Re: FAQ?
Perry said, in private mail: There are a lot of open source projects out there which are confused about how they have to behave with respect to current practices. Do we have to alert the BXA just about our whole anon cvs repository once? Can we export binaries of our open source stuff without review? (It appears we can export imported binaries without review.) etc., etc. When do the regs come into effect? If EFF could produce a good legal FAQ for open source projects on crypto issues in the new BXA world, it would be a wonderful thing. I know that several projects I'm involved in (such as NetBSD) are currently wondering what we can and can't do, and when. The regs come into effect immediately, once published in the Federal Register (they've been submitted, and will probably pop out on Friday). It turns out that a month ago I wrote a draft FAQ and submitted it to the Commerce Dept to help them clear their thinking about how open source would be affected by their (then draft) regulations. I urged them to put such a FAQ into the regulations, like the official QA section in "Supplement No. 1 to Part 734--Questions and Answers--Technology Subject to the EAR". That old supplement clarified a bunch of issues about public domain, published information, etc -- but not about software. I never heard anything back from them about my FAQ, but I heard today that they are working on their own FAQ about the new regulations, which they hope to release within a few days. My FAQ is not definitive (the answers it gives won't help you if you ever have to go to court) and may be actually incorrect in spots, while a judge will take notice of theirs. And mine applied to draft regulations, while theirs will be for the real ones (which have changed somewhat). I am waiting to see what they come out with before trying to re-work my old ones into something matching the new regs. If theirs is sufficiently uninformative or confusing, I may try it -- but let's hope for the best from our government. They *did* try to move things pretty far for open source, despite nobody there knowing exactly how open source development really works. I'm hopeful that they will be able to explain how it works in words of two sylla bles as well. John
Blue Spike and Digital Watermarking with Giovanni
One of my clients is engaging in a business dialogue with a company by the name of Blue Spike (www.bluespike.com) who have apparently developed some digital watermarking products. Has anybody heard of this company and are there any known flaws in what they are touting? Any help would be greatly appreciated. [I have not heard of the product, but in general, digital watermarking is a pipe dream much like copy protection. Given access to several copies of a thing I can find the "watermarks" by comparing them. I am unfamiliar with any systems that could actually withstand attack. --Perry]
Re: BXA press release URL; and where to get the regs in HTML
On Thu, Jan 13, 2000 at 10:28:52AM +, Ben Laurie wrote: Perhaps the easy answer is for someone to attempt such an export with email notification and see what BXA say about it! I'm willing to give it a try. I sent an email to BXA and got no reply. The rules do not say I need permission, just notification, so Crypto++ is now available for unrestricted download. The URL is http://www.eskimo.com/~weidai/cryptlib.html. You can't do this yet. The rules have been announced but they are not yet in effect. The rules do not go into effect until they are published in the Federal Register. [Although rumor has it that they're being published within hours. --Perry] Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
New don't-ask-don't-tell encryption policy
http://www.wired.com/news/politics/0,1283,33651,00.html Don't-Ask-Don't-Tell Encryption by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. 14.Jan.2000 PST WASHINGTON -- If there's one lawsuit the US government would dearly like to see vanish, it's the case of Bernstein v. Department of Commerce. The suit, which began with graduate student Daniel Bernstein's earnest desire to post a simple computer program to the sci.crypt Usenet newsgroup in 1992, threatens to topple an imposing colossus of government rules that regulate privacy-protecting encryption products. Suffice it to say that's not an outcome that law enforcement or national security officials would applaud. So it's no coincidence that those cunning Justice Department lawyers may have found a way to get rid of the suit. This week's announcement by the Clinton administration that it was changing current encryption regulations gives government attorneys additional ammunition to use in court against the Bernstein lawyers. [...snip...]
Need Template for Technical Paper
I'm doing my first technical paper (see .sig) and I wondered if anyone had a pointer to a particularly nice format that I could "borrow." DCF "I swear by Almighty God that I have not given any cryptographic keys or other electronic access devices under my control to any other person or entity including government employees." -- Suggested oath from the forthcoming paper "Religious Oaths for Computer Security and Digital Commerce Applications" by Duncan Frissell, JD and Robert Bader, DD.
solve a web puzzle, work for gchq?
The AP reports that GCHQ -- the British cryptologic agency -- has posted a puzzle on its Web site. If you can solve the puzzle (it's at http://www.gchq.gov.uk/challenge.html), they want to talk to you... Of course, the AP quoted a former MI5 agent as saying "The kind of people with lively minds this appeals to will soon discover that this kind of thing is all done by computer anyway."
Re: BXA press release URL; and where to get the regs in HTML
On Fri, Jan 14, 2000 at 11:54:21AM -0500, Jeffrey Altman wrote: You can't do this yet. The rules have been announced but they are not yet in effect. The rules do not go into effect until they are published in the Federal Register. [Although rumor has it that they're being published within hours. --Perry] Apparently they have been published now. I waited for the day of publication, not the second, which I hope is sufficient. Someone also sent me an email saying the new rules have not taken effect because the public has 120 days to respond to the proposal. My understanding is that the rules have taken effect AND the public has 120 days to respond to it.
Re: BXA press release URL; and where to get the regs in HTML
Apparently they have been published now. I waited for the day of publication, not the second, which I hope is sufficient. I found them on the Federal Register site, in the "Documents Published Today" page. They are published. Here's their URL: http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2000_registerdocid=00-983-filed That document states: "This rule is effective January 14, 2000." Congratulations, Wei, I believe you're the first to legally publish strong encryption in machine-readable form from the US. Someone also sent me an email saying the new rules have not taken effect because the public has 120 days to respond to the proposal. My understanding is that the rules have taken effect AND the public has 120 days to respond to it. That is correct. John
Forwarded: banning 'soft-Tempest' fonts?
[A friend directed me to the following fun in the new regs --Perry] re: new BXA regs "a.4. Specially designed or modified to reduce the compromising emanations of information-bearing signals beyond what is necessary for the health, safety or electromagnetic interference standards;"
[SFBCA] 2000-01-15: Cypherpunks at the RSA Conference in San Jose
NEXT Meeting: http://www.freedomfighter.net/cypherpunks/2000/0115.html Meeting Page: http://www.freedomfighter.net/cypherpunks/physical.html JANUARY ADMINISTRIVIA: Here's the followup to our pre-announcement from 24 December 1999. This is the second send in less than 24 hours, due to a fatal server error yesterday: our apologies if you happen to receive a duplicate or six. Please see the webpages for last minute updates and changes! --dave SF Bay Area Cypherpunks (80th Chairborne Regiment) January 2000 Physical Meeting Announcement General Info: DATE: Saturday 15 January 2000 TIME: 12:00 - 5:00 PM (Pacific Time) PLACE: San Jose Convention Center (downtown San Jose, California) Heads-Up for January! "Who do you Trust?" The January 2000 Physical Meeting of the San Francisco Bay Area Cypherpunks will precede the RSA Data Security Conference and concern itself with "Trust and Identity." The meeting will be on January 15th, the Third Saturday in January, instead of the usual Second Saturday. By aligning our meeting with the RSA Data Security Conference in San Jose the following day/week (registration starts on 16 Jan), many of the usual cypherpunk suspects from around the planet will be in town and able to attend. As always, this is an Open Meeting on US Soil and members of the Public are encouraged to attend. Cypherpunk meetings are your meetings: agenda items come from YOU! Send your last-minute agenda request to the meeting organizers (Dave Del Torto Bill Stewart), by sending email To: [EMAIL PROTECTED] Subject: 2000-01-15 agenda request Please include a few brief (English) sentences describing your topic, and the amount of time you need (e.g. 5/15/30 minutes). If we can still fit your item in, we will. Meeting Time: The informal pre-meeting get-together begins around 12:00 Noon. We'll start the actual meeting at 12:30 PM and go until around 5:00 PM (or later, depending on how late Security lets us stay). The meeting is normally followed by a group dinner somewhere nearby from 6:00-8:00 PM (attendance optional). There's also an evening party in Palo Alto (meeting attendees will learn the details). Meeting Agenda: "Our agenda is a widely-held secret." 12:00 - 12:30 - Hang out, consume food, obtain caffeinated beverages. 12:30 - 5:00 PM General: general "Cypherpunk Work-in-Progress" Issues session: Lucky Green: The DVD "encryption" reverse-engineering case (DeCSS EFF vs DVDCCA MPAA http://cryptome.org/dvd-order.htm NOTE: The DVD-CCA v. The World Preliminary Injunction hearing will be held in Santa Clara Superior Court, Department 2, San Jose, California on Tuesday 18 Jan 2000 at 1:30 pm Santa Clara Main Court House 191 North First Street San Jose, CA 95113(408) 299-2074 Directions (both map and text) are at: http://claraweb.co.santa-clara.ca.us/sct/pages/directions.html Dave Del Torto: A brief Web of Trust analysis of CDnow's secure website orders using PGP keys http://www.cdnow.com/cgi-bin/mserver/SID=0/pagename=/RP/HELP/order.html#8q [EMAIL PROTECTED] New IETF OpenPGP working group "OP/MIME" (OpenPGP/MIME) Multiple Parallel Signatures drafts. Bill Scannell: The State of the Internet in Syria and Lebanon at the Millennium. (BYOKafir) Alan James Lansing: The "DFFF 2000" Award Presentation from the Secret Order of Former Primes Trust Validity Management: Matt Blaze (ATT Research): New and exciting developments in trust management Raph Levien (Art Of Code): Attack-resistant trust metrics for large scale authentication Identity Management: Austin Hill, Ian Goldberg Adam Shostack (Zero Knowledge Systems): Freedom v1.0: An overview of issues, tradeoffs future plans (followed by QA grilling BBQ-sauce taste test) http://www.freedom.net/ Public Key Management (PKI): Greg Broiles Dave Del Torto PGP Keysigning 1. Key owners should ensure their keys are on the Surfnet keyserver. 2. Send your primary PGP key information before Noon (Zulu -8) on Fri 2000-01-14) to [EMAIL PROTECTED] In the message Body, include: your primary key's Keyid, Userid, Size, hexadecimal Fingerprint and optionally the keying material (in an ASCII-armored PGP Public Key Block). Example: 0x28C029AF Dave Del Torto [EMAIL PROTECTED] 4096 9B29 031D 70DE F566 E076 B108 904D FEA3 28C0 29AF -BEGIN PGP PUBLIC KEY BLOCK- [optional keying material not shown in this example] Be sure to bring friends to attest to your identity and/or two (2) forms of photoID to the meeting. Also, if you
Digital Money Forum, London
. the third annual Consult Hyperion forum . .. D I G I T A L ... M O N E Y Kensington Palace Hotel London April 4th/5th, 2000 sponsored by GlobeID Genie Internet in association with Financial Times Virtual Finance Report First Tuesday E-Finance Forum with a keynote address by Tim Jones, co-inventor of Mondex. and special presentations by Brian Greasley of Genie Internet. Fabrice de Comarond, GlobeID Provisional Programme. Day One: Economic Business Issues Chair Duncan Goldie-Scot Editor, Financial Times Virtual Finance Report Keynote Address: Digital Money and Retail Banking Tim Jones, Managing Director, NatWest Bank. A Survey of Digital Money in Europe Leo Van Hove, Free University of Brussels. Digital Money in a Real Context Brian Greasley, Genie Internet. Will Digital Money mean Social Exclusion? Ben Jupp, DEMOS. A Real Businesses Requirement for Digital Money Steve Brooks, CTO, Remote Music. Clicks and Mortar Money Mike Hendry, Independent Consultant. Smart Cards in European Financial Services Charles Goldfinder, Financial Industry Working Group. Who Cares About Digital Money? David Birch, Director, Consult Hyperion. Day Two: Regulatory Technical Issues Chair David Bowen Editor, Net Profit Visa and Digital Money Jon Prideaux, Executive VP New Products (EU Region), Visa International. Regulating Digital Money Laura Edgar, CCLS. Options for Regulation Simon Lelieveldt (invited) Netherlands Bank. Lessons from Successful Electronic Purse Schemes Dominique Hautain, Proton World International. Digital Money on the Net. Julian Wilson, CEO, Smart Axis. Mondex: The World Electronic Purse Richard Fletcher, Mondex International. Special Presentation: Making Online Payments Work. Fabrice de Comarond CEO, GlobeID A Flexible Digital Money System James Milner, Oakington. Creating a New International Currency Matteo Berlucchi, Beenz. .Administration. The detailed programme is on line at http://www.consult.hyperion.co.uk/forum/digmoney3.htm Thanks to the generosity of our sponsers, this year the seminar costs only 495 pounds Sterling per person excluding VAT. The fee includes the seminar, documentation, meals, a and cocktail party. For further information or to reserve a place please contact Gloria Benson [EMAIL PROTECTED] Telephone +44 1483 301793Fax +44 1483 561657 Regards, Dave Birch. ... My own opinion (I think!) given solely in my capacity as ... ... an interested member of the general public ... ...... ... mailto:[EMAIL PROTECTED] . http://www.birches.org/dgwb/ ...
