From: Information Security <guy@panix.com>
Date: Thu, 5 Feb 1998 02:33:23 +0800
To: cypherpunks@toad.com
Subject: Rogue EFF Dir Brad Templeton
Message-ID: <199802041809.NAA09228@panix2.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



This jerk should be kicked out of EFF.


Brad had stated he wants to eliminate one-way anonymous remailers,
make two-way anonymous remailer users identify themselves as the
same person every time they use one, and:

   o require digital signature identification for all email
   o require digital signature identification for all Usenet posts


--------- previously shown -------------

Brad Templeton emailed:
*   Information Security emailed:
 
*   > Nor does your digital signature idea do anything to prevent
*   > throw-away accounts from doing major spams; you'll have to
*   > put even MORE controls on people.
*
*   Correct, no throw away accounts.  It's coming.
*
*   > The digital signature idea is an astonishingly bad idea, that
*   > only frustrated control-freaks will accept.
*
*   You are mistaken.  I surveyed a roomful of usenet admins at a
*   conference last year.  They were 95% in favor of it.
 
[I replied that those were the control-freaks I was talking about]
 
 
 
Brad Templeton emailed, formatted by guy:
 
>   As far as I am concerned, no fake addresses is one of my non-negotiable
>   requirements, because
>
>      the eventual USENET is going to have digital signature requirements.
>
>   It's the only way to stop [people from] posting under fake addresses
>   where we can't find them, and that means stopping honest users from
>   doing it too.
 
[I said false: ALL problem posters are locateable to their ISP]
 

 
    http://www.clari.net/brad/spam.html [snipped] [by Brad]
 
    Solutions...
 
    First, improve internet mail systems and protocols to
    identify mail with a fake or forged return address.
 
    There are some simple steps to do this, and
    eventually digital signature allows complete
    verification of the sender.
 
    http://polka.clari.net/usenet-format/cert.html
 
    Q: What about anonymous remailers?
 
    A: A person with an anonymous address that sends mail back will
    probably be able to get a certificate. They can post without revealing
    their name, except perhaps to the person who gives them a certificate.
    Digital signature works fine to prove the same person sent two messages
    without saying at all who that person is in the real world.
 
Forced to authenticate they are the same
person, even through the anonymous remailer.


--------- end of previously shown -------------

 
What's new is Brad has inserted his declaration that access
to the Net must require you to authenticate yourself with
a digital signature to post to Usenet in the draft text
for the new Usenet RFC, which he is heading:

Brad's draft Usenet digital signature text:

#   Systems MAY insist that an article be signed, at least the
#   body and the minimal header set, or they MAY reject the
#   article.  This policy may vary from group to group and
#   subnet to subnet.  Eventually it is expected that a site
#   SHOULD reject any article that is not signed.

Hey, fine if an individual group wants to vote it in.

But ALL OF USENET???

I asked him if he would change the wording to:

#   An individual group MAY insist that an article be signed,
#   at least the body and the minimal header set. This is
#   subject to the normal news standards of users of a group
#   deciding this issue themselves.

Dead silence.

He REFUSES TO DISCUSS the last statement:

#   Eventually it is expected that a site
#   SHOULD reject any article that is not signed.

It is a purely political statement on his part,
pushing his vision of a tightly authenticated
Net, like they have in China.

In fact, it is utterly clueless of him, especially since he
was one of the original CDA plaintiffs. [Not to mention it
is an "agreement to make an agreement"]

NONE of the other list participants has said they agree everyone
should authenticate themselves using digital signatures for all
Usenet posts, which is the language I am contesting.

Yet, he won't even discuss the ramifications.

Yep, power corrupts: he's running the show, and answers to no one.

------- begin Crypto Manifesto excerpt -------
 
*       Sandia and Coms21, currently engaged in an agreement to support the
*   People's Republic of China's driver license and national ID card
*   program, have partnered to create a fraud-proof solution for on-the-spot
*   positive identification of card bearers.
 
*   "China Tells Internet Users To Register With Police"
*   The New York Times, 2/15/1996
*
*   China ordered all users of the Internet to register with the police, as
*   part of an effort to tighten control over information.
*
*   The order came from the Ministry of Public Security.
*
*   Network users have been warned not to harm national security, or to
*   disseminate pornography.
 
Well, there's a new way to control Internet users: require them to identify
themselves, no doubt your U.S.-created National ID Card will be required for
access. That ought to stop pornography: identify each and every user.
 
#   "The Great Firewall of China", by Geremie R. Barme & Sang Ye, Wired, 6/97
#
#   Xia Hong, China InfoHighway's PR man: "The Internet has been an important
#   technical innovator, but we need to add another element, and that is
#   control. The new generation of information superhighway needs a traffic
#   control center. It needs highway patrols; USERS WILL REQUIRE DRIVER'S
#   LICENSES. THESE ARE THE BASIC REQUIREMENTS FOR ANY CONTROLLED ENVIRONMENT."

The Supreme Court's CDA ruling:

Once most people are fingerprinted, a cheap (say $50) fingerprint scanner that
attaches a timestamp and government digital signature will be sold for allowing
Internet access to "adult" locations---chat rooms, USENET, WWW sites---and it
will be mandatory. The Chief Justice of the U.S. Supreme Court said as soon
as the "Internet driver's license" is technically feasible, CDA becomes legal.
 
   "Such technology requires Internet users to enter information about
    themselves--perhaps an adult identification number or a credit card
    number--before they can access certain areas of cyberspace, 929 F. Supp.
    824, 845 (ED Pa. 1996), much like a bouncer checks a person's driver's
    license before admitting him to a nightclub."

------- end Crypto Manifesto excerpt -------


If everyone has a digital signature, CDA becomes legal.

I do wish EFF would kick him out!
---guy