From: Raph Levien <raph@c2.org>
To: cypherpunks@toad.com
Message Hash: 50150684dd10b08f9666e86d7a96c08875428e18b3c42cc2f15846641ce74a48
Message ID: <199512312146.NAA22286@infinity.c2.org>
Reply To: N/A
UTC Datetime: 1995-12-31 22:14:45 UTC
Raw Date: Mon, 1 Jan 1996 06:14:45 +0800
From: Raph Levien <raph@c2.org>
Date: Mon, 1 Jan 1996 06:14:45 +0800
To: cypherpunks@toad.com
Subject: A great time to be a cypherpunk
Message-ID: <199512312146.NAA22286@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain
Amidst all the silliness, flames, and lunacy of this list, there's
a tremendous amount of exciting stuff going on. I thought I'd take the
opportunity to do one of those self-indulgent look back at the year
postings.
Cypherpunks write code. One of the best things about 1995 was the
volume and quality of cpunk code that was released, and, perhaps
equally importantly, existing cpunk programs that continue to be
supported and improved.
Here's a subjective top 5 list:
1. SSLeay, by Eric Young and Tim Hudson. Ordinarily, I wouldn't
consider a crypto library to be all that newsworthy, but SSLeay is
clearly an exception. SSLeay's real strength is its ability to be
integrated easily into real applications, including Apache/SSL,
Mosaic, telnet, etc.
I'll go out on a limb and guess that one of the reasons why SSLeay is
so good is that Eric has a lot of experience doing this kind of thing.
His libdes code dates back at least to 1990, and (I think) even
further.
2. Ssh, by Tatu Ylonen. There are a quite a few secure shells around.
What sets ssh apart is its dedication to usability. It is one of the
few crypto applications that is _more_ usable than the non-crypto
version. The transparent X forwarding is fabulous.
3. Mixmaster, by Lance Cottrell. Finally, we have remailers that come
close to real cryptographic security. The mixmasters are more
reliable, in addition to more secure, than the type-1 remailers. The
client is well written with a fairly easy interface. No wonder it's
becoming so popular.
4. Alpha.c2.org, by Matt Ghio. The idea of pseudonyms incorporating
strong cryptography has long been a cypherpunk dream. Thanks to Matt's
work in writing and maintaining this nymserver, it's now reality.
There are well over a thousand nyms registered on alpha.c2.org now,
and that's likely to increase now that automated tools are becoming
available.
5. Netscape, by Jeff Weinstein et al. Netscape Navigator is the first
massively popular program to incorporate strong crypto. The email
hasn't materialized yet, and there have been some scary statements by
top management, but I'm hopeful that this program will become the
primary vehicle for acheiving cypherpunk goals.
Code, while important, is not the only useful cypherpunk activity.
It's also been a great year for getting the word out there. The Net
was _the_ hot story this year, and a lot of the coverage had a
cypherpunk spin. Much of the credit goes to Sameer Parekh for his PR
work. I know some cypherpunks dislike the "interview yourself" style
of press release writing, but I'm very glad that we've got someone on
our side who's good at it and is willing to put in the work.
More broadly, we've found that our viewpoint and opinion matters.
People are at a loss for how to think about the Net and its social
implications. We've been thinking about that for a while, and have
something to add to the discussion, and people are listening.
1995 will surely go down in history as the year that The Great
Drive to Censor the Net began. The powers that be will continue
pushing ahead with laws restricting speech, increasing liability for
speech, and outlawing strong crypto.
A short term effect will be to create some real differentiation
between service providers. Up to now, the difference between one
service provider and another has been an equation with bits on one
side and dollars on the other. Starting soon, it will make a
difference in what information can be easily accessed. A domain name
of compuserve.com now clearly labels its account holder as a free
speech inactivist. More cypherpunkish domain names are a sign of not
being afraid of information.
Over the long term, I agree with Lucky. The powers that be will
have some success in censoring the Unwashed Massnet. However,
cypherpunks will be able to create an infrastructure where freedom of
speech thrives. A large part of this work is the development of
censor-resistant protocols. My favorite such protocol is NNTP, even
though it contains no crypto.
HTTP is also a bit censor-resistant because it's so easy to set up
a Web server. However, it still has grave weaknesses from this
perspective, because of the need for a full time Internet connection
_and_ storage in order to publish on the Web. The Web can become
either more centralized or more decentralized, and there are strong
forces pushing in both directions.
I think the best hope for a cypherpunk Web is to emphasize dual-use
techniques, those that advance mundane as well as cpunk goals. For
example, distributed caching will make transfers go faster and make
"unable to connect to server; try connecting again later" errors much
less frequent. If done right, it can also make part-time Web servers
feasible, and perhaps make it extremely difficult to delete documents
that the publisher didn't want deleted (can anyone say "cryptographic
authentication?"). Similarly, the same crypto-enabled filters that
keep spam out of Joe Random's mailbox can drive a real public key
infrastructure (Web relevance: the Web is the natural home for a
pubkey infrastructure. Let's make sure to be there for the
housewarming party).
The way that the low-tech protocols of the Web have crushed and
assimilated corporate Weblike networks is inspiring - it holds out
real hope we can win, even against opponents as dedicated and powerful
as governments. It will take hard work, tenacity, cooperation, and
technical sophistication, though. Remember that Windows took about
seven years to become successful.
For dud of the year, I'd have to nominate Java. Don't get me wrong,
this language shows a lot of potential. But, to a large extent,
they've done the easy part, and the hard part remains. Given its
existing security model, it's difficult or impossible to do anything
really interesting with Java. Yet, fixing the security model _is_ the
hard part. Best of luck to the Java people and all javapunks, but I
think a strong case can be made that the hype machine went overboard.
To all the cypherpunks who helped make 1995 such an exciting year,
best holiday greetings and wishes for 1996.
Raph
Return to January 1996
Return to “Raph Levien <raph@c2.org>”