From: Matt Thomlinson <phantom@u.washington.edu>
Date: Fri, 11 Mar 94 20:02:14 PST
To: cypherpunks@toad.com
Subject: brainstorming on cpunks' eve
Message-ID: <Pine.3.89.9403112006.A15246-0100000@stein1.u.washington.edu>
MIME-Version: 1.0
Content-Type: text/plain



As is mentioned in tims' latest Rant(tm), I've been working on ideas for
creating other cypherpunk services that would be possible to deply to the
net. I've come up with a few, but they are of dubious quality. 

I'm hoping that by posting ideas I know are flawed/of little use that 
followup disscussion might refine them. 

We saw a use for remailers -- to gain a certain anonymity not present in 
cyberspace. How about information drops? How about digital cash drops 
(alt.cash.drop anyone?) I know digicash isn't the rage, and such a
group would probably do zero good for some time, but I'd like to start
talking about the ideas. 

With payments in digicash, you could supply a public key (newly created, 
of course). After the cash is generated/remitted by the other party, 
it would be encrypted and posted to the group. Noone could use the cash
as it sat there, since they can't unwrap the cash. (I like to think of it
as dropping the cash in a sealed envelope). I'm trying to think of both
uses and problems this exhibits. Lots of extra "session keys" is the only
drawback I see. 

Other possible net services: random number services, which don't keep
logs of the numbers it produces -- have it spit a statistically-correct
random stream each time a port is opened? Would this be that useful?

Also, one could set up a hashing/signing service, more akin to a time
stamp service. Mail would be sent to your service, which would attach
the output of 'date' to the bottom of the msg and then +clearsig it. I'm
thinking that chains of two or maybe three reliable machines should be 
used, since all it takes to break this is to change the clock on the
machine you're signing with. With a few (>1) machines, it becomes
very clear that the message was sent at a certain time. Perhaps this 
could be used in the future for "Registered Mail" type exchanges, or 
perhaps as part of a "Digital Notary" system?



As for our media coverage, I'm happy with it so far. I'm willing to bet
digicash that we'll see _television_ coverage re: clipper in the next 
few months. EFF, among others, should be working on that; we've 
already been able to get the word out via newspapers/magazines and radio. 
I wouldn't be at all suprised to see a blip on 20/20 or maybe a 15-second
spot by Tom Jennings & co. before July. 


And projects! I'm currently in the middle of finals, but I'm looking
forward to getting back to work on the things that _really_ matter. 

I was wondering what people were thinking about putting together a 
page for WWW? Would it be useful? Would people browsing around look at
it and would it be a medium to disseminate info? Maybe divide it up...


	RSA, DES, IDEA, 3-DES, etc.

	Clipper, Capstone, Skipjack, Tessera

	PGP, stego programs available, RIPEM, etc.

	EFF, CPSR, Cypherpunks----
			     |media coverage
		             |remailers
			     |stego
			     |voice pgp
			     |clipper projects-FOIAs, bigbro inside, etc.

	other sources of info: sci.crypt, alt.pgp, alt.whistleblowers, 
		alt. privacy, alt.security.



Ideas and suggestions appreciated. 


mt


Matt Thomlinson                               Say no to the Wiretap Chip!
University of Washington, Seattle, Washington.
Internet: phantom@u.washington.edu      	    phone: (206) 548-9804
PGP 2.2  key available via email or finger phantom@hardy.u.washington.edu