Re: PKI root signing ceremony, etc.

2003-12-14 Thread Dave Howe
Rich Salz wrote:
>> *shrug* it doesn't retroactively enforce the safety net - but that's
>> ok, most MS products don't either :)
> The whole point is to enhance common practice, not stay at the lowest
> common denominator.
If someone has *already* issued a certificate - and ignored the CA flag - is
it part of the software's duty to somehow point this out to you? But
regardless, as this only applies to imported keys you would never actually
see it in Real Life (tm)

>> Key management and auditing is pretty much external to the actual
>> software regardless of which solution you use I would have thought.
> You'd be wrong. :)  I did just download and use XCA for a little bit.
> It's practically impossible to audit.  Every key in the database is
> protected with the same password.
um, this is a **CA** - you have *one* key in the database, your CA key. It
is bad practice to generate the keys on the CA machine and transport them to
the server they will be used on - instead, the Cert request should be
generated on the end-use machine, and the *request* transported to the CA,
signed, and the certificate returned. That way, the private key never leaves
the machine it was generated for and used on, and is protected by its own
password.

> The system ask for the password
> as soon as it starts up.  If I leave the program running while
> I leave my computer, I'm screwed.
Then don't leave it running. If you got out of your car but left the engine
running, and somebody stole the car, would you blame the design of the car?

> The key-holder isn't asked to
> confirm each signing -- there's no *ceremony* -- and they never
> enter the password after the program starts.  For any kind of root
> these are all very bad.
This is just fine for a root - the root acquires 'n' signing requests, opens
the program, signs or rejects the requests as appropriate, then closes the
program.  It is not the duty of the CA to generate keys or enter certificate
information - that is the requestor's problem, which he can do with the
tools appropriate to his machine (openssl on almost anything, the built in
keygen in IIS and several other webservers, and so forth. I am actually
disappointed in XCA (compared to the earlier but awkward to set up OpenCA
project) in that no browser-accessable request interface is provided. of
course XCA is compatable with importing requests made from OpenCA, and
exporting them back into an openCA "pickup" dir. but really it would be
nice to be compatable with the interface most key requestors are used to.

> XCA is pretty nice for a Level-2 or small Level-1 CA.  The template
> management, etc., is pretty good.  (Having them tied to the key
> database, and having the keys be unlocked while making cert requests,
> are both real bad ideas, however.)
There is no mystical value in having to type a key lots of times. I was just
pointing out what other options are out there (I would have pointed out
EBCrypt as well, which appears better suited to your current ritual, but its
website seems to have vanished)



Re: Don't worry...it's just one of Saddam's doubles

2003-12-14 Thread Tim May
On Dec 14, 2003, at 6:33 PM, Thomas Shaddack wrote:

On Sun, 14 Dec 2003, Tyler Durden wrote:

Spread the word. The adminstration got desparate. In a few weeks 
they'll
announce this isn't the real Saddam, but that rounding up all of the 
clones
is necessary progress in the fight to get the real Saddam.
If I don't remember incorrectly, they said something about identifying 
him
by DNA testing. But it wasn't widely quoted in the mainstream news.
How boring. The DNA confirmation was reported on all of the puppet news 
organizations here.

The Germans and Eastern Europeans, being mostly opposed to the war, 
probably just buried the confirmation.

The Czech Republic supported the war, and sent troops, and now that 
Saddam has been captured, both of them will be returning home, with 
medals.

--Tim May



Re: cpunk-like meeting report

2003-12-14 Thread proclus
Hi, I've been admiring your and Tim's contributions, and I was wondering if
either of you were planning to subscribe to the (new) news list.

http://lists.cryptnet.net/mailman/listinfo/cpunx-news

Be sure and check the archive before posting.  It is still small.

Otherwise, if anyone could recommend additional good sources for
cypherpunk-related news, I'd be very grateful, because I don't feel
right about cross-posting news items to cypherpunks list.  I'm already
subscribed to the Cryptome rdf channel, Politech, and GNU-Darwin of
course.  I don't think I'm interesting enough for Interesting
People ;-}.  Please feel free to write back to me on- or off-list
for whatever reason you like.

Regards,
proclus
http://www.gnu-darwin.org/



On 14 Dec, Major Variola (ret.) wrote:
> 
> I went to a meeting of the Irvine Underground (irvineunderground.org)
> which reminded me of late-90s SF CP meatings.  Although the overall
> tech level was probably lower and social implications weren't a big
> topic.
> Also, at this meeting, there were far more cameras or videocams than
> were present (at least overtly :-) at the few CP meats I attended.
> However,
> nyms were used more than they were (overtly :-) at CP meatings; this may
> 
> have been due to a "introduce yourself" poll.  The IU
> group seems to be a bit more social, going to movies for instance, than
> the
> topic-only CPs were.  The meeting was held in a room at an IHOP (pancake
> restaurant
> for furriners)
> 
> The exploit mentioned in
> http://www.usatoday.com/tech/news/2003-12-11-microsoft2_x.htm
> was demonstrated, we were debriefed on the recent LA 802.11b War Flying
> mission
> (and the EMI resistance of 1960's era single-engine airplane instruments
> :-).
> Toorcon organizers were present.  About 30+ people
> were there, with what appeared to me to be a bimodal distribution of
> skills,
> some advanced, some admitted unix newbies, etc.  There was even
> recreational
> lock picking.  A WiFi LAN, net connectivity through someone's cell phone
> eventually.
> A video projector.
> 
> I didn't notice persons with exceptional Euler numbers,
> though black was definately the color of choice for garments.  Ages
> appeared
> well distributed from undergrad to hoary.  One gent noticed a certain
> TLA on my
> cypherpunks T-shirt and admitted that he had once worked in Ft Meade,
> though
> he wouldn't say on what :-)
> 

-- 
Visit proclus realm! http://proclus.tripod.com/
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GMU/S d+@ s: a+ C UBOULI$ P+ L+++() E--- W++ N- !o K- w--- !O
M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e
h--- r+++ y
--END GEEK CODE BLOCK--

[demime 0.97c removed an attachment of type APPLICATION/pgp-signature]



Re: Don't worry...it's just one of Saddam's doubles

2003-12-14 Thread Thomas Shaddack

On Sun, 14 Dec 2003, Tyler Durden wrote:

> Spread the word. The adminstration got desparate. In a few weeks they'll
> announce this isn't the real Saddam, but that rounding up all of the clones
> is necessary progress in the fight to get the real Saddam.

If I don't remember incorrectly, they said something about identifying him
by DNA testing. But it wasn't widely quoted in the mainstream news. So
even if it really is him - they may still claim he isn't the real McCoy if
the insurgency won't stop.

The timing is definitely weird. Too soon before the Elections.

But there is still the backup, the Lost TV Star, also known as Ossama;
whether They intend to announce capturing him, or whether he will be
claimed responsible for Something Scary in a psyops attempt to make the
voters more susceptible to the beat of the Homeland Security drums.



Re: Don't worry...it's just one of Saddam's doubles

2003-12-14 Thread Eric Tully
Ahh... but if that were true, why would the US ever admit it?  Let's say 
they run a DNA test and it's not him... why not just say, "We ran a DNA 
test and it's him!!"   That would be a bigger boost for Bush for the 
coming election.

There's still 13 more in the deck of cards - as well as Bin Laden - to 
use as an excuse to maintain their war on terrorism.

- Eric Tully



Tyler Durden wrote:
Spread the word. The adminstration got desparate. In a few weeks they'll 
announce this isn't the real Saddam, but that rounding up all of the 
clones is necessary progress in the fight to get the real Saddam.

-TD

_
Get holiday tips for festive fun. 
http://special.msn.com/network/happyholidays.armx



Re: cpunk-like meeting report

2003-12-14 Thread Tim May
On Dec 14, 2003, at 6:07 PM, [EMAIL PROTECTED] wrote:

Hi, I've been admiring your and Tim's contributions, and I was 
wondering if
either of you were planning to subscribe to the (new) news list.

http://lists.cryptnet.net/mailman/listinfo/cpunx-news

Be sure and check the archive before posting.  It is still small.
No, we don't need a "cpunx-news" list. This is what Google and the 
ability to see hundreds of various lists and sites is for.

"News" lists tend strongly to be just dumping grounds for crap from 
other lists.


Otherwise, if anyone could recommend additional good sources for
cypherpunk-related news, I'd be very grateful, because I don't feel
right about cross-posting news items to cypherpunks list.  I'm already
subscribed to the Cryptome rdf channel, Politech, and GNU-Darwin of
course.  I don't think I'm interesting enough for Interesting
People ;-}.
I failed the entrance exam for "Interesting People," which is fine, for 
obvious reasons.

--Tim May



Re: cpunk-like meeting report

2003-12-14 Thread proclus
On 14 Dec, Tim May wrote:
> No, we don't need a "cpunx-news" list. This is what Google and the 
> ability to see hundreds of various lists and sites is for.
> 
> "News" lists tend strongly to be just dumping grounds for crap from 
> other lists.

Yea, and I'll admit that I'm a junky, which is why I made the following
pages...

http://www.gnu-darwin.org/update.html
http://www.gnu-darwin.org/applelists.html

More...   info.,   Must have  ...  more...

>> Otherwise, if anyone could recommend additional good sources for
>> cypherpunk-related news, I'd be very grateful, because I don't feel
>> right about cross-posting news items to cypherpunks list.  I'm already
>> subscribed to the Cryptome rdf channel, Politech, and GNU-Darwin of
>> course.  I don't think I'm interesting enough for Interesting
>> People ;-}.
> 
> I failed the entrance exam for "Interesting People," which is fine, for 
> obvious reasons.

ROFL!

Regards,
proclus
http://www.gnu-darwin.org/


-- 
Visit proclus realm! http://proclus.tripod.com/
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GMU/S d+@ s: a+ C UBOULI$ P+ L+++() E--- W++ N- !o K- w--- !O
M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e
h--- r+++ y
--END GEEK CODE BLOCK--

[demime 0.97c removed an attachment of type APPLICATION/pgp-signature]



Re: cpunk-like meeting report

2003-12-14 Thread Tim May
On Dec 14, 2003, at 6:53 PM, [EMAIL PROTECTED] wrote:

On 14 Dec, Tim May wrote:
No, we don't need a "cpunx-news" list. This is what Google and the
ability to see hundreds of various lists and sites is for.
"News" lists tend strongly to be just dumping grounds for crap from
other lists.
Yea, and I'll admit that I'm a junky, which is why I made the following
pages...
http://www.gnu-darwin.org/update.html
http://www.gnu-darwin.org/applelists.html
More...   info.,   Must have  ...  more...
Lie down and just resist the temptation.

The world already has a dozen crypto/cyber rights mailing lists, 
probably more. And many '"e$", "digibucks," "digital bearer 
settlement," and "cybercurrency" types of list just from one single 
person...who also cross-posts to Cypherpunks.

I had a friend who created a new high technology company whenever he 
got bored. Of course, these were not _real_ high tech companies, with 
actual products and actual profits. Rather, they were "ventures," 
things that gave him a new business card, "Orion X. Altschluss, 
President, Plutonic Transgenics, Inc." A few months later, "Director, 
Corporate Relations, the Galt Foundation."

Some people think spinning off new lists whenever they get interested 
in some area is interesting. Most of these lists fail for obvious 
reasons. Sometimes a famous person, especially Net famous, creates a 
vanity list. Hence the "Interesting People" vanity list. This trend 
seems to be giving way to Blogs, however, as the various 
net.personalities realize that what they really want is a forum for 
blogging their message to an attentive audience.

I have done nearly all of my writing for Cypherpunks since 1992. I have 
watched Lewispunks, Perrypunks, various e-rights and digidollars and 
Geodesic Singularity Lists arise and do whatever they do after they 
arise. I have joined none of the varous other lists (which are usually 
"with permission of owner" lists--fuck that).

So now we have someone calling himself "Proclus," who has not 
contributed anything memorable to Cypherpunks, inviting Cypherpunks to 
join his new "cpunx-news" list.

Yawn.

Have fun.

--Tim May

#1. Sanhedrin 59a: "Murdering Goyim (Gentiles) is like killing a wild 
animal."
#2. Aboda Sarah 37a: "A Gentile girl who is three years old can be 
violated."
#3. Yebamoth 11b: "Sexual intercourse with a little girl is permitted 
if she is three years of age."
#4. Abodah Zara 26b: "Even the best of the Gentiles should be killed."
#5. Yebamoth 98a: "All gentile children are animals."
#6. Schulchan Aruch, Johre Deah, 122: "A Jew is forbidden to drink from 
a glass of wine which a Gentile has touched, because the touch has made 
the wine unclean."
#7. Baba Necia 114, 6: "The Jews are human beings, but the nations of 
the world are not human beings but beasts."



Patriot Ants (was: Re: Zombie Patriots and other musings)

2003-12-14 Thread Thomas Shaddack
On Sat, 13 Dec 2003, John Kelsey wrote:

> Of course, there's a more fundamental problem with surrendering to the lone
> warriors.  Imagine that there's such a wave of pro-life terrorism that we
> finally agree to ban abortion.  You're a fanatically committed pro-choice
> activist.  What's your next move?

Two moves possible.

The violent, far less effective and possibly somehow counterproductive
one: attacking the ones who enforce the measurement, by letal or nonlethal
means, to act as deterrent.

The nonviolent one: developing and deploying the technology necessary for
underground clinics to provide higher quality service, and for their
clients to find, order and pay for the services without being likely to
trace down by the Whateveriscurrentlythelaw Enforcement. Causing bad press
for them, keeping public awareness that alternatives to the law-compliance
exist. Learning from countries with similar bans in action, both from the
present and from history, how the alternatives developed there, and
building on this knowledge.

Direct attack is not always the best route, however tempting. A house can
be brought down from the outside by a bomb, or from the inside by white
ants. Insect survival strategies are distributed and largely successful; I
am pretty sure we can learn a lot from there. One "Patriot Ant" doesn't
have to fight in any big way, doing heroic deeds or big sacrifices; enough
people who just provide "samizdat" for few friends, know what files to
mirror, when to look away, what to be "unable to remember" when questioned
by the Authorities, who know the newsbits that aren't officially reported
and tell their friends can make big difference. The strength of Patriot
Ants isn't in their individual strength, they don't make headlines - they
just eat the System from the inside, one bite at time.



Don't worry...it's just one of Saddam's doubles

2003-12-14 Thread Tyler Durden
Spread the word. The adminstration got desparate. In a few weeks they'll 
announce this isn't the real Saddam, but that rounding up all of the clones 
is necessary progress in the fight to get the real Saddam.

-TD

_
Get holiday tips for festive fun. 
http://special.msn.com/network/happyholidays.armx



Re: Patriot Ants (was: Re: Zombie Patriots and other musings)

2003-12-14 Thread Nostradumbass
From: Thomas Shaddack <[EMAIL PROTECTED]>
> On Sat, 13 Dec 2003, John Kelsey wrote:
> 
> > Of course, there's a more fundamental problem with surrendering to the lone
> > warriors.  Imagine that there's such a wave of pro-life terrorism that we
> > finally agree to ban abortion.  You're a fanatically committed pro-choice
> > activist.  What's your next move?
> 
> Two moves possible.
> 
> The violent, far less effective and possibly somehow counterproductive
> one: attacking the ones who enforce the measurement, by letal or nonlethal
> means, to act as deterrent.

I think  you should the word possibly when referring to effectiveness of outcomes.  
One can never knows until one tries.  Every monment in history is unique and the 
effectiveness of the use of a particular strategy can never be ascertained beforehand. 
 Mine is based on at least two inspirations...

"How we burned in the prison camps later thinking: What would things have been like if 
every security operative, when he went out at night to make an arrest, had been 
uncertain whether he would return alive?" --Alexander Solzhenitzyn, Gulag Archipelago
 and

Our government... teaches the whole people by its example. If the government becomes 
the lawbreaker, it breeds contempt for law; it invites every man to become a law unto 
himself; it invites anarchy. -- Louis D. Brandeis 

As Americans I'm sure we have been tutored by some of the best.  Time to put into 
practice what we have learned.

> 
> The nonviolent one: developing and deploying the technology necessary for
> underground clinics to provide higher quality service, and for their
> clients to find, order and pay for the services without being likely to
> trace down by the Whateveriscurrentlythelaw Enforcement. Causing bad press
> for them, keeping public awareness that alternatives to the law-compliance
> exist. Learning from countries with similar bans in action, both from the
> present and from history, how the alternatives developed there, and
> building on this knowledge.
> 
> Direct attack is not always the best route, however tempting. A house can
> be brought down from the outside by a bomb, or from the inside by white
> ants.

The trouble with this method is that is generally requires a large percentage of the 
population to actively or passively support a position.  This almost always occurs 
after a situation has become intolerable to the masses.  I have no intention in 
placing my ability to enjoy what I consider my basic rights into the hands of a 
million Joe Sixpacks and await their enlightenment.


"The only freedom which counts is the freedom to do what some other people
think to be wrong. There is no point in demanding freedom to do that which
all will applaud. All the so-called liberties or rights are things which
have to be asserted against others who claim that if such things are to be
allowed their own rights are infringed or their own liberties threatened.
This is always true, even when we speak of the freedom to worship, of the
right of free speech or association, or of public assembly. If we are to
allow freedoms at all there will constantly be complaints that either the
liberty itself or the way in which it is exercised is being abused, and, if
it is a genuine freedom, these complaints will often be justified. There is
no way of having a free society in which there is not abuse. Abuse is the
very hallmark of liberty."
 -- Quintin H. Hailsham, The Dilemma of Democracy

Get ready for a lot of abuse...



Re: Compromised Remailers

2003-12-14 Thread Bill Stewart
At 06:49 PM 12/13/2003 +0100, some provocateur claiming to be Anonymous wrote:
   A question for the moment might well be how many if any of
the remailers are operated by TLAs?
The TLAs have proposed running various anonymizers for China
and other countries that have oppressive eavesdroppers.
If you go look at past remailer discussions (probably starting with
Tim's Cyphernomicon or some of the remailer docs),
you'll be reminded that just using one remailer isn't enough
if you're worried about it being compromised,
though it's usually fine for trolling mailing lists :-)
Remailers are secure if at least one remailer in a chain
is _not_ compromised, so you not only want to be sure
that some of the remailers you chain through are run by good people,
but that their machines are likely not to have been cracked,
and ideally you use remailers in multiple legal jurisdictions
because that reduces the ability of any one government to put
pressure on the remailer operators, and increases the chances that
if all of the remailers are compromised, at least one of them
isn't compromised by someone who's interested in _you_.


Re: Compromised Remailers

2003-12-14 Thread Tim May
On Dec 14, 2003, at 12:40 AM, Bill Stewart wrote:

At 06:49 PM 12/13/2003 +0100, some provocateur claiming to be 
Anonymous wrote:
   A question for the moment might well be how many if any of
the remailers are operated by TLAs?
The TLAs have proposed running various anonymizers for China
and other countries that have oppressive eavesdroppers.
China has proposed to run remailers for use by citizens of nations with 
laws allowing bureaucrat search warrants (not judges, just civil 
servants), Patriot Acts, no-knock raids, and concentration camps at 
Gitmo.

If you go look at past remailer discussions (probably starting with
Tim's Cyphernomicon or some of the remailer docs),
you'll be reminded that just using one remailer isn't enough
if you're worried about it being compromised,
though it's usually fine for trolling mailing lists :-)
Remailers are secure if at least one remailer in a chain
is _not_ compromised, so you not only want to be sure
that some of the remailers you chain through are run by good people,
but that their machines are likely not to have been cracked,
and ideally you use remailers in multiple legal jurisdictions
because that reduces the ability of any one government to put
pressure on the remailer operators, and increases the chances that
if all of the remailers are compromised, at least one of them
isn't compromised by someone who's interested in _you_.
I haven't carefully looked at the current source code (if it's 
available) for things like "Type II Mixmaster" remailers, things which 
offer reply-blocks.

Certainly for the canonical Cypherpunks remailer, the 
store-and-forward-after-mixing remailer, the fact that the nested 
encryption is GENERATED BY THE ORIGINATOR means that interception is 
useless to a TLA. The most a TLA can do is to a) not forward as 
planned, resulting in a dropped message, or b) see where a particular 
collection of random-looking (because of encryption) bits came from and 
where they are intended to next go.

In particular, a TLA or interceptor or corrupted or threatened remailer 
operator CANNOT insert new text or new delivery instructions into 
packets received by his node BECAUSE HE CANNOT OPEN ANY PAYLOAD 
ENCRYPTED TO THE NEXT NODE. Anything he adds to the payload bits (which 
he can see of course, though not decrypt or make sense of) will of 
course make the next node see only garbage when he tries to decrypt the 
payload.

This process continues, in a recursive fashion.

Now of course there are some boundary conditions. If every remailer is 
compromised, then complete "visibility" is ensured. The sender and 
receiver are in a fishbowl, a panopticon, with everything visible to 
the TLA or attackers.

And if even a fraction of the remailers are compromised, then with 
collusion they can map inputs to outputs, in many cases. (How many they 
can and how many they can't are issues of statistics and suchlike.)

Another boundary condition is when a remailer network is lightly used, 
or when correlations between sent messages, received messages, and 
actions take place. A signal recovery problem, perhaps akin to some 
military sorts of problems.

(Note that this "few users" problem is essentially isomorphic to 
"compromised remailers." And if the TLAs are the dominant users of 
remailers, sending dummy messages through, they get the same benefits 
as when their are few users or compromised remailers. For example, if 
the typical mix "latency" is 20 messages, and TLAs account for 98% of 
the traffic through remailers, then it's easy to calculate the Poisson 
probability that they can trace the only message that is NOT theirs. 
And so on.)

Most of these problems go away when the number of remailers is large, 
the number of independent users is large, and the remailers are 
scattered in multiple jurisdictions, making it hard for the TLAs to 
enforce or arrange collusion.

Another "trick" of use in _some_ of the boundary conditions is to "BE A 
REMAILER." This gives at least one node, namely, oneself, which is 
presumably not compromised (modulo black bag attacks, worms, that sort 
of stuff). And one could pay others to operate remailers with trusted 
code. (No disk Linux computers, for example, as discussed by several 
here over the years..)

Finally, most of these issues were obvious from the very beginning, 
even before Cypherpunks. When I proposed the "quick and dirty" 
remailers in the first Cypherpunks meeting, the ones we emulated in our 
Games, it was with the full awareness of David Chaum's "untraceable 
e-mail" paper of 1981 (referenced in the handout at the first meeting). 
And of his later and more robust DC Net paper of 1988, further 
developed by the Pfitzman team around that time.

The Chaum/Pfitzman/et. al. DC-Net addresses the collusion problem with 
novel methods for doing, effectively, zero knowledge proofs that some 
bit has bit been entered into a network without any traceability as to 
who entered it. (Chaum uses 3 people at a restaurant, usin

cpunk-like meeting report

2003-12-14 Thread Major Variola (ret.)
I went to a meeting of the Irvine Underground (irvineunderground.org)
which reminded me of late-90s SF CP meatings.  Although the overall
tech level was probably lower and social implications weren't a big
topic.
Also, at this meeting, there were far more cameras or videocams than
were present (at least overtly :-) at the few CP meats I attended.
However,
nyms were used more than they were (overtly :-) at CP meatings; this may

have been due to a "introduce yourself" poll.  The IU
group seems to be a bit more social, going to movies for instance, than
the
topic-only CPs were.  The meeting was held in a room at an IHOP (pancake
restaurant
for furriners)

The exploit mentioned in
http://www.usatoday.com/tech/news/2003-12-11-microsoft2_x.htm
was demonstrated, we were debriefed on the recent LA 802.11b War Flying
mission
(and the EMI resistance of 1960's era single-engine airplane instruments
:-).
Toorcon organizers were present.  About 30+ people
were there, with what appeared to me to be a bimodal distribution of
skills,
some advanced, some admitted unix newbies, etc.  There was even
recreational
lock picking.  A WiFi LAN, net connectivity through someone's cell phone
eventually.
A video projector.

I didn't notice persons with exceptional Euler numbers,
though black was definately the color of choice for garments.  Ages
appeared
well distributed from undergrad to hoary.  One gent noticed a certain
TLA on my
cypherpunks T-shirt and admitted that he had once worked in Ft Meade,
though
he wouldn't say on what :-)



Re: Zombie Patriots and other musings

2003-12-14 Thread Major Variola (ret)
(resend) 
At 11:52 AM 12/13/03 -0500, John Kelsey wrote:
>At 09:19 AM 12/12/03 -0800, Major Variola (ret) wrote:
>...
>>You need to think about the "lone warrior" scenario that the Gang
>>worries about.  McVeighs and Rudolphs.
>>They were influenced by memes which were not immediately suppressed.
>
>One interesting property of the lone warriors is that they can't
actually
>make peace.

Good points, but not entirely true.  For instance, we could stop the
Jihad (tm)
(including future Jihads by other parties) by stopping all foreign aid,
following the good general's advice,
"Trade with all, make treaties with none, and beware of foreign
entanglements."

If you take yourself out of the game, you are not seen by a player which
can be influenced.
Or which influencing would do any good to a given cause.

A government can take itself (and thus the proles that fed the NYC
rodentia the second week
of Sept 01) out of the game,  while individuals (corporations) continue
to trade freely, and at their
own consensual risk.

The point is that while the soldiers are independent, their motivations
are not.  So you can
reduce the cost of the lone warriors to you by not annoying them any
more.


>Of course, there's a more fundamental problem with surrendering to the
lone
>warriors.  Imagine that there's such a wave of pro-life terrorism that
we
>finally agree to ban abortion.  You're a fanatically committed
pro-choice
>activist.  What's your next move?

Rudolph bombed clinics, not random people because the govt allowed the
clinics.  Contrast with a distributed jihad which attacks citizens to
sway a govt.

If the US went neutral, whether Halliburton was in Arabia would be
entirely an economic
question, involving the cost of paying off widows or hiring Islamic
workers, or buying the
goods through a third party.  Instead its a policy question, the only
way to influence it
is to bring it home ---"the only language the American people understand
is
dead Americans." -EC

---
"Can you hear me now?" -UBL, 11.9.01



Re: Compromised Remailers

2003-12-14 Thread Bryan L. Fordham
Tim May wrote:

I haven't carefully looked at the current source code (if it's 
available) for things like "Type II Mixmaster" remailers, things which 
offer reply-blocks.
The source is available for mixmaster.  However, Type II does not offer 
reply blocks.

Certainly for the canonical Cypherpunks remailer, the 
store-and-forward-after-mixing remailer, the fact that the nested 
encryption is GENERATED BY THE ORIGINATOR means that interception is 
useless to a TLA. The most a TLA can do is to a) not forward as 
planned, resulting in a dropped message, or b) see where a particular 
collection of random-looking (because of encryption) bits came from 
and where they are intended to next go.
Not necessarily.  You don't have to be able to read a message to 
determine what it is.  In the case of an amphibian remailer operator 
(who shall remain nameless) revealing the identity of someone using his 
remailer, this remop ran 2 of the three remailers being used.  The chain 
went:

A -> B -> C -> D -> E
where A is the sender, E the recipient, and B and D are the remailers 
controlled by the same person. Also, if the message to E had been 
encrypted it wouldn't have mattered much in identifing who what sending 
something to whom.

The remop could tell that a message from A coming in through B always 
resulted in a message going to C, and that such messages always had a 
corresponding message from D to E.  The fact that the messages were 
encrypted to each remailer's key, and that the middle remailers was not 
compromised, did not protect the user.

There were a some special circumstances to this, the biggest one being 
that A was sending a ton of messages, all of similar size, through the 
exact same chain.  But it does show the problem with Type I reply blocks 
in use by the current system.

In particular, a TLA or interceptor or corrupted or threatened 
remailer operator CANNOT insert new text or new delivery instructions 
into packets received by his node BECAUSE HE CANNOT OPEN ANY PAYLOAD 
ENCRYPTED TO THE NEXT NODE. Anything he adds to the payload bits 
(which he can see of course, though not decrypt or make sense of) will 
of course make the next node see only garbage when he tries to decrypt 
the payload.
Of course they can't alter the encrypted text, but it may be possible to 
add text after the pgp-encrypted block to make tracking the messages 
easier.  There's also the issue of taking a reply block and replaying it 
with new text in order to watch where it goes.

[snip]

And if even a fraction of the remailers are compromised, then with 
collusion they can map inputs to outputs, in many cases. (How many 
they can and how many they can't are issues of statistics and suchlike.)
Exactly. This is the case I was mentioning above.  It shows that the "if 
one remailer is legit your messages are safe" line of thinking is not 
necessarily true.

[snip]

Adding reply-block capability significantly raises the risks for 
traceability, in my opinion. I am not casting doubt on the Anonymizer 
and on Mixmaster Type N (whatever is current), but I have not seen 
much detailed discussion here on the Cypherpunks list, and I am 
unaware of peer-reviewed papers on the cryptographic protocols being 
used. (If they exist, pointers here would be great to have!)
Type II is the current, though cypherpunk (Type I) are in use.  II does 
not allow for reply blocks.  Type III (mixminion) is in active 
development and allows for SURBs - Single Use Reply Blocks -- that will 
allow for nyms without having to store a set number of reply blocks that 
can be replayed (a la the current type I pseudonym setup)

Anyway, just a few thoughts.  I'm far from an expert on this so take 
everything with a large grain of salt.

--B