Re: Signing as one member of a set of keys

[Adam Shostack]

Of course, the paranoid amonsgt us now believe that Mr. Back wrote the
code, and is engaging in a little misdirection below.

"Thanks for making the analysis easy!"

;)


On Fri, Aug 09, 2002 at 08:11:15PM +0100, Adam Back wrote:
| Very nice.  
| 
| Nice plausible set of candidate authors also:
| 
| pub  1022/5AC7B865 1992/12/01  [EMAIL PROTECTED]
| pub  1024/2B48F6F5 1996/04/10  Ian Goldberg <[EMAIL PROTECTED]>
| pub  1024/97558A1D 1994/01/10  Pr0duct Cypher 
| pub  1024/2719AF35 1995/05/13  Ben Laurie <[EMAIL PROTECTED]>
| pub  1024/58214C37 1992/09/08  Hal Finney <[EMAIL PROTECTED]>
| pub  1024/C8002BD1 1997/03/04  Eric Young <[EMAIL PROTECTED]>
| pub  1024/FBBB8AB1 1994/05/07  Colin Plumb <[EMAIL PROTECTED]>
| 
| Wonder if we can figure out who is most likely author based on coding
| style from such a small set.
| 
| It has (8 char) TABs but other wise BSD indentation style (BSD
| normally 4 spaces).  Also someone who likes triply indirected pointers
| ***blah in there.  Has local variables inside even *if code blocks*
| eg, inside main() (most people avoid that, preferring to declare
| variables at the top of a function, and historically I think some
| older gcc / gdb couldn't debug those variables if I recall).  Very
| funky use of goto in getpgppkt, hmmm.  Somewhat concise coding and
| variable names.
| 
| Off the cuff guess based on coding without looking at samples of code
| to remind, probably Colin or Ian.
| 
| Of course (Lance Cottrell/Ian Goldberg/Pr0duct Cypher/Ben Laurie/Hal
| Finney/Eric Young/Colin Plumb) possibly deviated or mimicked one of
| their coding styles.  Kind of interesting to see a true nym in there
| also.
| 
| Also the Cc -- Coderpunks lives?  I think the Cc coderpunks might be a
| clue also, I think some of these people would know it died.  I think
| that points more at Colin.
| 
| Other potential avenue might be implementation mistake leading to
| failure of the scheme to robustly make undecidable which of the set is
| the true author, given alpha code.
| 
| Adam
| 
| On Fri, Aug 09, 2002 at 03:52:56AM +, Anonymous User wrote:
| > This program can be used by anonymous contributors to release partial
| > information about their identity - they can show that they are someone
| > from a list of PGP key holders, without revealing which member of the
| > list they are.  Maybe it can help in the recent controvery over the
| > identity of anonymous posters.  It's a fairly low-level program that
| > should be wrapped in a nicer UI.  I'll send a couple of perl scripts
| > later that make it easier to use.
| 

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: responding to claims about TCPA

[AARG! Anonymous]

AARG! wrote:
> I asked Eric Murray, who knows something about TCPA, what he thought
> of some of the more ridiculous claims in Ross Anderson's FAQ (like the
> SNRL), and he didn't respond.  I believe it is because he is unwilling
> to publicly take a position in opposition to such a famous and respected
> figure.

John Gilmore replied:
>
> Many of the people who "know something about TCPA" are constrained
> by NDA's with Intel.  Perhaps that is Eric's problem -- I don't know.

Maybe, but he could reply just based on public information.  Despite this
he was unable or unwilling to challenge Ross Anderson.


> One of the things I told them years ago was that they should draw
> clean lines between things that are designed to protect YOU, the
> computer owner, from third parties; versus things that are designed to
> protect THIRD PARTIES from you, the computer owner.  This is so
> consumers can accept the first category and reject the second, which,
> if well-informed, they will do.

I don't agree with this distinction.  If I use a smart card chip that
has a private key on it that won't come off, is that protecting me from
third parties, or vice versa?  If I run a TCPA-enhanced Gnutella that
keeps the RIAA from participating and easily finding out who is running
supernodes (see http://slashdot.org/article.pl?sid=02/08/09/2347245 for
the latest crackdown), I benefit, even though the system technically is
protecting the data from me.

I wrote earlier that if people were honest, trusted computing would not
be necessary, because they would keep their promises.  Trusted computing
allows people to prove to remote users that they will behave honestly.
How does that fit into your dichotomy?  Society has evolved a myriad
mechanisms to allow people to give strong evidence that they will keep
their word; without them, trade and commerce would be impossible.  By your
logic, these protect third parties from you, and hence should be rejected.
You would discard the economic foundation for our entire world.


> TCPA began in that "protect third parties from the owner" category,
> and is apparently still there today.  You won't find that out by
> reading Intel's modern public literature on TCPA, though; it doesn't
> admit to being designed for, or even useful for, DRM.  My guess is
> that they took my suggestion as marketing advice rather than as a
> design separation issue.  "Pitch all your protect-third-party products
> as if they are protect-the-owner products" was the opposite of what I
> suggested, but it's the course they (and the rest of the DRM industry)
> are on.  E.g. see the July 2002 TCPA faq at:
>
>   http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf
>
>   3. Is the real "goal" of TCPA to design a TPM to act as a DRM or
>  Content Protection device? 
>   No.  The TCPA wants to increase the trust ... [blah blah blah]
>
> I believe that "No" is a direct lie.

David Grawrock of Intel has an interesting slide presentation on
TCPA at http://www.intel.com/design/security/tcpa/slides/index.htm.
His slide 3 makes a good point: "All 5 members had very different ideas
of what should and should not be added."  It's possible that some of
the differences in perspective and direction on TCPA are due to the
several participants wanting to move in different ways.  Some may have
been strictly focused on DRM; others may have had a more expansive
vision of how trust can benefit all kinds of distributed applications.
So it's not clear that you can speak of the "real goal" of TCPA, when
there are all these different groups with different ideas.

> Intel has removed the first
> public version 0.90 of the TCPA spec from their web site, but I have
> copies, and many of the examples in the mention DRM, e.g.:
>
>   http://www.trustedcomputing.org/docs/TCPA_first_WP.pdf  (still there)
>
> This TCPA white paper says that the goal is "ubiquity".  Another way to
> say that is monopoly.

Nonsense.  The web is ubiquitous, but is not a monopoly.

> The idea is to force any other choices out of
> the market, except the ones that the movie & record companies want.
> The first "scenario" (PDF page 7) states: "For example, before making
> content available to a subscriber, it is likely that a service
> provider will need to know that the remote platform is trustworthy."

That same language is in the Credible Interoperability document presently
on the web site at
http://www.trustedcomputing.org/docs/Credible_Interoperability_020702.pdf.
So I don't think there is necessarily any kind of a cover-up here.


>   http://www.trustedpc.org/home/pdf/spec0818.pdf (gone now)
>
> Even this 200-page TCPA-0.90 specification, which is carefully written
> to be obfuscatory and misleading, leaks such gems as: "These features
> encourage third parties to grant access to by the platform to
> information that would otherwise be denied to the platform" (page 14).
> "The 'protected store' feature...can hold and manipulate confidential
> data, and will allow t

Re: Signing as one member of a set of keys

[Jim Choate]

If you think that will make the problem easy or definitive...

For a start check out,

Springer Series in Statistics
Applied Bayesian and Classical Inference: The Cast of The Federalist
Papers
F. Mosteller, D.L. Wallace
ISBN 0-387-90991-5
ISBN 0-540-90991-5

On Sun, 11 Aug 2002, Adam Shostack wrote:

> Of course, the paranoid amonsgt us now believe that Mr. Back wrote the
> code, and is engaging in a little misdirection below.
> 
> "Thanks for making the analysis easy!"
> 
> ;)
> 
> 
> On Fri, Aug 09, 2002 at 08:11:15PM +0100, Adam Back wrote:
> | Very nice.  
> | 
> | Nice plausible set of candidate authors also:
> | 
> | pub  1022/5AC7B865 1992/12/01  [EMAIL PROTECTED]
> | pub  1024/2B48F6F5 1996/04/10  Ian Goldberg <[EMAIL PROTECTED]>
> | pub  1024/97558A1D 1994/01/10  Pr0duct Cypher 
> | pub  1024/2719AF35 1995/05/13  Ben Laurie <[EMAIL PROTECTED]>
> | pub  1024/58214C37 1992/09/08  Hal Finney <[EMAIL PROTECTED]>
> | pub  1024/C8002BD1 1997/03/04  Eric Young <[EMAIL PROTECTED]>
> | pub  1024/FBBB8AB1 1994/05/07  Colin Plumb <[EMAIL PROTECTED]>
> | 
> | Wonder if we can figure out who is most likely author based on coding
> | style from such a small set.
> | 
> | It has (8 char) TABs but other wise BSD indentation style (BSD
> | normally 4 spaces).  Also someone who likes triply indirected pointers
> | ***blah in there.  Has local variables inside even *if code blocks*
> | eg, inside main() (most people avoid that, preferring to declare
> | variables at the top of a function, and historically I think some
> | older gcc / gdb couldn't debug those variables if I recall).  Very
> | funky use of goto in getpgppkt, hmmm.  Somewhat concise coding and
> | variable names.
> | 
> | Off the cuff guess based on coding without looking at samples of code
> | to remind, probably Colin or Ian.
> | 
> | Of course (Lance Cottrell/Ian Goldberg/Pr0duct Cypher/Ben Laurie/Hal
> | Finney/Eric Young/Colin Plumb) possibly deviated or mimicked one of
> | their coding styles.  Kind of interesting to see a true nym in there
> | also.
> | 
> | Also the Cc -- Coderpunks lives?  I think the Cc coderpunks might be a
> | clue also, I think some of these people would know it died.  I think
> | that points more at Colin.
> | 
> | Other potential avenue might be implementation mistake leading to
> | failure of the scheme to robustly make undecidable which of the set is
> | the true author, given alpha code.
> | 
> | Adam
> | 
> | On Fri, Aug 09, 2002 at 03:52:56AM +, Anonymous User wrote:
> | > This program can be used by anonymous contributors to release partial
> | > information about their identity - they can show that they are someone
> | > from a list of PGP key holders, without revealing which member of the
> | > list they are.  Maybe it can help in the recent controvery over the
> | > identity of anonymous posters.  It's a fairly low-level program that
> | > should be wrapped in a nicer UI.  I'll send a couple of perl scripts
> | > later that make it easier to use.
> | 
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
>  -Hume
> 

Re: Challenge to TCPA/Palladium detractors

[Russell Nelson]

AARG!Anonymous writes:
 > I'd like the Palladium/TCPA critics to offer an alternative proposal
 > for achieving the following technical goal:
 > 
 >   Allow computers separated on the internet to cooperate and share data
 >   and computations such that no one can get access to the data outside
 >   the limitations and rules imposed by the applications.

Can't be done.  I don't have time to go into ALL the reasons.
Fortunately for me, any one reason is sufficient.  #1: it's all about
the economics.  You have failed to specify that the cost of breaking
into the data has to exceed the value of the data.  But even if you
did that, you'd have to assume that the data was never worth more than
that to *anyone*.  As soon as it was worth that, they could break into
the data, and data is, after all, just data.

Ignore economics at your peril.

-- 
-russ nelson  http://russnelson.com |
Crynwr sells support for free software  | PGPok | businesses persuade
521 Pleasant Valley Rd. | +1 315 268 1925 voice | governments coerce
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   |

Re: [CI] Re: Turing thesis(Incompleteness theorom)

[gfgs pedo]

hi,

thank you Mr. Jim,one more query, regarding Godel's
incompleteness theorom.

with reference to
http://www.miskatonic.org/godel.html

"
Gödel asks for the program and the circuit design of
the UTM. The program may be complicated, but it can
only be finitely long. Call the program P(UTM) for
Program of the Universal Truth Machine. "

we know that there are unprovable and provable
statements and there is no way to distinguish all
solvabe problems from unsolvable ones as you said
below.
> 
> > Also have can we distinguish between provable and
> unprovable statements.
> 
> That is an unsolvable problem if you are looking for
> a general approach to
> -any- statement, that -is- Godel's.
> 

In godel's  theorom,above mentioned,it says circuit
design and programme must be finitely long.

Is that necessary?we can't say for sure,right?Isn't it
an unprovable statement which is made or more likely
an assumption.

if we say other wise,why has the programme to be
finite?
Thank you very much.

Regards  Data.

__
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com

Re: Seth on TCPA at Defcon/Usenix

[John Gilmore]

> It reminds me of an even better way for a word processor company to make
> money: just scramble all your documents, then demand ONE MILLION DOLLARS
> for the keys to decrypt them.  The money must be sent to a numbered
> Swiss account, and the software checks with a server to find out when
> the money has arrived.  Some of the proposals for what companies will
> do with Palladium seem about as plausible as this one.

Isn't this how Windows XP and Office XP work?  They let you set up the
system and fill it with your data for a while -- then lock up and
won't let you access your locally stored data, until you put the
computer on the Internet and "register" it with Microsoft.  They
charge less than a million dollars to unhand your data, but otherwise
it looks to me like a very similar scheme.

There's a first-person report about how Office XP made the computers
donated for the 9/11 missing persons database useless after several
days of data entry -- so the data was abandoned, and re-entered into a
previous (non-DRM) Microsoft word processor.  The report came through
this very mailing list.  See:

  http://www.mail-archive.com/cryptography@wasabisystems.com/msg02134.html

This scenario of word processor vendors denying people access to their
own documents until they do something to benefit the vendor is not
just "plausible" -- it's happening here and now.

John

Re: dangers of TCPA/palladium

[Ben Laurie]

AARG!Anonymous wrote:
> Adam Back writes:
> 
> 
>>- Palladium is a proposed OS feature-set based on the TCPA hardware
>>(Microsoft)
> 
> 
> Actually there seem to be some hardware differences between TCPA and
> Palladium.  TCPA relies on a TPM, while Palladium uses some kind of
> new CPU mode.  Palladium also includes some secure memory, a concept
> which does not exist in TCPA.

This is correct. Palladium has "ring -1", and memory that is only 
accessible to ring -1 (or I/O initiated by ring -1).

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: TCPA/Palladium -- likely future implications (Re: dangers ofTCPA/palladium)

[Peter Fairbrother]

Adam Back wrote:
[...]
> - It is always the case that targetted people can have hardware
> attacks perpetrated against them.  (Keyboard sniffers placed during
> court authorised break-in as FBI has used in mob case of PGP using
> Mafiosa [1]).

[...]

> [1] "FBI Bugs Keyboard of PGP-Using Alleged Mafioso", 6 Dec 2000,
> slashdot

That was a software keylogger (actually two software keyloggers), not
hardware. 

(IMO Scarfo's lawyers should never have dealt, assuming the evidence was
necessary for a conviction, but the FBI statement about the techniques used
was probably too obfuscated for them - it took me a good week to understand
it. I emailed them, but got no reply.

Incidently, Nicky Scarfo used his father's prison number for the password,
so a well researched directed dictionary attack would have worked anyway.)


The FBI reputedly can (usually, on Windows boxen) now install similar
software keyloggers remotely, without needing to break in.


-- Peter Fairbrother

Doubt on O notation.

[gfgs pedo]

hi,

I have problem understanding time complexity for the
following problem

I need to check if two strings are equal

let string one
s1=aaabbb

and string two

s2=aaabbb

We place it on a single tape turing machine

aaabbb aaabbb

the book says it takes  roughly 2n steps to match
corresponding alphabet of s1 with s2,that much i
understand.

therefore the whole computation takes O(n^2) time.
how is that,should n't be O(2n)

the same if placed on a two tape turing machine is as
shown
tape 1: aaabbb
tape2 : aaabbb

and they are compared simultaneouly and have a time
complexity of O(n) which is understandable.

How ever  i didnt get how we get O(n^2) in the
previous case.

In automata  the number of sentential
forms cannot exceed 
M=|p|+ |p^2| + ...+ |p|^(2|w|) where w is the length
of the input string.p is the finite set of
productions.
I dont see how it is applicable here.
pls help.Thank you.

Regards Data.

__
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com

Re: dangers of TCPA/palladium

[Ben Laurie]

Mike Rosing wrote:
>>Why exactly is this so much more of a threat than, say, flash BIOS
>>upgrades?  The BIOS has a lot more power over your machine than the
>>TPM does.
> 
> 
> The difference is fundamental: I can change every bit of flash in my BIOS.
> I can not change *anything* in the TPM.  *I* control my BIOS.  IF, and
> only IF, I can control the TPM will I trust it to extend my trust to
> others.  The purpose of TCPA as spec'ed is to remove my control and
> make the platform "trusted" to one entity.  That entity has the master
> key to the TPM.
> 
> Now, if the spec says I can install my own key into the TPM, then yes,
> it is a very useful tool.  It would be fantastic in all the portables
> that have been stolen from the FBI for example.  Assuming they use a
> password at turn on, and the TPM is used to send data over the net,
> then they'd know where all their units are and know they weren't
> compromised (or how badly compromised anyway).
> 
> But as spec'ed, it is very seriously flawed.

Although the outcome _may_ be like this, your understanding of the TPM 
is seriously flawed - it doesn't prevent your from running whatever you 
want, but what it does do is allow a remote machine to confirm what you 
have chosen to run.

It helps to argue from a correct starting point.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: Challenge to TCPA/Palladium detractors

[lynn . wheeler]

small discussion of security proportional to risk:
http://www.garlic.com/~lynn/2002h.html#61 security proportional to risk

slightly related
http://www.garlic.com/~lynn/2001j.html#5 E-commerce security
http://www.garlic.com/~lynn/2001j.html#54 Does "Strong Security" Mean
Anything?

also slightly related, both the tpm chips and various card chips are
similar ... some with eal3-high or eal4-high evaluation. however these
ratings are typically just for the chip ... or the chip with the barest of
software  not the completely delivered operation environment.

trying to get an EAL5-high or EAL6-high on the complete package  would
include getting evaluation on things like any crypto (for those chips
employing crypto) ... which is a interesting whole 'nother exercise.
slightly related:
http://www.garlic.com/~lynn/aadsm12.htm#13 anybody seen (EAL5) semi-formal
specification for FIPS186-2/x9.62 ecdsa?
http://www.garlic.com/~lynn/2002h.html#71 history of CMS
http://www.garlic.com/~lynn/2002h.html#84 history of CMS
http://www.garlic.com/~lynn/2002j.html#86 formal fips186-2/x9.62 definition
for eal 5/6 evaluation




[EMAIL PROTECTED] on 8/10/2002 11:01 pm wrote:

Can't be done.  I don't have time to go into ALL the reasons.
Fortunately for me, any one reason is sufficient.  #1: it's all about
the economics.  You have failed to specify that the cost of breaking
into the data has to exceed the value of the data.  But even if you
did that, you'd have to assume that the data was never worth more than
that to *anyone*.  As soon as it was worth that, they could break into
the data, and data is, after all, just data.

Ignore economics at your peril.

--
-russ nelson  http://russnelson.com |
Crynwr sells support for free software  | PGPok | businesses persuade
521 Pleasant Valley Rd. | +1 315 268 1925 voice | governments coerce
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   |

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]

Re: On the outright laughability of internet "democracy"

[A.Melon]

On Sun, 11 Aug 2002 13:22:15 -0400, you wrote:
>
> At 4:35 PM +0200 on 8/11/02, Anonymous wrote:
>
>
> > Next, the "internet" boogeyman.
>
> Nope. Just the clueless "only knows one austrian remailer" boogeyman. Watch
> me make him go away:
>
> <*Plonk!*>

Based on your inability or unwillingness to address the issues identified 
specifically, that is 
pretty good course of action on your part.

I would think you might be interested in going deeper, as "Blind signatures for 
untraceable 
payments" is directly applicable to both digital settlement and digital voting. See 
http://www.acm.org/crossroads/xrds2-4/voting.html for an interesting little article of 
introduction about the topic. And there are many others more current and deep.

Those issues, remaining unaddressed by you, include:

"The "sold vote" boogeyman".

You need to submit evidence that "anonymous" "internet" voting is more likely to be 
fraudulent 
than paper, voter-present by mail voting. You have submitted none, and the 
"cryptography" word is 
insufficient to scare me off.

The "bogus digital voter registration" boogeyman.

You may also wish to show how digital voter registration cards would be more likely to 
be bogus 
than "Motor Voter, no-id required" registration cards. Good luck.

The "crypto" boogeyman.

I challenge you to show that current, published crypto voting protocols cannot 
accomplish the 
following:
1. one digital sig, one vote, the first one, and the others are discarded
2. no dig signature, no vote
3. no dig voter registration, no dig sig
4. anonymity, i.e., no connectibility between the voter's choice and his identity.
5. auditability, i.e., connection between each voting "lever throw" and a dig sig for 
the current 
vote.

Next, the "internet" boogeyman.

It's just a pipe/wire/whatever. Bits. Don't be afraid. If the bits are properly 
signed, no problem 
and whether "internet" bits or voter-machine-punched-paper-tape-bits is irrelevant."

They are not strengthened or weakened by the mail server applied to their 
transmission, by the way.

Cheers!

Re: Signing as one member of a set of keys

[Anonymous User]

Here are the perl scripts I cobbled together to put the ring signature
at the end of the file, after a separator.  I called the executable
program from the earlier C source code "ringsig".  I call these ringver
and ringsign.  I'm no perl hacker so these could undoubtedly be greatly
improved.

ringver
===
#! /usr/bin/perl

# Usage: $0 pubkeyfile < filetoverify

die("Usage: ringver pubkeyfile < filetoverify") if @ARGV != 1;

$outfile = "/tmp/sigdata$$";
$sigfile = "/tmp/sigfile$$";
$separator = "  \\+\\+multisig v1\\.0";

$pubfile=$ARGV[0];

-r $pubfile || die ("Error reading $pubfile");

open (OUTFILE, ">".$outfile) || die ("Unable to open $outfile for output");
open (SIGFILE, ">".$sigfile) || die ("Unable to open $sigfile for output");

# Skip leading blank lines on input file
$_= while /^$/;

# Save lines to outfile until separator
print OUTFILE $_;
while () {
last if /$separator/;
print OUTFILE $_;
}

die ("No signature found in input file") if !$_;

# Save remaining lines ot sigfile
print SIGFILE while ;

close INFILE;
close OUTFILE;
close SIGFILE;

open (SIG, "./ringsig -v $outfile $pubfile < $sigfile |") ||
die ("Error running verify program");

# Print output from program
print while ;
close SIG;

unlink($sigfile);
unlink($outfile);

exit($?);








ringsign
===
#! /usr/bin/perl

# Usage: $0 filetosign pubkeyfile privkeyfile

die("Usage: ringsign filetosign pubkeyfile privkeyfile > outfile") if
@ARGV < 3;

$outfile = "/tmp/sigdata$$";
$separator = "  ++multisig v1.0";

open(INFILE, $ARGV[0]) || die ("Unable to open $ARGV[0] for input");
$pubfile=$ARGV[1];
$secfile=$ARGV[2];

-r $pubfile || die ("Error reading $pubfile");
-r $secfile || die ("Error reading $secfile");

open (OUTFILE, ">".$outfile) || die ("Unable to open $outfile for output");

# Skip leading blank lines on input file
$_= while /^$/;

# Save lines to outfile
print OUTFILE $_;
print OUTFILE $_ while ;

close INFILE;
close OUTFILE;

# Re-open infile
open(INFILE, $ARGV[0]) || die ("Unable to open $ARGV[0] for input");

open (SIG, "./ringsig -s $outfile $pubfile $secfile|") ||
die ("Error signing");

@sigs = ;
close SIG;
die ("Error from signature program") if ($?);

# Output infile, separator, sig
print while ;
print $separator . "\n";
print @sigs;

unlink($outfile);

Seth on TCPA at Defcon/Usenix

[AARG! Anonymous]

Seth Schoen of the EFF has a good blog entry about Palladium and TCPA
at http://vitanuova.loyalty.org/2002-08-09.html.  He attended Lucky's
presentation at DEF CON and also sat on the TCPA/Palladium panel at
the USENIX Security Symposium.

Seth has a very balanced perspective on these issues compared to most
people in the community.  It makes me proud to be an EFF supporter
(in fact I happen to be wearing my EFF T-shirt right now).

His description of how the Document Revocation List could work is
interesting as well.  Basically you would have to connect to a server
every time you wanted to read a document, in order to download a key
to unlock it.  Then if "someone" decided that the document needed
to un-exist, they would arrange for the server no longer to download
that key, and the document would effectively be deleted, everywhere.

I think this clearly would not be a feature that most people would accept
as an enforced property of their word processor.  You'd be unable to
read things unless you were online, for one thing.  And any document you
were relying on might be yanked away from you with no warning.  Such a
system would be so crippled that if Microsoft really did this for Word,
sales of "vi" would go through the roof.

It reminds me of an even better way for a word processor company to make
money: just scramble all your documents, then demand ONE MILLION DOLLARS
for the keys to decrypt them.  The money must be sent to a numbered
Swiss account, and the software checks with a server to find out when
the money has arrived.  Some of the proposals for what companies will
do with Palladium seem about as plausible as this one.

Seth draws an analogy with Acrobat, where the paying customers are
actually the publishers, the reader being given away for free.  So Adobe
does have incentives to put in a lot of DRM features that let authors
control publication and distribution.

But he doesn't follow his reasoning to its logical conclusion when dealing
with Microsoft Word.  That program is sold to end users - people who
create their own documents for the use of themselves and their associates.
The paying customers of Microsoft Word are exactly the ones who would
be screwed over royally by Seth's scheme.  So if we "follow the money"
as Seth in effect recommends, it becomes even more obvious that Microsoft
would never force Word users to be burdened with a DRL feature.

And furthermore, Seth's scheme doesn't rely on TCPA/Palladium.  At the
risk of aiding the fearmongers, I will explain that TCPA technology
actually allows for a much easier implementation, just as it does in so
many other areas.  There is no need for the server to download a key;
it only has to download an updated DRL, and the Word client software
could be trusted to delete anything that was revoked.  But the point
is, Seth's scheme would work just as well today, without TCPA existing.
As I quoted Ross Anderson saying earlier with regard to "serial number
revocation lists", these features don't need TCPA technology.

So while I have some quibbles with Seth's analysis, on the whole it is
the most balanced that I have seen from someone who has no connection
with the designers (other than my own writing, of course).  A personal
gripe is that he referred to Lucky's "critics", plural, when I feel
all alone out here.  I guess I'll have to start using the royal "we".
But he redeemed himself by taking mild exception to Lucky's slide show,
which is a lot farther than anyone else has been willing to go in public.

Re: responding to claims about TCPA

[David Wagner]

AARG! Anonymous  wrote:
>In fact, you are perfectly correct that Microsoft architectures would
>make it easy at any time to implement DRL's or SNRL's.  They could do
>that tomorrow!  They don't need TCPA.  So why blame TCPA for this feature?

The relevance should be obvious.  Without TCPA/Palladium, application
developers can try to build a Document Revocation List, but it will
be easily circumvented by anyone with a clue.  With TCPA/Palladium,
application developers could build a Document Revocation List that could
not be easily circumvented.

Whether or not you think any application developer would ever create such
a feature, I hope you can see how TCPA/Palladium increases the risks here.
It enables Document Revocation Lists that can't be bypassed.  That's a
new development not feasible in today's world.

To respond to your remark about bias: No, bringing up Document Revocation
Lists has nothing to do with bias.  It is only right to seek to understand
the risks in advance.  I don't understand why you seem to insinuate
that bringing up the topic of Document Revocation Lists is an indication
of bias.  I sincerely hope that I misunderstood you.

Re: Thanks, Lucky, for helping to kill gnutella

[Seth Johnson]

TCPA and Palladium are content control for the masses.  They
are an attempt to encourage the public to confuse the public
interest issues of content control with the private interest
issues of privacy and security.

Seth Johnson

-- 

[CC] Counter-copyright:
http://cyber.law.harvard.edu/cc/cc.html

I reserve no rights restricting copying, modification or
distribution of this incidentally recorded communication. 
Original authorship should be attributed reasonably, but
only so far as such an expectation might hold for usual
practice in ordinary social discourse to which one holds no
claim of exclusive rights.

RE: Challenge to David Wagner on TCPA

[Russell Nelson]

Jim Choate writes:
 > 
 > On Mon, 5 Aug 2002, Russell Nelson wrote:
 > 
 > > AARG!Anonymous writes:
 > >  > So don't read too much into the fact that a bunch of anonymous postings
 > >  > have suddenly started appearing from one particular remailer.  For your
 > >  > information, I have sent over 400 anonymous messages in the past year
 > >  > to cypherpunks, coderpunks, sci.crypt and the cryptography list (35
 > >  > of them on TCPA related topics).
 > > 
 > > We have, of course, no way to verify this fact, since your messages
 > > are not cryptographically signed.  For someone who claims to be
 > > knowledgable about cryptography, this seems like a suspicious omission.
 > 
 > Bullshit Russ, plausable deniability alone justifies such behaviour.
 > 
 > Who sent them is irrelevant except to cultists of personality (eg CACL
 > adherents).

I agree that it's irrelevant.  So why is he trying to argue from
authority (always a fallacy anyway) without *even* having any way to
prove that he is that authority?  Fine, let him desire plausible
deniability.  I plausibly deny his appeal to (self-)authority as being
completely without merit.

-- 
-russ nelson  http://russnelson.com |
Crynwr sells support for free software  | PGPok | businesses persuade
521 Pleasant Valley Rd. | +1 315 268 1925 voice | governments coerce
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   |

Re: dangers of TCPA/palladium

[Mike Rosing]

On 11 Aug 2002, David Wagner wrote:

> Ben Laurie  wrote:
> >Mike Rosing wrote:
> >> The purpose of TCPA as spec'ed is to remove my control and
> >> make the platform "trusted" to one entity.  That entity has the master
> >> key to the TPM.
> >>
> >> Now, if the spec says I can install my own key into the TPM, then yes,
> >> it is a very useful tool.
> >
> >Although the outcome _may_ be like this, your understanding of the TPM
> >is seriously flawed - it doesn't prevent your from running whatever you
> >want, but what it does do is allow a remote machine to confirm what you
> >have chosen to run.
> >
> >It helps to argue from a correct starting point.
>
> I don't understand your objection.  It doesn't look to me like Rosing
> said anything incorrect.  Did I miss something?
>
> It doesn't look like he ever claimed that TCPA directly prevents one from
> running what you want to; rather, he claimed that its purpose (or effect)
> is to reduce his control, to the benefit of others.  His claims appear
> to be accurate, according to the best information I've seen.

In a way everybody is right.  It's true that TPM doesn't interfere with
operating code - it interferes with the user controlling the way the code
operates.  For a remote machine to *know* that a TPM is doing what it
says, the user of the remote machine must be denied access (physcially)
from the operating code.  I don't see any way around that physical
reality.  We can go on forever about the social implications (and I hope
we will :-)  but I don't see a flaw in my basic understanding.

Now, if the remote machine and I have predefined trust, then I can use
regular PKI and I don't need TCPA or a TPM.  It seems to me the
fundamental question is still who is charge of what.

Patience, persistence, truth,
Dr. mike

Re: Turing thesis

[Jim Choate]

[Can the admin of the cpunks-india list please contact me? I'd like to put
 a link w/ info on the SSZ CDR homepage. Thanks.]

On Sat, 10 Aug 2002, gfgs pedo wrote:

> Here is an example illustrating turing thesis
> 
> { Suppose we make a conjecture that a turing machine 
> is equal to the power of a typical digital
> computer?

Actually what it says is that -all- computing devices can be reduced to a
TM. A TM is a -universal- computing machine.

>how can we defend or  refute sucha hypotheis?

Show something a digital or analog computer can do that a TM can't or visa
versa.

> The difficulty lies  in the fact that we dont exactly
> know what is meant exactly by " a typical digital
> computer and we have no means of making a precise 
> defenition")

We don't care either, the point is that -all- are equivalent, not -some-.

> Is the defenition not possible because of the
> incompleteness theorom?

Irrelevant. It has to do with what one means by 'computation'.

> why exactly is it undefinable?

What is undefinable?

> Also have can we distinguish between provable and unprovable statements.

That is an unsolvable problem if you are looking for a general approach to
-any- statement, that -is- Godel's.


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: On the outright laughability of internet "democracy"

[R. A. Hettinga]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 4:33 PM -0500 on 8/11/02, the Austrian one-hop-wonder changed
remailers again, jumped out of the kill-file, followed me around the
mail list and started humping my leg with:


> Namecalling. Possibly your strongest argumentation?

Not at all. I really do believe the word "idiot" is most appropriate
to your level of intelligence, and that makes it merely an
observation of fact on my part. However, to honor your persistence, I
will call you names later, since you really want it so bad.

But, first...

> Must have touched quite a raw nerve here. My thanks for your not
> "spewing oppositional bullshit". And what, pray tell, am I
> disagreeing with "politically"?

You are clearly a statist. In my autodydactic but still fairly
practiced opinion, an idiot statist. "Statist" because apparently
you've never seen a nation-state you didn't want to suck up to.
"Idiot", because when someone makes a statement of fact, like I did
several times in a row in this thread, you refute it with something
other than reason. Usually a repetition of the same thing over and
over, even when it clearly doesn't work for you. Certainly the very
definition of lunacy, if it's not actual idiocy.

There. How's that for a characterization of your disagreeable
politics?

>> you'd soon realize that you can't
>> actually control an truly anonymous voting scheme any more than
>> you can control a truly anonymous bearer asset. Like equity, an
>> anonymous vote is completely salable.
>
> Read first, spew later.

[This is, ladies, and gentlemen, exactly what *I* would call
"oppositional bullshit". Notice that he merely said the logical
equivalent of "I know you are, but what am I?" Oppositional. And
Bullshit. Check, and Check. Notice he says nothing, including his
previously ignored and recursively regurgitated "refutation" of that
claim at the beginning of the thread, that actually counters what
I've said all along, copied above in the interest of completeness, if
not consistency, above.

But enough of that, well, idiocy. Now, boys and girls, let's have
some fun, shall we? He thinks I'm insulting. Clearly he hasn't been
here long enough. :-) First a, um, warm-up. Where were we. Oh, yes.
Here we are...]

> Read first, spew later.

Cranky, Mr. One-Hop? Whatsa matter? Your ancient mother give you a
friction burn in the sack last night? K-Y's cheap, you know. You
should try it. I hear it even, um, comes in flavors these days...

[...and, as promised, the main event...]

>> In short, sir, please to fuck off, until you actually know what
>> you're talking about.
>
> Another of your better argumentation. It is difficult to choose
> between your vulgar manner or your avoidance of facts,

Allow me to argue even better then, in a matter you seem to
appreciate most.

You, sir, are an imbecile. A Poltroon. A Spittlelicker and a toady
[Thanks to Patrick O'Brien...]. [Postmodern anti-imperialist] A
statist lackey (sorry Ryan :-)). A straw-felching pederast [my
apologies to all felchers, straw-using, and otherwise, and, of
course, to pederasts everywhere...]

Ah, the pain of monolinguality. You've said it yourself, haven't you?
I really should learn to use other languages, as my life would be so
much richer.

In that, um, vein, and in your multilingual honor, I hope I'm
forgiven if I got some help,. The following are compliments of the
good folks at :

Yiddish -- Yutz. Putz. (I'm sorry you'd don't qualify for "Schmuck",
Mr. One-Hop, much less "Schlong", but, by the way you acquit yourself
here on cypherpunks, that would be off by an order or two of
magnitude. Or, heh, three. :-). Maybe it got dwarfed by friction
burn, or something. Better put some ice on that?) Schlemeil,
Schlmazel, [I feel like Laverne and Shirley, here...] Mishugena. Gayn
Cacken Ofn yam.

French -- Lhche mon cul. [I think that one says it all, don't you
think? The French have *such* a classy expression for *everything*.]

German -- Depp (sound familiar?), Arschgesicht, Leck mich am Arsch
[there's an echo in here...], Hosenscheisser, and, probably most
applicable to your career and qualifications, Arschkriecher [cf
"Toady", above].

Afrikaans [vaguely brutal, and to the point] -- Poephol.

Japanese [cute, in a "Hello Kitty" kind of way] -- kisama.

Cantonese [phonetic] -- lay da yuen fay gay mm sai sou.

Mandarin [also phonetic] -- Liu mang.

Finnish [in honor of Linus] -- Ditisi nai poroja!

Dutch [as one would expect :-), they're particularly creative, but I
like a little irony, myself] -- droogkloot.

And, finally, Latin [a classic, rendered in a classic tongue, and in
memory of your aforementioned chronic lack of nightly lubrication]--
tua mater.

> as the better explanation of the failure of your "Internet Bearer
> Underwriting" ventures.

We'll see, I suppose. At least I haven't quit yet. Nonetheless, it's
a safe bet that as much as I'm too stupid to quit trying to make IBUC
work, you will *always* be more stupid 

Re: Re: Challenge to TCPA/Palladium detractors

[Joseph Ashwood]

- Original Message -
From: "Eugen Leitl" <[EMAIL PROTECTED]>
> Can anyone shed some light on this?

Because of the sophistication of modern processors there are too many
variables too be optimized easily, and doing so can be extremely costly.
Because of this diversity, many compilers use semi-random exploration.
Because of this random exploration the compiler will typically compile the
same code into a different executable. With small programs it is likely to
find the same end-point, because of the simplicity. The larger the program
the more points for optimization, so for something as large as say PGP you
are unlikely to find the same point twice, however the performance is likely
to be eerily similar.

There are bound to be exceptions, and sometimes the randomness in the
exploration appears non-existent, but I've been told that some versions the
DEC GEM
compiler used semi-randomness a surprising amount because it was a very fast
way to narrow down to an approximate best (hence the extremely fast
compilation and execution). It is likely that MS VC uses such techniques.
Oddly extremely high level languages don't have as many issues, each command
spans so many instructions that a pretuned set of command instructions will
often provide very close to optimal performance.

I've been told that gcc does not apparently use randomness to any
significant degree, but I admit I have not examined the source code to
confirm or deny this.
Joe

Re: Thanks, Lucky, for helping to kill gnutella

[Jim Choate]

There is a better way than the traditional 'client/server' approach
(distributed or not). It addresses each and every one of these issues and
its already written (by the people who invented Unix no less). And it's
Open Source (under it's own license). Even has crypto built in.

Plan 9.

http://plan9.bell-labs.com

And the only user/co-op group (not for long hopefully),

http://open-forge.org

On Sat, 10 Aug 2002, Jeroen C.van Gelderen wrote:

> 
> On Friday, Aug 9, 2002, at 13:05 US/Eastern, AARG!Anonymous wrote:
> > If only...  Luckily the cypherpunks are doing all they can to make sure
> > that no such technology ever exists.  They will protect us from being 
> > able
> > to extend trust across the network.  They will make sure that any open
> > network like Gnutella must forever face the challenge of rogue clients.
> > They will make sure that open source systems are especially vulnerable
> > to rogues, helping to drive these projects into closed source form.
> 
> This argument is a straw man but to be fair: I am looking forward to 
> your detailed proof that the only way to protect a Gnutella-like 
> network from rogue clients is a Palladium-like system. You are so 
> adamant that I have to assume you have such proof sitting right on your 
> desk. Please share it with us.
> 
> -J
> 
> 
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
> 


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: [CI] Re: Turing thesis(Incompleteness theorom)

[R. A. Hettinga]

At 11:58 AM -0700 on 8/11/02, James A. Donald wrote:


> Choate's universe is a very strange place.

One could even say it was, um, loopy...

:-).

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Challenge to David Wagner on TCPA

[Ben Laurie]

Lucky Green wrote:
> Ray wrote:
> 
>>>From: "James A. Donald" <[EMAIL PROTECTED]>
>>>Date: Tue, 30 Jul 2002 20:51:24 -0700
>>
>>>On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
>>>
both Palladium and TCPA deny that they are designed to restrict
what applications you run.  The TPM FAQ at 
http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads

>>>
>>>They deny that intent, but physically they have that capability.
>>
>>To make their denial credible, they could give the owner 
>>access to the private key of the TPM/SCP.  But somehow I 
>>don't think that jibes with their agenda.
> 
> 
> Probably not surprisingly to anybody on this list, with the exception of
> potentially Anonymous, according to the TCPA's own TPM Common Criteria
> Protection Profile, the TPM prevents the owner of a TPM from exporting
> the TPM's internal key. The ability of the TPM to keep the owner of a PC
> from reading the private key stored in the TPM has been evaluated to E3
> (augmented). For the evaluation certificate issued by NIST, see:
> 
> http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-VR-TPM.pdf

Obviously revealing the key would defeat any useful properties of the 
TPM/SCP. However, unless the machine refuses to run stuff unless signed 
by some other key, its a matter of choice whether you run an OS that has 
the aforementioned properties.

Of course, its highly likely that if you want to watch products of Da 
Mouse on your PC, you will be obliged to choose a certain OS. In order 
to avoid more sinister uses, it makes sense to me to ensure that at 
least one free OS gets appropriate signoff (and no, that does not 
include a Linux port by HP). At least, it makes sense to me if I assume 
that the certain other OS will otherwise become dominant. Which seems 
likely.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: On the outright laughability of internet "democracy"

[R. A. Hettinga]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 12:51 PM -0700 on 8/11/02, A.Austrian.Idiot single hops yet
another remailer and wrote:


> I would think you might be interested in going deeper, as "Blind
> signatures for untraceable  payments" is directly applicable to
> both digital settlement and digital voting.

Yes. Of course. And, if you actually read it, or even just thought
about it instead of spewing oppositional bullshit to everything you
disagree with politically, :-), you'd soon realize that you can't
actually control an truly anonymous voting scheme any more than you
can control a truly anonymous bearer asset. Like equity, an anonymous
vote is completely salable.

In short, sir, please to fuck off, until you actually know what
you're talking about.

Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGP 7.5

iQA/AwUBPVbGfsPxH8jf3ohaEQKaCACg5imhi38mKjBmPiX1uo4V2l77PiQAoK4K
Md2o5nPZy57vzqZNFDuJdFcP
=4bGV
-END PGP SIGNATURE-

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Thanks, Lucky, for helping to kill gnutella

[Bram Cohen]

AARG!Anonymous wrote:

> I will just point out that it was not my idea, but rather that Salon
> said that the Gnutella developers were considering moving to authorized
> clients.  According to Eric, those developers are "fundamentally stupid."
> According to Bram, the Gnutella developers don't understand their
> own protocol, and they are supporting an idea which will not help.
> Apparently their belief that clients like Qtrax are hurting the system
> is totally wrong, and keeping such clients off the system won't help.

You can try running a sniffer on it yourself. Gnutella traffic is almost
all search queries. 

> As far as Freenet and MojoNation, we all know that the latter shut down,
> probably in part because the attempted traffic-control mechanisms made
> the whole network so unwieldy that it never worked. 

Mojo Nation actually had a completely excessive amount of bandwidth
donated to it. There was a problem that people complained of losing mojo
when running a server due to the total amount of upload being greater than
the total amount of download. The main user experience disaster in Mojo
Nation was that the retrieval rate for files was very bad, mostly due to
the high peer churn rate.

> At least in part this was also due to malicious clients, according to
> the analysis at http://www.cs.rice.edu/Conferences/IPTPS02/188.pdf.

Oh gee, that paper mostly talks about high churn rate too.

In fact, I was one of the main developers of Mojo Nation, and based on
lessons learned from that figured out how to build a system which can cope
with very high churn rates and has good leech resistance. It is now mature
and has had several quite successful deployments.

http://bitconjurer.org/BitTorrent/

Not only are the algorithms used good for leech resistance, they are also
very good at being robust under normal variances in net conditions - in
fact, the decentralized greedy approach to resource allocation outperforms
any known centralized method.

The TCPA, even if it some day works perfectly (which I seriously doubt it
will) would just plain not help with any of the immediate problems in
Gnutella, BitTorrent, or Mojo Nation. I would guess the same is true for
most, if not all other p2p systems.

-Bram Cohen

"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes

Re: Thanks, Lucky, for helping to kill gnutella (fwd)

[David Wagner]

R. A. Hettinga wrote:
>[Ob Cypherpunks: Seriously, folks. How clueful can someone be who
>clearly doesn't know how to use more than one remailer hop, as proven
>by the fact that he's always coming out of the *same* remailer all
>the time?

I hope I don't need to point out that always using the same exit remailer
does *not* prove that he is using just one hop.  One can hold the exit
remailer fixed while varying other hops in the path.  Your question
seems to be based on a mistaken assumption about how remailers work.

Re: On the outright laughability of internet "democracy"

[xganon]

On Sun, 11 Aug 2002 16:18:32 -0400, you wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> At 12:51 PM -0700 on 8/11/02, A.Austrian.Idiot single hops yet
> another remailer and wrote:

Namecalling. Possibly your strongest argumentation?

> > I would think you might be interested in going deeper, as "Blind
> > signatures for untraceable  payments" is directly applicable to
> > both digital settlement and digital voting.
>
> Yes. Of course. And, if you actually read it, or even just thought
> about it instead of spewing oppositional bullshit to everything you
> disagree with politically, :-),

Must have touched quite a raw nerve here. My thanks for your not "spewing oppositional 
bullshit". 
And what, pray tell, am I disagreeing with "politically"?

> you'd soon realize that you can't
> actually control an truly anonymous voting scheme any more than you
> can control a truly anonymous bearer asset. Like equity, an anonymous
> vote is completely salable.

Read first, spew later.

>
> In short, sir, please to fuck off, until you actually know what
> you're talking about.

Another of your better argumentation. It is difficult to choose between your vulgar 
manner or your 
avoidance of facts, as the better explanation of the failure of your "Internet Bearer 
Underwriting" ventures.

Cheers!

Re: On alliances and enemies.

[cubic-dog]

On Sat, 10 Aug 2002, Jim Choate wrote:

> On Thu, 8 Aug 2002, cubic-dog wrote:
> 
> > I don't see Stalin/Hitler, I see;
> > 
> > Standard Oil/
> > Department of Transporation/
> > Interstate Commerce Commission)
> > General Motors/
> > Ford/
> > and so forth.
> 
> It's worth noting that the first two wouldn't have had near the impact
> they did if not for the help from entities like the later.

I think it's fair to say without cooperation on
behalf of all the players, none of them would have
been in the posistions of power and influence
that they were. (some still are)

> You draw a false distinction.
> 

How so? 

Re: On alliances and enemies.

[Mark]

Jim Choate said:
> > > > I don't see Stalin/Hitler, I see;
> > > >
> > > > Standard Oil/
> > > > Department of Transporation/
> > > > Interstate Commerce Commission)
> > > > General Motors/
> > > > Ford/
> > > > and so forth.
> > >
> > > You draw a false distinction.

And what is your position on IBM, Hitler, their interaction during WWII,
etc?

Re: On alliances and enemies.

[Jim Choate]

On Sun, 11 Aug 2002, Mark wrote:

> And what is your position on IBM, Hitler, their interaction during WWII,
> etc?

Position? I believe it is a -fact- that IBM helped Hitler. Quit playing
spin doctor.

Should that mean that todays IBM should be held accountable? No, not
unless you want to be held accountable for what your parents did.

What is your position on reparations to the negro community for actions
against their ancestors by YOUR ancestors?

The sins of the father are -never- passed to the sons by any sort of
ethical system worth the name.

Does that answer your question?


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: Thanks, Lucky, for helping to kill gnutella

[Sean Smith]

i guess it's appropriate that the world's deepest
hole is next to something labelled a "trust territory" :)

--Sean

:)

Re: [CI] Re: Turing thesis(Incompleteness theorom)

[James A. Donald]

--
On 11 Aug 2002 at 10:36, Jim Choate wrote:
> All Godel really says is that math, physics, etc. must be taken
> on -faith- with regard to 'consistency'. In other words,
> 'science' is just another 'religion'.

Choate's universe is a very strange place.




--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 g1mLlIzuFgLbXoOJFMHUW25JFxvX68MxJVBaw2T9
 2CyHwAWleXXEw7dAtv/o5PkeHz4+rp/NEMJFQPNfd

Re: On alliances and enemies.

[Jim Choate]

On Sun, 11 Aug 2002, cubic-dog wrote:

> On Sat, 10 Aug 2002, Jim Choate wrote:
> 
> > On Thu, 8 Aug 2002, cubic-dog wrote:
> > 
> > > I don't see Stalin/Hitler, I see;
> > > 
> > > Standard Oil/
> > > Department of Transporation/
> > > Interstate Commerce Commission)
> > > General Motors/
> > > Ford/
> > > and so forth.
> > 
> > It's worth noting that the first two wouldn't have had near the impact
> > they did if not for the help from entities like the later.
> 
> I think it's fair to say without cooperation on
> behalf of all the players, none of them would have
> been in the posistions of power and influence
> that they were. (some still are)
> 
> > You draw a false distinction.
> > 
> 
> How so? 

See your own responce, think about it this time.


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: Thanks, Lucky, for helping to kill gnutella

[R. A. Hettinga]

At 4:17 PM -0400 on 8/11/02, Sean Smith wrote:


> i guess it's appropriate that the world's deepest
> hole is next to something labelled a "trust territory" :)

Tears run down my face, I laughed so much. My cheeks hurt, I'm smiling so
hard...


Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: dangers of TCPA/palladium

[David Wagner]

Ben Laurie  wrote:
>Mike Rosing wrote:
>> The purpose of TCPA as spec'ed is to remove my control and
>> make the platform "trusted" to one entity.  That entity has the master
>> key to the TPM.
>> 
>> Now, if the spec says I can install my own key into the TPM, then yes,
>> it is a very useful tool.
>
>Although the outcome _may_ be like this, your understanding of the TPM 
>is seriously flawed - it doesn't prevent your from running whatever you 
>want, but what it does do is allow a remote machine to confirm what you 
>have chosen to run.
>
>It helps to argue from a correct starting point.

I don't understand your objection.  It doesn't look to me like Rosing
said anything incorrect.  Did I miss something?

It doesn't look like he ever claimed that TCPA directly prevents one from
running what you want to; rather, he claimed that its purpose (or effect)
is to reduce his control, to the benefit of others.  His claims appear
to be accurate, according to the best information I've seen.

Re: [CI] Re: Turing thesis(Incompleteness theorom)

[Jim Choate]

On Sun, 11 Aug 2002, gfgs pedo wrote:

> with reference to
> http://www.miskatonic.org/godel.html
> 
> "
> Gödel asks for the program and the circuit design of
> the UTM. The program may be complicated, but it can
> only be finitely long. 

I know of no such requirement in Godel's Theorem, since I didn't write the
above site I can't really address what they meant to say. I would suggest
contacting the author for clarification. It's also worth mentioning that
Godel announced his work in 1931, Turing in 1936. I'd be suspect of any
comment about Godel that had anything to do with TM's in a 'proof'.
'Computabilty' and 'Proof/Consistency' are not equivalent.

All Godel really says is that math, physics, etc. must be taken on -faith-
with regard to 'consistency'. In other words, 'science' is just another
'religion'. The reason is that if you can't prove all statements then any
statement you do 'prove' is suspect because there are statements out there
that -might- express a boundary condition the original proof didn't take
into account. Such statements themselves may be unprovable. This means
that even 'proven' statements aren't -really- 'proven'. It's a 'Scope' problem.

That's why I'm a Pantheist. Einstein was wrong, Hawkings was right. God
not only plays with dice, he sometimes throws them where you can't see
them (ever).


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: On the outright laughability of internet "democracy"

[Anonymous]

On Sat, 10 Aug 2002 17:06:26 -0400, you wrote:
> Go look up discussions on google about cryptographic protocols for
> internet voting. It just ain't possible without the most strict,
> obscene, biometric, draconian, "is a person", non-anonymous methods
> you ever saw.

Sure it is. The measures, if any, taken to insure that the "person" being granted a 
"digital voter registration card" is a 
"qualified voter" can be as lax or as stringent as the issuer may require. There is no 
reason that they would need be more 
stringent than current process, which, in the US, prohibit voter registration staff 
from requiring verification of identity. 
See the "Motor Voter" law.

>
> The point to democracy, in the industrial/agricultural political
> sense, is one man, one vote. One *anonymous* vote.

Except in Chicago, etc., etc.

> On the net,
> paradoxically, that is completely impossible. Votes can be sold.

No different from the current arrangement. Voting in many jurisdictions can be done 
today by mail. How would a digital vote, 
using cryptographic protocols to insure anonymity, and authenticity (the registered 
person who was issued the digital voter 
registration has digitally signed the vote) be less likely to be "sold" than a mailed 
in vote?

And pardon the political comment, but almost all votes are sold now, as in the United 
States the democratic custom has 
declined to using votes essentially to transfer wealth from earners to voting blocs.

> If
> you fix it so that you can't sell votes without forgoing your
> identity -- and thus your freedom -- and physically showing up
> somewhere to vote, or at least proving that you have a device that
> identifies you as a voter in the most immediate terms possible, you
> can sell your vote, anonymously, on the net, for whatever the market
> will bear, and *that* person can *re*sell your vote, and so on, just
> like it was voting rights to a share of stock.

It is quite simpler to do such fraud with mail in votes, or even "buy me a drink and 
I'll vote however you'd like", or "yes, 
this is my pictureless voter registration card, and I'm here to vote".

> That bit of
> cryptographic mobiosity is probably down at the semantic level of
> consistency versus completeness. Somewhere, Goedel and Russell are
> laughing.

A laugh a day keeps the economists away.

>
> The net result, of course, of any kind of truly anonymous internet
> voting, is anarchocapitalism, where people sell their voting control
> over assets, including political "assets", over and over in secondary
> markets, on a continuing basis, in real-time. No political small-d
> democrat (or small-r republican, or small-l libertarian, whatever)
> I've ever heard of would call that a "true" democracy.

The "sold vote" boogeyman".

You need to submit evidence that "anonymous" "internet" voting is more likely to be 
fraudulent than paper, voter-present by 
mail voting. You have submitted none, and the "cryptography" word is insufficient to 
scare me off.

The "bogus digital voter registration" boogeyman.

You may also wish to show how digital voter registration cards would be more likely to 
be bogus than "Motor Voter, no-id 
required" registration cards. Good luck.

The "crypto" boogeyman.

I challenge you to show that current, published crypto voting protocols cannot 
accomplish the following:
1. one digital sig, one vote, the first one, and the others are discarded
2. no dig signature, no vote
3. no dig voter registration, no dig sig
4. anonymity, i.e., no connectibility between the voter's choice and his identity.
5. auditability, i.e., connection between each voting "lever throw" and a dig sig for 
the current vote.

Next, the "internet" boogeyman.

It's just a pipe/wire/whatever. Bits. Don't be afraid. If the bits are properly 
signed, no problem and whether "internet" 
bits or voter-machine-punched-paper-tape-bits is irrelevant.

Re: [dgc.chat] free?

[R. A. Hettinga]

--- begin forwarded text


Status: RO
Date: Sun, 11 Aug 2002 03:33:37 -0400
To: <[EMAIL PROTECTED]>
From: "R. A. Hettinga" <[EMAIL PROTECTED]>
Subject: Re: [dgc.chat] free?
Cc: Digital Bearer Settlement List <[EMAIL PROTECTED]>


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 3:36 PM +1000 8/11/02, David Hillary wrote:
> I think that tax havens such as the Cayman Islands should be ranked
> among the freest in the world. No taxes on business or individuals
> for a start. Great environment for banking and commerce. Good
> protection of property rights. Small non-interventionist
> government.

Clearly you've never met "Triumph", the Fabulous Crotch-Sniffing
Caymanian Customs Wonder Dog at extreme close range, or heard the
story about the expat's college age kid, actually born on Cayman, who
was literally exiled from the island when the island constabulary
"discovered" a marijuana seed or three in his summer-break rental car
a few years back.

I mean, his old man was some senior cheese at Global Crossing at the
time, but this was back when they could do no wrong. If that's what
they did to *his* kid, imagine what some poor former
junk-bond-hustler might have to deal with someday for, say, the odd
unauthorized Cuban nightlife excursion. A discretely folded twenty
keeps the stamp off your passport on the ground in Havana, and a
bottle of Maker's Mark goes a long way towards some interesting
nocturnal diversion when you get there and all, but still, you can't
help thinking that Uncle's going to come a-knockin', and that Cayman
van's going to stop rockin' some day, and when it does, it ain't
gonna be pretty.


Closer to home, conceptually at least, a couple of cryptogeeken were
hustled off and strip-searched, on the spot, when they landed on
Grand Cayman for the Financial Cryptography conference there a couple
of years ago. Like lots of cypherpunks, these guys were active
shooters in the Bay Area, and they had stopped in Jamaica, Mon, for a
few days on the way to Grand Cayman. Because they, and their stuff,
reeked on both counts, they were given complementary colorectal
examinations and an entertaining game of 20 questions, or two,
courtesy of the Caymanian Federales, after the obligatory fun and
games with a then-snarling Crotch-Sniffing Caymanian Wonder Dog.
Heck, I had to completely unpack *all* my stuff for a nice, well-fed
Caymanian customs lady just to get *out* of the country when I left.


Besides, tax havens are being increasingly constrained as to their
activities these days, because they cost the larger nation-states too
much in the way of "escaped" "revenue", or at least the perception of
same in the local "free" press. Obviously, if your money "there"
isn't exchangeable into your money "here", it kind of defeats the
purpose of keeping your money "there" in the first place, giving
folks like FinCEN lots of leverage when financial treaties come up
for renegotiation due to changes in technology, like on-line
credit-card and securities clearing, or the odd governmental or
quango re-org, like they are wont to do increasingly in the EU, and
the US.

As a result, the veil of secrecy went in Switzerland quite a while
ago. The recent holocaust deposit thing was just the bride and groom
on that particular wedding-cake, and, as goes Switzerland, so goes
Luxembourg, and of course Lichtenstein, which itself is usually
accessible only through Switzerland. Finally, of course, the Caymans
themselves will cough up depositor lists whenever Uncle comes calling
about one thing or another on an increasingly longer list of fishing
pretexts.

At this point, the "legal", state-backed pecuniary privacy pickings
are kind of thin on the ground. I mean, I'm not sure I'd like to keep
my money in, say, Vanuatu. Would you? Remember, this is a place where
a bandana hanging on a string across an otherwise public road will
close it down until the local erst-cannibal hunter-gatherer turned
statutorily-permanent landowner figures out just what his new or
imagined property rights are this afternoon.


The point is, any cypherpunk worth his salt will tell you that only
solution to financial or any other, privacy, is to make private
transactions on the net, cheaper, and more secure, than "transparent"
transactions currently are in meatspace. Then things get *real*
interesting, and financial privacy -- and considerably more personal
freedom -- will just be the icing on the wedding cake. Bride and
groom action figures sold separately, of course.

Cheers,
RAH
(Who went to FC2K at the Grand Cayman Marriott in February that year.
Nice place, I liked Anguilla better though, at least at the time, and
I haven't been back to either since. The beaches are certainly better
in Anguilla, and the "private" banking system there is probably just
as porous as Cayman's is, by this point. If I were to pick up and
move Somewhere Free outside Your Friendly Neighborhood Unipolar
Superpower, New Zealand is somewhere near the top of my list, and
Chile would b

Re: CDR: Re: Challenge to TCPA/Palladium detractors

[Jim Choate]

On Sun, 11 Aug 2002, Russell Nelson wrote:

> AARG!Anonymous writes:
>  > I'd like the Palladium/TCPA critics to offer an alternative proposal
>  > for achieving the following technical goal:
>  > 
>  >   Allow computers separated on the internet to cooperate and share data
>  >   and computations such that no one can get access to the data outside
>  >   the limitations and rules imposed by the applications.
> 
> Can't be done.  I don't have time to go into ALL the reasons.
> Fortunately for me, any one reason is sufficient.  #1: it's all about
> the economics.

Complete noise. Not only can it be done, it is being done.

Plan 9 has a namespace that is -per processs-, each process is distributed
(via a bidding process), and the process owner can be anonymized (though
this takes some extension beyond the base OS).

http://plan9.bell-labs.com


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: CDR: On the outright laughability of internet "democracy"

[Jim Choate]

On Sat, 10 Aug 2002, R. A. Hettinga wrote:

> The point to democracy, in the industrial/agricultural political
> sense, is one man, one vote. One *anonymous* vote. On the net,

Complete and udder (as in cow piss) nonesense. There is -nothing- in the
concept of democratic representation that involves anonymity at -any-
point. Each person gets a vote, what that vote is must be unknown (not
anonymous).

Your thinking is as muddled as usual.


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: Thanks, Lucky, for helping to kill gnutella (fwd)

[R. A. Hettinga]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 9:15 AM +0200 on 8/10/02, Eugen Leitl wrote:


> I don't try to filter, but to join several sources. Anonymous is an
> idiot,  but at least an intelligent one. I can't leave him out
> without creating a  skewed picture of what is going on.

No offense meant, of course.

To make sure I don't miss stuff like that is why I subscribe to your
list anyway, even though I'm also subscribed to most of your sources.
It is also why I was glad you caught something he said that
confirmed, precisely, why he's still in my killfile. :-). I don't
need to raise my blood pressure more than necessary.

[Ob Cypherpunks: Seriously, folks. How clueful can someone be who
clearly doesn't know how to use more than one remailer hop, as proven
by the fact that he's always coming out of the *same* remailer all
the time? Even more important, nobody *else* uses that remailer,
which is why killfiling the idiot works so well to begin with...]

Anyway, on this list in particular, I've found that what any number
of smart people say about what the idiot du jour says is much more
interesting than what the actual idiot says himself, which is why he
can safely reside in a killfile.

(Having said more than my share of stupid things here myself in 8
years here, and being no stranger to the odd killfile myself :-), I'm
sure lots of peoples' irony meters are pegged, but, by definition,
those folks can go fuck themselves, I figure. :-).)

Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGP 7.5

iQA/AwUBPVV2YsPxH8jf3ohaEQI0mQCeIvBppfM6c2HfCQAyjlLn3w0UCfkAoIA8
NObxG1Bk8BPLraIx3LrjnJbL
=dg+p
-END PGP SIGNATURE-

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Thanks, Lucky, for helping to kill gnutella

[Sean Smith]

Actually, our group at Dartmouth has an NSF "Trusted Computing"
grant to do this, using the IBM 4758 (probably with a different
OS) as the hardware.   

We've been calling the project "Marianas", since it involves a chain of
islands.

--Sean

>If only there were a technology in which clients could verify and yes,
>even trust, each other remotely.  Some way in which a digital certificate
>on a program could actually be verified, perhaps by some kind of remote,
>trusted hardware device.  This way you could know that a remote system was
>actually running a well-behaved client before admitting it to the net.
>This would protect Gnutella from not only the kind of opportunistic
>misbehavior seen today, but the future floods, attacks and DOSing which
>will be launched in earnest once the content companies get serious about
>taking this network down.










-- 
Sean W. Smith, Ph.D. [EMAIL PROTECTED]   
http://www.cs.dartmouth.edu/~sws/   (has ssl link to pgp key)
Department of Computer Science, Dartmouth College, Hanover NH USA

Re: Thanks, Lucky, for helping to kill gnutella (fwd)

[R. A. Hettinga]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 4:12 AM + on 8/11/02, David Wagner wrote:


> I hope I don't need to point out that always using the same exit
> remailer does *not* prove that he is using just one hop.  One can
> hold the exit remailer fixed while varying other hops in the path.
> Your question seems to be based on a mistaken assumption about how
> remailers work.

Sorry to give that impression, and, as much as I respect you, and
James Donald, who also makes the same assertion about me, both of you
would be wrong in assuming that I don't know how remailers work, at
least in principle. While I haven't ever built a remailer, I *have*
used them on occasion, and I did edit Sameer Parekh's excellent
introduction to anonymous remailers for one of the first issues of
First Monday, when I was on the editorial board there in the middle
1990's.


That said, I would be willing to bet a (very :-)) nominal amount that
the esteemed Mr. AAARG! is, or was, in fact, using one hop, at most,
though to prove the bet out would be difficult thing to do.

In fact, to add further insult to his street cred, or at least kick
some dust on his patent-leather penny-loafers, I wouldn't be
surprised if the remailer is his own, though that would probably be
too stupid even for him to do, and I'm not going to waste my time
rooting out, even at a first pass, who runs the AAARG! remailer. I
just say I wouldn't be surprised, is all. :-).


At the foundation, then, my point is still the same one that I
started with: the same, well, idiots, tend use the same outbound
remailer hops, usually to the exclusion of all other remailer nodes,
and, oddly enough, to the exclusion of all other users of that
particular remailer. It becomes quite easy then to filter them out,
which is, frankly, nice, at least as far as I'm concerned. Besides
Mr. AAARG!, another user of a certain Austrian remailer node comes to
mind. Both of those gentlemen, if I were to only charitably call them
such, do not vary their output remailers, much less do other
potentially clueful things, like actually sign their messages, for
instance.


Obviously all this might have to do with finding enough working
remailers to string together, and, of course, the lack of genuinely
any easy to use mixmaster clients out there, even now, and not for
actually trying, using a whole bunch of money in a couple of cases. I
suppose, given the use of lots of remailers as a platform to heckle
ostensibly reasonable discussion from the back benches, if not to
actually stalk online and send poison-pen email, it's easy to find
their difficulty of use a blessing; though like most people who care
about such things, it doesn't help the cause of ubiquitous internet
privacy too much. Maybe we need cash, or something. Someday. :-).



Ultimately, I think it boils down to genuine gall. If someone like
Mr. AAARG! would actually endeavor to instruct the residents of the
cryptography list, or even cypherpunks :-), of the utility of shoving
a particularly egregious bit of technological emetic down our
collective throats, or even the throat of the general public, one
would think he would have a better clue about remailer hygiene when
he treated us to his current round of venturi-vaporised drivel.

So, Mr. AARG! is, probably, just some advanced-degree moke who works
at Intel, or is a Waveoid, or other such Wintel digital "rights"
"management" IP-control fellow traveller, and, given the paucity of
his nocturnal emissions from behind the Great Oz's Green Velvet
Curtain, or, better, the elementary answers people here are forced to
use to explain more rudimentary things than remailer operations to
him, probably helps me, just a smidge, with my assertion about his
probable clueless use of the remailer network.


Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGP 7.5

iQA/AwUBPVX8J8PxH8jf3ohaEQJ0MgCgv3PLVPALWxBzYhkTfINn8jC3WkoAoJ+g
nkXbBBPv5oaQVL4qTSP+T0Fu
=zqRj
-END PGP SIGNATURE-

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

RE: Seth on TCPA at Defcon/Usenix

[Lucky Green]

David wrote:
> AARG! Anonymous  wrote:
> >His description of how the Document Revocation List could work is 
> >interesting as well.  Basically you would have to connect to 
> a server 
> >every time you wanted to read a document, in order to 
> download a key to 
> >unlock it.  Then if "someone" decided that the document needed to 
> >un-exist, they would arrange for the server no longer to 
> download that 
> >key, and the document would effectively be deleted, everywhere.
> 
> Well, sure.  It's certainly how I had always envisioned one 
> might build a secure Document Revocation List using TCPA or 
> Palladium.  I didn't realize this sort of thing would need 
> explaining; I assumed it would be obvious to cypherpunk 
> types.  But I'm glad this risk is now clear.

To ensure priority for my Monday filings, I must point out at this time
that while AARG and David's methods of implementing a DRL are certainly
feasible, I believe a preferred method of implementing a DRL would be to
utilize features offered by an infrastructure, such as Palladium, that
supports time-limited documents: rather than requiring online access
whenever the document is attempted to be displayed, the document's
display permissions would be renewed periodically. If the display
software misses one or more updates, the document display software will
cease to display the document.

BTW, does anybody here know if there is still an email time stamping
server in operation? The references that I found to such servers appear
to be dead.

Thanks,
--Lucky

Re: Thanks, Lucky, for helping to kill gnutella

[R. A. Hettinga]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm genuinely sorry, but I couldn't resist this...

At 12:35 PM -0400 on 8/11/02, Sean Smith wrote:


> Actually, our group at Dartmouth has an NSF "Trusted Computing"
> grant to do this, using the IBM 4758 (probably with a different
> OS) as the hardware.
>
> We've been calling the project "Marianas", since it involves a
> chain of islands.

...and not the world's deepest hole, sitting right next door?

;-)

Cheers,
RAH



> --Sean
>
>>If only there were a technology in which clients could verify and
>>yes, even trust, each other remotely.  Some way in which a digital
>>certificate on a program could actually be verified, perhaps by
>>some kind of remote, trusted hardware device.  This way you could
>>know that a remote system was actually running a well-behaved
>>client before admitting it to the net. This would protect Gnutella
>>from not only the kind of opportunistic misbehavior seen today, but
>>the future floods, attacks and DOSing which will be launched in
>>earnest once the content companies get serious about taking this
>>network down.

-BEGIN PGP SIGNATURE-
Version: PGP 7.5

iQA/AwUBPVafIMPxH8jf3ohaEQIdeACgjD/TkZ2aCzYLwT3hM0nqyU9lZf0An1I4
UHx4YfvVVkNcVcr+5Ambi4Md
=huDN
-END PGP SIGNATURE-

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Seth on TCPA at Defcon/Usenix

[Joseph Ashwood]

- Original Message -
From: "AARG! Anonymous" <[EMAIL PROTECTED]>
[brief description of Document Revocation List]

>Seth's scheme doesn't rely on TCPA/Palladium.

Actually it does, in order to make it valuable. Without a hardware assist,
the attack works like this:
Hack your software (which is in many ways almost trivial) to reveal it's
private key.
Watch the protocol.
Decrypt protocol
Grab decryption key
use decryption key
problem solved

With hardware assist, trusted software, and a trusted execution environment
it (doesn't) work like this:
Hack you software.
DOH! the software won't run
revert back to the stored software.
Hack the hardware (extremely difficult).
Virtualize the hardware at a second layer, using the grabbed private key
Hack the software
Watch the protocol.
Decrypt protocol
Grab decryption key
use decryption key
Once the file is released the server revokes all trust in your client,
effectively removing all files from your computer that you have not
decrypted yet
problem solved? only for valuable files

Of course if you could find some way to disguise which source was hacked,
things change.

Now about the claim that MS Word would not have this "feature." It almost
certainly would. The reason being that business customers are of particular
interest to MS, since they supply a large portion of the money for Word (and
everything else). Businesses would want to be able to configure their
network in such a way that critical business information couldn't be leaked
to the outside world. Of course this removes the advertising path of
conveniently leaking carefully constructed documents to the world, but for
many companies that is a trivial loss.
Joe

Re: On the outright laughability of internet "democracy"

[R. A. Hettinga]

At 4:35 PM +0200 on 8/11/02, Anonymous wrote:


> Next, the "internet" boogeyman.

Nope. Just the clueless "only knows one austrian remailer" boogeyman. Watch
me make him go away:

<*Plonk!*>

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Seth on TCPA at Defcon/Usenix

[David Wagner]

AARG! Anonymous  wrote:
>His description of how the Document Revocation List could work is
>interesting as well.  Basically you would have to connect to a server
>every time you wanted to read a document, in order to download a key
>to unlock it.  Then if "someone" decided that the document needed
>to un-exist, they would arrange for the server no longer to download
>that key, and the document would effectively be deleted, everywhere.

Well, sure.  It's certainly how I had always envisioned one might build
a secure Document Revocation List using TCPA or Palladium.  I didn't
realize this sort of thing would need explaining; I assumed it would be
obvious to cypherpunk types.  But I'm glad this risk is now clear.

Note also that Document Revocation List functionality could arise
without any intent to create it.  Application developers might implement
this "connect to a server" feature to enforce some seemingly innocuous
function, like enforcing software licenses and preventing piracy.  Then,
after the application has been deployed with this innocuous feature,
someone else might eventually notice that it could also be used for
document revocation.  Thus, Document Revocation List functionality could
easily become widespread without anyone realizing it or intending it.
This is a risk we should make think about now, rather than after it is
too late.

Re: Thanks, Lucky, for helping to kill gnutella

[Paul Crowley]

AARG!Anonymous <[EMAIL PROTECTED]> writes:

> Be sure and send a note to the Gnutella people reminding them of all
> you're doing for them, okay, Lucky?

Do the Gnutella people share your feelings on this matter?  I'd be
surprised.
-- 
  __  Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.ciphergoth.org/

Re: Challenge to TCPA/Palladium detractors

[lynn . wheeler]

oops, finger slip that should be
http://www.garlic.com/~lynn/2001h.html#61 security proportional to risk

aka 2001h.html not 2002h.html 

[EMAIL PROTECTED] on 8/10/2002 11:25 pm wrote:

small discussion of security proportional to risk:
http://www.garlic.com/~lynn/2002h.html#61 security proportional to risk

On the outright laughability of internet "democracy"

[R. A. Hettinga]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

(was Re: [dgc.chat] Re: [e-gold-list] Re: Thanks to Ragnar/Planetgold
and Stefan/TGC)

At 12:53 PM +0200 on 8/10/02, Arik Schenkler wrote:


> Internet voting, IMHO, will bring true democracy rather than a
> representatives democracy.

Well, that's just plain wrong.

Go look up discussions on google about cryptographic protocols for
internet voting. It just ain't possible without the most strict,
obscene, biometric, draconian, "is a person", non-anonymous methods
you ever saw. Lions, tigers, and precious bodily fluids, boys and
girls.

The point to democracy, in the industrial/agricultural political
sense, is one man, one vote. One *anonymous* vote. On the net,
paradoxically, that is completely impossible. Votes can be sold. If
you fix it so that you can't sell votes without forgoing your
identity -- and thus your freedom -- and physically showing up
somewhere to vote, or at least proving that you have a device that
identifies you as a voter in the most immediate terms possible, you
can sell your vote, anonymously, on the net, for whatever the market
will bear, and *that* person can *re*sell your vote, and so on, just
like it was voting rights to a share of stock. That bit of
cryptographic mobiosity is probably down at the semantic level of
consistency versus completeness. Somewhere, Goedel and Russell are
laughing.

The net result, of course, of any kind of truly anonymous internet
voting, is anarchocapitalism, where people sell their voting control
over assets, including political "assets", over and over in secondary
markets, on a continuing basis, in real-time. No political small-d
democrat (or small-r republican, or small-l libertarian, whatever)
I've ever heard of would call that a "true" democracy.

That particular prospect has anarchocapitalists, and
crypto-anarchists, out at the bar, buying both Herr Professor Goedel
and Lord Russell a beer or two...

Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGP 7.5

iQA/AwUBPVWANsPxH8jf3ohaEQLSXwCg7ohcz+ZCxGsX86HQSXFJHK3OOD8AoJAW
8doH9VU+LyGdpZ4x6zmz74Bv
=G4Fp
-END PGP SIGNATURE-

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Thanks, Lucky, for helping to kill gnutella (fwd)

[James A. Donald]

--
On 10 Aug 2002 at 16:25, R. A. Hettinga wrote:
> [Ob Cypherpunks: Seriously, folks. How clueful can someone be 
> who clearly doesn't know how to use more than one remailer hop, 
> as proven by the fact that he's always coming out of the *same* 
> remailer all the time?

The fact that he uses a constant exit remailer does not show that 
he is using a single hop.

I always come out of the same remailer at the end, even though I 
always use about three randomly selected remailers between myself 
and the constant exit remailer.  I always select the same end 
remailer to avoid confusing the audience, and I selected a less 
used exit remailer for the same reason. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 c3w9s36+CG9NnfBCbV9lBPm1GKPtff16r/hBMRj2
 2ZIqRKb9UCTCvlWhGVeGUb1eknPEG0ynX12OrTTXM

FAQ: How will Microsoft respond to Lucky's patent application?

[Lucky Green]

I have received numerous questions in conversations and interviews over
the last few days as to what I believe Microsoft's response will be to
my recent patent application for methods that utilize Palladium and
operating systems built on top of TCPA to assist in the fight against
software piracy.

Rather than continuing to repeat the same answers in conversations, I
will simply make the answers available to the lists. Obviously, the
following is my personal opinion. I don't profess to speak for
Microsoft.

Allow me to first outline some principles of how patents work in the
U.S. Note that I am not a member of the federal Patent Bar and as such
the following is simply my limited understanding of the process and
should not be construed as legal advice.

For a patent to be valid in the U.S., the idea to be patented must offer
utility, be novel, and be non-obvious. I will address the three
requirements as I believe they apply to my patent application in turn:

Utility: According to the Business Software Alliance's website, in the
financial loss to U.S. society due to software piracy in the year 2000
alone amounted to a staggering USD 7.2 billion. I therefore don't
believe it can be reasonably argued that methods that may help reduce
the level of software piracy lack utility. In particular, I don't
anticipate Microsoft to argue that protections against software piracy
that assist in the enforcement of licensing agreements lack utility.

Novelty: As I mentioned in my earlier post, Peter Biddle, Product Unit
Manager for Palladium, very publicly and unambiguously stated during
Wednesday's panel at the USENIX Security conference that the Palladium
team, despite having been asked by Microsoft's anti-piracy groups for
methods by which Palladium could assist in the fight against software
piracy, knows of no way in which Palladium can be utilized to assist
this end. Peter after the panel asked Brian LaMacchia, a well-known
security expert with Microsoft, who was present but not on the panel, if
he knew of a way to utilize Palladium to assist in the enforcement of
software licenses. Brian did not respond with a solution. (At that time
I briefly mentioned to both one of the methods in which I believe
Palladium can be used to assist in the fight against software piracy).

Peter, who obviously would have been aware of all such methods were they
known to the Palladium team, struck me as a forthcoming guy. While I
will readily admit that the impression I gained of the person over the
two hours I interacted with Peter may carry little weight with those
that consider the words Microsoft and honesty to be mutually exclusive,
I would like to point out the following:

If Microsoft, after so publicly denying any knowledge of ways to use
Palladium to assist in the enforcement of application software licenses
to an audience representing a veritable who's who of computer security
and related public policy (the attendees ranged from Whit Diffie to Pam
Samuelson), were to - after my filing for a patent - suddenly assert
prior art, neither the attendees, nor the press, nor the public would
take kindly to having been so deliberately misled by Microsoft.

The likely result would be that Palladium will lose what limited support
the initiative may have at this time. I suspect that even somebody that
may have a low opinion of Microsoft will agree that Microsoft is not as
stupid as to play such a dangerous and losing game.

I was asked the next day at USENIX if Microsoft could not simply claim
prior art when in fact they had none at the time my invention was made.
I would like to reiterate my points made above and add that such claims
would need to be filed under oath. Whatever one's opinion of Microsoft
may be, I doubt that the salaries paid in Redmond are sufficiently large
to goad a mid-level employee into committing perjury.

Lastly, it does not matter for the above analysis if any supposed prior
art were to  be claimed to be created by Microsoft or third parties. It
is simply inconceivable that the scientific members of the Palladium
team would have been unaware of any such prior art given the their many
years on the project and the thorough research they engaged in as
evidenced by the lengthy DRM OS patent. If prior art existed, the
Palladium team would unquestionably have known about it and thus been
able to tell their anti-piracy group and the attendees at USENIX about
methods to utilize Palladium as a tool in the fight against software
piracy. Since they did not, the reasonable conclusion is that no such
prior art exists.

Obviousness: In the interest of brevity, I will simply state that if the
Palladium team has not thought of such methods in the years they worked
the project every day, the methods mentioned in my patent application
cannot conceivably be considered obvious.

In summary, at this time I am not aware of any grounds on which
Microsoft could challenge my patent once/if it will be issued. I
therefore currently do not ant

RE: Challenge to David Wagner on TCPA

[Jim Choate]

On Sat, 10 Aug 2002, Russell Nelson wrote:

> I agree that it's irrelevant.  So why is he trying to argue from
> authority (always a fallacy anyway) without *even* having any way to
> prove that he is that authority?

What has 'authority' got to do with it? Arguments from authority are
-worthless-. Make up your own mind as to its validity, who cares about
their 'proof'.

-Who- is irrelevant. What damns his argument -is- his appeal to
-authority-. Anyone who bases their argument on 'He said...' has already
lost the discussion and invalidated any point they might make. It's one of
the primary fallacies of (for example) Tim May and his consistent appeal
to who he knows or what 'they' said.

We agree, what I don't understand is why you keep expecting that dead
horse to get up...keep asking those damning questions ;)


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: Thanks, Lucky, for helping to kill gnutella

[R. Hirschfeld]

> Date: Sat, 10 Aug 2002 16:42:52 +0200 (CEST)
> From: Eugen Leitl <[EMAIL PROTECTED]>
> 
> > Calling Lucky a liar is no more illuminating than others calling you
> > an idiot.
> 
> You're confusing a classification for an argument. The argument is over. 
> You can read it up in the archives. If you think there's still anything 
> left to discuss, I've got these plans of the Death Star I could sell 
> you...

I took a look at the archives as you suggested.  If it matters to you,
I wasn't referring to your classification of Anonymous as an idiot
(which I hadn't seen because it wasn't sent to the cryptography list),
but rather to an earlier comment ("Wow.  You must really be an
idiot.") from somebody else.  Looking back at that message, it appears
that it was sent to the cryptography list but not to cypherpunks.

Discussion about TCPA/Pd continues, and I hope that disagreements
needn't degenerate into name-calling.

Re: Challenge to TCPA/Palladium detractors

[Eugen Leitl]

On Sat, 10 Aug 2002, R. Hirschfeld wrote:

> A trivial observation: this cannot be true across hardware platforms.

Untrue, just use a VM. Open Boot Forth would do nicely.

> TCPA claims to be "platform and OS agnostic", but Palladium does not.

Have fun in that there tarpit.

RE: Challenge to David Wagner on TCPA

[Jim Choate]

On Mon, 5 Aug 2002, Russell Nelson wrote:

> AARG!Anonymous writes:
>  > So don't read too much into the fact that a bunch of anonymous postings
>  > have suddenly started appearing from one particular remailer.  For your
>  > information, I have sent over 400 anonymous messages in the past year
>  > to cypherpunks, coderpunks, sci.crypt and the cryptography list (35
>  > of them on TCPA related topics).
> 
> We have, of course, no way to verify this fact, since your messages
> are not cryptographically signed.  For someone who claims to be
> knowledgable about cryptography, this seems like a suspicious omission.

Bullshit Russ, plausable deniability alone justifies such behaviour.

Who sent them is irrelevant except to cultists of personality (eg CACL
adherents).

Base your analysis on facts and experiment.


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: Thanks, Lucky, for helping to kill gnutella

[Pete Chown]

Anonymous wrote:

> As far as Freenet and MojoNation, we all know that the latter shut down,
> probably in part because the attempted traffic-control mechanisms made
> the whole network so unwieldy that it never worked.

Right, so let's solve this problem.  Palladium/TCPA solves the problem
in one sense, but in a very inconvenient way.  First of all, they stop
you running a client which has been modified in any way -- not just a
client which has been modified to be selfish.  Secondly, they facilitate
the other bad things which have been raised on this list.

> Right, as if my normal style has been so effective.  Not one person has
> given me the least support in my efforts to explain the truth about TCPA
> and Palladium.

The reason for that is that we all disagree with you.  I'm interested to
read your opinions, but I will argue against you.  I'm not interested in
reading flames at all.

-- 
Pete

SSZ: Extended Downtime

[Jim Choate]

Hi,

SSZ will be down starting about Thu., Aug. 22 in the late evening, through
Sunday, Aug. 25. in the morning.

We apologize for the disruption, it was rather unexpected and there is
nothing we can do to avoid it.


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: On alliances and enemies.

[Jim Choate]

On Thu, 8 Aug 2002, cubic-dog wrote:

> I don't see Stalin/Hitler, I see;
> 
> Standard Oil/
> Department of Transporation/
> Interstate Commerce Commission)
> General Motors/
> Ford/
> and so forth.

It's worth noting that the first two wouldn't have had near the impact
they did if not for the help from entities like the later.

You draw a false distinction.


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: It won't happen here (was Re: TCPA/Palladium -- likely future implications)

[Jim Choate]

On Sat, 10 Aug 2002, Marcel Popescu wrote:

> Now I know the general opinion of AARG, and I can't say I much disagree. But
> I want to comment on something else here, which I find to be a common trait
> with US citizens: "it can't happen here". The Chinese gov't can do anything
> they like, because any citizen who would try to "keep watch" would find
> himself shot. What basic law of the universe says that this can't happen in
> the US? What exactly will prevent them, 10 years from now, to say
> "compelling state interests require that we get to do whatever we want with
> the little box"? You already have an official "gov't against 1st ammendment"
> policy, from what I've read.

Voting, Culture, 2nd Amendment, and the general character of America. Look
up 'Deguello' and 'Red Flag' for further examples. You might also look
into the quote by D.H. Lawrence about what Americans are fundamentally.

Consider, the -civilian- population of Texas alone is the 7th largest
armed force on the planet. Try to take those guns away. Without that you
aren't going to -make- them do anything. Authority is -always- given,
never taken.

Americans are no mans 'nigger', not even another Americans.

You read wrong. Don't confuse a bunch of assholes with temporary power
with the 'Government of the US', and don't confuse 'Government of the US'
with the 'United States of America' or 'The People'.

Go read the first two para's of the DoI for more.


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: responding to claims about TCPA

[Steve Schear]

At 04:02 AM 8/10/2002 -0700, John Gilmore wrote:

>"The transaction"?  What transaction?  They were talking about the
>owner getting reliable reporting on the security of their applications
>and OS's and -- uh -- oh yeah, buying music or video over the Internet.
>
>Part of their misleading technique has apparently been to present no
>clear layman's explanations of the actual workings of the technology.
>There's a huge gap between the appealing marketing sound bites -- or
>FAQ lies -- and the deliberately dry and uneducational 400-page
>technical specs.  My own judgement is that this is probably
>deliberate, since if the public had an accurate 20-page document that
>explained how this stuff works and what it is good for, they would
>reject the tech instantly.
>
>Perhaps we in the community should write such a document.  Lucky and
>Adam Back seem to be working towards it.  The similar document about
>key-escrow (that CDT published after assembling a panel of experts
>including me, Whit, and Matt Blaze) was quite useful in explaining to
>lay people and Congressmen what was wrong with it.  NSA/DoJ had
>trouble countering it, since it was based on the published facts, and
>they couldn't impugn the credentials of the authors, nor the
>document's internal reasoning.

Indeed.  Another item I recall from Lucky's Defcon talk is that (I assume) 
Intel are back at it when it comes to obfuscated crypto.  Like the Pentium 
RNG before it, the TPCA HW will only expose a whitened version making 
independent analysis difficult-impossible.

   steve

Re: responding to claims about TCPA

[Derek Atkins]

AARG!Anonymous <[EMAIL PROTECTED]> writes:

> I don't agree with this distinction.  If I use a smart card chip that
> has a private key on it that won't come off, is that protecting me from
> third parties, or vice versa?  If I run a TCPA-enhanced Gnutella that

Who owns the key?  If you bought the smartcard, you generated the key
yourself on the smartcard, and you control it, then it is probably
benefitting you.  If the smartcard came preprogrammed with a
certificate from the manufacturer, then I would say that it is
protecting the third party from you.

> I wrote earlier that if people were honest, trusted computing would not
> be necessary, because they would keep their promises.  Trusted computing
> allows people to prove to remote users that they will behave honestly.
> How does that fit into your dichotomy?  Society has evolved a myriad

The difference is proving that you are being honest to someone else
vs. an application proving to YOU that it is being honest.  Again, it
is a question of ownership.  There is the DRM side (you proving to
someone else that you are being honest) vs. Virus Protection (an
application proving to _you_ that it is being honest).

-derek

-- 
   Derek Atkins
   Computer and Internet Security Consultant
   [EMAIL PROTECTED] www.ihtfp.com