From: Mike Duvos <enoch@zipcon.net>
Date: Fri, 5 Sep 1997 01:54:09 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Freeh is Marked for Deletion
In-Reply-To: <v03102806b0347d239bf3@[207.167.93.63]>
Message-ID: <19970904173627.10237.qmail@zipcon.net>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May writes:

> Freeh must be removed by any means necessary. His calling for mandatory (or
> involuntary) key escrow marks him as unworthy of continued tenure. He is
> marked for deletion.

Dan Quayle was Bush's life insurance.  Who is Freeh's?

----- And now, cryptography fans, I am appending a message I posted at
least 8 times to the list yesterday, with nothing appearing except one
message with no body attached.  In case someone out there has actually
been getting all of them, I apologize in advance.

Subject: Cypherpunk Action Items

Timothy C. May writes:

 > OK, you asked. This isn't a comprehensive list.

 > 1. Fully secure machine to machine connections for the Net,
 > as in Gilmore's "SWAN" project. This makes the Net
 > unsnoopable by the NSA and other TLAs, and makes encryption
 > an automatic (at this level...individual users will of
 > course still encrypt on top of this, as relying on others
 > is never enough).

Sounds reasonable.  I presume we are talking about end-to-end
encryption being the default for connections, and not link
encryption over various hops of the Net here.

 > 2. A usable form of Chaum's cash, a la Goldberg's or
 > Schear's or Back's or whomever's implementation. An
 > evolution of Magic Money, Hashcash, etc., using full
 > strength algorithms. Backing can be decentralized. Less
 > emphasis on deals with banks, more emphasis on guerilla
 > deployment, a la PGP.

Nice, but who is going to be the first to back modular exponents
with actual money?  I recall this being a big stumbling block
back when Chaumiam Cash discussions appeared previously on the
list.  Something like NetCash (The agents.com flavor, not the
Netcash/Netcheque paper), although not very anonymous, is
infinitely more suited to micropayments and integration into
various transport protocols.

 > 3. Distributed, decentralized data bases, a la Eternity,
 > Blacknet, etc. My number one candidate: a commercial credit
 > rating data base not bound by the U.S.' "Fair Credit
 > Reporting Act." Let lenders and landlords find out the dirt
 > on those who welshed on loans or who skipped out on leases,
 > regardless of what the FCRA says. (This could technically be
 > located today in any non-U.S. country, practically, but
 > access by U.S. persons and corporations would have to be
 > done circumspectly. A good use for blinded cash, of the
 > _fully_ untraceable sort, e.g. payer- and payee-anonymous
 > sort.)

I'm still a fan of my "Network Cache Server" approach to
anonymous message pools and distributed data bases, even if only
to reduce spam and provide a completely reliable Usenet.

This then embeds into the Net three levels of communication, with
varying degrees of latency and reliability.

       UDP:  Alice says, "Here's some octets for Bob.  I hope
             they don't get lost in transit."

       TCP:  Alice and Bob are within sight of each other and
             toss octets back and forth, each replacing any the
             other fails to catch.

       NCS:  Alice says to her local cache service, "Here are
             some octets which expire in 10 minutes and a
             micropayment."  Alice gets a 256 bit receipt,
             which may be presented to any other cache server
             to retrieve Alice's octets in the next 10 minutes.

 > 4. Wider use of persisistent pseudonyms. Most of the
 > "anonymous" posts we see are signed in cleartext with names
 > like "TruthMonger," "BombMonger," etc., with little use of
 > PGP sigs to ensure persistence. Spoofing is trivial.
 > Checking sigs is up to the *end reader*, for example, to
 > see that "Pr0duct Cipher" really is the same nym that's in
 > the past posted as Pr0duct Cipher, but it might be useful
 > for us to start really making more use of this sig checking,
 > and even to maintain our own data base of nyms and their
 > public keys, as a kind of demonstration testbed.

This is really a user action item, not a Cyperpunks action item.
The techology to do this already exists.  Like most people, I
will start signing all my posts if I am spoofed in a believable
way, and enjoy the plausable deniability that comes with not
signing them if I am not.

 > What I meant be "the wrong stuff" is the recent focus on
 > breaking simple ciphers that were known to be breakable 20
 > years ago...just a matter of applying the computons in the
 > right way.

Correct.  This continuous brute-forcing of wider and wider keys
has ceased to entertain.  Unless someone comes up with a way to
make less computing power do more keys, I'm really not interested
in hearing about it.

Of course, the first such efforts served to show how distributed
efforts could be mounted on the Net, how much computing power you
could snarf for free, and other interesting things.  However, now
that these things are known, repeating the experiment every week
is not necessary.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     enoch@zipcon.com   $    via Finger                       $
         {Free Cypherpunk Political Prisoner Jim Bell}