From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Wed, 21 Aug 1996 15:16:50 +0800
To: cypherpunks@toad.com
Subject: Re: Hackers invade DOJ web site
Message-ID: <Pine.OSF.3.91.960820222151.2689B-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


keywords: Crypto-policy, digital signatures, Anti-Horsemen,
          secure-DNS, DOJ-web-prank, Ayn Rand, hydrazine          

Will Day <willday@rom.oit.gatech.edu> responed to Frank Stuart's
cogent and insightful posting on the DOJ hack and a possibility
of using the tawdry event to some advantage....  If you missed Frank 
Stuart's original message, much of it is in Will Day's response.

I have made some tedious reformatting here with prepended 'Day' and 
'FS' marks to separate the two and clipped some ephemeral lines. Will 
Day signed his message with Pretty Good Privacy, but I clipped the 
signature from that off, also, having already hosed it up with my 
editing of line lengths, &c., so that you couldn't check it anyway,
even if you wanted to.

The gist of Will Day's question is how can an argument be made that 
supports the greater availability of strong crypto from the fact that 
someone swapped spoofed-up (and inane) pages for the DOJ's own on the 
DOJ's own web site?

Let's start by trying to imagine a future world of geodesic networks
based on robust strong protocols that are ubiquitous, easy to use, and
embedded in the chips of even the most mundane devices.  In this world,
authentication of data, such as web pages, is required (or at least it
could be) for every packet we receive.  For data retrieved from remote
sites we may require multiple signatures, and certificates signed by
someone in whom we have placed a high reputation value. 

When (or if) freely available legal authentication technology becomes
ubiquitous and transparent, we will be able to use it for even low
risk, trivial, applications - like remote controls for televisions. 

We sure as hell won't have to stay up at night worrying that some punk
is going to change any of the bits on our web server and that such
changes might go undetected by our code-signed auto-gunsel.

We are a long way from crypto-Chaumian-utopia, and it appears as 
though the US federal government wants to make it harder for us to get 
there.  (As an aside, I think the Clinton administration gets more of 
the blame for this than they should, since it was entrenched policy 
before they got out of Arkansas.  I think the roots of Clipper and GAK 
are back in Reagan's stint, about the time of NSDD 145. But then, the 
current leaders aren't doing much to develop meaningful *public* 
cryptography policy, so they have to take the heat now.)

Strong crypto helps people protect what is theirs.  That is part of 
what Frank Stuart is saying, and he's right.  That is a good point, 
and it deserves some attention.  Strong crypto can help big powerful 
organizations like the DOJ, and it can help regular folks, too.

Frank Stuart's next point is a beauty - at least the DOJ site that was 
attacked didn't have copies of everyone's secret keys stored on it.  
We all may know that even if GAK were ever passed, no one would be 
stupid enough to store the keys on a web server sitting out on the big 
bad Internet, but the cleverness of this spin-vector is that it raises 
the issue of GAK-riskiness in the context of DOJ's computer security. 

The last point is that another law on the books isn't needed, and 
wouldn't be effective anyway.

I have gone on way too long already, but to sum up, the DOJ being 
abused may serve to help the cause, if the proper angle can be seen - 
and Frank Stuart is off to a good start.  The specific answer to Will 
Day's question, which is a good one - how does crytpo protect your 
poor little Linux box in the corner that serves up web pages? -
is left up to the student as an exercise. 
--

Day>A short time ago, at a computer terminal far, far away, Frank Stuart 
Day>wrote:

FS> however, I think those in a position to do so should start with 
FS> the spin control.  Some suggestions:
FS>
FS>   The fact that even the U.S. Justice Department is unable to 
FS> adequately  protect it's own site from intruders underscores the 
FS> need for widely-available strong encryption.
FS>
FS>   While this is certainly a major embarrassment for the Justice 
FS> Department, at least the mandatory "key escrow" program the Clinton
FS> administration is insisting upon has not yet been implemented; 
FS> no private citizens' data appears to have been compromised this time.
FS>
FS>   It's doubtful that a new law or government bureaucracy would have 
FS> prevented this from happening but it's entirely possible that tools 
FS> such as strong encryption could have.  It's ironic that the U.S. 
FS> Government is focusing on the former while fighting use of the latter.

Day> I understand how it affects their claim for the security of escrowed
Day> keys, but I'm afraid I don't follow the other argument.  How would
Day> the wide availability of strong encryption have helped prevent the
Day> breakin?  How would encryption in general prevent breakins?  I'd 
Day> love to use this as an argument for strong encryption, but I 
Day> don't see how it really applies.