From: jim bell <jimbell@pacifier.com>
To: Eric Verheul <um@c2.net>
Message Hash: bb3765589f9ba27ef18b52878b3c4602ed06cd7d443a716a9ac549ee2ded26b1
Message ID: <199610150431.VAA08201@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-10-15 04:31:39 UTC
Raw Date: Mon, 14 Oct 1996 21:31:39 -0700 (PDT)
From: jim bell <jimbell@pacifier.com>
Date: Mon, 14 Oct 1996 21:31:39 -0700 (PDT)
To: Eric Verheul <um@c2.net>
Subject: RE: binding cryptography
Message-ID: <199610150431.VAA08201@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 11:16 PM 10/14/96 +-100, Eric Verheul wrote:
>BTW, some people on the cypherpunks list seem to think that you can't
fraude with a *voluntary* system. However, that is possible: when you do not
comply with the *agreed* rules of conduct then the phrase "fraude" is
appropriate.
No, it probably isn't. I don't know if you're basing your opinions on some
Dutch variant of contract law, but as I understand it in order for there to
be "fraud" there has to be a contract of some sort. I'm sure a REAL LAWYER
(TM) will correct me if I'm wrong, but to have a contract you first must
have an agreement, and the parties must either go to an inconvenience or
receive a benefit as a consequence of that agreement.
Specifically, let's suppose I'm asked to limit myself to sending encrypted
messages using some sort of standardized, GAK'd system. Assuming I am
willing, I then have to receive some benefit from that agreement (or the
other guy must go to some inconvenience) or else there's no contract and no
fraud if I cease operating according to that agreement.
However, there's a problem: What benefit am I supposed to get sending GAK'd
messages? If it's nothing, then there's no contract. (Besides, why should
I agree to any "voluntary" agreement if I don't benefit in some way?) If,
on the other hand, I get my messages handled by some faster route, or get
cheaper Internet service, that constitutes a benefit, but at that point
people who don't agree are disadvantaged compared to those who agree.
Problem is, this constitutes a subsidy of people who are willing to give up
their freedom by people who aren't, and I suggest that there's at least an
ethical problem with that, if not a legal or Constitutional problem.
And there's a contradiction: You said the system was supposed to be
"voluntary." The more government pays (money, service, etc) people to
agree, the less "voluntary" it is. To cite an analogy, suppose the
government offered money to anyone who agreed to sign away his free-speech
rights, to be paid for by taxes collected by the general population. Raise
the payments and the taxes high enough, and nobody could afford to NOT sign
away those rights. This doesn't sound "voluntary," now does it?
>>Can you imagine that anyone would ever create a program that tries to
>>look like a conforming implementation, but generates invalid "binding"
>>data -- when it is so much easier to simply use PGP, and (if
>>necessary) disguise that fact using the government-approved encryption
>>software? I don't, so in my opinion the verification process is
>>abolutely useless.
>Can you imagine what would happen if governments would (help to) set up a
>system that has no safeguards at all, i.e. that could give criminals all
>the anonimity and confidentiality they need?
"all the anonimity and confidentiality they need?" All they need to
what? By its very nature, encryption is more easily used to defend oneself
against crime, than to commit crime. It's related to the difference
between the difficulty of doing an encryption/decryption, compared with the
difficulty of decrypting a message by finding the key that you don't already
know. This can be a factor of well over a trillion more difficult. This is
one reason that most of the people on CP don't fear the widespread
development and deployment of good encryption, which I think most of us
would acknowledge can't help but "assist criminals" in some proportionately
small way.
> Governments can't probably prevent criminals and the like to use encryption
>to stay out of sight of law enforcement agencies, but they should not
>facilitate them either. In the next few years all kinds of "standard"
>commerical software will come on the market with all kinds of standard
>security in it. I don't want criminals to be happy with Custom of The Shelf
>products for security, let them work for their security.
"Criminals" are generally happy with off-the-shelf guns, or cars, or many
other products. I don't think you have a hope keeping them unhappy with
off-the-shelf encryption.
>We have set up the TRPs in such a flexible way that anybody could find one
>he can trust, one might even set up his own TRP. Also in the paper we
>describe how two or more TRPs could be used. Maybe some countries don't want
>TRP at all. The bottom line is that law-abiding citizens always have to give
>up some of their freedom to stop criminals (that is why you have to have
>registration plates on your car, a lock on your car, bicycle, house etc.).
I disagree. The very act of using good cryptography can help protect assets
without giving up freedom. If it helps me more than it might potentially
hurt me, then in fact I've GAINED freedom, not lost it.
>Also, I am *not* for a mandatory system.
However, given the tendency for governments to redefine the meaning of the
terms, it is irrelevant that you claim to oppose a "mandatory" system. In
fact, it would be with tricks like your invention that governments would
adopt a mandatory system that is called "voluntary."
Jim Bell
jimbell@pacifier.com
Return to October 1996
Return to “jim bell <jimbell@pacifier.com>”
1996-10-15 (Mon, 14 Oct 1996 21:31:39 -0700 (PDT)) - RE: binding cryptography - jim bell <jimbell@pacifier.com>