1998-09-27 - Re: Cypherpunks defeat?

Header Data

From: “Robert A. Costner” <pooh@efga.org>
To: cypherpunks@cyberpass.net
Message Hash: 6edd953d03bc00261a78f12f6edf0e518402ce2fd3cf86e24158ce931998e9a0
Message ID: <>
Reply To: <199809231921.VAA12284@replay.com>
UTC Datetime: 1998-09-27 13:31:48 UTC
Raw Date: Sun, 27 Sep 1998 21:31:48 +0800

Raw message

From: "Robert A. Costner" <pooh@efga.org>
Date: Sun, 27 Sep 1998 21:31:48 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Cypherpunks defeat?
In-Reply-To: <199809231921.VAA12284@replay.com>
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain

At 05:10 PM 9/27/98 -0700, James A. Donald wrote:
>Few people use encryption technology today, because few
>people have real need of it.

I would tend to disagree with this.  Instead, few people use encryption
technology today because encryption technology is seldom transparent to the

Few users "think" encryption when they use SSL.  It is transparent.  I
suspect that if you were to survey recent users of SSL pages, you would
find that most believe they have not used encryption in the last week.

When PGP 5.x came out, suddenly encryption became, not widely used, but
much more widely than before.  Encryption in email became somewhat
transparent in the sending process of email, but still non transparent in
the transport and receiving of the email.  The user can easily tell the
difference between an encrypted and a non encrypted message.  This non
transparent quality is still a problem.  

Compare this with forged headers (which mainly are hidden in most email
clients).  Forged headers are transparent to the receiver until a closer
look is made.  To compare the two, with encrypted email the message is not
readily apparent.  An action must be taken (with Eudora/PGP and S-Mime
about four actions) to see the text of the message.  On the other hand,
with forged headers the message is apparent, and an action must be taken to
determine that it is not a valid message.

If my email came to me encrypted, only decipherable with my private key
with no passphrase or other action by me, I would be happy.  My computer
sits next to a drawer containing a pile of cash.  I perceive the cash to be
secured.  I also perceive my computer to be secured.  I want my encryption

>reasonably liquid net money... so they
>have little need to encrypt their messages

I personally would like all my cell phone, cordless phone, and email
communications transparently encrypted.  If it were an option, and was
seamless  transparent, and the same price, then I suspect most people would
as well.

>If several banks in some moderately popular banking haven
>allowed people to transfer funds instantly and cheaply from

Yes, this has been a big problem.  Teller machines are now at about $1 per
transaction to cross networks.  Most of the internet payment systems
require a large chunk of the money be retained by the processing system.
Secure servers often want 12% to 50% of the transaction.  PC banking has
monthly charges.

>One cent, or half a cent, is probably the sweet spot for
>pages and dirty picture, with quarters being the sweet spot
>for games and gambling.

I would suggest millicent to 1/100 of a penny for web page access.  A penny
a click would make me think twice, 1/100 of a penny would not cause me to
consider it.  But to be honest, today I would avoid a pay site and go to
the free sites.

>Obviously pay pages cannot and should not be searched by
>search engines

If my pages were for pay, I would want them to turn up in the search
engines.  This is easy enough.  When I examine my logs, I can easily see
when certain search engines come looking.  The micropayment software simply
has to be configurable to allow certain IP addresses to be allowed to pass
without paying.

>But for the scheme to be successful, we need many token

Is there existing open software available for this?

  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:pooh@efga.org  
     http://www.efga.org/            run PGP 5.0 for my public key