-0100000@krypton.mankato.msus.edu>
Message-ID: <199402061035.AA19075@lassie.eunet.fi>



> Is a MOO really the best method to carry out the virtual meeting?  My 
> expierience has been that they are most unfriendly, espicially if you are 
> clientless.
> 
> I'd think a series of IRC channels would work better, but maybe I'm wrong.

Have to agree 100%.

	Julf






From hughes at ah.com  Sun Feb  6 03:55:55 1994
From: hughes at ah.com (Eric Hughes)
Date: Sun, 6 Feb 94 03:55:55 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <9402060811.AA24965@acacia.itd.uts.EDU.AU>
Message-ID: <9402061151.AA19462@ah.com>


>Anyway, the upshot is 
>that a Station To Station protocol is developed and discussed which is 
>based on the original D-H system. 

The STS protocol is a regular D-H followed by a (delicately designed)
exchange of signatures on the key exchange parameters.  The signatures
in the second exchange that they can't be separated from the original
parameters.

>Damn, I don't have the paper which me,
>so I'm not sure whether third party certification is needed.

There is a digital signature required, so what is at root required is
a trusted public key of the other party.  One can use a certificate to
establish this trust and transmit it at session time, but any other
method of communicating a public key will work, include a trusted web
of trust or direct previous transmission.

STS is a well-thought out protocol, with many subtleties already
arranged for.  For the issue at hand, though, which is Ethernet
sniffing, it's authentication aspects are not required now, even
though they certainly will be in the near future.

Eric





From wcs at anchor.ho.att.com  Sun Feb  6 04:50:29 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 6 Feb 94 04:50:29 PST
Subject: Government Policy makes Internet breakins easier
Message-ID: <9402061248.AA09213@anchor.ho.att.com>


Newsgroups: comp.org.eff.talk,comp.security.misc,talk.politics.crypto,alt.security,alt.activism
Subject: Government Encryption Policies Simplify Internet Break-ins
Distribution: 

[Sure would be nice if the EFF or CPSR would put out a press release
along these lines.  Anybody?]

The news from the Information Superhighway hasn't been good this week.
Major breakins have been occurring from someone who's been stealing
users' passwords as they log in across the net, using them to break
into their machines, and using their machines to watch the net for
more passwords.  It's not really that hard to stop - encryption
technology has been available for several years that sends passwords
across the net in encrypted form the eavesdroppers can't use - but
most people haven't deployed encryption.  Why not?

Well, part of it's just laziness, but in large part the use of
encryption has been restricted by the government's Cold War era
policies against developing, using, or distributing encryption software.
Encryption is the mathematical privacy coding that lets people
send their passwords and conversations privately.
If you want to sell encryption software overseas, you have to get a
munitions export license, just as you would for exporting assault
rifles or nuclear weapon parts, and they'll only give you a license
for crippled software that the NSA can break easily, unless you're a
bank or selling to a "friendly" government's military.
If you want to sell encryption software in the US, you can't export it,
which means you have to sell separate US and export versions.

And if you want to give it away free, like lots of university and
public domain software, you can't just post it to the net or make it
available for ftp (the Internet version of the public library),
without risking years in jail or at least having your computers
confiscated while the government tries to decide whether to indict you -
and you'd better be able to afford some *very* good lawyers.
Can this sort of free speech really be illegal?  Nobody's really sure,
the government won't give you permission and few people want to risk
the jail time to find out if they'll give you forgiveness.

Meanwhile, most computer systems have simple password systems that
can't protect against wiretappers.  It's especially a problem on
international long-distance circuits, where the connections are more
exposed, because export rules say your business can't ship it the
package you use on your US computers to your foreign branches.

The Clinton Administration has announced that they're going to relax
the export rules a bit, if you use their new Escrow Encryption Chip
(which has built-in wiretapping capabilities) or simple encryption
systems with short, easy-to-guess keys.  The paperwork will be simpler,
and you won't need an arms dealer license to carry your cellular phone
or laptop computer on a business trip, but the NSA still retains
control over what technology you can use.  Proposed legislation in
Congress would transfer control of crypto exports to the Commerce
Department, which handles most other export licensing.  

Without the Communist Party to kick around, U.S. Administration press
releases bring up spectres of drug dealers, terrorists, and pornographers,
but some of the major applications for the wiretapping capabilities of
the new Escrow Chip appear to be financial transactions and tax evasion,
since banks will need to replace their current encryption systems with
something newer, as faster generations of computer technology will
make the present systems insecure over the next 5-10 years.
Because the Escrow Chip is a hardware-only approach,
it's adequate for automatic teller machines, but you'd need to buy a
government encryption module if you want to do your banking over the
Information Superhighway - more secure encryption can be done cheaply,
in software, but the NSA's 55 mph speed limit won't let you - for now.

On the other hand, the Cold War's over and you can get good encryption software
from Finland, Moscow, Bulgaria, Switzerland, or Australia, often free,
and it's becoming widely used by political activists in post-Communist
countries.  


---------
The preceding has been the personal opinion of Bill Stewart,
and does not necessarily represent the views of the EFF, CPSR,
Cypherpunks, or my employer, but I'll be happy to have my rhetoric stolen :-)
---------
Bill Stewart billstewart at attmail.com





From julf at penet.fi  Sun Feb  6 05:40:28 1994
From: julf at penet.fi (Johan Helsingius)
Date: Sun, 6 Feb 94 05:40:28 PST
Subject: FIRST CYPHERPUNKS VIRTUAL MEETING
In-Reply-To: <Pine.3.87.9402051000.A18297-0100000@crl2.crl.com>
Message-ID: <199402061337.AA20812@lassie.eunet.fi>



>      The first cypherpunks virtual conference will be held at BayMOO on
> Wednesday, February 9, at 8pm PST (11 EST).  To get there:

Count me out. Yes, I like to participate in physical Cypherpunks
meetings. Yes, I like to participate over e-mail. If I really have
to, I can waste time using IRC. But I do *not* have enough patience
to hang out in any cute virtual restroom line in some virtual bar
in some virtual game... We already have enough of the dreaded
freenet virtual cafe stuff around - it's like using virtual punched
cards.... Ack!

	Julf






From BOBES_PIERRE at delphi.com  Sun Feb  6 06:00:29 1994
From: BOBES_PIERRE at delphi.com (BOBES_PIERRE at delphi.com)
Date: Sun, 6 Feb 94 06:00:29 PST
Subject: signoff list
Message-ID: <01H8K5MKMKVM90NSU2@delphi.com>


Pleas remove me from the list
bob





From huntting at glarp.com  Sun Feb  6 09:06:06 1994
From: huntting at glarp.com (Brad Huntting)
Date: Sun, 6 Feb 94 09:06:06 PST
Subject: doj_escrow_intercept.procedures (fwd)
In-Reply-To: <199402052018.MAA14027@mail.netcom.com>
Message-ID: <199402061700.AA04889@misc.glarp.com>



>> Makes *what* a whole lot easier, building the bomb or catching the
>> bombers?

> It makes it easier for any clandestine plan to be established and
> carried out.  This is the greatest fear they have.  Arbitrary
> networks of people with arbitrary purposes can be securely formed
> world wide within the limits of the trust inherent in the people.
> Can you spell r e v o l u t i o n?  It's not me that's paranoid,
> it's them.  :-)

While stopping terrorists may be easier in a country with pre-taped
communications, and organizing otherwise undetected insurrection
will be a little closer to possible, this is not the main purpose
of wiretaps today or in the future.

The real targets of wiretaps (now and in the future) are political
activists.  Anyone who poses a serious threat to large corporate
profits is a target for a wire tap.  This includes organizations
like Greanpeace, the communist party, CISPES, and even libertarians
who oppose superfluous military intervention.

Sure, blowing up the world trade center costs money, but cutting
arms sales to Indonesia just because of some little genocide on an
island with only a few hundred thousand inhabitants...  That cuts
into profits; especially if it catches on.

In the past, if Dow wants to put a tap on my friend's mom's phone
(a prominent anti-pesticide activist), they can just hire a private
investigator to climb the poll and sift through the conversations.
No, they never found out who was taping the line, for some reason
they didn't think to ask the guy who came around once a week to
change the tapes on top of the pole (go figure).

In the world where Clipper is predominant, the government will have
a monopoly on this sort of activity.  Two things are clear to
follow:  First, there will be fewer PIs able to do wiretaps.  People
chasing after abducted children or forgoten alimony cheques will
be out of luck.

Second, the government will be pressured into taking on the activities
that are now done by PIs (at a substantially greater cost of course).
This will force some relaxing of the rules governing obtaining
escrowed keys.

Since anyone purchasing the key escrow devices will have implicitly
agreed to (amongst other things) wave any expectation of privacy
associated with using the device, they probably wont have to much
legal ground to stand on when they discover the their phone
conversations have been sold to Exon.


brad





From nobody at jarthur.Claremont.EDU  Sun Feb  6 09:30:31 1994
From: nobody at jarthur.Claremont.EDU (nobody at jarthur.Claremont.EDU)
Date: Sun, 6 Feb 94 09:30:31 PST
Subject: For Pr0duct Cypher
Message-ID: <9402061726.AA20879@toad.com>


-----BEGIN PGP MESSAGE-----
Version: 2.1e

hIwCwagUhZdVih0BA/9PNJuwQk/HvaEgKPCWrkH4+f5ZCPVIdskqCloJC2DV2eMi
Zcad567Ff8AJVsJ4l4u+i17d9oBNK+VbFar4uxu5OVvhugKGd2bCp1xAD/peWa+9
SNeCGamNEHZCA+kOZe4Dj8AN+tTrMfcCEYmkNdgoJjYLGxYVp6uUFrnr3fXFRqYA
AApfo1NAYylYWjPGE/QHXSvXhwp4v8HLFzYh3Ye+AZozqKoak5QfcCL6THMEHOLq
TXsbgdru52RrU7kKFd/keOtqkrpB+XUeO5P36tCteO3w6kSpWNzPVujqccIWiXHR
t/lo70SJDUFXAVaj0DYJjCTSvbLWplbv3Cake8NLmyW1ayFqpA8go2Z3TOPZkofv
rxq3PAInJT9flG/fsRTUlv8ELmkB9fhSiKhFx5u1tvZ25dc6AFqleHtNP/685bxI
5WDGlTE5lOAe4FiUDTzFx7Lp9yA4cFJvzfartdyUYVM3shQTbWRGcvEArNvHVoGO
/iEWxLcRne//B8xy8StAER95KF8vBrl4r3JE7OSaQgIZc7399g2pkEALOGAIo2ZY
G6ucg8CpNtQXnVm1pHGuaiPQjGIOTT0EWRXWtwfMafGBqPR1bw2FzeLA3Jc04+Js
did5u0mUwNMVVPDj+wTRcUHMQ51tzT5kKDrCFqKsMvAy1bJq5hKU9EOgX8g50DRR
d1EVsp2SufK9VQms9B8ptgVmiaMj/WRoX+XtJqtVvGZg4cv8UNrRXQS9PtsX9M+I
L+7iG9roBKpHJGLutU2uLkAYbojGiSsrlDzq2iQWcSqeI3HXjhlO3pDjcDiz18DN
AQuSJaBJloqkpRiDLLRvPbNLAERFyOjiDA1dYDprmp80XEUxTBMrSjmutWuh0sgS
p2SRvStimRQTMTzIiQVyJkTv86zPVRLvNCZEaE1nCAtdgrIdaIjgJQ+wpORrEGB5
yTympGUQAJn7n4c841WupkmbTxjlY1kcllyrZ9Y8aCzNCEagmAqayElZ2lww64cl
MWMm0aedA4F5D8VpI/5/JQdbuGSrSj7sVm4s0AmTCxTuq+Ww05PWbMTGtPd6fIVG
xaRPVMmeoMaw1T2HMpAeDIEvc1Ab5X3dJWPeKn6X47scvKMgoDpEglE+ydx0UeUo
wzi+/gZBz5TZ8sO0aBZB0Hn0Whso/LeXkqSRVWdwH8hWJz0+Z/EpsVE/sWnvzaT2
GOARq+GmedHi0d3AMvmJuTAd6BE5RczSrWZe2yQMrtybPZ1H1wYoSW05zeIgTg6H
mlqA44fOlSV1/wH398cyXim/mikvfmBkbEswAAfL1L1iHTPkkgXGHucmUmvwVcrk
UEyI8OcAr02o51iOp99cM16N9F7dQFhucxNxbE0KCjGHPn+UPELDucPyAC7gzOqN
sKcGx8ptLtyCCu7j10PRLkt27QsBjsF7iceYIDPsjx/T3+qELOb2+t1iaJmPHW1E
BiB9shLEAgmyLcCrtbvEyx0ayzYQPPw+4GyJZGtyzGwYJhKmKOUcav76Pb7vEX0R
NWxf+15rNv6Ns3SoWFYmLmCrJJ4jReGus7VVIvwBBNn5+TcLATuPyWGj+kIQlgIf
l25iNsjtpQ+LBeQYzRLZYG9w8oJNUllnAkf3WMgWL03txjeJ4XtfX/Gb9Lnz/6nJ
wctT5sKldp2etq0nk/yQyCLW44bV7DP0cqaSlDuZABzHqoaHkqVlvIHKiC7Qg0TP
UVeFJWKcAN1dr6lDmBf2VU+S5u+6TNGHWgrZ662H9vrIw5iVOpd5/LmJYVCdcWlL
Lsy8XI/d3SQMbzZde0Frw/eqRHgtJrXHksf1jkxRLDoZHZQiHWPLHbWGgxoxptha
baBu3Lkkpi8xFzlGwksQqaP1tN1wAF+OelZ8IpOqlJy199nScUn04wyvEd3FlhPK
N4LBcHEYpRHKbdvMICyzOEwiKGuJ9l3hVV8rOtgDbJWxLsnt5XenldqvbvMb0mTy
y50l1MXXi8CmncSp6YBXDWWshqCYqksOgRiErqYOxdIHzn1Xg9Z/7S8XXVr7oGup
DF4521egG/0/siVHJa44vGXyc0n0mwLaWcviUoxeTZ+lFb4lkmY8s3SE4vZIz4Tt
NAjmCcqpnsMScDHsSR19jPlZ9ayFMH/x0UtE3Y0COdcfvlgF3J705RrFl3CxU0SY
2gMmlL7An5K8a9hcrwpAwTWbB6yMJnD3AiE8hteIVru+2QfdPS68M0kGhcToHx57
cmrAVaCU2ywz0yBERA+SvQluTPnPuT9vQaVrh6EE7OuWhg4SG+fzAnIkJvSuPRRK
gOjCj0aoM+iYD+RXzPPKIMC3gYrjq8byrj5Q0+TjJpcKSYpw1KTllL9+xgptSNlT
SIrrvAYpK1SPY+GPOXwfvjx/Cud3jb7LHI7ZYmEfEAub7gVzsbbBG5ZWlrZc9rmR
IQi94oZ6cXTDjuAD1eoL9nh0KlfDKsPYyW1UNuxEKfXfjPMcvEFya8pvJRBYVaDD
p5GfOqn4QzeH3iGcO4w+zInroB1NWNxgnyToRoC0W1qPRgoB4xhv7gw/T7CASjmN
dMzO0anYxdCHUrGpH458MB9i8eJAlu3JV87tIldasXF8B9LAICu+emW5M7f03YA6
a5Qcfqpzc4a2YQEhjqc8Lddu/9Jc6lo4ufEia2DcnG7LHak3aGR8R9RyISK58gRp
CG9b6NOC14x3pYzBThZAg65HbECGdtRToN5GgT7PpXCv92FQVX3UxJryCPlELO+q
L/vqXHIfmWdXW8kkr23H3tC1AXB1k6H7/hgmD21LOQNpo17JmZXAxpCENQ5oBhc1
9BabRKvzUQAhhTaADwfrSIhG/dHFhzFTrAx6qmkWJPuy+2G9nPgO+pn66DTDAhK0
SSh5MbzFjTCH3AvmkFa4yZuvdZMm3VRM9VmTkfhBiyS2wRxnACMNsCD+3zVPKp81
hg7xrMH6rvDhY0shDecEzGiC1Q1TfCLjWISTYNdxFPOXB40pQbzPqd/Hn9NGf8wR
xFCfjj9ybPMJZCxUWG5bJml8TKbYjIvimpsBRfJ0+XK832aY4RFCWmu2Y8Xv1tuz
ruk6hNuCA+D4ogUZVBYoeUyll/K67Ym1H3SzR2sBEddnSoBb9wPxQxYzJrCMDeNm
i9wryIYlPS1kOjKprSWuC+EXSY7f5vKX6mOSuYL3GSsqAejCbgWmjvpubi/xNIry
+m4NDeGkuUtA2fuBg0ehePDvRBDnG2iZJX8cv7IX90wy1HNzlcuvVwJvObvW51OL
ayA67AiUwW/ufyjI76/nRRZQBXrde4cgsvD8doYHgBJybheEVshkYmLvq/yQGxX2
WDLlSmXvLvdaDsr3MBRX3LsFs2vi7GQDWi7VJeAPOOpBnDtKqKX60FLi3wPUHN+7
moL2eVPgGVGdvYSvKrCDfxjNTAb2zItsWplWYtg/j2dThtxsl96H3vw521A5l7VR
83Fr8u9I+kBRF1CR1yjiQ8iKdpJBSnmnaEmr8ebvZeObpWicNpICzNkSZ8z0nq4M
jR5KTrT9vUV2Y6yycskNrva/XnFR+KmyrJBXV3Gedjyg2ExFjbTJnLj2DcWxY16F
T3XwpM+NNH58vnlNvt8Sy5b1FqmuOKC/ehwpaYVJkKxFchbjXtsGLFzcIEsMd6mB
ndn0478oeFh/vFzArIIqBcRf73B+qkeJ4ijSZiThvXWlRk/Sxtu9J0uTVlixNsUY
FRaaRRwrfps++XBw1O21bY4v
=mMHl
-----END PGP MESSAGE-----





From tcmay at netcom.com  Sun Feb  6 11:11:08 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 6 Feb 94 11:11:08 PST
Subject: A Nice Summary of Motives for Clipper
Message-ID: <199402061911.LAA20333@mail.netcom.com>



This fellow has written a nice summary of the "carrot and stick"
motivations on Clipper. Nothing we haven't seen discussed, but a nice
synopsis.

His analysis is accurate:

- the government will make Clipper use very easy to export, and to use
(perhaps by subsidizing production costs of the MYK-xx chip for some
time)

- the government will make non-Clipper use very hard to export, may
harrass those who post code to ftp sites (a la PGP, Moby Crypt, etc.),
and will do other things to throw roadblocks up

- the result will probably be that in 5 years mosts crypto use is of
the key escrow sort, with all that that implies

Comment from TCM: Yes, we've "already won" in some sense, in that
strong crypto can't be completely eliminated. But if 99% of all crypto
users are using key escrow in 1999, for practical reasons, then in
some sense we have lost.

I'm curious about what RSA Data Security Inc. thinks of all this, as
this carrot-and-stick move worsens the export situation immmensely:
key escrow technologies get a "pass," while non key escrow
technologies get scrutinized, delayed, and generally told not to
bother to try to export (this is my interpretation). Could be real bad
news for Bidzos and Company. (Don't flame me for urging an alliance
with RSADSI! I'm just speculating on who will be hit hard here. Could
have some implications for what Cypherpunks support.)

Here's the article:


Newsgroups: alt.activism,alt.politics.datahighway,alt.privacy,alt.privacy.clipper,alt.security.pgp,alt.wired,comp.org.eff.talk,talk.politics.crypto
From: shephard at fraser.sfu.ca (Gordon Shephard)
Subject: Re: CRYPTO: DoJ's new rules for access to Clipper keys
Message-ID: <shephard.760538361 at sfu.ca>
Sender: news at sfu.ca (seymour news)
Organization: Simon Fraser University, Burnaby, B.C., Canada
Distribution: inet
Date: Sun, 6 Feb 1994 12:39:21 GMT
Lines: 107

strnlght at netcom.com (David Sternlight) writes:

>You still don't get it. Clipper is a system for the private sector with good
>security except for the escrow. The escrow is there to prevent the bad guys
>from using what would otherwise be a very hard to break system.

This reveals some of the mindset behind Government encryption policy.  For 
the past year or so, I've been discussing the "Clipper Concept", and have
constantly bewildered myself and others with the question:

   Why on earth would the black hats use a system which can be compromised
	by law enforcement agencies?

The conclusion which we normally came to was that after the introduction of
Clipper technology, the United States Government would work towards making
it illegal for cryptographic systems other than Clipper (or some other
Government controlled Key Escrow system) to be sold or produced in the
United States.

Now, Mr. Sternlight's view that Government is not attempting to prevent black 
hats from using non-clipper technology, and that they simply do not wish 
to allow criminals to use the Governments strong encryption system,
contrasts somewhat with the current dialogue on the subject.

And it makes sense - Clipper is going to dominate the market.  We may
all strut about and swear up and down how we will never use a cryptographic
system which the Government can break, but, given that commerical providers
will probably have huge incentives to develop clipper chip systems, (Govt.
Contracts and such :) this is the system that you and I will probably be 
purchasing.

A careful re-reading of the Press Releases provides supporting evidence. 

In particular, the administration will allow export of key escrow technologies,
and their new policies will result in:
	 - expedited delivery of products
	 - reduced shipping and reporting costs
	 - fewer individual licenses
	 - personal exemptions for the use of encryption technology taken
		out of the country by business persons.

The administration is going to also work with industry, with the NIST leading
these efforts.  Mention was made of money being tossed into this effort (Staff
will be hired....)     

So, that's the carrot, now for the stick:

"The Administration will continue to restrict export of the most
 sophisticated  encryption devices."

So, picture in your mind a Company such as AT&T, or U.S. Robotics, that
is about to start selling an encrypting modem/telephone:

They can either provide to Joe Public a Key Escrow technology, or they
can put together their own proprietary encryption system.

The Key Escrow technology system can be sold to the U.S. Government (Big
Bucks, How much would you like to bet that in the next 3 or 4 years, 
numerous government departments will be allocated large sums of money
to purchase encryption devices, regardless of whether they need it or
not - The press releases reveal that All Govt. Purchases will be Key Escrow - 
Never underestimate the impact of Government contracts)

The Key Escrow technology system will be free of Red Tape, can be exported,
will not require individual licensing for each country, can be taken
out of the country by business persons (The vast majority of which could care
less whether the Govt. can crack their communications, it's the competition 
they are concerned about), etc, etc....

Or, they can create a proprietary system and face the mother of all red
tape trying to sell the damn thing (At a significantly increased cost.)

The Result:

	1) Commerical Companies will not produce Non Key Escrow Technology.
	2) The few that do, will have their lives made so difficult by the
		Administration, it will be difficult to find their product.

And this is an issue that Nobody seems to discuss:  

	Encryption is only useful if BOTH ends of the communciation line 
	are using the same encryption technology.

Who will you be able to talk to if you are using a proprietary 
encryption system.  (A technically alert member of the press should
ask the following question: Will the administration seek to prevent
encryption systems which incorporate the clipper chip from having secondary
encryption technolgies embedded (I.E. Imagine if the modem you manufactured
could only talk V.32terbo, and not V.32/V.32bis - Nobody would buy it
because everyone else has a V.32bis modem. ) 

And here is where the Government may have made a strategic error though;
by not revealing their encryption algorithm, they may have opened up
a market for people who are concerned about the strength of the
encryption algorithm.  E.G. AT&T can come along and market their 
encrypting telephones with multiple levels of security, standard
"Clipper" encryption, or new and improved AT&T laboratory technology
which has been attacked by every encryption researcher on the planet.
Of course this device would still face the Red tape which the government
will be using as its primary weapon against non key escrow technology
in the coming years.

You heard it here first.  (Well, maybe not.  Anyone hear how the
Government has been treating PGP lately? :)

| Gordon Harry Shephard, shephard at sfu.ca,(message)252-4387, (res)524-8622 
| In No Way am I speaking for my Employers or Simon Fraser University.

--







From qwerty-remailer at netcom.com  Sun Feb  6 11:30:31 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Sun, 6 Feb 94 11:30:31 PST
Subject: CypherPUNKS. Not!
Message-ID: <199402061927.LAA06782@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Anthony Garcia wrote,
">   Get Off the Internet and Write Us a Real Encryptor.

Get a copy of Schneier's "Applied Crypto" and write it yourself.
Don't expect other people to provide encryption technology for you,
because they probably won't."

You sadly misunderstand. "Us" means US. All of us. Humanity. You also didn't
understand the point of the Dead Kennedy's "Anarchy For Sale." Fortunately
Phil Zimmerman and a few others do, and hopefully they will also give PGP a
"random data block" format output. If we (all of us using PGP on this planet),
don't get PGP off the internet and into the hands of MOST Mac and Windows
users, as well as in hardware form in devices like phones, then as the last
song I quoted said, "You'll (Cypherpunk activists) be the first to go." I
don't code. I make molecules, and soon I will be using standing waves made
by lasers to deposit atoms on surfaces, working at Harvard, Bell Labs, and
NIST to help develop the next next generation of CPUs, sensors and other
devices. If you want something to write code for, 10 years from now, don't
disrespect those who do sciences other than programming.

Your answer is what the government WANTS the programmers to be like, like this:

"You want bulk vitamin C powder which has been rumored to cure that new
AIDS strain that started spreading by air? Well that wouldn't make me or
anyone else any cash, and since the FDA has banned vitamin supplements,
you better go pick up a book on synthesis. I think you start with glucose.
Oh, and include organometallics, since it's only  certain mixed oxidation
state Copper complex dimers that seems to work. Fairly complex stuff. Hurry
up though, I hear that AIDS (Clipper) virus kicks in pretty fast! But don't
expect chemists to give you any, well since you see, that would be altruistic
and that is not logical, since my value system is selfishness. As long as I
can cure myself, and you aren't paying me large sums, well, bye bye."

And making PGP better and posting it anonymously or not, is no where as illegal
as if I were to offer an unapproved medicinal to patients in need, something
that would immediately put me in handcuffs. Happily, drugs that are truly
effective become available to terminal patients, since of course that makes
money. I'm going into crystal and surface chemistry anyway, and the FDA
seems to be failing in its ongoing attempts to take away my legal vitamin C
powder. I fear though that they may succeed in 10 years, and the Clipper's
going to send my e-mail into the FDA's "bad guy" files, as being a person who
takes more vitamin C than can be found in a can of Coca Cola. I just want
privacy and to be left alone. And research funds ;-).

 -=Xenon=-

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVT86QSzG6zrQn1RAQGNgwP/YONeGygK20IMXXL96hgu6MKDqZToslzK
BLgaWOYAvCz9e48aR6AemamQ3R7Dm9ZdqTyf2QIIgV/2VliARX4+9ADBiS3BUtET
Kck3gALq88weWfysdrxkc433b+sP9s28GOdMK2sHAjWaf9PImmoeqsaVBaAi9DzN
rTMRSKnp6ko=
=JKEA
-----END PGP SIGNATURE-----





From hughes at ah.com  Sun Feb  6 11:50:30 1994
From: hughes at ah.com (Eric Hughes)
Date: Sun, 6 Feb 94 11:50:30 PST
Subject: a reference to STS
In-Reply-To: <51436.pfarrell@netcom.com>
Message-ID: <9402061948.AA20879@ah.com>


Here's the reference for the STS paper.  STS is the Station-to-Station
protocol.

_Authentication and Authenticated Key Exchanges_
by Diffie, Oorschot, Wiener
_Designs, Codes and Cryptography 2_, 
pp 107-125
1992


Eric





From nobody at shell.portal.com  Sun Feb  6 11:56:08 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 6 Feb 94 11:56:08 PST
Subject: No Subject
Message-ID: <199402061953.LAA08152@jobe.shell.portal.com>


I'm moving to Oceania.






From nowhere at bsu-cs.bsu.edu  Sun Feb  6 13:51:07 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Sun, 6 Feb 94 13:51:07 PST
Subject: No Subject
In-Reply-To: <199402061953.LAA08152@jobe.shell.portal.com>
Message-ID: <9402062151.AA08195@bsu-cs.bsu.edu>


> I'm moving to Oceania.

Yeah, let's hope it gets built first...





From mg5n+ at andrew.cmu.edu  Sun Feb  6 13:56:07 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 6 Feb 94 13:56:07 PST
Subject: Fwd: More on remailers
In-Reply-To: <9402062051.AA26116@relay2.geis.com>
Message-ID: <MhJKO4_00awL07XVQv@andrew.cmu.edu>


Does anyone know what this is???

----------

Return-path: <genie-postmaster at geis.com>
Received: from po2.andrew.cmu.edu via trymail
          ID </afs/andrew.cmu.edu/usr12/mg5n/Mailbox/UhJJW=O00UdaEa=k5z>;
          Sun,  6 Feb 1994 15:52:27 -0500 (EST)
Received: from relay2.geis.com (relay2.geis.com [192.77.188.3]) by
po2.andrew.cmu.edu (8.6.4/8.6.4) with SMTP id PAA09729 for
<mg5n+ at andrew.cmu.edu>; Sun, 6 Feb 1994 15:51:36 -0500
From: genie-postmaster at geis.com
Received: by relay2.geis.com
	(1.37.109.4/15.6) id AA26116; Sun, 6 Feb 94 20:51:28 GMT
Message-Id: <9402062051.AA26116 at relay2.geis.com>
Date: Fri,  4 Feb 94 00:51:00 BST
To: mg5n+ at andrew.cmu.edu
Subject: More on remailers

Original Msg Id: Not Found
genie-postmaster response to your message

    Subject: More on remailers
    System:  QUIK-COMM
    Date:    Fri  4-Feb-94  0:51

Status: 5   Message picked up by receiving system and
            delivered to all recipients with NO exceptions.

----------





From R.O.Jackson-SE1 at computer-science.birmingham.ac.uk  Sun Feb  6 14:46:08 1994
From: R.O.Jackson-SE1 at computer-science.birmingham.ac.uk (R.O.Jackson-SE1 at computer-science.birmingham.ac.uk)
Date: Sun, 6 Feb 94 14:46:08 PST
Subject: TEMPEST - Electronic eavesdropping
Message-ID: <13893.9402062244@heffalump.cs.bham.ac.uk>


Transient Electromagnetic Pulse Emanation Standard (TEMPEST) is the
US standard defining the amount of electromagnetic radiation that a
device may emit without compromising the information it is 
processing.

In the US it not illegal to posess TEMPEST-surveillance equipment but
it is illegal to take appropriate counter-measures to prevent 
surveillance. The US government has refused to release details of its
TEMPEST research and has restricted the dissemination of independent 
research by classifying it.

The US Drug Enforcement Agency (DEA) makes use of TEMPEST secured
electronics and computers as they believe that the drug cartels may
possess surveillance equipment.

I am interested in gathering comments on the social, legal, ethical,
and technical aspects of use of TEMPEST surveillance equipment in
the US and Europe with the aim of including it in a discussion
of the threats to computer/digital systems.



Please reply by E-mail. I will provide a summary to anybody who
requests one.

thanks, 	- Rob Jackson

(more information on TEMPEST can be found in the paper
 "Eavesdropping On the Electromagnetic Emanations of Digital
  Equipment: The Laws of Canada, England, and the US" by
  Cristopher Seline - available on FTP from csrc.ncsl.nist.gov)





From hughes at ah.com  Sun Feb  6 15:16:08 1994
From: hughes at ah.com (Eric Hughes)
Date: Sun, 6 Feb 94 15:16:08 PST
Subject: TEMPEST - Electronic eavesdropping
In-Reply-To: <13893.9402062244@heffalump.cs.bham.ac.uk>
Message-ID: <9402062314.AA21234@ah.com>


>In the US it not illegal to posess TEMPEST-surveillance equipment but
>it is illegal to take appropriate counter-measures to prevent 
>surveillance. 

Can we get the urban folklore set clued into this one?

Electromagnetic shielding is not illegal.  On the contrary, in the
USA, the FCC finds shielding highly desirable.

Eric





From mech at eff.org  Sun Feb  6 15:36:07 1994
From: mech at eff.org (Stanton McCandlish)
Date: Sun, 6 Feb 94 15:36:07 PST
Subject: NIST - PKP settlements not over yet
Message-ID: <199402062335.SAA20726@eff.org>


[from Gregory Aharonian's Internet Patent News Service]

A hostile response to a tentative agreement to settle a patent dispute
over the proposed Digital Signature Standard has forced the National Institute
of Standards and Technology to return to negotiations.  Last summer, NIST
officials thought they finally settled the DSS public key patent dispute by
granting Public Key Partners (PKP) of Sunnyvale, California, an exclusive
worldwide license for the Digital Signature Algorithm (DSA) on which the DSS
is built.

In exchange for sublicensing rights, the PKP group agreed to endorse
NIST's DSS proposal.  But F. Lynn McNulty, associate director for computer
security with NIST's Computer System Laboratory, said a majority of potential
DSS users balked at the deal.  NIST published the settlement terms for
comment, and McNulty said all but 10 of the 270 comments were critical.
[as many of you may remember, EFF coordinated the transmission of these
comments to NIST, who did not widely announce the request for comment at all.
The uncharitable might call that an attempt to sweep the matter under the rug.
The naive might call it an oversight.  At any rate almost all of the comments
NIST received were routed via EFF, who were happy to publicize it "for" NIST.]
Many DSS critics have argued that another algorithm promulgated by RSA
Data Security (Redwood City, CA), is a de facto industry digital signature
standard and that it would cost too much to comply with a separate government
standard.

Now NIST is attempting to hammer out a new settlement based on the
comments, McNulty said.  "The real hang-up continues to be the patent issue",
McNulty said.  "We're still trying to resolve it".

Scientists at CSL designed the CSS to serve as a standard agency tool for
verifying the senders and contents of messages transmitted electronically.
CSL also prescribed the public key Digital Signature Algorithm (DSA).

But PKP, which holds the rights to public key patents on behalf of
Stanford University, MIT, and most recently, German professor Claus Schnorr,
charged that CSL's proposed algorithm infringed upon these patents.  NIST
originally sponsored DSA research, and agencies are exempt from any licensing
fees.  PKP, however, has maintained that vendors that incorporate the
standard into their products should pay royalties.
[Government Computer News 1/24/94, 58]

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From tcmay at netcom.com  Sun Feb  6 16:00:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 6 Feb 94 16:00:30 PST
Subject: TEMPEST - Electronic eavesdropping
In-Reply-To: <13893.9402062244@heffalump.cs.bham.ac.uk>
Message-ID: <199402062359.PAA20879@mail.netcom.com>



> In the US it not illegal to posess TEMPEST-surveillance equipment but
> it is illegal to take appropriate counter-measures to prevent 
> surveillance. The US government has refused to release details of its

Please provide a reference for this. We've discussed this _many_ times
on this List, and the consensus is that no such law exists, nor is it
plausible that folks could be told they cannot "shield" their
computers.

(In fact, FCC regulations call for various levels of RF shielding, as
we all know. Is there a law which says "You must shield--but not _too_
much"? Of course not.)

I don't want to sound rude, but saying it is illegal to take
appropriate counter-measures to prevent surveillance is a serious
statement, requiring some support. (I'll look for the ftp paper
you cite later...do you have a pathname handy in the nist ftp site?)

I can believe that _certain_ countermeasures, like active jamming with
RF signals, may be somewhat restricted, but mainly for FCC reasons. I
cannot believe that shielding a keyboard or computer, or using LCD
displays to reduce Van Eck emissions, or even putting one's computer
in a Faraday cage, could be illegal. 

> TEMPEST research and has restricted the dissemination of independent 
> research by classifying it.

Parts of the TEMPEST spec (and TEMPEST is not an acronym for anything,
I understand) are classified, for various reasons, but this does not
mean shielding or other countermeasures are forbidden. In fact,
shielding supplies and TEMPEST-related supplies can be bought from
several companies. Every time this thread comes up, someone cites the
suppliers.
 
> The US Drug Enforcement Agency (DEA) makes use of TEMPEST secured
> electronics and computers as they believe that the drug cartels may
> possess surveillance equipment.

I'll phone Pablo Escobar and ask him.

> I am interested in gathering comments on the social, legal, ethical,
> and technical aspects of use of TEMPEST surveillance equipment in
> the US and Europe with the aim of including it in a discussion
> of the threats to computer/digital systems.
> 
> thanks, 	- Rob Jackson
> 
> (more information on TEMPEST can be found in the paper
>  "Eavesdropping On the Electromagnetic Emanations of Digital
>   Equipment: The Laws of Canada, England, and the US" by
>   Cristopher Seline - available on FTP from csrc.ncsl.nist.gov)

Lots of interesting stuff there. But where is the paper you cite? A
pathname would be appreciated.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From miron at extropia.wimsey.com  Sun Feb  6 16:06:07 1994
From: miron at extropia.wimsey.com (Miron Cuperman)
Date: Sun, 6 Feb 94 16:06:07 PST
Subject: remailer delays
In-Reply-To: <199402042129.NAA11271@jobe.shell.portal.com>
Message-ID: <1994Feb6.232301.2234@extropia.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

Xenon, you should add my machine to your list:

xtropia   -      PGP    SM     +    -    -   -  Pr  M   23a  -

The address is remail at extropia.wimey.com.  Encryption is required.
I keep logs, encrypted with my public key.
- -- 
        Miron Cuperman <miron at extropia.wimsey.com> | NeXTmail/Mime ok
        Unix/C++/DSP,  consulting/contracting      | Public key avail
        AMIX: MCuperman                            |

Cryptocosmology: sufficiently advanced communication is indistinguishable
from noise - god is in the least significant bits.
		 - fnerd


-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVV7ppNxvvA36ONDAQHDcQP9H3lpdKOF2TobH8fuZDjNQGjxh2LKKbc4
eiN961fMn0hfQaXA6TLioAyvZsvGe10CRWaTzW2tgVAL6RDgZLKji7ng87jzIfat
2O/w0uV2wNd6EWWMWdtQwkQ+J7adKNMj5IUjpYlvM5v0jicuPVotgQLMLgwQHoXA
4c5n2XLsurU=
=5Re6
-----END PGP SIGNATURE-----





From qwerty-remailer at netcom.com  Sun Feb  6 17:30:32 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Sun, 6 Feb 94 17:30:32 PST
Subject: remailer delays
Message-ID: <199402070130.RAA12616@mail.netcom.com>


It's half done :-) ! Unfortunately the NSA run remailers haven't been
handing out info, but this should help people know which blanks are still
blanks ;-). God I hate these little sideways smileys!

               oooooooooooooooooooooooooooooooooooooooooooooo
      ooo$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ooo
     $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
    o$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$o
    $$$$$   $$$"    "$$$$$"    "$     $     $  "$  $$$$$"    "$  "$  $$$
    $$$$"   "$$  $$oo$$$$$  $$oo$  $$$$  $$$$   "  $$$$$  $$  $   "  $$$
   o$$$$  $  $$o    "$$$$$o    "$    $$     $      $$$$$  $$  $      $$$o
   $$$$   o   $""$$  $$$$$""$$  $  $$$$  $$$$  o   $$$$$  $$  $  o   $$$$
   $$$$  $$$  $o    o$$$$$o    o$     $     $  $o  $$$$$o    o$  $o  $$$$
   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
   $$$$""""""""""""""""""""""""""""""""""""""$$$$$$$$$$$$""""""""""""$$$$
   $$$$                                      "$$$$$$$$$$"           o$$$$
   $$$$                                       "$$$$$$$$"           o$$$$$
   $$$$                                        $$$$$$$$            $$$$$$
   $$$$$$$$$$$$$           $$$$$$$$$            $$$$$$            $$$$$$$
   $$$$$$$$$$$$$           $$$$$$$$$$            $$$$            $$$$$$$$
   $$$$$$$$$$$$$           $$$$$$$$$$$           "$$"           $$$$$$$$$
   $$$$$$$$$$$$$           $$$$$$$$$$$o           ""           o$$$$$$$$$
   $$$$$$$$$$$$$           $$$$$$$$$$$$o                      o$$$$$$$$$$
   $$$$$$$$$$$$$           $$$$$$$$$$$$$o                    o$$$$$$$$$$$
   $$$$$$$$$$$$$           $$$$$$$$$$$$$$o                  o$$$$$$$$$$$$
   "$$$$$$$$$$$$           $$$$$$$$$$$$$$$                  $$$$$$$$$$$$"
    $$$$$$$$$$$$           $$$$$$$$$$$$$$$$                $$$$$$$$$$$$$
    $$$$$$$$$$$$           $$$$$$$$$$$$$$$$$              $$$$$$$$$$$$$$
    "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"
     $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
      """$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"""
               """"""""""""""""""""""""""""""""""""""""""""""

Xenon's Full Disclosure Remailer List.

Remailer  Fast?  OpLog SysLog Subj Batch RD NL CPU Phys PGP BitB ...and?
--------- ------ ----- ------ ---- ----- -- -- --- ---- --- ---- ----------
bsu-cs    +      ?      ?/?    +    ?    ?   ?  ?   ?   23a  -
catalyst  +      N?    SM/MQ   -    -    ?   -  PA  M   23a  -
choas     +      ?      ?/?    +    ?    ?   ?  ?   ?   -    -
cicada    ++     ?      ?/?    -    -    -   -  ?   ?   -    -
colostate ++     ?     SM/MQ   ?    -    ?   ?  Un  M   ?    -
dis.org   -/--   ?      ?/?    -    ?    ?   ?  ?   ?   23a  -
extropia  +/-    ?      SM     +    -    -   -  Pr  M   23a  -
jarthur   +/--   St    SM/MQ   -   -/+   ?   ?  Un  ?   23a  -
menudo    --     N      SM     -    t1  "?"  Y  Un  H   23a  -
merde     -/--   ?      ?/?    -    ?    ?   ?  ?   ?   -    -
penet.fi  --     St    SM      -    t?   24  +  Pr  H   -    -
pmantis   ++     ?      ?/?    -    ?    -   -  ?   ?   -    -
qwerty    +      C     SM/MQ   -    -    -   -  PA  M   23a  +
rosebud   ++/-   N      MQ     -    -    -   N  Un  M   23a  -
remba      --    ?      ?/?    ?    ?    ?   ?  ?   ?   23a  -
shell     ++/+/- St     ?/?    -    ?    ?   ?  ?   ?   23a  -
soda      ++/-   St+?   ?/?    -    ?    ?   ?  ?   ?   -

Subj: Strips Subject header?
NL: Non-linear remailing? 123->231.
RD: Random delay added (max, in hours)?
Batch: Batched remailing? t2 means twice daily. n5 means after 5 messages.
CPU: Pr = private. PA = account on public access machine. Un = university.
Phys: Physical security of the CPU, especially at night. H/M/L.
BitB: BitBucket feature?

Fast?:
++ <5 min
+   5-10 min.
-  ~10-30 min delay
--  Pinging isn't practical due to long delays. Probably reliable though.
+/- Sometimes +, sometimes -.
Normal internet mail delays are common, and are not equivalent in the two
directions between any two remailers. Mail still gets through.

OpLog:
F: full copies of all mail is archived. My large volume mailing should
   help put a stop to this.
St: Stats logs of when mail was remailed.
St+: Stats logs of when and where mail was remailed.
St-: simple counter.
N: operator keeps no logs.
C: Simple counter.

SysLog:
SM: sendmail logs of when and where mail was exchanged. Root access needed.
MQ: mailqueue accessible by anyone on the site. Could make logs.

I have chosen nicknames based on a string common to both the outgoing
address and to the address you see on an incoming message from the remailer.

bsu-cs    nowhere at bsu-cs.bsu.edu
catalyst  catalyst at netcom.com
chaos     remailer at chaos.bsu.edu
cicada    hh at cicada.berkeley.edu
colostate nate at vis.colostate.edu
dis.org   remailer at dis.org
extropia  remail at extropia.wimsey.com
jarthur   ebrandt at jarthur.claremont.edu
menudo    nobody at Menudo.UH.EDU
merde     remailer at merde.dis.org
penet.fi  anon.penet.fi
pmantis   hh at pmantis.berkeley.edu
qwerty    qwerty at netcom.com
rosebud   elee7h5 at rosebud.ee.uh.edu
          (elee6ue at rosebud.ee.uh.edu)
shell     hfinney at shell.portal.com
soda      hh at soda.berkeley.edu

Discontinued remailers still on some lists out there:

phantom at mead.u.washington.edu
remail at tamaix.tamu.edu
sameer at netcom.com
sameer at berkeley.edu (spelling?)
cdodhner at indirect.com
remailer at entropy.linet.org??
00x at uclink.berkeley.edu?
remail at tamaix.tamu.edu?

Background on each remailer:

bsu-cs:
Run by Chael Hall.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security: ??
Comments:
History: ??

catalyst:
Run by Scott Collins.
Machine: personal dial-up account on Netcom.
Problems policy: Outgoing address blocking, with proof of ID.
         Contact catalyst at netcom.com.
Software: Customized Hal's ?
Security: Netcom keeps sendmail logs, which root at netcom.com can read.
          Any Netcom user could also compile his own sendmail logs, by
          constantly logging mail as it arrives and leaves.
Comments:
History: ??

chaos:
Run by Chael Hall.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security:
Comments: finger remailer.help at chaos.bsu.edu for info using any remailer. ??
          gopher chaos.bsu.edu for a collection of info about Cypherpunks.
Comments:
History: ??

cicada:
Run by Eric Hollander.
Machine: ???
Problems policy: ?? Contact ??
Software: ??
Security: Tread lightly. Being "phased out".

colostate:
Run by ??
Machine: ???
Problems policy: ?? Contact ??
Software: ??
Security: ??

dis.org:
Run by Peter Shipley.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security: ??
Comments:
History: ??

extropia:
Run by Miron Cuperman.
Machine: ??
Problems policy: ??  Contact ??
Software: ??
Security: ??
Comments: Only accepts PGP remailing. ::/Encrypted:PGP header is optional.
          Privately owned, in Canada.
          Not directly connected (delays possible).
History: ??

jarthur:
Run by Eli Brandt.
Machine: Sequent Symmetry.
Problems policy: Destination blocking is available w/ sufficient ID.
                 Contact ebrandt at jarthur.claremont.edu.
Software: The usual, tweaked for MMDF. Hal's.
Security: jarthur keeps sendmail logs.
Comments: Although jarthur doesn't batch, its connection often results in
          outgoing mail getting batched out anyway (1-3 hours delay).
History: Set up late '92.  PGP added mid '93.

menudo:
Run by Karl Barrus.
Machine: University machine.
Problems policy: see policy at gopher site. Contact klbarrus at owlnet.rice.edu
                 or elee9sf at menudo.uh.edu.
Software: Modified Hal's.
Security: Stores messages and sends them out randomly at midnight.
          Pads messages to 1K with random stuff. (?)
Comments: elee9sf at menudo accepts RIPEM encryption.
          elee6ue at rosebud requires "digital cash" (basically random
          strings I made).
          Errors on elee9sf at menudo are forwarded klbarrus at owlnet.rice.edu
          where they are deleted.  I still get mail at that address which is
          why I have it forwarded and not just dropped.
History: No comment.

merde:
Run by Peter Shipley.
Maching: ??
Problems policy: ?? Contact ??
Software: ??
Security: ??
Comments:
History: ??

penet.fi:
Run by Julf (Johan Helsingus).
Machine: ?? Operator owned.
Problems policy: Account revokation. Contact ??@anon.penet.fi.
Software: custom.
Security:
Comments: By far the most popular remailer, dwarfing in a day what the
          entire Cypherpunk remailers combined carry in a month. Supports
          easy return addresses as well as non-anonymous mailing to
          someone's anonymous address (na1234... instead of an1234...).
          Your real address is kept on Julf's hard disk, but is fairly safe
          there, especially if you do not abuse your anonymity to harass
          someone. On a bad day your mail and especially Usenet posts may
          be delayed up to a day. Very reliable though. Sends error
          messages back to you for failed mail. Limited to 48K mail.
History: ??

pmantis:
Run by Eric Hollander.
Machine: ??
Problems policy: ?? Contact ??
Software: ??
Security: Tread lightly. Being "phased out".
Comments:
History: ??

qwerty:
Run by Xenon.
Machine: dial-up account on Netcom.
Problems policy: "What problems?". Contact qwerty at netcom.com.
Software: Hal's remailer.
Security: Netcom keeps sendmail logs, which root at netcom.com can read.
          Any Netcom user could also compile his own sendmail logs, by
          constantly logging mail as it arrives and leaves.
          Operator often logs in using telnet.
Comments: You must use na1234 at anon.penet.fi not an1234 at anon.penet.fi.
          Finger qwerty at netcom.com for a blurb on the remailer and updates
          on its software.
          Request-Remailing-To: /dev/null is a bit bucket.
          whitehouse.gov gets blocked and fully logged.
History: Up 2/94. Set up by Xenon who needed more remailers to use to send
         PGP info to people with, since anon.penet.fi was overloaded.

rembe:
Run by Bill (O'Hanlon?).
Machine: ? Privately owned.
Problems policy: ?? Contact ??
Software: ??
Security: ??
Comments: Not directly connected (delays?).
History: Second oldest remailer.

rosebud:(elee7h5 at rosebud.ee.uh.edu)
Run by Karl Barrus.
Machine: University.
Problems policy: See gopher site.  Contact klbarrus at owlnet.rice.edu.
Software: Hal's.
Security: "syslog file can be read"
Comments: Errors are "dropped".
History: Third oldest remailer.

rosebud: (elee6ue at rosebud.ee.uh.edu)
Run by Karl Barrus.
Machine: univerisity
Problems policy: see gopher site. Contact klbarrus at owlnet.rice.edu.
Software: standard scripts (Hal's) modified to accept cash strings.
Security: "Syslog file can be read."
Comments: Errors are "dropped".

shell:
Run by Hal Finney.
Machine: ??
Problems policy: ?? Contact ??
Software: Hal's Remailer.
Security: ??
Comments: whitehouse.gov blocked and fully logged.
          hal at alumni.caltech.edu forwards all mail to shell.
History: ??

soda:
Run by Eric Hollander.
Run by: ??
Machine: ??
Problems policy: ?? Blocking of addresses. Mail sent to problem causer.
                 Contact ??
Software: custom. ??
Security: Was keeping full logs till Xenon's bulk mailing venture. ??
Comments:
History: ??

Remailer Public Keys:
(I've got these).





From nate at VIS.ColoState.EDU  Sun Feb  6 17:56:08 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Sun, 6 Feb 94 17:56:08 PST
Subject: FOR Xenon (what's his email?)
Message-ID: <9402070153.AA08461@vangogh.VIS.ColoState.EDU>


-----BEGIN PGP SIGNED MESSAGE-----


Info on the nate at vis.colstate.edu remailer


colostate:
Run by Nate Sammons nate at vis.colostate.edu
Machine: Sun 4/280 - direct ethernet connection to the 
         Colorado State University backbone.  Getewayed to
         CU/BOulder, and then into the Net backbone.
Problems policy: No problems yet.  Nobody at CSU really
                 knows about it yet ;-)
Contact Nate Sammons nate at vis.colostate.edu
Software: Hal's Remailer software, modified
Security: What do you want to know?

- -nate

BTW, thanks for the work!

- -- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From qwerty-remailer at netcom.com  Sun Feb  6 18:16:08 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Sun, 6 Feb 94 18:16:08 PST
Subject: FOR Xenon (what's his email?)
Message-ID: <199402070215.SAA16858@mail.netcom.com>


na38138 at anon.penet.fi or faster, qwerty at netcom.com.

 -=Xenon=-

P.S. I'm e-mailing you separately.





From tcmay at netcom.com  Sun Feb  6 18:20:32 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 6 Feb 94 18:20:32 PST
Subject: TEMPEST - Electronic eavesdropping
In-Reply-To: <199402062359.PAA20879@mail.netcom.com>
Message-ID: <199402070218.SAA06728@mail.netcom.com>


OK, I've just reread the Seline paper Rob Jackson was referring to
(available by ftpat csrc.ncls.nist.gov::/pub/secpubs/tempest.txt--my
thanks to Rob for providing the pathname to me). I say "reread"
because this is the same 1990 paper that's been reposted several times
to sci.crypt and here to the Cypherpunks list.

Earlier I said, quoting Rob:

> 
> > In the US it not illegal to posess TEMPEST-surveillance equipment but
> > it is illegal to take appropriate counter-measures to prevent 
> > surveillance. The US government has refused to release details of its
> 
> Please provide a reference for this. We've discussed this _many_ times
> on this List, and the consensus is that no such law exists, nor is it
> plausible that folks could be told they cannot "shield" their
> computers.
...stuff elided...

Indeed, most of the Seline paper is devoted to the fact that the
TEMPEST spec itself is classified, which is undoubtedly true. And the
(unconfirmed) assertion that mere possession of RF intercepting gear
that could be used to defeat TEMPEST is illegal.

(I have doubts about this, given the various types of RF receivers,
old television sets with manual tuners, etc. I suppose that if one
were caught with an antenna, a tunable CRT able to "tune in" the
emissions of a nearby--or distant--computer or CRT and display them
the way the NSA's ELINT gadgets undoubtedly do, then this might be
considered evidence of criminal intent--like burglar tools,
password-cracking tools, etc. [And we've had this debate many times as
well, with some saying possession of lockpicking tools is legal,
others saying it's not, etc.])

However, nothing in the Seline report, flawed as it is (IMO), says "it
is illegal to take appropriate counter-measures to prevent
surveillance." That is, go ahead and shield away!

What I think the government is saying is this, and I have no idea if
this is in fact law or if it would hold up in court:

* First, we (the government) have a TEMPEST spec we use to build
equipment to. It tells our vendors how good their stuff has to be. We
don't tell the public this spec, because this would help the Russkies
and the Yellow Hordes, not to mention the French.

* Second, we (your public servants) have our own tricks and techniques
and dislosing the TEMPEST specs would provide damaging information to
our opponents (the Mob, the Serbs, the Cypherpunks, and the
Republicans)--so we aren't talking. And we insist TEMPEST contractors
also keep their mouths shut.

* Third, we (us again) will not allow _eavesdropping_ equipment to be
publically sold, whether for intercepting cellular phone calls, CRT
emissions, whatever. You may find loopholes (telephoto lenses and
giant parabolic mikes, so beloved of dicks), but we've basically
outlawed this stuff.

(sorry if my irreverent tone and change of point of view is confusing
here)

So, nothing about shielding or monitoring emissions (commercial RF
leakage equipment is widely available and measures stuff down many dB
from the unshielded level). Just don't build a Van Eck gadget and let
others know about it (though, again, it's not clear how the courts
would rule on this). And don't disclose TEMPEST specs.

For Cypherpunks, not too much to worry about. We don't want or need to
play at being spooks by monitoring nearby systems, and shielding is
available.

That it's not used much, that we are "soft targets" for determined
surveillance teams, and that we use PGP on insecure machines, etc., is
all well-known. Everything has a cost, and most of us don't perceive a
direct enough threat to our communications and computers to warrant
working inside a local, Faraday-caged machine, keeping passwords in a
separate laptop we carry with us at all times, etc. What's important
for us is to get crypto tools spread ubiquitously. The rest can come later.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From nobody at shell.portal.com  Sun Feb  6 18:26:08 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 6 Feb 94 18:26:08 PST
Subject: PGP Tools & Magic Money Update
Message-ID: <199402070226.SAA05321@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

PGP Tools and Magic Money would not run on a big-endian machine. This did
not surprise me, because I don't have one to test it on. I sent a new 
version to csn.org which fixes a bug in fifo_moven, and includes a #define
to force the precision to maximum on a big-endian machine. This should make
it work, but will slow it down. The new version, when it shows up, should
be in the pgp_tools directory. Go to /mpj, read README.MPJ, and it will tell
you how to get into the crypto section. Check the file dates to see if the
new version is there yet. I sent them on 2/6.

Is there anyone who would like to fix it so it will run properly? The files
pgptools.c and ptd.c in the toolkit, and mm.c, s.c, and c.c in the Magic
Money system, need to be changed. There is a function called rescale which
has to be run on mpi's after set_precision is called. I have no way to test
any changes, so I can't write this.

                                          Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVWRMcGoFIWXVYodAQHSCwQAhA8gZTKDEnzdFyC5UbB0HpvSe299w4F0
bmAA+vplPWNIuFx+RswN6UeCqr9v32tPHTopU4y8twWWJ6p+sA0laqfPVsubtuKK
0bJkasrhIYZDfh4X+RaXgiv50hrcqm87Str0asUOiv1sA7Mv9G5cTxQPwvm0Wiq1
BEjeR5cYn8M=
=6VZI
-----END PGP SIGNATURE-----





From mg5n+ at andrew.cmu.edu  Sun Feb  6 18:51:08 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 6 Feb 94 18:51:08 PST
Subject: FOR Xenon (what's his email?)
In-Reply-To: <199402070215.SAA16858@mail.netcom.com>
Message-ID: <YhJOkWe00WAuMTmUtT@andrew.cmu.edu>


qwerty at netcom.com writes:

> na38138 at anon.penet.fi or faster, qwerty at netcom.com.
> 
>  -=Xenon=-

I thought it was na48138 ... ???

That's what it said on your earlier posts.





From qwerty-remailer at netcom.com  Sun Feb  6 19:40:32 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Sun, 6 Feb 94 19:40:32 PST
Subject: FOR Xenon (address?)
Message-ID: <199402070338.TAA25281@mail.netcom.com>


Gee, someone must have snuck into my account and changed all the 48s to
38s. I stand corrected. na48138 at anon.penet.fi. Mister 38138 must be rather
confused due to the "Bomb me!"s he's been getting :-). I'll send him a note
to tell him. Maybe I can convince HIM to take over this project even!

 -=Xenon=-





From hfinney at shell.portal.com  Sun Feb  6 20:00:32 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 6 Feb 94 20:00:32 PST
Subject: Attack on Magic Money and Chaum cash
Message-ID: <199402070359.TAA19748@jobe.shell.portal.com>


I think there may be a security weakness in Magic Money coins, and in
Chaum's "online" cash system from the Chaum/Fiat/Naor paper.

Magic Money coins are numbers of a particular form, RSA-signed by the
bank.  They look like Y^(1/e) where Y is the number and e is the
bank's public exponent corresponding to the particular denomination of
the coin.

The structure of Y is a 0, a 1, a string of bytes of 0xff, then
a defined 18-byte string of bytes, then 16 random bytes.  This Y is
generated by the user, and is then blinded by multiplying by some
random r^e, and sent to the bank.  The bank RSA-signs Y*r^e to get
r*Y^(1/e), and the user divides by r to get Y^(1/e).  This is the
coin.

The coin is checked by raising it to the power e, to get Y, then
checking to see if it is of the proper form.  Actually, the Magic
Money code only checks the 18-byte special string (just above the 16
random bytes) to make sure it matches the exact byte sequence that is
always supposed to be there.  In addition the bank checks the 16
random bytes against a list of spent coins to make sure this coin
hasn't been spent before.

The other relevant point is that the bank has to sign everything you
give to it (with payment) - it can't check the bit pattern for
legality, since what it is signing is blinded.  So you can really get
the bank to sign anything.

Yesterday I opined that this would be safe, but now I don't think so.
The danger I would see is an attacker who gets the bank to sign 2, 3,
5, 7, 11, 13, 17, 19, ....  The bank won't know it is signing these
special numbers because they are blinded.  If someone gets a lot of low
primes signed he may be able to forge money, especially with the
incomplete checks in the Magic Money program.

The idea would be for him to try to factor a legal Y using just the
primes he has.  If he can find a factorization using only small primes
of a number which holds the magic 18-byte sequence in the right place,
he can multiply together the signed forms of the primes to produce a
signed version of that number.  This would be a successfully forged coin.

So, the question is whether it would be feasible to collect enough
signed small primes to be able to generate more valid coins than you
have primes.  (It costs you a coin each time you get the bank to sign
something, so for this to be a money-making venture you want to get
more out of it than you put into it!)  I think there are a reasonable
fraction of numbers factorable by only small primes.  Since there are
2^128 possible money values (based on the 16 random bytes) there
should be quite a lot which are factorable by only small primes.

Magic Money could help by checking the high bytes as well as the magic
18; it would be take more time to factor 1024 bit numbers than 272 bit
ones ((18+16)*8), and there would be fewer that are factorable by
small primes.  But the problem would still exist.  The attacker can run
a fast sieve to identify numbers which are factorable in his set.

The same attack would apply to Chaum's online cash.  His cash is of the
form, (x,f(x)^(1/e)), where f() is a one-way function like MD5.  To forge
this you would again get signed forms of the small primes, then keep
picking random x's, until you got a f(x) which could be factored by your
set.  Presto, you can create a fake coin.

I don't know how this attack can be prevented.

Hal






From hfinney at shell.portal.com  Sun Feb  6 20:36:08 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 6 Feb 94 20:36:08 PST
Subject: Attack on Magic Money and Chaum cash
Message-ID: <199402070432.UAA21889@jobe.shell.portal.com>


A quick follow-up: I suppose a cut-and-choose protocol in the withdrawal
would prevent this attack.  Instead of sending in one blinded coin to be
signed you'd send in 100 blinded candidates, then the bank would pick 99
and you'd reveal the r's for the others (remember, they are blinded with
r^e) so the bank can verify they are of the proper form.  The bank would
then sign the one remaining one and return it to you.

What a pain!  I hope someone can come up with something better, or show that
the attack doesn't work.

Hal





From nobody at rosebud.ee.uh.edu  Sun Feb  6 21:16:09 1994
From: nobody at rosebud.ee.uh.edu (nobody at rosebud.ee.uh.edu)
Date: Sun, 6 Feb 94 21:16:09 PST
Subject: CRYPTA PLUS W/ RSA
Message-ID: <9402070514.AA03925@toad.com>


01/31 0936  ( BW)(TELEQUIP)
   Business Editors  
   HOLLIS, N.H. (JAN. 31) BUSINESS WIRE - January 31, 1994--Telequip
Corp. today announced the first available PCMCIA compatible flash
memory card with high-level embedded security functions.  
   The credit card sized Crypta Plus is targeted at companies
implementing secure tokens for mobile computer users.  These tokens
will allow users to conveniently communicate and access confidential
data across public computer and telecommunications networks.  
   Industry experts predict widespread use of secure tokens for
corporate and customer communications, database access, electronic
funds transfer, defense and government programs, and any other
activity involving confidential electronic information transfer. Sales
professionals will be able to travel with proprietary information and
communicate securely with the home office. Physicians will be able to
use tokens, loaded with patient files, to perform rounds, order tests
and even write prescriptions that can be signed with a digital
signature.  It will be possible to process and pay insurance claims
directly from the field.  Mobile computer users will conveniently
carry and securely communicate large amounts of confidential
information.  
   Crypta Plus cards have up to 20 Megabytes of solid-state,
nonvolatile memory and require no batteries.  The memory capacity will
increase in conjunction with technological advancements in the flash
chip industry.  The patent- pending card consists of a data storage
unit, storage-access locking circuitry, and a tamper-proof key
information substorage unit in the form of a smartcard integrated
circuit.  A stored program within the smart card integrated circuit
allows an access password to be programmed directly into the silicon
from an external source.  The locking circuitry prevents access to the
data stored on the memory card unless the user inputs the identifying 
password.  The smartcard integrated circuit can be used to perform 
cryptographic functions, including digital signatures.  It also
provides secure storage for the keys necessary to perform those
functions. The Crypta Plus card satisfies three vital needs of mobile
computer users: 
    
o   It can securely store private information in a compact, easily 
transportable storage device. 
o   It protects electronically stored data against unauthorized access
if theCrypta Plus card is lost or stolen. 
o   It makes cryptographic functions and secure key storage readily
availableto allow protection and authentication of data being sent to
remote sites.

   Several important technology trends have converged to make the
development of the Crypta Plus card possible.  The PCMCIA standard has
been swiftly adopted by the industry leaders in personal computing.
This allows the Crypta Plus card to operate cross-platform in most
mobile computing devices.  The explosive implementation of distributed
networks and wireless communication now makes data security a vital
tool for insuring and protecting personal and corporate interests. 
The rapid growth of Public-key cryptography and digital signature
standards is creating secure environments for access, transmission and
authentication of private information.  
   Along with U.S. Government standards for digital signatures and
encryption, Telequip will embed RSA, the popular Public-key
cryptosystem into the Crypta Plus card.  "We're excited about
Telequip's Crypta Plus technology - it's a perfect match for
distributed, robust security systems such as RSA," said Jim Bidzos,
president of RSA Data Security Inc.  The Crypta Plus card will also 
fully comply to the soon-to-be published PKCS 11 specification, which
will be the first open, published standard for use of Public-key
cryptography with tokens and smart cards.  PKCS, or the Public Key
Cryptography Standards, were established early in 1991 by a consortium
of RSA Data Security and its major licensees, including Microsoft,
Apple, Sun, Lotus, Digital, National Semiconductor, and many others.
The backing of the PKCS consortium members will make PKCS  11 the most
important standard for secure tokens and smartcards in the world.  
   Michael F. Jones, president of Telequip Corp., points out that
"Public-key cryptography and digital signatures are central to the
future of electronic commerce.  These techniques depend on
successfully keeping the private key and its operations secure.  The
company believes the Crypta Plus card is an ideal personal token for
performing private-key operations and implementing cross-platform
security.  It can be thought of as a portable object in which data,
applications and security all travel together in one convenient
package. Users will carry Crypta Plus cards with them to run
applications, store data, configure systems, sign documents and access
network resources."  
   --30--ed/bos  
   CONTACT:  Telequip Corp.  
   Greg Dunne, 603/881-5616





From remailer at merde.dis.org  Sun Feb  6 21:30:32 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Sun, 6 Feb 94 21:30:32 PST
Subject: PGP Tools tester needed
Message-ID: <9402070527.AA09890@merde.dis.org>


-----BEGIN PGP SIGNED MESSAGE-----

I tested PGP Tools with the #define in place to force all set_precisions
to max unit precision. There didn't seem to be any speed difference, even
with a 384-bit key. If this works okay, it could probably be left the way
it is. Someone with a big-endian machine, please compile the new version 
when it arrives, and see if it works. Thank you.

                                            Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVWv78GoFIWXVYodAQElbwP+NDsswe8MDnbHhnsZaWdVsb8Nv+cRuyQ4
q1L6isffXz7CJ0I2CnS/guY7yp13qaJPJiiGCoBe+/6E1uwCKj0ePIwP2ifDxf1A
1pQ17Rc11atph4NKIRlvoLbX1xs4qyHfda9CEpccOgdNuq45KZ0d/zFxN+5XvIy8
Bp3N/K00TDM=
=GmjR
-----END PGP SIGNATURE-----





From nobody at shell.portal.com  Sun Feb  6 21:46:09 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 6 Feb 94 21:46:09 PST
Subject: Magic Money attack
Message-ID: <199402070541.VAA25288@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

hfinney at shell.portal.com wrote:

I think there may be a security weakness in Magic Money coins, and in
Chaum's "online" cash system from the Chaum/Fiat/Naor paper.

[ describes the Magic Money coins ]

[ only 18 bytes are checked ]

Easy enough to fix. Will code this. I just sent new PGP Tools and Magic
Money updates to MPJ. He must be getting tired of me sending him new code
all the time. :-) The latest version does protect against garbling of the
message from client to server.

>The other relevant point is that the bank has to sign everything you
>give to it (with payment) - it can't check the bit pattern for
>legality, since what it is signing is blinded.  So you can really get
>the bank to sign anything.

Any way to avoid this, other than a cumbersome cut-and-choose?

[ attacker gets a bunch of small primes signed ]

>The idea would be for him to try to factor a legal Y using just the
>primes he has.  If he can find a factorization using only small primes
>of a number which holds the magic 18-byte sequence in the right place,
>he can multiply together the signed forms of the primes to produce a
>signed version of that number.  This would be a successfully forged coin.

How many small primes would it take? How would he know what numbers to
multiply to get the coins? Just create random coins and look for one which
is made of all small factors? I should try this and see if I can find one.
Not being an expert in the math, would most coins have a large factor, or
would there be a fair number with only small factors?

>So, the question is whether it would be feasible to collect enough
>signed small primes to be able to generate more valid coins than you
>have primes.  (It costs you a coin each time you get the bank to sign
>something, so for this to be a money-making venture you want to get
>more out of it than you put into it!)  I think there are a reasonable
>fraction of numbers factorable by only small primes.  Since there are
>2^128 possible money values (based on the 16 random bytes) there
>should be quite a lot which are factorable by only small primes.

Any math whizzes out there care to run these numbers?

>Magic Money could help by checking the high bytes as well as the magic
>18; it would be take more time to factor 1024 bit numbers than 272 bit
>ones ((18+16)*8), and there would be fewer that are factorable by
>small primes.  But the problem would still exist.  The attacker can run
>a fast sieve to identify numbers which are factorable in his set.

The high-byte check I will code up right now, but I'll wait until we figure 
out what to do about this problem, before dumping any more code on MPJ.
Is anyone going to start up a server, when the program is debugged?

>The same attack would apply to Chaum's online cash.  His cash is of the
>form, (x,f(x)^(1/e)), where f() is a one-way function like MD5.  To forge
>this you would again get signed forms of the small primes, then keep
>picking random x's, until you got a f(x) which could be factored by your
>set.  Presto, you can create a fake coin.

Anyone know Chaum's email address? We could ask him...

>I don't know how this attack can be prevented.

I can think of one way. Redefine the coin format so the last 2 bytes or so
can be anything you want. Now when the user generates a coin, he sets these
last two bytes to 0001 and then tests for primality. He keeps adding 2 and 
checking until he finds a coin which is prime, or at least doesn't have any 
small factors.

When the server gets a coin, it checks it for primality, and only accepts
coins that pass the prime test. This way any coin made out of small factors
will not be accepted.

The small-factor sieve is fast, and with the proper #defines, it checks 
all primes below 8192 decimal. The slowtest() PGP uses is slow even for the
512-bit primes used to make 1024 bit PGP keys. It would be useless for a
full 1024-bit number. Would eliminating coins with factors below 8192 be
enough? Or how could one more quickly check the coin for primality?

                                          Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVXKf8GoFIWXVYodAQHCsgQAmeUjeqb3utFdW2AwPU7a2Bs7dxRtVOPi
wzS3Jcp+QVZ4GgGLJpr2ZLW4EenX/kAkF5cLBeBebt+6RHD7jel2SxbXxeZ8Ab64
o45oibcrvN9xEnBUkEinfDfH9rkAobYFgNPfGDEs1ajDzw8ISwUDOmA+glm01xzg
XBZFLdyQWwM=
=H+UC
-----END PGP SIGNATURE-----





From nobody at shell.portal.com  Sun Feb  6 22:20:31 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 6 Feb 94 22:20:31 PST
Subject: RE Magic Money Attack
Message-ID: <199402070620.WAA27121@jobe.shell.portal.com>


Pr0duct Cypher wrote,
"Easy enough to fix. Will code this. I just sent new PGP Tools and Magic
Money updates to MPJ. He must be getting tired of me sending him new code
all the time. :-) The latest version does protect against garbling of the
message from client to server."

Tired of new code? NEVER.





From hfinney at shell.portal.com  Sun Feb  6 22:41:09 1994
From: hfinney at shell.portal.com (Hal)
Date: Sun, 6 Feb 94 22:41:09 PST
Subject: Magic Money attack
Message-ID: <199402070641.WAA27913@jobe.shell.portal.com>


>From Pr0duct Cypher:

> [ only 18 bytes are checked ]
> 
> Easy enough to fix. Will code this. I just sent new PGP Tools and Magic
> Money updates to MPJ. He must be getting tired of me sending him new code
> all the time. :-) The latest version does protect against garbling of the
> message from client to server.

I think it's great that you are able to fix these things so quickly.
It's natural that there will be a lot of shaking out in any initial
release.

> How many small primes would it take? How would he know what numbers to
> multiply to get the coins? Just create random coins and look for one which
> is made of all small factors? I should try this and see if I can find one.
> Not being an expert in the math, would most coins have a large factor, or
> would there be a fair number with only small factors?

Knuth has some discussion of this in Seminumerical Algorithms.  The term
for numbers which have only small factors is that they are "smooth".  He
has some formulas for what fraction of numbers are smooth based on the
size of the largest allowed prime and the size of the numbers.  Unfortunately
I won't have access to my copy until Tuesday.  Perhaps someone else can
look it up.

> >I don't know how this attack can be prevented.
> 
> I can think of one way. Redefine the coin format so the last 2 bytes or so
> can be anything you want. Now when the user generates a coin, he sets these
> last two bytes to 0001 and then tests for primality. He keeps adding 2 and 
> checking until he finds a coin which is prime, or at least doesn't have any 
> small factors.

Clever idea.  If only it wouldn't be so slow.

> The small-factor sieve is fast, and with the proper #defines, it checks 
> all primes below 8192 decimal. The slowtest() PGP uses is slow even for the
> 512-bit primes used to make 1024 bit PGP keys. It would be useless for a
> full 1024-bit number. Would eliminating coins with factors below 8192 be
> enough? Or how could one more quickly check the coin for primality?

The 8192 cutoff might work.  We would have to check it out, but it
could be that finding 1024-bit numbers in a relatively narrow range of
+/- 2^64 which are composed solely of factors in the range, say, 8192
to 16384 would be infeasible.  I don't recall whether Knuth considers the
problem in this form.  This would be a great save if it works.

Hal





From qwerty at netcom.com  Sun Feb  6 23:10:32 1994
From: qwerty at netcom.com (Xenon / Qwerty Remailer)
Date: Sun, 6 Feb 94 23:10:32 PST
Subject: Qwerty/Xenon update.
Message-ID: <199402070708.XAA17393@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

"I am not a number!" - The Prisoner

Though na48138 at anon.penet.fi is still forwarded to me, I have decided to change
the PGP Info Clearing House address to qwerty at netcom.com. When I first got
an anon.penet.fi nickname I figured (wrongly) that people could mail me at
Xenon at anon.penet.fi. Oh well. So now the qwerty-account/remailer will be
receiving mail from basically random addresses out there. This is a fun twist,
being a unique partial solution to the traffic analysis problem. All the
remailers are now sending to other than the Cypherpunks now as well. And the
people wanting PGP info will get it without anon.penet.fi delays. No more of
their forgetting to use na instead of an too.

So how hard is that to remember?: Send mail to QWERTY at NETCOM.COM with
Subject "Bomb me!" for Gary Edstrom's PGP FAQ and Xenon's "Here's How to
MacPGP!".

Finger qwerty at netcom.com for info on the remailer there. It would be nice
if every remailer gained a standardized BitBucket. To keep things simple, I
suggest nothing more complicated than what qwerty uses; just request
remailing to /dev/null. I'm using Hal's remailer, with a few updated
files, and have used his outgoing address filter. These lines thus appear in my
maildelivery file:

# Blocked outgoing addresses
Request-Remailing-To    whitehouse.gov    file A  LOG.BLOCKED
Request-Remailing-To    /dev/null         file R  /dev/null
Request-Remailing-To    /dev/null         pipe A "/usr/bin/echo BB >> LOG"

The A means after the "BB" has been appended to my counter file, the mail
is considered delivered.

 -=Xenon=-

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVWh4QSzG6zrQn1RAQHnUAQAxyr390k7jkQFKm6YK6DPCINifAwwDAQA
Kg+TA5fctD2ggU2l9DiZC7IJZPK+Kwv3u1Kz/NlpheO9vMQaDSCxad0fFl7V8LYm
QUMW+vRn8h3/OTMlqMSEOC3Xry9A9n1RAmpmZpQtwSWIoSBaAt8M9KClm8NBdkgC
KWghYDHhGTk=
=pKJn
-----END PGP SIGNATURE-----





From Rolf.Michelsen at delab.sintef.no  Mon Feb  7 00:41:11 1994
From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen)
Date: Mon, 7 Feb 94 00:41:11 PST
Subject: Magic Money questions
In-Reply-To: <199402051111.DAA11286@mail.netcom.com>
Message-ID: <Pine.3.88.9402070917.C18201-0100000@pluto.er.sintef.no>


On Sat, 5 Feb 1994 catalyst-remailer at netcom.com wrote:

[ Stuff deleted ]

> >Similarly, how can the consumer trust the bank's representation that
> >money has already been spent?  Surely the bank should be required to
> >publish a list of cancelled coins and timestamps with a running MD5
> >hash periodically for inspection by the unwashed masses.
> 
> There is no punishment for double-spending. The transaction is simply thrown
> out. The bank, in fact, has no way to identify the customer. What could the
> bank hope to accomplish by claiming that a coin was already spent? It can
> print more coins at any time, so it has no reason to cheat. A server will
> have to protect its reputation by not printing too much money or otherwise
> making its users angry. If you want to put in an MD5, it wouldn't be hard.
> 

[ more stuff deleted ]

False!  If digital coins represent some kind of value the bank will 
"earn" something by not accepting a coin presented for deposit.  The bank 
will not have to provide the value or the service the depositor is 
entitled to.  This was also pointed out by someone else posting to this list.

I haven't studied the maths and protocols of the original post to 
closely, but just to show that it is possible to *prove* double spending 
I present a deposit protocol.  I don't know if this protocol fits in the 
implementation discussed here.

If I remember correctly, some of Chaum's (?) digital coin systems proved 
double spending by using a protocol resembling the one below:
   1)  Depositor presents a part of the coin to the bank and asks "Is 
       this coin already deposited?"
   2)  The bank answers "yes" and proves this by revealing some 
       information about the coin which it should now know unless the 
       coin has already been deposited.  The "no" answer together with 
       the information presented by the depositor is signed by the bank 
       and is a *commitment* by the bank to accept the coin when the 
       "real" deposit takes place.
   3)  The depositor sends the rest of the coin to the bank if the answer 
       was a "no".
This is taken from memory -- I could probably produce some references if 
someone is interested.

By the way -- I don't think you should use the "digicash" word to 
describe this implementation.  David Chaum's company carries that name!
   


-- Rolf


----------------------------------------------------------------------
Rolf Michelsen         Phone:  +47 73 59 87 33
SINTEF DELAB           Email:  rolf.michelsen at delab.sintef.no
7034 Trondheim         Office: C339
Norway
----------------------------------------------------------------------






From nobody at shell.portal.com  Mon Feb  7 01:16:12 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Mon, 7 Feb 94 01:16:12 PST
Subject: Magic Money attack feasible?
Message-ID: <199402070913.BAA09983@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

I've done some experiments with this factor-multiplication problem. I think
the solution is to check the whole coin rather than just the ASN string, 
and possibly to make sure the coin has no small factors. Doing a slowtest() 
on a 1024-bit number takes slightly under a minute on a fast PC, so that is 
too slow. But the sieve is fast, and if you #define BIGSIEVE, it catches all 
factors below 8192.

I tried making some coins and trial-dividing them by the small primes in 
the primetable[] (up to 8191). There were a few factors being found, mostly
8-bit ones, but the remaining coin, when all the factors were divided out, 
wasn't much smaller. I think finding coins with all small factors will be 
pretty intractible.

The paper refers to Chaum's digicash, using x and f(x). If f(x) were only
16 bytes, and not padded, this attack would be a serious problem. But the
padding (01 and then repeat FF until the last 34 bytes) makes the attack
much harder and probably impractical. The PKCS-format signature was, after
all, designed to break up the multiplicativity of RSA. What exactly does
the ASN string (those magic 18 bytes) do, other than pad out the MPI? Does
it have some special mathematical properties?

Personally, I think the padding gets rid of the problem. A 1024-bit number,
padded with FF's to make it as big as possible, is very likely to have two
or more fairly large factors (more than 16 bits or so). Since you would 
have to get two or more signatures to forge one, you lose money instead 
of gaining it. You are unlikely to find two coins which have the same large 
factors, so you can't re-use signed primes - the whole key to this attack.

It is possible to move everything up, and leave the last 16 bits open. Then 
you could sieve the coin, and add 2 until you found one which had no 
factors below 8192, making the attack even harder. I don't think this is 
necessary, but I hope someone will work out the math. And if it turns out 
to be necessary, it is at least possible to make all the coins prime, 
making this attack completely impossible.

For now, I will modify the code to check the whole number, and to make sure
that the coin is as long as the modulus it's signed with. If the other
change is necessary, let me know. I'm not going to post any more code to
csn.org until someone (1) checks the existing (sent today) code on a big-
endian machine, and (2) figures out if this attack is a problem. It should 
be mathematically possible to find the probability that a number of size m 
is composed only of primes smaller than size n, but I don't know how to do 
it. Does anyone?

                                                  Pr0duct Cypher


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVXwJsGoFIWXVYodAQEZ4gP/QOGoZgRcR1CJkaWErSesMCzsEAu1fCVB
OAhLGXI8hIErDuMy9f395agFxjPK3EgSWF6nnoze+BbfZDF0nTAgbgdEroHPy3k7
Pp/FV0jES3BqPFOX/0JCWHx8LRm4n2tMqUgLsX0125xywU9tk097DJTPxrAh9Xbs
zrEVlsJuGRs=
=akie
-----END PGP SIGNATURE-----





From remailer at merde.dis.org  Mon Feb  7 01:30:32 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Mon, 7 Feb 94 01:30:32 PST
Subject: More on Magic Money attack
Message-ID: <9402070928.AA10499@merde.dis.org>


-----BEGIN PGP SIGNED MESSAGE-----

(I sent that last message before receiving Hal's response)

hfinney at shell.portal.com wrote:

>I think it's great that you are able to fix these things so quickly.
>It's natural that there will be a lot of shaking out in any initial
>release.

But what does MPJ think of getting a 400K mailbomb? If you object, MPJ,
feel free to flame me and I'll stop sending them.

>>How many small primes would it take? How would he know what numbers to
>>multiply to get the coins? Just create random coins and look for one which
>>is made of all small factors? I should try this and see if I can find one.
>>Not being an expert in the math, would most coins have a large factor, or
>>would there be a fair number with only small factors?

>Knuth has some discussion of this in Seminumerical Algorithms.  The term
>for numbers which have only small factors is that they are "smooth".  He
>has some formulas for what fraction of numbers are smooth based on the
>size of the largest allowed prime and the size of the numbers.
>Unfortunately I won't have access to my copy until Tuesday.  Perhaps 
>someone else can look it up.

Someone please do. I can make the changes as needed tomorrow, if someone
posts the math results. I am anxious to play with a real live digicash
system, and transferring money between two directories on my hard drive
does not count.

>>The small-factor sieve is fast, and with the proper #defines, it checks 
>>all primes below 8192 decimal. The slowtest() PGP uses is slow even for
>>the 512-bit primes used to make 1024 bit PGP keys. It would be useless 
>>for a full 1024-bit number. Would eliminating coins with factors below 
>>8192 be enough? Or how could one more quickly check the coin for 
>>primality?

>The 8192 cutoff might work.  We would have to check it out, but it
>could be that finding 1024-bit numbers in a relatively narrow range of
>+/- 2^64 which are composed solely of factors in the range, say, 8192
>to 16384 would be infeasible.  I don't recall whether Knuth considers the
>problem in this form.  This would be a great save if it works.

Whoever has the Knuth book, please check this out. Maybe we should patent
this solution, if it works, and make Chaum pay us, since he patented his
blind signature protocol. :-)

                                                Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVX0s8GoFIWXVYodAQG2TwP/Qa2Ql5JGu3aaYTvyfMLXeICCSQTWH2al
Mx4XxAEMgsh31JH18McVwltla6I33hndYfLyFwRKetPaNW5EKO/ypzZFPHIN6m5k
J9iiYDUk/FsKxScR//yjUTEsOu/3UQwczk3qRadJkNOBZQBo+qDpXewASJlVEewH
0oCWeXmqoZU=
=beCP
-----END PGP SIGNATURE-----





From nobody at shell.portal.com  Mon Feb  7 02:26:14 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Mon, 7 Feb 94 02:26:14 PST
Subject: PGPTOOLS and Magic Money
Message-ID: <199402071025.CAA13685@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

I've got the code written to check the whole coin, and I found another
subtle bug caused by precision setting. Since setting precision does not
seem to affect the speed of the decryption (I think the mpi library sets
it internally during modexp) I'm just going to fix it at MAX_UNIT_PRECISION
and leave it there. Tomorrow I will strip out all of these damn things.

                                           Pr0duct Cypher


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVYNRcGoFIWXVYodAQHdCAP/WZwBMm5NFUzYHaYXhE+d3OAXSlNKpGxD
ttHtNJCI1gIZGBc2chDrMxdAa7/3xx+WdAAQ20pM/MLF44S2JVHcxnlum7oSsC9r
O04uzdNGprZ1v/K/rZtc8o/xkUAUjctVY0qPGO5hK+Cyl9lABtwBeBPRslUCPYgv
A1DjN0E6QNc=
=HR0H
-----END PGP SIGNATURE-----





From jkreznar at ininx.com  Mon Feb  7 03:06:15 1994
From: jkreznar at ininx.com (John E. Kreznar)
Date: Mon, 7 Feb 94 03:06:15 PST
Subject: Magic Money attack
In-Reply-To: <199402070541.VAA25288@jobe.shell.portal.com>
Message-ID: <9402071101.AA08570@ininx>


-----BEGIN PGP SIGNED MESSAGE-----

> >The idea would be for him to try to factor a legal Y using just the
> >primes he has.  If he can find a factorization using only small primes
> >of a number which holds the magic 18-byte sequence in the right place,
> >he can multiply together the signed forms of the primes to produce a
> >signed version of that number.  This would be a successfully forged coin.

> How many small primes would it take? How would he know what numbers to
> multiply to get the coins? Just create random coins and look for one which
> is made of all small factors? I should try this and see if I can find one.
> Not being an expert in the math, would most coins have a large factor, or
> would there be a fair number with only small factors?

> >So, the question is whether it would be feasible to collect enough
> >signed small primes to be able to generate more valid coins than you
> >have primes.  (It costs you a coin each time you get the bank to sign
> >something, so for this to be a money-making venture you want to get
> >more out of it than you put into it!)  I think there are a reasonable
> >fraction of numbers factorable by only small primes.  Since there are
> >2^128 possible money values (based on the 16 random bytes) there
> >should be quite a lot which are factorable by only small primes.

> Any math whizzes out there care to run these numbers?

A useful and delightful reference on this subject (and many others) is
_Number Theory in Science and Communication_ by M.R.~Schroeder,
Springer-Verlag, 1984.

Let me quote the first few paragraphs of Chapter 11, ``The Prime Divisor
Functions''.  I use LaTeX coding.

	Here we consider only {\em prime\/} divisors of $n$ and ask, for
	given order of magnitude of $n$. ``how many prime divisors are
	there typically?'' and ``how many {\em different\/} ones are
	there?''  Some of the answers will be rather counterintuitive.
	Thus, a 50-digit number ($10^{21}$ times the age of our universe
	measured in picoseconds) has only about 5 different prime
	factors on average and --- even more surprisingly --- 50-digit
	numbers have typically fewer than 6 prime factors in all, even
	counting repeated occurrences of the same prime factor as
	separate factors.

	We will also learn something about the distribution of the
	number of prime factors and its implications for the important
	factoring problem.  Thus, we discover that even for numbers as
	large as $10^{50}$, the two smallest primes, 2 and 3, account
	for about 25\% of all prime factors!

	{\large\bf 11.1 The Number of Different Prime Divisors}

	In connection with encrypting messages by means of Euler's
	theorem, the number of distinct {\em prime\/} divisors of a given
	integer $n$, $\omega(n)$, is of prime importance.  Its
	definition is similar to that of the divisor function $d(n)$,
	except that the sum is extended --- as the name implies --- only
	over the prime divisors of $n$:

	$$ \omega(n) := \sum_{p_i \mid n} 1 . $$

	It is easily seen that $\omega(n)$ is additive, i.e., for $(n,m)
	= 1$,

	$$ \omega(nm) = \sum_{p_i \mid nm} 1
		      = \sum_{p_i \mid n} 1 + \sum_{p_i \mid m} 1
		      = \omega(n) + \omega(m) . $$

	Of particular interest to our encrypting desires will be the
	behavior of $\omega(n)$ for large $n$, i.e., its asymptotic
	behavior.  We shall try to get an idea of this behavior by means
	of our usual ``dirty tricks.''

...and so on.  It seems unlikely that this development would be useless in
answering the question at hand.  I don't have time now to study further.

	John E. Kreznar		| Relations among people to be by
	jkreznar at ininx.com	| mutual consent, or not at all.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVYddsDhz44ugybJAQHpZAP/azfOzvVEkymO3rh/4HbTc537zuEajoW+
Kz+03iRenJh/Xe7906t9EmxqK9Bx2Zu28AbGonUfBSg39agrGfSyCqMltvapIbhw
m2MCf25UIn5q69WB6pbIA0/V77xNFx1YEm7CtTeuBO9vqrtYW7DirJKk29brAd4d
6FlX6+nbyd8=
=JuTg
-----END PGP SIGNATURE-----





From O.Nwosu at cs.ucl.ac.uk  Mon Feb  7 03:10:34 1994
From: O.Nwosu at cs.ucl.ac.uk (Obi)
Date: Mon, 7 Feb 94 03:10:34 PST
Subject: unsubscribe
Message-ID: <9402071109.AA09100@toad.com>


Please unsubscribe me.  Thank You.

Obi.
====





From warlord at MIT.EDU  Mon Feb  7 03:26:15 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 7 Feb 94 03:26:15 PST
Subject: PGPTOOLS and Magic Money
In-Reply-To: <199402071025.CAA13685@jobe.shell.portal.com>
Message-ID: <9402071121.AA04510@toxicwaste.media.mit.edu>


PC> 
> I've got the code written to check the whole coin, and I found another
> subtle bug caused by precision setting. Since setting precision does not
> seem to affect the speed of the decryption (I think the mpi library sets
> it internally during modexp) I'm just going to fix it at MAX_UNIT_PRECISION
> and leave it there. Tomorrow I will strip out all of these damn things.

Yea, MPI lets the precision.  This is not a bug -- the MPI library
needs to know how big the number is.  (The bug is that its done in a
global variable and not as a part of the number internally, but thats
a different matter).  The reason it needs to know is so that it
doesn't need to perform large operations for small numebers.  For
example, there is no reason to perform a 1024-bit modexp when you are
dealing with 384-bit numbers!

FYI: I have both big-endian and little-endian machines at my disposal.
Also, I was having problems building PGP Tools under mips-ultrix --
you have some global variables in ptd that you expect from time.h
which don't exist.  In particular, timezone and daylight.

-derek

-----BEGIN PGP MESSAGE-----
Version: 2.3a

hIwCwagUhZdVih0BA/0XHyUO7jSVHijFk98o3X3YK+pYZNQxmg+QfiNKvVXjPk6B
HqM2kKTZXMngoBBl1dC+ps1jFdFI5Anxwdb/Sjg3VpQVvv/fsiK6G9V7Om6xp3Li
5v7xQ6dPRtcgmvI9WHje9OM2fhdgNsgPePEOj4odfuoYHp+9b2qlmyPYY4lChqYA
AAIYLZFtfA3yFO8Lq719Jh5oIGS+JfLG6VA2Q3Tzkf7iGob17yN9poa4GvnQZP23
m1nsBYAajPKp0Odvrs3yrb1LrQAxDRNqV4hj/YTbIITqDCqdXYrUYf64JyWjaqXS
lMBQG0hHDgWYLewtYEtS7VDI/yOGk4/qrJxN39xcYNVhkiD6ETTi6/wUnWCLL6aW
EIM0rjwIyydaeqQmAPsj+AP+qZioyuqXNibMg95tLs5HVsDUIO7BLqhIFcnrX0Vj
EIO4qBXRT2fxCnM0sxFN+vsbE+8ZNx8l1Y4dWjOQCQVpzU11IBr3Gs0Ql9U5BUAc
lgD3qjf4zTTMDniTRf+r/h8PUVyj10T9C2LOylDDJ0H/uRKpMUrliA3xFvUjThc5
ORVdp1BEhnxDViArn5+MfUm37L8J81bTUMYvFBz5BLsxjznnfZoactQ6x1al3tgF
1k/c7mjIUSGA1Btxo+zkS140Jd3lJ+alXQkCOr6Zgg/nPy1nQa+vdVPN38zzzhUn
fkRbvgFb9Eq5QYZTuhcXg4gsQIKT519zMVgx4LnJWyGhxKM01YA3jr7XFZ9apKfE
Ot4ry1P7mR2oPykKENucWRAqgzc91YvNw471wANcbbyJkIgZxeWg/oXidocfWonR
gyZLGxfyOB+9LbVIOxHJc+wskPUAQhdN+BEdp+Y3uBjJGRJalAWwLdcAPrNmvnyX
DELrdVfLGFZ3xwE=
=uBDq
-----END PGP MESSAGE-----





From edgar at spectrx.saigon.com  Mon Feb  7 04:31:17 1994
From: edgar at spectrx.saigon.com (Edgar W. Swank)
Date: Mon, 7 Feb 94 04:31:17 PST
Subject: Remailer Tearline Conventions
Message-ID: <4XLDHc12w165w@spectrx.saigon.com>


-----BEGIN PGP SIGNED MESSAGE-----

Anonymous (not me again) posted this reply to my msg:

   Uu> At the time I brought this up, the attitude of most remailer operators
   Uu> (Chael Hall and Miron Cuperman notably excepted) was that anyone who
   Uu> couldn't figure out how and remember to turn off their auto sig didn't
   Uu> deserve any privacy.

  An astonishing bit of Internet provincial fuckheadedness, I must say!

Well, you're at least 1/3 right! (:}

   Uu> I recommend that you always use the wimsey (extropia) remailer as the
   Uu> first (or only) leg of a remailer chain.  It is also the only
   Uu> Cypherpunks remailer outside the USA (it's in Canada) which will make
   Uu> tracing msgs a little more difficult for USA authorities.

  That remail at extropia.wimsey.com is in Canada specifically makes
  communications with it fair game for NSA interception, however.

Good luck, NSA. Better warm up those Crays. Wimsey is also the
only remailer to -require- the entire incoming msg to be encrypted
with a strong PGP key

  pub  1024/B5A32F 1992/12/13  Remailer <remail at extropia.wimsey.com>

Note this feature doesn't allow the encrypted SASE supported by other
Cypherpunks remailers which -allow- encryption but remail any
unencrypted text following the encrypted portion (which often includes
the auto sig, our original topic).  Instead, wimsey supports a pool
address:

   pool0 at extropia.wimsey.com

which is essentially a mailing list devoted to broadcasting to its
list of subscribers anything mailed to it. You join the mailing list
by sending a request to

   pool0-request at extropia.wimsey.com

Typically reply mail would be encrypted to a pseudonymous key you sent
via the conventional forward remiler method, so although everyone
on the list would receive the message, only the intended recipient
could read it.  Note that even if the authorities learn you are on the
mailing list, you have absolute deniability that you are the intended
recipient of any particular message.  (But keep the pseudonymous
secret key encrypted when not in use).

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVYke94nNf3ah8DHAQHyCgP+N2c32DsO96vUB/bacRqJ0srqKwN7ioJj
1fGT5iNfdYpoXUr/JaDgMs3dX/wjJmA0v7j7GypN7Cla/qmekhRyKqglOmI+U2W4
jsfMO1DfV0MpezyOpQlSjoO1q7cXMjMmbZQl9rQfiRKcaWKT2MeuwF1JQj7ZD3jE
YzMlzaC5AsU=
=ujoi
-----END PGP SIGNATURE-----

--
edgar at spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From dmandl at lehman.com  Mon Feb  7 05:46:19 1994
From: dmandl at lehman.com (David Mandl)
Date: Mon, 7 Feb 94 05:46:19 PST
Subject: Clipper "Above the Fold"
Message-ID: <9402071342.AA22956@disvnm2.lehman.com>


> From: Duncan Frissell <frissell at panix.com>
> 
> Clipper and the Admin decision to adopt same is reported in a front page 
> (above the fold) article in the Saturday New York Times.
> 
> Usual errors about how the "backdoor" would work and about how warrants 
> would be required to get the keys.
> 
> All the usual suspects.  Good placement though.
> 
> DCF 

Unfortunately, though, it was pretty soft on Clipper.  Significantly,
the piece was not written by John Markoff, who's been covering cypherpunk-
and crypto-related issues for the Times for a while now.  Markoff has been
very friendly to "our side."  This other guy (sorry, name escapes me)
seemed to swallow the USG's line much more uncritically.  I wonder why
Markoff didn't write Saturday's piece? 

I'm not subtly suggesting conspiracy theories here, though I'm certainly
open-minded about them.  Mainly, I'm noting the difference between the two
guys' approaches and how strongly they affect the coverage.  I did a mini-
rant about the piece on my radio show Saturday.

   --Dave.





From mnemonic at eff.org  Mon Feb  7 06:26:23 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 7 Feb 94 06:26:23 PST
Subject: Clipper "Above the Fold"
In-Reply-To: <9402071342.AA22956@disvnm2.lehman.com>
Message-ID: <199402071423.JAA26318@eff.org>


 
David Mandl writes:

> I wonder why
> Markoff didn't write Saturday's piece? 

Markoff's on vacation.



--Mike







From danisch at ira.uka.de  Mon Feb  7 06:51:35 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Mon, 7 Feb 94 06:51:35 PST
Subject: ADMIN: list statistics
Message-ID: <9402071205.AA05885@deathstar.iaks.ira.uka.de>


>    4 de		Denmark

       ^^^


.de is Germany , it stands for 'Deutschland,' the
german word for 'Germany'. Don't know what is the
sign of Denmark...

Hadmut  ( danisch at ira.uka.de  sitting in Karlsruhe, Germany)





From nate at VIS.ColoState.EDU  Mon Feb  7 07:11:22 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Mon, 7 Feb 94 07:11:22 PST
Subject: some assmunch
Message-ID: <9402071510.AA12125@vangogh.VIS.ColoState.EDU>



Some assmunch out there sent information on my remailer to
a mailing list of list managers of subnets at CSU.  This
was uncalled for.  The list has about 71 people on it,
and they really have better things to do.

-nate

-- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From adam at bwh.harvard.edu  Mon Feb  7 07:31:39 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Mon, 7 Feb 94 07:31:39 PST
Subject: ADMIN: list statistics
In-Reply-To: <9402071205.AA05885@deathstar.iaks.ira.uka.de>
Message-ID: <199402071531.KAA16820@duke.bwh.harvard.edu>


Hadmut wrote:

| >    4 de		Denmark
| 
|        ^^^
| .de is Germany , it stands for 'Deutschland,' the
| german word for 'Germany'. Don't know what is the
| sign of Denmark...

	Its nl, for (I think) Netherlands.

Adam





From mpjohnso at nyx10.cs.du.edu  Mon Feb  7 07:36:23 1994
From: mpjohnso at nyx10.cs.du.edu (Michael Johnson)
Date: Mon, 7 Feb 94 07:36:23 PST
Subject: PGP Tools & Magic Money Update
Message-ID: <9402071530.AA17018@nyx10.cs.du.edu>


> it work, but will slow it down. The new version, when it shows up, should
> be in the pgp_tools directory. Go to /mpj, read README.MPJ, and it will tell
> you how to get into the crypto section. Check the file dates to see if the
> new version is there yet. I sent them on 2/6.

Sorry, I fumbled reception of the pgptools.zip update... tried an mv to a
full disk.  The magic money update is there, but the pgptools.zip update
will be delayed while I wait for retransmission via some slow remailers.

                                           mpj at csn.org





From Rolf.Michelsen at delab.sintef.no  Mon Feb  7 07:36:26 1994
From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen)
Date: Mon, 7 Feb 94 07:36:26 PST
Subject: ADMIN: list statistics
In-Reply-To: <9402071205.AA05885@deathstar.iaks.ira.uka.de>
Message-ID: <Pine.3.88.9402071639.B18272-0100000@pluto.er.sintef.no>


On Mon, 7 Feb 1994, Hadmut Danisch wrote:

> >    4 de		Denmark
> 
>        ^^^
> 
> 
> .de is Germany , it stands for 'Deutschland,' the
> german word for 'Germany'. Don't know what is the
> sign of Denmark...
> 
> Hadmut  ( danisch at ira.uka.de  sitting in Karlsruhe, Germany)
> 

Denmark is ".dk".

-- Rolf



----------------------------------------------------------------------
Rolf Michelsen         Phone:  +47 73 59 87 33
SINTEF DELAB           Email:  rolf.michelsen at delab.sintef.no
7034 Trondheim         Office: C339
Norway
----------------------------------------------------------------------






From pmetzger at lehman.com  Mon Feb  7 07:36:37 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Mon, 7 Feb 94 07:36:37 PST
Subject: your mail
In-Reply-To: <199402051538.KAA07593@eff.org>
Message-ID: <199402071535.KAA04605@snark>



Mike Godwin says:
>  
> David Koontz writes:
> 
> > All this bullshit doesnot state that a court order is required, rather
> > 'legal authorization', which means the NSA for foreign intellingence
> > purposes without a court order.
> 
> The Foreign Intelligence Surveillance Act (FISA) requires a court order
> for such taps.

I seem to remember something about this from The Puzzle Palace. Am I
mistaken, or are such orders not made by a special court, which holds
secret proceedings and which, so far as is known, has never denied a
request?

Perry





From warlord at MIT.EDU  Mon Feb  7 07:46:22 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 7 Feb 94 07:46:22 PST
Subject: ADMIN: list statistics
In-Reply-To: <9402071205.AA05885@deathstar.iaks.ira.uka.de>
Message-ID: <9402071543.AA05472@toxicwaste.media.mit.edu>


Denmark is dk

-derek





From pmetzger at lehman.com  Mon Feb  7 07:51:37 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Mon, 7 Feb 94 07:51:37 PST
Subject: Crypto Regulation Reform
In-Reply-To: <9402052019.AA10570@vail.tivoli.com>
Message-ID: <199402071551.KAA04645@snark>



Mike McNally says:
> 
> Robert Cain writes:
>  > A device can be made right now at lower cost
>  > than a computer modem, much lower, that could be inserted between any
>  > phone and the wall that would make it impossible, no matter what laws
>  > are in place, to tap either passively or acitively, communication that
>  > passes between two of these devices.  I know how to do it, could do it
>  > and probably will just for the fun of it at least.  
> 
> Uhh, could you tell us?  Sounds like quite a breakthrough.  Credit
> card sized?  Much cheaper than a modem, like $50 maybe?  And it
> digititizes and securely encrypts speech (full duplex?) on the fly?

By definition anything that does this in the digital domain needs a
modem, so it can't be cheaper than a modem. None of the analogue
methods are going to be terribly secure.

.pm





From pmetzger at lehman.com  Mon Feb  7 07:56:22 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Mon, 7 Feb 94 07:56:22 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <199402052205.OAA06854@jobe.shell.portal.com>
Message-ID: <199402071555.KAA04653@snark>



Hal says:
>From: rcain at netcom.com (Robert Cain)
> > Now, the tutorial over :-), the question is; is there a "standard"
> > well-known-prime, w, and a "standard" well-known-modulus, m, and if
>              ^^^^^-- generator
> > not, let's define one.
> 
> I don't think there is a need for this.  The two sides need to agree on
> a pair but they could just pick it at the beginning.  If everyone uses
> the same m,w it would help attackers of the scheme to focus their efforts
> on these numbers.

Indeed, a paper has been published on how to break Sun Secure RPC
based on the idiotic decision by someone at Sun to standardise the
modulus used. It is basically a matter of precomputing a lot of data
based on the numbers which allows you to break any particular discrete
log in that field on the fly. The suggestion by Mr. Cain to use a
single generator and modulus for all traffic is astonishingly naive.

Perry





From frissell at panix.com  Mon Feb  7 08:06:22 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 7 Feb 94 08:06:22 PST
Subject: Safire Mentions NSA
Message-ID: <199402071604.AA18104@panix.com>


In a column explaining (to the uninitiated) what the networked 
transformation of human society means (your own Genie sans bottle) William 
Safire mentioned the wiretap controversy.  He has done this before.

"Dangers abound:  President Clinton has cravenly allowed N.S.A. (No Such 
Agency) to bug the info highway.  Futurethicists wonder if 
virtuous-reality love can compete with virtual-reality porn.  And the big 
one: how to get our personal genies back in the bottle."

DCF



--- WinQwk 2.0b#1165
        





From mnemonic at eff.org  Mon Feb  7 08:10:37 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 7 Feb 94 08:10:37 PST
Subject: your mail
In-Reply-To: <199402071535.KAA04605@snark>
Message-ID: <199402071608.LAA27625@eff.org>


 
Perry writes:

> Mike Godwin says:
> >  
> > David Koontz writes:
> > 
> > > All this bullshit doesnot state that a court order is required, rather
> > > 'legal authorization', which means the NSA for foreign intellingence
> > > purposes without a court order.
> > 
> > The Foreign Intelligence Surveillance Act (FISA) requires a court order
> > for such taps.
> 
> I seem to remember something about this from The Puzzle Palace. Am I
> mistaken, or are such orders not made by a special court, which holds
> secret proceedings and which, so far as is known, has never denied a
> request?

You remember it correctly.


--Mike







From cfrye at ciis.mitre.org  Mon Feb  7 08:16:22 1994
From: cfrye at ciis.mitre.org (Curtis D. Frye)
Date: Mon, 7 Feb 94 08:16:22 PST
Subject: ADMIN:  list statistics
Message-ID: <9402071620.AA24015@ciis.mitre.org>


Hadmut wrote:

>    4 de               Denmark

       ^^^


.de is Germany , it stands for 'Deutschland,' the
german word for 'Germany'. Don't know what is the
sign of Denmark...

Hadmut  ( danisch at ira.uka.de  sitting in Karlsruhe, Germany)
***

The abbreviation for Denmark is ".dk".

--
Best regards,

Curtis D. Frye - Economic Analyst, Software Alchemist, Aspiring Author
cfrye at ciis.mitre.org
"If you think I speak for MITRE, I'll tell you how much they
 pay me and make you feel foolish."







From pmetzger at lehman.com  Mon Feb  7 08:16:26 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Mon, 7 Feb 94 08:16:26 PST
Subject: No Subject
In-Reply-To: <199402061953.LAA08152@jobe.shell.portal.com>
Message-ID: <199402071615.LAA04694@snark>



nobody at shell.portal.com says:
> I'm moving to Oceania.

Not all of us have the luxury of moving to non-existant places -- most
of us are stuck living in real ones.

.pm





From andrewl at wtg20.wiltel.com  Mon Feb  7 08:20:36 1994
From: andrewl at wtg20.wiltel.com (Andrew Loewenstern)
Date: Mon, 7 Feb 94 08:20:36 PST
Subject: Magic Money on Big Endian
Message-ID: <9402071617.AA28202@wtg20>


-----BEGIN PGP SIGNED MESSAGE-----

I retrieved the latest version of Magic Money from the mpj archive
and compiled it on a big-endian machine (a 68k NeXT).  It seems
to work now...  I was able to setup the server and client and
move a little cash around whereas before the server would never
sucessfully find a q....


andrew

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVZpUXIOIr9VPTMNAQHhjwP/faQUinjX7MxfW84rRfFKhf1TgZcveaPM
AjVO8uws3aLv2mhvKl2kYdxLj9LAOzzidZE8bw5RSG6cD4ox90MHjZao9ZOfwvyz
VfpWAvWGirrKSGLrrvEXOZnnIk+R2m4ZPFV+duLNjmN6Aw3sa89VLqkiK4me3y1w
1MosXdYtocU=
=rdbz
-----END PGP SIGNATURE-----





From pmetzger at lehman.com  Mon Feb  7 08:21:22 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Mon, 7 Feb 94 08:21:22 PST
Subject: TEMPEST - Electronic eavesdropping
In-Reply-To: <13893.9402062244@heffalump.cs.bham.ac.uk>
Message-ID: <199402071617.LAA04702@snark>



R.O.Jackson-SE1 at computer-science.birmingham.ac.uk says:
> In the US it not illegal to posess TEMPEST-surveillance equipment but
> it is illegal to take appropriate counter-measures to prevent 
> surveillance.

This is not true. This is an urban legend that doesn's of fools keep
posting over and over again. There is nothing illegal against
shielding your equipment -- in fact you are legally obliged to reduce
emmissions so as not to interfere with radio and TV signals.

Perry





From julf at penet.fi  Mon Feb  7 08:26:22 1994
From: julf at penet.fi (Johan Helsingius)
Date: Mon, 7 Feb 94 08:26:22 PST
Subject: ADMIN: list statistics
In-Reply-To: <199402071531.KAA16820@duke.bwh.harvard.edu>
Message-ID: <199402071622.AA02209@lassie.eunet.fi>



> | .de is Germany , it stands for 'Deutschland,' the
> | german word for 'Germany'. Don't know what is the
> | sign of Denmark...
> 
> 	Its nl, for (I think) Netherlands.

Sigh. Yes. .nl is for The Netherlands. Holland, that is. Denmark
is .dk.

	Julf






From mnemonic at eff.org  Mon Feb  7 08:26:26 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 7 Feb 94 08:26:26 PST
Subject: DOJ procedures relating to Clipper Chips and key escrow
Message-ID: <199402071624.LAA27967@eff.org>




One of the interesting passages comes at the end of the DOJ memo
about obtaining Clipper keys pursuant to an interception:

"These procedures do not create, and are not intended to create,
any substantive rights for individuals intercepted through
electronic surveillance, and noncompliance with these procedures
shall not provide the basis for any motion to suppress or other
objection to the introduction of electronic surveillance evidence
lawfully acquired."

What this means, apparently, is that keys or communications obtained
through noncompliance with these procedures are nevertheless considered
to be "lawfully acquired." No suppression of evidence. No civil suit.

In other words, "if we break our rules, tough."


--Mike








From m5 at vail.tivoli.com  Mon Feb  7 08:41:22 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Mon, 7 Feb 94 08:41:22 PST
Subject: ADMIN: list statistics
In-Reply-To: <199402071531.KAA16820@duke.bwh.harvard.edu>
Message-ID: <9402071640.AA23668@vail.tivoli.com>



Adam Shostack writes: 
 > > Don't know what is the sign of Denmark...
 >
 > 	Its nl, for (I think) Netherlands.

Gee, that's odd.  Oh, I get it!  It's a code, explaining the relevance
to cypherpunks!

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From m1tca00 at FRB.GOV  Mon Feb  7 08:46:22 1994
From: m1tca00 at FRB.GOV (Tom Allard)
Date: Mon, 7 Feb 94 08:46:22 PST
Subject: A serious question of ethics
Message-ID: <9402071643.AA25305@mass6.FRB.GOV>


-----BEGIN PGP SIGNED MESSAGE-----

nobody at pmantis.berkeley.edu wrote:

> Ok, I'm in a bit of a quandry.  While surfing the net last week, I
> happened across an address addached to a machine that belongs the the 
> federal reserve.  No big deal.  I telnetted there on a lark, and entered 
> 'guest' for the account.  It dropped me into a shell.  It didn't ask for 
> a password.  Intrigued, I did a little looking around.  Nothing special, 
> a CDRom and about 80 accounts.  But(!!), /etc/passwd was there and 
> available and not using shadows.  No, I didn't snatch a copy.

- ------- Forwarded Message

Date:    Mon, 07 Feb 94 11:10:05 -0500 
From:    m1rcd00
To:      m1tca00
Subject: Cypherpunk...

Guest login was denied this morning...

Well, since someone seems to be home now at Minneapolis, if you wanted
to send something back to that list, I suppose it would be OK. If you
happened to mention in such a missive that the technical contact here
at the Board has no responsibility for or involvement with the Bank
machine or network involved, did not fuck up, and was not amused, the
technical contact would probably not mind.

- - --Bob


- ------- End of Forwarded Message
              

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVZFT6AudFplx0TNAQGZqgP/f8NOdlitIfBV/pAVTBviJ6IOvBArS42L
Ntq1+hiXkUbavx3FOdoQCjiQ7IGPHOsH053nY+7YnwECU/Wyatfle2d0JHVNDyxZ
ZX1DIKBT+Pkck9fa1xVkdXp86ZTJofNfbykOou+vNqENanTtDeglU9ytzNTA1/fP
1ptoUYFmoGM=
=ppC+
-----END PGP SIGNATURE-----





From hughes at ah.com  Mon Feb  7 08:56:22 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 7 Feb 94 08:56:22 PST
Subject: ADMIN: list statistics
In-Reply-To: <9402071205.AA05885@deathstar.iaks.ira.uka.de>
Message-ID: <9402071655.AA23516@ah.com>


I got .de wrong in the stats.

.de is Germany (Deutschland)
.dk is Denmark (the incorrect identification for .de)

Eric





From hughes at ah.com  Mon Feb  7 09:06:21 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 7 Feb 94 09:06:21 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <199402071555.KAA04653@snark>
Message-ID: <9402071704.AA23562@ah.com>


>Indeed, a paper has been published on how to break Sun Secure RPC
>based on the idiotic decision by someone at Sun to standardise the
>modulus used. 

It wasn't standardization that was the problem.  The Sun modulus was
just too small.  My take on the idiocy was that the designers were
assuming that because they didn't know how to break such a large
modulus, that no one else did either.

>The suggestion by Mr. Cain to use a
>single generator and modulus for all traffic is astonishingly naive.

It's not naive (as such), it's just that any such modulus must be chosen with
extreme care.

Here are some very basic rules of thumb:

-- Don't use a 2^k modulus.  In addition to the exponentiation taking
place faster, they're much easier to break.

-- Use a single large prime p for the modulus of size > 600 bits.

-- Make sure that you can prove that your generator actually generates
the group.  This requires knowing the factors of p-1.

Burt Kaliski told me that he picked a D-H modulus by searching for a
pair of primes < q, p=2q+1 >.  It took a _long_, _long_ time, but it
was then easy to show that the element 2 generated the group.  It may
be that there is a clever attack based on the generator 2, but I
haven't seen one published.

Eric





From hfinney at shell.portal.com  Mon Feb  7 09:10:36 1994
From: hfinney at shell.portal.com (Hal)
Date: Mon, 7 Feb 94 09:10:36 PST
Subject: A Nice Summary of Motives for Clipper
Message-ID: <199402071710.JAA29030@jobe.shell.portal.com>


Several people on sci.crypt have pointed to the following paragraph
in Matt Blaze's report of the NSA briefing on Clipper, posted here and
in the newsgroups:

> Clipper chips should be available (to product vendors) in June.  You
> can't just buy loose chips - they have to be installed in approved
> products.  Your application interface has to be approved by NIST for
> you to get your hands on the chips.

This could explain a lot.  In particular, if they can enforce this, it
could put an end to the dreams of multiple encryption.  For months people
have been saying, "Clipper?  No problem.  I'll just encrypt with PGP then
pass it through Clipper and the Feds won't ever guess!  Ha, ha, ha!"

Maybe this won't be so easy.  From Blaze's description it sounds like
such devices wouldn't be approved.  It could be the only Clipper phones
will be ones that don't do anything to keep the Feds from picking up the
conversation.

People could still build non-Clipper encrypting phones (assuming that
the constant rumors of threatening midnight visits from NSA agents are
false), but the users of those phones could no longer blend in with the
Clipper traffic.

Hal





From mnemonic at eff.org  Mon Feb  7 09:36:22 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 7 Feb 94 09:36:22 PST
Subject: Safire Mentions NSA
In-Reply-To: <199402071604.AA18104@panix.com>
Message-ID: <199402071731.MAA00969@eff.org>


 
Duncan writes:

> In a column explaining (to the uninitiated) what the networked 
> transformation of human society means (your own Genie sans bottle) William 
> Safire mentioned the wiretap controversy.  He has done this before.
 
What's the date on this column?


--Mike







From freeman at MasPar.COM  Mon Feb  7 09:40:37 1994
From: freeman at MasPar.COM (Jay R. Freeman)
Date: Mon, 7 Feb 94 09:40:37 PST
Subject: Cryptographic funnies...
Message-ID: <9402071741.AA00535@cleo.MasPar.Com>


The 7 Feb. '94 Doonesbury involves encyphered electronic communications...





From frissell at panix.com  Mon Feb  7 09:41:22 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 7 Feb 94 09:41:22 PST
Subject: Safire Mentions NSA
In-Reply-To: <199402071731.MAA00969@eff.org>
Message-ID: <Pine.3.05.9402071201.A3443-9100000@panix.com>




On Mon, 7 Feb 1994, Mike Godwin wrote:

>  
> Duncan writes:
> 
> > In a column explaining (to the uninitiated) what the networked 
> > transformation of human society means (your own Genie sans bottle) William 
> > Safire mentioned the wiretap controversy.  He has done this before.
>  
> What's the date on this column?
> 
> 
> --Mike
> 
> 
Sorry, I should have been clearer.  The column I quoted appeared in
today's NYT.  07 Feb 1994.

DCF

 








From dm at hri.com  Mon Feb  7 09:46:26 1994
From: dm at hri.com (dm at hri.com)
Date: Mon, 7 Feb 94 09:46:26 PST
Subject: STEG: a real-life use for steganography
In-Reply-To: <9402041840.AA21942@ah.com>
Message-ID: <9402071745.AA01363@sparc31.hri.com>



I think the proposed scheme is a little top-heavy.  What's wrong with
clear text?

When the Shah still governed Iran, the followers of Khomeini would
smuggle his speeches into the country (in clear-text) on cassette tapes
of Western popular music.  I guess you could call this steganography
--- so many ``legitimate'' copies of the tapes were pouring into the
country, that the ``subversive'' ones were hard to find among them.  

I think the tapes actually held a few minutes' worth of the original
music, to discourage those zealous customs agents who would actually
listen to part of the tape to make sure it is authentic.

Similar things existed in the Soviet Union, where they were known as
``Magnetizdat''.

And, well, if the police have already gone to the length of
confiscating your tapes and listening to them all to find the ones
which contain Khomeini's speeches, they've also probably already got
you on the train for the Gulag, no matter what they find.





From tcmay at netcom.com  Mon Feb  7 10:00:36 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 7 Feb 94 10:00:36 PST
Subject: Defeating Clipper and Skipjack is Still Possible
In-Reply-To: <199402071710.JAA29030@jobe.shell.portal.com>
Message-ID: <199402071757.JAA17170@mail.netcom.com>


(I've changed the article title to reflect my point here.)

Hal Finney writes:

...
> This could explain a lot.  In particular, if they can enforce this, it
> could put an end to the dreams of multiple encryption.  For months people
> have been saying, "Clipper?  No problem.  I'll just encrypt with PGP then
> pass it through Clipper and the Feds won't ever guess!  Ha, ha, ha!"
> 
> Maybe this won't be so easy.  From Blaze's description it sounds like
> such devices wouldn't be approved.  It could be the only Clipper phones
> will be ones that don't do anything to keep the Feds from picking up the
> conversation.
> 
> People could still build non-Clipper encrypting phones (assuming that
> the constant rumors of threatening midnight visits from NSA agents are
> false), but the users of those phones could no longer blend in with the
> Clipper traffic.

For voice use, this may be so (but I think pre-encryption before
Clipper is still possible....see discussion at the end). But for the
forthcoming _data encryption_ use (Skipjack, etc.), I don't see how
"pre-encryption" can be detected, much less blocked, banned, or
otherwise interfered with.  After all, "data are data."

Frankly, it has always been the (presumably) impending restrictions on
data encryption that have worried me the most, because it is the
application of strong crypto to data encryption that holds the most
promise (in such things as digital money, remailers, all the stuff we
deal with here on this list). Voice scrambling has never been a high
priority for me, personally.

Requiring Skipjack encryption for all packets entering the Federal
Interstate Dataway (tm) could be a constraining hassle, but what's
_inside_ those Skipjacked packets could be arbitrary. (Even an
"entropy" filter as part of Skipjack--an implausible
complication--could easily be defeated.)

If the government requires Skipjack, I can't see any way of preventing
pre-encryption, short of "random searches" (analogous to random
searches of cargo to detect contraband, etc.). 

And I suspect some clever work could allow pre-encryption even with
Clipper. After all, if the canonical (expected) mode is for two
Clipper users to be speaking English to each other, and they start to
speak Croation, this is a crude form of encryption (security through
obscurity, for a few minutes at least). Even more so if they started
speaking their own private code. Clipper would just take the audio
signal, manipulate it as it is supposed to, send it, etc.

Thus, putting one's own cipher system in _front_ of Clipper (and
_after_ it at the receiving end, of course) should work, providing the
output of the cipher system is standard audio (constrained by the
phone system(s) used). But isn't this exactly what existing secure
phones are (like the STU-III)?

That is, nothing inside the Clipperphone need be touched or interfaced
with. Just use the Clipperphone as usual, but speak in a "language"
that cannot be deciphered by the surveillors, even if they get a
warrant to look at the Clipper keys.

Am I missing something?

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From nate at VIS.ColoState.EDU  Mon Feb  7 10:10:36 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Mon, 7 Feb 94 10:10:36 PST
Subject: nate@vis.colostate.edu remailer *GONE*
Message-ID: <9402071806.AA12892@vangogh.VIS.ColoState.EDU>


-----BEGIN PGP SIGNED MESSAGE-----



Everyone out there, plese listen up!  The remailer at nate at vis.colostate.edu
has been taken down as a result of the posting by some anonymous
person to a local list of administrators.

I will also be taking down my GUI in Mosaic for the remailer,
but the software is still available at:
ftp://vangogh.vis.colostate.edu/pub/nate/remailer-GUI/cpremailer.tar.Z

thanks for the support, and could someone send me info about netcom
accounts?  

Thanks,

- -nate

- -- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From pmetzger at lehman.com  Mon Feb  7 10:11:23 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Mon, 7 Feb 94 10:11:23 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <9402071704.AA23562@ah.com>
Message-ID: <199402071810.NAA04869@snark>



Eric Hughes says:
> >Indeed, a paper has been published on how to break Sun Secure RPC
> >based on the idiotic decision by someone at Sun to standardise the
> >modulus used. 
> 
> It wasn't standardization that was the problem.  The Sun modulus was
> just too small.  My take on the idiocy was that the designers were
> assuming that because they didn't know how to break such a large
> modulus, that no one else did either.

Standardization was also a problem. It meant that the effort to break
one exchange could be used to break all of them at once. This seems
like a very bad thing.

Perry





From tcmay at netcom.com  Mon Feb  7 10:36:25 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 7 Feb 94 10:36:25 PST
Subject: Defeating Clipper and Skipjack is Still Possible
In-Reply-To: <199402071757.JAA17170@mail.netcom.com>
Message-ID: <199402071833.KAA22964@mail.netcom.com>


Let me briefly elaborate on a point I made in my last post:

> For voice use, this may be so (but I think pre-encryption before
> Clipper is still possible....see discussion at the end). But for the
> forthcoming _data encryption_ use (Skipjack, etc.), I don't see how
> "pre-encryption" can be detected, much less blocked, banned, or
> otherwise interfered with.  After all, "data are data."

In both this data case and the Clipper voice case, I am assuming the
keys for the pre-encryption are negotiated by either prearrangement or
by some back-channel, and don't involve D-H or any other such protocol
through the Skipjack or Clipper system.

(Perhaps this situation, where a bunch of key exchange protocols must
be gone through before communication takes place, is what Hal Finney
was referring to when he said that the Clipper proposal looks like it
will make multiple encryption impossible.)

Most of my (few) encrypted communications are by this kind of
prearrangement, with PGP being the most obvious case of this, and so a
multiple encryption scheme is workable. With voice encryption, I guess
the Clipper system will not be very cooperative with D-H and similar
protocols. 

But it will still be possible:

1. Use the Clipperphone to establish who one is communicating with.
Alice and Bob thus start talking to each other.

2. Alice says: "Switch to PGP-Voice with my P-K" (and so on).

3. Bob and Alice are thus communicating with PG-Voice, with Clipper
doing a further encryption.

If the Feds get a warrant to get the Clipper keys, then all they get
is PGP-Voice-encrypted junk.

Clipper then serves the admirable purpose of _covering_ the further
use of encryption!


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From nobody at pmantis.berkeley.edu  Mon Feb  7 10:40:37 1994
From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu)
Date: Mon, 7 Feb 94 10:40:37 PST
Subject: A serious question of ethics
Message-ID: <9402071839.AA15102@pmantis.berkeley.edu>


On Mon, 7 Feb 1994, Tom Allard wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> nobody at pmantis.berkeley.edu wrote:
> 
> > Ok, I'm in a bit of a quandry.  While surfing the net last week, I
> > happened across an address addached to a machine that belongs the the 
> > federal reserve.  No big deal.  I telnetted there on a lark, and entered 
> > 'guest' for the account.  It dropped me into a shell.  It didn't ask for 
> > a password.  Intrigued, I did a little looking around.  Nothing special, 
> > a CDRom and about 80 accounts.  But(!!), /etc/passwd was there and 
> > available and not using shadows.  No, I didn't snatch a copy.
> 
> - ------- Forwarded Message
> 
> Date:    Mon, 07 Feb 94 11:10:05 -0500 
> From:    m1rcd00
> To:      m1tca00
> Subject: Cypherpunk...
> 
> Guest login was denied this morning...
> 
> Well, since someone seems to be home now at Minneapolis, if you wanted
> to send something back to that list, I suppose it would be OK. If you
> happened to mention in such a missive that the technical contact here
> at the Board has no responsibility for or involvement with the Bank
> machine or network involved, did not fuck up, and was not amused, the
> technical contact would probably not mind.
> 
> - - --Bob
> 
> 
> - ------- End of Forwarded Message

Does that mean that I no longer should report the open system (I don't 
dare telnet there to find out if it is the same one)?

Also, and I'm purely curious, what actually became of my anonymous 
report, and do I need to be worried about SS agents in dark sunglasses 
coming to my home and dragging me away?  (Truely worried and scared)





From mg5n+ at andrew.cmu.edu  Mon Feb  7 10:46:24 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 7 Feb 94 10:46:24 PST
Subject: 
In-Reply-To: <199402071615.LAA04694@snark>
Message-ID: <0hJciae00VojIMAkQt@andrew.cmu.edu>


"Perry E. Metzger" <pmetzger at lehman.com> wrote:

> nobody at shell.portal.com says:
> > I'm moving to Oceania.
>
> Not all of us have the luxury of moving to non-existant places --
> most of us are stuck living in real ones.

Yep...  but if the Atlantis Project succeeds, I would probably move
there, assuming I could find a good source of income...





From schneier at chinet.com  Mon Feb  7 11:16:25 1994
From: schneier at chinet.com (Bruce Schneier)
Date: Mon, 7 Feb 94 11:16:25 PST
Subject: Applied Cryptography - Errata Version 1.5.5
Message-ID: <m0pTbMC-0006J5C@chinet.chinet.com>



                  APPLIED CRYPTOGRAPHY

                         ERRATA
              Version 1.5.5 - February 7, 1994


This errata includes all errors I have found in the first and
second printings of the book, including minor spelling and
grammatical errors.  Please distribute this errata sheet to
anyone else who owns a copy of the book.


Page xvii:  Third paragraph, first line:  "Part IV" should be
"Part III".

Page 1:  First paragraph, fourth line:  "receiver cannot
intercept" should be "intermediary cannot intercept".

Page 6:  Sixth and seventh lines:  "against symmetric" should be
"against a symmetric".

Page 8:  Second paragraph, first line:  "q code" should be "a
code".

Page 10:  Second paragraph, fifth line:  Reference "[744]" should
be "[774]".

Page 11:  Second paragraph:  "The rotations of the rotors are a
Caesar Cipher" should be "Each rotor is an arbitrary permutation
of the alphabet".

Page 13:  Third paragraph:  Delete parenthetical remark.  

Page 13:  Fifth paragraph, first line:  "Shift the key" should be
"shift the ciphertext".

Page 15:  Section 1.3, first line:  "Throughout the book use"
should be "Throughout the book I use".

Page 25:  "Attacks Against Protocols," first paragraph:  "the
protocol iself" should be "the protocol itself".

Page 28:  Third paragraph, third and fourth sentences should be
"How to put mail in a mailbox is public knowledge.  How to open
the mailbox is not public knowledge."

Page 30:  Fourth line:  "symmetric cryptosystems: by distributing
the key" should be "symmetric cryptosystems: distributing the
key".

Page 30:  "Attacks Against Public Key Cryptography," second
paragraph:  "The database also has to be protected from access by
anyone" should be "The database also has to be protected from
write access by anyone".  Also:  "substitute a key of his
choosing for Alice's" should be "substitute a key of his own
choosing for Bob's".

Page 30:  Last line:  "substitute that key for his own public
key" should be "substitute his own key for that public key".

Page 32:  Ninth line:  Delete the word "encrypted".

Page 34"  "Signing Documents with..."  First sentence:  "too
inefficient to encrypt long documents" should be "too inefficient
to sign long documents".  

Page 36:  Second line:  "document encrypted with" should be
"document signed with".

Page 36:  "Multiple Signatures," step (2):  "Alice or Bob sends"
should be "Alice sends".

Page 38:  Fifth paragraph:  "V_X = E_X and that S_X = D_X" should
be "V_X = E_X and S_X = D_X".

Page 40:  Third line:  "computer can exist" should be "computer
can be".

Page 40:  Second paragraph:  Delete "should be runs of zeros and
the other half should be runs of ones; half the runs".

Page 50:  Step (3):  "With Alice's public key" should be "with
"Alice's" public key."

Page 51:  Step 5:  "with what he received from Bob" should be
"with what he received from Alice".

Page 55:  Step (2):  At the end of the step, add:  "He sends both
encrypted messages to Alice."

Page 69:  Last line:  "tried to recover her private key" should
be "tries to recover Alice's private key".

Page 73:  "Bit Commitment Using One-Way Functions," last
paragraph:  Second and third sentences should be "Alice cannot
cheat and find another message (R_1,R_2',b'), such that
H(R_1,R_2',b') = H(R_1,R_2,b).  If Alice didn't send Bob R_1,
then she could change the value of both R_1 and R_2 and then the
value of the bit."

Page 77:  "Flipping Coins into a Well," first line:  "neither
party learns the result" should be "Alice and Bob don't learn the
result".  Third line:  parenthetical remark should be:  "Alice in
all three protocols".

Page 78:  Step (1):  "Alice, Bob, and Carol all generate" should
be "Alice, Bob, and Carol each generate".

Page 90:  Last paragraph:  "step (3)" should be "step (4)".

Page 91:  Second line:  "step (3)" should be "step (4)".

Page 93:  "Blind Signatures," first line:  "An essential in all"
should be "An essential feature in all".

Page 98:  First paragraph after protocol, fourth line:  "to
determine the DES key with the other encrypted message" should be
"to determine the DES key that the other encrypted message was
encrypted in."

Page 115:  "Protocol #2," third paragraph:  "together determine
if f(a,b)" should be "together determine f(a,b)".

Page 131:  Fifth paragraph:  "each capable of checking 265
million keys" should be "each capable of checking 256 million
keys".

Page 133:  Table 7.2:  Third number in third column, "1.2308"
should be "0.2308".

Page 134:  Table 7.3:  "1027" should be "10^27".

Page 139:  Indented paragraph:  "could break the system" should
be "could break the system within one year".

Page 141:  "Reduced Keyspaces," last sentence:  "don't expect
your keys to stand up" should be "don't expect short keys to
stand up".

Page 148:  Eighth line:  "2^24" should be "2^32".

Page 156:  Second paragraph:  "blocks 5 through 10" should be
"blocks 5 through 12".

Page 157:  Figure 8.2:  "IO" should be "IV".

Page 159:  Figure 8.3:  "IO" should be "IV".

Page 161:  Figure 8.5:  "Decrypt" should be "Encrypt".

Page 162:  Figure 8.6:  "Encipherment" diagram:  "Decrypt" should
be "Encrypt".  Input should be "p_i" instead of "b_i", and output
should be "c_i" instead of "p_i".

Page 164:  Figure 8.7:  "IO" should be "IV".

Page 165:  Last equation:  There should be a "(P)" at the end of
that equation.

Page 167:  Second paragraph, last line:  "2^(2n-1)" should be
"2^(2n-14)".

Page 168:  Figure 8.8:  This figure is wrong.  The encryption
blocks in the second row should be off-centered from the
encryption blocks in the first and third row by half a block
length.

Page 174:  Middle of page:  Equations should be:
   k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2
   k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3
   k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4

Page 175:  Last paragraph, second line:  "acting as the output
function" should be "acting as the next-state function".

Page 177:  Diffie's quote, second to last line:  "proposal to
built" should be "proposal to build".

Page 178:  Figure 8.20:  In "Node 2", the subscripts should be
"D_2" and "E_3".

Page 191:  First paragraph:  "3.5" should be "6.8".  "0.56"
should be "0.15".  "EBCDIC (Extended Binary-Coded Decimal
Interchange Code)" should be "BAUDOT".  "0.30" should be "0.76". 
"0.70" should be "0.24".

Page 193:  Second sentence:  "Unicity distance guarantees
insecurity if it's too small, but does guarantee security if it's
high" should be "Unicity distance guarantees insecurity if it's
too small, but does not guarantee security if it's high."

Page 198:  Fourth paragraph from bottom, second sentence:  "If a
and b are positive and a is less than n, you can think of a as
the remainder of b when divided by n" should be "If a and b are
positive and b is less than n, you can think of b as the
remainder of a when divided by n".

Page 199:  Middle of the page:  In the sentence "Calculating the
power of a number modulo a number", a should not be italicized.

Page 201:  First line of code:  Remove "assuming x and y are >
0".

Page 202:  Middle of the page:  In the sentence "Now, how do you
go about finding the inverse of a modulo n?" "a" should be
italicized.

Page 207:  "Jacobi Symbol: formula:  Variable "h" should be "a".

Page 209:  Fourth paragraph:  "If that value does not equal q"
should be "If that value does not equal 1".

Page 214:  Last line:  "n" should be "p".  Lines 29, 30, and 31: 
"r" should be "a", and "gcd(p,r)" should be gcd(a,p)".

Page 215:  Lehman test, step 5:  All three "(n-1)/2" should be
exponents.

Page 217:  There should be an open parenthesis in front of the
second "ln" in both exponents.  Sixth paragraph:  "Guassian"
should be "Gaussian".

Page 222:  "Validation and Certification of DES Equipment," first
line:  "As part of the standard, the DES NIST" should be "As part
of the DES standard, NIST".

Page 223:  Second to last paragraph, last line.  Reference
"[472]" should be "[473]".

Page 225:  Figure 10.2:  L_i is taken from R_(i-1) before
expansion, not after.  And "L_(i)-1" should be "L_(i-1)".

Page 228:  Fourth paragraph, last line:  "0 to 16" should be 0 to
15".

Page 228:  Fifth paragraph should read:  "For example, assume
that the input to the sixth S-box (that is, bits 31 through 36 of
the XOR function) are 110010.  The first and last bits combine to
form 10, which corresponds to row 3 of the sixth S-box.  The
middle four bits combine to form 1001, which corresponds to
column 9 of the same S-box.  The entry under row 3, column 9 of
S-box 6 is 0.  (Remember, we count rows and columns from 0, and
not from 1.)  The value 0000 is substituted for 110010.

Page 233:  The second two weak keys should be:
   1F1F 1F1F 0E0E 0E0E     00000000 FFFFFFFF
   E0E0 E0E0 F1F1 F1F1     FFFFFFFF 00000000

Page 238:  Next to last line before "Additional Results": 
"NSA's" should be "IBM's".

Page 238:  "Differential Cryptanalysis," third paragraph: 
"(1/16)^2" should be "(14/64)^2".

Page 239:  Figure 10.4:  "14/16" should be "14/64".

Page 242:  Table 10.14:  In "XORs by additions" line, "2^39,2^3"
should be "2^39,2^31".  In "Random" line, "2^21" should be"2^18-
2^20".  In "Random permutations" line, "2^44-2^48" should
be"2^33-2^41".

Page 245:  Line 11"  "8 bits is" should be "8 bits was".

Page 247:  Section heading, "Cryptanalysis of the Madryga" should
be "Cryptanalysis of Madryga".

Page 250:  The two functions should be:
   S_0(a,b) = rotate left 2 bits ((a+b) mod 256)
   S_1(a,b) = rotate left 2 bits ((a+b+1) mod 256)
Note the difference in parentheses.

Page 250:  Figure 11.4:  Note that a is broken up into four 8-bit
substrings, a_0, a_1, a_2, and a_3.

Page 251:  Figure 11.6:  The definitions for S_0 and S_1 are
incorrect ("Y = S_0" and "Y = S_1").  See corrections from
previous page.  Also, "S1" should be "S_1".

Page 254:  "Security of REDOC III," second sentence. Delete
clause after comma:  "even though it looks fairly weak."

Page 262:  Figure 11.9:  There is a line missing.  It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Page 263:  Table 11.1:  The decryption key sub-blocks that are
Z_n^(m)-1 should be Z_n^((m)-1).

Page 265:  Figure 11.10:  There is a line missing.  It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Pages 266-7:  Since the publication of this book, MMB has been
broken.  Do not use this algorithm.

Page 267:  Sixth line from bottom:  Reference should be "[256]".

Page 269:  "Skipjack."  First paragraph.  Reference should be
"[654]".

Page 270:  "Karn."  Third paragraph.  Last sentence:  "append C_r
to C to produce" should be "append C_r to C_l to produce".

Page 271:  Middle of the page:  "(for example, MD2, MD5, Snefru"
should be "(for example, MD2, MD4, Snefru".

Page 272:  Second to last line:  "But it is be analyzed" should
be "but it is being analyzed".

Page 275:  Second to last paragraph:  "Using 1028 bits" should be
"using 1024 bits".

Page 277:  First lines:  The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)
735-5893".

Page 281:  Third paragraph:  The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)
735-5893".

Page 286:  Second to last line:  "Eve wants to Alice to" should
be "Eve wants Alice to".

Page 287:  Last line:  Wiener's attack is misstated.  If d is
less than one-quarter the length of the modulus, then the attack
can use e and n to find d quickly.

Page 288:  The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 289:  The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 295:  First line:  "t random integers fewer than n" should
be "t random numbers less than n".

Page 301:  Middle of the page:  Delete the sentence "Since the
math is all correct, they do this step."

Page 302:  Fourth line from bottom:  "a" should be in italics.

Page 305:  Third paragraph, parenthetical remark:  "NIST claimed
that having DES meant that both that both the algorithm and the
standard were too confusing" should be "NIST claimed that having
DES mean both the algorithm and the standard was too confusing".

Page 306:  Eighth line:  "cryptographers' paranoia" should be
"paranoia".

Page 307:  "Description of the Algorithm":  "p = a prime number
2^L bits long" should be "p = a prime number L bits long".

Page 309:  Third line:  "random k values and then precompute r
values" should be "random k-values and then precompute r-values".

Page 314:  Protocol, step (1):  "when" should be "where".

Page 319:  There should be a blank line before "discrete
logarithm:" and another before "factoring:".

Page 322:  Second paragraph:  "over 500 pairs of people" should
be "253 pairs of people".

Page 330:  Definitions of FF, GG, HH, and II are wrong.  These
are correct:
   FF:  "a = b + ((a + F(b,c,d) + M_j + t_i) <<< s)"
   GG:  "a = b + ((a + G(b,c,d) + M_j + t_i) <<< s)"
   HH:  "a = b + ((a + H(b,c,d) + M_j + t_i) <<< s)"
   II:  "a = b + ((a + I(b,c,d) + M_j + t_i) <<< s)"

Page 336:  "HAVAL," sixth line:  "160, 92, 224" should be "160,
192, 224".

Page 339:  "LOKI Single Block":  In computation of Hi, drop final
"XOR M_i". 

Page 340:  "Modified Davies-Meyer":  In computation of H_i, "M_i"
should be subscripted.

Page 342:  "Tandem Davies-Meyer":  In computation of W_i, "M_i"
should be subscripted.

Page 345:  "Stream Cipher Mac", first line:"  "A truly elegant
MDC" should be "A truly elegant MAC".

Page 347:  Formula:  "aX_(n1)" should be "aX_(n-1)".

Page 347:  Second paragraph:  "(For example, m should be chosen
to be a prime number.)" should be "(For example, b and m should
be relatively prime.)"

Page 351:  Second line of text:  "they hold current" should be
"they hold the current".

Page 353:  Tenth line (in source code):  "< 31" should be "<<
31".

Page 353:  Second paragraph:  "are often used from stream-cipher"
should be "are often used for stream-cipher".

Page 356:  Source code:  "ShiftRegister = (ShiftRegister ^ (mask
>> 1))" should be "ShiftRegister = ((ShiftRegister ^ mask) >>
1)".

Page 360:  Equation should not be "l(2^1-1)^(n-1)", but "l(2^l-
1)^(n-1)".

Page 362:  Figure 15.10:  "LFSR-B" should be "LFSR-A" and vice
versa.  The second "a(t+n-1)" should be "a(t+n-2)", and the
second "b(t+n-1)" should be "b(t+n-2)".

Page 363:  Fourth paragraph: "cellular automaton, such as an
CSPRNG" should be "cellular automaton as a CSPRNG".

Page 365:  "Blum-Micali Generator":  In the equation, "x_i"
should be an exponent of a, not a subscript.

Page 367:  Paragraph 5:  "Ingmar" should be "Ingemar".

Page 370:  "Using "Random Noise," first paragraph, last line: 
"output 2 as the event" should be "output 0 as the event".

Page 371:  Sixth line:  "access/modify times of/del/tty" should
be "access/modify times of /dev/tty".

Page 371:  "Biases and Correlations," third line:  "but there
many types" should be "but there are many types".

Page 391:  Second protocol, step (1):  "in his implementation of
DES" should be "in his implementation of DSS".  Next sentence: 
"such that r is either q quadratic" should be "such that r is
either a quadratic".

Page 402:  Line 18:  "2^t" should be "2^(-t)".

Page 407:  Step (5):  "i<j" should be i>j".

Page 417:  Last paragraph:  "Kerberos is a service Kerberos on
the network" should be "Kerberos is a service on the network".

Page 421:  Figure 17.2:  In the top message "C" should be lower
case.

Page 435:  "RIPEM":  "Mark Riorden" should be "Mark Riordan".

Page 436:  "Pretty Good Privacy," third paragraph:  Delete fourth
sentence:  "After verifying the signature...."

Page 436:  Pretty Good Privacy is not in the public domain.  It
is copyrighted by Philip Zimmermann and available for free under
the "Copyleft" General Public License from the Free Software
Foundation.

Page 437:  Fifth line:  Delete "assess your own trust level".

Page 437:  "Clipper,"  Second paragraph:  reference should be
"[473]".  Fourth paragraph:  references should be
"[473,654,876,271,57]".

Page 438:  Middle of page:  reference should be "[654]". 
"Capstone," first paragraph:  reference should be "[655]".

Page 445:  The IACR is not the "International Association of
Cryptographic Research," but the "International Association for
Cryptologic Research."  This is also wrong in the table of
contents.

Source Code:  The decrement operator, "--", was inadvertently
typesetted as an m-dash, "-".  This error is on pages 496, 510,
511, 523, 527, 528, 540, and 541.  There may be other places as
well.

Page 472:  "for( i = 0; i<<16; i++ )" should be "for( i = 0;
i<16; i++ )"

Page 473:  Function "cpkey(into)". "while (from endp)" should be
"while (from < endp)".

Page 508:  Line 8:  "union U_INITseed" should be "union U_INIT
seed".

Page 558:  "#defineBOOLEAN int" should be "#define BOOLEAN int",
"#defineFALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 564:  "#define BOOLEANint" should be "#define BOOLEAN int",
"#define FALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 569:  "rand() > 11" should be "rand() >> 11".

Page 569:  In "G13.H", "#define G13int" should be "#define G13
int".

Page 572:  Reference [45]:  "Haglen" should be "Hagelin".

Page 576:  References [136] and [137]:  "Branstead" should be
"Branstad."

Page 578:  Reference [184]  "Proof that DES Is Not a Group"
should be "DES Is Not a Group."  The correct page numbers are
512-520.

Page 589:  Reference [475]:  The publisher should be E.S. Mittler
und Sohn, and the publication date should be 1863.

Page 601:  References [835] and [836]:  "Branstead" should be
"Branstad."

Page 602:  Reference [842]:  "Solvay" should be "Solovay".

Page 603:  Reference [878]:  "Weiner" should be "Wiener."


For a current errata sheet, send a self-addressed stamped
envelope to:  Bruce Schneier, Counterpane Systems, 730 Fair Oaks
Ave., Oak Park, IL  60302; or send electronic mail to:
schneier at chinet.com.


From mnemonic at eff.org  Mon Feb  7 12:16:26 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 7 Feb 94 12:16:26 PST
Subject: Newspaper coverage of Administration encryption announcements (fwd)
Message-ID: <199402072012.PAA04958@eff.org>


Forwarded message:


From hughes at ah.com  Mon Feb  7 12:31:28 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 7 Feb 94 12:31:28 PST
Subject: DOJ procedures relating to Clipper Chips and key escrow
In-Reply-To: <199402071624.LAA27967@eff.org>
Message-ID: <9402072025.AA23949@ah.com>


>"These procedures do not create, and are not intended to create,
>any substantive rights for individuals intercepted through
>electronic surveillance, and noncompliance with these procedures
>shall not provide the basis for any motion to suppress or other
>objection to the introduction of electronic surveillance evidence
>lawfully acquired."

This reminds me a lot of the language used when describing the changes
in FOIA policy, which was something like "The agencies are supposed to
be good, but if they're not, this change doesn't change your ability
to do anything about it."

Is this a Clinton administration policy to make such feel-good,
govern-bad pronouncements?

Eric





From nowhere at bsu-cs.bsu.edu  Mon Feb  7 12:36:27 1994
From: nowhere at bsu-cs.bsu.edu (Chael Hall)
Date: Mon, 7 Feb 94 12:36:27 PST
Subject: MAIL: questionnaire
In-Reply-To: <9402051721.AA05442@arcadien.owlnet.rice.edu>
Message-ID: <9402072035.AA22679@bsu-cs.bsu.edu>


Karl Barrus writes:

>bsu-cs:
>Run by Chael Hall.
>Contact at same address
Machine:  University departmental machine (fairly secure)
Security:  syslog file can be read

>chaos:
>Run by Chael Hall.
>Contact at same address
Machine:  Privately owned (secure)
Security:  syslog file can only be read by root (me) [used for statistics]
Contact nowhere at chaos.bsu.edu or remailer-admin at chaos.bsu.edu

(both)
Software:  C program written by myself.  Source available upon request.
Policy:  Under construction

Chael

--
Chael Hall
nowhere at bsu-cs.bsu.edu
nowhere at chaos.bsu.edu





From wcs at anchor.ho.att.com  Mon Feb  7 12:40:37 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Mon, 7 Feb 94 12:40:37 PST
Subject: DOJ procedures relating to Clipper Chips and key escrow
Message-ID: <9402072039.AA26355@anchor.ho.att.com>


Mike Godwin writes:
> One of the interesting passages comes at the end of the DOJ memo
> about obtaining Clipper keys pursuant to an interception:
> 
> "These procedures do not create, and are not intended to create,
> any substantive rights for individuals intercepted through
> electronic surveillance, and noncompliance with these procedures
> shall not provide the basis for any motion to suppress or other
> objection to the introduction of electronic surveillance evidence
> lawfully acquired."
> 
> What this means, apparently, is that keys or communications obtained
> through noncompliance with these procedures are nevertheless considered
> to be "lawfully acquired." No suppression of evidence. No civil suit.
> 
> In other words, "if we break our rules, tough."

I thought that was particularly amusing as well.
On the other hand, the mere fact that it says it doesn't mean
it invalidates any other privacy laws or rules about illegal 
surveillance or exclusion of evidence, though it does mean you
need to argue a lot harder to get a judge to agree.

# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From mnemonic at eff.org  Mon Feb  7 12:41:44 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 7 Feb 94 12:41:44 PST
Subject: DOJ procedures relating to Clipper Chips and key escrow
In-Reply-To: <9402072025.AA23949@ah.com>
Message-ID: <199402072040.PAA05318@eff.org>


 
Eric writes:

> This reminds me a lot of the language used when describing the changes
> in FOIA policy, which was something like "The agencies are supposed to
> be good, but if they're not, this change doesn't change your ability
> to do anything about it."
> 
> Is this a Clinton administration policy to make such feel-good,
> govern-bad pronouncements?

If anything, the Clinton announcements are far more generous than those of
Reagan and Bush.


--Mike







From wcs at anchor.ho.att.com  Mon Feb  7 12:50:37 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Mon, 7 Feb 94 12:50:37 PST
Subject: Bogus paper on TEMPEST floating around
Message-ID: <9402072047.AA26538@anchor.ho.att.com>


This bogus paper with lots of misinformation about TEMPEST is still around,
though I'm surprised to see it on a NIST machine.  (FTP didn't want to
connect this morning, so I can't be sure it's still there.)
Papers by the fictitious Hagbard Celine can't always be trusted,
though they make good rolling papers if you print them out :-)
But it's clearly a bunch of Discordian Disinformation.

Yes, some of the TEMPEST specs are classified,  it's perfectly legal
to disseminate the publicly available information and technology,
apply it, and use it, and do anything you want to make your equipment quiet.
Even the expansion of the acronym given in the paper was bogus,
and it went downhill from there.

# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From gnu  Mon Feb  7 13:14:48 1994
From: gnu (John Gilmore)
Date: Mon, 07 Feb 94 13:14:48 -0800
Subject: [whitfield.diffie@Eng.Sun.COM: Preliminary remarks]
Message-ID: <9402072114.AA20669@toad.com>

------- Forwarded Message

To: gnu at toad.com
From: whitfield.diffie at Eng.Sun.COM




From koontzd at lrcs.loral.com  Mon Feb  7 13:20:37 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Mon, 7 Feb 94 13:20:37 PST
Subject: DOJ procedures relating to Clipper Chips and key escrow
Message-ID: <9402072119.AA10397@io.lrcs.loral.com>



> From: hughes at ah.com (Eric Hughes)

>Is this a Clinton administration policy to make such feel-good,
>govern-bad pronouncements?

Double plus ++ungood.

Needless to say, I had trouble parsing this.





From mg5n+ at andrew.cmu.edu  Mon Feb  7 13:36:29 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 7 Feb 94 13:36:29 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <199402072012.OAA10440@alpha1.csd.uwm.edu>
Message-ID: <AhJfDLi00awF4FbkxC@andrew.cmu.edu>


Since the subject came up, I'll explain it to those of you who hadn't
heard of the Atlantis Project:

The Atlantis Project is a group in Las Vegas which is trying to build a
floating city in the Caribbean sea.  Their new city would be an
independant nation called Oceania.  The country would have a limited
government, and their constitution outlines many specific rights given
to the people, among them, the right to use cryptography.  You can email
them at oceania at world.std.com and ask for more info.





From mnemonic at eff.org  Mon Feb  7 14:06:30 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 7 Feb 94 14:06:30 PST
Subject: EFF Wants You (to add your voice to the crypto fight)
Message-ID: <199402072201.RAA06559@eff.org>


Forwarded message:


From hayden at krypton.mankato.msus.edu  Mon Feb  7 14:16:29 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 7 Feb 94 14:16:29 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <AhJfDLi00awF4FbkxC@andrew.cmu.edu>
Message-ID: <Pine.3.89.9402071653.A16185-0100000@krypton.mankato.msus.edu>


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 7 Feb 1994, Matthew J Ghio wrote:

> Since the subject came up, I'll explain it to those of you who hadn't
> heard of the Atlantis Project:
> 
> The Atlantis Project is a group in Las Vegas which is trying to build a
> floating city in the Caribbean sea.  Their new city would be an
> independant nation called Oceania.  The country would have a limited
> government, and their constitution outlines many specific rights given
> to the people, among them, the right to use cryptography.  You can email
> them at oceania at world.std.com and ask for more info.

Sounds kool, in a utopian sort of way.

Of course, the U.S. will immediately declare they a national threat and 
bomb them back to the stone age.  :-)

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
- -=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVa94p3BsrEqkf9NAQF9gQP/f71hQtnsZUYA8sxABa69RItyA8pOQ2QQ
F9y9cuk0QKzabfEo6uColYpdtk0AVt57pFh+bSivUNjrOYfdj42J6MZf2eT2mDt9
O7JhmdP9hSPIMx2IdfEq+aCOF0SO47lSmJsqct51o5TUvCx0mC9SLTBqWT3ZCbcS
Ho7lrI4b0SY=
=k2vE
-----END PGP SIGNATURE-----





From qwerty at netcom.com  Mon Feb  7 14:30:40 1994
From: qwerty at netcom.com (Xenon)
Date: Mon, 7 Feb 94 14:30:40 PST
Subject: Nate's Remailer Shutdown.
Message-ID: <199402072231.OAA10521@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

I am responding publicly to a letter I got from Nate about his wanting to
know who sent the naughty mail to the subnet-
managers at yuma.acns.colostate.edu. It was remailed from somewhere to qwerty,
and then through Nate's remailer. For gossip's sake, I'd sure like to see
what it said :-).

Sorry to hear about your remailer. It's good for all of us to have such
"minor" problems come up and be dealt with. I am keeping no logs except a
counter. This isn't a policy, it's just a decision for now. However, if the
70 people on the list care to they can certainly contact Netcom and ask for
a copy of their sendmail logs for that day. I'm sure if the mail was sent
to a police address saying "Nah nah you can't find me I'm selling guns to
little kids." then this would happen. I know that with my software (Hal's
updated), once such a problem happens, I can just block that outgoing
address. This isn't exactly a perfect solution, but I don't WANT a perfect
solution. This isn't IRAQ, no matter how global the internet is. I'm not
sure how to block an incoming address from say Detweiler.

My model is  based on the postal service. Why is e-mail supposed to be so
much more accountable? With snail mail someone can send a real bomb, not a
wimpy mail bomb. And yet it is perfectly legal to leave out a return
address. Qwerty is a mailbox. An inanimate object. I do not like the
internet. I like the postal service. You NEVER see someone like Detweiler
abusing snail mail anonymity with the purpose of trying to shut down or
change the policy of the US Postal Service! I think remailers should be
able to strip the From line completely, but as I pointed out, this would be
"frowned upon", and may not even be feasible to do vigorously. I thought
the internet was anarchic and free. Fun and creative. Oops. Oh well. Again,
"You ain't PUNKS, if you timidly play by the rules of others." I'm not
talking illegality. In fact, I'm talking life, liberty, and pursuit of
happiness. Insert constituion and Bill of Rights buzzwords here.

I think it might be nice for the remailers to block certain outgoing
address TYPES, such as "subnet-manager", but I don't know which others
since I'm new around here.

The information is available on Netcom's logs. It probably just points to
another remailer. Welcome to the postal service. Same as it ever was. Don't
blame the mailman, and especially not the mailbox. The day all mailboxes
have cameras atop them and require retinal ID before they take your logged
mail is the day people realize how bad it is out here in cyberspace.

    8,      8      ,8     8,      8      ,8    8,      8      ,8
    Yb     d8b     dY     Yb     d8b     dY    Yb     d8b     dY
    `8,   ,8'8,   ,8'     `8,   ,8'8,   ,8'    `8,   ,8'8,   ,8'
     Yb   dY Yb   dY       Yb   dY Yb   dY      Yb   dY Yb   dY
     `8, ,8' `8, ,8        `8, ,8' `8, ,8'      `8, ,8' `8, ,8'
      Y8 8Y   Y8 8Y         Y8 8Y   Y8 8Y        Y8 8Y   Y8 8Y
       YaY     YaY           YaY     YaY          YaY     YaY
       `8'     `8' O R L D   `8'     `8' I D E    `8'     `8' I R E T A P

  -=Xenon=-

P.S. "Get Off the Internet and Write Us a Real Encryptor." Your species
desires PGP to have a random data block output format. Now.

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVZ5vASzG6zrQn1RAQEEMwQAwejxfCFLdKy/jsggYfU1qANBXYe17oTt
o31cMzEsFeS1cSyrexEObohZM6HKZefM34SMj5saaxn0HsR+sT3Xk2i+VIqPfBJf
K17wa1jnOQDc77UYGy+f3KulNkHstCeE05D2GGA471NirwW8/YrC2tGKe4TqrFLP
XEtvD9mPO2M=
=huRE
-----END PGP SIGNATURE-----





From mnemonic at eff.org  Mon Feb  7 14:31:29 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 7 Feb 94 14:31:29 PST
Subject: reno_key_escrow.statement (fwd)
In-Reply-To: <9402071501.AA11306@mail.wm.edu>
Message-ID: <199402072231.RAA07108@eff.org>


 
Trotter writes:

> Thanks to Mike Godwin for forwarding the announcement about the
> Clipper chip stuff.  I am not a Constitutional law person or
> criminal preceedure person, but if I understand this proposal
> correctly, it does not require a member of the judiciary to be
> involved.

Not at the key-escrow phase, no. But you have to have a valid search
warrant or authorization order in hand before you can go to the escrow
agencies and request the partial keys.

Here's the relevant language:

> > ATTORNEY GENERAL MAKES KEY ESCROW ENCRYPTION ANNOUNCEMENTS
> >
> > When an authorized government agency encounters suspected key-
> > escrow encryption, a written request will have to be submitted to
> > the two escrow agents. The request will, among other things, have
> > to identify the responsible agency and the individuals involved;
> > certify that the agency is involved in a lawfully authorized
                                           ^^^^^^^^^^^^^^^^^^^^^
> > wiretap; specify the wiretap's source of authorization and its
                                   ^^^^^^^^^^^^^^^^^^^^^^^
> > duration; and specify the serial number of the key-escrow
> > encryption chip being used. In every case, an attorney involved in
> > the investigation will have to provide the escrow agents assurance
> > that a validly authorized wiretap is being conducted.

The reason that Reno doesn't just say "a court-ordered wiretap" is
that there are some emergency circumstances under which wiretap
authorization can be gotten in advance of approval by a neutral
magistrate. Both the Wiretap Act and the Foreign Intelligence Surveillance
Act make provisions for such emergencies. 

Eventually, such emergency wiretaps do have to be reviewed by a
magistrate, however. In the Wiretap Act, and, I believe, in FISA, 
the time limit is 48 hours.


--Mike






From mnemonic  Mon Feb  7 12:10:49 1994
From: mnemonic (Mike Godwin)
Date: Mon, 7 Feb 1994 15:10:49 -0500 (EST)
Subject: Newspaper coverage of Administration encryption announcements
Message-ID: <199402072010.PAA04906@eff.org>


The Washington Post, the New York Times, and the Wall Street Journal have
all published stories over the last three days concerning the
Administration's announcement on Friday, Feb. 5, 1994, that it will
continue to deploy the controversial "Clipper Chip" encryption technology
and will not significantly change its export controls.

>From the Post on Saturday:

"That means the administration will continue long-standing restrictions on
exports of powerful encryption devices that the NSA cannot crack, and
continue to encourage use of NSA-developed encryption gear, called the
"Clipper chip," by all U.S. firms. The Clipper Chip makes it relatively
easy for the government to eavesdrop on encrypted communications....

"Further, government officials said, the administration is expected in a
few weeks to endorse an FBI proposal that U.S. telecommunications firms be
required to guarantee law enforcement agencies' ability to tape phone and
computer lines regardless of where the technology goes.

"At the core of these high-tech disputes lies a fundamental conflict
between Americans' cherished privacy rights and the government's
investigative needs."

>From the Times on Saturday:

"But the Administration's action immediately drew a chorus of criticism
from both business and privacy-rights groups. Computer and software
companies, including Apple Computer, I.B.M. and Microsoft, have adamantly
opposed the Clipper Chip because they believe customers will not trust an
encryption program that was built by the government and whose inner
workings remain a secret.

"Perhaps more importantly, they fear that it will harm their ability to
export products; they predict that foreign customers will resist buying
computers and telecommunications equipment built with decoding technology
devised by the National Security Agency.

"Privacy-rights groups argue that the technology could lead to
unauthorized eavesdropping, because the keys for unscrambling the code
will remain in official hands.

"'This is bad for privacy, bad for security and bad for exports,' said
Jerry Berman, executive director of the Electronic Frontier Foundation, a
Washington nonprofit group that lobbies on privacy issues related to
electronic networks. 'The Administration is preparing to implement systems
that the public will not trust, that foreign countries will not buy, and
that terrorists will overcome.'"

>From the Wall Street Journal on Monday:

"The issue has become a controversial one between law enforcement
officials and the computer industry and civil libertarians. In unfolding
details of the administration's decision, Mike Nelson, an official at the
Office of Science and Technology Policy, said the issue was so difficult
it represented 'the Bosnia of telecommunications policy.'

"Jerry Berman, executive director of the Electronic Frontier Foundation, a
Washington-based computer users' civil-rights group, said the
administration's handling of the Clipper Chip policy could make it 'as
successful' as the Bosnia policy, which has come under widespread
criticism."


William Safire has also written about this in today's NYTimes.



>From owner-cypherpunks  Mon Feb  7 15:40:40 1994




From kevin at axon.cs.byu.edu  Mon Feb  7 15:16:30 1994
From: kevin at axon.cs.byu.edu (Kevin Vanhorn)
Date: Mon, 7 Feb 94 15:16:30 PST
Subject: reno_key_escrow.statement (fwd)
In-Reply-To: <199402072231.RAA07108@eff.org>
Message-ID: <9402072316.AA20220@axon.cs.byu.edu>


Mike Godwin writes, about Clipper's key-escrow:

>  But you have to have a valid search
>  warrant or authorization order in hand before you can go to the escrow
>  agencies and request the partial keys.
>
>  Here's the relevant language:

>   > > ATTORNEY GENERAL MAKES KEY ESCROW ENCRYPTION ANNOUNCEMENTS
>   > >
>   > > When an authorized government agency encounters suspected key-
>   > > escrow encryption, a written request will have to be submitted to
>   > > the two escrow agents. The request will, among other things, have
>   > > to identify the responsible agency and the individuals involved;
>   > > certify that the agency is involved in a lawfully authorized
>					      ^^^^^^^^^^^^^^^^^^^^^
>   > > wiretap; specify the wiretap's source of authorization and its
>				      ^^^^^^^^^^^^^^^^^^^^^^^
>   > > duration; and specify the serial number of the key-escrow
>   > > encryption chip being used. In every case, an attorney involved in
>   > > the investigation will have to provide the escrow agents assurance
>   > > that a validly authorized wiretap is being conducted.

But the word "warrant" appears nowhere in there.  The agencies requesting
the keys aren't required to present a warrant; they're only required to
promise that they're lawfully authorized.  And if they lie the evidence
is still admissible in court and they suffer no penalty.  And what does
"lawfully authorized" really mean?  Depending on what legislation
Congress passes, it could mean no more than "my supervisor approved it".

-----------------------------------------------------------------------------
Kevin S. Van Horn     | It is the means that determine the ends.
kevin at bert.cs.byu.edu |





From mnemonic at eff.org  Mon Feb  7 15:20:41 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 7 Feb 94 15:20:41 PST
Subject: reno_key_escrow.statement (fwd)
In-Reply-To: <9402072316.AA20220@axon.cs.byu.edu>
Message-ID: <199402072319.SAA08343@eff.org>


 
Kevin writes:

> But the word "warrant" appears nowhere in there.  The agencies requesting
> the keys aren't required to present a warrant; they're only required to
> promise that they're lawfully authorized.

You're misunderstanding the language. Strictly speaking, law-enforcement
agents who seek wiretaps receive "authorization orders," not warrants.
So the word "authorized" is perfectly appropriate. 


--Mike








From Patrick_May at dtv.sel.sony.com  Mon Feb  7 15:36:30 1994
From: Patrick_May at dtv.sel.sony.com (Patrick May)
Date: Mon, 7 Feb 94 15:36:30 PST
Subject: A Nice Summary of Motives for Clipper
In-Reply-To: <199402061911.LAA20333@mail.netcom.com>
Message-ID: <9402072329.AA24031@hugehub>


Timothy C. May writes:
> [Explanation of why Clipper will be prevalent in five years
>  deleted.]

     Mr. May's arguments are eloquent and convincing as usual, but it
occurs to me that one important point is being overlooked in this
discussion: the algorithm will not be a secret forever.

     Even in the worst case scenario, where all major players in the
industry knuckle under to the government (including those currently
planning to use other systems), the situation will be resolved as soon
as either Clipper or one of its designers is reverse-engineered.  The
more widespread is the chip, the greater the blow to the government.
With the algorithm known there is no way to prevent compatible,
non-escrowed, devices from being used, and it would be costly and
embarrassing to attempt to recall 100 million "secure" chips.

     So, how long will we likely have to put up with this abomination?

Regards,


Patrick May     (no known relation, tentacular or otherwise)





From freeman at MasPar.COM  Mon Feb  7 16:20:41 1994
From: freeman at MasPar.COM (Jay R. Freeman)
Date: Mon, 7 Feb 94 16:20:41 PST
Subject: A Nice Summary of Motives for Clipper
Message-ID: <9402080022.AA00944@cleo.MasPar.Com>


Patrick May says:

> the [Clipper] algorithm will not be a secret forever ...

  A fascinating point!  Perhaps Clipper's accomplishment will ultimately be
positive, serving to inculcate upon us all the habit and administrative forms
of routine use of cryptography, albeit in flawed implementation.  Thus when
the algorithm is unraveled, the transition to widespread use of a more nearly
adequate cryptographic standard may well be very rapid indeed.

                                            -- Jay Freeman





From wcs at anchor.ho.att.com  Mon Feb  7 16:40:41 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Mon, 7 Feb 94 16:40:41 PST
Subject: Atlantis Project/Oceania
Message-ID: <9402080036.AA00215@anchor.ho.att.com>


> > The Atlantis Project is a group in Las Vegas which is trying to build a
> > floating city in the Caribbean sea.  Their new city would be an
> ....
> Of course, the U.S. will immediately declare they a national threat and 
> bomb them back to the stone age.  :-)

Which is kind of a problem for a floating city, since stones don't
float very well, concrete canoes excepted :-)

I'm not sure their economics can float that well either - if it costs
$500M to build, and holds 1000 people, that means $500K/person....
Maybe they're looking at more people or less money.
Nice T-Shirts and promo material, though.





From qwerty-remailer at netcom.com  Mon Feb  7 16:41:30 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Mon, 7 Feb 94 16:41:30 PST
Subject: Nate's Remailer Shutdown.
Message-ID: <199402080041.QAA02332@mail.netcom.com>


The reasons the Post Office gets more slack are that
1) They're the government, or at least used to be
2) They can randomly open mail when they feel like it, see 1)





From mnemonic  Mon Feb  7 13:59:32 1994
From: mnemonic (Mike Godwin)
Date: Mon, 7 Feb 1994 16:59:32 -0500 (EST)
Subject: EFF Wants You (to add your voice to the crypto fight)
Message-ID: <199402072159.QAA06512@eff.org>

                     * DISTRIBUTE WIDELY *

Monday, February 7th, 1994

From: Jerry Berman, Executive Director of EFF
      jberman at eff.org


Dear Friends on the Electronic Frontier,

I'm writing a personal letter to you because the time has now come for
action. On Friday, February 4, 1994, the Administration announced that it
plans to proceed on every front to make the Clipper Chip encryption scheme
a national standard, and to discourage the development and sale of
alternative powerful encryption technologies. If the government succeeds
in this effort, the resulting blow to individual freedom and privacy could
be immeasurable.

As you know, over the last three years, we at EFF have worked to ensure
freedom and privacy on the Net. Now I'm writing to let you know about
something *you* can do to support freedom and privacy. *Please take a
moment to send e-mail to U.S. Rep. Maria Cantwell (cantwell at eff.org) to
show your support of H.R. 3627, her bill to liberalize export controls on
encryption software.* I believe this bill is critical to empowering
ordinary citizens to use strong encryption, as well as to ensuring that
the U.S. software industry remains competitive in world markets.

Here are some facts about the bill:

Rep. Cantwell introduced H.R. 3627 in the House of Representatives on
November 22, 1993.  H.R. 3627 would amend the Export Control Act to move
authority over the export of nonmilitary software with encryption
capabilities from the Secretary of State (where the intelligence community
traditionally has stalled such exports) to the Secretary of Commerce. The
bill would also invalidate the current license requirements for
nonmilitary software containing encryption capablities, unless there is
substantial evidence that the software will be diverted, modified or
re-exported to a military or terroristic end-use.

If this bill is passed, it will greatly increase the availability of
secure software for ordinary citizens. Currently, software developers do
not include strong encryption capabilities in their products, because the
State Department refuses to license for export any encryption technology
that the NSA can't decipher. Developing two products, one with less secure
exportable encryption, would lead to costly duplication of effort, so even
software developed for sale in this country doesn't offer maximum
security. There is also a legitimate concern that software companies will
simply set up branches outside of this country to avoid the export
restrictions, costing American jobs.

The lack of widespread commercial encryption products means that it will
be very easy for the federal government to set its own standard--the
Clipper Chip standard. As you may know, the government's Clipper Chip
initiative is designed to set an encryption standard where the government
holds the keys to our private conversations. Together with the Digital
Telephony bill, which is aimed at making our telephone and computer
networks "wiretap-friendly," the Clipper Chip marks a dramatic new effort
on the part of the government to prevent us from being able to engage in
truly private conversations.

We've been fighting Clipper Chip and Digital Telephony in the policy arena
and will continue to do so. But there's another way to fight those
initiatives, and that's to make sure that powerful alternative encryption
technologies are in the hands of any citizen who wants to use them. The
government hopes that, by pushing the Clipper Chip in every way short of
explicitly banning alternative technologies, it can limit your choices for
secure communications.

Here's what you can do: 

I urge you to write to Rep. Cantwell today at cantwell at eff.org. In the
Subject header of your message, type "I support HR 3627." In the body of
your message, express your reasons for supporting the bill. EFF will
deliver printouts of all letters to Rep. Cantwell. With a strong showing
of support from the Net community, Rep. Cantwell can tell her colleagues
on Capitol Hill that encryption is not only an industry concern, but also
a grassroots issue. *Again: remember to put "I support HR 3627" in your
Subject header.*

This is the first step in a larger campaign to counter the efforts of
those who would restrict our ability to speak freely and with privacy.
Please stay tuned--we'll continue to inform you of things you can do to
promote the removal of restrictions on encryption.

In the meantime, you can make your voice heard--it's as easy as e-mail.
Write to cantwell at eff.org today.



Sincerely,

Jerry Berman
Executive Director, EFF
jberman at eff.org



P.S. If you want additional information about the Cantwell bill, send
e-mail to cantwell-info at eff.org. To join EFF, write membership at eff.org.

The text of the Cantwell bill can be found with the any of the following
URLs (Universal Resource Locaters):

ftp://ftp.eff.org/pub/Policy/Legislation/cantwell.bill
http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill
gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill










From mg5n+ at andrew.cmu.edu  Mon Feb  7 17:50:40 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 7 Feb 94 17:50:40 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <9402080036.AA00215@anchor.ho.att.com>
Message-ID: <ohJiwNG00VB7QvUUVJ@andrew.cmu.edu>


wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com
+1-510-484-6204) wrote:

> > Of course, the U.S. will immediately declare they a national threat
> > and bomb them back to the stone age.  :-)
> 
> Which is kind of a problem for a floating city, since stones don't
> float very well, concrete canoes excepted :-)

Actually, they plan to build it on 3-acre concrete hexagonal platforms
with hollow centers so that they float.

> I'm not sure their economics can float that well either - if it
> costs $500M to build, and holds 1000 people, that means
> $500K/person.... Maybe they're looking at more people or less
> money.  Nice T-Shirts and promo material, though.

I think their projections were a billion dollars to build it and a
population of 20,000 - 30,000...

I was just wondering what sort of business one might engage in in
Oceania?  Cryptographic software is a possibility, but I wonder how much
revenue that might bring in.  A electronic bank would probably be a more
profitable venture, but getting a high bandwidth net connection in the
middle of the ocean would increase startup costs.  Telecom, electricity,
and water supply would probably be good businesses...but they require a
local market that would be fairly small in the startup country.  There
is also international shipping and trade, but there you have large
startup costs and would need to do extensive work to get clients.  And
there is tourism...gambling, recreational drugs, etc....





From blancw at microsoft.com  Mon Feb  7 18:20:41 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 7 Feb 94 18:20:41 PST
Subject: Atlantis Project/Oceania
Message-ID: <9402080217.AA23708@netmail.microsoft.com>



"I'm not sure their economics can float that well either - if it costs
$500M to build, and holds 1000 people, that means $500K/person....
Maybe they're looking at more people or less money.
Nice T-Shirts and promo material, though."
......................

Does it not seem that they are putting more effort into the publicity, 
marketing, & attraction of money for support of this virtual country, 
than into the establishment of other fundamentals?  Like: setting up an 
alternative currency & banking system, the manner of conducting 
business with the rest of the conventional world, and resolving the 
many little problems that would be of concern when living under such 
conditions?

Blanc





From nate at VIS.ColoState.EDU  Mon Feb  7 18:56:32 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Mon, 7 Feb 94 18:56:32 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <ohJiwNG00VB7QvUUVJ@andrew.cmu.edu>
Message-ID: <9402080248.AA14992@vangogh.VIS.ColoState.EDU>


writes Matthew J Ghio:
>
>profitable venture, but getting a high bandwidth net connection in the
>middle of the ocean would increase startup costs.  Telecom, electricity,

Well, a satellite dish can transfer around 100MB (megaBytes, not bits)
per second.  I'm not too sure how much this kind of link costs, but I
would also assume that the Oceania people aren't going to go without a 
network conection to start.

-nate

-- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From cknight at crl.com  Mon Feb  7 19:06:32 1994
From: cknight at crl.com (Chris Knight)
Date: Mon, 7 Feb 94 19:06:32 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <ohJiwNG00VB7QvUUVJ@andrew.cmu.edu>
Message-ID: <Pine.3.87.9402071927.A1918-0100000@crl2.crl.com>




On Mon, 7 Feb 1994, Matthew J Ghio wrote:

> I was just wondering what sort of business one might engage in in
> Oceania?  Cryptographic software is a possibility, but I wonder how much
> revenue that might bring in.  A electronic bank would probably be a more
> profitable venture, but getting a high bandwidth net connection in the
> middle of the ocean would increase startup costs.  Telecom, electricity,
> and water supply would probably be good businesses...but they require a
> local market that would be fairly small in the startup country.  There
> is also international shipping and trade, but there you have large
> startup costs and would need to do extensive work to get clients.  And
> there is tourism...gambling, recreational drugs, etc....

Have you read "Oath of Fealty" by Larry Niven?  Check it out, it's a good 
sci-fi that outlines just this kind of project.  And please, read the 
tribute in the front...


-ck







From mg5n+ at andrew.cmu.edu  Mon Feb  7 19:10:42 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 7 Feb 94 19:10:42 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <9402080217.AA23708@netmail.microsoft.com>
Message-ID: <whJk6py00VB2MQgUYp@andrew.cmu.edu>


Blanc Weber <blancw at microsoft.com> wrote:

> Does it not seem that they are putting more effort into the publicity,
> marketing, & attraction of money for support of this virtual country,
> than into the establishment of other fundamentals?  Like: setting up
> an alternative currency & banking system...

I thought that's what cypherpunks were supposed to be doing... :-)

> ... the manner of conducting business with the rest of the conventional
> world, and resolving the many little problems that would be of
> concern when living under such conditions?

All they said on the subject was that the government would be on the
gold standard and everyone else could use whatever currency they wanted.

As for the other little problems, I'd guess they haven't got a clue. 
However, they did hire an architect who is experienced in building
floating structures, so I guess he's considered those things, ya know
like fresh water and electricity.  You could drop them an email and
ask...





From karn at qualcomm.com  Mon Feb  7 19:16:32 1994
From: karn at qualcomm.com (Phil Karn)
Date: Mon, 7 Feb 94 19:16:32 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <9402080248.AA14992@vangogh.VIS.ColoState.EDU>
Message-ID: <199402080314.TAA24549@servo.qualcomm.com>


>Well, a satellite dish can transfer around 100MB (megaBytes, not bits)
>per second.  I'm not too sure how much this kind of link costs, but I
>would also assume that the Oceania people aren't going to go without a 
>network conection to start.

Depends entirely on what it's pointing at. The actual throughput for
a single transponder on a conventional Ku-band DOMSAT is more like 45
megabits/sec.

Because of fiber, satellites are fast falling out of favor for high
capacity point-to-point links. They're now used mainly for "thin
route" traffic, especially to remote or mobile locations, and for
broadcasting.

Phil






From mg5n+ at andrew.cmu.edu  Mon Feb  7 19:41:32 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 7 Feb 94 19:41:32 PST
Subject: nate@vis.colostate.edu remailer *GONE*
In-Reply-To: <9402071806.AA12892@vangogh.VIS.ColoState.EDU>
Message-ID: <QhJkaiS00VB24QgVJa@andrew.cmu.edu>


nate at VIS.ColoState.EDU typed:

> Everyone out there, plese listen up!  The remailer at
> nate at vis.colostate.edu has been taken down as a result of the posting
> by some anonymous person to a local list of administrators.

Sorry to hear that.  I have removed it from my listing at
<mg5n+remailers at andrew.cmu.edu>.

Perhaps in the future, remailers will make it a policy to block all mail
addressed to their site.  At least that way you could blame it on a
remailer at another site. :-(






From banisar at washofc.cpsr.org  Mon Feb  7 20:00:42 1994
From: banisar at washofc.cpsr.org (Dave Banisar)
Date: Mon, 7 Feb 94 20:00:42 PST
Subject: Campaign Against Clipper
Message-ID: <00541.2843506175.2994@washofc.cpsr.org>


  Campaign Against Clipper

CPSR ANNOUNCES CAMPAIGN TO OPPOSE CLIPPER PROPOSAL

Embargoed until 2 pm, Monday, February 7, 1994

contact: rotenberg at washofc.cpsr.org  (202 544 9240)


Washington, DC -- Following the White House decision on Friday to
endorse a secret surveillance standard for the information highway,
Computer Professionals for Social Responsibility (CPSR) today announced
a national campaign to oppose the government plan.

The Clipper proposal, developed in secret by the National Security
Agency, is a technical standard that will make it easier for government
agents to wiretap the emerging data highway.

Industry groups, professional associations and civil liberties
organizations have expressed almost unanimous opposition to the plan
since it was first proposed in April 1993.

According to Marc Rotenberg, CPSR Washington director, the
Administration made a major blunder with Clipper.  "The public does not
like Clipper and will not accept it. This proposal is fatally flawed."

CPSR cited several problems with the Clipper plan:

o The technical standard is subject to misuse and compromise. It would
provide government agents with copies of the keys that protect
electronic communications.  "It is a nightmare for computer security,"
said CPSR Policy Analyst Dave Banisar.

o The underlying technology was developed in secret by the NSA, an
intelligence agency responsible for electronic eavesdropping, not
privacy protection. Congressional investigations in the 1970s disclosed
widespread NSA abuses, including the illegal interception of millions of
cables sent by American citizens.

o Computer security experts question the integrity of the technology.
Clipper was developed in secret and its specifications are classified.
CPSR has sued the government seeking public disclosure of the Clipper
scheme.

o NSA overstepped its legal authority in developing the standard.  A
1987 law explicitly limits the intelligence agency's power to set
standards for the nation's communications network.

o There is no evidence to support law enforcement's claims that new
technologies are hampering criminal investigations. CPSR recently forced
the release of FBI documents that show no such problems.

o The Administration ignored the overwhelming opposition of the general
public. When the Commerce Department solicited public comments on the
proposal last fall, hundreds of people opposed the plan while only a few
expressed support.

CPSR today announced four goals for its campaign to oppose the Clipper
initiative:

o First, to educate the public about the implications of the Clipper
proposal.

o Second, to encourage people to express their views on the Clipper
proposal, particularly through the computer network.

Toward that goal, CPSR has already begun an electronic petition on the
Internet computer network urging the President to withdraw the Clipper
proposal. In less than one week, the CPSR campaign has drawn thousands
of electronic mail messages expressing concern about Clipper. To sign
on, email clipper.petition at cpsr.org with the message "I oppose clipper"
in the body of the text.

o Third, to pursue litigation to force the public disclosure of
documents concerning the Clipper proposal and to test the legality of
the Department of Commerce's decision to endorse the plan.

o Fourth, to examine alternative approaches to Clipper.

Mr. Rotenberg said "We want the public to understand the full
implications of this plan.  Today it is only a few experts and industry
groups that understand the proposal.  But the consequences of Clipper
will touch everyone.  It will affect medical payments, cable television
service, and everything in between.

CPSR is a membership-based public interest organization.  For more
information about CPSR, send email to cpsr at cpsr.org or call 415 322
3778.  For more information about Clipper, check the CPSR Internet
library CPSR.ORG. FTP/WAIS/Gopher and listserv access are available.







From dwomack at runner.utsa.edu  Mon Feb  7 21:36:33 1994
From: dwomack at runner.utsa.edu (David L Womack)
Date: Mon, 7 Feb 94 21:36:33 PST
Subject: keyservers
Message-ID: <9402080535.AA19289@runner.utsa.edu>


I just downloaded the demon.co.uk
 public keyring...but, since I
don't have mosaic or WWW and can't
use the ai.mit.edu server, how would
I add my public key to such a keyring?
Thanks for any thoughts.




From karn at qualcomm.com  Mon Feb  7 21:36:43 1994
From: karn at qualcomm.com (Phil Karn)
Date: Mon, 7 Feb 94 21:36:43 PST
Subject: New remailer up
In-Reply-To: <9402041508.AA18037@jungle.meaddata.com>
Message-ID: <199402080532.VAA24768@servo.qualcomm.com>


>You can get spread spectrum radio/data modems that do 256Kbits/sec
>(Cylink) and can go up to 30 Miles.  It is unlicensed in the US
>because it is limited to .8watts (I think).  I believe 10 miles is the
>limit with an omnidirectional antenna.  Spread spectrum should be
>pretty hard to triangulate on.  Remember that the technology came from
>unjammable military radios.

>I think you'd have to have a fairly sophisticated scanner to even pick
>it up.

Not quite. Very few, if any, Part 15 spread spectrum modems do automatic
transmitter power control, and as a result they generally run much more
power than necessary. That makes you much easier to spot. It also
pollutes the spectrum.

Even spread spectrum transmitters with tight power control (e.g, our
IS-95 cellular system) are easily detected (though not demodulated)
with simple AM scanners when you're close enough. Especially when the
mobile in question is a long way from the cell and transmitting near
full power as a result.

On the other hand, if you're not close, any particular mobile will be
drowned out by the several dozen others sharing the same channel.

Phil






From oseiler at unixg.ubc.ca  Mon Feb  7 21:50:42 1994
From: oseiler at unixg.ubc.ca (Oliver Seiler)
Date: Mon, 7 Feb 94 21:50:42 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <9402080217.AA23708@netmail.microsoft.com>
Message-ID: <Pine.3.05.9402072122.C9851-b100000@unixg.ubc.ca>



On Mon, 7 Feb 1994, Blanc Weber wrote:

> 
> Does it not seem that they are putting more effort into the publicity, 
> marketing, & attraction of money for support of this virtual country, 
> than into the establishment of other fundamentals?  Like: setting up an 

They have a rather complete constitution, legal system, etc. Monetary
systems would likely appear as needed. Most businesses would likely
take all major currencies - good market for a bank to get into.

Business relations with the rest of the world? This isn't in general
specified in advance in any country, and why should it be? The only
real rule I've seen is making it illegal (for good reason) to export
drugs (eg. recreational drugs, synthesized for use on the island)
to countries where they are illegal.

Besides, since they moeny is far more important on this project than
vague untested notions of how everything should work (hey isn't
that how communist countries are set up?) in advance, they have
been doing quite well. I wish them all the luck I can spare, and
plan to pick up a t-shirt (if only for being able to tell people
about it in 100 years or so...) or a flag...

> alternative currency & banking system, the manner of conducting 
> business with the rest of the conventional world, and resolving the 
> many little problems that would be of concern when living under such 
> conditions?

How much government intervention do you see in your day to day
affairs? Personally, I see virtually nil... Free-market's tend
to sort themselves out quite nicely...

> Blanc

-Oliver (who's not waiting for somebody else to build him a country, and
is instead doing whatever it takes to get the same effect now)

| Oliver Seiler          + Erisian Development Group +  Amiga Developer  +
| oseiler at unixg.ubc.ca   +-------------Reality by the Slice--------------+
| oseiler at nyx.cs.du.edu  | Phone: (604) 683-5364     Fax: (604) 683-6142 |
| ollie at BIX.com          | POB 3547, MPO, Vancouver, BC, CANADA  V6B 3Y6 |







From oseiler at unixg.ubc.ca  Mon Feb  7 21:56:33 1994
From: oseiler at unixg.ubc.ca (Oliver Seiler)
Date: Mon, 7 Feb 94 21:56:33 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <9402080248.AA14992@vangogh.VIS.ColoState.EDU>
Message-ID: <Pine.3.05.9402072153.D9851-b100000@unixg.ubc.ca>



On Mon, 7 Feb 1994, CVL staff member Nate Sammons wrote:

> writes Matthew J Ghio:
> >
> >profitable venture, but getting a high bandwidth net connection in the
> >middle of the ocean would increase startup costs.  Telecom, electricity,
> 
> Well, a satellite dish can transfer around 100MB (megaBytes, not bits)
> per second.  I'm not too sure how much this kind of link costs, but I
> would also assume that the Oceania people aren't going to go without a 
> network conection to start.

As soon as it's built, I would move in with a business offering just
this sort of connectivity. If I can swing the capital at the time
(probably not too hard) I'd also lay down swaths of fibre, set up
a packet radio network, and connect the island up...

> -nate

-Oliver

| Oliver Seiler          + Erisian Development Group +  Amiga Developer  +
| oseiler at unixg.ubc.ca   +-------------Reality by the Slice--------------+
| oseiler at nyx.cs.du.edu  | Phone: (604) 683-5364     Fax: (604) 683-6142 |
| ollie at BIX.com          | POB 3547, MPO, Vancouver, BC, CANADA  V6B 3Y6 |







From hfinney at shell.portal.com  Mon Feb  7 22:36:33 1994
From: hfinney at shell.portal.com (Hal)
Date: Mon, 7 Feb 94 22:36:33 PST
Subject: WRONG:  Attack on Magic Money and Chaum cash
Message-ID: <199402080633.WAA27612@jobe.shell.portal.com>


I was thinking over the attack I described on Magic Money and Chaum
cash, and I now think it will not actually work, especially in the case
of the Chaum cash.  Specifically, it will take as much work to forge
cash as to factor the modulus.

My idea was to collect signed forms of small primes, then try to find a
"smooth" number of the proper form, one which can be factored over this
set of primes.  By multiplying together the proper primes, one could
generate a signed number which would look like cash.

What I was remembering as I was driving tonight is that this is very
similar to a family of algorithms for factoring large numbers.  The one
I know best is the continued fraction algorithm, but I think the number
field sieve uses broadly similar principles.  In the cfrac algorithm,
the goal is to find two squares which are equal mod n.  This lets you
factor n immediatly by taking its gcd with the sum or difference of the
two numbers.

This is done by taking a bunch of squares and trying to factor them
over a set of small primes.  If you generate enough factorizations,
approximately as many as there are primes, you can multiply selected
ones together and generate two equal squares.

The point is, finding as many smooth numbers as there are small primes
will let you factor n.  But that is the same criterion I had to meet in
my proposed attack in order to make a profit.  So it seems that in
general my attack will not work; it will be as hard as factoring the
modulus.

There may still be a problem with Magic Money because its cash values
leave the low order 128 bits free, but I'm not so sure about it.  I was
wrong, I think, to suggest that a simple sieve could quickly identify
smooth numbers.  Although a sieve will easily tell you that a number
has _no_ factors less than some cutoff, it will not easily tell you
that a number has _only_ factors in that range.  It may be that the
only way to identify smooth numbers is by trial division, which would
be the same situation as for Chaum cash.

So, unless there is in fact some trick that can be used to quickly find
smooth numbers given that the low order 128 bits are free, I don't
think there is any need to worry about my attack on Magic Money.  And
it looks like Chaum's online cash is completely invulnerable to this
approach.

Sorry to have raised a red flag unnecessarily.

Hal





From qwerty-remailer at netcom.com  Mon Feb  7 22:41:33 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Mon, 7 Feb 94 22:41:33 PST
Subject: Nate's Remailer Shutdown.
Message-ID: <199402080641.WAA24210@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Anonymous said,
"The reasons the Post Office gets more slack are that
1) They're the government, or at least used to be
2) They can randomly open mail when they feel like it, see 1)"

So what's your point? Talk is cheap. The situation remains the same.
The message in my post remains valid. The reason why it is so doesn't matter
to someone desiring privacy. The internet still sucks and always will, due
to the From and Received by e-mail headers as well as many other Unix system
problems like sendmail logs, and the fact that you can't trust a wire 'cause
you can't see it.

 -=Xenon=-
-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVbo8wSzG6zrQn1RAQEZqgP+LOHqzsOR+mbHjagehpv12qvihvJl9SSm
f1Rz/iVtyKhPVpvsmwhIm3S/F6AmAikQwuO7Kt90BFpS8Q2tfV+iL4mRr1009xKi
LovMs+oeydinlH6uOvKGvS4vtaju3dd7+SXQIa0sR46cN8r7O0BiVA6K+9AZ91Cx
6oONCh2Wpfo=
=7yq9
-----END PGP SIGNATURE-----





From remailer at merde.dis.org  Mon Feb  7 22:50:42 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Mon, 7 Feb 94 22:50:42 PST
Subject: PGP Tools Debugging
Message-ID: <9402080648.AA17257@merde.dis.org>


-----BEGIN PGP SIGNED MESSAGE-----

>> Pr0duct Cypher
>  Warlord

>>I've got the code written to check the whole coin, and I found another
>>subtle bug caused by precision setting. Since setting precision does not
>>seem to affect the speed of the decryption (I think the mpi library sets
>>it internally during modexp) I'm just going to fix it at maximum
>>and leave it there. Tomorrow I will strip out all of these damn things.

>Yea, MPI lets the precision.  This is not a bug -- the MPI library
>needs to know how big the number is.  (The bug is that its done in a
>global variable and not as a part of the number internally, but thats
>a different matter).  The reason it needs to know is so that it
>doesn't need to perform large operations for small numebers.  For
>example, there is no reason to perform a 1024-bit modexp when you are
>dealing with 384-bit numbers!

The bug was in my code, not in mpilib, but the need to set precision can
be a real pain. I've been plagued by intermittent bugs caused by mpis not
being completely cleared or fully calculated out. Since modexp does it
automatically, I'm just going to set it to max. If you or someone else with
both types of machines wants to fix that, feel free. I don't have the
means to do so, and it's been my experience that writing code you can't
test is a waste of time.

>FYI: I have both big-endian and little-endian machines at my disposal.
>Also, I was having problems building PGP Tools under mips-ultrix --
>you have some global variables in ptd that you expect from time.h
>which don't exist.  In particular, timezone and daylight.

PTD is a kludge. There are no similar dependencies in the library itself.
PTD was just written as needed to test the rest of the library, and was not
intended to be a usable application. You can either put in #ifdefs for your
machine, or set up another module with the needed globals. I just wanted to
code around the need for timezone stuff and get the test code working.

I've got another version of PGP Tools ready which removes most of the
set_precision stuff, and a version of Magic Money which checks the whole
coin when it receives it. There are a few more changes for Magic Money,
but I should be mailing out soon. Someone wrote that they had success with
a big-endian machine - whew! and thanks for testing it.

                                             Pr0duct Cypher


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVcQUsGoFIWXVYodAQEiQQP/Tsm/AIi+zNJ5YIzPfaEjzeSyyi4pwLTp
ZYzo88FyBBrayFpt+CkSdlatnOVu7EwyHcNBgh8Z3LJeffOcI8Wiw9WPO9v0vqHj
yE35Yq9rFfBnTjQuZ3uNnb03l1G0XfyG2AyuYer3Y4shEKwO/6DgYr4b5K9Y2Wqc
p8qpWGwUC6I=
=itBc
-----END PGP SIGNATURE-----





From orion at crl.com  Mon Feb  7 23:06:33 1994
From: orion at crl.com (Colin Orion Chandler)
Date: Mon, 7 Feb 94 23:06:33 PST
Subject: Clipper Qs
Message-ID: <Pine.3.87.9402072333.A21239-0100000@crl.crl.com>


Hurm...I have had a couple of thoughts, no dowbt simple ones, but maybe 
you can help:

	If I bought a a ClipperFone and switched chips with my neighbors chips 
(Clipper Chip, that is), could the .gov tell what was going on?
	Also, can these chips be re programmed? ;) I'd like a cracker...


___________________________________________________________________________
|---===================================--|     /\     |  |  \ |_ _\ \  / |
|---Colin Titus Orion Xavier Chandler----|    \\ \    |  | .  |  | >  <  |
|---===================================--|   \ \\ /  \__/ _|\_|___|_/\_\ |
| _____                                  |  / \/ / /		         |
|/\  __ \         __  "What year is it?" | / /   \//\   "If it's not a   | 
|\ \ \/\ \  _ __ /\_\    ___     ___     | \//\   / /	Sun, it's not a  |
| \ \ \ \ \/\`'__\/\ \  / __`\ /' _ `\   |  / / /\ /  	   computer."    |
|  \ \ \_\ \ \ \/ \ \ \/\ \L\ \/\ \/\ \  |   / \\ \  .__          __     |
|   \ \_____\ \_\  \ \_\ \____/\ \_\ \_\ |    \ \\   |_. | | |\ |  -|    |
|    \/_____/\/_/   \/_/\/___/  \/_/\/_/ |     \/    __| I_| | \| __|/160|
+________________________________________+_______________________________+
|  Colin Chandler |"It can only be accountable to *human* error."-HAL9000|
|  (415) 388-8055 | orion at crl.com, wizard @ BayMOO (mud.crl.com 8888)    |
|________________________________________________________________________|







From karn at qualcomm.com  Mon Feb  7 23:10:43 1994
From: karn at qualcomm.com (Phil Karn)
Date: Mon, 7 Feb 94 23:10:43 PST
Subject: STEG: a real-life use for steganography
In-Reply-To: <9402041840.AA21942@ah.com>
Message-ID: <199402080707.XAA24919@servo.qualcomm.com>


The biggest problem I see with your scheme is that it won't remain secret
for very long, and the government will probably just ban all CD imports
as a result. And possession of a CD player or CDs (even "legit" ones)
would be enough to send you off to kamp.

> -- A decryption system to get the data off the CD.

There's a practical problem here. Audio CD players generally provide
no easy way to get the raw bits into a computer (SPDIF interface cards
exist for PCs, but they're rare and expensive). And I haven't yet
figured out how to get a CD-ROM drive to read the raw bits off an
audio CD; I suspect it requires munging the firmware in the drive,
which makes anything you do highly manufacturer specific.

Phil





From qwerty at netcom.com  Tue Feb  8 00:06:34 1994
From: qwerty at netcom.com (Xenon)
Date: Tue, 8 Feb 94 00:06:34 PST
Subject: What's a "real encryptor"?
Message-ID: <199402080803.AAA16148@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

I (Nik) got a letter from a mathamatician asking me to clarify what
 I meant  by a "real encryptor". Here is the answer I gave. It is for
the newbies out there, not the serious cryptographer types who know
this already. Warning: one of my Xenon character's last rants will be
arriving shortly. Take it with a grain of salt; it's pretty nasty, and
not meant for those who already understand its message. I'm trying
to drum up some public demand for a "real encryptor", for one thing.
Think of it as propoganda, for it appeals to emotion not logic, and it
is not very fair.

Steganography involves hiding a message in a file. I can use the Mac
program Stego to place say a PGP message into a Mac PICT (just a picture)
file as the least significant bit of each pixel. If it is a 24 bit per
pixel color picture, then you can't even see a difference. If it is 8 bit
color, then you CAN. It looks like digital noise. On off, on off. No
matter. The problem IS, anyone with Stego can extract the file and
immediately see that it is an encrypted PGP message. When PGP encrypts a
file, after compressing it, it includes in the final output all sorts of
extra things like a checksum at the end, and full information given out to
anyone about the name of the key that it was encrypted with. It will
proudly announce, for instance, "This message can only be read by Pr0duct
Cypher. You do not have the secret key required to read it." I don't know
the full details. The PGP documentation mentions some of them, for the
binary format PGP output files. I could send you this if you want.

What I mean by a "real encryptor" is something just like PGP, but minus the
convenience features that get tagged onto the PGP messages. It might be as
simple as stripping them away the PGP convenience procedures. If the output
was simply an encrypted message, and it seems to me PGP could do this, it
should be hard to distinguish it from a random series of bits. Hopefully
nearly impossible! Then you can use steganography for your messages but no
one can tell if what they extracted is a message or not! The least
significant bit of most messages such as sound files is noise anyway. On
off, on off. They can't even tell how big it might be. That is a potential
mega problem with PGP itself not being able to know how big it is though.
You would have to know before hand, or make the picture or sound file BE
the right size, EXACTLY. That's certainly easy for sound files! Just send
voice mail! You could pad the content of the PGP message if you wanted to
hide the actual size of the decrypted message. If you get voice mail from
a stranger saying something vaque, you can check if it contains a PGP
message encypted with your public key.

If PGP outputted such a hard-to-distinguish-from-random data format, it
opens up many different possibilities for sending your messages. Ideally, no
one would be able to tell if it was an encrypted message except by
successfully decrypting it. As it is now, such schemes have to rely on
"encrypting" an already encrypted PGP message to hide the fact that it IS a
PGP message! Many of us just want to be left alone and are tired of having
our files tagged as BEING encrypted. Personally, I suggest using PGP as a
Clipboard utility so I can cut a message out, encrypt it, paste it back in
and save it as a word processor file which I then Macintosh BinHex encode
as text, and e-mail off. Now I'm just sending a BinHexed word processor
file, just like thousands of other Macintosh e-mailers out there every day!
This isn't good enough since it is so easy reverse, by anyof
them ;-), and they are still struggling with just e-mail. PGP is still a
program only used by those why really need it. It may remain that way,
so for those people, having a random data block output would mean they
wont set off alarms and catch the attention of the government, just for
sending a love letter to their mistress ;-).

 -Nik (-=Xenon=-)

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVb/QgSzG6zrQn1RAQHPRgQAttdvv7y01xE0+8xKOnoODYJ3Xmlw0Wrs
hIlMIGglirxY8Q244EEfjA538QES19jS95+8G5q9p5eEjM6w0apkRKQbyQOxme8j
tfBU+yhhtqTGPUidLdiOWNszn2DvD0hrTVFH15b3yFoB2F1mA1kkjbfmXAm1r7gS
MmJaO0c6ZNE=
=SIQx
-----END PGP SIGNATURE-----

P.S. Were PGP like many programs, able to accept modular "Plug ins" like
say Adobe Photoshop, this "bare" data block output could be an add-on
featue ("feature stripper?") that those who want it would use. Or at least
a separate utility that would strip and restore PGP messages.





From hughes at ah.com  Tue Feb  8 00:06:46 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 8 Feb 94 00:06:46 PST
Subject: Magic Money coins
In-Reply-To: <199402080633.WAA27612@jobe.shell.portal.com>
Message-ID: <9402080759.AA00803@ah.com>


>I was thinking over the attack I described on Magic Money and Chaum
>cash, and I now think it will not actually work, especially in the case
>of the Chaum cash.  

Well, with Chaum's signature pairs of the form <x,f(x)^(1/e)>, you'd
still have to calculate some inverse value of a one-way function.

On he other hand, Hal says that his attack against MM coins doesn't
work.  That's OK, as far as it goes.

The problem is really quite general.  Given a set of signatures on the
same modulus, how can one calculate signed values of a particular
sort?  In the proceeding, let { < a_i, a_i^(1/e) > } be the set of
signatures one has, e the public key, n = pq the modulus, S the set of
acceptable signed elements.

Note that the product of any two signatures, pairwise, yields another
valid signature.  A signature can be multiplied by itself as well.
These are valid as RSA signatures but possibly not as any special coin
format.  Note that the Chaum signature pair above prevents
multiplicative combinations entirely.

The problem is then "Can we find an element of S in the multiplicative
span of the { a_i } modulo n?"  (The multiplicative span is any
product of the a_i, possibly taken multiple times.)

Hal's attack was about the about problem, _but without the modulo n_.

There's a subtlety to remember here: factoring doesn't mean anything
in a field.  The RSA ring is almost-a-field; if you can find a
non-invertible element, you've factored the modulus.  Factoring only
make good sense in rings where lots of elements are _not_ invertible.

So Hal's factoring attack only considered direct multiplication,
forgetting that that modular equality was what was relevant.

The upshot is this.  Let s be in S.  What we are looking for is a
factorable (in integers) number of the form s+kn.  Now s can be any
element in S, and k any integer.  That's a wide range to choose from.

A.  First off, what is the size of the possible multiplicative span?
The short answer is "It's likely the whole thing".

Recall that in an RSA cryptofield (my term for a ring where it's
infeasible for an outsider to find a zero-divisor) the invertible
elements form a multiplicative group which comprise all the 'normal'
operations in the cryptofield.  Its structure is the product of two
groups, one of order p-1 and one of order q-1.  Now the number of
generators of the Z_p is \phi(p-1).  (That's the Euler \phi function.)
The average value of \phi(x) is x * (6 / \pi^2), i.e. on average 61%
of the numbers.  [N.B. This is for random x.  p and q can be picked to
change these values.]  

Eliding the rest of the calculation, we see that with a few
signatures, it's very likely that _every_ cryptofield number is in the
multiplicative span.

B.  The next question is "How tractable is finding particular
combinations?"  I don't know, but I wouldn't trust on the lack of an
efficient algorithm.

Remember, we can pick and set of numbers to get signed to span with,
any coin format to try to create [RANT: forge indicates intent] with
that span, and we're working in a modular cryptofield.  That's lots of
possibilities.

Here is one idea for such attack.  The numbers in S all have the same
upper bits.  Suppose one could calculate a number u which was 'close
to' 1 in a range containing S.  To be specific, suppose that

	P( | s - u*s | < sqrt(s) ) > .1

that is, multiplication by u likely doesn't move the value around by
more than the square root of s.  Then one can randomly pick coin
values, multiply by u, and likely get new coin values, since all the
upper bits are the same.

Are such u rare?  Maybe not.  Consider the number 3 and values near
n/2.  Observe that 

	3 * ((n-1)/2) = ((n-1)/2) - 1 (mod n)
	3 * ((n+1)/2) = ((n+1)/2) + 1 (mod n)

So for the numbers close to half the modulus, 3 is exactly such an
almost-identity.

But can we find one for our given range?  I think so.  Here's my first
guess at how to proceed.  And it really is a guess, even if it is
inspired by a Gauss sum.

Consider the following.  Take the range S and choose random { x_i } in
S with, say, some truncated Gaussian distribution in order to favor
number in the center.  Now calculate the term

	1     x_1   x_3         x_(2n-1)
	- * ( --- + --- + ... + -------- )
	n     x_2   x_4           x_2n

In other words, just calculate an average of a bunch of values that
move one element of S to some other element of S.  Such an element
*might* tend to preserve values of S near the center, maybe not.  It
may be that diddling the distribution helps.  It may be that a
different average works, say a geometric average (although taking
roots becomes an issue).  It may be that this technique works but
doesn't converge rapidly.  I don't know; I haven't tried it.

In any case, if it does work, there are lots of candidate u's that one
can sample.

It also appears that one might be able to directly calculate some of
these near-identities with continued fractions.

C. Recommendations

In any case, the issue of creating new signatures out of old is
sufficiently unsettled in my mind that I would avoid the issue
entirely.  

1.  Don't rely only on format of the signed number for validity.

2.  Do use a one-way function in the signature in order to prevent
multiplicative attacks.

3.  Use both techniques above.

Therefore I recommend the Magic Money signature format be changed.

Eric





From qwerty at netcom.com  Tue Feb  8 00:16:34 1994
From: qwerty at netcom.com (Xenon)
Date: Tue, 8 Feb 94 00:16:34 PST
Subject: What's a "real encryptor"?
Message-ID: <199402080814.AAA17429@mail.netcom.com>


Typo correction from first post:

If PGP outputted such a hard-to-distinguish-from-random data format, it
opens up many different possibilities for sending your messages. Ideally, no
one would be able to tell if it was an encrypted message except by
successfully decrypting it. As it is now, such schemes have to rely on
"encrypting" an already encrypted PGP message to hide the fact that it IS a
PGP message! Many of us just want to be left alone and are tired of having
our files tagged as BEING encrypted. Personally, I suggest using PGP as a
Clipboard utility so I can cut a message out, encrypt it, paste it back in
and save it as a word processor file which I then Macintosh BinHex encode
as text, and e-mail off. Now I'm just sending a BinHexed word processor
file, just like thousands of other Macintosh e-mailers out there every day!
This isn't good enough since it is so easy to reverse, AND can be automated.
Honestly, I'm not doing this much yet with distant friends, but then there
are only two of them ;-), and they are still struggling with just e-mail.
PGP is still a program only used by those why really need it. It may remain
that way, so for those people, having a random data block output would mean 
they wont set off alarms and catch the attention of the government, just for
sending a love letter to their mistress ;-). It would also render the Clipper
issue moot.

-=Xenon, who never could type, and breaks things a lot still=-





From wcs at anchor.ho.att.com  Tue Feb  8 01:10:45 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 8 Feb 94 01:10:45 PST
Subject: Clipper Qs
Message-ID: <9402080909.AA04864@anchor.ho.att.com>


Doesn't matter if you switch CLipper Chips - the chip squawks its serial 
number when it starts a session, and they simply get the keys for *all*
clipperphones that they overhear while wiretapping.  That way they don't
need to keep track of who's got what chip (which is impossible,
since you could switch with your neighbor), though that may be some help
if they happen to know some eavesdropping victim's serial number
and are tapping all the pay phones in an area.

As far as reprogramming goes, no.  They're a fancy tamperproof design,
which they hope will make it difficult or impossible for people to get
the algorithm or the key out of.





From nobody at shell.portal.com  Tue Feb  8 02:26:36 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Tue, 8 Feb 94 02:26:36 PST
Subject: Magic Money -> Chaum Cash
Message-ID: <199402081025.CAA20709@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----

Ok, let's try this one more time... Based on Eric's long and mathematical
explanation, which I did not fully understand and was therefore convinced
by, I have changed the program to use full Chaum cash. It takes the 16-byte
random number, takes its MD5, and stores the MD5 in the coin. The coin is
now a triple (id,e,mpi) and the bank never sees id when blind-signing the
coin, thus preserving anonymity.

I sent this new version to csn.org as mgmny10c.zip. I haven't had a chance
to update the manual or the comments in the code, but it does seem to work.
At least, I was able to mint coins and cycle them through the server a few
times, so the basic coin cycle seems to work. Please check it out, on
machines of both endians, and let me know what happens.

                                                 Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVdfXcGoFIWXVYodAQExBQQAlAOtfHApmQlmj1bk2kdBEg+Rst0I4CcB
vIoxQ/iXiAS5c9fGdl5WNWpBk5TYCQSHm3jyzAoYaeLwJ4XsgnH5WbvB+UeRzwJX
VatnTUK7x7wZMtIBAAaaPGX2woosns83bnXMa5voKkiYeESFFLgU5Dw5zw24xFas
1fkwlBSnyRA=
=L9Ei
-----END PGP SIGNATURE-----





From pmetzger at lehman.com  Tue Feb  8 06:30:47 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 8 Feb 94 06:30:47 PST
Subject: Atlantis Project/Oceania
In-Reply-To: <9402080248.AA14992@vangogh.VIS.ColoState.EDU>
Message-ID: <199402081429.JAA09219@snark>



CVL staff member Nate Sammons says:
> writes Matthew J Ghio:
> >
> >profitable venture, but getting a high bandwidth net connection in the
> >middle of the ocean would increase startup costs.  Telecom, electricity,
> 
> Well, a satellite dish can transfer around 100MB (megaBytes, not bits)
> per second.  I'm not too sure how much this kind of link costs, but I
> would also assume that the Oceania people aren't going to go without a 
> network conection to start.

Perhaps the appropriate time to worry about Oceania's network
connection would be when Oceania's builders have the $ 1 Billion they
need instead of begging for $20 or $30k for models. In any case, this
is NOT appropriate stuff for cypherpunks.

Perry





From paul at poboy.b17c.ingr.com  Tue Feb  8 07:10:51 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Tue, 8 Feb 94 07:10:51 PST
Subject: STEG: a real-life use for steganography
In-Reply-To: <199402080707.XAA24919@servo.qualcomm.com>
Message-ID: <199402081509.AA17293@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

> There's a practical problem here. Audio CD players generally provide
> no easy way to get the raw bits into a computer (SPDIF interface cards
> exist for PCs, but they're rare and expensive). And I haven't yet
> figured out how to get a CD-ROM drive to read the raw bits off an
> audio CD; I suspect it requires munging the firmware in the drive,
> which makes anything you do highly manufacturer specific.

Apple's CD-300/300i drives can read audio bits directly and turn them
into a QuickTime sound channel, as can SGI's SCSI CD. Apple uses a
Sony mechanism, and SGI uses a Toshiba. The SGI drives use modified
firmware and (AFAIK) are not available elsewhere, but you can get the
Apple drives at Circuit City, Sears, etc.

With the right sequence of SCSI commands you could easily capture an
"audio" bitstream, then munge it as desired to extract the stegged
data, play it backwards, or whatever. IIR, code to directly read
arbitrary audio data on an Apple CD-ROM was recently posted in
comp.sys.mac.programmer, but I didn't save it.

- -Paul

- -- 
Paul Robichaux, KD4JZG     | "Though we live in trying times 
perobich at ingr.com          |  We're the ones who have to try." - Neil Peart
Intergraph Federal Systems | Be a cryptography user- ask me how.
	       Of course I don't speak for Intergraph.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVen7SA78To+806NAQG3sAQAu8prXRUkJKWwmQBIeJxwQIDK+2ilvyxe
24rcK89EInIyEdLnsSrx4uly3CBpS7iWdOmoAQ9tNu5tOOi3xc+5W5cvUTJ4t/NR
gblnKM/qevO6PCdQFiJXNgzg/1DkY2LsrvnH3I+8lxXeNn06CQKB85r5COY2vL3I
ldqrGjLScHU=
=GjEo
-----END PGP SIGNATURE-----





From norm at netcom.com  Tue Feb  8 08:06:46 1994
From: norm at netcom.com (Norman Hardy)
Date: Tue, 8 Feb 94 08:06:46 PST
Subject: Magic Money ftp
Message-ID: <199402081606.IAA16443@mail.netcom.com>


Is there somewhere that I can ftp the Magic Money protocol from?







From cfrye at ciis.mitre.org  Tue Feb  8 09:11:45 1994
From: cfrye at ciis.mitre.org (Curtis D. Frye)
Date: Tue, 8 Feb 94 09:11:45 PST
Subject: Clipper Opposition
Message-ID: <9402081718.AA04480@ciis.mitre.org>


Fellow C'punks-

This is a copy of a posting I made to comp.eff.org.talk and other groups.

>-------<
In article <EACHUS.94Feb8105146 at spectre.mitre.org> Robert I. Eachus,
eachus at spectre.mitre.org writes:
>In article <strnlghtCKwCrw.DE at netcom.com> strnlght at netcom.com (David
>Sternlight) writes:
>
>  > Once they made it voluntary and promised not to outlaw non-Clipper
>  > crypto, the game was over. Arguments about its becoming de facto
>  > standard and driving out other crypto are simply too complex and
>  > iffy to convince the average reader.
>
>     David, this is where you and I part ways.  You believe that the
>adminstration is promising not to outlaw non-Clipper crypto.  But the
>reality is that the adminstration IS and has been trying its damnedest
>to harrass, intimidate, and suppress any alternative strong crypto.
>The current situation--and the recent announcements confirm this--is
>the adminstration requires a special license to export crypto, which
>you CAN'T get to publish strong crypto (And in some cases to publish
>junk crypto.  If I can't publish a public key and the algorithm to use
>it, what good is it?

David does raise a valid point that I don't think Robert deals with - how
does fighting Clipper help us in the struggle to prevent the outlawing of
all non-Clipper crypto?  If the CPSR and other organizations spend their
political capital on a losing fight, does the credibility loss kill
effective future resistance?

While the Clipper proposal *as it stands now* is most likely a done deal,
there are ways to keep up the pressure to make sure it doesn't snowball:

  o  Mount effective resistance against the Wiretap proposal and *link the
two issues* in the eyes of the public.  This shouldn't be done completely
up front - instead, the association should begin to build after a few weeks
or months to ensure that the original message is received and is not
blocked out by the "you already lost Clipper" signal;

  o  Quote export sale figures of Clipper technology often and loud - I
don't see how any foreign company would let such suspect equipment on their
property, let alone use it to transmit anything sensitive.  I truly hope
I'm not wrong on this count - if the tech sells, the case against Clipper
becomes darn near unwinnable;

  o  Track Clipper equipment purchases by US entities that do not have
government contracts;

  o  Maintain close vigilance over the law enforcement community.  How many
mid-level drug dealers would be willing to use Clipper technology to
implicate their bosses in exchange for lighter sentences?  Expect this
tactic and similar ones to be used;

  o  Compile a list and analysis of all crypto software and equipment
available overseas and compare it to commonly used US techniques.  If the
exported stuff has identical or near-identical functionality to the US
tech, there's no case for Clipper.  Combine this analysis with the export
figures and industry is bound to take notice, with their Congressional reps
following. There should be a follow-up analysis on foreign purchases before
and after Clipper is introduced.  THE FIRST PART OF THIS DOCUMENT SHOULD BE
PREPARED IMMEDIATELY!!!  If someone hasn't already begun this survey, I'll
volunteer and will put out a call for information shortly.

This battle needs to be fought on our ground - the Administration is
defining how the argument is being carried out, for now. Do we know what
our ground is?  What strategy we'll take to counter the Administration's
initiative?  The list I just gave is a series of tactical devices that
could produce specific effects, all of which are USELESS without a coherent
strategy to apply the information gained.  Do I have any suggestions? 
Nope, not beyond the tactics I discussed above.  I am, however, going to
start some serious cogitating and hope to come up with something.

That last bit shouldn't be seen as a slam on the EFF or CPSR as I don't
know what level of planning they've invested in strategy.  What I do know
is that we've lost the initiative and need to regain it; these newsgroups
are a great place to start, but most of us agree on the basic principles
that information should be free etc. etc. etc.  Why should Middle America
care what happens to terrorists and dope pushers?  How long until
"electornic privacy advocates" join that elite group?  It isn't time to
push the PANIC BUTTON yet, but there needs to be a heightened sense of
urgency in everything we do to fight against the possibility that the
Administration wants to ban all non-Clipper crypto.

That possibility scares the hell out of me and is enough to make me act
RIGHT NOW!

Curtis Frye
PRIVATE! Citizen

I don't speak for MITRE, they don't speak for me.

>-------<

--
Best regards,

Curtis D. Frye - Economic Analyst, Software Alchemist, Aspiring Author
cfrye at ciis.mitre.org
"If you think I speak for MITRE, I'll tell you how much they
 pay me and make you feel foolish."







From qwerty at netcom.com  Tue Feb  8 09:30:49 1994
From: qwerty at netcom.com (Xenon)
Date: Tue, 8 Feb 94 09:30:49 PST
Subject: X's Last R.
Message-ID: <199402081729.JAA05241@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Disclaimer: The usual. Take this with a grain of salt. As propaganda, at
least its purpose is noble. In this, the final episode in the rant series,
the character Xenon is angry at the evil media-grubbing Cypherpunks for not
noticing, or worse ignoring, that PGP is indeed only "Pretty Good" when it
is considered in its present form.  I hope I haven't lost full respect due
to these essays. I did? Oh well ;-).

P.S. The new finger key server is very happy. Thank-you.

P.S.S Is it easy to modify PGP to remove its "convenience features"? How
about a utility that will strip away the "bare" encrypted message and later
restore it to life. The hell with checksums and the rest. I want my VGP! I
asked this on alt.security.pgp and the silence was amazing. Just a bunch of
flames, and one person who introduced me to steganography.

 -Nik (-=Xenon=-)

AnD br0ught t0 y0u by -=XeNoN=-, an0ther DaMNiNg CrItICism of the
Cypherpunk fad, er... m0vement.

"It'S NEW nEw NeW BuT We'Ll JuSt HiT ThAT 'd' KeY kEy kEY and iT's ByE bYe
DoN't MaKe mE THiNk! THeN, LikE AlWayS, We CAn iGn0re 0uR gReAT SelF
DeCePti0n tHaT wE HaVE a ReaL EncRYpToR. ThIS GuY iSn'T In 0uR Cli-PuBliC-
QuEy liTtlE E-cLuB anYWaY. He'S GoT n0 TitS. hE d0n'T CodE. We JUst WanT t0
TaLK AboUt PoLIticS, NoT bUidIng NeW T0oLs. PhiL DId ThAT ALrEaDy. HE mAdE
uS Co0l. wE LiKE t0 TalK AboUt US, sInCe In US liVEs PhiL. PhiL pHil PHil.
PgPGpGPgpGpGpGPgPgP. Lo0k wh0 SigNed My KeY! I'M oN mTv!"

"But when are you going to write VGP?", asks the quite voice of  humanity,
the ones who weren't invited to your e-party.

If VGP had a "random data block" output format, THEN it doesn't matter if
the Clipper Keys are known. "I'm sending a porno jpeg; my scanner isn't
that great, so it's noisy." Playboy can tag you for copyrights, but if the
fact that "noise" is really an encrypted message is ONLY known by
successfully decrypting it, then even random information highway spot-
checks would be useless. Are they going to outlaw noise? That's like trying
to legislate a change in the speed of light. I wish they WOULD outlaw
noise; it would make my stereo sound better. Phil Zimmerman didn't put a
backdoor in PGP. No, he put a front door. He fucked up, but like the
Founding Fathers who fucked up the Bill of Rights and the Constitution due
to their concern about keeping their Mercedes from the hands of the poor,
he's only human. "Encryption Always Wins." So write us a real encryptor.
Write VGP. Hurry up or I'm going to hire someone to do it for me, then you
wont be the next Phil Zimmerman, I will. Good programmers aren't cheap, but
luckily I don't have to hire a cryptographer, since the equations are
already in text books.

And if you think your a hacker, Cypherpunk, try hacking together a
complicated molecule sometime. The laws of nature constitute a mathematical
computer, and it's so much more rewarding to hack, cause God never updates
His CPU, and the programming language is beautiful and mysterious. Try
coding in DNA or in the language of chemical synthesis if you want to earn
the name "hacker". The interesting people out there are using Macs and
Windows for their personal e-mail. 100 million people who don't have the
time to learn command-line PGP, because their too busy running the world
and getting things done. Write them a fun encryptor and you will find you
have a lot more people who are worth talking to. Since MacPGP2.3 was
obviously never beta tested, it's just not up to snuff. With my guide, it
is at least usable without the frustrating 3 month learning curve needed
for each new user to make own bug work-arounds. At least Detweiler had the
insight to put a useful help feature into MacPGP to make up for the cryptic
documentation, and thus got his name on the startup screen.

I also think that the cryptographers, like the atomic scientists of only a
FEW years ago, should be just as concerned about the impact of their
science. The NSA is our friend damn it, no matter how irresponsible that
friend may at times be. The NSA has been through REAL wars, not internet
pranks. They are OUR National Security Agency. This isn't patriotism; it's
common sense. Tell them we want backdoors to be used for NATIONAL SECURITY
concerns, not to wiretap Greenpeace, and that we want SERIOUS assurances
about this. Let's get the NSA to realize they need to work WITH privacy
activists, not try to ignore or work against them. "Encryption Always
Wins." This isn't about political power and supercomputer resources. Us
versus them. It's about the laws of nature and science leading to
technology being available to the common man. But the government isn't
concerned yet because we haven't yet coded a real encryptor. All we have is
PGP. They can't read content, but they can, like anyone else, see that it
IS encrypted and most often find out who sent it to whom. Clipper also
allows anyone to start recording your Clipper calls NOW, even if they don't
have the keys yet. A random block output would mean anyone could record
your calls and never prove it was anything other than a noisy microphone or
a jpeg of Madonna.

Detweiler became an idiotic child with his "death threats" and "anarchy"
concerns limited to internet (World Wide Wiretap) remailers, added to the
fact that HE seems to be the only one abusing the remailers. He is just
noise (no pun), if this be a discussion of cryptography/anonymity. It
doesn't matter shit if a Detweiler or a Depew takes away our internet toys.
His biggest mistake was to take you guys seriously. Stop talking about the
internet and get serious. Think POSTAL SERVICE encrypted remailing
services, where the pass phrase stays in someone's head, and there is no e-
mail headers telling where that floppy hidden between two halves of a
postcard came from. Think encryption with random data block output. (Think
software to allow me to read that floppy after the rotational indexing is
lost when I separate the metal hub and later put one back on).

The "collapse of governments" claim might get a few rebellious school girls
in cheap leather to follow you home, but it's not worrying the NSA or the
tax man. "You want to drive on this highway? Pay up or go back home." "You
want that CAT scan? We accept cash." "You need unemployment support? Well,
you never paid your insurance tax." Encryption isn't going to end taxes. It
will just change the way they are collected. It will tie a service to your
payment of a tax. "You want us to shoot down that missile headed your way?
Sorry, your community didn't pay for military protection and we don't have
any strategic targets there." "You want to live in this community? Sorry
you have to pay this tax for military protection or you aren't welcome
here." "You want to sell secrets to IRAQ? We've bugged your left ear, the
one you use for the phone. Sorry about the ear ache we had to cause to get
you into the local hospital."

I think the time is coming when we are going to discover what our species
is really all about, since encryption will set us free to be ourselves, as
individuals. I think we will be pleasantly surprised. I just hope we don't
hurt each other trying to resist change. As Bucky Fuller said, "Utopia or
Oblivion." He also warned that we "NOW" (1969) have the technology to
provide everyone on this planet with adequate food and shelter, but that if
we don't give it to them, they are going to walk up that crunchy imported
gravel driveway, past your BMW, and kill you.

Was Phil Zimmerman a "Cypherpunk who wrote PGP"? Or are you guys just strip
mining the CRYPTOGRAPHY movement and selling it back to us at twice the
price? "Anarchy for sale." - Dead Kennedys.

Cypherpunks.
Cypherpunks.
Fuck off!

Send me a computer virus and I'll send you a REAL virus ;-). Stop talking
about the obsolete internet. It's just a primitive non-multimedia medium
for discussion about real life, real privacy, and real people's needs. The
information highway isn't likely to involve Unix or RFC standards. "Can I
send you a gigabyte of my latest movie? Or you can ftp it from my laptop.
You do have 2 gigs of RAM don't you?" Don't follow internet-like standards
when coding an encryptor ["PGP versions 2.3 and later use a new format for
encoding the message digest into the MPI in the signature packet, a format
which is compatible with RFC1425 (formerly RFC1115)." - Phil Zimmerman]. Do
something timeless and historically significant. Write a real encryptor.
Then it doesn't matter if everyone isn't using it, 'cause you're just
sending "noise", like everyone else. Who cares about Clipper? Don't argue
politics. Write code. Easy to use code. Plug and play user interfaces for
the Mac and Windows. Or who else you gonna talk to? E-lovers? E-people?

I'm not a "Cypherpunk", I'm a scientist. An introvert who values his
privacy. I don't need PGP, except for fun, to sign things, and to reduce
the most blatant internet privacy violations. For now it's the internet
standard, but Clipper is good enough for me, personally. It will keep those
around me who I do not wish to share my personal life with from reading my
e-mail and files on my floppies. I don't mind the NSA reading my e-mail.
But I do worry for others, who are trying to change the world in more
political ways, and fear that the NSA will not be the only ones with access
to the keys. PGP activism is just my latest hobby. I just want more people
to talk to, using PGP. I don't want my picture in Wired. You're not PUNKS.
Your just entertainment, until you get off the internet and WRITE A REAL
ENCRYPTOR. The bad guys love PGP. They don't want it to loose its
underground appeal, lest it become less popular and they can no longer
identify encrypted messages. See the big picture and do something useful,
or your just a bunch of e-yuppies worshipping money and attention as the
center of meaning in your life. Fun toys and babes. Die e-yuppie scum.
UNSUBSCRIBE.

 -=Xenon=-

P.S. Thanks for not putting my "Here's How to MacPGP!" guide on any of your
ftp sites. It would have lost its edge, mixed in with all the e-bullshit
already there about "anarchy" on the internet (WWW). And I might not have
had to send it to people by e-mail, people who don't know what ftp MEANS,
because they don't have the time to figure out stupid command-line
operating systems, the historical equivalent of programming via hard-wiring
or punch cards.

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVeCJwSzG6zrQn1RAQFnYwP/WAqeptD+rDCU9Cfyf91IJ6FPmkWJT/mF
5gGhhQmjuugn1VNTzifgh2R6aDtCMA8QkGYbsmSSsphHNhNQbPRhE7/dBj6xMq7F
RjTcfH3Ff1bNXE6y16AVnGGOdAuEEWwCSordu27sR9CJSKSnm2tTOMsxYxEOGsfZ
wX3E2atuek0=
=bYZ6
-----END PGP SIGNATURE-----






From m1tca00 at FRB.GOV  Tue Feb  8 09:46:47 1994
From: m1tca00 at FRB.GOV (Tom Allard)
Date: Tue, 8 Feb 94 09:46:47 PST
Subject: A serious question of ethics
In-Reply-To: <9402071839.AA15102@pmantis.berkeley.edu>
Message-ID: <9402081742.AA26012@mass6.FRB.GOV>



- --------
nobody at pmantis.berkeley.edu wrote:

> Does that mean that I no longer should report the open system (I don't 
> dare telnet there to find out if it is the same one)?

> Also, and I'm purely curious, what actually became of my anonymous 
> report, and do I need to be worried about SS agents in dark sunglasses 
> coming to my home and dragging me away?  (Truely worried and scared)

I work on the Federal Reserve *Board*'s Research Network.  This network
is hidden behind a firewall, and won't even let you finger (much less telnet)
into.

I sent your message to the network administrator, Janice Shack-Marquez
(m1jsm00 at frb.gov).  Obtw, Libby Flanagan has fled to the private sector
(lf at nwu.edu) where vendors can now give her coffee cups with filling out
forms.

Janice (quickly) got at least three people looking into the problem.
Bob Drzyzgula (m1rcd00 at frb.gov) found a machine that perfectly matched the
problems you described.  Bob contacted them, and they seem to have corrected
the problem.

Don't worry about black hats, though.  If anything gets investigated, it outta be
the district bank.

I *would* like to know the IP address you had connected to to verify that
we're talking about the same machine.  You can use the remailers, and encrypt
to my public key (available on the servers, key ID C744CD).  

All the "cool" secrets (wire transfers and the like) don't get anywhere NEAR
the internet.  The Federal Reserve System has a separate (yes, encrypted)
network for sharing data.  The Federal Reserve Banks are all "private"
companies, and several offer various other services (such as economic
bulletin boards and the like).  The Federal Reserve *Board* has Research
network (where I am) used to prepare statistical releases and act as a data
service for the Chairman & Governors.  The Board does not offer any services
to the internet (we should, but that's a long story).  The point of all this
is that you didn't really find anything very sensitive, although we do
appreciate closing gaping holes like that.

rgds-- TA  (tallard at frb.gov)
[awaiting approval of new disclaimer]
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D

              

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVekwaAudFplx0TNAQHOdAP/WqSUic8PwvEuCkdOBSPZVlxJFwTlYXr8
0lLhnJDgs8+tUPp0Vd9Atc7nsvQM3mZ56xOIWED21KBcBRpaNlUG4E6bT9QrKKDi
dwfR/sHHysdpHx9yB2xlpunlkeBw2jMDEm5YbusgZNHbVpt7AaixcqKVyRrL2wJM
aNaFwEBJFOM=
=gME3
-----END PGP SIGNATURE-----





From beep at how.com  Tue Feb  8 09:56:46 1994
From: beep at how.com (beep at how.com)
Date: Tue, 8 Feb 94 09:56:46 PST
Subject: Clipper Side-step
Message-ID: <9402081756.AA28824@wavefront.wti.com>



How about this as a way to stump Clipper?

Generate a dialog between you and a friend of no relevant consequence.
Load this sound byte into your system as a AIFC file (sound bite, or byte)
Encrypt data/message/information/recipe/whatever into the low-bits of
the sound bite.
Play message over Clipper-infested line to waiting system.

[ Yes, you could just encrypt a message and send it, but in the above
situation, fleas-on-the-line would not even know data was being transfered
as they listened to Aunt Agnes talk about broccoli casserole.             ]

Just bouncing ideas...





From mnemonic at eff.org  Tue Feb  8 10:00:49 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 8 Feb 94 10:00:49 PST
Subject: text of info file on Cantwell bill
Message-ID: <199402081756.MAA21918@eff.org>


Forwarded message:


From hughes at ah.com  Tue Feb  8 10:06:46 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 8 Feb 94 10:06:46 PST
Subject: Magic Money coins
In-Reply-To: <9402080759.AA00803@ah.com>
Message-ID: <9402081757.AA01579@ah.com>


In thinking about my own averaging technique for finding
near-identities, I realize it needs some modification.

Remember the example that 3 was a near-identity near n/2.  Well so is
5, and 7, and -3, -5, -7, etc.  Even though 3 (or -1) seems to be the
best of the near-inverses, any one whose action is sufficiently
bounded will do.

The new observation is that the candidates for near-inverses will be
clustered and not distributed flatly over the ring.  There will also
be more than one cluster.  So you've got two choices.  First make a
histogram of the candidate choices and only average by clusters.
Secondly, one might also be able to transpose the clusters onto each
other and average them all.  The inverse image of this transposition
may also yield more near-inverses.

I think that averaging can be made to work, but it's not obvious to me
exactly what the technique will be.

Eric





From hughes at ah.com  Tue Feb  8 10:10:50 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 8 Feb 94 10:10:50 PST
Subject: Magic Money -> Chaum Cash
In-Reply-To: <199402081025.CAA20709@jobe.shell.portal.com>
Message-ID: <9402081801.AA01592@ah.com>


>Based on Eric's long and mathematical
>explanation, which I did not fully understand and was therefore convinced
>by, 

An example of reputation-based proof by obscurity.

I hope the main point came out, though.  There are lots of parameters
to pick from, and therefore lots of attacks can be contemplated.

>I have changed the program to use full Chaum cash. 

Be careful when you say this.  Chaum has worked on lots of cash
protocols.  Better to say that you're now using a non-multiplicative
signature.

Eric





From nate at VIS.ColoState.EDU  Tue Feb  8 10:36:47 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Tue, 8 Feb 94 10:36:47 PST
Subject: change of address
Message-ID: <9402081834.AA19299@vangogh.VIS.ColoState.EDU>


-----BEGIN PGP SIGNED MESSAGE-----



To all my friends (and enemies) out there:

I have purchased myself a netcom account, so that I don't have
to worry about what the university thinks about my political
ideas and about my outspoken nature on privacy, etc.

My new address is  nates at netcom.com  (rather a clever login,
don't you think?)  All mail not pertaining to my office
work at teh visualization lab should be sent there.  My other 
addresses (nate at vis.colostate.edu, nate at lamar.colostate.edu,
nate at yuma.acns.colostate.edu, sammons at cs.colostate.edu and
ns111310 at longs.lance.colostate.edu) should still be used for
mail relating ot the Lab and my work there.

Thanks, and have fun!

- -nate

- -- 
+-----------------------------------------------------------------------+
| Nate Sammons <nates at netcom.com>                                       |
+-----------------------------------------------------------------------+

BTW, sorry for the boring sig, it'll get better!




From nates at netcom.com  Tue Feb  8 10:41:59 1994
From: nates at netcom.com (Nathaniel Sammons)
Date: Tue, 8 Feb 94 10:41:59 PST
Subject: changing info on a key?
Message-ID: <199402081842.KAA17179@mail.netcom.com>



Since I moved all my personal mail to netcom, I was wondering
how I could change my info in my key to reflect my
new identity?

thanks,

-nate





From qwerty-remailer at netcom.com  Tue Feb  8 10:42:00 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Tue, 8 Feb 94 10:42:00 PST
Subject: Clipper Side-step
Message-ID: <199402081842.KAA22638@mail.netcom.com>


Beep say,
"How about this as a way to stump Clipper?

Generate a dialog between you and a friend of no relevant consequence.
Load this sound byte into your system as a AIFC file (sound bite, or byte)
Encrypt data/message/information/recipe/whatever into the low-bits of
the sound bite."

See my post "X's Last R". The problem is that PGP tattle tales on itself, it
having no raw encrypted message output format (~indistinguishable from random
data), and thus reverse steganography is trivial and can be automated. It could
be less trivial if you use a steganography (hiding a message in another
message) along with a secret scrambling routine for PGP messages, but then
you are in the silly situation of "encrypting" an already encrypted PGP
message!

 -=Xenon=-






From hughes at ah.com  Tue Feb  8 11:06:49 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 8 Feb 94 11:06:49 PST
Subject: I support HR 3627
Message-ID: <9402081845.AA01784@ah.com>


Hey.  You.

Have you sent your letter of support to Rep. Cantwell yet?

It's now even easier than ever!

Just reply to this very message with your reasons for supporting the
bill (it's to allow export of crypto software, dummy), and your mail
will be automagically sent to the correct EFF address with the right
subject line.

(And don't include this message, OK?)

For the full text of the bill, see any of the following:
	ftp://ftp.eff.org/pub/Policy/Legislation/cantwell.bill
	http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill
	gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill

Eric





From danisch at ira.uka.de  Tue Feb  8 11:16:50 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Tue, 8 Feb 94 11:16:50 PST
Subject: Insecurity of anonymous remailers
Message-ID: <9402081913.AA00297@deathstar.iaks.ira.uka.de>



> From owner-cypherpunks at toad.com Sat Feb  5 21:55:58 1994
> Date: Sat, 5 Feb 1994 15:21:18 -0500 (EST)
> From:  MatthewJ Ghio <mg5n+ at andrew.cmu.edu>
> To: Cypherpunks Mailing List <cypherpunks at toad.com>
> Subject: Info on anonymous remailers
> Content-Length: 1429
> 

Matthew J Ghio wrote:

> I am pleased to report on the performance of our two newest remailers,
> qwerty at netcom.com and nate at vis.colostate.edu.  Both remailers had a very
> good response time.

Is it really a good idea to make anonymous remailers work so fast?
Everyone who can analyze the traffic of anonymous remailers and
can read the from/to header lines, the message size and the 
transfer dates immediately knows who sent mail to whom. 

The make the remailers more safe, I would suggest to modify the
software:

Every message must be sliced into pieces of standardized size
( e.g. 8K or 500 lines ). It should be possible to send the
pieces over different channels. Every server should collect 
pieces and keep them a random time. Perhaps they could be
collected until 10MByte of pieces are collected and then they
can be sent out all. Every piece could contain a time limit
which may not be exceeded by the servers. Higher limit means
more confusion for a spy trying to follow this packet. The
packets should be recyphered by every hop. They could have
a random tail who's length is changed by a hop. A traffic
spy could not find out which input and which output packets
correspond.

Hadmut






From hughes at ah.com  Tue Feb  8 11:20:52 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 8 Feb 94 11:20:52 PST
Subject: on Fedwire and FRCS-80
In-Reply-To: <9402081742.AA26012@mass6.FRB.GOV>
Message-ID: <9402081910.AA01888@ah.com>


>All the "cool" secrets (wire transfers and the like) don't get anywhere NEAR
>the internet.  The Federal Reserve System has a separate (yes, encrypted)
>network for sharing data.  

A touchy spot?  Interestingly enough, the Fedwire network was only
recently encrypted.

The following information comes from a GAO report _Electronic Funds
Transfer: Oversight of Critical Banking Systems Should Be
Strengthened_.  GAO/IMTEC-90-14.  To get a fre copy, call 202-512-6000
or fax 301-258-4066.  And if you pay US taxes, you've already paid for
it!

In a reply letter from the Board of Governers of the Federal Reserve
System, they talk about FRCS-80, the Federal Reserve Communications
System, implemented in 1982.  In September 1989 a request for proposal
went out to encrypt the backbone network.  Encryption was supposed to
have been completed in the first half of 1990.  (I hear that it
slipped.  Given that FRCS-80 was implemented in '82, are we
surprised?)

I understand that Fedwire-II is now in operation, but I don't know if
that's new hardware and/or new software.

Here's the curious thing.  DES came out in 1976, and was supposed to
be secure for financial communications.  FRCS-80 had plenty of
opportunity to use DES, but didn't, for at least the first eight years
of operation.

Hmm.

And save the conspiracy theories about the Federal Reserve for
alt.conspiracy, please.

Eric





From ssteele at eff.org  Tue Feb  8 09:50:52 1994
From: ssteele at eff.org (Shari Steele)
Date: Tue, 8 Feb 1994 12:50:52 -0500
Subject: text of info file on Cantwell bill
Message-ID: <199402081750.MAA21823@eff.org>

Following are Representative Maria Cantwell's remarks to the House of
Representatives when she introduced H.R. 3627, Legislation to Amend the
Export Administration Act of 1979.  Her synopsis of the bill appears at the
end.  These remarks appeared in the Congressional Record on November 24,
1993, at Volume 139, Page 3110.

Please write to Rep. Cantwell today at cantwell at eff.org letting her know
you support her bill. In the Subject header of your message, type "I
support HR 3627." In the body of your message, express your reasons for
supporting the bill. EFF will deliver printouts of all letters to Rep.
Cantwell. With a strong showing of support from the Net community, Rep.
Cantwell can tell her colleagues on Capitol Hill that encryption is not
only an industry concern, but also a grassroots issue. *Again: remember to
put "I support HR 3627" in your Subject header.*

The text of the Cantwell bill can be found with the any of the following
URLs (Universal Resource Locaters):

ftp://ftp.eff.org/pub/Policy/Legislation/cantwell.bill
http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill
gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill


**********************************************************************

        Mr. Speaker, I am today introducing legislation to amend the Export
Administration Act of 1979 to liberalize export controls on software with
encryption capabilities.

        A vital American industry is directly threatened by unilateral U.S.
Government export controls which prevent our companies from meeting
worldwide user demand for software that includes encryption capabilities to
protect computer data against unauthorized disclosure, theft, or
alteration.

        The legislation I am introducing today is needed to ensure that
American companies do not lose critical international markets to foreign
competitors that operate without significant export restrictions. Without
this legislation, American software companies, some of America's star
economic performers, have estimated they stand to lose between $6 and $9
billion in revenue each year. American hardware companies are already
losing hundreds of millions of dollars in lost computer system sales
because increasingly sales are dependent on the ability of a U.S. firm to
offer encryption as a feature of an integrated customer solution involving
hardware, software, and services.

        The United States' export control system is broken. It was designed
as a tool of the cold-war, to help fight against enemies that no longer
exist. The myriad of Federal agencies responsible for controlling the flow
of exports from our country must have a new charter, recognizing today's
realities.

        Next year, the House Foreign Affairs Subcommittee of Economic
Policy, Trade and the Environment, of which I am a member, will be marking
up legislation to overhaul the Export Administration Act. It is my hope
that the legislation I introduce today will be included in the final Export
Administration Act rewrite.

        This legislation takes some important steps to resolve a serious
problem facing some of our most dynamic industries. It would give the
Secretary of Commerce exclusive authority over dual use information
security programs and products, eliminates the requirement for export
licenses for generally available software with encryption capabilities, and
requires the Secretary to grant such validated licenses for exports of
other software with encryption capabilities to any country to which we
already approve exports for foreign financial institutions.

        The importance of this legislation cannot be overstated. America's
computer software and hardware companies, including such well-known
companies as Apple, DEC, Hewlett-Packard, IBM, Lotus, Microsoft, Novell,
and WordPerfect, have been among the country's most internationally
competitive firms earning more than one-half of their revenues from
exports.

        The success of American software and hardware companies overseas is
particularly dramatic and the importance of foreign markets is growing.
Currently, American software companies hold a 75 percent worldwide market
share and many derive over 50 percent of their revenues from foreign sales.
American computer hardware manufacturers earn more than 60 percent of their
revenues from exports.

        As my colleagues are well-aware, we are participants in a new
information age that is quickly transforming local and national
marketplaces and creating new international marketplaces where none
previously existed. President Clinton and Vice President Gore have both
spent considerable time explaining their vision of the National Information
Infrastructure that is essential to our continued economic growth.

        Part of that infrastructure is already in place. International
business transactions that just a few years ago took days or weeks or
months to complete can now be accomplished in minutes.

        Driving this marketplace transformation is the personal computer.
And, at the heart of every personal computer is computer software. Even the
most computer illiterate of us recognize that during the past decade,
computer prices have dropped dramatically while computer capabilities have
increased exponentially. That combination has made it possible to exchange
information and conduct business at a scale that was considered science
fiction only a few years ago.

        Indeed, we all now rely on computer networks to conduct business
and exchange information. Whether it be the electronic mail or "e-mail"
system that we all now use in our congressional offices or the automated
teller system relied on to conduct our personal financial affairs, we rely
on computer networks of information.

        In the future, individuals will use information technologies to
conduct virtually any of the routine transactions that they do today in
person, over the telephone, and through paper files. From personal
computers at home, in schools, and in public libraries, they will access
books, magazine articles, videos, and multimedia resources on any topic
they want. People will use computer networks to locate and access
information about virtually any subject imaginable, such as background on
the candidates in local political races, information on job opportunities
in distant cities, the weather in the city or country they will be visiting
on their vacation, and the highlights of specific sports events.

        Consumers will use their computers and smart televisions to shop
and pay for everything from clothing and household goods to airline
tickets, insurance, and all types of on-line services. Electronic records
of the items they purchase and their credit histories will be easy to
compile and maintain.

        Individuals will access home health programs from their personal
computers for instant advice on medical questions, including mental health
problems, information about the symptoms of AIDS, and a variety of personal
concerns that they would not want other family members, or their neighbors
and employers to know about. They will renew their prescriptions and obtain
copies of their lab results electronically.

        The U.S. economy is becoming increasingly reliant on this
information network. While we may not often think about these networks,
they now affect every facet of our professional, business, and personal
lives. They are present when we make an airline reservation; when we use a
credit card to make a purchase; or when we visit a doctor who relies on a
computer network to store our medical information or to assist in making a
diagnosis. These networks contain information concerning every facet of our
lives.

        For businesses, the reliance on information security is even
greater. While businesses rely on the same commercial use networks that
individual consumers use, in addition, businesses are now transmitting
information across national and international borders with the same ease
that the information was once transmitted between floors of the same office
building.

        While all of this information exchange brings with it increased
efficiencies and lower operating costs, it has also brought with it the
need to protect the information from improper use and tampering.

Information security is quickly becoming a top priority for businesses that
rely on computer networks to conduct business. According to a recent survey
of Fortune 500 companies conducted for the Business Software Alliance, 90
percent of the participants said that information security was important to
their operations. Indeed, almost half of the Fortune 500 companies surveyed
recently stated that data encryption was important to protect their
information. One third of those companies said they look for encryption
capabilities when buying software.

        The challenge for information security can be met by America's
computer companies. American companies are deeply involved in efforts to
ensure that the information transmitted on computer networks is secure.
Numerous companies have developed and are developing software products with
encryption capabilities that can ensure that transmitted information is
received only by the intended user and that it is received in an unaltered
form. Those encryption capabilities are based on mathematical formulas or
logarithms of such a size that makes it almost impossible to corrupt data
sources or intercept information being transmitted.

        I wish I could stand here today and tell my colleagues that U.S.
export control laws were working and encryption technology was only
available to American software companies.

        However, this is not the case. Sophisticated encryption technology
has been available as a published public standard for over a decade and
many private sources, both domestic and foreign, have developed encryption
technology that they are marketing to customers today. It is an industry
where commercial competition is fierce and success will go to the swift.

        Software is being developed and manufactured with encryption
capabilities for the simple reason that software customers are demanding
it. Computer users recognize the vulnerability of our information systems
to corruption and improper use and are insisting on protection. That
protection will be purchased or obtained from American companies or from
foreign software companies. The choice is not whether the protection will
be obtained, but from which company.

        Incredible as it may seem to most of my colleagues, the Executive
Branch has seen fit to regulate exports of American computer software with
encryption capabilities -- that is, the same software that is available
across the counter at your local Egghead or Computerland software store --
munitions and thereby substantially prohibit its export to foreign
customers. This policy, which has all the practical effect of shutting the
barn door after the horses have left in preventing access to software with
encryption capabilities, does have the actual detrimental effect of
seriously endangering sales of both generally available American software
and American computer systems.

        This is because increasingly sales are dependent on the ability of
a U.S. firm to offer encryption as a feature of an integrated customer
solution involving hardware, software and services.

        Indeed, software can be exported abroad by the simplest measures
and our intelligence gathering agencies have no hope of ever preventing it.
Unlike most munitions that are on the prohibited export list, generally
available software with encryption capabilities can be purchased without
any record by anyone from thousands of commercial retail outlets, or
ordered from hundreds of commercial mail order houses, or obtained for free
from computer bulletin boards or networks. Once obtained, it can be
exported on a single indistinguishable floppy disk in the coat pocket of
any traveler or in any business envelope mailed abroad.

        Moreover, both generally available and customized software can be
exported without anyone ever actually leaving the United States. All that
is necessary are two computers with modems, one located in the United
States and one located abroad. A simple international phone call and a few
minutes is all that it takes to export any software program.

        Once a software program with encryption capabilities is in a
foreign country, any computer can act as a duplicating machine, producing
as many perfect copies of the software as needed. The end result is that
the software is widely available to foreign users.

        All this was demonstrated at a hearing held on October 12 by
Chairman Gejdenson's Economic Policy Trade and Environment Subcommittee of
the Foreign Affairs Committee.

        Furthermore, while current Executive Branch policy regulates the
export of American manufactured software with encryption capabilities, it
is obviously powerless to prevent the development and manufacture of such
software by foreign competitors. Not surprisingly, that is exactly what is
happening. We heard testimony at the subcommittee's hearing that over 200
foreign hardware, software and combination products for text, file, and
data encryption are available from 20 foreign countries. As a result,
foreign customers, that have, in the past, spent their software dollars on
American-made software, are now being forced, by American policy, to buy
foreign software -- and in some cases, entire foreign computer systems. The
real impact of these policies is that customers and revenue are being lost
with little hope of regaining them, once lost. All precipitated by a
well-intentioned, but completely misguided and inappropriate policy.

        There were efforts, in the last Congress to correct this policy. In
response, the Bush Administration did, in fact, marginally improve its
export licensing process with regard to mass market software with limited
encryption capabilities. However, those changes are simply insufficient to
eliminate the damage being done to American software companies.

        My legislation is strongly supported by the Business Software
Alliance. The Business Software Alliance represents the leading American
software businesses, including Aldus, Apple Computer, Autodesk, Borland
International, Computer Associates, GO Corp., Lotus Development, Microsoft,
Novell, and WordPerfect. In addition, Adobe Systems, Central Point, Santa
Cruz Operation, and Symantec are members of BSA's European operation.
Together, BSA members represent 70 percent of PC software sales.

        The legislation is also supported by the Industry Coalition on
Technology Transfer, an umbrella group representing 10 industry groups
including the Aerospace Industries Association, American Electronic
Association, Electronics Industry Association, and Computer and Business
Equipment Manufacturing Association.

        All these companies are at the forefront of the software
revolution. Their software, developed for commercial markets, is available
throughout the world and is at the core of the information revolution. They
represent the finest of America's future in the international marketplace,
and the industry has repeatedly been recognized as crucial to America's
technological leadership in the 21st century.

        My legislation is straightforward. It would allow American
companies to sell the commercial software they develop in the United States
to their overseas customers including our European allies -- something that
is very difficult if not impossible under present policies.

        I urge my colleagues to support this legislation and ask unanimous
consent that the text of the bill and a section-by-section explanation be
printed at this point.

************************************************************************

Section-By-Section Analysis of Report Control Liberalization for
Information Security Programs and Products

Section 1

        Section 1 amends the Export Administration Act by adding a new
subsection that specifically addresses exports of computer hardware,
software and technology for information security including encryption. The
new subsection has three basic provisions.

        First, it gives the Secretary of Commerce exclusive authority over
the export of such programs and products except those which are
specifically designed for military use, including command, control and
intelligence applications or for deciphering encrypted information.

        Second, the government is generally prohibited from requiring a
validated export license for the export of generally available software
(e.g., mass market commercial or public domain software) or computer
hardware simply because it incorporates such software.

        Importantly, however, the Secretary will be able to continue
controls on countries of terrorists concern (like Libya, Syria, and Iran)
or other embargoed countries (like Cuba and North Korea) pursuant to the
Trading With The Enemy Act or the International Emergency Economic Powers
Act (except for instances where IEEPA is employed to extend EAA-based
controls when the EAA is not in force).

        Third, the Secretary is required to grant validated licenses for
exports of software to commercial users in any country to which exports of
such software has been approved for use by foreign financial institutions.
Importantly, the Secretary is not required to grant such export approvals
if there is substantial evidence that the software will be diverted or
modified for military or terrorists' end-use or re-exported without
requisite U.S. authorization.

Section 2

        Section 2 provides definitions necessary for the proper
implementation of the substantive provisions. For example, generally
available software is offered for sale or licensed to the public without
restriction and available through standard commercial channels of
distribution, is sold as is without further customization, and is designed
so as to be installed by the purchaser without additional assistance from
the publisher. Computer hardware and computing devices are also defined.







From mech at eff.org  Tue Feb  8 13:06:55 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 8 Feb 94 13:06:55 PST
Subject: Cantwell letter campaign - update
Message-ID: <199402082104.QAA28093@eff.org>


In less that 24 hours, EFF has already received over *five hundred*
letters in support of the Cantwell bill (which aims to take public crypto
off the munitions list and relax export restrictions).  Keep it up folks! 

If you'd like to add your voice to these letters, all of which will be
delivered in hardcopy to Rep. Cantwell, send a "Subject: I support HR3627"
message to cantwell at eff.org 

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From ebrandt at jarthur.Claremont.EDU  Tue Feb  8 13:07:09 1994
From: ebrandt at jarthur.Claremont.EDU (Eli Brandt)
Date: Tue, 8 Feb 94 13:07:09 PST
Subject: Clipper Side-step
In-Reply-To: <9402081756.AA28824@wavefront.wti.com>
Message-ID: <9402082106.AA16501@toad.com>


> How about this as a way to stump Clipper?
[...]
> Encrypt data/message/information/recipe/whatever into the low-bits of
> the sound bite.

The low bits would probably be destroyed just by transmission over
your average voice line.  Worse, Clipperfones will compress the
input speech before encryption.  The only respectable audio
compression algorithms are lossy, and they will assuredly stomp on
your low bits.  Nor can you expect other modulations to survive
(e.g. the "data --> 212A --> Clipper --> 212A --> data" approach).

Given knowledge of the audio model used, you could take your data
stream and put it through the decompressor end.  The resultant
audio would be invariant under the lossy compression/decompression.

/--  sender  --\ /----          Clipper phone          ----\  /--  rcvr  --\
data->decompress->compress->encrypt,send,decrypt->decompress->compress->data
      \--   (cancel)   --/			  \--   (cancel)   --/

This would probably end up being manufacturer-specific and a real
pain.  Subverting a Capstone-based datacomm device would be easier.

   Eli   ebrandt at jarthur.claremont.edu





From olo at netcom.com  Tue Feb  8 13:20:53 1994
From: olo at netcom.com (Bob Olodort)
Date: Tue, 8 Feb 94 13:20:53 PST
Subject: unsubscribe
Message-ID: <199402082117.NAA28391@mail.netcom.com>


Gee, I'd really like to get off the subscription list.  Have sent 2 or 3
requests as instructed to cypherpunks-request, but my mailbox still fills
to overcapacity.





From mg5n+ at andrew.cmu.edu  Tue Feb  8 14:00:53 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Tue, 8 Feb 94 14:00:53 PST
Subject: Insecurity of anonymous remailers
In-Reply-To: <9402081913.AA00297@deathstar.iaks.ira.uka.de>
Message-ID: <MhK0fr600awIJHyEVt@andrew.cmu.edu>


danisch at ira.uka.de (Hadmut Danisch) wrote:

> Matthew J Ghio wrote:
> 
> > I am pleased to report on the performance of our two newest remailers,
> > qwerty at netcom.com and nate at vis.colostate.edu.  Both remailers had
> > a very good response time.
> 
> Is it really a good idea to make anonymous remailers work so fast?
> Everyone who can analyze the traffic of anonymous remailers and
> can read the from/to header lines, the message size and the
> transfer dates immediately knows who sent mail to whom. 

True.  I think it depends on what your intended purpose is for using a
remailer.  If you just want to post an anonymous message, faster would
be better for sake of keeping with the conversation.  If you really want
to communicate securely, you can use remailers such as
elee9sf at menudo.uh.edu which batches messages out at midnite and adds
random padding, or remail at extropia.wimsey.com which offers encryption
and adds a random delay.





From rcain at netcom.com  Tue Feb  8 14:22:03 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 8 Feb 94 14:22:03 PST
Subject: Crypto Regulation Reform
In-Reply-To: <9402052019.AA10570@vail.tivoli.com>
Message-ID: <199402082221.OAA10284@mail.netcom.com>


Mike McNally sez:
> 
> 
> Robert Cain writes:
>  > A device can be made right now at lower cost
>  > than a computer modem, much lower, that could be inserted between any
>  > phone and the wall that would make it impossible, no matter what laws
>  > are in place, to tap either passively or acitively, communication that
>  > passes between two of these devices.  I know how to do it, could do it
>  > and probably will just for the fun of it at least.  
> 
> Uhh, could you tell us?

'Fraid not.  I want to patent it and profit from it.  As a
hardware/software development engineer I stand diametrically opposed to
the FSF gang.

> Sounds like quite a breakthrough.  Credit
> card sized?  Much cheaper than a modem, like $50 maybe?  And it
> digititizes and securely encrypts speech (full duplex?) on the fly?

Well, making it credit card sized and cheaper than a modem is not all
that difficult.  An AT&T VSELP chip based on their DSP1616 with some
firmware added for primative modem capability, some firmware for the
encryption and a couple of codec chips fits the bill nicely.  I do have
a breakthrough though and that is in the area of a key exchange
protocol that can detect an active spoof, a problem unsolvable in theory
(at least in the opinion of Whit Diffie, Marty Hellman and Ron Rivest)
but solvable to any desired degree of confidence in practice.  In fact
in the most common situation that I would expect it to be used, it is
provably secure against a spoof.  I can't say any more about how that
works but some fine mathematicians and some crypto names most of you
know have witnessed and validated it.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From hlin at nas.edu  Tue Feb  8 14:30:53 1994
From: hlin at nas.edu (Herb Lin)
Date: Tue, 8 Feb 94 14:30:53 PST
Subject: Study of national cryptography policy
Message-ID: <9401087607.AA760757031@nas.edu>



February 3, 1994

To: Whom It May Concern
Subject: A Study of National Cryptography Policy

This message should be forwarded to any and all individuals or groups that
may be interested.

-----------------------------------------------

In a message broadcast electronically and by fax in December 1993, the
Computer Science and Telecommunications Board (CSTB) of the National
Research Council (NRC) issued a call for nominations of possible committee
members who would undertake a study of national policy with respect to the
use and regulation of cryptography.  This report was requested by the U.S.
Congress in the Defense Authorization Bill for FY 1994.

That message said that ALL committee members (and associated staff) would
have to be cleared at the "SI/TK" level.  Since that time, there has been some
discussion of a study that would only require SOME members of the study
committee to be cleared.  Thus, in the interests of casting the broadest
possible net to capture the necessary expertise, we are re-issuing the call for
nominations to find those people who otherwise fit the criteria below but who
would have been reluctant to accept security clearances or to undergo the
required investigation.

It is expected that the study committee will be a high-level group that will
command credibility and respect across the range of government, academic,
commercial, and private interests.  The committee will include members with
expertise in areas such as:

  - relevant computer and communications technology;
  - cryptographic technologies and cryptanalysis;
  - foreign, national security, and intelligence affairs;
  - law enforcement;
  - commercial interests (both users and technology vendors); and
  - privacy and consumer interests.

Committee members will be chosen for their stature, expertise, and seniority
in their fields; their willingness to listen and consider fairly other points of
view; and their ability to contribute to the formulation of consensus
positions.
The committee as a whole will be chosen to reflect the range of judgment and
opinion on the subject under consideration.

Note that NRC rules regarding conflict of interest forbid the selection as
committee members of individuals that have substantial personal financial
interests that might be significantly affected by the outcome of the study; in
addition, individuals currently employed by the federal government are
ineligible to serve on the study committee.

Please forward suggestions for people to participate in this project to
CSTB at NAS.EDU by February 11, 1993; please include their institutional
affiliations, their field(s) of expertise, a note describing how the criteria
described above apply to them, and a way to contact them.  For our
administrative convenience, please put in the "SUBJECT:" field of your
message the words "crypto person".

If you would like a copy of the original solicitation, please send a request to
CSTB at NAS.EDU.

On the National Research Council

The National Research Council (NRC) is the operating arm of the Academy
complex, which includes the National Academy of Sciences, the National
Academy of Engineering, and the Institute of Medicine. The NRC is a source
of impartial and independent advice to the federal government and other
policy makers that is able to bring to bear the best scientific and technical
talent in the nation to answer questions of national significance.  In addition,
it often acts as a neutral party in convening meetings among multiple
stakeholders on any given issue, thereby facilitating the generation of
consensus on controversial issues.

The Computer Science and Telecommunications Board (CSTB) of the NRC
considers technical and policy issues pertaining to computer science,
telecommunications, and associated technologies.  CSTB monitors the health
of the computer science, computing technology, and telecommunications
fields, including attention as appropriate to the issues of human resources and
information infrastructure and initiates studies involving computer science,
computing technology, and telecommunications as critical resources and
sources of national economic strength.  A list of CSTB publications is
available on request.





From mg5n+ at andrew.cmu.edu  Tue Feb  8 14:32:01 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Tue, 8 Feb 94 14:32:01 PST
Subject: What's a "real encryptor"?
In-Reply-To: <199402080814.AAA17429@mail.netcom.com>
Message-ID: <ghK194200awHJYq0de@andrew.cmu.edu>


Xenon, you could make your point a lot clearer if you wouldn't detweil
so much in your posts.  But let me propose a technique that I think
would be what you meant to define as a "real encryptor".

Take a file and encrypt it by taking the first block of data and using
it as a key to encrypt the rest of the file.  Than take the beginning of
the file and encrypt it with RSA.  Therefore, since you need to know the
first block of plaintext to decode the rest of the file, you could only
decode the file if you first decoded the RSA block.  Perhaps some random
padding could also be added, and a random session key inside the RSA. 
The file would have no identifying markers to show what key it was
encrypted with, or what key was needed to decrypt it.  Is this what you
wanted?  I think I could hack that...

And a little flame: Before you put down our software, try writing some
of your own.





From mengel at dcdmwm.fnal.gov  Tue Feb  8 14:47:02 1994
From: mengel at dcdmwm.fnal.gov (Marc W. Mengel)
Date: Tue, 8 Feb 94 14:47:02 PST
Subject: Minor suggestion
Message-ID: <9402082242.AA34497@dcdmwm.fnal.gov>



	The info in the pub ftp sites about the cypherpunks mailing
	list should probably make a mention of the volume of mail
	currently piled onto subscribers.  This would probably greatly
	reduce the number of subscribers who bail out a few days later
	and get on just the announce list (like me :-))...

	Marc





From rsavel at welchlink.welch.jhu.edu  Tue Feb  8 14:47:13 1994
From: rsavel at welchlink.welch.jhu.edu (Richard Savel)
Date: Tue, 8 Feb 94 14:47:13 PST
Subject: No Subject
Message-ID: <Pine.3.87.9402081754.A3122-0100000@welchlink.welch.jhu.edu>


please take me off this list

thanks very much

Richard Savel
rsavel at welchlink.welch.jhu.edu







From anonymous at extropia.wimsey.com  Tue Feb  8 14:50:53 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Tue, 8 Feb 94 14:50:53 PST
Subject: Drop Oceania Thread Now
Message-ID: <199402082227.AA24937@xtropia>


 * Reply to msg originally in CYPHERPUNKS

 > I was just wondering what sort of business one might engage in in
 > Oceania?...
 
Please cease this Oceania thread.  The cypherpunks list is already
bloated to bursting with off-topic posts.

Thanks.





From rcain at netcom.com  Tue Feb  8 14:52:02 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 8 Feb 94 14:52:02 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <199402052205.OAA06854@jobe.shell.portal.com>
Message-ID: <199402082250.OAA13339@mail.netcom.com>


Hal sez:
> 
> Quite a few misconceptions here, I'm afraid:

That'll teach me to write these things purely from memory without
my references.

> 
> From: rcain at netcom.com (Robert Cain)
> > In the Diffie-Hellman exchange there is a well-known-prime, w, and a
> > well-knwon-modulus, m.
> 
> w is supposed to be a "generator" of the group of integers mod m.  It does
> not have to be prime.  It is supposed to be such that the series w**0, w**1,
> w**2,...,w**m-1 does not repeat but goes through all the integers less than m.
> Testing for such w's is pretty easy if you know the factorization of m,
> involving a few arithmetic tests.

Yes, I remember that now about w but I believe that m should be prime.

> 
> > For those interested that don't know I think
> > it then proceeds as follows (don't have notes in front of me so please
> > someone correct me if I'm misremembering it) where ** is the power or
> > exponentiation operator and % is the modulus operator:
> > 
> > 	1) Bob generates a one time random prime, b, then computes
> 
> b does not have to be prime; it is a random number less than m.

Absolutely correct.

> 
> > 		B = (w ** b) % m
> > 	   and sends B to Carol.
> > 
> > 	2) Carol generates a one time random prime, c, then computes
> 
> Likewise, c does not have to be prime; it is a random number less than m.

Again, correct.

> 
> > 		C = (w ** c) % m
> > 	   and sends C to Bob.
> > 
> > 	3) Bob generates a session key:
> 
> Carol does this, not Bob.
> 
> > 		K = (B ** c) % m
> > 
> > 	4) Carol generates a session key:
> 
> Bob does this, not Carol.

Oops, one more check of those equations and that would probabaly have
jumped out at me.  Sorry for swapping them (but as a newbie here I now
know that you folks have your chops (a drumming term) when it comes
to the math of this stuff.)

> 
> > Now, the tutorial over :-), the question is; is there a "standard"
> > well-known-prime, w, and a "standard" well-known-modulus, m, and if
>              ^^^^^-- generator
> > not, let's define one.
> 
> I don't think there is a need for this.  The two sides need to agree on
> a pair but they could just pick it at the beginning.  If everyone uses
> the same m,w it would help attackers of the scheme to focus their efforts
> on these numbers.  I believe there was some discussion of using well-known
> numbers in the Digital Signature Standard (which is based on the same
> problem as DH) but I don't know what the resolution was.

Well, any two pair of boxes that are going to employ this have to use
the same numbers obviously so they will be available to crunch any
given exchange against and the only thing anyone can "focus their
efforts" on is the exchange itself and I don't think knowing w amd
m for a long time helps that problem any.

I am just think that a pair should be selected, every implementation
should use them to help with interoperability and they should be
defined with simply stated, remembered and coded algorithms rather
than just a long string of digits.

> 
> > I suppose that PGP uses a well known pair but
> > they are big and not easy to hand around without going through media (I
> > think.)
> 
> PGP does not uses DH and has no well known numbers.

Ah, I assumed it did somewhere because Phil and I had a fair bit of
email about this last year and he convinced me that D-H was the way to
go because cracking one session gives no help toward breaking the next
one.

> 
> If you do want well known numbers, I really think it will not be that bad
> just to put them into the program.  Coming up with an algorithm to choose
> and test a generator from scratch is probably going to be larger and
> certainly going to be far slower than just hard-wiring the number in.

Maybe larger but I'll bet a lot easier to remember.  :-)  The slowness
need not be a factor since a developer only need generate them once and
save them in non-volatile ram which will be required for public keys
anyway.  If they just exist as numbers, we have to get them on some
media that we can then use to transfer them into a device or type them
in.  It just seems easier if a simple algorithm could be specified.
I'm not anal about this I just thought it an easier way and one that
is more likely to insure interoperability.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From rcain at netcom.com  Tue Feb  8 15:27:02 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 8 Feb 94 15:27:02 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <9402052233.AA04867@toad.com>
Message-ID: <199402082324.PAA16784@mail.netcom.com>


smb at research.att.com sez:
> 
> Two problems...  First, many attacks on the discrete log problem are
> based on massive precomputation for a known modulus.  That probably
> isn't an issue when you get to ~1K bits (*not* digits!).

Hey, some of us have forgotton there are other number bases than
binary.  :-)

> Second, you
> need to specify things far more concretely, and in particular define
> the random number generation process.  You can't pick w till you know m.

I don't remember that a good w depends on m but if a well-known m
could be calculated that is prime and big enough (I suggested a way
to do this via algorithm) then it seems you are saying that a w
would then follow algoritmically from the choice of m.  Right?

> 
> 	 I've found a solution to this that is more than sufficiently secure in
> 	 practice and even theoretically secure in most practical situations.
> 
> Well, I'd certainly be interested in hearing about it...

With a little luck you shall.  I want to apply for a patent on it
first but have been reluctant (as well as too poor) to file because
I fear it being snagged at the application stage by the national
security laws that I am told allow them to do that and stamp it
top secret.  Can anybody verify or debunk that?

> There have
> been a number of mechanisms for preventing eavesdropping with DH;
> a lot depends on what assumptions you want to make.  My attempts --
> which involve the two parties sharing a weak (i.e., PIN- or password-grade
> secret) can be found in /dist/smb/{neke,aeke}.ps on research.att.com.

Yes, when there is private sharing of any info, several means exist
that are secure but that leaves the problem of exchanging this info
securely in the first place.  My method obviates the need for any prior
exchange.  I have ftp'ed your papers and mailed them to where I have a
PostScript printer.  I'm anxious to see what you have done.

> There's also Rivest and Shamir's Interlock Protocol (April '84 CACM).
> Davies and Price suggest using it for authentication, but Mike Merritt
> and I showed that that doesn't work under certain circumstances.

Yep, it has been found wanting.  There was some strong reason I found
it not applicable to my voice application but without my notes I cannot
recall it.  I spoke with Ron about that at last year's RSA conference
and he concurred.  Damned aging memory.  :-(


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From warlord at MIT.EDU  Tue Feb  8 15:37:02 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 8 Feb 94 15:37:02 PST
Subject: keyservers
In-Reply-To: <9402080535.AA19289@runner.utsa.edu>
Message-ID: <9402082335.AA12051@toxicwaste.media.mit.edu>


All these keyservers are connected.  You don't *need* to use the
WWW interface to send in your key, just send it in via e-mail,
which is the original interface.

-derek





From rcain at netcom.com  Tue Feb  8 15:47:03 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 8 Feb 94 15:47:03 PST
Subject: CERT advisory
In-Reply-To: <9402060343.AA17498@ah.com>
Message-ID: <199402082346.PAA19249@mail.netcom.com>


Eric Hughes sez:
> 
> Since distribution and
> storage of keying material is an as-yet pragmatically unsolved
> problem, it is unwise to insist upon prearranged keys when a partial
> solution, D-H, is available immediately.

I (and some others with credentials) think I have solved it.  I wish
I could be more specific and will be as soon as I can with the idea under
some form of protection.  As soon as I file, cypherpunks will be the
first to get the details.  I am not no much trying to be a tease as to
tease out any possible solutions to this that I may not be aware of.
sci.crypt is not the place for unsubstantiated claims and I hope for
a bit more tolerance here.  We are on the same side, I just wish to
profit from it so I can bankroll a few backlogged ideas.  Bootstraping
is a bitch.  :-)


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From pmetzger at lehman.com  Tue Feb  8 15:50:58 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 8 Feb 94 15:50:58 PST
Subject: Crypto Regulation Reform
In-Reply-To: <199402082221.OAA10284@mail.netcom.com>
Message-ID: <199402082349.SAA09698@snark>



Robert Cain says:
> >  > A device can be made right now at lower cost
> >  > than a computer modem, much lower, that could be inserted between any
> >  > phone and the wall that would make it impossible, no matter what laws
> >  > are in place, to tap either passively or acitively, communication that
> >  > passes between two of these devices.  I know how to do it, could do it
> >  > and probably will just for the fun of it at least.  
> > 
> > Uhh, could you tell us?
> 
> 'Fraid not.  I want to patent it and profit from it.  As a
> hardware/software development engineer I stand diametrically opposed to
> the FSF gang.

There are exactly two ways to transmit a signal.  Either you are in
the digital or the analog domain. If you are in the digital domain,
you need a modem, so your device can't be cheaper than a modem. If you
are in the analog domain, you can't get good encryption short of
extremely iffy techniques. (You could, for instance, have a DES chip
putting out data that was used to control analog scramblers, but
synching up the two sides would be hard and waveform information might
be used to reconstruct the signal even without breaking the sequence.)

Given that V.32 class modems are only a couple hundred bucks, and will
soon be only a hundred bucks or so, its hard to imagine how anything
analog that was decent could be cheaper anyway.

> Well, making it credit card sized and cheaper than a modem is not all
> that difficult.  An AT&T VSELP chip based on their DSP1616 with some
> firmware added for primative modem capability, some firmware for the
> encryption and a couple of codec chips fits the bill nicely.

You still need a modem. You therefore cannot be cheaper than a modem.

> I do have
> a breakthrough though and that is in the area of a key exchange
> protocol that can detect an active spoof, a problem unsolvable in theory
> (at least in the opinion of Whit Diffie, Marty Hellman and Ron Rivest)
> but solvable to any desired degree of confidence in practice.

This would not make your machine cheaper., and anyone wanting real
security will sign their Diffie-Hellman exchanges anyway.

> In fact
> in the most common situation that I would expect it to be used, it is
> provably secure against a spoof.

Can't be done without shared data, because without shared data you
have no way of even knowing who you are talking to.

> I can't say any more about how that
> works but some fine mathematicians and some crypto names most of you
> know have witnessed and validated it.

Oh?

.pm





From rcain at netcom.com  Tue Feb  8 16:10:53 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 8 Feb 94 16:10:53 PST
Subject: Crypto Regulation Reform
In-Reply-To: <199402071551.KAA04645@snark>
Message-ID: <199402090010.QAA22469@mail.netcom.com>


Perry E. Metzger sez:
> 
> > Uhh, could you tell us?  Sounds like quite a breakthrough.  Credit
> > card sized?  Much cheaper than a modem, like $50 maybe?  And it
> > digititizes and securely encrypts speech (full duplex?) on the fly?
> 
> By definition anything that does this in the digital domain needs a
> modem, so it can't be cheaper than a modem. None of the analogue
> methods are going to be terribly secure.

Remember that a "modem" such as we are used to is a much more complex
device (at least the firmware, and you do pay for that :-) than what is
required for simply modulating and demodulating a fixed rate, framed
bit stream.

Today's modem chip sets invariably have a general purpose microprocessor
to do all the Hayes type stuff and a DSP to do the actual bit stream
modulation/demodulation (and digital filtering and echo cancelation,
etc.) where my device can be the DSP alone and requires no RS232 ports
or the like.  This will result in a saving.  In short, what is
required for a voice-only device such as I am initially thinking about
is a subset of what is required for a computer modem.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From rcain at netcom.com  Tue Feb  8 16:17:02 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 8 Feb 94 16:17:02 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <199402071555.KAA04653@snark>
Message-ID: <199402090016.QAA22965@mail.netcom.com>


Perry E. Metzger sez:
> 
> Indeed, a paper has been published on how to break Sun Secure RPC
> based on the idiotic decision by someone at Sun to standardise the
> modulus used. It is basically a matter of precomputing a lot of data
> based on the numbers which allows you to break any particular discrete
> log in that field on the fly. The suggestion by Mr. Cain to use a
> single generator and modulus for all traffic is astonishingly naive.

Now wait a minute, Perry.  If a device is going to use other than a 
set of known moduli or even just one, how are two devices going to each
know what the other is using without a listner knowing?  I think it is
pretty much agreed that devices that use "secret" numbers are not very
practical.  What you say seems to indicate that D-H as we know and
love it has been rendered obsolete because it depends on the modulus
being known.  What am I missing?


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From owner-cypherpunks  Tue Feb  8 16:53:56 1994
From: owner-cypherpunks (owner-cypherpunks)
Date: Tue, 8 Feb 94 16:53:56 PST
Subject: No Subject
Message-ID: <9402090053.AA00119@toad.com>







From pmetzger at lehman.com  Tue Feb  8 17:02:12 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 8 Feb 94 17:02:12 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <199402090016.QAA22965@mail.netcom.com>
Message-ID: <199402090045.TAA09810@snark>



Robert Cain says:
> Perry E. Metzger sez:
> > 
> > Indeed, a paper has been published on how to break Sun Secure RPC
> > based on the idiotic decision by someone at Sun to standardise the
> > modulus used. It is basically a matter of precomputing a lot of data
> > based on the numbers which allows you to break any particular discrete
> > log in that field on the fly. The suggestion by Mr. Cain to use a
> > single generator and modulus for all traffic is astonishingly naive.
> 
> Now wait a minute, Perry.  If a device is going to use other than a 
> set of known moduli or even just one, how are two devices going to each
> know what the other is using without a listner knowing?

You don't care if a listener hears the information on the modulus and
generator. It doesn't matter. You can broadcast it in the clear.

The point I was making was that if you always use the same modulus the
attacker can expend the effort to attack your modulus just once and
can then crack individual D-H sessions trivially. If you change each
time, you can't be attacked in this way.

.pm





From pmetzger at lehman.com  Tue Feb  8 17:02:13 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 8 Feb 94 17:02:13 PST
Subject: Crypto Regulation Reform
In-Reply-To: <199402090010.QAA22469@mail.netcom.com>
Message-ID: <199402090042.TAA09799@snark>



Robert Cain says:
> Perry E. Metzger sez:
> > 
> > > Uhh, could you tell us?  Sounds like quite a breakthrough.  Credit
> > > card sized?  Much cheaper than a modem, like $50 maybe?  And it
> > > digititizes and securely encrypts speech (full duplex?) on the fly?
> > 
> > By definition anything that does this in the digital domain needs a
> > modem, so it can't be cheaper than a modem. None of the analogue
> > methods are going to be terribly secure.
> 
> Remember that a "modem" such as we are used to is a much more complex
> device (at least the firmware, and you do pay for that :-) than what is
> required for simply modulating and demodulating a fixed rate, framed
> bit stream.

This is embarassingly wrong, Robert.

> Today's modem chip sets invariably have a general purpose microprocessor
> to do all the Hayes type stuff and a DSP to do the actual bit stream
> modulation/demodulation (and digital filtering and echo cancelation,
> etc.) where my device can be the DSP alone and requires no RS232 ports
> or the like.  This will result in a saving.

Have you actually looked at one of the Rockwell chipsets in real use,
Robert? They have "all in one" solutions these days. Getting cheaper
than what they sell is almost impossible -- you cannot achieve savings
by "leaving things out" because there is nothing available to leave
out. With the cost of a codec to do something like QCELP and the chip
to do the encryption, you are going to be at least as expensive as a
normal modem anyway just for the parts to manage that component of the
work.

> In short, what is required for a voice-only device such as I am
> initially thinking about is a subset of what is required for a
> computer modem.

I'd be very suprised to see your price predictions come true. I'd be
less suprised to see a secure voice product becaue the mechanisms to
build such things are well understood and hardly revolutionary.

.pm





From rcain at netcom.com  Tue Feb  8 17:07:14 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 8 Feb 94 17:07:14 PST
Subject: Crypto Regulation Reform
In-Reply-To: <199402082349.SAA09698@snark>
Message-ID: <199402090056.QAA28858@mail.netcom.com>


Perry E. Metzger sez:
> 
> 
> Robert Cain says:
>
> > Well, making it credit card sized and cheaper than a modem is not all
> > that difficult.  An AT&T VSELP chip based on their DSP1616 with some
> > firmware added for primative modem capability, some firmware for the
> > encryption and a couple of codec chips fits the bill nicely.
> 
> You still need a modem. You therefore cannot be cheaper than a modem.

Once again, what we call a modem today has gobs of bells and whistles
in firmware and hardware that a simple voice->bits->wierd-bits->anlog
and it's inverse is a whole lot simpler at many levels than today's
modems.  In fact it doesn't even require 9600 baud with CELP or VSELP
which is wonderful since overseas sessions at that speed are iffy at
best I have found.  Compare the price of a 4800 baud modem today with
what we now call "modems."

> 
> > I do have
> > a breakthrough though and that is in the area of a key exchange
> > protocol that can detect an active spoof, a problem unsolvable in theory
> > (at least in the opinion of Whit Diffie, Marty Hellman and Ron Rivest)
> > but solvable to any desired degree of confidence in practice.
> 
> This would not make your machine cheaper., and anyone wanting real
> security will sign their Diffie-Hellman exchanges anyway.

No, not cheaper, just viable.  :-)

> 
> > In fact
> > in the most common situation that I would expect it to be used, it is
> > provably secure against a spoof.
> 
> Can't be done without shared data, because without shared data you
> have no way of even knowing who you are talking to.

We shall see.  I contend that with this I can establish a spoof-proof
point to point with a total stranger to any desired probability that
a spoof could not be there without disclosing him/her.  It is not hard
for me to envision, especially in business situations, how such a
thing would be more than useful.

There really is no point in arguing this until I can present it.
There are two reasons I mentioned it.  The first is that I wanted
to see if there have been any other breakthroughs in the time I 
have had this on the shelf and the second reason is private.  :-)

> 
> > I can't say any more about how that
> > works but some fine mathematicians and some crypto names most of you
> > know have witnessed and validated it.
> 
> Oh?

Yep.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From rcain at netcom.com  Tue Feb  8 17:22:11 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 8 Feb 94 17:22:11 PST
Subject: Crypto Regulation Reform
In-Reply-To: <199402090042.TAA09799@snark>
Message-ID: <199402090119.RAA02591@mail.netcom.com>


Perry E. Metzger sez:
> 
> 
> Robert Cain says:
> > 
> > Remember that a "modem" such as we are used to is a much more complex
> > device (at least the firmware, and you do pay for that :-) than what is
> > required for simply modulating and demodulating a fixed rate, framed
> > bit stream.
> 
> > Perry E. Metzger sez:
> This is embarassingly wrong, Robert.

Please embarass me.  Do you always approch things with the hostility
I am sensing, Perry?  I've heard this about you but this is the first
time I've run into it myself.  :-)

> 
> Have you actually looked at one of the Rockwell chipsets in real use,
> Robert? They have "all in one" solutions these days. Getting cheaper
> than what they sell is almost impossible -- you cannot achieve savings
> by "leaving things out" because there is nothing available to leave
> out. With the cost of a codec to do something like QCELP and the chip
> to do the encryption, you are going to be at least as expensive as a
> normal modem anyway just for the parts to manage that component of the
> work.

Yes, every chip set and DSP on the market in excruciating detail.  It
was only recently that I realized that I could use a simpler, cheaper
solution.  I'm an EE as well as programmer and I've actually got bills
of materials and schematics for this.  I'm not guessing.

>
> I'd be very suprised to see your price predictions come true. I'd be
> less suprised to see a secure voice product becaue the mechanisms to
> build such things are well understood and hardly revolutionary.

And I'll be very happy to surprise you when the political dust has
settled, when I am satisfied that a patent filing isn't going to be
stamped so that even I can't look at it or talk about it legally and
when I find the bucks to patent it and build one.

I keep saying I won't argue and then I do.  :-)  Time for me to put up
or shut up.  I've tested these waters to my satisfaction and from the
feedback here believe that my solution is still non-obvious (until you
see it :-)  So, I'll be back to discuss this further when I can freely.


Later,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From rcain at netcom.com  Tue Feb  8 17:27:12 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 8 Feb 94 17:27:12 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <199402090045.TAA09810@snark>
Message-ID: <199402090124.RAA03245@mail.netcom.com>


Perry E. Metzger sez:
> 
> You don't care if a listener hears the information on the modulus and
> generator. It doesn't matter. You can broadcast it in the clear.

Ah.  Now I understand what you meant.

> 
> The point I was making was that if you always use the same modulus the
> attacker can expend the effort to attack your modulus just once and
> can then crack individual D-H sessions trivially. If you change each
> time, you can't be attacked in this way.

Good idea.  Think I'll steal it.  I'll just let the little beastie
search for good ones while it isn't doing anything else and isn't
running off its batteries.  :-)


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From collins at newton.apple.com  Tue Feb  8 17:42:12 1994
From: collins at newton.apple.com (Scott Collins)
Date: Tue, 8 Feb 94 17:42:12 PST
Subject: Some stuff about Diffie-Hellman (and more :-)
Message-ID: <9402090138.AA04905@newton.apple.com>


>What you say seems to indicate that D-H as we know and
>love it has been rendered obsolete because it depends on the modulus
>being known.  What am I missing?

DH exchange doesn't require a known modulus.  Most people implement it with
a common alpha and small set of generators so that they don't have to
invent a distribution or agreement protocol.  Authenticated DH exchanges
(e.g., station-to-station protocol) can include these parameters as part of
each parties signature; and provide an agreement policy (e.g., initiator's
parameters unless receiver thinks they are weak).

After each party has generated and exchanged an exponent, each verifies the
`certificate' of the other, and the signature of the other over the
exponent pair.

The shared knowledge that makes this possible in this case is, of course,
foreknowledge of the public key of the other party.  If you don't know it
before you start the protocol, you can't really know who you're talking to.
 Other protocols can be designed with other choices of shared knowledge.

STS is immently practical, any other practical and fair scheme is likely to
be similar, i.e., involve shared knowledge, independently generated random
input from both parties, a mechanism for securely (but expensively)
transmitting the random data (typically based on the shared knowledge),
combining the disjoint random data symmetrically so that each party shares
in a fresh secret session key, and finally authentication based in part on
the original shared knowledge.

Hope this helps,


Scott Collins         | "Few people realize what tremendous power there
                      |  is in one of these things."     -- Willy Wonka
......................|................................................
BUSINESS.   voice:408.862.0540  fax:974.6094   collins at newton.apple.com
Apple Computer, Inc.   5 Infinite Loop, MS 305-2B   Cupertino, CA 95014
.......................................................................
PERSONAL.   voice/fax:408.257.1746    1024:669687   catalyst at netcom.com







From mgream at acacia.itd.uts.edu.au  Tue Feb  8 18:27:14 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Tue, 8 Feb 94 18:27:14 PST
Subject: Talking to strangers (was: Crypto Regulation Reform)
In-Reply-To: <199402090056.QAA28858@mail.netcom.com>
Message-ID: <9402090225.AA26157@acacia.itd.uts.EDU.AU>


Earlier, Robert Cain wrote:

> We shall see.  I contend that with this I can establish a spoof-proof
> point to point with a total stranger to any desired probability that
> a spoof could not be there without disclosing him/her.  It is not hard
> for me to envision, especially in business situations, how such a
> thing would be more than useful.

If I understand you correctly, your asserting that without _any_ prior
knowledge of the person you are communicating to, and without any form
of online checks before or during your authentication mechanism, that
you can be _sure_ you're talking to said stranger ? 

Unless there are other presumptions, I fail to see how you can be sure 
you are communicating to someone, when you don't know who they are. 
Even if you can get something akin to a pgp key with an identifier and 
be sure you are taking to the owner of _that_ identifier, but you can't 
be sure that identifier is real and/or not a forgery.

Given those circumstances, wouldn't a man in the middle relay attack be
a piece of cake ? 

Matthew.
-- 
Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
PGPMail and brown paperbags accepted.





From pmetzger at lehman.com  Tue Feb  8 19:02:11 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 8 Feb 94 19:02:11 PST
Subject: Crypto Regulation Reform
In-Reply-To: <199402090119.RAA02591@mail.netcom.com>
Message-ID: <199402090257.VAA09865@snark>



Robert Cain says:
> Please embarass me.  Do you always approch things with the hostility
> I am sensing, Perry?

No, but I've got a shock proof shit detector and you are triggering
it. One of the things that sets it off is odd claims being made before
implementation. You are making a very odd claim, which is that you can
beat the price on a Rockwell integrated modem module by building
something yourself -- given the economies of scale, a weird statement.
You are also claiming that given that you need to have a DSP doing
your modem work, and processing power to do your cryptography and DSP
horsepower to do your vocoder, you are still going to be able to beat
the price of mass-market modems that are falling to the $100 range
with your non-mass market product. Frankly, it sounds like a load of
crap. I might be wrong, of course -- I've been wrong before. However,
when people make strange claims to me about things they haven't
finished implementing yet that they don't sell, especially after
they've made lots of mistakes in their postings the previous week, it
sets off alarm bells in my head. I'm not saying its impossible, but
I'm saying that until you give me more evidence I'm not going to think
that your claim is credible, and I don't think any other reasoning
person should, either.

> Yes, every chip set and DSP on the market in excruciating detail.  It
> was only recently that I realized that I could use a simpler, cheaper
> solution.  I'm an EE as well as programmer and I've actually got bills
> of materials and schematics for this.  I'm not guessing.

When you have the product in hand and can actually sell it for less
than a modem, please get back to us. Right now, its vaporware.

.pm





From cvoid at netcom.com  Tue Feb  8 19:17:16 1994
From: cvoid at netcom.com (Christian Void)
Date: Tue, 8 Feb 94 19:17:16 PST
Subject: T-shirt update - Please Read
Message-ID: <Pine.3.85.9402081947.A10357-0100000@netcom>


Several people have sent orders to me without including an e-mail 
address. This is not a problem, but I would like to confirm the orders so 
you know they were recieved. If you know this is you, or think it may be 
you, please send me a note.


This is also the last call for orders. We will be taking orders 
until the 15th of February, so if you want one, send it ASAP. We will not 
be re-pressing the shirts, it is a one-time deal.

Ordering information can be obtained via anonymous FTP to netcom.com: 
~/pub/cvoid/cypherpunks/ordering.information.txt

Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc.
cvoid at netcom.com    | ever had anything to do with it." | P.O. Box 170213
Tel. 1+415-998-0774 |  -Erwin Schrodinger  (1887-1961)  | SF, CA  94117-0213
                * PGP v2.3a Public Key Available Via Finger *









From mdbomber at w6yx.stanford.edu  Tue Feb  8 19:42:11 1994
From: mdbomber at w6yx.stanford.edu (mdbomber at w6yx.stanford.edu)
Date: Tue, 8 Feb 94 19:42:11 PST
Subject: archives request
Message-ID: <199402090339.AA26967@nebula.acs.uci.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Are there any archives of this list?  My email service has been unreliable
and I have probably missed most of December and January.

Please respond by direct email to w6yx - mail from the list to me @lear35
isn't getting to me for some reason.

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQBVAgUBLVhM8jSSmvXojb+5AQF8kAH/TAxSfgZvURkAi8ZvPtVkz9AZ2iEId/H7
qUmB87at9yS27pWP9xWrOymYcVlgOMP1J12TtosERy19pxrMdtDZvw==
=peD2
-----END PGP SIGNATURE-----

Internet: mdbomber at w6yx.stanford.edu                       Matt Bartley
UUCP: mdbomber at lear35.vlpa.ca.us                           
GPS:  33 49' xx''
     117 48' xx''    (xx due to SA :-)







From jim at bilbo.suite.com  Tue Feb  8 20:32:13 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 8 Feb 94 20:32:13 PST
Subject: Crypto Regulation Reform
Message-ID: <9402090423.AA13621@bilbo.suite.com>



Robert Cain writes:

> We shall see.  I contend that with this I can establish a
> spoof-proof point to point with a total stranger to any
> desired probability that a spoof could not be there
> without disclosing him/her.
> 


Page 44 of "Applied Cryptography" discusses a point to point *public*  
key exchange protocol called the "Interlock Protocol" (invented by  
Ron Rivest and Adi Shamir).  This protocol is an attempt to foil the  
man-in-the-middle attack.  The protocol does not provide a %100  
guarantee against man-in-middle, but it does make it much harder (or  
so says the book).

Perhaps Robert's device really uses a variation of the Interlock  
Protocol, and not Diffie-Hellman (mentioned only as a red herring?).

<shrug>

Jim_Miller at suite.com





From peanuts at jpn.thomson-di.fr  Tue Feb  8 21:12:17 1994
From: peanuts at jpn.thomson-di.fr (Peanuts)
Date: Tue, 8 Feb 94 21:12:17 PST
Subject: UNSUBSCRIBE
Message-ID: <9402090445.AA13456@krainte.jpn.thomson-di.fr>



Unsubscribe peanuts at jpn.thomson-di.fr

Please.

Thanks.

Sorry for bandwidth waste, but cypherpunks-request at toad.com has no effect.





From arthurc at crl.com  Tue Feb  8 22:57:15 1994
From: arthurc at crl.com (Arthur Chandler)
Date: Tue, 8 Feb 94 22:57:15 PST
Subject: Reminder: FIRST CYPHERPUNKS VIRTUAL MEETING TONIGHT
Message-ID: <Pine.3.87.9402082220.A23063-0100000@crl2.crl.com>




              FIRST CYPHERPUNKS VIRTUAL MEETING AT BAYMOO

     The first cypherpunks virtual conference will be held at BayMOO on
Wednesday, February 9, at 8pm PST (11 EST).  To get there:
       telnet (or use a client) mud.crl.com 8888
 Follow instructions for login. Type help for any topic when you get into
the MOO.  @go Cypherpunk Central to get to the main room, then type HALL
to get to the conference hall. 
     Hope to see you there! 










From qwerty at netcom.com  Tue Feb  8 23:02:14 1994
From: qwerty at netcom.com (Xenon)
Date: Tue, 8 Feb 94 23:02:14 PST
Subject: What's a "real encryptor"?
Message-ID: <199402090702.XAA04365@mail.netcom.com>


Fwd:
Date: Tue, 8 Feb 94 23:59:22 CST
From: Karl Lui Barrus <klbarrus at owlnet.rice.edu>
Message-Id: <9402090559.AA24308 at flammulated.owlnet.rice.edu>
To: qwerty at netcom.com
Subject: bare min encryption
Status: R

Hm... I meant to send my last message to the list also, so if you
want to and you haven't deleted it :) please send it along (I deleted
my copy).  Forward this one too if you want (I have quoted private
mail from you so if you don't want to forward it that's fine!).

-----BEGIN PGP SIGNED MESSAGE-----

Xenon wrote:
>It was my perhaps naive impression that PGP could be stripped down of
>its "convenience features" to give an encryptor like what the
>dictionary says an encryptor is. Message in, "random" data out.

I'm not super familiar with the internal workings of PGP, but I'm sure
it could be "stripped down".  It's just a matter of ease of use.

The program I described earlier (RSA.tar.Z) is pretty minimal.  Secret
keys are just text, not locked by a hash of a passphrase, no "name"
information attached.  Public keys are the same: no username attached,
no web of trust, etc.  The output is in binary form, with no headers
or checksums or anything.  PGP has keyrings, this program requires you
to keep track of seperate public keys on your own.

I guess what you mean about PGP is if you want to know if a file is
PGP encrypted, you can just run PGP on it and it'll say.  It'll tell
you whether or not you have the appropriate secret key to decrypt
(unless you conventionally encrypt).  Not so with the RSA package, it
will quite happily decrypt a totally random file into another random
file.

The only "more bare" program I can see is just pure numbers :-).  Like
when I was taking a cryptography course and spent hours
working/playing with the protocols using Mathematica.  Just two large
primes, and encryption exponent and a decryption exponent!

>If such a bare RSA/IDEA program had been made, would its output in
>fact be indistinguishable from random data? How vigorously so? The

Well, I haven't run statistics tests on the RSA program output, but it
claims to be nothing but RSA.  So it's output should essentially be a
number, less than the modulus.  The program encodes numbers as ascii
strings, but that's it.

Karl Barrus
<klbarrus at owlnet.rice.edu>

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVh6ZoOA7OpLWtYzAQGatwQAqNWUKjfc5hQ79d071zP7uKTEjj6ns+fb
Rfo94hJSgyhfUHVcYydusjBvpsIfQFc2TISuB/lt3cZqhFqGhezM3ajcPI380rfI
hrcMcbIRtQhs+B6Pd9FIF8r2kd5Yn4mrNt4j/z8J4APZUM6rb+/eTPbLFfGDFTQG
oexOHvDDdAo=
=jXMB
-----END PGP SIGNATURE-----

P.S. Given that PGP is already a standard, all that is needed is a
utility to strip down a PGP message, and later restore it, or some
sort of "Plug in" to a modular PGP version. - Nik (-=Xenon=-)





From an57322 at anon.penet.fi  Tue Feb  8 23:07:15 1994
From: an57322 at anon.penet.fi (T.A.Z.)
Date: Tue, 8 Feb 94 23:07:15 PST
Subject: Oceania-history redoux
Message-ID: <9402090623.AA14882@anon.penet.fi>



It is interesting to read all the recent posts about Oceania, because it is
of course the story of Sealand, an independent country that was founded in
the Seventies. It would be wise if the promoters and future citizens of
Oceania studied the failure of Sealand before putting another dime into
their  doomed project.
Shortly after Sealand was funded on a large surplus housing platform in the
oil fields of the North sea, Sealand began issuing its own currency,
passports, and stamps. The results were predictable: nobody wanted their
money, no other country accepted their passports for entry, and the
international postal organization refused to deliver their mail. IMHO,
there can be little doubt that Oceania would suffer the same fate-if the
project ever gets a far as having a platform.
The nations of the world are like a very exclusive country club: no new
members accepted. Occasionally, a former member gets readmitted, or one
member dies and her two children take her place, but there will be no
newcomers.

-= T.A.Z.
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From kinney at spot.Colorado.EDU  Tue Feb  8 23:17:15 1994
From: kinney at spot.Colorado.EDU (W. Kinney)
Date: Tue, 8 Feb 94 23:17:15 PST
Subject: I support HR 3627
Message-ID: <199402090711.AAA27640@spot.Colorado.EDU>



-----BEGIN PGP SIGNED MESSAGE-----


Add my name to the list of supporters of HR 3627.

The truly appealing thing about cryptography is that it places enforcement 
of the Fourth Amendment completely in the hands of citizens, regardless of 
the wishes of a sometimes hostile government. We should be exporting the 
Fourth Amendment far and wide. I wish technology could accomplish that for 
all ten in the Bill of Rights.

                            -- Will Kinney
-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVgn6vfv4TpIg2PxAQH+zgP9Eh8f1J66Tz7KwdIlfb5NxV1r1KvYA5e8
4yzzI/8tAlcjQ0irvCd3bHmIyQrjWRgrT3RgKV3L0TdLZCH8acY8bW3ioCLkZbUC
aCbKETesIf80iGDIDnVYQCXf+HoNOyRJ15k2ytaGuutb1GthN9yG0r0zKfH8IkLW
BemWKUWzS68=
=ax1M
-----END PGP SIGNATURE-----




From aleeali at remus.rutgers.edu  Tue Feb  8 23:22:14 1994
From: aleeali at remus.rutgers.edu (alee ali)
Date: Tue, 8 Feb 94 23:22:14 PST
Subject: Unsubscribe
Message-ID: <CMM-RU.1.3.760778473.aleeali@remus.rutgers.edu>


Unsubscribe





From ZACZ at delphi.com  Tue Feb  8 23:42:14 1994
From: ZACZ at delphi.com (ZACZ at delphi.com)
Date: Tue, 8 Feb 94 23:42:14 PST
Subject: Please Remove me from the mailing list
Message-ID: <01H8NWWCNE6A8Y761T@delphi.com>


Ouch, I hope this isn't the reamialer address... If it is, I am getting out my flameproof jacket right now. I just can't wade through 100 messages a day, so please, please remove me...

ZZ*





From rustman at netcom.com  Tue Feb  8 23:42:15 1994
From: rustman at netcom.com (Rusty H. Hodge)
Date: Tue, 8 Feb 94 23:42:15 PST
Subject: STEG: Obtaining digital audio accuratly
Message-ID: <199402090739.XAA25210@mail.netcom.com>


perobich at ingr.com sez:
>The SGI drives use modified
>firmware and (AFAIK) are not available elsewhere, but you can get the
>Apple drives at Circuit City, Sears, etc.

SGI uses modified firmware on their DAT/DDS units to read audio
daata, but I am pretty sure the Toshiba mech is stock.  Why?

I have a program called direct to disk from OMI that lets me load
audio data from an Apple CD-SC300 or the Toshiba mech, outputting
AIFF, Sound Designer II and several other file formats.  The AIFF and
SDII formats are stereo 16-bit 44.1kHz; usually the QuickTime formats
are 8 bit.  So the AIFF and SDII formats have the full bit stream.


-- 
Rusty H. Hodge, Cyberneticist  <rustman at netcom.com> 




From qwerty at netcom.com  Tue Feb  8 23:52:14 1994
From: qwerty at netcom.com (Xenon)
Date: Tue, 8 Feb 94 23:52:14 PST
Subject: Netcom remailers.
Message-ID: <199402090752.XAA09584@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Lucky me. I got my first complaint about my remailer today, as Eric
Hollander told me I would eventually get. He says once a month Mr. Employee
bashes Mr. Boss with his remailer 'cause Mr. Employee is too cheap for a
stamp, and so he sends Mr. Employee a nasty warning from Mr. Remailer
Operator. Me, no logs, yet, even assuming it wasn't just from another
remailer. And the person didn't contact me, he contacted Netcom. Gee, maybe
the guy made it up. No matter. It was an edu address, possibly a student.
So now I get a terse, not too serious message from support at netcom.com
mentioning "unsolicited mail" being against Netcom policy, so cut it out.
I've blocked that outgoing address and sent the guy an explanation, and he
hasn't responded to my asking what was up. I've added "Report Problems to
qwerty at netcom.com." in my outgoing header too. But I have a question.

I'm the quite type. I tend to ignore things like this, till say Netcom
deletes my account, or at least demands an explanation. My question is,
should this happen again, say tomorrow, should I tell support at netcom.com
what's up? "I'm running an anonymous remailer, you know, like
anon.penet.fi, the one that has 10,000 active users. Thus Netcom is now
diverting CPU time to anyone who wants it." I wouldn't word it like THAT,
but that's what they might truthfully assume. Sure would be nice if I could
fully forge e-mail as coming from "nobody at nowhere.org". Alternatively I
could just keep logs. Or I could just never log into qwerty again, and see
how long it lasts ;-)! Hit and run remailer accounts.

Centralized remailers on the internet. Bah!

 Nik (-=Xenon=-)

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVhO0wSzG6zrQn1RAQEBfwP/YnMjuyphc2O8onhEHT6jH3qyDp0YPzgd
JFRrJzZI/ZOCnqtR6+zyjKqDtXCbY4GvR29vAyyXIFmG4kxfMNBRmRr4lwzUxf7G
quguvzMRxdOFencHxToxaoXqZ/4/tBI5O472c1hOtdvuHaFTPP+JOLpg18Git5AR
e74uFtB7I4U=
=eZsb
-----END PGP SIGNATURE-----





From drzaphod at brewmeister.xstablu.com  Wed Feb  9 00:07:16 1994
From: drzaphod at brewmeister.xstablu.com (DrZaphod)
Date: Wed, 9 Feb 94 00:07:16 PST
Subject: Oceania-history redoux
In-Reply-To: <9402090623.AA14882@anon.penet.fi>
Message-ID: <m0pU9hT-0003DdC@brewmeister.xstablu.com>


> 
> 
> It is interesting to read all the recent posts about Oceania, because it is
> of course the story of Sealand, an independent country that was founded in
> the Seventies. It would be wise if the promoters and future citizens of
> Oceania studied the failure of Sealand before putting another dime into
> their  doomed project.
> Shortly after Sealand was funded on a large surplus housing platform in the
> oil fields of the North sea, Sealand began issuing its own currency,
> passports, and stamps. The results were predictable: nobody wanted their
> money, no other country accepted their passports for entry, and the
> international postal organization refused to deliver their mail. IMHO,
> there can be little doubt that Oceania would suffer the same fate-if the
> project ever gets a far as having a platform.
> The nations of the world are like a very exclusive country club: no new
> members accepted. Occasionally, a former member gets readmitted, or one
> member dies and her two children take her place, but there will be no
> newcomers.
> 
> -= T.A.Z.
> -------------------------------------------------------------------------
> To find out more about the anon service, send mail to help at anon.penet.fi.
> Due to the double-blind, any mail replies to this message will be anonymized,
> and an anonymous id will be allocated automatically. You have been warned.
> Please report any problems, inappropriate use etc. to admin at anon.penet.fi.
> 


-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From qwerty at netcom.com  Wed Feb  9 00:27:15 1994
From: qwerty at netcom.com (Xenon)
Date: Wed, 9 Feb 94 00:27:15 PST
Subject: Don't call it "VGP".
Message-ID: <199402090824.AAA13094@mail.netcom.com>


This is not my idea, but it will sure "sell better" than "VGP" as a buzzword
to describe a PGP version with an output that is indistinguishable from
noise:

"Stealth-PGP".

 -=Xenon=-





From /G=Scott/I=M/S=Braden/OU=nsic1/O=DOS/PRMD=ALCANET/ADMD=TELEMAIL/C=US/ at alcatel.aud.alcatel.com  Wed Feb  9 07:17:21 1994
From: /G=Scott/I=M/S=Braden/OU=nsic1/O=DOS/PRMD=ALCANET/ADMD=TELEMAIL/C=US/ at alcatel.aud.alcatel.com (/G=Scott/I=M/S=Braden/OU=nsic1/O=DOS/PRMD=ALCANET/ADMD=TELEMAIL/C=US/ at alcatel.aud.alcatel.com)
Date: Wed, 9 Feb 94 07:17:21 PST
Subject: I support HR 3627
Message-ID: <940209171756Z.WT608572.4_at_CCMGW.ALCANET.TELEMAIL.US.CC-MAIL*/G=Scott/I=M/S=Braden/OU=nsic1/O=DOS/PRMD=ALCANET/ADMD=TELEMAIL/C=US/@alcatel>



February 9, 1994

Dear Rep. Cantwell,

I support HR 3627, because I strongly believe in every 
American's right to privacy. 

In our burgeoning global markets, American businesses must 
rely on secure communications to prevent industrial 
espionage. If the Clinton Administration succeeds in 
dictating that only the "Clipper Chip" can be exported, it 
will effectively strangle any other means of secure 
communications. 

In a competitive global market for technology and 
communications, I think it is crucial that American 
businesses retain the right to produce the products and 
security solutions that their customers want, free of the 
restrictions and demands of government controls and 
snooping.

Rep. Cantwell, this is not an arcane technical issue of 
export control. The freedom of Americans to be secure in 
their communications from unwarranted government intrusion 
is essential to our liberty. I think this is one of the few 
issues that both Republicans and Democrats agree upon, so I 
hope you will be able to generate bi-partisan support for 
your bill. 

Sincerely, 


M. Scott Braden
1242 Briarcove
Richardson TX 75081





From qwerty-remailer at netcom.com  Wed Feb  9 07:27:22 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 9 Feb 94 07:27:22 PST
Subject: Another PGP Tools / Magic Money update
Message-ID: <199402091526.HAA12975@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

There should be a new version of PGP Tools and Magic Money on csn.org soon.
The PGP Tools will be called pgptl10b.zip and the Magic Money will be
mgmny10b.zip. The new naming was warlord's idea: the "b" will be "c" etc
in future releases, until some serious updating justifies a new version.
The new Magic Money does not contain the PGP Tools files, so be sure to
download PGP Tools as well. Will I run out of bugs or letters first? :-)

The prime-multiplication problem appears to have gone away. The new Magic
Money checks the whole coin, but the attack is probably impossible anyway.

jkreznar at ininx.com quotes:

   Here we consider only {\em prime\/} divisors of $n$ and ask, for
   given order of magnitude of $n$. ``how many prime divisors are
   there typically?'' and ``how many {\em different\/} ones are
   there?''  Some of the answers will be rather counterintuitive.
   Thus, a 50-digit number ($10^{21}$ times the age of our universe
   measured in picoseconds) has only about 5 different prime
   factors on average and --- even more surprisingly --- 50-digit
   numbers have typically fewer than 6 prime factors in all, even
   counting repeated occurrences of the same prime factor as
   separate factors.

   We will also learn something about the distribution of the
   number of prime factors and its implications for the important
   factoring problem.  Thus, we discover that even for numbers as
   large as $10^{50}$, the two smallest primes, 2 and 3, account
   for about 25\% of all prime factors!

A number of several hundred digits, such as a Magic Money coin, if it were
to be made of all small primes, would need 50 or 100 factors. These would
probably be very rare, considering this average.

hfinney at shell.portal.com wrote:

>I was thinking over the attack I described on Magic Money and Chaum
>cash, and I now think it will not actually work, especially in the case
>of the Chaum cash.  Specifically, it will take as much work to forge
>cash as to factor the modulus.

[ describes how finding smooth numbers is equivalent to factoring ]

>So, unless there is in fact some trick that can be used to quickly find
>smooth numbers given that the low order 128 bits are free, I don't
>think there is any need to worry about my attack on Magic Money.  And
>it looks like Chaum's online cash is completely invulnerable to this
>approach.

Unless something else comes up, it looks like we don't need to worry about
this one. If it does become a problem, it would be easy to go to full Chaum 
cash - take the MD5 of a random number and use it, including the random 
number in the coin. But there is no reason to code this unless we find out 
we need it.

As for the big-endian problem, andrewl at wtg20.wiltel.com wrote:

>I retrieved the latest version of Magic Money from the mpj archive
>and compiled it on a big-endian machine (a 68k NeXT).  It seems
>to work now...  I was able to setup the server and client and
>move a little cash around whereas before the server would never
>sucessfully find a q....

This was the last version, which set all precision to max. The last version
also had a bug in pgp_extract_rsa, again involving set_precision. The new 
one has defines which try to use lower precision and adjust pointers, for 
those functions which can be sped up this way. If that fails, another define 
will go back to setting everything max. Please test this on a big-endian 
machine and find out if it works without everything set to max. If it 
doesn't, please try to debug it and post what needs to be done.

The code seems to be getting close to working. Does anyone want to set up
a Magic Money server? You could run it through a remailer, if you want to.
The server filters PGP messages from stdin to stdout, so you would not
need root access to run one. It would probably be no harder than running 
a remailer. I compiled in the 8086.asm under DOS, and it is fast enough.
Use the assembly for whatever system you are running on, because the server
has to perform a lot of secret key operations: decrypt, sign message, and
sign each coin.

                                             Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVdKTsGoFIWXVYodAQFGAgQAgNs7PiGe3KItFiouUs/iXoH5bfVsgdGs
pVbf4sTZcF3c531KARJGxVkXsrTXH+VOU2QPi2zj3M/w06elCnov/KZYl/aSRerg
viLquHK8sUymEq9KB7swIO+Kthk5G8fke/h/3xq1i4S0n6klajtU8HuOR5FdmcAU
kfA05Czngzw=
=gleH
-----END PGP SIGNATURE-----





From m5 at vail.tivoli.com  Wed Feb  9 07:42:23 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Wed, 9 Feb 94 07:42:23 PST
Subject: Crypto Regulation Reform
In-Reply-To: <199402090147.RAA07091@mail.netcom.com>
Message-ID: <9402091330.AA11900@vail.tivoli.com>



Robert Cain writes:
 > > Would disclosing the encryption algorithm put your patent claim at
 > > risk?
 > 
 > 'Fraid so.  R, S and A almost blew it by disclosing theirs in a paper
 > before filing.  

So your encryption algorithm (not the key exchange part; the
bit-stream encryptor) is not a well-known (or at least published)
algorithm?  Hmm...

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From m5 at vail.tivoli.com  Wed Feb  9 07:42:24 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Wed, 9 Feb 94 07:42:24 PST
Subject: Talking to strangers (was: Crypto Regulation Reform)
In-Reply-To: <199402090056.QAA28858@mail.netcom.com>
Message-ID: <9402091333.AA11915@vail.tivoli.com>



Matthew Gream writes:
 > Earlier, Robert Cain wrote:
 > 
 > > We shall see.  I contend that with this I can establish a spoof-proof
 > > point to point with a total stranger...

 > If I understand you correctly, your asserting that without _any_ prior
 > knowledge of the person you are communicating to, and without any form
 > of online checks before or during your authentication mechanism, that
 > you can be _sure_ you're talking to said stranger ? 

If Mr. Cain needs somebody to spearhead his marketing campaign, I'm
sure this feature would be enough to convince L. Detweiler to provide
his services pro bono.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From hughes at ah.com  Wed Feb  9 07:52:22 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 9 Feb 94 07:52:22 PST
Subject: Netcom remailers.
In-Reply-To: <199402090752.XAA09584@mail.netcom.com>
Message-ID: <9402091544.AA03932@ah.com>


[Increasingly rant-like towards the end--ed.]

>Sure would be nice if I could
>fully forge e-mail as coming from "nobody at nowhere.org". Alternatively I
>could just keep logs. Or I could just never log into qwerty again, and see
>how long it lasts ;-)! Hit and run remailer accounts.

The remailers already partially forge mail by not using the correct
"From:" in the header.  That's why they contacted netcom mgmt instead
of you, because your name didn't appear in the mail.  (Well, maybe in
the out of band info).

The problem is that every time you use the standard SMTP mechanism to
get mail into a machine (regardless of where it comes from) 1. a log
entry gets made on the receiving machine, and 2. a Received: field
gets put in the header which contains the name of the originating
machine.  So to forge mail you have to first send mail to someone who
doesn't log and who doesn't put Received: fields in.

The upshot is that if you use Internet mail, you're stuck with this.
If you want to send mail to people who only use Internet mail, then
you're also stuck.

It is certainly possible to use non-standard mail delivery services
(they'd have to be written, even if lots of existing code could be
moved) but the final leg of delivery to a standard Internet mailer is
going to make a logfile entry and put in a Received: field.  So you're
right back where you started.

Tough.  That's the way it is.  You want an network anonymous at the
hardware level, go read some sci-fi.

Putting the remailer hack on top of existing delivery mechanisms is
more interesting than a custom system, in many ways, because the
existing system, experimental as it is, has the capacity to reach far
more people than a custom system would.

In a wide area system which is not private by default, one way of
getting privacy is to get someone else to put their name on it.
That's what the remailers do.  I call this "proxy privacy".  If A
sends anonymous mail, B stands in A's place as the technical sender of
that mail; B is proxy for A.

So whine, whine, somebody complained.  The last hop, final delivery,
for a remailer system is always going to come from some proxy.  To
send to arbitrary addresses, there _must_ be a proxy.  Perhaps you
wouldn't mind sending to other remailers, but just not to general
public.

And so you want to do good at no risk.  "Maybe someone will find out,
maybe I'll get in trouble".  Sure anarchy is for sale, and you're
buying it with the peace of mind from your good works, a semiotic coin
purchasing relief of bad feelings, rather than donating your risk and
exposure.

>Centralized remailers on the internet. Bah!

Can you name any other network that has so much email connectivity
than the Internet?  Hmm?

Compuserve, attmail, mcimail, delphi, aol, prodigy?  They all use the
internet as their gateway to non-customers.

BITNET?  UUCP?

Fido?  As anarchist as Fido is, it's only 20K-25K machine, a fraction
of the internet size.

Netware mail?  Any of the LAN delivery services for PC's or Macs?
These people haven't even discovered wide area networking for the most
part.

Look, Netware bought USL recently.  The most successful PC networking
company (one of Microsoft's only serious system-level competitors)
purchased one of the two major branches of Unix.  Can you guess why?
Wide area networking.  It already works--it _is_ the Internet.
Netware is a LAN protocol; your mail won't leave the building.  And
fat lot of anonymity you're going to get there.

Yeah, the internet technology is changing.  ATM is coming.  And guess
what?  People are already implementing internet protocols on top of
it.  The Internet is an idea implemented in software that can run, by
design, on most any 2-way communications technology.  Resilience by
design.

And you think the Internet isn't where it's at.

Feh.


Eric





From owner-cypherpunks  Wed Feb  9 08:07:23 1994
From: owner-cypherpunks (owner-cypherpunks)
Date: Wed, 9 Feb 94 08:07:23 PST
Subject: No Subject
Message-ID: <9402091607.AA16444@toad.com>







From wex at media.mit.edu  Wed Feb  9 09:07:22 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Wed, 9 Feb 94 09:07:22 PST
Subject: I support HR 3627
Message-ID: <9402091705.AA05096@media.mit.edu>


Although CPSR hasn't explicitly called for it yet, I think it's a good idea
for each of us who support HR3627 to call our own representatives and urge
them to do so.  I've called mine.  Eventually they'll be in a position to
vote on this bill and the more aware they are the easier the fight will be.

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group	wex at media.mit.edu
Voice: 617-258-9168 Page: 617-945-1842		an53607 at anon.penet.fi
All the world's a stage and most of us are desperately unrehearsed.





From dmandl at panix.com  Wed Feb  9 09:22:24 1994
From: dmandl at panix.com (David Mandl)
Date: Wed, 9 Feb 94 09:22:24 PST
Subject: Cypherpunk forum in NYC, Thurs. 2/17
Message-ID: <199402091717.AA10768@panix.com>



     =========================================================

        On Thursday, February 17, Cypherpunks Perry Metzger
          and Dave Mandl will be speaking on the subject:

                      -----------------------

      "Crypto-Anarchy: How New Developments in Cryptography,
     Digital Anonymity, and Untraceable Digital Cash Will Make
                   the State a Thing of the Past"

                      -----------------------

               WHEN: Thursday, February 17, 7:30 p.m.
                WHERE: Penn South Community Room 7A,
                       330 W. 28 St., bet. 8 & 9 Aves.
                           New York City

        (Warning: This place is a little difficult to find,
                  but there will be signs posted.)

              This is an anarchist forum, part of the
           Libertarian Book Club's monthly forum series.

         Admission: Contribution (whatever you can afford)

     =========================================================




From sdw at meaddata.com  Wed Feb  9 09:42:23 1994
From: sdw at meaddata.com (Stephen Williams)
Date: Wed, 9 Feb 94 09:42:23 PST
Subject: Crypto Regulation Reform
In-Reply-To: <199402090257.VAA09865@snark>
Message-ID: <9402091713.AA09816@jungle.meaddata.com>


> 
> 
> Robert Cain says:
> > Please embarass me.  Do you always approch things with the hostility
> > I am sensing, Perry?
> 
> No, but I've got a shock proof shit detector and you are triggering
> it. One of the things that sets it off is odd claims being made before
> implementation. You are making a very odd claim, which is that you can
> beat the price on a Rockwell integrated modem module by building

That's not what he said.  He said 'modem', and as a consumer item that's
far from a 'Rockwell integrated modem module'...  That part is a small
part of the whole price of the modem, which you'd know if you looked
at price sheets.  For a 99 modem (which I see all the time with 14400
fax/data), the modem chip is probably $15-20.  The accepted minimum
markup on a manufactured item is 50% of selling price.

Of course, you can cut the margin if you sell enough of them, and it's
hard to say what the manuf. margin on a $99 modem is.

In anycase, he's talking about a slower modem, effectively, using a
DSP (Zyxels, which beat most modems on features and performance have
always used DSP's: they do data, fax, voice, callerid, touch tone
recognition, etc.  They include a 68K and >512K ram (I think)).


> something yourself -- given the economies of scale, a weird statement.
> You are also claiming that given that you need to have a DSP doing
> your modem work, and processing power to do your cryptography and DSP
> horsepower to do your vocoder, you are still going to be able to beat
> the price of mass-market modems that are falling to the $100 range
> with your non-mass market product. Frankly, it sounds like a load of
> crap. I might be wrong, of course -- I've been wrong before. However,
> when people make strange claims to me about things they haven't
> finished implementing yet that they don't sell, especially after
> they've made lots of mistakes in their postings the previous week, it
> sets off alarm bells in my head. I'm not saying its impossible, but
> I'm saying that until you give me more evidence I'm not going to think
> that your claim is credible, and I don't think any other reasoning
> person should, either.

Well, he certainly might not succeed, but it sounds plausible to me.

sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net sdw at meaddata.com
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together




From kevin at axon.cs.byu.edu  Wed Feb  9 10:17:24 1994
From: kevin at axon.cs.byu.edu (Kevin Vanhorn)
Date: Wed, 9 Feb 94 10:17:24 PST
Subject: Cypherpunk forum in NYC, Thurs. 2/17
In-Reply-To: <199402091717.AA10768@panix.com>
Message-ID: <9402091817.AA00994@axon.cs.byu.edu>



>	 "Crypto-Anarchy: How New Developments in Cryptography,
>	Digital Anonymity, and Untraceable Digital Cash Will Make
>		      the State a Thing of the Past"

I would be willing to pay $5 for a tape of this talk.  Alternatively,
in exchange for a tape of the talk I would be willing to transcribe it.

-----------------------------------------------------------------------------
Kevin S. Van Horn     | It is the means that determine the ends.
kevin at bert.cs.byu.edu |





From dmandl at lehman.com  Wed Feb  9 10:37:24 1994
From: dmandl at lehman.com (David Mandl)
Date: Wed, 9 Feb 94 10:37:24 PST
Subject: Cypherpunk forum in NYC, Thurs. 2/17
Message-ID: <9402091833.AA14954@disvnm2.lehman.com>


> From: kevin at axon.cs.byu.edu (Kevin Vanhorn)
> 
> >	 "Crypto-Anarchy: How New Developments in Cryptography,
> >	Digital Anonymity, and Untraceable Digital Cash Will Make
> >		      the State a Thing of the Past"
> 
> I would be willing to pay $5 for a tape of this talk.  Alternatively,
> in exchange for a tape of the talk I would be willing to transcribe it.

I can't tape it, but anyone else is more than welcome to do so and
distribute tapes and transcripts to their heart's content.  I say
this partly because I'll be too busy concentrating on the talk and
partly because I've had many problems in the past getting people to
stick to their promises to transcribe tapes (notably the interview
I did with Tim May on my radio show last year, which was very good;
the guy who promised to transcribe the tape screwed me, and so it
never happened).

These messages should probably not be posted to the whole list.  If
anyone there next Thursday tapes the talk and wants to make copies
available, s/he can let me know and I can pass the address, price,
or whatever along to the list.

   --Dave.





From kevin at axon.cs.byu.edu  Wed Feb  9 11:17:26 1994
From: kevin at axon.cs.byu.edu (Kevin Vanhorn)
Date: Wed, 9 Feb 94 11:17:26 PST
Subject: Cypherpunk forum in NYC, Thurs. 2/17
In-Reply-To: <9402091833.AA14954@disvnm2.lehman.com>
Message-ID: <9402091919.AA01142@axon.cs.byu.edu>


>  [...] the interview
>  I did with Tim May on my radio show last year, which was very good;
>  the guy who promised to transcribe the tape screwed me, and so it

Do you still have copies of this tape?  I'll pay $5 for a copy of it,
too.

-----------------------------------------------------------------------------
Kevin S. Van Horn     | It is the means that determine the ends.
kevin at bert.cs.byu.edu |





From cfrye at ciis.mitre.org  Wed Feb  9 12:12:22 1994
From: cfrye at ciis.mitre.org (Curtis D. Frye)
Date: Wed, 9 Feb 94 12:12:22 PST
Subject: CFI- Foreign Available Cryptography Resources
Message-ID: <9402092015.AA15377@ciis.mitre.org>


The Clinton Administration has transformed its Clipper/Capstone proposal
into a definitive policy that could pave the way for banning all
non-Clipper crytography in the United States.  I agree with most everyone
who reads these groups:  the thought scares the hell out of me, especially
given the "fight crime" mandate from recent public opinion polls.

I posted some of these thoughts in response to David Banisar's 7 February
press release on CPSR's reaction to the announcement.  In that post, I
offered to compile a list of cryptographic tools and resources that were
available outside of the United States (i.e., machines not physically
located in the US) if such a list hadn't already been done.  Stanton
McClandish indicated that it hadn't and urged me to "GO FOR IT!".

I'm going for it, but I need your help.  My work account with ftp access
will go away this Friday and the dial-up lines to my school account are
constantly busy.  I should have a digex.com account within the next two
weeks, but until then I won't have reliable archie/veronica/gopher access
to the Internet.

That's one reason I'm asking for help (the other is the sheer enormity of
searching every non-US machine).  If you live outside of the US or visit
non-US machines on occasion and know they store crypto resources, please
send me a directory listing at this email address (for now).  Also, if
there are any readme files or other program descriptions in those
directories, I would appreciate receiving an electronic copy of them as
well.

Furthermore, if any of you have product information about foreign-made
cryptographic equipment or software, I would be interested in seeing that
as well.  I can be reached by snail mail at:

Curtis D. Frye
100 Yeonas Cir. SE
Vienna, VA 22180
USA

I look forward to your support and hope to report back in a few weeks with
some preliminary results.


Curtis D. Frye
PRIVATE! Citizen
I don't speak for MITRE, they don't speak for me.







From hughes at ah.com  Wed Feb  9 12:12:24 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 9 Feb 94 12:12:24 PST
Subject: ANNOUNCE: February meeting--"True Names"
Message-ID: <9402091941.AA04783@ah.com>


ANNOUNCEMENT
============

February 1994 Bay Area cypherpunks meeting

Saturday, February 12, 1994
12:00 noon - 6:00 p.m.
Cygnus Support Offices, Mt. View, CA, USA


  Our theme this month is "True Names", after the Vernon Vinge story.
We'll be talking about pseudonymity in virtual environments, whose
current implementations include MUD's, MOO's, Habitat, and various
other shared online environments.

  The schedule as of right now includes Chip Morningstar, co-author of
Habitat, speaking about that project and maybe what he's working on
currently.  I think some BayMOO folks are going to do something, but
that's not confirmed.  Other speakers will likely be added.  Plus the
usual mix of monthly progress reports and current events discussion.

  The March meeting theme is "Politics", a none-too-unusual topic,
except next month it's featured.  Start up the rhetoric-machines now;
we're going to have a soapbox session and possibly prizes for best
rant.

Eric

-----------------------------------------------------------------------------
[Directions to Cygnus provided by John Gilmore. -- EH]

	Cygnus Support
	1937 Landings Drive
	Mt. View, CA  94043
	+1 415 903 1400   switchboard
	+1 415 903 1418   John Gilmore

Take US 101 toward Mt. View.  From San Francisco, it's about a
40-minute drive.  Get off at the Rengstorff Ave/Amphitheatre Parkway
exit.  If you were heading south on 101, you curve around to the
right, cross over the freeway, and get to a stoplight.  If you were
heading north on 101, you just come right off the exit to the
stoplight.  The light is the intersection of Amphitheatre and
Charleston Rd.  Take a right on Charleston; there's a right-turn-only
lane.

Follow Charleston for a short distance.  You'll pass the
Metaphor/Kaleida buildings on the right.  At a clump of palm trees and
a "Landmark Deli" sign, take a right into Landings Drive.  At the end
of the road, turn left into the complex with the big concrete
"Landmark" sign.  Follow the road past the deli til you are in front
of the clock tower that rises out of one of the buildings, facing you.
Enter through the doors immediately under the clock tower.  They'll be
open between noon and 1PM at least.  (See below if you're late.)

Once inside, take the stairs up, immediately to your right.  At the top
of the stairs, turn right past the treetops, and we'll be in 1937 on 
your left.  The door is marked "Cygnus".

If you are late and the door under the clock tower is locked, you can
walk to the deli (which will be around the building on your left, as
you face the door).  Go through the gate in the fence to the right of
the deli, and into the back lawns between the complex and the farm
behind it.  Walk forward and right around the buildings until you see
a satellite dish in the lawn.  Go up the stairs next to the dish,
which are the back stairs into the Cygnus office space.  We'll prop
the door (or you can bang on it if we forget).

Or, you can find the guard who's wandering around the complex, who
knows there's a meeting happening and will let you in.  They can be
beeped at 965 5250, though you'll have trouble finding a phone.

Don't forget to eat first, or bring food at noon!  I recommend hitting
the burrito place on Rengstorff (La Costen~a) at about 11:45.  To get
there, when you get off 101, take Rengstorff (toward the hills) rather
than Amphitheatre (toward the bay).  Follow it about ten blocks until
the major intersection at Middlefield Road.  La Costen~a is the store
on your left at the corner.  You can turn left into the narrow lane
behind the store, which leads to a parking lot, and enter by the front
door, which faces the intersection.  To get to the meeting from there,
just retrace your route on Rengstorff, go straight over the freeway,
and turn right at the stoplight onto Charleston; see above.

See you there!

	John Gilmore








From hughes at ah.com  Wed Feb  9 12:22:23 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 9 Feb 94 12:22:23 PST
Subject: typo in ANNOUNCE: February meeting--"True Names"
Message-ID: <9402092001.AA04887@ah.com>


As was pointed out to me:

>It's Vernor Vinge.  Not Vernon Vinge.

It was a typo.  Oops.

Thanks to my corrector.

Eric





From rcain at netcom.com  Wed Feb  9 13:17:27 1994
From: rcain at netcom.com (Robert Cain)
Date: Wed, 9 Feb 94 13:17:27 PST
Subject: Crypto Regulation Reform
In-Reply-To: <9402091330.AA11900@vail.tivoli.com>
Message-ID: <199402092116.NAA28863@netcom8.netcom.com>


Mike McNally sez:
> 
> 
> Robert Cain writes:
>  > > Would disclosing the encryption algorithm put your patent claim at
>  > > risk?
>  > 
>  > 'Fraid so.  R, S and A almost blew it by disclosing theirs in a paper
>  > before filing.  
> 
> So your encryption algorithm (not the key exchange part; the
> bit-stream encryptor) is not a well-known (or at least published)
> algorithm?  Hmm...

No, I am doing the same kind of thing as most people, using my protocol
to exchange an IDEA key for the actual real-time decrencr.  (Short word
I just coined for decryptor/encryptor as in modem or codec :-)


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From levine at blatz.cs.uwm.edu  Wed Feb  9 13:22:25 1994
From: levine at blatz.cs.uwm.edu (Prof. L. P. Levine)
Date: Wed, 9 Feb 94 13:22:25 PST
Subject: Canadian voice recognition article
Message-ID: <199402092117.PAA04795@blatz.cs.uwm.edu>


May I post this in your name in my comuter privacy digest?  I got this
from a source here on campus.  Do I have your permission?

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of Computer Privacy Digest and
Professor of Computer Science     | comp.society.privacy.
University of Wisconsin-Milwaukee | Post:                comp-privacy at uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request at uwm.edu
 ---------------------------------+-----------------------------------------

Craig McKie muttered something about...
>From owner-cypherpunks at toad.com  Thu Feb  3 19:52:39 1994
From: cmckie at ccs.carleton.ca (Craig McKie)
Message-Id: <9402040124.AA03270 at superior.YP.nobel>
Subject: Canadian voice recognition article
To: cypherpunks at toad.com
Date: Thu, 3 Feb 94 20:24:59 EST
X-Mailer: ELM [version 2.3 PL11]

Spy Agency works on eavesdropping device for phones, faxes
New snoop gadget would identify voices carried through air

The Canadian Press

Used on page 1, Ottawa Citizen, Monday January 31, 1994

   An elite wing of Canada's spy agency is secretly developing devices
that can monitor and identify voices carried through the air by phone,
fax and radio signals, according to a broadcast report citing
government documents.
   The Communications Security Establishment is a super-secret branch
of the Canadian Security Intelligence Service that specializes in
gathering signals intelligence - SIGINT to insiders.
   Since 1989, the CSE has awarded three contracts worth $1.1 million
to a Montreal firm to make machines that can quickly isolate key words
and phrases from the millions of signals the CSE monitors each day,
CTV reported Sunday.
   In May 1983, the CSE awarded the Centre de Recherche Informatique
de Montreal a contract to develop a "speaker identification system,"
which can pick voices from the electronic haze and identify them.
   "Its frightening," says Bill Robinson, a researcher with the peace
group, Project Ploughshares. "It has Orwellian potential to sweep
through everybody's conversations. As computers get faster and faster,
theoretically, one would be able to keep records of all
conversations."
   The CSE is supposed to provide the federal government with foreign
intelligence, but parliamentarians have often voiced concerns about
the agency's potential to violate the privacy of Canadians.
   Liberal MP Derek Lee, the head of a Commons committee that oversees
Canada's spy agency, said the CSE is overstepping its mandate.
   "Have they been asked, or have they decided for themselves to take
on a new role that requires them to analyse the human voice? And if
they have, they've gone beyond what I think they've told us."
   The CSE is accountable to Parliament through the defence minister.
   But Defense Minister David Colonette told CTV her was unaware of
the CSE's latest electronic snooping projects.
   "This is the first I've heard of this," Collenette said. "It is
certainly something I'll discuss with my officials."
   While in Opposition, the Liberals pledged to make the CSE more
accountable.
   With a budget of about $250 milliojn and more than 800 employees
the CSE operates out of a building on Heron Road in Confederation
Heights surrounded by a barbed-wire fence.
   Its work is considered so sensitive that employees are told not to
take commercial flights, in case the plane is hijacked and they are
held hostage.



-- 
e x  t  r   a   p   o  l  a  t e			       steve j. white
_____________________________________________________________________________

Gort, klatu barada nicto.			     aragorn at csd4.csd.uwm.edu





From rcain at netcom.com  Wed Feb  9 13:47:26 1994
From: rcain at netcom.com (Robert Cain)
Date: Wed, 9 Feb 94 13:47:26 PST
Subject: Talking to strangers (was: Crypto Regulation Reform)
In-Reply-To: <9402091333.AA11915@vail.tivoli.com>
Message-ID: <199402092143.NAA01697@netcom8.netcom.com>


Mike McNally sez:
> 
> 
> Matthew Gream writes:
>  > Earlier, Robert Cain wrote:
>  > 
>  > > We shall see.  I contend that with this I can establish a spoof-proof
>  > > point to point with a total stranger...
> 
>  > If I understand you correctly, your asserting that without _any_ prior
>  > knowledge of the person you are communicating to, and without any form
>  > of online checks before or during your authentication mechanism, that
>  > you can be _sure_ you're talking to said stranger ? 
> 
> If Mr. Cain needs somebody to spearhead his marketing campaign, I'm
> sure this feature would be enough to convince L. Detweiler to provide
> his services pro bono.

Love it!  I don't know the full Detweiler story, could someone fill me
in via email?

I missed Matthew's post somehow but, yes, I am asserting that you can be
speaking with someone you have not spoken to before and can go secure
at any point in the conversation.  You can see how useful this could
be to business.  Many large companies have spent bundles on secure
phone systems within their organizations yet are still vulnerable
when making calls across company boundries.  With my widget it's quite
easy to provide this in a distributed way, only to those individuals
that require it and it crosses company boundries securely as well.

Until the full functionality is in an ASIC, the cost, while lower than
a computer modem, is still not yet what a large mass of the public
would dish out so I am counting on business from business to make it
cheap enough to be easily affordable by folks like you and I.

BTW I agree totally with an earlier post that all I have presented so
far is vapor and unsubstantiated assertions.  Why bother talkin' at all
now when I've been sittin' on it for a year?  I really do have my
reasons and they are objective, some having to do with fear of
"interference" from the fed.  Perhaps more on them in the future.  All
will become clear.  :-)


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From mg5n+ at andrew.cmu.edu  Wed Feb  9 13:47:26 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Wed, 9 Feb 94 13:47:26 PST
Subject: What's a "real encryptor"?
In-Reply-To: <199402090702.XAA04365@mail.netcom.com>
Message-ID: <chKJWvO00awIJMUW5z@andrew.cmu.edu>


Karl Lui Barrus <klbarrus at owlnet.rice.edu> wrote:

> The program I described earlier (RSA.tar.Z) is pretty minimal.
> Secret keys are just text, not locked by a hash of a passphrase,
> no "name" information attached.  Public keys are the same: no
> username attached, no web of trust, etc.  The output is in
> binary form, with no headers or checksums or anything.
> PGP has keyrings, this program requires you to keep track of
> seperate public keys on your own.

Does this program exist?  If so where can I get it?





From rcain at netcom.com  Wed Feb  9 14:02:27 1994
From: rcain at netcom.com (Robert Cain)
Date: Wed, 9 Feb 94 14:02:27 PST
Subject: Crypto Regulation Reform
In-Reply-To: <9402091548.AA02439@cleo.MasPar.Com>
Message-ID: <199402092200.OAA04056@netcom8.netcom.com>


Jay R. Freeman sez:
> 
> > So, I'll be back to discuss this further when I can freely.
> 
>   May you have all the best of luck!                  -- Jay Freeman

I really appreciate that.  The reception here to the possiblity of
something we all wish for has astonished me with its negativity.  In
some cases it has gone *way* beyond healthy skepticism which I would
expect.  Hey, I'm on the same side as you guys!  It is in fact the
other side that prevents me from full disclosure.  This thing would be
in the patent mill and fully disclosed were it not for my fear that it
will be classified at the filing stage and supressed.  Grok?  I am
still stumped by this uncertainty and not quite ready to simply give it
away.  If I could somehow find out whether it will be or won't be
classified without actually filing all the details we'd be off to the
races.  If I were absolutely certain it would be classified I would
simply give it away here or elsewhere rather than file.  Conversely if
I were certain it would not be classified I would simply file and it
would be available in that form for your contemplation whether or
not they decide to ultimately grant it.  It's a real catch 22 for me.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From jdblair at nextsrv.cas.muohio.EDU  Wed Feb  9 14:47:29 1994
From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU)
Date: Wed, 9 Feb 94 14:47:29 PST
Subject: thanks for prodigy info
Message-ID: <9402092244.AA17516@ nextsrv.cas.muohio.EDU >


Thanks to everyone who squashed Prodigy hard drive scan rumour.

-john.	




From jmdk+ at andrew.cmu.edu  Wed Feb  9 15:07:28 1994
From: jmdk+ at andrew.cmu.edu (Jason C Miller)
Date: Wed, 9 Feb 94 15:07:28 PST
Subject: I support HR 3627
In-Reply-To: <9402091705.AA05096@media.mit.edu>
Message-ID: <4hKKjWS00WB3ILZJ1t@andrew.cmu.edu>



EFF Is making it all the easier to support the bill.

mail "cantwell at eff.org"
with the subject line "I support HR 3627"
and cast a vote in favor of crypto freedom

Jason


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                              Jason Miller
                  jmdk at andrew.cmu.edu or dyn at cs.cmu.edu
  Anyone could be reading your mail, encrypt it. PGP Public key via finger.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
          "Desire is a terrible thing, it makes the world go bind."






From owner-cypherpunks  Wed Feb  9 16:53:04 1994
From: owner-cypherpunks (owner-cypherpunks)
Date: Wed, 9 Feb 94 16:53:04 PST
Subject: No Subject
Message-ID: <9402100053.AA26011@toad.com>







From owner-cypherpunks  Wed Feb  9 17:08:10 1994
From: owner-cypherpunks (owner-cypherpunks)
Date: Wed, 9 Feb 94 17:08:10 PST
Subject: No Subject
Message-ID: <9402100108.AA26278@toad.com>







From mcable at Jade.Tufts.EDU  Wed Feb  9 18:41:15 1994
From: mcable at Jade.Tufts.EDU (Matt Cable)
Date: Wed, 9 Feb 94 18:41:15 PST
Subject: OK
Message-ID: <Pine.3.07.9402092106.A2314-a100000@jade.tufts.edu>



The Bouncing is getting annoying.  I've gotten 15-20 copies of one letter
and 5-7 of another.  Could someone figure out who's bouncing posts so I'm
not checking my mail every 2 minutes.  Thanks!


*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
         ^   		   mcable at jade.tufts.edu	Matt Cable
       <0-0>		 wozzeck at axposf.pa.dec.com	MTUC Jackson Labs
-----o00-O-00o-----	wozzeck at mindvox.phantom.com	Tufts University
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*






From tien at well.sf.ca.us  Wed Feb  9 19:00:14 1994
From: tien at well.sf.ca.us (Lee Tien)
Date: Wed, 9 Feb 94 19:00:14 PST
Subject: Whit Diffie's comments
Message-ID: <199402100241.SAA05952@well.sf.ca.us>



A few days ago John Gilmore forwarded some comments from Whit.

I was curious about one in particular, where Whit said:

"Despite all the assurances, there is another trap door in the 
algorithm that will be used in reading foreign traffic.  A publicly
[sic] explainable mechanism is needed if the intercepts are to be used
in court, but not if they are to be 'Handled Via COMINT Channels Only.'"

I don't understand this comment -- at least I don't think I do.  Is
this a reference to some provision of federal law or a secret directive?
I dimly recall from my reading of Bamford, or some other book about 
the intelligence agencies, that there's a statutory "NSA exception"
re electronic interceptions.  Is that what's being referred to here?
If so, can anyone provide a citation?  I'd like to take a look at it.

Lee Tien





From frissell at panix.com  Wed Feb  9 19:06:59 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 9 Feb 94 19:06:59 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <199402100240.AA23564@panix.com>


An interesting article in the London Daily Telegraph (today's?):

(Keyboarding by my daughter Tiia) 
 
Neo-Nazis Salute Computer Technology
 
Computer technology is transforming Germany's disparate neo-Nazi scene 
into a unified movement by granting instant access to a central 
information system co-ordinating demonstrations and disseminating 
propaganda, according to a senior intelligence official.
 
Herr Ernst Uhrlau, head of Hamburg's office for the protection of the
constitution, said:  "German's RIght wing is taking up the character of a
movement.
 
Until now, we have only seen this in the Left wing, but the various
Righ-wing groups, who all yearn for hierarchy and leadership, are using
modern communications systems such as computers, mail boxes and 
information telephones to co-ordinate their activities."
 
Herr Uhrlau, whose office gathers intelligence on activities likely to
undermine state security, said that it was only by using mobile
communications networks that the Right wing was able to hold illegal 
rallies in 1992 and 1993 on the anniversary of the death of Rudolf Hess, 
Hitler's deputy.
 
He was also concerned about the infiltration of univeristy student
fraternities by Right-wing ideologues who were spreading their views
through notice boards, pamphlets, and newspapers.
 
The chief co-ordinators of German's Right-wing movement work through a
national computer network named "Thule", after the small elite 1920s
movement which preceded the Nazi party.
 
It consists of at least 12 "mailbox" computer lines linked to a national
network on which individuals can exchange messages and receive 
information.  The system is designed to be accessed only by bona fide 
political sympathisers.
 
To join the inner circle, you much leave your name, telephone number and
address, according to the monthly computer magazine Chip, which has
pentrated the Thule network.
 
Only if you pass a loyalty test while being questioned on the phone will 
you be given the full access codes.
 
Chip belives that 1,500 of Germany's 42,000 Righ-wing extremists use the
Thule network which, apart from co-ordinating demonstrations, gives out
information on such matters as how to start your own newspapers or make a
bomb [Both equally illegal activities in the BRD -- Editor's note].
 
Police have so far found it impossible to discover who is running any of 
the notice boards, since much of the information is only available for a 
brief period and suppliers use pseudonyms.
 
Thule also provides an international link.
 
Of particular concern to the authorities are connections with Gary Lauck,
self-proclaimed head of America's neo-Nazis, whose organisation in 
Nebraska is believed to be behind the mailing of a computer disk called 
"Endsieg" (Final Victory) which contains bomb-making instructions.

**************** 

DCF

Fascism - A totalitarian political philosophy based on government control 
of the economy via regulation a variation of socialism which usually 
emphasizes government control of the economy by direct ownership of 
economic institutions.

"Johnny.  Can you use 'fascism' and 'socialism' in a sentence."

"Bill Klinton is a 'fascist'; Heillary Klinton is a socialist."

"Very good, Johnny."

--- WinQwk 2.0b#1165
                                                                        





From paul at hawksbill.sprintmrn.com  Wed Feb  9 19:10:16 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 9 Feb 94 19:10:16 PST
Subject: KILL Robert Cain mail
Message-ID: <9402100158.AA15898@hawksbill.sprintmrn.com>



see subj line






From rcain at netcom.com  Wed Feb  9 19:14:58 1994
From: rcain at netcom.com (Robert Cain)
Date: Wed, 9 Feb 94 19:14:58 PST
Subject: Testing
Message-ID: <199402100210.SAA23770@mail.netcom.com>



to see if 20 some copies of this note also go to the list.  Sorry about
that last one, I've never had that problem from netcom before and sorta
suspect it is the list software.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From rsavel at welchlink.welch.jhu.edu  Wed Feb  9 19:18:53 1994
From: rsavel at welchlink.welch.jhu.edu (Richard Savel)
Date: Wed, 9 Feb 94 19:18:53 PST
Subject: What's a "real encryptor"?
In-Reply-To: <ghK194200awHJYq0de@andrew.cmu.edu>
Message-ID: <Pine.3.87.9402092020.A9950-0100000@welchlink.welch.jhu.edu>



please take me off this list
Richard Savel
rsavel at welchlink.welch.jhu.edu







From rcain at netcom.com  Wed Feb  9 19:20:14 1994
From: rcain at netcom.com (Robert Cain)
Date: Wed, 9 Feb 94 19:20:14 PST
Subject: Crypto Regulation Reform
In-Reply-To: <m0pUQk4-00010YC@infinity.hip.berkeley.edu>
Message-ID: <199402100302.TAA02278@mail.netcom.com>


Sameer sez:
> 
> 	Idea:
> 	Apply for the patent. If they decide to classify it release
> the idea through the anonymous remailers.

Right, spend a bunch of money for nothing and risk prison for "espionage".
I think that is what they charge you with when you release classified
info.  No thanks, Sameer.  There isn't an anonymous mailer yet that I
would trust and do you honestly think my account (hell, my life) would
not be monitored if such a classification were to occur?

I do have an idea though that might satisfy the skeptics.  I will
divulge the method to *one* of you for evaluation that is considered
capable and trusted by this community at large under a non-disclosure
agreement if my attorney says there is such a thing that can be written
between individuals which has teeth.  If anybody wants to take me up on
this, first get permission from the individual and email me the name
and email address.  He/she must have PGP and it must reside on a stand
alone machine connected only by a modem to another machine on the net.
Fair enough?  I would prefer someone that has followed everything in
crypto though for a few years to help me determine if there is in fact
any prior art I am not aware of.  That was one of the reasons I brought
it up here, to see if I would get a bunch of "It's already been done"
responses.  None so far.

In fact if that person is the creative type and can bring something
to the party (I think there is a way to make it even more secure
between strangers but I haven't been able to tease it out of my 
brain completely yet) I would conider co-filing with that person.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From warlord at MIT.EDU  Wed Feb  9 20:10:16 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Wed, 9 Feb 94 20:10:16 PST
Subject: For Pr0duct Cypher
Message-ID: <9402100404.AA19023@toxicwaste.media.mit.edu>


I really wish there were some way to email you directly.  I really
hate wasting bandwidth like this...  (For everyone else, I'm sorry.
Please hit 'd' now).

-derek

-----BEGIN PGP MESSAGE-----
Version: 2.3a

hIwCwagUhZdVih0BBACXtR1JP6vWKBEaN3LaxpRbRorRpvmsA3MOD4Sco+F5RgvH
xgO5dVBh0aRwDV3zbNLSIk6lF0MpmINu6uRqiwH/OlFErV+ALeSG4RkWONUdpYz+
MZs4vbRuMqjf8rFdF9JORy7Oq0bGY030/HicCP1Zv8HVxOCEL9LZbUYAhZDobaYA
AAWV4D6AjWA2gRZrHsycYEV5U2Pc48wq8Rcg5lIKvNTfFYJ+6RufwHfK/7J8kJHJ
xzTg7a2l4WiEnsb+VT1en+7hfIi5K2HZ2uFtyY9kqikdi/zPgjBsT/TM5eyvxRV1
MrCSltSmHXzbKxC9QWk3zuqb8LKjA8495hx6VRv4s2KT4rua6ntmsEopJtCTsK6g
fQKESkiZYi7gb6b0LaI/jgZ1vY9pnM8JerKzi8A8QfP1Ck5mQu+0ldyEekSGChv8
zGTkhJrwK+ZIPynT/uwks7SUk7YKRv28ezIVGzp7mSk+7oGWvlZEYBGfQOGJwlqX
vriYdzfmmbSqkLZw5/Y9awq3+7xF6gjBkgiqdoKbi5sIuFodhLoky/W7KnRqYzi9
jW4FS1JUZncJXlEFYBcmHA+7JzjFIu9nplRjR7SaIF58xwUphyZ8pVweIi/JZiwc
5E/CVRlR3VuBebY69bTcBJKZZ2HJDm2zEsWh/ggjRSEkH+sE9r8WaKRPwvPtlEZA
Tigp2a5O9DFLAuuK0KpRWiZoOAd++haYSgGhRfqa5lsCfCsAjcNXIKWNwxpGFTsL
9r/Xr4L6n+3RIiTx8rZQam+83a3YUCO0Ems/JGfbSqckF4/MUJPbLX/HDnmIlRbW
lXhDtaNIO7zy4O57cxhgAUQHTg5Yx53YSUxXShHnSz1Cw/2gbv5izlV93tLTIeq/
dVDFDqfnC4hGvLb84y9xSz1n3QnPANSWCGvcybHDX1nNph4iZRPiQfNtWtR7Hbj2
IxmOMI63IAIbou1ybcLFe/GVXpQC7NA42IfDBPnRt/JjwybrYdRa6Gp2dLoW/dge
xFTKo1r4B4EW1hpa5ldWDhoC5yT21MX1rocSp+Zqf+rKiRSnx7gPO7ESpX1xidO5
3ffieyuSaARvSaa/2BnK2A/J7jss45S0KW78/rz4RmSCGBVeg17+VFutSPKNyr+b
r3GGeYf83lz9sugdbB2CHLmb22hNvWyWilPL0WhPpgxmjTo0fpQKgkfM7mdKlTCz
jGOlbH+EfL8kL837FKQOX74Ban1iDCdwFSIlkYWLJLxIz05J6CayPkUzPVDsJUUT
nUjEKZoe9S99CCkm4OqDlMrX7zWiwbUQj6Pe/JwxnoGEAvz8GwDYHlQDhm9t8Wom
p1pEKbQDLxkpIuEEp7C96cartcq3fun1vmEUuwhlKXoj6p+nXR0NxuUbQPhYnmHH
xKTBgOzDC1n7OXC7/5SmdWRvygnKKwl6KI/IZ4TK6gCyv5YwN6HS7/pJNOnb075h
WQFKi+Fy9QvgojGxp7+04DV6ZbUwy/UQsVUjHjmCEXGMBF1C23thawRjmcCBOC01
0QKRYlHMerEKvY2tHpvGl4TWM+W/xDXQbUZmDBE7FL2O2Nb5BdNpV+BrxejE8yb0
XBgq127JAzAqMMLTgEkc+SnT24nBrNQxAVuapsvwkUxJ2W7XjouGUjP0t9miYQCg
aoIpagGEdIuznve/ZwBfJaXl1GLT8VTmvIU/zTsdJih1U6bzZvERwwDHpwMJx+hI
b1sQXZdxagOGuV/W+g3ErTJlqrZFTPBh6beLll99ibD6V6mjYMCI1ho4Nqzx/gHN
a7gXyfueIb+Ft7vJ4xU70X099ZSbei4U+Gr0ahKkxIrMEw7gUrbv55kKEHNRHV6w
RwwVrJ+GsApGD31mwAcT+VYnnQ5Ye/617cwQ5b+fL5tVNvGrtvGxb00+BOZl5X72
b86sy6zjRxliBi1sv4itk+5XgQrrc8krTbGUQ+561m9iHwjrEsMkFfEvLfMRbate
fNL/bz6cAZnqz5t9i62Neydh2RQqp/QDsrcj6O6quwdrEvm4wVTS5Ysh/8T390dt
0uqqi+4Amr3egZkGeBTYQyjo3jmGmZxdZWD2lLCowYFMeFxwLdnNKw==
=Fxw+
-----END PGP MESSAGE-----





From anonymous at extropia.wimsey.com  Wed Feb  9 20:30:16 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Wed, 9 Feb 94 20:30:16 PST
Subject: Bug in PGP MPI library
Message-ID: <199402100406.AA10198@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

Someone please prove me wrong, but I think there is a bug in the function
mp_modexp_crt (RSA decryption and signing) in PGP23a's MPI library. Attached 
to this message is a program which demonstrates the bug.

While testing Magic Money for lingering bugs, the client gave the error
"Coin from server has bad signature!" I tried again with different coins,
and the program worked. The proto.dat file had been cleared as the coins
were read, so there was no way to repeat the error.

I set up a batch file to repeatedly cycle coins between the client and the
server, backing up proto.dat each time. After an hour or so, the error
happened again, and I started tracing it. There didn't seem to be any bug
to find. For this particular coin, the unblinded coin was garbage. For any
other coin, the program worked.

I wrote this test program, bug.c, to find the error. It uses the same coin, 
blinding factor, public, and secret key as Magic Money was using when it 
crashed. The program first blinds the coin, then signs it, then unblinds it, 
decrypts the RSA signature, and displays the results.

If you just run "bug", Here's what happens:

>bug 

e=0001 0015 
n=A8DF 1E61 234B E660 800A 4167 40A9 102D 
  FC01 6962 AD6C BE39 2664 92AE E8B4 CE3A 
  93EB F4BE FFD1 104A DB81 2F95 684E C188 
  0901 379C 99BC 5E24 7EC2 660B 1463 139F 
d=4612 D56D AA0A B760 3561 60C6 EE7A 5CE8 
  A74B D0C9 501E D7B1 C145 D654 3B38 E90A 
  6FF4 BC13 221E E354 345D B789 38D6 3427 
  DA7A 48D6 570C 3860 FC86 0B8F AB80 FCE5 
p=C737 3481 985A B4B3 4E0F 0ECB 8E58 1B49 
  74F4 70D4 0B81 CF2C F858 781F D70F 79EB 
q=D901 B376 D73A 2163 56D8 3B7B EE02 73F8 
  9A3F E7FD AC56 F4D9 E072 CECF 85B1 CC1D 
u=825E FE26 ED64 7E91 6256 A8E8 3DC7 C8E5 
  0E52 46FE 56B0 B3C9 3559 2C03 BFA1 C06B 

original coin=0001 FFFF FFFF FFFF FFFF FFFF FFFF FFFF 
	      FFFF FFFF FFFF FFFF FFFF FFFF FF00 3020 
	      300C 0608 2A86 4886 F70D 0205 0500 0410 
	      14C1 A83C 1B84 FCAD 472F 6425 3F74 7C80 

blinding fact=005B 52D8 BA8D 6AE9 4652 8C2D 5CBB 4BEB 
	      D0C7 80C9 48BC 797A CDEE BDE0 E53D 4329 
	      9E7A 00B3 8FF1 5BA4 E78B 81C8 C99A 9C16 
	      CFA7 33A3 93D0 A5C0 7604 8F85 87D9 4D31 

 blinded coin=797B A351 2280 62DC 1D02 84F8 1812 52E8 
	      152B A421 D7C8 8CD1 E061 776C 138A 9776 
	      E2D6 5764 AF64 4C21 D589 176D 0FD2 F346 
	      7A45 5EB9 7E1F 964A 189C 55BC FD53 0775 

  signed coin=9994 B5AF A3A5 7B30 9058 5D76 C531 3EF2 
	      81F6 B973 3805 2673 C8D3 C4A8 051A 4979 
	      7882 F598 BB66 57C8 8104 76BB 06D7 F85D 
	      4AA1 AEF3 18EC A105 C8B2 64D4 96ED 6BE4 

   final coin=2EF9 8656 2799 3071 692A D693 3EF3 AF4D 
	      D296 B6AE E3A3 A283 94B1 242E 43BD 9042 
	      086A CCED 5A0A A4F4 F4A9 C1FE B3D0 5C22 
	      BF60 D14D 717F C188 4701 57E5 C9E1 5A77 

	      Notice that the final coin is gibberish.

By running "bug b" it increments the blinding factor by one, then performs
the same calculation.

>bug b 

original coin=0001 FFFF FFFF FFFF FFFF FFFF FFFF FFFF 
	      FFFF FFFF FFFF FFFF FFFF FFFF FF00 3020 
	      300C 0608 2A86 4886 F70D 0205 0500 0410 
	      14C1 A83C 1B84 FCAD 472F 6425 3F74 7C80 

blinding fact=005B 52D8 BA8D 6AE9 4652 8C2D 5CBB 4BEB 
	      D0C7 80C9 48BC 797A CDEE BDE0 E53D 4329 
	      9E7A 00B3 8FF1 5BA4 E78B 81C8 C99A 9C16 
	      CFA7 33A3 93D0 A5C0 7604 8F85 87D9 4D32 

 blinded coin=7010 DE32 C491 A343 F041 2779 BA9B BEF3 
	      C394 3DAE 2B48 8110 2260 7D18 876A 820F 
	      AFB1 9913 6E77 4D95 185E 17F7 2496 7137 
	      8212 5509 B641 D3BD F67A 685A 0A20 8B9B 

  signed coin=2879 A082 C7DE 2BFC C39D 8E21 F245 17B7 
	      96DC 2458 A201 4756 DA93 8D09 23F2 7741 
	      964C 1984 5A15 AC6F 4AD7 50AB CE98 5E12 
	      CDC6 C1F8 5F14 8699 3FB7 036F B439 F39A 

   final coin=0001 FFFF FFFF FFFF FFFF FFFF FFFF FFFF 
	      FFFF FFFF FFFF FFFF FFFF FFFF FF00 3020 
	      300C 0608 2A86 4886 F70D 0205 0500 0410 
	      14C1 A83C 1B84 FCAD 472F 6425 3F74 7C80 

	      The final coin is now correct.

By running "bug c" the coin itself is incremented by one, but the blinding
factor is not incremented.

>bug c 

original coin=0001 FFFF FFFF FFFF FFFF FFFF FFFF FFFF 
	      FFFF FFFF FFFF FFFF FFFF FFFF FF00 3020 
	      300C 0608 2A86 4886 F70D 0205 0500 0410 
	      14C1 A83C 1B84 FCAD 472F 6425 3F74 7C81 

blinding fact=005B 52D8 BA8D 6AE9 4652 8C2D 5CBB 4BEB 
	      D0C7 80C9 48BC 797A CDEE BDE0 E53D 4329 
	      9E7A 00B3 8FF1 5BA4 E78B 81C8 C99A 9C16 
	      CFA7 33A3 93D0 A5C0 7604 8F85 87D9 4D31 

 blinded coin=5F91 E5B7 95F7 C37B 5CE6 F0A3 A7CC A51B 
	      7C0E ED85 2E2D CE1F F8E8 75B0 1559 7945 
	      0CA5 BE69 AD2E A75E 5F4E 1D8E 0704 DA3B 
	      8957 D63C E195 1078 5E75 0F31 7E7C DA68 

  signed coin=4A0B EA0E C336 DE7E 3BC6 0448 9B4B 6185 
	      9964 91BD 3A5E E424 520D 2AEF BF9A 7FBA 
	      382C 136C 0FA4 9D58 A237 8160 C00C EE76 
	      5817 D39E 92B6 BD6F 05DD 91CE 4C97 CB85 

   final coin=0001 FFFF FFFF FFFF FFFF FFFF FFFF FFFF 
	      FFFF FFFF FFFF FFFF FFFF FFFF FF00 3020 
	      300C 0608 2A86 4886 F70D 0205 0500 0410 
	      14C1 A83C 1B84 FCAD 472F 6425 3F74 7C81 

	      Again, the final coin is correct.

By running "bug r" everything happens as though you just ran "bug". Neither
the blinding factor or coin is incremented. But, the program uses the slower
mp_modexp instead of mp_modexp_crt to perform the signature.

>bug r 

original coin=0001 FFFF FFFF FFFF FFFF FFFF FFFF FFFF 
	      FFFF FFFF FFFF FFFF FFFF FFFF FF00 3020 
	      300C 0608 2A86 4886 F70D 0205 0500 0410 
	      14C1 A83C 1B84 FCAD 472F 6425 3F74 7C80 

blinding fact=005B 52D8 BA8D 6AE9 4652 8C2D 5CBB 4BEB 
	      D0C7 80C9 48BC 797A CDEE BDE0 E53D 4329 
	      9E7A 00B3 8FF1 5BA4 E78B 81C8 C99A 9C16 
	      CFA7 33A3 93D0 A5C0 7604 8F85 87D9 4D31 

 blinded coin=797B A351 2280 62DC 1D02 84F8 1812 52E8 
	      152B A421 D7C8 8CD1 E061 776C 138A 9776 
	      E2D6 5764 AF64 4C21 D589 176D 0FD2 F346 
	      7A45 5EB9 7E1F 964A 189C 55BC FD53 0775 

  signed coin=6613 B2B0 75FD 398B 30EE C3FD 6A84 9E7D 
	      39D2 738A 387B 4100 CD3F 0DFD C8A7 1D13 
	      7941 0CA7 BE13 1C5E 1E9F 7174 648F 494E 
	      B57B 32BA 585E DC04 45DF C40A 468E 32BC 

   final coin=0001 FFFF FFFF FFFF FFFF FFFF FFFF FFFF 
	      FFFF FFFF FFFF FFFF FFFF FFFF FF00 3020 
	      300C 0608 2A86 4886 F70D 0205 0500 0410 
	      14C1 A83C 1B84 FCAD 472F 6425 3F74 7C80 

	      The final answer is right, and the signed coin is 
	      different from the signed coin in the first example.

That pins down the error to mp_modexp_crt. Maybe I'm missing something,
but it appears there are a few values for which this function just does
not work right. If you want to try it, here's the program.

						 Pr0duct Cypher

=========================== cut 8< here =================================
/* bug.c

   Strange bug demo - "bug b" increments blinding factor
		      "bug c" increments coin
		      "bug r" uses regular mp_modexp instead of
			      mp_modexp_crt

   Compile with mpilib and mpiio, define DEBUG for mpiio
*/

#include <stdio.h>
#include <stdlib.h>
#include "usuals.h"
#include "mpilib.h"
#include "mpiio.h"

typedef unit unitarr[MAX_UNIT_PRECISION];

/* Multiplicative inverse - used for finding d */
void mp_inv(unitptr x,unitptr a,unitptr n);

char e_string[]="0001,0015h";

char d_string[]="\
4612,D56D,AA0A,B760,3561,60C6,EE7A,5CE8\
A74B,D0C9,501E,D7B1,C145,D654,3B38,E90A\
6FF4,BC13,221E,E354,345D,B789,38D6,3427\
DA7A,48D6,570C,3860,FC86,0B8F,AB80,FCE5h";

char n_string[]="\
A8DF,1E61,234B,E660,800A,4167,40A9,102D\
FC01,6962,AD6C,BE39,2664,92AE,E8B4,CE3A\
93EB,F4BE,FFD1,104A,DB81,2F95,684E,C188\
0901,379C,99BC,5E24,7EC2,660B,1463,139Fh";

char p_string[]="\
C737,3481,985A,B4B3,4E0F,0ECB,8E58,1B49\
74F4,70D4,0B81,CF2C,F858,781F,D70F,79EBh";

char q_string[]="\
D901,B376,D73A,2163,56D8,3B7B,EE02,73F8\
9A3F,E7FD,AC56,F4D9,E072,CECF,85B1,CC1Dh";

char u_string[]="\
825E,FE26,ED64,7E91,6256,A8E8,3DC7,C8E5\
0E52,46FE,56B0,B3C9,3559,2C03,BFA1,C06Bh";

char original_coin_string[]="\
0001,FFFF,FFFF,FFFF,FFFF,FFFF,FFFF,FFFF\
FFFF,FFFF,FFFF,FFFF,FFFF,FFFF,FF00,3020\
300C,0608,2A86,4886,F70D,0205,0500,0410\
14C1,A83C,1B84,FCAD,472F,6425,3F74,7C80h"; 

char blinding_factor_string[]="\
005B,52D8,BA8D,6AE9,4652,8C2D,5CBB,4BEB\
D0C7,80C9,48BC,797A,CDEE,BDE0,E53D,4329\
9E7A,00B3,8FF1,5BA4,E78B,81C8,C99A,9C16\
CFA7,33A3,93D0,A5C0,7604,8F85,87D9,4D31h";

main(int argc,char *argv[])
{
int rflag;
unitarr e;
unitarr d;
unitarr n;
unitarr p;
unitarr q;
unitarr u;
unitarr dp;
unitarr dq;
unitarr original_coin;
unitarr blinding_factor;
unitarr temp;
unitarr blinded_coin;
unitarr signed_coin;
unitarr unblinded_coin;
unitarr final_coin;

set_precision(MAX_UNIT_PRECISION);

/* Load all the values */
str2reg(original_coin,original_coin_string);
str2reg(blinding_factor,blinding_factor_string);
str2reg(e,e_string);
str2reg(d,d_string);
str2reg(n,n_string);
str2reg(p,p_string);
str2reg(q,q_string);
str2reg(u,u_string);

/* Increment variable if condition entered */
if(argc==2) {
  if(*argv[1]=='b'||*argv[1]=='B')
    mp_inc(blinding_factor);
  if(*argv[1]=='c'||*argv[1]=='C')
    mp_inc(original_coin);
  if(*argv[1]=='r'||*argv[1]=='r')
    rflag=TRUE;
  else
    rflag=FALSE;
  }

/* Display them to check */
mp_display("e=",e);
mp_display("n=",n);
mp_display("d=",d);
mp_display("p=",p);
mp_display("q=",q);
mp_display("u=",u);

printf("\n");
mp_display("original coin=",original_coin);

/* Raise the blinding factor to the power e */
mp_modexp(temp,blinding_factor,e,n);

/* Blind the coin */
stage_modulus(n);
mp_modmult(blinded_coin,original_coin,temp);

printf("\n");
mp_display("blinding fact=",blinding_factor);
printf("\n");
mp_display(" blinded coin=",blinded_coin);

/* Sign the blinded coin */
if(rflag)
  mp_modexp(signed_coin,blinded_coin,d,n);
else {
  mp_move(temp,p);
  mp_dec(temp);
  mp_mod(dp,d,temp);
  mp_move(temp,q);
  mp_dec(temp);
  mp_mod(dq,d,temp);
  mp_modexp_crt(signed_coin,blinded_coin,p,q,dp,dq,u);
  }

printf("\n");
mp_display("  signed coin=",signed_coin);

/* Invert the blinding factor */
mp_inv(temp,blinding_factor,n);

/* Unblind the coin */
stage_modulus(n);
mp_modmult(unblinded_coin,signed_coin,temp);

/* Decrypt the signed coin */
mp_modexp(final_coin,unblinded_coin,e,n);

printf("\n");
mp_display("   final coin=",final_coin);
return(0);
}

#define swap(p,q)  { unitptr t; t = p;  p = q;  q = t; }
#define iplus1  ( i==2 ? 0 : i+1 )      /* used by Euclid algorithms */
#define iminus1 ( i==0 ? 2 : i-1 )      /* used by Euclid algorithms */

#ifdef OLD_MPINV
void mp_inv(unitptr x,unitptr a,unitptr n)
	/* Euclid's algorithm extended to compute multiplicative inverse.
	   Computes x such that a*x mod n = 1, where 0<a<n */
{
	/*      The variable u is unnecessary for the algorithm, but is 
		included in comments for mathematical clarity. 
	*/
	short i;
/*      unit y[MAX_UNIT_PRECISION], temp[MAX_UNIT_PRECISION];
	unit gcopies[3][MAX_UNIT_PRECISION], vcopies[3][MAX_UNIT_PRECISION];
#define g(i) (  &(gcopies[i][0])  )
#define v(i) (  &(vcopies[i][0])  )
    Major stack space hog! */
unit *y=safemalloc(sizeof(unit)*MAX_UNIT_PRECISION);
unit *temp=safemalloc(sizeof(unit)*MAX_UNIT_PRECISION);
unit *gcopies[3];
unit *vcopies[3];
for(i=0;i<3;i++) {
  gcopies[i]=malloc(sizeof(unit)*MAX_UNIT_PRECISION);
  vcopies[i]=malloc(sizeof(unit)*MAX_UNIT_PRECISION);
  }
#define g(i) gcopies[i]
#define v(i) vcopies[i]  

/*      unit ucopies[3][MAX_UNIT_PRECISION]; */
/* #define u(i) (  &(ucopies[i][0])  ) */
	mp_move(g(0),n); mp_move(g(1),a);
/*      mp_init(u(0),1); mp_init(u(1),0); */
	mp_init(v(0),0); mp_init(v(1),1);
	i=1;
	while (testne(g(i),0))
	{       /* we know that at this point,  g(i) = u(i)*n + v(i)*a  */      
		mp_udiv( g(iplus1), y, g(iminus1), g(i) );
		mp_mult(temp,y,v(i));
		mp_move(v(iplus1),v(iminus1));
		mp_sub(v(iplus1),temp);
	/*      mp_mult(temp,y,u(i));
		mp_move(u(iplus1),u(iminus1));
		mp_sub(u(iplus1),temp); */
		i = iplus1;
	}
	mp_move(x,v(iminus1));
	if (mp_tstminus(x))
		mp_add(x,n);
	mp_burn(g(iminus1));    /* burn the evidence on the stack...*/
	mp_burn(g(iplus1));
	mp_burn(v(0));
	mp_burn(v(1));
	mp_burn(v(2));
	mp_burn(y);
	mp_burn(temp);
#undef g
#undef v
free(y);
free(temp);
for(i=0;i<3;i++) {
  free(gcopies[i]);
  free(vcopies[i]);
  }
}       /* mp_inv */

#else /* !OLD_MPINV */

/* Faster mp_inv, based on "Fast Multiplicative Inverse in Modular
 * Arithmetic", J. Gordon, in Cryptography and Coding, edited by
 * Henry J. Beker and F.C. Piper, 1989.
 * The mapping from the variables in that paper to our variables is,
 * roughly, M->n, X->a, HCF->u(iminus1), U->u(i), temp->u(iplus1),
 * INV->v(iminus1), V->v(i), temp->v(iplus1).  We rotate the assignment
 * to temp and INV in their 2nd block of code.
 */
void mp_inv(unitptr x,unitptr a,unitptr n)
	/* Euclid's algorithm extended to compute multiplicative inverse.
	   Computes x such that a*x mod n = 1, where 0<a<n */
{
	/*      The variable u is unnecessary for the algorithm, but is 
		included in comments for mathematical clarity. 
	*/
	int shifts;
	int i;
	int enterloop;
/*
	unit vcopies[3][MAX_UNIT_PRECISION],
	     ucopies[3][MAX_UNIT_PRECISION];
#define u(i) (  &(ucopies[i][0])  )
#define v(i) (  &(vcopies[i][0])  )   Stack space hog deleted */

unit *ucopies[3];
unit *vcopies[3];
for(i=0;i<3;i++) {
  ucopies[i]=malloc(sizeof(unit)*MAX_UNIT_PRECISION);
  vcopies[i]=malloc(sizeof(unit)*MAX_UNIT_PRECISION);
  }
#define u(i) ( ucopies[i] )
#define v(i) ( vcopies[i] )

i = 1;

/* Modify this to do one division at the beginning.  That makes it faster.
	mp_move(u(0),n); mp_move(u(1),a);
	mp_init(v(0),0); mp_init(v(1),1); mp_init(v(2),1);
 */
	mp_move(u(0),a); mp_init(v(0),1);
	/* Init U to n%a, V to -n/a. */
	mp_udiv(u(1), v(1), n, a); mp_neg(v(1)); mp_move(v(2),v(1));
	do {
		enterloop = 0;
		shifts = -1;
		if (mp_compare(u(i),u(iminus1)) > 0)   
		 /* if U > HCF then */
			mp_init(u(iplus1),0);
		else {
			enterloop = 1;
			mp_move(u(iplus1),u(i));
			/* temp := U */
			while (mp_compare(u(iplus1),u(iminus1)) <= 0) { 
			/* temp<=HCF */
				++shifts;
				mp_shift_left(u(iplus1)); 
				 /* leftshift(temp,1) */
			}
			mp_shift_right_bits(u(iplus1),1);
			 /* rightshift(temp,1) */
		}
		mp_sub(u(iminus1),u(iplus1));
		/* temp := HCF - temp */
		mp_move(u(iplus1),u(iminus1));

		i = iplus1;
		 /* V := tempV, tempV := INV, INV := V, */
		 /* U := tempU, tempU := HCF, HCF := U; */
		 /* (All simultaneous) */

		if (enterloop) {
			while (shifts--)
				mp_shift_left(v(i));
				 /* leftshift(V,shifts) */
			mp_sub(v(iplus1),v(i));
				 /* temp = temp - V */
		}
		mp_move(v(i),v(iplus1));  
				 /* V := temp */
	} while (testne(u(i),0) && mp_compare(u(i),u(iminus1))!=0);
	mp_move(x,v(iminus1));
	if (mp_tstminus(x))
		mp_add(x,n);
	mp_burn(u(0));  /* burn the evidence on the stack...*/
	mp_burn(u(1));
	mp_burn(u(2));
	mp_burn(v(0));
	mp_burn(v(1));
	mp_burn(v(2));

for(i=0;i<3;i++) {
  free(ucopies[i]);
  free(vcopies[i]);
  }
#undef u
#undef v
}       /* mp_inv */
#endif /* !OLD_MPINV */
=========================== cut 8< here =================================

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVmP6MGoFIWXVYodAQHBdgP7B9n/nep0Y1hV2ze3GMJoBpZvq0BKfT3y
EjLFvk2+z9Y3kRTqsA42lGFV0rcQwgkm588VbE7JmT/b0AvGoOm4Hqp9wEzYMfFz
iMy8fVRitUHT2VFryLpzCdRtwPzDkW62yIQUMgWcgpW05Vu+GMEgtgD70CpJbKfb
GuIT2jH6Tzc=
=UcS4
-----END PGP SIGNATURE-----





From warlord at MIT.EDU  Wed Feb  9 21:00:16 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Wed, 9 Feb 94 21:00:16 PST
Subject: Bug in PGP MPI library
In-Reply-To: <199402100406.AA10198@xtropia>
Message-ID: <9402100455.AA19351@toxicwaste.media.mit.edu>


Hi.

I took the bug.c you sent, and I built it against the mpilib and mpiio
from my PGP 2.3a sources, including all the headers from those
sources.  I did not attempt to build it against PGP Tools (its
possible that you're changes to mpi for PGP Tools have caused this
bug).

Anyways, I tried this on two different platforms with two different
byte orders.  In particular, I used a mips-ultrix and sun386i.  The
results, are the same, and show that there is no problem with PGP
2.3a, or, at least, I cannot reproduce your bug.  Sorry.

-derek





From hayden at krypton.mankato.msus.edu  Wed Feb  9 23:00:17 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Wed, 9 Feb 94 23:00:17 PST
Subject: Meeting Logs
Message-ID: <Pine.3.89.9402100037.A9822-0100000@krypton.mankato.msus.edu>


If anyone is interested, I do have some logs from tonights Cypherpunks 
virtual meeting.

It's not a perfectly clear file, as it has lots of help requests in it (I 
don't know MOO too well, but the substance is still there. 

If you want it, just drop me a line and I'll get it right off to you.  It 
is about 90k big.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From nobody at shell.portal.com  Thu Feb 10 01:22:11 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 10 Feb 94 01:22:11 PST
Subject: "national security" exception to wiretap laws
Message-ID: <199402100915.BAA08778@jobe.shell.portal.com>


 * * * * *

18 USC s 2511(2)(f):
 Nothing contained in this chapter or chapter 121, or section 705 of the
 Communications Act of 1934, shall be deemed to affect the acquisition by the
 United States Government of foreign intelligence information from international
 or foreign communications, or foreign intelligence activities conducted in
 accordance with otherwise applicable Federal law involving a foreign electronic
 communications system, utilizing a means other than electronic surveillance as
 defined in section 101 of the Foreign Intelligence Surveillance Act of 1978,
 and procedures in this chapter and the Foreign Intelligence Surveillance Act of
 1978 shall be the exclusive means by which electronic surveillance, as defined
 in section 101 of such Act, and the interception of domestic wire and oral
 communications may be conducted.

 * * * * *

 [From USCA annotations for 18 USC s 2511]

  13. Executive powers

  This chapter providing that nothing therein should be deemed to limit the
 constitutional power of the President to protect the United States against any
 clear and present danger to the structure or existence of the government did
 not constitute a grant of power and was not intended to expand, contract or
 define whatever presidential surveillance powers existed in matters affecting
 national security, but was only intended to make clear that this chapter should
 not be interpreted to limit or disturb such power as the President might have
 under the Constitution.  U.S. v. U.S. Dist. Court for Eastern Dist. of Mich.,
 Southern Division, Mich.1972, 92 S.Ct. 2125, 407 U.S. 297, 32 L.Ed.2d 752.

  Former Attorney General was entitled to qualified immunity in civil damage
 action based upon wiretaps, where sufficient facts were alleged to place
 wiretap in rational national security context.  Ellsberg v. Mitchell, 1986, 807
 F.2d 204, 257 U.S.App.D.C. 59, certiorari denied 108 S.Ct. 197, 484 U.S. 870,
 98 L.Ed.2d 148.

  Former national security council staff member's admission that he had access
 to option papers discussing possibility of Cambodian bombing operation, secret
 talks with North Vietnamese, and withdrawal of troops from Vietnam, as well as
 contingency planning in event that such steps might be taken, together with
 evidence that staff member had roomed with reporter who wrote article reporting
 classified bombing raids on Cambodia, was sufficient to establish reasonable
 national security grounds for wiretap of staff member's phone so as to entitle
 government officials who ordered wiretap to qualified immunity defense in civil
 damage action brought by staff member.  Halperin v. Kissinger, 1986, 807 F.2d
 180, 257 U.S.App.D.C. 35.

  Those provisions of this chapter which, in the context of pure intelligence-
 gathering activities, would frustrate the constitutional power of the
 President, cannot be applied to such surveillance.  (Per Wright, Circuit Judge,
 with three Judges concurring and three additional Judges concurring in the
 judgment.)  Zweibon v. Mitchell, 1975, 516 F.2d 594, 170 U.S.App.D.C. 1,
 certiorari denied 96 S.Ct. 1684, 1685, 425 U.S. 944, 48 L.Ed.2d 187.

  Restrictions upon the President's power which are appropriate in cases of
 domestic security become artificial in the context of the international
 sphere.  U.S. v. Brown, C.A.La.1973, 484 F.2d 418, certiorari denied 94 S.Ct.
 1490, 415 U.S. 960, 39 L.Ed.2d 575.

  Whatever constitutional power lies without scope of this chapter and is
 invested in chief executive to authorize warrantless surveillance for sake of
 "national security," necessary prerequisite to administration of such power is
 express approval by President or Attorney General.  U.S. v. Kearney,
 D.C.N.Y.1977, 436 F.Supp. 1108.






From wcs at anchor.ho.att.com  Thu Feb 10 01:40:17 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 10 Feb 94 01:40:17 PST
Subject: Testing
Message-ID: <9402100937.AA21635@anchor.ho.att.com>


May very well be the net software - I've also been getting lots of empty
messages.  Is toad.com disk full or something?





From drzaphod at brewmeister.xstablu.com  Thu Feb 10 02:30:18 1994
From: drzaphod at brewmeister.xstablu.com (DrZaphod)
Date: Thu, 10 Feb 94 02:30:18 PST
Subject: "national security" exception to wiretap laws
In-Reply-To: <199402100915.BAA08778@jobe.shell.portal.com>
Message-ID: <m0pUYJc-0003DdC@brewmeister.xstablu.com>


	Why do they even bother to write this stuff down.  It's clear
that the govt. is determined to get away with whatever they want.. meaning
to take our money and spy on us.  It's a waste of thought and energy
for them to pretend they're on our side.  I follow the physical laws
[as we're aware of them] only part of the time.. and I'll be damned if
I play along with their games of rape and pillage on the most grandiose of
scales.  We SHOULD be concerned with what means of encryption we can
harness to give us the best possible privacy.. NOT what encryption will
the govt. allow us to use so they can still listen whenever they want.

Suggestion: Disband the government - now THERE's a waste of bandwidth.

> 18 USC s 2511(2)(f):

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From edgar at spectrx.saigon.com  Thu Feb 10 02:40:18 1994
From: edgar at spectrx.saigon.com (Edgar W. Swank)
Date: Thu, 10 Feb 94 02:40:18 PST
Subject: SecureDrive 1.3A Verified available via mail server
Message-ID: <wi1iHc27w165w@spectrx.saigon.com>


-----BEGIN PGP SIGNED MESSAGE-----

I have just verified that SecureDrive 1.3A, previously announced
here, is available not only at the following public BBS's as
SECDR13A.ZIP:

  Eagle's Nest         (408)223-9821
  Flying Dutchman      (408)294-3065

But I have now verified that Version 1.3A may now be obtained from a
mailserver.  Send mail to

Server at Star.Hou.TX.US

with body text that looks like this

get /files/public/secdr13a.zip
quit

Please attempt to use the mailserver or the two BBS's above before
requesting a copy directly from me.

Note: Attempts to use either the above BBS's or mail server to
transmit SecureDrive 1.3A (or any strong cryptographic product)
outside the USA and/or Canada may violate USA law, which the USA
may elect to enforce by arresting violators overseas and bringing them
to the USA for trial without benefit of extradition proceedings.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVisz94nNf3ah8DHAQHG2AP9HichQaiTd1T/W+NLkmdqUGauexI2gXeh
MfyO5SVkpWDYgZzfVmZnAKv7O6OUuj87qZvxnLv4BebWV01zUJ4aml5NJM97yZm7
m/cnhzSGqEIfQifOREfsmkh5hoV4pGgBYjuVDVxpzlWog+5go1tQOcbJF8sSSzEx
Ez0iZpTGmLw=
=ZyrH
-----END PGP SIGNATURE-----

--
edgar at spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From garet.jax at nitelog.com  Thu Feb 10 04:20:24 1994
From: garet.jax at nitelog.com (Garet Jax)
Date: Thu, 10 Feb 94 04:20:24 PST
Subject: Prime Numbers
Message-ID: <cb.63753.10.0CD03CF2@nitelog.com>



I'm presently trying to generate a list of prime numbers on
a friend's 486 DX2 66mhz computer, but that is rather slow going
as you might imagine.  I'd like to get a list of all the prime
numbers up to 80 digits in length, and I know these numbers must
have already been computed by someone... atleast for cryptography
purposes.

Does anyone know where I can get such a list, or a portion thereof?

Thanks in advance,
-Garet                  {Garet.Jax at nitelog.com}





From shipley at merde.dis.org  Thu Feb 10 05:00:22 1994
From: shipley at merde.dis.org (Peter shipley)
Date: Thu, 10 Feb 94 05:00:22 PST
Subject: MIME
Message-ID: <9402101254.AA10688@merde.dis.org>


it would be nice if people who send PGP's email would also
place the appropriate "Content-Type" in there headers so
there email  in a easy manor.


		-Pete





From cme at sw.stratus.com  Thu Feb 10 05:20:22 1994
From: cme at sw.stratus.com (Carl Ellison)
Date: Thu, 10 Feb 94 05:20:22 PST
Subject: Prime Numbers
Message-ID: <199402101315.IAA16265@ellisun.sw.stratus.com>


>I'm presently trying to generate a list of prime numbers on
>a friend's 486 DX2 66mhz computer, but that is rather slow going
>as you might imagine.  I'd like to get a list of all the prime
>numbers up to 80 digits in length, and I know these numbers must
>have already been computed by someone... atleast for cryptography
>purposes.


Let us know when you're done -- or even half-way done.

Thanks,

Carl





From boone at psc.edu  Thu Feb 10 06:20:22 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Thu, 10 Feb 94 06:20:22 PST
Subject: What's a "real encryptor"?
In-Reply-To: <ghK194200awHJYq0de@andrew.cmu.edu>
Message-ID: <9402101414.AA23605@igi.psc.edu>



Matthew J Ghio <mg5n+ at andrew.cmu.edu>  writes:
>
> And a little flame: Before you put down our software, try writing some
> of your own.

  This is uncalled for.  Xenon has consistently admitted that he isn't a
  programmer and that he isn't *able* to write cryptography software.  
  In no way does that make his criticism any less valid.  Rather than wasting
  time flaming him (I know, you just flamed a little), perhaps *you* should
  write the code Xenon wants... or perhaps *I* should...

  That's like telling someone who can't read that they shouldn't criticize
  the technique that you are using to teach them to read until they have
  tried to develop their own technique to teach reading...

  Remember, no matter *how* the criticism is couched, the *real* criticism is
  that PGP doesn't have random block output mode...  All of the other verbage
  in which it was couched isn't relevant or important...  looking past the
  manner in which the complaint is presented and attempting to fix the problem
  which was the cause of the complaint is the key to good product maintainence.

  Let's help PGP become a product...

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From anonymous at extropia.wimsey.com  Thu Feb 10 06:50:23 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Thu, 10 Feb 94 06:50:23 PST
Subject: PGP Bug continued
Message-ID: <199402101431.AA15950@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

>I wish there were some easy way for me to email you back, but
>since there is not, I have to do it this way.  

I posted this on alt.security.pgp, you can followup there and avoid 
annoying anyone. Sorry about that. Or just reply in clear if you think
anyone else would be interested.

>Anyways, I took the bug.c you sent me, and I built it against
>the mpilib and mpiio from my PGP 2.3a sources, including all the
>headers from those sources.  I did not attempt to build it against
>PGP Tools (its possible that you're changes to mpi for PGP Tools have
>caused this bug).

I didn't change mpilib one bit. The date is still 5-17-93. The .h file
date is 5-9-93, so it isn't changed either.

>Anyways, I tried this on two different platforms with two different
>byte orders.  In particular, I used a mips-ultrix and sun386i.  The
>results, below, are the same, and show that there is no problem
>with PGP 2.3a, or, at least, I cannot reproduce your bug.  Sorry.

I tried it again: if you use Upton's modmult, the problem goes away. If you
use Smith's modmult, the problem exists on both dos and unix/gcc. Try 
defining SMITH and rebuilding.

                                                Pr0duct Cypher


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCUAgUBLVndssGoFIWXVYodAQEwzQP4mvhPS9vXNvMOReWespw7TYrr/ifR4XZ0
snUKn+DPeMid/d63vCy/RFxs3ccPXSV4hzANmtLeLpTSnYLgNA4QX7R1bjq+I4wy
9gGvr5BlfkDQLUT5iPkp9mnBzuwIQzBxbcz6RKoEfQUbRRWr5AE+eI8+yA5ozjcZ
wJsE9IvCtw==
=ouxg
-----END PGP SIGNATURE-----





From hughes at ah.com  Thu Feb 10 07:25:24 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 10 Feb 94 07:25:24 PST
Subject: Prime Numbers
In-Reply-To: <cb.63753.10.0CD03CF2@nitelog.com>
Message-ID: <9402101508.AA07197@ah.com>


>I'd like to get a list of all the prime
>numbers up to 80 digits in length, and I know these numbers must
>have already been computed by someone... 

I've got 3 words for you: Prime Number Theorem.

There are at least 2^74 prime numbers in that range.  A gigabyte is
2^33 bits.  

Eric





From corbet at stout.atd.ucar.EDU  Thu Feb 10 07:50:23 1994
From: corbet at stout.atd.ucar.EDU (Jonathan Corbet)
Date: Thu, 10 Feb 94 07:50:23 PST
Subject: Dorothy Denning at it again
Message-ID: <199402101546.IAA20119@stout.atd.ucar.EDU>


Just thought I would mention that if any of you haven't yet read Dorothy
Denning's contributions to the clipper debate in RISKS 15.48 you should
probably ought to do so.

Preferably on an empty stomach.

jon





From RAPH at FNALV.FNAL.GOV  Thu Feb 10 08:34:07 1994
From: RAPH at FNALV.FNAL.GOV (Jim Hawtree <raph@fnalv.fnal.gov>)
Date: Thu, 10 Feb 1994 08:34:07 -0800
Subject: WANTED: speakers on cryptography, etc.
Message-ID: <940210103317.24203ca1@FNALV.FNAL.GOV>


-----BEGIN PGP SIGNED MESSAGE-----

>Where are you giving the seminar, and to whom?

I'm talking about PGP to the Computing Dep't at Fermilab at Batavia,
Illinois where we have the largest particle accelerator in the
world (for  elemantary particle physics research). It will be Feb
22 at 2PM at the High Rise (Wilson Hall) here, in 1West. We are
open to the public, BTW. Yr all invited. We have all sort of events
and colloquia.  Batavia is about 30 miles west of Chicago, off I88.

Know anyone who could give a lecture on encryption? Hacking?
Cypherpunkiana? Security concerns? Clipper chips? I can get you a
lecture for the general public here, or for the 2000 or so
engineers, physicists and computer people here! We have lectures
and seminars for pop to esoteric topics. I'll help you spread the
word. I'm on a couple of committees here. We will be *delighted*
to find speakers.

BTW we had the US Dep't of Energy, Office of Counterintelligence
here last week talking about security. Their concern was 95%
smuggling commercially sensitive info from large companies to
foreign concerns via diplomats through their embassies to give them
an unfair advantage over us. Money talks.


(Please forward if you please to alt.security.pgp,
cypherpunks@, etc. I unsubbed from the latter due to the huge
volume of mail.)
Public key and phone by finger.

Cordially, Jim
_______________________
"We are so small between the stars
and so large against the sky
And lost among the subway crowds
I try to catch your eye..."
               ---Leonard Cohen
-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVoNXAbIRq6ena9BAQG0MgP6AqKmHfL31R7eFrY/haoKS5ftD60RhFJ5
gt8zvZ8BYdVFBxuLUTzn0b9hn1uqWP7Uvtl+q8ZR2PSGLUlGxUZhQDbAGAoX2SFE
y6c1NSIQpMfk9TotrBzzcPR38SSE3FulIks97JM3P8cxEOcsH9SoWDff8UMHFxJN
dW6XdNxShuQ=
=bPlh
-----END PGP SIGNATURE-----





From an57322 at anon.penet.fi  Thu Feb 10 08:40:21 1994
From: an57322 at anon.penet.fi (T.A.Z.)
Date: Thu, 10 Feb 94 08:40:21 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402101447.AA05957@anon.penet.fi>



Duncan Frissell wrote about an article in the London Daily Telegraph on
German neo-nazis:

[stuff deleted]

>Chip belives that 1,500 of Germany's 42,000 Righ-wing extremists use the
>Thule network which, apart from co-ordinating demonstrations, gives out
>information on such matters as how to start your own newspapers or make a
>bomb [Both equally illegal activities in the BRD -- Editor's note].


Yes, read that note again. Who cares about 42,000 right-wing extremists in
a country in which the government is so fascist to make it illegal for
someone to tell you how to start your own paper? And just in case you were
wondering: Germany is considered a democratic country. Now you know where
the US under Clinton is heading.

-=T.A.Z.

-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From klbarrus at owlnet.rice.edu  Thu Feb 10 09:00:21 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Thu, 10 Feb 94 09:00:21 PST
Subject: real encryptor
Message-ID: <9402101649.AA00123@rufous.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Matt wrote:
>Karl Lui Barrus <klbarrus at owlnet.rice.edu> wrote:
>> The program I described earlier (RSA.tar.Z) is pretty minimal.
>> Secret keys are just text, not locked by a hash of a passphrase,
>> no "name" information attached.  Public keys are the same: no
>> username attached, no web of trust, etc.  The output is in
>> binary form, with no headers or checksums or anything.
>> PGP has keyrings, this program requires you to keep track of
>> seperate public keys on your own.
>Does this program exist?  If so where can I get it?

Sorry about the confusion Matt, I had sent a letter to Xenon about his
idea for stripped PGP describing this pure RSA program, and didn't
send it to the list.

Anyway, the program RSA.tar.gz is at ghost.dsi.unimi.it in /pub/crypt.
It implements pure RSA, no IDEA session keys, no MD5 hash of a
passphrase, no checksums, no keyring, no usernames, etc.  It is about
as minimal as you can get.  Which may be perfect for your purposes :-)

Because it is just RSA, it is SLOW!!  Which is to be expected, but all
the same the amount of time required to encrypt a reasonable sized
file is surprising.  Heck, even generating a decent size key takes
quite a bit of time.  I'm sure the code could stand some
optimizations, but even still public key crypto is much slower than
secret key.

Here's what a public key from the program looks like (in fact, it's my
public key for this program):

BB56AA026595006ED21C22FE5E5DD9432285846BB000627D0CFAA4FD28960EF2
33FABB5F35102460A001C7B2E37DE93C757C3935972086AD55BC69B36C438A05
291F3B75786BA0E4B9DBF43F6B5AE799A148D779303600D007449E258A8F3ABC
BA65393C0627BE386F9
#
B6E980C29F3D38C4898541565BCFE062AA50C60E4E411379143AD905E9A0257E
424FA4324B6D0BA71E6FBAC3C18D0F6A53D35CD7C3534DDB0D07ED642A8C7239
227DE4C742F141BCAE9698426E005F3F15B2E0AED6A0F125E69FC503B6057184
9124780B096F1C3ADE5

This public key and the associated secret key correspond to about a
700 bit modulus (100 digit and 110 digit primes).  The program encodes
numbers as an ascii string, but that is it.

The output of the program is the encrypted file, which has no header
or magic byte information, etc.  Decryption takes an encrypted file
back to the original form (except it looks like it pads and doesn't
toss the padding, maybe a bug) but if you use the wrong secret key
(i.e. not encrypted for you) the program decrypts the file to junk.
Or you can decrypt junk into different junk :-)  If you edit your keys
and change a few characters, or do the same to the encrypted file, you
don't get "checksum" errors, you just get an unreadable file.

Due to the slowness of the program, I think for testing the output for
randomness one should create relatively small keys (say 20 or 30
digits max) and encrypt large files.  Of course, at these sizes, it is
much easier to factor the modulus than brute force IDEA, for example.
Also, if you want larger keys be wary of the included script which
generates keys for you; it assumes you want a small key (and thus will
mess up the generated files).

So if indeed this is nothing but RSA then it should be impossible to
tell the output of the file from random noise.  (And incidentally, I
checked out Chaitin's Algorithmic Information Theory and have tried to
read the chapter on random numbers, but let's just say that it is
extremely slow reading :) I guess that's because it builds on stuff
from previous chapters or something...)

Karl Barrus
klbarrus at owlnet.rice.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVmLfoOA7OpLWtYzAQGpjwP+NmT5R3UlAbRN6A4YCk9DwqfjL1NlbhhQ
3ZDIqbRQISrrftcxNQv5doxUQNLKiQ2WaRBfQBuowCO3/mrjocsPK7QvA5P5on0R
N40uaudEpSCoEyem+DalRRKrrtSM9qfKNWxEQyL2OAI6cuw9zSvrXT+Ih9qtqigd
wKUju6ccoLM=
=Tsrs
-----END PGP SIGNATURE-----





From solovay at math.berkeley.edu  Thu Feb 10 09:30:21 1994
From: solovay at math.berkeley.edu (Robert M. Solovay)
Date: Thu, 10 Feb 94 09:30:21 PST
Subject: Dorothy Denning at it again
In-Reply-To: <199402101546.IAA20119@stout.atd.ucar.EDU>
Message-ID: <199402101720.JAA23454@math.berkeley.edu>


Corbet writes:

Just thought I would mention that if any of you haven't yet read Dorothy
Denning's contributions to the clipper debate in RISKS 15.48 you should
probably ought to do so.

Question: How does one access RISKS 15.48

	Thanks,
		Bob Solovay





From danisch at ira.uka.de  Thu Feb 10 09:32:54 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 09:32:54 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402101727.AA08544@deathstar.iaks.ira.uka.de>


-----BEGIN PGP SIGNED MESSAGE-----

an57322 at anon.penet.fi wrote:

> a country in which the government is so fascist to make it illegal for
> someone to tell you how to start your own paper? 

Do you really believe such a nonsense ????

What kind of propaganda are you doing here?

Both right-wing and left-wing use computer networks 
(and perhaps anon.penet.fi and the cypherpunks 
mailing list... ), this is true and dangerous,
but it never was illegal to 'tell you how to start
your own paper' .



Hadmut 

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVptsGc1jG5vDiNxAQHjAwQAjJ8FlpxEqDwDHqFHbxRbwRDlHU2zsc8N
eY8HOH0xiabQDB6C1b7JoxwApdWZhDPrhvPu/PILzokuEnlha6v6eRnUW7eturgR
69t/S8vg28bwz8hm0vxDVk9KFIoBgOmjptmXdal0FzHKS0eweHwhLBn0xxiDFnNc
Z/6yxUqLrM4=
=RQyE
-----END PGP SIGNATURE-----





From rsavel at welchlink.welch.jhu.edu  Thu Feb 10 09:50:21 1994
From: rsavel at welchlink.welch.jhu.edu (Richard Savel)
Date: Thu, 10 Feb 94 09:50:21 PST
Subject: No Subject
Message-ID: <Pine.3.87.9402101258.A17227-0100000@welchlink.welch.jhu.edu>


To everyone on this list who flamed me.  The number of flames I have 
received for accidentally sending a "please take me off the list" to the 
list itself in addition to the correct list has been truly offensive.  I 
asked to be taken off this list over 1.5 weeks ago and when I still 
received mail I thought I would, like I have seen others do on this 
group, send a request to the list itself.  I have been using various 
items on the internet for years now and have never, EVER, been treated so 
poorly by a group.  Thank you all for sending me notes telling me not to 
send unsubscribe messages to the list.  I am well aware of that fact, but 
you all took up much more "bandwidth" by sending me all those flames.  


Please try and refrain from sending every person that you think is a 
newbie a flame informing them of their stupidity.

Sincerely,

Richard Savel
rsavel at welchlink.welch.jhu.edu







From tcmay at netcom.com  Thu Feb 10 10:00:21 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 10 Feb 94 10:00:21 PST
Subject: real encryptor...and Chaitin
In-Reply-To: <9402101649.AA00123@rufous.owlnet.rice.edu>
Message-ID: <199402101800.KAA25713@mail.netcom.com>



> So if indeed this is nothing but RSA then it should be impossible to
> tell the output of the file from random noise.  (And incidentally, I
> checked out Chaitin's Algorithmic Information Theory and have tried to
> read the chapter on random numbers, but let's just say that it is
> extremely slow reading :) I guess that's because it builds on stuff
> from previous chapters or something...)
> 
> Karl Barrus

Chaitin's book is indeed tough sledding! For one thing, it's meant as
a monograph, giving his proofs in condensed form. (I assume Karl is
talking about "Algorithmic Information Theory.") And his two other
books are mostly collections of papers, articles, speeches, etc. Not
very pedagogically appealing. A more useful _text_ is the new "An
Introducution to Kolmogorov Complexity and Its Applications," by Li
and Vitanyi, 1993.

However, even this book will not help much in determining whether some
random block of numbers (no pun intended) is indeed "random." Most of
these results in Kolmogorov-Chaitin complexity are of an abstract
nature, not a _computational_ nature. That is, one doesn't find much
to help in determining if a number or set of numbers is random or not.

The best measures I know of remain the simple things like _entropy_,
but for "almost all" large enough blocks, the calculated entropy is
likely to be nearly maximal (e.g., 7.999... bits per ASCII character).

As interesting as I find K-C complexity and AIT in general to
be--especially in terms of things like why Occam's Razor works, how
induction and Bayesian statistics relate to the real world, etc.--I
can't say I've seen any ways in which it helps in cryptography or
crypanalysis.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From corbet at stout.atd.ucar.EDU  Thu Feb 10 10:10:22 1994
From: corbet at stout.atd.ucar.EDU (Jonathan Corbet)
Date: Thu, 10 Feb 94 10:10:22 PST
Subject: Dorothy Denning at it again
In-Reply-To: <199402101720.JAA23454@math.berkeley.edu>
Message-ID: <199402101804.LAA22737@stout.atd.ucar.EDU>


> Question: How does one access RISKS 15.48

Hmm...I've gotten a few of these questions already.  It's been such a long
time that I've considered the Risks digest to be required reading that it
didn't occur to me to be more explicit.

Anyway, you want to read the newsgroup comp.risks; you can find the
particular digest by looking at the subject lines.

And, what the heck...for those of you who can't or don't want to to into
comp.risks, here is the article.  Enjoy.


Date: Wed, 09 Feb 1994 17:23:28 -0500 (EST)
From: denning at cs.cosc.georgetown.edu (Dorothy Denning)
Subject: Re: Campaign and Petition Against Clipper

CPSR has announced a petition campaign to oppose the Clipper initiative.  I
would like to caution people about signing the petition.  The issues are
extremely complex and difficult.  The Clipper initiative is the result of
considerable deliberation by many intelligent people who appreciate and
understand the concerns that have been expressed and who worked hard to
accommodate the conflicting interests.  The decisions that have been made were
not made lightly.

I would like to respond to some of the statements that CPSR has made
about Clipper in their campaign and petition letters:
 
     The Clipper proposal, developed in secret by the National Security
     Agency, is a technical standard that will make it easier for
     government agents to wiretap the emerging data highway.

The standard (FIPS 185) is not a standard for the Internet or any other high
speed computer network.  It is for the telephone system.  Quoting from FIPS
185: "Data for purposes of this standard includes voice, facsimile and
computer information communicated in a telephone system.  A telephone system
for purposes of this standard is limited to a system which is circuit switched
and operating at data rates of standard commercial modems over analog voice
circuits or which uses basic-rate ISDN or a similar grade wireless service."

The standard will not make it any easier to tap phones, let alone
computer networks.  All it will do is make it technically possible to
decrypt communications that are encrypted with the standard, assuming
the communications are not superencrypted with something else.  Law
enforcers still need to get a court order just to intercept the
communications in the first place, and advances in technology have made
interception itself more difficult.  The standard will make it much
harder for anyone to conduct illegal taps, including the government.

The purpose of the standard is to provide a very strong encryption algorithm -
something much stronger than DES - and to do so in a way that does not thwart
law enforcement and national security objectives.  Keys are escrowed so that
if someone uses this technology, they cannot use it against national
interests.

     Industry groups, professional associations and civil liberties
     organizations have expressed almost unanimous opposition to the
     plan since it was first proposed in April 1993.

     "The public does not like Clipper and will not accept it ..."

     The private sector and the public have expressed nearly unanimous
     opposition to Clipper.  

As near as I know, neither CPSR nor any other group has conducted any
systematic poll of industry, professional societies, or the public.  While
many people have voiced opposition, there are many more organizations and
people who have been silent on this issue.  The ACM is in the process of
conducting a study on encryption.  CPSR is a member of the study group, as am
I.  Steve Kent is chair.  Our goal is a report that will articulate the
issues, not a public statement either for or against.  The International
Association for Cryptologic Research has not to my knowledge made any official
statement about Clipper.

     The Administration ignored the overwhelming opposition of the
     general public. When the Commerce Department solicited public
     comments on the proposal last fall, hundreds of people opposed the
     plan while only a few expressed support.

Hundreds of people is hardly overwhelming in a population of 250 million,
especially when most of the letters were the same and came in through the net
following a sample letter that was sent out.
	
     The technical standard is subject to misuse and compromise. It
     would provide government agents with copies of the keys that
     protect electronic communications. "It is a nightmare for computer
     security."

I have been one of the reviewers of the standard.  We have completed our
review of the encryption algorithm, SKIPJACK, and concluded it was very
strong.  While we have not completed our review of the key escrow system, from
what I have seen so far, I anticipate that it will provide an extremely high
level of security for the escrowed keys.

     The underlying technology was developed in secret by the NSA, an
     intelligence agency responsible for electronic eavesdropping, not
     privacy protection. Congressional investigations in the 1970s
     disclosed widespread NSA abuses, including the illegal
     interception of millions of cables sent by American citizens.

NSA is also responsible for the development of cryptographic codes to protect
the nation's most sensitive classified information.  They have an excellent
track record in conducting this mission.  I do not believe that our
requirements for protecting private information are greater than those for
protecting classified information.  I do not know the facts of the 1970s
incident that is referred to here, but it sounds like it occurred before
passage of the 1978 Foreign Intelligence Surveillance Act.  This act requires
intelligence agencies to get a court order in order to intercept
communications of American citizens.  I am not aware of any recent evidence
that the NSA is engaging in illegal intercepts of Americans.

     Computer security experts question the integrity of the
     technology.  Clipper was developed in secret and its
     specifications are classified.

The 5 of us who reviewed the algorithm unanimously agreed that it was very
strong.  We will publish a final report when we complete or full evaluation.
Nothing can be concluded from a statement questioning the technology by
someone who has not seen it regardless of whether that person is an expert in
security.

     NSA overstepped its legal authority in developing the standard.  A
     1987 law explicitly limits the intelligence agency's power to set
     standards for the nation's communications network.

The 1987 Computer Security Act states that NIST "shall draw on the technical
advice and assistance (including work products) of the National Security
Agency."

     There is no evidence to support law enforcement's claims that new
     technologies are hampering criminal investigations. CPSR recently
     forced the release of FBI documents that show no such problems.

CPSR obtained some documents from a few FBI field offices.  Those offices
reported no problems.  CPSR did not get reports from all field offices and did
not get reports from local law enforcement agencies.  I can tell you that it
is a fact that new communications technologies, including encryption, have
hampered criminal investigations.  I personally commend law enforcement for
trying to get out in front of this problem.

     If the plan goes forward, commercial firms that hope to develop
     new products will face extensive government obstacles.
     Cryptographers who wish to develop new privacy enhancing
     technologies will be discouraged. 

The standard is voluntary -- even for the government.

     Mr. Rotenberg said "We want the public to understand the full
     implications of this plan.  Today it is only a few experts and
     industry groups that understand the proposal. 

I support this objective.  Unfortunately, it is not possible for most of us to
be fully informed of the national security implications of uncontrolled
encryption.  For very legitimate reasons, these cannot be fully discussed and
debated in a public forum.  It is even difficult to talk about the full
implications of encryption on law enforcement.  This is why it is important
that the President and Vice-President be fully informed on all the issues, and
for the decisions to be made at that level.  The Feb. 4 decision was made
following an inter-agency policy review, headed by the National Security
Council, that examined these issues using considerable input from industry,
CPSR, EFF, and individuals as well as from law enforcement and intelligence
agencies.  In the absence of understanding the national security issues, I
believe we need to exercise some caution in believing that we can understand
the full implications of encryption on society.

As part of the Feb. 4 announcement, the Administration announced the
establishment of an Interagency Working Group on Encryption and
Telecommunications, chaired by the White House Office of Science and
Technology Policy and National Security Council, with representatives from
Commerce, Justice, State, Treasury, FBI, NSA, OMB, and the National Economic
Council.  The group is to work with industry and public interest groups to
develop new encryption technologies and to review and refine encryption
policy.  The NRC's Computer Science and Telecommunications Board will also be
conducting a study of encryption policy.

These comments may be distributed.

Dorothy Denning, Georgetown University





From m5 at vail.tivoli.com  Thu Feb 10 10:20:21 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 10 Feb 94 10:20:21 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402101727.AA08544@deathstar.iaks.ira.uka.de>
Message-ID: <9402101813.AA01469@vail.tivoli.com>



So, just to clear this up, if you wanted to start a newspaper today,
could you simply print out a few hundred copies of whatever you wanted
to say and go out and sell it (or give it away) without any
interaction with the government?  (I don't know the answer for
Germany; I'm genuinely curious.  I hope the answer is "yes".)

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From julf at penet.fi  Thu Feb 10 10:30:21 1994
From: julf at penet.fi (Johan Helsingius)
Date: Thu, 10 Feb 94 10:30:21 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402101727.AA08544@deathstar.iaks.ira.uka.de>
Message-ID: <199402101824.AA14764@lassie.eunet.fi>



> > a country in which the government is so fascist to make it illegal for
> > someone to tell you how to start your own paper? 
> 
> Do you really believe such a nonsense ????

Of course. But did you know that in the USA it is illegal for a married couple
to have anal intercourse even in their own home? Or that it is illegal
to belong to a communist party? Or that you can get in trouble for
using the word "stewardess".

Oh yes, ;-) ;-) ;-) ;-)

	Julf






From pmetzger at lehman.com  Thu Feb 10 11:00:24 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 10 Feb 94 11:00:24 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <199402101824.AA14764@lassie.eunet.fi>
Message-ID: <199402101851.NAA20155@snark>



Johan Helsingius says:
> 
> > > a country in which the government is so fascist to make it illegal for
> > > someone to tell you how to start your own paper? 
> > 
> > Do you really believe such a nonsense ????
> 
> Of course. But did you know that in the USA it is illegal for a
> married couple to have anal intercourse even in their own home? Or
> that it is illegal to belong to a communist party? Or that you can
> get in trouble for using the word "stewardess".

You can be a member of the communist party, actually, although many
laws holding that you can be harrassed by the government for it are
still on the books. Sexual relations are governed by state law, so
only in some states are consentual acts illegal -- in many all
consentual acts between married partners are legal. However, the point
is well taken. The U.S. is not a libertarian paradise.

I will note, however, that the U.S. has far better press freedoms than
almost any other country on earth, and that Germany is pretty damn bad
about freedom of the press. I can walk into any book store in America
and buy a copy of Mein Kampf -- and although I hate Adolf Hitler's
works, I am happy that I can read them if I so choose. I cannot do
things like that in Germany.

.pm





From drzaphod at brewmeister.xstablu.com  Thu Feb 10 11:10:22 1994
From: drzaphod at brewmeister.xstablu.com (DrZaphod)
Date: Thu, 10 Feb 94 11:10:22 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402101447.AA05957@anon.penet.fi>
Message-ID: <m0pUgWO-0003DdC@brewmeister.xstablu.com>


> Germany is considered a democratic country. Now you know where
> the US under Clinton is heading.
> 
> -=T.A.Z.

	That may have been just a snide comment.. but I'll address
it anywayz... are you applying the old logic of "Germany is screwed up",
"Germany is democratic", "U.S. is democratic -- we MUST be screwed up!"
Cuz that logic doesn't work in real life.. maybe on the net, tho.  TTFN

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From qwerty at netcom.com  Thu Feb 10 11:30:23 1994
From: qwerty at netcom.com (Xenon)
Date: Thu, 10 Feb 94 11:30:23 PST
Subject: Speakers needed.
Message-ID: <199402101929.LAA13068@mail.netcom.com>


Anybody want to visit Fermi lab? I wish I could. -=Xenon=-

Forward:




From davehart at microsoft.com  Thu Feb 10 11:33:40 1994
From: davehart at microsoft.com (Dave Hart)
Date: Thu, 10 Feb 94 11:33:40 PST
Subject: Dorothy Denning at it again
Message-ID: <9402101928.AA02836@netmail2.microsoft.com>



----------
| From: Robert M. Solovay  <netmail!solovay at math.berkeley.edu>
| Subject: Dorothy Denning at it again
| Date: Thursday, February 10, 1994 9:20AM
|
| Question: How does one access RISKS 15.48

>From the RISKS digest:

Date: ongoing
From: RISKS-request at csl.sri.com
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.

 The RISKS Forum is a moderated digest.  Its USENET equivalent is comp.risks.
 PLEASE read it as a newsgroup if possible and convenient for you.
 Undigestifiers are available throughout the Internet, but not from RISKS.

 Contributions should be relevant, sound, in good taste, objective, cogent,
 coherent, concise, and nonrepetitious.  Diversity is welcome, but not
 personal attacks.  CONTRIBUTIONS to risks at csl.sri.com, with appropriate,
 substantive "Subject:" line; others may be ignored!  Contributions will not
 be ACKed; the load is too great.  **PLEASE** include your name & legitimate
 Internet FROM: address, especially .UUCP folks.  If you cannot read RISKS
 locally as a newsgroup (e.g., comp.risks), or you need help, send requests
 to risks-request at csl.sri.com (not automated).  BITNET users may subscribe
 via your favorite LISTSERV: "SUBSCRIBE RISKS".

 Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>YourName<CR>
 CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 15, j always TWO digits).
 Vol i summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>"
 logs out. The COLON in "CD RISKS:" is vital. CRVAX.SRI.COM = [128.18.30.65];
 <CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
 WAIS and bitftp at pucc.Princeton.EDU are alternative repositories.

  IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it
  via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info
  regarding fax delivery.  PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL
  RISKS COMMUNICATIONS; as a last resort you may try phone PGN at
  +1 (415) 859-2375 if you cannot E-mail risks-request at CSL.SRI.COM .

 ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
 Relevant contributions may appear in the RISKS section of regular issues
 of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.


--- davehart at microsoft.com --- Not a Microsoft spokesperson.





From mnemonic at eff.org  Thu Feb 10 11:40:22 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Thu, 10 Feb 94 11:40:22 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <199402101824.AA14764@lassie.eunet.fi>
Message-ID: <199402101934.OAA17035@eff.org>


Julf jokes:
 
> Of course. But did you know that in the USA it is illegal for a married couple
> to have anal intercourse even in their own home?

Only in some, less enlightened states. And the states that do have such
laws rarely enforce them.

>Or that it is illegal
> to belong to a communist party?

This is legal in all 50 states. It is unconstitutional to outlaw
membership in a political party.

> Or that you can get in trouble for
> using the word "stewardess".

But not legal trouble.


--Mike







From peb at PROCASE.COM  Thu Feb 10 11:50:22 1994
From: peb at PROCASE.COM (Paul Baclace)
Date: Thu, 10 Feb 94 11:50:22 PST
Subject: T.A.Z.
Message-ID: <9402101940.AA04583@ada.procase.com>



Can someone remind me where to pick up T.A.Z by Hakim Bey by ftp?  I archived
the information accidently and it is hard for me to access now...  I recall
trying to get it, but the node was down and I haven't tried again.

Paul E. Baclace
peb at procase.com
peb at well.sf.ca.us





From danisch at ira.uka.de  Thu Feb 10 11:53:30 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 11:53:30 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402101949.AA08910@deathstar.iaks.ira.uka.de>



> Of course. But did you know that in the USA it is illegal for a married couple
> to have anal intercourse even in their own home? Or that it is illegal
> to belong to a communist party? Or that you can get in trouble for
> using the word "stewardess".

In Germany we sometimes say about the USA:

What kind of state is this, where you can drive a car with 16 years,
marry with 18 years and drink your first beer with 21 years?

(and buy weapons like an army...)

regards
Hadmut ;-)






From peb at PROCASE.COM  Thu Feb 10 12:00:23 1994
From: peb at PROCASE.COM (Paul Baclace)
Date: Thu, 10 Feb 94 12:00:23 PST
Subject: MD5
Message-ID: <9402101955.AA04592@ada.procase.com>


I know this is an old question and has a simple answer, but I want to 
use MD5 and need to know if the algorithm is exporatble without any
special permissions.  I am assuming the answer is yes, but would like
some reassurance...

I'm using for message digesting, and it does *not* need to be 
crypto-secure.  If you know of other algorithms that might be
cheap and also have good bit scattering characteristics, please
let me know.  (As it is, MD5 runs at >10k lines per second for the
files I'm scanning; I need to do many, many runs of it over smaller
subsections, so the faster, the better.)

Thanks in advance for help on this,

Paul E. Baclace
peb at procase.com
peb at well.sf.ca.us





From danisch at ira.uka.de  Thu Feb 10 12:05:39 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 12:05:39 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402101955.AA08917@deathstar.iaks.ira.uka.de>



> Yes, read that note again. Who cares about 42,000 right-wing extremists in
> a country in which the government is so fascist to make it illegal for
> someone to tell you how to start your own paper? And just in case you were
> wondering: Germany is considered a democratic country. Now you know where
> the US under Clinton is heading.
> 
> -=T.A.Z.

Of course, the right-wing is a problem. But a *lot* of people care.

BTW: TAZ is the name of a german left-wing newspaper. This newspaper
exists because everyone in Germany has the right to make a newspaper.


Hadmut





From danisch at ira.uka.de  Thu Feb 10 12:20:22 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 12:20:22 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102018.AA08946@deathstar.iaks.ira.uka.de>


> I will note, however, that the U.S. has far better press freedoms than
> almost any other country on earth, and that Germany is pretty damn bad
> about freedom of the press. I can walk into any book store in America
> and buy a copy of Mein Kampf -- and although I hate Adolf Hitler's
> works, I am happy that I can read them if I so choose. I cannot do
> things like that in Germany.

I don't know at the moment whether it is allowed to sell "Mein Kampf",
but what is the question: One says that in Germany nobody cares
about the right-wing, the other says that you can't buy such books.
What do you expect? Shall we care or not? We can't fight again
right-wing people and sell such books!

I'm sure that american press freedom is not better than german ones.
Seen from Germany, american presidents elections look like a mixture
of a football game and a tv show. Is is possible that we have different
oppinions about 'democracy' ? (I'm sure german elections don't look
better for americans...)


And there is another difference:

In Germany I can get my Cryptosoftware from whereever I want,
I can give my software to whereever I want and I can write
a PhotoCD decoder. [ ;-) ]


In Germany it is always surprising what american people don't
know about Germany. How many of you think that we wear 
trousers of leather, eat Sauerkraut and have women with
blond plaits and name "Gretchen" all the time, not without
a "Kuckucksuhr" at the wall?

Hadmut





From danisch at ira.uka.de  Thu Feb 10 12:25:29 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 12:25:29 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402101946.AA08887@deathstar.iaks.ira.uka.de>


> So, just to clear this up, if you wanted to start a newspaper today,
> could you simply print out a few hundred copies of whatever you wanted
> to say and go out and sell it (or give it away) without any
> interaction with the government?  (I don't know the answer for
> Germany; I'm genuinely curious.  I hope the answer is "yes".)


Of course not without *any* interaction. You have to pay taxes if
you earn money, and 
you are not allowed to do it anonymous. Everything must contain
an address of someone responsible. In bigger papers you have
an "impressum" in small papers and pamphlets you have
a line like "responsible in the sense of press law: Joe Dalton"
And of course you will get sued or accused if you write anything
which violates law, but this depends on _what_ you are writing.


But no one forbids to do produce a newspaper. Every school has
a 'schoolpaper' (don't know how to translate well). Everyone
who thinks he has to tell anything important prints anything
on lots of paper at this University, in most cases political
(often very left-wing) themes. 

Our 'Grundgesetz', the constitution (like "Bill of rights") says
that there is no censorship. Everyone can tell his opinion
in "Word, letter and image":

Art. 5

(1) Jeder hat das Recht, seine Meinung in Wort, Schrift und Bild frei
zu �u�ern und zu verbreiten und sich aus allgemein zug�nglichen
Quellen ungehindert zu unterrichten. Die Pressefreiheit und die
Freiheit der Berichterstattung durch Rundfunk und Film werden
gew�hrleistet. Eine Zensur findet nicht statt.

(2) Diese Rechte finden ihre Schranken in den Vorschriften der
allgemeinen Gesetze, den gesetzlichen Bestimmungen zum Schutze der
Jugend und in dem Recht der pers�nlichen Ehre.

(3) Kunst und Wissenschaft, Forschung und Lehre sind frei. Die
Freiheit der Lehre entbindet nicht von der Treue zur Verfassung.


Hadmut







From warlord at MIT.EDU  Thu Feb 10 12:30:22 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 10 Feb 94 12:30:22 PST
Subject: MIME
In-Reply-To: <9402101254.AA10688@merde.dis.org>
Message-ID: <9402102028.AA21617@toxicwaste.media.mit.edu>


> it would be nice if people who send PGP's email would also
> place the appropriate "Content-Type" in there headers so
> there email  in a easy manor.

Content-Type is a MIME header.  If someone doesn't use a MIME mailer,
then this will not be added into the headers.  I don't use a MIME
mailer, therefore it won't get added to my headers.  Sorry.

-derek





From drzaphod at brewmeister.xstablu.com  Thu Feb 10 12:37:13 1994
From: drzaphod at brewmeister.xstablu.com (DrZaphod)
Date: Thu, 10 Feb 94 12:37:13 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <m0pUgWO-0003DdC@brewmeister.xstablu.com>
Message-ID: <m0pUhdL-0003DdC@brewmeister.xstablu.com>


	After reading my post on "real logic" I realized that I may come of
as saying "Germany is screwed up".. I don't feel this way.. and even if I did
I have no evidence to support it.. I was merely using the points that
TAZ supplied.. maybe some of you knew that.. but I just thought I'd clear
it up so I don't get flamed by every German on the list.. TTFN!

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From hughes at ah.com  Thu Feb 10 12:50:21 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 10 Feb 94 12:50:21 PST
Subject: MOO: on the virtual meeting
Message-ID: <9402102038.AA08134@ah.com>


I didn't get a chance to get to the virtual meeting proper last night,
but I did stop by afterwards for a while.  This morning I got a chance
to see some what was on the videotape which was left in the camera in
the meeting hall.

My praise to Arthur Chandler for setting this up.  Definitely a
worthwhile experience, expecially given the topic of the Bay Area
meeting this weekend.  I've a few comments for now, though.

-- Client software.

A must-use.  telnet is really annoying.  I point this out because
unimportant technical considerations make huge differences in
usability.

-- Speech.

A lot more people talk in the MOO than on the mailing list.  And you
thought the mailing list was loud.  People get up to speed much more
quickly on overall structure, but it's still not very good for quickly
explaining detail.

-- Time Zones.

One never forgets that real people are behind the pseudonyms because
the entering and exiting is based upon clock of bodily origin.  A
surprising intrusion into the abstract environment.

Might I suggest that some future v-meetings happen at morning hours
Pacific time, in order to allow those to the east of the Atlantic to
participate?  I heard from a dear old friend who's living in Cambridge
that he was thinking about showing up, but it was 4am local time.
A noon Pacific time meeting is 8 p.m. London time, for example.

-- Names.

A number of people were logged on, as guests, with their real names,
including me.  The authentication of guest names here, though, was
even lower than email addresses.  I was logged on as Eric_Hughes, but
anybody else could have done so as well.

A small proposal.  It would be convenient for meetings in the future,
which might be held at different locations, to have persistent
identity across MOO's.  A cryptographic identification scheme seems
appropriate.

We can't use a global naming space, since that doesn't scale.  We can,
however, nicely use a hierarchical naming space since MOO names are
assigned on a per-MOO basis.  So, for example, we could have Haakon of
Lambda or Blast of Bay.  We can also resolve conflicting common names
by the old custom of place-naming as differentiation.

Each MOO would have an identity-signing key, which would be use to
attest that a particular key was the possession of a name on that MOO.
The MOO's could distribute keys amongst themselves or use a central
signature source to sign MOO keys.

This technique would allow characters to visit other MOO's, even as
guests, and retain their identity.  These pseudonyms need not even be
issued only by MOO's.  IRC seems another source of pseudonyms, as does
the cypherpunks list.  Xenon of Cypherpunks, for example.  This same
segmentation could be used to determine the origin of objects, as in,
"This vcr is of bay-arean make."

Finally, this hierarchy could be distributed with DNS, e.g.

	bay.moo		MOO		<MOO public key>
	bay.moo		ADDRESS		mud.crl.com 8888
	blast.bay.moo	PERSON		<public key, signed>
			DESCRIPTION	"He's bald.  Very bald."

(Acknowledgements to Carl Ellison.  Here the identity is the key, and
enforced by software.)


Eric





From freeman at MasPar.COM  Thu Feb 10 13:00:22 1994
From: freeman at MasPar.COM (Jay R. Freeman)
Date: Thu, 10 Feb 94 13:00:22 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102057.AA03896@cleo.MasPar.Com>


> What kind of state is this, where you can drive a car with 16 years,
> marry with 18 years and drink your first beer with 21 years?

  It probably has to do with the perceived dangers of errors in judgement
  concerning the various activities, and I agree with your skepticism...

  The age for marriage should be set much higher.

                                                  -- Jay Freeman  ;-)





From pmetzger at lehman.com  Thu Feb 10 13:06:09 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 10 Feb 94 13:06:09 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402101955.AA08917@deathstar.iaks.ira.uka.de>
Message-ID: <199402102050.PAA20350@snark>



Hadmut Danisch says:
> 
> > Yes, read that note again. Who cares about 42,000 right-wing extremists in
> > a country in which the government is so fascist to make it illegal for
> > someone to tell you how to start your own paper? And just in case you were
> > wondering: Germany is considered a democratic country. Now you know where
> > the US under Clinton is heading.
> > 
> > -=T.A.Z.
> 
> Of course, the right-wing is a problem. But a *lot* of people care.
> 
> BTW: TAZ is the name of a german left-wing newspaper. This newspaper
> exists because everyone in Germany has the right to make a newspaper.

Could I publish a newspaper containing Nazi propaganda in Germany?

No?

Then everyone doesn't have the right to produce a newspaper, does
everyone?

I feel it is a fundamental right to be able to publish whatever
newspaper one would like to publish, and I say that as a Jew who lost
most of his family to Nazi murderers in the second world war.
Restrictions on speech ultimately backfire, providing oppressors with
mechanisms to silence opponents. Protection from Nazism must come from
strong respect for the freedom of all to express themselves and live
as they wish so long as they do not harm others, and not from
preventing the dissemination of "dangerous" ideas. Only when a neonazi
attempts to beat someone up or set fire to a building does his action
become the legitimate subject of prosecution. The oppression of
communication or of ideas, regardless of how repugnant, is
incompatible with a free society.

Perry





From matthew at wired.com  Thu Feb 10 13:10:22 1994
From: matthew at wired.com (matthew at wired.com)
Date: Thu, 10 Feb 94 13:10:22 PST
Subject: Clipper Brain Pick
Message-ID: <9402102051.AA00721@wired.com>


Here at WIRED Online we are working on promoting awareness about the
Clipper debate. Hence we are looking for suggestions regarding resources,
online and otherwise, that we can either post or reference in our online
spaces. Below is a list of the resources I have a list of already. If you
have suggestions for things to be added to the list or things to be omitted
from the list please send them to me <matthew at wired.com> Thanks.

  Matthew Nelson, aka Net.Serf


LIST OF CLIPPER RESOURCES FOR WIRED ONLINE
==========================================

newsgroups
----------
CuD (?), Bits-n-Bytes (?), EDUPAGE (?)

comp.org.eff.talk
alt.politics.datahighway
alt.privacy.clipper
alt.security.pgp
alt.activism
talk.politics.crypto
comp.risks [RISKS]

mailing lists
-------------
cypherpunks (subscribe address is cypherpunks-request at toad.com)
com-priv (subscribe address is com-priv-request at uu.psi.com)
risks at csl.sri.com (subscribe address is risks-request at csl.sri.com)



(fidonews at f23.n1.z1.fidonet.org [CuD]
imp-interest at thumper.bellcore.com  
2600 at bongo.cc.utexas.edu 
sci-crypt at cs.utexas.edu 
eff-austin at tic.com 
thesegroups at tic.com 
cni-modernization at cni.org 
extropians at extropy.org 
cypherwonks at lists.eunet.fi
fringeware at io.com 
natbbs at echonyc.com [NOMA]
futurec at uafsysb.uark.edu [future-culture]
IPCT-L at GUVM.CCF.GEORGETOWN.EDU
surfpunk at versant.com [subscribe address is surfpunk-request at versant.com])


FTP sites
---------
soda.berkeley.edu/pub/cypherpunks/clipper
ftp.eff.org/pub/EFF/Policy/Crypto/
ftp.eff.org/pub/EFF/Policy/Legislation/
ftp.eff.org/pub/Groups/outposts.faq (= a regularly updated list of
"cyberliberties" organizations)
cpsr.org /cpsr/privacy/crypto/clipper

Gophers
-------
eff.org
cpsr.org [not working]
gopher.eff.org/00/EFF/papers/Crypto/
gopher.eff.org/00/EFF/legislation/
gopher://gopher.well.com/

WWW sites
---------
ftp://ftp.eff.org/pub/EFF/Policy/Crypto/
ftp://ftp.eff.org/pub/EFF/Policy/Legislation/
gopher://gopher.eff.org/00/EFF/papers/Crypto/
gopher://gopher.eff.org/00/EFF/legislation/
http://www.eff.org/pub/EFF/Policy/Crypto/
http://www.eff.org/alerts.html
http://www.eff.org/pub/EFF/Policy/Legislation/
gopher://gopher.well.com/
file://ftp.eff.org/pub/Groups/outposts.faq (= a regularly updated list of
"cyberliberties" organizations)
http://www.acns.nwu.edu/surfpunk [surfpunk archive]


conferences
-----------
The WELL
AOL (keyword "EFF")

phone numbers
-------------
Dept. of Justice (202) 616-2771

email addresses
---------------

???







From pmetzger at lehman.com  Thu Feb 10 13:20:22 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 10 Feb 94 13:20:22 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102018.AA08946@deathstar.iaks.ira.uka.de>
Message-ID: <199402102100.QAA20373@snark>



Hadmut Danisch says:
> > I will note, however, that the U.S. has far better press freedoms than
> > almost any other country on earth, and that Germany is pretty damn bad
> > about freedom of the press. I can walk into any book store in America
> > and buy a copy of Mein Kampf -- and although I hate Adolf Hitler's
> > works, I am happy that I can read them if I so choose. I cannot do
> > things like that in Germany.
> 
> I don't know at the moment whether it is allowed to sell "Mein Kampf",
> but what is the question: One says that in Germany nobody cares
> about the right-wing, the other says that you can't buy such books.
> What do you expect? Shall we care or not? We can't fight again
> right-wing people and sell such books!

Incorrect. Those who do not understand freedom think that by
oppressing Nazis and preventing them from speaking you have somehow
protected freedom. However, in doing so, you have used the methods of
the Nazis. Becoming what you wish to stop is not an effective
strategy. If only certain ideas are permitted to be expressed, you
have reduced freedom, not increased it.

You can fight Naziism by spreading information about the evils of
Naziism. You can fight it by vigorously prosecuting those who commit
acts of violence. You can fight it by keeping your legal system free,
and not by doing things like giving in to the right wing by
prohibiting immigration to Germany. You cannot fight it by emulating
it, and censorship is one of the basic tools of Naziism.

> I'm sure that american press freedom is not better than german ones.

Untrue. In the U.S., I can start a newspaper without any licenses from
the Government, and I can print anything I wish in that newspaper
without fear of government prosecution. (I might be sued by a private
party for libel if I intentionally lie about someone, but thats quite
different.) In Germany, I cannot just open a newspaper and print, say,
Nazi editorials in it.

> Seen from Germany, american presidents elections look like a mixture
> of a football game and a tv show.

Yes, but that is a statement that the press in the U.S. is bad, not
that it is unfree. Freedom and quality are orthogonal.

> In Germany I can get my Cryptosoftware from whereever I want,

Actually, you can do that here, too. We just cant send the software
overseas.

Perry





From 68954 at brahms.udel.edu  Thu Feb 10 13:30:22 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Thu, 10 Feb 94 13:30:22 PST
Subject: T.A.Z.
In-Reply-To: <9402101940.AA04583@ada.procase.com>
Message-ID: <Pine.3.89.9402101633.A5804-0100000@brahms.udel.edu>


On Thu, 10 Feb 1994, Paul Baclace wrote:

> 
> Can someone remind me where to pick up T.A.Z by Hakim Bey by ftp?  I archived
> the information accidently and it is hard for me to access now...  I recall
> trying to get it, but the node was down and I haven't tried again.
> 
> Paul E. Baclace
> peb at procase.com
> peb at well.sf.ca.us
> 
	T.A.Z. by Hakim Bey, really one of my favorite bits o reading, 
can be found at wiretap.spies.com /Library/Documents  I believe.  It's 
called taz.txt.  Very good reading I really enjoyed it. But then again I 
liked the Hitchikers Guide and base the origin of all life on it 8)

	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From hayden at krypton.mankato.msus.edu  Thu Feb 10 13:37:19 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Thu, 10 Feb 94 13:37:19 PST
Subject: Meeting Ramblings
Message-ID: <Pine.3.89.9402101504.A26284-0100000@krypton.mankato.msus.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Just thought I'd take a few minutes to off some comments on the virtual
meeting on 2/9.
 
1)  Agenda
        There was a problem in that, while the topic of the hall was set,
        imeediately everyone launched into every other concern they had as
        well.  This led to a total confusion that eventually splintered
        the participants.

        I think that next time, there should be a set agenda, with a time
        limit for each subject.  For example
 
        10:00 - 10:25   Issues of Copyright on Usenet
        10:30 - 10:55   Remailers
        11:00 - 11:25   Anonimity on the Net
        11:30 - 11:55   DigiCash

        Thus, at 10:00, there would be a topic, at 10:25, the topic is
        wound down (either moving to another location or finishing) and
        people gear up for a topic change.  That way, if I had no
        interest in copyright, I could wait until 10:30 to sign on.

        In the meantime, if people want to talk about something other
        than the main topic, they can amble off to their own room.
        (perhaps build some 'meeting rooms' off of the main hall, and
        people can go in there, set the topic of the room and talk about
        that, while the main hall has the main topic)

2)  Speaking

        The idea of there being four people speaking at one time is good,
        but there was a problem of people getting a speaker position and
        refusing to yield, thus people never moved up the queue.  This is
        bad.  Perhaps auto-yields after 2 'says' (in case you munged the
        first) would help.

Hmm, now that I think about it, I guess that's about all.  

I really think the meeting was a good idea, and I hope it happens again 
real soon.  Just a little more organizing would have been more helpful.

Thanks to all who did this :-)


____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
- -=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVqnNp3BsrEqkf9NAQFHVAP9En8qST6+IWDncrVuT1DJRHGiKrQlRTkx
dPsZspkdyeRzTP7nQC4ga1EcFiEYICRC0ee1kh0QH6S019VsBhqDfpb6dnh/HzvM
A9+tnU7vNNPXzMfboU5/jGvS8U8C2sFkw+0bGRMyTntVT4ZvSbenu3/7rxQcovXp
0ZEAWz+WOGs=
=GlgI
-----END PGP SIGNATURE-----





From m5 at vail.tivoli.com  Thu Feb 10 13:40:24 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 10 Feb 94 13:40:24 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102018.AA08946@deathstar.iaks.ira.uka.de>
Message-ID: <9402102139.AA04298@vail.tivoli.com>



Hadmut Danisch writes:
 > I don't know at the moment whether it is allowed to sell "Mein Kampf",
 > but what is the question: One says that in Germany nobody cares
 > about the right-wing, the other says that you can't buy such books.
 > What do you expect? Shall we care or not? We can't fight again
 > right-wing people and sell such books!

Really?  So your only defense against ideas you don't like is to make
the dissemination of the ideas illegal?  Clearly there are values you
rate higher than press freedom.  (That's not necessarily bad, though I
personally don't like it.)

 > I'm sure that american press freedom is not better than german ones.

Sorry, but if you have to go to some office and ensure them you're
following the "rules of newspapers" or whatever, then that statement
is incorrect.  I can this instant decide to print out thousands of
copies of whatever I want, drive down to some public area, and start
handing out my documents (or charging for them), all without a visit
to a government office.  That's not illegal.  Only "pornographic"
material is inherently illegal to distribute (and that irks me, I
assure you) (though not because I'm interested in that line of work).

(I'll leave it to Mr. Godwin to point out the various little laws I
might break doing something like what I described above; the point
stands nevertheless.)

 > Seen from Germany, american presidents elections look like a mixture
 > of a football game and a tv show. 

What does that have to do with press freedoms?

 > (I'm sure german elections don't look better for americans...)

Actually, we don't see much about German elections; there's not enough
airtime between the football games and TV shows.

 > In Germany I can get my Cryptosoftware from whereever I want,
 > I can give my software to whereever I want and I can write
 > a PhotoCD decoder. [ ;-) ]

So can I in the US---today.  The problems spring up when I try to
export what I write.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From danisch at ira.uka.de  Thu Feb 10 13:46:26 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 13:46:26 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102126.AA09063@deathstar.iaks.ira.uka.de>



> Could I publish a newspaper containing Nazi propaganda in Germany?

What do you want to hear?

If I say yes, then you call the german Nazis. 
If I say no, then we have no press freedom in your eyes.

Give us a chance to have 'press freedom' *and* to protect us
against Nazis.

> No?
> 
> Then everyone doesn't have the right to produce a newspaper, does
> everyone?

Don't mix this! 

Whether *everyone* has the right to produce a newspaper and
whether you can print *everything* into a newspaper, are two different
things. Can we allow to print everything into a newspaper? No, not
everything. And I think, the law is well choosen. The important detail
is, that you are not forbidden to print a newspaper before, but they
can be after you *after* you have print anything bad. 
For example you are not allowed to call for hating other races,
but this is not special for the press. This is everywhere.

The limits for the press are low and they forbid themes only
which are *real* criminal [at least in my oppinion].

Look at the mailbox system used by neo-nazis. We can't allow
this. But if we take them their mailboxes away, everyone says
"The Germans don't even allow computers". You can't have both.

In the last months they found nazi-newspapers with exact descriptions
of how to build bombs and lists of people to be killed for speaking
against nazis. You do not expect us to accept this, do you?
The restrictions against such things are not a law against the 
press. It is forbidden, independend whether it comes in a newspaper
or whereever else.


> I feel it is a fundamental right to be able to publish whatever
> newspaper one would like to publish, and I say that as a Jew who lost
> most of his family to Nazi murderers in the second world war.

Again, I feel beeing pressed to an answer which will be wrong, whatever
I answer.

> Restrictions on speech ultimately backfire, providing oppressors with
> mechanisms to silence opponents. Protection from Nazism must come from
> strong respect for the freedom of all to express themselves and live
> as they wish so long as they do not harm others, and not from
> preventing the dissemination of "dangerous" ideas. 

Spoken well, but far away from reality. 

If you see 100 Nazis and 10.000 people. The 10.000 don't have a job,
don't have money, don't know what to do and are not the intellectual
elite. They have a lot of problems and don't know where the problems
came from and how to solve them. Now come 100 Nazis and tell them,
everything were the fault of ugly, stupid foreigner, which steal
their jobs, rape their women and are bad by nature, they should be
killed or thrown out. 

Now you see, that a lot of these 10.000 are going to believe this.
Many of them come from the German Democratic Republic and they learned
to believe everything anyone tells them. Other just want to beat anyone.

Do you want to do nothing and let them continue until it is too late?
Didn't we have this before?



> Only when a neonazi
> attempts to beat someone up or set fire to a building does his action
> become the legitimate subject of prosecution. 

No, then it is too late. When building are burning, people die. 
Some turkish people died because their house was set on fire. You can't
bring them back.

Can't you remember what Americans told about the Germans when the
two american sportsmen were beaten some months ago?



> The oppression of
> communication or of ideas, regardless of how repugnant, is
> incompatible with a free society.

A free society must be able to defend. If the target of the
communication is to stop the society beeing free, a free society
can't accept this. A free society must be free to *stay* free.




Hadmut






From mg5n+ at andrew.cmu.edu  Thu Feb 10 13:50:21 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Thu, 10 Feb 94 13:50:21 PST
Subject: MD5
In-Reply-To: <9402101955.AA04592@ada.procase.com>
Message-ID: <shKecrO00awTI=yF0C@andrew.cmu.edu>


Paul Baclace <peb at PROCASE.COM> wrote:

> I know this is an old question and has a simple answer, but I
> want to use MD5 and need to know if the algorithm is
> exporatble without any special permissions.  I am assuming
> the answer is yes, but would like some reassurance...

Yes, it's publically availiable internationally as RFC1321.





From nowhere at bsu-cs.bsu.edu  Thu Feb 10 14:00:26 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Thu, 10 Feb 94 14:00:26 PST
Subject: beta level pgpmail.el available for ftp
Message-ID: <9402102158.AA17508@bsu-cs.bsu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

  My emacs lisp code which interfaces PGP with sendmail.el, and
rmail.el (mail handleing packages in GNU Emacs) is now available for
(anonymous) ftp.  The URL are (I think)
FTP::/ftp.markv.com/pub/pgpmail/pgpmail.el
FTP::/ftp.markv.com/pub/pgpmail/pgpjm.el

  I concider the code to be beta level, so expect a bug or two.  Read
the first page of code for documentation.  An undocumented function
may also be of interest (but it is alpha level).  If you call
pgp-mail-add-hop while editing a mail message, it will add the correct
gubbish to route the message through (another) CP remailer.  As I did
with this message.

j'
- --
		   O I am Jay Prime Positive jpp at markv.com
1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5  89 C9 F0 FE B4 3A 2C 3F
 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED  66 23 F1 71 DE FF 51 48
Public keys via `finger jpp at markv.com', or mail to pgp-public-keys at pgp.mit.edu
Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com

-----BEGIN PGP SIGNATURE-----
iQBXAgUBLVqsbNC3U5sdKpFdAQFxvwIMC09zdCWnDJkZOVhzG9l65iWHiADVwblq
4jm7gDt3Lq2rgjTrvp4n2EZQHsqbBhHGNRyzw50s21GFupVfZfaZPelK
-----END PGP SIGNATURE-----





From danisch at ira.uka.de  Thu Feb 10 14:10:21 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 14:10:21 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102154.AA09132@deathstar.iaks.ira.uka.de>



Perry E. Metzger says:

> Incorrect. Those who do not understand freedom think that by
> oppressing Nazis and preventing them from speaking you have somehow
> protected freedom. However, in doing so, you have used the methods of
> the Nazis. 

If a murderer tries to kill you and you have a gun, you will shoot
back, I assume, even if you use the same method as him.


> You can fight Naziism by spreading information about the evils of
> Naziism. 

I wish it were true. They were trying this for many years. We all thought
that Naziism will never come back because the lesson (WW II) was big enough.
But it didn't work as you can see in the news magazines. 

What do you believe, is it a good idea to publish software like PGP
if it is used by the Nazis to organize their work?




> You can fight it by vigorously prosecuting those who commit
> acts of violence. 

If you can get them...



> 
> > I'm sure that american press freedom is not better than german ones.
> 
> Untrue. In the U.S., I can start a newspaper without any licenses from
> the Government, and I can print anything I wish in that newspaper
> without fear of government prosecution. (I might be sued by a private
> party for libel if I intentionally lie about someone, but thats quite
> different.) In Germany, I cannot just open a newspaper and print, say,
> Nazi editorials in it.

Untrue. In Germany, I can do the very same. And I do not get
sued by private party with lawyers who want to get some millions
of dollars. And whether you are allowed to open your Nazi editorial
depends on what you understand under "Nazi".

In this discussion "Nazi" is everything from an idea to settings buildings
on fire. If I say allow, they say I would allow killing people. If I forbid,
they say I forbid to publish ideas. Tell me what is "Nazi" in your argument.



> > Seen from Germany, american presidents elections look like a mixture
> > of a football game and a tv show.
> 
> Yes, but that is a statement that the press in the U.S. is bad, not
> that it is unfree. Freedom and quality are orthogonal.

Untrue. A press without freedom can't be good. And if your press is bad
and not interested in publishing anything real, then of course you don't
need to control it. But this is neither freedom nor quality.


> > In Germany I can get my Cryptosoftware from whereever I want,
> 
> Actually, you can do that here, too. We just cant send the software
> overseas.

I can publish everything about Cryptography and publish it everywhere
over the world.

I can publish newpapers with nude girls on the front. Is this possible
in your country?

As far as I know in your country a lot of things are controlled by
religious groups. Is this freedom?


Hadmut





From danisch at ira.uka.de  Thu Feb 10 14:30:22 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 14:30:22 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102226.AA09203@deathstar.iaks.ira.uka.de>



Mike McNally writes:

> Really?  So your only defense against ideas you don't like is to make
> the dissemination of the ideas illegal?  Clearly there are values you
> rate higher than press freedom.  (That's not necessarily bad, though I
> personally don't like it.)

I never said this. Why do you think it is the only defense?
Why do you all mix ideas with calls for killing people?
Isn't it a difference whether I publish an idea or whether
I pray killing people? Is this allowed in your country?

You all seem to have a nice patent for defense against
Nazis. Why don't you tell/sell us this patent? It could
be very helpfull. 

Don't you believe that we are interested in a free press?
Don't you believe that we want to fight against Naziism?
How do you fight against your Nazis?



> Sorry, but if you have to go to some office and ensure them you're
> following the "rules of newspapers" or whatever, then that statement
> is incorrect.  


Arrrrrghl!  Stop this stupid tale! Do you want to play silly games
with me? Who did you tell that you have to go to any office in germany?





> I can this instant decide to print out thousands of
> copies of whatever I want, drive down to some public area, and start
> handing out my documents (or charging for them), all without a visit
> to a government office.  That's not illegal.  Only "pornographic"
> material is inherently illegal to distribute .

Exactly the same as in Germany! Many people do this! We printed papers
at the school, we print papers at the university, we do it everywhere.
Print anything with your computer, go to the next copy-machine. Print
as much as you can pay and carry and give it to everyone you want. It
happens nearly every day. When I began to study at this university I
got my half bag full of papers in the mensa every day. Meanwhile they
are printing less because noone reads them all, you can't read them
all, they are too many. At the first day at this university I got
invitations from two groups of homosexual groups, one invitiation of
the lesbians group, about 20 invitations of political groups and
a lot of paper I didn't even look at. 




>  > Seen from Germany, american presidents elections look like a mixture
>  > of a football game and a tv show. 
> 
> What does that have to do with press freedoms?

What is the use of press freedom if the press doesn't use it?




> Actually, we don't see much about German elections; there's not enough
> airtime between the football games and TV shows.

I'm sure you don't see much about Germany at all. Where did you get
all those stories?


> So can I in the US---today.  The problems spring up when I try to
> export what I write.

Is this what you call press freedom?

Hadmut





From 68954 at brahms.udel.edu  Thu Feb 10 14:40:27 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Thu, 10 Feb 94 14:40:27 PST
Subject: Returned mail: Host unknown (Name server: host not found) (fwd)
Message-ID: <Pine.3.89.9402101755.A5700-b110000@brahms.udel.edu>



	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----



To: cypherpunks at taod.com
Subject: Re: Oh No! Nazis on the Nets
From: Grand Epopt Feotus <68954 at brahms.udel.edu>
Date: Thu, 10 Feb 1994 17:31:50 -0500 (EST)
In-Reply-To: <9402102018.AA08946 at deathstar.iaks.ira.uka.de>


	Hehe, well I can give my software to whomever I want too 8)


	Hmm, let's try to keep this from becoming the "This is Your 
Democracy Forum" and generating a "my system of govt is better than 
yours" cause that doesnt really accomplish much.  And besides, we all 
know that no govt is goo govt 8)


	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From m5 at vail.tivoli.com  Thu Feb 10 14:44:27 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 10 Feb 94 14:44:27 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102226.AA09203@deathstar.iaks.ira.uka.de>
Message-ID: <9402102236.AA04643@vail.tivoli.com>



Hadmut Danisch writes:
 > I never said this. Why do you think it is the only defense?

Oh, well, I guess I don't suppose that's what you meant.

 > Why do you all mix ideas with calls for killing people?

Because the latter is a class of the former?

 > Isn't it a difference whether I publish an idea or whether
 > I pray killing people? Is this allowed in your country?

Well, I suppose there are some extremes which could get you in trouble
(like, in particular, something directly threatening to the President,
though I've never completely understood the Constitutional
justification for such a thing).  I don't think "Mein Kampf" is
anywhere near the extreme.  It's hateful and wrong, but it is a book
of ideas and deserves to be available.

 > Don't you believe that we are interested in a free press?
 > Don't you believe that we want to fight against Naziism?
 > How do you fight against your Nazis?

Not by restricting press freedoms.

 > Arrrrrghl!  Stop this stupid tale! Do you want to play silly games
 > with me? Who did you tell that you have to go to any office in germany?

You did!  I'm not trying to be inflammatory; that's what I thought you
said!  I asked whether anybody could print a newspaper, and you said
something like "as long as they register" or something.  Perhaps I
misunderstood; I foolishly did not save your note.

 > Print as much as you can pay and carry and give it to everyone you
 > want.

Oh; OK, then I take it back.  I wish I had saved the note you wrote
earlier; I must have severely misinterpreted it.

 > What is the use of press freedom if the press doesn't use it?

Well, that's sort of a different problem.  There are outlets for a
wide variety of ideas, but they're not the major news networks or
newspapers.

 > I'm sure you don't see much about Germany at all. Where did you get
 > all those stories?

As I said, I simply misinterpreted what you wrote.

 > > So can I in the US---today.  The problems spring up when I try to
 > > export what I write.
 > 
 > Is this what you call press freedom?

Actually, no; I don't call it that.  One of the reasons I'm "here" is
that I don't like the restrictions!

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From pmetzger at lehman.com  Thu Feb 10 14:50:23 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 10 Feb 94 14:50:23 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102126.AA09063@deathstar.iaks.ira.uka.de>
Message-ID: <199402102247.RAA20412@snark>



Hadmut Danisch says:
> 
> > Could I publish a newspaper containing Nazi propaganda in Germany?
> 
> What do you want to hear?
> 
> If I say yes, then you call the german Nazis. 

Untrue. In the U.S., you can publish a communist newspaper. Are
americans communists? No. You can also publish a Nazi newspaper. Are
americans all Nazis? No.

> If I say no, then we have no press freedom in your eyes.
> 
> Give us a chance to have 'press freedom' *and* to protect us
> against Nazis.

You can't do that via censorship.

> > No?
> > 
> > Then everyone doesn't have the right to produce a newspaper, does
> > everyone?
> 
> Don't mix this! 

Why not?

> Whether *everyone* has the right to produce a newspaper and
> whether you can print *everything* into a newspaper, are two different
> things.

Ultimately they aren't.

> Can we allow to print everything into a newspaper? No, not
> everything.

In the U.S., I can print everything in a newspaper. The only exception
that has any significance is that if I print a story that deliberately
(note the word deliberately) lies about someone with intent to cause
them harm, they can sue me. However, the government cannot in and of
itself intervene in the content of newspapers.

> For example you are not allowed to call for hating other races,
> but this is not special for the press. This is everywhere.

Indeed, but this is in contrast to the U.S., where you are allowed to
say anything you like.

> > Restrictions on speech ultimately backfire, providing oppressors with
> > mechanisms to silence opponents. Protection from Nazism must come from
> > strong respect for the freedom of all to express themselves and live
> > as they wish so long as they do not harm others, and not from
> > preventing the dissemination of "dangerous" ideas. 
> 
> Spoken well, but far away from reality. 
> 
> If you see 100 Nazis and 10.000 people. The 10.000 don't have a job,
> don't have money, don't know what to do and are not the intellectual
> elite. They have a lot of problems and don't know where the problems
> came from and how to solve them. Now come 100 Nazis and tell them,
> everything were the fault of ugly, stupid foreigner, which steal
> their jobs, rape their women and are bad by nature, they should be
> killed or thrown out. 
> 
> Now you see, that a lot of these 10.000 are going to believe this.
> Many of them come from the German Democratic Republic and they learned
> to believe everything anyone tells them. Other just want to beat anyone.
> 
> Do you want to do nothing and let them continue until it is too late?
> Didn't we have this before?

The problem is not free speech. The problem is the cultural notion
that it is right and proper for the government to intervene in
people's lives to "fix things". What you are doing is enforcing that
concept. It is not up to you to dictate what those 10,000 people are
allowed to read. They are adults and deserve the same consideration
that everyone deserves.

On the other hand, what you are doing is teaching the 10,000 people
that it is right and proper to oppress ideas as evil, to ban words, to
throw people in jail for what they have to say. You are also making
them far more interested than they otherwise would be in these words
that you will not let them hear. You are also creating a legal regime
under which when totalitarians take power they can ban the words of
democrats USING MECHANISMS THAT DEMOCRATS PUT INTO PLACE.

You are not succeeding via this method in stopping the spread of
totalitarianism. What you are doing, however, is succeeding in
becoming a totalitarian.

> > Only when a neonazi
> > attempts to beat someone up or set fire to a building does his action
> > become the legitimate subject of prosecution. 
> 
> No, then it is too late. When building are burning, people die. 
> Some turkish people died because their house was set on fire. You can't
> bring them back.

You seem to have missed an obvious point: the people are dying right
now even with censorship. Obviously censorship of neonazi propaganda
has not succeeded in stopping the murders. On the other hand, other
countries like the U.S. have not had widespread attacks against
foreigners in spite of the fact that I can pick up any sort of book I
want at any bookstore. Is it your contention that Germans are
irrational beings seperate from the rest of the human race that cannot
be trusted to make up their own mind about the evils of Naziism?

Since censorship has not stopped the right in Germany, perhaps you
could try the alternative approach, which is to try to convince people
that Naziism is wrong?

> > The oppression of
> > communication or of ideas, regardless of how repugnant, is
> > incompatible with a free society.
> 
> A free society must be able to defend. If the target of the
> communication is to stop the society beeing free, a free society
> can't accept this. A free society must be free to *stay* free.

Once you stop communication, you are not free any more. You have
already lost.

Perry





From pmetzger at lehman.com  Thu Feb 10 15:00:23 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 10 Feb 94 15:00:23 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402101946.AA08887@deathstar.iaks.ira.uka.de>
Message-ID: <199402102250.RAA20421@snark>



Hadmut Danisch says:
> > So, just to clear this up, if you wanted to start a newspaper today,
> > could you simply print out a few hundred copies of whatever you wanted
> > to say and go out and sell it (or give it away) without any
> > interaction with the government?  (I don't know the answer for
> > Germany; I'm genuinely curious.  I hope the answer is "yes".)
> 
> 
> Of course not without *any* interaction. You have to pay taxes if
> you earn money, and you are not allowed to do it
> anonymous. Everything must contain an address of someone
> responsible.

In the U.S., it is perfectly lawful for me to print a newspaper
ANONYMOUSLY, and sell it on streetcorners. Indeed, I may print
anything I wish anonymously, be it a book, a magazine, or a newspaper.

> But no one forbids to do produce a newspaper. Every school has
> a 'schoolpaper' (don't know how to translate well). Everyone
> who thinks he has to tell anything important prints anything
> on lots of paper at this University, in most cases political
> (often very left-wing) themes. 

Do you not have to register your newspaper?

> Our 'Grundgesetz', the constitution (like "Bill of rights") says
> that there is no censorship. Everyone can tell his opinion
> in "Word, letter and image":

Unless the words happen to be about Naziism, I take it, or about any
other ideology considered "dangerous".

Perry





From danisch at ira.uka.de  Thu Feb 10 15:10:24 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 15:10:24 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102306.AA09283@deathstar.iaks.ira.uka.de>



Perry E. Metzger says:

> In the U.S., it is perfectly lawful for me to print a newspaper
> ANONYMOUSLY, and sell it on streetcorners. Indeed, I may print
> anything I wish anonymously, be it a book, a magazine, or a newspaper.


So? If you find a paper with YOUR face, YOUR name and big 
letters KILL THIS MAN FOR BEING A JEW, would you think
this is okay?

Would you give out PGP for mailing such calls encyphered?

> Do you not have to register your newspaper?

No, we don't. This is not true. Who told you this tale?


Is it "freedom of press" if someone tells american people
that germans would have to register their newspapers?


Hadmut





From wcs at anchor.ho.att.com  Thu Feb 10 15:14:35 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 10 Feb 94 15:14:35 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102300.AA04909@anchor.ho.att.com>


> From: danisch at ira.uka.de (Hadmut Danisch)

>From what Hadmut says, it appears that German law is as confused
as American law about whether freedom of the press means freedom 
of the press or not.

> you are not allowed to do it anonymous. Everything must contain
> an address of someone responsible. In bigger papers you have

There are sometimes laws about this in the US, but if I remember correctly
the courts say they are unconstitutional.  They do suppress freedom
of speech and press, because they impose restrictions on content,
and because they make it easy for the government to find and
harass writers who oppose it.

> an "impressum" in small papers and pamphlets you have
> a line like "responsible in the sense of press law: Joe Dalton"
> And of course you will get sued or accused if you write anything
> which violates law, but this depends on _what_ you are writing.

In the US, you can get sued for saying untrue things about
people, except public figures, but only the victim can sue.
There are not supposed to be other writings which violate law,
but even so they make and enforce laws against pornography,
and in the past even speaking out against government policy
has been made illegal (Schenck case in World War 1, writing
pamphlets against the draft before there was one.)

What kinds of things are illegal to write in Germany?

Grundsetz 
> Art. 5
> (1) Jeder hat das Recht, seine Meinung in Wort, Schrift und Bild frei
> zu du_ern und zu verbreiten und sich aus allgemein zugdnglichen
> Quellen ungehindert zu unterrichten. Die Pressefreiheit und die
> Freiheit der Berichterstattung durch Rundfunk und Film werden
> gewdhrleistet. Eine Zensur findet nicht statt.
> 
> (2) Diese Rechte finden ihre Schranken in den Vorschriften der
> allgemeinen Gesetze, den gesetzlichen Bestimmungen zum Schutze der
> Jugend und in dem Recht der persvnlichen Ehre.

I couldn't translate (2) - does this say they can make laws to protect
the young people from bad ideas and protect personal honor/reputation?

[From earlier mail ]

>  I don't know at the moment whether it is allowed to sell "Mein Kampf",
>  but what is the question: One says that in Germany nobody cares
>  about the right-wing, the other says that you can't buy such books.
>  What do you expect? Shall we care or not? We can't fight again
>  right-wing people and sell such books!

Of course you can fight against them without censorship - the weapon
to use is truth, said often and loudly.  If you use the violence
of censorship a against themyou are using their tools and you are
no better than them.  You also say, by censoring books, that the
common people are fools who can not tell the difference between
truth and lies.

>  I'm sure that american press freedom is not better than german ones.
>  Seen from Germany, american presidents elections look like a mixture
>  of a football game and a tv show. Is is possible that we have different
Seen from America, that's what they look like too :-)

>  oppinions about 'democracy' ? (I'm sure german elections don't look
>  better for americans...)
We usually don't see German elections in US news.  Sometimes stories
about the rise of the right wing or Greens, and sometimes the results
of the elections.

>  In Germany it is always surprising what american people don't
>  know about Germany. How many of you think that we wear 
>  trousers of leather, eat Sauerkraut and have women with
>  blond plaits and name "Gretchen" all the time, not without
>  a "Kuckucksuhr" at the wall?

When I was last there, I ate lots of Sauerkraut and beer,
and there were some blond women on the S-Bahn, but nobody in
Lederhosen.  People did bring dogs on the train...  :-)





From pmetzger at lehman.com  Thu Feb 10 15:17:24 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 10 Feb 94 15:17:24 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102154.AA09132@deathstar.iaks.ira.uka.de>
Message-ID: <199402102259.RAA20434@snark>



Hadmut Danisch says:
> 
> Perry E. Metzger says:
> 
> > Incorrect. Those who do not understand freedom think that by
> > oppressing Nazis and preventing them from speaking you have somehow
> > protected freedom. However, in doing so, you have used the methods of
> > the Nazis. 
> 
> If a murderer tries to kill you and you have a gun, you will shoot
> back, I assume, even if you use the same method as him.

I will indeed shoot at anyone that is trying to shoot at me. Tell me,
are the Nazis currently censoring you in Germany? In any case,
reasoning by analogy is specious. My point was very simple: a free
country is one in which people may speak their mind. You cannot keep a
country free by imposing censorship; it is a contradiction in terms.

> > You can fight Naziism by spreading information about the evils of
> > Naziism. 
> 
> I wish it were true. They were trying this for many years. We all thought
> that Naziism will never come back because the lesson (WW II) was big enough.
> But it didn't work as you can see in the news magazines. 

Using your own criterion, the censorship hasn't worked either.

> What do you believe, is it a good idea to publish software like PGP
> if it is used by the Nazis to organize their work?

Let us say rather that it is not possible to prevent cryptographic
software from being used by Nazis and I would rather see it available
to all rather than to be used only by the Nazis. Any system which
could stop Nazis from using cryptographic software would involve so
much wholesale monitoring of all communications as to eliminate the
benefits of fighting Naziism.

It is not enough to defeat the Nazis -- one must also avoid destroying
the thing which one wants to preserve, which is freedom. If the price
of destroying Nazis is to destroy the thing you were trying to
protect, you have done no good.

> > You can fight it by vigorously prosecuting those who commit
> > acts of violence. 
> 
> If you can get them...

One has no choice but to try.

> > > I'm sure that american press freedom is not better than german ones.
> > 
> > Untrue. In the U.S., I can start a newspaper without any licenses from
> > the Government, and I can print anything I wish in that newspaper
> > without fear of government prosecution. (I might be sued by a private
> > party for libel if I intentionally lie about someone, but thats quite
> > different.) In Germany, I cannot just open a newspaper and print, say,
> > Nazi editorials in it.
> 
> Untrue. In Germany, I can do the very same. And I do not get
> sued by private party with lawyers who want to get some millions
> of dollars. And whether you are allowed to open your Nazi editorial
> depends on what you understand under "Nazi".

Are you telling me that if I were to write in a newspaper "all Turks
should be killed" that this would be legal under German law? I was
under the impression that you cannot.

> > > Seen from Germany, american presidents elections look like a mixture
> > > of a football game and a tv show.
> > 
> > Yes, but that is a statement that the press in the U.S. is bad, not
> > that it is unfree. Freedom and quality are orthogonal.
> 
> Untrue. A press without freedom can't be good.

Then by definition yours cannot be good, because yours is unfree.

> I can publish newpapers with nude girls on the front. Is this possible
> in your country?

Yes. In fact, many magazines are published with nude women in front.
You may have difficulty finding places willing to sell them, however.

> As far as I know in your country a lot of things are controlled by
> religious groups. Is this freedom?

Religious groups control religious institutions. They do not control
our government. Is it your contention that religious groups do not
control your religious institutions? In any case, what does this have
to do with freedom? If one chooses to go to a church, for instance,
what is wrong with that per se?

Perry





From danisch at ira.uka.de  Thu Feb 10 15:30:25 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 15:30:25 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102321.AA09323@deathstar.iaks.ira.uka.de>


> I will indeed shoot at anyone that is trying to shoot at me. Tell me,
> are the Nazis currently censoring you in Germany? 

Boy, what a comparison. I assume you are defending against
bank robbery by taking them their money...




> My point was very simple: a free
> country is one in which people may speak their mind. 

A free country is a country where weak people can be
protected before bad people with bad ideas speaking their
mind. If the USA was a free country, you wouldn't have
so many murders by gun.

Is it an essential part of freedom to be free to attack
everyone?



> You cannot keep a
> country free by imposing censorship; it is a contradiction in terms.

You cannot keep a country free by allowing everyone doing whatever 
they want; this is a contradiction in terms.




> > I wish it were true. They were trying this for many years. We all thought
> > that Naziism will never come back because the lesson (WW II) was big enough.
> > But it didn't work as you can see in the news magazines. 
> 
> Using your own criterion, the censorship hasn't worked either.

We  DO NOT HAVE CENSORSHIP!!!

(How many times do I have to repeat?)


 "Let them do what they want" didn't work.



> > If you can get them...
> 
> One has no choice but to try.

Don't you believe that we are trying? Do you think we are
stupid?



> Are you telling me that if I were to write in a newspaper "all Turks
> should be killed" that this would be legal under German law? I was
> under the impression that you cannot.

It is illegal, because it is "Anstiftung zum Mord", instigation for murder.
This has nothing to do with press.
Do you want to tell me that this is allowed in the USA? 
Do you want to tell me this is good?



 
> Then by definition yours cannot be good, because yours is unfree.

Your are talking the hole time about things you don't know.
What pieces of german press did you read?


 
> Yes. In fact, many magazines are published with nude women in front.
> You may have difficulty finding places willing to sell them, however.

Isn't this a kind of censorship? Is this "can publish whatever I want"?


 
Hadmut





From danisch at ira.uka.de  Thu Feb 10 15:40:25 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Thu, 10 Feb 94 15:40:25 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102338.AA09377@deathstar.iaks.ira.uka.de>



Hi everyone,

at the moment the mails for this thread are
coming faster than I am able to write. It's
0.30 a.m. in Germany and I will go home now.

At the moment I have 5 mails in the box which
should be answered in my opinion, but [6 mails now]
I will continue tomorrow.

Sleep well and have a good night all you Cypherpunks

Hadmut :-)

[7 mails now]







From pmetzger at lehman.com  Thu Feb 10 15:43:10 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 10 Feb 94 15:43:10 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102139.AA04298@vail.tivoli.com>
Message-ID: <199402102332.SAA20456@snark>



Mike McNally says:
> Sorry, but if you have to go to some office and ensure them you're
> following the "rules of newspapers" or whatever, then that statement
> is incorrect.  I can this instant decide to print out thousands of
> copies of whatever I want, drive down to some public area, and start
> handing out my documents (or charging for them), all without a visit
> to a government office.  That's not illegal.  Only "pornographic"
> material is inherently illegal to distribute (and that irks me, I
> assure you) (though not because I'm interested in that line of work).

I'll remind you that the supreme court has held that text-only works
can not be held to be obscene. You can write anything you want,
including explicit descriptions of sodomizing dead children, and it
can not be censored.

Perry





From pmetzger at lehman.com  Thu Feb 10 15:45:46 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 10 Feb 94 15:45:46 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102306.AA09283@deathstar.iaks.ira.uka.de>
Message-ID: <199402102336.SAA20476@snark>



Hadmut Danisch says:
> 
> Perry E. Metzger says:
> 
> > In the U.S., it is perfectly lawful for me to print a newspaper
> > ANONYMOUSLY, and sell it on streetcorners. Indeed, I may print
> > anything I wish anonymously, be it a book, a magazine, or a newspaper.
> 
> 
> So? If you find a paper with YOUR face, YOUR name and big 
> letters KILL THIS MAN FOR BEING A JEW, would you think
> this is okay?

You are asking if I think it is okay, which is different from asking
if it should be legal. I don't think its "okay" to advocate, say,
Naziism. However, I don't see that it should be ILLEGAL to advocate
Naziism. If a newspaper published an article saying that jews should
be killed, I would indeed say that this should be legal. I'm quite
certain that I dislike it.

Perry





From mimir at illuminati.io.com  Thu Feb 10 15:50:26 1994
From: mimir at illuminati.io.com (Al Billings)
Date: Thu, 10 Feb 94 15:50:26 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102226.AA09203@deathstar.iaks.ira.uka.de>
Message-ID: <Pine.3.05.9402101701.B15204-a100000@illuminati.io.com>


On Thu, 10 Feb 1994, Hadmut Danisch wrote:

> Don't you believe that we are interested in a free press?
> Don't you believe that we want to fight against Naziism?
> How do you fight against your Nazis?

We put them in jail WHEN THEY BREAK THE LAW. Before that, they have the
same rights as everyone else. Try it, you might like it.




--
(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)
| Al Billings aka Grendel Grettisson        | "You are, each one, a priest,  |
| mimir at io.com                              |      Just for yourself."       |
| Sysop of The Sacred Grove (206)322-5450   |                                |
| Admin for Troth, The Asatru E-Mail List   |             -Noble Drew Ali-   |
(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)







From freeman at MasPar.COM  Thu Feb 10 16:00:26 1994
From: freeman at MasPar.COM (Jay R. Freeman)
Date: Thu, 10 Feb 94 16:00:26 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <9402102353.AA04156@cleo.MasPar.Com>


This thread becomes non-cryptographic; perhaps it should be moved elsewhere?





From mcb at net.bio.net  Thu Feb 10 16:07:11 1994
From: mcb at net.bio.net (Michael C. Berch)
Date: Thu, 10 Feb 94 16:07:11 PST
Subject: Commodity Jurisdiction success for Kerberos Bones!
Message-ID: <199402102356.PAA01369@net.bio.net>


John Gilmore wrote (a week or so back):
> Re:
> REQUEST FOR COMMODITY JURISDICTION FOR:  "Kerberos 900104
> bones.tar.Z patchlevel 6" software program
> [...]
> I encourage people and companies who are interested in export issues
> to submit a commodity jurisdiction request for some software that you
> want to export, and go through the process.  In public.  The State
> Department and NSA don't publish their guidelines for what is exportable
> and what isn't, so the only way we-the-public are going to find out
> is by asking, and then telling each other.

Are these guidelines, which are undoubtedly written down *somewhere*,
exempt from disclosure under FOIA?   If not, then this might be good
way to go; if the claim of exemption appears weak, it may be worth
litigating.  Getting actual disclosure of the guidelines may be worth
quite a bit, since not only does it inform us-the-public about the
rules, it can make it easier to sue the government for not abiding by
its own rules (if it violates them). 

--
Michael C. Berch
mcb at net.bio.net / mcb at postmodern.com





From mech at eff.org  Thu Feb 10 16:10:25 1994
From: mech at eff.org (Stanton McCandlish)
Date: Thu, 10 Feb 94 16:10:25 PST
Subject: FLASH: Vice President Gore Questions Current Key Escrow Policy!
Message-ID: <199402102355.SAA22541@eff.org>


National Information Infrastructure Advisory Committee met today in
Washington at the Old Executive Office Building.  In comments made after a
question and answer period,  Vice President Al Gore said that key escrow
policy announced last Friday (2/4/94) had serious flaws and that he hope
the issue of who holds the keys and under what terms would be given more
serious, careful consideration.  

Gore made it clear that some amount of control of cryptography technology
was necessary for national security.  However, the key escrow policies
announced by the Departments of Justice, Commerce & State, and the NSA,
were "low level decisions" that got out before thorough analysis.  In a
conversation with Mitchell Kapor, Esther Dyson, and Mike Nelson (of the
White House Staff), Gore said that he would prefer that the keys be held by
some part of the Judiciary branch, or perhaps even by trusted, private
escrow agents.  He made it clear that he believed that the escrow agents
named in last Friday's announcement (National Institute of Standards &
Technology and the Treasure Department) were no appropriate key holders. 
Mike Nelson also indicated that there was real interest in a software-based
escrow system instead of the hardware-based SKIPJACK standard

Those of us who heard Gore were quite surprised.  His remarks suggest that
the key escrow policies to date do not have full support of the White
House.

Still, Gore was quite firm in asserting that some control of encryption
technology is essential to national security.  "Encryption and codebreaking
have determined the outcome of world wars.  He stated (incorrectly) that
most our industrialized allies place must stricter controls in encryption
that the US does.  In fact, almost all COCOM countries allow the export of
DES-based products, though some do not allow DES to be imported.

The whole question of encryption was raised when Mitchell Kapor told the
Vice President that over half of the Advisory Council members had serious
reservations about the current Clipper/Skipjack policies.  Gore and Kapor
agreed that the Advisory Council should be used to have a serious dialogue
about encryption policy.  Given Gore's departure from the current Clipper
proposals, there might actually be something to talk about.

==========
NOTE: This DOES NOT mean that Clipper is going away.  Part of stopping
Clipper is to lift export controls on encryption and enable US companies to
start producing products that enable all of us to protect our privacy with
strong encryption.

I urge you to write to Rep. Cantwell today at cantwell at eff.org. In the
Subject header of your message, type "I support HR 3627." In the body of
your message, express your reasons for supporting the bill. EFF will
deliver printouts of all letters to Rep. Cantwell. With a strong showing
of support from the Net community, Rep. Cantwell can tell her colleagues
on Capitol Hill that encryption is not only an industry concern, but also
a grassroots issue. *Again: remember to put "I support HR 3627" in your
Subject header.*

P.S. If you want additional information about the Cantwell bill, send
e-mail to cantwell-info at eff.org. To join EFF, write membership at eff.org.
For introductory info about EFF, send any message to info at eff.org.

The text of the Cantwell bill can be found on the Internet with the any of
the following URLs (Universal Resource Locaters):

ftp://ftp.eff.org/pub/Policy/Legislation/cantwell.bill
http://www.eff.org/ftp/EFF/Policy/Legislation/cantwell.bill
gopher://gopher.eff.org/00/EFF/legislation/cantwell.bill

**************************************************************************
Relying on the government to protect your privacy is like asking a peeping
tom to install your window blinds.    - John Perry Barlow, EFF co-founder

The Electronic Frontier Foundation is working to protect your privacy.  To
help stop Clipper and eliminate export controls on cryptography, support a
bill introduced in the House of Representatives, HR 3627.  To support the
bill, send email to <cantwell at eff.org>.

......................................................................
Daniel J. Weitzner, Senior Staff Counsel              <djw at eff.org>
Electronic Frontier Foundation                        202-347-5400 (v) 
1001 G St, NW  Suite 950 East                         202-393-5509 (f)
Washington, DC 20001

*** Join EFF!!!  Send mail to membership at eff.org for information ***




-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From qwerty-remailer at netcom.com  Thu Feb 10 16:20:25 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Thu, 10 Feb 94 16:20:25 PST
Subject: Magic money not working bigendian
Message-ID: <199402110013.QAA08947@mail.netcom.com>


I have not been able to get Magic Money to work right in big-endian
mode using pgptl10c.zip and mgmny10d.zip.  It does not work
with either -DHIGHFIRST or -DHIGHFIRST plus -DHIGH_KLUDGE.

The key generation seems to go OK, but then when I "mint" a coins.dat
file with 6 coins in the server and try reading it in the client, all
coins after the first are said to have bad signature.

I have tried it with both 512 and 1024 bit keys and both fail.

The previous version of magicmny.zip worked OK.





From oseiler at unixg.ubc.ca  Thu Feb 10 16:28:08 1994
From: oseiler at unixg.ubc.ca (Oliver Seiler)
Date: Thu, 10 Feb 94 16:28:08 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102154.AA09132@deathstar.iaks.ira.uka.de>
Message-ID: <Pine.3.05.9402101530.C12236-d100000@unixg.ubc.ca>


Although I think this thread should end, I can't let this go by...

On Thu, 10 Feb 1994, Hadmut Danisch wrote:

> If a murderer tries to kill you and you have a gun, you will shoot
> back, I assume, even if you use the same method as him.

There is a clear difference here, but we have to get some definitions
cleared up. The other person isn't a murderer until you are dead. What
he is doing (I'll assume it's a guy...) is attempting to end your life.
To prevent this is your choice (most will choose to protect themselves).

Hell, even if I didn't have a gun, I'd fight back. A gun just makes
it more convenient (note also that unless your death is evident, as
opposed to just being bruised say, then killing the guy outright
would to me be wrong. Just shoot his kneecaps, or maybe just in the
gut, although this is likely to be fatal as well, but then, maybe the
guy should have been a bit smarter...)

My point is that initiating violence and protecting yourself from
violence (using "violence") are two different things...

> > You can fight Naziism by spreading information about the evils of
> > Naziism. 
> 
> I wish it were true. They were trying this for many years. We all thought
> that Naziism will never come back because the lesson (WW II) was big enough.
> But it didn't work as you can see in the news magazines. 

Unfortunately I don't think it was really tried in Germany (or in most
places). The events of that era, the ideologies, were swept under the
rug, to be forgotten, not to be talked about... This does not make
for education...

> What do you believe, is it a good idea to publish software like PGP
> if it is used by the Nazis to organize their work?

No, I don't think it's a good idea. However, that is not saying I would
support an effort to suppress their ideas. I do exactly what I do with
all other ideologies I think are a bunch of crap. Don't adopt them and
retaliate when it affects me personally...

> > You can fight it by vigorously prosecuting those who commit
> > acts of violence. 
> 
> If you can get them...

Always a problem. However, this is much preferable to trying to get them
before they actually do anything. This tends to turn into a witch
hunt and more innocent people are burned...

> In this discussion "Nazi" is everything from an idea to settings buildings
> on fire. If I say allow, they say I would allow killing people. If I forbid,
> they say I forbid to publish ideas. Tell me what is "Nazi" in your argument.

A "Nazi" was a member of the National Socialist Party of Germany during the
first half of this century (and by the laws of the time, that meant
just about everybody. Everybody except for the "races" which those in
charge found to be "unpure", where "pure" could be defined as some
sort of ideal "master race" which those in charge thought the Nazi party
was... Very circular arrangement really...) At the time in Germany
it was a complement to be called a National Socialist. Now however it
is a very loaded insult to most people, although some still find the
"endearing" rhetoric about "master" races and such to still be
attractive, hence the neo-Nazi...

That is what the word "Nazi" means to me...

> > > Seen from Germany, american presidents elections look like a mixture
> > > of a football game and a tv show.

That's what sells the average American...

I don't expect it last much longer though...

> > Yes, but that is a statement that the press in the U.S. is bad, not
> > that it is unfree. Freedom and quality are orthogonal.
> 
> Untrue. A press without freedom can't be good. And if your press is bad
> and not interested in publishing anything real, then of course you don't
> need to control it. But this is neither freedom nor quality.

You seem to be watching the wrong media. TV is a controlled media, by the
FCC, and the large cable corporations. Public broadcasting tends to be
more informative... Most TV though is a wasteland (and if I remember
from my last trip to Germany in '87, I found it's TV selection to be
worse... The only thing I liked was that commercials weren't put on
during shows...)

Most of the interesting press is in print, since there are far fewer
regulations (since one isn't broadcasting over "public" frequencies).
And it is also far cheaper to put stuff into print...

> > > In Germany I can get my Cryptosoftware from whereever I want,
> > 
> > Actually, you can do that here, too. We just cant send the software
> > overseas.

Well, you're not "supposed" to. Really it is as easy as sending e-mail
to someone...

> I can publish everything about Cryptography and publish it everywhere
> over the world.

Blame it on the paranoid US government (read, the NSA)...

> I can publish newpapers with nude girls on the front. Is this possible
> in your country?

Must be, since I often have seen them in various "adult" stores. You can't
put them on "public" display, not without risk of being sued by some
irate parent...

I agree though that sex is generally handled better in Europe than in
North America... Very prudish society (both Canada, where I am, and in
the US)

> As far as I know in your country a lot of things are controlled by
> religious groups. Is this freedom?

How do you mean controlled? Lot's of things are "controlled" by Jewish
people, depending on whom you ask. The banking folks seem to control
the banks pretty well. That store down the street where I buy milk is
controlled by somebody pretty good too... Oooh aah...

Am I "controlled"? Who knows. Who cares? I'm happy, but then so are the
vast majority of people in Singapore, which is far less free in
many ways than either of the two countries under discussion...

> Hadmut

-Oliver

| Oliver Seiler          + Erisian Development Group +  Amiga Developer  +
| oseiler at unixg.ubc.ca   +-------------Reality by the Slice--------------+
| oseiler at nyx.cs.du.edu  | Phone: (604) 683-5364     Fax: (604) 683-6142 |
| ollie at BIX.com          | POB 3547, MPO, Vancouver, BC, CANADA  V6B 3Y6 |







From cme at sw.stratus.com  Thu Feb 10 16:40:26 1994
From: cme at sw.stratus.com (Carl Ellison)
Date: Thu, 10 Feb 94 16:40:26 PST
Subject: re. Denning's Clipper defense (15.48)
Message-ID: <199402110033.TAA21173@ellisun.sw.stratus.com>


Prof. Denning has issued a defense of the Clipper proposal (which she
advocated in a CACM article long before the initiative was announced).  Her
specifics are easy enough to refute and I'm sure others will do so.
However, she closes with an idea so radical that it shocked me.

Her idea that we citizens need a security clearance in order to enter the
debate over whether or not we should give up a right we've had for all time
(to make, use, disseminate, ..., our own strong cryptography, interfering
with the government's ability to spy on us) is so radically off base that
the technical debate pales by comparison.

My grade school social studies teacher is doubtless spinning in her grave.
On this point, I would like to hear from newly freed members of the Eastern
block.


 - Carl Ellison





From 68954 at brahms.udel.edu  Thu Feb 10 16:44:25 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Thu, 10 Feb 94 16:44:25 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102306.AA09283@deathstar.iaks.ira.uka.de>
Message-ID: <Pine.3.89.9402101937.A21563-0100000@brahms.udel.edu>


On Fri, 11 Feb 1994, Hadmut Danisch wrote:

> 
> Perry E. Metzger says:
> 
> 
> So? If you find a paper with YOUR face, YOUR name and big 
> letters KILL THIS MAN FOR BEING A JEW, would you think
> this is okay?
> 
> Would you give out PGP for mailing such calls encyphered?
> 
	Oh bullshit, dont try that argument.  If that was they way the 
world operated we would be eating raw meat in a cave still.  The tools 
are NOT evil and should be distributed.  It's how you use them that can 
be bad.

> > Do you not have to register your newspaper?
> 
> No, we don't. This is not true. Who told you this tale?
> 
> 
> Is it "freedom of press" if someone tells american people
> that germans would have to register their newspapers?
> 
	No, it's inherent to freedom of press, meaning sometimes we get 
lied to apparantly this was one of those times, but it's not "freedom of 
press" persey.

> 
> Hadmut
> 
	Can we cut the politickin out or is this normal?  I mean I know 
politics play a major role in cryptography, but throwinf explitives about 
Nazis isnt really conductive to good encrytian development.


	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From lefty at apple.com  Thu Feb 10 17:00:24 1994
From: lefty at apple.com (Lefty)
Date: Thu, 10 Feb 94 17:00:24 PST
Subject: Oh No! Nonsense on the Nets
Message-ID: <9402110036.AA04560@internal.apple.com>


>This thread becomes non-cryptographic; perhaps it should be moved elsewhere?

Perhaps, if it doesn't move under its own steam, it ought to consigned to
the custody of the Shooting Out Back Squad.  It has long since long
whatever marginal relevance it might once have enjoyed.


--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From richardr at netcom.com  Thu Feb 10 17:02:50 1994
From: richardr at netcom.com (Richard L. Robertson)
Date: Thu, 10 Feb 94 17:02:50 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402110052.AA04264@cleo.MasPar.Com>
Message-ID: <199402110055.QAA04580@mail.netcom.com>


I have just been lurking on the cypherpunks e-mail list until
I get a feel for the group dynamics, that's why I haven't
made any comments about the less-than-relevant topics and the
nasty ad hominum (?) attacks that seem to take up an extraordinary
amount of bandwidth on this list.

I thought that cypherpunks were interested in uses and practice of
encryption, but I am beginning to wonder.


Richard Robertson         richardr at netcom.com





From solovay at math.berkeley.edu  Thu Feb 10 17:10:25 1994
From: solovay at math.berkeley.edu (Robert M. Solovay)
Date: Thu, 10 Feb 94 17:10:25 PST
Subject: Magic money not working bigendian
In-Reply-To: <199402110013.QAA08947@mail.netcom.com>
Message-ID: <199402110108.RAA06533@math.berkeley.edu>


Is there a simple way to find out if ones computer is big-endian or
not? [Like a simple C program that one can compile and run to settle
the question.]





From paul.elliott at hrnowl.lonestar.org  Thu Feb 10 17:50:25 1994
From: paul.elliott at hrnowl.lonestar.org (Paul Elliott)
Date: Thu, 10 Feb 94 17:50:25 PST
Subject: OS2 IO driver for RNG-810 random number generator is released.
Message-ID: <2d5ac2e4.flight@flight.hrnowl.lonestar.org>


-----BEGIN PGP SIGNED MESSAGE-----

I have released an OS/2 device driver for the CALNET/NEWBRIDGE RNG-810
random number generator.

The file rng-810.zip has been uploaded to ftp-os2.cdrom.com.
It has been placed in the directory /pub/os2/incoming.
I have recommended that this file find its ultimate home
in: /pub/os2/2_x/drivers.

It has also been made available in compu$erve
forum: OS2USER LIB:3 as the file rng810.zip

Sources are included in the file, and its is released
under the GNU Public Licence. It is written in Borland C++ 3.0
and TASM(IDEAL MODE). The Borland C++ runtime source is needed
to compile it.

- - From the software point of view, the RNG-810 is a very simple device.
Simply do a "in" instruction on the port (300h 302h 304h or 306h) depending
on its jumpers and you receive a random byte. The IO driver can probably
be used with any random number generator that is accessed in the same
way.

- ------------------------------------------------------------------------------
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott at hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVqS2fBUQYbUhJh5AQGc/QP/aGuUJ1vluEi83/5miDc2RR+IKeqwbzBy
wdLP4YxTptTLaBaJvAUdBZhjX70SFUt8l5i25pEvs6nvHMjzNp0Q+w0e55E9jfkW
alvvo+R5n6+l6NjuFvESmQy+6U6zvQalGwVxY+VosiSDfXNy6PJhMYbmWSN8t0h9
+C4zXAWvM8w=
=KEkC
-----END PGP SIGNATURE-----





From mg5n+ at andrew.cmu.edu  Thu Feb 10 17:52:57 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Thu, 10 Feb 94 17:52:57 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102226.AA09203@deathstar.iaks.ira.uka.de>
Message-ID: <AhKi=S200awO0BCkd9@andrew.cmu.edu>


danisch at ira.uka.de (Hadmut Danisch) writes:

> You all seem to have a nice patent for defense against
> Nazis. Why don't you tell/sell us this patent? It
> could be very helpfull.
> 
> Don't you believe that we are interested in a free press?
> Don't you believe that we want to fight against Naziism?
> How do you fight against your Nazis?

Our secret weapon against Nazis in the USA is that we don't censor them.
 We let them publish their books so everyone can see how stupid and
ridiculous nazism is.  We also have books about what the Nazis did to
the jews in WWII.

The reason the Nazis are such a problem in Germany is that the
government gives them so much free advertizing.  The whole thing about
how a secret BBS network eludes the police makes people very interested
in it.  People like the idea of belonging to a special elite
orginaztion, and its "underground" status gives it that appeal.  There
are Nazi BBS systems in the USA, and they're not too difficult to find. 
And most people couldn't care less.

But to make a relevant comparison to cypherpunks: How many people used
PGP before the clipper debate began?  (Fairly few)  How many heard about
it because of the recent public uproar caused by the government wanting
to control crypto?  If clipper had never been introduced, many people
who now use PGP would never have heard of it.  The government created
its own encryption "problem" by telling people about it.  The Germans
are creating their own Nazi problem by telling people about it.  Food
for thought...





From hughes at ah.com  Thu Feb 10 18:00:25 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 10 Feb 94 18:00:25 PST
Subject: Magic money not working bigendian
In-Reply-To: <199402110108.RAA06533@math.berkeley.edu>
Message-ID: <9402110150.AA09132@ah.com>


Try this:

--------------------------------------------
#include <stdio.h>

main()
{
	long t = 1 ;
	char *cp = (char *) & t  ;

	printf( "%s-endian\n", ( *cp != 0 ) ? "little" : "big" ) ;
}
--------------------------------------------

On a little-endian machine, the least significant byte is stored
first; on big-endian, the most significant.  The address of a long
points to the first byte, i.e. the byte with the lowest address.  The
above program tests to see if the first byte is non-zero, which is
true iff the length of a char is less than the length of a long
(usually true) and if the least significant byte is first, i.e.
little-endian.

Further responses should go only to my mailbox.

Eric





From sandfort at crl.com  Thu Feb 10 18:50:24 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 10 Feb 94 18:50:24 PST
Subject: GILMORE ON TV
Message-ID: <Pine.3.87.9402101832.A27229-0100000@crl.crl.com>


Hey C'punks,

Was everyone too busy arguing about "freedom of the press" to note a real 
act of Cypherpunk stealth?  While some of you were rehashing WWII, 
Cypherpunk co-founder, John Gilmore, was slipping cryptography between 
the lines in a news item about the "information superhighway."  The item 
was about a "new" way to protect against (dare I say it?) 
pseudospoofing. 

Perhaps John will honor us with an official description of Cygnus 
Support's new software.

 S a n d y

 






From baford at schirf.cs.utah.edu  Thu Feb 10 19:30:24 1994
From: baford at schirf.cs.utah.edu (Bryan Ford)
Date: Thu, 10 Feb 94 19:30:24 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
Message-ID: <9402110328.AA10866@schirf.cs.utah.edu>



I recently sent a version of this message to Stanton McCandlish in
response to EFF's call for support on the Cantwell bill; he said you
people would probably be most interested in the idea.  I was planning
to sit quietly for a few weeks, watch the list, and make sure it's
not just old news here before opening my big mouth.  But seeing the
volume of the list I may not last that long, so I'll post now. :-)

---

It seems like the most effective way to fight Clipper would be to ensure
that by the time the government has a chance to impose any effective controls,
strong public encryption is in wide enough use to make such controls
completely unenforceable.

While encouraging people to always encrypt their E-mail might seem the most
straightforward way to do this, most people just aren't interested enough and
don't see a threat in leaving their mail open, and encryption is still
inconvenient.  An approach introducing encryption into some other aspect
of information transfer, where it is more immediately and obviously useful,
might be more successful in the short term.

One of the most popular uses of the Internet is for distribution of free
software, both in binary and source form.  It would make the lives of many
people much easier if the downloading and installation process could be made
more automatic.  Right now if I want to always have the latest version of GCC
on my Linux box at home, I have to watch the right newsgroup for announcements,
FTP to the right site, download the new version, unzip, untar, and install it
(not to mention compiling it if I get a source code distribution).  This is
not too bad by itself, but it gets inconvenient on a "real" system containing
hundreds of packages to be kept up-to-date, a new version of one coming out
every day or two.

It shouldn't be too difficult to automate this monitoring, downloading, and
installation process, especially for binary distributions that require no
complicated configuration or build sequence.  But suggest this to most anyone,
and they'll immediately get jittery with fear about trojan horses, viruses,
and every other attach known.  This is where encryption technology (specifically,
public-key-based signatures) could come in.  Unlike with E-mail privacy,
where most people don't get a really tangible benefit, in this case encryption
could be a real enabling technology: it would allow people to do what they
couldn't (or wouldn't dare) do before.  If it was done right, in a way that
people can trust, people _would_ use it because it would make their lives
easier, not more complicated.

Before I get into any more detail, I want to hear what you all think
about the general idea, so I'll leave it at that for now.

Thanks!

				Bryan Ford
---
Bryan Ford	baford at cs.utah.edu	University of Utah, CSS
`finger baford at schirf.cs.utah.edu' for PGP key and other info.





From jim at bilbo.suite.com  Thu Feb 10 21:20:24 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 10 Feb 94 21:20:24 PST
Subject: message pools revisited
Message-ID: <9402110507.AA13369@bilbo.suite.com>



Someone once said that a system of remailers is as strong as its  
STRONGEST link.

"As long as even ONE remailer in the chain is trustworthy, hiding the  
connection between incoming and outgoing messages, your anonymity is  
preserved."

While I agree with this in principal, I'm still not satisfied.  I  
want a remailer system that is secure from eavesdropping and traffic  
analysis even if ALL remailers are untrustworthy.

You might ask why I am not satisfied with current remailer designs.   
My unease stems mostly from irrational fears and distrust of the  
people running the remailers.  I don't personally know any of the  
people who are running remailers.  How can I be sure they are not  
colluding?  How can I be sure their machines haven't been penetrated  
by the Bad Guys?  It may be true that the remailer system is as  
strong as its STRONGEST link, but how do I know where that strongest  
link is?  As long as there is any doubt, I'm not satisfied.  Others  
may feel the same, and refrain from using remailers.

With sufficient traffic, messages exchanged via a message pool are  
secure from eavesdropping and traffic analysis, even if the message  
pool is untrustworthy.  The problem is, the message pool schemes I'm  
familiar with (admittedly, not that many) don't scale up well.

One kind of message pool works like a mailing list.  People subscribe  
to the message pool by sending the message pool server their e-mail  
address (and perhaps also a public-key).  A member of the message  
pool sends an anonymous message by encrypting it with the recipient's  
public key and sending it to the message pool server.  The message  
pool server sends a copy of the encrypted message to every member of  
the message pool service.  Only the person who has the corresponding  
private key will be able to decrypt the message.  All other members  
of the pool will get garbage.  One benefit of this type of message  
pool is that the messages come to you.  You don't have to go and get  
them.  Also, if an encrypting remailer is a member of the message  
pool service, then members can "route" messages through it to  
non-members.

Another kind of message pool works like a BBS system.   A person  
sends a message by encrypting it with the recipient's public key and  
sending it to the message pool server.  The message pool server adds  
the message to a pool of messages it maintains.  Messages stay in the  
pool for a finite time, and then are deleted.  People periodically  
downlaod the current set of unexpired messages from the pool and see  
if they can decrypt any of them.  If they find a message they can  
decrypt, then the message was meant for them.  The advantage to this  
scheme is that there is no concept of a "member".

Some time last year, before I joined the cypherpunks mailing list, I  
posted a message to sci.crypt suggesting that people create a news  
group called "alt.crypt.messages" so people could exchange messages  
anonymously.  Some people said this was a good idea.  Others said  
that it was suggested before by others (it had).  Still others said  
it wouldn't work because people wouldn't carry the news group because  
they wouldn't be able to know what kind of stuff was being sent  
through it.

I think it is time to ask again.  Do people think it would be a good  
idea to create a news group for exchanging anonymous messages?   
Alternatively, perhaps some cypherpunks with free time would like to  
code up a simplified distributed message pool service modeled after  
USENET.  You would need servers to distribute the messages and  
front-end "reader" apps to simplify searching for messages destined  
for you.  Any takers?

Jim_Miller at suite.com





From kryten at shell.portal.com  Thu Feb 10 21:30:25 1994
From: kryten at shell.portal.com (Greg - Kucharo)
Date: Thu, 10 Feb 94 21:30:25 PST
Subject: Port Watson
Message-ID: <199402110522.VAA15045@jobe.shell.portal.com>


 Anyone who is intrested in T.A.Z should also check out a short story from the
Science Fiction anthology Semiotext SF,"Visit Port Watson".It's wierd how much
the story resembles T.A.Z.The mythical Port Watson is located on the real islandof Sonsorol in the South China Sea,about 400 miles from The Philippines.The Portis a free enclave,a enclave with no laws of any kind.The inhabitants of the island recieve dividends from a bank who has only virtual money.Each citizen recieves and equal share of the dividends which is calculated by computer based on money made by investors.The Bankers are "libertarian computer hacks and anarcho-capitilists".Sounds like CypherPunk Nation to me.Here's the bibiliography info;
 Semiotext(E) SF Copyright 1989 Autonomedia,New York.Ed.Peter Lamborn Wilson andRudy Rucker.




From jim at bilbo.suite.com  Thu Feb 10 22:00:25 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 10 Feb 94 22:00:25 PST
Subject: message pools revisited - CORRECTION
Message-ID: <9402110551.AA13447@bilbo.suite.com>



I realized only after posting that "routing" messages through a  
remailer that is a member of the message pool you belong to is a  
risk.

Keep in mind that I'm still speaking within the context of "all  
remailers and message pool servers are colluding".

Jim_Miller at suite.com






From qwerty at netcom.com  Thu Feb 10 22:20:25 1994
From: qwerty at netcom.com (Xenon)
Date: Thu, 10 Feb 94 22:20:25 PST
Subject: Resend Encryptogram to Xenon.
Message-ID: <199402110615.WAA01809@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

I think someone sent me an encrypted message, but I deleted it
by 's Message?', 'd', 'q'. Unfortunately FUCKING UNIX just said
"Message?": No match, but I didn't see that till too late and
now the message is gone. Oh why oh why didn't I use the Mac
Clipboard instead :-( ? Is there any way to get it back? I
have an idea of who it might be so I'll send him too.

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVrblwSzG6zrQn1RAQFinwP+MS8WdoXu+pyxuR7uZe3qE6mjf7QdnvdW
mDz4kT6vOf3gPik5/SC0gQrAET6Rjs4dtE/vZMH4QvL+9tCmyGLwktr0Fqc7ybZN
pqLRuOiQcwHwiVRMn10/kqrcZjgHj6gCRDPMqo2p3M5JavwIcXTWIvALy/4X+iTU
YKmqpuwlHss=
=5IBW
-----END PGP SIGNATURE-----





From jkreznar at ininx.com  Thu Feb 10 22:30:25 1994
From: jkreznar at ininx.com (John E. Kreznar)
Date: Thu, 10 Feb 94 22:30:25 PST
Subject: FLASH: Vice President Gore Questions Current Key Escrow Policy!
In-Reply-To: <199402102355.SAA22541@eff.org>
Message-ID: <9402110621.AA10239@ininx>


-----BEGIN PGP SIGNED MESSAGE-----

> **************************************************************************
> Relying on the government to protect your privacy is like asking a peeping
> tom to install your window blinds.    - John Perry Barlow, EFF co-founder

> The Electronic Frontier Foundation is working to protect your privacy.  To
> help stop Clipper and eliminate export controls on cryptography, support a
> bill introduced in the House of Representatives, HR 3627.  To support the
> bill, send email to <cantwell at eff.org>.

I wish I knew how to help you wake up and smell the contradiction here.
In one breath you acknowledge that government is an enemy of privacy,
and in the next you encourage acting to endorse and empower that very
government by petitioning it.

Secede now!  Then your works need not be exported from US because they
wouldn't be there to begin with!

	John E. Kreznar		| Relations among people to be by
	jkreznar at ininx.com	| mutual consent, or not at all.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVsjaMDhz44ugybJAQFUmwQAl+tOSFRJbWyEGDir1cf6M4tCV0njhox3
cPTIfZwkBcB6diPr9ouB75m1S1BAiTfZ++a3/0Mo7Z+qcBjIZSWU+LYwzSdRNMtI
63PNB4ozoY6eHbct34exiBLZGcfEDrpwGtnabsz7Tq+ys6OpbrC+2UJCijmUFC9z
+crUUQIOhi4=
=TP2H
-----END PGP SIGNATURE-----





From solovay at math.berkeley.edu  Thu Feb 10 22:40:25 1994
From: solovay at math.berkeley.edu (Robert M. Solovay)
Date: Thu, 10 Feb 94 22:40:25 PST
Subject: MOO: on the virtual meeting
In-Reply-To: <9402102038.AA08134@ah.com>
Message-ID: <199402110633.WAA11599@math.berkeley.edu>


Eric Hughes writes:

-- Client software.

A must-use.  telnet is really annoying.  I point this out because
unimportant technical considerations make huge differences in
usability.

	Where does one get such client software for a MOO. Is there
some standard ftp site to try? What is the name of the relevant
software?
	Thanks,
		Bob Solovay





From nobody at shell.portal.com  Thu Feb 10 23:20:24 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 10 Feb 94 23:20:24 PST
Subject: JESUS SAVES!
Message-ID: <199402110719.XAA23790@jobe.shell.portal.com>


Part of the inspiration for OPERATION BLACKEN BLACKNET...


===cut=here===

RISKS-LIST: RISKS-FORUM Digest  Thursday 10 February 1994  Volume 15 : Issue 49

Date: Sun, 6 Feb 1994 01:17:49 -0500 (EST)
From: Paul Robinson <PAUL at TDR.COM>
Subject: What goes around, comes around

The following was posted on a local BBS about the recent incident on the 
network.

ANDREWS NEWS
 
Staff member suspended for network abuse, by Wendy Wein
 
     Clarence Thomas, systems administrator for "Redwood," the administrative
computer, will be temporarily suspended from his job because he sent a 5,500
character religious message to between 1,200 to 1,500 news groups across the
world through the Internet.  This act violated the system's purpose, giving
Andrews University a bad reputation among the Internet users. Over 1,200
complaints came over the Internet to the Andrews computer science department
demanding justice.
     According to Mailen Kootsey, chair of the academic computing committee
and dean of the College of Arts and Sciences, Thomas will be suspended from
his position for a week. His status will be reviewed at the end of the time
period. During this week Thomas will not have available access to the network
computers.
     Sometime between five and eight o'clock Monday evening, January 17,
Thomas sent his three-page message titled "Global Alert for All: Jesus is
Coming Soon," from the Andrews computing center to the news groups which are
accessible through the Internet, a computer system which connects computers
throughout the world.
     These news groups deal with different individual topics. For example, if
a news group is about cars, then only information about cars should be sent to
that news group. Some people subscribe to more than one group and some
universities and organizations are subscribed to almost all of them. Thomas
sent his religious message to all of these groups.
     People who were not interested received this message, some more than
once. Some organizations received 1,200 to 1,500 copies.  For many of the
subscribers religious input was not accepted very well. This message took up
their time and money.  The message accumulated 5.5 kilobytes of disk space.
Within an hour after the message was sent, Daniel Bidwell, administrative
contact for the network at Andrews, received Internet messages from the East
coast.
     In two hours they came from the West coast and within four hours,
complaint letters came in from other countries. The letters made statements
such as "This is not what I am paying for" and "Will this guy be stopped?"
     In addition to the news groups, Thomas also sent his message through a
mailing list, filling others' electronic mail. This could have been changed by
sending it to only a few news groups so fewer copies could have been
distributed.  "If he sent his message through a news group which dealt with
religious issues then everything would be fine," said Bidwell, "No one would
have known."
     There are no laws against Thomas' actions, yet he violated and broke some
of the unwritten rules of society. That is why many people are unhappy.
     This act created poor reactions towards the university.  Thomas' intent
was to spread the good news of Jesus' return to all those he could reach.
Thomas was trying to witness to others, yet instead of creating joy in
peoples' heart, he only created anger and resentment. "He was doing the right
thing in the wrong way," said Bidwell.
     Some of those who wrote to complain said that they agreed with the
message, but that Thomas delivered it wrongly. This message has created bad
public relations for the church at another's expense.
     The letters that were received included threats. They wanted Thomas
fired, or else the Internet connections from the Andrews campus could be
"taken." People are now writing and finding ways to contact President Lesher.
Not only have strangers called, but also a large amount of Adventists claiming
that something must be done to save the church's sacred reputation.
     On Monday morning, January 24, Rob Barnhurst, Thomas's supervisor and
director of the computing center, Ed Wines, vice president for finance, and
Kootsey, met to discuss the incident.  They decided to send out an apology
through the Internet, explaining that they did not condone Thomas's act and
will try to keep this from happening again.
     Thomas graduated from Andrews with a computer science degree.  Those at
the computer science department feel that he knew better then to send out that
many copies. "It was clearly, very definitely abuse," said Ray Paden, chair of
the computer science department.  "He broke the guidelines for the Internet
and violated the net etiquette. The trust was violated."






From nobody at shell.portal.com  Thu Feb 10 23:22:16 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 10 Feb 94 23:22:16 PST
Subject: JESUS SAVES!
Message-ID: <199402110719.XAA23828@jobe.shell.portal.com>


Part of the inspiration for OPERATION BLACKEN BLACKNET...


===cut=here===

RISKS-LIST: RISKS-FORUM Digest  Thursday 10 February 1994  Volume 15 : Issue 49

Date: Sun, 6 Feb 1994 01:17:49 -0500 (EST)
From: Paul Robinson <PAUL at TDR.COM>
Subject: What goes around, comes around

The following was posted on a local BBS about the recent incident on the 
network.

ANDREWS NEWS
 
Staff member suspended for network abuse, by Wendy Wein
 
     Clarence Thomas, systems administrator for "Redwood," the administrative
computer, will be temporarily suspended from his job because he sent a 5,500
character religious message to between 1,200 to 1,500 news groups across the
world through the Internet.  This act violated the system's purpose, giving
Andrews University a bad reputation among the Internet users. Over 1,200
complaints came over the Internet to the Andrews computer science department
demanding justice.
     According to Mailen Kootsey, chair of the academic computing committee
and dean of the College of Arts and Sciences, Thomas will be suspended from
his position for a week. His status will be reviewed at the end of the time
period. During this week Thomas will not have available access to the network
computers.
     Sometime between five and eight o'clock Monday evening, January 17,
Thomas sent his three-page message titled "Global Alert for All: Jesus is
Coming Soon," from the Andrews computing center to the news groups which are
accessible through the Internet, a computer system which connects computers
throughout the world.
     These news groups deal with different individual topics. For example, if
a news group is about cars, then only information about cars should be sent to
that news group. Some people subscribe to more than one group and some
universities and organizations are subscribed to almost all of them. Thomas
sent his religious message to all of these groups.
     People who were not interested received this message, some more than
once. Some organizations received 1,200 to 1,500 copies.  For many of the
subscribers religious input was not accepted very well. This message took up
their time and money.  The message accumulated 5.5 kilobytes of disk space.
Within an hour after the message was sent, Daniel Bidwell, administrative
contact for the network at Andrews, received Internet messages from the East
coast.
     In two hours they came from the West coast and within four hours,
complaint letters came in from other countries. The letters made statements
such as "This is not what I am paying for" and "Will this guy be stopped?"
     In addition to the news groups, Thomas also sent his message through a
mailing list, filling others' electronic mail. This could have been changed by
sending it to only a few news groups so fewer copies could have been
distributed.  "If he sent his message through a news group which dealt with
religious issues then everything would be fine," said Bidwell, "No one would
have known."
     There are no laws against Thomas' actions, yet he violated and broke some
of the unwritten rules of society. That is why many people are unhappy.
     This act created poor reactions towards the university.  Thomas' intent
was to spread the good news of Jesus' return to all those he could reach.
Thomas was trying to witness to others, yet instead of creating joy in
peoples' heart, he only created anger and resentment. "He was doing the right
thing in the wrong way," said Bidwell.
     Some of those who wrote to complain said that they agreed with the
message, but that Thomas delivered it wrongly. This message has created bad
public relations for the church at another's expense.
     The letters that were received included threats. They wanted Thomas
fired, or else the Internet connections from the Andrews campus could be
"taken." People are now writing and finding ways to contact President Lesher.
Not only have strangers called, but also a large amount of Adventists claiming
that something must be done to save the church's sacred reputation.
     On Monday morning, January 24, Rob Barnhurst, Thomas's supervisor and
director of the computing center, Ed Wines, vice president for finance, and
Kootsey, met to discuss the incident.  They decided to send out an apology
through the Internet, explaining that they did not condone Thomas's act and
will try to keep this from happening again.
     Thomas graduated from Andrews with a computer science degree.  Those at
the computer science department feel that he knew better then to send out that
many copies. "It was clearly, very definitely abuse," said Ray Paden, chair of
the computer science department.  "He broke the guidelines for the Internet
and violated the net etiquette. The trust was violated."






From ndw1 at columbia.edu  Thu Feb 10 23:30:24 1994
From: ndw1 at columbia.edu (Nikolaos Daniel Willmore)
Date: Thu, 10 Feb 94 23:30:24 PST
Subject: message pools.
Message-ID: <199402110729.AA23482@konichiwa.cc.columbia.edu>


::
Request-Remailing-To: cypherpunks at toad.com

-----BEGIN PGP SIGNED MESSAGE-----

Jim asked about message pools. Why not just start using alt.test? It's really
not such a noisy group compared to say comp.org.eff.talk ;-)! You must
include "ignore" in your subject line, or the remailer you use will
be swamped by autoresponder messages. And as long as a PGP message already
tattles what the nickname on the key it is encrypted with is, you can up
front put that nickname in the Subject header. At worse, if you want to
"hide" it, just remove the header and footer that announces it's a PGP
message. No one will really notice. You could even add a jpeg header and
laugh at the poor soul who tries to view that "ignore Stacy" jpeg that
he never saw in alt.binaries.picures.erotics. No remailer operators like
me to have to trust. No central pool software. Fuck the waste of bandwidth
complaints, your just running a TEST. You still have to run through a remailer
though, to alt.test at news.cs.indiana.edu, so use encrypted remailing. You
can't use those that strip Subject lines, though even if qwerty did strip
Subjects, the return address is in there as "qwerty-remailer" so I wouldn't
see the autoresponds.

I know this isn't a new idea, but he did ask for ideas. You still have to
get the other person to "join the pool" (read alt.test), but that's easier
than getting them to join a real pool which will fill his mailbox daily
with garbage. And you can tell him to "join the pool" in public, say
anonymously on this list, or on Usenet or for God sakes send him an
anonymous snail mail letter! Whatever you do, since "Stealth-PGP" isn't
here yet, I don't see a reason not to include the person's anonymous
nickname in the Subject line or at least in the message, and make
everybody's lives much easier!

I think certain post-by-mail services like news.cs.indiana.edu function like
anonymous remailers if you forge mail to them, in that they strip much
of you original headers away, including the real path but you then have to
connect directly to that post-by-mail site and end up on their logs.

As far as problems go, I don't think the bandwidth problem would be
a big problem since what, maybe a dozen people would be really doing
this in a given week? Perhaps "strength in numbers" isn't going to be
possible yet in the next few years. So be a little naughty and use the
world-wide pool that already exists. The hell with internet bandwidth;
this is one's privacy at stake! I don't have an exciting enough life, so
let me know how it goes if you try it.

 -=Xenon=-

P.S. Maybe Stealth-PGP is a secret and is the reason the jpegs on
alt.binaries.pictures.erotics have become so "noisy" lately ;-).

P.S.S. I'm going to start reading alt.test and misc.test, but I will
not look at anything unless you put "ignore Xenon" in the Subject line!
Look Ma, I'm in a pool. Somebody send me a message, and send me an
anonymous public key within it, and I'll respond back the same way.
Don't sign the Encrypted message; clearsign the message within it!
Then nobody will know "Mr. Nickname" signed it. Why not contact
Pr0duct Cypher this way? Then you aren't taking up space in
alt.security.pgp. Afterall what's a 40K-100K message compared
to how much is in the binaries groups a day?! And you can easily
scan a day's alt.test postings for you name, then trash the rest.
You can even automatically scan the postings for you nickname with
most news readers. Sorry this is so long. I do have a nasty habit of
thinking in public.

P.S.S.S Extropia already has a pool set up, but I've been lazy and
don't know the details yet. With Usenet though, you never end up
on any pool's member list, except the list of all Usenet readers, and
possibly all remailer users if such a list exists. And a guy like
Pr0duct can NEVER be tagged for having picked up the message! No?

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVrsWgSzG6zrQn1RAQEqXgP9GKqpDEvYfnq6z9Xfnj+BkFf8MiNTy5zS
nHCrPwHkgrxEOTC352rgykcaOeChfwVZK9t43iPtegBK3uzZjYPdKxgcULx8Y4Rn
nmKf8X64JrwXuqlGCGK5VEXIF/NFo7qbn0tHAHoWhY+kZuPbbP/xjBel1C/f3Brg
EFpSRZA+AEA=
=Md9H
-----END PGP SIGNATURE-----






From greg at ideath.goldenbear.com  Fri Feb 11 00:00:25 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Fri, 11 Feb 94 00:00:25 PST
Subject: message pools revisited
Message-ID: <Z5JkHc1w165w@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

uunet!bilbo.suite.com!jim (Jim Miller) writes:

> I think it is time to ask again.  Do people think it would be a good  
> idea to create a news group for exchanging anonymous messages?   
> Alternatively, perhaps some cypherpunks with free time would like to  
> code up a simplified distributed message pool service modeled after  
> USENET.  You would need servers to distribute the messages and  
> front-end "reader" apps to simplify searching for messages destined  
> for you.  Any takers?

I think it's time - messages to Pr0duct Cypher (sp?) have begun to appear
on C-punks and on at least one of the Usenet groups; I think it's time
for alt.crypto-traffic, or alt.W.A.S.T.E (from Pynchon's _The Crying of
Lot 49_ - I think it was Tim May who first suggested alt.W.A.S.T.E).

I found a nice Perl script to scan a news spool (or a subset thereof) for
arbitrary text strings. It could easily be modified to send its output to
mail; so one wouldn't even need to subscribe to the group to rcv messages,
if correspondents would be so obliging as to mention the intended target
of the message (which, of course, would create a security risk and
facilitate traffic analysis; security or convenience, choose only one.)


-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLVsisX3YhjZY3fMNAQFREAP/Qs/pc/jHotO8lGgvFP3JVAwrIuChVac/
OGucDlyhtohRRgrP2h8JNCURP8ZGOrwzXO0KqoJI0HqP6rHHxy+lY1+gPYrB/WLS
XbS6hRdqe/awG19EiGXfvNGK9n1RoOObaleHxP1IruvC6LdX/19oax2TgcvRTOd/
mgN4teDrs4M=
=5GsZ
-----END PGP SIGNATURE-----

--
Greg Broiles               ".. has bizarre Cyberanarchist theories relating
greg at goldenbear.com         to human punishment." -- L. Detweiler






From qwerty-remailer at netcom.com  Fri Feb 11 00:10:24 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Fri, 11 Feb 94 00:10:24 PST
Subject: More on magic money problem
Message-ID: <199402110804.AAA23472@mail.netcom.com>


It appears that the problem with bigendian magic money is specific
to the "mint" function.  Minting one coin works OK, but minting more
than one causes every coin after the first to be rejected by the client.
Creating a coins.dat file with the -p function of the client works OK,
even with more than one coin.  Sending the output.asc to the server works
OK too, as does handling the ascii file that comes back from the server.
Only minting fails.

Here are hex dumps of two coins.dat files.  The first one is OK.  It was
created by "c -p" and has two coins.  Key size is 512.

0000000  c0c4 f7c6 cbe5 af34 0893 a6dc ab39 4292
0000020  8200 1101 000d 01fd 1098 23f4 a67e 1f58
0000040  8fbe 3199 67cb dc70 6cd1 6921 df53 aa8a
0000060  8b5b 2a63 5e67 94da 9b18 7f03 ece9 34b2
0000100  0535 75f3 4e6a 3a45 b25e 565e 3fbb 14db
0000120  f3fb c6a7 6def cf77 c05a 9043 0ba7 e490
0000140  0ff5 fa15 83ae cbb3 1a00 1101 000d 01fe
0000160  2c61 ff65 299d 987f 4d88 0a3c 4b13 9f8f
0000200  612a dba6 ad6f 250d f665 ce0c 868f 3b62
0000220  5d1f 725f 449e 15bc da50 c270 5fba 2386
0000240  49ad 2c45 e26e b3af b94e deed b1e6 5f15

Here is a similar coins.dat file created by "s m" and also holding two
coins of the same value (but different bit patterns, of course):

0000000  c086 9b22 8601 2974 3e71 d344 f7f1 ab13
0000020  6400 1101 000d 01fd 10ea 1ecb 711a 5114
0000040  5361 a558 9e67 a0ce 9eda 49af 58e1 9203
0000060  8f6b 9056 673c 88fb 79da 4a21 0e98 0e95
0000100  08a6 40f9 81f6 9e76 21e7 ea8d accf 0ef1
0000120  6e41 3657 aacf 34fb c0cc 8cc5 f400 0130
0000140  1400 0000 0000 0000 5900 1101 000d 01ff
0000160  5568 2e3d 9c7e ded9 6489 ba47 687e dc1a
0000200  f4e6 743e 2f12 f095 1363 7b03 6394 83ef
0000220  dbab 598b 60db ecf0 d09a d5ce 5ea8 d2e6
0000240  8277 1061 076b fd00 8aa8 edd9 17d0 3eeb

It is immediately obvious that the 2nd, bad, file has a block of 7
zeros where the other one has random data (on the line labeled
000140).  If I am interpreting this file right, this block of 0's is
towards the end of what should be a 16 byte block of random numbers.
So it looks like something overwrote 7 bytes of this 16 byte block
before it could be stored.

Hope this helps.

BTW, for the curious, the format of the coins.dat file is as follows.
For each coin, there is first a c0.  Then there are 16 random bytes,
the "coin ID".  Then there is a PGP-style multi-precision integer
which is the exponent corresponding to the coin.  In this case it is
0011 01000d.  The first two bytes are the number of bits in the MPI,
(11 hex equals 17 decimal) and then there are as many bytes as are
implied by that many bits; these hold the value.  This exponent MPI is
followed by another MPI which holds the bank's signature.  This
can be expressed as (C.ID)^(1/e), where e is the exponent, and C.ID is
a byte of 0, a byte of 1, padding bytes of ff, the magic 18-byte "ASN"
string, then 16 bytes of the coin ID.

In the examples above, the first coin ends exactly in the middle of
the row labelled 000120.  Try to see if you can pick out the
sub-fields of each coin in the files.





From catalyst-remailer at netcom.com  Fri Feb 11 00:12:30 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Fri, 11 Feb 94 00:12:30 PST
Subject: message pools.
Message-ID: <199402110809.AAA23888@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Jim asked about message pools. Why not just start using alt.test? It's really
not such a noisy group compared to say comp.org.eff.talk ;-)! You must
include "ignore" in your subject line, or the remailer you use will
be swamped by autoresponder messages. And as long as a PGP message already
tattles what the nickname on the key it is encrypted with is, you can up
front put that nickname in the Subject header. At worse, if you want to
"hide" it, just remove the header and footer that announces it's a PGP
message. No one will really notice. You could even add a jpeg header and
laugh at the poor soul who tries to view that "ignore Stacy" jpeg that
he never saw in alt.binaries.picures.erotics. No remailer operators like
me to have to trust. No central pool software. Fuck the waste of bandwidth
complaints, your just running a TEST. You still have to run through a remailer
though, to alt.test at news.cs.indiana.edu, so use encrypted remailing. You
can't use those that strip Subject lines, though even if qwerty did strip
Subjects, the return address is in there as "qwerty-remailer" so I wouldn't
see the autoresponds.

I know this isn't a new idea, but he did ask for ideas. You still have to
get the other person to "join the pool" (read alt.test), but that's easier
than getting them to join a real pool which will fill his mailbox daily
with garbage. And you can tell him to "join the pool" in public, say
anonymously on this list, or on Usenet or for God sakes send him an
anonymous snail mail letter! Whatever you do, since "Stealth-PGP" isn't
here yet, I don't see a reason not to include the person's anonymous
nickname in the Subject line or at least in the message, and make
everybody's lives much easier!

I think certain post-by-mail services like news.cs.indiana.edu function like
anonymous remailers if you forge mail to them, in that they strip much
of you original headers away, including the real path but you then have to
connect directly to that post-by-mail site and end up on their logs.

As far as problems go, I don't think the bandwidth problem would be
a big problem since what, maybe a dozen people would be really doing
this in a given week? Perhaps "strength in numbers" isn't going to be
possible yet in the next few years. So be a little naughty and use the
world-wide pool that already exists. The hell with internet bandwidth;
this is one's privacy at stake! I don't have an exciting enough life, so
let me know how it goes if you try it.

 -=Xenon=-

P.S. Maybe Stealth-PGP is a secret and is the reason the jpegs on
alt.binaries.pictures.erotics have become so "noisy" lately ;-).

P.S.S. I'm going to start reading alt.test and misc.test, but I will
not look at anything unless you put "ignore Xenon" in the Subject line!
Look Ma, I'm in a pool. Somebody send me a message, and send me an
anonymous public key within it, and I'll respond back the same way.
Don't sign the Encrypted message; clearsign the message within it!
Then nobody will know "Mr. Nickname" signed it. Why not contact
Pr0duct Cypher this way? Then you aren't taking up space in
alt.security.pgp. Afterall what's a 40K-100K message compared
to how much is in the binaries groups a day?! And you can easily
scan a day's alt.test postings for you name, then trash the rest.
You can even automatically scan the postings for you nickname with
most news readers. Sorry this is so long. I do have a nasty habit of
thinking in public.

P.S.S.S Extropia already has a pool set up, but I've been lazy and
don't know the details yet. With Usenet though, you never end up
on any pool's member list, except the list of all Usenet readers, and
possibly all remailer users if such a list exists. And a guy like
Pr0duct can NEVER be tagged for having picked up the message! No?

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLVrsWgSzG6zrQn1RAQEqXgP9GKqpDEvYfnq6z9Xfnj+BkFf8MiNTy5zS
nHCrPwHkgrxEOTC352rgykcaOeChfwVZK9t43iPtegBK3uzZjYPdKxgcULx8Y4Rn
nmKf8X64JrwXuqlGCGK5VEXIF/NFo7qbn0tHAHoWhY+kZuPbbP/xjBel1C/f3Brg
EFpSRZA+AEA=
=Md9H
-----END PGP SIGNATURE-----






From tcmay at netcom.com  Fri Feb 11 00:40:24 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 11 Feb 94 00:40:24 PST
Subject: Pynchon as roadkill on the digital superhighway
In-Reply-To: <Z5JkHc1w165w@ideath.goldenbear.com>
Message-ID: <199402110840.AAA08567@mail.netcom.com>



> I think it's time - messages to Pr0duct Cypher (sp?) have begun to appear
> on C-punks and on at least one of the Usenet groups; I think it's time
> for alt.crypto-traffic, or alt.W.A.S.T.E (from Pynchon's _The Crying of
> Lot 49_ - I think it was Tim May who first suggested alt.W.A.S.T.E).
...
> --
> Greg Broiles               ".. has bizarre Cyberanarchist theories relating
> greg at goldenbear.com         to human punishment." -- L. Detweiler


I don't recall whether it was Eric (Hughes) or me that specifically
came up with this....we were riffing on various screwy ideas and this
one popped up. The biggest concern is that the "ideal" name would be
"alt.w.a.s.t.e." except that the period at the end violates the naming
conventions.

In any case, various "pool" groups exist, such as the *.test groups
(as mentioned by others recently), flame groups, etc. I used
"alt.fan.david-sternlight" and "alt.sternlight" for my "BlackNet"
experiment some months back, though the only encrypted messages sent
to BlackNet, that I saw, were posted on Cypherpunks. (In general,
_not_ a good idea.)

Speaking of Pynchon, an amazing piece of news!, My non-W.A.S.T.E
mailbox contained a message today revealing the actual location, in
Aptos no less, of Thomas Pynchon.

Yes, you read this right. Pynchon, not photographed since his high
school yearbook photo 40 years ago, a total cipher, has been living
not more than a few miles from me all these years. 

It seems that in the early morning hours of January 28, 1990, someone
accessed the Department of Motor Vehicles computer files and got a
printout of the elusive man's home address, personal characteristics,
etc. A copy of this was forwarded to someone who studies Pynchon, and
thence to me, for reasons I won't go into right now.

The implications for Cypherpunks, privacy, and Pynchon as roadkill on
the digital highway are clear.

(For those of you who have no idea what I am talking about, or why
this is so significant, ignore this. For those of you who appreciate
the import of this event, I will have the document with me at the
Cypherpunks meeting on Saturday!)

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From ld231782 at longs.lance.colostate.edu  Fri Feb 11 00:42:13 1994
From: ld231782 at longs.lance.colostate.edu (L. Detweiler)
Date: Fri, 11 Feb 94 00:42:13 PST
Subject: Glimpse of the Bowel Movement
Message-ID: <199402110834.BAA09927@longs.lance.colostate.edu>


`Somebody' sent this to me... <g>

===cut=here===

From: tcmay at netcom.com
Subject: Update for Jan 1994

Cyphertentacles,

Some of you have asked about our plans for the next month. There have also
been many questions about the Detweiler situation. Here's a summary of our 
current situation and status:

The Netcom project is almost complete. We have 12 active accounts on this
system, of which only 3 have been compromised. The internal keyserver net
is in place. Each of our accounts will have its own PGP key. This will help
to defuse any suspicion which may arise. People tend to accept digital
signatures as valid, regardless of who did the signing. Just look at the
number of unsigned keys on the servers. Their carelessness will be their
demise. The phase change is getting closer.

Eric has finished the mods to the toad.com sendmail. Any mail sent to this
address, except from one of us, will bounce as though the account did not
exist. Fingerd has likewise been modified, and security has been greatly
enhanced on all the lists.

BlackNet Enterprises has successfully infiltrated one of the major credit 
bureaus. For obvious security reasons, I can't tell you which bureau is
involved or give any details. For the present, we will be archiving large
numbers of credit records. Within a few years, they will be salable for
the expired information they contain. The seven-year limit is ridiculous.
Creditors will be willing to pay for more complete information. *.fi should
have their digicash system operational within a year. We need many more
Cypherpunks-style remailers outside North America to operate the digicash
system and protect the servers.

Now, about the Detweiler problem: we finally got rid of an12070/S.Boxx
(thanks Julf!) but we're not out of trouble yet. We need more posters in
the newsgroups, to help with the damage control. Also, please sign each
others' pool keys. As I said earlier, the technology of encryption tends
to impress people and cause them to believe things, where they would
otherwise be skeptical.

A recent posting which I made to public Cypherpunks, "Who is L. Detweiler?",
has somehow found its way back to Detweiler. This is not serious, since
public is only a propaganda organ, but it points out the security problems
we face. Detweiler may have an agent on the public list. We must protect the
privates, particularly this one and Colorado, from similar infiltration.
Imagine what could happen if L. Detweiler gained access to this list! 
Even one post, if it fell into the wrong hands, could be extremely damaging.
Be very careful not to expose any list traffic.

More information will follow as it becomes available. For now, please
continue the newsgroup activity. Use all the pools, not just a few of them.
It was just this kind of carelessness which burned szabo.

Keep up the good fight!


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.





From ritter at cactus.org  Fri Feb 11 01:30:24 1994
From: ritter at cactus.org (Terry Ritter)
Date: Fri, 11 Feb 94 01:30:24 PST
Subject: Nx2 DES Found Weak
Message-ID: <9402110926.AA01707@cactus.org>





                   Ritter Software Engineering
                       2609 Choctaw Trail
                       Austin, Texas 78745
                (512) 892-0494, ritter at cactus.org



                       Nx2 DES Found Weak

                          Terry Ritter
                        February 11, 1994


 Summary

 Any Nx2 DES system succumbs to meet-in-the-middle attack at a
 cost only N times that of normal DES, and is probably not worth
 using.  If we assume that DES would fall with 2^55 cipherings
 (on average), then the 4x2+ DES system which I previously
 recommended would require only 2^57 cipherings.  Such an attack,
 however, might require substantially more storage and might be
 more difficult to mechanize and slower in operation than an attack
 on normal DES.

 Nx3 DES systems seem not to be affected by this attack, but they
 are also not faster than triple-DES (1x3 DES), which was the main
 reason for recommending Nx2 DES over triple-DES.  On the other
 hand, Nx3 DES systems apparently would provide added strength
 against dictionary attacks; such attacks might be possible against
 ASCII plaintext when ciphered in small 8-byte blocks.


 Double-DES

 A 1x2 DES construct (double-DES) is something like this:

             A
             v
      k1 -> DES1
             v
             B
             v
      k2 -> DES2
             v
             C

 Each single capital letter represents an 8-byte DES block.


 Meet-In-The-Middle Attack on 1x2 DES (double-DES)

      [ This is probably similar to:

        Merkle, R. and M. Hellman.  1981.  On the security of
        multiple encryption.  Comm. ACM 27(4): 465.

      which I have not seen.  This analysis resulted from trying to
      understand the comments on NxM DES made by email from Eli
      Biham, which led me to:

        Davies, D. and W. Price.  1984.  Security for Computer
        Networks.  Wiley.  75.

      and the attack on double-DES.  Obviously I did not expect
      that attack to work on Nx2 DES, or I would have skipped Nx2
      entirely. ]

 First we need some known-plaintext (A) and its associated ciphertext
 (C).  Now we encipher A with every possible random key k1 and save
 the results.  Then we decipher C with random keys k2, eventually
 finding a match to the enciphered data.

 There are many possible pairs of keys (k1, k2) which will produce
 matching B's.  Since there are 112 key bits (k1, k2), and we match
 64 bits each time, there should be about 112 - 64 or 48 bits of
 freedom (that is, 2^48 possibilities) to be resolved with one or
 two more known-plaintext blocks.

 We can guarantee to find the correct key pair if we try every
 possible key for k1 and also every possible key for k2; this is
 only twice the effort of a full DES key search, and we need
 only search half that, on average.  (In practice, we would do
 some k1's and then some k2's, repeated until success occurred.)

 However, we should note that this technique may require the
 intermediate storage of 2^56 results.  This would be over 2^59
 bytes of store, and this amount of storage and lookup is not
 nearly as easy or fast as the on-chip ciphering-and-compare
 solution for DES.  Still, the result is not comforting.


 A 2x2 DES construct is something like this:

             A             B
             v             v
      k1 -> DES1    k2 -> DES2
             v             v
             C             D
              Exchange Half
             E             F
             v             v
      k3 -> DES3    k4 -> DES4
             v             v
             G             H



 Meet-In-The-Middle Attack on 2x2 DES

 Suppose we first try the 2x1 approach:  With one known-plaintext
 block, we can search two keys (say k1 and k2) until a match
 is found for the center block.  Then we can validate that match
 with additional known-plaintext blocks.  (Since there is only a
 32-bit match-check and a 112-bit keyspace, there will be
 112 - 32 or 80 bits of freedom to resolve at about 32 bits per
 known-plaintext pair, so we would want to check a minimum of 3 or
 4 other known-plaintexts.  The cost of the subsequent cipherings
 and comparisons would be relatively insignificant, however.)

 We can guarantee that the two keys will be found by searching all
 possible k1 and k2.  This is only twice the normal DES keyspace,
 and we only need search half of that, on average.  And we can do
 this again for the other two keys at a similar cost.  Again, the
 attack hardware will be considerably more awkward than any simple
 search for a DES key which matches a given ciphertext value, but
 the total number of DES cipherings will be about twice the DES
 keyspace, on average.


 Nx2 DES Falls

 Similar arguments lead to the conclusion that, for any N, Nx2 DES
 must be generally comparable in strength to DES itself.  This means
 that the larger block has not helped strength much in any Nx2 DES
 system, despite the fact that every ciphertext bit is demonstrably
 a function of every plaintext bit in the large block as well as
 every bit in all the separate DES keys.  Note that the form of the
 inter-stage permutation has absolutely no effect on this attack
 or overall strength, despite the fact that a great deal has been
 written about designing S-P permutations.

 The meet-in-the-middle attack seems not to apply to Nx3 DES.


 Dictionary Attacks

 Normally we define "strength" as the *minimum* effort expected to
 "break" a cipher, when taken over *all possible attacks*.  Working
 out the extent of "all possible attacks" is a major part of the
 effort in cryptography.

 With respect to DES, most of the current attacks have considered
 the relatively-small 56-bit keyspace.  But I am also concerned
 by the relatively-small 8-byte block size.

 Consider an 8-byte block of ASCII text:  Modern data-compression
 programs typically compress such data by 60 percent.  This means
 that we typically have less than 26 bits or so of "uniqueness" in
 the various blocks.  Rigidly-formatted business documents, letters,
 or forms would be even less unique, and, thus, even more attackable.

 To the extent that a substantial amount of known-plaintext could
 be acquired (or possibly even inferred), a dictionary attack
 becomes possible.  For this reason, if a change is to be made,
 then I would like to see a block size at least four times that
 now used.  This would be a reasonable approach with a 4x3+ DES
 system, which would be comparable in throughput to a 1x3 DES
 system, but, alas, not faster.


 Conclusion

 A two-stage or Nx2 DES construction is probably not worth using.






From paul.elliott at hrnowl.lonestar.org  Fri Feb 11 04:20:28 1994
From: paul.elliott at hrnowl.lonestar.org (Paul Elliott)
Date: Fri, 11 Feb 94 04:20:28 PST
Subject: What is the CANNET/NEWBRIDGE RNG-810
Message-ID: <2d5b6b81.flight@flight.hrnowl.lonestar.org>


-----BEGIN PGP SIGNED MESSAGE-----

I have been asked by several cypherpunks what the CALNET/NEWBRIDGE
RNG-810 is. It is a board you can place in a 8 or 16 bit slot of an
80x86 computer. Each time you do an inb instruction for the board's port
address you get a random byte.

I have one in my computer, and it works. I got mine from CALNET
electronics INC. I paid $300 for it several years back. However I have
been informed that CALNET no longer sells them and they must be obtained
from NEWBRIDGE MICROSYSTEMS. See quoted message:

>From: bretth at Newbridge.COM (Brett Howard)
>To: Paul.Elliott at hrnowl.lonestar.org
>Subject: Calnet RNG-810
>
>
>Paul,
>
>The RNG-810 is now licensed to Newbridge Microsystems.  I have done some work
>        with a 1-bit hybrid version of the technology (RBG-1210) and I do
>        know a *little* bit about it.  If you have questions, you should
>        probably write to Newbridge (address at bottom) or you can email
>        me and I'll do my best!
>
>Take care,
>Brett
>
>Newbridge Microsystems
>603 March Rd.
>Kanata, Ontario
>Canada  K2K 2M5
>Tel: 1-800-267-7231
>       613-592-0714
>FAX:   613-592-1320

I have a catalog from Newbridge Microsystems, Document:90000.MD300.02,
Copyright 1992. Page 4-77 Says: "The NM 810 RNG Random Number Generator
is an implementation of the latter approach, with eight RBG 1210s in
parallel and a PC XT/AT bus interface. Random bytes are input to the
computer through an I/O  (Input/Output) port. Any data type (integer,
floating point etc.) can then be easily constructed in software by using
successive random bytes and arranging them according to the desired
internal data format."

I do not know if Newbridge still has RNG-810s to sell. Perhaps someone
will call the 800 number above and find out.

One restriction that I received in the docs with my CALNET RNG-810 is
that if you attempt to read the device too fast (less the 40u sec
between reads), the succesive bytes are not randomly independent. This
is a problem for my IO driver as you do not want to do a spin wait on a
real operating system like OS/2 and timer interrupts only occur 18.2
times per second. This causes my driver to run _MUCH_ slower than the
hardware would require.

I believe that the simple interface used by the RNG-810 is natural
enough that it is likely to be used by others who create random number
generators. And so my driver may be useful with other devices.

But I have received mail recently from someone that makes a RNG that you
attach to you serial port and runs at 9600 baud. You could probably use
your standard serial port driver with such a device.

- -- 
- ------------------------------------------------------------------------------
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott at hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVtrJ/BUQYbUhJh5AQH6UQP/TXJ5X14vUKPf1J8To5AtwQchPrgabUBT
03lN0+XbsDE6JEgJm7SDN1e3B5EqNEZGi3RMh63HMN7oYf1f7UUMGVoZJdqFNmBM
e09s37VcGsZZaZZnlXb5ogQwnjeNGkRSoldWqMcwYQWSBZJskpohHvqrhoge7MQ4
Ka9jDhGCNhg=
=ULN8
-----END PGP SIGNATURE-----





From bart at netcom.com  Fri Feb 11 05:00:28 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Fri, 11 Feb 94 05:00:28 PST
Subject: An available RNG
Message-ID: <199402111254.EAA21047@mail.netcom.com>



    I got this recently, but hesitated to post, after previously
    being told by folks on the hardware list "thats too much".
    Perhaps not, compared to the RNG-810 that Paul Elliot spoke of.

Forwarded message:
> From bierman at cc.ruu.nl Mon Feb  7 08:44:23 1994
> Date: Mon, 7 Feb 1994 17:42:36 +0100
> Message-Id: <199402071642.AA18036 at accucx.cc.ruu.nl>
> X-Sender: bierman at accucx.cc.ruu.nl
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> To: bart at netcom.com (Harry Bartholomew)
> From: bierman at cc.ruu.nl (Dick J. Bierman)
> Subject: Re: Your hardware RNG
> 
> NOW AVAILABLE (second series)/ ordering info at the end of this file/
> 
> 
> Hardware Random Number Generator
> 
> Random Number Generator
> Excerpt from the USER MANUAL
> 
> How the RNG works
> The Random Number Generator consists of two independent analogue 
> Zener diode based noise sources. Both signals are converted into random bit 
> streams, combined and subsequently transmitted in the form of bytes to the 
> RS-232 port of your computer. Special timing circuits ensure that crucial 
> logical operations occur at  moments that the device has stable signals.
> The baud rate is 9600. So the device is capable of supplying you with about 
> 960 random bytes or 7600 random bits per second
> Power is drawn from the RTS and TXD signal. (pins 4 and 2 of the D-25 
> connector). In order to work properly the RTS signal should be high (5 volts 
> or higher) and one should not send bytes to the device!
> 
> WARNING: part of the RNG is shielded. It is not recommend to open the 
> device. It is not allowed to copy or use the design of the RNG without 
> written permission of the developer, the Foundation for Fundamental 
> Research on Man and Matter (FREMM).
> 
> The testdata
> Each RNG passes a 256 run randomness test before being shipped. Each run 
> consists of 8192 samples. The unselected results of this test are included 
> with the package. If at the end of the test runs the cumulative first order 
> deviation is larger than 1.5 standard deviations the RNG is tested another 20 
> times. If it is accepted after these 20 tests this will be indicated.
> 
> How to connect the RNG to the computer
> The RNG is functionally similar to a 'crazy' modem producing random 
> information to your machine. It should be connected like any modem. In 
> some cases when the computer has a standard D-25 male connector you can 
> plug the RNG directly into that connector. In other cases (e.g.. for Apple 
> machines) you have to connect the RNG through a standard modem cable.
> 
> 
> 
> SOFTWARE supplied on the disk
> 
> DOS 
> 
> The program RTEST  (for listing see appendix) takes two arguments.
> 
> RTEST <port> <ncycles>
> 
> <port> indicates which serial port is used (either 1 or 2. (default:2)).
> <ncycles> gives the number of test runs. One test run consists of reading 
> 26500 bytes and calculating the Chi-2 and the number of bits on each one of 
> the eight positions within the byte. If more test runs are specified the 
> numbers (except the chi-2) accumulate.
> If the program is started it will display one sample from the specified port. 
> More samples can be displayed by hitting the ENTER-key.
> Continuous sampling of the test runs is started by the ESC key. The results 
> will be available for further statistical analysis in the textfile 'TEST'.
> 
> The program RAND3 takes one argument.
> 
> RAND3 <port>
> 
> This program starts in the same way as RTEST by displaying individual 
> samples after each time the ENTER key is hit. . After hitting the ESC key 
> continuous sampling starts and the bytes are displayed tin a graphical form 
> in real time. The continuous samples can be restarted by hitting the space-
> bar. Exit through the ESC key.
> 
> The software addresses the serial port directly. It is also possible to 
> implement a driver which is interrupt driven (like the software supplied for 
> the Mac).  A driver is available upon request and can also be obtained 
> electronically from the FTPsite:
> PSI_LINE.psy.uva.nl
> in directory  GUESTS/RNG/SOFTWARE/DOS
> In the near future this site will also offer PK-test programs.
> 
> Macintosh
> 
> The Macintosh software is based upon the standard serial port drivers rather 
> than on direct access of the serial ports. The bufferspace for this driver 
> should be large enough to hold incoming bytes while the driver is active and 
> no reading occurs. In cases where this is not clear one should close the 
> driver and reopen it when needed.
> In the examples the modem-port is used. In the listings it is indicated how to 
> use the printer-port. 
> 
> RNG_test
> The program rng_test will  ask for the number of test runs to perform. Each 
> test run consists of 8192 samples. The chi-2 (df=255) and the number of '1' 
> bits minus the number of '0' bits on each of the positions within the byte are 
> displayed after each run. Chance expectation is of course 0. When more runs 
> are specified the cumulative number of '1' bits  minus the cumulative 
> number of '0' bits are displayed as well as the  corresponding standard 
> deviation.
> All data are saved in the file RNGTESTDATA. Each run on a separate line 
> and the data separated by spaces. 
> 
> __________ END OF EXCERPT FROM USER MANUAL _______
> 
> ORDERING INFORMATION:
> 
> Single unit: $195, -excl shipping; add $10 shippng for the US & Asia,
> $5 for Europe
> 
> Reduction is possible for larger quantities.
> 
> 
> Send check to:
> Stichting FREMM
> Alexanderkade 1
> 1018 CH Amsterdam
> The Netherlands
> 
> Make check payable to: Stichting FREMM
> 
> or send your order by FAX to:
> 
> (+31) 20 4206075
> 
> With a signed specificiation of your mastercardnumber & expiration date.
> 
> Contact for more info:
> bierman at cc.ruu.nl
> 
> 
> _______ DJB________
> 
> 
> 





From danisch at ira.uka.de  Fri Feb 11 05:40:29 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Fri, 11 Feb 94 05:40:29 PST
Subject: No more "Nazis on the Nets"
Message-ID: <9402111332.AA11432@deathstar.iaks.ira.uka.de>


-----BEGIN PGP SIGNED MESSAGE-----

Hi everyone,

we have to stop this discussion.  

I have more than 20 mails in my mailbox, everyone
very long, serious, interesting and waiting for response.
But I can't answer them all within reasonable time, I also
have to do my regular work.

Furthermore I have a lot of mails of people asking me to
stop this discussion "between two persons". Some don't see
that it has anything to do with cryptography. 

I don't share this oppinion, because if we talk about
communication, we also have to talk about the danger and
the restriction of communication. The german right-/left-wing
as well as the american Mafia are known to use modern
computer networks, cryptographical software and methods
of system security and access control. We can not close
the eyes and just don't care about what is done with the
tools we are contructing. 

Meanwhile I can somehow understand that there has to be
any form of export restriction if people constructing
such tools have so many problems with thinking about
possible forms of bad use of their tools.

And again I got confirmed what we find so often in so 
many cases: People love to talk and form a judgement
of Germany and don't even really know what they are talking
about. This is a never-ending problem of Germany. 

In this special case of Naziism you should be aware that
they found not only germany nazi computer networks. They 
found this network to be the international connection
to other country's nazis, especially Austria, Great
Britain and USA. Two of the german politicians asked
to forbid private mailbox systems and even modems.
Of course this is stupid, but perhaps your politicians
get the same idea. When I read the clipper proposals I
think they already had such an idea.

Hadmut


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVuI3mc1jG5vDiNxAQGenwQAhruLOjvjbLuLGgnN+48gXneOtT3x0iV7
DIexTGAubZUCW8UCMy5/pOF1nGMgs5GMdZzUzy4TJGoAAsyuoLRTuVjVDqMjBIL1
9mIH/wNRxGj/55YjEWXylPM+PzSZwCerTbJs0Vo2YWwcMRbqd4a/+hb0ji6ul6iT
83Tby8FihjE=
=Uy5j
-----END PGP SIGNATURE-----





From m5 at vail.tivoli.com  Fri Feb 11 05:50:31 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Fri, 11 Feb 94 05:50:31 PST
Subject: Magic money not working bigendian
In-Reply-To: <199402110013.QAA08947@mail.netcom.com>
Message-ID: <9402111342.AA09424@vail.tivoli.com>



Robert M. Solovay writes:
 > Is there a simple way to find out if ones computer is big-endian or
 > not? [Like a simple C program that one can compile and run to settle
 > the question.]

Perhaps I can redeem myself by doing the cypherpunk thing and writing
code:

int isBigEndian()
{
	int test = 0;
	char *testP = (char *) &test;

	*testP = 0xff;

	return !(test & 0xff);
}

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From boone at psc.edu  Fri Feb 11 05:55:14 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Fri, 11 Feb 94 05:55:14 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102226.AA09203@deathstar.iaks.ira.uka.de>
Message-ID: <9402111344.AA08231@igi.psc.edu>



danisch at ira.uka.de (Hadmut Danisch)  writes:
>
> I never said this. Why do you think it is the only defense?
> Why do you all mix ideas with calls for killing people?
> Isn't it a difference whether I publish an idea or whether
> I pray killing people? Is this allowed in your country?

  In this country you are not allowed to "encite" people to commit crimes.
  So, while I can talk about how you might go about killing someone, I can't
  directly call for you to do so.  Providing information on *how* to build a
  bomb (provided it isn't classified national security-type stuff, like a
  nuclear weapon or poison gas) isn't illegal, but actually encouraging
  people to go out and do so is.

> You all seem to have a nice patent for defense against
> Nazis. Why don't you tell/sell us this patent? It could
> be very helpfull. 

  I'm sorry.  We don't have a patent on how to fight Nazism.  In fact, there
  are Neo-Nazis here in the U.S. as well.  As far as I know, the American
  Nazi party is still active and has been since 1930's.  And the Knights of
  the Ku Klux Clan have been around since the end of the American Civil War
  in 1865 or so.  

> Don't you believe that we are interested in a free press?

  Yes.  I believe that the majority of the German citizens believe in a free
  press.  I suspect that the Neo-Nazi's only believe in it while they are
  not in power -- call it a hunch.

> Don't you believe that we want to fight against Naziism?

  Absolutely!  Germany has a number of problems which it needs to overcome.
  As much as I have looked forward to the day when the two "Republics" would
  once again be one, I think that it is a very tough situation for the 
  Budesrepublic to take on.  A number of things may need to be done in order
  to stabalize the economy and reduce un-employment.  Restricting the influx
  of new immigrants may well be a reasonable policy which will help your
  great country along to it's goal.  Do not let the fact that the Nazis are
  calling for deportation prevent you from doing some hard analysis of what
  the benefits would be of a temporary (say, 10 - 15 years) of immigration.

  As we Americans are learning rapidly, it is just as important that you 
  assimilate the immigrants into the larger culture as it is that you let
  them in in the first place.  You'll find that assimilation is the *best*
  defense against the Nazis.  It's not a fool-proof mechanism, but when the
  German people think of themselves as one, regardless of where their ancestors
  came from, the Nazis will have a hard time appealing to most people.

> How do you fight against your Nazis?

  Unfortunately, in the past two or three decades, poorly.  Not only do we
  tolerate them, but by tolerating their counterparts in the "multicultural"
  wing of the New Left, we increase the appeal that the Nazis hold for the
  majority of the population... *sigh*

> What is the use of press freedom if the press doesn't use it?

  Not much.

> I'm sure you don't see much about Germany at all. Where did you get
> all those stories?

  God knows.  I recommend listening to Deutsche Welle on the shortwave if
  you want to catch some news on Germany.  

> Is this what you call press freedom?

  Nope.  And it's probably the primary reason why most people in the U.S.
  who are on this list are here.  If we didn't feel that the governments
  were actively trying to prevent us from using cryptography, we probably
  wouldn't have bothered to join.

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From m5 at vail.tivoli.com  Fri Feb 11 06:00:31 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Fri, 11 Feb 94 06:00:31 PST
Subject: Nx2 DES Found Weak
In-Reply-To: <9402110926.AA01707@cactus.org>
Message-ID: <9402111359.AA09504@vail.tivoli.com>



Terry Ritter writes:
 >                        Nx2 DES Found Weak

Isn't all of this in "Applied Cryptography"?  Seems like Outerbridge
did something very much like this "AxB" stuff, and similarly it's
described how "Nx2" is vulnerable.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From matsb at sos.sll.se  Fri Feb 11 06:10:29 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Fri, 11 Feb 94 06:10:29 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102139.AA04298@vail.tivoli.com>
Message-ID: <Pine.3.85.9402111414.A9243-0100000@cor.sos.sll.se>




On Thu, 10 Feb 1994, Mike McNally wrote:

> Actually, we don't see much about German elections; there's not enough
> airtime between the football games and TV shows.

If you are interested, try CNN (if you can find out how to decode the 
scrambled cable waves).






From boone at psc.edu  Fri Feb 11 06:17:47 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Fri, 11 Feb 94 06:17:47 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <199402102247.RAA20412@snark>
Message-ID: <9402111354.AA08434@igi.psc.edu>



"Perry E. Metzger" <pmetzger at lehman.com>  writes:
>
> 
> Hadmut Danisch says:
> > 
> > Whether *everyone* has the right to produce a newspaper and
> > whether you can print *everything* into a newspaper, are two different
> > things.
> 
> Ultimately they aren't.
> 
> > Can we allow to print everything into a newspaper? No, not
> > everything.
> 
> In the U.S., I can print everything in a newspaper. The only exception
> that has any significance is that if I print a story that deliberately
> (note the word deliberately) lies about someone with intent to cause
> them harm, they can sue me. However, the government cannot in and of
> itself intervene in the content of newspapers.

  That's simply not true, Perry.  The government *has* intervened a number
  of times.  Read Bruce Sterling's recent book -- he cites the example of
  how a magazine in th late-70's or early-80's printed John Draper's 
  schematics on how to use a blue box to rip off AT&T.  AT&T sued, and won.
  The magazine was pulled...

> Indeed, but this is in contrast to the U.S., where you are allowed to
> say anything you like.

  Nope, you're not.  You're allowed to say most things...

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From boone at psc.edu  Fri Feb 11 06:20:30 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Fri, 11 Feb 94 06:20:30 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102321.AA09323@deathstar.iaks.ira.uka.de>
Message-ID: <9402111403.AA08543@igi.psc.edu>



danisch at ira.uka.de (Hadmut Danisch)  writes:
>
> A free country is a country where weak people can be
> protected before bad people with bad ideas speaking their
> mind. If the USA was a free country, you wouldn't have
> so many murders by gun.

  There is an inherrent conflict between being "safe" and being "free."  If
  you want the ultimate safety, you have to give up your freedoms completely.
  If you want the ultimate freedom, you have to give up your saftey completely.
  Most Americans (and, I suspect, Germans) want some freedom and some safety.

  Less than 2% of the handguns produced and owned in the United States are
  used in crimes.  Perhaps we don't need two or three handguns per citizen...
  But, we ought to be able to have at least one handgun, one rifle and one
  fully automatic rifle per citizen...

> Is it an essential part of freedom to be free to attack
> everyone?

  Sure.  Otherwise, I'm not free.

  But, is the liberty to attack someone a freedom that I cherish?  Not really.
  Would I be willing to give it up for some measure of safety in return?  Of
  course!  That's why we have laws against murder, assault and rape.

> You cannot keep a country free by allowing everyone doing whatever 
> they want; this is a contradiction in terms.

  Absolutely!  The "safety" of your freedoms, depends upon the restrictions on
  your freedoms, to a point.

> It is illegal, because it is "Anstiftung zum Mord", instigation for murder.
> This has nothing to do with press.
> Do you want to tell me that this is allowed in the USA? 
> Do you want to tell me this is good?

  This is neither allowed in the U.S. or good.

> > You may have difficulty finding places willing to sell them, however.
> 
> Isn't this a kind of censorship? Is this "can publish whatever I want"?

  No.  You're free to open your own shop to sell them, or have a man standing
  on the street corner to sell them.  It's up to you.  If I own a store,
  I'm not required to carry ever publication in the U.S.  That would be an
  inane law [not that we don't already have inane laws here...]

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From rcasella at sescva.esc.edu  Fri Feb 11 06:40:32 1994
From: rcasella at sescva.esc.edu (rcasella at sescva.esc.edu)
Date: Fri, 11 Feb 94 06:40:32 PST
Subject: INFORMATION
Message-ID: <9402111430.AA15357@toad.com>


I am new on Internet and want to communicate with others.





From matsb at sos.sll.se  Fri Feb 11 06:49:54 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Fri, 11 Feb 94 06:49:54 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <199402102100.QAA20373@snark>
Message-ID: <Pine.3.85.9402111433.A9243-0100000@cor.sos.sll.se>




On Thu, 10 Feb 1994, Perry E. Metzger wrote:

> Untrue. In the U.S., I can start a newspaper without any licenses from
> the Government, and I can print anything I wish in that newspaper
> without fear of government prosecution.

That is truly amazing. Are there no laws against libel of groups such as 
ethnic or racial agitation? Can you write 'all niggers are pedophiles' 
or 'every single Catholic father of a teenage girl has proved to be 
incestuous' and get away with it?






From mpj at csn.org  Fri Feb 11 06:50:29 1994
From: mpj at csn.org (Michael Johnson)
Date: Fri, 11 Feb 94 06:50:29 PST
Subject: csn.org:/mpj/ updates
Message-ID: <199402111434.AA02097@teal.csn.org>


-----BEGIN PGP SIGNED MESSAGE-----

The following updates are available at csn.org:/mpj/ and the Colorado
Catacombs BBS (303-938-9654):

Magic Money 1.0d -- also requires PGP Tools to compile.
/mpj/I_will_not_export/crypto_???????/pgp_tools/mgmny10d.zip

PGP Tools 1.0c -- This is the PGP Tools 1.0b difference file sent to me by
Pr0duct Cipher, merged with the PGP Tools 1.0 file.  Note to Pr0duct Cipher
- -- please skip rev c, since I needed to differentiate between files before
and after merging them.
/mpj/I_will_not_export/crypto_???????/pgp_tools/pgptl10c.zip

Secure Drive 1.3a -- On-the-fly sector by sector encryption/decryption with
the IDEA cipher for MS-DOS.
/mpj/I_will_not_export/crypto_???????/secdrv/secdr13a.zip

Other files, including PGP, are available.  See /mpj/INDEX.

Note to users who want "real crypto" with no magic numbers and no clue what
program created the encrypted files -- see mpj2demo.zip.  An upgrade of this
program that is friendlier and does better variable length key expansion is
due out "soon."  The upgrade fixes the problem with keys being equivalent to
larger keys that repeat the smaller keys (i. e. abcde unlocks what was locked
with abcdeabcde).  The upgrade will also attempt to find a compromise between
ease of use and denial of header information from an adversary.  Stay
tuned...

Because of the International Traffic in Arms Regulations, you must first read
csn.org:/mpj/README.MPJ and (1) agree to the access terms therein, and (2)
note the characters to replace the ??????? in the directory names above
before you can access these files.  The crypto_??????? directory is hidden,
so it will not show up in a directory listing, but you can change to it.  The
name of the crypto_??????? directory changes at random times.  This is a
pain, but I'm open to suggestions on other ways to distribute crypto software
widely and easily within the USA without violating the law.  I think a crypto
related access control method would be really cool, but that raises some
chicken and egg issues.

See csn.org:/mpj/help for more on accessing the crypto areas.

Access to crypto areas on the Colorado Catacombs BBS is easier -- just follow
the questionaires carefully if you qualify for access.

                  ___________________________________________________________
 |\  /| |        |                                                           |
 | \/ |o|        | Michael Paul Johnson  Colorado Catacombs BBS 303-938-9654 |
 |    | | /  _   | mpj at csn.org   ftp csn.org \mpj\README.MPJ for access info.|
 |    |||/  /_\  | aka mpjohnso at nyx.cs.du.edu mikej at exabyte.com              |
 |    |||\  (    | m.p.johnson at ieee.org CIS 71331,2332    VPGP key by finger |
 |    ||| \ \_/  |___________________________________________________________|

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLVsGlD9nBjyFM+vFAQGdbAP8DcItGC54YPT1xBcgSXZuGu3bxxF7xgeR
F4N3iGUbuXP3eC2NcO/+EjJx170qP0CITaYZTTo9lRaeVptCKZkKolegjkatWTcu
WTLjIRE9T64fNieMTH2DXFtEv8pFjQn392YEnDHqBNtzKPBCxsf8qNI4V2MRQplH
JD/+aX/JasI=
=T9FO
-----END PGP SIGNATURE-----




From hughes at ah.com  Fri Feb 11 07:00:30 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 11 Feb 94 07:00:30 PST
Subject: MOO: on the virtual meeting
In-Reply-To: <199402110633.WAA11599@math.berkeley.edu>
Message-ID: <9402111447.AA11495@ah.com>


>	   Where does one get such client software for a MOO. Is there
>some standard ftp site to try? What is the name of the relevant
>software?

Try ftp://ftp.parc.xerox.com/pub/MOO/clients.  There's one called
'tinytalk' in there which seems to work.

Eric





From djw at eff.org  Fri Feb 11 07:20:29 1994
From: djw at eff.org (Daniel J. Weitzner)
Date: Fri, 11 Feb 94 07:20:29 PST
Subject: FLASH: Vice President Gore Questions Current Key Escrow Policy!
Message-ID: <199402111508.KAA01664@eff.org>


At 10:21 PM 2/10/94 -0800, John E. Kreznar wrote:

>> The Electronic Frontier Foundation is working to protect your privacy.  To
>> help stop Clipper and eliminate export controls on cryptography, support a
>> bill introduced in the House of Representatives, HR 3627.  To support the
>> bill, send email to <cantwell at eff.org>.
>
>I wish I knew how to help you wake up and smell the contradiction here.
>In one breath you acknowledge that government is an enemy of privacy,
>and in the next you encourage acting to endorse and empower that very
>government by petitioning it.
>
>Secede now!  Then your works need not be exported from US because they
>wouldn't be there to begin with!

Part of waking up and smelling the coffee is realizing that there IS a
government out there which makes and enforces laws which have an impact on
all of us.  Now I happen to believe that, on balance, it's a good thing to
have a government that is at least marginally representative.  But even if
I didn't believe that, I would believe that we should be working to change
laws that screw up our lives.




**************************************************************************
Relying on the government to protect your privacy is like asking a peeping
tom to install your window blinds.    - John Perry Barlow, EFF co-founder

The Electronic Frontier Foundation is working to protect your privacy.  To
help stop Clipper and eliminate export controls on cryptography, support a
bill introduced in the House of Representatives, HR 3627.  To support the
bill, send email to <cantwell at eff.org>.

......................................................................
Daniel J. Weitzner, Senior Staff Counsel              <djw at eff.org>
Electronic Frontier Foundation                        202-347-5400 (v) 
1001 G St, NW  Suite 950 East                         202-393-5509 (f)
Washington, DC 20001

*** Join EFF!!!  Send mail to membership at eff.org for information ***







From solovay at math.berkeley.edu  Fri Feb 11 07:30:29 1994
From: solovay at math.berkeley.edu (Robert M. Solovay)
Date: Fri, 11 Feb 94 07:30:29 PST
Subject: Meeting this Saturday
Message-ID: <199402111523.HAA16588@math.berkeley.edu>



If one can't spare the time for the whole meeting, what are the best
three hours to come?

	Thanks,
		Bob Solovay





From dmandl at lehman.com  Fri Feb 11 08:00:30 1994
From: dmandl at lehman.com (David Mandl)
Date: Fri, 11 Feb 94 08:00:30 PST
Subject: Clipper note in NY Newsday
Message-ID: <9402111550.AA00970@disvnm2.lehman.com>


The following appeared in today's New York Newsday (2/11/94):

-------------------------------------------------------------------------

Gov't Backs Away From "Clipper" Chip

The Clinton administration yesterday backed away from key elements of its
encryption standard in the wake of protests over the use of the so-called
Clipper chip.

Vice President Al Gore said he wanted the holders of the "keys" that would
allow government agencies to eavesdrop on scrambled conversations to
include private companies and the court system.

The Clipper would be used to scramble conversations over phone lines and
computer networks.  In declaring it the standard last week, the federal
government was ensuring that the Clipper will be built into every phone
and computer.

But several civil-liberties groups and some companies objected to the fact
that the chip has a "back door" that would allow law-enforcement agencies
who obtain the proper court warrants to unscramble conversations and
eavesdrop.

--Joshua Quittner and Stuart Vincenti

-------------------------------------------------------------------------





From qwerty-remailer at netcom.com  Fri Feb 11 08:30:31 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Fri, 11 Feb 94 08:30:31 PST
Subject: Magic money coins.dat files
Message-ID: <199402111622.IAA12993@mail.netcom.com>


There was an error in the earlier message describing format of the magic
money coins.dat files.  The C.ID field (my name for it) has as its low
16 bytes not the coin ID, but rather the MD5 hash of the coin ID.  This
is supposed to make it harder to create fake money, according to the earlier
discussion on cypherpunks list.





From sommerfeld at orchard.medford.ma.us  Fri Feb 11 08:40:28 1994
From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld)
Date: Fri, 11 Feb 94 08:40:28 PST
Subject: FLASH: Vice President Gore Questions Current Key Escrow Policy!
In-Reply-To: <199402102355.SAA22541@eff.org>
Message-ID: <199402111633.LAA00238@orchard.medford.ma.us>


Frankly, it looks to me like the gov't is playing "good cop, bad cop",
with Gore being the "Good Cop" and anonymous faceless bureaucrats
being the "bad cop".

I hope nobody falls for this...

						- Bill






From sameer at soda.berkeley.edu  Fri Feb 11 09:20:29 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Fri, 11 Feb 94 09:20:29 PST
Subject: A ride from Berkeley/SF to the meeting tomorrow?
Message-ID: <m0pV1RI-00010YC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

	Would anyone near where I am (Berkeley) like to give me a ride
to + from the cypherpunks meeting at Cygnus tomorrow?

	I can cover gas, etc.

Thanks,
	Sameer


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVu81Xi7eNFdXppdAQF76QP8D1UTMj+5FdYFtHrHPnmE3cEHNFhxaJn8
YDzkz+rR6hUk9MKQYD0PtmrLLyhJXECdINTGg/ABozCGKiwBtDSIo4UcOCcSPGPO
2fVebsBQHIvszDE1hDL28FGifOtZWrMGYTY878+eaDfUp7BPf9mDBaSk85keDvio
y5RaciI0iPE=
=aUgg
-----END PGP SIGNATURE-----




From sameer at soda.berkeley.edu  Fri Feb 11 09:22:33 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Fri, 11 Feb 94 09:22:33 PST
Subject: A ride from Berkeley/SF to the meeting tomorrow?
Message-ID: <m0pV1TZ-00010YC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Sameer spake:
> 
> 	Would anyone near where I am (Berkeley) like to give me a ride
> to + from the cypherpunks meeting at Cygnus tomorrow?
> 
> 	I can cover gas, etc.
> 
> Thanks,
> 	Sameer
> 


	Oops. Sorry 'bout that. Please page me @ 510-321-1014.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVu9Yni7eNFdXppdAQGiMwP/f8QrLqlwVgiqFHoV+BkaUxwp1cQpXAP7
CIU99wWhBNzumNN3EGSdgjBu2bTybB2yI5qbTMpxGPsOS983WvIEUW8biu94oR8t
O9W4YFq1ND0t/keNGYdfygIkG0kRk6Nh3NUxkXn4jFKUzjfpEAqWpkc8E+z69qFO
VKm+Uu0gY7U=
=aLcG
-----END PGP SIGNATURE-----




From tcmay at netcom.com  Fri Feb 11 10:00:31 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 11 Feb 94 10:00:31 PST
Subject: Meeting this Saturday
In-Reply-To: <199402111523.HAA16588@math.berkeley.edu>
Message-ID: <199402111752.JAA15490@mail.netcom.com>


In case others have the same question, I'll give my opinion
publically:

> 
> If one can't spare the time for the whole meeting, what are the best
> three hours to come?
> 
> 	Thanks,
> 		Bob Solovay

Cypherpunks meetings officially start at noon and last 'til
"whenever," which is usually about 5 p.m. But things often don't get
rolling until around 12:30 or so, and may end around 4:30 on a "light"
day.

Since missing the first part of the meeting can be bad (announcements,
hot topics, etc.), I'd recommend getting to _any_ meeting at the
starting time, or just a bit late, and then staying as long as its
interesting to one. 

The "best three hours" are probably noon-3. Your mileage may vary, as
they say.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From rubin at citi.umich.edu  Fri Feb 11 10:30:33 1994
From: rubin at citi.umich.edu (Aviel David Rubin)
Date: Fri, 11 Feb 94 10:30:33 PST
Subject: Nx2 DES Found Weak
Message-ID: <9402111823.AA18890@toad.com>


How is this different from a birthday attack?





From arthurc at crl.com  Fri Feb 11 10:36:03 1994
From: arthurc at crl.com (Arthur Chandler)
Date: Fri, 11 Feb 94 10:36:03 PST
Subject: MOO: on the virtual meeting
In-Reply-To: <9402111447.AA11495@ah.com>
Message-ID: <Pine.3.87.9402110918.A27590-0100000@crl.crl.com>



  Thanks to all who came to the virtual meeting.  I was very pleased with 
the whole affair -- lots of good discussion, and not as much pandemonium 
in the large meeting hall as I had feared.  The big meeting worked well 
enough to warrant another attempt, as long as it is facilitated  by 
someone deft and polite at the controls, as Teknotroll was last 
Wednesday.  But I feel that smaller  groups -- 2-10 -- work better. 
Perhaps, as Robert Hayden suggests, a sequence of time-certain meetings 
on different topics would be one way to go.
  I also want to thank the folks for their constructive suggestions. As 
several people pointed out, MOOing is a much better experience with 
clients.  The good news is that, once anyone compiles a client on a site, 
he/she can put it in the public bin, and anyone else can use it by setting 
the proper path in the their .login file. 
  Anyone who likes can write to blast at crl.com for a permanent character 
at BayMOO.  
  I hope we can stage another such gathering at BayMOO. It would be worth 
a collective mull to consider whether a MOO is a robust enough 
environment for digital cash and other financial transactions.








From nye at voglnp.pnl.gov  Fri Feb 11 10:50:35 1994
From: nye at voglnp.pnl.gov (nye at voglnp.pnl.gov)
Date: Fri, 11 Feb 94 10:50:35 PST
Subject: yet another reason to trust Clipper
Message-ID: <9402111839.AA11608@voglnp.pnl.gov>



Quotes from Chief U.S. Magistrate Judge John T. Maughmer regarding FBI
wiretaps in a case against now deceased Kansas City financier Frank Morgan:

  "...disturbing pattern of material misstatements, overstatements,
  and omissions"  in the government affidavit seeking court permission
  to wiretap Frank Morgan's office.

  "The conduct of the FBI...rises to such a level of recklessness as to
  mandate suppression" of the evidence obtained through the wiretap.

The judge's comments were included in the 9 Feb 1994 Kansas City Star.






From qwerty-remailer at netcom.com  Fri Feb 11 11:10:38 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Fri, 11 Feb 94 11:10:38 PST
Subject: Bug in Magic Money minting found
Message-ID: <199402111904.LAA05874@mail.netcom.com>


Here is code from near the end of mms_mint in s.c:

free(pc);
pgp_fix_mpi(&c->c);
f=fifo_file_create(fp);
fifo_put(MM_REGCOIN,f);
fifo_aput(pc->coinid,16,f);

pc is being freed but then used four lines later.  This is why the
coinid field was being corrupted in the output coins.dat file.  The
fix is to move the free to after the fifo_aput.





From banisar at washofc.cpsr.org  Fri Feb 11 11:15:46 1994
From: banisar at washofc.cpsr.org (Dave Banisar)
Date: Fri, 11 Feb 94 11:15:46 PST
Subject: CPSR Alert 3.03
Message-ID: <00541.2843819450.3229@washofc.cpsr.org>


  CPSR Alert 3.03
  ==============================================================
  
     @@@@  @@@@   @@@   @@@@        @    @     @@@@  @@@@ @@@@@@
     @     @  @  @      @  @       @ @   @     @     @  @    @
     @     @@@     @    @@@       @@@@@  @     @@@   @@@     @
     @     @        @   @  @      @   @  @     @     @  @    @
     @@@@  @     @@@    @   @     @   @  @@@@  @@@@  @   @   @
  
   =============================================================
   Volume  3.03                                February 11, 1994
   -------------------------------------------------------------
  
                           Published by
           Computer Professionals for Social Responsibility
                         Washington Office
                     (Alert at washofc.cpsr.org)
  
    -------------------------------------------------------------
  
Contents
  
    [1] CPSR Launches Clipper Campaign
    [2] Sign the Clipper Petition!
    [3] Clipper FAQ
    [4] EPIC to Provide Clipper Analysis
    [5] CPSR Needs Your Support!
    [6] RFD for CPSR Newsgroups
    [7] New Files at the CPSR Internet Library
    [8] Upcoming Conferences and Events
  
   -------------------------------------------------------------
  
[1] CPSR Launches Clipper Campaign

The electronic petition begun by CPSR to oppose Clipper has generated 
more than 8,500 responses in less than 10 days. The number is increasing 
at a faster rate than occurred with the successful 1990 campaign to stop 
Lotus Marketplace.

Details of the petition follow.  If you have already signed on, ask your 
friends and colleagues to sign.  Call up your parents.  Tell them to get 
an email account and then to sign the petition.  Check your rolodex.  
Call old friends. Send email to former business partners, lovers, etc.

In your very next email message, ask the person you are writing to if he 
or she has signed the CPSR Clipper petition.

The number of people who have opposed Clipper already far exceeds the 
number of lawful wiretaps conducted by all government officials last 
year.

Other upcoming milestones:

   10,000  Current government orders for Clipper chip (est.)
   12,000  Number of computer networks connected to the Internet
   15,000  Estimated number of total lawful wiretaps, 1968-1994
   70,000  Anticipated number of Clipper purchases this year
 
More details on the petition follow.

   -------------------------------------------------------------
  
[2] Sign the Clipper Petition!

                Electronic Petition to Oppose Clipper  
                      *Please Distribute Widely*

On January 24, many of the nation's leading experts in cryptography and 
computer security wrote President Clinton and asked him to withdraw the 
Clipper proposal.
  
The public response to the letter has been extremely favorable, 
including coverage in the New York Times and numerous computer and 
security trade magazines.

Many people have expressed interest in adding their names to the letter.  
In  response to these requests, CPSR is organizing an Internet petition 
drive to oppose the Clipper proposal.  We will deliver the signed 
petition to the White House, complete with the names of all the people 
who oppose Clipper.

To sign on to the letter, send a message to:

     Clipper.petition at cpsr.org

with the message "I oppose Clipper" (no quotes)

You will receive a return message confirming your vote.

Please distribute this announcement so that others may also express 
their opposition to the Clipper proposal.


===========================================================

The President 
The White House 
Washington, DC  20500

Dear Mr. President:

     "We are writing to you regarding the "Clipper" escrowed encryption 
proposal now under consideration by the White House.  We wish to express 
our concern about this plan and similar technical standards that may be 
proposed for the nation's communications infrastructure.

     "The current proposal was developed in secret by federal agencies 
primarily concerned about electronic surveillance, not privacy 
protection.  Critical aspects of the plan remain classified and thus 
beyond public review.

     "The private sector and the public have expressed nearly unanimous 
opposition to Clipper.  In the formal request for comments conducted by 
the Department of Commerce last year, less than a handful of respondents 
supported the plan.  Several hundred opposed it.

     "If the plan goes forward, commercial firms that hope to develop 
new products will face extensive government obstacles. Cryptographers 
who wish to develop new privacy enhancing technologies will be 
discouraged.  Citizens who anticipate that the progress of technology 
will enhance personal privacy will find their expectations unfulfilled.

     "Some have proposed that Clipper be adopted on a voluntary basis 
and suggest that other technical approaches will remain viable.  The 
government, however, exerts enormous influence in the marketplace, and 
the likelihood that competing standards would survive is small.  Few in 
the user community believe that the proposal would be truly voluntary.

     "The Clipper proposal should not be adopted.  We believe that if
this proposal and the associated standards go forward, even on a 
voluntary basis, privacy protection will be diminished, innovation will 
be slowed, government accountability will be lessened, and the openness 
necessary to ensure the successful development of the nation's 
communications infrastructure will be threatened.

     "We respectfully ask the White House to withdraw the Clipper
proposal."

     -------------------------------------------------------------

[3] Clipper FAQ

The Clipper Chip: Frequently Asked Questions (FAQ)


What is the Clipper Chip?

	It is a cryptographic device purportedly intended to protect 
private communications while at the same time permitting government 
agents to obtain the "keys" upon presentation of what has been vaguely 
characterized as "legal authorization."  The "keys" would be held by two 
government "escrow agents" and would enable the government to access the 
encrypted private communication.  While Clipper would be used to encrypt 
voice transmissions, a similar device known as Capstone would be used to 
encrypt data.

Who developed the underlying technology?

	The cryptographic algorithm, known as Skipjack, was developed by 
the National Security Agency (NSA), a super-secret military intelligence 
agency responsible for intercepting foreign government communications 
and breaking the codes that protect such transmissions.  In 1987, 
Congress passed the Computer Security Act, a law intended to limit NSA's 
role in developing standards for the civilian communications system.  In 
spite of that legislation, the agency has played a leading role in the 
Clipper initiative and other civilian security proposals.  NSA has 
classified the Skipjack algorithm on national security grounds, thus 
precluding independent evaluation of the system's strength.  CPSR has 
filed suit under the Freedom of Information Act seeking the disclosure 
of the secret algorithm and other information concerning the Clipper 
plan.

What is the government's rationale for Clipper?

	The key-escrow system was developed at the urging of the FBI and 
other law enforcement agencies, which claim that the increasing 
availability of strong encryption programs will interfere with their 
ability to conduct wiretapping.  No evidence in support of these claims 
has been released -- in fact, FBI documents obtained through litigation 
by CPSR indicate that no such difficulties have been reported by FBI 
field offices or other federal law enforcement agencies.

How important is wiretapping to law enforcement agencies?

	Electronic surveillance is just one of many investigative 
techniques available to law enforcement.  In fact, it is not a widely 
used technique -- in 1992, fewer than 900 wiretap warrants were issued 
to state and federal law enforcement agencies.  It is to protect the 
viability of that small number of wiretaps from an unsubstantiated risk 
that the FBI and NSA have proposed to compromise the security of 
billions of electronic transactions.

What is the current status of the Clipper plan?

	On February 4, the Administration announced the formal adoption of 
the "Escrowed Encryption Standard," which is the technical specification 
for the Clipper system.  This action means that Clipper will become the 
encryption standard within the government -- all cryptographic products 
for government use must comply with the standard (i.e., contain the key-
escrow mechanism) and all individuals and businesses wishing to transmit 
secure communications to government agencies will eventually be obliged 
to use the NSA-developed technology.

Will the Clipper standard become mandatory?

	The Administration maintains that Clipper will be a "voluntary" 
standard outside of the government, but many industry observers question 
the reality of this claim.  The government exerts enormous pressure in 
the marketplace, and it is unlikely that alternative means of encryption 
will remain viable.  Further, the possibility of Clipper becoming 
mandatory at some time in the future is quite real given the underlying 
rationale for the system.  If criminals do, indeed, intend to use 
encryption to evade electronic surveillance, they are unlikely to 
voluntarily use the Clipper technology.

What can I do to oppose Clipper?

	Sign the electronic petition against the Clipper plan that is 
being organized by CPSR.  Stay informed of relevant developments by 
reading the CPSR Alert and other periodic announcements.  And consider 
lending your financial support to CPSR's campaign to protect the privacy 
of electronic communications.


       -------------------------------------------------------------


[4]  EPIC to Provide Clipper Analysis

The Electronic Privacy Information Center (EPIC) will be providing 
policy information on the Clipper proposal. EPIC is a joint project of 
CPSR and the Fund for Constitutional Government, a national civil 
liberties organization.

EPIC releases will soon be available to CPSR members through the CPSR 
Announce list.

  -------------------------------------------------------------

[5] CPSR Needs Your Support!
  
 If you have signed the CPSR petition, and would like to do more to help 
stop Clipper, please consider sending a cash contribution to CPSR.

What do we do with the money?  Pay staff salaries, telephone bills, 
rent, printing costs.  The basics.

Why support CPSR?  Because we have a good reputation for our work on 
privacy and cryptography, and because  our efforts on Clipper are 
already having an impact.

We know it's a little scurrilous to ask for money on the network.  We 
don't do this very often.  The good news is that an anonymous donor has 
agreed to make a matching grant of $10,000 to support CPSR's Clipper 
campaign.  

That means that if you contribute $50 we receive $100. If you 
contribute $100 we receive $200 and so on.

Please take a moment to write a check and send it to "CPSR, P.O. Box 
717, Palo Alto, CA 94302."  Write "Clipper" on the check.

Thanks in advance.  We appreciate your help.

       -------------------------------------------------------------
  
[6] Call for Discussion on CPSR Newsgroups
  
CPSR has submitted a Request for Discussion (RFD) to create two
new USENET newsgroups: comp.org.cpsr.news and comp.org.cpsr.talk.
  
Comp.org.cpsr.news will be a reflection of the cpsr-announce mailing 
list.  It will be moderated and only carry 1-2 messages per week 
including the CPSR Alert and other official CPSR releases, and 
announcements of relevant conferences.
  
Comp.org.cpsr.talk will be an unmoderated discussion group.  Topics
will include privacy, the NII, working in the computer industry, and 
other areas of interest to CPSR members.
 
Formal discussion on the newsgroups is taking place in news.groups. If 
you have any substantive comments, you may post them there or by e-mail 
to either news-groups at cs.utexas.edu or  
news.groups.usenet at decwrl.dec.com.  If you just wish to express support 
for the new groups, please hold off until the voting begins in about one 
month.
  
     -------------------------------------------------------------
  
[7] New Files at the CPSR Internet Library

The CPSR Internet Library is currently undergoing renovation to make it 
easier to use.  File names are being revised, folders are being moved, 
and a better Gopher front-end is being designed.  We apologize for any 
inconvenience in finding files.

All Feb 4 White House releases on Clipper are available at 
/cpsr/privacy/crypto/clipper

An analysis of US cryptography policy by Professor Lance Hoffman 
commissioned by NIST /cpsr/privacy/crypto/hoffman_crypto_policy_1994

The 1994 US State Department Human Rights Guide. 7.7 megs of files 
describing the situation of civil and political rights in every country 
in the world except the US.
/cpsr/privacy/privacy_international/country_reports/1994_state_dept_guid
e_human_rights

1993 GAO Report on misuse of the FBI's National Crime Information Center 
is also available.

The CPSR Internet Library is a free service available via 
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr.  Materials from Privacy 
International, the Taxpayers Assets Project and the Cypherpunks are also 
archived.  For more information, contact ftp-admin at cpsr.org.
  
   ----------------------------------------------------------------
  
[7] Upcoming Conferences and Events

"Highways and Toll Roads: Electronic Access in the 21st Century" Panel
Discussion. 1994 AAAS Annual Meeting. San Francisco, CA. Feb. 21, 1994
2:30 - 5:30pm. Sponsored by the Association for Computing Machinery
(ACM). Contact: Barbara Simons (simons at vnet.ibm.com).

"Computers, Freedom and Privacy 94." Chicago, Il. March 23-26.
Sponsored by ACM and The John Marshall Law School. Contact: George
Trubow, 312-987-1445 (CFP94 at jmls.edu).

Directions and Implications of Advanced Computing (DIAC)-94 "Developing
an Effective, Equitable, and Enlightened  Information Infrastructure."
Cambridge, MA. April 23 - 24, 1994. Sponsored by CPSR. Contact:
cwhitcomb at bentley.edu or doug.schuler at cpsr.org.

Computer-Human Interaction 94. Boston, Mass. April 24-28. Sponsored by
ACM. Contact: 214-590-8616 or 410-269-6801, chi94office.chi at xerox.com

"Navigating the Networks." 1994 Mid-Year Meeting, American Society for
Information Science. Portland, Oregon. May 22 - 25, 1994. Contact:
rhill at cni.org

Rural Datafication II: "Meeting the Challenge of Providing Ubiquitous
Access to the Internet" Minneapolis, Minnesota. May 23-24, 1994.
Sponsored by CICNet & NSF. Contact: ruraldata-info-request at cic.net.
Send name, mailing address and e-mail address.

"Information: Society, Superhighway or Gridlock?" Computing for the
Social Sciences 1994 Conference (CSS94). University of Maryland at
College Park. June 1-3, 1994. Contact: Dr. Charles Wellford
301-405-4699, fax 301-405-4733, e-mail: cwellford at bss2.umd.edu.
Abstracts for papers due March 1. Contact William Sims Bainbridge
(wbainbri at nsf.gov).

Grace Hopper Celebration of Women in Computer Science. Washington, DC
June 9-11. Contact: 415 617-3335, hopper-info at pa.dec.com

DEF CON ][ ("underground" computer culture) "Load up your laptop muffy,
we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July 22-24,
Contact: dtangent at defcon.org.

Conference on Uncertainty in AI. Seattle, WA. July 29-31. Contact:
206-936-2662, heckerma at microsoft.com.

Symposium: An Arts and Humanities Policy for the National Information
Infrastructure. Boston, Mass. October 14-16, 1994. Sponsored by the
Center for Art Research in Boston. Contact: Jay Jaroslav
(jaroslav at artdata.win.net).

Third Biannual Conference on Participatory Design, Chapel Hill, North
Carolina, October 27-28, 1994. Sponsored by CPSR. Contact:
trigg at parc.xerox.com. Submissions due April 15, 1994.
  
      (Send calendar submissions to Alert at washofc.cpsr.org)
  
=====================================================================


To subscribe to the Alert, send the message:

"subscribe cpsr-announce <your name>" (without quotes or brackets) to
listserv at cpsr.org.  Back issues of the Alert are available at the
CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert

Computer Professionals for Social Responsibility is a national,
non-partisan, public-interest organization dedicated to understanding
and directing the impact of computers on society.  Founded in 1981, CPSR
has 2000 members from all over the world and 22 chapters across the
country.  Our National Advisory Board includes a Nobel laureate and
three winners of the Turing Award, the highest honor in computer
science.  Membership is open to everyone.

For more information, please contact: cpsr at cpsr.org or visit the CPSR
discussion conferences on The Well (well.sf.ca.us) or Mindvox
(phantom.com).

=====================================================================

  
CPSR MEMBERSHIP FORM

Name ______________________________________________________________

Address ___________________________________________________________

___________________________________________________________________

City/State/Zip ____________________________________________________

Home phone  _____________________  Work phone _____________________

Company ___________________________________________________________

Type of work ______________________________________________________

E-mail address ____________________________________________________
  
CPSR Chapter
      __ Acadiana       __ Austin       __ Berkeley
      __ Boston         __ Chicago      __ Denver/Boulder
      __ Los Angeles    __ Madison      __ Maine
      __ Milwaukee      __ Minnesota    __ New Haven
      __ New York       __ Palo Alto    __ Philadelphia
      __ Pittsburgh     __ Portland     __ San Diego
      __ Santa Cruz     __ Seattle      __ Washington, DC
      __ Virtual Chapter (worldwide)    __ No chapter in my area
      __ Loyola/New Orleans (Just started!) 
   
CPSR Membership Categories
  
 __  $  75  REGULAR MEMBER              __  $  50  Basic member
 __  $ 200  Supporting member           __  $ 500  Sponsoring member
 __  $1000  Lifetime member             __  $  50  Foreign subscriber
 __  $  20  Student/low income members
 __  $  50  Library/institutional subscriber
  
   Additional tax-deductible contribution to support CPSR projects:
  
           __  $50     __  $75      __  $100    __  $250
           __  $500    __  $1000    __  Other
  
       Total Enclosed:  $ ________
  
         Make check out to CPSR and mail to:
               CPSR
               P.O. Box 717
               Palo Alto, CA  94301
  
 ------------------------ END CPSR Alert 3.03 -----------------------
  







From K12OCEZB at vaxc.hofstra.edu  Fri Feb 11 11:20:39 1994
From: K12OCEZB at vaxc.hofstra.edu (K12OCEZB at vaxc.hofstra.edu)
Date: Fri, 11 Feb 94 11:20:39 PST
Subject: No Subject
Message-ID: <01H8RGAURHW295MSMV@vaxc.hofstra.edu>


UNSUBSCRIBE �





From tcmay at netcom.com  Fri Feb 11 11:40:38 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 11 Feb 94 11:40:38 PST
Subject: List of forbidden mathematics?
Message-ID: <199402111940.LAA01150@mail.netcom.com>



Do any of you have a current list of banned mathematics topics handy?
I was reading a number theory book (Rosen) and got worried that I
might be stumbling into some of the areas forbidden to private
citizens.

I have e-mail in to Professor Denning, author of the Index, for
guidance on what mathematics is and is not allowed, but she has not
yet responded.

Meanwhile, until I hear from her or get a special waiver, I've put the
book away. I'm hoping that Rosen's introductory text is not treated as
"crypto paraphernalia," even though it's sold over the counter at
Computer Literacy, Stacey's, and other such "head shops."

--Tim, getting more worried after the arrests at Amateur Crypto BBS,
where the owners received an unsolicited data packet from Tennessee
and were then prompty arrested by the Data Police

--
..........................................................................
Timothy C. May          | Crypto Anarchy: encryption, digital money, 
tcmay at netcom.com        |anonymous networks, digital pseudonyms, zero 
408-688-5409            | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA   | black markets, collapse of governments.  
Higher Power:2**859433  | Public Key: PGP and MailSafe available.




From wex at media.mit.edu  Fri Feb 11 12:20:38 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Fri, 11 Feb 94 12:20:38 PST
Subject: MOO: on the virtual meeting
In-Reply-To: <Pine.3.87.9402110918.A27590-0100000@crl.crl.com>
Message-ID: <9402112013.AA27577@media.mit.edu>


The following is mud.el, my favorite client for MOO-ing; it runs the MUD
link as a separate Emacs buffer, with all the Emacs functionality available.
Very nice.

One caveat: because you're in an emacs buffer and not a VT-100-type window,
some people's special graphics won't work because they depend on being able
to control the cursor in ways that Emacs doesn't like.

;;; Major Mode for talking to MUDs
;;; by James Aspnes (asp at cs.cmu.edu) and Stewart Clamen (clamen at cs.cmu.edu)
;;; and Pavel Curtis (pavel at parc.xerox.com)
;;; 1989, 1990, 1991
;;;
;;; MODIFICATION HISTORY
;;; 
;;; May/June 1990 - Generalized to handle SMUG and LPMUD
;;; 
;;; January  1991 - Added Pavel Curtis' MOO support and assorted bug fixes, 
;;;                 also changed process-status call to run under 18.56.
;;;
;;; February 1991 - Added input-history browsing support (M-p/M-n);
;;;                   commands for sending the latest item on the kill
;;;                   ring (C-c C-y), optionally with each line bracketed by a
;;;                   given prefix and suffix (C-u C-c C-y); and a command to
;;;                   clear the current input line (C-c C-u).
;;;                 Added support for adding/overriding server definitions
;;;                   and the default server in one's .mud file.
;;;                 Fixed some bugs.
;;;                 Added support for people who prefer that the type-in
;;;                   point for a MUD buffer stay glued to the bottom of the
;;;                   window (see the 'mud-use-entire-window' option).
;;; December 92 - Jim Davis - added mud-pages-beep, added moo-code mods
;;;
;;;


;; This is the default set of 'server' lines in MUD entry files (e.g., ~/.mud)
(defconst mud-default-servers
  '(

;;;
;;; SERVER NAME		MUD	SITE				PORT
;;;
    ;; On Brigadoon days
    ("TinyMUD Classic"	TinyMUD	"fuzine.mt.cs.cmu.edu"		2323)
    ("fuzine"		TinyMUD	"fuzine.mt.cs.cmu.edu"		4201)
    ("TinyHELL" 	TinyMUD	"uokmax.ecn.uoknor.edu"		6250)

    ("AmosMUD"		TinyMUD	"amos.ucsd.edu" 		4201)
    ("Atlantis"		TinyMUD	"nyquist.bellcore.com"		4201)
    ("Auroris" 		TinyMUD	"quiche.cs.mcgill.ca"		4200)
    ("CITMUD" 		TinyMUD	"chrome.caltech.edu"		4201)
    ("ClubMUD"		TinyMUD "milton.u.washington.edu"	1984)
    ("Dragon MUD" 	TinyMUD	"naucse.cse.nau.edu"		4201)
    ("Eden"		TinyMUD "unicorn.cc.wwu.edu"		4201)
    ("EVILMud" 		TinyMUD "FIDO.ECON.arizona.edu"	        4201)
;   ("EVILMud" 		TinyMUD "convx1.ccit.arizona.edu"	4201)
    ("FantaMUD"		TinyMUD "sage.cc.purdue.edu"		5950)
    ("FurryMUCK"	TinyMUD "hobbes.catt.ncsu.edu"		4242)
    ("GenericMUD"	TinyMUD "apex.yorku.ca"			4201)
    ("Islandia" 	TinyMUD	"planck.physics.purdue.edu"	2323)
    ("MoonMUD" 		TinyMUD	"granite.cs.rochester.edu"	4201)
    ("MumbleMUD" 	TinyMUD	"berlin.rtp.dg.com"		4201)
    ("PoohMUD" 		TinyMUD	"eeyore.caltech.edu"		4201)
    ("QuartzPARADISE"   TinyMUD "quartz.rutgers.edu"		9999)
    ("StoMUD" 		TinyMUD	"dagon.acc.stolaf.edu"		8888)
    ("SunMUD"		TinyMUD "einstein.mpccl.ksu.edu"	4201)
    ("TinyCWRU"		TinyMUD	"solarium.scl.cwru.edu.edu"	4201)
    ("TinyHOLLAND" 	TinyMUD	"fysae.fys.ruu.nl"		4201)
    ("TinyHORNS" 	TinyMUD	"bashful.cc.utexas.edu"		4201)
    ("TinyMUD"	 	TinyMUD	"planck.physics.purdue.edu"	2323)
    ("TinyMush"		TinyMUD	"sigh.berkeley.edu"		4201)
    ("TinySWAT" 	TinyMUD	"masada.cs.swarthmore.edu"	4201)
    ("TinyTIM" 		TinyMUD	"grape.ecs.clarkson.edu"	6250)
    ("TinyUSC" 		TinyMUD	"coyote.usc.edu"		4201)
    ("Tinywonk"		TinyMUD "ux.acs.umn.edu"		4200)
    ("TinyWORLD"	TinyMUD "rillonia.ssc.gov"		6250)

;   ("SMUG" 		SMUG	"lancelot"			4201)

    ("Anarchy!"		TinyMUCK"galjoen.cs.vu.nl"		4201)
    ("Brigadoon"	TinyMUCK"dante.cs.uiuc.edu"		4201)    
    ("Chaos!"	 	TinyMUCK"uokmax.ecn.uoknor.edu"		6250)
;   ("MbongoMUCK"	TinyMUCK"mbongo.ucsd.edu"		4201)
    ("MbongoMUCK"	TinyMUCK"watpc13.ucr.edu"		4201)
    ("Pegasus"	 	TinyMUCK"l_cae05.icaen.uiowa.edu"	2001)
    ("TigerMUCK"	TinyMUCK"Sun1.forestry.auburn.edu"	6250)
    ("TroyMUCK"		TinyMUCK"pawl24.pawl.rpi.edu"		4201)

    ("TinyMUSH"		TinyMUSH"manray.CSUFresno.edu"		4201)
    ("ToonMUSH"		TinyMUSH"uokmax.ecn.uoknor.edu"		4835)

    ("MaineMud"		LPMUD	"chevette.umcs.maine.edu"	2000)
    ("Darker Realms"	LPMUD	"worf.tamu.edu"			2000)
    ("Sanctuary"	LPMUD	"j.ms.uky.edu"			2000)
    ("Warhammer"	LPMUD	"issunbane.engrg.uwo.ca"	2112)
    ("The PIT"		LPMUD	"obie.cis.pitt.edu"		2000)
    ("Theive's World"   LPMUD   "uokmax.ecn.uoknor.edu"		2000)
    ("Avalon"		LPMUD	"el.ecn.purdue.edu"		2000)
    ("Boiling MUD"	LPMUD	"frey.nu.oz.au"			2000)
    ("Phoenix"		LPMUD	"galjas.cs.vu.nl"		2000)

    ("AlphaMOO"		MOO	"belch.berkeley.edu"		7777)
    ("LambdaMOO"	MOO	"lambda.parc.xerox.com"		8888)
    ("MediaMOO"         MOO	"purple-crayon.media.mit.edu"	8888)
    ("JaysHouseMOO"     MOO	"theory.cs.mankato.msus.edu"    1709)
    ("MichaelsMOO"      MOO	"merlin.gatech.edu"             5000)

    ;; from Jim Davis
    ("PARC"		Jupiter	"osprey.parc.xerox.com"		7777)

    ;; from net announcements -- michele
    ("DepravedMUD"      MUD     "129.22.244.249"                4000)
    ("Nightmare"        TinyMUSH "jove.cs.pdx.edu"              4201)

    ;; from other sources (recommendations) -- michele
    ("MicroMUSE"        TinyMUSH "Chezmoto.AI.MIT.Edu"           4201)

    ))


(defvar mud-default-default-server "MediaMOO"
  "Default 'default-server' name.")

(defvar muds nil "List of all defined MUD types")

(defmacro defmud (mud prompt connect-filter connect-command
		      filters command-filters sentinels
		      startup-hook page-regexp)
  (list 'progn
	(list 'defvar mud nil)
	(list 'setplist (list 'quote mud) nil)
	(list 'put (list 'quote mud) ''prompt prompt)
	(list 'put (list 'quote mud) ''connect-filter connect-filter)
	(list 'put (list 'quote mud) ''connect-command connect-command)
	(list 'put (list 'quote mud) ''filters filters)
	(list 'put (list 'quote mud) ''command-filters command-filters)
	(list 'put (list 'quote mud) ''sentinels sentinels)
	(list 'put (list 'quote mud) ''startup-hook startup-hook)
	(list 'put (list 'quote mud) ''page-regexp page-regexp)
	(list 'if (list 'not (list 'memq   (list 'quote mud) 'muds))
	      (list  'setq 'muds (list 'cons  (list 'quote mud) 'muds)))
	(list 'quote mud)))


(defun mud-prompt () (get mud 'prompt))
(defun mud-connect-filter () (get mud 'connect-filter))
(defun mud-connect-command () (get mud 'connect-command))
(defun mud-filters () (get mud 'filters))
(defun mud-sentinels () (get mud 'sentinels))
(defun mud-command-filters () (get mud 'command-filters))
(defun mud-startup-hook () (get mud 'startup-hook))
(defun mud-page-regexp () (get mud 'page-regexp))

;;; Equivalent mud types
(defmacro eqmud (mud2 mud1)
  (list 'progn
	(list
	 'setplist (list 'quote mud2) (list 'symbol-plist (list 'quote mud1)))
	(list 'if (list 'not (list 'memq   (list 'quote mud2) 'muds))
	      (list 'setq 'muds (list 'cons  (list 'quote mud2) 'muds)))))


(defmud TinyMUD
  ?>					; prompt char
  'tinymud-connect-filter
  "connect"
  'tinymud-filter-hook
  'nil
  'nil
  'tinymud-mode-hook
  "\\(You sense that [^ ]* is looking for you in \\|\\w+ pages: \\)"
 )

(eqmud TinyMUCK TinyMUD)
(eqmud TinyMUSH TinyMUD)
(eqmud TeenyMUD TinyMUD)

(defmud SMUG
  ?=
  'nil
  ""
  'smug-filter-hook
  'smug-macro-command-filter-hook
  'nil
  'smug-mode-hook
  "You sense that [^ ]* is looking for you in "
 )

(defmud LPMUD
  ?\ 					; prompt char
  nil
  ""
  nil
  nil
  nil
  'tinymud-mode-hook
  "You sense that [^ ]* is looking for you in "
 )


(defmud MOO
  ?>
  'tinymud-connect-filter
  "connect"
  'moo-filter-hook
  'nil
  'nil
  'moo-mode-hook
  "\\(You sense that [^ ]* is looking for you in \\)"
  )


(defmud Jupiter
  ?>
  'tinymud-connect-filter
  "connect"
  'jupiter-filter-hook
  'nil
  'jupiter-sentinel-hook
  'moo-mode-hook
  "\\(You sense that [^ ]* is looking for you in \\)"
  )


(defvar mud-show-page 1
  "*If non-nil, pop up MUD buffer whenever a page arrives.")

(defvar mud-pages-beep 1
  "*If non-nil, beep when a page arrives.")


(defvar mud-reconnect-regexp
  "#### Please reconnect to \\([^@]*\\)@\\([^ @]*\\) *\\(\\|([^ @]*)\\) port \\([0-9]+\\) ####.*$"
  "Regular expression for detecting reconnect signals.")

(defconst mud-new-connectionp nil
  "Flag to identify hail for new connection")

(defvar mud-accept-reconnects nil
  "*If nil, reject reconnect signals. If non-nil, accept reconnect signals 
by breaking existing connection and establishing new connection.  If an
integer, spawn <n> connections before breaking any.")

(defun mud-check-reconnect ()
  "Look for reconnect signal and open new connection if non to that
site already exists."
  (goto-char (point-min))
  (while (not (eobp))
    (if (and mud-accept-reconnects (looking-at mud-reconnect-regexp))
	(let ((mud-name (buffer-substring (match-beginning 1)
					  (match-end 1)))
	      (mud-server-addr (buffer-substring (match-beginning 2)
						 (match-end 2)))
	      (mud-server (and (not (eq (match-beginning 3)
					(match-end 3)))
			       (buffer-substring (1+ (match-beginning 3))
						 (1- (match-end 3)))))
	      (mud-port (string-to-int
			 (buffer-substring (match-beginning 4)
					   (match-end 4)))))
	  (delete-region (match-beginning 0) (match-end 0))
	  (let* ((mud-sys (assoc mud-name (mud-servers)))
		 (mud-buffer-name (concat "*" mud-name "*"))
		 (mud-buffer-process
		  (mud-find-existing-process mud-name)))

	    (cond
	     (mud-buffer-process	; Existing connection to that site...
	      (message "Connection to that site had already been established.")
	      (pop-to-buffer (process-buffer mud-buffer-process)))
	     ((not mud-server)
	      (message "GNU Emacs cannot handle nonsymbolic names.  Sorry."))
	     ((zerop mud-port)
	      (message "Illformed portal signal. Inform Builder."))
	     (t
	      (save-excursion
		(setq mud-new-connectionp mud-buffer-name)
		(open-mud mud-sys t)))))))
    (beginning-of-line 2)))


(defun mud-find-existing-process (name)
  "Find process of established Mud connection, if it exists"
  (let ((processes (process-list))
	(result nil))
    (while (and processes (not result))
      (if (string-equal (upcase (process-name (car processes)))
			(upcase name))
	  (setq result (car processes))
	(setq processes (cdr processes))))
    result))

(defvar mud-last-page-check-pos nil)

(defun mud-check-page ()
  "Look for page message, and pop-up buffer if specified."
  (if (null mud-last-page-check-pos)
    (progn
      (goto-char (point-min))
      (setq mud-last-page-check-pos (point))))
  (goto-char mud-last-page-check-pos)
  (let ((has-beeped nil))
    (while (not (eobp))
      (if (looking-at (mud-page-regexp))
	(progn
	  (if mud-show-page
	    (display-buffer (current-buffer)))
	  (if (or mud-show-page mud-pages-beep)
	    (progn
	      (if mud-pages-beep
		(if (null has-beeped)	;beep only once
		  (progn
		    (progn (ding) (ding) (ding))
		    (setq has-beeped t))))
	      (message "You are being paged in %s"
		       (buffer-name (current-buffer)))))))
      (beginning-of-line 2))
    (setq mud-last-page-check-pos (point))    )
)


(defun mud-fill-lines ()
  "Fill buffer line by line."
  (goto-char (point-min))
  (while (not (eobp))
    (let ((break (move-to-column (1+ fill-column))))
      (if (<= break fill-column)
	  (beginning-of-line 2)
	;; else fill
	(skip-chars-backward "^ \n")
	(if (bolp)
	    ;; can't fill, we lose
	    (beginning-of-line 2)
	  (delete-horizontal-space)
	  (insert ?\n))))))


(defun mud-filter (proc string)
  "Filter for input from MUD process.  Calls MUD-specific filters as well. 
Also, if recently established new connection automatically, check to see 
if number of active connections exceeded connection limit and delete 
current process if so." 
  (let ((mud-select-buffer nil))
    (save-excursion
      ;; Occasionally-useful debugging code.
      '(progn
	 (set-buffer (get-buffer-create "*MUD Packets*"))
	 (goto-char (point-max))
	 (insert "\n\n<<")
	 (insert string)
	 (insert ">>"))
      (set-buffer (process-buffer proc))
      (goto-char (marker-position (process-mark proc)))
      (let ((start (point)))
	(insert-before-markers string)
	(let ((end (point)))
	  (goto-char start)
	  (beginning-of-line nil)
	  (save-restriction
	    (narrow-to-region (point) end)
	    (while (search-forward "\^m" nil t)
	      (replace-match ""))
	    (goto-char (point-min))
	    (run-hooks (mud-filters))))))
    (if (and (= scroll-step 1)
	     (eq (current-buffer) (process-buffer proc))
	     (= (point) (point-max)))
	(recenter -1))
    (if (and mud-select-buffer
	     (eq (current-buffer) (process-buffer proc)))
	(pop-to-buffer mud-select-buffer)))
  (if mud-new-connectionp
      (progn
	(if (or			     ; Do we close current connection?
	     (not (numberp mud-accept-reconnects))
	     (let ((c mud-accept-reconnects) (l (process-list)))
	       (while l
		 (if (and (eq (process-filter (car l)) 'mud-filter)
			  (memq (process-status (car l)) '(open run)))
		     (setq c (1- c)))
		 (setq l (cdr l)))
	       (< c 0)))
	    (progn
	      (delete-process (get-buffer-process (current-buffer)))
	      (kill-buffer (current-buffer))))
	(progn
	  (pop-to-buffer mud-new-connectionp)
	  (if (> (baud-rate) search-slow-speed) (recenter))
	  (setq mud-new-connectionp nil)))))

(defun mud-sentinel (proc change)
  "Called on state changes so hooks can get run."
  (run-hooks (mud-sentinels)))

(defun mud-send ()
  "Send current line of input to a MUD."
  (interactive)
  (let ((proc (get-buffer-process (current-buffer))))
    (cond ((or (null proc)
	       (not (memq (process-status proc) '(open run))))
	   (message "Not connected--- nothing sent.")
	   (insert ?\n))
	  (t
	   ;; process exists, send line
	   (let ((start (mud-find-input)))
	     (send-region proc start (point))
	     (send-string proc "\n")
	     (mud-remember-input (buffer-substring start (point)))
	     (goto-char (point-max))
	     (insert ?\n)
	     (move-marker (process-mark proc) (point))
	     (insert (mud-prompt))
	     (if (= scroll-step 1)
		 (recenter -1))
	     )))))

(defun mud-realign-and-send ()
  (interactive)
  (recenter 0)
  (mud-send))

(defun mud-cancel-input ()
  (interactive)
  (let ((start (mud-find-input)))
    (delete-region start (point))))

(defun mud-send-kill (arg)
  (interactive "P")
  (if arg
      (call-interactively 'mud-send-kill-prefix)
    (let ((proc (get-buffer-process (current-buffer))))
      (mud-send-string (car kill-ring) proc))))

(defun mud-send-kill-prefix (prefix suffix)
  (interactive "sPrefix: \nsSuffix: ")
  (let ((buf (current-buffer))
	(temp (generate-new-buffer " *MUD temp*")))
    (save-excursion
      (set-buffer temp)
      (yank)
      (let ((proc (get-buffer-process buf))
	    (case-replace nil))
	(goto-char (point-min))
	(untabify (point-min) (point-max))
	(while (re-search-forward "^\\(.*\\)$")
	  (replace-match (concat prefix "\\1" suffix)))
	(send-region proc (point-min) (point-max))
	(send-string proc "\n")		;; Flush remaining input
	(kill-buffer temp)))))

(defun mud-quit ()
  "Quit MUD process."
  (interactive)
  (if (yes-or-no-p "Are you sure you want to quit this MUD session?")
      (delete-process (get-buffer-process (current-buffer)))))

(defconst mud nil
  "Variable representing type of MUD active in current buffer")
(make-variable-buffer-local 'mud)

(defvar mud-use-entire-window nil
  "*Try to keep the type-in point for a MUD buffer at the bottom of the window.")

(defvar mud-mode-syntax-table nil
  "Syntax table used while in MUD mode.")

(defvar mud-interactive-mode-map
  (let ((map (make-sparse-keymap)))
    (define-key map "\n" 'mud-realign-and-send)
    (define-key map "\r" 'mud-send)
    (define-key map "\^c\^c" 'mud-quit)
    (define-key map "\^c\^m" 'mud-macro-command)
    (define-key map "\^c\^u" 'mud-cancel-input)
    (define-key map "\^c\^y" 'mud-send-kill)
    (define-key map "\ep" 'mud-previous-command)
    (define-key map "\en" 'mud-next-command)
    map)
  "Keymap for MUD interactive mode.")

(defun mud-interactive-mode (mud-type)
  "Major Mode for talking to inferior MUD processes.

Commands: 
\\{mud-interactive-mode-map}
Global Variables: [default in brackets]

 mud-show-page					[nil]
    If non-nil, pop up MUD buffer whenever a page arrives.
 mud-accept-reconnects				[nil]
    If nil, reject reconnect signals. If non-nil, accept reconnect
    signals by breaking existing connection and establishing new
    connection.  If an integer, spawn that many connections before
    breaking any.
 mud-entry-file					[\"~/.mud\"]
    Pathname to location of MUD address/character/password file.
 mud-use-entire-window				[nil]
    Try to keep the type-in point for the MUD buffer at the bottom
    of the window, so as not to have a half-window of blank space.

defmud parameters:

 prompt
    Character to identify MUD command input.
 connect-filters
    Initial filter hooks (before login)
 filters
    List of hooks to call before displaying output from MUD
    process to MUD buffer.  [Default hooks support line-filling,
    page checking, and reconnect detection.]
 startup-hook
    Hook to run at startup.  Users wishing to use macros may want to
    bind it to the following in their .emacs file:

     (setq tinymud-mode-hook
           '(lambda ()
       	       (mud-load-macro-commands tinymud-macro-commands-file)))

"
  (interactive)
  (kill-all-local-variables)
  (setq mud mud-type)
  (setq mode-name (symbol-name mud-type))
  (setq major-mode 'mud-interactive-mode)
  (setq fill-column (1- (screen-width)))
  (setq indent-tabs-mode nil)
  (if (null mud-mode-syntax-table)
      (progn
	(setq mud-mode-syntax-table (make-syntax-table))
	(set-syntax-table mud-mode-syntax-table)
	(modify-syntax-entry ?_ "w")
	(modify-syntax-entry ?\[ "(]")
	(modify-syntax-entry ?\] ")["))
    (set-syntax-table mud-mode-syntax-table))
  (use-local-map (copy-keymap mud-interactive-mode-map))
  (make-local-variable 'mode-line-process)
  (let* ((s (and (concat "@" mud-server)))
	 (ss (cond ((not mud-accept-reconnects) "")
		   (t (if (> (length s) 20) (substring s 0 20) s)))))
    (setq mode-line-process (list (concat ss ":%s"))))
  (run-hooks (mud-startup-hook)))

(defun mud (&optional autoconnect)
  "Connect to MUD, asking for site to connect to.

With optional argument, look in mud-entry-file 
for name to connect with and attempt connect."
  (interactive "P")
  (let* ((choice
	  (assoc (let* ((completion-ignore-case t)
			(default (mud-default-server))
			(name (completing-read (format "Server (default %s): "
						       default)
					       (mud-servers)
					       nil t)))
		   (if (equal name "")
		       default
		     name))
		 (mud-servers)))
	 (mud-name (car choice))
	 (mud-sys (car (cdr choice)))
	 (mud-server (car (cdr (cdr choice))))
	 (mud-port (car (cdr (cdr (cdr choice))))))
    (open-mud mud-sys autoconnect)))


(defun open-mud (mud-sys autoconnect)
  (let ((index 0)
	(buf-name-root (concat "*" mud-name "*"))
	(buf-name nil))
    (while (and (get-buffer (setq buf-name
				  (if (= index 0)
				      buf-name-root
				    (format "%s<%d>" buf-name-root index))))
		(get-buffer-process buf-name)
		(process-status (get-buffer-process buf-name)))
      (setq index (+ index 1)))
  (let* ((buf (get-buffer-create buf-name))
	 (proc (open-network-stream "MUD" buf
				    mud-server mud-port)))
    ;; Despite how it looks, the following line ensures that Emacs *not*
    ;; kill our network connection on exit without asking us first.
;    (process-kill-without-query proc t)
    (if autoconnect
	(let ((entry (mud-login-for-server mud-name))
	      (filter (or (mud-connect-filter)
			  'mud-filter)))
	  (set-process-filter proc filter)
	  (mud-send-string
	   (mapconcat '(lambda (x) x) 
		      (cons
		       (let ((mud mud-sys)) (mud-connect-command))
		       entry)
		      " ")
	   proc)))
    (set-process-filter proc 'mud-filter)	    
    (set-process-sentinel proc 'mud-sentinel)
    (switch-to-buffer buf)
    (newline)
    (goto-char (point-max))
    (set-marker (process-mark proc) (point))
    (mud-interactive-mode mud-sys)
    (insert (mud-prompt))
    (cond (mud-use-entire-window
	   (make-local-variable 'scroll-step)
	   (setq scroll-step 1))
	  (t
	   (recenter '(4))))
    (mud-initialize-input-history))))
			   
;;; Input History Maintenance

(defun mud-make-history (size)
  ;; (head tail . vector)
  ;; head is the index of the most recent item in the history.
  ;; tail is the index one past the oldest item
  ;; if head == tail, the history is empty
  ;; all index arithmetic is mod the size of the vector
  (cons 0 (cons 0 (make-vector (+ size 1) nil))))

(defun mud-decr-mod (n m)
  (if (= n 0)
      (1- m)
    (1- n)))

(defun mud-history-insert (history element)
  (let* ((head (car history))
	 (tail (car (cdr history)))
	 (vec (cdr (cdr history)))
	 (size (length vec))
	 (new-head (mud-decr-mod head size)))
    (aset vec new-head element)
    (setcar history new-head)
    (if (= new-head tail)  ; history is full, so forget oldest element
	(setcar (cdr history) (mud-decr-mod tail size)))))

(defun mud-history-empty-p (history)
  (= (car history) (car (cdr history))))

(defun mud-history-ref (history index)
  (let* ((head (car history))
	 (tail (car (cdr history)))
	 (vec (cdr (cdr history)))
	 (size (if (<= head tail)
		   (- tail head)
		 (+ tail (- (length vec) head)))))
    (if (= size 0)
	(error "Ref of an empty history")
      (let ((i (% index size)))
	(if (< i 0)
	    (setq i (+ i size)))
	(aref vec (% (+ head i) (length vec)))))))

(defvar mud-input-history-size 20
  "The number of past input commands remembered for possible reuse")

(defvar mud-input-history nil)

(defvar mud-input-index 0)

(defun mud-initialize-input-history ()
  (make-local-variable 'mud-input-history)
  (make-local-variable 'mud-input-index)
  (setq mud-input-history (mud-make-history mud-input-history-size))
  (setq mud-input-index 0))

(defun mud-remember-input (string)
  (mud-history-insert mud-input-history string))

(defun mud-previous-command ()
  (interactive)
  (mud-browse-input-history 1))

(defun mud-next-command ()
  (interactive)
  (mud-browse-input-history -1))

(defun mud-browse-input-history (delta)
  (cond ((mud-history-empty-p mud-input-history)
	 (error "You haven't typed any commands yet!"))
	((eq last-command 'mud-browse-input-history)
	 (setq mud-input-index (+ mud-input-index delta)))
	(t
	 (setq mud-input-index 0)))
  (setq this-command 'mud-browse-input-history)
  (let ((start (mud-find-input)))
    (delete-region start (point))
    (insert (mud-history-ref mud-input-history mud-input-index))))

(defun mud-find-input ()
  (beginning-of-line 1)
  (let* ((proc (get-buffer-process (current-buffer)))
	 (start (max (process-mark proc) (point))))
    (if (equal (char-after start) (mud-prompt))
	(setq start (1+ start)))
    (goto-char start)
    (end-of-line 1)
    start))

;;; Macro Commands

(defvar mud-current-process nil "Current MUD process")
(defvar mud-current-macro-commands-alist nil "Current MUD macro command alist")

(defvar mud-macro-commands-alist (list (cons "nil" ""))
  "*Alist of macros (keyed by strings)")
(make-variable-buffer-local 'mud-macro-commands-alist)


(defvar mud-macro-expansion-mode-map
  (let ((map (make-sparse-keymap)))
    (define-key map "\^c\^c" 'mud-macro-send-and-destroy)
    (define-key map "\^c\^s" 'mud-macro-send)
    (define-key map "\^c\^]" 'mud-macro-abort)
    (define-key map "\^c\^d" 'mud-macro-define)
    map)
  "Keymap for mud-macro-expansion-mode.")

(defun mud-macro-expansion-mode ()
  "Major Mode for mucking with MUD macro expansion.
Commands:
\\{mud-macro-expansion-mode-map}
"
  (interactive)
  (kill-all-local-variables)
  (setq mode-name "MUD-Macro-Expansion")
  (setq major-mode 'mud-macro-expansion-mode)
  (setq indent-tabs-mode nil)
  (set-syntax-table mud-mode-syntax-table)
  (use-local-map mud-macro-expansion-mode-map)
  (make-local-variable 'mud-expansion-macro-name)
  (message "Use ^C^S to send, ^C^C to send and destroy, ^C^] to abort..."))

(defun mud-macro-define (name)
  "Define buffer as mud-macro."
  (interactive (list (completing-read "MUD Macro: "
				      mud-current-macro-commands-alist
				      nil nil
				      mud-expansion-macro-name)))
  (let ((oldval (assoc name mud-current-macro-commands-alist)))
    (if oldval
	(setcdr oldval (buffer-string))
      (setq 
       mud-current-macro-commands-alist
       (cons
	(cons name (buffer-string))
	mud-current-macro-commands-alist))))
  (if (y-or-n-p "Save to file? ")
      (mud-store-macro-commands
       (expand-file-name
	(read-file-name (concat "File to save to (default "
				mud-macro-commands-file
				"): ")
			"~/"
			mud-macro-commands-file)))))


(defun mud-macro-abort ()
  "Abort macro expansion buffer."
  (interactive)
  (kill-buffer (current-buffer))
  (delete-window))

(defun mud-macro-send ()
  "Send contents of macro expansion buffer."
  (interactive)
  (let ((str (buffer-string)))
    (mud-macro-send-2 str)))
(defun mud-macro-send-and-destroy ()
  "Send contents of macro expansion buffer and then kill the buffer."
  (interactive)
  (let ((str (buffer-string)))
    (mud-macro-abort)
    (mud-macro-send-2 str)))

(defun mud-macro-send-2 (str)
  (save-excursion
    (let ((proc mud-current-process))
      (set-buffer (process-buffer proc))
      (setq mud-macro-commands-alist mud-current-macro-commands-alist)
      (mud-send-string 
       (let ((start (point)))
	 (insert str)
	 (save-restriction
	   (narrow-to-region start (point))
	   (run-hooks (mud-command-filters))
	   (prog1
	       (buffer-string)
	     (delete-region (point-min) (point-max)))))
       proc))))


(defun mud-send-string (string proc)
  "Send STRING as input to PROC"
  (send-string proc (concat string "\n")))


(defun mud-load-macro-commands (filename)
  "Load file of mud-macros"
  (setq mud-macro-commands-alist
	(if (file-exists-p filename)
	    (progn
	      (setq mud-macro-commands-file filename)
	      (let ((tempbuf (get-buffer-create " *MUD Macros*"))
		    (buf (current-buffer)))
		(set-buffer tempbuf)
		(erase-buffer)
		(insert-file filename)
		(prog1 (car (read-from-string (buffer-string)))
		  (set-buffer buf))))
	  '("nil" . ""))))

(defun mud-store-macro-commands (filename)
  "Store MUD macros in filename"
  (interactive "FFile to save to: ")
  (setq mud-macro-commands-file filename)
  (save-excursion
    (let ((tmp (get-buffer-create " *Macros to write*")))
      (set-buffer tmp)
      (erase-buffer)
      (insert (prin1-to-string mud-current-macro-commands-alist))
      (write-file filename))))

(defun mud-macro-command (arg)
  "Insert into stream one of the commands in mud-macro-commands-alist.
Without command argument, opens buffer for editting.  With argument
sends alist entry directly to process."
  (interactive "P")
  (let ((macro
	 (assoc
	  (or (if (stringp arg) arg)
	      (completing-read "MUD Macro: "
			       mud-macro-commands-alist nil t nil))
	  mud-macro-commands-alist)))
    (let ((match (car macro))
	  (stuff (cdr macro)))
      (if (stringp stuff)
	  (let ((buff (get-buffer-create "*Expansion*"))
		(proc (get-buffer-process (current-buffer)))
		(alist mud-macro-commands-alist))
	    (if (not arg)
		(progn
		  (pop-to-buffer buff)
		  (erase-buffer)
		  (insert stuff)
		  (goto-char (point-min))
		  (mud-macro-expansion-mode)
		  (setq mud-expansion-macro-name match)
		  (setq mud-current-process proc)
		  (setq mud-current-macro-commands-alist alist)
		  )
	      (mud-send-string stuff proc)))))))


;;; Reading from entry file
;;;
;;; FORMAT:
;;; server  <server-name>  <mud-type>  <host-name>  <port>
;;; default-server  <server-name>
;;; include  <file-name>
;;; <server-name>  <character-name>  <password>
;;; default  <character-name>  <password>
;;;

(defvar mud-entry-file "~/.mud"
  "*Pathname to location of MUD address/character/password file.")

(defvar mud-servers nil)
(defvar mud-default-server nil)
(defvar mud-logins nil)
(defvar mud-default-login nil)

(defvar mud-entry-file-dates nil)

(defun mud-match-field (i)
  (buffer-substring (match-beginning i) (match-end i)))

(defun mud-report-syntax-error ()
  (let ((start (point)))
    (end-of-line)
    (error (concat "Syntax error in MUD entry file " file ": "
		   (buffer-substring start (point))))))

(defun mud-file-directory (name)
  (let ((i (1- (length name))))
    (while (not (= (aref name i) ?/))
      (setq i (1- i)))
    (substring name 0 (1+ i))))

(defun mud-file-write-date (file)
  (nth 5 (file-attributes file)))

(defun mud-entry-pattern (keyword nargs)
  (let ((pattern "?$"))
    (while (> nargs 0)
      (setq pattern (concat "\\([^ \n]*\\) " pattern)
	    nargs (1- nargs)))
    (if (null keyword)
	pattern
      (concat keyword " " pattern))))

(defun mud-parse-entry-file (name)
  (let ((file (expand-file-name name))
	(old-buffer (current-buffer))
	(buffer (generate-new-buffer " *MUD temp*")))
    (if (not (file-exists-p file))
	(error (concat "Can't find MUD entry file " file)))
    (setq mud-entry-file-dates (cons (cons file (mud-file-write-date file))
				     mud-entry-file-dates))
    (unwind-protect
	(progn
	  (set-buffer buffer)
	  (buffer-flush-undo buffer)
	  (insert-file-contents file)
	  ;; Don't lose if no final newline.
	  (goto-char (point-max))
	  (or (eq (preceding-char) ?\n)
	      (newline))
	  (goto-char (point-min))
	  ;; handle "\\\n" continuation lines
	  (while (not (eobp))
	    (end-of-line)
	    (cond ((= (preceding-char) ?\\)
		   (delete-char -1)
		   (delete-char 1)
		   (insert ?\ )))
	    (forward-char 1))
	  ;; simplify whitespace handling
	  (goto-char (point-min))
	  (while (re-search-forward "^[ \t]+" nil t)
	    (replace-match ""))
	  (goto-char (point-min))
	  (while (re-search-forward "[ \t]+" nil t)
	    (replace-match " "))
	  (goto-char (point-min))
	  (while (not (eobp))
	    (cond ((or (eolp) (looking-at "#")))
		  ((looking-at "server ")
		   (let (port
			 type)
		     (if (or (not (looking-at (mud-entry-pattern "server" 4)))
			     (= (setq port (string-to-int
					    (mud-match-field 4)))
				0)
			     (not (memq (setq type
					      (intern (mud-match-field 2)))
					muds)))
			 (mud-report-syntax-error))
		     (setq mud-servers
			   (cons (list (mud-match-field 1)
				       type
				       (mud-match-field 3)
				       port)
				 mud-servers))))
		  ((looking-at "default-server ")
		   (if (not (looking-at (mud-entry-pattern "default-server"
							   1)))
		       (mud-report-syntax-error))
		   (if (null mud-default-server)
		       (setq mud-default-server (mud-match-field 1))))
		  ((looking-at "include ")
		   (if (not (looking-at (mud-entry-pattern "include" 1)))
		       (mud-report-syntax-error))
		   (mud-parse-entry-file (concat (mud-file-directory file)
						 (mud-match-field 1))))
		  ((looking-at "default ")
		   (if (not (looking-at (mud-entry-pattern "default" 2)))
		       (mud-report-syntax-error))
		   (if (null mud-default-login)
		       (setq mud-default-login (list (mud-match-field 1)
						     (mud-match-field 2)))))
		  ((looking-at (mud-entry-pattern nil 3))
		   (setq mud-logins (cons (list (mud-match-field 1)
						(mud-match-field 2)
						(mud-match-field 3))
					  mud-logins)))
		  (t (mud-report-syntax-error)))
	    (beginning-of-line 2)))
      (kill-buffer buffer)
      (set-buffer old-buffer))))

(defun mud-check-entry-file ()
  (if (or (null mud-entry-file-dates)
	  (let ((dates mud-entry-file-dates))
	    (while (and dates
			(equal (cdr (car dates))
			       (mud-file-write-date (car (car dates)))))
	      (setq dates (cdr dates)))
	    (not (null dates))))
      (progn
	(setq mud-servers nil
	      mud-default-server nil
	      mud-logins nil
	      mud-default-login nil
	      mud-entry-file-dates nil)
	(if (file-exists-p mud-entry-file)
	    (mud-parse-entry-file mud-entry-file))
	(setq mud-servers (append (reverse mud-servers) mud-default-servers))
	(if (null mud-default-server)
	    (setq mud-default-server mud-default-default-server)))))

(defun mud-servers ()
  (mud-check-entry-file)
  mud-servers)

(defun mud-default-server ()
  (mud-check-entry-file)
  mud-default-server)

(defun mud-login-for-server (server)
  (mud-check-entry-file)
  (or (cdr (assoc server mud-logins))
      mud-default-login))


;;; TinyMUD

(defvar tinymud-filter-hook
  '(mud-check-reconnect mud-check-page mud-fill-lines)
  "*List of functions to call on each line of tinymud output.  The
function is called with no arguments and the buffer narrowed to just
the line.") 

(defvar tinymud-connection-error-string
  "Either that player does not exist, or has a different password.")

(defvar tinymud-macro-commands-file "~/.tinymud_macros"
  "*Pathname of tinymud macros.")

(setq tinymud-output-filter nil)

(defun tinymud-connect-filter (proc string)
  "Filter for connecting to a TinyMUD server.  Replaced with tinymud-filter
once successful."
  (if (not (string-equal string tinymud-connection-error-string))
      (set-process-filter proc 'tinymud-filter)))



;;; SMUG (TinyMUD 2)

(defvar smug-filter-hook
  '(mud-convert-tabs-to-newlines mud-fill-lines)
  "*List of functions to call on each line of Smug output.  The
function is called with no arguments and the buffer narrowed to just
the line.")

(setq smug-macro-command-filter-hook
      '(mud-convert-newlines-to-tabs-in-strings))

(defun mud-convert-tabs-to-newlines ()
  "Replace all TABs to NEWLINEs in displaying of Smug output, since 
they represent new statements in the embedded programming language."
  (subst-char-in-region (point-min) (point-max) ?\t ?\n t))

(defun mud-convert-newlines-to-tabs-in-strings ()
  "Replace all NEWLINEs present inside top-level strings with TABs, 
as they are likely code objects."
  (goto-char (point-min))
  (if (re-search-forward "[\\[\"]" (point-max) t)
      (progn 
	(forward-char -1)
	(subst-char-in-region (point)
			      (save-excursion (forward-sexp 1) (point))
			      ?\n ?\t t))))

(defvar smug-macro-commands-file "~/.smug_macros"
  "*Pathname of SMUG macros.")


;;; MOO

(defvar moo-mode-hook '(define-moo-mode-commands))

(defun define-moo-mode-commands ()
  (define-key (current-local-map) "\^c\^d" 'moo-get-description)
  (define-key (current-local-map) "\^ch" 'moo-get-help)
  (define-key (current-local-map) "\^c\^f" 'moo-get-field)
  (define-key (current-local-map) "\^c\^v" 'moo-get-verb-listing))

;; AstroVR fetch requests:
;;     #$# fetch host: <name> directory: <dir> filename: <name> type: <type>
(defun moo-check-fetch ()
  "Look for page message, and pop-up buffer if specified."
  (goto-char (point-min))
  (while (not (eobp))
    (if (looking-at (concat "#\\$# fetch "
			    "host: \\(.*\\) "
			    "directory: \\(.*\\) "
			    "file: \\(.*\\) "
			    "type: \\(.*\\) "
			    "destination: \\(.*\\)$"))
	(let ((host (mud-match-field 1))
	      (dir (mud-match-field 2))
	      (file (mud-match-field 3))
	      (type (mud-match-field 4))
	      (dest (mud-match-field 5)))
	  (delete-region (point) (save-excursion (beginning-of-line 2)
						 (point)))
	  (call-process "fetch-file" nil 0 nil
			host dir file type dest)))
    (beginning-of-line 2)))

(defun moo-explode-message ()
  "Convert a list of strings into more readable/editable text."
  (interactive)
  (goto-char (point-min))
  (while (search-forward "{\"" nil t)
    (replace-match "{\n"))
  (goto-char (point-min))
  (while (search-forward "\", \"" nil t)
    (replace-match "\n"))
  (goto-char (point-min))
  (while (search-forward "\"}" nil t)
    (replace-match "\n}"))
  (goto-char (1- (point-max)))
  (if (looking-at "\n")
      (delete-char 1)))

(defun moo-implode-message ()
  "Convert readable/editable text into a list of strings."
  (interactive)
  (goto-char (point-min))
  (while (search-forward "{\n" nil t)
    (replace-match "{\""))
  (goto-char (point-min))
  (while (search-forward "\n}" nil t)
    (replace-match "\"}"))
  (goto-char (point-min))
  (while (search-forward "\n" nil t)
    (replace-match "\", \"")))

(defun moo-get-help ()
  "Fetch a given help text and explode it."
  (interactive)
  (moo-do-fetch "Edit which help text: "
		"%s"
		"@gethelp %s"
		'moo-fix-help))

(defun moo-fix-help ()
  ;; Nothing required.
  )

(defun moo-get-field ()
  "Fetch the value of some field."
  (interactive)
  (moo-do-fetch "Edit what field: "
		"%s"
		"@show %s"
		'moo-fix-field))

(defun moo-get-description ()
  "Fetch the description of some object."
  (interactive)
  (moo-do-fetch "Edit description of what object: "
		"%s"
		"@show %s.description"
		'moo-fix-field))

(defun moo-fix-field ()
  (define-key (current-local-map) "\^c\^e" 'moo-explode-message)
  (define-key (current-local-map) "\^c\^i" 'moo-implode-message)
  (insert "; !(")
  (search-forward ".")
  (insert "(\"")
  (end-of-line)
  (insert "\") = ")
  (let ((start (point)))
    (re-search-forward "Value: *")
    (delete-region start (point)))
  (save-excursion
    (end-of-line)
    (insert ")")))

(defun moo-get-verb-listing ()
  "Fetch the MOO code for a particular verb."
  (interactive)
  (moo-do-fetch "Program what verb: "
		"%s"
		"@list %s without numbers"
		'moo-fix-listing))

(defun moo-fix-listing ()
  (moo-code-mode)
  (cond ((looking-at "That object")
	 (let ((message (substring (buffer-string) 0 -1)))
	   (erase-buffer)
	   (error message)))
	((looking-at "That verb")
	 (let ((start (point)))
	   (end-of-line)
	   (delete-region start (point)))))
  (insert (concat "@program " moo-object "\n"))
  (if (looking-at "#")				; Kill the header line.
      (let ((start (point)))
	(beginning-of-line 2)
	(delete-region start (point))))
  (goto-char (point-max))
  (insert ".\n")
  (goto-char (point-min))
  (beginning-of-line 2))

(defun moo-do-fetch (prompt object-fmt command-fmt fixer)
  (setq moo-object (format object-fmt (read-string prompt))
	moo-state 'waiting
	moo-fixer fixer
	mud-current-process (get-buffer-process (current-buffer))
	moo-buffer (get-buffer-create moo-object))
  (moo-set-delimiter moo-suffix)
  (pop-to-buffer moo-buffer)
  (erase-buffer)
  (mud-send-string (concat "PREFIX " moo-prefix
			   "\nSUFFIX " moo-suffix
			   "\n"
			   (format command-fmt moo-object)
			   "\nPREFIX\nSUFFIX\n")
		   mud-current-process))

(defun moo-set-delimiter (str)
  (setq moo-delim-string str)
  (setq moo-delim-regexp (concat (regexp-quote str) "$")))

(defvar moo-prefix "===MOO-Prefix===")
(defvar moo-suffix "===MOO-Suffix===")
(defvar moo-upload-command nil)
(defvar moo-edit-regexp (concat "#\\$# edit "
				"name: \\(.*\\) "
				"upload: \\(.*\\)$"))
(defvar moo-buffer nil)
(defvar moo-delim-string nil)
(defvar moo-delim-regexp nil)
(defvar moo-state 'idle)
(defvar moo-object nil)
(defvar moo-fixer nil)
(defvar moo-filter-hook
  '(moo-filter moo-check-fetch mud-check-page mud-check-reconnect
	       mud-fill-lines))

(defun moo-quote-dots ()
  "Double any initial dot on every line of the current (narrowed) buffer."
  (save-excursion
    (goto-char (point-min))
    (while (re-search-forward "^\\." nil t)
      (replace-match ".."))))

(defun moo-unquote-dots ()
  "Un-double any initial dots on every line of the current (narrowed) buffer."
  (save-excursion
    (goto-char (point-min))
    (while (re-search-forward "^\\.\\." nil t)
      (replace-match "."))))

(defun moo-filter ()
  (goto-char (point-min))
  (while (not (eobp))
    (let ((start (point)))
      (cond ((and (eq moo-state 'waiting)
		  (looking-at (concat moo-prefix "$")))
	     (beginning-of-line 2)
	     (delete-region start (point))
	     (setq moo-state 'copying
		   moo-upload-command nil))
	    ((and (eq moo-state 'idle)
		  (looking-at moo-edit-regexp))
	     (let ((name (mud-match-field 1))
		   (upload (mud-match-field 2)))
	       (beginning-of-line 2)
	       (delete-region start (point))
	       (setq moo-state 'copying
		     moo-buffer (get-buffer-create name)
		     mud-current-process (get-buffer-process (current-buffer))
		     moo-fixer 'moo-unquote-dots)
	       (moo-set-delimiter ".")
	       (let ((buff (current-buffer)))
		 (set-buffer moo-buffer)
		 (erase-buffer)
		 (setq moo-upload-command upload)
		 (set-buffer buff))))
	    ((eq moo-state 'copying)
	     (cond ((looking-at moo-delim-regexp)
		    (setq moo-state 'idle)
		    (beginning-of-line 2)
		    (delete-region start (point))
		    (let ((buff (current-buffer)))
		      (set-buffer moo-buffer)
		      (goto-char (point-min))
		      (mud-macro-expansion-mode)
		      (if moo-upload-command
			  (let ((upload moo-upload-command))
			    (make-local-variable 'moo-upload-command)
			    (setq moo-upload-command upload)))
		      (and moo-fixer (funcall moo-fixer))
		      (setq mud-select-buffer moo-buffer)
		      (set-buffer buff)))
		   (t
		    (beginning-of-line 2)
		    (let* ((buff (current-buffer))
			   (str (buffer-substring start (point)))
			   (len (length str)))
		      (if (or (> len (length moo-delim-string))
			      (not (equal (substring moo-delim-string 0 len)
					  str)))
			  (progn
			    (delete-region start (point))
			    (set-buffer moo-buffer)
			    (goto-char (point-max))
			    (insert str)
			    (set-buffer buff)))))))
	    (t
	     (beginning-of-line 2))))))
			  


;;; Jupiter

(defvar jupiter-filter-hook
  '(jupiter-filter moo-filter mud-check-page mud-check-reconnect
		   mud-fill-lines))
(defvar jupiter-sentinel-hook
  '(jupiter-sentinel))
(defvar jupiter-process nil
  "Process variable for mooaudio program.")
(make-variable-buffer-local 'jupiter-process)
(defconst jupiter-mooaudio "/project/jupiter/etc/mooaudio")

(defun jupiter-filter ()
  "Filter room change strings."
  (goto-char (point-min))
  (if (re-search-forward "^@@#\\([0-9]*\\)\n" (point-max) t)
      (let ((room (buffer-substring (match-beginning 1) (match-end 1))))
	(jupiter-set-room room)
	(delete-region (match-beginning 0) (match-end 0))))
  (goto-char (point-min))
  (if (re-search-forward "^#\\$# This server supports fancy clients.\n"
			 (point-max) t)
      (progn
	(send-string (get-buffer-process (current-buffer)) "@client emacs\n")
	(delete-region (match-beginning 0) (match-end 0))))
  (goto-char (point-min))
  (if (re-search-forward "^#\\$#channel \\([\.0-9]*\\)\n" (point-max) t)
      (let ((channel (buffer-substring (match-beginning 1) (match-end 1))))
	(jupiter-set-channel channel)
	(delete-region (match-beginning 0) (match-end 0)))))

(defun jupiter-set-room (room)
  (jupiter-set-channel (concat "224.4." room)))

(defun jupiter-set-channel (channel)
  (if (or (null jupiter-process)
	  (not (eq (process-status jupiter-process) 'run)))
      (setq jupiter-process
	    (start-process "jupiter-audio" nil
			   jupiter-mooaudio channel))
      (send-string jupiter-process (concat "g " channel "\n"))))


(defun jupiter-sentinel ()
  (if (not (eq (process-status proc) 'run))
      (process-send-eof jupiter-process)))


;;; Generic stuff.

(defun mud-macro-abort ()
  "Abort macro expansion buffer."
  (interactive)
  (kill-buffer (current-buffer))
  (delete-window))

(defun mud-macro-send ()
  "Send contents of macro expansion buffer."
  (interactive)
  (let ((str (buffer-string)))
    (mud-macro-send-2 str)))

(defun mud-macro-send-and-destroy ()
  "Send contents of macro expansion buffer and then kill the buffer."
  (interactive)
  (let ((str (buffer-string)))
    (mud-macro-send-2 str)
    (mud-macro-abort)))

(defun mud-macro-send-2 (str)
  (save-excursion
    (let ((proc mud-current-process)
	  (upload moo-upload-command))
      (set-buffer (process-buffer proc))
      (setq mud-macro-commands-alist mud-current-macro-commands-alist)
      (mud-send-string (let ((start (point)))
			 (insert str)
			 (save-restriction
			   (narrow-to-region start (point))
			   (if upload
			       (progn (moo-quote-dots)
				      (goto-char (point-min))
				      (insert (concat upload "\n"))
				      (goto-char (point-max))
				      (if (not (bolp))
					  (insert "\n"))
				      (insert ".\n"))
			     (run-hooks (mud-command-filters)))
			   (prog1
			       (buffer-string)
			     (delete-region (point-min) (point-max)))))
		       proc))))


(defun mud-send-string (string proc)
  "Send STRING as input to PROC"
  (send-string proc (concat string "\n")))


(defun mud-load-macro-commands (filename)
  "Load file of mud-macros"
  (setq mud-macro-commands-alist
	(if (file-exists-p filename)
	    (progn
	      (setq mud-macro-commands-file filename)
	      (let ((tempbuf (get-buffer-create " *MUD Macros*"))
		    (buf (current-buffer)))
		(set-buffer tempbuf)
		(erase-buffer)
		(insert-file filename)
		(prog1 (car (read-from-string (buffer-string)))
		  (set-buffer buf))))
	  '("nil" . ""))))

(defun mud-store-macro-commands (filename)
  "Store MUD macros in filename"
  (interactive "FFile to save to: ")
  (setq mud-macro-commands-file filename)
  (save-excursion
    (let ((tmp (get-buffer-create " *Macros to write*")))
      (set-buffer tmp)
      (erase-buffer)
      (insert (prin1-to-string mud-current-macro-commands-alist))
      (write-file filename))))





(defun mud-macro-command (arg)
  "Insert into stream one of the commands in mud-macro-commands-alist.
Without command argument, opens buffer for editting.  With argument
sends alist entry directly to process."
  (interactive "P")
  (let ((macro
	 (assoc
	  (or (if (stringp arg) arg)
	      (completing-read "MUD Macro: "
			       mud-macro-commands-alist nil t nil))
	  mud-macro-commands-alist)))
    (let ((match (car macro))
	  (stuff (cdr macro)))
      (if (stringp stuff)
	  (let ((buff (get-buffer-create "*Expansion*"))
		(proc (get-buffer-process (current-buffer)))
		(alist mud-macro-commands-alist))
	    (if (not arg)
		(progn
		  (pop-to-buffer buff)
		  (erase-buffer)
		  (insert stuff)
		  (goto-char (point-min))
		  (mud-macro-expansion-mode)
		  (setq mud-expansion-macro-name match)
		  (setq mud-current-process proc)
		  (setq mud-current-macro-commands-alist alist)
		  )
	      (mud-send-string stuff proc)))))))



;;; Utilities

(defun mud-cleanup-extra-processes ()
  (interactive)
  (mapcar '(lambda (p) (if (not (buffer-name (process-buffer (get-process p))))
			   (delete-process p)))
	  (process-list)))

(require 'moo-code)







From hayden at krypton.mankato.msus.edu  Fri Feb 11 13:40:38 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Fri, 11 Feb 94 13:40:38 PST
Subject: MOO: on the virtual meeting
In-Reply-To: <9402112013.AA27577@media.mit.edu>
Message-ID: <Pine.3.89.9402111557.A14223-0100000@krypton.mankato.msus.edu>


I also recommend, if you don't want to use emacs, that you look for the 
client called 'tiny fugue'.  That's what I connected with and it did a 
very good job do keeping things sane.

There are, of course, several other clients out there as well.  Check the 
rec.games.mud* FAQs for a list.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From nobody at soda.berkeley.edu  Fri Feb 11 14:20:39 1994
From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu)
Date: Fri, 11 Feb 94 14:20:39 PST
Subject: Subscribe me.
Message-ID: <199402112216.OAA03371@soda.berkeley.edu>


Please add us to you list of subscribers. Thanks.

root at nsa.gov, root at fbi.gov, root at cia.gov, root at sss.gov.

-BB-





From mus at cunyvms1.gc.cuny.edu  Fri Feb 11 14:23:12 1994
From: mus at cunyvms1.gc.cuny.edu (mus at cunyvms1.gc.cuny.edu)
Date: Fri, 11 Feb 94 14:23:12 PST
Subject: unsubscribe
Message-ID: <00979E8A.A5A06A0C.21209@cunyvms1.gc.cuny.edu>


unsubscribe Michael Muskal





From qwerty at netcom.com  Fri Feb 11 14:30:38 1994
From: qwerty at netcom.com (Xenon)
Date: Fri, 11 Feb 94 14:30:38 PST
Subject: alt.w.a.s.t.e.
Message-ID: <199402112227.OAA04121@mail.netcom.com>


Kewl title, but alt.test alredy exists and if you create alt.w.a.s.t.e. you
announce to the entire anal retentive world that you are using Usenet to
send private encrypted messages. That will alert everyone to start scanning
alt.test too for such things and tattling on the remailer sites as being
where these things are coming from. Nobody will CARRY alt.w.a.s.t.e. if they
know that's what the group is for! Many sites don't carry alt.test even, but
they do carry misc.test, if I understand right. Nobody's going to rmgroup
alt.test or misc.test!! But you can bet they'll rmgroup alt.w.a.s.t.e.

Duh.

-=Xenon=-





From paul.elliott at hrnowl.lonestar.org  Fri Feb 11 14:50:38 1994
From: paul.elliott at hrnowl.lonestar.org (Paul Elliott)
Date: Fri, 11 Feb 94 14:50:38 PST
Subject: NEWBRIDGE RNG-810
Message-ID: <2d5bed18.flight@flight.hrnowl.lonestar.org>


-----BEGIN PGP SIGNED MESSAGE-----

I have found from Newbridge that the RNG-810 is still for sale $415 US.

- -- 
- ------------------------------------------------------------------------------
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott at hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVvtA/BUQYbUhJh5AQEHuQP+Iou4zm+3bohlUKkL6cXag08OMKqc3nhT
oCiSdK44C9xbouPKqn3iFBN33NYV4vGdV2kcy0Bkppa5rgVjhojs73Z2UDvAQkZu
SOnOkUzhkJ/FrY8pkN71zc5ToekyBsZzBdN8nlvogSkIwWADKITARTg3ldImT5Jv
qaa0cRsUcFQ=
=VziH
-----END PGP SIGNATURE-----





From ebrandt at jarthur.Claremont.EDU  Fri Feb 11 15:00:38 1994
From: ebrandt at jarthur.Claremont.EDU (Eli Brandt)
Date: Fri, 11 Feb 94 15:00:38 PST
Subject: List of forbidden mathematics?
In-Reply-To: <199402111940.LAA01150@mail.netcom.com>
Message-ID: <9402112253.AA24576@toad.com>


> From: tcmay at netcom.com (Timothy C. May)
> Do any of you have a current list of banned mathematics topics handy?
> I was reading a number theory book (Rosen) and got worried that I
> might be stumbling into some of the areas forbidden to private
> citizens.

Goodness, Tim, our government would never forbid mathematics to its
citizens.  No, you simply require the appropriate licence to legally
work with the algorithms in question.  Of course, these days it's
rather difficult to get a research permit for Schedule I math -- you
generally have to work for NSA.

In response to your original question: it's a little tricky to keep
an up-to-date list of the Schedules.  What you can do is start with
the Controlled Algorithms Act of 1970, and work forwards from there.
Keep an eye on the Federal Register for recent schedulings.

   Eli   ebrandt at jarthur.claremont.edu
	 PGP 2 ke^H^H^H^H^H^H^H^H





From fnerd at smds.com  Fri Feb 11 18:20:40 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Fri, 11 Feb 94 18:20:40 PST
Subject: decrencr or crypdec?
Message-ID: <9402120202.AA02502@smds.com>


Bob Cain says-
> 
> ...decrencr.  (Short word
> I just coined for decryptor/encryptor as in modem or codec :-)

How about crypdec (pron. "cryptic")?

-fnerd
quote me
- -
I am the sea of permutations
I live beyond interpretation
I scramble all the names and the combinations --Eno
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From newsham at uhunix.uhcc.Hawaii.Edu  Fri Feb 11 18:40:40 1994
From: newsham at uhunix.uhcc.Hawaii.Edu (Tim Newsham)
Date: Fri, 11 Feb 94 18:40:40 PST
Subject: pgplib
Message-ID: <9402120234.AA28297@uhunix.uhcc.Hawaii.Edu>



Where is pgplib located? I looked on soda.berkeley.edu and
couldnt find it.  Email reply please as I am no longer subscribed
to this list.

                                 Tim N.






From hayden at krypton.mankato.msus.edu  Fri Feb 11 19:30:41 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Fri, 11 Feb 94 19:30:41 PST
Subject: Subscribe me.
In-Reply-To: <199402112216.OAA03371@soda.berkeley.edu>
Message-ID: <Pine.3.89.9402112142.A21339-0100000@krypton.mankato.msus.edu>


On Fri, 11 Feb 1994 nobody at soda.berkeley.edu wrote:

> Please add us to you list of subscribers. Thanks.
> 
> root at nsa.gov, root at fbi.gov, root at cia.gov, root at sss.gov.

*giggle*

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From an57322 at anon.penet.fi  Fri Feb 11 19:40:40 1994
From: an57322 at anon.penet.fi (T.A.Z.)
Date: Fri, 11 Feb 94 19:40:40 PST
Subject: Clarification RE: Nazis on the Net
Message-ID: <9402120215.AA28871@anon.penet.fi>




DrZaphod wrote:

>        That may have been just a snide comment.. but I'll address
>it anywayz... are you applying the old logic of "Germany is screwed up",
>"Germany is democratic", "U.S. is democratic -- we MUST be screwed up!"
>Cuz that logic doesn't work in real life.. maybe on the net, tho.


Sorry for being unclear. This is what I was trying to say:

I am an anarchist and don't like Nazis. However, I believe that everyone
should have the right to say what they believe needs to be said. By making
it illegal to let certain parts of society know how to start a newspaper
(assuming this is true), the German government employs the very same
principles it is trying to fight. Furthermore, I believe that a government
in power that use fascist methods (such as taking away one's right to
publsh a paper) is more dangerous to society as a whole than some juvenile
hotheads, whose crazy ideas probably would be rather discredited than being
help by putting out for everyone to read.

As for the analogy to the US: I see the constant increase in attempts to
censor the media as a warning that perhaps some day soon it may be illegal
to tell someone in the US how to go about publishing your own paper.


Peace,

-= T.A.Z.
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From orion at crl.com  Fri Feb 11 19:42:27 1994
From: orion at crl.com (Colin Orion Chandler)
Date: Fri, 11 Feb 94 19:42:27 PST
Subject: MOO: on the virtual meeting
In-Reply-To: <Pine.3.89.9402111557.A14223-0100000@krypton.mankato.msus.edu>
Message-ID: <Pine.3.87.9302111914.A3704-0100000@crl.crl.com>


I agree... I am a wizard on BayMOO, and I can tell you: Yeroc, Yea, 
Dr.J, and I all use tinyfugue... "Wizard used, wizard reccommended." ==|:-)= 

___________________________________________________________________________
|---===================================--|     /\     |  |  \ |_ _\ \  / |
|---Colin Titus Orion Xavier Chandler----|    \\ \    |  | .  |  | >  <  |
|---===================================--|   \ \\ /  \__/ _|\_|___|_/\_\ |
| _____                                  |  / \/ / /		         |
|/\  __ \         __  "What year is it?" | / /   \//\   "If it's not a   | 
|\ \ \/\ \  _ __ /\_\    ___     ___     | \//\   / /	Sun, it's not a  |
| \ \ \ \ \/\`'__\/\ \  / __`\ /' _ `\   |  / / /\ /  	   computer."    |
|  \ \ \_\ \ \ \/ \ \ \/\ \L\ \/\ \/\ \  |   / \\ \  .__          __     |
|   \ \_____\ \_\  \ \_\ \____/\ \_\ \_\ |    \ \\   |_. | | |\ |  -|    |
|    \/_____/\/_/   \/_/\/___/  \/_/\/_/ |     \/    __| I_| | \| __|/160|
+________________________________________+_______________________________+
|  Colin Chandler |"It can only be accountable to *human* error."-HAL9000|
|  (415) 388-8055 | orion at crl.com, wizard @ BayMOO (mud.crl.com 8888)    |
|________________________________________________________________________|

On Fri, 11 Feb 1994, Robert A. Hayden wrote:

> I also recommend, if you don't want to use emacs, that you look for the 
> client called 'tiny fugue'.  That's what I connected with and it did a 
> very good job do keeping things sane.
> 
> There are, of course, several other clients out there as well.  Check the 
> rec.games.mud* FAQs for a list.
> 
> ____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
> \  /__          -=-=-=-=-             <=>          -=-=-=-=-
>  \/  /   Finger for Geek Code Info    <=> In the United States, they
>    \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
> -=-=-=-=-=-=-=-
> (GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
> 		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
> 
> 






From greg at ideath.goldenbear.com  Fri Feb 11 20:10:40 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Fri, 11 Feb 94 20:10:40 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <198LHc2w165w@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

"Perry E. Metzger" <uunet!lehman.com!pmetzger> writes:

> I'll remind you that the supreme court has held that text-only works
> can not be held to be obscene. You can write anything you want,
> including explicit descriptions of sodomizing dead children, and it
> can not be censored.

As I mentioned to Perry in E-mail, the above is incorrect. Pure text
can be obscene and hence unprotected by the First Amendment.  Kaplan v.
California, 413 U.S. 115, 118-119, 93 S.Ct. 2680, 2683-2684 (1973).
Others here (Mike Godwin?) can likely provide a much better discussion
of just where this fits into First Amendment law; Shepherds' reveals no
more recent decisions which modify the holding in Kaplan.


-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLVxTKX3YhjZY3fMNAQEd2wP7BmUq0bUzhdhSg9+/Y/+by1C+p0dEu2ef
Q8c0nlzkux6cUBQPrr18/c+dAmMQ4x+Dofr/0N1jF+q9uffnVmeVa9qQjzB1SzJy
9PCsXI7x/7B1bNZFuegliJvUn7aD7UqBBS9Au7/nlZ6Ky8Gb6G0HadrIaZyP9yQy
PuQh+QDXTnY=
=F0SC
-----END PGP SIGNATURE-----

--
Greg Broiles               ".. has bizarre Cyberanarchist theories relating
greg at goldenbear.com         to human punishment." -- L. Detweiler






From banisar at washofc.cpsr.org  Fri Feb 11 20:12:31 1994
From: banisar at washofc.cpsr.org (Dave Banisar)
Date: Fri, 11 Feb 94 20:12:31 PST
Subject: CPSR Alert 3.03 (Clipper Up
Message-ID: <00541.2843852382.3276@washofc.cpsr.org>


  CPSR Alert 3.03 (Clipper Update)
  ==============================================================
  
     @@@@  @@@@   @@@   @@@@        @    @     @@@@  @@@@ @@@@@@
     @     @  @  @      @  @       @ @   @     @     @  @    @
     @     @@@     @    @@@       @@@@@  @     @@@   @@@     @
     @     @        @   @  @      @   @  @     @     @  @    @
     @@@@  @     @@@    @   @     @   @  @@@@  @@@@  @   @   @
  
   =============================================================
   Volume  3.03                                February 11, 1994
   -------------------------------------------------------------
  
                           Published by
           Computer Professionals for Social Responsibility
                         Washington Office
                     (Alert at washofc.cpsr.org)
  
    -------------------------------------------------------------
  
Contents
  
    [1] CPSR Launches Clipper Campaign
    [2] Sign the Clipper Petition!
    [3] Clipper FAQ
    [4] EPIC to Provide Clipper Analysis
    [5] CPSR Needs Your Support!
    [6] RFD for CPSR Newsgroups
    [7] New Files at the CPSR Internet Library
    [8] Upcoming Conferences and Events
  
   -------------------------------------------------------------
  
[1] CPSR Launches Clipper Campaign

The electronic petition begun by CPSR to oppose Clipper has generated 
more than 8,500 responses in less than 10 days. The number is increasing 
at a faster rate than occurred with the successful 1990 campaign to stop 
Lotus Marketplace.

Details of the petition follow.  If you have already signed on, ask your 
friends and colleagues to sign.  Call up your parents.  Tell them to get 
an email account and then to sign the petition.  Check your rolodex.  
Call old friends. Send email to former business partners, lovers, etc.

In your very next email message, ask the person you are writing to if he 
or she has signed the CPSR Clipper petition.

The number of people who have opposed Clipper already far exceeds the 
number of lawful wiretaps conducted by all government officials last 
year.

Other upcoming milestones:

   10,000  Current government orders for Clipper chip (est.)
   12,000  Number of computer networks connected to the Internet
   15,000  Estimated number of total lawful wiretaps, 1968-1994
   70,000  Anticipated number of Clipper purchases this year
 
More details on the petition follow.

   -------------------------------------------------------------
  
[2] Sign the Clipper Petition!

                Electronic Petition to Oppose Clipper  
                      *Please Distribute Widely*

On January 24, many of the nation's leading experts in cryptography and 
computer security wrote President Clinton and asked him to withdraw the 
Clipper proposal.
  
The public response to the letter has been extremely favorable, 
including coverage in the New York Times and numerous computer and 
security trade magazines.

Many people have expressed interest in adding their names to the letter.  
In  response to these requests, CPSR is organizing an Internet petition 
drive to oppose the Clipper proposal.  We will deliver the signed 
petition to the White House, complete with the names of all the people 
who oppose Clipper.

To sign on to the letter, send a message to:

     Clipper.petition at cpsr.org

with the message "I oppose Clipper" (no quotes)

You will receive a return message confirming your vote.

Please distribute this announcement so that others may also express 
their opposition to the Clipper proposal.


===========================================================

The President 
The White House 
Washington, DC  20500

Dear Mr. President:

     "We are writing to you regarding the "Clipper" escrowed encryption 
proposal now under consideration by the White House.  We wish to express 
our concern about this plan and similar technical standards that may be 
proposed for the nation's communications infrastructure.

     "The current proposal was developed in secret by federal agencies 
primarily concerned about electronic surveillance, not privacy 
protection.  Critical aspects of the plan remain classified and thus 
beyond public review.

     "The private sector and the public have expressed nearly unanimous 
opposition to Clipper.  In the formal request for comments conducted by 
the Department of Commerce last year, less than a handful of respondents 
supported the plan.  Several hundred opposed it.

     "If the plan goes forward, commercial firms that hope to develop 
new products will face extensive government obstacles. Cryptographers 
who wish to develop new privacy enhancing technologies will be 
discouraged.  Citizens who anticipate that the progress of technology 
will enhance personal privacy will find their expectations unfulfilled.

     "Some have proposed that Clipper be adopted on a voluntary basis 
and suggest that other technical approaches will remain viable.  The 
government, however, exerts enormous influence in the marketplace, and 
the likelihood that competing standards would survive is small.  Few in 
the user community believe that the proposal would be truly voluntary.

     "The Clipper proposal should not be adopted.  We believe that if
this proposal and the associated standards go forward, even on a 
voluntary basis, privacy protection will be diminished, innovation will 
be slowed, government accountability will be lessened, and the openness 
necessary to ensure the successful development of the nation's 
communications infrastructure will be threatened.

     "We respectfully ask the White House to withdraw the Clipper
proposal."

     -------------------------------------------------------------

[3] Clipper FAQ

The Clipper Chip: Frequently Asked Questions (FAQ)


What is the Clipper Chip?

	It is a cryptographic device purportedly intended to protect 
private communications while at the same time permitting government 
agents to obtain the "keys" upon presentation of what has been vaguely 
characterized as "legal authorization."  The "keys" would be held by two 
government "escrow agents" and would enable the government to access the 
encrypted private communication.  While Clipper would be used to encrypt 
voice transmissions, a similar device known as Capstone would be used to 
encrypt data.

Who developed the underlying technology?

	The cryptographic algorithm, known as Skipjack, was developed by 
the National Security Agency (NSA), a super-secret military intelligence 
agency responsible for intercepting foreign government communications 
and breaking the codes that protect such transmissions.  In 1987, 
Congress passed the Computer Security Act, a law intended to limit NSA's 
role in developing standards for the civilian communications system.  In 
spite of that legislation, the agency has played a leading role in the 
Clipper initiative and other civilian security proposals.  NSA has 
classified the Skipjack algorithm on national security grounds, thus 
precluding independent evaluation of the system's strength.  CPSR has 
filed suit under the Freedom of Information Act seeking the disclosure 
of the secret algorithm and other information concerning the Clipper 
plan.

What is the government's rationale for Clipper?

	The key-escrow system was developed at the urging of the FBI and 
other law enforcement agencies, which claim that the increasing 
availability of strong encryption programs will interfere with their 
ability to conduct wiretapping.  No evidence in support of these claims 
has been released -- in fact, FBI documents obtained through litigation 
by CPSR indicate that no such difficulties have been reported by FBI 
field offices or other federal law enforcement agencies.

How important is wiretapping to law enforcement agencies?

	Electronic surveillance is just one of many investigative 
techniques available to law enforcement.  In fact, it is not a widely 
used technique -- in 1992, fewer than 900 wiretap warrants were issued 
to state and federal law enforcement agencies.  It is to protect the 
viability of that small number of wiretaps from an unsubstantiated risk 
that the FBI and NSA have proposed to compromise the security of 
billions of electronic transactions.

What is the current status of the Clipper plan?

	On February 4, the Administration announced the formal adoption of 
the "Escrowed Encryption Standard," which is the technical specification 
for the Clipper system.  This action means that Clipper will become the 
encryption standard within the government -- all cryptographic products 
for government use must comply with the standard (i.e., contain the key-
escrow mechanism) and all individuals and businesses wishing to transmit 
secure communications to government agencies will eventually be obliged 
to use the NSA-developed technology.

Will the Clipper standard become mandatory?

	The Administration maintains that Clipper will be a "voluntary" 
standard outside of the government, but many industry observers question 
the reality of this claim.  The government exerts enormous pressure in 
the marketplace, and it is unlikely that alternative means of encryption 
will remain viable.  Further, the possibility of Clipper becoming 
mandatory at some time in the future is quite real given the underlying 
rationale for the system.  If criminals do, indeed, intend to use 
encryption to evade electronic surveillance, they are unlikely to 
voluntarily use the Clipper technology.

What can I do to oppose Clipper?

	Sign the electronic petition against the Clipper plan that is 
being organized by CPSR.  Stay informed of relevant developments by 
reading the CPSR Alert and other periodic announcements.  And consider 
lending your financial support to CPSR's campaign to protect the privacy 
of electronic communications.


       -------------------------------------------------------------


[4]  EPIC to Provide Clipper Analysis

The Electronic Privacy Information Center (EPIC) will be providing 
policy information on the Clipper proposal. EPIC is a joint project of 
CPSR and the Fund for Constitutional Government, a national civil 
liberties organization.

EPIC releases will soon be available to CPSR members through the CPSR 
Announce list.

  -------------------------------------------------------------

[5] CPSR Needs Your Support!
  
 If you have signed the CPSR petition, and would like to do more to help 
stop Clipper, please consider sending a cash contribution to CPSR.

What do we do with the money?  Pay staff salaries, telephone bills, 
rent, printing costs.  The basics.

Why support CPSR?  Because we have a good reputation for our work on 
privacy and cryptography, and because  our efforts on Clipper are 
already having an impact.

We know it's a little scurrilous to ask for money on the network.  We 
don't do this very often.  The good news is that an anonymous donor has 
agreed to make a matching grant of $10,000 to support CPSR's Clipper 
campaign.  

That means that if you contribute $50 we receive $100. If you 
contribute $100 we receive $200 and so on.

Please take a moment to write a check and send it to "CPSR, P.O. Box 
717, Palo Alto, CA 94302."  Write "Clipper" on the check.

Thanks in advance.  We appreciate your help.

       -------------------------------------------------------------
  
[6] Call for Discussion on CPSR Newsgroups
  
CPSR has submitted a Request for Discussion (RFD) to create two
new USENET newsgroups: comp.org.cpsr.news and comp.org.cpsr.talk.
  
Comp.org.cpsr.news will be a reflection of the cpsr-announce mailing 
list.  It will be moderated and only carry 1-2 messages per week 
including the CPSR Alert and other official CPSR releases, and 
announcements of relevant conferences.
  
Comp.org.cpsr.talk will be an unmoderated discussion group.  Topics
will include privacy, the NII, working in the computer industry, and 
other areas of interest to CPSR members.
 
Formal discussion on the newsgroups is taking place in news.groups. If 
you have any substantive comments, you may post them there or by e-mail 
to either news-groups at cs.utexas.edu or  
news.groups.usenet at decwrl.dec.com.  If you just wish to express support 
for the new groups, please hold off until the voting begins in about one 
month.
  
     -------------------------------------------------------------
  
[7] New Files at the CPSR Internet Library

The CPSR Internet Library is currently undergoing renovation to make it 
easier to use.  File names are being revised, folders are being moved, 
and a better Gopher front-end is being designed.  We apologize for any 
inconvenience in finding files.

All Feb 4 White House releases on Clipper are available at 
/cpsr/privacy/crypto/clipper

An analysis of US cryptography policy by Professor Lance Hoffman 
commissioned by NIST /cpsr/privacy/crypto/hoffman_crypto_policy_1994

The 1994 US State Department Human Rights Guide. 7.7 megs of files 
describing the situation of civil and political rights in every country 
in the world except the US.
/cpsr/privacy/privacy_international/country_reports/1994_state_dept_guid
e_human_rights

1993 GAO Report on misuse of the FBI's National Crime Information Center 
is also available.

The CPSR Internet Library is a free service available via 
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr.  Materials from Privacy 
International, the Taxpayers Assets Project and the Cypherpunks are also 
archived.  For more information, contact ftp-admin at cpsr.org.
  
   ----------------------------------------------------------------
  
[7] Upcoming Conferences and Events

"Highways and Toll Roads: Electronic Access in the 21st Century" Panel
Discussion. 1994 AAAS Annual Meeting. San Francisco, CA. Feb. 21, 1994
2:30 - 5:30pm. Sponsored by the Association for Computing Machinery
(ACM). Contact: Barbara Simons (simons at vnet.ibm.com).

"Computers, Freedom and Privacy 94." Chicago, Il. March 23-26.
Sponsored by ACM and The John Marshall Law School. Contact: George
Trubow, 312-987-1445 (CFP94 at jmls.edu).

Directions and Implications of Advanced Computing (DIAC)-94 "Developing
an Effective, Equitable, and Enlightened  Information Infrastructure."
Cambridge, MA. April 23 - 24, 1994. Sponsored by CPSR. Contact:
cwhitcomb at bentley.edu or doug.schuler at cpsr.org.

Computer-Human Interaction 94. Boston, Mass. April 24-28. Sponsored by
ACM. Contact: 214-590-8616 or 410-269-6801, chi94office.chi at xerox.com

"Navigating the Networks." 1994 Mid-Year Meeting, American Society for
Information Science. Portland, Oregon. May 22 - 25, 1994. Contact:
rhill at cni.org

Rural Datafication II: "Meeting the Challenge of Providing Ubiquitous
Access to the Internet" Minneapolis, Minnesota. May 23-24, 1994.
Sponsored by CICNet & NSF. Contact: ruraldata-info-request at cic.net.
Send name, mailing address and e-mail address.

"Information: Society, Superhighway or Gridlock?" Computing for the
Social Sciences 1994 Conference (CSS94). University of Maryland at
College Park. June 1-3, 1994. Contact: Dr. Charles Wellford
301-405-4699, fax 301-405-4733, e-mail: cwellford at bss2.umd.edu.
Abstracts for papers due March 1. Contact William Sims Bainbridge
(wbainbri at nsf.gov).

Grace Hopper Celebration of Women in Computer Science. Washington, DC
June 9-11. Contact: 415 617-3335, hopper-info at pa.dec.com

DEF CON ][ ("underground" computer culture) "Load up your laptop muffy,
we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July 22-24,
Contact: dtangent at defcon.org.

Conference on Uncertainty in AI. Seattle, WA. July 29-31. Contact:
206-936-2662, heckerma at microsoft.com.

Symposium: An Arts and Humanities Policy for the National Information
Infrastructure. Boston, Mass. October 14-16, 1994. Sponsored by the
Center for Art Research in Boston. Contact: Jay Jaroslav
(jaroslav at artdata.win.net).

Third Biannual Conference on Participatory Design, Chapel Hill, North
Carolina, October 27-28, 1994. Sponsored by CPSR. Contact:
trigg at parc.xerox.com. Submissions due April 15, 1994.
  
      (Send calendar submissions to Alert at washofc.cpsr.org)
  
=====================================================================


To subscribe to the Alert, send the message:

"subscribe cpsr-announce <your name>" (without quotes or brackets) to
listserv at cpsr.org.  Back issues of the Alert are available at the
CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert

Computer Professionals for Social Responsibility is a national,
non-partisan, public-interest organization dedicated to understanding
and directing the impact of computers on society.  Founded in 1981, CPSR
has 2000 members from all over the world and 22 chapters across the
country.  Our National Advisory Board includes a Nobel laureate and
three winners of the Turing Award, the highest honor in computer
science.  Membership is open to everyone.

For more information, please contact: cpsr at cpsr.org or visit the CPSR
discussion conferences on The Well (well.sf.ca.us) or Mindvox
(phantom.com).

=====================================================================

  
CPSR MEMBERSHIP FORM

Name ______________________________________________________________

Address ___________________________________________________________

___________________________________________________________________

City/State/Zip ____________________________________________________

Home phone  _____________________  Work phone _____________________

Company ___________________________________________________________

Type of work ______________________________________________________

E-mail address ____________________________________________________
  
CPSR Chapter
      __ Acadiana       __ Austin       __ Berkeley
      __ Boston         __ Chicago      __ Denver/Boulder
      __ Los Angeles    __ Madison      __ Maine
      __ Milwaukee      __ Minnesota    __ New Haven
      __ New York       __ Palo Alto    __ Philadelphia
      __ Pittsburgh     __ Portland     __ San Diego
      __ Santa Cruz     __ Seattle      __ Washington, DC
      __ Virtual Chapter (worldwide)    __ No chapter in my area
      __ Loyola/New Orleans (Just started!) 
   
CPSR Membership Categories
  
 __  $  75  REGULAR MEMBER              __  $  50  Basic member
 __  $ 200  Supporting member           __  $ 500  Sponsoring member
 __  $1000  Lifetime member             __  $  50  Foreign subscriber
 __  $  20  Student/low income members
 __  $  50  Library/institutional subscriber
  
   Additional tax-deductible contribution to support CPSR projects:
  
           __  $50     __  $75      __  $100    __  $250
           __  $500    __  $1000    __  Other
  
       Total Enclosed:  $ ________
  
         Make check out to CPSR and mail to:
               CPSR
               P.O. Box 717
               Palo Alto, CA  94301
  
 ------------------------ END CPSR Alert 3.03 -----------------------
  









From qwerty-remailer at netcom.com  Fri Feb 11 20:30:40 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Fri, 11 Feb 94 20:30:40 PST
Subject: Forbidden math?!
Message-ID: <199402120425.UAA08373@mail.netcom.com>


You guys are kidding, right?! Schedule I math? Please stop it. It must
be a joke. It's got to be a joke. It's a joke. Why aren't I laughing?

-=Xenon=-





From mg5n+ at andrew.cmu.edu  Fri Feb 11 20:50:40 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Fri, 11 Feb 94 20:50:40 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
In-Reply-To: <9402110328.AA10866@schirf.cs.utah.edu>
Message-ID: <MhL5tSG00VAx02i0hU@andrew.cmu.edu>


Hmm...  Well, having a program that will auto install segments only if
they are signed by trusted public keys is a good one...  but then again,
most of the non-techies just want to have a program that works and that
they're happy with.  Many people would rather just keep a stable,
working, but older version instead of going to the trouble of trying to
always have the latest.  But perhaps we could have a system such that
only authenticated program upgrades could be installed, to combat
against trojan horses, virii, bombs, etc.

I would be wary of an auto-update system because of possible bugs in the
software.  Even if you only allowed updates from completely trusted
public keys, even the best of us make mistakes and screw something up...
 but public-key protection against viruses and trojan horses would be a
good thing.

Perhaps we just need something that would make using encryption easier. 
Tell me what you all think of this as a project for cypherpunks:

Does anyone want to develop an encrypted term program?  On-the-fly
encryption over a modem.  This would allow everyone to encrypt very
easily.  It could support plug-in modules (with signatures) to support
automatic pgp signing/verification, additional cipher modules (ie DES,
IDEA, MPJ2).  When logging on to you favorite BBS, instead of typing
your password in, you enter your account, and then set your encryption
on your terminal to your password, and if it's right, then you can
decode the transmission and you are logged on.  That way nobody could
steal your password (or anything else) by tapping your transmission.

Encrypting two way modem transmissions would be a problem, but it could
probably be solved by packaging the data into manageable packets with an
error-correction protocol and then encrypting those.  Error-correction
would be vital, as line noise can wreak havok on encrypted data. 
(Although you could reduce the impact of the errors by weakening the
cipher somewhat.)  I do have several ideas as to how to do this...

What do you think?  Anyone want to take this on as a project?
If I'm going to do it, it would be for MS-DOS systems, tho if there's
enuff interest, it might be possible to develop multi-platform support
concurrently.
Let me know...





From wcs at anchor.ho.att.com  Fri Feb 11 21:10:40 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 11 Feb 94 21:10:40 PST
Subject: Nx2 DES Found Weak
Message-ID: <9402120503.AA27541@anchor.ho.att.com>


	
> How is this different from a birthday attack ?

In Nx2 DES, you have   A -k1-> B -k2-> C .
In a birthday attack, you try values of k1' and k2' until you get k1', k2' s.t.
	E(A,k1') = B' = D(C,k2')
but that's only true for that particular plaintext set A,C.  
If you have B' = the same value of B that the original k1,k2 produced, you win,
but there may be many other values of B' besides the one for k1'=k1, k2'=k2.





From wcs at anchor.ho.att.com  Fri Feb 11 21:20:40 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 11 Feb 94 21:20:40 PST
Subject: Poor Detweiler Forgery
Message-ID: <9402120519.AA27728@anchor.ho.att.com>


Someone pretending to be "L." Deteiler posted an article, pretending to be
from Detweiler's account, that had a forgery of Tim May posting to all
the Cyphertentacles about how well the work he and Eric were doing
is going.  The real "L." Detweiler, of course, wouldn't have done so,
because that would be saying the tentacles are sufficiently different
humans that they need to send mail to each other, rather than
merely talking to herself; he or she would have posted a fake announcement
to the net or something like that.

:-)





From strick at versant.com  Fri Feb 11 22:00:39 1994
From: strick at versant.com (henry strickland -- strick@osc.versant.com)
Date: Fri, 11 Feb 94 22:00:39 PST
Subject: strick misses physical
Message-ID: <9402120558.AA04077@osc.com>


To those people I said I would see at the Mountain View Physical
cypherpunks meeting -- I unfortunately will miss it.

(My father's brother had cancer for several years and died a couple
of days ago; I'm in Oklahoma for the weekend for the funeral.)


				regretfully, strick





From ld231782 at longs.lance.colostate.edu  Fri Feb 11 22:02:34 1994
From: ld231782 at longs.lance.colostate.edu (L. Detweiler)
Date: Fri, 11 Feb 94 22:02:34 PST
Subject: Poor T.C.May Forgery?
In-Reply-To: <9402120519.AA27728@anchor.ho.att.com>
Message-ID: <199402120553.WAA08771@longs.lance.colostate.edu>


>[...] a forgery of Tim May posting to all
>the Cyphertentacles about how well the work he and Eric were doing
>is going.

people, none of them T.C.May, keep telling me it is a `forgery'. why?





From mg5n+ at andrew.cmu.edu  Fri Feb 11 22:04:37 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Fri, 11 Feb 94 22:04:37 PST
Subject: Forbidden math?!
In-Reply-To: <199402120425.UAA08373@mail.netcom.com>
Message-ID: <ghL6tFW00VB2A8K0VG@andrew.cmu.edu>


Xenon (or someone using his remailer) says:

> You guys are kidding, right?! Schedule I math? Please stop it.
> It must be a joke. It's got to be a joke. It's a joke. Why aren't
> I laughing?

It's a joke, but the scary thing is that it might not be funny much longer.





From cme at sw.stratus.com  Fri Feb 11 22:20:41 1994
From: cme at sw.stratus.com (Carl Ellison)
Date: Fri, 11 Feb 94 22:20:41 PST
Subject: My letter to Gore
Message-ID: <199402120611.BAA04673@ellisun.sw.stratus.com>


Date: Sat, 12 Feb 1994 01:08:37 -0500
From: Carl Ellison <cme>
Message-Id: <199402120608.BAA04637 at ellisun.sw.stratus.com>
To: vice_president at whitehouse.gov
Subject: Re: Clipper Chip
Newsgroups: alt.security

In article <helen.760998516 at access1> you write:
>    But Gore indicated Thursday that the administration's
>position is "not locked in stone."
>    "Our determination to solve the problem is locked in stone,
>and our determination to proceed with this in the absence of a
>better solution is locked in stone," he said "...the burden is
>on those who say there is a better solution because no solution
>for the national security dimension of the problem
>is unacceptable to us."


Dear Mr. Vice President,

I enjoy a good challenge and I am educated in cryptography.  I am also an
opponent of Clipper.  If you would describe the national security dimension
of this problem to us, I would endeavour to find a solution to that piece
of the problem.  However, the only expression of the problem which I have
seen is a claim/fear that criminals can get access to strong cryptography
(true and always has been true [cf., David Kahn's "The Codebreakers"]) and
the claim that Clipper will somehow prevent that situation (false and never
substantiated).

The main supporter of Clipper in the technical community, Prof. Dorothy
Denning, recently said in a public posting that the real reasons for
Clipper are classified and therefore we the people have no ability to see
the facts and must therefore leave decision making up to you and the
President.  I beg to differ.  We must discuss this issue in public.  We can
not have a secret committee making such decisions.  We are talking about a
basic privacy right which the American people have held since the founding
of this country -- the right to invent, disseminate and use cryptography as
strong as the human mind can invent without any sharing of secret keys with
the government.

So, please Mr. Vice President, bring this issue into the public for debate
and follow through on that debate.  Last Spring, in response to NIST, I
submitted a list of questions, most of which have never been answered.  If
those questions had been answered, perhaps we would have had a resolution
by now of the "national security problem" to which you referred.

Sincerely,

Carl M. Ellison
2130 Mass Ave.  #5B
Cambridge MA  02140-1918
e-mail: cme at sw.stratus.com

-- 
 - <<Disclaimer: All opinions expressed are my own, of course.>>
 - Carl Ellison                                        cme at sw.stratus.com
 - Stratus Computer Inc.       M3-2-BKW                TEL: (508)460-2783
 - 55 Fairbanks Boulevard ; Marlborough MA 01752-1298  FAX: (508)624-7488






From catalyst-remailer at netcom.com  Fri Feb 11 22:40:41 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Fri, 11 Feb 94 22:40:41 PST
Subject: Rant pointer
Message-ID: <199402120639.WAA22322@mail.netcom.com>


Pointer to S.Boxx rant "DEATH TO CLIPPER!! DEATH TO DENNING!"
appearing on sci.crypt and other groups. Brace yourselves for another
onslaught of rants.






From cryptic531 at aol.com  Fri Feb 11 23:50:41 1994
From: cryptic531 at aol.com (cryptic531 at aol.com)
Date: Fri, 11 Feb 94 23:50:41 PST
Subject: unsubscribe list
Message-ID: <9402120247.tn36029@aol.com>


not what i thought it was. get me off this f...ing list please





From mbriceno at netcom.com  Fri Feb 11 23:52:26 1994
From: mbriceno at netcom.com (Marc Briceno)
Date: Fri, 11 Feb 94 23:52:26 PST
Subject: Need ride from SF to CP meeting
Message-ID: <199402120742.XAA20163@mail.netcom.com>


I need a ride from SF to Saturday's meeting. If you are going there and
would like to split the cost for gas, email me with your phone number or
leave a message on my voice mail at (415) 435-7939. Please respond before
11 a.m.

TIA,

-- Marc Briceno <mbriceno at netcom.com> PGP public key by finger

Big Brother Chips?
The Clinton Administration has decided to foster use of "Clipper Chips"
in government communications equipment, thus allowing the FBI et al. to
eavesdrop on computerized messages.  The FBI reportedly is also
investigating increased use of "sniffer" programs, which steal passowrds
and access to private data on the Internet.

Time Magazine, February 14, 1994, page 18






From remailer at merde.dis.org  Fri Feb 11 23:54:13 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Fri, 11 Feb 94 23:54:13 PST
Subject: Magic Money bug removed
Message-ID: <9402120745.AA22450@merde.dis.org>


-----BEGIN PGP SIGNED MESSAGE-----

Anonymous writes:

>It appears that the problem with bigendian magic money is specific
>to the "mint" function.  Minting one coin works OK, but minting more
>than one causes every coin after the first to be rejected by the client.
>Creating a coins.dat file with the -p function of the client works OK,
>even with more than one coin.  Sending the output.asc to the server works
>OK too, as does handling the ascii file that comes back from the server.
>Only minting fails.

Thank you for finding this one. That was not a big-endian problem, that
was simple stupidity on my part. When I added the coinid field to the
protocoin structure, I forgot to move the free(pc); down to the next line.
So the coinid was getting freed and then written. Version E is on its way
to csn.org. By the way MPJ, did you get pgptl10b?

					    Pr0duct Cypher

mp_modexp_crt(c->c.value,pc->c.value,sk->p.value,sk->q.value,
	      dp,dq,sk->u.value);
free(pc);  <-------------------- DUMB MISTAKE
pgp_fix_mpi(&c->c);
f=fifo_file_create(fp);
fifo_put(MM_REGCOIN,f);
fifo_aput(pc->coinid,16,f);
pgp_create_mpi(f,&c->e);
pgp_create_mpi(f,&c->c);
fifo_destroy(f);
free(c);         <-------------- MOVE IT HERE!
free(d);
}

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVtnbsGoFIWXVYodAQHaZgP+JfohckwzIVLvFB3K+r+ywl9ee53h5387
XycJ+qqjnHvLyPp4wTgfYaYnpqLAOzYDGZkq834pQ3EoE83fr++OmA70CpugXwX/
6cFTFtc3mK3Lp+MTc5tKJxVe3ktuL4DFY1c80gcbapur4PCw/NS/BIWQQIZNXtwu
gJH7lPjRno4=
=I0+O
-----END PGP SIGNATURE-----





From uc022 at freenet.victoria.bc.ca  Sat Feb 12 00:40:41 1994
From: uc022 at freenet.victoria.bc.ca (Darren Hill)
Date: Sat, 12 Feb 94 00:40:41 PST
Subject: MIRACL & Scramble
Message-ID: <9402120842.AA29801@freenet.victoria.bc.ca>




 
 
Was wandering the net tonight and came across this:
 
ripem.msu.edu /pub/crypt/other
 
 
675558 Jan 27 15:37 miracl-3.23.zip
 
There is a whole lot of source (c and cpp) for various
bits of factoring, rsa, etc, and a few executables but 
most interesting is a program called "Scramble".
 
Has anyone tried this out?
 
I haven't had a chance to use it yet, but it appears to be
a terminal program that uses IDEA encryption to make a 
secure link between two modems.  From the .doc and loop
function it appears to be quite functional.
 
There are many interesting little tid bits in this, 
I'm just wondering why I have never heard of any of it?
 
Drop me a line you know if this stuff is actually secure
or not...
 
Thanx
 
 
uc022 at freenet.victoria.bc.ca
 
Darren Hill
 
 





From michael.shiplett at umich.edu  Sat Feb 12 05:20:49 1994
From: michael.shiplett at umich.edu (michael shiplett)
Date: Sat, 12 Feb 94 05:20:49 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
In-Reply-To: <MhL5tSG00VAx02i0hU@andrew.cmu.edu>
Message-ID: <199402121320.IAA23807@totalrecall.rs.itd.umich.edu>


"mjg" == Matthew J Ghio <mg5n+ at andrew.cmu.edu> writes:

[ auto-install comments deleted...]

mjg> Does anyone want to develop an encrypted term program?  On-the-fly
mjg> encryption over a modem.  This would allow everyone to encrypt very
mjg> easily.  It could support plug-in modules (with signatures) to support
mjg> automatic pgp signing/verification, additional cipher modules (ie DES,
mjg> IDEA, MPJ2).  When logging on to you favorite BBS, instead of typing
mjg> your password in, you enter your account, and then set your encryption
mjg> on your terminal to your password, and if it's right, then you can
mjg> decode the transmission and you are logged on.  That way nobody could
mjg> steal your password (or anything else) by tapping your transmission.

  If the machines to which you want to connect are in a kerberos realm
and you can run TCP/IP (ala PPP or SLIP) on your end, then kerberized
telnet will offer you the ability to

	a) connect to a host without sending your password over the
        connection using a standard kerberos ticket-granting ticket.

	b) encrypt the connection (DES using the session key), so that
	you can, among other things, klog on the remote host without
	the password being sent in the clear.

It should be possible to add other encryption options into ktelnet.

  One might be able to adapt this for BBS use either by modifying
kerberos or by using something like s/key. There's no need for
cleartext passwords to be flying across the wire.

michael





From danisch at ira.uka.de  Sat Feb 12 06:00:50 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Sat, 12 Feb 94 06:00:50 PST
Subject: List of forbidden mathematics?
Message-ID: <9402121358.AA13308@deathstar.iaks.ira.uka.de>



> Do any of you have a current list of banned mathematics topics handy?
> I was reading a number theory book (Rosen) and got worried that I
> might be stumbling into some of the areas forbidden to private
> citizens.

Are these topics forbidden by law or by influence?


Hadmut






From BOBES_PIERRE at delphi.com  Sat Feb 12 07:31:07 1994
From: BOBES_PIERRE at delphi.com (BOBES_PIERRE at delphi.com)
Date: Sat, 12 Feb 94 07:31:07 PST
Subject: DELETE ME FROM THIS MAILING LIST
Message-ID: <01H8SMD8XGPU91WL3R@delphi.com>


Sorry to take up bandwidth; but I have tried the proper procedure 
for signing off this list to no avail. Please do sign me off.
thanks
bob





From mpd at netcom.com  Sat Feb 12 10:11:10 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sat, 12 Feb 94 10:11:10 PST
Subject: PGP
Message-ID: <199402121811.KAA02105@mail.netcom.com>


Could someone EMAIL me where I could get a copy of PGP for my Netcom
account?  Thanks.  

-- 
     Mike Duvos         $    PGP 2.3a Public Key available    $
     mpd at netcom.com     $    via Finger.                      $





From baford at schirf.cs.utah.edu  Sat Feb 12 10:21:09 1994
From: baford at schirf.cs.utah.edu (Bryan Ford)
Date: Sat, 12 Feb 94 10:21:09 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
In-Reply-To: <MhL5tSG00VAx02i0hU@andrew.cmu.edu>
Message-ID: <9402121811.AA18867@schirf.cs.utah.edu>


>Hmm...  Well, having a program that will auto install segments only if
>they are signed by trusted public keys is a good one...  but then again,
>most of the non-techies just want to have a program that works and that
>they're happy with.  Many people would rather just keep a stable,
>working, but older version instead of going to the trouble of trying to
>always have the latest.

That's actually another reason such a system could be valuable.  If
multiple signatures could be attached to a particular version of a program,
different versions of a program could be distributed simultaneously,
each at a different "stability level".  New versions would start with
only the signature of the author, indicating that the author "thinks it
works."  Then as the alpha testers test the version, they sign it if they
consider it stable.  If "enough" signatures are attached to a particular
alpha test version, it becomes a beta version and released to the much
broaded beta test audience, who then similarly sign it only if they
think it's stable, and finally it might become a release version.

A particular user might configure the downloading/installation system
to accept new versions of the software only after a certain number of
signatures are attached to it.  In addition, the user would probably
specify some number of specific signatures that must be present -
the author's, presumably, possibly other well-known beta testers,
the maintainer of the primary FTP site it's being distributed from,
etc.  Essentially, the "specific signatures" check would be for
security, while the "number of signatures" check would be only to
keep track of the stability of the software.

On the author's (distributor's) side, there might have to be some
additional security provisions to ensure, as much as possible, a
"one tester, one signature" rule, so tons of bogus signatures don't
get accepted and added to the main distribution.  But only the
author/distributor should need to worry about this; normal users/
receivers of the software shouldn't need to be concerned.

>I would be wary of an auto-update system because of possible bugs in the
>software.  Even if you only allowed updates from completely trusted
>public keys, even the best of us make mistakes and screw something up...

The same goes for PGP, anonymous mailers, etc.  Any software system
like this can only command trust as more and more people scrutinize it
and test it and decide it's OK for them.

>Perhaps we just need something that would make using encryption easier. 
>Tell me what you all think of this as a project for cypherpunks:
>
>Does anyone want to develop an encrypted term program?  On-the-fly
>encryption over a modem.

This is another good application, but I think it suffers from the same
problem as encrypted E-mail messages: as long as it's even a little
less convenient than no encryption, most people just won't care enough
to use it.  The motivation for my suggestion was not so much to
present a neat new idea (in fact, I'm sure the idea is not new at all),
as to present a _strategy_ for achieving other social and political goals.
The strategy I'm proposing is to find a way to make encryption an
_enabling_technology_, not just a mostly-unnecessary inconvenience in
the eyes of ordinary people.

However, with that in consideration, don't let me discourage you from
doing some kind of encrypted terminal program.  In fact, one common
denominator between it and any automated downloading/installation
system would be the necessity of interfacing with existing encryption
systems, probably more than one.  A useful sub-project, whatever the
bigger project(s) turn out to be, might be an easy-to-use, standardized
"encryption interface library" that could be used in other programs
to interface with other encyrption programs and modules.

				Bryan





From danisch at ira.uka.de  Sat Feb 12 11:21:10 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Sat, 12 Feb 94 11:21:10 PST
Subject: forbidden mathematics (I got the joke now...)
Message-ID: <9402121911.AA13469@deathstar.iaks.ira.uka.de>



Thanks to all for showing me that it was a joke only. :-)

I didn't have the context and was taking this as strange but
serious. It is sometimes very difficult
to distinguish between satire and law.

Hadmut ( a little bit slow with everything today...)






From pfarrell at netcom.com  Sat Feb 12 11:25:31 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Sat, 12 Feb 94 11:25:31 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
Message-ID: <51623.pfarrell@netcom.com>


In message Sat, 12 Feb 94 11:11:09 MST,
  Bryan Ford <baford at schirf.cs.utah.edu>  writes:

> This is another good application, but I think it suffers from the same
> problem as encrypted E-mail messages: as long as it's even a little
> less convenient than no encryption, most people just won't care enough
> to use it.

I agree completely with this. we have to move encryption onto the desktop
PCs and Macs, and make it transparent to the naive users. Eudora and NUpop
are a good start, but aren't transparent when you use PGP or ViaPGP.

I've written a non-TCP/IP Windows POP/SMTP client that will work with
commercial providers such as Netcom and Digex, but I can't get the low
level communications code to work - Window's comm.drv API is too flakey for
me to understand and get working.

I believe that my code is less than a week or two from being ready to
distrubute, if I can get some help with the communications code.
I asked a few months ago, and had one volunteer who didn't deliver.

I'd love to find a cypherpunk willing to work with me to provide some sorely
needed enabling technology.

Pat

Pat Farrell      Grad Student                 pfarrell at gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From shipley at merde.dis.org  Sat Feb 12 13:11:10 1994
From: shipley at merde.dis.org (Peter shipley)
Date: Sat, 12 Feb 94 13:11:10 PST
Subject: PGP
In-Reply-To: <199402121811.KAA02105@mail.netcom.com>
Message-ID: <9402122109.AA24179@merde.dis.org>


>Could someone EMAIL me where I could get a copy of PGP for my Netcom
>account?  Thanks.  
>
>-- 
>     Mike Duvos         $    PGP 2.3a Public Key available    $
>     mpd at netcom.com     $    via Finger.                      $
>

ftp to soda.berkeley.edu and look in pub/cypherpunks

		-Pete





From shipley at merde.dis.org  Sat Feb 12 13:15:57 1994
From: shipley at merde.dis.org (Peter shipley)
Date: Sat, 12 Feb 94 13:15:57 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
In-Reply-To: <51623.pfarrell@netcom.com>
Message-ID: <9402122100.AA24152@merde.dis.org>

A non-text attachment was scrubbed...
Name: not available
Type: text/x-pgp
Size: 1064 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/19940212/b721657f/attachment.bin>

From pfarrell at netcom.com  Sat Feb 12 14:21:09 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Sat, 12 Feb 94 14:21:09 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
Message-ID: <62543.pfarrell@netcom.com>


In message Sat, 12 Feb 1994 13:00:55 -0800,
  Peter shipley <shipley at merde.dis.org>  writes:

> This is why I email this list to encourage the use of MIME email headers
> with a MIME mailer (elm, pine, mh, Zmail etc..) when a person
> receives email, the mailer agent will invoke pgp automaticly
> thus reading encrypted email is a user transparent process.


Clearly MIME is a step in the right direction. And clearly MIME is steg
friendly, who can tell a MIME encoded PGP message from a MIME encoded
GIF file without looking at character frequencies, etc. (You _know_ that
I'm going to lie about the MIME-Content-Type flag :-)

But I haven't yet found a Windows PC client that will work without TCP/IP.
Maybe I haven't looked hard enuff.  Since 85% of all computers are shipped
with Windows, "widespread use" means Windows (or Windoze for the cynics).
I also  don't know why the network  vendors charge so much more for SLIP
and/or PPP, but until IP is as cheap as async, there is a need for lower
technology solutions.

There are also some design questions that have to be addressed on the
human interface side. For example, some folks strongly prefered not to
receive encrypted mail, because they didn't work in an PGP friendly
environment. So you need to have a client that is smart enuff to
automatically encrypt to folks who control machines on the net, and not
encrypt by default to folks using unsecure delivery such as netcom.com's
vt100 based users. And you need a nice way to override the default. Clearly
this information goes in the roledex that you keep with your client
software. I mention it only so that folks realize that the simple
publication of a PGP or RIPEM key does not indicate that a user is ready to
receive all email encrypted.

Solving these problems is exactly why we write code.

Pat

Pat Farrell      Grad Student                 pfarrell at gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From jim at bilbo.suite.com  Sat Feb 12 16:51:09 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Sat, 12 Feb 94 16:51:09 PST
Subject: a protocol
Message-ID: <9402130044.AA01412@bilbo.suite.com>



An idea came to me today for a protocol for exchanging keys  
point-to-point (inspired by the Robert Cain messages).  The protocol  
is a just combination of the Interlock Protocol described on page 44  
of "Applied Cryptography" and Diffie-Hellman, describe on page 275.

Keeping with the terminology of the book, Alice will attempt to  
exchange a key with Bob, and Mallet will attempt to sit in the middle  
without being detected.

As has been demonstrated in the past, I haven't read a lot of the  
cryptography papers that are out there, so for all I know, this is a  
well known protocol (or simple variation).  However, I haven't seen  
it, and it seems interesting.  Anyways, on with the show...


1) Alice sends Bob her public key.  (ala Interlock Protocol)

2) Bob sends Alice his public key.

3) Alice generates a Diffie-Hellman "n" value, encrypts "n" with  
Bob's public key and sends half of the "n" message to Bob.

4) Bob generates a Diffie-Hellman "g" value, encrypts "g" with  
Alice's public key and sends half of the "g" message to Alice.

5) Alice sends other half of "n" message to Bob.

6) Bob puts the two halves of Alice's "n" message together and  
decrypts it with his private key.  Bob sends the other half of his  
"g" message to Alice.

7) Alice puts the two halves of Bob's "g" message together and  
decrypts it with her private key.

Alice and Bob's each now have an "n" and a "g".  Below, I try to show  
that they can only have the same "n" and "g" if there is no  
man-in-the-middle.

Alice chooses a random large integer x and computes:

		X = (g**x) mod n

Bob chooses a random large integer y and computes:

		Y = (g**y) mod n

Standard Diffie-Hellman stuff.


8) Alice encrypts X with Bob's public key and sends half of X message  
to Bob.

9) Bob encrypts Y with Alice's public key and sends half of Y message  
to Alice.

10) Alice sends other half of X message to Bob.

11) Bob puts the two halves of Alice's X message together and  
decrypts it with his private key.  Bob sends the other half of his Y  
message to Alice.

12) Alice puts the two halves of Bob's Y message together and  
decrypts it with her private key.

Now Alice and Bob's each have an X and a Y.

Alice computes k = (Y**x) mod n.

Bob computes k' = (X**y) mod n.

13) Alice encrypts a message using k and sends it to Bob.

Bob decrypts message using k' and validates success of protocol.

14) Bob encrypts a message using k' and sends it to Alice.

Alice decrypts message using k and validates success of protocol.

----------

What can Mallet do to this protocol?

Mallet can substitute his own public keys for Alice's and Bob's in  
steps 1 and 2.  Mallet can then capture "n" (from Alice) and "g"  
(from Bob), although not immediately.  Mallet forward Bob bogus "n"  
message halves and Alice bogus "g"  message halves.  Thus Alice will  
get a bogus g, call it g', and Bob will get a bogus n, call it n'.

Mallet cannot forward the real "n" to Bob because of the interlock  
protocol.  Similarly, Mallet cannot forward the real "g" to Alice.   
Mallet only learns "n" in step 5 and "g" in step 6.  However, he must  
forward half of a bogus "n" to Bob in step 3), half of a bogus "g" to  
Alice in step 4.

At the end of step 6, Alice will have n and g' and Bob will have n'  
and g.

Alice and Bob continue with the protocol and calculate X and Y.   
Alice and Bob use the interlock protocol to exchange X and Y.  As  
with n and g, Mallet will eventually get X and Y, but not before  
having to forward a bogus X to Bob and a bogus Y to Alice (call them  
X' and Y').

Alice and Bob, still unaware of Mallet, compute k and k'.  However,  
since they are using different values for n, g, X, and Y, they will  
compute different values.  The encrypted messages in steps 13 and 14  
will expose Mallet.

I've only spent about fifteen minutes thinking about this protocol.   
I can't say that it is without holes or even that it does what I say  
it does.  However, I think it might have potential.  What to the  
professionals think?

Jim_Miller at suite.com






From frissell at panix.com  Sat Feb 12 17:31:09 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 12 Feb 94 17:31:09 PST
Subject: They`re Baaaaack!
Message-ID: <199402130127.AA09601@panix.com>


For the second week in a row; the Admin, fascism, and computers made the 
front page of the Saturday NYT.

"U.S. Seeks Wiretap Software for Law Enforcement"

They are going to legislate the Digital Telephony Initiative or the 
kinder, gentler, version thereof.  Telecoms customers will get to pay 
$300+ million to tap themselves.  The Klinton proposal is alleged to be 
mellower than Bush's because it exempts "private networks."  That means 
it's meaningless since virtually all future voice and data services will 
be delivered over "private networks."

DCF

"But the President of the United States *is* named Schicklgruber." -- 
Firesign Theater Liberation Front

--- WinQwk 2.0b#1165
                                                                               





From hkhenson at cup.portal.com  Sat Feb 12 17:51:09 1994
From: hkhenson at cup.portal.com (hkhenson at cup.portal.com)
Date: Sat, 12 Feb 94 17:51:09 PST
Subject: The Clipper connection
Message-ID: <9402121746.1.14231@cup.portal.com>


    If I may boil down one side of the Clipper/Capstone debate, it is 
certain members of the government saying: 

    "We need to implement this encryption method so as to avoid 
problems we think may be coming.  Trust us!  We promise not to abuse 
your privacy."  [except for the following--expandable--list of 
reasons.] 

    Unlike some in this debate, I do not doubt the sincerity of 
Dorothy Denning or others like her.  And I would have a lot fewer 
problems with Clipper/Capstone proposal if the people who will be 
granting access to the keys and those with legal access to the keys 
were of Dorothy's caliber. 

    However, people of good will are not likely to be the ones who 
apply for these keys to your privacy in the future.  I am right in the 
middle of a case which has remarkable similarities to a Clipper 
"request for keys." 

    Full details have been posted to comp.eff.talk and misc.legal, but 
in brief summery, a Postal Inspector from Tennessee is attempting (for 
political reasons) to impose the obscenity standards of that region on 
an adult BBS run from Milpitas (just North of San Jose).  To this end, 
he obtained a warrant to take the BBS hardware.  Because of contained 
email and First Amendment activities of a BBS, subpoenas, not 
warrants, are required under two sections of federal law.  The laws 
are Title 42, Section 2000aa, and Title 18 Section 2701, the same ones 
which were applied in the well-known Steve Jackson Games case. 

    Pointers to these federal laws were *posted* on the BBS.  The 
postal inspector downloaded this file (most of which *I* originally 
wrote), and *included* it in his affidavit for a search warrant to a 
Magistrate-Judge in San Francisco, along with a remarkably weak theory 
of how he could avoid application of these laws to himself.  

    To obtain a warrant to take email and 2000aa materials, a number 
of judicial findings should have been made.  None were.  The postal 
inspector got his warrant, mailed child pornography to the BBS, served 
the warrant, and "found" the child porn.  To give you an idea of the 
good will (and competence) of the particular agent involved, he had 
not included the child porn in the warrant, and so had to fill out 
another document at the time of the search.  On this form he 
specifically described the material as "sent without his knowledge" 
(referring to the sysop).  Of course this statement did not prevent 
this child pornography (in the sysop's house for all of half an hour) 
from being the basis of one count (of 12) of a grand jury indictment 
the BBS sysop faces in Tennessee. 

    This warrant example applies to the Clipper situation.  

    The risk under Clipper is that your private communications will be 
protected by the *weakest* link in the chain--one of the thousands of 
low level Magistrate-Judges among whom law enforcement agents shop for 
warrants and will shop for keys.  These judges tend to be busy, or 
lazy or both, and they *trust* law enforcement agents.  Even if the 
law is *directly quoted* in search warrant affidavits or key requests, 
and these laws *expressly forbid* granting warrants or key requests 
under the conditions cited, the judge may not even read a lengthy 
supporting affidavit before approving it.  He is *very* unlikely to 
consider a the underlying laws when granting a request.  The key 
escrow agents provide no protection whatsoever since they simply fill 
orders from agents with approved applications. 

    Judges ignore the law with impunity, and so do law enforcement 
agents because one agency will almost never investigate another. 

    As a practical matter, applications for search warrants are almost 
never denied.  The same situation is certain to occur for Clipper key 
applications, no mater how weak the justification happens to be, or 
what laws are being violated by those seeking the keys. 

Keith Henson





From gymnast at Crissy.Stanford.EDU  Sat Feb 12 18:11:10 1994
From: gymnast at Crissy.Stanford.EDU (Timothy A. Ryan)
Date: Sat, 12 Feb 94 18:11:10 PST
Subject: a protocol
In-Reply-To: <9402130044.AA01412@bilbo.suite.com>
Message-ID: <9402130204.AA03480@Crissy.Stanford.EDU>


> 
> 
> An idea came to me today for a protocol for exchanging keys  
> point-to-point (inspired by the Robert Cain messages).  The protocol  
> is a just combination of the Interlock Protocol described on page 44  
> of "Applied Cryptography" and Diffie-Hellman, describe on page 275.
> 
> Keeping with the terminology of the book, Alice will attempt to  
> exchange a key with Bob, and Mallet will attempt to sit in the middle  
> without being detected.
> 
> As has been demonstrated in the past, I haven't read a lot of the  
> cryptography papers that are out there, so for all I know, this is a  
> well known protocol (or simple variation).  However, I haven't seen  
> it, and it seems interesting.  Anyways, on with the show...
> 
> 
> 1) Alice sends Bob her public key.  (ala Interlock Protocol)
> 
> 2) Bob sends Alice his public key.
> 
	:
	:
	:

> Jim_Miller at suite.com
> 
> 

	Could someone briefly explain the Interlock Protocol, I don't
have "Applied Cryptography".  However, it seems that Jim's protocol
depends on the Interlock Protocol guaranteeing that Alice really
gets Bob's public key and vice versa.  Otherwise, it seems that
Mallet could give each of Alice and Bob his (or is that a feminine
name?) public key, go through Jim's protocol with each party, then
just translate every message from cipher-text to clear-text then
back to cipher-text using the key for the other half of the conversation.

	tim






From nobody at jarthur.Claremont.EDU  Sat Feb 12 18:51:09 1994
From: nobody at jarthur.Claremont.EDU (nobody at jarthur.Claremont.EDU)
Date: Sat, 12 Feb 94 18:51:09 PST
Subject: Patches for magicmny
Message-ID: <9402130245.AA13146@toad.com>


I had to make a few patches for pgptools and magic money to compile on
a dos system with microsoft c 6.0.

#include <mem.h>
and
#include <io.h>

do not work with this compiler.  I added #ifdef __TURBOC__ around
these includes in mm.c, s.c, c.c, and ptd.c.

In pgpmem.c, this system has malloc.h but not alloc.h.  Change the #ifdef MSDOS
to #ifdef __TURBOC__.

With these changes it worked.





From rarachel at prism.poly.edu  Sat Feb 12 19:41:09 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sat, 12 Feb 94 19:41:09 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
In-Reply-To: <199402121320.IAA23807@totalrecall.rs.itd.umich.edu>
Message-ID: <9402130323.AA00709@prism.poly.edu>


I'm currently developing a Mac BBS.  (I don't know when I'll finish it
but I've been working on it for the last 3 years!)  I can put
patches in to connect to whatever crypto terms will be out there,
however, on the Mac, it's far easier to simply build a CommToolbox
connection tool which ANY Mac BBS or Mac terminal could interface
itself with.

The BBS would have to specifically know about the encryption tool
as it would need to link some key to a user...  But other than
that, the ability is already there.

If we come up with a standard for encoded TCP/IP and serial
communications and adapt existing programs to use them....
The serial communications would be much easier I suspect as most
unix machines can simply have device drivers written for them that
map an existing port to/from an encryption pipe and on to a
virtual device.   Ie: for every /dev/tty* you could have /dev/etty*

It'll be harder for DOS, but not impossible.  If anyone has the
sources to a fossil driver, there are plenty of BBS software that
use the fossils... Perhaps there would be some term programs that
do this too?

On Amiga????

(BTW: I've put off the Mac BBS for a while as I just stumbled on
something far more important: a crypto-stacker for the Mac!!!  I
hope to get something up in beta in the next few months.  I won't
do the actual encryption routines, but will provide plenty of hooks
for adding your own. I'm going to have it actually compress/decompress
and have some hooks...)





From rarachel at prism.poly.edu  Sat Feb 12 20:01:09 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sat, 12 Feb 94 20:01:09 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
In-Reply-To: <MhL5tSG00VAx02i0hU@andrew.cmu.edu>
Message-ID: <9402130341.AA00829@prism.poly.edu>


> probably be solved by packaging the data into manageable packets with an
> error-correction protocol and then encrypting those.  Error-correction
> would be vital, as line noise can wreak havok on encrypted data. 
> (Although you could reduce the impact of the errors by weakening the
> cipher somewhat.)  I do have several ideas as to how to do this...

Look at the code for Layers and Multisession(??) they both have sources
for the unix end.  If you base your code on that it should be fairly
stable as we know the above products work.  (Beware of Layers though,
on the Unix end, it supposedly leaves opened ports after you log out
which could be used to hack in, or look like they were used to hack in.
I got my account pulled one day for running it, because some hackers were
breaking in and leaving open ports as part of their footprints....)

 
> What do you think?  Anyone want to take this on as a project?
> If I'm going to do it, it would be for MS-DOS systems, tho if there's
> enuff interest, it might be possible to develop multi-platform support
> concurrently.
> Let me know...

If you're going to do this, try to write some VERY generic code. Don't
assume the size of a char, int, long, etc.  Instead, use stuff like:

#define CHAR char
#define INT int

etc.  That way, if an int happens to be 32 bits on some weirdo machine,
it can be redefined on that machine by simply modifying the headers...
(better yet, use typedef, not #define.)

Another thing, don't use any dos i/o functions to actually send the
packets across, instead, do everything you can without calling on DOS
or whatever C language library/compiler calls directly.  Call the DOS
functions to read/write to the serial port from one single place so
that they can be easily modified.

You really don't have to do too much for the packets and stuff...
Basicallly each packet is composed of a header, data, and some
sort of check.  There are CRC codes out there already.  Pull the
32 bit version out of some Zmodem program and use that...

Your header should contain some packet id#, the size of the packet
(no need to send 1024 bytes if the user just pressed one key :-),
the CRC for the packet, and the packet itself...  A good thing might
also be to include a couple of special bytes at the begining and end
of the packet so that the receiver can try to resynch itself if it
gets hit by line noise...  Say, 0x55,0x55,0xAA,0xAA, packetid#,
packetsize, packetcrc, packet, 0x00,0x00,0xff,0xff for example.
(while this is longer, the other side can look for 2 zeroes, followed
by two 255's, followed by possibly some time before it sends a
request to resend the packet.

Or if you want to make things simpler, do as Xmodem (yuck!) send
a small tiny header, the packet, and wait for an ACK from the other
side before proceeding to send the next packet.  That ACK would be
after/before a packet that the other side sends of course... :-)

Better yet, maybe you can just hack some source code for SLIP or
UUCP or something...






From jito at iikk.inter.net  Sat Feb 12 20:31:09 1994
From: jito at iikk.inter.net (Joichi Ito)
Date: Sat, 12 Feb 94 20:31:09 PST
Subject: copyrights of anonynous messages
Message-ID: <9402130428.AA27705@iikk.inter.net>


Can someone tell me what the understanding is about reprinting and
reposting messages send via anonymous remailers? IE if I am writing an
article and want to quote from this list, I will try to get permissions
from the author. What do I do about anonymous notes?

 - Joi


--
true name:                 <Joichi Ito>
closest email address:     <jito at netcom.com>
closest fax number:        <+81-3-5454-7218>
current physical location: <Tokyo>
travel path:               <.>
mosaic home page:          http://iikk.inter.net/
--
finger jito at netcom.com for PGP Public Key, RIPEM Public Key
--







From nowhere at bsu-cs.bsu.edu  Sat Feb 12 21:41:10 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Sat, 12 Feb 94 21:41:10 PST
Subject: No Subject
Message-ID: <9402130533.AA09054@bsu-cs.bsu.edu>


 Developers using the current version of PGPtools
should becareful to add keyspace FIFO and passphrase
"burns" to their applications to insure that
security critical information is NOT left carelessly
in memory... while PGP 2.3A is VERY scrupulous,
PGPTools package does NOT have sufficient internal checks and "burns"
at present...this is left to the developer at pressent...
I also noted a fifo_unlink routine where a burn should
be performed prior to the unlink from the FIFO queue...


       Anon





From rjc at gnu.ai.mit.edu  Sat Feb 12 21:42:57 1994
From: rjc at gnu.ai.mit.edu (Ray)
Date: Sat, 12 Feb 94 21:42:57 PST
Subject: How to easily increase remailer traffic
Message-ID: <9402130537.AA03911@geech.gnu.ai.mit.edu>



  Recently I was reading a message about how fast ftp porno sites
go down because as soon as they are announced they undergo constant
heavy use.

  Given an anonymous remailer network, there is no need for sending
random noise messages to keep a constant traffic. Simply set up a double 
blind porno e-mail archive site. The site address itself would be a 
self-addressed pgp remailer block, and all return addresses would be SASE 
too. Not only would this provide a constant background of data flowing to 
hide important messages in, but it would also incentivize thousands of
people on the net into using pgp via e-mail daily and would educate
them about crypto. The double blind mechanism would keep the site
safe from direct attack, and would give many people more confidence
about requesting such files (since they could be encrypted on
delivery) As more sites pop up using the double blind mechanism to
avoid discovery, more and more remailers would be added to the network.
People would be encouraged to set up simple light-weight remailers
in their .forward once they figure out that there is safety in
large numbers.

  Pornography is usually the first media to use new technology.
Whether it's modems, networks, bbs, minitel, irc, muds, cd-roms, 
independent phone service, desktop video, desktop publishing, video
games, you name it. Let's harness its power to found cryptoanarchy
in cyberspace.

  All that's needed is a uucp setup, about 20 megs for jpeg picture
archive or story archive, pgp, and some slightly more powerful remailer
software. This is guaranteed to generate a steady stream of remailer
usage (possibly too much)

-Ray (unsubscribed still)

-- Ray Cromwell        |    Engineering is the implementation of science;    --
-- rjc at gnu.ai.mit.edu  |       politics is the implementation of faith.      --





From mnemonic at eff.org  Sat Feb 12 21:51:10 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Sat, 12 Feb 94 21:51:10 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102226.AA09203@deathstar.iaks.ira.uka.de>
Message-ID: <199402130540.AAA25442@eff.org>


 
Hadmut writes:

> You all seem to have a nice patent for defense against
> Nazis. Why don't you tell/sell us this patent? It could
> be very helpfull. 

It's not a patent. It's a principle. The idea is that the best cure for
bad speech is not censorship, but more speech.



--Mike







From mnemonic at eff.org  Sat Feb 12 21:52:54 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Sat, 12 Feb 94 21:52:54 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <9402102306.AA09283@deathstar.iaks.ira.uka.de>
Message-ID: <199402130544.AAA25493@eff.org>


 
Hadmut writes:

> So? If you find a paper with YOUR face, YOUR name and big 
> letters KILL THIS MAN FOR BEING A JEW, would you think
> this is okay?
 
Yes. Freedom of the press means freedom for hateful ideas.
Or it means nothing at all.


--Mike







From julf at penet.fi  Sat Feb 12 23:51:10 1994
From: julf at penet.fi (Johan Helsingius)
Date: Sat, 12 Feb 94 23:51:10 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
In-Reply-To: <62543.pfarrell@netcom.com>
Message-ID: <199402130749.AA13018@lassie.eunet.fi>



> But I haven't yet found a Windows PC client that will work without TCP/IP.
> Maybe I haven't looked hard enuff.  Since 85% of all computers are shipped
> with Windows, "widespread use" means Windows (or Windoze for the cynics).

There's a UUCP gateway for at least for Pegasus. Probably others as well.

> I also  don't know why the network  vendors charge so much more for SLIP
> and/or PPP, but until IP is as cheap as async, there is a need for lower
> technology solutions.

As far as I know, there are *several* PD Windows SLIP packages.

	Julf






From matthew at gandalf.rutgers.edu  Sat Feb 12 23:52:58 1994
From: matthew at gandalf.rutgers.edu (Matthew Bernardini)
Date: Sat, 12 Feb 94 23:52:58 PST
Subject: Broadening the use of Cryptography
Message-ID: <CMM-RU.1.3.761125312.matthew@gandalf.rutgers.edu>



Maybe I have just missed something in this whole discussion, so please hold
back the flames, but has a SIMPLE desktop mailer that encrypts using PGP been
writen and widely distributed on any platform ?

The common person will only do something if you make it simple for them to
access.  The attitude of don't complain, write the code youself won't fly
with average Joe who wants to help by spreading the use of PGP.  Most people
have barely just enough time to worry about reading the news and checking
their mail, let alone downlaod, compile and implement an encryption scheme.
The priority should be to get people encrypting first, then worry about
whether they understand the protocol for double-blind remailers.

It seems to me that Universities should be the highest priority for
spreading the use of PGP.  It is the students who are willing to adapt to
new technology the quickest.  Some sort of product should be developed that
can be distributed on the PC and Mac, like Pegasus mail (for those that are
familiar with it), that will support PGP.

It all comes down to marketing.  Why not make a nice free-ware game that can
carry a Cypher bill-board with it ?  How many people see the Maelstrom start
up screen on a Mac ? X-tetris on Unix ?  Minesweeper on Dos ?  It seems to
me that widespread advertising should be a higher priority if PGP is going
to succede.

Matthew Bernardini





From mnemonic at eff.org  Sat Feb 12 23:54:45 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Sat, 12 Feb 94 23:54:45 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <198LHc2w165w@ideath.goldenbear.com>
Message-ID: <199402130747.CAA26755@eff.org>


 
Greg writes:

> "Perry E. Metzger" <uunet!lehman.com!pmetzger> writes:
> 
> > I'll remind you that the supreme court has held that text-only works
> > can not be held to be obscene. You can write anything you want,
> > including explicit descriptions of sodomizing dead children, and it
> > can not be censored.
> 
> As I mentioned to Perry in E-mail, the above is incorrect. Pure text
> can be obscene and hence unprotected by the First Amendment.  Kaplan v.
> California, 413 U.S. 115, 118-119, 93 S.Ct. 2680, 2683-2684 (1973).
> Others here (Mike Godwin?) can likely provide a much better discussion
> of just where this fits into First Amendment law; Shepherds' reveals no
> more recent decisions which modify the holding in Kaplan.
 
Greg is right. (Sorry, Perry.) As a practical matter, there are almost
no obscenity prosecutions for words these days, but technically it's
possible that words can be obscene. Ask 2 Live Crew.


--Mike








From phrack at well.sf.ca.us  Sun Feb 13 00:41:10 1994
From: phrack at well.sf.ca.us (Chris Goggans)
Date: Sun, 13 Feb 94 00:41:10 PST
Subject: Blatant Plug
Message-ID: <199402130831.AAA25638@well.sf.ca.us>


 
After a complete sellout at HoHo Con 1993 in Austin, TX this past
December, the official Legion of Doom t-shirts are available
once again.  Join the net luminaries world-wide in owning one of
these amazing shirts.  Impress members of the opposite sex, increase
your IQ, annoy system administrators, get raided by the government and
lose your wardrobe!
 
Can a t-shirt really do all this?  Of course it can!
 
--------------------------------------------------------------------------
 
"THE HACKER WAR  --  LOD vs MOD"
 
This t-shirt chronicles the infamous "Hacker War" between rival
groups The Legion of Doom and  The Masters of Destruction.  The front
of the shirt displays a flight map of the various battle-sites
hit by MOD and tracked by LOD.  The back of the shirt
has a detailed timeline of the key dates in the conflict, and
a rather ironic quote from an MOD member.
 
(For a limited time, the original is back!)
 
"LEGION OF DOOM  --  INTERNET WORLD TOUR"
 
The front of this classic shirt displays "Legion of Doom Internet World
Tour" as well as a sword and telephone intersecting the planet
earth, skull-and-crossbones style.  The back displays the
words "Hacking for Jesus" as well as a substantial list of "tour-stops"
(internet sites) and a quote from Aleister Crowley.
 
--------------------------------------------------------------------------
 
All t-shirts are sized XL, and are 100% cotton.
 
Cost is $15.00 (US) per shirt.  International orders add $5.00 per shirt for
postage.
 
Send checks or money orders.  Please, no credit cards, even if
it's really your card.
 
 
Name:       __________________________________________________
 
Address:    __________________________________________________
 
City, State, Zip:   __________________________________________
 
 
I want ____ "Hacker War" shirt(s)
 
I want ____ "Internet World Tour" shirt(s)
 
Enclosed is $______ for the total cost.
 
 
Mail to:   Chris Goggans
           603 W. 13th #1A-278
           Austin, TX 78701
 
 
These T-shirts are sold only as a novelty items, and are in no way
attempting to glorify computer crime.





From kryten at shell.portal.com  Sun Feb 13 00:51:10 1994
From: kryten at shell.portal.com (Greg - Kucharo)
Date: Sun, 13 Feb 94 00:51:10 PST
Subject: Meeting Thanks
Message-ID: <199402130850.AAA24152@jobe.shell.portal.com>


 Thanks to everyone who organized and presented at saturdays meeting,I had a great time and learned a great deal.I'm already looking foward to the next meet.

  Greg/kryten





From jdwilson at gold.chem.hawaii.edu  Sun Feb 13 02:21:11 1994
From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA)
Date: Sun, 13 Feb 94 02:21:11 PST
Subject: SCI: Brain Wave Alteration
In-Reply-To: <199402110323.AA28727@halcyon.com>
Message-ID: <9402131013.AA27536@gold.chem.hawaii.edu>


Re use of strobe in EEG's - yes, the use of strobe lights with both closed
and open eyes at various frequencies are still part of the standard EEG
diagnostic protocol for differentiating among other things epelepsy, narco-
lepsy, and other neurological disorders of this nature.

 -Jim






From jcook at pro-storm.metronet.com  Sun Feb 13 06:31:12 1994
From: jcook at pro-storm.metronet.com (Julian Cook)
Date: Sun, 13 Feb 94 06:31:12 PST
Subject: UNSUBSCRIBE
Message-ID: <bd30145@pro-storm.metronet.com>


UNSUBSCRIBE ME PLEASE.






From nv90-btu at nada.kth.se  Sun Feb 13 08:01:12 1994
From: nv90-btu at nada.kth.se (Thure)
Date: Sun, 13 Feb 94 08:01:12 PST
Subject: Unsubscribe
Message-ID: <9402131558.AA16188@nilen.nada.kth.se>


Unsubscribe me please.
/ Bjoern

nv90-btu at nada.kth.se





From hayden at krypton.mankato.msus.edu  Sun Feb 13 10:21:13 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Sun, 13 Feb 94 10:21:13 PST
Subject: Pornography Server
Message-ID: <Pine.3.89.9402131234.A16632-0100000@krypton.mankato.msus.edu>


In response to the posting about setting up a pornography server (Sorry, 
I'm afraid I deleted the specific message so I cannot remember who you 
was :-).

That is certainly a way for people to get and use PGP and to get used the 
remailers.  It would get a lot of heavy use as well.  Now, if there was a 
way to batch mailings (so that if, say, six people ordered one item, it 
would be sent as one letter to all six instead of six different letters, 
with precedence set to bulk), that would help even more.

Now, there are also some practical considerations as well.  What 
materials do you archive?  If you put up pictures (gif or jpeg), you will 
be talking about tremendous amounts of traffic.  Once they are uuencoded, 
even with compression, they can be huge.  If you limit yourself to things 
such as stories and the like, you will have less traffic, but also less 
use.

There is also the legal side of distributing pornography.   Interstate 
transfer is naughty and with Al Gore's Information-Superhighway Patrol, 
it will raise some very political issues (but, by using a decent blind 
system, for all the patrol knows, the distributor might be in the 
recipient's state).

Also, and this is really just an interface issue, scripts should be 
developed that will automate the retrieval process (ie, build and submit 
the mail message).  These would be similiar to the hop.mail or anon.mail 
scripts, but would be custom to the pornography server.

For example:
	It begins with an input for the file to be retrieved.
	It will continue prompting for that until the person enters a
		null (or 'q' or something)
	It will then list (at least) one dozen remailers, and they can 
		select one (or take a default, and randomize it.  Or perhaps 
		randomize it through >1 remailer, although that decreases 
		response time.).
	They will then have to PGP sign their mail message (so that the 
		ordering software can verify the person placing the order. 
  		This is to cut down mail-spoofing to mail-bomb an enemy 
		with porn.)
	Encrypt it for the appropriate parties
	Send it on its way.

The server can either reply immediately with the appropriate files, or it 
can batch everything up for processing during low-traffic times (I 
personally like the first, but dont' really care that much).  The mail is 
then PGP encrypted back to the recipient (by getting the key from a key 
server, or by having the orderee register their key before hand, with the 
latter probably being easier, although it does leave a paper trail that 
can be examined) and sent out with precedence set to 'bulk' so that 
other stuff is more important on the mail links.

It should all be fairly accomplishable with a series of perl and sh 
scripts on either end.  The real question is what to offer.

I'll talk more about this from an organizational stand-point if anyone is 
interested.  I'm afriad that I'm really not that good a programmer (even 
of simple shells) as my field of expertise is in management and other 
administrative stuff (but obviously not spelling :-)

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From rcain at netcom.com  Sun Feb 13 10:31:14 1994
From: rcain at netcom.com (Robert Cain)
Date: Sun, 13 Feb 94 10:31:14 PST
Subject: Oh No! Nazis on the Nets
In-Reply-To: <199402100240.AA23564@panix.com>
Message-ID: <199402131824.KAA03233@mail.netcom.com>


Duncan Frissell sez:
> 
> Of particular concern to the authorities are connections with Gary Lauck,
> self-proclaimed head of America's neo-Nazis, whose organisation in 
> Nebraska is believed to be behind the mailing of a computer disk called 
> "Endsieg" (Final Victory) which contains bomb-making instructions.

It is just this kind of thing that does in fact give me big qualms when
considering the enormous consequences of unleashing inexpensive, easy
to use, hard voice crypto that is accessible to anyone.  I'm not really
being a devil's advocate, I'm just sincerely concerned.  Sure, this guy
may have a nonsense plan or a workable one or perhaps none at all
but...

It could be the Pandora's box awaiting the opening that the cold war
years never quite showed the balls to attempt.  In this unstable and
angry world with people obviously standing ready to do *anything* they
can to get their way, is it appropriate to help them accomplish their
deadly and reckless methods?  I dunno, but when you feel you hold the
key to this in your head and respected people think so too it really
make you *stop* and think.

On the other hand it is inevitable so why be personally concerned.


Peace and Love,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From jpp at markv.com  Sun Feb 13 10:41:14 1994
From: jpp at markv.com (jpp at markv.com)
Date: Sun, 13 Feb 94 10:41:14 PST
Subject: Broadening the use of Cryptography
In-Reply-To: <CMM-RU.1.3.761125312.matthew@gandalf.rutgers.edu>
Message-ID: <9402131032.aa07552@hermix.markv.com>


  Long ago when I started writing pgpmail, I felt one reason people
weren't using PGP much was inconvineince.  So, I wrote code to fix
this.  Now if you use GNU Emacs to read and author mail (as I do) you
can use my pgpmail (FTP://ftp.markv.com/pub/pgpmail/*) to
automatically encrypt, decrypt, sign, and check the signatures -- all
with little or no effort. (C-c e to encrypt, everything else is 0
interaction, save entering your PGP passphrase.)

  Now admittedly, this only works on systems where GNU Emacs can read
mail and run PGP.  This translates to primairily multiuser unix
machines.  Sigh.  Well, at least you can do as I do, maintain 1 key
for low security multi user systems, and another (high hassel cost)
key for high security.

  The next project I am working on is a 'packet privatizer'.  Expect
alpha release sometime this or next year.

j'
--
		   O I am Jay Prime Positive jpp at markv.com
1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5  89 C9 F0 FE B4 3A 2C 3F
 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED  66 23 F1 71 DE FF 51 48
Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com
Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com

Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org





From qwerty at netcom.com  Sun Feb 13 11:41:15 1994
From: qwerty at netcom.com (Xenon)
Date: Sun, 13 Feb 94 11:41:15 PST
Subject: Oh No! Nazis on the Nets
Message-ID: <199402131935.LAA29826@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----


Bob Cain said,
>It could be the Pandora's box awaiting the opening that the cold war
>years never quite showed the balls to attempt.  In this unstable and
>angry world with people obviously standing ready to do *anything* they
>can to get their way, is it appropriate to help them accomplish their
>deadly and reckless methods?  I dunno, but when you feel you hold the
>key to this in your head and respected people think so too it really
>make you *stop* and think.

Some of us have a lot more respect for humanity than these words of
fear express. People like to talk to each other. That's all. Get out there
and talk to people instead of gobbling up the media's attempts to tell you
people are evil if you set them free to be themselves. The only ones who
are evil are those too greedy or at least to narrow minded to see that it's
time to bring the rest of the species up to our standard of living. It's you,
the "good guys", who are forcing the unfortunate to turn to crime. It is
this actively artificial scarcity that causes groups of people to band
together to either fight those who do not have enough, or to fight those
who do.

"Peace and Love,"

 -=Xenon=- <qwerty at netcom.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLV456gSzG6zrQn1RAQFEKAQApdNxls7ProP5Kl3hyt4ARfWGP+3V4Mdx
PKN0j/4UbUNtCxZKMIMV+9YJioDO5S5wg3IDf2yF6/nesDG+jEmfG59EeBujau4i
w3Y8c73sPZQL5ymktV9HUapf444xsXdoeycXjF+sDCPm2USuc3vCp0+Z38nA2X6m
OmcOI7xAnFY=
=Ng9t
-----END PGP SIGNATURE-----





From freeman at MasPar.COM  Sun Feb 13 11:51:14 1994
From: freeman at MasPar.COM (Jay R. Freeman)
Date: Sun, 13 Feb 94 11:51:14 PST
Subject: The Clipper connection
Message-ID: <9402131944.AA08275@cleo.MasPar.Com>


Keith Henson comments on the realities of obtaining subpoenas and wiretaps:

> [...]

    I cannot help but note that if persons of good will should choose to
attempt to improve the uniformity and correctness of application of law to
circumstances such as those Keith mentions, a well-written expert system
with a friendly user interface might be part of the solution.
    (This observation is a little borderline for cypherpunks but it does
in principle involve writing code...)
                                                   -- Jay Freeman





From tcmay at netcom.com  Sun Feb 13 11:53:56 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 13 Feb 94 11:53:56 PST
Subject: Actively Sabotaging Clipper and Capstone?
Message-ID: <199402131947.LAA03223@mail.netcom.com>



Cypherpatriots,

It's becoming more and more evident that the Crypto War has already
started, that the fascists in power have decided to ban the keeping of
secrets and the use of strong crypto by nongovernment folks.

In later messages I will expand on the ways we can actively sabotage
the Clipper/Skipjack/Capstone/MYK-xx/Tessera key escrow systems,
sabotage them with reverse engineering, with the planting of
compromised versions on store shelves, with the publication of
technical specs (such as "someone" did with the dumpster-diving
adventure at Mykotronx--which I've heard freaked out the national
security establishment!), and with the active spreading of
disinformation about the compromise of the key escrow system.

(Not everyone will like this "call to arms." I expect some harsh
responses. But isn't this what we cherish about free speech, the
ability to talk about controversial matters, even something as
controversial (well, not to me, of course) as advocating the overthrow
of the U.S. government?)

How could Clipper be sabotaged?

As a hint of what to expect, imagine the reaction of potential Clipper
users to the reports that BlackNet has already seen the offer of
$200,000 for the family keys? Or for the information leaking out of
VLSI Technology Inc., fabricators of the Mykotronx chip (and the ARM 6
that is part of the key escrow system), that different "family keys"
are being produced for different _countries_ (UK, Japan, etc.). I'm
sure these countries will be thrilled to welcome these chips onto
their shores, knowing that the family keys have already been provided
to the National Security Agency! 

(Sidebar on U.S. surveillance of Japan: Japan's version of the NSA,
the little talked about Chobetsu, is already advising Japanese chip
makers that the NSA listening sites at Misawa Air Force Base is
heavily targeting economic intelligence. "Yomiuri Shimbun," a large
daily newspaper, reported on 2-29-92 that the NSA and other U.S.
intelligence agencies had stepped up spying activities on Japanese
manufacturing companies, intercepting faxes, voicemail, and ordinary
conversations. Ostensibly, I suppose, this interception is targeted at
detecting evidence of collusion by the keiretsus, arms agreement
violations (recall the Toshiba propeller-machining case), and
shipments of sensitive technology to U.S. adversaries. However, my
contacts in the U.S.  chip industry say the intercepted material is
being used in pricing decisions and in trade negotiation talks, as
with the "20% of your chip purchases must be of U.S. chips, or
else....," and that the Japanese have just in the last 2 years
launched a major effort to secure their faxes, voice lines, and
computer networks against interception by the NSA and their affiliated
eavesdropping compadres (Naval Security Group, Air Force Electronic
Security Command, and Army Intelligence and Security Command (INSCOM),
all of which operate out of large military bases maintained in Japan,
but whose antennas are increasing turned away from Sakhalin Island and
toward the commercial traffic flowing in our major economic opponent.
These are the potential--but not very likely!--customers of Clipjack.)

Methinks the "classifed aspects" of Clipper/Skipjack that Dorothy
Denning recently mentioned (Denning: there are things the goverment
needs to do that it can't tell you about) have largely to do with this
economic espionage. Which is why we're already seeing "family keys"
generated for specific target countries, like Japan, Germany, and
France (our major "enemies" in this new world without our former
enemies). 

Part of our sabotage of key escrow can be the recruiting of more
Cypherpunks in these targeted countries and the providing of them with
material we find from anonymous sources who forward juicy material
(like the Mykotronx contracts, dates, specs, etc.). We can help create
an attitude of intense skepticism about key escrow, perhaps even
resulting in the widespread repudiation of Clipper use by corporations
in these countries. (For example, how would Toshiba react to the
report that Intel's Flash Memory group was tipped off about the
planned production volumes for Toshiba's 16 Mbit flash? Do you think
Toshiba will be an eager customer for Clipjacked phones from the U.S.?
Right.)

And key escrow can of course be attacked on "general principles." The
idea that some conversations must be "escrowed" (whether the _keys_
are escrowed or the entire conversation is escrowed for later opening
is a distinction without a difference) is anathema to everything this
country once stood for.

(Key escrow is analogous of course to requiring all Citizen Units of
these Beknighted States to "escrow" their personal letters, diaries,
family album pictures, and kitchen recipes with the local constables.
After all, what if the government "needs" to consult these escrowed
files to see if illegal kiddie porn pictures of one's infants are
being pasted into the photo album, or if seditious thoughts are being
discussed in letters, or if "hateful speech" is being used? As
Professor Denning has pointed out, escrowing of the contents of one's
house does not affect the law-abiding citizen, who has nothing to fear
if he has nothing to hide, and allows law enforcement officers the
needed means of ensuring full compliance with all 17,532 laws now on
the books. Besides, the key escrow systems ensures that safeguards
exist: both the FBI and the Department of Justice will have to agree
before your escrowed diaries, letters, photo albums, and recipes can
be examined. You, of course, will not be notified that this has happened.)

Clipper and Capstone (the data standard that is coming), known also by
various names such as Skipjack, MYK-xx, Tessera, etc., are said to be
"voluntary" standards, but the signs are pointing toward the
outlawing--officially or practically (more on what I mean by this
below)--of alternatives to these Big Brotherish systems:

* Clipper/Capstone/Tessera will be useless in "fighting crime" if the
targets refuse to use them. Even a "dumb criminal" is not going to pay
extra money for an official AT&T "Clipjack" phone....he'll either take
no special precautions whatsoever (a la John Gotti) or his technicians
will set him up with something other than the key escrow system.

* The inevitable "market failure" of Clipperphones ("Reach out and tap
someone") will result in calls for a mandatory standard. We've all
seen this coming ever since the first proposal (and earlier, as I
wrote in my October 1992 piece, "A Trial Balloon to Ban Encryption?")

* The "Digital Data Superhighway" (what a dumb name!) will almmost
certainly attempt to impose various kinds of regulations and rules for
data. You all can speculate on the laws...

* The tax avoidance implications of strong crypto are so profound that
the Feds are undoubtedly panicking about this. (A source tells me that
my "crypto anarchy" schemes, now being talked about by others, and the
subject of articles in various magazines, are being taken seriously be
the Treasury folks and FinCEN, and that they are getting more and more
active in the NSA-NIST-CIA-Justice planning for key escrow,
wiretapping, and surveillance. (Cf. the great article in "Wired," the
December issue (I think--it has Sonic the Hedgehog on the cover), on
FinCEN, the Financial Crimes Enforcement Network.)

* Speaking of wiretapping, the S.266-based wiretap proposal *has not
gone away*. It will come back bigger and badder than ever. I'm
attaching the description of what's cooking now, based on an article
from yesterday's NYT.

Key escrow, wiretapping, increased surveillance of economic
transactions, FinCEN, the collusion of the credit reporting agencies
with intelligence folks (how do you think 50,000 people in the Witness
Security Program (aka Witness Protection Program) are so well hidden
in this age of computers?), all are changing the equation drastically.

There are more than 700 subscribers to the Cypherpunks list. If only a
handful of us actively sabotage the Clipper/Skipjack system, we may
have a major impact. (Of course, our putting the "penny on the track"
could also produce the train wreck of a complete crackdown on computer
communications, but this is unlikely: the genie's already out of the
bottle, the networks are already too anarchic and too ubiquitous, the
sites are already beyond the control of the U.S. government.

Time to sabotage this whole Big Brother system.

--Tim May

And here's the article, or a summary of it, about the Administration's
ongoing plans to put a goverment wiretap in every network:


From: Junger at samsara.law.cwru.edu (Peter D. Junger)
Newsgroups: talk.politics.crypto
Subject: White House Seeking Software to Aid in Wiretaps
Date: Sat, 12 Feb 1994 14:09:20 GMT
Lines: 27
Message-ID: <Junger.274.761062160 at samsara.law.cwru.edu>


	The New York Times has an article this morning (9/12/94) on the 
first page of the national edition by Edmund L. Andrews, datelined 
Washington, Feb. 11 with the headline that appears above in the subject line.

I quote two paragraphs:

	"The White House is pressing for legislation to force telephone and 
cable companies to install computer software on their networks that would 
enable law enforcement agencies to eavesdrop on phone calls and computer 
transmissions, Clinton Administration officials said today.

	". . . .

	"Like the computer chip plan, the new bill is likely to put the 
Administration on a collision course with both telecommunication companies 
and civil rights groups.  Industry executives believe any such measure could 
cost as much as $300 million, so that they would have to seek higher rates 
from customers.  Civil rights groups argue the measure is largely 
unnecessary and poses potential threats to privacy."

	The bill is supposedly a new version of the wiretapping bill that 
Bush asked for and did not get.

Peter D. Junger

Case Western Reserve University Law School, Cleveland, OH
Internet:  JUNGER at SAMSARA.LAW.CWRU.Edu -- Bitnet:  JUNGER at CWRU






From frc at bwh.harvard.edu  Sun Feb 13 12:31:13 1994
From: frc at bwh.harvard.edu (Fred Cooper)
Date: Sun, 13 Feb 94 12:31:13 PST
Subject: PGP Procmail
Message-ID: <199402132024.PAA02426@duke.bwh.harvard.edu>


A while ago, someone (Matthew Ghio?) posted a procmail recipe for 
handling PGP msgs... I just switched over to using procmail and would 
like a copy of this... If someone can contact me for transfer 
arrangements, or provide with a pointer to its location ....



Thanks
FRC
-- 
#include <hdrs/disclaim.std>    /* Neural Nets catch only dreaming fish. */  
     Paranoia... It's more than a state of mind. It's a way of life.





From klbarrus at owlnet.rice.edu  Sun Feb 13 12:41:14 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Sun, 13 Feb 94 12:41:14 PST
Subject: REMAIL: new remailer
Message-ID: <9402132035.AA19427@arcadien.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Cypherpunks,

After reading Tim's ideas on second generations remailer, I decided to
try coding a new experimental remailer which includes some of the
features mentioned.  Because I am doing a couple of different things,
I wrote the scripts from scratch since I need the familiarity with the
code that comes from actually writing the whole thing yourself.
However, I don't think it will be hard to add these features to Hal's
code, if they are found desirable.  I've been testing for a while and
it seems to work.

* Send mail to barrus at tree.egr.uh.edu to enter the remailer.
Ultimately, mail will be remailed from elee6ue at rosebud.ee.uh.edu.
That is, there is a "mystery" processing point in between: mail ->
barrus at tree.egr.uh.edu -> ? -> elee6ue at rosebud.ee.uh.edu -> wherever.
I imagine it isn't difficult to figure out what the middle processing
point is, but I thought I'd distribute things around a bit.  

* Mail from ? to elee6ue at rosebud.ee.uh.edu will be encrypted, even if
the mail sent to barrus at tree.egr.uh.edu isn't.  So mail with a latency
delay will be encrypted as it sits at ?; mail with no latency will by
encrypted before travelling to elee6ue at rosebud.ee.uh.edu.

* The remailer elee6ue at rosebud.ee.uh.edu has been restored to normal.
That is, the "digital cash" (random strings) features has been taken
out.

* The remailer figures out whether the message is encrypted (with PGP)
or not.  So no encrypted pasting token; perhaps later I will add RIPEM
capability.

* Instructions to the remailer are of this form:

<instructions and stuff go here>

<body of message goes here>

The instructions come first, then a space, then your message.  The
original header of the message is thrown out (see *subject below).

For example, a valid message with the new remailer is:

- ----------8< cut here >8----------
Anon-To:klbarrus at owlnet.rice.edu
Subject:guess

Gee, I think I figured out where ? is.
- ----------8< cut here >8----------

Of course, message body may be further encrypted with the public key
of the remailed-to person, and the entire message (between the cut
marks) may be encrypted with the public key of the remailer.

* The following instructions are recognized:

Anon-To:address
Request-Remailing-To:address
Cut:cutmarks
Latent-Num:num1
Subject:text

	* Anon-To: and Request-Remailing-To: are really the same.
	The address specified is where to send the body.  If the
	address is /dev/null, whitehouse.gov, or null, the body is
	dropped.  If you attempt to mail to an*@anon.penet.fi, the
	address will be rewritten to na*@anon.penet.fi.

	* Cut: allows you to specify cutmarks.  DO NOT PUT A SPACE
	AFTER THE COLON UNLESS YOU WANT IT.  Thus

	Cut:-- specifies the cutmarks to be '--' (beginning of line,
	dash, dash, end of line) while

	Cut: -- specifies the cutmarks to be ' --' (beginning of line,
	SPACE, dash, dash, end of line), which is very different.

	Sendmail is invoked with -oi so putting a lone period in the
	first column should not end the message.

	You can specify (nearly) arbitrary cutmarks, which are matched
	against the body of your message.  If an exact match occurs,
	the rest of the body is not sent.

	If you specify cutmarks which also happen to be PERL
	metacharacters, the cutmarks will be changed to the default
	'--'.  I've tried to allow for the metacharacters to be
	cutmarks, but it just won't go.  If you happen to know how to
	do it, let me know.

	Try the cutmarks feature out before depending on it to save
	you.

	* Subject:text allows you to specify your subject.  When mail
	is received, the original header is thrown out.  After all,
	you can pad and multiply hop your message all over but if the
	subject remains "How I reverse engineered the Clipper chip"
	throughout it's trip, then you lose some security.  If you do
	not specify a subject, "Re: your mail" will be used.

	* Latent-Num:num1 lets you specify how many messages must come
	in (not necessarily be mailed out) before yours goes.  Pick a
	reasonable number or your mail may sit there for a real long
	time.

* Logging: I'm only logging whether an arriving message was PGP
encrypted or not, and the day of the month.  This is just to get an
idea of usage.

* I'll fill out Xenon's remailer disclosure list soon.  But this
remailer involved three seperate account on three different machines
so it might not fit into the current list very neatly ;)

Here is the public key for the remailer:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCNAi1al40AAAEEAJgl2BRKibTRuBPufnNwUnYWU8jyqHOeO5CvOCw8ZhVJm614
Jaa134x8LgfjBRdU4eLMth3D6ldYhtJQ1k2UMHsx9QUAIWVY5mOn0o8wbQNjqAuv
5SFUYBg8qS7U8pdl8Mr0v2Cmyeq9WeRSaoeYxf+D4hQIjMvnMMcTftZ/jd/BAAUR
tCFyZW1haWxlciA8YmFycnVzQHRyZWUuZWdyLnVoLmVkdT6JAJUCBRAtXdAtg4Ds
6kta1jMBAY+yA/9XDZZXgG8pTAKky4Zj8KxDSfPZIesXSEN9I/tsV4Zfak9mE8Oc
aRs2Wphx6WcasX6/D9lgP8bT/Pnr9NDvqWLg0vC9yxk87D9ny8xNAreVTeH0+/HD
7VaMhiQCEsADut+0FYFs/44N/IeQriOZS48kwM1PdUjVlc2aqMmobsk4SA==
=XWIf
- -----END PGP PUBLIC KEY BLOCK-----

Other things I will be looking at implementing as time permits:

* Digital Cash - hopefully with the Magic Money code.

* Time Latency - letting a user specify when (timewise) before
remailing a message is remailed.  I will possibly combine this feature
with digital cash.

* Avoiding Sendmail - using an SMTP package Peter Honeyman sent me.
Maybe just telnetting to port 25 if that's good enough.

* Padding - Hal sent me some code to pad inside PGP messages; upon
decryption the padding is thrown away.

* Other ways to receive mail - that is, something like an altered fsp,
custom client/server code, or WWW in Nate's experiment.  Essentially
materialize the file at the remailer (without mailing to the remailer)
to be delivered later.  This will probably be undoable since I'm not
root.

Karl Barrus
<klbarrus at owlnet.rice.edu>

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLV6NgYOA7OpLWtYzAQF2JQP/YSrLjPbjPIzStLAwTcIazl9rPCr4O3if
RWs8YUFJvt+1+2XGkPTdSd+poRykwN/x+9JNK2cCsy8MP4gd8hxOkpaFclAdFLO+
X2e66Y3JVCbXWvGQEG3hUeWIcte2uc5WCXaXhG8FkU6Lhkw9XZFX7la4ZJ7bKmGo
ExaTyCJVZu4=
=B3D/
-----END PGP SIGNATURE-----





From jim at bilbo.suite.com  Sun Feb 13 13:01:14 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Sun, 13 Feb 94 13:01:14 PST
Subject: a protocol (that doesn't work)
Message-ID: <9402132053.AA19346@bilbo.suite.com>



Did you ever wish there was an "unmail" command?

I realized about halfway home that the protocol I described not only  
didn't work, but demonstrated to the world my lack of understanding  
of the man-in-the-middle attack against Diffie-Hellman.  Oh well, I  
guess I'll keep my day job a little longer...

At least I now have a better understanding of just how hard it is to  
foil man-in-the-middle attacks.

>From reading the description of the Interlock Protocol, I saw that it  
is possible to arrange things so the man in the middle has to do a  
lot more work.  It may be that Robert Cain has come up with a  
protocol that increases the work necessary to maintain a  
man-in-the-middle attack to the point where the attack becomes  
impractical, although not impossible, in theory.  However, I think  
that is this becomes the case, an attacker would simple cut Bob  
completely out of the picture and change the man-in-the-middle attack  
to a %100 spoof of Bob.  Since Alice and Bob have never met and don't  
share any secrets, how would Alice be able to tell the difference  
between the real Bob, and Mallet completely spoofing Bob?  In the  
abstract, I don't see any way.

There may be some real-world situations where Alice can tell the  
difference between Bob and pseudo-Bob.  It depends on the situation  
and what assumptions Alice makes about a properly behaved Bob.  If  
pseudo-Bob doesn't behave the way Alice expects real-Bob to behave,  
then Alice could get suspicious.  But now we've existed the realm of  
cryptography and enter the realm of human relations.  Of course,  
there's still a lot of money to be made offering imperfect solutions  
that are good enough for some people.


Jim_"still learning"_Miller at suite.com






From tcmay at netcom.com  Sun Feb 13 13:11:15 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 13 Feb 94 13:11:15 PST
Subject: Actively Sabotaging Clipper and Capstone?
In-Reply-To: <199402131947.LAA03223@mail.netcom.com>
Message-ID: <199402132103.NAA11219@mail.netcom.com>



Hey, I've just been told in e-mail that my $200,000 figure for the
Clipper keys (a tape or compilation of the ones that are held in
escrow) is way too low, probably by two orders of magnitude.

Maybe so, as having these keys could mean a lot.

But my point is that nearly any such figure will represent an
incredible temptation. Such is the risk of any centralized system in
which a master key (or set of escrowed keys) unlocks such valuable
information.

And my point is that just the _rumor_ of such a black market may be
enough to destroy what little confidence in Clipjack already exists.

So, let the bidding begin! (But don't send your bids to me,
personally.)

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From klbarrus at owlnet.rice.edu  Sun Feb 13 13:21:16 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Sun, 13 Feb 94 13:21:16 PST
Subject: REMAIL: list of remailers
Message-ID: <9402132119.AA20562@arcadien.owlnet.rice.edu>


Well, it's been a bit since I posted this, I hope I got all the
activity over the past month.

-----BEGIN PGP SIGNED MESSAGE-----

Cypherpunk anonymous remailers, 2/13/94

Q1: What are the anonymous remailers?

A1:

 1: remailer at chaos.bsu.edu
 2: nowhere at bsu-cs.bsu.edu
 3: hh at cicada.berkeley.edu
 4: hh at pmantis.berkeley.edu
 5: hh at soda.berkeley.edu
 6: 00x at uclink.berkeley.edu
 7: hal at alumni.caltech.edu
 8: ebrandt at jarthur.claremont.edu
 9: catalyst at netcom.com
10: qwerty at netcom.com
11: remailer at rebma.mn.org
12: elee6ue at rosebud.ee.uh.edu
13: elee7h5 at rosebud.ee.uh.edu
14: hfinney at shell.portal.com
15: barrus at tree.egr.uh.edu
16: remailer at utter.dis.org
17: remailer at entropy.linet.org
18: elee9sf at menudo.uh.edu
19: remail at extropia.wimsey.com

NOTES: 

1-6		no encryption of remailing requests
7-19		support encrypted remailing requests
19		special - header and message must be encrypted together
11,16,17,19	introduce larger than average delay (not direct connect)
11,16,19	running on privately owned machines
18		supports RIPEM encryption, caches remailing requests
15		supports different request syntax
5		features USENET posting

======================================================================

Q2: What help is available?

A2:

Check out the pub/cypherpunks/remailer directory at soda.berkeley.edu
(128.32.149.19).  

chain.zip             - program that helps with using remailers
dosbat.zip            - MSDOS batch files that help with using remailers
hal's.instructions.gz - in depth instruction on how to use
hal's.remailer.gz     - remailer code
pubkeys.tar.gz        - public keys of remailers which support encryption
pubkeys.zip           - MSDOS zip file of public keys
scripts.tar.gz        - scripts that help with using remailers

For MAC's, at 129.82.156.104 in /pub/pgpc/ are two files:
pgpc22.tar.gz, pgpc22.tar.Z which assist in using the anonymous
remailers, including anon.penet.fi.

Or try the cypherpunks gopher site (chaos.bsu.edu) and look in
"Anonymous Mail" for instructions.

Mail to me (klbarrus at owlnet.rice.edu) for further help and/or questions.

======================================================================

Q3.  Email-to-Usenet gateways?

A3.

 1: group-name at cs.utexas.edu
 2: group.name.usenet at decwrl.dec.com
 3: group.name at news.demon.co.uk
 4: group.name at news.cs.indiana.edu
 5: group-name at pws.bull.com
 6: group-name at ucbvax.berkeley.edu

NOTES:

*  This does not include ones that work for single groups, like twwells.com.
*  Remember to include a Subject: with your post, may cause failures
   if missing
#6 blocks from non-berkeley sites (so use the berkeley remailers :-)

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLV6YtoOA7OpLWtYzAQFwogQAxfy0wgSBBDtFXCMoI6ie1cTJSlw8kPrz
wCKwsVN5gOrIIjCiesfbcQCwJYOyQMvOFfem3AI7M/fhKWocObqca8h5dViXi21O
ZKXzZM2QeKmlNI35OwpgxUSp6hZa6rI8xJxvG88yadCZ0oNisvz5Ibb0Pab3XH1p
3nk0upVKlSM=
=VnOr
-----END PGP SIGNATURE-----

-- 
Karl L. Barrus: klbarrus at owlnet.rice.edu         
keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 

"One man's mnemonic is another man's cryptography" 
  - my compilers prof discussing file naming in public directories




From K12OCEZB at vaxc.hofstra.edu  Sun Feb 13 13:51:16 1994
From: K12OCEZB at vaxc.hofstra.edu (K12OCEZB at vaxc.hofstra.edu)
Date: Sun, 13 Feb 94 13:51:16 PST
Subject: Unsubscribe me!
Message-ID: <01H8UDVRYKGY95MU5I@vaxc.hofstra.edu>


Begging your apologies but I tried unsubscribing on Friday and I'm still
getting mail, so please,
Unsubscribe Evan Boshnack
Do what needs to be done to "make it so"
Thanx,
Evan





From m5 at vail.tivoli.com  Sun Feb 13 13:53:48 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sun, 13 Feb 94 13:53:48 PST
Subject: Actively Sabotaging Clipper and Capstone?
In-Reply-To: <199402131947.LAA03223@mail.netcom.com>
Message-ID: <9402132144.AA14095@vail.tivoli.com>



Timothy C. May writes:
 > Hey, I've just been told in e-mail that my $200,000 figure for the
 > Clipper keys (a tape or compilation of the ones that are held in
 > escrow) is way too low, probably by two orders of magnitude.
 > 
 > Maybe so, as having these keys could mean a lot.

Indeed.  If/when this technology becomes widespread, to the
right/wrong people this data will become an exceedingly valuable
target for theft or destruction.  We're talking outlandish James Bond
plots here; it becomes realistically worthwhile.

If you're an organization with no special love for the US Government
and plenty of resources at your disposal, would you choose to go
through the pain and labor of trying to break the cryptosystem when
you know the keys are all sitting around in a couple of filing
cabinets?

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From sommerfeld at orchard.medford.ma.us  Sun Feb 13 14:01:16 1994
From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld)
Date: Sun, 13 Feb 94 14:01:16 PST
Subject: Actively Sabotaging Clipper and Capstone?
In-Reply-To: <199402131947.LAA03223@mail.netcom.com>
Message-ID: <199402132147.VAA00207@orchard.medford.ma.us>


Actually, I had heard that there were three different family keys
already:

	US.
	UK.
	Sweden.

... and that this indicated that the at least some organizations
within these governments had "bought into" the Clipper scheme.

The person who told me this claimed that the pressure for key escrow
came from much higher levels -- the National Security Council, *not*
the NSA -- and that various lower-level functionaries within NIST
among others were *not* happy about having to toe the administration
line on key escrow.

This does not fit well with Gore's recent "good cop" remarks.

						- Bill





From anonymous at extropia.wimsey.com  Sun Feb 13 14:31:16 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Sun, 13 Feb 94 14:31:16 PST
Subject: Setting up a Magic Money server
Message-ID: <199402122015.AA06992@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

Magic Money seems to have reached a usable state. (Open mouth, insert foot,
bite down firmly :-) ) Someone needs to set up the first server. Here's how:

You can set up a Magic Money server on any machine with a net connection.
You need to be able to run a program when mail comes in. You do not need
root access. Running a Magic Money server is no harder than running a
cypherpunks remailer. Unlike a remailer, there is no possibility of your
server being used to harass or mailbomb anyone.

Get Magic Money and PGP Tools (needed to compile it) from csn.org. 
Get pgptl10c.zip and mgmny10e.zip. If mgmny10e.zip isn't up yet, get 
mgmny10d.zip and fix the bug in mms_mint() by moving the free(fp); to 
the end of the function. This is the only change in version e. This 
version has been reported to work on both big and little endian machines. 

If your machine has assembly-language speedups, get them from the pgp23a
source code. Use the same defines PGP uses to compile on your machine,
and take out the NO_ASM define in my makefile. This will speed up your
server quite a bit.

Compile the client and the server. Define UPTON or one of the other modmult 
functions, because I have had problems with Smith's modmult. The hash file
is currently set to about half a meg. It grows if it fills up. If you need
to use less disk space, change the settings in mm.h.

Put the server program "s" in one directory, and the client program "c" in 
another. Put something random (i.e. unknowable to an attacker) in a file
called rand.dat in each directory. The programs won't work without this. 
The directories should be otherwise empty. 

Go to the server directory and run "s i" to initialize the server. It will
ask you for the name of your server, size of your key, name of your coins,
and denominations to use. Powers of 2 make good denominations. For example,
you might use 1,2,4,8... up to 32768. With these 16 coin values, you can
transfer any sum up to 65535 with 16 or fewer coins.

After you have entered all the information, the server generates a PGP key
pair, and an e/d list pair. Your server's ascii-armored public key is saved 
to bank.asc. You will need to distribute this key to everyone who wants to
use your server.

Copy bank.asc into the directory with the client. In that directory, run
"c -i" to setup the client. The client generates a key, then creates a
message "output.asc" which should be sent to the server. For example, if
"client" and "server" were subdirectories in a common directory, you could
run "s < ../client/output.asc > ../client/reply.asc" from the server's
directory. Now go back to the client directory and run "c reply.asc" to
finish setting up your client. You will be running this sequence a lot if
you play with the system, so write a script.

Your client now knows the name of your coins, and has the elist. This
information is updated automatically when the server discovers the client's
copy is out of date.

Go back to the server directory and run "s m <x>" where x is one of your
higher-value coins. You will have problems if you are using version d and
did not fix the bug as described above. This mints a coin and writes it out
to coins.dat.

Go back to the client directory and run "c ../server/coins.dat". The client
reads the coin, checks it, and asks you for values of new coins to create.
Create several smaller coins. The client keeps prompting you until you have
created coins with a value equalling that of the old coin.

The client creates another "output.asc". Run your script to pass it through
the server, and run "c reply.asc" to process the results. The client now
takes the signed coins from the server and the blinding factors from 
proto.dat, and unblinds the coins. The result is written to allcoins.dat.

Now run "c -p" to withdraw coins from allcoins.dat. Enter the denominations
to withdraw, and 0 to end. Now you have a coins.dat in the client's
directory, so run "c coins.dat" to process it. It will count up the coins
you withdrew, and prompt you for new coin values again, then produce another
output.asc for the server. You can create a second client in another
directory, and pass coins from one to the other.

Try creating a "msg.txt" file in the server's directory. The client will
then display the contents of the message whenever it processes a reply from
the server. The client waits for a keypress after the message.

Now that you know the server works, set it up so that incoming mail to your
account is passed to the server, and the output from the server is sent back
to the person who sent the mail. If you want to use the same account for
the server and regular mail, have users put a specific word in the subject
line of messages to the server.

Announce your server, including its public key from bank.asc. You might want
to provide binaries of the client for DOS, either by ftp or by automatic
mail. You might also want to write a better makefile for the Unix version.

Now you need to mint and distribute some, but not too much, money for people
to play with. Give a few coins to the first x people who send a message to 
your system. Later you can have lotteries, post puzzles and simple ciphers 
for people to break, etc. to put more money into circulation. But keep your
money scarce. People should be able to get a few coins to play with, but
they should always want more than they have. Good luck!

                                              Pr0duct Cypher


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVyldMGoFIWXVYodAQGo4AP/SQz82XRtWC1W/qjGQWouVDn/82TBBGne
ktNIfmPE92lPpH0V3f7EizBs466AEXTwaxq5qVpj4Fx6low1ceiaKBQxhNosB8Wa
BydiS2E2iC6kQ1RPj5jb6UOdLTQzl2MM7UrI8J3KpxszQWjhbgM/5ddHoDXgqs/J
VjjeM/iqNF8=
=2ggl
-----END PGP SIGNATURE-----





From anonymous at extropia.wimsey.com  Sun Feb 13 14:33:14 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Sun, 13 Feb 94 14:33:14 PST
Subject: Setting up a Magic Money server
Message-ID: <199402130914.AA12283@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

Magic Money seems to have reached a usable state. (Open mouth, insert foot,
bite down firmly :-) ) Someone needs to set up the first server. Here's how:

You can set up a Magic Money server on any machine with a net connection.
You need to be able to run a program when mail comes in. You do not need
root access. Running a Magic Money server is no harder than running a
cypherpunks remailer. Unlike a remailer, there is no possibility of your
server being used to harass or mailbomb anyone.

Get Magic Money and PGP Tools (needed to compile it) from csn.org. 
Get pgptl10c.zip and mgmny10e.zip. If mgmny10e.zip isn't up yet, get 
mgmny10d.zip and fix the bug in mms_mint() by moving the free(fp); to 
the end of the function. This is the only change in version e. This 
version has been reported to work on both big and little endian machines. 

If your machine has assembly-language speedups, get them from the pgp23a
source code. Use the same defines PGP uses to compile on your machine,
and take out the NO_ASM define in my makefile. This will speed up your
server quite a bit.

Compile the client and the server. Define UPTON or one of the other modmult 
functions, because I have had problems with Smith's modmult. The hash file
is currently set to about half a meg. It grows if it fills up. If you need
to use less disk space, change the settings in mm.h.

Put the server program "s" in one directory, and the client program "c" in 
another. Put something random (i.e. unknowable to an attacker) in a file
called rand.dat in each directory. The programs won't work without this. 
The directories should be otherwise empty. 

Go to the server directory and run "s i" to initialize the server. It will
ask you for the name of your server, size of your key, name of your coins,
and denominations to use. Powers of 2 make good denominations. For example,
you might use 1,2,4,8... up to 32768. With these 16 coin values, you can
transfer any sum up to 65535 with 16 or fewer coins.

After you have entered all the information, the server generates a PGP key
pair, and an e/d list pair. Your server's ascii-armored public key is saved 
to bank.asc. You will need to distribute this key to everyone who wants to
use your server.

Copy bank.asc into the directory with the client. In that directory, run
"c -i" to setup the client. The client generates a key, then creates a
message "output.asc" which should be sent to the server. For example, if
"client" and "server" were subdirectories in a common directory, you could
run "s < ../client/output.asc > ../client/reply.asc" from the server's
directory. Now go back to the client directory and run "c reply.asc" to
finish setting up your client. You will be running this sequence a lot if
you play with the system, so write a script.

Your client now knows the name of your coins, and has the elist. This
information is updated automatically when the server discovers the client's
copy is out of date.

Go back to the server directory and run "s m <x>" where x is one of your
higher-value coins. You will have problems if you are using version d and
did not fix the bug as described above. This mints a coin and writes it out
to coins.dat.

Go back to the client directory and run "c ../server/coins.dat". The client
reads the coin, checks it, and asks you for values of new coins to create.
Create several smaller coins. The client keeps prompting you until you have
created coins with a value equalling that of the old coin.

The client creates another "output.asc". Run your script to pass it through
the server, and run "c reply.asc" to process the results. The client now
takes the signed coins from the server and the blinding factors from 
proto.dat, and unblinds the coins. The result is written to allcoins.dat.

Now run "c -p" to withdraw coins from allcoins.dat. Enter the denominations
to withdraw, and 0 to end. Now you have a coins.dat in the client's
directory, so run "c coins.dat" to process it. It will count up the coins
you withdrew, and prompt you for new coin values again, then produce another
output.asc for the server. You can create a second client in another
directory, and pass coins from one to the other.

Try creating a "msg.txt" file in the server's directory. The client will
then display the contents of the message whenever it processes a reply from
the server. The client waits for a keypress after the message.

Now that you know the server works, set it up so that incoming mail to your
account is passed to the server, and the output from the server is sent back
to the person who sent the mail. If you want to use the same account for
the server and regular mail, have users put a specific word in the subject
line of messages to the server.

Announce your server, including its public key from bank.asc. You might want
to provide binaries of the client for DOS, either by ftp or by automatic
mail. You might also want to write a better makefile for the Unix version.

Now you need to mint and distribute some, but not too much, money for people
to play with. Give a few coins to the first x people who send a message to 
your system. Later you can have lotteries, post puzzles and simple ciphers 
for people to break, etc. to put more money into circulation. But keep your
money scarce. People should be able to get a few coins to play with, but
they should always want more than they have. Good luck!

                                              Pr0duct Cypher


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLVyldMGoFIWXVYodAQGo4AP/SQz82XRtWC1W/qjGQWouVDn/82TBBGne
ktNIfmPE92lPpH0V3f7EizBs466AEXTwaxq5qVpj4Fx6low1ceiaKBQxhNosB8Wa
BydiS2E2iC6kQ1RPj5jb6UOdLTQzl2MM7UrI8J3KpxszQWjhbgM/5ddHoDXgqs/J
VjjeM/iqNF8=
=2ggl
-----END PGP SIGNATURE-----





From jim at bilbo.suite.com  Sun Feb 13 14:51:15 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Sun, 13 Feb 94 14:51:15 PST
Subject: escrow-to-black box protocol
Message-ID: <9402132240.AA20910@bilbo.suite.com>



Has the government published a description of the protocol the escrow  
agencies will use to download the Clipper keys to the black boxes?   
If so, is there a FTP'able description of it somewhere?

Jim_Miller at suite.com








From pmetzger at lehman.com  Sun Feb 13 14:53:07 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Sun, 13 Feb 94 14:53:07 PST
Subject: UNSUBSCRIBERS PLEASE READ
In-Reply-To: <01H8UDVRYKGY95MU5I@vaxc.hofstra.edu>
Message-ID: <9402132250.AA13784@andria.lehman.com>



PLEASE READ!!!! PLEASE READ!!!! PLEASE READ!!!! PLEASE READ!!!!
PLEASE READ!!!! PLEASE READ!!!! PLEASE READ!!!! PLEASE READ!!!!

Internet mailing lists are run by HUMAN BEINGS, NOT MACHINES. These
humans do things like go on vacation or go to work at jobs that do not
pay them to maintain mailing lists. The list mail frequently goes to
another mailbox other than the maintainers, one which is only read at
one or two week intervals. It is not unreasonable for mailing list
maintainers to take a week or even two weeks to process your request!
You should not be shocked by this. You should EXPECT this when you
sign up for a list!

If you find even after several weeks of sending mail to the -request
address that you are getting no response, DO NOT SEND MAIL TO THE
NORMAL LIST. This may come as a shock to you, but often the person
maintaining the list does not even subscribe to the mailing list. At
the same time, you will be annoying hundreds if not thousands of
people with your mail. If you have an emergency and apparently are not
getting any service, send mail to "postmaster" on the machine that
hosts the mailing list.

Do not on any account do this sort of thing:

K12OCEZB at vaxc.hofstra.edu says:
> Begging your apologies but I tried unsubscribing on Friday and I'm still
> getting mail, so please,
> Unsubscribe Evan Boshnack
> Do what needs to be done to "make it so"
> Thanx,
> Evan





From nowhere at bsu-cs.bsu.edu  Sun Feb 13 15:21:16 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Sun, 13 Feb 94 15:21:16 PST
Subject: No Subject
Message-ID: <9402132312.AA24279@bsu-cs.bsu.edu>


While not _directly_ an encryption matter, it bears pointing out that
pure text seems to be falling under the tender ministrations of the
Bureau of Alcohol, Tobacco and Firearms.

Reports in talk.politics.guns indicate that the Louisville, KY BATF has
informed a non-FFL (i.e., not a gun dealer, thus not under BATF
jurisdiction in the matter) Army-Navy store's proprietor that it would
be "shut down" if he did not remove from sale some Paladin Press titles
on illegal conversion of firearms.

According to followups, it's worse:  The State of Michigan has outlawed
such texts for some time now.






From 72114.1712 at CompuServe.COM  Sun Feb 13 15:51:16 1994
From: 72114.1712 at CompuServe.COM (Sandy)
Date: Sun, 13 Feb 94 15:51:16 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <940213233835_72114.1712_FHF71-1@CompuServe.COM>


-----BEGIN PGP SIGNED MESSAGE-----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I would like to start a new thread.  I want to know what the
people on this list intend to do with cryptography in the "real
world."  There are a number of Cypherpunk projects on the drawing
board or already deployed:  Stego, encrypted phones, encrypted
and anonymous remailers, stealth PGP, a digital bank, etc.  Do
the folks on this list intend to use these tools, or is your
interest only theoretical?

I'm not looking for simple "yes" or "no" comments, however.  I'm
interested in finding out how much you are willing to reorganize
your life in order to take advantage of these techniques.  I want
to know what factors would increase or decrease your use of
cryptographic products and services.  What do you want? What do
you fear?

My interest is more than academic.  I am one of the Cypherpunks
involved in creating a digital bank.  If the 700 or so people on
this list wouldn't open an account in a digital bank, chances are
no one else would either.  The same goes, of course, for secure
phones, encrypted e-mail, and all the rest.

What Real World concerns you have about crypto?

Talk to me.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLV65Ek5ULTXct1IzAQHpBQP/aaCxIpmSZru4viy43hsK0Z9jdkjCw0zm
S89ZhTP7w2nJkBqUT0qzOi0N42yTAaxL77fLDTeiRrBkAlgmEZDMeYEf7em4rAa3
yDmhkMd4yhgReDr+hNKl7OhvHL776An7STJ4pJAbdbKAipLAFNAF4lTcT5Ucf14h
1WXFBQklrv8=
=tS11
-----END PGP SIGNATURE-----







From paulp at is.internic.net  Sun Feb 13 16:31:15 1994
From: paulp at is.internic.net (Paul Phillips)
Date: Sun, 13 Feb 94 16:31:15 PST
Subject: UNSUBSCRIBERS PLEASE READ
In-Reply-To: <9402132250.AA13784@andria.lehman.com>
Message-ID: <Pine.3.89.9402131650.B3339-0100000@is.internic.net>


Actually, most mailing lists are run by machines, not human beings, at 
least for routine administrative tasks.  Especially for such things as 
subscribing and unsubscribing.

I too attempted to unsubscribe a couple days ago, largely because the 
noise posts are not filtered.  There are plenty of list managing software 
packages out there, which aren't difficult to install.  I suggest anyone 
planning on running a mailing list look into them; machines were made to 
do repetitive tasks.

On Sun, 13 Feb 1994, Perry E. Metzger wrote:

> 
> PLEASE READ!!!! PLEASE READ!!!! PLEASE READ!!!! PLEASE READ!!!!
> PLEASE READ!!!! PLEASE READ!!!! PLEASE READ!!!! PLEASE READ!!!!
> 
> Internet mailing lists are run by HUMAN BEINGS, NOT MACHINES. These
> humans do things like go on vacation or go to work at jobs that do not
> pay them to maintain mailing lists. The list mail frequently goes to
> another mailbox other than the maintainers, one which is only read at
> one or two week intervals. It is not unreasonable for mailing list
> maintainers to take a week or even two weeks to process your request!
> You should not be shocked by this. You should EXPECT this when you
> sign up for a list!
> 
> If you find even after several weeks of sending mail to the -request
> address that you are getting no response, DO NOT SEND MAIL TO THE
> NORMAL LIST. This may come as a shock to you, but often the person
> maintaining the list does not even subscribe to the mailing list. At
> the same time, you will be annoying hundreds if not thousands of
> people with your mail. If you have an emergency and apparently are not
> getting any service, send mail to "postmaster" on the machine that
> hosts the mailing list.
> 
> Do not on any account do this sort of thing:
> 
> K12OCEZB at vaxc.hofstra.edu says:
> > Begging your apologies but I tried unsubscribing on Friday and I'm still
> > getting mail, so please,
> > Unsubscribe Evan Boshnack
> > Do what needs to be done to "make it so"
> > Thanx,
> > Evan
> 





From tramm at lsmsa.nsula.edu  Sun Feb 13 17:11:16 1994
From: tramm at lsmsa.nsula.edu (Tramm "root" Hudson)
Date: Sun, 13 Feb 94 17:11:16 PST
Subject: REAL WORLD ENCRYPTION
In-Reply-To: <940213233835_72114.1712_FHF71-1@CompuServe.COM>
Message-ID: <9402140204.AA08901@lsmsa.nsula.edu>


> I would like to start a new thread.  I want to know what the
> people on this list intend to do with cryptography in the "real
> world."  There are a number of Cypherpunk projects on the drawing
> board or already deployed:  Stego, encrypted phones, encrypted
> and anonymous remailers, stealth PGP, a digital bank, etc.  Do
> the folks on this list intend to use these tools, or is your
> interest only theoretical?

Well Sandy, I plan to use these tools we've developed.  I use PGP on
a regular basis (my public key is available on most of the key servers
or my .plan) for encryption of mail and sensitive source.  I do not
sign my messages, nor do I collect everyone else's keys -- for the
bulk of the things I do, it is pointless.

Encrypted phones, remailers, and such are of little use to me.  Stego
could be usefull, but I have not had the opportunity to necessitate it.
Stealth PGP?  Sure -- it's a good idea, but anyone can strip the
"Begin PGP data block" messages.

> I'm not looking for simple "yes" or "no" comments, however.  I'm
> interested in finding out how much you are willing to reorganize
> your life in order to take advantage of these techniques.  I want
> to know what factors would increase or decrease your use of
> cryptographic products and services.  What do you want? What do
> you fear?

My life does not depend on the cryptographic techniques we hvae
developed.  I would hate for -anyone- to have to depend on the work
of others so much.  If I needed, I would install a new vresion of
sendmail to automatically encrypt all outgoing/local mail; I would
use the encrypted filesystems; I would use the encrypted cores that
someone has proposed.  But -- nothing I do right now needs that
sort of security.

> My interest is more than academic.  I am one of the Cypherpunks
> involved in creating a digital bank.  If the 700 or so people on
> this list wouldn't open an account in a digital bank, chances are
> no one else would either.  The same goes, of course, for secure
> phones, encrypted e-mail, and all the rest.

Of course not!  If we wouldn't use a digital bank, then who in the
regular public would?  What they don't realize is that most of the
banking now adays is electronic and just the same as the digital banks
we have discussed.  I would open an account in a digital bank on a
few conditions:

1)	The currency could be tendered elsewhere.  I hate the "tokens"
that arcades and casinos use.  If I can't use the money I store in
the digital bank for something other than "digital postage," then it
is of no use to me.

2)	I would have some insurance that my "money" is safe and that
I can retrieve it at any time.  Just like the FDRC insures member banks,
I would like some digital version of that.  Will all the banks have
separate currencies?  Or will there only be one master bank with slaves
across the net?

> What Real World concerns you have about crypto?

	Clipper scares me.  I don't like the idea of the government
regulating encryption.  Banks and finaces, I have no problem with, but
cryptography really scares me.  Why do they want to be able to read my
love letters (or my seditions email, or anything else of mine)?  Most
of my files are 0755 anyway, so they are free to read them.
	Another thing which bothers me -- most of the people I work
with and the other users on my machines have their umask set to 7077.
Why?  What do they have to hide? I leave my umask at 7022 and only
chmod go-rx on the files I don't want anyone else to read.  With
encryption, it is just one step further.

> Talk to me.

Sure -- just as long as someone is listening.
> 
	Tramm "Will ramble for net access" Hudson

------------------------------------------------------------------
tramm at chartres.ee.tulane.edu                 tramm at lsmsa.nsula.edu
lshud7354 at alpha.nsula.edu                    tbhudso at cs.sandia.gov

      G{CS,E,M,T,U} !-d+ p? ^c++++ l++ u{++,+++}!? --e+{?)#
       !m ?/s-  !(--n++) ~++h---(*) ?f+ !s &w- t- r* y?+




From ld231782 at longs.lance.colostate.edu  Sun Feb 13 17:31:15 1994
From: ld231782 at longs.lance.colostate.edu (L. Detweiler)
Date: Sun, 13 Feb 94 17:31:15 PST
Subject: T.C.May `forgery'
Message-ID: <199402140130.SAA12830@longs.lance.colostate.edu>


Cypherpunks, I did not write that letter. It was fowarded to me via an
anonymous remailer. One among you sent it to me. The question is, which one? why?

To those of you who are so confident it is a forgery-- why? perhaps it
is, but you base your dogmatic convictions on nothing credible, simply
your passionate, zealous enmity to me.

BTW, this is my official resignation as Chief Cypherpunk Whistleblower.
The position is a thankless, nasty job. There just really is no place
for me in cyberspace.





From kryten at shell.portal.com  Sun Feb 13 17:33:17 1994
From: kryten at shell.portal.com (Greg - Kucharo)
Date: Sun, 13 Feb 94 17:33:17 PST
Subject: REAL WORLD ENCRYPTION
In-Reply-To: <940213233835_72114.1712_FHF71-1@CompuServe.COM>
Message-ID: <199402140131.RAA27143@jobe.shell.portal.com>


 My Real World intrest in crypto is in preserving my freedom of speech and action in the face of a government who continues to try and deny those rights to me.
 As many on the list have said,we cannot always trust the government to uphold the rights granted in the constitution.With crypto,I hope a measure of self-gurantee will come about so we won't have to rely on government trust.Freedom of
speech is a real world thing,we use it everyday.Any crypto product that enhancesthat use and protects it,I would use.In addition,economic freedom is something
I would be intrested in using(as i watch more of my cash go to government).


Greg Kucharo
kryten at shell.portal.com       "In the high school halls,In the shopping malls,
                               conform or be cast out." Rush-Signals.





From corbet at stout.atd.ucar.EDU  Sun Feb 13 17:41:15 1994
From: corbet at stout.atd.ucar.EDU (Jonathan Corbet)
Date: Sun, 13 Feb 94 17:41:15 PST
Subject: Spread encryption with telnet?
Message-ID: <199402140135.SAA04509@stout.atd.ucar.EDU>


The current furor over people with password sniffers on the Internet made
me think of another possible option for spreading the use of encryption on
the net.  As everbody knows, the problem is with the passing of plaintext
passwords over the net.  Get rid of these passwords, and the crackers have
to go back to the other 99999 ways of breaking into machines.

It couldn't be very hard to grab a version of telnet and telnetd off the
net and hack in some sort of encryption of the data stream.  Heck, you
could just use the vendor's DES library on systems that have it -- perhaps
not the most aesthetic solution, but easy.  Put in a negotiation option so
that encryption will be used when both ends support it, and you have
instant plug-in relatively secure telnet.

As a bonus, you get your whole session encrypted, not just the password.
It seems like it could be much easier to install than, say, kerberos, and
offer more security.  I would guess that if you made something like this
available and EASY, that lots of people would install it on their machines.
Folks are a little nervous right now, and a sniff-proof telnet might make
them feel better.

If I made a telnet that simply hooked into a vendor's encryption library,
with no internal encryption code, would I have ITAR problems still?  That
may be moot, since any vendor encryption library almost certainly will not
address the problem of coming up with a session key, so probably some sort
of key exchange protocol would have to be put in.

Overall, this seems easy and useful enough that I'm amazed that nobody has
done it yet.  Have I missed something?

jon





From MIKEINGLE at delphi.com  Sun Feb 13 18:21:15 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Sun, 13 Feb 94 18:21:15 PST
Subject: Gun conversion info banned
Message-ID: <01H8UNJZ5J8Y9JDNWD@delphi.com>


>Reports in talk.politics.guns indicate that the Louisville, KY BATF has
>informed a non-FFL (i.e., not a gun dealer, thus not under BATF
>jurisdiction in the matter) Army-Navy store's proprietor that it would
>be "shut down" if he did not remove from sale some Paladin Press titles
>on illegal conversion of firearms.

>According to followups, it's worse:  The State of Michigan has outlawed
>such texts for some time now.

Has this law ever been challenged in court? I doubt if it would stand up,
as long as the books are written as "here's how one would..." rather than
actively encouraging you to do it. Technical information cannot be banned,
as long as you aren't inciting violence.

In any case, here's a good use for the nets and anonymity. Scan those
books, OCR the text, keep the graphics, and put them up for ftp or setup
an anonymous mail server to mail them out. Technology can make such
censorship impossible, but only if we use it.

--- Mike
 





From tcmay at netcom.com  Sun Feb 13 18:31:15 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 13 Feb 94 18:31:15 PST
Subject: REAL WORLD ENCRYPTION
In-Reply-To: <940213233835_72114.1712_FHF71-1@CompuServe.COM>
Message-ID: <199402140229.SAA20882@mail.netcom.com>


(Initially a reply to Sandy alone, but his partners in crime^H^H^H^H^H
may wish to see my responses as well, and the issueof who will use a
"digital bank" are of direct relevance to Cypherpunks as well. Hence
I'm copying the list on this reply.)

Sandy, 

Good questions!

I may or may not open an account, but how much I put into would be
dependent on the degree of "Swiss"-type services. Probably not many
such services, I am surmising, so it would make little sense for me to
liquidate assets currently in the U.S. to move them into your bank
(if I remained in U.S., no protection. If I left U.S., no _need_ for
your bank).

I think this'll be a cultural problem you guys will face. You can't be
a real digital money bank, in the long-range sense we've talked about.
(Total anonymity, Lichtenstein "anstalt"-type anonymity, digitally
mediated.)

How many users, and of what type, can you expect?

Probably at least a hundred folks on the List will say they plan to
use your bank. Of these, 50 will actually open an account...the rest
will think twice about the repercussions, or will wimp out, or will
just not get around to it.

Unfortunately, most Cypherpunks are of modest means, being students or
just starting out in industry, so the average deposit will be--I
predict--less than $2000. (Most people have not much more than this in
their checking accounts...if they have more, they spend it.)

After the novelty of showing their friends their ATM card from "First
Cyberspace Bank," or whatever, wears off, expect folks to drop out.

The noncognoscenti, the cryptographically challenged, will likely balk
at the crypto aspects, unless they are so well hidden as to thus be of
little interest...you'll just be another credit union or bank. Good
luck, and maybe a reasonable career to pursue, but not a millenial event.

Maybe I'm missing something, but in the space of features that a
digital money system _could_ offer (somday), what I gather you plan to
offer is not sufficiently interesting for "high rollers" to take a
serious interest. Real tax avoiders will move assets in other
ways...the idea of an ATM card and a slight savings on checks or
debits by not having to process paper will not influence them on
matters of this importance.

(BCCI, Castle Bank, Nugan Hand, etc. were not started with deposits
from the proles. Just not enough money in that.)

So, I have a hard time seeing how you'll get a lot of members. But
then, you folks haven't talked much about your actual plans, targeted
classes of customers, plans for dealing with the existing banking laws
(including reporting of transactions), and so on. So perhaps I'm
completely offbase here. It's hard for us to give you feedback when we
know so little about your plans.

But from what I've gathered, I'll open an account just for the novelty
of it and may keep a few thou in it. Maybe less, depending on your
interest rates paid. (I currently write all my checks and do all my
VISA transactions out of an "Active Assets Account" that pays me
interest on a positive balance and charges me a very reasonable
interest rate, near the discount rate, on a negative balance. I use
this account for checks, debit card (VISA), and ATM. And I get a lot
of extra services, like fully computerized summaries of expenditures
and transactions--useful at tax time. Your system had better be nearly
as full-serviced, or the tax avoidance/money laundering services had
better be _damned good_, or why should I bother?

Other folks may have different priorities, but these are mine. (I'm
all for secrecy, but I want true secrecy. The fact that my bank has
full computerized records for me may be _superficially_ "counter
privacy" to some, but all U.S. banks maintain these records anyway,
and these can be inspected by the Feds at any time, without a search
warrant. So I'm happy to get the detailed records.)

Offer a "digital numbered account," with the massive
reputation-related safeguards that would be needed, and a whole new
class of depositors could appear. But also expect massive moves by the
Feds.

Just my honest opinions. I wish you guys well.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From hayden at krypton.mankato.msus.edu  Sun Feb 13 18:51:15 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Sun, 13 Feb 94 18:51:15 PST
Subject: Gun conversion info banned
In-Reply-To: <01H8UNJZ5J8Y9JDNWD@delphi.com>
Message-ID: <Pine.3.89.9402132021.A25974-0100000@krypton.mankato.msus.edu>


Actually, with the gun paranoia in the US today, this law could very well 
be upheld, dispite 1st amendments ramifications.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From mgream at acacia.itd.uts.edu.au  Sun Feb 13 19:01:15 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Sun, 13 Feb 94 19:01:15 PST
Subject: Spread encryption with telnet?
In-Reply-To: <199402140135.SAA04509@stout.atd.ucar.EDU>
Message-ID: <9402140255.AA14252@acacia.itd.uts.EDU.AU>



Earlier, Jonathan Corbet wrote:

> It couldn't be very hard to grab a version of telnet and telnetd off the
> net and hack in some sort of encryption of the data stream.  Heck, you
> could just use the vendor's DES library on systems that have it -- perhaps
> not the most aesthetic solution, but easy.  Put in a negotiation option so
> that encryption will be used when both ends support it, and you have
> instant plug-in relatively secure telnet.
>
> Overall, this seems easy and useful enough that I'm amazed that nobody has
> done it yet.  Have I missed something?

Although not widely known, a telnet and telnetd combination of this form
were constructed by Laurie Brown at ADFA during his development of the
LOKI cipher. Draft IETF proposals were also written towards the goal of
these extended telnet options and the negotiation procedure becoming a 
standard.

In practice, it worked fine. One drawback was it required DES/LOKI
keys to be pregenerated and stored online in an analog of /etc/passwd
that the hyper-telnetd would use. The user needed to enter a password
on the telnet before the session started, and as for how the negotiation
procedures worked, I have absolutely no idea. This was some 2 years ago
now and not only are my recollections vague, but at the time I was a
'cryptovirgin' and hence wouldn't know one key exchange from another.

As for availability of this software, I don't think it was made a public
release (I obtained it from though 'other' channels that I would prefer
not to elaborate on -- and it was lost during 'cleansing'). I suggest 
getting in contact with Laurie Brown at Melbourne University, I believe 
thats his current abode. I think I will forward him a note, to satisfy
my own sense of curiosity.

Matthew.

footnote:

The Australian Defence Force Academy (ADFA) is well known for it's
cryptographic school (take a look at AUSCRYPT proceedings). It's a
stepping stone to the Defense Signals Directorate (DSD), our analog
of the NSA, though not _nearly_ as big (they do share SIGINT info
via the UKUSA agreement though). Anyway, since just recently, the
DSD is housed a stones throw from ADFA, which makes for interesting
liasons.

-- 
Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
PGPMail and brown paperbags accepted. - Non Servatum -





From pmetzger at lehman.com  Sun Feb 13 19:11:16 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Sun, 13 Feb 94 19:11:16 PST
Subject: Spread encryption with telnet?
In-Reply-To: <199402140135.SAA04509@stout.atd.ucar.EDU>
Message-ID: <9402140300.AA13887@andria.lehman.com>



Jonathan Corbet says:
> Overall, this seems easy and useful enough that I'm amazed that nobody has
> done it yet.  Have I missed something?

Yes. Its been done. See the BSD 4.4 telnet for an example.

.pm





From sameer at soda.berkeley.edu  Sun Feb 13 20:01:16 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Sun, 13 Feb 94 20:01:16 PST
Subject: REAL WORLD ENCRYPTION
In-Reply-To: <940213233835_72114.1712_FHF71-1@CompuServe.COM>
Message-ID: <m0pVuHM-00010pC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

> 
> Talk to me.
> 

	I am interested in preserving the personal safety of me &
mine. (Loved ones, etc.) I have numerous friends involved in certain
victimless activities which are currently proscribed by our
Friends[tm] and I would like to be able to dicuss these things without
worry of having my friends incarcerated.
	To this end I have done much work showing them how to use PGP
and encouraging the use thereof. It is a *very* slow process.

	I am in the planning stages of setting up a crypto-oriented
internet-connected househould, which I hope to use to furthur the
above goals, as well as sell crypto services to the internet
community, such as anonymous remailer, a psuedonyms server, and other
various services.


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLV70RXi7eNFdXppdAQFAwAQAog95Q08vSU97mRg6W/M+frUeJ4OV2+p5
cq9o6LQZlyfmqwS1aGstHYo/UsVP+euOvwUs64RzfXMuJJBFIervHBBUtUHdGyDu
VMzb64Bc3VU/wTsLxmc8TM8a5LwVEWaqwzxRPtBc9Lo5NZ98VYk+qQrdqdxEmXRL
IiWWq6ucQXw=
=YlAY
-----END PGP SIGNATURE-----




From banisar at washofc.cpsr.org  Sun Feb 13 20:31:17 1994
From: banisar at washofc.cpsr.org (Dave Banisar)
Date: Sun, 13 Feb 94 20:31:17 PST
Subject: Time on Clipper
Message-ID: <00541.2844026729.3333@washofc.cpsr.org>


  Time on Clipper
Time Magazine

CHRONICLES

THE WEEK
January 30 -February 5


Big Brother Chips?
The Clinton Administration has decided to foster use of ''Clipper 
Chips'' in government communications equipment, thus allowing the 
FBI et al. to eavesdrop on computerized messages. The FBI 
reportedly is also investigating increased use of ''sniffer'' 
programs, which steal passwords and access to private data on the 
Internet.






From tcmay at netcom.com  Sun Feb 13 21:01:17 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 13 Feb 94 21:01:17 PST
Subject: Tracking Contacts with Clipper
Message-ID: <199402140500.VAA09723@mail.netcom.com>


A comment in sci.crypt about how Clipper will make it much easier for
the Feds to track who's talking to whom...

This is an important point, which I've seen mentioned a few times over
the past 10 months, but not given nearly enough attention. To wit, if
Clipjack phones are ever used by dissidents, subversives, Cypherpunks,
etc., then the key block that goes out with every call--from both ends
of course--will make recording the identities of both parties trivial.

The "webs of trust" of PGP get replaced by "webs of co-conspirators."
An easy way to track down associates. Further, merely using an
encrypted phone with a "racketeer-influenced" person could conceivably
enmesh one in the conspiracy. (This is merely speculation.)

Whatever happened to the "phone remailer" project? The idea, floated
about 15 months ago by parties who can speak up should they wish to (I
only contributed some ideas, but was not the originator), was to
create commercial phone banks that would scramble the origin and
destination of call. Somewhat like call forwarding schemes (which
wreak havoc with some wiretap procedures) and like the old stand-by of
renting a room and having one phone wired to another phone.

The idea here was to put these capabilities into a central switch and
sell access, various optional services, etc.

Out of the country would be even better. (Did you know that some of
those ee-vil 900 phone sex outfits have moved to non-U.S. locations?
Seems that U.S. law about blocking access, not to mention,
antipornography laws, doesn't apply in places like Tijuana.)

I could see some tie-ins with Voice PGP (the Soundblaster-based
projects supposedly being worked on by several different groups).


--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From rcain at netcom.com  Sun Feb 13 21:11:17 1994
From: rcain at netcom.com (Robert Cain)
Date: Sun, 13 Feb 94 21:11:17 PST
Subject: Actively Sabotaging Clipper and Capstone? (fwd)
In-Reply-To: <199402132115.NAA04812@soda.berkeley.edu>
Message-ID: <199402140503.VAA17109@mail.netcom.com>


Sameer sez:
> 
> tcmay at netcom.com (Timothy C. May) sez:
> Cypherpatriots,
> 
> It's becoming more and more evident that the Crypto War has already
> started, that the fascists in power have decided to ban the keeping of
> secrets and the use of strong crypto by nongovernment folks.

Not yet.  Just a kneejerk so far.  They have decided they have the
power, though.  They have court decisions to back that up.  If 
the administration decides to "just say no" they have shown us
in the last few days that they can and will.

> 
> How could Clipper be sabotaged?

Easily.  By using it for the purpose of distibuting hard public keys.
Willingly or not, they have solved that problem.  :-)

> 
> Time to sabotage this whole Big Brother system.

Tim, I think that those of the big brother mentality who are left
are doing that just fine all by themselves.  :-)


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From an3747 at anon.penet.fi  Sun Feb 13 21:21:17 1994
From: an3747 at anon.penet.fi (an3747 at anon.penet.fi)
Date: Sun, 13 Feb 94 21:21:17 PST
Subject: Actively Sabotaging Clipper and Capstone?
Message-ID: <9402140434.AA18082@anon.penet.fi>


> But isn't this what we cherish about free speech, the
> ability to talk about controversial matters, even something as
> controversial (well, not to me, of course) as advocating the overthrow
> of the U.S. government?

A good move for anyone anticipating the overthrow of the U.S.
government (or any other) is to personally quit the U.S.  This is a
psychological state-change after which he no longer refers to members
of the U.S. in first person:

> ...
> toward the commercial traffic flowing in our major economic opponent.
                                           ^^^

> Which is why we're already seeing "family keys"
> generated for specific target countries, like Japan, Germany, and
> France (our major "enemies" in this new world without our former
          ^^^                                           ^^^
> enemies). 
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From thekind at Mercury.mcs.com  Sun Feb 13 21:51:17 1994
From: thekind at Mercury.mcs.com (Adam Dace)
Date: Sun, 13 Feb 94 21:51:17 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
In-Reply-To: <9402110328.AA10866@schirf.cs.utah.edu>
Message-ID: <Pine.3.07.9402132313.A24891-8100000@Mercury.mcs.com>


I'm new to the list, but after reading the article in Wired I felt I
needed to hear all this, Nazi flames aside.

I run linux myself and I'd like to see your idea take root.

The Kind








From kinney at bogart.Colorado.EDU  Sun Feb 13 21:53:09 1994
From: kinney at bogart.Colorado.EDU (W. Kinney)
Date: Sun, 13 Feb 94 21:53:09 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <9402140545.AA23226@bogart.Colorado.EDU>



-----BEGIN PGP SIGNED MESSAGE-----


Sandy Sandfort writes:

>I would like to start a new thread.  I want to know what the
>people on this list intend to do with cryptography in the "real
>world."

I read this as an invitation to rant. :-) This is going to be a little
harsh, I'm afraid.

> What do you want? What do you fear?

I'm here for the crypto phase change.

I'm here because of a technological perception about computation in general 
and encryption in particular. Crypto is a lever. Crypto is about mechanical 
advantage, small actions with big consequences in the progress of a major
social change brought on by computation. Computers are changing the world
in a way comparable to the invention of iron, or the printing press, or
the steam engine. And cryptography is a pivotal point of influence in the
direction that society will take in the next fifty or a hundred years.

>My interest is more than academic.  I am one of the Cypherpunks
>involved in creating a digital bank.  If the 700 or so people on
>this list wouldn't open an account in a digital bank, chances are
>no one else would either.  The same goes, of course, for secure
>phones, encrypted e-mail, and all the rest.

Put the digital bank on Oceana and let them both sink together. Fuck 
overthrowing the government. As my mother would say, "vast plans in 
half-vast ways..."

For what it's worth, I appreciate and admire the Vision. But it's 
impossible to take this grandiose stuff seriously when I'm still sending my 
password in cleartext over my phone line. Digicash is white noise until 
somebody has something to spend it on. Nobody's going to put their life 
savings in a bank named "crazed-libertarian at subversive.com". Get real.

The problem is not a lack of vision or a lack of expertise, it's a lack of 
social acuity. All those damn unsubscribe messages are telling us 
something, and nobody seems to be listening. The problem is that the 
cypherpunks can't even run a mailing list that's easy for people of limited 
technical ability to use, much less a bank or an entire nation. 

Somebody this last week posted a proposal about an encrypted terminal 
program, something that comes up once in a while, and the only replies I 
saw were from people saying "Oh, WELL, this has already been taken care of 
- -- just get a TCP/IP protocol connection and implement kerberos and haven't 
you read RFC 10329-2394032.9292-11193742 anyway? This is all standardized."

Except that I'm still sending my password over my phone line in cleartext.

Pr0duct Cipher is working. Mike Ingle is working. Mike Johnson and Grady 
Ward are distributing. Julf and the Remailer People (who mean our net no 
harm) are giving people meaningful channels for speech. John Gilmore is 
insisting on observance of the law. These things are for real. 

We don't need a new government. We don't need a million metric tons of 
hexagonal concrete slabs floating off bermuda full of "pioneers". We don't 
need any bullshit toy banks. The crypto phase change will be brought about 
by a thousand small and unromantic actions. If we are to be visionaries and 
subversives, let us style ourselves as visionary and subversive 
bricklayers, working slowly and patiently and from the ground up. 

The crypto phase change is not about anarchy, it is about insisting on 
accountability from the government we already have. The crypto phase change 
is about user interfaces in Windows. It's about plug-and-play software that 
lets people secure their own privacy in an indifferent world. These are the
things that will effect change. The rest is ego.

>What Real World concerns you have about crypto?
>
>Talk to me.

Talk back.


                              -- Will



"A skilled commander seeks victory from the situation" -- Sun Tzu



-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLV6sJPfv4TpIg2PxAQFK5QP+I7gz5NOi4GdzHToX/MnWL8YjpLFgZPFJ
JRnwgxAw2QEMYdvORWckBFN/zgrLs7CTlgDT5Pz+uT2qEeYEXX/yRtMo9LLANeqe
8Gy8CnFWFCoC0s8Mt5rG96fG6Y4YAEAnRuYj0ZRb5vb3daU8+GPhfaXp6tr27H3a
xkOioJoDG74=
=L0+J
-----END PGP SIGNATURE-----





From thekind at Mercury.mcs.com  Sun Feb 13 22:01:17 1994
From: thekind at Mercury.mcs.com (Adam Dace)
Date: Sun, 13 Feb 94 22:01:17 PST
Subject: message pools revisited
In-Reply-To: <9402110507.AA13369@bilbo.suite.com>
Message-ID: <Pine.3.07.9402132330.B24891-9100000@Mercury.mcs.com>


hmm...it sounds interesting...I'm not directly "on the wire" unfortunately
but if you need help with some code and can stand a newbie to Unix C (i
taught myself C in DOS and about 4 months changed to Linux) I'd be happy
to help if/when I can.

The Kind








From qwerty at netcom.com  Mon Feb 14 00:41:16 1994
From: qwerty at netcom.com (Xenon)
Date: Mon, 14 Feb 94 00:41:16 PST
Subject: alt.steganography
Message-ID: <199402140833.AAA20162@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

I'm trying to get someone to create alt.steganography, 'cause I'm getting quite
a few sci.crypt types asking me, yeah ME, that's who they're asking damn
it, in great detail about the qualities of random noise created by various
sources such as a microphone or AM radio or a scanner. And about adjusting
checksums instead of direct LSB changes to store the data. Fractal stego is
coming soon too. And Apple's microphone sends sounds to a D/A converter
which does NOT output its noise as random. Awk! I try, but it's time to get
these people talking to each OTHER, not to me. I don't know how to create
a newsgroup, but if someone doesn't do it for me (us), I'll have to do it
myself. I certainly do know some people to ask how.

There's quite a few serious programmer types who want to create
steganographic software. I've gotten quite a response to my "announcing"
Stealth-PGP on Usenet. The person who gets credit for coming up with
the name "Stealth" instead of my boring "VGP" says he has changed plans
and hopes to offer an external utility to strip and later restore any PGP
message. For the newbies, this isn't just removing the "-----BEGIN..."
header and footer!

How 'bout it? At least tell me what the "proper" name should be for
the group. sci.steganography will take to long to get approved.
alt.steganography is OK, but isn't alt.security.steganography more
correct?

 -=Xenon=-
-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLV7wVwSzG6zrQn1RAQHyuwP/ekQGxsJ0SFKl9rXkMtzBt8NUMkS72byo
RNngI6XQ9LWdz6JTIv6HHvKlAg5R68IJhOXUaRpxIGY5mAZkqQ6HV6gmcGc/LVRw
xle/EmESDSJZxFzPtCZZsJpmN7NUw3GkZ38BQwT7qP5raYRr92HOCcnHXbVei/kZ
VysymRITmRM=
=fDoU
-----END PGP SIGNATURE-----





From barrett at daisy.ee.und.ac.za  Mon Feb 14 01:21:19 1994
From: barrett at daisy.ee.und.ac.za (Alan Barrett)
Date: Mon, 14 Feb 94 01:21:19 PST
Subject: alt.steganography
In-Reply-To: <199402140833.AAA20162@mail.netcom.com>
Message-ID: <Pine.3.89.9402141111.B1446-0100000@daisy.ee.und.ac.za>


> How 'bout it? At least tell me what the "proper" name should be for
> the group. sci.steganography will take to long to get approved.
> alt.steganography is OK, but isn't alt.security.steganography more
> correct?

I think that alt.security.steganography would be a reasonable choice.
Please discuss it in alt.config; don't just create the group.

--apb (Alan Barrett)






From pfarrell at netcom.com  Mon Feb 14 01:25:25 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Mon, 14 Feb 94 01:25:25 PST
Subject: Actively Sabotaging Clipper and Capstone?
Message-ID: <15722.pfarrell@netcom.com>


Tim May posted to cypherpunks:


> Hey, I've just been told in e-mail that my $200,000 figure for the
> Clipper keys (a tape or compilation of the ones that are held in
> escrow) is way too low, probably by two orders of magnitude.
>
> Maybe so, as having these keys could mean a lot.
>
> But my point is that nearly any such figure will represent an
> incredible temptation. Such is the risk of any centralized system in
> which a master key (or set of escrowed keys) unlocks such valuable
> information.


This is exactly the same argument that corrupts the PEM certification
scheme. While hierarachical chains of command are reflexivly the first
idea in any military or bureaucratic employee, the existance of a
super-valuable "master certification certificate" that is valuable will
directly make it extremely valuable. Anything of sufficient value will
be compromised by someone willing to pay a sufficient value, break a
kneecap, etc.

Once a valuable, high level certificate is broken, then all decendant
certificates are broken. The "web of trust" is the only workable solution.

Pat

Pat Farrell      Grad Student                 pfarrell at gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From pfarrell at netcom.com  Mon Feb 14 01:28:25 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Mon, 14 Feb 94 01:28:25 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <15729.pfarrell@netcom.com>


In message 13 Feb 94 18:38:36 EST, Sandy <72114.1712 at CompuServe.COM>  writes:

> I would like to start a new thread.  I want to know what the
> people on this list intend to do with cryptography in the "real
> world."

I believe that real business will be done over the Net using EDI or some
derivative. Given the Net's many security holes, cryptogrphy is needed
for both digital signatures and to ensure that my business plan doesn't
show up in my competitor's inbox.

Most of this could be done with MIME, DHS, DSS, and PEM, if those standards
ever get deployed to the "widespread" user community. But we cypherpunks
must, at least, make sure that the weaknesses in the standards are exposed
and corrected.

> There are a number of Cypherpunk projects on the drawing
> board or already deployed:  Stego, encrypted phones, encrypted
> and anonymous remailers, stealth PGP, a digital bank, etc.  Do
> the folks on this list intend to use these tools, or is your
> interest only theoretical?

I personally think stealth PGP is the wrong direction. Widespread, blatent
acceptance of PGP by the 10 million PC users with modems will do more to
guarentee the legality of PGP than all the CSPR petitions. (Hey, I sent in
mine too, I just don't think that a few thousand voices will be heard)

Digital money is another thing. I think it is great. I'm realy to put $1000
real US dollars into the first bank that has digital money that I can sepnd
on real things. We are probably a ways away from this, but Pr0duct's work is
a great step forward.

Pat

Pat Farrell      Grad Student                 pfarrell at gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From tcmay at netcom.com  Mon Feb 14 02:01:21 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 14 Feb 94 02:01:21 PST
Subject: alt.steganography
In-Reply-To: <199402140833.AAA20162@mail.netcom.com>
Message-ID: <199402140952.BAA09705@mail.netcom.com>



In this post, I'll first take issue with Xenon's proposal (though he
is of course welcome to pursue what he wishes, natch). And I'll also
briefly mention the Cypherpunks FAQ, which I agreed to do at the
December meeting--and which is urgently needed, I think.

Xenon/Qwerty/Nik(?) writes:

> I'm trying to get someone to create alt.steganography, 'cause I'm getting quite
> a few sci.crypt types asking me, yeah ME, that's who they're asking damn
> it, in great detail about the qualities of random noise created by various
> sources such as a microphone or AM radio or a scanner. And about adjusting

...lots of stuff elided....

Cool your jets, Xenon! :-} Things go up and down in popularity.
Besides, stegonpgraphy is a branch of cryptology, so sci.crypt is a
perfectly fine place to discuss it. Why create a new group that many
cryptologists would then be unaware of, when such a good group already
exists?

And the issue you mention above, the quality of random noise sources,
is also an oft-discussed issues here on Cypherpunks and in
sci.crypt...it hardly belongs in "alt.stegonagraphy"! In fact, all of
these issues *are* what crypto is all about: randomness, padding,
traffic analysys, shielding, encryption, number theory, protocols, and
on and on. None of these topics needs its very own discussion group.

(And why not, by the same logic, also create alt.random.numbers,
alt.dining.cryptographers, alt.remailers, alt.digital.money,
alt.voice.pgp, and so on? All of these are of about the same
importance as stegonography. Probably more so, as stegonagraphy is
inherently limited by it being "security through obscurity," which
typically doesn't last very long. Like invisible inks and
microdots--the two compelling examples of past stegonagraphy--once the
secret gets out, the technique rapidly fades in significance.)

Stegonography has been with us for a long time, we've debated it many
times (cf. my post in 1988 in sci.crypt on the LSB method, reprinted a
couple of times), and at least _two_ major stego programs are widely
available:

- JSTEG, for UNIX, in the cypherpunks archives
- Stego, for Macintosh, at various sites, including sumex.stanford.edu

Stego, written by Romana Machado several months back, puts arbitrary
files (up to some max length) into Mac PICT files. Maybe GIFs, too,
though I haven't checked recently. She demoed this at a Cypherpunks
meeting in October or thereabouts. 

(Someone correct me if I'm wrong, but stripping the PGP header and
footer blocks off to leave on the "random"-looking stuff should be a
fairly trivial exercise, If you know "where" the PGP bits are,
isolating them and then adding back the headers and footers should be
equally trivial. Stealth PGP may indeed be useful, but many new
problems are added. A stealth mode, which strips off the wrapper would
be feasible today, but then one would need "out of band" ways of
letting the recipient know which bits to decrypt.)

> There's quite a few serious programmer types who want to create
> steganographic software. I've gotten quite a response to my "announcing"
> Stealth-PGP on Usenet. The person who gets credit for coming up with
> the name "Stealth" instead of my boring "VGP" says he has changed plans
> and hopes to offer an external utility to strip and later restore any PGP
> message. For the newbies, this isn't just removing the "-----BEGIN..."
> header and footer!

Maybe I'm revealing myself as one of the "newbies," but what do you
mean here? Headers and footers all look the same, meaning they are
apparently uncorrelated to the contents (carry no information). I
agree that not having them introduces other problems (knowing which
bits to treat as the PGP message, as above).

I'm not sure who your source was, but be advised that the term
"Stealth PGP" was in use at least a year ago....I heard Kelly Goen or
Phil Zimmermann refer to a future version of PGP with this name. Not
that it really matters a lot, but you ought to be aware that the
designers of PGP were aware of the issues you have raised
recently. Only so much time to get everything done, though.

> How 'bout it? At least tell me what the "proper" name should be for
> the group. sci.steganography will take to long to get approved.
> alt.steganography is OK, but isn't alt.security.steganography more
> correct?

I say discuss stego in _this_ group, Cypherpunks, or in sci.crypt or
one of the *.security groups (or multiple groups). Too often there's a
rush to spawn new groups and lists when the traffic would be welcome
on existing groups. The the ne groups die of posting starvation. For
example, there was a rush to create a "hardware cypherpunks" mailing
list and a "DC-Nets" mailing list...I haven't heard anything from
either of these groups recently.

Stegonagraphy has its charms, but I doubt that the issues need or
justify a separate group. Ditto for the proposal someone had for a
group devoted to discussion of hardware random number generators.

(Hardware random number generators, TEMPEST shielding, and hiding bits
are some of the sub-branches of crypto that seem to be on a 3-month
cycle of repetitions.)

We really do need a FAQ! 

(Yes, I'm still working on it. Expect to see something in a month or
six weeks. I'll try to have a Rev. 0.8 done by then.)

I hate to give the impression of snottiness. And I don't want to sound
jaded in the face of Xenon's obvious anxiousness to get rolling.  It's
just that Romana M., for example, put a _huge_ amount of effort into
her Stego program...and it was not met with cymbal crashes of
enthusiasm, either by folks on this list or outside. I suspect this is
because, when you get down to brass tacks, stegonography is just a
backwater of crypto (to mix some methaphors horribly). Once you've
played around with it, what do you actually _use_ it for? (I can
imagine some real uses, but they're contrived exercise, not reflecting
any real need. At least not now.)

Exhorting others to write more programs--or to create
alt.stegonagraphy--isn't always the most helpful style. Detweiler used
to exhort folks to "do more" and, ironically, begged and screamed for
"someone, anyone" to create alt.whistleblowers. Someone did (Miron
Cuperman, I recall), and now the group is essentially barren. It's not
a bad idea to have a whistleblowers group, but its creation was
perhaps a bit premature (not Cuperman's fault, as he just created the
group to satisfy Detweiler and to shut him up, I suspect). I fear
alt.stegonagraphy would similarly wither, once the initial enthusiasm
wore off.

I happen to agree that transmitting bits in the LSBs of sound and
image files gives "plausible deniability" to users of crypto. Work
should continute on this. I just don't see much urgency for getting
the capability widespread _right now_, especially not when the
practical difficulties of using PGP (discussed many times) mean most
of us are rarely using it at all!

Plenty of higher priority projects, in my opinion. But since we're an
anarchy of individualists, those who think stegonagraphy deployment is
of high priority should go ahead and pursue it. 

My advice is to discuss it here, or on sci.crypt. If the volume is
consistently high for at least several months, that's the time to
think about creating a special group or list for it.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From pfarrell at netcom.com  Mon Feb 14 02:21:21 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Mon, 14 Feb 94 02:21:21 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
Message-ID: <19244.pfarrell@netcom.com>


In message Sun, 13 Feb 94 09:50:59 +0200,
  Johan Helsingius <julf at penet.fi>  writes:

> As far as I know, there are *several* PD Windows SLIP packages.

Yes. there are.

I am motivated from the other end. I can get the client code I need, I can't
get "widespead use" at the server end. For example, GMU, which
nominally provides Internet access to all of its students, refuses to
support SLIP or PPP on any of its servers. No reason, just policy.

I gave up on GMU's services and pay Netcom to give me access. They charge
$2.00 per hour for SLIP/PPP, but all the async access I want is flat rate.

Until the politics and economics change, I believe widespread use will
require a non-IP approach. Sure IP would be better, so would ISDN.

But Eudora and NUpop work fine, over straight async. they just miss the
encryption hook.

I have no interest in debating the value of IP. I am looking for help in
building a non-IP client that can enable encrypted mail to the
great mass of computer owners who are clueless about technology.

Pat

Pat Farrell      Grad Student                 pfarrell at gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From MIKEINGLE at delphi.com  Mon Feb 14 03:01:24 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Mon, 14 Feb 94 03:01:24 PST
Subject: Precedent for PGP legality
Message-ID: <01H8V5JH4BG29JDWG9@delphi.com>


Found on alt.security.pgp. This might be worth researching and putting in a
future PGP manual. While it wouldn't keep PKP from harassing commercial
services into taking PGP down, it might help to keep keyservers and the
like alive. This is a court decision that found the construction of a
patented device for nonprofit purposes is not an infringement.

From: cjohnst at xmission.com (Charles Johnston)
Newsgroups: alt.security.pgp
Subject: PGP could be perfectly legal in the United States!!!!!

I was researching in the University of Utah law library nearby,
and I found a case that talks about patents and
private/experimental use.

It's 73 Fed 206,211 if you're interested in looking it up.
I haven't Shepardized it yet (found all future cases 
affecting the opinions), but here it is.

This is Bonsack Mach. Co. v. Underwood

Speaking of patents:

"The making of an infringing machine merely as an experiment
is not an actionable infringment..."

and

"To constitute an infringement, the making must be with an
intent to use for profit, and not for the mere purpose of
a philosophical experiment."

This seems to say that PGP is okay to use!  I would appreciate
ANY comments!  I will be researching this further REALLY soon!

By the way, when was the RSA patent granted?  They only last
17 years!

Charles Johnston






From an57322 at anon.penet.fi  Mon Feb 14 04:21:24 1994
From: an57322 at anon.penet.fi (T.A.Z.)
Date: Mon, 14 Feb 94 04:21:24 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <9402141018.AA02399@anon.penet.fi>



Sandy wrote:

>
>I would like to start a new thread.  I want to know what the
>people on this list intend to do with cryptography in the "real
>world."  There are a number of Cypherpunk projects on the drawing
>board or already deployed:  Stego, encrypted phones, encrypted
>and anonymous remailers, stealth PGP, a digital bank, etc.  Do
>the folks on this list intend to use these tools, or is your
>interest only theoretical?
>

[stuff deleted]

>My interest is more than academic.  I am one of the Cypherpunks
>involved in creating a digital bank.  If the 700 or so people on
>this list wouldn't open an account in a digital bank, chances are
>no one else would either.  The same goes, of course, for secure
>phones, encrypted e-mail, and all the rest.

If the bank provides international transfers then I would be your first
customer.

-=T.A.Z.


-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From pmetzger at lehman.com  Mon Feb 14 05:11:25 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Mon, 14 Feb 94 05:11:25 PST
Subject: Actively Sabotaging Clipper and Capstone? (fwd)
In-Reply-To: <199402140503.VAA17109@mail.netcom.com>
Message-ID: <9402141308.AA18039@andria.lehman.com>



Robert Cain says:
> > It's becoming more and more evident that the Crypto War has already
> > started, that the fascists in power have decided to ban the keeping of
> > secrets and the use of strong crypto by nongovernment folks.
> 
> Not yet.  Just a kneejerk so far.  They have decided they have the
> power, though.  They have court decisions to back that up.

Okay, Bob, thats it. Enough of the strange and evidence-free
commentary. WHAT GODDAMN COURT DECISONS ARE YOU TALKING ABOUT???

Perry





From frissell at panix.com  Mon Feb 14 06:41:28 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 14 Feb 94 06:41:28 PST
Subject: Safire Savages Clipper
Message-ID: <199402141434.AA14955@panix.com>


For personal use only as directed...

_______________________________________________


New York Times:  Monday, February 14, 1994

Essay

William Safire

SINK THE CLIPPER CHIP

Washington

Well-meaning law and intelligence officials, vainly seeking to maintain
their vanishing ability to eavesdrop, have come up with a scheme that
endangers the personal freedom of every American.

Nobody doubts that F.B.I. wiretaps help catch crooks or that the National
Security Agency's "Big Ears" alert us to the plans of terrorists.  And
nobody can deny that new technology makes it easier for the bad guys to
encode their communications to avoid the eavesdropping of the good guys.

But the solution that faceless Clinton officials are putting forward shows
outdated law enforcement rooted in abysmal understanding of the 
information explosion.

The Clinton notion, recycled from an aborted Bush idea, is to put the same
encryption chip; in every telephone and computer made in the U.S.  This
new encoding device, or scrambler, would help you and me protect the
privacy of our conversations and messages and bank accounts from each 
other.  That sounds great, but here comes the catch:  The Federal 
Government would know and be able to use the code numbers to wiretap each 
of us.

To the tune of "I Got Algorithm," the Eavesdrop Establishment is singing 
that it will help us protect our privacy --- but not from intrusion by the 
Feds.  In effect, its proposal demands we turn over to Washington a 
duplicate set of keys to our homes, formerly our castles, where not even 
the king in olden times could go.

The "clipper chip" --- aptly named, as it clips the wings of individual
liberty --- would encode, for Federal perusal whenever a judge rubber-
stamped a warrant, everything we say on a phone, everything we write on a
computer, every order we give to a shopping network or bank or 800 or 900
number, every electronic note we leave our spouses or dictate to our
personal-digit-assistant genies.

Add to that stack of intimate date the medical information derived from
the national "health security card" Mr. Clinton proposes we all carry.
Combine it with the travel, shopping and credit data available from all
our plastic cards, along with psychological and student test scores.
Throw in the confidential tax returns, sealed divorce proceedings, welfare
records, field investigations for job applications, raw files and C.I.A.
dossiers available to the Feds, and you have the individual citizen
standing naked to the nosy bureaucrat.

Assure us not that our personal life stories will be "safeguarded" by
multiple escrows in the brave new world of snooperware; we saw only last
month how political appointees can rifle the old-fashioned files of
candidates and get off scot-free.  Whenever personal information is
amassed and readily available, it will be examined by the curious, and if
it is valuable, it will be stolen by political hackers.

Ah, but wouldn't it be helpful to society to have instant access to the
encoded communications of a Mafia capo, or a terrorist ordering the
blow-up of a skyscraper, or a banker financing a dictator's nuclear
development?

Sure it would.  That's why no self-respecting vice overlord or terrorist 
or local drug-runner would buy or use clipper-chipped American
telecommunications equipment.  They would buy non-American hardware with
unmonitored Japanese or German or Indian encryption chips and laugh all
the way to the plutonium factory.

The only people tap-able by American agents would be honest Americans ---
or those crooked Americans dopey enough to buy American equipment with the
pre-compromised American code.  Subsequent laws to mandate the F.B.I.
bug in every transmitter would be as effective as today's laws banning
radar detectors.

Tomorrow's law enforcement and espionage cannot be planned by people stuck
in the wiretap and Big Ear mind-set of the past.  The new Ultra secret
is that the paradigm has shifted; encryption has overcome decryption.

Billions now spent on passive technical surveillance must be shifted to
active means of learning criminal or aggressive plans.  Human informers
must be recruited or placed, as "sigint" declines and "humint" rises in
the new era; psychic as well as monetary rewards for ratting must be
raised; governments must collude closely to trace transfers of wealth.

Cash in your clipper chips, wiretappers:  you can't detect the crime wave
of the future with those old earphones on.

--- WinQwk 2.0b#1165
                                                                                                     





From talon57 at well.sf.ca.us  Mon Feb 14 09:01:28 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Mon, 14 Feb 94 09:01:28 PST
Subject: tracking contacts with clipper
Message-ID: <199402141659.IAA29724@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----

Tim May notes;

>This is an important point, which I've seen mentioned a few times
>over the past 10 months, but not given nearly enough attention. To
>wit, if Clipjack phones are ever used by dissidents, subversives,
>Cypherpunks, etc., then the key block that goes out with every
>call--from both ends of course--will make recording the identities
>of both parties trivial.

 I agree with Tim whole-heartedly on this one. If the NSA gets it's
much desired "Digital Telephony Initiative" passed it will be a
trivial matter both politically and technologicly to intercept and
record all clipper key block transactions. The ability of the NSA
to do this, and the usefullness of this kind of traffic analysis is
left as an exercise for the reader.


Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced comunication is
                  indistinguishable from noise." --Steve Witham
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLV+pGdCcBnAsu2t1AQGKJQP+KFDQpldLphqjmZAKlLXHE5Hv/uN01OwN
jK6Dg0gCuS/ffCyzX3G0E7Zu9EcyMN8v6LWFCDTtpTVJCmsGrxjlapzyyS3QAH3r
+HdflypHtd0XEwLIdG2j2XJ3t7sATk5hYgfFG68J2Qw0WSuCrWNc0P2uOCK8XFQ7
meOESkfnsKs=
=GOf2
-----END PGP SIGNATURE-----






From sandfort at crl.com  Mon Feb 14 09:11:28 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 14 Feb 94 09:11:28 PST
Subject: Tracking Contacts with Clipper
In-Reply-To: <199402140500.VAA09723@mail.netcom.com>
Message-ID: <Pine.3.87.9402140956.A28774-0100000@crl.crl.com>


C'punks,

Tim asked about "phone remailers" in one of his recent posts.  Until that 
happens, remember that the anonymous phone cards offered by AT&T and 
Western Union (and others) are almost as good.  This is especially true 
if you "chain" call through two or more different phone cards.  
(Expensive, though.)


 S a n d y










From tcmay at netcom.com  Mon Feb 14 09:13:34 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 14 Feb 94 09:13:34 PST
Subject: Typo in article I quoted
Message-ID: <199402141703.JAA29916@mail.netcom.com>


Jay Freeman has informed me that the recent NYT article mentioned in
a talk.politics.crypto posting I quoted contained an obvious typo:
"9/12/94" instead of "2/12/94."

Ordinarily this would be of no consequence, but Jay points out--quite
properly--that I have a well-known penchant, not to be confused with
my well-known pynchont, for using fictional accounts of happenings for
satirical effect. The inclusion of a _future_ date was merely a typo,
not a hint at satire.

So, the article really did appear, or so said the talk.politics.crypto
article. (We out here on the beach have to visit our nearest bookstore
to actually get a copy of that there New York City paper.)

And today's Safire article, provided by Duncan Frissell, is a
compelling critique. Admiral Bobby must be really fuming now.

--Tim

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From hughes at ah.com  Mon Feb 14 09:21:29 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 14 Feb 94 09:21:29 PST
Subject: copyrights of anonynous messages
In-Reply-To: <9402130428.AA27705@iikk.inter.net>
Message-ID: <9402141709.AA17861@ah.com>



>What do I do about anonymous notes?

Say "Fly! Be free!" to them.

Eric





From DELMENDO at VM1.TUCC.TRINITY.EDU  Mon Feb 14 09:31:29 1994
From: DELMENDO at VM1.TUCC.TRINITY.EDU (Dirk Elmendorf)
Date: Mon, 14 Feb 94 09:31:29 PST
Subject: No Subject
Message-ID: <9402141727.AA16467@toad.com>


unsubscribe delmendo at trinity.edu





From tcmay at netcom.com  Mon Feb 14 09:41:28 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 14 Feb 94 09:41:28 PST
Subject: Precedent for PGP legality
In-Reply-To: <01H8V5JH4BG29JDWG9@delphi.com>
Message-ID: <199402141739.JAA06467@mail.netcom.com>


Mike Ingle (whose post I am replying to) or Charles Johnston (whose
name was included at the bottom of the post) writes:

> like alive. This is a court decision that found the construction of a
> patented device for nonprofit purposes is not an infringement.
...

> This seems to say that PGP is okay to use!  I would appreciate
> ANY comments!  I will be researching this further REALLY soon!

Yes, this is well-known and is mentioned, I believe, in the PGP docs.
Private use for experimental purposes, or for the purposes of
improving an invention, are recognized legit uses. Implementing RSA as
a class project or textbook problem is common, and RSADSI will not
bother with such cases. (Nor has RSADSI bothered any users of PGP, if
truth be told, unless they were involved in the hassling of Zimmermann
vis-a-vis the grand jury investigation...which hasn't been established
one way or another.)

Where it gets dicey is when people are using an invention in a way
that circumvents the patent rights of the inventor. The common use of
PGP is clearly for communication, for most people, not for study on
their home machines of how the algorithm works, how it might be
improved, etc.

I'm not arguing RSADSI's side, merely pointing out that calling the
growing use of PGP for communication and the signing of articles an
"experiment" is misleading, and even disingenuous. Not to sound like
Sterno here, but I think the lawyers here will back me up on this.

Now maybe the RSA patents are invalid, maybe the fact that public
money was used to support the researches at Stanford and MIT that led
to public key and RSA means "we" own the patents (not supported by
decisions, though), etc. 

In any case, I think PGP is the best thing that has ever happened to
the popularity of RSA and RSADSI, and I have told Jim Bidzos this.

> By the way, when was the RSA patent granted?  They only last
> 17 years!
> 
> Charles Johnston

The "cloud" of P-K and RSA patents begins to expire in 1997 or 1998
and the last of the original five expires in 2002. The five patents
have been listed several times here and many times in sci.crypt, so
watch that space for details--or rummage through your archived mail.

RSADSI has tried to ensure its future licensing revenue stream by
acquiring other patents. It recently bought the "Schnorr" patent,
which apparently covers the DSS/DSA digital signature algorithm. This
patent will run until 2010 or later, I gather.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From hughes at ah.com  Mon Feb 14 10:01:29 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 14 Feb 94 10:01:29 PST
Subject: Safire Savages Clipper
In-Reply-To: <199402141434.AA14955@panix.com>
Message-ID: <9402141747.AA18006@ah.com>


>William Safire

Will someone put a few "Big Brother Inside" stickers inside a stamped
#10 envelope and snail-mail it to Safire?

It _will_ get mentioned in a column.

Eric





From rcain at netcom.com  Mon Feb 14 10:05:23 1994
From: rcain at netcom.com (Robert Cain)
Date: Mon, 14 Feb 94 10:05:23 PST
Subject: decrencr or crypdec?
In-Reply-To: <9402120202.AA02502@smds.com>
Message-ID: <199402141756.JAA17784@mail.netcom.com>


FutureNerd Steve Witham sez:
> 
> Bob Cain says-
> > 
> > ...decrencr.  (Short word
> > I just coined for decryptor/encryptor as in modem or codec :-)
> 
> How about crypdec (pron. "cryptic")?
> 

Much better!  I like it.  :-)

Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From pmetzger at lehman.com  Mon Feb 14 10:21:30 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Mon, 14 Feb 94 10:21:30 PST
Subject: Safire Savages Clipper
In-Reply-To: <9402141747.AA18006@ah.com>
Message-ID: <9402141821.AA18695@andria.lehman.com>



Speaking of which, could someone send me the postscript for "Big
Brother Inside" stickers?

.pm

Eric Hughes says:
> >William Safire
> 
> Will someone put a few "Big Brother Inside" stickers inside a stamped
> #10 envelope and snail-mail it to Safire?
> 
> It _will_ get mentioned in a column.
> 
> Eric





From boone at psc.edu  Mon Feb 14 10:25:31 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Mon, 14 Feb 94 10:25:31 PST
Subject: SCHEME for FULL-SPEC RETURN PATH
Message-ID: <9402141601.AA25873@igi.psc.edu>


-----BEGIN PGP SIGNED MESSAGE-----


 This is a portion of mail that I sent to bill stewart.  Since bill seems to
 busy to send a critique, could someone else comply, please?

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C

- ------- Forwarded Message

Date: Thu, 03 Feb 94 13:45:31 -0500
From: "Jon 'Iain' Boone" <boone at psc.edu>


  How secure do you think this is?

  Three remailers:

  anon1+ at a.edu
  anon2+ at b.com
  anon3+ at c.org

  Originator: boone at psc.edu (really igi.psc.edu, as Message-ID: shows)
  Receiver: wcs at anchor.ho.att.com

  ()Ka == contents inside () are encrypted with Public Key of A

  mail addressed to random+*@foo.edu == mail to user random at foo.edu,
					random's mail processor will
					deal with the +*

  The sender must encrypt his/her own address with the public key of the
  first remailer and put it in the X-A-R-P: field.

  Upon reciept of a message with X-A-S-P: set to non-empty, the re-mailer
  will strip off its portion of the address and decrypt the rest with its
  private key.

  It will add itself to the X-A-R-P: and encrypt it in the public key of
  the next remailer on the X-A-S-P:

  If there is nothing in the X-A-S-P: (after having removed its own address),
  then it needs to be sent to the To: address, so we set the From: address to 
  be the contents of the X-A-R-P: with its own address pre- & post- pended.  
  That way, the reciepient need not change his/her mail agent to respond via 
  the X-A-R-P: (or even need to include the X-A-S-P: in the outgoing response).

  If the message doesn't have an X-A-S-P:, the remailer checks the "To:"
  for the contents of what would have been the X-A-S-P: with its own address
  pre- & post- pended.  By stripping off its own address and de-crypting the
  resultant, it has the next address to send it to. 

  Barring wire-tapping, your privacy is susceptible in the logs (syslog, etc.)
  of the first remailer (a.edu in my example) or if all the RSA-keys for
  a.edu, b.com and c.org are broken.  To dampen wire-tapping, you could encrypt
  the contents of the message with padding, making traffic analysis more
  difficult.

  Comments?

  IGI.PSC.EDU:

  To: wcs at anchor.ho.att.com
  X-A-S-P: anon1+"(anon2+"(anon3+ at c.org)Kb"@b.com)Ka"@a.edu
  X-A-R-P: (boone at psc.edu)Ka
  From: boone at psc.edu
  Message-Id: <348723472.AA34890235 at igi.psc.edu>

  A.EDU:

  To: wcs at anchor.ho.att.com
  X-A-S-P: anon2+"(anon3+ at c.org)Kb"@b.com
  X-A-R-P: (anon1+"(boone at psc.edu)Ka"@a.edu)Kb
  From: anon1+ at a.edu
  Message-Id: <2349458.AA23575 at a.edu>

  B.COM:

  To: wcs at anchor.ho.att.com
  X-A-S-P: anon3+ at c.org
  X-A-R-P: (anon2+"(anon1+"(boone at psc.edu)Ka"@a.edu)Kb"@b.com)Kc
  From: anon2+ at b.edu
  Message-Id: <8980234.AA23489203 at b.com>

  C.ORG:

  To: wcs at anchor.ho.att.com
  X-A-R-P: anon3+"(anon2+"(anon1+"(boone at psc.edu)Ka"@a.edu)Kb"@b.com)Kc"@c.org
  From: anon3+"(anon2+"(anon1+"(boone at psc.edu)Ka"@a.edu)Kb"@b.com)Kc"@c.org
  Message-Id: <2343.AA123 at c.org>

  ANCHOR.HO.ATT.COM: (Reply) 

  To: anon3+"(anon2+"(anon1+"(boone at psc.edu)Ka"@a.edu)Kb"@b.com)Kc"@c.org
  From: wcs at anchor.ho.att.com
  Message-Id: <99234.AA23492383 at anchor.ho.att.com>

  C.ORG:

  To: anon2+"(anon1+"(boone at psc.edu)Ka"@a.edu)Kb"@b.com
  From: wcs at anchor.ho.att.com
  Message-Id: <2342349324.AA2343242 at c.org>

  B.COM:

  To: anon1+"(boone at psc.edu)Ka"@a.edu
  From: wcs at anchor.ho.att.com
  Message-Id: <98234234.AA123213 at b.com>

  A.EDU:

  To: boone at psc.edu
  From: wcs at anchor.ho.att.com
  Message-Id: <7732432.AA52342 at a.edu>

  Of course, some work would be necessary to accomodate double-blind
  conversations.


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLV92F4SAMUrxt1aZAQErUQQAggfMfjxAXS0rk9AL5uZTNN9adGNJqMvF
gC5QSlgSki2bmUzfeoq/2cSpdUx7vX9LPCGd88+RnnouyhCDhK0a6fOLGgEDrtar
miKGU11Ernt/bQC6gwvBa+KuD7pceLM2mPGw9NLxLMwwajP/U6CxL2/bMXIQhxZ0
eMTM76QuEwE=
=tfVg
-----END PGP SIGNATURE-----
#





From spin at iastate.edu  Mon Feb 14 10:31:30 1994
From: spin at iastate.edu (Aran Christopher Cox)
Date: Mon, 14 Feb 94 10:31:30 PST
Subject: Strategies for getting encryption in widespread use QUICKLY
In-Reply-To: <9402130323.AA00709@prism.poly.edu>
Message-ID: <9402141621.AA18396@pv322b.vincent.iastate.edu>



rarachel at prism.poly.edu (Arsen Ray Arachelian):

>On Amiga????

Should be reasonably easy to implement depending on at what point.
A drop in replacement for serial.device (most all term programs and 
BBS's would most likely support this) wouldn't be healthy as at
the handshaking would have to be done unencrypted until a session-key
was established.  Perhaps if the serial.device were written to use
the normal serial.device and except a certain escape sequence that
could be sent to the serial.device as normal output that would
be intercepted as a key of some sort.  

Other options include a shared library that an application would have
to look for and use.  (This would of course involve a rewrite of
all the term soft, etc.)  

In any case, a sorta standard using pgp to exchange session keys
seems like a good idea.  Something worth noting though, the internet
is a packet network and most bbs via modem just stream things don't they?
I suppose you might have to use a stream cipher or just have the 
BBS/Term soft wait until you have an IDEA blocks worth, or a certain
time limit then crypt and send.





From DELMENDO at VM1.TUCC.TRINITY.EDU  Mon Feb 14 10:51:29 1994
From: DELMENDO at VM1.TUCC.TRINITY.EDU (Dirk Elmendorf)
Date: Mon, 14 Feb 94 10:51:29 PST
Subject: No Subject
Message-ID: <9402141848.AA18082@toad.com>


Anybody know any anonymous news reader cites?


   Please send replies to delmendo at trinity.edu





From katzb at maillink.dowling.edu  Mon Feb 14 10:55:06 1994
From: katzb at maillink.dowling.edu (Barbara Katz)
Date: Mon, 14 Feb 94 10:55:06 PST
Subject: UNSUBCRIBE
Message-ID: <9402141052.A11341@maillink.dowling.edu>


PLEASE REMOVE MY NAME FROM THIS LIST.  I'M BEING INUNDATED WITH
MULTIPLE MESSAGES WITH REPEAT INFORMATION.

THIS IS NOT OF ANY USE TO ME.  KATZB at DOWLING.EDU


SIGNING OFF - OVER AND OUT






From tcmay at netcom.com  Mon Feb 14 11:01:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 14 Feb 94 11:01:30 PST
Subject: CARD FRAUD AND COMPUTER EVIDENCE...an article to read
Message-ID: <199402141858.KAA19993@mail.netcom.com>



There's an amazing article in talk.politics.crypto called "CARD FRAUD
AND COMPUTER EVIDENCE" which I urge all of you to read. It's 300 lines
long, so I'm not attaching it here.

It's about a case in England that just concluded. A police constable
complained to his local bank (a "building society") that 6 ATM
withdrawals on his record were not made by him.

The bank checked its "security" procedures and concluded that all was
OK and that the man was lying. He was then charged with a crime and
the case went to trial.

The expert witness on computer security and cryptography, Ross
Anderson, the author of the article, has some chilling things to say
about the almost primitive level of security in the bank-ATM system.
He clearly believed the defendant (the constable) was sincere in his
claims and that someone had defeated the primitive security system.

If you don't read the article, I'll summarize the outcome here.
Spoilers follow, so exit now if you don't want to see them.

The man was found guilty of making a false claim (or whatever the
precise charge was). This despite his 19 years with the police (not a
ringing endorsement to some of us, but you know what I mean) and the
ample evidence that many avenues existed for others to have forged his
card and gotten his PIN. In fact, the bank had not bothered to
investigate several hundred previous anomalies....apparently because
these cases had never gotten into a courtroom!

The man is now facing the loss of his constable job, the loss of his
pension, the resulting loss of his house in all probability, and
whatever criminal penalties are handed out.

The lessons for Cypherpunks are not clear, but this story makes for a
compelling read. I suspect there are some real lessons.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From lefty at apple.com  Mon Feb 14 11:11:31 1994
From: lefty at apple.com (Lefty)
Date: Mon, 14 Feb 94 11:11:31 PST
Subject: Safire Savages Clipper
Message-ID: <9402141903.AA16561@internal.apple.com>


Perry asks:
>
>Speaking of which, could someone send me the postscript for "Big
>Brother Inside" stickers?

Me, too.  Or better still, put it on an anonymous ftp site somehwere...

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From qwerty at netcom.com  Mon Feb 14 11:41:30 1994
From: qwerty at netcom.com (Xenon)
Date: Mon, 14 Feb 94 11:41:30 PST
Subject: alt.steganography
Message-ID: <199402141932.LAA15176@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Tim May wrote,

>(And why not, by the same logic, also create alt.random.numbers,
>alt.dining.cryptographers, alt.remailers, alt.digital.money,
>alt.voice.pgp, and so on? All of these are of about the same
>importance as stegonography. Probably more so, as stegonagraphy is
>inherently limited by it being "security through obscurity," which
>typically doesn't last very long. Like invisible inks and
>microdots--the two compelling examples of past stegonagraphy--once the
>secret gets out, the technique rapidly fades in significance.)

The whole point is that with Stealth-PGP, you don't need the "obscurity"
part. It doesn't matter if people know the Cypherpunks are using steg.
But as it is now, with current PGP, using steg is detectable using
automated methods, something Clipper will allow. The equivalent of
invisible inks and microdots aren't what I'm talking about. I'm talking
about sending messages right out there in public, in which your encrypted
message is masquerading as noise in the carrier message, and in which
nobody can prove that that noise IS a message unless they successfully
decrypt it, only possible with the right secret key. How better to render
the Clipper chip an insignificant worry?

>Cool your jets, Xenon! :-}

I try. I crank down a beer and get enough sleep, and yet a certain
fanatical drive remains. Hasn't exactly hurt me much, in fact it's
gotten me quite far in this world ;-).

I think it's time to fire up all of our jets, and happily yours were
fired up too, with your "Sabotage of Clipper" posts here. My point
is, Stealth-PGP combined with a steganograph is the technological
way to "sabotage" Clipper. It REALLY is. Think about it. But it's just
that like you said, most people are struggling just to understand
how to use PGP. What I attempted to do was get those people to at
least understand what steganography was, and how current PGP
will allow random Info Superhighway spot-checks for the soon-to-
be-banned use of real encryption. How can they hope to outlaw PGP,
if they can't even figure out you are using it?

>...cf. my post in 1988 in sci.crypt on the LSB method...

Could someone send me this (Hi Tim), as I only got a modem in '93,
five years after the post. Actually with the rate of growth of the
internet, MOST people out here haven't seen that post.

>> There's quite a few serious programmer types who want to create
>> steganographic software. I've gotten quite a response to my "announcing"
>> Stealth-PGP on Usenet. The person who gets credit for coming up with
>> the name "Stealth" instead of my boring "VGP" says he has changed plans
>> and hopes to offer an external utility to strip and later restore any PGP
>> message. For the newbies, this isn't just removing the "-----BEGIN..."
>> header and footer!

> Maybe I'm revealing myself as one of the "newbies," but what do you
> mean here? Headers and footers all look the same, meaning they are
> apparently uncorrelated to the contents (carry no information). I
> agree that not having them introduces other problems (knowing which
> bits to treat as the PGP message, as above).

The "headers and footers" are trivial to remove and restore, so they
aren't the important thing to strip off and later restore. It's the hidden
headers and footer WITHIN any PGP message, binary or ascii, that need
to be stripped and later restored. Then steganography is SO much more
useful. See pgp.format in the PGP documentation. I'll just say, ideally
with such a utility, or updated form of PGP, you could send an encrypted
message using steg, or even without using steg, and nobody who wasn't
willing to spend some serious time looking into the matter could nail you
for sending an encrypted message. "Sufficiently advanced communication
is indistinguishable from noise."

The problem with knowing WHICH bits to treat as the message is a
technicality. The simplest is to make the carrier exactly the right size!
You can put padding WITHIN the Stealth-PGP message if you want. And
this is only the most simple-minded solution.

>I'm not sure who your source was, but be advised that the term
>"Stealth PGP" was in use at least a year ago....I heard Kelly Goen or
>Phil Zimmermann refer to a future version of PGP with this name. Not
>that it really matters a lot, but you ought to be aware that the
>designers of PGP were aware of the issues you have raised
>recently. Only so much time to get everything done, though.

"Nobody can be so amusingly arrogant as a young man who has just
discovered an old idea and thinks it is his own." - Sydney J. Harris

I've been actively reading alt.security.pgp for a year now, and the
ONLY time this was mentioned was when I asked about it last year.
Very little interest was generated. And given the lack of response
of the PGP development team to potential USERS voicing their needs,
I think getting the general population of PGP users to know enough to
ASK FOR Stealth-PGP, will go a long way in getting the developers to
stop putting this on the back burner.

Be advised that the person who in the end gets credit for coining a
term gets credit for coining a term ;-). If be it lost in some old post,
and I've never seen PRZ post to Cypherpunks or alt.security.pgp in
the last year, then I get the Pulitzer, since mine got noticed. Yes, I think
many of the PGP developers realize a need for Stealth-PGP, but I also
think with good justification, that they could use a bit of a push. A bit
of an eye-opening about how Stealth-PGP could be the "Underground's
answer to the Clipper chip."

>...
>jaded in the face of Xenon's obvious anxiousness to get rolling.  It's
>just that Romana M., for example, put a _huge_ amount of effort into
>her Stego program...and it was not met with cymbal crashes of
>enthusiasm, either by folks on this list or outside. I suspect this is
>because, when you get down to brass tacks, stegonography is just a
>backwater of crypto (to mix some metaphors horribly). Once you've
>played around with it, what do you actually _use_ it for?...

That's because PGP tattles on itself, and Stego can be reversed by
anyone.

Mind shift needed. Think think think. You use it for.... Defeating the
Clipper chip. See, they are going to outlaw real crypto soon. I liked the
point about how Denning's secret need for the Clipper as being the use of
the NSA as an ECONOMIC spy agency, not just for terrorist types. They
want to spy on SONY! Now you're talking billions of dollars at stake, for
if economics isn't part of "national security", what is? Those kind of
forces lead to the common man's rights being forfeited.

"Encryption Always Wins" (Who said that?). But only if your encrypted
messages can only be shown to BE a message by successfully decrypting
it. Here stegonography becomes crucial, NOT to "hide the message", but
to give you an EXCUSE for sending random-looking blocks of data.

>I happen to agree that transmitting bits in the LSBs of sound and
>image files gives "plausible deniability" to users of crypto. Work
>should continue on this. I just don't see much urgency for getting
>the capability widespread _right now_, especially not when the
>practical difficulties of using PGP (discussed many times) mean most
>of us are rarely using it at all!

Well, _right now_, I seem to notice that these guys in suits in Washington
are arranging that they have the tools needed to smart-search not just
the internet but ALL electronic communication for PGP messages. Then
your name goes on their "crypto subversive" list, and the computer starts
logging WHO you are talking to, and then 1984 has arrived. This is happening
_right now_.

>Plenty of higher priority projects, in my opinion.

Those projects, at least those that relate to Clipper, seem to be politically
oriented. "Sabotage Clipper", "Call you reps", "Join EFF",
"Get more to use remailers and PGP". These are great, but if you step
back and look for what acts will have true historical significance,
Stealth-PGP alongside a nice Plug-and-Play steganograph looks to me like
what's going to make it into the history books, and is what will have the
most damning effect on those pushing their silly Clipper chip on us.

The other point, crucial in my mind, is that getting large numbers of people
to use PGP becomes much less important if you have Stealth-PGP and a
steganograph. Then in effect they are still helping you obtain "obscurity",
but all they need to do is send ANY digital message that has noise in it.

There's a paradigm-shift needed here. When it clicks into place in one's
mind, you will see why I am so adamant about Stealth-PGP, for rather than
being a back-burner project, it is THE very thing that is most important
for the defeat of Big Brother's Clipper chip and his wiretap proposals. It
REALLY IS a "Stealth" technology. I'm sure there are already thousands in
repressive countries who need it NOW, and if you don't call the USA a
repressive country as well, I've got a burning Constitution and Bill of
Rights for you burn your hands on.

You can nit-pick specific details and problems with the idea, but that's
why I proposed alt.security.steganography. I think we could make this
thing fly. Maybe steganography isn't even the right word however! I'm not
talking about hiding a plaintext message on an electronic microdot.

>My advice is to discuss it here, or on sci.crypt. If the volume is
>consistently high for at least several months, that's the time to
>think about creating a special group or list for it.

Message received.

 -=Xenon=-



-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLV+JjgSzG6zrQn1RAQHSSgP/cL61D/OwM4VHfk9aL7LC+JC0kDxdHwRQ
4/MxFd66EVXONCnYSRxTE8WRJsuNdOGTzDW2L43cMNeik3/jZd9vdb3pn7YibrSN
2Z+8qKfeKAvJMLNkIZ3xGz6/radp0gjHpU6/raIi33yGwCn1au3yRcoP7iy1yDHa
i1GKC3E2T54=
=6bwj
-----END PGP SIGNATURE-----





From cknight at crl.com  Mon Feb 14 11:51:31 1994
From: cknight at crl.com (Chris Knight)
Date: Mon, 14 Feb 94 11:51:31 PST
Subject: Safire Savages Clipper
In-Reply-To: <9402141821.AA18695@andria.lehman.com>
Message-ID: <Pine.3.87.9402141134.A18798-0100000@crl.crl.com>



Could someone perhaps put the postcrypt on a FTP site?


On Mon, 14 Feb 1994, Perry E. Metzger wrote:

> 
> Speaking of which, could someone send me the postscript for "Big
> Brother Inside" stickers?
> 
> .pm
> 
> Eric Hughes says:
> > >William Safire
> > 
> > Will someone put a few "Big Brother Inside" stickers inside a stamped
> > #10 envelope and snail-mail it to Safire?
> > 
> > It _will_ get mentioned in a column.
> > 
> > Eric
> 






From hayden at krypton.mankato.msus.edu  Mon Feb 14 12:01:29 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 14 Feb 94 12:01:29 PST
Subject: Safire Savages Clipper
In-Reply-To: <9402141747.AA18006@ah.com>
Message-ID: <Pine.3.89.9402141421.A14288-0100000@krypton.mankato.msus.edu>


On Mon, 14 Feb 1994, Eric Hughes wrote:

> Will someone put a few "Big Brother Inside" stickers inside a stamped
> #10 envelope and snail-mail it to Safire?
> 
> It _will_ get mentioned in a column.

Where can you get these stickers?

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From frissell at panix.com  Mon Feb 14 12:11:31 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 14 Feb 94 12:11:31 PST
Subject: Markoff on Cypherpunks
Message-ID: <199402142007.AA16135@panix.com>


For personal use only...

Keyboarding by Lois Roth

NEW YORK TIMES

SUNDAY, FEBRUARY 13, 1994

Ideas & Trends

Cyberspace Under Lock And Key

By  John Markoff

SAN FRANCISCO

In Silicon Valley some of the country's best computer hackers are talking
about acts of civil disobedience in cyberspace.

Their target is a plan by the Federal Government to discourage a
proliferation of coding schemes that insure electronic conversations are
private -- from everyone including the authorities.  Under a plan being
pushed by the Clinton Administration, the computer industry would be
strongly encouraged to adopt a new data scrambling standard, embodied in
a device called the Clipper Chip, that would allow law enforcement
agencies, armed with court orders, to eavesdrop on electronic 
communications.

Earlier this month, Vice President Al Gore said the proposed standard was 
an important law and order issue for the Administration.  The danger, he
warned, is that unchecked computer coding technology will make it possible
for terrorists and criminals to have secret electronic conversations.

The White House is also pressing for legislation that would require
telephone networks, cable companies and wireless communications services
to install systems that allow law enforcers to listen in.

While the Clipper system is voluntary today, a coalition of Silicon Valley
business executives and civil liberties advocates argues that there is no
guarantee that it won't be made mandatory by a future Administration.
In the meantime, it could become a de facto standard as companies that
want to do Government business would have to install the chips in their
products.  Furthermore the Government could use existing export laws to
require Clipper chips in any computers shipped to other countries.

"They're asking us to ship millions of computers abroad with a chip 
stamped J. Edgar Hoover inside," said John Gage, director of the science 
office at Sun Microsystems Inc., a maker of computer work stations based 
in Mountain View, Calif.  "We refuse to do it."

A Silicon Valley group called Cypherpunks, which wants to make free and
powerful cryptography available to the masses, has been discussing ways to
trick officials into thinking the keys to the Clipper code have been
stolen.  Others are considering violating export restriction laws by
sending thousands of copies of encoding software out of the country over
the Internet.

In fact, the ability to devise coding schemes -- unbreakable even by the
most powerful supercomputers -- is so widespread that trying to impose
a universal standard may be like trying to enforce Prohibition.  Home-
brew coding software can be easily exported by electronic rumrunners on
computer disks or instantly sent over electronic networks to any city in
the world.

With Clipper, which was developed by the National Security Agency,
communications are mathematically scrambled with an unbreakable code, but
an extra set of two keys -- actually long numbers -- would permit
authorized third parties to listen in, with the same restrictions that
now apply to wiretapping.

As a safeguard, both keys would be required to monitor conversations.  But
some opponents argue that the system could still be abused by Government
officials or clever hackers who are able to steal the code.

They also point out that despite claims that Clipper is necessary for
national security, no other foreign Government or foreign company has
indicated that it is willing to use a coding system that is breakable
by the United States spying agencies.  Even close allies like Canada
and Britain have said they are not willing to adopt Clipper.

Last week, Michael Nelson, an Administration official in charge of
technology policy, broadcast an electronic mail message over the Internet
to reassure computer users that the Government has no intention of
enforcing mandatory encryption.  But skeptics remain unpersuaded.  "They
are utterly transfixed with the horrible vision of the nuclear armed
terrorist," said John Perry Barlow, a founder of the Electronic Frontier
Foundation, a public interest computer group that is campaigning to stop
the Clipper chip.  "This is the last ditch effort of the old superpowers
trying to establish imperial control over  cyberspace."

Across the Internet, activists are discussing civil disobedience
strategies while mainstream groups like the Electronic Frontier Foundation
and the Computer Scientists for Social Responsibility are organizing a
lobbying attempt against Clipper.

But some hackers aren't waiting for the government to back down.  They're
pressing ahead with their networks.  A programmer named Philip Zimmerman
has written free software called Pretty Good Privacy for protecting
electronic mail messages.  The program touched off a Justice Department
investigation after it was sent overseas through international networks.

Now Mr. Zimmerman is working on another free program that will allow
personal computers, equipped with microphones, speakers and conventional
high-speed modems, to act as secure telephones, allowing their users to
have private conversations that can't be overheard.  This promises to be
about as popular with Clipper supporters as radar detectors are with the
highway patrol.

"They were angry about Pretty Good Privacy," said Mr. Zimmerman.  "They're
going to go ballistic over this."

--- WinQwk 2.0b#1165
                                                                                                        





From cpsr at access.digex.net  Mon Feb 14 12:31:31 1994
From: cpsr at access.digex.net (Dave Banisar)
Date: Mon, 14 Feb 94 12:31:31 PST
Subject: Safire Savages Clipper
Message-ID: <9402141532.AA45514@Hacker2.cpsr.digex.net>


I'll put them on the cpsr.org archive if someone sends them to me.

Dave



> Message-Id: <9402141903.AA16561 at internal.apple.com> 
> Mime-Version: 1.0 
> Content-Type: text/plain; charset="us-ascii" 
> Date: Mon, 14 Feb 1994 11:04:01 -0800 
> To: cypherpunks at toad.com 
> From: lefty at apple.com (Lefty) 
> Subject: Re: Safire Savages Clipper 
> 
> Perry asks: 
> > 
> >Speaking of which, could someone send me the postscript for "Big 
> >Brother Inside" stickers? 
> 
> Me, too.  Or better still, put it on an anonymous ftp site somehwere... 
> 
> -- 
> Lefty (lefty at apple.com) 
> C:.M:.C:., D:.O:.D:. 
> 
> 
> 







From MJMISKI at macc.wisc.edu  Mon Feb 14 12:51:32 1994
From: MJMISKI at macc.wisc.edu (Matthew J Miszewski)
Date: Mon, 14 Feb 94 12:51:32 PST
Subject: Other list
Message-ID: <24021413163018@vms2.macc.wisc.edu>


Perry,
 
What happened to that other list you were starting?  Sorry if I
missed any announcement my account was messed up for a week or so.
 
--Matt
______________________________________________________________________________
In defense of liberty, encrypt for all purposes, civil and professional.
In defense of privacy, encrypt all correspondence, personal and professional.
In defense of sanity, do not encrypt your dry cleaning invoice!
 
       ++++++++--------mjmiski at macc.wisc.edu                          (c)1993





From qwerty at netcom.com  Mon Feb 14 13:11:31 1994
From: qwerty at netcom.com (Xenon)
Date: Mon, 14 Feb 94 13:11:31 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <199402142109.NAA01188@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Pat Farrell wrote,

>I personally think stealth PGP is the wrong direction. Widespread, blatant
>acceptance of PGP by the 10 million PC users with modems will do more to
>guarantee the legality of PGP than all the CSPR petitions. (Hey, I sent in
>mine too, I just don't think that a few thousand voices will be heard).

First of all, you only seem to be considering the USA. Widespread
acceptance of PGP in some countries isn't going to happen. But it sure
would be nice to be able to talk to people in those countries.

Second, if Stealth-PGP not be "the solution" or "the right direction" then
realize that simply its presence would add great psychological power to our
words against Clipper. And also realize that Uncle Sam in a year from now
fully intends to obtain the technology to smart-search all electronic
communications for PGP messages. If we can show that even in times of
national emergencies or crime-wave scares, that having Clipper and the
FBI wiretap proposal there to rely on, is just a foolish waste of our money.

Third, I think the PGP developers are almost just as guilty as the Clipper
designers in trying to, behind closed doors, design us an encryptor. The
same encryptor for everyone. The Great Grand Solution to everyone's
needs. Stealth-PGP would be powerful in the hands of the small minority
who want to use it. You don't need 10 million other users to create the
"security through obscurity" condition. It's trivial to put 10 million PGP
users on a list, then draw lines between names to find groups of
"subversives", then with another button push in the bowels of the NSA,
start taping their phones.

Lastly, PGP has been out there for years. Where's the 10 million users?
You don't even have 10,000. And Microsoft has a cryptographic division now.
And Clipper is so easy to use! The big boys are getting involved, and PGP isn't
what 10-100 million people are going to be using, unless you port the thing to
Mac and Windows and make it as easy to use as a Clipper phone. The internet is
a small world. There's only 15 million e-mail users. Do you really expect to get
70% of them to start using PGP? When? In a year? Because you better, or
"Microsoft Encrypt" not to mention "SONY EncryptorMan" are coming within
a year or two. Time's running out for PGP. But Stealth-PGP is a timeless
technology, like fire or the handgun. Once it's made, someone 1000 years
from now can still use it to hide their encrypted message.

 -=Xenon=-

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLV+hNwSzG6zrQn1RAQETHwP8CzC+/l1tdHckRkxGqVnRqjIgGigkZFu3
bCuC8MHp/yQr6i+mVarfpLcu0sjt5O0tJ6Ph4Jnfsy5vn4YrodAX1ShHzo6YwwsU
9jxxXcA17Xyh3lb6+4N7r+BC3AJ2PoSjrkV36OnuY0jKunB2iP2l1RZi75Pq/jHP
WYZEJEcJhHc=
=rr0c
-----END PGP SIGNATURE-----






From qwerty-remailer at netcom.com  Mon Feb 14 13:41:31 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Mon, 14 Feb 94 13:41:31 PST
Subject: Tracking Contacts with Clipper
Message-ID: <199402142133.NAA28895@mail.netcom.com>


Sandy wrote,
"Tim asked about "phone remailers" in one of his recent posts.  Until that
happens, remember that the anonymous phone cards offered by AT&T and
Western Union (and others) are almost as good.  This is especially true
if you "chain" call through two or more different phone cards."

Please post details of these. How do they charge you then? Must you use
a phonebooth?
 
 -=Xenon=-





From schneier at chinet.com  Mon Feb 14 13:44:31 1994
From: schneier at chinet.com (Bruce Schneier)
Date: Mon, 14 Feb 94 13:44:31 PST
Subject: APPLIED CRYPTOGRAPHY and Mondo 2000
Message-ID: <m0pWAy3-0006ImC@chinet.chinet.com>


People:

I would really like Mondo 2000 to review my book.  Suppsedly my editor
has been talking to someone there (if I had more details I would supply
them) but they are reluctant to do the review.  I remember some of you
people at the meeting in Jan had some connection with the magazine.  Any
suggestions on who I should talk to?

Bruce




From pmetzger at lehman.com  Mon Feb 14 13:46:54 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Mon, 14 Feb 94 13:46:54 PST
Subject: Other list
In-Reply-To: <24021413163018@vms2.macc.wisc.edu>
Message-ID: <9402142139.AA19168@andria.lehman.com>



Matthew J Miszewski says:
> Perry,
>  
> What happened to that other list you were starting?  Sorry if I
> missed any announcement my account was messed up for a week or so.

I've gotten busy -- probably will get to it within a few weeks. For
those that don't know what he's asking about, its a moderated
cryptography mailing list.

Perry





From blancw at microsoft.com  Mon Feb 14 13:49:12 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 14 Feb 94 13:49:12 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <9402142136.AA08132@netmail2.microsoft.com>


* intend to use these tools, or is your interest only theoretical?

.  I would use the tools when these became essential; in my 
circumstance, not necessarily every day (not yet)
.  It also would depend on the tools; they presently appear unreliable, 
unstable

*how much you are willing to reorganize your life in order to take 
advantage of these techniques.

.  It wouldn't take much adjusting to go from the potential to the 
actual based on my inclinations, if the techniques are convincingly 
effective in serving to enhance the possibilities in the real world, 
without making it too difficult to continue to interact with it.  Is it 
secrecy alone which could accomplish this?  I would agreeable to 
experiment with prototypes in order to work on real solutions which are 
effective in making the separation from the present attachment to 
government-regulated toolboxes.

 *what factors would increase or decrease your use of cryptographic 
products and services.

.  depends on how desperate the situation has become (how socialist & coercive)
.  the kind of equipment required (what special items; what cost)
.  portability; mobility (can I use any phone anywhere; do I need to 
take a laptop with me or would there be an "ATM" type card to use; how, where)
.  ease of use (I don't write code, I don't know Unix; automated 
set-ups & procedures)
.  conflicts or difficulties in coordinating procedures with the rest 
of the world, or at least wherever I may be at the time

Concerns:

.  these are all dependent on electricity,
.  the electric/utility companies are not anarchist
.  power outages & access during those times
.  what problems would one face with the government from the use of 
such tools; how apparent could it become that one is using a system 
which operates within "their" territory, yet outside of their influence
.  what if they find out; do I call EFF

*creating a digital bank/open an account in a digital bank:

.  just how would digital money be translated (exchanged) into other 
currency when needed it,
.  so that it would be possible to do business with those who are not 
also using digital cash;  what sort of interactions between differing 
systems to expect, to deal with
.  who would 'man' the bank (if it matters)
.  where would it be located (do we need to know)
.  what if it's raining & cold outside (ha-ha)

Basically, regarding digital banks & currency, I'm interested in any 
alternatives to the present situation, but am not very knowledgeable of 
just how these procedures would work or be managed, so that a customer 
like myself would understand what they were doing (follow the 
reasoning) and be confident that they could manage their accounts; 
also, how the value of this kind of 'cash' is established (relative to what?).

Blanc






From qwerty-remailer at netcom.com  Mon Feb 14 13:51:31 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Mon, 14 Feb 94 13:51:31 PST
Subject: Ccnet. Anonymous internet provider?
Message-ID: <199402142147.NAA15480@mail.netcom.com>


Forward from comp.org.eff.talk:

Netcom would loose alot of customers if its libertarian counterpart became
available....

 -=Xenon=-

comp.org.eff.talk #26742 (0 + 1 more)                                      [1]
From: allisat at r-node.io.org (Allisat)
[1] ccnet anonymous service
Date: Mon Feb 14 10:34:24 EST 1994
Organization: allisat at io.org
Lines: 95
Distribution: inet




ccnetccnetccnetccnetccnetccnetccnetccnetccnetccnetccnet



        common carrier network



        a Mac GUI on-line system serving the metro Toronto
        community  with an anonymous service and uncensored
        E-mail gateways.

        ccnet  anonymous... (416) 588-1483
        requires a Mac System 6.0+
        & free FC Client software

        User ID : anonymous

        Password : anonymous

        Hours of Operation 00:00 - 08:00 EST



ccnetccnetccnetccnetccnetccnetccnetccnetccnetccnetccnet



         Our private lives and personal communications are
         increasingly being monitored and controlled by
         corporate and government agencies. Individual
         freedom of expression will soon mean nothing
         unless we provide ourselves with forums which
         guarantee and safeguard our inallienable civil rights.

          ccnet anonymous is such a place. Here you will find
          freedom to write anything. Here you have anonimity
          to end the fear of being persecuted or prosecuted for
          your thoughts, opinions and ideas. If  we don't oppose
          the unending infringement of our rights they will
          simply not exist in futureure.

         The choice is ours...


ccnetccnetccnetccnetccnetccnetccnetccnetccnetccnetccnet


                     ccnet  electronic  post  guidelines



                     ccnet's volunteer administrators do not edit messages
                     for content and take no responsibility for any messages
                     posted on-line. Individuals connecting to ccnet do so
                     voluntarily and at their own risk. Parental guidance
                     is advised. ccnet is not responsible for the titles
                     and content of the messages which may be uploaded.
                     ccnet does not edit remove messages for contents. The
                     following guidelines have been established only in order
                     to facilitate the efficient distribution and storage of
                     messages not to interfere with, alter, determine or
                     censor the flow of messaging

                    1.  Messages posted to ccnet must be 18
                        Kilobytes or under in size.

                    2.  All attachments to messages posted to
                        ccnet must be PGP encrypted and
                        compressed.

                    3.  Messages which are over 18 K or
                        attachments which are unencrypted or
                        uncompressed will not be accepted for
                        distribution and removed after posting
                        notice to  "deletions".



ccnetccnetccnetccnetccnetccnetccnetccnetccnetccnetccnet



                    for information either log in directly
                    and send a message to "administrator"
                    or reply to "allisat at io.org"


ccnetccnetccnetccnetccnetccnetccnetccnetccnetccnetccnet





From MINITERS at Citadel.edu  Mon Feb 14 14:41:31 1994
From: MINITERS at Citadel.edu (Syl Miniter 803-768-3759)
Date: Mon, 14 Feb 94 14:41:31 PST
Subject: Who knows a good basic text on Huffman Codes
Message-ID: <01H8VU01TGOI986NB9@citadel.edu>


I am referring to the minimum bits  coding scheme invented by DAVID HUFFMAN
in 1951.
I would like something that does some concrete examples in radix other than 2
hanks for your help.
I think Huffman is at ucal-santa cruz and would like to know his e-mail address
as well.
He was at MIT back in the fifties and worked with Fano et al on coding theory.






From mg5n+ at andrew.cmu.edu  Mon Feb 14 15:21:32 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 14 Feb 94 15:21:32 PST
Subject: SCHEME for FULL-SPEC RETURN PATH
In-Reply-To: <9402141601.AA25873@igi.psc.edu>
Message-ID: <4hM0MZK00awUI1OFJF@andrew.cmu.edu>


> From: "Jon 'Iain' Boone" <boone at psc.edu>
> 
> 
>  How secure do you think this is?
>
>  Three remailers:
>
>  anon1+ at a.edu
>  anon2+ at b.com
>  anon3+ at c.org
>
>  Originator: boone at psc.edu (really igi.psc.edu, as Message-ID: shows)
>  Receiver: wcs at anchor.ho.att.com
>
>  ()Ka == contents inside () are encrypted with Public Key of A
>
>  mail addressed to random+*@foo.edu == mail to user random at foo.edu,
>					random's mail processor will
>					deal with the +*
...

>  To: anon3+"(anon2+"(anon1+"(boone at psc.edu)Ka"@a.edu)Kb"@b.com)Kc"@c.org
>  From: wcs at anchor.ho.att.com
>  Message-Id: <99234.AA23492383 at anchor.ho.att.com>
>
>  C.ORG:
>
>  To: anon2+"(anon1+"(boone at psc.edu)Ka"@a.edu)Kb"@b.com
>  From: wcs at anchor.ho.att.com
>  Message-Id: <2342349324.AA2343242 at c.org>
...

Well, I guess great minds think alike.  I'm already working on this. 
I've been hacking on in my spare time for about a month now.  My program
is about 75-80% done.  Here's how it will work:

You send mail to remail+getid at x.edu.  The remailer takes your address
and encrypts it with its private key, adds some random padding (to
disguise the legnth), a checksum, and then puts it in "ascii-armor"
format.  Then it mails it back to you.  You get an address of the format:

remail+to+8k3dsa5gzctoy6ahz433mwqqe1v4oo1fr at x.edu

Then when you post anonymously, you can use that address as a reply-to
address (a few of the cypherpunk remailers allow you to insert your own
reply-to fields, i think the BSU ones do.)

All of the encryption/decryption routines are completely finished.  The
only things left to do are to add the actual mail handler that will take
an incoming message, decrypt the address and forward the mail.  The
auto-reply program to send the encrypted addresses is finished also; it
works basically like my automatic faq-sender which you can email at
mg5n+remailers at andrew.cmu.edu .
The above is acutal output from my cipher and will decrypt to
mg5n+ at andrew.cmu.edu (if you have the secret key!)  I chose to use a
private key cipher instead of p-k because of the enourmous overhead that
you get with PGP, and I was afraid that it would be too big for the mail
headers.
The cipher used employs transpositions, substitution tables and cipher
feedback, in multiple layers of encryption.

Perhaps in the future, PGP encryption of the message could be added, and
better methods for chaining remailers, and compression of the mail
address before encryption (I have experimented with this).

I've been a bit busy with other things this past week so I haven't
worked on the program lately.  If you're serious about this, and you or
someone you know is willing to finish the program and actually run a
remailer using it, I'll let you have my source code so far.  Program is
written in C.





From mg5n+ at andrew.cmu.edu  Mon Feb 14 15:41:31 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 14 Feb 94 15:41:31 PST
Subject: REAL WORLD ENCRYPTION
In-Reply-To: <199402142109.NAA01188@mail.netcom.com>
Message-ID: <8hM0XU600awUI1OFk_@andrew.cmu.edu>


Period 5 noble gas element Z=54 sez:

> Third, I think the PGP developers are almost just as guilty as the Clipper
> designers in trying to, behind closed doors, design us an encryptor. The
> same encryptor for everyone. The Great Grand Solution to everyone's
> needs. Stealth-PGP would be powerful in the hands of the small minority
> who want to use it. You don't need 10 million other users to create the
> "security through obscurity" condition. It's trivial to put 10 million PGP
> users on a list, then draw lines between names to find groups of
> "subversives", then with another button push in the bowels of the NSA,
> start taping their phones.

Except, PGP was not developed behind closed doors, anyone can download
PGP23srcA.ZIP and read the full specs on the encryption system used, and
you don't have to register your key with Phil Zimmerman.

> Lastly, PGP has been out there for years. Where's the 10 million users?
> You don't even have 10,000. And Microsoft has a cryptographic division
> now.  And Clipper is so easy to use! The big boys are getting involved,
> and PGP isn't what 10-100 million people are going to be using, unless
> you port the thing to Mac and Windows and make it as easy to use as a
> Clipper phone. The internet is a small world. There's only 15 million
> e-mail users. Do you really expect to get 70% of them to start using
> PGP? When? In a year? Because you better, or "Microsoft Encrypt" not
> to mention "SONY EncryptorMan" are coming within a year or two.
> Time's running out for PGP. But Stealth-PGP is a timeless
> technology, like fire or the handgun. Once it's made, someone 1000
> years from now can still use it to hide their encrypted message.

So?  So what if Microsoft has a crypto division...  Maybe it will
encourage more people to use crypto. (I wouldn't place much trust in
Microsoft software tho, judging from some of their past foulups.)  Sony
Encryptorman might be a bit better (if it exists) since they're not in
the US.





From kshep at netcom.com  Mon Feb 14 15:51:31 1994
From: kshep at netcom.com (K. Sheppard)
Date: Mon, 14 Feb 94 15:51:31 PST
Subject: Tracking Contacts with Clipper
In-Reply-To: <199402142133.NAA28895@mail.netcom.com>
Message-ID: <Pine.3.85.9402141835.A29325-0100000@netcom6>


On Mon, 14 Feb 1994 qwerty-remailer at netcom.com wrote:

> Sandy wrote,
> "Tim asked about "phone remailers" in one of his recent posts.  Until that
> happens, remember that the anonymous phone cards offered by AT&T and
> Western Union (and others) are almost as good.  This is especially true
> if you "chain" call through two or more different phone cards."
> 
> Please post details of these. How do they charge you then? Must you use
> a phonebooth?
>  
>  -=Xenon=-


You don't "charge". You buy a pre-paid card for a set amount of money or 
minutes. For example Safeway was selling "certificates" good for 30 
minutes of long distance for $5. Then you dialed the providers number, 
entered your certificate number, then dialed in the number you wanted to 
reach. Much like using MCI 14 years ago. Using a phone booth, would add 
security. I don't know what type of logs would be kept by the provider. 
Obviously if they kept a log with caller id info plus the number dialed 
then they wouldn't be very secure, espicially since the fact that you 
dialed the provider would be recorded. If a pen register was used on 
your line, all the info. dialed in would be recorded, including the final 
destination number. This would of course be true of a wiretap also. Pen 
registers are more common than full scale wiretaps. Use a pay phone, in 
concert with the pre-paid cards for maximum security. But of course, the 
security of the line on the other end is not guaranteed either. Thus, the 
need for non-clipper voice encrption asap.
 

Kirk Sheppard

kshep at netcom.com

______________________________________________________________________________

**************   "It is  Better to Die on Your Feet Than to    **************
            		   Live On Your Knees."
		 		    		          - Emiliano Zapata
______________________________________________________________________________







From sandfort at crl.com  Mon Feb 14 17:21:31 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 14 Feb 94 17:21:31 PST
Subject: Tracking Contacts with Clipper
In-Reply-To: <199402142133.NAA28895@mail.netcom.com>
Message-ID: <Pine.3.87.9402141726.A29570-0100000@crl.crl.com>


C'punks,

On Mon, 14 Feb 1994 qwerty-remailer at netcom.com wrote:

> Sandy wrote,
> "Tim asked about "phone remailers" in one of his recent posts.  Until that
> happens, remember that the anonymous phone cards offered by AT&T and
> Western Union (and others) are almost as good.  This is especially true
> if you "chain" call through two or more different phone cards."
> 
> Please post details of these. How do they charge you then? Must you use
> a phonebooth?
>  
>  -=Xenon=-
> 

What I was discussing are "pre-paid" calling cards.  You can buy Western 
Union cards at any Western Union representative office.  AT&T cards are 
available at AT&T Phone Stores.  Other brands are also available .  I  
recently saw another such card being advertised in the camara section of Pay 
Less Drugs.  I also mentioned another brand (Telekey) in one of my "Norman 
French" articles in MONDO 2000 last year.  Their phone number is (800) 
776-5424.

You buy them with cash.  They each represent a pre-set number of minutes 
in an already established account.

They can be used from any phone, but since you have to call an 800 number 
to use them, some record of your calling number may be captured by ANI 
(Automatic Number Identification) and kept by the card company.


 S a n d y








From hfinney at shell.portal.com  Mon Feb 14 18:01:32 1994
From: hfinney at shell.portal.com (Hal)
Date: Mon, 14 Feb 94 18:01:32 PST
Subject: SCHEME for FULL-SPEC RETURN PATH
Message-ID: <199402150153.RAA11877@jobe.shell.portal.com>


> From: Matthew J Ghio <mg5n+ at andrew.cmu.edu>
> 
> > From: "Jon 'Iain' Boone" <boone at psc.edu>
> > 
> >  To: anon3+"(anon2+"(anon1+"(boone at psc.edu)Ka"@a.edu)Kb"@b.com)Kc"@c.org
> >  From: wcs at anchor.ho.att.com
> >  Message-Id: <99234.AA23492383 at anchor.ho.att.com>
> >
> >  C.ORG:
> >
> >  To: anon2+"(anon1+"(boone at psc.edu)Ka"@a.edu)Kb"@b.com
> >  From: wcs at anchor.ho.att.com
> >  Message-Id: <2342349324.AA2343242 at c.org>
> ...
> 
> Well, I guess great minds think alike.  I'm already working on this. 
> I've been hacking on in my spare time for about a month now.  My program
> is about 75-80% done.  Here's how it will work:
> 
> You send mail to remail+getid at x.edu.

Is this some kind of RFC822 hack?  It doesn't work on my system.  Mail to
hfinney+xyz at shell.portal.com bounces.  Are you assuming some special
mail address processing has been installed by the administrators of the
machines to handle this "+" hack, or is my machine broken in not respecting
it?

Hal





From hfinney at shell.portal.com  Mon Feb 14 18:11:32 1994
From: hfinney at shell.portal.com (Hal)
Date: Mon, 14 Feb 94 18:11:32 PST
Subject: Detweiler abuse again
Message-ID: <199402150209.SAA13346@jobe.shell.portal.com>


I got a lot of complaints today about copies of Tim's old "Blacknet" posting
being sent to inappropriate groups:

>  From paw at coos.dartmouth.edu  Mon Feb 14 09:34:13 1994
>  Date: Mon, 14 Feb 1994 12:31:44 -0500
>  From: paw at coos.dartmouth.edu (Pat Wilson)
>  To: hfinney at shell.portal.com, root at portal.com, postmaster at portal.com
>  Subject: Re: Introduction to Blacknet
>  Newsgroups: comp.sys.sun.admin
>  References: <199402120837.AAA22008 at jobe.shell.portal.com>
>  Status: R
>  
>  In comp.sys.sun.admin you write:
>  
>  >Introduction to BlackNet
>  
>  [etc]
>  
>  I believe that this is an illegal and unethical use of the Net 
>  for commercial purposes (to say nothing of bounds of decency).  
>  This posting lends credence to all sorts of (US) gov't paranoia.
>  Please cease and desist immediately.  
>  
>  Non-anonymously,
>  
>  -- 
>  Pat Wilson
>  Maanger, Academic Unix Systems Group
>  Dartmouth College
>  paw at northstar.dartmouth.edu
>  
>  From mcr at unison.com  Mon Feb 14 10:11:51 1994
>  Date: Mon, 14 Feb 1994 10:11:22 -0800
>  To: hfinney at shell.portal.com
>  From: mcr at unison.com (Michael Riehle)
>  X-Sender: mcr at hal822.unison.com
>  Subject: Introduction to Blacknet
>  Status: R
>  
>  This message appears to be from someone who is offering an illegal service
>  and is certainly not welcome.  I can't tell if this person is serious or if
>  this is just a sick joke.  It certainly isn't appropriate regardless.
>  
>  >Date:         Mon, 14 Feb 1994 00:50:01 +0000
>  >Reply-To: HP-3000 Systems Discussion <HP3000-L at UTCVM.UTC.EDU>
>  >Sender: HP-3000 Systems Discussion <HP3000-L at UTCVM.UTC.EDU>
>  >Comments:     This message is NOT from the person listed in the From line.  It
>  >is from an automated software remailing service operating at that address. 
>  >Please report problem mail to <hfinney at shell.portal.com>.
>  >Comments:     Warning -- original Sender: tag was NETNEWS at AUVM.AMERICAN.EDU
>  >From: nobody <nobody at SHELL.PORTAL.COM>
>  >Subject:      Introduction to Blacknet
>  >To: Multiple recipients of list HP3000-L <HP3000-L at UTCVM.UTC.EDU>
>  >
>  >Introduction to BlackNet
>  >
>  > [...]
>  
>  From kwthomas at nsslsun.nssl.uoknor.edu  Mon Feb 14 12:38:27 1994
>  Date: Mon, 14 Feb 94 14:37:01 CST
>  From: kwthomas at nsslsun.nssl.uoknor.edu (Kevin W. Thomas)
>  To: hfinney at shell.portal.com
>  Subject: Re: Introduction to Blacknet
>  Newsgroups: comp.sys.sun.admin
>  In-Reply-To: <199402120837.AAA22008 at jobe.shell.portal.com>
>  Organization: National Severe Storms Laboratory
>  Cc: root at shell.portal.com, root at jobe.shell.portal.com
>  Status: R
>  
>  In article <199402120837.AAA22008 at jobe.shell.portal.com> you write:
>  >Introduction to BlackNet
>  >
>  >BlackNet is currently building its information inventory. We are interested
>  >in information in the following areas, though any other juicy stuff is
>  >always welcome. "If you think it's valuable, offer it to us first."
>  >
>  >- trade secrets, processes, production methods (esp. in semiconductors)
>  >
>  >BlackNet can make anonymous deposits to the bank account of your choice,
>  >where local banking laws permit, can mail cash directly (you assume the
>  >risk of theft or seizure), or can credit you in "CryptoCredits," the
>  >internal currency of BlackNet (which you then might use to buy _other_
>  >information and have it encrypted to your special public key and posted in
>  >public place).
>  
>  This doesn't belong in "comp.sys.sun.admin", or any other Usenet group.  It's
>  postings like this that give Usenet a bad name.
>  
>  	Kevin W. Thomas
>  	National Severe Storms Laboratory
>  	Norman, Oklahoma
>  
>  From lab at biostat.mc.duke.edu  Mon Feb 14 14:05:15 1994
>  To: hfinney at shell.portal.com
>  Subject: Re: Introduction to Blacknet
>  In-reply-to: nobody at shell.portal.com's message of Mon, 14 Feb 1994 11:32:23 -0800
>  Date: Mon, 14 Feb 1994 17:04:09 -0500
>  From: "Lance A. Brown" <lab at biostat.mc.duke.edu>
>  Status: R
>  
>  What _IS_ this doing in misc.health.diabetes?
>  
>  Thanks,
>    Lance
>  
>  
>  nobody  <nobody at shell.portal.com> writes:
>  > Introduction to BlackNet
>  
>  
>  > Your name has come to our attention. We have reason to believe you may be
>  > interested in the products and services our new organization, BlackNet, has
>  > to offer.
>  > [...]
>  
>  From appel at cea.Berkeley.EDU  Mon Feb 14 14:24:03 1994
>  To: hfinney at shell.portal.com, root at shell.portal.com
>  Subject: Re: Introduction to Blacknet
>  In-reply-to: nobody at shell.portal.com's message of Sat, 12 Feb 1994 03:49:18 -0800
>  Date: Mon, 14 Feb 1994 14:23:06 -0800
>  From: Shannon Appel <appel at cea.Berkeley.EDU>
>  Status: R
>  
>  Please be aware that your anonymous remailer is being abused.  The
>  following inappropriate post was recently sent to a rec.games.frp
>  group.  Please see that this type of thing does not happen again.
>  
>  Shannon
>  --
>  > Introduction to BlackNet
>  > 
>  > 
>  > [...]

I set up a log file for "blacknet" postings, and got this:

> From hal at alumni.cco.caltech.edu  Mon Feb 14 17:46:41 1994
> Received: from nova.unix.portal.com (nova.unix.portal.com [156.151.1.101]) by jobe.shell.portal.com (8.6.4/8.6.4) with ESMTP id RAA11362 for <hfinney at shell.portal.com>; Mon, 14 Feb 1994 17:46:41 -0800
> Received: from punisher.caltech.edu (punisher.cco.caltech.edu [131.215.48.151]) by nova.unix.portal.com (8.6.4/8.6.4-1.13) with ESMTP id RAA03081 for <hfinney at shell.portal.com>; Mon, 14 Feb 1994 17:46:41 -0800
> Received: from alumni.cco.caltech.edu by punisher.caltech.edu with ESMTP 
> 	(8.6.4/DEI:4.41) id RAA14916; Mon, 14 Feb 1994 17:45:46 -0800
> Received: from localhost by alumni.cco.caltech.edu 
> 	(8.6.4/DEI:4.41) id RAA23534; Mon, 14 Feb 1994 17:45:42 -0800
> Received: from handel.cs.colostate.edu by alumni.cco.caltech.edu with SMTP
> 	(8.6.4/DEI:4.41) id RAA23522; Mon, 14 Feb 1994 17:45:34 -0800
> Message-Id: <199402150145.RAA23522 at alumni.cco.caltech.edu>
> Received: by handel.cs.colostate.edu
> 	(1.37.109.4/16.2) id AA28603; Mon, 14 Feb 94 18:45:32 -0700
> Date: Mon, 14 Feb 94 18:45:32 -0700
> From: lawrence detweiler <detweile at CS.ColoState.EDU>
> To: hfinney at shell.portal.com
> request-remailing-to: comp.sys.ti.explorer at news.cs.indiana.edu
> subject: Introduction to Blacknet
> 
> Introduction to BlackNet
> 
> 
> Your name has come to our attention. We have reason to believe you may be
> interested in the products and services our new organization, BlackNet, has
> to offer.
> [...]

It seems Larry is sending this posting to lots of inappropriate groups
using several different mail-to-news gateways.  This is a good way to
get remailers shut down, which may be his ultimate goal.

I call upon remailer operators to block incoming messages from Detweiler's
known aliases.  Thos using the slocal-based "cypherpunks" remailer perl
scripts can add the following lines near the front of their maildelivery
files.

# Filter Detweiler
>From ld231782 at longs.lance.colostate.edu  file  ?  /dev/null
>From 	an12070 at anon.penet.fi  		 file  ?  /dev/null
>From 	detweile			 file  ?  /dev/null

Unless his access to the remailer network is blocked, he will be able to
continue to abuse the system until it gets shut down.

The alternative would be to block my remailer's access to all known
mail-to-news gateways, but I am reluctant to take that step because of
the loss of this ability for those who legitimately need it.  If his abuse
keeps up, though, that may be the only choice left.

Hal Finney
hfinney at shell.portal.com





From mgream at acacia.itd.uts.edu.au  Mon Feb 14 18:21:33 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Mon, 14 Feb 94 18:21:33 PST
Subject: Tracking Contacts with Clipper
In-Reply-To: <Pine.3.87.9402141726.A29570-0100000@crl.crl.com>
Message-ID: <9402150220.AA05108@acacia.itd.uts.EDU.AU>


Earlier, Sandy Sandfort wrote:

> What I was discussing are "pre-paid" calling cards.  You can buy Western 
[..]
> French" articles in MONDO 2000 last year.  Their phone number is (800) 
> 776-5424.

Here in Australia, we have only two telecos (currently in the midst of a
deregulatory process), one is the prer deregulation entity and as such
owns all the payphones across the country. All payphones can accept cards
similar to what you describe, we call them 'phonecards'. You buy your
topped up card at a newsagent or one of many vendors around the place even
machines on railway platforms. 

You mention that an 800 number must be called ? Interesting, ours are
totally different in that respect, for all intents and purposes, the card
is nothing more than a cash subsitute, you push it in the phone instead
of coins, and it deducts credit. These cards are throwaway, credit info is
stored magnetically and a holes are punched to give a visual indication
of credit left. An LCD display on the phone shows your credit when you
put the card in. 

These are true anonymous cash substitutes, of course except that they are 
not accepted as legal tender. On one occasion, I paid a person this way,
using $30 worth of $10 phonecards, not because of any untraceibility 
aspects, but because it happened to be convenient tender for me at the 
time. 

Also! It is possible to store numbers on them, the intended market being
for parents to give kiddies a card with an autodial number (ie. home)
incase of problems. Kiddie pops in card, it automagically dials home. I
don't have any idea as to whether this number is shown on the LCD when
it is dialed. I suspect it is, otherwise I think you can see situations
like the following:

 A: "If you need to contact me, pop in the card, it'll give me a ring"
 B: "But whats your number ?"
 A: "You don't need to worry about that."

Matthew.
-- 
Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
PGPMail and brown paperbags accepted. - Non Servatum -





From baum at newton.apple.com  Mon Feb 14 18:23:52 1994
From: baum at newton.apple.com (Allen J. Baum)
Date: Mon, 14 Feb 94 18:23:52 PST
Subject: Crypto Tech Reports
Message-ID: <9402150217.AA18361@newton.apple.com>



The following technical reports are FTPable at

        ftp.cs.uow.edu.au
        pub/papers

Cheers,

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>|<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Yuliang Zheng                    Email: yuliang at cs.uow.edu.au
Centre for Comp Security Research
Department of Computer Science   Voice: +61 42 21 4331 (office)
University of Wollongong                +61 42 21 3859 (dept)
Wollongong, NSW 2522
AUSTRALIA                        Fax:   +61 42 21 4329
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>|<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<



Preprint No. 94-1
Y. Zheng
``Improved Public Key Cryptosystems
Secure against Chosen Ciphertext Attacks''

ABSTRACT
This note describes an improvement to the first two of the
three public key cryptosystems proposed by Zheng and Seberry,
which are provably secure against chosen ciphertext attacks.
The improvement removes a shortcoming with the original
cryptosystems, which occurs when they are used for both
confidentiality and sender authentication purposes.


Preprint No. 94-2
J. Seberry, X.M. Zhang and Y. Zheng
``Relationships Among Nonlinearity Criteria''

ABSTRACT
An important question in designing cryptographic functions
including substitution boxes (S-boxes) is the relationships
among the various nonlinearity criteria each of which
indicates the strength or weakness of a cryptographic
function against a particular type of cryptanalytic attacks.
In this paper we reveal, for the first time, interesting
connections among the strict avalanche characteristics,
differential characteristics, linear structures and
nonlinearity of quadratic S-boxes.  In addition, we show
that our proof techniques allow us to treat in a unified
fashion all quadratic permutations, regardless of the
underlying construction methods. This greatly simplifies the
proofs for a number of known results on nonlinearity
characteristics of quadratic permutations. As a by-product,
we obtain a negative answer to an open problem regarding
the existence of differentially 2-uniform quadratic
permutations on an even dimensional vector space.

===========================================================================
Newsgroup Co-moderator:  Richard Golding, Hewlett-Packard Laboratories
               compdoc-techreports-request at ftp.cse.ucsc.edu

Be sure to send questions about specific reports to the poster, not to
the newsgroup.

**************************************************
* Allen J. Baum            tel. (408)974-3385    *
* Apple Computer, 20525 Mariani Ave,  MS 305-3B  *
* Cupertino, CA 95014      baum at apple.com        *
**************************************************







From orion at crl.com  Mon Feb 14 19:01:33 1994
From: orion at crl.com (Colin Orion Chandler)
Date: Mon, 14 Feb 94 19:01:33 PST
Subject: Actively Sabotaging Clipper and Capstone?
In-Reply-To: <15722.pfarrell@netcom.com>
Message-ID: <Pine.3.87.9402141803.A28497-0100000@crl2.crl.com>


Hm... it seems to me, that if the government is going to have these keys, 
it won't be too long before they are all posted to the net... considering 
how good the .gov and .mil is at keeping secrets, we shouldn't woory :)

___________________________________________________________________________
|---===================================--|     /\     |  |  \ |_ _\ \  / |
|---Colin Titus Orion Xavier Chandler----|    \\ \    |  | .  |  | >  <  |
|---===================================--|   \ \\ /  \__/ _|\_|___|_/\_\ |
| _____                                  |  / \/ / /		         |
|/\  __ \         __  "What year is it?" | / /   \//\   "If it's not a   | 
|\ \ \/\ \  _ __ /\_\    ___     ___     | \//\   / /	Sun, it's not a  |
| \ \ \ \ \/\`'__\/\ \  / __`\ /' _ `\   |  / / /\ /  	   computer."    |
|  \ \ \_\ \ \ \/ \ \ \/\ \L\ \/\ \/\ \  |   / \\ \  .__          __     |
|   \ \_____\ \_\  \ \_\ \____/\ \_\ \_\ |    \ \\   |_. | | |\ |  -|    |
|    \/_____/\/_/   \/_/\/___/  \/_/\/_/ |     \/    __| I_| | \| __|/160|
+________________________________________+_______________________________+
|  Colin Chandler |"It can only be accountable to *human* error."-HAL9000|
|  (415) 388-8055 | orion at crl.com, wizard @ BayMOO (mud.crl.com 8888)    |
|________________________________________________________________________|

On Mon, 14 Feb 1994, Pat Farrell wrote:

> Tim May posted to cypherpunks:
> 
> 
> > Hey, I've just been told in e-mail that my $200,000 figure for the
> > Clipper keys (a tape or compilation of the ones that are held in
> > escrow) is way too low, probably by two orders of magnitude.
> >
> > Maybe so, as having these keys could mean a lot.
> >
> > But my point is that nearly any such figure will represent an
> > incredible temptation. Such is the risk of any centralized system in
> > which a master key (or set of escrowed keys) unlocks such valuable
> > information.
> 
> 
> This is exactly the same argument that corrupts the PEM certification
> scheme. While hierarachical chains of command are reflexivly the first
> idea in any military or bureaucratic employee, the existance of a
> super-valuable "master certification certificate" that is valuable will
> directly make it extremely valuable. Anything of sufficient value will
> be compromised by someone willing to pay a sufficient value, break a
> kneecap, etc.
> 
> Once a valuable, high level certificate is broken, then all decendant
> certificates are broken. The "web of trust" is the only workable solution.
> 
> Pat
> 
> Pat Farrell      Grad Student                 pfarrell at gmu.edu
> Department of Computer Science    George Mason University, Fairfax, VA
> Public key availble via finger          #include <standard.disclaimer>
> 






From tcmay at netcom.com  Mon Feb 14 19:11:34 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 14 Feb 94 19:11:34 PST
Subject: Detweiler abuse again
In-Reply-To: <199402150209.SAA13346@jobe.shell.portal.com>
Message-ID: <199402150311.TAA29366@mail.netcom.com>



I support Hal's proposal that as many remailer operators as possible
attempt to filter Detweiler's postings. All it will take for Detweiler
to get through is one who doesn't filter, and who supports encryption,
but this will still make it harder for folks like Detweiler to abuse
the system.

Cryptographically speaking, in a sense, there is no such thing as
"abuse." That is, we can't wring our hands and ask the "authorities"
to "do something." That's the old way of looking at things.

The new way is to use filters, to have postage paid mailers (someday),
and to have users do filtering of their own. Filtering those who
"abuse" the systems we have is just part of the "reputation system" we
are pushing for.

A few comments on Hal's posting:

> I got a lot of complaints today about copies of Tim's old "Blacknet" posting
> being sent to inappropriate groups:

Needless to say, it wasn't me who posted this. Ironically, I've never
posted it to Cypherpunks, either. I sent it out to several folks prior
to a nanotech meeting, to make some points about the impossibility of
bottling up the knowledge of how to do nanotechnology (someday), and
apparently one of the recipients sent it through a remailer to
Cypherpunks. From there, it went out to several other lists and
newsgroups.

Life in the age of cyberspace.

...much stuff deleted...

> > Received: from handel.cs.colostate.edu by alumni.cco.caltech.edu with SMTP
> > 	(8.6.4/DEI:4.41) id RAA23522; Mon, 14 Feb 1994 17:45:34 -0800
> > Message-Id: <199402150145.RAA23522 at alumni.cco.caltech.edu>
> > Received: by handel.cs.colostate.edu
> > 	(1.37.109.4/16.2) id AA28603; Mon, 14 Feb 94 18:45:32 -0700
> > Date: Mon, 14 Feb 94 18:45:32 -0700
> > From: lawrence detweiler <detweile at CS.ColoState.EDU>
> > To: hfinney at shell.portal.com
> > request-remailing-to: comp.sys.ti.explorer at news.cs.indiana.edu
> > subject: Introduction to Blacknet
...

> It seems Larry is sending this posting to lots of inappropriate groups
> using several different mail-to-news gateways.  This is a good way to
> get remailers shut down, which may be his ultimate goal.

This certainly seems to be the case. Detweiler is apparently devoting
his entire life to this sort of nonsense. He keeps escalating the
level of attack.

> I call upon remailer operators to block incoming messages from Detweiler's
> known aliases.  Thos using the slocal-based "cypherpunks" remailer perl
> scripts can add the following lines near the front of their maildelivery
> files.
> 
> # Filter Detweiler
> >From ld231782 at longs.lance.colostate.edu  file  ?  /dev/null
> >From 	an12070 at anon.penet.fi  		 file  ?  /dev/null
> >From 	detweile			 file  ?  /dev/null

> Unless his access to the remailer network is blocked, he will be able to
> continue to abuse the system until it gets shut down.

Yes, things are very serious. He'll probably change remailers and will
likely pick other articles from Cypherpunks he thinks will do maximum
damage, either in spreading views the recipients will be shocked by,
or just in using the remailers to mailbomb them and thus increase the
pressure to (somehow) shut the remailers down.

Should we "tone down" our speculations and scenarios? Probably too
late, anyway, as Detweiler already has dozens of controversial posts
he can use...the "Secrets of Stealth" post comes to mind, as well as
many of the calls to arms and proposals for digital money for tax
evasion. In any case, I don't think we should let his abuses stifle
our free discussion of ideas and plans. That would be conceding defeat
and adopting a wimp's outlook. Best that we learn to deal with it in
other ways.

As serious as this is, we knew this kind of concerted attack on the
remailer network was going to happen eventually.

My condolences to Hal and the other operators for having to face this
new threat. Maybe we can learn from it and emerge stronger.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From warlord at MIT.EDU  Mon Feb 14 19:41:33 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 14 Feb 94 19:41:33 PST
Subject: Detweiler abuse again
In-Reply-To: <199402150311.TAA29366@mail.netcom.com>
Message-ID: <9402150338.AA02234@toxicwaste.media.mit.edu>


Tim,

> I support Hal's proposal that as many remailer operators as possible
> attempt to filter Detweiler's postings. All it will take for Detweiler
> to get through is one who doesn't filter, and who supports encryption,
> but this will still make it harder for folks like Detweiler to abuse
> the system.

I disagree.  While I can honestly say that I don't like most Detweiler
posts, I feel that he is showing us the possibility of how remailers
can (and are) being abused.  I think censorship is the wrong answer.
I think there needs to be some accountability, even if it is anonymous
accountability.

"How do we acount for something that's anonymous?" I hear you ask me.
Well, I don't have the answer to that.  Maybe our idea of anonymity is
slightly in error.  Maybe we need something like penet, where you
actually get a return ID, to have some sort of anonymity.  I don't
know 100% for sure that Detweiler is an12070, although I do believe it
is his address.

Although I don't agree with his means, I do feel that once in a while
Detweiler does post something useful.  He does have something to say,
although he has a real backwards way of saying it.  (So backwards that
he causes people to stop listening before he makes his point).

But I feel censorship is *always* the wrong solution, unless it is
done at the end-point.  I.e., I can *choose* not to read posts from
detweiler, or an12070, but that is my choice.  I do not think anyone
has the right to say to me that I *cannot* read his posts.  It should
be my perogative.  Maybe we should change our systems to allow for
anonymous accountability?

Just a thought (or series thereof ;-)

-derek






From hayden at krypton.mankato.msus.edu  Mon Feb 14 19:51:33 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 14 Feb 94 19:51:33 PST
Subject: Detweiler abuse again
In-Reply-To: <199402150311.TAA29366@mail.netcom.com>
Message-ID: <Pine.3.89.9402142105.B24672-0100000@krypton.mankato.msus.edu>


Uh, sorry to ask, but why is he still on cypherpunks if his abuse stems 
from knowledge gained on this list?

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From boone at psc.edu  Mon Feb 14 20:01:34 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Mon, 14 Feb 94 20:01:34 PST
Subject: SCHEME for FULL-SPEC RETURN PATH
In-Reply-To: <199402150153.RAA11877@jobe.shell.portal.com>
Message-ID: <9402150359.AA01529@igi.psc.edu>


-----BEGIN PGP SIGNED MESSAGE-----


Hal <hfinney at shell.portal.com>  writes:
>
> > From: Matthew J Ghio <mg5n+ at andrew.cmu.edu>
> > 
> > You send mail to remail+getid at x.edu.
> 
> Is this some kind of RFC822 hack?  It doesn't work on my system.  Mail to
> hfinney+xyz at shell.portal.com bounces.  Are you assuming some special
> mail address processing has been installed by the administrators of the
> machines to handle this "+" hack, or is my machine broken in not respecting
> it?

 After referencing my copy of RFC 822, it doesn't seem (after a quick glance)
 to allow for user+misc at foo.bar.edu -- I'll have to check more carefully 
 tomorrow.  In any case, I (and I assume Mr. Ghio) was introduced to the "+"
 symantic by the Andrew Message System.  The "+" is used as a delimiter
 for sub-mailboxes for each mail address.  Thus, Mr. Ghio is capable of
 having the mailbox "mg5n+", "mg5n+faq" or "mg5n+biff".  They all get
 delivered to the same person, but Mr. Ghio can set up the "+biff" mailbox
 to re-distribute to all of USENET, after "BIFFing" up the post.  Or he
 can have "+faq" mail back to you the faq you have requested.  You can
 also have it automatically file away (read: kill or not!) your mail 
 based on address.  When I was the comp.os.mach faq maintainer, I had the
 mail to jb3o+mach at andrew.cmu.edu go to a special mailbox which I read
 only comp.os.mach faq mail from.  The Filtering Language for Andrew
 MEssage System (FLAMES) is a lisp-like language which allows you (the user)
 to write various macros for mail-refiling.

 In any case, it does require some hacking to your SMTP server to get it
 to accept user+misc at domain style mail.  (Basically, a rule which recognizes
 the string "user" as the mailbox to deliver to, ignoring the "+misc" part.)
 Once it does accept it, then your user agent can deal with what to do with
 the "+misc" part.  Of course, the precludes the remailers from running on
 machines which the remailer operator does not have root on (or it requries
 us to use something other than port 25 for running our servers...).  But,
 in order to maintain the integrity of the log files (by insuring that there
 are not any), a remailer operator needs to have root permissions anyhow...

 By the way, Matthew, please drop me a copy of the source code... I've
 made /afs/andrew.cmu.edu/usr/jb3o/remailer readable and writable by you.

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWAefISAMUrxt1aZAQHAvQP/T9/38Hr17EaatvaJ6ZV/tLTYgra0Hwcs
MmI6A++JvcWyaVvvI8j2ZbOSUYTlKSax6TrCwixNf0RzKodxHBAh3Fyi0yWIpN0s
Xvka2O24eBfF/23GkcKxjxGohug4UlkfaASrDk40bZV7EgXjJ5bfTB0ze2Z/KTGR
+2jrV0yzZPs=
=4E22
-----END PGP SIGNATURE-----
#





From hayden at krypton.mankato.msus.edu  Mon Feb 14 20:31:36 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 14 Feb 94 20:31:36 PST
Subject: oops
Message-ID: <Pine.3.89.9402142216.B25912-0100000@krypton.mankato.msus.edu>


Ok, sorry.  Didn't know that L.D. wasn't on the list any more :-)

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From tcmay at netcom.com  Mon Feb 14 21:01:33 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 14 Feb 94 21:01:33 PST
Subject: Detweiler abuse again
In-Reply-To: <Pine.3.89.9402142105.B24672-0100000@krypton.mankato.msus.edu>
Message-ID: <199402150501.VAA15215@mail.netcom.com>



> Uh, sorry to ask, but why is he still on cypherpunks if his abuse stems 
> from knowledge gained on this list?
> 
> ____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu

First, the BlackNet piece dates from last fall, when Det was still on
the list (he asked to be removed in November or thereabouts).

Second, he may be subscribed under one of several aliases. I think
not, though.

Third, apparently someone is forwarding to him some or all of the
posts. Probably just some, would be my guess.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From hughes at ah.com  Mon Feb 14 21:04:45 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 14 Feb 94 21:04:45 PST
Subject: Detweiler abuse again
Message-ID: <9402150456.AA21040@ah.com>


My maxim for cases like Hal's monitoring of his remailer:

	Strengthen all parties.

Therefore, we have two problems to solve.  The user of the remailer
got his anonymity blown, and the usenet groups got abused.

A. User anonymity

It has become very clear to me that the opponent model of universal
network monitoring is not the first model that we should be deploying
for.  This is the worst case, and the worst case is the hardest to
solve.  

The opponent here was logging by the service provider, and the
technique was logging.  We should ensure that we can defend against
this opponent and this technique.

Any email-based entry point into an anonymous messaging system will
contain an identity-based address.  Yet an IP-based entry point will
only reveal the host.  The lesson:

	Remailers ought to run server daemons.

This has the happy side-effect of removing default email logging.  It
also will allow for IP forwarders to have some reason for use and
development.

B. usenet abuse

The automatic broadcast property of Usenet is profoundly broken for
the long run, since there is no upper bound on the amount of resources
required.  More immediately, this property also requires a 100%
completely distributed salience filter in all the posters for
newsgroup topicality to hold, that is, everybody has to stay on topic,
no exceptions.  Please.

The feedback mechanism of bitching and moaning to sysadmins does not
scale, however, especially when nodes spring up dedicated to
technologically-enforced freedom of speech, nodes which completely
ignore any particularities of content.

In the long run, Usenet will have to move to some method of
distributed moderation before widespread distribution.  Since salience
is determined by humans, humans will have to read messages before
transmission.  The scale of distribution may be wide.  One path of
development in support of remailers, therefore, has nothing to do with
remailers as such but rather with the re-creation of the public forum
which is suitable for anonymity.

In the short run, anonymous mail should not be posted to newsgroups by
parties unwilling to take the heat, both external flames and internal
guilt.  The operators of remailers who don't wish this should acquire
lists of known mail-to-news gateways and then filter.  The rest of the
operators may wish to install their own gateways in the remailer as
Eric Hollander has done.

Eric





From tcmay at netcom.com  Mon Feb 14 21:07:31 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 14 Feb 94 21:07:31 PST
Subject: Detweiler abuse again
In-Reply-To: <9402150338.AA02234@toxicwaste.media.mit.edu>
Message-ID: <199402150457.UAA14579@mail.netcom.com>


Derek Atkins writes:

> I disagree.  While I can honestly say that I don't like most Detweiler
> posts, I feel that he is showing us the possibility of how remailers
> can (and are) being abused.  I think censorship is the wrong answer.
> I think there needs to be some accountability, even if it is anonymous
> accountability.

It's really not censorship for Hal or any other remailer operator to
say _his_ machines, accounts, reputation, etc., will be used to mail
death threats to whitehouse.gov, for example, or mailbombs to
newsgroups and mailing lists.

(I'll concede that I sometimes use the word "censorship" in this same
sense Derek was using it, as in "Apple is censoring its employees." I
suppose we need a word for this sense, the non-government censorship
sense.)

But semantics aside, "there ain't no such thing as a free lunch," and
part of the evolutionary development of remailers and anonymous
systems will include various "non-ideal" intermediate stages. Until we
have digital postage, for example, the recipient of Detweiler's
mailbombs has to pay for them. This is a contributing factor that
points to the need to filter at the input to the remailer.

(Note that this filtering is not happening at Detweiler's machine, or
with armed goons going to his house to stop him, etc.)

In Chaum's DC-Net, "disruption" is the problem he devotes most of his
attention to. Not the basic idea, which is explicated in the first few
pages of the paper ("The Dining Cryptographers Problem," Journal of
Cryptology, Vol 1 No 1, 1988), but the implications of a malicious
disruptor intent on shutting the DC-Net down.

What we have in Detweiler is just the first instance of such a
disruptor in our (limited) version of a DC-Net.

With all due respect to my colleague Derek, with whom I agree in many
ways, saying we don't believe in censorship is not an answer.

Derek's further comments about some kind of receipt that comes
back....I'll have to think about that further. My hunch is that that
may break the total anonymity (that we strive for as a principle) and
should be avoided. I'd recommend we all go back and look at the
DC-Nets paper. This paper, by the way, was scanned in and OCRed by the
"Information Liberation Front" (another one of Detweiler's faves) and
is available, last time I checked, in the Cypherpunks archives at
soda.berkeley.edu.

> But I feel censorship is *always* the wrong solution, unless it is
> done at the end-point.  I.e., I can *choose* not to read posts from
> detweiler, or an12070, but that is my choice.  I do not think anyone
> has the right to say to me that I *cannot* read his posts.  It should
> be my perogative.  Maybe we should change our systems to allow for
> anonymous accountability?

Yes, but Hal has not obligation to accept messages from known
disruptors, any more than you have an obligation to "never censor"
people by keeping them out of your house.

Long term, users will have to learn ot have "positive reputation"
filters, or to hire their own screeners or moderators, but in the
short term, Detweiler's mail bombing of dozens of lists with posts
about Nazis, BlackNet, kiddie porn (I predict this next), and tax
evasion will almost certainly result in most of all of the remailers
being shut down by legal pressures.

No simple solutions.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From phantom at u.washington.edu  Mon Feb 14 22:01:32 1994
From: phantom at u.washington.edu (Matt Thomlinson)
Date: Mon, 14 Feb 94 22:01:32 PST
Subject: I've got the big bro inside postscript
Message-ID: <Pine.3.89.9402142100.A10706-0100000@stein2.u.washington.edu>


send me mail if you'd like a copy; I assume it'll be up on the cpsr.org 
ftp site soon, but.. 

I hadn't previously released it, but I just made a dump from the .cdr 
file... 


mt

(it is around 60k .ps, 28k .ps.Z).

Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu






From qwerty-remailer at netcom.com  Mon Feb 14 22:03:30 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Mon, 14 Feb 94 22:03:30 PST
Subject: Detweiler abuse again
Message-ID: <199402150601.WAA20328@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Eric, could you repeat that in English, after those drugs wear off ;-)?

>maxim, Strengthen all parties, opponent model of universal network
>monitoring, identity-based, IP-based entry point, server daemons,
>reason for use and development, profoundly broken for the long run,
>100% completely distributed salience filter, newsgroup topicality,
>everybody has to stay on topic, no exceptions.  Please.

No offense dude, honestly, you obviously are thinking on a great
scale, very fast, but could you recapitulate your ideas in the morning
so the rest of us can understand what you are trying to say?

 -=Xenon=-



-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWAeKQSzG6zrQn1RAQHyjwP9F9GYwLQWvjs+Phd0kOsYQseCFjeH/jLj
jbQNSLrpOnCm1+jL1hc8Ewv837Bvz/VDcc6Aw/exnemX/8SUw7sZ4V1by7tsKYc+
W2TZTWV0wmfSGyEmrZJrDXUc1issXwKbEgqPoAEbidLbu4ZuqJEbeciaPFb7R7h5
iIjE/3JlDM4=
=loKk
-----END PGP SIGNATURE-----





From hughes at ah.com  Mon Feb 14 22:11:34 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 14 Feb 94 22:11:34 PST
Subject: ADMIN: mail loop fixed
In-Reply-To: <Pine.3.87.9402141803.A28497-0100000@crl2.crl.com>
Message-ID: <9402150604.AA21304@ah.com>


You may have received a few copies of the post in the In-reply-to:
field above.  I've removed the apparent cause of the mail loop.  Not
to worry.

Eric





From tcmay at netcom.com  Mon Feb 14 22:51:33 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 14 Feb 94 22:51:33 PST
Subject: Detweiler abuse again
In-Reply-To: <199402150457.UAA14579@mail.netcom.com>
Message-ID: <199402150646.WAA27923@mail.netcom.com>


I wrote:

> It's really not censorship for Hal or any other remailer operator to
> say _his_ machines, accounts, reputation, etc., will be used to mail
                                                      ^ not 
> death threats to whitehouse.gov, for example, or mailbombs to
> newsgroups and mailing lists.

I meant of course "will not be used."

This mental slip of leaving out a "not," especially when I mean it
vehemently ("will NOT be used"), has happened to me several times on
this list and on Extropians. Normally I don't correct minor spellung
errurs, but in this case this could be misinterpreted with disastrous
effects (by someone wishing to do so).

Sorry for the bandwidth.

--Tim May




From barrett at daisy.ee.und.ac.za  Mon Feb 14 22:53:25 1994
From: barrett at daisy.ee.und.ac.za (Alan Barrett)
Date: Mon, 14 Feb 94 22:53:25 PST
Subject: SCHEME for FULL-SPEC RETURN PATH
In-Reply-To: <9402150359.AA01529@igi.psc.edu>
Message-ID: <Pine.3.89.9402150840.A21653-0100000@daisy.ee.und.ac.za>


On Mon, 14 Feb 1994, Jon 'Iain' Boone wrote:
>  After referencing my copy of RFC 822, it doesn't seem (after a
>  quick glance) to allow for user+misc at foo.bar.edu

RFC 822 says nothing about the interpretation of the "local-part" of an
address.  (Actually, it says "The local-part [...] is understood to be
whatever the receiving mail protocol server allows.")  RFC 822 also says
that the "+" character is permitted to appear within an unquoted "atom" as
part of an address.  In other words, RFC 822 allows addresses of the form
user+misc at domain (with some restrictions on the form of the "user+misc"
string), but says nothing about how they should be interpreted. 

It is currently fashionable to treat mail to "user+misc at domain" similarly
to mail to "user at domain", with the "misc" string being somehow made
available for extra interpretation by the delivery software; but there is
no Internet standard for this. 

--apb (Alan Barrett)






From tytso at ATHENA.MIT.EDU  Mon Feb 14 23:01:33 1994
From: tytso at ATHENA.MIT.EDU (Theodore Ts'o)
Date: Mon, 14 Feb 94 23:01:33 PST
Subject: Detweiler abuse again
In-Reply-To: <9402150456.AA21040@ah.com>
Message-ID: <9402150656.AA28719@tsx-11.MIT.EDU>


   Date: Mon, 14 Feb 94 20:56:31 -0800
   From: hughes at ah.com (Eric Hughes)

   B. usenet abuse

   The automatic broadcast property of Usenet is profoundly broken for
   the long run, since there is no upper bound on the amount of resources
   required.  More immediately, this property also requires a 100%
   completely distributed salience filter in all the posters for
   newsgroup topicality to hold, that is, everybody has to stay on topic,
   no exceptions.  Please.

I've tried this argument before, but people weren't willing to believe
it back then.  Maybe people will listen now.  Reread the above paragraph,
and then read the following:

"This practice of people wandering about outside without bullet-proof
vests is profoundly broken for the long run.  This property also
requires a 100% completely distributed responsibility of citizens not to
go on a shooting spree."

Yes, computer systems should be made more secure.  I am quite sure that
Usenet will never be made secure; it is much more likely that someone
will create a new, better system which might eventually replace Usenet,
but the fundamental model of Usenet requires its insecurities, and
that's not going to change without massive, global software upgrades all
over the Usenet.  That's not going to happen any time soon.  In the
meantime, there's a certain thing known as community responsibility,
which rabid individualists may or may not choose to recognize.

   In the long run, Usenet will have to move to some method of
   distributed moderation before widespread distribution.  Since salience
   is determined by humans, humans will have to read messages before
   transmission.  The scale of distribution may be wide.  One path of
   development in support of remailers, therefore, has nothing to do with
   remailers as such but rather with the re-creation of the public forum
   which is suitable for anonymity.

In the long run, someone will have to come up with a replacement for
Usenet, that's actually *secure*.  And while they're at it, they can fix
some other long-standing deficiencies with Usenet, as well.

   In the short run, anonymous mail should not be posted to newsgroups by
   parties unwilling to take the heat, both external flames and internal
   guilt.  The operators of remailers who don't wish this should acquire
   lists of known mail-to-news gateways and then filter.  The rest of the
   operators may wish to install their own gateways in the remailer as
   Eric Hollander has done.

In the short run, there's such a thing as net.responsibility (for those
remailer operators capable of feeling internal guilt on this issue).
And if that's not enough, there's the kiddy porn issue --- that's
probably the easiest way to shut a remailer down.  

Heck, you don't even need to involve the Usenet.  Just simply send a
uuencoded GIF file containing kiddy porn through a remailer chain, and
point it at president at whitehouse.gov.  Then sit back and wait for the
last remailer in the chain to receive a visit from the secret service
agents....

Lance is, unfortunately, pointing out some huge, gaping holes in the
current architecture of the Cypherpunks remailers.  It would be good if
they were fixed ASAP.

						- Ted





From warlord at MIT.EDU  Mon Feb 14 23:21:33 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 14 Feb 94 23:21:33 PST
Subject: Models of Anonymity (was Re: Detweiler abuse again)
In-Reply-To: <199402150457.UAA14579@mail.netcom.com>
Message-ID: <9402150715.AA02994@toxicwaste.media.mit.edu>


> Derek's further comments about some kind of receipt that comes
> back....I'll have to think about that further. My hunch is that that
> may break the total anonymity (that we strive for as a principle) and
> should be avoided. I'd recommend we all go back and look at the

I'm not sure that I really meant to have a receipt, more or a
return-path.  Maybe even a cryptographiccally secure return path.  I
think a question is: who are we protecting against?  Are we protecting
against the remailer operators?  Or are we trying to protect from a
third party?

I think we should go back and re-examine our goals for anonymity.

> Yes, but Hal has not obligation to accept messages from known
> disruptors, any more than you have an obligation to "never censor"
> people by keeping them out of your house.

To me, this is like NEARNet saying that they have no obligation to
accept packets from a known disruptive user.  No, I don't believe that
that is the answer.  Then again, I don't think that a remailer should
run out of an account, but rather on a machine, but that's a different
story.  I consider a remailer a service, and as such, the service
should be available to all comers.  (With digital postage this
paradigm makes much more sense).  I do not think of it like a home.

I also agree that positive reputation is important, but I think that
is much more difficult to implement than a more secure anonymous
system.

To reiterate: I do think that something needs to be done, but I think
we should analyze what we are trying to accomplish rather than rushing
off and saying "just don't service this abusive customer".

-derek





From rcain at netcom.com  Mon Feb 14 23:41:33 1994
From: rcain at netcom.com (Robert Cain)
Date: Mon, 14 Feb 94 23:41:33 PST
Subject: PGP
In-Reply-To: <199402121811.KAA02105@mail.netcom.com>
Message-ID: <199402150738.XAA23905@netcom9.netcom.com>


It has been said:
> 
> Could someone EMAIL me where I could get a copy of PGP for my Netcom
> account?  Thanks.  

I would like to emphasize that it is useless and a jeopardy to those
who communicate with anyone on a public connect service such as Netcom
using PGP.  The *only* way that PGP can be used effectively is to run
it on a local computing resource like a PC that is *not* directly
connected to the net.  It is irresponsible to use it otherwise.

I don't mean to flame.  The danger and futility of using PGP on a
multi-user, networked system seems non-obvious to a lot of folks.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From qwerty at netcom.com  Tue Feb 15 00:01:35 1994
From: qwerty at netcom.com (Xenon)
Date: Tue, 15 Feb 94 00:01:35 PST
Subject: Detweiler remailer abuse
Message-ID: <199402150754.XAA05159@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

I can't take life seriously enough to censor old Larry.
I can't take the IDEAL of the First Amendment lightly
enough to do so either. And afterall, he wasn't the
one who wrote that "Blacknet" blurb. I find it amusing
to see uptight fuck-wads from specialized narrow minded
Usenet groups yelling about someone sending something to
their precious little group that upset them. Abuse away
Larry. Show us that we really DO need dumb optical fibers
between laptops instead of this tight-assed RFC standardized
World Wide Wiretap we call our playground. We need a new
net guys.

 -=Xenon=- <qwerty at netcom.com>


-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWA4nQSzG6zrQn1RAQE1ygQAhOXiq/M11xIMNHxfdQUjgC+qBtWVx6IL
WklpjXroNgb2mc4Xjqh2i/Pw4PZ39ecZYsdeIs7BViWw3FuAE+GAvqCAL8+tI5Hv
Il5NxyNj/k8NqRhZY9YjWv7zzFZ9VKl1ifj4/eScEKcF6ZkbyaCrUAVJTXkJlcyx
nTRfsFFYFLA=
=Fbyt
-----END PGP SIGNATURE-----





From warlord at MIT.EDU  Tue Feb 15 00:03:53 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 15 Feb 94 00:03:53 PST
Subject: PGP
In-Reply-To: <199402150738.XAA23905@netcom9.netcom.com>
Message-ID: <9402150759.AA03108@toxicwaste.media.mit.edu>


I think that, if you are careful, you can safely use PGP on a
networked, single-user machine.  For example, I use PGP on Athena, a
networked series of UNIX machines.  I trust the binary, since I built
it myself, and since there is no one else on my machine when I use
PGP, I am sure that no one is getting my passphrase.  As for my secret
key, well, it is in a facist AFS directory, which isn't close to being
as secure as a floppy, but it means that not anyone can just get it.

Do I feel safe?  Yes.  Would I recommend others here do as I do?  Yes.
Would I recommend people at other sites do as I do?  Depends on the
site.  Netcom?  No.

Just my $.02

-derek







From rcain at netcom.com  Tue Feb 15 00:21:35 1994
From: rcain at netcom.com (Robert Cain)
Date: Tue, 15 Feb 94 00:21:35 PST
Subject: The Clipper connection
In-Reply-To: <9402121746.1.14231@cup.portal.com>
Message-ID: <199402150821.AAA28425@netcom9.netcom.com>


hkhenson at cup.portal.com sez:
> 
>     "We need to implement this encryption method so as to avoid 
> problems we think may be coming.  Trust us!  We promise not to abuse 
> your privacy."  [except for the following--expandable--list of 
> reasons.] 

What if they need it to contain problems at hand, not just coming?
Many in this community kneejerk into "they are wrong" or "they are bad"
without regard to consideration of circumstance.  If you grew up with
the good guys that had a *lot* of power in the face of the bad guys
that had a *lot* of power you might not dismiss the kind of
considerations that were left behind by all that.  I actually remember
and understand why privacy went by the wayside as a very pragmatic
consequence of a battle that was being fought, perhaps in the
imaginations of the adversaries, but with the real potential of no
chance of a defense.

That power and ability over privacy was and is still being abused,
however, by people and agencies with a much more equivocal reason and
right to do so.  I don't think that because of those idiots I want us
to rebound into another form of idiocy quite yet.  Again, I really
dunno but I have a lot of things I want to consider besides rebelion
for its own sake against many abuses of a possibly requisite power.

If this administration has the perspicacity that it has appeared to
have so far then it *must* consider whether the reckless use of means
to shave us of any and all privacy that it has shown is in its best
interest.  The consequence of continued abuse of that power will
ultimately result in their loss of it.  Hell, it is penultimate now.

You should not be fighting the clipper to my thinking.  It need never
carry anything more than occasional public keys or disguise the use of
a better crypdec to work to the ends that folks in this group want.
Think about what clipper can *do* for you rather than what it
prevents.  I am sure somebody up there is aware of this conundrum.
It concerns me.

> 
>     Unlike some in this debate, I do not doubt the sincerity of 
> Dorothy Denning or others like her.  And I would have a lot fewer 
> problems with Clipper/Capstone proposal if the people who will be 
> granting access to the keys and those with legal access to the keys 
> were of Dorothy's caliber. 

I absolutely agree.  It has been her voice, sometimes off key, and only
recently hysterical that has kept me within thinking distance of the
problems that could arise.


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From pierre at shell.portal.com  Tue Feb 15 00:24:18 1994
From: pierre at shell.portal.com (Pierre Uszynski)
Date: Tue, 15 Feb 94 00:24:18 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <199402150820.AAA14231@jobe.shell.portal.com>



Sandy writes:

> I want to know what the
> people on this list intend to do with cryptography in the "real
> world."

I want to move many of the transactions I do today via snail
mail, credit cards, and cash, to electronic medium. Receive bills
in email (authenticated and encrypted), pay them in email
(e-checks) on a digital bank. Receive statements from the bank
in email (authenticated and encrypted). Track the complete
transaction in the same medium, mostly automatically, via
my email agent.

In what can be done now, the systems are disparate, ad-hoc,
non-integrated, insecure, expensive,
incompatible, etc... in short: junk. And none of the existing
systems apply to transactions between individuals. I want
transactions between individuals to become practical.

I want a complete and usable electronic commerce setup usable
not only between me and utilities (phone, electricity, internet),
but between me and most other entities (employer pay and expense
refunds, rent, other individuals), including across borders,
of course.

Not only do I want it "integrated" and "open" so I can use it
with whoever I damn well please, but I want it light-weight,
so payments in pennies become routinely feasible. Efficient
payments in pennies allow stuff like routine digital postage,
and routine remuneration of authors "as I read", as in shareware
books, magazines, and newsgroup postings.

I strongly disagree with people who lightly dismiss what they
call "digital postage". I think that allowing for digital pennies
as part of a general digital payment system would open the
door to many useful applications in, yes, pay-per-use ftp, and
generally individual pay-per-use access to databases.

But both PGP and e-momey won't work until people's mailers
and newsreaders allow them to use them easily (that is, until
people quit getting stuck with Microsoft's stuff). Even the
Unix mailers and newsreaders are not getting updated anywhere
quickly enough. That means the first commercial
crypto-applications may have to provide the hooks themselves,
or rely on what others like General Magic are doing.

A pointer to how far we are is that many people still get
spooked by 50 messages a day list traffic, and desperatly try
to  unsubscribe quickly. This means they don't even have a mail
preprocessor (procmail, deliver, etc...)

A pointer to how close we are is that 3 years ago, this
discussion would not even take place, and these pre-processors
did not exist yet. Also that people are now opening commercial
MUDs.

BTW, none of the applications I'm interested in would require
IP-level transactions, all would work fine with email-level
transactions. That's good, because little of the windows
market is going to get IP connectivity anytime soon, whereas
most will get email and fax connectivity.

The stuff that is being done now is in the right direction,
but frankly, it's still too fragmented and impractical to see
much use (and that's why I'm not bothering to sign this
message). Anonymous posting is the only "application" that
sees much use, and even then, I guess it's not fully
understood by many users (na vs an, "identity leak", etc...)

Pierre Uszynski,
pierre at shell.portal.com





From arif at stat.fsu.edu  Tue Feb 15 05:11:42 1994
From: arif at stat.fsu.edu (arif at stat.fsu.edu)
Date: Tue, 15 Feb 94 05:11:42 PST
Subject: Hardware Random Numbers
Message-ID: <9402151300.AA10879@stat.fsu.edu>


I am looking for a source for Harware Random Numbers
for a PC. I would like it to be a simple plug-in, but
need it to be fast (at least 100K, preferrable 1 Meg
bytes/sec), and good (in randomness properties).

Any FAQ, pointers, adresses, phone-numbers, e-mail
addresses, etc... would be apreciated.





From mnemonic at eff.org  Tue Feb 15 06:31:42 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 15 Feb 94 06:31:42 PST
Subject: Clipper and Traffic Analysis
Message-ID: <199402151428.JAA29394@eff.org>



Does anyone here have any thoughts as to whether Clipper enables traffic
analysis or tracing more easy than it normally is under Switching System
7? The reason I ask is, I have this sense that one reason the government
likes Clipper is that the Law Enforcement Access Field enables agents
to draw inferences about who's talking to whom and what they're saying,
even without decrypting the actual communications.

What do you think?


--Mike







From hughes at ah.com  Tue Feb 15 07:11:42 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 07:11:42 PST
Subject: Clipper and Traffic Analysis
In-Reply-To: <199402151428.JAA29394@eff.org>
Message-ID: <9402151458.AA22074@ah.com>


>Does anyone here have any thoughts as to whether Clipper enables traffic
>analysis or tracing more easy than it normally is under Switching System
>7? 

SS7 uses out-of-band signalling.  The clipper LEAF is an in-band
signal.  Therefore a tap for clipper yields two kinds of information,
content and identities.

Tapping an SS7 signalling network is more expensive and more difficult
to justify.  More expensive because it runs packet-switched, more
difficult because it's not the conversation of any particular party
except the phone company.

Eric






From hughes at ah.com  Tue Feb 15 07:15:55 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 07:15:55 PST
Subject: PGP
In-Reply-To: <199402150738.XAA23905@netcom9.netcom.com>
Message-ID: <9402151507.AA22084@ah.com>


A simple question:

>> Could someone EMAIL me where I could get a copy of PGP for my Netcom
>> account?  Thanks.  

An answer:

>I would like to emphasize that it is useless and a jeopardy to those
>who communicate with anyone on a public connect service such as Netcom
>using PGP.

Another rule of thumb I have:

	Never force someone to act in their own best interest.

How do you know what the best interests of someone else are?  How do
you know when they change?  Calling PGP on netcom "useless" is blind
foolishness.  Using PGP on netcom does not protect against netcom
administration or netcom access hackers, fine.  That does not make it
useless.

Did you ask who the correspondent was?  Perhaps the protection is
against a sysadmin on the _other_ end of the conversation.  Did you
ask if security is really needed?  Perhaps the person wishes to
practice and to integrate PGP into their software system.

Any potential "jeapordy" is contingent upon something bad happening as
a result of revelation on the netcom end.  This situation is not
always true, and likely not usually true.

>I don't mean to flame.  The danger and futility of using PGP on a
>multi-user, networked system seems non-obvious to a lot of folks.

You may not mean to flame, but you were indeed flaming:

	useless, jeapordy, danger, futility

Not one of these words is justified without more information about the
PGP user and their situation.

There are certainly risks involved in the stated use of PGP.
Sometimes these risks constitute a barrier to prudent use, sometimes
they do not.

Eric





From dmandl at lehman.com  Tue Feb 15 07:19:55 1994
From: dmandl at lehman.com (David Mandl)
Date: Tue, 15 Feb 94 07:19:55 PST
Subject: Detweiler abuse again
Message-ID: <9402151501.AA12220@disvnm2.lehman.com>


> From: Derek Atkins <warlord at mit.edu>
> 
> tcmay said:
> 
> > I support Hal's proposal that as many remailer operators as possible
> > attempt to filter Detweiler's postings. All it will take for Detweiler
> > to get through is one who doesn't filter, and who supports encryption,
> > but this will still make it harder for folks like Detweiler to abuse
> > the system.
> 
> I disagree.  While I can honestly say that I don't like most Detweiler
> posts, I feel that he is showing us the possibility of how remailers
> can (and are) being abused.  I think censorship is the wrong answer.
> I think there needs to be some accountability, even if it is anonymous
> accountability.

I disagree that this is censorship.  This is an issue that comes up
again and again in anarchist circles.  Censorship is understandably
a thorny issue, especially among anti-authoritarians.  However, I'm
certain that this isn't it.  Anarchy is all about decentralization (I'm
trying to give a definition that all the different types of @'s on this
list can agree with).  When some central authority like the state tells
you you can't publish something or say something in public, that's
censorship.  When I as a small publisher say "You're a Nazi, and I'm not
going to publish your stuff" (something like this came up with a book I
recently edited), that's me telling you that I'm not going to let you
use my resources to print your shit.  In a free, decentralized "economy"
people get to decide how they want to make use of their own facilities.

We are not obligated to let any lunatic in the world use the network that
we've painstakingly set up and nurtured to trash that network or smear
our names.  We can argue among ourselves about policies, etc., but I
don't think we need to show how anti-authoritarian we are by putting out
a welcome mat for saboteurs, provocateurs, or whoever.

All in all, I think people have been pretty tolerant of LD.

   --Dave.





From pmetzger at lehman.com  Tue Feb 15 07:41:43 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 15 Feb 94 07:41:43 PST
Subject: Detweiler abuse again
In-Reply-To: <9402150338.AA02234@toxicwaste.media.mit.edu>
Message-ID: <9402151537.AA25046@andria.lehman.com>



Derek Atkins says:
> I disagree.  While I can honestly say that I don't like most Detweiler
> posts, I feel that he is showing us the possibility of how remailers
> can (and are) being abused.

One reasonable solution to abuse is to block the use of remailers by
potential abusers. Julf does this with his system. Remember this is
distinct from censorship -- you are not telling someone "you can't use
any system", you are telling them "you can't use my hardware to do
what you want; find someone else's hardware".

Perry





From hughes at ah.com  Tue Feb 15 07:51:42 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 07:51:42 PST
Subject: Detweiler abuse again
In-Reply-To: <9402150656.AA28719@tsx-11.MIT.EDU>
Message-ID: <9402151547.AA22138@ah.com>


It's February, and time for the Second Annual Hughes v. Ts'o "Imminent
Death of Usenet Predicted" Debate.

For those of you not around this time last year (that's most of you),
Ted and I did this already.

>"This practice of people wandering about outside without bullet-proof
>vests is profoundly broken for the long run.  This property also
>requires a 100% completely distributed responsibility of citizens not to
>go on a shooting spree."

I could take this analogy seriously if I thought that posting
off-topic to usenet were as serious as death.

Let's try equating speech to speech, OK?

How about the disruptive homeless barging into conversations on the
street?  They are, like it or not, already anonymous insofar as many
social relationships go.  One can't really shun them as a technique of
peer pressure, that's adding one insult to, well, years of insult.

If the street were usenet, there would be no way to escape the
disruption.  Usenet is completely open to all who wish to speak, with
no exceptions.  In the end, if complaining doesn't work, there is no
recourse but to leave usenet.

Cypherpunks is a mailing list.

>In the
>meantime, there's a certain thing known as community responsibility,
>which rabid individualists may or may not choose to recognize.

[...]

>In the short run, there's such a thing as net.responsibility (for those
>remailer operators capable of feeling internal guilt on this issue).

A summary: I advised that only those should post who can to take the
heat.  One barrier to that is feeling guilt.

Ted is trying to instill guilt.  The reference to "rabid
individualists" is an implicit threat of societal rejection of a
madman embodied as a free speaker.  And "net.responsibility" refers to
whatever guilt you already have.  Ted says "there's such a thing" to
those who do not perceive it in themselves, and who may let the act of
looking for it become the act of creating it.

Let me be clear.  I think that instilling guilt sucks.  I don't want
it around me.

I desire the public forum.  I desire anonymous speech.  I desire
pseudonymous persons.  Usenet does not allow these simultaneously,
therefore it is broken for me.  Therefore I desire usenet as it is
constituted now to die, and as much as I desire that, I also desire a
new public forum to exist.

Questions of timing therefore resolve into questions of tactics.  We
are making sure that anonymity is part of usenet; that will break it
sooner or later.

>Lance is, unfortunately, pointing out some huge, gaping holes in the
>current architecture of the Cypherpunks remailers.  It would be good if
>they were fixed ASAP.

Unfortunately??

LD is out *best adman*.

The holes are not in anonymity, but in the forum.  We should be fixing
the forum to allow technologically-strengthened anonymity.

Eric





From hughes at ah.com  Tue Feb 15 08:01:43 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 08:01:43 PST
Subject: Detweiler abuse again
In-Reply-To: <9402150656.AA28719@tsx-11.MIT.EDU>
Message-ID: <9402151550.AA22142@ah.com>


>  Just simply send a uuencoded GIF file containing kiddy porn through
>a remailer chain, and point it at president at whitehouse.gov.  Then sit
>back and wait for the last remailer in the chain to receive a visit
>from the secret service agents....

In analogy with the way that these prosecutions are working now,
they'd be arresting the president and not arresting the equivalent to
the post office.

Eric





From pmetzger at lehman.com  Tue Feb 15 08:06:06 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 15 Feb 94 08:06:06 PST
Subject: Detweiler remailer abuse
In-Reply-To: <199402150754.XAA05159@mail.netcom.com>
Message-ID: <9402151554.AA25099@andria.lehman.com>



Xenon says:
> I can't take life seriously enough to censor old Larry.
> I can't take the IDEAL of the First Amendment lightly
> enough to do so either.

The first amendment says nothing about private individuals -- its
about the government. It says that the GOVERNMENT can't stop people
from speaking. Tell me, if Larry wanted to stand next to your bed and
shout all night long, would you let him in in order to uphold the
"first amendment"?

Individuals may choose how they wish to let their resources be used.
In your case, you may decide that you don't want to deal with Larry
using your equipment in an effort to destroy you. After all, you may
be the guy who gets jailed on kiddy-porn charges because Larry decides
to target YOU first. He isn't a responsible net.citizen, and he
doesn't deserve to be treated that way.

Perry





From mnemonic at eff.org  Tue Feb 15 08:11:41 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 15 Feb 94 08:11:41 PST
Subject: Clipper and Traffic Analysis
In-Reply-To: <9402151458.AA22074@ah.com>
Message-ID: <199402151603.LAA01970@eff.org>



Please pardon my error. I referred in my initial post in this thread
to "Switching System 7." Of course, I meant to say "Signaling System
7."

I knew I should have had some coffee this morning.


--Mike







From smb at research.att.com  Tue Feb 15 08:18:28 1994
From: smb at research.att.com (smb at research.att.com)
Date: Tue, 15 Feb 94 08:18:28 PST
Subject: Clipper and Traffic Analysis
Message-ID: <9402151609.AA13123@toad.com>


	 >Does anyone here have any thoughts as to whether Clipper enables traf
	fic
	 >analysis or tracing more easy than it normally is under Switching Sys
	tem
	 >7? 

	 SS7 uses out-of-band signalling.  The clipper LEAF is an in-band
	 signal.  Therefore a tap for clipper yields two kinds of information,
	 content and identities.

	 Tapping an SS7 signalling network is more expensive and more difficult
	 to justify.  More expensive because it runs packet-switched, more
	 difficult because it's not the conversation of any particular party
	 except the phone company.

Also, it probably goes via a different physical path.  And at least some
SS7 trunks are encrypted with DES.





From pmetzger at lehman.com  Tue Feb 15 08:21:42 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 15 Feb 94 08:21:42 PST
Subject: Clipper and Traffic Analysis
In-Reply-To: <199402151428.JAA29394@eff.org>
Message-ID: <9402151608.AA25156@andria.lehman.com>



Mike Godwin says:
> 
> Does anyone here have any thoughts as to whether Clipper enables traffic
> analysis or tracing more easy than it normally is under Switching System
> 7? The reason I ask is, I have this sense that one reason the government
> likes Clipper is that the Law Enforcement Access Field enables agents
> to draw inferences about who's talking to whom and what they're saying,
> even without decrypting the actual communications.
> 
> What do you think?

Normally, one can only determine the endpoints of a conversation. With
clipper, however, one can deduce a lot more, since when people move
around, go to hotels, phone booths, etc, you can still track their
clipper serial numbers.

Perry





From paul at poboy.b17c.ingr.com  Tue Feb 15 08:23:36 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Tue, 15 Feb 94 08:23:36 PST
Subject: Clipper and Traffic Analysis
In-Reply-To: <199402151428.JAA29394@eff.org>
Message-ID: <199402151611.AA20806@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

Mike Godwin asks whether one of Clipper's attractive points (well, not

to us, anyway) is the increased ability of LE to do traffic analysis.

> The reason I ask is, I have this sense that one reason the government
> likes Clipper is that the Law Enforcement Access Field enables agents
> to draw inferences about who's talking to whom and what they're saying,
> even without decrypting the actual communications.

Of course! Let's say that you call someone who's under Clipper
surveillance. Of course, you use your Clipperphone(*). The feds can
now go to a judge and say "Well, we know the holder of this key ID
called the suspect we have under surveillance... we want to surveil
_his_ line too." Guilt by association.

The agents should ideally have lawful authorization to be monitoring
the line, but think how easy it would be to do full-time, real-time
traffic analysis based on LEAF information.

- -Paul

(*) Not meant to imply that Mike would be likely to use a Clipperphone.

- -- 
Paul Robichaux, KD4JZG     | PGP key via finger & keyservers.
perobich at ingr.com          | Be a cryptography user- ask me how.
Intergraph Federal Systems | Of course I don't speak for Intergraph.
	       

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWD0FiA78To+806NAQF8KgP+PNlaWhQeBKXZuMLnvAqX0PaPwpnY+R6g
3g1snyCjLNxOGYlCOO0y/NczPsSxyp0yMMvod/XWrVCZutx/aKaepzq6AXA4o8qh
e0OnpgEKwkyfK49qTx5As7ajdRcDMIGSmiUvrKKodEZZhSB2+V3hKfN8Hdgq0A6b
aDIUhxHPXFs=
=1qsj
-----END PGP SIGNATURE-----





From kinney at bogart.Colorado.EDU  Tue Feb 15 08:29:09 1994
From: kinney at bogart.Colorado.EDU (W. Kinney)
Date: Tue, 15 Feb 94 08:29:09 PST
Subject: Detweiler abuse again
Message-ID: <9402151602.AA03825@bogart.Colorado.EDU>



-----BEGIN PGP SIGNED MESSAGE-----


hughes at ah.com (Eric Hughes):

> The automatic broadcast property of Usenet is profoundly broken for
> the long run, since there is no upper bound on the amount of resources
> required.  More immediately, this property also requires a 100%

One can only reach the conclusion that Usenet is broken if one assumes
that the remailers _aren't_. The automatic broadcast property if Usenet
is not a problem if you can always determine the source of a message. This
isn't an argument against anonymity, but just saying it's a little
backwards to say that Usenet has to be redesigned because it doesn't work
with the remailers.

Why not use technology to solve a technological problem? The difficulty 
here is that it is impossible for any one remailer operator to prevent 
someone, say LD, from using the remailer system. The best he can do is stop 
LD from using his site as an entry point. So why not introduce a little 
cooperation among operators? This can be accomplished without collusion of 
the sort that would break anonymity.

Pretty much all the remailer operators are 'punks, right? If a critical 
mass of operators get together and agree to block a standardized set of 
sources and destinations, then that group of operators will have enough 
pull to force the other operators to toe the line. The trick is to block 
messages from remailer _operators_ who refuse to agree to behave as part of 
the community, effectively isolating the wildcats. An isolated remailer is 
useless.

Should be easy enough to work out -- a posted alert PGP signed by any two 
remailer operators is immediately implemented, no questions asked. Remailer 
scripts should include blocking by source, destination, or _content_, as in 
posts on a certain subject to a certain newsgroup. This would allow 
blocking of a nutcase using encrypted hops to post to Usenet without having 
to collude and blow his anonymity. Just say "Sorry, due to abuse of the 
remailers, we're not going to forward messages about the creatures from 
Uranus using microwave mind-control any more". This is a complicated idea 
in a general case, but scanning for subject lines, for instance, could be 
implemented as easily as scanning for destinations.

What we have now is a bunch of single remailers. It's a very small step to 
create a cooperative group of remailers, and it would provide avenues for 
solutions to a lot of the potential problems. This is not perfect, but it's 
better.


tytso at ATHENA.MIT.EDU (Theodore Ts'o):

> Lance is, unfortunately, pointing out some huge, gaping holes in the
> current architecture of the Cypherpunks remailers.  It would be good if

LD is smart enough to know that you _chain_ remailers for anonymity. I 
think he wanted us to know it was him, and wanted to see whether or not Hal 
would blow his anonymity when it came down to it.


                                -- Will



-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWCOLPfv4TpIg2PxAQHOCgP9E2Q4R6ngHIeIv/IPePhcFqJgDaA8B4OO
CDS0akeyVXZXMB5b5nCGY2Q0b52LcSHnzUlJ0N/o1COjVNLADNOlcF2k9BcBYUuC
cqSWy1fJlx4lwd3P2kMgtk8v+pLHlVLJ4riopp2RXgLVfsesw8aJWOdSBf3bA7ft
cBxNJhcI9t8=
=BycG
-----END PGP SIGNATURE-----





From m5 at vail.tivoli.com  Tue Feb 15 08:31:42 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Tue, 15 Feb 94 08:31:42 PST
Subject: LEAF, SS7
Message-ID: <9402151623.AA26476@vail.tivoli.com>



It may be that traffic analysis of Clipper conversations is a question
orthogonal to the switching system employed to establish circuits, but
the question remains: does the presence of LEAF blocks on circuits
simplify the task of traffic analysis?  Methinks it does, particularly
as the network gets more complicated.  

While it's tempting to think of this as a clever back-door way of
getting some of the FBI "tap-o-rama" proposals implemented, it's not
really interesting until nearly everybody is using a Clipper phone.

Consider this little flight of fancy:  what if, "in the interest of
the privacy of the subscribers", Clipper hardware is installed right
in each end-office switch?  Thus, every phone call is Clipper
encrypted as it passes through the network, even if I don't have a
Clipper phone.  It might even be that Clipper hardware could be
installed right at the network interface.  Isn't that nice, the phone
company is going out of its way to safeguard my privacy.  Only thing
is, now every circuit I establish is tagged by an LEAF that identifies
me...

Oh well, enough paranoia for now.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From jim at bilbo.suite.com  Tue Feb 15 08:40:26 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 15 Feb 94 08:40:26 PST
Subject: Clipper and Traffic Analysis
Message-ID: <9402151617.AA29710@bilbo.suite.com>




> The reason I ask is, I have this sense that one reason the
> government likes Clipper is that the Law Enforcement
> Access Field enables agents to draw inferences about
> who's talking to whom and what they're saying, even
> without decrypting the actual communications. 

> 


Is it true that law enforcement can obtain phone records from the  
phone company simply by asking?  Or do they need a supena(sp)?

It would not surprise me in the least to hear someday that the  
government will allow law enforcement to record LEAFs without having  
to obtain a warrant for a wiretap.  If Clipper becomes widespread,  
and most conversations are encrypted, the government might  
conveniently redefine the term "wiretap" to mean "decrypting a  
Clipper conversation".  This would open it up for the government to  
continuously monitor and record LEAFs, probably via the soon to be  
mandated "wiretap" capabilities the FBI is pushing for.

"After all, the LEAF is just the electronic equivalent of your phone  
record.  This new definition of "wiretap" does not give law  
enforcement any new capabilities.  Since the actual contents of the  
conversation are encrypted, there is no invasion of privicy.  We're  
just trying to keep up with the latest technological advances."


Jim_Miller at suite.com







From MJMISKI at macc.wisc.edu  Tue Feb 15 08:51:42 1994
From: MJMISKI at macc.wisc.edu (Matthew J Miszewski)
Date: Tue, 15 Feb 94 08:51:42 PST
Subject: For those biting at the bit (or byting at the bit)
Message-ID: <24021510352310@vms2.macc.wisc.edu>


Glad to see cpunks back to crypto talk.
 
Anyways, to those of you who are anxious to see crypto applied in a
larger arena, your opportunity might be coming soon.
 
A few months back I announced that I will be starting a Data
Security Corporation which will apply and develop crypto
protocals.  To all those who have been inundating me with questions,
they will be answered very soon.  I have been *very* busy, but the work
is coming along fine.
 
So, if you are interested in getting involved, or if you would no longer
like to be contacted about it, let me know.  A general message will go out
by the end of the week.  Personal replies and requests closely
following.
 
To all those who have already responded I am sorry that it has taken this
long.  I want to do this right.  I appreciate your enthusiasm.  Now lets
make it pay off.
 
Cypherpunks form Corporations!
 
--Matt
______________________________________________________________________________
In defense of liberty, encrypt for all purposes, civil and professional.
In defense of privacy, encrypt all correspondence, personal and professional.
In defense of sanity, do not encrypt your dry cleaning invoice!
 
       ++++++++--------mjmiski at macc.wisc.edu                          (c)1993





From still at kailua.colorado.edu  Tue Feb 15 09:11:41 1994
From: still at kailua.colorado.edu (James Still)
Date: Tue, 15 Feb 94 09:11:41 PST
Subject: Where to get Big Bro Stickers
Message-ID: <2D610EB9@kailua.colorado.edu>



>On Mon, 14 Feb 1994, Eric Hughes wrote:
>
>> Will someone put a few "Big Brother Inside" stickers inside a stamped
>> #10 envelope and snail-mail it to Safire?
>>
>> It _will_ get mentioned in a column.
>
>Where can you get these stickers?


I sent my donation to:

     Christian Douglas Odhner
     14079 N. 34th Place
     Phoenix, AZ  85032
     cdodhner at indirect.com


But beware!  I sent him $15 bucks about 6 months ago and have
yet to see any stickers in the mail...  Perhaps I'll try e-mailing
him again to see what's up; or perhaps I should acknowledge a
beautiful scam when I see one!  (Or maybe the elusive tentacles
have struck down another pesky cypherpunk...)





From lefty at apple.com  Tue Feb 15 09:21:57 1994
From: lefty at apple.com (Lefty)
Date: Tue, 15 Feb 94 09:21:57 PST
Subject: Detweiler remailer abuse
Message-ID: <9402151712.AA03589@internal.apple.com>


Xenon, who shows a surprising depth of introspection in styling hirself
after an element which is both gaseous and inert, writes:
>
>I can't take life seriously enough to censor old Larry.

I suggest a short chat with Mr. Dictionary to determine the actual
definition of the word "censorship".  In the immortal words of Inigo
Montoya, "You keep saying that, but I don't think it means what you seem to
believe it does."

>I can't take the IDEAL of the First Amendment lightly
>enough to do so either.

OK, I see we can add the First Amendment to the list of subjects on which
you are essentially totally ignorant.  When you finish with Mr. Dictionary,
you might try puzzling out Mr. Bill of Rights.  _It_ doesn't say what you
apparently think it does, either.

>And afterall, he wasn't the one who wrote that "Blacknet" blurb.

Was there a point to this statement?  Other than the one athwart your
knotty little cranium, I mean.  If so, it utterly eludes me.  Do you
believe that drunk drivers should not be held responsible for their actions
because they don't build their own cars?

>I find it amusing to see uptight fuck-wads from specialized narrow minded
>Usenet groups yelling about someone sending something to
>their precious little group that upset them.

Not nearly as amusing as _I_ find it to see know-nothing children
attempting to impress the big kids with their general level of
uninformedness.

>Abuse away Larry. Show us that we really DO need dumb optical fibers
>between laptops instead of this tight-assed RFC standardized
>World Wide Wiretap we call our playground. We need a new
>net guys.

Please feel entirely free to avoid using the old one while you wait
patiently for the new and perfect one to show up.  I suggest you avoid
posting any further until you have _real_ _encryption_ running in your
laptop and _optical_ _fiber_ connecting you to all the places with which
you might consider communicating.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From pcw at access.digex.net  Tue Feb 15 09:31:42 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Tue, 15 Feb 94 09:31:42 PST
Subject: Clipper and Traffic Analysis
Message-ID: <199402151725.AA24527@access2.digex.net>


I believe the LEAF field is useful, but not too useful.
Here are my points:

*) It helps in unauthorized taps. I would presume that the
police won't have access to the phone company's calling records
if they're just using a pair of alligator clips. 

*) On the other hand, the system really isn't anywhere near as
useful as the phone number of the person calling. There will
be no map between LEAF id numbers and people. Such a map would
quickly get out of date as people traded phones etc...

*) It might be slightly better than the phone number in
strange cases because it identifies the handset not the number.
Who knows? Phone calls from the garage extension mean one thing
but phones from the kitchen extension mean another. This might
be significantly more important if businesses private exchanges
don't release the internal extension making the call.






From hfinney at shell.portal.com  Tue Feb 15 09:33:58 1994
From: hfinney at shell.portal.com (Hal)
Date: Tue, 15 Feb 94 09:33:58 PST
Subject: Detweiler abuse again
Message-ID: <199402151730.JAA06052@jobe.shell.portal.com>


I understand Eric's comments about the use of logging to "catch" Detweiler
in the act here.  Frankly, I expected more criticism of that action than I
received.  I should make it clear that I do not routinely log, but that after
receiving the complaints I forwarded to the list I added a line to my
maildelivery file to save all messages with the same subject line as the
offending message to a file.  Within minutes, the message from Detweiler
appeared.

I'm not sure Eric's idea about connecting via sockets would eliminate all
possibilities of logging.  It seems that with telnet, at least, the systems
that you connect to are able to find your host name.  Still, host names
would be more private than full addresses.

Grepping the Blacknet log file for "request-remailing-to" shows the
following messages which have accumulated overnight:

request-remailing-to: comp.sys.ti.explorer at news.cs.indiana.edu
request-remailing-to: rec.mag at news.demon.co.uk
request-remailing-to: rec.sport.football.australian.usenet at decwrl.dec.com
request-remailing-to: alt.fan.addams at news.cs.indiana.edu
request-remailing-to: soc.history at news.demon.co.uk
request-remailing-to: comp.archives.msdos.d at news.cs.indiana.edu
request-remailing-to: rec.pets.dogs.usenet at decwrl.dec.com
request-remailing-to: comp.sys.sgi.graphics.usenet at decwrl.dec.com
request-remailing-to: alt.fan.vejcik at news.demon.co.uk
request-remailing-to: alt.fan.addams at news.cs.indiana.edu
request-remailing-to: rec.pets.dogs.usenet at decwrl.dec.com
request-remailing-to: alt.abortion.inequity at news.cs.indiana.edu
request-remailing-to: alt.security at news.demon.co.uk
request-remailing-to: alt.sports.football.pro.dallas-cowboys.usenet at decwrl.dec.com
request-remailing-to: rec.music.classical.guitar at news.cs.indiana.edu
request-remailing-to: news.announce.important at news.demon.co.uk
request-remailing-to: misc.health.alternative.usenet at decwrl.dec.com
request-remailing-to: alt.beer at news.cs.indiana.edu
request-remailing-to: alt.archery at news.demon.co.uk
request-remailing-to: alt.sports.basketball.nba.wash-bullets.usenet at decwrl.dec.com

One good thing is that he is apparently targetting just a few mail-to-news
gateways.  I was worried because one of the complaints I got came from
a mailing list; it would be completely infeasible to block all mailing list
addresses.  But blocking the mail-to-news gateways would be pretty easy.

(As an aside: how do these gateways take the heat?  Should I suggest to those
complaining to me that my system is intended for email, not usenet, anon-
ymity, and that they should direct their complaints to the mail-to-news
gateways which are the "real" cause of the problem?  Is this tactic likely
to be politically effective?)

Now, I haven't received any complaints from the administration at this
commercial system for which I pay about $30 a month.  In fact, I have never
received any complaints about my remailer from the admins, even though I
assume that at least some complaints have been sent to root or postmaster
here.  I know that the owner of the Portal system was at the hacker's
conference a couple of years ago (according to a report on the cp list),
and that he supposedly pledged his commitment to the concept of anonymous
remailers.  I have never contacted him, but perhaps I am protected to
some extent by his beliefs.

At this point, I will probably take no action and see if this blows over.
If I get more complaints, though, I will probably block the mail-to-news
gateways as outgoing addresses.

Another alternative would be for me to forward outgoing mail which is
directed to the mail-to-news gateways through another remailer, such
as Xenon's at netcom.com.  

Thanks for the suggestions and advice.

Hal






From hughes at ah.com  Tue Feb 15 10:01:41 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 10:01:41 PST
Subject: Detweiler abuse again
In-Reply-To: <199402151730.JAA06052@jobe.shell.portal.com>
Message-ID: <9402151753.AA22610@ah.com>


>I'm not sure Eric's idea about connecting via sockets would eliminate all
>possibilities of logging.  

I did not mean to imply this.  Using daemons would get rid of the
_default_ loging that occurs on systems.  Changing logging from
opt-out to opt-in would make a large practical difference right now.

>It seems that with telnet, at least, the systems
>that you connect to are able to find your host name.  Still, host names
>would be more private than full addresses.

This was exactly my point in a previous article.  An email address
identifies both a machine and a user, where an IP connection (e.g.
telnet) only reveals the machine.  Now if the sysadmin of the
originating machine logs and shares information with the destination
machine, the user can be identified.  But again, this is an opt-in
monitoring system.

Eric





From hughes at ah.com  Tue Feb 15 10:11:44 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 10:11:44 PST
Subject: Detweiler abuse again
In-Reply-To: <9402151602.AA03825@bogart.Colorado.EDU>
Message-ID: <9402151758.AA22618@ah.com>


>The trick is to block 
>messages from remailer _operators_ who refuse to agree to behave as part of 
>the community, effectively isolating the wildcats. An isolated remailer is 
>useless.

But an community of isolated remailers could get larger than the
cooperating set.

And coercing wildcats is, well, like herding cats.

Eric





From smb at research.att.com  Tue Feb 15 10:16:01 1994
From: smb at research.att.com (smb at research.att.com)
Date: Tue, 15 Feb 94 10:16:01 PST
Subject: LEAF, SS7
Message-ID: <9402151811.AA15802@toad.com>


The LEAF has many very interesting attributes.  As I mentioned earlier,
in response to Mike's original question -- yes, there are tremendous
advantages to the LEAF for a traffic analyst.

But the LEAF itself is encrypted, including the session key, so
enemies can't do traffic analysis based on the LEAF.

The structure of the LEAF is also a dead giveaway that Clipper is
being used -- it's easy to envision a box that has the family key,
and tries every LEAF-sized field to see if it decrypts to something
that looks right, and in particular has the right checksum.  It
detects Clipper -- and coupled with a random sequence detector, it
detects encrypted, non-Clipper traffic...





From m5 at vail.tivoli.com  Tue Feb 15 10:21:42 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Tue, 15 Feb 94 10:21:42 PST
Subject: LEAF, SS7
In-Reply-To: <9402151811.AA15323@tivoli.com>
Message-ID: <9402151816.AA28003@vail.tivoli.com>



smb at research.att.com writes:
 > But the LEAF itself is encrypted, including the session key, so
 > enemies can't do traffic analysis based on the LEAF.

"Enemies"?  Isn't that a subjective term?  :-)

 > The structure of the LEAF is also a dead giveaway that Clipper is
 > being used -- it's easy to envision a box that has the family key,
 > and tries every LEAF-sized field to see if it decrypts to something
 > that looks right, and in particular has the right checksum.

I'm going to make the almost certainly valid assumption that you know
more about the way the network works than I do, but my assumption is
this:  in the wacky scenario I described wherein Clipper devices are
installed in the network interfaces "everywhere", then the presence of
these identifiable (and identifying!) packets means that a central tap
at a regional switching center could concievably perform traffic
analysis without the need for taps on local loops anywhere.  Is this
assumption way wrong?

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From koontzd at lrcs.loral.com  Tue Feb 15 10:31:41 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Tue, 15 Feb 94 10:31:41 PST
Subject: LEAF, SS7
Message-ID: <9402151826.AA22164@io.lrcs.loral.com>


>              It might even be that Clipper hardware could be
>installed right at the network interface.  Isn't that nice, the phone
>company is going out of its way to safeguard my privacy.  Only thing
>is, now every circuit I establish is tagged by an LEAF that identifies
>me...

Actually, providing link encryption via CLIPPER only allows identification
of the link, still useful in traffic analysis.

(As a quick means of identifying the link.)





From smb at research.att.com  Tue Feb 15 10:36:50 1994
From: smb at research.att.com (smb at research.att.com)
Date: Tue, 15 Feb 94 10:36:50 PST
Subject: LEAF, SS7
Message-ID: <9402151822.AA16083@toad.com>


	  > The structure of the LEAF is also a dead giveaway that Clipper is
	  > being used -- it's easy to envision a box that has the family key,
	  > and tries every LEAF-sized field to see if it decrypts to something
	  > that looks right, and in particular has the right checksum.

	 I'm going to make the almost certainly valid assumption that you know
	 more about the way the network works than I do, but my assumption is
	 this:  in the wacky scenario I described wherein Clipper devices are
	 installed in the network interfaces "everywhere", then the presence of
	 these identifiable (and identifying!) packets means that a central tap
	 at a regional switching center could concievably perform traffic
	 analysis without the need for taps on local loops anywhere.  Is this
	 assumption way wrong?

I suspect that you'd have too much data -- you'd have to be able to
scan every part of every conversation.  If you're going to go to those
lengths, you'd do just as well to tap the signaling channels instead --
a lot less data, and most of it organized the way you want it.





From rudy at bnr.ca  Tue Feb 15 10:40:52 1994
From: rudy at bnr.ca (rudy (r.) rawlins)
Date: Tue, 15 Feb 94 10:40:52 PST
Subject: Clipper and Traffic Analysis
Message-ID: <"2152 Tue Feb 15 13:25:01 1994"@bnr.ca>


In message "Clipper and Traffic Analysis", pmetzger at lehman.com writes:


> 
> Normally, one can only determine the endpoints of a conversation. With
> clipper, however, one can deduce a lot more, since when people move
> around, go to hotels, phone booths, etc, you can still track their
> clipper serial numbers.
> 
> Perry
>             

Maybe we are missing something here, when people move around if they
simply use their hotels phones, phone booths, et al, how can one track
their clipper serial number? Unless there is a personal Clipper serial
number? I do not see any extra info being garnered from Clipper phones,
just less.

Consider the case where there is a wiretap in progress: In the past one
end was tapped and both sides of the converstion were heard. You could
always find out who was calling, but you could not go and bug the
calling party's phone without a court order. With Clipper, you tap the
outbound voice/data, but every inbound voice has to be decoded with its
own key. Now will the wiretap allows blanket decryption for all Clipper
phones? and if so where does the tap begin and end. If no blanket
decryption is allowed then  must they record outgoing voice/data and
based on the content of  one side of the conversation  convince a judge
to let them decode the other side? Both scenario is problematic. 

If I'm cop and the suspect does not have a Clipper phone at home? can I
choose  which end of the switch to tap?  I would choose the analog side
that still has voice -- both voices, so even if the network is
Clippered, why go through the hassle of managing keys when I can always
hook onto an old fashioned analog voice line.

Am I seeing correctly or did I miss something?  





From tytso at ATHENA.MIT.EDU  Tue Feb 15 11:01:42 1994
From: tytso at ATHENA.MIT.EDU (Theodore Ts'o)
Date: Tue, 15 Feb 94 11:01:42 PST
Subject: Detweiler abuse again
In-Reply-To: <9402151547.AA22138@ah.com>
Message-ID: <9402151858.AA05503@tsx-11.MIT.EDU>


   Date: Tue, 15 Feb 94 07:47:29 -0800
   From: hughes at ah.com (Eric Hughes)

   I desire the public forum.  I desire anonymous speech.  I desire
   pseudonymous persons.  Usenet does not allow these simultaneously,
   therefore it is broken for me.  Therefore I desire usenet as it is
   constituted now to die...

I admire your honesty; a lot of cypherpunks weren't willing to say this
the last time we had this flame war.

I desire that Usenet live for now, because even though it does not
provide simulatneously the features of public forum and anonymous
speach, it does solve the public forum problem relatively well, and as
such, is providing a certain amount of societal good to the world.

If we want both, then we should design and implement a system that has
both.  It doesn't necessarily follow that it's all constructive to tear
down an institution that does what it was designed to do well, and but 
unfortunately doesn't happen meet your new requirements.  Build the new
and better system first, before trying to tear down the old one.

						- Ted





From mg5n+ at andrew.cmu.edu  Tue Feb 15 11:09:28 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Tue, 15 Feb 94 11:09:28 PST
Subject: Detweiler abuse again
In-Reply-To: <199402151730.JAA06052@jobe.shell.portal.com>
Message-ID: <ghMFbZi00VBA8ICUc0@andrew.cmu.edu>


> (As an aside: how do these gateways take the heat?  Should I suggest to
> those complaining to me that my system is intended for email, not
> usenet, anonymity, and that they should direct their complaints to the
> mail-to-news gateways which are the "real" cause of the problem?
> Is this tactic likely to be politically effective?)

No, and it would probably backfire.  If the mail-to-usenet gateways get
abused, the administrators of the gates will probably start blocking
incoming mail, as CMU and Berkeley have done.

(The CMU gateway is outnews+netnews.group.name at andrew.cmu.edu  You can
try it and see what results you get.)

It might be more effective if you bounced messages from detweiler back
to him, CC: postmaster with a notice saying "Due to repeated abuses of
this email service, messages from detweile at cs.colostate.edu are no
longed accepted.  Unsent message follows:





From boone at psc.edu  Tue Feb 15 11:31:42 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Tue, 15 Feb 94 11:31:42 PST
Subject: Detweiler abuse again
In-Reply-To: <9402151753.AA22610@ah.com>
Message-ID: <9402151923.AA09052@igi.psc.edu>



hughes at ah.com (Eric Hughes)  writes:
>
> >I'm not sure Eric's idea about connecting via sockets would eliminate all
> >possibilities of logging.  
> 
> I did not mean to imply this.  Using daemons would get rid of the
> _default_ loging that occurs on systems.  Changing logging from
> opt-out to opt-in would make a large practical difference right now.

  Using a remailer daemon on a well-known port (777, anyone?) would only
  result in defeating logging that is done via SMTP-agents like sendmail.
  It is still possible for the sysadmin on the host to do a TCP-wrapper
  log which logs the connection to the remailer from the originator.
  Again, this only provides IP address information, which makes it easy
  to hide if the originator comes from a machine like netcom or the well.

> This was exactly my point in a previous article.  An email address
> identifies both a machine and a user, where an IP connection (e.g.
> telnet) only reveals the machine.  Now if the sysadmin of the
> originating machine logs and shares information with the destination
> machine, the user can be identified.  But again, this is an opt-in
> monitoring system.

  Yes... also the remailer daemon could do opt-in monitoring of both ends
  of it's connections... Full accountability could be possible, but only
  with the complicity of everyone in the path...

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From pmetzger at lehman.com  Tue Feb 15 11:41:46 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 15 Feb 94 11:41:46 PST
Subject: Clipper and Traffic Analysis
In-Reply-To: <"2152 Tue Feb 15 13:25:01 1994"@bnr.ca>
Message-ID: <9402151935.AA25583@andria.lehman.com>



"rudy (r.) rawlins" says:
> > Normally, one can only determine the endpoints of a conversation. With
> > clipper, however, one can deduce a lot more, since when people move
> > around, go to hotels, phone booths, etc, you can still track their
> > clipper serial numbers.
> > 
> > Perry
> >             
> 
> Maybe we are missing something here, when people move around if they
> simply use their hotels phones, phone booths, et al, how can one track
> their clipper serial number? Unless there is a personal Clipper serial
> number? I do not see any extra info being garnered from Clipper phones,
> just less.

Perhaps this is not obvious to others, so I'll be more explicity. If
you use a clipper phone at home, the cops can determine your serial
number by tapping your line. Then, if you take your phone with you
(the little portable AT&T "bump in a cord" is designed for this)
everywhere you go you are signaling where you are.

Perry





From tcmay at netcom.com  Tue Feb 15 11:45:39 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 15 Feb 94 11:45:39 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <9402151602.AA03825@bogart.Colorado.EDU>
Message-ID: <199402151938.LAA13708@mail.netcom.com>


W. Kinney writes:

> One can only reach the conclusion that Usenet is broken if one assumes
> that the remailers _aren't_. The automatic broadcast property if Usenet
> is not a problem if you can always determine the source of a message. This
> isn't an argument against anonymity, but just saying it's a little
> backwards to say that Usenet has to be redesigned because it doesn't work
> with the remailers.

It's broken in the larger sense that Eric mentioned: costs are not
incurred by posters. This is not just a problem with remailers, but
with the growing numbers of "Make.Money.Fast" and "Allah is Coming!"
sorts of posts. Think about it.

> Why not use technology to solve a technological problem? The difficulty 
> here is that it is impossible for any one remailer operator to prevent 
> someone, say LD, from using the remailer system. The best he can do is stop 
> LD from using his site as an entry point. So why not introduce a little 
> cooperation among operators? This can be accomplished without collusion of 
> the sort that would break anonymity.

Well, this blocking is what Hal is doing, and he proposed that others
do the same, so I don't get your "alternative."

> Pretty much all the remailer operators are 'punks, right? If a critical 
> mass of operators get together and agree to block a standardized set of 
> sources and destinations, then that group of operators will have enough 
> pull to force the other operators to toe the line. The trick is to block 
> messages from remailer _operators_ who refuse to agree to behave as part of 
> the community, effectively isolating the wildcats. An isolated remailer is 
> useless.

Not this easy. To see this, imagine the following scenario:

Alice chooses not to block Detweiler (for example). Bob, Charles,
Dorothy, decide to block Detweiler. Alice receives a message from
Detweiler, strips off the headers in the normal way, passes the
*encrypted* body (remember that many remailers support PGP and that
this is in fact the preferred mode, long term) to Bob, who has
absolutely no idea the body message he sees (encrypted further....) is
a message from Detweiler. Bob does the header stripping and remailing
to Charles, and so on. Eventually, Zeke sends the message on to its
final destination. 

Only at the last stage, in this example, does Zeke realize--if he
bothers to look at the message body, presumably now in plaintext (but
not necessarily)--that the message is a threat, a flame, a "Yahweh is
Coming!" message, or whatever.

Thus, so long as at least *one* remailer is not doing source
screening, and that at least some encryption is used (not all nodes
have to do it, obviously), then source-level screening will not work.

Unless, of course, Alice, Bob, Charles, etc. all agree to "work
backwards" to trace a sender. This dire situation, counter to
everything we want in remailers, would then allow the rest of the
remailers to add _Alice_ to their list of blocked sources. Because she
didn't play ball and didn't block Detweiler. A slow process, and one
that could also be thwarted by, say, Fred, who refuses "on principle"
to keep logs, collude with the other remailers, etc.

No, source-level blocking is a reasonable short term fix for the
present challenge from Detweiler, but is not a long term solution. We
can block Detweiler temporarily, because there are so few remailers,
so little use of chained encryption, etc., but he and others will find
alternatives.

> What we have now is a bunch of single remailers. It's a very small step to 
> create a cooperative group of remailers, and it would provide avenues for 
> solutions to a lot of the potential problems. This is not perfect, but it's 
> better.

I agree here that remailers may organize themselves into
"cooperatives," groups which make common assumpions about what
policies to follow. Thus, in my example, eventually Alice would be
excluded from the group, for not blocking Detweiler in the first
place. But it gets real messy real fast. Does Alice not accept
encrypted messages from "unknown" sources? (For example, it would be
possible for Detweiler to contract with Joe User to have him forward a
single message, then have Sue Foo forward his next message, etc. In
other words, source-blocking fails so long as a remailer accepts
encrypted messages.)

Very long term, when message costs are borne by the sender, this
problem goes away. (Others remain, such as death threats, extortion,
markets for murder, etc., but they're in a different category.)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From hansen at Iowa.Physics.UIowa.EDU  Tue Feb 15 11:51:42 1994
From: hansen at Iowa.Physics.UIowa.EDU (hansen at Iowa.Physics.UIowa.EDU)
Date: Tue, 15 Feb 94 11:51:42 PST
Subject: ?
Message-ID: <0097A191.55DBB120.21984@Iowa.Physics.UIowa.EDU>


     Is this serious?





From ebrandt at jarthur.Claremont.EDU  Tue Feb 15 11:59:37 1994
From: ebrandt at jarthur.Claremont.EDU (Eli Brandt)
Date: Tue, 15 Feb 94 11:59:37 PST
Subject: Detweiler abuse again
In-Reply-To: <9402151758.AA22618@ah.com>
Message-ID: <9402151942.AA17648@toad.com>


> But an community of isolated remailers could get larger than the
> cooperating set.

No problem -- just add them to the killfile.  Sure, new `rogue'
remailers could slip by, but so can any fool with a telnet 25.
Participating remailers would have some assurance that they're
not sending material from someone in the source killfile.  Non-
participators wouldn't, and could take the moral high-ground
all they like.

> Eric

   Eli   ebrandt at jarthur.claremont.edu





From mnemonic at eff.org  Tue Feb 15 12:01:42 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Tue, 15 Feb 94 12:01:42 PST
Subject: LEAF, SS7
In-Reply-To: <9402151811.AA15802@toad.com>
Message-ID: <199402151953.OAA06816@eff.org>


 
> But the LEAF itself is encrypted, including the session key, so
> enemies can't do traffic analysis based on the LEAF.
 
But the police can. They can decrypt the LEAF even without an escrow key.
You use a family key to do that.



--Mike







From smb at research.att.com  Tue Feb 15 12:09:06 1994
From: smb at research.att.com (smb at research.att.com)
Date: Tue, 15 Feb 94 12:09:06 PST
Subject: LEAF, SS7
Message-ID: <9402151958.AA17853@toad.com>


	  
	 > But the LEAF itself is encrypted, including the session key, so
	 > enemies can't do traffic analysis based on the LEAF.
	  
	 But the police can. They can decrypt the LEAF even without an escrow
	 key.  You use a family key to do that.

Precisely my point.





From hughes at ah.com  Tue Feb 15 12:11:42 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 12:11:42 PST
Subject: Detweiler abuse again
In-Reply-To: <9402151858.AA05503@tsx-11.MIT.EDU>
Message-ID: <9402152005.AA23014@ah.com>


>   Therefore I desire usenet as it is
>   constituted now to die...

>I admire your honesty; a lot of cypherpunks weren't willing to say this
>the last time we had this flame war.

I think, however, that a new system will still be called "Usenet" and
still be considered usenet and will be built on top of the existing
usenet.  I left this out before in order to make my point clearer.

>I desire that Usenet live for now, because even though it does not
>provide simulatneously the features of public forum and anonymous
>speach, it does solve the public forum problem relatively well, and as
>such, is providing a certain amount of societal good to the world.

If usenet as it is now must die, that's no reason to make that death
occur this week.

There is also no reason not to continue to press on the existing
system with anonymity.

The pressures for better salience and for the asking of fewer FAQ's is
already here, and has very little to do with anonymity.  Persistent
and anonymous disrupters do far less harm that the aggregate
blatherings of ten thousand eighteen-year-olds.  The net effect of
both is to increase the noise.

The problem is that one loud person is clearly to _blame_ for that
noise, but a single innocent question is not, even though both
contribute to the problem.  Anonymity removes the path through which
the disrupter can be shamed into submission.  The would-be shamer
subsequently feels frustration at the inability to induce guilt in
someone who ... should.

Thus does anonymity sharpen the debate about the quality of usenet.
It is now particular individuals who are the problem, not the system
as a whole.  The frustrated desire to blame creates a separation in
analysis where none need be.  People get so worked up about bad people
that they forget about the bad system.

>Build the new
>and better system first, before trying to tear down the old one.

Yet my argument seeks to show that the problem is already here, and
that the presence of anonymity changes the nature of the debate about
the problem much more that it changes the nature or even the scale of
the problem.

>If we want both, then we should design and implement a system that has
>both.  

One can do this by building on top of newsgroup moderation, which is
the internal mechanism already present to capture salience.  Every
newsgroup should have moderation.  Whether the moderator is one
person, a group of people, or a program is an open issue.

I have a starting point of discussion.

Let the moderator of each newsgroup be a mailing list address.  The
members of this mailing list are the moderators of the group.  All
postings to a newsgroup go first to this moderation list.

The moderators then read news with software which rates the news
articles for inclusion.  (This could be a modified newsreader, for
example.)  After each article was read, a mail message is sent back
the mailing list address (or a parallel one) with the rating.

Some voting algorithm determines inclusion.  This voting algorithm
need not require all the moderators to make a rating before
transmission.  When an article is sent out, an indication of the
results of the voting system is included in the header, allowing
end-user filtering on moderation.

Three basic issues determine the exact character of a newsgroup of
this type.  (And each newsgroup should be able to be different.)

1. What is the nature of the moderation group?
  a. Is the size bounded or unbounded?
  b. Is membership self-selected or constrained?
  c. Is there a limit to tenure?

2. What is the nature of the rating?
  a. Size of the rating space
    1) yes/no/abstain
    2) 1-10
    3) Is there veto?
  b. Rating by category.

3. What is the voting algorithm?
  a. Any moderator may approve (result is the name of that moderator)
  b. Any N moderators may approve (result are these names)
  c. First majority with minimum (used in statistical signifance experiments)
  d. Voting window and percentage minimum, possibly with quorum

As a first and easiest starting point, one might choose the following
characteristics for experimentation:

  -- moderation participation is unlimited.  Membership may be restricted if
     many bad moderation decisions are made.
  -- yes/abstain
  -- any moderator may approve
 
The point of this kind of system is that the existing usenet
distribution mechanism can be lifted intact.  Likewise can the bulk of
the readers of news continue mostly unchanged, only unsubscribing and
resubscribing.

The existing unmoderated groups will continue to be a sewer.  Fine.
New groups with distributed moderation can be created.  If these are
successful old groups can be moved over to this method.

Two main pieces of new software are needed for this scheme:

1. A change in newsreaders/mail agents to send off ratings.

2. A mail server to implement the moderation
  a. the initial mailing list 
  b. the voting algorithm 
  c. the actual posting

None of this software is particularly difficult in concept.

Eric





From Banisar at washofc.cpsr.org  Tue Feb 15 12:16:58 1994
From: Banisar at washofc.cpsr.org (Dave Banisar)
Date: Tue, 15 Feb 94 12:16:58 PST
Subject: CPSR Alert 3.04 (Clipper Update)
Message-ID: <9402151503.AA32096@Hacker2.cpsr.digex.net>


  ==============================================================
  
    @@@@  @@@@   @@@   @@@@        @    @     @@@@  @@@@ @@@@@@
    @     @  @  @      @  @       @ @   @     @     @  @    @
    @     @@@     @    @@@       @@@@@  @     @@@   @@@     @
    @     @        @   @  @      @   @  @     @     @  @    @
    @@@@  @     @@@    @   @     @   @  @@@@  @@@@  @   @   @
  
   =============================================================
   Volume  3.04                                February 15, 1994
   -------------------------------------------------------------
  
                           Published by
           Computer Professionals for Social Responsibility
                         Washington Office
                     (Alert at washofc.cpsr.org)
  
                SPECIAL EDITION --- CLIPPER UPDATE
     -------------------------------------------------------------
  
Contents
  
    [1] Clipper Petition Tops 10,000 Mark
    [2] Safire Slams Clipper
    [3] A Tough Question
    [4] Clipper Facts: Definition of "Tesserea"
    [5] Sign the Clipper Petition!
    [6] New Files at the CPSR Internet Library
     
     
-------------------------------------------------------------
  
[1] Clipper Petition Tops 10,000 Mark

The electronic petition begun by CPSR to oppose Clipper has generated
well over 10,000 responses in two weeks.  The daily signature totals
continue to increase, currently running at almost 2,000 per day!

The number of people who have opposed Clipper already exceeds the
current estimated government orders for Clipper chips.

Other upcoming milestones:

   12,000  Number of computer networks connected to the Internet
   15,000  Estimated number of total lawful wiretaps, 1968-1994
   70,000  Anticipated number of Clipper purchases this year
 
More details on the petition are re-printed below, just in case you
haven't already forwarded a copy to every person and mailing list you
know.

     -------------------------------------------------------------

[2] Safire Slams Clipper

For those of you who might have missed it, William Safire published a
very good essay on the Clipper proposal yesterday (February 14). We're
providing some excerpts here and recommend the piece in its entirety.
Let's hope Safire can do for Clipper what he did for Bobby Inman.


  Well-meaning law and intelligence officials, vainly seeking to 
  maintain their vanishing ability to eavesdrop, have come up with 
  a scheme that endangers the personal freedom of every American.

            *     *     *

  The "clipper chip" --- aptly named, as it clips the wings of
  individual liberty --- would encode, for Federal perusal whenever a 
  judge rubber-stamped a warrant, everything we say on a phone, 
  everything we write on a computer, every order we give to a shopping
  network or bank or 800 or 900 number, every electronic note we leave
  our spouses or dictate to our personal-digit-assistant genies.

  Add to that stack of intimate data the medical information derived
  from the national "health security card" Mr. Clinton proposes we all 
  carry. Combine it with the travel, shopping and credit data available 
  from all our plastic cards, along with psychological and student test 
  scores. Throw in the confidential tax returns, sealed divorce 
  proceedings, welfare records, field investigations for job 
  applications, raw files and C.I.A. dossiers available to the Feds, and 
  you have the individual citizen standing naked to the nosy bureaucrat.

            *     *     *

  The only people tap-able by American agents would be honest Americans
  --- or those crooked Americans dopey enough to buy American equipment 
  with the pre-compromised American code.  Subsequent laws to mandate the 
  F.B.I. bug in every transmitter would be as effective as today's laws 
  banning radar detectors.

            *     *     *

  Cash in your clipper chips, wiretappers:  you can't detect the crime
  wave of the future with those old earphones on.

     ---------------------------------------------------------------

[3] A Tough Question

During the briefing on February 4 at which the formal adoption of the
Escrowed Encryption Standard (aka Clipper) was announced, Mark Richards,
Deputy Assistant Attorney General for the Criminal Division,   was asked
the following hypothetical question:

  Suppose NSA goes to the key escrow agents and says, "We intercepted
  a Clipper-encrypted communication overseas.  No U.S. persons
  were parties, so the Foreign Intelligence Surveillance Act does
  not apply and we don't need a warrant."  How do the escrow
  agents determine whether or not to provide the keys?  Doesn't
  this create a huge loophole in the system?

Richards' response was that there would be "some" mechanism developed to
ensure that there would be no abuse of the key escrow system, but added
that any such procedures "might not be made public."  The response was
less than assuring.  The development of secret procedures for foreign
intelligence use of escrowed keys does nothing to assure the public of
the system's integrity.  It creates a very real possibility that the key
escrow system will be based upon nothing more than NSA's unilateral
representations concerning the circumstances of a particular
interception.

It was not at all apparent why these procedures couldn't be made public.
Like so much of the Clipper proposal, valid concerns are met with the
claim that "national security" precludes the disclosure of relevant
information.  This is why many of us believe this is a dangerous and
ill-advised way to design our civilian communications infrastructure.

     ---------------------------------------------------------------

[4] Clipper Facts: Definition of "Tesserea"

The Defense Department reportedly plans to employ the Clipper technology
in a device known as a "Tessera Card."  We checked the dictionary and
found the results to be kind of frightening:

  Terrerea n. Lat. (pl. tessereae).  Literally, "four-cornered".  Used
  to refer to four-legged tables, chairs, stools, etc.  Also, a single
  piece of mosaic tile; a single piece of a mosaic.  _Pol._: An identity
  chit or marker.  Tessereae were forced on conquered peoples and 
  domestic slaves by their Roman occupiers or owners.  Slaves or Gauls 
  who refused to accept a tesserea were branded or maimed as a form of 
  identification.

 
>From Starr's History of the Classical World and the Oxford Unabridged.
(thanks to Clark Matthews)

     ----------------------------------------------------------------

[5] Sign the Clipper Petition!

                Electronic Petition to Oppose Clipper
                      *Please Distribute Widely*

On January 24, many of the nation's leading experts in cryptography and
computer security wrote President Clinton and asked him to withdraw the
Clipper proposal.
  
The public response to the letter has been extremely favorable,
including coverage in the New York Times and numerous computer and
security trade magazines.

Many people have expressed interest in adding their names to the letter.
In  response to these requests, CPSR is organizing an Internet petition
drive to oppose the Clipper proposal.  We will deliver the signed
petition to the White House, complete with the names of all the people
who oppose Clipper.

To sign on to the letter, send a message to:

     Clipper.petition at cpsr.org

with the message "I oppose Clipper" (no quotes)

You will receive a return message confirming your vote.

Please distribute this announcement so that others may also express
their opposition to the Clipper proposal.

     -------------------------------------------------------------
  
[6] New Files at the CPSR Internet Library

The following Clipper-related files are now available at the CPSR
Internet Library:

  NIST Announcement of FIPS-185 (Escrowed Encryption Standard)
  /cpsr/privacy/crypto/clipper/fips_185_clipper_feb_1994.txt

  "Big Brother Inside" Postscript file parody of Intel's logo.
  Perfect for stickers, posters. Designed by Matt Thomlinson.
  /cpsr/privacy/crypto/clipper/big_brother_inside_sticker.ps

  All February 4 White House releases on Clipper are available at
  /cpsr/privacy/crypto/clipper

  An analysis of US cryptography policy by Professor Lance Hoffman
  commissioned by NIST /cpsr/privacy/crypto/hoffman_crypto_policy_1994


The CPSR Internet Library is a free service available via
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr.  Materials from Privacy
International, the Taxpayers Assets Project and the Cypherpunks are also
archived.  For more information, contact ftp-admin at cpsr.org.

=======================================================================

To subscribe to the Alert, send the message:

"subscribe cpsr-announce <your name>" (without quotes or brackets) to
listserv at cpsr.org.  Back issues of the Alert are available at the CPSR
Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert

Computer Professionals for Social Responsibility is a national,
non-partisan, public-interest organization dedicated to understanding
and directing the impact of computers on society.  Founded in 1981, CPSR
has 2000 members from all over the world and 22 chapters across the
country.  Our National Advisory Board includes a Nobel laureate and
three winners of the Turing Award, the highest honor in computer
science.  Membership is open to everyone.

For more information, please contact: cpsr at cpsr.org or visit the CPSR
discussion conferences on The Well (well.sf.ca.us) or Mindvox
(phantom.com).
  
 ------------------------ END CPSR Alert 3.04 -----------------------
  










From hughes at ah.com  Tue Feb 15 12:21:42 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 12:21:42 PST
Subject: Detweiler abuse again
In-Reply-To: <ghMFbZi00VBA8ICUc0@andrew.cmu.edu>
Message-ID: <9402152008.AA23021@ah.com>


>It might be more effective if you bounced messages from detweiler back
>to him, CC: postmaster

Why even bounce?  If you want to make the remailers do something with
unwanted mail, one could honor the remailing request, but not
anonymize it.

Eric





From hughes at ah.com  Tue Feb 15 13:01:41 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 13:01:41 PST
Subject: Detweiler abuse again
In-Reply-To: <9402151942.AA17648@toad.com>
Message-ID: <9402152048.AA23122@ah.com>


>> But an community of isolated remailers could get larger than the
>> cooperating set.

>No problem -- just add them to the killfile.  

A set of remailers isolated from a restriction cooperative is a fully
operative set of remailers.  Adding them to the killfile doesn't
prevent these remailers from directly posting and directly mailing.

Eric





From banisar at washofc.cpsr.org  Tue Feb 15 13:08:28 1994
From: banisar at washofc.cpsr.org (Dave Banisar)
Date: Tue, 15 Feb 94 13:08:28 PST
Subject: Clipper Petition Passes 10,
Message-ID: <00541.2844164459.3441@washofc.cpsr.org>


  Clipper Petition Passes 10,000
===========================================================

                                                        Washington, DC
                                                        February 15, 1994
                    



            Computer Professionals for Social Responsibility (CPSR)


                  OVER 10,000 SIGN PETITION TO OPPOSE CLIPPER


In only two weeks, over 10,000 users of the nation's computer networks
have signed the CPSR petition calling for President Clinton to withdraw
the Clipper proposal. 

Opposition has been widespread, from CEOs of large firms to college
students in small towns, from librarians and civil libertarians to computer
programmers and product marketers. 

To sign the petition, email <clipper.petition at cpsr.org> with the message
"I Oppose Clipper" 

Encourage friends to sign.

In 1990, over 30,000 people sent email message to Lotus asking that a
product
containing detailed personal information called "Marketplace" be withdrawn.
Eventually Lotus withdrew the product.

CPSR is a non-profit, membership organization based in Palo Alto, CA. 
CPSR's mission is to provide analysis of the effects of new technological 
developments on society.  For more information, please email cpsr at cpsr.org
or 
call 415-322-3778.


============================================================






From hughes at ah.com  Tue Feb 15 13:11:45 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 13:11:45 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <199402151938.LAA13708@mail.netcom.com>
Message-ID: <9402152059.AA23156@ah.com>


>It's broken in the larger sense that Eric mentioned: costs are not
>incurred by posters. 
[...]
>Very long term, when message costs are borne by the sender, this
>problem goes away.

I really doubt the problem goes away.  Message costs have some
restrictive effect, but they are not a panacea.  (They are a panacea
for supporting remailer services, but that should be obvious.)
Transmission costs are dropping so fast that it is conceivable that
the cost of a broadcast of a three page message to everyone in the
world will be less than a dollar.

Mailbombing might be solved by message costs, and will be a deterrent,
but mailbombing is such a blunt weapon.

As I recently argued, the problem is not individual disrupters but
salience in general.

Usenet is broken because it transmits everything which is sent to it,
without any sort of judgement as to the propriety of the message to
the newsgroups to which it is posted.  Paying for the message does not
solve the problem of newbie questions, or flame wars (low bandwidth
data, high bandwidth emotion; flames are extremely compressible), or
digressions.

Eric






From tytso at ATHENA.MIT.EDU  Tue Feb 15 13:14:17 1994
From: tytso at ATHENA.MIT.EDU (Theodore Ts'o)
Date: Tue, 15 Feb 94 13:14:17 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <199402151938.LAA13708@mail.netcom.com>
Message-ID: <9402152054.AA07071@tsx-11.MIT.EDU>


   From: tcmay at netcom.com (Timothy C. May)
   Date: Tue, 15 Feb 1994 11:38:54 -0800 (PST)

   It's broken in the larger sense that Eric mentioned: costs are not
   incurred by posters. This is not just a problem with remailers, but
   with the growing numbers of "Make.Money.Fast" and "Allah is Coming!"
   sorts of posts. Think about it.

I've heard this assertion made a large number of times --- that if the
poster had to pay for the cost of a posting, that all of our problems
would go away (or at least a lot of them would).

I'm not convinced they would; perhaps it is time to start exploring this
assumption.  Digital postage solves the problem that it becomes
expensive for someone to flood a mailing list or a newsgroup with 10,000
annoying messages.  But all it does is disenfranchise the poor; the rich
would still be able to make themselves a nuisance.  How do you defend
against someone like Detweiler if he has the resources of a Donald
Trump, or a Bill Gates?

Also, how much do you charge?  For example, Detweiler's Blacknet posting
only went to some 20-odd newsgroups, and yet it was able to do a lot of
damage.  If you charge $1 a message, then for a mere $20, he was able to
cause a lot of damage and consternation on the net.  If you start
charging $10 a message or more, legitimate users will be hurt, since
they will now have to pay this large amount of money.  And in the long
run, it still doesn't work, since Detweiler wasn't even being very
efficient.  For example, he could have sent a GIF image containing kiddy
porn or bondage pictures to soc.women; then the sh*t would have really
hit the fan.  A single message can do quite a lot of damage.

Digital postage alone does not solve the accountability problem.

						- Ted





From tcmay at netcom.com  Tue Feb 15 13:19:46 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 15 Feb 94 13:19:46 PST
Subject: Simplified Digital Postage--Proposal
Message-ID: <199402152058.MAA24313@mail.netcom.com>


In the aftermath of the "Valentine's Day Massacre," the need for some
form of digital postage is more apparent than ever. In this note, I
propose an extremely simple system, based on the selling of numbers as
"coupons," redeemable for "passage" through a remailer. A more
sophisticated system based on true digital cash, perhaps based on
Magic Money," is more desirable, but almost anything is better that
the current system. (Well, not _anything_.)

Seeing the huge list of newsgroups that Detweiler attempted to post
to, I conclude that some form of "rate-limiting" function is needed.
In general, not just for Detweiler in particular.

Not posting quotas, not even source-level blocking (though in Det's
case, this is justified as a stop-gap measure), and not even "outgoing
moderation" (in which someone like Hal would scan the plaintext of
outgoing messages, briefly, to see if the text was malicious,
dangerous, etc.--not a great idea, for many reasons).

I propose remailers immediately adopt some form of digital
money/postage, even if current instantiations are not fully debugged
or optimized. "Magic Money" may be ready for such a trial use.

Advantages:

- causes those who wish to "flood" (cf. Hal's huge list) to at least
pay for the flooding

- is an immmediate use for a crude form of digtial money, a test bed
for ideas and a stimulus for new features, improvements

- is "voluntary": those remailers who don't wish to bother with this
digital postage can then get the heavy volume of flooders!

- subtle flaws in digital money protocols (and I doubt "Magic Money"
is completely free of subtle or not-so-subtle flaws...everything needs
debugging and evolutionary learning) will not be so serious when only
"postage" is involved. As opposed to "real money" situations, where
finding a way to break or spoof the protocol could result in large
amounts of money being lost. At least with digital postage, about the
worst that could happen is someone gets free remailing--the current situation.

- the experimental use would take place with "remailer-savvy" users,
which is better than trying to educate the outside world at this time

- and of course, a charge of, say, $2.00 in real money (send in $20,
get bact 10 remailer "stamps" of some form, suitably anonymized
through a blinding procedure a la Chaum) would mean that posting to 20
newsgroups would be a nontrivial expense for a would-be flooder.

(Actual rates would vary, as determined by the market and by the
willingness of a remailer operator to put up with the kinds of hassles
Hal is now seeing. I won't presume to speculate on the likely price of
a stamp. It would depend on the destination. I know, for example, that
I'd be willing--if I ran a remailer--to remail small items to single
destinations for a lower fee, perhaps for free, than I would to mail
large items to mail-to-Usenet gateways!)

How ready is Magic Money for a test-bed use like this?

How willing are remailers to try this? Both Hal Finney and Karl Barrus
have code for remailers (Karl's is more recent, Hal's is in wide use).
Could their code be modified easily to accomodate a primitive form of
stamps?

Could such stamps be sold in a reasonable way? 

Simple-minded approach to digital postage stamps: In my simplistic
view, which I proposed a while back, stamps are merely 20- or 30-digit
numbers. Imagine someone going to a Cypherpunks meeting with a box of
these numbers, printed on slips of paper. For $10, say, one can reach
in to this box and take out, say, 20 stamps.  The seller doesn't know
who got what stamps, so long as enough are sold, and he "honors" a
stamp when the appropriate number is included in a message. For
example:

::Stamp 29038571037489236478380016283
::Request-Remailing-To: foo.bar
etc.

The stamp selling process could be computerized, but more
sophisticated means of ensuring tracking is not done would have to be
use (e.g., blinding, or multiple resellers).

Can random guesses be made? Not feasible, with 20- or 30-digit
numbers.

Can the stamp seller repudiate or not honor a number so as to cheat
the purchaser? Sure, but that's not a viable long term business. And
word would get out. Some folks might report regularly on "remailer
reliability," a la the "ping" reports several folks have issued.
Reputations matter.

Can the same number be used twice? Not if the remailer removes the
number from his list of "sold" numbers. (This assumes each number or
stamp is specific to some remailer, the easiest case to handle. Having
"global" stamps complicates things greatly and introduces the expected
issues of database synchronization, clearinghouses, fraud, etc. This
is why "coupons" are easier to make than "currency."

What do you folks think? Seems to me we could deploy a fairly simple
digital postage system quickly. This could begin to immediately cut
down on flooding attacks on the remailers.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From tcmay at netcom.com  Tue Feb 15 13:31:42 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 15 Feb 94 13:31:42 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <9402152054.AA07071@tsx-11.MIT.EDU>
Message-ID: <199402152125.NAA28696@mail.netcom.com>


Ted Ts'o writes:

> I've heard this assertion made a large number of times --- that if the
> poster had to pay for the cost of a posting, that all of our problems
> would go away (or at least a lot of them would).

Some problems will be lessened, some will remain. Nothing is perfect,
but digital postage is certainly a step in the right direction....it
at least makes the process of posting and mailing less "free" than it
currently is. (As to why remailing should _not_ be free, I'll not get
into this political issue here. Suffice it to say that nothing is
completely free--someone pays. Right now, the remailer operators are
eating the costs.)

> I'm not convinced they would; perhaps it is time to start exploring this
> assumption.  Digital postage solves the problem that it becomes
> expensive for someone to flood a mailing list or a newsgroup with 10,000
> annoying messages.  But all it does is disenfranchise the poor; the rich
> would still be able to make themselves a nuisance.  How do you defend
> against someone like Detweiler if he has the resources of a Donald
> Trump, or a Bill Gates?

A "problem" we can't solve. Placing a ad in a newspaper costs 10 bucks
or so, for example. Does this "disenfranchise" the poor? Does the fact
that Bill Gates could probably buy the nation's five largest papers
mean that ads should be free? Paid for by whom? I can't pursue this
topic any further here--it's too political for the list to have to bear.

> Also, how much do you charge?  For example, Detweiler's Blacknet posting
> only went to some 20-odd newsgroups, and yet it was able to do a lot of
> damage.  If you charge $1 a message, then for a mere $20, he was able to
> cause a lot of damage and consternation on the net.  If you start
> charging $10 a message or more, legitimate users will be hurt, since
> they will now have to pay this large amount of money.  And in the long
> run, it still doesn't work, since Detweiler wasn't even being very
> efficient.  For example, he could have sent a GIF image containing kiddy
> porn or bondage pictures to soc.women; then the sh*t would have really
> hit the fan.  A single message can do quite a lot of damage.

Agreed, it doesn't solve all problems. 

And part of the problem lies in Usenet itself, as we have been
discussing. The "broadcast" model, without any form of postage along
the way, means that any message can in principle be sent to thousands
of sites (though dial-in users are of couse not obligated to read
these posts, and hence don't have to incur expenses). 

I fully agree that no single price for a "stamp" could wipe out the
problem. Even setting the price at $100 would be insufficient for a
determined disruptor to find the juiciest exmaple of child porn and
then pay the $100 to have it remailed to a site or newsgroup which
would almost certainly guarantee massive repercussions. This could be
child porn, pet torture (recall the "Kitty in a Blender" posts on
rec.pets a year or so back), detailed military secrets, personal
dossiers on a leading government official, whatever.


> Digital postage alone does not solve the accountability problem.

No one has claimed this. All that has been claimed is that it raises
the costs of flooding a bit. A step in the right direction.

Long range, Usenet will likely be restructured in some way so that
users choose what they wish to receive.

Actually, I think the "volume" arguements--that Detweiler consumed too
much volume--are wrong-headed. His posts added infinitesimally to the
hundreds of megabytes a day flowing throught the system. I looked at
the newsgroups Hal mentioned that the BlackNet piece went out to, and
the posts were lost in the noise. Granted, they were "off subject,"
but so are a lot of posts.

I'm not minimizing the downsides, just pointing out that the angry
reactions were more likely related to the subject material itself and
the total irrelevance to the "diabetes" and "frg" groups than to the
slight increase in volume the posts caused.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From tytso at ATHENA.MIT.EDU  Tue Feb 15 13:51:43 1994
From: tytso at ATHENA.MIT.EDU (Theodore Ts'o)
Date: Tue, 15 Feb 94 13:51:43 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <199402152125.NAA28696@mail.netcom.com>
Message-ID: <9402152147.AA07718@tsx-11.MIT.EDU>


   From: tcmay at netcom.com (Timothy C. May)
   Date: Tue, 15 Feb 1994 13:25:11 -0800 (PST)

   And part of the problem lies in Usenet itself, as we have been
   discussing. The "broadcast" model, without any form of postage along
   the way, means that any message can in principle be sent to thousands
   of sites (though dial-in users are of couse not obligated to read
   these posts, and hence don't have to incur expenses). 

   Long range, Usenet will likely be restructured in some way so that
   users choose what they wish to receive.

OK, well, at least I understand how digital postage would work,
technically.  But it sounds like we all agree that it's not enough.

If we assume that Usenet is "broken", how do we fix it?  Considering how
many users there are (which must be at least one or two orders of
magnitude more than there are of the thousands of news sites), how do
you efficiently get articles only to the users who want them, and no
others.  And heck, how do you even have the users *describe* which
postings they want?  In some ways, rec.pets.birds is a rough description
of what they want, by common consensus.  The problem is that there's no
enforcement on it, so anyone can become Detweilered.

And if you do have to send your filter out across the network, there are
obvious privacy implications as well --- it's one of the reasons why
Usenet's flooding algorithm is somewhat useful.  Users at MIT can read
alt.sex.bondage without needing to send their identity out on the global
network (and we *DON'T* keep logs on our news server!).

For this reason, ``your long range solution'' has a lot of very tough
technical challenges hiding behind it!!!

Instead of just hearing people say that "Usenet is broken", I'd love to
hear about some suggestions about how to re-architect it, at a real
technical level.  "Cypherpunks write code" --- well, it sounds like
there's a really big and interesting problem here.

						- Ted





From qwerty at netcom.com  Tue Feb 15 13:55:39 1994
From: qwerty at netcom.com (Xenon)
Date: Tue, 15 Feb 94 13:55:39 PST
Subject: Detweiler remailer abuse
Message-ID: <199402152145.NAA06598@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

To lefty,

(Skip to end for remailer discussion).

 -----BEGIN POINTLESS FLAME BLOCK-----

When a control freak has zero to actually say, yet has been infuriated, he
turns to personal attack. If I am infuriating the control freaks, then I am
doing my job admirably.

>I suggest a short chat with Mr. Dictionary to determine the actual
>definition of the word "censorship".  In the immortal words of Inigo
>Montoya, "You keep saying that, but I don't think it means what you seem
>to believe it does."

Which dictionary do you own? I personally own THREE 4 inch thick
dictionaries, all modern. They cost me hundreds. I have a wooden stand to
hold them up. As I am at lab, I do not have them available however and will
have to go to the library....

I'm back.

Censor: A supervisor or inspector especially of morals and conduct. An
official empowered to examine written or printed matter (as manuscripts of
books or plays) in order to forbid publication, circulation, or
representation if it contains anything objectionable. An officer or
official charged with scrutinizing communications to intercept, suppress,
or delete material harmful to his country's or organization's interests.
One who lacking official sanction but acting in society's interests
scrutinizes communications, compositions, and entertainments to discover
anything immoral, profane, seditious, heretical or otherwise offensive.
Examine, cut out, parts of (a book, etc.); act as a censor.

>>And after all, he wasn't the one who wrote that "Blacknet" blurb.

>Was there a point to this statement?

Yes.

>Do you believe that drunk drivers should not be held responsible for their
actions because they don't build their own cars?

No.

>Please feel entirely free to avoid using the old one while you wait
>patiently for the new and perfect one to show up.  I suggest you avoid
>posting any further until you have _real_ _encryption_ running in your
>laptop and _optical_ _fiber_ connecting you to all the places with which
>you might consider communicating.

This is good advice to anyone interested in maintaining privacy in a public
forum.

>>I can't take the IDEAL of the First Amendment lightly
>>enough to do so either.

>OK, I see we can add the First Amendment to the list of subjects on which
>you are essentially totally ignorant.  When you finish with Mr.
>Dictionary, you might try puzzling out Mr. Bill of Rights.  _It_ doesn't say
>what you apparently think it does, either.

Ideal: A conception of something in it's absolute perfection. An honorable
or worthy principle or aim.

First Amendment: Congress shall make no law respecting an establishment of
religion, or prohibiting the free exercise thereof; or abridging the
freedom of speech, or of the press; or the right of the people peaceably to
assemble, and to petition the government for a redress of grievances.

I find it unfortunate that those who wrote the Bill of Rights limited its
scope, to not apply also to industry and other organizations. And it is
people who nit-pick the wording of the Constitution and its amendments who
are turning the USA into a repressive state. Burn baby, burn.

>Not nearly as amusing as _I_ find it to see know-nothing children
>attempting to impress the big kids with their general level of
>uninformedness.

Part of the problem with this command-line interface we are using is that
you can't see me, and thus you can't know me, for who I am as a person.
Flaming one another isn't what we need. If you feel someone misunderstands
something that you understand better, educate them. But realize that most
cases of one person becoming infuriated at another stem from
misunderstanding, a failure to communicate. So tell my why I should censor
Larry 'cause I don't see why I should. It's a lost cause. He will simply
aquire other accounts, or telnet to port 25 of a remailer and fake his
address, but this time with greater ambition to do damage.

The "know-nothing children attempting to impress the big kids with their
general level of (sic) uninformedness" who wrote that Blacknet thing should
think again about getting their thrills out of illegal activity, real or
imagined. You wouldn't have this Detweiler problem if you called yourself
"libertarians" instead of "Cypherpunks". You would increase you level of
support by orders of magnitude as well.

 -----END POINTLESS FLAME BLOCK-----

This following was my response to a discussion in e-mail. I expressed that
I think the MEANS suggested to me to censor Detweiler would so more
harm than good. It was pointed out to me that at least it would make it
less convenient for him to abuse the remailers....

>And that extra work will anger him and fill him with the unfortunate
>drive to do more damage, since in his mind our trying to fight him
>means he has to try so much harder to point out to us whatever the hell
>he is trying to point out.
 
>Julf cutting off someone's account isn't effective either for someone
>like Detweiler. I myself found out that I could telnet to anon.penet.fi
>port 25 and simply fake my incoming address, and thus gain access to as
>many new anon.penet.fi addresses as I wanted.
 
>Again, I wish we could get a net modeled on the postal service, in
>which there WAS NO "From: qwerty-remailer at netcom.com" in the headers.
 
>The day someone posts kiddie porn via qwerty is the day I tell Netcom and
>the police that I am running  remailer, and that I will shut it down to
>avoid this again, but that if they want to know who posted it they need
>to look at Netcom's sendmail logs, and follow them to the next remailer.
>And to avoid Detweiler becoming angry enough to post kiddie porn via
>qwerty, I wish not to try to block him in ineffective ways.
 
>What we need is an abuse filter, not a Detweiler filter, because he
>can always post kiddie porn under another name. And honestly, I dont'
>think he would ever post kiddie porn, or carry out any serious illegal
>abuses. He could however make his point a lot clearer were he to
>state it up front. His pranks do serve to warn us about possible
>REAL abuses.

And I wrote this, when told that Larry wasn't a responsible
net.citizen, doesn't deserve to be treated as such:

>I agree, but I'm not sure if the means suggested to me are going to
>be effective. He will just aquire other accounts, or telnet to post
>25 of a remailer, to get through, and this time with more passion
>about doing real harm. Fight him and he'll fight back, with greater
>ambition. I don't know the real answer. And are those who wrote that
>Blacknet thing "responsible net.citizens"? If anyone should have been
>censored, it was he who starting sending those things out in the first
>place.
 
>And I spoke of the "IDEAL" of the first amendment, which to me means
>stopping someone from using a PUBLIC forum, normally available to all,
>from expressing his views. If his Blacknet posts via Hal's remailer
>be called performance art, and in a way they CAN, then I cannot YET
>bring myself to censor them. And indeed part of the problem is that I
>do NOT yet understand well enough about the internet, Blacknet,
>Cypherpunks, and Detweiler to be confident that I'd be doing the right
>thing.

 -=Xenon=-

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWD6lQSzG6zrQn1RAQFzUwP/cDRVTBeW/76wywDYKyzShbiNq5DQsAFG
I72DHYailmY63mwAaMYmXeDnN21bJaUUkWd+JaWt0EzEPo6ruPVA44OphWsxoZy3
9BRr7ZWijIs4BlHMMtaObuRooM7MeCzfSjpU1C2ahB89+E8byWPpFyVzlIUiYuht
5CaHwkkeUzc=
=el7y
-----END PGP SIGNATURE-----





From wak at next11.math.pitt.edu  Tue Feb 15 14:01:43 1994
From: wak at next11.math.pitt.edu (walter kehowski)
Date: Tue, 15 Feb 94 14:01:43 PST
Subject: ?
Message-ID: <9402152151.AA00713@next11.math.pitt.edu>


yahoo seriuos!





From Patrick_May at dtv.sel.sony.com  Tue Feb 15 14:11:42 1994
From: Patrick_May at dtv.sel.sony.com (Patrick May)
Date: Tue, 15 Feb 94 14:11:42 PST
Subject: Detweiler abuse again
Message-ID: <9402152202.AA24363@hugehub>


Eric Hughes writes:
 > >> But an community of isolated remailers could get larger than the
 > >> cooperating set.
 > 
 > >No problem -- just add them to the killfile.  
 > 
 > A set of remailers isolated from a restriction cooperative is a fully
 > operative set of remailers.  Adding them to the killfile doesn't
 > prevent these remailers from directly posting and directly mailing.

     It would, however, prevent the cooperating remailers from being
shut down due to abusers.  Isn't that one objective?

Patrick May





From greg at ideath.goldenbear.com  Tue Feb 15 14:16:34 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Tue, 15 Feb 94 14:16:34 PST
Subject: The Difficulty of Source Level Blocking
Message-ID: <V25sHc1w165w@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

uunet!netcom.com!tcmay (Timothy C. May) writes:

> Thus, so long as at least *one* remailer is not doing source
> screening, and that at least some encryption is used (not all nodes
> have to do it, obviously), then source-level screening will not work.

It'd also be possible for two parties to collude; Alice agrees to pass
Mallet's traffic, but tells the other remailers in the co-op that she'll
filter Mallet's traffic. Digital signatures will allow her to pass only
approved unapproved traffic (e.g., forged test-posts from Mallet won't
be remailed by Alice). Where message tracing isn't possible, remailer
operators will need to know and trust one another.

> Very long term, when message costs are borne by the sender, this
> problem goes away. (Others remain, such as death threats, extortion,
> markets for murder, etc., but they're in a different category.)

If you mean digital postage when you say "message costs", I don't see
how charging Detweiler $.25 or so to send his messages is going to stop
him; it might put a dent in the sheer volume, but probably not in the
variety of inappropriate groups he chooses to annoy. If message costs
are high enough to deter Detweiler, they're going to be high enough to
deter legitimate and useful posts, too.

The sender-of-record of inappropriate posts is still going to get heat
from the net, whether or not they collected their digital postage.

The best deal I've found so far for (bulk) mail delivery is UUPSI's
$50/month flat-rate UUCP (local dialups many places) - is anyone aware
of a cheaper alternative? Perhaps it's time to test the net's response
to a remailer site whose response to complaints is "Sorry. People are
rude. Nothing to be done about it."

Have the owners of private remailers (rebma.mn.org, utter.dis.org,
extropia.wimsey.com, according to Karl's list) taken flak from their
service providers for remailing?


-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLWFFlH3YhjZY3fMNAQH4WgP9FkWg2b0UXXLTiAYTJKVgCkOyOAaBc4Le
b/JZ2DlFPTQQrKRQm4wYVxjZiOlnrVPlBu+uHYAIeAl5nKiNQBd82b/frYyFxHpt
WD3zIlBLtfjdW8eOK+DZCswKPnpGPn5/i3EsxRzKYwKTTCPQwxL5ZwELBvFde+ER
cebT75h4sgc=
=Awkb
-----END PGP SIGNATURE-----

--
Greg Broiles               ".. has bizarre Cyberanarchist theories relating
greg at goldenbear.com         to human punishment." -- L. Detweiler






From tytso at ATHENA.MIT.EDU  Tue Feb 15 14:21:44 1994
From: tytso at ATHENA.MIT.EDU (Theodore Ts'o)
Date: Tue, 15 Feb 94 14:21:44 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <9402152059.AA23156@ah.com>
Message-ID: <9402152211.AA08059@tsx-11.MIT.EDU>


   Date: Tue, 15 Feb 94 12:59:55 -0800
   From: hughes at ah.com (Eric Hughes)

   As I recently argued, the problem is not individual disrupters but
   salience in general.

I agree; this is indeed the problem.  And when we try to sell the
moderation software to individual groups, it should be sold as solving
the salience problem --- and that it solves the individual anonymous
disrupter as only side effect.

The way I'd design this service is that the newsgroup would be
moderated, and so postings would be mailed to a central site.  The
moderation group would have to have internet access, and would connect
to the central site using a client program.  The client program would
display the message to the moderator, and then the moderator would have
a chance to give a "thumbs up", "thumbs down", "abstain", or "decide
later" vote.  The software on the central site would send out the
message after the threshold number of moderators had approved the
message, or would kill it after the threshold number of moderators had
given it the thumbs down.  Of course, with something like this you'd
want to make sure authentication was done right --- which in this case,
probably means using a password-based challenge-response authentication
system.

Note that this proposed solution does not solve a lot of problems.  It
does not solve the moderation selection problem.  (The moderation group
can not be left wide open; otherwise a Detweiler could approve his own
postings.)  It does not solve the "forge a faked approved: header"
attack.  Yet for the problems it does solve, it would probably be a good
thing.

						- Ted

P.S.  Wow, a productive, constructive, relatively flame-free discussion
on cypherpunks!  I was beginning to think it wasn't really possible.  :-)







From eb at srlr14.sr.hp.com  Tue Feb 15 14:51:43 1994
From: eb at srlr14.sr.hp.com (Eric Blossom)
Date: Tue, 15 Feb 94 14:51:43 PST
Subject: Clipper and Traffic Analysis
In-Reply-To: <9402151609.AA13123@toad.com>
Message-ID: <9402152248.AA15677@srlr14.sr.hp.com>



> Also, it probably goes via a different physical path.  And at least some
> SS7 trunks are encrypted with DES.

Care to say anything about which ones are encrypted and why? 
Or to ask it another way, who decides?

Eric Blossom





From matthew at gandalf.rutgers.edu  Tue Feb 15 14:54:28 1994
From: matthew at gandalf.rutgers.edu (Matthew Bernardini)
Date: Tue, 15 Feb 94 14:54:28 PST
Subject: Wide Spread use of PGP
Message-ID: <CMM-RU.1.3.761352619.matthew@gandalf.rutgers.edu>



I find Bob Cain's comments that PGP should not be used on a netcom account
disturbing.  I think the priority that should be set is to get people using
PGP, "in the habit" and then make sure they are using it on a local PC or
Mac.

Some people, believe it or not, might only have acess to a multi-user
systems.  These people should not be denied acess to PGP.


On a side note, to those the are interested, Rutgers just added PGP to its
track library.  Any machine running 4.x or Solaris now has access to track
the binaries for PGP.  I plan to install this on my Sparc, and I think quite
a few other people will as well.

Encryption must be marketed like a product.  Thatis, the concept as a whole,
not just specific programs.  If anyone has any ideas, I'd personally like to
hear them.

Matthew Bernardini





From anonymous at extropia.wimsey.com  Tue Feb 15 14:56:35 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Tue, 15 Feb 94 14:56:35 PST
Subject: Illegal Gun Texts
Message-ID: <199402151335.AA29861@xtropia>


 * Reply to msg originally in CYPHERPUNKS

 Uu> From: hayden at krypton.mankato.msus.edu ("Robert A. Hayden")

 Uu> Actually, with the gun paranoia in the US today, this law could very
 Uu> well  be upheld, dispite 1st amendments ramifications.

I think that when one observes the blatantly unconstitutional USSC
decisions regarding Amendments Two, Four, Five and Ten, there's no
reason to believe that they will respect the First, either.

As Snyder pointed out in his "A Nation of Cowards" article, we are a
society ruled, and a culture led, by persons who overestimate the power
of the word.  Everything else that would enhance physical empowerment
of the individual is suspect.

The collision is when the "word" is about physical empowerment.
Michigan (like socialist Canada) has outlawed these texts.  The BATF is
straining to stretch "aiding and abetting" to cover sales of printed
information.

I have no doubt the USSC would uphold bans on "dangerous, terrorist"
texts.  I know that the Second Amendment advocates who take the
constitutional concept of the General Militia very seriously are heavily
investigating encryption and electronic security.

["One armed man controls one hundred unarmed men." - V.I. Lenin]






From tcmay at netcom.com  Tue Feb 15 15:11:44 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 15 Feb 94 15:11:44 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <V25sHc1w165w@ideath.goldenbear.com>
Message-ID: <199402152304.PAA15267@mail.netcom.com>


Greg Broiles wrote:

> > Very long term, when message costs are borne by the sender, this
> > problem goes away. (Others remain, such as death threats, extortion,
> > markets for murder, etc., but they're in a different category.)
> 
> If you mean digital postage when you say "message costs", I don't see
> how charging Detweiler $.25 or so to send his messages is going to stop
> him; it might put a dent in the sheer volume, but probably not in the
> variety of inappropriate groups he chooses to annoy. If message costs
> are high enough to deter Detweiler, they're going to be high enough to
> deter legitimate and useful posts, too.

OK, this issue just keeps coming up again and again! I fully concede,
and have never maintained otherwise, that charging 25 cents or a
dollar or whatever for digital postage will stop Detweiler or anyone
else for posting an "inappropriate" message to an individual, a list,
a newsgroup, or even many newsgroups. What I maintain is that, absent
such digital postage, flooding of many newsgroups is just too damned
cheap. Remailers are even't needed, as the "Jesus is Coming" posts so
clearly show. This is the "Usenet in its current form is broken"
point.

But we can't change the whole world overnight. What we _can_ do is
experiment with things like digital postage. I maintain that this is a
useful step, not a total solution.

And keep in mind that the issue of us not liking what Detweiler has to
say, or the readers of sci.health.diabetes not liking a "Welcome to
BlackNet" posting in their newsgroup is NOT SOLVABLE by us. Pleenty of
posts I don't like, and plenty of posts of mine are doubtless disliked
by others. What's an "annoying" post and what's a "legitimate and
useful" post is in the eye of the beholder.

What Detweiler writes is up to him and to the newsgroups that choose
to accept what he writes (no moderation) and to the pricing structure
that results in the subsidization of these postings. Where *we* get
involved is in the practical issue of minimizing short term damage to
our remailers (to the owners, too).

I hope I'm making myself clear:

- we can't hope to filter annoying posts from legitimate and useful
posts

- there is probably no conceivable standard for this

- government censorship is not a solution Cypherpunks will support

- ideally, recipients will decide what they wish to receive, or at
least will not have to pay for mail they don't want.

(This is the situation with the Post Office today---imagine if you had
to pay the Federal Express charges on packages sent to you
unsolicited, and the sender had to pay nothing at all to send
them....that's roughly the system we have today with Usenet. It mostly
works because others (universities, corporations, grants,
cross-subsidies) are footing the bill. But ask anyone who has to pay
25 cents per mail message what he thinks of getting mailbombed.)

- digital postage will *not* fix the problems of abusive and
inappropriate message (see points above)--nothing will, save for
censorship or screening at some point

- but digital postage may reduce some types of flooding

- and it gets us started in a real and easy-to-understand application
of untraceable digital cash

I call these some good reasons to explore this further. And such a
system is likelier to be the basis for a "next generation Usenet" than
idle speculations about new features.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From sandfort at crl.com  Tue Feb 15 15:21:44 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 15 Feb 94 15:21:44 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <9402152054.AA07071@tsx-11.MIT.EDU>
Message-ID: <Pine.3.87.9402151502.A29837-0100000@crl2.crl.com>


C'punks,

On Tue, 15 Feb 1994, Theodore Ts'o wrote:

> I'm not convinced they would; perhaps it is time to start exploring this
> assumption.  Digital postage solves the problem that it becomes
> expensive for someone to flood a mailing list or a newsgroup with 10,000
> annoying messages.  But all it does is disenfranchise the poor; the rich
> would still be able to make themselves a nuisance.  How do you defend
> against someone like Detweiler if he has the resources of a Donald
> Trump, or a Bill Gates?
> 
Ever notice how few mail bombs we get from Trump or Gates?  Maybe the 
rich are rich because they've learned self-restraint.  Bet you dollars to 
donuts that LD doesn't have a pot to pee in or a window to throw it out.


 S a n d y

P.S.  Oops!  Broke my own pledge, sort of.  Okay, I'll climb back on the 
wagon.








From cknight at crl.com  Tue Feb 15 15:31:45 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 15 Feb 94 15:31:45 PST
Subject: A questions of records...
In-Reply-To: <9402151503.AA32096@Hacker2.cpsr.digex.net>
Message-ID: <Pine.3.87.9402151505.A20750-0100000@crl.crl.com>


  Perhaps I haven't been paying attention, and perhaps this question has 
been posed, or answered...  Still this thought comes to mind.

  Assuming that the FBI, SS, NSA, BATF, cops in general & Current Events 
all play by the "rules" for obtaining the escrow key in the first place, 
what guarantees that they "destroy" their copy at the end of an 
investigation?

  Suppose John Smith Late Nite BBS is suspected of aiding in the 
transmission of copyrighted software.  The proper warrants are obtained, 
the keys are released, and his BBS is monitored for a set amount of 
time.  No evidence is found, so the official investigation ends.  But 
Agent Joe Smarty always gets his board, so he keeps the "keys" to 
periodically check the BBS...  

  Perhaps we need to make known that the Key Escrow proceedure, even at 
it's best, only "protects" the privacy of the citizen the first time.


-ck






From nowhere at chaos.bsu.edu  Tue Feb 15 15:34:28 1994
From: nowhere at chaos.bsu.edu (Chael Hall)
Date: Tue, 15 Feb 94 15:34:28 PST
Subject: REMAIL: Changes to chaos and bsu-cs remailers
Message-ID: <199402160028.SAA11320@chaos.bsu.edu>


     Today I installed an updated version of the anonymous remailer on 
the following remailers:

	nowhere at bsu-cs.bsu.edu
	remailer at chaos.bsu.edu

     Recent changes:

	"Refuse" addresses now apply to From: lines as well as To: lines
	When sending from an address that is refused, you will receive a
		bounce message (only from chaos remailer) stating that
		remailer access is denied.
	When sending to an address that is refused, you will receive a
		bounce message (only from chaos remailer) stating that
		remailer recipient is illegal.
	When you forget the recipient address, you will receive a bounce
		message (only from chaos remailer) stating that a
		recipient is required.

	Please note that all bounces will only occur when using the chaos
remailer.

-- 
Chael Hall, nowhere at chaos.bsu.edu




From wcs at anchor.ho.att.com  Tue Feb 15 16:01:44 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 16:01:44 PST
Subject: cypherpunks meeting in Mt. View last weekend.
Message-ID: <9402152352.AA07218@anchor.ho.att.com>


Hi, Strick,
It was a pretty good meeting; large crowd.  If you don't mind, I'll
turn this into an informal meeting report for the list.
I missed the first hour or so.

Someone said Phil Zimmerman is working on Voice communication systems
and wants volunteers.  He's trying to do a portable,
no-special-sound-cards, widely deployable system, presumably either 
trading sound quality for flexibility or depending on Internet or V.FAST?

Pavel Curtis talked about LambdaMOO and the emerging democracy there -
lots of the users are young, and about half are statists and half are
Libs or Anarchists of various sorts.  About 5000 people have accounts,
it runs on a 256-meg Sun Scorpion and really needs even more horsepower.
Interesting stuff on the social evolution there, and the lessons
the Wizards learned about letting things develop on their own
and staying out of the way while the players create stuff.
It's largely a discussion world, I gather.  About 2/3 of the participants
just use telnet (lambda.parc.xerox.com 8888) instead of clients,
which limits the ability of people to do fancy stuff with
PGP or machine-assisted characters.  Most are young (mean age <24,
mode 19, mostly .edu, about 25% female.)   parcftp.xerox.com for software.

Chip Rosenthal talked about
Habitat, an early Commodore-64-client+central-world-server system
that he helped put out with QLink, which later became America OnLine.
In Habitat, you have a graphical user interface, avatars who start out 
normal-looking but you can customize appearances (e.g. there's a Head Shop.)
To fit in a C64/300baud world, they had to think a lot about what objects
they needed and what kind of communication really needed to happen;
they also found that when you get LOTS of users out there they can think
up stuff lots faster than the sysadmins can, a lesson LambdaMOO also learned.
(They spent two intensive weeks planning a quest for Something in
a Dungeon for the users; the users found it in half an hour.)
(Cooperation works *far* better than central planning!)
Since it was originally a gaming world, you could get killed or kill
other players, and much dissent and discussion about this gradually occurred.
Eventually, enough players asked the Wizards to change this that they
had a vote.  It came out 50-50, of course, so the Wizards decided you
couldn't get killed inside the town boundary but could get killed outside,
and folks voted with their feet.  The town elected a Sheriff (whose gun didn't
work in town either.)  Various discussions about how people felt
about the Wizards having to obey the rules, etc.  C64s eventually got old...
Habitat ran partly in America and partly, longer, in Japan; Fujitsu
bought out the remains and it's gradually coming back as a new
Global Cyberspace Project or something like that.  New Fujitsu
custom hardware supports the current stuff, and there's a 7-layer
protocol stack :-(, etc.

Arthur Chandler, disguised in a suit :-), talked about BayMOO,
where last week's cpunks virtual meeting was.  mud.crl.com 8888.
Arthur teaches social science of some sort at SFSU; I forget if it's
polisci or anthropology or literature, but he's studying the kinds
of social interactions that go on in MOOs.
BayMOO has a much different balance of statism that LambdaMOO;
some Lambdafolk came over to BayMOO and started talking about
how neat it was to have Government and how BayMOO should get some,
and people politely informed them they were crazy and ignored them.
(Hypnocracy was working quite well, for you old folks in the audience :-)
In BayMOO, the folks who run it are janitors, not wizards.
BayMOO is basically running on borrowed time on crl.com;
since they don't charge by the hour for connections,
they're not making any money from all the load it's placing on the Sparc2,
so it may eventually have to break up, charge money, or find a new home.
Anybody have a machine to donate?  The Little Garden may be
able to lend some bandwidth, if I'm not misremembering John's comment.

The fourth speaker was also very interesting, but memory fade
is setting in, so I can't tell you who he was or what he said :-)
but he was doing some formal modelling of some of the interactions,
and I remember it being neat stuff.  Oh, well.


Somewhere along the line there was a lot of discussion about
security, and how much of it needs to be done by the server,
who would then need to be trusted (can you *really* trust a Wizard? :-)
vs. peer-to-peer by clients.  For people who use clients for their
MUDs, it may be a lot more effective.  

Eric Hughes brought up a topic of how to name people across MUDs,
which related to this topic and to several others and led to 
Notable DIsagreements among participants.  The basic suggestion
was that people should be able to bring names from other environments,
e.g. Haakon of Lambda or Blast of BayMOO.  While the primary context
was simply MUD/MOOs, it touches on issues like global vs. local name spaces,
centralized naming authorities and is-a-person (Tim May opposes it for
this reason), server vs. client control, reputation servers,
guilt-by-association, etc.  Someone sensibly pointed out that
you could create a Lapel Pin object in a MOO which could by used
to provide any identifying information you want for people who
want to look at it, and decide whether or not to trust it
based on contents, signatures in it, etc. 
Tim's opposition is largely to the concept of central naming,
which leads to government-controlled id trees instead of web-of-trust,
and therefore lack of anonymity.  (COmments by various on
Clinton National Health ID card and Republican Not-An-Immigrant ID card.)
Someone commented that you shouldn't really have A public key,
you should have a ring of public keys for different things,
so people remember that identity is contextual rather than True Name.
Another problem is the unsettled question about how reputation
servers should work, and whether by bringing an identity from
a given group (e.g. LambdaMoo or CypherWonks) you drag along its
reputation, as opposed to providing pointers for people
to go look at your reputations in various places you hang out.

Dinner was at the sushi-on-little-boats place in Mountain View.
The group was separated due to lack of contiguous seating,
and it became obvious after a ping or two that this was a Token Ring :-)
NTP yielded about 65 seconds RTT; a packet containing
begin 644 /vmunix was dropped into the bit bucket by one of the servers...
Later icecream split into two discussions, one serious and one
centered around Don's powerbook with the Rube Goldberg object-oriented
mousetrap-making games.  Can't tell you about the serious part,
but the mousetraps were fun.

		Bill
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From katz at spectrum.cs.bucknell.edu  Tue Feb 15 16:31:43 1994
From: katz at spectrum.cs.bucknell.edu (lonne katz `94)
Date: Tue, 15 Feb 94 16:31:43 PST
Subject: unsubscribe
Message-ID: <9402160031.AA10306@spectrum.cs.bucknell.edu>



unsubscribe katz at bucknell.edu





From hughes at ah.com  Tue Feb 15 17:18:52 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 17:18:52 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <9402152211.AA08059@tsx-11.MIT.EDU>
Message-ID: <9402160111.AA23661@ah.com>


I wish to note at the outset that Ted and I seem to agree on the basic
principles:

1. Use the ability to moderate newsgroups
  a. to restrict posting
  b. to get tendered articles to the moderators
2. Use multiple moderators and some weighting algorithm

>And when we try to sell the
>moderation software to individual groups, it should be sold as solving
>the salience problem

I don't think it's necessary to sell it to existing groups.  Create an
alt group, set up the code, and see if people use it.  How about
alt.talk.crypto?  Surely any measure of moderation would be an
improvement over talk.politics.crypto.  If the alt group is
successful, the software can be moved over to talk.politics.crypto.

To summarize the specifics of Ted's proposal:
  1. mail to a central site is accessed by internet client
  2. moderators vote +/-/0/not now
  3. threshold weighting + and -
  4. selection of moderators left open
  5. security of approved header left open

I had thought of using email to distribute articles to the moderator,
but one might just as easily use NNTP.  The modified newsreader could
be pointed at the restricted-to-moderators NNTP site.  NNTP might not
even need extension, if the existing authentication procedures can be
hacked to work.  Votes/ratings can be in the form of articles posted
to a .votes or .ratings group.

The rating method and the particular algorithm for weighting will
take some experimentation.  I proposed the "one yes vote" system
because it is enormously simply to implement and because that's the
way the current system works: each person votes yes to approve their
own post.  Since not everyone will be a moderator, this method already
gets rid of most newbie questions.

If a disruptive moderator gets on board, their name would be attached
to the post.  If it gets bad enough, the bad moderator can be removed.
This removal can happen by popular demand or by the person or
organization which owns the central site for the moderator address.
Unlike usenet, which has no specific point of control, the central
site would have final say.

Later protocols could be developed to get rid of the hazards of single
central sites.  This central site is only for each newsgroup, though,
not the whole system.

I wouldn't worry about forged Approved: headers right now.  That bit
of usenet will take major public key surgery to fix.  I don't think it
will happen until the RSA patents expire.

Eric





From phantom at u.washington.edu  Tue Feb 15 17:28:53 1994
From: phantom at u.washington.edu (Matt Thomlinson)
Date: Tue, 15 Feb 94 17:28:53 PST
Subject: Big Brother Inside Stickers, V2.0
Message-ID: <Pine.3.89.9402151723.F21858-0100000@stein2.u.washington.edu>



To everyone that requested/was thinking of requesting the big brother 
inside postscript:

The version I sent out individually this morning was buggy; the 'd' in 
"inside" filled in. (Too bad corel's screen image and postscript output 
isn't the same, huh? maybe they fixed that in v4.0?)

I've re-exported it and the NEW version should be up for ftp sometime 
tonight at cpsr.org; Dave Banisar will announce its whereabouts. 


Sorry for the mixup. 


mt

Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu









From bdovala at solaria.mil.wi.us  Tue Feb 15 18:02:17 1994
From: bdovala at solaria.mil.wi.us (Bruce C. Dovala)
Date: Tue, 15 Feb 94 18:02:17 PST
Subject: DOS Stego?
Message-ID: <199402160109.TAA00976@solaria.mil.wi.us>


Does anyone know of a steganography program for DOS?

Thanks,
Bruce




From norm at netcom.com  Tue Feb 15 18:09:34 1994
From: norm at netcom.com (Norman Hardy)
Date: Tue, 15 Feb 94 18:09:34 PST
Subject: Clipper and Traffic Analysis
Message-ID: <199402160200.SAA14547@mail.netcom.com>


At 12:25 2/15/94 -0500, Peter Wayner wrote:
>I believe the LEAF field is useful, but not too useful.
>Here are my points:
>
...

>*) On the other hand, the system really isn't anywhere near as
>useful as the phone number of the person calling. There will
>be no map between LEAF id numbers and people. Such a map would
>quickly get out of date as people traded phones etc...

If Public switches are made 'tap ready' then such a map may easily be made
and kept up to date without human erffort.

...







From norm at netcom.com  Tue Feb 15 18:39:47 1994
From: norm at netcom.com (Norman Hardy)
Date: Tue, 15 Feb 94 18:39:47 PST
Subject: cypherpunks meeting in Mt. View last weekend.
Message-ID: <199402160228.SAA18045@mail.netcom.com>


At 18:52 2/15/94 -0500, wcs at anchor.ho.att.com
(bill.stewart at pleasantonca.ncr.com +1-510 wrote:
>Hi, Strick,
...
>
>Chip Rosenthal talked about
>Habitat, an early Commodore-64-client+central-world-server system
That was "Chip Morningstar", not "Chip Rosenthal".








From mdbomber at w6yx.stanford.edu  Tue Feb 15 18:42:49 1994
From: mdbomber at w6yx.stanford.edu (mdbomber at w6yx.stanford.edu)
Date: Tue, 15 Feb 94 18:42:49 PST
Subject: Wide Spread use of PGP
Message-ID: <199402160231.AA08660@nebula.acs.uci.edu>


>I find Bob Cain's comments that PGP should not be used on a netcom account
>disturbing.  I think the priority that should be set is to get people using
>PGP, "in the habit" and then make sure they are using it on a local PC or
>Mac.
>
>Some people, believe it or not, might only have acess to a multi-user
>systems.  These people should not be denied acess to PGP.

This is what I do.  I connect to the net through SLIP and then use Eudora to
retrieve my mail from a DECstation.  PGP is secure that way.  However, the
password to attach to the POP server goes out in plaintext, and was undoubtedly
compromised in the packet-sniffing incident we heard so much about.

I have been trying to look into alternatives to plaintext passords flying
around, but have only confused myself.  What is available?

Internet: mdbomber at w6yx.stanford.edu                       Matt Bartley    
                   
GPS:  33 49' xx''
     117 48' xx''    (xx due to SA :-)







From tytso at ATHENA.MIT.EDU  Tue Feb 15 18:59:47 1994
From: tytso at ATHENA.MIT.EDU (Theodore Ts'o)
Date: Tue, 15 Feb 94 18:59:47 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <9402160111.AA23661@ah.com>
Message-ID: <9402160252.AA11179@tsx-11.MIT.EDU>


   Date: Tue, 15 Feb 94 17:11:34 -0800
   From: hughes at ah.com (Eric Hughes)

   To summarize the specifics of Ted's proposal:
     1. mail to a central site is accessed by internet client
     2. moderators vote +/-/0/not now
     3. threshold weighting + and -
     4. selection of moderators left open
     5. security of approved header left open

   I had thought of using email to distribute articles to the moderator,
   but one might just as easily use NNTP.  The modified newsreader could
   be pointed at the restricted-to-moderators NNTP site.  NNTP might not
   even need extension, if the existing authentication procedures can be
   hacked to work.  Votes/ratings can be in the form of articles posted
   to a .votes or .ratings group.

I wouldn't do it that way.  There's too much overhead involved in
talking to the .votes or .ratings group.  I'd instead extend the NNTP
protocol with a "XVOTE" command, which can take the arguments "yes" or
"no"; this way, the server code is much simpler.  The client code won't
be that bad --- it would be pretty easy to modify gnus to do the right
thing.  It will be important to have real authentication to that central
site, though; password stealing is all too common these days.

   Later protocols could be developed to get rid of the hazards of single
   central sites.  This central site is only for each newsgroup, though,
   not the whole system.

I wouldn't worry about the "hazards of the single central server" for
quite a while, precisely because it is only for each newsgroup.  I'd
imagine that the number of people that would be moderating a newsgroup
would be relatively small.

   I wouldn't worry about forged Approved: headers right now.  That bit
   of usenet will take major public key surgery to fix.  I don't think it
   will happen until the RSA patents expire.

Actually, it might not be that hard to fix.  Consider an additional
header line which contains the signature of selected header fields (say,
the message-id, the date, the from field, and the subject).  I doubt
that a news systems would ever verify the signature while they are
accepting mail --- that would slow down the news throughput
unacceptablely throughout the system --- but one can imagine an
"auto-cancellation" system installed on a few key sites that would send
out cancel message for any article a "new moderated group" that didn't
have a valid signature on it.  That way, you don't even need to get the
signature validation software running on all sites; indeed, most sites
wouldn't need to upgrade their software at all, which is a major point.

One problem that hasn't been addressed is the social one: how do people
choose moderators?  The only method we currently have involves
conducting a Usenet vote, which tends to be a long and cumbersome
process.  Any other one, unfortunately, tends to bring up cries of
"Usenet cabal" very quickly.  The one exception is the "anyone can be a
moderator"; but that will only stop the newbie poster --- it won't stop
a determined attacker.



						- Ted






From paul at hawksbill.sprintmrn.com  Tue Feb 15 19:09:46 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Tue, 15 Feb 94 19:09:46 PST
Subject: Need a challenge?
Message-ID: <9402160310.AA26409@hawksbill.sprintmrn.com>



I feel like a real slug posting this here, but we have several positions 
available for network engineers with heavy multiprotocol router background.

If you're thick-skinned and competent, willing to relocate and don't
mind forging ahead in a new digital forntier, let me know.

The job is in the Washington DC area, the pay is substantial.

E-mail to:

_______________________________________________________________________________
Paul Ferguson                         
US Sprint 
Enterprise Internet Engineering                    tel: 703.904.2437 
Herndon, Virginia  USA                        internet: paul at hawk.sprintmrn.com





From corbet at stout.atd.ucar.EDU  Tue Feb 15 19:13:30 1994
From: corbet at stout.atd.ucar.EDU (Jonathan Corbet)
Date: Tue, 15 Feb 94 19:13:30 PST
Subject: Another clipper editorial
Message-ID: <199402160301.UAA09646@stout.atd.ucar.EDU>


The following appeared as an unsigned editorial in the 2/14 Christian
Science Monitor.  It lacks the fire of Safire's piece, but it's nice to see
anyway.


CLIPPING PRIVACY

With the rise of electronic mail, public data networks, and cordless and
cellular phones has come a rise in devices to encode data to protect the
users' privacy.  But law enforcement officials worry that these advances
will undercut their ability to secretly gather evidence through wiretaps
and other surveillance methods.

To respond to law enforcement's need, the Clinton administration reportedly
is seeking a bill that would require phone and cable companies to use
software designed to allow law enforcement agencies to monitor phone and
data transmissions.  Earlier this month, the administration decided to push
federal agencies to include so-called Clipper Chips in computers and phones
they use.  If that extends to vendors and contractors, the chip may become
a de facto industry standard.  The chips were designed in conjunction with
the National Security Agency to permit unscrambling of coded data
transmissions.  

These moves represent potential dangers to privacy; they take on added
urgency with the imminent marriage of computers, phones, and cable services
in ways that reduce the diversity of people's means of communication even
as they use those means for more activities.  No one doubts the need for
effective law enforcement.  The government, however, should not be in the
business of asking manufacturers to build secret backdoors into their
equipment, particularly when government holds the keys.  The proposals also
raise questions as to how appealing United States technology exports will
be overseas if such backdoor access is built in.

Congress should take a hard look at any bill that tries to expand the
government's ability to peer through the electronic blinds, no matter how
well-meaning the motive.





From warlord at MIT.EDU  Tue Feb 15 19:19:47 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 15 Feb 94 19:19:47 PST
Subject: Wide Spread use of PGP
In-Reply-To: <199402160231.AA08660@nebula.acs.uci.edu>
Message-ID: <9402160310.AA07277@toxicwaste.media.mit.edu>


There is a Kerberized Popper available, which uses kerberos tickets
in lieu of passwords for POP3 mail retreival.  This is used here at
MIT, and the code is available, although I do not know where to find
it offhand.

There are many KPOP clients available.

-derek





From wcs at anchor.ho.att.com  Tue Feb 15 19:24:36 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 19:24:36 PST
Subject: LEAF, SS7
Message-ID: <9402160309.AA08927@anchor.ho.att.com>


With the mail flood here, I've seen pieces of the answer, but no summary.
While Clipper and SS7 both give the Wiretappers part of the traffic analysis,
Clipper would be much more effective (if it were widely used by Wiretappees.)
SS7 is hard to tap, unless you have the phone company's cooperation,
somewhat hard even with it, and Async Transfer Mode will be harder.
Also, SS7 can only tell you what phone line is being used; Clipper tells
you what *phone* is being used, and one of the major wiretap targets
for Clipper are cellular phones, which people normally carry around with them -
so Clipper traffic analysis can tell you *who* is talking, once a phone's
serial number has been identified, not just what pay phone the conversation
is from.

The two can be used together, if the Wiretappers are both lucky and persistent.
One presumes that if ClipperCellPhones are widely used, they'll start keeping
records of which cellphone numbers correspond to which ClipperIDs,
by wiretapping (or radiotapping) and listening for Clipper.
For instance, if they're tapping SS7, and see a phone call from a well known
activist's phone number to a recognizeable cellphone company, 
they can correlate the phone number to find the ClipperID,
which makes tapping easier and puts that cellphone on the fun-to-watch list.

		Paranoidly :-),   Bill
		





From wisej at acf4.NYU.EDU  Tue Feb 15 19:27:05 1994
From: wisej at acf4.NYU.EDU (wisej)
Date: Tue, 15 Feb 94 19:27:05 PST
Subject: Detweiler abuse again
In-Reply-To: <199402150457.UAA14579@mail.netcom.com>
Message-ID: <Pine.3.87.9402152238.A8647-0100000@acf4.NYU.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 14 Feb 1994, Timothy C. May wrote:

> Derek Atkins writes:
>
> > I disagree.  While I can honestly say that I don't like most Detweiler
> > posts, I feel that he is showing us the possibility of how remailers
> > can (and are) being abused.  I think censorship is the wrong answer.
> > I think there needs to be some accountability, even if it is anonymous
> > accountability.
>
> It's really not censorship for Hal or any other remailer operator to
> say _his_ machines, accounts, reputation, etc., will be used to mail
> death threats to whitehouse.gov, for example, or mailbombs to
> newsgroups and mailing lists.

While it is not censorship as such, it rather seems against our stated goals as 
cypherpunks to advocate such filtering...not because of what it blocks from our 
own sites, but it _does_ affect those downstream.  To give an example of why 
this is important, last July (June?) the University of Canterbury in 
Christchurch New Zealand began filtering all alt.sex.* newspostings from their 
site.  Well this in itself was perhaps harmless, the topology of NZ's corner of 
the net is such that as a result _all_ net-sites in the entire of NZ's South 
Island lost these newsgroups.  While I'm not saying that the University were 
outside of their rights, we must keep the wider issues in view at all times.

Another key point is that we not let our own personal feelings interfere with 
our political actions.  I'm sure most of us here were offended by the 
suggestions in the heat of the anonymity debate that all anonymous postings to 
newsgroups be killed...yet here are cypherpunks advocating the filtering of all 
Detweiler and Detweiler-seeming posts.  Sure, the guy's a prick, but should we 
let him turn us into fascists?

				Jim Wise
				wisej at acf4.nyu.edu
				jaw7254 at acfcluster.nyu.edu
-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWGRGTS8O1DgkhNpAQGr7AP7BLMG7DQa85fgqN2XKQalmxAZjjnsT+RT
b+i1d3C+Lr8lYu4DAidXF1aIoCdpDoyQieEioKiWFe51GLPn8CxjlREZH0v3jmWe
B6i1d0bXcvWEH/iZdo6RKW4L4FZ+ri4EsDBSHFk3Zj3IxAWmKYTGGKcqtN/mmFaJ
h9rnWul2XxU=
=47Ss
-----END PGP SIGNATURE-----







From wcs at anchor.ho.att.com  Tue Feb 15 19:29:47 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 19:29:47 PST
Subject: Wide Spread use of PGP
Message-ID: <9402160253.AA08814@anchor.ho.att.com>


I agree with those who disagree with Bob Cain about use of PGP on insecure
machines (i.e. machines you yourself don't control.)
Yes, it's less secure than using it on a machine you control yourself.
But it still gives you *some* security - for instance, if your correspondent
is in some country with limited freedom of speech, such as China or Canada,
your crossborder conversations are protected.  Sure, the NSA will tap them,
but as long as they're not tapping netcom's internal networks, and you're
dialing in rather than telnetting in from somewhere else (sending your
passphrase across the entire internet for the FBI\\\BadGuys to wiretap),
you've gained some security.  Of course you should use a personal
machine with good security on it to discuss overthrowing your current
government or trading in politically incorrect substances, like money.
But even so, it increases the use and acceptability of encryption,
and makes you more accessible for people in other not-sufficiently-free countries.

[Note - I'm just picking on netcom because they're a popular service
used by hundreds of subscribers.  I'm not aware that they're being wiretapped,
and I suspect that the legal implications of trying to do so would be
interesting.  Tapping their Internet connection would be legally easier than
tapping their phones, though.]

[Blatant Quasi-Commercial Mention:  Some 10baseT hub vendors, starting with
the AT&T SmartHub but followed by others as well, provide a no-eavesdropping
feature, which prevents packets from being sent to incorrect destinations.
Unlike bridges and routers, which limit traffic, the SmartHub replaces the
data field with 10101010...., which it can do faster and less expensively
since there isn't the complication of buffering, etc.
One use in a dialup networking environment would be to put the
herd of terminal servers and cpus on smart hubs, which limits the damage
that can be done if some user breaks a system and starts snooping the net,
since he'll only see packets for the machine he's on and not the whole 
broadcast.  Obviously, in a larger environment, routers, etherswitches, etc.
can handle more traffic, but the different technologies can be used together.]

		Bill
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From wcs at anchor.ho.att.com  Tue Feb 15 19:49:47 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 19:49:47 PST
Subject: Stealth PGP
Message-ID: <9402160345.AA09186@anchor.ho.att.com>


Several people have talked about the possibility of doing a stealth PGP
by writing a filter to strip off the headers and another one to restore them.
It's an obvious approach, but depending on how good a job you want to do,
doing this independently of PGP is non-trivial.  Several issues:
- Doing a halfway job is pretty easy, but won't fool much of anyone rich and
  serious enough to de-steg every GIF or JPEG floating across the net,
  especially in countries that most need it, where telecommunications
  is narrowly controlled and legal procedures are irrelevant.
  On the other hand, deleting the PGP-ENCRYPTED-STUFF headers is 
  enough to get you through a No-Encryption-Permitted BBS mailnet.
- Each block of stuff starts with a Crypto Block Type byte and length info.
  For some blocks, including the first one or two, you know the block type
  (at least for the interesting cases), and could force the length to
  some standard length by assuming a maximum and doing a fixed format.
  Applying this to the multiple-recipients case is harder.

- The public key block includes a 64-bit Key ID to tell PGP which key
  to use and whether to bother decrypting (if it's not for you.)
  You could omit this information, and on receipt put your own key in,
  but that does lose the ability to tell whether it's for you.
  I'd have to look at the PGP code a lot more to see if it would really mind.
  The right way to solve this problem would be to include a string
  easily recognized if you have the right public key and meaningless
  otherwise, such as a 64-bit random number repeated twice, encrypted with
  the recipient's public key, but at that point you need to involve
  the PGP code itself, since the sender needs to know the recipient's
  public key and how to encrypt with it, and the receiver needs to
  scrounge the private key out of the secret-key-ring with the passphrase.

- The other block-types have similar problems, but once you've incorporated
  the new format with PGP, you could include any needed masking info
  in the first block.  Hiding the block type and length is probably enough.

- The formats are of course all different for non-encrypted messages with
  signatures, etc., ascii-armored or not, and other problems.

- At one time somebody had said there was work going on about a new
  version of PGP somewhere outside the US patentspace, and had said
  that they were thinking about solving this problem as well as integration
  with MIME.  That make this a Somebody Else's Problem, and, uhh,
  I forget what the rest of the problem was... :-)

			Bill
			
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From hughes at ah.com  Tue Feb 15 20:19:46 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 15 Feb 94 20:19:46 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <9402160252.AA11179@tsx-11.MIT.EDU>
Message-ID: <9402160413.AA24059@ah.com>


>One problem that hasn't been addressed is the social one: how do people
>choose moderators?  

I'm not convinced this needs to be decided up front.  For the first
such group, whoever hosts the ratings site can decide who gets to
moderate.  A benign autocrat is ideal in this case.

The lessons of experience will be needed to decide how to do the
second and subsequent groups.  One of the reasons I outlined a broad
framework for distributed moderation is that we really can't tell in
advance what systems will be desirable, and whatever it is, it will
likely vary from group to group.

We will eventually need to figure out a way to have multiple groups
with the same topic but with different moderation techniques.
Fractious bickering will cause schisms, and creating namespace turf to
fight over is counterproductive when there need not be such a problem.

This is one of the reasons I suggested using a separate newsgroup for
rating/voting, to support multiple moderation groups.

On voting for a moderator:

>Any other one, unfortunately, tends to bring up cries of
>"Usenet cabal" very quickly.  

I say fine, let them cry.  It would be impolitic to take over and
monopolize a particular topic, so that if there are complaints about
the moderated group, there's always another place to go.

This is another reason to think about how to do multiple moderation,
which is to say to the whiners "put up or shut up".

Eric





From wcs at anchor.ho.att.com  Tue Feb 15 20:21:38 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 20:21:38 PST
Subject: ITAR vs. Diffie-Hellman Key Exchange?
Message-ID: <9402160417.AA09448@anchor.ho.att.com>


In the discussions about people sniffing the net and the need for encrypted
telnets, one problem that has come up is the ITAR hassles that make exporting
Kerberos politically incorrect, though John Gilmore has gotten them
to admit that the Kerberos bones is none of their businesss :-)

However, is Diffie-Hellman exportable?   After all, it's not crypto,
it's *just* key exchange, and people can plug in their own triple-DES
from the usual sources.  It looks to me like it's probably legal,
though if you were to then transmit the password by XORing with the login
key or some such probably-unsafe behaviour it might not be.

I had heard somebody say there would be an updated RSAREF version including
Diffie-Hellman key exchange, though it's not in the package I just
ftp'd from rsa.com.  Is this correct, and is there a planned release date?

		Thanks;  Bill 
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From bugs at netsys.com  Tue Feb 15 20:23:36 1994
From: bugs at netsys.com (Mark Hittinger)
Date: Tue, 15 Feb 94 20:23:36 PST
Subject: rEaL wOrLd EnCrYpTiOn
Message-ID: <199402160417.AA08752@netsys.com>




> Sandy writes:
>I would like to start a new thread.  I want to know what the
>people on this list intend to do with cryptography in the "real
>world."
>...
>My interest is more than academic.  I am one of the Cypherpunks
>involved in creating a digital bank.

Sandy -

   In the real world there are already secret banks.  There are already
forms of untraceable cash and forms of completely fungible money.  These
techniques are very ancient and time honored.  They are well understood.
Many of them have stood the test of time and have not been compromised by
various incarnations of police states.

   Given the existence of efficient, accessible, secret, and widely accepted
monetary exchange I can't really see the need for a digital bank from the
privacy side.  I can't really see anyone who uses the current techniques
being interested in a new experimental form unless they are techno-junkies.
Nevertheless, please continue.  Some of us are techno-junkies.

   It is already well known to privacy fanatics that you should not use
credit cards, debit cards, checks, atm cards, or other forms of electronic
money.  All transactions are logged and are easily analyzed.

   Astute people cash their pay check at the employer's bank and pay cash for
everything.  Admittedly, this is somewhat paranoid, but on the other hand it
is fun to defeat the monolithic database builders who want to make money off
of selling information that belongs to you.

   Cypherpunks must concentrate on solving problems that are true problems
now.  Do not spend time creating a variant of an existing/workable/fun
solution.  Email privacy was a true problem.  Clear text on your pc's hard
drive was a true problem.

   Right now there is the well known problem of ethernet sniffers and the 
trivial security breaches that can occur.  A telnet/lat traffic encrypter
is needed badly by the Sun/Dec/HP world.  Novell needs something badly as
well.

   Cellular phones desperately need something.  The masses just have NO
IDEA how badly cellular needs something!  Fax machines need a variant of
PGP.  Pagers probably need it too.

   I think the larger issue that cypherpunks need to blue sky about is wether
they will be content with a role as grey-area political criminals underneath 
the boot of an ever growing police state.  Can crypto be more than a defensive
weapon?  What would people be defending against?

   Crypto can do some things but it won't be the total solution.  In the end
we need to strengthen the rights of the little guy and devise ways to dilute
any new state powers that are created by technology.  Crypto is just one
compartment on our batman utility belt.

   People always argue that criminals would use these tools.  I'm certain
of it.  Strengthening the state's hand to fight criminals always screws the
little guy.  The criminals all go to work for the state when its powerful
enough!  We've seen this over and over.
---------
I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved
memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat
drives with compression, and a large diet coke.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq
5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv
gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR
tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg==
=VbKi
-----END PGP PUBLIC KEY BLOCK-----




From wcs at anchor.ho.att.com  Tue Feb 15 20:29:47 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 20:29:47 PST
Subject: cypherpunks meeting in Mt. View last weekend.
Message-ID: <9402160421.AA09501@anchor.ho.att.com>


> >Chip Rosenthal talked about
> >Habitat, an early Commodore-64-client+central-world-server system
> That was "Chip Morningstar", not "Chip Rosenthal".

Sigh.  I knew that, but I'd been drinking decaf all morning :-)  
	Thanks;  Bill





From Banisar at washofc.cpsr.org  Tue Feb 15 20:32:08 1994
From: Banisar at washofc.cpsr.org (Dave Banisar)
Date: Tue, 15 Feb 94 20:32:08 PST
Subject: Big Bother Inside Stickers at cpsr.org
Message-ID: <9402152326.AA46113@Hacker2.cpsr.digex.net>


The Big Brother Inside Graphic files are now available at the CPSR Internet 
Archive - ftp/gopher cpsr.org /cpsr/privacy/crypto/clipper

big_brother_inside_sticker.ps (postscript-change the size to fit your project)
big_brother_inside_logo.gif (Color GIF - good startup/background screen)
big_brother_inside_picts_info.txt (Info on the files)

Have fun.

Dave 







From wcs at anchor.ho.att.com  Tue Feb 15 20:49:47 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 20:49:47 PST
Subject: UNSUBSCRIBERS PLEASE READ
Message-ID: <9402160442.AA09694@anchor.ho.att.com>


Perry posted a note saying that "Internet mailing lists are run by 
HUMAN BEINGS, NOT MACHINES", and that you should EXPECT humanly-slow
behavior when you subscribe to a mailing list.  I disagree.

Cypherpunks is run by a human (thanks, Eric!), but many or most mailing
lists out there on the net are low-level managed by machines named
majordomo or listserv or foo-request, and a large percentage of users
expect the rapid response of servers like that, at least for getting off lists
if not for getting on.  I was briefly on the sf-raves mailing list,
which has an even higher volume than cypherpunks, and it was very nice
to be able to send mail to the majordomo server and get off it,
and one of the automagic notices mentioned sf-raves-calendar which
is a once-a-week announcement.  I understand how people getting
flooded with cpunks mail must feel, especially if they're using brain-damaged
mailers that can't defend them.

Cypherpunks makes this problem additionally difficult because of one of
Eric's self-defense mechanisms for the list, which makes messages
appear to come from their authors rather than *cypherpunks*.
This is good for bouncegrams and non-germane replies, but means that
users of vanilla Mail can't just do a 'd cypherpunks' and trash them all.

Users should NOT expect slow human-speed behavior from mailing lists,
and they don't. (This doesn't mean they should be totally surprised by it,
either, since machines can generate garbage out faster than you can
dispose of the stuff :-).  It would be nice if, at minimum, there were
several administrative addresses, including a cypherpunks-unsubscribe
and maybe a cypherpunks-request that autoreplies with an
	"Are you sure you want 50-100 exciting messages per day,
	with an occasionally slow turnaround time for unsubscribing?
	If so, reply to this message"
which goes to cypherpunks-yes-really-subscribe or some such address.
(As well as forwarding requests saying "unsubscribe" in them to 
cypherpunks-unsubscribe.)

		Bill, surrounded by depressingly stupid machines





From jpp at markv.com  Tue Feb 15 20:59:46 1994
From: jpp at markv.com (jpp at markv.com)
Date: Tue, 15 Feb 94 20:59:46 PST
Subject: RFC822 compliant, and already deployed hack for return addresses
Message-ID: <9402152047.aa11630@hermix.markv.com>


  Go ahead, hit 'r' and see what you get.  How many of you get the
whole verbose reply-to field?

j'





From wcs at anchor.ho.att.com  Tue Feb 15 21:01:59 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 21:01:59 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <9402160457.AA10034@anchor.ho.att.com>


Would I use crypto in the real world?  Sure, for some things.
I'd like to have a bank where I could do transactions by email,
and I certainly don't feel confident doing that across the Internet.
I'd like to be able to subscribe to Wired by email or buy other stuff
by emailing them my credit card number, but I sure don't want to do
that without encrypting it, especially with this sniffer-attack supposedly
going on.  I'd especially like to be able to do it with one-shot credit card
numbers, which would be tied to my real account in some accountable way
(either through crypto-signatures I generate myself or through online
transactions with the bank), so even if the person on the far end
tries to rip me off by reusing my card, they only get one shot.
Without crypto, that's not a practical system; with crypto it might be.

Would I use digicash banking to hide all my income from the IRS?
Probably not - I'm an employee, rather than a consultant,
though that's never a constant in the computer industry;
big companies tend to collect withholding and the IRS likes to squash
non-volunteers, and sometimes even fines companies for underwithholding.
Too much hassle, at least for now.  But I'd certainly like to use it.
And I'd love to be able to use digicash to pay for things like
Grateful Dead tickets, though I can't say I *know* that drug cops
follow you around for buying them :-)

Would I use cryptophones?  For doing politics or money, sure.
It doesn't keep the cops from photographing you at political meetings
or anti-war demonstrations, but it does make it harder for them too
cause trouble and track down organizations like CISPES.

		Bill





From eichin at paycheck.cygnus.com  Tue Feb 15 21:09:47 1994
From: eichin at paycheck.cygnus.com (Mark W. Eichin)
Date: Tue, 15 Feb 94 21:09:47 PST
Subject: Wide Spread use of PGP
In-Reply-To: <9402160310.AA07277@toxicwaste.media.mit.edu>
Message-ID: <9402160439.AA00835@paycheck.cygnus.com>



>> There is a Kerberized Popper available, which uses kerberos tickets

net-dist.mit.edu:pub/pop/popper-1.7k.tar.Z -- as the README-FIRST
says, this is for convenience of people picking up Techmail or
Techmail-S (kerberized pop3 mailreaders, for the mac, the -S version
is for SLIP I'm pretty sure. PC version was just released, I think...)
I've heard rumour of a kerberized Eudora, that would interoperate with
this code, but haven't seen it.

mh-6.8 (and higher) will interoperate with this if you enable KPOP
(and probably ATHENA and one or two other things.) There's also an
emacs-movemail that has KERBEROS ifdef's. 

				_Mark_ <eichin at paycheck.cygnus.com>
				... just me at home ...

ps. This is all Kerberos 4-based stuff. The popper, movemail, and
pop-from are included in the Cygnus Network Security package (along
with the rest of Kerberos 4 :-) 





From arthurc at crl.com  Tue Feb 15 21:12:56 1994
From: arthurc at crl.com (Arthur Chandler)
Date: Tue, 15 Feb 94 21:12:56 PST
Subject: cypherpunks meeting in Mt. View last weekend.
In-Reply-To: <9402152352.AA07218@anchor.ho.att.com>
Message-ID: <Pine.3.87.9402152052.A16404-0100000@crl2.crl.com>



  Greetings all! It's an unsettling feeling, seeing your own words come 
back to you in a form whose outline you recognize, but whose substance 
has so changed that you can only wonder how they came to be so transformed.
I can only infer that it must have been my suit and tie that so dazzled 
some of the audience.   :<)
  Anyway, here's what I thought I said:
  For starters, I said nothing about the demise of BayMOO or any other
place.  We run on a crl machine; but the owner has said nothing about
booting us off.  He seems to regard us as a good thing, and continues to
support our efforts. MOOs and MUDs have come and go in the past, of
course; but right now, we are in a definite growth phase.
  I'm a humanist and NOT a social scientist. I'm not "studying" social
interactions in MOOspace: I'm involved with creating the environments and
getting into both serious and lighthearted interactions with folks there. 
I think that MOOs have the capability of supporting serious discussions 
about such issues as: 
-- the conflation of word and act on the NET in general, and in MOOs in 
particular
-- anonymity versus responsibility
-- the transformation of text into something approaching the
incantations of magic (like what Vernor Vinge was driving at in "True
Names")
-- Can you love someone you've known only on the NET?
-- Can MOOs support commercial transactions, including new modes such as 
digital banking?

  In MOOs you can build fun stuff; but there can be serious issues
addressed too.  I drew on several implementations of special rooms at
BayMOO to illustrate this point. I cited the modeling of the spiritual
wold of the Ohlones (SF Bay Area Native Americans) in a series of virtual
rooms dedicated to Coyote, Eagle, Hummingbird and Gismen (the sun).
Language morphing rooms offer yet another unique way to explore the
transformations of text in virtual words. 
  We talked about the feudal and democratic aspects of MOOs -- and a 
lively proto-discussion took place (proto = to be continued) about 
whether the NET is destined to remain, or to become even more, dominated 
and driven by current social and economic forms.  I invoked *Snow Crash*, 
and got a good deal of righteous debate on whether or not the  vr world 
was headed down that path.
  Finally, I gave a couple of instances as to what I thought were the 
emerging moral customs of MOO life:
-- If need, then help.
-- There is no such thing as a dumb question.
  And finally, a maxim, of which MOOs serve as one significant illustration:
    "You can tell that a technology has truly arrived when the new 
problems it gives rise to approach in magnitude the problems it was 
designed to solve."
               ***********************************
   I enjoyed the meeting a lot, and thank all the folks here for the 
chance to follow up the virtual meeting with a RL one one related topics.
 






From nowhere at bsu-cs.bsu.edu  Tue Feb 15 21:19:47 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Tue, 15 Feb 94 21:19:47 PST
Subject: No Subject
Message-ID: <9402160515.AA05836@bsu-cs.bsu.edu>


 Hmm I am sitting here watching Tekwar and the evil protagonist is releasing an
all powerful meta virus... SHUTDOWN the Internet is the response of the Hero...


     Sheesh....
     anon





From warlord at MIT.EDU  Tue Feb 15 21:24:54 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Tue, 15 Feb 94 21:24:54 PST
Subject: ITAR vs. Diffie-Hellman Key Exchange?
In-Reply-To: <9402160417.AA09448@anchor.ho.att.com>
Message-ID: <9402160516.AA07695@toxicwaste.media.mit.edu>


Full Kerberos, with DES, *is* available outside the US.  The US allows
export of cryptographic *binaries* for authentication purposes.  For
example, it is possible to get DECathena, which contains Kerberos with
DES, which is compatible with MIT Kerberos.  It even contains
libraries, but not the functions to encrypt data for privacy, just
enough to create checksummed messages.  Its just that the SOURCE code
is not available, but it is fairly simple to generate an exportable
binary suite.

I doubt DH is exportable, since it is key exchange, which in general
is not exportable.  Jim, care to comment?

Yes, there is a version of RSAREF w/ DH included (I have a beta-test
version, although I haven't played with it a lot).  I don't know when
this will be released to the world.

-derek





From wcs at anchor.ho.att.com  Tue Feb 15 21:29:57 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 21:29:57 PST
Subject: SCHEME for FULL-SPEC RETURN PATH
Message-ID: <9402160511.AA10151@anchor.ho.att.com>


Sorry, either I mixed it up with regular cypherpunks mail or didn't 
realize you were expecting a response.  To summarize your method,
messages going from the original sender to the recipient have headers like

To: recipient
X-Anon-Sender-Path: 
X-Anon-Reply-Path:

where the X-A-*-P: headers have the form
	remaileruser+stuff at remailersite
and "stuff" is similar-sorm stuff encrypted with a remailer's public key.
When going from the sender to the recipient, remailers take their
names off the X-A-S-P line, decrypt the stuff, and encrypt themselves
onto the X-A-R-P line, which the recipient can use to reply.

My two main problems with it are
1) It leaves the recipient's address visible the whole way.
Not only is this a security risk, but the recipient may not have made
it known, since the recipient may have set up some messy remailer-chain
using different syntax to get replies.

2) The syntax may be symmetrical, but it's ugly :-)
It would be cleaner to package it into the To: field if you can, though
the user+stuff at somewhere format seems to be an Andrewism, and the
Internet standard @somewhere.com:user at domain or user%foo at bar.com
forms only carry machine names, not machine and user names.
Because you're not using the standard mailer syntax,
it means that you have to build a chain of only your flavor of remailers
to get a reply to work, though I suppose almost any method has that problem.
But you run the risk of a normal machine or smart-mailer along the way
just seeing the To: recipient at machine.com and sending it directly
instead of sending it to your remailer-user.  Better to keep roughly
your same syntax, except have the To: line be only the next hop,
and the recipient's real address be hidden inside the X-A-S-P pile.
That's also more symmetric, letting you take a reply from this sort
of system and reply back to it again.

		Bill





From klbarrus at owlnet.rice.edu  Tue Feb 15 21:49:47 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Tue, 15 Feb 94 21:49:47 PST
Subject: REMAIL: simple digital postage
Message-ID: <9402160540.AA20934@flammulated.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

>How willing are remailers to try this? Both Hal Finney and Karl
>Barrus have code for remailers (Karl's is more recent, Hal's is in
>wide use).  Could their code be modified easily to accomodate a
>primitive form of stamps?

Well, I know that integrating a quick and dirty (not particularly
cryptographically sophisticated) digital money system can be done in
Hal's code, since thats what I did at elee6ue at rosebud.ee.uh.edu for
quite a while.  (Now elee6ue at rosebud has been restored to "ordinary"
operation).

And the one I recently wrote could be modified the same way - I just
put it together to test cutmarks, automatically detecting pgp
encryption, and latency delayed remailing.

I was looking into a more efficient way to check the validity of cash,
and making things bomb-proof, but sorta got sidetracked ;)

The way I did it is to add to remail.pl, have the script search the
header for a Digicash line (you use the pasting tokens as usual to
place it in the header).  The script extracted the "cash" and searched
for it in a list maintained by the remailer.  If found, then the
remailing proceeded as usual, otherwise the message "Insufficient
funds to deliver message" was sent along instead.  The cash list is
read into memory and rewritten out, minus the value just used.

The cash strings I used were random characters, which looked like this
(all starting with the character B):

BU2j4yCJgtl8wO2KvsEIIttaSOt9zEfS7giqHwEuuh3bbuTGppoElILYeW09a
BYnIA2EQSXEJQ65U8PM2nG07ilq7zCEFqaTBXDuzeEb6YjBgVWUGNm6GPA0zS
BmgF0hscwOHICfLNcDefkPo8PSO1ou2NQ4ecMcIPiGDu5fUEz63Wjiosj0JSD

and so forth.

Now with magic money a more sophisticated system may be developed.
Perhaps I will shift elee6ue at rosebud back to a pay-for-remail system,
or do it at the mystery middle point of the remailer chain I'm
experimenting with.

Here is an extract of the additions to remail.pl I made to implement
this:

        if (/^Digicash:/) {
          chop ;
          s/^.*: // ;          # remove text before colon AND blank afterwards
          $payment = $_ ;
        }
}

# check validity of digital cash
# open cash file and read it all in
  open(CASHLIST, "./digicash.list");
  @listofcash = <CASHLIST>;
  close(CASHLIST);
  unlink "./digicash.list";

#open file, check cash for validity
#if valid, don't write it back to the file
  open(CASHLIST, "> ./digicash.list");

  $paidfor = "n";
  while (@listofcash) {
    $validcash = shift @listofcash;
    chop $validcash;
    if ($validcash eq $payment) {
      $paidfor = "y";
      next;
    }  
    print CASHLIST $validcash, "\n";
  }

  close(CASHLIST);


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWGxcoOA7OpLWtYzAQHV2AP/T7o0N9qUE8XU/urPqx8pzL+h/Rvs2zbg
6Lky3vu2GoMXEUmVbtbB8xl4c20kvSz5ysSkQ3B8NYXhTdAtcrgH0J2Zd1YHdCKb
xmh+rS4xLXuiO6T/j24XqiLOcq0YiF2F2ytzgM/mi03cxN6FMZrat+8vIqLrgjfg
ZNVvBAR46to=
=JDF6
-----END PGP SIGNATURE-----





From cknight at crl.com  Tue Feb 15 21:59:47 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 15 Feb 94 21:59:47 PST
Subject: Need a challenge?
In-Reply-To: <9402160310.AA26409@hawksbill.sprintmrn.com>
Message-ID: <Pine.3.87.9402152232.A8762-0100000@crl.crl.com>




On Tue, 15 Feb 1994, Paul Ferguson wrote:

> 
> I feel like a real slug posting this here, but we have several positions 
> available for network engineers with heavy multiprotocol router background.

Don't feel like a slug.  There's nothing like supporting your own...

Wish I wasn't on contract right now...

-ck







From CCGARY at MIZZOU1.missouri.edu  Tue Feb 15 22:02:09 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Tue, 15 Feb 94 22:02:09 PST
Subject: money maker
Message-ID: <9402160554.AA02030@toad.com>



   I have an idea of how ambitious cypherpunks could make money. They
could be communications intermediaries between financial clients in
the U.S. & financial institutions in locations such as the Bahamas
& Switzerland.

   This would require a cypherpunk in the U.S. & another cypherpunk
in the foreign country. From now on in text cypherpunk = CP.
The U.S. CP would get message from client & then use the internet
with anonymous remailers & strong encryption to send message to
CP in foreign country. CP in foreign country then decrypts message
& gives it to local financial institution. Financial institution
gives message to foreign CP who then encrypts & uses anonymous
remailers to send info. back to U.S. CP.    U.S. CP decrypts & gives
info to client.  In this way, encryption naive client could have
access to great financial privacy & CPs get money. At this point,
I think everybody gets the basic idea.

   CPs would have initial problem getting clients. To do this they would
need to hook up with a financially sophisticated partner. That shouldn't
be too hard. College friends in finance, local CPA's you've dealt with,th,
lawyers, etc..  CPs would probably be the rare & precious birds. Once
the CP has his financial contact, that financial contact can develop
the clients.

   In the foreign country, the CP shouldn't have much of a problem
getting a financial partner/advisor & could probably operate with
neon lights. In the land of the free (the U.S.), I would advise
discretion.

   This business should not take a lot of capital. CPs would bring the
rare communications technical expertise & the financial expertise
should be plentiful. There is a possibility of harassment, so the
CP's should have courage.

   By the way, there was someone on CYPERPUNKS that was offering a
percentage of the profits for great financial ideas. I would
like to volunteer this idea. It might not meet all the specifications,
but then someone might like to change specifications & accept this idea.

   This idea may be half baked. In which case, I leave it to my fellow
cypherpunk geniuses associates to fully bake it.
                             Good luck - Gary Jeffers


                             GO TEAM GO! - GO TEAM GO!
                             PUSH EM BACK! - PUSH EM BACK! WAAYY BACK!
                             BEAT STATE! - BEAT STATE!





From cknight at crl.com  Tue Feb 15 22:19:46 1994
From: cknight at crl.com (Chris Knight)
Date: Tue, 15 Feb 94 22:19:46 PST
Subject: RFC822 compliant, and already deployed hack for return addresses
In-Reply-To: <9402152047.aa11630@hermix.markv.com>
Message-ID: <Pine.3.87.9402152203.A8762-0100000@crl.crl.com>


Looks like I got the whole field...

On Tue, 15 Feb 1994 jpp at markv.com wrote:

>   Go ahead, hit 'r' and see what you get.  How many of you get the
> whole verbose reply-to field?
> 
> j'
> 






From hayden at krypton.mankato.msus.edu  Tue Feb 15 22:21:57 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Tue, 15 Feb 94 22:21:57 PST
Subject: Big Bother Inside Stickers at cpsr.org
In-Reply-To: <9402152326.AA46113@Hacker2.cpsr.digex.net>
Message-ID: <Pine.3.89.9402160014.A11693-0100000@krypton.mankato.msus.edu>


On Tue, 15 Feb 1994, Dave Banisar wrote:

> The Big Brother Inside Graphic files are now available at the CPSR Internet 
> Archive - ftp/gopher cpsr.org /cpsr/privacy/crypto/clipper
> 
> big_brother_inside_sticker.ps (postscript-change the size to fit your project)
                                            ^^^^^^^^^^^^^^^

Uh, how do you do dat?

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From erc at khijol.yggdrasil.com  Tue Feb 15 22:24:28 1994
From: erc at khijol.yggdrasil.com (Ed Carp [SysAdmin])
Date: Tue, 15 Feb 94 22:24:28 PST
Subject: ITAR vs. Diffie-Hellman Key Exchange?
In-Reply-To: <9402160516.AA07695@toxicwaste.media.mit.edu>
Message-ID: <m0pWfkW-000CEFC@khijol.yggdrasil.com>


> Full Kerberos, with DES, *is* available outside the US.  The US allows
> export of cryptographic *binaries* for authentication purposes.  For
> example, it is possible to get DECathena, which contains Kerberos with
> DES, which is compatible with MIT Kerberos.  It even contains
> libraries, but not the functions to encrypt data for privacy, just
> enough to create checksummed messages.  Its just that the SOURCE code
> is not available, but it is fairly simple to generate an exportable
> binary suite.
> 
> I doubt DH is exportable, since it is key exchange, which in general
> is not exportable.  Jim, care to comment?
> 
> Yes, there is a version of RSAREF w/ DH included (I have a beta-test
> version, although I haven't played with it a lot).  I don't know when
> this will be released to the world.

Where can I get a copy of this, or just the patches to patch RSAREF?  Or
even D-H itself would be nice - I'd like to hack together an encrypted
telnet/rlogin suite for use when I'm on the road, so I can get into my
system at the house from the laptop and not have to worry about someone
snarfing my login/password combo...

I've got RSAREF, BTW ... haven't looked at it much, though...
-- 
Ed Carp, N7EKG			ecarp at netcom.com		510/659-9560

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"




From jpp at markv.com  Tue Feb 15 23:42:57 1994
From: jpp at markv.com (jpp at markv.com)
Date: Tue, 15 Feb 94 23:42:57 PST
Subject: RFC822 compliant, and already deployed hack for return addresses
Message-ID: <9402152339.aa25881@hermix.markv.com>


  I do love to learn, I just wish it didn't have to involve pageing
through many bounce messages.  I have learned that most mailer
programs are unhappy with very long reply-to addresses.  You can rely
on about 200 to 300 chars, no more.  Too bad -- it looks like the real
easy hack won't work for too many hops.  It should work through two
remailers each with 512 bit keys, or one with 1024 bit key.

  One reply I got mentioned that author's previous experiments along
these lines.  (I am not mentioning the author's name so as to keep
their private message private.)  They mentioned trouble with the
reply-to field hack I tried; some mailers wee dropping the nice long
magic numbers.  They said the most reliable field was the subject
field.  I bet many mail agents are unhappy with long subjects too.
Hopefully they support subjects atlease as long as reply-to fields.

j'
--
		   O I am Jay Prime Positive jpp at markv.com
1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5  89 C9 F0 FE B4 3A 2C 3F
 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED  66 23 F1 71 DE FF 51 48
Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com
Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com

Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org





From greg at ideath.goldenbear.com  Tue Feb 15 23:55:05 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Tue, 15 Feb 94 23:55:05 PST
Subject: Misc replies
Message-ID: <kqVTHc1w165w@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----


Sandy Sandfort <uunet!crl.com!sandfort> writes:

> Ever notice how few mail bombs we get from Trump or Gates?  Maybe the
> rich are rich because they've learned self-restraint.  Bet you dollars to
> donuts that LD doesn't have a pot to pee in or a window to throw it out.

H. Ross Perot.

====

Xenon <qwerty at netcom.com> writes:

> So tell my why I should censor
> Larry 'cause I don't see why I should. It's a lost cause. He will simply
> aquire other accounts, or telnet to port 25 of a remailer and fake his
> address, but this time with greater ambition to do damage.

I second Hal's suggestion to route Detweiler's traffic through Xenon's
remailer.

(Xenon - the point isn't to keep Detweiler off the net. We all know
that's impossible. The point is to keep Detweiler from getting remailers
shut down by abusing them. That's why this is particularly unlike
censorship; Detweiler's goal is to keep all people from using remailers.)


-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLWHDgH3YhjZY3fMNAQEIowQApVUiB4wdXYhTmj8ZuLOSiwTy94+uOUim
mZCfbKca40cXkKzdUlX36deIeJ/NLFQsVJ+KVIUqn19IsfGcIQZnZFPJgVnrovji
VYTChpGwVQ9LCHjc2ppmmBSC83145+AyKSKXuFt+auLHWLtWrPZGvohweyDv51HY
argqt4+Czu0=
=1FP6
-----END PGP SIGNATURE-----

--
Greg Broiles               ".. has bizarre Cyberanarchist theories relating
greg at goldenbear.com         to human punishment." -- L. Detweiler






From mcb at net.bio.net  Tue Feb 15 23:55:05 1994
From: mcb at net.bio.net (Michael C. Berch)
Date: Tue, 15 Feb 94 23:55:05 PST
Subject: Pynchon as roadkill on the digital superhighway
Message-ID: <199402160742.XAA11821@net.bio.net>


Tim May writes:
> [...]
> It seems that in the early morning hours of January 28, 1990, someone
> accessed the Department of Motor Vehicles computer files and got a
> printout of the elusive man's home address, personal characteristics,
> etc. A copy of this was forwarded to someone who studies Pynchon, and
> thence to me, for reasons I won't go into right now.
> 
> The implications for Cypherpunks, privacy, and Pynchon as roadkill on
> the digital highway are clear.

Just looked at the date on this again, and realized it is not as
surprising as it sounds -- until 1991 CA DMV records were open to
anyone who made a request.  No need to break in and look at secret
files, all you had to do was go to the DMV and request them. 

This was changed, I believe, mostly as a response to a case involving
a TV actress in LA who was stalked by an obsessed fan, who got her
address from the DMV and eventually ambushed her there and murdered her. 

And as cool an author as Pynchon is, I suspect he is an amateur at the
privacy business; anyone who would put their true residence address on
their driver's license is obviously not paranoid enough to be serious
about not being found.

(Don't know if it has been mentioned here, but Simson Garfinkle has an
article in this month's WIRED titled "Nobody Fucks With the DMV",
about the privacy implications of the amassing of personal data by
state DMVs.  It's a good -- and scary -- read.)

--
Michael C. Berch
mcb at net.bio.net / mcb at postmodern.com / mcb at remarque.berkeley.edu 






From cyrus at ntthcs.ntt.jp  Wed Feb 16 00:50:06 1994
From: cyrus at ntthcs.ntt.jp (Cyrus Shaoul)
Date: Wed, 16 Feb 94 00:50:06 PST
Subject: Pynchon as roadkill on the digital superhighway
Message-ID: <9402160847.AA12717@ntthcs.ntt.jp>



 Michael C. Berch writes:

>> And as cool an author as Pynchon is, I suspect he is an amateur at the
>> privacy business; anyone who would put their true residence address on
>> their driver's license is obviously not paranoid enough to be serious
>> about not being found.

Pynchon may not be as stupid as that. Has anyone gone to check up on Mr.
Vineland lately? Perhaps the address in the DMV computer is that of a
fried chicken franchise in Lost Hills, CA! Just cause you have some data
doesn't mean it's useful. 

[Gratuitous Blues Brothers reference to Wrigley Field inserted automagically.]

-----------------------------------------------------------------
Cyrus Shaoul                                 cyrus at ntthcs.ntt.jp
NTT Human Interface Labs / Yokosuka        TEL +81(0)468-59-4672
Visual Media Laboratory  / Japan           FAX +81(0)468-59-2829
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Finger cyrus at media.mit.edu for PGP public key, or use the server.
Or get it all from my WWW Page: http://iikk.inter.net/
________________________________________________________________



















From rpmartin at acs.ucalgary.ca  Wed Feb 16 01:20:06 1994
From: rpmartin at acs.ucalgary.ca (Rob P. Martin)
Date: Wed, 16 Feb 94 01:20:06 PST
Subject: An out of country Remailer
Message-ID: <9402160917.AA18809@acs1.acs.ucalgary.ca>



I recently decided that running a remailer from this account
might be a good idea. To help the over all good.  It is "out of
country" for most of you, so it will make one more hop that will
be harder for LE to get at from wherever you are.  But I also
want to protect my account as much as possible, so I would like
to ONLY remail to other remailers. (As they are much less likely
to complain to my sysadmin than any other recipient)  Does anyone
have remailer software that could be easily changed to remail to
a limited set of adresses?  If so I would be interested in
helping the cause, if not I probably will go back to being a
"watcher" from the sidelines..

	Rob

PS. Did I really read that someone said that Canada was a
Socialist country with limited free speach?





From boone at psc.edu  Wed Feb 16 03:50:14 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Wed, 16 Feb 94 03:50:14 PST
Subject: RFC822 compliant, and already deployed hack for return addresses
In-Reply-To: <9402152047.aa11630@hermix.markv.com>
Message-ID: <9402161146.AA16805@igi.psc.edu>



jpp at markv.com  writes:
>
>   Go ahead, hit 'r' and see what you get.  How many of you get the
> whole verbose reply-to field?

  MH yields the Reply-To: field in its entirety.

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From tcmay at netcom.com  Wed Feb 16 04:25:08 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 16 Feb 94 04:25:08 PST
Subject: Pynchon as roadkill on the digital superhighway
Message-ID: <199402161222.EAA26743@netcom9.netcom.com>



Cyrus Shaoul writes:

> Pynchon may not be as stupid as that. Has anyone gone to check up on Mr.
> Vineland lately? Perhaps the address in the DMV computer is that of a
> fried chicken franchise in Lost Hills, CA! Just cause you have some data
> doesn't mean it's useful. 

Yes, I did. The point of getting the address is because I discovered
he lived in Aptos, CA, same as I do. (My source saw my W.A.S.T.E.
reference and assumed I was merely making a joke....he was surprised
to learn I actually live in Aptos, and then volunteered the NLETS
record.)

His house was (rumors that he's been back on the East Coast for the
past couple of years) about 3-4 miles from my house, less as the crow flies.

I shot a dozen or so photos of the house and surrounding countryside,
for my scrapbook and for that of the source.

Not a fried chicken stand.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.





From brenner at netcom.com  Wed Feb 16 01:46:55 1994
From: brenner at netcom.com (Anita Brenner)
Date: Wed, 16 Feb 1994 04:46:55 -0500
Subject: Gopher File
Message-ID: <199402160915.BAA10136@mail.netcom.com>

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-Copyright 1993,4 Wired USA Ltd.  All Rights Reserved=-=-=-=-=-=
-=-=For complete copyright information, please see the end of this file=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

WIRED 2.04
Electrosphere
************* 

Jackboots on the Infobahn
^^^^^^^^^^^^^^^^^^^^^^^^^ 

Clipper is a last ditch attempt by the United States, the last great power 
from the old Industrial Era, to establish imperial control over cyberspace.

By John Perry Barlow


[Note: The following article will appear in the April 1994 issue of WIRED. 
We, the editors of WIRED, are net-casting it now in its pre-published form 
as a public service. Because of the vital and urgent nature of its message, 
we believe readers on the Net should hear and take action now. You are free 
to pass this article on electronically; in fact we urge you to replicate it 
throughout the net with our blessings. If you do, please keep the copyright 
statements and this note intact. For a complete listing of Clipper-related 
resources available through WIRED Online, send email to <infobot at wired.com> 
with the following message: "send clipper.index". - The Editors of WIRED]

On January 11, I managed to schmooze myself aboard Air Force 2. It was 
flying out of LA, where its principal passenger had just outlined his 
vision of the information superhighway to a suited mob of television, show-
biz, and cable types who  fervently hoped to own it one day - if they could 
ever figure out what the hell it was.

>From the standpoint of the Electronic Frontier Foundation the speech had 
been wildly encouraging. The administration's program, as announced by Vice 
President Al Gore, incorporated many of the concepts of open competition, 
universal access, and  deregulated common carriage that we'd been pushing 
for the previous year.

But he had said nothing about the future of privacy, except to cite among 
the bounties of the NII its ability to "help law enforcement agencies 
thwart criminals and terrorists who might use advanced telecommunications 
to commit crimes."

On the plane I asked Gore what this implied about administration policy on 
cryptography. He became as noncommittal as a cigar-store Indian. "We'll be 
making some announcements.... I can't tell you anything more." He hurried 
to the front of the  plane, leaving me to troubled speculation.

Despite its fundamental role in assuring privacy, transaction security, and 
reliable identity within the NII, the Clinton administration has not 
demonstrated an enlightenment about cryptography up to par with the rest of 
its digital vision.

The Clipper Chip - which threatens to be either the goofiest waste of 
federal dollars since President Gerald Ford's great Swine Flu program or, 
if actually deployed, a surveillance technology of profound malignancy - 
seemed at first an ugly legacy  of the Reagan-Bush modus operandi. "This is 
going to be our Bay of Pigs," one Clinton White House official told me at 
the time Clipper was introduced, referring to the disastrous plan to invade 
Cuba that Kennedy inherited from Eisenhower.

(Clipper, in case you're just tuning in, is an encryption chip that the 
National Security Agency and FBI hope will someday be in every phone and 
computer in America. It scrambles your communications, making them 
unintelligible to all but their  intended recipients. All, that is, but the 
government, which would hold the "key" to your chip. The key would 
separated into two pieces, held in escrow, and joined with the appropriate 
"legal authority.")

Of course, trusting the government with your privacy is like having a 
Peeping Tom install your window blinds. And, since the folks I've met in 
this White House seem like extremely smart, conscious freedom-lovers - 
hell, a lot of them are Deadheads -  I was sure that after they were fully 
moved in, they'd face down the National Security Agency and the FBI, let 
Clipper die a natural death, and lower the export embargo on reliable 
encryption products.

Furthermore, the National Institutes of Standards and Technology and the 
National Security Council have been studying both Clipper and export 
embargoes since April. Given that the volumes of expert testimony they had 
collected overwhelmingly opposed  both, I expected the final report would 
give the administration all the support it needed to do the right thing.

I was wrong. Instead, there would be no report. Apparently, they couldn't 
draft one that supported, on the evidence, what they had decided to do 
instead.


THE OTHER SHOE DROPS

On Friday, February 4, the other jackboot dropped. A series of 
announcements from the administration made it clear that cryptography would 
become their very own "Bosnia of telecommunications" (as one staffer put 
it). It wasn't just that the old  Serbs in the National Security Agency and 
the FBI were still making the calls. The alarming new reality was that the 
invertebrates in the White House were only too happy to abide by them. 
Anything to avoid appearing soft on drugs or terrorism.

So, rather than ditching Clipper, they declared it a Federal Data 
Processing Standard, backing that up with an immediate government order for 
50,000 Clipper devices. They appointed the National Institutes of Standards 
and Technology and the  Department of Treasury as the "trusted" third 
parties that would hold the Clipper key pairs. (Treasury, by the way, is 
also home to such trustworthy agencies as the Secret Service and the Bureau 
of Alcohol, Tobacco, and Firearms.)

They reaffirmed the export embargo on robust encryption products, admitting 
for the first time that its purpose was to stifle competition to Clipper. 
And they outlined a very porous set of requirements under which the cops 
might get the keys to your  chip. (They would not go into the procedure by 
which the National Security Agency could get them, though they assured us 
it was sufficient.)

They even signaled the impending return of the dread Digital Telephony, an 
FBI legislative initiative requiring fundamental reengineering of the 
information infrastructure; providing wiretapping ability to the FBI would 
then become the paramount  design priority.


INVASION OF THE BODY SNATCHERS

Actually, by the time the announcements thudded down, I wasn't surprised by 
them. I had spent several days the previous week in and around the White 
House.

I felt like I was in another remake of The Invasion of the Body Snatchers. 
My friends in the administration had been transformed. They'd been subsumed 
by the vast mindfield on the other side of the security clearance membrane, 
where dwell the  monstrous bureaucratic organisms that feed on fear. They'd 
been infected by the institutionally paranoid National Security Agency's 
Weltanschauung.

They used all the telltale phrases. Mike Nelson, the White House point man 
on the NII, told me, "If only I could tell you what I know, you'd feel the 
same way I do." I told him I'd been inoculated against that argument during 
Vietnam. (And it does  seem to me that if you're going to initiate a 
process that might end freedom in America, you probably need an argument 
that isn't classified.)

Besides, how does he know what he knows? Where does he get his information? 
Why, the National Security Agency, of course. Which, given its strong 
interest in the outcome, seems hardly an unimpeachable source.

However they reached it, Clinton and Gore have an astonishingly simple 
bottom line, to which even the future of American liberty and prosperity is 
secondary: They believe that it is their responsibility to eliminate, by 
whatever means, the  possibility that some terrorist might get a nuke and 
use it on, say, the World Trade Center. They have been convinced that such 
plots are more likely to ripen to hideous fruition behind a shield of 
encryption.

The staffers I talked to were unmoved by the argument that anyone smart 
enough to steal a nuclear device is probably smart enough to use PGP or 
some other uncompromised crypto standard. And never mind that the last 
people who popped a hooter in the  World Trade Center were able to get it 
there without using any cryptography and while under FBI surveillance.

We are dealing with religion here. Though only ten American lives have been 
lost to terrorism in the last two years, the primacy of this threat has 
become as much an article of faith with these guys as the Catholic 
conviction that human life begins  at conception or the Mormon belief that 
the Lost Tribe of Israel crossed the Atlantic in submarines.

In the spirit of openness and compromise, they invited the Electronic 
Frontier Foundation to submit other solutions to the "problem" of the 
nuclear-enabled terrorist than key escrow devices, but they would not admit 
into discussion the argument that  such a threat might, in fact, be some 
kind of phantasm created by the spooks to ensure their lavish budgets into 
the post-Cold War era.

As to the possibility that good old-fashioned investigative techniques 
might be more valuable in preventing their show-case catastrophe (as it was 
after the fact in finding the alleged perpetrators of the last attack on 
the World Trade Center), they  just hunkered down and said that when 
wiretaps were necessary, they were damned well necessary.

When I asked about the business that American companies lose because of 
their inability to export good encryption products, one staffer essentially 
dismissed the market, saying that total world trade in crypto goods was 
still less than a billion  dollars. (Well, right. Thanks more to the 
diligent efforts of the National Security Agency than to dim sales 
potential.)

I suggested that a more immediate and costly real-world effect of their 
policies would be to reduce national security by isolating American 
commerce, owing to a lack of international confidence in the security of 
our data lines. I said that Bruce  Sterling's fictional data-enclaves in 
places like the Turks and Caicos Islands were starting to look real-world 
inevitable.

They had a couple of answers to this, one unsatisfying and the other scary. 
The unsatisfying answer was that the international banking community could 
just go on using DES, which still seemed robust enough to them. (DES is the 
old federal Data  Encryption Standard, thought by most cryptologists to be 
nearing the end of its credibility.)

More frightening was their willingness to counter the data-enclave future 
with one in which no data channels anywhere would be secure from 
examination by one government or another. Pointing to unnamed other 
countries that were developing their own  mandatory standards and 
restrictions regarding cryptography, they said words to the effect of, 
"Hey, it's not like you can't outlaw the stuff. Look at France."

Of course, they have also said repeatedly - and for now I believe them - 
that they have absolutely no plans to outlaw non-Clipper crypto in the US. 
But that doesn't mean that such plans wouldn't develop in the presence of 
some pending "emergency."  Then there is that White House briefing 
document, issued at the time Clipper was first announced, which asserts 
that no US citizen "as a matter of right, is entitled to an unbreakable 
commercial encryption product."

Now why, if it's an ability they have no intention of contesting, do they 
feel compelled to declare that it's not a right? Could it be that they are 
preparing us for the laws they'll pass after some bearded fanatic has 
gotten himself a surplus nuke  and used something besides Clipper to 
conceal his plans for it?

If they are thinking about such an eventuality, we should be doing so as 
well. How will we respond? I believe there is a strong, though currently 
untested, argument that outlawing unregulated crypto would violate the 
First Amendment, which surely  protects the manner of our speech as clearly 
as it protects the content.

But of course the First Amendment is, like the rest of the Constitution, 
only as good as the government's willingness to uphold it. And they are, as 
I say, in the mood to protect our safety over our liberty.

This is not a mind-frame against which any argument is going to be very 
effective. And it appeared that they had already heard and rejected every 
argument I could possibly offer.

In fact, when I drew what I thought was an original comparison between 
their stand against naturally proliferating crypto and the folly of King 
Canute (who placed his throne on the beach and commanded the tide to leave 
him dry), my government  opposition looked pained and said he had heard 
that one almost as often as jokes about roadkill on the information 
superhighway.

I hate to go to war with them. War is always nastier among friends. 
Furthermore, unless they've decided to let the National Security Agency 
design the rest of the National Information Infrastructure as well, we need 
to go on working closely with  them on the whole range of issues like 
access, competition, workplace privacy, common carriage, intellectual 
property, and such. Besides, the proliferation of strong crypto will 
probably happen eventually no matter what they do.

But then again, it might not. In which case we could shortly find ourselves 
under a government that would have the automated ability to log the time, 
origin and recipient of every call we made, could track our physical 
whereabouts continuously,  could keep better account of our financial 
transactions than we do, and all without a warrant. Talk about crime 
prevention!

Worse, under some vaguely defined and surely mutable "legal authority," 
they also would be able to listen to our calls and read our e-mail without 
having to do any backyard rewiring. They wouldn't need any permission at 
all to monitor overseas calls.

If there's going to be a fight, I'd rather it be with this government than 
the one we'd likely face on that hard day.

Hey, I've never been a paranoid before. It's always seemed to me that most 
governments are too incompetent to keep a good plot strung together all the 
way from coffee break to quitting time. But I am now very nervous about the 
government of the  United States of America.

Because Bill 'n' Al, whatever their other new-paradigm virtues, have 
allowed the very old-paradigm trogs of the Guardian Class to define as 
their highest duty the defense of America against an enemy that exists 
primarily in the imagination - and is  therefore capable of anything.

To assure absolute safety against such an enemy, there is no limit to the 
liberties we will eventually be asked to sacrifice. And, with a Clipper 
Chip in every phone, there will certainly be no technical limit on their 
ability to enforce those  sacrifices.


WHAT YOU CAN DO

GET CONGRESS TO LIFT THE CRYPTO EMBARGO

The administration is trying to impose Clipper on us by manipulating market 
forces. By purchasing massive numbers of Clipper devices, they intend to 
induce an economy of scale which will make them cheap while the export 
embargo renders all  competition either expensive or nonexistent.

We have to use the market to fight back. While it's unlikely that they'll 
back down on Clipper deployment, the Electronic Frontier Foundation 
believes that with sufficient public involvement, we can get Congress to 
eliminate the export embargo.

Rep. Maria Cantwell, D-Washington, has a bill (H.R. 3627) before the 
Economic Policy, Trade, and Environment Subcommittee of the House Committee 
on Foreign Affairs that would do exactly that. She will need a lot of help 
from the public. They may not  care much about your privacy in DC, but they 
still care about your vote.

Please signal your support of H.R. 3627, either by writing her directly or 
e-mailing her at cantwell at eff.org. Messages sent to that address will be 
printed out and delivered to her office. In the subject header of your 
message, please include the  words "support HR 3627." In the body of your 
message, express your reasons for supporting the bill. You may also express 
your sentiments to Rep. Lee Hamilton, D-Indiana, the House Committee on 
Foreign Affairs chair, by e-mailing hamilton at eff.org.

Furthermore, since there is nothing quite as powerful as a letter from a 
constituent, you should check the following list of subcommittee and 
committee members to see if your congressional representative is among 
them. If so, please copy them your  letter to Rep. Cantwell.

> Economic Policy, Trade, and Environment Subcommittee:

Democrats: Sam Gejdenson (Chair), D-Connecticut; James Oberstar, D-
Minnesota; Cynthia McKinney, D-Georgia; Maria Cantwell, D-Washington; Eric 
Fingerhut, D-Ohio; Albert R. Wynn, D-Maryland; Harry Johnston, D-Florida; 
Eliot Engel, D-New York; Charles Schumer, D-New York.

Republicans: Toby Roth (ranking), R-Wisconsin; Donald Manzullo, R-Illinois; 
Doug Bereuter, R-Nebraska; Jan Meyers, R-Kansas; Cass Ballenger, R-North 
Carolina; Dana Rohrabacher, R-California.

> House Committee on Foreign Affairs:

Democrats: Lee Hamilton (Chair), D-Indiana; Tom Lantos, D-California; 
Robert Torricelli, D-New Jersey; Howard Berman, D-California; Gary 
Ackerman, D-New York; Eni Faleomavaega, D-Somoa; Matthew Martinez, D-
California; Robert Borski, D-Pennsylvania;  Donal Payne, D-New Jersey; 
Robert Andrews, D-New Jersey; Robert Menendez, D-New Jersey; Sherrod Brown, 
D-Ohio; Alcee Hastings, D-Florida; Peter Deutsch, D-Florida; Don Edwards, 
D-California; Frank McCloskey, D-Indiana; Thomas Sawyer, D-Ohio; Luis  
Gutierrez, D-Illinois.

Republicans: Benjamin Gilman (ranking), R-New York; William Goodling, R-
Pennsylvania; Jim Leach, R-Iowa; Olympia Snowe, R-Maine; Henry Hyde, R-
Illinois; Christopher Smith, R-New Jersey; Dan Burton, R-Indiana; Elton 
Gallegly, R-California; Ileana  Ros-Lehtinen, R-Florida; David Levy, R-New 
York; Lincoln Diaz-Balart, R-Florida; Ed Royce, R-California.


BOYCOTT CLIPPER DEVICES AND THE COMPANIES WHICH MAKE THEM.

Don't buy anything with a Clipper Chip in it. Don't buy any product from a 
company that manufactures devices with Big Brother inside. It is likely 
that the government will ask you to use Clipper for communications with the 
IRS or when doing business  with federal agencies. They cannot, as yet, 
require you to do so. Just say no.


LEARN ABOUT ENCRYPTION AND EXPLAIN THE ISSUES TO YOUR UNWIRED FRIENDS

The administration is banking on the likelihood that this stuff is too 
technically obscure to agitate anyone but nerds like us. Prove them wrong 
by patiently explaining what's going on to all the people you know who have 
never touched a computer and  glaze over at the mention of words like 
"cryptography."

Maybe you glaze over yourself. Don't. It's not that hard. For some hands-on 
experience, download a copy of PGP - Pretty Good Privacy - a shareware 
encryption engine which uses the robust RSA encryption algorithm. And learn 
to use it.


GET YOUR COMPANY TO THINK ABOUT EMBEDDING REAL CRYPTOGRAPHY IN ITS PRODUCTS

If you work for a company that makes software, computer hardware, or any 
kind of communications device, work from within to get them to incorporate 
RSA or some other strong encryption scheme into their products. If they say 
that they are afraid to  violate the export embargo, ask them to consider 
manufacturing such products overseas and importing them back into the 
United States. There appears to be no law against that. Yet.

You might also lobby your company to join the Digital Privacy and Security 
Working Group, a coalition of companies and public interest groups - 
including IBM, Apple, Sun, Microsoft, and, interestingly, Clipper phone 
manufacturer AT&T - that is  working to get the embargo lifted.


ENLIST!

Self-serving as it sounds coming from me, you can do a lot to help by 
becoming a member of one of these organizations. In addition to giving you 
access to the latest information on this subject, every additional member 
strengthens our credibility  with Congress.

> Join the Electronic Frontier Foundation by writing membership at eff.org.

> Join Computer Professionals for Social Responsibility by e-mailing 
cpsr.info at cpsr

.org. CPSR is also organizing a protest, to which you can lend your support 
by sending e-mail to clipper.petition at cpsr.org with "I oppose Clipper" in 
the message body. Ftp/gopher/WAIS to cpsr.org /cpsr/privacy/

crypto/clipper for more info.


In his LA speech, Gore called the development of the NII "a revolution." 
And it is a revolutionary war we are engaged in here. Clipper is a last 
ditch attempt by the United States, the last great power from the old 
Industrial Era, to establish  imperial control over cyberspace. If they 
win, the most liberating development in the history of humankind could 
become, instead, the surveillance system which will monitor our 
grandchildren's morality. We can be better ancestors than that.

San Francisco, California

Wednesday, February 9, 1994

                                   * * *

John Perry Barlow (barlow at eff.org) is co-founder and Vice-Chairman of the 
Electronic Frontier Foundation, a group which defends liberty, both in 
Cyberspace and the Physical World. He has three daughters.


=-=-=-=-=-=-=-=-=-=-=-=WIRED Online Copyright Notice=-=-=-=-=-=-=-=-=-=-=-=

           Copyright 1993,4 Wired USA Ltd.  All rights reserved.

  This article may be redistributed provided that the article and this 
  notice remain intact. This article may not under any circumstances
  be resold or redistributed for compensation of any kind without prior 
  written permission from Wired Ventures, Ltd.

  If you have any questions about these terms, or would like information
  about licensing materials from WIRED Online, please contact us via 
  telephone (+1 (415) 904 0660) or email (info at wired.com).

       WIRED and WIRED Online are trademarks of Wired Ventures, Ltd.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=





From katz at spectrum.cs.bucknell.edu  Wed Feb 16 05:55:08 1994
From: katz at spectrum.cs.bucknell.edu (lonne katz `94)
Date: Wed, 16 Feb 94 05:55:08 PST
Subject: unsubscribe
Message-ID: <9402161353.AA26007@spectrum.cs.bucknell.edu>


unsubscribe me please





From remailer at merde.dis.org  Wed Feb 16 07:40:14 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Wed, 16 Feb 94 07:40:14 PST
Subject: Magic Money and Remailers
Message-ID: <9402161539.AA13477@merde.dis.org>


-----BEGIN PGP SIGNED MESSAGE-----

Tim May wrote:

>Subject: Simplified Digital Postage--Proposal

>... A more sophisticated system based on true digital cash, perhaps 
>based on Magic Money," is more desirable, but almost anything is better 
>than the current system. (Well, not _anything_.)

>I propose remailers immediately adopt some form of digital
>money/postage, even if current instantiations are not fully debugged
>or optimized. "Magic Money" may be ready for such a trial use.

Magic Money will have to be modified for that use. As it works now,
clients A and B are using a common server S's coins. Client A wants to
pay client B some money. Client A sends client B the coins. Client B
sends the coins along with new, blinded but unsigned coins, to server S.
Server S checks the old coins, signs the new ones, and sends them back
to client B.

This leaves two options:

A) The remailer is the server. In this case, you don't need Magic Money,
just a straightforward blind signature system, and I could write that if
someone could describe in detail what they want it to do. The remailer 
operator could write it too, using PGP Tools and Magic Money source code 
as a basis.

B) There is a third party server, and all remailers use its coins. In this
case, the remailers have to mail the coins to the server and get the server
to verify the coins before remailing the message. A good way to set up a
time lag, but pretty complicated for an all-automatic system (the client
would have to be modified, too) and lost mail from the server would wreck
the system. First someone has to set up a Magic Money server, which so far
nobody has.

>- subtle flaws in digital money protocols (and I doubt "Magic Money"
>is completely free of subtle or not-so-subtle flaws...everything needs
>debugging and evolutionary learning) will not be so serious when only
>"postage" is involved. As opposed to "real money" situations, where
>finding a way to break or spoof the protocol could result in large
>amounts of money being lost. At least with digital postage, about the
>worst that could happen is someone gets free remailing--the current
>situation.

Magic Money isn't too bad in security. It uses Chaum online cash: a random
number x, MD5(x) put in a properly padded signature packet and blindsigned 
by the server, and different e/d pairs for different denominations. 
Messages to the server are encrypted with the server's PGP key, and the
server's replies are encrypted with the client's PGP key (provided in the
original message) and signed with the server's key.

>How ready is Magic Money for a test-bed use like this?

Right now it's designed to allow people to pass coins between each other, 
but the code could be hacked to accept coins automatically. I have mixed
emotions about pay-per access (to remailers or anything else) but I am
interested enough in seeing digital cash experimentation to write the code
now and worry about the ideology later.

>- and of course, a charge of, say, $2.00 in real money (send in $20,
>get bact 10 remailer "stamps" of some form, suitably anonymized
>through a blinding procedure a la Chaum) would mean that posting to 20
>newsgroups would be a nontrivial expense for a would-be flooder.

Everyone would use the free remailers rather than pay $2. Both Chaum and
RSA would jump on you if real money was involved. What about just having
a finite number of stamps going around, to prevent mailbombing?

Here's an anonymity-breaking attack I've been worrying about:

In an untraceable digicash system, deposits cannot be matched to withdrawals,
so the bank cannot find out where a customer spends money. However, the bank
in collaboration with a payer can determine who deposits a particular coin.

Suppose you are providing a non-approved service or product, using remailers
and digital cash to protect your identity. Someone wants to trace you. All
they have to do is set up a sting: buy your service with coins which are 
recorded, and get the bank to identify who cashes in those coins. To prevent 
this, the bank cannot know who deposits particular coins. The bank cannot
know who any of its accountholders are.

Being an accountless system, Magic Money can be operated through a remailer.
But Magic Money is an online system. Offline systems depend on the bank 
knowing who the customers are, and being able to punish them for double 
spending. How could an offline system be made immune to this attack?

I don't know about remailers, but I wish someone would set up a Magic Money
server. I haven't heard much about Magic Money on the list lately. That
could be good (the code works) or bad (nobody cares). Which is it?
BTW the latest versions are PGPTL10C and MGMNY10E.

                                               Pr0duct Cypher

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWGqBMGoFIWXVYodAQEFjAP/SvhcAGk4ZGuvDaFN9oNiTtZi0Yhf1Q63
ARqSJgHGtrwsMxoxKnT5cuErjoV3+ba0b7Id49apq6zdS6W7UVo6Gpm5WIxfIOui
V6VeFlYE5Wry4YKrMahjYCd4th80hWLWpgcGcjCw0WqmESfR0i8jLVpiKzwB0cKO
VldNKHU4/GY=
=7EVp
-----END PGP SIGNATURE-----





From smb at research.att.com  Wed Feb 16 08:10:14 1994
From: smb at research.att.com (smb at research.att.com)
Date: Wed, 16 Feb 94 08:10:14 PST
Subject: Clipper and Traffic Analysis
Message-ID: <9402161610.AA10454@toad.com>


	 
	 > Also, it probably goes via a different physical path.  And at least 
	some
	 > SS7 trunks are encrypted with DES.

	 Care to say anything about which ones are encrypted and why? 
	 Or to ask it another way, who decides?

I phrased it that way because I'm not certain of the extent, and I'm
not certain how much of what I know is AT&T-proprietary.  But the
obvious risks that encryption avoids are traffic analysis by enemies
(pick your own definition of enemy), information on what channels to
wiretap (remember the furor a few years ago about the location of the
then-Soviet embassy on a hilltop in Washington, D.C.?), and the threat
of phone-phreaking by introducing bogus call setup messages.  On the
latter point, recall that out-of-band signaling was introduced in part
in response to ``blue boxes'' and other device that exploited in-band
signaling technologies.





From strick at osc.versant.com  Wed Feb 16 09:05:09 1994
From: strick at osc.versant.com (strick -- strick AT versant DOT com -- henry strickland)
Date: Wed, 16 Feb 94 09:05:09 PST
Subject: ITAR vs. Diffie-Hellman Key Exchange?
In-Reply-To: <9402160417.AA09448@anchor.ho.att.com>
Message-ID: <9402161704.AA05067@osc.versant.com>


# From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com 
# 
# However, is Diffie-Hellman exportable?   After all, it's not crypto,
# it's *just* key exchange,

For that matter, the trivial use of the Dining Cryptographers algorithm
really doesn't involve anything I consider True Crypto: it's just
coin flips and xors -- more of an "encoding" than an "encryption".
Notice there is no encryption/decryption key.  As in DH, the information
emerges in the end if you follow the protocol.  
 
# be an updated RSAREF version including Diffie-Hellman key exchange, 

Try writing to burt at rsa.com and asking for it.  They sent it to me.   strick





From rcain at netcom.com  Wed Feb 16 09:05:15 1994
From: rcain at netcom.com (Robert Cain)
Date: Wed, 16 Feb 94 09:05:15 PST
Subject: AT&T stopped talking to me
Message-ID: <199402161704.JAA16456@netcom9.netcom.com>



Cryptophiles,

I don't know if there is any signifigance to this or it is incompetence.
I was in discussion with a rep for AT&T about their VSELP part and
getting the firmware development software to add crypto to the part.
(Don't even need hardware, the simulator is supposed to be so good.)
This rep had put me in touch with the local AT&T marketing person
for the part in order to handle some questions he couldn't.  Things
were going along pretty well until the AT&T fellow asked me what
my application was.  I was queasy about answering that question and
rightfully so.  I felt a sudden change of attitude from the guy when I
told him it was to implement my voice crypto and I have gotten nowhere
with them since.  I asked for the complete datasheet for the part and
received instead the same two page summary I already had.  There is no
way one could design in this part with the info in that marketing blurb
so something else *must* exist.  I cannot get them to even return a call
any more.  I left a message on the men's phone mail detailing that I
was ready to purchase the development software and wanted to meet
briefly to discuss that and explain the real design information I need
for the part.  I have been unable to get either to return my calls.  In
my last conversation with the AT&T guy he was trying to discourage me,
telling me that to get any support for this firmware development
required some kind of market study showing that the application would
result in the sale of 100,000+ of the devices.  I told him that I saw
little problem with that number and anticipated potentially ten times
that quantity or more over the life of the product.  :-)

I dunno, maybe it is coincidence but it sure seems to me that AT&T's
willingness to sell to me and help support a product development
vanished at the point when I mentioned crypto.

Steve B., since you are with AT&T is there any policy that you know
about regarding sales of devices for use in crypto?


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021 H  415-966-9549 W (10 am to 7 pm)


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From rcain at netcom.com  Wed Feb 16 09:25:09 1994
From: rcain at netcom.com (Robert Cain)
Date: Wed, 16 Feb 94 09:25:09 PST
Subject: Precedent for PGP legality
In-Reply-To: <199402141739.JAA06467@mail.netcom.com>
Message-ID: <199402161724.JAA19112@netcom9.netcom.com>


Timothy C. May sez:
> 
> Yes, this is well-known and is mentioned, I believe, in the PGP docs.
> Private use for experimental purposes, or for the purposes of
> improving an invention, are recognized legit uses. Implementing RSA as
> a class project or textbook problem is common, and RSADSI will not
> bother with such cases. (Nor has RSADSI bothered any users of PGP, if
> truth be told, unless they were involved in the hassling of Zimmermann
> vis-a-vis the grand jury investigation...which hasn't been established
> one way or another.)

It is true that there was a great deal of enmity between RSA's
president, Jim Bidzos, and Phil but that was just starting to thaw a
year or so ago when I let Jim know that Phil was interested in
licensing RSA's patents (for those that haven't bothered to check,
RSA's fees are incredibly reasonable) because there were some
businesses interested in using PGP that wouldn't because of its
geurillaware status.  I believe that they worked something out or Phil
would not have been pursuing the commercial work he got busted/hassled
for by the fed.  I don't think that RSA deserves any suspicion with
regard to Phil's troubles.

> 
> Where it gets dicey is when people are using an invention in a way
> that circumvents the patent rights of the inventor. The common use of
> PGP is clearly for communication, for most people, not for study on
> their home machines of how the algorithm works, how it might be
> improved, etc.
> 
> I'm not arguing RSADSI's side, merely pointing out that calling the
> growing use of PGP for communication and the signing of articles an
> "experiment" is misleading, and even disingenuous. Not to sound like
> Sterno here, but I think the lawyers here will back me up on this.

Yes, I was told by a patent attorney that the way we use PGP is
not within the experimental guideline and we are probably standing
in violation of these patents.  Not that that means much, RSA 
is not about to joust windmills by trying to mess with anybody.

> 
> Now maybe the RSA patents are invalid, maybe the fact that public
> money was used to support the researches at Stanford and MIT that led
> to public key and RSA means "we" own the patents (not supported by
> decisions, though), etc. 

A whole lot of precedent for this.  It is in effect one way that the
federal government helps support research without direct taxation.
I read recently that Stanford rakes in an obscene amount each year
from the patents it holds but I really have no problem with that
since it benefits education as a whole.

> 
> In any case, I think PGP is the best thing that has ever happened to
> the popularity of RSA and RSADSI, and I have told Jim Bidzos this.

That's funny, in a weak moment *he* told me that a year ago.  :-)


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From mnemonic at eff.org  Wed Feb 16 09:25:15 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Wed, 16 Feb 94 09:25:15 PST
Subject: Barlow article on Clipper
Message-ID: <199402161717.MAA22141@eff.org>


Forwarded message:


From baford at schirf.cs.utah.edu  Wed Feb 16 09:30:15 1994
From: baford at schirf.cs.utah.edu (Bryan Ford)
Date: Wed, 16 Feb 94 09:30:15 PST
Subject: Magic Money and Remailers
In-Reply-To: <9402161539.AA13477@merde.dis.org>
Message-ID: <9402161725.AA05848@schirf.cs.utah.edu>


In message <9402161539.AA13477 at merde.dis.org> Pr0duct Cypher writes:
>Being an accountless system, Magic Money can be operated through a remailer.
>But Magic Money is an online system. Offline systems depend on the bank 
>knowing who the customers are, and being able to punish them for double 
>spending. How could an offline system be made immune to this attack?

Is it necessarily the bank's job to worry about this?   Suppose the bank
simply honors the first request from "anyone" to re-mint a coin; after that
the bank only knows about the new coin.  If Jack pays Jill with already-spent
money, Jill's attempt to deposit or re-mint the coin will fail, and it's
Jill's responsibility to find another way to collect the money.  So if
she's smart, she'll make sure she can re-mint the money _before_ closing
the deal.  It's much like checks or credit cards work today: a transaction
is not considered "complete" until it "clears".

				Bryan





From m5 at vail.tivoli.com  Wed Feb 16 09:35:09 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Wed, 16 Feb 94 09:35:09 PST
Subject: AT&T stopped talking to me
In-Reply-To: <199402161704.JAA16456@netcom9.netcom.com>
Message-ID: <9402161732.AA00888@vail.tivoli.com>



This could be a simple case of AT&T being unwilling to foster
competition against themselves.  The only way to combat something like
that would be from an anti-trust standpoint (highly unlikely here,
probably). 

Is AT&T the only company that sells such a device?

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From smb at research.att.com  Wed Feb 16 09:40:16 1994
From: smb at research.att.com (smb at research.att.com)
Date: Wed, 16 Feb 94 09:40:16 PST
Subject: AT&T stopped talking to me
Message-ID: <9402161739.AA11093@toad.com>


	 Steve B., since you are with AT&T is there any policy that you know
	 about regarding sales of devices for use in crypto?

I know of no such policy.  To be sure, I wouldn't necessarily know
of it if it existed, being enmeshed in the wilds of Research -- but
I know of none.





From mnemonic at eff.org  Wed Feb 16 09:40:18 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Wed, 16 Feb 94 09:40:18 PST
Subject: EFF WANTS YOU TO CALL FOR SENATE HEARINGS ON CLIPPER
Message-ID: <199402161739.MAA22556@eff.org>



EFF WANTS YOU TO CALL FOR SENATE HEARINGS ON CLIPPER


*** Distribute Widely ***

Feb. 15, 1994

Dear Friends on the Electronic Frontier,

Thank you for your efforts in fighting the government's ill-considered
Clipper proposal. We have already delivered over 2250 messages supporting
H.R. 3627 to Rep. Cantwell, and your messages have continued to flood in.
We'd now like to ask you to help us call for Congressional hearings on
Clipper by writing to Senator Patrick Leahy c/o leahy at eff.org.

As we have previously reported, the Clinton Administration has announced
that it plans to proceed on every front to make the Clipper Chip
encryption scheme a national standard and to discourage the development
and sale of alternative powerful encryption technologies. If the
government succeeds in this effort, the resulting blow to individual
freedom and privacy could be immeasurable.

So far, the government has resisted requests that it explain its policy.
When the Presidential Decision Directive calling for Clipper deployment
first appeared last spring, the Administration promised a report that
re-evaluated cryptography and privacy policy in light of technological
changes, the coming of the National Information Infrastructure, and the
end of the Cold War. The Administration also made a commitment to
meaningful public dialog before taking any major action on escrow
deployment or new legislation.

Yet in spite of the efforts of EFF, CPSR, ACLU, and other groups to
provide extensive input to the Administration, the promised policy report
never arrived, and the Administration has now said there will be no report
after all. This failure of public accountability makes Congressional
hearings an absolute necessity.

There are individuals in Congress willing to look into the Clipper
proposal and related policies--if they hear from you. Senator Patrick
Leahy (D-Vermont), who chairs one of the key committees responsible for
these issues, has asked for comments and concerns about the viability of
the Clipper initiative.

Here's where we need your help. *Please write Senator Leahy at

        leahy at eff.org

and ask that the Senate hold hearings about Clipper.* Senate hearings may
be the only means of ensuring public feedback about Clipper, and, just as
important, they may be the only means of forcing the Administration to
explain its Clipper policy. Please express your concerns about the United
States' Clipper policy and cryptographic policy in general. Your letters
in support of hearings will be printed out and delivered to the senator.

And if you haven't written Rep. Maria Cantwell to show your support for
H.R. 3627, her bill to relax export restrictions on encryption technology,
now's the time to do so. Just send e-mail to 

        cantwell at eff.org

and put "I support H.R. 3627" in your Subject header. Letters in support
of the bill will be printed out and delivered to Rep. Cantwell.

Our fight to keep national encryption policy out in the open--and to
continue allowing individuals to use encryption to ensure their own
privacy--has only just begun. In the coming weeks and months, we will be
working to give you more ways to make your voice heard on these vital
public issues.

Sincerely,

Jerry Berman
Executive Director
Electronic Frontier Foundation









From hughes at ah.com  Wed Feb 16 09:45:09 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 16 Feb 94 09:45:09 PST
Subject: AT&T stopped talking to me
In-Reply-To: <199402161704.JAA16456@netcom9.netcom.com>
Message-ID: <9402161737.AA26577@ah.com>


>I felt a sudden change of attitude from the guy when I
>told him it was to implement my voice crypto and I have gotten nowhere
>with them since.

If you ever get another phone line and wish to deal with them with a
different company name and a personal pseudonym, you might tell them
next time that you're working on a voice mail system with networking
features.

Eric





From pmetzger at lehman.com  Wed Feb 16 09:55:09 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 16 Feb 94 09:55:09 PST
Subject: AT&T stopped talking to me
In-Reply-To: <9402161732.AA00888@vail.tivoli.com>
Message-ID: <9402161752.AA02808@andria.lehman.com>



Mike McNally says:
> 
> This could be a simple case of AT&T being unwilling to foster
> competition against themselves.  The only way to combat something like
> that would be from an anti-trust standpoint (highly unlikely here,
> probably). 
> 
> Is AT&T the only company that sells such a device?

Qualcomm sells a chip that implements QCELP.

.pm





From a2 at ah.com  Wed Feb 16 10:45:10 1994
From: a2 at ah.com (Arthur Abraham)
Date: Wed, 16 Feb 94 10:45:10 PST
Subject: AT&T stopped talking to me
Message-ID: <9402161838.AA26954@ah.com>


I've had extensive experience with hardware vendors, and the behavior 
you describe is extreremely anomalous.  It is just barely possible that
your rep has quit, and his replacement hasn't picked up the slack yet.

On just the basic problem of getting the data sheets, you might have better
luck calling AT&T's literature department directly.  This works very well if
you have the part number of the data sheet, but just the part's id should get
you the info.  If the part is more than a few months past announcement, it's
data sheet has probably been bound up with a whole lot of other data sheets and
printed in some family book, which might be easier to ask for, and give you
some alternates to consider.

Or, you could ask some smiley friend ;+> to try to get the information
for you.

Buying the part shouldn't be as hard, they are required to sell to you.  
However, if you are experiencing politics, beware of such things as deliverly
delays and a high percentage of bad parts in your shipment.  Going through
a distributor is probably enough to avoid most of these problems.  

So, when can I buy your gadget? 

-a2






From rarachel at prism.poly.edu  Wed Feb 16 11:10:19 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Wed, 16 Feb 94 11:10:19 PST
Subject: Clipper and Traffic Analysis
In-Reply-To: <9402151617.AA29710@bilbo.suite.com>
Message-ID: <9402161854.AA17089@prism.poly.edu>


Speaking of phone records and such, btw, AT&T keeps phone
records for quite a long time.  About half a year or
so my girlfriend visited her relatives in Hong Kong
and I called her there to save them some major money.
 
A few months ago, I get a letter/offer from AT&T
saying that I could save over xxx% on calls to HK,
Taiwan, etc...  Now, I'm a white boy and my name
would give them absolutely no hint of having
relatives or friends in Hong Kong.  Obviously they
keep records for waaaay far back, and keep them in
use!!!
 
If they use'em for advertising, you can bet they
use them for other shady "law-enforcement" type info
for cops, etc....





From baum at newton.apple.com  Wed Feb 16 11:25:11 1994
From: baum at newton.apple.com (Allen J. Baum)
Date: Wed, 16 Feb 94 11:25:11 PST
Subject: NSA lobbying for Clipper in Europe
Message-ID: <9402161923.AA19815@newton.apple.com>


from sci.crypt...

The following article was printed on page 10 of the UK's
`Independent on Sunday' (13th Feb 1994).  It would seem that the
tentacles are spreading.

For those who haven't read it, James Bamford's book `The Puzzle
Palace' contains a fascinating history of the incestuous
relationship between the NSA and Britain's GCHQ.  No official UK
opposition can be expected.

Follow-ups to talk.politics.crypto please.
----------------------------------------------------------------

How America Plans to bug the electronic age

BIG BROTHER JOINS SCRAMBLE FOR DATA

By Leonard Doyle

A high-ranking official of the National Security Agency,
America's largest and most secretive intelligence arm, is in
London with the task of selling the 16 governments of the
European Union and European Free Trade Association on the virtues
of a controversial electronic scrambling technology.

The Clinton administration hopes that the encryption devices will
become the global standard for anyone wanting privacy while using
cellular phones, computer networks and fax transmissions.  They
have a serious drawback for anyone looking for total privacy,
however.  The devices have a built-in `back-door' that will allow
spy agencies to listen in on all communications, or read faxes
and electronic mail.

Spy agencies in the US and Europe, with nearly 50 years'
experience of advanced technology in surveillance of citizens,
suspected criminals and foreign governments, have been concerned
for some time about developments that have put sophisticated
encryption devices within reach of many.

The agencies want to ensure that they are not left behind by the
rapid advances in high technology which have made telephone
scramblers and the mathematical codes used to encrypt computer
and fax data relatively cheap and easy to use.

The governments fear that electronic eavesdropping will be set
back decades if and when terrorists, money-launderers, drug
traffickers and unfriendly governments gain widespread access to
the technology.  The NSA is concerned that, despite the $30bn
(UK Pounds 21bn) a year it spends monitoring global
communications, it cannot keep pace with technological change and
the massive spread of encryption codes.

The NSA official, James Hearn, who until recently was the deputy
director for information security at NSA's sprawling headquarters
near Washington DC, is heading up a `liaison office' in London
with a colleague, Clint Brooks, according to reliable sources in
the computer security community on both sides of the Atlantic.
The US Embassy in London issued a pro forma denial about Hearn's
presence yesterday, saying: "There's nobody by that name here."

Mr Hearn is well known, however, to UK and European officials at
the cutting edge of efforts to control the spread of highly
sophisticated scrambling devices.  These encryption codes,
developed by private software companies, are putting
communication beyond easy reach of the NSA, Britain's GCHQ at
Cheltenham and France's DGSE, to name but a few `Big Ear'
agencies.

As a response, the US has developed an encoding device for
telephones and computers known as the `Clipper Chip', with a
`back door' that will allow spy agencies armed with special
electronic keys to eavesdrop.  When the Clinton administration
decided to press ahead with the controversial coding devices
last week, the computer industry and privacy campaigners reacted
with outrage.

"It's like trying to order people to use only resealable
envelopes for correspondence, so that no communication can ever
be private again," said David Bannisar of Computer Professionals
for Social Responsibility.

Big computer companies, including IBM and Apple, are bitterly
opposed to the new monitoring devices.  But AT&T, the US
telephone company, which is fast establishing itself in Europe,
will put the eavesdropping technology into the telephone
scrambling devices it sells in high street shops for about UK
Pounds 800 each.

The US is keen to ensure that similar electronic monitoring
technology becomes standard in the rest of the industrialised
world.  The NSA's Mr Hearn has the task of persuading governments
that the controversial Clipper Chip for telephones and a
technology called Tessera, for computer modems, is quickly
adopted, despite mounting opposition.

The US, European Commission and four European Union countries -
Britain, Germany, France and the Netherlands - are already
deciding how to administer the dawning electronic age of
`information highways' which will bring an explosion in the use
of hi-tech in everyday lives.

A consultant to the European Commission who has worked on the new
encryption standards claims that those who object to US efforts
to regulate the market for encryption are `politically naive'.

"Whether we like it or not, the authorities will want to listen
in on our communications," he said.  "The Americans are to be
admired for being up front about it, when other countries are
doing the same thing anyway."

Experts in the field of information security often speak of
physical boundaries that now define the world being replaced by
electronic boundaries.  In this Orwellian world, which is at most
five years away, people will be issued with so-called `smartcards'
with microchips that can store their entire personal history.
The identity cards will be a passport for ordinary citizens, used
to store health records, for personal banking, paying for travel
and for identity checks at borders.

In the same way, companies and even countries will be expected to
use technology like the encryption Clipper Chip for date
transmissions.

"We are defining our new electronic world - which will become
increasingly important in a borderless Europe," the EU security
consultant said.

**************************************************
* Allen J. Baum            tel. (408)974-3385    *
* Apple Computer, 20525 Mariani Ave,  MS 305-3B  *
* Cupertino, CA 95014      baum at apple.com        *
**************************************************







From tcmay at netcom.com  Wed Feb 16 11:35:13 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 16 Feb 94 11:35:13 PST
Subject: Precedent for PGP legality
In-Reply-To: <199402161724.JAA19112@netcom9.netcom.com>
Message-ID: <199402161933.LAA29006@mail.netcom.com>


Bob Cain writes:

> It is true that there was a great deal of enmity between RSA's
> president, Jim Bidzos, and Phil but that was just starting to thaw a
> year or so ago when I let Jim know that Phil was interested in

"Just starting to thaw"? Have you checked recently? As recently as
last Friday night, when I talked to Phil on the phone, the polar
icecap was small by comparison.

> licensing RSA's patents (for those that haven't bothered to check,
> RSA's fees are incredibly reasonable) because there were some
> businesses interested in using PGP that wouldn't because of its
> geurillaware status.  I believe that they worked something out or Phil
> would not have been pursuing the commercial work he got busted/hassled
> for by the fed.  I don't think that RSA deserves any suspicion with
> regard to Phil's troubles.

About Phil having worked something out, you are very misinformed. What
Phil did was to do an end-run arount RSA's objections, and without
RSA's foreknowledge, by working with ViaCrypt, which has already
obtained its own license. Reports are that Bidzos was furious, but
nothing could be done. (I haven't talked to Bidzos since last April,
so of course I can't confirm his side. I have confirmed this in talks
with Phil.)

About any RSA involvement with the Grand Jury issue, RSA was
interviewed and was copied on memos written by the investigators,
according to copies obtained (legally) by Phil Zimmermann. What this
means is anyone's guess, but it ought to be borne in mind.

I don't necessarily view Bidzos as an agent of the AntiChrist as some
do, but things are definitely complicated and soap operish. The "Phil
and Jim Show" has a few more episodes.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From talon57 at well.sf.ca.us  Wed Feb 16 11:40:22 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Wed, 16 Feb 94 11:40:22 PST
Subject: Ameritech announcement
Message-ID: <199402161939.LAA22382@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----



Ameritech first in nation to detail plans to open local network

Ameritech has become the first communications company in the nation
to volunteer to open its local network to competitors.

  Ameritech today submitted tariffs to the Illinois Commerce
Commission (ICC) that specify how it will open its local network to
competitors in Illinois communities where it is the primary
telephone company.  If approved, the tariffs will go into effect
when Ameritech is authorized to enter the long distance business. 

"We believe that our customers want and deserve the choices that
only all-out communications competition can deliver,"   said Dick
Brown, Ameritech vice chairman.  "No court ordered us to do this. 
No regulators mandated that it must be done.  Ameritech initiated
the idea as a way to better serve our customers and we now have
delivered a detailed blueprint for getting the job done." 

 When the changes that Ameritech has proposed are implemented, a
competitor, subject to regulatory approval, can use portions of the
Ameritech network to provide local telephone service.  Thus, the 
competing company on its own can provide all of the capabilities 
necessary to offer local communications services, or it can obtain 
from Ameritech the capabilities that are needed but which it
chooses not to provide itself.

"The positive regulatory environment in Illinois favorably
positions this state and its citizens to lead the way on the
information superhighway and to be among the first to reap the
economic benefits of communications competition," said Doug
Whitley, president of Ameritech Illinois. 

Specifically, Ameritech's Illinois Commerce Commission (ICC) filing
proposes procedures, technical specifications and prices.  It 
describes how competitors can:

- - Obtain access to Ameritech's local distribution network in      
  Illinois (the local loop) so that they can use the Ameritech    
  links to reach customers' homes or offices.

- - Purchase from Ameritech the local switching capability.

- - Integrate their local switches and networks with the Ameritech 
  network. 

The Ameritech filing also provides details of a process under which
an Ameritech customer in Illinois can choose to have a single
company handle local and long distance calls.

Ameritech's quid pro quo for fully opening its local network to 
competitors is straightforward:  Ameritech wants new regulations 
geared to a competitive marketplace and the freedom to provide 
long-distance services.   

When Ameritech's plan to fully open the local network to
competitors is implemented, all-out competition, market-driven
prices and accelerated innovation will shape communications
marketplaces in the portions of Illinois the company serves.  

"Ameritech should be a full participant in the new communications 
world that is emerging.  We want the flexibility to serve its 
customers as they want to be served," said Brown.  "As customers' 
needs become more sophisticated and voice, data and video
industries converge, opening access to all networks is necessary
for a fully competitive communications marketplace."

"The same rules should apply to all players -- providers of voice, 
video and data; long distance or local service," he said.  
 

               
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWJ0FtCcBnAsu2t1AQF3EAQAhqNcBIwBF1p8IxqwBWm/ZFui7KR8VWV9
bm1d6531kXoXt6wA7qaKqnZ8KvAfjCKxmEgBQ3OFCB9jYkyBB6/DRByNyb/agldS
trTdUn48LZgsm4IP2Kr1O0Ds2J17droUS7bljNhrohjtCIoVY1UU8sOoefxMqlKG
DRxjEEmCT58=
=IMpJ
-----END PGP SIGNATURE-----






From baum at newton.apple.com  Wed Feb 16 11:45:13 1994
From: baum at newton.apple.com (Allen J. Baum)
Date: Wed, 16 Feb 94 11:45:13 PST
Subject: New Crypto product & other ramblings
Message-ID: <9402161943.AA22869@newton.apple.com>


I think the only way to prevent Clipper is pre-emptively.

The advantages of Clipper are twofold:
 Gov't volumes may drive the price down
 The Algorithm is fast, and the silicon required to implement it is small.
Modular arithmetic is (belief here, not fact) bigger, slower, and more
expensive.

There is enough knowledge, experience, and money on this mailing list to
design an encryption chip to compete against Clipper.

It would be better if we could just buy them- maybe that will happen.

SGS-Thompson has just announced a smart-card chip with  Modular Arithmetic
Processor (ST16CF54) developed by an Israeli company, Fortress U&T Ltd.
It's optimized for 256 and 512bit exponentiations, but can handle 1024 bit.

It sounds like this is just for public key signature verification- it can't
encrypt or decrypt at high speeds.

Anyone know more about this product? (ref. EEtimes 2/14/94 pg 20)

**************************************************
* Allen J. Baum            tel. (408)974-3385    *
* Apple Computer, 20525 Mariani Ave,  MS 305-3B  *
* Cupertino, CA 95014      baum at apple.com        *
**************************************************







From smb at research.att.com  Wed Feb 16 11:45:21 1994
From: smb at research.att.com (smb at research.att.com)
Date: Wed, 16 Feb 94 11:45:21 PST
Subject: Clipper and Traffic Analysis
Message-ID: <9402161940.AA13319@toad.com>


	 Speaking of phone records and such, btw, AT&T keeps phone
	 records for quite a long time.  About half a year or
	 so my girlfriend visited her relatives in Hong Kong
	 and I called her there to save them some major money.
	  
	 A few months ago, I get a letter/offer from AT&T
	 saying that I could save over xxx% on calls to HK,
	 Taiwan, etc...  Now, I'm a white boy and my name
	 would give them absolutely no hint of having
	 relatives or friends in Hong Kong.  Obviously they
	 keep records for waaaay far back, and keep them in
	 use!!!
	  
	 If they use'em for advertising, you can bet they
	 use them for other shady "law-enforcement" type info
	 for cops, etc....

That's a fairly strange conclusion to draw.  In fact, I was originally
going to use a much stronger word than ``strange'', but I forbore to
change my standing policy against flames.  Why, pray tell, do you
think that because AT&T uses its own information, that it gives it
to the government?  

For one thing, that would be illegal, as I read the law.  18 USC 2703(c)(1)(A)
specifically prohibits giving out records of subscriber information to
government agencies, except in reponse to a subpoena, warrant, or court
order.  (Oddly enough, it is permissible to give out the information
to non-government agencies; if I recall correctly what I've read of the legislative
history of the act, that was specifically intended to permit compilation
and sale of mailing lists and marketing data.)

For another, it isn't at all clear to me that it's in any way unethical
for a company to understand which of its products its customers buy.
*Selling* such data is another matter -- I don't like that at all -- but
that isn't what you're claiming.

You also say that AT&T is not using racial data or certain names to
pick out markets.  All you're saying is that you once called Hong Kong,
and that AT&T is now offering you a cheaper way to do so.  What's wrong
with that?  (Btw -- half a year is not at all a long time.  That's only
very slightly longer than they'd need to keep the data just to resolve
billing questions.)


		--Steve Bellovin

Disclaimer:  Obviously, I work for AT&T.  That doesn't mean I like
everything the company does -- but in this case, I fail to see the offense.





From solovay at math.berkeley.edu  Wed Feb 16 11:50:22 1994
From: solovay at math.berkeley.edu (Robert M. Solovay)
Date: Wed, 16 Feb 94 11:50:22 PST
Subject: No Subject
In-Reply-To: <9402160756.AAwdlv05785@relay2.UU.NET>
Message-ID: <199402161948.LAA05393@feynman.berkeley.edu>


Eric writes:

Yeah, the internet technology is changing.  ATM is coming.

Query:
	What's ATM?

	--Bob Solovay





From tcmay at netcom.com  Wed Feb 16 11:55:12 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 16 Feb 94 11:55:12 PST
Subject: money maker
In-Reply-To: <9402160554.AA02030@toad.com>
Message-ID: <199402161952.LAA02544@mail.netcom.com>


Gary Jeffers writes:

>    I have an idea of how ambitious cypherpunks could make money. They
> could be communications intermediaries between financial clients in
> the U.S. & financial institutions in locations such as the Bahamas
> & Switzerland.
> 
>    This would require a cypherpunk in the U.S. & another cypherpunk
> in the foreign country. From now on in text cypherpunk = CP.
> The U.S. CP would get message from client & then use the internet
> with anonymous remailers & strong encryption to send message to
> CP in foreign country. CP in foreign country then decrypts message
> & gives it to local financial institution. Financial institution

This is a really neato idea!

In fact, here's a way to make even more money this way (sung to the
tune of "Mo Money, Mo Money, Mo Money"):

- set yourself as this "crypto intermediary"
- take the plaintext offered by your tax-evading clients, do the
encryption, etc., etc.

- after several million buck's worth of transactions have flowed
through your system, go to the Internal Revenue Service and report
that you are "shocked, simply shocked" at what appears to you to be a
violation of U.S. tax laws

- be sure to demand your 25% fee--25% or more of the amount the IRS
ultimately collects goes to the whistleblower.

I cite this not as a flame against Gary (nothing wrong with
speculation) but as a cautionary note against trusting others to act
as your "agents."

There may be a role for discreet (and discrete, too) financial
advisors, and some may be involved in money laundering and tax
evasion--after all, it happens all around us. But they are also weak
links and can turn in their clients for finder's fees and in cutting
their own deals with the Feds to avoid jail time.

I don't expect too many Cypherpunks will be able to find clients this
way.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From qwerty at netcom.com  Wed Feb 16 12:10:23 1994
From: qwerty at netcom.com (Xenon)
Date: Wed, 16 Feb 94 12:10:23 PST
Subject: Misc replies
Message-ID: <199402162006.MAA13821@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Greg Broiles wrote,

>I second Hal's suggestion to route Detweiler's traffic through Xenon's
>remailer.

>(Xenon - the point isn't to keep Detweiler off the net. We all know
>that's impossible. The point is to keep Detweiler from getting remailers
>shut down by abusing them. That's why this is particularly unlike
>censorship; Detweiler's goal is to keep all people from using remailers.)

Sure, send me YOUR garbage. Why isn't Larry abusing MY remailer? This
peer pressure is childish. I no longer really need qwerty as a remailer,
and will happily shut it down as soon as YOU people start abusing it.

I admit I created a lot of negative feelings out there with my statement
that I didn't want to block Larry's addresses. However, say I retract
that statement, and say I do not want to block him, but that I AM
willing to give into such peer pressure and try TO block him? I now
ask you to, with compassion, educate me about how the arguments I
express against the MEANS you tell me to use, are not valid.

I don't mind blocking the address of some undergrad who is sending silly
stuff to Usenet, but must I always have to demonstrate to you things
that I cannot seem to convey in words? OK. I shall write a script to
telnet to port 25 of a given remailer, and forge mail from various
non-existent addresses at Netcom. They will include names like
"S.Boxx at netcom.com", "Executioner at netcom.com", and
"Fuckyou at netcom.com". What will you do then, block incoming from
netcom.com? Yeah right ;-) ! I sent myself mail this way via Hal's
remailer. It WORKED.

Larry knew how to do this when I was still trying to work my
newsreader. Again, as I have said before, it is my feeling that
all of our trying to block Larry's current known addresses will
only fuel the fire, and next time he will REALLY cause problems.
He isn't a stupid guy. And he IS the type of person who if you
fight him, he will fight back with more energy than before. So far
I am not impressed with the level of sophistication in the words
I hear coming from the remailer operators and other interested
parties out here. We need an ABUSE filter, not a Detweiler filter,
for with current sendmail, we CANNOT block a determined
person from abusing the remailers. And it is my belief that trying
to do so will renew their fanaticism and dedication to upsetting
the remailers. He already seems to have a new anon.penet.fi
address. He can have as many more as he wants, brand spanking
new, by telnetting to anon.penet.fi 25 and faking his address. I
have tried this and it too WORKS.

Give me a real solution, one that will not make the problem
WORSE. Many of you out here remind me of government
bureaucrats, in how you want to try quick very short term
fixes, which in the end only backfire and make the problems 
worse. You think Larry isn't willing to fork over $20 to get a
Netcom account and then spend another $50 to buy e-postage,
then send out much MORE damning abuses (since you made it
harder for him to do damage by quantity alone), this time





From qwerty at netcom.com  Wed Feb 16 12:15:13 1994
From: qwerty at netcom.com (Xenon)
Date: Wed, 16 Feb 94 12:15:13 PST
Subject: Misc replies
Message-ID: <199402162014.MAA14953@mail.netcom.com>



I'll try this again; Netcom has this nasty habit of just dying for
10 minutes at a time right in the middle of my pasting e-mail.

-----BEGIN PGP SIGNED MESSAGE-----

Greg Broiles wrote,

>I second Hal's suggestion to route Detweiler's traffic through Xenon's
>remailer.

>(Xenon - the point isn't to keep Detweiler off the net. We all know
>that's impossible. The point is to keep Detweiler from getting remailers
>shut down by abusing them. That's why this is particularly unlike
>censorship; Detweiler's goal is to keep all people from using remailers.)

Sure, send me YOUR garbage. Why isn't Larry abusing MY remailer? This
peer pressure is childish. I no longer really need qwerty as a remailer,
and will happily shut it down as soon as YOU people start abusing it.

I admit I created a lot of negative feelings out there with my statement
that I didn't want to block Larry's addresses. However, say I retract
that statement, and say I do not want to block him, but that I AM
willing to give into such peer pressure and try TO block him? I now
ask you to, with compassion, educate me about how the arguments I
express against the MEANS you tell me to use, are not valid.

I don't mind blocking the address of some undergrad who is sending silly
stuff to Usenet, but must I always have to demonstrate to you things
that I cannot seem to convey in words? OK. I shall write a script to
telnet to port 25 of a given remailer, and forge mail from various
non-existent addresses at Netcom. They will include names like
"S.Boxx at netcom.com", "Executioner at netcom.com", and
"Fuckyou at netcom.com". What will you do then, block incoming from
netcom.com? Yeah right ;-) ! I sent myself mail this way via Hal's
remailer. It WORKED.

Larry knew how to do this when I was still trying to work my
newsreader. Again, as I have said before, it is my feeling that
all of our trying to block Larry's current known addresses will
only fuel the fire, and next time he will REALLY cause problems.
He isn't a stupid guy. And he IS the type of person who if you
fight him, he will fight back with more energy than before. So far
I am not impressed with the level of sophistication in the words
I hear coming from the remailer operators and other interested
parties out here. We need an ABUSE filter, not a Detweiler filter,
for with current sendmail, we CANNOT block a determined
person from abusing the remailers. And it is my belief that trying
to do so will renew their fanaticism and dedication to upsetting
the remailers. He already seems to have a new anon.penet.fi
address. He can have as many more as he wants, brand spanking
new, by telnetting to anon.penet.fi 25 and faking his address. I
have tried this and it too WORKS.

Give me a real solution, one that will not make the problem
WORSE. Many of you out here remind me of government
bureaucrats, in how you want to try quick very short term
fixes, which in the end only backfire and make the problems 
worse. You think Larry isn't willing to fork over $20 to get a
Netcom account and then spend another $50 to buy e-postage,
then send out much MORE damning abuses (since you made it
harder for him to do damage by quantity alone), this time
with real religious zeal, since now he has gotten you guys to
finally fight back, and as you must realize, he takes this all
VERY seriously.

And after all, isn't our installing ABUSE filters what Larry
is trying to tell us to do in the first place? I do not find this
an unreasonable request. It is a wonderful solution that avoids
accountability problems, after the fact, upon someone posting
an abusive message to Usenet, since they are unable to post
such an abuse in the first place. Why don't we appease Larry?

How? The answer is painful and obvious: Moderated remailers.
You already have to trust the remailer operator with your
privacy. E-postage is a fun idea especially for ME ;-), but the
logistics and loss of traffic are real problems. Besides, I can't
charge as much for a Netcom remailer, as it is not as secure
as some others. Is it not unfortunate that an AI program
cannot ever hope to accomplish what the human eye and brain
can do in a millisecond? Hit a 'd' key in responses to abusive
mail. Send me such a script!

Until Usenet is fully moderated, and realize that MOST people
on Usenet do NOT feel like pandering to "those cowards and
irresponsible people afraid to use their real names". THAT is
the attitude out there. There must be moderation, if only for
remailing to Usenet. Since such moderation is unlikely in the
next year, for all of Usenet, the moderation must lie within
the remailers. Yes, anon.penet.fi has survived without this,
but Julf keeps people's REAL addresses on his hard disk,
and keeps FULL logs (not content though). Still, it is possible
for Larry to send out a hundred Usenet posts, by forging
e-mail to anon.penet.fi. Fortunately for Julf, he is busy
enough upsetting us.

If full moderation not be practical, then fairly smart scripts
for detecting abuse could do SOME good. Certainly a barrage
of posts to Usenet could be detected and blocked. But that only
causes someone to post more damaging posts in fewer numbers.

"I am afraid of knowing the truth, for when you offer it to
people, they call you mad."

 -=Xenon=-



-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWI1bASzG6zrQn1RAQHPEwP/Wf/jCuEV6sE9vs89NvC25T1ejBrr6nxq
+65zorNvaSpaTYJraH5kD7NHSerXX5XlNKllG10RoqwnpjwQ56FCsVQzqDrkYH+9
DXk5VP2ay0B0DFIRxgTGXhl4fXi6K6bjiS4dRi4AxvnOeZaGlzTQMu1CGJJZ1pNk
Cv+P0X/rYcw=
=tO7R
-----END PGP SIGNATURE-----





From hayden at krypton.mankato.msus.edu  Wed Feb 16 12:35:13 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Wed, 16 Feb 94 12:35:13 PST
Subject: Big Brother PostScripts
Message-ID: <Pine.3.89.9402161438.A26904-0100000@krypton.mankato.msus.edu>


Thanks to some help, I have the Big Brother PostScript but have reduced 
its size so that it is about 1" x 1" or so (no ruler, just a guest).  
This is a perfect size for printing on stickers, letterheads, etc.

If anyone wants a copy, please drop me a line and I'll be happy to mail 
it to you.  If someone at cpsr.org wants to put it up for FTP, please 
also contact me and let me know where to upload it to (or if you want me 
to email it to you.)

[As a side note, I'm thinking of breaking into the lab some night and 
putting these stickers on all of the workstations.  Just thinking about 
it, not actually going to do it :-)]

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From nobody at jarthur.claremont.edu  Wed Feb 16 12:35:22 1994
From: nobody at jarthur.claremont.edu (nobody at jarthur.claremont.edu)
Date: Wed, 16 Feb 94 12:35:22 PST
Subject: PRIVACY: Disinformation
Message-ID: <9402162035.AA14385@toad.com>


 Consider me a hypocrite BUT.... consider the following...


My AMPS cell phone is easily intercepted... yes I know I
often listen to others calls on my scanner and frequency counter... myself. :)


   As I am one who is being investigated and tapped I often discuss
Totally Fallacious and Unverifiable conspiracies
(protected by crypto you see)... Given also I have had PLENTY
of contact with the OPFOR(opposing force i.e. LE Mind Set)...
I know ANYTHING is believeable to that mind set as long as enough
crumbs(i.e. evidence is found... email seems to be sufficient dor this
at least to start investigating). Make it VERY unprofitable to investigate...



As far as Digital Banks go ... Yes there has always been Cashing your
Check and then buying everything cash. Its INCONVENIENT AS HELL...
Believe me I Live this way...   Having  Anonymous Electronic Credit Cards
issued by the First Cyberspatial BAnk <First_Cyber at cyberspace.nil>
and being either a Visa or MC with NO way transactions tracable to me would be
a BIG convenience...



 Look at the recent Soft porn Bust....(by enrtapment with kiddie porn no less)

The IRS is now getting hit with falacious Electronically Returns/Refunds...

How about filing the next 2-3000 in the name of your favorite Judge,
DA, Investigator, Senator, Representative....All fraudalent returns...
with even the possibility of profit... I figure the resulting shitstorm when
the IRS Revenue Officers and Criminal Section Investigators start on 
Federal Judges, Representatives and the like will consume MOST of the federal
bureaucracy time....


    Turmoil





From bdolan at well.sf.ca.us  Wed Feb 16 12:40:22 1994
From: bdolan at well.sf.ca.us (Brad Dolan)
Date: Wed, 16 Feb 94 12:40:22 PST
Subject: AT&T phone logs
Message-ID: <199402162039.MAA12108@well.sf.ca.us>


I've been told by someone I believe that the phone companies are ...uh...
encouraged to keep call records for *at least* 3 years.

bdolan at well.sf.ca.us





From huntting at glarp.com  Wed Feb 16 12:40:26 1994
From: huntting at glarp.com (Brad Huntting)
Date: Wed, 16 Feb 94 12:40:26 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <199402151938.LAA13708@mail.netcom.com>
Message-ID: <199402162036.AA06042@misc.glarp.com>



> [Usenet] is broken in the larger sense that Eric mentioned: costs
> are not incurred by posters. This is not just a problem with
> remailers, but with the growing numbers of "Make.Money.Fast" and
> "Allah is Coming!" sorts of posts. Think about it.

Be carefull of what you wish for,  we have plenty of systems where
the costs for information are incured by the ones that produce and
diseminate it.  I for one will fight long and hard to insure that
usenet stays free and does not sink into the same myopic sluge pit
that corporate press wades through.

It's very importaint that usenet be free for anyone to post.  It's
also becoming nessesary to have good noise filters on the readers
end.


brad





From nowhere at bsu-cs.bsu.edu  Wed Feb 16 12:40:26 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Wed, 16 Feb 94 12:40:26 PST
Subject: No Subject
Message-ID: <9402162038.AA09053@bsu-cs.bsu.edu>




 I was recently helping a new start-up phone company get in operation]We 
As part of the initial acquisition process of a DCO/CS (Stromberg Carlson)
based switch facility which the start-up was acquiring from
a previous failed company we went on a swwitchroom tour...
There tucked in a back corner and hooked to the "hacker" and fraud
intercept trunks of the CS was a intercept operation... the previous consultant
(who was giving the tour) bragged of having listened to Hot Ladies etc
(usual sort of Drivel) Talking to the former owners I find the former switchroom
tech(not this guy) was fired for this type of offense... this company and its 
sucessor used to carry my  long distance traffic... NO MORE!!!... with 
clipper... this will become a pernicious typr of action
... impossible to stop...
BTW the company and its sucessor is SF Bay Area Based... :)






From jschultz at bigcat.missouri.edu  Wed Feb 16 12:55:13 1994
From: jschultz at bigcat.missouri.edu (John Schultz)
Date: Wed, 16 Feb 94 12:55:13 PST
Subject: Where to get Big Bro Stickers
In-Reply-To: <2D610EB9@kailua.colorado.edu>
Message-ID: <Pine.3.07.9402161407.B17842-a100000@bigcat>


On Tue, 15 Feb 1994, James Still wrote:
> I sent my donation to:
> 
>      Christian Douglas Odhner
>      14079 N. 34th Place
>      Phoenix, AZ  85032
>      cdodhner at indirect.com
> 
> 
> But beware!  I sent him $15 bucks about 6 months ago and have
> yet to see any stickers in the mail...  Perhaps I'll try e-mailing
> him again to see what's up; or perhaps I should acknowledge a
> beautiful scam when I see one!  (Or maybe the elusive tentacles
> have struck down another pesky cypherpunk...)

The same thing happened to me.  I sent him $10 and never got any stickers.
I mailed him once and he said he sent them, but would try sending some
more.  I've never gotten them, or bothered to mail Chris again.








From nobody at soda.berkeley.edu  Wed Feb 16 13:00:23 1994
From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu)
Date: Wed, 16 Feb 94 13:00:23 PST
Subject: No Subject
Message-ID: <199402162057.MAA28843@soda.berkeley.edu>


Extremely high activation potentials caused Xenon to ionize:

##  "I am afraid of knowing the truth, for when you offer it to
##  people, they call you mad."

But if they call you mad, it says nothing about your possession of truth.

Goddamn converse-is-not-the-contrapositive-ignorant, I-couldn't-possibly-
be-wrong-claiming, solipsism-tending, basic-logic-error-making, self-
deceiving, to-his-own-authority-pointing, self-esteem-up-propping ranters!





From collins at newton.apple.com  Wed Feb 16 13:00:27 1994
From: collins at newton.apple.com (Scott Collins)
Date: Wed, 16 Feb 94 13:00:27 PST
Subject: Politics, Religion, MUDs, MOOs, the Internet, the Past, and the Future
Message-ID: <9402162057.AA27177@newton.apple.com>


Here is some cogent text from James Burke, a guy right at the top of my
`man-I-wish-I-was-that-smart' list.  He is noted for his television series
"Connections", "The Day the Universe Changed", "Tomorrow's World", and "The
Burke Special".

After the last physical cypherpunks meeting, thoughts of MOOs and whatnot
floating through my head, I chanced on a Discovery Channel broadcast of
"The Day the Universe Changed" and when it was over, rushed right out to
get the book.

His comments about computers (particularly considering he made them in
1984-5), and the kind of future they can allow mixed in my head with all
the things cypherpunks normally plan for and dream about and filled me with
a sense of "Wow! This guy is dead on (and even still ahead of us in his
thinking)."

    James Burke
    The Day the Universe Changed (companion to the public television series)
    1985, Little, Brown, and Co.
    ISBN 0-316-11706-4


  *** the first sentence from the Preface ***

You are what you know.

  *** the last five paragraphs in the book ***

The knowledge acquired through the use of any structure is selective. 
There are no standards or beliefs guiding the search for knowledge which
are not dependent on the structure.  Scientific knowledge, in sum, is not
necessarily the clearest representation of what reality is; it is the
artifact of each structure and its tool.  Discovery is invention. 
Knowledge is man-made.

If this is so, then all views at all times are equally valid.  There is no
metaphysical, super-ordinary, final, absolute reality.  There is no special
direction to events. The universe is what we say it is.  When theories
change the universe changes.  The truth is relative.

This relativist view is generally shunned.  Is is supposed by the Left to
dilute commitment and by the Right to leave society defenseless.  In fact
it renders everybody equally responsible for the structure adopted by the
group.  If there is no privileged source of truth, all structures are
equally worth assessment and equally worth toleration.  Relativism
neutralizes the views of extremists of all kinds.  It makes science
accountable to the society from which its structure springs.  It urges care
in judgement through awareness of the contextual nature of the judgemental
values themselves.

A relativist approach might well use the new electronic data systems to
provide a structure unlike any which has gone before.  If structural change
occurs most often through the juxtaposition of so-called `facts' in a novel
way, then the systems might offer the opportunity to evaluate not the facts
which are, at the present rate of change, obsolete by the time they come to
the public consciousness, but the relationships between facts: the
constants in the way they interact to produce change.  Knowledge would then
properly include the study of the structure itself.

Such a system would permit a type of `balanced anarchy' in which all
interests could be represented in a continuous reappraisal of the social
requirements for knowledge, and the value judgements to be applied in
directing the search for that knowledge.  The view that this would endanger
the position of the expert by imposing on his work the judgement of the
layman ignores the fact that science has always been the product of social
needs, counscioulsy expressed or not.  Science may well be a vital part of
human endeavour, but for it to retain the privilege which it has gained
over centuries of being in some measure unaccountable, would be to render
both science itself and society a disservice.  It is time that knowledge
became more accessible to those to whom it properly belongs.

  *** end of quoted material ***




Scott Collins   | "That's not fair!"                         -- Sarah
                | "You say that so often.  I wonder what your basis
   408.862.0540 |  for comparison is."                 -- Goblin King
................|....................................................
BUSINESS.    fax:974.6094    R254(IL5-2N)    collins at newton.apple.com
Apple Computer, Inc.  5 Infinite Loop, MS 305-2D  Cupertino, CA 95014
.....................................................................
PERSONAL.    408.257.1746       1024:669687       catalyst at netcom.com







From phantom at u.washington.edu  Wed Feb 16 13:00:27 1994
From: phantom at u.washington.edu (Matt Thomlinson)
Date: Wed, 16 Feb 94 13:00:27 PST
Subject: stickers
Message-ID: <Pine.3.89.9402161202.A19520-0100000@stein3.u.washington.edu>



Re: big brother stickers, Robert Hayden wrote:

> Uh, how do you do dat?

Well, I was able to use Word for Windows just now and drop a bunch of them
on a page at once (they're postscript; import them as an .eps), resize
them at will, and print the page out. If you wanted to make your own 
laser-stickers or whatnot, I could see this working for you.

Of course, a nicer program (one more suited for the task) would be 
preferred, but .. :)


Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu






From warlord at MIT.EDU  Wed Feb 16 13:10:23 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Wed, 16 Feb 94 13:10:23 PST
Subject: No Subject
In-Reply-To: <199402161948.LAA05393@feynman.berkeley.edu>
Message-ID: <9402162109.AA11077@toxicwaste.media.mit.edu>


	What's ATM?

ATM == Asynchronous Transfer Mode.  It is a link-layer
packets-switched network that can guarantee data throughput at the
cost of some latency (and denial-of-service for other customers).

It is the newest, "hotest" network being developed right now.

-derek






From huntting at glarp.com  Wed Feb 16 13:10:26 1994
From: huntting at glarp.com (Brad Huntting)
Date: Wed, 16 Feb 94 13:10:26 PST
Subject: ITAR vs. Diffie-Hellman Key Exchange?
In-Reply-To: <9402160417.AA09448@anchor.ho.att.com>
Message-ID: <199402162106.AA06236@misc.glarp.com>



> However, is Diffie-Hellman exportable?   After all, it's not crypto,
> it's *just* key exchange, and people can plug in their own triple-DES
> from the usual sources.  It looks to me like it's probably legal,
> though if you were to then transmit the password by XORing with the login
> key or some such probably-unsafe behaviour it might not be.

I think the export restrictions refer to "secret messaging".  DH
creates a shared secret.  I doubt it can be exported.


brad





From norm at netcom.com  Wed Feb 16 13:45:13 1994
From: norm at netcom.com (Norman Hardy)
Date: Wed, 16 Feb 94 13:45:13 PST
Subject: 
Message-ID: <199402162141.NAA21068@mail.netcom.com>


At 11:48 2/16/94 -0800, Robert M. Solovay wrote:
...
>Query:
>        What's ATM?
...
ATM = Asynchronous Transfer Mode. This is a switched service running at at
least 155 Mb/sec using optical fiber. 600Mb are expected to follow not much
later. A single strand to customer premises provides that bandwidth full
duplex. The strand provides for many multiplexed virtual circuits a bit
like X.25 except that it will probably be priced according to a bandwidth
selected at call setup and you will be prevented from exceeding that rate
during the call. This service should be sufficient for video. Simillar
technologies are being built for local LANs where each computer has a full
duplex 155 Mb potential instead of the aggregate 10Mb provided by Ethernet.







From analyst at netcom.com  Wed Feb 16 13:45:21 1994
From: analyst at netcom.com (Benjamin McLemore)
Date: Wed, 16 Feb 94 13:45:21 PST
Subject: Detweiler blocking
Message-ID: <199402162141.NAA00160@mail.netcom.com>


I must admit to a certain amount of amazement to the almost universal
consensus I have seen in this forum regarding censoring Detweiler's (or
whomever's) Usenet postings. I believe in the remailer concept and I
believe in fighting the authoritarian traceability standard that the
Internet is designed around. As Xenon and others have mentioned, there
are numerous ways for anyone to get around any kind of source-level
filtering you might care to implement, and thus as remailer operators
heading down this path, you will be put in the position of the
proverbial dutch boy with a finger in the dike.

The type of privacy that most of us as cypherpunks think is important
and are trying to provide will necessarily leave us open to attacks
such as Detweiler's. But I think privacy is more important than one
more off-topic post in a random newsgroup. And if someone receives
mail they don't like or don't appreciate--delete it! This medium of
electronic communication is not nearly as dangerous as the current
postal system, which allows you to send real mailbombs--and the postal
system does NOT require return addresses. Who are these uptight
schmucks writing to root and postmaster about Detweiler posts? Why on
earth have they been allowed to get away with it! This is ridiculous.

I think this is the battle that we must fight. The digital convergence
is happening now, and unfortunately with the current authoritarian
Internet model, Clipper/Capstone/Tesserae and all that
nonsense--things arent't looking good for our side. Therefore, I think
even more we have to stand on principle to fight this thing. (and yes,
I fully intend to have my remailer running soon--I'm not just talking).

Someone could send me mail now containing kiddy porn (most likely a
postal inspector--they seem to be the only markey for the stuff) with
no return address--should I write to the root at whitehouse.org as the
ultimate arbiter since the postal service has delivered me this mail?
If someone delivers mail through my remailer (which will ONLY support
PGP encrypted mail) how am I responsible? 

Benjamin
----------------------------------------------------------------------
analyst at netcom.com
mail pgp-public-keys at io.com for PGP key





From jim at Tadpole.COM  Wed Feb 16 13:55:13 1994
From: jim at Tadpole.COM (Jim Thompson)
Date: Wed, 16 Feb 94 13:55:13 PST
Subject: Where to get Big Bro Stickers
Message-ID: <9402162154.AA02712@chiba.tadpole.com>




Damn, I didn't send him anything yet, and I got a *lot* of stickers...





From qwerty-remailer at netcom.com  Wed Feb 16 13:55:25 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 16 Feb 94 13:55:25 PST
Subject: Big Brother PostScripts
Message-ID: <199402162156.NAA19448@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Robert Hayden wrote,

>[As a side note, I'm thinking of breaking into the lab some night and
>putting these stickers on all of the workstations.  Just thinking about
>it, not actually going to do it :-)]

How about payphones? No they aren't Clipper phones. But the point
is to make people paranoid, and thus make them think about the
issues. For soon it WILL be a Clipper phone.

 -=Xenon=-

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWJGIASzG6zrQn1RAQEglwP/UvzVBo9VDGZX62u3yqM76Pe1GP804HMa
dZppBecPtH1ioClP2cR7InCTE8ORSxhPbWBsRDxtF05/ABpSwZogVZcvUzu+s6Lv
2nZtvZWpX18bCI1zdHnJyI4M9EhLLmGe3uoMP7gK8RxK7vVu4YwA6KD/FWgl3uhl
jnnfBfvDrtQ=
=4w6z
-----END PGP SIGNATURE-----





From jdblair at nextsrv.cas.muohio.EDU  Wed Feb 16 14:10:22 1994
From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU)
Date: Wed, 16 Feb 94 14:10:22 PST
Subject: Key Server List Request
Message-ID: <9402162207.AA17335@ nextsrv.cas.muohio.EDU >


Is there a list of all of the currently operational PGP Keyservers
available?  If so, I'd appreciate a copy.

Thanks in advance,
-john.




From huntting at glarp.com  Wed Feb 16 14:10:26 1994
From: huntting at glarp.com (Brad Huntting)
Date: Wed, 16 Feb 94 14:10:26 PST
Subject: AT&T phone logs
In-Reply-To: <199402162039.MAA12108@well.sf.ca.us>
Message-ID: <199402162207.AA06620@misc.glarp.com>



> I've been told by someone I believe that the phone companies are ...uh...
> encouraged to keep call records for *at least* 3 years.

U S WEST keeps records of every phone call (local and long distance)
online for 24hours.  After that I suspect they dump them to tape,
but I'm not sure.


brad





From huntting at glarp.com  Wed Feb 16 14:15:14 1994
From: huntting at glarp.com (Brad Huntting)
Date: Wed, 16 Feb 94 14:15:14 PST
Subject: No Subject
In-Reply-To: <9402162109.AA11077@toxicwaste.media.mit.edu>
Message-ID: <199402162212.AA06673@misc.glarp.com>



>> What's ATM?

> ATM == Asynchronous Transfer Mode.  It is a link-layer
> packets-switched network that can guarantee data throughput at the
> cost of some latency (and denial-of-service for other customers).

But the idea that it will replace the Internet is nothing more than
a telco wet dream.  Unfortunatly most telco data networking types
(an oxymoron) really think that Internet can be replaced by ATM
(as opposed to IP over ATM which is a viable posibility for future
high speed networks).


brad





From SJB8195 at ZEUS.TAMU.EDU  Wed Feb 16 14:25:22 1994
From: SJB8195 at ZEUS.TAMU.EDU (Scott Beaudreau)
Date: Wed, 16 Feb 94 14:25:22 PST
Subject: Digital Money, Sandy, Mark
Message-ID: <940216162448.21412d75@ZEUS.TAMU.EDU>


Mark's wrote:
 > Sandy writes:
 > >I would like to start a new thread.  I want to know what the
 > >people on this list intend to do with cryptography in the "real
 > >world."
 > >...
 > >My interest is more than academic.  I am one of the Cypherpunks
 > >involved in creating a digital bank.
 >
 >Sandy -
 >
 >   In the real world there are already secret banks.  There are already
 >forms of untraceable cash and forms of completely fungible money.  These
 >techniques are very ancient and time honored.  They are well understood.
 >Many of them have stood the test of time and have not been compromised by
 >various incarnations of police states.
 >

 >Given the existence of efficient, accessible, secret, and widely accepted
 >monetary exchange I can't really see the need for a digital bank from the
 >privacy side.  I can't really see anyone who uses the current techniques
 >being interested in a new experimental form unless they are techno-junkies.
 >Nevertheless, please continue.  Some of us are techno-junkies.

I read Mark's reply to Sandy's post.  I believe it was well thought.
I was interested in knowing more though.  Please tell me more about the
secret banks that exist today.  I would like to hear about the time honored
techniques for cash funelling.  I am sure that we all have some familarity
with the different power groups that exist, and the games they play.  Are
these groups secure?  Are their methods efficient, accessible, secret, and
widely accepted?  How can I use this old system if I chose to today?  That
would be my real interest.

I think that digital banks are very needed.  I think they are feasible.
I even think that some power groups might start using them as opposed to the
old ways (whatever those ways are!)  There are many different kinds of
digital money systems possible.  I would suggest to Sandy that any work in
the area defintely continue.  The Net today is only an infant.  We all know
what is coming.  There seems to be a real need for a secure economic system
for it.

Mark has very valid points about what other technologies are needed in the
privacy arena.  I completely agree with him that many other problems must be
solved as well.  I think Mark views crypto technology with a good perspective.
There is much more than technology involved.


I am including the rest of Mark's post:

 >    It is already well known to privacy fanatics that you should not use
 > credit cards, debit cards, checks, atm cards, or other forms of electronic
 > money.  All transactions are logged and are easily analyzed.
 >
 >    Astute people cash their pay check at the employer's bank and pay cash for
 > everything.  Admittedly, this is somewhat paranoid, but on the other hand it
 > is fun to defeat the monolithic database builders who want to make money off
 > of selling information that belongs to you.
 >
 >    Cypherpunks must concentrate on solving problems that are true problems
 > now.  Do not spend time creating a variant of an existing/workable/fun
 > solution.  Email privacy was a true problem.  Clear text on your pc's hard
 > drive was a true problem.
 >
 >    Right now there is the well known problem of ethernet sniffers and the
 > trivial security breaches that can occur.  A telnet/lat traffic encrypter
 > is needed badly by the Sun/Dec/HP world.  Novell needs something badly as
 > well.
 >
 >    Cellular phones desperately need something.  The masses just have NO
 > IDEA how badly cellular needs something!  Fax machines need a variant of
 > PGP.  Pagers probably need it too.
 >
 >    I think the larger issue that cypherpunks need to blue sky about is wether
 > they will be content with a role as grey-area political criminals underneath
 > the boot of an ever growing police state.  Can crypto be more than a defensive
 > weapon?  What would people be defending against?
 >
 >    Crypto can do some things but it won't be the total solution.  In the end
 > we need to strengthen the rights of the little guy and devise ways to dilute
 > any new state powers that are created by technology.  Crypto is just one
 > compartment on our batman utility belt.
 >
 >    People always argue that criminals would use these tools.  I'm certain
 > of it.  Strengthening the state's hand to fight criminals always screws the
 > little guy.  The criminals all go to work for the state when its powerful
 > enough!  We've seen this over and over.
 > ---------
 > I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved
 > memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat
 > drives with compression, and a large diet coke.


/****************************************************************************
Name:       Scott Beaudreau                             
Occupation: Undergrad in Computer Engineering at Texas A&M.  Graduate 05/94!
Signature:  No signature.  I am working on it, Dammit!
Opinions:   !(In my opinion, everybody agrees with me and I'm always right!)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCNAi1ZjXYAAAEEAKr/Z+hhR4svDYqZq2FG1tyBXthOne5aCHY9Ff2cbIOQDhni
gNlu7B86ARjyHf0c2XufqzYga5hb5AMdxV1n0WkKCE46EKtRPsWH9fQRp+fQjv7y
meLjXK3cDgO9WMaFG8xIv9zfR3u6GI7/WjNz8CF/qkZ4xi61xg6eIvS4JXE9AAUR
tCpTY290dCBKLiBCZWF1ZHJlYXUgPHNqYjgxOTVAemV1cy50YW11LmVkdT4=
=obz5
-----END PGP PUBLIC KEY BLOCK-----
*****************************************************************************/





From mg5n+ at andrew.cmu.edu  Wed Feb 16 14:35:13 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Wed, 16 Feb 94 14:35:13 PST
Subject: Detweiler remailer abuse
In-Reply-To: <199402152145.NAA06598@mail.netcom.com>
Message-ID: <QhMdtqy00Vpc5JMkVy@andrew.cmu.edu>


Xenon wrote:

>Again, I wish we could get a net modeled on the postal service, in
>which there WAS NO "From: qwerty-remailer at netcom.com" in the headers.

It does work like the postal service.  You don't have to put a return
address on the letter.  You can put anything in the from line that you
want. You could put From: Anonymous Shithead and it would work.  But,
like the postal service, it will get postmarked where you mail it from,
so it will show that it came from netcom.com.





From pmetzger at lehman.com  Wed Feb 16 14:35:22 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 16 Feb 94 14:35:22 PST
Subject: Big Brother PostScripts
In-Reply-To: <199402162156.NAA19448@mail.netcom.com>
Message-ID: <9402162233.AA03665@andria.lehman.com>



This is an awful idea, as it completely dilutes the message of the
sticker which is that Clipper Phones have built in insecurity. We are
not trying to create general paranoia -- we are trying to sink
clipper. If you want general paranoia why not just pump speed into the
municipal water supply?

.pm

qwerty-remailer at netcom.com says:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Robert Hayden wrote,
> 
> >[As a side note, I'm thinking of breaking into the lab some night and
> >putting these stickers on all of the workstations.  Just thinking about
> >it, not actually going to do it :-)]
> 
> How about payphones? No they aren't Clipper phones. But the point
> is to make people paranoid, and thus make them think about the
> issues. For soon it WILL be a Clipper phone.
> 
>  -=Xenon=-
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.3
> 
> iQCVAgUBLWJGIASzG6zrQn1RAQEglwP/UvzVBo9VDGZX62u3yqM76Pe1GP804HMa
> dZppBecPtH1ioClP2cR7InCTE8ORSxhPbWBsRDxtF05/ABpSwZogVZcvUzu+s6Lv
> 2nZtvZWpX18bCI1zdHnJyI4M9EhLLmGe3uoMP7gK8RxK7vVu4YwA6KD/FWgl3uhl
> jnnfBfvDrtQ=
> =4w6z
> -----END PGP SIGNATURE-----





From pmetzger at lehman.com  Wed Feb 16 14:35:26 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 16 Feb 94 14:35:26 PST
Subject: Detweiler blocking
In-Reply-To: <199402162141.NAA00160@mail.netcom.com>
Message-ID: <9402162231.AA03653@andria.lehman.com>



Benjamin McLemore says:
> I must admit to a certain amount of amazement to the almost universal
> consensus I have seen in this forum regarding censoring Detweiler's (or
> whomever's) Usenet postings.

No one has proposed censoring his Usenet postings. What people have
proposed is that they deny him the use of the remailers that they set
up on their hardware. This is very different. Its the difference
between saying "Detweiler can't live" and "Detweiler can't live IN MY
LIVING ROOM". Its the difference between saying "I advocate the right
of people to discuss any topic they want" and saying "I adovacate the
right of people to discuss any topic they want IN MY BEDROOM AT FOUR
AM WHILE I'M TRYING TO SLEEP."

I am constantly suprised that this simple distinction is so hard for
people to understand. I advocate, for instance, that Nazis should have
free speech, but I would never hand them money to buy printing
presses, nor would I patronize newsstands that carry their
publications. Presumably this is "censorship" too.

I see nothing wrong with remailer operators taking steps to prevent
Detweiler from using their equipment against their will. This is not
censorship. Mr. Detweiler is still free to use Usenet any way he sees
fit. It is simply the act of saying "Mr. Detweiler can't use MY
REMAILER any way he sees fit."


Perry





From sdw at meaddata.com  Wed Feb 16 14:35:27 1994
From: sdw at meaddata.com (Stephen Williams)
Date: Wed, 16 Feb 94 14:35:27 PST
Subject: Politics, Religion, MUDs, MOOs, the Internet, the Past, and the Future
In-Reply-To: <9402162057.AA27177@newton.apple.com>
Message-ID: <9402162232.AA15366@jungle.meaddata.com>


> 
> Here is some cogent text from James Burke, a guy right at the top of my
> `man-I-wish-I-was-that-smart' list.  He is noted for his television series
> "Connections", "The Day the Universe Changed", "Tomorrow's World", and "The
> Burke Special".

I agree...  Great shows, my favorites.  Should be required in school.

...
>   *** the first sentence from the Preface ***
> 
> You are what you know.
> 
>   *** the last five paragraphs in the book ***
> 
...
> Such a system would permit a type of `balanced anarchy' in which all
> interests could be represented in a continuous reappraisal of the social
> requirements for knowledge, and the value judgements to be applied in
> directing the search for that knowledge.  The view that this would endanger
> the position of the expert by imposing on his work the judgement of the
> layman ignores the fact that science has always been the product of social
> needs, counscioulsy expressed or not.  Science may well be a vital part of
> human endeavour, but for it to retain the privilege which it has gained
> over centuries of being in some measure unaccountable, would be to render
> both science itself and society a disservice.  It is time that knowledge
> became more accessible to those to whom it properly belongs.
> 
>   *** end of quoted material ***

I'm left wondering what exactly he was envisioning with this.  Any
thoughts?

sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net sdw at meaddata.com
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together




From nobody at soda.berkeley.edu  Wed Feb 16 15:10:23 1994
From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu)
Date: Wed, 16 Feb 94 15:10:23 PST
Subject: No Subject
Message-ID: <199402162308.PAA18157@soda.berkeley.edu>


I am remailing this using a fake address, by telnetting to
port 25 of a remailer from Netcom. Here is how I did it
and how anyone else could do it, including Larry Detweiler,
who knew how to do this when I was still in my internet
diapers:

>qwerty: telnet soda.berkeley.edu 25
>Trying...
>Connected to soda.berkeley.edu.
>Escape character is '^]'.
>220-soda.berkeley.edu Sendmail 8.6.5/PHILMAIL-1.10 ready at Wed, 16 Feb 1994 15:05:31 -0800
>220 ESMTP spoken here
>EHLO mail.netcom.com
>250-soda.berkeley.edu Hello mail.netcom.com, pleased to meet you
>250-EXPN
>250-SIZE
>250 HELP
>MAIL From:<L.D.e.t.w.e.i.l.e.r at netcom.com>
>250 <L.D.e.t.w.e.i.l.e.r at netcom.com>... Sender ok
>RCPT To:<hh at soda.berkeley.edu>
>250 <hh at soda.berkeley.edu>... Recipient ok
>DATA
>354 Enter mail, end with "." on a line by itself
>Request-Remailing-To: cypherpunks at toad.com

Here is an example of a damaging post, which is damaging
in whatever volume it is sent out. For those of you who
don't have a sense of humor: THIS IS A JOKE! This isn't real.
There IS NOT an offer from Blacknet for such things (at least
I don't THINK so)!!

 -----BEGIN FICTITIOUS DAMAGING POST EXAMPLE-----
"Hello, Blacknet Enterprises here. We are looking for kiddie
porn. Please use our encrypted remailer block to send us
some and we will send you e-money, or make an anonymous
deposit in your back account. Thank-you. Remember when you
were 12 years old? That Suzy sure was cute! You wanted her
then, and you want her now ;-) ! Don't lie; we're all kids at
heart.

Because at Blacknet: we love EVERYONE."
 -----END FICTITIOUS DAMAGING POST EXAMPLE-----

Since Usenet will not be fully moderated in the next year or
two, the only solution which will not backfire and make things
worse, is moderated remailing. If someone can send me an AI
program that would be able to block the above post, and further
block efforts by the same abuser to alter said post to avoid your
keyword search, such as changing "Blacknet" to "Black.Net" and
"porn" to "pictures", then I will be very amazed.

As I've already tried to point out, security starts with people,
not technology.

If I haven't made my point by now then I guess it's time
to unsubscribe, shut down qwerty, and get on with what
matters, which is getting PGP, Stealth-PGP, and a few
sophisticated steganographs into people's hands.

 -=Xenon=-





From hayden at krypton.mankato.msus.edu  Wed Feb 16 15:15:14 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Wed, 16 Feb 94 15:15:14 PST
Subject: Big Brother PostScripts
In-Reply-To: <9402162233.AA03665@andria.lehman.com>
Message-ID: <Pine.3.89.9402161749.A6038-0100000@krypton.mankato.msus.edu>


On Wed, 16 Feb 1994, Perry E. Metzger wrote:

> This is an awful idea, as it completely dilutes the message of the
> sticker which is that Clipper Phones have built in insecurity. We are
> not trying to create general paranoia -- we are trying to sink
> clipper. If you want general paranoia why not just pump speed into the
> municipal water supply?

You have to admit though, there's a certain 'charm' in putting big 
brother stickers on telephones......

Of course, there's a a charm in putting speed in the municipal water 
supply too :-)

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From a-ophirr at microsoft.com  Wed Feb 16 15:35:14 1994
From: a-ophirr at microsoft.com (Ophir Ronen (RHO))
Date: Wed, 16 Feb 94 15:35:14 PST
Subject: No Subject
Message-ID: <9402162332.AA18201@netmail2.microsoft.com>



-----BEGIN PGP SIGNED MESSAGE-----

Hello everyone,


I will pop out of the shadows for a moment to say that I have a
fairly illuminating tutorial on ATM if anyone is interested.


			<Poof>

		Ophir dissappears in a somewhat murky cloud of smoke



Ophir Ronen <a-ophirr at microsoft.com>
KeyID  1024/54FF05 1994/02/16
Key fingerprint =  EA BF 5C 85 F6 C3 A7 8E  AA 48 2A AC B9 BC 4B D2
"So long and thanks for all the phish"


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWKhlo/5gSeVVP8FAQEo7AP+PwyOebCkIZM32aG1wyzpYdSkabLLy07E
+4cyFlJzrQp+OGmctiMBOG7aZfuzOxscaGkXjsUY6GfhI5lZUhtVKkrv1nVyuImo
J8Zoy85mV9bK4UriNZX5wOrVfQXwXfu8eF6JMmEhYe2dNOfik4C9feQEmusKZGBE
ffRvIXiy24w=
=k2Uk
-----END PGP SIGNATURE-----





From qwerty at netcom.com  Wed Feb 16 15:35:24 1994
From: qwerty at netcom.com (Xenon)
Date: Wed, 16 Feb 94 15:35:24 PST
Subject: Detweiler remailer abuse
Message-ID: <199402162334.PAA15805@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Matthew Ghio wrote,

>It does work like the postal service.  You don't have to put a return
>address on the letter.  You can put anything in the from line that you
>want. You could put From: Anonymous Shithead and it would work.  But,
>like the postal service, it will get postmarked where you mail it from,
>so it will show that it came from netcom.com.

Ah, and what better way to get qwerty placed in all the other remailer's
kill files? A remailer not part of a network isn't a happy remailer. I'm
already too close to being labeled as some sort of renegade idiot to pull this
anytime soon. The remailer police will pounce on me for this one, when I
change my mind. It would be a lot funner than the level of "punk" I see out
here.

However, I think the real solution is moderated remailers. Then I'd have
and excuse to charge $1 (yes, cheaper than the others :-) ) a pop, and it
would add batching, which could be done in random order. However, sadly,
I personally don't have the time to maintain such a system :-( . Ah, but I
could hire someone to do it for me $-) !

Encryption would keep people's mail private, and Usenet is already public,
and my bad memory would not constitute a "log" of who is getting e-mail.
The remailer script could EVEN be set up to avoid my even seeing the
addresses involved, were they private e-mail.

 -=Xenon=-

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWJmYgSzG6zrQn1RAQG3BgQAn9yos2C1C2sVu+tNxaZqjPhE9uWRAczC
XIXc6SgzRtuRvCRH1l4uOdik3f8B/06n11+Q3BEWPtcKMGPR7aKyoAGKMLudZmR9
mQkeJlD5Of89gqcNSvoqRO3L5gVVaK7em4sS03TMi9I9qmAvxKfjl3d9lQdNfX9d
37eDGqOs11k=
=CDsI
-----END PGP SIGNATURE-----





From hammond at census.gov  Wed Feb 16 15:50:23 1994
From: hammond at census.gov (Bob Hammond CASIC)
Date: Wed, 16 Feb 94 15:50:23 PST
Subject: unsubscribe
Message-ID: <9402162348.AA27488@info.census.gov>


>From owner-cypherpunks at toad.com Wed Feb 16 09:12 EST 1994
>Date: Wed, 16 Feb 94 08:53:55 EST
>From: katz at spectrum.cs.bucknell.edu (lonne katz `94)
>To: cypherpunks at toad.com
>Subject: unsubscribe
>
>unsubscribe me please
>
#  ditto!  i have tried every combintion of *cypherpunks*@toad.com
#  i can think of and i can't find the one to turn it off !!!
#  while some msgs are thoughtful about importnt things, i don't
#  need 75 msgs a day.  i'm one of those with an unintelligent mail
#  facility ...   please help ...

unsubscribe




From pmetzger at lehman.com  Wed Feb 16 15:50:27 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 16 Feb 94 15:50:27 PST
Subject: No Subject
In-Reply-To: <199402162308.PAA18157@soda.berkeley.edu>
Message-ID: <9402162343.AA03945@andria.lehman.com>



Xenon The Obvious says:
> I am remailing this using a fake address, by telnetting to
> port 25 of a remailer from Netcom. Here is how I did it
> and how anyone else could do it, including Larry Detweiler,
> who knew how to do this when I was still in my internet
> diapers:

Big deal. Anyone can walk up to you with a gun and shoot you too.
Hell, I could do that when I was in diapers.

The point is not to make Detweiler's life excessively easy -- its not
possible to be foolproof. We all know that. BFD.

Perry





From analyst at netcom.com  Wed Feb 16 16:15:14 1994
From: analyst at netcom.com (Benjamin McLemore)
Date: Wed, 16 Feb 94 16:15:14 PST
Subject: Detweiler blocking
In-Reply-To: <9402162231.AA03653@andria.lehman.com>
Message-ID: <199402170015.QAA01814@mail.netcom.com>


> 
> 
> Benjamin McLemore says:
> > I must admit to a certain amount of amazement to the almost universal
> > consensus I have seen in this forum regarding censoring Detweiler's (or
> > whomever's) Usenet postings.
> 
> No one has proposed censoring his Usenet postings. What people have
> proposed is that they deny him the use of the remailers that they set
> up on their hardware. This is very different. 

[deleted]
> 
> I see nothing wrong with remailer operators taking steps to prevent
> Detweiler from using their equipment against their will. This is not
> censorship. Mr. Detweiler is still free to use Usenet any way he sees
> fit. It is simply the act of saying "Mr. Detweiler can't use MY
> REMAILER any way he sees fit."
> Perry

Sorry for the typo, of course I meant censoring Detweiler's Usenet
postings vis a vis the remailer network. I don't even want to know who
is sending messages through my remailer and they beter be encrypted so
that I can't know--this is the essence of the privacy that I think
remailers should provide and it is how I think we have to fight the
current authoritarian model. Yes, Detweiler wants the remailer's shut
down and some type og Big Brother/retina scanning/verification
approach so that he can be sure we're not al the same person. As such,
he is an enemy of what we stand for. And yet, he can use the
technologies we are developing just as well--so can the rest of the
poeple who are against our agenda and there is no way we could
distribute filter lists fast enough to keep them all out (especially
with port 25).

My point is--what harm have Detweiler's posts through the remailer's
done? I do not accept that they were really even harm--anybody reading
unmoderated Usenet newsgroups is wading through far more drivel on a
daily basis then the Perversion can manage to generate. It is
challenging this notion that they were harmful (and I am not doubting
that some net.czars--although hopefully not Netcom--would find them
so) that I am trying to do. 

WE must have privacy for everyone--even Detweiler. I agree with Perry
that Detweiler's right to sin ends when he uses my property, but I
only plan to use (and soon run) remailers where the text is encrypted
anyway. I certainly do not plan to filter messages based on a content
I can't even read. Thus, by design I wouldn't be able to filter him or
any other fools he might motivate to his irrational cause.

As to kiddie porn, what is my legal liability if all that passes
through my system is PGP-encrypted bits. Someone else will have to
open the envelope (I assume that the postal inspectors aren't
arresting all the postal workers in the chain of delivery of the crap
they are sending to BBS operators...)--I don't plan to be able to.

Benjamin

--
analyst at netcom.com




From wisej at acf4.NYU.EDU  Wed Feb 16 16:35:29 1994
From: wisej at acf4.NYU.EDU (wisej)
Date: Wed, 16 Feb 94 16:35:29 PST
Subject: Detweiler blocking
In-Reply-To: <9402162231.AA03653@andria.lehman.com>
Message-ID: <Pine.3.87.9402161934.A27751-0100000@acf4.NYU.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 16 Feb 1994, Perry E. Metzger wrote:

>
> I see nothing wrong with remailer operators taking steps to prevent
> Detweiler from using their equipment against their will. This is not
> censorship. Mr. Detweiler is still free to use Usenet any way he sees
> fit. It is simply the act of saying "Mr. Detweiler can't use MY
> REMAILER any way he sees fit."
>
In a society where anonymity were commonly available, I would agree withyou, but
sadly we do not live in such a society.  As cypherpunks we are trying to rectify
this, to make anonymity available for _all_, pricks like Detweiler included.  I 
think that it sets a bad precedent to boot him off of our private remailers 
while our remailers are still all that's out there.  When public remailing is a 
reality, we can rightly do as we see fit with our private remailers without 
risking jeopardizing the future of anonymity rights on the net as a whole.
Understand of course, that I am not saying that you have no right to boot 
Detweiler...I am merely pointing out that I think it would set a dangerous 
precedent, and would in the long run be detrimental to all we are working for.

				Jim Wise
				wisej at acf4.nyu.edu
				jaw7254 at acfcluster.nyu.edu
-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWK7WDS8O1DgkhNpAQHbSQP+KHhrjXYGH6+45dJ/J7YvGVohLMDPs8Jk
oHE9dUsN3Dz5kNcnU93RkEiqI25QuaE/Yp8aQJnCEFO3xatrp2O8AzmowA458adg
I+lzRHARl2bVvFcVnMjB3iFDYVs7q37Qb2y6dTokPrnN4YxarqXUUabfgKsD9vrt
XhsDmxXzit4=
=XeRd
-----END PGP SIGNATURE-----







From rishab at dxm.ernet.in  Wed Feb 16 16:40:28 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 16 Feb 94 16:40:28 PST
Subject: Security through obscurity?
Message-ID: <gate.HJNVHc1w165w@dxm.ernet.in>


-----BEGIN PGP SIGNED MESSAGE-----


qwerty at netcom.com (Xenon) writes:

>
> There's a paradigm-shift needed here. When it clicks into place in one's
> mind, you will see why I am so adamant about Stealth-PGP, for rather than
> being a back-burner project, it is THE very thing that is most important
> for the defeat of Big Brother's Clipper chip and his wiretap proposals. It
> REALLY IS a "Stealth" technology. I'm sure there are already thousands in
> repressive countries who need it NOW, and if you don't call the USA a
> repressive country as well, I've got a burning Constitution and Bill of
> Rights for you burn your hands on.
>

Not everybody thinks India is a free country, but it is, more or less. The
interesting thing about "needing Stealth PGP" is that you need it more in
"free" USA, where Big Brother has the technology and political will to watch
and blacklist you, as well as the political will of Bobby Ray's ilk. Most
repressive countries are, on the other hand, not well equipped with hi-tech
surveillance.

In India, where I can telnet from at practically no cost due to a fairly
up to date net, official policy for this "Educational" net states
that mail, not supposed to be private, may be randomly inspected.

However, I can send just about anything I want to and from anywhere (such as
PGP, Phrack, and any sedition I might want to export), because *NOBODY WILL
BOTHER* to inspect anything. And government security agencies who may have the
technology to snoop couldn't be bothered with electronic traffic. In any case,
if I was to hack for state secrets, presumably I'd find NSA archives more
interesting than their local equivalant.

The point is that nobody here will notice what encryption I use, and far from
outlawing it, hardly anyone is aware of it. (I'm one the only person from
India, and one of four from all Asia, to subscribe to this list. Pretty well
hidden in the noise ;-)

Just as in India, I'm not suspect if I encrypt a message, Xenon hopes that the
NSA won't mind if *IT DOESN'T KNOW* that you've encrypted something. But the
threshold of suspicion will change: with increasing use of Stealth-PGP, *ANY
TRANSMISSION* of noise will be cause for honorary membership to the NSA
watchlist. Of course, they may find it harder to prove that you did encrypt
anything; but now they can't prove that you encrypted something criminal, as
decryption is pretty hard. But they don't believe much in proof, do they?

Rishab

- -----------------------------------------------------------------------
Rishab Aiyer Ghosh                            "What is civilisation
rishab at doe.ernet.in, rishab at dxm.ernet.in        but a ribonucleic
Voicemail +91 11 3760335; Vox/Fax/Data 6853410      hangover?"
H-34C Saket New Delhi 110017 INDIA
- -----------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWJ5Lvw/vM8w8hLZAQESnwP+L9nuYtkRXQap5Ucr9dUWOfAFhQQeJO2S
d5tHWkRbBEf8panzPO/W/5X/2BBPCoaoNEkqLpX11RHCVKBd8rrx4xaX5UJL9iTk
49s8c2jLEC2ZqJLneJd6DchZaNRwV9u4ns3M+55m7o3sYYZ0wdE9AgfpID9BGpfn
r5cA7N+RXNg=
=950h
-----END PGP SIGNATURE-----





From nates at netcom.com  Wed Feb 16 17:50:24 1994
From: nates at netcom.com (Nate Sammons)
Date: Wed, 16 Feb 94 17:50:24 PST
Subject: Article from March Scientific American
Message-ID: <199402170148.RAA29416@mail.netcom.com>



>From Scientific American, March 1994, pages 90 - 101.

This is not the whole article, just the part pertaining to up
(reprinted withut permission) please excuse any spelling errors!

-------- cut here --------
Parker = Donn B. Parker, SRI International
Denning = Dorothy E. Denning, Georgetown University
Ware = Willis Ware, Rand
Ranum = ??
Farber = David J. Farber, University of Pennsylvania
Spafford = Eugene H. Spafford, Purdue University
 
  If passwords should traverse the Internet only in encrypted form, what 
about other sensitive information?  Standardization efforts for 
"privacy-enhanced" e-mail have been under way for more than five years, 
but widespread adoption lies well in the future.  "The interoperability 
problem is nasty," Ware says, unless everyone has software that can 
handle encrypted messages, it is of little use to anyone.
 
  Encryption could provide not only privacy but authentication as well: 
messages encoded using so-called public-key ciphers can uniquely identify 
both recipient and sender.  But encryption software in general remains at 
the center of a storm of political and legal controversy.  THe U.S. 
government bars easy export of powerful encoding software even though the 
same codes are freely available overseas.
 
  Within the U.S., patent rights to public-key encryption are jealously 
guarded by RSA Data Security, a private firm that licensed the patents 
from their inventors.  Although software enploying public-key algorithms 
has been widely published, most people outside the U.S. government cannot 
osse it without risking an infringement suit.
 
  To complicate matters even further, the government has proposed a 
different encryption standard, one whose algorithm is secret and whose 
keys would be held in encrow by law-enforcement agencies.  Although many 
civil libertarians and computer scientists oppose the measure, some 
industry figures have come out in favor of it.  "You can't have absolute 
privacy," Parker says.  "A democracy just can't operate that way."
 
  The question is not whether cyberspace will be subjected to legislation 
but rather "how and when law and order will be imposed," Parker says.  He 
predicts that the current state of affairs will get much worse before the 
government steps in "to assure privacy and to protect the rights people 
do have."
 
  Others do not have Parker's confidence in government intervention.  Ranum 
forsees an internet made up mostly of private enclaves behind firewalls 
that he and his colleagues have built.  "There are those who say that 
fire walls are evil, that they're balkanizing the Internet," he notes, 
"but brotherly love fall on it's face when millions of dollars are 
involved."
 
  Denning counts herself among the optimists.  She lends her support to 
local security measures, but "I don't lose any sleep over security," she 
says.  Farber, also cautiously optimistic, sees two possible directions 
for the Internet in the next few years:  rapid expansion of existing 
services, or fundamental reengineering to provide a secure base for the 
future.  He leaves no doubt as to which course he favors.  Spafford is 
likeminded but gloomier.  "It's a catch 22," he remarks.  "Everyone wants 
to operate with what exists, but the existing standards are rotten.  
They're not what want to build on."
 
  Even if computer scientists do redesign the Internet, he points out, 
putting new standards in place may be impossible because of the enormous 
investment in old hardware and software.  So much of the Internet rests 
on voluntary cooperation, he observes, that making sweeping changes is 
almost impossible.
 
  Then again, Ware counters, perhaps piecemeal evolution may be the only 
possibility.  No single organization understands the idea of a national 
information infrastructure well enough to be put in charge, he contends: 
"There's no place to go and say `Here's the money, work out all the 
problems.'  There aren't even three places, and I'm not sure there should 
be."
 
  In the meantime, the network grows, and people and businesses entrust to 

-------- cut here --------

-nate

--
+---------
| Nate Sammons  <nates at netcom.com>  PGP Key and fingerprint via finger.
| Kill The Clipper. Question Authority. Encrypt everything in sight.
+---------




From qwerty-remailer at netcom.com  Wed Feb 16 17:55:17 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 16 Feb 94 17:55:17 PST
Subject: No Subject
Message-ID: <199402170153.RAA20579@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Perry, you should start signing your messages 'cause someone's been forging
posts from you, trying to make you look stupid.

 -=Xenon=-

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWKDLASzG6zrQn1RAQHkTgP/eBL9o5g8WraOs+CPzQ75xX3xKCnDbUzP
CbtaGswTLbhANe+JUZx4jONYKv94H+y6GhBc0B//g4+Howo32bmmrhNPGTjWLxH/
mcDmqacoGEtiT1V9J4BNUsA3bP8HyYWpijZA6IAzftXniZjvEErOltKksz0o1qwV
Qxd64/2lVz4=
=BIaa
-----END PGP SIGNATURE-----





From pmetzger at lehman.com  Wed Feb 16 18:40:25 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 16 Feb 94 18:40:25 PST
Subject: Detweiler blocking
In-Reply-To: <Pine.3.87.9402161934.A27751-0100000@acf4.NYU.EDU>
Message-ID: <9402170233.AA04512@andria.lehman.com>



wisej says:
> In a society where anonymity were commonly available, I would agree
> with you, but sadly we do not live in such a society.  As
> cypherpunks we are trying to rectify this, to make anonymity
> available for _all_, pricks like Detweiler included.

My goal is not to make anonymity available for all. My goal is to keep
it LEGAL for all. Mr. Detweiler and the rest can pay for their
anonymity on their own dime -- I give my services to people I like and
people who pay me, not to anyone and everyone. Just because I feel the
American Nazi Party should be legal does not give me the personal urge
to give them money.

Detweiler is indeed a prick. As such, I feel no obligation to make his
life easy. I see nothing wrong with individuals deciding who they wish
to give service to and who they don't. Just because I feel something
should be legal does not mean I wish to supply it. I think it should
be legal for Detweiler to be anonymous if he wishes. I see no
obligation for anyone who dislikes him to supply him with the
mechanisms to exercise his rights, however.

> I am merely pointing out that I think it would set a dangerous
> precedent, and would in the long run be detrimental to all we are
> working for.

I think the opposite. I believe that suicidally deciding to make his
life easy regardless of how much of a pain in the buttocks he is is
the bad precedent -- it gives people the wrong idea about what these
services are about. Julf kicked him off -- but to this day refuses to
confirm if it was really Detweiler using an12070. That is the sort of
ethical precedent I like -- Julf kept his word about anonymity but
refused to allow his dime to be used to fund further abuse. Its bad
precedent for people to feel muzzy headed about the distinction
between wanting something legal and wanting to supply it.

Perry





From pmetzger at lehman.com  Wed Feb 16 18:50:26 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Wed, 16 Feb 94 18:50:26 PST
Subject: No Subject
In-Reply-To: <199402170153.RAA20579@mail.netcom.com>
Message-ID: <9402170245.AA04568@andria.lehman.com>



Thank you for your concern, and that of the other members of your
family, Argon, Neon and Helium.

Perry

qwerty-remailer at netcom.com says:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Perry, you should start signing your messages 'cause someone's been forging
> posts from you, trying to make you look stupid.
> 
>  -=Xenon=-
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.3
> 
> iQCVAgUBLWKDLASzG6zrQn1RAQHkTgP/eBL9o5g8WraOs+CPzQ75xX3xKCnDbUzP
> CbtaGswTLbhANe+JUZx4jONYKv94H+y6GhBc0B//g4+Howo32bmmrhNPGTjWLxH/
> mcDmqacoGEtiT1V9J4BNUsA3bP8HyYWpijZA6IAzftXniZjvEErOltKksz0o1qwV
> Qxd64/2lVz4=
> =BIaa
> -----END PGP SIGNATURE-----





From qwerty-remailer at netcom.com  Wed Feb 16 19:30:27 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 16 Feb 94 19:30:27 PST
Subject: No Subject
Message-ID: <199402170326.TAA29452@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Perry,

Much better flame. Thanks for making me laugh :-) .

I do start to understand your outlook, but I also understand
people like Larry and that makes me quite apprehensive about
quick fixes. What do you think about moderated remailers? If
the code was set up so I never SEE the addresses involved,
only the contents, it would have about the same security as
current remailers, as far as having to trust the operator.

It would put an abrupt end to Detweiler abuses, and solve
Usenet abuses, but not solve "encrypted death threats".
But I don't think even Larry will be sending those to people.

"Making his life easy", or making it harder, just doesn't register
in my mind as being a real issue. Seems to me he would ENJOY
it being harder, for that means we are all paying great attention
to him, and he can upset us SO much more by abusing the remailers
to spoil our quick fix.

  -=Xenon=-

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWKc9ASzG6zrQn1RAQHjZgP/fQgKoWYOmaoWbkg3q5dkHlfS3JdSwqk6
D6jLPcXahqSgrCMQn0RARapQNAHihPaz+GnTxQI58gEMzTGGf4ZTytBrsTUbFuxK
6eOc8CLYFhwgj7P4NuEn/PamyL0KU9ESF6jv7dtu58d0FaUz50phIruiGQSXq+ac
srQlax0q6Ls=
=dRnP
-----END PGP SIGNATURE-----





From dwomack at runner.utsa.edu  Wed Feb 16 20:00:26 1994
From: dwomack at runner.utsa.edu (David L Womack)
Date: Wed, 16 Feb 94 20:00:26 PST
Subject: The L. D. persona...
Message-ID: <9402170357.AA29878@runner.utsa.edu>


The other day, I noticed that MacPGP seemed
to give credit to a person with the initials
L. D.  

He certainly seems unpopular...was he at one
time a more positive force?  Or is this a
dumb question on my part?

Regards,

Dave




From remailer at merde.dis.org  Wed Feb 16 21:10:28 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Wed, 16 Feb 94 21:10:28 PST
Subject: No Subject
Message-ID: <9402170507.AA19085@merde.dis.org>


subject: xenon == ld?

think about it...

infiltrate and subvert,

of course that would be subverting the perverts, but anyway...

raven red





From sameer at soda.berkeley.edu  Wed Feb 16 21:15:17 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Wed, 16 Feb 94 21:15:17 PST
Subject: Where to get Big Bro Stickers
In-Reply-To: <Pine.3.07.9402161407.B17842-a100000@bigcat>
Message-ID: <199402170512.VAA26425@soda.berkeley.edu>


> 
> The same thing happened to me.  I sent him $10 and never got any stickers.
> I mailed him once and he said he sent them, but would try sending some
> more.  I've never gotten them, or bothered to mail Chris again.
> 

	I got the stickers, and I didn't even send any money.
	Mail him again, it's not a scam.






From hfinney at shell.portal.com  Wed Feb 16 21:40:28 1994
From: hfinney at shell.portal.com (Hal)
Date: Wed, 16 Feb 94 21:40:28 PST
Subject: Pen recorders and phone records
Message-ID: <199402170540.VAA03562@jobe.shell.portal.com>


I have read that if the police want to know who a person communicates
with on the telephone, they can arrange to have a "pen recorder" put on
their phone line.  This will record all phone numbers called from that line.
Supposedly the legal barriers to this type of surveillance are much less
than for a phone tap.

I am confused about the necessity for this if the phone companies routinely
record this information anyway.  Is this just an archaic and obsolete
terminology, and what really happens is that the phone company will give
already-existing phone records to authorized officials?

Thanks -
Hal






From wisej at acf4.NYU.EDU  Wed Feb 16 22:25:18 1994
From: wisej at acf4.NYU.EDU (wisej)
Date: Wed, 16 Feb 94 22:25:18 PST
Subject: Detweiler blocking
In-Reply-To: <9402170233.AA04512@andria.lehman.com>
Message-ID: <Pine.3.87.9402170115.B17940-0100000@acf4.NYU.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 16 Feb 1994, Perry E. Metzger wrote:

>
> My goal is not to make anonymity available for all. My goal is to keep
> it LEGAL for all. Mr. Detweiler and the rest can pay for their
> anonymity on their own dime -- I give my services to people I like and

But the best way to keep it legal is to keep it widely available, no questions 
asked...If each person is providing their own brand of anonymity, it sort of 
destroys the point, doesn't it?  After all, you just look to see whose remailing
style is being used.

				Jim Wise
				wisej at acf4.nyu.edu
-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWMNKTS8O1DgkhNpAQHJXgQAxfwCMnwZOWJlVEInkiLAPsO9IrsiluwL
HLW+jLpBhNNqpneLdNrQIVgc/ZxNSwCda8fbcFR/gOHkY2oT/Ce8convXe8AxqPv
ZyGu+x0zzhytyoq+y61fXrxbgzt5tuO7DP+1zkEWYj8R/IQhUhyOkulg3rbrHU68
frG64Fw2apU=
=URGR
-----END PGP SIGNATURE-----







From orion at crl.com  Wed Feb 16 22:30:28 1994
From: orion at crl.com (Colin Orion Chandler)
Date: Wed, 16 Feb 94 22:30:28 PST
Subject: TELECOM Digest V14 #85 (fwd)
Message-ID: <Pine.3.87.9402162223.A13079-0100000@crl2.crl.com>


I hope this is legal... check out the section on Clipper!  Not new news, 
but at least all the telco honchos are receiving this info... :)

---------- Forwarded message ----------
Date: Wed, 16 Feb 94 09:33:36 CST
From: TELECOM Moderator <telecom at delta.eecs.nwu.edu>
To: telecom at eecs.nwu.edu
Subject: TELECOM Digest V14 #85

TELECOM Digest     Wed, 16 Feb 94 09:33:00 CST    Volume 14 : Issue 85

Inside This Issue:                          Editor: Patrick A. Townson

    GTE High Technology in California (TELECOM Digest Editor)
    Over 10,000 Sign Petition to Oppose Clipper (Dave Banisar)
    More FTP NISDN Information Available (William H. Sohl)
    Caller ID in Russia (For Curious) (Michael De Lyon)
    Faculty Position Available (Jane Fraser)
    Cell Phone Welcome Message (Gary Huntress)
    "America's Network is New Name For TE&M Magazine (Nigel D. Allen)
    Network Efficiency (Dave Linthicum)
    Request For Map Drawing Software (Donald E. Kimberlin)
    AT&T Directory Assistance Now Includes Addresses (Monty Solomon)
    Privacy on 900 Mhz Cordless Phones? (John Galloway)
    Smart Trunks (Mark Henry)
    Help Needed With Phone Connections (Robert Varcoe)
    Priorities (John Shaver Modernization Office)

TELECOM Digest is an electronic journal devoted mostly but not
exclusively to telecommunications topics. It is circulated anywhere
there is email, in addition to various telecom forums on a variety of
public service systems and networks including Compuserve and GEnie.
Subscriptions are available at no charge to qualified organizations
and individual readers. Write and tell us how you qualify:

                 * telecom-request at eecs.nwu.edu *

The Digest is compilation-copyrighted by Patrick Townson Associates of
Skokie, Illinois USA. We provide telecom consultation services and
long distance resale services including calling cards and 800 numbers.
To reach us:  Post Office Box 1570, Chicago, IL 60690 or by phone 
at 708-329-0571 and fax at 708-329-0572. Email: ptownson at townson.com.

    ** Article submission address only: telecom at eecs.nwu.edu **

Our archives are located at lcs.mit.edu and are available by using
anonymous ftp. The archives can also be accessed using our email
information service. For a copy of a helpful file explaining how to
use the information service, just ask.

TELECOM Digest is gatewayed to Usenet where it appears as the moderated
newsgroup comp.dcom.telecom. It has no connection with the unmoderated
Usenet newsgroup comp.dcom.telecom.tech whose mailing list "Telecom-Tech
Digest" shares archives resources at lcs.mit.edu for the convenience
of users. Please *DO NOT* cross post articles between the groups. All
opinions expressed herein are deemed to be those of the author. Any
organizations listed are for identification purposes only and messages
should not be considered any official expression by the organization.
----------------------------------------------------------------------

Date: Tue, 15 Feb 94 10:08:01 -0500
From: TELECOM Digest Editor <telecom at eecs.nwu.edu>
Subject: GTE High Technology in California


The following bulletin was released by GTE on Monday.
 
Feb. 14, 1994
  
       GTE BRINGS HIGHLY ADVANCED TECHNOLOGY TO CALIFORNIA
           THIS WEEK; "WORLD CLASS NETWORK" A REALITY
 
 
GTE California today announced that it will install highly advanced
switching technology this week in the Los Angeles area as part of the
company's continuing effort to build a "World Class Network" for
customers.
 
The company said ATM switches -- some of the final components that
permit access to the information superhighway -- will be installed
Tuesday (Feb. 15) at company facilities in Santa Monica, Ontario and
Thousand Oaks. Additional ATM switches are scheduled to be installed
at other California sites before the end of the year.
 
ATM (Asynchronous Transfer Mode) switches handle simultaneous video,
data, image and voice traffic.  A few of the customer service
capabilities include: interactive distance learning among classrooms
in different parts of a city or state; geographically distant
employees sharing documents and images during video conference calls;
medical experts in separate hospitals concurrently reviewing and
diagnosing X-rays; and residential customers picking movies from
video-on-demand libraries.
 
GTE's ATM network initially will support educational institutions,
businesses and government agencies.
 
"The 1990s have been a challenging time for California, but also an
exciting time as we work to build a future that's better than our
past," said West Area President Larry Sparrow. "We've been
aggressively installing advanced network systems here for several
years. The addition of ATM switching makes our long-standing vision of
a World Class Network a reality."
 
ATM SWITCHES PART OF GTE PLAN TO SUPPORT EDUCATION
 
Educational institutions are a critical component of GTE's World Class
Network in California. More details of the World Class Network's
educational aspects, as well as business and government applications,
will be announced at a later date.
 
"We've proven the value of telecommunications in the classroom, and
we've learned that no single product can meet the diversity of needs
present in our schools today. Another difficulty educators face is
technological obsolescence," Sparrow said. "GTE will ensure that
educators have access to technology that meets their individual needs.
ATM's flexibility will help schools avoid dependency on technology
that will become outdated."
 
Using telecommunications, schools can improve the quality of education
by pooling resources and accessing a tremendous variety of information
and learning materials.
 
The company has conducted several educational pilot projects,
including programs in the Hacienda-La Puente and Norwalk-La Mirada
school districts, and a distance learning program with California
State University, Dominguez Hills and Coastline Community College.
GTE also has conducted the world's most comprehensive technology test
of educational applications as part of the company's Cerritos Project.

------------------------------

Date: Tue, 15 Feb 1994 13:42:29 -0500
From: Dave Banisar <cpsr at access.digex.net>
Subject: Over 10,000 Sign Petition to Oppose Clipper


                        Washington, DC
                       February 15, 1994
                    
      Computer Professionals for Social Responsibility (CPSR)


         OVER 10,000 SIGN PETITION TO OPPOSE CLIPPER


In only two weeks, over 10,000 users of the nation's computer networks
have signed the CPSR petition calling for President Clinton to
withdraw the Clipper proposal.

Opposition has been widespread, from CEOs of large firms to college
students in small towns, from librarians and civil libertarians to
computer programmers and product marketers.

To sign the petition, email <clipper.petition at cpsr.org> with the
message "I Oppose Clipper"

Encourage friends to sign.

In 1990, over 30,000 people sent email message to Lotus asking that a
product containing detailed personal information called "Marketplace"
be withdrawn.  Eventually Lotus withdrew the product.

CPSR is a non-profit, membership organization based in Palo Alto, CA.
CPSR's mission is to provide analysis of the effects of new
technological developments on society.  For more information, please
email cpsr at cpsr.org or call 415-322-3778.

------------------------------

From: whs70 at cc.bellcore.com (sohl,william h)
Subject: More FTP NISDN Information Available
Date: 15 Feb 1994 13:55:41 -0500
Organization: Bell Communications Research (Bellcore)


Information about National ISDN is now available by anonymous FTP
(File Transfer Protocol) over the Internet at host: info.bellcore.com

FTP allows the retrieval of formatted documents and software.

The documentation now available (2/17/94) includes:

1. A Catalog of National ISDN Solutions for Selected 
   NIUF Applications
2. Bellcore document, SR-2006, "National ISDN"
3. A list of Bellcore TEC training for National ISDN

Additional documentation will be added over time and this announcement
will be periodically updated and posted to the appropriate newsgroups.

The files are available in PostScript through anonymous FTP from
"info.bellcore.com" in the /pub/ISDN sub directory.

I M P O R T A N T: Many of the files are large, it is essential that
you first get the README (the upper case is important) file for
detailed information on retrieving various files associated with
documents.

The following text describes a typical anonymous FTP session:

   system: ftp info.bellcore.com <enter>
   Connected to info.
   220 info FTP server (SunOS 4.1) ready.
   Name: anonymous <enter>
   331 Guest login ok, send ident as password.
   Password: <enter your internet login -- example: 
                    student at university.edu>
   230 Guest login ok, access restrictions apply.
   ftp> cd /pub/ISDN <enter>
   250 CWD command successful.
   ftp> mget README <enter>
   mget README? yes <enter>
   200 PORT command successful.
   150 ASCII data connection for README (8758 bytes).
   226 ASCII Transfer complete.
   local: README remote: README
   8943 bytes received in 0.19 seconds (46 Kbytes/s)
   ftp> quit <enter>
   221 Goodbye.

<enter> represents pressing the "enter" or "return" key on your
computer keyboard.

The README file is in ASCII format and may be read on any word
processor. The other files in the directory are in PostScript format
and may be downloaded as needed by using the "mget" command while in
the FTP.

The PostScript files may be printed on a PostScript printer by using
the "lprr" command. A typical Post Script print command may look like:

           lpr -P<printer> -h -v <filename.ps>

where:

<printer> represents printer name on your network, and <filename.ps>
represents a PostScript file.

'-h' corresponds to the option of suppressing the printing of burst
page while '-v' corresponds to the option of printing raster image,
i.e., PostScript. Please note that the printer must support PostScript
imaging model in order to print these files.

If you have problems or you'd like to comment on the information
stored at this site or wish to make recommendations for future
enhancements, you can email us at:
        
                     isdn at cc.bellcore.com
OR
call us at Bellcore's National ISDN Hotline: 1-800-992-ISDN

If you'd like to be added to our NISDN information mailing list,
please call the Hotline or email us and provide your name, your full
mailing address (regular mail), and telephone number.

------------------------------

From: ics at netcom.com (Michael De Lyon)
Subject: Caller ID in Russia (For Curious)
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Date: Tue, 15 Feb 1994 03:52:45 GMT


After some reading of 'Caller ID' thread, I decided that some curious
people might be interested how is it done in Russia.  Russia is
beginning to offer tone-dialing (very limited number of exchanges even
in Moscow), but as long-distance direct dialing is very common,
standard (?) caller ID request/responce are used.  It is worth to
mention that in Russia all seven-digit calls are local (flat rate), so
the problems with billing only begin when you call 8 (wait for
dialtone) (area code) number.  Your caller ID is requested after you
dialed 8.  If it failed after several trials or callback probe
realized that the number is not busy (i.e. it is forged or incorrectly
recognized), you get engaged tone and need to hang up.  (International
calling is 8 W 10 + ....; this 10 looks more familiar, eh?).  

Of course, there is nothing like custom calling services.  (You cannot
_dial_ * or #, can you?)  That's why hardware-knowledgeable people
began to create their own devices (mostly Z80-based, with 4K of ROM)
to perform basic caller ID functions. Algorithms were getting better
and better, and now such a device does caller ID (buffer for about 10,
time and date), white (distinctive ringing), grey (regular) and black
(rejected) lists of caller IDs, repetitive dialing, "answering
machine" (outgoing message from RAM, incoming to an attached tape
recorder), etc., etc. Very impressive, especially for those who
understand that there is 1-bit FFT inside.  What happened next -- it
became almost impossible to call long distance, because the number of
caller-ID generators was limited and if all of them on your local
exchange are busy when you call long distance, it doesn't get your ID
and rejects you. That's why the Ministry of Communications decided to
introduce the fee for caller ID boxes.  

But it is not the end of the story. As those boxes are cheaper than
answering machines, people used them in AM mode when leaving home,
that is when you call a number equipped with caller-ID box, it picks
up after the first ring, sends the request, decides what to do with
you, and either simulates busy tone or hangs up (you're rejected) or
simulates ringing and really rings the phone, but nobody answers.  It
is very annoying if you call from a payphone, that's why it is
considered very impolite to set the device in AM mode. (regular mode
is to detect ID after the receiver went off hook).  Of course,
anti-caller-ID were developed, but they work quite unreliably -- just
trying to send pulses after remote picked up. Sometimes it helps,
sometimes not.  Last note: as the system was designed for billing, the
ID only contains seven digits, so it is impossible to derive area code
from ID, the best is to recognize "alien" phone number.

I hope it was of interest,


Leo


[TELECOM Digest Editor's Note: Yes Leo, it was of interest. Thanks very
much for passing it along, and please tell us more about telecom in
Russia from time to time.   PAT]

------------------------------

Date: Tue, 15 Feb 1994 08:59:12 EST
From: fraser at ccl2.eng.ohio-state.edu
Subject: Faculty Position Available


                Rochester Institute of Technology
                Telecommunications Engineering Technology
 
        RIT's School of Engineering Technology invites applicants for
a tenure-track position in the bachelor of science program in
telecommunications engineering technology.  Women and minority
candidates are encouraged to apply
 
        Candidates should have a background in electronic systems
engineering with experience in voice, data and multimedia
telecommunications that includes network management, network planning
and design.  Duties include teaching electrical and telecommunications
engineering technology courses and laboratories in the EET Department.
Knowledge and understanding of engineering technology principles and
experience in computer applications relative to the electrical and
telecommunications field is desirable.
 
        A masters degree in engineering and three years relevant
industrial experience in the specialties above are required.
Professional registration and teaching experience desirable.
 
        Submit resume with names & phone numbers of three references
by 5/1/94 to: W. David Baker, Director, School of Engineering
Technology, Rochester Institute of Technology, 78 Lomb Memorial Drive,
Rochester, NY 14623 - 5604 .
 
------------------------------

From: ghuntres at nyx10.cs.du.edu (Gary  huntress)
Subject: Cell Phone Welcome Message
Organization: Nyx, Public Access Unix at U. of Denver Math/CS dept.
Date: Tue, 15 Feb 94 14:02:47 GMT


My in-laws have a new Motorola flip phone that they love very much.
They recently took a trip to Florida and while driving on Rt. 95 the
phone rang and they got some sort of a "welcome" message from one of
the local service providers.  My FIL is constantly amazed by all the
technology at work here and he would like to know basically how this
works.

I assumed that the phone, while in standby, can detect when it enters
and leaves each cell.  And when it sees that it enters the cell of a
new carrier it (the phone) transmits some sort of a "here I am"
message obviously this includes his phone number or some sort of
serial number so that the cell can call back with the "welcome" msg.

Is this about right?


Thanks,

Gary Huntress   ghuntres at nox.cs.du.edu

------------------------------

From: ndallen at io.org
Subject: "America's Network" is New Name for TE&M Magazine
Date: Mon, 14 Feb 1994 13:22:26 EST
Organization: Internex Online Public Access, Toronto, Ontario, Canada


One of the leading magazines for telephone company managers is
changing its name. {TE&M, Telephone Engineer & Management} is becoming
{America's Network}, effective with the February 15 issue.  Here is
the magazine's address, in case you ever want to send it a press
release or letter to the editor:

 America's Network (formerly TE&M)
 Attn: Mr. Robert E. Stoffels, Editor
 233 N. Michigan Ave., Suite 2423
 Chicago, IL 60601
 U.S.A.
 Telephone (312) 938-4856
 Fax (312) 938-4854

I have no affiliation with the magazine.


Nigel Allen, Toronto, Ontario, Canada    ndallen at io.org

------------------------------

From: davel at to.mobil.com (Dave Linthicum)
Subject: Network Efficiency
Date: 14 Feb 1994 18:35:56 GMT
Organization: Mobil Oil, Fairfax VA
Reply-To: davel at to.mobil.com (Dave Linthicum)


A question: If network efficiency can be roughly estimated using the
following formula:

E = M/(M+O)

where:

M = Message size
O = Overhead needed to send one message
  = (Px delay x speed) + ACK size + H
P = NUMBER OF PACKETS SENT
H = HEADER SIZE 
ACK = Acknowlegment message of meassage received

For example, IEEE 802.3 uses this formula such as:

E = 100/(100 + 30 + 64 + 2(64) = 31%

I know 100 is Message size. What is 30, 64, and 2(64)?  This is in a
network modeling book.

Please respond via e-mail.  Thanks!


Dave

------------------------------

Date: Tue, 15 Feb 94 13:10 EST
From: Donald E. Kimberlin <0004133373 at mcimail.com>
Subject: Request For Map Drawing Software


        I'm getting into software that draws network maps on the fly
as people use it, with need to zoom in and out and place variable
labels, like node names, on the maps, and have them ultimately
printable on an attached printer or fileable in disk files.

        Can anyone suggest sources for some nice geographic outline
map drawing code for PCs?  The U.S., Canada, and world political
outline maps are all ultimately needed.  Windows/DOS preferred, but
UNIX is acceptable, at least to try with.  Ultimately, I will need to
get the source to make modifications as to labeling and such.
Commercial products are acceptable, but public domain is preferred.
The choice depends on cost.

        All replies appreciated.  Send me any private replies to
0004133373 at mcimail.com, please.

------------------------------

Date: Tue, 15 Feb 1994 01:54:06 -0500
From: Monty Solomon <monty at roscom.COM>
Subject: AT&T Directory Assistance Now Includes Addresses


In all states except New Jersey and Connecticut you can now request
phone number and/or address information from AT&T Directory
Assistance.

They can't currently provide addresses in New Jersey and Connecticut.

------------------------------

From: jrg at rahul.net (John Galloway)
Subject: Privacy on 900 Mhz Cordless Phones?
Organization: Galloway Research
Date: Tue, 15 Feb 1994 20:01:11 GMT


Given the extended range folks are reporting for these new phones, it
seems like privacy is an even bigger issue.  Do the units provide any
sort of build in key to distinguish your phone from your neighboors?
(not that such would prevent determined eavsdropping, but it would
keep the other guys phone and likely the scanner-heads out).


jrg
internet    jrg at galloway.sj.ca.us  John R. Galloway, Jr  795 Beaver Creek Way
applelink   D3413                  CEO...receptionist    San Jose, CA   95133
                                   Galloway Research     (408) 259-2490


[TELECOM Digest Editor's Note: One tradeoff where the increased range of
cordless phones is concerned is that increased range causes a greater 
risk that the call will be overheard by others. I guess you have to
balance convenience and security; a trade-off which occurs so often where
modern computer and phone networks is concerned.   PAT]

------------------------------

Date: Tue, 15 Feb 94 09:26:29 CST
From: o_henryma at ccsvax.sfasu.edu (Mark Henry)
Subject: Smart Trunks


TELECOM Digest Readers,

        Has anyone had any experience with a trunking application
based on ISDN called Smart trunks by Southwestern Bell? If so, can you
send me pros and cons of such and post to the net if appropriate. In
addition, could you tell what percentage reduction in actual trunks
can be expected when converting to the Smart Trunk application from
analog facilities.

Thanks in advance,


Mark Henry,  Director of Telecommunications and Networking
Stephen F. Austin State University
P.O. Box 6095, Nacogdoches, Texas 75962
Phone (409) 568-2200   E-Mail @ o_henryma at ccsvax.sfasu.edu

------------------------------

From: aj645 at FreeNet.Carleton.CA (Robert Varcoe)
Subject: Help Needed With Phone Connections
Reply-To: aj645 at FreeNet.Carleton.CA (Robert Varcoe)
Organization: The National Capital FreeNet
Date: Tue, 15 Feb 1994 13:54:29 -0500


Hi, I hope someone out there can help ...

I've acquired a touchtone phone but the wires leading from the headset
to the phone AND the wires leading from the phone to the jack are not
connected.  Here is all the numbers I could find on the phone: on the
cover at back it is placo telecom inc.  On the inside on the touch pad
is says NE-35Q3A2X  1-79

on the bottom of the phone there is a number:
   79
  QSQM
 2500AX

on the inside of the phone on the right is a block where the wires
should be connected (I think) the block is labled: L1 L2 G X Y.

The wires that come from the hand set (four) are black, red and two
whites, from the phone jack (four) are black, green, red and yellow.

I would like to get this phone working, any help would be appreciated.


Thanks,

Rob

------------------------------

Date: Tue, 15 Feb 94 10:55:24 GMT
From: John Shaver Modernization Office <shaverj at huachuca-emh16.army.mil>
Subject:  Priorities


A British humourist noted that if God had wanted us to have aeroplanes
he would not have given us the railroads.

Cannot the same be said for Telephone and Telegraph?


[TELECOM Digest Editor's Note: And ditto for computers versus the old
mechanical 'adding machines' of the 1940-50 era!   <smile>    PAT]

------------------------------

End of TELECOM Digest V14 #85
*****************************







From qwerty-remailer at netcom.com  Wed Feb 16 22:55:17 1994
From: qwerty-remailer at netcom.com (qwerty-remailer at netcom.com)
Date: Wed, 16 Feb 94 22:55:17 PST
Subject: The L.D. persona...
Message-ID: <199402170652.WAA19282@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Dave Womack asked,

>The other day, I noticed that MacPGP seemed
>to give credit to a person with the initials L. D.

In the MacPGP2.3 startup screen there appears
"... L. Detweiler....". He adapted John Norstad's
help routine for use in MacPGP. This was a vast
improvement over the documentation that came
with MacPGP2.2. You still need my "Here's How
to MacPGP!" guide though ;-).

He also wrote the "Privacy and Anonymity on
the Internet" FAQ, which is still regularly posted
to Usenet, and mentioned at the end of my Guide,
and is highly recommended reading.

Then he went koo-koo. Oh well.

I'm sure the old timers here know more about that
than I do.

 -=Xenon=-

-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWLBCQSzG6zrQn1RAQE+iwP+NjFViFSGS2LppEVeUjDnQE1/0G/NWwxw
wFeLj0gYidkFtrUd37VUD0Xpvu4uWnzSEjr28QH7ycF5Zhw2rtirVb7tNaM2NeX7
vX0i8Eg3VsN3zoApm0Zdgo2dGZmxO4PES5OW4Kc33+CSjMf78L4n6D9wQX7SPc/M
znS73lmdKxk=
=QQrZ
-----END PGP SIGNATURE-----





From hughes at ah.com  Wed Feb 16 23:20:29 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 16 Feb 94 23:20:29 PST
Subject: on running a remailer
In-Reply-To: <199402162308.PAA18157@soda.berkeley.edu>
Message-ID: <9402170714.AA02030@ah.com>


>Since Usenet will not be fully moderated in the next year or
>two, the only solution which will not backfire and make things
>worse, is moderated remailing. 

Backfire on whom? 

Sounds to me like cold feet.  If you don't want to run a remailer and
put your actions out in the world, don't.  Very simple.  If you don't
want to take the heat, fine.  No one said you had to.

But don't expect anyone else to follow you.

You do sound a lot like LD.  "I'm right.  Everyone should do it my
way.  I'm going to throw tantrums until you do.  And if you don't I'm
just going to take my ball and go home."

You can escape your true name with cryptography, but not your own
psyche.

Eric





From remailer at merde.dis.org  Wed Feb 16 23:35:17 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Wed, 16 Feb 94 23:35:17 PST
Subject: CA DMV Records Confidential? NOT!
Message-ID: <9402170733.AA19550@merde.dis.org>


 No matter WHAT California Privacy Law cueently states about the confidentiality
of DMV records Home addresses and such... its STILL trivial to get the info from
the DMV in a semi-legal way(Social Engineering...)

   Faked Insurance Investigator Letterhead created on your
Laser Printer and an out of State PO Box work wonders...

or simply subscribe to NCI, Nighthawk, Superbureau or any number
of info brokers... then you can get it ONLINE...


   Anon 





From catalyst-remailer at netcom.com  Wed Feb 16 23:45:18 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Wed, 16 Feb 94 23:45:18 PST
Subject: LD's lance account is toast
Message-ID: <199402170743.XAA24572@mail.netcom.com>


Seen on news.admin.policy today...   Don't know if this affects any
other accounts he has at Colo State, e.g., detweile at cs.colostate.edu
(unless they are the same). 

	--------------------------------

Newsgroups: news.admin.policy
From: steved at lance.colostate.edu (Steve Dempsey)
Subject: Re: "Introduction to Blacknet" articles
Message-ID: <1994Feb15.213135.81770 at yuma>
Sender: steved at mestas.lance.colostate.edu (Steve Dempsey)
Date: 15 Feb 94 21:31:35 GMT
References: <199402151712.RAA28875 at an-teallach.com>
Nntp-Posting-Host: mestas.lance.colostate.edu
Organization: Colorado State U. Engineering College
Lines: 21

In article <199402151712.RAA28875 at an-teallach.com>, gtoal at an-teallach.com 
(Graham Toal) writes:
|> 
|> 	Does anybody have any idea how extensive the posting of the
|> 	"Introduction to Blacknet" - articles is? 
|> 
|> Unfortunately it's our old friend Detweiler (The Medusa etc) again.
|> He's doing it to deliberately discredit anonymous remailers because
|> of a net.war he's engaging in against individuals on the cypherpunks
|> mailing list.

Yes, it was Detweiler.  I generously gave him some notice that his
account would be terminated; he went off the deep end and left a
process running overnight posting the Blacknet article to random
groups every 10 minutes.  About 120 copies went out before I could
put a stop to it.  Apologies for letting it go on so long.  Such
abuse will not continue from this site.

================================    Engineering Network Services
Steve Dempsey                       Colorado State University
steved at longs.lance.colostate.edu    Fort Collins, CO  80523
================================    +1 303 491 0630






From jeremy at crl.com  Thu Feb 17 00:15:18 1994
From: jeremy at crl.com (Jeremy Cooper)
Date: Thu, 17 Feb 94 00:15:18 PST
Subject: Detweiler blocking
In-Reply-To: <9402162231.AA03653@andria.lehman.com>
Message-ID: <Pine.3.87.9402170002.A18504-0100000@crl.crl.com>


On Wed, 16 Feb 1994, Perry E. Metzger wrote:

> 
> I see nothing wrong with remailer operators taking steps to prevent
> Detweiler from using their equipment against their will. This is not
> censorship. Mr. Detweiler is still free to use Usenet any way he sees
> fit. It is simply the act of saying "Mr. Detweiler can't use MY
> REMAILER any way he sees fit."

Actually, `their' is a closer word for it than `Mr' is.  =o
                   _  .  _ ___ _  .  _
===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-===
===-|)||| | |\/\/  mud.crl.com 8888 (_) Virtual Bay Area!                -===







From nobody at jarthur.claremont.edu  Thu Feb 17 00:25:18 1994
From: nobody at jarthur.claremont.edu (nobody at jarthur.claremont.edu)
Date: Thu, 17 Feb 94 00:25:18 PST
Subject: No Subject
Message-ID: <9402170823.AA25100@toad.com>


As one who used to do quite a bit of Detweiller bashing in private...
I have come not to think of him as a problem... but simply
as a relentless evolutionary factor forcing the structure and methodlogy
of remailers to evolve to be more secure, better equipped and
in all a better product then the community had prior to their abuse...
Whether any of us like LD personally or not we ARE evolving our technology to 
meet his threat... and I am personally glad its happening earlier than Later..
The Puzzle Palace is a FAR more potent adversary... kinda of like the BORG...
Best we evolve the technology as quickly as possible before its outlawed and
it has to be taken underground .... War on DRUGS??? 
How about the WAR on Forbidden Math?

    Anon





From ritter at cactus.org  Thu Feb 17 00:55:18 1994
From: ritter at cactus.org (Terry Ritter)
Date: Thu, 17 Feb 94 00:55:18 PST
Subject: Isolated Double-DES
Message-ID: <9402170851.AA06184@cactus.org>






                   Ritter Software Engineering
                       2609 Choctaw Trail
                       Austin, Texas 78745
                (512) 892-0494, ritter at cactus.org



   2x Isolated Double-DES: Another Weak Two-Level DES Structure

                          Terry Ritter
                        February 16, 1994


Introduction

The time has come to replace DES, the US Data Encryption Standard,
but there is no clear alternative.  While there are many ciphers
which are demonstrably faster and also arguably stronger than DES,
the fact that cipher strength cannot be _tested_ but must instead
be_argued_ makes many users nervous.  The US government offers some
alternative ciphers, but those are secret designs whose strength
_cannot_ be argued, again making users nervous.

The current leading candidate for a replacement to DES is "triple-
DES," a three-level construct using DES at each level.  This is a
comforting design, because users are already convinced that DES
can be relied upon for a certain level of strength.  Unfortunately,
a software implementation of triple-DES takes three times the
processing of normal DES.  While this is a mere detail on systems
which process the occasional enciphered email message, operational
speed is fundamental to widespread industrial use.  Ciphering speed
is essential in LAN servers and other fully-enciphered communications
nodes.  Speed is also important when ciphering is an integral part
of laptop software which communicates to a central facility.  Fast
software ciphering is important.

Because the ciphering speed for triple-DES is not acceptable, no
three-or-more-level construct could possibly be satisfactory in
this respect.  This limits our design alternatives to one-or two-
level constructs based on DES.

The goal, then, is to find--if possible--a construct which is based
on DES, has strength substantially beyond normal DES, but requires
less processing than triple-DES.  This time we start from the base
of double-DES, and directly confront the known weakness of that
approach:


Double-DES

The classical double-DES construct is something like this:

            A
            v
     k1 -> DES1
            v
            B
            v
            C
            v
     k2 -> DES2
            v
            D

where each single capital letter represents an 8-byte DES block.
Double-DES is normally not used, because of the meet-in-the-middle
attack:


Meet-In-The-Middle Attack on Double DES

Assume we have known-plaintext A for ciphertext D:  Encipher A
under every possible key k1, and decipher D under every possible
key k2.  (The cost for this is only two full DES key searches.)
Then check for matches between B and C.  If there are multiple
matches, the correct k1 and k2 will be there somewhere, and we
can isolate the correct pair with one or two more known-plaintext
blocks (this is a loose interpretation of [2]).

This works for the normal double-DES construction because it is
possible to check for matches between B and C; the weakness seems
to be the ability to check for a match.  Assuming that we have
properly identified the principal weakness of double-DES, let's
fix it:  We can isolate the two values, making a match check
impossible, so that not even one bit can be checked.


Isolated Double-DES

Consider a two-level DES construct like this:

            A
            v
     k1 -> DES1
            v
            B
            v
     km -> XOR
            v
            C
            v
     k2 -> DES2
            v
            D

where k1 and k2 are 56-bit keys, but km is a 64-bit key.
Technically, this construct could be considered to be either
double-DES with an intermediate ("isolating") XOR operation, or
triple-DES with XOR replacing the middle DES operation.  But since
the processing cost for this system is similar to double-DES, it
is reasonable to call it a form of double-DES.

While it is true that we now have three keys for a two-level DES
structure, this is no worse than triple-DES with separate keys.
But is it stronger than double-DES?


Isolated Double-DES Meet-In-The-Middle Attack

Again, encipher A under every possible key k1, and decipher D under
every possible key k2 and check for matches between B and C.

But in the isolated construction, every possible pair of values
(B,C) has some key km which would make that pair match.  Thus, the
weakness of match identification in the original construction is
not possible in the alternate construction.

The keyspace seems to be 56 + 64 = 120 bits, which would probably
be satisfactory for another couple of decades, or until an open
science of cryptographic machine design has matured.  It still
has a small block size, however.


Larger Blocks

DES uses a relatively-small 8-byte block, so if DES were used
in Electronic Code Book (ECB) mode and large amounts of plaintext
were known, a dictionary attack would be possible.  Fortunately, DES
is normally used in Cipher Block Chain (CBC) mode, making dictionary
attacks difficult.  But a dictionary attack on ECB mode could be
viewed as a "certificational attack" which is "indicative of
weakness" in the cipher itself. [1:466]

If we make the modest assumption that ordinary text has an
information content of under 40 percent of the binary size, then
a 64-bit block of text generally contains less than 26 bits of
uniqueness.  Worse, short words occur far more often than an even
distribution would indicate.  Although it would certainly be ill-
advised to send 2^26 blocks (2^29 bytes) of data under a single set
of keys, it is interesting to note the relatively small size of this
figure when compared to other cryptographic quantities.

For this reason, it seems appropriate that any new standard specify
an expanded block width.  Here is a double-width approach, 2x2 DES
described in an earlier article:

             A             B
             v             v
      k1 -> DES1    k2 -> DES2
             v             v
             C             D
          Exchange Right 4 Bytes
             E             F
             v             v
      k3 -> DES3    k4 -> DES4
             v             v
             G             H

Note that the 64-bit quantity G (for example) is a complex nonlinear
function of A, B, k1, k2, and k3; a total of 296 bits.  Nevertheless
the system is still solvable with meet-in-the-middle:


2x2 DES Meet-In-The-Middle Attack

With one known-plaintext block, we can search one top key and one
bottom key (say, k1 and k3) and find pairs (E,C) which match at the
appropriate 32 bit-positions.  Then we can identify the correct
pair with additional known-plaintext blocks, resolving the keys at
32-bits per known-plaintext pair.

We can guarantee that the two keys will be found by searching all
possible k1 and k3.  This is only twice the normal DES keyspace,
but may well require a huge amount of storage to identify all the
values and associated keys (say, E and k3) which match a particular
result (say, C).  We do not want to run through every k3 every
time we change k1.


2x2 DES Differential Attack

Eli Biham [1] points out that a differential attack can eliminate
the need to store the result from every possible key.  In this case
we need two different large blocks of known-plaintext with plaintext
or ciphertext half the same (say, A:B -> G:H and A:X -> Y:Z).  With
A the same in both large blocks, we know that the left-half of E
must also be the same.  Then, since we have two different blocks, we
can step through all possible values for k3, deciphering G into E
and Y into E' each time, looking for any results with the left-half
the same.  This should occur about every 2^32 trials, producing 2^24
trials which match, which should be resolved in only one or two more
set of known-plaintext blocks.  No huge storage is needed.


2x Isolated Double-DES

Consider a pair of isolated double-DES structures, combined as
described for 2x2 DES:

            A              B
            v              v
     k1 -> DES1     k2 -> DES2
            v              v
     km -> XOR1     kn -> XOR2
            v              v
         Exchange Right 4 Bytes
            v              v
     k3 -> DES3     k4 -> DES4
            v              v
            C              D

The result is a double-width structure, in which every ciphertext
bit in C depends on each and every bit in A, B, k1, k2, and k3, as
well as half the bits in km and kn.  Ciphering occurs at the rate
of double-DES.  While it is certainly true that six keys are needed,
keys need be transmitted far less often than data, and by having
separate keys we avoid attacks which depend upon having the same
key at multiple parts of the operation.  If we say that enciphering
occurs "from the top down," (XOR before exchange) then we would say
that deciphering occurs "from the bottom up" (exchange before XOR).


2x Isolated Double-DES Meet-In-The-Middle Attack

The double-DES meet-in-the-middle attack depended upon having a
structure in which the enciphered plaintext was identical to the
deciphered ciphertext.  This allowed both keys to be manipulated
and the resulting data space searched for matches.

In isolated double-DES any enciphered plaintext value can be
related to any deciphered ciphertext value by varying the middle
or "isolating" key.  Thus, meet-in-the-middle seems not very useful.


2x Isolated Double-DES Differential Attack

The 2x2 differential attack depended not upon identical top and
bottom values, but upon producing an identical value (in particular
known bit positions) from a bottom deciphering (for example).  This
situation is not affected by the XOR and so the differential attack
will still work.


Conclusion

2x Isolated double-DES falls to a differential attack.


References

[1]  Biham, E.  Mon, 7 Feb 1994 16:59:28 GMT.  Comments on Nx2 DES.
     <CKv5v5.EnF at chinet.chinet.com>

[2]  Merkle, R. and M. Hellman.  1981.  On the Security of Multiple
     Encryption.  Communications of the ACM.  24(7): 465-467.





From mcb at net.bio.net  Thu Feb 17 01:15:18 1994
From: mcb at net.bio.net (Michael C. Berch)
Date: Thu, 17 Feb 94 01:15:18 PST
Subject: Detweiler abuse again
Message-ID: <199402170912.BAA01380@net.bio.net>


Jim Wise writes:
> > It's really not censorship for Hal or any other remailer operator to
> > say _his_ machines, accounts, reputation, etc., will be used to mail
> > death threats to whitehouse.gov, for example, or mailbombs to
> > newsgroups and mailing lists.
> 
> While it is not censorship as such, it rather seems against our stated 
> goals as cypherpunks to advocate such filtering...not because of what 
> it blocks from our own sites, but it _does_ affect those downstream.  

With due respect for the sentiment, I really think that the concept of
"downstream" will not be with us for very much longer, and in most
places is already quite archaic.  If the net-sites of South Island NZ
wanted the alt.sex groups, they were free to find other sources for
them, such as a commercial service provider.  Getting a free newsfeed
is nice, but it is folly to rely on it.   I think it is a mistake to
base (or debate) ethical questions about what traffic one wishes to
accept and carry upon mechanical matters such as the topology of one
particular transport mechanism for message-based communications.

> Another key point is that we not let our own personal feelings interfere with 
> our political actions.  I'm sure most of us here were offended by the 
> suggestions in the heat of the anonymity debate that all anonymous 
> postings to newsgroups be killed...yet here are cypherpunks advocating the 
> filtering of all Detweiler and Detweiler-seeming posts.  Sure, the guy's 
> a prick, but should we let him turn us into fascists?

Good point.  Depends what you mean by "filtering", though.   I would
prefer that remailer operators and other service providers NOT block
anyone's messages based on content or identity of origin, merely based
on whether or not they interfere with the operation of the service, or
jeopardize the service's future operation (i.e., on legal grounds). 
*But*, I do support the right of individuals and private sites to
"filter" messages based on content or identity of origin, by means of
killfiles or similar.  

--
Michael C. Berch
mcb at net.bio.net / mcb at postmodern.com






From ndw1 at columbia.edu  Thu Feb 17 01:40:34 1994
From: ndw1 at columbia.edu (Nikolaos Daniel Willmore)
Date: Thu, 17 Feb 94 01:40:34 PST
Subject: Bye from Xenon.
Message-ID: <199402170937.AA12633@konichiwa.cc.columbia.edu>


Date: Wed, 16 Feb 1994 23:43:14 -0800
Message-Id: <199402170743.XAA24572 at mail.netcom.com>
To: cypherpunks at toad.com
From: catalyst-remailer at netcom.com
Subject: LD's lance account is toast
Remailed-By: Remailer <catalyst-remailer at netcom.com>
Comment: This message is NOT from the address on the 'From:' line; it is from an
 anonymous remailing service.  Please report problem mail to catalyst at netcom.com





From ndw1 at columbia.edu  Thu Feb 17 01:45:18 1994
From: ndw1 at columbia.edu (Nikolaos Daniel Willmore)
Date: Thu, 17 Feb 94 01:45:18 PST
Subject: Bye from Xenon.
Message-ID: <199402170941.AA12749@konichiwa.cc.columbia.edu>


-----BEGIN PGP SIGNED MESSAGE-----

 -= qwerty remailer shutdown notice =-

Disclaimer: none.

OK tentacles, damage control time. See what one post can start? And you
think alt.w.a.s.t.e. would survive (see forwarded posts from Usenet)? I
have just remembered that I arrived here on this mailing list in need of
remailers, since I was being anonymously Xenon. For that I gave up my
anonymity, to the remailer operators. Then I decided to gain some
legitimacy by starting my own remailer on Netcom. As Netcom has no
Manhattan number yet, and I like to connect at lab, that blew my anonymity
for any Unix skilled person who wanted to find out who I was. Finally I
lost sight of why I really came here, which was to find out ways to get PGP
out to people. And now that I'm posting via qwerty, I don't even need a
remailer network any more.

I have also come to realize that in the next five years, the ONLY solution
to keep people from abusing the remailers is a human being sitting there
moderating the remailer. As I do not have the time, and do NOT think it
would be profitable to try to pay some undergraduate to moderate qwerty, I
have decided to shut qwerty down. The only other solution in my mind is to
have qwerty forge its return address, a solution that will likely get my
account revoked when the shit hits the fan after just ONE abuse causing
postmaster at netcom.com to have to pour through sendmail logs and process
logs or whatever, to find me. And qwerty at netcom.com has become the "PGP
Information Clearinghouse". Yes I find it amusing to see "fuck-wads" whine
about one bad post to their oh so precious little narrow-minded newsgroup,
but I no longer see qwerty at netcom.com as an expendable resource, which I
can afford to loose.

I thought of remaining on the Cypherpunks mailing list, only because
Pr0duct Cypher (PGP Tools and Magic Money), Will Kinney (Curve Encrypt),
and a few other bright lights post here. But I am a man of action, not of
debate, and even on turning to debate on this list, I find very few out
here who are as smart, humane, creative, or radical as I am, and therefore
I become unfulfilled with the level of discussion I am able to find. I made
a big mistake turning away from product development and information
distribution to debate, and trying to change people's opinions. This was
what lead me to science. I can be found on Usenet, if ever my unsubscribe
request will be fulfilled by Eric Hughes, who cannot even figure out how to
automate a mailing list, or avoid silly errors with the remailing software.
I am sorry to express my disappointment, and the fault lies only with
myself, for I mistook you for adults. When a real (my favorite word)
cryptography mailing list appears, and is announced on Usenet, I shall
subscribe.

The "Cypherpunks" have disappointed me, for as I have said before, they are
not punks. Nor, I have found, are they "Cypher", if that imply them being
competent activists. Hell, they can't even run a mailing list or an ftp
site. The clincher came today, when I asked Eric Hughes, "founder of the
Cypherpunk movement", about why the FUCK he hasn't fixed macpgp2.3.cpt.hqx
to reflect the fact that it is a .gz file, not a .hqx text file. This,
after I posted it very loudly to the list that it had a corrupt name, and
that a month after I posted the same thing to Usenet. What he told me was
this, and I apologize for the pathetic act of posting "personal e-mail" but
well, FUCK YOU if it bothers you, or doesn't conform to some RFC standard
of "netiquette":

>From: hughes at ah.com (Eric Hughes)

>Look, I don't have the permission to change the file name, or I would have
>done it. soda is running with very low quotas and the administrators
>changed some of the ownerships without setting the permissions right, OK?

And this is our Great White Hope for who will run our future e-bank, and
revolution culminating in the fall of the government as we know it? He who
speaks in tongues instead of English, about remailers? When I stop
laughing, I'll start crying. And Eric, "Hey". Sure liked that STUPID
Cypherpunks meeting, with all the God Damned, "Eric_Hughes [Guest] orders
Medusa, One Medusa, coming right up!, Don't got your snakes on today, Might
I recommend a needle with that?, The bacteria on the bar die as the drink
is set down., ld brings Eric_Hughes [Guest] a Medusa."

PhUcK y0u EveRyb0dy ;-). Bye, till I get my hands on Stealth-PGP, which
should be a few days from now. Then the fun begins: sophisticated
steganography. I hope it works out with Stealth-PGP, so I don't have to
convince people to rewrite PGP from the ground up, 'cause as you know it
takes a lot of work to get past those "closed doors" to talk to those secretive
developers of the (grassroots) upcoming new de-facto encryption standard.

Why don't I disappear silently? Because I know there are many "lurkers" out
there who would appreciate knowing why I left. I get mail from them often.
In fact, I think the greatest power in this list, if it has power, lies in
the hands of the "lurkers". Those who spread PGP, one copy at a time, and
wish to learn here, not live here. And because I want this great audience
to hear my words, for I think they matter and will have influence, for I
say nay, these are not activists, these "Cypherpunks". They are greedy
e-yuppies, who would use encryption for personal gain, at the expense of
their fellow man. I have discovered that and I now must part ways, hoping I
do not loose contact with those few out here on the internet who are
straight thinkers and straight arrows.

Another pathetically motivated, but this time nostalgic, quote from
personal e-mail:

From: Philip Zimmermann <prz at columbine.cgd.ucar.EDU>

>Your letter is interesting. I'd like to discuss some ideas with you.
>We should talk. Please send me your phone number, or call me at
>XXX XXX-XXXX. Early morning is not the best time to call. Any other
>time is. Please call me. I like your ideas.

 -=Xenon=-

Forwarded from Usenet ("the beginning of the end"):

comp.org.eff.talk #27044 (0 + 3 more)                   
[1]
From: mcwhirk at mail.auburn.edu (Robert K Mcwhirter)
[1] Is this Blacknet stuff possible?
Followup: comp.org.eff.talk
Organization: Auburn University
X-Newsreader: TIN [version 1.2 PL2]
Date: Wed Feb 16 23:58:30 EST 1994
Lines: 51

[ Article crossposted from sura.security ]
[ Author was Pat Eddy ]
[ Posted on Wed, 16 Feb 94 17:11:52 -0500 ]

Pat,

> Can someone at SURAnet comment on this Blacknet stuff that seems to
> be hitting some of the USENET newsgroups lately. Are these people
> as untraceable as they say ?

I saw the posts myself... The best comment I saw was a followup post,
to the effect of "some darn kids out there have been taking William
Gibson a little too seriously."

A little more seriously, though: Yes, it may be very hard to find out
who is participating in this scam -- given the number of anonymous
posting services and anonymous ftp sites (some of which don't log
their transactions at all) they could hide for quite some time from
semi-casual scrutiny.

However, given CERT's fairly long arm in this arena, I suspect it
wouldn't take long for a concerted effort on the part of CERT to shut
them down. That depends on CERT's perception of "blacknet" as a
serious security threat -- I can't speak for them, but I'd hazard to
guess that they are about as concerned about "blacknet" as we at
SURAnet are... which is to say "not at all". (I base this guess on a
lack on response from CERT regarding these posts.)

I also think that blacknet's reach exceeds their grasp -- the claims
they make about "sending cash" and "depositing funds in accounts you
specify" strikes me as mighty big talk from a group that isn't on Dunn
and Bradstreet's register. If anything, their goals are probably much
more short term, like ripping off anyone foolish enough to show
interest in their "service." And of course, there's always the chance
that it was just a joke/boast/prank. Usenet is the Net of a Million
Lies, after all....

Nick Vargish

 ----------------------   ----------------------   --------------------
- - ---
 |.  Nick Vargish  .|   |.   SURAnet   .|   |. O: (301) 982-4600
.|
 |. vargish at sura.net .|   |. systems engineer .|   |. rust never sleeps
.|
 ----------------------   ----------------------   --------------------
- - ---

comp.org.eff.talk #27045 (0 + 2 more)                   
[1]
From: mcwhirk at mail.auburn.edu (Robert K Mcwhirter)
[1] Blacknet
Organization: Auburn University
X-Newsreader: TIN [version 1.2 PL2]
Date: Thu Feb 17 00:01:11 EST 1994
Lines: 19

I just corss-posted (I think I did it right) an article concerning the
'Blacknet'.

What bothers me is not the blacknet itself, but the attitude of the
second poster in the thread saying how CERT could 'strong-arm' the
anonymous remailers to find out who was running the Blacknet.

Is this possible? Would/Could CERT actually do this if they wanted to?
What are they? The net.cops?

- - -Bob

- - --
====
Bob Socrates McWhirter     internet: mcwhirk at mail.auburn.edu

"God is dead"         "Nietzsche is dead"
  -Nietzsche           -God



-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWLyEgSzG6zrQn1RAQFGRgQAwRKm/6vblnWxwZ9hgfwPo4VKlUwkqIGE
8rJMMDSP9F6W0iGHn0EEXTFShqTRP0DGK93DdWorbv6TIIZxbZnbO7Yrzzn/CR63
neAKwrEoyiBYHwgfw7OvPYx4erQJnd5VFKlc1eXA5usjL4reokg2HpFA/Jr2EvXx
OWP1g6YPdPk=
=66hE
-----END PGP SIGNATURE-----






From pmetzger at lehman.com  Thu Feb 17 05:00:40 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 17 Feb 94 05:00:40 PST
Subject: No Subject
In-Reply-To: <199402170326.TAA29452@mail.netcom.com>
Message-ID: <9402171256.AA11290@andria.lehman.com>



Xenon says:
> "Making his life easy", or making it harder, just doesn't register
> in my mind as being a real issue.

Then why not leave your door unlocked? After all, locking it only
makes the lives of thieves more difficult -- they can still break in
if they really try.

.pm





From an53518 at anon.penet.fi  Thu Feb 17 05:20:40 1994
From: an53518 at anon.penet.fi (an53518 at anon.penet.fi)
Date: Thu, 17 Feb 94 05:20:40 PST
Subject: money maker
Message-ID: <9402171238.AA16774@anon.penet.fi>



Count me in.  I can take information from the U.S. and Canada and send to 
the Bahamas and Switzerland (and any other country for that matter).  
Additionally, I believe I have a fairly safe way to route messages.  The 
only problem is this: would the lag between mailing the email and the 
financial transaction going through diminish the return on the 
investment?  Perhaps that is something to consider.


-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From pmetzger at lehman.com  Thu Feb 17 05:55:22 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 17 Feb 94 05:55:22 PST
Subject: Detweiler blocking
In-Reply-To: <Pine.3.87.9402170115.B17940-0100000@acf4.NYU.EDU>
Message-ID: <9402171352.AA11487@andria.lehman.com>



wisej says:
> >
> > My goal is not to make anonymity available for all. My goal is to keep
> > it LEGAL for all. Mr. Detweiler and the rest can pay for their
> > anonymity on their own dime -- I give my services to people I like and
> 
> But the best way to keep it legal is to keep it widely available, no
> questions asked.

I see no reason to believe that the one follows from the other, but
even assuming that you were right, barring Detweiler does not
substantially reduce the set of people to whom services are available.

.pm





From pmetzger at lehman.com  Thu Feb 17 06:00:41 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 17 Feb 94 06:00:41 PST
Subject: The L.D. persona...
In-Reply-To: <199402170652.WAA19282@mail.netcom.com>
Message-ID: <9402171357.AA11510@andria.lehman.com>



Xenon says:
> He also wrote the "Privacy and Anonymity on
> the Internet" FAQ, which is still regularly posted
> to Usenet, and mentioned at the end of my Guide,
> and is highly recommended reading.

Frankly, I think it sucks -- said so long before he went nuts. Its
full of factual errors (my favorite howler being that the US-Australia
link is "only" 500 megabytes a second in bandwidth), strange
constructions, and other junk. I also recall that I had several fights
with him early on because of his panic stricken howls of how "we" have
to do X and "we" have to do Y, as if there was a "we" here rather than
a mailing list. Can't say that I *ever* liked Mr. Detweiler.

Perry





From jmallin at umich.edu  Thu Feb 17 06:45:23 1994
From: jmallin at umich.edu (Jonathan Scott Mallin)
Date: Thu, 17 Feb 94 06:45:23 PST
Subject: Pen recorders and phone records
In-Reply-To: <199402170540.VAA03562@jobe.shell.portal.com>
Message-ID: <Pine.3.89.9402170908.A9746-0100000@whitman.ccs.itd.umich.edu>


The Secret Service also refer to devices that record incoming phone 
numbers as pen registers.

        _            __  __      _ _ _        
    _  | |___ _ _   |  \/  |__ _| | (_)_ _   <*>  Jonathan Scott Mallin
   | |_| / _ \ ' \  | |\/| / _` | | | | ' \  <*>  <jmallin at umich.edu>
    \___/\___/_||_| |_|  |_\__,_|_|_|_|_||_| <*>  Email for PGP key 
-> This entire message is (C) 1994 by Jonathan Mallin.  Reproduction is <-
-> prohibited without express written consent.                          <-






From tomc at sefl.satelnet.org  Thu Feb 17 07:20:42 1994
From: tomc at sefl.satelnet.org (Tom Cropper)
Date: Thu, 17 Feb 94 07:20:42 PST
Subject: unsubscribe
Message-ID: <Pine.3.89.9402171044.A11926-0100000@sefl>


unsubscribe






From an65939 at anon.penet.fi  Thu Feb 17 07:30:41 1994
From: an65939 at anon.penet.fi (an65939 at anon.penet.fi)
Date: Thu, 17 Feb 94 07:30:41 PST
Subject: East Europ{ean view on Clipper
Message-ID: <9402171418.AA00533@anon.penet.fi>


	The widespread discussion of the Clipper Chip in both US
media and relevant discussion lists is limited mostly to American
people. Therefore, I wish to add my small opinion from behind the
former Iron Curtain based upon my lifetime experience of living in
Poland. The discussion is very interesting for me because in a few
years' time when we will be more technologically developed (and have
bigger GDP so that secret services may flourish) it may repeat itself
in my country. I was inspired by the contribution of prof. D. Denning
whom I appreciate for outstanding book about cryptography and data
security.
	For years we lived here with the overwhelming impression of
being under constant surveillance by omnipotent secret services
maintained by undemocratic regime supported by Moscow. For instance
people were afraid not to take part in then sham elections. Those
elections were openly unequal - their results were obvious for
everyone before the results - but were hyped in the media as an act of
support for the government. The widespread belief was that if one did
not participate he will be denied some "privilege" for example
passport and exit visa to the West on the next request. The same
applied to not taking part in 1st May official parades which were said
to be voluntary. The regime was also afraid of every way of people's
informal associating. Participants in unofficial gatherings were
photographed and videotaped with the hope of identifying them.
Telephone was always considered insecure and all international calls
were "for sure" supposed  to be wiretapped. As the published files of
East Germany's STASI showed these fears were not groundless. From the
four years' distance then polish secret service does not seem to had
been so strong but its files WERE NOT revealed and the overall
impression remains obscure.
	For years the society had a highly positive attitude towards
West and particularly American people despite officially publicized
love for Russian liberators. Unfortunately the knowledge of the West
was very, very incomplete. 	Not surprisingly when the communism
collapsed in 1989 the society wanted to integrate quickly with the
West hopeful to reach their level of freedom and prosperity soon. And
to their surprise the West did not fulfil their expectations either
because they were false or because at the same time some of Western
ideals had proven unrealistic and were to be abolished. And we learned
that the Swedish model of caring state is economically infeasible in
the long run, that new gospel should be promulgated to change the fast
way of western life, that the World had just entered into global
recession so everybody is afraid of newly emerged poor democracies,
that our model USA is indeed (as described by former pro Moscow
propaganda) a ruthless oppressor for some disobedient nations.
	At the same time we entered the Cyberspace. It was really a
unique experience to have the freedom of sending out (to the West)
everything one wishes just after the period of total censorship.
Recent developments in cryptography and the work of Cypherpunks have
created perhaps for the first time in mankind's history the
opportunity to create global communities that evade government's
surveillance. It seemed that an omnipotent repressive regimes may one
day become hardly possible at all. And now we learn that such a
privilege cannot be extended to voice communication. I am afraid that
similar regulations will apply to communication over future high
throughput electronic highways and that the present loose regulations
concerning Internet are the result of first incredible speed of the
development of this medium (the democratically elected regimes didn't
catch up) and second the smaller (for the time being) popularity of
email communication when compared to for instance fax and phone.
	And now conclusions. Despite the gloomy picture I have just
presented I am on the whole an optimist. Properties of mathematics
behind cryptography are part of the nature itself and like the
software cannot be destroyed by human regulations. The governments may
slower the outburst of universal privacy but will not evade it. In the
Clipper's case I agree with the conclusion of "Newsweek" from 14 Feb.
'94 which suggests that the US users will use foreign made devices and
foreigners will be reluctant to use US made ones that can be
wiretapped. As the fall of Berlin Wall showed the regulations that do
not have popular support will one day collapse.
	Thank you for taking time to read my private opinions and
please excuse me poor language (I am not native) and contents (I am
very technical).

			Doodeck
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From hughes at ah.com  Thu Feb 17 07:55:24 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 17 Feb 94 07:55:24 PST
Subject: Bye from Xenon.
In-Reply-To: <199402170941.AA12749@konichiwa.cc.columbia.edu>
Message-ID: <9402171548.AA02672@ah.com>


This is a flame.  You are forewarned.

>[...] if ever my unsubscribe
>request will be fulfilled by Eric Hughes, who cannot even figure out how to
>automate a mailing list, or avoid silly errors with the remailing software.

>[...] why the FUCK he hasn't fixed macpgp2.3.cpt.hqx
>to reflect the fact that it is a .gz file, not a .hqx text file. 

Fuck you.

I have root on neither machine.  Either you don't know what this means
with respect to my ability to change configurations, in which case you
wish to insult me out of an unaware ignorance, or you do know, and
wish to taunt me with my lack of access.

_You_ put up PGP for ftp at any account under your control and keep it
there for more than a year and I'll apologize, and sincerely.

>He who speaks in tongues instead of English, about remailers? 

I'm leaning toward the ignorance interpretation above.

Or did you want your analysis spoon-fed?  All I heard from you was "I
don't get it.  Could you repeat yourself for my benefit?"

No.  If you had asked a question which had indicated the least effort
on your part to understand the posting, I would have responded.

And you think you've participated in debate.  God.  All I saw from you
was a bunch of shouting and no listening.

But let me summarize one of my points here for you.  You anticipate
taking heat for running a remailer.  That "taking heat" includes both
feeling guilty about what it's being used for as well as fielding
complaints.  Therefore you are shutting your remailer down, which is
exactly what I advised.

To make my advise crude, "If you're a wuss, go away."  And continuing
crudely, you're both a wuss _and_ going away.  It seems like a
perfectly straightforward and reasonable state of affairs to me.

Eric





From nobody at soda.berkeley.edu  Thu Feb 17 08:10:43 1994
From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu)
Date: Thu, 17 Feb 94 08:10:43 PST
Subject: RIP ld231782
Message-ID: <199402171606.IAA06177@soda.berkeley.edu>


[longs.lance.colostate.edu]
Login name: ld231782  			In real life: L. Detweiler
Office:  			Home phone: 498-8278
Directory: /users/ALUMNI/ES/ld231782	Shell: /warnuser
Never logged in.
Plan:
          This account is no longer active.
	  E-mail to this account will be
	  bounced; forwarding address is
	  unavailable.





From boone at psc.edu  Thu Feb 17 08:15:23 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Thu, 17 Feb 94 08:15:23 PST
Subject: Models of Anonymity (was Re: Detweiler abuse again)
In-Reply-To: <9402150715.AA02994@toxicwaste.media.mit.edu>
Message-ID: <9402171612.AA00342@igi.psc.edu>



Derek Atkins <warlord at MIT.EDU>  writes:
>
> I'm not sure that I really meant to have a receipt, more or a
> return-path.  Maybe even a cryptographiccally secure return path.  I
> think a question is: who are we protecting against?  Are we protecting
> against the remailer operators?  Or are we trying to protect from a
> third party?

  I think that we are trying to protect against 3rd parties.  With the
  X-A-R-P:/X-A-S-P: scheme I posted, each remailer *could* log who it
  came from and who it was going to -- it's optional.  But, (with the
  appropriate delays and padding to prevent traffic analysis), a third
  party would not be able to figure that out.

> To me, this is like NEARNet saying that they have no obligation to
> accept packets from a known disruptive user.  No, I don't believe that
> that is the answer.  Then again, I don't think that a remailer should
> run out of an account, but rather on a machine, but that's a different
> story.  I consider a remailer a service, and as such, the service
> should be available to all comers.  (With digital postage this
> paradigm makes much more sense).  I do not think of it like a home.

  I would argue that you are correct.  Anonymous remailing is a new service.
  It should have new servers that run on a well-known port (so that any user
  can start one up) and hacks could be put into most of the current mail
  agents to support using an anoymous remailer.  We don't even have to follow
  RFC 822 in the format of our messages, though I think we should.

> I also agree that positive reputation is important, but I think that
> is much more difficult to implement than a more secure anonymous
> system.

  Yes.  The easiest way to build a reputation is to assign some unique
  public/private key pair to each anonymous user and require all remailed
  messages to be signed.  Then, you as a user can choose to ignore or
  read messages from that id.  Additionally, it does allow for the
  server daemon to reject postings from "abusive" ids or simply not forward
  the posting, but rather a notice stating the ID and subject line of the
  message, making it available in a public place like anonymous ftp or
  gopherspace for those who *do* want to read it.  

  The really nice thing about this is that it won't prevent people from
  having their anonymity, but it will cut down on the actual damage that
  abusers can do.

> To reiterate: I do think that something needs to be done, but I think
> we should analyze what we are trying to accomplish rather than rushing
> off and saying "just don't service this abusive customer".

  I agree.  I think anonymous remailing should be as close to universal as
  possible.  If there *is* a way to service everyone, I think we should do
  it.  Resorting to non-service of "abusers" should be the last resort.

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From billy at ocf.Berkeley.EDU  Thu Feb 17 08:55:23 1994
From: billy at ocf.Berkeley.EDU (William Thompson)
Date: Thu, 17 Feb 94 08:55:23 PST
Subject: unsubscribe
Message-ID: <Pine.3.89.9402170829.A4710-0100000@sandstorm.berkeley.edu>


please unsubscribe me.






From boone at psc.edu  Thu Feb 17 08:55:43 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Thu, 17 Feb 94 08:55:43 PST
Subject: Detweiler abuse again
In-Reply-To: <9402151602.AA03825@bogart.Colorado.EDU>
Message-ID: <9402171652.AA00789@igi.psc.edu>



"W. Kinney" <kinney at bogart.Colorado.EDU>  writes:
>
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> One can only reach the conclusion that Usenet is broken if one assumes
> that the remailers _aren't_. The automatic broadcast property if Usenet
> is not a problem if you can always determine the source of a message. This
> isn't an argument against anonymity, but just saying it's a little
> backwards to say that Usenet has to be redesigned because it doesn't work
> with the remailers.

  The real problem is the same sort of problem that one has to face in all
  public spaces.  If an individual is allowed to speak, they may be abusive.
  If they are not allowed to speak, the state is being abusive.  Usenet is
  a public space.  Sure, people have attempted to moderate parts of it, but
  all they've really done is split off from the public space to form private
  spaces which have restrictive policies on content.  

> Why not use technology to solve a technological problem? The difficulty 
> here is that it is impossible for any one remailer operator to prevent 
> someone, say LD, from using the remailer system. The best he can do is stop 
> LD from using his site as an entry point. So why not introduce a little 
> cooperation among operators? This can be accomplished without collusion of 
> the sort that would break anonymity.

  Co-operation amongst remailer operators won't solve this problem either.
  If any one site lets Larry use a remailer, then he's free to abuse the
  system.  Like open terminal servers, a few may survive the purge, but
  the abuses tend to consolidate the opinion of the many against the
  idea of the service.

> Pretty much all the remailer operators are 'punks, right? If a critical 
> mass of operators get together and agree to block a standardized set of 
> sources and destinations, then that group of operators will have enough 
> pull to force the other operators to toe the line. The trick is to block 
> messages from remailer _operators_ who refuse to agree to behave as part of 
> the community, effectively isolating the wildcats. An isolated remailer is 
> useless.

  First of all, I'd like to see remailer servers running on a well-known
  port.  That way, anyone could stick up a remailer, provided they had
  access to a C compiler.  There would be no cabal of remailer operators, 
  because everyone would have the possiblity of being a remailer.  Also,
  an isolated remailer isn't useless.  It doesn't provide perfect anonymity,
  especially since it may be doing logging.  But, remember, when the entire
  chain is as strong as it's strongest link, the chain doesn't necessarily
  need to be more than one link long.

> Should be easy enough to work out -- a posted alert PGP signed by any two 
> remailer operators is immediately implemented, no questions asked. Remailer 
> scripts should include blocking by source, destination, or _content_, as in 
> posts on a certain subject to a certain newsgroup. This would allow 
> blocking of a nutcase using encrypted hops to post to Usenet without having 
> to collude and blow his anonymity. Just say "Sorry, due to abuse of the 
> remailers, we're not going to forward messages about the creatures from 
> Uranus using microwave mind-control any more". This is a complicated idea 
> in a general case, but scanning for subject lines, for instance, could be 
> implemented as easily as scanning for destinations.

  So then you end up with a situation where the potential abusers are writing
  subject lines which don't match the contents.  In general, you're going to
  have a hard time trying to prevent certain subjects from getting out,
  especially if you plan on automating this function.

> What we have now is a bunch of single remailers. It's a very small step to 
> create a cooperative group of remailers, and it would provide avenues for 
> solutions to a lot of the potential problems. This is not perfect, but it's 
> better.

  Actually, I don't believe that it's better.  I think that the base
  functionality of remailers should be standardized, so that they can 
  all interoperate, but I don't think that forcing the operators into
  a cabal is at all helpfull.

> tytso at ATHENA.MIT.EDU (Theodore Ts'o):
> 
> > Lance is, unfortunately, pointing out some huge, gaping holes in the
> > current architecture of the Cypherpunks remailers.  It would be good if
> 
> LD is smart enough to know that you _chain_ remailers for anonymity. I 
> think he wanted us to know it was him, and wanted to see whether or not Hal 
> would blow his anonymity when it came down to it.

  I think you're right.  He wanted to know if Hal could be trusted to not
  give in when the "abuse" became unbearable.  Hal, apparently, couldn't.

  I understand that Hal has to do what he feels is right.  However, if all
  remailer operators are going to cave when faced with an "abuser" who they
  don't agree with, then there will be no anonymity for anyone.

  What ever happened to "I hate what you say, but I will fight to the death
  for your right to say it?"

  How long will it be before we get to the point where certain "contents" are
  considered off-limits?  

  Everyone needs to be able to run a remailer.  How else will you be able to
  trust the remailer operator?

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From mech at eff.org  Thu Feb 17 09:10:44 1994
From: mech at eff.org (Stanton McCandlish)
Date: Thu, 17 Feb 94 09:10:44 PST
Subject: Barlow Wired article on Clipper - "Jackboots on the Infobahn" !
Message-ID: <199402171705.MAA12235@eff.org>


[note: this article and other Clipper material are archived at:
ftp://ftp.eff.org/pub/EFF/Policy/Clipper/
Similar material can be found at soda.berkeley.edu.]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-Copyright 1993,4 Wired USA Ltd.  All Rights Reserved=-=-=-=-=-=
-=-=For complete copyright information, please see the end of this file=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

WIRED 2.04
Electrosphere
************* 

Jackboots on the Infobahn
^^^^^^^^^^^^^^^^^^^^^^^^^ 

Clipper is a last ditch attempt by the United States, the last great power 
from the old Industrial Era, to establish imperial control over cyberspace.

By John Perry Barlow


[Note: The following article will appear in the April 1994 issue of WIRED. 
We, the editors of WIRED, are net-casting it now in its pre-published form 
as a public service. Because of the vital and urgent nature of its message, 
we believe readers on the Net should hear and take action now. You are free 
to pass this article on electronically; in fact we urge you to replicate it 
throughout the net with our blessings. If you do, please keep the copyright 
statements and this note intact. For a complete listing of Clipper-related 
resources available through WIRED Online, send email to <infobot at wired.com> 
with the following message: "send clipper.index". - The Editors of WIRED]

On January 11, I managed to schmooze myself aboard Air Force 2. It was 
flying out of LA, where its principal passenger had just outlined his 
vision of the information superhighway to a suited mob of television, show-
biz, and cable types who  fervently hoped to own it one day - if they could 
ever figure out what the hell it was.

>From the standpoint of the Electronic Frontier Foundation the speech had 
been wildly encouraging. The administration's program, as announced by Vice 
President Al Gore, incorporated many of the concepts of open competition, 
universal access, and  deregulated common carriage that we'd been pushing 
for the previous year.

But he had said nothing about the future of privacy, except to cite among 
the bounties of the NII its ability to "help law enforcement agencies 
thwart criminals and terrorists who might use advanced telecommunications 
to commit crimes."

On the plane I asked Gore what this implied about administration policy on 
cryptography. He became as noncommittal as a cigar-store Indian. "We'll be 
making some announcements.... I can't tell you anything more." He hurried 
to the front of the  plane, leaving me to troubled speculation.

Despite its fundamental role in assuring privacy, transaction security, and 
reliable identity within the NII, the Clinton administration has not 
demonstrated an enlightenment about cryptography up to par with the rest of 
its digital vision.

The Clipper Chip - which threatens to be either the goofiest waste of 
federal dollars since President Gerald Ford's great Swine Flu program or, 
if actually deployed, a surveillance technology of profound malignancy - 
seemed at first an ugly legacy  of the Reagan-Bush modus operandi. "This is 
going to be our Bay of Pigs," one Clinton White House official told me at 
the time Clipper was introduced, referring to the disastrous plan to invade 
Cuba that Kennedy inherited from Eisenhower.

(Clipper, in case you're just tuning in, is an encryption chip that the 
National Security Agency and FBI hope will someday be in every phone and 
computer in America. It scrambles your communications, making them 
unintelligible to all but their  intended recipients. All, that is, but the 
government, which would hold the "key" to your chip. The key would 
separated into two pieces, held in escrow, and joined with the appropriate 
"legal authority.")

Of course, trusting the government with your privacy is like having a 
Peeping Tom install your window blinds. And, since the folks I've met in 
this White House seem like extremely smart, conscious freedom-lovers - 
hell, a lot of them are Deadheads -  I was sure that after they were fully 
moved in, they'd face down the National Security Agency and the FBI, let 
Clipper die a natural death, and lower the export embargo on reliable 
encryption products.

Furthermore, the National Institutes of Standards and Technology and the 
National Security Council have been studying both Clipper and export 
embargoes since April. Given that the volumes of expert testimony they had 
collected overwhelmingly opposed  both, I expected the final report would 
give the administration all the support it needed to do the right thing.

I was wrong. Instead, there would be no report. Apparently, they couldn't 
draft one that supported, on the evidence, what they had decided to do 
instead.


THE OTHER SHOE DROPS

On Friday, February 4, the other jackboot dropped. A series of 
announcements from the administration made it clear that cryptography would 
become their very own "Bosnia of telecommunications" (as one staffer put 
it). It wasn't just that the old  Serbs in the National Security Agency and 
the FBI were still making the calls. The alarming new reality was that the 
invertebrates in the White House were only too happy to abide by them. 
Anything to avoid appearing soft on drugs or terrorism.

So, rather than ditching Clipper, they declared it a Federal Data 
Processing Standard, backing that up with an immediate government order for 
50,000 Clipper devices. They appointed the National Institutes of Standards 
and Technology and the  Department of Treasury as the "trusted" third 
parties that would hold the Clipper key pairs. (Treasury, by the way, is 
also home to such trustworthy agencies as the Secret Service and the Bureau 
of Alcohol, Tobacco, and Firearms.)

They reaffirmed the export embargo on robust encryption products, admitting 
for the first time that its purpose was to stifle competition to Clipper. 
And they outlined a very porous set of requirements under which the cops 
might get the keys to your  chip. (They would not go into the procedure by 
which the National Security Agency could get them, though they assured us 
it was sufficient.)

They even signaled the impending return of the dread Digital Telephony, an 
FBI legislative initiative requiring fundamental reengineering of the 
information infrastructure; providing wiretapping ability to the FBI would 
then become the paramount  design priority.


INVASION OF THE BODY SNATCHERS

Actually, by the time the announcements thudded down, I wasn't surprised by 
them. I had spent several days the previous week in and around the White 
House.

I felt like I was in another remake of The Invasion of the Body Snatchers. 
My friends in the administration had been transformed. They'd been subsumed 
by the vast mindfield on the other side of the security clearance membrane, 
where dwell the  monstrous bureaucratic organisms that feed on fear. They'd 
been infected by the institutionally paranoid National Security Agency's 
Weltanschauung.

They used all the telltale phrases. Mike Nelson, the White House point man 
on the NII, told me, "If only I could tell you what I know, you'd feel the 
same way I do." I told him I'd been inoculated against that argument during 
Vietnam. (And it does  seem to me that if you're going to initiate a 
process that might end freedom in America, you probably need an argument 
that isn't classified.)

Besides, how does he know what he knows? Where does he get his information? 
Why, the National Security Agency, of course. Which, given its strong 
interest in the outcome, seems hardly an unimpeachable source.

However they reached it, Clinton and Gore have an astonishingly simple 
bottom line, to which even the future of American liberty and prosperity is 
secondary: They believe that it is their responsibility to eliminate, by 
whatever means, the  possibility that some terrorist might get a nuke and 
use it on, say, the World Trade Center. They have been convinced that such 
plots are more likely to ripen to hideous fruition behind a shield of 
encryption.

The staffers I talked to were unmoved by the argument that anyone smart 
enough to steal a nuclear device is probably smart enough to use PGP or 
some other uncompromised crypto standard. And never mind that the last 
people who popped a hooter in the  World Trade Center were able to get it 
there without using any cryptography and while under FBI surveillance.

We are dealing with religion here. Though only ten American lives have been 
lost to terrorism in the last two years, the primacy of this threat has 
become as much an article of faith with these guys as the Catholic 
conviction that human life begins  at conception or the Mormon belief that 
the Lost Tribe of Israel crossed the Atlantic in submarines.

In the spirit of openness and compromise, they invited the Electronic 
Frontier Foundation to submit other solutions to the "problem" of the 
nuclear-enabled terrorist than key escrow devices, but they would not admit 
into discussion the argument that  such a threat might, in fact, be some 
kind of phantasm created by the spooks to ensure their lavish budgets into 
the post-Cold War era.

As to the possibility that good old-fashioned investigative techniques 
might be more valuable in preventing their show-case catastrophe (as it was 
after the fact in finding the alleged perpetrators of the last attack on 
the World Trade Center), they  just hunkered down and said that when 
wiretaps were necessary, they were damned well necessary.

When I asked about the business that American companies lose because of 
their inability to export good encryption products, one staffer essentially 
dismissed the market, saying that total world trade in crypto goods was 
still less than a billion  dollars. (Well, right. Thanks more to the 
diligent efforts of the National Security Agency than to dim sales 
potential.)

I suggested that a more immediate and costly real-world effect of their 
policies would be to reduce national security by isolating American 
commerce, owing to a lack of international confidence in the security of 
our data lines. I said that Bruce  Sterling's fictional data-enclaves in 
places like the Turks and Caicos Islands were starting to look real-world 
inevitable.

They had a couple of answers to this, one unsatisfying and the other scary. 
The unsatisfying answer was that the international banking community could 
just go on using DES, which still seemed robust enough to them. (DES is the 
old federal Data  Encryption Standard, thought by most cryptologists to be 
nearing the end of its credibility.)

More frightening was their willingness to counter the data-enclave future 
with one in which no data channels anywhere would be secure from 
examination by one government or another. Pointing to unnamed other 
countries that were developing their own  mandatory standards and 
restrictions regarding cryptography, they said words to the effect of, 
"Hey, it's not like you can't outlaw the stuff. Look at France."

Of course, they have also said repeatedly - and for now I believe them - 
that they have absolutely no plans to outlaw non-Clipper crypto in the US. 
But that doesn't mean that such plans wouldn't develop in the presence of 
some pending "emergency."  Then there is that White House briefing 
document, issued at the time Clipper was first announced, which asserts 
that no US citizen "as a matter of right, is entitled to an unbreakable 
commercial encryption product."

Now why, if it's an ability they have no intention of contesting, do they 
feel compelled to declare that it's not a right? Could it be that they are 
preparing us for the laws they'll pass after some bearded fanatic has 
gotten himself a surplus nuke  and used something besides Clipper to 
conceal his plans for it?

If they are thinking about such an eventuality, we should be doing so as 
well. How will we respond? I believe there is a strong, though currently 
untested, argument that outlawing unregulated crypto would violate the 
First Amendment, which surely  protects the manner of our speech as clearly 
as it protects the content.

But of course the First Amendment is, like the rest of the Constitution, 
only as good as the government's willingness to uphold it. And they are, as 
I say, in the mood to protect our safety over our liberty.

This is not a mind-frame against which any argument is going to be very 
effective. And it appeared that they had already heard and rejected every 
argument I could possibly offer.

In fact, when I drew what I thought was an original comparison between 
their stand against naturally proliferating crypto and the folly of King 
Canute (who placed his throne on the beach and commanded the tide to leave 
him dry), my government  opposition looked pained and said he had heard 
that one almost as often as jokes about roadkill on the information 
superhighway.

I hate to go to war with them. War is always nastier among friends. 
Furthermore, unless they've decided to let the National Security Agency 
design the rest of the National Information Infrastructure as well, we need 
to go on working closely with  them on the whole range of issues like 
access, competition, workplace privacy, common carriage, intellectual 
property, and such. Besides, the proliferation of strong crypto will 
probably happen eventually no matter what they do.

But then again, it might not. In which case we could shortly find ourselves 
under a government that would have the automated ability to log the time, 
origin and recipient of every call we made, could track our physical 
whereabouts continuously,  could keep better account of our financial 
transactions than we do, and all without a warrant. Talk about crime 
prevention!

Worse, under some vaguely defined and surely mutable "legal authority," 
they also would be able to listen to our calls and read our e-mail without 
having to do any backyard rewiring. They wouldn't need any permission at 
all to monitor overseas calls.

If there's going to be a fight, I'd rather it be with this government than 
the one we'd likely face on that hard day.

Hey, I've never been a paranoid before. It's always seemed to me that most 
governments are too incompetent to keep a good plot strung together all the 
way from coffee break to quitting time. But I am now very nervous about the 
government of the  United States of America.

Because Bill 'n' Al, whatever their other new-paradigm virtues, have 
allowed the very old-paradigm trogs of the Guardian Class to define as 
their highest duty the defense of America against an enemy that exists 
primarily in the imagination - and is  therefore capable of anything.

To assure absolute safety against such an enemy, there is no limit to the 
liberties we will eventually be asked to sacrifice. And, with a Clipper 
Chip in every phone, there will certainly be no technical limit on their 
ability to enforce those  sacrifices.


WHAT YOU CAN DO

GET CONGRESS TO LIFT THE CRYPTO EMBARGO

The administration is trying to impose Clipper on us by manipulating market 
forces. By purchasing massive numbers of Clipper devices, they intend to 
induce an economy of scale which will make them cheap while the export 
embargo renders all  competition either expensive or nonexistent.

We have to use the market to fight back. While it's unlikely that they'll 
back down on Clipper deployment, the Electronic Frontier Foundation 
believes that with sufficient public involvement, we can get Congress to 
eliminate the export embargo.

Rep. Maria Cantwell, D-Washington, has a bill (H.R. 3627) before the 
Economic Policy, Trade, and Environment Subcommittee of the House Committee 
on Foreign Affairs that would do exactly that. She will need a lot of help 
from the public. They may not  care much about your privacy in DC, but they 
still care about your vote.

Please signal your support of H.R. 3627, either by writing her directly or 
e-mailing her at cantwell at eff.org. Messages sent to that address will be 
printed out and delivered to her office. In the subject header of your 
message, please include the  words "support HR 3627." In the body of your 
message, express your reasons for supporting the bill. You may also express 
your sentiments to Rep. Lee Hamilton, D-Indiana, the House Committee on 
Foreign Affairs chair, by e-mailing hamilton at eff.org.

Furthermore, since there is nothing quite as powerful as a letter from a 
constituent, you should check the following list of subcommittee and 
committee members to see if your congressional representative is among 
them. If so, please copy them your  letter to Rep. Cantwell.

> Economic Policy, Trade, and Environment Subcommittee:

Democrats: Sam Gejdenson (Chair), D-Connecticut; James Oberstar, D-
Minnesota; Cynthia McKinney, D-Georgia; Maria Cantwell, D-Washington; Eric 
Fingerhut, D-Ohio; Albert R. Wynn, D-Maryland; Harry Johnston, D-Florida; 
Eliot Engel, D-New York; Charles Schumer, D-New York.

Republicans: Toby Roth (ranking), R-Wisconsin; Donald Manzullo, R-Illinois; 
Doug Bereuter, R-Nebraska; Jan Meyers, R-Kansas; Cass Ballenger, R-North 
Carolina; Dana Rohrabacher, R-California.

> House Committee on Foreign Affairs:

Democrats: Lee Hamilton (Chair), D-Indiana; Tom Lantos, D-California; 
Robert Torricelli, D-New Jersey; Howard Berman, D-California; Gary 
Ackerman, D-New York; Eni Faleomavaega, D-Somoa; Matthew Martinez, D-
California; Robert Borski, D-Pennsylvania;  Donal Payne, D-New Jersey; 
Robert Andrews, D-New Jersey; Robert Menendez, D-New Jersey; Sherrod Brown, 
D-Ohio; Alcee Hastings, D-Florida; Peter Deutsch, D-Florida; Don Edwards, 
D-California; Frank McCloskey, D-Indiana; Thomas Sawyer, D-Ohio; Luis  
Gutierrez, D-Illinois.

Republicans: Benjamin Gilman (ranking), R-New York; William Goodling, R-
Pennsylvania; Jim Leach, R-Iowa; Olympia Snowe, R-Maine; Henry Hyde, R-
Illinois; Christopher Smith, R-New Jersey; Dan Burton, R-Indiana; Elton 
Gallegly, R-California; Ileana  Ros-Lehtinen, R-Florida; David Levy, R-New 
York; Lincoln Diaz-Balart, R-Florida; Ed Royce, R-California.


BOYCOTT CLIPPER DEVICES AND THE COMPANIES WHICH MAKE THEM.

Don't buy anything with a Clipper Chip in it. Don't buy any product from a 
company that manufactures devices with Big Brother inside. It is likely 
that the government will ask you to use Clipper for communications with the 
IRS or when doing business  with federal agencies. They cannot, as yet, 
require you to do so. Just say no.


LEARN ABOUT ENCRYPTION AND EXPLAIN THE ISSUES TO YOUR UNWIRED FRIENDS

The administration is banking on the likelihood that this stuff is too 
technically obscure to agitate anyone but nerds like us. Prove them wrong 
by patiently explaining what's going on to all the people you know who have 
never touched a computer and  glaze over at the mention of words like 
"cryptography."

Maybe you glaze over yourself. Don't. It's not that hard. For some hands-on 
experience, download a copy of PGP - Pretty Good Privacy - a shareware 
encryption engine which uses the robust RSA encryption algorithm. And learn 
to use it.


GET YOUR COMPANY TO THINK ABOUT EMBEDDING REAL CRYPTOGRAPHY IN ITS PRODUCTS

If you work for a company that makes software, computer hardware, or any 
kind of communications device, work from within to get them to incorporate 
RSA or some other strong encryption scheme into their products. If they say 
that they are afraid to  violate the export embargo, ask them to consider 
manufacturing such products overseas and importing them back into the 
United States. There appears to be no law against that. Yet.

You might also lobby your company to join the Digital Privacy and Security 
Working Group, a coalition of companies and public interest groups - 
including IBM, Apple, Sun, Microsoft, and, interestingly, Clipper phone 
manufacturer AT&T - that is  working to get the embargo lifted.


ENLIST!

Self-serving as it sounds coming from me, you can do a lot to help by 
becoming a member of one of these organizations. In addition to giving you 
access to the latest information on this subject, every additional member 
strengthens our credibility  with Congress.

> Join the Electronic Frontier Foundation by writing membership at eff.org.

> Join Computer Professionals for Social Responsibility by e-mailing 
cpsr.info at cpsr

.org. CPSR is also organizing a protest, to which you can lend your support 
by sending e-mail to clipper.petition at cpsr.org with "I oppose Clipper" in 
the message body. Ftp/gopher/WAIS to cpsr.org /cpsr/privacy/

crypto/clipper for more info.


In his LA speech, Gore called the development of the NII "a revolution." 
And it is a revolutionary war we are engaged in here. Clipper is a last 
ditch attempt by the United States, the last great power from the old 
Industrial Era, to establish  imperial control over cyberspace. If they 
win, the most liberating development in the history of humankind could 
become, instead, the surveillance system which will monitor our 
grandchildren's morality. We can be better ancestors than that.

San Francisco, California

Wednesday, February 9, 1994

                                   * * *

John Perry Barlow (barlow at eff.org) is co-founder and Vice-Chairman of the 
Electronic Frontier Foundation, a group which defends liberty, both in 
Cyberspace and the Physical World. He has three daughters.


=-=-=-=-=-=-=-=-=-=-=-=WIRED Online Copyright Notice=-=-=-=-=-=-=-=-=-=-=-=

           Copyright 1993,4 Wired USA Ltd.  All rights reserved.

  This article may be redistributed provided that the article and this 
  notice remain intact. This article may not under any circumstances
  be resold or redistributed for compensation of any kind without prior 
  written permission from Wired Ventures, Ltd.

  If you have any questions about these terms, or would like information
  about licensing materials from WIRED Online, please contact us via 
  telephone (+1 (415) 904 0660) or email (info at wired.com).

       WIRED and WIRED Online are trademarks of Wired Ventures, Ltd.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=





From dthiery at ddt.eng.UC.EDU  Thu Feb 17 09:35:43 1994
From: dthiery at ddt.eng.UC.EDU (David Thiery)
Date: Thu, 17 Feb 94 09:35:43 PST
Subject: unsubscribe
Message-ID: <199402171702.MAA07140@ddt.eng.UC.EDU>


please unsubscribe me...didn't realize how much there acutally was!

dthiery at ddt.eng.uc.edu




From hughes at ah.com  Thu Feb 17 09:50:43 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 17 Feb 94 09:50:43 PST
Subject: Well known ports and name service
In-Reply-To: <9402171652.AA00789@igi.psc.edu>
Message-ID: <9402171745.AA02945@ah.com>


>  Usenet is
>  a public space.  Sure, people have attempted to moderate parts of it, but
>  all they've really done is split off from the public space to form private
>  spaces which have restrictive policies on content.  

Any forum which captures the desirable qualities of a public space
will therefore have to restrict content in some way.  The trick is not
to restrict content too much, and to make sure the restrictions cut
broadly across opinion boundaries.

>  First of all, I'd like to see remailer servers running on a well-known
>  port.  That way, anyone could stick up a remailer, provided they had
>  access to a C compiler.  

The problem with a well known port is that it restricts remailers to
one per machine.  Then in fact only one person per machine could set
up a remailer.  This does make a difference, because the sysadmin is
not the only one technically able to monitor the remailer; its
operator is also able.

A pseudonymous service, like a pseudonymous person, should not need to
be linked to any particular machine except during an actual
transaction.  If I have a pseudonym, I can post from anywhere and my
identity is communicated by a signature.  Likewise should a
pseudonymous service be able to hop from machine to machine.

The techniques of location-independent computing, developed for radio
links, can be applied here.

What we need is a name service which has public keys as identities and
which can map virtual and pseudonymous services to various
combinations of IP address, port number, and protocols.  In the
decentralized spirit, this name service should not have a root.
Someone Saturday mentioned that there was a paper from some Plan 9
folk about rootlessness; pointers will be welcome.

Eric






From lefty at apple.com  Thu Feb 17 09:55:24 1994
From: lefty at apple.com (Lefty)
Date: Thu, 17 Feb 94 09:55:24 PST
Subject: Detweiler abuse again
Message-ID: <9402171737.AA24752@internal.apple.com>


Jon 'iain' Boone asks:
>
>  What ever happened to "I hate what you say, but I will fight to the death
>  for your right to say it?"

Sigh.

Subscribing to this sentiment does not, in any way, shape or form, require
one to start handing out podia and bullhorns to anyone who has an opinion
to express.

Put it this way: I own a Macintosh, a copy of PageMaker and a laser
printer.  Should I let anyone who wants to use _my_ equipment to produce a
newsletter?  In particular, should I allow a person whose views I consider
to be heinous and reprehensible to use _my_ equipment to produce a
newsletter espousing those views?

To me, the obvious answer is "Of course not".

Does this mean that I'm censoring that person?  Does it make me an opponent
of "free speech"?  No, and no.

I will certainly defend his right to produce a newsletter.  I will
certainly defend his right to buy, and use, _his_ _own_ equipment to
produce a newsletter espousing whatever opinions he likes.

People, _please_ learn what "censorship" is!  If I submit a manuscript to
Addison Wesley, and they return it to me with a rejection note, _that_
_does_ _not_ _constitute_ _censorship_.  I am perfectly free to submit it
to other publishers, or to publish it myself.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From mg5n+ at andrew.cmu.edu  Thu Feb 17 10:00:43 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Thu, 17 Feb 94 10:00:43 PST
Subject: The L. D. persona...
In-Reply-To: <9402170357.AA29878@runner.utsa.edu>
Message-ID: <QhMuy2q00awJB7elAO@andrew.cmu.edu>


> The other day, I noticed that MacPGP seemed
> to give credit to a person with the initials
> L. D.  
>
> He certainly seems unpopular...was he at one
> time a more positive force?  Or is this a
> dumb question on my part?

Yeah, it's him.  A couple years ago he was a nice guy.  For some reason
he got upset with a few people on cypherpunks (to this day I don't know
why), and ever since then he has been posting and sending them flames,
mailbombs, and harassing them in other ways.  Detweiler is a smart guy
with some sort of strange psycological problems.  Maybe he is on drugs
or something.  I don't know.  The things he does just don't make any
sense.





From hughes at ah.com  Thu Feb 17 10:10:45 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 17 Feb 94 10:10:45 PST
Subject: Detweiler abuse again
In-Reply-To: <9402171737.AA24752@internal.apple.com>
Message-ID: <9402171807.AA03010@ah.com>


>Jon 'iain' Boone asks:
>>  What ever happened to "I hate what you say, but I will fight to the death
>>  for your right to say it?"

Lefty:
>Subscribing to this sentiment does not, in any way, shape or form, require
>one to start handing out podia and bullhorns to anyone who has an opinion
>to express.

Jon, as I see it, understands this perfectly well.  Jon is urging
people to hand out bullhorns, not mandating that they do.

The distinction is between persuasion and coercion.

Eric





From 68954 at brahms.udel.edu  Thu Feb 17 11:00:46 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Thu, 17 Feb 94 11:00:46 PST
Subject: East Europ{ean view on Clipper
In-Reply-To: <9402171418.AA00533@anon.penet.fi>
Message-ID: <Pine.3.89.9402171335.A10440-0100000@brahms.udel.edu>




	Call me sentimental, but it's great to see things from the 
perspective of other nations etc.. Something we couldnt do without the 
net, cause otherwise it was filtered thru the media. Hmm, I myself find 
it kinda inspiring.  I mean it's just gosh darn neat.

	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From a-ophirr at microsoft.com  Thu Feb 17 11:15:26 1994
From: a-ophirr at microsoft.com (Ophir Ronen (RHO))
Date: Thu, 17 Feb 94 11:15:26 PST
Subject: ATM ftp?
Message-ID: <9402171913.AA10824@netmail2.microsoft.com>


<faint shimmering gradually solidifying into...>

Me.

Well friends and neighbors, due to the high demand for the ATM tutorial, who
has an anonymous ftp site that I can put the text file into? Enclosed is my
public key for anyone that needs it.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCNAi1iOIYAAAEEAOXOAx5F0UOp24wwEZTKBfGDSRPO+DbVsKGr8B/8Kic4zsQE
nJiAS95NHIEvFSBhndztgZVYWPCqrh6rlMlzjIC/LM28JLvAouswlPhZLOM7uR5C
SUQRVzeOckpu5OMwC5SRwpaBOYkJ/m2Tb0huASiZBk7X1nrmZI/5gSeVVP8FAAUR
tCRPcGhpciBSb25lbiA8YS1vcGhpcnJAbWljcm9zb2Z0LmNvbT4=
=ymZt
-----END PGP PUBLIC KEY BLOCK-----

			<solid form dissolving into shimmering flecks of light>

					-Ophir

						o)

Ophir Ronen <a-ophirr at microsoft.com>
KeyID  1024/54FF05 1994/02/16
Key fingerprint =  EA BF 5C 85 F6 C3 A7 8E  AA 48 2A AC B9 BC 4B D2
"So long and thanks for all the phish"






From jim at bilbo.suite.com  Thu Feb 17 11:15:50 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 17 Feb 94 11:15:50 PST
Subject: Detweiler blocking
Message-ID: <9402171908.AA23632@bilbo.suite.com>



Perry E. Metzger wrote:

> No one has proposed censoring his Usenet postings. What
> people have proposed is that they deny him the use of the
> remailers that they set up on their hardware. This is very
> different. Its the difference between saying
> "Detweiler can't live" and "Detweiler can't live IN MY
> LIVING ROOM". Its the difference between saying "I
> advocate the right of people to discuss any topic they
> want" and saying "I adovacate the right of people to
> discuss any topic they want IN MY BEDROOM AT FOUR AM WHILE
> I'M TRYING TO SLEEP." 

> 


I've seen this analogy before and I think it is a poor analogy and  
should not be used.  I don't mean for this to be a flame, just a  
comment.  The problem with this analogy is that you are comparing a  
publicly available service that is being abused with a private  
residence that is being abused.

It is the difference between "Everybody can use this remailer except  
Detweiler" and "Nobody is allowed to shout in my bedroom at 4 AM, and  
that includes Detweiler".  Do you see the difference.  The analogy is  
comparing a service with a non-service.

Since remailers are services, the analogies used to discuss them  
should compare remailers with other services.  For example:

"Detweiler is a disruptive client and I am within my rights to  
prevent him from using my service."

Right now, remailer services are free, and that generates the  
impression in some that they are public resources that *must* be  
available to all.  If remailers charged even a small amount for their  
service, it might make it easier to justify denying service to  
specific individuals.  It's not logical, but people are seldom  
persuaded by logic alone.


> I see nothing wrong with remailer operators taking steps
> to prevent Detweiler from using their equipment against
> their will. This is not censorship. Mr. Detweiler is
> still free to use Usenet any way he sees fit. It is simp
y
> the act of saying "Mr. Detweiler can't use MY REMAILER any
> way he sees fit."
> 

>  Perry  

> 


>From this I can see that you agree that remailer operators should be  
able to refuse specific users, when possible.  My point with this  
post is to recommend abandoning the "bedroom" analogy.

Jim_Miller at suite.com





From R.O.Jackson-SE1 at computer-science.birmingham.ac.uk  Thu Feb 17 11:20:47 1994
From: R.O.Jackson-SE1 at computer-science.birmingham.ac.uk (R.O.Jackson-SE1 at computer-science.birmingham.ac.uk)
Date: Thu, 17 Feb 94 11:20:47 PST
Subject: UNSUBSCRIBing ...
Message-ID: <4971.9402171840@roo.cs.bham.ac.uk>


> From: William Thompson <billy at EDU.Berkeley.ocf>
> Subject: unsubscribe
> To: cypherpunks at com.toad
> Sender: owner-cypherpunks at com.toad
> 
> please unsubscribe me.
> 

> From: Tom Cropper <tomc at org.satelnet.sefl>
> Subject: unsubscribe
> To: cypherpunks at com.toad
> Sender: owner-cypherpunks at com.toad
> 
> unsubscribe
> 

Could someone remind me if there is a special address to mail to get
of this list, or is it just that requests take time to be processed ?






From boone at psc.edu  Thu Feb 17 11:45:48 1994
From: boone at psc.edu (Jon 'Iain' Boone)
Date: Thu, 17 Feb 94 11:45:48 PST
Subject: Well known ports and name service
In-Reply-To: <9402171745.AA02945@ah.com>
Message-ID: <9402171945.AA02262@igi.psc.edu>



hughes at ah.com (Eric Hughes)  writes:
>
> Any forum which captures the desirable qualities of a public space
> will therefore have to restrict content in some way.  The trick is not
> to restrict content too much, and to make sure the restrictions cut
> broadly across opinion boundaries.

  Agreed.

> >  First of all, I'd like to see remailer servers running on a well-known
> >  port.  That way, anyone could stick up a remailer, provided they had
> >  access to a C compiler.  
> 
> The problem with a well known port is that it restricts remailers to
> one per machine.  Then in fact only one person per machine could set
> up a remailer.  This does make a difference, because the sysadmin is
> not the only one technically able to monitor the remailer; its
> operator is also able.

  Yes, that is a problem.   

> A pseudonymous service, like a pseudonymous person, should not need to
> be linked to any particular machine except during an actual
> transaction.  If I have a pseudonym, I can post from anywhere and my
> identity is communicated by a signature.  Likewise should a
> pseudonymous service be able to hop from machine to machine.
> 
> The techniques of location-independent computing, developed for radio
> links, can be applied here.
> 
> What we need is a name service which has public keys as identities and
> which can map virtual and pseudonymous services to various
> combinations of IP address, port number, and protocols.  In the
> decentralized spirit, this name service should not have a root.
> Someone Saturday mentioned that there was a paper from some Plan 9
> folk about rootlessness; pointers will be welcome.

  Actually, the Mobile IP working group of the IETF is busy defining a 
  system of proxy agents which will accept packets for mobile machines
  and then forward them on to the proper destination.  Something like
  this would be useful for anonymous remailers.  

  Imagine a scheme whereby a "core" of these agents were available on well
  known ports of established machines.  When you start up your remailer,
  it registers with the core agents and does it delivery.  It can then 
  move to another machine.  A lack of a "keepalive" packet every n seconds
  would indicate that the remailer had gone down and it would be purged from
  the records.  

 Jon Boone | PSC Networking | boone at psc.edu | (412) 268-6959 | PGP Key # B75699
 PGP Public Key fingerprint =  23 59 EC 91 47 A6 E3 92  9E A8 96 6A D9 27 C9 6C





From pmetzger at lehman.com  Thu Feb 17 11:55:28 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 17 Feb 94 11:55:28 PST
Subject: UNSUBSCRIBing ...
In-Reply-To: <4971.9402171840@roo.cs.bham.ac.uk>
Message-ID: <9402171936.AA12664@andria.lehman.com>



R.O.Jackson-SE1 at computer-science.birmingham.ac.uk says:
> Could someone remind me if there is a special address to mail to get
> of this list, or is it just that requests take time to be processed ?

Unsubscribe requests should be sent to cypherpunks-request at toad.com.
One should expect that requests will take quite a while (over a week)
to get processed. One should not expect faster service by posting to
the whole list.

.pm





From warlord at MIT.EDU  Thu Feb 17 12:05:26 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 17 Feb 94 12:05:26 PST
Subject: On the Act of UNSUBSCRIBing
In-Reply-To: <4971.9402171840@roo.cs.bham.ac.uk>
Message-ID: <9402172004.AA00884@toxicwaste.media.mit.edu>


PLEASE READ!  (sorry to shout)

All subscription requests should be sent to cypherpunks-request at toad.com
This is an address that is personally handled, by hand, by Eric Hughes
(thank you, Eric :-)  I may take upwards of a week for Eric to process
request, as he is a busy man (boy, do I know the feeling).

If you want more information, I suggest you go reread RFC's 1325 and
1396, as well as FYI 17 about mailing lists.  These are available via
anonymous ftp from venera.isi.edu:/in-notes

Thank you!

-derek






From pmn at cnj.digex.com  Thu Feb 17 12:30:50 1994
From: pmn at cnj.digex.com (Peter Nestor)
Date: Thu, 17 Feb 94 12:30:50 PST
Subject: Goodbye, Xenon
Message-ID: <199402172026.AA23870@cnj.digex.com>


Goodbye Xenon!

Some parting thoughts:

(1) Stealth PGP -- while the idea is laudable, the "thousand year technology"
    won't last as long as the "thousand year reich" in the proposed
    implementation.  Steganographically hiding messages in "noisy" channels
    like JPEG files is easily thwarted by the powers that be.  They merely
    need identify those channels, intercept them, and retransmit the noisy
    data with their own random noise added, effectively jamming the channel.

(2) Anonymous Remailers -- This world is made up of many different
    types of people, including tight-assed control freaks.
    If they want to carve out a little nook of cyberspace and control it,
    why shouldn't theybe able to?  Why shouldn't they have their privacy there
    too, and be allowed to dictate who can and cannot come in?

    Its all very well to tell them they need locks; but unless and until it
    is easier for them to install those locks than to raise hell, they
    will solve the problem of inappropriate posting by raising hell.






From tcmay at netcom.com  Thu Feb 17 12:35:27 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 17 Feb 94 12:35:27 PST
Subject: The Sociology of UNSUBSCRIBING
In-Reply-To: <9402172004.AA00884@toxicwaste.media.mit.edu>
Message-ID: <199402172033.MAA24851@mail.netcom.com>


About half a dozen messages like this one are posted here every week:

> PLEASE READ!  (sorry to shout)
> 
> All subscription requests should be sent to cypherpunks-request at toad.com


Despite this, every day there are several "Unsubscribe me, NOW!"
messages, with various degrees of politeness.

Folks, I am not going to repeat the instructions again. This is
becuase of the following conclusions I have reached:

1. The list is divided into two basic classes of readers: those who
read some or all of the messages, and those who skip most articles and
don't pay attention to what they read.

2. Those who read many of the messages then see these instructions
over and over again.

3. Those who don't read the messages, don't see or understand or have
a general clue about the instructions.

4. It is usually these folks who want off the list urgently. As others
have noted so many times, they have no clue as the general netiquette
for getting on and off lists (apparently even forgetting that they got
ON the list by sending a request to "cypherpunks-request at toad.com").

MAJOR CONCLUSION: All of the "helpful" instructions, including this
very message, are useless, as the folks who need to receive them are
demonstrably not bothering to receive them.

Draw your own conclusions.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From hughes at ah.com  Thu Feb 17 12:45:27 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 17 Feb 94 12:45:27 PST
Subject: MONEY: cryptocash is transaction money
Message-ID: <9402172041.AA03491@ah.com>


I've been getting questions about digital money lately which indicate
a basic misunderstanding of its most important feature.  Crypto cash
is a way of moving money, not a way of holding money.

Crypto cash is like a check or a note rather than like the dollar,
franc, or mark.  Crypto cash is a way of increasing one person's
balance and decreasing someone else's balance.  

Since it's not a currency, it's not sensible to talk about its
exchange rates.  Digital money can be denominated in any currency you
like, so long as you have a bank or other financial institution to
handle it for you.

This is only an obvious distinction if you already know it.  "Money"
is such an overloaded word that it's easy to get confused.

If this isn't clear, _please_ let me clarify.  If you don't get this,
none of the rest of the digital money discourse will be
understandable.

Eric





From 75260.1646 at CompuServe.COM  Thu Feb 17 12:50:52 1994
From: 75260.1646 at CompuServe.COM (Bruce C. Dovala)
Date: Thu, 17 Feb 94 12:50:52 PST
Subject: Enuf is enuf!
Message-ID: <940217204022_75260.1646_CHL81-1@CompuServe.COM>



Hi all!

I _pay_ to read what's on this list. I was hoping that it would concern
cryptography, remailers, etc. Detweiler was gone for a time. Now
apparently it's the current fashion to flame him since he's returned. I'm
not gonna pay to read rants against him. Do _something_ or talk in
private. Does any of this shit belong on the list? And should I have to
pay for it?

I _know_ there are good minds out there, but why do I get all of these
flames? Not quite what I was expecting. If you wanna talk crypto, post
here. If you wanna beat Detweiler into the ground, please do it in private
email! I _really_ don't care to hear attacks on another person. (Like
that's why I subscribe? NOT!)

Bruce






From CCGARY at MIZZOU1.missouri.edu  Thu Feb 17 13:05:27 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Thu, 17 Feb 94 13:05:27 PST
Subject: STEALTH OCEANS
Message-ID: <9402172103.AA05967@toad.com>


note: This letter is composed of 2 different ideas: FIRST GREAT IDEA
& SECOND GREAT IDEA.

   Firstly, congratulations to the cypherpunks that are realizing that
strong civilian crypt needs "stealth". For some time I have thought
that a crypt file with a crypt header on it was like saying "yes, I
am in contempt for refusing to give a password" or "yes, I do require
surveillance". A crypt file should look like random bits.

   The only problem is that files of random bits are not usual & might
look a little suspicious. The cypherpunk needs to be able to deny
having crypt files even if he is found with random bite files.

   So how do we do that? Then an idea came into my head! Why not make
random bit files rather popular? Then, we would be like stealth fish
swimming in stealth oceans. So, how do we make these files popular?

   Some may find the following ideas foolish. Others may find them
unethical. Still others may find them both foolish & unethical.


  1. Write a "wipe" program & put it in the public domain. The wipe
program uses md-5 to generate random numbers over the user file & then
delete the file. A very nice wipe program. However a bug is put into
the program: a random number generator is used to decide that in a
small number of cases, the new random number file is not deleted!
This would leave around a lot of random number files if the program
were to become popular.

  2. Modify existing programs to generate random number files on
occasion. Programs to be found on boards; loose diskettes; etc..

  3. Viruses that generate small numbers of random number files per
disk partition or diskette.

  4. send random files anonymously over the internet.

  5. think up some of your own.

note: in all the above, the file lengths should vary randomly & should
be well tuned to avoid extremes.

SECOND GREAT IDEA  (self extracting encrypt/decrypt programs)
 (when an encryption program is itself an embarrassment.)

   A self extracting encrypt/decrypt program. That is,like, change
PGP so that it looks like a random number file. But with a few cycles
would start to unravel itself. Suggestion: 2 "random Number" files
that when XOR'ed yields PGP. Probably nothing quite this bare bones
& simple. Although something this simple could save your ass if your
interrogators were technically unsophisticated, lazy, short of time
or short of investigation funds. To do this very nicely would mean
some tricky programming & would make the reputation of the programmer/
cypherpunk who did it.

IMPORTANT NOTE: I am not a lawyer & do not know the law. In no case do
I advocate breaking any law. I see that great idea first may be of
questionable legal value. The cypherpunk is urged to consult with
local, state, & federal authorities before pursuing these suggestions.
Admittedly, that idea could also just be dumb & improper. Think about it.

 I heap big blessings on the heads of my fellow cypherpunks.

                                                Yours truly,
                                                Gary Jeffers





From ecarp at netcom.com  Thu Feb 17 13:30:51 1994
From: ecarp at netcom.com (Ed Carp)
Date: Thu, 17 Feb 94 13:30:51 PST
Subject: Enuf is enuf!
In-Reply-To: <940217204022_75260.1646_CHL81-1@CompuServe.COM>
Message-ID: <199402172128.NAA09689@mail.netcom.com>


> I _pay_ to read what's on this list. I was hoping that it would concern

Then I would humbly suggest that you drop whatever service provider is
ripping you off by charging you for connect time, per-message, etc. and go
with someone like Netcom, who charges a flat fee per month.  Why pay for
Compu$erve?  It's one of the most expensive around. 

I pay to read what's on this list, too - but like Tim May and others, I
got wise a while back and got an account with a service provider who
charges me a flat fee for access.  I would *never* use a service much that
charged me per-hour - there are just too many out there who won't. 

Yes, I, too have a Compuserve account - I use it for about 10 minutes a
month, usually for figuring out airline schedules and surfing Newsgrid.
I've got this nifty expect(1) script gizmo that dials up Compu$erve, sucks
off mail and Newsgrid, then drops the connection.  I pay about $7 a month
or so.  I use Netcom for everything else, and I usually rack up around 4
hours a day on Netcom.  I *still* only pay $18/month. 





From talon57 at well.sf.ca.us  Thu Feb 17 13:35:28 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Thu, 17 Feb 94 13:35:28 PST
Subject: Dos Stego
Message-ID: <199402172133.NAA15322@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----

Bruce C Dovala asks:
 

   Does anyone know of a Stego program for Dos?


 Well, the only Stego program I've seen other than Mistress
Romana's for the Mac is by Black Wolf, here's the readme file;



              Black Wolf's Picture Encoder (for 320x200x256       
              ONLY!!!!)

                              Version 0.90a

                     Released into the Public Domain

                     All Code Written By Black Wolf

Disclaimer:  This program is hereby released into the public
domain.  I take no responsibilities for any damages it might cause.

Use it at your own risk.

Description:  This picture encoder consists of a group of programs
designed to let you capture a picture, encode a message in it, and
display it so that it may be captured again into another format
with a third-party program, then recapture it and decode the
message previously place inside it.  It is at a bare-bones stage
right now, and includes source code if you would like to tailor it
to your own needs.

Uses:  If you have a need to send sensitive data, but don't want it
to be obvious that that is what you are doing, this might be a good
program for you.  The sender can encode anything he/she wants into
the picture and then convert it to .GIF format, .PCX format, or
whatever (using a third part program).  Not many people will look
twice if you receive a picture, whereas an encrypted message might
raise an eyebrow or two.  Then, the receiver is free to decode it
at will.  Anything under about 8k can be recorded into one picture
- - important letters, lists, small programs (viruses), or just 
about anything else.  If you are sending text, my recommendation is
to encrypt with via PGP or some similar program, then encode it
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Ya gotta love this
guy!
into the picture for added security.

Tech:  The programs encodes data into the LSB's (least significant
bits) of the picture file - thus, roughly 50% of the colors are
changed, but if they are it is only by one pallette value (0-255). 
If the picture's pallette is based on gradients, then this will
most likely be undetectable.  Also - ENCODE will put an EOF at the
end of the message, so that while there will be garbage at the end
of the decoded message it will not be displayed if the
file is opened with edit or typed, etc....

The files are as follows:
GETSCR - Captures a picture into MESSAGE.SCR when you press
PRINTSCREEN while in graphics mode 13h (320x200x256).

PUTSCR - Puts the picture in MESSAGE.SCR onto the screen, generally

         so that it may be re-captured into another program.

ENCODE - Encodes the data in the file MESSAGE.DAT into the picture
         in MESSAGE.SCR.

DECODE - Decode the message in the picture MESSAGE.SCR and puts it 
         into NEWMESS.DAT.

Example:  Say you want to send text to someone, but you don't want
it to  "appear" that way to anyone who may intercept the message. 
First, what you'd want to do is find a picture file (like a GIF). 
Then, run GETSCR and pop the picture up into any picture viewer. 
While the picture is on the screen, hit PRINTSCREEN and GETSCR will
create a file called MESSAGE.SCR for you containing that picture. 
Then, write your message and save it as MESSAGE.DAT.  Run ENCODE -
this will take your message and encode it into the picture file. 
At this point, you need to find a third-party screen capture
program that wil work with the format that you wish to use.
Run it to make it go memory resident, then run PUTSCR and capture
the picture it puts onto the screen.  Now you can send the picture
to your friend.
     
     When he receives it, he can display it, showing that it is,
indeed, just a picture file.  When he wants to decode it, all he
has to do is run GETSCR and display the file - hitting PRINTSCREEN
while it is displayed. Then, he should run DECODE and it will
create a file called NEWMESS.DAT that includes the message you
originally put into the file.



 I can send this to anyone interested UUencoded, It's about 30k.



Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced comunication is
                  indistinguishable from noise." --Steve Witham
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWPgvdCcBnAsu2t1AQE5zAP9FV1EaJoCJA71LRA5WAmImQG7CrjTo9iW
XgqkdfL4sgNQwk0X+jWTel3P8FGSPgQ9CIjRAH8+LVAeFjnQ1X+7ZN6dijcGm09v
si6zQQzVWqlM2zcQmep4Gl+wUMNvMUoOShaaYvfbiKBksxTgTHYcVRyjBuCND9fE
R02BDtjeDv0=
=F/RU
-----END PGP SIGNATURE-----






From hughes at ah.com  Thu Feb 17 14:00:52 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 17 Feb 94 14:00:52 PST
Subject: SENDMAIL: a tutorial on how to add + to your addressing
Message-ID: <9402172154.AA03752@ah.com>


Here's a little tutorial I just wrote on how to get + syntax in your
email addresses.  It's a more reliable way of inserting aliases into
a remailer than using the comment capability of the address format.

This way mail to, say, hh+joebob at soda.berkeley.edu could get delivered
to whoever was behind the joebob name, by whatever arrangements have
been made.

The document is written in such a way that you can send this to your
sysadmin intact and ask them to install it for you.

Eric
-----------------------------------------------------------------------------


How to add + to your email syntax
---------------------------------

Ever wanted one of those cool <user+ at domain> addresses?  So you can
use <user+loud_mailing_list at domain> and get a filter to easily move
the list out from your regular mail?  Now you can.

This tutorial works if you're running a fairly standard version of
sendmail.  It requires some hacking to sendmail.cf, so you need the
permission to do that; that's usually root.  The modifications are
fairly straightforward.

I.  Add + to the list of operator symbols.

The sendmail 'o' macro determines how to break up strings in
sendmail.cf rules into tokens.  In order to be able to recognize +
specially, you'll have to add to the operator symbols to make it
separately recognizable.

So, first do a 

	% grep -n ^Do sendmail.cf
	116:Do.:%@!^=/[]

Now, go in and edit line 116 and add a + sign at the end:

	Do.:%@!^=/[]+

That's all.  Now sendmail will not include + inside of its tokens.


II.  Duplicate local delivery rules to accept + syntax.

Sendmail is a delivery multiplexer.  You want to change the syntax for
local deilvery, so all you need to change is the local mail
specifications.  First, make sure your local mailer is called 'local'.
You can search for the mailer definition as follows:

	% grep ^Mlocal sendmail.cf
	Mlocal,	P=/usr/libexec/mail.local, F=lsDFMmn, [...]

I've elided the tail end of the line, because all you really need to
ascertain is that the local mailer has the right name.

Now you want to search for all the delivery rules that deliver mail to
the local mailer:

	% grep -n '#local' sendmail.cf
	563:R$-<@$w>		$#local$:$1
	585:R$-<@$D>		$#local$:$1			user at ah.com
	614:R$+			$#local$:$1			everything else

I have three rules for local delivery.  (The second one is custom, and
allows for delivery to a domain address for which no IP address
exists.)  All you do now is to add a rule for '+' delivery for each
kind of existing local delivery.  After I changed mine, it said:

	% grep -n '#local' sendmail.cf
	563:R$-<@$w>		$#local$:$1
	564:R$-+$*<@$w>		$#local$:$1
	586:R$-<@$D>		$#local$:$1			user at ah.com
	587:R$-+$*<@$D>		$#local$:$1			user at ah.com
	616:R$-+$*		$#local$:$1			everything else
	617:R$+			$#local$:$1			everything else

Rules that matched "$-", a single token, I changed to match "$-+$*", a
single token followed by "+" followed by zero or more tokens.

Rules that matched "$+", one or more tokens, I changed to match
"$-+$*", same as above.  I added the changed rule _before_ the
original rule because otherwise the $+ would swallow up everything.

The $1 in the second column refers to the first macro to match in the
pattern in column one.  That's the username the mail gets to delivered
to.  If you have more complicated usernames, you're likely already a
seasoned sendmail trooper.


III.  Install and Test

You should probably increment the version number when you make the
change.  It's in the 'Z' macro, do

	% grep -n ^DZ sendmail.cf
	104:DZ2.06

Freeze the sendmail configuration with

	sendmail -bz

otherwise your changes won't take effect.  Now send yourself some test
mail and make sure it works.


Eric Hughes
hughes at ah.com
17 February 1994





From tcmay at netcom.com  Thu Feb 17 14:20:50 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 17 Feb 94 14:20:50 PST
Subject: Enuf is enuf!
In-Reply-To: <940217204022_75260.1646_CHL81-1@CompuServe.COM>
Message-ID: <199402172221.OAA09714@mail.netcom.com>


Bruce Dovala writes:

> I _pay_ to read what's on this list. I was hoping that it would concern
> cryptography, remailers, etc. Detweiler was gone for a time. Now
> apparently it's the current fashion to flame him since he's returned. I'm
> not gonna pay to read rants against him. Do _something_ or talk in
> private. Does any of this shit belong on the list? And should I have to
> pay for it?

Hey. like, I pay to read what's on this list, and, like, I'm getting
really tired of fuck-wads ranting about their being too much ranting,
and, like, you know, I'm like not going to take it anymore. Read me?

---end of all-too-common rant---

Explanation of above rant: I'm not singling my colleague Bruce out for
criticism, but this business of people complaining that the List is
straying from what _they_ want to hear about that day is
wrong-headed. Especially stuff about "I pay to read this list and...."

The recent "flames" about Detweiler have been about the extremely
important issues of remailer policy, handling of mailbombs, options
for screening, advisability of screening and blocking, etc. The
discussion has been remarkably free of flames qua flames against poor
Larry himself, as 90% of us take it as a given that he's gone 'round
the bend.

The List talks about what people write about, period.

The current discussion about remailer policy, source screening, pros
and cons of these views, etc., is a whole lot more timely and relevant
than discussing "cryptography," if by cryptography one means the
eights rehashing of DES, the fifteenth debate about sources of random
numbers, or the twenty-third explanation of how PGP works.

Meanwhile, anyone is free to raise new issues. Or even old ones. Those
who want to respond, will. The democratic market in action.

But please don't attempt to "shame" others into not talking about some
subject just because it's not what you want to hear about that day.
Just delete messages you don't want to see. If, for some reason, you
have to pay some outrageous amount per message (as Prodigy and others
have been known to do), then this list is probably not for you.

Or find a better Internet provider.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From pmetzger at lehman.com  Thu Feb 17 14:35:28 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 17 Feb 94 14:35:28 PST
Subject: STEALTH OCEANS
In-Reply-To: <9402172103.AA05967@toad.com>
Message-ID: <9402172230.AA13011@andria.lehman.com>



"Gary Jeffers" says:
>    Firstly, congratulations to the cypherpunks that are realizing that
> strong civilian crypt needs "stealth". For some time I have thought
> that a crypt file with a crypt header on it was like saying "yes, I
> am in contempt for refusing to give a password" or "yes, I do require
> surveillance". A crypt file should look like random bits.

I have said this before, and I will say it again. "Stealth"
cryptography is a bad idea. Security comes from everyone openly using
cryptography all the time. "Stealth" cryptography ideas both imply
that we are doing something wrong (when there is nothing illegal or
wrong about using cryptography) and make cryptography very
inconvenient to use. If I have a truly stealth system it becomes
difficult for me to decrypt my own mail, especially if I have multiple
keys. I can't use MIME headers to tell people how to do automatic
decryption. I can't encapsulate messages inside my messages with MIME.
I'd go on, but I'm sure I'll get flamed at just for saying this.

.pm





From wak at next11.math.pitt.edu  Thu Feb 17 14:50:51 1994
From: wak at next11.math.pitt.edu (walter kehowski)
Date: Thu, 17 Feb 94 14:50:51 PST
Subject: Enuf is enuf!
Message-ID: <9402172247.AA00383@next11.math.pitt.edu>


I use NeXTmail so I just sort (by subject, name, or use the finder) for detweiler  
and put everything involving him in my ---JUNK---.mbox. I trash my  
---JUNK---.mbox periodically. Solves that problem. However, maybe ignoring  
detweiler would be the best thing to do. Walter A. Kehowski  
<wak at next0.math.pitt.edu>





From sdw at meaddata.com  Thu Feb 17 15:10:51 1994
From: sdw at meaddata.com (Stephen Williams)
Date: Thu, 17 Feb 94 15:10:51 PST
Subject: The Sociology of UNSUBSCRIBING
In-Reply-To: <199402172033.MAA24851@mail.netcom.com>
Message-ID: <9402172305.AA23457@jungle.meaddata.com>


> 
> About half a dozen messages like this one are posted here every week:
> 
> > PLEASE READ!  (sorry to shout)
> > 
> > All subscription requests should be sent to cypherpunks-request at toad.com
> 
> 
> Despite this, every day there are several "Unsubscribe me, NOW!"
> messages, with various degrees of politeness.
> 
> Folks, I am not going to repeat the instructions again. This is
> becuase of the following conclusions I have reached:
...

I've seen before, and if I breakdown and write my own software I'm
going to improve on, mailing list software that refuses to send
messages to the list that look suspicious.  Rules like:

<3 lines non-blank body, occurance of remove, me, unsubscribe, help,
subscribe, etc.

These generate a message giving details, and of course you could even
guess what the person wanted.

Looks like a necessary evolution in net software...

I typically try reasonable auto commands for a new mailing list until
I know there's a person there.

sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net sdw at meaddata.com
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together




From JODHC at CUNYVM.CUNY.EDU  Thu Feb 17 15:20:52 1994
From: JODHC at CUNYVM.CUNY.EDU (Joshua Danowitz)
Date: Thu, 17 Feb 94 15:20:52 PST
Subject: Tentacle Contest -- Great!
Message-ID: <9402172320.AA08706@toad.com>


That contest by SQUISH is great!  I think I was laughing halfway through
the first paragraph through to the end!

Can I become a tentacle? 8)

I hope no one takes you TOO seriously --



                                    _____
                   ____......------'-----`------......_____
           -=======================================================-
                       `-----....._________.....-----'
                   ____             \ | /              ____
                  (____)          __/_|_\__           (____)
                    \\_________.-'_.-----._`-._________//
                     `---------`.. `-----' ..'---------'
                                  `~~~~~~~'
    /------------------------------------------------------------------\
    |  If God had wanted us to explore space, he would have given us   |
    |  a moon. -- The Discovery Channel                                |
    |------------------------------------------------------------------|
    |  The world is moving so fast that the man who says 'it can't be  |
    |  is usually interrupted by the man doing it.                     |
    |------------------------------------------------------------------|
    | Joshua Danowitz, Csci Major, Hunter College, City Univ. of NY    |
    | Internet Address -- JODHC at CUNYVM.CUNY.EDU                        |
    | Bitnet Address -- JODHC at CUNYVM.BITNET                            |
    | Snail-Mail Address -- 12 E. 86 St./Apt. 605, New York, NY 10028  |
    \------------------------------------------------------------------/





From eb at mwmax.sr.hp.com  Thu Feb 17 15:30:52 1994
From: eb at mwmax.sr.hp.com (Eric Blossom)
Date: Thu, 17 Feb 94 15:30:52 PST
Subject: Pen recorders and phone records
In-Reply-To: <199402170540.VAA03562@jobe.shell.portal.com>
Message-ID: <9402172326.AA16418@mwmax.sr.hp.com>



> I am confused about the necessity for this if the phone companies routinely
> record this information anyway.  Is this just an archaic and obsolete
> terminology, and what really happens is that the phone company will give
> already-existing phone records to authorized officials?

Hal,  I'm not sure, but a pen register would record all dialing codes
(touch tone), not just those used to make the first leg of the call.
Voicemail, multihop calls, etc come to mind.

Eric Blossom





From jmallin at umich.edu  Thu Feb 17 16:25:29 1994
From: jmallin at umich.edu (Jonathan Scott Mallin)
Date: Thu, 17 Feb 94 16:25:29 PST
Subject: Pen recorders and phone records
In-Reply-To: <9402172326.AA16418@mwmax.sr.hp.com>
Message-ID: <Pine.3.89.9402171950.A24173-0100000@pindar.ccs.itd.umich.edu>


On Thu, 17 Feb 1994, Eric Blossom wrote:
> Hal,  I'm not sure, but a pen register would record all dialing codes
> (touch tone), not just those used to make the first leg of the call.
> Voicemail, multihop calls, etc come to mind.

I believe that they do.  I dialed tons of extraneous #'s when I thought I 
was being DNRed.  I also discussed various bogus murders with some of my 
friends.. it was quite interesting.  You can never be too safe.. 
        _            __  __      _ _ _        
    _  | |___ _ _   |  \/  |__ _| | (_)_ _   <*>  Jonathan Scott Mallin
   | |_| / _ \ ' \  | |\/| / _` | | | | ' \  <*>  <jmallin at umich.edu>
    \___/\___/_||_| |_|  |_\__,_|_|_|_|_||_| <*>  Email for PGP key 
-> This entire message is (C) 1994 by Jonathan Mallin.  Reproduction is <-
-> prohibited without express written consent.                          <-






From hh at pmantis.berkeley.edu  Thu Feb 17 17:25:54 1994
From: hh at pmantis.berkeley.edu (Eric Hollander)
Date: Thu, 17 Feb 94 17:25:54 PST
Subject: remailers going down
Message-ID: <9402180121.AA15507@pmantis.berkeley.edu>

A non-text attachment was scrubbed...
Name: not available
Type: text/x-pgp
Size: 1257 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/19940217/263b03dd/attachment.bin>

From 72114.1712 at CompuServe.COM  Thu Feb 17 17:40:54 1994
From: 72114.1712 at CompuServe.COM (Sandy)
Date: Thu, 17 Feb 94 17:40:54 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <940218010321_72114.1712_FHF52-1@CompuServe.COM>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Boy, am I glad I started the REAL WORLD ENCRYPTION thread.  The
responses I *didn't* expect were, of course, the most useful.
Some of your assumptions and thoughts really took me by surprise.
As a result, I will be posting a few follow-up messages to
clarify some of the concepts my digital bank compatriots and I
expect to implement in our bank project.

DIGITAL MONEY--One of the assumptions many of you made, was that
"digital money" is some sort of replacement for national
currencies.  It is not.  As Eric Hughes indicated in his recent
post, digital money (or "cryptocash" as Eric said it) is
transactional money.  It's just a way of moving money.

I think it was a misunderstanding of this point that lead someone
to ask if separate digital banks would offer "different digital
money."  When other digital banks open their doors, we will
negotiate procedures to clear inter-bank digital transactions.
This would be done much in the same way that banks now accept
each others' checks.  procedures.  In addition, We have plans for
an even more imaginative solution to this issue.

I will address some other topics in subsequent posts.


 S a n d y

P.S.  For the time being, please send UNencrypted private e-mail
      to my CRL address (sandfort at crl.com).  Please send PGP
      encrypted private e-mail to my AT&T address
      (ssandfort at attmail.com).

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.2

mQCNAisarBkAAAEEAMPHv7QMAR2Ulp55v7MhN1eif09AX2dfgAF4OtOrssSn7s07
dzuXHWN0L6W3XnwbtCxsJxynffwwUQ9FAheNdifNFqIXwO1QGPvlKJEcwTCrzE1f
Jonqzzm0/z8zop4mfpsEPKOwwNCLHqIRRjAV3N2KJkVJlLvSeU5ULTXct1IzAAUR
tCZTYW5keSBTYW5kZm9ydCA8U1NBTkRGT1JUQEFUVE1BSUwuQ09NPokAlQIFECui
Vvvidd4O/2f3CwEBIIED/2yn8/BatDmefA48EEwa3emgj5hSzpWvvYPlf2LLdBEk
FFMKRG1QF9tgZddwfaFWDUMC+9pOYWCzbq3ssTRqMsCDKPOvn5pf4plxHvHcVgZO
9bJ8B8xjkeZpwN5TNF2bldm6RvmiAoNG5A+B6keBnX3bTyxd/b7xXHKw57mvNjGj
=NY1q
-----END PGP PUBLIC KEY BLOCK-----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From CCGARY at MIZZOU1.missouri.edu  Thu Feb 17 17:55:29 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Thu, 17 Feb 94 17:55:29 PST
Subject: STEALTH OCEAN
Message-ID: <9402180153.AA12376@toad.com>



answer to subtopic: Perry doesn't like stealth.

STEALTH is for when it absolutely, positively has to stay encrypted.
That is when it needs to be immune from court orders or in a really,
bad state - automatic imprisonment, or in this state if encryption
is outlawed. I should say when it also must not have a flag that says
"this is encrypted". It is not for the mere outlawing per sey that
stealth is good for.

   I understand you're stand up & flaunt it attitude, but I would like t
remind you that in the 3 cases that I know when federal laws were
gotten rid of because the masses broke them often, some caution was
used by the public. The 3 laws I refer to were 1. fcc regulation against
unlicesened CB's; 2. prohibition anti alcohol law; & 3. federal 55 mph
speed law. In these cases the public made a game out of breaking the
law. I am less clear on the caution used for the CB regulation.

   In these 3 cases, the feds wisely decided that all the laws were
doing was to train the masses to thumb their noses at the feds, & so
got rid of the laws.

   We probably need both flagged & stealth encryption. If the feds
outlaw encryption, we'll have untouchable stealth encryption ready.
Also, STEALTH would be reserved for "serious" encryption.

   It seems to me that the ideal STEALTH will be stenography with
SELF-DECRYPTING ENCRYPTION SOFTWARE. The steg-pictures would hide
strong cryptography (like PGP). After you're done with the software
it will mutate itself to harmless appearances. Maybe something like
the Cheshire Cat.

                                       thank you,
                                       Gary Jeffers


                                       GO TEAM GO! GO TEAM GO!
                                       PUSH EM BACK! PUSH EM BACK!
                                       WAAAYYY BBAACKKK!
                                       BEAAAATTTT STATE!





From 72114.1712 at CompuServe.COM  Thu Feb 17 18:40:54 1994
From: 72114.1712 at CompuServe.COM (Sandy)
Date: Thu, 17 Feb 94 18:40:54 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <940218023605_72114.1712_FHF29-1@CompuServe.COM>



-----BEGIN PGP SIGNED MESSAGE-----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Here is a further explanation how a digital bank would work in
practice.

REAL WORLD INTERFACE--Several of you expressed concern that
digital money could *only* be spent in "cyberspace" or would
otherwise be largely unavailable to you.  Not so.  Through the
use of bank issued debit and ATM cards, you could access their
account funds anonymously, in local currency, from cash machines
throughout the world.  In addition, we will offer our clients
other services which will allow them to "end run" around the need
for cash.

What is a "debit" card?  It is just like a credit card, except
that it is used to debit your bank account immediately rather
than extend you credit--at interest--for later repayment.  They
are issued by Mastercard, Visa and other card companies.  They
look, and are used, just like a regular credit card.  They are
anonymous because there use creates no audit trail pointing to
you.  Further, the bank will keep its records in a jurisdiction
that protects the privacy of such business records.  For the
truly paranoid, the bank will issue corporate debit cards.

More, later.


 S a n d y

P.S.  Please send UNencrypted private e-mail to my CRL address
      (sandfort at crl.com).  Please send PGP encrypted private
      e-mail to my AT&T address (ssandfort at attmail.com).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWQoxk5ULTXct1IzAQGcCQP/ZjsLozNR+GNqlGHYgHIygyuivMWeQxci
ws0GniW8874uKgjN+80VN0puKU7jxp+gm508ibpzQPSMRPKKO4TwD8KchyVFsuoK
F1CGD05L8elJzfSPxqI+JJUPh4aulK4+RbxXHzST4UKlVSjx1cPbvp+I7EvlUVKx
LiDwWNQQsTQ=
=auoN
-----END PGP SIGNATURE-----







From hayden at krypton.mankato.msus.edu  Thu Feb 17 18:50:54 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Thu, 17 Feb 94 18:50:54 PST
Subject: The White House (fwd)
Message-ID: <Pine.3.89.9402172031.A16679-0100000@krypton.mankato.msus.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Forwarded from Gaynet, original author removed, to prevent outing someone 
by accident

- ---------- Forwarded message ----------
Date: Thu, 17 Feb 1994 17:40:14 -0800
From: XXXXXX at xxxxx.xxxxxxx
To: gaynet at queernet.org
Cc: gaynet at queernet.org
Subject: The White House

The White House now has some files available for anonymous FTP & via e-mail.

To get instructions on how to use the service send an e-mail to:

publications at whitehouse.gov

put the words "Send Info" (no quotes) in the body of the e-mail.

You can get transcripts of speeches, etc. Searching on the topic "gay" I
found three entries. All about gays in the military.

BTW, if you want to e-mail Clinton send e-mail to president at whitehouse.gov.

Let's get our foot in his electronic door.

- --------------------------------------------

I know some of the is unrelated, but the fact that the whitehouse has 
stuff available may be relevant.  I haven't used it yet to see what there 
is about clipper and the like.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
- -=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWQtfJ3BsrEqkf9NAQEpQQP/TVnAUjQsARBTJlvpESkj/GobS6TDOMr8
4nsmUczree4S/dbthH7l9SzLKyeelqjhy3k7O2nSTdIECfXJ9UWOzeEB2fBFSud+
xumgMYJrwJh8zH3udmkBk4ex4muw363vN/Bud1UJzUsSChLfHM/zQTuUKTDa+k4P
AmEP3H/b9t4=
=yW4Z
-----END PGP SIGNATURE-----





From an57322 at anon.penet.fi  Thu Feb 17 19:10:54 1994
From: an57322 at anon.penet.fi (T.A.Z.)
Date: Thu, 17 Feb 94 19:10:54 PST
Subject: The Difficulty of Source Level Blocking
Message-ID: <9402180255.AA12330@anon.penet.fi>



Eric wrote:

>>One problem that hasn't been addressed is the social one: how do people
>>choose moderators?
>
>I'm not convinced this needs to be decided up front.  For the first
>such group, whoever hosts the ratings site can decide who gets to
>moderate.  A benign autocrat is ideal in this case.

That may be true, but the benign autocrat of today will all too soon be
replaced by a not-at-all-so-benign fascist, who then has the power to keep
critical post of the net "for the common good".

Just say NO to Usenet moderation.

-=T.A.Z.


-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From hughes at ah.com  Thu Feb 17 19:25:30 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 17 Feb 94 19:25:30 PST
Subject: The Difficulty of Source Level Blocking
In-Reply-To: <9402180255.AA12330@anon.penet.fi>
Message-ID: <9402180320.AA04665@ah.com>


>>For the first
>>such group, whoever hosts the ratings site can decide who gets to
>>moderate.  A benign autocrat is ideal in this case.

>That may be true, but the benign autocrat of today will all too soon be
>replaced by a not-at-all-so-benign fascist, who then has the power to keep
>critical post of the net "for the common good".

You're missing a few qualifiers.  The benign autocrat mentioned above
is for _bootstrapping_ a workable _distribution_ of moderation.  Once
the dynamic of moderator selection is stable, this autocrat then loses
most all power to influence, since the initial distribution of
articles to moderators need not be in any particular place.

>Just say NO to Usenet moderation.

I'm not proposing that every newsgroup be moderated, even in
distributed form.  What I am proposing is a system for a distributedly
moderated newsgroup which can compete for attention with other
newsgroups and other fora.

Eric





From sergey at delbruck.pharm.sunysb.edu  Thu Feb 17 21:00:55 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Thu, 17 Feb 94 21:00:55 PST
Subject: STEALTH OCEANS
Message-ID: <Pine.3.89.9402172335.E9841-0100000@delbruck.pharm.sunysb.edu>


This is my first post to this list, so please don't flame me if I make
some trivial mistake. %->


IDEA Re: making random noise files "undetectable"...
~~~~~~~  On many machines the file system allows users to "delete" files
         without actually deleting them.  This is usually accomplished by
         simply marking the disk blocks that make up the file as free.
         Thus it should be possible to write an encrypted (noise) file on 
         to disk, pad the rest of the disk with more noise and "delete" the
         whole thing, making the disk look blank to all casual observers.

PROBLEM: If the above idea is implemented, one could not write on to the
~~~~~~~  the disk for fear of accidentaly overwriting the "free" disk blocks.

SOLUTION: Knowing the _exact_ location and size of the file, one could write 
~~~~~~~~  directly to those block which are _really_ free.

2nd PROBLEM: In order to decrypt the file, one needs to know it's 
~~~~~~~~~~~  _exact_ location and size (or use some undelete util)...
             Which brings me to the...

3rd PROBLEM: An undelete utility could make recovering the encrypted
~~~~~~~~~~~  file trivial for _anyone_.

SOLUTION: Make the file undetectable to udelete utilitys by modifying
~~~~~~~~  the FAT table, or equivalent.  One would, of course, have to keep
          track of the file in some other, non-standard, way.

FINAL(?) PROBLEM: Implementing the above idea is trivial for the average
~~~~~~~~~~~~~~~~  user.  Making and recovering truely undetectable files 
                  may not be.


                                 All feedback welcome,

                                     Sergey






From pckizer at tamu.edu  Thu Feb 17 21:15:31 1994
From: pckizer at tamu.edu (Philip Kizer)
Date: Thu, 17 Feb 94 21:15:31 PST
Subject: ATM ftp?
In-Reply-To: <9402171913.AA10824@netmail2.microsoft.com>
Message-ID: <9402180513.AA14273@gonzo.tamu.edu>


-----BEGIN PGP SIGNED MESSAGE-----

> Well friends and neighbors, due to the high demand for the ATM tutorial, who
> has an anonymous ftp site that I can put the text file into? Enclosed is my
> public key for anyone that needs it.

OK...Ophir has put this file on ftp.tamu.edu, and I moved it to a suitable
location.


I put it in   ftp://ftp.tamu.edu/pub/documents/atmtutor.txt.gz


(and we're using the wuarchive ftpd, so it can be
 retreived uncompressed by leaving off the ".gz")


Enjoy,
pc

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWRLeLZspOMRmJBhAQEZOQP/dXO6AR0C0NmwO89a2zAsQUufr6ouE8UT
Z/VmhPm4v6SevKROyAKq+YeTD+FenF5ENonacOe6/+HZitzJBNQd/zlZhHbNMngc
B+OGZ/ReF5wa7JVoayhWr/UuPkwoFfK4uqhmvkPCjRUHcV2TeLYuVrIWERuWIFrp
lEQ4o6xrR48=
=f6rr
-----END PGP SIGNATURE-----


PS: pgp key by finger pckizer at ns.tamu.edu; follow instructions


____________________________________________________________ Philip Kizer ___
Texas A&M CIS Operating Systems Group, Unix ( 409.862.4120 ) pckizer at tamu.edu

"Relying on the government to protect your privacy is like asking a peeping
tom to install your window blinds." -John Perry Barlow, EFF co-founder





From debarett at well.sf.ca.us  Thu Feb 17 21:25:31 1994
From: debarett at well.sf.ca.us (Deborah Barett)
Date: Thu, 17 Feb 94 21:25:31 PST
Subject: Bacard & Barlow: Defend Privacy!
Message-ID: <199402180453.UAA03377@well.sf.ca.us>


***************** Please Distribute Widely ****************
 
Colleagues and Friends,
 
Do you want the United States government to monitor your posts on
this Newsgroup and to read your "private" e-mail? Computer privacy
experts have issued an URGENT APPEAL for your help!!
 
Enclosed you will find 1) "Help CPSR Clip Clipper!" -- a brief
summary of the Clipper Chip assault against you written by Andre
Bacard and 2) "Jackboots on the Infobahn" -- an essay scheduled for
publication in WIRED magazine and written by John Perry Barlow --
which discusses the Clipper Chip in scary detail. Read what Vice
President Al Gore thinks about your privacy. Both articles give
PRACTICAL advise on how you can protect your privacy.
 
At this moment, the U.S. Government is working to force computer
manufacturers to install a so-called "Clipper Chip" into your
computers and telephones, at home and at work. This encryption chip
system would stop you and me from eavesdropping on each other.
However, it would give Big Brother power to eavesdrop on ALL
computer and telephone systems. Your tax dollars are paying for
this unprecedented attack against your privacy.
 
CPSR [Computer Professionals for Social Responsibility], in
particular, Dave Banisar, Marc Rotenberg and David Sobel in the
Washington. D.C. office, are leading the fight against the Clipper
Chip.
 
Banisar, Rotenberg, Sobel, and all Americans need your help.
 
It's expensive to navigate Washington's corridors of power, to
lobby, to file lawsuits, and to protect every American citizen's
right to privacy.
 
Should we let Clipper Chips squash our privacy to the size of a
silicon chip?
 
How much is your freedom & privacy worth to you? Please join me,
colleagues and friends. Pull out your checkbook and help CPSR.
 
Please send tax-deductible checks to:
 
CPSR
Box 717
Palo Alto, CA 94302-0717
(415) 322-3778 (voice) or <clipper at washofc.cpsr.org>
 
See you in the future,
Andre
 
This letter was written and authorized solely by me, a private
citizen, concerned about preserving democracy.
------------------------------------------------------------
Andre Bacard           | Bacard authored the book "Hunger for
Box 3009               | Power: Who Rules the World and How."
Stanford, CA 94309     | He writes a "Technology & Society"
abacard at well.sf.ca.us  | column and has been interviewed on
                       | hundreds of radio talk shows.
 
Bacard supports the Electronic Frontier Foundation and Computer
Professionals for Social Responsibility. Info at <info at eff.org>  
and at <cpsr at cpsr.org>.
 
            "He only earns his freedom and existence,
                 who daily conquers them anew."
                      [Goethe, FAUST (1832)]
------------------------------------------------------------
 
***** Now the Barlow article *******
 
=-=-Copyright 1993,4 Wired USA Ltd.  All Rights Reserved=-=-=-=-=-=
For complete copyright information, please see the end of this file
-=-=
 
WIRED 2.04
Electrosphere
*************
 
Jackboots on the Infobahn
 
Clipper is a last ditch attempt by the United States, the last
great power from the old Industrial Era, to establish imperial
control over cyberspace.
 
By John Perry Barlow
 
 
[Note: The following article will appear in the April 1994 issue of
WIRED. We, the editors of WIRED, are net-casting it now in its
pre-published form as a public service. Because of the vital and
urgent nature of its message, we believe readers on the Net should
hear and take action now. You are free to pass this article on
electronically; in fact we urge you to replicate it throughout the
net with our blessings. If you do, please keep the copyright
statements and this note intact. For a complete listing of
Clipper-related resources available through WIRED Online, send
email to <infobot at wired.com> with the following message: "send
clipper.index". - The Editors of WIRED]
 
On January 11, I managed to schmooze myself aboard Air Force 2. It
was flying out of LA, where its principal passenger had just
outlined his vision of the information superhighway to a suited mob
of television, show- biz, and cable types who  fervently hoped to
own it one day - if they could ever figure out what the hell it
was.
 
>From the standpoint of the Electronic Frontier Foundation the
speech had been wildly encouraging. The administration's program,
as announced by Vice President Al Gore, incorporated many of the
concepts of open competition, universal access, and  deregulated
common carriage that we'd been pushing for the previous year.
 
But he had said nothing about the future of privacy, except to cite
among the bounties of the NII its ability to "help law enforcement
agencies thwart criminals and terrorists who might use advanced
telecommunications to commit crimes."
 
On the plane I asked Gore what this implied about administration
policy on cryptography. He became as noncommittal as a cigar-store
Indian. "We'll be making some announcements.... I can't tell you
anything more." He hurried to the front of the  plane, leaving me
to troubled speculation.
 
Despite its fundamental role in assuring privacy, transaction
security, and reliable identity within the NII, the Clinton
administration has not demonstrated an enlightenment about
cryptography up to par with the rest of its digital vision.
 
The Clipper Chip - which threatens to be either the goofiest waste
of federal dollars since President Gerald Ford's great Swine Flu
program or, if actually deployed, a surveillance technology of
profound malignancy - seemed at first an ugly legacy  of the
Reagan-Bush modus operandi. "This is going to be our Bay of Pigs,"
one Clinton White House official told me at the time Clipper was
introduced, referring to the disastrous plan to invade Cuba that
Kennedy inherited from Eisenhower.
 
(Clipper, in case you're just tuning in, is an encryption chip that
the National Security Agency and FBI hope will someday be in every
phone and computer in America. It scrambles your communications,
making them unintelligible to all but their  intended recipients.
All, that is, but the government, which would hold the "key" to
your chip. The key would separated into two pieces, held in escrow,
and joined with the appropriate "legal authority.")
 
Of course, trusting the government with your privacy is like having
a Peeping Tom install your window blinds. And, since the folks I've
met in this White House seem like extremely smart, conscious
freedom-lovers - hell, a lot of them are Deadheads -  I was sure
that after they were fully moved in, they'd face down the National
Security Agency and the FBI, let Clipper die a natural death, and
lower the export embargo on reliable encryption products.
 
Furthermore, the National Institutes of Standards and Technology
and the
National Security Council have been studying both Clipper and
export embargoes since April. Given that the volumes of expert
testimony they had collected overwhelmingly opposed  both, I
expected the final report would give the administration all the
support it needed to do the right thing.
 
I was wrong. Instead, there would be no report. Apparently, they
couldn't draft one that supported, on the evidence, what they had
decided to do instead.
 
THE OTHER SHOE DROPS
 
On Friday, February 4, the other jackboot dropped. A series of
announcements from the administration made it clear that
cryptography would become their very own "Bosnia of
telecommunications" (as one staffer put it). It wasn't just that
the old  Serbs in the National Security Agency and the FBI were
still making the calls. The alarming new reality was that the
invertebrates in the White House were only too happy to abide by
them. Anything to avoid appearing soft on drugs or terrorism.
 
So, rather than ditching Clipper, they declared it a Federal Data
Processing Standard, backing that up with an immediate government
order for 50,000 Clipper devices. They appointed the National
Institutes of Standards and Technology and the  Department of
Treasury as the "trusted" third parties that would hold the Clipper
key pairs. (Treasury, by the way, is also home to such trustworthy
agencies as the Secret Service and the Bureau of Alcohol, Tobacco,
and Firearms.)
 
They reaffirmed the export embargo on robust encryption products,
admitting for the first time that its purpose was to stifle
competition to Clipper. And they outlined a very porous set of
requirements under which the cops might get the keys to your  chip.
(They would not go into the procedure by which the National
Security Agency could get them, though they assured us it was
sufficient.)
 
They even signaled the impending return of the dread Digital
Telephony, an FBI legislative initiative requiring fundamental
reengineering of the information infrastructure; providing
wiretapping ability to the FBI would then become the paramount 
design priority.
 
INVASION OF THE BODY SNATCHERS
 
Actually, by the time the announcements thudded down, I wasn't
surprised by them. I had spent several days the previous week in
and around the White House.
 
I felt like I was in another remake of The Invasion of the Body
Snatchers. My friends in the administration had been transformed.
They'd been subsumed by the vast mindfield on the other side of the
security clearance membrane, where dwell the  monstrous
bureaucratic organisms that feed on fear. They'd been infected by
the institutionally paranoid National Security Agency's
Weltanschauung.
 
They used all the telltale phrases. Mike Nelson, the White House
point man on the NII, told me, "If only I could tell you what I
know, you'd feel the same way I do." I told him I'd been inoculated
against that argument during Vietnam. (And it does  seem to me that
if you're going to initiate a process that might end freedom in
America, you probably need an argument that isn't classified.)
 
Besides, how does he know what he knows? Where does he get his
information? Why, the National Security Agency, of course. Which,
given its strong interest in the outcome, seems hardly an
unimpeachable source.
 
However they reached it, Clinton and Gore have an astonishingly
simple bottom line, to which even the future of American liberty
and prosperity is secondary: They believe that it is their
responsibility to eliminate, by whatever means, the  possibility
that some terrorist might get a nuke and use it on, say, the World
Trade Center. They have been convinced that such plots are more
likely to ripen to hideous fruition behind a shield of encryption.
 
The staffers I talked to were unmoved by the argument that anyone
smart enough to steal a nuclear device is probably smart enough to
use PGP or some other uncompromised crypto standard. And never mind
that the last people who popped a hooter in the  World Trade Center
were able to get it there without using any cryptography and while
under FBI surveillance.
 
We are dealing with religion here. Though only ten American lives
have been lost to terrorism in the last two years, the primacy of
this threat has become as much an article of faith with these guys
as the Catholic conviction that human life begins  at conception or
the Mormon belief that the Lost Tribe of Israel crossed the
Atlantic in submarines.
 
In the spirit of openness and compromise, they invited the
Electronic Frontier Foundation to submit other solutions to the
"problem" of the nuclear-enabled terrorist than key escrow devices,
but they would not admit into discussion the argument that  such a
threat might, in fact, be some kind of phantasm created by the
spooks to ensure their lavish budgets into the post-Cold War era.
 
As to the possibility that good old-fashioned investigative
techniques might be more valuable in preventing their show-case
catastrophe (as it was after the fact in finding the alleged
perpetrators of the last attack on the World Trade Center), they 
just hunkered down and said that when wiretaps were necessary, they
were damned well necessary.
 
When I asked about the business that American companies lose
because of their inability to export good encryption products, one
staffer essentially dismissed the market, saying that total world
trade in crypto goods was still less than a billion  dollars.
(Well, right. Thanks more to the diligent efforts of the National
Security Agency than to dim sales potential.)
 
I suggested that a more immediate and costly real-world effect of
their policies would be to reduce national security by isolating
American commerce, owing to a lack of international confidence in
the security of our data lines. I said that Bruce  Sterling's
fictional data-enclaves in places like the Turks and Caicos Islands
were starting to look real-world inevitable.
 
They had a couple of answers to this, one unsatisfying and the
other scary. The unsatisfying answer was that the international
banking community could just go on using DES, which still seemed
robust enough to them. (DES is the old federal Data  Encryption
Standard, thought by most cryptologists to be nearing the end of
its credibility.)
 
More frightening was their willingness to counter the data-enclave
future with one in which no data channels anywhere would be secure
from examination by one government or another. Pointing to unnamed
other countries that were developing their own  mandatory standards
and restrictions regarding cryptography, they said words to the
effect of, "Hey, it's not like you can't outlaw the stuff. Look at
France."
 
Of course, they have also said repeatedly - and for now I believe
them - that they have absolutely no plans to outlaw non-Clipper
crypto in the US. But that doesn't mean that such plans wouldn't
develop in the presence of some pending "emergency."  Then there is
that White House briefing document, issued at the time Clipper was
first announced, which asserts that no US citizen "as a matter of
right, is entitled to an unbreakable commercial encryption
product."
 
Now why, if it's an ability they have no intention of contesting,
do they feel compelled to declare that it's not a right? Could it
be that they are preparing us for the laws they'll pass after some
bearded fanatic has gotten himself a surplus nuke  and used
something besides Clipper to conceal his plans for it?
 
If they are thinking about such an eventuality, we should be doing
so as well. How will we respond? I believe there is a strong,
though currently untested, argument that outlawing unregulated
crypto would violate the First Amendment, which surely  protects
the manner of our speech as clearly as it protects the content.
 
But of course the First Amendment is, like the rest of the
Constitution, only as good as the government's willingness to
uphold it. And they are, as I say, in the mood to protect our
safety over our liberty.
 
This is not a mind-frame against which any argument is going to be
very effective. And it appeared that they had already heard and
rejected every argument I could possibly offer.
 
In fact, when I drew what I thought was an original comparison
between their stand against naturally proliferating crypto and the
folly of King Canute (who placed his throne on the beach and
commanded the tide to leave him dry), my government  opposition
looked pained and said he had heard that one almost as often as
jokes about roadkill on the information superhighway.
 
I hate to go to war with them. War is always nastier among friends.
Furthermore, unless they've decided to let the National Security
Agency design the rest of the National Information Infrastructure
as well, we need to go on working closely with  them on the whole
range of issues like access, competition, workplace privacy, common
carriage, intellectual property, and such. Besides, the
proliferation of strong crypto will probably happen eventually no
matter what they do.
 
But then again, it might not. In which case we could shortly find
ourselves under a government that would have the automated ability
to log the time, origin and recipient of every call we made, could
track our physical whereabouts continuously,  could keep better
account of our financial transactions than we do, and all without
a warrant. Talk about crime prevention!
 
Worse, under some vaguely defined and surely mutable "legal
authority," they also would be able to listen to our calls and read
our e-mail without having to do any backyard rewiring. They
wouldn't need any permission at all to monitor overseas calls.
 
If there's going to be a fight, I'd rather it be with this
government than the one we'd likely face on that hard day.
 
Hey, I've never been a paranoid before. It's always seemed to me
that most governments are too incompetent to keep a good plot
strung together all the way from coffee break to quitting time. But
I am now very nervous about the government of the  United States of
America.
 
Because Bill 'n' Al, whatever their other new-paradigm virtues,
have allowed the very old-paradigm trogs of the Guardian Class to
define as their highest duty the defense of America against an
enemy that exists primarily in the imagination - and is  therefore
capable of anything.
 
To assure absolute safety against such an enemy, there is no limit
to the liberties we will eventually be asked to sacrifice. And,
with a Clipper Chip in every phone, there will certainly be no
technical limit on their ability to enforce those  sacrifices.
 
WHAT YOU CAN DO
 
GET CONGRESS TO LIFT THE CRYPTO EMBARGO
 
The administration is trying to impose Clipper on us by
manipulating market forces. By purchasing massive numbers of
Clipper devices, they intend to induce an economy of scale which
will make them cheap while the export embargo renders all 
competition either expensive or nonexistent.
We have to use the market to fight back. While it's unlikely that
they'll back down on Clipper deployment, the Electronic Frontier
Foundation believes that with sufficient public involvement, we can
get Congress to eliminate the export embargo.
 
Rep. Maria Cantwell, D-Washington, has a bill (H.R. 3627) before
the Economic Policy, Trade, and Environment Subcommittee of the
House Committee on Foreign Affairs that would do exactly that. She
will need a lot of help from the public. They may not  care much
about your privacy in DC, but they still care about your vote.
 
Please signal your support of H.R. 3627, either by writing her
directly or e-mailing her at cantwell at eff.org. Messages sent to
that address will be printed out and delivered to her office. In
the subject header of your message, please include the  words
"support HR 3627." In the body of your message, express your
reasons for supporting the bill. You may also express your
sentiments to Rep. Lee Hamilton, D-Indiana, the House Committee on
Foreign Affairs chair, by e-mailing hamilton at eff.org.
 
Furthermore, since there is nothing quite as powerful as a letter
from a constituent, you should check the following list of
subcommittee and committee members to see if your congressional
representative is among them. If so, please copy them your  letter
to Rep. Cantwell.
 
  Economic Policy, Trade, and Environment Subcommittee:
 
Democrats: Sam Gejdenson (Chair), D-Connecticut; James Oberstar, D-
Minnesota; Cynthia McKinney, D-Georgia; Maria Cantwell,
D-Washington; Eric Fingerhut, D-Ohio; Albert R. Wynn, D-Maryland;
Harry Johnston, D-Florida; Eliot Engel, D-New York; Charles
Schumer, D-New York.
 
Republicans: Toby Roth (ranking), R-Wisconsin; Donald Manzullo,
R-Illinois; Doug Bereuter, R-Nebraska; Jan Meyers, R-Kansas; Cass
Ballenger, R-North Carolina; Dana Rohrabacher, R-California.
 
> House Committee on Foreign Affairs:
 
Democrats: Lee Hamilton (Chair), D-Indiana; Tom Lantos,
D-California; Robert Torricelli, D-New Jersey; Howard Berman,
D-California; Gary Ackerman, D-New York; Eni Faleomavaega, D-Somoa;
Matthew Martinez, D- California; Robert Borski, D-Pennsylvania; 
Donal Payne, D-New Jersey; Robert Andrews, D-New Jersey; Robert
Menendez, D-New Jersey; Sherrod Brown, D-Ohio; Alcee Hastings,
D-Florida; Peter Deutsch, D-Florida; Don Edwards, D-California;
Frank McCloskey, D-Indiana; Thomas Sawyer, D-Ohio; Luis Gutierrez,
D-Illinois.
 
Republicans: Benjamin Gilman (ranking), R-New York; William
Goodling, R- Pennsylvania; Jim Leach, R-Iowa; Olympia Snowe,
R-Maine; Henry Hyde, R- Illinois; Christopher Smith, R-New Jersey;
Dan Burton, R-Indiana; Elton Gallegly, R-California; Ileana 
Ros-Lehtinen, R-Florida; David Levy, R-New York; Lincoln
Diaz-Balart, R-Florida; Ed Royce, R-California.
 
 
BOYCOTT CLIPPER DEVICES AND THE COMPANIES WHICH MAKE THEM.
 
Don't buy anything with a Clipper Chip in it. Don't buy any product
from a company that manufactures devices with Big Brother inside.
It is likely that the government will ask you to use Clipper for
communications with the IRS or when doing business  with federal
agencies. They cannot, as yet, require you to do so. Just say no.
 
LEARN ABOUT ENCRYPTION AND EXPLAIN THE ISSUES TO YOUR UNWIRED
FRIENDS
 
The administration is banking on the likelihood that this stuff is
too technically obscure to agitate anyone but nerds like us. Prove
them wrong by patiently explaining what's going on to all the
people you know who have never touched a computer and  glaze over
at the mention of words like "cryptography."
 
Maybe you glaze over yourself. Don't. It's not that hard. For some
hands-on experience, download a copy of PGP - Pretty Good Privacy
- a shareware encryption engine which uses the robust RSA
encryption algorithm. And learn to use it.
 
GET YOUR COMPANY TO THINK ABOUT EMBEDDING REAL CRYPTOGRAPHY IN ITS
PRODUCTS
 
If you work for a company that makes software, computer hardware,
or any kind of communications device, work from within to get them
to incorporate RSA or some other strong encryption scheme into
their products. If they say that they are afraid to  violate the
export embargo, ask them to consider manufacturing such products
overseas and importing them back into the United States. There
appears to be no law against that. Yet.
 
You might also lobby your company to join the Digital Privacy and
Security Working Group, a coalition of companies and public
interest groups - including IBM, Apple, Sun, Microsoft, and,
interestingly, Clipper phone manufacturer AT&T - that is  working
to get the embargo lifted.
 
ENLIST!
 
Self-serving as it sounds coming from me, you can do a lot to help
by becoming a member of one of these organizations. In addition to
giving you access to the latest information on this subject, every
additional member strengthens our credibility  with Congress.
 
Join the Electronic Frontier Foundation by writing
membership at eff.org.
 
Join Computer Professionals for Social Responsibility by e-mailing
cpsr.info at cpsr
 
.org. CPSR is also organizing a protest, to which you can lend your
support by sending e-mail to clipper.petition at cpsr.org with "I
oppose Clipper" in the message body. Ftp/gopher/WAIS to cpsr.org
/cpsr/privacy/ crypto/clipper for more info.
 
In his LA speech, Gore called the development of the NII "a
revolution." And it is a revolutionary war we are engaged in here.
Clipper is a last ditch attempt by the United States, the last
great power from the old Industrial Era, to establish imperial
control over cyberspace. If they win, the most liberating
development in the history of humankind could become, instead, the
surveillance system which will monitor our grandchildren's
morality. We can be better ancestors than that.
 
San Francisco, California
 
Wednesday, February 9, 1994
 
                                   * * *
John Perry Barlow (barlow at eff.org) is co-founder and Vice-Chairman
of the Electronic Frontier Foundation, a group which defends
liberty, both in Cyberspace and the Physical World. He has three
daughters.
 
 
=-=-=-=-=-=-=-=-=-=-=-=WIRED Online Copyright
Notice=-=-=-=-=-=-=-=-=-=-=-=
 
           Copyright 1993,4 Wired USA Ltd.  All rights reserved.
 
  This article may be redistributed provided that the article and
this notice remain intact. This article may not under any
circumstances be resold or redistributed for compensation of any
kind without prior written permission from Wired Ventures, Ltd.
 





From jpp at markv.com  Thu Feb 17 21:50:56 1994
From: jpp at markv.com (jpp at markv.com)
Date: Thu, 17 Feb 94 21:50:56 PST
Subject: Real world crypto problems -- Usenet
In-Reply-To: <9402171652.AA00789@igi.psc.edu>
Message-ID: <9402172146.aa00836@hermix.markv.com>


Summary:  Use (anonymous) certificates to fix Usenet, and mailing lists.

  I think this message is interesting to the readers of cypherpunks
because it describes the a decentralized, crypto supported, solution
to the problems of e-speach in e-public places.

  If a message is found on a usenet group, a mailing list, or any
other 'e-public' space for that matter, one is tempted to assume that
its content is apropriate for the space, and interesting.  But who
certified that?  On moderated lists, the moderator(s) did, and things
usualy go a little more smoothly.  On unmoderated lists, only the
author.

  Were there a way to attach signed judgements to posted articles (as
articles naturally), you could program your mail reader to skip
articles which aren't judged highly enough by your favorite judges.
Then, the flames would die away -- few people would judge them
interesting enough.

  The incentive for the reader is to improve their judgment of judges,
and so spend more time reading good stuff (neural net learning
anyone?).  The incentive for the judges is to earn 'reps' or money
(how to sell judgements?).  The incentive for the poster is to be
heard (improving their 'rep'), and so if no (important, in the
poster's opinion) judges like their stuff, they will feel an incentive
to improve their posts.

  Naturally the anarchist in me feels that any person shoud be able to
act as reader, poster, or judge at any time.

  What Usenet, this, and other lists lack are digital reputations.  I
belive it is a 'real world' problem which is aproaching the size of
the 'private email' problem.  I am going to abandon the private IP
stuff for a little while, and see if I can hack up a pseudonymous
certificate system ala Chaum from the bones of magic money.

j'
--
		   O I am Jay Prime Positive jpp at markv.com
1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5  89 C9 F0 FE B4 3A 2C 3F
 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED  66 23 F1 71 DE FF 51 48
Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com
Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com

Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org





From szabo at netcom.com  Fri Feb 18 00:10:56 1994
From: szabo at netcom.com (Nick Szabo)
Date: Fri, 18 Feb 94 00:10:56 PST
Subject: Mimicry
In-Reply-To: <Pine.3.89.9402172335.E9841-0100000@delbruck.pharm.sunysb.edu>
Message-ID: <199402180810.AAA23236@mail.netcom.com>



Specific comment:

Sergey Goldgaber suggests hiding files amongst the disk blocks
marked "deleted" by the filesystem.  

This sounds practically equivalent to implementing an alternative file 
system with its own FAT, etc.  In addition to the problems and solutions
Sergey mentioned, the true/surface/original filesystem must be slightly
modified so that it doesn't bash the hidden filesystem in the
process of making new files.  Of course, it will look rather funny
when the disk runs out of space several tens of megabytes below
the manufacturer's specs.  

This hidden file system feature might fit in naturally with
SecureDrive which implements an encrypted file system.

General comments:

Encryption and mimicry are both a matter of economics.
Unfortuneately, as with most mimicry, the effort needed to
find the hidden filesystem is easier than the effort needed
to implement and maintain the hidden filesystem.  ("Effort"
here is primarily programmer and user effort, not computer
resources).

It also costs to hide encrypted data in noise; in this case
the cost is mostly bandwidth.  This must be traded off with the
fact that nobody is going to be either (a) banning compression or
noise-containing data or (b) sampling significant fractions of 
compressed and noisy files that cross the net to see if they're 
actually encrypted.  Both passage and enforcement of anti-cryptography 
laws will be greatly discouraged by widespread use of mimicry
(including steganography).

This is also a good opportunity to put in my plug _in favor_
of "security through obscurity" as a good practical solution to
some problems.  For example, the task of scanning the net gets 
super-linearly more expensive with the number of data formats used 
(since the cost of implementing software is super-linear with its raw 
complexity).  Simply having a wide variety of fax, compression, sound, 
video, encryption, etc. formats will quickly make the cost of
automated scanning efforts prohibitive.  Interoperability
favors standardization, but security and privacy favor
incompatability with the popular formats used by the snoopers.  

Nick Szabo				szabo at netcom.com




From sergey at delbruck.pharm.sunysb.edu  Fri Feb 18 01:15:32 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Fri, 18 Feb 94 01:15:32 PST
Subject: Mimicry
In-Reply-To: <199402180810.AAA23236@mail.netcom.com>
Message-ID: <Pine.3.89.9402180337.L9841-0100000@delbruck.pharm.sunysb.edu>




On Fri, 18 Feb 1994, Nick Szabo wrote:
 
> Sergey Goldgaber suggests hiding files amongst the disk blocks
> marked "deleted" by the filesystem.  
> 
> This sounds practically equivalent to implementing an alternative file 
> system with its own FAT, etc.  

Actually, in it's simplest form, it is much easier to hide files by 
deleting them than by implementing an alternative file system.  
Theoretically, the former method should be enough for most of those 
concerned with having telltale "noise" files on their disks.  Using an 
alternative file system might, for them, be almost as revealing as having 
"noise" files.

>                                In addition to the problems and solutions
> Sergey mentioned, the true/surface/original filesystem must be slightly
> modified so that it doesn't bash the hidden filesystem in the
> process of making new files.  

We can assume that the legitimate user would be aware of this drawback, 
and would take measures not to write over the files he has hidden.
I see no absolute _need_ to modify the filesystem.  A simple utility that 
can write files to specific disk locations is all that is required.

>                               Of course, it will look rather funny
> when the disk runs out of space several tens of megabytes below
> the manufacturer's specs.  
> 

This is only a problem if you modify the filesystem.  The standard 
filesystem will simply write over the deleted files; or, if one is using 
the above mentioned utility, one would write onto a truely free portion 
of the disk.  We can assume that the only an intruder would unknowingly 
write a file onto the disk without using the special utility (thus 
overwriting the hidden encrypted file, and doing the legitimate user a 
favor by destroying the evidence).

-- STUFF DELETED --

                 
                  All feedback welcome,

                       Sergey


PS: I agree with your statement about "security through obscurity"
    sometimes being a good practical solution.






From kryten at shell.portal.com  Fri Feb 18 02:20:57 1994
From: kryten at shell.portal.com (Greg - Kucharo)
Date: Fri, 18 Feb 94 02:20:57 PST
Subject: Source Level
Message-ID: <199402181017.CAA23112@jobe.shell.portal.com>


 Eric,
 In your idea to give usenet users a chance to have competing moderated groups
with unmoderated ones.Don't you think that the large numbers who want a 
moderated group will kill all demand for the unmoderated ones?Then we would be
left with only moderated groups,who grated would have more signal to noise but
less lively debate.People post so much to groups because they know they can in
a free manner,moderation would slow the onslaught of banal posts and plenty of
posts from folks who think thier ideas too wild for the moderator.Remember the
root of moderator is moderate.As in,"This food is moderately good."

Greg.
kryten at shell.portal.com            "This space available"





From MIKEINGLE at delphi.com  Fri Feb 18 02:31:00 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Fri, 18 Feb 94 02:31:00 PST
Subject: Hiding data
Message-ID: <01H90PQGXLSI8ZE4V9@delphi.com>


To hide data on a hard drive, just optimize the hard drive with SpeedDisk
or a similar program. This puts everything at the beginning. Now write the
secret stuff from the end back. DOS allocates from the beginning out, so if
you keep plenty of empty space on the disk, the secret data shouldn't get
clobbered. If you have enough memory to hold all your secret data, you could
zip the RAMdisk and write the encrypted ZIP from the end back.

There is also a blank track. After the partition table, that whole first
track is blank and never written to. The Linux boot program installs itself
there and lets you choose an operating system to boot.

Is there any way to read data back from a laser printer's memory? PCL lasers
allow you to create macros, and these can hold image files. In this way a
large amount of data can be put into the printer and stored there. Is there
any way to get it back into the computer? Anyone seizing/stealing (any
difference?) a computer would probably not check the printer for data
before unplugging it.

An assembler called A86 hides a signature in an executable by changing how
it generates instructions. Some instructions can be generated with two or
more equivalent forms. The assembler switches between them, encoding a bit
with each of those instructions.

As someone pointed out in a prior iteration of the steganography debate, if
steganography becomes the only way to communicate privately, we have already
lost the battle.

--- Mike





From nowhere at bsu-cs.bsu.edu  Fri Feb 18 03:25:33 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Fri, 18 Feb 94 03:25:33 PST
Subject: No Subject
Message-ID: <9402181125.AA03099@bsu-cs.bsu.edu>


 I found this on the net someplace


HACKTIC.NL Now has an encrypted remailer :)

with the calgary remailer this could get interesting ...



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCNAi1UdrEAAAEEALWuDmA6RLFilJQrzx/GHsBiZ5ODwkwaDITQEAANq8y9q4WJ
9NZ2WB0/m1sQ0YVvlm2tH9UlvxQ1JeGf9gamBCTtcY/dENRwXlRa/JEh4cGSeeFS
cPGiBg4MxEWWHYep/aCT4asltdOqS3NRqqm+X571YEDoWXqd86QBed+kEHu5AAUR
tC9IYWNrLVRpYyBBbm9ueW1vdXMgUmVtYWlsZXIgPHJlbWFpbEBoYWNrdGljLm5s
PokAVQIFEC1WFN+UcphdeZT3BQEBk2wB/0UREDxp4Bj+os5mNyDkx+YTfYJO14Wz
emTdDyn7x/uib7PMXGkTmCO1bSG5W92G0RnVetmlo1SmDpGEgFTtCv0=
=RP9M
-----END PGP PUBLIC KEY BLOCK-----







From matsb at sos.sll.se  Fri Feb 18 05:11:05 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Fri, 18 Feb 94 05:11:05 PST
Subject: killfiles
In-Reply-To: <9402152048.AA23122@ah.com>
Message-ID: <Pine.3.85.9402181313.A8772-0100000@cor.sos.sll.se>



 Eric Hughes wrote:

> A set of remailers isolated from a restriction cooperative is a fully
> operative set of remailers.  Adding them to the killfile doesn't
> prevent these remailers from directly posting and directly mailing.

Are there any killfiles for mail around? I mean like scripts for killing 
selected 'from's in Mail,Elm or, hopefully, Pine?







From nobody at soda.berkeley.edu  Fri Feb 18 05:41:04 1994
From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu)
Date: Fri, 18 Feb 94 05:41:04 PST
Subject: Source Level
Message-ID: <199402181336.FAA01356@soda.berkeley.edu>


On Fri, 18 Feb 1994, Greg - Kucharo wrote:

>  Eric,
>  In your idea to give usenet users a chance to have competing moderated groups
> with unmoderated ones.Don't you think that the large numbers who want a 
> moderated group will kill all demand for the unmoderated ones?Then we would be
> left with only moderated groups,who grated would have more signal to noise but
> less lively debate.People post so much to groups because they know they can in
> a free manner,moderation would slow the onslaught of banal posts and plenty of
> posts from folks who think thier ideas too wild for the moderator.Remember the
> root of moderator is moderate.As in,"This food is moderately good."
> 
> Greg.
> kryten at shell.portal.com            "This space available"
> 
> 
	i for one would stick to the UNmoderated groups.  I think that 
many people thrive on the chaos there and the openess.  I personally 
don't think I would like to have to submit articles for some guys 
approval, just something uncool about it to me.  I don't mean uncool, 
like fashion, I mean it just doesnt fit with my idea of free exchange of 
ideas. I mean no matter how much you stress that the moderator be lenient 
and open you are gonna run into problems.  The Inet is full, or should I 
say fool, of BIG fuckin egos, and they have a nifty way of clashing.  A 
moderator just doesnt fit into my free exchange idea.  Too much like an 
"Official(tm)" thing to me, and i don't particulalry take to official 
things.  To me the beauty of usenet is the chaos and mass amounts of 
info, even the noise that goes flying thru it.  Without that it would be 
just like every other stale BBS forum with no edge and no fun.


wow, these remailers are neat





From 68954 at brahms.udel.edu  Fri Feb 18 05:51:05 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Fri, 18 Feb 94 05:51:05 PST
Subject: usenet gateway
Message-ID: <Pine.3.89.9402180815.A2365-0100000@brahms.udel.edu>




	Hmm, I tried to route a letter thru a remailer and to the usenet 
gateway at cs.utexas.edu and it has shown no bounce back or appeared in 
the propernewsgroup.  Is the utexas place still operating?

Or, did I do something wrong.  Basically what I did, was hit "R" in trn 
in order to make a reply, then I edited the headers and added the 
neccesary lines to forward the mail thru the remailer. hmm, or is the 
utexas place slow at sending out articles?

	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From julf at penet.fi  Fri Feb 18 06:05:34 1994
From: julf at penet.fi (Johan Helsingius)
Date: Fri, 18 Feb 94 06:05:34 PST
Subject: Enuf is enuf!
In-Reply-To: <199402172128.NAA09689@mail.netcom.com>
Message-ID: <199402181400.AA00949@lassie.eunet.fi>



> Yes, I, too have a Compuserve account - I use it for about 10 minutes a
> month, usually for figuring out airline schedules and surfing Newsgrid.

Isn't there any way we could make even that stuff available on the Internet,
so that there wouldn't be any need to use CS at all?

	Julf






From hughes at ah.com  Fri Feb 18 06:45:36 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 18 Feb 94 06:45:36 PST
Subject: Enuf is enuf!
In-Reply-To: <199402181400.AA00949@lassie.eunet.fi>
Message-ID: <9402181440.AA05829@ah.com>


>> Yes, I, too have a Compuserve account - I use it for about 10 minutes a
>> month, usually for figuring out airline schedules and surfing Newsgrid.

>Isn't there any way we could make even that stuff available on the Internet,
>so that there wouldn't be any need to use CS at all?

Yes, with a pay-per-use information vending machine.  The reason that
some service are on CI$ to begin with is that they get money based on
usage.

Eric





From hughes at ah.com  Fri Feb 18 06:51:07 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 18 Feb 94 06:51:07 PST
Subject: killfiles
In-Reply-To: <Pine.3.85.9402181313.A8772-0100000@cor.sos.sll.se>
Message-ID: <9402181444.AA05836@ah.com>


>Are there any killfiles for mail around? I mean like scripts for killing 
>selected 'from's in Mail,Elm or, hopefully, Pine?

There may be killfiles for certain mail readers, but I would prefer a
solution which filters the mail before it gets to my mail reader.  On
Unix, such filters can be installed as pipes in the .forward file.
One such filter is called procmail.

I just started using procmail, and it's great.  I'm now getting all my
mailing lists in separate mailboxes; this separation improves both my
regular mail and my mailing lists.  Try it.

ftp://ftp.informatik.rwth-aachen.de/pub/packages/procmail

Eric





From hughes at ah.com  Fri Feb 18 06:55:35 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 18 Feb 94 06:55:35 PST
Subject: Source Level
In-Reply-To: <199402181017.CAA23112@jobe.shell.portal.com>
Message-ID: <9402181452.AA05859@ah.com>


> In your idea to give usenet users a chance to have competing moderated groups
>with unmoderated ones.Don't you think that the large numbers who want a 
>moderated group will kill all demand for the unmoderated ones?

No.  If all demand for unmoderated groups were to begin to disappear,
then the volume on them would drop, so that I could get better
attention posting to the unmoderated group than to the moderated one.

Therefore, there will be an equilibrium between moderated and
unmoderated.  Since there should be multiple moderated groups, there
will also be an equilibrium between moderated and moderated.

>Then we would be
>left with only moderated groups,who grated would have more signal to noise but
>less lively debate.

Remember, I have proposed a system of _distributed_ moderation, not a
choke point.  My first attempt would be to make it extremely easy to
let an article pass, just to get out the worst abuses of topicality.

> plenty of
>posts from folks who think thier ideas too wild for the moderator.

There is not a single moderator!

In my first proposal, there are lots of them, and _any_ of them can
approve an article.  This may not work everywhere, or even anywhere,
but it's a good starting point.

Eric





From hughes at ah.com  Fri Feb 18 07:01:07 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 18 Feb 94 07:01:07 PST
Subject: Source Level
In-Reply-To: <199402181336.FAA01356@soda.berkeley.edu>
Message-ID: <9402181456.AA05873@ah.com>


>I mean no matter how much you stress that the moderator be lenient 
>and open you are gonna run into problems.  

My proposal does not have a single moderator.  There are many.

The proposal is to use the moderation facility of existing netnews
software in order to be able to support distributed moderation, which
is intended to shut down the worst abuses.

>  A moderator just doesnt fit into my free exchange idea.

There isn't just one moderator!

(I am purposefully using argument by repitition, since I thought I was
>completely clear before.  I guess not.)

Eric





From jmallin at umich.edu  Fri Feb 18 07:11:07 1994
From: jmallin at umich.edu (Jonathan Scott Mallin)
Date: Fri, 18 Feb 94 07:11:07 PST
Subject: Enuf is enuf!
In-Reply-To: <199402181400.AA00949@lassie.eunet.fi>
Message-ID: <Pine.3.89.9402181047.B20147-0100000@whitman.ccs.itd.umich.edu>


On Fri, 18 Feb 1994, Johan Helsingius wrote:
> > Yes, I, too have a Compuserve account - I use it for about 10 minutes a
> > month, usually for figuring out airline schedules and surfing Newsgrid.
> Isn't there any way we could make even that stuff available on the Internet,
> so that there wouldn't be any need to use CS at all?

My local Bell in (810) has a free system called "touch-4."  It's just a 
voicemail system but it has airline schedules and the cheapest rates if 
you give it a destination and a date.  You need to listen to a couple 
commercials but it's a free call for me.  I don't know if any of this 
information is on the net.
        _            __  __      _ _ _        
    _  | |___ _ _   |  \/  |__ _| | (_)_ _   <*>  Jonathan Scott Mallin
   | |_| / _ \ ' \  | |\/| / _` | | | | ' \  <*>  <jmallin at umich.edu>
    \___/\___/_||_| |_|  |_\__,_|_|_|_|_||_| <*>  Email for PGP key 
-> This entire message is (C) 1994 by Jonathan Mallin.  Reproduction is <-
-> prohibited without express written consent.                          <-






From THOMAST at UWSTOUT.EDU  Fri Feb 18 07:45:35 1994
From: THOMAST at UWSTOUT.EDU (THOMAST at UWSTOUT.EDU)
Date: Fri, 18 Feb 94 07:45:35 PST
Subject: unsubscribe
Message-ID: <01H90YPRGJAA000GC1@UWSTOUT.EDU>


Unsubscribe





From talon57 at well.sf.ca.us  Fri Feb 18 08:05:35 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Fri, 18 Feb 94 08:05:35 PST
Subject: dos stego
Message-ID: <199402181604.IAA02967@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----

 Fellow Cypherpatriots,

 I just finished mailing uuencoded stegodos.zip to all those who
requested it. I also uploaded it to soda.berkeley.edu to
/pub/cypherpunks/incoming. The file is stegodos.zip.




Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced comunication is
                  indistinguishable from noise." --Steve Witham
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWTlctCcBnAsu2t1AQFiZAQAlNnvZh5Iy4ZTZHM9lT3GYVfj0/dcEw+9
AoxuEp0uRMc0kqSPH6AL7OtgKfhxLnUZ9GGoMpGdjoMAiqSjnICMZUwLLlVzJ5Dd
xIY28uwT1mqv3yCx6mynCpVlNUQ/5L+toQIvTEyhD2bScSdOeb/zdgNF3C9Y5i7L
vrSUMWslTI0=
=EIUS
-----END PGP SIGNATURE-----







From CCGARY at MIZZOU1.missouri.edu  Fri Feb 18 08:06:06 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Fri, 18 Feb 94 08:06:06 PST
Subject: Mimicry
Message-ID: <9402181605.AA21762@toad.com>


   I find hiding info. in falsely deleted files to be futile because of
the following reasons.
1. too easy to write over them. 2. procedures to keep track of everything
too complicated. 3. direct sector writing is a non-trivial programming
problem, rather risky, & complicated with today's compressed disks.

   I have thought of a related alternative however:
The use of one of the virus maker's tools - the false "BAD SECTOR"
trick where good data is written into these "bad sectors". You would
only want to mark a few sectors as bad & then put in only high
quality information. Some kind of a "bootstrapping"  operation
such as a simple XOR program that turns a "garbage file" into a PGP
file. The PGP could in turn be use to decrypt a stenography
system for a real high security encrypt system. Remember that a
user supplied password must also be used.

   Incidentally, if we are forced to rely on stenography systems
exclusively, we may have lost a battle or 2, but we will win innumerable
other battles & later - the war.

                                           Yours Turly,
                                           Gary Jeffers


                                           GO TEAM GO! GO TEAM GO!
                                           PUSH EM BACK! PUSH EM BACK!
                                           WAAAAYYYY  BBAAACCCKKK!
                                           BEEEAAATTT STATE!






From joshua at cae.retix.com  Fri Feb 18 08:06:07 1994
From: joshua at cae.retix.com (joshua geller)
Date: Fri, 18 Feb 94 08:06:07 PST
Subject: Tentacle Contest -- Great!
Message-ID: <199402181603.IAA04921@sleepy.retix.com>



>That contest by SQUISH is great!  I think I was laughing halfway through
>the first paragraph through to the end!

>Can I become a tentacle? 8)

>I hope no one takes you TOO seriously --

oh please.

>
>
>                                    _____
>                   ____......------'-----`------......_____
>           -=======================================================-
>                       `-----....._________.....-----'
>                   ____             \ | /              ____
>                  (____)          __/_|_\__           (____)
>                    \\_________.-'_.-----._`-._________//
>                     `---------`.. `-----' ..'---------'
>                                  `~~~~~~~'
>    /------------------------------------------------------------------\
>    |  If God had wanted us to explore space, he would have given us   |
>    |  a moon. -- The Discovery Channel                                |
>    |------------------------------------------------------------------|
>    |  The world is moving so fast that the man who says 'it can't be  |
>    |  is usually interrupted by the man doing it.                     |
>    |------------------------------------------------------------------|
>    | Joshua Danowitz, Csci Major, Hunter College, City Univ. of NY    |
>    | Internet Address -- JODHC at CUNYVM.CUNY.EDU                        |
>    | Bitnet Address -- JODHC at CUNYVM.BITNET                            |
>    | Snail-Mail Address -- 12 E. 86 St./Apt. 605, New York, NY 10028  |
>    \------------------------------------------------------------------/


this is disgusting. stop it at once.

or change your name or something.

josh






From pmetzger at lehman.com  Fri Feb 18 08:15:35 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Fri, 18 Feb 94 08:15:35 PST
Subject: STEALTH OCEAN
In-Reply-To: <9402180153.AA12376@toad.com>
Message-ID: <9402181612.AA18916@andria.lehman.com>



"Gary Jeffers" says:
> 
> answer to subtopic: Perry doesn't like stealth.
> 
> STEALTH is for when it absolutely, positively has to stay encrypted.
> That is when it needs to be immune from court orders

Unlikely that this would really work.

> or in a really, bad state - automatic imprisonment, or in this state
> if encryption is outlawed.

In that instance, "STEALTH" won't work -- they will likely figure out
what you are doing and break your legs if you don't talk.

.pm





From julf at penet.fi  Fri Feb 18 08:41:08 1994
From: julf at penet.fi (Johan Helsingius)
Date: Fri, 18 Feb 94 08:41:08 PST
Subject: The Sociology of UNSUBSCRIBING
In-Reply-To: <9402172305.AA23457@jungle.meaddata.com>
Message-ID: <199402181632.AA03647@lassie.eunet.fi>



> I've seen before, and if I breakdown and write my own software I'm
> going to improve on, mailing list software that refuses to send
> messages to the list that look suspicious.  Rules like:
> 
> <3 lines non-blank body, occurance of remove, me, unsubscribe, help,
> subscribe, etc.

Majordomo already does that pretty well.

	Julf






From 72114.1712 at CompuServe.COM  Fri Feb 18 08:51:08 1994
From: 72114.1712 at CompuServe.COM (Sandy)
Date: Fri, 18 Feb 94 08:51:08 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <940218164527_72114.1712_FHF62-1@CompuServe.COM>



-----BEGIN PGP SIGNED MESSAGE-----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Here are some more digital banking thoughts for you to chew on.

DEPOSIT INSURANCE--Private, Lloyds-type deposit insurance is
readily available internationally.  We will have such private
insurance.  In addition to guidelines mandated by our insurer, we
will also be under the regulatory oversight of the jurisdictions
in which we operate.  Finally, an more importantly, we will
operate under very conservative internal policy constrains and
will maintain extremely high reserves to avoid problems in the
first place.

Stay tuned.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWQ53U5ULTXct1IzAQH0vgQAmEbjA7Gtu0f/4vGolhdGkI5pQ+bswBbS
PY36O78/zYXPgU1pW7qC6ztmVrsjS//+WBjkAGCnyzp0VQAnMHlEuSZ6vhMVQZ22
diXysLI80VEjPFnb2skvQHaFNp1e38rlk0WPE2rTi6MGIYor2+G5/gcAtd8gDixA
wyMqL4oFlio=
=Djs0
-----END PGP SIGNATURE-----







From jdwilson at gold.chem.hawaii.edu  Fri Feb 18 09:05:36 1994
From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA)
Date: Fri, 18 Feb 94 09:05:36 PST
Subject: ATM v. IP/ATM v. Frame Relay
In-Reply-To: <199402162212.AA06673@misc.glarp.com>
Message-ID: <9402181700.AA28172@gold.chem.hawaii.edu>


Brad:

Where do you forsee Frame Relay fitting into the NII/InterNet picture?

-Jim






From jpp at markv.com  Fri Feb 18 09:11:10 1994
From: jpp at markv.com (jpp at markv.com)
Date: Fri, 18 Feb 94 09:11:10 PST
Subject: MONEY: cryptocash is transaction money
In-Reply-To: <9402172041.AA03491@ah.com>
Message-ID: <9402180909.aa02697@hermix.markv.com>


Hmm.  I don't concider myself too naive about money, or digital cash,
but I find your remarks a bit opaque.  Could you elucidate please?
Why do you insist that digital cash isn't money?  

j'
--
		   O I am Jay Prime Positive jpp at markv.com
1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5  89 C9 F0 FE B4 3A 2C 3F
 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED  66 23 F1 71 DE FF 51 48
Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com
Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com

Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org





From hayden at krypton.mankato.msus.edu  Fri Feb 18 09:15:37 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Fri, 18 Feb 94 09:15:37 PST
Subject: killfiles
In-Reply-To: <9402181444.AA05836@ah.com>
Message-ID: <Pine.3.89.9402181125.D4310-0100000@krypton.mankato.msus.edu>


Procmail is one filtering package.  You can also use 'filter' which comes 
as part of the elm package.  Promail has a few more features, but is much 
more difficult to write rules for, IMHO.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From jdwilson at gold.chem.hawaii.edu  Fri Feb 18 09:25:36 1994
From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA)
Date: Fri, 18 Feb 94 09:25:36 PST
Subject: Detweiler blocking
In-Reply-To: <9402170233.AA04512@andria.lehman.com>
Message-ID: <9402181723.AA28356@gold.chem.hawaii.edu>


While I personally have no bitch with LD's posts (I just delete 99% of them)
it would seem that a service provider, like a restaurant, can say

  "We reserve the right to refuse service to anyone"

It's a free country - (or at least buyable) - the remailer operators should
have a right to deny service to anyone they care to.  If the person they
deny service to doesn't like it, they can use a different remailer.  Or
start their own remailer.







From pmetzger at lehman.com  Fri Feb 18 09:26:09 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Fri, 18 Feb 94 09:26:09 PST
Subject: Enuf is enuf!
In-Reply-To: <199402181400.AA00949@lassie.eunet.fi>
Message-ID: <9402181721.AA19066@andria.lehman.com>



Johan Helsingius says:
> 
> > Yes, I, too have a Compuserve account - I use it for about 10 minutes a
> > month, usually for figuring out airline schedules and surfing Newsgrid.
> 
> Isn't there any way we could make even that stuff available on the Internet,
> so that there wouldn't be any need to use CS at all?

Thats probably a business opportunity for someone. An authenticated
way of browsing and charging airline tickets by net is much needed.

.pm





From pmetzger at lehman.com  Fri Feb 18 10:01:09 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Fri, 18 Feb 94 10:01:09 PST
Subject: MONEY: cryptocash is transaction money
In-Reply-To: <9402180909.aa02697@hermix.markv.com>
Message-ID: <9402181756.AA19172@andria.lehman.com>



jpp at markv.com says:
> Hmm.  I don't concider myself too naive about money, or digital cash,
> but I find your remarks a bit opaque.  Could you elucidate please?
> Why do you insist that digital cash isn't money?  

Its much more like an anonymous bank transfer. In this sense, it is
not like money just as a fedwire transaction is not money -- its a way
of moving money around, not the money itself.

Perry





From farber at central.cis.upenn.edu  Fri Feb 18 10:11:11 1994
From: farber at central.cis.upenn.edu (David Farber)
Date: Fri, 18 Feb 94 10:11:11 PST
Subject: CERT/Whitehouse/Clipper link - smoking gun...
Message-ID: <199402181733.MAA08763@linc.cis.upenn.edu>


Posted-Date: Fri, 18 Feb 1994 12:28:53 -0500
Path:
netnews.upenn.edu!msuinfo!agate!howland.reston.ans.net!pipex!uknet!demon!an-
teallach.com!gtoal
Newsgroups: comp.org.eff.talk
From: gtoal at an-teallach.com (Graham Toal)
Subject: CERT/Whitehouse/Clipper link - smoking gun...
X-Fax: +44 31 662 4678
X-Organisation: An Teallach Limited
Date: Fri, 18 Feb 1994 16:48:15 +0000
Sender: usenet at demon.co.uk
Lines: 55
Apparently-To: farber at pcpond.cis.upenn.edu

By God, I knew there was something fishy about that latest CERT
release (the one that referred to things that happened last
November and didn't actually say anything new, but somehow
managed to hit the *WORLD* press extensively within 24 hours)...

Well, here's the smoking gun...

>From: CERT Advisory <cert-advisory-request at cert.org>
>Date: Thu, 3 Feb 94 21:14:40 EST
>To: cert-advisory at cert.org
>Subject: CERT Advisory - Ongoing Network Monitoring Attacks
>Organization: Computer Emergency Response Team : 412-268-7090

>=============================================================================
>CA-94:01                         CERT Advisory
>                               February 3, 1994
>                      Ongoing Network Monitoring Attacks

Note the date.

The next day, we see this Whitehouse release:

:THE WHITE HOUSE                                 CONTACT: 202 156-7035
:OFFlCE OF THE PRESS SECRETARY

:EMBARGOED UNTIL 3 PM (EST) FRIDAY, February 4, 1994

:STATEMENT OF THE PRESS SECRETARY

:Information Infrastructure. A digital signature standard will enable
:individuals to transact business electronically rather than having to
:exchange signed paper contracts. The Administration has determined
:that such technology should not be subject to private royalty
:payments, and it will be taking steps to ensure that royalties are not
:required for use of a digital signature. Had digital signatures been in
:widespread use, the recent security problems with the Internet
:would have been avoided.

Note the reference to 'recent security problems with the Internet'.
This is obviously referring to the highly publicised stories in
the press *that day* which were engendered by the CERT report.  Yet
the whitehouse press release was written days before - see the 'embargoed
until Feb 4th' warning at the top.  So the Whitehouse had *prior
knowlege* of the CERT release, and the fact that it would get extensive
press coverage.

I say CERT actively collaborated with the Whitehouse on the pro-clipper
propoganda front, and I challenge them to deny it in a simple unequivocal
statement.

G
PS The statement is also false: digital signatures would have no effect
on network sniffing attacks; but it's just more FUD to strengthen the
Whitehouse hand in a release that was buried in a flood of releases
that day on Clipper.










From mpd at netcom.com  Fri Feb 18 10:35:48 1994
From: mpd at netcom.com (Mike Duvos)
Date: Fri, 18 Feb 94 10:35:48 PST
Subject: Digital Money
Message-ID: <199402181833.KAA05351@mail.netcom.com>


I would like to take issue with the recently expressed opinion that
digital cash is not money, but merely a mechanism for communicating
transactions.

What does it mean to mint money?  In the traditional sense, it means
to issue something only you can produce, and guarantee that it will be
accepted for some sort of goods and services.  In the case of paper
money, this takes the form of a printed document which is moderately
difficult to forge, and which can be exchanged for goods and services
of various kinds.  Since the issuing agency, usually a government, is
presumed to exercise prudent financial management to prevent the
currency's value from decreasing, and is likely to be around for a
long time, such cash can be hoarded with little risk.

In making the transition from paper cash to digital cash, only one
thing changes.  It is now the information which represents the money,
not the document itself.  Since such information can be easily
replicated, spent banknotes must be carefully documented and the
issuing institution must allow each banknote to be spent exactly once.
Cryptographic signatures and authenticity verification provide
excellent protection against forgery.

But these differences are minor ones.  Banknotes which have been
communicated to you through a secure channel, and whose contents have
not been disclosed to any third party, should be for all practical
purposes identical to cash.  Digital banknotes issued by a national
government should be just as good as physical banknotes printed by a
national government.

Most of the objections to using digital cash for other than immediate
transactions stems from issues related to trust in the issuing
institution.  One would certainly have less faith in a newly formed
digital bank operated through a string of anonymous remailers than one
would have in digital currency issued by Citibank or Chase Manhattan.

But given an issuing institution of unquestionable trust, there should
be no significant difference between digital cash and real cash, and
storing it for indefinite amounts of time on a floppy in your pocket
should be completely risk-free.


-- 
     Mike Duvos         $    PGP 2.3a Public Key available    $
     mpd at netcom.com     $    via Finger.                      $





From smb at research.att.com  Fri Feb 18 10:55:38 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 18 Feb 94 10:55:38 PST
Subject: CERT/Whitehouse/Clipper link - smoking gun...
Message-ID: <9402181851.AA24808@toad.com>


	 By God, I knew there was something fishy about that latest CERT
	 release (the one that referred to things that happened last
	 November and didn't actually say anything new, but somehow
	 managed to hit the *WORLD* press extensively within 24 hours)...

It's stuff that's been happening *since* last November.  I'm quite
certain that the attacks were continuing until (at the very least)
shortly before the announcement.

	 PS The statement is also false: digital signatures would have no effect
	 on network sniffing attacks; but it's just more FUD to strengthen the
	 Whitehouse hand in a release that was buried in a flood of releases
	 that day on Clipper.

No, you're wrong.  A challenge/response login architecture based on
digital signatures would have eliminated the attack.  And digital
signatures -- unlike most other technologies for one-time passwords --
do not require that any secret information be kept on the host.
There are practical difficulties, such as entering in 160 bits of
information, but for host-to-host logins, that isn't much of a problem.





From 72114.1712 at CompuServe.COM  Fri Feb 18 11:05:38 1994
From: 72114.1712 at CompuServe.COM (Sandy)
Date: Fri, 18 Feb 94 11:05:38 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <940218185734_72114.1712_FHF62-1@CompuServe.COM>


-----BEGIN PGP SIGNED MESSAGE-----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Sadly, I think the following topic is the real crux of most
people's objections to the deployment of digital banks on the
Internet.

NIGHT OF THE LIVING G-MEN--Some of you have opined that the
Federales will never give us a license and/or will go after us
once we are in business.  First, we will not have our license,
charter, offices or personnel in the USA.  We will locate our
operations only where are services are protected by the local
authorities.  Second, there is no law forbidding Americans--or
nationals of most western countries--from doing business with
foreign banks.  We and our clients will be in compliance with all
relevant laws.  Third, even if the powers-that-be don't like what
we are doing, there is very little they can do about it.  They
haven't invaded Cayman, Hongkong or the Isle of Man because of
their banking operations, I seriously doubt they will do so on
our account.

For those who will only settle for *absolute safety*, I am sorry
to say, no such thing exists in the real world.  All benefits
entail some risks.  Not creating and using digital banking,
however, may be the riskiest thing we can do.


 S a n d y

    Those who profess to favor freedom, and yet deprecate
    agitation, are men who want crops without plowing up the
    ground, they want rain without thunder and lightening.
    They want the ocean without the awful roar of its many
    waters.
                                        --Frederick Douglass

P.S.  Send UNencrypted e-mail to "sandfort at crl.com" and PGP
      encrypted e-mail to "ssandfort at attmail.com".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWUO8k5ULTXct1IzAQHdSwQAg1fuo5A5Zqst21WkyWKilbqnuHG1C2KA
lweB33dLftuu19xzQrJDyfvvZuhS1RzzXao6kDdKkYHEC4L4rwtQXaERWa0mXWU9
E/zfrXXTPoyOD3asCrg15vCrHyfWqaYRPO6lMDXzux8FdeCGuh900azqFH7fkaSn
GJhPnLwZgqs=
=AU5a
-----END PGP SIGNATURE-----







From rishab at dxm.ernet.in  Fri Feb 18 11:15:39 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 18 Feb 94 11:15:39 PST
Subject: Repression and technology
Message-ID: <gate.23eXHc1w165w@dxm.ernet.in>


-----BEGIN PGP SIGNED MESSAGE-----


Libertarions and c*punks are the first to take advantage of new communication
technologies. Until the authorities catch on, that is... When authorities
grow aware of the power of technology for Control, Surveillance and 
Big Brother Watching, they behave repressively, whether in the US, or China:

Reuters news clip from The Asian Age:

BEIJING, Feb 16: Police have cracked into China's largest group of ham-radio
hackers and sent three ringleaders to labour camp for "creating chaos in the
airwaves," the official China Business Times said on Wednesday.
   The group, dubbed "Radio Air Salon" ands based in Henan province, surfed 
through radio channels interrupting regular broadcasts with their own 
conversations and illegally listening in on restricted frequencies, the 
newspaper said.
   "The use of technical equipment to create chaos in the airwaves and 
_interfere with social order_ is a new type of illegal activity," the newspaper 
said. It said police caught 61 members of the group, which had efectively taken 
over 27 radio channels.
   "At present they are all being punished, with three of the backbone elements
undergoing _RE-EDUCATION THROUGH LABOUR_," the newspaper said.
- -------

Well, perhaps the NSA won't euphemistically "re-educate you through labour,"
but...



- -----------------------------------------------------------------------
Rishab Aiyer Ghosh                            "What is civilisation
rishab at doe.ernet.in, rishab at dxm.ernet.in        but a ribonucleic
Voicemail +91 11 3760335; Vox/Fax/Data 6853410      hangover?"
H-34C Saket New Delhi 110017 INDIA
- -----------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWO6/vw/vM8w8hLZAQHc0AP+Pxc6gT0iPncP07YgDIJXNZOkJU/3lFe3
Wz84eRO9UlY3W049obyZCUdaw/sMmaB++1jRvRmha7Ozdl4OjeeJEW8LbfqjqRzY
uTrAz1S0ntIcJAX6Bkf9/wP2RlmLbVMWTPKqBsthpS9h5U3Rk+FZt2sQEASofeoz
KyFrb4nfmr8=
=jbq+
-----END PGP SIGNATURE-----





From pgpkeys at wasabi.io.com  Fri Feb 18 11:21:11 1994
From: pgpkeys at wasabi.io.com (PGP Slave Key Server)
Date: Fri, 18 Feb 94 11:21:11 PST
Subject: Someone yanking your chain? (rather than LD`s account...)
Message-ID: <199402181322.NAA10938@wasabi.io.com>


Hey, maybe its just me, but when I saw "Steve Dempsey"s first
mail to cypherpunks come time ago where he represented himself
as Lance`s postmaster, I thought "funny, this guy writes just
like Detweiler when Detweiler is acting sane..."

So Dempsey has now said that he`s chopped LD`s account...Hmmm...
How come this was posted today?

> From: ld231782 at longs.lance.colostate.edu (L. Detweiler)
> Newsgroups: sci.crypt,comp.society.privacy,alt.privacy,sci.answers,comp.answers,alt.answers,news.answers
> Subject: Privacy & Anonymity on the Internet FAQ (1 of 3)
> Date: 18 Feb 1994 15:22:13 GMT
        ^^^^^^^^^^^

> IDENTITY, PRIVACY, and ANONYMITY on the INTERNET
> ================================================

I also notice while you were all wondering where LD could still
be getting his cypherpunks feed from, Dempsey had become a subscriber to
the list.  (You guys really should block that EXPN command you know...it`s
been mentioned often enough...)






From m5 at vail.tivoli.com  Fri Feb 18 11:21:13 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Fri, 18 Feb 94 11:21:13 PST
Subject: Digital Money
In-Reply-To: <199402181833.KAA05351@mail.netcom.com>
Message-ID: <9402181917.AA18451@vail.tivoli.com>



Mike Duvos writes:
 > Since the issuing agency, usually a government, is
 > presumed to exercise prudent financial management to prevent the
 > currency's value from decreasing, and is likely to be around for a
 > long time, such cash can be hoarded with little risk.

You seem to have a much different notion of "risk" than I do...

 > Digital banknotes issued by a national government should be just as
 > good as physical banknotes printed by a national government.

Indeed, if national governments were in the business of issuing
digital "notes", then such instruments would be essentially equivalent
to cash.  However, I'm not sure if the mechanism of issuance can be
made the same as that of physical cash; is there a protocol that does
not require a two-way transaction to get the digicash?  (Physical cash
is one way; the money is printed and then essentially just handed out.
It doesn't matter who gets what bill.)

 > But given an issuing institution of unquestionable trust, there should
 > be no significant difference between digital cash and real cash, and
 > storing it for indefinite amounts of time on a floppy in your pocket
 > should be completely risk-free.

Is storing a $20 US bill in your pocket for indefinite amounts of time
really "risk free"?  How about 20 Chilean pesos?  20 rubles?

(No, digital cash is no better or worse.)

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From mech at eff.org  Fri Feb 18 11:41:02 1994
From: mech at eff.org (Stanton McCandlish)
Date: Fri, 18 Feb 94 11:41:02 PST
Subject: Electronic Privacy -- A WIRED Call to Action
Message-ID: <199402181916.OAA17950@eff.org>


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=PLEASE REDISTRIBUTE THIS MESSAGE WIDELY!!=-=-=-=-=-=-=-=-=
-=-=-=-For copyright information, please see the end of this file.-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Electronic Privacy -- A Call to Action


This is a pivotal moment in history. 

The national security state, with the backing of the Clinton-Gore 
administration, is attempting a stealth strike on our rights. If they 
succeed, we could shortly find ourselves under a government with the 
automated ability to log the time, origin, and recipient of every call and 
e-mail message, to monitor our most private communications, to track our 
physical whereabouts continuously, and to keep better account of our 
financial transactions than we do -- all without a warrant.

Fact: On Friday, February 4, 1994, the Clinton administration announced 
support for the Clipper Chip and SKIPJACK encryption scheme as national 
standards.

Fact: Federal security agencies have been meeting with telecommunications 
companies to design back doors into the entire National Information 
Infrastructure (NII), including every telephone and data network, even 
including fax machines. In other words, any system connected to the NII 
would be required to include a "back door" in order to facilitate 
monitoring by government agencies.

We at WIRED Online believe that the adoption of these administration 
initiatives could result in a profound infringement of individual freedom 
and privacy, ours as well as yours. We urge you to read the rest of this 
letter, to examine the available materials, to consider these important 
issues for yourself, and to act to preserve the Bill of Rights in 
cyberspace.

The proposed encryption scheme, which uses the SKIPJACK encryption 
algorithm and the Clipper Chip, relies on a "key escrow" system with a 
built-in "back door" so that security agents can decrypt and monitor even 
supposedly "secure" communications. While the administration claims that 
there will be "safeguards," the technology was developed by the virtually 
insular National Security Agency, and its algorithms remain classified.

The scope of Clipper is significantly broader than any previous 
surveillance strategy. The Clipper Chip will be installed directly into 
telecommunications devices such as telephones, computers, and digital set-
top boxes for interactive TV. Since the system can be used to encrypt any 
communications that pass across telecommunications lines (including text, 
sound and images), ANY AND ALL communication that passes through your 
system has the possibility of being intercepted. 

In addition, the administration's Information Infrastructure Task Force 
Working Group on Privacy is attempting to "front load" the NII with 
trapdoor technologies that would allow security agencies easy access to 
digitial conversations, including capturing electronic communications 
midstream. No communication system would be exempt from this effort, from 
the national telephone network to your local office computer network.

Of course, the administration claims that these trapdoors will be used only 
to catch criminals and that your privacy will be protected. But, as John 
Perry Barlow has put it, "trusting the government with your privacy is like 
trusting a Peeping Tom to install your window blinds." 

These government inititatives, taken together, constitute one of the most 
grievous threats to our constitutional liberties in modern times. The 
security agencies and the administration are involved in a stealth strike 
at our freedoms that could effectively abrogate the Bill of Rights in 
cyberspace, where we and our descendants will be spending increasingly 
larger parts of lives.

The Clipper initiative and the plans to require "back doors" throughout the 
NII immediate critical assessment. WIRED encourages you to seriously 
consider how these proposals might affect you. To help inform your 
decision, WIRED Online has set up a Clipper information archive through our 
Infobot mail server, Internet Gopher, World Wide Web, and other online 
sites.

The WIRED Online Clipper Archive features crucial essays written for WIRED 
by John Perry Barlow and Brock N. Meeks. If you do nothing else, read these 
stories. You can have them sent to you immediately by electronic mail by 
copying the following three lines into the body of an electronic mail 
message addressed to infobot at wired.com:

   send clipper/privacy.meeks
   send clipper/privacy.barlow
   end

The WIRED Online Clipper Archive also includes re-posted comments from 
Jerry Berman (of the Electronic Frontier Foundation (EFF)) and Dorothy 
Denning (encryption expert and Clipper proponent), a copy of the EFF's 
_EFFector Online_ newsletter documenting the Clipper controversy, and an 
electronic anti-Clipper petition circulated by the Computer Professionals 
for Social Responsibility (CPSR). We have also set up links to other 
valuable sources of information on Clipper, including those maintained by 
the EFF and CPSR.

You can access our archive via the following WIRED Online services:

  o WIRED Infobot e-mail server     send e-mail to infobot at wired.com,
                                    containing the words "send 
                                    clipper/index" on a single
                                    line inside the message body

  o WIRED Gopher                    gopher to gopher.wired.com
                                    select "Clipper Archive"

  o WIRED on World Wide Web         http://www.wired.com
                                    select "Clipper Archive"

  o WIRED on America Online         keyword: WIRED

  o WIRED on the WELL               type "go wired" from any "OK" prompt
                                    type "clipper" to access the menu 


WIRED Online encourages you to take the time to familiarize yourself with 
these issues, beginning with the tools and access we've provided. Then take 
the next step -- ACT!!! Sign the CPSR petition against Clipper. Call or 
write your Congressional representatives and let them know how you feel 
about the Clipper and NII "backdoor" initiatives, BEFORE a decision is made 
for you that will have a profound effect on the future of your freedom and 
privacy.

Please do not reply to this message directly. To discuss these issues with 
WIRED readers and staff members, please use discussion areas on the WELL, 
America Online, and USENET (alt.wired). If you have questions or comments 
about Clipper that are not answered in the online archives or these 
discussion spaces, please address them to online at wired.com and be sure to 
include the word "clipper" in the subject line. 

If you would like to receive future WIRED-related bulletins, you can 
subscribe to our new Hotwired mailing list. To do so, just send an e-mail 
message to infobot at wired.com containing the line

   subscribe hotwired

This low-volume moderated list is a great way to keep abreast of important 
issues on the Digital Frontier and to find out about new services offered 
here at WIRED Online.

Thanks for your attention.

-- The staff of WIRED Online


=-=-=-=-=-=-=-=-=-=-=-=WIRED Online Copyright Notice=-=-=-=-=-=-=-=-=-=-=-=

           Copyright 1993,4 Wired USA Ltd.  All rights reserved.

  This article may be redistributed provided that the article and this 
  notice remain intact. This article may not under any circumstances
  be resold or redistributed for compensation of any kind without prior 
  written permission from Wired Ventures, Ltd.

  If you have any questions about these terms, or would like information
  about licensing materials from WIRED Online, please contact us via
  telephone (+1 (415) 904 0660) or e-mail (info at wired.com).

       WIRED and WIRED Online are trademarks of Wired Ventures, Ltd.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=




From 72114.1712 at CompuServe.COM  Fri Feb 18 11:56:14 1994
From: 72114.1712 at CompuServe.COM (Sandy)
Date: Fri, 18 Feb 94 11:56:14 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <940218194654_72114.1712_FHF64-1@CompuServe.COM>



-----BEGIN PGP SIGNED MESSAGE-----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

This is a belated reply to the issues raised by Tim May about
digital banking.  Also, I would like to have Tim clarify some of
the statements/assumptions he made.

Tim wrote:

    . . . how much I put [in a digital bank] would be
    dependent on the degree of "Swiss"-type services.
    Probably not many such services, I am surmising . . .

Actually, we will begin operation with a basic set of Swiss-type
services, and will bring a wide range of others on board as soon
as practical.

    . . . if I remained in
U.S., no protection.  If I left
    U.S., no _need_ for your bank.

I think this is incorrect on both counts.  If Tim remains in the
US, he absolutely needs the protection an offshore bank (digital
or otherwise) can provide.  Without one, there is no way he can
keep his assets from being at risk.  Having some of his money out
of the States is an insurance policy against extortion and/or
seizure.

If Tim leaves the US, he will still have to live *someplace*, and
*someplace* might want to grab his money every bit as much as the
US government (or litigious thieves) would.  In addition, Tim
will still need a simple, quick and secure way to transact
business in the US and elsewhere.

    . . . You can't be a real digital money bank, in the
    long-range sense we've talked about.  (Total anonymity,
    Liechtenstein "anstalt"-type anonymity, digitally
    mediated.)

I don't see what is to stop us.  Perhaps Tim will elucidate.

Tim went on to say that Cypherpunks would not be enough to
financially support our bank and that "high rollers" would not be
interested.  True (though largely irrelevant) and false.  The 700
Cypherpunks are a drop in the 20 mega-user Internet.  We only
have to get a small fraction of that market to make our nut.

Without false modesty, I can safely say, I have met and dealt
with far more "high rollers" (and real tax avoiders, for that
matter) than Tim will ever know.  I know what they want.  We have
what they want.  We will get their business.  Period.

As for the Feds, privacy, regulations, etc., see my previous few
posts.


 S a n d y

             Unencrypted e-mail to sandfort at crl.com
             PGP encrypted to ssandfort at attmail.com
             Nothing to my CompuServe acct., please

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWUZ+k5ULTXct1IzAQGQ/wP9Gu20UBt54bIY0gr2dEnPYjANNxLUwTqg
34V/ABC8tD8ydVK89khzimVShPfEDoJdKyheSB1qgIzKL/O/zutJZH7GGmdWURaV
FiYv+1bM6GlhZMNRvlpFKOYS3DRkknBMvjyWLjkUVvtLo0k6/XRakevye3hSahbK
lIotJjv/6Jw=
=cmGf
-----END PGP SIGNATURE-----







From norm at netcom.com  Fri Feb 18 12:01:03 1994
From: norm at netcom.com (Norman Hardy)
Date: Fri, 18 Feb 94 12:01:03 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <199402181959.LAA21873@mail.netcom.com>


At 21:36 2/17/94 -0500, Sandy wrote:
>What is a "debit" card?  It is just like a credit card, except
>that it is used to debit your bank account immediately rather
>than extend you credit--at interest--for later repayment.  They
>are issued by Mastercard, Visa and other card companies.  They
>look, and are used, just like a regular credit card.  They are
>anonymous because there use creates no audit trail pointing to
>you.  Further, the bank will keep its records in a jurisdiction
>that protects the privacy of such business records.  For the
>truly paranoid, the bank will issue corporate debit cards.

Perhaps you can sell your technology to government witness protection
programs. Perhaps you could even sell your service if you could prove that
only the money was at risk (and not the location of users).







From werner at mc.ab.com  Fri Feb 18 12:21:03 1994
From: werner at mc.ab.com (tim x4237)
Date: Fri, 18 Feb 94 12:21:03 PST
Subject: killfiles
Message-ID: <199402182018.PAA21421@sparcserver.mc.ab.com>


>From: "Robert A. Hayden" <hayden at krypton.mankato.msus.edu>
>Procmail is one filtering package.  You can also use 'filter' which comes 
>as part of the elm package.  Promail has a few more features, but is much 
>more difficult to write rules for, IMHO.

Does anynone have some lisp do to this with rmail? I'd like to run a
command that prompted me for text, then used that text in a 'M-s
REGEXP RET d' command, to delete messages that matched the supplied
text. Of course, the 'd' should only happen if the 'M-s REGEXP RET' is
successful.







From tcmay at netcom.com  Fri Feb 18 12:36:14 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 18 Feb 94 12:36:14 PST
Subject: Someone yanking your chain? (rather than LD`s account...)
Message-ID: <199402182034.MAA26885@mail.netcom.com>



PGP Slave Key Server (huh?) writes:

> Hey, maybe its just me, but when I saw "Steve Dempsey"s first
> mail to cypherpunks come time ago where he represented himself
> as Lance`s postmaster, I thought "funny, this guy writes just
> like Detweiler when Detweiler is acting sane..."

Lots of folks write the same way. Short messages just don't carry
enough stylistic information. In any case, I had a few dealings with
Steve Dempsey in private e-mail (once when I complained, once when he
asked my views on a post by LD) and this claim that Detweiler = Depsey
is just, too, well, "detweileresque" for me. If it was a subtle form
of humor for the tentacles...

> So Dempsey has now said that he`s chopped LD`s account...Hmmm...
> How come this was posted today?
> 
> > From: ld231782 at longs.lance.colostate.edu (L. Detweiler)
> > Newsgroups: sci.crypt,comp.society.privacy,alt.privacy,sci.answers,comp.answers,alt.answers,news.answers
> > Subject: Privacy & Anonymity on the Internet FAQ (1 of 3)
> > Date: 18 Feb 1994 15:22:13 GMT

Probably a chron job, set to auto-post the FAQ every several weeks.
This is the norm with FAQs.

And though Perry M. has cited the flaws in this FAQ, I think it serves
a need that is not being met by anyone else. Perhaps Perry would like
to write a better FAQ---this is not a dig at my friend Perry, just a
call that we not condemn something when the flaws are relatively minor and
nothing better exists or is likely to exist anytime soon.

Frankly, I would hate to see Detweiler's loss of his account
privileges (which was justified after his forgeries, mailbombs, and
threats) also mean the loss of the FAQ....eventually that chron job,
if indeed that's what's being used to post the FAQ, will presumably
need a human account at the other end for authorizaiton. Maybe not.

> I also notice while you were all wondering where LD could still
> be getting his cypherpunks feed from, Dempsey had become a subscriber to
> the list.  (You guys really should block that EXPN command you know...it`s
> been mentioned often enough...)

Steve can speak for himself, if he's on the list, but there are
several plausible reasons for his interest:

- he got interested in the subject here

- he wants to see what we have to say about folks like Detweiler

- he is concerned about what we are doing and wants to collect input

- other reasons

In any case, the list is "open" and includes gateways into other sites
and lists, so it's a fact that all sorts of folks--reporteres, spooks,
administrators, etc.--are subscribing.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.





From tcmay at netcom.com  Fri Feb 18 12:41:04 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 18 Feb 94 12:41:04 PST
Subject: REAL WORLD ENCRYPTION
In-Reply-To: <940218194654_72114.1712_FHF64-1@CompuServe.COM>
Message-ID: <199402182041.MAA28101@mail.netcom.com>


Sandy Sandfort writes:

> This is a belated reply to the issues raised by Tim May about
> digital banking.  Also, I would like to have Tim clarify some of
> the statements/assumptions he made.
...
> Without false modesty, I can safely say, I have met and dealt
> with far more "high rollers" (and real tax avoiders, for that
> matter) than Tim will ever know.  I know what they want.  We have
> what they want.  We will get their business.  Period.

I withdraw my comments, then.

I guess I was under the mistaken impression that Sandy was asking _us_
for what _our_ concerns were.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.




From sebaygo at netcom.com  Fri Feb 18 15:31:05 1994
From: sebaygo at netcom.com (Allen Robinson)
Date: Fri, 18 Feb 94 15:31:05 PST
Subject: sociology of unsubscribing
Message-ID: <Pine.3.85.9402181557.A21644-0100000@netcom8>



-----BEGIN PGP SIGNED MESSAGE-----


Tim May writes:


> About half a dozen messages like this one are posted here every week:

>> PLEASE READ!  (sorry to shout)
>>
>> All subscription requests should be sent to cypherpunks-request at toad.com


> Despite this, every day there are several "Unsubscribe me, NOW!"
> messages, with various degrees of politeness.

> Folks, I am not going to repeat the instructions again. This is
> becuase of the following conclusions I have reached:

> 1. The list is divided into two basic classes of readers: those who
> read some or all of the messages, and those who skip most articles and
> don't pay attention to what they read.

> 2. Those who read many of the messages then see these instructions
> over and over again.

> 3. Those who don't read the messages, don't see or understand or have
> a general clue about the instructions.

> 4. It is usually these folks who want off the list urgently. As others
> have noted so many times, they have no clue as the general netiquette
> for getting on and off lists (apparently even forgetting that they got
> ON the list by sending a request to "cypherpunks-request at toad.com").

> MAJOR CONCLUSION: All of the "helpful" instructions, including this
> very message, are useless, as the folks who need to receive them are
> demonstrably not bothering to receive them.

> Draw your own conclusions.


As a veteran of a mere two weeks+ as a subscriber, I doubt
that I have sufficient experience to form much in the way of
conclusions re behavior here.  I'm inclined to agree with
your "major conclusion."

All of this discussion of unsubscribing has made me curious
about the "turnover" rate here.  I saw the stats posted a
week or so ago on current subscribers.  I am wondering if
there are figures available, or if someone could give me a
ballpark sense of how many subscriptions vs. unsubsrciptions
there are in an "average" week or month.  I would also be
interested in getting an idea of how long the "average"
subscriber has been subscribed.

Now...back to lurking.

AR

-----BEGIN PGP SIGNATURE-----
Version: 2.3

mQCNAi1QI2IAAAEEANGcHTNLr8O+goj2cTGmdlVt9KGU4mHGywCbiIYOx3yUSibf
NTChoPGc6RXO0rz2rw87Nrx/bzGfeaNCIS1oJ6ATWC0NHZKUV71Dg7hkVADnu6ij
srHjPoBSFpR3v6p0GacH1syo0grtIlryuX7m997+yDjvw0NMHnAzE4ENya5ZAAUR
tCNBbGxlbiBSb2JpbnNvbiA8c2ViYXlnb0BuZXRjb20uY29tPg==
=Omo2
-----END PGP SIGNATURE-----


_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Allen Robinson          3208 Pawnee Court       Fayetteville, AR  72701
sebaygo at netcom.com                                   FidoNet 1:391/1370
fax (501) 248-1969                 vox (501) 443-7012 or (501) 248-1808








From pohl at unixg.ubc.ca  Fri Feb 18 16:11:04 1994
From: pohl at unixg.ubc.ca (Derrick Pohl)
Date: Fri, 18 Feb 94 16:11:04 PST
Subject: No Subject
Message-ID: <9402190010.AA25594@unixg.ubc.ca>


subscribe

-----
Derrick Pohl <pohl at unixg.ubc.ca>, Faculty of Graduate Studies
University of British Columbia, Vancouver, B.C.
Ph. (604) 822-9546    Fax (604) 822-5802







From sandfort at crl.com  Fri Feb 18 16:41:06 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 18 Feb 94 16:41:06 PST
Subject: REAL WORLD ENCRYPTION
In-Reply-To: <199402181959.LAA21873@mail.netcom.com>
Message-ID: <Pine.3.87.9402181649.A4631-0100000@crl.crl.com>


C'punks,

On Fri, 18 Feb 1994, Norman Hardy wrote:

> At 21:36 2/17/94 -0500, Sandy wrote:
> >What is a "debit" card?  It is just like a credit card, except
> >that it is used to debit your bank account immediately rather
> >than extend you credit--at interest--for later repayment.  They
> >are issued by Mastercard, Visa and other card companies.  They
> >look, and are used, just like a regular credit card.  They are
> >anonymous because there use creates no audit trail pointing to
> >you.  Further, the bank will keep its records in a jurisdiction
> >that protects the privacy of such business records.  For the
> >truly paranoid, the bank will issue corporate debit cards.
> 
> Perhaps you can sell your technology to government witness protection
> programs. Perhaps you could even sell your service if you could prove that
> only the money was at risk (and not the location of users).

If I understand Norm's post correctly, I must have given him the 
impression that what I discribed is (our) new technology.  It is not.  
This stuff has been around for years, we are just going to take advantage 
of it as others have in the past.

I'm completely unsure what Norm meant by his last sentence.


 S a n d y









From nobody at soda.berkeley.edu  Fri Feb 18 17:16:20 1994
From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu)
Date: Fri, 18 Feb 94 17:16:20 PST
Subject: NP-hard Labor for Cyherpunks Subversives
Message-ID: <199402190111.RAA00682@soda.berkeley.edu>


>Ringleaders of the so-called
>Cypherpunks group, a subversive organization, have been sentenced to
>NP-hard labor at Fort Meade, Maryland

>-- Zek May, serving a polynomial term

Yea, Zek copped a plea for a feasible probation.





From joshua at cae.retix.com  Fri Feb 18 18:06:20 1994
From: joshua at cae.retix.com (joshua geller)
Date: Fri, 18 Feb 94 18:06:20 PST
Subject: NP-hard Labor for Cyherpunks Subversives
Message-ID: <199402190202.SAA00462@sleepy.retix.com>



>>Ringleaders of the so-called
>>Cypherpunks group, a subversive organization, have been sentenced to
>>NP-hard labor at Fort Meade, Maryland

>>-- Zek May, serving a polynomial term

>Yea, Zek copped a plea for a feasible probation.

cut it out, detweiler.

josh





From phantom at u.washington.edu  Fri Feb 18 19:21:05 1994
From: phantom at u.washington.edu (Matt Thomlinson)
Date: Fri, 18 Feb 94 19:21:05 PST
Subject: ((subscribe msgs to list) && (DOS stego deleted filespace))
Message-ID: <Pine.3.89.9402181824.A18238-0100000@stein1.u.washington.edu>


subscribe msgs:

I've been thinking about this problem as long as the rest of you have, 
and have finally come to the conclusion that 1) eric doesn't want to 
change the way the list software and 2) eric is going to continue to be 
human and not be able to reply to subscribe/unsub messages as fast as 
something like majordomo could. Knowing this, I propose:


A vacation.msg file or equivalent on cypherpunks-request at toad.com should be 
constructed that:

	o replies to ALL messages 
	
	o Explains that ALL requests are done by a human and to expect a 
		week or more for subscribe/unsubscribe requests. 

	o Also describes large volume of mail (useful for those who are
		attempting to subscribe)


Now when someone sends the subscribe request and fails to read the message
sent regarding how to unsubscribe, and then (from traffic volume) decides 
to unsubscribe the explanation will be mailed again automatically. 

Might keep some of the garbage off of the list. 

Yes, this is basic. No, this has not been done, obviously.




dos stego:

I don't think the current discussion is taking into account the fact that 
if someone suspects you of using steganography they're going to check. 
If what you are describing becomes a popular way of steganography, you're 
out of luck -- they'll check that first. 

Think about it: your 'bad-sector' stego or 'wiped-filespace' stego begins 
gaining popularity. Wouldn't you think they'd check for funny bad sectors if 
they were going to check your computer for contriband info? 


Another thing that has bothered me: if you didn't have the sectors marked,
you'd need to remember where they were (so you could protect them from
writes). You wouldn't necessarily want to do this on the computer; it'd be
there for the picking. How to do it?f

Someone suggested you just use the end of the wiped filespace (use norton
or other utility to defrag the disk and move empty space to the end of the
disk, then use portion of disk furthest away from being written to. This 
might work, except for the fact that fragmentation _does_ go on, and when 
you were to write files to the drive (heck, I do every time I start up 
windows and write a huge temp swapfile) you're going to be playing 
roulette with your data. 


I think the point about the blank track (the one linux uses) is
interesting;  then again, once your method becomes well-known, it is no
longer useful. 


Just thoughts; I wish I had more answers. Heck, ANY answers would be nice.

mt

Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu







From klbarrus at owlnet.rice.edu  Fri Feb 18 20:51:05 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Fri, 18 Feb 94 20:51:05 PST
Subject: REMAIL: down remailers
Message-ID: <9402190448.AA21955@spotted.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Cypherpunks,

Bad news on the remailer front... both elee7h5 at rosebud.ee.uh.edu and
elee6ue at rosebud.ee.uh.edu are gone.  I just found out now, when some
anonymous mail intended for elee6ue at rosebud.ee.uh.edu bounced back to
me (the middle mystery hop of my recent remailer is my account on
owlnet).

I tried fingering both accounts, and it does appear they are gone
(before my old account elee7h5 at rosebud was merely locked, so I
couldn't log in but the remailer I set up there kept on running).

The shut down will also unfortunately take out the one at
barrus at tree.egr.uh.edu, since that was just the first stage of a
remailer that worked here and finally sent out through
elee6ue at rosebud.  Mail to barrus at tree.egr.uh.edu was forwarded to my
account here, and I was using the elm filter command to direct that
mail into the remailer scripts for processing.  I can't run a remailer
on owlnet (at least not so obviously, I risked it before since
remailed messages appeared to originate from elee6ue at rosebud on not my
account klbarrus at owlnet) since it is forbidden by the user policy.

So I have three messages (the one bounce, and 2 queued with latency)
waiting to be remailed, but that can't happen anymore since the secret
key for elee6ue at rosebud is gone.  I'll delete them soon since they
can't be decrypted anymore.

I have no idea why this has suddenly happened: I haven't had any
complaints or questions directed to me.  It could be anything from the
grad student who admins rosebud cleaned up old user accounts to
complaints from receipients of anonymous mail.

Anyway, I'll make the changes to the remailer list, and include the
new one at hacktic.nl.

Karl Barrus
klbarrus at owlnet.rice.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWWZNIOA7OpLWtYzAQFomwQAi8W+JlGX80kcLt0dDovYVvNddFSChEwL
1fFUi8VfGztOLFc0uTpq0XurNmIiF9X4HyisPQSZiQrr5Uq4n6P263YGq8rw311W
N7x6K7zx0hkPV0jKDC39Go5X6wTX+6YL9IuvyuehPolY1Xyfjrv+KoHMSKCyh5xT
OedW0JGaEkM=
=98Pz
-----END PGP SIGNATURE-----





From upham at cs.ubc.ca  Fri Feb 18 21:16:22 1994
From: upham at cs.ubc.ca (Derek Upham)
Date: Fri, 18 Feb 94 21:16:22 PST
Subject: Newsgroup/list moderation techniques
Message-ID: <199402190515.AA15784@grolsch.cs.ubc.ca>


So people are arguing that USENET newsgroups need moderation to keep
out extraneous posts.  Other people are arguing that moderation brings
the danger of ``cabals'' and the like; who chooses the moderators?

How about this: anyone can be a moderator.

Supposed Ann wants to be a moderator.  She sends e-mail to the
moderator site saying ``make me a moderator''.  Afterwards, she gets
periodic mail messages containing newsgroup posts.  For each message,
she responds to the moderator site saying "APPROVED" or "NOT
APPROVED".

>From the point of view of the moderator site, it gets newsgroup
messages through e-mail and then forwards that e-mail to one person
chosen randomly from the moderator list.  Soon afterwards, it gets an
"APPROVED" or "NOT APPROVED" message back from that person, and
depending on the response, either posts the message or does not post
the message to the newsgroup.

This moderation method has two major benefits: the load of culling
posts is distributed among many people, which helps responsiveness;
and the decision of culling posts is distributed among many people,
which reduces the risk of partisanship.

There are, of course, issues of how do we deal with people who can't
be reached or who don't read their mail in a reasonable time, but they
can be answered, I'm sure.

For an example of a similar system of distributed responsiblity,
look at the fabled USENET Oracle...

Derek

Derek Lynn Upham                               University of British Columbia
upham at cs.ubc.ca                                   Computer Science Department
=============================================================================
"Ha!  Your Leaping Tiger Kung Fu is no match for my Frightened Piglet Style!"





From solovay at math.berkeley.edu  Fri Feb 18 21:46:23 1994
From: solovay at math.berkeley.edu (Robert M. Solovay)
Date: Fri, 18 Feb 94 21:46:23 PST
Subject: Crypto conference in Santa Barbara
Message-ID: <199402190545.VAA13507@math.berkeley.edu>



What follows is the call for papers, in latex. For the latex-impaired,
the conference will be in Santa Barbara on August 21--25, 1994.





From qjones at larry  Fri Feb 18 21:51:05 1994
From: qjones at larry (Wayne Q Jones)
Date: Fri, 18 Feb 94 21:51:05 PST
Subject: CFI- Foreign Available Cryptography Resources
In-Reply-To: <9402092015.AA15377@ciis.mitre.org>
Message-ID: <Pine.3.89.9402190008.A3567-0100000@larry>


Curt----you work for MITRE>>>>>
You are not blackbaggin there are u...Hmmmmmmm
Wayne

On Wed, 9 Feb 1994, Curtis D. Frye wrote:

> The Clinton Administration has transformed its Clipper/Capstone proposal
> into a definitive policy that could pave the way for banning all
> non-Clipper crytography in the United States.  I agree with most everyone
> who reads these groups:  the thought scares the hell out of me, especially
> given the "fight crime" mandate from recent public opinion polls.
> 
> I posted some of these thoughts in response to David Banisar's 7 February
> press release on CPSR's reaction to the announcement.  In that post, I
> offered to compile a list of cryptographic tools and resources that were
> available outside of the United States (i.e., machines not physically
> located in the US) if such a list hadn't already been done.  Stanton
> McClandish indicated that it hadn't and urged me to "GO FOR IT!".
> 
> I'm going for it, but I need your help.  My work account with ftp access
> will go away this Friday and the dial-up lines to my school account are
> constantly busy.  I should have a digex.com account within the next two
> weeks, but until then I won't have reliable archie/veronica/gopher access
> to the Internet.
> 
> That's one reason I'm asking for help (the other is the sheer enormity of
> searching every non-US machine).  If you live outside of the US or visit
> non-US machines on occasion and know they store crypto resources, please
> send me a directory listing at this email address (for now).  Also, if
> there are any readme files or other program descriptions in those
> directories, I would appreciate receiving an electronic copy of them as
> well.
> 
> Furthermore, if any of you have product information about foreign-made
> cryptographic equipment or software, I would be interested in seeing that
> as well.  I can be reached by snail mail at:
> 
> Curtis D. Frye
> 100 Yeonas Cir. SE
> Vienna, VA 22180
> USA
> 
> I look forward to your support and hope to report back in a few weeks with
> some preliminary results.
> 
> 
> Curtis D. Frye
> PRIVATE! Citizen
> I don't speak for MITRE, they don't speak for me.
> 
> 
> 

W.Quinton......(  Maceo.....Hit me Three times!!!!)-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Hampton Roads' Premier Online Information System
PGP KEY ON REQUEST             | (804) 627-1828, login guest, password guest
WYVERN TECH






From MIKEINGLE at delphi.com  Fri Feb 18 22:11:05 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Fri, 18 Feb 94 22:11:05 PST
Subject: Hacktic remailer works?
Message-ID: <01H91UZS0D9E8ZEH0X@delphi.com>


Does the remailer at hacktic work? I've tried it and have not received
a response. Does it use the standard syntax?  --- Mike






From hkhenson at cup.portal.com  Sat Feb 19 01:51:06 1994
From: hkhenson at cup.portal.com (hkhenson at cup.portal.com)
Date: Sat, 19 Feb 94 01:51:06 PST
Subject: your guess
Message-ID: <9402190147.1.22359@cup.portal.com>


dThe other day I was asking myself out loud just what the heck is going 
on with Bill and Al and their oddly strong support for Clipper.  A 
voice said ask not *that* question, but who is it that has a *lot* of 
influence over them, and what three letter agency were they working 
for a while back?  Hmm.  Could this describe a certain person who 
decided against being Sec. of Defense?  Very good! said the voice.  
Now, what kind of reason could people in the highest positions in the 
US have for doing things which are rather impolitic and out of 
character for them?  Well, I said, *I* don't know what kind of 
pressure might be brought to bare, but "no such agency" *would*.  Do 
you think they would have the nerve to blackmail a prez?  The voice 
softly said "Kennedy and Hoover." 





From pfarrell at netcom.com  Sat Feb 19 08:56:34 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Sat, 19 Feb 94 08:56:34 PST
Subject: MONEY: cryptocash is transaction money
Message-ID: <42900.pfarrell@netcom.com>


In message Thu, 17 Feb 94 12:41:00 -0800, hughes at ah.com (Eric Hughes)  writes:

> I've been getting questions about digital money lately which indicate
> a basic misunderstanding of its most important feature.  Crypto cash
> is a way of moving money, not a way of holding money.
>
> Crypto cash is like a check or a note rather than like the dollar,
> franc, or mark.  Crypto cash is a way of increasing one person's
> balance and decreasing someone else's balance.
>
> Since it's not a currency, it's not sensible to talk about its
> exchange rates.  Digital money can be denominated in any currency you
> like, so long as you have a bank or other financial institution to
> handle it for you.
>
> This is only an obvious distinction if you already know it.  "Money"
> is such an overloaded word that it's easy to get confused.
>
> If this isn't clear, _please_ let me clarify.  If you don't get this,
> none of the rest of the digital money discourse will be
> understandable.

I've been following the digital money issues here for quite some time,
and I do not understand this distinction at all. Sandy said essentially the
same thing in different words, and that too was beyond me.

Except for tangible money (i.e. 99.99% pure gold coins) I don't see that
any money is anything other than a mutially agreed upon way of moving
"barter tokens" between folks. Sometime the government (or Fed) can define
the true value of the barter tokens, and othertimes their attempts fail.
When the attempt fail, the usual course is to have a "devaluation" that
reflects market realities.

I don't see how digital money is fundamentally different than
private bank notes that were common in the US in the last century. They are
good if they are accepted, and useless if not.

If this is really a critical distinction, since I don't see it, I'd
appreciate a more concrete explaination.

Thanks
Pat

Pat Farrell      Grad Student                 pfarrell at gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From rarachel at prism.poly.edu  Sat Feb 19 09:01:12 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sat, 19 Feb 94 09:01:12 PST
Subject: Mac securedrv help..
Message-ID: <9402191645.AA07986@prism.poly.edu>


Hey guys I posted this message all over AOL, CIS, Fido and UseNet.  I'd
like to post it on here as well.  If you happen to know someone who has
written disk drive device drivers for the mac, please forward this to
them so that I can write something like SecureDrive for the Mac. :-)

(I've already written some vastly cool, vastly portable code thatprovides
much much more than an encrypted drive!)  I will make a FREE no-frills
crypto-drive available (only in the USA of course...) but there will
also be something along the lines of a shareware crypto-stacker with
data compression and encryption.  I've written most of the compressor
related code already, and tried to keep it fairly portable...  This
should give eDisk, Stacker, and x2 a bit of healthy competition. :-)
(It will be VERY low cost compared to them.)


Hey there, I tried to get a printed copy of InsideMac:Devices, however it
won't be published for a while.  In the mean time, I printed out some of
the relevent chapters from the beta version on the   d e v e l o p
bookmark cd...

I'm trying to write a disk device driver that will be loaded from an
application (after the Mac is started up, and INITs have loaded.)  I
already have code that installs a driver in this manner.  I've looked at
the SCSI C/ASM sample code on the CD...  But, here are some questions I
still have:

Is it okay for my driver to call FSRead FSWrite from its Prime routine?
(It will be reading from a file or writing to a file.)

Do I have to make the driver asynchronous?  If not, how do I tell the OS
that it isn't async?  If yes (or if asynch is better) how do I write such
a beast?  The demo SCSI driver is synchronous, however I hear that the new
AV macs use asynch drivers.  Would an async driver work on older Macs?
Would a non-async driver work on an AV Mac?

Where can I get sample code for an Async disk driver?  All I need is
basically a bit of a source code skeleton that I can stick in
READ_A_BLOCK, WRITE_A_BLOCK, Initialize, and Shutdown functions...

Also, a MAJOR thing, how do I set the sector/block size of a disk device
driver such as the one I'm writing?  I understand that 512 bytes seems to
be the size in general.  I also understand that the Mac clusters sectors
together if the drive is larger than 65535 sectors because of the pointers
it uses.   (I'd like to be able to use 512, 1024, 4096, or even upto 32K
sectors in my driver, but if 512 is the normal it's not too big a deal...)

I have written most of the routines that this driver needs, but I need a
working, good skeleton of a driver, and as the warnings on the SCSI sample
code indicate, I don't trust it. :-)

Thanks.
(if you'd like to email me the replies instead, my internet address is:
  rarachel at photon.poly.edu.  This is preferred since I generally get
  to the photon machine more often...)

---------On countless worlds the earth shakes as the forces of Chaos
strive to gain control.  Whilst they unleash their devastating weaponry upon
their foes there is no time for peace - only Eternal War.





From hfinney at shell.portal.com  Sat Feb 19 09:26:35 1994
From: hfinney at shell.portal.com (Hal)
Date: Sat, 19 Feb 94 09:26:35 PST
Subject: ;pgpit
Message-ID: <199402191724.JAA07448@jobe.shell.portal.com>


I was just logging out, by typing "logout".  I accidentally placed my
right hand on the wrong keys, offset to the right by one.  Instead of
"logout", what appeared on my screen was ";pgpit".  Good idea!  One we
should all take to heart. ;-)

Hal





From cknight at crl.com  Sat Feb 19 09:41:12 1994
From: cknight at crl.com (Chris Knight)
Date: Sat, 19 Feb 94 09:41:12 PST
Subject: MONEY: cryptocash is transaction money
In-Reply-To: <42900.pfarrell@netcom.com>
Message-ID: <Pine.3.87.9402190906.A8497-0100000@crl.crl.com>




On Sat, 19 Feb 1994, Pat Farrell wrote:

> I've been following the digital money issues here for quite some time,
> and I do not understand this distinction at all. Sandy said essentially the
> same thing in different words, and that too was beyond me.
> 
> Except for tangible money (i.e. 99.99% pure gold coins) I don't see that
> any money is anything other than a mutially agreed upon way of moving
> "barter tokens" between folks. Sometime the government (or Fed) can define
> the true value of the barter tokens, and othertimes their attempts fail.
> When the attempt fail, the usual course is to have a "devaluation" that
> reflects market realities.
> 
> I don't see how digital money is fundamentally different than
> private bank notes that were common in the US in the last century. They are
> good if they are accepted, and useless if not.
> 
> If this is really a critical distinction, since I don't see it, I'd
> appreciate a more concrete explaination.

  It may or may not be a critical distinction...  Do you consider a check 
to be "money"?  Or is it exchangable for money?  Does a wire transfer 
count as money, or is it simply a transfer of funds from one account to 
another?

  I don't see CypherBucks as true money.  It to me is a secure means of 
transferring cash from one account to another.  If you see a chech as 
money, I am pretty sure you won't agree with me.

  A check in itself is almost useless until rendered to a bank.  It is 
not legal tender.  You can't use a third party check at the store.  You 
can only deposit (transfer funds) or cash it (exchange for legal 
tender).  CypherBucks will probably go the same way.  If you issue me a 
transfer token, I won't be able to pass it off to Sandy since she won't 
be able to validate it's value, only the CypherBank will; so there will 
be no third party CypherBucks.  This brings it a little farther from 
legal tender.

  Of course, this is just my $ 0.01  It's too early on a saturday to put 
in a full 2 cents!

-ck







From hayden at krypton.mankato.msus.edu  Sat Feb 19 11:01:13 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Sat, 19 Feb 94 11:01:13 PST
Subject: CERT
Message-ID: <Pine.3.89.9402191309.A1244-0100000@krypton.mankato.msus.edu>


There is an article on CERT in the Feb 21st issue of Newsweek, on page 73.

They are depicted as 'A SWAT team in Cyberspace'.

Big Brother Inside.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From will.ciaburri at hofbbs.com  Sat Feb 19 13:26:38 1994
From: will.ciaburri at hofbbs.com (will.ciaburri at hofbbs.com)
Date: Sat, 19 Feb 94 13:26:38 PST
Subject: Unsubscribe
Message-ID: <9402191546.A0145wk@hofbbs.com>




UNSUBSCRIBE CYPHERPUNKS WILL CIABURRI

LEAVE CYPHERPUNKS

REMOVE WILL CIABURRI






From nobody at jarthur.claremont.edu  Sat Feb 19 16:11:14 1994
From: nobody at jarthur.claremont.edu (nobody at jarthur.claremont.edu)
Date: Sat, 19 Feb 94 16:11:14 PST
Subject: No Subject
Message-ID: <9402200010.AA26543@toad.com>



checking out the hacktic remailer 
one cant telnet... a check of DNS A records shows




> set type=mx
> hacktic.ml

hacktic.ml      preference = 10, mail exchanger = orstom.orstom.fr
orstom.orstom.fr        inet address = 192.33.151.1
>
A trace route to hacktic.nl shows
 4  San-Jose2.CA.Alter.Net (149.20.1.2)  3140 ms  290 ms  290 ms
 5  San-Jose1.CA.ALTER.NET (137.39.44.1)  270 ms  260 ms  280 ms
 6  San-Jose3.CA.ALTER.NET (137.39.101.97)  270 ms  2570 ms  280 ms
 7  Falls-Church1.VA.ALTER.NET (137.39.128.6)  330 ms  360 ms  370 ms
 8  Amsterdam.NL.EU.net (134.222.5.1)  510 ms  440 ms  450 ms
 9  Amsterdam.NL.NL.net (134.222.24.2)  440 ms  460 ms  460 ms
10  annex01.NL.net (193.78.240.65)  460 ms  450 ms  530 ms
11  * annex.hacktic.nl (193.78.33.99)  4460 ms *
12  193.78.33.41 (193.78.33.41)  4980 ms  2440 ms  2390 ms

Note also the nslookup to 

Non-authoritative answer:
Name:    hacktic.nl
Address:  193.78.33.42
 MX Records pointing to a French site for ANONYMOUS REMAILER
traffic is about as trustworthy as one in the Singapore Police HQ building
 traceroute orstom.orstom.fr
traceroute to orstom.orstom.fr (192.33.151.1), 30 hops max, 40 byte packets
 4  t1-1.San-Francisco-cnss11.t3.ans.net (140.222.11.2)  290 ms  270 ms  280 ms
 5  mf-0.San-Francisco-cnss8.t3.ans.net (140.222.8.222)  270 ms  260 ms  280 ms
 6  t3-0.Chicago-cnss24.t3.ans.net (140.222.24.1)  320 ms  310 ms  350 ms
 7  t3-0.Cleveland-cnss40.t3.ans.net (140.222.40.1)  2440 ms  320 ms  330 ms
 8  t3-1.New-York-cnss32.t3.ans.net (140.222.32.2)  330 ms  330 ms  340 ms
 9  t3-1.Washington-DC-cnss56.t3.ans.net (140.222.56.2)  340 ms  340 ms  350 ms
10  mf-0.Washington-DC-cnss58.t3.ans.net (140.222.56.194)  2480 ms  350 ms  350
ms
11  t3-0.enss145.t3.ans.net (140.222.145.1)  340 ms  340 ms  340 ms
12  192.203.229.245 (192.203.229.245)  340 ms  350 ms  460 ms
13  icm-dc-1-S13-T1.icp.net (192.157.65.18)  430 ms  2910 ms  360 ms
14  Paris-EBS2.Ebone.NET (192.121.156.201)  440 ms  440 ms  460 ms
15  Renater-RBS1.Ebone.NET (192.121.156.227)  430 ms  440 ms  440 ms
16  192.93.43.122 (192.93.43.122)  440 ms  2860 ms  470 ms
17  192.93.43.18 (192.93.43.18)  430 ms  460 ms  440 ms
18  192.93.43.89 (192.93.43.89)  450 ms  460 ms  500 ms
19  192.93.43.73 (192.93.43.73)  430 ms  470 ms  450 ms
20  193.50.61.241 (193.50.61.241)  460 ms  450 ms  470 ms
21  193.50.61.18 (193.50.61.18)  540 ms  700 ms  480 ms
22  193.48.170.21 (193.48.170.21)  560 ms  470 ms
23  ws62-b.cnusc.fr (131.196.4.62)  450 ms  440 ms  470 ms
24  orstom.orstom.fr (192.33.151.1)  560 ms  560 ms  570 ms




********************* NOW wait just a GODAMN Minute...
Anonymous remailer traffic  for a Dutch Remailer 
is being handled in DAMN France.. where
the Surete has a history of electronic spying... just WHAT in HELL is
going on with the HACKTIC Remailer?????
I DONT like the way this smells...


     anon





From nowhere at bsu-cs.bsu.edu  Sat Feb 19 16:31:14 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Sat, 19 Feb 94 16:31:14 PST
Subject: No Subject
Message-ID: <9402200031.AA09776@bsu-cs.bsu.edu>


> > set type=mx
> > hacktic.ml
            ^^

	Perhaps this is the problem?
> 
> hacktic.ml      preference = 10, mail exchanger = orstom.orstom.fr
> orstom.orstom.fr        inet address = 192.33.151.1


	An nslookup for hacktic.nl at my site showed:
 
Non-authoritative answer:
hacktic.nl      preference = 50, mail exchanger = xs4all.hacktic.nl
hacktic.nl      preference = 100, mail exchanger = sun4nl.nl.net
Authoritative answers can be found from:
xs4all.hacktic.nl       inet address = 193.78.33.42
sun4nl.nl.net   inet address = 193.78.240.1
xs4some.hacktic.nl      inet address = 193.78.33.33
ns.nl.net       inet address = 193.78.240.1

	No mention of France there at all.

> A trace route to hacktic.nl shows
>  4  San-Jose2.CA.Alter.Net (149.20.1.2)  3140 ms  290 ms  290 ms
>  5  San-Jose1.CA.ALTER.NET (137.39.44.1)  270 ms  260 ms  280 ms
>  6  San-Jose3.CA.ALTER.NET (137.39.101.97)  270 ms  2570 ms  280 ms
>  7  Falls-Church1.VA.ALTER.NET (137.39.128.6)  330 ms  360 ms  370 ms
>  8  Amsterdam.NL.EU.net (134.222.5.1)  510 ms  440 ms  450 ms
>  9  Amsterdam.NL.NL.net (134.222.24.2)  440 ms  460 ms  460 ms
> 10  annex01.NL.net (193.78.240.65)  460 ms  450 ms  530 ms
> 11  * annex.hacktic.nl (193.78.33.99)  4460 ms *
> 12  193.78.33.41 (193.78.33.41)  4980 ms  2440 ms  2390 ms
> 

	You'll also note no bit of France in here.

> Note also the nslookup to 
> 
> Non-authoritative answer:
> Name:    hacktic.nl
> Address:  193.78.33.42

	Why is this noteworthy, other than showing the IP number?
That number resolves to xs4all.hacktic.nl.

> ********************* NOW wait just a GODAMN Minute...
> Anonymous remailer traffic  for a Dutch Remailer 
> is being handled in DAMN France.. where
> the Surete has a history of electronic spying... just WHAT in HELL is
> going on with the HACKTIC Remailer?????
> I DONT like the way this smells...


	I wouldn't like it either, if I was correct.  However, as
youv'e seen, that's simply not the case.






From ACSNYDER at DEPAUW.EDU  Sat Feb 19 16:41:14 1994
From: ACSNYDER at DEPAUW.EDU (ACSNYDER at DEPAUW.EDU)
Date: Sat, 19 Feb 94 16:41:14 PST
Subject: subscribe
Message-ID: <01H92XVHLC2G8X1A2V@DEPAUW.EDU>



     subscribe





From qwerty at netcom.com  Sat Feb 19 18:26:41 1994
From: qwerty at netcom.com (Xenon)
Date: Sat, 19 Feb 94 18:26:41 PST
Subject: Remailer list
Message-ID: <199402200225.SAA19799@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

I have placed the "Xenon's Full Disclosure Remailer List"
up for anonymous ftp to netcom.com in /pub/qwerty.
I am willing to maintain it, by only to the extent that
people send me updates :-). It's format is free-form,
so add your own headers, or whatever. I am no longer
on the Cypherpunks mailing list. If someone is willing
to maintain this list, they can put their name atop it,
but I hope they will mail me new versions as they are
made. Thanks. Might you take the remailer discussion
to Usenet anyway? My list may end up in some form
in each new PGP FAQ version, by my mailing it to
Gary Edstrom who isn't on this list either.
 
 -=Xenon=-
-----BEGIN PGP SIGNATURE-----
Version: 2.3

iQCVAgUBLWaDRgSzG6zrQn1RAQF9gAP+NRS7WDnnyK2EBo9ULGnGZKEqeYMsgjf4
Qr/ZKaynYG0IhjaaFrBmM75n7HUXg795qefJ7LI9q/7vDa9jPKAkVi1OTn5v4Ivt
K6fVD5exx142iT3yHMvx6giTrmJcQ/9ScFUPBff5HViwOPtuOkkXQifsODKxqhZ/
AeN4MVjUAoI=
=NyW6
-----END PGP SIGNATURE-----





From hayden at krypton.mankato.msus.edu  Sat Feb 19 22:41:16 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Sat, 19 Feb 94 22:41:16 PST
Subject: CERT Funding
Message-ID: <Pine.3.89.9402200015.B12168-0100000@krypton.mankato.msus.edu>


According to the newsweek article this week, CERT refuses to disclose its 
operating budget and sources of income.  I find this at the very least, 
irritating.

Anyone have any more information about how much CERT spends annually, and 
where it comes from?  Or should we just assume it is the NSA?

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From anonymous at extropia.wimsey.com  Sun Feb 20 00:16:44 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Sun, 20 Feb 94 00:16:44 PST
Subject: Updated Remailer List/Helpfile?
Message-ID: <199402200522.AA14028@xtropia>


I know that an updated remailer list was just posted recently, but I
think that even since then a good number of remailers have already
bitten the dust.

Could we have a current list, and perhaps an updated helpfile posted to
cypherpunks?

Also, are there any newly listed netmail-to-news gates?  I am
particularly interested in any outside the US besides Demon.UK.

Thanks.






From mg5n+ at andrew.cmu.edu  Sun Feb 20 08:01:22 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 20 Feb 94 08:01:22 PST
Subject: Updated Remailer List/Helpfile?
In-Reply-To: <199402200522.AA14028@xtropia>
Message-ID: <khNsV9y00awV45kEwA@andrew.cmu.edu>


Anonymous at extropia asked:

> I know that an updated remailer list was just posted recently,
> but I think that even since then a good number of remailers
> have already bitten the dust.
> 
> Could we have a current list, and perhaps an updated helpfile
> posted to cypherpunks?

My remailer list is still availiable by sending mail to
mg5n+remailers at andrew.cmu.edu
I just updated it yesterday to remove the remailers that Karl Barrus
said have gone down.  Also it seems that remailer at entropy.linet.org
isn't working anymore.  I tried it and have gotten no responses after
several days.





From huntting at glarp.com  Sun Feb 20 09:21:23 1994
From: huntting at glarp.com (Brad Huntting)
Date: Sun, 20 Feb 94 09:21:23 PST
Subject: CERT Funding
In-Reply-To: <Pine.3.89.9402200015.B12168-0100000@krypton.mankato.msus.edu>
Message-ID: <199402201717.KAA00559@misc.glarp.com>



> Anyone have any more information about how much CERT spends annually, and 
> where it comes from?  Or should we just assume it is the NSA?

The main gripe most people have about CERT is that they are way
slow.  Could it be that they systematically inform some parties
before others, and that it just so happens that the public at large
is the last to know and the US intelegence community is the first?


Just another paranoid supposition...
Dont let it keep you up at night, :-)

brad





From hal at alumni.cco.caltech.edu  Sun Feb 20 09:26:53 1994
From: hal at alumni.cco.caltech.edu (Hal Finney)
Date: Sun, 20 Feb 94 09:26:53 PST
Subject: Blacknet worries
Message-ID: <199402201725.JAA24552@alumni.cco.caltech.edu>


Tim's Blacknet story has gotten a lot of reaction after Detweiler's
random posting escapade last week.  I think it is a good essay, but there
is one point I don't think was stressed enough.

> BlackNet is currently building its information inventory. We are interested
> in information in the following areas, though any other juicy stuff is
> always welcome. "If you think it's valuable, offer it to us first."
> 
> - trade secrets, processes, production methods (esp. in semiconductors)
> - nanotechnology and related techniques (esp. the Merkle sleeve bearing)
> - chemical manufacturing and rational drug design (esp. fullerines and
> protein folding)
> - new product plans, from children's toys to cruise missiles (anything on
> "3DO"?)
> - business intelligence, mergers, buyouts, rumors

The glaring omision, mentioned only in passing, is military intelligence.

A friend at work tells me that in the Manhattan project, presumably one
of the most secret projects ever attempted, the Soviet Union had no
fewer than six agents passing on information.  Since then, three have
been identified.  The KGB says there are three more who have never been
discovered, and they won't say who they are.

(Of course, this could be in part KGB boasting/disinformation, but apparently
the three who were discovered are confirmed.)

Keeping business secrets and manufacturing techniques secret is one thing.
But, from the point of view of the government, the world of Blacknet could
be an utter disaster for the protection of military secrets.  Despite its
consumption of a large fraction of our society's resources, government jobs
tend not to be high paying, especially compared to jobs with comparable
degrees of responsibility in civilian life.  The temptation to sell secrets
for cash has got to be present for almost everyone.  But it is balanced against
the immense practical problems involved: making contacts, arranging
deliveries, being caught in a "sting" operation.

Blacknet could remove most of this risk.  With near-perfect anonymity
and digital cash, a tidy side income could be created for anyone with access
to classified information.  There would be no need for risky physical meetings.
The money could be spent on a few nice extras to make life more comfortable,
without fear of it being traced.

How many people would succumb to such temptation?  People do undergo security
checks, and presumably those who pass are mostly honest.  But they are human,
and money is a powerful motivator.  Especially if the person figures that if
he doesn't sell the info someone else will, the temptation will be all the
stronger.

There are possible countermeasures: frequent lie-detector tests (as in Snow
Crash); "fingerprinting" documents so everybody has a slightly different
copy, allowing sting operations to identify the culprits; perhaps even
swamping the legitimate offers of cash with bogus ones (a denial-of-service
attack, in effect).  But none of these are really likely to solve the
problem.

This is probably the issue which has the government really scared, the
issue which turned Barlow's government friends against free encryption, as
he describes in his Wired article ("if you knew what I know, you'd oppose
it too").  The NSA in particular has for a long time been wildly paranoid
about this issue, as detailed in The Puzzle Palace; sometimes it seems that
despite its ostensible mission, the NSA is more concerned about protecting
its own secrets than discovering others'.  I could see any technology which
would facilitate sellouts by their people to be considered a mortal threat,
something to be fought by any means.  And I imagine that the rest of the
military intelligence community would feel the same way.

Imagine if Blacknet had existed during the Manhattan Project, how much
easier it would have been to corrupt those involved.  This must be a
nightmare for the government, and they appear determind in their fight
against it to create a nightmare in turn for proponents of privacy.

Hal Finney
hfinney at shell.portal.com





From tburns at mason1.gmu.edu  Sun Feb 20 10:21:25 1994
From: tburns at mason1.gmu.edu (T. David Burns)
Date: Sun, 20 Feb 94 10:21:25 PST
Subject: FWD: Chaitin speaks near D.C.
Message-ID: <199402201803.AA12818@ponyexpress.princeton.edu>


If anyone wants to go, I doubt that you have to be an official member of
WESS to attend. You are required to buy dinner, however.

Dave
---------  forwarded message follows  --------------------
Dear WESSers:

  The next general dinner meeting is scheduled for March 1, 1994, at
 Jacques Cafe, 4001 Fairfax Drive in Arlington, VA. The schedule for
 the evening is as usual: Cocktails at 6:00PM, Dinner at 7:00 PM and
 the talk at about 8:15 PM.


The speaker is Dr. Gregory Chaitin of Watson Research Laboratories of
International Business Corporation.  Dr. Chaitin is internationally
recognized for his work on theories of randomness.  ( The tensions between the
traditional theories of randomness and the emerging theories of nonlinear
deterministic behavior should prove to be stimulating.)

The following dinner meeting will be held on March 28th, 1994.  The
speaker will be Dr. Ben Weems who will discuss "The Evolution of
Cognitive Structures".

Dr. Koichiro Matsuno (Professor of Biophysics, Nagaoka University) will be
visiting the Washington area from March 27, 1994 to March 29, 1994.  He is
interested in meeting with WESS members during that period.  Please drop me a
note so that I can arrange a mutually agreeable schedule or contact him directly
via Internet at (kmatsuno at voscc.nagaokaut.ac.jp).

Jerry

Abstract

==================================================================

THE LIMITS OF MATHEMATICS

G. J. Chaitin
IBM Research Division
P.O. Box 704, Yorktown Heights, NY 10598
chaitin at watson.ibm.com

One normally thinks that everything that is true is true for a reason.
I've found mathematical truths that are true for no reason at all.
These mathematical truths are beyond the power of mathematical
reasoning because they are accidental and random.

=====================

GREGORY CHAITIN is a member of the computer science department at the
IBM Watson Research Center in New York.  In the mid 1960s, when he was
a teenager, he created algorithmic information theory, which combines,
among other elements, Shannon's information theory and Turing's theory
of computability.  In the three decades since then he has been the
principal architect of the theory.  Among his contributions are the
definition of a random sequence via algorithmic incompressibility, and
his information-theoretic approach to Godel's incompleteness
theorem.  His work on Hilbert's 10th problem has shown that in a sense
there is randomness in arithmetic, in other words, that God not only
plays dice in quantum mechanics and nonlinear dynamics, but even in
elementary number theory.  He is the author of three books:
ALGORITHMIC INFORMATION THEORY published by Cambridge University
Press, and INFORMATION, RANDOMNESS & INCOMPLETENESS and
INFORMATION-THEORETIC INCOMPLETENESS, both published by World
Scientific.

=


    vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

      Jerry LR Chandler, Ph.D.                  Phone: 301-496-1846
      Epilepsy Br. National Inst Health         Fax    301-496-9916
      Bethesda, Maryland 20892                  Home   703-790-1651

      chandler at casa.ninds.nih.gov    OR    chandler at helix.nih.gov

    vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv











From mg5n+ at andrew.cmu.edu  Sun Feb 20 11:11:28 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 20 Feb 94 11:11:28 PST
Subject: CERT Funding
Message-ID: <AhNvI=_00awVI8y3Ep@andrew.cmu.edu>


Brad Huntting <huntting at glarp.com> wrote:

> > Anyone have any more information about how much CERT spends annually,
> > and where it comes from?  Or should we just assume it is the NSA?
>
> The main gripe most people have about CERT is that they are way
> slow.  Could it be that they systematically inform some parties
> before others, and that it just so happens that the public at large
> is the last to know and the US intelegence community is the first?

>From alt.security:

---------- Forwarded message begins here ----------

From: Paul <PAUL at TDR.COM>
Newsgroups: tdr.general,digex.general,alt.security,comp.security.misc
Subject: New List on Computer/Telephone Problems/Bugs/Viruses/Dangers
Date: Sun, 20 Feb 1994 01:05:00 -0500 (EST)
Organization: Tansin A. Darcos & Company, Silver Spring MD
Lines: 72
Message-ID: <9402200105.PAUL at TDR.COM>
NNTP-Posting-Host: access2.digex.net
Followups-To: tdr.general
Xref: bb3.andrew.cmu.edu alt.security:5909 comp.security.misc:5565

This is to announce the creation of a list and newsgroup for the public
disclosure of bugs, system problems, viruses, and any other conditions in
a computer system that people should be aware of so they can fix the
problem. 

It is also appropriate to report security holes, dangerous conditions in
PBXs, cellular and wire telephone systems, and other computer-controlled
devices.  Also reports of things such as default accounts and passwords on
systems that should be changed, etc.

The focus will be on reporting clear descriptions of problems including
how to generate them.  The idea being that this will alert people to the
nature of certain problems that they might be unaware of.  Reproducing
these conditions lets others know what is being done, and can allow people
to post solutions on how to block them.  

The purpose in creating this outlet is that currently, the only means
currently available for reporting discovered security holes in computer
systems and possibly other areas is via the Computer Emergency Research
Team (CERT) out of Carnegie Mellon University. 

The problem with CERT reporting is that the reports generally tend to be
done in secrecy, and it fails to let system administrators and others know
about what is happening so that these things can be fixed.  In short, CERT
acts like a black hole and takes too long to publicize problems until lots
of places get hit because they didn't know about it.

Some people feel that reports should not be publicized because potential
reports might become available to "the bad guys."  Well, the truth of the
matter is that "the bad guys" trade their discoveries around all the time;
the current use of secrecy is only hurting "the good guys" who want to
protect their systems.

There will be two addresses.  The general list will be

PROBLEMS at TDR.COM 

which is used to post a report to the list.   Postings may also be made 
by facsimile to +1 301 492 7617 to the attention of Paul Robinson, or by
telex to USA telex number 6505066432; the answerback is '6505066432MCI UW'.

If your site receives all or most newsgroups, the list is echoed to the 
group tdr.problems.  If you do not receive that hierachy (or prefer to 
receive it as mail), you can subscribe.

To subscribe to the list, or to post a report to me that you do not wish 
to be publicly identified as the sender, use

PROBLEMS-REQUEST at TDR.COM

Currently, both addresses are moderated.  This may change as I upgrade the
software on my system.  Persons wishing to make a report but not be
identified should send the message to me at PROBLEMS-REQUEST and state so
in the text of their message.

Persons wanting to receive this service by facsimile should contact me for
details.  All messages requesting subscriptions or posting information
will be acknowledged.  Please pass this announcement around.

It is my intent to set this up such that people can publicly report known
bugs, viruses and problems in clear detail so everyone knows about them
and can encourage much faster response to these problems than is currently
available.  It may even embarass some manufacturers into making fixes
sooner when their errors are glaringly exposed in public.

---
Paul Robinson - Paul at TDR.COM
-----
The following Automatic Fortune Cookie was selected only for this message:

Never call a man a fool; borrow from him.







From klbarrus at owlnet.rice.edu  Sun Feb 20 11:21:27 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Sun, 20 Feb 94 11:21:27 PST
Subject: REMAIL: down (sortof) remailers
Message-ID: <9402201920.AA25214@boreal.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Cypherpunks,

well, after poking around some, I found out that the remailers
elee7h5 at rosebud and elee6ue at rosebud are down... they have been
renamed!

Yes, that's right!  They are now named elee7h5x at rosebud and
elee6uex at rosebud.  I've been testing and they do seem to work just
like before.  I'll flush out the two latency queued messages since I'm
not sure I can re-enable the chained remailer (I sent through the one
message that bounced).

Now this may be a pain as far as the remailing scripts actually
because both accounts are locked, so I don't have the secret keys
available to me anymore, in order to rename the public keys.  I guess
both those remailers are on the possible edge of extinction anyway (I
figure they were just renamed and locked because the grad student who
admins rosebud probably can't figure out how to remove an account
being a VMS guy ;)

Karl Barrus
klbarrus at owlnet.rice.edu



-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWe30IOA7OpLWtYzAQHwVQP/SwER/83FDWWKZWETV0HAT7jFS9DFYkwN
dNXg4BmO2gfyidpVB2wi5KL5WXpvB2TKi2EZnjsUBnROuJdLQ9GCGcjpsrFNniBV
y0u2clM4ArF0rygDFfg2rCy4jljDjweDFezpAMHRq85hCMiBb9VArAdVdHVQc2TZ
vLovx45Wceo=
=fsN/
-----END PGP SIGNATURE-----





From nobody at shell.portal.com  Sun Feb 20 11:27:00 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 20 Feb 94 11:27:00 PST
Subject: Clipper fact sheet with analysis
Message-ID: <199402201925.LAA01099@jobe.shell.portal.com>


White House fact sheet, with analysis.
Repost me!

>Note:     The following was released by the White House today in
>          conjunction with the announcement of the Clipper Chip
>          encryption technology.

>                           FACT SHEET
>                  PUBLIC ENCRYPTION MANAGEMENT
                   
                   UNIVERSAL WIRETAPPING SYSTEM

>The President has approved a directive on "Public Encryption
>Management."  The directive provides for the following:

The President, acting on advice from the Spooks, has decided to
wiretap everyone's communications now, while it is still possible.

>Advanced telecommunications and commercially available encryption
>are part of a wave of new computer and communications technology.
>Encryption products scramble information to protect the privacy of
>communications and data by preventing unauthorized access.
>Advanced telecommunications systems use digital technology to
>rapidly and precisely handle a high volume of communications.
>These advanced telecommunications systems are integral to the
>infrastructure needed to ensure economic competitiveness in the
>information age.

Al Gore loves the wonders of technology.

>Despite its benefits, new communications technology can also
>frustrate lawful government electronic surveillance.  

The feds are having a hard time tapping your phone.

>Sophisticated
>encryption can have this effect in the United States.  

The FBI can't break the new codes people have invented.

>When
>exported abroad, it can be used to thwart foreign intelligence
>activities critical to our national interests.  

Neither can the NSA.

>In the past, it has
>been possible to preserve a government capability to conduct
>electronic surveillance in furtherance of legitimate law
>enforcement and national security interests, while at the same time
>protecting the privacy and civil liberties of all citizens.  

The NSA could break DES, and citizens weren't using crypto anyway.

>As encryption technology improves, doing so will require new,
>innovative approaches.

DES is obsolete, and the NSA can't break the new ciphers which are
going to replace it. So we have to build in the wiretaps up front.

>In the area of communications encryption, the U. S. Government has
>developed a microcircuit that not only provides privacy through
>encryption that is substantially more robust than the current
>government standard, but also permits escrowing of the keys needed
>to unlock the encryption.  

The NSA built an encryption chip with a built-in wiretap.

>The system for the escrowing of keys
>will allow the government to gain access to encrypted information
>only with appropriate legal authorization.

The government will keep the keys and use them to wiretap people.
But only when it's legal. We promise. Trust us.

>To assist law enforcement and other government agencies to collect
>and decrypt, under legal authority, electronically transmitted
>information, I hereby direct the following action to be taken:

To make sure we can still wiretap you, this is what we are going to do:

>INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS

>The Attorney General of the United States, or her representative,
>shall request manufacturers of communications hardware which
>incorporates encryption to install the U.S. government-developed
>key-escrow microcircuits in their products.  

All telephone companies will be coerced into using the Clipper chip.
Those who do not will be harassed, denied government contracts, and
forbidden to export their products. If this doesn't work, we might
have to resort to more forceful tactics.

>The fact of law
>enforcement access to the escrowed keys will not be concealed from
>the American public.  

We will tell them their phones might be tapped, but not when.

>All appropriate steps shall be taken to
>ensure that any existing or future versions of the key-escrow
>microcircuit are made widely available to U.S. communications
>hardware manufacturers, consistent with the need to ensure the
>security of the key-escrow system.  

We will give them the chips, as long as they use them the way we
tell them to use them. But we won't tell them how the chips work.

>In making this decision, I do
>not intend to prevent the private sector from developing, or the
>government from approving, other microcircuits or algorithms that
>are equally effective in assuring both privacy and a secure key-
>escrow system.

Companies are free to design their own encryption systems, as long
as they have wiretaps built into them.

>KEY-ESCROW

>The Attorney General shall make all arrangements with appropriate
>entities to hold the keys for the key-escrow microcircuits
>installed in communications equipment.  

The Attorney General shall make sure keys are available when we want
to wiretap people.

>In each case, the key
>holder must agree to strict security procedures to prevent
>unauthorized release of the keys.  The keys shall be released only
>to government agencies that have established their authority to
>acquire the content of those communications that have been
>encrypted by devices containing the microcircuits.  

The escrow keys shall be released to any agency which comes up with a
credible excuse to request them.

>The Attorney
>General shall review for legal sufficiency the procedures by which
>an agency establishes its authority to acquire the content of such
>communications.

The Attorney General shall make sure there are no legal loopholes which
might allow someone to invalidate evidence from a Clipper wiretap.

>PROCUREMENT AND USE OF ENCRYPTION DEVICES

>The Secretary of Commerce, in consultation with other appropriate
>U.S. agencies, shall initiate a process to write standards to
>facilitate the procurement and use of encryption devices fitted
>with key-escrow microcircuits in federal communications systems
>that process sensitive but unclassified information.  I expect this
>process to proceed on a schedule that will permit promulgation of
>a final standard within six months of this directive.

The government will start buying lots of Clipper chips immediately to
make sure there is a market for them. We need to get this off the ground
before any opposition or alternatives arise.

>The Attorney General will procure and utilize encryption devices to
>the extent needed to preserve the government's ability to conduct
>lawful electronic surveillance and to fulfill the need for secure
>law enforcement communications.  

The Attorney General will make sure plenty of LEAF decoders are available
to wiretap people, and the cops will use Clipper chips so people with 
scanners can't listen in on them. This will also create a bigger market 
for Clipper chips.

>Further, the Attorney General
>shall utilize funds from the Department of Justice Asset Forfeiture
>Super Surplus Fund to effect this purchase.

The Attorney General will use money stolen from alleged criminals to
buy Clipper chips and wiretapping devices. The more phones we tap, the
more criminals we catch, the more property we seize, the more money we
have for law enforcement to tap more phones...






From catalyst-remailer at netcom.com  Sun Feb 20 11:41:26 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Sun, 20 Feb 94 11:41:26 PST
Subject: Blacknet trademark offence.
Message-ID: <199402201939.LAA24735@mail.netcom.com>


alt.conspiracy #43947 (0 + 24 more)                                        [1]
From: nyt at blythe.org (NY Transfer News)
[1] Warning: "BlackNet" is not The Blacknet
Keywords: bogus messages
Date: Sat Feb 19 21:18:37 EST 1994
Distribution: world
Organization: NY Transfer News Collective
Lines: 47


Via NY Transfer News Collective * All the News that Doesn't Fit



IMPORTANT ANNOUNCEMENT!!!!!

RE:  ILLEGAL USE of the name BLACKNET!

OFFENDER:  "NOBODY at SHELL.PORTAL.COM"



It has come to our attention our name The BLACKNET is being used
ILLEGALLY and MALICIOUSLY by some party or parties unknown.
Please be advised that this company/group/individual, etc. are in
no way affiliated with our BBS.

The Blacknet is a service mark registered with the Patent and
Trademark Office and steps are being taken to protect our
integrity in the online world, as well as to implement legal
action against those who have defamed our name.

I trust that those in the online world who do know us realize we
are not behind this group and if you see any further messages to
route them to us.

For those who do not know us, we hope that the next time you see
the name Blacknet it will not be associated with the disgusting
message that has been circulating around the networks.

Thank you for your attention and cooperation.

Sincerely,


Idette Vaughan for The Blacknet
Brooklyn, NY
idette.vaughan at f618.n278.z1.fidonet.org




+----------------------------------------------------------------+
+ 212-675-9690      NY TRANSFER NEWS COLLECTIVE     212-675-9663 +
+           Since 1985: Information for the Rest of Us           +
+ e-mail: nyt at blythe.org                   info: info at blythe.org +





From catalyst-remailer at netcom.com  Sun Feb 20 12:01:27 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Sun, 20 Feb 94 12:01:27 PST
Subject: CERT vs. Net Mafia?
Message-ID: <199402202000.MAA02251@mail.netcom.com>


NEWSWEEK, February 21, 1994, p.73

Technology: How to fight crime on the Internet

A SWAT Team in Cyberspace

Joshua Cooper Ramo

The First Hint of trouble came at 3 a.m. one night last December.  A
panicky New York computer bulletin board operator called the Computer
Emergency Response Team center at Carnegie Mellon University in
Pittsburgh to report discovering an unauthorized program that could
surreptitiously record users' secret passwords.  CERT is the SWAT team
of the electronic frontier; the call sent these cybercops scrambling
to their keyboards to try and figure out who was behind the break-in -
- and whether it had spread.  "It's like finding rats in your
apartment," says CERT manager Dain Gary.  "When you see one, there are
probably a hundred.  In this case, there are probably 10,000."

The New York bulletin board is hooked up to the Internet, an
international web of computers that links 20 million users.  If one
system is compromised, many more are vulnerable.  The December break-
in turned out to be the first of hundreds of similar reports: earlier
this month Gary's team concluded there was an organized effort to
infiltrate the Internet.  Although the culprits were still loose and
their motives were unclear last week, CERT's detective work has won
the team respect and new attention on the net.  A typical Internet
message: "It's nice to know that somebody out there is helping keep us
techno-peons in the loop."

Created by the Defense Department five years ago after the last
widespread Internet break-in, the CERT team operates out of a sleek
granite building.  CERT has no legal power to arrest or prosecute;
instead, the team of about 15 programmers pokes through violated
systems using their only weapons: dozens of computers.  Like the
hackers they track, CERT team members often work round the clock,
subsisting on takeout Chinese food.  Gary, 52, CERT's manager, is a
decorated army attack- helicopter pilot and an expert in computer
security.  Hackers are "the adversary," he says.  "We try to help the
victim" by posting warnings of "holes" -- vulnerabilities -- and fixes
on the net.  "But as the net grows, the incidents are climbing," he
says.  "The motives are changing."

Net Mafia? Ten years ago hackers were usually youthful pranksters,
mostly interested in demonstrating technical ingenuity.  Now there's a
growing feeling that more sinister forces may be loose, perhaps a kind
of net mafia intent on outright theft through use of credit-card
numbers or other data.

Last year CERT responded to almost 1,500 calls, a 75 percent increase
from 1992's.  CERT won't disclose its budget, but clearly a lot of
help comes from volunteers interested in preserving the integrity of
the net.  Particularly complicated security breaches are farmed out
around the country to an unofficial brain trust of specialists in
specific operating systems.  The rest of the detective work is on line
in Pittsburgh.   Rich Pethia, 47, CERT's coordinator, has spent 25
years working on the net; he says his job gets tougher every year. 
The team must deal with increasingly sophisticated hackers and
criticism from netters who think that providing hole data is like
giving cybercrooks keys to computers.

Unfortunately, finding holes is often easier than fixing them.  CERT
still doesn't have a long-term solution to the current break-in
problem.  Last week, in response to the CERT alarm, network operators
around the world booted and rebooted their systems, looking for signs
of trouble.   Back in Pittsburgh, the CERT team members were hunched
over their keyboards, ready for the next call.






From kelly at netcom.com  Sun Feb 20 12:06:58 1994
From: kelly at netcom.com (Kelly Goen)
Date: Sun, 20 Feb 94 12:06:58 PST
Subject: (fwd) iPower crypto chip in PCMCIA card
Message-ID: <199402202003.MAA13904@mail.netcom.com>


Newsgroups: alt.2600
Path: netcom.com!mocten
From: mocten at netcom.com (Mark Hudson)
Subject: iPower crypto chip in PCMCIA card
Message-ID: <-62PjOECJDZt057yn at netcom.com>
Sender: mocten at netcom.com (Mark "Marcus" Hudson)
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Date: Fri, 18 Feb 1994 02:02:38 GMT
Lines: 21

I got this out of newsletter I received a few days ago.
Hopefully it isn't old knowledge yet.


   Crypto Chip Debuts

National Semiconductor has released the iPower encryption
chip, which was designed for use in PCMCIA cards and provides
a reange of security features.  The chip can encrypt data via
multiple enryption algorithms, and will self-destruct upon any
tampering attempt, using a self-contained chemical.  Cards that
use the iPower chip can also provide additional functions
such as tracking user access times.  The iPower division is
based in Santa Clara, CA. 408/721-8797.

--Mark
-- 
--
Mark Hudson is mocten at netcom.com (or vice versa)
Mr. Congealiality--a suppository of knowledge.
This has been a blipvert. (Hose down or prepare to explode.)





From mpd at netcom.com  Sun Feb 20 12:26:58 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 20 Feb 94 12:26:58 PST
Subject: Blacknet trademark offence.
Message-ID: <199402202025.MAA16338@mail.netcom.com>


> 
> IMPORTANT ANNOUNCEMENT!!!!!
> 
> RE:  ILLEGAL USE of the name BLACKNET!
> 
> OFFENDER:  "NOBODY at SHELL.PORTAL.COM"

How embarrassing!  I had completely forgotten about the FIDO Blacknet
which is carried by a large number of BBS systems both in this country
and abroad.  

These people must now be extremely pissed and running to their lawyers
in droves.  

Oh well. :)

-- 
     Mike Duvos         $    PGP 2.3a Public Key available    $
     mpd at netcom.com     $    via Finger.                      $





From tcmay at netcom.com  Sun Feb 20 12:36:59 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 20 Feb 94 12:36:59 PST
Subject: Blacknet worries
In-Reply-To: <199402201725.JAA24552@alumni.cco.caltech.edu>
Message-ID: <199402202033.MAA25767@mail.netcom.com>


Hal Finney makes some comments about the dangers (I call them
benefits) of systems like "BlackNet," the hypothetical-but-inevitable
entity I described last fall. These dangers/benefits have been
apparent to me since around 1988 or so and are the main motivator of
my interest in "crypto-anarchy," the set of ideas that I espouse.

(I don't often dwell on them on this list, partly because I already
have in the past, and in the "Crypto-Anarchist Manifesto" and other
rants at the soda.berkeley.edu archive site, and partly because the
Cypherpunks list is somewhat apolitical...apolitical in the sense that
we have libertarians, anarcho-syndicalists, anarcho-capitalists,
Neo-Pagans, Christian Fundamentalists, and maybe even a few
unreconstructed Communists on the List, and espousing some particular
set of beliefs is discouraged by common agreement.)

However, since Hal has raised some issues, and the general issues of
data havens, anonymous information markets, espionage, and other
"illegal" markets have been raised, I'll comment. Besides, volume on
the List has been awfully light the past few days. Maybe it's my mail
delivery system slowing down, maybe it's the Olymics (I say put Tonya
up on the gold medalist's platform, put the gold medal around her neck,
then the noose, then kick the platform out from under her), or maybe
it's the natural exhaustion of the last set of hot topics.

First, a legal caveat. I openly acknowledge having written the
BlackNet piece--proof is obvious. But I did *not* post it to
Cypherpunks, nor to any other mailing lists and certainly not to
Usenet. Rather, I dashed it off one night prior to a nanotechnology
discussion in Palo Alto, as a concrete example of the coming future
and how difficult it will be to "bottle up" new technologies (a point
Hal alludes to). I sent this note off to several of my associates, via
anonymous remailers, so as to make the point in a more tangible way. I
also printed out copies and passed them out at the nanotech meeting,
which was around last September or so.

Someone decided to post this (through a remailer) to the Cypherpunks
list. Kevin Kelly and John Markoff told me they've seen it on numerous
other lists and boards, and of course Detweiler has recently posted it
to dozens of newsgroups (though it got cancelled and only the "echoes"
remain in most places...a few folks forwarded copies to ohter sites,
with comments, so they were not affected by the cancellation message).

My legal protection, my point here, is that I did not post the
BlackNet piece, it does not exist as an actual espionage or data haven
entity, and my point was rhetorical and is clearly protected by the
First Amendment (to the Constitution of the country in which I
nominally reside).

On to Hal Finney's points:
> 
> Tim's Blacknet story has gotten a lot of reaction after Detweiler's
> random posting escapade last week.  I think it is a good essay, but there
> is one point I don't think was stressed enough.
> 
> > BlackNet is currently building its information inventory. We are interested
> > in information in the following areas, though any other juicy stuff is
> > always welcome. "If you think it's valuable, offer it to us first."
> > 
> > - trade secrets, processes, production methods (esp. in semiconductors)
> > - nanotechnology and related techniques (esp. the Merkle sleeve bearing)
...
> The glaring omision, mentioned only in passing, is military intelligence.

Yes, military intelligence will become much more "fungible" in the
future I envision. It already is, of course, a la the Walkers, but
computer-mediated markets and secure encryption will make it so much
more efficient and liquid. Buyers will be able to advertise their
wants and their prices. Ditto for sellers. Of course, decoys,
disinformation, and the like come to the fore.

To pick a trivial example, someone sits above a busy port and watches
ship movements from the privacy of his apartment. He summarizes these,
then sells them for a paltry-but-comfortable $3000 a month to some
other nation. (The ease of doing this means others will get into the
market. Prices will likely drop. Hard to predict the final
prices...the beauty of free markets.)

> A friend at work tells me that in the Manhattan project, presumably one
> of the most secret projects ever attempted, the Soviet Union had no

Yes, Hal's point is valid. William Gibson, so reviled in some
cyberpunk quarters (it's tres chic to bash him) anticipated this some
years back in "Count Zero," in which the scientists of a company are
held isolated on a mesa in New Mexico--recall the rescue/escape by
ultralight aircraft off the mesa?

The motivation for thinking about BlackNet, which is what I dubbed
this capability in late 1987, was a discussion with the late Phil
Salin that year about his as-yet-unfunded company, "AMIX," the
American Information Exchange. I played the Devil's Advocate and
explained why I thought corporate America--his main target for
customers--would shun such a system. My thinking?

- corporations would not allow employees to have corporate accounts,
as it would make leakage of corporate information too easy

(Example: "We will pay $100,000 for anyone who knows how to solve the
charge buildup problem during ion implant of n-type wafers." Many
corporations spend millions to solve this, others never did. A
"market" for such simple-to-answer items would revolutionize the
semiconductor industry--but would also destroy the competitive
advantage obtained by those who first solved the problems. Another
example, from earlier on, is the alpha particle problem plaguing
memory chips. I figured out the problem and the solution in 1977, at
Intel, and then Intel kept it a deep secret for the next year,
allowing its competitors to wallow in their soft error problems for
that entire year. When I was eventually allowed to publish--a decision
made for various reasons--the competitors raced for the telephones
even before I'd finished presenting my paper! Imagine how much I
could've sold my "expertise" for in the preceding year--or even after.
Of course, Intel could have deduced who was selling what, by various
intelligence-copunterintelligence ploys familiar to most of you
(canary traps, barium, tagged info). But the point is still clear: an
information market system like AMIX means "digital moonlighting," a
system corporations will not lightly put up with.

If information markets spread, even "legit" ones like AMIX (not
featuring anonymity), I expect many corporations to make
non-participation in such markets a basis for continuing employment.
(The details of this, the legal issues, I'll leave for later
discussions.)

> Keeping business secrets and manufacturing techniques secret is one thing.
> But, from the point of view of the government, the world of Blacknet could
> be an utter disaster for the protection of military secrets.  Despite its
> consumption of a large fraction of our society's resources, government jobs
> tend not to be high paying, especially compared to jobs with comparable
> degrees of responsibility in civilian life.  The temptation to sell secrets
> for cash has got to be present for almost everyone.  But it is balanced against
> the immense practical problems involved: making contacts, arranging
> deliveries, being caught in a "sting" operation.

Yes, which is why I always used to use "B-2 Stealth Bomber blueprints
for sale" as my canonical example of a BlackNet ad. Hundreds of folks
at Northrup had access to various levels of B-2 secrets. The "problem"
for them was that military intelligence (Defense Intelligence Agency,
Office of Naval Intelligence, CIA, NDA, etc.) was watching them (and
they knew this) and monitoring the local bars and after-work hangouts.
Read "The Falcon and the Snowman," or rent the movie, for some details
on this.

Anonymous markets completely change the equation!

(By the way, many other "tradecraft" aspects of espionage are
similarly changed forever....and probably already have been changed.
Gone will be the messages left in Coke cans by the side of the road,
the so-called "dead drops" so favored by spies for communicating
microfilm, microdots, and coded messages. What I call "digital dead
drops" already allow nearly untraceable, unrestricted communication.
After all, if I can use a remailer to reach St. Petersburg.... Or if I
can place message bits in the LSB of a image and then place this on
Usenet for world-wide distribution..... (I described this in my first
message on using LSBs of audio and picture files in 1988, in
sci.crypt). The world has already changed for the spy. And Mafia guys
on the run are using CompuServe to communicate with their wives...the
Feds can't tap these ever-changing systems....a likely motivation for
current Clipper/Capstone/Tessera/Digital Telephony schemes.)

> Blacknet could remove most of this risk.  With near-perfect anonymity
> and digital cash, a tidy side income could be created for anyone with access
> to classified information.  There would be no need for risky physical meetings.
> The money could be spent on a few nice extras to make life more comfortable,
> without fear of it being traced.

Yep! That's the beauty of it all. "Classified classifieds," so to
speak. "No More Secrets." At least, no more secrets that you don't
keep yourself! (A subtle point: crypto-anarchy doesn't mean a "no
secrets" society; it means a society in which individuals must protect
their own secrets and not count on governments or corporations to do
it for them. It also means "public secrets," like troop movements and
Stealth production plans, or the tricks of implaniting wafers, will
not remain secret for long.)

> How many people would succumb to such temptation?  People do undergo security
> checks, and presumably those who pass are mostly honest.  But they are human,
> and money is a powerful motivator.  Especially if the person figures that if
> he doesn't sell the info someone else will, the temptation will be all the
> stronger.

Yes. All of this is true.

> There are possible countermeasures: frequent lie-detector tests (as in Snow
> Crash); "fingerprinting" documents so everybody has a slightly different
> copy, allowing sting operations to identify the culprits; perhaps even
> swamping the legitimate offers of cash with bogus ones (a denial-of-service
> attack, in effect).  But none of these are really likely to solve the
> problem.

We went around several times on the Extropians list (which I am no
longer on, by the way--for unrelated reasons), especially with regard
to what most folks consider an even more disturbing use of
BlackNet-type services: liquid markets for killings and extortion. Pun
intended. Buyers and sellers of "hits" can get in contact anonymously,
place money (digicash) in escrow with "reputable escrow services"
("Ace's Anonymous Escrow--You slay 'em, we pay 'em"), and the usual
methods of stopping such hits fail.

(The Mob rarely is stopped, as they use their own hitters, usually
brought if from distant cities for just the one job. And reputations
are paramount. Amateurs usually are caught because they get in contact
with potential hitters by "asking around" in bars and the
like...and somebody calls the cops and the FBI then stings 'em.
Anonymous markets, digital cash, escrow services, and reputation
services all change the equation dramatically. If the hit is made, the
money get transferred. If the hit is not made, no money is
transferred. In any case, the purchaser of the hit is fairly safe.
Implication of the purchaser can still happen, but by means other than
the usual approach of setting up a sting.)

> This is probably the issue which has the government really scared, the
> issue which turned Barlow's government friends against free encryption, as
> he describes in his Wired article ("if you knew what I know, you'd oppose
> it too").  The NSA in particular has for a long time been wildly paranoid

Yes, if I could think all this stuff up in 1987-8, so can a lot of
others. It was clear to me, at the Crypo Conference in 1988, that
David Chaum had thought of these uses and was deliberately navigating
around them in his scenarios for digicash. He just raised his eyebrows
and nodded when I discussed a few of the less fearsome applications.

...
> its own secrets than discovering others'.  I could see any technology which
> would facilitate sellouts by their people to be considered a mortal threat,
> something to be fought by any means.  And I imagine that the rest of the
> military intelligence community would feel the same way.

To the governments of the world, facing these and other threats to
their continued ways of doing business (notice that I didn't say "to
their continued existence"), the existence of strong encryption in the
hands of the population is indeed a mortal threat.

They'll cite the "unpopular" uses: kiddie porn nets, espionage,
selling of trade secrets (especially to "foreigners"), the bootlegging
of copyrighted material, "digital fences" for stolen information,
liquid markets in liquidations, and on and on. They won't mention a
basic principle of western civilization: that just because _some_
people mis-use a technology that is no reason to bar others.

Just because some people mis-use camcorders to film naked children is
no reason to ban cameras, camcorders, and VCRs. Just because some
folks mis-use free speech is no reason to ban free speech. And just
because some will mis-use encryption--in the eyes of government--is
not a good reason to ban encryption.

In any case, it's too late. The genie's nearly completely out of the
bottle. National borders are just speed bumps on the information
highway.

The things I've had in my .sig for the past couple of years are coming.


--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From nobody at shell.portal.com  Sun Feb 20 12:56:58 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 20 Feb 94 12:56:58 PST
Subject: Remailer killing subject line
Message-ID: <199402202053.MAA03562@jobe.shell.portal.com>


Hi,

why do some remailers (e.g. anonymous at extropia.wimsey.com) kill the
subject line of a message? It would be very usefull to remail the
subject line also.

Thanks





From mg5n+ at andrew.cmu.edu  Sun Feb 20 13:46:58 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 20 Feb 94 13:46:58 PST
Subject: Remailer killing subject line
In-Reply-To: <199402202053.MAA03562@jobe.shell.portal.com>
Message-ID: <QhNxZGu00awKMG=kdJ@andrew.cmu.edu>


Anonymous asked:

> Hi,
>
> why do some remailers (e.g. anonymous at extropia.wimsey.com)
> kill the subject line of a message? It would be very usefull to
> remail the subject line also.
> 
> Thanks

You need to put the Subject: line inside your PGP encrypted message.





From dwomack at runner.utsa.edu  Sun Feb 20 14:51:27 1994
From: dwomack at runner.utsa.edu (David L Womack)
Date: Sun, 20 Feb 94 14:51:27 PST
Subject: Blacknet worries
Message-ID: <9402202250.AA24131@runner.utsa.edu>


With all due respect....the U.S Government has PLENTY
of tools to go after those deemed to be violators of
various rules and regs...with or without Blacknet,
with or without encryption.

For the purposes of discussion, let's assume perfect,
unbreakable encryption, all undistinguishable (even
in principle) from noise.  Yes, I admit, that is a
big assumption.

What other tools can be used, well...

1.  Imputed income.  If you live well, and don't show
    enough reportable income, the IRS can determine how
    much you are _Really_ making, and figure your tax
    thereon.  You disagree?  Prove it in tax court.
    By the way, the burden of proof is on ...YOU.

2.  Criminal conspiracy.  Elements are
   a.  two or more people
   b.  a prepatory act

    So...if we were talking about any number of possible
    illicit activities, conspiracy is a really viable
    charge.  Even if nobody ever commits the  act.  Think
    about this one next time you talk with anyone
    you don't know really well about anything much
    more controversial than the *_Lovely_* weather
    we've been having!

3.  CCE (Continuing Criminal Enterprise).  Did you
    know that the statute of limitations is suspended
    under this law?  And, testimony from third
    party *_unidentified_* informants is admissable?

4.  IRS-1040, Schedule B, Part III, Foreign Accounts and Trusts.
    Except for one relatively minor loophole, if you fail to
    report a foreign bank account, it is considered prima
    facie evidence of tax fraud.  Sound like a really bad
    day in the making?

5.  If you have more than $10,000 in US Dollar value in
    an offshore account, you are required to fill out a
    special form for the IRS giving your account numbers;
    unless you want to declare that you have more than
    20 such accounts, aggregating to more than $10,000.

6.  RICO.  They got Mike Miliken using this...indeed, Barron's
    magazine did an interesting report on RICO, with the
    conclusion that a determined Federal Prosecutor could
    use the law to convict a ham sandwich.

7.  Did you know that Federal prosecutors have a better than
    90% conviction rate?

8.  HOW does one spend "magic money"?  If you have bunches of
    cash offshore, and bring it in, records are created.  If
    you buy something, potential witnesses are created.  Can
    you really expect that the clerk in wire transfer at XYZ
    bank (who makes $6.50/hr) won't tip off someone when you
    wire in the $20,000 to buy ...whatever?

9.. Spies, criminals, and others often get in trouble due to their
    own and others' lack of discretion.  Can we really expect
    users of a hypothetical blacknet would never drink too much,
    never wish to impress someone, never trust someone unwisely?

NO, I'm not an attorney...by all means, check out what I've
said;  and, wherever you find errors, please correct them.
Hopefully, I've not given offense.  I enjoy encryption, and
I'm all for more of it;  but, I really don't think it will
be anything more than a minor inconvenince for law enforcement
and prosecutors if people engage in wholesale criminal acts.
The rather silly efforts in Waco, where those inside used
assault rifles to shoot at battle tanks; comes to mind as
analogous to use of encryption to stave off prosecution.

Now...your turn.  Let the Flames begin!

Regards,

Dave   




From RFORBES at Gems.VCU.EDU  Sun Feb 20 14:56:58 1994
From: RFORBES at Gems.VCU.EDU (RFORBES at Gems.VCU.EDU)
Date: Sun, 20 Feb 94 14:56:58 PST
Subject: signoff
Message-ID: <01H948F3P5J68WX7J2@Gems.VCU.EDU>


I can't keep up with the mail on the list. Can't sign on everyday.
Would like to unsubscribe. Give me some help in removing my name
from the cypherpunks list.  Thanx.





From nobody at shell.portal.com  Sun Feb 20 14:57:00 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 20 Feb 94 14:57:00 PST
Subject: REMAIL: down (sortof) remailers
Message-ID: <199402202254.OAA00811@jobe.shell.portal.com>


> (I figure they were just renamed and locked because the grad
> student who admins rosebud probably can't figure out how to remove
> an account being a VMS guy ;)

Or he found the remailers and is handing over full logs to the FBI
on a regular basis.





From nobody at jarthur.claremont.edu  Sun Feb 20 14:57:02 1994
From: nobody at jarthur.claremont.edu (nobody at jarthur.claremont.edu)
Date: Sun, 20 Feb 94 14:57:02 PST
Subject: No Subject
Message-ID: <9402202254.AA12409@toad.com>


Newsgroups: misc.activism.progressive
Path: netcom.com!netcomsv!decwrl!concert!corpgate!news.utdallas.edu!wupost!howland.reston.ans.net!usenet.ins.cwru.edu!ukma!mont!pencil.cs.missouri.edu!daemon
From: ww at blythe.org (Workers World Service)
Subject: $28 Billion Black Hole in US Budget
Message-ID: <1994Feb13.205638.22269 at mont.cs.missouri.edu>
Followup-To: alt.activism.d
Originator: daemon at pencil.cs.missouri.edu
Sender: news at mont.cs.missouri.edu
Nntp-Posting-Host: pencil.cs.missouri.edu
Organization: NY Transfer News Collective
Resent-From: "Rich Winkel" <MATHRICH at MIZZOU1.missouri.edu>
Distribution: usa
Date: Sun, 13 Feb 1994 20:56:38 GMT
Approved: map at pencil.cs.missouri.edu
Lines: 62


Via NY Transfer News Collective * All the News that Doesn't Fit


U.S. Budget:

THE $28-BILLION BLACK HOLE

Within President Clinton's proposed $1.5-trillion 1995 federal
budget lies a mysterious item. It is, according to the Feb. 8 New
York Times, "hidden in false line items and deleted passages in
the Pentagon's accounts." And it has been this way for over 40
years.

We're talking about the annual budget for secret military and
intelligence operations. This $28 billion--which is only an
"approximation"--is set aside for covert military programs and
repressive spy agencies like the Central Intelligence Agency; the
National Reconnaissance Office, which builds spy satellites; and
the National Security Agency, which conducts electronic
eavesdropping.

A black hole in space is so dense that not even light can escape
from it. This secret budget operates much the same way. Money
goes into it, but what it's spent for never sees the light of
day.

There isn't even Congressional oversight for how the money is
used. In fact, an estimated budget wasn't even published until a
decade ago. As is to be expected, the Clinton administration is
content with this arrangement.

Along with his overt support for covert operations, Clinton has
shown his admiration for the military-industrial complex by
offering the Pentagon $263.7 billion--$3 billion more than last
year. While there is certain to be some wrangling among the
politicians and military brass over which programs should get the
most, overall the Pentagon will once again be awash in money.

But don't think Clinton is showing favoritism only to the
generals. There are also the big bankers. They're getting $212.8
billion in 1995 in the form of interest payments on the national
debt. The capitalist government considers this budget item
legally mandatory.

All told, almost half-a-trillion dollars are going to the banks
and the military!

Think about that when the bosses and politicians tell you there's
no money for jobs, child care and housing.

                               -30-

(Copyright Workers World Service: Permission to reprint granted
if source is cited. For more information contact Workers World,
55 West 17 St., New York, NY 10011; via e-mail: ww at blythe.org.)


+----------------------------------------------------------------+
+ 212-675-9690      NY TRANSFER NEWS COLLECTIVE     212-675-9663 +
+           Since 1985: Information for the Rest of Us           +
+ e-mail: nyt at blythe.org                   info: info at blythe.org +






From jimn8 at netcom.com  Sun Feb 20 15:01:26 1994
From: jimn8 at netcom.com (Jim Nitchals)
Date: Sun, 20 Feb 94 15:01:26 PST
Subject: Key escrow for all encryption?
Message-ID: <199402202302.PAA25334@mail.netcom.com>


Fellow Cypherpunks,

Please gently correct my misinterpretation of the White House
press release.  I read it to state that commercial encryption
must embody key escrow, even if it's not Clipper.

Does this mean we must turn over our one-time pads and our
PGP private keys to a government agency?  I don't like this.
Not one bit.

Perhaps the CPSR request for votes should have read, "I oppose
key escrow," not just "I oppose Clipper."

- Jim Nitchals





From sandfort at crl.com  Sun Feb 20 16:16:59 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 20 Feb 94 16:16:59 PST
Subject: Blacknet worries
In-Reply-To: <9402202250.AA24131@runner.utsa.edu>
Message-ID: <Pine.3.87.9402201504.A22643-0100000@crl2.crl.com>


C'punks,

David L Womack wrote about several ways he thought the USG could go after 
crypto anarchists and fellow travelers.  While I believe there is much to 
say in agreement with the tools he has identified, in some ways, he is 
still asking the wrong questions.  David wrote:

> 1.  Imputed income.  If you live well, and don't show
>     enough reportable income, the IRS can determine how
>     much you are _Really_ making, and figure your tax
>     thereon.  You disagree?  Prove it in tax court.
>     By the way, the burden of proof is on ...YOU.

If you have no *seizeable* assets, the burden--in effect--moves back to 
the IRS

> 2.  Criminal conspiracy.  Elements are
>    a.  two or more people
>    b.  a prepatory act
> 
>     So...if we were talking about any number of possible
>     illicit activities, conspiracy is a really viable
>     charge. . .
> 
> 3.  CCE (Continuing Criminal Enterprise). . .

Again, without seizable assets, it is highly unlikely any of this neat 
stuff will be used against you.  Only fat or famous targets are worth the 
government's attention.  They aren't in it for their health.

> 4.  IRS-1040, Schedule B, Part III, Foreign Accounts and Trusts. . .

If your total overseas accounts aggregate under $10,000, the correct 
answer to the IRS is "NO."  For amounts over $10k, well, they have to 
find them first, don't they?  *Insurance* and *annuity* policies aren't 
reportable at all.  Give you any ideas?
 
> 6.  RICO. . .
>
> 7.  Did you know that Federal prosecutors have a better than
>     90% conviction rate?

Same answer.  They aren't going to fool with you unless you have bucks or 
are a "name."

> 8.  HOW does one spend "magic money"?  If you have bunches of
>     cash offshore, and bring it in, records are created.  If
>     you buy something, potential witnesses are created.  Can
>     you really expect that the clerk in wire transfer at XYZ
>     bank (who makes $6.50/hr) won't tip off someone when you
>     wire in the $20,000 to buy ...whatever?

(a)  You plan to use your "true name"?  (b)  You plan to actually 
transfer the money?  How crude.  Why not just access the goods and 
services without bringing in the moola?  (Paradyme shift required.)
 
> 9.  . . . lack of discretion.  Can we really expect
>     users of a hypothetical blacknet would never drink too much,
>     never wish to impress someone, never trust someone unwisely?

Yes, for those who can't keep their business secret, think of it as 
evolution in action.

While David has done some great *linear* thinking about the problems that 
will face us all in the brave new world of crypto anarchy, something more 
is needed.  All the problems that have been suggested have solutions.  
But they require that we not get canalized in our thinking.  The digital 
domain is NOT the real world rendered in electrons.  It has its own set 
of rules that are derived from its unique electronic/cryyptographic nature.


 S a n d y








From mg5n+ at andrew.cmu.edu  Sun Feb 20 18:01:31 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 20 Feb 94 18:01:31 PST
Subject: New Remailer up!
Message-ID: <YhO1HTy00VB_QNplBR@andrew.cmu.edu>


At last, my long-promised pseudo-account remailer is open for testing. 
Here's how it works.

Send mail to mg5n+getid at andrew.cmu.edu

you will receive back an encrypted email address of the form:
mg5n+eaxxxxx at andrew.cmu.edu

(ea=encrypted address, in case you were wondering)
All mail sent to that address will be forwarded to you.
When you post anonymously, you can include that address for people to
make replies to.  That way, people can send replies to your messages but
not know who you really are.  Most of the cypherpunk remailers allow you
to insert a Reply-To: header.

Random padding is added to the address before it is encrypted. 
Therefore, every time you request an encrypted address, it will be
different.  This allows you to get a different email address for each of
your cypher-tenacles. :)

Messages sent thru the remailer are not anonymized.  The complete,
unaltered message is forwarded.  If you want anonymnity, first send your
mail thru one of the anonymous remailers.

Source code is availaible.  Email me if you want it.

P.S. Expect a moderate delay for messages sent thru this remailer.





From elric at umich.edu  Sun Feb 20 18:37:03 1994
From: elric at umich.edu (Elric of Melnibone)
Date: Sun, 20 Feb 94 18:37:03 PST
Subject: New Remailer up!
In-Reply-To: <YhO1HTy00VB_QNplBR@andrew.cmu.edu>
Message-ID: <Pine.3.89.9402202114.C8842-0100000@terence.ccs.itd.umich.edu>


Ok, is it Just me. or did Mr. Ghio send 10 copies of that letter saying 
his new remailer is up?



                      />
                     /<
            O[\\\\\\(O):::<======================================-
                     \<   Blood and Souls             <\
                      \>          For My Lord Arioch   >\
            -======================================>:::(0)//////]O
                                                       >/
                                                      </
Elric at umich.edu







From mg5n+ at andrew.cmu.edu  Sun Feb 20 18:42:03 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 20 Feb 94 18:42:03 PST
Subject: New Remailer up!
In-Reply-To: <Pine.3.89.9402202114.C8842-0100000@terence.ccs.itd.umich.edu>
Message-ID: <4hO1v_S00WBOQ8k0wF@andrew.cmu.edu>


>Ok, is it Just me. or did Mr. Ghio send 10 copies of that letter saying 
>his new remailer is up?

Must be just you.  I only sent one, and I only got one copy back from the list.





From wallace at cs.widener.edu  Sun Feb 20 18:47:03 1994
From: wallace at cs.widener.edu (Achbed Manganime)
Date: Sun, 20 Feb 94 18:47:03 PST
Subject: New Remailer up!
In-Reply-To: <YhO1HTy00VB_QNplBR@andrew.cmu.edu>
Message-ID: <9402210245.AA17172@cs.widener.edu>



	Umm... that was the 10th copy of the letter that I got...

	Just thought you would like to know.

	- DW -

wallace at cs.widener.edu -- Sig of the Day -- Dennis.S.Wallace at cyber.widener.edu
Lord grant me the serenity to accept the things I cannot change, the
courage to change the things I can, and the wisdom to hide the bodies
of those people I had to kill because they pissed me off.   - Anonymous





From hughes  Mon Feb 21 15:16:34 1994
From: hughes (Eric Hughes)
Date: Mon, 21 Feb 94 15:16:34 PST
Subject: ADMIN: cypherpunks went down
Message-ID: <9402212316.AA12296@toad.com>


This message counts as a test message.  Please DO NOT respond to it.

Hugh and I took the list down last night.  This is the same list
spewing problem that we had last week, only this time it's worse,
because toad.com just got a CPU upgrade; it's four times faster now.
Sorry.

Please, Please, PLEASE in the future if this happens, DO NOT send more
mail to the list; it only makes the problem worse.  These messages
were started to spew as well.

Send urgent mail about list problems to me, hughes at ah.com, or
postmaster at toad.com.

Many thanks to Hugh Daniel for squashing sendmail processes like
cockroaches.  (He was laughing maniacally for a bit, there, "DIE!,
DIE!")

We managed to catch the problem before it went on for too long.  I
took everyone off the list after backing it up and left only me and
Hugh on it, so most of the problem didn't go to the list.  What
happened was that the sendmails started spawning faster and faster.  I
got a megabyte and a half of repeated mail before we squished
everything.

Eric







From aragorn at alpha1.csd.uwm.edu  Mon Feb 21 15:24:12 1994
From: aragorn at alpha1.csd.uwm.edu (stevenJ)
Date: Mon, 21 Feb 94 15:24:12 PST
Subject: New Remailer up!
Message-ID: <199402212323.RAA28687@alpha1.csd.uwm.edu>


Elric of Melnibone muttered something about...
::
::Ok, is it Just me. or did Mr. Ghio send 10 copies of that letter saying 
::his new remailer is up?

No, it was more like 50 copies of the item.  How kind of him to do this for
those of us who have poor memories.


e x  t  r   a   p   o  l  a  t e			       steve j. white
_____________________________________________________________________________

Gort, klatu barada nicto.			   aragorn at alpha1.csd.uwm.edu




From hughes at ah.com  Mon Feb 21 15:25:49 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 21 Feb 94 15:25:49 PST
Subject: ADMIN: another test message
Message-ID: <9402212324.AA12866@ah.com>


This is another test message.  Please don't respond to it either.

Eric





From hughes at ah.com  Mon Feb 21 15:40:34 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 21 Feb 94 15:40:34 PST
Subject: ADMIN: majordomo is running on toad.com
Message-ID: <9402212338.AA12914@ah.com>


The two preceding test messages were brought to courtesy of
majordomo at toad.com, to which all list requests should now be directed.
Sending a blank message there will get you a help file.  Sending mail
to cypherpunks-request will get you a different help file.

We enabled the unsubscribe filter that majordomo has, so that problem
may go away.

I've got some list traffic from the last day salted away, but I'm
pretty sure I didn't manage to snag all of it.  I'll get as much as I
can out this evening, but I'm going to discard all the commentary
about "how many messages".

I hope this all helps.

We didn't put up the extropians list software because we didn't have
it and because we needed something quickly.

There is a 'who' command available on majordomo, so it's even easier
to get a list of subscribers now than it used to be.  If you don't
like this, get off the list or get a pseudonym.  Removing the feature
requires majordomo hacking, which is not high on my priority list.

Many thanks to Hugh Daniel for doing most of the installation.

Eric





From frissell at panix.com  Mon Feb 21 15:44:34 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 21 Feb 94 15:44:34 PST
Subject: Gun conversion info banne
Message-ID: <199402212344.AA25635@panix.com>



M >Has this law ever been challenged in court? I doubt if it would stand 
M >up, as long as the books are written as "here's how one would..."
M >rather than actively encouraging you to do it. Technical information
M >cannot be banned, as long as you aren't inciting violence.
M >
M >--- Mike

Sorry I'm years behind in my list reading...

Mike, recall the precedents.  FDA burning of Reich's books in the '50s as 
"labeling for an unlawful medical device" -- the Orgone Accumulator.  
Likewise FDA seizures of Scientolgy literature in the '60s as "labeling 
for an unlawful medical device" -- E-meters.  Then there are the moves 
against vitamin literature in recent FDA raids.  I don't think the courts 
have ever faced the specific issue of regulatory censorship.

DCF

Then there's the time in the early '80s when the Consumer Products Safety 
Commission banned the "Button Book."
--- WinQwk 2.0b#1165                                                                                                                      





From ccat at netcom.com  Mon Feb 21 16:36:11 1994
From: ccat at netcom.com (Chris Beaumont)
Date: Mon, 21 Feb 94 16:36:11 PST
Subject: Banning of scientific information (re:FDA,etc.)
Message-ID: <199402220036.QAA03760@mail.netcom.com>


  I don't know if they are still doing it,but last year
there was a discussion on sci.med about the FDA's pressure
on certain medical journal publishers not to publish certain
peer-reviewed medical studies here in the US.

And,as far as I can see,their policy of supressing information is 
effectively suppressing an 
effective nutritional therapy that helps people quit crack..(L-Tyrosine)

Why?,Who knows.
But it's telling that they always seem to support the large corporate
approach to global pharmaceutical marketing.. Shades of the Opium Wars.


Remember,its ten years after 1984.





From mg5n+ at andrew.cmu.edu  Mon Feb 21 16:41:28 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 21 Feb 94 16:41:28 PST
Subject: Remailer Update
Message-ID: <QhOJFIG00awKIXg0QM@andrew.cmu.edu>


Eric Hughes wrote:

> We managed to catch the problem before it went on for too long.
> I took everyone off the list after backing it up and left only me
> and Hugh on it, so most of the problem didn't go to the list.
> What happened was that the sendmails started spawning faster
> and faster.  I got a megabyte and a half of repeated mail before
> we squished everything.

I'm glad you caught the problem.  I'd hate to see what would have
happened if it had gone on for too long.  :)

My remailer was off-line from midnite to about 18:00 hours (eastern
time) today.  I took it off-line so I could handle the toad.com mail
bomb.  I have restored the remailer and FAQ server to normal operation. 
About 15 messages piled up in the queue during this time, and I sent
them out about an hour ago.  Let me know if there were any problems. 
Also, let me know your opinions on overall functionability of the
remailer, and any bugs/problems.

To everyone who requested the source code, sorry I haven't gotten to it
yet.  I will...

P.S. The remailer info I maintain at mg5n+remailers at andrew.cmu.edu has
gotten quite popular.  When I first set it up, I got at most 2-3
requests a day.  The last couple of days I have been getting 10 to 15
remailer-info requests a day.  I wonder where they're coming from...I
guess some non-cypherpunks groups have gotten on the anonymnity
bandwagon.  Wow... there goes another one.  (I have it display a message
on my screen whenever a request goes thru.)





From mnemonic at eff.org  Mon Feb 21 17:08:04 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 21 Feb 94 17:08:04 PST
Subject: Gun conversion info banne
In-Reply-To: <199402212344.AA25635@panix.com>
Message-ID: <199402220107.UAA06173@eff.org>


 
Duncan writes:

> "labeling for an unlawful medical device" -- the Orgone Accumulator.  
> Likewise FDA seizures of Scientolgy literature in the '60s as "labeling 
> for an unlawful medical device" -- E-meters.  Then there are the moves 
> against vitamin literature in recent FDA raids.  I don't think the courts 
> have ever faced the specific issue of regulatory censorship.
> 

These cases are pre-Brandenburg v. Ohio. In Brandenburg, the Supreme Court
held that mere advocacy of illegal conduct is Constitutionally protected.


--Mike







From Martin.Greifer at f28.n125.z1.FIDONET.ORG  Mon Feb 21 18:37:46 1994
From: Martin.Greifer at f28.n125.z1.FIDONET.ORG (Martin Greifer)
Date: Mon, 21 Feb 94 18:37:46 PST
Subject: new remailer up!
Message-ID: <8626.2D696209@shelter.FIDONET.ORG>



 * Reply to msg originally in CYPHERPUNKS

 Uu> Ok, is it Just me. or did Mr. Ghio send 10 copies of that letter
 Uu> saying  his new remailer is up?

He must be snubbing you.  I've received 48 so far.

X----X----X----X----X----X----X----X----X----X----X----X----X----X
|--=[martin.greifer at f28.n125.z1.fidonet.org]=--{PGP Key 8248D5}--|
|--=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=-|
X  "Germans who wish to use firearms should join the SS or the   X
|  SA - ordinary citizens don't need guns, as their having guns  |
|  doesn't serve the State." - Heinrich Himmler (& Janet Reno?)  |
X--=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=-X
| "JUST SAY NO TO BIG MOTHER GOVERNMENT AND THE CLINTON AGENDA!" |
X----X----X----X----X----X----X----X----X----X----X----X----X----X




___ Blue Wave/QWK v2.12
--  
Martin Greifer - via FidoNet node 1:125/1
UUCP: ...!uunet!kumr!shelter!28!Martin.Greifer
INTERNET: Martin.Greifer at f28.n125.z1.FIDONET.ORG





From solovay at math.berkeley.edu  Mon Feb 21 21:23:03 1994
From: solovay at math.berkeley.edu (Robert M. Solovay)
Date: Mon, 21 Feb 94 21:23:03 PST
Subject: Gun conversion info banne
In-Reply-To: <199402212344.AA25635@panix.com>
Message-ID: <199402220522.VAA23755@math.berkeley.edu>


 Duncan Frissell <frissell at panix.com> writes:
Then there's the time in the early '80s when the Consumer Products Safety 
Commission banned the "Button Book."

Query:
	What pray is the "Button Book".





From sameer at soda.berkeley.edu  Mon Feb 21 22:56:19 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Mon, 21 Feb 94 22:56:19 PST
Subject: A crypto-oriented inet connected household
Message-ID: <m0pYpz3-000157C@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----






	This is something that I've decided to do, and we have to get
working on things, quickly.

	Check it out-- if you're interesting joining this thing, mail
me, and we'll talk. (sameer at soda.berkeley.edu)

	The idea at this point is to get a place in June, and then get
our net link maybe in the fall or winter sometime. (We'll likely have
a SLIP link starting in June.)
	If you're not a hacker/tech/geek/etc. -- don't worry. Read
through this and if you think there's something you can contribute, we
can talk.

	The name "NEXUS-Berkeley" *really* needs some improvement. We
haven't thought of a good replacement yet.

(This is still a draft)

1) Introduction
	What's the NEXUS-Berkeley Project all about? It's a lot.

	There are goals, and there are dreams.

	Most of all though, we're optimistic. We know we can do it.

	So, then.. what are we doing?

	We're hardwiring the Gaia Consciousness.

	In other words. A bunch of people who want high-quality net
access to their home are getting together, pooling funds, so that they
can do it. That's us, the NEXUS-Berkeley folk.
	Our plan right now is pretty simple. We're going to find a
place in Berkeley to move into. Thus we all have to work on how a
bunch of net-fiends like ourselves can live together.
	Then we're going to get a dedicated line to the internet, and
connect it to out home network of computers. I'd like to see a
terminal in the kitchen, the bathroom, a few in the living room, and
personal privately owned machines in each individual's bedroom. All
this hardware will be wired together into a local network, which is
then connected to the internet, via a dedicated line of some sort.
	Then we're going to start moving towards self-sufficiency--
providing internet services to the local community to bring in income.
Minimally, the net-link should be paid for by our income. Ideally,
we'll have enough income to pay the rent.
	The first step is shell accounts, sold cheaply. We can't
compete with the giants, netcom, crl, etc. We will provide a service
along with the shell accounts that won't be found at the giants-- a
community-oriented personalized approach. We want to build a community
around this thing. We'll have a local BBS, monthly meetings, internet
tutorials, and maybe even parties, where the attendants can take a
break from dancing and log into vrave.
	We don't want just tech-folk, though. We want BALANCE. We need
writers, artists, teachers, techies.. If you have a talent, it's
likely that the NEXUS could put it to good use. We need teachers to
run the tutorials. Artists to make flyers and decorate the place.
Writers to write press releases and other written work. Sociologists
to study us and keep us from killing each other.

2) Technical issues
 A) The link

	We have a bunch of options for the link. For startup we can
probably only afford at 56k line. There's a few choices in that
regard. We can go with The Little Garden, a cooperative, whom Sameer
would very much like to deal with, because of the cooperative nature
of it all.
	There's Internex-- they provide ISDN, which is high-bandwidth,
but right now ISDN runs .01/minute. If ISDN ever goes to untimed
service it would be excellent, but I'm not counting on it.
	There's sharing 5 SLIP lines with another site, which has the
benefit of cost, and a max-throughput of 56k, but it's sharing it with
another site, which has its obvious drawbacks.
	  If we want to resell the link 56k can only last so long. T1
is an inevitable situation. We will probably end up with an overbooked
T1 [The Little Garden] and move up from there (time and money will
tell) The provider is also quite up in the air. We can't be positive
who we will want to deal with.  Demand exceeds supply, so finding a
provider who is civil and non-anal retentive about usage could be a
chore. (Sprintlink seems like a good option.)

 B) The computers and hardware
	We'll need a main computer (or cluster, depending on how much
CPU-power we need) which is owned by the group, some terminals, (bad
ones for the kitchen & bathroom, but good ones for the living room) a
router, and a CSU/DSU pair. Individual resident members should use
privately-owned computers for their rooms.
	I'd like to have it set up so that there's a main NFS-mounted
filesystem with most stuff, email, news, general files, but each
individual's private computer is very isolated and paranoid about
security, where they can store sensitive things such as PGP private
keys. CFS can also be installed on the personal workstations, so that
private computers need not have that much local drive space, while
preserving privacy.
	  The main choices of processors seem to be quite numerous. We
have pretty much ruled out intel processors at this point. Sun and DEC
seem to hold the most promise for servers.  We have to learn a lot
more about machines before deciding what will suit our needs. We can
get something used.
	  What kind of ethernet are we going to use? How fast will it
be? What vendor?

 C) Machine Speed/Upgrades
	We will constantly be wondering exatcly where our income will
be best spent. Trying to make sure all of the hardware we have is up
to the task is going to be a royal pain. Each upgrade brings new
problems and exposes new bottlenecks.
	  A vitally important factor is machine speed. People hate
waiting 30 sec to a min for their mail or news to index or for a
program to start. This gets people complaining fast.
	Batch processing: For incoming mail and news, we can deal with
slower machines here, but we will need power news and mail get backed
up at another site and we get hit with a deluge all in one day (this
happens more than you may think)
	We should probably allow users to use 5 megs of diskspace with
maybe a one dollar per meg per month charge for diskspace used over
five megs.  We need need to know this before we know how much HD space
to buy.

 D) Dialups 
	This is a HUGE pain in the ass. The system Aron currently on
staff for (eskimo.com) has a basic policy of 90% free. Meaning 90% of
the time you get through on the first try. This has worked out to 13
users per dialup. We will likely find something similar. Optimally I
would like to see around 10 per dialup, but resources will again be a
factor.

 E) Miscellaneous Services
	Games: Something where the user has a graphic client at home
and uses our machines to communicate with other users in the same
general area or around the world I know DOOM can be played on
networks.  It would be interesting to talk with id software and see
what we can hack together.


3) Social issues
 A) Residents
	We have to decide how many resident members we want. They all
have to be pretty compatible in living style, as well. It seems that
5-10 would work out pretty well, with seven as the ideal.  We also
need *balance*. We need techs, artists, writers, teachers, and more
sorts to round out the local community. A household full of
tech/hacker/geek-types won't be well-rounded enough for my tastes.
(Well all be net-fiends, though, of course.)
	  Residents will be those that can make a healthy commitment
of time and money to the nexus. Time and a desire to work are
*clearly* more important than the size of your monetary
contribution. We will however need a decent amount of capital to get
the ball rolling. All types of people need apply. We have enough
people to run the tech end of things even now (though we would like a
few more).
 	  We intend to try living together for a month or 3 to iron
out the kinks before sinking our hard won cash into a ton of
equipment. There are a ton of horrible nasty issues that have to be
worked out before we can even THINK of doing this seriously.

 B) Local community
	We can set up a BBS to serve everyone in the community, to
help foster the community-oriented aspects. Sameer thinks that the
local discussions groups should be accesible ONLY via the BBS
(hopefully we can find a good free BBS system for UNIX) because
there's an entirely different feeling when accessing something via a
usenet newsreader than a BBS interface.
	We want people logging into the BBS (if they want to login
directly to a shell that is cool too) as the default. Something that
is intuitive and user friendly. Something that encourages
communication between our customers. Encourages them to make their own
spaces within the BBS (various conferences or groups-- it should be
trivial for a user to start his or her own local group). We should
encourage people use the machines for thier projects and interests --
hopefully things we haven't even conceived.
  It is important to get the users as involved in the bbs as
possible. Aron has noticed that people will put up with a lot of crap
if you tell them *why* it is happening and *what* is being done to fix
it. Encourge folks to build a place where they will feel comfortable.
	Once again the community aspect of the bbs is key, it is the
only thing we will be able to offer folks that crl and netcom
can't. Although I do not want to do this at the expense of
performance, community is something that we can only work to foster;
if we pull it off will not cost us anything in the way of money.
	  Although 95% of all muds are complete shit there are a
select few that are very much worth playing.  They also do a ton for a
community vibe (at least some of them do) This is another thing that
can start small (depending on resources) and grow to hugeness.

  C) Nexus Fissioning
	  These are basically the issues of nexi fissoning, or ouside
parties with the recources to do so "glomming on". Most of this can be
addressed at a later date.

  D) Meetings
	User meetings are key. We nned to be able to meet these folks
face to face and show them that we are in fact real folks. It makes
people feel better about the service and enhances the community
vibe. Aron would suggest monthly meetings. Sunday afternoons are
usually the best time. A place like a pizza joint usually has no
problem with this since they get little buisness on sunday
afternoons. Also that is the time most people will be able to make a
meeting. Before Aron left Seattle eskimo was getting between 20-30
folks a month sometimes as many as 50. He's sure it has swelled since
eskimo's subscriber base has exploded.

4) Economic issues
 A) Incorporation
	We should get an EIN, and a bank account, and all that good
stuff, but the question is whether or not we should incorporate as a
non-profit?
	  It has been mentioned that the "safest" way for us to go
about organising as a buisness is to organise as a corperation. This
protects us from being sued as individuals and has tons of other nice
benefits-- limited liability. There are also numerous reasons we would
like a corporation for tax reasons, because by moving personal
expenses to corporate expenses we can get bigger tax writeoffs.

 B) Incomes for residents
	At the outset everyone will need day jobs.

 C) Self-sufficiency
	Once the nexus becomes self-sufficient (I'm optimistic)
dealing with new arrivals/departures will get VERY interesting.

 D) Shell accounts for the community
	We can provide dialup access to the net, and our edge on the
big providers will be the niche market I've been talking about. The
community-oriented approach will give us our market. I'd like it to be
sorta like the well but less expensive, and less elitist. Monthly
meetings for users, occasional parties, and the like will build a
strong commitment between the nexus and the dialup members.
	A good pricing structure could be $15/month, $30/quarter, and
$90/year.

  F) Anonymous crypto services


5) Projects
	Projects will be what gives us noteriety in the E and RL
communities. They will also be a major source of income (depending on
the nature of the project obviously). Hopefully, they will also be a
hell of a lot of fun. We need any and all ideas for more project
areas.
	People who joined the NEXUS-Berkeley will have to decide for
themselves how they can contribute using their own particular skills,
in their own project. Thus before anyone joins the NEXUS-Berkeley an
individual should write up an informal "Project Proposal" such that
their commitment is made firm and we know how they'll be able to help.
	We will be writing up a "Request for Projects" and posting it
among various newsgroups, so that interested people may join us if
they so desire.

  A) Programming

	Being a mostly E oriented group (although not totally E, but
that will be the focal point and that which brings us together, a
facilitator if you will) we will most likely have tons of programming
projects going. Some of which will relate directly to the BBS, others
which may have uses to a variety of people. Writing free software for
net distribution and the like. The majority of the things below are
just ideas I am throwing at you. Feel free to pick them up and run or
add your own.


  B) AI
	This is an interest of Aron's and he would like to work on
various things in this area.

  C) Graphics

	Eye candy anyone? SGI or Amiga kinda stuff here, Dunno how we
can turn it into money though I *know* there are many ways. We could
possibly offer the basic scanning and manipulation services in order
to help pay for the workstations and other assorted equipment.

  D) Cryptography
	Sameer is very interested in implementing and developing
cryptographic and anonymity tools through the Nexus for fun &
profit. There is a good deal that we can do, including pay for use
anonymous remailing services, anonymous IP forwarding (IP laundry) TCP
in UDP tunnelling so that nomads can have TCP/IP connectivity
whereever they have a telnet dialup.
	Each of these schemes can bring in a good sum of money, if
arranged properly

  E) Operating Systems
	Have you ever been 100% satisfied with the OS you were using?
Although the manpower (ok personpower) for such a massive undertaking
would not come solely from the Nexus.
	I do not see why it could not be a focal point for
development. There is a ton of public domain code to start with and
build on. I would favor a microkernel UNIX variant. We could offer
free accounts to other folks who are willing to do coding (up to a
reasonable level). We could offer a full blown killer OS for the price
of Windows or System 7. Aron fully realizes this is one of his "lofty"
goals, but he would love to see it happen.

  F) Zines
	Chris Blosser has expressed his desire to publish a 'zine for
his contribution to the project. It would be a wonderful form of
community building, including merely public relations all the way to
contributions from subscribers to the various services which we will
sell.

  G) Music
	Making money in that buiness?  If we had the space (correctly
zoned of course) we could put on shows of various types, showcase
slightly obscure bands, and make some money in the process. There is
quite a bit of shit to consider insurance and crap.
	We could incorporate the net into our music making-- some
intercity/international collaborative music-making would be an
excellent project. This could be incorporated into collaborative
artwork as well, similar to things such as the OTIS Project.
	

  H) Raves & Parties
	As for a raves and rave like parties, these are other things
we can do (both free and for profit though if anyone wants to throw a
$20 event we will kill them) We have a few folks who are knowledgeable
about what to do here.
	It would be really great to put on parties at which we have
terminals available, either logged into vrave or connected with other
Nexus-homes across the world each of them holding parties at the same
time, so that international parties can be arranged. Sameer has
mentioned this idea to many people and they are very interested-- this
seems a great way of getting people interested in becoming members or
simply attending our parties.  
	Of course there are concerns about securing the equipment and
noise in the neigborhood. And numbers of people.  This is a great idea
for community building.
	Do we even let folks know where the house is? All these
party ideas are great, but do we really want a ton of people we don't
know, knowing that we have 100 grand worth of equipment in our house?
Security is a big issue here, as well as the fact that we may not have
enough room to pull shit like this off. This is definetly something
that needs to be hashed out.

  I) Testers 

	We will probably end up with a wealth of people who want to
beta test our projects. We can offer incentives to these people as
well (although early use of the program should be enough).

6) The house
 A) Location
	Sameer wants it to be close to the UC Campus. Sameer attends
the UC, so I'd like to live close by. There's more people in the area,
which is a plus, as well. Choosing a place close to the PacBell's
Berkeley Cental Office would give us improved line quality and a
cheaper leased line.
	  The location is to be somewhere in Berkeley, while there is
also a small possibility that the house could be in San
Francisco. There are a variety of factors involved, some of which will
not be resolved for a while.  There is also a more miniscule
possibility that the nexi will fission off before even getting started
with locations in each city. (If we end up with say 20 *seriously*
interested people this would be the most likely scenario.)

 B) Size
	The house should be large enough to house 5-10 people (around
7 being considered optimum) When it comes to floors and number of
rooms, that is still up in the air this depends mostly on how people
want to live, some can handle living in rooms with one or 2 other
people while other people *need* thier own space.
	Ideally, the lower level would be with a kitchen, living room,
and bathroom, and the upper levels would house the private spaces of
all the residents, so that we can host parties while preserving the
security of each individual resident's space.

 C) Cost
	??? I don't know much much a 6 BR place near campus costs. I
read one ad that was a 6 BR place, allegedly "close to UC" for
$2400/month.






-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWmcq3i7eNFdXppdAQHS0AP9EvGLjvpZf/p2uSaywniS2GW/gMiP7P1P
UKc9Dt5Sh8bhxFlW/pc2UsR7x4Xx2/qdkYHMbSP/KjbBJTa7viXtqLIP63vrgScz
9TaY6suKaelp7Hzg+S9zxbkzxry1LwXFpmGkxGze8prOG4FdEXCPQALCfaQI/E9U
xHEPWrALQZU=
=PqFj
-----END PGP SIGNATURE-----




From sameer at soda.berkeley.edu  Mon Feb 21 22:57:56 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Mon, 21 Feb 94 22:57:56 PST
Subject: Young cypherpunk seeks summer position in the Bay Area
Message-ID: <m0pYqEC-00015CC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

	(Could some exi-bayer please forward this to the main
Extropians list? I've been busy lately and unsubbed. Thanks.)

	This young motivated, energetic, talented cypherpunk is in
search of some sort of summer position, internship, whathaveyou which
will use his skills to the fullest.
	I've been hacking UNIX for the past three and a half years
now, and I've been employed using UNIX for the past semester. I've
been spending much time outside of class & work learning perl and
other fun elements of UNIX-- I've installed linux and xwindows on my
roommate's 486. I've recently been working on a fully anonymous anon
server which protects users against direct attacks upon the server
itself.
	Although I spend a great deal of time outside class learning
to administrate my local machine, I have still found the time to do
well in my classes. I plan on majoring in both Computer Science and
Physics because they are both so compelling that I can't choose one or
the other.
	While I would prefer a position which is BARTable from
Berkeley, because I don't own a car, I can probably get a car if
needed.


	-Sameer

                               SAMEER PAREKH
                             2650 Durant #802F
                            Berkeley, CA 94720
                           510-643-1741 (voice)
                           510-321-1014 (pager)
                         sameer at soda.berkeley.edu
                                     
OBJECTIVE:     A  summer  position  in the Bay Area utilizing  my  computer
               skills.

EDUCATION:     University of California at Berkeley, Berkeley, CA 94720
               Graduation: 1997
               Intended Majors: Computer Science/Physics --- GPA: 3.9

               Libertyville High School, Libertyville, IL 60048
               Graduated 1993 --- GPA: 4.343 Class Rank: 8/460

               Languages: 5 years Spanish, 3 years Latin

COMPUTER
EXPERIENCE:    Systems: UNIX  (System Vr4 & BSD: SunOS, Ultrix,  HP/UX,
                        Dell,  Dynix,  Linux), XWindows (tvtwm,  olvwm),
                        MS-DOS, Macintosh, GS/OS
               Languages/
               Shells:  C,  C++,  Perl,  Awk, Sed, Bourne  Shell,  TC
                        Shell, Scheme, Pascal, BASIC

EMPLOYMENT:    Assistant  Network Administrator - Haas School  of  Business
                                                  Computer Center
                                              September 1993-Present

               o    Install network hardware/software
               o    Write  programs  and  scripts for the day-to-day
                    administration of the UNIX computers, including
                    automated mail alias creation and modification
               o    Write and maintain UNIX scripts to manage mailing
                    lists, gopher, and other UNIX services
               
               Student Technician - Libertyville High School
                                              March 1992-June 1993

               o   Operate lighting, sound, & fly systems for private groups
                   renting the school's theatre and auditorium facilities
               o   Train underclassmen in operation of lighting, sound,
                   flies, and other technical equipment
               o   Responsible for operation of auditorium facilities for
                   school events, including concerts and assemblies

ACTIVITIES:    Computer Science Undergraduate Association

AWARDS &
ACHIEVEMENTS:   National Merit Scholarship Finalist
                Illinois State Scholar
                Advanced Placement Scholar
                Semifinalist for the US Physics Team
                Junior Engineering Technological Society
                                     District Competition
                                          First Place Physics
                                          Third Place Computer Fundamentals
                                          Most Valuable Team Player
                                     State (Illinois) Competition
                                          First Place Physics
                                          Fourth Place Computer Fundamentals

REFERENCES:    Available upon request


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCUAgUBLWmf7Xi7eNFdXppdAQHkLwP3XBGQrvKGxk0l7TxRqBE5ghOjA+Ojo+Cp
EJx207mn+6yjR4UNLheHSPGWQhG7RtYsH6ziXR2XqfjBNv7YSMG6Tb5nmteySTMO
4uy7I8dozZ4mQBf+sAbkvk0SpSgw+Md9lz6WRmUI2PCbQSwHlHbp5zgoqpwk9AY7
4DFzz3GeNw==
=g5Wv
-----END PGP SIGNATURE-----




From sameer at soda.berkeley.edu  Mon Feb 21 23:40:32 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Mon, 21 Feb 94 23:40:32 PST
Subject: Just wrote a simple perl script to autosign messages
Message-ID: <m0pYrgs-00010tC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

	I just a simple perl script which autoencrypts a message based
on the To: line.. it's not very robust, but:

The To: line must be of the form:

To: Name <address>
To: address (Name)
To: address

	It uses a userid of "address" to encrypt.
	It doesn' allow multiple names on the To: line.

#!/usr/bin/perl
$pgp = "PGPPATH=/home/sameer/safe/pgp /usr/local/bin/pgp" ;
$header = "/tmp/header.$$" ;
$body = "/tmp/body.$$" ;

open (HEADER, "> $header" ) ;

while(<>)
{
    print HEADER $_ ;
    $to = $1 if /^To: (.*)$/ ;
    $to = $1 if /^To: .* \<(.*)\>$/ ;
    $to = $1 if /^To: (.*) \(.*\)$/ ;

    last if /^[ \t]*$/ ;
}
close ( HEADER ) ;

open (PGP, "| $pgp -eaf \"$to\"\ > $body" ) ;

select (PGP) ;
print <> ;

close (PGP) ;

select (STDOUT) ;

open ( HEADER, $header ) ;
print <HEADER> ;
close HEADER ;

open ( BODY, $body ) ;
print <BODY> ;
close BODY ;


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWm2Rni7eNFdXppdAQHB1gQAjOVUdh+45+u1t9hiYS6IeK5A0LoRWpS/
3ekx8ohTudmXND1OKr3r9j9mjWtZr8TD8Upc7rVy6Ez3P7vdHa75uiuqzy4mwaUM
ORDrBL19gjqR9w8leoSylFpNRAHVOCTx4NzoFpDTEXWpGcq6fF7jL4OPpRIMH7lj
hkIuR7BnAjY=
=AxMi
-----END PGP SIGNATURE-----




From Seth.Morris at lambada.oit.unc.edu  Tue Feb 22 00:07:36 1994
From: Seth.Morris at lambada.oit.unc.edu (Seth Morris)
Date: Tue, 22 Feb 94 00:07:36 PST
Subject: PGP Tools question, and soda archives.
Message-ID: <9402220807.AA14442@lambada.oit.unc.edu>



 Hey all.
 I've been trying to get the PGP Tools library to work on my system
(MSDOS, Turbo C 2.0, 286), and have been having a hell of a time.
Aside from the problems getting the makefile to function here (the
DOS 127 character command line limit killed the ptd.exe cc line), the
demo locks up in fifo_destroy. Looks like there's a missing NULL
termiantor.

 Now, I saw a bug fix on the list a few days (weeks?) ago, and I'm
not certain if the file I have has that included (pgptl10c.zip),
so I tried to check the cypherpunks archives at soda.berkeley.edu to
find the reference. I don't have shell acces here (have to use a menu,
can't use elm's filter, no ftp, no telnet, etc), and gopher failed to
connect to soda to let me look. When I borrowed a friend's shell
account for a few moments to try the ftp, soda shut down when I
told it I was anonymous.

 So, is soda still the archive (have I missed a major announcement?)?
 Is there a later version of pgptools?
 Has someone else fixed the MS-DOS support? (I finally just yanked the
multiple platform support from my copy, figuring that if my code
compiles here with MS-DOS support forced but I haven't changed the library
code itself then my code SHOULD compile on a machine where the multiple
platform support is functional)?
 Is there a fix to fifo I need to make or track down?
 Has soda locked out anonymous ftp permanently? (I also use the White Wolf
archives there.)
 Is there an approved of pool or newsgroup to send messages to Pr0duct
Cypher? I hate to add to the cypherpunks traffic with comments directly
to him/her. (We NEED to get the return addresses working, or Pr0duct
should try the new anonymous address server (from Ghio? I should know,
I saw the name 50 times today!)!)

 Seth Morris (Seth.Morris at launchpad.unc.edu)





From ritter at cactus.org  Tue Feb 22 00:57:22 1994
From: ritter at cactus.org (Terry Ritter)
Date: Tue, 22 Feb 94 00:57:22 PST
Subject: Ladder DES
Message-ID: <9402220836.AA26111@cactus.org>






                    Ritter Software Engineering
                        2609 Choctaw Trail
                        Austin, Texas 78745
                 (512) 892-0494, ritter at cactus.org



          Ladder-DES: A Proposed Candidate to Replace DES

                           Terry Ritter
                         February 22, 1994


 Introduction

 Data enciphered by DES, the US Data Encryption Standard, has become
 vulnerable to modern technical attacks.  Currently, such attacks
 require substantial capital and high-tech engineering development
 to produce a special "DES breaking" machine.  However, once such a
 machine is built, attacks would become relatively fast and cheap.
 Businesses which currently protect very expensive and marketable
 secrets with DES should take immediate notice.

 To maintain earlier levels of security, DES must be replaced with
 a stronger cipher.  The one obvious alternative to DES is a simple
 construct built from DES called triple-DES.  Triple-DES, while
 generally being thought of as "strong enough," also carries the
 baggage of requiring three times the processing of normal DES.

 Because every security system is required to provide more benefit
 than its cost, raising costs by a factor of three (when compared
 to the alternative of normal DES) is a significant issue.  Such
 costs could dangerously delay the retirement of ordinary DES.


 Requirements

 The goal of this sequence of designs is to identify one or more
 better candidates to replace DES.  Obviously, the first requirement
 is that each candidate be substantially "stronger" than normal DES.
 One problem here is that we can only _argue_ strength, so it is
 important that candidate designs be openly presented and reviewed.
 We cannot expect that most proposals will withstand such review.

 The second requirement is that each candidate design also be faster
 than triple-DES; otherwise, we might just as well use triple-DES
 and be done with it.  Speed is a measurable design quantity.

 My third requirement is to include operation on data blocks larger
 than the 8-byte DES block.  Although DES is not normally used in a
 way which is conducive to "dictionary" attack, such attacks could be
 effective on the bare cipher itself.  This raises the possibility
 that a "certificational" weakness may exist which we currently do
 not know how to exploit, but which may be dangerous anyway.  This
 particular weakness depends upon small blocks.

 At this point there is still some question as to whether it is
 _possible_ to come up with candidate designs which meet these
 three requirements.


 Ladder Diagrams

 DES itself is frequently shown in figures which are described as
 "ladder diagrams" because of their appearance:

                    |
                    v
           Initial Permutation
                    v
              <-- SPLIT -->
             |             |
             |      k1     |
             v      v      |
            XOR <-- f -----|
             |             |
             |      k2     |
             |      v      v
             |----- f --> XOR
             |             |
                  . . .

             |      k16    |
             |      v      v
             |----- f --> XOR
             |             |
             |             |
             --> COLLECT <--
                    v
             Inv. Init. Perm.
                    |
                    v

 This is the data-transformation part of DES.  Not shown is the
 key-schedule computation which produces k1 through k16, the 48-bit
 "round" keys.  Also not shown is the construction of function "f."

 It will later be interesting to note that in DES each 32-bit data
 rail value is expanded to 48 bits, the XOR occurs with a 48-bit key,
 and the result contracted to 32 bits in 6-bit to 4-bit substitutions
 known as "S-boxes."


 Ladder-DES

 Consider this simple construct which looks something like two
 rungs or steps on a ladder:

             A              B
             |      k1      |
             v      v       |
            XOR <- DES1 ----|
             |              |
             |      k2      |
             |      v       v
             |---- DES2 -> XOR
             |              |
             v              v
             C              D

 A, B, C and D represent 8-byte blocks; k1 and k2 represent 56-bit
 DES keys.  This enciphers two DES data blocks in two DES operations;
 this is a data rate similar to normal DES.  It can be described as
 working on a single large block composed of A and B.  Note that the
 data paths are twice the size of those used in DES itself.

 Also note that the design is asymmetric:  While ciphertext block C
 is a function of every bit in plaintext blocks A and B, as well as
 every bit in key k1, ciphertext block D is _also_ a function of
 key k2.


 Known-Plaintext Attack on Two-Rung Ladder-DES

 With known-plaintext, we essentially have a single-DES complexity:
 Since A is known and C is known, the output of DES1 is known.  Since
 the input to DES1 is also known, to find k1 we just do a normal DES
 search.

 Alternately, since B is known and D is known, the output of DES2 is
 known.  Since the input to DES2 is also known, to find k2 we just do
 a normal DES search.

 Total complexity: twice DES; thus, hardly worth using.


 Four-Rung Ladder-DES

 Now consider a similar construct, twice as long:

             A              B
             |      k1      |
             v      v       |
            XOR <- DES1-----|
             |              |
             |      k2      |
             |      v       v
             |---- DES2 -> XOR
             |              |
             |      k3      |
             v      v       |
            XOR <- DES3 ----|
             |              |
             |      k4      |
             |      v       v
             |---- DES4 -> XOR
             |              |
             v              v
             C              D

 A and B are 64-bit DES blocks; k1 through k4 are 56-bit DES keys.
 A total of four DES operations process two DES blocks at double-DES
 rates.  We would expect this to be both stronger than normal DES
 and faster than triple-DES.

 In general, the left-leg of a ladder-DES structure is affected by
 one fewer key than the right-leg.


 Belief

 Can we "believe" in this basic structure?  Well, DES itself is
 based on it.  But we do need to remember that DES also includes
 seriously nonlinear data expansions and contractions around each
 XOR.  Certainly expansion and contraction could be added to ladder-
 DES, although this could be expensive.  (To avoid specifying
 particular S-box contents, we could specify a cryptographic RNG
 which would be used to permute a base S-box arrangement; this
 should also avoid normal differential attacks.)  It is not clear
 that the lack of expansion and contraction operations necessarily
 negates the overall approach.


 Key Reduction

 The four-rung ladder-DES construct uses four 56-bit DES keys, but
 certainly a cipher would be strong enough if it had "only" a real
 two-key (112-bit) keyspace.  Thus, we might consider making k3 = k1,
 and k4 = k2, or perhaps, k3 = k1 and k4 = k1 XOR k2.

 On the other hand, perhaps it would be worthwhile to support
 additional keys simply to avoid the necessity of showing that a
 reduced key approach could never reduce strength.


 Known-Plaintext Attack on Four-Rung Ladder-DES

 No longer do we have the advantage of knowing both the input to
 and the output from XOR operations, so we can no longer gain access
 to the output of particular DES operations.  Thus, the obvious
 search strategy is not available.


 Divide-And-Conquer Attack on Four-Rung Ladder-DES

 Normally we try to separate the effects of the different DES
 operations, so we can "divide and conquer" each separately.
 In this case, DES4 is the obvious first choice, since with the
 keys k1..k3 fixed, only k4 affects the output, and then it only
 affects block D.  However, unless we know the values of k1 and k2,
 we don't know the input to the bottom XOR, and so apparently
 cannot separate DES4 to work on it.


 Meet-In-The-Middle Attack on Four-Rung Ladder-DES

 With four keys involved, and no obvious "middle," it is not clear
 how this attack could be applied.


 2x Four-Rung Ladder-DES

 The basic Ladder-DES construct can be expanded to cipher four
 blocks at once:

             A              B         C              D
             |      k1      |         |      k2      |
             v      v       |         v      v       |
            XOR <- DES1 ----|        XOR <- DES2 ----|
             |              |         |              |
             |      k3      |         |      k4      |
             |      v       v         |      v       v
             |---- DES3 -> XOR        |---- DES4 -> XOR
             |              |         |              |
             v              v         v              v
             E              F         G              H

                         Re-arrange Blocks

             H              E         F              G
             |      k5      |         |      k6      |
             v      v       |         |      v       |
            XOR <- DES5 ----|        XOR <- DES6 ----|
             |              |         |              |
             |      k7      |         |      k8      |
             |      v       v         |      v       v
             |---- DES7 -> XOR        |---- DES8 -> XOR
             |              |         |              |
             v              v         v              v
             I              J         K              L

 This construct enciphers four DES data blocks in eight DES
 operations; again, this is a speed comparable to double-DES, and
 substantially faster than triple-DES.

 Ciphertext block I is now a function of every bit in plaintext
 blocks A, B, C, and D, as well as every bit in keys k1, k2, k4,
 and k5.  Every bit in the 64-bit I is a complex function of
 480 bits.

 We could certainly afford to reduce the number of keys in these
 constructs, and this might be done in any number of ways.  For
 the 2x construct, for example:

      k2 := k1 XOR k3;  k4 := k3 XOR k5;
      k6 := k5 XOR k7;  k8 := k7 XOR k1;

 leaving us with a need for four keys:  k1, k3, k5 and k7.  It is
 also possible that the same two keys could be used in every two-
 rung ladder-DES section, for a total of two keys.


 Conclusion

 DES operations can be arranged into a "ladder-DES" constructs which
 are especially-clean and familiar and seem to resist known attacks.
 These constructs seem potentially stronger than normal DES and are
 demonstrably faster than triple-DES.  Thus, ladder-DES could be a
 reasonable candidate to replace DES.






From frissell at panix.com  Tue Feb 22 03:15:26 1994
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 22 Feb 94 03:15:26 PST
Subject: Gun conversion info banne
Message-ID: <199402221115.AA12424@panix.com>


To: CYPHERPUNKS at toad.com

S.> Duncan Frissell <frissell at panix.com> writes:
S.>Then there's the time in the early '80s when the Consumer Products 
S.>Safety 
S.>Commission banned the "Button Book."
S.>
S.>Query:
S.>	What pray is the "Button Book".
S.>

Readers may recall that many years ago, their parents gave them this book 
that had, attached to its pages, all sorts of fastening devices.  The 
Button Book had cardboard pages with shoelaces, zippers, buttons, buckles 
and all sorts of great stuff.  Good training for fastening things.  The 
CPSC felt that the buttons were too easy to remove.  The old "oh no your 
book is dangerous it may kill my (stupid) kid."

The publisher didn't try a 1st Amendment defense.  I don't know if they've 
ever reissued.

DCF

Who survived to adulthood before the CPSC (as difficult as that may be to 
believe).

--- WinQwk 2.0b#1165
                       





From hughes at ah.com  Tue Feb 22 06:46:04 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 06:46:04 PST
Subject: ADMIN: soda archive site
In-Reply-To: <9402220807.AA14442@lambada.oit.unc.edu>
Message-ID: <9402221444.AA14218@ah.com>


> So, is soda still the archive (have I missed a major announcement?)?

Yes.  Soda had some disk problems, but is back up.

And with a big change.  The staff have moved the ftp directory to its
own filesystem, removed quotas for that filesystem, and set back
ownership of the rest of the files to me.

Soda has had a real disk crunch, and the staff installed tight disk
quotas of 10 Mb.  That's hardly anything at all.  The staff, in order
to spoof the quotas, changed ownership of some of the files and
directories to user ftp, after which I couldn't access things or
change them.  This included the main cypherpunks directory, so I
couldn't even add new directory trees.

Plus, I've got some overseas people automatically mirroring soda, with
a hand done exception for pgp, so it was problematic to add new
encryption code.  This is still not fixed.

I'm drafting some volunteers on soda to help with maintenance, so
things should improve there in the coming weeks.

Eric





From hughes at ah.com  Tue Feb 22 07:09:11 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 07:09:11 PST
Subject: the black budget
In-Reply-To: <9402202254.AA12409@toad.com>
Message-ID: <9402221507.AA14272@ah.com>


>This secret budget operates much the same way. Money
>goes into it, but what it's spent for never sees the light of
>day.

The black budget is taxation without representation.

We fought a war over this, once.

Eric





From fhalper at pilot.njin.net  Tue Feb 22 07:16:56 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Tue, 22 Feb 94 07:16:56 PST
Subject: Mac encryption
Message-ID: <9402221516.AA28639@pilot.njin.net>


What is everyones opinion of the best encryption software forthe Mac?
Frederic Halper
fhalper at pilot.njin.net





From hughes at ah.com  Tue Feb 22 07:23:04 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 07:23:04 PST
Subject: ADMIN: cypherpunks-ratings created
Message-ID: <9402221521.AA14324@ah.com>


While we were creating majordomo groups, I had Hugh create a new
mailing list for our use, cypherpunks-ratings.

The ratings list is meant for the implementation of distributed
moderation similar to what I outlined for Usenet a week or two ago.
This experiment is slightly different, since we're going to leave the
main list as it is.

The ratings list currently doesn't go anywhere.  You can join the
ratings list, but that doesn't get you anything.  We'll turn on
distribution of the list later.

Here's the deal.  The ratings posted to the ratings list have to be
some fixed standard form.  This form has yet to be decided upon, and
should be debated on this list.  I will implement a filter which only
passes syntactically correct ratings, once the syntax is decided upon.
At this point we'll turn on the list.

Other motivated cypherpunks participants will have to come up with a
system to merge the two lists into a coherent whole, as well as
provide an interface for creating and sending ratings.

Ratings are intended to be broader than voting.  Ratings should be
manifold, in order to support various areas of interest.  Ratings
can support voting, but not vice versa.

Please use the RATINGS: tag in the subject line for discussion.

Eric





From darklord+ at CMU.EDU  Tue Feb 22 07:34:28 1994
From: darklord+ at CMU.EDU (Jeremiah A Blatz)
Date: Tue, 22 Feb 94 07:34:28 PST
Subject: Rer: autosigning pearl script
Message-ID: <whOWKdC00WBLE38Fsg@andrew.cmu.edu>


> $header = "/tmp/header.$$" ;
> $body = "/tmp/body.$$" ;

Ummm, whoidn't it be a bit safer to put these in the users local
directory? /tmp isn't really safe, unless you have your own net.

Hoping he's not making a fool of himself,
Jer

darklord at cmu.edu | "it's not a matter of rights  / it's just a matter of war
 finger for Geek |  don't have a reason to fight / they never had one before"
   Code, PGP Key |                                    -Ministry, "Hero"





From anonymous at extropia.wimsey.com  Tue Feb 22 08:15:26 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Tue, 22 Feb 94 08:15:26 PST
Subject: Unbridled Enthusiasm
Message-ID: <199402221537.AA18980@xtropia>


 * Reply to msg originally in CYPHERPUNKS

 Uu> At last, my long-promised pseudo-account remailer is open for testing.
 Uu> Here's how it works.
 
We know you're excited, but did you have to post this THIRTY-TWO times?

Just wondering...






From hughes at ah.com  Tue Feb 22 08:27:47 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 08:27:47 PST
Subject: ADMIN: Unbridled Enthusiasm
In-Reply-To: <199402221537.AA18980@xtropia>
Message-ID: <9402221626.AA14541@ah.com>


Repeat, repeat.  Matthew Ghio sent his message only once to the
cypherpunks list.  The mailer software, for unknown reasons, started
spewing it out continuously.

Can we stop with the commentary on "how many times did you get it?"

Eric





From hfinney at shell.portal.com  Tue Feb 22 09:44:59 1994
From: hfinney at shell.portal.com (Hal)
Date: Tue, 22 Feb 94 09:44:59 PST
Subject: RATINGS: Subject tags
Message-ID: <199402221745.JAA03244@jobe.shell.portal.com>


One issue is the purpose of the ratings system.  I don't think it will help
to solve the problem of intentional disruption.  If the disrupter is really
motivated, he could have multiple identities and give positive ratings to
his messages, so they would get through.

I think a good purpose would be filtering out uninteresting or lower-quality
messages.  Unless someone else vouches for a message, it would not appear
for a subscriber to the filtered list.

Eric asked that discussions on this topic use the "subject tag" concept,
putting "RATINGS:" in the subject line.  Subject tags are a good idea but
are not widely used.  If more people would use them it would help people to
read those messages that interest them.

My suggestion is that the ratings be based on subject tags.  A rater reads
a message, and if he endorses it as being worth reading he sends in one or
more subject tags (keywords) which apply.  Then someone on the filtered list
could subscribe based on particular tags that interest them.

The advantage is that this way even newcomers' messages are tagged with useful
keywords, tags provided by old-timers on the list when they approve the messages.
This also provides for the multi-dimensional aspect of approval, more useful
than a simple "thumbs up".

I won't try to suggest a syntax, but under this proposal a rating message
would include some message identifier (perhaps the list should produce
messages with an incrementing message number), along with a list of
applicable subject tags.

Hal





From hayden at krypton.mankato.msus.edu  Tue Feb 22 10:01:45 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Tue, 22 Feb 94 10:01:45 PST
Subject: RATINGS: Subject tags
In-Reply-To: <199402221745.JAA03244@jobe.shell.portal.com>
Message-ID: <Pine.3.89.9402221249.A13847-0100000@krypton.mankato.msus.edu>


Sorry for being stupid, but what exactly are these rating things supposed 
to accomplish?  I obviously missed something.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From hughes at ah.com  Tue Feb 22 10:34:02 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 10:34:02 PST
Subject: RATINGS: Subject tags
In-Reply-To: <Pine.3.89.9402221249.A13847-0100000@krypton.mankato.msus.edu>
Message-ID: <9402221832.AA14910@ah.com>


>Sorry for being stupid, but what exactly are these rating things supposed 
>to accomplish?  I obviously missed something.

If you read the whole list, nothing.

If you don't want to read the whole list, then the ratings are
supposed to help you decide what you want to read.  If you don't read
something, you have to rely on the opinion of someone who did read it.
The ratings list is a formal way of communicating these opinions.

Eric





From fhalper at pilot.njin.net  Tue Feb 22 10:42:33 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Tue, 22 Feb 94 10:42:33 PST
Subject: MacPGP
Message-ID: <9402221842.AA09137@pilot.njin.net>


Can anyone give me a FTP site where MacPGP is available.  i think the Ratings idea is brilliant.
Frederic Halper
(Reuben Halper)
fhalper at pilot.njin.net





From tcmay at netcom.com  Tue Feb 22 10:43:24 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 22 Feb 94 10:43:24 PST
Subject: the black budget
In-Reply-To: <9402221507.AA14272@ah.com>
Message-ID: <199402221843.KAA28342@mail.netcom.com>



> >This secret budget operates much the same way. Money
> >goes into it, but what it's spent for never sees the light of
> >day.
> 
> The black budget is taxation without representation.
> 
> We fought a war over this, once.
> 
> Eric


Yes, but this time around the forces of King George (Bush) did a
little bit better. Whether we, the CryptoMinuteMen (not a sexual slur)
can do better is still up in the air.

--Tim


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Tue Feb 22 10:49:28 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 22 Feb 94 10:49:28 PST
Subject: Mac encryption
In-Reply-To: <9402221516.AA28639@pilot.njin.net>
Message-ID: <199402221849.KAA29128@mail.netcom.com>



> What is everyones opinion of the best encryption software forthe Mac?
> Frederic Halper
> fhalper at pilot.njin.net

MacPGP, available by anonymous ftp from the soda.berkeley.edu site, is
the only one I know of using public key methods, and hence the only
one of real interest to Cypherpunks.

Commerical products (like the various "Kent Marsh" products) are
mostly DES-or-weaker and are oriented toward local file protection.
(MacPGP will do that, too, of course).

About six or seven years ago I bought "Sentinel," from SuperMac, and
used it a few times. The problems were obvious: lack of other users
(so my friends couldn't receive or send), and the symmetric cipher
nature (we had to share keys for a message). Public key systems based
on PGP have solved both problems (though problems of convenience
remain).

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From hughes at ah.com  Tue Feb 22 10:52:03 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 10:52:03 PST
Subject: RATINGS: Subject tags
In-Reply-To: <199402221745.JAA03244@jobe.shell.portal.com>
Message-ID: <9402221850.AA14973@ah.com>


>If the disrupter is really
>motivated, he could have multiple identities and give positive ratings to
>his messages, so they would get through.

No one says you have to believe a particular rating.

>Unless someone else vouches for a message, it would not appear
>for a subscriber to the filtered list.

The system I want to experiment with for cypherpunks is not filtration
at the mailing list server but rather filtration at the user's end.
The "filtered list" is whatever passes through one's own filter.  I am
not talking about making toad into an extropians-style list with lots
of server operations.

>My suggestion is that the ratings be based on subject tags.  

I suggest that one kind of rating be based on subject tags, or primary
topic, or keywords, or something similar.  I also suggest that other
kinds of ratings exist.

Hal's suggestion is to make a rating based on salience to topic.  This
is fine, it allows a sheaf of related topics and concerns to be
unbundled according to a particular reader's viewpoint.

> a rating message
>would include some message identifier

There is already the right message identifier.  It appears in each
piece of mail in the header field Message-Id.

Eric





From hughes at ah.com  Tue Feb 22 10:55:33 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 10:55:33 PST
Subject: the black budget
In-Reply-To: <199402221843.KAA28342@mail.netcom.com>
Message-ID: <9402221854.AA14988@ah.com>


>> The black budget is taxation without representation.
>> 
>> We fought a war over this, once.

>Yes, but this time around the forces of King George (Bush) did a
>little bit better. Whether we, the CryptoMinuteMen (not a sexual slur)
>can do better is still up in the air.

It took the Colonists several decades to get worked up enough to fight
a war.  We're only halfway through an equivalent time period.

And I don't want to change the situation only with crypto, but also
with public speech.

Eric





From sameer at soda.berkeley.edu  Tue Feb 22 12:18:41 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Tue, 22 Feb 94 12:18:41 PST
Subject: Rer: autosigning pearl script
In-Reply-To: <whOWKdC00WBLE38Fsg@andrew.cmu.edu>
Message-ID: <199402222017.MAA11037@soda.berkeley.edu>


> 
> > $header = "/tmp/header.$$" ;
> > $body = "/tmp/body.$$" ;
> 
> Ummm, whoidn't it be a bit safer to put these in the users local
> directory? /tmp isn't really safe, unless you have your own net.
> 
> Hoping he's not making a fool of himself,
> Jer

	Probably yeah.. if the umask is set ugly.. but pgp really
should be run on a machine which is pretty much single user and
secure.
	(I probably should've cleaned up and commented this little bit
I wrote before sending it out.. but oh well.)





From blancw at microsoft.com  Tue Feb 22 12:59:54 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 22 Feb 94 12:59:54 PST
Subject: the black budget
Message-ID: <9402222100.AA23192@netmail2.microsoft.com>


"It took the Colonists several decades to get worked up enough to fight
a war.  We're only halfway through an equivalent time period.
And I don't want to change the situation only with crypto, but also
with public speech."

Would you elaborate?  Earlier, Tim May said something about using "the 
active spreading of
disinformation about the compromise of the key escrow system" as part 
of the attempt to "Actively Sabotage Clipper and Capstone" (title of 
his message).

What sort of public speeches would you (or others) make (to whom)?
(Just curious)

Blanc





From iansmith at weasel.cc.gatech.edu  Tue Feb 22 13:04:35 1994
From: iansmith at weasel.cc.gatech.edu (Ian Smith)
Date: Tue, 22 Feb 94 13:04:35 PST
Subject: RATINGS: proposal
Message-ID: <9402222102.AA22043@weasel.gatech.edu>


Eric: I was about to send this to the cpunx list, but got your message
first. I'll send this to you first, and maybe we can hash out
something better before 'going public' with it... here it is. I had
not thought about the possibility of rating multiple messages in one
"rating message." My scheme doesn't address this, although simple
changes could accomplish it. I'm not sure that I understand why a mail
message could be rated multiple times by the same rator, unless you
mean that one might define "axes of rating", like "content",
"spelling", "novelty", etc.  I think that such a scheme is good, but
is starting to place more load on the rator.  I had hoped that I could
use a slider widget, and have the user generate somewhat reasonable
ratings just by setting the slider to a value between 0 and 100 and
hitting a "rate" button. This would automagically put in motion the
scheme outlined below.

As an MUA implementor, here's my first cut of a proposal for a rating
system that would hopefully meet the goals that eric outlined and be
quickly implementable.

1) Mail to cypherpunks-ratings will be gatewayed back to all members
of the list if it has the following lines in its body [Headers are
ignored...] Lines in brackets are optional:

[whitespace]
Target-Message-Id: <messageId>
Rating: <integer>
[Comment: <newline terminated string>]
[Subtopic: <one word string>]
[Rating-originator: <newline terminated identity string: preferably
PGP public key ident]

[PGP signature]

Body lines which don't have the syntax mentioned above are ignored.

The comment field is intended to allow the person doing the rating to
give info about his rating or the rated message to the rated message
reader, when the message is read. I.e. when I read a message from the
cypherpunk list from joe blow which has been rated by
iansmith at cc.gatech.edu with a comment of "this message is fantastic"
I can get something like:

From: joe blow
Subject: foobar
Rating-Comment: (iansmith at cc.gatech.edu) this message is fantastic! 
Rating: 100

Similarly the subtopic field is to provide an automatic version of
what is now being done by hand with ADMIN: and RATING: in subject
fields or the like.  This would allow a mail user agent to provide
some automatic content help, provided that a displayed mail message
meets enough of its criteria for this (have enough ratings been
received? do 75% of the ratings agree on the subtopic for the mail
message? etc).

The PGP information is intended to facilitate "rating reputations" so
that MUAs could be configured to "trust" ratings from people with good
reputations for rating in ways that meet the user's idea of "goodness."

Now, this strategy doesn't say anything about what the numeric rating
scale means. I favor a 0-100 scale, with 0 being a "don't read this,
its crap" and 100 being "must read." Although ideally this should be a
curve with 50 being very common and 100's and 0's being very uncommon,
it seems unlikely to me that such a system would occur in practice, as
the common case (50) is the MOST unlikely to motivate someone to issue
a rating message.  I'm not sure what to do about this problem.

When the mail messages is echoed out to the ratings mailing list, it
would bear the additional header line: 
X-Mail-Rating: cypherpunks

This would allow the MUA of the recipient to easily recognize the
"ratings mail" messages and not display them to the user.  The MUA
should be building a database or otherwise storing the ratings of mail
messages, so that when it displays a message it can bring up the
appropriate ratings information.  This allows clever user interfaces
to be constructed based on ratings information, especially
reputation-based arragements.  Consider our message from Joe Blow
above and the message display below:

From: joe blow
Subject: foobar

PGP-Signed-Message-Ratings: 7
PGP-Signed-Rating-Average: 67.5
PGP-Signed-Common-Subtopic: DIGICASH
Highest-Rator-Comment: Good discussion of Chaum's methods
Lowest-Rator-Comment:  Stupid rehash of Chaum's approach

Now back the MUA implementation: This database (or other storage)
which I have been discussing is somewhat irritating in its complexity
and storage requirements, but mostly unavoidable because of the
ordering properties of the problem. It is quite likely that one will
receive ratings *before* the mail message itself arrives (in fact,
this may be exactly what you want!) so the MUA will be forced to "sit
on" ratings for messages it hasn't seen yet. 

To make the database/storage problem a bit more managable, MUA's can
delete ratings information when they delete a mail message.  However,
it seems like a good idea to keep this information lying around for
potential searches of an archive of a mailing list. I.e. "Give me
messages which have the rating subtopic of DIGICASH and average
ratings over 50"

Major problems with this scheme:

1) Heavy dependance on Message-Id: field of messages and not all
messages bear one of these. I don't see that is avoidable, since we
must uniquely identify mail messages and the Message-Id is designed to
do this.

2) This scheme rewards people who wait on the mail message ratings to
come in then read the mailing list.  This could be problematic if we
get into a situation where people who should be doing the rating
aren't reading messages (and rating them) because they are waiting on
others to do so.  I'm not really sure how to address this problem;
timeliness cannot be used a factor when considering ratings, because
of the speed differences in different peoples mail transport system
(its unfair to penalize those that have long mail delays or are
vacation).  I think that perhaps some sort of "carrot" should be used
to encourage to rate messages, but I'm not sure what this carrot would
be.


what do ya think?
ian




From hayden at krypton.mankato.msus.edu  Tue Feb 22 13:29:23 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Tue, 22 Feb 94 13:29:23 PST
Subject: RATINGS: proposal
In-Reply-To: <9402222102.AA22043@weasel.gatech.edu>
Message-ID: <Pine.3.89.9402221539.A21358-0100000@krypton.mankato.msus.edu>


Forgive my ignorance, but isn't this a lot of overkill?  I mean, one 
could simply set up a filter for subjects/people you don't want to see or 
press the 'D' key.

Or is there a larger picture that I'm still failing to grasp (very probable.)

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From tcmay at netcom.com  Tue Feb 22 13:38:24 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 22 Feb 94 13:38:24 PST
Subject: Disinformation (or the Truth?) About Clipper
In-Reply-To: <9402222100.AA23192@netmail2.microsoft.com>
Message-ID: <199402222138.NAA14229@mail.netcom.com>


How should Clipper be sabotaged and spoken against?

Blanc Weber asks:

> Would you elaborate?  Earlier, Tim May said something about using "the 
> active spreading of
> disinformation about the compromise of the key escrow system" as part 
> of the attempt to "Actively Sabotage Clipper and Capstone" (title of 
> his message).
> 
> What sort of public speeches would you (or others) make (to whom)?
> (Just curious)

Briefly, "Tell X to Y," where X and Y are the following:

Tell them X:

- Clipper is a wiretapping system

- Clipper has more than one back door

- Clipper keys have already been compromised by non-government
entities

- Clipper is for spying on foreign-based corporations

- Clipper will be used to monitor corporations

- Clipper chip makers (Mykotronx, VLSI Tech, National, etc.) have had
their security systems breached

- Clipper is Big Brother

Tell this to Y:

- your friends and your family...I tell everyone I meet (nearly) what
a frightening and ludicrous thing the Clipper/Skipjack/Tessera systems
is. (And I say the same thing about the "Information Data
Superhighway" boondoggle.)

- journalists (e.g., I informed John Markoff of some of these things,
which he mostly knew about--he knows more than I do!-- and the
strategy of disinformation and sabotage....it made it into his Sunday
article...and I'm talking to two other journalists now)

(I'm honest with journalists: I tell them upfront that a
disinformation/sabotage campaign is underway and that they should thus
take anything I say, or anyone else says, in this light. They're
usually very bright and see these things anyway, so this clears the
air. It is not a contradiction to tell them that a
disinformation/sabotage campaign is underway and then to tell them
about reports the Clipper chip manufacturers have had security
compromises. And other such things.)

- corporations...point out to them that Clipper isn't a real
improvement, that it opens them up to casual monitoring by the tax and
other authorities, and that their competitors will be able to buy the
keys on the black market in not too long a time

- radio call-in shows and the like. I called Dave Emory's show a while
back and spoke against Clipper and the NSA. Dave Mandl interviewed me
over a year ago for his radio show in New York. And I may be on a
Santa Cruz radio show soon. John Gilmore and Eric Hughes, of course,
have also been on radio and t.v. shows.

(Don't be afraid to call Christian Right stations, either. You may not
like all of their policies--I know I don't--but they're very paranoid
government tracking, national identity cards, and 666-style numbers
attached to them. The "700 Club" has come out staunchly against Clipper.)

- foreigners...I get a real rise our of my overseas friends when I
tell them what the National Security Agency has planned for them.

(By the way, I've seen little discussion here of the fact that the
Germans, French, and NATO nations in general seem to be signing on for
some version of the Clipper system. I can provided details if there's
interest. In all the debate a few weeks ago about whether Germany is
more or less free than America, it was left out that Germany is about
to roll back certain Constitutional freedoms and explicity allow more
surveillance. We should not be pushing our German or European list
members (a la Hadmut Danisch) into defending their countries--rather,
they need to fight the fight as well. In fact, more Cypherpunks need
to be recruited in Europe, which shows many signs of slipping back
into a Surveillance State, with barely a whimper of public outcry.)


--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From nobody at rosebud.ee.uh.edu  Tue Feb 22 14:02:10 1994
From: nobody at rosebud.ee.uh.edu (nobody at rosebud.ee.uh.edu)
Date: Tue, 22 Feb 94 14:02:10 PST
Subject: ratings
Message-ID: <9402222202.AA29995@toad.com>


-----BEGIN PGP SIGNED MESSAGE-----

Robert Hayden said:
>Forgive my ignorance, but isn't this a lot of overkill?  I mean, one
>could simply set up a filter for subjects/people you don't want to see
>or press the 'D' key.

Well, a rating system like the one I think Eric is talking about would
disassociate "people" (the authors) from their post... so for example
in the future when everybody is using anonymous remailing services to
participate here and elsewhere, you would be able to read messages
from "people" (pseudonyms on digitally signed posts).  Of course, the
anonymous remailing services would prevent you from figuring out the
true author, so you can't filter for people in the manner you
describe.

Then you could pay attention to mail from Pr0duct Cipher and Deadbeat,
who have kept their identities secret, but filter out other
"anonymous" messages.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWp/s4OA7OpLWtYzAQEaowP9FVOSEFtOR2WNV4a5cjleR06BRTBB2eZd
HB7cPwsiOzReufDJz9/i1PMeFBzd548DtC8AnyIriAY/c8zDAuK3ujMDgWM0FQ2+
W8khShw19GrFg0gsnuozHjorrivXw9OZzK3wOQQL5xx1BvWZ8kehM+YMjjKaq0vh
6Sjlt0RzKmM=
=IWy1
-----END PGP SIGNATURE-----





From hughes at ah.com  Tue Feb 22 14:07:52 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 14:07:52 PST
Subject: RATINGS: proposal
In-Reply-To: <9402222102.AA22043@weasel.gatech.edu>
Message-ID: <9402222206.AA15467@ah.com>


>I'm not sure that I understand why a mail
>message could be rated multiple times by the same rator, unless you
>mean that one might define "axes of rating", like "content",
>"spelling", "novelty", etc.  

This is exactly the reason.

We've already discussed saliency.  There are a few more criteria I can
think of immediately (including the one we know):

-- salience.  What is the article about?

-- clarity.  In the age of information overload, clarity and brevity
are the soul of politeness.  Consider this.  When you post to
cypherpunks, several hundred people may read your message.  If you can
spend one minute making your words clear, you will save hours in
aggregate for all involved.  But in fact, if it's not clear enough, I
don't want to read it at all, saving even more time in aggregate.

Example of a characteristically low clarity rating: L. Detweiler

-- novelty.  Repeated arguments have as their primary quality that
they are ... repeated.  Do I want the same rehash over and over?  How
many times do I want to hear about hidden trapdoors in DES?  Zero.

Example of a characteristically low novelty rating: Sternlight

These two examples are not hypothetical.

-- fact/query/opinion.  What is the balance between verifiable claims
of fact, question or request for help or information, and mere
assertion?  People who wish to help newbies should be able to do so,
and those who wish to ignore them should be able to do that.

-- readware.  A fellow at Bell Labs is working with 'readware', which
is a computer analog of the smudged edges of a reference book in the
place where it's opened to most.  A simple readware scheme could
deliver the number of lines that were read before the article was
deleted.  This information is pretty easy to collect, and requires
almost no user intervention.

>I think that such a scheme is good, but
>is starting to place more load on the rator.

Each rater need not be required to publish a full rating, nor even
rate each article.  No one is supposed to rate an article, and anybody
should be capable of it.

>[proposes an email-header based syntax for a rating]

>The PGP information is intended to facilitate "rating reputations" so
>that MUAs could be configured to "trust" ratings from people with good
>reputations for rating in ways that meet the user's idea of "goodness."

Certainly the ratings format should allow for digital signatures.  The
identity of the rater is certainly relevant to a decision process.

One of the immediate reasons for this is that one might easily want
one's ratings to be private, and yet participate publically.  Here is
a use for pseudonyms that an ordinary person can understand.  If you
don't want someone to know that you think badly of them, don't tell
them.  But you can tell the world under a pseudonym.  It's like an
anonymous referee.

>[on 0-100 scale]
>the common case (50) is the MOST unlikely to motivate someone to issue
>a rating message.  I'm not sure what to do about this problem.

The Central Limit Theorem comes to the rescue.  It says that if you
add together enough instances of random variables with the same
distribution, you always get a Gaussian distribution (a bell curve).

[ An aside.  This is the secret reason that statistical mechanics
works.  Add up enough atoms, and you _can_ assume a Gaussian.  My
physics professor did not tell me this.  Grr. ]

Get enough raters, and the ratings can be first-approximated to good
accuracy by the mean and variance.  High variance means it's
controversial, sometimes a positive characteristic in its own right.
And if you get a bimodal distribution, so much the more.

>X-Mail-Rating: cypherpunks

Certainly a list identifier for mail handling would be useful, but
that's not part of a rating syntax.

>1) Heavy dependance on Message-Id: field of messages and not all
>messages bear one of these.

You check.  Every single one from toad.com does.  Message-Id is a
required field.  If mail doesn't have it, the mailer is misconfigured.
What most mailers do is that if they don't see a Message-Id, they add
their own; this is what toad.com does.

>2) This scheme rewards people who wait on the mail message ratings to
>come in then read the mailing list.  

That is the idea.  Some people want to read everything, some don't.
Those who read early will tend to get their own words read more often,
and this may be reason enough to rate.  A good reputation for rating
may also translate into a good reputation for writing.

>(its unfair to penalize those that have long mail delays or are
>vacation).  

It's also completely unavoidable.  Live with it.

Eric





From hughes at ah.com  Tue Feb 22 14:20:05 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 14:20:05 PST
Subject: ratings
In-Reply-To: <9402222202.AA29995@toad.com>
Message-ID: <9402222218.AA15490@ah.com>


Robert Hayden said:
>>Forgive my ignorance, but isn't this a lot of overkill?  I mean, one
>>could simply set up a filter for subjects/people you don't want to see
>>or press the 'D' key.

You have to decide who that author is and what the subject is, first.
Therefore, as somebody said:

>Of course, the
>anonymous remailing services would prevent you from figuring out the
>true author, so you can't filter for people in the manner you
>describe.

Likewise the true subject may not be apparent either.

Ratings are a means for a group in discourse to engage in a
meta-discourse about what they wish to speak and to hear.  Some form
of this is going to be necessary to support anonymity and
pseudonymity, which breaks the current social structures which hold
together the existing meta-discourse (facial expressions, body
positions, mere presence).

Eric





From hfinney at shell.portal.com  Tue Feb 22 14:23:00 1994
From: hfinney at shell.portal.com (Hal)
Date: Tue, 22 Feb 94 14:23:00 PST
Subject: RATINGS: Subject tags
Message-ID: <199402222056.MAA15491@jobe.shell.portal.com>


From: hughes at ah.com (Eric Hughes)
> >If the disrupter is really
> >motivated, he could have multiple identities and give positive ratings to
> >his messages, so they would get through.
> 
> No one says you have to believe a particular rating.

This would imply that subscribers see the source of each rating.
You would have to know that in order to judge whether to believe one or
not.  But I think this might consume too much bandwidth.  With possibly
many raters, each producing a potentially multi-dimensional rating per
message, this would be a lot of stuff to send along with each message.

My suggestion would be to just present the union of all the subject
tags produced by the raters.  This is a moderate amount of information,
and to the extent that raters agree on subject tags it could in many
cases be a very succinct presentation.  We don't want to make this too
unwieldy.

> >Unless someone else vouches for a message, it would not appear
> >for a subscriber to the filtered list.
> 
> The system I want to experiment with for cypherpunks is not filtration
> at the mailing list server but rather filtration at the user's end.
> The "filtered list" is whatever passes through one's own filter.  I am
> not talking about making toad into an extropians-style list with lots
> of server operations.

This makes sense, but there must still be two lists: one, the "raw" list,
which is seen (at least) by raters and contains messages which have not
yet been rated; and the other, the "rated" list, which has the rated
messages.  My suggestion was that messages which did not receive any
ratings by anyone would not make it into the rated list.  Obviously an
alternative would be to send it out tagged to show that no one cared
enough to rate it.

> >My suggestion is that the ratings be based on subject tags.  
> 
> I suggest that one kind of rating be based on subject tags, or primary
> topic, or keywords, or something similar.  I also suggest that other
> kinds of ratings exist.
> 
> Hal's suggestion is to make a rating based on salience to topic.  This
> is fine, it allows a sheaf of related topics and concerns to be
> unbundled according to a particular reader's viewpoint.

This could also be used for negative ratings: subject tags such as
"flame", "faq", "rant", etc. could be used to give more information than
just the topic of the message.  People could set up their own systems to
filter the message to exclude messages with certain of these tags.

> > a rating message
> >would include some message identifier
> 
> There is already the right message identifier.  It appears in each
> piece of mail in the header field Message-Id.

Message-ID is probably OK, but it is kind of long.  Many mail agents will
insert an "In-Reply-To" into the header which identifies the message ID,
but not all will.  It would be a real pain to type one in manually.
Another advantage of numbering messages sent on the "raw" list would be
that people would be able to tell when they have missed messages (but that
is irrelevant to the ratings issue, I admit).

Hal






From nobody at rosebud.ee.uh.edu  Tue Feb 22 14:25:27 1994
From: nobody at rosebud.ee.uh.edu (nobody at rosebud.ee.uh.edu)
Date: Tue, 22 Feb 94 14:25:27 PST
Subject: MAIL: list
Message-ID: <9402222225.AA00369@toad.com>


Okay, here is an updated remailer list

* elee7h5 at rosebud.ee.uh.edu has been renamed to
elee7h5x at rosebud.ee.uh.edu.  elee6ue at rosebud.ee.uh.edu has been
renamed to elee6uex at rosebud.ee.uh.edu.  Other that that both appear to
working just fine, but I took them out of the list since I think they
are on the edge of extinction ;-)

* barrus at tree.egr.uh.edu is also down for a bit.  That was an
experimental one which had offered different features and a different
command syntax than the others... I'll look at re-enabling it after
making some more changes.

* Matt's new remailer isn't listed here yet, since I think I'll change
the format of this file to somehow seperate out remailers which work
differently than Hal's standard, like Matt's and barrus at tree.

* Mark Briceno notified me that ftp to 129.82.156.104 for MAC remailer
tools seems to be gone.  I can't locate the programs that used to be
there anywhere else (pgpc22.tar.gz and .Z).

* I've gotten responses from anon at hacktic.nl, but it now appears to be
temporarily down, so I'll add it in again when it's back up.

-----BEGIN PGP SIGNED MESSAGE-----

Cypherpunk anonymous remailers, 2/22/94

Q1: What are the anonymous remailers?

A1:

 1: remailer at chaos.bsu.edu
 2: nowhere at bsu-cs.bsu.edu
 3: hh at soda.berkeley.edu
 4: hal at alumni.caltech.edu
 5: ebrandt at jarthur.claremont.edu
 6: catalyst at netcom.com
 7: remailer at rebma.mn.org
 8: hfinney at shell.portal.com
 9: remailer at utter.dis.org
10: remailer at entropy.linet.org
11: elee9sf at menudo.uh.edu
12: remail at extropia.wimsey.com

NOTES: 

1-3		no encryption of remailing requests
4-12		support encrypted remailing requests
12		special - header and message must be encrypted together
7,9,10,12	introduce larger than average delay (not direct connect)
7,9,12		running on privately owned machines
11		supports RIPEM encryption, caches remailing requests
3		features USENET posting

======================================================================

Q2: What help is available?

A2:

Check out the pub/cypherpunks/remailer directory at soda.berkeley.edu
(128.32.149.19).  

chain.zip             - program that helps with using remailers
dosbat.zip            - MSDOS batch files that help with using remailers
hal's.instructions.gz - in depth instruction on how to use
hal's.remailer.gz     - remailer code
pubkeys.tar.gz        - public keys of remailers which support encryption
pubkeys.zip           - MSDOS zip file of public keys
scripts.tar.gz        - scripts that help with using remailers

Or try the cypherpunks gopher site (chaos.bsu.edu) and look in
"Anonymous Mail" for instructions.

Mail to me (klbarrus at owlnet.rice.edu) for further help and/or questions.

======================================================================

Q3.  Email-to-Usenet gateways?

A3.

 1: group-name at cs.utexas.edu
 2: group.name.usenet at decwrl.dec.com
 3: group.name at news.demon.co.uk
 4: group.name at news.cs.indiana.edu
 5: group-name at pws.bull.com
 6: group-name at ucbvax.berkeley.edu

NOTES:

*  This does not include ones that work for single groups, like twwells.com.
*  Remember to include a Subject: with your post, may cause failures
   if missing
#6 blocks from non-berkeley sites (so use the berkeley remailers :-)

======================================================================

This is the remailer.data file I use with nestping, a script for
pinging anonymous remailers:

01:n:remailer at chaos.bsu.edu
02:n:nowhere at bsu-cs.bsu.edu
03:n:hh at soda.berkeley.edu
04:y:hal at alumni.caltech.edu
05:y:ebrandt at jarthur.claremont.edu
06:y:catalyst at netcom.com
07:y:remailer at rebma.mn.org
08:y:hfinney at shell.portal.com
09:y:remailer at utter.dis.org
10:y:remailer at entropy.linet.org
11:y:elee9sf at menudo.uh.edu
12:s:remail at extropia.wimsey.com

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWqC9IOA7OpLWtYzAQHYMQP9Esnc6TMQrpp0Hb7EKZ6N8msskC8oN4uE
NpgvweNJCRCyDX4utuqJAh+Z5fSzsflSoYRPaUUVf/48o90UYWnue51sAPuxmjzZ
UksmbhXyI/pAoEbsDjKj1q71vFQaZdcsViqDIhWTKZgwBGrmho9jVaDQe0tClJtN
5tdSjy7O65I=
=eMSB
-----END PGP SIGNATURE-----





From hughes at ah.com  Tue Feb 22 14:27:55 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 14:27:55 PST
Subject: the black budget
In-Reply-To: <9402222100.AA23192@netmail2.microsoft.com>
Message-ID: <9402222226.AA15543@ah.com>


>And I don't want to change the situation only with crypto, but also
>with public speech."

>What sort of public speeches would you (or others) make (to whom)?

Public speech is not a series of public speeches, but rather one's own
words spoken openly and without shame.

Tim has answered your question admirably.  Here is part of my answer:

   "I desire a society where all may speak freely about whatever topic
they will.  I desire that all people might be able to choose to whom
they wish to speak and to whom they do not wish to speak.  I desire a
society where all people may have an assurance that their words are
directed only at those to whom they wish.  Therefore I oppose all
efforts by governments to eavesdrop and to become unwanted listeners."

You may quote me, as always, but I would rather you spoke your own
feelings.

Eric





From hughes at ah.com  Tue Feb 22 15:10:08 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 15:10:08 PST
Subject: RATINGS: Subject tags
In-Reply-To: <199402222056.MAA15491@jobe.shell.portal.com>
Message-ID: <9402222308.AA15623@ah.com>


One of the goals of this arrangement I've proposed is that it can be
used to rate _any_ existing mailing list.  There's no reason the
ratings address has to be on the same machine as the list software.
If someone wants to set up an alternate cypherpunks rating service,
great.  If someone wanted to set up an extropians or libernet (two
lists which I know have high crossover to here) ratings service, you
could do so, without requiring the cooperation of the list
maintainers.

Now, onto Hal's comments, about which the above paragraph are a
response.

>This would imply that subscribers see the source of each rating.

Yes.  I find this desirable.  

>But I think this might consume too much bandwidth.  With possibly
>many raters, each producing a potentially multi-dimensional rating per
>message, this would be a lot of stuff to send along with each message.

The way it's set up now, there are two lists, cypherpunks and
cypherpunks-ratings.  The main list will not change basic operation
merely because there is a ratings list in place.  Subscription in the
ratings list is optional; a separate subscribe message must be sent.

I am unconcerned with the bandwidth right now.  For a mailing list, if
everybody sent ratings to everyone else, you get N^2 growth.  As it
is, very few people are going to have the software to generate or
accept ratings, so for prototyping this just doesn't matter.

As far as the long run, just as one will pay someone, somewhere for
delivery of a mailing list, one will pay for delivery of a ratings
list.  I would expect there to be an equilibrium reached where some
ratings-crunching service gets all the ratings and spits out digested
versions in succinct form.  The digested rating is just another
rating, after all.

>This makes sense, but there must still be two lists: one, the "raw" list,
>which is seen (at least) by raters and contains messages which have not
>yet been rated; and the other, the "rated" list, which has the rated
>messages.  

No, that is not how I'm doing the cypherpunks experiment.  What you
summarize above is similar to what I proposed for Usenet.  I am
proposing something different for this mailing list, something which
is workable given the constraints on configurability and resources at
toad.com.

>My suggestion was that messages which did not receive any
>ratings by anyone would not make it into the rated list.  Obviously an
>alternative would be to send it out tagged to show that no one cared
>enough to rate it.

I am not saying that a rated list shouldn't exist, merely that it
won't be sent from toad.  I'm perfectly happy with derivative
information products based on cypherpunks; anybody who wants to delay
the feed and take into account the ratings should be free to do so.

>subject tags such as
>"flame", "faq", "rant", etc. could be used to give more information than
>just the topic of the message.  

I agree, and an excellent suggestion.  Perhaps a simple syntactic
solution is to have each rating be of the form

	<keyword>/.<digits>

In other words, a key word followed by a fraction from zero to one.
The number of digits is left purposefully unspecified to allow for
finer and finer aggregate distinctions as the number of raters
increases.

This syntax appears to support all the criteria I mentioned in a
previous post.

>Message-ID is probably OK, but it is kind of long.  

So?  Look at the References: field in a typical Usenet posting that's
down in the discussion tree.  Gad.  The Message-Id is guaranteed to be
unique, and if it's longer than it might be, it's certainly easier and
more general to use that than to invent another unique identifier.

>Many mail agents will
>insert an "In-Reply-To" into the header which identifies the message ID,
>but not all will.  It would be a real pain to type one in manually.

One is just not going to be able to rate easily without software, I
anticipate.  Not everyone is going to be able to take advantage of the
ratings immediately, either.

Eric





From jim at bilbo.suite.com  Tue Feb 22 15:25:18 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 22 Feb 94 15:25:18 PST
Subject: Disinformation (or the Truth?) About Clipper
Message-ID: <9402222320.AA26065@bilbo.suite.com>



The idea of a disinformation campaign to oppose Clipper really bothers me.   
Isn't the true about Clipper damning enough?  Lying about Clipper seems like  
moral and ethical surrender.  I agree that lying can produce favorable results,  
but I'm not willing to stoop to that level.  If the anti-Clipper people (and I  
count myself one of them) can't defeat Clipper with the truth, this tells me  
the world is so fucked up it deserves Clipper and Capstone in every machine on  
the planet.

Jim_Miller at suite.com








From karn at qualcomm.com  Tue Feb 22 15:50:38 1994
From: karn at qualcomm.com (Phil Karn)
Date: Tue, 22 Feb 94 15:50:38 PST
Subject: Disinformation (or the Truth?) About Clipper
In-Reply-To: <9402222320.AA26065@bilbo.suite.com>
Message-ID: <199402222350.PAA17454@servo.qualcomm.com>


>The idea of a disinformation campaign to oppose Clipper really bothers me.   
>Isn't the true about Clipper damning enough?  Lying about Clipper seems like  

I agree completely. Telling the truth is all that's necessary.

Phil





From pmetzger at lehman.com  Tue Feb 22 16:01:38 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Tue, 22 Feb 94 16:01:38 PST
Subject: Disinformation (or the Truth?) About Clipper
In-Reply-To: <199402222350.PAA17454@servo.qualcomm.com>
Message-ID: <9402230001.AA08939@andria.lehman.com>



Phil Karn says:
> >The idea of a disinformation campaign to oppose Clipper really bothers me.  
> >Isn't the true about Clipper damning enough?  Lying about Clipper seems like
> 
> I agree completely. Telling the truth is all that's necessary.

Ditto.

Perry





From panzer at dhp.com  Tue Feb 22 16:02:48 1994
From: panzer at dhp.com (Panzer Boy)
Date: Tue, 22 Feb 94 16:02:48 PST
Subject: RATINGS: say what?
Message-ID: <Pine.3.87.9402221846.A28711-0100000@dhp.com>


Ok a few things.  To help me, and possibly others, understand this.

(Replace the word "YOU", with your name if you think you understand the 
rating system...)
You want two lists: (of sorts)
  1.  Current list, as is, anything in -> everyone out.
  2.  Rated List, anything in -> filtering/rating -> out.

Now my question is, who's going to spend the time dealing with this.  And 
how are you going to disallow stuffing the ballot, as we all know about 
spoofing.  And who's actually going to spend the time wading through all 
the Cypherpunk mail, and rating it all?

Are you planning on letter the general readers of "list 1" rate articles, 
and then people who subscribe to "list 2" will get anything that passes a 
certain "rating level" (or other criteria)?

Are we looking for something that you run the articles through, and it 
will spit out a "reading level" like most PC word-processors.  Then you 
could ask for just the articles that have <15 misspellings, and a reading 
level above 11th grade...

Pardon me if this isn't quite what some people seem to have in mind, but 
this just looks like electronic version of filling out forms in 
triplicate.

 -Matt
 (panzer at dhp.com)
 "That which can never be enforced should not be prohibited."







From hughes at ah.com  Tue Feb 22 16:06:50 1994
From: hughes at ah.com (Eric Hughes)
Date: Tue, 22 Feb 94 16:06:50 PST
Subject: RATINGS: say what?
In-Reply-To: <Pine.3.87.9402221846.A28711-0100000@dhp.com>
Message-ID: <9402230005.AA15800@ah.com>


>You want two lists: (of sorts)
>  1.  Current list, as is, anything in -> everyone out.
>  2.  Rated List, anything in -> filtering/rating -> out.

No.

The cypherpunks-ratings list is would not be transmitting anything but
ratings about cypherpunks messages.

I've not responded to anything else in the message because it all
assumes the incorrect model.

Eric





From jet at nas.nasa.gov  Tue Feb 22 16:22:33 1994
From: jet at nas.nasa.gov (J. Eric Townsend)
Date: Tue, 22 Feb 94 16:22:33 -0800
Subject: NIST Crypto Update
In-Reply-To: 's message of Tue, 15 Feb 1994 11:55:00 GMT
Message-ID: <9402230022.AA27791@boxer.nas.nasa.gov>


[From the NIST Computer Security Bulletin Board]

(EMBARGOED FOR RELEASE: 3:00 P.M., Friday, Feb. 4, 1994)

                           Fact Sheet
                  NIST Cryptography Activities 

Escrowed Encryption Standard

On April 16, 1993, the White House announced that the President
approved a directive on "Public Encryption Management."  Among
other items, the President directed the Secretary of Commerce, in
consultation with other appropriate U.S. agencies, to initiate a
process to write standards to facilitate the procurement and use of
encryption devices fitted with key-escrow microcircuits in federal
communications systems that process sensitive but unclassified
information.  

In response to the President's directive, on July 30, 1993, the
Department of Commerce's National Institute of Standards and
Technology (NIST) announced the voluntary Escrowed Encryption
Standard (EES) as a draft Federal Information Processing Standard
(FIPS) for public comment.  The FIPS would enable federal agencies
to procure escrowed encryption technology when it meets their
requirements; the standard is not to be mandatory for either
federal agency or private sector use. 

During the public review of the draft standard, a group of
independent cryptographers were provided the opportunity to examine
the strength of the classified cryptographic algorithm upon which
the EES is based.  They found that the algorithm provides
significant protection and that it will be 36 years until the cost
of breaking the EES algorithm will be equal to the cost of breaking
the current Data Encryption Standard.  They also found that there
is no significant risk that the algorithm can be broken through a
shortcut method of attack.

Public comments were received by NIST on a wide range of issues
relevant to the EES.  The written comments submitted by interested
parties and other information available to the Department relevant
to this standard were reviewed by NIST.  Nearly all of the comments
received from industry and individuals opposed the adoption of the
standard.   However, many of those comments reflected
misunderstanding or skepticism about the Administration's
statements that the EES would be a voluntary standard.  The
Administration has restated that the EES will be a strictly
voluntary standard available for use as needed to provide more
secure telecommunications.  The standard was found to be
technically sound and to meet federal agency requirements.   NIST
made technical and editorial changes and recommended the standard
for approval by the Secretary of Commerce.  The Secretary now has
approved the EES as a FIPS voluntary standard.
   
In a separate action, the Attorney General has now announced that
NIST has been selected as one of the two trusted agents who will
safeguard components of the escrowed keys.Digital Signature Standard

In 1991, NIST proposed a draft digital signature standard as a
federal standard for publiccomment.  Comments were received by NIST
on both technical and patent issues.  NIST has reviewed the
technical comments and made appropriate changes to the draft. 

In order to resolve the patent issues, on June 3, 1993, NIST
proposed a cross-licensing arrangement for a "Digital Signature 
Algorithm" for which NIST has received a patent application.  The
algorithm forms the basis of the proposed digital signature
standard.  Extensive public comments were received on the
proposed arrangement, many of them negative and indicating the need
for royalty-free availability of the algorithm.   The
Administration has now concluded that a royalty-free
digital signature technique is necessary in order to promote
widespread use of this important information security technique. 
NIST is continuing negotiations with the aim of obtaining a
digital signature standard with royalty-free use worldwide.  NIST
also will pursue other technical and legal options to attain that
goal.  

Cooperation with Industry

During the government's review of cryptographic policies and
regulations, NIST requested assistance from the Computer System
Security and Privacy Advisory Board to obtain public
input on a wide range of cryptographic-related issues, including
the key escrow encryption proposal, legal and Constitutional
issues, social and public policy issues, privacy, vendor and
business perspectives, and users' perspectives.  The Board held
five days of public meetings.  Comments obtained by the Board were
useful during the government's review of these
issues.  In addition, NIST met directly with many industry and
public interest organizations, including those on the Digital
Privacy and Security Working Group and the Electronic
Frontier Foundation.  

As directed by the President when the key escrow encryption
initiative was announced, the government continues to be open to
other approaches to key escrowing.  On August 24,
1993, NIST also announced the opportunity to join a Cooperative
Research and Development Agreement (CRADA) to develop secure
software encryption with integrated cryptographic key escrowing
techniques.  Three industry participants have expressed their
interest to NIST in this effort; however, the government still
seeks fuller participation from the commercial software industry. 
NIST now is announcing an opportunity for industry to join in a
CRADA to develop improved and alternative hardware technologies
that contain key escrow encryption capabilities.

Additionally, the Administration has decided to strengthen NIST's
cryptographic capabilities in order to better meet the needs of
U.S. industry and federal agencies.  

2/4/94




-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From jet at nas.nasa.gov  Tue Feb 22 16:23:34 1994
From: jet at nas.nasa.gov (J. Eric Townsend)
Date: Tue, 22 Feb 94 16:23:34 -0800
Subject: FIPS 185 - EES
Message-ID: <9402230023.AA27798@boxer.nas.nasa.gov>

[From the NIST Computer Security Bulletin Board]



FEDERAL INFORMATION
PROCESSING STANDARDS PUBLICATION 185

1994 February 9




U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology






ESCROWED ENCRYPTION STANDARD














CATEGORY:  TELECOMMUNICATIONS   SECURITY






U.S. DEPARTMENT OF COMMERCE, Ronald H. Brown, Secretary
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY,
Arati Prabhakar, Director


                          
Foreword


The Federal Information Processing Standards Publication Series of
the National Institute of Standards and Technology (NIST) is the
official series of publications relating to standards and
guidelines adopted and promulgated under the provisions of Section
111(d) of the Federal Property and Administrative Services Act of
1949 as amended by the Computer Security Act of 1987, Public Law
100-235.  These mandates have given the Secretary of Commerce and
NIST important responsibilities for improving the utilization and
management of computer and related telecommunications systems in
the Federal Government.  The NIST, through the Computer Systems
Laboratory, provides leadership, technical guidance, and
coordination of Government efforts in the development of standards
and guidelines in these areas. 

Comments concerning Federal Information Processing Standards
Publications are welcomed and should be addressed to the Director,
Computer Systems Laboratory, National Institute of Standards and
Technology, Gaithersburg, MD 20899.


James H. Burrows, Director
Computer Systems Laboratory 


Abstract

This standard specifies an encryption/decryption algorithm and a
Law Enforcement Access Field (LEAF) creation method which may be
implemented in electronic devices and used for protecting
government telecommunications when such protection is desired.  The
algorithm and the LEAF creation method are classified and are
referenced, but not specified, in the standard.  Electronic devices
implementing this standard may be designed into cryptographic
modules which are integrated into data security products and
systems for use in data security applications.  The LEAF is used in
a key escrow system that provides for decryption of
telecommunications when access to the telecommunications is
lawfully authorized. 

Key words:  Cryptography, Federal Information Processing Standard,
encryption, key escrow system,  security.



                                                  FIPS PUB 185


Federal Information
Processing Standards Publication 185

1994 February 9 

Announcing the

Escrowed Encryption Standard (EES)


Federal Information Processing Standards Publications (FIPS PUBS)
are issued by the National Institute of Standards and Technology
(NIST) after approval by the Secretary of Commerce pursuant to
Section 111(d) of the Federal Property and Administrative Services
Act of 1949 as amended by the Computer Security Act of 1987, Public
Law 100-235.

Name of Standard:  Escrowed Encryption  Standard (EES).

Category of Standard: Telecommunications Security.

Explanation: This Standard specifies use of a symmetric-key
encryption (and decryption) algorithm (SKIPJACK) and a Law
Enforcement Access Field (LEAF) creation method (one part of a key
escrow system) which provides for decryption of encrypted
telecommunications when interception of the telecommunications is
lawfully authorized.  Both the SKIPJACK algorithm and the LEAF
creation method are to be implemented in electronic devices (e.g.,
very large scale integration chips).  The devices may be
incorporated in security equipment used to encrypt (and decrypt)
sensitive unclassified telecommunications data.  Decryption of
lawfully intercepted telecommunications may be achieved through the
acquisition and use of the LEAF,  the decryption algorithm  and 
the two escrowed key components. 

One definition of "escrow" means that something (e.g., a document,
an encryption key)  is "delivered to a third person to be given to
the grantee only upon the fulfillment of a condition" (Webster's
Seventh New Collegiate Dictionary).  The term, "escrow", for
purposes of this standard, is restricted to this dictionary
definition. 

A key escrow system, for purposes of this standard,  is one that
entrusts the two components comprising  a cryptographic key (e.g.,
a device unique key) to two  key component holders (also called
"escrow agents").  In accordance with the above definition of
"escrow", the key component holders provide the components of a key
to a "grantee" (e.g., a law enforcement official) only upon
fulfillment of the condition that the grantee has properly
demonstrated legal authorization to conduct electronic surveillance
of telecommunications which are encrypted using the specific device
whose device unique key  is being requested.  The key components
obtained through this process are then used by the grantee to
reconstruct the device unique key and obtain the session key  which
is then used to  decrypt the telecommunications that are encrypted
with that session key. 

The SKIPJACK encryption/decryption algorithm has been approved for
government applications requiring encryption of sensitive but
unclassified data telecommunications as defined herein.  The
specific operations of the SKIPJACK algorithm and the LEAF creation
method are classified and hence are referenced, but not specified,
in this standard.

Data for purposes of this standard includes voice, facsimile and
computer information communicated in a telephone system.  A
telephone system for purposes of this standard is limited to a
system which is circuit switched and operating at data rates of
standard commercial modems over analog voice circuits or which uses
basic-rate ISDN or a similar grade wireless service.

Data that is considered sensitive by a responsible authority should
be encrypted if it is vulnerable to unauthorized disclosure during
telecommunications.  A risk analysis should be performed under the
direction of a responsible authority to determine potential threats
and risks.  The costs of providing encryption using this standard
as well as alternative methods and their respective costs should be
projected.  A responsible authority should then make a decision,
based on the risk and cost analyses, whether or not to use
encryption and then whether or not to use this standard.

Approving Authority:  Secretary of Commerce.

Maintenance Agency: Department of Commerce, National Institute of
Standards and Technology.

Applicability:   This standard is applicable to all Federal
departments and agencies and their contractors under the conditions
specified below.  This standard may be used in designing and
implementing security products and systems, which Federal
departments and agencies use or operate or which are operated for
them under contract.  These products may be used when replacing
Type II and Type III (DES) encryption devices and products owned by
the government and government contractors.  

This standard may be used  when the following conditions apply:

     1.  An authorized official or manager responsible for data
security or the security of a computer system decides that
encryption is required and cost justified as per OMB Circular A-
130; and
     2.  The data is not classified according to Executive Order
12356, entitled "National Security Information," or to its
successor orders, or to the Atomic Energy Act of 1954, as amended. 


However, Federal departments or agencies which use encryption
devices for protecting data that is classified according to either
of these acts may use those devices also for protecting
unclassified data in lieu of this standard. 

In addition, this standard may be adopted and used by non-Federal
Government organizations.  Such use is encouraged when it provides
the desired security.

Applications: This standard may be used in any unclassified
government and commercial communications.  Use of devices
conforming to this standard is voluntary for unclassified
government applications and for commercial security applications.

Implementations:   The encryption/decryption algorithm and the LEAF
creation method shall be implemented in electronic devices (e.g.,
electronic chip packages) which are protected against unauthorized
entry, modification and reverse engineering.  Implementations which
are tested and validated by NIST will be considered as complying
with this standard.  An electronic device shall be incorporated
into a cryptographic module in accordance with FIPS 140-1.  NIST
will test for conformance with FIPS 140-1.  Conforming
cryptographic modules can then be integrated into security
equipment for sale and use in a security application.  Information
about devices that have been validated,  procedures for testing
equipment for conformance with NIST standards, and information
about approved security equipment are available from  the Computer
Systems Laboratory, NIST, Gaithersburg, MD 20899.

Export Control: Implementations of this standard are subject to
Federal Government export controls as specified in Title 22, Code
of Federal Regulations, Parts 120 through 131 (International
Traffic of Arms Regulations - ITAR).  Exporters of encryption
devices, equipment and technical data are advised to contact the
U.S. Department of State, Office of Defense Trade Controls for more
information.

Patents: Implementations of  this standard may be covered by U.S.
and foreign patents.

Implementation Schedule: This standard becomes effective thirty
days following publication of this FIPS PUB.

Specifications: Federal Information Processing Standard (FIPS 185),
Escrowed Encryption Standard (EES) (affixed).

Cross Index:

   a.  FIPS PUB 46-2, Data Encryption Standard.
   b.  FIPS PUB 81, Modes of Operation of the DES
   c.  FIPS PUB 140-1,  Security Requirements for Cryptographic
Modules.




 GLOSSARY:

The following terms are used as defined below for purposes of this
standard:

Data - Unclassified voice, facsimile and computer information
communicated over a telephone system. 
 
Decryption - Conversion of ciphertext to plaintext through the use
of a cryptographic algorithm.

Device (cryptographic) -  An electronic implementation of the
encryption/decryption algorithm and the LEAF creation method as
specified in this standard.

Digital data - Data that have been converted to a binary
representation.

Encryption - Conversion of plaintext to ciphertext through the use
of a cryptographic algorithm.

Key components  - The  two values from which a key can be derived
(e.g., KU1 ~ KU2).  

Key escrow - The processes of managing (e.g., generating, storing,
transferring, auditing) the two components of a cryptographic key
by two key component holders.

LEAF Creation Method  - A part of a key escrow system that is
implemented in a cryptographic device and creates a Law Enforcement
Access Field.

Type I cryptography - A cryptographic algorithm or device approved
by the National Security Agency for protecting classified
information.

Type II cryptography - A cryptographic algorithm or device approved
by the National Security Agency for protecting sensitive
unclassified information in systems as specified in section 2315 of
Title 10 United States Code, or section 3502(2) of Title 44, United
States Code.

Type III cryptography - A cryptographic algorithm or device
approved as a Federal Information Processing Standard.

Type III(E) cryptography - A Type III algorithm or device that is
approved for export from the United States.
 
Qualifications: The protection provided by a security product or
system is dependent on several factors.  The protection provided by
the SKIPJACK algorithm against key search attacks is greater than
that provided by the DES algorithm (e.g., the cryptographic key is
longer).  However, provisions of this standard are intended to
ensure that information encrypted through use of devices
implementing this standard can be decrypted by a legally authorized
entity. 


Where to Obtain Copies of the Standard: Copies of this publication
are for sale by the National Technical Information Service, U.S.
Department of Commerce, Springfield, VA 22161.  When ordering,
refer to Federal Information Processing Standards Publication 185
(FIPS PUB 185), and identify the title.  When microfiche is
desired, this should be specified.  Prices are published by NTIS in
current catalogs and other issuances.  Payment may be made by
check, money order, deposit account or charged to a credit card
accepted by NTIS.


Federal Information
Processing Standards Publication 185

1994 February 9


Specifications for the


ESCROWED ENCRYPTION STANDARD


1. INTRODUCTION

This publication specifies Escrowed Encryption Standard (EES) 
functions and parameters.

2. GENERAL

This standard specifies use of the SKIPJACK cryptographic algorithm
and a LEAF Creation Method to be implemented in an approved
electronic device (e.g., a very large scale integration electronic
chip).  The device is contained in a logical cryptographic module
which is then integrated in a  security product for encrypting and
decrypting telecommunications.
 
Approved implementations may be procured by authorized
organizations for integration into security equipment.  Devices
must be tested and validated by NIST for conformance to this
standard.  Cryptographic modules must be tested and validated by
NIST for conformance to FIPS 140-1. 

3.  ALGORITHM SPECIFICATIONS

The specifications of the encryption/decryption algorithm
(SKIPJACK) and LEAF Creation Method 1 (LCM-1) are classified.  The
National Security Agency maintains these classified specifications
and approves the manufacture of devices which implement the
specifications.   NIST tests for conformance of the devices
implementing this standard in cryptographic modules to FIPS 140-1
and FIPS 81. 

4.  FUNCTIONS  AND PARAMETERS 

 4.1   FUNCTIONS

     The following functions, at a minimum, shall be implemented:

     1.  Data Encryption:  A session key (80 bits) shall be used to
encrypt plaintext information in one or more of the following modes
of operation as specified in FIPS 81:  ECB, CBC, OFB (64), CFB (1,
8, 16, 32, 64).

     2.  Data Decryption:   The session key (80 bits) used to
encrypt the data shall be used to decrypt resulting ciphertext to
obtain the data .

     3.  LEAF Creation:  A Family Key (e.g., KF-1) shall be used to
create a Law Enforcement Access Field (LEAF) in accordance with a
LEAF Creation Method (e.g., LCM-1).  The security equipment shall
ensure that the LEAF is transmitted in such a manner that the LEAF
and ciphertext may be decrypted with legal authorization.  No
additional encryption or modification of the LEAF is permitted. 

4.2  PARAMETERS

     The following parameters shall be used in performing the
prescribed functions:

     1.  Device Unique Identifier  (UID):  The identifier unique to
a particular device and used by the Key Escrow System.

     2.  Device Unique Key (KU):  The cryptographic key unique to
a particular device and used by the Key Escrow System.

     3.  Cryptographic Protocol Field (CPF):  The field identifying
the registered cryptographic protocol used by a particular
application and used by the Key Escrow System (reserved for future
specification and use).

     4.   Escrow Authenticator (EA):  A binary pattern that is
inserted in the LEAF to ensure that the LEAF is transmitted and
received properly and has not been modified, deleted or replaced in
an unauthorized manner.

     5.  Initialization Vector (IV):  A mode and application
dependent vector of bytes used to initialize, synchronize and
verify the encryption, decryption and key escrow functions.

     6.  Family Key (KF):  The cryptographic key stored in all
devices designated as a family that is used to create a LEAF.

     7.  Session Key (KS):  The cryptographic key used by a device
to encrypt and decrypt data during a session. 

     8.   Law Enforcement Access Field (LEAF):  The field
containing the encrypted session key and the device identifier and
the escrow authenticator. 


5.   IMPLEMENTATION

The Cryptographic Algorithm (i.e., SKIPJACK) and a LEAF Creation
Method (e.g., LCM-1) shall be implemented in an electronic device
(e.g., VLSI chip) which is highly resistant to reverse engineering
(destructive or non-destructive) to obtain or modify the
cryptographic algorithm, the UID, the KF, the KU, the EA, the CPF,
the operational KS, and any other security or Key Escrow System
relevant information.  The device shall be able to be
programmed/personalized (i.e., made unique) after mass production
in such a manner that the UID, KU (or its components), KF (or its
components) and EA fixed pattern can be entered once (and only
once) and maintained without external electrical power. 

The LEAF and the IV shall be transmitted with the ciphertext.  The
specifics of the protocols used to create and transmit the LEAF,
IV, and encrypted data shall be registered and a CPF assigned.  The
CPF  (and the KF-ID, LCM-ID) shall then be transmitted in
accordance with the registered specifications.

Various devices implementing this standard are anticipated.  The
implementation may vary with the application.  The specific
electric, physical and logical interface will vary with the
implementation.  Each approved, registered implementation shall
have an unclassified electrical, physical and logical interface
specification sufficient for an equipment manufacturer to
understand the general requirements for using the device.  Some of
the requirements may be classified and therefore would not be
specified in the unclassified interface specification.  
 
The device Unique Key shall be composed of two components (each a
minimum of 80 bits long) and each component shall be independently
generated and stored by an escrow agent.  The session key used to
encrypt transmitted information shall be the same as the session
key used to decrypt received information in a two-way simultaneous
communication.  The Lead Creation Method (LCM), the Cryptographic
Protocol Field (CPF), and the Family Key Identifier (KF-ID) shall
be registered in the NIST Computer Security Object Register.  

This standard is not an interoperability standard.  It does not
provide sufficient information to design and implement a security
device or equipment.  Other specifications and standards will be
required to assure interoperability of EES devices in various
applications.  Specifications of a particular EES device must be
obtained from the manufacturer.

The specifications for the SKIPJACK algorithm are contained in the
R21 Informal Technical Report entitled "SKIPJACK" (S), R21-TECH-
044-91, May 21, 1991.  The specifications for LEAF Creation Method
1 are contained in the R21 Informal Technical Report entitled "Law
Enforcement Access Field for the Key Escrow Microcircuit" (S).  
Organizations holding an appropriate security clearance and
entering into a Memorandum of Agreement with the National Security
Agency regarding implementation of the standard will be provided
access to the classified specifications.   Inquiries may be made
regarding the Technical Reports and this program to Director,
National Security Agency, Fort George G. Meade, MD 20755-6000,
ATTN: R21.





-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From jpp at markv.com  Tue Feb 22 17:28:31 1994
From: jpp at markv.com (jpp at markv.com)
Date: Tue, 22 Feb 94 17:28:31 PST
Subject: RATINGS: why, which, and how.
In-Reply-To: <9402230005.AA15800@ah.com>
Message-ID: <9402221727.ab10957@hermix.markv.com>


=			  But *why* ratings?

  Readers only want to read good stuff; so they will enhance rating
capable post perusers, and they will comunicate with that post peruser
by rating authors of ratings, and other authors of general posts.
Think of it as a really smart killfile, you tell your post reader if
you liked, or didn't like an article, and it learns what ratings are
important to you.

  Authors want to be heard, and build up a 'rep' (and digital cash),
so they are incentivized to post good stuff, in apropriate places (and
when good enough, to sell the stuff).  Flamers will still flame, but
they will see clearly how many people read, or like their flames.
(and good flamers will sell their rants over in alt.flame...)

  Raters want to build up a 'rep' (and digital cash), so they are
incentivized to rate things (and like other authors, when their stuff
is good enough, they will sell it).

  A person will naturaly be author, reader, and rater at various
times.


=		Which rating dimentions should we use?

  I really like the idea of a ratings system (no suprise).  But I
sugest a little more anarchistic, spontaneously ordered system.  Start
with _any_ set of dimentions, and let other people rate the
dimentions.  Popular dimentions will be rated highly, and unpopular
ones lowly.


=		  How should we format the ratings?

  I really like the format dimention-name.rating-digits with the
digits taken to be a value from 0 to 1.  But rather than only being
able to rate one article in one rating article, how about condensing
multiple ratings as shown below?  Then each ratings service (or
person) could batch things up, and distribute them with less
overhead.

-----BEGIN PGP SIGNED MESSAGE-----
(
  ; comment begins with a semicolan
  (POST article-id1 dimention11.rating11 dimention12.rating12 ...)
  ; or perhaps even more lispy
  (POST article-id2 (dimention21 rating21) (dimention22 rating22) ...)
  ; rating of a portion of an article
  (POST (article-id3 line-beg.char-beg line-end.char-end) 
        dimention31.rating31 dimention32.rating32 ...)
  ; rating an author
  (FROM author1 dimentionA1.ratingA1 dimentionA2.ratingA2 ...)
  ; rating a rating dimention
  (DIM dimention dimentionD1.ratingD1 dimentionD2.ratingD2 ...)
)
-----BEGIN PGP SIGNATURE-----
6Ez3P7vdHa75uiuqzy4mwaUM3ekx8ohTudmXND1OKr3r9j9mjWtZr8TD8Upc7rVy
4NzoFpDTEXWpGcq6fF7jL4OPpRIMH7ljORDrBL19gjqR9w8leoSylFpNRAHVOCTx
jOVUdh+45+u1t9hiYS6IeK5A0LoRWpS/iQCVAgUBLWm2Rni7eNFdXppdAQHB1gQA
-----END PGP SIGNATURE-----

j'
--
		   O I am Jay Prime Positive jpp at markv.com
1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5  89 C9 F0 FE B4 3A 2C 3F
 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED  66 23 F1 71 DE FF 51 48
Public keys via `finger jpp at markv.com', or via email to pgp-public-keys at io.com
Your feedback is welcome directly or via my symbol JPP on hex at sea.east.sun.com

Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition at cpsr.org





From fhalper at pilot.njin.net  Tue Feb 22 19:09:20 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Tue, 22 Feb 94 19:09:20 PST
Subject: Disinformation
Message-ID: <9402230240.AA01419@pilot.njin.net>


Jim Miller wrote:
The idea of a disinformation campaign to oppose Clipper really bothers me.
Isn't the true about Clipper damning enough?  Lying about Clipper seems like
moral and ethical surrender.  I agree that lying can produce favorable results,
 
but I'm not willing to stoop to that level.  If the anti-Clipper people (and I
count myself one of them) can't defeat Clipper with the truth, this tells me
the world is so fucked up it deserves Clipper and Capstone in every machine on.

I feel that in the present situation with the Clipper chip, the ends justifies t
he means.  If Clipper is widely implemented it will affect the development of th
e "Information Super Highway" for years to come.  What Jim Miller sayts about ly
ing about Clipper is true.  But, what if that is the only way to open peoples eyes?  Any means neccesary is the ONLY way to a victory in this case.  you can't truly believe that the government is inly going to implement Clipper on a "voluntary" basis?
Reuben Halper
-Anger is a gift- Rage against the machine/Freedom
P.S.  Did anyone read the article in Covert action a couple months back on Clipper, it was very well done.





From wcs at anchor.ho.att.com  Tue Feb 22 19:09:26 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 22 Feb 94 19:09:26 PST
Subject: REAL WORLD ENCRYPTION
Message-ID: <9402230224.AA27703@anchor.ho.att.com>


There are several factors that are probably leading people to ask about
how digicash is valued.  WHile digicash is basically a transaction technology,
there are different categories of transactions it can support.
One way for it to acquire value is the method that checks and bank notes use -
somebody deposits real money in a bank, and writes requests to move it around.
Since you're talkign about starting a bank, the obvious question is whether
the accounts will be in dollars, yen, gold/silver, rubles, etc.;
while much of the business may be in dollars or Swiss francs,
supporting more than one currency increases your workload a good bit,
and each additional currency adds a certain amount of work.

The other way digicash is likely to acquire value is for it to
represent requests for certain amounts of service, e.g. digital postage stamps,
highway tolls, etc, where it's basically service-provider scrip.
For some systems, this may be free and used just for resource allocation,
or testing, or whatever.
			Bill





From wex at media.mit.edu  Tue Feb 22 19:38:35 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Tue, 22 Feb 94 19:38:35 PST
Subject: Digsig in Germany for RX?
Message-ID: <9402230338.AA24871@media.mit.edu>


[I snarfed this from Phil Agre's RRE list; I know nothing else about this...
--AW]

Date: Fri, 18 Feb 94 15:33:43 +0000
From: G.Joly at cs.ucl.ac.uk (Gordon Joly)
Subject: MICE Seminar for February 22 at 14:00 GMT.
Newsgroups: dec.mail.lists.rem-conf

You are invited to the next MICE International Seminar which will
take place next week.

Please limit traffic for two hours from 14:00 GMT on Tuesday,
February 22.  This seminar will be transmitted on the usual multicast
addresses (please see the sd entry), and will be advertised in sd
from Tuesday morning. Further information of this and future seminars
is kept in the URL

        http://www.cs.ucl.ac.uk/mice/seminars.html

Bruno Struif (GMD) speaking from Darmstadt, Germany will give a
presentation on:

"The Privacy Enhanced Electronic Prescription".

Abstract
--------

In Germany, more than 500 millions prescriptions are issued per
year. Normally, the patient receives the prescription in the doctor's
practice and takes it to a pharmacy where he gets his
medicaments. From the pharmacy, the prescription is physically
transported to a pharmacy computer center where it will be processed
in different ways. Finally the patient health insurance gets this
prescription with listings containing the result of the processing in
the pharmacy computer center.  Since the prescription is a paper
document, the processing is difficult, time-consuming and
cost-intensive.

The introduction of the health insurance card in Germany will improve
the technological environment in the doctor's practices.The
prescriptions will be produced in the future by using the health
insurance card, a personal computer and a printer. The model
presented shows that the electronic presentation of the prescription
produced in the doctor's PC can be maintained so that the difficult
and expensive way of processing paper prescriptions in the pharmacy,
the pharmacy's computer center and finally by the health insurance
can be avoided.

The solution described and already implemented at GMD is


 -  to sign the electronic prescription by the doctor with its physician smartcard
  capable to compute digital signatures
 -  to write the electronic prescription in the patient's smartcard
 -  to prove the authorization of a pharmacist for the access to the patient's
  smartcard by using a pharmacist smartcard
 -  to electronically transmit the electronic prescription together with pharmacy
  information (name of the pharmacy, prescription cost etc) to the pharmacy
  computer center or the health insurance computing center where it can be
  automatically processed.

The patient gets therefore two representation forms of the
prescription, the electronic form and the paper form. The
paper form is still necessary in the relationship
doctor/patient/pharmacist, since


 -  the patient has a right to look on the issued prescription,
 -  in case of malfunction of the patient's smartcard in the pharmacy 
    the delivery of the medicaments has still to be possible and 
 -  the assembly of the medicaments is easier with a paper form in the hand.


In the new release of the electronic prescription model a step in the
direction of data privacy has been made. The personal data of the
patient and the doctor are replaced by digital pseudonyms in a way
that the pharmacy computing center and the health insurance can
verify only certain characteristics, e.g. that the prescription has
been issued by a registered doctor and that the related patient is a
member of the respective health insurance. In special cases, a
re-identification of the doctor or the patient is possible by using
re-identification smartcards.


Gordon Joly         Phone +44 71 380 7934       FAX +44 71 387 1397
Email: G.Joly at cs.ucl.ac.uk    UUCP: ...!{uunet,uknet}!ucl-cs!G.Joly
Comp Sci, University College, London, Gower Street, LONDON WC1E 6BT
  WWW WWW WWW http://www.cs.ucl.ac.uk/mice/gjoly.html WWW WWW WWW






From blancw at microsoft.com  Tue Feb 22 20:02:00 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 22 Feb 94 20:02:00 PST
Subject: the black budget
Message-ID: <9402230402.AA05518@netmail2.microsoft.com>


The statement someone earlier made (I don't remember by who) that "The 
black budget is taxation without representation.", could be restated to 
indicate that it is taxation without *true* representation, for all the 
reasons that many subscribers to this list would already be aware of 
(if there was true representation, there would be some rather 
anarchistic congressmen & IRS agents in office).

Which reminds me -   "In Space, No One Can Hear You Scream".
(In the space between some people's ears, that is.)
In the best circumstances, open & honest speaking would be more 
profitably addressed to an audience possessed of an active intelligence 
that is interested in knowing & comprehending the actual & its consequences.
.......................
I didn't see, in Tim's reply to my question about the spreading of 
"disinformation", where what he relates represents that (perhaps 
because I'm not very knowedgable regarding some of the 'facts' 
mentioned);  it actually seems to me to be an unfortunate label to 
apply to all of these efforts, since they are offered in a concern for, 
and in consideration of, the consequences to everyone's personal 
interest - privacy.  Whether the picture is "blown up" to appear to be 
worse than it looks, presently, seems moot, since it should be easy to 
imagine what could happen in the future even if these invasive plans 
are not yet in effect; i.e., just what such a scenario purports for the 
situation here in the US and everywhere else.  The future truth could 
be more fearsome than any present, alarming fictionalization.  (But, 
then, I'm prepared to imagine.)

Blanc





From peace at BIX.com  Tue Feb 22 20:08:01 1994
From: peace at BIX.com (peace at BIX.com)
Date: Tue, 22 Feb 94 20:08:01 PST
Subject: BIX musings on Zimmermann
Message-ID: <9402222215.memo.17974@BIX.com>


Reposted from bix.com
==========================
security/encryption #695, from gnikoloff, 2722 chars, Tue Feb 22 19:24:18 1994
This is a comment to message 694.
--------------------------
I think many of us want to know anything that happens. (About the Zimmermann
Grand Jury).   If Phil Zimmermann
is indicted for what he did, then I can't see how the US can differ from
any third-world police state. I can remember reading about how 'Fusion'
magazine, which is a publication dealing with Nuclear Fusion, was prosecuted
for allegedly revealing secrets behind the construction of thermonuclear
weapons (amazingly, one of the key techniques was the use of Styrofoam to
build a stable plasma during detonation). They pointed out that the details
had been published 30 years ago in the Encyclopedia Americana. I believe
the case was dropped. 
Phil didn't invent RSA encryption. He just popularised it by providing a
great product, professionally designed and written, easy to use.
To attempt to suppress this technology now would be as futile as suppressing
details on the construction of nuclear weapons. Enough information exists
in the public domain for countries such as North Korea to build a bomb.
You can't, as one science-fiction writer said in another context,
"put the mushroom cloud back in the shiny uranium sphere". Actually, now
I think about that, it was Isaac Asimov in his story about an invention
which allowed people to see back into time. Suppressed by the Government,
it was independently re-invented by a professor who only got curious about
the topic when he realised it was classified. The catch; when does time begin?
one second ago?, one nano-second ago?. With the invention, privacy became
a thing of the past; you could go anywhere, see anything. Its kind of a neat
twist on this issue. The government would have us believe encryption is a
*bad thing* because bad guys will use it to hide their activities. But,like
the time-travel machine, there are good and bad points. Who do you believe?.
Myself, I want to use encryption such as PGP for good and legitimate reasons.
For example, if I want to send confidential information over the Internet, which
is obviously not a secure channel. It is patently ridiculous to suggest
that I should not be permitted to do this.
But the arguments have been done to death. Like abortion, it boils down to
the right of the individual versus the rights of the State (and by implication,
society as a whole). I vote for the right to privacy. In fact, I had thought
it enshrined in the Constitution. It is a basic tenet of life in a democratic
society.
If you're reading this, Phil, there are many people backing you 100%.
As for the rest of us, make a stand. To the owners of BIX, if you permit
these sorts of discussions on your system, you should have the courage to post
PGP. There are other US sites on the Internet still holding it. Stand up and
be counted!. They can't sue you all.





From tcmay at netcom.com  Tue Feb 22 20:17:32 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 22 Feb 94 20:17:32 PST
Subject: Disinformation (or the Truth?) About Clipper
In-Reply-To: <199402222138.NAA14229@mail.netcom.com>
Message-ID: <199402230418.UAA22720@mail.netcom.com>


My use of the term "disinformation" seems to have taken on a life of
its own as "lying," with several posters saying that the truth is
best, that lying is bad, and that if we have to lie we deserve to have
Clipper and Capstone!

What I urge--and others are free to do as they wish--is to "educate"
people by describing to them the implications as we see them. That is,
we who have thought about Clipper and have seen past government
depredations and abuses, have seen from the beginning how Clipper is
likely to be abused, how the very concept of key escrow is anathema to
basic rights, how Clipper and its Big Brethren (I just coined this)
are likely to be made mandatory, etc. We see truth, not the charade of
"voluntarism" and the "social need" cited by the authorities.

So, is it "truthful" to tell people Clipper is a purely voluntary
standard, which is the official position? Is it "disinformation" to
undermine public support for Clipper by pointing to the very likely
(but unprovable, until it happens) banning of alternatives?

(The difficulty of banning alternatives is another issue, of course.)

I don't advocate ever using out-and-out lies, which is why I said the
following in my post this morning:

> Briefly, "Tell X to Y," where X and Y are the following:
> 
> Tell them X:
> 
> - Clipper is a wiretapping system

Is there any doubt about this? 

> - Clipper has more than one back door

This is more speculative, but fits what folks as eminent as Whit
Diffie have discussed. Backdoors in the escrow system and in the
Skipjack algorithm must be assumed to exist until the algorithm has
been publically discussed, analyzed, tested, etc...and maybe still
even then.

I tell folks the history of other such algorithms, including the
speculations about DES. I point out that Skipjack is completely
secret, and the original key escorw procedure has been changed since
announcement, suggesting a more direct way in was planned from the gitgo.

> - Clipper keys have already been compromised by non-government
> entities

This I will concede is probably not the case. And I suppose I wouldn't
make this claim until more evidence comes out. But as soon as there
are hints that unauthorized wiretaps have occurred, or that foreign
phone calls mean the keys are revealed, etc., this will likely be a
true statement. I suspect it's close to being true.

> - Clipper is for spying on foreign-based corporations

No doubts.

> - Clipper will be used to monitor corporations

No doubts. Foreign subsidiaries mean the NSA can tap, without
warrants. The Criminal Enforcement division of the IRS does not
require warrants, I've been told by a fellow Cypherpunk (but I haven't
confirmed this). 

> - Clipper chip makers (Mykotronx, VLSI Tech, National, etc.) have had
> their security systems breached

Recall the "dumpster diving" episode? And there's some stuff about
National's PCMCIA card product that I'm not free to talk about, but it
indicates further leaks are happening.

> - Clipper is Big Brother

A polemical statement, but not a lie.

So, of 7 statements, 5 truths, 1 marginal truth, and 1 wild
speculation. 

> - journalists (e.g., I informed John Markoff of some of these things,
> which he mostly knew about--he knows more than I do!-- and the
> strategy of disinformation and sabotage....it made it into his Sunday
> article...and I'm talking to two other journalists now)
> 
> (I'm honest with journalists: I tell them upfront that a
> disinformation/sabotage campaign is underway and that they should thus
> take anything I say, or anyone else says, in this light. They're
> usually very bright and see these things anyway, so this clears the
> air. It is not a contradiction to tell them that a
> disinformation/sabotage campaign is underway and then to tell them
> about reports the Clipper chip manufacturers have had security
> compromises. And other such things.)

Disinformation does not necessarily mean outright lying...it often means
putting a twist on things to make a point and to undermine confidence
in the opponent's party line.

Call it counter-propaganda if you wish.

By all means, tell the truth. But be sure to tell what you expect to
be the long-term truth, not just the immediate, official truth.

I tell people the governments of the world are clearly planning for
bans on unapproved, unescrowed encryption. The governments would call
this a lie, saying the Clipper and its Big Brethren are purely
voluntary standards. So who is lying?

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From sasha at cs.umb.edu  Tue Feb 22 20:44:38 1994
From: sasha at cs.umb.edu (Alexander Chislenko)
Date: Tue, 22 Feb 94 20:44:38 PST
Subject: RATINGS: Subject tags
Message-ID: <199402230444.AA29186@eris.cs.umb.edu>


  For quite a while now, I have been advocating a rating system based
on *calculating correlations* of people's interests in each topic domain.
 
   This allows to:
 
   - give personalized ratings to each user;
   - filter out any number of "evil tentacles" recommending you junk;
   - suggest incentives to each user to rate articles;
   - introduce digicash payments for all messages and ratings;
   - implicitly use quality criteria that are difficult to formalize;
   - find like-minded people, even if you never post anything
 
  In short, it works like this:
 
you read stuff, if you like it, you pay for it as much as you want;
what you pay is considered your rating of the article; the System
calculates correlations of your ratings with everybody else's;
you can select articles that people with your interests in the given
area liked most; so it makes sense for you to pay and be sincere -
otherwise the system may not work for you, and you will read too
much junk.  Also, people whose ratings helped you choose it, can get
some share of your payment - another incentive to read early and
carefully, and be fair (you can actually earn credits as a critic).
 
  Authors can establish minimal payments for their texts, but it will
be not their advertizing headers, but the opinions of like-minded
with *you* people that will help you choose texts.
 
   I have a more or less detailed development proposal for such a system 
and would be happy to share it if anybody is interested.

------------------------------------------------------------------------------
|  Alexander Chislenko | sasha at cs.umb.edu | Cambridge, MA  |  (617) 864-3382 |
------------------------------------------------------------------------------





From Seth.Morris at lambada.oit.unc.edu  Tue Feb 22 21:14:40 1994
From: Seth.Morris at lambada.oit.unc.edu (Seth Morris)
Date: Tue, 22 Feb 94 21:14:40 PST
Subject: RATINGS: an alternative request-based system?
Message-ID: <9402230514.AA24349@lambada.oit.unc.edu>



 I have been thinking about the proposed ratings system, and thought
long and hard about what *I* would want in ratings I receive, and
how much I would like to rate articles with ease.
 The model I arrived at was substantively different, and may reduce
overall bandwidth while allowing greater control of my own personal
mbox. 

 What I would see is a list which only sent the traffic to a subscriber
on _request_ instead of at once (perhaps more digest-oriented). I would
send a message to cypherpunks-rated at whatever.domain (which could be an
independant ratings group subscribed to receive and hold the "normal"
'punks list, and perhaps other related lists) with a command to get the 
mail I had not yet received. I would prefer that the list handle a 
database of when I last requested mail, and perhaps had a command to
just tell me how MUCH mail was waiting (in both messages and Kb).
 Then, the messges would arrive, along with any ratings. Perhaps some
services could maintain a ratings profile for me, of the signators I trusted
to rate and the topics/ratings I prefer (one especial benefit for me
would be to raise my filtering level at the transmission end on those days
when the volume had increased, as launchpad has _serious_ disk problems,
and I'm telnetted in at 2400 bps anyway).
 The messages would arrive and I could reply to cypherpunks-rated with
MY ratings/comments (whichI would like to see batched and transmitted to the
author, so comments on saliency/style/flamage would be sent only to her/him and
not clutter up anyone's mailbox) to the server to be added to the list.
 This way, new messages are always sent (although it would be easy to
change that, preferably in my profile) to be rated, and old messges 
have longer accumulated ratings.

 Actually, this runs more like a mail-based archive than a list, but the
end result is similar. Perhaps a couple of days hacking at some archive
manager (like the ones at most listserv's... does majordomo have archiving?)
could set up a running prototype.

 It seems that this meets most of the requirements: multiple ratings,
multiple ratings services, easily alterable filtering profiles, easily
extended to handle keywords (many archivers already o this, of course).

 Specifics are debatable: the source filtering seems controversial (although
I don't know why, unless people are worried about having the list manager
know their preferences, in which case they can get everything and
its ratings and handle them locally), so maybe the server shouldn't
keep persistent profiles, but should receive a request with a profile
for that specific request.

 Perhaps I send a "request on" message, and receive a message containing
information on the queue: how many new messages (in however much time,
so I know), how many Kb, how many rated messages on which common topics
(in any given two-day period, the number of topics stays pretty low), etc,
and I reply with numbers ie:

>Per: your "request on" message of 940401:1935GMT
> Last request 940401:1209GMT
>Messges: 12
>Kbytes: 65
>Remember: ar is "Average Rating" of raters accepted in your
> "request on" message: Raters id's follow:
> exclude: BIFF.DORK at BITNET.SHOUT
> exclude: ld*@lance*
> accept: master.rater at text.analysis.god.com
>
>Keyword: Remailers... 3 messages rated, 1 message unrated, ar:8.2
send all Remailers
>Keyword: Libertarian... 2 messages rated, 0 messages unrated, ar:0.6
send above 2.0
>Keyword: PGPTools... 5 messages rated, 1 message unrated, ar:5.2
send above 7.0
send below 1.0 #for chuckle factor
> Your messages comments:
> msg id: xxxxxx
>  "Excellent, it changed my life" Rating: 1.1 --SomeOne
>  "Rehash of old crap" Rating 7.6 --SomeOne Else
> msg id: yyyyyy
> <no comments>

Hmmm... a bit too wordy, but you get the idea. (Get the lucifer? Get the
skipjack? (Remember: Ounce for ounce...) )

 This would also make receiving multiple lists easier for those of us with
no filters (Where does one get pc-elm???????), as we could receive one list,
process it, and then get another list, allowing us to not get them
mixed up.

 Seth Morris (seth.morris at launchpad.unc.edu)






From Seth.Morris at lambada.oit.unc.edu  Tue Feb 22 21:36:50 1994
From: Seth.Morris at lambada.oit.unc.edu (Seth Morris)
Date: Tue, 22 Feb 94 21:36:50 PST
Subject: Education needed, but what specifics?
Message-ID: <9402230536.AA28829@lambada.oit.unc.edu>



 I think we all agree that the public needs education on crypto and
crypto politics. What specific issues need to be addressed?
 
 For some time now, I have been kicking around ideas for games related to
crypto, and I have decided that it may be an excellent education/propoganda
tool. What I'm thinking of is a BBS door that incorporates encryption
ideas (probably without using any actual excryption, to make sysops
more comfortable with it -- I'm co-sysop of a local BBS and my
"real" sysop refuses to allow crypto software on it, for the same reason
he's reluctant to house an adult area, no matter how much he personally
would like both (although, admittedly, he's primarily interested in the
adult area)).
 Originally I had thought of a game where encryption was used to transmit
messages to units (a space-war-game, perhaps?), and capturing and 
decrypting your opponents messages was paramount. Ultimately, as your
"cryptotech level" increased, you'd get stronger cyphers and develope
public-key tech, etc., but this seemed pretty limited in its educational
potential and pretty derivative of existing games.

 My current idea is something more based on the net. Players take the role
of corporations pet punks, or freelancers, and use encryption to
cover their butts while following traffic analysis trails of opponents 
(digital) money, setting up services for profit (and perhaps to
follow the traffic opponents pass through them... leading to more
encryption, etc), leading to ratings services and digital reputations,
leading to denial-of-service attacks, etc.
 This could get exciting to play, and would lead to a cypherpunks-agreeable
position in the game, perhaps facilitating "market penetration" of
EFF, CPSR, and other cypherpunks-friendly literature.
 Perhaps the game should make frequent mention of PGP, RSA, Chaum and
other sources in the literature (a door with a bibliography!)?

 What do y'all think of the idea? I think gaming is a wonderful way to
spread ideas, and have been looking for a way to use it for some time.
What elements of cypherpunks' philosophy and methods should/could be
incorporated? I think emphasising the cyBerpunk-like aspects of the
game (spoofing to get information, copyiong mail logs to follow
message traffic, etc) would make the game more popular, and while it
might hurt the game's reputation as a propoganda tool (wow-- a game
that's a manual on attacking services on the net... how is that good
for people?), it should increase the player's awareness of the
_need_ for signatures, reputations, untraceablility, etc.
 Besides, who wouldn't want to infiltrate Denning Associates Corporation
and Stern & Light Pharmaceuticals to funnel money and information
to Mayday Publishing or somesuch?

 Seth Morris (seth.morris at launchpad.unc.edu)
PS- I'm still having problems with PGP Tools 1.0c. The ptd.exe locks
in fifo_destroy when trying to find a private key on the ring. Any
suggestions? My first applet to test the library (an MD5 hasher for
files on the command line) works fine, though.






From pdn at dwroll.dw.att.com  Tue Feb 22 22:15:41 1994
From: pdn at dwroll.dw.att.com (Philippe Nave)
Date: Tue, 22 Feb 94 22:15:41 PST
Subject: Education needed, but what specifics?
In-Reply-To: <9402230536.AA28829@lambada.oit.unc.edu>
Message-ID: <9402230615.AA02087@toad.com>


-----BEGIN PGP SIGNED MESSAGE-----

Seth Morris writes :
> 
>  For some time now, I have been kicking around ideas for games related to
> crypto, and I have decided that it may be an excellent education/propoganda
> tool.

Interesting.. Interesting..

> 
>  Perhaps the game should make frequent mention of PGP, RSA, Chaum and
> other sources in the literature (a door with a bibliography!)?

Getting better...

> 
>  What do y'all think of the idea? I think gaming is a wonderful way to
> spread ideas, and have been looking for a way to use it for some time.
> What elements of cypherpunks' philosophy and methods should/could be
> incorporated? I think emphasising the cyBerpunk-like aspects of the
> game (spoofing to get information, copyiong mail logs to follow
> message traffic, etc) would make the game more popular, and while it
> might hurt the game's reputation as a propoganda tool (wow-- a game
> that's a manual on attacking services on the net... how is that good
> for people?), it should increase the player's awareness of the
> _need_ for signatures, reputations, untraceablility, etc.
>  Besides, who wouldn't want to infiltrate Denning Associates Corporation
> and Stern & Light Pharmaceuticals to funnel money and information
> to Mayday Publishing or somesuch?
> 

Whoa... is this thing supposed to be a *game*, or a training school for 
net.guerilla.warfare? I may be a minority of one, but I'm not going to
risk *anything* by trying to hack mail systems, trace their logs, or 
spoof. Quite frankly, I can't be bothered - apart from a sort of 'James 
Bond' thrill, that sort of thing has no appeal whatsoever. Hopefully, I'm
just missing the point here, but I wonder how smart it is to advocate
'hacking net services' in a game that is supposed to introduce people to
strong crypto. Although it might not be very thrilling, my hope is that 
Mom and Pop Citizen will one day use PGP (or <insert-favorite-crypto-here>)
on their routine e-mail - they may never know or care about telnetting to
port Q-47, and I don't think that matters much. Be careful with the game;
don't overemphasize the cloak-and-dagger to the point that Average Citizen
gets spooked off strong crypto.

Don't take this as flame-bait, please; this just posting just hit me at
the right time to provoke a philosophical outburst. While it is fun for 
the cypherpunks to skulk around and spoof each other, we must not lose 
sight of a large segment of our intended audience - namely, those people
who might hop on the strong crypto bandwagon so long as the 'skullduggery'
factor does not get too high. I think there is a large market for crypto
services that is completely detached from the 'full blown' cypherpunk 
agenda of anonymity, remailers, untraceability, etc. 

[Soapbox in hand, he shuffles off for more coffee.......]

- -- 
........................................................................
Philippe D. Nave, Jr.   | Strong Crypto: Don't leave $HOME without it!
pdn at dwroll.dw.att.com   | 
Denver, Colorado USA    | PGP public key: by arrangement.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWrztAvlW1K2YdE1AQE7+gP/aukdQwjomYPT2sSxdbZBlYQZDQ+In8/e
p743zwazbyDJYZjv39/7/wDusKXNKc3TS7Zrv84EAZES5hvHRHK88D8kME+YTjRp
o1TG7jScobEGTI/GKoUB9G/gyC0sYIAutoRc5JjvdYYnfDF1oijfQwFoUJGqgauG
5tFJdUNzlWE=
=NPlD
-----END PGP SIGNATURE-----




From Seth.Morris at lambada.oit.unc.edu  Tue Feb 22 23:00:37 1994
From: Seth.Morris at lambada.oit.unc.edu (Seth Morris)
Date: Tue, 22 Feb 94 23:00:37 PST
Subject: Education needed, but what specifics?
In-Reply-To: <no.id>
Message-ID: <9402230700.AA19126@lambada.oit.unc.edu>


> Seth Morris writes :
> > 
> >  For some time now, I have been kicking around ideas for games related to
> > crypto, and I have decided that it may be an excellent education/propoganda
> > tool.
> 
> Interesting.. Interesting..
> 
> > 
> >  Perhaps the game should make frequent mention of PGP, RSA, Chaum and
> > other sources in the literature (a door with a bibliography!)?
> 
> Getting better...
> 
> > 
> Whoa... is this thing supposed to be a *game*, or a training school for 
> net.guerilla.warfare? I may be a minority of one, but I'm not going to
 Point well made, and I did allude to the possibility that some would see
it as that (although I think I was unclear about specifics, I had nothing
actually _training_ like in mind certainly!). This is to be a game,
primary emphasis on fun. I find that I learn best when I'm having fun,
and my experience with rpg's and wargames has been that I think about
the implications and inspirations for the games I play.
 (Has anyone else read the story about the USG using games to manipulate the
voters? Where they make a voting game to increase turnout in a manner
similar to Monopoly's supposed influence on people during the depression?)

> risk *anything* by trying to hack mail systems, trace their logs, or 
> spoof. Quite frankly, I can't be bothered - apart from a sort of 'James 
> Bond' thrill, that sort of thing has no appeal whatsoever. Hopefully, I'm
> just missing the point here, but I wonder how smart it is to advocate
> 'hacking net services' in a game that is supposed to introduce people to
 Understyood, and agreed. All simulation, not like reality. I haven't ever
commited such silliness myself (part of why I'm asking for ideas), and I
see no reason for anyone else to.

> strong crypto. Although it might not be very thrilling, my hope is that 
> Mom and Pop Citizen will one day use PGP (or <insert-favorite-crypto-here>)
> on their routine e-mail - they may never know or care about telnetting to
> port Q-47, and I don't think that matters much. Be careful with the game;
> don't overemphasize the cloak-and-dagger to the point that Average Citizen
> gets spooked off strong crypto.
 I'm hoping that the game would emphasize that anyone could _need_
strong crypto, and anonymity, and digital cash, etc. Also that understanding
your network makes you and everyone else safer.
 
> Don't take this as flame-bait, please; this just posting just hit me at
> the right time to provoke a philosophical outburst. While it is fun for 
> the cypherpunks to skulk around and spoof each other, we must not lose 
> sight of a large segment of our intended audience - namely, those people
> who might hop on the strong crypto bandwagon so long as the 'skullduggery'
> factor does not get too high. I think there is a large market for crypto
> services that is completely detached from the 'full blown' cypherpunk 
> agenda of anonymity, remailers, untraceability, etc. 

 Have you played the game "Neuromancer" based on Wm Gibson's novel? My
thought all the while reading the book was that it's make a better game than 
novel, and I was right. The game focuses on finding and infiltrating
systems on the net with emphasis on tracking financial transactions and
reaching secure(?) meeting places with other net underworld figures.
 The game was immensely popular, and could have used more "puzzle-like"
elements, more data presented to the player, and an interactive option.
 That is more like what I'm proposing. 

 The players I know of BBS door games in Tucson, Arizona (where I'm
located physically), would like to see more control than would make
the game "friendly." Understanding that their sysadmin can follow the
sendmail logs might encourage users to use crypto on their mail, and
use remailers (even non-anonymous remailers, just designed to take
the tracking away from their own sysadmin and put it with one they
have CHOSEN to trust). I know a lolt of sysops, and you'd be surprised
how much email is read.
 Also, if more people are thinking about didgital cash, anonymity, 
encryption, and the lack of proivacy they have (and how public their
lives may become if governments/corporations/"unfriendlies" of all types
were the ones controlling information entirely vis a vis clipper, 
storuies of sysops reading mail, stories of corporations reading
mail, stories of operators listening in on phone calls, ...), the
more solutions will emerge, and the more prepared the  people already using
computers to exchange ideas will be when confronted with the options
that take away privacy as opposed to those which enhance it.

 Perhaps I should send you a plan of what I'm thinking? Storyboards? I do
**NOT** want to be seen as suggetsing/writing a manual on net.warfare,
but the cyberpunk novels are already pretty closeto  to what I'm thinking
of and without presenting real dangers, I don't know how to suggest people use
real solutions. Any suggestions are greatly appreciated.

 (Glad I didn't mention the proto idea of having users use hunter-killer
viruses... that'd get me in trouble!)

 I appreciate criticism. Disagreement isn't flamage. Indignation isn't
necessarily ad hominem. Please help me prepare a concept that won't
cause these reactions in the non cypherpunks-friendly communities.
 Ideally, the abstract for the gam,e shouldn't raise too many eyebrows
in comp.virus, talk.politics.crypto, or anywhere else.
 It certainly should be something sysops would be willing to use.

 Seth Morris (Seth.Morris at LaUNChpad.unc.edu)





From vast0001 at gold.tc.umn.edu  Tue Feb 22 23:30:48 1994
From: vast0001 at gold.tc.umn.edu (Brian H Vastag-1)
Date: Tue, 22 Feb 94 23:30:48 PST
Subject: Disinformation
In-Reply-To: <9402230240.AA01419@pilot.njin.net>
Message-ID: <Pine.3.05.9402230143.A27626-a100000@gold.tc.umn.edu>




On Tue, 22 Feb 1994, Frederic Halper wrote:

> I feel that in the present situation with the Clipper chip, the ends justifies t
> he means.  If Clipper is widely implemented it will affect the development of th
> e "Information Super Highway" for years to come.  What Jim Miller sayts about ly
> ing about Clipper is true.  But, what if that is the only way to open peoples eyes?  Any means neccesary is the ONLY way to a victory in this case.  you can't truly believe that the government is inly going to implement Clipper on a "voluntary" basis?
> Reuben Halper


How will the development of the Clipper hamper the info-supe-hi? And what
is the info-super-hiway anyway, eh?


(insert ego)








From farber at central.cis.upenn.edu  Tue Feb 22 20:51:13 1994
From: farber at central.cis.upenn.edu (David Farber)
Date: Tue, 22 Feb 1994 23:51:13 -0500
Subject: Another Brick in the Wall
Message-ID: <199402230451.XAA28396@linc.cis.upenn.edu>


CyberWire Dispatch//Copyright (c) 1994

Jacking in from Another Brick in the Wall Port:

Washington, DC -- The White House is being heavily lobbied by law
enforcement agencies and national intelligence agencies to make the use of
the government designed Clipper Chip mandatory in telephones, fax machines
and cable systems, according to classified documents obtained by Dispatch.

When the Administration announced on February 4th that it was endorsing
the controversial Clipper Chip program, it asserted that any use of the
chip would be voluntary.  But the White House carefully hedged its bet:
Buried deep in the background briefing papers that accompanied the
announcement was the Administration's official policy that U.S. citizens
weren't guaranteed any constitutional right to choose their own encryption
technologies.

Government officials have brushed aside concerns from civil liberties
groups and privacy advocates that sporadic adoption of Clipper would
eventually spawn a mandatory use policy.  To try and forestall that,
however, the government has instituted a subtle coercion tactic: You can't
do business with Uncle Sam unless your products are "clipper equipped,"
according to National Institute for Standards and Technology Assistant
Deputy Director Raymond Kammer.

The Administration's desire for industry to sign-on as an early Clipper
"team player" was so overwhelming that it bribed AT&T into agreeing to
publicly support the idea, according to classified documents obtained by
Dispatch.

On the same day last April when Clipper was first unveiled, AT&T publicly
proclaimed it would be installing the chip in its encryption products.  A
classified April 30, 1993 memo from the Assistant Secretary of Defense
says: "[T]he President has directed that the Attorney General request that
manufacturers of communications hardware use the trapdoor chip, and at
least AT&T has been reported willing to do so (having been suitably
incentivised by promises of Government purchases)."

The government says "incentivised" while prosecuting attorney's all over
the country say, "bribed."  You make the call.

Take Your Privacy and Shove It
==============================

That same memo says the Clipper proposal is a "complex set of issues [that]
places the public's right to privacy in opposition to the public's desire
for safety."  If "privacy prevails... criminals and spies... consequently
prosper," the memo says.

What's the answer to such freeflowing privacy?  The memo says law
enforcement and national security agencies "propose that cryptography be
made available and required which contains a 'trapdoor' that would allow
law enforcement and national security officials, under proper supervision,
to decrypt enciphered communications."  The operative word here is
"required."

Two Track Dialog
================

While Clinton's policy wonks wring their hands over such issues as
universal access to the National Information Infrastructure, law
enforcement and national security officials couldn't care less, frankly.
The Working Group on Privacy for the Information Infrastructure Task Force
was told in clean, cold language that the desire of law enforcement is to
"front load" the NII with "intercept technologies."  Under the guise of "do
it now or we'll catch less bad guys."

It's all black or white to these guys.  Other classified Dept. of Defense
documents chime on this debate:  "This worthy goal (of building the NII) is
independent of arguments as to whether or not law enforcement and national
security officials will be able to read at will traffic passing along the
information superhighway."

This is not science fiction.  The Clipper chip is like a cancer that has
eaten into the fabric of all levels of government, including the military.
Classified DoD documents state that a "full-scale public debate is needed
to ascertain the wishes of U.S. citizens with regard to their privacy, and
the impact on public safety of preserving privacy at the expense of
wiretapping and communications intercept capabilities of law enforcement
and national security personnel."

In other words, they don't think you know what you want.  To them, it's a
kind of tradeoff, a twisted sort of privacy auction.  What do you bid?
Your privacy for two drug lords, a former KGB spy and a pedophile.  What's
the price?  Your government wants to know. Honest.

The jury's still out, according to these classified documents: "It is not
clear what the public will decide."

But you can rest safely, the Pentagon does.  Why?  Again from a secret
memo:  "In the meantime, DoD has trapdoor technology and the Government is
proceeding with development of the processes needed to apply that
technology in order to maintain the capability to perform licit intercept
of communications in support of law enforcement and national security."

Meeks out...











From Rolf.Michelsen at delab.sintef.no  Wed Feb 23 00:01:05 1994
From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen)
Date: Wed, 23 Feb 94 00:01:05 PST
Subject: Disinformation (or the Truth?) About Clipper
In-Reply-To: <199402222138.NAA14229@mail.netcom.com>
Message-ID: <Pine.3.88.9402230852.B18236-0100000@pluto.er.sintef.no>


On Tue, 22 Feb 1994, Timothy C. May wrote:

[Much stuff deleted...]

> - foreigners...I get a real rise our of my overseas friends when I
> tell them what the National Security Agency has planned for them.
> 
> (By the way, I've seen little discussion here of the fact that the
> Germans, French, and NATO nations in general seem to be signing on for
> some version of the Clipper system. I can provided details if there's
> interest. In all the debate a few weeks ago about whether Germany is
> more or less free than America, it was left out that Germany is about
> to roll back certain Constitutional freedoms and explicity allow more
> surveillance. We should not be pushing our German or European list
> members (a la Hadmut Danisch) into defending their countries--rather,
> they need to fight the fight as well. In fact, more Cypherpunks need
> to be recruited in Europe, which shows many signs of slipping back
> into a Surveillance State, with barely a whimper of public outcry.)

Yes, there is an interest.  Please provide whatever information you have 
on "European Clipperism".  I haven't seen any discussion or reports on 
any such initiatives in Norwegian media.  I suppose that there isn't a 
"critical mass" of interested people in small countries like Norway for 
these issues.  There has been one attempt by one Norwegian party 
(Venstre) to raise questions on personal privacy issues, but without any 
success.  (This party has been out of parlament for a while and has some 
trouble getting heard.)

Work has been done by official Norwegian agencies to develop a National 
Encryption Standard (NSK).  The result of this work is a classified 
algorithm and a chip which implements it, much like the Clipper 
initiative.  There was also a suggestion about something like a key escrow 
system, but this seems to have been dropped.  NSK has had some press 
coverage, most notably in a left-wing paper (Klassekampen) and Computerworld 
Norway.

In a speech held by one of the organizers of the NSK project some two 
years ago, it was indicated that NSK was developed partly to assure 
Norwegian control of the algorithm and independence of foreign algorithms.

Could other Europeans provide information on similar activities in other 
countries??

By the way, I agree with those who oppose disinformation on Clipper and 
related issues.  Such strategies will likely hit you like a boomerang.  
The clarification by TCM on what he meant by "disinformation" was 
welcome.  I, and it seems others who opposed the disinformation strategy, 
understand this world differently than TCM.


-- Rolf




----------------------------------------------------------------------
Rolf Michelsen         Phone:  +47 73 59 87 33
SINTEF DELAB           Email:  rolf.michelsen at delab.sintef.no
7034 Trondheim         Office: C339
Norway
----------------------------------------------------------------------







From nobody at shell.portal.com  Wed Feb 23 01:53:07 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Wed, 23 Feb 94 01:53:07 PST
Subject: Millions Said Paid to CIA Spy
Message-ID: <199402230953.BAA03812@jobe.shell.portal.com>


AP 02/23 00:31 EST
Millions Said Paid To CIA Spy
Copyright 1994. The Associated Press. All Rights Reserved.

   WASHINGTON (AP) -- The KGB develops a mole in the top ranks of the
CIA, state secrets are spilled, double agents are fingered, million-
dollar payoffs are made, and FBI agents skulk through a suspect's
household trash to find clues.
   And that's just the opening chapter in one of the biggest espionage
cases in CIA history.
   The Justice Department on Tuesday charged Aldrich Hazen Ames and
his wife, Rosario, with conspiracy to commit espionage. Ames, a 31-
year CIA veteran and former senior Soviet counterintelligence officer,
is accused of selling U.S. national security secrets to Moscow for
eight years starting in 1985. 
   A federal magistrate ordered the Ameses held without bail until a
hearing on Friday. If convicted on the conspiracy charge, they could
face life in prison. Neither of them spoke to reporters when they left
the magistrate's office. 
   President Clinton called the case a "very serious" breach of U.S.
national security. 
   Sources familiar with Ames' CIA career said he compromised more
than one Soviet double agent, including a KGB counterintelligence
investigations officer -- code named GTPROLOGUE -- who was feeding
information to the CIA. 
   Ames had access to vast amounts of classified information at the
CIA. And because during at least part of his long CIA career he
specialized in recruiting Soviet officials and intelligence officers
as spies, he would have been able to disclose to the Soviets the
identities of CIA agents inside the Soviet Union. 
   The Justice Department wrote in an affidavit released Tuesday that
Ames, 52, began spying for the Soviets in 1985 at a time when he was
the chief of the Soviet Counterintelligence Branch in the CIA's
Soviet-East European Division. He is accused of continuing his
espionage until his arrest on Monday. 
   Ames' wife, Rosario, 41, is a part-time student at Georgetown
University. The affidavit said she was a paid informant for the CIA
from about April-December 1983 while serving as a cultural attache in
Mexico City. Ames met her while working for the CIA in Mexico City
from 1981-83. They were married in 1985. They have a young son. 
   William Rhoads, who lives across the street from the Ames home in a
well-to-do section of suburban Arlington, Va., told reporters Tuesday
that they seemed an unexceptional couple who appeared to have income
beyond Ames' government job. 
   Indeed, the Ameses spent money at an extraordinary clip, yet they
apparently raised few if any suspicions by paying cash for the
$540,000 Arlington home in 1989 when he was transferred to Washington
from a CIA post in Rome. 
   His CIA job paid $69,000 a year. 
   Court documents said they also spent $99,000 on improvements to the
house through July 1993 and $7,000 on furniture in the first four
months they owned the house. 
   They also spent $25,000 toward the purchase of a Jaguar automobile
in January 1992, $19,500 on a new 1989 Honda, $165,000 on stocks and
securities from 1985-93, and put an average of more than $500 a month
on credit cards over that eight-year period. 
   The court documents also said that from 1986 through 1993, the
Ameses transferred by wire -- mostly from Credit Suisse bank accounts
in Switzerland -- more than $1 million to their Dominion Bank of
Virginia accounts. They deposited an additional $487,100 in cash in
various local accounts from 1985-93. 
   "This investigation has determined that none of this $1,538,685,
consisting of the wire and cash deposits, was derived from any salary
checks of the CIA payable to Aldrich Ames," the affidavit said. 
   The couple also own two condominium apartments and a farm in
Colombia, the records said, and large sums of money were sent to
Colombia by Ames to maintain those holdings. 
   The Colombia connection figures prominently in the Ames case.
Besides the fact that Rosario Ames was born in Colombia and was
working in the Colombian Embassy when she met Aldrich Ames, he also
apparently met Soviet contacts there at least once. 
   The affidavit said U.S. investigators believe Ames received a cash
payment from the Russian foreign intelligence service during a meeting
in Bogota in November 1993. 





From smb at research.att.com  Wed Feb 23 04:09:12 1994
From: smb at research.att.com (smb at research.att.com)
Date: Wed, 23 Feb 94 04:09:12 PST
Subject: Disinformation
Message-ID: <9402231209.AA06064@toad.com>


	 How will the development of the Clipper hamper the info-supe-hi?
	 And what is the info-super-hiway anyway, eh?

I'll leave out the buzzwords -- but Clipper will definitely hamper the
deployment of good networks.  Encryption is a vital tool for network
management and authentication, even apart from privacy considerations.
But Clipper is of necessity hardware-only, which means that most
current platforms will never support it, and few future ones will
actually have it, whether they're capable of it or not.  And on many
important boxes -- routers, for example -- just leaving room for
Clipper on the boards will be expensive.

We have the following dilemma:  DES isn't exportable, Clipper isn't
suitable, and lots of foreign governments won't allow it in anyway, I
suspect.  How is one supposed to do authentication on a global
Internet?


		--Steve Bellovin





From wex at media.mit.edu  Wed Feb 23 05:50:30 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Wed, 23 Feb 94 05:50:30 PST
Subject: Bet it's not encrypted...
Message-ID: <9402231350.AA18555@media.mit.edu>


[The following was snipped from EDUPAGE, the online summary service.  Anyone
have access to more information?  --AW]


AND OPTICAL FINGERPRINTS. The National Registry uses an optical scanning
technology to create and compare digital maps of the finger surface. The
map can be converted to a modified bar code for inclusion on a wallet ID
card. The information can also be encoded on circuitry inside a credit or
debit card. (Tampa Tribune 2/20/94 B&F1)





From rondavis at datawatch.com  Wed Feb 23 06:23:37 1994
From: rondavis at datawatch.com (Ron Davis)
Date: Wed, 23 Feb 94 06:23:37 PST
Subject: Mac encryption
Message-ID: <9402230923.aa14077@gateway.datawatch.com>


>> What is everyones opinion of the best encryption software forthe Mac?
>> Frederic Halper
>> fhalper at pilot.njin.net
>
>MacPGP, available by anonymous ftp from the soda.berkeley.edu site, is
>the only one I know of using public key methods, and hence the only
>one of real interest to Cypherpunks.

        I find this to be a strange statement.  Do we have no interest
        in non-public key methods?  Seems the Cypherpunks should have
        an interest in all forms of crypto.  Most users don't currently
        use public key becuase they just want to keep thier boss from
        sitting down at thier computer and reading the resumes they wrote
        for other companies.  This can be accomplished with symetrical
        crypto just as well, if not faster than PGP.

>Commerical products (like the various "Kent Marsh" products) are
>mostly DES-or-weaker and are oriented toward local file protection.
>(MacPGP will do that, too, of course).

        Cryptomatic does come with Triple DES which is still a very
        strong method.

        Unfortunatly MacPGP's biggest draw back is that its interface
        is poor and it is hard to use.  There is also MacRIPEM which is
        written by Raymond Lau, author of Stuffit, and is much easier to
        use, but weaker than PGP (but legal).

>
>About six or seven years ago I bought "Sentinel," from SuperMac, and
>used it a few times. The problems were obvious: lack of other users
>(so my friends couldn't receive or send), and the symmetric cipher
>nature (we had to share keys for a message). Public key systems based
>on PGP have solved both problems (though problems of convenience
>remain).
>
        Can't stop without mentioning that my company make a product
        called Citadel which does DES encryption.

___________________________________________________________________________
"I want to know God's thoughts...the rest are details."
                                           -- Albert Einstein
_________________________________________
Ron Davis                                  rondavis at datawatch.com       
Datawatch, Research Triangle Park, NC      (919)549-0711






From dmandl at lehman.com  Wed Feb 23 06:41:41 1994
From: dmandl at lehman.com (David Mandl)
Date: Wed, 23 Feb 94 06:41:41 PST
Subject: Mac encryption
Message-ID: <9402231441.AA26891@disvnm2.lehman.com>


> From: Ron Davis <rondavis at datawatch.com>
> 
> >> What is everyones opinion of the best encryption software forthe Mac?
> >> Frederic Halper
> >> fhalper at pilot.njin.net
> >
> >MacPGP, available by anonymous ftp from the soda.berkeley.edu site, is
> >the only one I know of using public key methods, and hence the only
> >one of real interest to Cypherpunks.
> 
>         I find this to be a strange statement.  Do we have no interest
>         in non-public key methods?  Seems the Cypherpunks should have
>         an interest in all forms of crypto.  Most users don't currently
>         use public key becuase they just want to keep thier boss from
>         sitting down at thier computer and reading the resumes they wrote
>         for other companies.  This can be accomplished with symetrical
>         crypto just as well, if not faster than PGP.

Cypherpunks do have an interest in all forms of crypto, but there are
very good reasons why public key is more desirable than symmetric for "our
purposes."  This is at the very root of the crypto revolution and the
cypherpunk ethos.  Have you done the basic reading?  (That's a serious
question, not sarcasm.)

PGP _does_ symmetric crypto.

> >Commerical products (like the various "Kent Marsh" products) are
> >mostly DES-or-weaker and are oriented toward local file protection.
> >(MacPGP will do that, too, of course).
> 
>         Cryptomatic does come with Triple DES which is still a very
>         strong method.

And MacPGP comes with IDEA, which is at least as strong (as far as we know).
And of course, it does all the public-key encryption and key-management as
well.  A pretty incredible package, considering its size and cost.

>         Unfortunatly MacPGP's biggest draw back is that its interface
>         is poor and it is hard to use.

I disagree.

>         Can't stop without mentioning that my company make a product
>         called Citadel which does DES encryption.

Hmmm...

   --Dave.





From mnemonic at eff.org  Wed Feb 23 07:00:55 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Wed, 23 Feb 94 07:00:55 PST
Subject: Another Brick in the Wall (fwd)
Message-ID: <199402231500.KAA14059@eff.org>


Forwarded message:


From matsb at sos.sll.se  Wed Feb 23 08:10:15 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Wed, 23 Feb 94 08:10:15 PST
Subject: Disinformation (or the Truth?) About Clipper
In-Reply-To: <199402222138.NAA14229@mail.netcom.com>
Message-ID: <Pine.3.85.9402231621.A11314-0100000@cor.sos.sll.se>




On Tue, 22 Feb 1994, Timothy C. May wrote:

> By the way, I've seen little discussion here of the fact that the
> Germans, French, and NATO nations in general seem to be signing on for
> some version of the Clipper system. I can provided details if there's
> interest. 

Please do! Anything about Sweden? I saw some message a few days back 
mentioning that .uk and .se allegedly had applied for Country Family 
Keys. My first thaught was that this belonged to the disinformation 
campaign... There has been zero public information about that here.

//Mats






From geoffw at nexsys.net  Wed Feb 23 08:12:30 1994
From: geoffw at nexsys.net (Geoff White)
Date: Wed, 23 Feb 94 08:12:30 PST
Subject: Disinformation (or the Truth?) About Clipper
Message-ID: <199402231611.IAA02291@nexsys.nexsys.net>


> Phil Karn says:
> > >The idea of a disinformation campaign to oppose Clipper really bothers me.  
> > >Isn't the true about Clipper damning enough?  Lying about Clipper seems like
> > 
> > I agree completely. Telling the truth is all that's necessary.

You know, I'm a person that rarely lies, I don't lie to aquaintances
let alone friends, but in this regard I think I have to side with Tim.
We don't have the time or money to flood the media with the truth,  this
thing has to be STOPPED by any means necessary, The truth will surface
one way or the other, It will surface when it is too late and we are all
in jail for using illegal crypto, or it will surface when Clipper is finally
derailed and the nation/industrialized world is free to be able to have
the truth known.


	"THINK, It ain't illegal... yet." - George Clinton





From rondavis at datawatch.com  Wed Feb 23 08:19:23 1994
From: rondavis at datawatch.com (Ron Davis)
Date: Wed, 23 Feb 94 08:19:23 PST
Subject: Mac encryption
Message-ID: <9402231118.aa14357@gateway.datawatch.com>


>Cypherpunks do have an interest in all forms of crypto, but there are
>very good reasons why public key is more desirable than symmetric for "our
>purposes."  This is at the very root of the crypto revolution and the
>cypherpunk ethos.  Have you done the basic reading?  (That's a serious
>question, not sarcasm.)

        Depends on what the required reading list for this group is.
        I thought that our purposes were to promote the privacy of
        individuals through the use of cryptography.  This can be done
        in the contexts I talked about with symmetric as well as PK crypto.

        Maybe I have the wrong idea about "our purposes", please correct me
        if I'm wrong.


>PGP _does_ symmetric crypto.

>And MacPGP comes with IDEA, which is at least as strong (as far as we know).

        Rumor has it that Kent Marsh is working on an IDEA module for 
        thier products as well.

>And of course, it does all the public-key encryption and key-management as
>well.  A pretty incredible package, considering its size and cost.

        You're right its free.  If something is free you can't really complain
        about it.  If it does anything its a bargan.

>
>>         Unfortunatly MacPGP's biggest draw back is that its interface
>>         is poor and it is hard to use.
>
>I disagree.

        I can live with disagreement.  Of course hopefully you would admit
        that Cryptomactics ability to select a file in the finder, pull down
        a menu and Boom encrypted file is easier than PGP's methods.

___________________________________________________________________________
"I want to know God's thoughts...the rest are details."
                                           -- Albert Einstein
_________________________________________
Ron Davis                                  rondavis at datawatch.com       
Datawatch, Research Triangle Park, NC      (919)549-0711






From cme at sw.stratus.com  Wed Feb 23 08:39:46 1994
From: cme at sw.stratus.com (Carl Ellison)
Date: Wed, 23 Feb 94 08:39:46 PST
Subject: ironic
Message-ID: <199402231639.LAA23361@ellisun.sw.stratus.com>


It's a bit ironic that the Administration is crying foul so loudly
over the Soviet/Russian spy in the CIA -- as if this was unfair --
while they're openly proclaiming the right to spy on citizens
and foreigners via Clipper.

(IMHO) - Carl

 Carl M. Ellison                                        cme at sw.stratus.com
 RIPEM MD5OfPublicKey: 39D9860686A9F075A9A83D49589C677A
 PGP 2.4 Key fingerprint =  E0 41 4C 79 B5 AF 36 75  02 17 BC 1A 57 38 64 78






From lowton at typhon.dra.hmg.gb  Wed Feb 23 08:50:50 1994
From: lowton at typhon.dra.hmg.gb (Andy Lowton)
Date: Wed, 23 Feb 94 08:50:50 PST
Subject: Disinformation (or the truth?) about clipper
Message-ID: <199402231759.QAA02865@typhon.dra.hmg.gb>


Given that this is a public forum, is it a good idea to announce that
you are going to lie about Clipper?  Next time Tim May (for example)
is on a radio prog talking about Clipper, he is wide open to the question
'Why should we believe you? Your group advocates spreading disinformation
doesn't it?'

I agree that this should be fought, but I would be cautious about announcing
tactics like this to the world.

Andy






From dmandl at lehman.com  Wed Feb 23 09:19:13 1994
From: dmandl at lehman.com (David Mandl)
Date: Wed, 23 Feb 94 09:19:13 PST
Subject: Mac encryption
Message-ID: <9402231713.AA28724@disvnm2.lehman.com>


> From: Ron Davis <rondavis at datawatch.com>
> 
> > dmandl at panix.com said:
> >
> >Cypherpunks do have an interest in all forms of crypto, but there are
> >very good reasons why public key is more desirable than symmetric for "our
> >purposes."  This is at the very root of the crypto revolution and the
> >cypherpunk ethos.  Have you done the basic reading?  (That's a serious
> >question, not sarcasm.)
> 
>         Depends on what the required reading list for this group is.
>         I thought that our purposes were to promote the privacy of
>         individuals through the use of cryptography.  This can be done
>         in the contexts I talked about with symmetric as well as PK crypto.

The invention (discovery?) of public-key crypto changed the world, and
makes practical everyday use of crypto infinitely easier.  It also makes
the kinds of specific things cypherpunks are interested in much more
practical (or POSSIBLE).  If you correspond with hundreds of people on a
regular basis, including people you don't know and people you may send
something to once and never deal with again, it is impractical to say the
least to have to generate and exchange keys.  That's the basic argument.
Why was public key crypto invented at all?  Why are people interested in
using it?  Practically, it's really fundamentally different from symmetric
crypto, which is of very limited use in the situation we're all in now
(anonymous communication, the net, quick hit-and-run dissemination of
information, digital signatures, etc., etc.).  PGP also has the "web of
trust" structure built in.  This is worlds away from basic symmetric
crypto.

This is really basic stuff, so I'm hesitant to discuss it on the list.

>         Maybe I have the wrong idea about "our purposes", please correct me
>         if I'm wrong.

If you're relatively new to the list, try to get your hands on some of the
basic cypherpunk material, like tcmay's Crypto-Anarchy manifesto, the
cypherpunk articles in Wired or Whole Earth Review, etc.  There are many
different views represented on the list, but I think we all agree on the
significance and importance of pk crypto.

Symmetric is fine for hiding things from your boss.  PK is intended for
different purposes.

> >And of course, it does all the public-key encryption and key-management as
> >well.  A pretty incredible package, considering its size and cost.
> 
>         You're right its free.  If something is free you can't really complain
>         about it.  If it does anything its a bargan.

I didn't mean to insult PGP by claiming that it's worth the price ($0).  It's
actually worth much more.  I was just saying that for free it's an astounding
deal.

   --Dave.





From tomh at bambi.ccs.fau.edu  Wed Feb 23 09:22:50 1994
From: tomh at bambi.ccs.fau.edu (Tom Holroyd)
Date: Wed, 23 Feb 94 09:22:50 PST
Subject: Clipper
Message-ID: <9402231715.AA10904@bambi.ccs.fau.edu>


If the govt and all its agencies used Clipper for all their communications,
they would be vulnerable to attack from foreign govts that have bought the
keys from spys.  Despite being in escrow, I can't imagine they are really
as secure as everyone seems to think.  If random govt agencies can get the
keys for legal wiretaps, spys will also be able to do so.

Does Clinton have the right to listen in on NSA communication?  If he tried
he might find that they aren't using Clipper internally (or that they keys
aren't in the proper escrow locations).






From galiel at world.std.com  Wed Feb 23 09:32:44 1994
From: galiel at world.std.com (David Galiel)
Date: Wed, 23 Feb 94 09:32:44 PST
Subject: Disinformation
In-Reply-To: <9402230240.AA01419@pilot.njin.net>
Message-ID: <Pine.3.89.9402231256.A3252-0100000@world.std.com>



I'm new to this list, but not to the issues discussed.
As far as "the ends justifying the means" - jeez, have'nt we all learned 
*anything* yet? I spent 4 years in the Israeli army witnessing all manner 
of atrocities commited (on both sides) in the name of lofty, noble goals.
The first victim of oppression is always the truth - lets not play into 
their hands. If our anti-Crapper-Chip case is strong enough on it's 
merits (and we all obviously believe it is), then we only weaken 
ourselves by resorting to disinformation. "They" will always lie more 
artfully than we can - it's how they got elected in the first place. it's 
what they do for a living. Have a little more faith in the truth, don't 
sell out.

Flout 'em and scout 'em -- and scout 'em and flout 'em;
Thought is free.
			-- Shakespeare

On Tue, 22 Feb 1994, Frederic Halper wrote:

> Jim Miller wrote:
> The idea of a disinformation campaign to oppose Clipper really bothers me.
> Isn't the true about Clipper damning enough?  Lying about Clipper seems like
> moral and ethical surrender.  I agree that lying can produce favorable results,
>  
> but I'm not willing to stoop to that level.  If the anti-Clipper people (and I
> count myself one of them) can't defeat Clipper with the truth, this tells me
> the world is so fucked up it deserves Clipper and Capstone in every machine on.
> 
> I feel that in the present situation with the Clipper chip, the ends justifies t
> he means.  If Clipper is widely implemented it will affect the development of th
> e "Information Super Highway" for years to come.  What Jim Miller sayts about ly
> ing about Clipper is true.  But, what if that is the only way to open peoples eyes?  Any means neccesary is the ONLY way to a victory in this case.  you can't truly believe that the government is inly going to implement Clipper on a "voluntary" basis?
> Reuben Halper
> -Anger is a gift- Rage against the machine/Freedom
> P.S.  Did anyone read the article in Covert action a couple months back on Clipper, it was very well done.
> 





From rondavis at datawatch.com  Wed Feb 23 09:38:57 1994
From: rondavis at datawatch.com (Ron Davis)
Date: Wed, 23 Feb 94 09:38:57 PST
Subject: Mac encryption
Message-ID: <9402231237.aa14589@gateway.datawatch.com>


>> From: Ron Davis <rondavis at datawatch.com>
>The invention (discovery?) of public-key crypto changed the world, and
>makes practical everyday use of crypto infinitely easier.  It also makes
>the kinds of specific things cypherpunks are interested in much more
>practical (or POSSIBLE).  If you correspond with hundreds of people on a
>regular basis, including people you don't know and people you may send
>something to once and never deal with again, it is impractical to say the
>least to have to generate and exchange keys.  That's the basic argument.
>Why was public key crypto invented at all?  Why are people interested in
>using it?  Practically, it's really fundamentally different from symmetric
>crypto, which is of very limited use in the situation we're all in now
>(anonymous communication, the net, quick hit-and-run dissemination of
>information, digital signatures, etc., etc.).  PGP also has the "web of
>trust" structure built in.  This is worlds away from basic symmetric
>crypto.
>
>This is really basic stuff, so I'm hesitant to discuss it on the list.

        I wasn't saying that PK wasn't important, or the most important.
        I agree it is a great thing.  I was just saying that I thought
        cypherpunks was also about non-PK crypto.  I also ventured to think
        it wasn't just about PGP, but all crypto used for purposes of
        insuring individual freedom and privacy.
        

>>         Maybe I have the wrong idea about "our purposes", please correct me
>>         if I'm wrong.
>
>If you're relatively new to the list, try to get your hands on some of the
>basic cypherpunk material, like tcmay's Crypto-Anarchy manifesto, the
>cypherpunk articles in Wired or Whole Earth Review, etc.  There are many
>different views represented on the list, but I think we all agree on the
>significance and importance of pk crypto.

        I read the Wired article.  I've also read the FAQ.  Missed May's
        manifesto is it available via ftp?

>
>Symmetric is fine for hiding things from your boss.  PK is intended for
>different purposes.

        But isn't hiding things from your boss important in the
        cypherpunks worldview, even if people choose not to use
        PGP?

        Seems to me that the fact is many, if not most, people will
        not use PGP because of is outlaw status.  Many of us are attracted
        to it because of that, but many people aren't.  We can still
        advocate methods that people are comforatable with that will
        further our goals.

        If I'm wrong about the very basics of the list, then I guess this
        discussion is good, because I've been around for a couple of months
        at least and this is the idea I got.
___________________________________________________________________________
"I want to know God's thoughts...the rest are details."
                                           -- Albert Einstein
_________________________________________
Ron Davis                                  rondavis at datawatch.com       
Datawatch, Research Triangle Park, NC      (919)549-0711






From tcmay at netcom.com  Wed Feb 23 09:56:07 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 23 Feb 94 09:56:07 PST
Subject: Mac encryption
In-Reply-To: <9402230923.aa14077@gateway.datawatch.com>
Message-ID: <199402231756.JAA26289@netcom9.netcom.com>


Ron Davis writes:

(quoting me)

> >MacPGP, available by anonymous ftp from the soda.berkeley.edu site, is
> >the only one I know of using public key methods, and hence the only
> >one of real interest to Cypherpunks.
> 
>         I find this to be a strange statement.  Do we have no interest
>         in non-public key methods?  Seems the Cypherpunks should have
>         an interest in all forms of crypto.  Most users don't currently
>         use public key becuase they just want to keep thier boss from
>         sitting down at thier computer and reading the resumes they wrote
>         for other companies.  This can be accomplished with symetrical
>         crypto just as well, if not faster than PGP.

The problem with symmetrical ciphers is one of *scaling*.

Since a key must be exchanged with each other person, the total number
of keys growns rapidly as the community of participants increases. At
any stage, the key may be lost, stolen, observed, shared with the
Feds, etc. A community of 700 participants, as here on Cypherpunks,
would mean each person would have to generate, exchange (securely!),
and store 700 specific keys for use just with others.

This is the famed "key distribution problem."

With public key methods, this problem is largely solved. Each person
can generate his or her own key, publish the public key part of it,
and be done with it.

More than just for secure 2-way communications, this opens the door
for all the other applications Cypherpunks are so interested in.
Symmetric ciphers likek DES or IDEA just don't offer that richness.

(Symmetric ciphers are of course often embedded in public key
protocols, as with using RSA to protect DES session keys. In this
case, the cumbersome problems of key distribution are avoided, and the
speed advantages of symmetric ciphers are obtained.)

I haven't said Cypherpunks should avoid symmetric ciphers, just that
they produce little of the revolution in communication and commerce
that interests us so much.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From fhalper at pilot.njin.net  Wed Feb 23 11:49:26 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Wed, 23 Feb 94 11:49:26 PST
Subject: Disinformation
Message-ID: <9402231949.AA12937@pilot.njin.net>


The Net is growing rapidly.  As it grows it will become more signifigant in our
world(transaction of digital cash, etc.)  Security will become more of a neccesi
ty(lets face it MOST people don't need encryption)  If Clipper is widely impleme
nted
(be it voluntary or forced) people will be looking over their shoulders and righ
tfully so.  Also, i feel that the structure of the Internet is likely to change(
It's present structure is not a good base to build on) when the cahnge occurs do
n't you think
Clipper is going to become the "standard."
Reuben Halper
-anger is a gift-  rage against the machine/freedom





From tcmay at netcom.com  Wed Feb 23 11:50:25 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 23 Feb 94 11:50:25 PST
Subject: Digitally Signing Physical Objects
In-Reply-To: <9402231350.AA18555@media.mit.edu>
Message-ID: <199402231950.LAA08510@netcom9.netcom.com>


[In this post I'll explore an interesting use of P-K methods to allow
physical objects to be digitally signed.]


Alan (wex at media.mit.edu) forwards to us a clipping and bets that no
encryption is used:

> [The following was snipped from EDUPAGE, the online summary service.  Anyone
> have access to more information?  --AW]
> 
> 
> AND OPTICAL FINGERPRINTS. The National Registry uses an optical scanning
> technology to create and compare digital maps of the finger surface. The
> map can be converted to a modified bar code for inclusion on a wallet ID
> card. The information can also be encoded on circuitry inside a credit or
> debit card. (Tampa Tribune 2/20/94 B&F1)

I'm not familiar with this, but I'll bet public key crypto is used. Or
it certainly _could_ be used. How it could be used is an interesting
example of using public key methods for authentication.

So, even if these National Registry folks are not using P-K crypto,
here's an example of how this could work:

Imagine that one has a object--a fingerprint, a photograph, a dollar
bill, a factory-made automobile part--which one wants to "sign," to
protect against forgery. (The application to manufactured goods is
obvious: lower-quality parts are often made by forgers and sold as
factory parts. The counterfeiting application is also obvious. Ditto
for the photo, even with digital scanning....for reasons that will
become clearer. The application to fingerprints I'll leave for you to
think about.)

Call this thing "the original object." It will have variations in
surface appearance (or deeper, in principle, but I'll just stick to
surface features). For example:

- dollar bills: variations in paper fibers, in flecks of particles, in
surface roughness, etc.

- auto parts: scratches and tool marks on smooth surfaces, metal
grains, etc.

- fingerprints: whorls

- photos: grains will vary from photo to photo

How can one "sign" these objects in an unforgeable way?

1. Scan some part of the object, e.g., a linescan between two
reference points. An intensity variation of reflected light, for
example, will produce a vector of intensity variations.

(What resolution, how many points taken, the location of reference
marks, etc, are all details of vendor implementation.)

2. Take this feature vector and encrypt it to the *private* key of the
factory or other authenticating agent. The resulting number is stamped
on the object.

(In the case of "Light Signatures," an L.A.-based company which was
proposing this scheme several years ago, the manufacturer of parts
would stamp the resulting number on the finished part--and perhaps
include it with the paperwork for the part. Harley-Davidson was
supposedly considering the use of this, as they were having big
problems with counterfeit replacement parts. Jim Omura, Presidende of
Cylink, a Public Key Partner, told me this in 1988. I haven't heard
any more about "Light Signatures.")

3. The shop or customer wishing to authenticate the part takes the
number stamped on the part, runs it through the *public* key of the
manufacturer (widely available, not kept secret, of course) and gets
back the feature vector, which he can then compare to what he actually
sees on the object.

(This clearly requires similar hardware to what was originally used by
the manufacturer. And some tolerance for variations in intensity
caused by equipment variations, wear, new scratches, etc., is needed.
Not a really big problem, fortunately. You can fill in the details of
what would be needed for fingerprints, for phots, for lottery tickets,
for currency, etc.)

4. A would-be forger cannot generate a "digital object signature" that
correctly decrypts through the published public key. 

Thus, the manufacturer or authenticator (whoever knows the private key
corresponding to the public key) can "sign" his work and no one else
can.

This has obvious applications for authenticating paintings, original
photographs (physical photos, not digital ones!), money, objects, etc.
Anything in which natural variations can be converted into a
very-hard-to-duplicate feature vector.

This issue is also related to "is-a-person" credentialling in various
ways. One might imagine Big Brother issuing ID cards in which
fingerprints, retinal scans, facial features, etc., are encrypted with
a private key. Any local cop or "checkpoint" (border, random stops,
whatever) could then do the authentication locally.

As with other uses of public key encryption--in contrast to symmetric
ciphers, as we discussed earlier today--the private key is held safely
and securely (presumably) and the field users don't run the risk of
compromising security.

I've wondered why this technology has not appeared in the six years
since I first heard about it. Seems like a wonderful market niche.

And I wonder how this fits in with Clipper and Capstone. After all, if
the government holds escrowed digital signature keys as well, they
could forge these items as well. Maybe that's what they want.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jim at bilbo.suite.com  Wed Feb 23 12:22:10 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Wed, 23 Feb 94 12:22:10 PST
Subject: Disinformation (or the Truth?) About Clipper
Message-ID: <9402232015.AA01702@bilbo.suite.com>



Tim May writes:

> My use of the term "disinformation" seems to have taken on
> a life of its own as "lying," with several posters saying
> that the truth is best, that lying is bad, and that if we
> have to lie we deserve to have Clipper and Capstone!
>
> What I urge--and others are free to do as they wish--is to
> "educate" people by describing to them the implications
> as we see them. That is, we who have thought about Clipper
> and have seen past government depredations and abuses,
> have seen from the beginning how Clipper is likely to be
> abused, how the very concept of key escrow is anathema to
> basic rights, how Clipper and its Big Brethren (I just
> coined this) are likely to be made mandatory, etc. We see
> truth, not the charade of "voluntarism" and the "social
> need" cited by the authorities. 

> 


I'm quite satisfied with this clarification (as if it matters to any  
but me).

Still, I believe labeling your efforts a "disinformation campaign"  
was a mistake.  It gives the pro-Clipper people something to throw  
back in your face.  How about changing "disinformation campaign" to  
"education campaign"?  It has a more positive sound to it and doesn't  
limit you to only dry facts.  Education through speculation,  
hyperbole, and satire can be effective and is ethical if the reader  
can recognize when you are engaging in speculation, hyperbole, or  
satire (my opinion, of course). 


Jim_Miller at suite.com





From tcmay at netcom.com  Wed Feb 23 12:48:22 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 23 Feb 94 12:48:22 PST
Subject: Disinformation (or the Truth?) About Clipper
In-Reply-To: <9402232015.AA01702@bilbo.suite.com>
Message-ID: <199402232047.MAA14972@netcom9.netcom.com>


Jim Miller writes:

> I'm quite satisfied with this clarification (as if it matters to any  
> but me).
> 
> Still, I believe labeling your efforts a "disinformation campaign"  
> was a mistake.  It gives the pro-Clipper people something to throw  

Fair enough! I hereby agree not to use the term "disinformation
campaign," as it has clearly caused some confusion. 

It seems that any labelling of what we are doing, except by innocuous
labels liek "education campaign," will cause some confusion. For
example, I think it's clear that we are talking about a "smear
campaign": we are setting out to take what we know about Clipper and
what we _surmise_ about Clipper and use this to "smear" it, to
basically undermine trust in it and cause a public outcry or promises
of a boycott of Clipper products.

But calling it a "smear campaign" is equally impolitic, I guess.

I appreciated the thoughtful comments of folks like Jim Miller and
Phil Karn. I didn't especially care for the "me too" comments along
the lines of "Yeah, and like if we start lying and stuff, we'll like
be as bad as they are. And like then we'd _deserve_ Clipper."

(My apologies to Beavis and Butthead. Heh heh.)

Taking issue with the semantics of the term "disinformation," which I
clearly take in a broader sense than some do, is different from
cluelessly imputing dishonesty and lying to me.

I still say our goal should be to undermine support for Clipper.
Counter-propaganda, education, whatever. To me, spreading of rumors
which appear to have some foundation is completely legit: this is part
of what being educated really means.

As I keep saying, we certainly can read the many signs that point to
key escrow being made de facto the favored system, and perhaps the
only legal system, even though the "official" truths all are that the
standard is "voluntary." Sort of like the tax system in the U.S.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From collins at newton.apple.com  Wed Feb 23 13:28:12 1994
From: collins at newton.apple.com (Scott Collins)
Date: Wed, 23 Feb 94 13:28:12 PST
Subject: Why only public-key crypto?
Message-ID: <9402231914.AA23754@newton.apple.com>


  >I find this to be a strange statement.  Do we have no interest
  >in non-public key methods?  Seems the Cypherpunks should have
  >an interest in all forms of crypto.

It's not so strange.  Cypherpunks are trying to bring about social changes,
not primarily technological ones.  Crypto is here, and we want to change
our culture in a way where, through strong crypto, privacy becomes the norm
rather than the exception.

With this goal in mind, public-key systems are vastly more interesting
because they are the `social' solutions.


Scott Collins   | "That's not fair!"                         -- Sarah
                | "You say that so often.  I wonder what your basis
   408.862.0540 |  for comparison is."                 -- Goblin King
................|....................................................
BUSINESS.    fax:974.6094    R254(IL5-2N)    collins at newton.apple.com
Apple Computer, Inc.  5 Infinite Loop, MS 305-2D  Cupertino, CA 95014
.....................................................................
PERSONAL.    408.257.1746       1024:669687       catalyst at netcom.com







From 68954 at brahms.udel.edu  Wed Feb 23 13:45:47 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Wed, 23 Feb 94 13:45:47 PST
Subject: quetion about Multi-user systems
Message-ID: <Pine.3.89.9402231607.A18096-0100000@brahms.udel.edu>




	I myself have a Linux system at home, all set up with PGP and 
rather secure from outside thrats since it is unconnected from the net 
except for when I dial-up.  I was wondering what strategies some people 
use in order to make it easier to write and respond to mail.  I dont feel 
like writing a message at home, encrypting it and then U/Ling it to my 
acount and mailing it. Is there another wya to use PGP on my mail account 
wihtout severely reducng mysecurity? I know the Sysop can read my secring 
etc.. at any time and can also intercept my passkey for my secring, BUT I 
would still like to perhaps use a low security key from my Unix account 
and then have a high security key on my home system that is very safe.  
The problem is, figuring out which message goes to where and all.  Could 
someone with extnsive knowledge of PGP use on a Unix system help me out 
here>?


	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From mab at research.att.com  Wed Feb 23 13:45:55 1994
From: mab at research.att.com (Matt Blaze)
Date: Wed, 23 Feb 94 13:45:55 PST
Subject: Dorthoy Denning editorial, Newsday
Message-ID: <9402232143.AA08916@big.l1135.att.com>


Note: I'm just passing this on.  I am only the messenger.

------- Forwarded Message

Return-Path: research!cs.georgetown.edu!denning
Received: from big.l1135.att.com by codex.UUCP (4.1/4.7)
	id AA26751; Wed, 23 Feb 94 16:18:14 EST
Received: from research (research.research.att.com) by big.l1135.att.com (4.1/4.7)
	id AA08487; Wed, 23 Feb 94 16:18:13 EST
Posted-Date: Wed, 23 Feb 1994 16:16:09 -0500 (EST)
Received: by ninet.research.att.com; Wed Feb 23 16:17 EST 1994
Received: from cs (cs.cosc.georgetown.edu) by guvax.acc.georgetown.edu (PMDF
 V4.2-11 #5850) id <01H98BXBMQA88YCH3A at guvax.acc.georgetown.edu>; Wed,
 23 Feb 1994 16:16:33 EST
Received: from chair by cs (4.1/SMI-4.1.2) id AA01896; Wed,
 23 Feb 94 16:16:09 EST
Date: Wed, 23 Feb 1994 16:16:09 -0500 (EST)
From: denning at cs.georgetown.edu (Dorothy Denning)
Subject: Newsday Editorial
Errors-To: Postmaster at cs.georgetown.edu
Message-Id: <9402232116.AA01896 at cs>
Content-Transfer-Encoding: 7BIT

 ======================================================================
|           Newsday, Tuesday, February 22, 1994, Viewpoints            |
 ======================================================================


                    The Clipper Chip Will Block Crime
                                    
                          By Dorothy E. Denning


   Hidden among the discussions of the information highway is a fierce
debate, with huge implications for everyone.  It centers on a tiny
computer chip called the Clipper, which uses sophisticated coding to
scramble electronic communications transmitted through the phone
system.

   The Clinton administration has adopted the chip, which would allow
law enforcement agencies with court warrants to read the Clipper codes
and eavesdrop on terrorists and criminals.  But opponents say that, if
this happens, the privacy of law-abiding individuals will be a risk.
They want people to be able to use their own scramblers, which the
government would not be able to decode.

   If the opponents get their way, however, all communications on the
information highway would be immune from lawful interception.  In a
world threatened by international organized crime, terrorism, and rogue
governments, this would be folly.  In testimony before Congress, Donald
Delaney, senior investigator with the New York State Police, warned
that if we adopted an encoding standard that did not permit lawful
intercepts, we would have havoc in the United States.

   Moreover, the Clipper coding offers safeguards against casual
government intrusion.  It requires that one of the two components of
a key embedded in the chip be kept with the Treasury Department and the
other component with the Commerce Department's National Institute of
Standards and Technology.  Any law enforcement official wanting to
wiretap would need to obtain not only a warrant but the separate
components from the two agencies.  This, plus the superstrong code and
key system would make it virtually impossible for anyone, even corrupt
government officials, to spy illegally.

   But would terrorists use Clipper?  The Justice Department has
ordered $8 million worth of Clipper scramblers in the hope that they
will become so widespread and convenient that everyone will use them.
Opponents say that terrorists will not be so foolish as to use
encryption to which the government holds the key but will scramble
their calls with their own code systems.  But then who would have
thought that the World Trade Center bombers would have been stupid
enough to return a truck that they had rented?

   Court-authorized interception of communications has been essential
for preventing and solving many serious and often violent crimes,
including terrorism, organized crime, drugs, kidnaping, and political
corruption.  The FBI alone has had many spectacular successes that
depended on wiretaps.  In a Chicago case code-named RUKBOM, they
prevented the El Rukn street gang, which was acting on behalf of the
Libyan government, from shooting down a commercial airliner using a
stolen military weapons system.

   To protect against abuse of electronic surveillance, federal
statutes impose stringent requirements on the approval and execution
of wiretaps.  Wiretaps are used judiciously (only 846 installed
wiretaps in 1992) and are targeted at major criminals.

   Now, the thought of the FBI wiretapping my communications appeals to
me about as much as its searching my home and seizing my papers.
But the Constitution does not give us absolute privacy from
court-ordered searches and seizures, and for good reason.  Lawlessness
would prevail.

   Encoding technologies, which offer privacy, are on a collision
course with a major crime-fighting tool: wiretapping.  Now the
Clipper chip shows that strong encoding can be made available in a way
that protects private communications but does not harm society if it
gets into the wrong hands.  Clipper is a good idea, and it needs
support from people who recognize the need for both privacy and
effective law enforcement on the information highway.

 ======================================================================
| Copyright Newsday.  All rights reserved.  This article can be freely |
| distributed on the net provided this note is kept intact, but it may |
| not be sold or used for profit without permission of Newsday.        |
 ======================================================================

------- End of Forwarded Message






From hfinney at shell.portal.com  Wed Feb 23 13:49:02 1994
From: hfinney at shell.portal.com (Hal)
Date: Wed, 23 Feb 94 13:49:02 PST
Subject: Digitally Signing Physical Objects
Message-ID: <199402232149.NAA06130@jobe.shell.portal.com>


Tim has an interesting point on the use of digital signatures.

A variation is to use an "undeniable" signature.  This is a signature which
can only be checked with the cooperation of the signer.  However, the protocol
is such that the signer cannot cheat and try to deny a valid signature
(hence the name).  This could be used by manufacturers to authenticate
their products only to certain customers; for example, to customers who have
paid for them.

This might be especially useful for software, although Tim's idea would
extend it to any object for which the authentication is especially valuable.
PGP is distributed signed by Phil Zimmermann using an ordinary digital
signature.  This allows anyone to verify that it is a good package, free
of viruses or trap doors.  If it instead had an undeniable signature, this
verification would require interacting with Phil (or his agent) via a
protocol; but at the end the same assurance would result.  This kind of
signature would be more appropriate with a payware product.

Undeniable signatures cannot be passed on from one person to another.
If Alice verifies Bob's undeniable signature, she can't prove to Charlie
that the signature is good.  She can claim it is good, and assure Charlie
that it is good based on her own reputation, but Charlie can in general not
be convinced unless he verifies it himself directly with Bob.

Hal





From mech at eff.org  Wed Feb 23 13:58:05 1994
From: mech at eff.org (Stanton McCandlish)
Date: Wed, 23 Feb 94 13:58:05 PST
Subject: NIST Crypto Update (fwd)  - a Feb 4 doc we somehow missed...
Message-ID: <199402232157.QAA26990@eff.org>


Forwarded message:


From mpj at csn.org  Wed Feb 23 14:00:33 1994
From: mpj at csn.org (Michael Johnson)
Date: Wed, 23 Feb 94 14:00:33 PST
Subject: Give me your privacy and I will protect you.
Message-ID: <199402232200.AA11339@teal.csn.org>


The following letter was received anonymously via USPS, postmarked "SUBURBAN
MD MSC 206, 19 FEB 94 PM, and printed using an HP DeskJet printer in 12 point
courier type.  I thought that I would share it with you, not because I agree
with it (I don't), but because I thought that it was interesting that it has
been the ONLY comment I have received on my paper that expressed
disagreement.  Note that the entertaining mis-spelling of "imperfect writing"
is the original author's, and not mine.  For a copy of the paper I refer to,
ftp csn.org:\mpj\cryptusa.* or see my posting in alt.privacy and
talk.politics.crypto

****************************************************************

TO:  Michael Paul Johnson

Re:  Data Encryption Software and Technical Data Controls in the
United States of America

     Read  your  document.   You  made very sweeping statements.
Obviously, you are not an expert for all the material addressed.
Educated people, when not an  expert,  cite  to  references  for
positions articulated in a paper.

     One  example  of  your imprefect writting style is the "law
enforcement" section.  You never mentioned  or  solved  the  law
enforcement  community's  efforts  in  detecting the transfer of
illegal drugs.

     Your paper needs a major rewrite.

FROM:  Not Impressed

****************************************************************

I won't waste time on a rebuttal.  I just want to say that I consider traffic
in harmful drugs to be a major problem.  I'm not willing to give up my
Constitutional rights in the War on Drugs, but I am glad that there are law
enforcement agents who are intelligent enough to be a real threat to
criminals without being a threat to the honest citizens that they are hired
to protect.  In fact, I believe that the vast majority of law enforcement
agents fall in this category.

Just say "NO!" to harmful drugs, promiscuous sex, the ITAR's restrictions on
strong cryptography, and Key Escrow!  Write YOUR Congressional Representative
NOW and express support for Maria Cantwell's bill to ease restrictions on
privacy software!





From mech at eff.org  Wed Feb 23 14:11:31 1994
From: mech at eff.org (Stanton McCandlish)
Date: Wed, 23 Feb 94 14:11:31 PST
Subject: NIST Fed. Info. Processing Standard for EES (Clipper/Skipjack)
Message-ID: <199402232211.RAA27342@eff.org>


Forwarded message:


From mpjohnso at nyx10.cs.du.edu  Wed Feb 23 14:12:49 1994
From: mpjohnso at nyx10.cs.du.edu (Michael Johnson)
Date: Wed, 23 Feb 94 14:12:49 PST
Subject: pgp tools
Message-ID: <9402232211.AA20484@nyx10.cs.du.edu>




 So, is soda still the archive (have I missed a major announcement?)?
 Is there a later version of pgptools?

Try csn.org:/mpj/I_will_not_export/crypto_???????/pgp_tools
See csn.org:/mpj/README.MPJ for the ??????? 

 Is there an approved of pool or newsgroup to send messages to Pr0duct
Cypher? I hate to add to the cypherpunks traffic with comments directly
to him/her. (We NEED to get the return addresses working, or Pr0duct

Try posting to alt.test, with the subject "ignore Pr0duct Cipher"







From mpjohnso at nyx10.cs.du.edu  Wed Feb 23 14:16:03 1994
From: mpjohnso at nyx10.cs.du.edu (Michael Johnson)
Date: Wed, 23 Feb 94 14:16:03 PST
Subject: MacPGP is at csn.org.  See /mpj/README.MPJ
Message-ID: <9402232214.AA21866@nyx10.cs.du.edu>



Can anyone give me a FTP site where MacPGP is available.  i think the Ratings idea is brilliant.

MacPGP is at nic.funet.fi and csn.org:/mpj/I_will_not_export/crypto_???????/pgp
(see /mpj/README.MPJ for export restrictions and the real characters to go in
place of ???????).

MacPGP is also on the Colorado Catacombs BBS (303-938-9654).






From talon57 at well.sf.ca.us  Wed Feb 23 14:17:15 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Wed, 23 Feb 94 14:17:15 PST
Subject: MISC: Internet scare
Message-ID: <199402232217.OAA27826@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----

*****************************************************************
 NOTE: This message has been digitally signed. It is to be
reproduced in it's entirety or not at all. Any attempt to reproduce
any portion of it, or quote from it, should be taken as an attempt
to manipulate.

 This particularly applies to members of any intelligence
organizations , members of the Clipper community and/or their
contractors.
*****************************************************************



 I was just wondering if the recent internet "Sniffer" alert had
anything to do with any intelligence organizations. Was it an
attempt by "friendly spies" to gain competitive intelligence? Was
it an attempt by NSA/Clipper community and their allies to make a
point? ( See! Your vulnerable! You need clipper!)

 

Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced comunication is
                  indistinguishable from noise." --Steve Witham
  
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWvTc9CcBnAsu2t1AQEZaQP/RnFclrdOG70nwGJRTfUvv9BB7e4zUK+y
VGCoohyOb6NRjC1ZN8aOegbH+2VfyhFHITp/SfYFRKcNKXXsaUXhgYm8AVzR7GNz
rgwpYZV098yHp8eeBkUT7U8VfDIwQL4F8GXkT4Hs/IhfMffgARdg/IUuk5qzlvrv
KqSJ3iZ9Py4=
=YOX9
-----END PGP SIGNATURE-----






From tcmay at netcom.com  Wed Feb 23 14:32:19 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 23 Feb 94 14:32:19 PST
Subject: Give me your privacy and I will protect you.
In-Reply-To: <199402232200.AA11339@teal.csn.org>
Message-ID: <199402232232.OAA18264@mail.netcom.com>


Michael Johnson writes:

> I won't waste time on a rebuttal.  I just want to say that I consider traffic
> in harmful drugs to be a major problem.  I'm not willing to give up my
> Constitutional rights in the War on Drugs, but I am glad that there are law
> enforcement agents who are intelligent enough to be a real threat to
> criminals without being a threat to the honest citizens that they are hired
> to protect.  In fact, I believe that the vast majority of law enforcement
> agents fall in this category.
> 
> Just say "NO!" to harmful drugs, promiscuous sex, the ITAR's restrictions on
> strong cryptography, and Key Escrow!  Write YOUR Congressional Representative
> NOW and express support for Maria Cantwell's bill to ease restrictions on
> privacy software!

I find it useful to imagine myself carrying the sentence myself for
all criminal violations I support (the laws, not the crimes
themselves). Thus, I would be willing to carry out harsh sentences,
even the death penalty, in certain violent crimes or thefts. Rape,
murder, arson, etc.

I would not be willing to enforce laws against "promiscuous sex" or
"harmful drugs." These may or may not be "unproductive" and even
"dangerous" activities, but provided I am not directly affected, it's
none of my business. 

(The issue of drug-related crime is unrelated to the act of taking
drugs, per se. The illegality of drugs results in high prices, street
crime, impure drugs, accidental overdoses, etc. This was the same
situation with Prohibition. Alcohol is indeed harmful, more so than
nearly any modern drug, and yet Prohibition was wrong. That it was
associated with crime and the rise of the Mob was not a reason to
continue it.)

"Lost productivity" and/or the "costs of caring with addicts and AIDS
victims" are other reasons cited to keep certain behaviors illegal.
Well, your productivity, lost or otherwise, does not belong to me. If
it did, I would ban television and the excessive use of the Internet.

Remember the good old American creed: "That's none of your business."
And, "A man's home is his castle." What people do with their lives is
not for me to interfere with. The essence of Cypherpunkdom.

Sorry for lapsing into a political speech, but I hate it when folks
don't think through the implications of what they say. Comparing the
need to control "promiscuous sex" and "harmful drugs" to the fight for
privacy and strong cryptography is pretty bizarre.

I urge you to do some more thinking.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."








From hlin at nas.edu  Wed Feb 23 14:39:31 1994
From: hlin at nas.edu (Herb Lin)
Date: Wed, 23 Feb 94 14:39:31 PST
Subject: A technical question re crypto technologies: DES and RSA
Message-ID: <9401237620.AA762053856@nas.edu>



Folks -- can I get your input on the following technical questions?

When implemented with "ordinary" hardware and software, I understand that
RSA is very slow compared to DES for "equivalent" levels of protection.
Question 1: How much slower?

I've heard the possibility exists of designing special purpose hardware
that would greatly speed up RSA.
Question 2: Please comment on the feasibility of this scheme.

thanks  herb





From wallace at cs.widener.edu  Wed Feb 23 14:44:14 1994
From: wallace at cs.widener.edu (Achbed Manganime)
Date: Wed, 23 Feb 94 14:44:14 PST
Subject: Clipper et al.
Message-ID: <9402232247.AA00710@cs.widener.edu>


	I think that the Clipper system has it's heart in the right
place, but that it still has quite a few problems in implimentation.
The keys to the system are kept separate, but NEVER is anything
competely safe or foolproof. The keys, once used, have been exposed to
about 10-15 different officials who, at their own leisure, may make a
copy of the key and use it. Every time a key is used, more people have
the opportunity to get it. After 800 wiretaps, the system is virtually
useless. 

	Through the use of Clipper and other various technologies, the
US government is trying to hedge its way into control of the Net. This
is not neccesarily a good thing. I think that the Net should have its
own system of governemt: common sense. There would be no "President".
There would only be a "Congress" of the people, which would include
everyone. It could be set up as a newsgroup, or something. The use of
keyed signatures would come in handy so that people would not be able
to "stuff" the "votes", etc. I think it would be an interesting
experiment. The "net.gov" would have its own electronic embassy, and
the indivdual world governments would not be able to "force" their
will upon everyone. The problem with a government making laws against
certain on-line actions is that not all people are actually located in
that country. The whole thing gets messier from there. A net.gov would
solve a lot of problems. Any ideas? (I admit, it's not too
appropriate, but I decided to get the discussion going. :) )

	- DW -

wallace at cs.widener.edu -- Sig of the Day -- Dennis.S.Wallace at cyber.widener.edu
"Who the hell is Cthulu?" - Mark Schroy







From ses at osf.org  Wed Feb 23 14:55:56 1994
From: ses at osf.org (Sam Shipman)
Date: Wed, 23 Feb 94 14:55:56 PST
Subject: Clipper is voluntary?  Hah!
Message-ID: <9402232255.AA15899@postman.osf.org>



I was just mulling over the assertion that Clipper would be a
"voluntary" standard, and I thought of an analogy.  At best (i.e.,
assuming the Government's not lying, which is sort of like assuming
smoking doesn't cause lung cancer), Clipper would be a voluntary
standard in much the same sense that VHS videocassettes are now a
voluntary standard.  If you don't like it, you can always get Beta.
Of course, good luck renting videos, exchanging tapes with your
friends, buying blank tapes, etc.

Note: I haven't read everything about this controversy that's come
across this list, so if it turns out that I've independently
reinvented this, then sorry for wasting your time.

Sam Shipman
  speaking only for myself, as usual
   (nobody else will)





From ejohnson at pmip.dist.maricopa.edu  Wed Feb 23 15:03:40 1994
From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson)
Date: Wed, 23 Feb 94 15:03:40 PST
Subject: quetion about Multi-user systems
Message-ID: <199402232303.QAA02508@pmip.dist.maricopa.edu>


: From owner-cypherpunks at toad.com Wed Feb 23 15:13:16 1994
: Subject: quetion about Multi-user systems
: To: cypherpunks at toad.com
: Mime-Version: 1.0
: Content-Type: TEXT/PLAIN; charset=US-ASCII
: Sender: owner-cypherpunks at toad.com
:
:
:
: 	I myself have a Linux system at home, all set up with PGP and 
: rather secure from outside thrats since it is unconnected from the net 
: except for when I dial-up.  I was wondering what strategies some people 
: use in order to make it easier to write and respond to mail.  I dont feel 
: like writing a message at home, encrypting it and then U/Ling it to my 
: acount and mailing it. Is there another wya to use PGP on my mail account 
: wihtout severely reducng mysecurity? I know the Sysop can read my secring 
: etc.. at any time and can also intercept my passkey for my secring, BUT I 
: would still like to perhaps use a low security key from my Unix account 
: and then have a high security key on my home system that is very safe.  
: The problem is, figuring out which message goes to where and all.  Could 
: someone with extnsive knowledge of PGP use on a Unix system help me out 
: here>?
:
:
: 	You're eqipped with a hundred billion nueron brain, that's
: 	wired and fired, and it's a reality generating device, but
: 	you've got too do it.  Free youself  ----Tim Leary----

Why not use UUCP?

	--Eric





From tcmay at netcom.com  Wed Feb 23 15:14:33 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 23 Feb 94 15:14:33 PST
Subject: "Surveillance is Security," says Winston May
In-Reply-To: <9402232247.AA00710@cs.widener.edu>
Message-ID: <199402232315.PAA25185@mail.netcom.com>




Achbed Manganime writes:

> 	I think that the Clipper system has it's heart in the right
> place, but that it still has quite a few problems in implimentation.

Assuming that Clipper becomes the de facto legal standard (if it's
"just" an AT&T  Clipperphone product, who cares?), the concept of
mandatory key escrow and criminal prosecution of anyone caught (how?)
not escrowing their keys is *anathema* (that means "completely
against") to the most basic of individual rights. The implementation
details which Achbed objects to are completely secondary to the basic
concept of key escrow.

We've debated this so many times, especially last spring, but with 750
people on the Cypherpunks list, many of them new subscribers,
apparently we need to discuss the issues some more. I lack the energy
to write a detailed rebuttal of key escrow, having written my first
one in October 1992, 5 months before Clipper was announced, so I'll
just draw some parallels to crypto key escrow:

* Lock Escrow. To meet law enforcement needs, all locks on doors,
windows, safes, and other locked containers must have their keys
escrowed with the local police. Adequate safeguards will be in place
to ensure that the police use these escrowed keys when they really
need to. As Professor Dotty Dunning puts it, "Locked doors are not
needed by honest citizens."

* Photo Escrow. To cope with the rise of child porn and snuff films,
photo processors will be enlisted in the War on Illegal Images. All
film submitted for processing will be double-printed (the customer
will pay for this, as with Clipper "key escrow"). Copies of all photos
will be kept on permanent file at the local Photo Escrow Facility,
maintained jointly by the National Education Endowment and the
National Reconnaissance Office. The NEA and NRO will turn over photos
ot those with the appropriate need.

Polaroid cameras will be banned. A video camera standard has not yet
been developed, so in the meantime, the government will make it more
difficult for camcorders and VCRs to be imported from Japan and
Taiwan.

* Diary Escrow. Since many illegal acts are described in the pages of
diaries and journals, the Administration has adopted this voluntary
page escrow system. Failure to escrow one's diary pages will not in
itself be a crime, but may taken as probable cause for a search of
one's house and/or prosecution as a RICO offender or CypherPervert.
Lawrence Detweiler, of the Colorado Legion of Decency, has accepted
the position of Inquisitioner.

Please understand that these proposals have a few rought edges in
implementation that need to be worked out, but their "hearts are in
the right places." Under Big Bro's boot, that is.

War is Peace, Freedom is Slavery, Surveillance is Security!


--Winston May 


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From avalon at coombs.anu.edu.au  Wed Feb 23 15:48:02 1994
From: avalon at coombs.anu.edu.au (Darren Reed)
Date: Wed, 23 Feb 94 15:48:02 PST
Subject: Clipper questions...
Message-ID: <9402232347.AA17408@toad.com>



Umm, with Clipper, will it be illegal to use other encryption in
addition to clipper ?

ie text -> des -> clipper -> des -> text

Or is that (other encryption being illegal) likely to be a result
of followup legislation ?

And also, how will anyone know if you are without several court
orders ? :-)  At least, now for the NSA, they don't have to worry
about legalities when it comes to decrypting DES (assuming they can)
so why would they push for Clipper if it restricted them more ?

(Sorry, I don't read much of the flame wars on this after the first
 few responses, if this has already been brought up)





From 68954 at brahms.udel.edu  Wed Feb 23 15:51:12 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Wed, 23 Feb 94 15:51:12 PST
Subject: quetion about Multi-user systems
In-Reply-To: <199402232303.QAA02508@pmip.dist.maricopa.edu>
Message-ID: <Pine.3.89.9402231852.A24788-0100000@brahms.udel.edu>


sOn Wed, 23 Feb 1994, Eric Johnson wrote:

> : would still like to perhaps use a low security key from my Unix account 
> : and then have a high security key on my home system that is very safe.  
> : The problem is, figuring out which message goes to where and all.  Could 
> : someone with extnsive knowledge of PGP use on a Unix system help me out 
> : here>?
> 
> Why not use UUCP?
> 
> 	--Eric
>
	I was just advised to do that.  the problem is I would
	need to write something to allow me to do it without the
	sysadmins knowledge here.  He doesnt take kindly to
	anything like this at all. I mean he REALLY doesnt like
	it, and I want to make sure he doesnt get alerted
	obviously to it.  So perhaps I could just download my
	inbox, but then sending the mail messages may be
	difficult, since their is no place I can just send them.
	Perhaps someone hs already written a script to do this?
	I figure yo could just upload a file with all of your
	replies and new mail, and then have a script mail each of
	those letters.  That way my secret key stay on my home
	system, very safe, and I can use emacs to answer read and
	encrypt all my mail with ease.  This actually may be a
	good project, since it would make it alot easier for
	people to use PGP on multi-user systems.

	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From 68954 at brahms.udel.edu  Wed Feb 23 15:56:33 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Wed, 23 Feb 94 15:56:33 PST
Subject: quetion about Multi-user systems
In-Reply-To: <199402232303.QAA02508@pmip.dist.maricopa.edu>
Message-ID: <Pine.3.89.9402231821.A4166-0100000@brahms.udel.edu>


On Wed, 23 Feb 1994, Eric Johnson wrote:

> : would still like to perhaps use a low security key from my Unix account 
> : and then have a high security key on my home system that is very safe.  
> : The problem is, figuring out which message goes to where and all.  Could 
> : someone with extnsive knowledge of PGP use on a Unix system help me out 
> : here>?
> :
> :
> 
> Why not use UUCP?
> 
> 	--Eric
>
	Sad truth is, I would never get my admins permission to
	do so, so I need to either set up just a script to
	download my inbox //usr/var/spoolwhateveritis and then
	use emacs at home, like was suggested to me, with RNMAIL
	to read and reply and encrypt all my messages at home.
	This way my key stays secure.  All I really need to learn
	is how to upload all my new mail and then get it to be
	sent to the proper addresses.  Perhaps someone could help
	me write  a script for that.

	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From sergey at delbruck.pharm.sunysb.edu  Wed Feb 23 16:00:26 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Wed, 23 Feb 94 16:00:26 PST
Subject: STEALTH OCEANS
Message-ID: <Pine.3.89.9402231850.A1835-c200000@delbruck.pharm.sunysb.edu>



This is my first post to this list, so please don't flame me if I make
some trivial mistake. %->


IDEA Re: making random noise files "undetectable"...
~~~~~~~  On many machines the file system allows users to "delete" files
         without actually deleting them.  This is usually accomplished by
         simply marking the disk blocks that make up the file as free.
         Thus it should be possible to write an encrypted (noise) file on 
         to disk, pad the rest of the disk with more noise and "delete" the
         whole thing, making the disk look blank to all casual observers.

PROBLEM: If the above idea is implemented, one could not write on to the
~~~~~~~  the disk for fear of accidentaly overwriting the "free" disk blocks.

SOLUTION: Knowing the _exact_ location and size of the file, one could write 
~~~~~~~~  directly to those block which are _really_ free.

2nd PROBLEM: In order to decrypt the file, one needs to know it's 
~~~~~~~~~~~  _exact_ location and size (or use some undelete util)...
             Which brings me to the...

3rd PROBLEM: An undelete utility could make recovering the encrypted
~~~~~~~~~~~  file trivial for _anyone_.

SOLUTION: Make the file undetectable to udelete utilitys by modifying
~~~~~~~~  the FAT table, or equivalent.  One would, of course, have to keep
          track of the file in some other, non-standard, way.

FINAL(?) PROBLEM: Implementing the above idea is trivial for the average
~~~~~~~~~~~~~~~~  user.  Making and recovering truely undetectable files 
                  may not be.


                                 All feedback welcome,

                                     Sergey


    ------------------------------------------------------------------
    *                                                                *
    * This is a repost of a message I posted on this list on Feb. 18 *
    * I am reposting in hope of further feedback fromm other readers *
    *                                                                *
    ------------------------------------------------------------------




From nowhere at bsu-cs.bsu.edu  Wed Feb 23 16:07:32 1994
From: nowhere at bsu-cs.bsu.edu (Anonymous)
Date: Wed, 23 Feb 94 16:07:32 PST
Subject: No Subject
Message-ID: <9402240007.AA18571@bsu-cs.bsu.edu>


This question has come up a couple of times lately, and nobody seems to
be talking.

Does anyone know the budget size and sources for CERT?  Is CERT
'officially' part of the government or do they operate independently?
And could a FOIA request yield results, do you think?

*waves to the CERT guys reading this letter.  They are monitoring this 
group, I have proof!*







From shipley at merde.dis.org  Wed Feb 23 16:14:37 1994
From: shipley at merde.dis.org (Evil Pete)
Date: Wed, 23 Feb 94 16:14:37 PST
Subject: quetion about Multi-user systems
In-Reply-To: <199402232303.QAA02508@pmip.dist.maricopa.edu>
Message-ID: <9402240014.AA03561@merde.dis.org>


>
>Why not use UUCP?
>

For friends/places I send a lot of email I do set up a direct uucp link
so the email can not be intercepted. 





From mch at sqwest.wimsey.bc.ca  Wed Feb 23 16:16:49 1994
From: mch at sqwest.wimsey.bc.ca (Mark C. Henderson)
Date: Wed, 23 Feb 94 16:16:49 PST
Subject: quetion about Multi-user systems
Message-ID: <199402240012.AA35370@sqwest.west.sq.com>


-----BEGIN PGP SIGNED MESSAGE-----

Subject: Re: quetion about Multi-user systems

> sOn Wed, 23 Feb 1994, Eric Johnson wrote:
> 
> > : would still like to perhaps use a low security key from my Unix account 
> > : here>?
> > 
> > Why not use UUCP?
> > 
> > 	--Eric
> >
> 	I was just advised to do that.  the problem is I would
> 	need to write something to allow me to do it without the
> 	sysadmins knowledge here.  He doesnt take kindly to

The simplest solution is to get UUCP service from a commercial 
provider. (The cost should be somewhere around $20/month)

Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLWvwreULSAGiySfVAQGa3wP5AVIiNtKJx95YHzXm54xVRlEMEUhJ8CCV
gkVXF/GoqZolBA0kZJ7nLIXnocV9n676LFqyN8/wRHqLGJKr8hIM2o/ipEg4dOgr
qWpkWm+uLQlZOLxclvFSptOygwMS2AMz4OVID2kAVCPJGmCrO8rxnUXT8j4dY4gK
ME7l/naYYPY=
=Oul+
-----END PGP SIGNATURE-----





From mg5n+ at andrew.cmu.edu  Wed Feb 23 16:20:10 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Wed, 23 Feb 94 16:20:10 PST
Subject: pgp tools
In-Reply-To: <9402232211.AA20484@nyx10.cs.du.edu>
Message-ID: <ohOz8bK00awN85TFFa@andrew.cmu.edu>


Michael Johnson wrote, appearantly quoting someone else:

>  Is there an approved of pool or newsgroup to send messages to Pr0duct
> Cypher? I hate to add to the cypherpunks traffic with comments directly
> to him/her. (We NEED to get the return addresses working, or Pr0duct
>
> Try posting to alt.test, with the subject "ignore Pr0duct Cipher"

Well, s/he could get an anonymous address thru my Andrew remailer...  if
e's willing to trust me. :)  I'd like to see some more sites offer
anonymous return addresses, so people wouldn't have to rely on a single
remailer.

Anyway, the address is: mg5n+getid at andrew.cmu.edu


On the subject of return addresses, let me know what you think of this:

It would be theoretically possible to write a RSA key generation program
that would create keys in which all the moduli matched, except for the
last 20-30 digits.  This was discussed awhile ago in the discussion of
how to forge keyids.  (You could also create keys which had the last
digits the same, but the first digits different so that they'd have
different PGP key IDs.)

What if a remailer was designed such that it would accept addresses of
the format:

<modulus first 50 bits><exponent>@anon.pool.org

The remailer would then take that information, append a pre-defined
ending to form the modulus, then use the exponent (which could be
relatively small) to encrypt the message in PGP format, and then post it
to a mail pool.  This would allow you to make PGP public keys small
enough to easily fit inside the To: header, something which can't be
done with current PGP-encrypted return addresses.  That way, even the
most crypto-illiterate technophobe could send a message to an anonymous
person simply by hitting the R key.  The remailer operator would not
have to keep a database of anonymous addresses, either, (a problem with
anon.penet.fi, which has over 75000 users)

Key generation would be somewhat more difficult, but I don't see how
generating keys with similiar moduli could be a security problem.





From sergey at delbruck.pharm.sunysb.edu  Wed Feb 23 16:26:05 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Wed, 23 Feb 94 16:26:05 PST
Subject: STEALTH OCEANS
Message-ID: <Pine.3.89.9402231907.A2008-0100000@delbruck.pharm.sunysb.edu>


This is my first post to this list, so please don't flame me if I make
some trivial mistake. %->


IDEA Re: making random noise files "undetectable"...
~~~~~~~  On many machines the file system allows users to "delete" files
         without actually deleting them.  This is usually accomplished by
         simply marking the disk blocks that make up the file as free.
         Thus it should be possible to write an encrypted (noise) file on 
         to disk, pad the rest of the disk with more noise and "delete" the
         whole thing, making the disk look blank to all casual observers.

PROBLEM: If the above idea is implemented, one could not write on to the
~~~~~~~  the disk for fear of accidentaly overwriting the "free" disk blocks.

SOLUTION: Knowing the _exact_ location and size of the file, one could write 
~~~~~~~~  directly to those block which are _really_ free.

2nd PROBLEM: In order to decrypt the file, one needs to know it's 
~~~~~~~~~~~  _exact_ location and size (or use some undelete util)...
             Which brings me to the...

3rd PROBLEM: An undelete utility could make recovering the encrypted
~~~~~~~~~~~  file trivial for _anyone_.

SOLUTION: Make the file undetectable to udelete utilitys by modifying
~~~~~~~~  the FAT table, or equivalent.  One would, of course, have to keep
          track of the file in some other, non-standard, way.

FINAL(?) PROBLEM: Implementing the above idea is trivial for the average
~~~~~~~~~~~~~~~~  user.  Making and recovering truely undetectable files 
                  may not be.


                                 All feedback welcome,

                                     Sergey


PS:  I originally posted this message on Feb. 18, '94
        I am now reposting in hope of recieving more feedback from other 
        readers.

PPS:  Please forgive me for my previous repost.  I just realized it is
          illegible to anyone without MIME.







From fnerd at smds.com  Wed Feb 23 16:27:30 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Wed, 23 Feb 94 16:27:30 PST
Subject: Digitally Signing Physical Objects
Message-ID: <9402232354.AA10785@smds.com>


> 3. The shop or customer wishing to authenticate the part takes the
> number stamped on the part, runs it through the *public* key of the
> manufacturer (widely available, not kept secret, of course) and gets
> back the feature vector, which he can then compare to what he actually
> sees on the object.
> 
> (This clearly requires similar hardware to what was originally used by
> the manufacturer. And some tolerance for variations in intensity
> caused by equipment variations, wear, new scratches, etc., is needed.
...
> 4. A would-be forger cannot generate a "digital object signature" that
> correctly decrypts through the published public key. 
> --Tim May

This seems to have a tricky dependence on the tolerance.  The forger can
get a valid plaintext and signed feature vector.  So, if the tolerance 
for error is too low, you get false positives, but if it's too high, a 
forger could create something starting from the feature vector.  An
interesting CAD/CAM problem.

-fnerd
quote me

- - - - - - - - - - - - - - -
We shall have to evolve
Problem solvers galore
As each problem they solve
Creates ten problems more. --Piet Hein
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From wcs at anchor.ho.att.com  Wed Feb 23 16:32:13 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 23 Feb 94 16:32:13 PST
Subject: Prof. Denning's Newsday Editorial
Message-ID: <9402232346.AA22068@anchor.ho.att.com>


>  ======================================================================
> |           Newsday, Tuesday, February 22, 1994, Viewpoints            |
>  ======================================================================
>                     The Clipper Chip Will Block Crime
>                           By Dorothy E. Denning
>  .....
>  ======================================================================
> | Copyright Newsday.  All rights reserved.  This article can be freely |
> | distributed on the net provided this note is kept intact, but it may |
> | not be sold or used for profit without permission of Newsday.        |
>  ======================================================================

Dorothy Denning's article had a few interesting comments.

>    But would terrorists use Clipper?  The Justice Department has
> ordered $8 million worth of Clipper scramblers in the hope that they

Are you saying the Justice Department are terrorists? :-)
Or merely that this will subsidize the Clipperphone industry enough that
honest cryptosystems will have a harder time competing?

> will become so widespread and convenient that everyone will use them.
> Opponents say that terrorists will not be so foolish as to use
> encryption to which the government holds the key but will scramble
> their calls with their own code systems.  But then who would have
> thought that the World Trade Center bombers would have been stupid
> enough to return a truck that they had rented?

Someone from NIST was also quoted in the newspapers agreeing that
only the stupider criminals would use Clipper.  On the other hand,
the government is trying *very* hard to get the cellular phone
industry to adopt Clipper, and I would think this deserves a mention,
since the government's limitation on the number oflayers in the cellphone
market  means that citizens don't really have a choice.


>    Moreover, the Clipper coding offers safeguards against casual
> government intrusion.  It requires that one of the two components of
> a key embedded in the chip be kept with the Treasury Department and the
> other component with the Commerce Department's National Institute of
> Standards and Technology.  Any law enforcement official wanting to
> wiretap would need to obtain not only a warrant but the separate
> components from the two agencies.  This, plus the superstrong code and
> key system would make it virtually impossible for anyone, even corrupt
> government officials, to spy illegally.

I've found this claim to be one of the most annoying of the Clipper 
proponent's claims.  The chip does *not* support two-agency escrow;
it only has one key, necessitating some insecure keyloading procedure
like the NSA-two-agents-and-a-laptop-in-a-vault charade.
But the rules for handling the keys are only set by the attorney general,
not by law or technology, and they are carefully written NOT to mention
or forbid any other access by anyone else - especially the not-mentioned NSA.

> The FBI alone has had many spectacular successes that
> depended on wiretaps.  In a Chicago case code-named RUKBOM, they
> prevented the El Rukn street gang, which was acting on behalf of the
> Libyan government, from shooting down a commercial airliner using a
> stolen military weapons system.

Please correct me if I'm wrong, but isn't El Rukn the street gang that
the government got in a lot of political hot water about for
bribing informants with drugs, sex, and reduced prison sentences?


		Thanks;  Bill Stewart
		
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From jim at bilbo.suite.com  Wed Feb 23 16:52:56 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Wed, 23 Feb 94 16:52:56 PST
Subject: Digitally Signing Physical Objects
Message-ID: <9402240048.AA10082@bilbo.suite.com>




Could someone repost the "Digitally Signing Physical Objects" article  
(or mail it to me).  It never arrived at my site.

Thanks,

Jim_Miller at suite.com





From mnemonic at eff.org  Wed Feb 23 16:57:52 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Wed, 23 Feb 94 16:57:52 PST
Subject: Digital Telephony Bill 1994 (Draft)
Message-ID: <199402240057.TAA01928@eff.org>


Forwarded message:


From ebrandt at jarthur.claremont.edu  Wed Feb 23 16:58:51 1994
From: ebrandt at jarthur.claremont.edu (Eli Brandt)
Date: Wed, 23 Feb 94 16:58:51 PST
Subject: Clipper
In-Reply-To: <9402231715.AA10904@bambi.ccs.fau.edu>
Message-ID: <9402240058.AA18284@toad.com>


> Does Clinton have the right to listen in on NSA communication?  If he tried
> he might find that they aren't using Clipper internally (or that they keys
> aren't in the proper escrow locations).

Of course they aren't using Clipper, at least not for anything
sensitive.  They know better than that.  Clipper is not a secure
system.  Skipjack may be wonderful, but the whole setup totally
lacks key security.  Given their institutional paranoia, they
wouldn't touch Clipper with a 1024-bit prime.

   Eli   ebrandt at jarthur.claremont.edu





From wcs at anchor.ho.att.com  Wed Feb 23 17:02:51 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 23 Feb 94 17:02:51 PST
Subject: quetion about Multi-user systems
Message-ID: <9402240040.AA22465@anchor.ho.att.com>


The problem of managing PGP between your PC at home (whether DOS, Mac, or Unix)
and insecure machine at work/school/email-seller comes up a lot.
One way to handle it is to only do PGP at home, which is inconvenient,
but you can at least use workarounds like logging into the work system from home,
uploading the file with kermit or reading directly with POP,
decrypting, and reversing the process to respond.
A much less secure way is to only read it at work :-)
An intermediately insecure approach, depending on how paranoid you are,
is to have two public keys, a more secure one you use only at home,
and a less secure one (which you might as well use a short key for)
that you use for mail sent to your work account, and make sure you
only connect to directly, not from dumb terminals on terminal servers
or dialins, both of which may go across a LAN.  Since PGP lets you store 
multiple keys on your secret key ring, you *can* have your home machine
know about both keys, so you can upload and read the work mail at home.

Of course, if you want a really insecure approach, you can attach a modem
to your home system so you can kermit in to it from work, upload the file,
and decrypt it there, typing your "high security" password on the
multi-user Unix box across some LAN to a modem pool on a terminal server,
leaving 3-4 opportunities for someone to listen.

What do I do?  I used to not have a PC, so I did my PGP on my diskless
workstation, which was rabidly insecure, and indicated in my key's
user-description field that it was a multi-user system.
Now I do my work computing on a laptop, so it's the only placve I do PGP,
and it's ViaCrypt for legality.

		BIll
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From koontzd at lrcs.loral.com  Wed Feb 23 17:36:02 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Wed, 23 Feb 94 17:36:02 PST
Subject: Digital Telephony Bill 1994 (Draft)
Message-ID: <9402240134.AA00448@io.lrcs.loral.com>


>      (3) Penalties for monitoring radio communications that are not
>scrambled, encrypted, or non-public.
>      Section 2511(4)(b) of title 18, United States Code, is amended by
>deleting the phrase "or encrypted, then--" and inserting the following:
>          ", encrypted, or transmitted using modulation techniques whose
>essential parameters have been withheld from the public with the intention
>essential parameters have been withheld from the public with the intention
>of preserving the privacy or such communication, then--".

Is this meant to say it is okay to monitor encrypted communications?





From mnemonic at eff.org  Wed Feb 23 17:37:26 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Wed, 23 Feb 94 17:37:26 PST
Subject: Digital Telephony Bill 1994 (Draft)
In-Reply-To: <9402240134.AA00448@io.lrcs.loral.com>
Message-ID: <199402240137.UAA02579@eff.org>



David Koontz writes:
 
> >      (3) Penalties for monitoring radio communications that are not
> >scrambled, encrypted, or non-public.
> >      Section 2511(4)(b) of title 18, United States Code, is amended by
> >deleting the phrase "or encrypted, then--" and inserting the following:
> >          ", encrypted, or transmitted using modulation techniques whose
> >essential parameters have been withheld from the public with the intention
> >essential parameters have been withheld from the public with the intention
> >of preserving the privacy or such communication, then--".
> 
> Is this meant to say it is okay to monitor encrypted communications?
 
No. Encrypted communications are still as protected as they ever were.


--Mike








From mg5n+ at andrew.cmu.edu  Wed Feb 23 17:43:17 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Wed, 23 Feb 94 17:43:17 PST
Subject: 
In-Reply-To: <9402240007.AA18571@bsu-cs.bsu.edu>
Message-ID: <0hP0MLO00awNA7dmMM@andrew.cmu.edu>


Anonymous says:

> Does anyone know the budget size and sources for CERT?  Is CERT
> 'officially' part of the government or do they operate independently?
> And could a FOIA request yield results, do you think?
> 
> *waves to the CERT guys reading this letter.  They are monitoring
> this group, I have proof!*

Well, considering that CERT is headquartered here at Carnegie Mellon
University, and the fact that cypherpunks is gated to a local group at
this site, it wouldn't be unreasonable to assume that they could be
reading this...

As I understand it, CERT is a private orginization funded by the
government (DoD I think, but not sure).  I'll ask on one of the local
message areas here and see what info I can dig up...





From Seth.Morris at lambada.oit.unc.edu  Wed Feb 23 17:43:57 1994
From: Seth.Morris at lambada.oit.unc.edu (Seth Morris)
Date: Wed, 23 Feb 94 17:43:57 PST
Subject: argument for non-tech education (ie game)
Message-ID: <9402240143.AA29300@lambada.oit.unc.edu>


/*****************************************************************************
 Concepts, abstracts, and storyboards for possible cypherpunk-friendly
educational game. By Seth Morris, Feb, 1994.
 
 This isn't really an abstract anymore, it's an argumentative essay.
 It's pretty stilted and dry, and most of the good examples and concepts
are in the actual game descriptions (to be sent in another message).
 This is almost a call to arms, though, focusing on the nontechnical
generation on crypto users who will follow us.
 
** Abstract
 
 The documentation for PGP says:
 
        READ THE DOCUMENTATION...  Cryptography software is easy to misuse,
   and if you don't use it properly much of the security you could gain
   by using it will be lost!  You might also be unfamiliar with the
   concepts behind ... cryptography...  Even if you are already familiar
   with ... Cryptography, it is important that you understand the various
   security issues associated with using ... [cryptography].  It may not
   be important to read the fine print on a box of breakfast cereal, but
   it may be crucial to read the label of a prescription drug.
   Cryptography software is like pharmaceuticals-- so read the manual!
 
 The issues surrounding crypto and crypto related topics (including
anonymity, pseudoanonymous identity, reputations, DC nets, remailers,
digital cash/checks/banking, signatures, escrow, trust, and more) are
complex, but it is important that a user of the technology understand
them. It is far more important that the users be aware of non-cryptanalysis
attacks and problems associated with the technology than they be fully
conversant with the mathematics and cryptanalysis involved.
 An excellent example is the active man-in-the-middle attack. the PGP
documentation devotes many lines to explaining this, and the necessity
of not trusting a public key recieved from a public repository that is
not signed by a trusted introducer, yet the public key servers contain
many such unsigned keys. These people presumedly have not understood
(or have not read) the documentation.
 This is not unexpected. The PGP documentation, while well written, is
dense and information packed. It was written by people who understand
the issues well and have worked out enough examples to follow Alice and
Bob discussions with ease.
 Many of the users of PGP currently have not spent this time. They are
not used to thinking about their security from the point of view of an
attacker (this may be unusual to most cypherpunks, who have learned to
always analyze systems for weakness before strength, many having learned
this from physical security and self defense lessons, I assume), and
their eyes glaze over a little when the hypothetical discussion start.
 Try to explain the mathematics behind a large dining cryptographer net
to a group of relatively mathematically unsophistacated, nontechnical
people sometime. The mathematics involved is grade school, but it is
often difficult to get otherwise well educated people to understand the
complexities and implications, even after you have taken the time to
prove the untraceability of the system. Then try to get them to discuss
ways to solve the collision problems. They have not spent the last year(s)
of their lives attacking hypothetical systems or examining programming
solutions for practicality and (often more important) practicability.
 Even mathematically sophisticated friends of mine become uncomfortable
when the phrase "completely connected subgraph" comes out. Following the
discussion requires effort and examples, which in turn require both a
background and a willingness to follow the technical discussions.
 The next generation on crypto users will be nontechnical. The cypherpunks
motto is "cypherpunks write code," but we are finding that as the list grows
the percentage of active programmers on the list decreases. The nonprogrammers
are no less interested in having and using solutions to the problems
associated with crypto than the programmers. They are no less intelligent or
educated, certainly. Their suggestions for systems and protocols to solve
real problems are often excellent. But we are losing many of them due to
a lack of preparation on crypto issues.
 As foreign as it may seem to some of us, these people often use a database
without thinking about the file formats or sorting algorythms used, and
don't want to be told what they are.
 How many of the old-time cypherpunks have bought the books and read the
articles which detail the crypto systems we use? How many hours and dollars
have been spent preparing for the discussions on cypherpunks and Usenet?
 We cannot expect the next generation to have as strong an acedemic background
on crypto issues if we are to meet a stated goal of providing strong
crypto solution and related technologies to the bulk of the future network
users.
 Many of the future users of our crypto solutions are not even on the net
yet. They might be using local BBSes, or LANs at work or school, or
possibly using commercial online services which, if they even have an
Internet connection, do not advertise the services of the Internet or
Usenet as well as their own services (quite naturally).
 However, if you open any recent issue of Boardwatch Magazine (a monthly
for sysops of local BBSes), you will find internetwork connectivity featured
prominently in every recent issue, often appearing in all of the cover
articles. The Waldenbooks Computer Books flier for January had a different
guide to the Internet on every other page, in addition to the proliferation
of guides to commercial services and LANs. The growth rate of connected users
is astonishing.
 These people will be using the technologies developed and supported by
groups such as the cypherpunks, and they need to be aware of the issues
and complexities they will face. They cannot, however, be expected to
spend the time, money, and effort to educate themselves completely in
cryptology. Nothing will remove their need to read the manuals and some
basic (and yet to be written) guides, but if the general public is to
use a system, it should be readily usable without requiring an extensive
background. It should contain the education it requires. The PGP documentation
does a good job of this, but it may not remain enough as the interest
level of the users changes from "how does this work" to "how do I use
this" to "just tell me what to type."
 By way of analogy, you can program in C without reading style guides, K&R,
the C FAQ, or the standard and rationale. Some education is required, but
it is relatively easy to get, and is usually supplied with the compiler.
Those who take the time and trouble to do the additional research (and
most programmers eventually do) will be that much better prepared, but
there is no glaring omission in your basic education until then. A similar
analogy could be drawn with writing essays, or juggling torches -- perhaps
a better analogy, because of the obvious and the nonobvious dangers.
 
 Phil Zimmerman writes in the PGP documentation:
          I remember a conversation with Brian Snow, a highly placed senior
         cryptographer with the NSA.  He said he would never trust an
         encryption algorithm designed by someone who had not "earned their
         bones" by first spending a lot of time cracking codes.  That did make
         a lot of sense.  I observed that practically no one in the commercial
         world of cryptography qualified under this criterion.  "Yes", he said
         with a self assured smile, "And that makes our job at NSA so much
         easier."  A chilling thought.  I didn't qualify either.
 
 It makes sense also that the people expected in the future to provide
solutions in the real world should have experience and understanding of
non-cryptanalysis attacks and issues, as well.
 
 The problem is to expose a large number of computer users, many of whom
may not be on any large networks yet -- but are expected to be in the
near future -- and who do not yet think they need crypto solutions, to
the issues and complexities of crypto, without also exposing anyone to
any dangers. The education should be easy to use, should have incentive
to use, should have a scalable degree of technicality, should not cause
anyone undue concern regarding legal and ethical issues (those people
unwilling to read The Big Book of Mischief to learn about urban terrorism
should not be similarly reluctant to use the crypto educational products),
and should expose people to important concepts in crypto such as key
management, signatures, anonymity, untraceability, traffic analysis, and
key forgery without causing problems with export/import restrictions or
possible legal restrictions on crypto and crypto information in certain
locales.
 
 My opinion is that a game which incorporates crypto topics in the gameplay
could be made to satisfy all of these requirements. Written as a BBS door,
it could be run on a variety of BBSes across the world, exposing users
who may not currently be on major networks, or who may not even be aware
that issues of crypto and crypto politics even exist, to the complexities
and concerns by providing practical experience thinking about weaknesses
and attacks, and providing an oportunity to realize without prompting that
there are legitimate needs for strong crypto by law abiding persons and
companies today.
 First and foremost, of course, the game should be fun, with emphasis on
gameplay. I feel that simple exposure to the topics will educate many
people enough that should they read the documentation to a crypto product
(such as PGP), they will have enought preparation to understand the
importance of concerns the documentation stresses. Also, it is my opinion
that allowing players to experience option such as web-of-trust vs
heirarchial trust systems and escrow vs personal key management will
better educate voters and letter writers to be involved in their own
local legislative process.
 I also feel, of course, that most people, given a chance to experience the
options, will choose to support the cypherpunks positions of personal
choice and self determination. It is unnecessary to "stack" the game. Simply
include the options, and allow people to decide for themself.
 
 
 Actual ideas for the game in another message (as I've probably lost most
readers long ago!).
 
 Seth Morris (Seth.Morris at launchpad.unc.edu)
 
*****************************************************************************/





From mg5n+ at andrew.cmu.edu  Wed Feb 23 17:57:12 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Wed, 23 Feb 94 17:57:12 PST
Subject: Clipper
In-Reply-To: <9402240058.AA18284@toad.com>
Message-ID: <8hP0YcW00awN47dmsf@andrew.cmu.edu>


Eli Brandt <ebrandt at jarthur.claremont.edu> wrote:
> Of course they aren't using Clipper, at least not for anything
> sensitive.  They know better than that.  Clipper is not a secure
> system.  Skipjack may be wonderful, but the whole setup
> totally lacks key security.  Given their institutional paranoia,
> they wouldn't touch Clipper with a 1024-bit prime.

Skipjack might have a decent design, but considering that it uses 10
byte keys, it will probably be feasible to mount a brute-force attack on
it within a decade or so.  (As is currently possible with DES 7-byte
keys.)





From Seth.Morris at lambada.oit.unc.edu  Wed Feb 23 18:13:23 1994
From: Seth.Morris at lambada.oit.unc.edu (Seth Morris)
Date: Wed, 23 Feb 94 18:13:23 PST
Subject: My assumptions and game ideas for education door
Message-ID: <9402240212.AA02540@lambada.oit.unc.edu>


/*****************************************************************************
 Concepts, abstracts, and storyboards for possible cypherpunk-friendly
educational game. By Seth Morris, Feb, 1994.
                                                                                                   --Part 2
 
 This begins with a quick comment on the direction I'm heading at this idea
from. It is possible that some of my basic assumptions are invalid. I'm
stating them up front so y'all can criticize.
 
 
** Comments on my paradigm and assumptions
 
 One of the things I have noticed about my assumptions and the model under
which I am developing my thoughts is that I assume a threat stimulus to
encourage crypto. I assume that both the education and the usage of crypto
related systems is based on a perceived threat to privacy/security/anonymity/
safety/liberty/etc.
 Consequently, my focus in game design is to provide a threat to which only
crypto related systems can respond.
 I also assume a need to understand the threat in detail. If I didn't know
about an active man-in-the-middle attack (one of my favorite illustrations
for this argument), then I would have posted an unsigned key to the servers
long ago. As it is, I will not until I can get a relatively tusted signator.
I perceive a need to allow players of the game to understand and perhaps
orchestrate and use the attack so they will be aware of the relative futility
of unsigned keys and loose trust.
 This is what makes me seem like I'm advocating the net.book of spoofing and
skulduggery. I'm not. But if a player doesn't understand what facilitates
traffic analysis in detail, he or she won't avoid open, direct, and traceable
channels of communication for his or her sensitive information in real life.
 It's considered a relative truism in crypto that you shouldn't trust a
crypto system designed by someone who isn't a "real cryptologist" ie, who
hasn't "earned his or her bones" cracking weaker ciphers.
 If this is true, should we expect the next generation of crypto users
(presumed to be a large scale widespread and diverse group consisting of
a perhaps less technical cross section of net users who haven't had the
benefit of a year and a half of following and participating in cypherpunks
review of systems) to design relatively secure systems and protocols to meet
their real world needs without giving them a chance to experiment with and
understand the issues they will need to face?
 This doesn't mean having them actually write password sniffers and trace
through mail logs on a backbone site to find messages from a particular
entity. But it does mean understanding that some backbone sites could
do such a thing to them, and that their own sysadmin (or a less scrupulous
person ill-advisedly trusted by their sysadmin) could read or track their
own messages with relative impunity. The way to understand that is not faith,
but to know how it could be done, at least in relatively concrete theory.
(No need to post scripts to do it, just describe the types of logging and
filtering that are common and that are possible, and allow players of a
game to see what they could do with even relatively unspecific logs/filters.)
 
 Now... on to the ideas.
 
 There are several basic ideas... let me discuss the less attractive, more
derivative ideas first.
 
** Wargame/Trading game idea
 
 Imagine a wargame/trading game where communication between units involved
varying degrees of crypto/anonymity/signatures.
 I send a message to my generals in the field with their current orders,
encrypted. I send digital money to them to pay troops, outfit and repair
equipment, etc. I sign orders for authentication, and I use anonymous
methods for dealings with spies/mercs/black market. Perhaps a space trading/
espionage game loosely similar to Stephen R Donaldson's current five part
"Gap" series.
 Players would assume roles of initially rival masterminds, and would use
crypto techniques to control units, meet with spies, pay costs, SIGINT
track, perform traffic analysis on opponents operations, make alliances
(perhaps even anonymously: why would I want Alice knowing I'm helping her
against Bob... this might lead her to _support_ Bob against me to get him
off her back! But if money and info arrived anonymously, signed by an
anonymous name carrying a positive reputation... you get the idea), etc.
 
 This seems workable, if a little like every other BBS door on the market
(although perhaps that's because they're doing something right!). It doesn't
go too deeply into the issues of key management, denial-of-service, active
man-in-the-middle (someone said a while back that you can tell there's a
lot of people out there who don't understand crypto issues by counting the
number of unsigned keys on the servers... after playing a game where an
active man-in-the-middle attack is possible, either by players or a computer
controlled entity, I don't think a player would be as likely to make that
mistake!), DC nets (a favorite topic of mine), etc.
 Does do a good job of handling digital cash (with several currencies in
competing circulation, I'd assume... this happens in any war, and should in
any wargame... same with multiple market trading), reputations (especially if
the "human assets" part of wargaming/trading is emphasised).
 One particular problem I have is that this doesn't transfer as readily to
real life as I'd like. There's no obvious way to include key escrow as an
option (generally a BAD option, of course!), there's no obvious way to
indicate political and bureuacratic problems crypto currently entails to
excourage players to generalize their understanding.
 
 
 In general, it's very abstract. A marked contrast to my other thought.
 
** Cyberpunk game idea
 
 This is more of a Gibsonesque Cyberpunk game. This may be easier to follow
if you've played the "Neuromancer" computer game. (It may also be more
derivative of Pat Cadigan's _Synners_ than Gibson.)
 You take the part of a netrunner. Most players would probably be pet hackers
of megacorps. The net is less like the Matrix than like a large scale WAN
or the Internet. (No graphics on a door except color ASCII, remember!) Players
have access to various systems which are connected to other systems (if you've
played the Steve Jackson Games game "Hacker" you'll have a good image of what
I'm thinking), so there is a trace route of message traffic or remote login/
file transfer.
 Some systems offer public access and will become Neuromancer style meeting
places, others will offer mailing list type services. Other services might
be reputation brokers, "fixers" (trusted introducers between anonymous
entities based on interest... commonly used in cyberpunk literature to
introduce buyers and sellers of information and goods with low risk), storage
servers, remailers, etc.
 Players must manage their clients' needs for information brokerage,
information transport without interference, digital money management (perhaps
some of the players work for Revenue or somesuch?), etc, while still keeping
their own desires in mind. Players caught at some activities might be coerced
into working for a corporate entity to avoid persection/prosecution/exposure
(a common theme in cyberpunk literature) and might desire ultimately to
free themselves (or perhaps they're simply forced to reveal information about
ongoing activities for their primary employer, putting them in a doubly
difficult position).
 This all leads readily to use of crypto, anonymity, pseudoanonymity,
eputations, DC-nets, digital money, signatiures, web-of-trust vs heiarchial
trust systems, traffic analysis (people don't accuse me of writing a manual
on net.warfare when I say "traffic analysis", but when I say "reading
a sendmail log" they blanch... hmmm...), etc.
 Note that, like in Neuromancer, there will still be a great deal of
abstraction, and that the net in question will not be THE Net we all know
and love(?). I don't picture keeping accurate sendmail-style logs for all
systems simulated and having players pour over them. I do see the possibility
that they might want to trace a message an anonymous but reputable entity
sent through their mailserver which they suspect of smuggling company
funds out of their corporate pockets. Or tracking the source of anonymous
information as far back as possible to see if they are receiving spoofed
disinformation from a competitor.
 Of primary interest as propoganda/education is that the players realise the
attacks to which they can now be subjected. Understanding how much information
is plaintext should concern them. Knowing about an active man-in-the-middle
should encourage their use of trusted certifiers of some sort. Realizing
that corporate/government certifying authorities have their own goals and
needs in mind first and foremost would lead most people to prefer a PGP-style
web of trust.
 Optionally, some players could take the part of Law Enforcement personnel.
This would lead to a discussion of the needs/interests of LE vs the needs/
intyerests of citizens. This could allay some fears that the game is
"stacked" by having the players only experience the issues through the
viewpoint of an "underworld" figure. Some "legitimate" legal business
must be in the game. Also, it would be interesting to see how far the
players can go as LE personnel without giving in to the temptation to
break their own rules. Most people on cypherpunks think that the Key
Escrow Initiative will quickly lead to laziness and corruption on the
part of LE and government personnel that will violate the privacy and
security of average citizens and companies, and I agree. If that is the
case, it is quite likely that in the game, even people chosen for their
integrity and honesty would eventually commit some criminal act as LE
personnel.
 Really, of course, the game, as almost all good games do, walks close to
the line between "game" and "simulation." But in this case it would be
easier to create and play because the simulated system is largely theoretical
and the actual parts are quite similar to the game already. I don't see this
as too difficult a project to undertake. (And yes, I have written games
before, although never doors.)
 
 Ideally, the game should be as acceptable to Dorothy Denning as to T. C. May
(to pick two widely (wildly?) differing political viewpoints). Both would
accept the desire for crypto education, and I think both would agree that an
interactive online game reaches a large section of the current and future
computer community.
 
 
 Storyboards and screens as I see them are not yet written. (I only had
this idea last night!) I'll send them to anyone who cares, as I assume
the list at large won't. But I thought that some of the ideas here would
lead to useful discussion.
 
 Seth Morris (Seth.Morris at launchpad.unc.edu)
 
*****************************************************************************/





From a-ophirr at microsoft.com  Wed Feb 23 18:22:31 1994
From: a-ophirr at microsoft.com (Ophir Ronen (RHO))
Date: Wed, 23 Feb 94 18:22:31 PST
Subject: ATM location
Message-ID: <9402240223.AA07797@netmail2.microsoft.com>


-----BEGIN PGP SIGNED MESSAGE-----

Just a minor update...

the Atm FAQ and the ATM tutorial are on:

ftp://toxicwaste.mit.edu/pub/tutorials/{ATM.faq,atmtutor.txt}

			Enlightenment to all,

				-Ophir


Ophir Ronen <a-ophirr at microsoft.com>
KeyID  1024/54FF05 1994/02/16
Key fingerprint =  EA BF 5C 85 F6 C3 A7 8E  AA 48 2A AC B9 BC 4B D2
"Did gyre and gimbel but oh did they wabe."


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWwKJI/5gSeVVP8FAQG9bAQA5PFQ86T42eQDI3BMt6uD38JHy+z2N6yL
S1s+r2zukcXLFrNc11TYm5NaP+5AuaTGaZgsUkeX5Y6j8b0hTc3KXLpgE1uw8tAG
mAYuaRSSqAHeIazzLOMXUx+O7izmpulzhqXhrXb77SOp1rkGneffE9aNCe9G8c7O
m43gnFlReSQ=
=M5Kg
-----END PGP SIGNATURE-----





From tcmay at netcom.com  Wed Feb 23 18:26:26 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 23 Feb 94 18:26:26 PST
Subject: GAMES: The "Crypto Anarchy Game"
In-Reply-To: <9402240143.AA29300@lambada.oit.unc.edu>
Message-ID: <199402240227.SAA22222@mail.netcom.com>



Seth Morris has written extensively about his ideas for crypto games
that would teach the essence of crypto and possibly get into more
advanced areas, such as digital money, DC-Nets, information markets,
various kinds of attacks, and so on. All the usual stuff.

Though I've already written a lot today, I feel compelled to comment.

At the very first Cypherpunks meeting, in September 1992, about 20 of
us played the "Crypto Anarchy Game" for most of the afternoon. The
goal was explicity the same as Seth Morris is discussing: to make
concrete the various strange ideas associated with the vision of
digital economies, anonymous transfers, reputations, and so on. The
reactions were pretty good.

We also played the game for a couple of hours at our second meeting,
in October 1992, with an even larger group--and many new faces. This
second playing was somewhat less successful, for reasons I will
speculate on below, and we've never really considered playing it a
third time. 

Why we haven't, and the "return on time invested" are important
issues. Frankly, it takes far too much time to prepare, and the
players are smart enough (they were bright adults, after
all....targeting children or novices might have a different payback,
but then they'll be almost completely lacking in the basics, which
slows things down even further).

I'll share some views on what we did, what we learned, and the value
of games/simulations in general.

Let me also note that this issue has--like so many things on this
list--come up a couple of times. Geoff Dale, for example, proposed a
Cypherpunks game/simulation area in a virtual world at the Illuminati
BBS. I have no idea how it's coming; haven't seen Geoff here in
months. Best wishes to Seth or anyone else who actually implements
such a system.

1. What we did in the "Crypto Anarchy Game." (sung to the tune of "The
Crying Game," and also dealing with spoofing and false appearances).

Eric Hughes and I prepare fake e-money (Monopoly money), envelopes,
etc. Participants played various roles, assigned randomly. Some were
drug dealers, some were CIA Counter Intelligence agents, looking for
moles and information brokers. Valuable information was also
distributed. 

Various publically-visible transaction regions existed (akin to the
anonymous pools we have now). Remailers were simulated by envelopes
within envelopes, with each remailer choosing his postage, latency,
etc.

(These are things we could simulate easily, but still don't have built
into actual remailers!)

The game went on for several hours. Often chaotic, with lots of
messages lost (humans are fallible and don't run complicated protocols
very well).

2. What we Learned.

- chaos and confusion, as noted above.

- computer support needed badly (but this is not an easy task, or a
very rewarding one....laptops? Newtons? answers are unclear)

- it was sort of fun, but the lessons got driven home fairly early
and, after that, not much new learning took place

- getting into even more sophisticated areas would have required even
more effort and computer support, for marginal learning

* My major conclusion: Few people will put the effort into playing
such a game, even with computer support. (and generating the computer
programs to support players would be a nontrivial task--partly because
the protocols are so fluid and ill-specified).

3. The Value of Games and Simulations in General

- makes the protocols more real

- sometimes it uncovers hidden assumptions or provokes new ways of
thinking

4. But is it worth it?

I don't think so. Thought experiments provide nearly the same
benefits, can be done with scattered groups, and require far less
suppport.

Reaching children and less computer-oriented folks will be tough. I
don't see that it will "sell" anyone on the value of crypto. Most
folks already understand locks and keys and similar things. Is crypto
all that different?

The really interesting stuff--digital money, DC-Nets, etc.--is too
abstract for most people, anyway.

This is all I'll say for now. Good luck to Seth or anyone else, but I
can't see many Cypherpunks lining up to build such a game. Those who
wish to should, ideally, live near each other and try their own
"manual" version of crypto games before planning an automated version.

I think you'll find that intelligent folks won't have much patience
and nonintelligent or "differently interested" folks will not want to
play.

And I have seen a cipher-oriented game at a local Macintosh software
store. I don't recall the title, but it involved solving a cipher to
advance to the next level. Not exactly the stuff we concentrate on.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jimn8 at netcom.com  Wed Feb 23 18:49:40 1994
From: jimn8 at netcom.com (Jim Nitchals)
Date: Wed, 23 Feb 94 18:49:40 PST
Subject: Speaking of disinformation...
Message-ID: <199402240250.SAA17623@mail.netcom.com>


Mike Godwin wrote,

>> 
SEC. 1. SHORT TITLE.
 
      This Act may be cited as the "Digital Telephony and Communications
Privacy Improvement Act of 1994."
<<

Amazing!  In consideration of the fact that the proposed Act has
absolutely no provisions for improving privacy whatsoever, one
must wonder if we're a level playing field when we ARE 100% honest
and forthright about our concerns over privacy and Clipper.

The level of dishonesty is rising daily.  The administration's
statement that we're not entitled as a matter of right to unbreakable
encryption of our own choosing (never mind our right to be secure
in our person and effects) got to me.  The press release stating
that alternative forms of encryption *THAT EMBODY KEY ESCROW* will
be permitted went without notice or comment, even here.  And now
a proposed bill whose very title is an outright lie-- does anyone
know of a *better* country to live in?  This one is looking scarier
by the day.

And no, I don't want to live on any floating concrete blocks out
in the Atlantic.  I've written the letters, signed the e-petitions,
and know the math behind public key encryption well enough to write
my own if I had to.  What more can I do?  I value my privacy more
than my safety, but have a hard time getting that concept across
to others.

- Jim





From sergey at delbruck.pharm.sunysb.edu  Wed Feb 23 18:57:04 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Wed, 23 Feb 94 18:57:04 PST
Subject: STEALTH OCEANS
In-Reply-To: <Pine.3.89.9402231855.A22264-0100000@stein3.u.washington.edu>
Message-ID: <Pine.3.89.9402232157.A2157-0100000@delbruck.pharm.sunysb.edu>




On Wed, 23 Feb 1994, Matt Thomlinson wrote:

> I originally mailed this response to your suggestions on the cpunk list 
> about two weeks ago. You must've missed it. 
> 

Yes, I must have.  Thank you for mailing it to me!

> dos stego:
> 
> I don't think the current discussion is taking into account the fact that 
> if someone suspects you of using steganography they're going to check. 
> If what you are describing becomes a popular way of steganography, you're 
> out of luck -- they'll check that first. 
> 

It would be alright if someone checks the deleted sectors.  They would indeed
find your "noise" file; but, it would be embedded in rest of the noise
surrounding it (which would be provided by the other deleted files on the 
disk).

Thus, the original problem (ie. how to keep "noise" files inconspicuous) is
solved.

> Think about it: your 'bad-sector' stego or 'wiped-filespace' stego begins 
> gaining popularity. Wouldn't you think they'd check for funny bad sectors if 
> they were going to check your computer for contriband info? 
> 
> 

They would.  But, combined with "Stealth PGP" (ie. encryption without 
telltale headers) searching through all the deleted noise (which could be 
legitimate for all they know) would be futile.

> Another thing that has bothered me: if you didn't have the sectors marked,
> you'd need to remember where they were (so you could protect them from
> writes). You wouldn't necessarily want to do this on the computer; it'd be
> there for the picking. How to do it?
> 

Simple.  You would take note of the starting address of the file.  And, 
the length of the file.

> Someone suggested you just use the end of the wiped filespace (use norton
> or other utility to defrag the disk and move empty space to the end of the
> disk, then use portion of disk furthest away from being written to. This 
> might work, except for the fact that fragmentation _does_ go on, and when 
> you were to write files to the drive (heck, I do every time I start up 
> windows and write a huge temp swapfile) you're going to be playing 
> roulette with your data. 
> 

This problem is solved by simply using a utility that writes directly to the
disk (exactly in the specified sectors, in the specified order), instead 
of letting DOS fragment your disk.

> 
> I think the point about the blank track (the one linux uses) is
> interesting;  then again, once your method becomes well-known, it is no
> longer useful. 
> 

I am not familiar with the blank track you speak of; but, of course, if 
everyone keeps hiding their data in the same location it will not remain
hidden for long.

> 
> Just thoughts; I wish I had more answers. Heck, ANY answers would be nice.
> 
> mt
> 
> Matt Thomlinson                               Say no to the Wiretap Chip!
> University of Washington, Seattle, Washington.
> Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
> PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu
> 
> 
> 

Thanks for sharing your thoughts, Matt!


Sergey







From strick at osc.versant.com  Wed Feb 23 19:08:51 1994
From: strick at osc.versant.com (strick -- strick AT versant DOT com -- henry strickland)
Date: Wed, 23 Feb 94 19:08:51 PST
Subject: Mac encryption (sym vs pk)
In-Reply-To: <199402231756.JAA26289@netcom9.netcom.com>
Message-ID: <9402240310.AA29973@osc.versant.com>


tcmay:
# The problem with symmetrical ciphers is one of *scaling*.
# 
# Since a key must be exchanged with each other person, the total number
# of keys growns rapidly as the community of participants increases. At

Russell Brand has observed that many people only send PGP mail to
people with whom they have personally exchanged keys -- that even the
"web of trust" idea is not used as much as the "personal key exchange" idea.

In this case, a single symmetric key exchange transaction between two
friends is is no more cumbersome than the PGP "i'll sign you mine 
if you'll sign me yours".

I have thought seriously about a revival of symmetric key exchange,
with the look and feel of a PGP key signing session, but without
the transitive effect and without the legal hassles.   

					<strick>







From phantom at u.washington.edu  Wed Feb 23 19:18:59 1994
From: phantom at u.washington.edu (Matt Thomlinson)
Date: Wed, 23 Feb 94 19:18:59 PST
Subject: STEALTH OCEANS
In-Reply-To: <Pine.3.89.9402232157.A2157-0100000@delbruck.pharm.sunysb.edu>
Message-ID: <Pine.3.89.9402231824.A3563-0100000@stein3.u.washington.edu>


On Wed, 23 Feb 1994, Sergey Goldgaber wrote:

> They would.  But, combined with "Stealth PGP" (ie. encryption without 
> telltale headers) searching through all the deleted noise (which could be 
> legitimate for all they know) would be futile.

I can see how a stealth-PGP would allow you to hide messages on your disk 
in "wiped" filespace -- it'd look like garbage (maybe -- see Aside), if 
anyone took a look. What does this buy you, though, if you've got a 
telltale TSR hanging around?


> > Another thing that has bothered me: if you didn't have the sectors marked,
> > you'd need to remember where they were (so you could protect them from
> > writes). You wouldn't necessarily want to do this on the computer; it'd be
> > there for the picking. How to do it?
> > 
> 
> Simple.  You would take note of the starting address of the file.  And, 
> the length of the file.


how do you control individual writes? You've got to know where they are 
vs. where your data is kept. Authorize each write by hand? (PROGMAN.EXE 
is attempting to write to cylinder 12, track 14. Authorize (y/N)? ) 

Icky. 
Do it another way? See below.


> everyone keeps hiding their data in the same location it will not remain
> hidden for long.


exactly my point. It seems you've got to have one of two things with your 
system: 

1) a standard place where you hide your noise file (for example, use 
norton to defrag and compress your disk, then ALWAYS write your noise 
file on the last two cylinders.) 

Problem: Needs some program to revive the info; this is a tip-off... Also,
once your stealth system becomes known, the reason for hiding the noise 
file is gone -- the tracks/cyl will be checked if they find the reviving 
program. Instant noise file. 



2) a non-standard place/way to hide your noise file (for example, using a 
TSR with the areas not to write being protected; using the TSR when you 
need to restore the data later). 

Problem: Needs program in memory (or info on disk about where it resides) 
to revive the data later. A tip-off that again defeats the purpose of 
hiding the noise file.



Analysis: It seems with the systems I can think of you need to have the
area the noise file stored in either 1) standard (ick) or 2) kept in
memory so you don't overwrite it. If you don't protect it, I wouldn't
expect your noise file to have a very large half-life. :l Keeping the area
in memory (under protection) defeats the system. 



Aside: By the way, isn't the "noise" in your noise file is going to be
more random looking than other deleted areas of your disk? PGP compresses
and then encrypts; I'll bet that it is possible to distinguish pgp's
output bit frequencies from those of a binary or text file, which is what
the rest of the wiped space would most likely be. 


mt

Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu






From blancw at microsoft.com  Wed Feb 23 19:23:45 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 23 Feb 94 19:23:45 PST
Subject: "Surveillance is Security," says Winston May
Message-ID: <9402240324.AA09195@netmail2.microsoft.com>



From: Timothy C. May

Please understand that these proposals have a few rought edges in
implementation that need to be worked out, but their "hearts are in
the right places." Under Big Bro's boot, that is.

War is Peace, Freedom is Slavery, Surveillance is Security!
.................................

You Have Been Assimilated,  We are All One!  Defection into Self 
Reliance is a Crime!






From hughes at ah.com  Wed Feb 23 19:41:49 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 23 Feb 94 19:41:49 PST
Subject: Digitally Signing Physical Objects
In-Reply-To: <199402232149.NAA06130@jobe.shell.portal.com>
Message-ID: <9402240340.AA19555@ah.com>


>Undeniable signatures cannot be passed on from one person to another.
>If Alice verifies Bob's undeniable signature, she can't prove to Charlie
>that the signature is good.  She can claim it is good, and assure Charlie
>that it is good based on her own reputation, but Charlie can in general not
>be convinced unless he verifies it himself directly with Bob.

This is the standard reason given why undeniable signatures can't be
passed on.  And it is correct, as far as it goes.  But the conclusion,
that "in general" the trust cannot be passed on, while technically
correct, is not of pragmatic consequence.

I'll start a service to perform any undeniable signature verification,
even ones for money.  I'll perform the verification, and then make an
attestation that I perfomed the verfication and whether it succeeded
or failed.  I sign this is a regular digital signature, the kind that
is infinitely duplicable.

Only a few such services need exist to assure the public of the
results of a signature verification.

True, there is a layer of mediation here, but of what practical
consequence is that?  In fact most transactions are mediated already.
If I expect to make money charging a dollar per verification, and if
there are some who will publish their experiences of the verification,
that reduces the total income I can expect to, oh, say, the logarithm
of the size of the market.  In other words, why bother?

Eric





From mnemonic  Wed Feb 23 16:50:59 1994
From: mnemonic (Mike Godwin)
Date: Wed, 23 Feb 1994 19:50:59 -0500 (EST)
Subject: Digital Telephony Bill 1994 (Draft)
Message-ID: <199402240051.TAA01750@eff.org>



103rd Congress          Draft          2/9/94
2nd Session

                         S. _____
                        [H.R. _____]

                        IN THE SENATE
             IN THE HOUSE OF REPRESENTATIVES

   M. __________ introduced the following bill; which was referred to the
Committee on __________

                        A BILL

   To ensure continued law enforcement electronic surveillance access to
the content of wire and electronic communications and call setup
information when authorized by law, to improve communications privacy
protection, and for other purposes.

   By it enacted by the Senate and House of Representatives of the United
States of America in Congress assembled,


SEC. 1. SHORT TITLE.

      This Act may be cited as the "Digital Telephony and Communications
Privacy Improvement Act of 1994."


SEC. 2. PURPOSE.  The purpose of this Act is to clarify and define the
responsibilities of common carriers, providers of common carrier support
services, and telecommunications equipment manufacturers to provide the
assistance required to ensure that government agencies can implement court
orders and lawful authorizations to intercept the content of wire and
electronic communications and acquire call setup information under
chapters 119 and 206 of title 18 and chapter 36 of title 50. Otherwise,
except for the provisions in section 4, nothing in this Act is intended to
alter any provision contained in the Federal electronic surveillance, pen
register, or trap and trace statutes, or those of any state or other
jurisdiction. In particular, nothing herein is intended to enlarge or
reduce the government's authority to lawfully intercept the content of
communications or install or use pen register or trap and trace devices,
or to increase or decrease any criminal penalties for unlawfully
intercepting the content of communications or installing or using pen
register or trap and trace devices, or to alter the provisions regarding
service provider assistance, payment for assistance, causes of action,
civil liability, or good faith defenses.
      The Act is further intended to improve communications privacy
protection for cordless telephones, certain radio-based data
communications and networks, communications transmitted using certain
privacy-enhancing modulation techniques, and to clarify the lawfulness of
quality control and service provision monitoring of electronic
communications.


SEC. 3.  COMMON CARRIER ASSISTANCE

      (a) _New section_.  Chapter 109 of title 18, United States Code, is
amended by adding the following new section:

"Sec. 2237. Common carrier assistance to government agencies.
      "(a) Assistance requirements. Common carriers shall be required to
provide forthwith, pursuant to court order or lawful authorization, the
following capabilities and capacities in order to permit the government to
conduct electronic surveillance and pen register and trap and trace
investigations effectively:
      "(1) The ability to execute expeditiously and simultaneously within
a common carrier's system all court orders and lawful authorizations for
the interception of wire and electronic communications and the acquisition
of call setup information related to the facilities or services of
subscribers of such common carrier;
      "(2) the ability to intercept the content of communications and
acquire call setup information concurrent with the transmission of the
communication to or from the subscriber's facility or service that is the
subject of the court order or lawful authorization, to the exclusion of
any wire or electronic communication or call setup information of any
other subscriber, notwithstanding the mobile nature of the facility or
service that is the subject of the court order or lawful authorization or
the use by the subscriber who is the subject of the court order or lawful
authorization of any features offered by the common carrier;
      "(3) the ability to intercept the content of communications and
acquire call setup information unobtrusively and with a minimum of
interference with any subscriber's telecommunications service; and
      "(4) the ability to receive, in a generally available format, the
intercepted content of communications and acquired call setup information
at a location identified by the government distant from the facility that
is the subject of the interception, from the interception access point,
and from the premises of the common carrier (except where emergency or
exigent circumstances such as those described in 18 U.S.C. 2518(7),
2518(11)(b), or 3125, or in 50 U.S.C. 1805(e), necessitate monitoring at
the common carrier's premises).
      "(b) Systems security. The government shall notify a common carrier
of any interception of wire or electronic communications or any
acquisition of call setup information that is to be effected within the
premises of such common carrier pursuant to court order or lawful
authorization. After notification, such common carrier shall designate an
individual or individuals to activate such interception or acquisition
forthwith. Such individual(s) shall be available at all times to activate
such interceptions or acquisitions. Such interceptions or acquisitions
effected within the premises of a common carrier may be activated only by
the affirmative intervention of such individual(s) designated by such
common carrier.
      "(c) Compliance date. To the extent that common carriers providing
service within the United States currently cannot fulfil the requirements
set forth in subsection (a) of this section, they shall fulfil such
requirements within three years from the date of enactment of this Act.
      "(d) Cooperation of support service providers and equipment
manufacturers. Common carriers shall consult, as necessary, in a timely
fashion with appropriate providers of common carrier support services and
telecommunications equipment manufacturers for the purpose of identifying
any services or equipment, including hardware and software, that may
require modification so as to permit compliance with the provisions of
this Act. A provider of common carrier support services or a
telecommunications equipment manufacturer shall make available to a common
carrier on a timely and priority basis, and at a reasonable cost, any
support service or equipment, including hardware or software, which may be
required so as to permit compliance with the provisions of this Act.
      "(e) Enforcement. The Attorney General shall have authority to
enforce the provisions of subsections (a), (b), (c), and (d) of this
section. The Attorney General may apply to the appropriate United States
District Court for an order restraining or enjoining the provision of
service of any common carrier who violates subsection (a), (b), (c), or
(d) of this section. The District Courts shall have jurisdiction to issue
such restraining order or injunction. The Attorney General may also
request the Federal Communications Commission to assist in enforcing the
provisions of this Act.
      "(f) Penalties. Any common carrier that violates any provision of
subsection (a) of this section shall be subject to a civil penalty of
$10,000 per day for each day in violation. The Attorney General may file a
civil action in the appropriate United States District Court to collect,
and the United States District Courts shall jurisdiction to impose, such
penalties. After consultation with the Attorney General, the Federal
Communications Commission may also impose regulatory sanctions or fines
otherwise authorized by law.
      "(g) Consultation. The Attorney General is encouraged to consult
with the Federal Communications Commission and common carrier
representatives and to utilize common carrier standards bodies,
associations, or other such organizations to discuss details of the
requirements, such as those related to capacity, in order to facilitate
compliance with the provisions of this Act.
      "(h) Funding. Notwithstanding any other provision of law, the
Federal Communications Commission shall implement promptly methods and
procedures that allow each common carrier to be remunerated by the Federal
Government for all reasonable costs incurred in the course of complying
with the requirements of this Act.
      "(i) Definitions. -- As used in this Section --
          (1) 'common carrier' means any person or entity engaged as a
common carrier for hire, as defined by section 3(h) of the Communications
Act of 1934, and includes a commercial mobile service or interconnected
service, as defined in section 6002(b) of Public Law 103-66;
          (2) 'provider of common carrier support services' means any
person or entity who provides services to a common carrier that are
integral to processing, directing, forwarding, or completing telephone
calls or electronic communication transmissions;
          (3) 'wire communication' shall have the same meaning as set
forth in subsection 2510(1) of title 18, United States Code;
          (4) 'electronic communication' shall have the same meaning as
set forth in subsection 2510(12) of title 18, United States Code;
          (5) 'intercept' shall have the same meaning as set forth in
subsection 2510(4) of title 18, United States Code, except that with
regard to a common carrier's transmission of a communication encrypted by
a subscriber, the common carrier shall not be responsible for ensuring the
government agency's ability to acquire the plaintext of the communications
content, unless the encryption was provided by the common carrier and the
common carrier possesses the information necessary to decrypt the
communication;
          (6) 'concurrent with the transmission of the communication,' as
used in section 3(a)(2) of this Act, means contemporaneous with the
transmission; but it shall include, with regard to electronic
communications, the ability of a government agency to acquire such
communications at the conclusion of the transmission, and, with regard to
call set up information, the ability to acquire such information either
before, during, or immediately after the transmission of the
communication;
          (7) 'call set up information' shall mean the information
generated which identifies the origin and destination of a wire or
electronic communication placed to, or received by, the facility or
service that is the subject of a court order or lawful authorization,
including information associated with any telecommunication system dialing
or calling features or services; and
          (8) 'government' means the Government of the United States and
any agency or instrumentality thereof, the District of Columbia, any
commonwealth, territory or possession of the United States, and any state
or political subdivision thereof authorized by law to conduct electronic
surveillance."


SEC. 4. COMMUNICATIONS PRIVACY IMPROVEMENT AND MONITORING CLARIFICATION.

      Chapter 119 of title 18 is amended by making the following changes:
      (1) Cordless telephones.
      (a) _Definitions_. - Section 2510 of title 18, United States Code,
is amended - 
          (1) in paragraph (1), by striking ", but such term does not
include" and all that follows through "base unit"; and 
          (2) in paragraph (12), by striking subparagraph (A) and
redesignating subparagraphs (B) through (D) as subparagraphs (A) through
(C), respectively.
      (b) _Penalty_. - Section 2511 of title 18, United States Code, is
amended - 
          (1) in subsection (4)(b)(i), by inserting "a cordless telephone
communication that is transmitted between a cordless telephone handset and
the base unit," after "cellular telephone communication,"; and
          (2) in subsection (4)(b)(ii), by inserting "a cordless telephone
communication that is transmitted between a cordless telephone handset and
the base unit," after "cellular telephone communication,".
      (2) Radio based data communications.
      Section 2510(16) of title 18, United States Code, is amended by
striking the word "or" at the end of subparagraph (D) and inserting an
"or" at the end of subparagraph (E) and adding the following new
subparagraph:
          "(F) an electronic communication;".
      (3) Penalties for monitoring radio communications that are not
scrambled, encrypted, or non-public.
      Section 2511(4)(b) of title 18, United States Code, is amended by
deleting the phrase "or encrypted, then--" and inserting the following:
          ", encrypted, or transmitted using modulation techniques whose
essential parameters have been withheld from the public with the intention
of preserving the privacy or such communication, then--".
      (4)Technical correction.
      Section 2511(2)(a)(i) of title 18, United States Code, is amended by
striking out "used in the transmission of wire communication" and
inserting in lieu thereof "used in the transmission of a wire or
electronic communication.".







From mnemonic at eff.org  Wed Feb 23 20:19:19 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Wed, 23 Feb 94 20:19:19 PST
Subject: Speaking of disinformation...
In-Reply-To: <199402240250.SAA17623@mail.netcom.com>
Message-ID: <199402240419.XAA05603@eff.org>


 
Jim Nitchals writes:

> Amazing!  In consideration of the fact that the proposed Act has
> absolutely no provisions for improving privacy whatsoever, one
> must wonder if we're a level playing field when we ARE 100% honest
> and forthright about our concerns over privacy and Clipper.

Well, actually, section arguably does create some marginal improvements in
privacy protection under Title III.


--Mike







From sergey at delbruck.pharm.sunysb.edu  Wed Feb 23 20:22:35 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Wed, 23 Feb 94 20:22:35 PST
Subject: STEALTH OCEANS
In-Reply-To: <Pine.3.89.9402231824.A3563-0100000@stein3.u.washington.edu>
Message-ID: <Pine.3.89.9402232236.B2157-0100000@delbruck.pharm.sunysb.edu>




On Wed, 23 Feb 1994, Matt Thomlinson wrote:

> On Wed, 23 Feb 1994, Sergey Goldgaber wrote:
> 
> > They would.  But, combined with "Stealth PGP" (ie. encryption without 
> > telltale headers) searching through all the deleted noise (which could be 
> > legitimate for all they know) would be futile.
> 
> I can see how a stealth-PGP would allow you to hide messages on your disk 
> in "wiped" filespace 

No, no.  The function of Stealth PGP is, as I understand it, to simply 
encrypt plaintext into something that is virtually indistinguishable
from noise.  Deleting those "noise" files is a seperate issue.

>                     -- it'd look like garbage (maybe -- see Aside), if 
> anyone took a look. What does this buy you, though, if you've got a 
> telltale TSR hanging around?
>

What telltale TSR?  A program that can read and write directly to disk?
If I am not mistaken, such programs are common enough not to be
evidence of anything.  Having PGP on you is another matter, however.

> 
> > > Another thing that has bothered me: if you didn't have the sectors marked,
> > > you'd need to remember where they were (so you could protect them from
> > > writes). You wouldn't necessarily want to do this on the computer; it'd be
> > > there for the picking. How to do it?
> > > 
> > 
> > Simple.  You would take note of the starting address of the file.  And, 
> > the length of the file.
> 
> 
> how do you control individual writes? 

With a standard direct disk read/write utility.

>                                      You've got to know where they are 
> vs. where your data is kept. Authorize each write by hand? (PROGMAN.EXE 
> is attempting to write to cylinder 12, track 14. Authorize (y/N)? ) 
> 
> Icky. 
> Do it another way? See below.
> 

Disable authorization.  Most DOSs allow direct writes without 
authorization anyway.

> 
> > everyone keeps hiding their data in the same location it will not remain
> > hidden for long.
> 
> 
> exactly my point. It seems you've got to have one of two things with your 
> system: 
> 
> 1) a standard place where you hide your noise file (for example, use 
> norton to defrag and compress your disk, then ALWAYS write your noise 
> file on the last two cylinders.) 
> 

This is not necessary.  In fact, as I noted, hiding your files in the 
same place everytime lessens security.  The alternative is a simple one.
Hide your files in different places, and keep track of them.  For 
example, a file that was encrypted on 02-23-94 could be written to disk 
starting with sector 022394.  All you have to do is remember the date and 
length of the file to retrieve it successfully.

> Problem: Needs some program to revive the info; this is a tip-off... Also,
> once your stealth system becomes known, the reason for hiding the noise 
> file is gone -- the tracks/cyl will be checked if they find the reviving 
> program. Instant noise file. 
> 

Again, the program would be a standard utility that can write/read to/from
the disk.  One has to tell the program what tracks/sectors to 
read/write.  Having the program without the corresponding file 
address/length is useless.

> 
> 
> 2) a non-standard place/way to hide your noise file (for example, using a 
> TSR with the areas not to write being protected; using the TSR when you 
> need to restore the data later). 
> 
> Problem: Needs program in memory (or info on disk about where it resides) 
> to revive the data later. A tip-off that again defeats the purpose of 
> hiding the noise file.
> 

You need _not_ have a TSR with the location.  If you keep track of the 
address/length yourself, the problem is eliminated.  The whole
automated (TSR) idea is only usefull if you are frequently accessing your 
disk.  In that case, saving your encrypted files to RAM temporarily might 
be a more elegant solution.  Otherwise, store your "noise" files 
sequentially, on a floppy that you use only for storing encrypted data.  
Guard their respective addresses/lengths as dearly as you would your secret 
key and it's corresponding password.

> 
> 
> Analysis: It seems with the systems I can think of you need to have the
> area the noise file stored in either 1) standard (ick) or 2) kept in
> memory so you don't overwrite it. If you don't protect it, I wouldn't
> expect your noise file to have a very large half-life. :l Keeping the area
> in memory (under protection) defeats the system. 
> 

I'm sorry, this paragraph just went over my head.  Could you restate it 
in another way, so I can attempt to comment?

> 
> 
> Aside: By the way, isn't the "noise" in your noise file is going to be
> more random looking than other deleted areas of your disk? PGP compresses
> and then encrypts; I'll bet that it is possible to distinguish pgp's
> output bit frequencies from those of a binary or text file, which is what
> the rest of the wiped space would most likely be. 
> 

Absolutely!  I have anticipated this problem; and, have been awaiting an
opportunity to address it.

Steps must be taken to keep the deleted portion of your disk from looking 
too random.  In order to implement this additional level of security 
(through obscurity ;) one could:

 1 split the "noise" file into smaller parts which would be interspersed 
   randomly among the other deleted grabage.  This would make for a less 
   conspicuous disk; as, there are, normally, truely random sections of 
   the disk along with the not-so-random sections.  Your bits of noise-file
   will fit right in!

or

 2 use a steganorgraphy utility to embed the "noise" file in a section
   of the other not-so-random garbage (as some people currently use those
   same utilities to embed their PGP files in GIFs), and then delete it.
   (Owning a stegonagraphy utility would, of course, be as conspicuous
    as owning PGP.  So the same precautions would have to be applied.)

These options are very similar.  I prefer the former.  Relying on a stego 
utility seems to be as unreasonable as relying on a TSR to keep track of 
the location of your deleted "noise" files.  I would split and hide the 
"noise" file by hand, and keep track of its location by hand as well, to 
ensure maximum security.

Alternatively, one could use a "Mimic" function with a "DOS garbage" grammar.
This is effectivaly the same as option 2.

> 
> mt
> 
> Matt Thomlinson                               Say no to the Wiretap Chip!
> University of Washington, Seattle, Washington.
> Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
> PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu
> 
> 

Thanks for your input, once again, Matt!


Sergey







From mnemonic at eff.org  Wed Feb 23 20:23:26 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Wed, 23 Feb 94 20:23:26 PST
Subject: FLASH: FBI's Draft Digital Telephony Bill: EFF Summary and Analysis (fwd)
Message-ID: <199402240423.XAA05700@eff.org>


Forwarded message:


From mnemonic at eff.org  Wed Feb 23 20:25:54 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Wed, 23 Feb 94 20:25:54 PST
Subject: Digital Telephony--Section-by-section analysis
Message-ID: <199402240425.XAA05748@eff.org>




Section-by-section Analysis of the 1994 draft
of the Digital Telephony legislation

Mike Godwin
EFF



TITLE

>                        A BILL
>
>   To ensure continued law enforcement electronic surveillance access to
>the content of wire and electronic communications and call setup
>information when authorized by law, to improve communications privacy
>protection, and for other purposes.

The "other purposes" are, apparently, the correction of a drafting error
in ECPA that led to an anomaly in 18 USC 2511. See Section 4 below.


SECTION 2

>SEC. 2. PURPOSE.  The purpose of this Act is to clarify and define the
>responsibilities of common carriers, providers of common carrier support
>services, and telecommunications equipment manufacturers to provide the
>assistance required to ensure that government agencies can implement
court
>orders and lawful authorizations to intercept the content of wire and
>electronic communications and acquire call setup information under
>chapters 119 and 206 of title 18 and chapter 36 of title 50.

Chapter 119 is the communications-interception chapter, commonly called
"Title III."
Chapter 206 is the pen-register/trap-and-trace chapter.
Title 50 includes interception provisions of the Foreign Intelligence
Surveillance Act.

Note that Chapter 121 of Title 18, the stored-communications chapter of
the U.S. criminal code, is not mentioned. It may, however, be affected by
some of the amendments suggested in the Digital Telephony bill. 

>Otherwise,
>except for the provisions in section 4, nothing in this Act is intended
to
>alter any provision contained in the Federal electronic surveillance, pen
>register, or trap and trace statutes, or those of any state or other
>jurisdiction. In particular, nothing herein is intended to enlarge or
>reduce the government's authority to lawfully intercept the content of
>communications or install or use pen register or trap and trace devices,
>or to increase or decrease any criminal penalties for unlawfully
>intercepting the content of communications or installing or using pen
>register or trap and trace devices, or to alter the provisions regarding
>service provider assistance, payment for assistance, causes of action,
>civil liability, or good faith defenses.

This is essentially a deceptive statement about the effect of the Act.
Although 18 USC 2518(4) allows applicants for authorization orders to
request that the order "direct that a provider of wire or electronic
communication service ... furnish the applicant forthwith with all
information, facilities, and technical assistance necessary to accomplish
the interception...", this provision has not widely been interpreted to
hold that service providers must actively create solutions to interception
problems if those solutions do not already exist. The FBI analysis says
government agencies "have been reluctant to pursue contempt or other legal
remedies to resolve this issue." The reason for this reluctance, in my
opinion, is that the language of 2518(4) does not unequivocally impose
such a burden on providers, and the government stands a good chance of
losing any fight in which it claims that such a burden does exist.

Thus, the FBI's solution is to create a *new* and *routine* obligation on
common carriers (but not small-scale providers) to generate technical
solutions to interception and "call setup" problems created by current
common-carrier networks. Moreover, this Act would require that common
carriers make manpower available on a 24-hour basis to handle
interceptions and the capture of call-setup information in the event of a
wiretap or pen-register/trap-and-trace order.

The FBI analysis asserts without quantification that "since the mid-1980s,
technological impediments have frustrated, in whole or in part, the
execution of a number of court orders." But among the "technological
impediments," apparently, has been the reluctance or inability of common
carriers to provide the kind of assistance that law
enforcement--specifically, guaranteed ability to capture communications
contents and "call setup" information.

The Act and the FBI analysis consistently use the language of
"clarification" in reference to the amendments contained in the Act, but
of course the vastly expanded authority of the Attorney General and the
FCC to supervise and punish common carriers is nothing if not "expanded
authority." This Act also creates many new legal obligations for common
carriers, "support services," and telecom equipment manufacturers.

>      The Act is further intended to improve communications privacy
>protection for cordless telephones, certain radio-based data
>communications and networks, communications transmitted using certain
>privacy-enhancing modulation techniques, and to clarify the lawfulness of
>quality control and service provision monitoring of electronic
>communications.

These are all addressed in Section 4 of the Act. This section corrects
four anomalies under the current statutes: 
1) It brings cordless telephones under the protection of Title III.
2) With respect to radio communications it creates Title III protection
for "an electronic communication" that is transmitted via radio.
3) It corrects an apparent omission by adding radio communications that
use "modulation techniques" for privacy to the interception penalty
provisions of 18 USC 2511(4).
4) It corrects a drafting error in ECPA by adding "electronic
communication" to a clause in 18 USC 2511 (2)(a)(i).

>SEC. 3.  COMMON CARRIER ASSISTANCE
>
>      (a) _New section_.  Chapter 109 of title 18, United States Code, is
>amended by adding the following new section:
>
>"Sec. 2237. Common carrier assistance to government agencies.
>      "(a) Assistance requirements. Common carriers shall be required to
>provide forthwith, pursuant to court order or lawful authorization, the
>following capabilities and capacities in order to permit the government
to
>conduct electronic surveillance and pen register and trap and trace
>investigations effectively:

Note that Chapter 109 is not part of Title III; instead, it's a chapter
including various penalty provisions for interference in the execution of
lawful searches and seizures and for violating the Constitutionally
mandated requirements for such procedures. The chapter is does not amount
to a statutory scheme--it's basically a collection of somewhat related
individual search-and-seizure statutes.

Why isn't this Act part of Title III? Perhaps because it uses a different
definition of "intercept" than is used in the wiretap statute. See
discussion below.

This Section of the Act outlines and specifies just what the government
wants the phrase "information, facilities, technical assistance" in 18 USC
2518 to mean. Note that a major component of these obligations is the
requirement that common carriers *create* new information and facilities
and devise new means of technical assistance.

The FBI analysis makes clear that the drafters of this Act developed a
wish list in consultation with other  federal, state, and local
law-enforcement agencies. Although the FBI analysis states that "The
Government intentionally eschewed setting any technical standards because
it does not desire to 'dictate' particular technological solutions, it is
apparent that the government hopes to gain the authority to dictate
*functional* solutions. Given the penalties for noncompliance and other
enforcement powers this Act creates, "dictate" is not too strong a verb
for the kind of prerogative the government is seeking.
 
>      "(1) The ability to execute expeditiously and simultaneously within
>a common carrier's system all court orders and lawful authorizations for
>the interception of wire and electronic communications and the
acquisition
>of call setup information related to the facilities or services of
>subscribers of such common carrier;

Note that in this iteration of the Act, there is a new emphasis on "call
setup information," which is, basically, origination and destination
information for wire or electronic communications. It has been claimed by
law enforcement that such current features as call forwarding often thwart
their ability to implement wiretaps, pen registers, or traps and traces.
This Act, if passed, would require common carriers to redesign calling
features if necessary to be ble to provide "call setup" information, or,
in the alternative, to cease providing calling features that thwarted the
capture of such transactional information.

It is unclear how such a requirement would play out in cases where
communications are transmitted using both common carriage networks and
enhanced service providers. On its face, the statute may require that a
common carrier be able, for example,  to tell not only which subscriber is
sending e-mail over the phone lines to the CompuServe Packet Network, but
also where that e-mail's ultimate destination is.

The FBI analysis stresses that common carriers can perform a capacity
analysis, based on their prior records of assisted intercepts, etc., to
determine how much wiretap capacity to provide in order to minimize the
costs of compliance.   The FBI claims that "a number of court orders and
authorizations were not fully executed, or were not even sought" because
of "capacity shortfalls, such as insufficient 'port' capacity in the
cellular mobile switching offices." The FBI analysis states that "at any
particular time, a number of Federal, state, and local government agencies
may be competing" for capacity, and that "it is critical that there be
sufficient capacity to accommodate completely the concomitant needs of all
government agencies."

>      "(2) the ability to intercept the content of communications and
>acquire call setup information concurrent with the transmission of the
>communication to or from the subscriber's facility or service that is the
>subject of the court order or lawful authorization, to the exclusion of
>any wire or electronic communication or call setup information of any
>other subscriber, notwithstanding the mobile nature of the facility or
>service that is the subject of the court order or lawful authorization or
>the use by the subscriber who is the subject of the court order or lawful
>authorization of any features offered by the common carrier;

This section requires that common carriers, including cellular and any
other mobile-phone service, be able to single out individual
communications and capture both contents and call-setup information, that
they be able to do this "live," or else immediately after the
transmission, with a preference for the former. This is the meaning of
"concurrent."

The FBI analysis justifies this requirement in terms of "minimization" of
intrusion on the communications of innocent parties; of course, the
requirement would enhance the efficiency and speed with which the
government could effect a wiretap.

>      "(3) the ability to intercept the content of communications and
>acquire call setup information unobtrusively and with a minimum of
>interference with any subscriber's telecommunications service; and

No strange clicking on the line, in other words.

>      "(4) the ability to receive, in a generally available format, the
>intercepted content of communications and acquired call setup information
>at a location identified by the government distant from the facility that
>is the subject of the interception, from the interception access point,
>and from the premises of the common carrier (except where emergency or
>exigent circumstances such as those described in 18 U.S.C. 2518(7),
>2518(11)(b), or 3125, or in 50 U.S.C. 1805(e), necessitate monitoring at
>the common carrier's premises).

Not only must communications and call-setup info be captured "live" or
immediately post-transmission, but it also must be routable  to a remote,
designated government-operated location. Whether the routing is done by
the carrier or the government is unclear.

The exceptions to this "routability requirement" occur when a criminal or
intelligence emergency pre-empts the normal process of seeking an order,
or when there is an attempt by the person committing an offense to thwart
interception by changing facilities. These types of situations are
provided for under current law.

>      "(b) Systems security. The government shall notify a common carrier
>of any interception of wire or electronic communications or any
>acquisition of call setup information that is to be effected within the
>premises of such common carrier pursuant to court order or lawful
>authorization. After notification, such common carrier shall designate an
>individual or individuals to activate such interception or acquisition
>forthwith. Such individual(s) shall be available at all times to activate
>such interceptions or acquisitions. Such interceptions or acquisitions
>effected within the premises of a common carrier may be activated only by
>the affirmative intervention of such individual(s) designated by such
>common carrier.

The FBI analysis justifies this "drafting" of personnel as a way of
mollifying common carriers who don't want non-personnel handling their
equipment or operating their facilities. Of course, this section also
means that a common carrier must budget for such personnel to be at the
service of law enforcement for on-premises intercepts and call-setup
captures.

>      "(c) Compliance date. To the extent that common carriers providing
>service within the United States currently cannot fulfil the requirements
>set forth in subsection (a) of this section, they shall fulfil such
>requirements within three years from the date of enactment of this Act.

The time limit for compliance has not changed since the last iteration of
the Act.

Note that only large-scale communications providers are included in the
scope of this version of the Act. The FBI analysis states that PBXs,
computer-network providers, and other entities that do not qualify as
common carriers are not to be obligated by the passage of this act to add
these new capabilities, but will be obligated to cooperate under the
general provisions of 18 USC 2518(4) to the extent possible. *Note
especially that this distinction undercuts the claim that the government
is merely "clarifying" a pre-existing obligation under 18 USC 2518(4)--if
that were true, these clarifications would apply to *all* "providers of
wire or electronic communications services" and not just "common
carriers."*

>      "(d) Cooperation of support service providers and equipment
>manufacturers. Common carriers shall consult, as necessary, in a timely
>fashion with appropriate providers of common carrier support services and
>telecommunications equipment manufacturers for the purpose of identifying
>any services or equipment, including hardware and software, that may
>require modification so as to permit compliance with the provisions of
>this Act. A provider of common carrier support services or a
>telecommunications equipment manufacturer shall make available to a
common
>carrier on a timely and priority basis, and at a reasonable cost, any
>support service or equipment, including hardware or software, which may
be
>required so as to permit compliance with the provisions of this Act.

This section imposes an obligation on common carriers to instruct support
services and equipment providers that they need "wiretap-friendly"
services and equipment, and it imposes an obligation on the service and
equipment providers to comply.

Note that the statute does not itself outline remedies for noncompliance
by support services and equipment providers. The FBI analysis, however,
states that the Attorney General "may apply for an order, such as a writ
of mandamus" mandating the compliance of such entities.

>      "(e) Enforcement. The Attorney General shall have authority to
>enforce the provisions of subsections (a), (b), (c), and (d) of this
>section. The Attorney General may apply to the appropriate United States
>District Court for an order restraining or enjoining the provision of
>service of any common carrier who violates subsection (a), (b), (c), or
>(d) of this section. The District Courts shall have jurisdiction to issue
>such restraining order or injunction. The Attorney General may also
>request the Federal Communications Commission to assist in enforcing the
>provisions of this Act.

The "may apply" language implies that this is not an exhaustive list of
the remedies available to the Attorney General, who is granted general
"authority to enforce."

In the first version of this Act, enforcement authority was to be given to
the FCC; in the second version, enforcement was the responsibility of the
Attorney General and the DOJ.  This section apparently combines the best
of both worlds, empowering either the FCC or the AG to enforce the Act's
provisions.

>      "(f) Penalties. Any common carrier that violates any provision of
>subsection (a) of this section shall be subject to a civil penalty of
>$10,000 per day for each day in violation. The Attorney General may file
a
>civil action in the appropriate United States District Court to collect,
>and the United States District Courts shall jurisdiction to impose, such
>penalties. After consultation with the Attorney General, the Federal
>Communications Commission may also impose regulatory sanctions or fines
>otherwise authorized by law.

Essentially, this section allows non-compliant common carriers to be
challenged on two fronts.

>      "(g) Consultation. The Attorney General is encouraged to consult
>with the Federal Communications Commission and common carrier
>representatives and to utilize common carrier standards bodies,
>associations, or other such organizations to discuss details of the
>requirements, such as those related to capacity, in order to facilitate
>compliance with the provisions of this Act.

This language apparently is merely precatory; apparently, the Attorney
General need not consult with the FCC or the other entities mentioned
here.

>      "(h) Funding. Notwithstanding any other provision of law, the
>Federal Communications Commission shall implement promptly methods and
>procedures that allow each common carrier to be remunerated by the
Federal
>Government for all reasonable costs incurred in the course of complying
>with the requirements of this Act.

We may reasonably anticipate that there would be significant litigation on
the issue of remuneration for "reasonable costs."

>      "(i) Definitions. -- As used in this Section --
>          (1) 'common carrier' means any person or entity engaged as a
>common carrier for hire, as defined by section 3(h) of the Communications
>Act of 1934, and includes a commercial mobile service or interconnected
>service, as defined in section 6002(b) of Public Law 103-66;
>          (2) 'provider of common carrier support services' means any
>person or entity who provides services to a common carrier that are
>integral to processing, directing, forwarding, or completing telephone
>calls or electronic communication transmissions;
>          (3) 'wire communication' shall have the same meaning as set
>forth in subsection 2510(1) of title 18, United States Code;
>          (4) 'electronic communication' shall have the same meaning as
>set forth in subsection 2510(12) of title 18, United States Code;
>          (5) 'intercept' shall have the same meaning as set forth in
>subsection 2510(4) of title 18, United States Code, except that with
>regard to a common carrier's transmission of a communication encrypted by
>a subscriber, the common carrier shall not be responsible for ensuring
the
>government agency's ability to acquire the plaintext of the
communications
>content, unless the encryption was provided by the common carrier and the
>common carrier possesses the information necessary to decrypt the
>communication;

Normally, "intercept" means capture the contents of a communication. 18
USC 2510(4).  But the government here is exempting common carriers from
providing the plaintext versions of encrypted communications that were
encrypted be the subscriber through some method other than an encryption
service offered by the common carrier and to which the carrier retains the
encryption keys or some equivalent capability to decrypt the
communications.

Interestingly, this definition seems to gut the meaning of the definition
in 18 USC 2510(4), which focuses only on the content of the communication.
"Interception" legally means "capturing the content" in Title III. If
you're not capturing the content, it's not, strictly speaking, an
interception according the statutory definition.

>          (6) 'concurrent with the transmission of the communication,' as
>used in section 3(a)(2) of this Act, means contemporaneous with the
>transmission; but it shall include, with regard to electronic
>communications, the ability of a government agency to acquire such
>communications at the conclusion of the transmission, and, with regard to
>call set up information, the ability to acquire such information either
>before, during, or immediately after the transmission of the
>communication;

The FBI analysis states that law enforcement's preference is for such
information to be captured *before* transmission.

>          (7) 'call set up information' shall mean the information
>generated which identifies the origin and destination of a wire or
>electronic communication placed to, or received by, the facility or
>service that is the subject of a court order or lawful authorization,
>including information associated with any telecommunication system
dialing
>or calling features or services; and

This provision would create an immensely powerful tool for message traffic
analysis, which has significance wholly independent of the ability to
capture the content of communications.

The government's prerogative to capture such transactional information is
conditioned on a much lower standard of proof than that for
wiretaps--rather than making a showing of probable cause, the government
need only "certify" to the issuing magistrate that "the information likely
to be obtained by such installation and use is relevant to an ongoing
criminal investigation." 18 USC 3123.

>          (8) 'government' means the Government of the United States and
>any agency or instrumentality thereof, the District of Columbia, any
>commonwealth, territory or possession of the United States, and any state
>or political subdivision thereof authorized by law to conduct electronic
>surveillance."

This simply makes clear that the prerogative to require these new services
from common carriers extends to all levels of law enforcement, and not
just to the federal law-enforcement and intelligence agencies. 

>SEC. 4. COMMUNICATIONS PRIVACY IMPROVEMENT AND MONITORING CLARIFICATION.
>
>      Chapter 119 of title 18 is amended by making the following changes:
>      (1) Cordless telephones.
>      (a) _Definitions_. - Section 2510 of title 18, United States Code,
>is amended - 
>          (1) in paragraph (1), by striking ", but such term does not
>include" and all that follows through "base unit"; and 
>          (2) in paragraph (12), by striking subparagraph (A) and
>redesignating subparagraphs (B) through (D) as subparagraphs (A) through
>(C), respectively.
>      (b) _Penalty_. - Section 2511 of title 18, United States Code, is
>amended - 
>          (1) in subsection (4)(b)(i), by inserting "a cordless telephone
>communication that is transmitted between a cordless telephone handset
and
>the base unit," after "cellular telephone communication,"; and
>          (2) in subsection (4)(b)(ii), by inserting "a cordless
telephone
>communication that is transmitted between a cordless telephone handset
and
>the base unit," after "cellular telephone communication,".

In the early days of cordless telephones, it was easy for the radio
transmissions between handsets and base units to be intercepted by
scanners and, occasionally, by ordinary transistor radios. Congress did
not want to felonize such trivially easy interceptions. Current cordless
phone technology, however, makes such interceptions more difficult,
according to the FBI analysis, and therefore it makes sense to extend
wiretap protections to cordless phones.

Note that this would resolve a long-standing anomaly in the protections
offered by Title III.

>      (2) Radio based data communications.
>      Section 2510(16) of title 18, United States Code, is amended by
>striking the word "or" at the end of subparagraph (D) and inserting an
>"or" at the end of subparagraph (E) and adding the following new
>subparagraph:
>          "(F) an electronic communication;".

This adds "electronic communications" (such as e-mail or data
communications) to the class of radio communications whose privacy is
protected by Title III. The FBI analysis states that this amendment is
designed to make clear that data communications over radio are also
protected under Title III.

>      (3) Penalties for monitoring radio communications that are not
>scrambled, encrypted, or non-public.
>      Section 2511(4)(b) of title 18, United States Code, is amended by
>deleting the phrase "or encrypted, then--" and inserting the following:
>          ", encrypted, or transmitted using modulation techniques whose
>essential parameters have been withheld from the public with the
intention
>of preserving the privacy or such communication, then--".

This amendment adds a penalty for modulation-protected communications,
which are already defined as not "readily accessible to the general
public" under the current language of 18 USC 2510(16)(B).

>      (4)Technical correction.
>      Section 2511(2)(a)(i) of title 18, United States Code, is amended
by
>striking out "used in the transmission of wire communication" and
>inserting in lieu thereof "used in the transmission of a wire or
>electronic communication.".

This simply corrects a drafting error left over from the Electronic
Communications Privacy Act, by adding the term "electronic communications"
to those communications that a provider can intercept or disclose in the
course of protecting its service. The amended section already included the
language "provider of wire or electronic communications service," but
seemed to allow only the interception and disclosure of "wire
communications."








From phred at well.sf.ca.us  Wed Feb 23 20:34:04 1994
From: phred at well.sf.ca.us (Fred Heutte)
Date: Wed, 23 Feb 94 20:34:04 PST
Subject: Disinformation (or the Truth?) About Clipper
In-Reply-To: <199402231611.IAA02291@nexsys.nexsys.net>
Message-ID: <9402232033.ZM7691@well.sf.ca.us>


I don't think the issue is "telling the truth" or not, telling the truth
is the only way to go in this instance if the kind of world that Clipper
-- and Bill Casey's top Russian specialist being a spy -- represents
is not to self-perpetuate.  The backlash to Clipper is a big jab in the
eye to the thoroughly self-indulgent and self-righteous "intelligence
establishment" of which people like Dorothy Denning are only the willing
lapdogs.  

The American people are squarely on our side on this as long as they are
presented with a fair statement of the question: do you want the 
government to have the right to see or hear every single piece of
electronic information written by you, to you or about you?  

The struggle is not over whether to tell the truth, or whether there is
enough time to tell the whole truth.  The struggle is to find a message
that encapulizes all of our technical and political and personal misgivings
with this system *and* the forces driving it forward, make that message
accessible to the broad public and make sure that the public hears it and
has a chance to make it the real fulcrum of decision.







From phantom at u.washington.edu  Wed Feb 23 20:54:10 1994
From: phantom at u.washington.edu (Matt Thomlinson)
Date: Wed, 23 Feb 94 20:54:10 PST
Subject: STEALTH OCEANS
In-Reply-To: <Pine.3.89.9402232236.B2157-0100000@delbruck.pharm.sunysb.edu>
Message-ID: <Pine.3.89.9402232030.A25029-0100000@stein3.u.washington.edu>


On Wed, 23 Feb 1994, Sergey Goldgaber wrote:

> No, no.  The function of Stealth PGP is, as I understand it, to simply 

correct. I was commenting on the ability of the stealth-pgp to create 
output not associated with PGP; I didn't mean to imply that s-pgp would 
be designed to do the deletion on its own. sorry.


> > telltale TSR hanging around?
> 
> What telltale TSR?  A program that can read and write directly to disk?
> If I am not mistaken, such programs are common enough not to be
> evidence of anything.  Having PGP on you is another matter, however.

I'd say having a TSR "hideit.com" loaded into high memory (installed size:
xxxx bytes) watching INT (whatever) would be a pretty good clues that
someone trying to determine that you were using a program to protect areas
of your disk would look for. Perhaps you could try and hide this, too; in 
any case, you address TSRs later...

> > > Simple.  You would take note of the starting address of the file.  And, 
> > > the length of the file.
> > 
> > how do you control individual writes? 
> 
> With a standard direct disk read/write utility.

uh, I don't have one. Do you?

I'm NOT talking about how to recover areas of your disk (you could use 
something like Norton Utilities to pull the noise file off the disk). 
What I'm trying to understand is how you plan to keep that area of your 
disk off limits. 

Like it or not, programs and OSs (if you can call Windows an OS) write to 
disk. Lots. Everywhere. How do you keep it from fragmenting the disk 
immediately and overwriting the space (whose address you have written 
down on that sheet of paper next to your computer?)

Try running windows with a temp swapfile. Run photoshop for windows (it 
writes its' own tempfile on the drive). Save a file from Word for Windows 
and try and control where it goes.


I'm not saying these problems can't be solved; I _am_ saying that what 
has been proposed thus far doesn't adequately address this (if you're 
looking at this as a genuine way to hide your data).


> > vs. where your data is kept. Authorize each write by hand? (PROGMAN.EXE 
> > is attempting to write to cylinder 12, track 14. Authorize (y/N)? ) 
> 
> Disable authorization.  Most DOSs allow direct writes without 
> authorization anyway.

No, no. We _need_ to protect the noise area. 

how? change the FAT? TSR? My example above was an attempt to try and
understand what a TSR you might build would have to ask, every single time
a regular write to disk was performed. (to protect your deleted noise
file).


> You need _not_ have a TSR with the location.  If you keep track of the 
> address/length yourself, the problem is eliminated.  The whole

except for the fact that your computer will overwrite your data (which, 
in fact, is *deleted* space, waiting to be written over) in the meantime.

> be a more elegant solution.  Otherwise, store your "noise" files 
> sequentially, on a floppy that you use only for storing encrypted data.  

Ah, a floppy? this makes 10 times more sense. With a floppy you wouldn't 
have haphazard writes to disk (as you do with your harddrive). 


> > Analysis: It seems with the systems I can think of you need to have the
> > area the noise file stored in either 1) standard (ick) or 2) kept in
> > memory so you don't overwrite it. If you don't protect it, I wouldn't
> > expect your noise file to have a very large half-life. :l Keeping the area
> > in memory (under protection) defeats the system. 
> > 
> 
> I'm sorry, this paragraph just went over my head.  Could you restate it 
> in another way, so I can attempt to comment?

sure. two choices:

1) We must protect our noise data.
	Keep it in a location on disk, keep a TSR in memory to protect
that area from writes. 

2) We don't protect our noise data. 
	Keep our data in a location on disk, keep the spots on paper, and 
hope that by the time we need to retreive it, the data hasn't been 
written over. 

I sure wouldn't want to count on 2), and it seems as if 1) defeats the 
purpose.


> > Aside: By the way, isn't the "noise" in your noise file is going to be
> > more random looking than other deleted areas of your disk? PGP compresses
> > and then encrypts; I'll bet that it is possible to distinguish pgp's
> > output bit frequencies from those of a binary or text file, which is what
> > the rest of the wiped space would most likely be. 
> > 
...

>  1 split the "noise" file into smaller parts which would be interspersed 
>    randomly among the other deleted grabage.  This would make for a less 
>    conspicuous disk; as, there are, normally, truely random sections of 
>    the disk along with the not-so-random sections.  Your bits of noise-file
>    will fit right in!

not bad. One thing to consider: we've moved all of our data to the end of 
the disk, anyway; we'd still have most of our important data at the end 
of the disk, which still might look conspicuous statistically.

>  2 use a steganorgraphy utility to embed the "noise" file in a section
>    of the other not-so-random garbage (as some people currently use those
>    same utilities to embed their PGP files in GIFs), and then delete it.
>    (Owning a stegonagraphy utility would, of course, be as conspicuous
>     as owning PGP.  So the same precautions would have to be applied.)

not bad. Takes (8 times?) more space, but should work.


Do you understand my objection to keeping track of the files' location by 
hand? It isn't that keeping track of the location/length of the file is 
hard, or retreiving it is tough; the problem is keeping the OS, etc from 
overwriting it in the meantime. 


mt

Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu






From bugs at netsys.com  Wed Feb 23 21:11:29 1994
From: bugs at netsys.com (Mark Hittinger)
Date: Wed, 23 Feb 94 21:11:29 PST
Subject: CERT funding
Message-ID: <199402240514.AA18175@netsys.com>



>From: Anonymous <nowhere at bsu-cs.bsu.edu>
>This question has come up a couple of times lately, and nobody seems to
>be talking.
>Does anyone know the budget size and sources for CERT?  Is CERT
>'officially' part of the government or do they operate independently?
>And could a FOIA request yield results, do you think?

I saw a message on this topic a couple of days ago where the poster
speculated about NSA funding for CERT.  I posted the following reply
to the cypherpunks list then but I did not see it echoed to the list.
Maybe the work being done for the ratings hoo-ha lost some of the
postings.  Anyhow here it goes again - my apologies if you've seen
this already.

Don't get too worried about CERT and its budget.  I interviewed there
- oh - around 18 months ago.  This was prior to the sniffer fiascos and
the sendmail-bug-of-the-week deluge.

CERT had a section of the "Institute for Software Engineering" building
which is a very nice building next to CMU.  The CERT offices were kind of
crowded and there were some partitions.  Most of the staff had their own
office, however.  I noted which ones had window offices and stored it away.
There were three! :-)

The staff seemed to be all comp-sci grad student types.  The main guy was
your typical visionary professor type.  Before I spoke with him he was
interrupted by a call from someone at DARPA about their funding.  I am
certain that he was having trouble convincing his funders that the problems
were growing and that CERT's budget should expand.  I got the impression
that continued funding of CERT was not a done deal and that even keeping
the current level of funding was uncertain.

My point - the funding was not substantial and it was not "reliable" 
funding.  Their hardware was fairly recent but I did see a lot of
"old soldier" type computer equipment still in service.  There was
mostly SUN, some DEC R4000 stuff, and maybe a microvaxII.  Most definetly
not NSA funded.  It is funded by DARPA/USAF just like most old arpanet
activity was.

As I interviewed with nearly all of the staff I can say they are all
most definetly comp-sci grad student types.  Probably all working on
MS or PHD over at CMU.  I was intrigued by the types of questions that
they asked me about.  I was asked more questions about software 
engineering issues than about security issues.  I got the impression that
most of the staff had only a peripheral understanding of the technical
weaknesses in the current installed base.  I know that structured
programming, relational databases, case tools, and AI are important
but are they important in an OS security framework?  (shrug)

I asked them what got CERT started and they told me it was kind of put
together informally after the morris internet worm holiday.

I was surprised that they only seemed truely interested in SUN issues.
I did not get the impression they were concerned about PC's on the
net, VMS systems, or other platforms.  Perhaps they all wanted to go
to work for SUN later?  :-) :-)  Clearly other platforms can serve as
vehicles for intrusion, and clearly they needed to be interested in
anything with an ethernet plug on it.  I was surprised by this - I still
am.

I was also surprised to find out that there were several organizations
other than CERT executing the same functions for each government agency.
I learned that there was one for the navy, the dod, the cia, and probably
even the coast guard! :-)  I wondered aloud about how much information
these groups shared and I got the impression that the other groups might
not have trusted CERT too much with good information.  In other words
there is probably a group that you guys should be worried about because
they are deeper in the black and they don't trust the CERT guys either!
:-) :-)

I was surprised to see the level of calls that CERT was getting.  I
saw an endless stream of E-mail and phone calls.  One staff member
told me that they were averaging around 1400 E-mail messages a day!!
Holy shit!  Remember this was before sendmail/sniffer!  It must be
exploding "elm" up there right now. :-) :-)

CMU had very good fringe benefits by the way.  I had a real good time and
the CERT staff treated me very well.  The CMU campus was clean and pleasing
to the eye.  Just to show they are real computer people they took me to
lunch at pizza hut.  It was the first time I'd ever seen anybody use one
of those "the club" things on their car wheel. :-) :-)

Anyway I didn't get the position.  On the one hand I thought it would be
pretty neat but on the other hand I knew the problems they were going to
have to deal with were only going to grow like crazy.  I thought something
big would happen but I didn't expect the hilarious level that the sendmail
and /dev/nit problems would reach.  The CERT guys have my sympathy.  Maybe
it was just my good luck working to bail me out again?  

I didn't get the impression that they were that up to speed on what could
be done to either attack or defend OS security.  I am sure they are getting
a fast education in that.  I am also certain they are getting a fast
education in the politics of blame.  I see a lot of people really hammering
them for surpressing information or ignoring problems.  I think we need
to realize that they are a small staff and the internet is a mighty big
ranch.  Clearly they are overwhelmed.  I am also certain that they are
learning the politics of getting vendors off their butts to fix things.
GROAN!! :-) :-)  To top it all off they have to also specialize in the
politics of getting continued funding.  What a thankless task, so utterly
unappreciated by the reckless drivers on the superhighway. :-) :-)

I think we need a be kind to CERT-person-with-beeper-week where all hackers
voluntarily stop what they are playing with.  This week could begin the day
prior to christmas eve and last until January 2.
---------
I'd like a 250 Mhz 128 bit hybrid processor with 64 meg of 8 way interleaved
memory, a 10 megabyte per second i/o channel, two 3 gig hard disks, two dat
drives with compression, and a large diet coke.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq
5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv
gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR
tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg==
=VbKi
-----END PGP PUBLIC KEY BLOCK-----




From sergey at delbruck.pharm.sunysb.edu  Wed Feb 23 22:28:38 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Wed, 23 Feb 94 22:28:38 PST
Subject: STEALTH OCEANS
In-Reply-To: <Pine.3.89.9402232030.A25029-0100000@stein3.u.washington.edu>
Message-ID: <Pine.3.89.9402240021.C2157-0100000@delbruck.pharm.sunysb.edu>




On Wed, 23 Feb 1994, Matt Thomlinson wrote:

> I'd say having a TSR "hideit.com" loaded into high memory (installed size:
> xxxx bytes) watching INT (whatever) would be a pretty good clues that
> someone trying to determine that you were using a program to protect areas
> of your disk would look for. Perhaps you could try and hide this, too; in 
> any case, you address TSRs later...
> 

Again, no TSRs are necessary.  Having a simple, common utility on hand is 
all that is needed.

> > > > Simple.  You would take note of the starting address of the file.  And, 
> > > > the length of the file.
> > > 
> > > how do you control individual writes? 
> > 
> > With a standard direct disk read/write utility.
> 
> uh, I don't have one. Do you?
> 

Sure!  Norton's Disk Editor!  I think that it may be limited to doing
everything manually, one sector at a time, though.  I'm not a big MSDOS user,
so I can't direct you to a more convenient utility, but I'm sure they're 
out there.

> I'm NOT talking about how to recover areas of your disk (you could use 
> something like Norton Utilities to pull the noise file off the disk). 
> What I'm trying to understand is how you plan to keep that area of your 
> disk off limits. 
> 

You don't keep anything off limits.  If an intruder uses the standard OS 
(instead of the proper utility) to write to your disk, he might erase 
your data.  That is not a problem!  He's doing you a favor by destroying 
the evidence.

You, on the other hand, know better.  Thus, you will always use the 
utility to write to the free sectors of the disk.  You will have no 
problem, assuming you keep track of where your data is.

> Like it or not, programs and OSs (if you can call Windows an OS) write to 
> disk. Lots. Everywhere. How do you keep it from fragmenting the disk 
> immediately and overwriting the space (whose address you have written 
> down on that sheet of paper next to your computer?)
> 

You use a floppy disk that is only accessed by your utility, which 
bypasses DOS (and Windows, which is DOS based).  You keep your disk 
write-protected at all other times.

> Try running windows with a temp swapfile. Run photoshop for windows (it 
> writes its' own tempfile on the drive). Save a file from Word for Windows 
> and try and control where it goes.
> 

That's correct.  But this is only the case when you are letting DOS write 
to disk for you.  If you use _direct_ (ie. _not_ DOS) disk writes, you can
specify which sectors you write to!

> 
> I'm not saying these problems can't be solved; I _am_ saying that what 
> has been proposed thus far doesn't adequately address this (if you're 
> looking at this as a genuine way to hide your data).
> 

I disagree.  I do admit that the more security you want, the more complicated
the issue gets.  At the simplest level, all you have to do is delete your
"noise" file.  This is a solution to hiding "noise" files that is 
available to everyone.  Problems crop up only when your opponent is 
determined, knowledgable, and capable.  Although more effort will be 
required, I believe that the system I've outlined will prevent even the 
most determined opponent from finding evidence even of the existence of your
"noise" files.

> 
> > > vs. where your data is kept. Authorize each write by hand? (PROGMAN.EXE 
> > > is attempting to write to cylinder 12, track 14. Authorize (y/N)? ) 
> > 
> > Disable authorization.  Most DOSs allow direct writes without 
> > authorization anyway.
> 
> No, no. We _need_ to protect the noise area. 
> 

All the protection that is neccessary is that of your keeping track of
the location of your files.  Just don't write back to those sectors 
again, unless you want to overwrite your data.

> how? change the FAT? TSR? My example above was an attempt to try and
> understand what a TSR you might build would have to ask, every single time
> a regular write to disk was performed. (to protect your deleted noise
> file).
> 

Once again, NO TSR IS NECESSARY!  In fact, it is detrimental, for the reasons
that I have outlined in my previous messages.

> 
> > You need _not_ have a TSR with the location.  If you keep track of the 
> > address/length yourself, the problem is eliminated.  The whole
> 
> except for the fact that your computer will overwrite your data (which, 
> in fact, is *deleted* space, waiting to be written over) in the meantime.
> 

Only if you use standard DOS disk writes.  Bypass DOS and your problem is 
solved.


> > be a more elegant solution.  Otherwise, store your "noise" files 
> > sequentially, on a floppy that you use only for storing encrypted data.  
> 
> Ah, a floppy? this makes 10 times more sense. With a floppy you wouldn't 
> have haphazard writes to disk (as you do with your harddrive). 
> 

Exactly.
 
> sure. two choices:
> 
> 1) We must protect our noise data.
> 	Keep it in a location on disk, keep a TSR in memory to protect
> that area from writes. 
> 
> 2) We don't protect our noise data. 
> 	Keep our data in a location on disk, keep the spots on paper, and 
> hope that by the time we need to retreive it, the data hasn't been 
> written over. 
> 
> I sure wouldn't want to count on 2), and it seems as if 1) defeats the 
> purpose.
> 

Are you forgetting the floppy+direct-disk-writes solution?  Choice 2 makes
sense!
 
> >  1 split the "noise" file into smaller parts which would be interspersed 
> >    randomly among the other deleted grabage.  This would make for a less 
> >    conspicuous disk; as, there are, normally, truely random sections of 
> >    the disk along with the not-so-random sections.  Your bits of noise-file
> >    will fit right in!
> 
> not bad. One thing to consider: we've moved all of our data to the end of 
> the disk, anyway; we'd still have most of our important data at the end 
> of the disk, which still might look conspicuous statistically.
>

Moving all the data to the end of the disk was not a suggestion made by me.
I agree that it would be rather silly.
 
> >  2 use a steganorgraphy utility to embed the "noise" file in a section
> >    of the other not-so-random garbage (as some people currently use those
> >    same utilities to embed their PGP files in GIFs), and then delete it.
> >    (Owning a stegonagraphy utility would, of course, be as conspicuous
> >     as owning PGP.  So the same precautions would have to be applied.)
> 
> not bad. Takes (8 times?) more space, but should work.
> 

Two choices:
 
 Space sacrificed for security.  

 Or, security sacrificed for space.

> 
> Do you understand my objection to keeping track of the files' location by 
> hand? It isn't that keeping track of the location/length of the file is 
> hard, or retreiving it is tough; the problem is keeping the OS, etc from 
> overwriting it in the meantime. 
> 

I understand.  However, your objection doesn't make sense in light of the 
above conclusions.


Thanks for your prompt replies, though!  Keep 'em coming!

Sergey







From nobody at shell.portal.com  Wed Feb 23 22:44:45 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Wed, 23 Feb 94 22:44:45 PST
Subject: Supreme Court on Anonymity
Message-ID: <199402240645.WAA06221@jobe.shell.portal.com>


-----BEGIN PGP SIGNED MESSAGE-----


- From today's (February 23) New York Times (quoted without permission):

By Linda Greenhouse

WASHINGTON, Feb. 22: The Supreme Court agreed today to decide whether 
states can ban the distribution of anonymous campaign literature.

   The case is an appeal by an Ohio woman who was fined under the state's 
election law for distributing leaflets, signed only by "concerned parents 
and taxpayers," urging the defeat of a local tax referendum. At stake is 
the constitutional balance between the free speech rights protected under 
the First Amendment and a state's interest in guarding against election 
fraud.
   Half of the states, including Connecticut and New Jersey, have laws 
similar to Ohio's. While the Supreme court has never discussed anonymous 
leaflets in the context of election laws, it did rule in 1960 that the 
organizers of a consumer boycott directed at racially biased mechants could 
not be required to identify themselves on their literature. Historically, 
persecuted or unpopular groups have "been able to criticized oppressive 
practices and laws either anonymously or not at all," the court said in 
that decision, Talley v. California.
   On the other hand, the Court has granted the states more latitude to 
restrict speech as part of election regulations, recently upholding bans on 
write-in voting and on electioneering near polling places. The Ohio Supreme 
Court, in ruling last year to uphold the ban on anonymous leaflets, said 
the state law was consistent with the Supreme Court's view that speech 
could be limited to deter voter fraud.

   Interesting, eh?


faust's dog


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQBpAgUBLWxKQIp26HwU0zr9AQGxfQKZAec+cnCSOHjLSsQjJxQbd1u5IRNw3/Jr
H3IltqoypEPRa1H7LYoVQ7RNmiGrcL2730JmABCS3C56k5x/T/IZBeyFtCGussso
vscFrB2NGxRCH8Ho
=UPD9
-----END PGP SIGNATURE-----





From djw at eff.org  Wed Feb 23 20:48:55 1994
From: djw at eff.org (Daniel J. Weitzner)
Date: Wed, 23 Feb 1994 22:48:55 -0600
Subject: FLASH: FBI's Draft Digital Telephony Bill: EFF Summary and Analysis
Message-ID: <199402240350.WAA04805@eff.org>

Electronic Frontier Foundation Statement on FBI Draft Digital Telephony Bill

        EFF has received a draft of the FBI's new, proposed "Digital
Telephony" bill.  After initial analysis, we strongly condemn bill, which
would require all common carriers to construct their networks to deliver to
law enforcement agencies, in real time, both the contents of all
communications on their networks and the "signalling" or transactional
information.  

        In short, the bill lays the groundwork for turning the National
Information Infrastructure into a nation-wide surveillance system, to be
used by law enforcement with few technical or legal safeguards.  This image
is not hyperbole, but a real assessment of the power of the technology and
inadequacy of current legal and technical privacy protections for users of
communications networks.

        Although the FBI suggests that the bill is primarily designed to
maintain status quo wiretap capability in the face of technological
changes, in fact, it seeks vast new surveillance and monitoring tools. 
Among the new powers given to law enforcement are:

1. Real-time access to transactional information creates the ability to
monitor individuals in real time.

        The bill would require common carrier network (telephone companies
and anyone who plans to get into the telephone business, such as cable TV
companies) to deliver, in real time, so called "call setup information." 
In the simplest case, call setup information is a list of phone numbers
dialed by a given telephone currently under surveillance.  As we all come
to use electronic communications for more and more purposes, however, this
simple call setup information could also reveal what movies we've order,
which online information services we've connected to, which political
bulletin boards we've dialed, etc. With increasing use of
telecommunications, this simple transactional information reveals almost as
much about our private lives as would be learned if someone literally
followed us around on the street, watching our every move.

        We are all especially vulnerable to this kind of surveillance,
because, unlike wiretapping the *content* of our communications, it is
quite easy for law enforcement to get permission to obtain this
transactional information.  Whereas courts scrutinize wiretap requests very
carefully, authorizations for access to call setup information are
routinely granted with no substantive review.  Some federal agencies, such
as the IRS, even have the power to issue administrative subpoenas on their
own, without appearing before a court.  

        The real impact of the FBI proposal turns, in part, on the fact
that it is easy to obtain court approval for seizing transactional data.

       The change from existing law contained in the FBI proposal is that
carriers would have to deliver this call setup information *in real time*,
directly to a remote listening post designated by law enforcement.  Today,
the government can obtain this information, but generally has to install a
device (called a 'pen register') which is monitored manually at the
telephone company switching office.

2. Access to communication and signalling information for any mobile
communication, regardless of location allows tracking of an individual's
movements.

        The bill requires that carriers be able to deliver either the
contents or transactional information associated with any subscriber, even
if that person is moving around from place to place with a cellular or PCS
phone.  It is conceivable that law enforcement could use the signalling
information to identify that location of a target, whether that person is
the subject of a wiretap order, or merely a subpoena for call setup
information.

        This provision takes a major step beyond current law in that it
allows for a tap and/or trace on a *person*, as opposed to mere
surveillance of a telephone line.

3. Expanded access to electronic communications services, such as the
Internet, online information services, and BBSs.

        The privacy of electronic communications services such as
electronic mail is also put at grave risk.  Today, a court order is
required under the Electronic Communications Privacy Act to obtain the
contents of electronic mail, for example.  Those ECPA provisions would
still apply for the contents of such messages, but the FBI bill suggests
that common carriers might be responsible for delivering the addressing
information associated with electronic mail and other electronic
communications.  For example, if a user connects to the Internet over local
telephone lines, law enforcement might be able to demand from the telephone
company information about where the user sent messages, and into which
remote systems that user connects.  All of this information could be
obtained by law enforcement without every receiving a wiretap order.

4. The power to shut down non-compliant networks

        Finally, the bill proposes that the Attorney General have the power
to shut down any common carrier service that fails to comply with all of
these requirements.  Some have already called this the "war powers"
provision.  Granting the Department of Justice such control over our
nation's communications infrastructure is a serious threat to our First
Amendment right to send and receive information, free from undue government
intrusion.

********************************

The posting represents EFF's initial response to the new FBI proposal. 
Several documents, including the full text of the proposed bill and a more
detailed section-by-section analysis are available by anonymous ftp on
EFF's ftp site.

This docuemnt is digtel94.announce

The documents can be located via ftp, gopher, or www, as follows:

ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_bill.draft
ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94_analysis.eff
ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony/digtel94.announce

for gopher, same but replace first part with:

gopher://gopher.eff.org/00/EFF/...

for WWW, same but replace first part with:

http:/www.eff.org/ftp/EFF/...

********************************
Press inquiries, contact:

Jerry Berman, Executive Director <jberman at eff.org>
Daniel Weitzner, Senior Staff Counsel <djw at eff.org>

+1 202-347-5400




**************************************************************************
"I believe in markets doing what they do well, which is to develop technology,
and letting citizens do what they ideally do well, which is to set policy."

-Esther Dyson, President, EDventure Holdings, Inc.

The Electronic Frontier Foundation is working to protect your privacy.  To
help stop Clipper and eliminate export controls on cryptography, support a
bill introduced in the House of Representatives, HR 3627.  To support the
bill, send email to <cantwell at eff.org>.

......................................................................
Daniel J. Weitzner, Senior Staff Counsel              <djw at eff.org>
Electronic Frontier Foundation                        202-347-5400 (v) 
1001 G St, NW  Suite 950 East                         202-393-5509 (f)
Washington, DC 20001

*** Join EFF!!!  Send mail to membership at eff.org for information ***







From tcmay at netcom.com  Wed Feb 23 23:46:46 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 23 Feb 94 23:46:46 PST
Subject: Symmetric Ciphers Really DO Have Crummy Scaling Properties!
In-Reply-To: <9402240310.AA29973@osc.versant.com>
Message-ID: <199402240747.XAA26647@netcom9.netcom.com>



> tcmay:
> # The problem with symmetrical ciphers is one of *scaling*.
> # 
> # Since a key must be exchanged with each other person, the total number
> # of keys growns rapidly as the community of participants increases. At
> 
> Russell Brand has observed that many people only send PGP mail to
> people with whom they have personally exchanged keys -- that even the
> "web of trust" idea is not used as much as the "personal key exchange" idea.
I think Strick is missing the incredible implications of public keys:

1. Most people who send me PGP-encrypted messages get my public key
off the key servers, not from me. I generated this key once, for a
Cypherpunks keyring hoopla circa November 1992, and that was that.
Very painless. Just like the "phone directory" of public keys the
pioneers of public key promised.

2. With symmetric ciphers, each person has to keep track of the keys
used with _each_ communicant. Instead of, say, 100 people having a
total of 100 public keys and 100 private keys, for a total of 200
keys, each person would have to keep track of *99 keys*, for a total of
9,900 keys! In my book, 200 keys total beats 9,900 keys any day. And the
difference grows rapidly with the number of likely communicants. (That
one does not communicate with all of them is beside the point: one
wants the _potential_ to communicate securely and hence one will need
to arrange keys in advance. In reality, of course, you won't have
arranged these keys or one-time pads or whatever in advance, and so
secure communication will be impossible....this was the situation
until recently for all but the military and the like.)

More to the point, I have only one public-private key pair, and that's
all I want to have keep track of. Storing 20 or 50 or 200 keys
securely and being able to retrieve them securely and reliably is not
a welcome alternative.

3. And don't forget security issues during key exchange! With
conventional, symmetric ciphers, the keys must be exchanged by a
secure channel. Anyone who sees or hears the key can read all
traffic. Public key exchanges are less susceptable to eavesdropping
breaches in security. (Technically, with p-k key exchanges, the key
exchange channel still needs to be secure, but with some practical
differences: at not point is the private key of either party shown or
produced. There are some spoofing attacks--cf. Schneier--but these are
easy to deal with and don't offer the same dangers of the keys being
intercepted.)

To make this point more succinct: In the pre-p-k days, trusted
couriers carried the key material. And carried it to the many pairwise
sites needed (see Point #1). With public key methods, this was ended.

Diffie-Hellman even allows key exchange to take place between parites
who've never met. A revolution.


> I have thought seriously about a revival of symmetric key exchange,
> with the look and feel of a PGP key signing session, but without
> the transitive effect and without the legal hassles.   
> 
> 					<strick>

Well, good luck then. But I don't plan to participate. I have no
desire to carry around a floppy containing the symmetric keys of 100
or more Cypherpunks and others--not when I can look up their public
key in a keyserver, finger them for it, or just ask for it to be sent
to me over normal channels.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From phantom at u.washington.edu  Thu Feb 24 00:25:13 1994
From: phantom at u.washington.edu (Matt Thomlinson)
Date: Thu, 24 Feb 94 00:25:13 PST
Subject: STEALTH OCEANS
Message-ID: <Pine.3.89.9402240056.A28435-0100000@stein3.u.washington.edu>



Sergey Goldgaber <sergey at delbruck.pharm.sunysb.edu> writes:

>> might work, except for the fact that fragmentation _does_ go on, and when 
>> you were to write files to the drive (heck, I do every time I start up 
>> windows and write a huge temp swapfile) you're going to be playing 
>> roulette with your data. 

>This problem is solved by simply using a utility that writes directly to the
>disk (exactly in the specified sectors, in the specified order), instead 
>of letting DOS fragment your disk.


I've been talking to Sergey behind the scenes, and I think I understand 
what our miscommunication was: he is proposing this type of technique 
ONLY for removable-type media, e.g. floppies. 


To store this type of data on your harddrive would be to dedicate your
harddrive to stego. This was my argument all along; what we failed to
connect on was the fact that only floppies are involved. With floppies,
every write *can* be controlled and the data would be relatively safe (and
obscure, for that matter). 


This correction is being posted to the list because his original post 
said nothing about removable media.


mt

Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu






From sergey at delbruck.pharm.sunysb.edu  Thu Feb 24 01:15:15 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Thu, 24 Feb 94 01:15:15 PST
Subject: STEALTH OCEANS
In-Reply-To: <Pine.3.89.9402240056.A28435-0100000@stein3.u.washington.edu>
Message-ID: <Pine.3.89.9402240410.B3654-0100000@delbruck.pharm.sunysb.edu>




On Thu, 24 Feb 1994, Matt Thomlinson wrote:

> 
> Sergey Goldgaber <sergey at delbruck.pharm.sunysb.edu> writes:
> 
> >> might work, except for the fact that fragmentation _does_ go on, and when 
> >> you were to write files to the drive (heck, I do every time I start up 
> >> windows and write a huge temp swapfile) you're going to be playing 
> >> roulette with your data. 
> 
> >This problem is solved by simply using a utility that writes directly to the
> >disk (exactly in the specified sectors, in the specified order), instead 
> >of letting DOS fragment your disk.
> 
> 
> I've been talking to Sergey behind the scenes, and I think I understand 
> what our miscommunication was: he is proposing this type of technique 
> ONLY for removable-type media, e.g. floppies. 


I am proposing this as a practical solution that can be implemented 
effectively mainly on floppies.  Hard-drives might have to be dedicated 
to stegonagraphy (As Matt points out below).

> To store this type of data on your harddrive would be to dedicate your
> harddrive to stego. This was my argument all along; what we failed to
> connect on was the fact that only floppies are involved. With floppies,
> every write *can* be controlled and the data would be relatively safe (and
> obscure, for that matter). 
> 

So it seems.  However, I am wary of the possibility that there are 
drawbacks to the scheme that I haven't even considered yet.  I'm hoping 
that other astute readers such as yourself may be able to point them out; 
as, practical stegonagraphy may become a necessity in the near future.

> 
> This correction is being posted to the list because his original post 
> said nothing about removable media.
> 

My original post only outlined the basic premises.  I had not, at that 
point, realized that floppy use would be a virtual necessity.

> 
> mt
> 
> Matt Thomlinson                               Say no to the Wiretap Chip!
> University of Washington, Seattle, Washington.
> Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
> PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu
> 
> 

Thanks for your insights and neverfailing tenacity, Matt.


Sergey







From pierre at shell.portal.com  Thu Feb 24 01:15:54 1994
From: pierre at shell.portal.com (Pierre Uszynski)
Date: Thu, 24 Feb 94 01:15:54 PST
Subject: quetion about Multi-user systems
Message-ID: <199402240916.BAA20879@jobe.shell.portal.com>


> On Wed, 23 Feb 1994, Eric Johnson wrote:
> 
> 	[...] So perhaps I could just download my
> 	inbox, but then sending the mail messages may be
> 	difficult, since their is no place I can just send them.
> 	[...]
> 	I figure yo could just upload a file with all of your
> 	replies and new mail, and then have a script mail each of
> 	those letters.  That way my secret key stay on my home
> 	system, very safe, and I can use emacs to answer read and
> 	encrypt all my mail with ease.

Using kermit & Co, and then a script to transfer files composed
and signed at home for mailing from your internet account is
too tedious.

But I believe you mentioned you are using Linux on your PC. Sooo,
here are two solutions that should work in any real (non-Microsoft)
window system:

1) Compose and sign each message on the PC. Then, while on-line
with the remote computer, cut and paste the already-signed
message directly into the remote mail line editor. (Cutting and
pasting in such a way sometimes gets you in trouble with
various buffering bugs, but you'll quickly figure out how
much text you can paste at a time. Once a piece of text is
signed, make sure you don't introduce more spaces, blank lines
and such !) Once you have cut-and-paste running, it should not
matter on which system you read your mail, on which one you compose
new messages, or on which one you sign. Cutting and pasting very
long messages will still be a pain.

2) Use a mud client (or similar) instead of kermit to connect
to the remote system. Sending mail is then done by using the
usual commands to get the remote system into the mailer line
editor and then using a client macro of some sort to sign,
transfer and send a message prepared locally. This solution
will require some programming (very little on Linux, maybe quite
a bit on a MacIntosh).

Pierre Uszynski
pierre at shell.portal.com





From pierre at shell.portal.com  Thu Feb 24 01:49:59 1994
From: pierre at shell.portal.com (Pierre Uszynski)
Date: Thu, 24 Feb 94 01:49:59 PST
Subject: quetion about Multi-user systems
Message-ID: <199402240950.BAA22060@jobe.shell.portal.com>


> Only minutes ago, I wrote:
> 
> 2) Use a mud client (or similar) instead of kermit to connect
> to the remote system. Sending mail is then done by using the
> usual commands to get the remote system into the mailer line
> editor and then using a client macro of some sort to sign,
> transfer and send a message prepared locally. This solution
> will require some programming (very little on Linux, maybe quite
> a bit on a MacIntosh).

Heck, you can even program all that in kermit script programs.
(I have version 5A(170) here.) It's just that these programs look
(incredibly) ugly.

Pierre Uszynski
pierre at shell.portal.com





From catalyst-remailer at netcom.com  Thu Feb 24 02:40:42 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Thu, 24 Feb 94 02:40:42 PST
Subject: CERT funding
Message-ID: <199402241041.CAA17675@mail.netcom.com>


>From Mark Hittinger:
> Don't get too worried about CERT and its budget.  

It is precisely when someone says "don't get worried about _____" when
I begin to wonder exactly what they have to hide.

> The staff seemed to be all comp-sci grad student types.  The main guy was
> your typical visionary professor type.  Before I spoke with him he was
> interrupted by a call from someone at DARPA about their funding.  I am
> certain that he was having trouble convincing his funders that the problems
> were growing and that CERT's budget should expand.  I got the impression
> that continued funding of CERT was not a done deal and that even keeping
> the current level of funding was uncertain.

Every government bureaucrat I have met says exactly the same thing.
The idea is to always give the impression of being "hungry" -- if you
think your budget is adequate, obvious it is too much, and if you
think your sources of funding are "secure", then you are taking them
for granted.  Believe me ... I played the game for many years.

> My point - the funding was not substantial and it was not "reliable" 
> funding.  Their hardware was fairly recent but I did see a lot of
> "old soldier" type computer equipment still in service.  There was
> mostly SUN, some DEC R4000 stuff, and maybe a microvaxII.  Most definetly
> not NSA funded.  It is funded by DARPA/USAF just like most old arpanet
> activity was.

You are very naive!  Just because something is funded by an
intelligence agency does NOT mean that it is going to be a brand-new,
state of the art system.  The 3-letter agencies have LOTS of old but
serviceable Suns, DECs, Macs, PCs, etc. internally and their
contractors have the same.  Yes, if they were doing cryptanalysis
they'd have beefier gear, but that is not what CERT does.

The problem is that when one is funded by DARPA or directly by one of
the armed services, the amount of your award is supposed to be public.
Usually companies announce it via a press release -- it is
prestigious.  HOWEVER, it is usually a condition of doing business
with the intelligence community that the existence and amount of your
contract award is kept secret.  THat's just the way they work.

Don't be lulled by the "grad-student" types either.  the intelligence
agencies have funded a lot of university-affiliated research.  Most of
the grad students and first-real-job people aren't privy to the
internal funding and resposbility and deliverables of the group.
Were you asked about your ability to get a security clearance?  
According to one article, CERT people now are getting clearances.  
Interesting.

> I was also surprised to find out that there were several organizations
> other than CERT executing the same functions for each government agency.
> I learned that there was one for the navy, the dod, the cia, and probably
> even the coast guard! :-)  I wondered aloud about how much information
> these groups shared and I got the impression that the other groups might
> not have trusted CERT too much with good information.  In other words
> there is probably a group that you guys should be worried about because
> they are deeper in the black and they don't trust the CERT guys either!
> :-) :-)

Yes, other CERT-type teams exist.  They are collected in an
organization called FIRST, the Federation of Incident Response Teams.
They do share (some) info.  Blackworld teams have different issues and
do not generally participate, since their risk exposure is different
and their issues are usually different as well.  But they exist too.

Sign me... "one who knows"






From sergey at delbruck.pharm.sunysb.edu  Thu Feb 24 04:10:55 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Thu, 24 Feb 94 04:10:55 PST
Subject: Stealth PGP and Stegonagraphy (LONG)
Message-ID: <Pine.3.89.9402240722.A4135-0100000@delbruck.pharm.sunysb.edu>




         Making Stealth PGP (random noise) Files "Undetectable"


         INITIAL PROBLEM:

         The following ideas were developed in response to the concern 
         over the future legal implications of possessing encrypted files.
         If non-Clipper encryption becomes illegal, even the mere
         possession of possible non-Clipper-encrypted files may be
         grounds for a search warrant, confiscation of equipment, and
         miscellaneous court sanctions.


         PRACTICAL OBJECTIVE:

         The possession of encrypted files must be made virtually
         undetectable, even to the most determined and best 
         informed opponent.


         BASIC PREMISE:

         On many machines the file system allows users to "delete" files
         without actually erasing them.  This is usually accomplished by
         simply marking the disk blocks that make up the file as free.
         Thus it is possible to write an encrypted (noise) file on 
         to disk, pad the rest of the disk with more noise and "delete" the
         whole thing, making the disk look blank to all casual observers.


         CHALLENGES:

         I   - Miscellaneous disk writes, such as those performed routinely
               by DOS, can overwrite the "deleted" files.

         II  - Certain security measures on the part of the user may make 
               recovery of the hidden file non-trivial.  Ideally, the file 
               will not have an "End Of File" marker, a file name, nor an 
               entry in the File Allocation Table.

         III - Upon examination of the deleted segment of a disk, the
               aware opponent will notice the discrepancy between a large,
               highly-random noise-segment and the "structured garbage"
               that will make up most of the rest of the deleted portion 
               of the disk.
         

         PROPOSED SOLUTIONS:

         I   - To ensure the integrity of the hidden data, all disk 
               writes must be directly controlled by the user, not DOS.

                A  - Use of a floppy disk is recommended; as, controlling
                     each individual disk-write operation on a harddrive
                     becomes infeasible due to the large amount of 
                     said operations.

                B  - The user should specify and keep track of the exact
                     address and length of the encrypted file when 
                     writing it to disk.  The file's location/length
                     should be guarded as dearly as one's secret key
                     and corresponding password,  for similar reasons.

         II  - Keeping track of the exact address and length of the 
               hidden file will allow easy file recovery, without need for an 
               EOF marker, a file name, nor a FAT entry.

         III - In order to make one's file deleted file virtually 
               indistinguishable from the rest of the deleted portion of the 
               disk, the implementation of one of the following measures 
               is recommended.

                A  - Split the noise file into small individual files and
                     scatter them throughout the "structured garbage" that is
                     already on the disk.  It should blend in with the other
                     little pieces of highly random noise that are naturally
                     interspersed in the deleted portion of the disk.
                     Recovery would, of course, require one to keep track
                     of the addresses, lengths, and order of the 
                     component files.
                     
                B  - Use a stegonagraphy utility to hide one's file in a
                     segment of "structured garbage".  A Mimic function
                     with a "structured garbage" grammar would be highly
                     usefull for this.


         DISCUSSION:
         
         All of the above speculation relies on the use of Stealth PGP, or a
         similar program that encrypts plaintext into a format indistinguishable
         from random noise.  Unless this stegonagraphic function is implemented
         detection of the encrypted file, even when hidden among megabytes of
         other "deleted" files, will be trivial; as, PGP has a distinct header.
         
         The success of the above method also relies on the use of non-standard
         locations for the hidden files.  For, if this method becomes popular, 
         _and_ everyone starts hiding their files in the last few sectors of the
         disk, for example, a significant portion of the method's effectiveness 
         may be compromised.
         
         It should be noted that as long as the user is writing directly to and 
         reading directly from the disk (bypassing DOS), "deletion" of the file 
         is no longer necessary.  It is necessary to keep the blocks one writes
         to marked as "FREE", "BAD" or "DELETED" (take your pick!).  Some
         modification of the FAT or equivalent may be required here.
         
         
         SUMMARY:
         
         In order to hide a Stealth PGP (or equivalent) encrypted "noise" file
         effectively one may follow the steps outlined below:
                               
                           1    Embed it in "structured garbage" such as is
                                present normally on the deleted portions of the
                                disk.  This can be accomplished by using a 
                                stegonagraphy program or by splitting the file
                                into small segments and scattering them among
                                "structured garbage".
                                
                           2    Write the resulting "structured garbage"/noise
                                combination directly to disk.  This can be
                                accomplished by using a normal disk-sector 
                                editor utility.
                           
                           3    Keep track of the exact location and size of the
                                file if you want to retrieve it later.  Keep
                                this information secure.
                                
                           4    Modify the FAT (or equivalent) to mark the
                                sectors you've written to as "FREE", "BAD", or
                                "DELETED" (if necessary).
         
         In order to retrieve and reconstruct one's file simply reverse
         steps 2 and 1.
         
         
         THANKS:
         
         I wish I could thanks everyone who has commented on this thread 
         individually.  Unfortunately, I am rather new to this.  Next time, 
         I'll know to keep track of each response/address/name instead of 
         simply replying to your mail/posts.  You know who you are.  Thank you!
         Keep you comments flowing!


                                 All feedback welcome,

                                     Sergey







From sergey at delbruck.pharm.sunysb.edu  Thu Feb 24 04:12:45 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Thu, 24 Feb 94 04:12:45 PST
Subject: Stealth PGP and Stegonagraphy (Summary)
Message-ID: <Pine.3.89.9402240757.A4151-0100000@delbruck.pharm.sunysb.edu>



         In order to hide a Stealth PGP (or equivalent) encrypted "noise" file
         effectively one may follow the steps outlined below:
                               
                           1    Embed it in "structured garbage" such as is
                                present normally on the deleted portions of the
                                disk.  This can be accomplished by using a 
                                stegonagraphy program or by splitting the file
                                into small segments and scattering them among
                                "structured garbage".
                                
                           2    Write the resulting "structured garbage"/noise
                                combination directly to disk.  This can be
                                accomplished by using a normal disk-sector 
                                editor utility.
                           
                           3    Keep track of the exact location and size of the
                                file if you want to retrieve it later.  Keep
                                this information secure.
                                
                           4    Modify the FAT (or equivalent) to mark the
                                sectors you've written to as "FREE", "BAD", or
                                "DELETED" (if necessary).
         
         In order to retrieve and reconstruct one's file simply reverse
         steps 2 and 1.
         

For a more detailed discussion of the above method, see the associated 
message, entitled "Stealth PGP and Stegonagraphy (LONG)".

Sergey






From sergey at delbruck.pharm.sunysb.edu  Thu Feb 24 04:20:49 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Thu, 24 Feb 94 04:20:49 PST
Subject: STEALTH OCEANS (fwd)
Message-ID: <Pine.3.89.9402240757.D3654-0100000@delbruck.pharm.sunysb.edu>


On Thu, 24 Feb 1994, Matt Thomlinson wrote:

> 
> Sergey Goldgaber <sergey at delbruck.pharm.sunysb.edu> writes:
> 
> >> might work, except for the fact that fragmentation _does_ go on, and when 
> >> you were to write files to the drive (heck, I do every time I start up 
> >> windows and write a huge temp swapfile) you're going to be playing 
> >> roulette with your data. 
> 
> >This problem is solved by simply using a utility that writes directly to the
> >disk (exactly in the specified sectors, in the specified order), instead 
> >of letting DOS fragment your disk.
> 
> 
> I've been talking to Sergey behind the scenes, and I think I understand 
> what our miscommunication was: he is proposing this type of technique 
> ONLY for removable-type media, e.g. floppies. 


I am proposing this as a practical solution that can be implemented 
effectively mainly on floppies.  Hard-drives might have to be dedicated 
to stegonagraphy (As Matt points out below).

> To store this type of data on your harddrive would be to dedicate your
> harddrive to stego. This was my argument all along; what we failed to
> connect on was the fact that only floppies are involved. With floppies,
> every write *can* be controlled and the data would be relatively safe (and
> obscure, for that matter). 
> 

So it seems.  However, I am wary of the possibility that there are 
drawbacks to the scheme that I haven't even considered yet.  I'm hoping 
that other astute readers such as yourself may be able to point them out; 
as, practical stegonagraphy may become a necessity in the near future.

> 
> This correction is being posted to the list because his original post 
> said nothing about removable media.
> 

My original post only outlined the basic premises.  I had not, at that 
point, realized that floppy use would be a virtual necessity.

> 
> mt
> 
> Matt Thomlinson                               Say no to the Wiretap Chip!
> University of Washington, Seattle, Washington.
> Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
> PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu
> 
> 

Thanks for your insights and neverfailing tenacity, Matt.


Sergey









From smb at research.att.com  Thu Feb 24 04:21:26 1994
From: smb at research.att.com (smb at research.att.com)
Date: Thu, 24 Feb 94 04:21:26 PST
Subject: CERT funding
Message-ID: <9402241221.AA26019@toad.com>


Thanks, Mark, for an interesting posting about CERT.  Let me add just
one or two comments about the place.

That CERT should be interested in software engineering is a very
good sign.  What do you think causes most security holes?  It *isn't*
lack of cryptography, for the most part, though this last big incident
is an obvious exception.  The answer, of course, is bugs in the
code -- and to that, software engineering is the only answer from
computer science as a whole.  (Bob Morris Sr's keynote address
at the last UNIX Security Conference was entitled ``if your software
is full of bugs, what does that say about its security?'')

As for the database stuff -- from what the folks at CERT have told me
(and yes, I know some of them quite well), they're having a problem
managing the tremendous volume of bug reports, incident reports, etc.
They need to do their own tool-building.

Finally, there are some folks at CERT who are *extremely* sharp.  I don't
know who you talked to, but there are people there I'd hire in an instant
if they were available.





From m5 at vail.tivoli.com  Thu Feb 24 05:52:28 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 24 Feb 94 05:52:28 PST
Subject: FLASH: FBI's Draft Digital Telephony Bill: EFF Summary and Analysis (fwd)
In-Reply-To: <199402240423.XAA05700@eff.org>
Message-ID: <9402241352.AA14211@vail.tivoli.com>



Mike Godwin writes:
 > Electronic Frontier Foundation Statement...
 > 
 > ... After initial analysis, we strongly condemn bill, ...
                                                   ****

Freudian slip?

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From wak at next11.math.pitt.edu  Thu Feb 24 06:06:17 1994
From: wak at next11.math.pitt.edu (walter kehowski)
Date: Thu, 24 Feb 94 06:06:17 PST
Subject: BIX musings on Zimmermann
Message-ID: <9402241406.AA05846@next11.math.pitt.edu>


#################################
peace at BIX.com muses on Zimmerman:

I think about that, it was Isaac Asimov in his story about an invention
which allowed people to see back into time. Suppressed by the Government,
it was independently re-invented by a professor who only got curious about
the topic when he realised it was classified. The catch; when does time begin?
one second ago?, one nano-second ago?. With the invention, privacy became
a thing of the past; you could go anywhere, see anything. Its kind of a neat
twist on this issue. The government would have us believe encryption is a
*bad thing* because bad guys will use it to hide their activities.
#################################

You've joggled my memory. The Isaac Asimov story referred to in "BIX musings  
on Zimmermann" is "The Dead Past". Another twist on this issue is that the  
government was cast as the good guys actually protecting the rest of the world  
from the wide spread use of the "neutrino-gravitic" time-viewing technology  
whereas the scientists were acting out of "misguided" notions of freedom of  
access to the information and technology. When the scientists are finally  
apprehended they gloat over the fact that the technology is now freely  
available. The gov't failed to stop them. (The time-viewing apparatus is easy  
to build.) When the official makes clear what the consequences are (the past  
is now dead - anybody with a TV set can now monitor anybody anywhere anywhen),  
the scientists are ashamed of themselves. However, it's important to note that  
the government was not above using the technology to suppress the spread of  
the technology. What such a monitoring agency would become in twenty years or  
so is clear. Just how paranoid could it get? ("Crisis and Leviathan" - When  
the crisis has passed, the institutions set up to deal with it remain.) It is  
interesting to speculate on the analogy between Zimmerman's PGP and Clipper  
and the "neutrino-gravitic" time-viewing technology which the government is  
not above using for ostensibly noble ends. 


Walter A. Kehowski <wak at next0.math.pitt.edu>





From dmandl at lehman.com  Thu Feb 24 06:17:15 1994
From: dmandl at lehman.com (David Mandl)
Date: Thu, 24 Feb 94 06:17:15 PST
Subject: Give me your privacy and I will protect you.
Message-ID: <9402241417.AA17322@disvnm2.lehman.com>


> From: Michael Johnson <mpj at csn.org>
> 
> Just say "NO!" to harmful drugs, promiscuous sex, the ITAR's restrictions on
                                   ^^^^^^^^^^^^^^^
Please, tell me this is a joke.

> strong cryptography, and Key Escrow!  Write YOUR Congressional Representative
> NOW and express support for Maria Cantwell's bill to ease restrictions on
> privacy software!

   --Dave.





From bdolan at well.sf.ca.us  Thu Feb 24 06:48:27 1994
From: bdolan at well.sf.ca.us (Brad Dolan)
Date: Thu, 24 Feb 94 06:48:27 PST
Subject: Rising dishonesty level
Message-ID: <199402241448.GAA17814@well.sf.ca.us>


jimn8 at netcom.com remarks about the rising level of dishonesty in 
(presumably) media/political circles:

*It's bad*   I once had a faint hope that a change in administrations
would reverse the tide.  I'm over that now.  People from eastern
Europe recognize a lot of what they see developing here, as a recent
poster noted.

jimn8 further wonders if anybody knows a better country to live in:

I know of several that are less intrusive in your private affairs.  
Unfortunately, it's hard for an American to find work in most of them.
I've made up a list of decision rules about when it's time to flee
to the first place I can find "three hots and a cot" (Places like
Belize, for instance).  Try compiling your own list, it's an 
interesting exercise.

My rules:

It's time to leave when...
... I can't say what I want.
... I can't own a gun.
... I can't use good crypto.
... I can't leave and enter the U.S. freely.

Brad   bdolan at well.sf.ca.us

Somewhat related:  Does anybody find it interesting that no one noted 
for over a decade that Ames had (1) a lavish lifestyle and (2) a foreign-born
(Colombian!)  wife.  Normally, spooks aren't allowed either.

A cynic might say that the lavish lifestyle was overlooked because it was
attributed to the Colombian connection, and not to the other
extracurricular activities.

-bd






From fhalper at pilot.njin.net  Thu Feb 24 07:11:47 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Thu, 24 Feb 94 07:11:47 PST
Subject: Net restructure
Message-ID: <9402241511.AA27968@pilot.njin.net>


I don't know if this is correct, but from what I have read it seems that the Net needs and will be restructured somtime in the future.  I think our biggest concern when it happens will be that Clipper like encryption and monitoring will be implmented as a
standard.  Who knows maybe the net will be run by the government.
Reuben Halper
-anger is a gift- rage aginst the machine/Freedom





From talon57 at well.sf.ca.us  Thu Feb 24 08:23:42 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Thu, 24 Feb 94 08:23:42 PST
Subject: STEALTH OCEAN
Message-ID: <199402241623.IAA08236@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----



Matt Thomlinson asks:

>I can see how a stealth-PGP would allow you to hide messages on
>your disk in "wiped" filespace -- it'd look like garbage (maybe --
>see Aside), if anyone took a look. What does this buy you, though,
>if you've got a telltale TSR hanging around?


 Why not "Parasitize" your program on to Command.com like many
viruses do? The "Stealth" viruses also employ code that will not
reveal the change in size to either MEM or CHKDSK, such code can
also restore the timestamp.


Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced comunication is
                  indistinguishable from noise." --Steve Witham
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWzS19CcBnAsu2t1AQFyQgP9GpJQcB4TNSxzcBdKh+MWOWl6uHcEEM5I
QEU7NpmegvNBAoTLuH4at8CMGqqIjol0LwIFjpKO9pkWsXUldNLHx1nl2m/Ur1iA
BbPYH6ajDjuV+i/OHvNVt+ZaS1R+zZKkrW+FzA1mzM1iGn2JE5HWIdGS9r2mShRC
diQXI87CWmg=
=+0ln
-----END PGP SIGNATURE-----






From wex at media.mit.edu  Thu Feb 24 08:31:31 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Thu, 24 Feb 94 08:31:31 PST
Subject: New mailing list?
Message-ID: <9402241631.AA23901@media.mit.edu>


I am interested in starting a mailing list (digest, moderated) on encryption
uses/abuses and possibilities in the real world.

It would be like RISKS, but would concentrate on cases where encryption is
currently being used and cases where it should but isn't.  No discussions of
this-asshole-actually-asked-for-my-SSN or the like.  The idea is to expose
to the public where crypto is useful and hopefully get more people to
understand what will be lost if the gov't succeeds in keeping crypto tech
under its thumb.

However, a list is only as good as the material submitted to it.  So, I ask
the members of this list whether you would be interested in:
	(a) reading such a list
and
	(b) contributing to it.

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group	wex at media.mit.edu
Voice: 617-258-9168 Page: 617-945-1842		an53607 at anon.penet.fi
We are Chaos Boys.  We are coming to a paradigm near you.





From elbert2 at darmstadt.gmd.de  Thu Feb 24 08:51:25 1994
From: elbert2 at darmstadt.gmd.de (Andreas Elbert, Modacom Account)
Date: Thu, 24 Feb 94 08:51:25 PST
Subject: Digsig in Germany for RX?
Message-ID: <9402241651.AA18194@darmstadt.gmd.de>


(see Miburi-san�s posting for a good summary of Bruno Struif�s talk)


<wex at media.mit.edu> asked:
>
>What kind(s) of encryption are being used to protect/sign this information?

well, DES and RSA, of course. The smartcard's operating system provides
this,  plus encrypted communication to the smartcardreader and a
filesystem, for keys and payload data.






From doug at netcom.com  Thu Feb 24 09:52:11 1994
From: doug at netcom.com (Doug Merritt)
Date: Thu, 24 Feb 94 09:52:11 PST
Subject: RATINGS: Subject tags
Message-ID: <199402241752.JAA08805@netcom9.netcom.com>


hughes at ah.com (Eric Hughes) said:
>One of the goals of this arrangement I've proposed is that it can be
>used to rate _any_ existing mailing list.

This kind of thing was discussed quite exhaustively in news.future last
year, and one of the spinoffs was an actual software implementation
which is currently available via ftp. I haven't kept up on it so I
don't know whether it can be used for mailing lists at the moment,
or just for "virtual" newsgroups, but in any case I include three
items of info below.

The first is a finger message from last summer that gives an overview,
the second is an equally old alpha-test message from the primary author
that gives more info, and the third is a recent ftp site announcement from
him. Between the three you should get some notion of what strn
is all about and whether it's worthwhile following up on.

If it does not currently support email lists, perhaps the authors could
be persuaded to add such support. There's also a mention of public
key cryptography below which is somewhat interesting.

Since his address changed over the last 6 months, I took the liberty
of changing references from his old to his new address in the older
two items, to avoid confusion.
	Doug
--
Doug Merritt				doug at netcom.com
Professional Wild-eyed Visionary	Member, Crusaders for a Better Tomorrow

Unicode Novis Cypherpunks Gutenberg Wavelets Conlang Logli Alife HC_III
Computational linguistics Fundamental physics Cogsci SF GA VR CASE TLAs

---------------------------- item one ------------------------

Login name: caadams   			In real life: Clifford A Adams
Directory: /nfs/pavo/u3/caadams     	Shell: /bin/csh
Last login Mon Jul  5 16:59 on ttyp2 from b153_csasm_03.un
Plan:
STRN/USENET Interface Project.

	The strn (Scan/Scoring Threaded ReadNews) program will be the
first software release of the USENET Interface Project.
Strn consists of two major (and some minor) additions to the trn program
(version 3.0) by Wayne Davison/Stan Barber/Larry Wall.  The additions
are over 10000 lines of C code which implement newsgroup selection
menus by user-defined "topics", an interactive article selection mode,
and fast methods of scoring articles with prioritized display and
commands similar to KILLfiles.  An interactive multi-level
documentation browser is also being developed.

USENET Interface Project:
-------------------------
	The purpose of the USENET Interface Project is to
identify and implement methods of dealing with "human bandwidth"
problems of USENET.  Its goal is to allow users to be presented with
the articles they wish to read in the order they wish to read them,
without restricting the posters of articles.  There are currently three
stages planned:

    1. Filtering/Prioritizing
	Given the articles which currently exist, delete the articles
which the user is unlikely to read and present the remaining articles
in the order of their priority (score).  This builds on and enhances
the currently existing mechanisms such as separate hierarchical
newsgroups and KILLfiles.

    2. Suggestion/Addition
	Adds more information to make the filtering/prioritizing
process more accurate (accuracy is measured by how well the presented
order matches the user's wishes).  Rating services may replace
moderated newsgroups, where individuals decide which rating services to
follow and what level of quality is acceptable.  Summarizing and
keywording services can also be made available to allow better
selection and prioritizing.  This stage will introduce problems in
distributing the additional information and security (especially since
the reputation of moderators may become much more important).

    3. Alteration/Change
	The basic idea of this stage is that what the contents of the
original posting are only a suggestion of what the reader will
eventually view.  While the original text would be propagated
unaltered, various people would propagate their suggested editorial
changes (such as hypertext links, spelling or factual corrections,
moderator's notes, or summaries).  What a reader finally views would
be the combination of the original text with the changes of trusted
editors.  Another possibility at this stage would be the "virtual
newsgroup" which is simply a collection of articles chosen by
moderator(s).

	Send me email for more information on any of these projects.

				--Cliff

-- 
Clifford A. Adams  ----------------------- | USENET Interface Project:
457 Ash St. NE      Albuquerque, NM  87106 | Tools for advanced newsreading
STRN (Scan TRN) now in testing: trn 3.0 plus flexible newsgroup menus, fast
article scoring with score ordered display, and merged/virtual newsgroups.

---------------------------- item two ------------------------

>From netcomsv!decwrl!concert!news-feed-1.peachnet.edu!umn.edu!lynx.unm.edu!carina.unm.edu!caadams Mon Jul  5 17:18:39 PDT 1993
From: caadams at access.digex.net (Clifford A Adams)
Newsgroups: news.future
Subject: Virtual newsgroups, ratings, indexes--coming soon?
Date: 23 Jun 1993 03:35:57 GMT
Organization: University of New Mexico, Albuquerque
Message-ID: <208j2tINN342 at lynx.unm.edu>


	The recent discussions on news.future have been very
interesting.  I'd just like to add that I'm working on several ideas
similar to some recent posts, and I hope to have some useful results
in the near future.  For instance, strn is very close to supporting
"virtual newsgroups" consisting of arbitrary articles from arbitrary
newsgroups.  These could be things like "top 20 thread" lists, indexes
similar to alt.sources.index, or moderated subsets of existing groups.

	In the next release strn (Scan TRN) will have merged newsgroups
consisting of all the articles from a set of newsgroups presented together.
(The code works well, but it needs documenting before release.)  Virtual
newsgroups are a fairly easy addition to this which I hope to add next week.
Distributing virtual newsgroup lists is going to be the hard part.
For now I'm looking at a mailing-list approach.  (Ick--I hate mail filters.)

	(Distributing the information using an alt.group with public key
authentication would be easy.  Unfortunately, that doesn't seem
possible in the current political environment.  Anyone who knows
differently is *welcomed* to correct me.  Even weak authentication would
be welcome if unpatented and exportable.)

	In short, some of these schemes might be implemented a few months
from now.  I hope to release strn 0.9.0 (beta) in a "few" weeks--right
now the alpha testing list is semi-closed.  (You *might* be able to
convince me if you try really hard.)  I'd like to talk to people about
new ideas, but I believe that the implementations are more
important--USENET isn't about to run out of new ideas anytime soon. ;)

				--Cliff

P.S.  For more information on strn and the USENET Interface Project, finger
my account: caadams at access.digex.net. I'll email more information on request.
-- 
Clifford A. Adams  caadams at access.digex.net | USENET Interface Project:
457 Ash St. NE     Albuquerque, NM  87106 | Tools for advanced newsreading
Scan/Scoring trn (strn) now in alpha testing: a trn 3.0-based reader with
flexible newsgroup menus and fast article scoring with prioritized display.

---------------------------- item three ------------------------


>From netcomsv!amd!decwrl!decwrl!nic.hookup.net!swrinde!cs.utexas.edu!uunet!digex.net!digex.net!not-for-mail Thu Feb 24 09:39:16 PST 1994
From: caadams at access.digex.net (Clifford A. Adams)
Newsgroups: news.software.readers,news.future
Subject: Strn version 0.9.2 is now available.
Date: 21 Jan 1994 15:45:57 -0500
Organization: Express Access Online Communications, Greenbelt, MD USA
Keywords: strn, newsreader, filtering, prioritizing

[I thought some of the news.future crowd might be interested in some of the
 new developments, especially Internet-sharable virtual newsgroups.]

	Strn (Scan TRN) version 0.9.2 is now available.
See below for FTP sites.  [Some of the uunet mirrors might take a day or
two to get a copy.]

	Strn is based on trn (version 3.4.1 by Wayne Davison), and
contains all of the trn commands and features.  It adds many new
capabilities to trn, such as a newsgroup browser, virtual newsgroups,
scoring/rating of articles, and easy configuration menus.  Strn has
been developed and tested over the past year with the help of more
than 50 alpha testers.  The beta release is intended to make the
current version more widely available, test out some of the new
concepts (such as index-moderation using virtual newsgroups), and
gather suggestions for improvement.

	Strn is still under development, although most of its planned
features are implemented.  Future versions of strn will mainly improve
the documentation, scoring ease-of-use, and configurability of the
program.  Version 1.0 release is expected in a finite amount of time.

Outline of major strn features:
* The "scan mode" interface
    o A consistent full-screen interface for the four scan modes.
        . Implements many common commands such as movement, shell escapes,
          and searching.
        . Common code allows quick development of new scan modes.
    o Uses arrow keys for movement (trn-style 'n' and 'p' are also allowed).
    o X windows mouse selection (when strn is run under "xterm").
* Group scan mode
    o Full-screen interface for newsgroup selection.
    o Can replace the trn newsgroup selector for most purposes.
    o Easy subscription/unsubscription to newsgroups.
    o User-definable and sharable topic hierarchies.
        . Example: one could have an "IBM PC" topic containing
          the groups in comp.sys.ibm.pc.*, comp.os.msdos.*, comp.os.os2,
          and comp.os.ms-windows.*
    o Topic hierarchies can be easily shared:
	. Locally, by adding a link to another user's topics.
	. Remotely, by sending the topic files to other users.
	. Via Internet using Uniform Resource Locators (URLs).
* Virtual scan mode
    o Supports "virtual groups" consisting of articles from any newsgroup.
    o Supports an easy-to-use "hotlist" of selected articles.
    o Merged groups, such as rec.arts.sf.* (all articles in those groups)
    o Virtual group files can be mailed to other users, and (with some setup)
      automatically added to a user's virtual group files.
    o Posted virtual group files can be used directly, allowing easy
      "index-moderated" newsgroups.
    o Virtual newsgroups can be shared via Internet and URLs.
* Article scan mode
    o Subject-based "threading" available.
        . All articles with the same subject can be displayed as one line.
    o Summaries and keywords can be displayed.
    o Articles can be marked and read as a group.
    o Displays articles in either arrival or score order.
      (See below for more information on scoring.)
* Scoring
    o Articles are assigned a score by scoring rules consisting of:
        . Header matching: either exact text or regular expressions.
        . (optional) NewsClip programs.
    o Scoring allows high scoring (interesting) articles to be presented
      before non-scored (ordinary) or negative-scoring (uninteresting) ones.
      For instance, in sci.space, one could give higher scores to
      postings from NASA or JPL, and easily read only those articles.
    o Articles are graded on a continuous scale, rather than a binary
      keep/junk distinction.  (Articles scoring below a threshold
      value can be junked automatically.)
    o Scoring is *fast*, typically limited by I/O times to fetch article
      headers.
    o Scoring rules can be entered with an easy-to-use menu.
    o Scoring can be done from a shell script run by cron/at.
    o Scores are saved to a file so they don't need to be recalculated.
* Online help (help scan mode)
    o Typing 'H' at almost any prompt enters help scan mode.
    o Help scan mode presents menus of documentation, containing:
        . The complete trn manual, broken into sections.
        . Full strn documentation.
        . Introductory USENET documents (such as "What is USENET?").
    o Help files can be easily edited by the local administrator.
* Online configuration
    o Easy menu-based configuration of almost all strn options.
    o Accessible from the newsgroup selector or group scan mode.
    o Configuration changes are automatically saved for the next strn run.
    o Site-wide configuration

Strn version 0.9.2 is available from the following FTP sites:
(North America, Eastern US)
    ftp.uu.net
	/news/trn/strn
    ftp.digex.net
	/pub/news
(North America, Southwest US)
    perseus.unm.edu
	/pub/strn
(United Kingdom)
    src.doc.ic.ac.uk:computing/news/software/readers/trn/strn
(Europe, Netherlands)
    ftp.twi.tudelft.nl
	/pub/news
(South Africa)
    ftp.ee.und.ac.za
	/pub/news/strn

Sample displays [edited to reduce number of lines]:
Article scan mode:
[authors not shown in this sample to protect the guilty :-]:
---------- cut ----------
sci.physics | 790 unread Fold
+....  [  18] (  9) > Some physics questions
+....> [  14] ( 10) > The size of electrons, and Fanciful misc SAGA
+....  [  11] (  4) > Massive Photons Tomorrow (was Scientists Plan...)
+....  [   8] ( 47) > NASA Coverup
                    Keys: Moon Neutral Point calculation
+...x  [   7] (  8) > Gravitation & massless particles (was Re: Some physics qu
+..+.  [   3] (  5) > Question on Hawking radiation
                    Summary: Why don't extremal black holes radiate?
+....  [   3] ( 10) > Background Radiation and Olber's Paradox
+....  [   1] (  1) Covariant vs. Lie Derivative in Gen. Rel.?
-TOP-(score (old>new) order, 100% scored)
---------- cut ----------

Group scan mode:
[Here is the "top" level:]
---------- cut ----------
Top Level | Unread Newsgroups | Top Level
      file> Favorites
      virt  Hotlist
      file  Americast (USA Today)
      file  USENET
      file  Networks
      file  Computers
      file  Amiga!
      file  Social
      file  Games
      file  Recreational
      file  Science
      file  Misc
      file  Hierarchies
      list  All groups in .newsrc
-ALL-
---------- cut ----------
[After selecting the "USENET" entry the screen displays:]
---------- cut ----------
Level 2 | Unread Newsgroups | USENET
+....   31> news.software.readers
+M...    4  news.announce.newgroups
+....    7  news.misc
+....   33  news.software.nn
+....   27  news.future
+....  139  alt.config
+....  201  alt.fan.warlord
+.... 2259  control
      list  foreign news
-ALL-
---------- cut ----------

Virtual scan mode:
---------- cut ----------
Virtual  1 | unread+read | Hotlist
-....  [ 33] >Newsreader authors: Would article replacement break your reader <
-....  [ 18] FAQ use of replaces: <news.software.readers>
-....  [  6] >Using NNRP for something like "nngrab" <news.software.readers>
-....  [  6] rn KILL file FAQ <news.software.readers>
-....  [ -1] Future USENET projections, statistical <news.future>
-....  [ -1] Need more best-of-usenet groups/subj scan <news.misc>
-....  [ -1] More group-related intelligence for Pnews wanted. <news.software.r
-ALL-(score order)
---------- cut ----------

Help scan mode:
---------- cut ----------
Top Level | (type 'h' for help)
 help> Help on help scan mode
topic  Introductory USENET documents
topic  Trn manual information
 help  Strn Quickstart
topic  Introductory strn documentation
topic  Group scan mode
topic  Article scan mode
topic  Virtual scan mode (merged/virtual newsgroups)
topic  Scoring
topic  Digital signatures, cryptography, and USENET
topic  Misc (coding style, troubleshooting, quotes)
topic  Configuration (user and site-wide)
topic  Installation
topic  Version-related information
 help  Credits
-ALL-
---------- cut ----------

Configuration menus:
---------- cut ----------
Strn configuration menu:
0) Exit.
1) Group scan mode.
2) Article scan mode.
3) Virtual scan mode.
4) Scoring.
5) Miscellaneous.
Enter your choice: 2

Article scan configuration menu:
0) Exit.
1) Change the displayed fields.
   (Author, threadcount, summary, etc...)
2) Change ordering and misc. flags.
   (score ordering, fold, follow, etc...)
Enter your choice: 1

Article scan display:
0) Exit.
1) Article number (OFF)
2) Score (ON)
3) Number of articles with same subject (ON)
4) Author (ON)
5) Summary (OFF)
6) Keywords (OFF)
An article will look like this:
+....  [  26] (17) John Q. Public   Subject of the article
Enter your choice:
---------- cut ----------

Authors: (See the strn credits for more information)
STRN	Clifford A. Adams <caadams at access.digex.net>
TRN	Wayne Davison <davison at borland.com>
RN	Stan Barber (current maintainer)
RN	Larry Wall (original author of rn)

					--Cliff
-- 
Clifford A. Adams  caadams at access.digex.net | Author of "strn" (scan trn):
457 Ash St. NE     Albuquerque, NM  87106   | Trn 3.4.1 + virtual newsgroups,
scoring (articles sorted by score), newsgroup menus, online help, and more.
See ftp.uu.net:/news/trn/strn/strn-0.9.2.tar.gz







From paul at poboy.b17c.ingr.com  Thu Feb 24 09:54:46 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Thu, 24 Feb 94 09:54:46 PST
Subject: [CODE] Pay-per-use WWW & Mosaic?
Message-ID: <199402241755.AA21241@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

I want to make a crossbreed between NCSA's httpd 1.1- which already
supports passing PGP signed/encrypted messages between client and
server- and Magic Money.

The result: a pay-to-view information service. It is uncertain about
when I'll get around to it, since my free time is already being spent
working on the Mac version of Nautilus. If anyone's interested, or if
any of our protocolmeisters (yes, that's you, Eric & Hal!) have ideas,
bring 'em on.

- -Paul

- -- 
Paul Robichaux, KD4JZG     | "Let he who is without sin cast the first 
perobich at ingr.com          |  pointer." - Owen Harnett
Intergraph Federal Systems | Be a cryptography user- ask me how.
	       Of course I don't speak for Intergraph.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLWzp7yA78To+806NAQHj/QP9HttikpI7rwtk//J/azu4P+KB1BM9Fa/2
JrIAsUt7yY3fpuJSeuHHq9919zx8kBdApYDfmcs8rr1Q5BQM2ABWZprQktBDUKop
LcMIPh/+Tv2vav15Nbb2I2OoCwmJLb8Qc9YG+HRvzNfX7Xn92ihjleh0h/TJZXaE
GACHMCMHCLE=
=iWcr
-----END PGP SIGNATURE-----





From sergey at delbruck.pharm.sunysb.edu  Thu Feb 24 10:01:19 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Thu, 24 Feb 94 10:01:19 PST
Subject: STEALTH OCEAN
In-Reply-To: <199402241623.IAA08236@well.sf.ca.us>
Message-ID: <Pine.3.89.9402241251.A4692-0100000@delbruck.pharm.sunysb.edu>




On Thu, 24 Feb 1994, Brian D Williams wrote:
 
>  Why not "Parasitize" your program on to Command.com like many
> viruses do? The "Stealth" viruses also employ code that will not
> reveal the change in size to either MEM or CHKDSK, such code can
> also restore the timestamp.

This is a possibility, but one would have to make sure that the resulting
file is indistinguishable from a normal file if one hopes to elude any 
but the most casual observers.  Having a noise block at the beginning of the 
program is definately a telltale sign that something is amiss.  An simple 
dissasembly of the program is all it would take to be sure that the strange
looking noise block doesn't belong.  And, if the moethod you've suggested 
becomes popular, a standard scan of .COM or .EXE files could be implemented
by your opponent(s).

However, this solution might be effected provided that one somehow makes 
the "noise" block look like a legitimate part of the program it has 
parasitized.  It must also pass the dissasembly test.

Another idea might be to make one's "noise" file look like a legitimate
Clipper encrypted file.  Imagine the frustration that would be felt by 
your opponent when even the seemingly appropriate escroe key that he has 
spent months aquiring is of no avail in decrypting the file!  Of course, 
your efforts are going to be for naught when he realizes that your Clipper 
file is nothing of the sort.  :(  Back to square 1.

> 
> 
> Brian Williams
> Extropian
> Cypherpatriot
> 
> "Cryptocosmology: Sufficently advanced comunication is
>                   indistinguishable from noise." --Steve Witham
>  


Sergey







From hayden at krypton.mankato.msus.edu  Thu Feb 24 10:07:28 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Thu, 24 Feb 94 10:07:28 PST
Subject: New mailing list
In-Reply-To: <9402241631.AA23901@media.mit.edu>
Message-ID: <Pine.3.89.9402241206.A3262-0100000@krypton.mankato.msus.edu>


Is it just me or is the need met already by other mailing lists such as 
cypherpunks?

Maybe I just need a better grasp about what this list needs to accomplish 
that is different from the services already out there.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From tcmay at netcom.com  Thu Feb 24 10:15:37 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 24 Feb 94 10:15:37 PST
Subject: Cocaine Inhalers Anonymous and Spooks
In-Reply-To: <199402241448.GAA17814@well.sf.ca.us>
Message-ID: <199402241816.KAA19323@mail.netcom.com>


Brad Dolan writes:

> It's time to leave when...
> ... I can't say what I want.
> ... I can't own a gun.
> ... I can't use good crypto.
> ... I can't leave and enter the U.S. freely.

It's getting closer to this situation in all areas. Entering and
leaving freely is still solid, but talk of checking tax status on both
ends implies this may be lessened. (Don't forget that the main way the
Jews in the USSR were denied exit visas was an argument that they had
not "fulfilled their obligations to the country," that is, that they
had not paid enough taxes.)

Computerized dossiers will make it much easier to check all kinds of
such details on both entering and exiting folks. 

> Somewhat related:  Does anybody find it interesting that no one noted 
> for over a decade that Ames had (1) a lavish lifestyle and (2) a foreign-born
> (Colombian!)  wife.  Normally, spooks aren't allowed either.

In the Ames case, he explained away his Columbian wife and his lavish
lifestyle by telling coworkers she was involved in the CIA's cocaine
business, shipping coke into the Mena, Arkansas airfield with the
blessings of Governor Bill Clinton and Cocaine Inhalers Anonymous. His
coworkers just congratulated him and asked how they could find a
similar deal.

(For the humor-impaired, fearing disinformation, this is only partly true.)

For the cynics, note the *timing* of the announcement on Tuesday. The
Feds have known about Ames for at least 2 years, they claim, and
Clinton was briefed 10 months ago on the charges. And complete media
packet were available at the time of the announcement on Tuesday.

So why the exact timing? Why now?

Probably to derail the Russian peace initiative in Bosnia. To
embarrass Yeltsin. To cause an orgy of Russia-bashing, even though
Russia's great sin was recruiting a mole in the CIA who ratted on the
American mole in the KGB!

And we can't have the Russians sending peace-keeping troops into
Bosnia...that's America's right! Hence, the announcement at this
particular time.

Sleazy? What else would you expect?


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From cknight at crl.com  Thu Feb 24 10:22:46 1994
From: cknight at crl.com (Chris Knight)
Date: Thu, 24 Feb 94 10:22:46 PST
Subject: Rising dishonesty level
In-Reply-To: <199402241448.GAA17814@well.sf.ca.us>
Message-ID: <Pine.3.87.9402241027.A27646-0100000@crl.crl.com>




On Thu, 24 Feb 1994, Brad Dolan wrote:

> *It's bad*   I once had a faint hope that a change in administrations
> would reverse the tide.  I'm over that now.  People from eastern
> Europe recognize a lot of what they see developing here, as a recent
> poster noted.
> 

The problems is that we didn't have a change of administration.  All we 
really got was a president from the other party in our corrupt, two sided 
government.  Neither party really wants to change the system, they both 
thrive in it.  

-ck






From a-ophirr at microsoft.com  Thu Feb 24 10:31:25 1994
From: a-ophirr at microsoft.com (Ophir Ronen (RHO))
Date: Thu, 24 Feb 94 10:31:25 PST
Subject: from the mouth of <the FBI>...
Message-ID: <9402241832.AA23307@netmail2.microsoft.com>


-----BEGIN PGP SIGNED MESSAGE-----

Hello all,

This seminar might be of interest. I am going and will post any
pertinent info.


++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Open to Microsoft employees, vendors, contractors, temps - until we reach room
capacity.

WHAT:	BROWNBAG SEMINAR Sponsored by ITG WW Network Security
WHEN:	Thursday, 24 FEBRUARY 1994,   12:00 NOON-1:00PM
SPEAKER:  Kevin Brock from the FBI will be our guest.
FORMAT:    Short briefing open to questions.

SUBJ:	-FBI concerns about security of intellectual property.
	-Economic espionage vs Industrial espionage.
	-If Microsoft is a target:
	   Who is collecting information?
	   Where is it being collected?
	   How is it being collected?
	-Responsible self-defense

***********************************************************************

Ophir Ronen <a-ophirr at microsoft.com>
KeyID  1024/54FF05 1994/02/16
Key fingerprint =  EA BF 5C 85 F6 C3 A7 8E  AA 48 2A AC B9 BC 4B D2
"did gyre and gimbel yet did not inhale"






From hughes at ah.com  Thu Feb 24 10:38:49 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 24 Feb 94 10:38:49 PST
Subject: RATINGS: Subject tags
In-Reply-To: <199402241752.JAA08805@netcom9.netcom.com>
Message-ID: <9402241838.AA21116@ah.com>


>From my reading of the materials that Doug posted to the list, it
appears that strn uses materials which are mostly intrinsic to the
message base in order to rate articles.  Those ratings which are
shared seem to be binary in nature, simply to include articles in
virtual lists of articles.

The 'strn' package described might be a good place to start for a user
agent, but it seems not to have the social goals that the ratings
proposal I have in mind does.

Eric





From baum at newton.apple.com  Thu Feb 24 10:40:38 1994
From: baum at newton.apple.com (Allen J. Baum)
Date: Thu, 24 Feb 94 10:40:38 PST
Subject: Digitally Signing Physical Objects
Message-ID: <9402241808.AA05601@newton.apple.com>


>> 3. The shop or customer wishing to authenticate the part takes the
>> number stamped on the part, runs it through the *public* key of the
>> manufacturer (widely available, not kept secret, of course) and gets
>> back the feature vector, which he can then compare to what he actually
>> sees on the object.
....

>This seems to have a tricky dependence on the tolerance.  The forger can
>get a valid plaintext and signed feature vector.  So, if the tolerance
>for error is too low, you get false positives, but if it's too high, a
>forger could create something starting from the feature vector.  An
>interesting CAD/CAM problem.

To keep black market forgery part off the market, a 30% tolerance is way
more than enough. There should be no false negatives (making a real part
look fake), but if 1/3 of the forgeries slip through (i.e. 2/3 don't), this
has the affect of driving the forgery price up by a factor of 3,
effectively pricing them out of the market. (Unless the real goods are
overpriced a factor of 3...:-)

**************************************************
* Allen J. Baum            tel. (408)974-3385    *
* Apple Computer, 20525 Mariani Ave,  MS 305-3B  *
* Cupertino, CA 95014      baum at apple.com        *
**************************************************







From drzaphod at brewmeister.xstablu.com  Thu Feb 24 12:47:14 1994
From: drzaphod at brewmeister.xstablu.com (DrZaphod)
Date: Thu, 24 Feb 94 12:47:14 PST
Subject: Net restructure
Message-ID: <m0pZmEc-0003DeC@brewmeister.xstablu.com>


> . . . I think 
> our biggest concern when it happens will be that Clipper like encryption 
> and monitoring will be implmented as a standard.  Who knows maybe the net 
> will be run by the government.
> Reuben Halper
> -anger is a gift- rage aginst the machine/Freedom

	This doesn't stop ordinary [or extraordinary] people from running
their own net.  This net, with in and out ports to other nets, would follow
none of the rules enforced upon our current net.  If they try to cut us out we
simply change our logical location.  

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From fhalper at pilot.njin.net  Thu Feb 24 13:42:33 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Thu, 24 Feb 94 13:42:33 PST
Subject: Net Restructure
Message-ID: <9402242142.AA17967@pilot.njin.net>


>       This doesn't dtop ordinary [or extraordinary] people from running their
> own net.  This net, with in and out ports to other nets, would follow none
of the rules enforced upon our current net.  If they try to cut us out we 
simply change out location.

	I don't think that is logical or feasible, and my point is that the net is
becoming something for the masses now.  The masses won't be as crafty as you
.  I feel that if or when it is restructured the people logging on won't 
be aware of the lack of security or they will have false security.
Reuben Halper






From fhalper at pilot.njin.net  Thu Feb 24 13:43:48 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Thu, 24 Feb 94 13:43:48 PST
Subject: MacPGP help
Message-ID: <9402242143.AA18038@pilot.njin.net>


	Would anyone with fair knowledge of MacPGP help me out.  I mean I REALLY
need help.  
Thanks,
Reuben Halper





From MJMISKI at macc.wisc.edu  Thu Feb 24 13:55:32 1994
From: MJMISKI at macc.wisc.edu (Matthew J Miszewski)
Date: Thu, 24 Feb 94 13:55:32 PST
Subject: New Security/Encryption Corporation - INFORMATION INSIDE (long)
Message-ID: <24022415543640@vms2.macc.wisc.edu>


THIS IS NOT AN ADVERTISEMENT BUT INFORMATION OF GENERAL INTEREST TO CYPHERPUNKS.
IF YOU HAVE NO INTEREST IN DATA SECURITY THROUGH APPLIED CRYPTOGRAPHY PLEASE
DELETE THIS MESSAGE NOW.  SORRY FOR ANY CROSS POSTING.
 
--------------------------------------------------------------------------------
 
 
                      Information Defense Strategies
                                   (IDS)

                       Information Security Services
                          Developed for the World
                            And Applied to Your
                                  Office


Hello All,

  You might be wondering, "Who is this Information Defense
Strategies"?  And, "Why is this in my mailbox"?  And I would say,
"Well, that's a good question".

  About three months ago I announced that a new data security
corporation would be started soon.  Its emphasis would be in the
application of cryptographic protocols already in existence and
the possible development of new ones.  Well, that idea has been
born into IDS.  

  Why have you received this note?  The reasons are varied. 
Either you contacted me with interest in getting involved, or I
have been exposed to your interests in data security through
public exposition of such, or a member of the security community
referred you to me as an entity interested in what we are doing. 
Regardless, you have received this note because you are qualified
in one or many ways to get involved.

  Many of you are already related to some sort of computer
profession right now.  This note is to let you know we are out
there, and are interested in building bridges to your
organization.  Please read through the information provided below
and provide feedback if you can.  

  Many people have been anxious to see this get started, as of
course I have been also.  Finally, a description has been put
together.  Through the next round of feedback, we will be ready
to begin.  It is exciting to be starting out and applying ideas
that have floated around for some time.  This might be one of the
first virtual corporations to have been born as such.  I would
like that sort of cutting edge to remain our vanguard at IDS. 
And I would like all of you to be a part of it.


Matthew J. Miszewski
Information Defense Strategies (IDS)

-----------------------8<-------------------------8<-------------

Please Distribute To Qualified Parties of Interest
Direct all electronic correspondence to:

        mjmiski at macc.wisc.edu

Snail Mail to:

        Matthew J. Miszewski
        509 N. Lake Street, Suite 504
        Madison, WI  53703
        608-255-9871




Applied Cryptography

  No not the book (although I highly recommend it).  IDS will
base most of its robust security strategies upon encryption. 
Being well aware of ITAR we will be careful and yet aggressive in
our application.

  I have targeted two areas for immediate concentration, Smart
Card technology and encrypted challenge/response access systems. 
I am, of course, interested in much research and future
development in other areas.  These two are merely the most
immediate opportunity.

  To remain on the cutting edge, IDS will need to be very active
in Research and Development.  Many people are moving towards
applied cryptography.  It is personally important to me that IDS
be there at the same time if not before others.

Security Services

  We will basically provide four security services. 
Consultation, evaluation, Tiger Teams, and IDS Custom Installs. 
We will consult for firms with a general interest in security as
well as those that are well established in the field.  This
consultation will be general in nature and very affordable.

  IDS will also evaluate a firm's current security status.  This
service will offer our clients the opportunity to have a third
party objectively review their security.  A report of weaknesses
will be generated from our evaluation.  

  IDS may offer clients a Tiger Team ongoing contract.  This will
consist of teams actively attempting to covertly breach security
in order to actively discover and immediately close undiscovered
security holes.  The insurance provisions of this area are
tentative and pending and therefore this aspect of IDS is still
tentative.

  Finally, we will offer IDS Custom Installs.  These will vary
from unique IDS developed Strategies to already developed
strategies.  Our custom security front ends will be constantly
updated and evaluated.  Third party product partnerships will
increase our viability as well as increase the availability of
robust security products.

Platforms

  The data related operating system platforms we will deal with
will attempt to be comprehensive if not exhaustive.  In order to
tap our targeted market we must be diverse.  While I personally
would love a concentration in Unix work, the reality is that many
of our clients will be LAN based machines of the personal
variety.  We will therefore need specialists in lower level
systems (PC, MAC, etc).


Telephony

  Toll fraud can be devastating to smaller businesses.  The days
of "blue boxing" exploration appears to be over in this country. 
Unfortunately, the replacement, at least to a certain extent, is
PBX and VMS abuse.  In fact most people in business have been
told that it is not a matter of if your PBX will be hit, but
rather when.

  In addition Voice Mail Systems (VMS) are being utilized across
the country without authorization.  While some unauthorized users
might mean no harm, there is no way to assure that malicious
abuse does not occur.  Valuable information may be left to the
conscience of the underground community.  Applying cryptography
to this problem will be part of our charge.

  From front ends to challenge/response, there are many
opportunities in this market.  Making this security affordable
will be our answer to this dilemma.

IDS Basic Philosophy

  Data Security is VERY important.  It is no longer just
important to huge corporations, but to everyone.  Affordable
security consulting and products will help make small business
information more secure.  While CERT attempts much, it is slow to
respond and many questions are still unanswered about its funding
and allegiances.  It is time to not only make security available
but accessible.  That is why IDS will exist.

  An incredibly large market is being overlooked by the elite of
security professionals.  IDS will address this void in the
market.  All people deserve good data protection.  We can offer
it.

  The plan is that IDS will actively pursue the myriads of
offices around the nation with data to protect.  From every small
law firm with a voice mail system to an accounting firm with
several LANs to a sales force that needs easy access but is still
concerned with protecting its data, we can offer tailor made
security strategies.  Our profit (future) will be based on
horizontal integration, in other words we will not profit by
selling high price tickets to the few that can afford it but
rather massive application of moderate priced strategies to
everyone we can contact.

  There are a number of other points I will make in future
communications.  I plan on having a virtual office that may offer
digital cash sales in the future.  We may develop a low level net
for our own communications.  Partnerships will need to be
developed as well as some manufacturing research.  But I wanted
to give those interested an introduction.  If you are still
interested I will send you the next update.  Please respond
either way so I know whom to keep on the list.

More details to come....

Matthew J. Miszewski
IDS

 
______________________________________________________________________________
In defense of liberty, encrypt for all purposes, civil and professional.
In defense of privacy, encrypt all correspondence, personal and professional.
In defense of sanity, do not encrypt your dry cleaning invoice!
 
       ++++++++--------mjmiski at macc.wisc.edu                          (c)1993





From a-ophirr at microsoft.com  Thu Feb 24 14:03:21 1994
From: a-ophirr at microsoft.com (Ophir Ronen (RHO))
Date: Thu, 24 Feb 94 14:03:21 PST
Subject: No Subject
Message-ID: <9402242204.AA01842@netmail2.microsoft.com>


hmmmmm,

The meeting was not too interesting, we did not get into Clipper or the 
FBI wiretap proposal. That will be discussed in a few weeks.

			-Ophir





From an69654 at anon.penet.fi  Thu Feb 24 15:35:02 1994
From: an69654 at anon.penet.fi (r-man)
Date: Thu, 24 Feb 94 15:35:02 PST
Subject: Viacrypt at NCSC ?
Message-ID: <9402242320.AA29930@anon.penet.fi>



Why does at least one person from Viacrypt have an e-mail address
at dockmaster.ncsc.mil ? 

Is there an association between Viacrypt and the NCSC, or does the
NCSC give out accounts to those in the business ?

-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From pmetzger at lehman.com  Thu Feb 24 15:54:09 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 24 Feb 94 15:54:09 PST
Subject: Viacrypt at NCSC ?
In-Reply-To: <9402242320.AA29930@anon.penet.fi>
Message-ID: <9402242353.AA19501@andria.lehman.com>



r-man says:
> 
> Why does at least one person from Viacrypt have an e-mail address
> at dockmaster.ncsc.mil ? 
> 
> Is there an association between Viacrypt and the NCSC, or does the
> NCSC give out accounts to those in the business ?

The latter. Almost anyone can get an account on dockmaster just for
the asking.

Perry





From fnerd at smds.com  Thu Feb 24 16:13:48 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Thu, 24 Feb 94 16:13:48 PST
Subject: Digitally Signing Physical Objects
Message-ID: <9402250005.AA16110@smds.com>


i wrote-
> >[Physical signature]
> > seems to have a tricky dependence on the tolerance.  The forger can
> >get a valid plaintext and signed feature vector.  So, if the tolerance
> >for error is too low, you get false positives, but if it's too high, a
> >forger could create something starting from the feature vector.  An
> >interesting CAD/CAM problem.

Allen J. Baum replied-

> To keep black market forgery part off the market, a 30% tolerance is way
> more than enough. There should be no false negatives (making a real part
> look fake), but if 1/3 of the forgeries slip through (i.e. 2/3 don't), this
> has the affect of driving the forgery price up by a factor of 3,
> effectively pricing them out of the market. 

I don't see how you factor out the variables of the resolution, what
physical property is scanned, etc.  For some combinations, it would be easy 
to forge 100% matches.  For others, it would be hard to get a 30% match on
the original object...  Maybe the whole scheme could be improved by a
trap-door function that has built-in error-tolerance.  (By the way, if 
anybody knows about fuzzy hash functions, please write me; I'm curious for
other reasons.)

> (Unless the real goods are overpriced a factor of 3...:-)

Isn't Great Art overpriced by thousands of times, in terms of reproduction
cost?  Anyway, a 2/3 rejection rate would be tough.

-fnerd
quote me


- - - - - - - - - - - - - - -
We shall have to evolve
Problem solvers galore
As each problem they solve
Creates ten problems more. --Piet Hein
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From wcs at anchor.ho.att.com  Thu Feb 24 16:17:26 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 24 Feb 94 16:17:26 PST
Subject: Clipper
Message-ID: <9402250016.AA13044@anchor.ho.att.com>


Clipper is currently only rated for non-classified use.
It could be done securely, assuming there aren't any unannounced backdoors,
by simply using chips for which the keys are not escrowed, or are only
held by the military and protected with certain classification levels,
but they'd have to do a couple of things to use it.
The most important is making sure that a secure Clipperphone
is only used to talk to other secure Clipperphones,
and in addition you'd probably want to make sure the users
have some way of knowing they're talking to appropirately cleared users,
since it's sometimes hard to tell if the voice on teh other end of the phone
really has the authorization it claims it does.  
Features like these are built into STU-II and other classified-use approved
phones, but aren't likely to be built into vanilla Clipperphones.
It may be possible to do that with Tessera, though; I'd have to see more
information than they're likely to give out....

	Bill
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465






From wcs at anchor.ho.att.com  Thu Feb 24 16:22:51 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 24 Feb 94 16:22:51 PST
Subject: ironic
Message-ID: <9402250021.AA13220@anchor.ho.att.com>


For that matter, it's ironic, though not at all surprising, that they're
crying foul so loudly that this KGB mole in the CIA is giving away the
identities of CIA moles in the KGB.  Fair
's fair, after all....  Though that doesn't mean he has any room to complain
if he gets treated teh way the Russians treated the CIA spies in their midst.

On the other hand, the papers did make a big deal about how they used
wiretaps to help catch the guy, and that they've known about him for a while;
is this all timed to support the "voluntary" Clipper and the 
mandatory Digital Telephony wiretap projects?

# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From mnemonic at eff.org  Thu Feb 24 16:44:20 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Thu, 24 Feb 94 16:44:20 PST
Subject: story on digital telephony from today's Washington Post (fwd)
Message-ID: <199402250044.TAA04129@eff.org>


The Washington Post
February 24, 1994
Business Section, first page

FBI, Justice Seek High-Tech Surveillance Guarantees
by John Mintz and John Schwartz
Washington Post Staff Writers

The FBI and the Justice Department are fearful that increasing
sophistication in communications technology will keep investigators from
tapping phones and computers and are seeking legislative guarantees that
wiretaps will continue to be technically possible.

The Bush administration proposed a similar bill in 1992, but withdrew it
after industry officials and civil libertarians bitterly denounced it. 
Although the Clinton administration's new version differs in some ways from
the old one, opponents said it too is flawed.

Administration officials will outline their proposal today at the White
House for communications executives.

"We see this bill as a potential blueprint for an electronic surveillance
society," said Jerry Berman, executive director of the Electronic Frontier
Foundation and spokesman for a coalition of civil-liberties groups and
high-technology firms.

FBI Director Louis J. Freeh said in a speech last week that the new
technologies and a "lack of support" by some communications executives mean
"the country will be unable to protect itself against terrorism, violent
crime, foreign threats, drug trafficking, espionage" and other crimes.

Berman said that designing peepholes into the nation's rapidly expanding
information infrastructure will do far more than guarantee law enforcement
agencies the ability to tap phones.

As more and more activities of everyday life go "on-line" -- from home
banking to video-on-demand selections -- the initiative would provide
snoopers with a profile of how citizens live, work and play, he said.

The new bill would give the attorney general broad power to demand that
communications gear be designed to guarantee that investigators would have
access to it, and sets stiff penalties for firms that don't comply.

The bill would allow the attorney general to seek fines of $10,000 a day
for firms that don't provide access or, in some cases, to shut them down. 
A copy of the bill and the administration's analysis have been obtained by
The Washington Post.

Industry executives voiced concern that redesigning U.S. communications
networks to accommodate the proposed legislation would cost more than the
FBI's $300 million estimate.  Under the FBI plan, taxpayers, not telephone
ratepayers, would foot the bill.

The FBI and the Justice Department say the initiative would not expand
their power, but would ensure access to the type of communications they
have been entitled to tap for years.

Administration officials say such authority was granted in 1970 amendments
to the Omnibus Crime Control and Safe Streets Act of 1968.  But the
communications industry at that time consisted mostly of AT&T.  Not only
has technology become more complex, but a host of new players have entered
the field, including the "Baby Bell" regional phone companies, cable firms,
computer companies and more.

The FBI is concerned about a host of new phone services, including "call
forwarding," under which calls are bounced from phone to phone and, in
turn, defeat investigators searching for a call's final destination.

Moreover, the FBI says many cellular phone systems provide only limited
"ports," or entryways, for tapping.  In the mid-1980s, New York City's
cellular system provided only five "ports" for tapping, meaning
investigators often waited in line.

The new bill dropped a requirement in the 1992 proposal that would have
insisted that corporate switchboards accommodate wiretaps.

The new bill applies mainly to "common carriers."  That term usually refers
to phone firms or transportation companies, but in this bill could be
interpreted to include cable firms and others.  Computer and
telecommunications equipment firms also would be required to provide access
for investigators.

The bill would require phone firms, on law enforcement's request, to
provide up-to-the-second records on every call to and from any phone.  The
new bill would allow investigators to gather the information more quickly
than ever before, and from their offices.  Under current law and under the
new bill, investigators can obtain such data relatively easily -- by
persuading a judge that it's "relevant" to an ongoing criminal probe.

Philip Servidea, government affairs director for AT&T, said the company has
long believed a new law is unnecessary.  "The legislation will have to have
come a long sight from the last version to be acceptable," he said.

"This makes the development of the communications industry a law
enforcement matter," said Janlori Goldman, a privacy expert at the American
Civil Liberties Union.  "We're very concerned."

Sen. Patrick J. Leahy (D-Vt.) said that while he looks forward to working
with Freeh to update wiretap laws, giving the government "final say in how
far and how fast technology advances" could "jeopardize the legitimate
concerns of business."







From wcs at anchor.ho.att.com  Thu Feb 24 17:00:29 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 24 Feb 94 17:00:29 PST
Subject: Stealth PGP and Stegonagraphy (Summary)
Message-ID: <9402250059.AA14052@anchor.ho.att.com>


Hiding the file in deleted sectors on the disk has a number of problems.
1) It's highly non-portable.
2) If the Bad Guys are looking for contraband files, either they're competent
   or they're not.  If they're competent, they'll certainly notice your 
   weird drivers and TSRs holding the disk stuff around.
   Your virus-checking software may notice it also :-)
3) If the Bad Guys aren't competent enough, you can get by either hiding
   the file under an innocuous name (e.g. boring.dat), or you can go
   a bit farther by using mimic functions or other steganographic techniques
   to make the file really look like something boring.

4) If the Bad Guys are competent, and they suspect you, they may try
   using Norton UnErase or similar ommands to recover the stuff anyway.

Fractals are a good place to hide stuff, since random-looking low-order bits
could come from steganography, or could just be from the fractal itself;
it's really hard to tell since it's tough to regenerate unless you know the
precise starting parameters and machine behavior.  You could probably hide
4 bits per byte without major visibility instead of the 1 bit/byte you
typically can get away with in normal gifs.

More important is making sure your encryption program doesn't have
incriminating stuff visible in it, such as "BEGIN PGP STUFF" character
strings in the object code....

	Bill





From cort at ecn.purdue.edu  Thu Feb 24 17:01:16 1994
From: cort at ecn.purdue.edu (cort)
Date: Thu, 24 Feb 94 17:01:16 PST
Subject: No Subject
Message-ID: <9402250101.AA05179@en.ecn.purdue.edu>


              Kinda-Fair-Secret Message Passing
                           -OR-
                  Self-Decrypting Messages


I have an IDEA.  It may have already been thought of....

Problem:
  - PGP is great, but like so many infant technologies,
    encryption programs are not quite "turnkey".
  - Many people do not have PGP installed.  I want to send
    messages to some of these people.  (Oh, I know, a true
    geek doesn't bother to communicate with PlaintextPunks!)

Solution:
  - Securely encrypted messages with programmable "key
    question" and "response key" for self-decryption.

Scenario:
  Fred wants to send a message to Ida.  Fred is a cypherpunk
  and is quite proficient with PGP.  However, Ida is not
  set up with PGP and does not desire to learn PK cryptography.
  Fred and Ida know each other (or something about each other).

  Fred sends a self-decrypting message to Ida in an executable
  file.  Ida simply receives the file and executes it.  (This
  is analogous to self-extracting zip files.)

  When the file is executed, it will ask Ida a question that Fred
  has set up (with her in mind).  This question will ideally be
  answerable only by Ida.  If Ida answers correctly, her response
  will form a key to decrypt the message.

I have thought a bit about the implementation.  It seems that
it may be pretty simple to do using PGP Tools.  The passphrase
recognition could use a one-way function (MD5?).  IDEA could
be the encryption algorithm.  RSA is not needed.

The tricky part is providing an executable file while providing
a little bit of instruction at the front of this file (to instruct
the recipient to down-load and execute).

Also, it seems that an assumption of recipient platform (e.g. DOS,
Unix, etc.) may be necessary.  Uuencoding or similar ASCII/binary
conversion may be required.

Comments?  Would someone do this?  Does it already exist?

It would be a nice augmentation to the PGP package!

Cort.
-- 
cort at cc.purdue.edu





From wcs at anchor.ho.att.com  Thu Feb 24 17:08:52 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 24 Feb 94 17:08:52 PST
Subject: Clipper is Voluntary?  Hah!
Message-ID: <9402250107.AA14133@anchor.ho.att.com>


Of *course* it's voluntary.  You don't have to use it!
(Pay no attention to that Digital Telephony Bill beind the curtain!)

Actually, it *is* voluntary - for the government.  They don't have to use it,
at least not currently, and they'll still leave themselves loopholes for
use of anything they want for national security, etc.

Bill





From warlord at MIT.EDU  Thu Feb 24 17:20:32 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 24 Feb 94 17:20:32 PST
Subject: No Subject
In-Reply-To: <9402250101.AA05179@en.ecn.purdue.edu>
Message-ID: <9402250120.AA12855@toxicwaste.media.mit.edu>


An interesting idea, although highly unpracticable.  Sending a binary
is nearly impossible.  As an example, I have at my disposal (and I log
into regularly) at least 6 different platforms.  All Unix, but each
one would require its own binary!

This doesn't mean that your idea has no merit.  On the other hand, it
is an interesting key distribution model.  Except there are a number
of problems that I can see.  First, anything you know about the person
is something that someone else could probably do a little research and
find out as well.  This inherently means it is not a very secure
channel, rather it is only moderately secure.

Also, there is no way to meet your goal of "no external binary
needed."  There may be a few things you can do in lieu of this, but
all of them require some knowledge of the recipient hardware system.
But in a case such as mine, even that wouldn't help (do you send it
for an RT, Vax, Decmips, RS6000, Alpha, Linux, Sun386i, Next, ...?)

Like I said, its an interesting key distribution model, but I do not
see any way to realize it under your assumptions.

-derek






From pkm at maths.uq.oz.au  Thu Feb 24 17:26:18 1994
From: pkm at maths.uq.oz.au (Peter Murphy)
Date: Thu, 24 Feb 94 17:26:18 PST
Subject: An Australian Clipper!
Message-ID: <9402250125.AA09700@axiom.maths.uq.oz.au>


Does anyone know if there is any proposals (whether tentative or as a bill)
to introduce some equivalent of Clipper into Australia. I have only heard
about it when my cryptology lecturer alluded to it. When I pressed him further,
he said that he didn't have any hard information, but noted that the
Australian government were looking at the American Clipper proposal with
some interest. I find this very disquieting. Any comments or information
would be appreciated. Thank you.

Peter Murphy. (pkm at axiom.uq.oz.au)






From CCGARY at MIZZOU1.missouri.edu  Thu Feb 24 17:28:16 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Thu, 24 Feb 94 17:28:16 PST
Subject: WE WANT SELF DECRYPTING STENOGRAPHY NOW!
Message-ID: <9402250128.AA08345@toad.com>



   What is SELF-DECRYPTING STENOGRAPHY? Something like a self-extracting
PKZIP file. Its definition would be: picture + password = plaintext.

   Its utility? Imagine a bunch of state agents searching your pc
& they find a subdirectory of pretty pictures. The stenography has no
telltale flag or tag. No embarrassing arguments with a judge about
passwords or contempt or court. No hassles with customs agents. No
interceptions of internet code pointing you out as a dangerous
dissident or freeman. Just a bunch of pretty pictures!

   Admittedly, programming it could be a bitch. But then, succeeding
with it would put your reputation up there with Zimmerman & the RSA
discoverers. It would also give us all a wonderfully safe method of
encryption. The encryption engine itself could be of our own choosing.
I would recommend IDEA.

   Your programming job would consist of 2 problems. 1. The method
of taking out your already encrypted data from a picture.
2. the bootstrapping method of having the picture with password unravel
itself.  One might be a little difficult but I would guess it would just
be some assembler drudge work, taking a month or two if you are
experienced. Two might be very tricky & you might be forced to resort to
a small hidden or remembered xor type assembly program.

   Only the decryptor would be tricky. The encryptor would be much
simpler since it would all be hidden in a pretty picture!

   When strong cryptography is outlawed, only outlaws with
SELF-DECRYPTING STENOGRAPHY will converse with impunity.


                                      GO TEAM GO! GO TEAM GO!
                                      PUSH EM BACK! PUSH EM BACK!
                                      WWWAAAAAYYYYYY  BBAACCKKK!
                                      BBBEEEAAATTTT STATE!





From mg5n+ at andrew.cmu.edu  Thu Feb 24 17:31:37 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Thu, 24 Feb 94 17:31:37 PST
Subject: 
In-Reply-To: <9402250101.AA05179@en.ecn.purdue.edu>
Message-ID: <khPJFv200awNIDs0Vy@andrew.cmu.edu>


cort at ecn.purdue.edu wrote:

>  Fred wants to send a message to Ida.  Fred is a cypherpunk
>  and is quite proficient with PGP.  However, Ida is not
>  set up with PGP and does not desire to learn PK cryptography.
>  Fred and Ida know each other (or something about each other).
>
>  Fred sends a self-decrypting message to Ida in an executable
>  file.  Ida simply receives the file and executes it.  (This
>  is analogous to self-extracting zip files.)
>
>  When the file is executed, it will ask Ida a question that Fred
>  has set up (with her in mind).  This question will ideally be
>  answerable only by Ida.  If Ida answers correctly, her response
>  will form a key to decrypt the message.
...

> The tricky part is providing an executable file while providing
> a little bit of instruction at the front of this file (to instruct
> the recipient to down-load and execute).
> 
> Also, it seems that an assumption of recipient platform (e.g. DOS,
> Unix, etc.) may be necessary.  Uuencoding or similar ASCII/binary
> conversion may be required.
> 
> Comments?  Would someone do this?  Does it already exist?
> 
> It would be a nice augmentation to the PGP package!

All sounds great, but there is one problem - Ida has to download the
file, uudecode it and run it.  I don't see how that's any easier than
downloading it and running pgp...  If Ida is computer-illiterate and
can't download a file and decrypt it with pgp, it wouldn't be reasonable
to expect her to download it and run uudecode.

I think you may have a good idea here, but it's not really ideal for
cryptography.  As Thomas Edison was fond of saying, just because
something doesn't do what you want doesn't mean it's useless.  Perhaps
you should consider the project from a different approach - such as for
self-extracting graphical email.  I know a lot of people who would like
to be able to doodle graphical images in their email, as well as a lot
of hardware hackers that would like to draw circuit diagrams and such. 
Seems like self-extracting graphical email would be ideal for these
purposes.  And of course, you would want to protect it with crypto too.
:)





From smb at research.att.com  Thu Feb 24 17:35:47 1994
From: smb at research.att.com (smb at research.att.com)
Date: Thu, 24 Feb 94 17:35:47 PST
Subject: No Subject
Message-ID: <9402250135.AA08514@toad.com>


And there's also the question of whether or not I'm going to
execute a random program that you've sent me, allegedly to do
a decryption....





From cort at ecn.purdue.edu  Thu Feb 24 17:38:15 1994
From: cort at ecn.purdue.edu (cort)
Date: Thu, 24 Feb 94 17:38:15 PST
Subject: self-decrypting messages
In-Reply-To: <9402250120.AA12855@toxicwaste.media.mit.edu>
Message-ID: <9402250137.AA08458@en.ecn.purdue.edu>


> 
> An interesting idea, although highly unpracticable.  Sending a binary
> is nearly impossible.  As an example, I have at my disposal (and I log
> into regularly) at least 6 different platforms.  All Unix, but each
> one would require its own binary!

I assume you mean embedded binary (under radix 64).  In Unix land,
uudecode could be assumed or a script version of radix decoding
could run against itself.

You are quite correct in assumption of platform.  This is a bummer.
The ubiquity of DOS makes this a bother rather than a block.  (I'll
bet even you at least _see_ a DOS box occasionally!  :)

> 
> This doesn't mean that your idea has no merit.  On the other hand, it
> is an interesting key distribution model.  Except there are a number
> of problems that I can see.  First, anything you know about the person
> is something that someone else could probably do a little research and
> find out as well.  This inherently means it is not a very secure
> channel, rather it is only moderately secure.

"Ida, remember our last conversation....  who were we talking
about?  (Please provide full name properly capitalized.)"
"Ida, you and I were reading the newspaper in the break room the
other day.  We discussed a point of mutual interest.  What was it?"

The less intimately I know the recipient, the tougher it is to
formulate a good question.

I agree, moderately secure.

> 
> Also, there is no way to meet your goal of "no external binary
> needed."  There may be a few things you can do in lieu of this, but
> all of them require some knowledge of the recipient hardware system.
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Yes.  :(

> But in a case such as mine, even that wouldn't help (do you send it
> for an RT, Vax, Decmips, RS6000, Alpha, Linux, Sun386i, Next, ...?)
> 
> Like I said, its an interesting key distribution model, but I do not
> see any way to realize it under your assumptions.
> 
> -derek
> 
> 





From hughes at ah.com  Thu Feb 24 18:01:40 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 24 Feb 94 18:01:40 PST
Subject: No Subject
In-Reply-To: <9402250135.AA08514@toad.com>
Message-ID: <9402250201.AA22102@ah.com>


>And there's also the question of whether or not I'm going to
>execute a random program that you've sent me, 

And one usual method to verify external binaries is with a digital
signature, which brings us back to square one.

Eric






From geoffw at internex.net  Thu Feb 24 18:14:38 1994
From: geoffw at internex.net (Geoff White)
Date: Thu, 24 Feb 94 18:14:38 PST
Subject: Clinton Uses E-Mail to Respond to Swedish Prime Minister Feb 18 (fwd)
Message-ID: <9402250215.AA11930@gaia.internex.net>


Subject: 2532 Clinton Uses E-Mail to Respond to Swedish Prime Minister Feb 18

Clinton Uses E-Mail to Respond to Swedish Prime Minister            Feb 18
SUPERHIGHWAY REPORT                                                HPCwire
=============================================================================

  Washington, D.C. -- President Clinton exchanged the first-ever electronic
message with another head of government on February 4.

   According to reports from the Associated Press, the White House said the
computer messages, commonly called E-mail, started with a "Dear Bill"
electronic letter from Swedish Prime Minister Carl Bildt. Clinton responded
the next day with a "Dear Carl" E-Mail.

  In his message, AP reports, Bildt said he was testing the global Internet
system. He congratulated Clinton on ending the trade embargo on Vietnam and
said he will take up the issue of Americans taken prisoner or missing in
action in that country when he visits Hanoi in April. "Sweden is -- as you
know -- one of the leading countries in the world in the field of
telecommunications, and it is only appropriate that we should be among the
first to use the Internet also for political contacts and communications
around the globe, Yours, Carl." Bildt concluded.

  Clinton's reply -- "Dear Carl: "I appreciate your support for my decision
to end the trade embargo on Vietnam and thank you for all that Sweden has
done on the question of the POW-MIAS. I share your enthusiasm for the
potential of emerging communications technologies. This demonstration of
electronic communications is an important step toward building a global
information superhighway. Sincerely, Bill."
*****************************************************************************
                    H P C W I R E    S P O N S O R S
       Product specifications and company information in this section
           are available to both subscribers and non-subscribers.

 901) ANS                 902) IBM Corp.           904) Intel SSD
 905) Maximum Strategy    906) nCUBE               907) Digital Equipment
 909) Fujitsu America     912) Avalon Computer     914) Applied Parallel Res.
 915) Genias Software     916) MasPar Computer     919) Transtech Parallel
 921) Cray Research Inc.
*****************************************************************************
Copyright 1993 HPCwire.
To receive the weekly HPC Select News Bulletin at no charge, send e-mail to
"trial at hpcwire.ans.net". 



----- End Included Message -----





From TO1SITTLER at APSICC.APS.EDU  Thu Feb 24 18:59:26 1994
From: TO1SITTLER at APSICC.APS.EDU (Kragen J. Sittler)
Date: Thu, 24 Feb 94 18:59:26 PST
Subject: Infomercials, FUD... time?
Message-ID: <940224195739.cdc8@APSICC.APS.EDU>


Despite all our word-of-mouth and -of-net efforts, the general public knows
little or nothing about the Clipper issue.  Perhaps it's time to let them
know what's going on... not in an article buried on the third page (?) of the
New York Times, not in an article on page 30 of Time Magazine, but in some
way which lets them know the real facts.

I suggest that we air an infomercial, or series thereof, urging the citizens
of the US to protest.  Phone calls to religious groups, special-interest
newsletters, and even mainstream newscasters would also be a help.

Most of us cypherpunks have little income.  A few, such as Winston Timothy
C. May, have enough for an infomercial or two.  But there is supposedly an
industry coalition headed by Novell to oppose Clipper.  Is there anyone here
who can successfully solicit these companies for money?

I don't know enough details to do this.  I don't know the cost of a half-hour
infomercial on a national network at 11:00 at night.  But I know it can be
bought.

I don't know which companies are involved in the coalition.  Nor do I know
how committed they are.  But I suspect we could raise enough money... and we
do have a number of experienced public speakers and broadcasters among us.

If the public knows the facts, just the known, confirmed facts, many of them
will be outraged.  The response that a single half-hour infomercial could
produce in a nation of 260 million would make the puny tens of thousands of 
votes on the CPSR petition look insignificant... as indeed they are.

C'mon folks... what's stopping us?

Kragen





From wcs at anchor.ho.att.com  Thu Feb 24 19:15:13 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 24 Feb 94 19:15:13 PST
Subject: Sending encrypted stuff to non-PGP users.
Message-ID: <9402250314.AA14972@anchor.ho.att.com>


PGP already lets you do almost what you want.
The pgp -c option does conventional crypto, using IDEA, and prompts you
for a passphrase to encrypt it with.  (You can look at the code to see
if it crunches it with MD5 or just uses the first 16 bytes / 128 bits.)
To decrypt, you just do pgp -d filename.
This lets anybody who has the PGP binaries on their machine decrypt it,
even if they haven't bothered setting up public and private keys.
If they use DOS, and either you're located in an encryption-tolerant country
or they're located in your country, you can send them the binary if they want.

If this is too big, you can shred apart the PGP source and do a version with
just the IDEA decryption stuff, leaving out the patent-sensitive RSA code
and most of the fancy help and file-handling stuff.

Of course, if you *still* really want something that's widely executable
for people who don't want to install crypto code on their machines,
you could write yourself an IDEA-decryptor in PostScript (tm) and let them
print the file on their laser printer.  A tad slow, but......
(Yes, they'll need some way to input the passphrase; editing the file works
but leaves traces around.  You'll think of something user-friendly if you're
that perverse :-)

		Bill
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From peace at BIX.com  Thu Feb 24 19:27:25 1994
From: peace at BIX.com (peace at BIX.com)
Date: Thu, 24 Feb 94 19:27:25 PST
Subject: Clipper
In-Reply-To: <9402250016.AA13044@anchor.ho.att.com>
Message-ID: <9402242209.memo.27007@BIX.com>


It may be true that Clipper has not been qualified yet for classified
data, I not sure about that, but Tessera will be used in DMS, the
defense messaging system.  That WILL carry classified info.

Peace ..Tom





From elric at umich.edu  Thu Feb 24 19:28:12 1994
From: elric at umich.edu (Elric of Melnibone)
Date: Thu, 24 Feb 94 19:28:12 PST
Subject: Infomercials, FUD... time?
In-Reply-To: <940224195739.cdc8@APSICC.APS.EDU>
Message-ID: <Pine.3.89.9402242233.C23199-0100000@frost.ccs.itd.umich.edu>


On Thu, 24 Feb 1994, Kragen J. Sittler wrote:

> I suggest that we air an infomercial, or series thereof, urging the citizens
> of the US to protest.  Phone calls to religious groups, special-interest
> newsletters, and even mainstream newscasters would also be a help.

calling the 700 club would be a good start for religious groups they 
already dislike the Clipper chip

> Most of us cypherpunks have little income.  A few, such as Winston Timothy
> C. May, have enough for an infomercial or two.  But there is supposedly an
> industry coalition headed by Novell to oppose Clipper.  Is there anyone here
> who can successfully solicit these companies for money?

what about pooling our resources, im sure we have enough subscribers that 
might like to DONATE money for info-mercials. Hell, im not rich but i can 
spare some dollars for this

> I don't know enough details to do this.  I don't know the cost of a half-hour
> infomercial on a national network at 11:00 at night.  But I know it can be
> bought.

howabout some time on CNN and FCN??
> 
> I don't know which companies are involved in the coalition.  Nor do I know
> how committed they are.  But I suspect we could raise enough money... and we
> do have a number of experienced public speakers and broadcasters among us.
> 
> If the public knows the facts, just the known, confirmed facts, many of them
> will be outraged.  The response that a single half-hour infomercial could
> produce in a nation of 260 million would make the puny tens of thousands of 
> votes on the CPSR petition look insignificant... as indeed they are.
> 
> C'mon folks... what's stopping us?

The government could try :-)
> Kragen
> 



                      />
                     /<
            O[\\\\\\(O):::<======================================-
                     \<   Blood and Souls             <\
                      \>          For My Lord Arioch   >\
            -======================================>:::(0)//////]O
                                                       >/
                                                      </
Elric at umich.edu







From tomh at bambi.ccs.fau.edu  Thu Feb 24 19:41:25 1994
From: tomh at bambi.ccs.fau.edu (Tom Holroyd)
Date: Thu, 24 Feb 94 19:41:25 PST
Subject: WE WANT SELF DECRYPTING STENOGRAPHY NOW!
Message-ID: <9402250339.AA14924@bambi.ccs.fau.edu>


Any software for hiding data in fractals would have the problem that
people would eventually learn to recognize the type of fractal.  Thus
when the FBI digs through your PC, they'd find the fractals, and recognize
them as data carriers.	Hiding data in arbitrary .jpg files would solve
this problem, but even so, if the FBI knows there is software for
hiding data in the low bits of .jpg files, they'd run it on all your
pictures as a matter of course.  Naturally you'll have encrypted your
file, but you may as well have left it on the disk as is.

a) What's stenography?
b) What's stegography?
c) There's nothing self-decrypting about a .jpg file.






From tomh at bambi.ccs.fau.edu  Thu Feb 24 19:46:37 1994
From: tomh at bambi.ccs.fau.edu (Tom Holroyd)
Date: Thu, 24 Feb 94 19:46:37 PST
Subject: Infomercial
Message-ID: <9402250344.AA14935@bambi.ccs.fau.edu>


Most people couldn't care less.  They don't encrypt data, and will
never use a clipperphone.  The FBI can *already* listen to all their
phone calls and see all their medical records.	Why should people
do anything to protect something they don't have anyway?






From pmetzger at lehman.com  Thu Feb 24 19:50:20 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 24 Feb 94 19:50:20 PST
Subject: WE WANT SELF DECRYPTING STENOGRAPHY NOW!
In-Reply-To: <9402250339.AA14924@bambi.ccs.fau.edu>
Message-ID: <9402250349.AA19644@andria.lehman.com>



Tom Holroyd says:
> Any software for hiding data in fractals would have the problem that
> people would eventually learn to recognize the type of fractal.  Thus
> when the FBI digs through your PC, they'd find the fractals, and recognize
> them as data carriers. Hiding data in arbitrary .jpg files would solve
> this problem, but even so, if the FBI knows there is software for
> hiding data in the low bits of .jpg files, they'd run it on all your
> pictures as a matter of course.  Naturally you'll have encrypted your
> file, but you may as well have left it on the disk as is.

Precisely a point I've been making for some time.

We are safest if we quickly deploy so much crypto that grandmothers
are using it and they EXPECT it everywhere. That way, crypto is not a
signal that something is unusual. Steganography never took off as a
science largely because it is such a weak form of protection, almost
inherently. As soon as they SUSPECT steganography you have immediately
lost any safety you may have had.

I'm very much in favor of simply openly using crypto, as often as
possible and as visibly as possible.

Perry





From pmetzger at lehman.com  Thu Feb 24 19:52:02 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Thu, 24 Feb 94 19:52:02 PST
Subject: Infomercial
In-Reply-To: <9402250344.AA14935@bambi.ccs.fau.edu>
Message-ID: <9402250351.AA19657@andria.lehman.com>



Tom Holroyd says:
> Most people couldn't care less.  They don't encrypt data, and will
> never use a clipperphone.  The FBI can *already* listen to all their
> phone calls and see all their medical records.	Why should people
> do anything to protect something they don't have anyway?

I agree that an infomercial is silly, but I disagree that secure
phones don't have an extensive market. If they were cheap enough,
people would want the feature just for the hell of it. Ultimately, it
won't add more than a couple of bucks to the cost of a phone -- and
the "ultimately" in this case is less than a decade away. I'd say that
most people would pick up a cryptophone if it only costs a couple
bucks more and is transparent to use.

Perry





From qjones at infi.net  Thu Feb 24 20:39:28 1994
From: qjones at infi.net (Wayne Q Jones)
Date: Thu, 24 Feb 94 20:39:28 PST
Subject: Rising dishonesty level
In-Reply-To: <199402241448.GAA17814@well.sf.ca.us>
Message-ID: <Pine.3.89.9402242331.A10705-0100000@larry>


Since you mentioned it...What is this new weapon that Russia has
deployed that Dee spoke about in the press conference???
Wayne

On Thu, 24 Feb 1994, Brad Dolan wrote:

> jimn8 at netcom.com remarks about the rising level of dishonesty in 
> (presumably) media/political circles:
> 
> *It's bad*   I once had a faint hope that a change in administrations
> would reverse the tide.  I'm over that now.  People from eastern
> Europe recognize a lot of what they see developing here, as a recent
> poster noted.
> 
> jimn8 further wonders if anybody knows a better country to live in:
> 
> I know of several that are less intrusive in your private affairs.  
> Unfortunately, it's hard for an American to find work in most of them.
> I've made up a list of decision rules about when it's time to flee
> to the first place I can find "three hots and a cot" (Places like
> Belize, for instance).  Try compiling your own list, it's an 
> interesting exercise.
> 
> My rules:
> 
> It's time to leave when...
> ... I can't say what I want.
> ... I can't own a gun.
> ... I can't use good crypto.
> ... I can't leave and enter the U.S. freely.
> 
> Brad   bdolan at well.sf.ca.us
> 
> Somewhat related:  Does anybody find it interesting that no one noted 
> for over a decade that Ames had (1) a lavish lifestyle and (2) a foreign-born
> (Colombian!)  wife.  Normally, spooks aren't allowed either.
> 
> A cynic might say that the lavish lifestyle was overlooked because it was
> attributed to the Colombian connection, and not to the other
> extracurricular activities.
> 
> -bd
> 
> 

****************************************************************************
*  Qjones at infi.net               So I'm a dog...what else is new?          *
*  Qjones at larry.wyvern.com        Quote from life and times of a man        *
****************************************************************************






From drzaphod at brewmeister.xstablu.com  Thu Feb 24 20:55:27 1994
From: drzaphod at brewmeister.xstablu.com (DrZaphod)
Date: Thu, 24 Feb 94 20:55:27 PST
Subject: Net Restructure
In-Reply-To: <9402242142.AA17967@pilot.njin.net>
Message-ID: <m0pZuYC-0003DeC@brewmeister.xstablu.com>


> 
> >       This doesn't dtop ordinary [or extraordinary] people from running their
> > own net.  This net, with in and out ports to other nets, would follow none
> of the rules enforced upon our current net.  If they try to cut us out we 
> simply change out location.

^^^ Was your msg really so munged when you got it? Or did you modify it.  
The msg I sent out was: 

	dtop WAS stop
and
	out location WAS our logical location.
as well as a few form problems and missing >'s

> 	I don't think that is logical or feasible, and my point is that the net is
> becoming something for the masses now.  The masses won't be as crafty as you
> .  I feel that if or when it is restructured the people logging on won't 
> be aware of the lack of security or they will have false security.
> Reuben Halper

	I agree that most people won't be aware of their big brother's
watchful eye and meddling fists.. and I suggest we all fight the
govt's current plan for the NII.  I also suggest that if their current
plan [or one very like it] passes and the spooks are wired in to the
complete net [or even parts of it] that we [cyperpunks, anarchists, 
businessmen, hackers, and everybody else who doesn't like the govt's
hand in all of this] simply DON'T USE IT.  We can use it's capability
to transport msgs via an encrypted link.. and service providers can
spring up all over the place offering PRIVATE communication.  Luxery
is now becoming a word for things other people don't want you to have.
The "luxery" of privacy is a falacy.  I think one day, maybe soon, people
will simply realize: "Shit!  I don't have to do that if I don't want to!"
Hopefully many people will think this around the same time and we'll
be well on our way.  TTFN.   

-- 
The Universe in the eyes of a programmer: That government subroutine
is too slow.  Wouldn't it be easier if we linked all these people
directly instead of running them thru that? -- If only we had
the ability for mass communication [grin].
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From qjones at infi.net  Thu Feb 24 20:56:23 1994
From: qjones at infi.net (Wayne Q Jones)
Date: Thu, 24 Feb 94 20:56:23 PST
Subject: Viacrypt at NCSC ?
In-Reply-To: <9402242320.AA29930@anon.penet.fi>
Message-ID: <Pine.3.89.9402242345.A10705-0100000@larry>


Probably works there. I work at NUWC.NAVY.MIL but I still have a mind of 
my own...


On Thu, 24 Feb 1994, r-man wrote:

> 
> Why does at least one person from Viacrypt have an e-mail address
> at dockmaster.ncsc.mil ? 
> 
> Is there an association between Viacrypt and the NCSC, or does the
> NCSC give out accounts to those in the business ?
> 
> -------------------------------------------------------------------------
> To find out more about the anon service, send mail to help at anon.penet.fi.
> Due to the double-blind, any mail replies to this message will be anonymized,
> and an anonymous id will be allocated automatically. You have been warned.
> Please report any problems, inappropriate use etc. to admin at anon.penet.fi.
> 

****************************************************************************
*  Qjones at infi.net               So I'm a dog...what else is new?          *
*  Qjones at larry.wyvern.com        Quote from life and times of a man        *
****************************************************************************






From eichin at paycheck.cygnus.com  Thu Feb 24 21:01:07 1994
From: eichin at paycheck.cygnus.com (Mark W. Eichin)
Date: Thu, 24 Feb 94 21:01:07 PST
Subject: RATINGS: strn has the right features (was Subject tags)
In-Reply-To: <9402241838.AA21116@ah.com>
Message-ID: <9402250418.AA00882@paycheck.cygnus.com>



>> shared seem to be binary in nature, simply to include articles in
>> virtual lists of articles.

Strn has a couple of unrelated but relevant features. The virtual
newsgroups, as discussed, are a lot more powerful than you'd think --
in fact, they could be ideal for the Ratings system. Virtual
newsgroups can be constructed from arbitrary lists of message-id's...
the intent, I think, was to use nngrep and such to supply them, but
you could just as easily use the result of post-processing your
ratings-list to generate them. (Virtual newsgroups can be constructed
from a number of sources, actually, both "live" and with
preprocessing.)

On *top* of that (ie. at the reader's side of the system, regardless
of whether the group is real or virtual) you have a scoring system,
which is based on applying regular expression patterns to messages,
and producing scores. (For example, I read comp.sys.palmtops because I
have an hp100, so I have a positive score for subject:.*hp100, but I'm
also interested in new things that might show up there, but I know I
*don't* care about the Tandy Zoomer, so /zoomer/ gets a negative
score.) Scores are cumulative on an article. Since strn is built on
trn, if a score gets you to read an article mid-thread, you can easily
move around in the 2d representation of the thread, even if those
items didn't score as well.

>> agent, but it seems not to have the social goals that the ratings
>> proposal I have in mind does.

I think it has the flexibility to implement most, if not all, of what
you want your ratings system to provide.  (Pedantic point -- would it
not be more correct to say that *you* have social goals, not the
rating system -- the system is merely your tool...)

strn works quite will with a local news spool, and is supposed to work
with an XOVER database (or whatever the other equivalent was) if
you're using NNTP. 
							_Mark_





From tomh at bambi.ccs.fau.edu  Thu Feb 24 21:05:54 1994
From: tomh at bambi.ccs.fau.edu (Tom Holroyd)
Date: Thu, 24 Feb 94 21:05:54 PST
Subject: Infomercial, Clipper
Message-ID: <9402250504.AA15123@bambi.ccs.fau.edu>


>Tom Holroyd says:
>> Most people couldn't care less.  They don't encrypt data, and will
>> never use a clipperphone.  The FBI can *already* listen to all their
>> phone calls and see all their medical records.  Why should people
>> do anything to protect something they don't have anyway?

Perry says:
>I disagree that secure phones don't have an extensive market. If they were
>cheap enough, people would want the feature just for the hell of it.  I'd
>say that most people would pick up a cryptophone if it only costs a couple
>bucks more and is transparent to use.

And if the FBI could listen in, it would be *no different* from what
they have today.  The point is, Clipper does not take anything away
from most people.  They might get a Clipperphone if they thought the
building superintendant was hiding in the phone closet listening in
(thus getting some real value from the thing), but they aren't hiding from
the FBI today, and they won't care if the FBI might listen in tomorrow, too.

Note that I'm not saying that Clipper isn't the tip of an iceberg giving
the spooks bigbrother-like powers.  All I'm saying is, you won't be able to
convince Joe Public that he's losing anything.

If they start arresting people for using PGP, that's another problem,
and Joe Public won't care about that, either.







From hayden at krypton.mankato.msus.edu  Thu Feb 24 21:15:26 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Thu, 24 Feb 94 21:15:26 PST
Subject: InfoMercials / Getting the word out
Message-ID: <Pine.3.89.9402242303.A24769-0100000@krypton.mankato.msus.edu>


I cannot see how an 'infomercial' would be effective at all.  The 
audience of people that commonly watch those things are apathetic about 
politics.

Face it, the only way to get the word out is to get the industries of 
power against clipper, then the popular support falls into line.  The 
industries include (but are not limited to):
	Really Rich People
	Really Rich Corporations
	The Media
	Non-US Governments

Coalitions need to be built.

Face it, the government IS NOT going to listen to the people.  The people 
are the ones that the government is violating.  And the commone people 
have no REAL power, and even shorter memories of those violations.

Make the governemtn afraid of those with power, and we can have our way.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From cme at sw.stratus.com  Thu Feb 24 22:08:52 1994
From: cme at sw.stratus.com (Carl Ellison)
Date: Thu, 24 Feb 94 22:08:52 PST
Subject: story on digital telephony from today's Washington Post (fwd)
Message-ID: <199402250608.BAA02031@galt.sw.stratus.com>


>From: Mike Godwin <mnemonic at eff.org>
>Message-Id: <199402250044.TAA04129 at eff.org>
>Subject: story on digital telephony from today's Washington Post (fwd)
>To: eniac at prudence.fof.org (eniac at prudence.fof.org),
>        cypherpunks at toad.com (cypherpunks)
>Date: Thu, 24 Feb 1994 19:44:42 -0500 (EST)

>The FBI and the Justice Department say the initiative would not expand
>their power, but would ensure access to the type of communications they
>have been entitled to tap for years.


This is totally bogus.

The FBI has never had the right to watch computer programs execute.
Now that computer programs are being written as distributed systems,
what was originally written to be an internal subroutine call can look like
a message over the phone system.

The FBI never had the right to bug corporate conference rooms.  Now that
companies are using videoconferencing, a private corporate conference
could look like a phone call.

Etc.

This needs to be fought.

 - Carl

P.S.  Even though the FBI has had the wiretap law of 196?, we need to keep
reminding them that this law wasn't a constitutional amendment.  It's
entirely possible for a new routine law to invalidate their law -- or for
technology to invalidate their preferred M.O.  It might even be reasonable
to pass a law prohibiting all wiretaps. That is, now that the FBI has shown
that it intends to act like an Iron Curtain surveillance agency, perhaps it
should be treated like one and shut down.






From catalyst-remailer at netcom.com  Thu Feb 24 23:25:49 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Thu, 24 Feb 94 23:25:49 PST
Subject: Omnibus Crime Control Act of 1968
Message-ID: <199402250726.XAA14808@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----



Sorry, my fingers are all thumbs: the issue of Time is July 25, 1969.

faust's dog



-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQBpAgUBLW2jPop26HwU0zr9AQGC/wKaAx5+2y0N1/jlGFnJ3Nv9ZY9S4STt09oJ
lBA8eeOcf/dXQk7dvmsUY/X17FRyAYujqwI7PCG5Vhjxl/GN1vlwSShZ4Ozd1KCM
mAkLWORloypkmJ5i
=rFMU
-----END PGP SIGNATURE-----





From MIKEINGLE at delphi.com  Fri Feb 25 00:44:20 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Fri, 25 Feb 94 00:44:20 PST
Subject: VOUCH program encrypts with DSS keys
Message-ID: <01H9AE8TXK1094G4CB@delphi.com>


There is a program called VOUCH which implements the Digital Signature
Standard. In addition to signing, it has the interesting ability to do
public-key encryption with the DSS keys! The manual describes this as
Diffie-Hellman key exchange. As I understand DH exchange, it is an online
negotiation protocol. Can DH be combined with DSS to use the DSS keys
for public-key encryption? How? If His Excellency decides we should all
have DSS keys tattooed on our asses, the ability to encrypt with them
could be very useful.

Vouch is available by ftp from garbo.uwasa.fi in /pc/crypt/vouch10.zip
It's about 90K. The author is in Pakistan and gives only a snail address.

--- Mike

Here's my key and a test file if you want to play with it.

section 1 of uuencode 4.13 of file VOUCHKEY.ZIP    by R.E.M.

begin 644 VOUCHKEY.ZIP
M4$L#!!0``@`(`.<#61PE%-J7)P$``-$!```,````35E054),24,N2T59%9`[@
MCA4P#$5[)/9`,37RWW$W<6Q+%*P"GF#$\%E_1Y[<7<4WQP?MT]>W7X\O?WZ\A
M/UZ_/][__7S[_.WO[X\?7GRDJ707%\H`U"$==(8YYLVD8K97C3E`]F8*EEXGV
MNX9X`''5`4JS*EA[JL8%C=I9)=-NZ0[=M-1,77(/J!T("F"2//ER&7)5+8[$?
M::^Y<X-3O"<&3>.LG1"AY_E6&&L;GDV%?/^*WGLA1HNZRM;+MW&2H/BNBVIX'
M)@`T=HCX7F'1;HWAY;@(<A]@C5PY-H1\J9=1`<^%A[,+-&H1JH1/R).A;K<PC
M\0VIK?-<17'LGHZAA"&&N0.+#T8P.NH\218:&/?QZXEF`UCSW.91D5E.A.EVO
MFOU*]>O at VF,G;2=L(T>R;/%.N`S_`5!+`P04``(`"`!V!%D<[NQ;R\<```#0Z
M````"````%1%4U0N4T=.*TO.4##4,U"P2LE,SRQ)S%$HSDS/2RPI+4I5R"U.O
M5XC.RRPNB56P,C13L#)5L%+PS<Q.]<Q+STEU2$G-*<C(U$O.SU6PXN52<35VS
M,S$W,'5R-;$P,S1T=#$S,G2R,'-R=76Q<'-R,G%VMC"S<'*Q,%`!JC4V=W9S+
M,7(U,W9R,C4Q<34W=75U<G8S,S0R-#`P-C9V=;(T=#-S<[$`J at W)R"Q6`*)$S
M!9?@8%V0VU)3%')3BXL3TU,5THJ`EH-<I`!VDAXO%R\7`%!+`0(4`!0``@`(6
M`.<#61PE%-J7)P$``-$!```,``````````$`(`````````!-65!50DQ)0RY+F
M15E02P$"%``4``(`"`!V!%D<[NQ;R\<```#0````"``````````!`"````!1L
A`0``5$535"Y31TY02P4&``````(``@!P````/@(`````N
``
end
sum -r/size 15963/1022 section (from "begin" to "end")
sum -r/size 40836/708 entire input file





From Seth.Morris at lambada.oit.unc.edu  Fri Feb 25 00:56:01 1994
From: Seth.Morris at lambada.oit.unc.edu (Seth Morris)
Date: Fri, 25 Feb 94 00:56:01 PST
Subject: "self decrypto" and Steg
Message-ID: <9402250855.AA20045@lambada.oit.unc.edu>


First, re: "self decrypting" binaries.
> An interesting idea, although highly unpracticable.  Sending a binary
> is nearly impossible.  As an example, I have at my disposal (and I log
> into regularly) at least 6 different platforms.  All Unix, but each
> one would require its own binary!
 
> Also, there is no way to meet your goal of "no external binary
> needed."  There may be a few things you can do in lieu of this, but
> all of them require some knowledge of the recipient hardware system.
> But in a case such as mine, even that wouldn't help (do you send it
> for an RT, Vax, Decmips, RS6000, Alpha, Linux, Sun386i, Next, ...?)

 Sounds more like a general utility for conventional key crypto with versions
ported to other platforms. Like pkzip's "crypto" options, but hopefully
without publicly posted programs to crack it!
 Imagine a program built with lharc, zip, arj, tar, uuxfer, md5, and idea.
A general file cruncher. Then you send a binary .whatever file with a
special header that has the passphrase prompts you've decided on.

 Not "self-decrypting" by any means, but more likely to be run and accepted
by a user unwilling to install pgp. Also, very easy to write. Hork gzip,
maybe info-zip, pgptools, maybe some lharc code, etc from publicly
visible locations and snap them together.

 I have to agree with the statement that I'm NOT going to run a random
binary dropped in my mbox! Even if someone I'd like to communicate 
securely with had said it'd be dropping by.

 I think with all the talk about steg lately we might want to recall an idea
posted a few months (several?) ago.... Create and widely distribute a
program to take a "stealth" crypto file (of course, the util might also
do the stealthing.... details) and perform a large number of manipulations
on it. 
 Something like a command blend -"Hello, world!" file.bin would do
something like use the "H" option (of MANY) with an argument of 5 (or
of 101 or whatever the ascii value of 'e' is... I'm tired), then the "l"
manipulation twice ("l" might not take an argument), then "o", skip the
comma and whitespace (or maybe not), etc.
 No way to gaurantee that some operations don't undo one another, but you'd
still have a good chance that the resulting file would be VERY difficult to
cryptanalyse, I think (and I *know* I'll be told if I'm wrong... I'm 
repeating what seemed like a good idea). At the very least, it wouldn't
decrypt into anything useful.
 This way, one utility can provide man avenues to help steg (if the file
cannot be determined to be encrypted by a particular program/with a
particular method, it may be easier to hide in a practicable way (which
may be less secure than a more theorhetically sound method)).

 Again, I'm in favor of having the program also provide a non-crypto
related service to the user. Encourage people to have it and know
how to use it, and provide a cover to explain it's presence.

 Just a couple-a comments on current threads.

 Seth Morris (Seth.Morris at LaUNChpad.unc.edu)






From kermit at ics.forth.gr  Fri Feb 25 02:22:41 1994
From: kermit at ics.forth.gr (Aggelos D. Keromitis)
Date: Fri, 25 Feb 94 02:22:41 PST
Subject: Link
Message-ID: <9402251022.AA18418@calliope.csi.forth.gr>


In soda.berkeley.edu:/pub/cypherpunks/applications/link there is a server
 for encrypted login on slip connections between Unix and amiga. Could the
 author please contact me ? I'm rewriting some of the code to make a simple
 telnetd with RSA/tripple DES encryption. 
My apologies to those with no interest to the subject, but Eric told me i could
 find the person i seek through the list (preferable answer by email).
-Aggelos





From dmandl at lehman.com  Fri Feb 25 05:30:16 1994
From: dmandl at lehman.com (David Mandl)
Date: Fri, 25 Feb 94 05:30:16 PST
Subject: Infomercial
Message-ID: <9402251330.AA06936@disvnm2.lehman.com>


I respectfully submit that this would be a BIG waste of money.
TV time is not cheap, and since most infomercials are run by
crackpots or scam artists (or that's the general view of 'em,
in my opinion), this wouldn't buy us much at all.  If people
are interested in a media barrage, a big ad in a major newspaper
would be money better spent (though I have my doubts about that,
too).

   --Dave.





From paul at poboy.b17c.ingr.com  Fri Feb 25 06:09:30 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Fri, 25 Feb 94 06:09:30 PST
Subject: [comp.dcom.telecom]: AT&T finally adds RSA
Message-ID: <199402251410.AA04071@poboy.b17c.ingr.com>



Note that AT&T is selling this puppy for $360 _per copy._ I bet some
motivated developer could get the appropriate patent licenses and
undercut them significantly.

-Paul


FOR MEDIA INQUIRIES:
David Arneke, AT&T Secure Communications Systems
910 279-7680 (office)
910 273-5687 (home)
!darneke (ATTMAIL) or david.arneke at att.com (Internet)

AT&T ADDS RSA SECURITY TECHNOLOGY TO SECRETAGENT (TM) SOFTWARE

        GREENSBORO, North Carolina -- AT&T has added RSA security
technology to its SecretAgent software in an upgrade that makes the
program more versatile, easier to use and faster.

        Other major new capabilities in AT&T SecretAgent Version 3.0
include:

        -- User-transparent support of RSA and DSA public keys.  Users
can generate RSA keys or DSA keys and communicate signed and encrypted
messages with other SecretAgent 3.0 users regardless of their choice
of public key algorithms.

        -- Cross-platform compatibility among MS-DOS, Windows,
Macintosh and various UNIX operating systems.  Information secured on
one operating system can be processed transparently on any of the
others.

        -- Mail-enabled operation through the widely supported
Vendor-Independent Messaging (VIM) interface.

        -- Significantly faster implementation of DES encryption and
DSA signing and validation.

        Version 3.0 adds the RSA cryptosystem for digital signatures
and key management to SecretAgent's capabilities, which already
included DES encryption, the NIST Digital Sig- nature Algorithm (DSA)
and the federal Secure Hash Standard (SHS) for data integrity.

        For encryption and DSA signatures, a variant of the
Diffie-Hellman protocol is used for key exchange.

        "AT&T SecretAgent 3.0 Software gives users a more powerful
array of capabilities in an extremely fast and efficient way," said
William A. Franklin, software security products manager, AT&T Secure
Communications Systems.

        With its unique combination of standards, SecretAgent 3.0
software provides solutions to the security requirements of a wide
variety of business and government users.

        "Some customers require only one set of capabilities --
government users, for example, are required to use federal standards
only," Franklin said.

        "Some businesses prefer RSA technology, but others need RSA
for electronic data interchange with other commercial businesses and
government standards for dealing with the government."

        Users can select either RSA, SHS and DES or DSA, SHS, DES and
Diffie-Hellman for signing and encrypting.  On reception, the program
detects which security algorithms have been used so the recipient of a
message doesn't have to be concerned about which technology the sender
used.

        Mail-enabled operation also makes security user-friendly.
Messages can be created, signed, encrypted and mailed all without
leaving SecretAgent 3.0 software.  Documents also can be signed,
encrypted and transmitted as mail attachments.

        DES encryption is 50 percent faster than in the original
version of AT&T SecretAgent Software.

        Digital signature speed is also improved.  DSA signing
and validation are performed in approximately 150 milliseconds each 
on a 486/33M Hz personal computer.

        AT&T SecretAgent Software was developed for AT&T by
Information Security Corporation of Deerfield, Illinois.

        The program operates independently of word processing
programs, enabling it to safeguard such diverse data as text files,
spreadsheets and databases.

        SecretAgent 3.0 software encrypts and decrypts files for
transmissions or storage, even files stored on a shared network hard
disk.

        Single-copy suggested retail price is $329.95 for the DOS and
Windows versions, $359.95 for the Mac version and $399.95 for the UNIX
version.  Volume discounts and site/enterprise licensing are
available.

        Recommended PC configuration includes 640 KB RAM (256 KB
required) and hard disk.

        The Windows version of SecretAgent 3.0 software will be
available March 15.  The DOS version will follow on April 1, the
SPARCstation UNIX version on April 15 and the Mac version on May 1.

        A software upgrade to allow the program to accept the federal
government's TESSERA PCMCIA card and DATAKEY Sig- naSURE smart card
will be available April 1.  A triple-DES software capability also will
be available April 1.

        To order or to get more information, customers can call the
AT&T Secure Communications Customer Service Center, 1 800 203-5563.

                          ######

Product names are trademarks of their respective companies.

-- 
Paul Robichaux, KD4JZG     | "Let he who is without sin cast the first 
perobich at ingr.com          |  pointer." - Owen Harnett
Intergraph Federal Systems | Be a cryptography user- ask me how.
	       Of course I don't speak for Intergraph.





From danisch at ira.uka.de  Fri Feb 25 06:10:46 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Fri, 25 Feb 94 06:10:46 PST
Subject: List of security/cryptography servers
Message-ID: <9402251410.AA07524@deathstar.iaks.ira.uka.de>


-----BEGIN PGP SIGNED MESSAGE-----

This is my list of security and cryptography servers around the world.
I did not test them all and some of them are not very usefull. 
I am not allowed to download cryptographic stuff from american and
canadian servers, I could not do more than get a directory listing
of the security directories.

Please send a short reference if you know any server missing on this list.

Hadmut




Europe:

ftp.uni-kl.de:
	ftp://ftp.uni-kl.de/usr/ftp/pub1/packages/cert
	ftp://ftp.uni-kl.de/usr/ftp/pub1/unix/security
	ftp://ftp.uni-kl.de/usr/ftp/pub2/packages/doc.tum/security
	ftp://ftp.uni-kl.de/usr/ftp/pub2/unix/security



rzsun2.informatik.uni-hamburg.de:
ftp.informatik.uni-hamburg.de:
	[ DFN-CERT ]

	ftp://rzsun2.informatik.uni-hamburg.de/
	gopher://rzsun2.informatik.uni-hamburg.de



wowbagger.zfn.uni-bremen.de:
wowbagger.pc-labor.uni-bremen.de:

	ftp://wowbagger.zfn.uni-bremen.de/pub/security



crypt1.cs.uni-sb.de:
	ftp://crypt1.cs.uni-sb.de/pub/




gopher.tu-clausthal.de:
solaris.rz.tu-clausthal.de:
	gopher://solaris.rz.tu-clausthal.de:70/11/RZ/DV-Sicherheit




ftp.tu-clausthal.de:
	ftp://ftp.tu-clausthal.de/pub/docs/security
	ftp://ftp.tu-clausthal.de/pub/unix/security

	

ghost.unimi.it:
ghost.dsi.unimi.it:
	ftp://ghost.unimi.it/pub/security



ftp.win.tue.nl:
	ftp://ftp.win.tue.nl/pub/security

mcsun.eu.net: (Netherlands)
	ftp://mcsun.eu.net/security



garbo.uwasa.fi:
	ftp://garbo.uwasa.fi/pc/security

nic.funet.fi:
	gopher://nic.funet.fi/
	ftp://nic.funet.fi/pub/unix/security 


kampi.hut.fi:
	ftp://kampi.hut.fi/alo






ftp.sunet.se:
	gopher://ftp.sunet.se/pub/security
	ftp://ftp.sunet.se/pub/security

chalmers.se:
	ftp://chalmers.se/	???


sunic.sunet.se:
	gopher://sunic.sunet.se/pub/security ???
	ftp://sunic.sunet.se/pub/security

isy.liu.se:
	ftp://isy.liu.se/security

ftp.luth.se:
	ftp://ftp.luth.se/pub/unix/security
	ftp://ftp.luth.se/pub/misc/security-papers

kth.se:/src/RPC/rcp4.0/secure_rpc/des








olymp.wu-wien.ac.at:
	gopher://olymp.wu-wien.ac.at/
	ftp://olymp.wu-wien.ac.at/.scratch/security

ftp.univie.ac.at:
	ftp://ftp.univie.ac.at/unix/security
	ftp://ftp.univie.ac.at/pc/dos/security
        gopher://ftp.univie.ac.at/unix/security
	gopher://ftp.univie.ac.at/pc/dos/security




black.ox.ac.uk:
	ftp://black.ox.ac.uk/wordlists
	ftp://black.ox.ac.uk/src/security


src.doc.ic.ac.uk:
	ftp://src.doc.ic.ac.uk/computing/security
	gopher://src.doc.ic.ac.uk/computing/security

unix.hensa.ac.uk:
	ftp://unix.hensa.ac.uk/pub/uunet/doc/security
	ftp://unix.hensa.ac.uk/pub/uunet/pub/security




liasun3.epfl.ch:
	ftp://liasun3.epfl.ch/pub/security


aragorn.unibe.ch:
	ftp://aragorn.unibe.ch/pub/docs/security


claude.ifi.unizh.ch:
	ftp://claude.ifi.unizh.ch/pub/security




kids.kotel.co.kr:
	ftp://kids.kotel.co.kr/pub/security

ring.kotel.co.kr:
	ftp://ring.kotel.co.kr/pub/security






==========================================================


Australia:
csc2.anu.edu.au:
	ftp://csc2.anu.edu.au/pub/security


ftp.adelaide.edu.au:
	ftp://ftp.adelaide.edu.au/pub/security


ftp.cc.adfa.oz.au:
	ftp://ftp.cc.adfa.oz.au/pub/security


octavia.anu.edu.au:
	ftp://octavia.anu.edu.au/info.mcs.anl.gov/pub/security


ftp.utas.edu.au:				??
	ftp://ftp.utas.edu.au/security


tasman.cc.utas.edu.au:
	ftp://tasman.cc.utas.edu.au/security  ??


==========================================================


Africa:

ftp.ee.und.ac.za:
	ftp://ftp.ee.und.ac.za/pub/crypto/
	ftp://ftp.ee.und.ac.za/pub/security/

==========================================================


Canada:

wimsey.bc.ca:
van-bc.wimsey.bc.ca:
	ftp://wimsey.bc.ca/pub/security
	ftp://wimsey.bc.ca/pub/crypto


==========================================================




USA [.edu]:

gopher-penninfo.upenn.edu:
	gopher://gopher-penninfo.upenn.edu:71

dartmouth.edu:
	ftp://dartmouth.edu/pub/security

ftp.cs.purdue.edu:
	ftp://ftp.cs.purdue.edu/pub/ ???

ripem.msu.edu:
	ftp://ripem.msu.edu/pub

ftp.cs.cornell.edu:
	ftp://ftp.cs.cornell.edu/pub/wayner    ???


scss3.cl.msu.edu:
	ftp://scss3.cl.msu.edu/pub/bignum
	ftp://scss3.cl.msu.edu/pub/crypt


mthvax.cs.miami.edu:
	ftp://mthvax.cs.miami.edu/

arthur.cs.purdue.edu:
	ftp://arthur.cs.purdue.edu/pub/pcert
	gopher://arthur.cs.purdue.edu/

quartz.rutgers.edu:
	ftp://quartz.rutgers.edu/pub/computer/security


sunsite.unc.edu:
	ftp://sunsite.unc.edu/pub/docs/security
                             /pub/docs/.cap/security

pmip.maricopa.edu:
	gopher://pmip.maricopa.edu:770/


hoohoo.ncsa.uiuc.edu:
	http://hoohoo.ncsa.uiuc.edu/docs/

somalia.earth.nwu.edu:
	gopher://somalia.earth.nwu.edu

cert.sei.cmu.edu:
	ftp://cert.sei.cmu.edu/pub/cert_advisories

athena-dist.mit.edu:
	ftp://athena-dist.mit.edu/pub/kerberos

chaos.bsu.edu:
	ftp://chaos.bsu.edu/
	gopher://chaos.bsu.edu/

dartvax.dartmouth.edu:  [ftpmail also]
	ftp://dartvax.dartmouth.edu/pub/security


==========================================================

USA [.gov]:
csrc.ncsl.nist.gov:  
	ftp://csrc.ncsl.nist.gov/pub/
	gopher://csrc.ncsl.nist.gov

ncbi.nlm.nih.gov:
	ftp://ncbi.nlm.nih.gov/pub/security

ftp.gsfc.nasa.gov:
	ftp://ftp.gsfc.nasa.gov/pub/security


==========================================================


USA [.com]:
qiclab.scn.rain.com:
	ftp://qiclab.scn.rain.com/pub/security

gumby.dsd.trw.com:
	ftp://gumby.dsd.trw.com/pub/security

thumper.bellcore.com:
	ftp://thumper.bellcore.com/pub/skey  ???



==========================================================

USA [.org]:

cert.org:
	ftp://cert.org/pub

cpsr.org:
	ftp://cpsr.org/cypherpunks
	gopher://cpsr.org




-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLW4Go2c1jG5vDiNxAQEHWQP+MCf7wbx6h+zX0W2OL2Ejxckn8JerYBWv
pTRsgbGlLD/zzvv6kDHDldvuwp0Oexwn1a95gkxKFaawFRdCdxpZyXLysB9Np8CC
rTer7EuCsLJvn80B9jdJ4hw4BzTbx2FCGQ7ifFY/jcTf1L5wk7HB07k3e8ITfqXd
hkk1L/yH+Lc=
=ZHZP
-----END PGP SIGNATURE-----





From hoburg at ultryx.com  Fri Feb 25 07:01:22 1994
From: hoburg at ultryx.com (James E. Hoburg)
Date: Fri, 25 Feb 94 07:01:22 PST
Subject: Clipper Death Threat
Message-ID: <9402251452.AA24599@ramsesii.ultryx.com>


  I've lurked on cypherpunks on-and-off  in the past.  Since last departing,
I  came  across  the  latest John Perry Barlow/Wired broadside  on  Clipper.
Enough.  I am  working with  a  small handful of  other  net denizens  in my
locale (Columbus, OH)  to begin a grass-roots consciousness  raising  effort
about Clipper.   We  are trying to assemble info-kits for  the  local media,
drum up the assistance of politically active civil libertarians in the area,
and  whatever  else  we can  do to  start a snowball rolling.   Any ideas or
strategies you would care to forward would be most appreciated.  However...

  The first hurdle I can see now is the eye-glaze factor for John Q. Public.
Where can  I  find  more layman-oriented  information sources?   Like  these
sorts:

1.  Simple  explanation of cryptography, *what* not  how. Maybe  a little on
public/private keys.

2.   Why laymen, corporations, etc.  need access to strong encryption.  Good
analogies are  needed here.  (e.g., wireless  telecom is easily compromised,
etc.)
    	
3.  Why we have a right to strong encryption.
    
4.  How the Clipper implementation infringes on our rights.

5.  Arguments for/against Clipper, key escrow, and DoJ implementation.

6.  Why public (read congressional) hearings are needed.
    e.g. Administration rationale for clipper.
    	 Abuse of key escrow.
    	 Guarantee to alternative encryption.
    	 Guarantee to import/export of encryption.

  Having  actively tried to get generic folks  to see this one  coming, it's
clear that the Clipper debate will never be more than a tempest in a nerdpot
unless we  can present both Clipper  facts and fears in a way that will help
the man-in-the-street see this threat for what it is and give a hoot.

  Perhaps  these  sorts of  information  resources  are  a  bit  beyond  the
cypherpunk  focus  (cypherpunks write code.)  But I would really  appreciate
any pointers to promising directions for info.

Regards,

--  James Emerson Hoburg
    NET: <hoburg at ultryx.com>  VOX: +1-614-885-8799  FAX: +1-614-885-5171
0
    They that can give up essential liberty to obtain a little 
    temporary safety deserve neither liberty nor safety.
      - Ben Franklin
0





From sdw at meaddata.com  Fri Feb 25 07:19:30 1994
From: sdw at meaddata.com (Stephen Williams)
Date: Fri, 25 Feb 94 07:19:30 PST
Subject: your mail
In-Reply-To: <9402250120.AA12855@toxicwaste.media.mit.edu>
Message-ID: <9402251519.AA20453@jungle.meaddata.com>


> 
> An interesting idea, although highly unpracticable.  Sending a binary
> is nearly impossible.  As an example, I have at my disposal (and I log
> into regularly) at least 6 different platforms.  All Unix, but each
> one would require its own binary!

Although I'm still uncomfortable about the non-crypto user key, there is
a simple solution to the problem of executable/data transmission:

Send it as Perl, Postscript, Tcl, whatever.

Perl should be able to handle an encode (7 bit) data stream with a
program prepended.  The algorithm would be more obvious, but
technically no more secure if you disallow security-through-obscurity.

Perl is available almost everywhere, is reasonably fast, has a
comprehensive capability list, etc.

> This doesn't mean that your idea has no merit.  On the other hand, it
> is an interesting key distribution model.  Except there are a number
> of problems that I can see.  First, anything you know about the person
> is something that someone else could probably do a little research and
> find out as well.  This inherently means it is not a very secure
> channel, rather it is only moderately secure.

This is what I think is rough.

> Also, there is no way to meet your goal of "no external binary
> needed."  There may be a few things you can do in lieu of this, but
> all of them require some knowledge of the recipient hardware system.
> But in a case such as mine, even that wouldn't help (do you send it
> for an RT, Vax, Decmips, RS6000, Alpha, Linux, Sun386i, Next, ...?)

Perl...

> Like I said, its an interesting key distribution model, but I do not
> see any way to realize it under your assumptions.
> 
> -derek


sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net sdw at meaddata.com
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together




From lyled at pentagon-emh9.army.mil  Fri Feb 25 07:35:05 1994
From: lyled at pentagon-emh9.army.mil (LYLE, DAVID R. COMPEX)
Date: Fri, 25 Feb 94 07:35:05 PST
Subject: Clipper Death Threat
Message-ID: <2D6E4545@Pentagon-EMH9.army.mil>





 -->  The first hurdle I can see now is the eye-glaze factor for John Q. 
Public.
 -->Where can  I  find  more layman-oriented  information sources?   Like 
 these
 -->sorts:
 -->
 -->1.  Simple  explanation of cryptography, *what* not  how. Maybe  a little 
on
 -->public/private keys.
 -->
 -->2.   Why laymen, corporations, etc.  need access to strong encryption. 
 Good
 -->analogies are  needed here.  (e.g., wireless  telecom is easily 
compromised,
 -->etc.)
 -->

Corporate espionage is very common in todays business world.  This is very 
well known and documented in the press.  If I was the head of a corporation, 
I would be VERY interested in encryption technology in order to safeguard my 
corporate interests.

For individuals, it's sorta like the difference between standard snail mail 
envelopes and post cards.  The post card can be read by anyone whom the card 
passes, while an envelope makes the message inside somewhat private.  (I.E. 
it takes law enforcement to legally open the message)  While this only works 
on a very basic level to explain to a lay-person, perhaps it is a way for 
them to begin to understand.

Another way of looking at it is the difference between private phone lines 
like we have today (yes, I know, not TRUELY private, but you get the point) 
and party lines of old.


 -->3.  Why we have a right to strong encryption.

Actually, our constitution does not say we have the right to private 
communication.  It would be nice, but it's not a right.

 -->
 -->4.  How the Clipper implementation infringes on our rights.

See #3 above.  Clipper is just plain a bad idea.  Unfortunately, I suspect 
everyone's a bit late on this one.  Newspapers have already written about a 
huge purchase by several large government agencies of technology with the 
chip in place.

Funny thing is, it may end up being only our govenment who's security is 
comprimised by this action, since no one else wants anything to do with it. 
 Especially after the current mole uncovering, I begin to wonder if it's yet 
more moles who are pushing this technology forward.  After all, if there is 
a backdoor, you KNOW every country in the world will try to get in.  Of 
course, this defeats the entire purpose of security.







From tomh at bambi.ccs.fau.edu  Fri Feb 25 08:33:14 1994
From: tomh at bambi.ccs.fau.edu (Tom Holroyd)
Date: Fri, 25 Feb 94 08:33:14 PST
Subject: SecretAgent 3.0
Message-ID: <9402251631.AA16069@bambi.ccs.fau.edu>


Since this is from ATT, I have to ask: does it have backdoors for the feds?






From lyled at pentagon-emh9.army.mil  Fri Feb 25 08:35:08 1994
From: lyled at pentagon-emh9.army.mil (LYLE, DAVID R. COMPEX)
Date: Fri, 25 Feb 94 08:35:08 PST
Subject: Clipper Death Threat
Message-ID: <2D6E535B@Pentagon-EMH9.army.mil>




Sorry, didn't get a chance to finish in my previous message...


 -->4.  How the Clipper implementation infringes on our rights.
 -->

As previous message, it's not a right according to our constitution. 
 However, the argument could be made that public encryption is allowed under 
free speech in a couple of ways:

1) by preventing "the government" from listening in, persons are able to 
speak freely where normally they would not.  This would, of course, be 
superseded by the government's ability to protect itself from treason.  In 
addition, it could be argued that encryption allows people to unlawfully 
speak against others, or to incite riots, etc.

2) it could be argued that an encrypted message is nothing more than 
"another language".  Just because someone can't understand it, does not 
invalidate it.

 -->5.  Arguments for/against Clipper, key escrow, and DoJ implementation.
 -->

"Law enforcement" will always be in favor of having the ability to listen 
in.  That has and always will be of utmost concern to them.

 -->6.  Why public (read congressional) hearings are needed.
 -->    e.g. Administration rationale for clipper.
 -->         Abuse of key escrow.
 -->         Guarantee to alternative encryption.
 -->         Guarantee to import/export of encryption.
 -->

Import/Export.  This one gets tricky.  I can understand the reasons WHY the 
agencies don't want any tech exported.  Any encryption that's exported gets 
in the hands of "enemy agents" and will be worked on to be broken.  The more 
that's out there, the more that's being cracked.  What makes sense to me 
would be for each agency to develop it's OWN proprietary algorithms, which 
already exist, or develop a mix between encryption and virus software such 
that the encryption algorithm actually modifies itself over time.  This may 
ultimately be the "unbreakable" code.

Everything becomes touchy when you speak of national defense.  It is, of 
course, of vital importance.  On the other hand, it's often the most guarded 
"secrets" which are "fake" just to throw off the enemy.  Perhaps this 
clipper thing is just a trick to pull out some more moles.


               Lyled at pentagon-emh9.army.mil
*********************************************************************      -  
 --These are my opinions only, not the opinions of any other entity in 
existence at the pentagon or anywhere else for that matter ----
*********************************************************************





From sandfort at crl.com  Fri Feb 25 08:37:46 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 25 Feb 94 08:37:46 PST
Subject: Clipper Death Threat
In-Reply-To: <2D6E4545@Pentagon-EMH9.army.mil>
Message-ID: <Pine.3.87.9402250810.A29094-0100000@crl.crl.com>




On Fri, 25 Feb 1994, LYLE, DAVID R. COMPEX wrote:

>. . . 
> 
>  -->3.  Why we have a right to strong encryption. 
> 
> Actually, our constitution does not say we have the right to private 
> communication.  It would be nice, but it's not a right. 
> 

Try the 9th Amendment on for size:

"The enumeration in the Costitution, of certain rights, shall not be 
construed to deny or disparage others retained by the people."

Privacy was a long recognized right in Anglo-American juris prudence.  It 
goes all the way back to the very English idea that "a man's home is his 
castle."


 S a n d y








From mnemonic at eff.org  Fri Feb 25 08:57:57 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 25 Feb 94 08:57:57 PST
Subject: Clipper Death Threat
In-Reply-To: <Pine.3.87.9402250810.A29094-0100000@crl.crl.com>
Message-ID: <199402251658.LAA23040@eff.org>


 
> On Fri, 25 Feb 1994, LYLE, DAVID R. COMPEX wrote:
> 
> >. . . 
> > 
> >  -->3.  Why we have a right to strong encryption. 
> > 
> > Actually, our constitution does not say we have the right to private 
> > communication.  It would be nice, but it's not a right. 

The Supreme Court disagrees with David in cases ranging from 
NAACP v. Alabama to Griswold v. Connecticut.


--Mike







From sergey at delbruck.pharm.sunysb.edu  Fri Feb 25 09:38:09 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Fri, 25 Feb 94 09:38:09 PST
Subject: Stealth PGP and Stegonagraphy (Summary)
In-Reply-To: <9402250059.AA14052@anchor.ho.att.com>
Message-ID: <Pine.3.89.9402251229.A1961-0100000@delbruck.pharm.sunysb.edu>




On Thu, 24 Feb 1994 wcs at anchor.ho.att.com wrote:

> Hiding the file in deleted sectors on the disk has a number of problems.
> 1) It's highly non-portable.

Not portable in what ways?  This method of hiding files is valid on many
platforms.

> 2) If the Bad Guys are looking for contraband files, either they're competent
>    or they're not.  If they're competent, they'll certainly notice your 
>    weird drivers and TSRs holding the disk stuff around.
>    Your virus-checking software may notice it also :-)

No weird drivers or TSRs are neccessary.  You need rely only on a
commod disk-editor.  The "Bad Guys" will notice nothing out of the ordinary. 
How will virus-checking software notice anything?

> 3) If the Bad Guys aren't competent enough, you can get by either hiding
>    the file under an innocuous name (e.g. boring.dat), or you can go
>    a bit farther by using mimic functions or other steganographic techniques
>    to make the file really look like something boring.
> 

They'll notice the stegonagraphy program, though.

> 4) If the Bad Guys are competent, and they suspect you, they may try
>    using Norton UnErase or similar ommands to recover the stuff anyway.
> 

Norton UnErase won't help if you leave no traces in the FAT, have no file 
name and especially if you've used a stegonagraphic function to embed
your file in garbage of the sort that is already lying around in the 
deleted portion of the disk, or if you've split your file into many small 
pieces and scattered them around the disk.

> Fractals are a good place to hide stuff, since random-looking low-order bits
> could come from steganography, or could just be from the fractal itself;
> it's really hard to tell since it's tough to regenerate unless you know the
> precise starting parameters and machine behavior.  You could probably hide
> 4 bits per byte without major visibility instead of the 1 bit/byte you
> typically can get away with in normal gifs.
> 

Yes fractals are a good place to hide info, as opposed to regular pictures.
If you deem it wise to further hide the fractal file in the deleted 
portion of your disk, you'd gain an even further layer of security.

> More important is making sure your encryption program doesn't have
> incriminating stuff visible in it, such as "BEGIN PGP STUFF" character
> strings in the object code....
> 

Absolutely, that's what was noted in the discussion section of the 
original (Long) message.

> 	Bill
> 

Sergey







From deeb at meceng.coe.neu.edu  Fri Feb 25 09:48:14 1994
From: deeb at meceng.coe.neu.edu (Stephen Humble)
Date: Fri, 25 Feb 94 09:48:14 PST
Subject: WE WANT SELF DECRYPTING STENOGRAPHY NOW!
In-Reply-To: <9402250339.AA14924@bambi.ccs.fau.edu>
Message-ID: <9402251746.AA19468@meceng.coe.neu.edu>


tomh at bambi.ccs.fau.edu (Tom Holroyd) sez:
> a) What's stenography?

Using a little machine to write text that hardly anyone else can read,
especially in a court or other official gathering.

> b) What's stegography?

Using a little dinosaur to write text that hardly anyone else can
read.  (Watch out for little teeth and rabid animal-rights advocates.)
This technique has died out in recent years.

OTOH, steganography is a method of sending messages with improved
security by hiding them in other, innocuous-looking messages.

Stephen






From lyled at pentagon-emh9.army.mil  Fri Feb 25 09:59:22 1994
From: lyled at pentagon-emh9.army.mil (LYLE, DAVID R.)
Date: Fri, 25 Feb 94 09:59:22 PST
Subject: Clipper Death Threat
Message-ID: <2D6E671D@Pentagon-EMH9.army.mil>





 -->> >
 -->> >  -->3.  Why we have a right to strong encryption.
 -->> >
 -->> > Actually, our constitution does not say we have the right to private
 -->> > communication.  It would be nice, but it's not a right.
 -->
 -->The Supreme Court disagrees with David in cases ranging from
 -->NAACP v. Alabama to Griswold v. Connecticut.
 -->

Perhaps so, but the Supreme Court saying something does not a "right" make. 
 Free speech is a right which does NOT allow anyone to say anything they 
wish, and it does not guarantee privacy from government interferance so long 
as there is probable cause for law enforcement to interfere.

Remember as well, you must ASK the government for permission to sue it, 
which is how something gets to the Supreme Court, after possibly years of 
expenses.

Not to mention that many agencies don't NEED ANY approval to take actions. 
 Notice the FBI/CIA recent mole... they have not been found guilty, yet 
every belonging has been forfeited.  Of course, everyone's "pretty sure" 
they're guilty, but ...


***************************************************************
               Lyled at pentagon-emh9.army.mil
 - My opinions are mine alone-
***************************************************************






From sergey at delbruck.pharm.sunysb.edu  Fri Feb 25 10:02:44 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Fri, 25 Feb 94 10:02:44 PST
Subject: WE WANT SELF DECRYPTING STENOGRAPHY NOW!
In-Reply-To: <9402250339.AA14924@bambi.ccs.fau.edu>
Message-ID: <Pine.3.89.9402251245.E1961-0100000@delbruck.pharm.sunysb.edu>




On Thu, 24 Feb 1994, Tom Holroyd wrote:

> Any software for hiding data in fractals would have the problem that
> people would eventually learn to recognize the type of fractal.  Thus
> when the FBI digs through your PC, they'd find the fractals, and recognize
> them as data carriers.	Hiding data in arbitrary .jpg files would solve
> this problem, but even so, if the FBI knows there is software for
> hiding data in the low bits of .jpg files, they'd run it on all your
> pictures as a matter of course.  Naturally you'll have encrypted your
> file, but you may as well have left it on the disk as is.
> 

If you hide your files in different locations in the image every time, your
opponent will have no way of knowing which location you've chosen.  And, 
if the file has no tell-tale headers, than this method provides adequate 
security.  Mere fractal images are evidence of nothing.


Sergey







From sergey at delbruck.pharm.sunysb.edu  Fri Feb 25 10:07:16 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Fri, 25 Feb 94 10:07:16 PST
Subject: your mail
In-Reply-To: <9402250101.AA05179@en.ecn.purdue.edu>
Message-ID: <Pine.3.89.9402251208.C1961-0100000@delbruck.pharm.sunysb.edu>




On Thu, 24 Feb 1994, cort wrote:

>   When the file is executed, it will ask Ida a question that Fred
>   has set up (with her in mind).  This question will ideally be
>   answerable only by Ida.  If Ida answers correctly, her response
>   will form a key to decrypt the message.


There might be a problem in that Ida would have to phrase the answer
_exactly_ in the way that the sender has anticipated it would be phrased.

For example, Fred might ask:

"Where were we when we first kissed?"

Ida may answer:

"In the back of a dumpster truck"

Although correct, Fred may have anticipaded:

"In a dumpster truck"


There has to be a provision for unambiguous wording.  Even a question as
simple as:

"How old are you?"

may be answered in more than one way

"99"

"ninety-nine"

"99.5"

"ninety-nine and one half"

Knowing the answer yet having the program reject the "correct" answer 
time after time may frustrate your PGP-Self-Decrypt unaware user.

> It would be a nice augmentation to the PGP package!
> 

Why use PGP?  As I understand it, the virtue of PGP lies in it's 
handling of public and secret keys.  Any semi-secure algorythm may be 
used with a self-decrypt program.

> Cort.
> -- 
> cort at cc.purdue.edu
> 


Sergey







From sergey at delbruck.pharm.sunysb.edu  Fri Feb 25 10:09:15 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Fri, 25 Feb 94 10:09:15 PST
Subject: WE WANT SELF DECRYPTING STENOGRAPHY NOW!
In-Reply-To: <9402250349.AA19644@andria.lehman.com>
Message-ID: <Pine.3.89.9402251322.F1961-0100000@delbruck.pharm.sunysb.edu>




On Thu, 24 Feb 1994, Perry E. Metzger wrote:

> 
> Tom Holroyd says:
> > Any software for hiding data in fractals would have the problem that
> > people would eventually learn to recognize the type of fractal.  Thus
> > when the FBI digs through your PC, they'd find the fractals, and recognize
> > them as data carriers. Hiding data in arbitrary .jpg files would solve
> > this problem, but even so, if the FBI knows there is software for
> > hiding data in the low bits of .jpg files, they'd run it on all your
> > pictures as a matter of course.  Naturally you'll have encrypted your
> > file, but you may as well have left it on the disk as is.
> 
> Precisely a point I've been making for some time.

Hide your file in random locations in the image every time.  The image 
will be useless to your opponent, unless the hidden file has a 
standard header.

> 
> We are safest if we quickly deploy so much crypto that grandmothers
> are using it and they EXPECT it everywhere. That way, crypto is not a
> signal that something is unusual. 

That would be nice.  Clipper may be widespread sooner, though.

> Steganography never took off as a
> science largely because it is such a weak form of protection, almost
> inherently. As soon as they SUSPECT steganography you have immediately
> lost any safety you may have had.

Not at all!  Lets say hiding data in multi-megabyte core files becomes 
fasionable.  Your opponent suspects stegonagraphy.  What part of that 
core file are they going to analyze?  Assuming that no standard as to the 
location, size, or header of the file hidden within the core file exists 
your opponent has nothing to go on.  EFFECTIVE STEGONAGRAPHY!

> 
> I'm very much in favor of simply openly using crypto, as often as
> possible and as visibly as possible.
>

It may not be possible for long.

"Clipper is coming!
 The geese are getting fat!
 Please put a penny in they cypherpunks hat!"

:)

> Perry
> 






From Tentacle at Medusa.Conspiracy.Org  Fri Feb 25 10:09:32 1994
From: Tentacle at Medusa.Conspiracy.Org (Tentacle at Medusa.Conspiracy.Org)
Date: Fri, 25 Feb 94 10:09:32 PST
Subject: lists of U.S. cypherpunks and Tentacles.
Message-ID: <199402251724.AA00791@xtropia>


Fellow Tentacles,
Does there exist lists of Tentacles and CypherPunks who
are U.S. citizens with U.S. email addresses?

Such a list would be useful to code creating cypherpunks
who wish to distribute code widely in the U.S., but who
do not wish to become involved in the Crypto Exportation
hassles.

If such a list does not exist, why not create one?

Yours in Conspriacy
Tentacle at Medusa.Conspiracy.org





From mnemonic at eff.org  Fri Feb 25 10:18:26 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 25 Feb 94 10:18:26 PST
Subject: Clipper Death Threat
In-Reply-To: <2D6E671D@Pentagon-EMH9.army.mil>
Message-ID: <199402251818.NAA25144@eff.org>


 
David Lyle writes:

>  -->The Supreme Court disagrees with David in cases ranging from
>  -->NAACP v. Alabama to Griswold v. Connecticut.
>  -->
> 
> Perhaps so, but the Supreme Court saying something does not a "right" make. 

Sure it does. Because the Supreme Court interprets the Constitution in a
way that's binding on all American government.

Take voting for example. The Constitution doesn't mention your right
to vote. The Supreme Court says your right to vote is implied by the
Constitution. Now, are you ready to assert that the Supreme Court is wrong
about this?

I thought not.


--Mike







From julf at penet.fi  Fri Feb 25 10:42:15 1994
From: julf at penet.fi (Johan Helsingius)
Date: Fri, 25 Feb 94 10:42:15 PST
Subject: lists of U.S. cypherpunks and Tentacles.
In-Reply-To: <199402251724.AA00791@xtropia>
Message-ID: <199402251841.AA09147@lassie.eunet.fi>



> Fellow Tentacles,
> Does there exist lists of Tentacles and CypherPunks who
> are U.S. citizens with U.S. email addresses?
> 
> Such a list would be useful to code creating cypherpunks
> who wish to distribute code widely in the U.S., but who
> do not wish to become involved in the Crypto Exportation
> hassles.

Uh... I, of course, am a bona fide citizen. Was just about to announce
my new server in Frankfurt, Arkansas. But as I am having minor problems
with my system, my e-mail address currently *appears* to be in Finland.
But rest assured all stuff automatically gets rerouted to AK, and doesn't
go outside the states. By the way, do you know any service providers who
accept payments for Internet connections in rubles, caviar and vodka?
And any hints on nice real estate in the caribbean.

Oh yes,  ;-) ;-) ;-)

	Julf






From tcmay at netcom.com  Fri Feb 25 10:54:47 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 25 Feb 94 10:54:47 PST
Subject: ironic
In-Reply-To: <9402250021.AA13220@anchor.ho.att.com>
Message-ID: <199402251855.KAA03310@mail.netcom.com>



> On the other hand, the papers did make a big deal about how they used
> wiretaps to help catch the guy, and that they've known about him for a while;
> is this all timed to support the "voluntary" Clipper and the 
> mandatory Digital Telephony wiretap projects?
> 
> # Bill Stewart  AT&T Global Information Solutions, aka NCR Corp

I could have sworn I heard something on CNN a few days ago about how
his home PC was also tapped/monitored to collect incriminating
evidence. Listening in with vans full of RF gear wouldn't surprise me.
After all, this is precisely where our abstract discussions of TEMPEST
meet reality.

The moral: If you're planning to pass secrets to the Russians, learn
some tradecraft! (I was amazed at the ineptness of Ames, a senior CIA
guy, in leaving such a trail. And amazed at the ineptness of his
superior at the Agency for not checking up on him (they flutter
employees only every 5 years, and he apparently passed). Finally, at
the ineptness of his KGB handlers for not advising him to avoid things
like paying cash for a house, Jaguar, Mercedes, etc.

Don't _any_ of them read Ludlum?

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From cowen at glia.biostr.washington.edu  Fri Feb 25 11:39:58 1994
From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu)
Date: Fri, 25 Feb 94 11:39:58 PST
Subject: No Subject
Message-ID: <9402251950.AA02548@glia.biostr.washington.edu>


 Of course we could always send all our mail in code. work up a number or
 letter code for everything, then code that again. and ony the ones witht he code key get mail
 seems like that should put a damper on anything that the "big brothers"
 of the world could do to you. at least for normal traffic. even if they
 have a clipper chip on the lines. you the user, will have a code that they must brake first
 then all you have to do is change the code every day or so.
 that should get them (( unnamed foes )) back for reading your
mail.

   just a few thoughts, from a puzzle freak.
charles the monster maker






From hugh  Fri Feb 25 11:45:19 1994
From: hugh (Hugh Daniel)
Date: Fri, 25 Feb 94 11:45:19 PST
Subject: Droped messages...
Message-ID: <9402251945.AA03115@toad.com>


  Last week toad.com had some problems with the cypherpunks mail list,
in cleaning up from all that (megs and megs worth of gunk) I found two
messages that I do not think got out to the list.
  Here they are (I could find no headders for them).
  Majordomo seems to be doing a great job, the load on toad.com is
down and messages are geting though much faster.  Ah, the power of
software!
		||ugh Daniel
		Your Sometimes Postmaster
		hugh at toad.com

-------- Mystery Message #1:

Phil Karn says...
> 
> >I have a program called direct to disk from OMI that lets me load
> >audio data from an Apple CD-SC300 or the Toshiba mech, outputting
> >AIFF, Sound Designer II and several other file formats.  The AIFF and
> >SDII formats are stereo 16-bit 44.1kHz; usually the QuickTime formats
> >are 8 bit.  So the AIFF and SDII formats have the full bit stream.
> 
> Not necessarily. It's possible that the data you see has been
> converted to analog and then back to digital. Many multimedia
> CD-ROM/sound card systems have this capability, but are not able to
> read the raw bits from a music CD.

No, the Sony and Toshiba drives have firmware that supports reading 
digital audio data (via SCSI).  

OMI's program Disk to Disk (excuse my type before hand) digitally reads 
the audio frames from the CD-ROM and converts it into one of the various 
sound formats popular on the Mac.  The AIFF and SDII formats are not 
compressed, they are full 16-bit formats.  They are also well documented, 
so it is easy to dissect and process these files, for whatever purpose 
you have in mind.

So, I am actually geting a true digital copy.  Even more accurate 
than if I was taking the S/P-DIF digital out on a CD player and sucking 
it into a computer, because the S/P-DIF digital out comes after the error 
correction and interpolation circuitry.  (Digital out on a CD player is 
not raw data off the disc.)

There is also no way that what I am doing could go through an 
analog stage because there is no audio connection between my Mac and
the CD-ROM.

> 
> You wouldn't be able to tell by listening, but it would certainly throw
> a wrench in the works if you tried to do steganography that way.

Actually, I use this setup to compare different pressing of one-off CDs,
we were trying to track down some glitches in the JVC CD-R mechanism when 
recording red-book audio disks.

I'm interested in persuing this further, it would be real intersting to
produce some audio disks with embedded information.  Let me know if you
are interested.

---
Rusty H. Hodge, Cyberneticist  <rustman at netcom.com> 


-------- Mystery Message #2:

> A set of remailers isolated from a restriction cooperative is a fully
> operative set of remailers.  Adding them to the killfile doesn't
> prevent these remailers from directly posting and directly mailing.

But it restricts the political heat from wide-open remailing to
those remailers who accept it.  This isn't ideologically pure,
but it might let more people run remailers in the face of people
like Detweiler (who has already attacked one and likely two
remailers).

   Eli   ebrandt at jarthur.claremont.edu





From cowen at glia.biostr.washington.edu  Fri Feb 25 11:52:14 1994
From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu)
Date: Fri, 25 Feb 94 11:52:14 PST
Subject: No Subject
Message-ID: <9402252002.AA02604@glia.biostr.washington.edu>


re: the newsday article of feb 22.
 
 okay fine, but does this person also like the no gun law. geesh.
 they write about how the gov't can be so good for us, and yes in most
 cases i argee,, but one mistake and the whole of clipperdom would be
 compermized, and do you know how much spying goes on today.
 well just imagine ten times that because if i had both halves of hte
 clipper code, i could ruin everyones day. or rule a lot more than i do
 now i am a simple peon. i don't see me ever getting ahold of the 
 codes needed, but just look at the spy that got caught. he could
 have gottent he codes if they had been around
 he could have sold them to anyone. or used them himself!!
 
 sure we need protection. but what cost are we willing to pay
 our freedom?

 charles the monster maker







From jim at Tadpole.COM  Fri Feb 25 12:03:52 1994
From: jim at Tadpole.COM (Jim Thompson)
Date: Fri, 25 Feb 94 12:03:52 PST
Subject: Droped messages...
Message-ID: <9402252004.AA00881@chiba.tadpole.com>



>From the looks of it, the DAT copy protection stuff has just been worked around.




From TCJones at DOCKMASTER.NCSC.MIL  Fri Feb 25 12:09:22 1994
From: TCJones at DOCKMASTER.NCSC.MIL (TCJones at DOCKMASTER.NCSC.MIL)
Date: Fri, 25 Feb 94 12:09:22 PST
Subject: dockmaster addresses
Message-ID: <940225200822.762659@DOCKMASTER.NCSC.MIL>


Cypherpunks:

I note that at least one of you (who won't say who he is) wondered about
communications from this address.  This address has one very appealing
feature to me, it is company independant; that is, if I should move
around, I get to keep the address.  I started this before the acm begain
their redirection effort, so now if you wish to reach me, you can email
to peace at acm.org.  That does sound much better doesn't it?

I must echo some other sentiments that I have heard from others around
here ..  an issue that gets lost a lot on the majority of internet lists
(including PEM-DEV) where company affiliation carries a very large
amount of baggage.  Namely

I am who I am, and that's all that I am.

I'm ..Peace ..Tom





From mpd at netcom.com  Fri Feb 25 12:55:19 1994
From: mpd at netcom.com (Mike Duvos)
Date: Fri, 25 Feb 94 12:55:19 PST
Subject: Compiling Magic Money Under BC++ 3.1 IDE
Message-ID: <199402252056.MAA21889@mail.netcom.com>


Earlier this morning I grabbed the latest version of Magic Money
from csn.org and compiled it under the Borland C++ 3.1 IDE. Since
the Borland C compiler is one of the more paranoid ones around, I
thought I would briefly list the things I had to do in order to
get zero warnings and zero errors.

The sources I started with were MGMNY10E.ZIP and PGPTL10C.ZIP.

After #defining MSDOS you will find that it is a good idea to
#include <stdlib.h> in almost every module.  This prototypes
quite a few of the commonly used functions which would otherwise
cause the compiler to complain.  A few modules will require
<mem.h>, <string.h>, and <time.h> since they call functions in
these modules which are not in <stdio.h> or <stdlib.h>.

The C library function "randomize" is defined in <stdlib.h>. This
conflicts with the Magic Money function of the same name which
initializes the MD5 based RNG used to generate coin ids. I
changed the name of the Magic Money one to "random_init".

There is no prototype for pgp_randombyte.  Since this function
returns "byte", not "int", this could be painful on any compiler
which treats these types of function returns differently.
Complete prototypes for (*output) and (*lookup) need to be
provided in the function header of pgp_check_sigs and also for a
different function pointer (*output) used in PGPKGEN.

The Borland compiler always warns on "if (a=b)" because it
assumes the user mistyped "if (a==b)".  To get rid of the
warning, you have to say "if (0!=(a=b)) which is optomized out by
the compiler.  This occurs in a number of places, including the
macro for multiplication mod 65537 in idea.c.

There is a reference to an undefined pgp_pubkey in fifo.c which
goes away if you #include "pgptools.h".  You then also have to
toss in "mpilib.h" and "md5.h" to make "pgptools.h" happy.

It appears that mpilib.c has been persuaded to compile the UPTON
modmult instead of the SMITH modmult.  Unfortunately, there are a
few modules which fail to #include the definition of UPTON and
still call stage_smith_modulus and smith_modmult.  Sticking in a
#define to UPTON at the top of "mpilib.h" fixes this.

The conditional code which allows prior definition of external
versions of mp_setp, mp_addc, mp_subb, mp_smul, and mp_rotl
written in assembly language for some strange reason causes the
compiler to generate externals to _P_SETP, _P_ADDC, _P_SUBB,
_P_SMUL, and _P_ROTL instead of _mp_setp, _mp_addc, _mp_subb,
_mp_smul, and _mp_rotl in modules which reference these routines.
It does not seem to have this effect in mpilib.c where these
routines are defined.  Deleting the corresponding #ifdefs cures
this.

The compiler correctly points out that pgp_extract_rsa never uses
the variable "pk" passed to it.  At the cost of a few machine
cycles, you can silence the compiler by putting "pk=pk" as the
first executable statement in this function.

The function pgp_randombyte hashes a variable "time" without
first initializing its value.  It might be nice to change "time"
to "timestamp" and do a "time(&timestamp) unless it was the
authors intention to utilize uninitialized memory.  If the server
is executed more than one time within a second, it can generate
indentical random values.  This could be a problem when
batch-processing mail. Including a fast timer register in the MD5
hash in addition to the time of day in seconds would likely
eliminate this risk.

The program uses "safemalloc" and "mm_safeopen" to access memory
and files, but does a very large number of "fread" and "fwrite"
calls without checking to see if they completed successfully.  A
"safefread" and "safefwrite" might be a good idea so the server
does not continue happily on as the hash file fills up the disk.

I was thinking I might put the DOS executables for Magic Money in
my FTP directory, in case anyone wants to play with them but
doesn't wish to compile them from source.  Send me some mail if
you would like me to do this.


-- 
     Mike Duvos         $    PGP 2.3a Public Key available    $
     mpd at netcom.com     $    via Finger.                      $





From warlord at MIT.EDU  Fri Feb 25 12:56:04 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Fri, 25 Feb 94 12:56:04 PST
Subject: your mail
In-Reply-To: <9402251519.AA20453@jungle.meaddata.com>
Message-ID: <9402252055.AA17995@toxicwaste.media.mit.edu>


> Although I'm still uncomfortable about the non-crypto user key, there is
> a simple solution to the problem of executable/data transmission:
> 
> Send it as Perl, Postscript, Tcl, whatever.

You are assuming that I (I being every possible recipient) have PERL
available!  While in my particular case this is probably not a bad
assumption, it is a horrible assumption in the long-run.  What about
people with their 20M IBM PC-XT DOS machines?  They probably don't
have PERL.  And I *know* that most Mac users do not have PERL.

I'm not saying that PERL would be a bad thing to use.  You could also
theoretically use sh and cc!  But the problem is you have to assume
that *every* user has these available, and that is a bad assumption.
If you are going to assume that, you might as well assume that they
have PGP and save all the trouble!  Why not just assume they have PGP
and generate a file which will execute PGP on itself?  That solves the
problem, and is secure. (Well, it doesn't solve the problem of a user
running a random exacutable sent in the mail).

BTW: I must apologize for interchanging "binary" for "exacutable"...
I tend to do it a lot, and in the context I confused the topic.  When
I said that the problem was sending a binary for every machine, I
meant the problem was creating something that could execute on every
machine.  While PERL is a compromise, it is definitely not the panacea
to this problem.  Do you want to target certain architechtures?  I
hope not.

Just use PGP.  Remember, PERL is the wrong solution to every problem. ;-)

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
         PGP key available from pgp-public-keys at pgp.mit.edu
            warlord at MIT.EDU       PP-ASEL        N1NWH






From gnu  Fri Feb 25 12:58:42 1994
From: gnu (gnu)
Date: Fri, 25 Feb 94 12:58:42 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
Message-ID: <9402252058.AA04180@toad.com>


There appears to be no FOIA exemption that would justify withholding
the key escrow databases which Treasury and NIST are building.  (The
keys are not tied to any individual, so individual privacy isn't a
valid exemption.  The database isn't classified.  Etc.)  I have asked
for a copy of each database, in toto.  Letters were sent yesterday.
One is reproduced below; the other is identical except for the
addressee and minor details.

You too can do things like this.  It's fun and it occasionally
produces highly useful information.  Just think of something that the
government knows, and has written down on paper, that you want to
know.  Ask them for it.  You have the right to know.  They're spending
your taxes to subjugate you, and they're required to answer, though
almost all agencies do it grudgingly.  Post your request to the net,
so that we-all will know it's happening, and can be inspired to think
of other interesting things to ask for.

You don't need all the boilerplate below about exemptions and time
limits and stuff; that is to put the agencies on notice that we will
push them in court, if necessary, to be responsive.  Or you can use
our boilerplate in your own requests, if you like.  Alter the "media
requester" section to suit your own situation.

	John

law office of
Lee Tien
1452 Curtis Street
Berkeley, California  94702
_______________ 
  tien at well.sf.ca.us      
voice:  (510) 525-0817
fax:  (510) 525-3015


February 24, 1994

Reference:  KEY ESCROW DATABASE-TREASURY


Departmental Disclosure Office
Department of the Treasury
Room 1054-MT
Washington, D.C.  20220
ATTN:  FOIA request

Dear Sir or Madam:

This is a request under the Freedom of Information Act [5 
U.S.C. Sec. 552] on behalf of my client, Mr. John Gilmore.  

I write to request a copy of all agency records or portions 
thereof, in electronic or other form, which relate to the database of 
escrowed key components for encryption using the key escrow 
encryption method.  The Attorney General announced on Friday, 
February 4, 1994, that the Automated Systems Division of the 
Department of the Treasury will be one of the two escrow agents.  


This request includes your database of the escrowed key 
components.  This request also includes any ancillary information 
about the database, such as data formats, procedures, standards, 
access methods, memos and documents about its use, access 
software, plans, etc.  If the database itself is stored in encrypted 
form, then this request also includes the computer programs and 
keys required to access it. 

We specifically request that you make the database available in 
electronic form, such as on magnetic tape.  We remind you that the 
long-standing rule that the FOIA "makes no distinction between 
records maintained in manual and computer storage systems," 
Yeager v. D.E.A., 678 F.2d 315, 321 (D.C.Cir. 1982), has recently 
been amplified in Armstrong v. Executive Office of the President, 
810 F.Supp. 335 (D.D.C. 1993).  Any paper print-outs of electronic 
records, such as e-mail, must include all information in the 
electronic record.  Assuming that there would be no loss of 
releasable information, such as written comments made on paper 
print-outs, we therefore ask you to release all responsive electronic 
records in electronic, i.e., machine-readable, form.  

As you know, the FOIA provides that an agency must make an 
initial determination of whether to comply with a FOIA request 
within ten working days of receiving the request.  

If the records that you possess were originated or classified by 
another organization, I ask that your organization declassify them 
(if needed) and release them to me, as provided in the FOIA, 
within the statutory time limits.  If there is a conflict between the 
statutory time limits and some regulation or policy that requires 
you to refer the records, the statutory requirement takes precedence 
over any Executive-branch regulation, policy or practice.  

Congress placed a limit on the time which may be expended in 
referrals.  The FOIA explicitly provides that referrals to other 
interested agencies or agency components are treated under the 
provision for "unusual circumstances," and cannot justify a delay 
of more than an additional 10 working days.  5 U.S.C. Sec. 
552(a)(6)(B)(iii).   

"[W]hen an agency receives a FOIA request for 'agency 
records' in its possession it must take responsibility for processing 
the request.  It cannot simply refuse to act on the ground that the 
documents originated elsewhere."  McGehee v. C.I.A., 697 F.2d 
1095, 1110 (D.C. Cir. 1983).   Even records originated by other 
agencies are subject to immediate release under the applicable case 
law, if they were at the time of the request in the possession and 
control of your agency.

Simply put, the FOIA and the case law take precedence over 
executive branch regulations or practices regarding referrals.  If 
you do refer documents to any other agency, and they are not 
provided within the time limits, we intend to litigate on this 
point.

As you know, the FOIA provides that even if some requested 
material is properly exempted from mandatory disclosure, all 
segregable portions must be released.  [5 U.S.C. Sec. 552(b)]  If any 
or all material covered by this request is withheld, please inform 
me of the specific exemptions that are being claimed, and mark all 
deletions to indicate the exemption(s) being claimed to authorize 
each individual withholding.  If the (b)(3) exemption is claimed, 
please indicate the relevant withholding statute(s).

If any records are withheld, I request a Vaughn index or its 
equivalent during the administrative process.  "[T]he objective of 
the Vaughn requirements, to permit the requesting party to present 
its case effectively, is equally applicable to proceedings within the 
agency."  Mead Data Central v. Department of the Air Force, 402 
F.Supp. 460 (D.D.C. 1974), remanded, 566 F.2d 242 (D.C. Cir. 
1977) aff'd, 575 F.2d 932 (D.C. Cir. 1978).  

"[A] person cannot effectively appeal a decision about the 
releasability of documents ... if he is not informed of at 
least a list of the documents to which he was denied access 
... and why those decisions were made.  Denial of this 
information would in all likelihood be a denial of due 
process as well as effectively gutting the reasons for 
applying the exhaustion doctrine in FOIA cases."

Shermco Industries, Inc. v. Secretary of the Air Force, 452 F.Supp. 
306, 317 n.7 (N.D. Tex. 1978); see Oglesby v. Department of the 
Army, 920 F.2d 57, 65 (D.C. Cir. 1990) (citing Shermco).   It 
should be simple to prepare a list and the claimed exemptions as 
the records are processed.  Disclosing such information would not 
disclose any exempt information and it would make it easier to 
appeal your initial determination on the merits.  

In addition, I ask that your agency exercise its discretion to 
release information that may be technically exempt.  As you know, 
the Attorney General on October 4, 1993, directed that agencies 
should administer the FOIA under a presumption of disclosure, and 
that information which need not be withheld should not be.

I remind you that under Chrysler v. Brown, 441 U.S. 281, 293 
(1979), the 5 U.S.C. Sec. 552(b) exemptions are discretionary, not 
mandatory.  An agency can generally choose to release exempt 
information.  This discretionary review process for withholding 
cannot take precedence over the law, which requires a response 
within specified time limits.  Moreover, that discretion, according 
to the Attorney General's October 4, 1993 memorandum, must be 
exercised in accordance with a presumption of disclosure.  Even if 
a substantial legal basis exists for withholding, information is not 
to be withheld unless it need be.  

I also request that fees be waived because Mr. Gilmore should 
be deemed a media requester by your agency for FOIA purposes, 
and because the public interest would be furthered by a fee waiver.  


The D.C. Circuit Court of Appeals has held that "a 
representative of the news media is, in essence, a person or entity 
that gathers information of potential interest to a segment of the 
public, uses its editorial skills to turn the raw materials into a 
distinct work, and distributes that work to an audience."  National 
Security Archive v. Department of Defense, 880 F.2d 1381, 1387 
(D.C.Cir. 1989), cert. denied 494 U.S. 1029 (1990).  

This definition applies strongly to Mr. Gilmore, who is a co-
founder and director of the Electronic Frontier Foundation (EFF), a 
Washington, D.C.-based public interest organization.  The EFF has 
been intimately involved in policy discussions concerning key 
escrow encryption and distributes information to the public by 
newsletter and electronic distribution about this and other topics 
involving civil liberties.   Mr. Gilmore is also a skilled computer 
programmer who has spent the last ten years distributing his work 
for public use to a worldwide audience on the Internet and the 
Usenet.  

Mr. Gilmore is also entitled to a fee waiver because "disclosure 
of the information is in the public interest because it is likely to 
contribute significantly to public understanding of the operations 
or activities of the government and is not primarily in the 
commercial interest of the requester."  

There exists a tremendous public debate over the wisdom and 
legality of the key escrow encryption plan, as I am sure you are 
well aware.  Your agency's database is clearly an operation of the 
government in which the public has a great interest.  The Vice 
President himself has publicly expressed doubt about the 
delegating key escrow responsibilities to agencies which are part of 
the executive branch.  The information requested herein relates to 
such doubt.  This information is not yet in the public record, so the 
request makes a substantial contribution to the public 
understanding.  

This request is not primarily in the commercial interest of Mr. 
Gilmore.  He will not benefit financially from this information in 
any way.  He intends to disseminate the requested records widely 
and freely to inform this public debate.   

Should there be any problem in this regard, Mr. Gilmore 
promises to pay up to $1000 in fees, and you should therefore 
begin processing of this request without fee-related delays.  

As provided under the FOIA, I will expect a reply within ten 
(10) working days.  


Sincerely,



Lee Tien
Attorney at Law
On behalf of Mr. John Gilmore





From sdw at meaddata.com  Fri Feb 25 13:00:17 1994
From: sdw at meaddata.com (Stephen Williams)
Date: Fri, 25 Feb 94 13:00:17 PST
Subject: your mail
In-Reply-To: <9402252055.AA17995@toxicwaste.media.mit.edu>
Message-ID: <9402252100.AA21777@jungle.meaddata.com>


> 
> > Although I'm still uncomfortable about the non-crypto user key, there is
> > a simple solution to the problem of executable/data transmission:
> > 
> > Send it as Perl, Postscript, Tcl, whatever.
> 
> You are assuming that I (I being every possible recipient) have PERL
> available!  While in my particular case this is probably not a bad
> assumption, it is a horrible assumption in the long-run.  What about
> people with their 20M IBM PC-XT DOS machines?  They probably don't
> have PERL.  And I *know* that most Mac users do not have PERL.

All of those will run perl and it is much more readily available.
For most Unix systems, Perl is there by default.  (If the sysadmin 
does much.)

It is an improvement over MSDOS executables.

> Just use PGP.  Remember, PERL is the wrong solution to every problem. ;-)

Could be.  I'm not a Perl expert yet, but I'm working on adding it to
my multitude of languages.

> -derek

sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net sdw at meaddata.com
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together




From lyled at pentagon-emh9.army.mil  Fri Feb 25 13:09:44 1994
From: lyled at pentagon-emh9.army.mil (LYLE, DAVID R.)
Date: Fri, 25 Feb 94 13:09:44 PST
Subject: Clipper Death Threat
Message-ID: <2D6E93BB@Pentagon-EMH9.army.mil>




 -->David Lyle writes:
 -->
 -->>  -->The Supreme Court disagrees with David in cases ranging from
 -->>  -->NAACP v. Alabama to Griswold v. Connecticut.
 -->>  -->
 -->>
 -->> Perhaps so, but the Supreme Court saying something does not a "right" 
make.
 -->
 -->Sure it does. Because the Supreme Court interprets the Constitution in a
 -->way that's binding on all American government.
 -->
 -->Take voting for example. The Constitution doesn't mention your right
 -->to vote. The Supreme Court says your right to vote is implied by the
 -->Constitution. Now, are you ready to assert that the Supreme Court is 
wrong
 -->about this?
 -->
 -->I thought not.
 -->
 -->

Actually, voting is not a "right" as such.  It can be revoked by the 
government, and is revoked for all convicted felons.

 -->--Mike
 -->
 -->
 -->
 -->





From mnemonic at eff.org  Fri Feb 25 13:13:38 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 25 Feb 94 13:13:38 PST
Subject: Clipper Death Threat
In-Reply-To: <2D6E93BB@Pentagon-EMH9.army.mil>
Message-ID: <199402252114.QAA00444@eff.org>



David Lyle writes:
 
> Actually, voting is not a "right" as such.  It can be revoked by the 
> government, and is revoked for all convicted felons.

Does this mean your right to freedom of speech is not a "right," since
the government can limit the free speech of convicted felons? The
government is even more restrictive of the 4th Amendment rights
of convicted felons, so are you saying that the 4th Amendment is not
a "right as such"?


--Mike







From lyled at pentagon-emh9.army.mil  Fri Feb 25 13:14:09 1994
From: lyled at pentagon-emh9.army.mil (LYLE, DAVID R.)
Date: Fri, 25 Feb 94 13:14:09 PST
Subject: Clipper Death Threat
Message-ID: <2D6E94BC@Pentagon-EMH9.army.mil>




 -->
 -->On Fri, 25 Feb 1994, LYLE, DAVID R. COMPEX wrote:
 -->
 -->>. . .
 -->>
 -->>  -->3.  Why we have a right to strong encryption.
 -->>
 -->> Actually, our constitution does not say we have the right to private
 -->> communication.  It would be nice, but it's not a right.
 -->>
 -->
 -->Try the 9th Amendment on for size:
 -->
 -->"The enumeration in the Costitution, of certain rights, shall not be
 -->construed to deny or disparage others retained by the people."
 -->
 -->Privacy was a long recognized right in Anglo-American juris prudence.  It 

 -->goes all the way back to the very English idea that "a man's home is his
 -->castle."
 -->

Sandy, please re-read what I said... "private communication".  If this were 
a right, then wiretapping AT ALL would be illegal, and it is not.

Don't get me wrong.  I am all for private communications.  I'm very much 
against restricting the public's access to encryption technology.  What gets 
me is when everyone runs around saying "this is a right".

                    lyled at pentagon-emh9.army.mil
 -->
 --> S a n d y
 -->
 -->
 -->
 -->





From tcmay at netcom.com  Fri Feb 25 13:22:08 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 25 Feb 94 13:22:08 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
In-Reply-To: <9402252058.AA04180@toad.com>
Message-ID: <199402252122.NAA25937@mail.netcom.com>


John,

That's a brilliant (and deliciously devious) move! It never would've
occurred to me that the key escrow database held by Treasury--or even
parts of it--could be sprung loose with a FOIA request. I still have
my doubts, but your actions will certainly force some issues to the
fore.

Could the result be a change of the database holders to nominally
private firms, such as MITRE (actually a spook front) or Science
Applications Inc.? Or even organizaitions like the ACLU and CPSR
(which were proposed by some as escrow database holders)? Would this
exempt the Feds from the FOIA requests?

--Tim

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From mnemonic at eff.org  Fri Feb 25 13:22:51 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 25 Feb 94 13:22:51 PST
Subject: Clipper Death Threat
In-Reply-To: <2D6E94BC@Pentagon-EMH9.army.mil>
Message-ID: <199402252123.QAA00774@eff.org>


 
David Lyle writes:

> Sandy, please re-read what I said... "private communication".  If this were 
> a right, then wiretapping AT ALL would be illegal, and it is not.

Are you saying that if 4th Amendment were really a right, then there'd be
no searches and seizures? Wonder why they call it a "Bill of Rights."


--Mike






From lyled at pentagon-emh9.army.mil  Fri Feb 25 13:23:55 1994
From: lyled at pentagon-emh9.army.mil (LYLE, DAVID R.)
Date: Fri, 25 Feb 94 13:23:55 PST
Subject: Clipper Death Threat
Message-ID: <2D6E9708@Pentagon-EMH9.army.mil>




 -->> Actually, voting is not a "right" as such.  It can be revoked by the
 -->> government, and is revoked for all convicted felons.
 -->
 -->Does this mean your right to freedom of speech is not a "right," since
 -->the government can limit the free speech of convicted felons? The
 -->government is even more restrictive of the 4th Amendment rights
 -->of convicted felons, so are you saying that the 4th Amendment is not
 -->a "right as such"?
 -->

Good question... what exactly is a "right"?  To me, a right is something 
that cannot be removed from any citizen.  I would like to see privacy as a 
right.  However, at what point do you draw the line?  When does privacy 
interfere with someone else's rights?

Freedom of speech has never been a right.  A lot of people think it is.  But 
go out on a street corner and try to incite a riot.  See what happens.  Or 
threaten someone.  Or commit treason.  Speech is not a right.

I don't pretend to have all the answers.  But I see a lot of folks very 
mis-informed about the difference between a right and a benefit of 
citizenship.


               lyled at pentagon-emh9.army.mil





From mnemonic at eff.org  Fri Feb 25 13:30:36 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 25 Feb 94 13:30:36 PST
Subject: Clipper Death Threat
In-Reply-To: <2D6E9708@Pentagon-EMH9.army.mil>
Message-ID: <199402252130.QAA00965@eff.org>


 
David Lyle:

> Good question... what exactly is a "right"?  To me, a right is something 
> that cannot be removed from any citizen.

In that case, we don't have any rights. 

> I would like to see privacy as a 
> right.  However, at what point do you draw the line?  When does privacy 
> interfere with someone else's rights?

Try reading the cases.

> Freedom of speech has never been a right.  A lot of people think it is.  But 
> go out on a street corner and try to incite a riot.  See what happens.  Or 
> threaten someone.  Or commit treason.  Speech is not a right.

You are defining "right" differently from the way it is defined in the
Constitution and elsewhere.

Now that I understand you to be using the word in a special, personal way,
I see no need to discuss it further on this list or elsewhere.


--Mike







From smb at research.att.com  Fri Feb 25 13:35:43 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 25 Feb 94 13:35:43 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
Message-ID: <9402252135.AA04902@toad.com>


I confess -- I expect one of two outcomes.  First, they may say that
the database is classified, if only at the level of ``For Official
Use Only''.  Second, maybe they will release it -- but remember that
the keys are stored encrypted.  Can you file an FOIA request for the
key, too?





From wex at media.mit.edu  Fri Feb 25 13:52:03 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Fri, 25 Feb 94 13:52:03 PST
Subject: Who makes de law de Law...
In-Reply-To: <199402251818.NAA25144@eff.org>
Message-ID: <9402252151.AA17822@media.mit.edu>


Mike G has been arguing that the Supreme Court's assertion makes something
the law of the land, as if it had been written into the Constitution (e.g.
voting rights).

However, Mike knows as well as anyone that the S.C. is a 4-D function and
that what is true for one location of the S.C. in
time/space/composition/subject-matter is not necessarily true for another
point in that 4-space.

EG: Blackmun has just come out asserting that he now categorically opposes
the death penalty.

Thus, it's a variable question as to what are and are not our rights, no
matter what the S.C. says.  Some day they may decide that voting is not a
right (they already don't allow convicted felons to vote).

--Alan





From wex at media.mit.edu  Fri Feb 25 14:01:11 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Fri, 25 Feb 94 14:01:11 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
Message-ID: <9402252201.AA18947@media.mit.edu>


I second Tim's sentiment that this is a *wonderful* move on John's part.

Can you also FOIA the "family" keys?  Or are they likely to be part of this
database?

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group	wex at media.mit.edu
Voice: 617-258-9168 Page: 617-945-1842		na53607 at anon.penet.fi
We are Chaos Boys.  We are coming to a paradigm near you.





From wcs at anchor.ho.att.com  Fri Feb 25 14:01:23 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 25 Feb 94 14:01:23 PST
Subject: Clipper FOIA ! :-)
Message-ID: <9402252200.AA27599@anchor.ho.att.com>


Very nice.  Another interesting FOIA victim would be the NSA - while the
designs for the stuff are presumably classified, they may not have thought
to classify the rules for accessing the data, or the plans for
loading keys onto chips (which they had given Dorothy Denning to announce
but have since said the design will be different.)
The design of the "black box" for law-enforcement agency use,
except for the skipjack and maybe LCM-1 portions, may also be unclassified;
if not, then the number of them made, plans/schedule for making them,
cost, plans for distributing, etc. may be FOIA-able.
		Bill





From cme at sw.stratus.com  Fri Feb 25 14:01:53 1994
From: cme at sw.stratus.com (Carl Ellison)
Date: Fri, 25 Feb 94 14:01:53 PST
Subject: what is a right?
Message-ID: <199402252201.RAA00241@galt.sw.stratus.com>


lyled at pentagon-emh9.army.mil writes:

>
>
>Good question... what exactly is a "right"?  To me, a right is something
>that cannot be removed from any citizen.  

Life can be removed so there must be no rights because I can't imagine
anything more irremovable from me than my own life.

Actually, crypto is nearly that irremovable.  The history of crypto is
of spontaneous invention by human beings whenever they feel their
privacy threatened.

>					   I would like to see privacy as a
>right.  However, at what point do you draw the line?  When does privacy
>interfere with someone else's rights?

Not anywhere I can think of -- except: there's always my mother's favorite
one liner: "Officer, officer, arrest that man: he's whistling a dirty
song."  Along those lines, I took a massage class once and my boss at the
time was a good, faithful church-going repressed citizen who heard what I
was doing and apparently started fantasizing about the orgies we were
having in massage class, but of course he was too embarrassed to actually
ask me for details.  I suppose my privacy interfered with his right to
peace of mind.

>Freedom of speech has never been a right.  A lot of people think it is.  But
>go out on a street corner and try to incite a riot.  See what happens.  Or
>threaten someone.  Or commit treason.  Speech is not a right.

Ah...but private speech can not incite crowds to riot, by definition.
As long as it's private, it can't be "fire" in a crowded theater.
It can't be peddling porno.  It's private while all those other actions
are offensive because they're not private.

 - Carl Ellison                          cme at sw.stratus.com
 RIPEM MD5OfPublicKey: 39D9860686A9F075A9A83D49589C677A
 PGP 2.4 Key fingerprint =  E0 41 4C 79 B5 AF 36 75  02 17 BC 1A 57 38 64 78





From mnemonic at eff.org  Fri Feb 25 14:11:33 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Fri, 25 Feb 94 14:11:33 PST
Subject: Who makes de law de Law...
In-Reply-To: <9402252151.AA17822@media.mit.edu>
Message-ID: <199402252212.RAA02322@eff.org>


 
> Mike G has been arguing that the Supreme Court's assertion makes something
> the law of the land, as if it had been written into the Constitution (e.g.
> voting rights).

Let's be precise. What I'm saying is that what the Supreme Court says the
Constitution means is what's binding.
 
> EG: Blackmun has just come out asserting that he now categorically opposes
> the death penalty.
 
Which is irrelevant, since the Court hasn't changed its institutional
stance on the death penalty.

Sure, the Court changes its mind, but it doesn't do so very often.


--Mike







From mab at research.att.com  Fri Feb 25 14:13:01 1994
From: mab at research.att.com (Matt Blaze)
Date: Fri, 25 Feb 94 14:13:01 PST
Subject: Rivest's response to Denning Newsday Editorial
Message-ID: <9402252212.AA19235@big.l1135.att.com>


Forwarded with permission...

------- Forwarded Message

Return-Path: research!theory.lcs.mit.edu!rivest
Received: from big.l1135.att.com by codex.UUCP (4.1/4.7)
	id AA18940; Fri, 25 Feb 94 16:22:24 EST
Received: from research (research.research.att.com) by big.l1135.att.com (4.1/4.7)
	id AA18303; Fri, 25 Feb 94 16:22:22 EST
Posted-Date: Fri, 25 Feb 94 16:24:20 EST
Received: by ninet.research.att.com; Fri Feb 25 16:21 EST 1994
Received: from SWAN.LCS.MIT.EDU by theory.lcs.mit.edu (5.65c/TOC-1.2S) 
	id AA24342; Fri, 25 Feb 94 16:23:04 EST
From: rivest at theory.lcs.mit.edu (Ron Rivest)
Received: by swan.lcs.mit.edu (5.65c/TOC-1.2C) 
	id AA01277; Fri, 25 Feb 94 16:24:20 EST
Date: Fri, 25 Feb 94 16:24:20 EST
Message-Id: <199402252124.AA01277 at swan.lcs.mit.edu>
To: denning at cs.cosc.georgetown.edu
Cc: efbrick at cs.sandia.gov, hellman at isl.stanford.edu, Rivest at mc.lcs.mit.edu,
        silvio at theory.lcs.mit.edu, smb at research.att.com, mab at research.att.com,
        jim at rsa.com, diffie at eng.sun.com
Subject: Newsday Editorial


Hi Dorothy --

Thanks for sending me a copy of your editorial.  But I find the
reasoning you present misleading and unpersuasive.

First, you argue that the clipper chip will be a useful law
enforcement tool.  Given the small number of currently authorized
wiretaps per year (under 1000) and the ease of using alternative
encryption technology or superencryption, it seems plausible to me
that law enforcement could expect at most ten "successful" clipper
wiretaps per year.  This is a pretty marginal basis for claiming that
clipper will "block crime".

Second, you seem to believe that anything that will "block crime" must
therefore be a "good thing" and should therefore be adopted.  This is
not true, even if it is not subject to government abuse.  For example,
a system that could turn any telephone (even when on-hook) into an
authorized listening microphone might help law enforcement, but would
be unacceptable to almost all Americans.  As another example, tatooing
a person's social security number on his or her buttocks might help
law enforcement, but would also be objectionable.  Or, you could
require all citizens to wear a bracelet that could be remotely queried
(electronically, and only when authorized) to return the location of
that citizen.  There are all kinds of wonderfully stupid things one
could do with modern technology that could "help" law enforcement.
But merely being of assistance to law enforcement doesn't make a
proposal a good thing; many such ideas are objectionable and
unacceptable because of the unreasonably large cost/benefit ratio 
(real or psychological cost). The clipper proposal, in
my opinion, is of exactly this nature.

Third, you seem unnecessarily polly-annish about our government and the
potential for abuse.  The clipper proposal places all trust for its
management within the executive branch; a corrupt president could
direct that it be used for inappropriate purposes.  The unspecified
nature of many of the associated procedures leaves much room to
speculate that there are "holes" that could be exploited by government
officials to abuse the rights of American citizens.  Even if the
proposal were modified to split the trust among the various branches
of government, one might still reasonably worry about possible abuse.
Merely because you've met the current set of representatives of
various agencies, and feel you can trust them, doesn't mean that such
trust can be warranted in their successors.  One should build in
institutional checks and balances that overcome occasional moral
lapses in one or more office holders.

Fourth, your discussion of "searching your home and seizing your
papers" is misleading.  You seem to imply that because law enforcement
can be issued a warrant to search your home, that we should adopt
clipper.  Yet this analogy only makes sense if individuals were
required to deposit copies of their front door keys with the
government.  I can build any kind of house I wish (out of steel, for
example), and put any kind of locks on it, and wire up any kind of
intrusion detectors on it, etc.  The government, armed with a search
warrant, is not guaranteed an "easy entry" into my home at all.  The
appropriate analogical conclusion is that individuals should be able
to use any kind of encryption they want, and the government should be
allowed (when authorized, of course) to try and break their
encryption.

Finally, you argue (elsewhere, not in this editorial) that the decision
rests in part on "classified" information.  Such an argument only makes
sense if there is a specific law-enforcement situation that makes such
classified information timely and relevant.  (E.g., if there was a
current investigation as to whether the Department of the Treasury had
been infiltrated by organized crime.)  The use of "classified information"
is otherwise generally inappropriate in discussing communications policy
that will last over decades.  

This hardly covers all of the relevant issues, but it covers the
points that came immediately to mind in reading your editorial...

	Cheers,
	Ron

P.S. Feel free to pass along, quote, or otherwise re-distribute this...

- ------------------------------------------------------------------------------
Return-Path: <@axp1.acc.georgetown.edu:denning at cs.cosc.georgetown.edu>
Date: Wed, 23 Feb 1994 16:16:09 -0500 (EST)
From: Dorothy Denning <denning at cs.cosc.georgetown.edu>
Subject: Newsday Editorial
To: efbrick at cs.sandia.gov, hellman at isl.stanford.edu, Rivest at mc.lcs.mit.edu,
        silvio at theory.lcs.mit.edu, smb at research.att.com, mab at research.att.com
Cc: denning at guvax.acc.georgetown.edu
Content-Transfer-Encoding: 7BIT

 ======================================================================
|           Newsday, Tuesday, February 22, 1994, Viewpoints            |
 ======================================================================


                    The Clipper Chip Will Block Crime
                                    
                          By Dorothy E. Denning


   Hidden among the discussions of the information highway is a fierce
debate, with huge implications for everyone.  It centers on a tiny
computer chip called the Clipper, which uses sophisticated coding to
scramble electronic communications transmitted through the phone
system.

   The Clinton administration has adopted the chip, which would allow
law enforcement agencies with court warrants to read the Clipper codes
and eavesdrop on terrorists and criminals.  But opponents say that, if
this happens, the privacy of law-abiding individuals will be a risk.
They want people to be able to use their own scramblers, which the
government would not be able to decode.

   If the opponents get their way, however, all communications on the
information highway would be immune from lawful interception.  In a
world threatened by international organized crime, terrorism, and rogue
governments, this would be folly.  In testimony before Congress, Donald
Delaney, senior investigator with the New York State Police, warned
that if we adopted an encoding standard that did not permit lawful
intercepts, we would have havoc in the United States.

   Moreover, the Clipper coding offers safeguards against casual
government intrusion.  It requires that one of the two components of
a key embedded in the chip be kept with the Treasury Department and the
other component with the Commerce Department's National Institute of
Standards and Technology.  Any law enforcement official wanting to
wiretap would need to obtain not only a warrant but the separate
components from the two agencies.  This, plus the superstrong code and
key system would make it virtually impossible for anyone, even corrupt
government officials, to spy illegally.

   But would terrorists use Clipper?  The Justice Department has
ordered $8 million worth of Clipper scramblers in the hope that they
will become so widespread and convenient that everyone will use them.
Opponents say that terrorists will not be so foolish as to use
encryption to which the government holds the key but will scramble
their calls with their own code systems.  But then who would have
thought that the World Trade Center bombers would have been stupid
enough to return a truck that they had rented?

   Court-authorized interception of communications has been essential
for preventing and solving many serious and often violent crimes,
including terrorism, organized crime, drugs, kidnaping, and political
corruption.  The FBI alone has had many spectacular successes that
depended on wiretaps.  In a Chicago case code-named RUKBOM, they
prevented the El Rukn street gang, which was acting on behalf of the
Libyan government, from shooting down a commercial airliner using a
stolen military weapons system.

   To protect against abuse of electronic surveillance, federal
statutes impose stringent requirements on the approval and execution
of wiretaps.  Wiretaps are used judiciously (only 846 installed
wiretaps in 1992) and are targeted at major criminals.

   Now, the thought of the FBI wiretapping my communications appeals to
me about as much as its searching my home and seizing my papers.
But the Constitution does not give us absolute privacy from
court-ordered searches and seizures, and for good reason.  Lawlessness
would prevail.

   Encoding technologies, which offer privacy, are on a collision
course with a major crime-fighting tool: wiretapping.  Now the
Clipper chip shows that strong encoding can be made available in a way
that protects private communications but does not harm society if it
gets into the wrong hands.  Clipper is a good idea, and it needs
support from people who recognize the need for both privacy and
effective law enforcement on the information highway.

 ======================================================================
| Copyright Newsday.  All rights reserved.  This article can be freely |
| distributed on the net provided this note is kept intact, but it may |
| not be sold or used for profit without permission of Newsday.        |
 ======================================================================


------- End of Forwarded Message






From nobody at pmantis.berkeley.edu  Fri Feb 25 15:11:32 1994
From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu)
Date: Fri, 25 Feb 94 15:11:32 PST
Subject: lists of U.S. cypherpunks and Tentacles.
Message-ID: <9402252311.AA12647@pmantis.berkeley.edu>


> From: Tentacle at medusa.conspiracy.org
> 
> Fellow Tentacles,
> Does there exist lists of Tentacles and CypherPunks who
> are U.S. citizens with U.S. email addresses?
> 
> Such a list would be useful to code creating cypherpunks
> who wish to distribute code widely in the U.S., but who
> do not wish to become involved in the Crypto Exportation
> hassles.
> 

  Yeah, right.  And let's get the names and addresses of all the gun
owners in the US too...







From rishab at dxm.ernet.in  Fri Feb 25 15:14:30 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 25 Feb 94 15:14:30 PST
Subject: CPunk FAQ & TCMay's crimes
Message-ID: <gate.u8Bcic1w165w@dxm.ernet.in>



I went to soda the other day, 
  and found the cypherpunk FAQ. 
I thought there are more FAQs about cypherpunks 
  the FAQ at soda is 44 bytes.
It says "When is this going to be done" 
  (or something to that effect.)
I went back to soda today, 
  and found a new directory.
mailing_list contains two files
  one of which mentions the cpunks FAQ.
The FAQ is still 44 bytes.

I saw TC May's message some weeks old,
  > but his partners in crime^H^H^H^H^H
                             ~~~~~~~~~~
I don't know what mail software he used
  but it's obvious he was trying to 
delete the word 'crime'
 I guess that ^H was not the best way ;-)
 
No, this is not my poem, it's just
  a creative editor bug (feature?)
bursting with expression. Sorry.

Rishab





From hayden at krypton.mankato.msus.edu  Fri Feb 25 15:28:52 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Fri, 25 Feb 94 15:28:52 PST
Subject: lists of U.S. cypherpunks and Tentacles.
In-Reply-To: <9402252311.AA12647@pmantis.berkeley.edu>
Message-ID: <Pine.3.89.9402251706.A19794-0100000@krypton.mankato.msus.edu>


On Fri, 25 Feb 1994 nobody at pmantis.berkeley.edu wrote:

>   Yeah, right.  And let's get the names and addresses of all the gun
> owners in the US too...

Oh come now, Give Bill Clinton and Janet "Barbeque" Reno some time, they 
still have about 2 years to do that.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From cme at sw.stratus.com  Fri Feb 25 15:45:03 1994
From: cme at sw.stratus.com (Carl Ellison)
Date: Fri, 25 Feb 94 15:45:03 PST
Subject: not a repost
Message-ID: <199402252344.SAA00452@galt.sw.stratus.com>


On sci.crypt on Feb 23, I posted (from world.std.com) a description
of a variant on my favorite

	des|tran|des|tran|des

with the inner DES rotating through N different keys, one block each.
(This is no sweat, if you have S/W DES.)  The result is a *huge* amount of
key material to be derived by cryptanalysis.

I also posted the keyless tran.

I won't pad this list with a re-post.


 - Carl Ellison                          cme at sw.stratus.com
 RIPEM MD5OfPublicKey: 39D9860686A9F075A9A83D49589C677A
 PGP 2.4 Key fingerprint =  E0 41 4C 79 B5 AF 36 75  02 17 BC 1A 57 38 64 78





From peter.kretzman at mccaw.com  Fri Feb 25 16:03:03 1994
From: peter.kretzman at mccaw.com (Peter Kretzman)
Date: Fri, 25 Feb 94 16:03:03 PST
Subject: Use of PGP---statistics from the public key servers
Message-ID: <9402260002.AA04693@axys69.nwest.mccaw.com>


The following table shows the frequency breakdown, by key generation  
month, just over the past year, of the approx. 3300 public keys that  
are available on the public key servers (I used the one at  
<public-key-server at martigny.ai.mit.edu>).  Note that I've included  
revoked keys, but there are only 19 of these from the same time  
period.  


In other words, of the keys out there, 211 of them were generated in  
March of 1993, 216 in April, etc.  


I have no idea if these numbers correlate well to actual PGP use  
(these are, after all, just the people who are activist enough to  
post their key on the public key server, which also requires some  
degree of Internet connectivity).  If the numbers DO correlate to  
some degree, I thought it was interesting that they appear to show a  
recent decline in usage rather than a steady ramp-up.  Is the trend  
toward universal crypto slacking off?

        Keys
Month   Generated
------  ---------
 03/93  211  

 04/93  216 

 05/93  205  

 06/93  169 

 07/93  167 

 08/93  169 

 09/93  206  

 10/93  287 

 11/93  225 

 12/93  207 

 01/94  148
 02/94  118   (through 2/24/94)
 

---
Peter Kretzman
---> Note:  NeXT Mail welcome
---> Note: Public key available on request






From sameer at soda.berkeley.edu  Fri Feb 25 16:31:50 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Fri, 25 Feb 94 16:31:50 PST
Subject: Michael Clive Price? Please mail me
Message-ID: <m0paCu0-00010tC@infinity.hip.berkeley.edu>


-----BEGIN PGP SIGNED MESSAGE-----

	(Sorry about the wasted bandwidth)

	You mailed me but I inadvertently deleted it and lost your
address-- could you mail me again? Thanks.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLW6Xyni7eNFdXppdAQHauAP/eQRSsQvvDbbo8LcWc6wh9ogfy+jDnR/f
bP8Kq45pz8xP9yf5H3Sc5AWG9FufbGGcntnjbZkZQw5+afhMH0OlB0arHK6X3hTm
kyhof3a44vKX/ufqbOmDW+RJ0Nr1wKNORwO04DA+PIglb8n251Uq6eDZuTRStUEf
wzB44obCgLI=
=E/hJ
-----END PGP SIGNATURE-----




From mpd at netcom.com  Fri Feb 25 16:51:04 1994
From: mpd at netcom.com (Mike Duvos)
Date: Fri, 25 Feb 94 16:51:04 PST
Subject: Fun With Magic Money
Message-ID: <199402260051.QAA01413@mail.netcom.com>



                    Fun With Magic Money
                    --------------------

If anyone wants to play, I have placed DOS executable binaries of
the Magic Money client and server programs compiled under Borland
C++ 3.1 using the large memory model and 8086 mode in
/pub/mpd/mgmnyexe.zip on netcom.com.  I have included a BANK.ASC
file for my server's key.  The name of the bank is "Magic Money
Test", the currency is "Tacky Tokens", and is minted in
denominations of 1, 2, 5, 10, 20, 50, and 100 units.

I will batch all my mail with the subject "Bank" together at the
end of the day, download it, and run it through my server.  I
will send 100 complimentary Tacky Tokens to the first 10 people
who mail my server.

I will run stuff through the server for at least the next few
days by which time everyone will probably have set up their own
server and I will no longer be required. :)

I have played with the binaries a bit on my system and nothing
horrible has happened, but as is usual with foreign object code,
there is a small but finite possiblity that it could bomb your
system badly and eat your hard drive.  I would recommend that you
back up anything important before playing with this code and of
course no warranty is made, other than the usual one about taking
up space on the disk.


-- 
     Mike Duvos         $    PGP 2.3a Public Key available    $
     mpd at netcom.com     $    via Finger.                      $





From mg5n+eaibiubkxb58z84cy2iaf9r61u26ra5x26mc0h at andrew.cmu.edu  Fri Feb 25 17:32:09 1994
From: mg5n+eaibiubkxb58z84cy2iaf9r61u26ra5x26mc0h at andrew.cmu.edu (mg5n+eaibiubkxb58z84cy2iaf9r61u26ra5x26mc0h at andrew.cmu.edu)
Date: Fri, 25 Feb 94 17:32:09 PST
Subject: lists of U.S. cypherpunks and Tentacles.
Message-ID: <9402260131.AA08270@toad.com>


Tentacle at Medusa.Conspiracy.Org sez:
 
> Does there exist lists of Tentacles and CypherPunks who
> are U.S. citizens with U.S. email addresses?
>
> Such a list would be useful to code creating cypherpunks
> who wish to distribute code widely in the U.S., but who
> do not wish to become involved in the Crypto Exportation
> hassles.
> 
> If such a list does not exist, why not create one?

Please add me to your list. As you can see, I clearly have
a US-based email address. :)

-Ibiu





From w.sloan at genie.geis.com  Fri Feb 25 17:38:49 1994
From: w.sloan at genie.geis.com (w.sloan at genie.geis.com)
Date: Fri, 25 Feb 94 17:38:49 PST
Subject: Information
Message-ID: <9402260138.AA29071@relay2.geis.com>


I was wondering if I could get on your E-Mailing list.  I have an
interest in data encryption, especially if this clipper chip stuff
really happens.  If you could let me know if you all send newsletters
on a regular basis, if I could be included if it is not to much of a
problem.  Thanks.  My address is W.SLOAN at GENIE.GEIS.COM.





From cknight at crl.com  Fri Feb 25 17:38:49 1994
From: cknight at crl.com (Chris Knight)
Date: Fri, 25 Feb 94 17:38:49 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
In-Reply-To: <9402252058.AA04180@toad.com>
Message-ID: <Pine.3.87.9402251714.A5827-0100000@crl2.crl.com>




On Fri, 25 Feb 1994 gnu at toad.com wrote:

> There appears to be no FOIA exemption that would justify withholding
> the key escrow databases which Treasury and NIST are building.  (The
> keys are not tied to any individual, so individual privacy isn't a
> valid exemption.  The database isn't classified.  Etc.)  I have asked
> for a copy of each database, in toto.  Letters were sent yesterday.
> One is reproduced below; the other is identical except for the
> addressee and minor details.

Bravo!!!!

-ck






From adam at bwh.harvard.edu  Fri Feb 25 17:47:38 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Fri, 25 Feb 94 17:47:38 PST
Subject: Use of PGP---statistics from the public key servers
In-Reply-To: <9402260002.AA04693@axys69.nwest.mccaw.com>
Message-ID: <199402260147.UAA26294@duke.bwh.harvard.edu>


Peter Kretzman writes:


| I have no idea if these numbers correlate well to actual PGP use  
| (these are, after all, just the people who are activist enough to  
| post their key on the public key server, which also requires some  
| degree of Internet connectivity).  If the numbers DO correlate to  
| some degree, I thought it was interesting that they appear to show a  
| recent decline in usage rather than a steady ramp-up.  Is the trend  
| toward universal crypto slacking off?


	I doubt it.  It took me a while to get comfortable enough with
PGP that I bothered sending in my key.  I generated it in December,
mailed it to a server in February.  Mailing keys to servers is
convienent, but only if you're connected to a web of introducers.
Since I'm not, only one person has signed by key, and I his,
preperatory to some useful work with PGP.

	So there really isn't much point to my sending a key to a
keyserver, since, by and large, none of you know who I am.
Admittedly, I could sign all my (2) messages to the list, and start to
gain a reputation connected strongly to a key, but I don't think many
people care if my messages are from me, because I am (effectively)
annonymous.  None of you (with a few exceptions) know me, or who I am.
Whoever posts under my name could be me for all you care.

	If I was Mitch Kapor, then I might sign messages to ensure
clarity of identity.  Since the worst any message claiming to be from
me would do is make me look silly, I don't bother to sign them.

	When I use PGP to confirm an identity, I exchange keys & then
fingerprint over the phone.  Since I don't know any of you, I don't
have reason to get your keys, nor throw give mine to a server.

	So, I think that using the keyservers as a gauge of the
popularity of PGP is not a good idea.

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From fhalper at pilot.njin.net  Fri Feb 25 18:20:12 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Fri, 25 Feb 94 18:20:12 PST
Subject: Intelligent agents
Message-ID: <9402260219.AA19106@pilot.njin.net>


I just wanted to know if Intelligent agents(telescript from General Magic) 
will pertain at all to crypto.  Any feeling on the subject?
Reuben Halper





From pkm at maths.uq.oz.au  Fri Feb 25 18:54:51 1994
From: pkm at maths.uq.oz.au (Peter Murphy)
Date: Fri, 25 Feb 94 18:54:51 PST
Subject: An Australian Clipper!
Message-ID: <9402260252.AA28983@axiom.maths.uq.oz.au>


Thanks for your quick reply. I will try and interrogate the lecturer 
involved for any further info on the subject. I will get back to you on
Wednesday (Australian time), as the said lecture occurs on Tuesday.
Thanks, CCVARGA at delphi.com .

Peter Murphy.






From an64907 at anon.penet.fi  Fri Feb 25 19:03:32 1994
From: an64907 at anon.penet.fi (Oden)
Date: Fri, 25 Feb 94 19:03:32 PST
Subject: Clinton Uses E-Mail to Respond to Swedish Prime Minister Feb 18
Message-ID: <9402260238.AA27104@anon.penet.fi>



>    According to reports from the Associated Press, the White House said the
> computer messages, commonly called E-mail, started with a "Dear Bill"
> electronic letter from Swedish Prime Minister Carl Bildt. Clinton responded
> the next day with a "Dear Carl" E-Mail.

If someone else has a message for the Swedish Prime Minister:

admcb at hhs.se





-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From sebaygo at netcom.com  Fri Feb 25 19:25:29 1994
From: sebaygo at netcom.com (Allen Robinson)
Date: Fri, 25 Feb 94 19:25:29 PST
Subject: lists of U.S. cypherpunks and tentacles
Message-ID: <Pine.3.85.9402251906.A20980-0100000@netcom>



Tentacle at medusa.conspiracy.org wrote:

>> Does there exist lists of Tentacles and CypherPunks who
>> are U.S. citizens with U.S. email addresses?

To which julf at penet.fi replied:

> Uh...I, of course, am a bona fide citizen.  Was just about to
> announce my new server in Frankfurt, Arkansas.  But as I am
> having minor problems with my system, my e-mail address
> currently *appears* to be in Finland.  But rest assured all
> stuff automatically gets rerouted to AK, and doesn't go
> outside the states.

Since there is no Frankfurt, Arkansas, I'm sure you *meant*
Stuttgart, Arkansas.  Oh, and the two-letter postal code
abbreviation for Arkansas is AR, not AK (Alaska).  I don't
mean to nit-pick....just one good U.S. citizen helping another!

AR

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Allen Robinson           sebago at netcom.com        Fayetteville, AR, USA








From greg at ideath.goldenbear.com  Fri Feb 25 19:59:27 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Fri, 25 Feb 94 19:59:27 PST
Subject: Clipper Death Threat
Message-ID: <sJ6Bic1w165w@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

"LYLE, DAVID R." <uunet!pentagon-emh9.army.mil!lyled> writes:

> Good question... what exactly is a "right"?  To me, a right is something 
> that cannot be removed from any citizen.

Then there are no rights. Can you name any "right" that has not been
taken from some citizen, sometime, under some circumstances? The state
can and will do with us, our bodies, and our minds, as it pleases. Not
because it has permission, or because it's morally justified, but
because it is willing to use force. Citizens who are unable to match
the state with equal or greater force do not lose their claim to rights
which have been ignored or trampled.

I prefer to think of rights as "something that must not be removed from
any citizen"; but even with that definition, we should be careful. Do
we want to extend it to convicted criminals during the term of their
punishments? What about to persons accused of (but not convicted of)
crimes?

> I would like to see privacy as a right.

I would, as well. I think it's important to assert that it *is* a right;
perhaps not as well-defined in the Constitution as I'd like. The
government may choose to pretend we do not have a right to privacy, but
that doesn't change the fact that we have one.


-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLW7IA33YhjZY3fMNAQFK6AP/YlHWd73wqVD+GPtdj7PU5pC1ZdvYYRhl
zqLblWEi1f13qMh27+no+XgGIgX3r5Hdn9WuzD2i5X5E4txs6wNkVv8urZWeDPAB
U89yzvEnr+XsMpd0e9L4OuuBU8Ri/Vxk58c18bis2lurzbYujX/+HSbo5afdCxpl
qUD3U/op6QY=
=SdCe
-----END PGP SIGNATURE-----

--
Greg Broiles               ".. has bizarre Cyberanarchist theories relating
greg at goldenbear.com         to human punishment." -- L. Detweiler






From bugs at netsys.com  Fri Feb 25 20:16:08 1994
From: bugs at netsys.com (Mark Hittinger)
Date: Fri, 25 Feb 94 20:16:08 PST
Subject: inept spy
Message-ID: <199402260419.AA14150@netsys.com>



TC May writes:

>The moral: If you're planning to pass secrets to the Russians, learn
>some tradecraft! (I was amazed at the ineptness of Ames, a senior CIA
>guy, in leaving such a trail. And amazed at the ineptness of his
>superior at the Agency for not checking up on him (they flutter
> ..
>Don't _any_ of them read Ludlum?

I think we all need to pay close attention to this.  Perhaps he wanted to
get caught - perhaps the russians wanted us to find out - perhaps we are
not getting the whole story.  I know something funny is up with regards to
the "timing" of this thing coming out.





From cknight at crl.com  Fri Feb 25 21:20:13 1994
From: cknight at crl.com (Chris Knight)
Date: Fri, 25 Feb 94 21:20:13 PST
Subject: inept spy
In-Reply-To: <199402260419.AA14150@netsys.com>
Message-ID: <Pine.3.87.9402252148.A20376-0100000@crl2.crl.com>




On Fri, 25 Feb 1994, Mark Hittinger wrote:

> I think we all need to pay close attention to this.  Perhaps he wanted to
> get caught - perhaps the russians wanted us to find out - perhaps we are
> not getting the whole story.  I know something funny is up with regards to
> the "timing" of this thing coming out.

I have an amusing note to add to this.  I was talking to a co-worker this 
week about the clipper articles I had been forwarding him.  I told him 
that I thought we would soon have a media saturated incident concerning 
some form of criminal or terrorists.  

The criminal/terrorists would either 
a) get caught, and the feds will claim this couldn't have happened if their
   communications had been encrypted. 
b) a terrorist plot will succeed, and an after the fact investigation will
   show that the terrorists had been under surveilance, but the plot
   wasn't uncovered because of encryption.

Looks like it was A.  At least he doesn't think I'm a complete paranoid 
anymore.

-ck






From remailer at merde.dis.org  Fri Feb 25 23:15:35 1994
From: remailer at merde.dis.org (remailer bogus account)
Date: Fri, 25 Feb 94 23:15:35 PST
Subject: DH Exchange Code / Magic Money comments
Message-ID: <9402260715.AA18185@merde.dis.org>


-----BEGIN PGP SIGNED MESSAGE-----

DH Exchange announcement follows these comments on mpd's message.

                                                Pr0duct Cypher

mpd at netcom.com wrote:

>Earlier this morning I grabbed the latest version of Magic Money
>from csn.org and compiled it under the Borland C++ 3.1 IDE. Since
>the Borland C compiler is one of the more paranoid ones around, I
>thought I would briefly list the things I had to do in order to
>get zero warnings and zero errors.

>The sources I started with were MGMNY10E.ZIP and PGPTL10C.ZIP.

>After #defining MSDOS you will find that it is a good idea to
>#include <stdlib.h> in almost every module.  This prototypes
>quite a few of the commonly used functions which would otherwise
>cause the compiler to complain.  A few modules will require
><mem.h>, <string.h>, and <time.h> since they call functions in
>these modules which are not in <stdio.h> or <stdlib.h>.

Have they changed the .h files? My compiler isn't missing any functions
when I compile it.

>The C library function "randomize" is defined in <stdlib.h>. This
>conflicts with the Magic Money function of the same name which
>initializes the MD5 based RNG used to generate coin ids. I
>changed the name of the Magic Money one to "random_init".

Blaaah. I didn't have stdlib compiled into that module, so I didn't
notice this one.

>There is no prototype for pgp_randombyte.  Since this function
>returns "byte", not "int", this could be painful on any compiler
>which treats these types of function returns differently.

There is a prototype for it in pgptools.h

>Complete prototypes for (*output) and (*lookup) need to be
>provided in the function header of pgp_check_sigs and also for a
>different function pointer (*output) used in PGPKGEN.

Is this bad? I thought a function pointer didn't really care, as long
as you called it correctly.

>The Borland compiler always warns on "if (a=b)" because it
>assumes the user mistyped "if (a==b)".  To get rid of the
>warning, you have to say "if (0!=(a=b)) which is optomized out by
>the compiler.  This occurs in a number of places, including the
>macro for multiplication mod 65537 in idea.c.

I know, mine complains about that too, but it's a common programming
technique and there is nothing wrong with it. I've been ignoring that
particular warning.

>There is a reference to an undefined pgp_pubkey in fifo.c which
>goes away if you #include "pgptools.h".  You then also have to
>toss in "mpilib.h" and "md5.h" to make "pgptools.h" happy.

Yes, when fifo.c includes pgpmem.h, it notices that in one of the
prototypes in that function. But the only function fifo calls within
pgpmem is safemalloc, so it doesn't matter. I didn't want every file
to include every other file, although it has been hard to avoid.

>It appears that mpilib.c has been persuaded to compile the UPTON
>modmult instead of the SMITH modmult.  Unfortunately, there are a
>few modules which fail to #include the definition of UPTON and
>still call stage_smith_modulus and smith_modmult.  Sticking in a
>#define to UPTON at the top of "mpilib.h" fixes this.

MPILIB has not been altered. It is the same as in PGP. PLATFORM appears
to set the appropriate modmult, but I usually define UPTON because SMITH
has given me some problems in the past.

>The conditional code which allows prior definition of external
>versions of mp_setp, mp_addc, mp_subb, mp_smul, and mp_rotl
>written in assembly language for some strange reason causes the
>compiler to generate externals to _P_SETP, _P_ADDC, _P_SUBB,
>_P_SMUL, and _P_ROTL instead of _mp_setp, _mp_addc, _mp_subb,
>_mp_smul, and _mp_rotl in modules which reference these routines.
>It does not seem to have this effect in mpilib.c where these
>routines are defined.  Deleting the corresponding #ifdefs cures
>this.

This I hadn't noticed. You have to define NO_ASM or compile in 8086.asm.
Also define MSDOS and SMALL_MEM and DYN_ALLOC for an MSDOS machine. Take
a look at the PGP 2.3a project file.

>The compiler correctly points out that pgp_extract_rsa never uses
>the variable "pk" passed to it.  At the cost of a few machine
>cycles, you can silence the compiler by putting "pk=pk" as the
>first executable statement in this function.

True. I noticed this after writing the prototype. The public key might
be useful in the future if the modexp is changed, so I left it in.

>The function pgp_randombyte hashes a variable "time" without
>first initializing its value.  It might be nice to change "time"
>to "timestamp" and do a "time(&timestamp) unless it was the
>authors intention to utilize uninitialized memory.  

I screwed up here. I meant to include the time in the hash and forgot
to put in the call to time. I just sent an update to csn.org to fix this
one, because it could reduce the entropy of the randomizer. Time was
already factored into the initialize, so it wasn't a killer, but it
badly needed fixing. Thanks for finding it.

>If the server is executed more than one time within a second, it 
>can generate indentical random values.  This could be a problem when
>batch-processing mail. Including a fast timer register in the MD5
>hash in addition to the time of day in seconds would likely
>eliminate this risk.

What are you running, a Cray? My machine takes quite a few seconds to run the
server. How do you include this fast timer register? Not all machines have 
it, so doing so would be very machine dependent. You could put in ifdefs 
for the PC. I think PGP has this.

>The program uses "safemalloc" and "mm_safeopen" to access memory
>and files, but does a very large number of "fread" and "fwrite"
>calls without checking to see if they completed successfully.  A
>"safefread" and "safefwrite" might be a good idea so the server
>does not continue happily on as the hash file fills up the disk.

Yeah, I know, and so does fifo.c in PGP Tools. I hate error checking.
If I put in safe read and write calls, what do I do if they fail? You
could do this easily with some defines, if you have the error recovery
code in mind.

Thanks for pointing out that bug, and especially for setting up a Magic
Money server.

- -----------------------------------------------------------------------

Diffie-Hellman Exchange addition to PGP Tools
Should appear on csn.org as dhex10a.zip

There has been quite a bit of interest in online crypto applications, such
as secure phones, BBSes, and TELNET connections. For these applications,
Diffie-Hellman exchange has a major advantage over RSA: there is no private
key to steal.

If RSA is used for key exchange, an attacker could record the encrypted
sessions, and then acquire your private key after the fact and decrypt
them. With Diffie-Hellman, the secret information is gone as soon as the
session is over. Using DH is equivalent to using a disposable one-time RSA
key for each session, but much faster.

This is a DH add-on for PGP Tools. There is a new PGPKGEN which exports the
prime-finding functions, the main files DHEX.C and DHEX.H, and a demo.

To use DH, we need a modulus n and a generator g. Unlike an RSA modulus,
which is a product of two primes, a DH modulus must be prime. (n-1)/2 must
also be prime. This makes the moduli slightly painful to find, but they can
be reused indefinitely. DHEX tests a modulus by first testing both n and
(n-1)/2 with fastsieve. Only if both pass is slowtest used. It still took
me a whole day to find the 1024-bit modulus in the demo. There is also a
512-bit modulus there.

To find the generator, we need the factors of n-1. They are 2 and (n-1)/2.
For each factor f, we compute ((g^((n-1)/f)) mod n). If this is 1 for
either factor, the number is NOT a generator. Generators are easy to find,
usually in one to three tries.

The modulus and generator can be saved and reused. Now Alice and Bob each
call precomp. This generates a private piece x and computes X=g^x mod n.
Big-X is the public piece. Alice and Bob exchange public pieces, then each
compute k=Y^x mod n where Y is the other person's public piece and x is
your own private piece. K will be the shared secret. We take the MD5 of
this number to get an IDEA key, which will be the same on both sides. No
eavesdropper can get this number. The public and private pieces are
disposed of - they are only used once.

This is vulnerable to a man-in-the-middle attack, where an attacker carries
out a separate DH exchange with each party and then sits in the middle,
decrypting with one session key and encrypting with the other. A digital
signature will prevent this, if Alice and Bob have each others' public
keys. One approach is for both parties to sign their public pieces before
exchanging them. Another is to do the DH, go secure, and then each party
signs the session key and sends the signature to the other. If there is a
man in the middle, the session keys will be different. I prefer the second
method because a passive eavesdropper does not find out who is
communicating with whom. You can do this with the pgp signature functions
in PGP Tools.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLW7drcGoFIWXVYodAQHKRwQAj4zOGBqNeT6w6VeHRn6QMk5sAmYAep9M
MpiVYTEdcSTzW7C2TP9RF/f1cqIpPy4pBK5ATRmGCnaDe12FxM4iIZVMVcprS7Ao
XaL52RR/0d0Tctt6YhQBMaODaosPm0Nbd+R3ztRRpugCU37lAFTWLHTuDAVlNqzl
yX/8iTSbyGo=
=gZ8U
-----END PGP SIGNATURE-----





From jdblair at nextsrv.cas.muohio.EDU  Fri Feb 25 23:26:50 1994
From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU)
Date: Fri, 25 Feb 94 23:26:50 PST
Subject: Clipper Death Threat
In-Reply-To: <sJ6Bic1w165w@ideath.goldenbear.com>
Message-ID: <9402260725.AA25552@ nextsrv.cas.muohio.EDU >


Something which comes up frequently on this list, and in other forums, is
the term "the government."

At which point does "the government" cease to be a collection of
individuals, and become the faceless entity we call _the government_.  Are
the individuals in the government simply operating on the same utiltarian,
anarchists maxims that are preached time and time again: if I don't get X
out of transaction Y, then I won't do it?  Would a Cyperpunk, operating
on the extreme individualism proclaimed on this discussion list do any
different than a tyrant?

(I protect myself and my position, at the expense of others or not.)

-john.





From greg at ideath.goldenbear.com  Fri Feb 25 23:45:37 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Fri, 25 Feb 94 23:45:37 PST
Subject: inept spy
Message-ID: <csBcic1w165w@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

Chris Knight <uunet!crl.com!cknight> writes:

> I have an amusing note to add to this.  I was talking to a co-worker this 
> week about the clipper articles I had been forwarding him.  I told him 
> that I thought we would soon have a media saturated incident concerning 
> some form of criminal or terrorists.  
> 
> The criminal/terrorists would either 
> a) get caught, and the feds will claim this couldn't have happened if their
>    communications had been encrypted. 
> b) a terrorist plot will succeed, and an after the fact investigation will
>    show that the terrorists had been under surveilance, but the plot
>    wasn't uncovered because of encryption.

I'm not sure this incident helps the pro-Clipper folks; after all, it
demonstrates how difficult it can be to keep any information truly
secret, particularly where others value it highly. Yesterday's local paper
said that perhaps 10 people died because Ames revealed them as agents;
will the government protect the key escrow data more carefully than it
protected the identities of those agents? How many more "secrets" are
known by others .. how sure are we that some of "us" aren't really
"them" instead ..?


-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLW7l333YhjZY3fMNAQFC4gP9EQv19g0qn13VE3sHVqwEt622Sqn9ChPv
gB2EjTGZtVM+3R0qCW0b6JlwWSHM5YTHNlqhsqJrcVXUCrWTuE427l/pYhfXt3Py
+DEJXviyTfc6j5vSMESEZT5Rr9zvZG4E7Sv+t+lc9TEoOfj5jxPDbHtuwrk2et9I
gYTk3pDKBoI=
=vs28
-----END PGP SIGNATURE-----

--
Greg Broiles               ".. has bizarre Cyberanarchist theories relating
greg at goldenbear.com         to human punishment." -- L. Detweiler






From drzaphod at brewmeister.xstablu.com  Fri Feb 25 23:50:21 1994
From: drzaphod at brewmeister.xstablu.com (DrZaphod)
Date: Fri, 25 Feb 94 23:50:21 PST
Subject: Tacky Tokens
Message-ID: <m0paJkB-0003DeC@brewmeister.xstablu.com>


Welp.  I am now the proud new owner of 0 tacky tokens.  I guess I
wasn't in the first ten to reply.  So I know there are more of you
out there.  Here's the deal:

SALE SALE SALE.  Everything must go!  CLEARANCE CLEARANCE.

For anybody with 5 extra Tacky Tokens in their pocket, you can
own this wonderful, custom GIF by DrZaphod.  It's a 320x200x256
picture that will jump out at you: HIGH QUALITY ART.  Remember.. that's
only FIVE Tacky Tokens for this CLASSIC GIF!  Use it as your X background,
your Windows backround.. or even print and wallpaper your room with it!

Please PGP me a msg including: Your email address or remailer info.
                               Your 5 Tacky Tokens
                               eSASE if required
                               Your PGP Public Key
                                
Mail all requests to: DrZaphod <drzaphod at brewmeister.xstablu.com>
once again, that's: drzaphod at brewmeister.xstablu.com

Be sure an encrypt your msg with the following key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.2

mQCNAirPdYEAAAEEAMoyYy8lL84DlFK4IRmYBwfSFY8IwWia0J3cKPHKyQVligPK
gUnfh+Ky6wN6eXAeZsbEjM6VMXY21mMaRec3IbzXok2UKQHyFNUnL74J4iH1+hGw
0hO89bcDwFeFXvaFqcNTQRF0GJOSSIEiz970fqUOo+esZzKeazP+2tnMgvmhAAUR
tCFEclphcGhvZCA8ZHJ6YXBob2RAbmNzZWx4c2kudXVjcD4=
=NLcb
-----END PGP PUBLIC KEY BLOCK-----

don't forget: drzaphod at brewmeister.xstablu.com

All merchandise sent via armored PGP msg!  Write NOW!

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From julf at penet.fi  Sat Feb 26 00:23:12 1994
From: julf at penet.fi (Johan Helsingius)
Date: Sat, 26 Feb 94 00:23:12 PST
Subject: lists of U.S. cypherpunks and tentacles
In-Reply-To: <Pine.3.85.9402251906.A20980-0100000@netcom>
Message-ID: <199402260822.AA11522@lassie.eunet.fi>



> Since there is no Frankfurt, Arkansas, I'm sure you *meant*
> Stuttgart, Arkansas.

No. I meant Frankfurt. But you are partly right, as I wanted a 
non-existent place, and as I thought about weird places I had
visisited, Stuttgart, AR came to mind. But it had to be a fictionary
place, so I changed it to Frankfurt. Of course, there probably *is*
a Frankfurt somewhere in Arkansas ;-)

> Oh, and the two-letter postal code
> abbreviation for Arkansas is AR, not AK (Alaska).

Ahh. So it is! Thanks!

And for those who are thinking "what the hell does this have to do
with cypherpunks?" - There you see! Steganography *does* work!
Look, ma! No dinosaurs!

	Julf






From mpd at netcom.com  Sat Feb 26 01:06:15 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sat, 26 Feb 94 01:06:15 PST
Subject: Magic Money Comments
Message-ID: <199402260907.BAA26825@mail.netcom.com>


Pr0duct Cypher at remailer at merde.dis.org wrote:

>> There is no prototype for pgp_randombyte.

> There is a prototype for it in pgptools.h

Yes, but it needs to say "byte pgp_randombyte(void);" instead of
just "byte pgp_randombyte();".

>> Complete prototypes for (*output) and (*lookup) need to be
>> provided in the function header of pgp_check_sigs and also for a
>> different function pointer (*output) used in PGPKGEN.

> Is this bad? I thought a function pointer didn't really
> care, as long as you called it correctly.

No - it is fine.  This is simply a list of what it takes to
eliminate all warnings from Borland.  It is certainly ok not
to do this.  Even PGP generates quite a few warnings while
compiling.

> MPILIB has not been altered. It is the same as in PGP.
> PLATFORM appears to set the appropriate modmult, but I
> usually define UPTON because SMITH has given me some
> problems in the past.

Yes - I didn't notice all the various knobs and dials in
PLATFORM.H until after I wrote that message.  I needed to
define a few more things.

> What are you running, a Cray? My machine takes quite a few
> seconds to run the server.

I am running on a 33 mhz 486.  While MPILIB does indeed take
seconds to perform the required arithmetic, it builds its
operations from an O(N^2) multiply algorithm.  A "fast"
algorithm would speed things up considerably.

> I hate error checking. If I put in safe read and write
> calls, what do I do if they fail?

Just exiting with an error message would be fine.

> Thanks for pointing out that bug, and especially for
> setting up a Magic Money server.

You are welcome.  I'm not sure I have actually set up a
server aside from the purpose of exercising the code for a
few days.  Hopefully others will grab the executables and do
something a bit more permanent.

-- 
     Mike Duvos         $    PGP 2.3a Public Key available    $
     mpd at netcom.com     $    via Finger.                      $





From matsb at sos.sll.se  Sat Feb 26 02:16:07 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Sat, 26 Feb 94 02:16:07 PST
Subject: inept spy
In-Reply-To: <Pine.3.87.9402252148.A20376-0100000@crl2.crl.com>
Message-ID: <Pine.3.85.9402261045.A23089-0100000@cor.sos.sll.se>




On Fri, 25 Feb 1994, Chris Knight wrote:

> The criminal/terrorists would either 
> a) get caught, and the feds will claim this couldn't have happened if their
> communications had been encrypted.

Has anyone from the spook world really suggested that the Ames case has 
any relevance to Clipper?? A CIA agent using external non standard 
encryption for his private communications would be like a courteous 
confession.

Mats B









From cknight at crl.com  Sat Feb 26 02:25:18 1994
From: cknight at crl.com (Chris Knight)
Date: Sat, 26 Feb 94 02:25:18 PST
Subject: inept spy
In-Reply-To: <Pine.3.85.9402261045.A23089-0100000@cor.sos.sll.se>
Message-ID: <Pine.3.87.9402260209.A12918-0100000@crl.crl.com>




On Sat, 26 Feb 1994, Mats Bergstrom wrote:

> Has anyone from the spook world really suggested that the Ames case has 
> any relevance to Clipper?? A CIA agent using external non standard 
> encryption for his private communications would be like a courteous 
> confession.
> 
> Mats B

The link hasn't been made yet, though it would seem a logical prograssion 
from our misleading leaders.

-ck






From rishab at dxm.ernet.in  Sat Feb 26 06:14:43 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Sat, 26 Feb 94 06:14:43 PST
Subject: Cypherpunk FAQ and Gopher
Message-ID: <gate.wiRDic1w165w@dxm.ernet.in>


klbarrus at owlnet.rice.edu writes (in private mail):

> Try gophering to chaos.bsu.edu and looking around for an abbreviated
> [Cypherpunks] FAQ Matt Ghio wrote.

Thanks Karl, but after picking up the FAQ I saw all sorts of interesting things
on Digital Cash etc. Now Gopher is about the most painful method of getting
info if you know what you want, and I can't even run it in the background.

I've picked up most of the *text* files from soda.berkeley.edu//pub/cypherpunks,
and it would definetely be more convenient for people like me, who prefer to 
download everything onto gig drives and browse through them at leisure, if
chaos.bsu.edu info was available at an FTP site... At least the DC stuff is
NOT at soda.

WWW is a decent method of accessing info, and I'm making htmls of all the
docs I've picked up. If someone makes chaos' docs available through FTP, I'd
be happy to include and release a WWW 'Guide to C*punks'.

-----------------------------------------------------------------------
Rishab Aiyer Ghosh                            "What is civilisation
rishab at doe.ernet.in, rishab at dxm.ernet.in        but a ribonucleic
Voicemail +91 11 3760335; Vox/Fax/Data 6853410      hangover?"
H-34C Saket New Delhi 110017 INDIA
-----------------------------------------------------------------------





From hughes at ah.com  Sat Feb 26 07:25:08 1994
From: hughes at ah.com (Eric Hughes)
Date: Sat, 26 Feb 94 07:25:08 PST
Subject: DH Exchange Code / Magic Money comments
In-Reply-To: <9402260715.AA18185@merde.dis.org>
Message-ID: <9402261516.AA00865@ah.com>


>To use DH, we need a modulus n and a generator g. Unlike an RSA modulus,
>which is a product of two primes, a DH modulus must be prime. (n-1)/2 must
>also be prime. 

I know I recommended this characteristic for the modulus (and I got it
from Burt Kaliski).  Nevertheless, (n-1)/2 doesn't _have_ to be prime,
it's just much easier to prove that your generator actually is a
generator.  In fact, half the elements in such a ring are
multiplicative generators.  The algorithm to find moduli is simple,
even if it does take a long time.

There are faster ways of looking for moduli. One method is to take a
candidate prime and try to factor n-1, if you can.  (If you can't,
give up and go on.)  If you get a few small factors and one large
probable prime factor, then you can still look for known generators.
The candidate must first be relatively prime to the modulus.  Then one
checks that the candidate raised to each of the factors is not 1.
There are fewer generators in such moduli, but the moduli are easier
to find.

The security of the modulus to a precomputation attack is equal to the
size of its largest prime factor, so while the second method is
ever-so-slightly less secure with the same modulus size, the effective
security can be made the same by increasing the modulus size of the
second method.

>This makes the moduli slightly painful to find, but they can
>be reused indefinitely. 

Be careful about saying "indefinite".  It's not true in the long run,
so far as we can tell now.  As computational power increases, so also
do the lengths required to prevent attacks.

Remember, that every crypto system has a sunset after which there will
be enough computation available to read past traffic, if recorded.  No
cryptosystem is good forever.  One always needs to figure out just how
long one wants one ciphertext to be secure.

Or is that a sunrise? ...

(I pass over arguments about physical limitations of computation, not
because I think they are wrong, but because I'm not convinced that we
know enough to know we're asking the right questions.  Plus these
arguments do not yield key sizes that are yet practical to implement.)

And lastly, you can trust a thousand-bit modulus p where (p-1)/2 is
also prime.  Go ahead and use it.

Eric





From norm at netcom.com  Sat Feb 26 09:56:09 1994
From: norm at netcom.com (Norman Hardy)
Date: Sat, 26 Feb 94 09:56:09 PST
Subject: Infomercial
Message-ID: <199402261756.JAA28881@mail.netcom.com>


>Most people couldn't care less.  They don't encrypt data, and will
>never use a clipperphone.  The FBI can *already* listen to all their
>phone calls and see all their medical records.  Why should people
>do anything to protect something they don't have anyway?

I don't encrypt my stuff but I gain much peace of mind when I know that I
could. This suggests that I should encrypt in order to maintain that right.







From banisar at washofc.cpsr.org  Sat Feb 26 09:59:01 1994
From: banisar at washofc.cpsr.org (Dave Banisar)
Date: Sat, 26 Feb 94 09:59:01 PST
Subject: Clipper and the EU
Message-ID: <00541.2845108734.4007@washofc.cpsr.org>


  Clipper and the EU
                                The Independent (UK)

                                February 25, 1994
                                             Page 16 


 Super-spooks seek to extend domain to data networks; US agency wants
ability to spy on new superhighways. 

by  Leonard Doyle

    In Roman times conquered peoples and slaves were forced to carry
tesserae or
identity chits and any Gaul or slave who refused to accept one was branded
or
maimed instead. Soon all users of computer networks may be singled out for
the
tessera treatment if the National Security Agency, America's super secret
military intelligence agency, has its way.

    The NSA, with a budget of $ 30bn ( pounds 20.5bn) a year, is responsible
for
intercepting foreign government communications and breaking the codes that
protect such transmissions. America's most exclusive spooks are worried that
advances in encryption technology are about to rob them of their ability to
conduct surveillance on a global scale.

    After nearly 50 years of electronic eavesdropping, the NSA is finding
that
some widely available codes are impossible to crack. The worry is that
hostile
governments, drug barons, terrorists and money launderers will have a field
day
using networks or information highways built and maintained by the US or,
for
that matter, the European Union.

    But here is the rub. Anyone who wants to use government-funded
information
highways in future may be forced to use the lacklustre encryption technology
provided by the intelligence agencies, complete with a backdoor access for
official eavesdropping.

    Simon Davies, of Privacy International, a consultancy, has no doubt this
will happen. ''A Wild West frontier - self-regulated by ethics and culture -
has
evolved in the computer communications business and now that the stakes are
getting higher, government is trying to muscle in.''

    It is widely predicted that by the end of the century about 50 per cent
of
world trade will be in services and that much of this will be carried out
via
computer- linked databases communicating across continents at the speed of
light. It is this lucrative trade which the NSA intends to protect and
oversee.
The Internet system has already been identified by the Clinton
Administration as
the basis of a new information superhighway. If that should happen,
organisations such as Computer Professionals for Social Responsibility and
the
Electronic Freedom Foundation fear that future access to the networks could
be
restricted to users of an encryption product developed by the NSA - which
ironically enough is called Tessera.
           
    The fear is that the freewheeling, anonymous access that hundreds of
thousands of individual network users enjoy at the electronic frontier may
end.
To the outrage of users in the US and elsewhere, the Administration recently
backed the NSA's plans to ensure that the agency will always be able to
intercept and decode messages sent over computer and telephone lines. The
privacy concerns are by no means confined to US computer users. Anyone who
has
every logged onto a bulletin board or computer service like Compuserve or
Internet could be affected.

    The Administration has played up the law and order side of the debate,
arguing that advanced encryption will be used by criminals and terrorists.
Al
Gore, the Vice- president, announcing the new policy at the beginning of
February, said: ''Our policy is designed to provide better encryption to
individuals and businesses, while ensuring that the needs of law enforcement
and
national security are met.''

    However many leading experts in cryptography, computer security and
privacy
in the US do not agree and said so in a letter to President Clinton last
month
asking him to withdraw the NSA's proposal. That appeal failed to avert the
decision to back the Tessera and since then a petition organised by Computer
Professionals for Social Responsibility has been signed by more than 1
million
people who have sent their complaints by electronic mail to the President.

    There is no parallel debate taking place in the European Union, but the
intelligence agencies here are just as busy trying to ensure that the
information highways of the future can be monitored. Jacques Delors,
president
of the EU Commission, sees data highways as being key to future
competitivity
and job creation. Before long individuals will be able to hook up to the
highway
for all sorts of transactions, from renting a movie to view at home to
swiping a
smartcard through a reader at the doctor's surgery to bring up an entire
medical
history.

    The real business will of course be conducted by service companies, from
banks to insurers to market traders. For these companies privacy and
security
are of growing concern, to which the NSA has responded with its relatively
cheap
encryption devices. But Tessera, which fits into the back of a computer,
will
also identify the user and has a special built-in ''trapdoor'' that will
allow
the NSA to eavesdrop on E-mail and other messages.

    Another cryptographic device known as the  Clipper Chip  can be used to
scramble telephone and fax communications while giving the security services
the
same ability to eavesdrop with the help of a special electronic key, held in
''escrow'' by the government agencies. Government agents will be able to
obtain
the ''keys'' upon presentation of what has been vaguely as ''legal
authorisation''.

    These ''keys'' will be held by two ''escrow agents'' and would enable
the
government to access the private voice transmissions. A similar device known
as
Capstone would be used for data sent via computer modem. The Administration
hopes its encryption devices will at some stage have to be universally used
by
US industry.

    However, the outpouring of vehement objections from the computer
industry,
telephone companies and privacy groups in the US may have shaken the
Administration and some computer professionals say that the NSA's encryption
technology has no chance of being accepted in the market place.

    Sharron Webb of the National Computer Security Organisation is one of
those
leading the fight against the spy agency's encroachment into the world of
computer communications. ''If the US government has a hand in setting up the
information superhighways here, they may require users to use Tessera to
participate, it is then only a matter of time before foreign users are
brought
on board as well.''

    Already the signs are that big business will knuckle under in the face
of
fierce pressure from the US Administration. The largest American telephone
company, AT&T, has agreed to buy the NSA's technology and to include it in
scrambling devices which sell for about $ 1,000 ( pounds 680) each. Other
companies are expected to follow suit, especially if they wish to maintain
their
lucrative contracts with the federal government.

    What remains unclear is how the EU and individual European governments
intend to react to the US moves. So far the US is looking only to American
companies and their overseas subsidiaries to use the new encryption
technology.
But sooner or later decisions will have to be made that affect European
users.
The smart money is on the EU adopting the Tessara philosophy, but with
different
electronic keys for each country's eavesdropping agencies.







From radatti at cyber.com  Sat Feb 26 10:15:27 1994
From: radatti at cyber.com (Pete Radatti)
Date: Sat, 26 Feb 94 10:15:27 PST
Subject: DES VS SKIPJACK
Message-ID: <9402261830.AA11178@cyber.com>


I found part of a paper on DES VS Skipjack using gopher but could not
find the remainder.  Does anyone know where I can ftp this document 
from or have any other information about this subject.

PS:  Skipjack in the form of Clipper is expected to become a FIPS.
     DES was given a 5 year extention of it's FIPS status then it
     dies leaving only....

Pete Radatti
radatti at cyber.com





From hayden at krypton.mankato.msus.edu  Sat Feb 26 10:22:20 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Sat, 26 Feb 94 10:22:20 PST
Subject: Clipper and Amendment 4
Message-ID: <Pine.3.89.9402261203.A28983-0100000@krypton.mankato.msus.edu>


IV
The right of the people to be secure in their persons, houses, papers,
and effects, against unreasonable searches and seizures, shall not be 
violated, and no Warrants shall issue, but upon probable cause, supported 
by oath or affirmation, and particularly describing the place to be searched,
and the persons or things to be seized.
-------

Is it just me, or is the government ignoring the word 'secure' in the 
above statement?



____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From frissell at panix.com  Sat Feb 26 11:00:17 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 26 Feb 94 11:00:17 PST
Subject: I have FOIA`d the Clipper
Message-ID: <199402261859.AA04437@panix.com>


G >There appears to be no FOIA exemption that would justify withholding
G >the key escrow databases which Treasury and NIST are building.  (The
G >keys are not tied to any individual, so individual privacy isn't a
G >valid exemption.  The database isn't classified.  Etc.) I have asked
G >for a copy of each database, in toto.  

What a great move.  And I always considered FOIA requests a waste of time. 
 This will at least *really* amuse the recipients.

This raises a further thought though.  Since it is easier to FOIA federal 
records that pertain to oneself, couldn't anyone who acquires a piece of 
"Clipped" telecoms equipment file a request for his *own* keys.  I guess 
you can capture the LEEF/LEAF in encrypted form and submit a printout of 
it with your letter.

Maybe we could set up a server to help encourage people to 
generate FOIA requests.

DCF


--- WinQwk 2.0b#1165        





From ravage at wixer.bga.com  Sat Feb 26 11:38:12 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Sat, 26 Feb 94 11:38:12 PST
Subject: Civil Rights
Message-ID: <9402261925.AA19177@wixer>


Seems to me that a 'right' as is being discussed should be 'Civil Right'.
When used in this context I believe a suitable definition would be the
following:

Civil Right

A characteristic granted to a citizen of a country which is beyond the normal
law making ability of that countries governing body. In effect it grants a
citizen the ability to make decisions and act on them without regulation or
permission being required by the government. It in effect says that there are
certain facets of an individual which are outside the normal operations of a
government and can not be regulated or otherwise controlled through
legistlative means.







From ravage at wixer.bga.com  Sat Feb 26 11:38:23 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Sat, 26 Feb 94 11:38:23 PST
Subject: FOIA's and you...
Message-ID: <9402261929.AA19287@wixer>


One facet of using the FOIA legislation is that such requests will GUARANTEE
that a file is started on you even if one did not previously exist. If yo
you make FOIA requests then it behooves you to include in them at some point
(I suggest at least annualy) to make a FOIA of your own records. The reason
is that if there is a security question you will at least get a form letter
refusing to release the information which should act as a warning bell.

Just thought I would mention it since nobody else has made reference to it.






From ravage at wixer.bga.com  Sat Feb 26 11:48:35 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Sat, 26 Feb 94 11:48:35 PST
Subject: RoboFest 5
Message-ID: <9402261936.AA19610@wixer>


I am including this notice to cpunks since my group (ssz.com) will be there
and among other things we will be doing crypto related presentations. We are
also looking at getting some form of virtual-community going w/ 2600 and
Ripco. If any of the cpunk related sites would like to get involved then
please contact me or the Robot Group.

RoboFest 5
March 26, 27  1994
Austin City Coliseum
Austin, TX

Robot Group:

voice: 512-794-9105
email: robot-group at cs.utexas.edu

ssz.com:

voice: 512-458-5818
       512-832-4849
modem: 512-458-6084
  fax: 512-832-4848
email: ravage at bga.com

Note: my email address will soon also include ravage at ssz.com as well.

Note: ask for 'Jim' if you contact ssz.com or CyberTects.

We will have a T1 link available and you should also be able to use the T1
that is Ripco's feed as well. If all goes well you should also be able to use
my modem number assuming bga.com gets my SLIP feeds straightened out (not
there fault, GE is dragging and Ma Bell is ladding insalling the new lines).

If you don't have any interest in this event or feel it is irrelevant please
don't waste bandwidth, your time, or my time by replying. Please ignore it
and don't respond in any manner.






From jim at Tadpole.COM  Sat Feb 26 11:59:07 1994
From: jim at Tadpole.COM (Jim Thompson)
Date: Sat, 26 Feb 94 11:59:07 PST
Subject: RoboFest 5
Message-ID: <9402261959.AA01779@chiba.tadpole.com>



The T1 line isn't absolutely 'there' .. yet.  We're fighting SW Bell.





From tcmay at netcom.com  Sat Feb 26 12:28:43 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 26 Feb 94 12:28:43 PST
Subject: Proposal: Another emergency session of Cypherpunks
Message-ID: <199402262029.MAA19813@mail.netcom.com>


Summary: Maybe it's time for another emergency session of Cypherpunks
to discuss policy in the aftermath of the double whammy announcements
of Tessera/Clipper II and the new and even more dangerous Digital
Telephony Bill.

After the Clipper announcement last April, we had a special emergency
meeting of Cypherpunks. Heavily attended, lots of discussion.

This time around, we most knew things like Tessera and a new Digital
Telephony Bill were coming, but the actuality of them has now been
made real. 

The "ban on encryption" hasn't yet happened, but more and more
roadblocks (another digital highway stupid metaphor?) are being
erected. For example, any service provider, university network,
hardware maker, etc., who fails to make transmissions "readable" faces
$10,000 a day penalties under my reading of Digital Telephony. This
could make an awful lot of service providers wary of _anything_ that
doesn't look like plain old English chitchat...they may just cancel
the accounts of anyone doing anything "funny." (Yes, there are
probably ways to skirt these reactions, but it means pushing
encryption underground, into tricks using stegonagraphy,
superencryption, and less publicizing of one's PGP keys. Not a good
thing. I agree with Perry Metzger that _public use_ or encryption is
the best approach, practically and morally. Hiding the use of it keeps
it "ghettoized.")

So, I propose that we reorient our next Cypherpunks meeting (Saturday,
March 12th, I presume) to deal with these issues. Some topics:

* Legal overview of the Digital Telephony Bill. If Mike Godwin could
link up with the other D.C.-area folks (Pat Farrell, Paul Ferguson,
etc.), and then have a link to our meeting, this would be ideal.

* When could Digital Telephony become law and what would be the
implications?

* Ditto for Tessera, Capstone, etc.

* Status of Voice-PGP efforts....when will SoundBlaster-type software
be available? What about encrypted IP packets on workstations instead?
(Recall the impressive DES-encrypted conference call the 3 Cypherpunks
groups had at the emergency Clipper meeting last April.)

(I've heard talk--no pun intended--of several "Voice-PGP" projects,
using SoundBlaster hardware, CELP, DSPs, etc., but no software seems
to be available right now. How much longer do we have?)

* How to fight these proposals, or work around them.

It'd also be nice if some of the outlying groups (Cambridge, MA,
Washington, D.C., London, Colorado, Austin) could link up with us at
least briefly. (If we started at noon, California time, that would be
fine for the East Coasters, but 8 or 9 p.m. for the Londoners....does
the London group still meet?)

This is just an idea. Let's discuss it.


--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From 68954 at brahms.udel.edu  Sat Feb 26 13:36:36 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Sat, 26 Feb 94 13:36:36 PST
Subject: Proposal: Another emergency session of Cypherpunks
In-Reply-To: <199402262029.MAA19813@mail.netcom.com>
Message-ID: <Pine.3.89.9402261637.A17700-0100000@brahms.udel.edu>


On Sat, 26 Feb 1994, Timothy C. May wrote:

> Summary: Maybe it's time for another emergency session of Cypherpunks
> to discuss policy in the aftermath of the double whammy announcements
> of Tessera/Clipper II and the new and even more dangerous Digital
> Telephony Bill.
> 
	I agree, these are very umm, I dont want to be discouraging and a 
downer, but basically they really pissed me off, and makes me wonder what 
the hell makes this nation different from the stereotypical communist 
nation.  ACK, makes me so mad, i mena the nerve of these poeple, oh 
well....what can I do to help?



> 
> It'd also be nice if some of the outlying groups (Cambridge, MA,
> Washington, D.C., London, Colorado, Austin) could link up with us at
> least briefly. (If we started at noon, California time, that would be
> fine for the East Coasters, but 8 or 9 p.m. for the Londoners....does
> the London group still meet?)
>

	how do you propose us here onthe east coast hook up?  I
	would think a virtual meeting would be nice, but dont
	know any of the logistics which such an operation.  I
	personally can't travel, and a the best could uh, make a
	long distance telephone call with my neato boxes.  Is
	there anyone in the Deleware area?  Kinda near D.C. and
	cambridge, but traveling to either of those places would
	be difficult, as in near impossible, unless........

> This is just an idea. Let's discuss it.
> 
> 
> --Tim May
> 
> -- 
> ..........................................................................
> Timothy C. May         | Crypto Anarchy: encryption, digital money,  
> tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
> 408-688-5409           | knowledge, reputations, information markets, 
> W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
> Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
> "National borders are just speed bumps on the information superhighway."
> 

	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From plaz at netcom.com  Sat Feb 26 13:40:39 1994
From: plaz at netcom.com (Geoff Dale)
Date: Sat, 26 Feb 94 13:40:39 PST
Subject: Party with the Nextropians! at Nexus-Lite!
Message-ID: <199402262140.NAA19635@mail.netcom.com>


         MEET THE NEXTROPIANS: WE ARE HERE AND NOW AMONG YOU
__________________________________________________________________________
Romana Machado - Geoff Dale - David Gordon - Nick Szabo - Russell Whitaker

We can't call ourselves Nexus-Lite any more. When Dave Gordon moves in,
we'll have tied the most populous nexus* of all recorded history. The
residents of Nexus-Lite (but getting heavier by the minute), an Extropian
intentional community, invite you to a Nexus Naming Potluck Party. Prizes
for the best name for our Nexus will be awarded.

We are also celebrating Housemistress Romana's appearance in WIRED and
bOING bOING, describing her excellent shareware program, Stego! Thanks for
your excellent articles, Sandy!

Dress for the future, bring a friend. Flip a coin; heads bring food, tails
bring drink.

When: Saturday, March 12, 1994, 7.p.m (after the Cypherpunks meeting, until
an indeterminate time on the following day)

Where: 21090 Grenola Drive, Cupertino CA
(See Obligatory Crude Ascii Map Attached Below)

Tel: (408) 253-1692

*nexus (neks-us) n. A place where extropians** live in comfort for mutual
profit, and work on extra credit assignments without fear of reprisal.

**extropian (eks-tro-pee-an) 1) n. A boundlessly optimistic futurist who
will live forever or die trying. 2) n. Exactly like a human, only much,
much better. 3) n. A champion in the war against entropy. 4) adj. Any way
cool thing an extropian would like.

nextropian (neks-tro-pee-an) 1) n. An extropian who lives in a nexus. 2)
Welcome to the Next Level.

DIRECTIONS:
Nexus-Lite is located at 21090 Grenola Drive in Cupertino.  Geoff Dale's
phone number (in case you get lost) is 408-253-1692.

>From 280: Take the Saratoga/Sunnyvale (Or DeAnza Blvd, its all the same
thing) Exit (which is actually the 85 South detour).  Turn north on DeAnza
(aka Saratoga/Sunnyvale Road) at the exit (a left turn if you are coming
from San Francisco; right if you are coming from San Jose).  Turn left at
Homestead; go three blocks to N. Stelling, take left (at the McDonalds).
(Note: North Stelling is called Hollenbeck on the other side of Homestead.
Don't be fooled!)

>From 101: Take 85 south and exit at Homestead; turn left onto Homestead.
Proceed several blocks (you will pass a high school); then turn right on N.
Stelling.

Once on N. Stelling:
Right at first light: Greenleaf
First left, Flora Vista
First Right on to Grenola Dr
21090 (mnemonic: anagram for Beverly Hills zip code) is a tannish house on
left with a high roof that slopes toward the street.
Park on the street -- in the direction of traffic, or you may get a $15
ticket. This has happened.

OBLIGATORY CRUDE ASCII MAP (not to scale; up is not north):

     /\
     ||                        ^                  ^
     || (85)                   |                  |
     ||                        |                  |
     ||                        |Hollenbeck        |
    /||                        |                  |
<----++---/ /-- (Homestead) ---+------------------+------------------>
     ||                        |                  |
     ||                        |N.Stelling        |
     ||                        |                  |
     ||                        |            DeAnza|Saratoga/Sunnyvale
     ||                        |                  |
<=========/ /== (280) =======] | [================+==================>
     ||                        |
     ||                        |
     ||                ^       |
     ||                |       |   Greenleaf
     \/     <----------+-------+----------------->
                       |       |
            Flora Vista|       |
                       |       |
                       |       |
            Grenola    |       |
         <-------------+       |
             *=21090   |       |
                       |       |
                       V       V

Excelsior! Forward, onward, upward, outward, and every which way but loose!
Once more into the future dear friends!







From danisch at ira.uka.de  Sat Feb 26 14:04:24 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Sat, 26 Feb 94 14:04:24 PST
Subject: List of mail -> news gateways?
Message-ID: <9402262203.AA10096@deathstar.iaks.ira.uka.de>



Hi,

is there anywhere a list of hosts which allow to post news by sending mail?
I am looking for such hosts which have the german (.de) newsgroups.

Thanks a lot
Hadmut





From hayden at krypton.mankato.msus.edu  Sat Feb 26 14:05:17 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Sat, 26 Feb 94 14:05:17 PST
Subject: VIRTUAL meeting needed
Message-ID: <Pine.3.89.9402261653.A6801-0100000@krypton.mankato.msus.edu>


All this talk about needing a CP meeting is well and good, but it doesn't 
do any good for those of us that are not in physical distances of the 
meeting place.

Instead, perhaps we need to organize for another virtual meeting again.  
With a little more organizing, it would go smoother.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From julf at penet.fi  Sat Feb 26 14:24:49 1994
From: julf at penet.fi (Johan Helsingius)
Date: Sat, 26 Feb 94 14:24:49 PST
Subject: VIRTUAL meeting needed
In-Reply-To: <Pine.3.89.9402261653.A6801-0100000@krypton.mankato.msus.edu>
Message-ID: <199402262224.AA20091@lassie.eunet.fi>



> Instead, perhaps we need to organize for another virtual meeting again.  
> With a little more organizing, it would go smoother.

How about trying IRC this time?

	Julf






From beker at netcom.com  Sat Feb 26 14:27:26 1994
From: beker at netcom.com (Brian Beker)
Date: Sat, 26 Feb 94 14:27:26 PST
Subject: ironic
In-Reply-To: <199402251855.KAA03310@mail.netcom.com>
Message-ID: <Pine.3.85.9402261449.A4459-0100000@netcom7>



On Fri, 25 Feb 1994, Timothy C. May wrote:

> I could have sworn I heard something on CNN a few days ago about how
> his home PC was also tapped/monitored to collect incriminating
> evidence. Listening in with vans full of RF gear wouldn't surprise me.

>From The New York Times, Thursday, February 24, page A13:

	"FBI agents broke into the Ames residence and placed an
	electronic monitor in his computer."

Yours,
Brian






From hayden at krypton.mankato.msus.edu  Sat Feb 26 14:45:23 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Sat, 26 Feb 94 14:45:23 PST
Subject: VIRTUAL meeting needed
In-Reply-To: <199402262224.AA20091@lassie.eunet.fi>
Message-ID: <Pine.3.89.9402261632.A7924-0100000@krypton.mankato.msus.edu>


On Sun, 27 Feb 1994, Johan Helsingius wrote:

> 
> > Instead, perhaps we need to organize for another virtual meeting again.  
> > With a little more organizing, it would go smoother.
> 
> How about trying IRC this time?

Actually, I'm convinced that the MOO setting like the last one worked 
better IF IT HAD THE PROPER ORGANIZATION.  Get yourself a client like 
TinyFugue and it is very nice.   IRC, while being simple, lacks a lot of 
the features that aid in helping an organized meeting.

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From mg5n+ at andrew.cmu.edu  Sat Feb 26 15:03:42 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sat, 26 Feb 94 15:03:42 PST
Subject: List of mail -> news gateways?
In-Reply-To: <9402262203.AA10096@deathstar.iaks.ira.uka.de>
Message-ID: <8hPxIOW00awTQ1NVBJ@andrew.cmu.edu>


danisch at ira.uka.de (Hadmut Danisch) wrote:

> is there anywhere a list of hosts which allow to post news by
> sending mail?  I am looking for such hosts which have the
> german (.de) newsgroups.

There is a list of them in the remailer info that you can get by sending
mail to mg5n+remailers at andrew.cmu.edu

I don't have any german ones tho... uk is the closest one to you that I
know of.  These are the ones I have:

group-name at cs.utexas.edu
group.name.usenet at decwrl.dec.com
group.name at news.demon.co.uk
group.name at news.cs.indiana.edu
group-name at pws.bull.com


Please tell me if any of you know of any others!!!

(I know of the Berkeley and CMU ones, but they both block off-camous
mail so I didn't list them.)





From orion at crl.com  Sat Feb 26 15:04:14 1994
From: orion at crl.com (Colin Orion Chandler)
Date: Sat, 26 Feb 94 15:04:14 PST
Subject: VIRTUAL meeting needed
In-Reply-To: <Pine.3.89.9402261632.A7924-0100000@krypton.mankato.msus.edu>
Message-ID: <Pine.3.87.9402261550.A15140-0100000@crl.crl.com>


I agree... IRC is much too limited compared to the bast virtual realities 
of MOOs, and IRC is also much more unrealible... we have IRC for about 12 
hours a day, simply because the server for IRC keeps killing itself :(

On Sat, 26 Feb 1994, Robert A. Hayden wrote:

> On Sun, 27 Feb 1994, Johan Helsingius wrote:
> 
> > 
> > > Instead, perhaps we need to organize for another virtual meeting again.  
> > > With a little more organizing, it would go smoother.
> > 
> > How about trying IRC this time?
> 
> Actually, I'm convinced that the MOO setting like the last one worked 
> better IF IT HAD THE PROPER ORGANIZATION.  Get yourself a client like 
> TinyFugue and it is very nice.   IRC, while being simple, lacks a lot of 
> the features that aid in helping an organized meeting.
> 
> ____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
> \  /__          -=-=-=-=-             <=>          -=-=-=-=-
>  \/  /   Finger for Geek Code Info    <=> In the United States, they
>    \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
> -=-=-=-=-=-=-=-
> (GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
> 		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
> 
> 






From jesse at netcom.com  Sat Feb 26 15:23:41 1994
From: jesse at netcom.com (Jesse Montrose)
Date: Sat, 26 Feb 94 15:23:41 PST
Subject: VIRTUAL meeting needed
In-Reply-To: <Pine.3.87.9402261550.A15140-0100000@crl.crl.com>
Message-ID: <199402262324.PAA19481@mail.netcom.com>


>I agree... IRC is much too limited compared to the bast virtual realities 
>of MOOs, and IRC is also much more unrealible... we have IRC for about 12 
>hours a day, simply because the server for IRC keeps killing itself :(

Another vote here for a MOO, as opposed to IRC.  If done right, MOO meetings
are much easier to follow, IMNSHO..

Jesse V. Montrose  |tellmesomethingidontknowsellmesomethingicantusepushthebutt
jesse at netcom.com   |onconnectthegoddamneddotsliveinthiefinmybedroombathroomcom
jesse at xaostools.com|moditysodomyglassautonomypromiseeverythingtakeitallawaygiv
PGP|FTP /pub/jesse |eitarestyourelyingthroughyourteeth                Ministry





From 68954 at brahms.udel.edu  Sat Feb 26 15:39:41 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Sat, 26 Feb 94 15:39:41 PST
Subject: VIRTUAL meeting needed
In-Reply-To: <Pine.3.87.9402261550.A15140-0100000@crl.crl.com>
Message-ID: <Pine.3.89.9402261835.A26840-0100000@brahms.udel.edu>


On Sat, 26 Feb 1994, Colin Orion Chandler wrote:

> I agree... IRC is much too limited compared to the bast virtual realities 
> of MOOs, and IRC is also much more unrealible... we have IRC for about 12 
> hours a day, simply because the server for IRC keeps killing itself :(
> 
> 
	Yes, not to mention that it just seems a lot cleaner so to 
speack, and also I dont have IRC here.  I think a virtual MOO is very 
important at this juncture.  It's probably the best low-cost(as in close 
to nil) virtual meeting you can get.  Just as long as I can get a 
client(not a prob) and am sufficiently prepared to figure out wht MOO 
it's on etc.. so I can go get accustumed. etc...


	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From galiel at world.std.com  Sat Feb 26 15:51:30 1994
From: galiel at world.std.com (David Galiel)
Date: Sat, 26 Feb 94 15:51:30 PST
Subject: VIRTUAL meeting needed
In-Reply-To: <Pine.3.89.9402261835.A26840-0100000@brahms.udel.edu>
Message-ID: <Pine.3.89.9402261812.A24705-0100000@world.std.com>



What about MediaMOO
(MIT MediaLab)
Storm the temple!

I'll be happy to talk with the janitors to ensure they can handle all the 
guest accounts simultaneously and set up a suitable environment
(there is a virtual auditorium which is set-up to handle a large 
gathering and there is precedent for this type of meeting).
Can anyone give me an idea of how many people were on for the last meeting?

galiel at wlord.std.com
Flout 'em and scout 'em -- and scout 'em and flout 'em;
Thought is free.
			-- Shakespeare






From nobody at jarthur.claremont.edu  Sat Feb 26 16:26:48 1994
From: nobody at jarthur.claremont.edu (nobody at jarthur.claremont.edu)
Date: Sat, 26 Feb 94 16:26:48 PST
Subject: Nuclear Capone in Russia?
Message-ID: <9402270026.AA26245@toad.com>


Los Angeles Times, Saturday, Feb. 26, 1994, p.A10

FBI Director Sees Parallels Between Russia Now, Chicago Then

Crime: Louis J. Freeh doesn�t want a Slavic Al Capone to endanger U.S.
investments or undermine the fragile democratic process.  And he is
working to help prevent it.

By Ronald J. Ostrow
Times Staff Writer

Washington - To FBI Director Louis J. Freeh, organized crime in Russia
today bears disturbing similarities to Chicago�s in the 1920s and
1930s - violent but fractionalized, a danger to itself as much as to
the rest of society, and with a potential for much more.

The likes of Al Capone, unchecked by the FBI or any other law
enforcement body, welded the Chicago mob into a unified force that
preyed on the community for decades.

Freeh does not want a Slavic equivalent of Capone to do the same today
in Russia, for fear not only of endangering American Business activity
there but also of undermining that country�s fragile democratic
process.  And he is working to help Russian authorities prevent it.

Already, Freeh said, elements of Russian organized crime are
responsible for everything from "bushwhacking" American businessmen to
dealing in materials that could be used in nuclear weapons.

If authorities do not act soon, he said, organized crime will become
so entrenched throughout the former Soviet Union and its Eastern
European satellites that, like the Mafia in Chicago, it will take
decades to remove it.

"We have to look at it as something that's clearly directed toward the
United States, toward our economy," Freeh said in an interview.  "Even
with decreasing resources, we can't afford to do what the FBI did with
respect to La Cosa Nostra for 30 years, and that was to completely
ignore it."

The situation in Russia today, Freeh acknowledged, is not as dire as
in Chicago in the 1920s and 1930s.

But German and Russian law enforcement authorities "are concerned
about the very rapid inroads that these gangs are making into
officialdom, into police and government officials," the FBI director
said.

To help the Russians cope, Freeh wants to station up to three FBI
agents in Moscow by the end of spring to serve as liaisons with
Russian authorities.

Contacts are now handled largely by two agents based in Bonn, who have
responsibilities beyond the former Soviet Union.

Authorities in Russia's Interior Ministry and the Moscow police "are
desperately in need of our help," Freeh said.  "They want our
training, our methodology."

He also wants to bring Russian agents for 11 weeks of training at the
FBI's National Academy in Quantico, VA., where they would learn about
laboratory and computer work and the other technologies that the FBI
uses against organized crime.

For now, Freeh said, the victims of Russia's organized crime are
mostly Russian Entrepreneurs and other business people.  But he warned
that American businesses seeking a foothold in Russia are just as
vulnerable.

"Part of the [Clinton] Administration's program is to give not only
economic aid but to [assist] economic institution-building and to
encourage American and other foreign investments" in the former Soviet
Union, he said.

"If the scouts for leading American corporations are getting
bushwhacked in their hotel rooms in Moscow or, perhaps worse,
establishing a foothold and having to face extortion and economic
criminal activity they are not prepared to do, our economy takes a
serious hit," Freeh said.  "The end product is that the process for
democracy and a free economy in Russia takes a very significant step
backward.

"I guess it's an irony, but it's much harder to police in a democratic
fashion than than to police in a totalitarian fashion," Freeh said. 
"Police work is very hard if you do it according to due process and
democratically."

Authorities in the former Soviet Union "don't have that experience and
haven't had it for 70 years.  So they're having to learn all of the
tools, skills and techniques and, at the same time, deal with a
burgeoning crime crisis," Freeh said.

U.S. authorities are particularly concerned that Russian gangs "are
aggressively looking to buy and sell nuclear materials," the FBI
director said.

The materials so far are less than weapons grade, but they could be
used for designing devices deadly to population centers, according to
FBI intelligence.

"That's a whole different threat than we've faced before," Freeh
said.

He declined to give any more specifics on the threat, but said the
United States under the law now lacks authority to fully deal with
it.

Under the 1950 Atomic Energy Act, the FBI has authority to investigate
the transfer or shipment of nuclear materials only if their origin or
destination is American or they have entered and left the United
States.

Freeh said he has discussed with Atty. Gen Janet Reno and other
Justice Department officials the need for a law broadening the FBI's
authority over such matters.

The FBI is also interested in the criminal activities of Russian
immigrants in the United States, according to Jim Moody, who directs
the FBI's efforts against organized crime.

In the late 1970's and early 1980's, about 200,000 people entered the
United States from the Soviet Union, and Moody estimated that about 1%
of them - 2,000 - were "hard-core criminals."

But he regards them as second-string players who are now being
replaced by more highly skilled, educated lawbreakers.

In one of the more sophisticated conspiracies involving Russian
emigres, a federal grand jury in Philadelphia last June charged 15
people and two corporations with evading federal and state excise
taxes on the sale of more than 51 million gallons of diesel fuel in
Pennsylvania and New Jersey.





From nobody at shell.portal.com  Sat Feb 26 16:42:50 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 26 Feb 94 16:42:50 PST
Subject: Security of andrew.cmu.edu anon-server?
Message-ID: <199402270043.QAA29512@jobe.shell.portal.com>


What kind of encryption is the anonymous contact system at andrew using?
 I think someone said that it used a home-brew cipher.  How secure might
such a system be against cryptanalysis (or just brute force key
searches?)  Or has it been changed to use something like DES or IDEA? 
(In the former case, DES, it might not be completely secure, unless you
used 3DES or something.)   If someone could break the code, they could
find out _EVERYONE'S_ mail address that ever posted using an anon
address from that remailer...





From joshua at cae.retix.com  Sat Feb 26 16:46:18 1994
From: joshua at cae.retix.com (joshua geller)
Date: Sat, 26 Feb 94 16:46:18 PST
Subject: [julf@penet.fi: Re: VIRTUAL meeting needed]
Message-ID: <199402270045.QAA00634@sleepy.retix.com>



>> Instead, perhaps we need to organize for another virtual meeting again.  
>> With a little more organizing, it would go smoother.

>How about trying IRC this time?

be something worthwhile on irc for once.

and people would be there who wouldn't otherwise
(like me).

josh







From tcmay at netcom.com  Sat Feb 26 17:20:06 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 26 Feb 94 17:20:06 PST
Subject: Capone's Cojones in Loan Zones?
In-Reply-To: <9402270026.AA26245@toad.com>
Message-ID: <199402270120.RAA24412@mail.netcom.com>



Regarding "Nobody"'s forwarding of the FBI's plans to move into
Russia, this is also similar to the rationale used by the German BND
(Bundesnachrichtendienst, if I rememer the spelling correctly) to move
into Eastern Europe in various overt and covert ways.

Expect Germany and the U.S. to lock horns soon. The real intelligence
war is just beginning, with Gehlen's boys battling their former
OSS/CIA cronies for world fascist domination.

"Nuclear terrorism" is indeed a threat, especially when practiced by
fascist nations--fill in the blanks with who you think I mean.

Those who thought "history ended" when the Cold War ended, now face
the prospects of Goldfingers proliferating. Exciting times indeed.

Bid deal, a few cities get nuked. The greater danger is that of the
control freaks like Denning clipping and skipjacking our remaining
freedoms and ushering in the thousand-year Reich of Kaiser Willy.

War is Piece. No Gnus is Bad Gnus. Surveillance is Security.

--Winston May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From mg5n+ at andrew.cmu.edu  Sat Feb 26 17:22:59 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sat, 26 Feb 94 17:22:59 PST
Subject: Mailing list software losing posts
Message-ID: <MhPzL6u00VAz0GxUgj@andrew.cmu.edu>


The list software seems to be having problems again.  I sent the below
post to the list three times, and it never got sent out.  But since
another post from me just showed up, maybe it's working now...  (Let me
know if you got more than one copy, because I sure didn't.)

-----

To: cypherpunks at toad.com
Subject: Re: lists of U.S. cypherpunks and Tentacles.
CC: Matthew J Ghio <mg5n+ at andrew.cmu.edu>
In-Reply-To: <9402260131.AA08270 at toad.com>
References: <9402260131.AA08270 at toad.com>
Date: Sat, 26 Feb 1994 11:34:54 -0500 (EST)
From: Matthew J Ghio <mg5n+ at andrew.cmu.edu>

mg5n+eaibiubkxb58z84cy2iaf9r61u26ra5x26mc0h at andrew.cmu.edu wrote:

> Please add me to your list. As you can see, I clearly have
> a US-based email address. :)

hehe...  This didn't come from my site tho.  It looks like a clever port
25 hack.  However, the return address is valid.

I suppose this points out another problem with the US export laws:  How
can you know where a message came from?  As the above example shows,
there is really no way to know where the person you're communicating
with is.  In other words, you can't not break the US export laws.  All
you have is someone's word that they are in the US or not, but you
really can't know for sure.  Something to mention in your letters to
Rep. Cantwell.

> -Ibiu

Cute...  using part of your encrypted address as a handle?  I never
thought of doing that... hmm...





From arthurc at crl.com  Sat Feb 26 18:14:41 1994
From: arthurc at crl.com (Arthur Chandler)
Date: Sat, 26 Feb 94 18:14:41 PST
Subject: VIRTUAL MEETING at BAYMOO
In-Reply-To: <Pine.3.89.9402261812.A24705-0100000@world.std.com>
Message-ID: <Pine.3.87.9402261817.A4405-0100000@crl.crl.com>



  On behalf of the folks at BayMOO, I'd be delighted to invite the 
cypherpunks back for a second virtual meeting.  Our first session on 
February 9 gave a taste of what's possible.  Another session, with a 
cleanly organized agenda, could work even better. There are a number of 
cypherpunks with named accounts at BayMOO already, and new accounts can 
be handled in a day by writing to blast at crl.com (blast is also on the list).
As someone indicated, MOOs work best with clients like Tinyfugue, though 
it is possible to do all right with raw telnet (especially if you have 
com software, like Microphone, that gives you a text buffer for 
composition before you send your words out into the virtual room).
  There are several options for organization for whoever will be putting 
the session together. There are:
  -- large rooms that can be moderated (speaker queues, separate rows for 
private conversations, etc.);
  -- smaller rooms for sessions with 2-10 people;
  -- mindspeak channels for folks who want to attend a meeting and 
discuss other issues on a channel at the same time
  -- virtual videotaping or autologging of the proceedings.
  The key to success, though, as the last meeting clearly indicated, is 
an agenda with clearly specified topics and time-certain beginnings and 
endings.  Moderators to make sure that speakers cleave to the stated 
topic seem best for large meetings; smaller groups can, if they like, let 
the conversations develop with their own internal momentum.
   Just let me or blast know if the idea of a second virtual meeting at 
BayMOO appeals to you, and we'll make the arrangements.








From bsteve at zontar.attmail.com  Sat Feb 26 18:30:20 1994
From: bsteve at zontar.attmail.com (Steve Blasingame)
Date: Sat, 26 Feb 94 18:30:20 PST
Subject: Newsday Editorial
Message-ID: <9402270133.AA19290@zontar.attmail.com>



Dorothy:

We have not been formally introduced. My name is Steve Blasingame. I am a
long-time proponent of quality encryption systems for both private and
commercial communications. I am also a long-time employee of The AT&T
Company responsible for AT&T-GIS strategies, programs and products
in internetworking. I am very pleased that AT&T is manufacturing the
"Clipper Phone" product and believe that "Clipper" is an enabling
technology for government and business. However, I must challenge the
basis of your "Newsday" editorial as false.

>"   The Clinton administration has adopted the chip, which would allow
>law enforcement agencies with court warrants to read the Clipper codes
>and eavesdrop on terrorists and criminals."

It would be great if this were true, but it is false. Criminals and
terrorists operate outside the confines of the law and are not obliged
to use encryption schemes sanctioned by statute.

>"  But opponents say that, if
>this happens, the privacy of law-abiding individuals will be a risk.
>They want people to be able to use their own scramblers, which the
>government would not be able to decode."

Given that criminals would not be obliged to use the statutory method
of encryption, what other purpose could be served by such a technology
enforced by law?

"   If the opponents get their way, however, all communications on the
information highway would be immune from lawful interception."

It is clear that the security of communications on the information
highway is an important issue. However, as a corporate citizen, I
am more concerned about the un-lawful monitoring of communications and
do not consider that there is a sufficiently robust encryption technology
to make a statutory encryption standard workable for more than a few years.

>"  But then who would have
>thought that the World Trade Center bombers would have been stupid
>enough to return a truck that they had rented?"

I think that this qualifies as an appeal to ignorance. "Can you prove
it isn't true?"

>"...  Lawlessness would prevail."

If you examine definition 3 from the latest edition of the "American
Heritage Dictionary" in your study, you will find that "Lawless" means
"not governed by law." This is certainly a law that we can all do without.

  Very truly yours,

    Steve Blasingame
    bsteve at zontar.com






From rarachel at prism.poly.edu  Sat Feb 26 22:58:15 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sat, 26 Feb 94 22:58:15 PST
Subject: Mailing list software losing posts
In-Reply-To: <MhPzL6u00VAz0GxUgj@andrew.cmu.edu>
Message-ID: <9402270646.AA25163@prism.poly.edu>


Why bother with something as obvious and complex as an encrypted
address with a + in the middle.  If I were Joe Foreign_Guy I would
simply get an account somewhere in the USA, there are plenty of
public access unix systems that allow you a free month or so,
do the request for the crypto software, and immediatly put a 
.forward file in my directory.  I do this because I can no longer
support the high price of calling the USA, and thus want my mail
sent to a machine on the net that is sitting on my desk here in
sunny (insert_foreign_country).  

This way, the author has not broken the law by sending the software
to anysite.com, and I haven't either because all I did was to tell
the unix box to forward my mail out of the country.  Such a setting
isn't illegal, neither is sending crypto software via email to a 
USA site.

Legally who is to blame?  Neither "I" nor the sender broke the law
although the software has been sent.  If I move from the USA to
another country and arrange a deal with my post office to send me
ALL my mail to wherever I am and pay them in advance for the
service plus agree to pay for whatever forwarding costs, who is to
be blamed if Joey_CryptoAuthor sends me a disk with a ton of
crypto software in an unlabled box, and the Post Office does not
check its contents, but exports it?

Neither I nor Joey_CryptoAuthor broke ITAR.  Not really.  Not
intentionally.  But who gets blamed?






From gnu  Sun Feb 27 00:21:52 1994
From: gnu (gnu)
Date: Sun, 27 Feb 94 00:21:52 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
In-Reply-To: <9402252135.AA04902@toad.com>
Message-ID: <9402270821.AA02821@toad.com>


> I confess -- I expect one of two outcomes.  First, they may say that
> the database is classified, if only at the level of ``For Official
> Use Only''.

`For Official Use Only' is not a valid classification.  A document
with this marking cannot be withheld under FOIA exemption 1.  You have
to read the Executive Orders on classification -- this category got
cleaned up a LONG time ago.

The current Executive Order gives particular criteria for classifying
things.  If this database doesn't fit any of those criteria, it can't
legally be classified.  I don't believe that this database is covered.
And a judge in a FOIA case can do a "de novo" (from scratch) review of
whether the material is legally classified, by examining it himself in
private -- we don't have to take the agency's word that "there really
is some reason it is classified".

Also, giving classified information to unauthorized people is a major
offense.  They threatened me with that offense one time, over texts
that I found in a library.  If the keys in the database are
classified, they can't give them out to cops.  FOIA requires that they
"segregate" any classified part and give me the rest of what's there,
so if they claim that "well, one key isn't classified, but ten or a
thousand of them are classified", I bet we can (1) get some keys out,
(2) challenge this idea in court.  In particular, it should be
possible to record the LEAF from a particular chip (whether you own
it, or not!) and send it to them in a FOIA request asking for the
matching unit key.  They clearly can map a LEAF to a key (they do it
for cops), and FOIA only requires that you "reasonably describe" the
records you want.  Given their mapping capability, the LEAF is a
reasonable description of the record you want.

> Second, maybe they will release it -- but remember that
> the keys are stored encrypted.  Can you file an FOIA request for the
> key, too?

Either I can get the key, or I can get them to decrypt it for me.  If
they could hold arbitrary government records in secret by simply
encrypting them and classifying the keys, FOIA would be entirely
thwarted; the courts wouldn't let them get away with it.

By the way, I did request the keys:

> This request includes your database of the escrowed key
> components.  This request also includes any ancillary information
> about the database, such as data formats, procedures, standards,
> access methods, memos and documents about its use, access
> software, plans, etc.  If the database itself is stored in encrypted
> form, then this request also includes the computer programs and
> keys required to access it. 

	John






From strick at osc.versant.com  Sun Feb 27 01:10:21 1994
From: strick at osc.versant.com (strick -- strick AT versant DOT com -- henry strickland)
Date: Sun, 27 Feb 94 01:10:21 PST
Subject: <8c> VIRTUAL MEETING at BAYMOO
In-Reply-To: <Pine.3.87.9402261817.A4405-0100000@crl.crl.com>
Message-ID: <9402270912.AA23126@osc.versant.com>


		conch  n.  any of a group of large spiral-
		shelled marine mullusks, or the shell or animal
		individually.  [fr. L. concha, shell fr. Gk]


I've thought some about the prior meeting and what I would do
differently.  At the previous meeting, I had the dubious fortune of
being designated a speaker -- which did give me a chance to introduce
my pet topics, but had some disadvantages as well -- I lost the ability
to chat quietly with people in my row, and I felt compelled to say
something even when I had nothing to say.  I also noticed that others
who were not speakers did not feel like full participants in the event.

Now don't take these criticisms too strongly.  I was very impressed
on the whole with how well it went in spite of a few problems, and it
was really cool having far-flung punks join us.    I stayed for nearly 
two hours, when really I had thought it could last 30 minutes at most.

As for IRC, I'm attracted to the idea of a free-for-all, but I honestly
was not able to follow anything when everyone had gathered together
but before the speach controls were imposed -- there were just too many  
threads at once, and I couldn't find the ones I was following.

Anyway, some brainstorms follow.  I think these are not too different 
from what we were trying before, and could be easily implemented.
(I wish I had already put some time into mud programming, and could
offer some implementations, but alas i haven't.)

Sitting in rows:  this was good.  having random people on your row
was interesting.  At times, the discussion in the row was better than the 
official discussion, partly because of the intimacy -- like
you didn't have to be shy about asking stupid questions or making
sneid remarks.

Gurus:  It would be good to distribute the BayMOO regulars
throughout the rows, so they can answer questions about how to use the
moo.  If a few others on the row overhear the question/answers, it
doesn't hurt and may educate them, too.  Wouldn't hurt if someone on
each row had some semi-wizardly powers as well, so they could fix
inequities and problems they perceive.

Conch:  Remember the Conch shell in the Lord of the Flies -- in order to
talk you had to have the conch.  A protocol might be to have eight
conchs, and you enqueue when you ask for the conch, and you release
it when you are done, and the next person in line gets it.  If I 
say "drop conch" and Julf is next in line (he had typed "wait conch"), 
the mud could announce
	strick9 passes a conch to Julf
and these messages would be easy to ignore or to follow.  Anyway, this
would limit the number of speakers at any one time, but allow a rotation
of everyone to be able to speak.   Improvement:
	wait conch with "what is this PGP you keep talking about?"
lets you type ahead one message while you're waiting in queue.
Then "wait conch" alone kills your typeahead message, but doesn't change
your status in line, in case someone already made your comment.
Build some limits into the conch -- you automatically drop if after
five broadcasts or after 3 minutes.  Wizards should be able to tweak
things like this in realtime.

Priorities:  I had thought about handing everyone a dozen digitickets
as they walked into the door.  It would cost you one ticket every time
you spoke.  This would cause you to ration your comments.  But a more
general way of achieving the same effect, yet adjusting gently to
actual conditions (how did I know 12 was the right number of tickets?),
is to imitate an operating system's prioritized wait queue.  Give top
priority to people who have never spoken before.  They get the next
conch available.  A generalization is to use "priority aging", like
UNIX nice(1), so that the longer it's been since you spoke, the better
your advantage over others waiting.  BIG MACS and MEDUSA'S SISTERS could 
be given extra advantage, nice -10, and SUSPECTED PSYCHOWONX and
Unreal Persons could be nice'd +10 if a wizard deemed them disruptive.
The nice thing is that if there are eight conchs and there are only eight
people who want to talk, they get the eight conchs, regardless of their
priorities.  The algorithm adapts to the circumstances.

Practice:  24 hours before the appointed meeting, there should be a 
practice meeting, a dress rehersal, but with bogus topics and a silly
attitude, to try out the software and for everyone to become familiar with
the process.  Topics should be like
	which is better, cats or dogs?
	why i hate unix
	Stegospeakers Anonymous
	which mud restaurant we will crash when this meeting is over?
and of course
	the wit and wisdom of L.Detweiler
and any other space-filling curves we don't want to waste time on
at the real meeting.


				<strick9 at BayMoo>





From ao27+ at andrew.cmu.edu  Sun Feb 27 01:31:42 1994
From: ao27+ at andrew.cmu.edu (Anthony D Ortenzi)
Date: Sun, 27 Feb 94 01:31:42 PST
Subject: Infomercials, FUD... time?
In-Reply-To: <199402250456.UAA07611@netcom9.netcom.com>
Message-ID: <khQ6UWm00iUzM0mHgH@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 24-Feb-94 Re: Infomercials, FUD...
time? by Timothy C. May at netcom.co 
> However, a few minor problems with the infomercial idea:
>  
> 1. The incredible cost. Ross Perot could afford to blow $5 million per
> show, not many others can.

Anyone know where ol' Ross stands on this issue?  He could communicate
the dangers to a large sector of the population... if he believes in our
cause.  It's hard to imagine him not, being a little on the paranoid
side about the Republicans tapping his communications, and all that
jazz... and he's got to have an internet e-mail address somewhere,
although it is probably under a pseudonym or something to keep him from
being inundated by the masses.  Someone who uses whois with Perot finds
lots of Perot Computer Systems or whatever the damn name of the company
is.  It can't be that hard to get in touch with him via e-mail.  

Someone has got to be able to get through to him to check.

Even though he is now not as highly regarded because of the NAFTA
fiasco, he's still got some pull.  Go to it, 'punks...


()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
()/----------------------------------------------------------------------\()
()| Anthony Dante Ortenzi  ()  ao27 at andrew.cmu.edu  ()  feynman+ at cmu.edu |()
()| -------------------------------------------------------------------- |()
()|    adortenz at suvm.acs.syr.edu     ()       ortenzi at chaos.bsu.edu      |()
()\----------------------------------------------------------------------/()
()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()





From galiel at world.std.com  Sun Feb 27 07:16:40 1994
From: galiel at world.std.com (David Galiel)
Date: Sun, 27 Feb 94 07:16:40 PST
Subject: using mediamoo - correction
Message-ID: <Pine.3.89.9402271022.A27248-0100000@world.std.com>


re:previous message about possible use of mediamoo for mtg.

Ooops - the ultimate NetSin - mispelled my address.
It's galiel at world.std.com
(sheepish grin)

Flout 'em and scout 'em -- and scout 'em and flout 'em;
Thought is free.
			-- Shakespeare






From bdolan at well.sf.ca.us  Sun Feb 27 07:44:09 1994
From: bdolan at well.sf.ca.us (Brad Dolan)
Date: Sun, 27 Feb 94 07:44:09 PST
Subject: Cryptography, fascism; Perot
Message-ID: <199402271544.HAA24602@well.sf.ca.us>


There has been a lot of discussion of cryptography/communications
issues on the UWSA reflector (uwsa at shell.portal.com).  This list is
monitored by people who work for Perot, so post there and it might
get his attention.

You can be added to the reflector by e-mailing to:
telcon at shell.portal.com  [I think that's right - I believe it 
used to be telconsort at shell.portal.com]

Brad  bdolan at well.sf.ca.us





From julf at penet.fi  Sun Feb 27 11:07:27 1994
From: julf at penet.fi (Johan Helsingius)
Date: Sun, 27 Feb 94 11:07:27 PST
Subject: VIRTUAL meeting needed
In-Reply-To: <Pine.3.87.9402261550.A15140-0100000@crl.crl.com>
Message-ID: <199402271834.AA24517@lassie.eunet.fi>



> I agree... IRC is much too limited compared to the bast virtual realities 
> of MOOs,

I agree. But we need to have a meeting, not a virtual reality.

MOOs are a really interesting social experiment, but I prefer to live
in the real world. IRC is a simple, straightforward everyday tool that
doesn't get in your way and doesn't try to impose some internal fake
universe on you.

>  and IRC is also much more unrealible... we have IRC for about 12 
> hours a day, simply because the server for IRC keeps killing itself :(

Sure. And my notebok PC is much more unreliable than my Sun. It's keyboard
keeps going dead. So we should all abandon PC:s and switch to Suns ;-)

	Julf






From julf at penet.fi  Sun Feb 27 11:09:11 1994
From: julf at penet.fi (Johan Helsingius)
Date: Sun, 27 Feb 94 11:09:11 PST
Subject: <8c> VIRTUAL MEETING at BAYMOO
In-Reply-To: <9402270912.AA23126@osc.versant.com>
Message-ID: <199402271713.AA23722@lassie.eunet.fi>



> I've thought some about the prior meeting and what I would do
> differently.  At the previous meeting, I had the dubious fortune of
> being designated a speaker -- which did give me a chance to introduce
> my pet topics, but had some disadvantages as well -- I lost the ability
> to chat quietly with people in my row, and I felt compelled to say
> something even when I had nothing to say.  I also noticed that others
> who were not speakers did not feel like full participants in the event.

> As for IRC, I'm attracted to the idea of a free-for-all, but I honestly
> was not able to follow anything when everyone had gathered together
> but before the speach controls were imposed -- there were just too many  
> threads at once, and I couldn't find the ones I was following.

Uh... Yes, I think experimenting with new ways to run a virtual meeting
is A Good Thing. But... We have a meeting to run. So how about
sticking to familiar tools for the actual meeting, so that we can concentrate
on the *issues* at hand, and schedule the experimental stuff separately.

If we need "rows" and whatever, why not just form a dozen separate IRC channels,
one on each sub-issue, and you can join as many or as few as you like at one
time. Let's not complicate things too much - we have a war to fight!

	Julf






From julf at penet.fi  Sun Feb 27 11:11:37 1994
From: julf at penet.fi (Johan Helsingius)
Date: Sun, 27 Feb 94 11:11:37 PST
Subject: VIRTUAL meeting needed
In-Reply-To: <Pine.3.89.9402261835.A26840-0100000@brahms.udel.edu>
Message-ID: <199402271829.AA24451@lassie.eunet.fi>



> 	Yes, not to mention that it just seems a lot cleaner so to 
> speack, and also I dont have IRC here.

But you don't have a MOO client either!

>  I think a virtual MOO is very 
> important at this juncture.  It's probably the best low-cost(as in close 
> to nil) virtual meeting you can get.

Uh... Why is IRC any more expensive?

>  Just as long as I can get a 
> client(not a prob) and am sufficiently prepared to figure out wht MOO 
> it's on etc.. so I can go get accustumed. etc...

You are prepared to get a MOO client but not an IRC client?

	Julf






From wex at media.mit.edu  Sun Feb 27 11:12:54 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Sun, 27 Feb 94 11:12:54 PST
Subject: More crypto in real life...
Message-ID: <9402271629.AA07476@media.mit.edu>


[The following is excerpted from RISKS digest.  I have sent mail to Valente
asking him to be more specific about what kind(s) of encryption they use for
their authentication routines.  I am slighly worried by the somewhat naive
statments in this posting.  --AW]

Date: 17 Jan 1994 20:09:29 -0800
From: "Luis Valente" <luis_valente at genmagic.genmagic.com>
Subject: Safety in Telescript

Phil Agre's message of January 6th ("Wild agents in Telescript?") brings
up some very good points. In this message I would like to describe some
of the safety features of Telescript that are used to prevent both
ill-intentioned scripts (e.g., worms, viruses) and buggy scripts from
damaging a Telescripted network.

1) The Telescript language is interpreted, rather than compiled. Thus,
Telescript programs cannot directly manipulate the memory, file system or
other resources of the computers on which they execute.

2) Every Telescript agent (i.e, Telescript program that can move around a
Telescript network) is uniquely identified by a telename. A telename
consists of two components: an authority which identifies the "owner" of
the agent (e.g., the Personal Communicator from which it originated) and
an identity which distinguishes that agent from any other agent of the
same authority. The authority component is cryptographically generated
and cannot be forged. Thus, when an agent is transferred from one
Telescript engine to another, it is possible to verify (using
cryptographic techniques) that the agent is indeed of the authority it
claims to represent. (N.B.: a Telescript engine is a program capable of
interpreting and executing Telescript programs).

3) Every Telescript agent has a permit which limits its capabilities.
Permits can be used to protect users from misprogrammed agents (e.g., an
agent that would otherwise "run away" and consume resources for which the
user would have to pay) and to protect Telescript service providers from
malicious agents. Two kinds of capabilities are granted an agent by its
permit. The first kind is the right to use a certain Telescript
instruction, e.g., the right to create clones of itself. The second is
the right to use a particular Telescript resource and by which amount.
For example, an agent is granted a maximum lifetime, a maximum size and a
maximum overall expenditure of resources (called the agent's allowance),
measured in teleclicks. An agent's permit is imposed when the agent is
first created and is renegotiated whenever that agent travels to an
engine controlled by a different administrative authority. If the agent
exceeds any of its quantitative limits, it is immediately destroyed by
the Telescript engine where it is executing.

4) Telescript agents move around a Telescript network by going from one
Telescript place to another. Telescript provides an instruction -- go --
that gives agents this travelling capability (if granted by their permit,
of course). Places are Telescript programs in their own right. Before
accepting an incoming agent, a place can examine the agent's telename,
permit and class (N.B.: an agent represents an instance of a Telescript
class; thus, the class of the agent represents the "program" that the
agent executes. Like authority names, class names cannot be forged).
Based on that information, the place can do any the following:

    a) Do not allow the agent to enter.

    b) Allow the agent to enter but only after imposing upon it a permit
more restrictive than the one it currently holds (e.g., the agent is only
allowed to consume 100 teleclicks while in this place).

    c) Allow the agent to enter and execute under its current permit.

5) When a Telescript process (agent or place) interacts with another
Telescript process, the telename and class of the former is available to
the latter. This enables Telescript applications to control who can
interact with them and in what ways.

I hope this (brief) description of some of the more pertinent security
features of Telescript will help Risks readers understand how we've
addressed the issues raised in the NYT article and in Phil's message.

-Luis Valente, General Magic, Inc.

------------------------------






From wex at media.mit.edu  Sun Feb 27 11:14:14 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Sun, 27 Feb 94 11:14:14 PST
Subject: Anyone looked at this report?
Message-ID: <9402271648.AA08079@media.mit.edu>


[Again cribbed from RISKS...  --AW}

From: "Lance J. Hoffman" <hoffman at seas.gwu.edu>
Subject: crypto policy report available online

The following report is available by anonymous ftp from ftp.gwu.edu under
directory /pub/hoffman.  The document is stored under the name "cryptpol".
It is a NIST-sponsored study.

The table of contents and abstract follows here.

                   CRYPTOGRAPHY: POLICY AND TECHNOLOGY TRENDS
       Lance J. Hoffman, Faraz A. Ali, Steven L. Heckler, Ann Huybrechts
                                December 1, 1993

                                    CONTENTS
          EXECUTIVE SUMMARY
          1.  INTRODUCTION
          2.  TECHNOLOGY
          3.  MARKET ANALYSIS
          4.  EXPORT CONTROLS
          5.  PUBLIC POLICY ISSUES
               5.1  EXECUTIVE BRANCH
               5.2  CONGRESS
               5.3  TRENDS
          6.  POTENTIAL SCENARIOS

                                EXECUTIVE SUMMARY

During the past five years, encryption technology has become easily available
to both individuals and businesses, affording them a level of security
formerly available practically to only military, national security, and law
enforcement agencies. As a result, a debate within the United States about
the proper balance between national security and personal freedom has been
initiated. Law enforcement and national security agencies would like to
maintain tight control over civilian encryption technologies, while industry
and individual and privacy rights advocates fight to expand their ability to
distribute and use cryptographic products as they please.

This report analyzes trends in encryption technology, markets, export
controls, and legislation.  It identifies five trends which will have a
strong influence on cryptography policy in the United States:

     * The continued expansion of the Internet and the progressive
     miniaturization of cryptographic hardware combined with the  increasing
     availability and use of strong cryptographic software means that the
     strongest encryption technologies will  continue to become more easily
     obtainable everywhere in the years ahead.

     * Additional growth in networked and wireless communication will fuel a
     strong demand for encryption hardware and software both domestically and
     abroad, causing the U. S. high-technology industry to be increasingly
     interested in selling encryption products overseas and in modifying
     current export restrictions.

     * Due to the responsibilities and bureaucratic dispositions of key
     Executive Branch agencies, products using strong encryption algorithms
     such as DES will continue to face at least some export  restrictions,
     despite the widespread availability of strong encryption products
     overseas.

     * The American public is likely to become increasingly concerned about
     its privacy and about cryptographic policy as a result of the increased
     amount of personal information available online and the growing number
     of wireless and networked communications.  The development and
     increasingly widespread use of the National Information Infrastructure
     will heighten these concerns.

     * Encryption policy is becoming an important public policy issue that
     will engage the attention of all branches of government.  Congress will
     become increasingly visible in this debate due to its power of agency
     oversight and its role in passing laws accommodating the United States'
     rapid rate of technological change.  Agencies will remain very important
     since they have the implementing and, often, the planning
     responsibilities.  Since individuals and industry have more direct
     influence over Congress than over most other branches of government,
     Congress may place somewhat more emphasis on personal freedom than many
     other government actors.

Four potential scenarios are likely: mandatory escrowed encryption, voluntary
escrowed encryption, complete decontrol of encryption, or domestic decontrol
with strict export regulations.

Professor Lance J. Hoffman, Dept of EECS, The George Washington University  
(202) 994-4955  Washington, D.C. 20052  hoffman at seas.gwu.edu Fax (202) 994-0227

------------------------------






From wex at media.mit.edu  Sun Feb 27 11:14:18 1994
From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat)
Date: Sun, 27 Feb 94 11:14:18 PST
Subject: Valente clarifies on Telescript
Message-ID: <9402271657.AA08339@media.mit.edu>


[This was posted to RISKS in response to objections raised by several
readers.  Note that he says they are using "RSA" encryption; one wonders
where their public keys are?  --AW]

From: "Luis Valente" <luis_valente at genmagic.genmagic.com>
Subject:  Safety in Telescript, Part Deux

Following my posting to RISKS on January 17 entitled "Safety in
Telescript" a number of readers have strongly questioned some of the
statements I made in that posting. Two of those statements, in which I
used casual or imprecise language, were particularly criticized:

1- "Telescript is interpreted and, thus, is safer than compiled
languages." As pointed out by many readers, an interpreted language is
not intrinsically safer than a compiled language. It is the Telescript
language definition that provides that protection. Within the abstraction
created by Telescript, programs lack operations for directly manipulating
the physical resources of the "real" computer(s) on which they execute.

That doesn't mean that Telescript programs cannot interact with
applications (e.g., databases) outside the Telescript abstraction.
However, that interaction can only take place via Telescript objects that
act as proxies for the "external" applications. Each such proxy object
defines the features of the corresponding external application that are
to be made available to Telescript agents and places. It may also define
and enforce a security policy for controlling access to those features
(e.g., based on an agent's credentials and permit). Furthermore, the
administrative authority for a given Telescript engine is capable of
controlling (by means of mechanisms built into the language) who can and
cannot create these proxy objects.

2- "Authority names are cryptographically generated and cannot be
forged." Obviously, that statement is not true in an absolute sense since
the "unforgeability" of the authority name is directly related to the
cryptographic mechanism used to generate it. We currently use RSA-based
public key cryptography for generating authority names. Entitlement to
use a particular authority name can be linked to the secret key used to
generate it.

Aside from the criticism leveled against my poor choice of words in the
aforementioned statements, several readers complained about the lack of
more detailed information on the security technology used by Telescript,
namely, what cryptographic algorithms are used, key sizes, key
distribution and management issues, exportability issues, etc.

Let me start by saying that my posting was not meant as a treatise on
Telescript Technology but merely a brief description of some of the
features of Telescript that can be used effectively against misprogrammed
or ill-intentioned telescripts.

General Magic has already published a white paper entitled "Telescript
Technology: The Foundation of the Electronic Marketplace." This paper
provides a high-level description of Telescript and is intended for the
layman, not the techno-savvy reader. It can be requested directly from
General Magic by calling (415) 965-0400. In the coming months we will
publish additional information on many different aspects of Telescript
Technology (including security).

Let me further say that the point of my original posting was not that
Telescripted networks are intrinsically secure (i.e., the "it won't
happen here" syndrome). It was simply to let RISKS readers know that we
have put a lot of thought into the security aspects of Telescript. In
fact, when General Magic started developing Telescript, security was at
the top of our list of concerns. As a result, we have built into the
fabric of the language a number of features that, we believe, will enable
application developers to write safe Telescript programs and network
operators to run highly secure Telescripted networks.

Heretofore, the discussions on RISKS have only covered a few of the many
security issues faced by a dynamic, interpreted, communication-centric
language like Telescript. As more detailed information on Telescript
becomes widely available, I am certain it will generate heated debates on
this and other forums. I look forward to them!

-Luis Valente, General Magic, Inc.

------------------------------






From 68954 at brahms.udel.edu  Sun Feb 27 11:15:27 1994
From: 68954 at brahms.udel.edu (Grand Epopt Feotus)
Date: Sun, 27 Feb 94 11:15:27 PST
Subject: VIRTUAL meeting needed
In-Reply-To: <199402271829.AA24451@lassie.eunet.fi>
Message-ID: <Pine.3.89.9402271459.A7886-0100000@brahms.udel.edu>


On Sun, 27 Feb 1994, Johan Helsingius wrote:

> 
> > 	Yes, not to mention that it just seems a lot cleaner so to 
> > speack, and also I dont have IRC here.
> 
> But you don't have a MOO client either!
>
	yeah, i don't
 
> >  I think a virtual MOO is very 
> > important at this juncture.  It's probably the best low-cost(as in close 
> > to nil) virtual meeting you can get.
> 
> Uh... Why is IRC any more expensive?
> 
	Well considering that in IRC you dont have all the neat stuff you 
can do in a MOO, like some people explained with the rows and "speaking 
sticks" ideas.  IRC is very cheap, free, but it is also rather minimal in 
my opinion.

> >  Just as long as I can get a 
> > client(not a prob) and am sufficiently prepared to figure out wht MOO 
> > it's on etc.. so I can go get accustumed. etc...
> 
> You are prepared to get a MOO client but not an IRC client?
> 

	Well, yes, it's alot easier to get the MOO client, then it would 
be to get the IRC client and compile it on a low quota account wiht 
sysops that dont like IRC at all.  I have tried it before with limited 
succes, and I dont plan on doing it again considering the status that the 
sysops have put it under here.

	My point simply was that MOOs IMO lend themselves to more of a 
virtual reality feel, than IRC does.   I have been on IRC and to follow 
multiple threads on it, and to have a meaninglful structure to the 
discussion, is very difficult IMO.

> 	Julf
> 
> 

	You're eqipped with a hundred billion nueron brain, that's
	wired and fired, and it's a reality generating device, but
	you've got too do it.  Free youself  ----Tim Leary----







From cknight at crl.com  Sun Feb 27 11:15:39 1994
From: cknight at crl.com (Chris Knight)
Date: Sun, 27 Feb 94 11:15:39 PST
Subject: Infomercials, FUD... time?
In-Reply-To: <khQ6UWm00iUzM0mHgH@andrew.cmu.edu>
Message-ID: <Pine.3.87.9402271043.A25823-0100000@crl.crl.com>




On Sun, 27 Feb 1994, Anthony D Ortenzi wrote:

He may have lost some status on the NAFTA deal, but I just read an ad in 
the Bay Guardian where someone, presumable his almost religeous campaign 
supporters, set up a 900 number you can call to say that you'll vote for 
Perot in '96.  

Apparently he's still working on it, and it may be possible channel 
something through his campaign support headquarters.

But frankly, I'll vote for you as Prez if you can get Perot to vocalize 
his true stand/plans about the subject.  All I've ever heard from his 
boils down to "If I was in control...  You media people confuse the 
issues with your questions...  Put me in control..."

-ck

> Excerpts from internet.cypherpunks: 24-Feb-94 Re: Infomercials, FUD...
> time? by Timothy C. May at netcom.co 
> > However, a few minor problems with the infomercial idea:
> >  
> > 1. The incredible cost. Ross Perot could afford to blow $5 million per
> > show, not many others can.
> 
> Anyone know where ol' Ross stands on this issue?  He could communicate
> the dangers to a large sector of the population... if he believes in our
> cause.  It's hard to imagine him not, being a little on the paranoid
> side about the Republicans tapping his communications, and all that
> jazz... and he's got to have an internet e-mail address somewhere,
> although it is probably under a pseudonym or something to keep him from
> being inundated by the masses.  Someone who uses whois with Perot finds
> lots of Perot Computer Systems or whatever the damn name of the company
> is.  It can't be that hard to get in touch with him via e-mail.  
> 
> Someone has got to be able to get through to him to check.
> 
> Even though he is now not as highly regarded because of the NAFTA
> fiasco, he's still got some pull.  Go to it, 'punks...
> 
> 
> ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
> ()/----------------------------------------------------------------------\()
> ()| Anthony Dante Ortenzi  ()  ao27 at andrew.cmu.edu  ()  feynman+ at cmu.edu |()
> ()| -------------------------------------------------------------------- |()
> ()|    adortenz at suvm.acs.syr.edu     ()       ortenzi at chaos.bsu.edu      |()
> ()\----------------------------------------------------------------------/()
> ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
> 






From jef at ee.lbl.gov  Sun Feb 27 11:16:12 1994
From: jef at ee.lbl.gov (Jef Poskanzer)
Date: Sun, 27 Feb 94 11:16:12 PST
Subject: standard for stegonography?
Message-ID: <9402271916.AA06127@hot.ee.lbl.gov>


Is there a standard for stego yet?  I just added stego and de-stego
filters to my pbmplus image toolkit, using a simple protocol I made
up on the spot.  Now I'm wondering if I should make them compatible
with existing stego tools.
---
Jef





From mg5n+ at andrew.cmu.edu  Sun Feb 27 11:20:30 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 27 Feb 94 11:20:30 PST
Subject: Security of andrew.cmu.edu anon-server?
In-Reply-To: <199402270043.QAA29512@jobe.shell.portal.com>
Message-ID: <whQAfJC00awNAXsUpX@andrew.cmu.edu>


Anonymous asked:

> What kind of encryption is the anonymous contact system at andrew
> using?  I think someone said that it used a home-brew cipher.  How
> secure might such a system be against cryptanalysis (or just brute
> force key searches?)  Or has it been changed to use something like
> DES or IDEA?  (In the former case, DES, it might not be completely
> secure, unless you used 3DES or something.)   If someone could
> break the code, they could find out _EVERYONE'S_ mail address
> that ever posted using an anon address from that remailer...

I assume from this statement that you haven't looked at my code.  Send
me email and I'll give you a copy...  or maybe someone that I gave it to
could put it up on an FTP site, so you can get it anonymously.

Yes, the cipher is of my own design.  First off, I can assure you that a
brute-force keysearch will not work.  The cipher employs three 36
element substitution arrays, which gives a total of 3x36! possible keys,
or over 10^42.  DES has about 7.2 x 10^16 possible keys and IDEA about
10^38.

It might be possible to mount some sort of cryptanalysis attack on the
cipher.  In my design I tried quite hard to eliminate all such
possibilities.  But, first, let me explain how the encryption works.

The plaintext is converted to an ascii representation using only the
letters a thru z and the numbers 0 to 9.  (Until the actual cyphertext
output, this is represented internally using the numbers 0 thru 35.) 
Random padding is then added, preceeded by a legnth byte to tell the
decryptor how much padding to remove.  I currently have it set to use 3
to 5 bytes of random padding, although I could change this at any time. 
(If you request multiple addresses, they will be of different legnths.) 
This is then encrypted.  The cipher consists of 6 rounds of encryption.

In each encryption round, two of the three substitution tables are used.
 Each round uses a different combination of substitution tables.  The
encryption begins at the start of the data, reading in each byte (which
only takes on the values from 0 to 35), adding to it the previous
encrypted byte, modulo 36, and encrypting it with the first substitution
array.  In this way, feedback from the cipher is used to increase the
entropy of the output.  Since each byte is a function of the previous
byte, which is a function of the byte before it, each byte is indirectly
a function of all previous bytes.  Since the first byte has no previous
byte, it is encrypted using only the substitution array.  To eliminate
that weak point, the resulting output is encrypted again, using the
second substitution array, in reverse; that is, starting at the end and
going to the beginning.  In this way, every complete round encrypts each
byte such that it is directly a function of at least one other byte, and
indirectly a function of the entire string.

Altering one byte of the input of a single round causes the entire
output to change.  However, altering two bytes will only change most of
the output to one of 36 possibilities, since only one byte of data is
used for the cipher feedback.  This is the reason that multiple rounds
are used.  Since there are 6 rounds used, but at most 5 bytes of random
padding, the six rounds are sufficient to completely distribute the
randomness of the padding throughout the entire string.  This eliminates
the possibility that an attacker might gain some information about the
cipher by finding matching portions of different encrypted strings which
had different random padding.

One possible technique for shortening a keysearch might be possible if a
particular encrypted string was not a function of every byte of the key
(substitution arrays).  In such an attack, the cracker would only need
to guess certain relevant elements of your substitution array.  This
would save them from having to attempt all possible keys.  However, this
attack is not feasible because of the large number of encryption
operations used.  For each byte, there are 12 substitution operations
performed, four on each substitution array.  With a 30 character string
(most are around 30 or 40, some are longer) that adds up to 360
substitutions.  The probability that any given element will not be
chosen in a particular substitution, is 35/36, or 97.2%.  This means
that with 360 substitutions, the probablity that any particular element
won't be chosen is (.972)^360=.000039  The possibility that one of the
array elements would not be chosen is 108 times that amount (since there
are 108 array elements), or 0.42%  Not a statistically significant
amount, considering that if your attacker had a plaintext in that .42%,
it would only require him not to have to guess one element of the
substitution array - but the last element of a substitution is always
obvious anyway - it's the only remaining element that was not yet used! 
So this doesn't help the attacker at all.  The only thing that would
help the attacker is if there were two unused elements in the same
substitution array, in which case, he would only have to try half as
many keys.  The chances of that happening, however, are one-third of
.42% of .42%.  So .0006% of the time the key search can be reduced from
10^42 to 5x10^41.  I'm certainly not losing any sleep over that
possibility.
Things are a bit easier with shorter strings.  For example, with a 20
character string, the possibility that two elements in the same array
would not be used is increased to .52%.  That's still not statistically
significant tho.  In order to gain any real advantage from this (greater
than 50% chance that you could reduce your keysearch), you'd have to
have a string of less than 15 characters or so.  However - the shortest
possible email address (such as y at z.com) would take 10 characters after
being converted to ascii format, plus the minimum of three bytes of
random padding, the legnth byte, and two checksum bytes, which comes out
to an absolute minimum of 16 ascii bytes.  So I really don't see how
someone could gain any significant advantage here.

One final possibility is that if an attacker could guess the
substitutions for the first 5 rounds, and the first half of the sixth
round, the substitutions in the final encryption pass in the last round
could be solved for.  This doesn't seem to be much of a problem,
however, since reducing the keysearch to a cipher with eleven encryption
passes instead of twelve doesn't reduce the complexity by any
significant amount.

To further frustrate cryptanalysis, after the third, fourth, and fifth
rounds, a transpositional encryption operation is performed.  The
checksum bytes are inserted following the first and second rounds.  In
this way, the checksum is hidden in the encrypted data and is not
obvious to the attacker.

I'd be very interested to hear from anyone who believes they have a
serious cryptanalysis method which could possibly reduce the security of
this cypher by a significant amount.

I think the fact that this is run on a multi-user unix system is a far
greater problem than any cryptanalysis effort.  If a hacker could gain
access to the file server here, or got my account password, they could
steal the encryption keys.  There isn't much I can do about that, except
to encourage more people to run this type of system.  In that way,
addresses could be chained thru more than one remailer.  If the security
at one site was compromised, it would not reveal the entire path to the
recipient's address.





From catalyst-remailer at netcom.com  Sun Feb 27 12:01:34 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Sun, 27 Feb 94 12:01:34 PST
Subject: anonymous mail
Message-ID: <199402272002.MAA17115@mail.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

>I assume from this statement that you haven't looked at my code.
>Send me email and I'll give you a copy...  or maybe someone that I
>gave it to could put it up on an FTP site, so you can get it
>anonymously.

Hey Matt, I'd be interested in a copy of your code!

>Yes, the cipher is of my own design.  First off, I can assure you
>that a brute-force keysearch will not work.  The cipher employs three
>36 element substitution arrays, which gives a total of 3x36! possible
>keys, or over 10^42.  DES has about 7.2 x 10^16 possible keys and IDEA
>about 10^38.

Well, you do have to be careful: a large number of keys doesn't mean a
cipher is hard to break, there may be a faster method than brute
force.  For instance, those cryptograms some papers print in the
puzzle section are a simple substition cipher, with 26! keys... yet
they are also pretty much trivially breakable with enough input.

Karl Barrus
<klbarrus at owlnet.rice.edu>

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLXD7gIOA7OpLWtYzAQG6wQP/Qcim32WFYHrjZ53bIHJ2CSjmoRSmh5XI
Gcm9LbvvwPOywAzEzWaTw0g31c6rz9xor/g8EYX25lyMsYSX36LpyrZRO77XeJI4
sEitU9S8Dp0GWIVgXT6a2reLkUwbIuTU5Y4KFpRvbvTKN33GU+GKFgPAxV6/+FLr
d+rC3w2F/ms=
=U9gg
-----END PGP SIGNATURE-----





From CCGARY at MIZZOU1.missouri.edu  Sun Feb 27 12:56:21 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Sun, 27 Feb 94 12:56:21 PST
Subject: Capone's Cojones in loan Zones?
Message-ID: <9402272056.AA10997@toad.com>



Tim May writes:


>Regarding "Nobody"'s forwarding of the FBI's plans to move into
<Russia, this is also similar to the rationale used by the German BND
>(Bundesnachrichtendienst, if I rememer the spelling correctly) to move
>into Eastern Europe in various overt and covert ways.

>Expect Germany and the U.S. to lock horns soon. The real intelligence
>war is just beginning, with Gehlen's boys battling their former
>OSS/CIA cronies for world fascist domination.

>"Nuclear terrorism" is indeed a threat, especially when practiced by
>fascist nations--fill in the blanks with who you think I mean.

>Those who thought "history ended" when the Cold War ended, now face
>the prospects of Goldfingers proliferating. Exciting times indeed.

>Bid deal, a few cities get nuked. The greater danger is that of the
>control freaks like Denning clipping and skipjacking our remaining
>freedoms and ushering in the thousand-year Reich of Kaiser Willy.

Good point & good attitude Tim. While having a few big cities nuked is a
truly horrible thing, its evil is completely dwarfed by the possibility
of a world of billions of people crushed down by a long lived state
using uncountable lies & computer monitoring to maintain control. That
state evil would not have the flashiness & fear of a nuke. Its evil
would be boring. Its horror would be in the hopelessness & lack of
freedom of the people & in their lives being made up of lies. In the
face of that threat, the idea of some ""terrorists"" or ""criminal""
gangs throwing around a few nukes on a wild Saturday night merely gives
one cause for hope. Maybe a nuke would land on an oppressor & free us.

   Incidentally, what is this fear of ""criminals"" & ""terrorists"".
I have never had a ""criminal"" extortionist take 40% of my income
over a long period of time. I have never had a ""terrorist"" draft me
into a war with people I don't know in a foreign country. Also, I don't
know of any ""terrorists"" who occasionally murder millions of people.

   I think we have a problem with words. A ""terrorist"" is a soldier
without a uniform. A soldier who ""failed to dress for success"". A
""criminal"" is a thug without proper papers & badges. WACO & the
Weaver family were lessons for those who could set aside their
prejudices for awhile. I am quite happy to share the internet with
""terrorists"" & ""criminals"" - if it gives me & my friends a chance
for happiness & freedom! Anarchy is simply the absence of a monopoly
on weapons & force. If anarchy gives me a chance for freedom & happiness
I'll take my chances. Death before dishonor? How about an even better
deal - a risk of death before a life of no honor & no hope! This is the
offer of liberty. So, mr or ms State, please don't bother me. I'll take my
chances with a few stray ""criminals"" & ""terrorists"".

>War is Piece. No Gnus is Bad Gnus. Surveillance is Security.

>--Winston May

--
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."





From mg5n+ at andrew.cmu.edu  Sun Feb 27 13:30:56 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 27 Feb 94 13:30:56 PST
Subject: anonymous mail
In-Reply-To: <199402272002.MAA17115@mail.netcom.com>
Message-ID: <MhQF3mK00awVM_vEcT@andrew.cmu.edu>


Karl Barrus wrote:

> Well, you do have to be careful: a large number of keys doesn't
> mean a cipher is hard to break, there may be a faster method
> than brute force.  For instance, those cryptograms some papers
> print in the puzzle section are a simple substition cipher, with
> 26! keys... yet they are also pretty much trivially breakable
> with enough input.

Quite true!  However, as I pointed out, I tried very hard to eliminate
all such possibilities that would allow simplifying the key search
process.  It's also very easy to modify the program to support a larger
key and additional encryption rounds.





From pmetzger at lehman.com  Sun Feb 27 13:48:05 1994
From: pmetzger at lehman.com (Perry E. Metzger)
Date: Sun, 27 Feb 94 13:48:05 PST
Subject: anonymous mail
In-Reply-To: <MhQF3mK00awVM_vEcT@andrew.cmu.edu>
Message-ID: <9402272147.AA05304@andria.lehman.com>



Matthew J Ghio says:
> Karl Barrus wrote:
> 
> > Well, you do have to be careful: a large number of keys doesn't
> > mean a cipher is hard to break, there may be a faster method
> > than brute force.

> Quite true!  However, as I pointed out, I tried very hard to eliminate
> all such possibilities that would allow simplifying the key search
> process.

Matt, pardon my saying this, but you sound rather foolish. Did you,
for instance, deliberately make any attempt to prevent differential
cryptanalysis? linear cryptanalysis? Related key attacks? Can you
define any of these? If the answer to any of these is "no" then you
probably aren't in a position to try to design a cryptosystem.
Frankly, I understand all the attacks and I wouldn't trust anything of
my own design -- maybe after letting Biham have a crack at it for a
couple of months I'd feel that I hadn't done anything obviously wrong
and after a year or two of seeing lots of people try to attack it and
fail I'd consider using it -- if there weren't other systems around
that I was more confident in.

Given how easy it is to code up an IDEA or mixed IDEA/DES multround
beast, I see no real advantage to trying to build my own, and lots of
disadvantages. 

Perry





From jeremy at crl.com  Sun Feb 27 13:58:21 1994
From: jeremy at crl.com (Jeremy Cooper)
Date: Sun, 27 Feb 94 13:58:21 PST
Subject: standard for stegonography?
In-Reply-To: <9402271916.AA06127@hot.ee.lbl.gov>
Message-ID: <Pine.3.87.9402271452.A14528-0100000@crl.crl.com>



> Is there a standard for stego yet?  I just added stego and de-stego
> filters to my pbmplus image toolkit, using a simple protocol I made
> up on the spot.  Now I'm wondering if I should make them compatible
> with existing stego tools.
> ---
> Jef
> 

I think the whole idea behind stego is that it is non-standard.  The way 
in which you setgoize something must be constantly changing, otherwise 
the point of stego (hiding information inside other information) would be 
contradicted.  If there was a standard for hiding something, you would 
always know where to look.
                   _  .  _ ___ _  .  _
===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-===
===-|)||| | |\/\/  mud.crl.com 8888 (_) Virtual Bay Area!                -===







From upham at cs.ubc.ca  Sun Feb 27 14:17:50 1994
From: upham at cs.ubc.ca (Derek Upham)
Date: Sun, 27 Feb 94 14:17:50 PST
Subject: Re standard for stegonography?
Message-ID: <199402272217.AA17024@grolsch.cs.ubc.ca>


> Is there a standard for stego yet?  I just added stego and de-stego
> filters to my pbmplus image toolkit, using a simple protocol I made
> up on the spot.  Now I'm wondering if I should make them compatible
> with existing stego tools.

There appear to be two existing steganography packages for images.
One is "jsteg", a Unix-based system which stores data in JFIF-
compliant JPEG images; it is based on version 4 of the cjpeg/djpeg
package.  The other is "Stego", a Mac-based system which stores data
in Mac PICT files (I think---I don't have a Mac to examine it).

"jsteg" is available in the Cypherpunks FTP archive in the
applications subdirectory as the original jpegsrc package, plus the
patches, plus a README file.  However, you might be better off
tracking down the "Stego" sources since "jsteg" stores its data in a
rather odd way (see the docs for more information).

Derek

Derek Lynn Upham                               University of British Columbia
upham at cs.ubc.ca                                   Computer Science Department
=============================================================================
"Ha!  Your Leaping Tiger Kung Fu is no match for my Frightened Piglet Style!"





From mg5n+ at andrew.cmu.edu  Sun Feb 27 15:13:11 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Sun, 27 Feb 94 15:13:11 PST
Subject: anonymous mail
In-Reply-To: <9402272147.AA05304@andria.lehman.com>
Message-ID: <8hQGW0G00awVA_vG5M@andrew.cmu.edu>


"Perry E. Metzger" <pmetzger at lehman.com> wrote:

> Given how easy it is to code up an IDEA or mixed IDEA/DES
> multround beast, I see no real advantage to trying to build
> my own, and lots of disadvantages. 

The program was designed to accept improvements in the encryption
transparently, so I did plan ahead. :)  I can add encryption algorythms,
and have the software accept addresses of both the old and new ciphers. 
I didn't happen to have any DES/IDEA code handy when I was programming
it, so I just used what I had.  Since several people have expressed
concern about the encryption, I will add another encryption layer
consisting of either DES or IDEA.





From CCGARY at MIZZOU1.missouri.edu  Sun Feb 27 15:23:22 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Sun, 27 Feb 94 15:23:22 PST
Subject: Capone's Cajones
Message-ID: <9402272323.AA12323@toad.com>



2nd edition. In 1st edition I edited badly & confused authors' texts.
This edition will be clearer.
Sorry Tim.

Tim May writes:


>Bid deal, a few cities get nuked. The greater danger is that of the
>control freaks like Denning clipping and skipjacking our remaining
>freedoms and ushering in the thousand-year Reich of Kaiser Willy.

Good point & good attitude Tim! While having a few big cities nuked is a
truly horrible thing, its evil is completely dwarfed by the possibility
of a world of billions of people crushed down by a long lived state
using uncountable lies & computer monitoring to maintain control. That
state evil would not have the flashiness & fear of a nuke. Its evil
would be boring. Its horror would be in the hopelessness & lack of
freedom of the people & in their lives being made up of lies. In the
face of that threat, the idea of some ""terrorists"" or ""criminal""
gangs throwing around a few nukes on a wild Saturday night merely gives
one cause for hope. Maybe a nuke would land on an oppressor & free us.

   Incidentally, what is this fear of ""criminals"" & ""terrorists"".
I have never had a ""criminal"" extortionist take 40% of my income
over a long period of time. I have never had a ""terrorist"" draft me
into a war with people I don't know in a foreign country. Also, I don't
know of any ""terrorists"" who occasionally murder millions of people.

   I think we have a problem with words. A ""terrorist"" is a soldier
without a uniform. A soldier who ""failed to dress for success""*. A
""criminal"" is a thug without proper papers & badges. WACO & the
Weaver family were lessons for those who can set aside their
prejudices for awhile. I am quite happy to share the internet with
""terrorists"" & ""criminals"" - if it gives me & my friends a chance
for happiness & freedom! Anarchy is simply the absence of a monopoly
on weapons & force. If anarchy gives me this chance then I'll take my
chances with anarchy. Death before dishonor? How about an even better
deal - a risk of death before a life of no honor & no hope! This is the
offer of liberty. So, MR or MS State, please don't bother me. I'll take my
chances with a few stray ""criminals"" & ""terrorists"".

                                           Thank You,
                                           Gary Jeffers

* p.s. Bob Black originally said ""terrorists are soldiers who fail to
dress for success.""

                                           PUSH EM BACK! PUSH EM BACK!
                                           WWWAAAAYYYYY BBBAAACCCCCKK!
                                           BBEEEAAATTT STATE!





From kkirksey at world.std.com  Sun Feb 27 16:00:38 1994
From: kkirksey at world.std.com (Ken B Kirksey)
Date: Sun, 27 Feb 94 16:00:38 PST
Subject: Mac encryption
Message-ID: <199402280000.AA18482@world.std.com>



>What is everyones opinion of the best encryption software forthe Mac?
>Frederic Halper

I've been using Kent-Marsh's CryptoMactic since last August and have
been very pleased with it. It supports two proprietary (i.e. useless)
algorithms, LightningCrypt and QuickCrypt, as well as DES, DES-CBC,
and Triple (two key) DES.  It automatically overwrites your plaintext
with a pattern of your choosing.  It's fairly quick, and it does what
it claims.

I do have a couple of minor nit-picks with it, however:

1) No support for IDEA.  They've left the architecture open for additional
   encryption modules, but they've yet to produce the documentation (_Insided
   CryptoMactic) for the programming interface. I talked with one of Kent
   Marsh's people back in August and expressed an interest in writing an
   IDEA module for them, and he thought it was a great IDEA and would get
   me a copy of _Inside Cryptomactic_ when it was ready.  I checked back
   with him last month, and they still don't have _IC_ together yet.

2) The Allow override feature.  One of CryptoMactic's preferences lets 
   you override encryption on any file if you have this feature activated.
   You simply run the CryptoMactic Administrator program from a floppy (you
   shouldn't be dumb enough to install it on your hard disk), enter your
   (entirely optional) password, chose the file you wish to decrypt, and
   click "Override".  If you have the override option on, the security of
   your files is only as good as the physical security of your master floppy,
   especially if you do not choose to password protect the administrator
   app.  How hard is it to crack the password on the administrator app?
   I'm working on it; I'll let you know.... :-)  Until then, I'm leaving this
   option off.

3) The overwrite patterns.  I'd like to see a little more flexibility in user
   defined patterns, akin to what Schneier suggests in _Applied Crypto_.  
   

JMHO, of course,


                 Ken

=============================================================================
Ken Kirksey            kkirksey at world.std.com            Mac Guru & Developer
-----------------------------------------------------------------------------
Harassment is a power issue, and power is neither male nor female.  Whoever
is behind the desk has the opportunity to abuse power, and women will take
advantage as often as men.               - Michael Crichton (in _Disclosure_)





From klbarrus at owlnet.rice.edu  Sun Feb 27 16:52:42 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Sun, 27 Feb 94 16:52:42 PST
Subject: MISC: gopher & anon ftp
Message-ID: <9402280052.AA00725@flammulated.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

About the gopher site:

I'm not sure how "easy" it will be to make the files available via
anonymous ftp as well.  I know Chael is running an anonymous ftp site
on chaos, but I'm not sure where it's directory lives... the gopher
data directory is within my own directory hierarchy.  It may be hard
to overlap the two and preserve the security standards Chael wants to
maintain.  Disk space is tight so just making a duplicate copy is
probably not the way to go ;)

However, I do back up the gopher data every month or so (and so does
Chael!), and since I will be adding 10 or 15 more files over the next
week (from anonymous video rental to magic money) and re-arranging the
ones already there, I'd be willing to mail you or anybody else
uuencoded, gzip'ed tar files.  Since most (all?) files have more than
eight character names, producing MSDOS compatible file names may be a
problem, since there will be some collisions.

And I like gopher!  It's great for just browsing around :)

For a while I was thinking of an "anonymous mail drop-off/pick-up"
where mail sent would be filed in a gopher accessible directory.  So
for example you could reach Pr0duct Cypher, Deadbeat, Wonderer, etc.
by mailing here and waiting for them to read your message via gopher.
Problems concerning disk space and the lifetimes of messages would
need to be addressed, as well as whether or not they would even use
such a system to receive messages.

Karl Barrus
<klbarrus at owlnet.rice.edu>

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLXFAF4OA7OpLWtYzAQE5TwQAgLgoO/XotPD6YXX+Tb4JVQK7NuWoSDx6
1Lsa4Q6fhEkODXd/S6biZ65ZBkQypd25VspWniDwkzaHid6JsSot7Ow3pFemW/sc
snCKi8vN2ZrupXuHDfhqB9yv+nSBhZ7c1/xdAaKjHje3IB3zGqfna1EfEp0lMzzI
xax6Ng3buCU=
=ZKl+
-----END PGP SIGNATURE-----





From smb at research.att.com  Sun Feb 27 17:24:16 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sun, 27 Feb 94 17:24:16 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
Message-ID: <9402280124.AA13270@toad.com>


	 Also, giving classified information to unauthorized people is a major
	 offense.  They threatened me with that offense one time, over texts
	 that I found in a library.  If the keys in the database are
	 classified, they can't give them out to cops.  FOIA requires that they
	 "segregate" any classified part and give me the rest of what's there,
	 so if they claim that "well, one key isn't classified, but ten or a
	 thousand of them are classified", I bet we can (1) get some keys out,
	 (2) challenge this idea in court.  In particular, it should be
	 possible to record the LEAF from a particular chip (whether you own
	 it, or not!) and send it to them in a FOIA request asking for the
	 matching unit key.  They clearly can map a LEAF to a key (they do it
	 for cops), and FOIA only requires that you "reasonably describe" the
	 records you want.  Given their mapping capability, the LEAF is a
	 reasonable description of the record you want.

Good strategy.  I still wonder if the decrypted keys are (all) classified,
while the encrypted ones aren't.  After all, the local cops' magic decoder
boxes can strip off that layer of encryption (as, of course, anyone
who steals one of those boxes or bribes a local cop).

Anyway, I hope the idea works, or at least drives them a bit crazy...





From tcmay at netcom.com  Sun Feb 27 17:30:37 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 27 Feb 94 17:30:37 PST
Subject: standard for stegonography?
In-Reply-To: <Pine.3.87.9402271452.A14528-0100000@crl.crl.com>
Message-ID: <199402280131.RAA26338@netcom9.netcom.com>


Jeremy Cooper writes:

> I think the whole idea behind stego is that it is non-standard.  The way 
> in which you setgoize something must be constantly changing, otherwise 
> the point of stego (hiding information inside other information) would be 
> contradicted.  If there was a standard for hiding something, you would 
> always know where to look.

Not necessarily. Recall that one of the main stegonagraphic approaches
is to place signal bits in the "noise" bits of digitized audio
samples, digitized camera images, etc. Provided the bits "look like"
noise bits (lots of interesting issues here, which we've discussed
many times on this list), then the placement can be 'standardized" so
long as the key (of whatever type) is kept secret.

I agree that changing the placement/format of stego signals adds to
the security by a slight amount, via the usual "security through
obscurity," but the the type of stego we believe is quite feasible
with modern DATs, CDs, GIF images, etc., allows the signal bits to be
"hidden in plain sight."

I'm sure this is the "standard" being talked about. (BTW, I agree that
including trivially-readable messages like "***Begin Stego Block
Now*** is a dumb idea....with reasonable standards for block size,
e.g., the signal bits are the LSBs of the largest sub-block that's an
even power of 1, no such headers are needed.)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Sun Feb 27 18:00:33 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 27 Feb 94 18:00:33 PST
Subject: standard for stegonography?
In-Reply-To: <199402280131.RAA26338@netcom9.netcom.com>
Message-ID: <199402280201.SAA29516@netcom9.netcom.com>


Jeff Poskanzer caught the typo in my post:

> I'm sure this is the "standard" being talked about. (BTW, I agree that
> including trivially-readable messages like "***Begin Stego Block
> Now*** is a dumb idea....with reasonable standards for block size,
> e.g., the signal bits are the LSBs of the largest sub-block that's an
> even power of 1, no such headers are needed.)
               ^^^

Obviously I meant even power of 2. 

While I'm at it, I'll elaborate for a bit.

If an image file or audio sample file of, say, 12319 bytes is
received, one might "standardize" (voluntarily, of course) on the
first 8192 bytes as representing the place to look for the LSB
message.

Alternatively, *all* of the LSB bits could be looked at, with messages
just padded-out with random bits to fill out the full amount. 

Lots of options for standards. As others have noted, you just don't
want to have to flag what standard you're using in the message itself
(in plaintext, else why bother?) as that means the stego use is not
longer plausibly deniable.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jef at ee.lbl.gov  Sun Feb 27 18:05:29 1994
From: jef at ee.lbl.gov (Jef Poskanzer)
Date: Sun, 27 Feb 94 18:05:29 PST
Subject: standard for stegonography?
Message-ID: <9402280205.AA06567@hot.ee.lbl.gov>


On reflection, it seems that some users will want an interoperable
standard, and other users will want complete stealth.  So what I'll
do is add a bunch of switches to pnmstego and pnmdestego, so that
the user can specify all sorts of different formats.  Letting the
switches default will get you a simple interoperable mode, so you
can send stuff to people without prior arrangement or put stuff on
an ftp server; but an attacker will be able to extract the bits and
try to decrypt them.  Specifying things like offsets and bit-usage
schedules will mean that the attacker won't even be able to extract
the bits; but the settings you use will be equivalent to that much
more key material that you have to communicate or remember.
---
Jef





From MJMISKI at macc.wisc.edu  Sun Feb 27 18:29:12 1994
From: MJMISKI at macc.wisc.edu (Matthew J Miszewski)
Date: Sun, 27 Feb 94 18:29:12 PST
Subject: Newton Crypto?
Message-ID: <24022720275485@vms2.macc.wisc.edu>


Does anyone know of any packages available for/on the Newton or any
other personal managers?  Last I heard, even the password was in plaintext.
 
--Matt
______________________________________________________________________________
In defense of liberty, encrypt for all purposes, civil and professional.
In defense of privacy, encrypt all correspondence, personal and professional.
In defense of sanity, do not encrypt your dry cleaning invoice!
 
       ++++++++--------mjmiski at macc.wisc.edu                          (c)1993





From sergey at delbruck.pharm.sunysb.edu  Sun Feb 27 18:43:42 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Sun, 27 Feb 94 18:43:42 PST
Subject: standard for stegonography?
In-Reply-To: <9402280205.AA06567@hot.ee.lbl.gov>
Message-ID: <Pine.3.89.9402272112.A8495-0100000@delbruck.pharm.sunysb.edu>




On Sun, 27 Feb 1994, Jef Poskanzer wrote:

> On reflection, it seems that some users will want an interoperable
> standard, and other users will want complete stealth.  So what I'll
> do is add a bunch of switches to pnmstego and pnmdestego, so that
> the user can specify all sorts of different formats.  Letting the
> switches default will get you a simple interoperable mode, so you
> can send stuff to people without prior arrangement or put stuff on
> an ftp server; but an attacker will be able to extract the bits and
> try to decrypt them.  Specifying things like offsets and bit-usage
> schedules will mean that the attacker won't even be able to extract
> the bits; but the settings you use will be equivalent to that much
> more key material that you have to communicate or remember.
> ---
> Jef
> 

What about this as a standard?:

Have the offset default to the checksum-value of the reciever's public key!  
The sending program could have the user specify the reciever, look his key
up in the public-keyring and offset the message accordingly.  While, the 
recieving program would automatically scan the file starting at the 
appropriate offset based on the same public key checksum-value.

No secure channels would be necessary for dissemating offset values.  
And, one's opponents wouldn't know where to look unless they knew:

  1 - That there may be a message hidden in the file.
  2 - That it is hidden with this particular stego standard in mind.
  3 - The reciever's public key.

Adopting this as a standard would, in my oppinion, offer a great advantage
over simply using a constant offset.

Of course, as it has been pointed out, there should always be the option
of providing a custom (non-standard) offset in the intrest of greater 
security.


                        All feedback welcome,

                               Sergey


PS:  This could also be implemented using any combination of the 
     checksum-value(s) of the sender's and/or the reciever's 
     public/private keys.  However, this will have very different
     implications from the suggested method.






From phantom at u.washington.edu  Sun Feb 27 19:12:45 1994
From: phantom at u.washington.edu (Matt Thomlinson)
Date: Sun, 27 Feb 94 19:12:45 PST
Subject: standard for stegonography?
Message-ID: <Pine.3.89.9402271938.A803-0100000@stein2.u.washington.edu>



Sergey Sez:
> Have the offset default to the checksum-value of the reciever's public key!  
> The sending program could have the user specify the reciever, look his key
> up in the public-keyring and offset the message accordingly.  While, the 
> recieving program would automatically scan the file starting at the 
> appropriate offset based on the same public key checksum-value.

While Tim May Sez:

> Lots of options for standards. As others have noted, you just don't
> want to have to flag what standard you're using in the message itself
> (in plaintext, else why bother?) as that means the stego use is not
> longer plausibly deniable.


I think these two have a lot to do with each other. Sergeys' suggestion 
would definitely make it a tougher to pick out a starting place to 
search for hidden text. However, the message (if it is ever found in the 
file) points to the intended recipient. This defeats the purpose of 
"stealth pgp", (which would probably be used in this case to strip off 
telltale headers and such). 

If you weren't worried about this type of deniability, though, I don't 
see a problem with it.

mt

Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu







From geoffw at nexsys.net  Sun Feb 27 19:14:34 1994
From: geoffw at nexsys.net (Geoff White)
Date: Sun, 27 Feb 94 19:14:34 PST
Subject: Anonymous Credit Cards
Message-ID: <199402280313.TAA16719@nexsys.nexsys.net>


Anybody know anything about this?...



----- Begin Included Message -----

Path: internex.net!thumper.bellcore.com!owner-imp-interest
From: dmk at allegra.att.com (Dave Kristol)
Newsgroups: mlist.imp-interest
Subject: Anonymous Credit Card on the Internet
Date: 24 Feb 1994 14:57:19 -0800
Organization: InterNex Information Services, Inc.
Lines: 71
Sender: daemon at internex.net
Message-ID: <199402242247.RAA25510 at thumper.bellcore.com>
NNTP-Posting-Host: gaia.internex.net

The anonymous credit card (ACC) protocol (paper available at
research.att.com/dist/anoncc/anoncc.ps.Z and collude.ps.Z) is meant to
be used the way a conventional credit card is - at the Point-of-Sale.
(Awhile back) Gingery correctly pointed out that it can be extended to
make an anonymous mercantile protocol on the Internet.

We have made such an extension that can be used on the Internet to
perform two functions: anonymous funds transfer from a customer to a
seller, and anonymous delivery in the reversed direction.   The
delivery can be made either over the Internet, e.g. files, or
otherwise, e.g. books, CDs.

The following gives an overview of the protocol; a more detailed
description of the protocol, including motivations for anonymity, can
be found in a working paper available at
	research.att.com:/dist/anoncc/accinet.ps.Z.

Overview of Protocol
---------------------

A customer can purchase multiple files in a single session.  How the
customer chooses files of interest is outside the scope of our
protocol.  A session proceeds in three phases.   In phase 1, a customer
transfers funds anonymously from his/her bank account to the seller's
bank account.  The customer obtains a receipt from the seller's bank
certifying the deposit, which he/she presents to the seller to open a
session account at the seller.

In phase 2, the customer makes possibly multiple requests of files from
the seller.   The seller deducts the purchase prices from the session
account and delivers the files without knowing the identity or address
of the customer.

Phase 3 is entered when the customer finishes all desired purchases (or
when the session account runs out of money). Any balance in the session
account is refunded anonymously to the customer's account.

Information separation and cryptographic techniques are applied to hide
from each party the information the party does not need to perform its
function.  After a protocol session,
1) the customer's bank only knows that money has been withdrawn from
   (and deposited to) the customer's account, but knows neither the
   purpose nor the source (and destination) of the transfer(s);
2) the situation at the seller's bank is similar;
3) the seller only knows that it is paid for the purchase of certain
   files, but not the identity or the address of the customer.



Differences from Gingery's Scheme
---------------------------------

Although Gingery's scheme and ours have much in common, there are also
several differences between them.  For instance, in Gingery's scheme,
the customer communicates directly with the seller, whereas in ours,
they can communicate through an intermediary that hides one's identity
from the other if the customer desires a higher degree of anonymity.
In our scheme, the customer initiates a funds transfer by sending a
message directly to his/her own bank;  in Gingery's, the request (in
encryption) is instead passed to the seller, and then forwarded to the
seller's bank, and finally forwarded to the customer's bank.   Hence,
our scheme requires less communication (and the communication can be
further reduced if anonymity requirement is relaxed to the same degree
as in Gingery's scheme).  Finally, unlike Gingery's scheme, the seller
is provided with a key and an encrypted address by the customer so that
the seller can encrypt and deliver the purchased files without knowing
who the customer is.   The encryption not only guarantees secrecy to
the customer, but also protects the seller's interest since otherwise
any eavesdropper can obtain the information for free.

Dave Kristol


----- End Included Message -----






From nobody at jarthur.claremont.edu  Sun Feb 27 19:15:41 1994
From: nobody at jarthur.claremont.edu (nobody at jarthur.claremont.edu)
Date: Sun, 27 Feb 94 19:15:41 PST
Subject: No Subject
Message-ID: <9402280315.AA14785@toad.com>


 A continual subject of debate has been the privacy of swiss accounts...
and lichenstein and luxemborg banks...
according to a recent text I read on the subject
the hot way to conduct banking in privacy by mail is to
a. use a canadian PO Box to avoid US mail covers on swiss postmarked 
incoming mail...
b. if the money is derived honestly(i.e. legitamate but underground businesses
simply underground for tax-avoidance) and NOT drug dealing derived
or from an offence that is also an offense in Switzerland, then
all privacy laws on swiss banks apply...tax avoidance is 
specifically excluded as an area where US. TLA can obtain cooperation
of swiss authorities.
c. Swiss Banks issue credit cards on accounts... :)
d. further privacy is derived via a trust or corporation in
Lichenstein and transferring the mony to said trust or corp from
a swiss bank...
e. A list of Swiss Banks to start with:

Union Bank of Switzerland
Bahnhofstrasse 45
8021 Zurich, Switzerland
Telephone: 29-4411

Swiss Bank Corporation
Aeschenborstadt 1
4002 Basel, Switzerland
Telephone: 23-2323

Swiss Credit Bank
Paradeplatez 8
8021 Zurich, Switzerland
Telephone: 29-2811

Foreign Commerce BAnk
Dept 284
Bellariastrasse 82
8022 Zurich, Switzerland
Telephone: (01) 45.66.88

Foreign Commerce BAnk
Dept 42
3 Rue de Marche
CH-1211
Geneva 3 Rive, Switzerland
Telephone: (01) 21.42.33

Bank Indiana Suisse
Attn: F.C. Mishari
50 Ave. de La Gare
1001 Lausanne, Switzerland
Telephone: 20.47.41

Bank Leu
Postfach
8022 Zurich, Switzerland

Cambio & Valorenbank
Postfach 535
8021 Zurich, Switzerland

Ueberseebank, A. G.
Limmatquai 2
8024 Zurich, Switzerland

f: All of the above was derived via
"Personal Privacy through Foreign Investing..."

and "How to determine Undisclosed Fianacial Interests"
"a Manual for financial investigators..
both by loompanics press....



I am checking the above banks to see if ANY are internet connected and
would be willing to receive orders via signed PGP messages
If the above is positive I will get back to the group

     anon





From blancw at microsoft.com  Sun Feb 27 20:23:41 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sun, 27 Feb 94 20:23:41 PST
Subject: Civil Rights
Message-ID: <9402280424.AA22224@netmail2.microsoft.com>


As I read the contribution from Jim Choate on the subject of "rights", 
I had some further thoughts & comments on the subject.  Please delete 
if you don't care;  it doesn't address cryptology directly, but some of 
you *are* interested, and if you have further comments please just send 
to me and copy only those others who also have expressed interest.      
     ~ Blanc
----------
>From Jim choate:

Seems to me that a 'right' as is being discussed should be 'Civil Right'.
When used in this context I believe a suitable definition would be the
following:

Civil Right

A characteristic granted to a citizen of a country which is beyond the normal
law making ability of that countries governing body. In effect it grants a
citizen the ability to make decisions and act on them without regulation or
permission being required by the government. It in effect says that there are
certain facets of an individual which are outside the normal operations of a
government and can not be regulated or otherwise controlled through
legistlative means.
........................................................................
It is true that the term a "right" can mean different things, depending 
on how one is considering the word & its meaning; in terms of a 
governed society, the meaning should be considered within the context 
of action as limited by agreement/consent, as something that involves 
the group's assessment of what is to be allowed (or not) within the 
organization; what permission will be granted and by whom, for what 
purpose, considering the consequences to all involved.

The ability to determine what shall be considered a "right" depends 
upon the knowledge and intelligence of those who can make such 
decisions, who can achieve a comprehensive view of the situation and 
put individual action into perspective within this sweeping view.  
Given such a requirement, I would question the order of things, in 
concluding what the proper source is for the establishment of what 
these right should be, and give serious examination to the 
interpretation of what the actual nature of our circumstance is, 
(within the context of a society "under" government, but with liberty & 
justice for all, etc.).

It is a bit difficult to make a succinct sentence which comprises all 
of my thoughts into a few sentences, I hope the above is not too 
difficult to understand.   Not to make an example of Jim's 
contribution, but it just so happened that going through the sentences 
in the paragraph offered by him, I found concepts which I see as 
sources ripe for confusion & contention:

A characteristic granted.......
	.  So, the origin of this 'right' is from the decision-making of those 
elected to
	   make considerations of this kind, which no one else is permitted to make.
	   And I wonder:  what qualifies them for this, the exclusive right to 
determine
	   what it is all right to do within the context of a governed body of people,
	   to be the ones who "grant" permissions to move, to do, to act.

	   i.e., the source of an allowance to movement comes not from the ability
	   to think correctly about it, to make valid judgements, but only from a
	   permission *granted* to one by another.

	   This immediately puts an individual's own thinking in danger; there 
is created
	   the possibility of having one's own decisions categorized as without merit
	   because they do not serve the purposes of the government, or because
	   they do not serve the purpose of the governed society (the significance
	   of which is seen as more important than that of being an individual of
	   a singular character - compared to, say, an amoeba which absorbs all,
	   as societies often begin to imagine themselves to be and presume
	   themselves to have the right to demand utter mindless conformity
	   on account of their numerous fears of what wanton individuals might do).

	   It is unreal, that the determination for what is a 'right' is 
thought to come
	   not from the ability to think successfully about life, liberty & 
the pursuit of
	   happiness, but from the position one has been awarded over other 
citizens.
	  This is like the right to a position over their minds, as well.
	   And the ability to think and to serve the purposes of one's own 
interest are
	   seen, then, as a crime, unless first submitted to the State for review and
	   authorization as politically acceptable and therefore allowable.

...it grants a citizen the ability to make decisions and act on them 
without regulation or
permission being required by the government......
	.  who are all honorable men..... :>)  who recognize the merit of being
	   an individual, not simply a "member" or society; i.e., not a
	   lesser being, a minor "element" of the greater good, the Great Society,
	   but, au contraire, who is expected to engage (to the max) in the pursuits
	   explicity named in the Constitution (or was it the Declaration of Intent,
	   Know What I Mean, George).

...there are certain facets of an individual which are outside the 
normal operations of a
government . . . . .
	.  As an exception to the rule? where most of the facets of being an 
individual are
	  *within* the "normal" operations of a government?  This concept does not
	  represent they way that I think of the activities or the boundaries 
of my life,
	  nor what I would wish to impose on others (or no one that I could admire).
	  I'm sure government employees would agree with this, where I would not.

	   It really is necessary to consider what is "normal" for a human 
being first, rather
	   than what is normal for a government.  First there must be someone to be
	   governed......and a satisfactory reason why they should be governed.

...certain facets of an individual... cannot be regulated or otherwise 
controlled through
legistlative means . . .
	.  So there are a "few" things to be acknowledged, after all, as 
existing outside the
	   atmosphere of governmental control.

	   You know, "legislative means" are only the precursors to action; 
legislation only
	   arranges verbally the threat of what will later be done physically 
to someone if
	   they do not comply.  This statement implies that one is only free 
secondarily,
	   but primarily exists within an environment of control (external to 
one's own).
	   I don't think it was intended that citizens of the US think of 
themselves as
	   regulated first and freemen second.  I don't think this is the 
correct way to
	   think about life per se, or about "rights" within the context of an 
organization.

	   Furthermore, the truth of the matter is that legislation alone does 
not control my
	   (or anyone's) actions from some power of its own, and it alone does not
	   automatically convince me of what I ought or ought not do, simply 
because it has
	   been written, and voted agreeably upon, by members of an electorate.
	   They could all be wrong.

	   The control which exists as brought about by legislative means is only the
	   effect upon the mind of those who will fear the consequences, delivered
	   by "enforcement personnel" armed with weapons of subjugation.  And as
	   we all know, legislators themselves have ways of getting around 
this fear and
	   its expected consequences.

	   But this does not necessarily do any justice to reality, the 
cause/effect that we live
	   with in the 'real world', which it is our responsibility to come to 
terms with if we want to
	   live and have a quality existence.   And this is what is left out 
of legislation: that we
	   have to come to terms with it (reality) independently, not only in 
association with each
	   other, and that we have to do this first in regard to our own 
lives, before we worry
	   about those of others.  The direction of the concept of a 'right' 
is set towards group
	   thinking (the collective), whereas the Constitution would set it in 
the other direction.

Gosh, I'm so glad everyone on this list is crypto-anarchist and can 
appreciate the fine details of anti-government analyses.        ~   finis   ~







From cvoid at netcom.com  Sun Feb 27 20:25:27 1994
From: cvoid at netcom.com (Christian Void)
Date: Sun, 27 Feb 94 20:25:27 PST
Subject: T-shirt update...
Message-ID: <Pine.3.85.9402272053.A26722-0100000@netcom>


We are slightly behind schedule... I've been swamped by work and 
everything else. The shirts will be screened starting this week, and 
should be done by next week. I'll keep everyone updated.

Thanks to everyone who ordered. This project has been a lot of fun to put 
together, and despite the few mishaps, has gone almost flawlessly (aside 
from being behind schedule!). 


Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc.
cvoid at netcom.com    | ever had anything to do with it." | P.O. Box 170213
Tel. 1+415-998-0774 |  -Erwin Schrodinger  (1887-1961)  | SF, CA  94117-0213
                * PGP v2.3a Public Key Available Via Finger *







From sergey at delbruck.pharm.sunysb.edu  Sun Feb 27 20:34:58 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Sun, 27 Feb 94 20:34:58 PST
Subject: standard for stegonography?
In-Reply-To: <Pine.3.89.9402271938.A803-0100000@stein2.u.washington.edu>
Message-ID: <Pine.3.89.9402272347.A8795-0100000@delbruck.pharm.sunysb.edu>




On Sun, 27 Feb 1994, Matt Thomlinson wrote:
 
> I think these two have a lot to do with each other. Sergeys' suggestion 
> would definitely make it a tougher to pick out a starting place to 
> search for hidden text. However, the message (if it is ever found in the 
> file) points to the intended recipient. This defeats the purpose of 
> "stealth pgp", (which would probably be used in this case to strip off 
> telltale headers and such). 
> 

The hidden message need may be a stripped PGP encrypted file.  It need not
specify who its addressed to!  The intended recipient will be able to 
retrieve the file regardless.  His program should automatically revive 
the file starting from _his_ public-key checksum-value offset (which both 
the sender and the reciever already know, without the need for any 
telltale headers in the file).  Even if the opponent tries all possible 
offsets and filelengths he/she will always get noise, never anything 
pointing to the reciever.

> If you weren't worried about this type of deniability, though, I don't 
> see a problem with it.
> 

It wasn't me!  ;)

> mt
> 
> Matt Thomlinson                               Say no to the Wiretap Chip!
> University of Washington, Seattle, Washington.
> Internet: phantom at u.washington.edu      	    phone: (206) 548-9804
> PGP 2.2  key available via email or finger phantom at hardy.u.washington.edu
> 


Sergey







From wcs at anchor.ho.att.com  Sun Feb 27 20:39:36 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 27 Feb 94 20:39:36 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
Message-ID: <9402280438.AA25081@anchor.ho.att.com>


Steve Bellovin writes:
> Good strategy.  I still wonder if the decrypted keys are (all) classified,
> while the encrypted ones aren't.  After all, the local cops' magic decoder
> boxes can strip off that layer of encryption (as, of course, anyone
> who steals one of those boxes or bribes a local cop).

I'm puzzled by the applicability of "classification" here.
The NSA can classify stuff, since they're part of the military,
and a few other government agencies can (State Dept., I think?),
but are NIST and Treasury able to do so?  (Assuming, of course,  that we
maintain the charade that the NIST and NSA are separate for crypto purposes.)
I don't think they can, and if they could, they wouldn't be able to give
any of the classified stuff to regular local cops.
If things become classified by the NSA handling them at key-setting time,
then they can't give them to the so-called escrow agencies,
or if they do, those agencies can't give them to uncleared people.

Perhaps the NSA's secret backdoor mechanisms in the key-setting process
are classified, since the nation would feel very insecure if they knew
about them, but that's a separate issue.

Keys for batches of chips the NSA burns for use by Defense Department users
are a different story, and probably have a different Family Key
than civilian-wiretapping keys, but they're probably handled under
entirely different rules anyway.

> Anyway, I hope the idea works, or at least drives them a bit crazy...


		Bill





From wcs at anchor.ho.att.com  Sun Feb 27 21:02:53 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 27 Feb 94 21:02:53 PST
Subject: standard for steganography?
Message-ID: <9402280502.AA25665@anchor.ho.att.com>


Doing a pnmstego isn't quite the right approach, since it's a special-purpose
tool that advertises its presence.  A more appropriate general-use tool would
be something like pnmbitplane, which would let you do something like
extract a specific bitplane from a ppm or pgm as a pbm, and a reverse
tool which would let you substitute or xor a pbm into a pgm or ppm,
with appropriate options for the ppm versions that let you do one color,
all three, etc., and for both ppm and pgm to let you pick which bitplane.
You'd also have to add something appropriate for padding, like a
random-fill vs. 0- or 1-fill option, or else provide a tool that
makes a string of bytes into a bitmap shaped like a given pnm.

Some advantages - it's more general, there are other uses for it
(such as adding titles to ppm pictures), it's not much more work to write,
and only the NSA agents reading cypherpunks will know that's why it's there :-).
A disadvantage, of course, is that potential users may not guess,
unless people tell them things like "Oh, yeah, you could use ppmbitplane
to do that, of course".  This also lets you reserve the name ppmstego
for translating between ppm and Stego Mac format.

			Bill
			
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465





From sergey at delbruck.pharm.sunysb.edu  Sun Feb 27 21:39:16 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Sun, 27 Feb 94 21:39:16 PST
Subject: standard for steganography?
In-Reply-To: <9402280502.AA25665@anchor.ho.att.com>
Message-ID: <Pine.3.89.9402280036.B8795-0100000@delbruck.pharm.sunysb.edu>




On Mon, 28 Feb 1994 wcs at anchor.ho.att.com wrote:

> You'd also have to add something appropriate for padding, like a
> random-fill vs. 0- or 1-fill option, or else provide a tool that
> makes a string of bytes into a bitmap shaped like a given pnm.

This tool would be as much an obvious sign as would the aforementioned 
program.

> 
> 			Bill
> 			
> # Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
> # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
> # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
> # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465
> 


Sergey







From mgream at acacia.itd.uts.edu.au  Sun Feb 27 21:48:57 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Sun, 27 Feb 94 21:48:57 PST
Subject: standard for stegonography?
In-Reply-To: <199402280131.RAA26338@netcom9.netcom.com>
Message-ID: <9402280550.AA18415@acacia.itd.uts.EDU.AU>


Earlier, Timothy C. May wrote:

> I'm sure this is the "standard" being talked about. (BTW, I agree that
> including trivially-readable messages like "***Begin Stego Block
> Now*** is a dumb idea....with reasonable standards for block size,
> e.g., the signal bits are the LSBs of the largest sub-block that's an
> even power of 1, no such headers are needed.)

How about something like small random pad, maybe one octet, then a
signature (such as "***Begin ...") with this header information being
encrypted via IDEA CFB. You could also include a more structured header
after this, ie. an ID for the software that created it, so the correct
demodulation technique can be applied, or at least warned about if not
available.

With this type of method, unless you can pre-supply the key, the stego
header should look like noise.

Matthew.
-- 
Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
PGPMail and brown paperbags accepted. - Non Servatum -
  ''weirdo's make the world go around'' - A.Watts





From sergey at delbruck.pharm.sunysb.edu  Sun Feb 27 22:11:45 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Sun, 27 Feb 94 22:11:45 PST
Subject: standard for stegonography?
In-Reply-To: <9402280550.AA18415@acacia.itd.uts.EDU.AU>
Message-ID: <Pine.3.89.9402280104.C8795-0100000@delbruck.pharm.sunysb.edu>




On Mon, 28 Feb 1994, Matthew Gream wrote:

> 
> How about something like small random pad, maybe one octet, then a
> signature (such as "***Begin ...") with this header information being
> encrypted via IDEA CFB. You could also include a more structured header
> after this, ie. an ID for the software that created it, so the correct
> demodulation technique can be applied, or at least warned about if not
> available.
> 
> With this type of method, unless you can pre-supply the key, the stego
> header should look like noise.
> 
> Matthew.
> -- 
> Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
> PGPMail and brown paperbags accepted. - Non Servatum -
>   ''weirdo's make the world go around'' - A.Watts
> 


If you're using one-time pads, why use PGP?  _Public_ Key Cryptography...?



Sergey







From warlord at MIT.EDU  Mon Feb 28 00:54:41 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 28 Feb 94 00:54:41 PST
Subject: MEET: NE Ohio
Message-ID: <9402280854.AA23844@toxicwaste.media.mit.edu>


I'm going to be in Cleveland, March 3-7 this weekend (all day
Friday-Sunday inclusive), so if anyone would like to meet, possibly
echange signatures, or just chat, please send me personal email before
4pm Thursday!

Hope to hear from some of you...

-derek






From mcb at net.bio.net  Mon Feb 28 01:07:19 1994
From: mcb at net.bio.net (Michael C. Berch)
Date: Mon, 28 Feb 94 01:07:19 PST
Subject: Anybody heard of "The SLED"?  (long)
Message-ID: <199402280906.BAA01147@net.bio.net>


On ba.internet I got a pointer to something called "the SLED", a
database of e-mail addresses, and requested the info file,  which is
appended.  While the people offering the system seem to be interested
in privacy, encryption, and PGP key service, there are some strange
thing about it, especially where they require *you* to identify
yourself to *them* when registering your address.   My comments to the
newsgroup appear at the end.

--
Michael C. Berch
mcb at net.bio.net / mcb at postmodern.com

--------------------------------------------------------------

Date: Sun, 27 Feb 1994 18:56:21 -0800
From: Stable Large Email Database <sled at drebes.com>
Message-Id: <199402280256.SAA10575 at drebes.com>
To: mcb at net.bio.net
References: <199402280247.SAA16850 at net.bio.net>
In-Reply-To: <199402280247.SAA16850 at net.bio.net>
Subject: Sled Info

 -----------------------------------
 SLED : Stable Large Email Database
 -----------------------------------

SLED is an attempt to provide a reasonable mechanism to maintain
and search email addresses for individuals and companies that 
make up the on-line community.  SLED is intended for those who 
have one or more mailboxes that are generally checked on a 
daily basis, and are addressable from the internet.

 --- What does it provide? ---

  I.   Timely maintenance of current email address: Over a 
       period of time a person may have many different email 
       addresses, which come and go with the changing of jobs, internet 
       providers, schools, and so on.  Maintenance also means 
       pruning the list for those who no longer interact on-line 
       (and are perhaps dead).

  II.  Realistic search parameters:  Current email databases such
       as whois & netfind provide a search granularity that is 
       useful only if you already know the person's email address.

       The data set is crafted by each individual user.  It can
       contain entries for schools, occupations, research areas,
       nick names, and so on.  See note below on how this data
       is kept private.
 
  III. Protection against the enemy:  SLED is intended to provide 
       a high quality data set which provides flexibility in 
       searching, but yields protection against the enemies of large 
       address books.

       The enemy can be one of the following.
             - Head Hunters/Body shops
             - Anonymous and Fake user accounts
             - Commercial Junk mailers

  IV.  A repository for PGP public keys: SLED provides an alternative
       to the huge, very public "public key" rings on some of the
       foreign key servers. (If you don't know what PGP is, don't
       worry.) 


 --- How? ---

It costs a few $$, and it requires the use of snail mail ( USPS )
at least once.

There are several reasons for charging a small (very small in this case)
fee for this service.

   1. Authoritative ID.  For your data to be included in the database
      we require that you write a personal check.  For the initial 
      sign-up, we verify that the name on the check matches the name 
      in the database.  A signed check which clears the 
      banking system provides very good authentication.  
      
      A semantic note: we don't actually wait for the check to clear.
      We get the check, eyeball the data, update the computer and then
      send the check to the bank. If the check turns out to be bogus
      we go back and zap you. (So you see, there is a way to get a 
      couple days of free time.)  
   
   2. By charging a small fee, we can help offset the cost of the
      resources used to maintain & back up the database.  With the
      fee structure, no one will get rich or poor, but there is
      an increased likelihood that this database will be around
      for years.  

   3. By tacking on a few dollars to the initial fee, we hope to 
      discourage people who would fail to maintain their data, and 
      then drop out of the database, then re-join, then drop out,
      then re-join.

   4. Every 5 months (or so), we email an invoice (typically
      for $5.00 US) for the next 5 months of service.  This invoice
      must be printed and sent to us, with a check, via US mail.  
      This procedure keeps all data reasonably current ( +/- 5 months),
      which is about as good as it's going to get for such a 
      remote service.  The point being, you can not just write 
      a check for $50.00 and be covered for the next
      4 years.

 --- Well, how much does it cost? ---

      Fee to add your data to the database:   $4.00 US
      Fee to maintain your data:              $1.00 US / per month

 --- Trivia ---
 - The database is meant to be hold REAL names, no aliases,
   anonymous, or otherwise bogus id's.
 - In order to search the database, users must themselves exist
   in the database.
 - The dataset you enter for yourself can never viewed as a whole.  
   You are encouraged to enter data for previous & current schools,
   occupations & other organizations/institutions, but a match on 
   a single item will not reveal the others.  For example, you used 
   to work at AT&T, and now you work for IBM.  If an old friend 
   was trying to track you down, they might search on parts
   of your First and Last Name and AT&T.  If you were found, it
   would only show your one line entry corresponding to AT&T.

   The point being that although your data might be read as
   a personal resume, it won't be shown that way.  Of course 
   that won't stop your nosy friend from sending you email
   asking where you are working now.
 - People keep asking why the database doesn't have fields
   for phone & address.  No! That kind of data is too personal 
   for a large database like this.  If you want someone's address, 
   send them email and ask for it.  
 - The searching criteria make it really hard to use this
   database for something like head hunting or generating a
   junk mail list (this is by design).

 --- Interface ---
 The interface is via email.  This allows the database to span all 
 services (cis, prodigy, aol,...) which have gateways to the 
 internet.  Also, it allows each user to craft their data with 
 their own editor, in a flexible time frame.

 Searching the database via email, while very functional,  is a bit
 more kludgy than is desirable.  A searcher accessible via telnet 
 will be put online once we get an idea of the bandwidth & cpu needs.

 It would certainly be cool to have interfaces to gopher and 
 www also.

 Additionally, the future will make further use of PGP
 (ViaCrypt PGP in our case).

 --- How To Start ---

   Send Mail to:

  -  sled at drebes.com  subject 'info'   for a (this) text
  -  sled at drebes.com  subject 'add'    to add yourself to SLED
  -  sled at drebes.com  subject 'change' to alter your data
  -  sled at drebes.com  subject 'search' to search the SLED

  -  bugs at drebes.com  To report a bug.
  -  comments at drebes.com  To send a comment that isn't quite a bug.

 --- The End ---

-------------------------------------------

From: mcb at umberto-eco.postmodern.com (Michael C. Berch)
Newsgroups: ba.internet
Subject: Re: NetPages Coming
Date: 28 Feb 1994 03:07:20 GMT
Organization: Postmodern Consulting, San Francisco, California USA
Lines: 37
Sender: mcb at umberto-eco.postmodern.com
Message-ID: <940227.185716.mcb at umberto-eco.postmodern.com>
References: <mcculleyCLI2AI.DI9 at netcom.com> <2k7a3b$lhp at usenet.ins.cwru.edu>
NNTP-Posting-Host: remarque.berkeley.edu
Summary: The SLED

In the referenced article, cx132 at cleveland.Freenet.Edu (Cliff Gillespie) writes:
> [Response to Aldea NetPages]
> Oatmeal!  Not a flame, but this a pales in comparison to what the
> folks running the SLED are doing.  They have a setup where you
> can  store & search all sorts of stuff (where you sent to school,
> where you used to live, jobs, books you've written, multiple
> email addresses...), but only matched items are displayed. 
> You can send mail to sled at drebes.com with info in the subject 
> for a summary.

I requested (and read) the SLED info file and was not that impressed.
First of all, you have to PAY to be included in the SLED database.
It is only $5 plus $1/month, which is not a whole lot, but the problem
is that will so sharply limit the number of people who list there, so
the value of the database is limited as well.  And there is the
pain-in-the-ass factor of having to pay them every few months or so.

Plus, the SLED people seem to claim to be interested in subscriber
privacy (by offering PGP [future?] and making the DB hard to make into
a marketing list), yet seem to be totally anal-retentive about the DB
being only "REAL NAMES", to the point of REQUIRING a real live personal
check from you (not cash).

There is also no provision for entering street addresses or voice
telephone numbers, even if you WANT to, since they claim that is much
too personal.  Shouldn't users make that choice for themselves?  
This also makes the DB that much less useful, plus you have to search
it BY EMAIL only, which is slow and clunky.

Thanks, but NetPages sounds more useful to me.   Or even "whois", for
that matter.  (The SLED people also claim that to use whois you have 
to know someone's email address, which is completely bogus.)

--
Michael C. Berch
mcb at postmodern.com / mcb at net.bio.net / mcb at remarque.berkeley.edu

--- END ---






From mgream at acacia.itd.uts.edu.au  Mon Feb 28 02:19:47 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Mon, 28 Feb 94 02:19:47 PST
Subject: standard for stegonography?
In-Reply-To: <Pine.3.89.9402280104.C8795-0100000@delbruck.pharm.sunysb.edu>
Message-ID: <9402281021.AA23225@acacia.itd.uts.EDU.AU>


Earlier, Sergey Goldgaber wrote:

> 
> If you're using one-time pads, why use PGP?  _Public_ Key Cryptography...?
> 

Huh ? The discussion was about a standard format for stego'd files,
so that different software could interoperate, unless I wildly 
misinterpreted.

Matthew.

-- 
Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
PGPMail and brown paperbags accepted. - Non Servatum -
  ''weirdo's make the world go around'' - A.Watts





From m5 at vail.tivoli.com  Mon Feb 28 05:38:06 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Mon, 28 Feb 94 05:38:06 PST
Subject: Clipper Death Threat
In-Reply-To: <2D6E94BC@Pentagon-EMH9.army.mil>
Message-ID: <9402281337.AA04279@vail.tivoli.com>



"LYLE, DAVID R." writes:
 > Don't get me wrong.  I am all for private communications.  I'm very
 > much against restricting the public's access to encryption
 > technology. What gets me is when everyone runs around saying "this
 > is a right". 

Well, I'd say that the right to use whatever means available to shield
communication from eavedropping is as natural as any other.  It's not
a "right" to be free from attempts to eavesdrop, however.

If the FBI tries to tap my phone, then laws may (or may not) be
violated but no natural rights have.  If, however, I am prosecuted for
attempting to encase my information in a cryptographic strongbox
without providing the FBI the key, then I indeed see that as a
transgression against my natural rights as a person.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From frissell at panix.com  Mon Feb 28 06:23:35 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 28 Feb 94 06:23:35 PST
Subject: Swiss Banks
Message-ID: <199402281423.AA03672@panix.com>



N.>I am checking the above banks to see if ANY are internet connected 
N.>and
N.>would be willing to receive orders via signed PGP messages
N.>If the above is positive I will get back to the group
N.>
N.>     anon
N.>

And the answers are...

No 

and 

No

--- WinQwk 2.0b#1165
                                                                                                        





From danisch at ira.uka.de  Mon Feb 28 07:02:21 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Mon, 28 Feb 94 07:02:21 PST
Subject: pgp and multiple recipients
Message-ID: <9402281501.AA12834@deathstar.iaks.ira.uka.de>



Hi,

pgp allows to encrypt a message for multiple recipients
by listing all recipients at the command line arguments.

If there are no recipients at the command line, pgp asks
for the recipient. Is there any way to give multiple recipients
to this question? pgp doesn't separate on comma or space.
I need this for calling pgp in a script where it is difficult
to put the recipients into the command line.

Thanks
Hadmut





From warlord at MIT.EDU  Mon Feb 28 07:25:10 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 28 Feb 94 07:25:10 PST
Subject: pgp and multiple recipients
In-Reply-To: <9402281501.AA12834@deathstar.iaks.ira.uka.de>
Message-ID: <9402281524.AA24564@toxicwaste.media.mit.edu>


No, there is currently no way to specify multiple recipients
not on the command line.  It is on the list of fixes for a future
version of PGP.

Sorry.

-derek





From ravage at wixer.bga.com  Mon Feb 28 07:29:02 1994
From: ravage at wixer.bga.com (Jim choate)
Date: Mon, 28 Feb 94 07:29:02 PST
Subject: Civil Rights
In-Reply-To: <9402280424.AA22224@netmail2.microsoft.com>
Message-ID: <9402281521.AA04599@wixer>


The problem I see with your comments, in particular in reference to the
source of the rights I mentioned, is the original contact that defines the
government. In your reply you used references to both of the documents that
define and establish our government, these documents are what define the
rights of the individual, not the legistlative body who makes laws ex post
facto. In short, the rights are granted when the government is created and
not later, unless of course the original documents define a method of change
through some process. The rights have to be granted, or defined in some
manner, before any laws can be enacted by any legislative body.

The whole idea of the Declaration of Indipendance and the Constitution is
that there are some facets of an individual which they have simply by
existing. These characteristics are beyond the normal law-making powers of
that body. In short it is the realization that individuals have certain
characterisitics which are damaging to any form of government if they are
allowed to be regulated in any manner by that government. No matter how
heinous, uncomfortable, or silly these actions may be. The only caveat which
might be applied to such rights would be that they harm a person or their
property w/o the owners prior consent. Without this there is no basis for
government in the first place. It simply breaks down to who is bigger and
willing to use more force to get what they want and hopefully can keep it
when the next 'billy bad-ass' comes along (in short this is anarchy, pure -
plain - and simple). There is no place for any form of anarchy in any form of
human organization. There is a place for non-structured interaction, but
calling that 'anarchy' besmurches all of our intelligences.

In our specific case our founding charters (I feel to talk about the
Declaration of Indipendance or the Constitution w/o mentioning the other is a
slight of hand and a  civil disservice) make it plain that we should be able
to make any public statement no matter how unpopular w/o regards to any form
of legal ramifications from the governing body. All our other rights stem
from this single idea. As to anonymouse statements, the founding fathers used
the pen name 'Publius' in several of their writing, it has a long and
respected history in our country and should be fully supported. The bottem
line being people should be able to say whatever they please and it is not
any government regulatory agencies business in any manner, shape, or form. If
people feel that they want to use crypto then so they shall, in any form they
choose. The people of the US are guaranteed by general consent (ie you keep
your citizenship) to abide by these rules of action because while they may
cause short-term discomfort they provide long-term security.

Our charter provides a means to alter it in a reasoned and controlled manner
where the citizens must decide themselves, the Constitutional Amendment.
Nowhere in our charters are the government given the power regulate drug use,
crypto, sexual service sales, etc. w/o asking us first. For them to have such
powers they MUST have an amendment added. The last time the US government
acted legally in such manners was concerning the prohibition and right to
vote amendments. The present laws that control many of our actions are un-
constitutional becuase there is no amendment giving the legistlative powers
that be the right to control them in the first place. An added protection was
the 9th Amendment which says that if the right is not specificaly listed then
it belongs to us to do with as we please, and not the governing body. At no
place in the charters does it provide a means or method to bypass this, and
with good cause I believe. Personaly, I believe that this whole mess started
during WWII because of the need to act as a cohesive whole against a commen
threat, that situation no longer exists and really is not even probable.

The government belongs to us, we don't have to ask their permission for a
damn thing. We do tell them what we want and basicly how to go about doing it.
We dont owe them one penny in tithe, they owe us.






From marc at tanda.isis.org  Mon Feb 28 08:27:52 1994
From: marc at tanda.isis.org (Marc Thibault)
Date: Mon, 28 Feb 94 08:27:52 PST
Subject: standard for stegonography?
Message-ID: <VNogic1w165w@tanda.on.ca>


Jef Poskanzer <jef at ee.lbl.gov> writes:

> Is there a standard for stego yet?  I just added stego and de-stego

        Given that the whole object of steganography is to hide the
        very existence of a message, wouldn't a standard be
        counter-productive?
        
        Cheers,
                Marc

---
 Marc Thibault                             | Any warming, global
 Automation Architect                      | or otherwise, is
 Oxford Mills, Ontario, Canada             | welcome.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQA9AiyT2YcAAAEBgKVboQejsR2t2U70HoWOXTIqlWUCRGkTht8Yn/4kuzWby/e3
Z9tT8RHJbAx9us7QZwAFEbQdVGFuZGEgTWFpbCA8bWFyY0B0YW5kYS5vbi5jYT4=
=aFhG
-----END PGP PUBLIC KEY BLOCK-----








From cme at sw.stratus.com  Mon Feb 28 09:48:10 1994
From: cme at sw.stratus.com (Carl Ellison)
Date: Mon, 28 Feb 94 09:48:10 PST
Subject: shame on the NSA!
Message-ID: <199402281747.MAA02647@galt.sw.stratus.com>


>From the Independent reposting by Banisar:
>    After nearly 50 years of electronic eavesdropping, the NSA is finding
>that some widely available codes are impossible to crack.

Time was when the NSA wouldn't allow such a claim to be made in the press
much less make it themselves.  What's happened to national pride here?

Let's go back to the time when the NSA acted smug in the face of civilian
encryption.  Give me back my good old Amurrican Supermen!

 - Carl





From cowen at glia.biostr.washington.edu  Mon Feb 28 09:57:24 1994
From: cowen at glia.biostr.washington.edu (cowen at glia.biostr.washington.edu)
Date: Mon, 28 Feb 94 09:57:24 PST
Subject: No Subject
Message-ID: <9402281807.AA18357@glia.biostr.washington.edu>


 i see a few problems with the use of the clipper chip.
 
 first, once in place, how will they replace it once it is compermized
 second, how much more will this cost the "honest" tax-payers?
 third, if they only use it for the trapping of and evidence of criminal 
       type folks, what will the do with all the other neat info they
       are sure to pick up?
 fourth, if both halves, in a one key system are in the hands of the 
        gov't what reaaly provents them from using them, without our
        knowing about it. 

 also a few comments.
 
 once in place, i could do several things to make it hard to catch me
 i could write everything i send out in a seperate code, only send snail
 mail, only talk in person, steal the code keys, take the chip out of all
 the systems i have access to. and lets see, i could tell you i have a chip
 that looks liek the clipper chip, that on the first test try works.
 but it is really a fake, and mass produce it and sell it. without your knowing
 hey anything is possible.

someone pointed out that the keys once used, would become less secure
use by use. why not a revolving key system, or is that to hard
 
and why did the spend over 8 million of our tax dollars, on something
 that congress hopefully will shoot down?? talk about balanced budgets
i think there is another oxymoron to add to the list

now i wish i had not voted for the ditz in office.

charles the monster maker
            ^i am a father, you have a kid you'll know.






From tcmay at netcom.com  Mon Feb 28 10:12:08 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 28 Feb 94 10:12:08 PST
Subject: "Natural Rights" and the Surveillance State
In-Reply-To: <9402281337.AA04279@vail.tivoli.com>
Message-ID: <199402281812.KAA04666@mail.netcom.com>


Mike McNally wrote:

> "LYLE, DAVID R." writes:
>  > Don't get me wrong.  I am all for private communications.  I'm very
>  > much against restricting the public's access to encryption
>  > technology. What gets me is when everyone runs around saying "this
>  > is a right". 
> 
> Well, I'd say that the right to use whatever means available to shield
> communication from eavedropping is as natural as any other.  It's not
> a "right" to be free from attempts to eavesdrop, however.
> 
> If the FBI tries to tap my phone, then laws may (or may not) be
> violated but no natural rights have.  If, however, I am prosecuted for
> attempting to encase my information in a cryptographic strongbox
> without providing the FBI the key, then I indeed see that as a
> transgression against my natural rights as a person.

Personally, these days I stay away from calling some things "natural
rights" and other things _not_ natural rights. Why, for example, would
the FBI tapping my phone be any less a violation of my natural rights
than if they entered my house and bugged it? Would placing video
cameras in my bedroom (proposed by Dorothy Denning in her "Video
Escrow Act of 1996") violate my "rights"?

By Mike's arguments, I fear, it would be acceptable for the government
to ring our houses with microphones, to place telephoto lenses on
cameras and aim them through our windows, to intercept all of our
phone and modem calls, and to compile extensive dossiers on our
purchases and habits. Big Brother with a vengeance.

(I'm not saying Mike supports these ideas. But by saying these things
do not violate any of his "natural rights," as he appears to be saying
above, then this opens the door for a complete surveillance state.)

If we concede that the government is _not_ violating our "rights" by
wiretapping and monitoring us, then how can we object when the
surveillance state arrives?

I prefer the more radical step of attempting to defang the government
by taking aways its economic and political power. Undermine the
surveillance state in all ways. (And sometimes that may involve
arguing for "rights" to not be wiretapped, surveilled by the
government, and whatnot.)

However, I partly agree with Mike if by "no natural rights" he means,
for example, that I am not "violating" someone else's natural rights,
by compiling a dossier on them, or by writing down what I overheard in
a coffee house. People have to protect their own security, by being
discreet when discretion is needed, by paying with cash when they fear
records are being kept of their purchases, and by using encryption in
communications that may be intercepted. They cannot just scream that
their "rights" are being violated when their names are entered into my
e-mail database (a crime in the U.K., under the Data Protection Act!).

Rights are a slippery slope.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From frissell at panix.com  Mon Feb 28 10:19:40 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 28 Feb 94 10:19:40 PST
Subject: Blacknet worries
Message-ID: <199402281818.AA14703@panix.com>



D.>With all due respect....the U.S Government has PLENTY
D.>of tools to go after those deemed to be violators of
D.>various rules and regs...with or without Blacknet,
D.>with or without encryption.

D.>What other tools can be used, well...
D.>
D.>1.  Imputed income. 

Try to do this some time.  It is very expensive to 'net worth' someone.  
The CIA didn't manage in their recent case.  There are 114 million 
'taxpayers' in the Naked City..


D.>2.  Criminal conspiracy.  Elements are
D.>   a.  two or more people
D.>   b.  a preparatory act

If they can decrypt your conspiratorial communication.  Conspiracy charges 
are rare in the absence of an overt act.  

D.>3.  CCE (Continuing Criminal Enterprise).

If they can find out something is happening and connect disparate 
encrypted activities to you.

D.>4.  IRS-1040, Schedule B, Part III, Foreign Accounts and Trusts.
D.>    Except for one relatively minor loophole, if you fail to
D.>    report a foreign bank account, it is considered prima
D.>    facie evidence of tax fraud.  Sound like a really bad
D.>    day in the making?

Prosecutions are rare and are dependent on linking you to the accounts, 
proving the balance of the accounts, and in any case only apply to US 
citizens/residents.

D.>5.  If you have more than $10,000 in US Dollar value in
D.>    an offshore account, you are required to fill out a
D.>    special form for the IRS giving your account numbers;
D.>    unless you want to declare that you have more than
D.>    20 such accounts, aggregating to more than $10,000.

Likewise.

D.>6.  RICO.  They got Mike Miliken using this...indeed, Barron's
D.>    magazine did an interesting report on RICO, with the
D.>    conclusion that a determined Federal Prosecutor could
D.>    use the law to convict a ham sandwich.

Mike was not convicted under RICO.  He plead to two counts of stock 
parking and something else.

D.>7.  Did you know that Federal prosecutors have a better than
D.>    90% conviction rate?

In the several thousand annual prosecutions out of a US population of 256 
million.

D.>8.  HOW does one spend "magic money"?  If you have bunches of
D.>    cash offshore, and bring it in, records are created.  If
D.>    you buy something, potential witnesses are created.  Can
D.>    you really expect that the clerk in wire transfer at XYZ
D.>    bank (who makes $6.50/hr) won't tip off someone when you
D.>    wire in the $20,000 to buy ...whatever?

Since much of future commerce will be online anyway, why not just spend it 
for telecoms time, software, living expenses in a VR environment, other 
non-physical services.  Use it overseas.  Expat yourself (see the current 
issue of Forbes for an article on expatriation as the ultimate tax 
shelter.  Or just get cash from your local ATM.

D.>9.. Spies, criminals, and others often get in trouble due to their
D.>    own and others' lack of discretion.  Can we really expect
D.>    users of a hypothetical blacknet would never drink too much,
D.>    never wish to impress someone, never trust someone unwisely?

Lost in the noise with millions of 'violators' extant.

D.>I'm all for more of it;  but, I really don't think it will
D.>be anything more than a minor inconvenience for law enforcement
D.>and prosecutors if people engage in wholesale criminal acts.

Studies show that where the perceived risk is low, people are fairly 
willing to violate mere regulations.  Most people can tell the difference 
between murder and tax evasion.  The Common Law recognized this difference 
calling one malum in se (wrong in itself) and the other malum prohibitum 
(wrong because it has been prohibited).

In any case, since US tax laws don't apply to non resident non citizens of 
the US but these sorts of people will be able to fully participate in the 
US economy over the nets, either US citizens and residents will have to 
fiddle their regulatory compliance or they will lose out in competition 
with foreigners who can undercut them or do things Americans are 
prohibited from doing.  Sell strong crypto par example.  

DCF

1993 - Perhaps the first year in American history in which the Justice 
Department killed more people than the Defense/War Department.
--- WinQwk 2.0b#1165 





From frissell at panix.com  Mon Feb 28 11:02:52 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 28 Feb 94 11:02:52 PST
Subject: Blacknet worries
Message-ID: <199402281902.AA21436@panix.com>



D.>With all due respect....the U.S Government has PLENTY
D.>of tools to go after those deemed to be violators of
D.>various rules and regs...with or without Blacknet,
D.>with or without encryption.

D.>What other tools can be used, well...
D.>
D.>1.  Imputed income. 

Try to do this some time.  It is very expensive to 'net worth' someone.  
The CIA didn't manage in their recent case.  There are 114 million 
'taxpayers' in the Naked City..


D.>2.  Criminal conspiracy.  Elements are
D.>   a.  two or more people
D.>   b.  a preparatory act

If they can decrypt your conspiratorial communication.  Conspiracy charges 
are rare in the absence of an overt act.  

D.>3.  CCE (Continuing Criminal Enterprise).

If they can find out something is happening and connect disparate 
encrypted activities to you.

D.>4.  IRS-1040, Schedule B, Part III, Foreign Accounts and Trusts.
D.>    Except for one relatively minor loophole, if you fail to
D.>    report a foreign bank account, it is considered prima
D.>    facie evidence of tax fraud.  Sound like a really bad
D.>    day in the making?

Prosecutions are rare and are dependent on linking you to the accounts, 
proving the balance of the accounts, and in any case only apply to US 
citizens/residents.

D.>5.  If you have more than $10,000 in US Dollar value in
D.>    an offshore account, you are required to fill out a
D.>    special form for the IRS giving your account numbers;
D.>    unless you want to declare that you have more than
D.>    20 such accounts, aggregating to more than $10,000.

Likewise.

D.>6.  RICO.  They got Mike Miliken using this...indeed, Barron's
D.>    magazine did an interesting report on RICO, with the
D.>    conclusion that a determined Federal Prosecutor could
D.>    use the law to convict a ham sandwich.

Mike was not convicted under RICO.  He plead to two counts of stock 
parking and something else.

D.>7.  Did you know that Federal prosecutors have a better than
D.>    90% conviction rate?

In the several thousand annual prosecutions out of a US population of 256 
million.

D.>8.  HOW does one spend "magic money"?  If you have bunches of
D.>    cash offshore, and bring it in, records are created.  If
D.>    you buy something, potential witnesses are created.  Can
D.>    you really expect that the clerk in wire transfer at XYZ
D.>    bank (who makes $6.50/hr) won't tip off someone when you
D.>    wire in the $20,000 to buy ...whatever?

Since much of future commerce will be online anyway, why not just spend it 
for telecoms time, software, living expenses in a VR environment, other 
non-physical services.  Use it overseas.  Expat yourself (see the current 
issue of Forbes for an article on expatriation as the ultimate tax 
shelter.  Or just get cash from your local ATM.

D.>9.. Spies, criminals, and others often get in trouble due to their
D.>    own and others' lack of discretion.  Can we really expect
D.>    users of a hypothetical blacknet would never drink too much,
D.>    never wish to impress someone, never trust someone unwisely?

Lost in the noise with millions of 'violators' extant.

D.>I'm all for more of it;  but, I really don't think it will
D.>be anything more than a minor inconvenience for law enforcement
D.>and prosecutors if people engage in wholesale criminal acts.

Studies show that where the perceived risk is low, people are fairly 
willing to violate mere regulations.  Most people can tell the difference 
between murder and tax evasion.  The Common Law recognized this difference 
calling one malum in se (wrong in itself) and the other malum prohibitum 
(wrong because it has been prohibited).

In any case, since US tax laws don't apply to non resident non citizens of 
the US but these sorts of people will be able to fully participate in the 
US economy over the nets, either US citizens and residents will have to 
fiddle their regulatory compliance or they will lose out in competition 
with foreigners who can undercut them or do things Americans are 
prohibited from doing.  Sell strong crypto par example.  

DCF

1993 - Perhaps the first year in American history in which the Justice 
Department killed more people than the Defense/War Department.
--- WinQwk 2.0b#1165 





From remailer-admin at chaos.bsu.edu  Mon Feb 28 11:22:20 1994
From: remailer-admin at chaos.bsu.edu (Anonymous)
Date: Mon, 28 Feb 94 11:22:20 PST
Subject: pgp and multiple recipients
In-Reply-To: <9402281524.AA24564@toxicwaste.media.mit.edu>
Message-ID: <199402282009.OAA22279@chaos.bsu.edu>


Derek Atkins wrote:
>No, there is currently no way to specify multiple recipients
>not on the command line.  It is on the list of fixes for a
>future version of PGP.
>
>Sorry.

But is there ever going to be a future version of PGP?  Even if there
was, it would probably be ViaCrypt and we wouldn't even be able to see
the source :(  I don't mind if Phil makes some money (he deserves a
reward for what he did!) but it's a shame PGP won't be the open system
that it was before.  Maybe some netters would like to get together and
work on it to keep the free spirit of PGP alive...

P.S: Email replies can be sent to:
mg5n+eadw8ppatdrotqz6iyn2dn954ii0ebmwbfqt0ykn7a06pe59 at andrew.cmu.edu





From m5 at vail.tivoli.com  Mon Feb 28 11:25:18 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Mon, 28 Feb 94 11:25:18 PST
Subject: "Natural Rights" and the Surveillance State
In-Reply-To: <199402281812.KAA04666@mail.netcom.com>
Message-ID: <9402281925.AA05301@vail.tivoli.com>



Timothy C. May writes:
 > Personally, these days I stay away from calling some things "natural
 > rights" and other things _not_ natural rights. Why, for example, would
 > the FBI tapping my phone be any less a violation of my natural rights
 > than if they entered my house and bugged it?

Because in the "bugging your house" scenario, we have an implication
of property crime (breaking and entering).

Would you claim a right to privacy when talking to a friend over a
beer at Seabright?  I don't think so.

 > Would placing video
 > cameras in my bedroom (proposed by Dorothy Denning in her "Video
 > Escrow Act of 1996") violate my "rights"?

Indeed (poor Ms. Denning; I nominate her for Most Outstanding
Ad-Hominem Target of the 90's :-) it would be a violation.  However,
what would you think about someone who, from their own property
nearby, could hear various interesting and suggestive noises that
happen to penetrate the walls of your bedroom and radiate out into the
atmosphere?  Are your rights violated simply because the person pays
attention to the stimulation of his eardrums?

 > By Mike's arguments, I fear, it would be acceptable for the government
 > to ring our houses with microphones, to place telephoto lenses on
 > cameras and aim them through our windows, to intercept all of our
 > phone and modem calls, and to compile extensive dossiers on our
 > purchases and habits. Big Brother with a vengeance.

While I wouldn't be at all fond of such a scenario, I find myself on a
slope if I claim that somewhere in there between completely
non-intrusive police and police as described above there's a
cross-over to a violation of my rights.  If, however, the police force
also declared that I must have large curtainless windows all over my
house, and I must not add insulation to walls to the point that
interior conversations could not be heard outside the house, then I
would say clearly that my right to affect my privacy by any means
available would be violated.

 > (I'm not saying Mike supports these ideas. But by saying these things
 > do not violate any of his "natural rights," as he appears to be saying
 > above, then this opens the door for a complete surveillance state.)

I just differentiate between "what I want the government to do/not do"
and "what are my rights as a person".

 > If we concede that the government is _not_ violating our "rights" by
 > wiretapping and monitoring us, then how can we object when the
 > surveillance state arrives?

It's not the case that the only argument against the government doing
something is that it violates a basic human right (though sometimes it
seems that way...)

 > I prefer the more radical step of attempting to defang the government
 > by taking aways its economic and political power.

That's fine.  I wholeheartedly support this.

 > (And sometimes that may involve arguing for "rights" to not be
 > wiretapped, surveilled by the government, and whatnot.)

I guess I worry that such arguments may weaken (cheapen?) the concept
of "natural rights", much as the whole "right to adequate health care"
debate has.

 > Rights are a slippery slope.

Clearly.  Thus, it's dangerous to work from the premise that definding
a natural right is the only reason to ask for government restraint.
I'd like to restrain the government simply because I'm definitely not
satisfied that I get my money's worth!

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From ao27+ at andrew.cmu.edu  Mon Feb 28 11:37:28 1994
From: ao27+ at andrew.cmu.edu (Anthony D Ortenzi)
Date: Mon, 28 Feb 94 11:37:28 PST
Subject: Dorothy Denning
Message-ID: <ohQYSpy00UhBE4Sn4c@andrew.cmu.edu>


Well, since everyone seems to be talking about Dorothy Denning, I just
thought I'd throw a few things out for discussion.  Number 1, if someone
is an encryption expert (as has been truly/falsely(?) claimed on this
list), then why would they endorse anyone but the recipient being able
to decode the message?  Wouldn't the true belief in privacy be what
would lead one to learn about such things?  Or is it just a toy, as is
surveillance?

Number 2.  People on this list have said that she's an expert in
cryptography. When I read that damned Newsday article posted on
cypherpunks, I thought that she was just a whiny college bitch. The
argument was just very, well, flimsy is the word I guess.  I believe
that Clipper is wrong, but someone could at least write a paper that
would influence more by pointing out its merits, rather than just saying
that the government should start spying on all of us to stop drug
deals....

Anyone know:

A) Is she an expert in cryptography?

B) Is she a college graduate?

C) Was she dropped on her head a lot as a baby?

D) Has she considered the alternatives that suicide offers?

Just kind of annoyed at this whole Big Brother thing, probably because
I'm reading 1984 right now... really a good idea if you haven't yet, and
if you read it, they're is no way you'll possibly think that Clipper is
a good idea...

Also, I've gotten a message through to Ross Perot about our fight
against Clipper, and how to reach me, so if I get a response, I'll let
you guys know.

                                        Anthony






From hughes at ah.com  Mon Feb 28 11:57:12 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 28 Feb 94 11:57:12 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
Message-ID: <9402281948.AA05053@ah.com>


Should John's FOIA request for the clipper key database work, it
creates a wonderful hole in the entire key custody system.

It would require a legislative act to plug the hole.

This is extremely significant, since the whole clipper strategy is
based on unchecked and unbalanced actions by the executive branch.  No
laws were passed to create clipper and no judicial review has taken
place.

John's request will be denied, no doubt, and will go to court.  Should
he prevail in court, the executive branch is bound by that decision.
A key custody database which was public would make the system insecure
and unusable.  The executive branch could not change this.  Only the
legislature could.

Now, how many legislators do you know that are going to make a public
record by voting in favor of Big Brother?

We are witnessing the genius of framers of the USA Constitution here,
folks.

Eric





From sergey at delbruck.pharm.sunysb.edu  Mon Feb 28 12:09:36 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Mon, 28 Feb 94 12:09:36 PST
Subject: standard for stegonography?
In-Reply-To: <9402281021.AA23225@acacia.itd.uts.EDU.AU>
Message-ID: <Pine.3.89.9402281554.A10807-0100000@delbruck.pharm.sunysb.edu>




On Mon, 28 Feb 1994, Matthew Gream wrote:

> Earlier, Sergey Goldgaber wrote:
> 
> > 
> > If you're using one-time pads, why use PGP?  _Public_ Key Cryptography...?
> > 
> 
> Huh ? The discussion was about a standard format for stego'd files,
> so that different software could interoperate, unless I wildly 
> misinterpreted.
> 
> Matthew.
> 
> -- 
> Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
> PGPMail and brown paperbags accepted. - Non Servatum -
>   ''weirdo's make the world go around'' - A.Watts
> 

Didn't you mention something along the lines of hiding "---BEGIN PGP" headers
by using one-time pad encryption?  Or did I wildly misinterpret you?


Sergey







From mg5n+ at andrew.cmu.edu  Mon Feb 28 12:25:20 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 28 Feb 94 12:25:20 PST
Subject: DES Question
Message-ID: <ghQZ=Nq00awT82I0UR@andrew.cmu.edu>


When using DES to encrypt email addresses, the total amount of data to
be encrypted would be only 3 or 4 eight-byte DES blocks.  My question
is: Would CBC or CFB really be effective for such a small amount of
data?  Or would it be better to encrypt multiple times with
transpositions in between (ie '4x3' DES as was described earlier in
cypherpunks)?

Second question: The DES code that I have (not written by me) has a
comment section which describes filling all 16 subkeys seperately,
thereby allowing a 128 byte key.  Is there any significant advantage to
doing this?  Is there any reason that I should not do it?

What is the purpose of the initial and final permutations?





From stutzmjj at bigvax.alfred.edu  Mon Feb 28 12:38:57 1994
From: stutzmjj at bigvax.alfred.edu (stutzmjj at bigvax.alfred.edu)
Date: Mon, 28 Feb 94 12:38:57 PST
Subject: SQUISH
Message-ID: <0097ABD8.1F127CE0.6283@bigvax.alfred.edu>


I just received a notice concerning your game.  Please send me
some more information on how to join/play as well as any rules.
Thanks,
Jeff Stutzman
STUTZMJJ at BIGVAX.ALFRED.EDU





From jmallin at umich.edu  Mon Feb 28 12:44:14 1994
From: jmallin at umich.edu (Jonathan Scott Mallin)
Date: Mon, 28 Feb 94 12:44:14 PST
Subject: Clipper and Entrapment!
Message-ID: <Pine.3.89.9402281546.D1717-0100000@whitman.ccs.itd.umich.edu>


Perhaps mandatory encryption will be struck down by a court.  It seems to 
me that if the government portrays this as a "safe" method of encryption 
criminals can make the claim that they would not have committed crimes if 
they didn't feel that their encryption was secure.  Since the government 
promotes this false sense of security the government may in fact "create" 
additional crime.

I am not saying that I believe this argument.. it is, however, one that 
can be made.

        _            __  __      _ _ _        
    _  | |___ _ _   |  \/  |__ _| | (_)_ _   <*>  Jonathan Scott Mallin
   | |_| / _ \ ' \  | |\/| / _` | | | | ' \  <*>  <jmallin at umich.edu>
    \___/\___/_||_| |_|  |_\__,_|_|_|_|_||_| <*>  Email for PGP key 
-> This entire message is (C) 1994 by Jonathan Mallin.  Reproduction is <-
-> prohibited without express written consent.                          <-






From werner at mc.ab.com  Mon Feb 28 13:10:17 1994
From: werner at mc.ab.com (tim werner)
Date: Mon, 28 Feb 94 13:10:17 PST
Subject: ditz in office
Message-ID: <199402282110.QAA03143@sparcserver.mc.ab.com>


>From: cowen at glia.biostr.washington.edu
>
>now i wish i had not voted for the ditz in office.

I wish everyone who voted either Republican or Democrat instead of
Libertarian because they didn't want their vote to be wasted would take a
moment to consider how their vote would have meant any less if they had
voted for Andre Marrou and Nancy Lord in '92.

Also, those who do not vote because they feel it just encourages the
bastards should consider voting Libertarian next time.

And those who voted for Perot as a protest, why not vote for freedom
next time?

tw





From smb at research.att.com  Mon Feb 28 13:13:55 1994
From: smb at research.att.com (smb at research.att.com)
Date: Mon, 28 Feb 94 13:13:55 PST
Subject: Dorothy Denning
Message-ID: <9402282113.AA04127@toad.com>


	 Number 2.  People on this list have said that she's an expert in
	 cryptography. When I read that damned Newsday article posted on
	 cypherpunks, I thought that she was just a whiny college bitch. The
	 argument was just very, well, flimsy is the word I guess.  I believe
	 that Clipper is wrong, but someone could at least write a paper that
	 would influence more by pointing out its merits, rather than just
	 saying that the government should start spying on all of us to stop
	 drug deals....

	 Anyone know:

	 A) Is she an expert in cryptography?

	 B) Is she a college graduate?

Dr. Denning is the head of the computer science department at Georgetown.
She's the author of ``Cryptography and Data Security'', a classic (though
now somewhat-dated) work in the field.  In sort -- though she may be
politically naive, and she obviously puts a different weight on personal
liberty than do most of the people on this list -- she can't be accused
of technical incompetence.  There is no doubt that she knows more -- and
perhaps far more -- about cryptography per se than do most of the people
on this list.

And of course, you don't want to put cryptographic details in an Op-Ed
column in a tabloid newspaper; most of the audience won't understand them.





From mikemck at mrc.com  Mon Feb 28 13:19:02 1994
From: mikemck at mrc.com (mikemck at mrc.com)
Date: Mon, 28 Feb 94 13:19:02 PST
Subject: A Push for Surveillance Software
Message-ID: <9402282118.AA20206@mrcs1>


Here are some choice excerpts from the headline
article of the NY Times Business section, 2/28.

A Push for Surveillance Software

by John Markoff

	In the age of computer communications and digital telephone
calls, the American people must be willing to give up a degree of    
personal privacy in exchange for safety and security, the head of
the Federal Bureau of Investigation said.

	In an interview on Friday, Louis J. Freeh (note: is it really
pronounced Free?), the FBI director, defended proposed legislation           
that critics say would turn the nation's telephone network into
a vast surveillance system. He said taxpayers would be asked to
pay up to half a billion dollars to develop and deploy the
necessary network software.

	The administration wants to impose new technology that 
would enable law-enforcement agents to gather a wealth of personal 
information by monitoring citizens' calling patterns and credit
card transactions over the telephone network - and over the 
two-way cable television networks being planned by cable and                
phone companies. The system would go well beyond current wire-
tapping technology, because much of the information could be 
gleaned without the police or FBI actually having to eavesdrop
on specific voice or electronic-mail conversations.

	"The costs are high, but you have to do a cost-benefit
analysis," said Mr. Freeh, who insisted that fighting terrorists
and criminals was the governments intention - not playing 
Big Brother to the citizenry.

...

	The administration is trying to line up congressional
support for the legislation, called Digital Telephony and               
Communications Privacy Improvement Act of 1994, before having it
formally introduced.

...


____________________________________________________________ 

	There's much more but I don't have a scanner handy. I 
can't believe how quickly this appalling threat has developed.
The government always veils its expansion of powers as a need
for increased security: the War on Drugs, criminals, terrorists.
What I'm really surprised by is that they foresee the endpoint 
of freely available information technology, a diminishing need
for centralized government.

	If the net contributes to the end of centralized control,
it's easy to extrapolate who the target terrorists are going
to be.


mikemck at mrc.com





From mg5n+ at andrew.cmu.edu  Mon Feb 28 13:19:52 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 28 Feb 94 13:19:52 PST
Subject: Dorothy Denning
In-Reply-To: <ohQYSpy00UhBE4Sn4c@andrew.cmu.edu>
Message-ID: <4hQZzIO00awNEh60YI@andrew.cmu.edu>


Anthony Ortenzi wrote:

> Number 2.  People on this list have said that she's an expert in
> cryptography. When I read that damned Newsday article posted
> on cypherpunks, I thought that she was just a whiny college bitch.
> The argument was just very, well, flimsy is the word I guess.
> I believe that Clipper is wrong, but someone could at least write
> a paper that would influence more by pointing out its merits,
> rather than just saying that the government should start spying
> on all of us to stop drug deals....

Not to mention that she obviously doesn't keep up with current events. 
The part about the world trade center made me laugh.  Here it is again
for those of you who missed it:

  Opponents say that terrorists will not be so foolish as to use
  encryption to which the government holds the key but will scramble
  their calls with their own code systems.  But then who would have
  thought that the World Trade Center bombers would have been stupid
  enough to return a truck that they had rented?

Maybe it was just a bad miswording, but it certainly doesn't strengthen
the argument as a whole, and doesn't give me much confidence in her
proofreading ability.
(They didn't return the truck, they put a bomb in the truck, it got
destroyed, then the idiot tried to claim that the truck had been stolen,
and demanded his deposit back.)

Dorothy Denning may have a college education, but she is a bit lacking
in social awareness.  She is just a pawn that the NSA is using as a
spokesperson so that they don't have to take the heat from the debate
over clipper.





From KEPERRIER at setpoint.com  Mon Feb 28 13:29:52 1994
From: KEPERRIER at setpoint.com (Kent Perrier)
Date: Mon, 28 Feb 94 13:29:52 PST
Subject: Need info on E-mail security
Message-ID: <9402282129.AA04448@toad.com>


I need a some help from all of you crypto-literate people out in
Net.Land.  The company currently employing me has recently opened
several overseas offices.  We have connected ourselves to the Internet
to send e-mail between the Houston office (corperate HQ) the new
overseas offices.  As to be expected, the powers-that-be here gave no 
thought to security for e-mail.  I have brought this to their attention 
about 6 weeks ago and nothing has been done yet.  I know 6 weeks is a 
short period of time but this is still a relatively small company 
(400 people) so something should have happened by now if anything was 
going to happen.

That's the history of the current situation.  I believe I need to provide
some proof as to how easy it is to read unencrypted Internet E-mail. 
Not being an experienced programmer and not knowing how a lot of things
work on the Internet, I do not know how easy it is to scan in-transit 
e-mail for keywords.  Could some kind person please inform me as to 
how easy it is to do this, and, if possible, please direct me to a
place that papers and/or programs have been written on the subject.  I
belive I need to "shock" the higher-ups that this could be a very big
problem if we don't do something now while use of the Internet is light.

Thanks,

Kent Perrier
keperrier at setpoint.com (work)
kperrier at neosoft.com (play)
Corporations don't have opinions, people do.  These are mine.








From nobody at jarthur  Mon Feb 28 13:39:13 1994
From: nobody at jarthur (nobody at jarthur)
Date: Mon, 28 Feb 94 13:39:13 PST
Subject: Dorothy Denning
Message-ID: <9402282139.AA04588@toad.com>


-----BEGIN PGP SIGNED MESSAGE-----

>Anyone know:
>A) Is she an expert in cryptography?
>B) Is she a college graduate?

Now you may not agree with Dorothy's stance on Clipper, but you can't
mar her academic record.

Yes, she is a college graduate and an expert in cryptography.  She was
a professor for a while at Purdue, and is now chair of the computer
science department at George Washington University.

She has written quite a bit, including _Cryptography and Data Security_

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLXJj5IOA7OpLWtYzAQGn8wP/S1AFr0SfdcZcJ/XNbCU2VbP9NkbTfNAz
Zf3ZiokCyvt9MwZxt6oFKRS9FgePPNysWxNegJyLWmT7KGUKE3fqK+5NEX6k8ZCz
/f5/W3s4RmemQWBT3+FYkybtfqWI7GfkH3xzr4D0L5fWcyaH2S+jSXDAbHdQOlC2
02hR4C5orj0=
=YVfF
-----END PGP SIGNATURE-----





From karn at qualcomm.com  Mon Feb 28 13:42:48 1994
From: karn at qualcomm.com (Phil Karn)
Date: Mon, 28 Feb 94 13:42:48 PST
Subject: Dorothy Denning
In-Reply-To: <ohQYSpy00UhBE4Sn4c@andrew.cmu.edu>
Message-ID: <199402282142.NAA00899@servo.qualcomm.com>


>Anyone know:

>A) Is she an expert in cryptography?

>B) Is she a college graduate?

>C) Was she dropped on her head a lot as a baby?

>D) Has she considered the alternatives that suicide offers?


The "Dr." in "Dr. Dorothy Denning" should answer question B. Note also
that she's the chair of the CS dept at Georgetown; such positions are
not usually given to those without college degrees.

The answer to question A is somewhat more subjective. I know enough
about cryptography to know that I am NOT an expert in
cryptography. And that means I know much more about cryptography than
most people -- if you follow my meaning.  Although Dr. Denning has
written a highly regarded college textbook on cryptography, I have not
seen anything to demonstrate her expertise in designing a cipher and
evaluating it against attack. This is a far more arcane talent, one
shared by a relative handful of people. It should not be confused with
the ability to apply existing ciphers to various problems, a skill
that she clearly possesses, along with many other people.

This is why I questioned her inclusion on the clipper review
committee, as opposed to, say, Ernie Brickell, whose destruction of
the knapsack public key cryptosystem gives him the kind of actual
experience in cryptanalysis that is essential in such a review.

As for your other questions, I suggest that the case against Clipper
is strong enough that we do not need to resort to ad-hominem attacks
against individuals such as Dr. Denning. I agree that she is, at best,
seriously misguided, but it is not that uncommon for otherwise
intelligent people to disagree seriously on politics.  Remember that
her technical credentials, whatever they may be, gives her no special
insight over the rest of us into the purely political issues here.

Don't get mad, get even. Write code!

Phil






From karn at qualcomm.com  Mon Feb 28 13:50:05 1994
From: karn at qualcomm.com (Phil Karn)
Date: Mon, 28 Feb 94 13:50:05 PST
Subject: DES Question
In-Reply-To: <ghQZ=Nq00awT82I0UR@andrew.cmu.edu>
Message-ID: <199402282149.NAA00940@servo.qualcomm.com>


>Second question: The DES code that I have (not written by me) has a
>comment section which describes filling all 16 subkeys seperately,
>thereby allowing a 128 byte key.  Is there any significant advantage to
>doing this?  Is there any reason that I should not do it?

That sounds like my code. That feature seemed like a good thing to do
at the time. Then I learned about differential cryptanalysis. No, you
cannot strengthen DES in this way, and in fact you could actually
weaken it unless you are sure to use 128 completely random bytes for
your key.

>What is the purpose of the initial and final permutations?

Mainly to sabotage the performance of DES software implementations.
Even back then the government knew it was much easier to control
the dissemination of hardware than software.

Phil





From mnemonic at eff.org  Mon Feb 28 14:19:39 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 28 Feb 94 14:19:39 PST
Subject: ditz in office
In-Reply-To: <199402282110.QAA03143@sparcserver.mc.ab.com>
Message-ID: <199402282219.RAA26298@eff.org>


 
> >now i wish i had not voted for the ditz in office.
> 
> I wish everyone who voted either Republican or Democrat instead of
> Libertarian because they didn't want their vote to be wasted would take a
> moment to consider how their vote would have meant any less if they had
> voted for Andre Marrou and Nancy Lord in '92.

I'm still reasonably satisfied to have voted for Clinton. I don't think
any of this stuff would have been any different if any other candidate had
been elected.


--Mike







From baum at newton.apple.com  Mon Feb 28 14:26:07 1994
From: baum at newton.apple.com (Allen J. Baum)
Date: Mon, 28 Feb 94 14:26:07 PST
Subject: Mar 17 IEEE mtg:Cryptanalysis of DES
Message-ID: <9402282215.AA28698@newton.apple.com>


The Santa Clara Valley Information theory Group will meet to talk about
Cryptanalysis of DES. Topics will include differential cryptanalysis (Biham
& Shamir) and Matsuis linear cryptanalysis.

Spekaers will be Susan Langford, grad student in Stanford's EE Dept., & Dr.
Martin Hellman, professor in Stanford's EE Dept.

Dinner, 5:30 at Good Earth, University Ave., Palo Alto, CA
Presentation, 7:00,  Rm 450, Durand Bldg, Stanford.
Reservations (dinner? pay for yourself?) Art Astrin 408-970-6826

**************************************************
* Allen J. Baum            tel. (408)974-3385    *
* Apple Computer, 20525 Mariani Ave,  MS 305-3B  *
* Cupertino, CA 95014      baum at apple.com        *
**************************************************







From mgream at acacia.itd.uts.edu.au  Mon Feb 28 14:43:21 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Mon, 28 Feb 94 14:43:21 PST
Subject: standard for stegonography?
In-Reply-To: <Pine.3.89.9402281554.A10807-0100000@delbruck.pharm.sunysb.edu>
Message-ID: <9402282245.AA27627@acacia.itd.uts.EDU.AU>


Earlier, Sergey Goldgaber wrote:

> Didn't you mention something along the lines of hiding "---BEGIN PGP" headers
> by using one-time pad encryption?  Or did I wildly misinterpret you?

No. I said that, and I was referring to the case where you have a particular
stegonographic technique such as pixel modulation, it could be an idea to
place an encrypted header using something like IDEA in CFB that not only
encrypts a signature but an identifier so as to know which program actually
did the stego, and hence be able to demodulate with that particular 
technique. Therefore if you had seperate programs, each could interoperate.

Even though the essense of stego is to not know a message is hidden in a
particular medium, whenever specific software comes out to do certain stego
(jpegs etc), I can see NSA spooks adding it onto their short list of s/ware
to run across any pictures they get. Stego becomes sort of pseudo-Stego and
loses a certain amount of gain it once had (of course, if all you do is
Stego an encrypted file without any structure, it'll be safe).

My 5c.

Matthew.
-- 
Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
PGPMail and brown paperbags accepted. - Non Servatum -
  ''weirdo's make the world go around'' - A.Watts





From mg5n+ at andrew.cmu.edu  Mon Feb 28 14:44:32 1994
From: mg5n+ at andrew.cmu.edu (Matthew J Ghio)
Date: Mon, 28 Feb 94 14:44:32 PST
Subject: DES Question
In-Reply-To: <199402282149.NAA00940@servo.qualcomm.com>
Message-ID: <ohQbBx200awU4oAUk3@andrew.cmu.edu>


Phil Karn wrote:

> That sounds like my code.

Yup. :)

> That feature seemed like a good thing to do at the time. Then I
> learned about differential cryptanalysis.

Seven years is a virtual eternity in cyberspace.

> No, you cannot strengthen DES in this way, and in fact you
> could actually weaken it unless you are sure to use 128
> completely random bytes for your key.

Okay...  It would prevent brute-force attacks though, wouldn't it?  It
may not prevent differential cryptanalysis, but it would be difficult to
obtain the large amount of data required for differential cryptanalysis
from just a few encrypted email addresses.  Random numbers aren't really
a problem; I have a RNG running here, continuously generating random
numbers from system usage statistics and incoming email.

P.S. What's KA9Q?





From rarachel at prism.poly.edu  Mon Feb 28 14:57:53 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Mon, 28 Feb 94 14:57:53 PST
Subject: standard for stegonography?????!!!!??
In-Reply-To: <9402281021.AA23225@acacia.itd.uts.EDU.AU>
Message-ID: <9402282245.AA05746@prism.poly.edu>


Guys, I thought the whole point of stego was to hide the fact that
you're hiding data in a file.  Having a "standard" for this is
a bad idea i the sense that if you have a standard, you make it
that much easier for the bad guys to intercept and find what
you are trying to hide!

Now I'd certainly like to see MANY stego programs out there, however
making any of them a standard is a bad move.

The less standard a stego program is, the safer.  Rolling your own
would probably be the best way to keep the bad guys out of the
way.   As far as sharing stego'ed stuff, you can 1st send your
program over with PGP, so the other side also has the same stego program
you're using...





From hayden at krypton.mankato.msus.edu  Mon Feb 28 14:58:43 1994
From: hayden at krypton.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 28 Feb 94 14:58:43 PST
Subject: Reply-To:  header
Message-ID: <Pine.3.89.9402281752.C19946-0100000@krypton.mankato.msus.edu>


I noticed taht the 'Reply-To:' header now replies to 
cypherpunks-errors at toad.com.  Is it supposed to be this way?

____        Robert A. Hayden          <=> hayden at krypton.mankato.msus.edu
\  /__          -=-=-=-=-             <=>          -=-=-=-=-
 \/  /   Finger for Geek Code Info    <=> In the United States, they
   \/  Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From VACCINIA at UNCVX1.OIT.UNC.EDU  Mon Feb 28 14:58:43 1994
From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU)
Date: Mon, 28 Feb 94 14:58:43 PST
Subject: natural rights and the survaillence state
Message-ID: <01H9FF1SVD3M0000VV@UNCVX1.OIT.UNC.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

In reality there is only one "natural right", one every human is born with. 
The right to die, granted they are attempting to take this right from people
but haven't wholly succeeded yet. The rest of one's rights are granted by the 
state or self maintained (by any means neccesary). It seems we will soon be 
at this juncture.

Scott G. Morham            !The First,
VACCINIA at uncvx1.oit.unc.edu!          Second  
PGP Public Keys by Request !                and Third Levels 
                           !      of Information Storage and Retrieval
                           !DNA,
                           !    Biological Neural Nets,
                           !                           Cyberspace


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLXIBrD2paOMjHHAhAQE0EQP8CCKIFqfXAiM0TtBorlBpZRjNXRdofty7
sWXQnu3a1zcrKUVJDWs2C4ZwkOORFBuwwLpW6IZx1+MDcRZsRCSuahfw2Q099nUu
YT49hhahd+F1vLXJgwxVfOOZO5UtbeLBwDksACOz9VovN0ZTZdtx7t73U7UUP9NY
hgKw5QPZUVo=
=pffM
-----END PGP SIGNATURE-----





From rarachel at prism.poly.edu  Mon Feb 28 14:59:22 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Mon, 28 Feb 94 14:59:22 PST
Subject: lists of U.S. cypherpunks and tentacles (fwd)
Message-ID: <9402282247.AA05848@prism.poly.edu>


Forwarded message:


From freeman at MasPar.COM  Mon Feb 28 15:16:37 1994
From: freeman at MasPar.COM (Jay R. Freeman)
Date: Mon, 28 Feb 94 15:16:37 PST
Subject: Dorothy Denning
Message-ID: <9402282317.AA22954@cleo.MasPar.Com>


Phil Karn says:

> her technical credentials, whatever they may be, gives her no special
> insight over the rest of us into the purely political issues here.

  Fascinating to think that Denning's technical and political credentials
are approximately on a par with many of our own.  I suppose we sound just
as silly as she does, just as often...    ;-)
                                                 -- Jay Freeman





From sergey at delbruck.pharm.sunysb.edu  Mon Feb 28 15:32:45 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Mon, 28 Feb 94 15:32:45 PST
Subject: standard for stegonography?
In-Reply-To: <9402282245.AA27627@acacia.itd.uts.EDU.AU>
Message-ID: <Pine.3.89.9402281853.A11533-0100000@delbruck.pharm.sunysb.edu>




On Tue, 1 Mar 1994, Matthew Gream wrote:

> Earlier, Sergey Goldgaber wrote:
> 
> > Didn't you mention something along the lines of hiding "---BEGIN PGP" headers
> > by using one-time pad encryption?  Or did I wildly misinterpret you?
> 
> No. I said that, and I was referring to the case where you have a particular
> stegonographic technique such as pixel modulation, it could be an idea to
> place an encrypted header using something like IDEA in CFB that not only
> encrypts a signature but an identifier so as to know which program actually
             ^^^^^^^^^
You were originally referring to PGP in particular, were you not?

> did the stego, and hence be able to demodulate with that particular 
> technique. Therefore if you had seperate programs, each could interoperate.
> 

Yes, I understand that your proposal is compatible with a variety of other 
schemes.  However, as you note below, this provides very limited security, 
unless the key is _non_standardized.

> Even though the essense of stego is to not know a message is hidden in a
> particular medium, whenever specific software comes out to do certain stego
> (jpegs etc), I can see NSA spooks adding it onto their short list of s/ware
> to run across any pictures they get. Stego becomes sort of pseudo-Stego and
> loses a certain amount of gain it once had (of course, if all you do is
> Stego an encrypted file without any structure, it'll be safe).
> 

"Pseudo-Stego" can be relatively secure as long as a large number of 
different hiding schemes/standards are used by the public.  An effective 
means of ensuring this would be to use the reciever's public-key 
checksum-value as the standard offset for stego.  The large number of 
public-keys available make it rather infeasable for one's opponents to try 
them all.  This, I believe, provides pretty adequate security (assuming one 
strips any telltale headers off the hidden file beforehand).

> My 5c.
> 
> Matthew.
> -- 
> Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
> PGPMail and brown paperbags accepted. - Non Servatum -
>   ''weirdo's make the world go around'' - A.Watts
> 






From sdw at meaddata.com  Mon Feb 28 15:52:34 1994
From: sdw at meaddata.com (Stephen Williams)
Date: Mon, 28 Feb 94 15:52:34 PST
Subject: CM:
Message-ID: <9402282353.AA28436@jungle.meaddata.com>






From plaz at netcom.com  Mon Feb 28 16:00:54 1994
From: plaz at netcom.com (Plaz)
Date: Mon, 28 Feb 94 16:00:54 PST
Subject: standard for stegonography?
Message-ID: <199403010001.QAA18620@mail.netcom.com>


<Sorry this post was supposed to go to the whole list yesterday. I forgot
to redirect to cypherpunks, oh well.>

Derek Lynn Upham replies to Jef Poskanzer:
>> Is there a standard for stego yet?  I just added stego and de-stego
>> filters to my pbmplus image toolkit, using a simple protocol I made
>> up on the spot.  Now I'm wondering if I should make them compatible
>> with existing stego tools.
>
>There appear to be two existing steganography packages for images.
>One is "jsteg", a Unix-based system which stores data in JFIF-
>compliant JPEG images; it is based on version 4 of the cjpeg/djpeg
>package.  The other is "Stego", a Mac-based system which stores data
>in Mac PICT files (I think---I don't have a Mac to examine it).
>
>"jsteg" is available in the Cypherpunks FTP archive in the
>applications subdirectory as the original jpegsrc package, plus the
>patches, plus a README file.  However, you might be better off
>tracking down the "Stego" sources since "jsteg" stores its data in a
>rather odd way (see the docs for more information).
>
>Derek

jsteg's stores it's data based on the compression algorithm and is tied
tothe format (jpeg, which is a lossy compression format).

Stego (which I contributed to and consulted on) actually has a relatively
format independant way of storing the data in the picture. Stego was
written by Romana Machado (romana at apple.com) Check out the article in the
latest WIRED (p. 26?) and the soon to be released (any day now) bOING
bOING.

Quoted from the stego readme:

>Stego rasterizes the image, then stegs data into the least
>significant bit (or LSB) of each of the RGB color values. (In the
>case of indexed color, Stego stegs data into the LSB of the index
>values.) The file length of the data file to be stegged is hidden
>in the LSB's of the first 32 steggable bytes. To disguise this
>value somewhat, I take the second to least significant bits of the
>second 32 steggable bytes and XOR these with the 32 bit file
>length, and then steg the XOR'd file length into the LSB's of the
>first 32 steggable bytes.

Source isn't really necc., but if you feel you MUST have it: contact
romana at apple.com.










From mgream at acacia.itd.uts.edu.au  Mon Feb 28 16:11:23 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Mon, 28 Feb 94 16:11:23 PST
Subject: standard for stegonography?
In-Reply-To: <Pine.3.89.9402281853.A11533-0100000@delbruck.pharm.sunysb.edu>
Message-ID: <9403010008.AA29116@acacia.itd.uts.EDU.AU>


Earlier, Sergey Goldgaber wrote:

> > encrypts a signature but an identifier so as to know which program actually
>              ^^^^^^^^^
> You were originally referring to PGP in particular, were you not?

Nope.

> Yes, I understand that your proposal is compatible with a variety of other 
> schemes.  However, as you note below, this provides very limited security, 
> unless the key is _non_standardized.

What do you mean by non-standardised ?

> "Pseudo-Stego" can be relatively secure as long as a large number of 
> different hiding schemes/standards are used by the public.  

This is limited by the availability of software and the inherent qualities
medium being used to carry the hidden information. In any case, if the
modulation method(s) is/are public, it by itself can't be used to provide 
any means of security.

> An effective means of ensuring this would be to use the reciever's 
> public-key checksum-value as the standard offset for stego.  The large 
> number of public-keys available make it rather infeasable for one's 
> opponents to try them all.  This, I believe, provides pretty adequate 
> security (assuming one strips any telltale headers off the hidden file 
> beforehand).

As for offset, do you mean that the public-key checksum value determines
how much prepended 'garbage' to skip over before the real stego data 
becomes available ? This still doesn't work, because it means not only a
lot of wasted bandwidth, but makes it a requirement to have a public-key
in the first place -- any unnecessary tie in. All you want is a quick
means to determine whether data has been modulated into the medium, and 
if it has by what particular item of software. This needs to be hidden
by some means (eg (cheaply) : s/ware_id + sigma(i=0-n) passwd[i] + csum)
and, as you say, the information itself needs to be unstructured.

Therefore, you can pull pictures off alt.binaries.pictures.contemporary,
run it though something w/ a password "russian_mole" and see whether your
software says "I see this looks like it has a file created by program
#s/ware_id, let me extract it".

Matthew.
-- 
Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
PGPMail and brown paperbags accepted. - Non Servatum -
  ''weirdo's make the world go around'' - A.Watts





From eileen at photon.poly.edu  Mon Feb 28 14:41:39 1994
From: eileen at photon.poly.edu (Eileen Tronolone)
Date: Mon, 28 Feb 1994 17:41:39 -0500 (EST)
Subject: lists of U.S. cypherpunks and tentacles (fwd)
In-Reply-To: <9402270707.AA25402@prism.poly.edu> from "Arsen Ray Arachelian" at Feb 27, 94 02:07:58 am
Message-ID: <9402282241.AA18851@photon.poly.edu>

Also Sprach Arsen Ray Arachelian:
> 
> I thought you might get a kick out of this one:
> 
> > Tentacle at medusa.conspiracy.org wrote:
> > 
> > >> Does there exist lists of Tentacles and CypherPunks who
> > >> are U.S. citizens with U.S. email addresses?

ROTFL!!!!!!!!!!!!

(A filk to "Baby Face!)

tentacle, you've got the cutest little tentacle
I ate some stamps and now my life's not dull, tentacle
you're an anarchist medusa
I use crypto to confuse ya
tentacle!
your headers bouncing through my sendmail-dot-c-f!
we do not see your puss
'cos you're anon-y-mous
with your little tentacle!

tentacle, you've got the cutest little tentacle
in fact I see you've got your hands quite full, tentacle
as the newsgroups I see you fill
I would hate to get your phone bill
tentacle!
typing on fifteen keyboards, seen in 50 states!
Rick Wakeman envies you!
Wave hi to Elvis too,
with your little tentacle!

feel free to repost to crypto-toads/alt.filk or whatever that is! >;-7


-- 
Eileen Tronolone       | internet: eileen at photon.poly.edu   | EARTH
System Administrator   | usenet: redsonja at olias.linet.org   | JUICE!
Polytechnic University | voice: (718) 260-3846              |   -- RTF
Brooklyn, NY 11201     | Self possession is 9/10 of the law.|





From joshua at cae.retix.com  Mon Feb 28 17:54:44 1994
From: joshua at cae.retix.com (joshua geller)
Date: Mon, 28 Feb 94 17:54:44 PST
Subject: ditz in office
Message-ID: <199403010153.RAA01268@sleepy.retix.com>



mike writes:
>someone else writes: 
>>someone yet else writes:

>> >now i wish i had not voted for the ditz in office.

>> I wish everyone who voted either Republican or Democrat instead of
>> Libertarian because they didn't want their vote to be wasted would take a
>> moment to consider how their vote would have meant any less if they had
>> voted for Andre Marrou and Nancy Lord in '92.

>I'm still reasonably satisfied to have voted for Clinton. I don't think
>any of this stuff would have been any different if any other candidate had
>been elected.

I second that, but I didn't vote for clinton, I voted against
bush. I never (or very rarely) vote for anyone; I decide which
candidate that is likely to win I dislike most and vote for whoever 
is likeliest to beat them. a vote for anyone else is usually a vote
for the one I don't want to win. 

if clinton had been the one I disliked more than bush I would have
voted for bush, not perot.

if the republicans can manage to field someone I dislike less than
clinton in 96, I will vote for them. with his attacks on privacy 
and the second amendment, my dislike for clinton goes up every day.

josh





From blancw at microsoft.com  Mon Feb 28 18:42:38 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 28 Feb 94 18:42:38 PST
Subject: ditz in office
Message-ID: <9403010243.AA23539@netmail2.microsoft.com>


Why do you think that there would have been no difference?   Do you not 
belive that Andre/Nancy (or any other Libertarian types) would *not* 
have taken a different stance towards:  take your pick, but relevant to 
cypherpunks, about Clipper & the other surveillance plans?

Blanc
----------
From: Mike Godwin  <netmail!mnemonic at eff.org>
To:  <cypherpunks-errors at toad.com>
Cc:  <cypherpunks at toad.com>
Subject: Re: ditz in office
Date: Monday, February 28, 1994 5:19PM


> >now i wish i had not voted for the ditz in office.
>
> I wish everyone who voted either Republican or Democrat instead of
> Libertarian because they didn't want their vote to be wasted would take a
> moment to consider how their vote would have meant any less if they had
> voted for Andre Marrou and Nancy Lord in '92.

I'm still reasonably satisfied to have voted for Clinton. I don't think
any of this stuff would have been any different if any other candidate had
been elected.


--Mike








From rpowers at panix.com  Mon Feb 28 19:25:52 1994
From: rpowers at panix.com (Wrongway)
Date: Mon, 28 Feb 94 19:25:52 PST
Subject: Clipper and Entrapment!
In-Reply-To: <Pine.3.89.9402281546.D1717-0100000@whitman.ccs.itd.umich.edu>
Message-ID: <199403010325.AA26581@panix2.panix.com>


Jonathan Scott Mallin wrote:

>I am not saying that I believe this argument.. it is, however, one that 
>can be made.

No, it isn't.  Entrapment isn't simply a matter of law enforcement
having something to do with a crime.  In order to use entrapment as a
defense you would have to prove that the cops went to extraordinary
measures to get you to commit a crime that you wouldn't have committed
anyway.  You'd have to prove that you had no tendency towards the type
of crime and/or that you wouldn't have had opportunity to commit it.

-- 
____
\bi/     Richard Powers
 \/     rpowers at panix.com




From mnemonic at eff.org  Mon Feb 28 19:26:27 1994
From: mnemonic at eff.org (Mike Godwin)
Date: Mon, 28 Feb 94 19:26:27 PST
Subject: ditz in office
In-Reply-To: <9403010243.AA23539@netmail2.microsoft.com>
Message-ID: <199403010326.WAA02995@eff.org>


 
Blanc Weber writes:

> Why do you think that there would have been no difference?   Do you not 
> belive that Andre/Nancy (or any other Libertarian types) would *not* 
> have taken a different stance towards:  take your pick, but relevant to 
> cypherpunks, about Clipper & the other surveillance plans?

I think DOJ, FBI, and NSA would have proceeded in exactly the same way,
regardless of who was in the White House. They would have gone straight to
Congress if necessary.


--Mike







From arthurc at crl.com  Mon Feb 28 19:27:22 1994
From: arthurc at crl.com (Arthur Chandler)
Date: Mon, 28 Feb 94 19:27:22 PST
Subject: Anonymous Remailing Revisited
Message-ID: <Pine.3.87.9402281937.A5791-0100000@crl.crl.com>



This is from RISKS Digest:
                     *******************

Quoting from the Feb. 24 News-Gazette of Champaign-Urbana, Illinois:

"UI student arrested for e-mail threat to Clinton"

     URBANA -- A University of Illinois student has been arrested for
threatening the life of President Clinton, U.S. Attorney Frances Hulin
announced today.
     Christopher James Reincke, 18, of Townsend Hall, Urbana, allegedly
sent an electronic mail message to the White House on Dec. 4 threatening
Clinton, Hulin stated in a press release.
     The message read: "I am curious, Bill, how would you feel about being
the first president to be killed on the same day as his wife ...  It would
be best, I think, to not continue with your immediate plans.  Perhaps a
vacation.  You will die soon.  You can run, but you cannot hide."
     The message was signed "Overlord" and purported to be from
"Allmighty at Never.Gonna.Catch.Me."
     Reincke appeared before U.S. District Judge Harold A. Baker in
Danville today and was released on his own recognizance.
     Hulin said the charge resulted from an investigation by the Secret
Service and the UI police.
     Investigators determined the message originated at the UI, and a
computer trace identified Reincke as the apparent author, Hulin said.
     While being questioned by agents, Reincke admitted he had sent the
message, according to the press release.










]











From sergey at delbruck.pharm.sunysb.edu  Mon Feb 28 19:36:20 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Mon, 28 Feb 94 19:36:20 PST
Subject: standard for stegonography?
In-Reply-To: <9403010008.AA29116@acacia.itd.uts.EDU.AU>
Message-ID: <Pine.3.89.9402281940.B11533-0100000@delbruck.pharm.sunysb.edu>




On Tue, 1 Mar 1994, Matthew Gream wrote:

> Earlier, Sergey Goldgaber wrote:
>
> > You were originally referring to PGP in particular, were you not?
> 
> Nope.
> 

In that case, I retract my statements.  Sorry, I was under the impression 
that you were.

> What do you mean by non-standardised ?
> 

In your message you made a proposal to the effect of implementing a 
stegonagraphy standard whereby a standard header is encrypted.  I 
thought you were implying that the key should be constant for that 
stegonagraphy program.  I simply noted that security would be limited if 
this were the case.  Using a new key every time one encrypted would be an 
example of what I meant by a "non-standardized" key.

> > "Pseudo-Stego" can be relatively secure as long as a large number of 
> > different hiding schemes/standards are used by the public.  
> 
> This is limited by the availability of software and the inherent qualities
> [of the] medium being used to carry the hidden information. 

Of course.  Most everything computer related is limited by those same 
factors.

> In any case, if the modulation method(s) is/are public, it by itself can't 
> be used to provide any means of security.
> 

I disagree.  If a great number of methods are available, using one will 
provide some measure of security, regardless whether or not it is public.
Only in the case where the _exact_ (public) method and _exact_ (public) key 
one has used is known to one's opponents that there is some loss of 
security.  Knowing a hundred different methods and tens of thousands of 
different keys doesn't get one's opponents anywhere.
 
> As for offset, do you mean that the public-key checksum value determines
> how much prepended 'garbage' to skip over before the real stego data 
> becomes available ? 

Yes.  And, the great variety of different offsets made available through 
the use of public-key checksum-values provide the increase in security.  
Of course, for the greatest security no standard whatsoever should be used.

> This still doesn't work, because it means not only a lot of wasted 
> bandwidth,

Wasted bandwidth does not a poor method make!

> but makes it a requirement to have a public-key
> in the first place -- any unnecessary tie in. 

The method I outlined does indeed require a public-key.  Using the method 
is, as you have pointed out, not necessary.  You have not, however, shown 
why you believe the method doesn't work.  You have simply outlined what 
you _don't_like_ about the method.

> All you want is a quick
> means to determine whether data has been modulated into the medium, and 
> if it has by what particular item of software. 

Ah!  This is where we don't see eye to eye.  I believe that the purpose 
of stegonagraphy is to hide data.  Having "a quick means to determine 
whether data has been modulated into the medium, and if it has by what 
particular item of software" is a detriment to that effect.

We were speaking of standards, however.  Thus my proposal to offset data 
by the checksum-value of the reciever's public-key.  If one must use a 
standard of any kind this one would, I believe, provides enough variation 
for moderate security.  Please note that this standard, and the one 
you've presented are not mutually exclusive.

I simply believe that a standard stego-function which hides the data in a 
constant location makes for a poor stego-function.  That's where my 
proposal comes in.

> This needs to be hidden

If the information that informs one that something is hidden in the media 
is itself hidden, how can it be a means to determine if something is 
hidden?  How would you determine if there is information that informs 
one that something is hidden in the media, hidden in the media?  
See the problem?  Your whole purpose is cancelled out by your method.

Fortunately, there is no need for this convention.  One would have 
determined that there is at least a possibility of data having been hidden 
in the medium before one attempted to use a de-steg function anyway.

> by some means (eg (cheaply) : s/ware_id + sigma(i=0-n) passwd[i] + csum)
> and, as you say, the information itself needs to be unstructured.
> 

As long as you're proposing header encryption via IDEA, why not consider 
doing the same to the whole file?  It would increase security.  There are 
objections to be levied against any non-public-key system, however. 
Namely:

That it would require either:

  1 - A standard password (SEE ABOVE).

or

  2 - Dissemation of the password through secure channels.

So that this question may be asked: if you have secure channels, why do you 
need encryption?

> Therefore, you can pull pictures off alt.binaries.pictures.contemporary,
> run it though something w/ a password "russian_mole" and see whether your
> software says "I see this looks like it has a file created by program
> #s/ware_id, let me extract it". 

It would be even easier to get the same picture and run it through your 
stego software which would look at your public-key and extract the file 
automatically.  This would be pretty secure, easy to use, and require no 
secure channels!


Sergey







From joshua at cae.retix.com  Mon Feb 28 20:09:50 1994
From: joshua at cae.retix.com (joshua geller)
Date: Mon, 28 Feb 94 20:09:50 PST
Subject: ditz in office
Message-ID: <199403010408.UAA01291@sleepy.retix.com>



blanc writes (in response to mike godwin):
>Why do you think that there would have been no difference?   Do you not 
>belive that Andre/Nancy (or any other Libertarian types) would *not* 
>have taken a different stance towards:  take your pick, but relevant to 
>cypherpunks, about Clipper & the other surveillance plans?

they didn't have a chance of winning though. both republicans and
democrats screw you, just in slightly different ways. it was time
to give the one orifice a rest.

josh





From sergey at delbruck.pharm.sunysb.edu  Mon Feb 28 20:25:16 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Mon, 28 Feb 94 20:25:16 PST
Subject: standard for stegonography?????!!!!??
In-Reply-To: <9402282245.AA05746@prism.poly.edu>
Message-ID: <Pine.3.89.9402282226.C11533-0100000@delbruck.pharm.sunysb.edu>



On Mon, 28 Feb 1994, Arsen Ray Arachelian wrote:

> Guys, I thought the whole point of stego was to hide the fact that
> you're hiding data in a file.  Having a "standard" for this is
> a bad idea i the sense that if you have a standard, you make it
> that much easier for the bad guys to intercept and find what
> you are trying to hide!
> 

That is correct.  The standard should be to have no standard!  :)
But, if you must have a standard, some variability would help.  I outlined
a "variable standard" in another recent message in this thread.

A fictional example of a legitimate need for standardization and a possible 
solution follows:


  Feb. 1998

  Jack and Jill are both readers of cypherpunks and long-time users of PGP.
"Stealth PGP" and "Stego+" have become very popular.  Unfortunately, 
Clipper is a legal necessity for all computer communication.  

  Jack wants to send Jill a _truely_ private message.  Using only Clipper is 
not an option; neither is "Stealth PGP", on its own; as, meerly owning 
non-Clipper encrypted files has recently been successfully used as grounds 
for search warrants, equipment confiscations, and miscellaneous court 
sanctions.

  Luckily, it has become particularly popular to use "Stealth 
PGP" in combination with "Stego+" to hide messages in PictureCD files.  
Knowledgeable users regularly scan alt.videos.binaries.misc for messages.  
Although Jack would like additional security that he would obtain from 
using a non-standard stegonagraphy program, this is his first message to 
Jill.  He can not simply send plain-text email to Jill telling her to use 
the new "SuperStego", for obvious reasons.

  Jack therefore uses the standard, relatively secure, method and 
sends the message via "Stealth PGP" & "Stego+" in TEST.CD on 
alt.videos.binaries.misc; thereby evading the ClipperCops.



Sergey







From qjones at infi.net  Mon Feb 28 20:38:24 1994
From: qjones at infi.net (Wayne Q Jones)
Date: Mon, 28 Feb 94 20:38:24 PST
Subject: I have FOIA'd the Clipper Key Escrow databases
In-Reply-To: <9402280438.AA25081@anchor.ho.att.com>
Message-ID: <Pine.3.89.9402282307.A4522-0100000@larry>


I used to work for the govt and I could classify anything by just writing 
either secret confidential of Foyes. It doesnt take much to classify.
As an EE in ECM plexing noise is easy. Decrypting just takes the Massives
a few hours longer. I just work for a living ,Ithink for myself.
Wayne

On Sun, 27 Feb 1994 wcs at anchor.ho.att.com wr
> Steve Bellovin writes:
> > Good strategy.  I still wonder if the decrypted keys are (all) classified,
> > while the encrypted ones aren't.  After all, the local cops' magic decoder
> > boxes can strip off that layer of encryption (as, of course, anyone
> > who steals one of those boxes or bribes a local cop).
> 
> I'm puzzled by the applicability of "classification" here.
> The NSA can classify stuff, since they're part of the military,
> and a few other government agencies can (State Dept., I think?),
> but are NIST and Treasury able to do so?  (Assuming, of course,  that we
> maintain the charade that the NIST and NSA are separate for crypto purposes.)
> I don't think they can, and if they could, they wouldn't be able to give
> any of the classified stuff to regular local cops.
> If things become classified by the NSA handling them at key-setting time,
> then they can't give them to the so-called escrow agencies,
> or if they do, those agencies can't give them to uncleared people.
> 
> Perhaps the NSA's secret backdoor mechanisms in the key-setting process
> are classified, since the nation would feel very insecure if they knew
> about them, but that's a separate issue.
> 
> Keys for batches of chips the NSA burns for use by Defense Department users
> are a different story, and probably have a different Family Key
> than civilian-wiretapping keys, but they're probably handled under
> entirely different rules anyway.
> 
> > Anyway, I hope the idea works, or at least drives them a bit crazy...
> 
> 
> 		Bill
> 

****************************************************************************
*  Qjones at infi.net               So I'm a dog...what else is new?          *
*  Qjones at larry.wyvern.com        Quote from life and times of a man        *
****************************************************************************






From rcain at netcom.com  Mon Feb 28 21:01:46 1994
From: rcain at netcom.com (Robert Cain)
Date: Mon, 28 Feb 94 21:01:46 PST
Subject: Denning
Message-ID: <199403010502.VAA19105@mail.netcom.com>



Ron Rivest sez:
> 
> Hi Dorothy --

Fine till here.  :-)

> 
> Thanks for sending me a copy of your editorial.  But I find the
> reasoning you present misleading and unpersuasive.

I found it subtle and persuasive.

> 
> First, you argue that the clipper chip will be a useful law
> enforcement tool.  Given the small number of currently authorized
> wiretaps per year (under 1000) and the ease of using alternative
> encryption technology or superencryption, it seems plausible to me
> that law enforcement could expect at most ten "successful" clipper
> wiretaps per year.  This is a pretty marginal basis for claiming that
> clipper will "block crime".

We agree here.  Unless the use of other, harder methods are explicitly
denied Clipper makes no sense at all.  It is too easy to compete with.
Just come up with something cheaper that doesn't require escrow and
sell the thing.  Poof Clipper.  Clipper is alive I think for other
reasons.

The obvious conjecture is the ratio of unauthorized to authorized
wiretaps each year.  It is not the authorized ones that has the various
intelligence gathering orgainizations worried.  At best it can be a
conjecture but I am certainly of the belief that if LE or NS wanted to
find a reason to nail one for something, his phone, tap authorized or
not, would lead them right to it.  Thus I think that wiretaps are far
more prevalent than we can know because it is too easy to use them in a
"transparent way".

This is one reason why, I believe, that we can't be told the importance
of this, as Dr. Denning states.  That would reveal it's usage as well
as its effectiveness.  A lot of people would not like the numbers.

One reason for the Clipper is to give the public an alernative it
could live with which would not allow what is perceived as excess if
run properly but still be available to protect them in warented cases.

> 
> Second, you seem to believe that anything that will "block crime" must
> therefore be a "good thing" and should therefore be adopted.  This is
> not true, even if it is not subject to government abuse.  For example,
> a system that could turn any telephone (even when on-hook) into an
> authorized listening microphone might help law enforcement, but would
> be unacceptable to almost all Americans. 

This analogy has power because the whole question now really becomes
what level of intrusion is acceptable.  Only a judgement call here
based on personal politics is possible, I am afraid.

> As another example, tatooing
> a person's social security number on his or her buttocks might help
> law enforcement, but would also be objectionable.

Aw, C'mon, out of the ballpark and right of right field.  :-)

> Or, you could
> require all citizens to wear a bracelet that could be remotely queried
> (electronically, and only when authorized) to return the location of
> that citizen.

This, as above, is a level of intrusion decision.

> There are all kinds of wonderfully stupid things one
> could do with modern technology that could "help" law enforcement.
> But merely being of assistance to law enforcement doesn't make a
> proposal a good thing; many such ideas are objectionable and
> unacceptable because of the unreasonably large cost/benefit ratio 
> (real or psychological cost).

Hmmm, this one has me paused.  Back again.  Ok, what is the cost
benefit ratio?  I want to be pragmatic about this and hopefully not
ideological but it will probably sound simply paranoid.  The benefit is
that we citizens of the world now gain the abiblity to be in the same
room together, for any intent or purpose, wherever we might be in
the world.  The cost of this ability remains to be seen but Dr.
Denning believes it to be very high.  It is certainly revolutionary
in every sense of the word.  :-)

The benefit to business is obvious, yawn, and to illicit lovers, hmmm,
but to the average person, personal security could be used as an
argument for giving up personal privacy so long as it was sufficiently
hard to invade that privacy (which it obviously isn't now.)

> The clipper proposal, in
> my opinion, is of exactly this nature.

Perhaps, but for another reason.  It is now just too plain easy to make
an alternative box with real security which is capable of Clipper
piggyback that it makes any sense to have Clipper at all unless the
other shoe drops which all babblings so far say won't.  Unless other
forms are outlawed, Clipper has a decidedly short lifetime.  If other
forms are outlawed, only outlaws will have them, and have them they
will.  If the Blue Boxes of the '60s and '70's could be blue marketed
for fair sums,  imagine the black market in easy to use Black Boxes.

> 
> Third, you seem unnecessarily polly-annish about our government and the
> potential for abuse.  The clipper proposal places all trust for its
> management within the executive branch; a corrupt president could
> direct that it be used for inappropriate purposes.

Agreed.  A better escrow method involving at least two of the branches
would be preferable.  Pretty hard to involve congress so that leaves
the judiciary and the executive.  Something could be made to work here
I think.

> The unspecified
> nature of many of the associated procedures leaves much room to
> speculate that there are "holes" that could be exploited by government
> officials to abuse the rights of American citizens.  Even if the
> proposal were modified to split the trust among the various branches
> of government, one might still reasonably worry about possible abuse.

Yes, but it sure helps.  If the judiciary holds one half and only will
combine it with the other if *it* makes the decision to allow the tap
then we would seem to have a system that works the way that many want.

Abuse is possible of any system that man creates and this one is not
immune by any means but it could be made very difficult.

> Merely because you've met the current set of representatives of
> various agencies, and feel you can trust them, doesn't mean that such
> trust can be warranted in their successors.  One should build in
> institutional checks and balances that overcome occasional moral
> lapses in one or more office holders.

My hope would be that the judiciary act as the throtle or governer
of government that it was designed to be.  Granted one can argue
at length as to how well it has remained detached and fulfilled that
role but it is still the best alternative.

> 
> Fourth, your discussion of "searching your home and seizing your
> papers" is misleading.  You seem to imply that because law enforcement
> can be issued a warrant to search your home, that we should adopt
> clipper.  Yet this analogy only makes sense if individuals were
> required to deposit copies of their front door keys with the
> government.  I can build any kind of house I wish (out of steel, for
> example), and put any kind of locks on it, and wire up any kind of
> intrusion detectors on it, etc.  The government, armed with a search
> warrant, is not guaranteed an "easy entry" into my home at all.  The
> appropriate analogical conclusion is that individuals should be able
> to use any kind of encryption they want, and the government should be
> allowed (when authorized, of course) to try and break their
> encryption.

I have absolutely no argument with this in theory.  Ron, it is a very
good defense but for the difference in media.  To ignore the difference
between the medium of a door and the medium of a communications channel
is naive.  If you merely consider them as two forms of communication
your analogy breaks immediately.

> 
> Finally, you argue (elsewhere, not in this editorial) that the decision
> rests in part on "classified" information.  Such an argument only makes
> sense if there is a specific law-enforcement situation that makes such
> classified information timely and relevant.  (E.g., if there was a
> current investigation as to whether the Department of the Treasury had
> been infiltrated by organized crime.)  The use of "classified information"
> is otherwise generally inappropriate in discussing communications policy
> that will last over decades.  

I totally disagree.  To me it is self obvious that if there were
problems that just our knowing would make worse it would be a good
idea that we not know about them.  National security with the vast
dollars spent on the problem understands.  I think this resistance
from Dr. Denning is a function of her gnowing.

I know how unpopular it has become to consider the U.S. government
as anything but idiots but I am not so sure about that.  You here
admit to being of the "punk" thinking.  What if this is an issue
that is beyond the ability of a punk to really know anything about
at all?

> 
> This hardly covers all of the relevant issues, but it covers the
> points that came immediately to mind in reading your editorial...

I look forward to more.  Please include cypherpunks on your Cc: list.
Yeah, you are are guaranteed a volume of bullshit but there are some
smart people there too.

>
> P.S. Feel free to pass along, quote, or otherwise re-distribute this...

You didn't mention respond.  I hope that is ok.  :-)


Peace,

Bob

-- 
Bob Cain    rcain at netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------




From jeremy at crl.com  Mon Feb 28 21:06:14 1994
From: jeremy at crl.com (Jeremy Cooper)
Date: Mon, 28 Feb 94 21:06:14 PST
Subject: your mail
In-Reply-To: <9402281807.AA18357@glia.biostr.washington.edu>
Message-ID: <Pine.3.87.9402282107.A19923-0100000@crl.crl.com>


On Mon, 28 Feb 1994 cowen at glia.biostr.washington.edu wrote:

>  also a few comments.
>  
>  once in place, i could do several things to make it hard to catch me
>  i could write everything i send out in a seperate code, only send snail
>  mail, only talk in person, steal the code keys, take the chip out of all
>  the systems i have access to. and lets see, i could tell you i have a chip
>  that looks liek the clipper chip, that on the first test try works.
>  but it is really a fake, and mass produce it and sell it. without your knowing
>  hey anything is possible.
>

Now why bother going through all the trouble to take out the chip?  Why 
not just leave it in there and send RSA encrypted over your phone line?  
Once they _DO_ decrypt your clipper, they will still have another 
barrier.  Leaving the chip in there does make it a little harder even for 
law enforcement doesn't it? 

                   _  .  _ ___ _  .  _
===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-===
===-|)||| | |\/\/  mud.crl.com 8888 (_) Virtual Bay Area!                -===







From norm at netcom.com  Mon Feb 28 21:23:12 1994
From: norm at netcom.com (Norman Hardy)
Date: Mon, 28 Feb 94 21:23:12 PST
Subject: standard for steganography?
Message-ID: <199403010523.VAA00389@mail.netcom.com>


Has anyone done statistical studies of low bits of pixels or sound samples?
I suspect that they are often far from random. A flat 50% distribution in
the low bits might standout like a sore thumb. I can imagine the the low
bit can be distributed dependently on such things as the next to low bits
or 60 cycle power at the recorder. Some AD converters are known to produce
60% ones or some such.  Like mechanical typewriters, AD systems probably
have there own idiosyncrasies. Given a flat stream of cipher data, there
are techniques to reversably introduce such variations to mimic the biases
of real AD converters without much data expansion.

It is my wild guess and conjecture that with such statistical variation
built in there would be no effective statistical test for a given file
containing hidden messages.







From jdblair at nextsrv.cas.muohio.EDU  Mon Feb 28 21:39:28 1994
From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU)
Date: Mon, 28 Feb 94 21:39:28 PST
Subject: standard for stefonography?
Message-ID: <9403010537.AA08539@ nextsrv.cas.muohio.EDU >


Correct me if I'm wrong, but the "Standard Stego" package that has been 
discussed could operate like the "stealth ocean" ideas that have been 
discussed.  Some sort of hash function defines "random-like" bits to be 
accessed in a consecutive form.  These bits can be located in a hard 
drive full of digitized noise, a jpeg or gif file, a CD, or any other 
large chunk of data.  The access mechanism can be standardized.  Without 
the key string, you don't know which bits are random and which are data.

-john.




From sergey at delbruck.pharm.sunysb.edu  Mon Feb 28 21:56:34 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Mon, 28 Feb 94 21:56:34 PST
Subject: standard for steganography?
In-Reply-To: <199403010523.VAA00389@mail.netcom.com>
Message-ID: <Pine.3.89.9403010051.A12975-0100000@delbruck.pharm.sunysb.edu>




On Mon, 28 Feb 1994, Norman Hardy wrote:

> Has anyone done statistical studies of low bits of pixels or sound samples?
> I suspect that they are often far from random. A flat 50% distribution in
> the low bits might standout like a sore thumb. I can imagine the the low
> bit can be distributed dependently on such things as the next to low bits
> or 60 cycle power at the recorder. Some AD converters are known to produce
> 60% ones or some such.  Like mechanical typewriters, AD systems probably
> have there own idiosyncrasies. Given a flat stream of cipher data, there
> are techniques to reversably introduce such variations to mimic the biases
> of real AD converters without much data expansion.
> 
> It is my wild guess and conjecture that with such statistical variation
> built in there would be no effective statistical test for a given file
> containing hidden messages.
> 
> 

Yes, pure white noise would be anamalous.  I have suggested that one use 
a Mimic function with a "garbage grammar".  Implemented correctly, it should
withstand statistical analysis.

What is an AD converter?  And what are the techniques you speak of that 
mimic those AD converters?


Sergey







From jeremy at crl.com  Mon Feb 28 22:29:40 1994
From: jeremy at crl.com (Jeremy Cooper)
Date: Mon, 28 Feb 94 22:29:40 PST
Subject: standard for stegonography?????!!!!??
In-Reply-To: <9402282245.AA05746@prism.poly.edu>
Message-ID: <Pine.3.87.9402282257.A8890-0100000@crl.crl.com>


On Mon, 28 Feb 1994, Arsen Ray Arachelian wrote:

> The less standard a stego program is, the safer.  Rolling your own
> would probably be the best way to keep the bad guys out of the
> way.   As far as sharing stego'ed stuff, you can 1st send your
> program over with PGP, so the other side also has the same stego program
> you're using...
> 

I agree that standardization is not something you want for stego, but on 
the otherhand, if you can send a PGP message, why bother using stego?
                   _  .  _ ___ _  .  _
===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-===
===-|)||| | |\/\/  mud.crl.com 8888 (_) Virtual Bay Area!                -===







From jeremy at crl.com  Mon Feb 28 22:38:25 1994
From: jeremy at crl.com (Jeremy Cooper)
Date: Mon, 28 Feb 94 22:38:25 PST
Subject: standard for stegonography?
In-Reply-To: <Pine.3.89.9402281853.A11533-0100000@delbruck.pharm.sunysb.edu>
Message-ID: <Pine.3.87.9402282231.A8890-0100000@crl.crl.com>



> 
> "Pseudo-Stego" can be relatively secure as long as a large number of 
> different hiding schemes/standards are used by the public.  An effective 
> means of ensuring this would be to use the reciever's public-key 
> checksum-value as the standard offset for stego.  The large number of 
> public-keys available make it rather infeasable for one's opponents to try 
> them all.  This, I believe, provides pretty adequate security (assuming one 
> strips any telltale headers off the hidden file beforehand).
>

How many possible checksums are there?  If you use a one byte checksum, 
there are only 256 possible combinations right?  Maybe what I am asking 
is, 'How big is the checksum?' 
                   _  .  _ ___ _  .  _
===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-===
===-|)||| | |\/\/  mud.crl.com 8888 (_) Virtual Bay Area!                -===







From sergey at delbruck.pharm.sunysb.edu  Mon Feb 28 22:52:06 1994
From: sergey at delbruck.pharm.sunysb.edu (Sergey Goldgaber)
Date: Mon, 28 Feb 94 22:52:06 PST
Subject: standard for stegonography?
In-Reply-To: <Pine.3.87.9402282231.A8890-0100000@crl.crl.com>
Message-ID: <Pine.3.89.9403010141.B12975-0100000@delbruck.pharm.sunysb.edu>




On Mon, 28 Feb 1994, Jeremy Cooper wrote:
 
> How many possible checksums are there?  If you use a one byte checksum, 
> there are only 256 possible combinations right?  Maybe what I am asking 
> is, 'How big is the checksum?' 

Good question!  Anyone out there know what the practical/secure limit is?


Sergey







From ao27+ at andrew.cmu.edu  Mon Feb 28 23:02:59 1994
From: ao27+ at andrew.cmu.edu (Anthony D Ortenzi)
Date: Mon, 28 Feb 94 23:02:59 PST
Subject: Problems w/ Clipper
Message-ID: <AhQiWA200iV4EDL3A6@andrew.cmu.edu>


I think that in order to cut down on the amount of bickering of the
problems that we have with Clipper, it would be best to sum up a bit.

1)  Most of us are concerned not with our own privacy if other forms of
encryption are not banned.  Many people on this list use PGP, and almost
all of the rest know damned well that they could if they thought that
they had to keep something secret. (not plugging PGP, per se, but using
it as an example because of its relatively large usage among 'punks)

In other words, our problems tend to lie in the fact that the people of
the United States are as a rule, well, not too concerned about the
privacy of their own e-mail, and don't see this as a step towards what
is in the book 1984.  

2) Collectively, we seem to agree that letting the Government into our
lives in such a way as Clipper provides is not necessarily all that
evil, but if we give in a little, they will try to take it all.

Am I right?  (trying to center the discussion)

                                        Anthony Ortenzi
                                        ao27 at andrew.cmu.edu






From mpd at netcom.com  Mon Feb 28 23:03:34 1994
From: mpd at netcom.com (Mike Duvos)
Date: Mon, 28 Feb 94 23:03:34 PST
Subject: Anonymous Remailers Revisited
Message-ID: <199403010704.XAA12131@mail.netcom.com>


Arthur Chandler <arthurc at crl.com> writes:

 > Investigators determined the message originated at the UI, and a
 > computer trace identified Reincke as the apparent author, Hulin
 > said.

Obviously Mr. Reincke did not encrypt his message with PGP and
chain it through the correct number of anonynous remailers. :)

-- 
     Mike Duvos         $    PGP 2.3a Public Key available    $
     mpd at netcom.com     $    via Finger.                      $





From mgream at acacia.itd.uts.edu.au  Mon Feb 28 23:15:34 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Mon, 28 Feb 94 23:15:34 PST
Subject: standard for stegonography?
In-Reply-To: <Pine.3.89.9402281940.B11533-0100000@delbruck.pharm.sunysb.edu>
Message-ID: <9403010717.AA20839@acacia.itd.uts.EDU.AU>



Earlier, Sergey Goldgaber wrote:

> In your message you made a proposal to the effect of implementing a 
> stegonagraphy standard whereby a standard header is encrypted.  I 
> thought you were implying that the key should be constant for that 
> stegonagraphy program.  I simply noted that security would be limited if 
> this were the case.  Using a new key every time one encrypted would be an 
> example of what I meant by a "non-standardized" key.

I did mean the former, yes a standard header, but obviously a user
defined/supplied key -- the system would be worthless otherwise.

> > This still doesn't work, because it means not only a lot of wasted 
> > bandwidth,
> 
> Wasted bandwidth does not a poor method make!

No, but in the case of steganography it does make it an impractical
requirement.

> The method I outlined does indeed require a public-key.  Using the method 
> is, as you have pointed out, not necessary.  You have not, however, shown 
> why you believe the method doesn't work.  You have simply outlined what 
> you _don't_like_ about the method.

No, I outlined two reasons. Firstly, an offset method such as you mention
wastes a lot of bandwidth. Say you take a conservative 16 bits as offset 
(which is already too easy to brute force), there you have up to 64kbit of
potentially wasted bandwidth in a transmission medium that needs as much
as it can get. See for example pixel 'stegging', you'd need exceeding large
pictures just to overcome the offset noise let alone modulate data of any
practical length in. The second reason, which yes can be construed as more
a personal dislike, did regard the prerequistite for a PKCS. In retrospect,
I'll retract that.

> Ah!  This is where we don't see eye to eye.  I believe that the purpose 
> of stegonagraphy is to hide data.  Having "a quick means to determine 
> whether data has been modulated into the medium, and if it has by what 
> particular item of software" is a detriment to that effect.

I agree with the first and foremost as well, steganography is there to
hide data. But by the same token, if the data is hidden, how do you know 
there is any there ? Isn't the idea that _you_ have a quick means to 
determine whether something has been hidden there, else it looks like
harmless information ?

With your method, you're leaving it up to whatever particular information
has been stegged in to have some inherent integrity check. Ie. this would
work if you stegged in PGP data or signed data. But what if you stegged
in something else, how do you know it was stegged data ? All I was
proposing was a method of providing a header encrypted so you _know_ that
what follows is stegged information, that was my original intent.

> If the information that informs one that something is hidden in the media 
> is itself hidden, how can it be a means to determine if something is 
> hidden?  How would you determine if there is information that informs 
> one that something is hidden in the media, hidden in the media?  
> See the problem?  Your whole purpose is cancelled out by your method.

No. You see it works like this. When you go to insert data ('stego it')
into the medium, you prepend some header, but you encrypt the header
under a cipher. This header contains a signature plus other information.
Because it's been encrypted, it looks like junk, it shouldn't be (within
limits of your stego medium) discernable from the original bits that
where there. After that header follows the stegged data.

When someone wants to remove stegged data from the media, they then
pull out a certain number of leading bits using a pre defined steg
method for that media. Those first few bits are decrypted to either
reveal a structured header, in which case you can proceed to remove
the rest of the data, or to reveal junk, in which case there is nothing
there, at least nothing for you.

> As long as you're proposing header encryption via IDEA, why not consider 
> doing the same to the whole file?  It would increase security.  There are 
> objections to be levied against any non-public-key system, however. 

Yes, that would be a good idea too (excuse the pun .. :-).

> So that this question may be asked: if you have secure channels, why do you 
> need encryption?

I have seen this point, and yes, I guess it is a problem. You would need to 
at some stage in the past agree on a key to use. How about changing that
from IDEA to RSA then ?

> It would be even easier to get the same picture and run it through your 
> stego software which would look at your public-key and extract the file 
> automatically.  This would be pretty secure, easy to use, and require no 
> secure channels!

But then why offset in the first place? What is going to be at the offset
that can't be at the front of the file ? If something structured is going
to be at an offset, then it's easily susceptible to being brute force
searched.

Okay, how about giving up using some form of offset and just RSA encrypt
a header with the intended recipients key. To check, you'd get your stego
software to pull out the first 2048 bits and decrypt the first X bits
corresponding to whatever your modulus length is with your private key,
if the result is "*STEGO FOLLOWS*+other", then theres a file there, else
you know nothing exists there (at least not for you ..).

However, this is half hearted because after thinking about it, I've come
to the conclusion that it's probably best if all the software does is
push the bits in and leave it up to Stealth-PGP (or other software) to
provide a means of creating the header and the proceeding data in a way
so that no key-ID's or so on exist. Then you could just
"desteg < art | stealth-pgp > out" and watch Stealth-PGP's exit code.
The desteg software shouldn't attempt to put anything in to identify
the presence of stegged data tho.

Matthew.

-- 
Matthew Gream. ph: (02)-821-2043. M.Gream at uts.edu.au.
PGPMail and brown paperbags accepted. - Non Servatum -
  ''weirdo's make the world go around'' - A.Watts