Patriot Ants (was: Re: Zombie Patriots and other musings)
On Sat, 13 Dec 2003, John Kelsey wrote: Of course, there's a more fundamental problem with surrendering to the lone warriors. Imagine that there's such a wave of pro-life terrorism that we finally agree to ban abortion. You're a fanatically committed pro-choice activist. What's your next move? Two moves possible. The violent, far less effective and possibly somehow counterproductive one: attacking the ones who enforce the measurement, by letal or nonlethal means, to act as deterrent. The nonviolent one: developing and deploying the technology necessary for underground clinics to provide higher quality service, and for their clients to find, order and pay for the services without being likely to trace down by the Whateveriscurrentlythelaw Enforcement. Causing bad press for them, keeping public awareness that alternatives to the law-compliance exist. Learning from countries with similar bans in action, both from the present and from history, how the alternatives developed there, and building on this knowledge. Direct attack is not always the best route, however tempting. A house can be brought down from the outside by a bomb, or from the inside by white ants. Insect survival strategies are distributed and largely successful; I am pretty sure we can learn a lot from there. One Patriot Ant doesn't have to fight in any big way, doing heroic deeds or big sacrifices; enough people who just provide samizdat for few friends, know what files to mirror, when to look away, what to be unable to remember when questioned by the Authorities, who know the newsbits that aren't officially reported and tell their friends can make big difference. The strength of Patriot Ants isn't in their individual strength, they don't make headlines - they just eat the System from the inside, one bite at time.
Open the Russian market for your business
Dear, Sirs, We are glad to inform you that our company has been launched the Project OpenRussia.ru to help the entrepreneurs from the entire world access the Russian market and offer their products. This Project allows active search for potential partners in Russia. Russia has been showing a stable economic growth, and business cooperation with the Russian entrepreneurs has become mutually beneficial and effective. When it comes to purchasing of any goods abroad or execution of a foreign trade transaction, the key issue for the Russian entrepreneurs is the problem of customs clearance (the customs duty amounts and collection procedures, clearing through the customs, certification of the imported goods, licensing of imports, etc.). Our Project has been developed to address these and similar problems. Please visit to www.openrussia.ru for more information and registration your offer in our catalogue. Best regards, The OpenRussia Team [EMAIL PROTECTED] www.openrussia.ru We apologize If you have received this message in error. Your address is received from open sources.
Re: Patriot Ants (was: Re: Zombie Patriots and other musings)
From: Thomas Shaddack [EMAIL PROTECTED] On Sat, 13 Dec 2003, John Kelsey wrote: Of course, there's a more fundamental problem with surrendering to the lone warriors. Imagine that there's such a wave of pro-life terrorism that we finally agree to ban abortion. You're a fanatically committed pro-choice activist. What's your next move? Two moves possible. The violent, far less effective and possibly somehow counterproductive one: attacking the ones who enforce the measurement, by letal or nonlethal means, to act as deterrent. I think you should the word possibly when referring to effectiveness of outcomes. One can never knows until one tries. Every monment in history is unique and the effectiveness of the use of a particular strategy can never be ascertained beforehand. Mine is based on at least two inspirations... How we burned in the prison camps later thinking: What would things have been like if every security operative, when he went out at night to make an arrest, had been uncertain whether he would return alive? --Alexander Solzhenitzyn, Gulag Archipelago and Our government... teaches the whole people by its example. If the government becomes the lawbreaker, it breeds contempt for law; it invites every man to become a law unto himself; it invites anarchy. -- Louis D. Brandeis As Americans I'm sure we have been tutored by some of the best. Time to put into practice what we have learned. The nonviolent one: developing and deploying the technology necessary for underground clinics to provide higher quality service, and for their clients to find, order and pay for the services without being likely to trace down by the Whateveriscurrentlythelaw Enforcement. Causing bad press for them, keeping public awareness that alternatives to the law-compliance exist. Learning from countries with similar bans in action, both from the present and from history, how the alternatives developed there, and building on this knowledge. Direct attack is not always the best route, however tempting. A house can be brought down from the outside by a bomb, or from the inside by white ants. The trouble with this method is that is generally requires a large percentage of the population to actively or passively support a position. This almost always occurs after a situation has become intolerable to the masses. I have no intention in placing my ability to enjoy what I consider my basic rights into the hands of a million Joe Sixpacks and await their enlightenment. The only freedom which counts is the freedom to do what some other people think to be wrong. There is no point in demanding freedom to do that which all will applaud. All the so-called liberties or rights are things which have to be asserted against others who claim that if such things are to be allowed their own rights are infringed or their own liberties threatened. This is always true, even when we speak of the freedom to worship, of the right of free speech or association, or of public assembly. If we are to allow freedoms at all there will constantly be complaints that either the liberty itself or the way in which it is exercised is being abused, and, if it is a genuine freedom, these complaints will often be justified. There is no way of having a free society in which there is not abuse. Abuse is the very hallmark of liberty. -- Quintin H. Hailsham, The Dilemma of Democracy Get ready for a lot of abuse...
Re:
Now you can have HUNDREDS of lenders compete for your loan! RATES AS LOW AS 1.95%! Great rates Less paperwork Apply online in seconds Save Money NOW! cease clubroom freckle tire adjunct stress organismic diethylstilbestrol alabamian duma topic paranoid commonality everhart biblical deuce depute oneida ablate bigelow carborundum decal blotch jeopardy connie archfool cryptography borneo cabdriver tioga humidistat tang astringent bayberry modulus allan hyannis aftermath solemnity happen brazier brown coinage vocate pepsico schoolbook blister informant dinghy beresford cholinesterase behavioral alfresco prosthetic caveat customhouse windup avocate rasa crewmen deane flinch insurrect inaccurate while are twelve lexington ecology bonfire during patti mirfak merrymake feathery capacity applique argue duopoly acanthus coat dido loudspeak donovan x germane libelous cathy mccoy cannot enforcible gadgetry diem kiddie walls bon elegy tangential permeate wrath being pushbutton noblemen aarhus flunk clan shook intemperate ballyhoo landis airmail whee degumming collaborate crumple decryption facilitate antennae handshake profundity meritorious up biology wingspan potts candelabra reducible cleanse shaffer hewitt infringe warfare liniment particulate taipei voss pronunciation walkway symbiotic paymaster edward hoff polopony ruthenium burnish dietetic digitate cosmology allusive crosby duress fulminate dualism fizeau megaword never dickens inescapable abscissae compartment gimmickry inadvertent bunk enamel album riddle standstill ubiquitous isfahan privacy galactose question coleridge prizewinning aborning slavery bracken wraith lutetium beforehand only garage recherche transfusion clotho dumpy hairdo acidic certified slough brush dribble confucianism astatine train white altair olivia migrate when johannesburg tone inch epochal proclamation handset cagey ketone bolivia appanage histogram revisionary noteworthy stony tonsil debutante dalton aspire semite snorkel monk biconcave breakthrough cain wiseacre multiplicity camel roughshod structural continual pasteboard porridge connotative dichotomy postpone psychoanalyst besmirch corroborate dispensary bam pawn mahoney satiety cathode emerson suburb cruel spool page addison labia resuscitate dutch corundum obfuscate volcano monstrous sandpile gules cranky motet cipher denton seismic quaff without premiere deliberate uphold kankakee kovacs esteem polygonal truancy macro graft glisten bordello alpenstock condominium arkansan confucian extricate cereal eightfold e'er assassinate decisional bennett honolulu buttrick loot sophistry align almaden riboflavin solar sidearm concourse orthodox almond salvatore oberlin formaldehyde midwinter yonkers witness alden merck charge shovel gap indoctrinate bridegroom niamey northrop february millie worn tuition rooftree daytona friction victrola ceremony constitute asteroid infamous champaign dissuade swig botany lovelace dell ignore naiad anglo brew narragansett peat precise tweeze szilard slack written oilseed coke dwindle vermin dilemma nectarine coniferous thunder blackball palo portrayal boswell acetate assai syllable procession vacate george despite kate zimmerman sophomore yoghurt baleen agricola mutual liturgy muskmelon menfolk nicotinamide infantryman percival elba junk ninefold wove addressograph annette katz diacritic calvert mausoleum libretto property edifice bade diffident chuff effloresce gothic schumacher dirge dynastic dynast cruise tailspin ad defect alfresco fruitful tabu goldberg muddle plastic portent newt admiral berwick contralto behalf sachem country
Still single and waiting?
At Single Me, finding love, romance and friendship has never been safer or easier! View the singles in your area - FREE At Single Me someone could be online looking for you... Find your perfect match today! http://ab.getquickerstuff.com/newlc/go/2848 To have your address eliminated from our mailing list, follow this link: http://ab.getquickerstuff.com/unsub/central/[EMAIL PROTECTED]
Re: Compromised Remailers
At 06:49 PM 12/13/2003 +0100, some provocateur claiming to be Anonymous wrote: A question for the moment might well be how many if any of the remailers are operated by TLAs? The TLAs have proposed running various anonymizers for China and other countries that have oppressive eavesdroppers. If you go look at past remailer discussions (probably starting with Tim's Cyphernomicon or some of the remailer docs), you'll be reminded that just using one remailer isn't enough if you're worried about it being compromised, though it's usually fine for trolling mailing lists :-) Remailers are secure if at least one remailer in a chain is _not_ compromised, so you not only want to be sure that some of the remailers you chain through are run by good people, but that their machines are likely not to have been cracked, and ideally you use remailers in multiple legal jurisdictions because that reduces the ability of any one government to put pressure on the remailer operators, and increases the chances that if all of the remailers are compromised, at least one of them isn't compromised by someone who's interested in _you_.
HOT NEW Remote Control Helicopter
It's a bird, it's a plane...no it's a Humblebee Helicopter! The HUMBLEBEE HELICOPTER is an awesome backyard toy for all ages and Makes for a WONDERFUL GIFT! http://ab.getquickernews.com/newlc/go/2819 Similar helicopters sold elsewhere for $100 - $130.00 ON SALE HERE FOR ONLY $49.95 Act now! NOT AVAILABLE IN STORES!!! SPECIAL OFFER: Buy 2 and get Free shipping Don't miss out on the fun...Get your Remote Control Humblebee Helicopter today! http://ab.getquickernews.com/newlc/go/2819 Follow this link if you no longer wish to be contacted. http://ab.getquickernews.com/central/[EMAIL PROTECTED]
Get the Silly Santa Screen Saver for Free.
Don't miss out! Get in the holiday spirit with a Free Silly Santa Screen Saver! http://ab.ourbeststuff.com/newlc/go/2790 To have your address eliminated from our mailing list, follow this link: http://ab.ourbeststuff.com/unsub/central/[EMAIL PROTECTED]
Say goodbye to long doctor visits!j
Title: Don Dont Waste Your Time at the Doctors Office! RX Medications Delivered Right to Your Door in 24 Hours! Pay LESS for your drugs get MORE for your $$$! Join the millions of people who are tired of the hassle with the insurance companies and doctors! We carry ALL of the well-known drugs available and most of the unknown as well. We currently have specials on the following items:mealtime Name What it does Phentermine Helps eliminate excess body-fatlingo Fioricet Relieves headache pain and migraine headachescockeye Tramadol Alleviates mild/mild-severe levels of pain throughout bodychapman Ambien Cures insomnia other sleep disorderscommodious Prilosec Treats acid reflux disease, extreme heartburntestbed Prozac For depression, OCD and/or eating disorderscommunique Didrex An appetite suppressant to help reduce weightstonecrop ALL Prescriptions are FREE!turtle Our qualified physicians are standing by to serve you.carcinogen Visit our site today and let us help you help yourself!saxophone ctfcexffjmzyju uj PleaseRemoveMeFromMailingList
Give the Showtime Rotisserie BBQ Oven this holiday.
Just in Time for the Holidays! Showtime Rotisserie BBQ Oven. The World Famous Showtime Rotisserie cooks your Ham or Turkey in about half the time it takes in your conventional oven, saving you lots of money on energy. It is also the #1 Best Selling and most Highly Rated Rotisserie in the World, because it gives you the best tasting food and it's so easy to clean! Give Mom and Dad the gift of health by cutting the fat with Showtime Rotisserie BBQ. You can also get this Holiday Package for a friend or relative (at the same special price) and we'll send it directly to them...and they'll know it's a gift from you! Limit 3 per household for this special gift offer. http://ab.goodquickstuff.com/newlc/go/2798 To have your address eliminated from our mailing list, follow this link: http://ab.goodquickstuff.com/unsub/central/[EMAIL PROTECTED]
Get tips from Free 20 year Proven Program!
There is one major rule in Real Estate: Buy low, then Sell high. Then you've got it made! Let this former sewer inspector show you how he went from $5.63/hr to millions with his proven system. http://ab.ourquickerstuff.com/newlc/go/2816 Obtain your free CD and video now! http://ab.ourquickerstuff.com/newlc/go/2816 Follow the link below to be dropped from our mailing list. http://ab.ourquickerstuff.com/unsub/central/[EMAIL PROTECTED]
Don't worry...it's just one of Saddam's doubles
Spread the word. The adminstration got desparate. In a few weeks they'll announce this isn't the real Saddam, but that rounding up all of the clones is necessary progress in the fight to get the real Saddam. -TD _ Get holiday tips for festive fun. http://special.msn.com/network/happyholidays.armx
RFIDs at tech summit
Bug devices track officials at summit By Audrey Hudson THE WASHINGTON TIMES Officials who attended a world Internet and technology summit in Switzerland last week were unknowingly bugged, said researchers who attended the forum. Badges assigned to attendees of the World Summit on the Information Society were affixed with radio-frequency identification chips (RFIDs), said Alberto Escudero-Pascual, Stephane Koch and George Danezis in a report issued after the conference ended Friday in Geneva. The badges were handed out to more than 50 prime ministers, presidents and other high-level officials from 174 countries, including the United States. The trio's report said they were able to obtain the official badges with fraudulent identification only to be stunned when they found RFID chips . a contentious issue among privacy advocates in the United States and Europe . embedded in the tags. Researchers questioned summit officials about the use of the chips and how long information would be stored but were not given answers. The three-day WSIS forum focused on Internet governance and access, security, intellectual-property rights and privacy. The United States and other countries defeated an attempt to place the Internet under supervision of the United Nations. RFID chips track a person's movement in real time. U.S. groups have called for a voluntary moratorium on using the chips in consumer items until the technology and its effects on privacy and civil liberties are addressed. Mr. Escudero-Pascual is a researcher in computer security and privacy at the Royal Institute of Technology in Stockholm. Miss Koch is the president of Internet Society Geneva, and Mr. Danezis studies privacy-enhancing technologies and computer security at Cambridge University. During the course of our investigation, we were able to register for the summit and obtain an official pass by just showing a fake plastic identity card and being photographed via a Web cam with no other document or registration number required to obtain the pass, the researchers said. The researchers chose names for the fake identification cards from a list printed on the summit's Web site of attendees. The hidden chips communicate information via radio frequency when close to sensors that can be placed anywhere from vending machines to the entrance of a specific meeting room, allowing the remote identification and tracking of participants, or groups of participants, attending the event, the report said. The photograph of the person and other personal details are not stored on the chip but in a centralized database that monitors the movement. Researchers said they are concerned that database will be used for future events, including the next summit to be hosted by Tunisian authorities. During the registration process, we requested information about the future use of the picture and other information that was taken, and the built-in functionalities of the seemingly innocent plastic badge. No public information or privacy policy was available upon our demands that could indicate the purpose, processing or retention periods for the data collected. The registration personnel were obviously not properly informed and trained, the report said. The lack of security procedures violates the Swiss Federal Law on Data Protection of June 1992, the European Union Data Protection Directive, and United Nations' guidelines concerning computerized personal-data files adopted by the General Assembly in 1990, the researchers said. The big problem is that system also fails to guarantee the promised high levels of security while introducing the possibility of constant surveillance of the representatives of civil society, many of whom are critical of certain governments and regimes, the report said. Sharing this data with any third party would be putting civil-society participants at risk, but this threat is made concrete in the context of WSIS by considering the potential impact of sharing the data collected with the Tunisian government in charge of organizing the event in 2005, it said. The organization Reporters Without Borders was banned from attending the summit and launched a pirate radio broadcast to protest the ban and detail press-freedom violations by some countries attending the meetings, including Tunisia. Our organization defends freedom of expression on the Internet on a daily basis. Our voice should therefore be heard during this event, despite this outrageous ban, said Robert Menard, secretary general of Reporters Without Borders. Tunisia is among several countries Reporters Without Borders has accused of censoring the Internet, intercepting e-mails and jailing cyber-dissidents.
info
0o71L55Oq 3Q4 2l8 051xc17 N8VP7 K8P36n33 0DP2 5402364c u67Q42 aA18 XL2D v242uL 18I6Ag 5eFPN4cuW aK4ak8 73wx43 7V 6c o52 6178 3636S N48OTY r076X8 4qm l2JM7fj5 bww2K7u4 5S56202 852051 7M6Q1 4k8 2c6665J aA02s F2q nON W5sK3Wr5 LJ3 T6P6TN X5 m825t 78e66 023768 l)uEXLNEPTYE 81l S631 Lq w32431W g1 uE a04iF 67K400 822J2I1P2 6Y8K 5D7y7DfC QIDLI i7j jJ3w0 4426 auJ8a76 1o30G0MK O18Y24x4 7g 12l51x 4dUNpaHqG 868s713r0 8yCG7fTai 0i01Ifig d70 3r a2607w 57HM305c r4HM4T 034M0n5c7 1v25c8 Op23T 6u6mv404 r8701J65 5VUP062 8O6R2m 4ey438dKc D3ya1B5
Easy to shop at our Online Ph$armacy!
Re: Zombie Patriots and other musings
(resend) At 11:52 AM 12/13/03 -0500, John Kelsey wrote: At 09:19 AM 12/12/03 -0800, Major Variola (ret) wrote: ... You need to think about the lone warrior scenario that the Gang worries about. McVeighs and Rudolphs. They were influenced by memes which were not immediately suppressed. One interesting property of the lone warriors is that they can't actually make peace. Good points, but not entirely true. For instance, we could stop the Jihad (tm) (including future Jihads by other parties) by stopping all foreign aid, following the good general's advice, Trade with all, make treaties with none, and beware of foreign entanglements. If you take yourself out of the game, you are not seen by a player which can be influenced. Or which influencing would do any good to a given cause. A government can take itself (and thus the proles that fed the NYC rodentia the second week of Sept 01) out of the game, while individuals (corporations) continue to trade freely, and at their own consensual risk. The point is that while the soldiers are independent, their motivations are not. So you can reduce the cost of the lone warriors to you by not annoying them any more. Of course, there's a more fundamental problem with surrendering to the lone warriors. Imagine that there's such a wave of pro-life terrorism that we finally agree to ban abortion. You're a fanatically committed pro-choice activist. What's your next move? Rudolph bombed clinics, not random people because the govt allowed the clinics. Contrast with a distributed jihad which attacks citizens to sway a govt. If the US went neutral, whether Halliburton was in Arabia would be entirely an economic question, involving the cost of paying off widows or hiring Islamic workers, or buying the goods through a third party. Instead its a policy question, the only way to influence it is to bring it home ---the only language the American people understand is dead Americans. -EC --- Can you hear me now? -UBL, 11.9.01
Gene_ric via-gra - 60% c*h*e*a*p*e*r
crate Gene_ric via-gra - 60% c*h*e*a*p*e*r e LOW-COST [EMAIL PROTECTED] j Now you can get generic [EMAIL PROTECTED] for as low as $2.50 per dose, with a FR|EE physician's consultation and discrete shipment to the privacy of your home or office. h Costs over 60% less than Brand Name FR|EE Doctor Consultation FR|EE Shipp|ing Private delivery to your home 100% M|oney Back G|uarantee w FUL|L RE|FUND IF NOT DELIGHTED! p Please Visit The Site Below For More Information http://www.read0893.com/xm/ g pnysonibvdkt qrv dhgybn udq gd ry
Idea: Simplified TEMPEST-shielded unit (speculative proposal)
TEMPEST shielding is fairly esoteric (at least for non-EM-specialists) field. But potentially could be made easier by simplifying the problem. If we won't want to shield the user interface (eg. we want just a cryptographic processor), we may put the device into a solid metal case without holes, battery-powered, with the seams in the case covered with eg. adhesive copper tape. The input and output can be mediated by fibers, whose ports can be the only holes, fraction of millimeter in diameter, carefully shielded, in the otherwise seamless well-grounded box. There are potential cooling problems, as there are no ventilation holes in the enclosure; this can be alleviated by using one side of the box as a large passive cooler, eventually with an externally mounted fan with separate power supply. If magnetic shielding is required as well, the box could be made of permalloy or other material with similar magnetic properties. I am not sure how to shield a display. Maybe taking an LCD, bolting it on the shielded box, and cover it with a fine wire mesh and possibly metalized glass? Using LCD with high response time of the individual pixels also dramatically reduces the value of eventual optical emissions. I also have doubts about the keyboard. Several ideas that could help: We may use optical scanning of the key matrix, with the light fed into and read from the matrix by optical fibers, coming out from a well-shielded enclosure, similar to the I/O lines of the first example. We may use a normal keyboard, but modified to use reliably random scanning pattern; that won't reduce the EM emissions of the keyboard, but effectively encrypts them, dramatically reducing their intelligence value. It's then necessary to take precautions about the data cable between the keyboard itself and the computer, where the data go through in plaintext; it's possible to encrypt it, or to use a fiber. As really good shielding of complicated cases is difficult to achieve, the primary objective of this approach is to put everything into simple metallic boxes with as few and as small ports as possible, which should be comparatively easy to manufacture, replacing the special contacting of removable panels with disposable adhesive copper tape (the only reason to go inside is replacing batteries, and the tape together with other measures may serve as tamperproofing), and replacement of all potentially radiating external data connections with fiber optic. I should disclaim I have nothing that could vaguely resemble any deeper knowledge of high frequencies; therefore I lay out the idea here and wonder if anyone can see holes in it (and where they are).
Re: Idea: Simplified TEMPEST-shielded unit (speculative proposal)
On Dec 14, 2003, at 8:33 PM, Thomas Shaddack wrote: TEMPEST shielding is fairly esoteric (at least for non-EM-specialists) field. But potentially could be made easier by simplifying the problem. If we won't want to shield the user interface (eg. we want just a cryptographic processor), we may put the device into a solid metal case without holes, battery-powered, with the seams in the case covered with eg. adhesive copper tape. The input and output can be mediated by fibers, whose ports can be the only holes, fraction of millimeter in diameter, carefully shielded, in the otherwise seamless well-grounded box. There are potential cooling problems, as there are no ventilation holes in the enclosure; this can be alleviated by using one side of the box as a large passive cooler, eventually with an externally mounted fan with separate power supply. If magnetic shielding is required as well, the box could be made of permalloy or other material with similar magnetic properties. I am not sure how to shield a display. Maybe taking an LCD, bolting it on the shielded box, and cover it with a fine wire mesh and possibly metalized glass? Using LCD with high response time of the individual pixels also dramatically reduces the value of eventual optical emissions. I worked inside a Faraday cage in a physic lab for several months. And, later, I did experiments in and around Faraday cages. Shielding is fairly easy to measure. (Using portable radios and televisions, or even using the Software-Defined Radio as a low-cost spectrum analyzer.) My advice? Skip all of the nonsense about building special laptops or computers and special displays with mesh grids over the displays. Those who are _casually_ interested will not replace their existing Mac Powerbooks or Dell laptops with this metal box monster. Instead, devise a metal mesh bag that one climbs into to use whichever laptop is of interest. To reduce costs, most of the bag can be metallized fabric that is not mesh, with only part of it being mesh, for breathability. (Perhaps the head region, to minimize claustrophobia and to allow audio and visual communication with others nearby.) I would imagine a durable-enough metallized fabric bag could be constructed for under a few hundred dollars, which is surely cheaper for most to use than designing a custom laptop or desktop. Or consider heads-up LCD glasses. These have been available for PCs and gamers for a few years (longer in more experimental forms, of course, dating back to the VR days of the late 80s). Sony has had a couple of models, and so have others. Some have video resolutions (PAL, NTSC), some have VGA resolutions. Perfectly adequate for displaying crypto results and requesting input. These very probably radiate little. But of course a lightweight hood, a la the above mesh bag, would drop the emissions by some other goodly amount of dB. Experiments necessary, of course. Interface to a laptop or PC could be as you described it, with shielded cables. Or just use a small PC (Poqet, etc.) and move the keyboard and CPU under the draped hood. Leakage out the bottom, hence the earlier proposal for a full bag, like a sleeping bag. --Tim May
Wardial for Bush! 1-800-531-6789 -- call AGAIN AND AGAIN!
From: Wardialers For Bush [EMAIL PROTECTED] Subject: [Wardialers for Bush] Set a record! Call 1-800-531-6789 AS OFTEN AS YOU CAN! Resident George W. Bush wants your support! Even though every nuisance call to this phone number costs him money, he wants you to call NOW, AGAIN AND AGAIN! 1-800-531-6789 If you don't get through, call again! 1-800-531-6789 Keep calling. Say you were told to call by Ken Mehlman! Ask for your free prize! 1-800-531-6789 1-800-531-6789 1-800-531-6789 1-800-531-6789 1-800-531-6789
Re: cpunk-like meeting report
http://lists.cryptnet.net/mailman/listinfo/cpunx-news Be sure and check the archive before posting. It is still small. Cookies, members only archive access. Bad deal. Will not happen. Very few consumers here. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/
Re: Compromised Remailers
Tim May wrote: I haven't carefully looked at the current source code (if it's available) for things like Type II Mixmaster remailers, things which offer reply-blocks. The source is available for mixmaster. However, Type II does not offer reply blocks. Certainly for the canonical Cypherpunks remailer, the store-and-forward-after-mixing remailer, the fact that the nested encryption is GENERATED BY THE ORIGINATOR means that interception is useless to a TLA. The most a TLA can do is to a) not forward as planned, resulting in a dropped message, or b) see where a particular collection of random-looking (because of encryption) bits came from and where they are intended to next go. Not necessarily. You don't have to be able to read a message to determine what it is. In the case of an amphibian remailer operator (who shall remain nameless) revealing the identity of someone using his remailer, this remop ran 2 of the three remailers being used. The chain went: A - B - C - D - E where A is the sender, E the recipient, and B and D are the remailers controlled by the same person. Also, if the message to E had been encrypted it wouldn't have mattered much in identifing who what sending something to whom. The remop could tell that a message from A coming in through B always resulted in a message going to C, and that such messages always had a corresponding message from D to E. The fact that the messages were encrypted to each remailer's key, and that the middle remailers was not compromised, did not protect the user. There were a some special circumstances to this, the biggest one being that A was sending a ton of messages, all of similar size, through the exact same chain. But it does show the problem with Type I reply blocks in use by the current system. In particular, a TLA or interceptor or corrupted or threatened remailer operator CANNOT insert new text or new delivery instructions into packets received by his node BECAUSE HE CANNOT OPEN ANY PAYLOAD ENCRYPTED TO THE NEXT NODE. Anything he adds to the payload bits (which he can see of course, though not decrypt or make sense of) will of course make the next node see only garbage when he tries to decrypt the payload. Of course they can't alter the encrypted text, but it may be possible to add text after the pgp-encrypted block to make tracking the messages easier. There's also the issue of taking a reply block and replaying it with new text in order to watch where it goes. [snip] And if even a fraction of the remailers are compromised, then with collusion they can map inputs to outputs, in many cases. (How many they can and how many they can't are issues of statistics and suchlike.) Exactly. This is the case I was mentioning above. It shows that the if one remailer is legit your messages are safe line of thinking is not necessarily true. [snip] Adding reply-block capability significantly raises the risks for traceability, in my opinion. I am not casting doubt on the Anonymizer and on Mixmaster Type N (whatever is current), but I have not seen much detailed discussion here on the Cypherpunks list, and I am unaware of peer-reviewed papers on the cryptographic protocols being used. (If they exist, pointers here would be great to have!) Type II is the current, though cypherpunk (Type I) are in use. II does not allow for reply blocks. Type III (mixminion) is in active development and allows for SURBs - Single Use Reply Blocks -- that will allow for nyms without having to store a set number of reply blocks that can be replayed (a la the current type I pseudonym setup) Anyway, just a few thoughts. I'm far from an expert on this so take everything with a large grain of salt. --B
Re: Zombie Patriots and other musings
(resend) At 11:52 AM 12/13/03 -0500, John Kelsey wrote: At 09:19 AM 12/12/03 -0800, Major Variola (ret) wrote: ... You need to think about the lone warrior scenario that the Gang worries about. McVeighs and Rudolphs. They were influenced by memes which were not immediately suppressed. One interesting property of the lone warriors is that they can't actually make peace. Good points, but not entirely true. For instance, we could stop the Jihad (tm) (including future Jihads by other parties) by stopping all foreign aid, following the good general's advice, Trade with all, make treaties with none, and beware of foreign entanglements. If you take yourself out of the game, you are not seen by a player which can be influenced. Or which influencing would do any good to a given cause. A government can take itself (and thus the proles that fed the NYC rodentia the second week of Sept 01) out of the game, while individuals (corporations) continue to trade freely, and at their own consensual risk. The point is that while the soldiers are independent, their motivations are not. So you can reduce the cost of the lone warriors to you by not annoying them any more. Of course, there's a more fundamental problem with surrendering to the lone warriors. Imagine that there's such a wave of pro-life terrorism that we finally agree to ban abortion. You're a fanatically committed pro-choice activist. What's your next move? Rudolph bombed clinics, not random people because the govt allowed the clinics. Contrast with a distributed jihad which attacks citizens to sway a govt. If the US went neutral, whether Halliburton was in Arabia would be entirely an economic question, involving the cost of paying off widows or hiring Islamic workers, or buying the goods through a third party. Instead its a policy question, the only way to influence it is to bring it home ---the only language the American people understand is dead Americans. -EC --- Can you hear me now? -UBL, 11.9.01
Re: Compromised Remailers
At 06:49 PM 12/13/2003 +0100, some provocateur claiming to be Anonymous wrote: A question for the moment might well be how many if any of the remailers are operated by TLAs? The TLAs have proposed running various anonymizers for China and other countries that have oppressive eavesdroppers. If you go look at past remailer discussions (probably starting with Tim's Cyphernomicon or some of the remailer docs), you'll be reminded that just using one remailer isn't enough if you're worried about it being compromised, though it's usually fine for trolling mailing lists :-) Remailers are secure if at least one remailer in a chain is _not_ compromised, so you not only want to be sure that some of the remailers you chain through are run by good people, but that their machines are likely not to have been cracked, and ideally you use remailers in multiple legal jurisdictions because that reduces the ability of any one government to put pressure on the remailer operators, and increases the chances that if all of the remailers are compromised, at least one of them isn't compromised by someone who's interested in _you_.
Re: Compromised Remailers
On Dec 14, 2003, at 12:40 AM, Bill Stewart wrote: At 06:49 PM 12/13/2003 +0100, some provocateur claiming to be Anonymous wrote: A question for the moment might well be how many if any of the remailers are operated by TLAs? The TLAs have proposed running various anonymizers for China and other countries that have oppressive eavesdroppers. China has proposed to run remailers for use by citizens of nations with laws allowing bureaucrat search warrants (not judges, just civil servants), Patriot Acts, no-knock raids, and concentration camps at Gitmo. If you go look at past remailer discussions (probably starting with Tim's Cyphernomicon or some of the remailer docs), you'll be reminded that just using one remailer isn't enough if you're worried about it being compromised, though it's usually fine for trolling mailing lists :-) Remailers are secure if at least one remailer in a chain is _not_ compromised, so you not only want to be sure that some of the remailers you chain through are run by good people, but that their machines are likely not to have been cracked, and ideally you use remailers in multiple legal jurisdictions because that reduces the ability of any one government to put pressure on the remailer operators, and increases the chances that if all of the remailers are compromised, at least one of them isn't compromised by someone who's interested in _you_. I haven't carefully looked at the current source code (if it's available) for things like Type II Mixmaster remailers, things which offer reply-blocks. Certainly for the canonical Cypherpunks remailer, the store-and-forward-after-mixing remailer, the fact that the nested encryption is GENERATED BY THE ORIGINATOR means that interception is useless to a TLA. The most a TLA can do is to a) not forward as planned, resulting in a dropped message, or b) see where a particular collection of random-looking (because of encryption) bits came from and where they are intended to next go. In particular, a TLA or interceptor or corrupted or threatened remailer operator CANNOT insert new text or new delivery instructions into packets received by his node BECAUSE HE CANNOT OPEN ANY PAYLOAD ENCRYPTED TO THE NEXT NODE. Anything he adds to the payload bits (which he can see of course, though not decrypt or make sense of) will of course make the next node see only garbage when he tries to decrypt the payload. This process continues, in a recursive fashion. Now of course there are some boundary conditions. If every remailer is compromised, then complete visibility is ensured. The sender and receiver are in a fishbowl, a panopticon, with everything visible to the TLA or attackers. And if even a fraction of the remailers are compromised, then with collusion they can map inputs to outputs, in many cases. (How many they can and how many they can't are issues of statistics and suchlike.) Another boundary condition is when a remailer network is lightly used, or when correlations between sent messages, received messages, and actions take place. A signal recovery problem, perhaps akin to some military sorts of problems. (Note that this few users problem is essentially isomorphic to compromised remailers. And if the TLAs are the dominant users of remailers, sending dummy messages through, they get the same benefits as when their are few users or compromised remailers. For example, if the typical mix latency is 20 messages, and TLAs account for 98% of the traffic through remailers, then it's easy to calculate the Poisson probability that they can trace the only message that is NOT theirs. And so on.) Most of these problems go away when the number of remailers is large, the number of independent users is large, and the remailers are scattered in multiple jurisdictions, making it hard for the TLAs to enforce or arrange collusion. Another trick of use in _some_ of the boundary conditions is to BE A REMAILER. This gives at least one node, namely, oneself, which is presumably not compromised (modulo black bag attacks, worms, that sort of stuff). And one could pay others to operate remailers with trusted code. (No disk Linux computers, for example, as discussed by several here over the years..) Finally, most of these issues were obvious from the very beginning, even before Cypherpunks. When I proposed the quick and dirty remailers in the first Cypherpunks meeting, the ones we emulated in our Games, it was with the full awareness of David Chaum's untraceable e-mail paper of 1981 (referenced in the handout at the first meeting). And of his later and more robust DC Net paper of 1988, further developed by the Pfitzman team around that time. The Chaum/Pfitzman/et. al. DC-Net addresses the collusion problem with novel methods for doing, effectively, zero knowledge proofs that some bit has bit been entered into a network without any traceability as to who entered it. (Chaum uses 3 people at a restaurant, using a scheme
cpunk-like meeting report
I went to a meeting of the Irvine Underground (irvineunderground.org) which reminded me of late-90s SF CP meatings. Although the overall tech level was probably lower and social implications weren't a big topic. Also, at this meeting, there were far more cameras or videocams than were present (at least overtly :-) at the few CP meats I attended. However, nyms were used more than they were (overtly :-) at CP meatings; this may have been due to a introduce yourself poll. The IU group seems to be a bit more social, going to movies for instance, than the topic-only CPs were. The meeting was held in a room at an IHOP (pancake restaurant for furriners) The exploit mentioned in http://www.usatoday.com/tech/news/2003-12-11-microsoft2_x.htm was demonstrated, we were debriefed on the recent LA 802.11b War Flying mission (and the EMI resistance of 1960's era single-engine airplane instruments :-). Toorcon organizers were present. About 30+ people were there, with what appeared to me to be a bimodal distribution of skills, some advanced, some admitted unix newbies, etc. There was even recreational lock picking. A WiFi LAN, net connectivity through someone's cell phone eventually. A video projector. I didn't notice persons with exceptional Euler numbers, though black was definately the color of choice for garments. Ages appeared well distributed from undergrad to hoary. One gent noticed a certain TLA on my cypherpunks T-shirt and admitted that he had once worked in Ft Meade, though he wouldn't say on what :-)
Re: Patriot Ants (was: Re: Zombie Patriots and other musings)
From: Thomas Shaddack [EMAIL PROTECTED] On Sat, 13 Dec 2003, John Kelsey wrote: Of course, there's a more fundamental problem with surrendering to the lone warriors. Imagine that there's such a wave of pro-life terrorism that we finally agree to ban abortion. You're a fanatically committed pro-choice activist. What's your next move? Two moves possible. The violent, far less effective and possibly somehow counterproductive one: attacking the ones who enforce the measurement, by letal or nonlethal means, to act as deterrent. I think you should the word possibly when referring to effectiveness of outcomes. One can never knows until one tries. Every monment in history is unique and the effectiveness of the use of a particular strategy can never be ascertained beforehand. Mine is based on at least two inspirations... How we burned in the prison camps later thinking: What would things have been like if every security operative, when he went out at night to make an arrest, had been uncertain whether he would return alive? --Alexander Solzhenitzyn, Gulag Archipelago and Our government... teaches the whole people by its example. If the government becomes the lawbreaker, it breeds contempt for law; it invites every man to become a law unto himself; it invites anarchy. -- Louis D. Brandeis As Americans I'm sure we have been tutored by some of the best. Time to put into practice what we have learned. The nonviolent one: developing and deploying the technology necessary for underground clinics to provide higher quality service, and for their clients to find, order and pay for the services without being likely to trace down by the Whateveriscurrentlythelaw Enforcement. Causing bad press for them, keeping public awareness that alternatives to the law-compliance exist. Learning from countries with similar bans in action, both from the present and from history, how the alternatives developed there, and building on this knowledge. Direct attack is not always the best route, however tempting. A house can be brought down from the outside by a bomb, or from the inside by white ants. The trouble with this method is that is generally requires a large percentage of the population to actively or passively support a position. This almost always occurs after a situation has become intolerable to the masses. I have no intention in placing my ability to enjoy what I consider my basic rights into the hands of a million Joe Sixpacks and await their enlightenment. The only freedom which counts is the freedom to do what some other people think to be wrong. There is no point in demanding freedom to do that which all will applaud. All the so-called liberties or rights are things which have to be asserted against others who claim that if such things are to be allowed their own rights are infringed or their own liberties threatened. This is always true, even when we speak of the freedom to worship, of the right of free speech or association, or of public assembly. If we are to allow freedoms at all there will constantly be complaints that either the liberty itself or the way in which it is exercised is being abused, and, if it is a genuine freedom, these complaints will often be justified. There is no way of having a free society in which there is not abuse. Abuse is the very hallmark of liberty. -- Quintin H. Hailsham, The Dilemma of Democracy Get ready for a lot of abuse...
Patriot Ants (was: Re: Zombie Patriots and other musings)
On Sat, 13 Dec 2003, John Kelsey wrote: Of course, there's a more fundamental problem with surrendering to the lone warriors. Imagine that there's such a wave of pro-life terrorism that we finally agree to ban abortion. You're a fanatically committed pro-choice activist. What's your next move? Two moves possible. The violent, far less effective and possibly somehow counterproductive one: attacking the ones who enforce the measurement, by letal or nonlethal means, to act as deterrent. The nonviolent one: developing and deploying the technology necessary for underground clinics to provide higher quality service, and for their clients to find, order and pay for the services without being likely to trace down by the Whateveriscurrentlythelaw Enforcement. Causing bad press for them, keeping public awareness that alternatives to the law-compliance exist. Learning from countries with similar bans in action, both from the present and from history, how the alternatives developed there, and building on this knowledge. Direct attack is not always the best route, however tempting. A house can be brought down from the outside by a bomb, or from the inside by white ants. Insect survival strategies are distributed and largely successful; I am pretty sure we can learn a lot from there. One Patriot Ant doesn't have to fight in any big way, doing heroic deeds or big sacrifices; enough people who just provide samizdat for few friends, know what files to mirror, when to look away, what to be unable to remember when questioned by the Authorities, who know the newsbits that aren't officially reported and tell their friends can make big difference. The strength of Patriot Ants isn't in their individual strength, they don't make headlines - they just eat the System from the inside, one bite at time.
Re: cpunk-like meeting report
On Dec 14, 2003, at 6:53 PM, [EMAIL PROTECTED] wrote: On 14 Dec, Tim May wrote: No, we don't need a cpunx-news list. This is what Google and the ability to see hundreds of various lists and sites is for. News lists tend strongly to be just dumping grounds for crap from other lists. Yea, and I'll admit that I'm a junky, which is why I made the following pages... http://www.gnu-darwin.org/update.html http://www.gnu-darwin.org/applelists.html More... info., Must have ... more... Lie down and just resist the temptation. The world already has a dozen crypto/cyber rights mailing lists, probably more. And many 'e$, digibucks, digital bearer settlement, and cybercurrency types of list just from one single person...who also cross-posts to Cypherpunks. I had a friend who created a new high technology company whenever he got bored. Of course, these were not _real_ high tech companies, with actual products and actual profits. Rather, they were ventures, things that gave him a new business card, Orion X. Altschluss, President, Plutonic Transgenics, Inc. A few months later, Director, Corporate Relations, the Galt Foundation. Some people think spinning off new lists whenever they get interested in some area is interesting. Most of these lists fail for obvious reasons. Sometimes a famous person, especially Net famous, creates a vanity list. Hence the Interesting People vanity list. This trend seems to be giving way to Blogs, however, as the various net.personalities realize that what they really want is a forum for blogging their message to an attentive audience. I have done nearly all of my writing for Cypherpunks since 1992. I have watched Lewispunks, Perrypunks, various e-rights and digidollars and Geodesic Singularity Lists arise and do whatever they do after they arise. I have joined none of the varous other lists (which are usually with permission of owner lists--fuck that). So now we have someone calling himself Proclus, who has not contributed anything memorable to Cypherpunks, inviting Cypherpunks to join his new cpunx-news list. Yawn. Have fun. --Tim May #1. Sanhedrin 59a: Murdering Goyim (Gentiles) is like killing a wild animal. #2. Aboda Sarah 37a: A Gentile girl who is three years old can be violated. #3. Yebamoth 11b: Sexual intercourse with a little girl is permitted if she is three years of age. #4. Abodah Zara 26b: Even the best of the Gentiles should be killed. #5. Yebamoth 98a: All gentile children are animals. #6. Schulchan Aruch, Johre Deah, 122: A Jew is forbidden to drink from a glass of wine which a Gentile has touched, because the touch has made the wine unclean. #7. Baba Necia 114, 6: The Jews are human beings, but the nations of the world are not human beings but beasts.
Re: Don't worry...it's just one of Saddam's doubles
On Sun, 14 Dec 2003, Tyler Durden wrote: Spread the word. The adminstration got desparate. In a few weeks they'll announce this isn't the real Saddam, but that rounding up all of the clones is necessary progress in the fight to get the real Saddam. If I don't remember incorrectly, they said something about identifying him by DNA testing. But it wasn't widely quoted in the mainstream news. So even if it really is him - they may still claim he isn't the real McCoy if the insurgency won't stop. The timing is definitely weird. Too soon before the Elections. But there is still the backup, the Lost TV Star, also known as Ossama; whether They intend to announce capturing him, or whether he will be claimed responsible for Something Scary in a psyops attempt to make the voters more susceptible to the beat of the Homeland Security drums.
Re: Don't worry...it's just one of Saddam's doubles
Ahh... but if that were true, why would the US ever admit it? Let's say they run a DNA test and it's not him... why not just say, We ran a DNA test and it's him!! That would be a bigger boost for Bush for the coming election. There's still 13 more in the deck of cards - as well as Bin Laden - to use as an excuse to maintain their war on terrorism. - Eric Tully Tyler Durden wrote: Spread the word. The adminstration got desparate. In a few weeks they'll announce this isn't the real Saddam, but that rounding up all of the clones is necessary progress in the fight to get the real Saddam. -TD _ Get holiday tips for festive fun. http://special.msn.com/network/happyholidays.armx
Re: cpunk-like meeting report
On Dec 14, 2003, at 6:07 PM, [EMAIL PROTECTED] wrote: Hi, I've been admiring your and Tim's contributions, and I was wondering if either of you were planning to subscribe to the (new) news list. http://lists.cryptnet.net/mailman/listinfo/cpunx-news Be sure and check the archive before posting. It is still small. No, we don't need a cpunx-news list. This is what Google and the ability to see hundreds of various lists and sites is for. News lists tend strongly to be just dumping grounds for crap from other lists. Otherwise, if anyone could recommend additional good sources for cypherpunk-related news, I'd be very grateful, because I don't feel right about cross-posting news items to cypherpunks list. I'm already subscribed to the Cryptome rdf channel, Politech, and GNU-Darwin of course. I don't think I'm interesting enough for Interesting People ;-}. I failed the entrance exam for Interesting People, which is fine, for obvious reasons. --Tim May
Re: cpunk-like meeting report
On 14 Dec, Tim May wrote: No, we don't need a cpunx-news list. This is what Google and the ability to see hundreds of various lists and sites is for. News lists tend strongly to be just dumping grounds for crap from other lists. Yea, and I'll admit that I'm a junky, which is why I made the following pages... http://www.gnu-darwin.org/update.html http://www.gnu-darwin.org/applelists.html More... info., Must have ... more... Otherwise, if anyone could recommend additional good sources for cypherpunk-related news, I'd be very grateful, because I don't feel right about cross-posting news items to cypherpunks list. I'm already subscribed to the Cryptome rdf channel, Politech, and GNU-Darwin of course. I don't think I'm interesting enough for Interesting People ;-}. I failed the entrance exam for Interesting People, which is fine, for obvious reasons. ROFL! Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -BEGIN GEEK CODE BLOCK- Version: 3.1 GMU/S d+@ s: a+ C UBOULI$ P+ L+++() E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e h--- r+++ y --END GEEK CODE BLOCK-- [demime 0.97c removed an attachment of type APPLICATION/pgp-signature]
Re: Don't worry...it's just one of Saddam's doubles
On Dec 14, 2003, at 6:33 PM, Thomas Shaddack wrote: On Sun, 14 Dec 2003, Tyler Durden wrote: Spread the word. The adminstration got desparate. In a few weeks they'll announce this isn't the real Saddam, but that rounding up all of the clones is necessary progress in the fight to get the real Saddam. If I don't remember incorrectly, they said something about identifying him by DNA testing. But it wasn't widely quoted in the mainstream news. How boring. The DNA confirmation was reported on all of the puppet news organizations here. The Germans and Eastern Europeans, being mostly opposed to the war, probably just buried the confirmation. The Czech Republic supported the war, and sent troops, and now that Saddam has been captured, both of them will be returning home, with medals. --Tim May
Re: cpunk-like meeting report
Hi, I've been admiring your and Tim's contributions, and I was wondering if either of you were planning to subscribe to the (new) news list. http://lists.cryptnet.net/mailman/listinfo/cpunx-news Be sure and check the archive before posting. It is still small. Otherwise, if anyone could recommend additional good sources for cypherpunk-related news, I'd be very grateful, because I don't feel right about cross-posting news items to cypherpunks list. I'm already subscribed to the Cryptome rdf channel, Politech, and GNU-Darwin of course. I don't think I'm interesting enough for Interesting People ;-}. Please feel free to write back to me on- or off-list for whatever reason you like. Regards, proclus http://www.gnu-darwin.org/ On 14 Dec, Major Variola (ret.) wrote: I went to a meeting of the Irvine Underground (irvineunderground.org) which reminded me of late-90s SF CP meatings. Although the overall tech level was probably lower and social implications weren't a big topic. Also, at this meeting, there were far more cameras or videocams than were present (at least overtly :-) at the few CP meats I attended. However, nyms were used more than they were (overtly :-) at CP meatings; this may have been due to a introduce yourself poll. The IU group seems to be a bit more social, going to movies for instance, than the topic-only CPs were. The meeting was held in a room at an IHOP (pancake restaurant for furriners) The exploit mentioned in http://www.usatoday.com/tech/news/2003-12-11-microsoft2_x.htm was demonstrated, we were debriefed on the recent LA 802.11b War Flying mission (and the EMI resistance of 1960's era single-engine airplane instruments :-). Toorcon organizers were present. About 30+ people were there, with what appeared to me to be a bimodal distribution of skills, some advanced, some admitted unix newbies, etc. There was even recreational lock picking. A WiFi LAN, net connectivity through someone's cell phone eventually. A video projector. I didn't notice persons with exceptional Euler numbers, though black was definately the color of choice for garments. Ages appeared well distributed from undergrad to hoary. One gent noticed a certain TLA on my cypherpunks T-shirt and admitted that he had once worked in Ft Meade, though he wouldn't say on what :-) -- Visit proclus realm! http://proclus.tripod.com/ -BEGIN GEEK CODE BLOCK- Version: 3.1 GMU/S d+@ s: a+ C UBOULI$ P+ L+++() E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e h--- r+++ y --END GEEK CODE BLOCK-- [demime 0.97c removed an attachment of type APPLICATION/pgp-signature]
Re: PKI root signing ceremony, etc.
Rich Salz wrote: *shrug* it doesn't retroactively enforce the safety net - but that's ok, most MS products don't either :) The whole point is to enhance common practice, not stay at the lowest common denominator. If someone has *already* issued a certificate - and ignored the CA flag - is it part of the software's duty to somehow point this out to you? But regardless, as this only applies to imported keys you would never actually see it in Real Life (tm) Key management and auditing is pretty much external to the actual software regardless of which solution you use I would have thought. You'd be wrong. :) I did just download and use XCA for a little bit. It's practically impossible to audit. Every key in the database is protected with the same password. um, this is a **CA** - you have *one* key in the database, your CA key. It is bad practice to generate the keys on the CA machine and transport them to the server they will be used on - instead, the Cert request should be generated on the end-use machine, and the *request* transported to the CA, signed, and the certificate returned. That way, the private key never leaves the machine it was generated for and used on, and is protected by its own password. The system ask for the password as soon as it starts up. If I leave the program running while I leave my computer, I'm screwed. Then don't leave it running. If you got out of your car but left the engine running, and somebody stole the car, would you blame the design of the car? The key-holder isn't asked to confirm each signing -- there's no *ceremony* -- and they never enter the password after the program starts. For any kind of root these are all very bad. This is just fine for a root - the root acquires 'n' signing requests, opens the program, signs or rejects the requests as appropriate, then closes the program. It is not the duty of the CA to generate keys or enter certificate information - that is the requestor's problem, which he can do with the tools appropriate to his machine (openssl on almost anything, the built in keygen in IIS and several other webservers, and so forth. I am actually disappointed in XCA (compared to the earlier but awkward to set up OpenCA project) in that no browser-accessable request interface is provided. of course XCA is compatable with importing requests made from OpenCA, and exporting them back into an openCA pickup dir. but really it would be nice to be compatable with the interface most key requestors are used to. XCA is pretty nice for a Level-2 or small Level-1 CA. The template management, etc., is pretty good. (Having them tied to the key database, and having the keys be unlocked while making cert requests, are both real bad ideas, however.) There is no mystical value in having to type a key lots of times. I was just pointing out what other options are out there (I would have pointed out EBCrypt as well, which appears better suited to your current ritual, but its website seems to have vanished)
