From: Hal <hfinney@shell.portal.com>
Date: Mon, 25 Apr 94 20:44:46 PDT
To: cypherpunks@toad.com
Subject: Re:  Programming languages debate
Message-ID: <199404260345.UAA04412@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


One thing not being emphasized in this discussion about languages,
crypto scripts, and such, is that a big reason why we don't have more
crypto tools is because they are a lot of work to write.  I can speak
from personal experience on PGP.

Just going from PGP 1 to PGP 2 took over a year, almost a year and a half.
That involved a lot of little cleanups: better handling of key rings, going
to IDEA in place of Bass-O-Matic (the cipher used in PGP 1); adding some new
packet types, etc.  But PGP 1 had most of the same basic cryptographic
functionality (RSA+conventional) as PGP 2.

And it was amazing, really, that as much got done as it did in that time
frame.  Most of that is due to Phil Zimmermann's managerial abilities.
People know Phil as a privacy advocate, a crypto enthusiast, a talented
programmer.  What they may not realize is that his greatest skills are (IMO)
in personal relations.  Phil is able to make things happen, to shepherd a
network of easily distracted programmers from point A to point B.

This means being willing to push, to call someone up and say, "do you have
that done yet," and "can you have it for me tomorrow."  Phil was not afraid
to keep the pressure on in order to make sure progress was made.  He had to
constantly keep this up for over a year to get PGP 2 out.

Granted, Phil was working under somewhat unusual constraints due to the
unique legal situation involving the RSA patents.  But most of the kinds of
things we are interested in playing with can't help but infringe on some-
body's "intellectual property" given the massive barbed-wire-fencing of
the cryptographic concept space that's been going on (see my posting last
week on Chaum's multitudinous patents).  Plus, now we know that any success-
ful public-domain cryptographic product is likely to leak overseas and ex-
pose the author to the threat of a prison term.  These are hurdles which
cannot be taken lightly.

I don't know whether the introduction of easier-to-use crypto tools will
really change things.  Pr0duct Cypher's PGPTOOLS was explicitly intended to
address this problem, but the only thing I've seen so far is his own Magic
Money (although I heard in email about another application being worked on).
I think what we really need is some motivated programmers who are willing to
learn crypto and work on projects.  I think that would be a better use for
this list than the kinds of discussions we have been having lately.

Hal