From: lmccarth@cs.umass.edu
Date: Mon, 19 Feb 1996 17:59:50 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602190320.TAA15431@julie.teleport.com>
Message-ID: <199602190942.EAA30761@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


"Internet.Privacy.Guaranteed (IPG)" writes:
>	   CRE Transforms,
>          trademark IPG, are the only acknowledged unbreakable method
>          of so transforming digitized information. There are no
>          passwords, encryption keys, or anything like that to conjure
>          up, remember, and perhaps forget. 

Neat trick, unless they're using biometrics, which doesn't appear to be the
case :}

[...]
>                      Don't Waste your time !

I think they just said it best themselves, but I'll comment a bit more....

[...]
>          Every informed expert of the
>          technology will confirm, without reservation, that the IPG
>          system is not breakable, as many already have!  

All under NDA, I suppose. Note that they don't even name an "informed expert of
the technology"; at least the POTP people gave some names.

[...]
>          A fully
>          operational integrated multi-user system costs approximately
>          $140.00 per user, ready to load and go, with thousands, or
>          millions of Nvelopes and Nvelopeners. IPG also offers full
>          turnkey leases at $15.00 per user, per network, per
>          month, which includes all software, upgrades, administration,
>          and unlimited Nvelopes and Nvelopeners.
>
>          As a reference to its unbreakability, we refer you to an
>          article by Paul Leyland on Internet at:
> 
>              http://dcs.ex.ac.uk/~aba/otp.html

Clearly they (claim to) offer some sort of system using One Time Pads.
Notice the price quote of "$15.00 per user, per network, per month" including
"unlimited Nvelopes and Nvelopeners". I suspect this means that they're
basically selling chunks of (pseudo- ?)random data for as much as $15/person 
each month !  I guess it's nice work if you can get it. At that price, one
would hope that they're at least generating truly random bits from a hardware
source. But their skimpy details on their proprietary processes don't
inspire confidence....

>          For more information visit our Web Site at:
> 
>              http://www.netprivacy.com/ipg

In case you didn't get enough hyperbole from the press release, they have
extra helpings on the Web. This site has numerous pages containing precious
little real information. I found a few tidbits in unlikely places, though:

In http://www.netprivacy.com/ipg/mlmplan.html, which incidentally promises
that they "can help you to make some big bucks through the PCX Nvelopes
Multi - Level - Marketing Plan", it says:

> With our manufacturing process it is relatively easy for us
> to manufacture a ready to go system, for 25 users, or for
> 2,500 users.  All the user has to do is to prepare a
> DIR.LST, a Directory Listing of the users. We use that as
> the template and manufacture the system. 

This is actually a little scary. According to one of their other web pages, 
the DIR.LST file is a numbered list of user names and email addresses. So it
appears that a customer hands over a list of names and addresses, and IPG
assigns a set of one-time pads (or something) to each pair of users on the 
list. (Holy combinatorial explosion.) And now IPG knows the one-time pads that
will be used between any pair of email addresses on the list it has !  
The EES is starting to look attractive by comparison. 

> It becomes a load
> and go installation at each of the user sites. 

Gee, why are we all so worried about key management ?  It's just a load and
go installation at each of the user sites !  ;)

> We will even prepare, or help prepare, the DIR.LST for users.
>
> While we have the software and manufacturing facility to do
> that quickly, it is not easily transportable, to say the
> least, and certain aspects of it, we consider highly proprietary.

"not easily transportable, to say the least" ???  
Any ideas to what this might refer ?

OK, I saved (IMHO) the best for last. I suppose this could be taken as a claim
about their proprietary, immobile RNG methods:
(from http://www.netprivacy.com/ipg/comp.html)

>         How do we Achieve such High Standards?
>                  First Class Quality Control!
>
> We achieve unusually high standards of excellence because
> of the manufacturing process. Over 30%, sometimes as high as 
> 50% or more of our Nvelopes, Nvelopeners, are discarded 
> because they cannot meet our rigid standards. Also our 
> Nvelopes and Nvelopeners are subjected to a battery of 
> performance tests to insure that when used, they will meet the 
> high standards that you would expect.

<sigh> It's a jungle out there....

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)