From: nobody@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 862da68224f07cc1328290a3a8e3af1775fb805ccd48d10d7cddc3155cec1010
Message ID: <199405110047.RAA09840@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-05-11 00:46:32 UTC
Raw Date: Tue, 10 May 94 17:46:32 PDT
From: nobody@shell.portal.com
Date: Tue, 10 May 94 17:46:32 PDT
To: cypherpunks@toad.com
Subject: Re: Why Digital Cash...
Message-ID: <199405110047.RAA09840@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Well I'm bummed, my earlier post on this seems to have been totally
ignored. I will shorten it.
Tim May asks some interesting questions about the pace of crypto
deployment, and asks about "compensating" people for their work.
OBSTACLES
I think there are two main reasons for slow deployment:
1. Lack of resources
To really do it right, you must own a net connected machine.
- digital bank: speed, convenience
- data havens: speed, convenience, access to huge storage
- anonymous remailers: need to be able to control sendmail logging,
need to be able to hack config files for best results, etc.
Owning the machine this stuff runs on (no other users) is necessary
for key security. For guarding against what Tim calls "Mom and Pop"
type remailers (ones that may vanish at anytime when a student
graduates, moves, etc.)
2. Legal issues
In my mind, the biggest hurdle.
- patents: these may really suck but the fact is they are legal
until a court overturns them, or they expire ;)
- exposure: the operator assumes a certain (almost unpredictable)
risk. For example:
* suppose I run a data haven and people use it for moving pirated
software.
* suppose somebody uses an anonymous remailer to threaten another
Call me nuts, but the fact that many remailers run on systems that
do log mail is "protection" for the remailer operator. A balance
needs to be struck between offering anonymous mail and logging;
unfortunately I think in the current climate the balance lies
closer to logging to avoid problems.
Don't get me wrong, I'm in favor of this technology (I've run
remailers, etc.). But the "infrastructure" to deal with some events
isn't here.
(Say somebody gets threatening anonymous mail. In a world rich with
crypto tools, this person would be using positive reputation filters,
ignoring mail not digitally signed, maybe even be posting to usenet or
participating in an email list "anonymously" themselves with return
address blocks, etc. In this case, their identity could be kept
completely private.)
INCENTIVES
What are the incentives for running these services? None as far as I
can tell, other than the satisfaction of doing it. I'm not sure the
market is ready for anonymous mail, data havens, etc. So it falls to
interested hobbyists to experiment with.
Johan Helsingus (Julf of anon.penet.fi) spends hours a day maintaining
his site, responding to complaints, etc. He provides a valuable
service, which obviously is very popular... all the same, I'll bet
when he asked for a donation of $5 per account to help defray costs,
he got almost no response.
> Later protocols have not fared as well. Why this is so is of great
> importance.
I'm very interested in hearing your theories about this, Tim. Post!
I too wish things were different.
We are in a "ease of use" phase. Most people on this list don't even
pgp sign their messages, largely because it isn't convenient. It
isn't surprising later protocols aren't faring well.
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLdAqdIOA7OpLWtYzAQFrzgP+Mtrvyq+aG0pIX57t/bJ+L1dsbO+tnf3O
orcr8ZytlNWFfaoxDVf33780FCRFHsP06xOmXRiGM14bWrIVKbq+D9y4pvx8Qh/6
4YEND80DWooALAK8Meo4gKJgc5EPXcsGgW9/JvfjP46VG2kq7vcAQoKGH9HZe4c7
W+0I3cpteQg=
=sLe4
-----END PGP SIGNATURE-----
Return to May 1994
Return to “tcmay@netcom.com (Timothy C. May)”