From: Hal <74076.1041@CompuServe.COM>
Date: Sat, 28 Nov 92 10:23:07 PST
Subject: Misc. Items
Message-ID: <921128181712_74076.1041_DHJ61-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


A few random points related to messages from the last few days.

(First, a "meta" point - whenever I post to this list, I get from
3 to about 10 messages over 2 or 3 days reporting on delivery errors.
It would be nicer if these went to someone else.  Some of the messages
include as many as 20 or 30 names of list subscribers who were apparently
included in the same "outgoing batch" as the bounced mail.)

On PGP key verification: I understand that Branko hopes to get version
2.1 of PGP out in a week or so.  One of the new features will be a
mode to display a MD5 hash of each PGP key to facilitate read-aloud
over the telephone.  This should make it easier to phone-verify PGP
keys, so we can have more _good_ sigs.

On pseudonyms and reputations: Several people have suggested that it
would be easy to conjure up dozens of fake personalities who would
then vouch for each other, giving the illusion of a well-founded and
trusted pseudonym.  This would be ideal for con men and cops.

This can be defeated by the use of the is-a-person credential, which
Chaum describes in a couple of his papers, including CACM Oct 1985.
This is a signed document given by an organization which makes you
come in and give your thumbprint.  The document is "re-blinded" a la
Chaums' proposals for electronic cash, so that there can be no linkage
between your is-a-person document and your actual thumbprint.  However,
the thumbprint makes it so you can't get more than one is-a-person
document.

Now, when you go to apply for credit, and you say, here are signatures
from dozens of people that I've done business with in the past, and
I've paid them all off on time, the first thing the creditor is going
to ask is, who are all these people?  Are they legit?  Can you at
least show me is-a-person creds on them?  You won't be able to.  You
only have one is-a-person credential, and you can't make more.

Again, these credentials do _not_ hurt crypto anonymity.  There is no
linkage between your credential and anything else about you.

On electronic banking: The interesting thing about electronic banking
is digital cash.  The key feature of digital cash is anonymity of
payments.  There is nothing subversive about this.  Ordinary cash
has (nearly) this property.  Are you being subversive when you buy
a newspaper without paying by check or credit card?  Of course not.

The point is, we want to use digital payments so that we can transact
business over the net.  But the more things get computerized, the more
possible forms of monitoring there are, by businesses as well as gov-
ernments.  There's nothing immoral in trying to keep VISA from knowing
whom I like to do business with.  Digital cash is designed to allow
the convenience of electronic shopping, while keeping the privacy of
ordinary cash payments.  Conceptually, it's a simple idea.

Technically, what has to be done to turn an electronic banking proposal
such as Don Bellenger's into electronic cash is some way to make it
so that withdrawals can't be paired up with deposits.  You also need,
of course, to prevent cheating such as spending the same piece of cash
twice.  It's not trivial to meet these requirements.  The Chaum proposal
I described is the simplest one that I know of that achieves this.

On remailers: I haven't yet succeeded in doing a doubly-encrypted
remailer test using Bill O'Hanlon's and mine.  Once this works, I'll
post instructions on how to do this, and possibly a script or two to
make it easier.  With two encrypted anonymous remailers, you can for
the first time send anonymous messages such that no one person can
know whom you are sending to.  Bill and I would have to collude to find
out who sent a particular anonymous message.  If more such remailers
can start operating, such collusion will become that much more difficult.

On John Draper: I just wanted to say publically that the famous
"Captain Crunch" was an inspiration to me when I was in college in the
1970's.  Although I did not become a "phone phreak" or "cracker" he
represented to me the spirit of questioning authority and exploring
beyond the accepted bounds of the system.  I have followed his career
to some extent over the years and I think he has more than paid for
any sins he may have committed in his youth.  I for one am thrilled
to have the idol of my younger days on the list.

Hal
74076.1041@compuserve.com