From: mgraffam@mhv.net
To: “Vladimir Z. Nuri” <vznuri@netcom.com>
Message Hash: 698687a2995b7aed0665116cf3855d1edccb34b6eb9ea9a69249a15a02e98b2e
Message ID: <Pine.LNX.3.96.980811231603.12087A-100000@albert>
Reply To: <199808120026.RAA28008@netcom13.netcom.com>
UTC Datetime: 1998-08-12 03:53:16 UTC
Raw Date: Tue, 11 Aug 1998 20:53:16 -0700 (PDT)
From: mgraffam@mhv.net
Date: Tue, 11 Aug 1998 20:53:16 -0700 (PDT)
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: Internet is rickety
In-Reply-To: <199808120026.RAA28008@netcom13.netcom.com>
Message-ID: <Pine.LNX.3.96.980811231603.12087A-100000@albert>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, 11 Aug 1998, Vladimir Z. Nuri wrote:
> MG: it's a question: do you imlement security top down,
> or bottom up? which is the top? the internet, or
> the computer?
>
> it's very taoist-- I don't think there is a correct answer.
The answer depends very much on what your goals are.
> I do think however that crypto *everywhere* over the
> internet is a major part of the solution. and yes, NSA
> is not fully responsible for the lack of it. the
> patent system & greed is involved in some of the deficiency.
> but the NSA is responsible for far more than most people
> realize. are you aware they regularly visit software
> companies developing crypto to squelch any innovation?
> basically, through bribes that they call "grants" or
> "purchase agreements"...
I am aware of the allegations, yes. I would not be surprised if
they use this tactic. If I were in their position, and my job
were to at least try to read every message sent by every foreign
governments, especially those under crypto I suspect I would
try very hard to limit the amount of strong crypto that these
governments have. This may mean limiting the amount of crypto
that the citizens of the U.S. have. So be it then. The NSA
does not have the job of ensuring unbreakable kick-ass privacy
and crypto to the public. Their job is to read the Other Guy's
messages, and to make sure the Other Guy can't read Uncle Sam's
messages. We speculate that they do both reasonably well.
I am reminded of the cypherpunk's charter. We have to create
privacy for ourselves. We can't expect others to not get in
our way or to help us out. This is reality.
> you're against commerce on the internet? what are you,
> a luddite? <g> seriously, I don't have much to say to you,
> if you oppose it. the internet is already the backbone of
> a new economy.
Then you have little to say to me. I do not see the wisdom in
running commerce over a shit-box communication system like our
internet is. The technology sucks. The protocols suck. The
implementation of those protocols suck even more.
> crypto will help secure it further.
This implies that it is not secure now, yes? Why the hell would you
run commerce over something that you know is fundamentally flawed?
It lacks wisdom.
> >Lets be factual: NSA doesn't regulate authentication technology and
> >most of what we need to fix these problems is secure authentication,
> >not confidentiality.
>
> it's an artificial distinction. it's all crypto. standing in
> front of any of it is standing in front of all of it. the NSA
> doesn't lead, they block. get out of the way!!
Right. Whatever. So then I suspect that you support any jackass running
around with a duffel full of C4 then, right? After all .. its all
technology. Science is pure; technology is using science as a means to
an end. That end defines whether or not we are talking about a psycho
with a bunch of C4 or a responsible civil engineer preparing to take
down a building in a controlled fashion.
This is not to imply that crypto is like C4 .. it isn't .. however
we must remember that while the mathematics of crypto are pure, we
can use that basis for a variety of things. One of them is authentication
the other is confidentiality. The FBI has no problems with the engineering
having dynamite out on the street, but they will get really pissed if it
is some average Joe. The NSA doesn't care about American's using strong
crypto (presumably) and they don't care about foreigners using
authentication technology.
This 'artificial distinction' is a very real one.. it is the difference
between a terrorist authenticating himself as a terrorist or keeping
the fact that he is a terrorist (and his next target) a secret.
I am not claiming that I think misuse of crypto is a legitimate reason
to bottle it up, but one must be reasonable and look at it from NSA's
perspective.
> you say, a taxpayer of the US should consider himself "getting
> his money's worth" out of the NSA if the NSA can crack 2048
> bit keys. well hee, hee. that's pretty funny. what if they
> find the bazillionth prime number? would you be getting
> your money's worth then too? it's the same technology, no?
If the NSA is so far ahead of the general public in mathematics,
then yes.. considering that the NSA's job is to break crypto, we
should feel that we are getting our money's worth. Now, whether
or not we want to spend our money on that in the first place is
a different story. Selling me a champion racehorse for $1 is a
damn good deal, and it is worth the money.. but I don't have much
use for a horse.
> death to the NSA leeches!!! the US taxpayers have been
> submitting to government-originated *bloodletting* for too long
Then don't pay taxes. It is a rather simple fix. I don't like big
government much myself, but I'll be damned if I am going to piss and
moan and claim that it is the root of our evils. It isn't .. rather,
our evils give birth to such monstrosities in the first place.
Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Let your life be a counter-friction to stop the machine."
Henry David Thoreau "Civil Disobedience"
Return to August 1998
Return to ““Vladimir Z. Nuri” <vznuri@netcom.com>”