--- begin forwarded text
Status: U Date: Sun, 27 Jan 2002 10:30:20 -0800 Subject: Crypto Winter (Re: Looking back ten years: Another Cypherpunks failure) From: Tim May <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] <x-flowed>Some thoughtful ideas on the current situation (what I have called "the Crypto Winter"). A few comments: On Saturday, January 26, 2002, at 09:55 PM, Dr. Evil wrote: > We know that some kind of privacy-enhanced payment system has been one > of the long-time c'punk goals, probably for at least ten years. We > know that we are probably further away from having that be a reality > than we were ten years ago. This is excusable; the obstacles are > enormous. You need a lot of people to use it before it's useful, and > there are all kinds of regulatory problems. And there are a whole > list of other problems, too. I somewhat disagree. The obstacles to widespread acceptance (of _anything_) are enormous, but the obstacles to experimental deployment for specialized uses (Napster-like trading, porn, remailer use) are not great at all. Pr0duct Cypher and others got Magic Money/Tacky Tokens/etc. out in what was probably a period of a few months' worth of effort. (PC may have been working for years on it, but this seems likely. Digital cash was the topic and MM/TT appeared during the discussion...circa 1993, IIRC.) "First we change the world" is not a good business model. New technologies and methods often spring out of unforeseen needs and technologies. An interesting Harvard Business School type of study would contrast the long and slow growth of Diner's Club and Carte Blanche versus the effective complete replacement by BankAmericard (later Visa) and MasterCard beginning in the late 1960s. Way too many folks in the crypto/digital cash community are aiming for penetration similar to Visa and Mastercard. It may happen, but not with a) experimental technologies and protocols, b) by planning by a bunch of small companies. A full-scale "launch" by a very large and well-funded company _might_ work, but probably not. (There's that nagging "How do we convince Joe Sixpack to learn to manage keys and to use untraceable forms of digital cash?" A facet of "First we change the world." Bah.) I agree that facing regulatory obstacles head on is a lose, lose, lose. Ain't gonna happen. Even the well-funded launch above would never get approval for "truly untraceable" forms of digital cash. All of the recent trends toward "fighting terrorism," "war on drugs," "currency control," etc. tell us the regulators will never accept untraceable digital cash (even though physical cash is grandfathered in...they will outlaw it when they think they can get away with it). This is presumably why Chaum watered-down his earlier digicash scheme to make it only one-way untraceable/unlinkable. > > One of the other c'punk goals was encryption all over the place. > Seems reasonable, right? This Internet thing was just starting to > take off. Free open-source OSes like Linux were coming out. > Encryption everywhere was well within reach. My guess is that PGP went off the track when it tried to get PGP "integrated" into various platforms and applications. Things were a lot easier when PGP simply took a text file and did things to it. The processed text file could be from a text editor or the "clipboard" (on various platforms) and could then be pasted into or cut out of a mail app, a word processor, etc. A few extra steps, but the "orthogonality" principle was upheld: PGP was just another modification of text, a form of writing. What the user _did_ with the text was up to him and was not of any concern to PGP qua PGP. Alas, the battles to "integrate PGP with Pine" (or with Eudora, or Outlook, or Outlook Express, or Entourage, or ....) and all the crap about "checking signatures" (which is almost never needed for most of us, for reasons discussed many times), and the general "bloat" of providing hooks to various OSes, various mailers, various browsers....it all resulted in the predictable. (What did those 200+ staffers at NAI's PGP division actually _do_? Some have told me that this 200+ figure referred to teh entire crypto tools division. Maybe. But PGP lost a lot when it went corporate and lost its simple focus. More on GPG in a moment...) Here's my own personal situation. Now I don't make a claim to being a software guy (I'll avoid the hateful term "geek"). I like software, I use it, I read about languages and OSes, I like Smalltalk and Lisp/Scheme and suchlike, I have a project brewing on actors/agents and money/instruments, I follow E and capabilities, and so on. But I don't run a Unix box (well, OS X is now a full-fledged Unix box, being based on FreeBSD, OpenBSD, Mach, NeXTStep, etc.). But some years ago PGP just became too difficult to use regularly. I would install 2.0. 2.1,...5.5, 6.1, whatever, and would even buy the "PGP for Personal Privacy" CD-ROM ($40). Then something would break, and PGP plug-ins would no longer work with Eudora or Eudora Pro. Were I doing something _important_ with PGP, I could justify either sticking with an older version of Eudora, an older version of my OS, etc. Digression: Remember that the military spends a lot of money keeping older legacy systems running. And doing the "crypto hygiene" involving key management, limiting access to crypto shacks (on ships, bases), and so on. We "casual" users don't want to spend 5 minutes getting key material out of a vault or safe, plugging in our USB Flash dongles, inserting CD-ROMs, etc., copying encrypted mail across an air gap to a secure machine, etc.....just to decode a PGP-encoded message to read "Hi, Tim, just testing out this really cool thing called PGP! Send me a message back!" Being a casual user, with no real _need_ for crypto (the subversive things I do I do out in the open, by choice), the "bang for the buck" for PGP is just not there. And the seamless integration into mailers and suchlike has not been easy. A further example. I converted all of my main Macs to OS X. Wonderful. Elegant. Powerful. Robust. The best thing I've ever seen in OSes. The Mac-type front-end on a robust Unix (BSD) core, with a Mach kernel and on and on. All of the old NeXTStep/OpenStep tools, and more. Incredible. But no PGP, without major work. What about PGP? The main guru at NAI/PGP tells us that a version of PGP for OS X, presumably with hooks into various mailers (like OS X Mail, based on the NeXTMail app, and Entourage, part of the Microsoft Office X package), is "ready to go." But NAI/PGP has dropped the inexpensive versions, let alone the free versions. (Sidenote: So much for PRZ's anger that Bidzos and RSA had the gall to want $50 for MailSafe and hence PGP needed to be released. The NAI/PGP packages _start_ in price at astronomical levels compared to what so many folks were "outraged" at back around '92-94 when the "free alternative to RSA" was being touted.) Also, NAI/PGP is apparently being shopped around for sale to another company, so they don't want to release the OS X version until things settle out. (I forget which forum I read this in...a search should turn it up for those interested.) What about GPG? Being that OS X is Unix, GPG should compile. It does. And some work on giving it a better front-end and on linking it to OS X Mail has been done. http://www.sente.ch/software/GPGMail/ provides some details. But it's a "hack," they admit, with numerous limitations. (I've got it, and will be trying to make it work.) To make some of the points about limitations, here's what they say about the current release: "Current limitations * GPGMail accepts only one personal PGP key. * GPGMail always uses your default identity and all message receivers addresses as recipients for encryption (To and CC. For security considerations, BCC recipients are not taken in account). * GPGMail does not support PGP keys distribution (following RFC 3156) * GPGMail does not support S/MIME * GPGMail encrypts/signs the whole message, and can decrypt/verify only the whole message. You can not choose which part you want to encrypt. * GPGMail does not support for RFC 1847 encapsulation * Encryption operation cannot be interrupted * You cannot send encrypted messages with BCC recipients. * You cannot forward encrypted messages: encrypted message is used. You need to copy decrypted message into new message. * If Mail cannot deliver the message immediately, it postpones delivery but doesn't prevents you from modifying the message; do NOT modify a signed or encrypted message!!! " [end of quoted comments] And it only works for certain versions of OS X and OS X Mail. Which means I expect it to break in some future evolution, causing me to either stop upgrading my OS and apps or to stop using GPGMail. This has happened many times in the past. Now while I may not be a "software guy" ("geek"), I'm maybe more software geeky than most folks are, even most OS X users. Who will bother with this kind of complexity, this number of bugs and hacks and "won't work with" errors? I've been talking about OS X. Maybe the situation with Windows 2000, Windows ME, Windows XT, etc. is better. For something so simple as what PGP used to be, look at the code bloat, the cruftiness, the complexity. Will Joe Sixpack be installing GPGMail so as to "use crypto everywhere"? Ha. I don't mean for this to sound like a whine. I expect that if I spent a few days reading up on GPG, using the Developer Tools on my OS X distribution disk, playing with GPGMail such as it is, I could get something workable running. But why? Why spend even a few frustrating days just so--for the current software versions!!--I can open the very occasional "Tim, just thought I'd try out PGP!" message. Crypto between servers, a la SWAN, is a more cost-effective way to thwart Big Brother's plans to simply slurp down all Net traffic. Individual crypto rides on top of that, of course, and doesn't interfere. And it has its place as well. But trying to change the world to get more users to encrypt seem like a quixotic crusade. If you're still with me, I'll continue commenting on Dr. Evil's remarks: > > And guess what, that goal was _almost_ achieved, except in two places, > which I am calling the Great Encryption Tabboos (GETs). > > GET #1 is voice encryption over phone lines. Three years after > Starium started, and ten years after c'punks started, you still can't > buy a digital voice encryption device that has trustable crypto in > it. This is also excusable because it encounters some of the same > problems that privacy-enhanced payments encounter, namely overcoming > network effects and dealing with regulators. But you can in fact buy such units. I bought one of the earlier Starium units, as did several other Cypherpunks. 3DES is pretty trustable, from all indications. There are other units, too. Pricey, yeah. Strong crypto has not come down to the $100 cellphone level yet. A matter of "who pays for privacy"? (In both cost per unit, as with the Starium phones, or the complexity of setting up PGP and GPG, as above.) A little birdie told me a few years ago that certain characters looking like they'd be right at home in a "Miami Vice" episode were buying sets of Starium phones. This makes perfect sense. It's not all surprising to me that most Cypherpunks didn't buy Starium phones. > > GET #2 is disk encryption. Yes, it sounds so simple, but it is a > Great Tabboo, and this time there are no excuses. None. You don't > need any network effects. Regulators in the US have little they can > do about it. There are about half a dozen great Open Source OSes to > work on. And yet there is nothing. Disk encryption is built into several of the disk tools packages. Few use them, this is true. (When I was writing my Cyphernomicon in '93-94, there was a section on disk encryption tools out at that time. And yet there was no interest I ever saw at Cypherpunks meetings. If they weren't using the tools, why would Joe Sixpack?) Most people (maybe even many Cypherpunks) don't even do good backups on their disks. Urging them to encrypt their disks seems pointless. (And from a Neo-Calvinist point of view, why bother?) Lastly, the reasons for the "Crypto Winter" are many and various: * boredom the focus on PGP and other "old paradigm" uses. Only so much a hobbyist can do with PGP, except make is cruftier and harder to use. * the surge of interest in 1992-95 was for lots of reasons. We had hundreds of eager students playing with remailers, crypto, Magic Money, data havens. Lots of articles, lots of interest. This waned, for various reasons. Now we get essentially no new students (Dave Molnar was the last notable one I can recall) and there are few if any new projects. * many on the list got jobs in industry, working for RSA/Verisign, NAI/PGP, ZKS, C2Net, Microsoft, etc. Go back at the archives from '92-96, roughly, and match the names up with where they are today. To this extent, we somewhat helped crypto in industry...but at the expense of the exotic ideas and apps. * "crypto is tired." It was premature for "Wired" to write this in, say, the summer of '92, when just several months earlier they'd declared "crypto is wired," but they were always prone to overhyping and overtrashing. But years later it was true. Crypto is now pretty tired. * the war on terrorism, 911, crackdowns on money laundering, the shifting focus to copyright issues (mainly a _legal_ focus, not anything technological)...all of these things have helped to suppress interest and willingness to experiment. * the role of law and lawyers deserves even more mention: way too many of our Cypherpunks meetings over the past few years have involved extensive, and boring, discussions of new laws. I think this causes people to think that law is the way to change things. It's important, but what do _we_ have to contribute? What does having Mindy Cohn or Robin Gross updating us on the DMCA, for example, do for our interests and goals? * some of the recent Cypherpunks meetings have been wastes of time: bored people sitting and saying almost nothing. (I don't think many of them are subscribed to, or contributing to, this list, so they won't be offended!) Will things revive? Hard to say. Maybe it's a time for reflection and consolidation, for working on projects. Maybe it'll take a further expansion of the police state to jar people out of their apathy. --Tim May "Ben Franklin warned us that those who would trade liberty for a little bit of temporary security deserve neither. This is the path we are now racing down, with American flags fluttering."-- Tim May, on events following 9/11/2001 </x-flowed> --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]