From: hfinney@shell.portal.com (Hal Finney)
Date: Fri, 8 Oct 93 23:49:30 PDT
To: cypherpunks@toad.com
Subject: Re:  Virtual City (tm) Network FAQ 1.0 (fwd)
Message-ID: <9310090525.AA29378@jobe.shell.portal.com.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


This Virtual City project does have an interesting conceptual link to
cypherpunk philosophy.  Many of us have been influenced by the fiction
of Vernor Vinge, particularly his "True Names".  In this story we find
many elements of our cypherpunks mythology introduced:  digital
pseudonyms, anonymous mail, untraceable identities.  The heroes of the
story are hackers, powerful on the net, but with their real identies
unknown.  Having your true name discovered was the worst disaster that
could occur, as it made you vulnerable to many kinds of attacks, both
from other hackers and from the government.

In Vinge's story, people online interact in virtual environments.
This Virtual City and the other projects like it are trying to move
towards an online virtual environment similar to that described in
Vinge's story (and cyberpunk fiction).  It would be nice if they had
crypto anonymity and digital pseudonyms built in from the beginning.

Unfortunately, although they talk it up, the author of the FAQ doesn't
seem to really understand PK crypto:

> Send email to "vcreg@virtual.net" with pertinent
> info: your name, your requested character name, and a short blurb
> which will become your initial description.  Oh yes, and your Public
> Key.
> 
> Don't have one?  Tsk, tsk, they're a good thing to have in general; go
> out and connect to a public key server and get yourself a key-- we'll
> send out your initial password encrypted to you, and you can decipher
> it with our public key.  Fun, eh?  If you're a sufficiently
> enthusiastic cyberspace denizen to pre-reg, you probably already have
> a public key...

This is not how keys work: you don't need to connect to a public key
server to get yourself a key; and if they send something encrypted "to you"
then you wouldn't decipher it with their public key, but rather with your
private key.  Also, they should say whether they are using PGP, RIPEM,
PEM, or some new system for the public keys.  My guess is that they
haven't gotten that far yet.

Still, it might make sense for someone from this list to give them some
help on the crypto aspects.  This could be a safe and fun environment
in which people could be introduced to crypto, and it could even expand
eventually to include cryptographically protected business
relationships.  Tim May has suggested that strong crypto could be
initially deployed as part of a game, and this could be a beginning.

Hal
hfinney@shell.portal.com