1994-05-11 - Re: Why Digital Cash…

Header Data

From: nobody@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 862da68224f07cc1328290a3a8e3af1775fb805ccd48d10d7cddc3155cec1010
Message ID: <199405110047.RAA09840@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-05-11 00:46:32 UTC
Raw Date: Tue, 10 May 94 17:46:32 PDT

Raw message

From: nobody@shell.portal.com
Date: Tue, 10 May 94 17:46:32 PDT
To: cypherpunks@toad.com
Subject: Re: Why Digital Cash...
Message-ID: <199405110047.RAA09840@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Well I'm bummed, my earlier post on this seems to have been totally
ignored.  I will shorten it.

Tim May asks some interesting questions about the pace of crypto
deployment, and asks about "compensating" people for their work.


I think there are two main reasons for slow deployment:

1.  Lack of resources

  To really do it right, you must own a net connected machine.

  - digital bank: speed, convenience
  - data havens: speed, convenience, access to huge storage
  - anonymous remailers: need to be able to control sendmail logging,
    need to be able to hack config files for best results, etc.

  Owning the machine this stuff runs on (no other users) is necessary
  for key security.  For guarding against what Tim calls "Mom and Pop"
  type remailers (ones that may vanish at anytime when a student
  graduates, moves, etc.)

2.  Legal issues

  In my mind, the biggest hurdle.

  - patents: these may really suck but the fact is they are legal
    until a court overturns them, or they expire ;)
  - exposure: the operator assumes a certain (almost unpredictable)
    risk.  For example:
    * suppose I run a data haven and people use it for moving pirated
    * suppose somebody uses an anonymous remailer to threaten another

    Call me nuts, but the fact that many remailers run on systems that
    do log mail is "protection" for the remailer operator.  A balance
    needs to be struck between offering anonymous mail and logging;
    unfortunately I think in the current climate the balance lies
    closer to logging to avoid problems.

Don't get me wrong, I'm in favor of this technology (I've run
remailers, etc.).  But the "infrastructure" to deal with some events
isn't here.

(Say somebody gets threatening anonymous mail.  In a world rich with
crypto tools, this person would be using positive reputation filters,
ignoring mail not digitally signed, maybe even be posting to usenet or
participating in an email list "anonymously" themselves with return
address blocks, etc.  In this case, their identity could be kept
completely private.)


What are the incentives for running these services?  None as far as I
can tell, other than the satisfaction of doing it.  I'm not sure the
market is ready for anonymous mail, data havens, etc.  So it falls to
interested hobbyists to experiment with.

Johan Helsingus (Julf of anon.penet.fi) spends hours a day maintaining
his site, responding to complaints, etc.  He provides a valuable
service, which obviously is very popular... all the same, I'll bet
when he asked for a donation of $5 per account to help defray costs,
he got almost no response.

> Later protocols have not fared as well. Why this is so is of great
> importance.

I'm very interested in hearing your theories about this, Tim.  Post!
I too wish things were different.

We are in a "ease of use" phase.  Most people on this list don't even
pgp sign their messages, largely because it isn't convenient.  It
isn't surprising later protocols aren't faring well.

Version: 2.3a