Re: [alg] OPT: Re: crypto flaw in secure mail standards (fwd)

[Paul Elliott]

There is another problem, because the clock of a modern computer
can be set to any given time, there is no purely cryptographic
way to be satisfied that a given document existed at a given time,
if you do not trust the computer (and the person controling it)
generating the timestamp.

There is a third party solution to this problem exiting on
the internet. The PGP Digital Timestamping Service at
http://www.itconsult.co.uk/stamper.htm


In the general case, there is no reason to mistrust this third
party, since the service is automated, and does not have time
to scan your timestamp requests to participate in order to comspire
against you. In addition, summaries of timestamp requests are
posted to usenet newgroups, where they are presumably archived
at many archiving sites. Thus if you do carefull checking, the
only way timestamp fraud could work would be if this site, together
with all the usenet archiving sites that you checked, were engaged
in a conspiracy against you. Hopefully, you will think the probablility
of this is small.




-- 
Paul Elliott   1(512)837-9345 1(512)837-1096PGP Digital 
Timestamping Service
[EMAIL PROTECTED]PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/   Austin TX 78758-3117

 PGP signature

OPT: Re: crypto flaw in secure mail standards (fwd)

[Jim Choate]

-- Forwarded message --
Date: 22 Jun 2001 13:27:14 -0400
From: Derek Atkins [EMAIL PROTECTED]
To: Don Davis [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: crypto flaw in secure mail standards

This is not a crypto flaw.  This is an engineering flaw.

First, the timestamp of the message is certainly encoded in the
signature.  This is protection against your first suggested attack.
The recipient, upon verifying the signature, notices that it was made,
e.g., two months previously.  Then one would have to wonder why a
two-month-old message was being sent.

The other obvious problem is that although the sender's identity is
encoded in the message's signature (as well as the time the signature
is purported to be made), the original intended recipient's are not
encoded within the signed portion of the message.  The simple fix
would be to include the appropriate mail headers withing the signed
portion of the message.  In particular, including the 'To' and 'Cc'
fields would immediately protect against both of these attacks.

The problem is not at all with the crypto.  The problem is with the
integration of the crypto with applications like e-mail.

Have a nice day,

-derek

Don Davis [EMAIL PROTECTED] writes:

 All current secure-mail standards specify, as their high-
 security option, a weak use of the public-key sign and encrypt
 operations.  On Thursday the 28th of this month, I'll present
 my findings and my proposed repairs of the protocols, at the
 Usenix Technical Conference here in Boston:
   http://www.usenix.org/events/usenix01/usenix01.pdf
 
 Citation:
 Don Davis, Defective Sign  Encrypt in S/MIME, PKCS#7, MOSS,
 PEM, PGP, and XML.  To appear in Proc. Usenix Tech. Conf. 2001,
 Boston.  June 25-30, 2001.
 
 A short summary:  All current secure-mail standards have a
 significant cryptographic flaw.  There are several standard
 ways to send and read secure e-mail.  The most well-known
 secure mail systems are PGP and S/MIME.  All current public-
 key-based secure-mail standards have this flaw.  Here are some
 examples of the flaw in action:
 
 Suppose Alice and Bob are business partners, and are setting
 up a deal together.  Suppose Alice decides to call off the
 deal, so she sends Bob a secure-mail message: The deal is off.
 Then Bob can get even with Alice:
 
   * Bob waits until Alice has a new deal in the works
 with Charlle;
   * Bob can abuse the secure e-mail protocol to re-encrypt
 and resend Alice's message to Charlie;
   * When Charlie receives Alice's message, he'll believe
 that the mail-security features guarantee that Alice
 sent the message to Charlie.
   * Charlie abandons his deal with Alice.
 
 Suppose instead that Alice  Bob are coworkers.  Alice uses
 secure e-mail to send Bob her sensitive company-internal
 sales plan.  Bob decides to get his rival Alice fired:
 
   * Bob abuses the secure e-mail protocol to re-encrypt and
 resend Alice's sales-plan, with her digital signature,
 to a rival company's salesman Charlie.
   * Charlie brags openly about getting the sales plan from
 Alice.  When he's accused in court of stealing the plan,
 Charlie presents Alice's secure e-mail as evidence of
 his innocence.
 
 Surprisingly, standards-compliant secure-mail clients will
 not detect these attacks.
 
 --
 Abstract
Simple Sign  Encrypt, by itself, is not very secure.
 Cryptographers know this well, but application programmers
 and standards authors still tend to put too much trust
 in simple Sign-and-Encrypt.  In fact, every secure e-mail
 protocol, old and new, has codified na=EFve Sign  Encrypt
 as acceptable security practice.  S/MIME, PKCS#7, PGP,
 OpenPGP, PEM, and MOSS all suffer from this flaw.
 Similarly, the secure document protocols PKCS#7, XML-
 Signature, and XML-Encryption suffer from the same flaw.
 Na=EFve Sign  Encrypt appears only in file-security and
 mail-security applications, but this narrow scope is
 becoming more important to the rapidly-growing class
 of commercial users. With file- and mail-encryption
 seeing widespread use, and with flawed encryption in
 play,  we can expect widespread exposures.
 
 In this paper, we analyze the na=EFve Sign  Encrypt flaw,
 we review the defective sign/encrypt standards, and we
 describe a comprehensive set of simple repairs.  The
 various repairs all have a common feature:  when signing
 and encryption are combined, the inner crypto layer must
 somehow depend on the outer layer, so as to reveal any
 tampering with the outer layer.
 
 
 
 Once I've presented the paper, I'll make this link live:
 http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.ps
 
   - don davis, boston
 http://world.std.com/~dtd
 
 
 
 
 
 -
 
 
 
 
 
 
 -
 The Cryptography Mailing List

RE: Ian Grigg's Crypto Fiction Choices

[Trei, Peter]

 From: petro[SMTP:[EMAIL PROTECTED]]
 
 From: Matthew Gaylor [EMAIL PROTECTED]
 Subject: Ian Grigg's Crypto Fiction Choices
 Cc: [EMAIL PROTECTED]
 
 http://www.iang.org/crypto_fiction/
 
 A Fire Upon The Deep
 
   You missed A Deepness in the Sky, written by Vinge, and 
 published in 1999. Crypto plays an important part of the story, and, 
 well, it's Vinge, it's worth a read.
 
... as does privacy, surveillance tech and it's avoidance, etc. Excellent
book.

But

Did you catch the hint that they're running an Unix-descended OS? ...it's
pretty 
well hidden.

Peter Trei

RE: Ian Grigg's Crypto Fiction Choices

[Trei, Peter]

 From: petro[SMTP:[EMAIL PROTECTED]]
 
 From: Matthew Gaylor [EMAIL PROTECTED]
 Subject: Ian Grigg's Crypto Fiction Choices
 Cc: [EMAIL PROTECTED]
 
 http://www.iang.org/crypto_fiction/
 
 A Fire Upon The Deep
 
   You missed A Deepness in the Sky, written by Vinge, and 
 published in 1999. Crypto plays an important part of the story, and, 
 well, it's Vinge, it's worth a read.
 
... as does privacy, surveillance tech and it's avoidance, etc. Excellent
book.

But

Did you catch the hint that they're running an Unix-descended OS? ...it's
pretty 
well hidden.

Peter Trei

RE: Ian Grigg's Crypto Fiction Choices

[Marshall Clow]

  From:   petro[SMTP:[EMAIL PROTECTED]]
 
  From: Matthew Gaylor [EMAIL PROTECTED]
  Subject: Ian Grigg's Crypto Fiction Choices
  Cc: [EMAIL PROTECTED]
  
  http://www.iang.org/crypto_fiction/
 
  A Fire Upon The Deep

  You missed A Deepness in the Sky, written by Vinge, and
 published in 1999. Crypto plays an important part of the story, and,
 well, it's Vinge, it's worth a read.

... as does privacy, surveillance tech and it's avoidance, etc. Excellent
book.

But

Did you catch the hint that they're running an Unix-descended OS? ...it's
pretty well hidden.

The only hint I saw was that the time system was based on number of seconds
from a base time that was almost, but not quite, the same as the first lunar landing.

1/1/1970, anyone?

Excellent book.
-- 
-- Marshall

Marshall Clow Idio Software   mailto:[EMAIL PROTECTED]
Hey! Who messed with my anti-paranoia shot?

Re: Ian Grigg's Crypto Fiction Choices

[petro]

From: Matthew Gaylor [EMAIL PROTECTED]
Subject: Ian Grigg's Crypto Fiction Choices
Cc: [EMAIL PROTECTED]

http://www.iang.org/crypto_fiction/

A Fire Upon The Deep

I think Vernor Vinge would have to be my favourite science fiction 
author, just pipping out Stephenson. A Fire Upon The Deep is a tour 
de force of 90's science fiction.

It actually has very little crypto in it, so it is hard for me to 
award it more than 3 bits of entropy. The main players ship out of a 
port with a third part of a one time pad. The other two parts ship 
via other means - a security precaution.

The one time slice never makes it to its destination, but is used 
later in a last ditch effort to establish comms with the good guys, 
whilst being chased by the bad guys across the universe.

This is not a funny book, but Vinge's humour comes through with a 
single crypto joke which still makes me laugh. To enjoy the joke, 
you'll have to buy the book.

You missed A Deepness in the Sky, written by Vinge, and 
published in 1999. Crypto plays an important part of the story, and, 
well, it's Vinge, it's worth a read.
-- 
--
http://www.apa.org/journals/psp/psp7761121.html
It is one of the essential features of such incompetence that the person so
afflicted is incapable of knowing that he is incompetent. To have such
knowledge would already be to remedy a good portion of the offense.
   

Crypto Survey May 2001 by Markku J. Saarelainen (fwd)

[Jim Choate]

 --


  ...where annual election ends, tyranny begins;

   Thomas Jefferson  Samuel Adams

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-


-- Forwarded message --
Date: Wed, 06 Jun 2001 16:04:37 -0700
From: Markku Saarelainen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Crypto Survey May 2001 by Markku J. Saarelainen




CRYPTO SURVEY MAY 2001

Cryptographic Survey, May 2001, Markku J. Saarelainen

Email: [EMAIL PROTECTED]

 

A SUMMARY CONCLUSION: 

The major societal development since the 1st and 2nd crypto surveys in 1996 and 1997 
has been the removal of many regulatory barriers for open trading of cryptographic 
products in the North America and globally. In addition, the number of cryptographic 
applications and component implementations has increased, while at the same time the 
variety of different types of solutions has risen. This does not necessarily mean the 
wider use of encryption in businesses and personal activities. Many same or similar 
behavioral barriers for the effective utilization of many security solutions still 
exist limiting the protection of communications, data storage and networking. In 
addition, the lack of the interoperability between solutions from different suppliers 
tends to decrease the number of effective cryptography users worldwide. It is clear 
that the awareness for encrypted communication and protected information activities 
has increased, while necessary regulatory changes for protectin!
 g !
entities from security vulnerabilities has enabled cryptographic product suppliers to 
satisfy market requirements in the U.S.A., in the North America and globally. However, 
regulatory and cultural differences exist from one nation or region to another 
creating a global unbalanced situation of the security use, which has the reducing 
effect on security practices and policy implementations of any global entity in 
different regions. This impacts on the interoperability of units of global entities. 
It is likely that there shall be greater competing drives in the information 
technology market place between different security strategies and approaches from 
different software and hardware product and security suppliers.


QUESTION 1. In your opinion, what are the 5-10 most significant applications of 
encryption technologies currently in commercial enterprises? 


1. HTTP over SSL (aka HTTPS) / SSL for credit card processing / SSL / Web-activity 
privacy (SSL)
2. IPsec
3. RSA Secure ID (maybe)
4. Online Credit Card Processing  Financial Transfers
5. VPNs / Virtual Private Networks for widely distributed offices / VPN for remote 
access to Intranet
6. Email encryption (via PGP/GPG or SMIME) / Encrypted Messages / Email Privacy
7. Digital signing authentication of messages
8. Consensus and voting software (not now but give it 5 years)
9. Encrypted file systems for sensitive data
10. Signing software for installation
11. Signing email messages to show official authority
12. Wireless local area network encryption
13. Password protection/access control
14. Data protection
15. Session protection (VPN's)
16. Authentication and authorization / Customer authentication (e.g. PIN checking)
17. Securing B2B file exchange
18. PKI
19. Remote secure teleworking
20. Digital signatures
21. Time-stamping


QUESTION 2. In your opinion, what are 5-10 main barriers currently that may prevent 
the successful implementation and utilization 
of encryption technologies in commercial enterprises? 


1. Ignorance of risks prevents purchase
2. Dishonest portrayal of product (i.e.: false security claims and blatant product 
holes in end-to-end protection) promotes distrust in the whole
industry
3. Most products are a waste of time because they are not a comprehensive solution - 
e.g.: why bother using PGP when there is nothing in any NAI products to protect 
against back-office-style electronic eavesdropping attacks?
4. Many people do not care about cryptography and/or security products
5. Having lived happily without serious protection for a long while, most customers 
believe there is no point retrofitting an expensive solution for a problem they do not 
have (and many of them are probably right...)
6. Lack of knowledge by decision-maker
7. Low

Ian Grigg's Crypto Fiction Choices

[Matthew Gaylor]

From: Matthew Gaylor [EMAIL PROTECTED]
Subject: Ian Grigg's Crypto Fiction Choices
Cc: [EMAIL PROTECTED]

http://www.iang.org/crypto_fiction/


Crypto Fiction

Crypto novels are not that common. It's an esoteric subject that 
remains too small to even justify a niche title. Most of the 
treatments relate to only fringe interests.

There is a bit of a revival in crypto interest within the 90's 
science fiction genre. This can be traced back to authors who are 
influenced by the net, and geographically, it's clear that the main 
stars in this revival hail from or are influenced by the bay area and 
the cypherpunks movement.

For what it's worth, and to generate some commissions for Cryptix, I 
list here some crypto novels I've read. I rate them with bits of 
entropy, as a sort of reverse correlation with relevance. This rating 
isn't necessarily a view that this book is good or bad, just that it 
has a valued combination of readability and cryptology.

If you're looking for a present for that pesky relative that keeps 
asking so, what is it that you do? then you may find the answer 
below.

Cryptonominon

The leading light in the crypto novel scene has to be Cryptonomicon. 
This book, the fourth by trail blazing net author Neal Stephenson, is 
recent, having been published in mid 1999, and remains the only 
financial cryptography novel I have come across.

Cryptonomicon is an achievment, with a deserved 5 random bits of 
entropy, and it will become the novel against which all others are 
compared.

In brief, Randy Waterhouse and his startup companions embark on 
laying fibre around the Phillipines. Whilst building, new 
opportunities arise, chief of which is the combination of a local 
Sultan who wishes to build a data haven, and a rumour of a mountain 
of lost gold.

What lifts this book out of the ordinary, and indeed, camoflages the 
fairly simple plot, is the two intertwined threads separated by two 
generations. Randy's grandfather and a WWII team of crypto scientists 
work on dampening the Axis' ability to detect the Enigma cracks, 
coincidentally laying foundations for Randy's attempts to 
historically decrypt his forbears' trail. This historical story is 
fascinating, it takes the Enigma story well beyond what has been 
covered elsewhere.

The crypto content is superb. Mathematical basies, Turing and his 
bicycle, entropy, ciphers, are all woven into the story in a fashion 
that anyone with high school mathematics could understand.

Cryptonomicon has a deeper underlying significance that most will 
have written off as plot. Along the chase, Randy and his mates 
discover the opportunity of setting up a private currency, nominally 
based on the alleged gold. In crisis-ravaged Asia, where currencies 
fell as systemic failure swept through the banking system, gold- 
backed currencies, issued over the net, and cryptographically 
protected from all attackers, is the perfect entrepot forthe issuance 
of private money.

Recall that private currencies disappeared about a century ago, as 
the newfangled Central Bank idea, born out of Britain, swept the 
civilised world to mark the 20th century as one of government money 
and government inflation. For various reasons which we'll gloss over 
here - read the book - the time of private currencies has come again.

But it was not in the prediction of a new financial world that the 
subtelty of Stephenson's research, and indeed unnamed advisors, 
shows. It is in the fact that the model he presents for a gold-backed 
currency is state of the art, in an art that was forgotten a hundred 
years ago, and indeed was only poorly understood then.

Readers could even be forgiven for accusing the art to be stateless, 
if it wasn't for the existance of at least one tiny Internet private 
currency, backed by gold. It was these guys, the e-gold private 
currency, who airshipped me a copy to read and respond. But there is 
no response possible, as Stephenson got it right. Prospective private 
currency issuers now have a novel that will save them from countless 
mistakes, and I now have an answer to that question, so, what is it 
that you're doing that takes you so far from home?

Enigma

In all the fictional writings of cryptology, the Enigma machine takes 
pride of place. Enigma, is no different, but touches little on the 
machine itself.

Robert Harris, author of Fatherland, presents a story of spies and 
intrigue set amongst the paranoic secrecy of Bletchley Park. Like 
Cryptonomicon, the historical protagonist is a mathematician at the 
core of the code breaking effort.

This story is cryptologically valuable for its description of 
Bletchley Park, even to the workflow and passage of the information 
through the now quaint series of human I/O devices, computers, and 
analysts.

As a novel, it is well written and entirely readable, falling within 
the class of WWII / spies / detectives, and I rate it with 3 bits of 
entropy.

The Last Lieutenant

Corregidor features yet again

crypto

[Results]

Your keyword(s), crypto, was recently spoken on CNBC during Power Lunch.

Tuesday, Jun 5 2001 at 01:50 PM

..but there is a stock that is moving on this news coming out of nevada
bill  with the boys last week joe  crypto logic you know  this is a long way
..

For details, visit
http://www.TVEyes.com/database/expand.asp?ln=3342491Key=crypto

 
Just follow the above link to keep your account active for this keyword. 
For total control of your keywords, go to
http://www.tveyes.com/log_in.asp

Marriott and Renaissance Hotels Help You Stay Connected:  By 2001 almost
every room will have high-speed internet service powered by ATT.  This
means you will have 50 times faster-than-typical Internet connection from
the comfort of your room.  And you get a full day of Internet access for one
low price. Click here to make your reservation and stay connected!
http://by.advertising.com/1/c/23066/9974//13882

a href=http://by.advertising.com/1/c/23066/9974//13882; AOL users click
here /a

crypto

[Results]

Your keyword(s), crypto, was recently spoken on CNBC during Power Lunch.

Tuesday, Jun 5 2001 at 12:48 PM

..being very aggressive with this sell call we re not following any real
order or industry segment here so i will move on to crypto logic company
you will recall ..

For details, visit
http://www.TVEyes.com/database/expand.asp?ln=3342289Key=crypto

 
Just follow the above link to keep your account active for this keyword. 
For total control of your keywords, go to
http://www.tveyes.com/log_in.asp

Marriott and Renaissance Hotels Help You Stay Connected:  By 2001 almost
every room will have high-speed internet service powered by ATT.  This
means you will have 50 times faster-than-typical Internet connection from
the comfort of your room.  And you get a full day of Internet access for one
low price. Click here to make your reservation and stay connected!
http://by.advertising.com/1/c/23066/9974//13882

a href=http://by.advertising.com/1/c/23066/9974//13882; AOL users click
here /a

crypto

[Results]

Your keyword(s), crypto, was recently spoken on CNBC during Power Lunch.

Friday, Jun 1 2001 at 12:00 PM

..universal acquiring the publisher jim paymar covering that for us also
with us ceo of crypto logic on line gambling been a winner ..

For details, visit
http://www.TVEyes.com/database/expand.asp?ln=3332865Key=crypto

 
Just follow the above link to keep your account active for this keyword. 
For total control of your keywords, go to
http://www.tveyes.com/log_in.asp

Marriott and Renaissance Hotels Help You Stay Connected:  By 2001 almost
every room will have high-speed internet service powered by ATT.  This
means you will have 50 times faster-than-typical Internet connection from
the comfort of your room.  And you get a full day of Internet access for one
low price. Click here to make your reservation and stay connected!
http://by.advertising.com/1/c/23066/9974//13882

a href=http://by.advertising.com/1/c/23066/9974//13882; AOL users click
here /a

crypto

[Results]

Your keyword(s), crypto, was recently spoken on CNBC during Power Lunch.

Friday, Jun 1 2001 at 12:26 PM

..averages x then the boys from the dow jones news wires will join us
and we will talk internet game was crypto logic this companies have been on
run ..

For details, visit
http://www.TVEyes.com/database/expand.asp?ln=3332966Key=crypto

 
Just follow the above link to keep your account active for this keyword. 
For total control of your keywords, go to
http://www.tveyes.com/log_in.asp

Marriott and Renaissance Hotels Help You Stay Connected:  By 2001 almost
every room will have high-speed internet service powered by ATT.  This
means you will have 50 times faster-than-typical Internet connection from
the comfort of your room.  And you get a full day of Internet access for one
low price. Click here to make your reservation and stay connected!
http://by.advertising.com/1/c/23066/9974//13882

a href=http://by.advertising.com/1/c/23066/9974//13882; AOL users click
here /a

Crypto Survey

[Markku Saarelainen]

5/23/2001

Dear Encryption Specialist,

this survey is the continuation to two cryptographic surveys in 1996 and 1997. The 
objective is to evaluate the current state of the encryption products and markets of 
these products.

I shall prepare the summary of all received responses and I shall provide this summary 
and any necessary details for all those who responded to the survey. In my analysis, I 
shall also review all received responses with the results from the surveys in 1996 and 
1997.

I would appreciate it greatly, if you reviewed the survey questions below and emailed 
your responses to my email address: [EMAIL PROTECTED] or 
[EMAIL PROTECTED] with the subject line Responses to Crypto Survey - thank you 
very much in advance.

My Wishes,

Markku J. Saarelainen
Sr. Researcher

 

QUESTION 1. In your opinion, what are the 5-10 most significant applications of 
encryption technologies currently in commercial enterprises? 

QUESTION 2. In your opinion, what are 5-10 main barriers currently that may prevent 
the successful implementation and utilization of encryption technologies in commercial 
enterprises? 

QUESTION 3. What are activities and projects that can be initiated and taken to lower 
and reduce above barriers (see the question 2.)? 

 -




Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at 
http://www.eudoramail.com

Re: The Crypto State

[Jim Choate]

On Sun, 22 Apr 2001, Ray Dillinger wrote:

 I have been studying cryptographic protocols for consensus action 
 of late, and I have come to a somewhat startling conclusion.
 
 If a society is sufficiently rich in cryptographic protocols, there 
 is no need for anyone to work for a government.

Holy shit, we agree (at least in major part)...

Note '...no need for anyone to work for a government.' is NOT equivalent
to '...no government.'



The solution lies in the heart of humankind.

  Chris Lawson

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Re: The Crypto State

[Jim Choate]

On Sun, 22 Apr 2001, Ray Dillinger wrote:

 The only sticking point is the exercise of violence -- and even 
 there, it is possible to create a system that issues warrants only 
 when a large number of people agree that it's the right thing to 
 do.  If we posit that an ordinary citizen, if they so desired, 
 could take a police-action warrant and execute it, thereby claiming 
 the 'cash attached to the action, then the last necessary government 
 employee becomes simply a contractor. 

It's cheaper to run a court and a cop than run around trying to tie 'large
number of people' down for every traffic ticket. At some point they've got
to quit worrying about giving 'equal say' (one sort of democracy) and use
'equal representation' (which is another sort all together). We happen to
have a Constitution that through the 1st gives us both (in principle
anyway).



The solution lies in the heart of humankind.

  Chris Lawson

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

The Crypto State

[Ray Dillinger]

I have been studying cryptographic protocols for consensus action 
of late, and I have come to a somewhat startling conclusion.

If a society is sufficiently rich in cryptographic protocols, there 
is no need for anyone to work for a government.

The only sticking point is the exercise of violence -- and even 
there, it is possible to create a system that issues warrants only 
when a large number of people agree that it's the right thing to 
do.  If we posit that an ordinary citizen, if they so desired, 
could take a police-action warrant and execute it, thereby claiming 
the 'cash attached to the action, then the last necessary government 
employee becomes simply a contractor. 

I do not know whether such a society would be more free than 
the society we have now; Protocols also allow the collection of 
taxes, protection of wetlands, and other things unbeloved of 
strict libertarians.  If you speed, or drive on the wrong side 
of the highway, a warrant will issue in seconds only, and then 
the ticket is going to show up on your heads-up display and the 
money for the ticket is going to automatically drain out of 
your bank account.  Maybe there's some kind of general asshole 
ticket that contains the key to remotely kill your engine, 
assembled from several hundred shares held by people your driving 
has pissed off since you bought the car.  Your insurer could 
check the engine, see how many shares of that key are registering 
per month, and guage what to charge you without even necessarily 
knowing your name.  If most of the people believed that ordinary 
citizens shouldn't have guns, then sooner or later, guns would be 
banned.

The point is, people could pick and choose the policies they 
wanted in terms of law and governance, implement them as 
protocols, and run them free of the prejudices, fears, and 
reinterpretations of human officials other than the governed 
themselves.  The kick is that there can even be a protocol for 
changing the set of protocols and enforcing the change against 
holdouts (a variation on the 'byzantine generals' protocol).  

But anyway, my conclusion is that it is possible to get basic 
business taken care of -- whatever 'basic business' means to 
the people living there -- without creating a priveleged 
class or a class 'more equal' than anyone else in the form 
of politicians, judges, etc.  Basically, if the people are 
rich enough in cryptographic protocols, computing power, and 
communications infrastructure, then government employees are 
not necessary. 

I think AP may have contained the germ of this idea; but 
Bell was perhaps too much of a nihilist to develop it in 
this direction, and more bent on destruction than creation.

Bear

Swedish crypto math mailinglist (fwd)

[Jim Choate]

-- Forwarded message --
Date: Thu, 19 Apr 2001 02:16:29 +0200 (CEST)
From: "Bluefish (P.Magnusson)" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Swedish crypto  math mailinglist

Hi I'd like to send announce a new mailinglist:

http://www.ludd.luth.se/~bluefish/ciphermath/

Basicly it is a swedish mailinglist where anything which is math or
cryptography is on topic. The list is very new and have few subscribers,
so feel free to change that... Currently there have been some mails
regarding designing cryptographic open source hardware blocks in VHDL,
which I plan to participate in this summer, and some rather basic math.




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]



The ultimate authority...resides in the people alone.

 James Madison

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

crypto

[Results]

Your keyword(s), crypto, was recently spoken on FNC during Hannity  Colmes.

Tuesday, Apr 3 2001 at 09:05 PM

..ditch the plane and pitch all the equipment crews are extremely well
trained in this regard taking all the crypto gear shredding it  ripping it
apart ..

For details, visit
http://www.TVEyes.com/database/expand.asp?ln=3157835Key=crypto

 
Just follow the above link to keep your account active for this keyword. 
For total control of your keywords, go to
http://www.tveyes.com/log_in.asp

Marriott and Renaissance Hotels Help You Stay Connected:  By 2001 almost
every room will have high-speed internet service powered by ATT.  This
means you will have 50 times faster-than-typical Internet connection from
the comfort of your room.  And you get a full day of Internet access for one
low price. Click here to make your reservation and stay connected!
http://by.advertising.com/1/c/23066/9974//13882

a href="http://by.advertising.com/1/c/23066/9974//13882" AOL users click
here /a

crypto

[Results]

Your keyword(s), crypto, was recently spoken on FNC during Special Report.

Tuesday, Apr 3 2001 at 06:23 PM

..is how we gather the information and what technology we have they
would be able to destroy the crypto gear within the aircraft ..

For details, visit
http://www.TVEyes.com/database/expand.asp?ln=3157299Key=crypto

 
Just follow the above link to keep your account active for this keyword. 
For total control of your keywords, go to
http://www.tveyes.com/log_in.asp

Marriott and Renaissance Hotels Help You Stay Connected:  By 2001 almost
every room will have high-speed internet service powered by ATT.  This
means you will have 50 times faster-than-typical Internet connection from
the comfort of your room.  And you get a full day of Internet access for one
low price. Click here to make your reservation and stay connected!
http://by.advertising.com/1/c/23066/9974//13882

a href="http://by.advertising.com/1/c/23066/9974//13882" AOL users click
here /a

CRYPTO AG, anyone?

[Bo Elkjaer]

Hi List

I'm looking for additional information concerning the swiss company Crypto
AG. I have found already the available articles online, Madsens 'Trojan
Whore'-article, JYA, etc, but if possible, I'd like to see, if any
listmembers can help me with further infos. 

Specifically, I'm interested in:

1: Copies of memos and documents mentioned in articles by Baltimore Sun,
Der spiegel, CAQ.

2: Has anyone had a chance to look at their Ipsec-products? Cell-phones?

I hope theres some listmember, who might be able to help.

Yours
Bo Elkjaer, Denmark

Oh: Update on the SIGINT-situation in Denmark:
A US citizen was recently observed in the danish SIGINT site
Skibsbylejren. The danish minister of defense has acknowledged this and
confirms, that the american works for a US company, that was hired to
install equipment at the site. He and his company also works for the US
Department of Commerce.

The danish government have acknowledged to have had meetings with
representatives from US Gov, including representatives fom NSA regarding
encryption-technologies and policies in Denmark. Minutes from the meetings
are classified.

The danish government won't acknowledge that these meetings still take
place, but they won't deny it either. Remarkably, our minister of science
started out to deny in a written letter to parliament, that these meetings
still take place. This written statement with the denial was withheld
after pressure from the danish minister of justice, Frank Jensen.

The danish parliament will have a new debate on SIGINT and encryption next
month.


-- 


EOT 

CRYPTO AG, anyone?

[Bo Elkjaer]

Hi List

I'm looking for additional information concerning the swiss company Crypto
AG. I have found already the available articles online, Madsens 'Trojan
Whore'-article, JYA, etc, but if possible, I'd like to see, if any
listmembers can help me with further infos. 

Specifically, I'm interested in:

1: Copies of memos and documents mentioned in articles by Baltimore Sun,
Der spiegel, CAQ.

2: Has anyone had a chance to look at their Ipsec-products? Cell-phones?

I hope theres some listmember, who might be able to help.

Yours
Bo Elkjaer, Denmark

Oh: Update on the SIGINT-situation in Denmark:
A US citizen was recently observed in the danish SIGINT site
Skibsbylejren. The danish minister of defense has acknowledged this and
confirms, that the american works for a US company, that was hired to
install equipment at the site. He and his company also works for the US
Department of Commerce.

The danish government have acknowledged to have had meetings with
representatives from US Gov, including representatives fom NSA regarding
encryption-technologies and policies in Denmark. Minutes from the meetings
are classified.

The danish government won't acknowledge that these meetings still take
place, but they won't deny it either. Remarkably, our minister of science
started out to deny in a written letter to parliament, that these meetings
still take place. This written statement with the denial was withheld
after pressure from the danish minister of justice, Frank Jensen.

The danish parliament will have a new debate on SIGINT and encryption next
month.


-- 


EOT 

Stegonography -- The New Crypto Boogieman

[Alan Olsen]

In the Oregonian March 19, 2001 Page D1 there is an article entitled
"Hidden Content -- Criminals use steganography to send illicit data in
what appears to be innocuous files".

The article can be found here:

http://www.oregonlive.com/business/oregonian/index.ssf?/business/oregonian/01/03/technw/fn_21stega19.frame

This thing trots our every horseman under the sun, from Terrorists, nerve
gas makers, and every other fear mongering group possible.  You have to
read it to believe it.

It reads just like a press release from the FBI's department of
disinformation.

Probably the most fear-mongering peice of crap I have read in the
Oregonian in quite a while.  (Even beyond the headline about vampire cults
(i.e. Goths) being responsible for blood drinking murders.)

Stego is going to be the big target for anti-crypto propaganda.

Expect similar stories in a paper near you.

[EMAIL PROTECTED] | Note to AOL users: for a quick shortcut to reply
Alan Olsen| to my mail, just hit the ctrl, alt and del keys.
"In the future, everything will have its 15 minutes of blame."

Slashdot | Is Crypto Solely for Criminals?

[Jim Choate]

http://slashdot.org/articles/01/03/11/0427238.shtml
-- 


Liberty means responsibility. That is why most men dread it.

   Locke

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-

Crypto Short Course (fwd)

[Jim Choate]

   Before a larger group can see the virtue of an idea, a
   smaller group must first understand it.

   "Stranger Suns"
   George Zebrowski

   The Armadillo Group   ,::;::-.  James Choate
   Austin, Tx   /:'/ ``::/|/  [EMAIL PROTECTED]
   www.ssz.com.',  `/( e\  512-451-7087
   -~~mm-'`-```-mm --'-


-- Forwarded message --
Date: Wed, 7 Mar 2001 13:32:58 -0500
From: "R. A. Hettinga" [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
Digital Bearer Settlement List [EMAIL PROTECTED]
Subject: Crypto Short Course


--- begin forwarded text


Date: Wed, 7 Mar 2001 13:10:03 -0500 (EST)
From: Christof Paar [EMAIL PROTECTED]
To: WPI Crypto Seminar -- Fall 2000 EE 578/CS 578: ;
Subject: Crypto Short Course
Sender: [EMAIL PROTECTED]
Reply-To: Christof Paar [EMAIL PROTECTED]

I am offering again a 4 day short course in applied crypto. A brief
outline is below. For more info about the course contents and
registration, please see our web site at

 http://www.ece.wpi.edu/Research/crypt/courses/short_course.html

Regards,

Christof

! WORKSHOP ON CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS (CHES 2001) !
!  Paris, France, May 13-16, 2001 !
!   www.chesworkshop.org  !

***
 Christof Paar,  Assistant Professor
  Cryptography and Information Security (CRIS) Group
  ECE Dept., WPI, 100 Institute Rd., Worcester, MA 01609, USA
fon:(508) 831 5061  email: [EMAIL PROTECTED]
fax:(508) 831 5491  www: http://www.ece.wpi.edu/People/faculty/cxp.html
***


  Worcester Polytechnic Institute
 4-Day Short Course
April  16,17  26,27
   WPI Southborough Campus

APPLIED CRYPTOGRAPHY AND DATA SECURITY

  Seminar Leader: Dr. Christof Paar


  COMPLETE COURSE INFORMATION AND REGISTRATION:
 www.ece.wpi.edu/Research/crypt/courses/short_course.html


  COURSE OUTLINE

Day 1, AM - Introduction to Cryptography and Data Security

Overview. Private-Key Cryptosystems. Cryptanalysis.


Day 1, PM - Stream Ciphers

Random Number Generators. Synchronous Stream Ciphers and LFSRs.  Attacks.
One Time Pad. Unconditional and Computational Security.


Day 2, AM - Block Ciphers: DES and AES

DES Functionality and History; Implementation: Hardware and Software;
Attacks and Security Estimations. AES: Functionality and History; Hardware
and Software Implementations. Other block ciphers. Key length and security.


Day 2, PM - Modes and Variants of Block Ciphers

Operation modes of block ciphers. Multiple encryption. Key whitening.


Day 3, AM - Public-key Cryptography

Principle. Some Number Theory. Overview of Practical
Schemes. Public-Key standards (ANSI, IEEE).


Day 3, PM - Public-key Algorithms

RSA Cryptosystem: Functionality, implementational aspects, recent attacks
and security estimations. Diffie-Hellman key exchange. Elliptic curve
cryptosystems: principle, practical and security aspects.


Day 4, AM - Digital Signatures and Protocols

Digital Signatures. Authentication Codes (MACs). Hash Functions. Protocols
for Privacy, Authentication, Integrity, Non-Repudiation.
Challenge-and-response protocols.


Day 4, PM - Key Distribution and Case Study

Key Distribution: Private-key approaches, public-Key approaches.
Certificates. Key Derivation. Case Study: Secure Socket Layer Protocol.



For help on using this list (especially unsubscribing), send a message to
"[EMAIL PROTECTED]" with one line of text: "help".

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Network crypto is not enough: One example of why.

[Ken Brown]

A touching faith that no muggers read cypherpunks. Or, perhaps more
importantly, no-one who might be in the market for cheap 2nd-hand
computers.

Ray Dillinger wrote:
 
 On Fri, 2 Mar 2001, John Young wrote:
 
 Ray,
 
 Please tell the make and model of the laptop, where it
 was lifted and other details that would help a good
 samaritan recognize it as what you say it is and has
 in its innards.
 
 It is a compaq armada m700, with 128M memory and 6G
 hard drive.  It got kiped in San Francisco, on the
 western edge of a neighborhood known as hunter's point.
 It has already been reported to the appropriate police,
 but that's mainly pro forma; in the recovery of such
 items they are nearly useless.
 
 The application is called "Neuroserver".  It exists in
 a full GUI development environment/compiler (NSAE) and
 a windows service (NSRE) with associated runtime admin
 tools. There's also a solaris version, but that wasn't
 on the machine she had.
 
 If you want to know more about the application, you can
 ask it about itself - go to http://www.nativeminds.com,
 turn on cookies and javascript, and follow the "talk
 to nicole" link. It won't understand you if you get too
 far outside its subject matter or use sentences too long
 for it to figure out, but that's par for the course for
 this moment in time.
 
 The dame chopped and shopped your secrets if
 they were that, copying spooks ploying a bonus
 from likeminders with the same venal bosses eager
 to steal when profits peter, copying the boss spooks
 copying the leaders of the earth and heaven.
 
 That's an interesting collection of words.  Do you
 suppose it's a sentence?
 
 Bear

Re: Network crypto is not enough: One example of why.

[John Young]

Ray,

Please tell the make and model of the laptop, where it 
was lifted and other details that would help a good
samaritan recognize it as what you say it is and has
in its innards.

No disinfo now. No risk insurance scamming, we've
been stung by that. Damn hi-value secret-rich laptops 
are a menace to the underworld and time wasters for
undercovers overloaded with a leak-ploy of the spooks 
copied by the thousands, when even pawnshops 
have signs about laptops "who you kiddin."

The dame chopped and shopped your secrets if 
they were that, copying spooks ploying a bonus
from likeminders with the same venal bosses eager
to steal when profits peter, copying the boss spooks
copying the leaders of the earth and heaven.

Yrs,

No. 38769

Sex, drugs, and technology - demonizing crypto

[Jim Choate]

http://www.sunworld.com/unixinsideronline/swol-02-2001/swol-0223-unixsecurity.html
-- 
   The Laws of Serendipity:

   1. In order to discover anything, you must be looking
  for something.

   2. If you wish to make an improved product, you must
  first be engaged in making an inferior one.  

   Tivoli Certification Group, OSCT
   James Choate   [EMAIL PROTECTED]
   Senior Engineer512-436-1062

How responsible is the vendor of a crypto-enabled product?

[Roy M. Silvernail]

I got into an interesting conversation today.  Here's the question:  if 
a vendor rolls out a net-enabled product that features a crypto-
secured interface, what kind of liability do they face if the interface 
security is breached?  In particular, we were discussing machine 
controls and the recent incident where it was discovered that one 
manufacturer was fielding a GPIB control card with TCP/IP 
Ethernet and no security at all. 

If a net-connected and secured machine were hacked and death or 
personal injury resulted, does that make the manufacturer an 
accessory to manslaughter?  Would having a provably good (or 
provably bad) security layer mitigate this?
--
Roy M. Silvernail
Proprietor, scytale.com
[EMAIL PROTECTED]

Re: Crypto McCarthyism ...thoughts, gentlemen?

[petro]

At 12:40 PM -0600 2/9/01, Aimee Farr wrote:
Gentlemen[*]:

[*]appearances suggest an absence of participatory estrogen in here.

Females are free to join this list. Some have joined in the past.

"On the Internet, no one knows you're a bitch."

 No, on the internet *EVERYONE'S* a bitch.

-- 
A quote from Petro's Archives:
**
"As someone who has worked both in private industry and in academia,
whenever I hear about academics wanting to teach ethics to people in
business, I want to puke."--Thomas Sowell.

Reiserfs and Crypto

[Harmon Seaver]

Anybody know of any work being done with reiserfs and cypto. The
pluggable modules aspect of reiserfs seems made to order for it. Has
anybody tried running cfs or tcfs on top of reiserfs? That woouldn't be
as cool but ...

Re: (RE: Crypto McCarthyism ...thoughts, gentlemen?)

[Ray Dillinger]

On Sun, 11 Feb 2001, Aimee Farr wrote:

Yes. However, I've been here a while. The dynamics of this community is
somewhat difficult to grasp, and I can only beg your understanding of the
same.

One of the crucial things needed to understand what goes on cypherpunks 
is that about three-quarters of the people see half or less of the 
posts.  Having set up spamfilters adequate to give the list a reasonable 
S/N, you wind up having cut out a substantial fraction of the signal. 

Another crucial thing needed to understand what goes on cypherpunks 
are that certain of the regulars are trolls and/or cranks, and will 
say utterly outrageous things simply in order to "tweak" the presumed 
eavesdroppers or scare away people whom they regard as too timid to 
be worth talking to anyhow. It's best interpreted as performance art 
after the style of Andy Kaufmann. 

Regarding the paper you referred us to:  While the author has come 
up with a lot of references as quotes to cite, few or none of them 
bear directly on the central theme of his paper.  He presents a 
number of people who have a number of interesting things to say, 
some of them even on topic, but NO research or study that supports 
his central point of electronic communications as a first cause for 
the development of mass hate. A vehicle, sure.  But not a first 
cause.  And there's nothing really unique about it as a vehicle.

Television, in my opinion, is far more dangerous in that regard, 
due to having fewer available channels.  With TV, it takes only 
a very few people to decide that the airwaves should all be 
saturated with the same lopsided viewpoints.  The internet, by 
comparison, is chaos. 

People uninterested in hate will find no reason whatsoever to visit 
hate sites, and since virtually everything is available (see 
http://www.bonsaikitten.com/ or 
http://www.thecorporation.com/oneoffs/96/kittyporn/
for examples of how weird it can get out there) a call to hate 
can be made by anoyone, but will attract no attention outside the 
limited community that has self-selected as being a priori interested 
in it. 

Even the relatively small set of people who are interested in hate 
find themselves spoiled for choice; Name any group of people, and 
you can find dozens of hate-mongers calling for their extermination 
on the web.  In this environment, it is virtually inconcievable that 
any *one* hate ideology should ever become the dominant hate 
ideology -- this breaks up the process described in the paper at 
the "identification of villains" stage. 

As to the "moral boundaries" issue, I'll have to ask my girlfriend's 
husband about that - his dissertation was about what musical styles 
evolve in cultures whose moral boundaries are in conflict or change.

Bear

Re: (RE: Crypto McCarthyism ...thoughts, gentlemen?)

[petro]

At 04:16 PM 2/12/01 -0800, Ray Dillinger wrote:

As to the "moral boundaries" issue, I'll have to ask my girlfriend's
husband about that - his dissertation was about what musical styles
evolve in cultures whose moral boundaries are in conflict or change.

That sounds like an interesting diss, I wonder if he's willing to share?

He's obviously willing to share. Note the "My girlfriend's 
Husband" bit.
-- 
A quote from Petro's Archives:
**
"As someone who has worked both in private industry and in academia,
whenever I hear about academics wanting to teach ethics to people in
business, I want to puke."--Thomas Sowell.

Re: Formal apology (RE: Crypto McCarthyism ...thoughts, gentlemen?)

[Alan Olsen]

On Sun, 11 Feb 2001, Declan McCullagh wrote:

 Since the paper is so flawed, I'm not sure it's worth discussing at length. 
 But, briefly, is crypto as threatening as witches were? Far from it. It -- 
 and its derivative technologies, such as anonymity -- seems to be perceived 
 more as a way to reclaim lost privacy rather than a new and unusual threat. 
 In that sense, it is a conservative technology. (This could change, and 
 certainly the intelligence community is hand-waving about terrorists again, 
 but I doubt it'll have much luck.)

They seem to be having trouble putting the crypto kitten back in the
bottle.

I wonder who is doing more damage to America's image abroad and at home.

Terrorists or the various TLAs.

I think the TLAs are ahead on this one.  We will know that they have won
this particular contest when Jay leno starts making jokes about the
absurdity of their boogieman of the day.

[EMAIL PROTECTED] | Note to AOL users: for a quick shortcut to reply
Alan Olsen| to my mail, just hit the ctrl, alt and del keys.
"In the future, everything will have its 15 minutes of blame."

Re: Formal apology (RE: Crypto McCarthyism ...thoughts, gentlemen?)

[Eric Murray]

On Sun, Feb 11, 2001 at 12:35:57AM -0500, Declan McCullagh wrote:
 
 Well, that's about as nice an apology as I've ever seen on any list, let 
 alone cypherpunks. Aimee's initial message deserves a response. (BTW there 
 is a real Waco, Texas lawyer named Aimee Farr who is interested in these 
 issues, though naturally we can't be certain our correspondent is that person.)
 
 She asks for our thoughts on this:
 http://www.sociology.org/content/vol002.001/ling.html

Any paper that seriously quotes the Rimm "study" and R.U. Siris is suspect.

[..]

 Since the paper is so flawed, I'm not sure it's worth discussing at length. 
 But, briefly, is crypto as threatening as witches were? Far from it. It -- 
 and its derivative technologies, such as anonymity -- seems to be perceived 
 more as a way to reclaim lost privacy rather than a new and unusual threat. 
 In that sense, it is a conservative technology. (This could change, and 
 certainly the intelligence community is hand-waving about terrorists again, 
 but I doubt it'll have much luck.)

OTOH, there certainly has been another attempt by government
to villify crypto users with the recent spate of articles on Osama
bin Oceania and other terrorists supposed use of crypto and stego.
The Red scare of the 50s was also to a large extent promoted and fanned
into flame by elements of the government.  While there isn't a "moral
boundary crisis" amongst the general public about crypto, there is an
attempt at "vilification" and "patterned labelling" of crypto users by
the government.  And many cypherpunks have predicted the government causing
events similar to "crystallization of the crisis through a dramatic act"
and "appropriation of the appropriate social apparatus and suppression
of critique" of crypto users by the government.
(However, few of those beleive that "and finally restoration of a normal
situation" would then occur.)

The paper doesn't mention the political aspects of either of its
examples (another of it's flaws).  If you can think of "mass hate"
as a politically-motivated inflaming of the masses fears, then
the steps that it describes are remarkably similar to the expected
political response to crypto-anarchy.


-- 
  Eric Murray   Consulting Security Architect SecureDesign LLC
  http://www.securedesignllc.comPGP keyid:E03F65E5

RE: Formal apology (RE: Crypto McCarthyism ...thoughts, gentlemen?)

[Tim May]

At 5:00 PM -0600 2/11/01, Aimee Farr wrote:
Declan said:

society has instead adopted and then accepted the Internet. It's difficult
to be
  repulsed by something when you use it to share baby pictures with
  grandparents.

Yes, and we are starting to regulate the hell out of it. Outside of a
generic "Internet" sensecrypto is viewed as more threatening -- not
simply a conduit, but a means. The next domestic terrorist kaboom! is going
to have "bought to you by crypto" stenciled all over it by the US guvmint.
Our demographics don't speak of technosophisticates.

Agreed. (I will not say "So? We've been saying this for years. See my 
"Four Horseman" point of 1992-3 or so.")

Those who want crypto outlawed have been trumpeting crypto uses by 
terrorists, pedophiles, money launderers, and other thought criminals 
for the past decade.  Nothing very new or interesting in the latest 
round, save that the New Team is now attempting to lay the groundwork 
for New Laws.

...
I agree, but you yourself stated that the average American isn't that
concerned about privacy and won't purchase privacy enhancing technologies.
(In a general privacy sense, I don't see a lot of "privacy reclamation." I
do see a lot of notice provisions -- the functional equivalent of placing
99% of Americans in a social-adhesion contract.) I don't think it's
conservative. I think it is a new and unusual threat - to the majority of
Americans.

Come on, Aimee, do some background reading. The "average American" 
is, and has long been, of two minds:

-- "what have you got to hide?"

and

-- "none of your damned business!"

Both views are present in most Americans. An observation I made here 
nearly a decade ago.

I welcome your participation here, provided you don't rant about the 
list being "estrogen-deficient," but, really, these basic points are 
well-trod ground.


Of course, you have all watched this battle for many years, so you have a
longevity of insight that I don't have. Probably just the same-ole-same-ole
to you, while it seems more dramatic to me.

Ah, good to see you recognize the situation.

--Tim May

-- 
Timothy C. May     [EMAIL PROTECTED]Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns

Re: Crypto McCarthyism ...thoughts, gentlemen?

[Declan McCullagh]

Dear Aimee,

If you're serious about asking for advice or insight, I'd self-censor
the snide comments.

This group doesn't like pointy questions? To the contrary, it thrives
on them.

-Declan


On Fri, Feb 09, 2001 at 12:40:22PM -0600, Aimee Farr wrote:
 Whatever. Somehow, I don't think this group likes pointy questions. My
 apologies for the intrusion, I return to you to your regularly scheduled
 Choatian programming, and thoughts of edible panties.
 
 [*]appearances suggest an absence of participatory estrogen in here.
 ===


 Electronic Journal of Sociology (1996)
 mailto:[EMAIL PROTECTED]
 Aimee E. Farr, Esq.
 LAW OFFICE OF AIMEE E. FARR
 5400 Bosque, Suite 675
 Waco, Texas 76710-4418
 office: 254.751.0030
 fax: 254.751.09673
 
 

Re: Formal apology (RE: Crypto McCarthyism ...thoughts,gentlemen?)

[Tim May]

At 10:16 PM -0600 2/10/01, Aimee Farr wrote:

Declan, I appreciate your bringing this matter to my attention. My sincere
apologies to both you, the cypherpunk community and subscribers. My comments
were tongue-in-cheek, a friendly remark regarding Choate's stealth-linkage,
and his remarks toward women's undergarments, which I found humorous. My
comment in regard to "pointy questions" was an attempt to give any
respondents a wide berth in their replies, in recognition of the fact I
could be asking the wrong questions, and was receptive of any insight.

It sounds like it may be an alien.

It
was also a reference the number of mysterious queries that flow across the
list. My reference to Gentlemen was also not meant disrespectfully, but as a
subtle query.

Bizarre.

Nevertheless, I came across as abrasive and offended members of this forum.
_Ladies_  Gentlemen, you have my apologies for both my breach of decorum
and disrespect. Such was certainly not my intention.

We should kill it before it multiplies. No human being speaks in such 
a stilted, phony way.


You all have my admiration and respect, which is why I posed my questions to
this distinguished group. (I am preparing to debate these issues in a
private and hostile forum against experienced opposition. With a few notable
exceptions, like Declan, certain viewpoints and experiences are
under-represented in traditional source banks.)

"Captain, my source banks indicate abnormal readings. I suggest we 
disconnect immediately."



Excuse my long-windedness. I am trying to convey my intent and sincerity,
and make a public, searchable record of my disrepute, my Declan-bitchslap
and my apology; not to make excuses for my inappropriate, and inexcusable
behavior.

This chick can be for real. It must be another troll.


--Tim May
-- 
Timothy C. May [EMAIL PROTECTED]Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns

Re: Formal apology (RE: Crypto McCarthyism ...thoughts, gentlemen?)

[Tim May]

At 1:03 AM -0500 2/11/01, Declan McCullagh wrote:
At 09:49 PM 2/10/01 -0800, Tim May wrote:
Nevertheless, I came across as abrasive and offended members of this forum.
_Ladies_  Gentlemen, you have my apologies for both my breach of decorum
and disrespect. Such was certainly not my intention.

We should kill it before it multiplies. No human being speaks in 
such a stilted, phony way.
[...]
This chick can be for real. It must be another troll.

Hmm. I just responded to Aimee's message, and so I may have just 
been trolled.  But I rise to the defense of human sentience here: I 
don't think an AI would have bothered to ask us about such an inane 
sociological tract...

Another theory is that Aimee actually thinks that all cypherpunks 
subscribers are pleasant, decent, and reasonable people who should 
be treated politely. I'm sure folks -- is Choate around? -- will 
disabuse her of this notion straightaway.

On my planet, people talk to each other in a pleasant, decent, and 
reasonable way by actually _talking_ to them. That is, by listening, 
responding, making points, etc. In particular, when the arrive on new 
lists they spend a few days determining who is who and what is what.

They don't spew stilted jargon to lists which they are new to.

I still vote that we find our where it lives and kill it before it multiplies.


--Tim May
-- 
Timothy C. May [EMAIL PROTECTED]Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns

Crypto McCarthyism ...thoughts, gentlemen?

[Aimee Farr]

Gentlemen[*]:

Looking for a modern revisitation of this 1996 Cyber McCarthyism paper
(snips below). Something with an academic  empirical focus. Eh, I'm not
holding my breathso, I would equally value your thoughts on the
following, in light of all the "cryptoboogeymen" popping out of closets into
guv'mint press releases and hearings lately:

o What do you think about [1-2]?

o Contemporary parallels? (use of crypto as an aggravating factor in
punishment, etc.)

o Finally, how could [3] come about in the context of crypto (and other
digital freedoms)?

Whatever. Somehow, I don't think this group likes pointy questions. My
apologies for the intrusion, I return to you to your regularly scheduled
Choatian programming, and thoughts of edible panties.

[*]appearances suggest an absence of participatory estrogen in here.
===
Electronic Journal of Sociology (1996)
ISSN: 1176 7323
Cyber McCarthyism: Witch Hunts in the Living Room
http://www.sociology.org/content/vol002.001/ling.html

snippage

[1] "This paper examines the potential for electronic communication to spark
mass hate such as that seen in colonial Salem and during the McCarthy
period."

[2] "The elements which go into the development of mass hate include the
following: 1) strains on the community through the recognition of a moral
boundary crisis and identification of villains, 2) crystallizing of
patterned labelling through a degradation ceremony, 3) appropriation of the
social apparatus and suppression of critique mechanisms, 4) restoration of a
normal situation."

[3] "Finally, the fervour came under control. In both of these cases this
occurred when the mass hate became a serious threat to the established power
structure, members of the government in the case of colonial Salem and the
Army in the case of McCarthyism."

end snippage

Respectfully,

mailto:[EMAIL PROTECTED]
Aimee E. Farr, Esq.
LAW OFFICE OF AIMEE E. FARR
5400 Bosque, Suite 675
Waco, Texas 76710-4418
office: 254.751.0030
fax: 254.751.09673

Re: The Register - There are still crypto reg's...

[Steve Mynott]

Ray Dillinger [EMAIL PROTECTED] writes:

 true multitasking was under WinNT3.51, it was about Neck-and-neck 
 for quality with MacOS 7.  And like Mr. Zakas, I'm pretty convinced 
 that even though MacOS 10 has true multitasking, it has definitely 
 fallen behind WinNT 4. 

Well the name of the operating system is MacOS X and I don't think you
can say it has fallen behind NT 4 when MacOS X release isn't even out
yet.

I don't know what you mean by "true multitasking", which isn't a
technical term, but would guess you are refering to somelike the
destinction between preemptive and cooperative multitasking.

In fact even Windows 95 had preemptive multitasking which is absent in
MacOS 7 and wasn't added until MacOS 8.6.

From an operating system angle MacOS has been traditionally poor with
no real process control or no real memory management (any Mac user
will tell you the "virtual memory" system is shit) being a hacked up
mess dating from 1984 with kludges stuck on the side.  It's
superficially pretty but ugly under the hood.

But MacOS X is based on BSD UNIX/Mach with a radical new userinterface
and I, for one, would rather use it than NT.

-- 
1024/D9C69DF9 steve mynott [EMAIL PROTECTED]

gates' law: every 18 months, the speed of software halves.

RE: RE: The Register - There are still crypto reg's...

[Marshall Clow]

At 8:17 PM -0500 2/1/01, Phillip H. Zakas wrote:
I completely concur there's a feedback loop problem, but its Apple's fault I
think.  I remember when the first MACs came out you had to pay $5K just for
the privilege of programming for it.  What numbskulls! 

This was (partially) true, but only for a few months
(most of which were before the Mac was released).

You didn't have to pay for the privilege of programming the Mac, but
you did have to pay for the Lisa that the development tools ran on.

I bought my first C compiler for the Mac in June of 1984,
and it didn't cost $5K.

If Apple had made efforts to keep their development tools from running
on the Mac, and/or had prevented others from making tools for the Mac,
that might be different.

As it is, I find it hard to blame the shortcomings of MacOS today on
a short-term policy from late 1983 and early 1984.


The intel platforms
were the first to encourage development because bios ref. guides were cheap
and most could afford the $100 of a pascal, c or asm compiler.  Plus the
intel-platform hw (ibm, compaq, etc.) was really designed to handle
multitasking and simultaneous networking/communications.  Apple only
recently started to get the hint and improve the hardware.

The BIOS ref guides were cheap (only about $40), and the compilers
were $2-300, as I remember. MASM was less. Not really cheap.

As for being designed for multitasking and simultaneous networking/communications,
I think that you are confusing your decades. The intel-based products from 1982-86
didn't, in general, do _any_ multitasking (remember TSRs?) and as for communications,
well, they did ok talking to most anything at the other end of an RS-232 line.

-- 
-- Marshall

Marshall Clow Idio Software   mailto:[EMAIL PROTECTED]

It is by caffeine alone I set my mind in motion.
It is by the beans of Java that thoughts acquire speed,
the hands acquire shaking, the shaking becomes a warning.
It is by caffeine alone I set my mind in motion.