From: nobody@shell.portal.com
To: cypherpunks@toad.com
Message Hash: eff31eb16fc3d69bc452a7cae2b3d30ceb17a6d9f9ece70005bd77621c4a4f8c
Message ID: <199405051539.IAA01684@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-05-05 15:38:25 UTC
Raw Date: Thu, 5 May 94 08:38:25 PDT
From: nobody@shell.portal.com
Date: Thu, 5 May 94 08:38:25 PDT
To: cypherpunks@toad.com
Subject: theories about lack of crypto
Message-ID: <199405051539.IAA01684@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
sorry if this appears twice; I sent a copy through one of the new anonymous
remailers last night and it looks like it didn't make it. Or I messed up
somehow ;)
-----BEGIN PGP SIGNED MESSAGE-----
Tim May brings up some interesting and valid points about crypto
protocols.
I think there are several reasons surrounding the slow pace of crypto
protocol (particularly software) development; rather than list them
let me explain the difficulties in setting up a "data haven" (as far
as I can see):
I - Difficulties
1. The usual stuff like finding the time to code and maintain
software, including getting access to a workstation (or whatever,
some net connected computer given that my home computer is a PC
running MSDOS).
2. Say all this code gets written. To really be able to run a data
haven, I'd need to own the machine it runs on, to have the power to
call all the shots. Yes, maybe my internet provider charges $x per
megabyte, but I seriously doubt I'd be allowed to use up 100 Megs of
disk space, even if I payed (and charged a bit more for storeage to
cover my expenses). Now I can get a SLIP account for about $50 a
month where I live, and so if I had a spare computer to devote, I'd be
set, sort of.
I'd definitely need the machine to be available on a network,
otherwise it would be too inconvenient and nobody would use it. Of
course, I'd also need an easy to use digital cash system to accept
payments.
Same thing with top-notch anonymous remailers; to be able to turn off
logging, and be in control of a hundred details, I need to own the
machine.
Same thing with digital banks. Who would use a bank that runs off
of an account from an internet provider? Besides, I'd need to own the
machine to setup the appropriate security measures, etc.
3. Legal issues.
This is the biggest problem. By running a data haven (and this
applies to many other cryptographic protocols, particularly ones that
guarentee anonymity, etc.) I pretty much open myself up to a legal can
of worms. All it takes is one person to store pirated software, one
person to send death threats through my "strong" anonymous remailer,
one person to forward Clarinet posts to usenet, and I'm potentially
in for a battle. Craig Neidorf (phrack) went to court and racked up a
legal bill of $100,000, all for the government to drop its case.
Consider if somebody posted anonymous soliciting pirated software.
Let's say in a year, I set up an anonymous remailer and digital
bank, and it really is anonymous. Somebody posts, soliciting the
source code for Chicago (just an example), offering $10 million
dollars. Some anonymous person sends it off, and receives payment.
Neither party is traceable, and both are very happy. Except me.
How screwed do you think I'd be facing the legal department of Microsoft?
Yeah, the solution is to relocate off-shore; this is not feasible
for me.
This is only the tip of it since a large number of the more
interesting and useful protocols are patented. Sure, maybe the
concept of software patents suck, but the fact it, it's legal until a
court overturns it. And I don't have the money to mount a legal battle.
There is a balance to be struck between offering totally anonymous
remailing (for example) and keeping enough logs to keep out of
potential legal trouble. The problem is that the balance falls closer
to the logging side, which would scare off potential users/customers.
II - Incentives
Really, what are the incentives for running these services? None as
far as I can tell, other than the satisfaction of doing it.
Johan Helsingus (Julf of anon.penet.fi) spends hours a day maintaining
his site, responding to complaints, etc. He provides a valuable
service, which obviously is very popular... all the same, I'll bet
when he asked for a donation of $5 per account to help defray costs,
he got almost no response.
III - Usage
Why aren't people using DC-Nets, data havens, etc.? Because I don't
think there is a reason to.
I'm not saying that it's a waste of time to develop this software;
it's just for now it'll be confined to experimental usage, research
purposes, or just as a challenge to surmount.
I mean, I know what a DC-Net is, but I can't think of a single reason
I'd actually use one, other than for the heck of it.
IV - Platforms
Well, for me, it would be MS-DOS. I love UNIX too, but my home
computer is 10 times more convenient to develop for.
>it all...remailers appear and then vanish when the students go away or lose
>their accounts, features added make past learning useless, and so on. Life
All I can say is for the near future, I don't see any of this stuff
being done by anybody other than "hobbyists".
"The Internet Casino"
This sounds great, in fact, I've thought of writing a crypto version
of roulette or blackjack... something that would use a bit-committment
protocol to committ to a shuffle or sequence of random number, and
play you. Afterwards, you could check logs to verify you weren't
cheated. Maybe I'll actually find some time this summer to write it,
> Later protocols have not fared as well. Why this is so is of great
> importance.
I'm interested in hearing your theories about this, Tim. I too wish
things were different, but I just can't do much about it.
I still think we are in a "ease of use" phase. Most people on this
list don't even pgp sign their messages, largely because it isn't
convenient. It isn't surprising later protocols aren't faring well.
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLchxHIOA7OpLWtYzAQGP1QP9HbB+1eHhF5otXP9ShcC7mu5vSDVTeIf2
SNr4u28WOgRRHFP4MQcsvYp7VM0ELNhIdMXpCiThgl2kVj0oomLNboCpW0HNW9jn
4dux0K0hGJqsoxeZhqvNEybIQiVPHg0VFdkwI6q79V+oHynlOOaNZyJXad6ZFwsv
xxUlGjLdmK8=
=AAzE
-----END PGP SIGNATURE-----
Return to May 1994
Return to “nobody@shell.portal.com”
1994-05-05 (Thu, 5 May 94 08:38:25 PDT) - theories about lack of crypto - nobody@shell.portal.com