1998-01-15 - Re: how to release code if the programmer is a target for coercion (fwd)

Header Data

From: Ryan Lackey <rdl@mit.edu>
To: Jim Choate <ravage@ssz.com>
Message Hash: 4ac69fe5b690162cbceb186603c3d6976a2ea25e69ee2e458e72e25a325a4949
Message ID: <tw7zpkynioi.fsf@the-great-machine.mit.edu>
Reply To: N/A
UTC Datetime: 1998-01-15 10:26:51 UTC
Raw Date: Thu, 15 Jan 1998 18:26:51 +0800

Raw message

From: Ryan Lackey <rdl@mit.edu>
Date: Thu, 15 Jan 1998 18:26:51 +0800
To: Jim Choate <ravage@ssz.com>
Subject: Re: how to release code if the programmer is a target for coercion (fwd)
Message-ID: <tw7zpkynioi.fsf@the-great-machine.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



Jim Choate writes:

> more than a fragment of one sentence...:(

> I'm assuming this has something to do with the eternity server/black_net
> discussion that has been going on. So I'll take a stab at it, not that it
> may make any sense in the actual context ...

Yes, you guessed right :)
> 
>  - You generate the code and sign it
> 
>  - You deliver the signed code to a data haven server of some architecture
>    (note that you don't know where it is or who runs it, I'll assume you
>     use some particular usenet newsgroup as your drop point)
> 
>  - Somebody else comes along and sees a list of available items and selects
>    yours (again through a usenet based request mechanism).
> 
>  - They receive the code signed with 'your' key and decide they want to
>    verify the signing (through yet another usenet channel).
> 
> The problem with this model is in the second step. What is to keep them
> from removing your signatory, moding the code, and then resigning it. If the
> recipient desides they want to check the sign they have two choices:

The problem reduces to one of distribution of public keys.  In my model
(er, actually Lenny Foner's model, in this case), you distribute something
that has intrinsic verifiability -- the eternity source.  So whether
or not rdl's eternity-dds signing key is compromised is irrelevant to
the users -- in fact, the assumption is that since I am a known target,
I've been killed or compromised.  So, there's this potentially untrusted
code out there.

People who have known public keys then inspect and sign the code.  It is
assumed these people have distributed their public keys far and wide, signed
by lots of people, etc.  As long as you can assume the "PGP web of trust",
the distributed software signing thing works.

I agree that the current state of PGP use is probably not enough for
the "PGP web of trust" -- I've *never* used a key and found it signed by
anyone I know.  However, I think even the current system puts a pretty high
barrier to fraud, and if there started to be fraud, people would start
signing each other's keys.

A keyserver serving keys like "rdl's eternity-dds release signing key" might
be subject to traffic analysis, true. However, as you suggest, you could
put the keyserver inside Eternity.  Then, the problem just gets shifted -- now
you need (a) pgp signing key(s) which has/have signed all of those keys.

I think it is unreasonable to think merely signing a key (and distributing
your own personal key securely) will be a felony before anything has been
done with that key.  More to the point, I think it is unreasonable to think
the government will go after people purely for signing the source code
to a piece of software -- signing does not imply you use it, does not imply
that you wrote it, does not imply anything other than that you've
looked at it, verified it, and signed it.  The government would do just
as well to track down the posters to cypherpunks and kill them.
-- 
Ryan Lackey
rdl@mit.edu
http://mit.edu/rdl/		






Thread